Merge "AesInvalidKeySize skip 192 on SB devices" into stage-aosp-sc-ts-dev

author: Max Bires <jbires@google.com> 2021-09-10 17:38:04 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2021-09-10 17:38:04 +0000
commit: 89ec9c60e81e15a41308952b55c03656197b51b6 (patch)
tree: bba89ea38f4b8a7cf23971eb9b38aec84c65c611
parent: 11860f29846accb3e44f5a93eca964d7239261b4 (diff)
parent: 3c2da9d21bc216166a73158c8b1690d3ab6ac114 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 476eed8b19..77b9f47d42 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -940,7 +940,13 @@ TEST_P(NewKeyGenerationTest, HmacDigestNone) {
  * UNSUPPORTED_KEY_SIZE.
  */
 TEST_P(NewKeyGenerationTest, AesInvalidKeySize) {
+    int32_t firstApiLevel = property_get_int32("ro.board.first_api_level", 0);
     for (auto key_size : InvalidKeySizes(Algorithm::AES)) {
+        // The HAL specification was only clarified to exclude AES-192 for StrongBox in Android S,
+        // so allow devices that launched on earlier implementations to skip this check.
+        if (key_size == 192 && SecLevel() == SecurityLevel::STRONGBOX && firstApiLevel < 31) {
+            continue;
+        }
         ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
                   GenerateKey(AuthorizationSetBuilder()
                                       .Authorization(TAG_NO_AUTH_REQUIRED)
author	Max Bires <jbires@google.com>	2021-09-10 17:38:04 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2021-09-10 17:38:04 +0000
commit	89ec9c60e81e15a41308952b55c03656197b51b6 (patch)
tree	bba89ea38f4b8a7cf23971eb9b38aec84c65c611
parent	11860f29846accb3e44f5a93eca964d7239261b4 (diff)
parent	3c2da9d21bc216166a73158c8b1690d3ab6ac114 (diff)