Merge "Enable EcdsaAttestationIdTags VTS for GSI" into main am: 801c76b13e (4b7b07e2) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/vts/functional/AttestKeyTest.cpp

+0 −24

Original line number	Diff line number	Diff line
		@@ -88,30 +88,6 @@ string get_imei(int slot) {

		return imei;
		}

		// Use `ro.product.<property>_for_attestation` property for attestation if it is present else
		// fallback to use `ro.product.vendor.<property>` if it is present else fallback to
		// `ro.product.<property>`. Similar logic can be seen in Java method `getVendorDeviceIdProperty`
		// in frameworks/base/core/java/android/os/Build.java.
		template <Tag tag>
		void add_attestation_id(AuthorizationSetBuilder* attestation_id_tags,
		TypedTag<TagType::BYTES, tag> tag_type, const char* prop) {
		::android::String8 prop_name =
		::android::String8::format("ro.product.%s_for_attestation", prop);
		std::string prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
		if (!prop_value.empty()) {
		add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
		} else {
		prop_name = ::android::String8::format("ro.product.vendor.%s", prop);
		prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
		if (!prop_value.empty()) {
		add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
		} else {
		prop_name = ::android::String8::format("ro.product.%s", prop);
		add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
		}
		}
		}
		} // namespace

		class AttestKeyTest : public KeyMintAidlTestBase {

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

+23 −0

Original line number	Diff line number	Diff line
		@@ -454,6 +454,29 @@ ErrorCode GetReturnErrorCode(const Status& result);
		::android::PrintInstanceNameToString); \
		GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);

		// Use `ro.product.<property>_for_attestation` property for attestation if it is present else
		// fallback to use `ro.product.vendor.<property>` if it is present else fallback to
		// `ro.product.<property>`. Similar logic can be seen in Java method `getVendorDeviceIdProperty`
		// in frameworks/base/core/java/android/os/Build.java.
		template <Tag tag>
		void add_attestation_id(AuthorizationSetBuilder* attestation_id_tags,
		TypedTag<TagType::BYTES, tag> tag_type, const char* prop) {
		::android::String8 prop_name =
		::android::String8::format("ro.product.%s_for_attestation", prop);
		std::string prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
		if (!prop_value.empty()) {
		add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
		} else {
		prop_name = ::android::String8::format("ro.product.vendor.%s", prop);
		prop_value = ::android::base::GetProperty(prop_name.c_str(), /* default= */ "");
		if (!prop_value.empty()) {
		add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
		} else {
		prop_name = ::android::String8::format("ro.product.%s", prop);
		add_tag_from_prop(attestation_id_tags, tag_type, prop_name.c_str());
		}
		}
		}
		} // namespace test

		} // namespace aidl::android::hardware::security::keymint

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+5 −36

Original line number	Diff line number	Diff line
		@@ -2082,11 +2082,6 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) {
		* attestation extension.
		*/
		TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
		if (is_gsi_image()) {
		// GSI sets up a standard set of device identifiers that may not match
		// the device identifiers held by the device.
		GTEST_SKIP() << "Test not applicable under GSI";
		}
		auto challenge = "hello";
		auto app_id = "foo";
		auto subject = "cert subj 2";
		@@ -2106,38 +2101,12 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {

		// Various ATTESTATION_ID_* tags that map to fields in the attestation extension ASN.1 schema.
		auto extra_tags = AuthorizationSetBuilder();
		// Use ro.product.brand_for_attestation property for attestation if it is present else fallback
		// to ro.product.brand
		std::string prop_value =
		::android::base::GetProperty("ro.product.brand_for_attestation", /* default= */ "");
		if (!prop_value.empty()) {
		add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND,
		"ro.product.brand_for_attestation");
		} else {
		add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
		}
		add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
		// Use ro.product.name_for_attestation property for attestation if it is present else fallback
		// to ro.product.name
		prop_value = ::android::base::GetProperty("ro.product.name_for_attestation", /* default= */ "");
		if (!prop_value.empty()) {
		add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT,
		"ro.product.name_for_attestation");
		} else {
		add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
		}
		add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_BRAND, "brand");
		add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_DEVICE, "device");
		add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_PRODUCT, "name");
		add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_MANUFACTURER, "manufacturer");
		add_attestation_id(&extra_tags, TAG_ATTESTATION_ID_MODEL, "model");
		add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serialno");
		add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MANUFACTURER, "ro.product.manufacturer");
		// Use ro.product.model_for_attestation property for attestation if it is present else fallback
		// to ro.product.model
		prop_value =
		::android::base::GetProperty("ro.product.model_for_attestation", /* default= */ "");
		if (!prop_value.empty()) {
		add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL,
		"ro.product.model_for_attestation");
		} else {
		add_tag_from_prop(&extra_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");
		}

		for (const KeyParameter& tag : extra_tags) {
		SCOPED_TRACE(testing::Message() << "tag-" << tag);