Loading security/keymint/aidl/vts/functional/BootloaderStateTest.cpp +3 −3 Original line number Diff line number Diff line Loading @@ -99,7 +99,7 @@ TEST_P(BootloaderStateTest, VbStateIsUnverified) { // Check that the attested Verified Boot key is 32 bytes of zeroes since the bootloader is unlocked. TEST_P(BootloaderStateTest, VerifiedBootKeyAllZeroes) { // Gate this test to avoid waiver issues. if (get_vsr_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { if (get_vendor_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { return; } Loading Loading @@ -142,13 +142,13 @@ TEST_P(BootloaderStateTest, VbmetaDigest) { avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA256, sha256Digest.data()); if (get_vsr_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { if (get_vendor_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { ASSERT_TRUE(attestedVbmetaDigest_ == sha256Digest) << "Attested VBMeta digest (" << bin2hex(attestedVbmetaDigest_) << ") does not match the expected SHA-256 digest (" << bin2hex(sha256Digest) << ")."; } else { // Prior to VSR-V, there was no MUST requirement for the algorithm used by the bootloader // Prior to VSR-15, there was no MUST requirement for the algorithm used by the bootloader // to calculate the VBMeta digest. However, the only two supported options are SHA-256 and // SHA-512, so we expect the attested VBMeta digest to match one of these. vector<uint8_t> sha512Digest(AVB_SHA512_DIGEST_SIZE); Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +27 −21 Original line number Diff line number Diff line Loading @@ -1435,12 +1435,11 @@ std::pair<ErrorCode, vector<uint8_t>> KeyMintAidlTestBase::UpgradeKey( } bool KeyMintAidlTestBase::IsRkpSupportRequired() const { // This is technically not a match to the requirements for S chipsets, // however when S shipped there was a bug in the test that skipped the // tests if KeyMint 2 was not on the system. So we allowed many chipests // to ship without RKP support. In T we hardened the requirements around // support for RKP, so relax the test to match. return get_vsr_api_level() >= __ANDROID_API_T__; // This is technically weaker than the VSR-12 requirements, but when // Android 12 shipped, there was a bug that skipped the tests if KeyMint // 2 was not present. As a result, many chipsets were allowed to ship // without RKP support. The RKP requirements were hardened in VSR-13. return get_vendor_api_level() >= __ANDROID_API_T__; } vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) { Loading Loading @@ -1691,11 +1690,11 @@ ErrorCode KeyMintAidlTestBase::GenerateAttestKey(const AuthorizationSet& key_des vector<uint8_t>* key_blob, vector<KeyCharacteristics>* key_characteristics, vector<Certificate>* cert_chain) { // The original specification for KeyMint v1 required ATTEST_KEY not be combined // with any other key purpose, but the original VTS tests incorrectly did exactly that. // This means that a device that launched prior to Android T (API level 33) may // accept or even require KeyPurpose::SIGN too. if (get_vsr_api_level() < __ANDROID_API_T__) { // The original specification for KeyMint v1 (introduced in Android 12) required ATTEST_KEY not // be combined with any other key purpose, but the original VTS-12 tests incorrectly did exactly // that. The tests were fixed in VTS-13 (vendor API level 33). This means that devices with // vendor API level < 33 may accept or even require KeyPurpose::SIGN too. if (get_vendor_api_level() < __ANDROID_API_T__) { AuthorizationSet key_desc_plus_sign = key_desc; key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN); Loading Loading @@ -1820,13 +1819,19 @@ void verify_subject(const X509* cert, // OPENSSL_free(cert_issuer); } int get_vsr_api_level() { int get_vendor_api_level() { // Android 13+ builds have the `ro.vendor.api_level` system property. See // https://source.android.com/docs/core/architecture/api-flags#determine_vendor_api_level_android_13. int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1); if (vendor_api_level != -1) { return vendor_api_level; } // Android S and older devices do not define ro.vendor.api_level // Android 12 builds have the `ro.board.api_level` and `ro.board.first_api_level` system // properties, which are only expected to be populated for GRF SoCs on Android 12 builds. Note // that they are populated automatically by