diff options
author | Rajesh Nyamagoud <nyamagoud@google.com> | 2021-12-13 21:44:19 +0000 |
---|---|---|
committer | Rajesh Nyamagoud <nyamagoud@google.com> | 2022-07-01 16:24:41 +0000 |
commit | a7766455e9cdadd936b10395b755159bf615938a (patch) | |
tree | 2ca1129021ead9034461ca58eaa5008d8bba8b6b /keystore2/test_utils | |
parent | 7293ffc837df736f96d3ee46d30ab409aef730c5 (diff) | |
download | security-a7766455e9cdadd936b10395b755159bf615938a.tar.gz |
Adding generateKey tests with EC key algorithm.
Test 1: Should fail to generate a key with domain not listed
in keystore2::Domain.
Test 2: Should fail to generate a EC key without providing curve.
Test 3: Should fail to generate a EC key with 25519 curve having
sign and agree_key purposes.
Test 4: Generate a EC keys with `NONE, MD5, SHA1, SHA-2 224,
SHA-2 256, SHA-2 384 and SHA-2 512` digest modes and P_224,
P_256, P_384, P_521 ec curves combinations. Should be able
to create operations with these keys successfully for all
digest modes except NONE and MD5.
Test 5: Generate a EC key with curve CURVE_25519 and digest mode NONE.
Should be able to create an operation with digest mode NONE.
Test 6: Generate a EC keys with curve CURVE_25519 and digest modes
`MD5, SHA1, SHA-2 224, SHA-2 256, SHA-2 384 and SHA-2 512`
combinations. Creation of an operation should fail with
unsupported digest error.
Test 7: Should fail to create an operation with incompatible digest
mode in key authorizations.
Test 8: Test for key owner validation. Generate a key in one user and
try to use it in another user context where it should fail to
load the key as it doesn't own the key generated by prior user.
Test 9: Generate a key with Domain::BLOB. Verify that key descriptor
holds the key blob. Try to use this key to perform an operation
successfully.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I8b923cfdd9dbd50d1ebaab03560e9378ede7cdee
Diffstat (limited to 'keystore2/test_utils')
-rw-r--r-- | keystore2/test_utils/key_generations.rs | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs index 6398f31c..b1405c72 100644 --- a/keystore2/test_utils/key_generations.rs +++ b/keystore2/test_utils/key_generations.rs @@ -129,3 +129,42 @@ pub fn generate_ec_p256_signing_key( Err(e) => Err(e), } } + +/// Generate EC signing key. +pub fn generate_ec_key<S: IKeystoreSecurityLevel + ?Sized>( + sec_level: &S, + domain: Domain, + nspace: i64, + alias: Option<String>, + ec_curve: EcCurve, + digest: Digest, +) -> binder::Result<KeyMetadata> { + let gen_params = AuthSetBuilder::new() + .no_auth_required() + .algorithm(Algorithm::EC) + .purpose(KeyPurpose::SIGN) + .purpose(KeyPurpose::VERIFY) + .digest(digest) + .ec_curve(ec_curve); + + let key_metadata = sec_level.generateKey( + &KeyDescriptor { domain, nspace, alias, blob: None }, + None, + &gen_params, + 0, + b"entropy", + )?; + + // Must have a public key. + assert!(key_metadata.certificate.is_some()); + + // Should not have an attestation record. + assert!(key_metadata.certificateChain.is_none()); + + if domain == Domain::BLOB { + assert!(key_metadata.key.blob.is_some()); + } else { + assert!(key_metadata.key.blob.is_none()); + } + Ok(key_metadata) +} |