Commit graph

188 commits

Author SHA1 Message Date
Max Bires
f0394173a4 Merge "AesInvalidKeySize skip 192 on SB devices" into sc-dev 2021-08-20 16:15:29 +00:00
David Drysdale
ca76a75096 KeyMint VTS: add missing purpose/algo
Test was producing an invalid set of parameters in a different way than
intended.

Bug: 197222749
Test: VtsAidlKeyMintTargetTest
Merged-In: I07f706fec81d91e8eee9c0561428142559c54f12
Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12
Ignore-AOSP-First: this is a manual cross-merge
2021-08-19 17:14:18 +01:00
Max Bires
5b7f78d43b AesInvalidKeySize skip 192 on SB devices
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.

Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: Ic0ff19d2d19d6e18dfbc0fad4b8182264f36b2f6
2021-08-19 03:28:15 -07:00
Bill Richardson
f332d02bc6 Merge "Revert "AesInvalidKeySize skip 192 on SB devices"" into sc-dev 2021-08-18 16:54:06 +00:00
Max Bires
0224cfe3e0 Revert "AesInvalidKeySize skip 192 on SB devices"
This reverts commit eb8b0577e8.

Reason for revert: Broke a different TEE implementation

Bug: 196922051
Change-Id: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
2021-08-17 14:41:49 +00:00
Max Bires
f24a66f42a Merge "AesInvalidKeySize skip 192 on SB devices" into sc-dev 2021-08-13 21:45:03 +00:00
David Drysdale
1cc416882f KeyMint VTS: catch empty cert chains
Explicitly detect empty cert chains returned by GenerateKey rather
than crashing when trying to dereference the first entry.

Bug: 195605180
Test: VtsAidlKeyMintTargetTest
Merged-In: Idad2703b458952ff599c6ccdd04a941aef7aedde
Change-Id: Idad2703b458952ff599c6ccdd04a941aef7aedde
Ignore-AOSP-First: already merged in aosp/master
2021-08-11 16:33:13 +01:00
Max Bires
eb8b0577e8 AesInvalidKeySize skip 192 on SB devices
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.

Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: I1a27a0d61e5247ad90c8f5b1423f2a1567016bac
2021-08-09 23:04:26 -07:00
Seth Moore
8aee4a857c Allow uninstantiated remote provisioning tests
Not all devices have an IRemotelyProvisionedComponent HAL, so on those
devices 0 of the tests in VtsRemotelyProvisionedComponentTests will be
run.

Fixes: 194770385
Test: Ran tests on two devices: one with and one without the HAL.
Change-Id: I8624096158f29058189dfab7cd876804ae178e60
2021-07-27 14:20:17 -07:00
Seth Moore
643a794172 Add VtsRemotelyProvisionedComponentTests config
VtsHalRemotelyProvisionedComponentTargetTest was picking up the same
config file (AndroidTest.xml) as VtsAidlKeyMintTargetTest. When atest or
TF was used to run VtsHalRemotelyProvisionedComponentTargetTest, it
actually ran VtsAidlKeyMintTargetTest.

Add a separate test config file so that we run the correct test binary.

Test: atest VtsAidlKeyMintTargetTest
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Fixes: 192824779
Change-Id: I7ba0f8d364690209722f9a06c6c0ce2957781beb
2021-07-20 15:47:03 -07:00
TreeHugger Robot
eca569897a Merge "Don't fail if TAG_ALLOW_WHILE_ON_BODY is missing" into sc-dev 2021-07-13 17:35:10 +00:00
TreeHugger Robot
f58618f851 Merge "KeyMint: Fix device-unique attestation chain specification" into sc-dev 2021-07-13 15:24:53 +00:00
Seth Moore
3dbdaa9717 Don't fail if TAG_ALLOW_WHILE_ON_BODY is missing
The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be
supported, and if it is not supported it's a noop. Don't expect the tag
to fail with UNSUPPORTED_TAG on devices that don't support it.

Test: VtsAidlKeyMintTargetTest
Bug: 192222727
Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
2021-07-12 15:10:40 -07:00
Seth Moore
87eb1dd928 Update KeyMint VTS tests with prod GEEK
Now that we have the production Google Endpoint Encryption Key, we can
update the tests to use the correct GEEK cert chain where applicable.

Ignore-AOSP-First: No merge path to aosp, will manually merge
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: VtsAidlKeyMintTargetTest
Bug: 191301285
Change-Id: I84b557c6bad34741ffe6671fc941d9e266b73241
2021-07-09 08:47:54 -07:00
Eran Messeri
3e6c2ef9c8 KeyMint: Fix device-unique attestation chain specification
Fix the device-unique attestation chain specification: The chain should
have two or three certificates.
In case of two certificates, the device-unique key should be used for
the self-signed root.
In case of three certificates, the device-unique key should be certified
by another key (ideally shared by all StrongBox instances from the same
manufacturer, to ease validation).

