| Rajesh Nyamagoud | 901386c | 2022-03-21 20:35:18 +0000 | [diff] [blame] | 1 | // Copyright 2022, The Android Open Source Project |
| 2 | // |
| 3 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | // you may not use this file except in compliance with the License. |
| 5 | // You may obtain a copy of the License at |
| 6 | // |
| 7 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | // |
| 9 | // Unless required by applicable law or agreed to in writing, software |
| 10 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | // See the License for the specific language governing permissions and |
| 13 | // limitations under the License. |
| 14 | |
| 15 | //! This module implements test utils to generate various types of keys. |
| 16 | |
| 17 | use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{ |
| 18 | Algorithm::Algorithm, Digest::Digest, EcCurve::EcCurve, KeyPurpose::KeyPurpose, |
| 19 | }; |
| 20 | use android_system_keystore2::aidl::android::system::keystore2::{ |
| 21 | Domain::Domain, IKeystoreSecurityLevel::IKeystoreSecurityLevel, KeyDescriptor::KeyDescriptor, |
| 22 | KeyMetadata::KeyMetadata, |
| 23 | }; |
| 24 | |
| 25 | use crate::authorizations::AuthSetBuilder; |
| 26 | |
| 27 | const SELINUX_SHELL_NAMESPACE: i64 = 1; |
| 28 | |
| 29 | /// Generate attested EC Key blob using given security level with below key parameters - |
| 30 | /// Purposes: SIGN and VERIFY |
| 31 | /// Digest: SHA_2_256 |
| 32 | /// Curve: P_256 |
| 33 | pub fn generate_ec_p256_signing_key_with_attestation( |
| 34 | sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>, |
| 35 | ) -> binder::Result<KeyMetadata> { |
| 36 | let att_challenge: &[u8] = b"foo"; |
| 37 | let att_app_id: &[u8] = b"bar"; |
| 38 | let gen_params = AuthSetBuilder::new() |
| 39 | .algorithm(Algorithm::EC) |
| 40 | .purpose(KeyPurpose::SIGN) |
| 41 | .purpose(KeyPurpose::VERIFY) |
| 42 | .digest(Digest::SHA_2_256) |
| 43 | .ec_curve(EcCurve::P_256) |
| 44 | .attestation_challenge(att_challenge.to_vec()) |
| 45 | .attestation_app_id(att_app_id.to_vec()); |
| 46 | |
| 47 | match sec_level.generateKey( |
| 48 | &KeyDescriptor { |
| 49 | domain: Domain::BLOB, |
| 50 | nspace: SELINUX_SHELL_NAMESPACE, |
| 51 | alias: None, |
| 52 | blob: None, |
| 53 | }, |
| 54 | None, |
| 55 | &gen_params, |
| 56 | 0, |
| 57 | b"entropy", |
| 58 | ) { |
| 59 | Ok(key_metadata) => { |
| 60 | assert!(key_metadata.certificate.is_some()); |
| 61 | assert!(key_metadata.certificateChain.is_some()); |
| 62 | assert!(key_metadata.key.blob.is_some()); |
| 63 | |
| 64 | Ok(key_metadata) |
| 65 | } |
| 66 | Err(e) => Err(e), |
| 67 | } |
| 68 | } |