KeyMint VTS: ATTEST_KEY has no other purpose

The KeyMint spec has always required that keys with the ATTEST_KEY purpose "must not have any other purpose". Add explicit tests for combined-purpose keys to be rejected. Also expand the spec text to require a specific error code, and to explain the rationale for single-purpose ATTEST_KEY keys. Bug: 197096139 Test: VtsAidlKeyMintTargetTest Change-Id: I2a2014f0ddc497128ba51bb3f43671f759789912
author: David Drysdale <drysdale@google.com> 2021-10-04 12:54:13 +0100
committer: David Drysdale <drysdale@google.com> 2021-11-03 09:58:05 +0000
commit: e60248c8e7c064833e2a88db2a6f84b9471d44c9 (patch)
tree: 48850fd2c3209f11fbd0c5cebfc692f084c5cc15 /security/keymint/aidl/vts/functional/AttestKeyTest.cpp
parent: b3b121493d2d8211ffa8765268395bed3473ae88 (diff)
1 files changed, 36 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 64550eff2d..a74a0b69a0 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -175,6 +175,24 @@ TEST_P(AttestKeyTest, AllRsaSizes) {
 }
 
 /*
+ * AttestKeyTest.RsaAttestKeyMultiPurposeFail
+ *
+ * This test attempts to create an RSA attestation key that also allows signing.
+ */
+TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
+    vector<uint8_t> attest_key_blob;
+    vector<KeyCharacteristics> attest_key_characteristics;
+    vector<Certificate> attest_key_cert_chain;
+    ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+              GenerateKey(AuthorizationSetBuilder()
+                                  .RsaSigningKey(2048, 65537)
+                                  .AttestKey()
+                                  .SetDefaultValidity(),
+                          {} /* attestation signing key */, &attest_key_blob,
+                          &attest_key_characteristics, &attest_key_cert_chain));
+}
+
+/*
  * AttestKeyTest.RsaAttestedAttestKeys
  *
  * This test creates an RSA attestation key signed by factory keys, and varifies it can be
@@ -412,6 +430,24 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) {
 }
 
 /*
+ * AttestKeyTest.EcAttestKeyMultiPurposeFail
+ *
+ * This test attempts to create an EC attestation key that also allows signing.
+ */
+TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
+    vector<uint8_t> attest_key_blob;
+    vector<KeyCharacteristics> attest_key_characteristics;
+    vector<Certificate> attest_key_cert_chain;
+    ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+              GenerateKey(AuthorizationSetBuilder()
+                                  .EcdsaSigningKey(EcCurve::P_256)
+                                  .AttestKey()
+                                  .SetDefaultValidity(),
+                          {} /* attestation signing key */, &attest_key_blob,
+                          &attest_key_characteristics, &attest_key_cert_chain));
+}
+
+/*
  * AttestKeyTest.AlternateAttestKeyChaining
  *
  * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
author	David Drysdale <drysdale@google.com>	2021-10-04 12:54:13 +0100
committer	David Drysdale <drysdale@google.com>	2021-11-03 09:58:05 +0000
commit	e60248c8e7c064833e2a88db2a6f84b9471d44c9 (patch)
tree	48850fd2c3209f11fbd0c5cebfc692f084c5cc15 /security/keymint/aidl/vts/functional/AttestKeyTest.cpp
parent	b3b121493d2d8211ffa8765268395bed3473ae88 (diff)