Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f9b12ac7 authored by Eran Messeri's avatar Eran Messeri Committed by Automerger Merge Worker
Browse files

Merge "KeyMint: Device IDs attestation based on verion." am: 1b7abc43 am:... 

Merge "KeyMint: Device IDs attestation based on verion." am: 1b7abc43 am: d8fdf0b8 am: 8adaed5f

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2028224



Change-Id: I2937358195e0218cf7337b989686f649b7e82d22
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 98b2a207 8adaed5f

security/keymint/aidl/vts/functional/AttestKeyTest.cpp

+1 −1
Original line number Diff line number Diff line
@@ -783,7 +783,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { 
        vector<Certificate> attested_key_cert_chain;

        auto result = GenerateKey(builder, attest_key, &attested_key_blob,

                                  &attested_key_characteristics, &attested_key_cert_chain);

        if (result == ErrorCode::CANNOT_ATTEST_IDS) {

        if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {

            continue;

        }

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+8 −0
Original line number Diff line number Diff line
@@ -207,6 +207,14 @@ uint32_t KeyMintAidlTestBase::boot_patch_level() { 
    return boot_patch_level(key_characteristics_);

}



/**

 * An API to determine device IDs attestation is required or not,

 * which is mandatory for KeyMint version 2 or first_api_level 33 or greater.

 */

bool KeyMintAidlTestBase::isDeviceIdAttestationRequired() {

    return AidlVersion() >= 2 || property_get_int32("ro.vendor.api_level", 0) >= 33;

}



bool KeyMintAidlTestBase::Curve25519Supported() {

    // Strongbox never supports curve 25519.

    if (SecLevel() == SecurityLevel::STRONGBOX) {

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

+1 −0
Original line number Diff line number Diff line
@@ -79,6 +79,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { 
    uint32_t vendor_patch_level() { return vendor_patch_level_; }

    uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics);

    uint32_t boot_patch_level();

    bool isDeviceIdAttestationRequired();



    bool Curve25519Supported();

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+2 −2
Original line number Diff line number Diff line
@@ -1986,8 +1986,8 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { 
        if (SecLevel() == SecurityLevel::STRONGBOX) {

            if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;

        }

        if (result == ErrorCode::CANNOT_ATTEST_IDS) {

            // Device ID attestation is optional; KeyMint may not support it at all.

        if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {

            // ID attestation was optional till api level 32, from api level 33 it is mandatory.

            continue;

        }

        ASSERT_EQ(result, ErrorCode::OK);