diff options
author | Rajesh Nyamagoud <nyamagoud@google.com> | 2024-05-15 16:07:31 +0000 |
---|---|---|
committer | Rajesh Nyamagoud <nyamagoud@google.com> | 2024-05-15 16:16:18 +0000 |
commit | 1f9d33d073923fa56fa0759e57ae1d25804ac7f6 (patch) | |
tree | 34a81520ebfd557f8b76ed9cb47cbe2b0eecb167 /tests | |
parent | 1b0676103c2d1984f5fae012d4b85f1a5ba3c3d1 (diff) | |
download | cts-1f9d33d073923fa56fa0759e57ae1d25804ac7f6.tar.gz |
Adding a test to make sure that the KeyPermanentlyInvalidatedException
exception is correctly thrown.
1. Test does the following -
- Create device secure lock screen session
- Gnerate auth bound key
- Remove device secure lock screen session
- Try to perform operation using above generated auth bound key.
- Test should fail to perform an operation with an exception
KeyPermanentlyInvalidatedException.
Bug: 283286226
Test: atest android.keystore.cts.CipherTest
Change-Id: I588d73eaea6d932b1fd7327764cd8b0409acaa4b
Diffstat (limited to 'tests')
-rw-r--r-- | tests/tests/keystore/src/android/keystore/cts/CipherTest.java | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/tests/tests/keystore/src/android/keystore/cts/CipherTest.java b/tests/tests/keystore/src/android/keystore/cts/CipherTest.java index 9de76e00ab5..3e7aecbd794 100644 --- a/tests/tests/keystore/src/android/keystore/cts/CipherTest.java +++ b/tests/tests/keystore/src/android/keystore/cts/CipherTest.java @@ -40,6 +40,7 @@ import android.platform.test.annotations.RequiresFlagsDisabled; import android.platform.test.annotations.RequiresFlagsEnabled; import android.platform.test.flag.junit.CheckFlagsRule; import android.platform.test.flag.junit.DeviceFlagsValueProvider; +import android.security.keystore.KeyPermanentlyInvalidatedException; import android.security.keystore.KeyProperties; import android.security.keystore.KeyProtection; import android.server.wm.ActivityManagerTestBase; @@ -1366,6 +1367,32 @@ public class CipherTest { } @Test + public void testAuthBoundKeysKeyPermanentlyInvalidatedException() throws Exception { + assumeTrue(TestUtils.hasSecureLockScreen(getContext())); + + ImportedKey key = null; + try (DeviceLockSession dl = new DeviceLockSession()) { + KeyProtection importParams = + TestUtils.getMinimalWorkingImportParametersForCipheringWith(BASIC_ALGORITHMS[0], + KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT, + /* ivProvidedWhenEncrypting= */ false, + /* isUnlockedDeviceRequired= */ false, + /* isUserAuthRequired= */ true); + key = importDefaultKatKey(BASIC_ALGORITHMS[0], importParams); + assertTrue(TestUtils.keyExists(key.getAlias())); + } // DeviceLockSession#close() removes the secure lock screen. + + // Try to use the key after removal of secure screen lock screen. + KatVector testVector = KAT_VECTORS.get(BASIC_ALGORITHMS[0]); + Cipher cipher = Cipher.getInstance(BASIC_ALGORITHMS[0]); + Key encryptionKey = key.getKeystoreBackedEncryptionKey(); + // Removing the secure lock screen should have invalidated the auth-bound keys. + assertThrows(KeyPermanentlyInvalidatedException.class, () -> { + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey); + }); + } + + @Test public void testInitDecryptFailsWhenNotAuthorizedToDecrypt() throws Exception { for (String transformation : EXPECTED_ALGORITHMS) { try { |