Fix Keymint VTS test after adding CERTIFICATE_* tags
Pass required tags to generateKey and importKey.
Bug: 179809936
Test: VtsAidlKeyMintTargetTest
Change-Id: I762f73de50ca35c2f1ed271385d863910f53dcd2
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index c849bad..88122ce 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -544,7 +544,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(key_size, 65537)
.Digest(Digest::NONE)
- .Padding(PaddingMode::NONE),
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity(),
&key_blob, &key_characteristics));
ASSERT_GT(key_blob.size(), 0U);
@@ -580,7 +581,8 @@
.Padding(PaddingMode::NONE)
.AttestationChallenge(challenge)
.AttestationApplicationId(app_id)
- .Authorization(TAG_NO_AUTH_REQUIRED),
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
&key_blob, &key_characteristics));
ASSERT_GT(key_blob.size(), 0U);
@@ -620,7 +622,8 @@
.RsaSigningKey(key_size, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
- .Authorization(TAG_USAGE_COUNT_LIMIT, 1),
+ .Authorization(TAG_USAGE_COUNT_LIMIT, 1)
+ .SetDefaultValidity(),
&key_blob, &key_characteristics));
ASSERT_GT(key_blob.size(), 0U);
@@ -665,7 +668,8 @@
.AttestationChallenge(challenge)
.AttestationApplicationId(app_id)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Authorization(TAG_USAGE_COUNT_LIMIT, 1),
+ .Authorization(TAG_USAGE_COUNT_LIMIT, 1)
+ .SetDefaultValidity(),
&key_blob, &key_characteristics));
ASSERT_GT(key_blob.size(), 0U);
@@ -713,7 +717,8 @@
GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(key_size, 65537)
.Digest(Digest::NONE)
- .Padding(PaddingMode::NONE),
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity(),
&key_blob, &key_characteristics));
}
}
@@ -729,7 +734,8 @@
GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_ALGORITHM, Algorithm::RSA)
.Authorization(TAG_RSA_PUBLIC_EXPONENT, 3U)
- .SigningKey()));
+ .SigningKey()
+ .SetDefaultValidity()));
}
/*
@@ -742,10 +748,11 @@
for (auto key_size : ValidKeySizes(Algorithm::EC)) {
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
- ASSERT_EQ(ErrorCode::OK,
- GenerateKey(
- AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(Digest::NONE),
- &key_blob, &key_characteristics));
+ ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+ .EcdsaSigningKey(key_size)
+ .Digest(Digest::NONE)
+ .SetDefaultValidity(),
+ &key_blob, &key_characteristics));
ASSERT_GT(key_blob.size(), 0U);
CheckBaseParams(key_characteristics);
@@ -772,7 +779,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.EcdsaSigningKey(key_size)
.Digest(Digest::NONE)
- .Authorization(TAG_USAGE_COUNT_LIMIT, 1),
+ .Authorization(TAG_USAGE_COUNT_LIMIT, 1)
+ .SetDefaultValidity(),
&key_blob, &key_characteristics));
ASSERT_GT(key_blob.size(), 0U);
@@ -807,7 +815,8 @@
GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_ALGORITHM, Algorithm::EC)
.SigningKey()
- .Digest(Digest::NONE)));
+ .Digest(Digest::NONE)
+ .SetDefaultValidity()));
}
/*
@@ -820,14 +829,17 @@
for (auto key_size : InvalidKeySizes(Algorithm::EC)) {
vector<uint8_t> key_blob;
vector<KeyCharacteristics> key_characteristics;
- ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
- GenerateKey(
- AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(Digest::NONE),
- &key_blob, &key_characteristics));
+ ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, GenerateKey(AuthorizationSetBuilder()
+ .EcdsaSigningKey(key_size)
+ .Digest(Digest::NONE)
+ .SetDefaultValidity(),
+ &key_blob, &key_characteristics));
}
- ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
- GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190).Digest(Digest::NONE)));
+ ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, GenerateKey(AuthorizationSetBuilder()
+ .EcdsaSigningKey(190)
+ .Digest(Digest::NONE)
+ .SetDefaultValidity()));
}
/*
@@ -843,7 +855,8 @@
GenerateKey(AuthorizationSetBuilder()
.EcdsaSigningKey(224)
.Authorization(TAG_EC_CURVE, EcCurve::P_256)
- .Digest(Digest::NONE)));
+ .Digest(Digest::NONE)
+ .SetDefaultValidity()));
}
/*
@@ -854,8 +867,10 @@
TEST_P(NewKeyGenerationTest, EcdsaAllValidSizes) {
