summaryrefslogtreecommitdiff
path: root/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp')
-rw-r--r--security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp32
1 files changed, 32 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 4ab989bcbc..943c692c3e 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -207,6 +207,14 @@ uint32_t KeyMintAidlTestBase::boot_patch_level() {
return boot_patch_level(key_characteristics_);
}
+/**
+ * An API to determine device IDs attestation is required or not,
+ * which is mandatory for KeyMint version 2 or first_api_level 33 or greater.
+ */
+bool KeyMintAidlTestBase::isDeviceIdAttestationRequired() {
+ return AidlVersion() >= 2 || property_get_int32("ro.vendor.api_level", 0) >= 33;
+}
+
bool KeyMintAidlTestBase::Curve25519Supported() {
// Strongbox never supports curve 25519.
if (SecLevel() == SecurityLevel::STRONGBOX) {
@@ -312,6 +320,30 @@ ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc,
return GenerateKey(key_desc, attest_key, &key_blob_, &key_characteristics_, &cert_chain_);
}
+ErrorCode KeyMintAidlTestBase::GenerateKeyWithSelfSignedAttestKey(
+ const AuthorizationSet& attest_key_desc, const AuthorizationSet& key_desc,
+ vector<uint8_t>* key_blob, vector<KeyCharacteristics>* key_characteristics,
+ vector<Certificate>* cert_chain) {
+ AttestationKey attest_key;
+ vector<Certificate> attest_cert_chain;
+ vector<KeyCharacteristics> attest_key_characteristics;
+ // Generate a key with self signed attestation.
+ auto error = GenerateKey(attest_key_desc, std::nullopt, &attest_key.keyBlob,
+ &attest_key_characteristics, &attest_cert_chain);
+ if (error != ErrorCode::OK) {
+ return error;
+ }
+
+ attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
+ // Generate a key, by passing the above self signed attestation key as attest key.
+ error = GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain);
+ if (error == ErrorCode::OK) {
+ // Append the attest_cert_chain to the attested cert_chain to yield a valid cert chain.
+ cert_chain->push_back(attest_cert_chain[0]);
+ }
+ return error;
+}
+
ErrorCode KeyMintAidlTestBase::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
const string& key_material, vector<uint8_t>* key_blob,
vector<KeyCharacteristics>* key_characteristics) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 13:19:02 +0000