Merge "Log more information on KEY_USER_NOT_AUTHENTICATED" into main
diff --git a/keystore/keystore_cli_v2.cpp b/keystore/keystore_cli_v2.cpp
index ab3e22c..d442e48 100644
--- a/keystore/keystore_cli_v2.cpp
+++ b/keystore/keystore_cli_v2.cpp
@@ -22,11 +22,12 @@
#include <variant>
#include <vector>
+#include <android-base/strings.h>
+
#include <base/command_line.h>
#include <base/files/file_util.h>
#include <base/strings/string_number_conversions.h>
#include <base/strings/string_split.h>
-#include <base/strings/string_util.h>
#include <aidl/android/security/apc/BnConfirmationCallback.h>
#include <aidl/android/security/apc/IProtectedConfirmation.h>
@@ -705,12 +706,12 @@
std::vector<TestCase> test_cases = GetTestCases();
for (const auto& test_case : test_cases) {
if (!prefix.empty() &&
- !base::StartsWith(test_case.name, prefix, base::CompareCase::SENSITIVE)) {
+ !android::base::StartsWith(test_case.name, prefix)) {
continue;
}
if (test_for_0_3 &&
- (base::StartsWith(test_case.name, "AES", base::CompareCase::SENSITIVE) ||
- base::StartsWith(test_case.name, "HMAC", base::CompareCase::SENSITIVE))) {
+ (android::base::StartsWith(test_case.name, "AES") ||
+ android::base::StartsWith(test_case.name, "HMAC"))) {
continue;
}
++test_count;
@@ -1016,8 +1017,7 @@
return 1;
}
- std::vector<std::string> pieces =
- base::SplitString(uiOptionsStr, ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
+ std::vector<std::string> pieces = android::base::Tokenize(uiOptionsStr, ",");
int uiOptionsAsFlags = 0;
for (auto& p : pieces) {
int value;
diff --git a/keystore2/tests/keystore2_client_attest_key_tests.rs b/keystore2/tests/keystore2_client_attest_key_tests.rs
index f723d02..033036b 100644
--- a/keystore2/tests/keystore2_client_attest_key_tests.rs
+++ b/keystore2/tests/keystore2_client_attest_key_tests.rs
@@ -615,6 +615,8 @@
// Skip this test on device supporting `DEVICE_ID_ATTESTATION_FEATURE`.
return;
}
+ skip_device_id_attestation_tests!();
+ skip_test_if_no_app_attest_key_feature!();
let sl = SecLevel::tee();
diff --git a/keystore2/tests/keystore2_client_authorizations_tests.rs b/keystore2/tests/keystore2_client_authorizations_tests.rs
index 2a6adba..0fd820d 100644
--- a/keystore2/tests/keystore2_client_authorizations_tests.rs
+++ b/keystore2/tests/keystore2_client_authorizations_tests.rs
@@ -665,8 +665,7 @@
}
/// Generate a key with `APPLICATION_DATA` and `APPLICATION_ID`. Try to create an operation using
-/// the different `APPLICATION_DATA` and `APPLICATION_ID`, test should fail to create an operation
-/// with error code `INVALID_KEY_BLOB`.
+/// the different `APPLICATION_DATA` and `APPLICATION_ID`, test should fail to create an operation.
#[test]
fn keystore2_gen_key_auth_app_data_test_fail() {
let sl = SecLevel::tee();
@@ -693,7 +692,10 @@
alias,
));
assert!(result.is_err());
- assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
+ assert!(matches!(
+ result.unwrap_err(),
+ Error::Km(ErrorCode::INVALID_KEY_BLOB) | Error::Km(ErrorCode::INVALID_ARGUMENT)
+ ));
delete_app_key(&sl.keystore2, alias).unwrap();
}
@@ -727,8 +729,7 @@
}
/// Generate a key with `APPLICATION_ID`. Try to create an operation using the
-/// different `APPLICATION_ID`, test should fail to create an operation with error code
-/// `INVALID_KEY_BLOB`.
+/// different `APPLICATION_ID`, test should fail to create an operation.
#[test]
fn keystore2_gen_key_auth_app_id_test_fail() {
let sl = SecLevel::tee();
@@ -753,7 +754,10 @@
alias,
));
assert!(result.is_err());
- assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
+ assert!(matches!(
+ result.unwrap_err(),
+ Error::Km(ErrorCode::INVALID_KEY_BLOB) | Error::Km(ErrorCode::INVALID_ARGUMENT)
+ ));
delete_app_key(&sl.keystore2, alias).unwrap();
}
@@ -813,8 +817,7 @@
/// Generate an attestation-key with specifying `APPLICATION_ID` and `APPLICATION_DATA`.
/// Test should try to generate an attested key using previously generated attestation-key without
-/// specifying app-id and app-data. Test should fail to generate a new key with error code
-/// `INVALID_KEY_BLOB`.
+/// specifying app-id and app-data. Test should fail to generate a new key.
/// It is an oversight of the Keystore API that `APPLICATION_ID` and `APPLICATION_DATA` tags cannot
/// be provided to generateKey for an attestation key that was generated with them.
#[test]
@@ -864,7 +867,10 @@
));
assert!(result.is_err());
- assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
+ assert!(matches!(
+ result.unwrap_err(),
+ Error::Km(ErrorCode::INVALID_KEY_BLOB) | Error::Km(ErrorCode::INVALID_ARGUMENT)
+ ));
delete_app_key(&sl.keystore2, attest_alias).unwrap();
}