Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / a12ac74603656aa4bb723f8472b2842d20a9d250^! / .
commita12ac74603656aa4bb723f8472b2842d20a9d250[log] [tgz]
authorSeth Moore <sethmo@google.com>Fri Mar 03 13:40:30 2023 -0800
committerSeth Moore <sethmo@google.com>Tue Mar 14 15:48:08 2023 +0000
tree06b5c367e61224033d1e97b3c5049b96f67a37a5
parent650c081f233eb8e13d575e6a44fc359e700e131d [diff]
Fix RKP support assumptions for keymint VTS

The support level for strongbox is different from the tee
implementation. Additionally, we were incorrectly checking the keymint
aidl version. KeyMint 1.0 supported ATTEST_KEY, so it's unclear why we
were ever checking for KeyMint 2.0.

Test: VtsAidlKeyMintTargetTest
Bug: 263844771
Change-Id: I750367902fec90204d71c1e158404b2421f9ad87

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index fb5ef49..15b9bcc 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

@@ -1283,6 +1283,19 @@
 
     return retval;
 }
+
+bool KeyMintAidlTestBase::IsRkpSupportRequired() const {
+    if (get_vsr_api_level() >= __ANDROID_API_T__) {
+        return true;
+    }
+
+    if (get_vsr_api_level() >= __ANDROID_API_S__) {
+        return SecLevel() != SecurityLevel::STRONGBOX;
+    }
+
+    return false;
+}
+
 vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) {
     switch (algorithm) {
         case Algorithm::RSA:

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index a6a9df6..69a0e3e 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

@@ -309,6 +309,7 @@
     }
     bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
     SecurityLevel SecLevel() const { return securityLevel_; }
+    bool IsRkpSupportRequired() const;
 
     vector<uint32_t> ValidKeySizes(Algorithm algorithm);
     vector<uint32_t> InvalidKeySizes(Algorithm algorithm);

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 9e66f08..c6b8906 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -1136,8 +1136,8 @@
  * that has been generated using an associate IRemotelyProvisionedComponent.
  */
 TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) {
-    if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) {
-        GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";
+    if (!IsRkpSupportRequired()) {
+        GTEST_SKIP() << "RKP support is not required on this platform";
     }
 
     // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint
@@ -1214,8 +1214,8 @@
  * that has been generated using an associate IRemotelyProvisionedComponent.
  */
 TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) {
-    if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) {
-        GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";
+    if (!IsRkpSupportRequired()) {
+        GTEST_SKIP() << "RKP support is not required on this platform";
     }
 
     // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint