diff options
| author | Hasini Gunasinghe <hasinitg@google.com> | 2023-06-28 20:29:22 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-28 01:49:46 +0000 |
| commit | fc052bdef787dfaa73eef2eb89372c6ca8caee84 (patch) | |
| tree | 729b1c52baccd5745896d501044868814f2248e1 | |
| parent | 24b06465ad5445b0f760e25c9ef504074eab3047 (diff) | |
| download | wycheproof-fc052bdef787dfaa73eef2eb89372c6ca8caee84.tar.gz | |
Add checks depending on whether the test is targetting strongbox or not
There may be devices which run Keymint in TEE but Keymaster 4.0 in
Strongbox. Any test that sets the MGF digest to use anything other than
SHA-1 should be skipped for Keymaster implementations. The devices
that have different implementations in TEE and Strongbox need the check
added in this CL.
Bug: 288159720
Test: Should be tested on a device with aforementioend configuration.
(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:f25f780262a441e5513125585e97aee5cccc124f)
Merged-In: I4c415ed995a4a3203c9f1aa15a7cdc2cd9b465cb
Change-Id: I4c415ed995a4a3203c9f1aa15a7cdc2cd9b465cb
| -rw-r--r-- | keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java | 6 | ||||
| -rw-r--r-- | keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java | 6 |
2 files changed, 8 insertions, 4 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java index ea5d91b..14020e0 100644 --- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java +++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java @@ -91,7 +91,11 @@ public class KeyStoreUtil { } } - public static int getFeatureVersionKeystore() { + public static int getFeatureVersionKeystore(boolean isStrongBox) { + if (isStrongBox) { + return TestUtils.getFeatureVersionKeystoreStrongBox( + ApplicationProvider.getApplicationContext()); + } return TestUtils.getFeatureVersionKeystore(ApplicationProvider.getApplicationContext()); } diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java index 5eb47e5..29f8905 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java @@ -192,14 +192,14 @@ public class RsaOaepTest { } protected static OAEPParameterSpec getOaepParameters(JsonObject group, - JsonObject test) throws Exception { + JsonObject test, boolean isStrongBox) throws Exception { String sha = getString(group, "sha"); String mgf = getString(group, "mgf"); String mgfSha = getString(group, "mgfSha"); // mgfDigest other than SHA-1 are supported from KeyMint V1 and above. if (!mgfSha.equalsIgnoreCase("SHA-1")) { assumeTrue("This test is valid for KeyMint version 1 and above.", - KeyStoreUtil.getFeatureVersionKeystore() >= KeyStoreUtil.KM_VERSION_KEYMINT_1); + KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_1); } PSource p = PSource.PSpecified.DEFAULT; if (test.has("label") && !TextUtils.isEmpty(getString(test, "label"))) { @@ -305,7 +305,7 @@ public class RsaOaepTest { String messageHex = TestUtil.bytesToHex(getBytes(testcase, "msg")); OAEPParameterSpec params; try { - params = getOaepParameters(group, testcase); + params = getOaepParameters(group, testcase, isStrongBox); } catch (UnsupportedKeyParametersException e) { // TODO This try catch block should be removed once issue b/229183581 is fixed. continue; |