summaryrefslogtreecommitdiff
path: root/keystore2/test_utils/key_generations.rs
diff options
context:
space:
mode:
Diffstat (limited to 'keystore2/test_utils/key_generations.rs')
-rw-r--r--keystore2/test_utils/key_generations.rs20
1 files changed, 20 insertions, 0 deletions
diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs
index 9ddc87aa..a733be39 100644
--- a/keystore2/test_utils/key_generations.rs
+++ b/keystore2/test_utils/key_generations.rs
@@ -410,6 +410,11 @@ pub fn check_key_authorizations(
) {
// Make sure key authorizations contains only `ALLOWED_TAGS_IN_KEY_AUTHS`
authorizations.iter().all(|auth| {
+ // Ignore `INVALID` tag if the backend is Keymaster and not KeyMint.
+ // Keymaster allows INVALID tag for unsupported key parameters.
+ if !has_default_keymint() && auth.keyParameter.tag == Tag::INVALID {
+ return true;
+ }
assert!(
ALLOWED_TAGS_IN_KEY_AUTHS.contains(&auth.keyParameter.tag),
"key authorization is not allowed: {:#?}",
@@ -427,6 +432,21 @@ pub fn check_key_authorizations(
{
return true;
}
+
+ // Ignore below parameters if the backend is Keymaster and not KeyMint.
+ // Keymaster does not support these parameters. These key parameters are introduced in
+ // KeyMint1.0.
+ if !has_default_keymint() {
+ if matches!(key_param.tag, Tag::RSA_OAEP_MGF_DIGEST | Tag::USAGE_COUNT_LIMIT) {
+ return true;
+ }
+ if key_param.tag == Tag::PURPOSE
+ && key_param.value == KeyParameterValue::KeyPurpose(KeyPurpose::ATTEST_KEY)
+ {
+ return true;
+ }
+ }
+
if ALLOWED_TAGS_IN_KEY_AUTHS.contains(&key_param.tag) {
assert!(
check_key_param(authorizations, key_param),
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 08:46:12 +0000