Fixed vts tests cases which do not support factory attestation. (7e1dd8a3) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/vts/functional/AttestKeyTest.cpp

+76 −61

Original line number	Original line	Diff line number	Diff line
	@@ -289,8 +289,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
	AttestationKey attest_key;		AttestationKey attest_key;
	vector<KeyCharacteristics> attest_key_characteristics;		vector<KeyCharacteristics> attest_key_characteristics;
	vector<Certificate> attest_key_cert_chain;		vector<Certificate> attest_key_cert_chain;
	ASSERT_EQ(ErrorCode::OK,		auto result = GenerateAttestKey(AuthorizationSetBuilder()
	GenerateAttestKey(AuthorizationSetBuilder()
	.RsaKey(2048, 65537)		.RsaKey(2048, 65537)
	.AttestKey()		.AttestKey()
	.AttestationChallenge(challenge)		.AttestationChallenge(challenge)
	@@ -300,7 +299,12 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
	.Authorization(TAG_NO_AUTH_REQUIRED)		.Authorization(TAG_NO_AUTH_REQUIRED)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	{} /* attestation signing key */, &attest_key.keyBlob,		{} /* attestation signing key */, &attest_key.keyBlob,
	&attest_key_characteristics, &attest_key_cert_chain));		&attest_key_characteristics, &attest_key_cert_chain);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
			ASSERT_EQ(ErrorCode::OK, result);

	EXPECT_GT(attest_key_cert_chain.size(), 1);		EXPECT_GT(attest_key_cert_chain.size(), 1);
	verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);		verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
	@@ -388,8 +392,7 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
	attest_key_opt = attest_key;		attest_key_opt = attest_key;
	}		}

	EXPECT_EQ(ErrorCode::OK,		auto result = GenerateAttestKey(AuthorizationSetBuilder()
	GenerateAttestKey(AuthorizationSetBuilder()
	.RsaKey(2048, 65537)		.RsaKey(2048, 65537)
	.AttestKey()		.AttestKey()
	.AttestationChallenge("foo")		.AttestationChallenge("foo")
	@@ -399,7 +402,12 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
	.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)		.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	attest_key_opt, &key_blob_list[i],		attest_key_opt, &key_blob_list[i],
	&attested_key_characteristics, &cert_chain_list[i]));		&attested_key_characteristics, &cert_chain_list[i]);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
			ASSERT_EQ(ErrorCode::OK, result);

	AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);		AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
	AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);		AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
	@@ -459,8 +467,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) {
	attest_key_opt = attest_key;		attest_key_opt = attest_key;
	}		}

	EXPECT_EQ(ErrorCode::OK,		auto result = GenerateAttestKey(AuthorizationSetBuilder()
	GenerateAttestKey(AuthorizationSetBuilder()
	.EcdsaKey(EcCurve::P_256)		.EcdsaKey(EcCurve::P_256)
	.AttestKey()		.AttestKey()
	.AttestationChallenge("foo")		.AttestationChallenge("foo")
	@@ -470,7 +477,12 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) {
	.Authorization(TAG_NO_AUTH_REQUIRED)		.Authorization(TAG_NO_AUTH_REQUIRED)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	attest_key_opt, &key_blob_list[i],		attest_key_opt, &key_blob_list[i],
	&attested_key_characteristics, &cert_chain_list[i]));		&attested_key_characteristics, &cert_chain_list[i]);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
			ASSERT_EQ(ErrorCode::OK, result);

	AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);		AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
	AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);		AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
	@@ -531,10 +543,9 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
	attest_key.keyBlob = key_blob_list[i - 1];		attest_key.keyBlob = key_blob_list[i - 1];
	attest_key_opt = attest_key;		attest_key_opt = attest_key;
	}		}
			ErrorCode result;
	if ((i & 0x1) == 1) {		if ((i & 0x1) == 1) {
	EXPECT_EQ(ErrorCode::OK,		result = GenerateAttestKey(AuthorizationSetBuilder()
	GenerateAttestKey(AuthorizationSetBuilder()
	.EcdsaKey(EcCurve::P_256)		.EcdsaKey(EcCurve::P_256)
	.AttestKey()		.AttestKey()
	.AttestationChallenge("foo")		.AttestationChallenge("foo")
	@@ -544,10 +555,9 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
	.Authorization(TAG_NO_AUTH_REQUIRED)		.Authorization(TAG_NO_AUTH_REQUIRED)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	attest_key_opt, &key_blob_list[i],		attest_key_opt, &key_blob_list[i],
	&attested_key_characteristics, &cert_chain_list[i]));		&attested_key_characteristics, &cert_chain_list[i]);
	} else {		} else {
	EXPECT_EQ(ErrorCode::OK,		result = GenerateAttestKey(AuthorizationSetBuilder()
	GenerateAttestKey(AuthorizationSetBuilder()
	.RsaKey(2048, 65537)		.RsaKey(2048, 65537)
	.AttestKey()		.AttestKey()
	.AttestationChallenge("foo")		.AttestationChallenge("foo")
	@@ -557,8 +567,13 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
	.Authorization(TAG_NO_AUTH_REQUIRED)		.Authorization(TAG_NO_AUTH_REQUIRED)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	attest_key_opt, &key_blob_list[i],		attest_key_opt, &key_blob_list[i],
	&attested_key_characteristics, &cert_chain_list[i]));		&attested_key_characteristics, &cert_chain_list[i]);
			}
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
	}		}
			ASSERT_EQ(ErrorCode::OK, result);

	AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);		AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
	AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);		AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+8 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1146,6 +1146,14 @@ vector<EcCurve> KeyMintAidlTestBase::InvalidCurves() {
	}		}
	}		}

			vector<uint64_t> KeyMintAidlTestBase::ValidExponents() {
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			return {65537};
			} else {
			return {3, 65537};
			}
			}

	vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {		vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {
	switch (SecLevel()) {		switch (SecLevel()) {
	case SecurityLevel::SOFTWARE:		case SecurityLevel::SOFTWARE:

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

+9 −2

Original line number	Original line	Diff line number	Diff line
	@@ -250,7 +250,10 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
	.SetDefaultValidity();		.SetDefaultValidity();
	tagModifier(&rsaBuilder);		tagModifier(&rsaBuilder);
	errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics);		errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics);
			if (!(SecLevel() == SecurityLevel::STRONGBOX &&
			ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
	EXPECT_EQ(expectedReturn, errorCode);		EXPECT_EQ(expectedReturn, errorCode);
			}

	/* ECDSA */		/* ECDSA */
	KeyData ecdsaKeyData;		KeyData ecdsaKeyData;
	@@ -262,7 +265,10 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
	.SetDefaultValidity();		.SetDefaultValidity();
	tagModifier(&ecdsaBuilder);		tagModifier(&ecdsaBuilder);
	errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);		errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics);
			if (!(SecLevel() == SecurityLevel::STRONGBOX &&
			ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) {
	EXPECT_EQ(expectedReturn, errorCode);		EXPECT_EQ(expectedReturn, errorCode);
			}
	return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};		return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData};
	}		}
	bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }		bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
	@@ -279,6 +285,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
	vector<EcCurve> InvalidCurves();		vector<EcCurve> InvalidCurves();

	vector<Digest> ValidDigests(bool withNone, bool withMD5);		vector<Digest> ValidDigests(bool withNone, bool withMD5);
			vector<uint64_t> ValidExponents();

	static vector<string> build_params() {		static vector<string> build_params() {
	auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);		auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+122 −77

Original line number	Original line	Diff line number	Diff line
	@@ -902,8 +902,7 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) {
	for (auto key_size : ValidKeySizes(Algorithm::RSA)) {		for (auto key_size : ValidKeySizes(Algorithm::RSA)) {
	vector<uint8_t> key_blob;		vector<uint8_t> key_blob;
	vector<KeyCharacteristics> key_characteristics;		vector<KeyCharacteristics> key_characteristics;
	ASSERT_EQ(ErrorCode::OK,		auto result = GenerateKey(AuthorizationSetBuilder()
	GenerateKey(AuthorizationSetBuilder()
	.RsaSigningKey(key_size, 65537)		.RsaSigningKey(key_size, 65537)
	.Digest(Digest::NONE)		.Digest(Digest::NONE)
	.Padding(PaddingMode::NONE)		.Padding(PaddingMode::NONE)
	@@ -913,7 +912,11 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) {
	.Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)		.Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
	.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)		.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	&key_blob, &key_characteristics));		&key_blob, &key_characteristics);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}

	ASSERT_GT(key_blob.size(), 0U);		ASSERT_GT(key_blob.size(), 0U);
	CheckBaseParams(key_characteristics);		CheckBaseParams(key_characteristics);
	@@ -1035,8 +1038,7 @@ TEST_P(NewKeyGenerationTest, RsaEncryptionWithAttestation) {

	vector<uint8_t> key_blob;		vector<uint8_t> key_blob;
	vector<KeyCharacteristics> key_characteristics;		vector<KeyCharacteristics> key_characteristics;
	ASSERT_EQ(ErrorCode::OK,		auto result = GenerateKey(AuthorizationSetBuilder()
	GenerateKey(AuthorizationSetBuilder()
	.RsaEncryptionKey(key_size, 65537)		.RsaEncryptionKey(key_size, 65537)
	.Padding(PaddingMode::NONE)		.Padding(PaddingMode::NONE)
	.AttestationChallenge(challenge)		.AttestationChallenge(challenge)
	@@ -1045,7 +1047,12 @@ TEST_P(NewKeyGenerationTest, RsaEncryptionWithAttestation) {
	.Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)		.Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
	.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)		.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	&key_blob, &key_characteristics));		&key_blob, &key_characteristics);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
			ASSERT_EQ(ErrorCode::OK, result);

	ASSERT_GT(key_blob.size(), 0U);		ASSERT_GT(key_blob.size(), 0U);
	AuthorizationSet auths;		AuthorizationSet auths;
	@@ -1147,15 +1154,19 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestationMissAppId) {
	vector<uint8_t> key_blob;		vector<uint8_t> key_blob;
	vector<KeyCharacteristics> key_characteristics;		vector<KeyCharacteristics> key_characteristics;

	ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING,		auto result = GenerateKey(AuthorizationSetBuilder()
	GenerateKey(AuthorizationSetBuilder()
	.RsaSigningKey(2048, 65537)		.RsaSigningKey(2048, 65537)
	.Digest(Digest::NONE)		.Digest(Digest::NONE)
	.Padding(PaddingMode::NONE)		.Padding(PaddingMode::NONE)
	.AttestationChallenge(challenge)		.AttestationChallenge(challenge)
	.Authorization(TAG_NO_AUTH_REQUIRED)		.Authorization(TAG_NO_AUTH_REQUIRED)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	&key_blob, &key_characteristics));		&key_blob, &key_characteristics);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
			ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, result);
	}		}

	/*		/*
	@@ -1265,8 +1276,7 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsaWithAttestation) {
	for (auto key_size : ValidKeySizes(Algorithm::RSA)) {		for (auto key_size : ValidKeySizes(Algorithm::RSA)) {
	vector<uint8_t> key_blob;		vector<uint8_t> key_blob;
	vector<KeyCharacteristics> key_characteristics;		vector<KeyCharacteristics> key_characteristics;
	ASSERT_EQ(ErrorCode::OK,		auto result = GenerateKey(AuthorizationSetBuilder()
	GenerateKey(AuthorizationSetBuilder()
	.RsaSigningKey(key_size, 65537)		.RsaSigningKey(key_size, 65537)
	.Digest(Digest::NONE)		.Digest(Digest::NONE)
	.Padding(PaddingMode::NONE)		.Padding(PaddingMode::NONE)
	@@ -1277,7 +1287,12 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsaWithAttestation) {
	.Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)		.Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
	.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)		.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	&key_blob, &key_characteristics));		&key_blob, &key_characteristics);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
			ASSERT_EQ(ErrorCode::OK, result);

