tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Fix attestation error checks" am: 82f86a1d4b am: 18283b6ca8

Browse source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2648423

Change-Id: Ie44a53ed5f18557997ae18dc5881782449737881
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
David Drysdale 2023-07-05 06:41:28 +00:00 committed by Automerger Merge Worker
commit 286d2f7ea6
1 changed files with 10 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
View file

@ -2214,30 +2214,26 @@ void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey)
// Check the error code from an attempt to perform device ID attestation with an invalid value.
void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result) {
// Standard/default error code for ID mismatch.
if (result == ErrorCode::CANNOT_ATTEST_IDS) {
return;
}
// Depending on the situation, other error codes may be acceptable. First, allow older
// implementations to use INVALID_TAG.
if (result == ErrorCode::INVALID_TAG) {
// Standard/default error code for ID mismatch.
} else if (result == ErrorCode::INVALID_TAG) {
// Depending on the situation, other error codes may be acceptable. First, allow older
// implementations to use INVALID_TAG.
ASSERT_FALSE(get_vsr_api_level() > __ANDROID_API_T__)
<< "It is a specification violation for INVALID_TAG to be returned due to ID "
<< "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to "
<< "be used for a case where updateAad() is called after update(). As of "
<< "VSR-14, this is now enforced as an error.";
}
// If the device is not a phone, it will not have IMEI/MEID values available. Allow
// ATTESTATION_IDS_NOT_PROVISIONED in this case.
if (result == ErrorCode::ATTESTATION_IDS_NOT_PROVISIONED) {
} else if (result == ErrorCode::ATTESTATION_IDS_NOT_PROVISIONED) {
// If the device is not a phone, it will not have IMEI/MEID values available. Allow
// ATTESTATION_IDS_NOT_PROVISIONED in this case.
ASSERT_TRUE((tag == TAG_ATTESTATION_ID_IMEI || tag == TAG_ATTESTATION_ID_MEID ||
tag == TAG_ATTESTATION_ID_SECOND_IMEI))
<< "incorrect error code on attestation ID mismatch";
} else {
ADD_FAILURE() << "Error code " << result
<< " returned on attestation ID mismatch, should be CANNOT_ATTEST_IDS";
}
ADD_FAILURE() << "Error code " << result
<< " returned on attestation ID mismatch, should be CANNOT_ATTEST_IDS";
}
// Check whether the given named feature is available.