diff options
author | David Drysdale <drysdale@google.com> | 2021-05-27 12:00:53 +0100 |
---|---|---|
committer | David Drysdale <drysdale@google.com> | 2021-06-08 12:04:45 +0100 |
commit | eaab0f281603e674ae393876227e020c47e0b9ea (patch) | |
tree | dc9129960228ef2cf76a9dd1c4542148290fce44 /security/keymint/aidl/vts/functional/KeyMintTest.cpp | |
parent | 339b901709396fbc37639cbee7450ee197bea60c (diff) |
KeyMint VTS: better early boot key tests
Add a check that the TAG_EARLY_BOOT_ONLY is included in the returned key
characteristics.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Merged-In: I200c61f34888c720c47f6289d79cd21d78436b58
Change-Id: I200c61f34888c720c47f6289d79cd21d78436b58
Ignore-AOSP-First: already merged in aosp/master
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintTest.cpp')
-rw-r--r-- | security/keymint/aidl/vts/functional/KeyMintTest.cpp | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index 5dcfcaaa63..295be1a48d 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -6355,6 +6355,34 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK); + for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { + ASSERT_GT(keyData.blob.size(), 0U); + AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); + EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; + } + CheckedDeleteKey(&aesKeyData.blob); + CheckedDeleteKey(&hmacKeyData.blob); + CheckedDeleteKey(&rsaKeyData.blob); + CheckedDeleteKey(&ecdsaKeyData.blob); +} + +/* + * EarlyBootKeyTest.CreateAttestedEarlyBootKey + * + * Verifies that creating an early boot key with attestation succeeds. + */ +TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) { + auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys( + TAG_EARLY_BOOT_ONLY, ErrorCode::OK, [](AuthorizationSetBuilder* builder) { + builder->AttestationChallenge("challenge"); + builder->AttestationApplicationId("app_id"); + }); + + for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { + ASSERT_GT(keyData.blob.size(), 0U); + AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); + EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; + } CheckedDeleteKey(&aesKeyData.blob); CheckedDeleteKey(&hmacKeyData.blob); CheckedDeleteKey(&rsaKeyData.blob); @@ -6362,7 +6390,7 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { } /* - * EarlyBootKeyTest.UsetEarlyBootKeyFailure + * EarlyBootKeyTest.UseEarlyBootKeyFailure * * Verifies that using early boot keys at a later stage fails. */ |