| Age | Commit message (Collapse) | Author |
|---|
|
ffacdad4a9
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1949538
Change-Id: I297f1b3a562df834c4021cdf5bfd395fa49cbc5a
|
|
Various block cipher testing fixups. Some of these changes reflect edge
cases I encountered when running local GSC builds.
Change:
* Extend ciphertext lengths.
* Add SCOPED_TRACE() within for loops.
* Use '\t' instead of 'a' for PKCS7 padding.
Test: CTS/VTS
Signed-off-by: Brian J Murray <brianjmurray@google.com>
Change-Id: I4555519787e0133367ad3f40609d43a7bc71c36e
|
|
0a3c90f904 am: bb5882c6b3 am: 1cce1762fe
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1918628
Change-Id: Ie6b1966ff710b4fea1275c8b06b329f9b451910f
|
|
|
|
For the time being, allow the version number in the attestation record
to be 100 even if the AIDL version is 2, so that implementations don't
have to update both versions simultaneously.
Bug: 194358913
Test: TreeHugger, VtsAidlKeyMintTargetTest
Change-Id: I9aae69327a62014e286ce30ca2a4d91c4c280714
|
|
02c4ee0dca am: 35392ef70e am: 6e2b1afdeb
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1844276
Change-Id: Idd7c93ed9a4ad0b36ce06006cef11f0990b7ffcf
|
|
|
|
am: 07069c9e35 am: e41208c9b4 am: 3d160da02b
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1920687
Change-Id: I3ead1f90d9a091b16eaa938e9640978c75ad9f6e
|
|
|
|
e76045d7b098b6f1a216472c23c41031b96b8a13
Change-Id: Ia167fd45b6e590e34523810ee10118c5c141f538
|
|
am: f121b2c2bb am: 4df4387267 am: 633046efb2
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1918632
Change-Id: I465283c26ef3a281a07a83dbe3c33a138c2eac75
|
|
fails" am: 924613950c am: 309c32adb7 am: a7ee9f53ed am: 4a9da1da1a
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1915101
Change-Id: Ifb396f5f61426d445dcbb20453f5b42ea42347e6
|
|
|
|
5a63e3ea57 am: e373da49f8 am: e274e87d59
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1900930
Change-Id: Id2cc500639fe34fdd84fbbaa67c5092033b51267
|
|
Revert "Bump keystore2 AIDL API version 1->2"
Revert "Advertise support of KeyMint V2"
Revert submission 1900930-version-bump
Reason for revert: Broken build on sc-qpr1-dev-plus-aosp, b/210450339
Reverted Changes:
I42a9b854f:keystore2: cope with new curve25519 enum
I167d568d6:Bump keystore2 AIDL API version 1->2
I3a16d072e:Advertise support of KeyMint V2
Ibf2325329:KeyMint HAL: add curve 25519, bump version
Change-Id: I78d4b07c41aa6bfeb367b56a58deeac6adb6ec46
|
|
|
|
Marked as required for TRUSTED_ENVIRONMENT impls but not STRONGBOX.
Bump keymint HAL version 1->2 in defaults and in current compatibility
matrix.
Bug: 194358913
Test: build
Change-Id: Ibf2325329f0656a2d1fc416c2f9a74d505d0bf20
|
|
A VTS test case to verify HMAC signature verification fails if data or
signature is currupted.
Bug: 209452930
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I2177fd99cfab4ef4a347d50461db0d2e3ad8c612
|
|
8a2977f698 am: 4f6428aada am: 8e2cc360ee
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1907696
Change-Id: I1254ed22f8ecdefccbffa0531256a18ae2089c38
|
|
|
|
The KeyMint spec requires that all generated keys include the
BOOT_PATCHLEVEL for the device.
However, the VTS test sometimes gets run in an environment where this
is not possible; specifically the Trusty QEMU tests don't have the
bootloader -> KeyMint communication that is needed to populate this
information.
Add a command line flag that disables checks for BOOT_PATCHLEVEL to
cope with these scenarios, making sure that it defaults to having the
checks enabled.
Test: VtsAidlKeyMintTargetTest
Change-Id: I215c8a18afbd68af199d49f74b977ad7cac6b805
|
|
02951d1167 am: d1c5ed5bec
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1903312
Change-Id: I803c4549b635d900934403c775886b1153b91a12
|
|
Transfer the fix in http://aosp/1745035 from the KeyMint VTS test back
into the keymaster VTS test.
Bug: 189261752
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5f0a69255cfe980dd6e71fa29ff06a84cb668f6d
|
|
f103c76afe am: 37afdad0c5 am: 6a20b8d8c2
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1877242
Change-Id: Iab4f133f9ccbb5afcf04d05cd46ba316f38c03e2
|
|
Test that specifying RESET_SINCE_ID_ROTATION results in a different
unique ID value.
Test: VtsAidlKeyMintTargetTest
Bug: 202487002
Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
|
|
The KeyMint spec has always required that keys with the ATTEST_KEY
purpose "must not have any other purpose".
Add explicit tests for combined-purpose keys to be rejected.
Also expand the spec text to require a specific error code, and to
explain the rationale for single-purpose ATTEST_KEY keys.
