This patch is a squash of following patches:
- aosp/2514097
- aosp/2535086
- aosp/2576910
Bug: 255344624
Test: VtsKeyMintAidlTargetTest
Change-Id: I8b34a94c11d7cc174821483f624fd083ca1763ac
Merged-In: I8b34a94c11d7cc174821483f624fd083ca1763ac
When deliberately testing invalid ID attestation, use the helper
function (which checks the error return code is correct) in one more
place.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I6ea5bd7ee19b3b172330117bfde1b16745debba7
(cherry-picked from commit c68dc93788)
Merged-In: I6ea5bd7ee19b3b172330117bfde1b16745debba7
Generalize the existing helper function to allow more variants.
Manual cherry-pick of aosp/2627969 combined with aosp/2648423 to avoid
merge conflicts
Bug: 286733800
Test: VtsAidlKeyMintTargetTest
Merged-In: Ic01c53cbe79f55c2d403a66acbfd04029395c287
Merged-In: I0dcac312ac4516a078b2742721e3a19074da52b1
Change-Id: I328f7b3195d4b4dd1ed1da17377696261094ea76
Skip attestation key tests if the feature
FEATURE_KEYSTORE_APP_ATTEST_KEY is disabled on device,
as done in KeyMint CTS.
Bug: 244460948
Bug: 265740739
Test: VtsAidlKeyMintTargetTest
Change-Id: I8199e5c7570b10b71f127c7439b889c0b3327865
This change syncs aosp/master with the change in http://aosp/2117528,
allowing devices that launched with the (incorrect) version of
ATTEST_KEY VTS tests in Android S to continue to pass the test.
Bug: 197096139
Bug: 230074335
Test: VtsAidlKeyMintTargetTest
Change-Id: If88642e238e64ca9ec80303a4a72f7171c63464f
Merged-In: If88642e238e64ca9ec80303a4a72f7171c63464f
This document goes a little more in depth on the motivating factors and
background mechanisms that occur with RKP, that are not appropriate for
direct inclusion in the HAL docs in the .aidl files.
Bug: 234159998
Test: Readable
Change-Id: I141fb098c536a5468b1113af64dcf6185ea7ae9f
The identifier is to be used in telemetry to identify problematic
implementations. Thus, it needs to be globally consistent, at least
within a given device type.
Test: None -- doc only changes
Bug: 231495834
Change-Id: Ia55db336fa099d8e1196f6bfe2bafb6fa5ead329
Merged-In: Ia55db336fa099d8e1196f6bfe2bafb6fa5ead329
The data for a key agreement operation should always send in the
SubjectPublicKeyInfo structure, not a raw key for X25519.
Test: VtsAidlKeyMintTargetTest
Bug: 231959070
Change-Id: Ib5157da6a986d957162fab60dbe927017cfdd703
Merged-In: Ib5157da6a986d957162fab60dbe927017cfdd703
- Fix up some minor CDDL formatting issues.
- Add more definition around the BCC, hopefully clearing up partner
confusion around how to implement it.
- Explain when BccPayload entries may be omitted in the case of a
"Degenerate BCC"
- Add a bit more description to the DKSignature format
Bug: 227350250
Test: N/A -- doc changes only
Change-Id: I28337a80e2b49661cc37876400d7ac3b8759ba01
Merged-In: I28337a80e2b49661cc37876400d7ac3b8759ba01
VTS tests were currently passing a challenge size of 32 in all cases.
However, the server currently sends a challenge of length 40, which may
or may not change in the future. A 64 byte upper limit provides a
standard size along with flexibility in case the challenge format
changes in the future.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I678bb915f139e4c23354180870a66ce33a9cfd8c
The AesEcbPkcs7PaddingCorrupted test has been incorrect since it was
originally introduced -- it was feeding the original message as input to
the decryption operation, rather than the corrupted ciphertext. As a
result, the expected error code was also wrong -- INVALID_INPUT_LENGTH
is appropriate for a too-short cipher text (length 1 in this case),
whereas a corrupt-but-correct-length cipher text should give
INVALID_ARGUMENT.
Fix the test, and add a separate test to cover what was inadvertently
being tested before. Add a sentence to the HAL spec to describe what
expected and tested by CTS/VTS.
Bug: 194126736
Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest
Change-Id: Iaa5e42768814197f373797831093cf344d342b77
* changes:
Implement getInterfaceHash/Version for SoundTrigger
Add -Wno-missing-permission-annotation for soundtrigger3
V3 is the latest version of keymaster HAL interface
Freeze AIDL APIs for TM
Updated VTS testcases where Device IDs Attestation expected as optional
and made it mandatory if KeyMint version >= 2 or device first shipped
with api_level 33.
Bug: 221190197
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I8870a9301d36abdc4fa6585b9f8d62cc1cfd3d96
The signature is not CBOR-encoded, it's the raw bytes of the signature
encoded as specified for the specific algorithm.
I've made the references to PureEd25519() / ECDSA() into comments,
since I believe they're not actually legal CDDL but are aimed at
humans. And I've made the two occurrences consistent with each other.
Test: N/A
Change-Id: Ia42362ff3d0ce5458322663256cbd34d258afe76
This change makes sure the DeviceInfo CBOR map is canonicalized before
the signature check instead of just separately checking the
canonicalization in a separate call. Additionally, some ASSERTs have
been changed to EXPECTs in validation of the DeviceInfo map more
generally, where it makes sense to avoid failing immediately.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I69806c887656772ea6b5e2e3f0af50957e6b05e3