Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f60db8ad authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge "Skip tests on Strongbox with GSI build on devices with vendor-api-level... 

Merge "Skip tests on Strongbox with GSI build on devices with vendor-api-level < Android-V to avoid failures." into main
parents 36f67d6f 39cb5984

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+23 −4
Original line number Diff line number Diff line
@@ -2269,11 +2269,20 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
    get_unique_id(app_id, min_date - 1, &unique_id8);

    EXPECT_NE(unique_id, unique_id8);



    // Some StrongBox implementations did not correctly handle RESET_SINCE_ID_ROTATION when

    // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under GSI

    // were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be determined),

    // uncovering the problem. Skip this test for older implementations in that situation

    // (cf. b/385800086).

    int vendor_api_level = get_vendor_api_level();

    if (!(is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

          vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__))) {

        // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.

        vector<uint8_t> unique_id9;

        get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);

        EXPECT_NE(unique_id, unique_id9);

    }

}



/*

 * NewKeyGenerationTest.EcdsaAttestationTagNoApplicationId
@@ -2281,6 +2290,16 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { 
 * Verifies that creation of an attested ECDSA key does not include APPLICATION_ID.

 */

TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) {

    int vendor_api_level = get_vendor_api_level();

    if (is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&

        vendor_api_level < AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {

        // Some StrongBox implementations did not correctly handle missing APPLICATION_ID when

        // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under

        // GSI were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be

        // determined), uncovering the problem. Skip this test for older implementations in that

        // situation (cf. b/385800086).

        GTEST_SKIP() << "Skip test on StrongBox device with vendor-api-level < __ANDROID_API_V__";

    }

    auto challenge = "hello";

    auto attest_app_id = "foo";

    auto subject = "cert subj 2";