Snap for 12496712 from 966034e0e0f5aba0acc5fa1074a6f3fe44df1e92 to 25Q1-release
Change-Id: I55f6011de6cd251d10205feadc3c9126e8118279
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index 7bba687..f50c052 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -123,6 +123,11 @@
require_root: true,
}
+vintf_fragment {
+ name: "android.system.keystore2-service.xml",
+ src: "android.system.keystore2-service.xml",
+}
+
rust_defaults {
name: "keystore2_defaults",
srcs: ["src/keystore2_main.rs"],
@@ -141,7 +146,7 @@
// selection available in the build system.
prefer_rlib: true,
- vintf_fragments: ["android.system.keystore2-service.xml"],
+ vintf_fragment_modules: ["android.system.keystore2-service.xml"],
required: ["keystore_cli_v2"],
}
diff --git a/keystore2/tests/keystore2_client_authorizations_tests.rs b/keystore2/tests/keystore2_client_authorizations_tests.rs
index 0fd820d..4e83f73 100644
--- a/keystore2/tests/keystore2_client_authorizations_tests.rs
+++ b/keystore2/tests/keystore2_client_authorizations_tests.rs
@@ -636,7 +636,7 @@
/// Generate a key with `APPLICATION_DATA` and `APPLICATION_ID`. Test should create an operation
/// successfully using the same `APPLICATION_DATA` and `APPLICATION_ID`.
#[test]
-fn keystore2_gen_key_auth_app_data_test_success() {
+fn keystore2_gen_key_auth_app_data_app_id_test_success() {
let sl = SecLevel::tee();
let gen_params = authorizations::AuthSetBuilder::new()
@@ -644,7 +644,7 @@
.algorithm(Algorithm::EC)
.purpose(KeyPurpose::SIGN)
.purpose(KeyPurpose::VERIFY)
- .digest(Digest::SHA_2_256)
+ .digest(Digest::NONE)
.ec_curve(EcCurve::P_256)
.app_data(b"app-data".to_vec())
.app_id(b"app-id".to_vec());
@@ -655,7 +655,7 @@
&gen_params,
&authorizations::AuthSetBuilder::new()
.purpose(KeyPurpose::SIGN)
- .digest(Digest::SHA_2_256)
+ .digest(Digest::NONE)
.app_data(b"app-data".to_vec())
.app_id(b"app-id".to_vec()),
alias,
@@ -667,7 +667,7 @@
/// Generate a key with `APPLICATION_DATA` and `APPLICATION_ID`. Try to create an operation using
/// the different `APPLICATION_DATA` and `APPLICATION_ID`, test should fail to create an operation.
#[test]
-fn keystore2_gen_key_auth_app_data_test_fail() {
+fn keystore2_op_auth_invalid_app_data_app_id_test_fail() {
let sl = SecLevel::tee();
let gen_params = authorizations::AuthSetBuilder::new()
@@ -675,7 +675,7 @@
.algorithm(Algorithm::EC)
.purpose(KeyPurpose::SIGN)
.purpose(KeyPurpose::VERIFY)
- .digest(Digest::SHA_2_256)
+ .digest(Digest::NONE)
.ec_curve(EcCurve::P_256)
.app_data(b"app-data".to_vec())
.app_id(b"app-id".to_vec());
@@ -686,23 +686,20 @@
&gen_params,
&authorizations::AuthSetBuilder::new()
.purpose(KeyPurpose::SIGN)
- .digest(Digest::SHA_2_256)
+ .digest(Digest::NONE)
.app_data(b"invalid-app-data".to_vec())
.app_id(b"invalid-app-id".to_vec()),
alias,
));
assert!(result.is_err());
- assert!(matches!(
- result.unwrap_err(),
- Error::Km(ErrorCode::INVALID_KEY_BLOB) | Error::Km(ErrorCode::INVALID_ARGUMENT)
- ));
+ assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
delete_app_key(&sl.keystore2, alias).unwrap();
}
-/// Generate a key with `APPLICATION_ID`. Test should create an operation using the
-/// same `APPLICATION_ID` successfully.
+/// Generate a key with `APPLICATION_DATA` and `APPLICATION_ID`. Try to create an operation using
+/// only `APPLICATION_ID`, test should fail to create an operation.
#[test]
-fn keystore2_gen_key_auth_app_id_test_success() {
+fn keystore2_op_auth_missing_app_data_test_fail() {
let sl = SecLevel::tee();
let gen_params = authorizations::AuthSetBuilder::new()
@@ -710,28 +707,31 @@
.algorithm(Algorithm::EC)
.purpose(KeyPurpose::SIGN)
.purpose(KeyPurpose::VERIFY)
- .digest(Digest::SHA_2_256)
+ .digest(Digest::NONE)
.ec_curve(EcCurve::P_256)
- .app_id(b"app-id".to_vec());
+ .app_id(b"app-id".to_vec())
+ .app_data(b"app-data".to_vec());
let alias = "ks_test_auth_tags_test";
- let result = key_generations::create_key_and_operation(
+ let result = key_generations::map_ks_error(key_generations::create_key_and_operation(
&sl,
&gen_params,
&authorizations::AuthSetBuilder::new()
.purpose(KeyPurpose::SIGN)
- .digest(Digest::SHA_2_256)
+ .digest(Digest::NONE)
.app_id(b"app-id".to_vec()),
alias,
- );
- assert!(result.is_ok());
+ ));
+
+ assert!(result.is_err());
+ assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
delete_app_key(&sl.keystore2, alias).unwrap();
}
-/// Generate a key with `APPLICATION_ID`. Try to create an operation using the
-/// different `APPLICATION_ID`, test should fail to create an operation.
+/// Generate a key with `APPLICATION_DATA` and `APPLICATION_ID`. Try to create an operation using
+/// only `APPLICATION_DATA`, test should fail to create an operation.
#[test]
-fn keystore2_gen_key_auth_app_id_test_fail() {
+fn keystore2_op_auth_missing_app_id_test_fail() {
let sl = SecLevel::tee();
let gen_params = authorizations::AuthSetBuilder::new()
@@ -739,8 +739,9 @@
.algorithm(Algorithm::EC)
.purpose(KeyPurpose::SIGN)
.purpose(KeyPurpose::VERIFY)
- .digest(Digest::SHA_2_256)
+ .digest(Digest::NONE)
.ec_curve(EcCurve::P_256)
+ .app_data(b"app-data".to_vec())
.app_id(b"app-id".to_vec());
let alias = "ks_test_auth_tags_test";
@@ -749,15 +750,12 @@
&gen_params,
&authorizations::AuthSetBuilder::new()
.purpose(KeyPurpose::SIGN)
- .digest(Digest::SHA_2_256)
- .app_id(b"invalid-app-id".to_vec()),
+ .digest(Digest::NONE)
+ .app_data(b"app-data".to_vec()),
alias,
));
assert!(result.is_err());
- assert!(matches!(
- result.unwrap_err(),
- Error::Km(ErrorCode::INVALID_KEY_BLOB) | Error::Km(ErrorCode::INVALID_ARGUMENT)
- ));
+ assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
delete_app_key(&sl.keystore2, alias).unwrap();
}
@@ -867,10 +865,7 @@
));
assert!(result.is_err());
- assert!(matches!(
- result.unwrap_err(),
- Error::Km(ErrorCode::INVALID_KEY_BLOB) | Error::Km(ErrorCode::INVALID_ARGUMENT)
- ));
+ assert_eq!(Error::Km(ErrorCode::INVALID_KEY_BLOB), result.unwrap_err());
delete_app_key(&sl.keystore2, attest_alias).unwrap();
}