the build system starting in Android 15, but we use // `ro.vendor.api_level` on such builds (see above). For details, see // https://docs.partner.android.com/gms/building/integrating/extending-os-upgrade-support-windows#new-system-properties. vendor_api_level = ::android::base::GetIntProperty("ro.board.api_level", -1); if (vendor_api_level == -1) { vendor_api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1); Loading @@ -1838,11 +1843,12 @@ int get_vsr_api_level() { EXPECT_NE(product_api_level, -1) << "Could not find ro.build.version.sdk"; } // VSR API level is the minimum of vendor_api_level and product_api_level. if (vendor_api_level == -1 || vendor_api_level > product_api_level) { // If the `ro.board.api_level` and `ro.board.first_api_level` properties aren't populated, it // means the build doesn't have a GRF SoC, so the product API level should be used. if (vendor_api_level == -1) { return product_api_level; } return vendor_api_level; return std::min(product_api_level, vendor_api_level); } bool is_gsi_image() { Loading Loading @@ -1909,13 +1915,13 @@ void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, bool device_ } } if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { if (get_vendor_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be exactly 32 bytes since it // contains the SHA-256 hash of the key on locked devices or 32 bytes // of zeroes on unlocked devices. This wasn't checked for earlier // versions of the KeyMint HAL, so only only be strict for VSR-16+. // versions of the KeyMint HAL, so we version-gate the strict check. EXPECT_EQ(verified_boot_key.size(), 32); } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { } else if (get_vendor_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be: // - Exactly 32 bytes on locked devices since it should contain // the SHA-256 hash of the key, or Loading @@ -1924,7 +1930,7 @@ void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, bool device_ // specification). // Thus, we can't check for strict equality in case unlocked devices // report values with less than 32 bytes. This wasn't checked for // earlier versions of the KeyMint HAL, so only check on VSR-15. // earlier versions of the KeyMint HAL, so we version-gate the check. EXPECT_LE(verified_boot_key.size(), 32); } Loading Loading @@ -2416,7 +2422,7 @@ void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& resu } else if (result == ErrorCode::INVALID_TAG) { // Depending on the situation, other error codes may be acceptable. First, allow older // implementations to use INVALID_TAG. ASSERT_FALSE(get_vsr_api_level() > __ANDROID_API_T__) ASSERT_FALSE(get_vendor_api_level() > __ANDROID_API_T__) << "It is a specification violation for INVALID_TAG to be returned due to ID " << "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to " << "be used for a case where updateAad() is called after update(). As of " Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +2 −2 Original line number Diff line number Diff line Loading @@ -406,8 +406,8 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t add_tag(tags, ttag, ::android::base::GetProperty(prop, /* default= */ "")); } // Return the VSR API level for this device. int get_vsr_api_level(); // Return the vendor API level for this device. int get_vendor_api_level(); // Indicate whether the test is running on a GSI image. bool is_gsi_image(); Loading security/keymint/aidl/vts/functional/KeyMintTest.cpp +28 −23 Original line number Diff line number Diff line Loading @@ -4158,13 +4158,15 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { * when the EC_CURVE is not explicitly specified. */ TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) { if (get_vsr_api_level() < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import * of EC keys. However, this was not checked at the time so we can only be strict about * checking this for implementations at VSR-V or later. * of EC keys. However, this was not checked at the time, so we version-gate the strict * check. */ GTEST_SKIP() << "Skipping EC_CURVE on import only strict >= VSR-V"; GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: " << vendor_api_level; } ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() Loading Loading @@ -5316,15 +5318,15 @@ auto wrapping_key_for_asym_keys = hex2str( "8564"); TEST_P(ImportWrappedKeyTest, RsaKey) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to * just symmetric keys. However, the import of asymmetric wrapped keys was not tested * at the time, so we can only be strict about checking this for implementations claiming * support for VSR API level 35 and above. * at the time, so we version-gate the strict check. */ GTEST_SKIP() << "Applies only to VSR API level 35, this device is: " << vsr_api_level; GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: " << vendor_api_level; } auto wrapping_key_desc = AuthorizationSetBuilder() Loading @@ -5347,15 +5349,15 @@ TEST_P(ImportWrappedKeyTest, RsaKey) { } TEST_P(ImportWrappedKeyTest, EcKey) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to * just symmetric keys. However, the import of asymmetric wrapped keys was not tested * at the time, so we can only be strict about checking this for implementations claiming * support for VSR API level 35 and above. * at the time, so we version-gate the strict check. */ GTEST_SKIP() << "Applies only to VSR API level 35, this device is: " << vsr_api_level; GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: " << vendor_api_level; } auto wrapping_key_desc = AuthorizationSetBuilder() Loading Loading @@ -8945,27 +8947,30 @@ using VsrRequirementTest = KeyMintAidlTestBase; // @VsrTest = VSR-3.10-008 TEST_P(VsrRequirementTest, Vsr13Test) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < __ANDROID_API_T__) { GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level; int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < __ANDROID_API_T__) { GTEST_SKIP() << "Applies only to vendor API level >= 33, but this device is: " << vendor_api_level; } EXPECT_GE(AidlVersion(), 2) << "VSR 13+ requires KeyMint version 2"; } // @VsrTest = VSR-3.10-013.001 TEST_P(VsrRequirementTest, Vsr14Test) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < __ANDROID_API_U__) { GTEST_SKIP() << "Applies only to VSR API level 34, this device is: " << vsr_api_level; int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < __ANDROID_API_U__) { GTEST_SKIP() << "Applies only to vendor API level >= 34, but this device is: " << vendor_api_level; } EXPECT_GE(AidlVersion(), 3) << "VSR 14+ requires KeyMint version 3"; } // @VsrTest = GMS-VSR-3.10-019 TEST_P(VsrRequirementTest, Vsr16Test) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { GTEST_SKIP() << "Applies only to VSR API level > 35, this device is: " << vsr_api_level; int vendor_api_level = get_vendor_api_level(); if (vendor_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { GTEST_SKIP() << "Applies only to vendor API level > 202404, but this device is: " << vendor_api_level; } if (SecLevel() == SecurityLevel::STRONGBOX) { GTEST_SKIP() << "Applies only to TEE KeyMint, not StrongBox KeyMint"; Loading security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp +5 −4 Original line number Diff line number Diff line Loading @@ -115,13 +115,14 @@ class SecureElementProvisioningTest : public testing::Test { const auto& vbKey = rot->asArray()->get(pos++); ASSERT_TRUE(vbKey); ASSERT_TRUE(vbKey->asBstr()); if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { if (get_vendor_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be exactly 32 bytes since it // contains the SHA-256 hash of the key on locked devices or 32 bytes // of zeroes on unlocked devices. This wasn't checked for earlier // versions of the KeyMint HAL, so only only be strict for VSR-16+. // versions of the KeyMint HAL, so we version-gate the strict check. ASSERT_EQ(vbKey->asBstr()->value().size(), 32); } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { } else if (get_vendor_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be: // - Exactly 32 bytes on locked devices since it should contain // the SHA-256 hash of the key, or Loading @@ -130,7 +131,7 @@ class SecureElementProvisioningTest : public testing::Test { // specification). // Thus, we can't check for strict equality in case unlocked devices // report values with less than 32 bytes. This wasn't checked for // earlier versions of the KeyMint HAL, so only check on VSR-15. // earlier versions of the KeyMint HAL, so we version-gate the check. ASSERT_LE(vbKey->asBstr()->value().size(), 32); } Loading Loading
