Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fa5c497e authored by Shawn Willden's avatar Shawn Willden Committed by Automerger Merge Worker
Browse files

Merge "Correct error code in attest_key docs." am: b21b4a36 am: 741884a3 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1662620

Change-Id: I728cc24ae0d0bb6deb26b8e1fd4008668a5bc30b
parents 931e1e1d 741884a3

security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

+4 −4
Original line number Diff line number Diff line
@@ -321,8 +321,8 @@ interface IKeyMintDevice { 
     *        but `attestationKey` is non-null, the IKeyMintDevice must return

     *        ErrorCode::INVALID_ARGUMENT.  If the provided AttestationKey does not contain a key

     *        blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the IKeyMintDevice must

     *        return ErrorCode::INVALID_PURPOSE.  If the provided AttestationKey has an empty issuer

     *        subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.

     *        return ErrorCode::INCOMPATIBLE_PURPOSE.  If the provided AttestationKey has an empty

     *        issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.

     *

     * @return The result of key creation.  See KeyCreationResult.aidl.

     */
@@ -360,8 +360,8 @@ interface IKeyMintDevice { 
     *        but `attestationKey` is non-null, the IKeyMintDevice must return

     *        ErrorCode::INVALID_ARGUMENT.  If the provided AttestationKey does not contain a key

     *        blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the IKeyMintDevice must

     *        return ErrorCode::INVALID_PURPOSE.  If the provided AttestationKey has an empty issuer

     *        subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.

     *        return ErrorCode::INCOMPATIBLE_PURPOSE.  If the provided AttestationKey has an empty

     *        issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.

     *

     * @return The result of key creation.  See KeyCreationResult.aidl.

     */

security/keymint/aidl/vts/functional/AttestKeyTest.cpp

+30 −0
Original line number Diff line number Diff line
@@ -207,6 +207,36 @@ TEST_P(AttestKeyTest, AllEcCurves) { 
    }

}



TEST_P(AttestKeyTest, AttestWithNonAttestKey) {

    // Create non-attestaton key.

    AttestationKey non_attest_key;

    vector<KeyCharacteristics> non_attest_key_characteristics;

    vector<Certificate> non_attest_key_cert_chain;

    ASSERT_EQ(

            ErrorCode::OK,

            GenerateKey(

                    AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),

                    {} /* attestation siging key */, &non_attest_key.keyBlob,

                    &non_attest_key_characteristics, &non_attest_key_cert_chain));



    EXPECT_EQ(non_attest_key_cert_chain.size(), 1);

    EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));



    // Attempt to sign attestation with non-attest key.

    vector<uint8_t> attested_key_blob;

    vector<KeyCharacteristics> attested_key_characteristics;

    vector<Certificate> attested_key_cert_chain;

    EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,

              GenerateKey(AuthorizationSetBuilder()

                                  .EcdsaSigningKey(EcCurve::P_256)

                                  .Authorization(TAG_NO_AUTH_REQUIRED)

                                  .AttestationChallenge("foo")

                                  .AttestationApplicationId("bar")

                                  .SetDefaultValidity(),

                          non_attest_key, &attested_key_blob, &attested_key_characteristics,

                          &attested_key_cert_chain));

}



INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);



}  // namespace aidl::android::hardware::security::keymint::test