Commit graph

314 commits

Author SHA1 Message Date
David Drysdale
f46b2d5402 Merge "KeyMint VTS: improve ATTESTATION_ID_ tests" 2021-10-14 13:33:41 +00:00
David Drysdale
c53b7d9da8 KeyMint VTS: improve ATTESTATION_ID_ tests
Existing comment is incorrect: the ATTESTATION_ID_* values that the test
provided are rejected because they do not match the device values, not
because the tags are specific to device-unique attestation.

Fix the test comment (and make the values more obviously wrong), and
add a separate test that includes correct values of ATTESTATION_ID_*
values.

Test: VtsAidlKeyMintTargetTest
Change-Id: I5c5f5ef6a228990c9e46f90727e0f135dfc2c528
2021-10-14 14:32:04 +01:00
David Drysdale
513bf12932 KeyMint VTS: use GTEST_SKIP for optional fn
When a KeyMint VTS exercises optional functionality, where possible
use GTEST_SKIP() when that functionality is absent, so the test
summary includes information about what is present and what isn't.

This should not affect the overall test result.

Test: VtsAidlKeyMintTargetTest
Change-Id: I62d244d2e4ecc67737906009575e64b50450d4c4
2021-10-12 07:22:28 +01:00
David Drysdale
4e9cab823d Merge "KeyMint VTS: don't crash on invalid patchlevel" am: e1152b6390
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1844900

Change-Id: I76b505672b7c78b03a9c79df6473212ea5c65072
2021-10-05 14:09:00 +00:00
David Drysdale
e1152b6390 Merge "KeyMint VTS: don't crash on invalid patchlevel" 2021-10-05 13:54:09 +00:00
David Drysdale
22a5ccd132 Merge "KeyMint VTS: enable patchlevel checks" am: 8fb4a1c82e
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1840175

Change-Id: I8b58efc55b884da16fe1312d571f42852ce642ff
2021-10-05 10:08:25 +00:00
David Drysdale
168228a933 KeyMint VTS: don't crash on invalid patchlevel
If vendor/boot patchlevel is shorter than the expected YYYYMMDD format,
fail properly rather than crashing the VTS test process.

Bug: 201946955
Test: VtsAidlKeyMintTargetTest
Change-Id: Icf3541e1b76675871672edec8590ec1821770acf
2021-10-05 08:56:39 +01:00
David Drysdale
f5bfa00996 KeyMint VTS: enable patchlevel checks
Believe that all KeyMint implementations are now in compliance with
the HAL specification and so we can enable the checks that all
generated keys include vendor and boot patchlevel.

Test: VtsAidlKeyMintTargetTest
Change-Id: I99741af308023fe12268e9875e252470fbaaaf9e
2021-09-27 17:30:41 +01:00
Treehugger Robot
77adb256eb Merge "Add logging to KeyCharacteristicsBasicallyValid" am: bd7df07b2a
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1818914

Change-Id: Iabd387ec94991d29e59cc739ea390a7ac67a1370
2021-09-21 05:47:22 +00:00
Treehugger Robot
bd7df07b2a Merge "Add logging to KeyCharacteristicsBasicallyValid" 2021-09-21 05:32:28 +00:00
Treehugger Robot
a21ff111a5 Merge "Update the documentation to clarify about the timer in ISecureClock." am: 33ee594688
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1826532

Change-Id: I0a4c758bfeae149e13d028a89477ef95a81c0840
2021-09-16 19:44:06 +00:00
Hasini Gunasinghe
c2386f5675 Update the documentation to clarify about the timer in ISecureClock.
Bug: 197662247
Test: N/A
Change-Id: If35666b6557c432211c75063104c598602f78c87
2021-09-14 16:04:13 +00:00
David Drysdale
6715fad7d1 Disable KeyMint -> IRemotelyProvisionedComponent test am: 0fce69d05c
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1673210

Change-Id: I85e4bb88f2204d4b9c5c4ad53c03a7f9d4f692b8
2021-09-08 19:55:38 +00:00
David Drysdale
0fce69d05c Disable KeyMint -> IRemotelyProvisionedComponent test
Not required yet.

