tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Enable EcdsaAttestationIdTags VTS for GSI" into main

Browse source
This commit is contained in:
Eran Messeri 2023-09-19 10:55:45 +00:00 committed by Gerrit Code Review
commit 801c76b13e
3 changed files with 28 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
security/keymint/aidl/vts/functional/AttestKeyTest.cpp
View file

@ -88,30 +88,6 @@ string get_imei(int slot) {
return imei;
}
// Use `ro.product.<property>_for_attestation` property for attestation if it is present else
// fallback to use `ro.product.vendor.<property>` if it is present else fallback to
// `ro.product.<property>`. Similar logic can be seen in Java method `getVendorDeviceIdProperty`
// in frameworks/base/core/java/android/os/Build.java.
template <Tag tag>
void add_attestation_id(AuthorizationSetBuilder* attestation_id_tags,
TypedTag<TagType::BYTES, tag> tag_type, const char* prop) {
::android::String8 prop_name =
::android::String8::format("ro.product.%s_for_attestation", prop);
std::string prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
if (!prop_value.empty()) {
add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
} else {
prop_name = ::android::String8::format("ro.product.vendor.%s", prop);
prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
if (!prop_value.empty()) {
add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
} else {
prop_name = ::android::String8::format("ro.product.%s", prop);
add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
}
}
}
} // namespace
class AttestKeyTest : public KeyMintAidlTestBase {

23
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
View file

@ -454,6 +454,29 @@ ErrorCode GetReturnErrorCode(const Status& result);
::android::PrintInstanceNameToString); \
GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);
// Use `ro.product.<property>_for_attestation` property for attestation if it is present else
// fallback to use `ro.product.vendor.<property>` if it is present else fallback to
// `ro.product.<property>`. Similar logic can be seen in Java method `getVendorDeviceIdProperty`
// in frameworks/base/core/java/android/os/Build.java.
template <Tag tag>
void add_attestation_id(AuthorizationSetBuilder* attestation_id_tags,
TypedTag<TagType::BYTES, tag> tag_type, const char* prop) {
::android::String8 prop_name =
::android::String8::format("ro.product.%s_for_attestation", prop);
std::string prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
if (!prop_value.empty()) {
add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
} else {
prop_name = ::android::String8::format("ro.product.vendor.%s", prop);
prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
if (!prop_value.empty()) {
add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
} else {
prop_name = ::android::String8::format("ro.product.%s", prop);
add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
}
}
}
} // namespace test
} // namespace aidl::android::hardware::security::keymint

41
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View file

@ -2082,11 +2082,6 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) {
* attestation extension.
*/
TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
if (is_gsi_image()) {
// GSI sets up a standard set of device identifiers that may not match
// the device identifiers held by the device.
GTEST_SKIP() << "Test not applicable under GSI";
}
auto challenge = "hello";
auto app_id = "foo";
auto subject = "cert subj 2";
@ -2106,38 +2101,12 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
// Various ATTESTATION_ID_* tags that map to fields in the attestation extension ASN.1 schema.
auto extra_tags = AuthorizationSetBuilder();
// Use ro.product.brand_for_attestation property for attestation if it is present else fallback
// to ro.product.brand
std::string prop_value =
::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
if (!prop_value.empty()) {
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND,
"ro.product.brand_for_attestation");
} else {
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
}
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
// Use ro.product.name_for_attestation property for attestation if it is present else fallback
// to ro.product.name
prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
if (!prop_value.empty()) {
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT,
"ro.product.name_for_attestation");
} else {
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
}
add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_BRAND, "brand");
add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_DEVICE, "device");
add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_PRODUCT, "name");
add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_MANUFACTURER, "manufacturer");
add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_MODEL, "model");
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MANUFACTURER, "ro.product.manufacturer");
// Use ro.product.model_for_attestation property for attestation if it is present else fallback
// to ro.product.model
prop_value =
::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
if (!prop_value.empty()) {
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL,
"ro.product.model_for_attestation");
} else {
add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
}
for (const KeyParameter& tag : extra_tags) {
SCOPED_TRACE(testing::Message() << "tag-" << tag);