Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test. This CL
reverts that portion of the change.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Merged-In: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
(cherry picked from commit 0dba888612)
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Merged-In: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
(cherry picked from commit 4e006c2b92)
Strongbox is not required to support SHA-2 digests,
so skip the related tests.
Bug: 109771020
Merged-In: I5f877b2a1ac66026a876e145416ba078d486e4b5
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
(cherry picked from commit 8cec80be1f)
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Test: yes it is
Merged-In: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
(cherry picked from commit 7b75f015a7)
Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.
Test: N/A
Bug: 78104779
Merged-In: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
(cherry picked from commit ae8da1b70a)
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.
Test: Patches the strongbox tests
Bug: 112189538
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test. This CL
reverts that portion of the change.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Bug: 80246122
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Bug: 80246122
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Strongbox is not required to support SHA-2 digests,
so skip the related tests.
Bug: 109771020
Bug: 80246122
Test: This is the test
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Bug: 80246122
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().
The patch is provided by vink.shen@mediatek.corp-partner.google.com
Bug: 109708231
Test: build pass
Merged-In: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
(cherry picked from commit 79db3ec849)
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.
Also amend tests to use Update().
Test: Yes it is
Bug: 74519020
Merged-In: Ibec9c3398671f81dbc0ecf78e554726276160579
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
(cherry picked from commit 3a7e2cade3)
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test. This CL
reverts that portion of the change.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.
Test: N/A
Bug: 78104779
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
This KM4 key agreement check is causing some pain on early units
that aren't completely provisioned in both locked and non-Green
(unlocked) states.
This doesn't impact KM3 devices (Pixel 2016/2017 etc.)
Bug: 110301629
Change-Id: I5a737ac8a335863b1099c29cf3c0496adeb41e15
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.
Also amend tests to use Update().
Test: Yes it is
Bug: 74519020
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().
The patch is provided by vink.shen@mediatek.corp-partner.google.com
Bug: 109708231
Test: build pass
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Gramatical and punctuation corrections; addition of missing
userSecureId to AuthorizationList schema and removal of extraneous
rollbackResistant from same; correction of OS_PATCHLEVEL source
property; and addition of missing TAG_UNLOCKED_DEVICE_REQUIRED
documentation.
Bug: 69550260
Test: N/A
Change-Id: I04092b7df3af69201ba1467cddc09f6f44e861a8
Bug: 80102279
Bug: 80251973
Test: N/A; this keymaster exists only for policy compliance. It's never used.
Change-Id: I45f0eefd9abdd02f6774aa52f238040510c5d62c
This had to be disabled because Qualcomm's keymaster4 returned a bad
value.
Bug: 77588764
Bug: 79698245
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ieb150d7f17c36f01acf2eeb665792594251b51ae
Doc comments look like "/** ... */" and they
can only be in certain places.
Bug: 79865343
Test: m
Change-Id: Ic15c08ff7dc6e4f9827c1dbe7f7236c11a572ec1
Merged-In: Ic15c08ff7dc6e4f9827c1dbe7f7236c11a572ec1
To make it easier for clients (vold & keystore) to perform key
agreement, this CL adds a service method that does it. To make key
agreement consistent, this method sorts the HMAC sharing parameters
lexicographically. The requirement for sorting is documented in the
HAL.
Test: Boot device
Bug: 79307225
Bug: 78766190
Change-Id: Idb224f27f8e4426281d9a0105605ba22bf7c7e95
Keymaster VTS is failing to verify that the last certificate in the
chain is self-signed. CTS and GTS tests verify this, but it should be
validated at this level as well.
Bug: 79123157
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I5ff33fc8186182c2cf8d43d90cd59f89ce45d416
This test was added on a bad assumption about the behavior of the
keymaster spec, and is now being removed.
Test: VTS
Bug: 77307569
Change-Id: Iac2f6f45ea1816505ff3b47bbdc548ff1161c96b
The key sharing test modified the seed in an invalid way.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I0b2ac90397a3f23258ebd4dddc5f6043af7b1600
The golden test keys didn't include TAG_NO_AUTH_REQUIRED, which causes
them to be rejected by strictly compliant implementations.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5157537e5407618ddc37debf00486977abb00f99
The TripleDes tests failed to set TAG_NO_AUTH_REQUIRED, which causes
operations to be rejected by strictly compliant implementations.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I25cd5ec0ccede2b148f5da4566b8e1e20e8edbde
Bug: 38430282
Test: VtsHalKeymasterV3_0TargetTest pass with exception
of (AesEcbWithUserId, RsaAttestation, EcAttestation)
which are expected failures.
Change-Id: I48e7195f512190deb608f1a69783c92254eef1aa
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Merged-In: Id19d19b19532ac8d4c52aad46a954faa4515289d
Change-Id: Id19d19b19532ac8d4c52aad46a954faa4515289d
(cherry picked from commit 1840be6d35)
Only DES3 is supported (168-bit), so remove
tests for 112-bit DES.
Also replace the RSA public exponent 3, with
65537 in most tests so that RSA key generation
is faster.
Change-Id: I9958df81fe46d752d82072dc6c7effa34b2921a8
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit 95b60a0f41.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: I2893c23ab173ff5c39085d56b555e54770900cbc
Keymaster clients need to see all the available devices and figure out
which they want to use. This method finds them all and returns them
in a vector sorted from most secure to least, according to a heuristic
defined in Keymaster::VersionResult::operator<
This CL also makes a few other minor improvements to the support
library, providing more information in VersionResult and adding some
more convenience methods in AuthorizationSetBuilder.
