Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 11:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix attestation error checks

Browse Source 
Avoid the ADD_FAILURE at the end if attestion ID failure uses an allowed
return code.

Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I0dcac312ac4516a078b2742721e3a19074da52b1
This commit is contained in:
David Drysdale
2023-07-04 13:08:30 +01:00
parent e959d0923d
commit 810fbcffed
1 changed files with 10 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
View File

@@ -2192,30 +2192,26 @@ void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey)
// Check the error code from an attempt to perform device ID attestation with an invalid value.
void device_id_attestation_check_acceptable_error(Tag tag, const ErrorCode& result) {
// Standard/default error code for ID mismatch.
if (result == ErrorCode::CANNOT_ATTEST_IDS) {
return;
}
// Depending on the situation, other error codes may be acceptable. First, allow older
// implementations to use INVALID_TAG.
if (result == ErrorCode::INVALID_TAG) {
// Standard/default error code for ID mismatch.
} else if (result == ErrorCode::INVALID_TAG) {
// Depending on the situation, other error codes may be acceptable. First, allow older
// implementations to use INVALID_TAG.
ASSERT_FALSE(get_vsr_api_level() > __ANDROID_API_T__)
<< "It is a specification violation for INVALID_TAG to be returned due to ID "
<< "mismatch in a Device ID Attestation call. INVALID_TAG is only intended to "
<< "be used for a case where updateAad() is called after update(). As of "
<< "VSR-14, this is now enforced as an error.";
}
// If the device is not a phone, it will not have IMEI/MEID values available. Allow
// ATTESTATION_IDS_NOT_PROVISIONED in this case.
if (result == ErrorCode::ATTESTATION_IDS_NOT_PROVISIONED) {
} else if (result == ErrorCode::ATTESTATION_IDS_NOT_PROVISIONED) {
// If the device is not a phone, it will not have IMEI/MEID values available. Allow
// ATTESTATION_IDS_NOT_PROVISIONED in this case.
ASSERT_TRUE((tag == TAG_ATTESTATION_ID_IMEI || tag == TAG_ATTESTATION_ID_MEID ||
tag == TAG_ATTESTATION_ID_SECOND_IMEI))
<< "incorrect error code on attestation ID mismatch";
} else {
ADD_FAILURE() << "Error code " << result
<< " returned on attestation ID mismatch, should be CANNOT_ATTEST_IDS";
}
ADD_FAILURE() << "Error code " << result
<< " returned on attestation ID mismatch, should be CANNOT_ATTEST_IDS";
}
// Check whether the given named feature is available.