This makes sure that when developers add a new version of an interface,
or when interfaces are being frozen, the runtime/buildtime situation of
clients depending on those interfaces remains the same. This is required
for AIDL to continue working at scale.
Bug: 188871598
Test: build
Change-Id: I358c19c91e8b20d47967aa3b26a8aa5dd6a97ab6
This reverts commit eb8b0577e8.
Reason for revert: Broke a different TEE implementation
Bug: 196922051
Change-Id: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
Merged-In: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
Test was producing an invalid set of parameters in a different way than
intended.
Bug: 197222749
Test: VtsAidlKeyMintTargetTest
Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12
Test failed to set default key validity, which caused keygen to fail.
Wasn't noticed because this test is typically disarmed.
Note: This test will destroy all user data on the device (which is
why it is typically disarmed).
Bug: 187105270
Test: VtsAidlKeyMintTargetTest --arm_deleteAllKeys
Change-Id: I67e317fdfca15c95c6420918948d1416e97de482
Merged-In: I67e317fdfca15c95c6420918948d1416e97de482
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.
Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: I1a27a0d61e5247ad90c8f5b1423f2a1567016bac
Explicitly detect empty cert chains returned by GenerateKey rather
than crashing when trying to dereference the first entry.
Bug: 195605180
Test: VtsAidlKeyMintTargetTest
Change-Id: Idad2703b458952ff599c6ccdd04a941aef7aedde
Not all devices have an IRemotelyProvisionedComponent HAL, so on those
devices 0 of the tests in VtsRemotelyProvisionedComponentTests will be
run.
Bug: 194770385
Test: Ran tests on two devices: one with and one without the HAL.
Change-Id: I8624096158f29058189dfab7cd876804ae178e60
Merged-In: I8624096158f29058189dfab7cd876804ae178e60
Not all devices have an IRemotelyProvisionedComponent HAL, so on those
devices 0 of the tests in VtsRemotelyProvisionedComponentTests will be
run.
Fixes: 194770385
Test: Ran tests on two devices: one with and one without the HAL.
Change-Id: I8624096158f29058189dfab7cd876804ae178e60
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.
Bug: 161456198
Test: m
Change-Id: Ibe8beeaf0d1b33968fb782f1f70c17ae9e9bf871
VtsHalRemotelyProvisionedComponentTargetTest was picking up the same
config file (AndroidTest.xml) as VtsAidlKeyMintTargetTest. When atest or
TF was used to run VtsHalRemotelyProvisionedComponentTargetTest, it
actually ran VtsAidlKeyMintTargetTest.
Add a separate test config file so that we run the correct test binary.
Test: atest VtsAidlKeyMintTargetTest
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Bug: 192824779
Change-Id: I7ba0f8d364690209722f9a06c6c0ce2957781beb
Merged-In: I7ba0f8d364690209722f9a06c6c0ce2957781beb
VtsHalRemotelyProvisionedComponentTargetTest was picking up the same
config file (AndroidTest.xml) as VtsAidlKeyMintTargetTest. When atest or
TF was used to run VtsHalRemotelyProvisionedComponentTargetTest, it
actually ran VtsAidlKeyMintTargetTest.
Add a separate test config file so that we run the correct test binary.
Test: atest VtsAidlKeyMintTargetTest
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Fixes: 192824779
Change-Id: I7ba0f8d364690209722f9a06c6c0ce2957781beb
The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be
supported, and if it is not supported it's a noop. Don't expect the tag
to fail with UNSUPPORTED_TAG on devices that don't support it.
Test: VtsAidlKeyMintTargetTest
Bug: 192222727
Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
Merged-In: I2e80ca59151e79f595a65cae94ac966b4ba7020d
The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be
supported, and if it is not supported it's a noop. Don't expect the tag
to fail with UNSUPPORTED_TAG on devices that don't support it.
Test: VtsAidlKeyMintTargetTest
Bug: 192222727
Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
Now that we have the production Google Endpoint Encryption Key, we can
update the tests to use the correct GEEK cert chain where applicable.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: VtsAidlKeyMintTargetTest
Bug: 191301285
Change-Id: I84b557c6bad34741ffe6671fc941d9e266b73241
Merged-In: I84b557c6bad34741ffe6671fc941d9e266b73241
Now that we have the production Google Endpoint Encryption Key, we can
update the tests to use the correct GEEK cert chain where applicable.
