From 3c2da9d21bc216166a73158c8b1690d3ab6ac114 Mon Sep 17 00:00:00 2001 From: Max Bires Date: Wed, 1 Sep 2021 23:21:08 -0700 Subject: [PATCH] AesInvalidKeySize skip 192 on SB devices This change alters the AesInvalidKeySize test to only enforce against StrongBox instances on devices that launch on S or later, not previously launched devices. Ignore-AOSP-First: Cherrypick from AOSP Bug: 191736606 Test: Test passes on a StrongBox enabled device Change-Id: Ic0ff19d2d19d6e18dfbc0fad4b8182264f36b2f6 Merged-In: Ic0ff19d2d19d6e18dfbc0fad4b8182264f36b2f6 --- keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp index 476eed8b19..77b9f47d42 100644 --- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp @@ -940,7 +940,13 @@ TEST_P(NewKeyGenerationTest, HmacDigestNone) { * UNSUPPORTED_KEY_SIZE. */ TEST_P(NewKeyGenerationTest, AesInvalidKeySize) { + int32_t firstApiLevel = property_get_int32("ro.board.first_api_level", 0); for (auto key_size : InvalidKeySizes(Algorithm::AES)) { + // The HAL specification was only clarified to exclude AES-192 for StrongBox in Android S, + // so allow devices that launched on earlier implementations to skip this check. + if (key_size == 192 && SecLevel() == SecurityLevel::STRONGBOX && firstApiLevel < 31) { + continue; + } ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED)