This solution was adopted from Cuttlefish's host side Keymint
implementation: I22bde00aed311c6774f83acc08a2c21e6e75141f.
Bug: 296983430
Test: Tested with Cuttlefish that the logs are present in logcat.
Change-Id: I942b0200bb164a2a865b255c6f26d628cbd345a4
Move CDDL out of comments and into files, per-method
generateCertificateRequest.cddl
generateCertificateRequestV2.cddl
This makes it easier to read and it means tools can parse it.
Test: Treehugger
Change-Id: I9b71b094d128a5a4566a4d352aaa11d1c9b595ff
On top of checking that the patch level are a UINT, also check that they
follow the YYYYMM or YYYYMMDD format in the CSR v3 as is required by the
server validation logic. This check is not applied in the factory as the
value might not yet be correctly provisioned.
Bug: 269813991
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I5c62ba176dae390ea0a387bba6cb975226e3873a
It turns out we had a bug (b/263844771) in how RKP support was
detected, and that was fixed. However, due to this bug, some S chipests
shipped without RKP support which is now required by the tests.
This change drops the RKP requirement from S chipsets. There should be
no new S chipsets, so this effectively grandfathers in the previous
ones that were skipped by the RKP VTS tests.
T+ tests (both VTS and other suites) will verify that RKP support is
there, so there is no gap introduced by this change.
Bug: 297139913
Test: VtsAidlKeyMintTargetTest
Change-Id: I387e5f058ada698747aac103c1745682291f2d1c
The test case for an auth-per-operation HAT with an invalid HMAC
is wrong -- it is re-using the previous HAT, which fails for a
different reason (has an old challenge).
Fix the test to use the HAT that's wrong in the intended way.
Bug: 297333975
Test: VtsAidlKeyMintTargetTest
Change-Id: I15fe9b0c1b53452df0f67dd44534fdb80a6c2a9c
Remove the inline definition of the Android Profile for DICE and instead
reference the definition that exists alongside the Open Profile for DICE
and is now the source of truth for the profile.
Test: n/a
Change-Id: Ia71a674234be13542ad0ce4db0b764e8ee0c7a62
Update TimeoutAuthenticationMultiSid test to support
generateKey for Strongbox implementations without
factory attestation.
Bug: 293211157
Test: run vts -m VtsAidlKeyMintTarget
Change-Id: I27bf08d2fd2d9e0217a90ee8ccb789adfd9d5f7f
The invalid value used for the second IMEI attestation test is
potentially wrong in two ways:
- It doesn't match the provisioned value.
- It's not a valid IMEI, not least because it is longer than 16 bytes.
Make the test value shorter so the second failure doesn't apply and
the test can reliably expect CANNOT_ATTEST_IDS.
Bug: 292959871
Test: VtsAidlKeyMintTargetTest
Change-Id: If8c6b9e08b48e6caf5c767578e1ac43964214619
continuing the execution of the test.
If generateKey fails and execution continues then it leads to issues
while verifying the attest records and causing the crash.
Test: atest VtsAidlKeyMintTargetTest
Bug: 292300030
Change-Id: I66bd650423e9e5bbbfe8411a1455c4ea5846f1ff
Specify that DICE-based RKP implementations may also allow a ROM
extension to manage the UDS public key.
Test: The words are semantically parseable
Change-Id: I8f9c6efb01fc76318220cf1bc4a0eb3a3ad42f87
Some of the SE Javacard OS implementations does not fulfill all of the
expectations as to when cipher text is to be generated. However, the
implementations are compliant with Javacard Specifications. This patch
skips the known VTS failures till U.
Bug: 290850651
Test: run vts -m VtsAidlKeyMintTarget
Change-Id: Id3746adc7385b41f4b4b2ebc8e7583972769134d
Removed the check to skip the attest-id tests on GSI, modified the
attest-id tests to support this.
