KeyMint VTS: ATTEST_KEY has no other purpose

The KeyMint spec has always required that keys with the ATTEST_KEY purpose "must not have any other purpose". Add explicit tests for combined-purpose keys to be rejected. Also expand the spec text to require a specific error code, and to explain the rationale for single-purpose ATTEST_KEY keys. Bug: 197096139 Test: VtsAidlKeyMintTargetTest Change-Id: I2a2014f0ddc497128ba51bb3f43671f759789912
author: David Drysdale <drysdale@google.com> 2021-10-04 12:54:13 +0100
committer: David Drysdale <drysdale@google.com> 2021-11-03 09:58:05 +0000
commit: e60248c8e7c064833e2a88db2a6f84b9471d44c9 (patch)
tree: 48850fd2c3209f11fbd0c5cebfc692f084c5cc15 /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent: b3b121493d2d8211ffa8765268395bed3473ae88 (diff)
1 files changed, 36 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 670043d0dd..186873880c 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -3284,6 +3284,26 @@ TEST_P(ImportKeyTest, RsaPublicExponentMismatch) {
 }
 
 /*
+ * ImportKeyTest.RsaAttestMultiPurposeFail
+ *
+ * Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.
+ */
+TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {
+    uint32_t key_size = 2048;
+    string key = rsa_2048_key;
+
+    ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .RsaSigningKey(key_size, 65537)
+                                .AttestKey()
+                                .Digest(Digest::SHA_2_256)
+                                .Padding(PaddingMode::RSA_PSS)
+                                .SetDefaultValidity(),
+                        KeyFormat::PKCS8, key));
+}
+
+/*
  * ImportKeyTest.EcdsaSuccess
  *
  * Verifies that importing and using an ECDSA P-256 key pair works correctly.
@@ -3402,6 +3422,22 @@ TEST_P(ImportKeyTest, EcdsaCurveMismatch) {
 }
 
 /*
+ * ImportKeyTest.EcdsaAttestMultiPurposeFail
+ *
+ * Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.
+ */
+TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {
+    ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .EcdsaSigningKey(EcCurve::P_256)
+                                .AttestKey()
+                                .Digest(Digest::SHA_2_256)
+                                .SetDefaultValidity(),
+                        KeyFormat::PKCS8, ec_256_key));
+}
+
+/*
  * ImportKeyTest.AesSuccess
  *
  * Verifies that importing and using an AES key works.
author	David Drysdale <drysdale@google.com>	2021-10-04 12:54:13 +0100
committer	David Drysdale <drysdale@google.com>	2021-11-03 09:58:05 +0000
commit	e60248c8e7c064833e2a88db2a6f84b9471d44c9 (patch)
tree	48850fd2c3209f11fbd0c5cebfc692f084c5cc15 /security/keymint/aidl/vts/functional/KeyMintTest.cpp
parent	b3b121493d2d8211ffa8765268395bed3473ae88 (diff)