Ignore-AOSP-First: No merge path to aosp, will manually merge
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: VtsAidlKeyMintTargetTest
Bug: 191301285
Change-Id: I84b557c6bad34741ffe6671fc941d9e266b73241
Fix the device-unique attestation chain specification: The chain should
have two or three certificates.
In case of two certificates, the device-unique key should be used for
the self-signed root.
In case of three certificates, the device-unique key should be certified
by another key (ideally shared by all StrongBox instances from the same
manufacturer, to ease validation).
Adjust the device-unique attestation tests to accept two or three
certificates in the chain.
Additionally, the current StrongBox KeyMint implementation can not yet
generate fully-valid chains (with matching subjects and issuers), so
relax that check.
Bug: 191361618
Test: m VtsAidlKeyMintTargetTest
Merged-In: I6e6bca33ebb4af67cac8e41a39e9c305d0f1345f
Change-Id: Iebefafe72148c919d10308eff7a19fc1bc40c619
We will use the 'Attestation IDs State' field in DeviceInfo to
determine whether a device is still provisionable or not. Once a
production device has left the factory, certain attestated device ids
should be fixed, and 'Attestation IDs State' should reflect this
by reporting "locked".
Remove stale, duplicated DeviceInfo description from ProtectedData.aidl
Test: None, just a doc change
Bug: 192017485
Change-Id: I4e0a840a8f415b3b410801805a158c46be30ec6a
Merged-In: I4e0a840a8f415b3b410801805a158c46be30ec6a
We will use the 'Attestation IDs State' field in DeviceInfo to
determine whether a device is still provisionable or not. Once a
production device has left the factory, certain attestated device ids
should be fixed, and 'Attestation IDs State' should reflect this
by reporting "locked".
Remove stale, duplicated DeviceInfo description from ProtectedData.aidl
Test: None, just a doc change
Bug: 192017485
Change-Id: I4e0a840a8f415b3b410801805a158c46be30ec6a
Get two test BCCs, then ensure that no repeated keys are found.
Ignore-AOSP-First: No merge path to AOSP, will manually port.
Bug: 192687735
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I48f86e7dfa9ab4bc6303a8d1b64ac7ca6ac76bbf
Now that the aidl compiler supports it, use constants from TagType to
indicate the type of each tag, rather than duplicating the values of
the constants.
Test: atest VtsAidlKeyMintTargetTest
Bug: 183737811
Merged-In: Ie8af1f00d04fa05c59cfc72692caecbcf2fae483
Change-Id: Ie62b6ee8a8ced05a870711073bb3be16931f3d4d
There are two tags that cannot be currently removed but should be
removed in KeyMint V2. Mark them as deprecated and point to the bug
for deletion.
Bug: 183737811
Test: That it compiles.
Change-Id: I98b96cc8c49eb339a998d0abed9216aa57f6b19f
Merged-In: I80ccaedeb777fdb249a8cb021db6628da32d6029
Fix the device-unique attestation chain specification: The chain should
have two or three certificates.
In case of two certificates, the device-unique key should be used for
the self-signed root.
In case of three certificates, the device-unique key should be certified
by another key (ideally shared by all StrongBox instances from the same
manufacturer, to ease validation).
Adjust the device-unique attestation tests to accept two or three
certificates in the chain.
Additionally, the current StrongBox KeyMint implementation can not yet
generate fully-valid chains (with matching subjects and issuers), so
relax that check.
Bug: 191361618
Test: m VtsAidlKeyMintTargetTest
Change-Id: I6e6bca33ebb4af67cac8e41a39e9c305d0f1345f
There are two tags that cannot be currently removed but should be
removed in KeyMint V2. Mark them as deprecated and point to the bug
for deletion.
Bug: 183737811
Test: That it compiles.
Change-Id: I80ccaedeb777fdb249a8cb021db6628da32d6029
Get two test BCCs, then ensure that no repeated keys are found.
Bug: 192687735
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I48f86e7dfa9ab4bc6303a8d1b64ac7ca6ac76bbf
Merged-In: I48f86e7dfa9ab4bc6303a8d1b64ac7ca6ac76bbf
The description should note that keystore-enforced tags are not to be
returned. This is done so that the keymint implementation doesn't have
to bother keeping track of tags it's not repsonsible for dealing with.
