Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7bbf6298 authored by Shawn Willden's avatar Shawn Willden
Browse files

Correct error code in attest_key docs.

Also adds a test to verify that implementations return the expected
error code.

Test: VtsAidlKeyMintTargetTest
Change-Id: Ic8e9953a2572eb0cc8fefc363934eaf9b432b5a4
parent 49e5b5ea
Loading
Loading
Loading
Loading
+4 −4
Original line number Diff line number Diff line
@@ -321,8 +321,8 @@ interface IKeyMintDevice {
     *        but `attestationKey` is non-null, the IKeyMintDevice must return
     *        ErrorCode::INVALID_ARGUMENT.  If the provided AttestationKey does not contain a key
     *        blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the IKeyMintDevice must
     *        return ErrorCode::INVALID_PURPOSE.  If the provided AttestationKey has an empty issuer
     *        subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
     *        return ErrorCode::INCOMPATIBLE_PURPOSE.  If the provided AttestationKey has an empty
     *        issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
     *
     * @return The result of key creation.  See KeyCreationResult.aidl.
     */
@@ -360,8 +360,8 @@ interface IKeyMintDevice {
     *        but `attestationKey` is non-null, the IKeyMintDevice must return
     *        ErrorCode::INVALID_ARGUMENT.  If the provided AttestationKey does not contain a key
     *        blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the IKeyMintDevice must
     *        return ErrorCode::INVALID_PURPOSE.  If the provided AttestationKey has an empty issuer
     *        subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
     *        return ErrorCode::INCOMPATIBLE_PURPOSE.  If the provided AttestationKey has an empty
     *        issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
     *
     * @return The result of key creation.  See KeyCreationResult.aidl.
     */
+30 −0
Original line number Diff line number Diff line
@@ -207,6 +207,36 @@ TEST_P(AttestKeyTest, AllEcCurves) {
    }
}

TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
    // Create non-attestaton key.
    AttestationKey non_attest_key;
    vector<KeyCharacteristics> non_attest_key_characteristics;
    vector<Certificate> non_attest_key_cert_chain;
    ASSERT_EQ(
            ErrorCode::OK,
            GenerateKey(
                    AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
                    {} /* attestation siging key */, &non_attest_key.keyBlob,
                    &non_attest_key_characteristics, &non_attest_key_cert_chain));

    EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
    EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));

    // Attempt to sign attestation with non-attest key.
    vector<uint8_t> attested_key_blob;
    vector<KeyCharacteristics> attested_key_characteristics;
    vector<Certificate> attested_key_cert_chain;
    EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
              GenerateKey(AuthorizationSetBuilder()
                                  .EcdsaSigningKey(EcCurve::P_256)
                                  .Authorization(TAG_NO_AUTH_REQUIRED)
                                  .AttestationChallenge("foo")
                                  .AttestationApplicationId("bar")
                                  .SetDefaultValidity(),
                          non_attest_key, &attested_key_blob, &attested_key_characteristics,
                          &attested_key_cert_chain));
}

INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);

}  // namespace aidl::android::hardware::security::keymint::test