diff options
author | Benjamin Grimberg <quic_bgrimber@quicinc.com> | 2023-01-05 14:48:36 +0200 |
---|---|---|
committer | Android Build Cherrypicker Worker <android-build-cherrypicker-worker@google.com> | 2023-11-21 17:36:33 +0000 |
commit | 607b558deea7476e7615059f25aa612f9f390f3e (patch) | |
tree | 22d8479e12886d130538bf3c494ed2c51b86f102 | |
parent | 288de6d6fb5ea0b08b60825bced127a04209dfe2 (diff) | |
download | interfaces-607b558deea7476e7615059f25aa612f9f390f3e.tar.gz |
Fix AttestKeyTest failures in KeyMint VTS
Skip attestation key tests if the feature
FEATURE_KEYSTORE_APP_ATTEST_KEY is disabled on device,
as done in KeyMint CTS.
Bug: 244460948
Bug: 265740739
Test: VtsAidlKeyMintTargetTest
(cherry picked from https://android-review.googlesource.com/q/commit:981c9c223671d9012781acf6e9128fd037578833)
Merged-In: I8199e5c7570b10b71f127c7439b889c0b3327865
Change-Id: I8199e5c7570b10b71f127c7439b889c0b3327865
-rw-r--r-- | security/keymint/aidl/vts/functional/AttestKeyTest.cpp | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index 23e9d6a31c..959e3e380c 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -35,7 +35,17 @@ bool IsSelfSigned(const vector<Certificate>& chain) { } // namespace class AttestKeyTest : public KeyMintAidlTestBase { + public: + void SetUp() override { + check_skip_test(); + KeyMintAidlTestBase::SetUp(); + } + protected: + const string FEATURE_KEYSTORE_APP_ATTEST_KEY = "android.hardware.keystore.app_attest_key"; + + const string FEATURE_STRONGBOX_KEYSTORE = "android.hardware.strongbox_keystore"; + ErrorCode GenerateAttestKey(const AuthorizationSet& key_desc, const optional<AttestationKey>& attest_key, vector<uint8_t>* key_blob, @@ -60,6 +70,59 @@ class AttestKeyTest : public KeyMintAidlTestBase { } return GenerateKey(key_desc, attest_key, key_blob, key_characteristics, cert_chain); } + + // Check if ATTEST_KEY feature is disabled + bool is_attest_key_feature_disabled(void) const { + if (!check_feature(FEATURE_KEYSTORE_APP_ATTEST_KEY)) { + GTEST_LOG_(INFO) << "Feature " + FEATURE_KEYSTORE_APP_ATTEST_KEY + " is disabled"; + return true; + } + + return false; + } + + // Check if StrongBox KeyStore is enabled + bool is_strongbox_enabled(void) const { + if (check_feature(FEATURE_STRONGBOX_KEYSTORE)) { + GTEST_LOG_(INFO) << "Feature " + FEATURE_STRONGBOX_KEYSTORE + " is enabled"; + return true; + } + + return false; + } + + // Check if chipset has received a waiver allowing it to be launched with + // Android S (or later) with Keymaster 4.0 in StrongBox + bool is_chipset_allowed_km4_strongbox(void) const { + std::array<char, PROPERTY_VALUE_MAX> buffer; + + auto res = property_get("ro.vendor.qti.soc_model", buffer.data(), nullptr); + if (res <= 0) return false; + + const string allowed_soc_models[] = {"SM8450", "SM8475", "SM8550", "SXR2230P"}; + + for (const string model : allowed_soc_models) { + if (model.compare(buffer.data()) == 0) { + GTEST_LOG_(INFO) << "QTI SOC Model " + model + " is allowed SB KM 4.0"; + return true; + } + } + + return false; + } + + // Skip the test if all the following conditions hold: + // 1. ATTEST_KEY feature is disabled + // 2. STRONGBOX is enabled + // 3. The device is running one of the chipsets that have received a waiver + // allowing it to be launched with Android S (or later) with Keymaster 4.0 + // in StrongBox + void check_skip_test(void) const { + if (is_attest_key_feature_disabled() && is_strongbox_enabled() && + is_chipset_allowed_km4_strongbox()) { + GTEST_SKIP() << "Test is not applicable"; + } + } }; /* |