diff options
Diffstat (limited to 'keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp')
| -rw-r--r-- | keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp index e7b222a1..6abd9bf2 100644 --- a/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp +++ b/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp | |||
| @@ -898,13 +898,20 @@ class KeymasterHidlTest : public ::testing::VtsHalHidlTargetTestBase { | |||
| 898 | } | 898 | } |
| 899 | } | 899 | } |
| 900 | 900 | ||
| 901 | void CheckOrigin() { | 901 | void CheckOrigin(bool asymmetric = false) { |
| 902 | SCOPED_TRACE("CheckOrigin"); | 902 | SCOPED_TRACE("CheckOrigin"); |
| 903 | if (is_secure_ && supports_symmetric_) { | 903 | if (is_secure_ && supports_symmetric_) { |
| 904 | EXPECT_TRUE( | 904 | EXPECT_TRUE( |
| 905 | contains(key_characteristics_.teeEnforced, TAG_ORIGIN, KeyOrigin::IMPORTED)); | 905 | contains(key_characteristics_.teeEnforced, TAG_ORIGIN, KeyOrigin::IMPORTED)); |
| 906 | } else if (is_secure_) { | 906 | } else if (is_secure_) { |
| 907 | EXPECT_TRUE(contains(key_characteristics_.teeEnforced, TAG_ORIGIN, KeyOrigin::UNKNOWN)); | 907 | // wrapped KM0 |
| 908 | if (asymmetric) { | ||
| 909 | EXPECT_TRUE( | ||
| 910 | contains(key_characteristics_.teeEnforced, TAG_ORIGIN, KeyOrigin::UNKNOWN)); | ||
| 911 | } else { | ||
| 912 | EXPECT_TRUE(contains(key_characteristics_.softwareEnforced, TAG_ORIGIN, | ||
| 913 | KeyOrigin::IMPORTED)); | ||
| 914 | } | ||
| 908 | } else { | 915 | } else { |
| 909 | EXPECT_TRUE( | 916 | EXPECT_TRUE( |
| 910 | contains(key_characteristics_.softwareEnforced, TAG_ORIGIN, KeyOrigin::IMPORTED)); | 917 | contains(key_characteristics_.softwareEnforced, TAG_ORIGIN, KeyOrigin::IMPORTED)); |
| @@ -993,8 +1000,8 @@ bool verify_attestation_record(const string& challenge, const string& app_id, | |||
| 993 | HidlBuf(app_id)); | 1000 | HidlBuf(app_id)); |
| 994 | 1001 | ||
| 995 | if (!KeymasterHidlTest::IsSecure()) { | 1002 | if (!KeymasterHidlTest::IsSecure()) { |
| 996 | // SW is KM2 | 1003 | // SW is KM3 |
| 997 | EXPECT_EQ(att_keymaster_version, 2U); | 1004 | EXPECT_EQ(att_keymaster_version, 3U); |
| 998 | } | 1005 | } |
| 999 | 1006 | ||
| 1000 | if (KeymasterHidlTest::SupportsSymmetric()) { | 1007 | if (KeymasterHidlTest::SupportsSymmetric()) { |
| @@ -1059,13 +1066,17 @@ TEST_F(KeymasterVersionTest, SensibleFeatures) { | |||
| 1059 | 1066 | ||
| 1060 | class NewKeyGenerationTest : public KeymasterHidlTest { | 1067 | class NewKeyGenerationTest : public KeymasterHidlTest { |
| 1061 | protected: | 1068 | protected: |
| 1062 | void CheckBaseParams(const KeyCharacteristics& keyCharacteristics) { | 1069 | void CheckBaseParams(const KeyCharacteristics& keyCharacteristics, bool asymmetric = false) { |
| 1063 | // TODO(swillden): Distinguish which params should be in which auth list. | 1070 | // TODO(swillden): Distinguish which params should be in which auth list. |
| 1064 | 1071 | ||
| 1065 | AuthorizationSet auths(keyCharacteristics.teeEnforced); | 1072 | AuthorizationSet auths(keyCharacteristics.teeEnforced); |
| 1066 | auths.push_back(AuthorizationSet(keyCharacteristics.softwareEnforced)); | 1073 | auths.push_back(AuthorizationSet(keyCharacteristics.softwareEnforced)); |
| 1067 | 1074 | ||
| 1068 | EXPECT_TRUE(auths.Contains(TAG_ORIGIN, KeyOrigin::GENERATED)); | 1075 | if (!SupportsSymmetric() && asymmetric) { |
| 1076 | EXPECT_TRUE(auths.Contains(TAG_ORIGIN, KeyOrigin::UNKNOWN)); | ||
| 1077 | } else { | ||
