Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 16:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "KeyMint VTS: extra unique ID test" am: 7a5b3d062d am: 3a539327e3

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1877242

Change-Id: Ifeeb05aacc479fd2f3af49e7b28fbe7a26d021b4
This commit is contained in:
David Drysdale
2021-11-11 06:54:06 +00:00
committed by Automerger Merge Worker
parent 77639a8dd5 3a539327e3
commit f103c76afe
2 changed files with 34 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
View File

@@ -78,6 +78,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) {
.Digest(Digest::SHA_2_256) .Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
.Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_INCLUDE_UNIQUE_ID)
.Authorization(TAG_CREATION_DATETIME, 1619621648000)
.AttestationChallenge("challenge") .AttestationChallenge("challenge")
.AttestationApplicationId("foo") .AttestationApplicationId("foo")
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -106,6 +107,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) {
.EcdsaSigningKey(EcCurve::P_256) .EcdsaSigningKey(EcCurve::P_256)
.Digest(Digest::SHA_2_256) .Digest(Digest::SHA_2_256)
.Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_INCLUDE_UNIQUE_ID)
.Authorization(TAG_CREATION_DATETIME, 1619621648000)
.AttestationChallenge("challenge") .AttestationChallenge("challenge")
.AttestationApplicationId("foo") .AttestationApplicationId("foo")
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -135,6 +137,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) {
.Digest(Digest::SHA_2_256) .Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
.Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_INCLUDE_UNIQUE_ID)
.Authorization(TAG_CREATION_DATETIME, 1619621648000)
.AttestationChallenge("challenge") .AttestationChallenge("challenge")
.AttestationApplicationId("foo") .AttestationApplicationId("foo")
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -192,6 +195,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) {
.EcdsaSigningKey(EcCurve::P_256) .EcdsaSigningKey(EcCurve::P_256)
.Digest(Digest::SHA_2_256) .Digest(Digest::SHA_2_256)
.Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_INCLUDE_UNIQUE_ID)
.Authorization(TAG_CREATION_DATETIME, 1619621648000)
.AttestationChallenge("challenge") .AttestationChallenge("challenge")
.AttestationApplicationId("foo") .AttestationApplicationId("foo")
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -252,14 +256,16 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) {
for (const KeyParameter& tag : attestation_id_tags) { for (const KeyParameter& tag : attestation_id_tags) {
SCOPED_TRACE(testing::Message() << "+tag-" << tag); SCOPED_TRACE(testing::Message() << "+tag-" << tag);
AuthorizationSetBuilder builder = AuthorizationSetBuilder() AuthorizationSetBuilder builder =
.Authorization(TAG_NO_AUTH_REQUIRED) AuthorizationSetBuilder()
.EcdsaSigningKey(EcCurve::P_256) .Authorization(TAG_NO_AUTH_REQUIRED)
.Digest(Digest::SHA_2_256) .EcdsaSigningKey(EcCurve::P_256)
.Authorization(TAG_INCLUDE_UNIQUE_ID) .Digest(Digest::SHA_2_256)
.AttestationChallenge("challenge") .Authorization(TAG_INCLUDE_UNIQUE_ID)
.AttestationApplicationId("foo") .Authorization(TAG_CREATION_DATETIME, 1619621648000)
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION); .AttestationChallenge("challenge")
.AttestationApplicationId("foo")
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);
builder.push_back(tag); builder.push_back(tag);
auto result = GenerateKey(builder, &key_blob, &key_characteristics); auto result = GenerateKey(builder, &key_blob, &key_characteristics);
@@ -322,14 +328,16 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) {
for (const KeyParameter& invalid_tag : attestation_id_tags) { for (const KeyParameter& invalid_tag : attestation_id_tags) {
SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag); SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
AuthorizationSetBuilder builder = AuthorizationSetBuilder() AuthorizationSetBuilder builder =
.Authorization(TAG_NO_AUTH_REQUIRED) AuthorizationSetBuilder()
.EcdsaSigningKey(EcCurve::P_256) .Authorization(TAG_NO_AUTH_REQUIRED)
.Digest(Digest::SHA_2_256) .EcdsaSigningKey(EcCurve::P_256)
.Authorization(TAG_INCLUDE_UNIQUE_ID) .Digest(Digest::SHA_2_256)
.AttestationChallenge("challenge") .Authorization(TAG_INCLUDE_UNIQUE_ID)
.AttestationApplicationId("foo") .Authorization(TAG_CREATION_DATETIME, 1619621648000)
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION); .AttestationChallenge("challenge")
.AttestationApplicationId("foo")
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);
// Add the tag that doesn't match the local device's real ID. // Add the tag that doesn't match the local device's real ID.
builder.push_back(invalid_tag); builder.push_back(invalid_tag);
auto result = GenerateKey(builder, &key_blob, &key_characteristics); auto result = GenerateKey(builder, &key_blob, &key_characteristics);

12
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View File

@@ -1627,13 +1627,13 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
*/ */
TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) {
auto get_unique_id = [this](const std::string& app_id, uint64_t datetime, auto get_unique_id = [this](const std::string& app_id, uint64_t datetime,
vector<uint8_t>* unique_id) { vector<uint8_t>* unique_id, bool reset = false) {
auto challenge = "hello"; auto challenge = "hello";
auto subject = "cert subj 2"; auto subject = "cert subj 2";
vector<uint8_t> subject_der(make_name_from_str(subject)); vector<uint8_t> subject_der(make_name_from_str(subject));
uint64_t serial_int = 0x1010; uint64_t serial_int = 0x1010;
vector<uint8_t> serial_blob(build_serial_blob(serial_int)); vector<uint8_t> serial_blob(build_serial_blob(serial_int));
const AuthorizationSetBuilder builder = AuthorizationSetBuilder builder =
AuthorizationSetBuilder() AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_NO_AUTH_REQUIRED)
.Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_INCLUDE_UNIQUE_ID)
@@ -1645,6 +1645,9 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) {
.AttestationApplicationId(app_id) .AttestationApplicationId(app_id)
.Authorization(TAG_CREATION_DATETIME, datetime) .Authorization(TAG_CREATION_DATETIME, datetime)
.SetDefaultValidity(); .SetDefaultValidity();
if (reset) {
builder.Authorization(TAG_RESET_SINCE_ID_ROTATION);
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(builder)); ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));
ASSERT_GT(key_blob_.size(), 0U); ASSERT_GT(key_blob_.size(), 0U);
@@ -1706,6 +1709,11 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) {
vector<uint8_t> unique_id8; vector<uint8_t> unique_id8;
get_unique_id(app_id, min_date - 1, &unique_id8); get_unique_id(app_id, min_date - 1, &unique_id8);
EXPECT_NE(unique_id, unique_id8); EXPECT_NE(unique_id, unique_id8);
// Marking RESET_SINCE_ID_ROTATION should give a different unique ID.
vector<uint8_t> unique_id9;
get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);
EXPECT_NE(unique_id, unique_id9);
} }
/* /*