tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Implement KeyMint2 test for VSR13

Browse source 
Test: VtsAidlKeyMintTargetTest & VtsHalKeymasterV4_0TargetTest
Change-Id: Ie10b705bb06990a2a2c6223fcce28f5fde6bf3f3
This commit is contained in:
Shawn Willden 2022-06-02 14:04:33 -06:00
parent f1a7cc01ea
commit 22fb9c16fc
4 changed files with 72 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
View file

@ -27,6 +27,7 @@
#include <openssl/mem.h> #include <openssl/mem.h>
#include <openssl/x509.h> #include <openssl/x509.h>
#include <android-base/properties.h>
#include <cutils/properties.h> #include <cutils/properties.h>
#include <keymasterV4_0/attestation_record.h> #include <keymasterV4_0/attestation_record.h>
@ -386,6 +387,28 @@ bool avb_verification_enabled() {
return property_get("ro.boot.vbmeta.device_state", value, "") != 0; return property_get("ro.boot.vbmeta.device_state", value, "") != 0;
} }
int get_vsr_api_level() {
int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1);
if (api_level == -1) {
api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1);
}
if (api_level == -1) {
api_level = ::android::base::GetIntProperty("ro.vndk.version", -1);
}
// We really should have a VSR API level by now. But on cuttlefish, and perhaps other weird
// devices, we may not. So, we use the SDK first or current API level if needed. If this goes
// wrong, it should go wrong in the direction of being too strict rather than too lenient, which
// should provoke someone to examine why we don't have proper VSR API level properties.
if (api_level == -1) {
api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1);
}
if (api_level == -1) {
api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1);
}
EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent.";
return api_level;
}
bool is_gsi() { bool is_gsi() {
char property_value[PROPERTY_VALUE_MAX] = {}; char property_value[PROPERTY_VALUE_MAX] = {};
EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0); EXPECT_NE(property_get("ro.product.system.name", property_value, ""), 0);
@ -4833,6 +4856,18 @@ TEST_P(TransportLimitTest, LargeFinishInput) {
INSTANTIATE_KEYMASTER_HIDL_TEST(TransportLimitTest); INSTANTIATE_KEYMASTER_HIDL_TEST(TransportLimitTest);
using VsrRequirementTest = KeymasterHidlTest;
TEST_P(VsrRequirementTest, Vsr13Test) {
int vsr_api_level = get_vsr_api_level();
if (vsr_api_level < 33) {
GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level;
}
FAIL() << "VSR 13+ requires KeyMint version 2";
}
INSTANTIATE_KEYMASTER_HIDL_TEST(VsrRequirementTest);
} // namespace test } // namespace test
} // namespace V4_0 } // namespace V4_0
} // namespace keymaster } // namespace keymaster

22
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
View file

@ -1460,6 +1460,28 @@ void verify_subject(const X509* cert, //
OPENSSL_free(cert_issuer); OPENSSL_free(cert_issuer);
} }
int get_vsr_api_level() {
int api_level = ::android::base::GetIntProperty("ro.board.api_level", -1);
if (api_level == -1) {
api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1);
}
if (api_level == -1) {
api_level = ::android::base::GetIntProperty("ro.vndk.version", -1);
}
// We really should have a VSR API level by now. But on cuttlefish, and perhaps other weird
// devices, we may not. So, we use the SDK first or current API level if needed. If this goes
// wrong, it should go wrong in the direction of being too strict rather than too lenient, which
// should provoke someone to examine why we don't have proper VSR API level properties.
if (api_level == -1) {
api_level = ::android::base::GetIntProperty("ro.product.first_api_level", -1);
}
if (api_level == -1) {
api_level = ::android::base::GetIntProperty("ro.build.version.sdk", -1);
}
EXPECT_NE(api_level, -1) << "Could not find a VSR level, or equivalent.";
return api_level;
}
bool is_gsi_image() { bool is_gsi_image() {
std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc"); std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc");
return ifs.good(); return ifs.good();

3
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
View file

@ -355,6 +355,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t
} }
} }
// Return the VSR API level for this device.
int get_vsr_api_level();
// Indicate whether the test is running on a GSI image. // Indicate whether the test is running on a GSI image.
bool is_gsi_image(); bool is_gsi_image();

12
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View file

@ -8014,6 +8014,18 @@ TEST_P(UnlockedDeviceRequiredTest, DISABLED_KeysBecomeUnusable) {
INSTANTIATE_KEYMINT_AIDL_TEST(UnlockedDeviceRequiredTest); INSTANTIATE_KEYMINT_AIDL_TEST(UnlockedDeviceRequiredTest);
using VsrRequirementTest = KeyMintAidlTestBase;
TEST_P(VsrRequirementTest, Vsr13Test) {
int vsr_api_level = get_vsr_api_level();
if (vsr_api_level < 33) {
GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level;
}
EXPECT_GE(AidlVersion(), 2) << "VSR 13+ requires KeyMint version 2";
}
INSTANTIATE_KEYMINT_AIDL_TEST(VsrRequirementTest);
} // namespace aidl::android::hardware::security::keymint::test } // namespace aidl::android::hardware::security::keymint::test
int main(int argc, char** argv) { int main(int argc, char** argv) {