diff options
| author | Shawn Willden <swillden@google.com> | 2021-04-01 12:57:21 -0600 |
|---|---|---|
| committer | Shawn Willden <swillden@google.com> | 2021-04-01 12:57:21 -0600 |
| commit | 7bbf6298f2fb559d769a90da11bd6217c3c0247d (patch) | |
| tree | ea6ea70755229c7b782619fd434ba9b4a6574736 /security/keymint/aidl/vts/functional/AttestKeyTest.cpp | |
| parent | 49e5b5eaccc9f9dd83919c69d49f5544e159dbae (diff) | |
Correct error code in attest_key docs.
Also adds a test to verify that implementations return the expected
error code.
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic8e9953a2572eb0cc8fefc363934eaf9b432b5a4
Diffstat (limited to 'security/keymint/aidl/vts/functional/AttestKeyTest.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/AttestKeyTest.cpp | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index 1e907dbbee..daa3e1871f 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -207,6 +207,36 @@ TEST_P(AttestKeyTest, AllEcCurves) { } } +TEST_P(AttestKeyTest, AttestWithNonAttestKey) { + // Create non-attestaton key. + AttestationKey non_attest_key; + vector<KeyCharacteristics> non_attest_key_characteristics; + vector<Certificate> non_attest_key_cert_chain; + ASSERT_EQ( + ErrorCode::OK, + GenerateKey( + AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(), + {} /* attestation siging key */, &non_attest_key.keyBlob, + &non_attest_key_characteristics, &non_attest_key_cert_chain)); + + EXPECT_EQ(non_attest_key_cert_chain.size(), 1); + EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain)); + + // Attempt to sign attestation with non-attest key. + vector<uint8_t> attested_key_blob; + vector<KeyCharacteristics> attested_key_characteristics; + vector<Certificate> attested_key_cert_chain; + EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, + GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(EcCurve::P_256) + .Authorization(TAG_NO_AUTH_REQUIRED) + .AttestationChallenge("foo") + .AttestationApplicationId("bar") + .SetDefaultValidity(), + non_attest_key, &attested_key_blob, &attested_key_characteristics, + &attested_key_cert_chain)); +} + INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest); } // namespace aidl::android::hardware::security::keymint::test |