Test: VtsAidlKeyMintTargetTest
Change-Id: Ie8fecc4ea4795d7fa4fd6bcf0e6d8013c15f50e5
Bug: 186586864
2021-09-08 17:36:17 +00:00
Seth Moore
2a9a00e385 Add logging to KeyCharacteristicsBasicallyValid
There are multiple ways this predicate can fail, so add some logging
statements when errors occur so that tests are easier to debug.

Test: VtsAidlKeyMintTargetTest
Change-Id: I49ec12271bdebeab3aa6b9c7ae5d491075b3b649
2021-09-03 10:09:20 -07:00
Max Bires
54ce425deb Change the language for SB AES key sizes am: b04c67a938
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1817585

Change-Id: I8c19f2a29486baee1723b57fb0d313199a978646
2021-09-03 07:31:26 +00:00
Max Bires
b04c67a938 Change the language for SB AES key sizes
This alters the HAL documentation to specify that StrongBox must ONLY
support AES 128 and 256 keys.

Bug: 191736606
Test: Read the documentation and confirm that it is clear.
Change-Id: I484d51700df28eb073b7928b6dc7a3b52c59caee
2021-09-01 23:24:01 -07:00
Max Bires
7db2454972 Merge "Revert "AesInvalidKeySize skip 192 on SB devices"" am: f970abe674
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1803229

Change-Id: Iba41af9658e056e59331fbf5799f21365d13723b
2021-09-01 08:34:29 +00:00
Max Bires
f970abe674 Merge "Revert "AesInvalidKeySize skip 192 on SB devices"" 2021-09-01 08:24:01 +00:00
Steven Moreland
4263d16fc6 keymint: use versions for imports am: f4562215b4
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1814144

Change-Id: Ic63b7434cab87aae3768cc698dd1460019c6e89b
2021-08-31 17:09:34 +00:00
Steven Moreland
f4562215b4 keymint: use versions for imports
This makes sure that when developers add a new version of an interface,
or when interfaces are being frozen, the runtime/buildtime situation of
clients depending on those interfaces remains the same. This is required
for AIDL to continue working at scale.

Bug: 188871598
Test: build
Change-Id: I358c19c91e8b20d47967aa3b26a8aa5dd6a97ab6
2021-08-30 17:54:19 -07:00
Max Bires
d067e790ab Revert "AesInvalidKeySize skip 192 on SB devices"
This reverts commit eb8b0577e8.

Reason for revert: Broke a different TEE implementation

Bug: 196922051
Change-Id: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
Merged-In: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
2021-08-20 07:30:36 +00:00
David Drysdale
5558b8ab1e KeyMint VTS: add missing purpose/algo am: ff81928532
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1799764

Change-Id: I612c9319f25432cdb66bea6afd0e81acc94246b9
2021-08-19 17:53:31 +00:00
David Drysdale
ff81928532 KeyMint VTS: add missing purpose/algo
Test was producing an invalid set of parameters in a different way than
intended.

Bug: 197222749
Test: VtsAidlKeyMintTargetTest
Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12
2021-08-19 17:07:04 +01:00
Xin Li
e287df40b9 Merge sc-dev-plus-aosp-without-vendor@7634622
Merged-In: Ifa71accba7ecf2ab15980227a4413831cfceb187
Change-Id: I7fb44c6c578a51c8ad36649d20a46233fd9609ca
2021-08-14 06:30:57 +00:00
Max Bires
3828fb2214 Merge "AesInvalidKeySize skip 192 on SB devices" 2021-08-13 21:45:14 +00:00
Treehugger Robot
1758d3a4b6 Merge "Fix KeyDeletionTest.DeleteAllKeys" 2021-08-12 23:54:15 +00:00
Shawn Willden
9a7410e50d Fix KeyDeletionTest.DeleteAllKeys
Test failed to set default key validity, which caused keygen to fail.
Wasn't noticed because this test is typically disarmed.

Note:  This test will destroy all user data on the device (which is
why it is typically disarmed).

Bug: 187105270
Test: VtsAidlKeyMintTargetTest --arm_deleteAllKeys
Change-Id: I67e317fdfca15c95c6420918948d1416e97de482
Merged-In: I67e317fdfca15c95c6420918948d1416e97de482
2021-08-12 22:47:34 +00:00
David Drysdale
4ef503113e Merge "keymint/aidl/OWNERS: add drysdale@" 2021-08-12 13:03:57 +00:00
Max Bires
86edc262af AesInvalidKeySize skip 192 on SB devices
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.

Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: I1a27a0d61e5247ad90c8f5b1423f2a1567016bac
2021-08-09 23:03:53 -07:00
David Drysdale
9e1c4c1486 Merge "KeyMint VTS: catch empty cert chains" am: 38fe3c5962 am: 675972efc4
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1787827

Change-Id: I72b6768cf64237d1b61781429e691698dd8d42c8
2021-08-09 06:13:15 +00:00
David Drysdale
f126c22f29 keymint/aidl/OWNERS: add drysdale@
Test: none
Change-Id: Ib38b3d4e8e8a41f8bbe3a2c2ad6e53ba10ff8dfc
2021-08-06 18:39:39 +01:00
David Drysdale
a038695b21 KeyMint VTS: catch empty cert chains
Explicitly detect empty cert chains returned by GenerateKey rather
than crashing when trying to dereference the first entry.

Bug: 195605180
Test: VtsAidlKeyMintTargetTest
Change-Id: Idad2703b458952ff599c6ccdd04a941aef7aedde
2021-08-05 09:03:20 +01:00
Jiyong Park
48131c0ace Merge "Remove ndk_platform backend. Use the ndk backend." am: 2346a4c6b9 am: 4ef9aa49dc
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1778908

Change-Id: Ib35b7b0ddc0bebd0714d290b1ac2fab8d5a1893e
2021-07-28 12:39:05 +00:00
Jiyong Park
2346a4c6b9 Merge "Remove ndk_platform backend. Use the ndk backend." 2021-07-28 12:10:05 +00:00
Seth Moore
8ba6aebbfc Allow uninstantiated remote provisioning tests am: 8aee4a857c
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15404613

Change-Id: I06163220ac87ddca7e851ab17e43cb6945534a5b
2021-07-27 23:33:39 +00:00
Seth Moore
6305e23cd8 Allow uninstantiated remote provisioning tests
Not all devices have an IRemotelyProvisionedComponent HAL, so on those
devices 0 of the tests in VtsRemotelyProvisionedComponentTests will be
run.

Bug: 194770385
Test: Ran tests on two devices: one with and one without the HAL.
Change-Id: I8624096158f29058189dfab7cd876804ae178e60
Merged-In: I8624096158f29058189dfab7cd876804ae178e60
2021-07-27 14:51:10 -07:00
Seth Moore
8aee4a857c Allow uninstantiated remote provisioning tests
Not all devices have an IRemotelyProvisionedComponent HAL, so on those
devices 0 of the tests in VtsRemotelyProvisionedComponentTests will be
run.

Fixes: 194770385
Test: Ran tests on two devices: one with and one without the HAL.
Change-Id: I8624096158f29058189dfab7cd876804ae178e60
2021-07-27 14:20:17 -07:00
Jiyong Park
27f77fefd7 Remove ndk_platform backend. Use the ndk backend.
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.

Bug: 161456198
Test: m
Change-Id: Ibe8beeaf0d1b33968fb782f1f70c17ae9e9bf871
2021-07-27 14:44:47 +09:00
Seth Moore
b9b87ab1c9 Add VtsRemotelyProvisionedComponentTests config
VtsHalRemotelyProvisionedComponentTargetTest was picking up the same
config file (AndroidTest.xml) as VtsAidlKeyMintTargetTest. When atest or
TF was used to run VtsHalRemotelyProvisionedComponentTargetTest, it
actually ran VtsAidlKeyMintTargetTest.

