Merge "KeyMint VTS: strict test only for v2+" am: d057fc0c

 * This test attempts to create an RSA attestation key that also allows signing.

 * This test attempts to create an RSA attestation key that also allows signing.

 */

 */

TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {

TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {

    if (AidlVersion() < 2) {

        // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined

        // with other key purposes.  However, this was not checked at the time

        // so we can only be strict about checking this for implementations of KeyMint

        // version 2 and above.

        GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";

    }

    vector<uint8_t> attest_key_blob;

    vector<uint8_t> attest_key_blob;

    vector<KeyCharacteristics> attest_key_characteristics;

    vector<KeyCharacteristics> attest_key_characteristics;

    vector<Certificate> attest_key_cert_chain;

    vector<Certificate> attest_key_cert_chain;

 * This test attempts to create an EC attestation key that also allows signing.

 * This test attempts to create an EC attestation key that also allows signing.

 */

 */

TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {

TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {

    if (AidlVersion() < 2) {

        // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined

        // with other key purposes.  However, this was not checked at the time

        // so we can only be strict about checking this for implementations of KeyMint

        // version 2 and above.

        GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";

    }

    vector<uint8_t> attest_key_blob;

    vector<uint8_t> attest_key_blob;

    vector<KeyCharacteristics> attest_key_characteristics;

    vector<KeyCharacteristics> attest_key_characteristics;

    vector<Certificate> attest_key_cert_chain;

    vector<Certificate> attest_key_cert_chain;

 * Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.

 * Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.

 */

 */

TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {

TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {

    if (AidlVersion() < 2) {

        // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined

        // with other key purposes.  However, this was not checked at the time

        // so we can only be strict about checking this for implementations of KeyMint

        // version 2 and above.

        GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";

    }

    uint32_t key_size = 2048;

    uint32_t key_size = 2048;

    string key = rsa_2048_key;

    string key = rsa_2048_key;

 * Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.

 * Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.

 */

 */

TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {

TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {

    if (AidlVersion() < 2) {

        // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined

        // with other key purposes.  However, this was not checked at the time

        // so we can only be strict about checking this for implementations of KeyMint

        // version 2 and above.

        GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";

    }

    ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,

    ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,

              ImportKey(AuthorizationSetBuilder()

              ImportKey(AuthorizationSetBuilder()

                                .Authorization(TAG_NO_AUTH_REQUIRED)

                                .Authorization(TAG_NO_AUTH_REQUIRED)