commit beefae4790ccd4f1ee75ea69603d4c9c2a45c0aa
author Qi Wu <siofive@google.com> Thu Jan 28 23:16:37 2021 +0800
committer Qi Wu <siofive@google.com> Tue Feb 02 20:47:30 2021 +0800
tree b8e5167b8b548ea325e7de961bb1f9187df8ace4
parent 06e5b50fc31616ecd8d41a77652f6a73c2d47ddc

Add more vts tests related to limited use key.
1. Fix test case for usage count limit tag = 1 case, when
  hardware cannot enforce it, the tag should by enforced by keystore.
2. Add test case for usage count limit tag > 1.
3. Add test case to verify the usage count limit tag appears
  correctly in the attestation certificate for asymmetic key.

Test: atest -c VtsAidlKeyMintTargetTest

Change-Id: I01df278b42a91a78c8888c13c4f81b7ec70cfa22

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 766c02d..6555157 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -55,6 +55,9 @@
     for (auto& entry : key_characteristics) {
         if (entry.authorizations.empty()) return false;
 
+        // Just ignore the SecurityLevel::KEYSTORE as the KM won't do any enforcement on this.
+        if (entry.securityLevel == SecurityLevel::KEYSTORE) continue;
+
         if (levels_seen.find(entry.securityLevel) != levels_seen.end()) return false;
         levels_seen.insert(entry.securityLevel);
 
@@ -824,22 +827,36 @@
     return (found == key_characteristics.end()) ? kEmptyAuthList : found->authorizations;
 }
 
-const vector<KeyParameter>& KeyMintAidlTestBase::HwEnforcedAuthorizations(
-        const vector<KeyCharacteristics>& key_characteristics) {
-    auto found =
-            std::find_if(key_characteristics.begin(), key_characteristics.end(), [](auto& entry) {
-                return entry.securityLevel == SecurityLevel::STRONGBOX ||
-                       entry.securityLevel == SecurityLevel::TRUSTED_ENVIRONMENT;
-            });
+const vector<KeyParameter>& KeyMintAidlTestBase::SecLevelAuthorizations(
+        const vector<KeyCharacteristics>& key_characteristics, SecurityLevel securityLevel) {
+    auto found = std::find_if(
+            key_characteristics.begin(), key_characteristics.end(),
+            [securityLevel](auto& entry) { return entry.securityLevel == securityLevel; });
     return (found == key_characteristics.end()) ? kEmptyAuthList : found->authorizations;
 }
 
-const vector<KeyParameter>& KeyMintAidlTestBase::SwEnforcedAuthorizations(
+AuthorizationSet KeyMintAidlTestBase::HwEnforcedAuthorizations(
         const vector<KeyCharacteristics>& key_characteristics) {
-    auto found = std::find_if(
-            key_characteristics.begin(), key_characteristics.end(),
-            [](auto& entry) { return entry.securityLevel == SecurityLevel::SOFTWARE; });
-    return (found == key_characteristics.end()) ? kEmptyAuthList : found->authorizations;
+    AuthorizationSet authList;
+    for (auto& entry : key_characteristics) {
+        if (entry.securityLevel == SecurityLevel::STRONGBOX ||
+            entry.securityLevel == SecurityLevel::TRUSTED_ENVIRONMENT) {
+            authList.push_back(AuthorizationSet(entry.authorizations));
+        }
+    }
+    return authList;
+}
+
+AuthorizationSet KeyMintAidlTestBase::SwEnforcedAuthorizations(
+        const vector<KeyCharacteristics>& key_characteristics) {
+    AuthorizationSet authList;
+    for (auto& entry : key_characteristics) {
+        if (entry.securityLevel == SecurityLevel::SOFTWARE ||
+            entry.securityLevel == SecurityLevel::KEYSTORE) {
+            authList.push_back(AuthorizationSet(entry.authorizations));
+        }
+    }
+    return authList;
 }
 
 }  // namespace test