diff options
| author | David Drysdale <drysdale@google.com> | 2021-12-16 09:37:15 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2021-12-16 09:37:15 +0000 |
| commit | 17393cbb40a855772261f8339dfa654dc6e2469b (patch) | |
| tree | 6d797376546fa1e9e463d9b9fdd0670d81132ac5 /security/keymint/aidl/vts/functional/AttestKeyTest.cpp | |
| parent | b05a7c13769890ce708ce0bcb36754c98027bb36 (diff) | |
| parent | 7dff4fc9b7c4ab3124dcffa78ddd49eee97dd577 (diff) | |
Merge "KeyMint: new version number in attestation"
Diffstat (limited to 'security/keymint/aidl/vts/functional/AttestKeyTest.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/AttestKeyTest.cpp | 37 |
1 files changed, 23 insertions, 14 deletions
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index 0fdf48db3e..727c6b72cd 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -81,7 +81,8 @@ TEST_P(AttestKeyTest, AllRsaSizes) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + SecLevel(), attested_key_cert_chain[0].encodedCertificate)); // Attestation by itself is not valid (last entry is not self-signed). @@ -113,7 +114,8 @@ TEST_P(AttestKeyTest, AllRsaSizes) { hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record("foo2", "bar2", sw_enforced, hw_enforced, SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo2", "bar2", sw_enforced, + hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); // Attestation by itself is not valid (last entry is not self-signed). @@ -154,12 +156,13 @@ TEST_P(AttestKeyTest, AllRsaSizes) { sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); // The client-specified CREATION_DATETIME should be in sw_enforced. - // Its presence will also trigger verify_attestation_record() to check that it - // is in the attestation extension with a matching value. + // Its presence will also trigger verify_attestation_record() to check that + // it is in the attestation extension with a matching value. EXPECT_TRUE(sw_enforced.Contains(TAG_CREATION_DATETIME, timestamp)) << "expected CREATION_TIMESTAMP in sw_enforced:" << sw_enforced << " not in hw_enforced:" << hw_enforced; - EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + SecLevel(), attested_key_cert_chain[0].encodedCertificate)); // Attestation by itself is not valid (last entry is not self-signed). @@ -235,7 +238,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics); - EXPECT_TRUE(verify_attestation_record(challenge, app_id, // + EXPECT_TRUE(verify_attestation_record(AidlVersion(), challenge, app_id, // sw_enforced, hw_enforced, SecLevel(), attest_key_cert_chain[0].encodedCertificate)); @@ -270,7 +273,8 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced2, hw_enforced2, SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced2, hw_enforced2, + SecLevel(), attested_key_cert_chain[0].encodedCertificate)); // Attestation by itself is not valid (last entry is not self-signed). @@ -331,7 +335,8 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); ASSERT_GT(cert_chain_list[i].size(), 0); - EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + SecLevel(), cert_chain_list[i][0].encodedCertificate)); if (i > 0) { @@ -403,7 +408,8 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); ASSERT_GT(cert_chain_list[i].size(), 0); - EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + SecLevel(), cert_chain_list[i][0].encodedCertificate)); if (i > 0) { @@ -510,7 +516,8 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); ASSERT_GT(cert_chain_list[i].size(), 0); - EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + SecLevel(), cert_chain_list[i][0].encodedCertificate)); if (i > 0) { @@ -624,7 +631,8 @@ TEST_P(AttestKeyTest, AllEcCurves) { AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + SecLevel(), attested_key_cert_chain[0].encodedCertificate)); // Attestation by itself is not valid (last entry is not self-signed). @@ -655,7 +663,8 @@ TEST_P(AttestKeyTest, AllEcCurves) { hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); - EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "foo", "bar", sw_enforced, hw_enforced, + SecLevel(), attested_key_cert_chain[0].encodedCertificate)); // Attestation by itself is not valid (last entry is not self-signed). @@ -760,8 +769,8 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { // attestation extension should contain them, so make sure the extra tag is added. hw_enforced.push_back(tag); - EXPECT_TRUE(verify_attestation_record("challenge", "foo", sw_enforced, hw_enforced, - SecLevel(), + EXPECT_TRUE(verify_attestation_record(AidlVersion(), "challenge", "foo", sw_enforced, + hw_enforced, SecLevel(), attested_key_cert_chain[0].encodedCertificate)); } CheckedDeleteKey(&attest_key.keyBlob); |