Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a12ac746 authored by Seth Moore's avatar Seth Moore
Browse files

Fix RKP support assumptions for keymint VTS 

The support level for strongbox is different from the tee
implementation. Additionally, we were incorrectly checking the keymint
aidl version. KeyMint 1.0 supported ATTEST_KEY, so it's unclear why we
were ever checking for KeyMint 2.0.

Test: VtsAidlKeyMintTargetTest
Bug: 263844771
Change-Id: I750367902fec90204d71c1e158404b2421f9ad87
parent 650c081f

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+13 −0
Original line number Diff line number Diff line
@@ -1283,6 +1283,19 @@ std::pair<ErrorCode, vector<uint8_t>> KeyMintAidlTestBase::UpgradeKey( 


    return retval;

}



bool KeyMintAidlTestBase::IsRkpSupportRequired() const {

    if (get_vsr_api_level() >= __ANDROID_API_T__) {

        return true;

    }



    if (get_vsr_api_level() >= __ANDROID_API_S__) {

        return SecLevel() != SecurityLevel::STRONGBOX;

    }



    return false;

}



vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) {

    switch (algorithm) {

        case Algorithm::RSA:

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

+1 −0
Original line number Diff line number Diff line
@@ -309,6 +309,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { 
    }

    bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }

    SecurityLevel SecLevel() const { return securityLevel_; }

    bool IsRkpSupportRequired() const;



    vector<uint32_t> ValidKeySizes(Algorithm algorithm);

    vector<uint32_t> InvalidKeySizes(Algorithm algorithm);

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+4 −4
Original line number Diff line number Diff line
@@ -1136,8 +1136,8 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) { 
 * that has been generated using an associate IRemotelyProvisionedComponent.

 */

TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) {

    if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) {

        GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";

    if (!IsRkpSupportRequired()) {

        GTEST_SKIP() << "RKP support is not required on this platform";

    }



    // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint
@@ -1214,8 +1214,8 @@ TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) { 
 * that has been generated using an associate IRemotelyProvisionedComponent.

 */

TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) {

    if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) {

        GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";

    if (!IsRkpSupportRequired()) {

        GTEST_SKIP() << "RKP support is not required on this platform";

    }



    // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint