Revert "Assert that digest/padding NONE doesn't mean ANY."
This reverts commit 76460150323b5d1e707e4bb84202f760ab676b5f.
Change-Id: I832012eee37baa26378975e11aa1aaf7a59e9183
diff --git a/tests/tests/keystore/src/android/keystore/cts/CipherTest.java b/tests/tests/keystore/src/android/keystore/cts/CipherTest.java
index 0eb2544..d9d4f43 100644
--- a/tests/tests/keystore/src/android/keystore/cts/CipherTest.java
+++ b/tests/tests/keystore/src/android/keystore/cts/CipherTest.java
@@ -221,6 +221,17 @@
private static final byte[] AES256_KAT_KEY_BYTES =
HexEncoding.decode("cf601cc10aaf434d1f01747136aff222af7fb426d101901712214c3fea18125f");
+ private static final KeyProtection.Builder GOOD_IMPORT_PARAMS_BUILDER =
+ new KeyProtection.Builder(
+ KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
+ .setBlockModes(KeyProperties.BLOCK_MODE_ECB,
+ KeyProperties.BLOCK_MODE_CBC,
+ KeyProperties.BLOCK_MODE_CTR,
+ KeyProperties.BLOCK_MODE_GCM)
+ .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
+ .setDigests(KeyProperties.DIGEST_NONE)
+ .setRandomizedEncryptionRequired(false);
+
public void testAlgorithmList() {
// Assert that Android Keystore Provider exposes exactly the expected Cipher
// transformations. We don't care whether the transformations are exposed via aliases, as
@@ -780,12 +791,10 @@
}
public void testInitDecryptFailsWhenNotAuthorizedToDecrypt() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_DECRYPT);
- assertInitDecryptSucceeds(transformation, good);
+ assertInitDecryptSucceeds(transformation, good.build());
assertInitDecryptThrowsInvalidKeyException(transformation,
TestUtils.buildUpon(good, KeyProperties.PURPOSE_ENCRYPT).build());
} catch (Throwable e) {
@@ -795,16 +804,14 @@
}
public void testInitEncryptSymmetricFailsWhenNotAuthorizedToEncrypt() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
if (!isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptThrowsInvalidKeyException(transformation,
TestUtils.buildUpon(good, KeyProperties.PURPOSE_DECRYPT).build());
} catch (Throwable e) {
@@ -814,16 +821,14 @@
}
public void testInitEncryptAsymmetricIgnoresAuthorizedPurposes() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
if (isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptSucceeds(transformation,
TestUtils.buildUpon(good, 0).build());
} catch (Throwable e) {
@@ -833,78 +838,64 @@
}
public void testInitDecryptFailsWhenBlockModeNotAuthorized() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
- if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(
- TestUtils.getCipherKeyAlgorithm(transformation))) {
+ String transformationUpperCase = transformation.toUpperCase(Locale.US);
+ if (transformationUpperCase.startsWith("RSA/")) {
// Block modes do not apply
continue;
}
-
- String goodBlockMode = TestUtils.getCipherBlockMode(transformation);
- String badBlockMode = KeyProperties.BLOCK_MODE_CBC.equalsIgnoreCase(goodBlockMode)
- ? KeyProperties.BLOCK_MODE_CTR : KeyProperties.BLOCK_MODE_CBC;
-
+ String authorizedBlockMode =
+ (transformationUpperCase.contains("/CBC/")) ? "CTR" : "CBC";
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_DECRYPT);
- assertInitDecryptSucceeds(transformation, good);
+ assertInitDecryptSucceeds(transformation, good.build());
assertInitDecryptThrowsInvalidKeyException(transformation,
- TestUtils.buildUpon(good).setBlockModes(badBlockMode).build());
+ TestUtils.buildUpon(good).setBlockModes(authorizedBlockMode).build());
} catch (Throwable e) {
throw new RuntimeException(
"Failed for " + transformation + " when authorized only for "
- + badBlockMode,
+ + authorizedBlockMode,
e);
}
}
}
public void testInitEncryptSymmetricFailsWhenBlockModeNotAuthorized() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
if (!isSymmetric(transformation)) {
continue;
}
- if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(
- TestUtils.getCipherKeyAlgorithm(transformation))) {
+ String transformationUpperCase = transformation.toUpperCase(Locale.US);
+ if (transformationUpperCase.startsWith("RSA/")) {