Bug: 290643623
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Id79d7fb4c70ed94ed76bc57f3d66ce47e9b67b48
When deliberately testing invalid ID attestation, use the helper
function (which checks the error return code is correct) in one more
place.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I6ea5bd7ee19b3b172330117bfde1b16745debba7
Avoid the ADD_FAILURE at the end if attestion ID failure uses an allowed
return code.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I0dcac312ac4516a078b2742721e3a19074da52b1
Updated VTS tests to verify mgf-digests in key characteristics of
RSA-OAEP keys. Added new tests to import RSA-OAEP keys with
mgf-digests and verified imported key characteristics.
Bug: 279721313
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I06474a85c9e77fded264031ff5636f2c35bee6b4
Update the default KeyMint version to v3.
Note this affects the pure software implementation of KeyMint that is
not used for anything that tests currently run against.
Bug: 275982952
Test: m (that it builds)
Change-Id: I6ab10329af590bd2a045710dfff47c6e78740464
Generalize the existing helper function to allow more variants.
Remove a couple of pointless invocations of the existing helper.
Bug: 286733800
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic01c53cbe79f55c2d403a66acbfd04029395c287
If some check in a VTS test case fails, the test function may exit early
and not call CheckedDeleteKey(&some_keyblob), thus "leaking" a key blob.
This isn't normally an issue, but if the key blob happens to use a
feature that uses some secure storage (e.g. ROLLBACK_RESISTANCE or
USAGE_COUNT_LIMIT=1) then this may leak some scarse resource.
To avoid the chance of this, use an RAII holder to ensure that
manually-managed keyblobs (i.e. key blobs that are not held in the
key_blob_ member of the base test class) are always deleted.
Bug: 262212842
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie8806095e249870484b9875eb660070607f339a3
Update the RKP readme to match contemporary philosophy about the design.
This includes replacing discussion if the obsolete term `BCC` with a
description of the Android Profile for DICE.
The privacy concerns are relaxed to match updates to the HAL which
remove the superencryption of the DICE chain.
Test: n/a
Fix: 281755202
Change-Id: I3a6fd2cd12599c5843b5dce0044eb16c2afbffa2
It should definitely be the case that a different SPL triggers key
requires upgrade, but the converse isn't true -- if no SPL change, it's
OK for the device to request upgrade anyhow.
Bug: 281604435
Change-Id: Ic03ce51fb4b18ff669595ab430f9fccd1da48997
Align with the Open Profile for DICE by requiring that the configuration
hash be included because the configuration input is a hash of the
specified configuration desscriptor.
Test: n/a
Change-Id: I9d2ef560dc8e6f567b5b8d1a244f5138c45ae420
Introduce a field to the configuration descriptor that provides a
standard semantically-defined version number rather than the
vendor-defined component version which acts more like a build ID.
Test: n/a
Bug: 282205139
Change-Id: Idb0c991ab12ae75687236f2489e639e4422a0225
Only specify the requirements for `normal` DICE mode and allow vendors
to choose the non-normal mode that fits their need per the ope-dice
specification.
Add a note that RKP required `normal` mode in the DICE chain in order to
trust the device.
Test: n/a
Bug: 263144485
Change-Id: Iaaa3799c53234de61a51ebc855822b93ab3e5bb8
The Open Profile for DICE give possible guidelines on the requirements
for the DICE mode but Android needs those to be strictly specified.
Fix: 263144485
Test: n/a
Change-Id: Ia5fc937654504199cabf4709f1c15484242e0161
Added a check to make sure IMEI is not "null".
Bug: 281676499
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Ia1569a30412d633eee4d4de8cd00dea077d1c23d
In the second case out of the two cases of authorization enforcement
described for update(), it seems like the challenge is expected in
the timestamp token.
Test: N/A
Change-Id: I33e1b84bf8218335665b31ca144b3b4ecb342328
Strongbox may not support 1024 bit key size for RSA.
So in NoUserConfirmation test updated the key size to
2048 so that the test works for both TEE and Strongbox.