| 1078 | EXPECT_TRUE(auths.Contains(TAG_ORIGIN, KeyOrigin::GENERATED)); | ||
| 1079 | } | ||
| 1069 | 1080 | ||
| 1070 | EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN)); | 1081 | EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN)); |
| 1071 | EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::VERIFY)); | 1082 | EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::VERIFY)); |
| @@ -1114,7 +1125,7 @@ TEST_F(NewKeyGenerationTest, Rsa) { | |||
| 1114 | &key_blob, &key_characteristics)); | 1125 | &key_blob, &key_characteristics)); |
| 1115 | 1126 | ||
| 1116 | ASSERT_GT(key_blob.size(), 0U); | 1127 | ASSERT_GT(key_blob.size(), 0U); |
| 1117 | CheckBaseParams(key_characteristics); | 1128 | CheckBaseParams(key_characteristics, true /* asymmetric */); |
| 1118 | 1129 | ||
| 1119 | AuthorizationSet crypto_params; | 1130 | AuthorizationSet crypto_params; |
| 1120 | if (IsSecure()) { | 1131 | if (IsSecure()) { |
| @@ -1160,7 +1171,7 @@ TEST_F(NewKeyGenerationTest, Ecdsa) { | |||
| 1160 | .Authorizations(UserAuths()), | 1171 | .Authorizations(UserAuths()), |
| 1161 | &key_blob, &key_characteristics)); | 1172 | &key_blob, &key_characteristics)); |
| 1162 | ASSERT_GT(key_blob.size(), 0U); | 1173 | ASSERT_GT(key_blob.size(), 0U); |
| 1163 | CheckBaseParams(key_characteristics); | 1174 | CheckBaseParams(key_characteristics, true /* asymmetric */); |
| 1164 | 1175 | ||
| 1165 | AuthorizationSet crypto_params; | 1176 | AuthorizationSet crypto_params; |
| 1166 | if (IsSecure()) { | 1177 | if (IsSecure()) { |
| @@ -1565,7 +1576,9 @@ TEST_F(SigningOperationsTest, RsaNoPaddingTooLong) { | |||
| 1565 | .Digest(Digest::NONE) | 1576 | .Digest(Digest::NONE) |
| 1566 | .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); | 1577 | .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); |
| 1567 | string result; | 1578 | string result; |
| 1568 | EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &result)); | 1579 | ErrorCode finish_error_code = Finish(message, &result); |
| 1580 | EXPECT_TRUE(finish_error_code == ErrorCode::INVALID_INPUT_LENGTH || | ||
| 1581 | finish_error_code == ErrorCode::INVALID_ARGUMENT); | ||
| 1569 | 1582 | ||
| 1570 | // Very large message that should exceed the transfer buffer size of any reasonable TEE. | 1583 | // Very large message that should exceed the transfer buffer size of any reasonable TEE. |
| 1571 | message = string(128 * 1024, 'a'); | 1584 | message = string(128 * 1024, 'a'); |
| @@ -1573,7 +1586,9 @@ TEST_F(SigningOperationsTest, RsaNoPaddingTooLong) { | |||
| 1573 | Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() | 1586 | Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() |
| 1574 | .Digest(Digest::NONE) | 1587 | .Digest(Digest::NONE) |
| 1575 | .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); | 1588 | .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); |
| 1576 | EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, Finish(message, &result)); | 1589 | finish_error_code = Finish(message, &result); |
| 1590 | EXPECT_TRUE(finish_error_code == ErrorCode::INVALID_INPUT_LENGTH || | ||
| 1591 | finish_error_code == ErrorCode::INVALID_ARGUMENT); | ||
| 1577 | } | 1592 | } |
| 1578 | 1593 | ||
| 1579 | /* | 1594 | /* |
| @@ -2279,8 +2294,7 @@ TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) { | |||
| 2279 | * Verifies that attempting to export RSA keys from corrupted key blobs fails. This is essentially | 2294 | * Verifies that attempting to export RSA keys from corrupted key blobs fails. This is essentially |
