Updated the vts attestation tests for strongbox implementations which
do not support factory attestation.
Bug: b/219962281
Test: Run vts tests.
Change-Id: Ie3f3f33f773227d879e11f11e2ef0eaee33db648
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 4ab989b..f9510d3 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -312,6 +312,30 @@
return GenerateKey(key_desc, attest_key, &key_blob_, &key_characteristics_, &cert_chain_);
}
+ErrorCode KeyMintAidlTestBase::GenerateKeyWithSelfSignedAttestKey(
+ const AuthorizationSet& attest_key_desc, const AuthorizationSet& key_desc,
+ vector<uint8_t>* key_blob, vector<KeyCharacteristics>* key_characteristics,
+ vector<Certificate>* cert_chain) {
+ AttestationKey attest_key;
+ vector<Certificate> attest_cert_chain;
+ vector<KeyCharacteristics> attest_key_characteristics;
+ // Generate a key with self signed attestation.
+ auto error = GenerateKey(attest_key_desc, std::nullopt, &attest_key.keyBlob,
+ &attest_key_characteristics, &attest_cert_chain);
+ if (error != ErrorCode::OK) {
+ return error;
+ }
+
+ attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
+ // Generate a key, by passing the above self signed attestation key as attest key.
+ error = GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain);
+ if (error == ErrorCode::OK) {
+ // Append the attest_cert_chain to the attested cert_chain to yield a valid cert chain.
+ cert_chain->push_back(attest_cert_chain[0]);
+ }
+ return error;
+}
+
ErrorCode KeyMintAidlTestBase::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
const string& key_material, vector<uint8_t>* key_blob,
vector<KeyCharacteristics>* key_characteristics) {