Bug: 280117495
Test: run VtsAidlKeyMintTarget
Change-Id: I32bb28001aca9b69eedb1bd3d0bcff43052d06e4
Updated the BootLoaderStateTest for strongbox implementations which
do not support factory attestation.
Test: vts -m VtsAidlKeyMintTarget
Change-Id: I8fe176a18fc0b9e2b2d0b012b7b63124d15c9e2f
It's already documented that IRPC v3 doesn't make use of test mode keys
however VTS still required support for their generation. Fix this and
simplify implementation of the v3 HAL by expecting an error in all cases
that the deprecated test mode keys are seen.
IRPC v3 also fully deprecated the EEK meaning a v3 implementation must
unconditionally report CURVE_NONE for supportedEekCurve.
The VTS tests are enhanced with contextual version constants rather than
reusing constants with seemingly unrelated names.
Bug: 278013975
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I5709a0b1cd77eb28e677f64bb781fad58d91570a
A bug in the Trusty HAL service caused it to replace MGF1 digest tags
with Tag::INVALID. This tests that MGF1 tags are returned properly in
the MGF1 success test, and verifies that Tag::INVALID is never
returned by any test.
Bug: 278157584
Test: adb shell /data/nativetest/VtsAidlKeyMintTargetTest/VtsAidlKeyMintTargetTest
Change-Id: I5d391310795c99f37acf3c48310c127a7a31fac3
No tests are instantiated if KeyMint is present on the the device.
Explicitly allow that.
Bug: 277975776
Test: VtsAidlKeyMintTargetTest
Change-Id: I88f1c0a81f36d198dabcb1420b62a00bacdbb6e7
Enable some tests that are bypassed on strongbox implementation.
Bug: 262255219
Test: VtsAidlKeyMintTargetTest
Change-Id: I548bddcd16c0a1ee1c1cb8266d4d99dbdff3d39b
Following feedback from partners, allow the component version in the
configuration descriptor to be either an int or a string.
Bug: 273552826
Test: n/a
Change-Id: Iecc9889592a2e634a3b9e40f14347b231b703c60
The DICE chain specification changes slightly between VSR versions so
the VSR is used to select the set of validation rules that should be
applied.
Test: TH
Change-Id: I3697279d9348705a0279736c61e8333720321214
Deprecate the CSR format from v1 and v2 of the HAL, again. The older CSR
versions were allowed in order to ease migration from the
RemoteProvisioner app over to rkpd and that has now been completed.
Bug: 260920864
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I4d16eb64e4ffe602b4b252159202a4ddb56d63d7
RKP allows 0 ~ 64 byte challenge to be provided.
Test it by several different size inputs.
Bug: 272392463
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I488c75745dc68778ff6d862506a5beeec82f7ac1
Detect if there is an IRemotelyProvisionedComponent for strongbox, and
if so run the associated keymint tests. Else, allow strongbox to skip
the test as it's not required to implement the IRPC HAL.
Bug: 271948302
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibf98e594e725d6ad14c0ff189ab9fbcc25b51f80
Ensure that v3 HALs have exactly the expected number of entries present
when returning DeviceInfo inside of the Certificate Signing Request. Do
not allow for additional or fewer entries.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I8ea628335d5eed35ca2b65e22980e13fc9806738
Some of the DeviceInfo must match existing tags in KeyMint, but this
was not documented.
Test: n/a
Change-Id: I7733e2a4b0c08b0b89ece41390c0ce0711459d82
Since comments are stripped from the stable AIDL snapshots, the CDDL
describing the DeviceInfo contents is lost for the older versions. Add
the comments from older DeviceInfo versions as a reference for
maintainers of older HAL implementations.
Test: n/a
Change-Id: I7dd3d285b3d8422a6df4228ad0cf5797e78609c1
When we split the rkp interface, we only added one hash to rkp v2, but
on Android S devices, this interface was in keymint v2, and so it used
the keymint v2 hash.
