Merge "KeyMint: tweak spec to allow for no v4 in V" into main am: 3fb1cddadc

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2838075 Change-Id: I424a83ebedd5f382a66bdf8e7c77de8a8a1713b6 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2026-02-01 11:36:00 +00:00 · 2023-11-21 10:04:33 +00:00
parent 6e9c879a2a 3fb1cddadc
commit 5f845fe2f7
2 changed files with 10 additions and 9 deletions
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -974,8 +974,8 @@ enum Tag {
     * time in milliseconds.  This value is used when generating attestation or self signed
     * certificates.  ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if
     * this tag is not provided to generateKey or importKey.  For importWrappedKey, there is no way
-     * to specify the value of this tag for the wrapped key, so a value of 0 must be used for
-     * certificate generation.
+     * to specify the value of this tag for a wrapped asymmetric key, so a value of 0 is suggested
+     * for certificate generation.
     */
    CERTIFICATE_NOT_BEFORE = TagType.DATE | 1008,

@@ -983,8 +983,9 @@ enum Tag {
     * Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch time in
     * milliseconds.  This value is used when generating attestation or self signed certificates.
     * ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey or
-     * importKey.  For importWrappedKey, there is no way to specify the value of this tag for the
-     * wrapped key, so a value of 253402300799000 is used for certificate generation.
+     * importKey.  For importWrappedKey, there is no way to specify the value of this tag for a
+     * wrapped asymmetric key, so a value of 253402300799000 is suggested for certificate
+     * generation.
     */
    CERTIFICATE_NOT_AFTER = TagType.DATE | 1009,

--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -4123,13 +4123,13 @@ TEST_P(ImportKeyTest, EcdsaSuccess) {
 * when the EC_CURVE is not explicitly specified.
 */
 TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) {
-    if (AidlVersion() < 4) {
+    if (get_vsr_api_level() < __ANDROID_API_V__) {
        /*
-         * The KeyMint spec before V4 was not clear as to whether EC_CURVE was optional on import of
-         * EC keys. However, this was not checked at the time so we can only be strict about
-         * checking this for implementations of KeyMint version 4 and above.
+         * The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import
+         * of EC keys. However, this was not checked at the time so we can only be strict about
+         * checking this for implementations at VSR-V or later.
         */
-        GTEST_SKIP() << "Skipping EC_CURVE on import only strict since KeyMint v4";
+        GTEST_SKIP() << "Skipping EC_CURVE on import only strict >= VSR-V";
    }

    ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()