1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.keystore.cts; 18 19 import static android.app.admin.DevicePolicyManager.ID_TYPE_SERIAL; 20 21 import static com.google.common.truth.Truth.assertThat; 22 import static org.testng.Assert.assertThrows; 23 24 import android.app.admin.DevicePolicyManager; 25 import android.content.ComponentName; 26 import android.security.AttestedKeyPair; 27 import android.security.keystore.KeyGenParameterSpec; 28 import android.security.keystore.KeyProperties; 29 30 public class KeyGenerationUtils { 31 private static final String ALIAS = "com.android.test.generated-rsa-1"; 32 buildRsaKeySpecWithKeyAttestation(String alias)33 private static KeyGenParameterSpec buildRsaKeySpecWithKeyAttestation(String alias) { 34 return new KeyGenParameterSpec.Builder( 35 alias, 36 KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY) 37 .setKeySize(2048) 38 .setDigests(KeyProperties.DIGEST_SHA256) 39 .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PSS, 40 KeyProperties.SIGNATURE_PADDING_RSA_PKCS1) 41 .setIsStrongBoxBacked(false) 42 .setAttestationChallenge(new byte[]{'a', 'b', 'c'}) 43 .build(); 44 } 45 generateRsaKeyPair(DevicePolicyManager dpm, ComponentName admin, int deviceIdAttestationFlags, String alias)46 private static AttestedKeyPair generateRsaKeyPair(DevicePolicyManager dpm, ComponentName admin, 47 int deviceIdAttestationFlags, String alias) { 48 return dpm.generateKeyPair( 49 admin, "RSA", buildRsaKeySpecWithKeyAttestation(alias), 50 deviceIdAttestationFlags); 51 } 52 generateKeyWithIdFlagsExpectingSuccess(DevicePolicyManager dpm, ComponentName admin, int deviceIdAttestationFlags)53 private static void generateKeyWithIdFlagsExpectingSuccess(DevicePolicyManager dpm, 54 ComponentName admin, int deviceIdAttestationFlags) { 55 try { 56 AttestedKeyPair generated = 57 generateRsaKeyPair(dpm, admin, deviceIdAttestationFlags, ALIAS); 58 assertThat(generated).isNotNull(); 59 } finally { 60 assertThat(dpm.removeKeyPair(admin, ALIAS)).isTrue(); 61 } 62 } 63 generateRsaKey(DevicePolicyManager dpm, ComponentName admin, String alias)64 public static void generateRsaKey(DevicePolicyManager dpm, ComponentName admin, String alias) { 65 assertThat(generateRsaKeyPair(dpm, admin, 0, alias)).isNotNull(); 66 } 67 generateKeyWithDeviceIdAttestationExpectingSuccess(DevicePolicyManager dpm, ComponentName admin)68 public static void generateKeyWithDeviceIdAttestationExpectingSuccess(DevicePolicyManager dpm, 69 ComponentName admin) { 70 generateKeyWithIdFlagsExpectingSuccess(dpm, admin, ID_TYPE_SERIAL); 71 } 72 generateKeyWithDeviceIdAttestationExpectingFailure(DevicePolicyManager dpm, ComponentName admin)73 public static void generateKeyWithDeviceIdAttestationExpectingFailure(DevicePolicyManager dpm, 74 ComponentName admin) { 75 assertThrows(SecurityException.class, 76 () -> dpm.generateKeyPair(admin, "RSA", buildRsaKeySpecWithKeyAttestation(ALIAS), 77 ID_TYPE_SERIAL)); 78 } 79 } 80