diff options
| author | Gaurav Kashyap <quic_gaurkash@quicinc.com> | 2020-06-20 03:35:25 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-20 03:35:25 +0000 |
| commit | a0b590e742aa17c1be6bdd37ba42ed539cf66f78 (patch) | |
| tree | 7ff26c0ff22a7ef339457747570e4b4bdd6ade0e /encryption/utils.cpp | |
| parent | 82b37a8c0393f3369c5479a16c9fb54f1193c9b4 (diff) | |
| parent | c0452de4436ebd0ba4b736195645c2be2d045a85 (diff) | |
| download | platform_test_vts-testcase_kernel-a0b590e742aa17c1be6bdd37ba42ed539cf66f78.tar.gz platform_test_vts-testcase_kernel-a0b590e742aa17c1be6bdd37ba42ed539cf66f78.tar.bz2 platform_test_vts-testcase_kernel-a0b590e742aa17c1be6bdd37ba42ed539cf66f78.zip | |
VtsKernelEncryptionTest: fix wrapped key tests and test adding corrupted key am: 7c2b88b5b7 am: c0452de443
Original change: https://android-review.googlesource.com/c/platform/test/vts-testcase/kernel/+/1326333
Change-Id: Ide8222564a946a9f38ca22f990e3a6b4da403d33
Diffstat (limited to 'encryption/utils.cpp')
| -rw-r--r-- | encryption/utils.cpp | 50 |
1 files changed, 37 insertions, 13 deletions
diff --git a/encryption/utils.cpp b/encryption/utils.cpp index 1956d0a1..03a46bfc 100644 --- a/encryption/utils.cpp +++ b/encryption/utils.cpp @@ -379,6 +379,27 @@ static void GetFixedInputString(uint32_t counter, PushBigEndian32(derived_key_len, fixed_input_string); } +static bool AesCmacKdfHelper(const std::vector<uint8_t> &key, + const std::vector<uint8_t> &label, + const std::vector<uint8_t> &context, + uint32_t output_key_size, + std::vector<uint8_t> *output_data) { + output_data->resize(output_key_size); + for (size_t count = 0; count < (output_key_size / kAesBlockSize); count++) { + std::vector<uint8_t> fixed_input_string; + GetFixedInputString(count + 1, label, context, (output_key_size * 8), + &fixed_input_string); + if (!AES_CMAC(output_data->data() + (kAesBlockSize * count), key.data(), + key.size(), fixed_input_string.data(), + fixed_input_string.size())) { + ADD_FAILURE() + << "AES_CMAC failed while deriving subkey from HW wrapped key"; + return false; + } + } + return true; +} + bool DeriveHwWrappedEncryptionKey(const std::vector<uint8_t> &master_key, std::vector<uint8_t> *enc_key) { std::vector<uint8_t> label{0x00, 0x00, 0x40, 0x00, 0x00, 0x00, @@ -392,19 +413,22 @@ bool DeriveHwWrappedEncryptionKey(const std::vector<uint8_t> &master_key, 0x00, 0x00, 0x00, 0x02, 0x43, 0x00, 0x82, 0x50, 0x0, 0x0, 0x0, 0x0}; - enc_key->resize(kAes256XtsKeySize); - for (size_t count = 0; count < (kAes256XtsKeySize / kAesBlockSize); count++) { - std::vector<uint8_t> fixed_input_string; - GetFixedInputString(count + 1, label, context, (kAes256XtsKeySize * 8), - &fixed_input_string); - if (!AES_CMAC(enc_key->data() + (kAesBlockSize * count), master_key.data(), - master_key.size(), fixed_input_string.data(), - fixed_input_string.size())) { - ADD_FAILURE() << "AES_CMAC failed while deriving inline encryption key"; - return false; - } - } - return true; + return AesCmacKdfHelper(master_key, label, context, kAes256XtsKeySize, + enc_key); +} + +bool DeriveHwWrappedRawSecret(const std::vector<uint8_t> &master_key, + std::vector<uint8_t> *secret) { + std::vector<uint8_t> label{0x00, 0x00, 0x40, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x20}; + // Context in fixed input string comprises of software provided context, + // padding to eight bytes (if required) and the key policy. + std::vector<uint8_t> context = {'r', 'a', 'w', ' ', 's', 'e', 'c', + 'r', 'e', 't', 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x00, 0x00, 0x00, 0x02, 0x17, + 0x00, 0x80, 0x50, 0x0, 0x0, 0x0, 0x0}; + + return AesCmacKdfHelper(master_key, label, context, kAes256KeySize, secret); } } // namespace kernel |