Merge "Whenever generateKey fails updated AttestKeyTests to abort instead of continuing the execution of the test." into main

2026-02-01 21:37:44 +00:00 · 2023-08-15 11:30:45 +00:00
parent 046165292d 45b478f32e
commit 1452142a46
1 changed files with 33 additions and 22 deletions
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -156,7 +156,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
        vector<uint8_t> attested_key_blob;
        vector<KeyCharacteristics> attested_key_characteristics;
        vector<Certificate> attested_key_cert_chain;
-        EXPECT_EQ(ErrorCode::OK,
+        ASSERT_EQ(ErrorCode::OK,
                  GenerateKey(AuthorizationSetBuilder()
                                      .RsaSigningKey(2048, 65537)
                                      .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -167,9 +167,11 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
                              &attested_key_cert_chain));
        KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);

+        ASSERT_GT(attested_key_cert_chain.size(), 0);
+
        AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
        AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
-        EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+        ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
                                              SecLevel(),
                                              attested_key_cert_chain[0].encodedCertificate));

@@ -186,7 +188,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
         */
        attested_key_characteristics.resize(0);
        attested_key_cert_chain.resize(0);
-        EXPECT_EQ(ErrorCode::OK,
+        ASSERT_EQ(ErrorCode::OK,
                  GenerateKey(AuthorizationSetBuilder()
                                      .RsaEncryptionKey(2048, 65537)
                                      .Digest(Digest::NONE)
@@ -199,9 +201,11 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
                              &attested_key_cert_chain));
        KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob);

+        ASSERT_GT(attested_key_cert_chain.size(), 0);
+
        hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
        sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
-        EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced,
+        ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced,
                                              hw_enforced, SecLevel(),
                                              attested_key_cert_chain[0].encodedCertificate));

@@ -219,7 +223,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
        attested_key_characteristics.resize(0);
        attested_key_cert_chain.resize(0);
        uint64_t timestamp = 1619621648000;
-        EXPECT_EQ(ErrorCode::OK,
+        ASSERT_EQ(ErrorCode::OK,
                  GenerateKey(AuthorizationSetBuilder()
                                      .EcdsaSigningKey(EcCurve::P_256)
                                      .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -231,6 +235,8 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
                              &attested_key_cert_chain));
        KeyBlobDeleter attested_deleter3(keymint_, attested_key_blob);

+        ASSERT_GT(attested_key_cert_chain.size(), 0);
+
        // The returned key characteristics will include CREATION_DATETIME (checked below)
        // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics()
        // call below, to match what getKeyCharacteristics() returns (which doesn't include
@@ -246,7 +252,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
        EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
                << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
                << " not in hw_enforced:" << hw_enforced;
-        EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+        ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
                                              SecLevel(),
                                              attested_key_cert_chain[0].encodedCertificate));

@@ -336,7 +342,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {

    AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
    AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
-    EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id,  //
+    ASSERT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id,  //
                                          sw_enforced, hw_enforced, SecLevel(),
                                          attest_key_cert_chain[0].encodedCertificate));

@@ -354,7 +360,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
    uint64_t serial_int2 = 255;
    vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));

-    EXPECT_EQ(ErrorCode::OK,
+    ASSERT_EQ(ErrorCode::OK,
              GenerateKey(AuthorizationSetBuilder()
                                  .RsaSigningKey(2048, 65537)
                                  .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -367,9 +373,11 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
                          &attested_key_cert_chain));
    KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);

+    ASSERT_GT(attested_key_cert_chain.size(), 0);
+
    AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
    AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
-    EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2,
+    ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2,
                                          SecLevel(),
                                          attested_key_cert_chain[0].encodedCertificate));

@@ -437,7 +445,7 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
        AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
        AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
        ASSERT_GT(cert_chain_list[i].size(), 0);
-        EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+        ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
                                              SecLevel(),
                                              cert_chain_list[i][0].encodedCertificate));

@@ -512,7 +520,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) {
        AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
        AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
        ASSERT_GT(cert_chain_list[i].size(), 0);
-        EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+        ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
                                              SecLevel(),
                                              cert_chain_list[i][0].encodedCertificate));

