Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 728336ff authored by Tommy Chiu's avatar Tommy Chiu
Browse files

VTS: Restore 2nd-IMEI tests 

Enable some tests that are bypassed on strongbox implementation.

Bug: 262255219
Test: VtsAidlKeyMintTargetTest
Change-Id: I548bddcd16c0a1ee1c1cb8266d4d99dbdff3d39b
parent a4ccb03e

security/keymint/aidl/vts/functional/AttestKeyTest.cpp

+2 −16
Original line number Diff line number Diff line
@@ -1019,12 +1019,8 @@ TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) { 
                    .Authorization(TAG_ATTESTATION_ID_MANUFACTURER, "malformed-manufacturer")

                    .Authorization(TAG_ATTESTATION_ID_MODEL, "malicious-model");



    // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.

    if (SecLevel() != SecurityLevel::STRONGBOX) {

    if (isSecondImeiIdAttestationRequired()) {

            attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI,

                                              "invalid-second-imei");

        }

        attestation_id_tags.Authorization(TAG_ATTESTATION_ID_SECOND_IMEI, "invalid-second-imei");

    }

    vector<uint8_t> key_blob;

    vector<KeyCharacteristics> key_characteristics;
@@ -1061,11 +1057,6 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) { 
        GTEST_SKIP() << "Test not applicable under GSI";

    }



    // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.

    if (SecLevel() == SecurityLevel::STRONGBOX) {

        GTEST_SKIP() << "Test not applicable for SecurityLevel::STRONGBOX";

    }



    // Skip the test if there is no second IMEI exists.

    string second_imei = get_imei(1);

    if (second_imei.empty() || second_imei.compare("null") == 0) {
@@ -1144,11 +1135,6 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) { 
        GTEST_SKIP() << "Test not applicable under GSI";

    }



    // TODO(b/262255219): Remove this condition when StrongBox supports 2nd IMEI attestation.

    if (SecLevel() == SecurityLevel::STRONGBOX) {

        GTEST_SKIP() << "Test not applicable for SecurityLevel::STRONGBOX";

    }



    // Skip the test if there is no first IMEI exists.

    string imei = get_imei(0);

    if (imei.empty() || imei.compare("null") == 0) {

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+0 −7
Original line number Diff line number Diff line
@@ -3081,9 +3081,6 @@ TEST_P(SigningOperationsTest, RsaPaddingNoneDoesNotAllowOther) { 
 * presented.

 */

TEST_P(SigningOperationsTest, NoUserConfirmation) {

    if (SecLevel() == SecurityLevel::STRONGBOX) {

        GTEST_SKIP() << "Test not applicable to StrongBox device";

    }

    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()

                                                 .RsaSigningKey(1024, 65537)

                                                 .Digest(Digest::NONE)
@@ -7788,10 +7785,6 @@ TEST_P(UsageCountLimitTest, TestLimitUseRsa) { 
 * in hardware.

 */

TEST_P(UsageCountLimitTest, TestSingleUseKeyAndRollbackResistance) {

    if (SecLevel() == SecurityLevel::STRONGBOX) {

        GTEST_SKIP() << "Test not applicable to StrongBox device";

    }



    auto error = GenerateKey(AuthorizationSetBuilder()

                                     .RsaSigningKey(2048, 65537)

                                     .Digest(Digest::NONE)