tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "KeyMint VTS: use GTEST_SKIP for optional fn"

Browse source
This commit is contained in:
David Drysdale 2021-10-14 12:20:55 +00:00 committed by Gerrit Code Review
commit c8520ad895
2 changed files with 134 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
View file

@ -64,7 +64,9 @@ class DeviceUniqueAttestationTest : public KeyMintAidlTestBase {
* attestation.
*/
TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
@ -91,7 +93,9 @@ TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) {
* attestation.
*/
TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
@ -117,7 +121,9 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) {
* attestation correctly, if implemented.
*/
TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) {
if (SecLevel() != SecurityLevel::STRONGBOX) return;
if (SecLevel() != SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to non-StrongBox device";
}
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
@ -174,7 +180,9 @@ TEST_P(DeviceUniqueAttestationTest, RsaDeviceUniqueAttestation) {
* attestation correctly, if implemented.
*/
TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) {
if (SecLevel() != SecurityLevel::STRONGBOX) return;
if (SecLevel() != SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to non-StrongBox device";
}
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
@ -226,7 +234,9 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestation) {
* local device.
*/
TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) {
if (SecLevel() != SecurityLevel::STRONGBOX) return;
if (SecLevel() != SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to non-StrongBox device";
}
// Collection of valid attestation ID tags.
auto attestation_id_tags = AuthorizationSetBuilder();
@ -292,7 +302,9 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationID) {
* don't match the local device.
*/
TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) {
if (SecLevel() != SecurityLevel::STRONGBOX) return;
if (SecLevel() != SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to non-StrongBox device";
}
// Collection of invalid attestation ID tags.
auto attestation_id_tags =

