KeyMint: improve HAL spec and tests

- clarify & test BIGNUM spec
- allow alternative return codes when requesting device unique
  attestation
- use specific error for early boot import failure
- test more early boot key scenarios (in post-early-boot mode)

Test: VtsAidlKeyMintTargetTest
Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0

1 files changed, 4 insertions, 2 deletions

diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index e4a877c0cb..b8699e9d50 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -180,7 +180,9 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
     auto subject = "cert subj 2";
     vector<uint8_t> subject_der(make_name_from_str(subject));
 
-    uint64_t serial_int = 66;
+    // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check
+    // that a zero value doesn't cause problems.
+    uint64_t serial_int = 0;
     vector<uint8_t> serial_blob(build_serial_blob(serial_int));
 
     /*
@@ -223,7 +225,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
     auto subject2 = "cert subject";
     vector<uint8_t> subject_der2(make_name_from_str(subject2));
 
-    uint64_t serial_int2 = 987;
+    uint64_t serial_int2 = 255;
     vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
 
     EXPECT_EQ(ErrorCode::OK,