Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / f436a9326c19134f6f7e0a06b7221f64915a6b4b^! / . / keystore2 / test_utils / key_generations.rs
commitf436a9326c19134f6f7e0a06b7221f64915a6b4b[log] [tgz]
authorRajesh Nyamagoud <nyamagoud@google.com>Fri May 12 01:16:07 2023 +0000
committerRajesh Nyamagoud <nyamagoud@google.com>Mon Oct 09 21:44:48 2023 +0000
tree91b2279d3cf13e7a0f57a496c6fc4ead2a3a0ed6
parent75dfa0c2ec8c93cc5b064838401fef32a07147ab [diff] [blame]
Adding tests using `MAX_USES_PER_BOOT`, `EARLY_BOOT_ONLY`, `BOOTLOADER_ONLY` and `USAGE_COUNT_LIMIT`

1. Generate a key with `BOOTLOADER_ONLY` tag. Test should successfully
   generate a key and verify the key characteristics. Test should fail
   with error code `INVALID_KEY_BLOB` during creation of an operation
   using this key.

2. Generate a key with `EARLY_BOOT_ONLY` tag. Test should successfully
   generate a key and verify the key characteristics. Test should fail
   with error code `EARLY_BOOT_ENDED` during creation of an operation
   using this key.

3. Generate a key with `MAX_USES_PER_BOOT` tag. Test should successfully
   generate a key and verify the key characteristics. Test should be
   able to use the key successfully `MAX_USES_COUNT` times. After
   exceeding key usage `MAX_USES_COUNT` times subsequent attempts to use
   the key in test should fail with error code `MAX_OPS_EXCEEDED`.

4. Generate a key with `USAGE_COUNT_LIMIT` tag. Test should successfully
   generate a key and verify the key characteristics. Test should be
   able to use the key successfully `MAX_USES_COUNT` times. After
   exceeding key usage `MAX_USES_COUNT` times subsequent attempts to use
   the key in test should fail with error code `KEY_NOT_FOUND`. Test
   should also check attest record for attested keys that
   `USAGE_COUNT_LIMIT` is included in attest record.

Bug: 279721870
Test: atest keystore2_client_tests
Change-Id: I205964b571d92dc0fcbd11b1f6d45bc3aea7c050

diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs
index 24ce6e1..ccf27bc 100644
--- a/keystore2/test_utils/key_generations.rs
+++ b/keystore2/test_utils/key_generations.rs

@@ -470,6 +470,18 @@
     ));
 }
 
+/// Get the key `Authorization` for the given auth `Tag`.
+pub fn get_key_auth(authorizations: &[Authorization], tag: Tag) -> Option<&Authorization> {
+    let auths: Vec<&Authorization> =
+        authorizations.iter().filter(|auth| auth.keyParameter.tag == tag).collect();
+
+    if !auths.is_empty() {
+        Some(auths[0])
+    } else {
+        None
+    }
+}
+
 /// Generate EC Key using given security level and domain with below key parameters and
 /// optionally allow the generated key to be attested with factory provisioned attest key using
 /// given challenge and application id -