diff options
Diffstat (limited to 'keystore2/tests')
-rw-r--r-- | keystore2/tests/keystore2_client_authorizations_tests.rs | 42 | ||||
-rw-r--r-- | keystore2/tests/keystore2_client_import_keys_tests.rs | 8 | ||||
-rw-r--r-- | keystore2/tests/keystore2_client_test_utils.rs | 6 |
3 files changed, 44 insertions, 12 deletions
diff --git a/keystore2/tests/keystore2_client_authorizations_tests.rs b/keystore2/tests/keystore2_client_authorizations_tests.rs index fe48acd6..9df9561a 100644 --- a/keystore2/tests/keystore2_client_authorizations_tests.rs +++ b/keystore2/tests/keystore2_client_authorizations_tests.rs @@ -21,8 +21,8 @@ use android_hardware_security_keymint::aidl::android::hardware::security::keymin }; use android_system_keystore2::aidl::android::system::keystore2::{ - IKeystoreSecurityLevel::IKeystoreSecurityLevel, KeyMetadata::KeyMetadata, - ResponseCode::ResponseCode, + Domain::Domain, IKeystoreSecurityLevel::IKeystoreSecurityLevel, KeyDescriptor::KeyDescriptor, + KeyMetadata::KeyMetadata, ResponseCode::ResponseCode, }; use keystore2_test_utils::{ @@ -590,3 +590,41 @@ fn keystore2_gen_non_attested_key_auth_usage_count_limit() { false, ); } + +/// Try to generate a key with `Tag::CREATION_DATETIME` set to valid value. Test should fail +/// to generate a key with `INVALID_ARGUMENT` error as Keystore2 backend doesn't allow user to +/// specify `CREATION_DATETIME`. +#[test] +fn keystore2_gen_key_auth_creation_date_time_test_fail_with_invalid_arg_error() { + let keystore2 = get_keystore_service(); + let sec_level = keystore2.getSecurityLevel(SecurityLevel::TRUSTED_ENVIRONMENT).unwrap(); + + let duration_since_epoch = SystemTime::now().duration_since(SystemTime::UNIX_EPOCH).unwrap(); + let creation_datetime = duration_since_epoch.as_millis(); + let gen_params = authorizations::AuthSetBuilder::new() + .no_auth_required() + .algorithm(Algorithm::EC) + .purpose(KeyPurpose::SIGN) + .purpose(KeyPurpose::VERIFY) + .digest(Digest::SHA_2_256) + .ec_curve(EcCurve::P_256) + .attestation_challenge(b"foo".to_vec()) + .creation_date_time(creation_datetime.try_into().unwrap()); + + let alias = "ks_test_auth_tags_test"; + let result = key_generations::map_ks_error(sec_level.generateKey( + &KeyDescriptor { + domain: Domain::APP, + nspace: -1, + alias: Some(alias.to_string()), + blob: None, + }, + None, + &gen_params, + 0, + b"entropy", + )); + + assert!(result.is_err()); + assert_eq!(Error::Rc(ResponseCode::INVALID_ARGUMENT), result.unwrap_err()); +} diff --git a/keystore2/tests/keystore2_client_import_keys_tests.rs b/keystore2/tests/keystore2_client_import_keys_tests.rs index 3d108fee..31d57a2f 100644 --- a/keystore2/tests/keystore2_client_import_keys_tests.rs +++ b/keystore2/tests/keystore2_client_import_keys_tests.rs @@ -37,9 +37,9 @@ use keystore2_test_utils::ffi_test_utils::{ }; use crate::keystore2_client_test_utils::{ - encrypt_secure_key, encrypt_transport_key, has_default_keymint, - perform_sample_asym_sign_verify_op, perform_sample_hmac_sign_verify_op, - perform_sample_sym_key_decrypt_op, perform_sample_sym_key_encrypt_op, SAMPLE_PLAIN_TEXT, + encrypt_secure_key, encrypt_transport_key, perform_sample_asym_sign_verify_op, + perform_sample_hmac_sign_verify_op, perform_sample_sym_key_decrypt_op, + perform_sample_sym_key_encrypt_op, SAMPLE_PLAIN_TEXT, }; pub fn import_rsa_sign_key_and_perform_sample_operation( @@ -288,7 +288,7 @@ fn keystore2_rsa_import_key_with_multipurpose_fails_incompt_purpose_error() { key_generations::RSA_2048_KEY, )); - if has_default_keymint() { + if key_generations::has_default_keymint() { assert!(result.is_err()); assert_eq!(Error::Km(ErrorCode::INCOMPATIBLE_PURPOSE), result.unwrap_err()); } else { diff --git a/keystore2/tests/keystore2_client_test_utils.rs b/keystore2/tests/keystore2_client_test_utils.rs index f7e7985f..e76c64b8 100644 --- a/keystore2/tests/keystore2_client_test_utils.rs +++ b/keystore2/tests/keystore2_client_test_utils.rs @@ -104,12 +104,6 @@ macro_rules! skip_test_if_no_device_id_attestation_feature { }; } -/// Indicate whether the default device is KeyMint (rather than Keymaster). -pub fn has_default_keymint() -> bool { - binder::is_declared("android.hardware.security.keymint.IKeyMintDevice/default") - .expect("Could not check for declared keymint interface") -} - /// Generate EC key and grant it to the list of users with given access vector. /// Returns the list of granted keys `nspace` values in the order of given grantee uids. pub fn generate_ec_key_and_grant_to_users( |