Loading security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp +6 −0 Original line number Diff line number Diff line Loading @@ -80,6 +80,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) { .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), Loading Loading @@ -109,6 +110,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) { .Digest(Digest::SHA_2_256) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), Loading Loading @@ -139,6 +141,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) { .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), Loading Loading @@ -197,6 +200,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) { .Digest(Digest::SHA_2_256) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), Loading Loading @@ -264,6 +268,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) { .Digest(Digest::SHA_2_256) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION); Loading Loading @@ -336,6 +341,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) { .Digest(Digest::SHA_2_256) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION); Loading security/keymint/aidl/vts/functional/KeyMintTest.cpp +60 −0 Original line number Diff line number Diff line Loading @@ -1017,6 +1017,37 @@ TEST_P(NewKeyGenerationTest, Rsa) { } } /* * NewKeyGenerationTest.RsaWithMissingValidity * * Verifies that keymint returns an error while generating asymmetric key * without providing NOT_BEFORE and NOT_AFTER parameters. */ TEST_P(NewKeyGenerationTest, RsaWithMissingValidity) { // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to // GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970. constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000; vector<uint8_t> key_blob; vector<KeyCharacteristics> key_characteristics; ASSERT_EQ(ErrorCode::MISSING_NOT_BEFORE, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_CERTIFICATE_NOT_AFTER, kUndefinedExpirationDateTime), &key_blob, &key_characteristics)); ASSERT_EQ(ErrorCode::MISSING_NOT_AFTER, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0), &key_blob, &key_characteristics)); } /* * NewKeyGenerationTest.RsaWithAttestation * Loading Loading @@ -1597,6 +1628,35 @@ TEST_P(NewKeyGenerationTest, EcdsaCurve25519MultiPurposeFail) { ASSERT_EQ(result, ErrorCode::INCOMPATIBLE_PURPOSE); } /* * NewKeyGenerationTest.EcdsaWithMissingValidity * * Verifies that keymint returns an error while generating asymmetric key * without providing NOT_BEFORE and NOT_AFTER parameters. */ TEST_P(NewKeyGenerationTest, EcdsaWithMissingValidity) { // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to // GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970. constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000; vector<uint8_t> key_blob; vector<KeyCharacteristics> key_characteristics; ASSERT_EQ(ErrorCode::MISSING_NOT_BEFORE, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Digest(Digest::NONE) .Authorization(TAG_CERTIFICATE_NOT_AFTER, kUndefinedExpirationDateTime), &key_blob, &key_characteristics)); ASSERT_EQ(ErrorCode::MISSING_NOT_AFTER, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Digest(Digest::NONE) .Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0), &key_blob, &key_characteristics)); } /* * NewKeyGenerationTest.EcdsaAttestation * Loading Loading
security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp +6 −0 Original line number Diff line number Diff line Loading @@ -80,6 +80,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) { .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), Loading Loading @@ -109,6 +110,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) { .Digest(Digest::SHA_2_256) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), Loading Loading @@ -139,6 +141,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) { .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), Loading Loading @@ -197,6 +200,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) { .Digest(Digest::SHA_2_256) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), Loading Loading @@ -264,6 +268,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) { .Digest(Digest::SHA_2_256) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION); Loading Loading @@ -336,6 +341,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) { .Digest(Digest::SHA_2_256) .Authorization(TAG_INCLUDE_UNIQUE_ID) .Authorization(TAG_CREATION_DATETIME, 1619621648000) .SetDefaultValidity() .AttestationChallenge("challenge") .AttestationApplicationId("foo") .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION); Loading
security/keymint/aidl/vts/functional/KeyMintTest.cpp +60 −0 Original line number Diff line number Diff line Loading @@ -1017,6 +1017,37 @@ TEST_P(NewKeyGenerationTest, Rsa) { } } /* * NewKeyGenerationTest.RsaWithMissingValidity * * Verifies that keymint returns an error while generating asymmetric key * without providing NOT_BEFORE and NOT_AFTER parameters. */ TEST_P(NewKeyGenerationTest, RsaWithMissingValidity) { // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to // GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970. constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000; vector<uint8_t> key_blob; vector<KeyCharacteristics> key_characteristics; ASSERT_EQ(ErrorCode::MISSING_NOT_BEFORE, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_CERTIFICATE_NOT_AFTER, kUndefinedExpirationDateTime), &key_blob, &key_characteristics)); ASSERT_EQ(ErrorCode::MISSING_NOT_AFTER, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0), &key_blob, &key_characteristics)); } /* * NewKeyGenerationTest.RsaWithAttestation * Loading Loading @@ -1597,6 +1628,35 @@ TEST_P(NewKeyGenerationTest, EcdsaCurve25519MultiPurposeFail) { ASSERT_EQ(result, ErrorCode::INCOMPATIBLE_PURPOSE); } /* * NewKeyGenerationTest.EcdsaWithMissingValidity * * Verifies that keymint returns an error while generating asymmetric key * without providing NOT_BEFORE and NOT_AFTER parameters. */ TEST_P(NewKeyGenerationTest, EcdsaWithMissingValidity) { // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to // GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970. constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000; vector<uint8_t> key_blob; vector<KeyCharacteristics> key_characteristics; ASSERT_EQ(ErrorCode::MISSING_NOT_BEFORE, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Digest(Digest::NONE) .Authorization(TAG_CERTIFICATE_NOT_AFTER, kUndefinedExpirationDateTime), &key_blob, &key_characteristics)); ASSERT_EQ(ErrorCode::MISSING_NOT_AFTER, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Digest(Digest::NONE) .Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0), &key_blob, &key_characteristics)); } /* * NewKeyGenerationTest.EcdsaAttestation * Loading
