Merge "AesInvalidKeySize skip 192 on SB devices" into stage-aosp-sc-ts-dev
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 476eed8..77b9f47 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -940,7 +940,13 @@
* UNSUPPORTED_KEY_SIZE.
*/
TEST_P(NewKeyGenerationTest, AesInvalidKeySize) {
+ int32_t firstApiLevel = property_get_int32("ro.board.first_api_level", 0);
for (auto key_size : InvalidKeySizes(Algorithm::AES)) {
+ // The HAL specification was only clarified to exclude AES-192 for StrongBox in Android S,
+ // so allow devices that launched on earlier implementations to skip this check.
+ if (key_size == 192 && SecLevel() == SecurityLevel::STRONGBOX && firstApiLevel < 31) {
+ continue;
+ }
ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)