Merge "Fixing VTS tests after IKeyMint breakage" am: 8bfd260e am: dcebe413

}

static keymaster_key_param_t kKeyMintEcdsaP256Params[] = {

        Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC),

        Authorization(TAG_KEY_SIZE, 256), Authorization(TAG_DIGEST, KM_DIGEST_SHA_2_256),

        Authorization(TAG_PURPOSE, KM_PURPOSE_ATTEST_KEY),

        Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC), Authorization(TAG_KEY_SIZE, 256),

        Authorization(TAG_DIGEST, KM_DIGEST_SHA_2_256),

        Authorization(TAG_EC_CURVE, KM_EC_CURVE_P_256), Authorization(TAG_NO_AUTH_REQUIRED),

        // The certificate generated by KM will be discarded, these values don't matter.

        Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0), Authorization(TAG_CERTIFICATE_NOT_AFTER, 0)};

/**

 * Generate and validate a production-mode key.  MAC tag can't be verified.

 */

TEST_P(GenerateKeyTests, DISABLED_generateEcdsaP256Key_prodMode) {

TEST_P(GenerateKeyTests, generateEcdsaP256Key_prodMode) {

    MacedPublicKey macedPubKey;

    bytevec privateKeyBlob;

    bool testMode = false;

/**

 * Generate and validate a test-mode key.

 */

TEST_P(GenerateKeyTests, DISABLED_generateEcdsaP256Key_testMode) {

TEST_P(GenerateKeyTests, generateEcdsaP256Key_testMode) {

    MacedPublicKey macedPubKey;

    bytevec privateKeyBlob;

    bool testMode = true;

 * Generate an empty certificate request in test mode, and decrypt and verify the structure and

 * content.

 */

TEST_P(CertificateRequestTest, DISABLED_EmptyRequest_testMode) {

TEST_P(CertificateRequestTest, EmptyRequest_testMode) {

    bool testMode = true;

    bytevec keysToSignMac;

    ProtectedData protectedData;

 * TODO(swillden): Get a valid GEEK and use it so the generation can succeed, though we won't be

 * able to decrypt.

 */

TEST_P(CertificateRequestTest, DISABLED_EmptyRequest_prodMode) {

TEST_P(CertificateRequestTest, EmptyRequest_prodMode) {

    bool testMode = false;

    bytevec keysToSignMac;

    ProtectedData protectedData;

/**

 * Generate a non-empty certificate request in test mode.  Decrypt, parse and validate the contents.

 */

TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_testMode) {

TEST_P(CertificateRequestTest, NonEmptyRequest_testMode) {

    bool testMode = true;

    generateKeys(testMode, 4 /* numKeys */);

 * TODO(swillden): Get a valid GEEK and use it so the generation can succeed, though we won't be

 * able to decrypt.

 */

TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_prodMode) {

TEST_P(CertificateRequestTest, NonEmptyRequest_prodMode) {

    bool testMode = false;

    generateKeys(testMode, 4 /* numKeys */);

 * Generate a non-empty certificate request in test mode, with prod keys.  Must fail with

 * STATUS_PRODUCTION_KEY_IN_TEST_REQUEST.

 */

TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_prodKeyInTestCert) {

TEST_P(CertificateRequestTest, NonEmptyRequest_prodKeyInTestCert) {

    generateKeys(false /* testMode */, 2 /* numKeys */);

    bytevec keysToSignMac;

 * Generate a non-empty certificate request in prod mode, with test keys.  Must fail with

 * STATUS_TEST_KEY_IN_PRODUCTION_REQUEST.

 */

TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_testKeyInProdCert) {

TEST_P(CertificateRequestTest, NonEmptyRequest_testKeyInProdCert) {

    generateKeys(true /* testMode */, 2 /* numKeys */);

    bytevec keysToSignMac;