Merge "Remove creation time checks." am: 0184f1836d am: 58a95666eb am: 0804118fd5
Change-Id: Idb23e003f85002890d423c4e79329990bf8cb3af
This commit is contained in:
Automerger Merge Worker
commit
c6f6cc6240
3 changed files with 4 additions and 64 deletions
|
|
@ -201,22 +201,6 @@ void KeymasterHidlTest::CheckedDeleteKey() {
|
|||
CheckedDeleteKey(&key_blob_);
|
||||
}
|
||||
|
||||
void KeymasterHidlTest::CheckCreationDateTime(
|
||||
const AuthorizationSet& sw_enforced,
|
||||
std::chrono::time_point<std::chrono::system_clock> creation) {
|
||||
for (int i = 0; i < sw_enforced.size(); i++) {
|
||||
if (sw_enforced[i].tag == TAG_CREATION_DATETIME) {
|
||||
std::chrono::time_point<std::chrono::system_clock> now =
|
||||
std::chrono::system_clock::now();
|
||||
std::chrono::time_point<std::chrono::system_clock> reported_time{
|
||||
std::chrono::milliseconds(sw_enforced[i].f.dateTime)};
|
||||
// The test is flaky for EC keys, so a buffer time of 120 seconds will be added.
|
||||
EXPECT_LE(creation - std::chrono::seconds(120), reported_time);
|
||||
EXPECT_LE(reported_time, now + std::chrono::seconds(1));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
|
||||
const HidlBuf& app_data,
|
||||
KeyCharacteristics* key_characteristics) {
|
||||
|
|
|
|||
|
|
@ -113,9 +113,6 @@ class KeymasterHidlTest : public ::testing::TestWithParam<std::string> {
|
|||
void CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob = false);
|
||||
void CheckedDeleteKey();
|
||||
|
||||
static void CheckCreationDateTime(const AuthorizationSet& sw_enforced,
|
||||
std::chrono::time_point<std::chrono::system_clock> creation);
|
||||
|
||||
void CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
|
||||
const HidlBuf& app_data, KeyCharacteristics* key_characteristics);
|
||||
ErrorCode GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
|
||||
|
|
|
|||
|
|
@ -320,8 +320,7 @@ bool avb_verification_enabled() {
|
|||
bool verify_attestation_record(const string& challenge, const string& app_id,
|
||||
AuthorizationSet expected_sw_enforced,
|
||||
AuthorizationSet expected_hw_enforced, SecurityLevel security_level,
|
||||
const hidl_vec<uint8_t>& attestation_cert,
|
||||
std::chrono::time_point<std::chrono::system_clock> creation_time) {
|
||||
const hidl_vec<uint8_t>& attestation_cert) {
|
||||
X509_Ptr cert(parse_cert_blob(attestation_cert));
|
||||
EXPECT_TRUE(!!cert.get());
|
||||
if (!cert.get()) return false;
|
||||
|
|
@ -405,8 +404,6 @@ bool verify_attestation_record(const string& challenge, const string& app_id,
|
|||
EXPECT_FALSE(expected_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED));
|
||||
EXPECT_FALSE(att_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED));
|
||||
|
||||
KeymasterHidlTest::CheckCreationDateTime(att_sw_enforced, creation_time);
|
||||
|
||||
if (att_hw_enforced.Contains(TAG_ALGORITHM, Algorithm::EC)) {
|
||||
// For ECDSA keys, either an EC_CURVE or a KEY_SIZE can be specified, but one must be.
|
||||
EXPECT_TRUE(att_hw_enforced.Contains(TAG_EC_CURVE) ||
|
||||
|
|
@ -558,24 +555,6 @@ TEST_P(NewKeyGenerationTest, Rsa) {
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* NewKeyGenerationTest.RsaCheckCreationDateTime
|
||||
*
|
||||
* Verifies that creation date time is correct.
