Add VTS tests that just exercise a single role, sink or source.
Use the AuthGraph core library to provide the implementation of the
other role. This means that the tests are best written in Rust.
Put the test code into a library, so that other HALs which include
AuthGraph as a component can exercise the AuthGraph parts in their own
VTS tests.
Test: VtsAidlAuthGraphRoleTest
Bug: 284470121
Change-Id: I73f6aa277b41cc728587d707d7a6f82f0d18e08f
Use the core library's new service implementation, which wraps a
channel to the TA.
In this nonsecure case, the TA is local in-process, so use the core
library's AuthGraphTa, and implement the SerializedChannel as just
a direct invocation of the TA.
Move this code into a _nonsecure library, so the main.rs just has
the code needed to start the executable and register the service.
Test: VtsAidlAuthGraphSessionTest
Bug: 284470121
Change-Id: I738d3876872a8cd248f0ebec708676d1173b6e37
The authgraph_hal library should only depend on libauthgraph_wire, not
on libauthgraph_core, so adjust error processing accordingly.
Test: VtsAidlAuthGraphSessionTest
Bug: 284470121
Change-Id: I48056db6ceeab409d0f165f8e051809129643c6f
KeyMint should be able to handle challenges up to 128 bytes.
Document this (and the expected error code) in Tag.aidl.
Bug: 307714384
Test: m
Change-Id: Id099dd055c81b10d777effdf364395f84d8b35c6
Add an implementation for the AuthGraph key exchange HAL, to allow
testing and policy compliance.
In real use, IAuthGraphKeyExchange instances are expected to be
retrieved from some other HAL, allowing the AuthGraph instance to be
specifically correlated with the component that uses it.
Bug: 284470121
Bug: 291228560
Test: hal_implementation_test
Test: VtsAidlAuthGraphSessionTest
Change-Id: Ib064292d60bead663af7721fd1406f2a9b5d8ecd
Introduce the AIDL methods for key exchange and the CDDLs for
the relevant input/output types that are CBOR encoded.
Use a standard comment format in CDDL files to indicate where additional
structure definitions can be found, in the hope that one day tooling
will be available to automatically check schema syntax.
Add authgraph to compatibility matrix
This CL merges the CLs: aosp/2750484, aosp/2750485, aosp/2750486 by
drysdale@google.com
Co-authored-by: David Drysdale <drysdale@google.com>
Bug: 284470121
Test: validate schemas with https://cddl.anweiss.tech/
Test: VtsAidlAuthGraphSessionTest (with nonsecure default impl)
Change-Id: I2793666ede028f8abe91569587c09dcac21c67e0
Since there were no VTS test to strictly check RSA_OAEP_MGF_DIGEST,
there are released devices with Keymint which do not include this tag in
key characteristics, hence these test fails on such Keymint and UDC
Android framework.
Hence version check is added before asserting MGF digest checks.
Bug: 297306437
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I43054f8dbbd46de53deef5e6771c736e770280e0
Negative test cases should not expect UNKNOWN_ERROR from Keymint since
the exact cause of failure is known.
In general, we should avoid UNKNOWN_ERROR because it makes error
attribution difficult.
To avoid adding retroactive requirements KM implementation, relax the
check to expect any error.
Bug: 298194325
Test: VtsAidlKeyMintTargetTest
Change-Id: I136fb6d36ae92c9e3722ffefe9a067d3515dcbf9
std::unique consolidates the unique nonces at the start of the `nonces`
vector, but it doesn't modify nonces.size(), so these tests weren't
actually verifying that the nonces were unique. Add a vector::erase
call to shrink the vector.
After upgrading libc++, std::unique is [[nodiscard]] and this bug is
a compiler error.
Bug: 175635923
Test: treehugger
Test: m VtsAidlSharedSecretTargetTest VtsHalKeymasterV4_0TargetTest
Change-Id: I7fd8c40a3920bf3a8988c8065503c78ba36dc742
Check the VSR of the device to select the DICE validation rules that
will be appropriate to use for VTS.
Test: TH
Change-Id: Iff19debd1e442a0b318da1a4d8a08d470efba0ae
The original change to add this test didn't make it into the Android 13
version of the VTS test, so the version gate needs to be updated to be
v3+
Bug: 292318194
Test: VtsAidlKeyMintTargetTest --gtest_filter="*EcdsaMissingCurve*"
Change-Id: I94bf816688e57c7c04893a23cf0399129de94229
Allow for devices that claim to need external timestamps, but don't.
Test: VtsAidlKeyMintTargetTest
Bug: 300211206
Change-Id: Ie450d9969c337d5274502f3600e14c0b481e8b34
Extract CDDL from MacedPublicKey.aidl and DeviceInfo.aidl.
Make -70000 optional in `PublicKey`.
Make CDDL compliant with RFC8610:
- Move `bstr` contents for generated data (e.g. `ECDSA(..)`) to comments.
- Fix alternatives in CBOR-encoded bstr instances.
Add more RFC references and unify reference style.
Try to use a standard format to indicate that external files are needed
for the complete CDDL schema. (Hopefully in the future we might have
tooling that uses these to check the schemas.)
Test: Compile with docs.rs/cddl-cat and https://cddl.anweiss.tech/
Change-Id: Ie1d6c39f1cc0314e312df9205b570b89178ebd16
Earlier, attestation properties didn't match on GSI images, hence
EcdsaAttestationIdTags VTS test case was skipped on GSI images.
Recently attestation properties reading priority changed as
ro.product.*_for_attestation -> ro.product.vendor.* -> ro.product.*
that means on GSI images ro.product.vendor.* properties could be used
and hence attestation should work. Incase ro.product.vendor.* properties
are not same as provisioned values to KM. They should be set as
ro.product.*_for_attestation on base build.
Bug: 298586194
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/0_android_hardware_security_keymint_IKeyMintDevice_default
Change-Id: Ie945bd8f7060e0e768daf9681d121ea5f170a6e1
This solution was adopted from Cuttlefish's host side Keymint
implementation: I22bde00aed311c6774f83acc08a2c21e6e75141f.
Bug: 296983430
Test: Tested with Cuttlefish that the logs are present in logcat.
Change-Id: I942b0200bb164a2a865b255c6f26d628cbd345a4
Move CDDL out of comments and into files, per-method
generateCertificateRequest.cddl
generateCertificateRequestV2.cddl
This makes it easier to read and it means tools can parse it.
Test: Treehugger
Change-Id: I9b71b094d128a5a4566a4d352aaa11d1c9b595ff
On top of checking that the patch level are a UINT, also check that they
follow the YYYYMM or YYYYMMDD format in the CSR v3 as is required by the
server validation logic. This check is not applied in the factory as the
value might not yet be correctly provisioned.
Bug: 269813991
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I5c62ba176dae390ea0a387bba6cb975226e3873a