Fixes: 192575557
Test: none (it's just a comment change)
Change-Id: I3ff94201c262a5071d271b150dbbf21888d678aa
Merged-In: I3ff94201c262a5071d271b150dbbf21888d678aa
We need both the build fingerprint as well as the CSR when uploading
data to the APFE provisioning server. Add a utility function to format
the output as a JSON blob so that it may be easily collected in the
factory in a serialized data format, then later uploaded.
Test: libkeymint_remote_prov_support_test
Test: VtsAidlKeyMintTargetTest
Test: VtsHalRemotelyProvisionedComponentTargetTest
Bug: 191301285
Change-Id: I751c5461876d83251869539f1a395ba13cb5cf84
We need both the build fingerprint as well as the CSR when uploading
data to the APFE provisioning server. Add a utility function to format
the output as a JSON blob so that it may be easily collected in the
factory in a serialized data format, then later uploaded.
Test: libkeymint_remote_prov_support_test
Test: VtsAidlKeyMintTargetTest
Test: VtsHalRemotelyProvisionedComponentTargetTest
Bug: 191301285
Change-Id: I751c5461876d83251869539f1a395ba13cb5cf84
- Make clear that CERTIFICATE_NOT_{BEFORE,AFTER} must be specified for
generating/importing asymmetric keys.
- Fix enforcement level of Tag::UNLOCKED_DEVICE_REQUIRED.
- Fix reference to exportKey() for Tag::STORAGE_KEY to mention
convertStorageKeyToEphemeral instead.
- Mark Tag::CONFIRMATION_TOKEN as deprecated.
Test: none, comment change
Bug: 188672564
Merged-In: I68727b024f6b6743403941763aefca64e3eb091a
Change-Id: I68727b024f6b6743403941763aefca64e3eb091a
Ignore-AOSP-First: already merged in aosp/master
- Make clear that CERTIFICATE_NOT_{BEFORE,AFTER} must be specified for
generating/importing asymmetric keys.
- Fix enforcement level of Tag::UNLOCKED_DEVICE_REQUIRED.
- Fix reference to exportKey() for Tag::STORAGE_KEY to mention
convertStorageKeyToEphemeral instead.
- Mark Tag::CONFIRMATION_TOKEN as deprecated.
Test: none, comment change
Bug: 188672564
Change-Id: I68727b024f6b6743403941763aefca64e3eb091a
Include a unit test to verify the GEEK cert chain is valid.
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
Merged-In: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
This functionality will be used for the factory tooling, so we should
test it. Additionally, some new functionality will soon be added, and
it also needs to be tested.
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: I6a8798fc4b09fff1e829185a4b9e471921e5d2a9
Merged-In: I6a8798fc4b09fff1e829185a4b9e471921e5d2a9
It's possible that corrupted ciphertext decrypts just fine. e.g. the
output ends with "0x01".
However, the chances of this happening are relatively low
(roughly 1/256). Corrupt the ciphertext up to 8 times, ensuring that
the likelihood of multiple successful decryptions is so miniscule that
it's effectively impossible.
Test: Ran *PaddingCorrupted tests 50000 times
Change-Id: If40ecd7817819921c020ea9b86ada18c4c77ea55
Include a unit test to verify the GEEK cert chain is valid.
Test: libkeymint_remote_prov_support_test
Ignore-AOSP-First: No merge path to aosp, will manually merge
Bug: 191301285
Change-Id: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
This flag is never used anywhere, so just remove it. When used, it would
bypass signature checks. This is something we generally don't want to
do, even in testing. So remove the flag so there's no temptation to use
it.
Bug: 190942528
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I0433c1eedc08e9a5a5ad71347154867dba61689e
Merged-In: I0433c1eedc08e9a5a5ad71347154867dba61689e
This functionality will be used for the factory tooling, so we should
test it. Additionally, some new functionality will soon be added, and
it also needs to be tested.
