diff options
| author | Shawn Willden <swillden@google.com> | 2020-12-17 09:07:27 -0700 |
|---|---|---|
| committer | Shawn Willden <swillden@google.com> | 2021-01-20 22:45:40 -0700 |
| commit | 0e80b5d108e288317fee7584cb2acf58d89e88a0 (patch) | |
| tree | 83d9beffbeb7e8e9a990befb6801717c2f5fb89c /security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | |
| parent | 1c15423de7156bf1f133d339939cccec0e98ad03 (diff) | |
Add basic testing for KeyMint certs.
This is by no means complete, but it validates basic functionality.
More is coming.
Test: VtsAidlKeyMintTargetTest
Change-Id: I0727a9f5b137b58b9a2f0aaf9935bfdc6525df8f
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | 56 |
1 files changed, 55 insertions, 1 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 93a216f27e..766c02dea9 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -37,7 +37,7 @@ using std::optional; os << "(Empty)" << ::std::endl; else { os << "\n"; - for (size_t i = 0; i < set.size(); ++i) os << set[i] << ::std::endl; + for (auto& entry : set) os << entry << ::std::endl; } return os; } @@ -131,6 +131,17 @@ ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc, *key_blob = std::move(creationResult.keyBlob); *key_characteristics = std::move(creationResult.keyCharacteristics); cert_chain_ = std::move(creationResult.certificateChain); + + auto algorithm = key_desc.GetTagValue(TAG_ALGORITHM); + EXPECT_TRUE(algorithm); + if (algorithm && + (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) { + EXPECT_GE(cert_chain_.size(), 1); + if (key_desc.Contains(TAG_ATTESTATION_CHALLENGE)) EXPECT_GT(cert_chain_.size(), 1); + } else { + // For symmetric keys there should be no certificates. + EXPECT_EQ(cert_chain_.size(), 0); + } } return GetReturnErrorCode(result); @@ -162,6 +173,17 @@ ErrorCode KeyMintAidlTestBase::ImportKey(const AuthorizationSet& key_desc, KeyFo *key_blob = std::move(creationResult.keyBlob); *key_characteristics = std::move(creationResult.keyCharacteristics); cert_chain_ = std::move(creationResult.certificateChain); + + auto algorithm = key_desc.GetTagValue(TAG_ALGORITHM); + EXPECT_TRUE(algorithm); + if (algorithm && + (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) { + EXPECT_GE(cert_chain_.size(), 1); + if (key_desc.Contains(TAG_ATTESTATION_CHALLENGE)) EXPECT_GT(cert_chain_.size(), 1); + } else { + // For symmetric keys there should be no certificates. + EXPECT_EQ(cert_chain_.size(), 0); + } } return GetReturnErrorCode(result); @@ -195,6 +217,20 @@ ErrorCode KeyMintAidlTestBase::ImportWrappedKey(string wrapped_key, string wrapp key_blob_ = std::move(creationResult.keyBlob); key_characteristics_ = std::move(creationResult.keyCharacteristics); cert_chain_ = std::move(creationResult.certificateChain); + + AuthorizationSet allAuths; + for (auto& entry : key_characteristics_) { + allAuths.push_back(AuthorizationSet(entry.authorizations)); + } + auto algorithm = allAuths.GetTagValue(TAG_ALGORITHM); + EXPECT_TRUE(algorithm); + if (algorithm && + (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC)) { + EXPECT_GE(cert_chain_.size(), 1); + } else { + // For symmetric keys there should be no certificates. + EXPECT_EQ(cert_chain_.size(), 0); + } } return GetReturnErrorCode(result); @@ -788,6 +824,24 @@ const vector<KeyParameter>& KeyMintAidlTestBase::SecLevelAuthorizations( return (found == key_characteristics.end()) ? kEmptyAuthList : found->authorizations; } +const vector<KeyParameter>& KeyMintAidlTestBase::HwEnforcedAuthorizations( + const vector<KeyCharacteristics>& key_characteristics) { + auto found = + std::find_if(key_characteristics.begin(), key_characteristics.end(), [](auto& entry) { + return entry.securityLevel == SecurityLevel::STRONGBOX || + entry.securityLevel == SecurityLevel::TRUSTED_ENVIRONMENT; + }); + return (found == key_characteristics.end()) ? kEmptyAuthList : found->authorizations; +} + +const vector<KeyParameter>& KeyMintAidlTestBase::SwEnforcedAuthorizations( + const vector<KeyCharacteristics>& key_characteristics) { + auto found = std::find_if( + key_characteristics.begin(), key_characteristics.end(), + [](auto& entry) { return entry.securityLevel == SecurityLevel::SOFTWARE; }); + return (found == key_characteristics.end()) ? kEmptyAuthList : found->authorizations; +} + } // namespace test } // namespace aidl::android::hardware::security::keymint |