commit f408c28c0e20dae7f14dfbfcc5970fdab54a41f4
author Rajesh Nyamagoud <nyamagoud@google.com> Fri Jun 02 02:46:38 2023 +0000
committer Rajesh Nyamagoud <nyamagoud@google.com> Mon Oct 09 21:59:43 2023 +0000
tree c8300337eca6d44f02efec812897b12c70df15a3
parent 5f6db2f4429b482a6fdb2e336de2c0b369cef3cb

Adding tests to check unique id attestation.

Bug: 279721870
Test: atest keystore2_client_tests
Change-Id: Ic7857267345035ad0d92d8176d34cfe3e64e5c62

keystore2/test_utils/authorizations.rs

diff --git a/keystore2/test_utils/authorizations.rs b/keystore2/test_utils/authorizations.rs
index f50eca6..ebe2665 100644
--- a/keystore2/test_utils/authorizations.rs
+++ b/keystore2/test_utils/authorizations.rs
@@ -314,6 +314,15 @@
         });
         self
     }
+
+    /// Set include unique id.
+    pub fn include_unique_id(mut self) -> Self {
+        self.0.push(KeyParameter {
+            tag: Tag::INCLUDE_UNIQUE_ID,
+            value: KeyParameterValue::BoolValue(true),
+        });
+        self
+    }
 }
 
 impl Deref for AuthSetBuilder {

keystore2/tests/keystore2_client_authorizations_tests.rs

diff --git a/keystore2/tests/keystore2_client_authorizations_tests.rs b/keystore2/tests/keystore2_client_authorizations_tests.rs
index 9df9561..4fce1d9 100644
--- a/keystore2/tests/keystore2_client_authorizations_tests.rs
+++ b/keystore2/tests/keystore2_client_authorizations_tests.rs
@@ -36,6 +36,32 @@
 
 use keystore2_test_utils::ffi_test_utils::get_value_from_attest_record;
 
+fn gen_key_including_unique_id(
+    sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>,
+    alias: &str,
+) -> Vec<u8> {
+    let gen_params = authorizations::AuthSetBuilder::new()
+        .no_auth_required()
+        .algorithm(Algorithm::EC)
+        .purpose(KeyPurpose::SIGN)
+        .purpose(KeyPurpose::VERIFY)
+        .digest(Digest::SHA_2_256)
+        .ec_curve(EcCurve::P_256)
+        .attestation_challenge(b"foo".to_vec())
+        .include_unique_id();
+
+    let key_metadata = key_generations::generate_key(sec_level, &gen_params, alias).unwrap();
+
+    let unique_id = get_value_from_attest_record(
+        key_metadata.certificate.as_ref().unwrap(),
+        Tag::UNIQUE_ID,
+        key_metadata.keySecurityLevel,
+    )
+    .expect("Unique id not found.");
+    assert!(!unique_id.is_empty());
+    unique_id
+}
+
 fn generate_key_and_perform_sign_verify_op_max_times(
     sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>,
     gen_params: &authorizations::AuthSetBuilder,
@@ -628,3 +654,22 @@
     assert!(result.is_err());
     assert_eq!(Error::Rc(ResponseCode::INVALID_ARGUMENT), result.unwrap_err());
 }
+
+/// Generate a key with `Tag::INCLUDE_UNIQUE_ID` set. Test should verify that `Tag::UNIQUE_ID` is
+/// included in attest record and it remains the same for new keys generated.
+#[test]
+fn keystore2_gen_key_auth_include_unique_id_success() {
+    let keystore2 = get_keystore_service();
+    let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap();
+
+    let alias_first = "ks_test_auth_tags_test_1";
+    let unique_id_first = gen_key_including_unique_id(&sec_level, alias_first);
+
+    let alias_second = "ks_test_auth_tags_test_2";
+    let unique_id_second = gen_key_including_unique_id(&sec_level, alias_second);
+
+    assert_eq!(unique_id_first, unique_id_second);
+
+    delete_app_key(&keystore2, alias_first).unwrap();
+    delete_app_key(&keystore2, alias_second).unwrap();
+}