Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 11:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "KeyMint: Device IDs attestation based on verion." am: 1b7abc43b6 am: d8fdf0b804

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2028224

Change-Id: I6a50f6d5abc485cb4fb38df7383a5cc83ad20a86
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Eran Messeri
2022-03-31 14:27:32 +00:00
committed by Automerger Merge Worker
parent 4e90fa8ecd d8fdf0b804
commit 8adaed5f62
4 changed files with 12 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
security/keymint/aidl/vts/functional/AttestKeyTest.cpp
View File

@@ -783,7 +783,7 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) {
vector<Certificate> attested_key_cert_chain;
auto result = GenerateKey(builder, attest_key, &attested_key_blob,
&attested_key_characteristics, &attested_key_cert_chain);
if (result == ErrorCode::CANNOT_ATTEST_IDS) {
if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
continue;
}

8
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
View File

@@ -207,6 +207,14 @@ uint32_t KeyMintAidlTestBase::boot_patch_level() {
return boot_patch_level(key_characteristics_);
}
/**
* An API to determine device IDs attestation is required or not,
* which is mandatory for KeyMint version 2 or first_api_level 33 or greater.
*/
bool KeyMintAidlTestBase::isDeviceIdAttestationRequired() {
return AidlVersion() >= 2 || property_get_int32("ro.vendor.api_level", 0) >= 33;
}
bool KeyMintAidlTestBase::Curve25519Supported() {
// Strongbox never supports curve 25519.
if (SecLevel() == SecurityLevel::STRONGBOX) {

1
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
View File

@@ -79,6 +79,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
uint32_t vendor_patch_level() { return vendor_patch_level_; }
uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics);
uint32_t boot_patch_level();
bool isDeviceIdAttestationRequired();
bool Curve25519Supported();

4
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View File

@@ -1986,8 +1986,8 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) {
if (SecLevel() == SecurityLevel::STRONGBOX) {
if (result == ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED) return;
}
if (result == ErrorCode::CANNOT_ATTEST_IDS) {
// Device ID attestation is optional; KeyMint may not support it at all.
if (result == ErrorCode::CANNOT_ATTEST_IDS && !isDeviceIdAttestationRequired()) {
// ID attestation was optional till api level 32, from api level 33 it is mandatory.
continue;
}
ASSERT_EQ(result, ErrorCode::OK);