diff options
| author | Selene Huang <seleneh@google.com> | 2021-04-13 19:54:36 -0700 |
|---|---|---|
| committer | Selene Huang <seleneh@google.com> | 2021-04-20 19:23:40 -0700 |
| commit | 4f64c22809d12453dab0aab728601359fb720b6a (patch) | |
| tree | 617d32552520af5314a944160a46b2c214f2897f /security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | |
| parent | be01266c6311c87b5169315ee2720bfe21f9f46b (diff) | |
Added 12 various attestation related vts tests.
- Check for app id only if challenge is provided.
- Verify self sign certificate works for RSA and Ecdsa.
- Verified attestation is generated for encryption keys too.
- Verify no attestation is generated for symetric keys.
- Verify app id is always required when attestation challenge is
provided to the new key generation.
- Verify app id is ignored when challenge is missing.
- Verify app id length is properly encoded.
- Added vts tests for various attestation success and fail cases.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: If29249b0913fd9c2f91d20188ca5cfbaa04bead8
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index 3da048449b..bde05f1d11 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -883,16 +883,20 @@ bool verify_attestation_record(const string& challenge, // if (error != ErrorCode::OK) return false; EXPECT_GE(att_attestation_version, 3U); + vector<uint8_t> appId(app_id.begin(), app_id.end()); - expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, - vector<uint8_t>(app_id.begin(), app_id.end())); + // check challenge and app id only if we expects a non-fake certificate + if (challenge.length() > 0) { + EXPECT_EQ(challenge.length(), att_challenge.size()); + EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length())); + + expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, appId); + } EXPECT_GE(att_keymaster_version, 4U); EXPECT_EQ(security_level, att_keymaster_security_level); EXPECT_EQ(security_level, att_attestation_security_level); - EXPECT_EQ(challenge.length(), att_challenge.size()); - EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length())); char property_value[PROPERTY_VALUE_MAX] = {}; // TODO(b/136282179): When running under VTS-on-GSI the TEE-backed |