Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.
Test: N/A
Bug: 78104779
Merged-In: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
(cherry picked from commit ae8da1b70a)
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.
Test: Patches the strongbox tests
Bug: 112189538
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test. This CL
reverts that portion of the change.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Bug: 80246122
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Bug: 80246122
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Strongbox is not required to support SHA-2 digests,
so skip the related tests.
Bug: 109771020
Bug: 80246122
Test: This is the test
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Bug: 80246122
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().
The patch is provided by vink.shen@mediatek.corp-partner.google.com
Bug: 109708231
Test: build pass
Merged-In: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
(cherry picked from commit 79db3ec849)
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.
Also amend tests to use Update().
Test: Yes it is
Bug: 74519020
Merged-In: Ibec9c3398671f81dbc0ecf78e554726276160579
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
(cherry picked from commit 3a7e2cade3)
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.
Test: N/A
Bug: 78104779
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
This KM4 key agreement check is causing some pain on early units
that aren't completely provisioned in both locked and non-Green
(unlocked) states.
This doesn't impact KM3 devices (Pixel 2016/2017 etc.)
Bug: 110301629
Change-Id: I5a737ac8a335863b1099c29cf3c0496adeb41e15
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.
Also amend tests to use Update().
Test: Yes it is
Bug: 74519020
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().
The patch is provided by vink.shen@mediatek.corp-partner.google.com
Bug: 109708231
Test: build pass
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Gramatical and punctuation corrections; addition of missing
userSecureId to AuthorizationList schema and removal of extraneous
rollbackResistant from same; correction of OS_PATCHLEVEL source
property; and addition of missing TAG_UNLOCKED_DEVICE_REQUIRED
documentation.
Bug: 69550260
Test: N/A
Change-Id: I04092b7df3af69201ba1467cddc09f6f44e861a8
Bug: 80102279
Bug: 80251973
Test: N/A; this keymaster exists only for policy compliance. It's never used.
Change-Id: I45f0eefd9abdd02f6774aa52f238040510c5d62c
This had to be disabled because Qualcomm's keymaster4 returned a bad
value.
Bug: 77588764
Bug: 79698245
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ieb150d7f17c36f01acf2eeb665792594251b51ae
To make it easier for clients (vold & keystore) to perform key
agreement, this CL adds a service method that does it. To make key
agreement consistent, this method sorts the HMAC sharing parameters
lexicographically. The requirement for sorting is documented in the
HAL.
Test: Boot device
Bug: 79307225
Bug: 78766190
Change-Id: Idb224f27f8e4426281d9a0105605ba22bf7c7e95
The key sharing test modified the seed in an invalid way.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I0b2ac90397a3f23258ebd4dddc5f6043af7b1600
The golden test keys didn't include TAG_NO_AUTH_REQUIRED, which causes
them to be rejected by strictly compliant implementations.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5157537e5407618ddc37debf00486977abb00f99
The TripleDes tests failed to set TAG_NO_AUTH_REQUIRED, which causes
operations to be rejected by strictly compliant implementations.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I25cd5ec0ccede2b148f5da4566b8e1e20e8edbde
Bug: 38430282
Test: VtsHalKeymasterV3_0TargetTest pass with exception
of (AesEcbWithUserId, RsaAttestation, EcAttestation)
which are expected failures.
Change-Id: I48e7195f512190deb608f1a69783c92254eef1aa
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Merged-In: Id19d19b19532ac8d4c52aad46a954faa4515289d
Change-Id: Id19d19b19532ac8d4c52aad46a954faa4515289d
(cherry picked from commit 1840be6d35)
Only DES3 is supported (168-bit), so remove
tests for 112-bit DES.
Also replace the RSA public exponent 3, with
65537 in most tests so that RSA key generation
is faster.
Change-Id: I9958df81fe46d752d82072dc6c7effa34b2921a8
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit 95b60a0f41.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: I2893c23ab173ff5c39085d56b555e54770900cbc
Keymaster clients need to see all the available devices and figure out
which they want to use. This method finds them all and returns them
in a vector sorted from most secure to least, according to a heuristic
defined in Keymaster::VersionResult::operator<
This CL also makes a few other minor improvements to the support
library, providing more information in VersionResult and adding some
more convenience methods in AuthorizationSetBuilder.
Test: Build & boot
Change-Id: I876238ee9ff72573c30d60e1cec665dd610bcde6
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: go/asym-write-test-plan
Bug: 67752510
Change-Id: I466dfad3e2e515c43e68f08e0ec6163e0e86b933
