Loading security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +5 −4 Original line number Diff line number Diff line Loading @@ -318,10 +318,11 @@ interface IKeyMintDevice { * @param attestationKey, if provided, specifies the key that must be used to sign the * attestation certificate. If `keyParams` does not contain a Tag::ATTESTATION_CHALLENGE * but `attestationKey` is non-null, the IKeyMintDevice must return * ErrorCode::INVALID_ARGUMENT. If the provided AttestationKey does not contain a key * blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the IKeyMintDevice must * return ErrorCode::INCOMPATIBLE_PURPOSE. If the provided AttestationKey has an empty * issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT. * ErrorCode::ATTESTATION_CHALLENGE_MISSING. If the provided AttestationKey does not * contain a key blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the * IKeyMintDevice must return ErrorCode::INCOMPATIBLE_PURPOSE. If the provided * AttestationKey has an empty issuer subject name, the IKeyMintDevice must return * ErrorCode::INVALID_ARGUMENT. * * If `attestationKey` is null and `keyParams` contains Tag::ATTESTATION_CHALLENGE but * the KeyMint implementation does not have factory-provisioned attestation keys, it must Loading security/keymint/aidl/vts/functional/AttestKeyTest.cpp +4 −4 Original line number Diff line number Diff line Loading @@ -361,7 +361,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(224) .EcdsaSigningKey(EcCurve::P_256) .AttestKey() .AttestationChallenge("foo") .AttestationApplicationId("bar") Loading Loading @@ -435,7 +435,7 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { if ((i & 0x1) == 1) { EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(224) .EcdsaSigningKey(EcCurve::P_256) .AttestKey() .AttestationChallenge("foo") .AttestationApplicationId("bar") Loading Loading @@ -513,7 +513,7 @@ TEST_P(AttestKeyTest, MissingChallenge) { vector<uint8_t> attested_key_blob; vector<KeyCharacteristics> attested_key_characteristics; vector<Certificate> attested_key_cert_chain; EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) Loading @@ -522,7 +522,7 @@ TEST_P(AttestKeyTest, MissingChallenge) { attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Authorization(TAG_NO_AUTH_REQUIRED) Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +4 −4 Original line number Diff line number Diff line Loading @@ -119,7 +119,7 @@ char nibble2hex[16] = {'0', '1', '2', '3', '4', '5', '6', '7', // Attestations don't contain everything in key authorization lists, so we need to filter the key // lists to produce the lists that we expect to match the attestations. auto kTagsToFilter = { Tag::CREATION_DATETIME, // Tag::CREATION_DATETIME, Tag::EC_CURVE, Tag::HARDWARE_TYPE, Tag::INCLUDE_UNIQUE_ID, Loading security/keymint/aidl/vts/functional/KeyMintTest.cpp +5 −5 Original line number Diff line number Diff line Loading @@ -2261,11 +2261,11 @@ TEST_P(SigningOperationsTest, RsaNonUniqueParams) { .Padding(PaddingMode::NONE) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() auto result = Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() .Digest(Digest::NONE) .Digest(Digest::SHA1) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)); ASSERT_TRUE(result == ErrorCode::UNSUPPORTED_DIGEST || result == ErrorCode::INVALID_ARGUMENT); ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, Begin(KeyPurpose::SIGN, Loading Loading
security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +5 −4 Original line number Diff line number Diff line Loading @@ -318,10 +318,11 @@ interface IKeyMintDevice { * @param attestationKey, if provided, specifies the key that must be used to sign the * attestation certificate. If `keyParams` does not contain a Tag::ATTESTATION_CHALLENGE * but `attestationKey` is non-null, the IKeyMintDevice must return * ErrorCode::INVALID_ARGUMENT. If the provided AttestationKey does not contain a key * blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the IKeyMintDevice must * return ErrorCode::INCOMPATIBLE_PURPOSE. If the provided AttestationKey has an empty * issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT. * ErrorCode::ATTESTATION_CHALLENGE_MISSING. If the provided AttestationKey does not * contain a key blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the * IKeyMintDevice must return ErrorCode::INCOMPATIBLE_PURPOSE. If the provided * AttestationKey has an empty issuer subject name, the IKeyMintDevice must return * ErrorCode::INVALID_ARGUMENT. * * If `attestationKey` is null and `keyParams` contains Tag::ATTESTATION_CHALLENGE but * the KeyMint implementation does not have factory-provisioned attestation keys, it must Loading
security/keymint/aidl/vts/functional/AttestKeyTest.cpp +4 −4 Original line number Diff line number Diff line Loading @@ -361,7 +361,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(224) .EcdsaSigningKey(EcCurve::P_256) .AttestKey() .AttestationChallenge("foo") .AttestationApplicationId("bar") Loading Loading @@ -435,7 +435,7 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { if ((i & 0x1) == 1) { EXPECT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(224) .EcdsaSigningKey(EcCurve::P_256) .AttestKey() .AttestationChallenge("foo") .AttestationApplicationId("bar") Loading Loading @@ -513,7 +513,7 @@ TEST_P(AttestKeyTest, MissingChallenge) { vector<uint8_t> attested_key_blob; vector<KeyCharacteristics> attested_key_characteristics; vector<Certificate> attested_key_cert_chain; EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, GenerateKey(AuthorizationSetBuilder() .RsaSigningKey(2048, 65537) .Authorization(TAG_NO_AUTH_REQUIRED) Loading @@ -522,7 +522,7 @@ TEST_P(AttestKeyTest, MissingChallenge) { attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain)); EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, EXPECT_EQ(ErrorCode::ATTESTATION_CHALLENGE_MISSING, GenerateKey(AuthorizationSetBuilder() .EcdsaSigningKey(EcCurve::P_256) .Authorization(TAG_NO_AUTH_REQUIRED) Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +4 −4 Original line number Diff line number Diff line Loading @@ -119,7 +119,7 @@ char nibble2hex[16] = {'0', '1', '2', '3', '4', '5', '6', '7', // Attestations don't contain everything in key authorization lists, so we need to filter the key // lists to produce the lists that we expect to match the attestations. auto kTagsToFilter = { Tag::CREATION_DATETIME, // Tag::CREATION_DATETIME, Tag::EC_CURVE, Tag::HARDWARE_TYPE, Tag::INCLUDE_UNIQUE_ID, Loading
security/keymint/aidl/vts/functional/KeyMintTest.cpp +5 −5 Original line number Diff line number Diff line Loading @@ -2261,11 +2261,11 @@ TEST_P(SigningOperationsTest, RsaNonUniqueParams) { .Padding(PaddingMode::NONE) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() auto result = Begin(KeyPurpose::SIGN, AuthorizationSetBuilder() .Digest(Digest::NONE) .Digest(Digest::SHA1) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN))); .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)); ASSERT_TRUE(result == ErrorCode::UNSUPPORTED_DIGEST || result == ErrorCode::INVALID_ARGUMENT); ASSERT_EQ(ErrorCode::UNSUPPORTED_DIGEST, Begin(KeyPurpose::SIGN, Loading