	ASSERT_GT(key_blob.size(), 0U);		ASSERT_GT(key_blob.size(), 0U);
	CheckBaseParams(key_characteristics);		CheckBaseParams(key_characteristics);
	@@ -1408,8 +1423,7 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestation) {
	for (auto curve : ValidCurves()) {		for (auto curve : ValidCurves()) {
	vector<uint8_t> key_blob;		vector<uint8_t> key_blob;
	vector<KeyCharacteristics> key_characteristics;		vector<KeyCharacteristics> key_characteristics;
	ASSERT_EQ(ErrorCode::OK,		auto result = GenerateKey(AuthorizationSetBuilder()
	GenerateKey(AuthorizationSetBuilder()
	.Authorization(TAG_NO_AUTH_REQUIRED)		.Authorization(TAG_NO_AUTH_REQUIRED)
	.EcdsaSigningKey(curve)		.EcdsaSigningKey(curve)
	.Digest(Digest::NONE)		.Digest(Digest::NONE)
	@@ -1418,7 +1432,12 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestation) {
	.Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)		.Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
	.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)		.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	&key_blob, &key_characteristics));		&key_blob, &key_characteristics);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
			ASSERT_EQ(ErrorCode::OK, result);
	ASSERT_GT(key_blob.size(), 0U);		ASSERT_GT(key_blob.size(), 0U);
	CheckBaseParams(key_characteristics);		CheckBaseParams(key_characteristics);
	CheckCharacteristics(key_blob, key_characteristics);		CheckCharacteristics(key_blob, key_characteristics);
	@@ -1495,6 +1514,10 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) {
	// Tag not required to be supported by all KeyMint implementations.		// Tag not required to be supported by all KeyMint implementations.
	continue;		continue;
	}		}
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
	ASSERT_EQ(result, ErrorCode::OK);		ASSERT_EQ(result, ErrorCode::OK);
	ASSERT_GT(key_blob.size(), 0U);		ASSERT_GT(key_blob.size(), 0U);

	@@ -1581,6 +1604,10 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) {
	.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)		.Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	&key_blob, &key_characteristics);		&key_blob, &key_characteristics);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
	ASSERT_EQ(result, ErrorCode::OK);		ASSERT_EQ(result, ErrorCode::OK);
	ASSERT_GT(key_blob.size(), 0U);		ASSERT_GT(key_blob.size(), 0U);

	@@ -1659,13 +1686,17 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationRequireAppId) {
	vector<uint8_t> key_blob;		vector<uint8_t> key_blob;
	vector<KeyCharacteristics> key_characteristics;		vector<KeyCharacteristics> key_characteristics;

	ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING,		auto result = GenerateKey(AuthorizationSetBuilder()
	GenerateKey(AuthorizationSetBuilder()
	.EcdsaSigningKey(EcCurve::P_256)		.EcdsaSigningKey(EcCurve::P_256)
	.Digest(Digest::NONE)		.Digest(Digest::NONE)
	.AttestationChallenge(challenge)		.AttestationChallenge(challenge)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	&key_blob, &key_characteristics));		&key_blob, &key_characteristics);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
			ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, result);
	}		}

