Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1589c401 authored by Max Bires's avatar Max Bires Committed by Gerrit Code Review
Browse files

Merge "Fix overly relaxed Device ID Test."

parents 558762c1 a97ec69e
Loading
Loading
Loading
Loading
+1 −0
Original line number Diff line number Diff line
@@ -892,6 +892,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) {

        ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS || result == ErrorCode::INVALID_TAG)
                << "result = " << result;
        device_id_attestation_vsr_check(result);
    }
    CheckedDeleteKey(&attest_key.keyBlob);
}
+1 −1
Original line number Diff line number Diff line
@@ -348,8 +348,8 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) {
        // Add the tag that doesn't match the local device's real ID.
        builder.push_back(invalid_tag);
        auto result = GenerateKey(builder, &key_blob, &key_characteristics);

        ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS || result == ErrorCode::INVALID_TAG);
        device_id_attestation_vsr_check(result);
    }
}

+10 −0
Original line number Diff line number Diff line
@@ -2031,6 +2031,16 @@ void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey)
    *signingKey = std::move(pubKey);
}

void device_id_attestation_vsr_check(const ErrorCode& result) {
    if (get_vsr_api_level() >= 34) {
        ASSERT_FALSE(result == ErrorCode::INVALID_TAG)
                << "It is a specification violation for INVALID_TAG to be returned due to ID "
                << "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to "
                << "be used for a case where updateAad() is called after update(). As of "
                << "VSR-14, this is now enforced as an error.";
    }
}

}  // namespace test

}  // namespace aidl::android::hardware::security::keymint
+1 −0
Original line number Diff line number Diff line
@@ -395,6 +395,7 @@ vector<uint8_t> make_name_from_str(const string& name);
void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
                        vector<uint8_t>* payload_value);
void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
void device_id_attestation_vsr_check(const ErrorCode& result);

AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);