Ignore-AOSP-First: No merge path to aosp, will manually merge
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: I6a8798fc4b09fff1e829185a4b9e471921e5d2a9
The KeyMint AIDL spec requires that "Tag::EC_CURVE must be provided to
generate an ECDSA key". Move the VTS tests to always create ECDSA keys
by curve not key size.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Merged-In: I33036387c243b21ab0ecd49221b7e7757598913e
Change-Id: I33036387c243b21ab0ecd49221b7e7757598913e
Ignore-AOSP-First: already merged in aosp/master
Try all tags in attestion extension one by one
Test: VtsAidlKeyMintTargetTest on CF
Bug: 186735514
Merged-In: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d
Change-Id: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d
Ignore-AOSP-First: already merged in aosp/master
The KeyMint AIDL spec requires that "Tag::EC_CURVE must be provided to
generate an ECDSA key". Move the VTS tests to always create ECDSA keys
by curve not key size.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Change-Id: I33036387c243b21ab0ecd49221b7e7757598913e
Remove TODOs from the KeyMint specification that were not concrete
enough or did not have enough context to act upon.
Bug: 183737811
Test: That it compiles.
Change-Id: I01899be5e65e9943053aa796a2ab23f1a783a1aa
Makes the AIDL (and its dependencies) available to allow client code
to build against it.
Fixes: 190995136
Test: Client code (in progress) builds.
Change-Id: I06e7486463bca93ed25377c0dca30484a6bbf656
Try all tags in attestion extension one by one
Test: VtsAidlKeyMintTargetTest on CF
Bug: 186735514
Change-Id: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d
This flag is never used anywhere, so just remove it. When used, it would
bypass signature checks. This is something we generally don't want to
do, even in testing. So remove the flag so there's no temptation to use
it.
Ignore-AOSP-First: Will cherry-pick to AOSP
Bug: 190942528
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I0433c1eedc08e9a5a5ad71347154867dba61689e
Check that the various ATTESTATION_ID_* tags are included if they
have the correct value, and that keygen fails if they have an invalid
value.
Also update attestation tags to include vendor/boot patchlevel if
they're available. (They always should be, but fixing that is a
separate task.)
Bug: 190757200
Test: VtsAidlKeyMintTargetTest
Merged-In: Ibaed7364c6d08c0982e2a9fb6cb864ae42cf39fe
Change-Id: Ibaed7364c6d08c0982e2a9fb6cb864ae42cf39fe
Check that the various ATTESTATION_ID_* tags are included if they
have the correct value, and that keygen fails if they have an invalid
value.
Also update attestation tags to include vendor/boot patchlevel if
they're available. (They always should be, but fixing that is a
separate task.)
Bug: 190757200
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibaed7364c6d08c0982e2a9fb6cb864ae42cf39fe
Improve the documentation and tests related to device-unique
attestation on StrongBox KeyMint devices:
* Test that the chain produced is exactly of length 2.
* Document how the chain needs to be structured.
* Explain the trust properties of the key used for the
self-signed root.
Test: atest VtsAidlKeyMintTargetTest
Bug: 187803288
Ignore-AOSP-First: Already merged in AOSP
Merged-In: I09bb16d6938b567c114485d2df00bde9d3e1ccf9
Change-Id: Ib7efdd428ce5a2e14c281077e3a77048c9721702
Now that the aidl compiler supports it, use constants from TagType to
indicate the type of each tag, rather than duplicating the values of
the constants.
Test: atest VtsAidlKeyMintTargetTest
Bug: 183737811
Change-Id: Ie8af1f00d04fa05c59cfc72692caecbcf2fae483
The vendor patchlevel is YYYYMMDD not YYYYMM
Bug: 188672564
Bug: 186735514
Test: VtsAidlKeyMintTargetTest
Change-Id: Ia641f8eef84a85aec8f2a0551c192b6874301126
Get description of ASN.1 schema in HAL and the keymint support library
in sync with each other. Change code to always list tags in the same
order (by numeric tag).
Bug: 188672564
Bug: 186735514
Test: VtsAidlKeyMintTargetTest
Merged-In: I620f54ba4a265ea69d174f6f44765a8508bfe803
Change-Id: I620f54ba4a265ea69d174f6f44765a8508bfe803
Ignore-AOSP-First: already merged into aosp/master
Add a check that the TAG_EARLY_BOOT_ONLY is included in the returned key
characteristics.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Merged-In: I200c61f34888c720c47f6289d79cd21d78436b58
Change-Id: I200c61f34888c720c47f6289d79cd21d78436b58
Ignore-AOSP-First: already merged in aosp/master
Get description of ASN.1 schema in HAL and the keymint support library
in sync with each other. Change code to always list tags in the same
order (by numeric tag).
