Added tests to attest keys with attestation id.
- Generate an RSA/EC attested keys with attestation of the device's
identifiers. Test should succeed in generatating a attested key with
attestation of device identifier. Test might fail on devices which
doesn't support device id attestation with error response code
`CANNOT_ATTEST_IDS or INVALID_TAG`.
- Try to generate an attested key with attestation of invalid device's
identifiers. Test should fail with error response `CANNOT_ATTEST_IDS`
- Test to make sure `CANNOT_ATTEST_IDS` error code is returned while
trying to generate a key on a device which doesn't support
`FEATURE_DEVICE_ID_ATTESTATION`.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: Ib57c58d3ea89279eb69db342c3343b8d99ddc639
diff --git a/keystore2/tests/ffi_test_utils.rs b/keystore2/tests/ffi_test_utils.rs
index 689713a..c652174 100644
--- a/keystore2/tests/ffi_test_utils.rs
+++ b/keystore2/tests/ffi_test_utils.rs
@@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+use android_hardware_security_keymint::aidl::android::hardware::security::keymint::Tag::Tag;
use keystore2_test_utils::key_generations::Error;
#[cxx::bridge]
@@ -32,6 +33,7 @@
) -> CxxResult;
fn buildAsn1DerEncodedWrappedKeyDescription() -> CxxResult;
fn performCryptoOpUsingKeystoreEngine(grant_id: i64) -> bool;
+ fn getValueFromAttestRecord(cert_buf: Vec<u8>, tag: i32) -> CxxResult;
}
}
@@ -87,3 +89,11 @@
Err(Error::Keystore2EngineOpFailed)
}
+
+pub fn get_value_from_attest_record(cert_buf: &[u8], tag: Tag) -> Result<Vec<u8>, Error> {
+ let result = ffi::getValueFromAttestRecord(cert_buf.to_vec(), tag.0);
+ if result.error == 0 && !result.data.is_empty() {
+ return Ok(result.data);
+ }
+ Err(Error::AttestRecordGetValueFailed)
+}