Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +39 −30 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ #pragma once #include <functional> #include <string_view> #include <aidl/Gtest.h> Loading Loading @@ -206,50 +207,58 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { template <typename TagType> std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */, KeyData /* ecdsaKey */> CreateTestKeys(TagType tagToTest, ErrorCode expectedReturn) { CreateTestKeys( TagType tagToTest, ErrorCode expectedReturn, std::function<void(AuthorizationSetBuilder*)> tagModifier = [](AuthorizationSetBuilder*) {}) { /* AES */ KeyData aesKeyData; ErrorCode errorCode = GenerateKey(AuthorizationSetBuilder() AuthorizationSetBuilder aesBuilder = AuthorizationSetBuilder() .AesEncryptionKey(128) .Authorization(tagToTest) .BlockMode(BlockMode::ECB) .Padding(PaddingMode::NONE) .Authorization(TAG_NO_AUTH_REQUIRED), &aesKeyData.blob, &aesKeyData.characteristics); .Authorization(TAG_NO_AUTH_REQUIRED); tagModifier(&aesBuilder); ErrorCode errorCode = GenerateKey(aesBuilder, &aesKeyData.blob, &aesKeyData.characteristics); EXPECT_EQ(expectedReturn, errorCode); /* HMAC */ KeyData hmacKeyData; errorCode = GenerateKey(AuthorizationSetBuilder() AuthorizationSetBuilder hmacBuilder = AuthorizationSetBuilder() .HmacKey(128) .Authorization(tagToTest) .Digest(Digest::SHA_2_256) .Authorization(TAG_MIN_MAC_LENGTH, 128) .Authorization(TAG_NO_AUTH_REQUIRED), &hmacKeyData.blob, &hmacKeyData.characteristics); .Authorization(TAG_NO_AUTH_REQUIRED); tagModifier(&hmacBuilder); errorCode = GenerateKey(hmacBuilder, &hmacKeyData.blob, &hmacKeyData.characteristics); EXPECT_EQ(expectedReturn, errorCode); /* RSA */ KeyData rsaKeyData; errorCode = GenerateKey(AuthorizationSetBuilder() AuthorizationSetBuilder rsaBuilder = AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Authorization(tagToTest) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) .SetDefaultValidity(), &rsaKeyData.blob, &rsaKeyData.characteristics); .SetDefaultValidity(); tagModifier(&rsaBuilder); errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics); EXPECT_EQ(expectedReturn, errorCode); /* ECDSA */ KeyData ecdsaKeyData; errorCode = GenerateKey(AuthorizationSetBuilder() AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder() .EcdsaSigningKey(256) .Authorization(tagToTest) .Digest(Digest::SHA_2_256) .Authorization(TAG_NO_AUTH_REQUIRED) .SetDefaultValidity(), &ecdsaKeyData.blob, &ecdsaKeyData.characteristics); .SetDefaultValidity(); tagModifier(&ecdsaBuilder); errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics); EXPECT_EQ(expectedReturn, errorCode); return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}; } Loading security/keymint/aidl/vts/functional/KeyMintTest.cpp +29 −1 Original line number Diff line number Diff line Loading @@ -6355,6 +6355,34 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK); for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { ASSERT_GT(keyData.blob.size(), 0U); AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; } CheckedDeleteKey(&aesKeyData.blob); CheckedDeleteKey(&hmacKeyData.blob); CheckedDeleteKey(&rsaKeyData.blob); CheckedDeleteKey(&ecdsaKeyData.blob); } /* * EarlyBootKeyTest.CreateAttestedEarlyBootKey * * Verifies that creating an early boot key with attestation succeeds. */ TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) { auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys( TAG_EARLY_BOOT_ONLY, ErrorCode::OK, [](AuthorizationSetBuilder* builder) { builder->AttestationChallenge("challenge"); builder->AttestationApplicationId("app_id"); }); for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { ASSERT_GT(keyData.blob.size(), 0U); AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; } CheckedDeleteKey(&aesKeyData.blob); CheckedDeleteKey(&hmacKeyData.blob); CheckedDeleteKey(&rsaKeyData.blob); Loading @@ -6362,7 +6390,7 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { } /* * EarlyBootKeyTest.UsetEarlyBootKeyFailure * EarlyBootKeyTest.UseEarlyBootKeyFailure * * Verifies that using early boot keys at a later stage fails. */ Loading Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +39 −30 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ #pragma once #include <functional> #include <string_view> #include <aidl/Gtest.h> Loading Loading @@ -206,50 +207,58 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { template <typename TagType> std::tuple<KeyData /* aesKey */, KeyData /* hmacKey */, KeyData /* rsaKey */, KeyData /* ecdsaKey */> CreateTestKeys(TagType tagToTest, ErrorCode expectedReturn) { CreateTestKeys( TagType tagToTest, ErrorCode expectedReturn, std::function<void(AuthorizationSetBuilder*)> tagModifier = [](AuthorizationSetBuilder*) {}) { /* AES */ KeyData aesKeyData; ErrorCode errorCode = GenerateKey(AuthorizationSetBuilder() AuthorizationSetBuilder aesBuilder = AuthorizationSetBuilder() .AesEncryptionKey(128) .Authorization(tagToTest) .BlockMode(BlockMode::ECB) .Padding(PaddingMode::NONE) .Authorization(TAG_NO_AUTH_REQUIRED), &aesKeyData.blob, &aesKeyData.characteristics); .Authorization(TAG_NO_AUTH_REQUIRED); tagModifier(&aesBuilder); ErrorCode errorCode = GenerateKey(aesBuilder, &aesKeyData.blob, &aesKeyData.characteristics); EXPECT_EQ(expectedReturn, errorCode); /* HMAC */ KeyData hmacKeyData; errorCode = GenerateKey(AuthorizationSetBuilder() AuthorizationSetBuilder hmacBuilder = AuthorizationSetBuilder() .HmacKey(128) .Authorization(tagToTest) .Digest(Digest::SHA_2_256) .Authorization(TAG_MIN_MAC_LENGTH, 128) .Authorization(TAG_NO_AUTH_REQUIRED), &hmacKeyData.blob, &hmacKeyData.characteristics); .Authorization(TAG_NO_AUTH_REQUIRED); tagModifier(&hmacBuilder); errorCode = GenerateKey(hmacBuilder, &hmacKeyData.blob, &hmacKeyData.characteristics); EXPECT_EQ(expectedReturn, errorCode); /* RSA */ KeyData rsaKeyData; errorCode = GenerateKey(AuthorizationSetBuilder() AuthorizationSetBuilder rsaBuilder = AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Authorization(tagToTest) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Authorization(TAG_NO_AUTH_REQUIRED) .SetDefaultValidity(), &rsaKeyData.blob, &rsaKeyData.characteristics); .SetDefaultValidity(); tagModifier(&rsaBuilder); errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics); EXPECT_EQ(expectedReturn, errorCode); /* ECDSA */ KeyData ecdsaKeyData; errorCode = GenerateKey(AuthorizationSetBuilder() AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder() .EcdsaSigningKey(256) .Authorization(tagToTest) .Digest(Digest::SHA_2_256) .Authorization(TAG_NO_AUTH_REQUIRED) .SetDefaultValidity(), &ecdsaKeyData.blob, &ecdsaKeyData.characteristics); .SetDefaultValidity(); tagModifier(&ecdsaBuilder); errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics); EXPECT_EQ(expectedReturn, errorCode); return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}; } Loading
security/keymint/aidl/vts/functional/KeyMintTest.cpp +29 −1 Original line number Diff line number Diff line Loading @@ -6355,6 +6355,34 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK); for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { ASSERT_GT(keyData.blob.size(), 0U); AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; } CheckedDeleteKey(&aesKeyData.blob); CheckedDeleteKey(&hmacKeyData.blob); CheckedDeleteKey(&rsaKeyData.blob); CheckedDeleteKey(&ecdsaKeyData.blob); } /* * EarlyBootKeyTest.CreateAttestedEarlyBootKey * * Verifies that creating an early boot key with attestation succeeds. */ TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) { auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] = CreateTestKeys( TAG_EARLY_BOOT_ONLY, ErrorCode::OK, [](AuthorizationSetBuilder* builder) { builder->AttestationChallenge("challenge"); builder->AttestationApplicationId("app_id"); }); for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { ASSERT_GT(keyData.blob.size(), 0U); AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; } CheckedDeleteKey(&aesKeyData.blob); CheckedDeleteKey(&hmacKeyData.blob); CheckedDeleteKey(&rsaKeyData.blob); Loading @@ -6362,7 +6390,7 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { } /* * EarlyBootKeyTest.UsetEarlyBootKeyFailure * EarlyBootKeyTest.UseEarlyBootKeyFailure * * Verifies that using early boot keys at a later stage fails. */ Loading
