Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 607b558d authored by Benjamin Grimberg's avatar Benjamin Grimberg Committed by Android Build Cherrypicker Worker
Browse files

Fix AttestKeyTest failures in KeyMint VTS 

Skip attestation key tests if the feature
FEATURE_KEYSTORE_APP_ATTEST_KEY is disabled on device,
as done in KeyMint CTS.

Bug: 244460948
Bug: 265740739

Test: VtsAidlKeyMintTargetTest
(cherry picked from https://android-review.googlesource.com/q/commit:981c9c223671d9012781acf6e9128fd037578833)
Merged-In: I8199e5c7570b10b71f127c7439b889c0b3327865
Change-Id: I8199e5c7570b10b71f127c7439b889c0b3327865
parent 288de6d6

security/keymint/aidl/vts/functional/AttestKeyTest.cpp

+63 −0
Original line number Diff line number Diff line
@@ -35,7 +35,17 @@ bool IsSelfSigned(const vector<Certificate>& chain) { 
}  // namespace



class AttestKeyTest : public KeyMintAidlTestBase {

  public:

    void SetUp() override {

        check_skip_test();

        KeyMintAidlTestBase::SetUp();

    }



  protected:

    const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key";



    const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore";



    ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc,

                                const optional<AttestationKey>& attest_key,

                                vector<uint8_t>* key_blob,
@@ -60,6 +70,59 @@ class AttestKeyTest : public KeyMintAidlTestBase { 
        }

        return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain);

    }



    // Check if ATTEST_KEY feature is disabled

    bool is_attest_key_feature_disabled(void) const {

        if (!check_feature(FEATURE_KEYSTORE_APP_ATTEST_KEY)) {

            GTEST_LOG_(INFO) << "Feature " + FEATURE_KEYSTORE_APP_ATTEST_KEY + " is disabled";

            return true;

        }



        return false;

    }



    // Check if StrongBox KeyStore is enabled

    bool is_strongbox_enabled(void) const {

        if (check_feature(FEATURE_STRONGBOX_KEYSTORE)) {

            GTEST_LOG_(INFO) << "Feature " + FEATURE_STRONGBOX_KEYSTORE + " is enabled";

            return true;

        }



        return false;

    }



    // Check if chipset has received a waiver allowing it to be launched with

    // Android S (or later) with Keymaster 4.0 in StrongBox

    bool is_chipset_allowed_km4_strongbox(void) const {

        std::array<char, PROPERTY_VALUE_MAX> buffer;



        auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr);

        if (res <= 0) return false;



        const string allowed_soc_models[] = {"SM8450", "SM8475", "SM8550", "SXR2230P"};



        for (const string model : allowed_soc_models) {

            if (model.compare(buffer.data()) == 0) {

                GTEST_LOG_(INFO) << "QTI SOC Model " + model + " is allowed SB KM 4.0";

                return true;

            }

        }



        return false;

    }



    // Skip the test if all the following conditions hold:

    // 1. ATTEST_KEY feature is disabled

    // 2. STRONGBOX is enabled

    // 3. The device is running one of the chipsets that have received a waiver

    //     allowing it to be launched with Android S (or later) with Keymaster 4.0

    //     in StrongBox

    void check_skip_test(void) const {

        if (is_attest_key_feature_disabled() && is_strongbox_enabled() &&

            is_chipset_allowed_km4_strongbox()) {

            GTEST_SKIP() << "Test is not applicable";

        }

    }

};



/*