Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 445eeca8 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Skip tests on Strongbox with GSI build on devices with vendor-api-level... 

Merge "Skip tests on Strongbox with GSI build on devices with vendor-api-level < Android-V to avoid failures." into main am: f60db8ad

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3442627



Change-Id: I9d227c50dda6c0388ad4212d029b81c7a58641b6
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents f184b40c f60db8ad

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+23 −4
Original line number Diff line number Diff line
@@ -2269,11 +2269,20 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
    get_unique_id(app_id, min_date - 1, &unique_id8);

    EXPECT_NE(unique_id, unique_id8);



    // Some StrongBox implementations did not correctly handle RESET_SINCE_ID_ROTATION when

    // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under GSI

    // were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be determined),

    // uncovering the problem. Skip this test for older implementations in that situation

    // (cf. b/385800086).

    int vendor_api_level = get_vendor_api_level();

    if (!(is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

          vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__))) {

        // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.

        vector<uint8_t> unique_id9;

        get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);

        EXPECT_NE(unique_id, unique_id9);

    }

}



/*

 * NewKeyGenerationTest.EcdsaAttestationTagNoApplicationId
@@ -2281,6 +2290,16 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
 * Verifies that creation of an attested ECDSA key does not include APPLICATION_ID.

 */

TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) {

    int vendor_api_level = get_vendor_api_level();

    if (is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

        vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        // Some StrongBox implementations did not correctly handle missing APPLICATION_ID when

        // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under

        // GSI were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be

        // determined), uncovering the problem. Skip this test for older implementations in that

        // situation (cf. b/385800086).

        GTEST_SKIP() << "Skip test on StrongBox device with vendor-api-level < __ANDROID_API_V__";

    }

    auto challenge = "hello";

    auto attest_app_id = "foo";

    auto subject = "cert subj 2";