Add a separate test config file so that we run the correct test binary.

Test: atest VtsAidlKeyMintTargetTest
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Bug: 192824779
Change-Id: I7ba0f8d364690209722f9a06c6c0ce2957781beb
Merged-In: I7ba0f8d364690209722f9a06c6c0ce2957781beb
2021-07-21 09:26:34 -07:00
Seth Moore
a0130911dc Add VtsRemotelyProvisionedComponentTests config am: 643a794172
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15340045

Change-Id: I52c8625b1c9bcf503fa149265957ee509ca8a16a
2021-07-21 00:30:56 +00:00
Seth Moore
643a794172 Add VtsRemotelyProvisionedComponentTests config
VtsHalRemotelyProvisionedComponentTargetTest was picking up the same
config file (AndroidTest.xml) as VtsAidlKeyMintTargetTest. When atest or
TF was used to run VtsHalRemotelyProvisionedComponentTargetTest, it
actually ran VtsAidlKeyMintTargetTest.

Add a separate test config file so that we run the correct test binary.

Test: atest VtsAidlKeyMintTargetTest
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Fixes: 192824779
Change-Id: I7ba0f8d364690209722f9a06c6c0ce2957781beb
2021-07-20 15:47:03 -07:00
Seth Moore
b393b089c1 Don't fail if TAG_ALLOW_WHILE_ON_BODY is missing
The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be
supported, and if it is not supported it's a noop. Don't expect the tag
to fail with UNSUPPORTED_TAG on devices that don't support it.

Test: VtsAidlKeyMintTargetTest
Bug: 192222727
Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
Merged-In: I2e80ca59151e79f595a65cae94ac966b4ba7020d
2021-07-13 11:18:36 -07:00
TreeHugger Robot
d00211cd3e Merge "Don't fail if TAG_ALLOW_WHILE_ON_BODY is missing" into sc-dev am: eca569897a
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15263335

Change-Id: I3eed0c51d932524b9d374af5ae786cddf184b8a4
2021-07-13 17:49:45 +00:00
TreeHugger Robot
eca569897a Merge "Don't fail if TAG_ALLOW_WHILE_ON_BODY is missing" into sc-dev 2021-07-13 17:35:10 +00:00
TreeHugger Robot
f58618f851 Merge "KeyMint: Fix device-unique attestation chain specification" into sc-dev 2021-07-13 15:24:53 +00:00
Seth Moore
3dbdaa9717 Don't fail if TAG_ALLOW_WHILE_ON_BODY is missing
The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be
supported, and if it is not supported it's a noop. Don't expect the tag
to fail with UNSUPPORTED_TAG on devices that don't support it.

Test: VtsAidlKeyMintTargetTest
Bug: 192222727
Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
2021-07-12 15:10:40 -07:00
Seth Moore
19acbe9f66 Update KeyMint VTS tests with prod GEEK
Now that we have the production Google Endpoint Encryption Key, we can
update the tests to use the correct GEEK cert chain where applicable.

Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: VtsAidlKeyMintTargetTest
Bug: 191301285
Change-Id: I84b557c6bad34741ffe6671fc941d9e266b73241
Merged-In: I84b557c6bad34741ffe6671fc941d9e266b73241
2021-07-09 13:17:24 -07:00
Seth Moore
aad945fce4 Update KeyMint VTS tests with prod GEEK am: 87eb1dd928
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15080864

Change-Id: Id79cf3bd491f66f22adfb34dfaee5881659197c6
2021-07-09 17:20:25 +00:00
Seth Moore
87eb1dd928 Update KeyMint VTS tests with prod GEEK
Now that we have the production Google Endpoint Encryption Key, we can
update the tests to use the correct GEEK cert chain where applicable.

Ignore-AOSP-First: No merge path to aosp, will manually merge
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: VtsAidlKeyMintTargetTest
Bug: 191301285
Change-Id: I84b557c6bad34741ffe6671fc941d9e266b73241
2021-07-09 08:47:54 -07:00