diff options
| author | Janis Danisevskis <jdanis@google.com> | 2021-02-09 11:30:25 -0800 |
|---|---|---|
| committer | Janis Danisevskis <jdanis@google.com> | 2021-02-09 13:55:26 -0800 |
| commit | 164bb878d4d09c7d351a0a1b5247615960faf295 (patch) | |
| tree | 4eb9b63bf420c19b14afb9bddee306c18f19fef7 /security/keymint/aidl/vts/functional/KeyMintTest.cpp | |
| parent | a47bf3b8adb52894665d57ce8421f63f9aced2c0 (diff) | |
Fix Keymint VTS test after adding CERTIFICATE_* tags
Pass required tags to generateKey and importKey.
Bug: 179809936
Test: VtsAidlKeyMintTargetTest
Change-Id: I762f73de50ca35c2f1ed271385d863910f53dcd2
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintTest.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintTest.cpp | 239 |
1 files changed, 155 insertions, 84 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index c849bade2e..88122ce7a2 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -544,7 +544,8 @@ TEST_P(NewKeyGenerationTest, Rsa) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(key_size, 65537) .Digest(Digest::NONE) - .Padding(PaddingMode::NONE), + .Padding(PaddingMode::NONE) + .SetDefaultValidity(), &key_blob, &key_characteristics)); ASSERT_GT(key_blob.size(), 0U); @@ -580,7 +581,8 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) { .Padding(PaddingMode::NONE) .AttestationChallenge(challenge) .AttestationApplicationId(app_id) - .Authorization(TAG_NO_AUTH_REQUIRED), + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), &key_blob, &key_characteristics)); ASSERT_GT(key_blob.size(), 0U); @@ -620,7 +622,8 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsa) { .RsaSigningKey(key_size, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) - .Authorization(TAG_USAGE_COUNT_LIMIT, 1), + .Authorization(TAG_USAGE_COUNT_LIMIT, 1) + .SetDefaultValidity(), &key_blob, &key_characteristics)); ASSERT_GT(key_blob.size(), 0U); @@ -665,7 +668,8 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsaWithAttestation) { .AttestationChallenge(challenge) .AttestationApplicationId(app_id) .Authorization(TAG_NO_AUTH_REQUIRED) - .Authorization(TAG_USAGE_COUNT_LIMIT, 1), + .Authorization(TAG_USAGE_COUNT_LIMIT, 1) + .SetDefaultValidity(), &key_blob, &key_characteristics)); ASSERT_GT(key_blob.size(), 0U); @@ -713,7 +717,8 @@ TEST_P(NewKeyGenerationTest, NoInvalidRsaSizes) { GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(key_size, 65537) .Digest(Digest::NONE) - .Padding(PaddingMode::NONE), + .Padding(PaddingMode::NONE) + .SetDefaultValidity(), &key_blob, &key_characteristics)); } } @@ -729,7 +734,8 @@ TEST_P(NewKeyGenerationTest, RsaNoDefaultSize) { GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_ALGORITHM, Algorithm::RSA) .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3U) - .SigningKey())); + .SigningKey() + .SetDefaultValidity())); } /* @@ -742,10 +748,11 @@ TEST_P(NewKeyGenerationTest, Ecdsa) { for (auto key_size : ValidKeySizes(Algorithm::EC)) { vector<uint8_t> key_blob; vector<KeyCharacteristics> key_characteristics; - ASSERT_EQ(ErrorCode::OK, - GenerateKey( - AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(Digest::NONE), - &key_blob, &key_characteristics)); + ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(key_size) + .Digest(Digest::NONE) + .SetDefaultValidity(), + &key_blob, &key_characteristics)); ASSERT_GT(key_blob.size(), 0U); CheckBaseParams(key_characteristics); @@ -772,7 +779,8 @@ TEST_P(NewKeyGenerationTest, LimitedUsageEcdsa) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(key_size) .Digest(Digest::NONE) - .Authorization(TAG_USAGE_COUNT_LIMIT, 1), + .Authorization(TAG_USAGE_COUNT_LIMIT, 1) + .SetDefaultValidity(), &key_blob, &key_characteristics)); ASSERT_GT(key_blob.size(), 0U); @@ -807,7 +815,8 @@ TEST_P(NewKeyGenerationTest, EcdsaDefaultSize) { GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_ALGORITHM, Algorithm::EC) .SigningKey() - .Digest(Digest::NONE))); + .Digest(Digest::NONE) + .SetDefaultValidity())); } /* @@ -820,14 +829,17 @@ TEST_P(NewKeyGenerationTest, EcdsaInvalidSize) { for (auto key_size : InvalidKeySizes(Algorithm::EC)) { vector<uint8_t> key_blob; vector<KeyCharacteristics> key_characteristics; - ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, - GenerateKey( - AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(Digest::NONE), - &key_blob, &key_characteristics)); + ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(key_size) + .Digest(Digest::NONE) + .SetDefaultValidity(), + &key_blob, &key_characteristics)); } - ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, - GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(Digest::NONE))); + ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(190) + .Digest(Digest::NONE) + .SetDefaultValidity())); } /* @@ -843,7 +855,8 @@ TEST_P(NewKeyGenerationTest, EcdsaMismatchKeySize) { GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(224) .Authorization(TAG_EC_CURVE, EcCurve::P_256) - .Digest(Digest::NONE))); + .Digest(Digest::NONE) + .SetDefaultValidity())); } /* @@ -854,8 +867,10 @@ TEST_P(NewKeyGenerationTest, EcdsaMismatchKeySize) { TEST_P(NewKeyGenerationTest, EcdsaAllValidSizes) { auto valid_sizes = ValidKeySizes(Algorithm::EC); for (size_t size : valid_sizes) { - EXPECT_EQ(ErrorCode::OK, - GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(Digest::NONE))) + EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(size) + .Digest(Digest::NONE) + .SetDefaultValidity())) << "Failed to generate size: " << size; CheckedDeleteKey(); } @@ -874,8 +889,10 @@ TEST_P(NewKeyGenerationTest, EcdsaAllValidCurves) { digest = Digest::SHA_2_512; } for (auto curve : ValidCurves()) { - EXPECT_EQ(ErrorCode::OK, - GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(curve).Digest(digest))) + EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(curve) + .Digest(digest) + .SetDefaultValidity())) << "Failed to generate key on curve: " << curve; CheckedDeleteKey(); } @@ -1058,7 +1075,8 @@ TEST_P(SigningOperationsTest, RsaSuccess) { .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) - .Authorization(TAG_NO_AUTH_REQUIRED))); + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity())); string message = "12345678901234567890123456789012"; string signature = SignMessage( message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); @@ -1076,7 +1094,8 @@ TEST_P(SigningOperationsTest, RsaUseRequiresCorrectAppIdAppData) { .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_APPLICATION_ID, "clientid") - .Authorization(TAG_APPLICATION_DATA, "appdata"))); + .Authorization(TAG_APPLICATION_DATA, "appdata") + .SetDefaultValidity())); EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE))); @@ -1112,7 +1131,8 @@ TEST_P(SigningOperationsTest, RsaPssSha256Success) { .RsaSigningKey(2048, 65537) .Digest(Digest::SHA_2_256) .Padding(PaddingMode::RSA_PSS) - .Authorization(TAG_NO_AUTH_REQUIRED))); + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity())); // Use large message, which won't work without digesting. string message(1024, 'a'); string signature = SignMessage( @@ -1131,7 +1151,8 @@ TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) { .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); string message = "12345678901234567890123456789012"; string signature; @@ -1150,13 +1171,13 @@ TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) { */ TEST_P(SigningOperationsTest, NoUserConfirmation) { if (SecLevel() == SecurityLevel::STRONGBOX) return; - ASSERT_EQ(ErrorCode::OK, - GenerateKey(AuthorizationSetBuilder() - .RsaSigningKey(1024, 65537) - .Digest(Digest::NONE) - .Padding(PaddingMode::NONE) - .Authorization(TAG_NO_AUTH_REQUIRED) - .Authorization(TAG_TRUSTED_CONFIRMATION_REQUIRED))); + ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(1024, 65537) + .Digest(Digest::NONE) + .Padding(PaddingMode::NONE) + .Authorization(TAG_NO_AUTH_REQUIRED) + .Authorization(TAG_TRUSTED_CONFIRMATION_REQUIRED) + .SetDefaultValidity())); const string message = "12345678901234567890123456789012"; EXPECT_EQ(ErrorCode::OK, @@ -1176,7 +1197,8 @@ TEST_P(SigningOperationsTest, RsaPkcs1Sha256Success) { .RsaSigningKey(2048, 65537) .Digest(Digest::SHA_2_256) .Authorization(TAG_NO_AUTH_REQUIRED) - .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); + .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) + .SetDefaultValidity())); string message(1024, 'a'); string signature = SignMessage(message, AuthorizationSetBuilder() .Digest(Digest::SHA_2_256) @@ -1193,7 +1215,8 @@ TEST_P(SigningOperationsTest, RsaPkcs1NoDigestSuccess) { .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) - .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); + .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) + .SetDefaultValidity())); string message(53, 'a'); string signature = SignMessage(message, AuthorizationSetBuilder() .Digest(Digest::NONE) @@ -1211,7 +1234,8 @@ TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLong) { .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) - .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); + .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) + .SetDefaultValidity())); string message(257, 'a'); EXPECT_EQ(ErrorCode::OK, @@ -1241,7 +1265,8 @@ TEST_P(SigningOperationsTest, RsaPssSha512TooSmallKey) { .RsaSigningKey(1024, 65537) .Digest(Digest::SHA_2_512) .Authorization(TAG_NO_AUTH_REQUIRED) - .Padding(PaddingMode::RSA_PSS))); + .Padding(PaddingMode::RSA_PSS) + .SetDefaultValidity())); EXPECT_EQ(ErrorCode::INCOMPATIBLE_DIGEST, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() .Digest(Digest::SHA_2_512) @@ -1259,7 +1284,8 @@ TEST_P(SigningOperationsTest, RsaNoPaddingTooLong) { .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) - .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); + .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) + .SetDefaultValidity())); // One byte too long string message(2048 / 8 + 1, 'a'); ASSERT_EQ(ErrorCode::OK, @@ -1293,7 +1319,8 @@ TEST_P(SigningOperationsTest, RsaAbort) { .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, @@ -1318,7 +1345,8 @@ TEST_P(SigningOperationsTest, RsaUnsupportedPadding) { .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) .Digest(Digest::SHA_2_256 /* supported digest */) - .Padding(PaddingMode::PKCS7))); + .Padding(PaddingMode::PKCS7) + .SetDefaultValidity())); ASSERT_EQ( ErrorCode::UNSUPPORTED_PADDING_MODE, Begin(KeyPurpose::SIGN, @@ -1335,7 +1363,8 @@ TEST_P(SigningOperationsTest, RsaNoDigest) { .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) .Digest(Digest::NONE) - .Padding(PaddingMode::RSA_PSS))); + .Padding(PaddingMode::RSA_PSS) + .SetDefaultValidity())); ASSERT_EQ(ErrorCode::INCOMPATIBLE_DIGEST, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::RSA_PSS))); @@ -1356,7 +1385,8 @@ TEST_P(SigningOperationsTest, RsaNoPadding) { .RsaKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) .SigningKey() - .Digest(Digest::NONE))); + .Digest(Digest::NONE) + .SetDefaultValidity())); ASSERT_EQ(ErrorCode::UNSUPPORTED_PADDING_MODE, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE))); } @@ -1371,7 +1401,8 @@ TEST_P(SigningOperationsTest, RsaTooShortMessage) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); // Barely shorter string message(2048 / 8 - 1, 'a'); @@ -1392,7 +1423,8 @@ TEST_P(SigningOperationsTest, RsaSignWithEncryptionKey) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) .Digest(Digest::NONE) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE))); @@ -1409,7 +1441,8 @@ TEST_P(SigningOperationsTest, RsaSignTooLargeMessage) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); // Largest possible message will always be larger than the public modulus. string message(2048 / 8, static_cast<char>(0xff)); @@ -1432,7 +1465,8 @@ TEST_P(SigningOperationsTest, EcdsaAllSizesAndHashes) { ErrorCode error = GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .EcdsaSigningKey(key_size) - .Digest(digest)); + .Digest(digest) + .SetDefaultValidity()); EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate ECDSA key with size " << key_size << " and digest " << digest; if (error != ErrorCode::OK) continue; @@ -1455,7 +1489,8 @@ TEST_P(SigningOperationsTest, EcdsaAllCurves) { ErrorCode error = GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .EcdsaSigningKey(curve) - .Digest(Digest::SHA_2_256)); + .Digest(Digest::SHA_2_256) + .SetDefaultValidity()); EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate ECDSA key with curve " << curve; if (error != ErrorCode::OK) continue; @@ -1477,7 +1512,8 @@ TEST_P(SigningOperationsTest, EcdsaNoDigestHugeData) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .EcdsaSigningKey(256) - .Digest(Digest::NONE))); + .Digest(Digest::NONE) + .SetDefaultValidity())); string message(1 * 1024, 'a'); SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE)); } @@ -1493,7 +1529,8 @@ TEST_P(SigningOperationsTest, EcUseRequiresCorrectAppIdAppData) { .EcdsaSigningKey(256) .Digest(Digest::NONE) .Authorization(TAG_APPLICATION_ID, "clientid") - .Authorization(TAG_APPLICATION_DATA, "appdata"))); + .Authorization(TAG_APPLICATION_DATA, "appdata") + .SetDefaultValidity())); EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE))); AbortIfNeeded(); @@ -1682,7 +1719,8 @@ TEST_P(VerificationOperationsTest, RsaSuccess) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); string message = "12345678901234567890123456789012"; string signature = SignMessage( message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)); @@ -1702,7 +1740,8 @@ TEST_P(VerificationOperationsTest, RsaAllPaddingsAndDigests) { .Digest(ValidDigests(true /* withNone */, true /* withMD5 */)) .Padding(PaddingMode::NONE) .Padding(PaddingMode::RSA_PSS) - .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN); + .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) + .SetDefaultValidity(); ASSERT_EQ(ErrorCode::OK, GenerateKey(authorizations)); @@ -1799,7 +1838,8 @@ TEST_P(VerificationOperationsTest, EcdsaAllDigestsAndCurves) { ErrorCode error = GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .EcdsaSigningKey(curve) - .Digest(digests)); + .Digest(digests) + .SetDefaultValidity()); EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate key for EC curve " << curve; if (error != ErrorCode::OK) { continue; @@ -1962,7 +2002,8 @@ TEST_P(ImportKeyTest, RsaSuccess) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaSigningKey(1024, 65537) .Digest(Digest::SHA_2_256) - .Padding(PaddingMode::RSA_PSS), + .Padding(PaddingMode::RSA_PSS) + .SetDefaultValidity(), KeyFormat::PKCS8, rsa_key)); CheckCryptoParam(TAG_ALGORITHM, Algorithm::RSA); @@ -1989,7 +2030,8 @@ TEST_P(ImportKeyTest, RsaKeySizeMismatch) { ImportKey(AuthorizationSetBuilder() .RsaSigningKey(2048 /* Doesn't match key */, 65537) .Digest(Digest::NONE) - .Padding(PaddingMode::NONE), + .Padding(PaddingMode::NONE) + .SetDefaultValidity(), KeyFormat::PKCS8, rsa_key)); } @@ -2004,7 +2046,8 @@ TEST_P(ImportKeyTest, RsaPublicExponentMismatch) { ImportKey(AuthorizationSetBuilder() .RsaSigningKey(1024, 3 /* Doesn't match key */) .Digest(Digest::NONE) - .Padding(PaddingMode::NONE), + .Padding(PaddingMode::NONE) + .SetDefaultValidity(), KeyFormat::PKCS8, rsa_key)); } @@ -2017,7 +2060,8 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .EcdsaSigningKey(256) - .Digest(Digest::SHA_2_256), + .Digest(Digest::SHA_2_256) + .SetDefaultValidity(), KeyFormat::PKCS8, ec_256_key)); CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); @@ -2043,7 +2087,8 @@ TEST_P(ImportKeyTest, EcdsaP256RFC5915Success) { ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .EcdsaSigningKey(256) - .Digest(Digest::SHA_2_256), + .Digest(Digest::SHA_2_256) + .SetDefaultValidity(), KeyFormat::PKCS8, ec_256_key_rfc5915)); CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); @@ -2068,7 +2113,8 @@ TEST_P(ImportKeyTest, EcdsaP256SEC1Success) { ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .EcdsaSigningKey(256) - .Digest(Digest::SHA_2_256), + .Digest(Digest::SHA_2_256) + .SetDefaultValidity(), KeyFormat::PKCS8, ec_256_key_sec1)); CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); @@ -2094,7 +2140,8 @@ TEST_P(ImportKeyTest, Ecdsa521Success) { ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .EcdsaSigningKey(521) - .Digest(Digest::SHA_2_256), + .Digest(Digest::SHA_2_256) + .SetDefaultValidity(), KeyFormat::PKCS8, ec_521_key)); CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); @@ -2119,7 +2166,8 @@ TEST_P(ImportKeyTest, EcdsaSizeMismatch) { ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, ImportKey(AuthorizationSetBuilder() .EcdsaSigningKey(224 /* Doesn't match key */) - .Digest(Digest::NONE), + .Digest(Digest::NONE) + .SetDefaultValidity(), KeyFormat::PKCS8, ec_256_key)); } @@ -2133,7 +2181,8 @@ TEST_P(ImportKeyTest, EcdsaCurveMismatch) { ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH, ImportKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_224 /* Doesn't match key */) - .Digest(Digest::NONE), + .Digest(Digest::NONE) + .SetDefaultValidity(), KeyFormat::PKCS8, ec_256_key)); } @@ -2254,7 +2303,8 @@ TEST_P(ImportWrappedKeyTest, Success) { .RsaEncryptionKey(2048, 65537) .Digest(Digest::SHA_2_256) .Padding(PaddingMode::RSA_OAEP) - .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY); + .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY) + .SetDefaultValidity(); ASSERT_EQ(ErrorCode::OK, ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key, @@ -2274,7 +2324,8 @@ TEST_P(ImportWrappedKeyTest, SuccessMasked) { .RsaEncryptionKey(2048, 65537) .Digest(Digest::SHA_2_256) .Padding(PaddingMode::RSA_OAEP) - .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY); + .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY) + .SetDefaultValidity(); ASSERT_EQ(ErrorCode::OK, ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, masking_key, @@ -2288,7 +2339,8 @@ TEST_P(ImportWrappedKeyTest, WrongMask) { .RsaEncryptionKey(2048, 65537) .Digest(Digest::SHA_2_256) .Padding(PaddingMode::RSA_OAEP) - .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY); + .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY) + .SetDefaultValidity(); ASSERT_EQ( ErrorCode::VERIFICATION_FAILED, @@ -2302,7 +2354,8 @@ TEST_P(ImportWrappedKeyTest, WrongPurpose) { auto wrapping_key_desc = AuthorizationSetBuilder() .RsaEncryptionKey(2048, 65537) .Digest(Digest::SHA_2_256) - .Padding(PaddingMode::RSA_OAEP); + .Padding(PaddingMode::RSA_OAEP) + .SetDefaultValidity(); ASSERT_EQ( ErrorCode::INCOMPATIBLE_PURPOSE, @@ -2325,7 +2378,8 @@ TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); string message = string(2048 / 8, 'a'); auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); @@ -2348,7 +2402,8 @@ TEST_P(EncryptionOperationsTest, RsaNoPaddingShortMessage) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); string message = "1"; auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); @@ -2377,7 +2432,8 @@ TEST_P(EncryptionOperationsTest, RsaNoPaddingTooLong) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); string message(2048 / 8 + 1, 'a'); @@ -2410,7 +2466,8 @@ TEST_P(EncryptionOperationsTest, RsaOaepSuccess) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(key_size, 65537) .Padding(PaddingMode::RSA_OAEP) - .Digest(digests))); + .Digest(digests) + .SetDefaultValidity())); string message = "Hello"; @@ -2458,7 +2515,8 @@ TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::RSA_OAEP) - .Digest(Digest::NONE))); + .Digest(Digest::NONE) + .SetDefaultValidity())); string message = "Hello World!"; auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_OAEP).Digest(Digest::NONE); @@ -2478,7 +2536,8 @@ TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(1024, 65537) .Padding(PaddingMode::RSA_OAEP) - .Digest(Digest::SHA_2_224, Digest::SHA_2_256))); + .Digest(Digest::SHA_2_224, Digest::SHA_2_256) + .SetDefaultValidity())); string message = "Hello World!"; string ciphertext = EncryptMessage( message, @@ -2503,7 +2562,8 @@ TEST_P(EncryptionOperationsTest, RsaOaepTooLarge) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::RSA_OAEP) - .Digest(Digest::SHA_2_256))); + .Digest(Digest::SHA_2_256) + .SetDefaultValidity())); constexpr size_t digest_size = 256 /* SHA_2_256 */ / 8; constexpr size_t oaep_overhead = 2 * digest_size + 2; string message(2048 / 