diff options
| author | Treehugger Robot <treehugger-gerrit@google.com> | 2022-02-24 17:05:59 +0000 |
|---|---|---|
| committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-02-24 17:05:59 +0000 |
| commit | 140062e6fb4784596acb79f729c816a82a22d2c6 (patch) | |
| tree | ed33da757a27dc6ca83736c2abf3ff8c02949728 /security/keymint/aidl/vts/functional/KeyMintTest.cpp | |
| parent | 747d25206b373fb62c1823463607a475a8dae079 (diff) | |
| parent | 9a7ab7c60b15c3c30c6e344c59c0c1060936d3b5 (diff) | |
Merge "KeyMint: Test generation of asymmetric keys fails with missing parameters" am: 72358dab6a am: 9a7ab7c60b
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1895034
Change-Id: Ia2fea157f4e7ba678aa101518d803fc2b45832d8
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintTest.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintTest.cpp | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index 4a32c2f37b..767de2bdee 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -1018,6 +1018,37 @@ TEST_P(NewKeyGenerationTest, Rsa) { } /* + * NewKeyGenerationTest.RsaWithMissingValidity + * + * Verifies that keymint returns an error while generating asymmetric key + * without providing NOT_BEFORE and NOT_AFTER parameters. + */ +TEST_P(NewKeyGenerationTest, RsaWithMissingValidity) { + // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to + // GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970. + constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000; + + vector<uint8_t> key_blob; + vector<KeyCharacteristics> key_characteristics; + ASSERT_EQ(ErrorCode::MISSING_NOT_BEFORE, + GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(2048, 65537) + .Digest(Digest::NONE) + .Padding(PaddingMode::NONE) + .Authorization(TAG_CERTIFICATE_NOT_AFTER, + kUndefinedExpirationDateTime), + &key_blob, &key_characteristics)); + + ASSERT_EQ(ErrorCode::MISSING_NOT_AFTER, + GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(2048, 65537) + .Digest(Digest::NONE) + .Padding(PaddingMode::NONE) + .Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0), + &key_blob, &key_characteristics)); +} + +/* * NewKeyGenerationTest.RsaWithAttestation * * Verifies that keymint can generate all required RSA key sizes with attestation, and that the @@ -1598,6 +1629,35 @@ TEST_P(NewKeyGenerationTest, EcdsaCurve25519MultiPurposeFail) { } /* + * NewKeyGenerationTest.EcdsaWithMissingValidity + * + * Verifies that keymint returns an error while generating asymmetric key + * without providing NOT_BEFORE and NOT_AFTER parameters. + */ +TEST_P(NewKeyGenerationTest, EcdsaWithMissingValidity) { + // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to + // GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970. + constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000; + + vector<uint8_t> key_blob; + vector<KeyCharacteristics> key_characteristics; + ASSERT_EQ(ErrorCode::MISSING_NOT_BEFORE, + GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(EcCurve::P_256) + .Digest(Digest::NONE) + .Authorization(TAG_CERTIFICATE_NOT_AFTER, + kUndefinedExpirationDateTime), + &key_blob, &key_characteristics)); + + ASSERT_EQ(ErrorCode::MISSING_NOT_AFTER, + GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(EcCurve::P_256) + .Digest(Digest::NONE) + .Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0), + &key_blob, &key_characteristics)); +} + +/* * NewKeyGenerationTest.EcdsaAttestation * * Verifies that for all Ecdsa key sizes, if challenge and app id is provided, |