Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 0ec301f8cbac75bbbb78d2a2849f33aa2553f938^1..0ec301f8cbac75bbbb78d2a2849f33aa2553f938 / .
commit0ec301f8cbac75bbbb78d2a2849f33aa2553f938[log] [tgz]
authorTommy Chiu <tommychiu@google.com>Mon Nov 14 15:19:33 2022 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Mon Nov 14 15:19:33 2022 +0000
treeb1e05a800bbe72149e4b68c824ba7124cd5098a8
parent2b744845763b620c3525614e43b2241ab38a6ee9 [diff]
parent5e435cbce28a5c2b3a6e84188a2db7e5e663ef92 [diff]
KeyMint VTS: Police key validity from v2 HAL am: 7d22f60924 am: 5e435cbce2

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2300102

Change-Id: I04dd82beb4883af905d7af83a41b9c3e647da961
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 69fe434..b8d0c20 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -1027,6 +1027,15 @@
  * without providing NOT_BEFORE and NOT_AFTER parameters.
  */
 TEST_P(NewKeyGenerationTest, RsaWithMissingValidity) {
+    if (AidlVersion() < 2) {
+        /*
+         * The KeyMint V1 spec required that CERTIFICATE_NOT_{BEFORE,AFTER} be
+         * specified for asymmetric key generation. However, this was not
+         * checked at the time so we can only be strict about checking this for
+         * implementations of KeyMint version 2 and above.
+         */
+        GTEST_SKIP() << "Validity strict since KeyMint v2";
+    }
     // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to
     // GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970.
     constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000;
@@ -1680,6 +1689,15 @@
  * without providing NOT_BEFORE and NOT_AFTER parameters.
  */
 TEST_P(NewKeyGenerationTest, EcdsaWithMissingValidity) {
+    if (AidlVersion() < 2) {
+        /*
+         * The KeyMint V1 spec required that CERTIFICATE_NOT_{BEFORE,AFTER} be
+         * specified for asymmetric key generation. However, this was not
+         * checked at the time so we can only be strict about checking this for
+         * implementations of KeyMint version 2 and above.
+         */
+        GTEST_SKIP() << "Validity strict since KeyMint v2";
+    }
     // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to
     // GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970.
     constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000;