This change alters the AesInvalidKeySize test to only enforce
against StrongBox instances on devices that launch on S or later,
not previously launched devices.
Ignore-AOSP-First: Cherrypick from AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: Ic0ff19d2d19d6e18dfbc0fad4b8182264f36b2f6
Merged-In: Ic0ff19d2d19d6e18dfbc0fad4b8182264f36b2f6
Commit f18a8328a1 ("keymaster: Relax testing under GSI") disabled
some tag checks for devices running with GSI, but detected GSI by
looking for an absence of the ro.boot.vbmeta.device_state property.
This property is currently present on GSI, so instead detect GSI using
the existing is_gsi() helper, which checks ro.product.system.name
against "mainline".
Bug: 192513934
Test: atest VtsHalKeymasterV4_0TargetTest:PerInstance/AttestationTest
Change-Id: If3c7d84a9e091b9b0842e4d8919453600bc239ea
Ignore-AOSP-First: manual merge to aosp/master to follow
Check that the various ATTESTATION_ID_* tags are included if they
have the correct value, and that keygen fails if they have an invalid
value.
Also fix the support libraries to add the missing fields to the ASN.1
schema and fix the existing ordering.
Bug: 190757200
Test: VtsHalKeymasterV4_1TargetTest, VtsHalKeymasterV4_0TargetTest
Change-Id: I11d28d71676d44ebdc79b25b2eb70947022bb1cf
Ignore-AOSP-First: to be cross-merged manually
Test the validity of the chain produced when device-unique attestation
is requested.
When the caller requests that the key attestation be signed using the
device-unique attestation key, the chain will look different than
a chain signed by the batch key (common case):
(1) The chain is exactly of length 2.
(2) The root is self-signed and is unique to the device.
Test that the chain is correctly signed in this change. The root is not
currently correctly self-signed, so don't test (2) yet.
Bug: 189425310
Bug: 187803288
Test: atest VtsHalKeymasterV4_1TargetTest:PerInstance/DeviceUniqueAttestationTest
Ignore-AOSP-First: Already merged in aosp
Merged-In: I91578eb2b7588685cc86c467423e9394c3f3c262
Change-Id: I7e83ba7c9c8c68b95b1456fb37bb5aa939c4e6f8
This fixes warnings in AIDL files(-Wenum-explicit-default).
No semantic changes. (Explicit values are all zero enumerators.)
Fixes: 179853367
Test: mma in hardware/interfaces/keymaster
Change-Id: If5a70da3efd05a344c39ef1d2e73b7ec2b894f33
Strongbox keymaster does not support keysize of length 192 for AES algorithm.
Test: Executed keymaster vts test cases.
Change-Id: I3db310f4e2353761c68a4c94aa19d9fa71aa9215
This change includes permission files for the new permission
FEATURE_HARDWARE_KEYSTORE for the default KeyMaster and KeyMint
implementations.
Test: Manually inspected that permission files are installed.
Test: atest android.keystore.cts.KeyAttestationTest#testAttestationKmVersionMatchesFeatureVersion
Bug: 160616951
Change-Id: Ia35e1ba6c894624999eed62e8434a20ebc833b97
The format of test key was not PKCS8.
Correct it and add the generating command for reference.
Fixed: 181701819
Test: VtsHalKeymasterV4_0TargetTest --gtest_filter=*strongbox*
Change-Id: I7793c781eee976bc813b6fea77762b173f95e06a
This test tries to modify an encrypted message to ensure that the
result can't be decrypted, but if encrypting the messsage fails
first then there's nothing to modify.
Bug: None
Test: Ran against a Strongbox implementation that refuses to
encrypt the message using Digest::NONE
Signed-off-by: Bill Richardson <wfrichar@google.com>
Change-Id: Ib4d389a47702edd56a4e7d2b334dc89d0c3972a1
In R, earlyBootEnded is called only when metadata encryption is being
set up, and thus is not called if metadata encryption is not enabled.
So don't test it under those circumstances.
Bug: 170875742
Test: Cherry-pick aosp/1515419 so that this test can fail. Test passes
with metadata encryption enabled or disabled, but does not pass
if metadata encryption is enabled and earlyBootEnded is
commented out. (Cuttlefish)
Change-Id: I4f1704ca6235d47a1b47902ebbcc1720d016e8dd
- The docs said that IdentityCredential.createEphemeralKey() returned
data encoded PKCS#8 which is wrong. It's supposed to be in DER format
which is also what the VTS tests and credstore expects.
- Clarify that createEphemeralKeyPair(), setReaderEphemeralPublicKey(),
and createAuthChallenge() are all optional.
- Avoid passing an invalid profile ID in the IdentityCredentialTests.
verifyOneProfileAndEntryPass test.
- Update requirements for which tags must be present in the attestation
for CredentialKey as well as the requirements on expiration date and
the issuer name. Update default implementation to satisfy these
requirements. Update VTS tests to carefully verify these requrements
are met.
- Clarify requirements for X.509 cert for AuthenticationKey. Add VTS
test to verify.
- Mandate that TAG_IDENTITY_CREDENTIAL_KEY must not be set for test
credentials. Add VTS test to verify this.
- Make default implementation pretend to be implemented in a trusted
environment and streamline VTS tests to not special-case for the
default implementation.
- Switch to using the attestation extension parser from the KM 4.1
support library instead of the one from system/keymaster. The latter
one did not support the latest attestation extension and thus would
fail for pretty much anything that wasn't the default HAL impl.