| 2280 | * a poor-man's key blob fuzzer. | 2295 | * a poor-man's key blob fuzzer. |
| 2281 | */ | 2296 | */ |
| 2282 | // Disabled due to b/33385206 | 2297 | TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) { |
| 2283 | TEST_F(ExportKeyTest, DISABLED_RsaCorruptedKeyBlob) { | ||
| 2284 | ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() | 2298 | ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() |
| 2285 | .Authorization(TAG_NO_AUTH_REQUIRED) | 2299 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 2286 | .RsaSigningKey(1024, 3) | 2300 | .RsaSigningKey(1024, 3) |
| @@ -2303,8 +2317,7 @@ TEST_F(ExportKeyTest, DISABLED_RsaCorruptedKeyBlob) { | |||
| 2303 | * Verifies that attempting to export ECDSA keys from corrupted key blobs fails. This is | 2317 | * Verifies that attempting to export ECDSA keys from corrupted key blobs fails. This is |
| 2304 | * essentially a poor-man's key blob fuzzer. | 2318 | * essentially a poor-man's key blob fuzzer. |
| 2305 | */ | 2319 | */ |
| 2306 | // Disabled due to b/33385206 | 2320 | TEST_F(ExportKeyTest, EcCorruptedKeyBlob) { |
| 2307 | TEST_F(ExportKeyTest, DISABLED_EcCorruptedKeyBlob) { | ||
| 2308 | ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() | 2321 | ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() |
| 2309 | .Authorization(TAG_NO_AUTH_REQUIRED) | 2322 | .Authorization(TAG_NO_AUTH_REQUIRED) |
| 2310 | .EcdsaSigningKey(EcCurve::P_256) | 2323 | .EcdsaSigningKey(EcCurve::P_256) |
| @@ -2357,7 +2370,7 @@ TEST_F(ImportKeyTest, RsaSuccess) { | |||
| 2357 | CheckKm0CryptoParam(TAG_RSA_PUBLIC_EXPONENT, 65537U); | 2370 | CheckKm0CryptoParam(TAG_RSA_PUBLIC_EXPONENT, 65537U); |
| 2358 | CheckKm1CryptoParam(TAG_DIGEST, Digest::SHA_2_256); | 2371 | CheckKm1CryptoParam(TAG_DIGEST, Digest::SHA_2_256); |
| 2359 | CheckKm1CryptoParam(TAG_PADDING, PaddingMode::RSA_PSS); | 2372 | CheckKm1CryptoParam(TAG_PADDING, PaddingMode::RSA_PSS); |
| 2360 | CheckOrigin(); | 2373 | CheckOrigin(true /* asymmetric */); |
| 2361 | 2374 | ||
| 2362 | string message(1024 / 8, 'a'); | 2375 | string message(1024 / 8, 'a'); |
| 2363 | auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_PSS); | 2376 | auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_PSS); |
| @@ -2413,7 +2426,7 @@ TEST_F(ImportKeyTest, EcdsaSuccess) { | |||
| 2413 | CheckKm1CryptoParam(TAG_DIGEST, Digest::SHA_2_256); | 2426 | CheckKm1CryptoParam(TAG_DIGEST, Digest::SHA_2_256); |
| 2414 | CheckKm2CryptoParam(TAG_EC_CURVE, EcCurve::P_256); | 2427 | CheckKm2CryptoParam(TAG_EC_CURVE, EcCurve::P_256); |
| 2415 | 2428 | ||
| 2416 | CheckOrigin(); | 2429 | CheckOrigin(true /* asymmetric */); |
| 2417 | 2430 | ||
| 2418 | string message(32, 'a'); | 2431 | string message(32, 'a'); |
| 2419 | auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); | 2432 | auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); |
| @@ -2439,7 +2452,7 @@ TEST_F(ImportKeyTest, Ecdsa521Success) { | |||
| 2439 | CheckKm1CryptoParam(TAG_DIGEST, Digest::SHA_2_256); | 2452 | CheckKm1CryptoParam(TAG_DIGEST, Digest::SHA_2_256); |
| 2440 | CheckKm2CryptoParam(TAG_EC_CURVE, EcCurve::P_521); | 2453 | CheckKm2CryptoParam(TAG_EC_CURVE, EcCurve::P_521); |
| 2441 | 2454 | ||
| 2442 | CheckOrigin(); | 2455 | CheckOrigin(true /* asymmetric */); |
| 2443 | 2456 | ||
| 2444 | string message(32, 'a'); | 2457 | string message(32, 'a'); |
| 2445 | auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); | 2458 | auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); |