security/keymint/aidl/vts/functional/BootloaderStateTest.cpp +3 −3 Original line number Diff line number Diff line Loading @@ -99,7 +99,7 @@ TEST_P(BootloaderStateTest, VbStateIsUnverified) { // Check that the attested Verified Boot key is 32 bytes of zeroes since the bootloader is unlocked. TEST_P(BootloaderStateTest, VerifiedBootKeyAllZeroes) { // Gate this test to avoid waiver issues. if (get_vsr_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { if (get_vendor_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { return; } Loading Loading @@ -142,13 +142,13 @@ TEST_P(BootloaderStateTest, VbmetaDigest) { avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA256, sha256Digest.data()); if (get_vsr_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { if (get_vendor_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { ASSERT_TRUE(attestedVbmetaDigest_ == sha256Digest) << "Attested VBMeta digest (" << bin2hex(attestedVbmetaDigest_) << ") does not match the expected SHA-256 digest (" << bin2hex(sha256Digest) << ")."; } else { // Prior to VSR-V, there was no MUST requirement for the algorithm used by the bootloader // Prior to VSR-15, there was no MUST requirement for the algorithm used by the bootloader // to calculate the VBMeta digest. However, the only two supported options are SHA-256 and // SHA-512, so we expect the attested VBMeta digest to match one of these. vector<uint8_t> sha512Digest(AVB_SHA512_DIGEST_SIZE); Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +27 −21 Original line number Diff line number Diff line Loading @@ -1435,12 +1435,11 @@ std::pair<ErrorCode, vector<uint8_t>> KeyMintAidlTestBase::UpgradeKey( } bool KeyMintAidlTestBase::IsRkpSupportRequired() const { // This is technically not a match to the requirements for S chipsets, // however when S shipped there was a bug in the test that skipped the // tests if KeyMint 2 was not on the system. So we allowed many chipests // to ship without RKP support. In T we hardened the requirements around // support for RKP, so relax the test to match. return get_vsr_api_level() >= __ANDROID_API_T__; // This is technically weaker than the VSR-12 requirements, but when // Android 12 shipped, there was a bug that skipped the tests if KeyMint // 2 was not present. As a result, many chipsets were allowed to ship // without RKP support. The RKP requirements were hardened in VSR-13. return get_vendor_api_level() >= __ANDROID_API_T__; } vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) { Loading Loading @@ -1691,11 +1690,11 @@ ErrorCode KeyMintAidlTestBase::GenerateAttestKey(const AuthorizationSet& key_des vector<uint8_t>* key_blob, vector<KeyCharacteristics>* key_characteristics, vector<Certificate>* cert_chain) { // The original specification for KeyMint v1 required ATTEST_KEY not be combined // with any other key purpose, but the original VTS tests incorrectly did exactly that. // This means that a device that launched prior to Android T (API level 33) may // accept or even require KeyPurpose::SIGN too. if (get_vsr_api_level() < __ANDROID_API_T__) { // The original specification for KeyMint v1 (introduced in Android 12) required ATTEST_KEY not // be combined with any other key purpose, but the original VTS-12 tests incorrectly did exactly // that. The tests were fixed in VTS-13 (vendor API level 33). This means that devices with // vendor API level < 33 may accept or even require KeyPurpose::SIGN too. if (get_vendor_api_level() < __ANDROID_API_T__) { AuthorizationSet key_desc_plus_sign = key_desc; key_desc_plus_sign.push_back(TAG_PURPOSE, KeyPurpose::SIGN); Loading Loading @@ -1820,13 +1819,19 @@ void verify_subject(const X509* cert, // OPENSSL_free(cert_issuer); } int get_vsr_api_level() { int get_vendor_api_level() { // Android 13+ builds have the `ro.vendor.api_level` system property. See // https://source.android.com/docs/core/architecture/api-flags#determine_vendor_api_level_android_13. int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1); if (vendor_api_level != -1) { return vendor_api_level; } // Android S and older devices do not define ro.vendor.api_level // Android 12 builds have the `ro.board.api_level` and `ro.board.first_api_level` system // properties, which are only expected to be populated for GRF SoCs on Android 12 builds. Note // that they are populated automatically by the build system starting in Android 15, but we use // `ro.vendor.api_level` on such builds (see above). For details, see // https://docs.partner.android.com/gms/building/integrating/extending-os-upgrade-support-windows#new-system-properties. vendor_api_level = ::android::base::GetIntProperty("ro.board.api_level", -1); if (vendor_api_level == -1) { vendor_api_level = ::android::base::GetIntProperty("ro.board.first_api_level", -1); Loading @@ -1838,11 +1843,12 @@ int get_vsr_api_level() { EXPECT_NE(product_api_level, -1) << "Could not find ro.build.version.sdk"; } // VSR API level is the minimum of vendor_api_level and product_api_level. if (vendor_api_level == -1 || vendor_api_level > product_api_level) { // If the `ro.board.api_level` and `ro.board.first_api_level` properties aren't populated, it // means the build doesn't have a GRF SoC, so the product API level should be used. if (vendor_api_level == -1) { return product_api_level; } return vendor_api_level; return std::min(product_api_level, vendor_api_level); } bool is_gsi_image() { Loading Loading @@ -1909,13 +1915,13 @@ void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, bool device_ } } if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { if (get_vendor_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be exactly 32 bytes since it // contains the SHA-256 hash of the key on locked devices or 32 bytes // of zeroes on unlocked devices. This wasn't checked for earlier // versions of the KeyMint HAL, so only only be strict for VSR-16+. // versions of the KeyMint HAL, so we version-gate the strict check. EXPECT_EQ(verified_boot_key.size(), 32); } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { } else if (get_vendor_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be: // - Exactly 32 bytes on locked devices since it should contain // the SHA-256 hash of the key, or Loading @@ -1924,7 +1930,7 @@ void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, bool device_ // specification). // Thus, we can't check for strict equality in case unlocked devices // report values with less than 32 bytes. This wasn't checked for // earlier versions of the KeyMint HAL, so only check on VSR-15. // earlier versions of the KeyMint HAL, so we version-gate the check. EXPECT_LE(verified_boot_key.size(), 32); } Loading Loading @@ -2416,7 +2422,7 @@ void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& resu } else if (result == ErrorCode::INVALID_TAG) { // Depending on the situation, other error codes may be acceptable. First, allow older // implementations to use INVALID_TAG. ASSERT_FALSE(get_vsr_api_level() > __ANDROID_API_T__) ASSERT_FALSE(get_vendor_api_level() > __ANDROID_API_T__) << "It is a specification violation for INVALID_TAG to be returned due to ID " << "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to " << "be used for a case where updateAad() is called after update(). As of " Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +2 −2 Original line number Diff line number Diff line Loading @@ -406,8 +406,8 @@ void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, t add_tag(tags, ttag, ::android::base::GetProperty(prop, /* default= */ "")); } // Return the VSR API level for this device. int get_vsr_api_level(); // Return the vendor API level for this device. int get_vendor_api_level(); // Indicate whether the test is running on a GSI image. bool is_gsi_image(); Loading
security/keymint/aidl/vts/functional/KeyMintTest.cpp +28 −23 Original line number Diff line number Diff line Loading @@ -4158,13 +4158,15 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { * when the EC_CURVE is not explicitly specified. */ TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) { if (get_vsr_api_level() < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import * of EC keys. However, this was not checked at the time so we can only be strict about * checking this for implementations at VSR-V or later. * of EC keys. However, this was not checked at the time, so we version-gate the strict * check. */ GTEST_SKIP() << "Skipping EC_CURVE on import only strict >= VSR-V"; GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: " << vendor_api_level; } ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() Loading Loading @@ -5316,15 +5318,15 @@ auto wrapping_key_for_asym_keys = hex2str( "8564"); TEST_P(ImportWrappedKeyTest, RsaKey) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to * just symmetric keys. However, the import