From 5a0320fbda17a61cd13b17eda5adc06378b7c83a Mon Sep 17 00:00:00 2001 From: Seth Moore Date: Fri, 24 Mar 2023 12:29:08 -0700 Subject: [PATCH] Do not require StrongBox to implement RKP Detect if there is an IRemotelyProvisionedComponent for strongbox, and if so run the associated keymint tests. Else, allow strongbox to skip the test as it's not required to implement the IRPC HAL. Bug: 271948302 Test: VtsAidlKeyMintTargetTest Change-Id: Ibf98e594e725d6ad14c0ff189ab9fbcc25b51f80 --- .../aidl/vts/functional/KeyMintTest.cpp | 34 +++++++++++-------- 1 file changed, 19 insertions(+), 15 deletions(-) diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index c6b8906af9..c45dd3f4f9 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -590,8 +590,7 @@ string device_suffix(const string& name) { return name.substr(pos + 1); } -bool matching_rp_instance(const string& km_name, - std::shared_ptr* rp) { +std::shared_ptr matching_rp_instance(const std::string& km_name) { string km_suffix = device_suffix(km_name); vector rp_names = @@ -601,11 +600,10 @@ bool matching_rp_instance(const string& km_name, // KeyMint instance, assume they match. if (device_suffix(rp_name) == km_suffix && AServiceManager_isDeclared(rp_name.c_str())) { ::ndk::SpAIBinder binder(AServiceManager_waitForService(rp_name.c_str())); - *rp = IRemotelyProvisionedComponent::fromBinder(binder); - return true; + return IRemotelyProvisionedComponent::fromBinder(binder); } } - return false; + return nullptr; } } // namespace @@ -1140,11 +1138,14 @@ TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) { GTEST_SKIP() << "RKP support is not required on this platform"; } - // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint - // instance. - std::shared_ptr rp; - ASSERT_TRUE(matching_rp_instance(GetParam(), &rp)) - << "No IRemotelyProvisionedComponent found that matches KeyMint device " << GetParam(); + // Check for an IRemotelyProvisionedComponent instance associated with the + // KeyMint instance. + std::shared_ptr rp = matching_rp_instance(GetParam()); + if (rp == nullptr && SecLevel() == SecurityLevel::STRONGBOX) { + GTEST_SKIP() << "Encountered StrongBox implementation that does not support RKP"; + } + ASSERT_NE(rp, nullptr) << "No IRemotelyProvisionedComponent found that matches KeyMint device " + << GetParam(); // Generate a P-256 keypair to use as an attestation key. MacedPublicKey macedPubKey; @@ -1218,11 +1219,14 @@ TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) { GTEST_SKIP() << "RKP support is not required on this platform"; } - // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint - // instance. - std::shared_ptr rp; - ASSERT_TRUE(matching_rp_instance(GetParam(), &rp)) - << "No IRemotelyProvisionedComponent found that matches KeyMint device " << GetParam(); + // Check for an IRemotelyProvisionedComponent instance associated with the + // KeyMint instance. + std::shared_ptr rp = matching_rp_instance(GetParam()); + if (rp == nullptr && SecLevel() == SecurityLevel::STRONGBOX) { + GTEST_SKIP() << "Encountered StrongBox implementation that does not support RKP"; + } + ASSERT_NE(rp, nullptr) << "No IRemotelyProvisionedComponent found that matches KeyMint device " + << GetParam(); // Generate a P-256 keypair to use as an attestation key. MacedPublicKey macedPubKey;