KeyMint: tweak spec to allow for no v4 in V (1405dbc7) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/android/hardware/security/keymint/Tag.aidl

+5 −4

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+5 −5

Original line number	Original line	Diff line number	Diff line
	@@ -4123,13 +4123,13 @@ TEST_P(ImportKeyTest, EcdsaSuccess) {
	* when the EC_CURVE is not explicitly specified.		* when the EC_CURVE is not explicitly specified.
	*/		*/
	TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) {		TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) {
	if (AidlVersion() < 4) {		if (get_vsr_api_level() < __ANDROID_API_V__) {
	/*		/*
	* The KeyMint spec before V4 was not clear as to whether EC_CURVE was optional on import of		* The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import
	* EC keys. However, this was not checked at the time so we can only be strict about		* of EC keys. However, this was not checked at the time so we can only be strict about
	* checking this for implementations of KeyMint version 4 and above.		* checking this for implementations at VSR-V or later.
	*/		*/
	GTEST_SKIP() << "Skipping EC_CURVE on import only strict since KeyMint v4";		GTEST_SKIP() << "Skipping EC_CURVE on import only strict >= VSR-V";
	}		}

	ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()		ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()

Original line number	Original line	Diff line number	Diff line
	@@ -974,8 +974,8 @@ enum Tag {
	* time in milliseconds. This value is used when generating attestation or self signed		* time in milliseconds. This value is used when generating attestation or self signed
	* certificates. ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if		* certificates. ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if
	* this tag is not provided to generateKey or importKey. For importWrappedKey, there is no way		* this tag is not provided to generateKey or importKey. For importWrappedKey, there is no way
	* to specify the value of this tag for the wrapped key, so a value of 0 must be used for		* to specify the value of this tag for a wrapped asymmetric key, so a value of 0 is suggested
	* certificate generation.		* for certificate generation.
	*/		*/
	CERTIFICATE_NOT_BEFORE = TagType.DATE \| 1008,		CERTIFICATE_NOT_BEFORE = TagType.DATE \| 1008,

	@@ -983,8 +983,9 @@ enum Tag {
	* Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch time in		* Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch time in
	* milliseconds. This value is used when generating attestation or self signed certificates.		* milliseconds. This value is used when generating attestation or self signed certificates.
	* ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey or		* ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey or
	* importKey. For importWrappedKey, there is no way to specify the value of this tag for the		* importKey. For importWrappedKey, there is no way to specify the value of this tag for a
	* wrapped key, so a value of 253402300799000 is used for certificate generation.		* wrapped asymmetric key, so a value of 253402300799000 is suggested for certificate
			* generation.
	*/		*/
	CERTIFICATE_NOT_AFTER = TagType.DATE \| 1009,		CERTIFICATE_NOT_AFTER = TagType.DATE \| 1009,