commit 0bbcc06044bc3cb8d87daec6781deca9fc35f53b
author Rajesh Nyamagoud <nyamagoud@google.com> Tue Aug 27 15:05:30 2024 +0000
committer Rajesh Nyamagoud <nyamagoud@google.com> Tue Aug 27 15:05:30 2024 +0000
tree 456e640e32d66101662160e7e33351de39597155
parent a32e5318843a8e8e4ddfd8643d8606add8e83da3

Removing `keystore2_attest_symmetric_key_fail_sys_error` test.

Using ATTEST_KEY while generating symmetric key is unexpected. Removing
this test assuming this combination is never expected to be used.

Bug: 359743897
Bug: 361729305
Bug: 361373421
Bug: 336695416
Test: atest keystore2_client_tests
Change-Id: I783796fd9478b7f7f9270c9e78d9b12e28d955db

keystore2/tests/keystore2_client_attest_key_tests.rs

diff --git a/keystore2/tests/keystore2_client_attest_key_tests.rs b/keystore2/tests/keystore2_client_attest_key_tests.rs
index 7597ba1..e2eacc4 100644
--- a/keystore2/tests/keystore2_client_attest_key_tests.rs
+++ b/keystore2/tests/keystore2_client_attest_key_tests.rs
@@ -463,59 +463,6 @@
     assert_eq!(Error::Rc(ResponseCode::INVALID_ARGUMENT), result.unwrap_err());
 }
 
-/// Generate RSA attestation key and try to use it as attestation key while generating symmetric
-/// key. Test should generate symmetric key successfully. Verify that generated symmetric key
-/// should not have attestation record or certificate.
-#[test]
-fn keystore2_attest_symmetric_key_fail_sys_error() {
-    skip_test_if_no_app_attest_key_feature!();
-
-    let sl = SecLevel::tee();
-    let att_challenge: &[u8] = b"foo";
-
-    // Create attestation key.
-    let Some(attestation_key_metadata) = key_generations::map_ks_error(
-        key_generations::generate_attestation_key(&sl, Algorithm::RSA, att_challenge),
-    )
-    .unwrap() else {
-        return;
-    };
-
-    let mut cert_chain: Vec<u8> = Vec::new();
-    cert_chain.extend(attestation_key_metadata.certificate.as_ref().unwrap());
-    cert_chain.extend(attestation_key_metadata.certificateChain.as_ref().unwrap());
-    validate_certchain(&cert_chain).expect("Error while validating cert chain.");
-
-    // Generate symmetric key with above generated key as attestation key.
-    let gen_params = authorizations::AuthSetBuilder::new()
-        .no_auth_required()
-        .algorithm(Algorithm::AES)
-        .purpose(KeyPurpose::ENCRYPT)
-        .purpose(KeyPurpose::DECRYPT)
-        .key_size(128)
-        .padding_mode(PaddingMode::NONE)
-        .block_mode(BlockMode::ECB)
-        .attestation_challenge(att_challenge.to_vec());
-
-    let alias = format!("ks_test_sym_key_attest_{}", getuid());
-    let aes_key_metadata = sl
-        .binder
-        .generateKey(
-            &KeyDescriptor { domain: Domain::APP, nspace: -1, alias: Some(alias), blob: None },
-            Some(&attestation_key_metadata.key),
-            &gen_params,
-            0,
-            b"entropy",
-        )
-        .unwrap();
-
-    // Should not have public certificate.
-    assert!(aes_key_metadata.certificate.is_none());
-
-    // Should not have an attestation record.
-    assert!(aes_key_metadata.certificateChain.is_none());
-}
-
 fn get_attestation_ids(keystore2: &binder::Strong<dyn IKeystoreService>) -> Vec<(Tag, Vec<u8>)> {
     let attest_ids = vec![
         (Tag::ATTESTATION_ID_BRAND, "brand"),