Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 870a43bd723ff60d3893f34634281b57b926a0db^2..870a43bd723ff60d3893f34634281b57b926a0db / .
commit870a43bd723ff60d3893f34634281b57b926a0db[log] [tgz]
authorDavid Drysdale <drysdale@google.com>Wed Oct 09 11:26:18 2024 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Wed Oct 09 11:26:18 2024 +0000
tree433bcaff169e0a60b5519ae152c9081413ea846d
parent611bab04aed6c2e9ed6c458cfd0b5a1c608a29fb [diff]
parentf804556d131b715ba4074393ad4a9e3c35ed4db9 [diff]
Merge "Log more information on KEY_USER_NOT_AUTHENTICATED" into main
diff --git a/keystore/keystore_cli_v2.cpp b/keystore/keystore_cli_v2.cpp
index ab3e22c..d442e48 100644
--- a/keystore/keystore_cli_v2.cpp
+++ b/keystore/keystore_cli_v2.cpp

@@ -22,11 +22,12 @@
 #include <variant>
 #include <vector>
 
+#include <android-base/strings.h>
+
 #include <base/command_line.h>
 #include <base/files/file_util.h>
 #include <base/strings/string_number_conversions.h>
 #include <base/strings/string_split.h>
-#include <base/strings/string_util.h>
 
 #include <aidl/android/security/apc/BnConfirmationCallback.h>
 #include <aidl/android/security/apc/IProtectedConfirmation.h>
@@ -705,12 +706,12 @@
     std::vector<TestCase> test_cases = GetTestCases();
     for (const auto& test_case : test_cases) {
         if (!prefix.empty() &&
-            !base::StartsWith(test_case.name, prefix, base::CompareCase::SENSITIVE)) {
+            !android::base::StartsWith(test_case.name, prefix)) {
             continue;
         }
         if (test_for_0_3 &&
-            (base::StartsWith(test_case.name, "AES", base::CompareCase::SENSITIVE) ||
-             base::StartsWith(test_case.name, "HMAC", base::CompareCase::SENSITIVE))) {
+            (android::base::StartsWith(test_case.name, "AES") ||
+             android::base::StartsWith(test_case.name, "HMAC"))) {
             continue;
         }
         ++test_count;
@@ -1016,8 +1017,7 @@
         return 1;
     }
 
-    std::vector<std::string> pieces =
-        base::SplitString(uiOptionsStr, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
+    std::vector<std::string> pieces = android::base::Tokenize(uiOptionsStr, ",");
     int uiOptionsAsFlags = 0;
     for (auto& p : pieces) {
         int value;

diff --git a/keystore2/tests/keystore2_client_attest_key_tests.rs b/keystore2/tests/keystore2_client_attest_key_tests.rs
index f723d02..033036b 100644
--- a/keystore2/tests/keystore2_client_attest_key_tests.rs
+++ b/keystore2/tests/keystore2_client_attest_key_tests.rs

@@ -615,6 +615,8 @@
         // Skip this test on device supporting `DEVICE_ID_ATTESTATION_FEATURE`.
         return;
     }
+    skip_device_id_attestation_tests!();
+    skip_test_if_no_app_attest_key_feature!();
 
     let sl = SecLevel::tee();
 

diff --git a/keystore2/tests/keystore2_client_authorizations_tests.rs b/keystore2/tests/keystore2_client_authorizations_tests.rs
index 2a6adba..0fd820d 100644
--- a/keystore2/tests/keystore2_client_authorizations_tests.rs
+++ b/keystore2/tests/keystore2_client_authorizations_tests.rs

@@ -665,8 +665,7 @@
 }
 
 /// Generate a key with `APPLICATION_DATA` and `APPLICATION_ID`. Try to create an operation using
-/// the different `APPLICATION_DATA` and `APPLICATION_ID`, test should fail to create an operation
-/// with error code `INVALID_KEY_BLOB`.
+/// the different `APPLICATION_DATA` and `APPLICATION_ID`, test should fail to create an operation.
 #[test]
 fn keystore2_gen_key_auth_app_data_test_fail() {
     let sl = SecLevel::tee();
@@ -693,7 +692,10 @@
         alias,
     ));
     assert!(result.is_err());
-    assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
+    assert!(matches!(
+        result.unwrap_err(),
+        Error::Km(ErrorCode::INVALID_KEY_BLOB) | Error::Km(ErrorCode::INVALID_ARGUMENT)
+    ));
     delete_app_key(&sl.keystore2, alias).unwrap();
 }
 
@@ -727,8 +729,7 @@
 }
 
 /// Generate a key with `APPLICATION_ID`. Try to create an operation using the
-/// different `APPLICATION_ID`, test should fail to create an operation with error code
-/// `INVALID_KEY_BLOB`.
+/// different `APPLICATION_ID`, test should fail to create an operation.
 #[test]
 fn keystore2_gen_key_auth_app_id_test_fail() {
     let sl = SecLevel::tee();
@@ -753,7 +754,10 @@
         alias,
     ));
     assert!(result.is_err());
-    assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
+    assert!(matches!(
+        result.unwrap_err(),
+        Error::Km(ErrorCode::INVALID_KEY_BLOB) | Error::Km(ErrorCode::INVALID_ARGUMENT)
+    ));
     delete_app_key(&sl.keystore2, alias).unwrap();
 }
 
@@ -813,8 +817,7 @@
 
 /// Generate an attestation-key with specifying `APPLICATION_ID` and `APPLICATION_DATA`.
 /// Test should try to generate an attested key using previously generated attestation-key without
-/// specifying app-id and app-data. Test should fail to generate a new key with error code
-/// `INVALID_KEY_BLOB`.
+/// specifying app-id and app-data. Test should fail to generate a new key.
 /// It is an oversight of the Keystore API that `APPLICATION_ID` and `APPLICATION_DATA` tags cannot
 /// be provided to generateKey for an attestation key that was generated with them.
 #[test]
@@ -864,7 +867,10 @@
     ));
 
     assert!(result.is_err());
-    assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
+    assert!(matches!(
+        result.unwrap_err(),
+        Error::Km(ErrorCode::INVALID_KEY_BLOB) | Error::Km(ErrorCode::INVALID_ARGUMENT)
+    ));
     delete_app_key(&sl.keystore2, attest_alias).unwrap();
 }