KeyMint: improve HAL spec and tests

- clarify & test BIGNUM spec - allow alternative return codes when requesting device unique attestation - use specific error for early boot import failure - test more early boot key scenarios (in post-early-boot mode) Test: VtsAidlKeyMintTargetTest Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
author: David Drysdale <drysdale@google.com> 2021-05-18 11:43:31 +0100
committer: David Drysdale <drysdale@google.com> 2021-05-19 16:40:25 +0100
commit: db0dcf5034cedf82d4f9cd9b452c9d0290b4d4f5 (patch)
tree: d304f98fa80b1da4d0f1a1269c992648e0a51af4 /security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
parent: cad540327059a9617016442af3d2ca2fe75352cd (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 3a2717b9d9..0eac033cd1 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -1185,6 +1185,14 @@ vector<uint8_t> build_serial_blob(const uint64_t serial_int) {
         return {};
     }
 
+    if (serial_blob.empty() || serial_blob[0] & 0x80) {
+        // An empty blob is OpenSSL's encoding of the zero value; we need single zero byte.
+        // Top bit being set indicates a negative number in two's complement, but our input
+        // was positive.
+        // In either case, prepend a zero byte.
+        serial_blob.insert(serial_blob.begin(), 0x00);
+    }
+
     return serial_blob;
 }
author	David Drysdale <drysdale@google.com>	2021-05-18 11:43:31 +0100
committer	David Drysdale <drysdale@google.com>	2021-05-19 16:40:25 +0100
commit	db0dcf5034cedf82d4f9cd9b452c9d0290b4d4f5 (patch)
tree	d304f98fa80b1da4d0f1a1269c992648e0a51af4 /security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
parent	cad540327059a9617016442af3d2ca2fe75352cd (diff)