199
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View file

@ -1840,7 +1840,9 @@ TEST_P(NewKeyGenerationTest, EcdsaInvalidSize) {
* INVALID_ARGUMENT.
*/
TEST_P(NewKeyGenerationTest, EcdsaMismatchKeySize) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
auto result = GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_ALGORITHM, Algorithm::EC)
@ -2067,7 +2069,9 @@ TEST_P(NewKeyGenerationTest, HmacCheckMinMacLengths) {
* Verifies that keymint rejects HMAC key generation with multiple specified digest algorithms.
*/
TEST_P(NewKeyGenerationTest, HmacMultipleDigests) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST,
GenerateKey(AuthorizationSetBuilder()
@ -2291,7 +2295,9 @@ TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) {
* presented.
*/
TEST_P(SigningOperationsTest, NoUserConfirmation) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(1024, 65537)
.Digest(Digest::NONE)
@ -2381,7 +2387,9 @@ TEST_P(SigningOperationsTest, RsaPkcs1NoDigestTooLong) {
* for a 1024-bit key.
*/
TEST_P(SigningOperationsTest, RsaPssSha512TooSmallKey) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(1024, 65537)
.Digest(Digest::SHA_2_512)
@ -3200,7 +3208,9 @@ TEST_P(ImportKeyTest, EcdsaP256SEC1Success) {
* Verifies that importing and using an ECDSA P-521 key pair works correctly.
*/
TEST_P(ImportKeyTest, Ecdsa521Success) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(EcCurve::P_521)
@ -3909,7 +3919,9 @@ TEST_P(EncryptionOperationsTest, RsaOaepInvalidPadding) {
* with a different digest than was used to encrypt.
*/
TEST_P(EncryptionOperationsTest, RsaOaepDecryptWithWrongDigest) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@ -5780,7 +5792,9 @@ typedef KeyMintAidlTestBase MaxOperationsTest;
* Verifies that the max uses per boot tag works correctly with AES keys.
*/
TEST_P(MaxOperationsTest, TestLimitAes) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@ -5807,7 +5821,9 @@ TEST_P(MaxOperationsTest, TestLimitAes) {
* Verifies that the max uses per boot tag works correctly with RSA keys.
*/
TEST_P(MaxOperationsTest, TestLimitRsa) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@ -5838,7 +5854,9 @@ typedef KeyMintAidlTestBase UsageCountLimitTest;
* Verifies that the usage count limit tag = 1 works correctly with AES keys.
*/
TEST_P(UsageCountLimitTest, TestSingleUseAes) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@ -5882,7 +5900,9 @@ TEST_P(UsageCountLimitTest, TestSingleUseAes) {
* Verifies that the usage count limit tag > 1 works correctly with AES keys.
*/
TEST_P(UsageCountLimitTest, TestLimitedUseAes) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@ -5927,7 +5947,9 @@ TEST_P(UsageCountLimitTest, TestLimitedUseAes) {
* Verifies that the usage count limit tag = 1 works correctly with RSA keys.
*/
TEST_P(UsageCountLimitTest, TestSingleUseRsa) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@ -5971,7 +5993,9 @@ TEST_P(UsageCountLimitTest, TestSingleUseRsa) {
* Verifies that the usage count limit tag > 1 works correctly with RSA keys.
*/
TEST_P(UsageCountLimitTest, TestLimitUseRsa) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@ -6018,7 +6042,9 @@ TEST_P(UsageCountLimitTest, TestLimitUseRsa) {
* in hardware.
*/
TEST_P(UsageCountLimitTest, TestSingleUseKeyAndRollbackResistance) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
if (SecLevel() == SecurityLevel::STRONGBOX) {
GTEST_SKIP() << "Test not applicable to StrongBox device";
}
auto error = GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537)
@ -6027,38 +6053,39 @@ TEST_P(UsageCountLimitTest, TestSingleUseKeyAndRollbackResistance) {
.Authorization(TAG_NO_AUTH_REQUIRED)
.Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);
if (error == ErrorCode::OK) {
// Rollback resistance is supported by KeyMint, verify it is enforced in hardware.
AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, DeleteKey());
// The KeyMint should also enforce single use key in hardware when it supports rollback
// resistance.
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(1024, 65537)
.NoDigestOrPadding()
.Authorization(TAG_USAGE_COUNT_LIMIT, 1)
.SetDefaultValidity()));
// Check the usage count limit tag appears in the hardware authorizations.
AuthorizationSet hardware_auths = HwEnforcedAuthorizations(key_characteristics_);
EXPECT_TRUE(hardware_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U))
<< "key usage count limit " << 1U << " missing";
string message = "1234567890123456";
auto params = AuthorizationSetBuilder().NoDigestOrPadding();
// First usage of RSA key should work.
SignMessage(message, params);
// Usage count limit tag is enforced by hardware. After using the key, the key blob
// must be invalidated from secure storage (such as RPMB partition).
EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, Begin(KeyPurpose::SIGN, params));
if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
GTEST_SKIP() << "Rollback resistance not supported";
}
// Rollback resistance is supported by KeyMint, verify it is enforced in hardware.
ASSERT_EQ(ErrorCode::OK, error);
AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, DeleteKey());
// The KeyMint should also enforce single use key in hardware when it supports rollback
// resistance.
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(1024, 65537)
.NoDigestOrPadding()
.Authorization(TAG_USAGE_COUNT_LIMIT, 1)
.SetDefaultValidity()));
// Check the usage count limit tag appears in the hardware authorizations.
AuthorizationSet hardware_auths = HwEnforcedAuthorizations(key_characteristics_);
EXPECT_TRUE(hardware_auths.Contains(TAG_USAGE_COUNT_LIMIT, 1U))
<< "key usage count limit " << 1U << " missing";
string message = "1234567890123456";
auto params = AuthorizationSetBuilder().NoDigestOrPadding();
// First usage of RSA key should work.
SignMessage(message, params);
// Usage count limit tag is enforced by hardware. After using the key, the key blob
// must be invalidated from secure storage (such as RPMB partition).
EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB, Begin(KeyPurpose::SIGN, params));
}
INSTANTIATE_KEYMINT_AIDL_TEST(UsageCountLimitTest);
@ -6135,24 +6162,25 @@ TEST_P(KeyDeletionTest, DeleteKey) {
.Authorization(TAG_NO_AUTH_REQUIRED)
.Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);
if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
GTEST_SKIP() << "Rollback resistance not supported";
}
// Delete must work if rollback protection is implemented
if (error == ErrorCode::OK) {
AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, error);
AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, DeleteKey(true /* keep key blob */));
ASSERT_EQ(ErrorCode::OK, DeleteKey(true /* keep key blob */));
string message = "12345678901234567890123456789012";
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
Begin(KeyPurpose::SIGN, key_blob_,
AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),
&begin_out_params));
AbortIfNeeded();
key_blob_ = AidlBuf();
}
string message = "12345678901234567890123456789012";
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
Begin(KeyPurpose::SIGN, key_blob_,
AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),
&begin_out_params));
AbortIfNeeded();
key_blob_ = AidlBuf();
}
/**
@ -6169,21 +6197,22 @@ TEST_P(KeyDeletionTest, DeleteInvalidKey) {
.Authorization(TAG_NO_AUTH_REQUIRED)
.Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);
if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
GTEST_SKIP() << "Rollback resistance not supported";
}
// Delete must work if rollback protection is implemented
if (error == ErrorCode::OK) {
AuthorizationSet enforced(SecLevelAuthorizations());
ASSERT_TRUE(enforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, error);
AuthorizationSet enforced(SecLevelAuthorizations());
ASSERT_TRUE(enforced.Contains(TAG_ROLLBACK_RESISTANCE));
// Delete the key we don't care about the result at this point.
DeleteKey();
// Delete the key we don't care about the result at this point.
DeleteKey();
// Now create an invalid key blob and delete it.
key_blob_ = AidlBuf("just some garbage data which is not a valid key blob");
// Now create an invalid key blob and delete it.
key_blob_ = AidlBuf("just some garbage data which is not a valid key blob");
ASSERT_EQ(ErrorCode::OK, DeleteKey());
}
ASSERT_EQ(ErrorCode::OK, DeleteKey());
}
/**
@ -6198,7 +6227,10 @@ TEST_P(KeyDeletionTest, DeleteInvalidKey) {
* credentials stored in Keystore/Keymint.
*/
TEST_P(KeyDeletionTest, DeleteAllKeys) {
if (!arm_deleteAllKeys) return;
if (!arm_deleteAllKeys) {
GTEST_SKIP() << "Option --arm_deleteAllKeys not set";
return;
}
auto error = GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
@ -6206,25 +6238,26 @@ TEST_P(KeyDeletionTest, DeleteAllKeys) {
.Authorization(TAG_NO_AUTH_REQUIRED)
.Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
ASSERT_TRUE(error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE || error == ErrorCode::OK);
if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
GTEST_SKIP() << "Rollback resistance not supported";
}
// Delete must work if rollback protection is implemented
if (error == ErrorCode::OK) {
AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, error);
AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());
ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());
string message = "12345678901234567890123456789012";
AuthorizationSet begin_out_params;
string message = "12345678901234567890123456789012";
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
Begin(KeyPurpose::SIGN, key_blob_,
AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),
&begin_out_params));
AbortIfNeeded();
key_blob_ = AidlBuf();
}
EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
Begin(KeyPurpose::SIGN, key_blob_,
AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE),
&begin_out_params));
AbortIfNeeded();
key_blob_ = AidlBuf();
}
INSTANTIATE_KEYMINT_AIDL_TEST(KeyDeletionTest);