Merge "KeyMint VTS: ATTEST_KEY has no other purpose" am: a67b0441fe am: 02c4ee0dca am: 35392ef70e am: 6e2b1afdeb

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1844276 Change-Id: Idd7c93ed9a4ad0b36ce06006cef11f0990b7ffcf
author: David Drysdale <drysdale@google.com> 2021-12-15 07:31:58 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2021-12-15 07:31:58 +0000
commit: 54bac215fa139ee96c963453f69f0f2a221cd032 (patch)
tree: 180bf3b569044868b8d78e8d7eba6215d9222159 /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent: e96f78f34041bc2a5ddb6615421b3e3e2b992830 (diff)
parent: 6e2b1afdebf7480c4b17a13593f0d6b7bc99b4a0 (diff)
1 files changed, 36 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 76f27943b2..3f33686119 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -3352,6 +3352,26 @@ TEST_P(ImportKeyTest, RsaPublicExponentMismatch) {
 }
 
 /*
+ * ImportKeyTest.RsaAttestMultiPurposeFail
+ *
+ * Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.
+ */
+TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {
+    uint32_t key_size = 2048;
+    string key = rsa_2048_key;
+
+    ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .RsaSigningKey(key_size, 65537)
+                                .AttestKey()
+                                .Digest(Digest::SHA_2_256)
+                                .Padding(PaddingMode::RSA_PSS)
+                                .SetDefaultValidity(),
+                        KeyFormat::PKCS8, key));
+}
+
+/*
  * ImportKeyTest.EcdsaSuccess
  *
  * Verifies that importing and using an ECDSA P-256 key pair works correctly.
@@ -3470,6 +3490,22 @@ TEST_P(ImportKeyTest, EcdsaCurveMismatch) {
 }
 
 /*
+ * ImportKeyTest.EcdsaAttestMultiPurposeFail
+ *
+ * Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.
+ */
+TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {
+    ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .EcdsaSigningKey(EcCurve::P_256)
+                                .AttestKey()
+                                .Digest(Digest::SHA_2_256)
+                                .SetDefaultValidity(),
+                        KeyFormat::PKCS8, ec_256_key));
+}
+
+/*
  * ImportKeyTest.AesSuccess
  *
  * Verifies that importing and using an AES key works.
author	David Drysdale <drysdale@google.com>	2021-12-15 07:31:58 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2021-12-15 07:31:58 +0000
commit	54bac215fa139ee96c963453f69f0f2a221cd032 (patch)
tree	180bf3b569044868b8d78e8d7eba6215d9222159 /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent	e96f78f34041bc2a5ddb6615421b3e3e2b992830 (diff)
parent	6e2b1afdebf7480c4b17a13593f0d6b7bc99b4a0 (diff)