Loading security/keymint/aidl/vts/functional/AttestKeyTest.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -783,7 +783,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { vector<Certificate> attested_key_cert_chain; auto result = GenerateKey(builder, attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain); if (result == ErrorCode::CANNOT_ATTEST_IDS) { if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) { continue; } Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +8 −0 Original line number Diff line number Diff line Loading @@ -207,6 +207,14 @@ uint32_t KeyMintAidlTestBase::boot_patch_level() { return boot_patch_level(key_characteristics_); } /** * An API to determine device IDs attestation is required or not, * which is mandatory for KeyMint version 2 or first_api_level 33 or greater. */ bool KeyMintAidlTestBase::isDeviceIdAttestationRequired() { return AidlVersion() >= 2 || property_get_int32("ro.vendor.api_level", 0) >= 33; } bool KeyMintAidlTestBase::Curve25519Supported() { // Strongbox never supports curve 25519. if (SecLevel() == SecurityLevel::STRONGBOX) { Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +1 −0 Original line number Diff line number Diff line Loading @@ -79,6 +79,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { uint32_t vendor_patch_level() { return vendor_patch_level_; } uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics); uint32_t boot_patch_level(); bool isDeviceIdAttestationRequired(); bool Curve25519Supported(); Loading security/keymint/aidl/vts/functional/KeyMintTest.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -1986,8 +1986,8 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { if (SecLevel() == SecurityLevel::STRONGBOX) { if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return; } if (result == ErrorCode::CANNOT_ATTEST_IDS) { // Device ID attestation is optional; KeyMint may not support it at all. if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) { // ID attestation was optional till api level 32, from api level 33 it is mandatory. continue; } ASSERT_EQ(result, ErrorCode::OK); Loading Loading
security/keymint/aidl/vts/functional/AttestKeyTest.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -783,7 +783,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { vector<Certificate> attested_key_cert_chain; auto result = GenerateKey(builder, attest_key, &attested_key_blob, &attested_key_characteristics, &attested_key_cert_chain); if (result == ErrorCode::CANNOT_ATTEST_IDS) { if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) { continue; } Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +8 −0 Original line number Diff line number Diff line Loading @@ -207,6 +207,14 @@ uint32_t KeyMintAidlTestBase::boot_patch_level() { return boot_patch_level(key_characteristics_); } /** * An API to determine device IDs attestation is required or not, * which is mandatory for KeyMint version 2 or first_api_level 33 or greater. */ bool KeyMintAidlTestBase::isDeviceIdAttestationRequired() { return AidlVersion() >= 2 || property_get_int32("ro.vendor.api_level", 0) >= 33; } bool KeyMintAidlTestBase::Curve25519Supported() { // Strongbox never supports curve 25519. if (SecLevel() == SecurityLevel::STRONGBOX) { Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +1 −0 Original line number Diff line number Diff line Loading @@ -79,6 +79,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { uint32_t vendor_patch_level() { return vendor_patch_level_; } uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics); uint32_t boot_patch_level(); bool isDeviceIdAttestationRequired(); bool Curve25519Supported(); Loading
security/keymint/aidl/vts/functional/KeyMintTest.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -1986,8 +1986,8 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { if (SecLevel() == SecurityLevel::STRONGBOX) { if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return; } if (result == ErrorCode::CANNOT_ATTEST_IDS) { // Device ID attestation is optional; KeyMint may not support it at all. if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) { // ID attestation was optional till api level 32, from api level 33 it is mandatory. continue; } ASSERT_EQ(result, ErrorCode::OK); Loading