In order for that old implementation to be recognized, we need to add the hash in specifically.
Note: v1 was missed in b/264549860, but this was v2.
Fixes: 271513408
Test: vts_treble_vintf_vendor_test
Change-Id: I58c7c41633000df933261a147edd3477afd09a36
The support level for strongbox is different from the tee
implementation. Additionally, we were incorrectly checking the keymint
aidl version. KeyMint 1.0 supported ATTEST_KEY, so it's unclear why we
were ever checking for KeyMint 2.0.
Test: VtsAidlKeyMintTargetTest
Bug: 263844771
Change-Id: I750367902fec90204d71c1e158404b2421f9ad87
The DICE chain in the ProtectedData objects are evaluated against the
specification from v1 and v2 of the HAL whereas the chain in
AuthenticatedMessage objects are evaluated against the specification
from v3.
There are only small differences with v3 aligning to the standards where
there was previously more leniency.
Fix: 262599829
Test: TH
Change-Id: Ied14362b5530485eb6c2302a0ae0f21da9cdb33f
NewApi was recently updated to support linting methods in
the system, module_lib, and system_server sdks, and was
demoted to a warning due to the new issues it finds.
Baseline all the new issues that NewApi can be made an error
again.
These cls were generated automatically by a script that
copied the NewApi issues from the reference baselines.
Bug: 268261262
Test: m lint-check
Change-Id: I22f3b3575b6ea00d72d143019d9eed028aa98b56
The server-provided challenge is almost always smaller than 32 bytes,
so we cannot enforce that as a minimum. I fixed up the CDDL a while
back, but missed one mention of the 32 byte minimum in the description.
Test: n/a (it's a comment)
Bug: 272392463
Change-Id: Ia5994e2b7cf107ab131c6b028bee7881d0e657ac
Put the test arm that just involves checking a property
first, so that tests which involve a round trip to the Package
Manager are only executed when they're needed.
Test: VtsAidlKeyMintTargetTest
Bug: 271026714
Change-Id: I4caad6243a3b9d511a32717fd95f58864b857eeb
In 32-bit builds a `long` may be 32 bits, but the `long` values on an
AIDL interface are 64 bits. Therefore need to use `int64_t` for the
corresponding C++ type, not `long`.
Bug: 271056044
Test: VtsAidlKeyMintTargetTest --gtest_filter="*AuthTest*" (32-b)
Change-Id: I19f5a1d825dfcc45087534bbd4239a13cdfec3f7
to not to hold the CRL Distribution Points extension in it.
Bug: 260332189
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I7b191b4351984ce82db0e9440027ddbfc14b1c3a
hardware/interfaces/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp:79:26: error: reference to stack memory associated with local variable 'message' returned [-Werror,-Wreturn-stack-address]
return std::move(message);
^~~~~~~
Test: presubmit
Change-Id: I4298b4a25ccb809a7ae180bb218e673a7f1aa623
This cl removes the unused service android.hardware.security.dice
together with all its usages (all of them are tests), because the
service is incomplete and not used anywhere for now and in the
near future.
The cl also removes dice from the compat matrix.
This helps us reduce some maintainance burden for the Rust dice
wrapper libraries such as libdiced_open_dice[_nostd],
libdiced_sample_inputs, libdiced_utils and their tests.
Test: atest diced_utils_test diced_sample_inputs_test \
diced_open_dice_cbor_test \
libdiced_open_dice_nostd.integration_test \
libdiced_open_dice.integration_test diced_open_dice_cbor_test
Test: m pvmfw_img microdroid_manager
Bug: 267575445
Bug: 270511529
Change-Id: I3d2497d2e8d3f88c49cae9ae80a6b4f7b652cc4a
The test exempted KeyMint on the affected chips from having to implement
ATTEST_KEY if they have StrongBox in all Android releases from Android S
onwards, but the waiver was given only for Android S and T. This CL
changes the test to reinstate the requirement after Android T.
