Test specifying CERTIFICATE_NOT_{BEFORE,AFTER}
Bug: 275363977
Test: VtsAidlKeyMintTargetTest
Change-Id: I69c0577a73eabda42c8ccffce5af0e5fa45e9320
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index c45dd3f..63b2e73 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -26,6 +26,7 @@
#include <openssl/ec.h>
#include <openssl/evp.h>
#include <openssl/mem.h>
+#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <cutils/properties.h>
@@ -1059,6 +1060,42 @@
}
/*
+ * NewKeyGenerationTest.RsaWithSpecifiedValidity
+ *
+ * Verifies that KeyMint respects specified NOT_BEFORE and NOT_AFTER certificate dates.
+ */
+TEST_P(NewKeyGenerationTest, RsaWithSpecifiedValidity) {
+ vector<uint8_t> key_blob;
+ vector<KeyCharacteristics> key_characteristics;
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .RsaSigningKey(2048, 65537)
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_CERTIFICATE_NOT_BEFORE,
+ 1183806000000 /* 2007-07-07T11:00:00Z */)
+ .Authorization(TAG_CERTIFICATE_NOT_AFTER,
+ 1916049600000 /* 2030-09-19T12:00:00Z */),
+ &key_blob, &key_characteristics));
+ ASSERT_GT(cert_chain_.size(), 0);
+
+ X509_Ptr cert(parse_cert_blob(cert_chain_[0].encodedCertificate));
+ ASSERT_TRUE(!!cert.get());
+
+ const ASN1_TIME* not_before = X509_get0_notBefore(cert.get());
+ ASSERT_NE(not_before, nullptr);
+ time_t not_before_time;
+ ASSERT_EQ(ASN1_TIME_to_time_t(not_before, ¬_before_time), 1);
+ EXPECT_EQ(not_before_time, 1183806000);
+
+ const ASN1_TIME* not_after = X509_get0_notAfter(cert.get());
+ ASSERT_NE(not_after, nullptr);
+ time_t not_after_time;
+ ASSERT_EQ(ASN1_TIME_to_time_t(not_after, ¬_after_time), 1);
+ EXPECT_EQ(not_after_time, 1916049600);
+}
+
+/*
* NewKeyGenerationTest.RsaWithAttestation
*
* Verifies that keymint can generate all required RSA key sizes with attestation, and that the