tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

KeyMint VTS: skip device ID checks on GSI

Browse source 
Bug: 229356841
Test: VtsAidlKeyMintTargetTest
Change-Id: I3182bad5584c35df7b1eeb476dabb39d19fdf12c
(cherry picked from commit 555ba00c0f)
Merged-In: I3182bad5584c35df7b1eeb476dabb39d19fdf12c
This commit is contained in:
David Drysdale 2022-05-03 18:48:57 +01:00 committed by Cherrypicker Worker
parent 1dd0d22f3a
commit 32a7bece10
4 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
security/keymint/aidl/vts/functional/AttestKeyTest.cpp
View file

@ -743,6 +743,11 @@ TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
} }
TEST_P(AttestKeyTest, EcdsaAttestationID) { TEST_P(AttestKeyTest, EcdsaAttestationID) {
if (is_gsi_image()) {
// GSI sets up a standard set of device identifiers that may not match
// the device identifiers held by the device.
GTEST_SKIP() << "Test not applicable under GSI";
}
// Create attestation key. // Create attestation key.
AttestationKey attest_key; AttestationKey attest_key;
vector<KeyCharacteristics> attest_key_characteristics; vector<KeyCharacteristics> attest_key_characteristics;

6
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
View file

@ -17,6 +17,7 @@
#include "KeyMintAidlTestBase.h" #include "KeyMintAidlTestBase.h"
#include <chrono> #include <chrono>
#include <fstream>
#include <unordered_set> #include <unordered_set>
#include <vector> #include <vector>
@ -1460,6 +1461,11 @@ void verify_subject(const X509* cert, //
OPENSSL_free(cert_issuer); OPENSSL_free(cert_issuer);
} }
bool is_gsi_image() {
std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc");
return ifs.good();
}
vector<uint8_t> build_serial_blob(const uint64_t serial_int) { vector<uint8_t> build_serial_blob(const uint64_t serial_int) {
BIGNUM_Ptr serial(BN_new()); BIGNUM_Ptr serial(BN_new());
EXPECT_TRUE(BN_set_u64(serial.get(), serial_int)); EXPECT_TRUE(BN_set_u64(serial.get(), serial_int));

3
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
View file

@ -354,6 +354,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t
} }
} }
// Indicate whether the test is running on a GSI image.
bool is_gsi_image();
vector<uint8_t> build_serial_blob(const uint64_t serial_int); vector<uint8_t> build_serial_blob(const uint64_t serial_int);
void verify_subject(const X509* cert, const string& subject, bool self_signed); void verify_subject(const X509* cert, const string& subject, bool self_signed);
void verify_serial(X509* cert, const uint64_t expected_serial); void verify_serial(X509* cert, const uint64_t expected_serial);

5
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View file

@ -1949,6 +1949,11 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) {
* attestation extension. * attestation extension.
*/ */
TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
if (is_gsi_image()) {
// GSI sets up a standard set of device identifiers that may not match
// the device identifiers held by the device.
GTEST_SKIP() << "Test not applicable under GSI";
}
auto challenge = "hello"; auto challenge = "hello";
auto app_id = "foo"; auto app_id = "foo";
auto subject = "cert subj 2"; auto subject = "cert subj 2";