Test: VtsAidlKeyMintTargetTest
Change-Id: I8481ae31de34aae220af7e7188632edcc2d391f0
Add tests that directly exercise Gatekeeper to get auth tokens for use
with auth-bound keys.
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie668674d81ca487e8bbc18fdd9f36610bcab4c8c
1. Using second IMEI as attestation id without using first IMEI.
Test should generate a key using second IMEI as attestation id
without using first IMEI as attestation id. Test should validate
second IMEI in attesation record.
2. Using first IMEI as well as second IMEI as attestation ids.
Test should generate a key using first IMEI and second IMEI as
attestation ids. Test should validate first IMEI and second IMEI
in attestation record.
Test: atest -c VtsAidlKeyMintTargetTest
Bug: 263197083, 264979486
Change-Id: I61c3f32e15a8d478a838d14e7db9917a33682267
The code needed to be adpated because the public fields the code
accessed previously now become private. We need to access them
via the trait now.
This cl also deletes unused dependence libdiced_open_dice_cbor in
the dice service and tests targets.
Bug: 267575445
Test: m android.hardware.security.dice-service.non-secure-software
Test: atest VtsAidlDiceTargetTest VtsAidlDiceDemoteTargetTest
Change-Id: I16e18226c0bce8a90ed764ba598e90e7c1c854ab
The PartyInfo for a P-256 public key is encoded as (x||y) not
(0x04||x||y).
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Iae5dc624228d4e1e538e230968443925ec8b55fc
When we split the rkp interface, we only added one hash to rkp v1, but
on Android S devices, this interface was in keymint v1, and so it used
the keymint v1 hash.
In order for that old implementation to be recognized, we need to add the keymint v1 hash into rkp v1.
The hash added here is copied from this file:
hardware/interfaces/security/keymint/aidl/aidl_api/android.hardware.security.keymint/1/.hash
Bug: 264549860
Change-Id: I3fce46b3e9bd09d79fa8e2f203b4eb9ebb517c15
Test: vts_treble_vintf_vendor_test
This is part of the project of merging the two existing dice
wrapper libraries into the library libdiced_open_dice to
improve maintainability.
Bug: 267575445
Test: m android.hardware.security.dice-service.non-secure-software
Test: atest VtsAidlDiceTargetTest VtsAidlDiceDemoteTargetTest
Change-Id: If9ee66a320775897342f53d58ee11405a8e70c6f
Skip attestation key tests if the feature
FEATURE_KEYSTORE_APP_ATTEST_KEY is disabled on device,
as done in KeyMint CTS.
Bug: 244460948
Bug: 265740739
Test: VtsAidlKeyMintTargetTest
Change-Id: I8199e5c7570b10b71f127c7439b889c0b3327865
- Rename keysToCertify to keysToSign to match param name in a few
places.
- Make clearer that P-256 is allowed in EEK.
- Make clearer that EEK curve should match that specified in
RpcHardwareInfo.supportedEekCurve.
- Add note about AAD for AES-GCM encryption.
- Add note about format of public key data in KDF context.
Test: None, comments only
Change-Id: Ie775a453b4d3941b7d24396da66681ab91978d81
attestation id.
Get IMEI value from Telephony Service and use it as attestation id.
Bug: 261847629
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I0212def48d761a45f514161e5576a954bf388c56
Following requests from partners, document P-384 and SHA-384 as
officially supported signing algorithms and hash functions in the DICE
chain.
Bug: 265455904
Test: n/a -- documentation-only change
Change-Id: Id7b5eaf81be17fda9278dc7ad5f2b441931c6b83
Updated the digest to SHA_2_256 in manaul key upgrade tests
so that these tests works for StrongBox as well.
Test: VtsAidlKeyMintTargetTest
Change-Id: I971f6e13272450d39537cc44c59f8ed8dbd19bf0
libcert_request_validator is now called libhwtrust so update the
references to match.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I3c73e2749996ef684da4567a3c86daf8b9c0fd09
