Create authorizations and key_generations test modules -
- authorizations: helper struct to create set of key authorizations
- key_generations: helper methods to generate various keys.
Test: N/A
Change-Id: I23250838b7b6d8ad59f5ef8682861a07e856299f
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index 74aa4bd..e7c2752 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -79,7 +79,10 @@
name: "libkeystore2_test_utils",
crate_name: "keystore2_test_utils",
srcs: ["test_utils/lib.rs"],
+ defaults: ["keymint_use_latest_hal_aidl_rust"],
rustlibs: [
+ "android.system.keystore2-V2-rust",
+ "libbinder_rs",
"libkeystore2_selinux",
"liblog_rust",
"libnix",
@@ -105,11 +108,14 @@
rust_test {
name: "keystore2_test_utils_test",
srcs: ["test_utils/lib.rs"],
+ defaults: ["keymint_use_latest_hal_aidl_rust"],
test_suites: ["general-tests"],
require_root: true,
auto_gen_config: true,
compile_multilib: "first",
rustlibs: [
+ "android.system.keystore2-V2-rust",
+ "libbinder_rs",
"libkeystore2_selinux",
"liblog_rust",
"libnix",
diff --git a/keystore2/test_utils/authorizations.rs b/keystore2/test_utils/authorizations.rs
new file mode 100644
index 0000000..4fbe124
--- /dev/null
+++ b/keystore2/test_utils/authorizations.rs
@@ -0,0 +1,88 @@
+// Copyright 2022, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! This module implements test utils to create Autherizations.
+
+use std::ops::Deref;
+
+use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
+ Algorithm::Algorithm, Digest::Digest, EcCurve::EcCurve, KeyParameter::KeyParameter,
+ KeyParameterValue::KeyParameterValue, KeyPurpose::KeyPurpose, Tag::Tag,
+};
+
+/// Helper struct to create set of Authorizations.
+pub struct AuthSetBuilder(Vec<KeyParameter>);
+
+impl Default for AuthSetBuilder {
+ fn default() -> Self {
+ Self::new()
+ }
+}
+
+impl AuthSetBuilder {
+ /// Creates new Authorizations list.
+ pub fn new() -> Self {
+ Self(Vec::new())
+ }
+
+ /// Add Purpose.
+ pub fn purpose(mut self, p: KeyPurpose) -> Self {
+ self.0.push(KeyParameter { tag: Tag::PURPOSE, value: KeyParameterValue::KeyPurpose(p) });
+ self
+ }
+
+ /// Add Digest.
+ pub fn digest(mut self, d: Digest) -> Self {
+ self.0.push(KeyParameter { tag: Tag::DIGEST, value: KeyParameterValue::Digest(d) });
+ self
+ }
+
+ /// Add Algorithm.
+ pub fn algorithm(mut self, a: Algorithm) -> Self {
+ self.0.push(KeyParameter { tag: Tag::ALGORITHM, value: KeyParameterValue::Algorithm(a) });
+ self
+ }
+
+ /// Add EC-Curve.
+ pub fn ec_curve(mut self, e: EcCurve) -> Self {
+ self.0.push(KeyParameter { tag: Tag::EC_CURVE, value: KeyParameterValue::EcCurve(e) });
+ self
+ }
+
+ /// Add Attestation-Challenge.
+ pub fn attestation_challenge(mut self, b: Vec<u8>) -> Self {
+ self.0.push(KeyParameter {
+ tag: Tag::ATTESTATION_CHALLENGE,
+ value: KeyParameterValue::Blob(b),
+ });
+ self
+ }
+
+ /// Add Attestation-ID.
+ pub fn attestation_app_id(mut self, b: Vec<u8>) -> Self {
+ self.0.push(KeyParameter {
+ tag: Tag::ATTESTATION_APPLICATION_ID,
+ value: KeyParameterValue::Blob(b),
+ });
+ self
+ }
+}
+
+impl Deref for AuthSetBuilder {
+ type Target = Vec<KeyParameter>;
+
+ fn deref(&self) -> &Self::Target {
+ &self.0
+ }
+}
diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs
new file mode 100644
index 0000000..f49aa9f
--- /dev/null
+++ b/keystore2/test_utils/key_generations.rs
@@ -0,0 +1,68 @@
+// Copyright 2022, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! This module implements test utils to generate various types of keys.
+
+use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
+ Algorithm::Algorithm, Digest::Digest, EcCurve::EcCurve, KeyPurpose::KeyPurpose,
+};
+use android_system_keystore2::aidl::android::system::keystore2::{
+ Domain::Domain, IKeystoreSecurityLevel::IKeystoreSecurityLevel, KeyDescriptor::KeyDescriptor,
+ KeyMetadata::KeyMetadata,
+};
+
+use crate::authorizations::AuthSetBuilder;
+
+const SELINUX_SHELL_NAMESPACE: i64 = 1;
+
+/// Generate attested EC Key blob using given security level with below key parameters -
+/// Purposes: SIGN and VERIFY
+/// Digest: SHA_2_256
+/// Curve: P_256
+pub fn generate_ec_p256_signing_key_with_attestation(
+ sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>,
+) -> binder::Result<KeyMetadata> {
+ let att_challenge: &[u8] = b"foo";
+ let att_app_id: &[u8] = b"bar";
+ let gen_params = AuthSetBuilder::new()
+ .algorithm(Algorithm::EC)
+ .purpose(KeyPurpose::SIGN)
+ .purpose(KeyPurpose::VERIFY)
+ .digest(Digest::SHA_2_256)
+ .ec_curve(EcCurve::P_256)
+ .attestation_challenge(att_challenge.to_vec())
+ .attestation_app_id(att_app_id.to_vec());
+
+ match sec_level.generateKey(
+ &KeyDescriptor {
+ domain: Domain::BLOB,
+ nspace: SELINUX_SHELL_NAMESPACE,
+ alias: None,
+ blob: None,
+ },
+ None,
+ &gen_params,
+ 0,
+ b"entropy",
+ ) {
+ Ok(key_metadata) => {
+ assert!(key_metadata.certificate.is_some());
+ assert!(key_metadata.certificateChain.is_some());
+ assert!(key_metadata.key.blob.is_some());
+
+ Ok(key_metadata)
+ }
+ Err(e) => Err(e),
+ }
+}
diff --git a/keystore2/test_utils/lib.rs b/keystore2/test_utils/lib.rs
index a355544..c63bfac 100644
--- a/keystore2/test_utils/lib.rs
+++ b/keystore2/test_utils/lib.rs
@@ -19,8 +19,14 @@
use std::path::{Path, PathBuf};
use std::{env::temp_dir, ops::Deref};
+use android_system_keystore2::aidl::android::system::keystore2::IKeystoreService::IKeystoreService;
+
+pub mod authorizations;
+pub mod key_generations;
pub mod run_as;
+static KS2_SERVICE_NAME: &str = "android.system.keystore2.IKeystoreService/default";
+
/// Represents the lifecycle of a temporary directory for testing.
#[derive(Debug)]
pub struct TempDir {
@@ -104,3 +110,8 @@
&self.0
}
}
+
+/// Get Keystore2 service.
+pub fn get_keystore_service() -> binder::Strong<dyn IKeystoreService> {
+ binder::get_interface(KS2_SERVICE_NAME).unwrap()
+}