Adjust the device-unique attestation tests to accept two or three
certificates in the chain.

Additionally, the current StrongBox KeyMint implementation can not yet
generate fully-valid chains (with matching subjects and issuers), so
relax that check.

Bug: 191361618
Test: m VtsAidlKeyMintTargetTest
Merged-In: I6e6bca33ebb4af67cac8e41a39e9c305d0f1345f
Change-Id: Iebefafe72148c919d10308eff7a19fc1bc40c619
2021-07-09 09:08:17 +01:00
Seth Moore
e35b1427e6 Merge "Add Attestation IDs State to DeviceInfo" into sc-dev 2021-07-08 23:04:37 +00:00
Seth Moore
f594fce5dd Add Attestation IDs State to DeviceInfo
We will use the 'Attestation IDs State' field in DeviceInfo to
determine whether a device is still provisionable or not. Once a
production device has left the factory, certain attestated device ids
should be fixed, and 'Attestation IDs State' should reflect this
by reporting "locked".

Remove stale, duplicated DeviceInfo description from ProtectedData.aidl

Test: None, just a doc change
Bug: 192017485
Change-Id: I4e0a840a8f415b3b410801805a158c46be30ec6a
2021-07-08 12:47:42 -07:00
TreeHugger Robot
1e3ab5940f Merge "Add test ensuring that BCC keys not unique ids" into sc-dev 2021-07-08 17:15:27 +00:00
Seth Moore
17587b0183 Add test ensuring that BCC keys not unique ids
Get two test BCCs, then ensure that no repeated keys are found.

Ignore-AOSP-First: No merge path to AOSP, will manually port.
Bug: 192687735
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I48f86e7dfa9ab4bc6303a8d1b64ac7ca6ac76bbf
2021-07-08 15:54:52 +00:00
TreeHugger Robot
acce5d3c68 Merge "Use TagType constants" into sc-dev 2021-07-08 15:32:25 +00:00
Eran Messeri
befeda6b00 Use TagType constants
Now that the aidl compiler supports it, use constants from TagType to
indicate the type of each tag, rather than duplicating the values of
the constants.

Test: atest VtsAidlKeyMintTargetTest
Bug: 183737811
Merged-In: Ie8af1f00d04fa05c59cfc72692caecbcf2fae483
Change-Id: Ie62b6ee8a8ced05a870711073bb3be16931f3d4d
2021-07-08 10:45:10 +01:00
Eran Messeri
12ee28322d Annotate some TODOs
There are two tags that cannot be currently removed but should be
removed in KeyMint V2. Mark them as deprecated and point to the bug
for deletion.

Bug: 183737811
Test: That it compiles.
Change-Id: I98b96cc8c49eb339a998d0abed9216aa57f6b19f
Merged-In: I80ccaedeb777fdb249a8cb021db6628da32d6029
2021-07-08 10:42:13 +01:00
Seth Moore
8b78dc5031 Correct the description for getKeyCharacteristics
The description should note that keystore-enforced tags are not to be
returned. This is done so that the keymint implementation doesn't have
to bother keeping track of tags it's not repsonsible for dealing with.

Fixes: 192575557
Test: none (it's just a comment change)
Change-Id: I3ff94201c262a5071d271b150dbbf21888d678aa
Merged-In: I3ff94201c262a5071d271b150dbbf21888d678aa
2021-07-01 11:39:13 -07:00
Seth Moore
23f624599f Add a utility to JSON-format a CSR with build info
We need both the build fingerprint as well as the CSR when uploading
data to the APFE provisioning server. Add a utility function to format
the output as a JSON blob so that it may be easily collected in the
factory in a serialized data format, then later uploaded.

Test: libkeymint_remote_prov_support_test
Test: VtsAidlKeyMintTargetTest
Test: VtsHalRemotelyProvisionedComponentTargetTest
Bug: 191301285
Change-Id: I751c5461876d83251869539f1a395ba13cb5cf84
2021-06-30 09:32:08 -07:00
David Drysdale
8e8698913a Merge "KeyMint VTS: allow for stricter SharedSecret impls" into sc-dev 2021-06-29 05:49:21 +00:00
David Drysdale
382e34835d KeyMint HAL: clarify spec text
- Make clear that CERTIFICATE_NOT_{BEFORE,AFTER} must be specified for
   generating/importing asymmetric keys.
 - Fix enforcement level of Tag::UNLOCKED_DEVICE_REQUIRED.
 - Fix reference to exportKey() for Tag::STORAGE_KEY to mention
   convertStorageKeyToEphemeral instead.
 - Mark Tag::CONFIRMATION_TOKEN as deprecated.

