optee km4.0 VTS: PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default

异常日志：

# ./VtsHalKeymasterV4_0TargetTest --gtest_filter=PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default
Note: Google Test filter = PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default
[==========] Running 1 test from 1 test suite.
[----------] Global test environment set-up.
[----------] 1 test from PerInstance/SigningOperationsTest
[ RUN ] PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default
hardware/interfaces/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp:940: Failure
Expected equality of these values:
ErrorCode::INVALID_KEY_BLOB
Which is: INVALID_KEY_BLOB
Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE))
Which is: OK
hardware/interfaces/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp:947: Failure
Expected equality of these values:
ErrorCode::INVALID_KEY_BLOB
Which is: INVALID_KEY_BLOB
Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid")))
Which is: OK
hardware/interfaces/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp:954: Failure
Expected equality of these values:
ErrorCode::INVALID_KEY_BLOB
Which is: INVALID_KEY_BLOB
Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata")))
Which is: OK
[ FAILED ] PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default, where GetParam() = "default" (9173 ms)
[----------] 1 test from PerInstance/SigningOperationsTest (9173 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test suite ran. (9174 ms total)
[ PASSED ] 0 tests.
[ FAILED ] 1 test, listed below:
[ FAILED ] PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default, where GetParam() = "default"

1 FAILED TEST

对应代码：

/*
 * SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData
 *
 * Verifies that using an RSA key requires the correct app ID/data.//检查重点
 */
TEST_P(SigningOperationsTest, RsaUseRequiresCorrectAppIdAppData) {
    ASSERT_EQ(ErrorCode::OK,
              GenerateKey(AuthorizationSetBuilder()
                                  .Authorization(TAG_NO_AUTH_REQUIRED)
                                  .RsaSigningKey(2048, 65537)
                                  .Digest(Digest::NONE)
                                  .Padding(PaddingMode::NONE)
                                  .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))
                                  .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata"))));
    EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
              Begin(KeyPurpose::SIGN,
                    AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)));
    AbortIfNeeded();
    EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
              Begin(KeyPurpose::SIGN,
                    AuthorizationSetBuilder()
                            .Digest(Digest::NONE)
                            .Padding(PaddingMode::NONE)
                            .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))));
    AbortIfNeeded();
    EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
              Begin(KeyPurpose::SIGN,
                    AuthorizationSetBuilder()
                            .Digest(Digest::NONE)
                            .Padding(PaddingMode::NONE)
                            .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata"))));
    AbortIfNeeded();
    EXPECT_EQ(ErrorCode::OK,
              Begin(KeyPurpose::SIGN,
                    AuthorizationSetBuilder()
                            .Digest(Digest::NONE)
                            .Padding(PaddingMode::NONE)
                            .Authorization(TAG_APPLICATION_DATA, HidlBuf("appdata"))
                            .Authorization(TAG_APPLICATION_ID, HidlBuf("clientid"))));
    AbortIfNeeded();
}

分析：

从测试代码来看，着重检查的是TAG_APPLICATION_ID和TAG_APPLICATION_DATA是否正常。

缺了，或者和keyblob对应不上的，都应该返回INVALID_KEY_BLOB。

TA侧代码排查最终问题出在TA_check_params。

当purpose为KM_PURPOSE_SIGN时，authorization set中存在TAG_APPLICATION_ID和TAG_APPLICATION_DATA时，意味着需要比较keyblob和authorization set的这两部分是否一致，按照这个思路来修改TA_check_params函数，最终测试pass。

代码片段：

out_cp:
if (op_purpose == KM_PURPOSE_SIGN && ((!client_id_check && client_id_need_check)
        || (!app_data_check) && app_data_need_check)) {
        EMSG("invalid blob");
        res = KM_ERROR_INVALID_KEY_BLOB;
    }
    return res;
}

 

VTS测试结果：

# ./VtsHalKeymasterV4_0TargetTest --gtest_filter=PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default
Note: Google Test filter = PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default
[==========] Running 1 test from 1 test suite.
[----------] Global test environment set-up.
[----------] 1 test from PerInstance/SigningOperationsTest
[ RUN ] PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default
[ OK ] PerInstance/SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData/0_default (8597 ms)
[----------] 1 test from PerInstance/SigningOperationsTest (8597 ms total)

[----------] Global test environment tear-down
[==========] 1 test from 1 test suite ran. (8598 ms total)
[ PASSED ] 1 test.