This allows applications to generate their own attestation keys and
then use them to attest other application-generated keys.
Bug: 171845652
Test: VtsAidlKeyMintTargetTest
Change-Id: I32add16dcc2d1b29665a88024610f7bef7e50200
Verify that when keymint implementation supports rollback resistance,
it must also enforce the single use key in hardware by secure hardware.
Test: atest -c VtsAidlKeyMintTargetTest
Change-Id: Ib984003247906ded7266da620e2d82e826d916bc
1. Fix test case for usage count limit tag = 1 case, when
hardware cannot enforce it, the tag should by enforced by keystore.
2. Add test case for usage count limit tag > 1.
3. Add test case to verify the usage count limit tag appears
correctly in the attestation certificate for asymmetic key.
Test: atest -c VtsAidlKeyMintTargetTest
Change-Id: I01df278b42a91a78c8888c13c4f81b7ec70cfa22
We need a way to distinguish between tags that are enforced by KeyMint
with security level "SOFTWARE" and tags that are not enforced by
KeyMint but are expected to be enforced by KEYSTORE.
Test: VtsAidlKeyMintTargetTest
Change-Id: I9f414bec43959577a50d49146029c9edb031be56
authorizationValue checked the uion value tag twice instead of checking
the actual tag value.
Test: N/A
Change-Id: I348b5ac06801a04ca7243088d758374148910d39
This adds rust derive stanzas to TimeStamp, TimeStampToken, and
HardwareAuthToken.
Also removes an unused import from IKeyMintDevice.
Test: Compiles.
Change-Id: If41248f5cda8015ecb07bec5d1bc75317b803492
And add vts test to verify the tag appears in the key characteristics.
also if the tag is enforced in the hardware, afer the usage of the key
is exhausted, the key blob should be invalidated from the secure storage
(such as RPMB partition).
Bug: b/174140443
Test: atest VtsHalKeyMintV1_0TargetTest
Change-Id: Ic65b855c5a8692ab8d1281dd46562ad0844ab1b0
This is by no means complete, but it validates basic functionality.
More is coming.
Test: VtsAidlKeyMintTargetTest
Change-Id: I0727a9f5b137b58b9a2f0aaf9935bfdc6525df8f
This patch removes verifyAuthorization from the KeyMint spec in favor of
secureclock and the TimeStampToken. Timestamp has moved to secureclock
and the VerificationToken was removed from keymint. This reverses the
dependency between keymint and secureclock because keymint no imports
TimeStampToken and Timestamp from secureclock.
Test: Tested with CtsVerifier Fingerprint bound keys test.
Change-Id: I4e0bde0d77e74918e2b5483c30be8057417e3bf1
* changes:
The aidl definition for Shared Secret functionality.
Add Shared Secret to the compatibility matrix.
The aidl definition for Secure Clock keymint service.
Add Secure Clock to the compatibility matrix.
Support key characteristics with three security levels, do not store
unenforced authorizations with keys or bind them to keys.
Bug: 163606833
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Idbc523f16d8ef66ec38e0d503ad579a93c49e7b4
Renaming the test without updating the test configuration broke it.
This fixes it.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I3f4c07a04f2b0ce604f0bbac43ffdbdbb5b34d53
* replace NullOr with std::optional.
* Add mising tag.
* Undefine helper macros so that keymint_tags.h can be used together
with keymaster_tags.h
* Check if KeyParameterValue variant matches KeyParameterTag in
accessors.
Test: VtsAidlKeyMintTargetTest
Change-Id: I6c951071f30fd27c8c21a2e8cc86f421a3bc37d9
AIDL now supports union types. This CL changes KeyParameter to use
one.
Test: VtsAidlKeyMintTargetTest
Change-Id: I5112611b161e3de1ea86105ea3c7ed0912036a7b
This is no longer needed in KeyMint. Keystore2 implements similar
functionality in Rust.
Test: Build
Change-Id: Ia43716449756935619fb22ef5aba113e420c2687
Because AIDL doesn't allow tag values to be constructed the way we
did in HIDL (and before), each tag definition carries a comment
specifying what the "magic" tag type value used in its construction
means. This CL moves those comments so they're adjacent to the value
they're documenting.
Test: Build
Change-Id: I30b037f9ddf6bf2b07326a53959d490e045c891a
Mostly just removal of old-style #include guards in favor of #pragm
once, reorganization of header includes, correction of copyright
years, etc.
Test: VtsAidlKeyMintTargetTest
Change-Id: I070584ecec550a2f133b1c19f36f99e7b5544e7c
1ffcdebadd
Bug: 175345910
Bug: 171429297
Exempt-From-Owner-Approval: re-landing topic with no changes in this CL.
Change-Id: I691cad252f188b54a8076589d9955774d74d4729