| Age | Commit message (Collapse) | Author |
|---|
|
This change syncs aosp/master with the change in http://aosp/2117528,
allowing devices that launched with the (incorrect) version of
ATTEST_KEY VTS tests in Android S to continue to pass the test.
Bug: 197096139
Bug: 230074335
Test: VtsAidlKeyMintTargetTest
Change-Id: If88642e238e64ca9ec80303a4a72f7171c63464f
Merged-In: If88642e238e64ca9ec80303a4a72f7171c63464f
|
|
Bug: 229356841
Test: VtsAidlKeyMintTargetTest
Change-Id: I3182bad5584c35df7b1eeb476dabb39d19fdf12c
(cherry picked from commit 555ba00c0f2adb6bed6f507a78e43885e9f46048)
Merged-In: I3182bad5584c35df7b1eeb476dabb39d19fdf12c
|
|
Updated VTS testcases where Device IDs Attestation expected as optional
and made it mandatory if KeyMint version >= 2 or device first shipped
with api_level 33.
Bug: 221190197
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I8870a9301d36abdc4fa6585b9f8d62cc1cfd3d96
|
|
Bug: 223537775
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: Ib77d52e4a91233c936b3a44f5eac71f53b2af450
|
|
Test: Run keymint Vts tests.
Change-Id: I8055fef8df5ec77e317f810f9b95a53311b23cf0
|
|
|
|
For the time being, allow the version number in the attestation record
to be 100 even if the AIDL version is 2, so that implementations don't
have to update both versions simultaneously.
Bug: 194358913
Test: TreeHugger, VtsAidlKeyMintTargetTest
Change-Id: I9aae69327a62014e286ce30ca2a4d91c4c280714
|
|
|
|
Add an explicit check that `attested_key_cert_chain.size() > 0`.
Bug: 209672758
Test: atest 'PerInstance/AttestKeyTest#AllEcCurves/1_android_hardware_security_keymint_IKeyMintDevice_strongbox'
Signed-off-by: Brian J Murray <brianjmurray@google.com>
Change-Id: I4f7cb4fb1a30f26e6ef15c54714699f6ae91ba36
|
|
The KeyMint spec has always required that keys with the ATTEST_KEY
purpose "must not have any other purpose".
Add explicit tests for combined-purpose keys to be rejected.
Also expand the spec text to require a specific error code, and to
explain the rationale for single-purpose ATTEST_KEY keys.
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: I2a2014f0ddc497128ba51bb3f43671f759789912
|
|
Update the VTS tests so that attestation keys are not created with
another purpose.
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: Ib6e4ad98cbe5c3015138854679b11fa0e683ade9
|
|
Explicitly detect empty cert chains returned by GenerateKey rather
than crashing when trying to dereference the first entry.
Bug: 195605180
Test: VtsAidlKeyMintTargetTest
Change-Id: Idad2703b458952ff599c6ccdd04a941aef7aedde
|
|
Check that the various ATTESTATION_ID_* tags are included if they
have the correct value, and that keygen fails if they have an invalid
value.
Also update attestation tags to include vendor/boot patchlevel if
they're available. (They always should be, but fixing that is a
separate task.)
Bug: 190757200
Test: VtsAidlKeyMintTargetTest
Merged-In: Ibaed7364c6d08c0982e2a9fb6cb864ae42cf39fe
Change-Id: Ibaed7364c6d08c0982e2a9fb6cb864ae42cf39fe
|
|
Bug: 186685601
Bug: 188855306
Test: VtsAidlKeyMintTargetTest
Change-Id: Icf400533b0ded98b9338f2d782d95d90c7efbff4
|
|
- clarify & test BIGNUM spec
- allow alternative return codes when requesting device unique
attestation
- use specific error for early boot import failure
- test more early boot key scenarios (in post-early-boot mode)
Test: VtsAidlKeyMintTargetTest
Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
|
|
Strongbox doens't support p-224. Change the curve to p-256 for better
compatibility.
Also update the tags to be filtered on the hw-enforcement list.
Change-Id: I3f587c5471ca68b88a565ee9ec2e27d1e9e11b17
|
|
* changes:
Update DeviceUniqueAttestationTest to match spec
Make AttestKeyTest not crash if no cert is returned.
|
|
Test: VtsAidlKeyMintTargetTest
Change-Id: Ia3a6363d854742681f684ff989b98b7cfda30746
|
|
Tests for:
- non-prime RSA exponent (fails with CF KeyMint)
- RSA exponent value of 3
- key size > 512 for `STRONGBOX`
- unknown tag inclusion
- CBC input size not block size multiple
- challenge omitted for attestation (fails with CF KeyMint)
- import RSA key with implicit params
- vestigial upgradeKey test
- importWrappedKey errors
- importWrappedKey sids ignored
- duplicate/missing params on begin()
- more tests for incompatible params on begin()
- HMAC size not multiple of 8 (fails with CF KeyMint)
- wrong size caller IV for 3DES rejected
- too large MIN_MAC_LENGTH for HMAC
- invalid AES-GCM minimum MAC length values
- check failed updateAad() cancels operation
- check that auto-generated nonces are distinct
- (DISABLED_) invoke destroyAttestationIds()
- omitting optional RSA keygen tags
Also add commenting to illustrate the ASN.1 structure of hex data.
Test: VtsKeyMintAidlTargetTest
Change-Id: I4663c42671cbb094ffe8d603e0352ffa9f1dbf2e
|
|
Also fix some test name comments along the way.
Test: VtsKeyMintAidlTargetTest
Change-Id: I828acfaa676e1b9fa2e3c6f184f9dafb936b0e82
|
|
- Added tests for signing attest key with factory chain.
- Added test for signing encryption keys.
- Added tests for chaining many RSA attest keys on the same chain.
- Added tests for chaining many Ec attest keys on the same chain.
- Added tests for alternate chaining of rsa-ec-rsa-ec-rsa attesti
keys on the same chain.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I9c67e2b928d6bba6cc4074a4b65f639f33c9ec26
|
|
Also adds a test to verify that implementations return the expected
error code.
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic8e9953a2572eb0cc8fefc363934eaf9b432b5a4
|
|
Test: VtsRemotelyProvisionedComponentTests
Change-Id: I2f5187bfb4fd1572d10c306377e07a6d167689fa
|
|
This allows applications to generate their own attestation keys and
then use them to attest other application-generated keys.
Bug: 171845652
Test: VtsAidlKeyMintTargetTest
Change-Id: I32add16dcc2d1b29665a88024610f7bef7e50200
|
