Merge "KeyMint VTS: skip device ID checks on GSI" into tm-dev

This commit is contained in:
David Drysdale 2022-05-09 05:15:34 +00:00 committed by Android (Google) Code Review
commit 955b77be57
4 changed files with 19 additions and 0 deletions

View file

@ -743,6 +743,11 @@ TEST_P(AttestKeyTest, AttestWithNonAttestKey) {
}
TEST_P(AttestKeyTest, EcdsaAttestationID) {
if (is_gsi_image()) {
// GSI sets up a standard set of device identifiers that may not match
// the device identifiers held by the device.
GTEST_SKIP() << "Test not applicable under GSI";
}
// Create attestation key.
AttestationKey attest_key;
vector<KeyCharacteristics> attest_key_characteristics;

View file

@ -17,6 +17,7 @@
#include "KeyMintAidlTestBase.h"
#include <chrono>
#include <fstream>
#include <unordered_set>
#include <vector>
@ -1460,6 +1461,11 @@ void verify_subject(const X509* cert, //
OPENSSL_free(cert_issuer);
}
bool is_gsi_image() {
std::ifstream ifs("/system/system_ext/etc/init/init.gsi.rc");
return ifs.good();
}
vector<uint8_t> build_serial_blob(const uint64_t serial_int) {
BIGNUM_Ptr serial(BN_new());
EXPECT_TRUE(BN_set_u64(serial.get(), serial_int));

View file

@ -354,6 +354,9 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t
}
}
// Indicate whether the test is running on a GSI image.
bool is_gsi_image();
vector<uint8_t> build_serial_blob(const uint64_t serial_int);
void verify_subject(const X509* cert, const string& subject, bool self_signed);
void verify_serial(X509* cert, const uint64_t expected_serial);

View file

@ -1949,6 +1949,11 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) {
* attestation extension.
*/
TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
if (is_gsi_image()) {
// GSI sets up a standard set of device identifiers that may not match
// the device identifiers held by the device.
GTEST_SKIP() << "Test not applicable under GSI";
}
auto challenge = "hello";
auto app_id = "foo";
auto subject = "cert subj 2";