Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-02 13:49:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "Whenever generateKey fails updated AttestKeyTests to abort instead of continuing the execution of the test." into main am: 1452142a46

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2676503

Change-Id: Iad19012de44faabe1c51c6a74cccb39881e2eb42
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Treehugger Robot
2023-08-15 12:19:26 +00:00
committed by Automerger Merge Worker
parent a3af2c8956 1452142a46
commit 28fa789357
1 changed files with 33 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
security/keymint/aidl/vts/functional/AttestKeyTest.cpp
View File

@@ -156,7 +156,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
vector<uint8_t> attested_key_blob; vector<uint8_t> attested_key_blob;
vector<KeyCharacteristics> attested_key_characteristics; vector<KeyCharacteristics> attested_key_characteristics;
vector<Certificate> attested_key_cert_chain; vector<Certificate> attested_key_cert_chain;
EXPECT_EQ(ErrorCode::OK, ASSERT_EQ(ErrorCode::OK,
GenerateKey(AuthorizationSetBuilder() GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537) .RsaSigningKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -167,9 +167,11 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
&attested_key_cert_chain)); &attested_key_cert_chain));
KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
ASSERT_GT(attested_key_cert_chain.size(), 0);
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
SecLevel(), SecLevel(),
attested_key_cert_chain[0].encodedCertificate)); attested_key_cert_chain[0].encodedCertificate));
@@ -186,7 +188,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
*/ */
attested_key_characteristics.resize(0); attested_key_characteristics.resize(0);
attested_key_cert_chain.resize(0); attested_key_cert_chain.resize(0);
EXPECT_EQ(ErrorCode::OK, ASSERT_EQ(ErrorCode::OK,
GenerateKey(AuthorizationSetBuilder() GenerateKey(AuthorizationSetBuilder()
.RsaEncryptionKey(2048, 65537) .RsaEncryptionKey(2048, 65537)
.Digest(Digest::NONE) .Digest(Digest::NONE)
@@ -199,9 +201,11 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
&attested_key_cert_chain)); &attested_key_cert_chain));
KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob); KeyBlobDeleter attested_deleter2(keymint_, attested_key_blob);
ASSERT_GT(attested_key_cert_chain.size(), 0);
hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced,
hw_enforced, SecLevel(), hw_enforced, SecLevel(),
attested_key_cert_chain[0].encodedCertificate)); attested_key_cert_chain[0].encodedCertificate));
@@ -219,7 +223,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
attested_key_characteristics.resize(0); attested_key_characteristics.resize(0);
attested_key_cert_chain.resize(0); attested_key_cert_chain.resize(0);
uint64_t timestamp = 1619621648000; uint64_t timestamp = 1619621648000;
EXPECT_EQ(ErrorCode::OK, ASSERT_EQ(ErrorCode::OK,
GenerateKey(AuthorizationSetBuilder() GenerateKey(AuthorizationSetBuilder()
.EcdsaSigningKey(EcCurve::P_256) .EcdsaSigningKey(EcCurve::P_256)
.Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -231,6 +235,8 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
&attested_key_cert_chain)); &attested_key_cert_chain));
KeyBlobDeleter attested_deleter3(keymint_, attested_key_blob); KeyBlobDeleter attested_deleter3(keymint_, attested_key_blob);
ASSERT_GT(attested_key_cert_chain.size(), 0);
// The returned key characteristics will include CREATION_DATETIME (checked below) // The returned key characteristics will include CREATION_DATETIME (checked below)
// in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics() // in SecurityLevel::KEYSTORE; this will be stripped out in the CheckCharacteristics()
// call below, to match what getKeyCharacteristics() returns (which doesn't include // call below, to match what getKeyCharacteristics() returns (which doesn't include
@@ -246,7 +252,7 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp)) EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp))
<< "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced
<< " not in hw_enforced:" << hw_enforced; << " not in hw_enforced:" << hw_enforced;
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
SecLevel(), SecLevel(),
attested_key_cert_chain[0].encodedCertificate)); attested_key_cert_chain[0].encodedCertificate));
@@ -336,7 +342,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // ASSERT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, //
sw_enforced, hw_enforced, SecLevel(), sw_enforced, hw_enforced, SecLevel(),
attest_key_cert_chain[0].encodedCertificate)); attest_key_cert_chain[0].encodedCertificate));
@@ -354,7 +360,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
uint64_t serial_int2 = 255; uint64_t serial_int2 = 255;
vector<uint8_t> serial_blob2(build_serial_blob(serial_int2)); vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
EXPECT_EQ(ErrorCode::OK, ASSERT_EQ(ErrorCode::OK,
GenerateKey(AuthorizationSetBuilder() GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537) .RsaSigningKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -367,9 +373,11 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
&attested_key_cert_chain)); &attested_key_cert_chain));
KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
ASSERT_GT(attested_key_cert_chain.size(), 0);
AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2,
SecLevel(), SecLevel(),
attested_key_cert_chain[0].encodedCertificate)); attested_key_cert_chain[0].encodedCertificate));
@@ -437,7 +445,7 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
ASSERT_GT(cert_chain_list[i].size(), 0); ASSERT_GT(cert_chain_list[i].size(), 0);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
SecLevel(), SecLevel(),
cert_chain_list[i][0].encodedCertificate)); cert_chain_list[i][0].encodedCertificate));
@@ -512,7 +520,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) {
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