Test: Build & boot
Change-Id: I876238ee9ff72573c30d60e1cec665dd610bcde6
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: go/asym-write-test-plan
Bug: 67752510
Change-Id: I466dfad3e2e515c43e68f08e0ec6163e0e86b933
Previous CLs to move keymaster wrappers broke the build (but somehow
not in my tree, nor in TreeHugger's build).
Test: Build
Change-Id: I0494e1e38ee7e8806f3758d533b6b1e3a6c576d1
This wrapper was used to manage KM3/KM4 compatibility in keystore.
It's also needed in vold, so this CL moves it here, to make it usable
for vold.
Test: keystore CTS tests
Change-Id: I8079b8577f7d4a8fd67f47fbe1f48861e4a0734b
Removing whenever I see these in code reviews.
Test: none
Merged-In: I4322f533a837d55618ec2ed2125e8966ace9d61d
Change-Id: I4322f533a837d55618ec2ed2125e8966ace9d61d
This CL merely duplicates all of the Keymaster V3.0 functionality and
VTS tests, and provides a pure software implementation of the 4.0 HAL,
which passes the VTS tests. Future CLs will remove some cruft and
unused features, then add new features and accompanying tests.
Note that the reason that this is V4.0 rather than V3.1 is because V4.0
will not be fully backward compatible with V3.0. Specifically, V4.0
will allow for "StrongBox" implementations, which will only provide a
subset of Keymaster functionality. StrongBox versions of Keymaster will
be implemented in discrete, special-purpose hardware which will
generally be much less powerful (slower, less RAM, etc.) than is needed
to support a full Keymaster implementation.
So, while the V4.0 interface will be a strict superset of the V3.0
interface, which could normally be best implemented as an extension, it
will allow StrongBox implementations which are unable to pass the V3.0
test suite, which means that it will not be true that a V4.0
impementation IS-A V3.0 implementation, as would be expected of a V3.1
implementation. The V4.0 test suite will distinguish between StrongBox
and non-StrongBox implementations and enforce appropriately-reduced
requirements on the former.
In addition to the duplication, 4.0 also cleans up some cruft from 3.0:
- Removes tags and types which were in previous versions but never
used;
- Removes support for wrapping pre-Treble keymaster HALs with KM4,
since they'll only be wrapped by the default KM3 implementation;
- Renames the ROLLBACK_RESISTANT tag to ROLLBACK_RESISTANCE and
defines new semantics for it;
- Changes auth token handling to use the HardwareAuthToken struct
passed in as an explicit argument to the relevant methods,
rather than an opaque byte vector provided as a KeyParameter;
- Updates the VTS tests to use a gtest "environment" for better
integration with VTS test infrastructure;
- Adds a test for upgradeKey.
- Makes comment formatting more consistent, including using the
correct two-space typographical convention to separate sentences.
Bug: 63931634
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I3f01a4991beaa5c4332f72c91e8878a3bf0dec67
Remove self from test ownership and transfer to new owners as agreed.
Test: none
Bug: 69425312
Change-Id: I8b189e6f2d7076b9ee7f3bad91445ccf6c5e1767
Merged-In: I8b189e6f2d7076b9ee7f3bad91445ccf6c5e1767
OpenSSL changes error code of large RSA data from
KM_ERROR_INVALID_INPUT_LENGTH to KM_ERROR_INVALID_ARGUMENT which causes
HidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge and
HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLarge tests failed.
Fix keymaster VTS to accept both the error codes.
Bug: 68289922
Test: HidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge and
HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLargeHidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge
and HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLarge are
passed after applying this modification and other Keymaster 3.0
VTS test cases are not affected.
Change-Id: I493bfa1c6e4b69560dfae3585a416b5c3d33e215
Failed cases:
AttestationTest.RsaAttestation
AttestationTest.EcAttestation
Analysis:
The verify_attestation_record() in Keymaster_hidl_hal_test.cpp calls
parse_attestation_record() to set the value of att_challenge. It fails
to compare att_challenge with challenge by memcmp.
Because setToExternal() method uses buffer pointer to local variable
(record), not use memcpy to copy into itself buffer in
parse_attestation_record(). When it leaves the parse_attestation_record(),
we will get the att_challenge which is null buffer to compare with challenge
incorrectly.
Fix: use memcpy to copy the buffer.
Bug: 65039571
Test: build passed. VtsHalKeymasterV3_0Target -> PASSED: 106, FAILED: 0.
Change-Id: I700a9242cc9a5f4cb196b62860823601e4088531
KM0 supports only asymmetric encryption. And for those we cannot
distinguish between imported and generated keys.
This patch adds correct handling for KM0 origin tags.
Test: run vts test with wrapped km0 module from
system/security/softkeymaster
Bug: 67358942
Bug: 67363396
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I7f5ddd21dde284dbfbd68b3b83fb75c1457dbd59
Some RSA operation tests expect ErrorCode::INVALID_ARGUMENT
and others ErrorCode::INVALID_INPUT_LENGTH for the same
diagnosed syndrome, i.e., the input message was too long.
This patch relaxes the expectations on one of these tests
expecting ErrorCode::INVALID_INPUT_LENGTH, to also accept the
more consistent ErrorCode::INVALID_ARGUMENT.
Bug: 67358942
Bug: 67359132
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I573d3a01b052f0256611064f23ae791007cf7122
This patch adds swillden@ and jdanis@ as owners of keymaster/3.0/vts
and keymaster/3.0/default.
Test: No code changed
Change-Id: I04bc0f741e8fafd53aee7c9dd62954548b81263d