Bug: 188672564
Bug: 186735514
Test: VtsAidlKeyMintTargetTest
Change-Id: I620f54ba4a265ea69d174f6f44765a8508bfe803
Add a check that the TAG_EARLY_BOOT_ONLY is included in the returned key
characteristics.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Change-Id: I200c61f34888c720c47f6289d79cd21d78436b58
The description should note that keystore-enforced tags are not to be
returned. This is done so that the keymint implementation doesn't have
to bother keeping track of tags it's not repsonsible for dealing with.
Bug: 186685601
Test: none (it's just a comment change)
Change-Id: I3ff94201c262a5071d271b150dbbf21888d678aa
Improve the documentation and tests related to device-unique
attestation on StrongBox KeyMint devices:
* Test that the chain produced is exactly of length 2.
* Document how the chain needs to be structured.
* Explain the trust properties of the key used for the
self-signed root.
Test: atest VtsAidlKeyMintTargetTest
Bug: 187803288
Change-Id: I09bb16d6938b567c114485d2df00bde9d3e1ccf9
This primarily updates CDDL to allow for OEMs who wish to use P256
instead of Ed25519 to do so. One structural change of note that affects
all implementors is that SignedMacAad now includes the tag from the
COSE_Mac0 of MacedKeysToSign to prevent a potential vulnerability that
would exist if an attacker compromised the server's EEK private key.
Bug: 189018262
Test: Purely a comment change
Change-Id: I043a19c6aba0f771315d45c04ab5263b610b5de8
Merged-In: I043a19c6aba0f771315d45c04ab5263b610b5de8
This primarily updates CDDL to allow for OEMs who wish to use P256
instead of Ed25519 to do so. One structural change of note that affects
all implementors is that SignedMacAad now includes the tag from the
COSE_Mac0 of MacedKeysToSign to prevent a potential vulnerability that
would exist if an attacker compromised the server's EEK private key.
Bug: 189018262
Test: Purely a comment change
Change-Id: I043a19c6aba0f771315d45c04ab5263b610b5de8
This fixes up the tests to go along with the change to the signature
of the MAC key. Primarily, this adds the MAC tag from the MACing
operation over the public key set to be signed into the AAD of the
signature of said MAC key.
Bug: 189018262
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ibdcf242e0ae73dee1a08fe98d939130055e4492e
Merged-In: Ibdcf242e0ae73dee1a08fe98d939130055e4492e
This fixes up the tests to go along with the change to the signature
of the MAC key. Primarily, this adds the MAC tag from the MACing
operation over the public key set to be signed into the AAD of the
signature of said MAC key.
Bug: 189018262
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ibdcf242e0ae73dee1a08fe98d939130055e4492e
The cppcose_rkp library was updated to generate MAC via callback instead
of passing keys around to allow for stronger MAC key protection.
Bug: 182928606
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: RemoteProvisionerUnitTests
Change-Id: Ia8a0410408fe3064e904c5282b52f172f8134b9a
Merged-In: Ia8a0410408fe3064e904c5282b52f172f8134b9a
The cppcose_rkp library was updated to generate MAC via callback instead
of passing keys around to allow for stronger MAC key protection.
Bug: 182928606
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: RemoteProvisionerUnitTests
Change-Id: Ia8a0410408fe3064e904c5282b52f172f8134b9a
If these HALs aren't present on the device, then the test runner will
fail due to test binary trying to dynamically link to libs that aren't
present. Statically linking them will allow the test to fail gracefully
when the test harness sees that the HAL interfaces aren't available on
device.
Fixes: 184797684
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I0f8dea081a51256cfb0e50d6af20038e2b8f1f07
Merged-In: I0f8dea081a51256cfb0e50d6af20038e2b8f1f07
If these HALs aren't present on the device, then the test runner will
fail due to test binary trying to dynamically link to libs that aren't
present. Statically linking them will allow the test to fail gracefully
when the test harness sees that the HAL interfaces aren't available on
device.
