commit c63a83d56d66e647abf64ee653594931201c84b4
author Rajesh Nyamagoud <nyamagoud@google.com> Wed Sep 04 16:48:10 2024 +0000
committer Rajesh Nyamagoud <nyamagoud@google.com> Wed Sep 04 16:55:06 2024 +0000
tree b5ef6f630b613a51809c30e54207ca400b35cc79
parent 6a034e016092dc64917cfa5fc5bc77e04d54de33

Avoid checking VENDOR_PATCHLEVEL in generated key characteristics if
the underlying device is a Keymaster implementation.

Test: atest keystore_client_tests
Bug: 363936743
Change-Id: I5cf8f89674ff9c73181c9b2f6ed225c8bf6d0062

keystore2/test_utils/key_generations.rs

diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs
index 258c68f..e2f0b3e 100644
--- a/keystore2/test_utils/key_generations.rs
+++ b/keystore2/test_utils/key_generations.rs
@@ -466,14 +466,19 @@
             return true;
         }
 
+        // Don't check these parameters if the underlying device is a Keymaster implementation.
         if sl.is_keymaster() {
-            // `Tag::USAGE_COUNT_LIMIT` was added in KeyMint 1.0, so don't check for it if the
-            // underlying device is a Keymaster implementation.
-            if matches!(key_param.tag, Tag::USAGE_COUNT_LIMIT) {
+            if matches!(
+                key_param.tag,
+                // `Tag::USAGE_COUNT_LIMIT` was added in KeyMint 1.0.
+                Tag::USAGE_COUNT_LIMIT |
+                // Keymaster implementations may not consistently include `Tag::VENDOR_PATCHLEVEL`
+                // in generated key characteristics.
+                Tag::VENDOR_PATCHLEVEL
+            ) {
                 return true;
             }
-            // `KeyPurpose::ATTEST_KEY` was added in KeyMint 1.0, so don't check for it if the
-            // underlying device is a Keymaster implementation.
+            // `KeyPurpose::ATTEST_KEY` was added in KeyMint 1.0.
             if key_param.tag == Tag::PURPOSE
                 && key_param.value == KeyParameterValue::KeyPurpose(KeyPurpose::ATTEST_KEY)
             {