@@ -628,7 +636,7 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
        AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
        AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
        ASSERT_GT(cert_chain_list[i].size(), 0);
-        EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+        ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
                                              SecLevel(),
                                              cert_chain_list[i][0].encodedCertificate));

@@ -678,7 +686,7 @@ TEST_P(AttestKeyTest, MissingChallenge) {
        vector<uint8_t> attested_key_blob;
        vector<KeyCharacteristics> attested_key_characteristics;
        vector<Certificate> attested_key_cert_chain;
-        EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
+        ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
                  GenerateKey(AuthorizationSetBuilder()
                                      .RsaSigningKey(2048, 65537)
                                      .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -687,7 +695,7 @@ TEST_P(AttestKeyTest, MissingChallenge) {
                              attest_key, &attested_key_blob, &attested_key_characteristics,
                              &attested_key_cert_chain));

-        EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
+        ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
                  GenerateKey(AuthorizationSetBuilder()
                                      .EcdsaSigningKey(EcCurve::P_256)
                                      .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -725,7 +733,7 @@ TEST_P(AttestKeyTest, AllEcCurves) {
        vector<uint8_t> attested_key_blob;
        vector<KeyCharacteristics> attested_key_characteristics;
        vector<Certificate> attested_key_cert_chain;
-        EXPECT_EQ(ErrorCode::OK,
+        ASSERT_EQ(ErrorCode::OK,
                  GenerateKey(AuthorizationSetBuilder()
                                      .RsaSigningKey(2048, 65537)
                                      .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -740,7 +748,7 @@ TEST_P(AttestKeyTest, AllEcCurves) {

        AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
        AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
-        EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+        ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
                                              SecLevel(),
                                              attested_key_cert_chain[0].encodedCertificate));

@@ -756,7 +764,7 @@ TEST_P(AttestKeyTest, AllEcCurves) {
        /*
         * Use attestation key to sign EC key
         */
-        EXPECT_EQ(ErrorCode::OK,
+        ASSERT_EQ(ErrorCode::OK,
                  GenerateKey(AuthorizationSetBuilder()
                                      .EcdsaSigningKey(EcCurve::P_256)
                                      .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -771,7 +779,7 @@ TEST_P(AttestKeyTest, AllEcCurves) {

        hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
        sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
-        EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
+        ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
                                              SecLevel(),
                                              attested_key_cert_chain[0].encodedCertificate));

@@ -809,7 +817,7 @@ TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
    vector<uint8_t> attested_key_blob;
    vector<KeyCharacteristics> attested_key_characteristics;
    vector<Certificate> attested_key_cert_chain;
-    EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+    ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
              GenerateKey(AuthorizationSetBuilder()
                                  .EcdsaSigningKey(EcCurve::P_256)
                                  .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -872,6 +880,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) {
        }

        ASSERT_EQ(result, ErrorCode::OK);
+        ASSERT_GT(attested_key_cert_chain.size(), 0);
        KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);

        AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
@@ -882,7 +891,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) {
        // attestation extension should contain them, so make sure the extra tag is added.
        hw_enforced.push_back(tag);

-        EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
+        ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
                                              hw_enforced, SecLevel(),
                                              attested_key_cert_chain[0].encodedCertificate));
    }
@@ -998,6 +1007,7 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
    }

    ASSERT_EQ(result, ErrorCode::OK);
+    ASSERT_GT(attested_key_cert_chain.size(), 0);
    KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);

    AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
@@ -1010,7 +1020,7 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
    KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, imei_blob);
    hw_enforced.push_back(imei_tag);

-    EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
+    ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
                                          hw_enforced, SecLevel(),
                                          attested_key_cert_chain[0].encodedCertificate));
 }
@@ -1069,6 +1079,7 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
    }

    ASSERT_EQ(result, ErrorCode::OK);
+    ASSERT_GT(attested_key_cert_chain.size(), 0);
    KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);

    AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
@@ -1084,7 +1095,7 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
    KeyParameter sec_imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, sec_imei_blob);
    hw_enforced.push_back(sec_imei_tag);

-    EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
+    ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
                                          hw_enforced, SecLevel(),
                                          attested_key_cert_chain[0].encodedCertificate));
 }