8 - oaep_overhead + 1, 'a'); @@ -2531,7 +2591,8 @@ TEST_P(EncryptionOperationsTest, RsaOaepWithMGFDigestSuccess) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(key_size, 65537) .Padding(PaddingMode::RSA_OAEP) - .Digest(Digest::SHA_2_256))); + .Digest(Digest::SHA_2_256) + .SetDefaultValidity())); string message = "Hello"; @@ -2584,7 +2645,8 @@ TEST_P(EncryptionOperationsTest, RsaOaepWithMGFIncompatibleDigest) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::RSA_OAEP) - .Digest(Digest::SHA_2_256))); + .Digest(Digest::SHA_2_256) + .SetDefaultValidity())); string message = "Hello World!"; auto params = AuthorizationSetBuilder() @@ -2607,7 +2669,8 @@ TEST_P(EncryptionOperationsTest, RsaOaepWithMGFUnsupportedDigest) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) .Padding(PaddingMode::RSA_OAEP) - .Digest(Digest::SHA_2_256))); + .Digest(Digest::SHA_2_256) + .SetDefaultValidity())); string message = "Hello World!"; auto params = AuthorizationSetBuilder() @@ -2626,7 +2689,8 @@ TEST_P(EncryptionOperationsTest, RsaPkcs1Success) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) - .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT))); + .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT) + .SetDefaultValidity())); string message = "Hello World!"; auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT); @@ -2665,7 +2729,8 @@ TEST_P(EncryptionOperationsTest, RsaPkcs1TooLarge) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) - .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT))); + .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT) + .SetDefaultValidity())); string message(2048 / 8 - 10, 'a'); auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT); @@ -2685,7 +2750,8 @@ TEST_P(EncryptionOperationsTest, EcdsaEncrypt) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .EcdsaSigningKey(256) - .Digest(Digest::NONE))); + .Digest(Digest::NONE) + .SetDefaultValidity())); auto params = AuthorizationSetBuilder().Digest(Digest::NONE); ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::ENCRYPT, params)); ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::DECRYPT, params)); @@ -4333,7 +4399,8 @@ TEST_P(MaxOperationsTest, TestLimitRsa) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaSigningKey(1024, 65537) .NoDigestOrPadding() - .Authorization(TAG_MAX_USES_PER_BOOT, 3))); + .Authorization(TAG_MAX_USES_PER_BOOT, 3) + .SetDefaultValidity())); string message = "1234567890123456"; @@ -4452,7 +4519,8 @@ TEST_P(UsageCountLimitTest, TestSingleUseRsa) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaSigningKey(1024, 65537) .NoDigestOrPadding() - .Authorization(TAG_USAGE_COUNT_LIMIT, 1))); + .Authorization(TAG_USAGE_COUNT_LIMIT, 1) + .SetDefaultValidity())); // Check the usage count limit tag appears in the authorizations. AuthorizationSet auths; @@ -4495,7 +4563,8 @@ TEST_P(UsageCountLimitTest, TestLimitUseRsa) { .Authorization(TAG_NO_AUTH_REQUIRED) .RsaSigningKey(1024, 65537) .NoDigestOrPadding() - .Authorization(TAG_USAGE_COUNT_LIMIT, 3))); + .Authorization(TAG_USAGE_COUNT_LIMIT, 3) + .SetDefaultValidity())); // Check the usage count limit tag appears in the authorizations. AuthorizationSet auths; @@ -4704,7 +4773,8 @@ TEST_P(ClearOperationsTest, TooManyOperations) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .RsaEncryptionKey(2048, 65537) - .Padding(PaddingMode::NONE))); + .Padding(PaddingMode::NONE) + .SetDefaultValidity())); auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); constexpr size_t max_operations = 100; // set to arbituary large number @@ -4835,7 +4905,8 @@ TEST_P(KeyAgreementTest, Ecdh) { .Authorization(TAG_PURPOSE, KeyPurpose::AGREE_KEY) .Authorization(TAG_ALGORITHM, Algorithm::EC) .Authorization(TAG_ATTESTATION_APPLICATION_ID, {0x61, 0x62}) - .Authorization(TAG_ATTESTATION_CHALLENGE, challenge))) + .Authorization(TAG_ATTESTATION_CHALLENGE, challenge) + .SetDefaultValidity())) << "Failed to generate key"; ASSERT_GT(cert_chain_.size(), 0); X509_Ptr kmKeyCert(parse_cert_blob(cert_chain_[0].encodedCertificate)); |