Loading keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +45 −32 Original line number Diff line number Diff line Loading @@ -309,6 +309,11 @@ std::string make_string(const uint8_t (&a)[N]) { return make_string(a, N); } bool avb_verification_enabled() { char value[PROPERTY_VALUE_MAX]; return property_get("ro.boot.vbmeta.device_state", value, "") != 0; } } // namespace bool verify_attestation_record(const string& challenge, const string& app_id, Loading Loading @@ -359,11 +364,16 @@ bool verify_attestation_record(const string& challenge, const string& app_id, EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length())); char property_value[PROPERTY_VALUE_MAX] = {}; // TODO(b/136282179): When running under VTS-on-GSI the TEE-backed // keymaster implementation will report YYYYMM dates instead of YYYYMMDD // for the BOOT_PATCH_LEVEL. if (avb_verification_enabled()) { for (int i = 0; i < att_hw_enforced.size(); i++) { if (att_hw_enforced[i].tag == TAG_BOOT_PATCHLEVEL || att_hw_enforced[i].tag == TAG_VENDOR_PATCHLEVEL) { std::string date = std::to_string(att_hw_enforced[i].f.integer); // strptime seems to require delimiters, but the tag value will be YYYYMMDD // strptime seems to require delimiters, but the tag value will // be YYYYMMDD date.insert(6, "-"); date.insert(4, "-"); EXPECT_EQ(date.size(), 10); Loading @@ -381,6 +391,7 @@ bool verify_attestation_record(const string& challenge, const string& app_id, EXPECT_LT(time.tm_year, 200); } } } // Check to make sure boolean values are properly encoded. Presence of a boolean tag indicates // true. A provided boolean tag that can be pulled back out of the certificate indicates correct Loading Loading @@ -410,6 +421,7 @@ bool verify_attestation_record(const string& challenge, const string& app_id, &verified_boot_state, &device_locked, &verified_boot_hash); EXPECT_EQ(ErrorCode::OK, error); if (avb_verification_enabled()) { property_get("ro.boot.vbmeta.digest", property_value, "nogood"); EXPECT_NE(strcmp(property_value, "nogood"), 0); string prop_string(property_value); Loading @@ -417,12 +429,13 @@ bool verify_attestation_record(const string& challenge, const string& app_id, EXPECT_EQ(prop_string, bin2hex(verified_boot_hash)); property_get("ro.boot.vbmeta.device_state", property_value, "nogood"); EXPECT_NE(property_value, "nogood"); EXPECT_NE(strcmp(property_value, "nogood"), 0); if (!strcmp(property_value, "unlocked")) { EXPECT_FALSE(device_locked); } else { EXPECT_TRUE(device_locked); } } // Verified boot key should be all 0's if the boot state is not verified or self signed std::string empty_boot_key(32, '\0'); Loading Loading
keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +45 −32 Original line number Diff line number Diff line Loading @@ -309,6 +309,11 @@ std::string make_string(const uint8_t (&a)[N]) { return make_string(a, N); } bool avb_verification_enabled() { char value[PROPERTY_VALUE_MAX]; return property_get("ro.boot.vbmeta.device_state", value, "") != 0; } } // namespace bool verify_attestation_record(const string& challenge, const string& app_id, Loading Loading @@ -359,11 +364,16 @@ bool verify_attestation_record(const string& challenge, const string& app_id, EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length())); char property_value[PROPERTY_VALUE_MAX] = {}; // TODO(b/136282179): When running under VTS-on-GSI the TEE-backed // keymaster implementation will report YYYYMM dates instead of YYYYMMDD // for the BOOT_PATCH_LEVEL. if (avb_verification_enabled()) { for (int i = 0; i < att_hw_enforced.size(); i++) { if (att_hw_enforced[i].tag == TAG_BOOT_PATCHLEVEL || att_hw_enforced[i].tag == TAG_VENDOR_PATCHLEVEL) { std::string date = std::to_string(att_hw_enforced[i].f.integer); // strptime seems to require delimiters, but the tag value will be YYYYMMDD // strptime seems to require delimiters, but the tag value will // be YYYYMMDD date.insert(6, "-"); date.insert(4, "-"); EXPECT_EQ(date.size(), 10); Loading @@ -381,6 +391,7 @@ bool verify_attestation_record(const string& challenge, const string& app_id, EXPECT_LT(time.tm_year, 200); } } } // Check to make sure boolean values are properly encoded. Presence of a boolean tag indicates // true. A provided boolean tag that can be pulled back out of the certificate indicates correct Loading Loading @@ -410,6 +421,7 @@ bool verify_attestation_record(const string& challenge, const string& app_id, &verified_boot_state, &device_locked, &verified_boot_hash); EXPECT_EQ(ErrorCode::OK, error); if (avb_verification_enabled()) { property_get("ro.boot.vbmeta.digest", property_value, "nogood"); EXPECT_NE(strcmp(property_value, "nogood"), 0); string prop_string(property_value); Loading @@ -417,12 +429,13 @@ bool verify_attestation_record(const string& challenge, const string& app_id, EXPECT_EQ(prop_string, bin2hex(verified_boot_hash)); property_get("ro.boot.vbmeta.device_state", property_value, "nogood"); EXPECT_NE(property_value, "nogood"); EXPECT_NE(strcmp(property_value, "nogood"), 0); if (!strcmp(property_value, "unlocked")) { EXPECT_FALSE(device_locked); } else { EXPECT_TRUE(device_locked); } } // Verified boot key should be all 0's if the boot state is not verified or self signed std::string empty_boot_key(32, '\0'); Loading
