Commit graph

880 commits

Author SHA1 Message Date
Alice Wang
e537902a03 Merge "Make android.hardware.security.rkp-rust available for virt apex" into main am: 01fc1b7279
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2727795

Change-Id: Ida99a60bf01d57ea1853f8b2c72746805ee20c7c
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-06 08:04:00 +00:00
Alice Wang
01fc1b7279 Merge "Make android.hardware.security.rkp-rust available for virt apex" into main 2023-09-06 07:36:55 +00:00
David Drysdale
d8fecae7a1 Merge "Summarize security HALs" into main am: 06717b5ec2
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2727975

Change-Id: Ib3aa50a0fe48d6ec148f027bdcdbdcb0abe019e5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-06 06:29:31 +00:00
David Drysdale
06717b5ec2 Merge "Summarize security HALs" into main 2023-09-06 06:04:26 +00:00
Istvan Nador
6d3ce4954e Enable the keymaster logger in the default Keymint am: 8f28f8b8ea
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2738433

Change-Id: I4ed1aad6a176685e53492e5f8eaaac98c4975e95
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-05 16:10:25 +00:00
Istvan Nador
8f28f8b8ea Enable the keymaster logger in the default Keymint
This solution was adopted from Cuttlefish's host side Keymint
implementation: I22bde00aed311c6774f83acc08a2c21e6e75141f.

Bug: 296983430
Test: Tested with Cuttlefish that the logs are present in logcat.
Change-Id: I942b0200bb164a2a865b255c6f26d628cbd345a4
2023-09-04 12:05:58 +00:00
David Drysdale
1d5b2daffe Summarize security HALs
Test: nope
Change-Id: Ie222c457a7637aa41bafbdb6c875624fbb82a397
2023-09-04 13:04:45 +01:00
Treehugger Robot
76c929f01e Merge "Move CDDL into separate CDDL files" into main am: f9e524c5b1
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2727995

Change-Id: Iedd1e8b48ba470d4c16d4306e0f9dc05008b25d7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-01 23:08:44 +00:00
Treehugger Robot
f9e524c5b1 Merge "Move CDDL into separate CDDL files" into main 2023-09-01 22:20:54 +00:00
Andrew Scull
f8d5b437b1 Merge "Test the format of patch level device info" into main am: 92bd93934a
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2736075

Change-Id: I0901620654d311c76880dd3856ef55bf7ae17cea
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-09-01 21:28:37 +00:00
Paul Crowley
6aae9b6432 Move CDDL into separate CDDL files
Move CDDL out of comments and into files, per-method
generateCertificateRequest.cddl
generateCertificateRequestV2.cddl

This makes it easier to read and it means tools can parse it.

Test: Treehugger
Change-Id: I9b71b094d128a5a4566a4d352aaa11d1c9b595ff
2023-09-01 19:27:57 +00:00
Andrew Scull
e780dbf0d0 Test the format of patch level device info
On top of checking that the patch level are a UINT, also check that they
follow the YYYYMM or YYYYMMDD format in the CSR v3 as is required by the
server validation logic. This check is not applied in the factory as the
value might not yet be correctly provisioned.

Bug: 269813991
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I5c62ba176dae390ea0a387bba6cb975226e3873a
2023-09-01 17:42:31 +00:00
Tri Vo
075ff6faf0 Merge "keymint: Clarify usage of certificate tags with importWrappedKey" into main am: d284817690
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2693003

Change-Id: Iea46167531e74c6eaffc663adeeb32ffcc4ccb19
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-08-30 16:03:20 +00:00
Tri Vo
d284817690 Merge "keymint: Clarify usage of certificate tags with importWrappedKey" into main 2023-08-30 15:12:13 +00:00
Xin Li
879960bdce Merge Android U (ab/10368041)
Bug: 291102124
Merged-In: I7b6fffac2ada0e039f79bad8cc9b4d954e9c3460
Change-Id: I9466127d8d0fa38df36ca99f704853b2db871e67
2023-08-25 13:29:30 -07:00
Treehugger Robot
7bed173e4c Merge "Only require RKP on T+ chipsets" into main 2023-08-25 19:08:06 +00:00
Seth Moore
8be875e0d0 Only require RKP on T+ chipsets
It turns out we had a bug (b/263844771) in how RKP support was
detected, and that was fixed. However, due to this bug, some S chipests
shipped without RKP support which is now required by the tests.

This change drops the RKP requirement from S chipsets. There should be
no new S chipsets, so this effectively grandfathers in the previous
ones that were skipped by the RKP VTS tests.

T+ tests (both VTS and other suites) will verify that RKP support is
there, so there is no gap introduced by this change.

Bug: 297139913
Test: VtsAidlKeyMintTargetTest
Change-Id: I387e5f058ada698747aac103c1745682291f2d1c
2023-08-25 11:13:41 -07:00
Alice Wang
d6281e7d82 Make android.hardware.security.rkp-rust available for virt apex
Bug: 274881098
Test: atest MicrodroidHostTests
Change-Id: I5791bc8f0aa4dd5938871edb8b67f4d0d1ee2599
2023-08-25 12:06:08 +00:00
Treehugger Robot
ee6590ef2d Merge "Fix typo in CDDL" into main 2023-08-25 09:52:42 +00:00
David Drysdale
41bbc573f7 Merge "KeyMint: fix auth test HAT" into main 2023-08-25 09:45:42 +00:00
Alan Stokes
5004b8b5ae Fix typo in CDDL
Test: N/A
Change-Id: Iba25acb24306d36c97be07987857237363654bb5
2023-08-25 09:34:35 +01:00
David Drysdale
97272d8d5f KeyMint: fix auth test HAT
The test case for an auth-per-operation HAT with an invalid HMAC
is wrong -- it is re-using the previous HAT, which fails for a
different reason (has an old challenge).

Fix the test to use the HAT that's wrong in the intended way.

Bug: 297333975
Test: VtsAidlKeyMintTargetTest
Change-Id: I15fe9b0c1b53452df0f67dd44534fdb80a6c2a9c
2023-08-25 07:30:12 +01:00
Tomasz Wasilczyk
5c8abe9cc2 Use String8/16 c_str [security]
Bug: 295394788
Test: make checkbuild
Change-Id: I4dd1a43c314af087c4f8ecad3570613ed841589c
2023-08-23 18:51:57 +00:00
Tri Vo
77f4bced2e keymint: Clarify usage of certificate tags with importWrappedKey
Bug: 292534977
Test: atest android.keystore.cts.ImportWrappedKeyTest
Change-Id: I2cb65bc27e4f6b64c331bae4e4a8242ff1d91e43
2023-08-18 14:54:20 -04:00
Andrew Scull
2332583ad1 Reference definition of the Android Profile for DICE
Remove the inline definition of the Android Profile for DICE and instead
reference the definition that exists alongside the Open Profile for DICE
and is now the source of truth for the profile.

Test: n/a
Change-Id: Ia71a674234be13542ad0ce4db0b764e8ee0c7a62
2023-08-18 12:39:39 +00:00
David Drysdale
ae8c281824 Merge "KeyMint: allow extra error code" into main 2023-08-16 10:20:21 +00:00
Treehugger Robot
a2441d9090 Merge "Add VSR annotation to KeyMint tests" into main 2023-08-15 14:17:24 +00:00
Treehugger Robot
1452142a46 Merge "Whenever generateKey fails updated AttestKeyTests to abort instead of continuing the execution of the test." into main 2023-08-15 11:30:45 +00:00
David Drysdale
84b685adf5 KeyMint: allow extra error code
Bug: 295055603
Test: VtsAidlKeyMintTargetTest
Change-Id: Ifbd4a899364c38bb6ad63bb5b5a683c69edfb5b7
2023-08-11 16:00:32 +01:00
Treehugger Robot
d99d7730b8 Merge "Update the TimeoutAuthenticationMultiSid test" into main 2023-08-09 14:25:05 +00:00
Subrahmanya Manikanta Venkateswarlu Bhamidipati Kameswara Sri
07c7d28a84 Update the TimeoutAuthenticationMultiSid test
Update TimeoutAuthenticationMultiSid test to support
generateKey for Strongbox implementations without
factory attestation.

Bug: 293211157
Test: run vts -m VtsAidlKeyMintTarget
Change-Id: I27bf08d2fd2d9e0217a90ee8ccb789adfd9d5f7f
2023-08-08 22:33:37 +00:00
David Drysdale
0215cb3d3e KeyMint: use a smaller invalid IMEI value
The invalid value used for the second IMEI attestation test is
potentially wrong in two ways:
- It doesn't match the provisioned value.
- It's not a valid IMEI, not least because it is longer than 16 bytes.

Make the test value shorter so the second failure doesn't apply and
the test can reliably expect CANNOT_ATTEST_IDS.

Bug: 292959871
Test: VtsAidlKeyMintTargetTest
Change-Id: If8c6b9e08b48e6caf5c767578e1ac43964214619
2023-08-07 11:53:46 +01:00
Eran Messeri
5fe06ea215 Add VSR annotation to KeyMint tests
Add VSR annotations for the KeyMint v2 and KeyMint v3 requirements.