auto valid_sizes = ValidKeySizes(Algorithm::EC);
for (size_t size : valid_sizes) {
- EXPECT_EQ(ErrorCode::OK,
- GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size).Digest(Digest::NONE)))
+ EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+ .EcdsaSigningKey(size)
+ .Digest(Digest::NONE)
+ .SetDefaultValidity()))
<< "Failed to generate size: " << size;
CheckedDeleteKey();
}
@@ -874,8 +889,10 @@
digest = Digest::SHA_2_512;
}
for (auto curve : ValidCurves()) {
- EXPECT_EQ(ErrorCode::OK,
- GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(curve).Digest(digest)))
+ EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+ .EcdsaSigningKey(curve)
+ .Digest(digest)
+ .SetDefaultValidity()))
<< "Failed to generate key on curve: " << curve;
CheckedDeleteKey();
}
@@ -1058,7 +1075,8 @@
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
- .Authorization(TAG_NO_AUTH_REQUIRED)));
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity()));
string message = "12345678901234567890123456789012";
string signature = SignMessage(
message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
@@ -1076,7 +1094,8 @@
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Authorization(TAG_APPLICATION_ID, "clientid")
- .Authorization(TAG_APPLICATION_DATA, "appdata")));
+ .Authorization(TAG_APPLICATION_DATA, "appdata")
+ .SetDefaultValidity()));
EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
Begin(KeyPurpose::SIGN,
AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)));
@@ -1112,7 +1131,8 @@
.RsaSigningKey(2048, 65537)
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_PSS)
- .Authorization(TAG_NO_AUTH_REQUIRED)));
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity()));
// Use large message, which won't work without digesting.
string message(1024, 'a');
string signature = SignMessage(
@@ -1131,7 +1151,8 @@
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
string message = "12345678901234567890123456789012";
string signature;
@@ -1150,13 +1171,13 @@
*/
TEST_P(SigningOperationsTest, NoUserConfirmation) {
if (SecLevel() == SecurityLevel::STRONGBOX) return;
- ASSERT_EQ(ErrorCode::OK,
- GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
- .Digest(Digest::NONE)
- .Padding(PaddingMode::NONE)
- .Authorization(TAG_NO_AUTH_REQUIRED)
- .Authorization(TAG_TRUSTED_CONFIRMATION_REQUIRED)));
+ ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+ .RsaSigningKey(1024, 65537)
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .Authorization(TAG_TRUSTED_CONFIRMATION_REQUIRED)
+ .SetDefaultValidity()));
const string message = "12345678901234567890123456789012";
EXPECT_EQ(ErrorCode::OK,
@@ -1176,7 +1197,8 @@
.RsaSigningKey(2048, 65537)
.Digest(Digest::SHA_2_256)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
+ .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
+ .SetDefaultValidity()));
string message(1024, 'a');
string signature = SignMessage(message, AuthorizationSetBuilder()
.Digest(Digest::SHA_2_256)
@@ -1193,7 +1215,8 @@
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
+ .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
+ .SetDefaultValidity()));
string message(53, 'a');
string signature = SignMessage(message, AuthorizationSetBuilder()
.Digest(Digest::NONE)
@@ -1211,7 +1234,8 @@
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
+ .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
+ .SetDefaultValidity()));
string message(257, 'a');
EXPECT_EQ(ErrorCode::OK,
@@ -1241,7 +1265,8 @@
.RsaSigningKey(1024, 65537)
.Digest(Digest::SHA_2_512)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Padding(PaddingMode::RSA_PSS)));
+ .Padding(PaddingMode::RSA_PSS)
+ .SetDefaultValidity()));
EXPECT_EQ(ErrorCode::INCOMPATIBLE_DIGEST,
Begin(KeyPurpose::SIGN, AuthorizationSetBuilder()
.Digest(Digest::SHA_2_512)
@@ -1259,7 +1284,8 @@
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
+ .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
+ .SetDefaultValidity()));
// One byte too long
string message(2048 / 8 + 1, 'a');
ASSERT_EQ(ErrorCode::OK,
@@ -1293,7 +1319,8 @@
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
ASSERT_EQ(ErrorCode::OK,
Begin(KeyPurpose::SIGN,
@@ -1318,7 +1345,8 @@
.RsaSigningKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED)
.Digest(Digest::SHA_2_256 /* supported digest */)
- .Padding(PaddingMode::PKCS7)));
+ .Padding(PaddingMode::PKCS7)
+ .SetDefaultValidity()));
ASSERT_EQ(
ErrorCode::UNSUPPORTED_PADDING_MODE,
Begin(KeyPurpose::SIGN,
@@ -1335,7 +1363,8 @@
.RsaSigningKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED)
.Digest(Digest::NONE)
- .Padding(PaddingMode::RSA_PSS)));
+ .Padding(PaddingMode::RSA_PSS)
+ .SetDefaultValidity()));
ASSERT_EQ(ErrorCode::INCOMPATIBLE_DIGEST,
Begin(KeyPurpose::SIGN,
AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::RSA_PSS)));
@@ -1356,7 +1385,8 @@
.RsaKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED)
.SigningKey()
- .Digest(Digest::NONE)));
+ .Digest(Digest::NONE)
+ .SetDefaultValidity()));
ASSERT_EQ(ErrorCode::UNSUPPORTED_PADDING_MODE,
Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE)));
}
@@ -1371,7 +1401,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
// Barely shorter
string message(2048 / 8 - 1, 'a');
@@ -1392,7 +1423,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
.Digest(Digest::NONE)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
Begin(KeyPurpose::SIGN,
AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE)));
@@ -1409,7 +1441,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
// Largest possible message will always be larger than the public modulus.
string message(2048 / 8, static_cast<char>(0xff));
@@ -1432,7 +1465,8 @@
ErrorCode error = GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(key_size)
- .Digest(digest));
+ .Digest(digest)
+ .SetDefaultValidity());
EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate ECDSA key with size " << key_size
<< " and digest " << digest;
if (error != ErrorCode::OK) continue;
@@ -1455,7 +1489,8 @@
ErrorCode error = GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(curve)
- .Digest(Digest::SHA_2_256));
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity());
EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate ECDSA key with curve " << curve;
if (error != ErrorCode::OK) continue;
@@ -1477,7 +1512,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(256)
- .Digest(Digest::NONE)));
+ .Digest(Digest::NONE)
+ .SetDefaultValidity()));
string message(1 * 1024, 'a');
SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE));
}
@@ -1493,7 +1529,8 @@
.EcdsaSigningKey(256)
.Digest(Digest::NONE)
.Authorization(TAG_APPLICATION_ID, "clientid")
- .Authorization(TAG_APPLICATION_DATA, "appdata")));
+ .Authorization(TAG_APPLICATION_DATA, "appdata")
+ .SetDefaultValidity()));
EXPECT_EQ(ErrorCode::INVALID_KEY_BLOB,
Begin(KeyPurpose::SIGN, AuthorizationSetBuilder().Digest(Digest::NONE)));
AbortIfNeeded();
@@ -1682,7 +1719,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
string message = "12345678901234567890123456789012";
string signature = SignMessage(
message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
@@ -1702,7 +1740,8 @@
.Digest(ValidDigests(true /* withNone */, true /* withMD5 */))
.Padding(PaddingMode::NONE)
.Padding(PaddingMode::RSA_PSS)
- .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN);
+ .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
+ .SetDefaultValidity();
ASSERT_EQ(ErrorCode::OK, GenerateKey(authorizations));
@@ -1799,7 +1838,8 @@
ErrorCode error = GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(curve)
- .Digest(digests));
+ .Digest(digests)
+ .SetDefaultValidity());
EXPECT_EQ(ErrorCode::OK, error) << "Failed to generate key for EC curve " << curve;
if (error != ErrorCode::OK) {
continue;
@@ -1962,7 +2002,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(1024, 65537)
.Digest(Digest::SHA_2_256)
- .Padding(PaddingMode::RSA_PSS),
+ .Padding(PaddingMode::RSA_PSS)
+ .SetDefaultValidity(),
KeyFormat::PKCS8, rsa_key));
CheckCryptoParam(TAG_ALGORITHM, Algorithm::RSA);
@@ -1989,7 +2030,8 @@
ImportKey(AuthorizationSetBuilder()
.RsaSigningKey(2048 /* Doesn't match key */, 65537)
.Digest(Digest::NONE)
