diff options
| author | Scott Lobdell <slobdell@google.com> | 2021-04-08 04:26:21 +0000 |
|---|---|---|
| committer | Scott Lobdell <slobdell@google.com> | 2021-04-08 04:26:21 +0000 |
| commit | 95a4eaee873adf20b90a1d3d74c650c96a9271f2 (patch) | |
| tree | 47c85878a2730bd38bffb1ee4c138764e4a57479 /security/keymint/aidl/vts/functional/AttestKeyTest.cpp | |
| parent | 0c2e5fb06bd4257044c4761e89705268421c77b3 (diff) | |
| parent | aa0540c86a939e6c0f63e17d13d2aed3d9b53777 (diff) | |
Merge SP1A.210407.002
Change-Id: I59c8a9fe4c458698011cf3ced77bcd2c4818a138
Diffstat (limited to 'security/keymint/aidl/vts/functional/AttestKeyTest.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/AttestKeyTest.cpp | 53 |
1 files changed, 30 insertions, 23 deletions
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index 7e7a466566..daa3e1871f 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -26,29 +26,6 @@ namespace aidl::android::hardware::security::keymint::test { namespace { -vector<uint8_t> make_name_from_str(const string& name) { - X509_NAME_Ptr x509_name(X509_NAME_new()); - EXPECT_TRUE(x509_name.get() != nullptr); - if (!x509_name) return {}; - - EXPECT_EQ(1, X509_NAME_add_entry_by_txt(x509_name.get(), // - "CN", // - MBSTRING_ASC, - reinterpret_cast<const uint8_t*>(name.c_str()), - -1, // len - -1, // loc - 0 /* set */)); - - int len = i2d_X509_NAME(x509_name.get(), nullptr /* only return length */); - EXPECT_GT(len, 0); - - vector<uint8_t> retval(len); - uint8_t* p = retval.data(); - i2d_X509_NAME(x509_name.get(), &p); - - return retval; -} - bool IsSelfSigned(const vector<Certificate>& chain) { if (chain.size() != 1) return false; return ChainSignaturesAreValid(chain); @@ -230,6 +207,36 @@ TEST_P(AttestKeyTest, AllEcCurves) { } } +TEST_P(AttestKeyTest, AttestWithNonAttestKey) { + // Create non-attestaton key. + AttestationKey non_attest_key; + vector<KeyCharacteristics> non_attest_key_characteristics; + vector<Certificate> non_attest_key_cert_chain; + ASSERT_EQ( + ErrorCode::OK, + GenerateKey( + AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(), + {} /* attestation siging key */, &non_attest_key.keyBlob, + &non_attest_key_characteristics, &non_attest_key_cert_chain)); + + EXPECT_EQ(non_attest_key_cert_chain.size(), 1); + EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain)); + + // Attempt to sign attestation with non-attest key. + vector<uint8_t> attested_key_blob; + vector<KeyCharacteristics> attested_key_characteristics; + vector<Certificate> attested_key_cert_chain; + EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, + GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(EcCurve::P_256) + .Authorization(TAG_NO_AUTH_REQUIRED) + .AttestationChallenge("foo") + .AttestationApplicationId("bar") + .SetDefaultValidity(), + non_attest_key, &attested_key_blob, &attested_key_characteristics, + &attested_key_cert_chain)); +} + INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest); } // namespace aidl::android::hardware::security::keymint::test |