From 0215cb3d3ef4e5421a1f4c414b7a20b83edf2576 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Mon, 7 Aug 2023 11:53:46 +0100 Subject: [PATCH] KeyMint: use a smaller invalid IMEI value The invalid value used for the second IMEI attestation test is potentially wrong in two ways: - It doesn't match the provisioned value. - It's not a valid IMEI, not least because it is longer than 16 bytes. Make the test value shorter so the second failure doesn't apply and the test can reliably expect CANNOT_ATTEST_IDS. Bug: 292959871 Test: VtsAidlKeyMintTargetTest Change-Id: If8c6b9e08b48e6caf5c767578e1ac43964214619 --- security/keymint/aidl/vts/functional/AttestKeyTest.cpp | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index 8a8eaa4649..8aef9d9a13 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -919,7 +919,9 @@ TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) { .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model"); if (isSecondImeiIdAttestationRequired()) { - attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, "invalid-second-imei"); + // Note: the invalid value here is < 16 bytes long to avoid triggering any implementation + // checks on valid IMEI lengths. + attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, "invalid-imei2"); } vector key_blob; vector key_characteristics;