- .Padding(PaddingMode::NONE),
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity(),
KeyFormat::PKCS8, rsa_key));
}
@@ -2004,7 +2046,8 @@
ImportKey(AuthorizationSetBuilder()
.RsaSigningKey(1024, 3 /* Doesn't match key */)
.Digest(Digest::NONE)
- .Padding(PaddingMode::NONE),
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity(),
KeyFormat::PKCS8, rsa_key));
}
@@ -2017,7 +2060,8 @@
ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(256)
- .Digest(Digest::SHA_2_256),
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity(),
KeyFormat::PKCS8, ec_256_key));
CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC);
@@ -2043,7 +2087,8 @@
ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(256)
- .Digest(Digest::SHA_2_256),
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity(),
KeyFormat::PKCS8, ec_256_key_rfc5915));
CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC);
@@ -2068,7 +2113,8 @@
ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(256)
- .Digest(Digest::SHA_2_256),
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity(),
KeyFormat::PKCS8, ec_256_key_sec1));
CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC);
@@ -2094,7 +2140,8 @@
ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(521)
- .Digest(Digest::SHA_2_256),
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity(),
KeyFormat::PKCS8, ec_521_key));
CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC);
@@ -2119,7 +2166,8 @@
ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH,
ImportKey(AuthorizationSetBuilder()
.EcdsaSigningKey(224 /* Doesn't match key */)
- .Digest(Digest::NONE),
+ .Digest(Digest::NONE)
+ .SetDefaultValidity(),
KeyFormat::PKCS8, ec_256_key));
}
@@ -2133,7 +2181,8 @@
ASSERT_EQ(ErrorCode::IMPORT_PARAMETER_MISMATCH,
ImportKey(AuthorizationSetBuilder()
.EcdsaSigningKey(EcCurve::P_224 /* Doesn't match key */)
- .Digest(Digest::NONE),
+ .Digest(Digest::NONE)
+ .SetDefaultValidity(),
KeyFormat::PKCS8, ec_256_key));
}
@@ -2254,7 +2303,8 @@
.RsaEncryptionKey(2048, 65537)
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_OAEP)
- .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
+ .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY)
+ .SetDefaultValidity();
ASSERT_EQ(ErrorCode::OK,
ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key,
@@ -2274,7 +2324,8 @@
.RsaEncryptionKey(2048, 65537)
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_OAEP)
- .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
+ .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY)
+ .SetDefaultValidity();
ASSERT_EQ(ErrorCode::OK,
ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, masking_key,
@@ -2288,7 +2339,8 @@
.RsaEncryptionKey(2048, 65537)
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_OAEP)
- .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
+ .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY)
+ .SetDefaultValidity();
ASSERT_EQ(
ErrorCode::VERIFICATION_FAILED,
@@ -2302,7 +2354,8 @@
auto wrapping_key_desc = AuthorizationSetBuilder()
.RsaEncryptionKey(2048, 65537)
.Digest(Digest::SHA_2_256)
- .Padding(PaddingMode::RSA_OAEP);
+ .Padding(PaddingMode::RSA_OAEP)
+ .SetDefaultValidity();
ASSERT_EQ(
ErrorCode::INCOMPATIBLE_PURPOSE,
@@ -2325,7 +2378,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
string message = string(2048 / 8, 'a');
auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
@@ -2348,7 +2402,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
string message = "1";
auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
@@ -2377,7 +2432,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
string message(2048 / 8 + 1, 'a');
@@ -2410,7 +2466,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(key_size, 65537)
.Padding(PaddingMode::RSA_OAEP)
- .Digest(digests)));
+ .Digest(digests)
+ .SetDefaultValidity()));
string message = "Hello";
@@ -2458,7 +2515,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_OAEP)
- .Digest(Digest::NONE)));
+ .Digest(Digest::NONE)
+ .SetDefaultValidity()));
string message = "Hello World!";
auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_OAEP).Digest(Digest::NONE);
@@ -2478,7 +2536,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(1024, 65537)
.Padding(PaddingMode::RSA_OAEP)
- .Digest(Digest::SHA_2_224, Digest::SHA_2_256)));
+ .Digest(Digest::SHA_2_224, Digest::SHA_2_256)
+ .SetDefaultValidity()));
string message = "Hello World!";
string ciphertext = EncryptMessage(
message,
@@ -2503,7 +2562,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_OAEP)
- .Digest(Digest::SHA_2_256)));
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity()));
constexpr size_t digest_size = 256 /* SHA_2_256 */ / 8;
constexpr size_t oaep_overhead = 2 * digest_size + 2;
string message(2048 / 8 - oaep_overhead + 1, 'a');
@@ -2531,7 +2591,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(key_size, 65537)
.Padding(PaddingMode::RSA_OAEP)
- .Digest(Digest::SHA_2_256)));
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity()));
string message = "Hello";
@@ -2584,7 +2645,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_OAEP)
- .Digest(Digest::SHA_2_256)));
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity()));
string message = "Hello World!";
auto params = AuthorizationSetBuilder()
@@ -2607,7 +2669,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_OAEP)
- .Digest(Digest::SHA_2_256)));
+ .Digest(Digest::SHA_2_256)
+ .SetDefaultValidity()));
string message = "Hello World!";
auto params = AuthorizationSetBuilder()
@@ -2626,7 +2689,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
- .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT)));
+ .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT)
+ .SetDefaultValidity()));
string message = "Hello World!";
auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT);
@@ -2665,7 +2729,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
- .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT)));
+ .Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT)
+ .SetDefaultValidity()));
string message(2048 / 8 - 10, 'a');
auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT);
@@ -2685,7 +2750,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.EcdsaSigningKey(256)
- .Digest(Digest::NONE)));
+ .Digest(Digest::NONE)
+ .SetDefaultValidity()));
auto params = AuthorizationSetBuilder().Digest(Digest::NONE);
ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::ENCRYPT, params));
ASSERT_EQ(ErrorCode::UNSUPPORTED_PURPOSE, Begin(KeyPurpose::DECRYPT, params));
@@ -4333,7 +4399,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(1024, 65537)
.NoDigestOrPadding()
- .Authorization(TAG_MAX_USES_PER_BOOT, 3)));
+ .Authorization(TAG_MAX_USES_PER_BOOT, 3)
+ .SetDefaultValidity()));
string message = "1234567890123456";
@@ -4452,7 +4519,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(1024, 65537)
.NoDigestOrPadding()
- .Authorization(TAG_USAGE_COUNT_LIMIT, 1)));
+ .Authorization(TAG_USAGE_COUNT_LIMIT, 1)
+ .SetDefaultValidity()));
// Check the usage count limit tag appears in the authorizations.
AuthorizationSet auths;
@@ -4495,7 +4563,8 @@
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(1024, 65537)
.NoDigestOrPadding()
- .Authorization(TAG_USAGE_COUNT_LIMIT, 3)));
+ .Authorization(TAG_USAGE_COUNT_LIMIT, 3)
+ .SetDefaultValidity()));
// Check the usage count limit tag appears in the authorizations.
AuthorizationSet auths;
@@ -4704,7 +4773,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaEncryptionKey(2048, 65537)
- .Padding(PaddingMode::NONE)));
+ .Padding(PaddingMode::NONE)
+ .SetDefaultValidity()));
auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
constexpr size_t max_operations = 100; // set to arbituary large number
@@ -4835,7 +4905,8 @@
.Authorization(TAG_PURPOSE, KeyPurpose::AGREE_KEY)
.Authorization(TAG_ALGORITHM, Algorithm::EC)
.Authorization(TAG_ATTESTATION_APPLICATION_ID, {0x61, 0x62})
- .Authorization(TAG_ATTESTATION_CHALLENGE, challenge)))
+ .Authorization(TAG_ATTESTATION_CHALLENGE, challenge)
+ .SetDefaultValidity()))
<< "Failed to generate key";
ASSERT_GT(cert_chain_.size(), 0);
X509_Ptr kmKeyCert(parse_cert_blob(cert_chain_[0].encodedCertificate));