summaryrefslogtreecommitdiff
path: root/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h')
-rw-r--r--security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h47
1 files changed, 43 insertions, 4 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 7b3b9d4b4b..8f9df24522 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -31,6 +31,7 @@
#include <aidl/android/hardware/security/keymint/IKeyMintDevice.h>
#include <aidl/android/hardware/security/keymint/MacedPublicKey.h>
+#include <keymint_support/attestation_record.h>
#include <keymint_support/authorization_set.h>
#include <keymint_support/openssl_utils.h>
@@ -73,11 +74,15 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
IKeyMintDevice& keyMint() { return *keymint_; }
+ int32_t AidlVersion();
uint32_t os_version() { return os_version_; }
uint32_t os_patch_level() { return os_patch_level_; }
uint32_t vendor_patch_level() { return vendor_patch_level_; }
uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics);
uint32_t boot_patch_level();
+ bool isDeviceIdAttestationRequired();
+
+ bool Curve25519Supported();
ErrorCode GetReturnErrorCode(const Status& result);
@@ -93,6 +98,21 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
ErrorCode GenerateKey(const AuthorizationSet& key_desc,
const optional<AttestationKey>& attest_key = std::nullopt);
+ // Generate key for implementations which do not support factory attestation.
+ ErrorCode GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet& attest_key_desc,
+ const AuthorizationSet& key_desc,
+ vector<uint8_t>* key_blob,
+ vector<KeyCharacteristics>* key_characteristics,
+ vector<Certificate>* cert_chain);
+
+ ErrorCode GenerateKeyWithSelfSignedAttestKey(const AuthorizationSet& attest_key_desc,
+ const AuthorizationSet& key_desc,
+ vector<uint8_t>* key_blob,
+ vector<KeyCharacteristics>* key_characteristics) {
+ return GenerateKeyWithSelfSignedAttestKey(attest_key_desc, key_desc, key_blob,
+ key_characteristics, &cert_chain_);
+ }
+
ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
const string& key_material, vector<uint8_t>* key_blob,
vector<KeyCharacteristics>* key_characteristics);
@@ -166,6 +186,8 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
string MacMessage(const string& message, Digest digest, size_t mac_length);
+ void CheckAesIncrementalEncryptOperation(BlockMode block_mode, int message_size);
+
void CheckHmacTestVector(const string& key, const string& message, Digest digest,
const string& expected_mac);
@@ -250,7 +272,10 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
.SetDefaultValidity();
tagModifier(&rsaBuilder);
errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics);
- EXPECT_EQ(expectedReturn, errorCode);
+ if (!(SecLevel() == SecurityLevel::STRONGBOX &&
+ ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
+ EXPECT_EQ(expectedReturn, errorCode);
+ }
/* ECDSA */
KeyData ecdsaKeyData;
@@ -262,7 +287,10 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
.SetDefaultValidity();
tagModifier(&ecdsaBuilder);
errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
- EXPECT_EQ(expectedReturn, errorCode);
+ if (!(SecLevel() == SecurityLevel::STRONGBOX &&
+ ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
+ EXPECT_EQ(expectedReturn, errorCode);
+ }
return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
}
bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
@@ -279,6 +307,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
vector<EcCurve> InvalidCurves();
vector<Digest> ValidDigests(bool withNone, bool withMD5);
+ vector<uint64_t> ValidExponents();
static vector<string> build_params() {
auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
@@ -326,14 +355,24 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t
}
}
+// Return the VSR API level for this device.
+int get_vsr_api_level();
+
+// Indicate whether the test is running on a GSI image.
+bool is_gsi_image();
+
vector<uint8_t> build_serial_blob(const uint64_t serial_int);
void verify_subject(const X509* cert, const string& subject, bool self_signed);
void verify_serial(X509* cert, const uint64_t expected_serial);
void verify_subject_and_serial(const Certificate& certificate, //
const uint64_t expected_serial, //
const string& subject, bool self_signed);
-
-bool verify_attestation_record(const string& challenge, //
+void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, //
+ bool device_locked, //
+ VerifiedBoot verified_boot_state, //
+ const vector<uint8_t>& verified_boot_hash);
+bool verify_attestation_record(int aidl_version, //
+ const string& challenge, //
const string& app_id, //
AuthorizationSet expected_sw_enforced, //
AuthorizationSet expected_hw_enforced, //
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 11:13:06 +0000