// Block modes do not apply
continue;
}
-
- String goodBlockMode = TestUtils.getCipherBlockMode(transformation);
- String badBlockMode = KeyProperties.BLOCK_MODE_CBC.equalsIgnoreCase(goodBlockMode)
- ? KeyProperties.BLOCK_MODE_CTR : KeyProperties.BLOCK_MODE_CBC;
-
+ String authorizedBlockMode =
+ (transformationUpperCase.contains("/CBC/")) ? "CTR" : "CBC";
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
-
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptThrowsInvalidKeyException(transformation,
- TestUtils.buildUpon(good).setBlockModes(badBlockMode).build());
+ TestUtils.buildUpon(good).setBlockModes(authorizedBlockMode).build());
} catch (Throwable e) {
throw new RuntimeException(
"Failed for " + transformation + " when authorized only for "
- + badBlockMode,
+ + authorizedBlockMode,
e);
}
}
}
public void testInitEncryptAsymmetricIgnoresAuthorizedBlockModes() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
if (isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
-
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptSucceeds(transformation,
TestUtils.buildUpon(good).setBlockModes().build());
} catch (Throwable e) {
@@ -914,85 +905,66 @@
}
public void testInitDecryptFailsWhenDigestNotAuthorized() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
- String impliedDigest = TestUtils.getCipherDigest(transformation);
- if (impliedDigest == null) {
- // No digest used by this transformation
+ String transformationUpperCase = transformation.toUpperCase(Locale.US);
+ if ((transformationUpperCase.endsWith("/NOPADDING"))
+ || (transformationUpperCase.endsWith("/PKCS1PADDING"))
+ || (transformationUpperCase.endsWith("/PKCS7PADDING"))) {
+ // Digest not used
continue;
}
-
- String badDigest = KeyProperties.DIGEST_SHA256.equalsIgnoreCase(impliedDigest)
- ? KeyProperties.DIGEST_SHA512 : KeyProperties.DIGEST_SHA256;
+ String authorizedDigest =
+ (transformationUpperCase.contains("SHA-256")) ? "SHA-512" : "SHA-256";
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_DECRYPT);
-
- assertInitDecryptSucceeds(transformation, good);
+ assertInitDecryptSucceeds(transformation, good.build());
assertInitDecryptThrowsInvalidKeyException(transformation,
- TestUtils.buildUpon(good).setDigests(badDigest).build());
-
- if (!KeyProperties.DIGEST_NONE.equalsIgnoreCase(impliedDigest)) {
- // Check that authorized digest NONE does not mean ANY digest is authorized.
- badDigest = KeyProperties.DIGEST_NONE;
- assertInitDecryptThrowsInvalidKeyException(transformation,
- TestUtils.buildUpon(good).setDigests(badDigest).build());
- }
+ TestUtils.buildUpon(good).setDigests(authorizedDigest).build());
} catch (Throwable e) {
throw new RuntimeException(
- "Failed for " + transformation + " when authorized only for " + badDigest,
+ "Failed for " + transformation + " when authorized only for "
+ + authorizedDigest,
e);
}
}
}
public void testInitEncryptSymmetricFailsWhenDigestNotAuthorized() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
if (!isSymmetric(transformation)) {
continue;
}
-
- String impliedDigest = TestUtils.getCipherDigest(transformation);
- if (impliedDigest == null) {
- // No digest used by this transformation
+ String transformationUpperCase = transformation.toUpperCase(Locale.US);
+ if ((transformationUpperCase.endsWith("/NOPADDING"))
+ || (transformationUpperCase.endsWith("/PKCS1PADDING"))
+ || (transformationUpperCase.endsWith("/PKCS7PADDING"))) {
+ // Digest not used
continue;
}
-
- String badDigest = KeyProperties.DIGEST_SHA256.equalsIgnoreCase(impliedDigest)
- ? KeyProperties.DIGEST_SHA512 : KeyProperties.DIGEST_SHA256;
-
+ String authorizedDigest =
+ (transformationUpperCase.contains("SHA-256")) ? "SHA-512" : "SHA-256";
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptThrowsInvalidKeyException(transformation,
- TestUtils.buildUpon(good).setDigests(badDigest).build());
-
- if (!KeyProperties.DIGEST_NONE.equalsIgnoreCase(impliedDigest)) {
- // Check that authorized digest NONE does not mean ANY digest is authorized.
