commit c3de1caf4327dc367a95f7416cba19827428bd1b
author David Drysdale <drysdale@google.com> Tue May 09 08:10:36 2023 +0100
committer David Drysdale <drysdale@google.com> Tue Jul 04 13:23:04 2023 +0100
tree 2e567a11ef401eb971b1735e0f352348d4fb6e47
parent e959d0923dfc3786c4fd44e49a578d8b12223cea

Skip ATTEST_KEY using variant on waivered devices

Bug: 281452355
Bug: 289451966
Test: VtsAidlKeyMintTargetTest
Change-Id: Id448edae88569518deb2db4ab7bf50d16f33709a

security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp

diff --git a/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp b/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp
index 4830422..7ccd246 100644
--- a/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyBlobUpgradeTest.cpp
@@ -74,6 +74,9 @@
 
 namespace {
 
+// Names for individual key types to create and use.  Note that some the names
+// induce specific behaviour, as indicated by the functions below.
+
 std::vector<std::string> keyblob_names_tee = {
         "aes-key",        "aes-key-rr",      "des-key",           "hmac-key",
         "rsa-key",        "p256-key",        "ed25519-key",       "x25519-key",
@@ -87,6 +90,11 @@
                                              "hmac-key",       "rsa-key",        "p256-key",
                                              "rsa-attest-key", "p256-attest-key"};
 
+// Helper functions to detect particular key types based on the name.
+bool requires_attest_key(const std::string& name) {
+    return name.find("-attest-key") != std::string::npos;
+}
+
 bool requires_rr(const std::string& name) {
     return name.find("-rr") != std::string::npos;
 }
@@ -210,6 +218,11 @@
         }
 
         for (std::string name : keyblob_names()) {
+            if (requires_attest_key(name) && shouldSkipAttestKeyTest()) {
+                std::cerr << "Skipping variant '" << name
+                          << "' which requires ATTEST_KEY support that has been waivered\n";
+                continue;
+            }
             for (bool with_hidden : {false, true}) {
                 std::string app_id;
                 std::string app_data;
@@ -358,6 +371,11 @@
             }};
 
     for (std::string name : keyblob_names()) {
+        if (requires_attest_key(name) && shouldSkipAttestKeyTest()) {
+            std::cerr << "Skipping variant '" << name
+                      << "' which requires ATTEST_KEY support that has been waivered\n";
+            continue;
+        }
         auto entry = keys_info.find(name);
         ASSERT_NE(entry, keys_info.end()) << "no builder for " << name;
         auto builder = entry->second;
@@ -441,6 +459,11 @@
     }
 
     for (std::string name : keyblob_names()) {
+        if (requires_attest_key(name) && shouldSkipAttestKeyTest()) {
+            std::cerr << "Skipping variant '" << name
+                      << "' which requires ATTEST_KEY support that has been waivered\n";
+            continue;
+        }
         for (bool with_hidden : {false, true}) {
             auto builder = AuthorizationSetBuilder();
             if (with_hidden) {
@@ -540,7 +563,7 @@
 
                 // Both ways round should agree.
                 EXPECT_EQ(keymint_data, local_data);
-            } else if (name.find("-attest-key") != std::string::npos) {
+            } else if (requires_attest_key(name)) {
                 // Covers rsa-attest-key, p256-attest-key, ed25519-attest-key.
 
                 // Use attestation key to sign RSA signing key