Merge "Fix CDDL for signatures."
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index 16bbc5c..a4cfb8b 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -78,15 +78,16 @@
* provided, otherwise ATTESTATION_APPLICATION_ID_MISSING will be returned.
*
* 3. Asymmetric key non-attestation with signing key. If Tag::ATTESTATION_CHALLENGE is not
- * provided and the generated/imported key has KeyPurpose::SIGN, then the returned
- * certificate chain must contain only a single self-signed certificate with no attestation
- * extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
+ * provided and the generated/imported key has KeyPurpose::SIGN or KeyPurpose::ATTEST_KEY,
+ * then the returned certificate chain must contain only a single self-signed certificate
+ * with no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
+ * provided.
*
* 4. Asymmetric key non-attestation with non-signing key. If TAG::ATTESTATION_CHALLENGE is
- * not provided and the generated/imported key does not have KeyPurpose::SIGN, then the
- * returned certificate chain must contain only a single certificate with an empty signature
- * and no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
- * provided.
+ * not provided and the generated/imported key does not have KeyPurpose::SIGN nor
+ * KeyPurpose::ATTEST_KEY, then the returned certificate chain must contain only a single
+ * certificate with an empty signature and no attestation extension.
+ * Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
*
* 5. Symmetric key. If the generated/imported key is symmetric, the certificate chain must
* return empty, any Tag::ATTESTATION_CHALLENGE or Tag::ATTESTATION_APPLICATION_ID inputs,
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 8a26b3c..0bab54c 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -183,6 +183,14 @@
* This test attempts to create an RSA attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
+
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
@@ -453,6 +461,13 @@
* This test attempts to create an EC attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index c734c37..1b1a1b4 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -3821,6 +3821,13 @@
* Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
uint32_t key_size = 2048;
string key = rsa_2048_key;
@@ -3959,6 +3966,13 @@
* Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)