KeyMint: improve HAL spec and tests
- clarify & test BIGNUM spec
- allow alternative return codes when requesting device unique
attestation
- use specific error for early boot import failure
- test more early boot key scenarios (in post-early-boot mode)
Test: VtsAidlKeyMintTargetTest
Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index e4a877c..b8699e9 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -180,7 +180,9 @@
auto subject = "cert subj 2";
vector<uint8_t> subject_der(make_name_from_str(subject));
- uint64_t serial_int = 66;
+ // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
+ // that a zero value doesn't cause problems.
+ uint64_t serial_int = 0;
vector<uint8_t> serial_blob(build_serial_blob(serial_int));
/*
@@ -223,7 +225,7 @@
auto subject2 = "cert subject";
vector<uint8_t> subject_der2(make_name_from_str(subject2));
- uint64_t serial_int2 = 987;
+ uint64_t serial_int2 = 255;
vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
EXPECT_EQ(ErrorCode::OK,