Bug: 251242992
Test: N/a
Change-Id: I0cf5eff86fe18df6f567b30d697af01bc8cdbb4e
2023-08-02 22:34:24 +01:00
Rajesh Nyamagoud
45b478f32e Whenever generateKey fails updated AttestKeyTests to abort instead of
continuing the execution of the test.

If generateKey fails and execution continues then it leads to issues
while verifying the attest records and causing the crash.

Test: atest VtsAidlKeyMintTargetTest
Bug: 292300030
Change-Id: I66bd650423e9e5bbbfe8411a1455c4ea5846f1ff
2023-07-26 04:49:36 +00:00
Max Bires
fe9355f3c6 Merge "Slight documentation tweak" into main 2023-07-19 20:52:56 +00:00
Max Bires
5c0f7234b6 Slight documentation tweak
Specify that DICE-based RKP implementations may also allow a ROM
extension to manage the UDS public key.

Test: The words are semantically parseable
Change-Id: I8f9c6efb01fc76318220cf1bc4a0eb3a3ad42f87
2023-07-18 20:26:33 -07:00
Treehugger Robot
03b140d2fb Merge "Enabled attest-id tests to run on GSI builds as well." into main 2023-07-18 16:39:32 +00:00
Rajesh Nyamagoud
c41ed964f0 Enabled attest-id tests to run on GSI builds as well.
Removed the check to skip the attest-id tests on GSI, modified the
attest-id tests to support this.

Bug: 290643623
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Id79d7fb4c70ed94ed76bc57f3d66ce47e9b67b48
2023-07-12 00:12:38 +00:00
David Drysdale
c68dc93788 Allow extra ID attestation error codes
When deliberately testing invalid ID attestation, use the helper
function (which checks the error return code is correct) in one more
place.

Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I6ea5bd7ee19b3b172330117bfde1b16745debba7
2023-07-06 10:23:55 +01:00
David Drysdale
82f86a1d4b Merge "Fix attestation error checks" 2023-07-05 05:20:29 +00:00
David Drysdale
c3de1caf43 Skip ATTEST_KEY using variant on waivered devices
Bug: 281452355
Bug: 289451966
Test: VtsAidlKeyMintTargetTest
Change-Id: Id448edae88569518deb2db4ab7bf50d16f33709a
2023-07-04 13:23:04 +01:00
David Drysdale
810fbcffed Fix attestation error checks
Avoid the ADD_FAILURE at the end if attestion ID failure uses an allowed
return code.

Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I0dcac312ac4516a078b2742721e3a19074da52b1
2023-07-04 13:14:12 +01:00
Treehugger Robot
2e46e91864 Merge "Validating key characteristics of generated/imported keys." 2023-06-29 17:34:26 +00:00
Eran Messeri
4a7c3810fc Merge "Update default KeyMint version to 3" 2023-06-29 16:37:48 +00:00
Rajesh Nyamagoud
7b9ae3c485 Validating key characteristics of generated/imported keys.
Updated VTS tests to verify mgf-digests in key characteristics of
RSA-OAEP keys. Added new tests to import RSA-OAEP keys with
mgf-digests and verified imported key characteristics.

Bug: 279721313
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I06474a85c9e77fded264031ff5636f2c35bee6b4
2023-06-26 18:40:53 +00:00
Treehugger Robot
efb4b9397a Merge "Check for MGF1 digests in key characteristics." 2023-06-26 17:22:09 +00:00
David Drysdale
5f7d0654be Merge "Allow extra error code in device ID attestation" am: 1d7447e5d3 am: 013030d9a4 am: 36a30021e6
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2627969

Change-Id: I7b6fffac2ada0e039f79bad8cc9b4d954e9c3460
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-06-22 08:08:43 +00:00
David Drysdale
1d7447e5d3 Merge "Allow extra error code in device ID attestation" 2023-06-22 05:58:57 +00:00
Eran Messeri
8417708fe4 Update default KeyMint version to 3
Update the default KeyMint version to v3.
Note this affects the pure software implementation of KeyMint that is
not used for anything that tests currently run against.

Bug: 275982952
Test: m (that it builds)
Change-Id: I6ab10329af590bd2a045710dfff47c6e78740464
2023-06-21 16:11:25 +01:00
David Drysdale
f42238c99f Allow extra error code in device ID attestation
Generalize the existing helper function to allow more variants.

Remove a couple of pointless invocations of the existing helper.

Bug: 286733800
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic01c53cbe79f55c2d403a66acbfd04029395c287
2023-06-15 09:43:18 +01:00