Skip known keystore CTS failures on vendor code before T
We made some tests more strict in T, and T vendor bits are expected to
comply. However, we cannot impose these restrictions if the vendor code
is at a lower version, but the system image is T+. Add a special
carve-out for these failures and let them pass.
Test: android.keystore.cts.StrongboxAES128CBCNoPaddingCipherTest
Bug: 232442633
Change-Id: I2722f68a0bb7aeaf921f4d0d40e98db9960736bf
diff --git a/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java b/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java
index 076696d..be2ecc5 100644
--- a/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java
+++ b/tests/tests/keystore/src/android/keystore/cts/BlockCipherTestBase.java
@@ -27,6 +27,8 @@
import android.keystore.cts.util.EmptyArray;
import android.keystore.cts.util.TestUtils;
+import android.os.Build;
+import android.os.SystemProperties;
import android.security.keystore.KeyProperties;
import android.security.keystore.KeyProtection;
@@ -34,8 +36,12 @@
import junit.framework.AssertionFailedError;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
import java.io.ByteArrayOutputStream;
-import java.nio.Buffer;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
@@ -62,11 +68,6 @@
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
@RunWith(AndroidJUnit4.class)
abstract class BlockCipherTestBase {
@@ -724,6 +725,11 @@
assertEquals(getBlockSize(), output.length);
} catch (NullPointerException e) {
if (isStrongbox() && output == null) {
+ if (Build.VERSION_CODES.TIRAMISU
+ > SystemProperties.getInt("ro.vendor.api_level", 0)) {
+ // Known broken on some older vendor implementations.
+ return;
+ }
fail("b/194134359");
}
throw e;
@@ -838,17 +844,26 @@
byte[] output = update(new byte[] {plaintext[plaintextIndex]});
if ((plaintextIndex % blockSize) == blockSize - 1) {
String additionalInformation = "";
+ boolean compareOutput = true;
if (isStrongbox() && output == null) {
- additionalInformation = " (b/194134359)";
+ // This is known to be broken on older vendor implementations.
+ if (Build.VERSION_CODES.TIRAMISU
+ > SystemProperties.getInt("ro.vendor.api_level", 0)) {
+ compareOutput = false;
+ } else {
+ additionalInformation = " (b/194134359)";
+ }
}
- // Cipher.update is expected to have output a new block
- assertArrayEquals(
- "plaintext index: " + plaintextIndex + additionalInformation,
- subarray(
- expectedCiphertext,
- ciphertextIndex,
- ciphertextIndex + blockSize),
- output);
+ if (compareOutput) {
+ // Cipher.update is expected to have output a new block
+ assertArrayEquals(
+ "plaintext index: " + plaintextIndex + additionalInformation,
+ subarray(
+ expectedCiphertext,
+ ciphertextIndex,
+ ciphertextIndex + blockSize),
+ output);
+ }
} else {
// Cipher.update is expected to have produced no output
assertArrayEquals("plaintext index: " + plaintextIndex, null, output);
@@ -930,13 +945,23 @@
if (outputExpected) {
String additionalInformation = "";
+ boolean compareOutput = true;
if (isStrongbox()) {
- additionalInformation = " (b/194134040)";
+ // This is known to be broken on older vendor implementations.
+ if (Build.VERSION_CODES.TIRAMISU
+ > SystemProperties.getInt("ro.vendor.api_level", 0)) {
+ compareOutput = false;
+ } else {
+ additionalInformation = " (b/194134040)";
+ }
}
- assertArrayEquals(
- "ciphertext index: " + ciphertextIndex + additionalInformation,
- subarray(expectedPlaintext, plaintextIndex, plaintextIndex + blockSize),
- output);
+ if (compareOutput) {
+ assertArrayEquals(
+ "ciphertext index: " + ciphertextIndex + additionalInformation,
+ subarray(expectedPlaintext, plaintextIndex,
+ plaintextIndex + blockSize),
+ output);
+ }
} else {
assertEquals("ciphertext index: " + ciphertextIndex, null, output);
}