Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f1d0e146 authored by Catherine Vlasov's avatar Catherine Vlasov Committed by Automerger Merge Worker
Browse files

Merge "Convert SDK API level to vendor API level for Android 15+ in VTS... 

Merge "Convert SDK API level to vendor API level for Android 15+ in VTS gates." into main am: 1d8a6368 am: 6397df57

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3413560



Change-Id: I9fa7962dcadbfd48c48cc6cbbc5e735a84909ee5
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 9249c35a 6397df57

security/keymint/aidl/vts/functional/Android.bp

+1 −0
Original line number Diff line number Diff line
@@ -37,6 +37,7 @@ cc_defaults { 
        "libcrypto",

        "libbase",

        "libgatekeeper",

        "libvendorsupport",

        "packagemanager_aidl-cpp",

    ],

    static_libs: [

security/keymint/aidl/vts/functional/BootloaderStateTest.cpp

+3 −2
Original line number Diff line number Diff line
@@ -27,6 +27,7 @@ 
#include <libavb/libavb.h>

#include <libavb_user/avb_ops_user.h>

#include <remote_prov/remote_prov_utils.h>

#include <vendorsupport/api_level.h>



#include "KeyMintAidlTestBase.h"
@@ -98,7 +99,7 @@ TEST_P(BootloaderStateTest, VbStateIsUnverified) { 
// Check that the attested Verified Boot key is 32 bytes of zeroes since the bootloader is unlocked.

TEST_P(BootloaderStateTest, VerifiedBootKeyAllZeroes) {

    // Gate this test to avoid waiver issues.

    if (get_vsr_api_level() <= __ANDROID_API_V__) {

    if (get_vsr_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        return;

    }
@@ -141,7 +142,7 @@ TEST_P(BootloaderStateTest, VbmetaDigest) { 
    avb_slot_verify_data_calculate_vbmeta_digest(avbSlotData, AVB_DIGEST_TYPE_SHA256,

                                                 sha256Digest.data());



    if (get_vsr_api_level() >= __ANDROID_API_V__) {

    if (get_vsr_api_level() >= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        ASSERT_TRUE(attestedVbmetaDigest_ == sha256Digest)

                << "Attested VBMeta digest (" << bin2hex(attestedVbmetaDigest_)

                << ") does not match the expected SHA-256 digest (" << bin2hex(sha256Digest)

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+3 −2
Original line number Diff line number Diff line
@@ -35,6 +35,7 @@ 
#include <openssl/evp.h>

#include <openssl/mem.h>

#include <remote_prov/remote_prov_utils.h>

#include <vendorsupport/api_level.h>



#include <keymaster/cppcose/cppcose.h>

#include <keymint_support/key_param_output.h>
@@ -1908,13 +1909,13 @@ void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, bool device_ 
        }

    }



    if (get_vsr_api_level() > __ANDROID_API_V__) {

    if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        // The Verified Boot key field should be exactly 32 bytes since it

        // contains the SHA-256 hash of the key on locked devices or 32 bytes

        // of zeroes on unlocked devices. This wasn't checked for earlier

        // versions of the KeyMint HAL, so only only be strict for VSR-16+.

        EXPECT_EQ(verified_boot_key.size(), 32);

    } else if (get_vsr_api_level() == __ANDROID_API_V__) {

    } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        // The Verified Boot key field should be:

        //   - Exactly 32 bytes on locked devices since it should contain

        //     the SHA-256 hash of the key, or

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+6 −4
Original line number Diff line number Diff line
@@ -42,6 +42,8 @@ 
#include <keymint_support/key_param_output.h>

#include <keymint_support/openssl_utils.h>



#include <vendorsupport/api_level.h>



#include "KeyMintAidlTestBase.h"



using aidl::android::hardware::security::keymint::AuthorizationSet;
@@ -4156,7 +4158,7 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { 
 * when the EC_CURVE is not explicitly specified.

 */

TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) {

    if (get_vsr_api_level() < __ANDROID_API_V__) {

    if (get_vsr_api_level() < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        /*

         * The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import

         * of EC keys. However, this was not checked at the time so we can only be strict about
@@ -5315,7 +5317,7 @@ auto wrapping_key_for_asym_keys = hex2str( 


TEST_P(ImportWrappedKeyTest, RsaKey) {

    int vsr_api_level = get_vsr_api_level();

    if (vsr_api_level < __ANDROID_API_V__) {

    if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        /*

         * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to

         * just symmetric keys.  However, the import of asymmetric wrapped keys was not tested
@@ -5346,7 +5348,7 @@ TEST_P(ImportWrappedKeyTest, RsaKey) { 


TEST_P(ImportWrappedKeyTest, EcKey) {

    int vsr_api_level = get_vsr_api_level();

    if (vsr_api_level < __ANDROID_API_V__) {

    if (vsr_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        /*

         * The Keymaster v4 spec introduced `importWrappedKey()` and did not restrict it to

         * just symmetric keys.  However, the import of asymmetric wrapped keys was not tested
@@ -8962,7 +8964,7 @@ TEST_P(VsrRequirementTest, Vsr14Test) { 
// @VsrTest = GMS-VSR-3.10-019

TEST_P(VsrRequirementTest, Vsr16Test) {

    int vsr_api_level = get_vsr_api_level();

    if (vsr_api_level <= __ANDROID_API_V__) {

    if (vsr_api_level <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        GTEST_SKIP() << "Applies only to VSR API level > 35, this device is: " << vsr_api_level;

    }

    if (SecLevel() == SecurityLevel::STRONGBOX) {

security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp

+3 −2
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ 
#include <cppbor_parse.h>

#include <keymaster/cppcose/cppcose.h>

#include <keymint_support/key_param_output.h>

#include <vendorsupport/api_level.h>



#include "KeyMintAidlTestBase.h"
@@ -114,13 +115,13 @@ class SecureElementProvisioningTest : public testing::Test { 
        const auto& vbKey = rot->asArray()->get(pos++);

        ASSERT_TRUE(vbKey);

        ASSERT_TRUE(vbKey->asBstr());

        if (get_vsr_api_level() > __ANDROID_API_V__) {

        if (get_vsr_api_level() > AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

            // The Verified Boot key field should be exactly 32 bytes since it

            // contains the SHA-256 hash of the key on locked devices or 32 bytes

            // of zeroes on unlocked devices. This wasn't checked for earlier

            // versions of the KeyMint HAL, so only only be strict for VSR-16+.

            ASSERT_EQ(vbKey->asBstr()->value().size(), 32);

        } else if (get_vsr_api_level() == __ANDROID_API_V__) {

        } else if (get_vsr_api_level() == AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

            // The Verified Boot key field should be:

            //   - Exactly 32 bytes on locked devices since it should contain

            //     the SHA-256 hash of the key, or