Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 15:58:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow extra error code in device ID attestation am: 94042a987c

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/23916423

Change-Id: Iab873fac8b3c21fe3d7aa9d6bf4e6c822e02fc85
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
David Drysdale
2023-07-12 10:18:43 +00:00
committed by Automerger Merge Worker
parent 9312b9ef41 94042a987c
commit 7a46f5c9aa
4 changed files with 25 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
security/keymint/aidl/vts/functional/AttestKeyTest.cpp
View File

@@ -961,10 +961,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationMismatchID) {
vector<Certificate> attested_key_cert_chain;
auto result = GenerateKey(builder, attest_key, &attested_key_blob,
&attested_key_characteristics, &attested_key_cert_chain);
ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS || result == ErrorCode::INVALID_TAG)
<< "result = " << result;
device_id_attestation_vsr_check(result);
device_id_attestation_check_acceptable_error(invalid_tag.tag, result);
}
CheckedDeleteKey(&attest_key.keyBlob);
}
@@ -1026,8 +1023,6 @@ TEST_P(AttestKeyTest, SecondIMEIAttestationIDSuccess) {
ASSERT_EQ(result, ErrorCode::OK);
device_id_attestation_vsr_check(result);
CheckedDeleteKey(&attested_key_blob);
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
@@ -1107,8 +1102,6 @@ TEST_P(AttestKeyTest, MultipleIMEIAttestationIDSuccess) {
ASSERT_EQ(result, ErrorCode::OK);
device_id_attestation_vsr_check(result);
CheckedDeleteKey(&attested_key_blob);
AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);

4
security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
View File

@@ -374,8 +374,8 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaDeviceUniqueAttestationMismatchID) {
// Add the tag that doesn't match the local device's real ID.
builder.push_back(invalid_tag);
auto result = GenerateKey(builder, &key_blob, &key_characteristics);
ASSERT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS || result == ErrorCode::INVALID_TAG);
device_id_attestation_vsr_check(result);
device_id_attestation_check_acceptable_error(invalid_tag.tag, result);
}
}

24
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
View File

@@ -2153,14 +2153,32 @@ void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey)
*signingKey = std::move(pubKey);
}
void device_id_attestation_vsr_check(const ErrorCode& result) {
if (get_vsr_api_level() > __ANDROID_API_T__) {
ASSERT_FALSE(result == ErrorCode::INVALID_TAG)
// Check the error code from an attempt to perform device ID attestation with an invalid value.
void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result) {
// Standard/default error code for ID mismatch.
if (result == ErrorCode::CANNOT_ATTEST_IDS) {
return;
}
// Depending on the situation, other error codes may be acceptable. First, allow older
// implementations to use INVALID_TAG.
if (result == ErrorCode::INVALID_TAG) {
ASSERT_FALSE(get_vsr_api_level() > __ANDROID_API_T__)
<< "It is a specification violation for INVALID_TAG to be returned due to ID "
<< "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to "
<< "be used for a case where updateAad() is called after update(). As of "
<< "VSR-14, this is now enforced as an error.";
}
// If the device is not a phone, it will not have IMEI/MEID values available. Allow
// ATTESTATION_IDS_NOT_PROVISIONED in this case.
if (result == ErrorCode::ATTESTATION_IDS_NOT_PROVISIONED) {
ASSERT_TRUE((tag == TAG_ATTESTATION_ID_IMEI || tag == TAG_ATTESTATION_ID_MEID ||
tag == TAG_ATTESTATION_ID_SECOND_IMEI))
<< "incorrect error code on attestation ID mismatch";
}
ADD_FAILURE() << "Error code " << result
<< " returned on attestation ID mismatch, should be CANNOT_ATTEST_IDS";
}
// Check whether the given named feature is available.

2
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
View File

@@ -421,7 +421,7 @@ vector<uint8_t> make_name_from_str(const string& name);
void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
vector<uint8_t>* payload_value);
void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
void device_id_attestation_vsr_check(const ErrorCode& result);
void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result);
bool check_feature(const std::string& name);
AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);