Fixes: 184797684
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I0f8dea081a51256cfb0e50d6af20038e2b8f1f07
- clarify & test BIGNUM spec
- allow alternative return codes when requesting device unique
attestation
- use specific error for early boot import failure
- test more early boot key scenarios (in post-early-boot mode)
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Merged-In: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
- clarify & test BIGNUM spec
- allow alternative return codes when requesting device unique
attestation
- use specific error for early boot import failure
- test more early boot key scenarios (in post-early-boot mode)
Test: VtsAidlKeyMintTargetTest
Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
Strongbox doens't support p-224. Change the curve to p-256 for better
compatibility.
Also update the tags to be filtered on the hw-enforcement list.
Bug: 186735514
Test: VtsAidlKeyMintTargetTest
Change-Id: I3f587c5471ca68b88a565ee9ec2e27d1e9e11b17
Merged-In: Ia8eb4c8e28810de5f37295abd8baed6f01b19a3c
Change RSA encryption (with public key) so it happens locally in the
test, rather than by invoking an ENCRYPT operation against KeyMint.
- Specify MGF1 digest for OAEP mode as (now) required by AIDL spec.
- Drop tests for too-long encryption inputs.
- Adjust test comments to reflect decryption-only nature.
- Change parameter checking tests to do so on DECRYPT rather than ENCRYPT.
Bug: 188385353
Test: VtsAidlKeyMintTargetTest
Merged-In: I10c4beea28387eecfd0bc7c5dfd59a1b66fec21e
Change-Id: I10c4beea28387eecfd0bc7c5dfd59a1b66fec21e
Change verification of ECDSA and RSA signatures so it happens locally
in the test, rather than by invoking a VERIFY operation against KeyMint.
Bug: 188385353
Test: VtsAidlKeyMintTargetTest
Merged-In: I0efc30f3c96cd70ac636d34718eff53cc23f1480
Change-Id: I0efc30f3c96cd70ac636d34718eff53cc23f1480
Change RSA encryption (with public key) so it happens locally in the
test, rather than by invoking an ENCRYPT operation against KeyMint.
- Specify MGF1 digest for OAEP mode as (now) required by AIDL spec.
- Drop tests for too-long encryption inputs.
- Adjust test comments to reflect decryption-only nature.
- Change parameter checking tests to do so on DECRYPT rather than ENCRYPT.
Test: VtsAidlKeyMintTargetTest
Change-Id: I10c4beea28387eecfd0bc7c5dfd59a1b66fec21e
Strongbox doens't support p-224. Change the curve to p-256 for better
compatibility.
Also update the tags to be filtered on the hw-enforcement list.
Change-Id: I3f587c5471ca68b88a565ee9ec2e27d1e9e11b17
Change verification of ECDSA and RSA signatures so it happens locally
in the test, rather than by invoking a VERIFY operation against KeyMint.
Test: VtsAidlKeyMintTargetTest
Change-Id: I0efc30f3c96cd70ac636d34718eff53cc23f1480
Commit 40eb8f53ea ("KeyMint AIDL tweaks") removed references to
getKeyCharacteristics() in docs, as it was a KeyMaster entrypoint
that wasn't present on the KeyMint HAL.
Commit dadb18dd29 ("Add getKeyCharacteristics method to KeyMint")
added the getKeyCharacteristics() entrypoint to KeyMint, as it
turned out it was needed after all.
This commit restores references to getKeyCharacteristics() in the
Tag.aidl documentation.
Test: VtsAidlKeyMintTargetTest
Change-Id: I860479554b85f4adfeddd4eee70a09cf5265c938
If GenerateKey() with user-provide key_blob, it needs to be specified in
the following begin() operations as well. Update the test case just to
take key_blob from private member instead of creating a local one.
Note:
- Remove redudent TAG_NO_AUTH_REQUIRED in DeviceUniqueAttestationTest
Change-Id: I81860294e1e7e01a57e66e08e75507a8292ec0c3
Tests for:
- non-prime RSA exponent (fails with CF KeyMint)
- RSA exponent value of 3
- key size > 512 for `STRONGBOX`
- unknown tag inclusion
- CBC input size not block size multiple
- challenge omitted for attestation (fails with CF KeyMint)
- import RSA key with implicit params
- vestigial upgradeKey test
- importWrappedKey errors
- importWrappedKey sids ignored
- duplicate/missing params on begin()
- more tests for incompatible params on begin()
- HMAC size not multiple of 8 (fails with CF KeyMint)
- wrong size caller IV for 3DES rejected
- too large MIN_MAC_LENGTH for HMAC
- invalid AES-GCM minimum MAC length values
- check failed updateAad() cancels operation
- check that auto-generated nonces are distinct
- (DISABLED_) invoke destroyAttestationIds()
- omitting optional RSA keygen tags
Also add commenting to illustrate the ASN.1 structure of hex data.
Test: VtsKeyMintAidlTargetTest
Change-Id: I4663c42671cbb094ffe8d603e0352ffa9f1dbf2e
Add tests for:
- Too much entropy should be rejected with INVALID_INPUT_LENGTH
- All authorization lists should include a vendor and boot patchlevel.
These requirements are in both the KeyMint and the KeyMaster 4.0 AIDL
specificications, but have never been policed before.
Currently disabled with a command-line flag because CF does not have
the patchlevels and so fails lots of tests.
Test: VtsKeyMintAidlTargetTest
Change-Id: Ic9622ef3f1b80e013a34059218e3e029f392eb72
- Describe 3DES requirements
- Remove references to non-existent getKeyCharacteristics() entrypoint
- Remove references to non-existent attestKey() entrypoint
- Remove mention of asymmetric verification operations
- Remove text describing incomplete update()
- Remove text discussing padding for ECDSA
- EC keys can't encrypt/decrypt
- Force use of curve not key size for EC keys
- Drop TODO re: CBOR encoding of wrapped key
- Indicate caller-provided nonces must have correct size
- Add more reference to IKeyMintOperation
- Align parameter names with signatures
- Correct MIN_MAC_LENGTH error code
- Make CREATION_DATETIME consistently optional
- Describe use of MGF1 digest option
- Fix typos
Test: VtsKeyMintAidlTargetTest (CF)
Change-Id: Ie01b99d33be7336e872bf24a7761a3ac5b1d584c
Somehow the attestation format docs got dropped from KeyMint in the
transition from Keymaster. This replaces them, and also clarifies
that KeyMint StrongBox should not support device attestation.
Test: VtsAidlKeyMintTargetTest
Change-Id: I2334e99b4797c7a0e2e59727ffa730cf7504df31
- Added tests for signing attest key with factory chain.
- Added test for signing encryption keys.
- Added tests for chaining many RSA attest keys on the same chain.
- Added tests for chaining many Ec attest keys on the same chain.
- Added tests for alternate chaining of rsa-ec-rsa-ec-rsa attesti
keys on the same chain.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I9c67e2b928d6bba6cc4074a4b65f639f33c9ec26
- Check for app id only if challenge is provided.
- Verify self sign certificate works for RSA and Ecdsa.
- Verified attestation is generated for encryption keys too.
- Verify no attestation is generated for symetric keys.
- Verify app id is always required when attestation challenge is
provided to the new key generation.
- Verify app id is ignored when challenge is missing.
- Verify app id length is properly encoded.
- Added vts tests for various attestation success and fail cases.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: If29249b0913fd9c2f91d20188ca5cfbaa04bead8
This change removes the interface layer between the client and the
underlying HAL. This is one part of a two part change to properly finish
migrating all of the RemotelyProvisionedComponent functionality to
system/keymaster.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ibccc6b3af86a63b8a6c6207fffd43cfc41b903b5
This is the change that removes the functionality that has been shifted
over to appropriate classes and contexts in system/keymaster.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I491f4ef823868322ea6a804d88ca09662c099a44
This adds a way to derive information about the hardware for clients
that call the HAL. The primary functional usecase here is to
differentiate which EC curve the underlying hardware for a given
instance of IRemotelyProvisionedComponent is supported.
Originally, curve 25519 would have been used in all implementations for
verifying the EEK certificate chain and doing ECDH, but secure elements
do not offer 25519 support yet. In order to support remote provisioning
on SEs, we have to relax the standard here a bit to allow for P256.
Test: Everything builds
Change-Id: I9245c6f4e27bd118fe093bffc0152549ed7f0825