	/*		/*
	@@ -1722,14 +1753,19 @@ TEST_P(NewKeyGenerationTest, AttestationApplicationIDLengthProperlyEncoded) {
	const string app_id(length, 'a');		const string app_id(length, 'a');
	vector<uint8_t> key_blob;		vector<uint8_t> key_blob;
	vector<KeyCharacteristics> key_characteristics;		vector<KeyCharacteristics> key_characteristics;
	ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()		auto result = GenerateKey(AuthorizationSetBuilder()
	.Authorization(TAG_NO_AUTH_REQUIRED)		.Authorization(TAG_NO_AUTH_REQUIRED)
	.EcdsaSigningKey(EcCurve::P_256)		.EcdsaSigningKey(EcCurve::P_256)
	.Digest(Digest::NONE)		.Digest(Digest::NONE)
	.AttestationChallenge(challenge)		.AttestationChallenge(challenge)
	.AttestationApplicationId(app_id)		.AttestationApplicationId(app_id)
	.SetDefaultValidity(),		.SetDefaultValidity(),
	&key_blob, &key_characteristics));		&key_blob, &key_characteristics);
			// Strongbox may not support factory provisioned attestation key.
			if (SecLevel() == SecurityLevel::STRONGBOX) {
			if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
			}
			ASSERT_EQ(ErrorCode::OK, result);
	ASSERT_GT(key_blob.size(), 0U);		ASSERT_GT(key_blob.size(), 0U);
	CheckBaseParams(key_characteristics);		CheckBaseParams(key_characteristics);
	CheckCharacteristics(key_blob, key_characteristics);		CheckCharacteristics(key_blob, key_characteristics);
	@@ -3760,7 +3796,7 @@ typedef KeyMintAidlTestBase EncryptionOperationsTest;
	* Verifies that raw RSA decryption works.		* Verifies that raw RSA decryption works.
	*/		*/
	TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {		TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) {
	for (uint64_t exponent : {3, 65537}) {		for (uint64_t exponent : ValidExponents()) {
	ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()		ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
	.Authorization(TAG_NO_AUTH_REQUIRED)		.Authorization(TAG_NO_AUTH_REQUIRED)
	.RsaEncryptionKey(2048, exponent)		.RsaEncryptionKey(2048, exponent)
	@@ -6260,7 +6296,7 @@ TEST_P(ClearOperationsTest, TooManyOperations) {
	size_t i;		size_t i;

	for (i = 0; i < max_operations; i++) {		for (i = 0; i < max_operations; i++) {
	result = Begin(KeyPurpose::ENCRYPT, key_blob_, params, &out_params, op_handles[i]);		result = Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params, op_handles[i]);
	if (ErrorCode::OK != result) {		if (ErrorCode::OK != result) {
	break;		break;
	}		}
	@@ -6268,12 +6304,12 @@ TEST_P(ClearOperationsTest, TooManyOperations) {
	EXPECT_EQ(ErrorCode::TOO_MANY_OPERATIONS, result);		EXPECT_EQ(ErrorCode::TOO_MANY_OPERATIONS, result);
	// Try again just in case there's a weird overflow bug		// Try again just in case there's a weird overflow bug
	EXPECT_EQ(ErrorCode::TOO_MANY_OPERATIONS,		EXPECT_EQ(ErrorCode::TOO_MANY_OPERATIONS,
	Begin(KeyPurpose::ENCRYPT, key_blob_, params, &out_params));		Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params));
	for (size_t j = 0; j < i; j++) {		for (size_t j = 0; j < i; j++) {
	EXPECT_EQ(ErrorCode::OK, Abort(op_handles[j]))		EXPECT_EQ(ErrorCode::OK, Abort(op_handles[j]))
	<< "Aboort failed for i = " << j << std::endl;		<< "Aboort failed for i = " << j << std::endl;
	}		}
	EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, key_blob_, params, &out_params));		EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params));
	AbortIfNeeded();		AbortIfNeeded();
	}		}

	@@ -6484,15 +6520,24 @@ TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) {
	});		});

	for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) {		for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) {
			// Strongbox may not support factory attestation. Key creation might fail with
			// ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED
			if (SecLevel() == SecurityLevel::STRONGBOX && keyData.blob.size() == 0U) {
			continue;
			}
	ASSERT_GT(keyData.blob.size(), 0U);		ASSERT_GT(keyData.blob.size(), 0U);
	AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics);		AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics);
	EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params;		EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params;
	}		}
	CheckedDeleteKey(&aesKeyData.blob);		CheckedDeleteKey(&aesKeyData.blob);
	CheckedDeleteKey(&hmacKeyData.blob);		CheckedDeleteKey(&hmacKeyData.blob);
			if (rsaKeyData.blob.size() != 0U) {
	CheckedDeleteKey(&rsaKeyData.blob);		CheckedDeleteKey(&rsaKeyData.blob);
			}
			if (ecdsaKeyData.blob.size() != 0U) {
	CheckedDeleteKey(&ecdsaKeyData.blob);		CheckedDeleteKey(&ecdsaKeyData.blob);
	}		}
			}

	/*		/*
	* EarlyBootKeyTest.UseEarlyBootKeyFailure		* EarlyBootKeyTest.UseEarlyBootKeyFailure