diff options
| author | David Drysdale <drysdale@google.com> | 2021-05-27 12:00:53 +0100 |
|---|---|---|
| committer | David Drysdale <drysdale@google.com> | 2021-06-04 16:42:23 +0100 |
| commit | adfe6116d50c0d0fc7fc672cca4de7de5f64735b (patch) | |
| tree | 0553cf8c45a0a3a6b746a8d56e6b9f4e98a6c995 /security/keymint/aidl/vts/functional/KeyMintTest.cpp | |
| parent | 19c7c575f08c0c76e511959d1604887659dd3d5c (diff) | |
KeyMint VTS: better early boot key tests
Add a check that the TAG_EARLY_BOOT_ONLY is included in the returned key
characteristics.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Change-Id: I200c61f34888c720c47f6289d79cd21d78436b58
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintTest.cpp')
| -rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintTest.cpp | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index 5dcfcaaa63..295be1a48d 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -6355,6 +6355,34 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK); + for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { + ASSERT_GT(keyData.blob.size(), 0U); + AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); + EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; + } + CheckedDeleteKey(&aesKeyData.blob); + CheckedDeleteKey(&hmacKeyData.blob); + CheckedDeleteKey(&rsaKeyData.blob); + CheckedDeleteKey(&ecdsaKeyData.blob); +} + +/* + * EarlyBootKeyTest.CreateAttestedEarlyBootKey + * + * Verifies that creating an early boot key with attestation succeeds. + */ +TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) { + auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys( + TAG_EARLY_BOOT_ONLY, ErrorCode::OK, [](AuthorizationSetBuilder* builder) { + builder->AttestationChallenge("challenge"); + builder->AttestationApplicationId("app_id"); + }); + + for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { + ASSERT_GT(keyData.blob.size(), 0U); + AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); + EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; + } CheckedDeleteKey(&aesKeyData.blob); CheckedDeleteKey(&hmacKeyData.blob); CheckedDeleteKey(&rsaKeyData.blob); @@ -6362,7 +6390,7 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { } /* - * EarlyBootKeyTest.UsetEarlyBootKeyFailure + * EarlyBootKeyTest.UseEarlyBootKeyFailure * * Verifies that using early boot keys at a later stage fails. */ |