of asymmetric wrapped keys was not tested * at the time, so we can only be strict about checking this for implementations claiming * support for VSR API level 35 and above. * at the time, so we version-gate the strict check. */ GTEST_SKIP() << "Applies only to VSR API level 35, this device is: " << vsr_api_level; GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: " << vendor_api_level; } auto wrapping_key_desc = AuthorizationSetBuilder() Loading @@ -5347,15 +5349,15 @@ TEST_P(ImportWrappedKeyTest, RsaKey) { } TEST_P(ImportWrappedKeyTest, EcKey) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { /* * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to * just symmetric keys. However, the import of asymmetric wrapped keys was not tested * at the time, so we can only be strict about checking this for implementations claiming * support for VSR API level 35 and above. * at the time, so we version-gate the strict check. */ GTEST_SKIP() << "Applies only to VSR API level 35, this device is: " << vsr_api_level; GTEST_SKIP() << "Applies only to vendor API level >= 202404, but this device is: " << vendor_api_level; } auto wrapping_key_desc = AuthorizationSetBuilder() Loading Loading @@ -8945,27 +8947,30 @@ using VsrRequirementTest = KeyMintAidlTestBase; // @VsrTest = VSR-3.10-008 TEST_P(VsrRequirementTest, Vsr13Test) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < __ANDROID_API_T__) { GTEST_SKIP() << "Applies only to VSR API level 33, this device is: " << vsr_api_level; int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < __ANDROID_API_T__) { GTEST_SKIP() << "Applies only to vendor API level >= 33, but this device is: " << vendor_api_level; } EXPECT_GE(AidlVersion(), 2) << "VSR 13+ requires KeyMint version 2"; } // @VsrTest = VSR-3.10-013.001 TEST_P(VsrRequirementTest, Vsr14Test) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level < __ANDROID_API_U__) { GTEST_SKIP() << "Applies only to VSR API level 34, this device is: " << vsr_api_level; int vendor_api_level = get_vendor_api_level(); if (vendor_api_level < __ANDROID_API_U__) { GTEST_SKIP() << "Applies only to vendor API level >= 34, but this device is: " << vendor_api_level; } EXPECT_GE(AidlVersion(), 3) << "VSR 14+ requires KeyMint version 3"; } // @VsrTest = GMS-VSR-3.10-019 TEST_P(VsrRequirementTest, Vsr16Test) { int vsr_api_level = get_vsr_api_level(); if (vsr_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { GTEST_SKIP() << "Applies only to VSR API level > 35, this device is: " << vsr_api_level; int vendor_api_level = get_vendor_api_level(); if (vendor_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { GTEST_SKIP() << "Applies only to vendor API level > 202404, but this device is: " << vendor_api_level; } if (SecLevel() == SecurityLevel::STRONGBOX) { GTEST_SKIP() << "Applies only to TEE KeyMint, not StrongBox KeyMint"; Loading
security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp +5 −4 Original line number Diff line number Diff line Loading @@ -115,13 +115,14 @@ class SecureElementProvisioningTest : public testing::Test { const auto& vbKey = rot->asArray()->get(pos++); ASSERT_TRUE(vbKey); ASSERT_TRUE(vbKey->asBstr()); if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { if (get_vendor_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be exactly 32 bytes since it // contains the SHA-256 hash of the key on locked devices or 32 bytes // of zeroes on unlocked devices. This wasn't checked for earlier // versions of the KeyMint HAL, so only only be strict for VSR-16+. // versions of the KeyMint HAL, so we version-gate the strict check. ASSERT_EQ(vbKey->asBstr()->value().size(), 32); } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { } else if (get_vendor_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) { // The Verified Boot key field should be: // - Exactly 32 bytes on locked devices since it should contain // the SHA-256 hash of the key, or Loading @@ -130,7 +131,7 @@ class SecureElementProvisioningTest : public testing::Test { // specification). // Thus, we can't check for strict equality in case unlocked devices // report values with less than 32 bytes. This wasn't checked for // earlier versions of the KeyMint HAL, so only check on VSR-15. // earlier versions of the KeyMint HAL, so we version-gate the check. ASSERT_LE(vbKey->asBstr()->value().size(), 32); } Loading
