Merge "Effect AIDL: correct some code format" into main
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index ebc039a..de563c4 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -4797,7 +4797,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext1, &result));
EXPECT_EQ(0U, result.size());
}
}
@@ -5305,7 +5305,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext1, &result));
EXPECT_EQ(0U, result.size());
}
}
@@ -5372,7 +5372,7 @@
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_OAEP)));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext, &result));
EXPECT_EQ(0U, result.size());
}
@@ -5442,7 +5442,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext1, &result));
EXPECT_EQ(0U, result.size());
}
}
@@ -5486,7 +5486,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext, &result));
EXPECT_EQ(0U, result.size());
}
@@ -5618,7 +5618,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
string result;
- EXPECT_EQ(ErrorCode::UNKNOWN_ERROR, Finish(ciphertext1, &result));
+ EXPECT_NE(ErrorCode::OK, Finish(ciphertext1, &result));
EXPECT_EQ(0U, result.size());
}
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 780c3d2..34f7ce4 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -962,6 +962,20 @@
return signedRequest->value();
}
+ErrMsgOr<hwtrust::DiceChain::Kind> getDiceChainKind() {
+ int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1);
+ switch (vendor_api_level) {
+ case __ANDROID_API_T__:
+ return hwtrust::DiceChain::Kind::kVsr13;
+ case __ANDROID_API_U__:
+ return hwtrust::DiceChain::Kind::kVsr14;
+ case __ANDROID_API_V__:
+ return hwtrust::DiceChain::Kind::kVsr15;
+ default:
+ return "Unsupported vendor API level: " + std::to_string(vendor_api_level);
+ }
+}
+
ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t>& request,
const std::vector<uint8_t>& challenge) {
auto [parsedRequest, _, csrErrMsg] = cppbor::parse(request);
@@ -996,7 +1010,12 @@
}
// DICE chain is [ pubkey, + DiceChainEntry ].
- auto diceContents = validateBcc(diceCertChain, hwtrust::DiceChain::Kind::kVsr14);
+ auto diceChainKind = getDiceChainKind();
+ if (!diceChainKind) {
+ return diceChainKind.message();
+ }
+
+ auto diceContents = validateBcc(diceCertChain, *diceChainKind);
if (!diceContents) {
return diceContents.message() + "\n" + prettyPrint(diceCertChain);
}
diff --git a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
index 80f7cbd..15b0442 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
+++ b/security/rkp/aidl/android/hardware/security/keymint/generateCertificateRequestV2.cddl
@@ -90,9 +90,10 @@
DiceChainEntryPayload = { ; CWT [RFC8392]
1 : tstr, ; Issuer
2 : tstr, ; Subject
+ -4670554 : "android.15", ; Profile Name
-4670552 : bstr .cbor PubKeyEd25519 /
bstr .cbor PubKeyECDSA256 /
- bstr .cbor PubKeyECDSA384, ; Subject Public Key
+ bstr .cbor PubKeyECDSA384, ; Subject Public Key
-4670553 : bstr ; Key Usage
; NOTE: All of the following fields may be omitted for a "Degenerate DICE Chain", as