Some IC applications may perform two requests - one to get data
elements and a second empty request. The latter is to e.g. get an
empty DeviceSignedItems and corresponding MAC.
Extend VTS tests to check that the HAL does this correctly both for
the completely empty request and also for a request with an empty
namespace.
Bug: 160966911
Test: atest VtsHalIdentityTargetTest
Change-Id: I3205f2c0ded2ea315857438a3114ddcf8ef557f9
This is moved from an environmental variable to a function since
getenv is problematic in multi-threaded testing environments.
Bug: 156668058
Test: fmq_test
Change-Id: I54c6a973ef9d1cec98330268ed0a40c2564ee42c
HIDL libs are not necessarily part of VNDK now. Because some are
used by VNDK libs, they are still VNDK. But rest are now just
vendor-available.
.hidl_for_test files are also removed because they are used to exclude
test-purpose hidl libs from VNDK libs.
Instead, .hidl_for_system_ext files are added to tests/lazy to
distinguish them from others which are installed /system.
Bug: 143933769
Test: update-makefiles.sh && m com.android.vndk.current
Merged-In: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
Change-Id: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
(cherry picked from commit b0907a6bb8)
In deserializeVerificationToken(), we use extractUint64() to extract
VerificationToken.challenge. A potential bug was found in
extractUint64() that will cause VerificationToken.challenge()
incorrect.
Bug: 160198696
Change-Id: Ie0d2c0127cc34f1bb90455e4f7869e15e5542173
Note that this just increases the gtest time to match our
highest wait times. Each test still has wait times fitted for the
expected length of that test.
Bug: 159289514
Test: atest VtsHalRadioV1_0TargetTest
Change-Id: I0825305258bae20ea6e13e9b9a65ce30b7153611
Merged-In: I0825305258bae20ea6e13e9b9a65ce30b7153611
This change also removes some non-NN hashes in current.txt that were
unintentionally introduced in https://r.android.com/1178665.
Bug: 156918813
Bug: 158557728
Test: m
Change-Id: I4c2b83e11b27b791b3aa624be68474011b92a269
Merged-In: I4c2b83e11b27b791b3aa624be68474011b92a269
(cherry picked from commit 709842ab98)
A compilation failure is not related to the security aspect of the
TOCTOU test, but it will skip one iteration of security testing. This CL
allows the compilation to fail with GENERAL_FAILURE in TOCTOU tests, and
issues a retry once it happens to ensure enough test coverage.
Bug: 157489048
Test: 1.2/1.3 VTS
Change-Id: Idc88e0365c5d2799187093b6fd7b4abf8f8b463d
Merged-In: Idc88e0365c5d2799187093b6fd7b4abf8f8b463d
(cherry picked from commit 362dfd64d5)
Key derivation for session encryption and MACing now involves mixing
in SessionTranscriptBytes. Update docs, default implementation, and
VTS tests to reflect this.
Also, the standard changed such that instead of DeviceAuthentication
being MACed or signed, it's instead DeviceAuthenticationBytes which is
defined as #6.24(bstr .cbor DeviceAuthentication). The same also for
ReaderAuthentication, now ReaderAuthenticationBytes is the CBOR which
is signed by the reader.
Also update the URL for CDDL since it's now a published RFC.
Bug: 159482543
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I73fc7eb48ffb71e00a8b54849266ed814295fa39
Introduce minor version increment to ILazy for testing lazy HAL
inheritance.
Bug: 157451814
Bug: 158606505
Test: hidl_lazy_test
Change-Id: Ib418bc002e834edf5eae53043875dcb351b3eaf2
The VTS test was dynamically linking some libraries not normally
present on an Android system. Statically link these libraries instead.
Bug: 158150767
Test: atest VtsHalIdentityTargetTest
Change-Id: Ib93620c36b0ff7f5c9f239ff8861a11196605881
The VTS test was dynamically linking some libraries not normally
present on an Android system. Statically link these libraries instead.
Bug: 158150767
Test: atest VtsHalIdentityTargetTest
Change-Id: Ida85ca8835d0243c47f451ccdfa0d11d29ec1bdb
VtsHalRadioV1_5TargetTest.PerInstance/RadioHidlTest_v1_5#
sendCdmaSmsExpectMore/0_slot1
Sendcdmasexpectmoreresponse to the request sendcdmasexpectmore
did not accept the return parameter responseinfo, which caused
the VTS system to wait for a response until it exceeded 60 seconds,
and the VTS determined No test results.
so we can add parameters to receive the parameters of
sendcdmasexpectmoreresponse,and then make subsequent judgment.
Bug: 158542706
Test: run vts -m VtsHalRadioV1_5TargetTest
Change-Id: I1d6214f58850d707520b80634cb93d0e0cc712bb
These updates are based on input/experiences implementing this
HAL. There are no API changes.
- Specify that the validity for credentialKey certificate shall be
from current time and expire at the same time as the attestation
batch certificate.
- Require challenge passed to getAttestationCertificate() is
non-empty.
- Fix bug in VTS tests where the startPersonlization() result was not
checked.
- Remove verifyStartPersonalizationZero test since it cannot be
completed.
- Ensure secureUserId is non-zero if user authentication is needed.
- Specify format for signingKeyBlob in generateSigningKeyPair() same
way we do for credentialData in finishAddingEntries().
- Modify EndToEndTest to decrypt/unpack credentialData to obtain
credentialPrivKey and storageKey and do cross-checks on these.
- Modify EndToEndTest to decrypt/unpack signingKeyBlob to obtain
signingKeyPriv and check it matches the public key in the returned
certificate.
- Add new VTS tests for user and reader authentication.
- Relax unnecessary requirements about SessionTranscript structure -
just require it has X and Y of the ephemeral key created earlier.
- Allow calls in VTS tests to v2 HAL to fail - this should allow
these VTS tests to pass on a compliant v1 HAL.
Bug: 156911917
Bug: 158107945
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I11b79dbd57b1830609c70301fea9c99f9e5080cb
Add checks that all returned output dimensions must be at
least as fully specified as the union of the information about the
corresponding operand in the model and in the request.
Bug: 154054474
Test: VTS
Change-Id: I934d084c7665160a98da9828604ce8297fef73b8
Merged-In: I934d084c7665160a98da9828604ce8297fef73b8
(cherry picked from commit d454751e00)
Bug: 152932559
Test: Boot and observe that Strongbox gets the message
Merged-In: I752b44f5cc20d85bf819188ccaaf0813a5607ba5
Change-Id: I752b44f5cc20d85bf819188ccaaf0813a5607ba5
VTS was running on a userdebug build GSI before Android 10.
Starting from Android 10, VTS is switched to running on top of a
user build GSI image, plus the device-specific boot-debug.img to
allow adb root.
https://source.android.com/compatibility/vts/vts-on-gsi
So 'ro.build.type' will be 'user' because the value comes from
/system/build.prop. Switching to using 'ro.debuggable' to decide
whether we should check the device is locked or not. Note that
'ro.debuggable' will be '1' for userdebug/eng images or when a
boot-debug.img is used.
Bug: 154449286
Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: If5a90d62f77489aa58f96e908553a052cf6d1e18
