Loading security/keymint/aidl/vts/functional/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -37,6 +37,7 @@ cc_defaults { "libcrypto", "libbase", "libgatekeeper", "libvendorsupport", "packagemanager_aidl-cpp", ], static_libs: [ Loading security/keymint/aidl/vts/functional/BootloaderStateTest.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -27,6 +27,7 @@ #include <libavb/libavb.h> #include <libavb_user/avb_ops_user.h> #include <remote_prov/remote_prov_utils.h> #include <vendorsupport/api_level.h> #include "KeyMintAidlTestBase.h" Loading Loading @@ -98,7 +99,7 @@ TEST_P(BootloaderStateTest, VbStateIsUnverified) { // Check that the attested Verified Boot key is 32 bytes of zeroes since the bootloader is unlocked. TEST_P(BootloaderStateTest, VerifiedBootKeyAllZeroes) { // Gate this test to avoid waiver issues. if (get_vsr_api_level() <= __ANDROID_API_V__) { if (get_vsr_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { return; } Loading Loading @@ -141,7 +142,7 @@ TEST_P(BootloaderStateTest, VbmetaDigest) { avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA256, sha256Digest.data()); if (get_vsr_api_level() >= __ANDROID_API_V__) { if (get_vsr_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { ASSERT_TRUE(attestedVbmetaDigest_ == sha256Digest) << "Attested VBMeta digest (" << bin2hex(attestedVbmetaDigest_) << ") does not match the expected SHA-256 digest (" << bin2hex(sha256Digest) Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -35,6 +35,7 @@ #include <openssl/evp.h> #include <openssl/mem.h> #include <remote_prov/remote_prov_utils.h> #include <vendorsupport/api_level.h> #include <keymaster/cppcose/cppcose.h> #include <keymint_support/key_param_output.h> Loading Loading @@ -1908,13 +1909,13 @@ void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, bool device_ } } if (get_vsr_api_level() > __ANDROID_API_V__) { if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be exactly 32 bytes since it // contains the SHA-256 hash of the key on locked devices or 32 bytes // of zeroes on unlocked devices. This wasn't checked for earlier // versions of the KeyMint HAL, so only only be strict for VSR-16+. EXPECT_EQ(verified_boot_key.size(), 32); } else if (get_vsr_api_level() == __ANDROID_API_V__) { } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be: // - Exactly 32 bytes on locked devices since it should contain // the SHA-256 hash of the key, or Loading security/keymint/aidl/vts/functional/KeyMintTest.cpp +6 −4 Original line number Diff line number Diff line Loading @@ -42,6 +42,8 @@ #include <keymint_support/key_param_output.h> #include <keymint_support/openssl_utils.h> #include <vendorsupport/api_level.h> #include "KeyMintAidlTestBase.h" using aidl::android::hardware::security::keymint::AuthorizationSet; Loading Loading @@ -4156,7 +4158,7 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { * when the EC_CURVE is not explicitly specified. */ TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) { if (get_vsr_api_level() < __ANDROID_API_V__) { if (get_vsr_api_level() < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import * of EC keys. However, this was not checked at the time so we can only be strict about Loading Loading @@ -5315,7 +5317,7 @@ auto wrapping_key_for_asym_keys = hex2str( TEST_P(ImportWrappedKeyTest, RsaKey) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < __ANDROID_API_V__) { if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to * just symmetric keys. However, the import of asymmetric wrapped keys was not tested Loading Loading @@ -5346,7 +5348,7 @@ TEST_P(ImportWrappedKeyTest, RsaKey) { TEST_P(ImportWrappedKeyTest, EcKey) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < __ANDROID_API_V__) { if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to * just symmetric keys. However, the import of asymmetric wrapped keys was not tested Loading Loading @@ -8962,7 +8964,7 @@ TEST_P(VsrRequirementTest, Vsr14Test) { // @VsrTest = GMS-VSR-3.10-019 TEST_P(VsrRequirementTest, Vsr16Test) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level <= __ANDROID_API_V__) { if (vsr_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { GTEST_SKIP() << "Applies only to VSR API level > 35, this device is: " << vsr_api_level; } if (SecLevel() == SecurityLevel::STRONGBOX) { Loading security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ #include <cppbor_parse.h> #include <keymaster/cppcose/cppcose.h> #include <keymint_support/key_param_output.h> #include <vendorsupport/api_level.h> #include "KeyMintAidlTestBase.h" Loading Loading @@ -114,13 +115,13 @@ class SecureElementProvisioningTest : public testing::Test { const auto& vbKey = rot->asArray()->get(pos++); ASSERT_TRUE(vbKey); ASSERT_TRUE(vbKey->asBstr()); if (get_vsr_api_level() > __ANDROID_API_V__) { if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be exactly 32 bytes since it // contains the SHA-256 hash of the key on locked devices or 32 bytes // of zeroes on unlocked devices. This wasn't checked for earlier // versions of the KeyMint HAL, so only only be strict for VSR-16+. ASSERT_EQ(vbKey->asBstr()->value().size(), 32); } else if (get_vsr_api_level() == __ANDROID_API_V__) { } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be: // - Exactly 32 bytes on locked devices since it should contain // the SHA-256 hash of the key, or Loading Loading
