Merge "AesInvalidKeySize skip 192 on SB devices" into stage-aosp-sc-ts-dev

commit: 89ec9c60e81e15a41308952b55c03656197b51b6 [log] [tgz]
author: Max Bires <jbires@google.com> Fri Sep 10 17:38:04 2021 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri Sep 10 17:38:04 2021 +0000
tree: bba89ea38f4b8a7cf23971eb9b38aec84c65c611
parent: 11860f29846accb3e44f5a93eca964d7239261b4 [diff]
parent: 3c2da9d21bc216166a73158c8b1690d3ab6ac114 [diff]
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 476eed8..77b9f47 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

@@ -940,7 +940,13 @@
  * UNSUPPORTED_KEY_SIZE.
  */
 TEST_P(NewKeyGenerationTest, AesInvalidKeySize) {
+    int32_t firstApiLevel = property_get_int32("ro.board.first_api_level", 0);
     for (auto key_size : InvalidKeySizes(Algorithm::AES)) {
+        // The HAL specification was only clarified to exclude AES-192 for StrongBox in Android S,
+        // so allow devices that launched on earlier implementations to skip this check.
+        if (key_size == 192 && SecLevel() == SecurityLevel::STRONGBOX && firstApiLevel < 31) {
+            continue;
+        }
         ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
                   GenerateKey(AuthorizationSetBuilder()
                                       .Authorization(TAG_NO_AUTH_REQUIRED)
commit	89ec9c60e81e15a41308952b55c03656197b51b6	[log] [tgz]
author	Max Bires <jbires@google.com>	Fri Sep 10 17:38:04 2021 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri Sep 10 17:38:04 2021 +0000
tree	bba89ea38f4b8a7cf23971eb9b38aec84c65c611
parent	11860f29846accb3e44f5a93eca964d7239261b4 [diff]
parent	3c2da9d21bc216166a73158c8b1690d3ab6ac114 [diff]