Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 35621098 authored by David Drysdale's avatar David Drysdale
Browse files

Fix attestation error checks 

Avoid the ADD_FAILURE at the end if attestion ID failure uses an allowed
return code.

Test: VtsAidlKeyMintTargetTest
Bug: 286733800
(cherry picked from https://android-review.googlesource.com/q/commit:810fbcffed8e86a3b53e8212ce4fdb64971d812f)
Change-Id: I0dcac312ac4516a078b2742721e3a19074da52b1
Merged-In: I0dcac312ac4516a078b2742721e3a19074da52b1
parent 94042a98

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+10 −14
Original line number Original line Diff line number Diff line
@@ -2155,31 +2155,27 @@ void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey) 




// Check the error code from an attempt to perform device ID attestation with an invalid value.

// Check the error code from an attempt to perform device ID attestation with an invalid value.

void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result) {

void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result) {

    // Standard/default error code for ID mismatch.

    if (result == ErrorCode::CANNOT_ATTEST_IDS) {

    if (result == ErrorCode::CANNOT_ATTEST_IDS) {

        return;

        // Standard/default error code for ID mismatch.

    }

    } else if (result == ErrorCode::INVALID_TAG) {



        // Depending on the situation, other error codes may be acceptable.  First, allow older

        // Depending on the situation, other error codes may be acceptable.  First, allow older

        // implementations to use INVALID_TAG.

        // implementations to use INVALID_TAG.

    if (result == ErrorCode::INVALID_TAG) {

        ASSERT_FALSE(get_vsr_api_level() > __ANDROID_API_T__)

        ASSERT_FALSE(get_vsr_api_level() > __ANDROID_API_T__)

                << "It is a specification violation for INVALID_TAG to be returned due to ID "

                << "It is a specification violation for INVALID_TAG to be returned due to ID "

                << "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to "

                << "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to "

                << "be used for a case where updateAad() is called after update(). As of "

                << "be used for a case where updateAad() is called after update(). As of "

                << "VSR-14, this is now enforced as an error.";

                << "VSR-14, this is now enforced as an error.";

    }

    } else if (result == ErrorCode::ATTESTATION_IDS_NOT_PROVISIONED) {



        // If the device is not a phone, it will not have IMEI/MEID values available.  Allow

        // If the device is not a phone, it will not have IMEI/MEID values available.  Allow

        // ATTESTATION_IDS_NOT_PROVISIONED in this case.

        // ATTESTATION_IDS_NOT_PROVISIONED in this case.

    if (result == ErrorCode::ATTESTATION_IDS_NOT_PROVISIONED) {

        ASSERT_TRUE((tag == TAG_ATTESTATION_ID_IMEI || tag == TAG_ATTESTATION_ID_MEID ||

        ASSERT_TRUE((tag == TAG_ATTESTATION_ID_IMEI || tag == TAG_ATTESTATION_ID_MEID ||

                     tag == TAG_ATTESTATION_ID_SECOND_IMEI))

                     tag == TAG_ATTESTATION_ID_SECOND_IMEI))

                << "incorrect error code on attestation ID mismatch";

                << "incorrect error code on attestation ID mismatch";

    }

    } else {

        ADD_FAILURE() << "Error code " << result

        ADD_FAILURE() << "Error code " << result

                      << " returned on attestation ID mismatch, should be CANNOT_ATTEST_IDS";

                      << " returned on attestation ID mismatch, should be CANNOT_ATTEST_IDS";

    }

    }

}





// Check whether the given named feature is available.

// Check whether the given named feature is available.

bool check_feature(const std::string& name) {

bool check_feature(const std::string& name) {