Merge "Correct error code in attest_key docs." am: b21b4a3663
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1662620 Change-Id: Ia0f1df2713a35026bcd89bd4fac72aead650146b
This commit is contained in:
commit
741884a363
2 changed files with 34 additions and 4 deletions
|
@ -321,8 +321,8 @@ interface IKeyMintDevice {
|
|||
* but `attestationKey` is non-null, the IKeyMintDevice must return
|
||||
* ErrorCode::INVALID_ARGUMENT. If the provided AttestationKey does not contain a key
|
||||
* blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the IKeyMintDevice must
|
||||
* return ErrorCode::INVALID_PURPOSE. If the provided AttestationKey has an empty issuer
|
||||
* subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
|
||||
* return ErrorCode::INCOMPATIBLE_PURPOSE. If the provided AttestationKey has an empty
|
||||
* issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
|
||||
*
|
||||
* @return The result of key creation. See KeyCreationResult.aidl.
|
||||
*/
|
||||
|
@ -360,8 +360,8 @@ interface IKeyMintDevice {
|
|||
* but `attestationKey` is non-null, the IKeyMintDevice must return
|
||||
* ErrorCode::INVALID_ARGUMENT. If the provided AttestationKey does not contain a key
|
||||
* blob containing an asymmetric key with KeyPurpose::ATTEST_KEY, the IKeyMintDevice must
|
||||
* return ErrorCode::INVALID_PURPOSE. If the provided AttestationKey has an empty issuer
|
||||
* subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
|
||||
* return ErrorCode::INCOMPATIBLE_PURPOSE. If the provided AttestationKey has an empty
|
||||
* issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
|
||||
*
|
||||
* @return The result of key creation. See KeyCreationResult.aidl.
|
||||
*/
|
||||
|
|
|
@ -207,6 +207,36 @@ TEST_P(AttestKeyTest, AllEcCurves) {
|
|||
}
|
||||
}
|
||||
|
||||
TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
|
||||
// Create non-attestaton key.
|
||||
AttestationKey non_attest_key;
|
||||
vector<KeyCharacteristics> non_attest_key_characteristics;
|
||||
vector<Certificate> non_attest_key_cert_chain;
|
||||
ASSERT_EQ(
|
||||
ErrorCode::OK,
|
||||
GenerateKey(
|
||||
AuthorizationSetBuilder().EcdsaSigningKey(EcCurve::P_256).SetDefaultValidity(),
|
||||
{} /* attestation siging key */, &non_attest_key.keyBlob,
|
||||
&non_attest_key_characteristics, &non_attest_key_cert_chain));
|
||||
|
||||
EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
|
||||
EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
|
||||
|
||||
// Attempt to sign attestation with non-attest key.
|
||||
vector<uint8_t> attested_key_blob;
|
||||
vector<KeyCharacteristics> attested_key_characteristics;
|
||||
vector<Certificate> attested_key_cert_chain;
|
||||
EXPECT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
|
||||
GenerateKey(AuthorizationSetBuilder()
|
||||
.EcdsaSigningKey(EcCurve::P_256)
|
||||
.Authorization(TAG_NO_AUTH_REQUIRED)
|
||||
.AttestationChallenge("foo")
|
||||
.AttestationApplicationId("bar")
|
||||
.SetDefaultValidity(),
|
||||
non_attest_key, &attested_key_blob, &attested_key_characteristics,
|
||||
&attested_key_cert_chain));
|
||||
}
|
||||
|
||||
INSTANTIATE_KEYMINT_AIDL_TEST(AttestKeyTest);
|
||||
|
||||
} // namespace aidl::android::hardware::security::keymint::test
|
||||
|
|
Loading…
Reference in a new issue