Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 95b313137073dfb2332875349cf6d6d8d5fd70ef^! / . / security / rkp / aidl / vts / functional
commit95b313137073dfb2332875349cf6d6d8d5fd70ef[log] [tgz]
authorAndrew Scull <ascull@google.com>Mon Mar 27 19:16:07 2023 +0000
committerAndrew Scull <ascull@google.com>Tue Mar 28 18:17:34 2023 +0000
tree3ed9a215c4b48ca94afadb797ef332bb48f5b10e
parent5e311b67f4bb1480141d03c011fbadf1e68dd275 [diff]
Deprecate CSR v1 and v2 in IRPC v3

Deprecate the CSR format from v1 and v2 of the HAL, again. The older CSR
versions were allowed in order to ease migration from the
RemoteProvisioner app over to rkpd and that has now been completed.

Bug: 260920864
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I4d16eb64e4ffe602b4b252159202a4ddb56d63d7

diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index bf40976..9f68bfa 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

@@ -408,16 +408,8 @@
         ASSERT_FALSE(HasFatalFailure());
 
         if (rpcHardwareInfo.versionNumber >= VERSION_WITHOUT_TEST_MODE) {
-            bytevec keysToSignMac;
-            DeviceInfo deviceInfo;
-            ProtectedData protectedData;
-            auto status = provisionable_->generateCertificateRequest(
-                    false, {}, {}, {}, &deviceInfo, &protectedData, &keysToSignMac);
-            if (!status.isOk() && (status.getServiceSpecificError() ==
-                                   BnRemotelyProvisionedComponent::STATUS_REMOVED)) {
-                GTEST_SKIP() << "This test case applies to RKP v3+ only if "
-                             << "generateCertificateRequest() is implemented.";
-            }
+            GTEST_SKIP() << "This test case only applies to RKP v1 and v2. "
+                         << "RKP version discovered: " << rpcHardwareInfo.versionNumber;
         }
     }
 };
@@ -798,6 +790,20 @@
               BnRemotelyProvisionedComponent::STATUS_TEST_KEY_IN_PRODUCTION_REQUEST);
 }
 
+/**
+ * Call generateCertificateRequest(). Make sure it's removed.
+ */
+TEST_P(CertificateRequestV2Test, CertificateRequestV1Removed) {
+    bytevec keysToSignMac;
+    DeviceInfo deviceInfo;
+    ProtectedData protectedData;
+    auto status = provisionable_->generateCertificateRequest(
+            true /* testMode */, {} /* keysToSign */, {} /* EEK chain */, challenge_, &deviceInfo,
+            &protectedData, &keysToSignMac);
+    ASSERT_FALSE(status.isOk()) << status.getMessage();
+    EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_REMOVED);
+}
+
 void parse_root_of_trust(const vector<uint8_t>& attestation_cert,
                          vector<uint8_t>* verified_boot_key, VerifiedBoot* verified_boot_state,
                          bool* device_locked, vector<uint8_t>* verified_boot_hash) {