Merge "Remove creation time checks."
diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
index 07409f6..7241984 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
@@ -201,22 +201,6 @@
CheckedDeleteKey(&key_blob_);
}
-void KeymasterHidlTest::CheckCreationDateTime(
- const AuthorizationSet& sw_enforced,
- std::chrono::time_point<std::chrono::system_clock> creation) {
- for (int i = 0; i < sw_enforced.size(); i++) {
- if (sw_enforced[i].tag == TAG_CREATION_DATETIME) {
- std::chrono::time_point<std::chrono::system_clock> now =
- std::chrono::system_clock::now();
- std::chrono::time_point<std::chrono::system_clock> reported_time{
- std::chrono::milliseconds(sw_enforced[i].f.dateTime)};
- // The test is flaky for EC keys, so a buffer time of 120 seconds will be added.
- EXPECT_LE(creation - std::chrono::seconds(120), reported_time);
- EXPECT_LE(reported_time, now + std::chrono::seconds(1));
- }
- }
-}
-
void KeymasterHidlTest::CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
const HidlBuf& app_data,
KeyCharacteristics* key_characteristics) {
diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.h b/keymaster/4.0/vts/functional/KeymasterHidlTest.h
index adceead..4bd8b26 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.h
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.h
@@ -113,9 +113,6 @@
void CheckedDeleteKey(HidlBuf* key_blob, bool keep_key_blob = false);
void CheckedDeleteKey();
- static void CheckCreationDateTime(const AuthorizationSet& sw_enforced,
- std::chrono::time_point<std::chrono::system_clock> creation);
-
void CheckGetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
const HidlBuf& app_data, KeyCharacteristics* key_characteristics);
ErrorCode GetCharacteristics(const HidlBuf& key_blob, const HidlBuf& client_id,
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index f78eb43..194c438 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -320,8 +320,7 @@
bool verify_attestation_record(const string& challenge, const string& app_id,
AuthorizationSet expected_sw_enforced,
AuthorizationSet expected_hw_enforced, SecurityLevel security_level,
- const hidl_vec<uint8_t>& attestation_cert,
- std::chrono::time_point<std::chrono::system_clock> creation_time) {
+ const hidl_vec<uint8_t>& attestation_cert) {
X509_Ptr cert(parse_cert_blob(attestation_cert));
EXPECT_TRUE(!!cert.get());
if (!cert.get()) return false;
@@ -405,8 +404,6 @@
EXPECT_FALSE(expected_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED));
EXPECT_FALSE(att_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED));
- KeymasterHidlTest::CheckCreationDateTime(att_sw_enforced, creation_time);
-
if (att_hw_enforced.Contains(TAG_ALGORITHM, Algorithm::EC)) {
// For ECDSA keys, either an EC_CURVE or a KEY_SIZE can be specified, but one must be.
EXPECT_TRUE(att_hw_enforced.Contains(TAG_EC_CURVE) ||
@@ -559,24 +556,6 @@
}
/*
- * NewKeyGenerationTest.RsaCheckCreationDateTime
- *
- * Verifies that creation date time is correct.
- */
-TEST_P(NewKeyGenerationTest, RsaCheckCreationDateTime) {
- KeyCharacteristics key_characteristics;
- auto creation_time = std::chrono::system_clock::now();
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(2048, 3)
- .Digest(Digest::NONE)
- .Padding(PaddingMode::NONE)));
- GetCharacteristics(key_blob_, &key_characteristics);
- AuthorizationSet sw_enforced = key_characteristics.softwareEnforced;
- CheckCreationDateTime(sw_enforced, creation_time);
-}
-
-/*
* NewKeyGenerationTest.NoInvalidRsaSizes
*
* Verifies that keymaster cannot generate any RSA key sizes that are designated as invalid.
@@ -641,23 +620,6 @@
}
/*
- * NewKeyGenerationTest.EcCheckCreationDateTime
- *
- * Verifies that creation date time is correct.
- */
-TEST_P(NewKeyGenerationTest, EcCheckCreationDateTime) {
- KeyCharacteristics key_characteristics;
- auto creation_time = std::chrono::system_clock::now();
- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .EcdsaSigningKey(256)
- .Digest(Digest::NONE)));
- GetCharacteristics(key_blob_, &key_characteristics);
- AuthorizationSet sw_enforced = key_characteristics.softwareEnforced;
- CheckCreationDateTime(sw_enforced, creation_time);
-}
-
-/*
* NewKeyGenerationTest.EcdsaDefaultSize
*
* Verifies that failing to specify a key size for EC key generation returns UNSUPPORTED_KEY_SIZE.
@@ -4238,7 +4200,6 @@
* Verifies that attesting to RSA keys works and generates the expected output.
*/
TEST_P(AttestationTest, RsaAttestation) {
- auto creation_time = std::chrono::system_clock::now();
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(2048, 65537)
@@ -4263,7 +4224,7 @@
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //
key_characteristics_.hardwareEnforced, //
- SecLevel(), cert_chain[0], creation_time));
+ SecLevel(), cert_chain[0]));
}
/*
@@ -4292,7 +4253,6 @@
* Verifies that attesting to EC keys works and generates the expected output.
*/
TEST_P(AttestationTest, EcAttestation) {
- auto creation_time = std::chrono::system_clock::now();
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(EcCurve::P_256)
@@ -4314,7 +4274,7 @@
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //
key_characteristics_.hardwareEnforced, //
- SecLevel(), cert_chain[0], creation_time));
+ SecLevel(), cert_chain[0]));
}
/*
@@ -4347,7 +4307,6 @@
TEST_P(AttestationTest, AttestationApplicationIDLengthProperlyEncoded) {
std::vector<uint32_t> app_id_lengths{143, 258};
for (uint32_t length : app_id_lengths) {
- auto creation_time = std::chrono::system_clock::now();
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(EcCurve::P_256)
@@ -4365,7 +4324,7 @@
EXPECT_TRUE(verify_attestation_record("challenge", app_id, //
key_characteristics_.softwareEnforced, //
key_characteristics_.hardwareEnforced, //
- SecLevel(), cert_chain[0], creation_time));
+ SecLevel(), cert_chain[0]));
CheckedDeleteKey();
}
}