- badDigest = KeyProperties.DIGEST_NONE;
- assertInitEncryptThrowsInvalidKeyException(transformation,
- TestUtils.buildUpon(good).setDigests(badDigest).build());
- }
+ TestUtils.buildUpon(good).setDigests(authorizedDigest).build());
} catch (Throwable e) {
throw new RuntimeException(
- "Failed for " + transformation + " when authorized only for " + badDigest,
+ "Failed for " + transformation + " when authorized only for "
+ + authorizedDigest,
e);
}
}
}
public void testInitEncryptAsymmetricIgnoresAuthorizedDigests() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
if (isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptSucceeds(transformation,
TestUtils.buildUpon(good).setDigests().build());
} catch (Throwable e) {
@@ -1002,101 +974,70 @@
}
public void testInitDecryptFailsWhenPaddingSchemeNotAuthorized() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
- String impliedEncryptionPadding = TestUtils.getCipherEncryptionPadding(transformation);
- String badEncryptionPadding;
- if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(
- TestUtils.getCipherKeyAlgorithm(transformation))) {
- badEncryptionPadding =
- KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1.equalsIgnoreCase(
- impliedEncryptionPadding)
- ? KeyProperties.ENCRYPTION_PADDING_RSA_OAEP
- : KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1;
+ String transformationUpperCase = transformation.toUpperCase(Locale.US);
+ String authorizedPaddingScheme;
+ if (transformationUpperCase.startsWith("RSA/")) {
+ authorizedPaddingScheme = transformationUpperCase.contains("PKCS1PADDING")
+ ? "OAEPPadding" : "PKCS1Padding";
} else {
- badEncryptionPadding = KeyProperties.ENCRYPTION_PADDING_PKCS7.equalsIgnoreCase(
- impliedEncryptionPadding)
- ? KeyProperties.ENCRYPTION_PADDING_NONE
- : KeyProperties.ENCRYPTION_PADDING_PKCS7;
+ authorizedPaddingScheme = transformationUpperCase.contains("PKCS1PADDING")
+ ? "NoPadding" : "PKCS1Padding";
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_DECRYPT);
-
- assertInitDecryptSucceeds(transformation, good);
+ assertInitDecryptSucceeds(transformation, good.build());
assertInitDecryptThrowsInvalidKeyException(transformation,
TestUtils.buildUpon(good)
- .setEncryptionPaddings(badEncryptionPadding)
+ .setEncryptionPaddings(authorizedPaddingScheme)
.build());
-
- if (!KeyProperties.ENCRYPTION_PADDING_NONE.equalsIgnoreCase(
- impliedEncryptionPadding)) {
- // Check that authorized padding NONE does not mean ANY padding is authorized.
- badEncryptionPadding = KeyProperties.ENCRYPTION_PADDING_NONE;
- assertInitDecryptThrowsInvalidKeyException(transformation,
- TestUtils.buildUpon(good)
- .setEncryptionPaddings(badEncryptionPadding)
- .build());
- }
} catch (Throwable e) {
throw new RuntimeException(
"Failed for " + transformation + " when authorized only for "
- + badEncryptionPadding,
+ + authorizedPaddingScheme,
e);
}
}
}
public void testInitEncryptSymmetricFailsWhenPaddingSchemeNotAuthorized() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
if (!isSymmetric(transformation)) {
continue;
}
- String impliedEncryptionPadding = TestUtils.getCipherEncryptionPadding(transformation);
- String badEncryptionPadding = KeyProperties.ENCRYPTION_PADDING_PKCS7.equalsIgnoreCase(
- impliedEncryptionPadding)
- ? KeyProperties.ENCRYPTION_PADDING_NONE
- : KeyProperties.ENCRYPTION_PADDING_PKCS7;
+ String transformationUpperCase = transformation.toUpperCase(Locale.US);
+ String authorizedPaddingScheme;
+ if (transformationUpperCase.startsWith("RSA/")) {
+ authorizedPaddingScheme = transformationUpperCase.contains("PKCS1PADDING")
+ ? "OAEPPadding" : "PKCS1Padding";
+ } else {
+ authorizedPaddingScheme = transformationUpperCase.contains("PKCS1PADDING")
+ ? "NoPadding" : "PKCS1Padding";
+ }
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
-
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptThrowsInvalidKeyException(transformation,
TestUtils.buildUpon(good)
- .setEncryptionPaddings(badEncryptionPadding)
+ .setEncryptionPaddings(authorizedPaddingScheme)
.build());
-
- if (!KeyProperties.ENCRYPTION_PADDING_NONE.equalsIgnoreCase(
- impliedEncryptionPadding)) {
- // Check that authorized padding NONE does not mean ANY padding is authorized.
- badEncryptionPadding = KeyProperties.ENCRYPTION_PADDING_NONE;
- assertInitEncryptThrowsInvalidKeyException(transformation,
- TestUtils.buildUpon(good)
- .setEncryptionPaddings(badEncryptionPadding)
- .build());
- }
} catch (Throwable e) {
throw new RuntimeException(
"Failed for " + transformation + " when authorized only for "
- + badEncryptionPadding,
+ + authorizedPaddingScheme,
e);
}
}
}
public void testInitEncryptAsymmetricIgnoresAuthorizedPaddingSchemes() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
for (String transformation : EXPECTED_ALGORITHMS) {
if (isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
-
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptSucceeds(transformation,
TestUtils.buildUpon(good)
.setEncryptionPaddings()
@@ -1109,14 +1050,11 @@
}
public void testInitDecryptFailsWhenKeyNotYetValid() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
Date badStartDate = new Date(System.currentTimeMillis() + DAY_IN_MILLIS);
for (String transformation : EXPECTED_ALGORITHMS) {
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_DECRYPT);
-
- assertInitDecryptSucceeds(transformation, good);
+ assertInitDecryptSucceeds(transformation, good.build());
assertInitDecryptThrowsInvalidKeyException(transformation,
TestUtils.buildUpon(good).setKeyValidityStart(badStartDate).build());
} catch (Throwable e) {
@@ -1126,17 +1064,14 @@
}
public void testInitEncryptSymmetricFailsWhenKeyNotYetValid() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
Date badStartDate = new Date(System.currentTimeMillis() + DAY_IN_MILLIS);
for (String transformation : EXPECTED_ALGORITHMS) {
if (!isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
-
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptThrowsInvalidKeyException(transformation,
TestUtils.buildUpon(good).setKeyValidityStart(badStartDate).build());
} catch (Throwable e) {
@@ -1146,17 +1081,14 @@
}
public void testInitEncryptAsymmetricIgnoresThatKeyNotYetValid() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
Date badStartDate = new Date(System.currentTimeMillis() + DAY_IN_MILLIS);
for (String transformation : EXPECTED_ALGORITHMS) {
if (isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
-
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptSucceeds(transformation,
TestUtils.buildUpon(good).setKeyValidityStart(badStartDate).build());
} catch (Throwable e) {
@@ -1166,14 +1098,11 @@
}
public void testInitDecryptFailsWhenKeyNoLongerValidForConsumption() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
Date badEndDate = new Date(System.currentTimeMillis() - DAY_IN_MILLIS);
for (String transformation : EXPECTED_ALGORITHMS) {
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_DECRYPT);
-
- assertInitDecryptSucceeds(transformation, good);
+ assertInitDecryptSucceeds(transformation, good.build());
assertInitDecryptThrowsInvalidKeyException(transformation,
TestUtils.buildUpon(good)
.setKeyValidityForConsumptionEnd(badEndDate)
@@ -1185,14 +1114,11 @@
}
public void testInitDecryptIgnoresThatKeyNoLongerValidForOrigination() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
Date badEndDate = new Date(System.currentTimeMillis() - DAY_IN_MILLIS);
for (String transformation : EXPECTED_ALGORITHMS) {
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_DECRYPT);
-
- assertInitDecryptSucceeds(transformation, good);
+ assertInitDecryptSucceeds(transformation, good.build());
assertInitDecryptSucceeds(transformation,
TestUtils.buildUpon(good)
.setKeyValidityForOriginationEnd(badEndDate)
@@ -1204,17 +1130,14 @@
}
public void testInitEncryptSymmetricFailsWhenKeyNoLongerValidForOrigination() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
Date badEndDate = new Date(System.currentTimeMillis() - DAY_IN_MILLIS);
for (String transformation : EXPECTED_ALGORITHMS) {
if (!isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
-
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptThrowsInvalidKeyException(transformation,
TestUtils.buildUpon(good)
.setKeyValidityForOriginationEnd(badEndDate)
@@ -1227,17 +1150,14 @@
public void testInitEncryptSymmetricIgnoresThatKeyNoLongerValidForConsumption()
throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
Date badEndDate = new Date(System.currentTimeMillis() - DAY_IN_MILLIS);
for (String transformation : EXPECTED_ALGORITHMS) {
if (!isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
-
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptSucceeds(transformation,
TestUtils.buildUpon(good)
.setKeyValidityForConsumptionEnd(badEndDate)
@@ -1249,17 +1169,14 @@
}
public void testInitEncryptAsymmetricIgnoresThatKeyNoLongerValid() throws Exception {
+ KeyProtection.Builder good = GOOD_IMPORT_PARAMS_BUILDER;
Date badEndDate = new Date(System.currentTimeMillis() - DAY_IN_MILLIS);
for (String transformation : EXPECTED_ALGORITHMS) {
if (isSymmetric(transformation)) {
continue;
}
try {
- KeyProtection good = TestUtils.getMinimalWorkingImportParametersForCipheringWith(
- transformation,
- KeyProperties.PURPOSE_ENCRYPT);
-
- assertInitEncryptSucceeds(transformation, good);
+ assertInitEncryptSucceeds(transformation, good.build());
assertInitEncryptSucceeds(transformation,
TestUtils.buildUpon(good)
.setKeyValidityForOriginationEnd(badEndDate)
diff --git a/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java b/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
index 401857c..bc6ab9f 100644
--- a/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
+++ b/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
@@ -393,12 +393,7 @@
assertEquals(null, keyInfo.getKeyValidityForConsumptionEnd());
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getBlockModes()));
MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getDigests()),
- KeyProperties.DIGEST_NONE,
- KeyProperties.DIGEST_SHA1,
- KeyProperties.DIGEST_SHA224,
- KeyProperties.DIGEST_SHA256,
- KeyProperties.DIGEST_SHA384,
- KeyProperties.DIGEST_SHA512);
+ KeyProperties.DIGEST_NONE);
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getSignaturePaddings()));
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getEncryptionPaddings()));
@@ -440,12 +435,7 @@
assertEquals(null, keyInfo.getKeyValidityForConsumptionEnd());
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getBlockModes()));
MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getDigests()),
- KeyProperties.DIGEST_NONE,
- KeyProperties.DIGEST_SHA1,
- KeyProperties.DIGEST_SHA224,
- KeyProperties.DIGEST_SHA256,
- KeyProperties.DIGEST_SHA384,
- KeyProperties.DIGEST_SHA512);
+ KeyProperties.DIGEST_NONE);
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getSignaturePaddings()));
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getEncryptionPaddings()));
@@ -486,12 +476,7 @@
assertEquals(null, keyInfo.getKeyValidityForConsumptionEnd());
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getBlockModes()));
MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getDigests()),
- KeyProperties.DIGEST_NONE,
- KeyProperties.DIGEST_SHA1,
- KeyProperties.DIGEST_SHA224,
- KeyProperties.DIGEST_SHA256,
- KeyProperties.DIGEST_SHA384,
- KeyProperties.DIGEST_SHA512);
+ KeyProperties.DIGEST_NONE);
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getSignaturePaddings()));
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getEncryptionPaddings()));
}
@@ -534,20 +519,10 @@
assertEquals(null, keyInfo.getKeyValidityForConsumptionEnd());
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getBlockModes()));
MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getDigests()),
- KeyProperties.DIGEST_NONE,
- KeyProperties.DIGEST_MD5,
- KeyProperties.DIGEST_SHA1,
- KeyProperties.DIGEST_SHA224,
- KeyProperties.DIGEST_SHA256,
- KeyProperties.DIGEST_SHA384,
- KeyProperties.DIGEST_SHA512);
+ KeyProperties.DIGEST_NONE);
MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getEncryptionPaddings()),
- KeyProperties.ENCRYPTION_PADDING_NONE,
- KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1,
- KeyProperties.ENCRYPTION_PADDING_RSA_OAEP);
- MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getSignaturePaddings()),
- KeyProperties.SIGNATURE_PADDING_RSA_PSS,
- KeyProperties.SIGNATURE_PADDING_RSA_PKCS1);
+ KeyProperties.ENCRYPTION_PADDING_NONE);
+ MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getSignaturePaddings()));
}
public void testGenerate_ReplacesOldEntryWithSameAlias()
@@ -874,7 +849,7 @@
generator.initialize(new KeyGenParameterSpec.Builder(
TEST_ALIAS_1,
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
- .setDigests(KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA384)
+ .setDigests(KeyProperties.DIGEST_NONE)
.build());
KeyPair keyPair = generator.generateKeyPair();
assertGeneratedKeyPairAndSelfSignedCertificate(
@@ -889,7 +864,7 @@
KeyInfo keyInfo = TestUtils.getKeyInfo(keyPair.getPrivate());
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getBlockModes()));
MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getDigests()),
- KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_SHA384);
+ KeyProperties.DIGEST_NONE);
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getSignaturePaddings()));
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getEncryptionPaddings()));
assertSelfSignedCertificateSignatureVerifies(TEST_ALIAS_1);
@@ -903,13 +878,8 @@
KeyProperties.PURPOSE_SIGN
| KeyProperties.PURPOSE_VERIFY
| KeyProperties.PURPOSE_DECRYPT)
- .setDigests(KeyProperties.DIGEST_NONE,
- KeyProperties.DIGEST_SHA256,
- KeyProperties.DIGEST_SHA512)
- .setEncryptionPaddings(
- KeyProperties.ENCRYPTION_PADDING_NONE,
- KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
- .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
+ .setDigests(KeyProperties.DIGEST_NONE)
+ .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build());
KeyPair keyPair = generator.generateKeyPair();
assertGeneratedKeyPairAndSelfSignedCertificate(
@@ -924,14 +894,10 @@
KeyInfo keyInfo = TestUtils.getKeyInfo(keyPair.getPrivate());
MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getBlockModes()));
MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getDigests()),
- KeyProperties.DIGEST_NONE,
- KeyProperties.DIGEST_SHA256,
- KeyProperties.DIGEST_SHA512);
- MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getSignaturePaddings()),
- KeyProperties.SIGNATURE_PADDING_RSA_PKCS1);
+ KeyProperties.DIGEST_NONE);
+ MoreAsserts.assertEmpty(Arrays.asList(keyInfo.getSignaturePaddings()));
MoreAsserts.assertContentsInAnyOrder(Arrays.asList(keyInfo.getEncryptionPaddings()),
- KeyProperties.ENCRYPTION_PADDING_NONE,
- KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1);
+ KeyProperties.ENCRYPTION_PADDING_NONE);
assertSelfSignedCertificateSignatureVerifies(TEST_ALIAS_1);
assertKeyPairAndCertificateUsableForTLSPeerAuthentication(TEST_ALIAS_1);
}
diff --git a/tests/tests/keystore/src/android/keystore/cts/SignatureTest.java b/tests/tests/keystore/src/android/keystore/cts/SignatureTest.java
index 8451eb8..ee6472f 100644
--- a/tests/tests/keystore/src/android/keystore/cts/SignatureTest.java
+++ b/tests/tests/keystore/src/android/keystore/cts/SignatureTest.java
@@ -882,14 +882,6 @@
? KeyProperties.DIGEST_SHA384 : KeyProperties.DIGEST_SHA256;
assertInitSignThrowsInvalidKeyException(algorithm,
TestUtils.buildUpon(good).setDigests(badDigest).build());
-
- // Check that digest NONE is not treated as ANY.
- if (!KeyProperties.DIGEST_NONE.equalsIgnoreCase(digest)) {
- assertInitSignThrowsInvalidKeyException(algorithm,
- TestUtils.buildUpon(good)
- .setDigests(KeyProperties.DIGEST_NONE)
- .build());
- }
} catch (Throwable e) {
throw new RuntimeException("Failed for " + algorithm, e);
}
diff --git a/tests/tests/keystore/src/android/keystore/cts/TestUtils.java b/tests/tests/keystore/src/android/keystore/cts/TestUtils.java
index 2c3ab8c..1c4f6ad 100644
--- a/tests/tests/keystore/src/android/keystore/cts/TestUtils.java
+++ b/tests/tests/keystore/src/android/keystore/cts/TestUtils.java
@@ -857,11 +857,6 @@
}
static KeyProtection getMinimalWorkingImportParametersForCipheringWith(
- String transformation, int purposes) {
- return getMinimalWorkingImportParametersForCipheringWith(transformation, purposes, false);
- }
-
- static KeyProtection getMinimalWorkingImportParametersForCipheringWith(
String transformation, int purposes, boolean ivProvidedWhenEncrypting) {
String keyAlgorithm = TestUtils.getCipherKeyAlgorithm(transformation);
if (KeyProperties.KEY_ALGORITHM_AES.equalsIgnoreCase(keyAlgorithm)) {