Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e26fab78 authored by David Drysdale's avatar David Drysdale
Browse files

KeyMint VTS: extra unique ID test 

Test that specifying RESET_SINCE_ID_ROTATION results in a different
unique ID value.

Test: VtsAidlKeyMintTargetTest
Bug: 202487002
Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
parent 2f361c15

security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp

+24 −16
Original line number Diff line number Diff line
@@ -76,6 +76,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) { 
                                      .Digest(Digest::SHA_2_256)

                                      .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)

                                      .Authorization(TAG_INCLUDE_UNIQUE_ID)

                                      .Authorization(TAG_CREATION_DATETIME, 1619621648000)

                                      .AttestationChallenge("challenge")

                                      .AttestationApplicationId("foo")

                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -102,6 +103,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) { 
                                      .EcdsaSigningKey(EcCurve::P_256)

                                      .Digest(Digest::SHA_2_256)

                                      .Authorization(TAG_INCLUDE_UNIQUE_ID)

                                      .Authorization(TAG_CREATION_DATETIME, 1619621648000)

                                      .AttestationChallenge("challenge")

                                      .AttestationApplicationId("foo")

                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -129,6 +131,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) { 
                                      .Digest(Digest::SHA_2_256)

                                      .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)

                                      .Authorization(TAG_INCLUDE_UNIQUE_ID)

                                      .Authorization(TAG_CREATION_DATETIME, 1619621648000)

                                      .AttestationChallenge("challenge")

                                      .AttestationApplicationId("foo")

                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -184,6 +187,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) { 
                                      .EcdsaSigningKey(EcCurve::P_256)

                                      .Digest(Digest::SHA_2_256)

                                      .Authorization(TAG_INCLUDE_UNIQUE_ID)

                                      .Authorization(TAG_CREATION_DATETIME, 1619621648000)

                                      .AttestationChallenge("challenge")

                                      .AttestationApplicationId("foo")

                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
@@ -242,11 +246,13 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) { 


    for (const KeyParameter& tag : attestation_id_tags) {

        SCOPED_TRACE(testing::Message() << "+tag-" << tag);

        AuthorizationSetBuilder builder = AuthorizationSetBuilder()

        AuthorizationSetBuilder builder =

                AuthorizationSetBuilder()

                        .Authorization(TAG_NO_AUTH_REQUIRED)

                        .EcdsaSigningKey(EcCurve::P_256)

                        .Digest(Digest::SHA_2_256)

                        .Authorization(TAG_INCLUDE_UNIQUE_ID)

                        .Authorization(TAG_CREATION_DATETIME, 1619621648000)

                        .AttestationChallenge("challenge")

                        .AttestationApplicationId("foo")

                        .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);
@@ -310,11 +316,13 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) { 


    for (const KeyParameter& invalid_tag : attestation_id_tags) {

        SCOPED_TRACE(testing::Message() << "+tag-" << invalid_tag);

        AuthorizationSetBuilder builder = AuthorizationSetBuilder()

        AuthorizationSetBuilder builder =

                AuthorizationSetBuilder()

                        .Authorization(TAG_NO_AUTH_REQUIRED)

                        .EcdsaSigningKey(EcCurve::P_256)

                        .Digest(Digest::SHA_2_256)

                        .Authorization(TAG_INCLUDE_UNIQUE_ID)

                        .Authorization(TAG_CREATION_DATETIME, 1619621648000)

                        .AttestationChallenge("challenge")

                        .AttestationApplicationId("foo")

                        .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION);

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+10 −2
Original line number Diff line number Diff line
@@ -1556,13 +1556,13 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { 
 */

TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) {

    auto get_unique_id = [this](const std::string& app_id, uint64_t datetime,

                                vector<uint8_t>* unique_id) {

                                vector<uint8_t>* unique_id, bool reset = false) {

        auto challenge = "hello";

        auto subject = "cert subj 2";

        vector<uint8_t> subject_der(make_name_from_str(subject));

        uint64_t serial_int = 0x1010;

        vector<uint8_t> serial_blob(build_serial_blob(serial_int));

        const AuthorizationSetBuilder builder =

        AuthorizationSetBuilder builder =

                AuthorizationSetBuilder()

                        .Authorization(TAG_NO_AUTH_REQUIRED)

                        .Authorization(TAG_INCLUDE_UNIQUE_ID)
@@ -1574,6 +1574,9 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
                        .AttestationApplicationId(app_id)

                        .Authorization(TAG_CREATION_DATETIME, datetime)

                        .SetDefaultValidity();

        if (reset) {

            builder.Authorization(TAG_RESET_SINCE_ID_ROTATION);

        }



        ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));

        ASSERT_GT(key_blob_.size(), 0U);
@@ -1635,6 +1638,11 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
    vector<uint8_t> unique_id8;

    get_unique_id(app_id, min_date - 1, &unique_id8);

    EXPECT_NE(unique_id, unique_id8);



    // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.

    vector<uint8_t> unique_id9;

    get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);

    EXPECT_NE(unique_id, unique_id9);

}



/*