Test: none, comment change
Bug: 188672564
Merged-In: I68727b024f6b6743403941763aefca64e3eb091a
Change-Id: I68727b024f6b6743403941763aefca64e3eb091a
Ignore-AOSP-First: already merged in aosp/master
2021-06-28 18:15:14 +01:00
David Drysdale
62272fc2f5 KeyMint VTS: allow for stricter SharedSecret impls
Bug: 192223752
Test: VtsAidlSharedSecretTargetTest
Merged-Ind: Iccf2d0fe2a2d10ad12269dfecf78ea1d831c3ad4
Change-Id: Iccf2d0fe2a2d10ad12269dfecf78ea1d831c3ad4
Ignore-AOSP-First: already merged in aosp/master
2021-06-28 18:02:36 +01:00
Seth Moore
415f0ce4fe Add real GEEK for RKP factory enrollment
Include a unit test to verify the GEEK cert chain is valid.

Test: libkeymint_remote_prov_support_test
Ignore-AOSP-First: No merge path to aosp, will manually merge
Bug: 191301285
Change-Id: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
2021-06-23 13:05:59 -07:00
Seth Moore
7a55bb5cf8 Add a unit test for remote_prov_utils
This functionality will be used for the factory tooling, so we should
test it. Additionally, some new functionality will soon be added, and
it also needs to be tested.

Ignore-AOSP-First: No merge path to aosp, will manually merge
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: I6a8798fc4b09fff1e829185a4b9e471921e5d2a9
2021-06-22 17:54:34 -07:00
TreeHugger Robot
1aa95b63d0 Merge "Remove ignoreSignature for cose signature checks" into sc-dev 2021-06-22 17:21:13 +00:00
David Drysdale
308916bfaf KeyMint VTS: require curve for ECDSA keys
The KeyMint AIDL spec requires that "Tag::EC_CURVE must be provided to
generate an ECDSA key". Move the VTS tests to always create ECDSA keys
by curve not key size.

Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Merged-In: I33036387c243b21ab0ecd49221b7e7757598913e
Change-Id: I33036387c243b21ab0ecd49221b7e7757598913e
Ignore-AOSP-First: already merged in aosp/master
2021-06-21 07:14:05 +01:00
David Drysdale
924643748b KeyMint VTS: more attestation info tests
Try all tags in attestion extension one by one

Test: VtsAidlKeyMintTargetTest on CF
Bug: 186735514
Merged-In: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d
Change-Id: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d
Ignore-AOSP-First: already merged in aosp/master
2021-06-21 07:13:45 +01:00
Max Bires
2f87ec175f Merge "Updating CDDL schemas to match the finalized spec." into sc-dev 2021-06-21 02:11:39 +00:00
Seth Moore
474eee3351 Remove ignoreSignature for cose signature checks
This flag is never used anywhere, so just remove it. When used, it would
bypass signature checks. This is something we generally don't want to
do, even in testing. So remove the flag so there's no temptation to use
it.

Ignore-AOSP-First: Will cherry-pick to AOSP
Bug: 190942528
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I0433c1eedc08e9a5a5ad71347154867dba61689e
2021-06-17 12:41:39 -07:00
David Drysdale
03346e175e KeyMint VTS: improve attestation tests
Check that the various ATTESTATION_ID_* tags are included if they
have the correct value, and that keygen fails if they have an invalid
value.

Also update attestation tags to include vendor/boot patchlevel if
they're available. (They always should be, but fixing that is a
separate task.)

Bug: 190757200
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibaed7364c6d08c0982e2a9fb6cb864ae42cf39fe
2021-06-17 16:33:20 +01:00
Eran Messeri
afe9af040d Merge "Improve unique attestation docs & tests" into sc-dev 2021-06-17 15:00:15 +00:00
Eran Messeri
a9ce01cfed Improve unique attestation docs & tests
Improve the documentation and tests related to device-unique
attestation on StrongBox KeyMint devices:
* Test that the chain produced is exactly of length 2.
* Document how the chain needs to be structured.
* Explain the trust properties of the key used for the
  self-signed root.

