diff options
Diffstat (limited to 'keymaster')
-rw-r--r-- | keymaster/4.0/support/Keymaster.cpp | 8 | ||||
-rw-r--r-- | keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp | 27 |
2 files changed, 31 insertions, 4 deletions
diff --git a/keymaster/4.0/support/Keymaster.cpp b/keymaster/4.0/support/Keymaster.cpp index 444298b5b..9325cc069 100644 --- a/keymaster/4.0/support/Keymaster.cpp +++ b/keymaster/4.0/support/Keymaster.cpp @@ -164,10 +164,10 @@ static void computeHmac(const Keymaster::KeymasterSet& keymasters, sharingCheck = curSharingCheck; firstKeymaster = false; } - CHECK(curSharingCheck == sharingCheck) - << "HMAC computation failed for " << *keymaster // - << " Expected: " << sharingCheck // - << " got: " << curSharingCheck; + if (curSharingCheck != sharingCheck) + LOG(WARNING) << "HMAC computation failed for " << *keymaster // + << " Expected: " << sharingCheck // + << " got: " << curSharingCheck; }); CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster << " error: " << rc.description(); diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp index 784ae30c0..a2b43f06d 100644 --- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp @@ -3899,6 +3899,33 @@ TEST_F(AttestationTest, EcAttestation) { } /* + * AttestationTest.EcAttestationByKeySize + * + * Verifies that attesting to EC keys works and generates the expected output. + */ +TEST_F(AttestationTest, EcAttestationByKeySize) { + ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() + .Authorization(TAG_NO_AUTH_REQUIRED) + .EcdsaSigningKey(256) + .Digest(Digest::SHA_2_256) + .Authorization(TAG_INCLUDE_UNIQUE_ID))); + + hidl_vec<hidl_vec<uint8_t>> cert_chain; + ASSERT_EQ(ErrorCode::OK, + AttestKey(AuthorizationSetBuilder() + .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge")) + .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), + &cert_chain)); + EXPECT_GE(cert_chain.size(), 2U); + EXPECT_TRUE(verify_chain(cert_chain)); + + EXPECT_TRUE(verify_attestation_record("challenge", "foo", // + key_characteristics_.softwareEnforced, // + key_characteristics_.hardwareEnforced, // + SecLevel(), cert_chain[0])); +} + +/* * AttestationTest.EcAttestationRequiresAttestationAppId * * Verifies that attesting to EC keys requires app ID |