tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix RKP support assumptions for keymint VTS

Browse source 
The support level for strongbox is different from the tee
implementation. Additionally, we were incorrectly checking the keymint
aidl version. KeyMint 1.0 supported ATTEST_KEY, so it's unclear why we
were ever checking for KeyMint 2.0.

Test: VtsAidlKeyMintTargetTest
Bug: 263844771
Change-Id: I750367902fec90204d71c1e158404b2421f9ad87
This commit is contained in:
Seth Moore 2023-03-03 13:40:30 -08:00
parent 650c081f23
commit a12ac74603
3 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
View file

@ -1283,6 +1283,19 @@ std::pair<ErrorCode, vector<uint8_t>> KeyMintAidlTestBase::UpgradeKey(
return retval;
}
bool KeyMintAidlTestBase::IsRkpSupportRequired() const {
if (get_vsr_api_level() >= __ANDROID_API_T__) {
return true;
}
if (get_vsr_api_level() >= __ANDROID_API_S__) {
return SecLevel() != SecurityLevel::STRONGBOX;
}
return false;
}
vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) {
switch (algorithm) {
case Algorithm::RSA:

1
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
View file

@ -309,6 +309,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
}
bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
SecurityLevel SecLevel() const { return securityLevel_; }
bool IsRkpSupportRequired() const;
vector<uint32_t> ValidKeySizes(Algorithm algorithm);
vector<uint32_t> InvalidKeySizes(Algorithm algorithm);

8
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View file

@ -1136,8 +1136,8 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) {
* that has been generated using an associate IRemotelyProvisionedComponent.
*/
TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) {
if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) {
GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";
if (!IsRkpSupportRequired()) {
GTEST_SKIP() << "RKP support is not required on this platform";
}
// There should be an IRemotelyProvisionedComponent instance associated with the KeyMint
@ -1214,8 +1214,8 @@ TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) {
* that has been generated using an associate IRemotelyProvisionedComponent.
*/
TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) {
if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) {
GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";
if (!IsRkpSupportRequired()) {
GTEST_SKIP() << "RKP support is not required on this platform";
}
// There should be an IRemotelyProvisionedComponent instance associated with the KeyMint