Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e26fab78 authored by David Drysdale's avatar David Drysdale
Browse files

KeyMint VTS: extra unique ID test

Test that specifying RESET_SINCE_ID_ROTATION results in a different
unique ID value.

Test: VtsAidlKeyMintTargetTest
Bug: 202487002
Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
parent 2f361c15
Loading
Loading
Loading
Loading
+24 −16
Original line number Diff line number Diff line
@@ -76,6 +76,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) {
                                      .Digest(Digest::SHA_2_256)
                                      .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
                                      .Authorization(TAG_INCLUDE_UNIQUE_ID)
                                      .Authorization(TAG_CREATION_DATETIME, 1619621648000)
                                      .AttestationChallenge("challenge")
                                      .AttestationApplicationId("foo")
                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -102,6 +103,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) {
                                      .EcdsaSigningKey(EcCurve::P_256)
                                      .Digest(Digest::SHA_2_256)
                                      .Authorization(TAG_INCLUDE_UNIQUE_ID)
                                      .Authorization(TAG_CREATION_DATETIME, 1619621648000)
                                      .AttestationChallenge("challenge")
                                      .AttestationApplicationId("foo")
                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -129,6 +131,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) {
                                      .Digest(Digest::SHA_2_256)
                                      .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
                                      .Authorization(TAG_INCLUDE_UNIQUE_ID)
                                      .Authorization(TAG_CREATION_DATETIME, 1619621648000)
                                      .AttestationChallenge("challenge")
                                      .AttestationApplicationId("foo")
                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -184,6 +187,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) {
                                      .EcdsaSigningKey(EcCurve::P_256)
                                      .Digest(Digest::SHA_2_256)
                                      .Authorization(TAG_INCLUDE_UNIQUE_ID)
                                      .Authorization(TAG_CREATION_DATETIME, 1619621648000)
                                      .AttestationChallenge("challenge")
                                      .AttestationApplicationId("foo")
                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -242,11 +246,13 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) {

    for (const KeyParameter& tag : attestation_id_tags) {
        SCOPED_TRACE(testing::Message() << "+tag-" << tag);
        AuthorizationSetBuilder builder = AuthorizationSetBuilder()
        AuthorizationSetBuilder builder =
                AuthorizationSetBuilder()
                        .Authorization(TAG_NO_AUTH_REQUIRED)
                        .EcdsaSigningKey(EcCurve::P_256)
                        .Digest(Digest::SHA_2_256)
                        .Authorization(TAG_INCLUDE_UNIQUE_ID)
                        .Authorization(TAG_CREATION_DATETIME, 1619621648000)
                        .AttestationChallenge("challenge")
                        .AttestationApplicationId("foo")
                        .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);
@@ -310,11 +316,13 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) {

    for (const KeyParameter& invalid_tag : attestation_id_tags) {
        SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);
        AuthorizationSetBuilder builder = AuthorizationSetBuilder()
        AuthorizationSetBuilder builder =
                AuthorizationSetBuilder()
                        .Authorization(TAG_NO_AUTH_REQUIRED)
                        .EcdsaSigningKey(EcCurve::P_256)
                        .Digest(Digest::SHA_2_256)
                        .Authorization(TAG_INCLUDE_UNIQUE_ID)
                        .Authorization(TAG_CREATION_DATETIME, 1619621648000)
                        .AttestationChallenge("challenge")
                        .AttestationApplicationId("foo")
                        .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);
+10 −2
Original line number Diff line number Diff line
@@ -1556,13 +1556,13 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) {
 */
TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) {
    auto get_unique_id = [this](const std::string& app_id, uint64_t datetime,
                                vector<uint8_t>* unique_id) {
                                vector<uint8_t>* unique_id, bool reset = false) {
        auto challenge = "hello";
        auto subject = "cert subj 2";
        vector<uint8_t> subject_der(make_name_from_str(subject));
        uint64_t serial_int = 0x1010;
        vector<uint8_t> serial_blob(build_serial_blob(serial_int));
        const AuthorizationSetBuilder builder =
        AuthorizationSetBuilder builder =
                AuthorizationSetBuilder()
                        .Authorization(TAG_NO_AUTH_REQUIRED)
                        .Authorization(TAG_INCLUDE_UNIQUE_ID)
@@ -1574,6 +1574,9 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) {
                        .AttestationApplicationId(app_id)
                        .Authorization(TAG_CREATION_DATETIME, datetime)
                        .SetDefaultValidity();
        if (reset) {
            builder.Authorization(TAG_RESET_SINCE_ID_ROTATION);
        }

        ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));
        ASSERT_GT(key_blob_.size(), 0U);
@@ -1635,6 +1638,11 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) {
    vector<uint8_t> unique_id8;
    get_unique_id(app_id, min_date - 1, &unique_id8);
    EXPECT_NE(unique_id, unique_id8);

    // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.
    vector<uint8_t> unique_id9;
    get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);
    EXPECT_NE(unique_id, unique_id9);
}

/*