Test: atest VtsAidlKeyMintTargetTest
Bug: 187803288
Ignore-AOSP-First: Already merged in AOSP
Merged-In: I09bb16d6938b567c114485d2df00bde9d3e1ccf9
Change-Id: Ib7efdd428ce5a2e14c281077e3a77048c9721702
2021-06-16 14:41:18 +01:00
David Drysdale
c14f322159 VTS tests: check size of byte strings
Bug: 181883620
Test: VtsAidlSecureClockTargetTest, VtsAidlSharedSecretTargetTest
Merged-In: I9ea8687e0c9e89140bcddfefcc2a6177c99b2e4d
Change-Id: I9ea8687e0c9e89140bcddfefcc2a6177c99b2e4d
Ignore-AOSP-First: already present in aosp/master
2021-06-16 08:59:50 +01:00
David Drysdale
f164c06afb KeyMint VTS: extract full vendor patchlevel
The vendor patchlevel is YYYYMMDD not YYYYMM

Bug: 188672564
Bug: 186735514
Test: VtsAidlKeyMintTargetTest
Merged-In: Ia641f8eef84a85aec8f2a0551c192b6874301126
Change-Id: Ia641f8eef84a85aec8f2a0551c192b6874301126
Ignore-AOSP-First: already present in aosp/master
2021-06-16 08:58:54 +01:00
David Drysdale
fd5b1a6da8 KeyMint: sync all attestation tags
Get description of ASN.1 schema in HAL and the keymint support library
in sync with each other.  Change code to always list tags in the same
order (by numeric tag).

Bug: 188672564
Bug: 186735514
Test: VtsAidlKeyMintTargetTest
Merged-In: I620f54ba4a265ea69d174f6f44765a8508bfe803
Change-Id: I620f54ba4a265ea69d174f6f44765a8508bfe803
Ignore-AOSP-First: already merged into aosp/master
2021-06-09 09:10:33 +01:00
David Drysdale
eaab0f2816 KeyMint VTS: better early boot key tests
Add a check that the TAG_EARLY_BOOT_ONLY is included in the returned key
characteristics.

Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Merged-In: I200c61f34888c720c47f6289d79cd21d78436b58
Change-Id: I200c61f34888c720c47f6289d79cd21d78436b58
Ignore-AOSP-First: already merged in aosp/master
2021-06-08 12:04:45 +01:00
David Drysdale
96ad2036b2 KeyMint VTS: test getKeyCharacteristics()
Bug: 186685601
Bug: 188855306
Test: VtsAidlKeyMintTargetTest
Merged-In: Icf400533b0ded98b9338f2d782d95d90c7efbff4
Change-Id: Icf400533b0ded98b9338f2d782d95d90c7efbff4
Ignore-AOSP-First: already merged in aosp/master
2021-06-07 17:27:36 +01:00
Max Bires
12ea07108e Updating CDDL schemas to match the finalized spec.
This primarily updates CDDL to allow for OEMs who wish to use P256
instead of Ed25519 to do so. One structural change of note that affects
all implementors is that SignedMacAad now includes the tag from the
COSE_Mac0 of MacedKeysToSign to prevent a potential vulnerability that
would exist if an attacker compromised the server's EEK private key.

Bug: 189018262
Test: Purely a comment change
Change-Id: I043a19c6aba0f771315d45c04ab5263b610b5de8
2021-05-26 18:11:07 -07:00
Max Bires
f884283cd6 Fixing tests to reflect change in CDDL
This fixes up the tests to go along with the change to the signature
of the MAC key. Primarily, this adds the MAC tag from the MACing
operation over the public key set to be signed into the AAD of the
signature of said MAC key.

Bug: 189018262
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ibdcf242e0ae73dee1a08fe98d939130055e4492e
2021-05-26 14:40:32 -07:00
Jiyong Park
a26f0629d3 Merge "Freeze AIDL APIs for SC" into sc-dev 2021-05-25 22:43:57 +00:00
Max Bires
753e88cfda Merge "Shifting VTS libs to static_lib entry" into sc-dev 2021-05-25 16:16:50 +00:00
Jiyong Park
72b6359859 Freeze AIDL APIs for SC
Ignore-AOSP-First: part of SC finalization

Bug: 188713899
Test: m
Change-Id: Iee18cd05954dc8ea08cc4f985499a70977d1af4f
2021-05-25 10:13:26 +09:00
Seth Moore
7735ba5ea9 Generate COSE MAC with a callback, not raw key
The cppcose_rkp library was updated to generate MAC via callback instead
of passing keys around to allow for stronger MAC key protection.

Bug: 182928606
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: RemoteProvisionerUnitTests
Change-Id: Ia8a0410408fe3064e904c5282b52f172f8134b9a
2021-05-24 12:16:08 -07:00
Max Bires
38dd36eaa8 Shifting VTS libs to static_lib entry
If these HALs aren't present on the device, then the test runner will
fail due to test binary trying to dynamically link to libs that aren't
present. Statically linking them will allow the test to fail gracefully
when the test harness sees that the HAL interfaces aren't available on
device.

Fixes: 184797684
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I0f8dea081a51256cfb0e50d6af20038e2b8f1f07
2021-05-23 15:09:08 -07:00
David Drysdale
bad3aebaeb Merge "KeyMint: improve HAL spec and tests" into sc-dev 2021-05-21 13:51:17 +00:00