- Fix a couple of bugs in keymaster::V4_1::parse_attestation_record():
- Report root_of_trust.security_level
- Add support for Tag::IDENTITY_CREDENTIAL_KEY
- Fix how EMacKey is calculated.
- Add test vectors to verify how EMacKey and DeviceMac is calculated.
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Bug: 171745570
Change-Id: I2f8bd772de078556733f769cec2021918d1d7de6
The test fails on devices because an unknown
client starts a keymaster BEGIN operation during
bootup but does not finish it. This affects the
keymaster hardware implementation's capability
to support the maximum possible operations while
running this test.
Bug: 154801042
Change-Id: Ib6adc6c28ebe76ddfdc2c66cd17cf78c04e5b468
(cherry picked from commit 48f67e8438)
The GSI patch level might be greater than the vbmeta SPL, because
GSI system.img might be updated via the DSU flow, where vbmeta.img won't
be updated in this scenario.
https://developer.android.com/topic/dsu
Allowing GSI patch level to be greater than or equal to the vbmeta SPL,
since Treble allows new system.img works on old vendor images.
Bug: 145377203
Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: Ib761d80c88695eb2db08b0dc00e30fcdc2788865
Merged-In: Ib761d80c88695eb2db08b0dc00e30fcdc2788865
(cherry picked from commit 63c0129fa6)
The GSI patch level might be greater than the vbmeta SPL, because
GSI system.img might be updated via the DSU flow, where vbmeta.img won't
be updated in this scenario.
https://developer.android.com/topic/dsu
Allowing GSI patch level to be greater than or equal to the vbmeta SPL,
since Treble allows new system.img works on old vendor images.
Bug: 145377203
Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: Ib761d80c88695eb2db08b0dc00e30fcdc2788865
The keymaster function affects the performance of secure os. When considering the swtiching time of the normal world < - > Secure world and the processing delay of the SecureOS by the scheduling policy of the normal world, it is necessary to increase the time.
Even though Secure world is no problem, Sometimes there is a possibility of that the test will fail because it is a limited resource normal world.
On average, it is performed in a very fast time, but sometimes it takes a lot of time. After many tests, the safe time was measured.
Bug: 162115135
Change-Id: I55862204ef71f69bc88c79fe2259f7cb8365699a
Signed-off-by: kh0705 <kh0705.park@samsung.com>
The test fails on devices because an unknown
client starts a keymaster BEGIN operation during
bootup but does not finish it. This affects the
keymaster hardware implementation's capability
to support the maximum possible operations while
running this test.
Bug: 154801042
Change-Id: Ib6adc6c28ebe76ddfdc2c66cd17cf78c04e5b468
HIDL libs are not necessarily part of VNDK now. Because some are
used by VNDK libs, they are still VNDK. But rest are now just
vendor-available.
.hidl_for_test files are also removed because they are used to exclude
test-purpose hidl libs from VNDK libs.
Instead, .hidl_for_system_ext files are added to tests/lazy to
distinguish them from others which are installed /system.
Bug: 143933769
Test: update-makefiles.sh && m com.android.vndk.current
Merged-In: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
Change-Id: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
(cherry picked from commit b0907a6bb8)
In deserializeVerificationToken(), we use extractUint64() to extract
VerificationToken.challenge. A potential bug was found in
extractUint64() that will cause VerificationToken.challenge()
incorrect.
Bug: 160198696
Merged-In: Ie0d2c0127cc34f1bb90455e4f7869e15e5542173
Change-Id: Ie0d2c0127cc34f1bb90455e4f7869e15e5542173
In deserializeVerificationToken(), we use extractUint64() to extract
VerificationToken.challenge. A potential bug was found in
extractUint64() that will cause VerificationToken.challenge()
incorrect.
Bug: 160198696
Change-Id: Ie0d2c0127cc34f1bb90455e4f7869e15e5542173
HIDL libs are not necessarily part of VNDK now. Because some are
used by VNDK libs, they are still VNDK. But rest are now just
vendor-available.
.hidl_for_test files are also removed because they are used to exclude
test-purpose hidl libs from VNDK libs.
Instead, .hidl_for_system_ext files are added to tests/lazy to
distinguish them from others which are installed /system.
Bug: 143933769
Test: update-makefiles.sh && m com.android.vndk.current
Merged-In: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
Change-Id: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
(cherry picked from commit b0907a6bb8)
Bug: 152932559
Test: Boot and observe that Strongbox gets the message
Merged-In: I752b44f5cc20d85bf819188ccaaf0813a5607ba5
Change-Id: I752b44f5cc20d85bf819188ccaaf0813a5607ba5
VTS was running on a userdebug build GSI before Android 10.
Starting from Android 10, VTS is switched to running on top of a
user build GSI image, plus the device-specific boot-debug.img to
allow adb root.
https://source.android.com/compatibility/vts/vts-on-gsi
So 'ro.build.type' will be 'user' because the value comes from
/system/build.prop. Switching to using 'ro.debuggable' to decide
whether we should check the device is locked or not. Note that
'ro.debuggable' will be '1' for userdebug/eng images or when a
boot-debug.img is used.
Bug: 154449286
Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: If5a90d62f77489aa58f96e908553a052cf6d1e18
Merged-In: If5a90d62f77489aa58f96e908553a052cf6d1e18
(cherry picked from commit 43dd6e34bd)