diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index 8aef9d9a13..a2edd62740 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -156,7 +156,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) { vector attested_key_blob; vector attested_key_characteristics; vector attested_key_cert_chain; - EXPECT_EQ(ErrorCode::OK, + ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) @@ -167,9 +167,11 @@ TEST_P(AttestKeyTest, AllRsaSizes) { &attested_key_cert_chain)); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); + ASSERT_GT(attested_key_cert_chain.size(), 0); + AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); @@ -186,7 +188,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) { */ attested_key_characteristics.resize(0); attested_key_cert_chain.resize(0); - EXPECT_EQ(ErrorCode::OK, + ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .RsaEncryptionKey(2048, 65537) .Digest(Digest::NONE) @@ -199,9 +201,11 @@ TEST_P(AttestKeyTest, AllRsaSizes) { &attested_key_cert_chain)); KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob); + ASSERT_GT(attested_key_cert_chain.size(), 0); + hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); @@ -219,7 +223,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) { attested_key_characteristics.resize(0); attested_key_cert_chain.resize(0); uint64_t timestamp = 1619621648000; - EXPECT_EQ(ErrorCode::OK, + ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Authorization(TAG_NO_AUTH_REQUIRED) @@ -231,6 +235,8 @@ TEST_P(AttestKeyTest, AllRsaSizes) { &attested_key_cert_chain)); KeyBlobDeleter attested_deleter3(keymint_, attested_key_blob); + ASSERT_GT(attested_key_cert_chain.size(), 0); + // The returned key characteristics will include CREATION_DATETIME (checked below) // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics() // call below, to match what getKeyCharacteristics() returns (which doesn't include @@ -246,7 +252,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) { EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp)) << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced << " not in hw_enforced:" << hw_enforced; - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); @@ -336,7 +342,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // + ASSERT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // sw_enforced, hw_enforced, SecLevel(), attest_key_cert_chain[0].encodedCertificate)); @@ -354,7 +360,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { uint64_t serial_int2 = 255; vector serial_blob2(build_serial_blob(serial_int2)); - EXPECT_EQ(ErrorCode::OK, + ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) @@ -367,9 +373,11 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { &attested_key_cert_chain)); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); + ASSERT_GT(attested_key_cert_chain.size(), 0); + AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); @@ -437,7 +445,7 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); ASSERT_GT(cert_chain_list[i].size(), 0); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, SecLevel(), cert_chain_list[i][0].encodedCertificate)); @@ -512,7 +520,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); ASSERT_GT(cert_chain_list[i].size(), 0); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, SecLevel(), cert_chain_list[i][0].encodedCertificate)); @@ -628,7 +636,7 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); ASSERT_GT(cert_chain_list[i].size(), 0); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, SecLevel(), cert_chain_list[i][0].encodedCertificate)); @@ -678,7 +686,7 @@ TEST_P(AttestKeyTest, MissingChallenge) { vector attested_key_blob; vector attested_key_characteristics; vector attested_key_cert_chain; - EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, + ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) @@ -687,7 +695,7 @@ TEST_P(AttestKeyTest, MissingChallenge) { attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); - EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, + ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Authorization(TAG_NO_AUTH_REQUIRED) @@ -725,7 +733,7 @@ TEST_P(AttestKeyTest, AllEcCurves) { vector attested_key_blob; vector attested_key_characteristics; vector attested_key_cert_chain; - EXPECT_EQ(ErrorCode::OK, + ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) @@ -740,7 +748,7 @@ TEST_P(AttestKeyTest, AllEcCurves) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); @@ -756,7 +764,7 @@ TEST_P(AttestKeyTest, AllEcCurves) { /* * Use attestation key to sign EC key */ - EXPECT_EQ(ErrorCode::OK, + ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Authorization(TAG_NO_AUTH_REQUIRED) @@ -771,7 +779,7 @@ TEST_P(AttestKeyTest, AllEcCurves) { hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); @@ -809,7 +817,7 @@ TEST_P(AttestKeyTest, AttestWithNonAttestKey) { vector attested_key_blob; vector attested_key_characteristics; vector attested_key_cert_chain; - EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, + ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Authorization(TAG_NO_AUTH_REQUIRED) @@ -872,6 +880,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { } ASSERT_EQ(result, ErrorCode::OK); + ASSERT_GT(attested_key_cert_chain.size(), 0); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); @@ -882,7 +891,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { // attestation extension should contain them, so make sure the extra tag is added. hw_enforced.push_back(tag); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); } @@ -998,6 +1007,7 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) { } ASSERT_EQ(result, ErrorCode::OK); + ASSERT_GT(attested_key_cert_chain.size(), 0); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); @@ -1010,7 +1020,7 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) { KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, imei_blob); hw_enforced.push_back(imei_tag); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); } @@ -1069,6 +1079,7 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) { } ASSERT_EQ(result, ErrorCode::OK); + ASSERT_GT(attested_key_cert_chain.size(), 0); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); @@ -1084,7 +1095,7 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) { KeyParameter sec_imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, sec_imei_blob); hw_enforced.push_back(sec_imei_tag); - EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, + ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); }