From a12ac74603656aa4bb723f8472b2842d20a9d250 Mon Sep 17 00:00:00 2001 From: Seth Moore Date: Fri, 3 Mar 2023 13:40:30 -0800 Subject: [PATCH] Fix RKP support assumptions for keymint VTS The support level for strongbox is different from the tee implementation. Additionally, we were incorrectly checking the keymint aidl version. KeyMint 1.0 supported ATTEST_KEY, so it's unclear why we were ever checking for KeyMint 2.0. Test: VtsAidlKeyMintTargetTest Bug: 263844771 Change-Id: I750367902fec90204d71c1e158404b2421f9ad87 --- .../aidl/vts/functional/KeyMintAidlTestBase.cpp | 13 +++++++++++++ .../aidl/vts/functional/KeyMintAidlTestBase.h | 1 + .../keymint/aidl/vts/functional/KeyMintTest.cpp | 8 ++++---- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index fb5ef49e36..15b9bcc538 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -1283,6 +1283,19 @@ std::pair> KeyMintAidlTestBase::UpgradeKey( return retval; } + +bool KeyMintAidlTestBase::IsRkpSupportRequired() const { + if (get_vsr_api_level() >= __ANDROID_API_T__) { + return true; + } + + if (get_vsr_api_level() >= __ANDROID_API_S__) { + return SecLevel() != SecurityLevel::STRONGBOX; + } + + return false; +} + vector KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) { switch (algorithm) { case Algorithm::RSA: diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h index a6a9df60f8..69a0e3ee28 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -309,6 +309,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { } bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; } SecurityLevel SecLevel() const { return securityLevel_; } + bool IsRkpSupportRequired() const; vector ValidKeySizes(Algorithm algorithm); vector InvalidKeySizes(Algorithm algorithm); diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index 9e66f086b2..c6b8906af9 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -1136,8 +1136,8 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) { * that has been generated using an associate IRemotelyProvisionedComponent. */ TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) { - if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) { - GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+"; + if (!IsRkpSupportRequired()) { + GTEST_SKIP() << "RKP support is not required on this platform"; } // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint @@ -1214,8 +1214,8 @@ TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) { * that has been generated using an associate IRemotelyProvisionedComponent. */ TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) { - if (get_vsr_api_level() < __ANDROID_API_T__ || AidlVersion() < 2) { - GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+"; + if (!IsRkpSupportRequired()) { + GTEST_SKIP() << "RKP support is not required on this platform"; } // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint