Specify that DICE-based RKP implementations may also allow a ROM
extension to manage the UDS public key.
Test: The words are semantically parseable
Change-Id: I8f9c6efb01fc76318220cf1bc4a0eb3a3ad42f87
Removed the check to skip the attest-id tests on GSI, modified the
attest-id tests to support this.
Bug: 290643623
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Id79d7fb4c70ed94ed76bc57f3d66ce47e9b67b48
When deliberately testing invalid ID attestation, use the helper
function (which checks the error return code is correct) in one more
place.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I6ea5bd7ee19b3b172330117bfde1b16745debba7
Avoid the ADD_FAILURE at the end if attestion ID failure uses an allowed
return code.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I0dcac312ac4516a078b2742721e3a19074da52b1
Updated VTS tests to verify mgf-digests in key characteristics of
RSA-OAEP keys. Added new tests to import RSA-OAEP keys with
mgf-digests and verified imported key characteristics.
Bug: 279721313
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I06474a85c9e77fded264031ff5636f2c35bee6b4
Update the default KeyMint version to v3.
Note this affects the pure software implementation of KeyMint that is
not used for anything that tests currently run against.
Bug: 275982952
Test: m (that it builds)
Change-Id: I6ab10329af590bd2a045710dfff47c6e78740464
Generalize the existing helper function to allow more variants.
Remove a couple of pointless invocations of the existing helper.
Bug: 286733800
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic01c53cbe79f55c2d403a66acbfd04029395c287
If some check in a VTS test case fails, the test function may exit early
and not call CheckedDeleteKey(&some_keyblob), thus "leaking" a key blob.
This isn't normally an issue, but if the key blob happens to use a
feature that uses some secure storage (e.g. ROLLBACK_RESISTANCE or
USAGE_COUNT_LIMIT=1) then this may leak some scarse resource.
To avoid the chance of this, use an RAII holder to ensure that
manually-managed keyblobs (i.e. key blobs that are not held in the
key_blob_ member of the base test class) are always deleted.
Bug: 262212842
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie8806095e249870484b9875eb660070607f339a3
Update the RKP readme to match contemporary philosophy about the design.
This includes replacing discussion if the obsolete term `BCC` with a
description of the Android Profile for DICE.
The privacy concerns are relaxed to match updates to the HAL which
remove the superencryption of the DICE chain.
Test: n/a
Fix: 281755202
Change-Id: I3a6fd2cd12599c5843b5dce0044eb16c2afbffa2
It should definitely be the case that a different SPL triggers key
requires upgrade, but the converse isn't true -- if no SPL change, it's
OK for the device to request upgrade anyhow.
Bug: 281604435
Change-Id: Ic03ce51fb4b18ff669595ab430f9fccd1da48997
Align with the Open Profile for DICE by requiring that the configuration
hash be included because the configuration input is a hash of the
specified configuration desscriptor.
Test: n/a
Change-Id: I9d2ef560dc8e6f567b5b8d1a244f5138c45ae420
Introduce a field to the configuration descriptor that provides a
standard semantically-defined version number rather than the
vendor-defined component version which acts more like a build ID.
Test: n/a
Bug: 282205139
Change-Id: Idb0c991ab12ae75687236f2489e639e4422a0225
Only specify the requirements for `normal` DICE mode and allow vendors
to choose the non-normal mode that fits their need per the ope-dice
specification.
Add a note that RKP required `normal` mode in the DICE chain in order to
trust the device.
Test: n/a
Bug: 263144485
Change-Id: Iaaa3799c53234de61a51ebc855822b93ab3e5bb8
The Open Profile for DICE give possible guidelines on the requirements
for the DICE mode but Android needs those to be strictly specified.
Fix: 263144485
Test: n/a
Change-Id: Ia5fc937654504199cabf4709f1c15484242e0161
Added a check to make sure IMEI is not "null".
Bug: 281676499
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Ia1569a30412d633eee4d4de8cd00dea077d1c23d
In the second case out of the two cases of authorization enforcement
described for update(), it seems like the challenge is expected in
the timestamp token.
Test: N/A
Change-Id: I33e1b84bf8218335665b31ca144b3b4ecb342328
Strongbox may not support 1024 bit key size for RSA.
So in NoUserConfirmation test updated the key size to
2048 so that the test works for both TEE and Strongbox.
Bug: 280117495
Test: run VtsAidlKeyMintTarget
Change-Id: I32bb28001aca9b69eedb1bd3d0bcff43052d06e4
Updated the BootLoaderStateTest for strongbox implementations which
do not support factory attestation.
Test: vts -m VtsAidlKeyMintTarget
Change-Id: I8fe176a18fc0b9e2b2d0b012b7b63124d15c9e2f
It's already documented that IRPC v3 doesn't make use of test mode keys
however VTS still required support for their generation. Fix this and
simplify implementation of the v3 HAL by expecting an error in all cases
that the deprecated test mode keys are seen.
IRPC v3 also fully deprecated the EEK meaning a v3 implementation must
unconditionally report CURVE_NONE for supportedEekCurve.
The VTS tests are enhanced with contextual version constants rather than
reusing constants with seemingly unrelated names.
Bug: 278013975
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I5709a0b1cd77eb28e677f64bb781fad58d91570a
A bug in the Trusty HAL service caused it to replace MGF1 digest tags
with Tag::INVALID. This tests that MGF1 tags are returned properly in
the MGF1 success test, and verifies that Tag::INVALID is never
returned by any test.
Bug: 278157584
Test: adb shell /data/nativetest/VtsAidlKeyMintTargetTest/VtsAidlKeyMintTargetTest
Change-Id: I5d391310795c99f37acf3c48310c127a7a31fac3
No tests are instantiated if KeyMint is present on the the device.
Explicitly allow that.
Bug: 277975776
Test: VtsAidlKeyMintTargetTest
Change-Id: I88f1c0a81f36d198dabcb1420b62a00bacdbb6e7
