Merge "Fixed attestation properties reading." into android15-tests-dev
diff --git a/keymaster/4.1/vts/functional/DeviceUniqueAttestationTest.cpp b/keymaster/4.1/vts/functional/DeviceUniqueAttestationTest.cpp
index 4a57f44..fc5979a 100644
--- a/keymaster/4.1/vts/functional/DeviceUniqueAttestationTest.cpp
+++ b/keymaster/4.1/vts/functional/DeviceUniqueAttestationTest.cpp
@@ -229,13 +229,13 @@
.Authorization(TAG_INCLUDE_UNIQUE_ID))));
hidl_vec<hidl_vec<uint8_t>> cert_chain;
- EXPECT_EQ(ErrorCode::UNIMPLEMENTED,
- convert(AttestKey(
- AuthorizationSetBuilder()
+ ErrorCode result = convert(
+ AttestKey(AuthorizationSetBuilder()
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)
.Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))
.Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")),
- &cert_chain)));
+ &cert_chain));
+ EXPECT_TRUE(result == ErrorCode::UNIMPLEMENTED || result == ErrorCode::INVALID_ARGUMENT);
CheckedDeleteKey();
ASSERT_EQ(ErrorCode::OK, convert(GenerateKey(AuthorizationSetBuilder()
@@ -244,13 +244,13 @@
.Digest(Digest::SHA_2_256)
.Authorization(TAG_INCLUDE_UNIQUE_ID))));
- EXPECT_EQ(ErrorCode::UNIMPLEMENTED,
- convert(AttestKey(
- AuthorizationSetBuilder()
+ result = convert(
+ AttestKey(AuthorizationSetBuilder()
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)
.Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))
.Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")),
- &cert_chain)));
+ &cert_chain));
+ EXPECT_TRUE(result == ErrorCode::UNIMPLEMENTED || result == ErrorCode::INVALID_ARGUMENT);
CheckedDeleteKey();
}
diff --git a/nfc/aidl/vts/functional/VtsNfcBehaviorChangesTest.cpp b/nfc/aidl/vts/functional/VtsNfcBehaviorChangesTest.cpp
index ff2522c..a61f8ee 100644
--- a/nfc/aidl/vts/functional/VtsNfcBehaviorChangesTest.cpp
+++ b/nfc/aidl/vts/functional/VtsNfcBehaviorChangesTest.cpp
@@ -114,16 +114,26 @@
}
}
-void static nfaVSCallback(uint8_t event, uint16_t /* param_len */, uint8_t* p_param) {
+void static nfaVSCallback(uint8_t event, uint16_t param_len, uint8_t* p_param) {
switch (event & NCI_OID_MASK) {
case NCI_MSG_PROP_ANDROID: {
uint8_t android_sub_opcode = p_param[3];
switch (android_sub_opcode) {
case NCI_ANDROID_PASSIVE_OBSERVE: {
- sVSCmdStatus = p_param[4];
- LOG(INFO) << StringPrintf("Observe mode RSP: status: %x", sVSCmdStatus);
- SyncEventGuard guard(sNfaVsCommand);
- sNfaVsCommand.notifyOne();
+ if (param_len == 5) {
+ if ((p_param[0] & NCI_MT_MASK) == (NCI_MT_RSP << NCI_MT_SHIFT)) {
+ sVSCmdStatus = p_param[4];
+ LOG(INFO) << StringPrintf("Observe mode RSP: status: %x", sVSCmdStatus);
+ SyncEventGuard guard(sNfaVsCommand);
+ sNfaVsCommand.notifyOne();
+ } else {
+ LOG(WARNING) << StringPrintf(
+ "Observe Mode RSP has incorrect message type: %x", p_param[0]);
+ }
+ } else {
+ LOG(WARNING) << StringPrintf("Observe Mode RSP has incorrect length: %d",
+ param_len);
+ }
} break;
case NCI_ANDROID_POLLING_FRAME_NTF: {
// TODO
@@ -152,12 +162,11 @@
}
}
- uint8_t cmd[] = {(NCI_MT_CMD << NCI_MT_SHIFT) | NCI_GID_PROP, NCI_MSG_PROP_ANDROID,
- NCI_ANDROID_PASSIVE_OBSERVE_PARAM_SIZE, NCI_ANDROID_PASSIVE_OBSERVE,
+ uint8_t cmd[] = {NCI_ANDROID_PASSIVE_OBSERVE,
static_cast<uint8_t>(enable ? NCI_ANDROID_PASSIVE_OBSERVE_PARAM_ENABLE
: NCI_ANDROID_PASSIVE_OBSERVE_PARAM_DISABLE)};
- status = NFA_SendRawVsCommand(sizeof(cmd), cmd, nfaVSCallback);
+ status = NFA_SendVsCommand(NCI_MSG_PROP_ANDROID, sizeof(cmd), cmd, nfaVSCallback);
if (status == NFA_STATUS_OK) {
if (!sNfaVsCommand.wait(1000)) {
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 527b5e0..f0c34eb 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -2266,10 +2266,18 @@
get_unique_id(app_id, min_date - 1, &unique_id8);
EXPECT_NE(unique_id, unique_id8);
- // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.
- vector<uint8_t> unique_id9;
- get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);
- EXPECT_NE(unique_id, unique_id9);
+ // Some StrongBox implementations did not correctly handle RESET_SINCE_ID_ROTATION when
+ // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under GSI
+ // were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be determined),
+ // uncovering the problem. Skip this test for older implementations in that situation
+ // (cf. b/385800086).
+ if (!(is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&
+ get_vsr_api_level() < __ANDROID_API_V__)) {
+ // Marking RESET_SINCE_ID_ROTATION should give a different unique ID.
+ vector<uint8_t> unique_id9;
+ get_unique_id(app_id, cert_date, &unique_id9, /* reset_id = */ true);
+ EXPECT_NE(unique_id, unique_id9);
+ }
}
/*
@@ -2278,6 +2286,15 @@
* Verifies that creation of an attested ECDSA key does not include APPLICATION_ID.
*/
TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) {
+ if (is_gsi_image() && SecLevel() == SecurityLevel::STRONGBOX &&
+ get_vsr_api_level() < __ANDROID_API_V__) {
+ // Some StrongBox implementations did not correctly handle missing APPLICATION_ID when
+ // combined with use of an ATTEST_KEY, but this was not previously tested. Tests under
+ // GSI were updated to implicitly use ATTEST_KEYS (because rkp-only status cannot be
+ // determined), uncovering the problem. Skip this test for older implementations in that
+ // situation (cf. b/385800086).
+ GTEST_SKIP() << "Skip test on StrongBox device with vendor-api-level < __ANDROID_API_V__";
+ }
auto challenge = "hello";
auto attest_app_id = "foo";
auto subject = "cert subj 2";