Merge "Remove incorrect/confusing Certificate use" into main
diff --git a/keystore2/tests/keystore2_client_aes_key_tests.rs b/keystore2/tests/keystore2_client_aes_key_tests.rs
index 3c5fda5..7128911 100644
--- a/keystore2/tests/keystore2_client_aes_key_tests.rs
+++ b/keystore2/tests/keystore2_client_aes_key_tests.rs
@@ -203,7 +203,7 @@
}
/// Try to create an operation using AES key with multiple block modes. Test should fail to create
-/// an operation with `UNSUPPORTED_BLOCK_MODE` error code.
+/// an operation.
#[test]
fn keystore2_aes_key_op_fails_multi_block_modes() {
let sl = SecLevel::tee();
@@ -247,7 +247,12 @@
false,
));
assert!(result.is_err());
- assert_eq!(Error::Km(ErrorCode::UNSUPPORTED_BLOCK_MODE), result.unwrap_err());
+ assert!(matches!(
+ result.unwrap_err(),
+ Error::Km(ErrorCode::INCOMPATIBLE_BLOCK_MODE)
+ | Error::Km(ErrorCode::UNSUPPORTED_BLOCK_MODE)
+ | Error::Km(ErrorCode::INVALID_ARGUMENT)
+ ));
}
/// Try to create an operation using AES key with multiple padding modes. Test should fail to create
diff --git a/keystore2/tests/keystore2_client_authorizations_tests.rs b/keystore2/tests/keystore2_client_authorizations_tests.rs
index 6732f5c..2a6adba 100644
--- a/keystore2/tests/keystore2_client_authorizations_tests.rs
+++ b/keystore2/tests/keystore2_client_authorizations_tests.rs
@@ -633,8 +633,8 @@
}
}
-/// Generate a key with `APPLICATION_DATA`. Test should create an operation using the
-/// same `APPLICATION_DATA` successfully.
+/// Generate a key with `APPLICATION_DATA` and `APPLICATION_ID`. Test should create an operation
+/// successfully using the same `APPLICATION_DATA` and `APPLICATION_ID`.
#[test]
fn keystore2_gen_key_auth_app_data_test_success() {
let sl = SecLevel::tee();
@@ -646,7 +646,8 @@
.purpose(KeyPurpose::VERIFY)
.digest(Digest::SHA_2_256)
.ec_curve(EcCurve::P_256)
- .app_data(b"app-data".to_vec());
+ .app_data(b"app-data".to_vec())
+ .app_id(b"app-id".to_vec());
let alias = "ks_test_auth_tags_test";
let result = key_generations::create_key_and_operation(
@@ -655,16 +656,17 @@
&authorizations::AuthSetBuilder::new()
.purpose(KeyPurpose::SIGN)
.digest(Digest::SHA_2_256)
- .app_data(b"app-data".to_vec()),
+ .app_data(b"app-data".to_vec())
+ .app_id(b"app-id".to_vec()),
alias,
);
assert!(result.is_ok());
delete_app_key(&sl.keystore2, alias).unwrap();
}
-/// Generate a key with `APPLICATION_DATA`. Try to create an operation using the
-/// different `APPLICATION_DATA`, test should fail to create an operation with error code
-/// `INVALID_KEY_BLOB`.
+/// Generate a key with `APPLICATION_DATA` and `APPLICATION_ID`. Try to create an operation using
+/// the different `APPLICATION_DATA` and `APPLICATION_ID`, test should fail to create an operation
+/// with error code `INVALID_KEY_BLOB`.
#[test]
fn keystore2_gen_key_auth_app_data_test_fail() {
let sl = SecLevel::tee();
@@ -676,7 +678,8 @@
.purpose(KeyPurpose::VERIFY)
.digest(Digest::SHA_2_256)
.ec_curve(EcCurve::P_256)
- .app_data(b"app-data".to_vec());
+ .app_data(b"app-data".to_vec())
+ .app_id(b"app-id".to_vec());
let alias = "ks_test_auth_tags_test";
let result = key_generations::map_ks_error(key_generations::create_key_and_operation(
@@ -685,7 +688,8 @@
&authorizations::AuthSetBuilder::new()
.purpose(KeyPurpose::SIGN)
.digest(Digest::SHA_2_256)
- .app_data(b"invalid-app-data".to_vec()),
+ .app_data(b"invalid-app-data".to_vec())
+ .app_id(b"invalid-app-id".to_vec()),
alias,
));
assert!(result.is_err());