From 4418984ab61a7fb1d90b92cddc6268208549a8a4 Mon Sep 17 00:00:00 2001 From: Subrahmanyaman Date: Fri, 1 Apr 2022 08:13:02 +0000 Subject: [PATCH] Run SecureElementProvision tests for KeyMint version >= 2. Test: run vts -m VtsAidlKeyMintTarget Change-Id: Icd2565170a473b539a1959042bbfa93e66947a69 --- .../SecureElementProvisioningTest.cpp | 101 ++++++++++++------ 1 file changed, 67 insertions(+), 34 deletions(-) diff --git a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp index 6f138672ba..e630f7008e 100644 --- a/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp +++ b/security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp @@ -57,6 +57,15 @@ class SecureElementProvisioningTest : public testing::Test { } } + int32_t AidlVersion(shared_ptr keymint) { + int32_t version = 0; + auto status = keymint->getInterfaceVersion(&version); + if (!status.isOk()) { + ADD_FAILURE() << "Failed to determine interface version"; + } + return version; + } + static map> keymints_; }; @@ -73,12 +82,14 @@ TEST_F(SecureElementProvisioningTest, ValidConfigurations) { } TEST_F(SecureElementProvisioningTest, TeeOnly) { - if (keymints_.empty()) { - GTEST_SKIP() << "Test not applicable to device with no KeyMint devices"; + if (keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT) == 0) { + GTEST_SKIP() << "Test not applicable to device with no TEE KeyMint device"; } - ASSERT_EQ(keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT), 1); auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second; - ASSERT_NE(tee, nullptr); + // Execute the test only for KeyMint version >= 2. + if (AidlVersion(tee) < 2) { + GTEST_SKIP() << "Test not applicable to TEE KeyMint device before v2"; + } array challenge1 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; array challenge2 = {1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; @@ -111,12 +122,14 @@ TEST_F(SecureElementProvisioningTest, TeeOnly) { } TEST_F(SecureElementProvisioningTest, TeeDoesNotImplementStrongBoxMethods) { - if (keymints_.empty()) { - GTEST_SKIP() << "Test not applicable to device with no KeyMint devices"; + if (keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT) == 0) { + GTEST_SKIP() << "Test not applicable to device with no TEE KeyMint device"; } - ASSERT_EQ(keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT), 1); auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second; - ASSERT_NE(tee, nullptr); + // Execute the test only for KeyMint version >= 2. + if (AidlVersion(tee) < 2) { + GTEST_SKIP() << "Test not applicable to TEE KeyMint device before v2"; + } array challenge; Status result = tee->getRootOfTrustChallenge(&challenge); @@ -135,9 +148,11 @@ TEST_F(SecureElementProvisioningTest, StrongBoxDoesNotImplementTeeMethods) { // Need a StrongBox to provision. GTEST_SKIP() << "Test not applicable to device with no StrongBox KeyMint device"; } - + // Execute the test only for KeyMint version >= 2. auto sb = keymints_.find(SecurityLevel::STRONGBOX)->second; - ASSERT_NE(sb, nullptr); + if (AidlVersion(sb) < 2) { + GTEST_SKIP() << "Test not applicable to StrongBox KeyMint device before v2"; + } vector rootOfTrust; Status result = sb->getRootOfTrust({}, &rootOfTrust); @@ -151,14 +166,19 @@ TEST_F(SecureElementProvisioningTest, UnimplementedTest) { // Need a StrongBox to provision. GTEST_SKIP() << "Test not applicable to device with no StrongBox KeyMint device"; } - - ASSERT_EQ(keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT), 1); - auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second; - ASSERT_NE(tee, nullptr); - - ASSERT_EQ(keymints_.count(SecurityLevel::STRONGBOX), 1); + // Execute the test only for KeyMint version >= 2. auto sb = keymints_.find(SecurityLevel::STRONGBOX)->second; - ASSERT_NE(sb, nullptr); + if (AidlVersion(sb) < 2) { + GTEST_SKIP() << "Test not applicable to StrongBox KeyMint device before v2"; + } + + if (keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT) == 0) { + GTEST_SKIP() << "Test not applicable to device with no TEE KeyMint device"; + } + auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second; + if (AidlVersion(tee) < 2) { + GTEST_SKIP() << "Test not applicable to TEE KeyMint device before v2"; + } array challenge; Status result = sb->getRootOfTrustChallenge(&challenge); @@ -185,10 +205,11 @@ TEST_F(SecureElementProvisioningTest, ChallengeQualityTest) { // Need a StrongBox to provision. GTEST_SKIP() << "Test not applicable to device with no StrongBox KeyMint device"; } - - ASSERT_EQ(keymints_.count(SecurityLevel::STRONGBOX), 1); + // Execute the test only for KeyMint version >= 2. auto sb = keymints_.find(SecurityLevel::STRONGBOX)->second; - ASSERT_NE(sb, nullptr); + if (AidlVersion(sb) < 2) { + GTEST_SKIP() << "Test not applicable to StrongBox KeyMint device before v2"; + } array challenge1; Status result = sb->getRootOfTrustChallenge(&challenge1); @@ -208,14 +229,20 @@ TEST_F(SecureElementProvisioningTest, ProvisioningTest) { // Need a StrongBox to provision. GTEST_SKIP() << "Test not applicable to device with no StrongBox KeyMint device"; } - - ASSERT_EQ(keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT), 1); - auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second; - ASSERT_NE(tee, nullptr); - - ASSERT_EQ(keymints_.count(SecurityLevel::STRONGBOX), 1); + // Execute the test only for KeyMint version >= 2. auto sb = keymints_.find(SecurityLevel::STRONGBOX)->second; - ASSERT_NE(sb, nullptr); + if (AidlVersion(sb) < 2) { + GTEST_SKIP() << "Test not applicable to StrongBox KeyMint device before v2"; + } + + if (keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT) == 0) { + GTEST_SKIP() << "Test not applicable to device with no TEE KeyMint device"; + } + // Execute the test only for KeyMint version >= 2. + auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second; + if (AidlVersion(tee) < 2) { + GTEST_SKIP() << "Test not applicable to TEE KeyMint device before v2"; + } array challenge; Status result = sb->getRootOfTrustChallenge(&challenge); @@ -240,14 +267,20 @@ TEST_F(SecureElementProvisioningTest, InvalidProvisioningTest) { // Need a StrongBox to provision. GTEST_SKIP() << "Test not applicable to device with no StrongBox KeyMint device"; } - - ASSERT_EQ(keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT), 1); - auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second; - ASSERT_NE(tee, nullptr); - - ASSERT_EQ(keymints_.count(SecurityLevel::STRONGBOX), 1); + // Execute the test only for KeyMint version >= 2. auto sb = keymints_.find(SecurityLevel::STRONGBOX)->second; - ASSERT_NE(sb, nullptr); + if (AidlVersion(sb) < 2) { + GTEST_SKIP() << "Test not applicable to StrongBox KeyMint device before v2"; + } + + if (keymints_.count(SecurityLevel::TRUSTED_ENVIRONMENT) == 0) { + GTEST_SKIP() << "Test not applicable to device with no TEE KeyMint device"; + } + // Execute the test only for KeyMint version >= 2. + auto tee = keymints_.find(SecurityLevel::TRUSTED_ENVIRONMENT)->second; + if (AidlVersion(tee) < 2) { + GTEST_SKIP() << "Test not applicable to TEE KeyMint device before v2"; + } array challenge; Status result = sb->getRootOfTrustChallenge(&challenge);