|
||||
*/
|
||||
TEST_P(NewKeyGenerationTest, RsaCheckCreationDateTime) {
|
||||
KeyCharacteristics key_characteristics;
|
||||
auto creation_time = std::chrono::system_clock::now();
|
||||
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
|
||||
.Authorization(TAG_NO_AUTH_REQUIRED)
|
||||
.RsaSigningKey(2048, 3)
|
||||
.Digest(Digest::NONE)
|
||||
.Padding(PaddingMode::NONE)));
|
||||
GetCharacteristics(key_blob_, &key_characteristics);
|
||||
AuthorizationSet sw_enforced = key_characteristics.softwareEnforced;
|
||||
CheckCreationDateTime(sw_enforced, creation_time);
|
||||
}
|
||||
|
||||
/*
|
||||
* NewKeyGenerationTest.NoInvalidRsaSizes
|
||||
*
|
||||
|
|
@ -640,23 +619,6 @@ TEST_P(NewKeyGenerationTest, Ecdsa) {
|
|||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* NewKeyGenerationTest.EcCheckCreationDateTime
|
||||
*
|
||||
* Verifies that creation date time is correct.
|
||||
*/
|
||||
TEST_P(NewKeyGenerationTest, EcCheckCreationDateTime) {
|
||||
KeyCharacteristics key_characteristics;
|
||||
auto creation_time = std::chrono::system_clock::now();
|
||||
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
|
||||
.Authorization(TAG_NO_AUTH_REQUIRED)
|
||||
.EcdsaSigningKey(256)
|
||||
.Digest(Digest::NONE)));
|
||||
GetCharacteristics(key_blob_, &key_characteristics);
|
||||
AuthorizationSet sw_enforced = key_characteristics.softwareEnforced;
|
||||
CheckCreationDateTime(sw_enforced, creation_time);
|
||||
}
|
||||
|
||||
/*
|
||||
* NewKeyGenerationTest.EcdsaDefaultSize
|
||||
*
|
||||
|
|
@ -4238,7 +4200,6 @@ typedef KeymasterHidlTest AttestationTest;
|
|||
* Verifies that attesting to RSA keys works and generates the expected output.
|
||||
*/
|
||||
TEST_P(AttestationTest, RsaAttestation) {
|
||||
auto creation_time = std::chrono::system_clock::now();
|
||||
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
|
||||
.Authorization(TAG_NO_AUTH_REQUIRED)
|
||||
.RsaSigningKey(2048, 65537)
|
||||
|
|
@ -4263,7 +4224,7 @@ TEST_P(AttestationTest, RsaAttestation) {
|
|||
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
|
||||
key_characteristics_.softwareEnforced, //
|
||||
key_characteristics_.hardwareEnforced, //
|
||||
SecLevel(), cert_chain[0], creation_time));
|
||||
SecLevel(), cert_chain[0]));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -4292,7 +4253,6 @@ TEST_P(AttestationTest, RsaAttestationRequiresAppId) {
|
|||
* Verifies that attesting to EC keys works and generates the expected output.
|
||||
*/
|
||||
TEST_P(AttestationTest, EcAttestation) {
|
||||
auto creation_time = std::chrono::system_clock::now();
|
||||
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
|
||||
.Authorization(TAG_NO_AUTH_REQUIRED)
|
||||
.EcdsaSigningKey(EcCurve::P_256)
|
||||
|
|
@ -4314,7 +4274,7 @@ TEST_P(AttestationTest, EcAttestation) {
|
|||
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
|
||||
key_characteristics_.softwareEnforced, //
|
||||
key_characteristics_.hardwareEnforced, //
|
||||
SecLevel(), cert_chain[0], creation_time));
|
||||
SecLevel(), cert_chain[0]));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -4347,7 +4307,6 @@ TEST_P(AttestationTest, EcAttestationRequiresAttestationAppId) {
|
|||
TEST_P(AttestationTest, AttestationApplicationIDLengthProperlyEncoded) {
|
||||
std::vector<uint32_t> app_id_lengths{143, 258};
|
||||
for (uint32_t length : app_id_lengths) {
|
||||
auto creation_time = std::chrono::system_clock::now();
|
||||
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
|
||||
.Authorization(TAG_NO_AUTH_REQUIRED)
|
||||
.EcdsaSigningKey(EcCurve::P_256)
|
||||
|
|
@ -4365,7 +4324,7 @@ TEST_P(AttestationTest, AttestationApplicationIDLengthProperlyEncoded) {
|
|||
EXPECT_TRUE(verify_attestation_record("challenge", app_id, //
|
||||
key_characteristics_.softwareEnforced, //
|
||||
key_characteristics_.hardwareEnforced, //
|
||||
SecLevel(), cert_chain[0], creation_time));
|
||||
SecLevel(), cert_chain[0]));
|
||||
CheckedDeleteKey();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue