Add a test that creates an EC key by
using key-bits (rather than curve-id),
and check that the attestation message
corresponds to key characteristics.
Bug: 122375834
Bug: 119542230
Test: VTS passes
Change-Id: Iad6ff2ca90a951124940943f2484f9fb9f813a19
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.
Test: Patches the strongbox tests
Bug: 112189538
Bug: 119172331
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
(cherry picked from commit 88a376b0a0)
The underlying array may be cleaned up once its lifetime has ended,
the initializer_list would become ill-formed. Return as std::vector
instead.
This fixes "-Wreturn-stack-address" (clang) / "-Winit-list-lifetime"
(gcc) warning.
Test: mma
Bug: 111998531
Change-Id: Ie5bb6bc3d0d7689744fd573c5683b22e6fb6b178
Since Confirmation UI is optional for Strongbox
implementation, skipping the test.
Bug: 112189538
Test: This is an update to the vts test
Change-Id: Ie3485a1de92444b0c49670b198de30ea25e0673e
Signed-off-by: Max Bires <jbires@google.com>
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test. This CL
reverts that portion of the change.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Merged-In: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
(cherry picked from commit 0dba888612)
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Merged-In: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
(cherry picked from commit 4e006c2b92)
Strongbox is not required to support SHA-2 digests,
so skip the related tests.
Bug: 109771020
Merged-In: I5f877b2a1ac66026a876e145416ba078d486e4b5
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
(cherry picked from commit 8cec80be1f)
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Test: yes it is
Merged-In: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
(cherry picked from commit 7b75f015a7)
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.
Test: Patches the strongbox tests
Bug: 112189538
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test. This CL
reverts that portion of the change.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Bug: 80246122
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Bug: 80246122
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Strongbox is not required to support SHA-2 digests,
so skip the related tests.
Bug: 109771020
Bug: 80246122
Test: This is the test
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Bug: 80246122
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().
The patch is provided by vink.shen@mediatek.corp-partner.google.com
Bug: 109708231
Test: build pass
Merged-In: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
(cherry picked from commit 79db3ec849)
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.
Also amend tests to use Update().
Test: Yes it is
Bug: 74519020
Merged-In: Ibec9c3398671f81dbc0ecf78e554726276160579
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
(cherry picked from commit 3a7e2cade3)
The key sharing test modified the seed in an invalid way.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I0b2ac90397a3f23258ebd4dddc5f6043af7b1600
The golden test keys didn't include TAG_NO_AUTH_REQUIRED, which causes
them to be rejected by strictly compliant implementations.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5157537e5407618ddc37debf00486977abb00f99
The TripleDes tests failed to set TAG_NO_AUTH_REQUIRED, which causes
operations to be rejected by strictly compliant implementations.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I25cd5ec0ccede2b148f5da4566b8e1e20e8edbde
Only DES3 is supported (168-bit), so remove
tests for 112-bit DES.
Also replace the RSA public exponent 3, with
65537 in most tests so that RSA key generation
is faster.
Change-Id: I9958df81fe46d752d82072dc6c7effa34b2921a8
This CL merely duplicates all of the Keymaster V3.0 functionality and
VTS tests, and provides a pure software implementation of the 4.0 HAL,
which passes the VTS tests. Future CLs will remove some cruft and
unused features, then add new features and accompanying tests.
Note that the reason that this is V4.0 rather than V3.1 is because V4.0
will not be fully backward compatible with V3.0. Specifically, V4.0
will allow for "StrongBox" implementations, which will only provide a
subset of Keymaster functionality. StrongBox versions of Keymaster will
be implemented in discrete, special-purpose hardware which will
generally be much less powerful (slower, less RAM, etc.) than is needed
to support a full Keymaster implementation.
So, while the V4.0 interface will be a strict superset of the V3.0
interface, which could normally be best implemented as an extension, it
will allow StrongBox implementations which are unable to pass the V3.0
test suite, which means that it will not be true that a V4.0
impementation IS-A V3.0 implementation, as would be expected of a V3.1
implementation. The V4.0 test suite will distinguish between StrongBox
and non-StrongBox implementations and enforce appropriately-reduced
requirements on the former.
In addition to the duplication, 4.0 also cleans up some cruft from 3.0:
- Removes tags and types which were in previous versions but never
used;
- Removes support for wrapping pre-Treble keymaster HALs with KM4,
since they'll only be wrapped by the default KM3 implementation;
- Renames the ROLLBACK_RESISTANT tag to ROLLBACK_RESISTANCE and
defines new semantics for it;
- Changes auth token handling to use the HardwareAuthToken struct
passed in as an explicit argument to the relevant methods,
rather than an opaque byte vector provided as a KeyParameter;
- Updates the VTS tests to use a gtest "environment" for better
integration with VTS test infrastructure;
- Adds a test for upgradeKey.
- Makes comment formatting more consistent, including using the
correct two-space typographical convention to separate sentences.
Bug: 63931634
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I3f01a4991beaa5c4332f72c91e8878a3bf0dec67
