KeyMint VTS: Police key validity from v2 HAL
The key validity can be ignored when generatKey on Android-12 (S).
Bug: 257445538
Test: Pass on S builds
Change-Id: Iafd8d080f324c7d8d6affbb9d28d4f265f13e2ab
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 69fe434..b8d0c20 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -1027,6 +1027,15 @@
* without providing NOT_BEFORE and NOT_AFTER parameters.
*/
TEST_P(NewKeyGenerationTest, RsaWithMissingValidity) {
+ if (AidlVersion() < 2) {
+ /*
+ * The KeyMint V1 spec required that CERTIFICATE_NOT_{BEFORE,AFTER} be
+ * specified for asymmetric key generation. However, this was not
+ * checked at the time so we can only be strict about checking this for
+ * implementations of KeyMint version 2 and above.
+ */
+ GTEST_SKIP() << "Validity strict since KeyMint v2";
+ }
// Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to
// GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970.
constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000;
@@ -1680,6 +1689,15 @@
* without providing NOT_BEFORE and NOT_AFTER parameters.
*/
TEST_P(NewKeyGenerationTest, EcdsaWithMissingValidity) {
+ if (AidlVersion() < 2) {
+ /*
+ * The KeyMint V1 spec required that CERTIFICATE_NOT_{BEFORE,AFTER} be
+ * specified for asymmetric key generation. However, this was not
+ * checked at the time so we can only be strict about checking this for
+ * implementations of KeyMint version 2 and above.
+ */
+ GTEST_SKIP() << "Validity strict since KeyMint v2";
+ }
// Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to
// GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970.
constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000;