Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5e35541b authored Nov 28, 2022 by Max Bires Committed by Automerger Merge Worker Nov 28, 2022

Merge "Fix overly relaxed Device ID Test." am: 1589c401

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2308508

Change-Id: I0f790ad0526e9488a160a2a3776e814f6cd7f745
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

parents a8f810e2 1589c401

security/keymint/aidl/vts/functional/AttestKeyTest.cpp

+1 −0

Original line number	Diff line number	Diff line
		@@ -892,6 +892,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) {

		ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS \|\| result == ErrorCode::INVALID_TAG)
		<< "result = " << result;
		device_id_attestation_vsr_check(result);
		}
		CheckedDeleteKey(&attest_key.keyBlob);
		}

security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -348,8 +348,8 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) {
		// Add the tag that doesn't match the local device's real ID.
		builder.push_back(invalid_tag);
		auto result = GenerateKey(builder, &key_blob, &key_characteristics);

		ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS \|\| result == ErrorCode::INVALID_TAG);
		device_id_attestation_vsr_check(result);
		}
		}

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+10 −0

Original line number	Diff line number	Diff line
		@@ -2031,6 +2031,16 @@ void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey)
		*signingKey = std::move(pubKey);
		}

		void device_id_attestation_vsr_check(const ErrorCode& result) {
		if (get_vsr_api_level() >= 34) {
		ASSERT_FALSE(result == ErrorCode::INVALID_TAG)
		<< "It is a specification violation for INVALID_TAG to be returned due to ID "
		<< "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to "
		<< "be used for a case where updateAad() is called after update(). As of "
		<< "VSR-14, this is now enforced as an error.";
		}
		}

		} // namespace test

		} // namespace aidl::android::hardware::security::keymint

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -395,6 +395,7 @@ vector<uint8_t> make_name_from_str(const string& name);
		void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
		vector<uint8_t>* payload_value);
		void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
		void device_id_attestation_vsr_check(const ErrorCode& result);

		AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
		AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);