ASSERT_GT(cert_chain_list[i].size(), 0); ASSERT_GT(cert_chain_list[i].size(), 0);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
SecLevel(), SecLevel(),
cert_chain_list[i][0].encodedCertificate)); cert_chain_list[i][0].encodedCertificate));
@@ -628,7 +636,7 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
ASSERT_GT(cert_chain_list[i].size(), 0); ASSERT_GT(cert_chain_list[i].size(), 0);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
SecLevel(), SecLevel(),
cert_chain_list[i][0].encodedCertificate)); cert_chain_list[i][0].encodedCertificate));
@@ -678,7 +686,7 @@ TEST_P(AttestKeyTest, MissingChallenge) {
vector<uint8_t> attested_key_blob; vector<uint8_t> attested_key_blob;
vector<KeyCharacteristics> attested_key_characteristics; vector<KeyCharacteristics> attested_key_characteristics;
vector<Certificate> attested_key_cert_chain; vector<Certificate> attested_key_cert_chain;
EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
GenerateKey(AuthorizationSetBuilder() GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537) .RsaSigningKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -687,7 +695,7 @@ TEST_P(AttestKeyTest, MissingChallenge) {
attest_key, &attested_key_blob, &attested_key_characteristics, attest_key, &attested_key_blob, &attested_key_characteristics,
&attested_key_cert_chain)); &attested_key_cert_chain));
EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, ASSERT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING,
GenerateKey(AuthorizationSetBuilder() GenerateKey(AuthorizationSetBuilder()
.EcdsaSigningKey(EcCurve::P_256) .EcdsaSigningKey(EcCurve::P_256)
.Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -725,7 +733,7 @@ TEST_P(AttestKeyTest, AllEcCurves) {
vector<uint8_t> attested_key_blob; vector<uint8_t> attested_key_blob;
vector<KeyCharacteristics> attested_key_characteristics; vector<KeyCharacteristics> attested_key_characteristics;
vector<Certificate> attested_key_cert_chain; vector<Certificate> attested_key_cert_chain;
EXPECT_EQ(ErrorCode::OK, ASSERT_EQ(ErrorCode::OK,
GenerateKey(AuthorizationSetBuilder() GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537) .RsaSigningKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -740,7 +748,7 @@ TEST_P(AttestKeyTest, AllEcCurves) {
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
SecLevel(), SecLevel(),
attested_key_cert_chain[0].encodedCertificate)); attested_key_cert_chain[0].encodedCertificate));
@@ -756,7 +764,7 @@ TEST_P(AttestKeyTest, AllEcCurves) {
/* /*
* Use attestation key to sign EC key * Use attestation key to sign EC key
*/ */
EXPECT_EQ(ErrorCode::OK, ASSERT_EQ(ErrorCode::OK,
GenerateKey(AuthorizationSetBuilder() GenerateKey(AuthorizationSetBuilder()
.EcdsaSigningKey(EcCurve::P_256) .EcdsaSigningKey(EcCurve::P_256)
.Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -771,7 +779,7 @@ TEST_P(AttestKeyTest, AllEcCurves) {
hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced,
SecLevel(), SecLevel(),
attested_key_cert_chain[0].encodedCertificate)); attested_key_cert_chain[0].encodedCertificate));
@@ -809,7 +817,7 @@ TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
vector<uint8_t> attested_key_blob; vector<uint8_t> attested_key_blob;
vector<KeyCharacteristics> attested_key_characteristics; vector<KeyCharacteristics> attested_key_characteristics;
vector<Certificate> attested_key_cert_chain; vector<Certificate> attested_key_cert_chain;
EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
GenerateKey(AuthorizationSetBuilder() GenerateKey(AuthorizationSetBuilder()
.EcdsaSigningKey(EcCurve::P_256) .EcdsaSigningKey(EcCurve::P_256)
.Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_NO_AUTH_REQUIRED)
@@ -872,6 +880,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) {
} }
ASSERT_EQ(result, ErrorCode::OK); ASSERT_EQ(result, ErrorCode::OK);
ASSERT_GT(attested_key_cert_chain.size(), 0);
KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
@@ -882,7 +891,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) {
// attestation extension should contain them, so make sure the extra tag is added. // attestation extension should contain them, so make sure the extra tag is added.
hw_enforced.push_back(tag); hw_enforced.push_back(tag);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
hw_enforced, SecLevel(), hw_enforced, SecLevel(),
attested_key_cert_chain[0].encodedCertificate)); attested_key_cert_chain[0].encodedCertificate));
} }
@@ -998,6 +1007,7 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
} }
ASSERT_EQ(result, ErrorCode::OK); ASSERT_EQ(result, ErrorCode::OK);
ASSERT_GT(attested_key_cert_chain.size(), 0);
KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
@@ -1010,7 +1020,7 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, imei_blob); KeyParameter imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, imei_blob);
hw_enforced.push_back(imei_tag); hw_enforced.push_back(imei_tag);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
hw_enforced, SecLevel(), hw_enforced, SecLevel(),
attested_key_cert_chain[0].encodedCertificate)); attested_key_cert_chain[0].encodedCertificate));
} }
@@ -1069,6 +1079,7 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
} }
ASSERT_EQ(result, ErrorCode::OK); ASSERT_EQ(result, ErrorCode::OK);
ASSERT_GT(attested_key_cert_chain.size(), 0);
KeyBlobDeleter attested_deleter(keymint_, attested_key_blob); KeyBlobDeleter attested_deleter(keymint_, attested_key_blob);
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
@@ -1084,7 +1095,7 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
KeyParameter sec_imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, sec_imei_blob); KeyParameter sec_imei_tag = Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, sec_imei_blob);
hw_enforced.push_back(sec_imei_tag); hw_enforced.push_back(sec_imei_tag);
EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, ASSERT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced,
hw_enforced, SecLevel(), hw_enforced, SecLevel(),
attested_key_cert_chain[0].encodedCertificate)); attested_key_cert_chain[0].encodedCertificate));
} }