Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b06defea authored by David Drysdale's avatar David Drysdale Committed by Automerger Merge Worker
Browse files

Merge "Test specifying CERTIFICATE_NOT_{BEFORE,AFTER}" am: a2f63439 am: 4b6c4784 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2509815



Change-Id: I7d355050138b79c94184740ef664e7e393e80ff2
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 27740026 4b6c4784

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+37 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ 
#include <openssl/ec.h>

#include <openssl/evp.h>

#include <openssl/mem.h>

#include <openssl/x509.h>

#include <openssl/x509v3.h>



#include <cutils/properties.h>
@@ -1058,6 +1059,42 @@ TEST_P(NewKeyGenerationTest, RsaWithMissingValidity) { 
                          &key_blob, &key_characteristics));

}



/*

 * NewKeyGenerationTest.RsaWithSpecifiedValidity

 *

 * Verifies that KeyMint respects specified NOT_BEFORE and NOT_AFTER certificate dates.

 */

TEST_P(NewKeyGenerationTest, RsaWithSpecifiedValidity) {

    vector<uint8_t> key_blob;

    vector<KeyCharacteristics> key_characteristics;

    ASSERT_EQ(ErrorCode::OK,

              GenerateKey(AuthorizationSetBuilder()

                                  .RsaSigningKey(2048, 65537)

                                  .Digest(Digest::NONE)

                                  .Padding(PaddingMode::NONE)

                                  .Authorization(TAG_CERTIFICATE_NOT_BEFORE,

                                                 1183806000000 /* 2007-07-07T11:00:00Z */)

                                  .Authorization(TAG_CERTIFICATE_NOT_AFTER,

                                                 1916049600000 /* 2030-09-19T12:00:00Z */),

                          &key_blob, &key_characteristics));

    ASSERT_GT(cert_chain_.size(), 0);



    X509_Ptr cert(parse_cert_blob(cert_chain_[0].encodedCertificate));

    ASSERT_TRUE(!!cert.get());



    const ASN1_TIME* not_before = X509_get0_notBefore(cert.get());

    ASSERT_NE(not_before, nullptr);

    time_t not_before_time;

    ASSERT_EQ(ASN1_TIME_to_time_t(not_before, &not_before_time), 1);

    EXPECT_EQ(not_before_time, 1183806000);



    const ASN1_TIME* not_after = X509_get0_notAfter(cert.get());

    ASSERT_NE(not_after, nullptr);

    time_t not_after_time;

    ASSERT_EQ(ASN1_TIME_to_time_t(not_after, &not_after_time), 1);

    EXPECT_EQ(not_after_time, 1916049600);

}



/*

 * NewKeyGenerationTest.RsaWithAttestation

 *