Merge "Do not require StrongBox to implement RKP" am: fc746fb1aa am: d3d5e859f9 (4e433f80) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+19 −15

Original line number	Original line	Diff line number	Diff line
	@@ -590,8 +590,7 @@ string device_suffix(const string& name) {
	return name.substr(pos + 1);		return name.substr(pos + 1);
	}		}

	bool matching_rp_instance(const string& km_name,		std::shared_ptr<IRemotelyProvisionedComponent> matching_rp_instance(const std::string& km_name) {
	std::shared_ptr<IRemotelyProvisionedComponent>* rp) {
	string km_suffix = device_suffix(km_name);		string km_suffix = device_suffix(km_name);

	vector<string> rp_names =		vector<string> rp_names =
	@@ -601,11 +600,10 @@ bool matching_rp_instance(const string& km_name,
	// KeyMint instance, assume they match.		// KeyMint instance, assume they match.
	if (device_suffix(rp_name) == km_suffix && AServiceManager_isDeclared(rp_name.c_str())) {		if (device_suffix(rp_name) == km_suffix && AServiceManager_isDeclared(rp_name.c_str())) {
	::ndk::SpAIBinder binder(AServiceManager_waitForService(rp_name.c_str()));		::ndk::SpAIBinder binder(AServiceManager_waitForService(rp_name.c_str()));
	*rp = IRemotelyProvisionedComponent::fromBinder(binder);		return IRemotelyProvisionedComponent::fromBinder(binder);
	return true;
	}		}
	}		}
	return false;		return nullptr;
	}		}

	} // namespace		} // namespace
	@@ -1140,11 +1138,14 @@ TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) {
	GTEST_SKIP() << "RKP support is not required on this platform";		GTEST_SKIP() << "RKP support is not required on this platform";
	}		}

	// There should be an IRemotelyProvisionedComponent instance associated with the KeyMint		// Check for an IRemotelyProvisionedComponent instance associated with the
	// instance.		// KeyMint instance.
	std::shared_ptr<IRemotelyProvisionedComponent> rp;		std::shared_ptr<IRemotelyProvisionedComponent> rp = matching_rp_instance(GetParam());
	ASSERT_TRUE(matching_rp_instance(GetParam(), &rp))		if (rp == nullptr && SecLevel() == SecurityLevel::STRONGBOX) {
	<< "No IRemotelyProvisionedComponent found that matches KeyMint device " << GetParam();		GTEST_SKIP() << "Encountered StrongBox implementation that does not support RKP";
			}
			ASSERT_NE(rp, nullptr) << "No IRemotelyProvisionedComponent found that matches KeyMint device "
			<< GetParam();

	// Generate a P-256 keypair to use as an attestation key.		// Generate a P-256 keypair to use as an attestation key.
	MacedPublicKey macedPubKey;		MacedPublicKey macedPubKey;
	@@ -1218,11 +1219,14 @@ TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) {
	GTEST_SKIP() << "RKP support is not required on this platform";		GTEST_SKIP() << "RKP support is not required on this platform";
	}		}

	// There should be an IRemotelyProvisionedComponent instance associated with the KeyMint		// Check for an IRemotelyProvisionedComponent instance associated with the
	// instance.		// KeyMint instance.
	std::shared_ptr<IRemotelyProvisionedComponent> rp;		std::shared_ptr<IRemotelyProvisionedComponent> rp = matching_rp_instance(GetParam());
	ASSERT_TRUE(matching_rp_instance(GetParam(), &rp))		if (rp == nullptr && SecLevel() == SecurityLevel::STRONGBOX) {
	<< "No IRemotelyProvisionedComponent found that matches KeyMint device " << GetParam();		GTEST_SKIP() << "Encountered StrongBox implementation that does not support RKP";
			}
			ASSERT_NE(rp, nullptr) << "No IRemotelyProvisionedComponent found that matches KeyMint device "
			<< GetParam();

	// Generate a P-256 keypair to use as an attestation key.		// Generate a P-256 keypair to use as an attestation key.
	MacedPublicKey macedPubKey;		MacedPublicKey macedPubKey;