Changes to strictly validate multiple `KeyPurpose` parameters
with KeyMint-V2 onward and to skip real key attestation using
emulated curve-25519 key on device with KeyMint V1 or Keymaster.
Bug: 353162976
Test: atest keystore2_client_tests
Change-Id: I95172afbf5cc351774447ba7bf430ceec9162a6b
diff --git a/keystore2/test_utils/lib.rs b/keystore2/test_utils/lib.rs
index 8b766dd..825657f 100644
--- a/keystore2/test_utils/lib.rs
+++ b/keystore2/test_utils/lib.rs
@@ -24,7 +24,7 @@
IKeystoreSecurityLevel::IKeystoreSecurityLevel,
};
use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
- ErrorCode::ErrorCode, SecurityLevel::SecurityLevel,
+ ErrorCode::ErrorCode, IKeyMintDevice::IKeyMintDevice, SecurityLevel::SecurityLevel,
};
use android_security_authorization::aidl::android::security::authorization::IKeystoreAuthorization::IKeystoreAuthorization;
@@ -176,4 +176,21 @@
pub fn is_keymaster(&self) -> bool {
!self.is_keymint()
}
+
+ /// Get KeyMint version.
+ /// Returns 0 if the underlying device is Keymaster not KeyMint.
+ pub fn get_keymint_version(&self) -> i32 {
+ let instance = match self.level {
+ SecurityLevel::TRUSTED_ENVIRONMENT => "default",
+ SecurityLevel::STRONGBOX => "strongbox",
+ l => panic!("unexpected level {l:?}"),
+ };
+ let name = format!("android.hardware.security.keymint.IKeyMintDevice/{instance}");
+ if binder::is_declared(&name).expect("Could not check for declared keymint interface") {
+ let km: binder::Strong<dyn IKeyMintDevice> = binder::get_interface(&name).unwrap();
+ km.getInterfaceVersion().unwrap()
+ } else {
+ 0
+ }
+ }
}