Commit 93c72cef92 ("KeyMint: sync all attestation tags",
http://aosp/1719302) removed various tags from the attestation that are
only applicable to symmetric keys, on the assumption that these are
irrelevant for the attestation extension that is generated for the
certificate holding asymmetric public keys.
However, that change did not take into account the fact that the
AuthorizationList ASN.1 schema is re-used elsewhere in the KeyMint API,
specifically as a way of describing the characteristics associated with
a key that is being securely imported via
IKeyMintDevice::importWrappedKey.
That import process may be used for symmetrics keys, and so the tags
that are specific to symmetric keys still need to be included in
AuthorizationList.
Similarly, USER_SECURE_ID values are never included in attestation
extensions because they have no meaning off-device, but they may be
needed as part of the import of a wrapped key.
Test: TreeHugger, comment change only
Bug: 244693617
Change-Id: Iaa941e120e3641a6e6c369b7c6a51f10b44df78a
The tag enum names can't be removed due to AIDL back-compatibility
requirements, and also it's useful to have the values present to avoid
inadvertent reuse.
Update the tag comment text to indicate that these tags are obsolete.
Bug: 191738660
Test: TreeHugger, comment change only
Change-Id: Icbd4c9cd0313f93bc491b49eb9077766d0f44e34
All attempts to use an EARLY_BOOT_ONLY key after earlyBootEnded()
is called must fail with Error::EARLY_BOOT_ENDED.
Test: run vts -m VtsAidlKeyMintTarget
Change-Id: Ic3d028ceb7f71e6e266993ec4e877770cd8e5c4a
Test size requirements for symmetric (Stream and Block) ciphers.
These tests are similar to CTS tests of symmetric ciphers.
For reference CTS test BlockCipherTestBase#testKatEncryptOneByteAtATime
for all its derived classes eg. AES128CBCNoPaddingCipherTest,
AES128CBCPKCS7PaddingCipherTest etc.
Bug: 226899425
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I78408071fbf5a360d89c5bbae479faffd7c6d935
KeyMint supports the specification of a separate MGF digest when
performing RSA-OAEP decryption, with a default value of SHA-1.
Test the expected behaviour here:
- SHA-1 is used if nothing specified in key characteristics.
- If something is specified in key characteristics, the operation
parameter value has to be one of those values.
Bug: 203688354
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic2dd3641be732a273724faa20cf4edf8a1752506
This document is meant to provide a clear summation for vendors looking
for a reference of what has changed from release to release, as well as
documentation for those working on developing the
IRemotelyProvisionedComponent interface.
Bug: 227266513
Test: The document is readable.
Change-Id: I909e22a31a88856af911a80a52ec7eda263693db
- Remove KeyPurpose comments that refer to public key operations.
- Clarify/fix description of RSA_OAEP_MGF_DIGEST.
- Describe HMAC key requirements.
- Clarify RSA_PSS key length requirement
- Clarify when shared secret should change (on restart)
- Padding::NONE is not deprecated
- Fix typos
Test: none, just comment changes
Change-Id: If58e8d8644aac926a990e50f7a873dca74cd4896
This document goes a little more in depth on the motivating factors and
background mechanisms that occur with RKP, that are not appropriate for
direct inclusion in the HAL docs in the .aidl files.
Fixes: 234159998
Test: Readable
Merged-In: I141fb098c536a5468b1113af64dcf6185ea7ae9f
Change-Id: I141fb098c536a5468b1113af64dcf6185ea7ae9f
Some are still in VNDK because they are used in other VNDK libs.
Bug: 234181591
Test: m
Merged-In: If999df9c78a20df931177da11742b1c5de19bc08
Change-Id: If999df9c78a20df931177da11742b1c5de19bc08
Some are still in VNDK because they are used in other VNDK libs.
Ignore-AOSP-First: some libs are still in internal master only.
Bug: 234181591
Test: m
Merged-In: If999df9c78a20df931177da11742b1c5de19bc08
Change-Id: If999df9c78a20df931177da11742b1c5de19bc08
(cherry picked from commit 5527adfd7f)
This change syncs aosp/master with the change in http://aosp/2117528,
allowing devices that launched with the (incorrect) version of
ATTEST_KEY VTS tests in Android S to continue to pass the test.
Bug: 197096139
Bug: 230074335
Test: VtsAidlKeyMintTargetTest
Change-Id: If88642e238e64ca9ec80303a4a72f7171c63464f
This document goes a little more in depth on the motivating factors and
background mechanisms that occur with RKP, that are not appropriate for
direct inclusion in the HAL docs in the .aidl files.
Bug: 234159998
Test: Readable
Change-Id: I141fb098c536a5468b1113af64dcf6185ea7ae9f