security/keymint/aidl/vts/functional/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -37,6 +37,7 @@ cc_defaults { "libcrypto", "libbase", "libgatekeeper", "libvendorsupport", "packagemanager_aidl-cpp", ], static_libs: [ Loading
security/keymint/aidl/vts/functional/BootloaderStateTest.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -27,6 +27,7 @@ #include <libavb/libavb.h> #include <libavb_user/avb_ops_user.h> #include <remote_prov/remote_prov_utils.h> #include <vendorsupport/api_level.h> #include "KeyMintAidlTestBase.h" Loading Loading @@ -98,7 +99,7 @@ TEST_P(BootloaderStateTest, VbStateIsUnverified) { // Check that the attested Verified Boot key is 32 bytes of zeroes since the bootloader is unlocked. TEST_P(BootloaderStateTest, VerifiedBootKeyAllZeroes) { // Gate this test to avoid waiver issues. if (get_vsr_api_level() <= __ANDROID_API_V__) { if (get_vsr_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { return; } Loading Loading @@ -141,7 +142,7 @@ TEST_P(BootloaderStateTest, VbmetaDigest) { avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA256, sha256Digest.data()); if (get_vsr_api_level() >= __ANDROID_API_V__) { if (get_vsr_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { ASSERT_TRUE(attestedVbmetaDigest_ == sha256Digest) << "Attested VBMeta digest (" << bin2hex(attestedVbmetaDigest_) << ") does not match the expected SHA-256 digest (" << bin2hex(sha256Digest) Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -35,6 +35,7 @@ #include <openssl/evp.h> #include <openssl/mem.h> #include <remote_prov/remote_prov_utils.h> #include <vendorsupport/api_level.h> #include <keymaster/cppcose/cppcose.h> #include <keymint_support/key_param_output.h> Loading Loading @@ -1908,13 +1909,13 @@ void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, bool device_ } } if (get_vsr_api_level() > __ANDROID_API_V__) { if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be exactly 32 bytes since it // contains the SHA-256 hash of the key on locked devices or 32 bytes // of zeroes on unlocked devices. This wasn't checked for earlier // versions of the KeyMint HAL, so only only be strict for VSR-16+. EXPECT_EQ(verified_boot_key.size(), 32); } else if (get_vsr_api_level() == __ANDROID_API_V__) { } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be: // - Exactly 32 bytes on locked devices since it should contain // the SHA-256 hash of the key, or Loading
security/keymint/aidl/vts/functional/KeyMintTest.cpp +6 −4 Original line number Diff line number Diff line Loading @@ -42,6 +42,8 @@ #include <keymint_support/key_param_output.h> #include <keymint_support/openssl_utils.h> #include <vendorsupport/api_level.h> #include "KeyMintAidlTestBase.h" using aidl::android::hardware::security::keymint::AuthorizationSet; Loading Loading @@ -4156,7 +4158,7 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { * when the EC_CURVE is not explicitly specified. */ TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) { if (get_vsr_api_level() < __ANDROID_API_V__) { if (get_vsr_api_level() < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import * of EC keys. However, this was not checked at the time so we can only be strict about Loading Loading @@ -5315,7 +5317,7 @@ auto wrapping_key_for_asym_keys = hex2str( TEST_P(ImportWrappedKeyTest, RsaKey) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < __ANDROID_API_V__) { if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to * just symmetric keys. However, the import of asymmetric wrapped keys was not tested Loading Loading @@ -5346,7 +5348,7 @@ TEST_P(ImportWrappedKeyTest, RsaKey) { TEST_P(ImportWrappedKeyTest, EcKey) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < __ANDROID_API_V__) { if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to * just symmetric keys. However, the import of asymmetric wrapped keys was not tested Loading Loading @@ -8962,7 +8964,7 @@ TEST_P(VsrRequirementTest, Vsr14Test) { // @VsrTest = GMS-VSR-3.10-019 TEST_P(VsrRequirementTest, Vsr16Test) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level <= __ANDROID_API_V__) { if (vsr_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { GTEST_SKIP() << "Applies only to VSR API level > 35, this device is: " << vsr_api_level; } if (SecLevel() == SecurityLevel::STRONGBOX) { Loading
security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -26,6 +26,7 @@ #include <cppbor_parse.h> #include <keymaster/cppcose/cppcose.h> #include <keymint_support/key_param_output.h> #include <vendorsupport/api_level.h> #include "KeyMintAidlTestBase.h" Loading Loading @@ -114,13 +115,13 @@ class SecureElementProvisioningTest : public testing::Test { const auto& vbKey = rot->asArray()->get(pos++); ASSERT_TRUE(vbKey); ASSERT_TRUE(vbKey->asBstr()); if (get_vsr_api_level() > __ANDROID_API_V__) { if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be exactly 32 bytes since it // contains the SHA-256 hash of the key on locked devices or 32 bytes // of zeroes on unlocked devices. This wasn't checked for earlier // versions of the KeyMint HAL, so only only be strict for VSR-16+. ASSERT_EQ(vbKey->asBstr()->value().size(), 32); } else if (get_vsr_api_level() == __ANDROID_API_V__) { } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be: // - Exactly 32 bytes on locked devices since it should contain // the SHA-256 hash of the key, or Loading
