KeyMint: improve HAL spec and tests - clarify & test BIGNUM spec - allow alternative return codes when requesting device unique attestation - use specific error for early boot import failure - test more early boot key scenarios (in post-early-boot mode) Test: VtsAidlKeyMintTargetTest Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0

commit: db0dcf5034cedf82d4f9cd9b452c9d0290b4d4f5 [log] [tgz]
author: David Drysdale <drysdale@google.com> Tue May 18 11:43:31 2021 +0100
committer: David Drysdale <drysdale@google.com> Wed May 19 16:40:25 2021 +0100
tree: d304f98fa80b1da4d0f1a1269c992648e0a51af4
parent: cad540327059a9617016442af3d2ca2fe75352cd [diff] [blame]
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 3a2717b..0eac033 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

@@ -1185,6 +1185,14 @@
         return {};
     }
 
+    if (serial_blob.empty() || serial_blob[0] & 0x80) {
+        // An empty blob is OpenSSL's encoding of the zero value; we need single zero byte.
+        // Top bit being set indicates a negative number in two's complement, but our input
+        // was positive.
+        // In either case, prepend a zero byte.
+        serial_blob.insert(serial_blob.begin(), 0x00);
+    }
+
     return serial_blob;
 }
commit	db0dcf5034cedf82d4f9cd9b452c9d0290b4d4f5	[log] [tgz]
author	David Drysdale <drysdale@google.com>	Tue May 18 11:43:31 2021 +0100
committer	David Drysdale <drysdale@google.com>	Wed May 19 16:40:25 2021 +0100
tree	d304f98fa80b1da4d0f1a1269c992648e0a51af4
parent	cad540327059a9617016442af3d2ca2fe75352cd [diff] [blame]