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: I2a2014f0ddc497128ba51bb3f43671f759789912
|
|
010a23aa0d am: 460d22a4da am: f6a0f5fb9d am: 44d56954a2
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1853960
Change-Id: Ifb0d3669578cd75b964c74b40e9032a31c89261c
|
|
Bug: 202487002
Test: atest VtsAidlKeyMintTargetTest (on CF, O6)
Change-Id: I8bc674b47549aa1133f816c510289774db752e04
|
|
0ce446e730 am: c39a694e01 am: 3867a0d821 am: 88f4b59923
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1853954
Change-Id: I081f3feb529a259ddcb8fdb4cbbdbe65667ae810
|
|
|
|
Existing comment is incorrect: the ATTESTATION_ID_* values that the test
provided are rejected because they do not match the device values, not
because the tags are specific to device-unique attestation.
Fix the test comment (and make the values more obviously wrong), and
add a separate test that includes correct values of ATTESTATION_ID_*
values.
Test: VtsAidlKeyMintTargetTest
Change-Id: I5c5f5ef6a228990c9e46f90727e0f135dfc2c528
|
|
dfce78b011 am: 61180078f2 am: 4ceb5911a3 am: f76f261862
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1853955
Change-Id: Id3b3d344e9648c7c4d884f82dafe68927df1c602
|
|
|
|
Keymint is not supposed to support public key operations.
Update the parameter to reflect that.
Bug: 202928979
Test: VtsAidlKeyMintTargetTest
Change-Id: Id746953f5c68be6730beb3a7340e075ef28039c2
|
|
When a KeyMint VTS exercises optional functionality, where possible
use GTEST_SKIP() when that functionality is absent, so the test
summary includes information about what is present and what isn't.
This should not affect the overall test result.
Test: VtsAidlKeyMintTargetTest
Change-Id: I62d244d2e4ecc67737906009575e64b50450d4c4
|
|
am: a9bedb53da am: 3d6cd17f1b am: 70da8310a1
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1840175
Change-Id: Ie9893cc4775fe860e6833032b23359181d9ef4c2
|
|
|
|
Check if the zero input data with AES-CBC-[NONE|PKCS7] padding mode
generates correct output data and length.
Bug: 200553873
Test: VtsHalKeymasterV4_0TargetTest, VtsAidlKeyMintTargetTest
Change-Id: I729c2bad65e9d8b194422032346e5ee3c4b0dce5
|
|
Believe that all KeyMint implementations are now in compliance with
the HAL specification and so we can enable the checks that all
generated keys include vendor and boot patchlevel.
Test: VtsAidlKeyMintTargetTest
Change-Id: I99741af308023fe12268e9875e252470fbaaaf9e
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15787697
Change-Id: I4ccd90ddad225c6a0b3db4c39f0eca08c985dcb0
|
|
Not required yet.
Test: VtsAidlKeyMintTargetTest
Bug: 186586864
Change-Id: Ie8fecc4ea4795d7fa4fd6bcf0e6d8013c15f50e5
Merged-In: Ie8fecc4ea4795d7fa4fd6bcf0e6d8013c15f50e5
|
|
Not required yet.
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie8fecc4ea4795d7fa4fd6bcf0e6d8013c15f50e5
Bug: 186586864
|
|
Test was producing an invalid set of parameters in a different way than
intended.
Bug: 197222749
Test: VtsAidlKeyMintTargetTest
Merged-In: I07f706fec81d91e8eee9c0561428142559c54f12
Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12
Ignore-AOSP-First: this is a manual cross-merge
|
|
Test was producing an invalid set of parameters in a different way than
intended.
Bug: 197222749
Test: VtsAidlKeyMintTargetTest
Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12
|
|
Test failed to set default key validity, which caused keygen to fail.
Wasn't noticed because this test is typically disarmed.
Note: This test will destroy all user data on the device (which is
why it is typically disarmed).
Bug: 187105270
Test: VtsAidlKeyMintTargetTest --arm_deleteAllKeys
Change-Id: I67e317fdfca15c95c6420918948d1416e97de482
Merged-In: I67e317fdfca15c95c6420918948d1416e97de482
|
|
The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be
supported, and if it is not supported it's a noop. Don't expect the tag
to fail with UNSUPPORTED_TAG on devices that don't support it.
Test: VtsAidlKeyMintTargetTest
Bug: 192222727
Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
Merged-In: I2e80ca59151e79f595a65cae94ac966b4ba7020d
|
|
The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be
supported, and if it is not supported it's a noop. Don't expect the tag
to fail with UNSUPPORTED_TAG on devices that don't support it.
Test: VtsAidlKeyMintTargetTest
Bug: 192222727
Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
|
|
It's possible that corrupted ciphertext decrypts just fine. e.g. the
output ends with "0x01".
However, the chances of this happening are relatively low
(roughly 1/256). Corrupt the ciphertext up to 8 times, ensuring that
the likelihood of multiple successful decryptions is so miniscule that
it's effectively impossible.
Test: Ran *PaddingCorrupted tests 50000 times
Change-Id: If40ecd7817819921c020ea9b86ada18c4c77ea55
|
|
The KeyMint AIDL spec requires that "Tag::EC_CURVE must be provided to
generate an ECDSA key". Move the VTS tests to always create ECDSA keys
by curve not key size.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Merged-In: I33036387c243b21ab0ecd49221b7e7757598913e
Change-Id: I33036387c243b21ab0ecd49221b7e7757598913e
Ignore-AOSP-First: already merged in aosp/master
|
|
Try all tags in attestion extension one by one
Test: VtsAidlKeyMintTargetTest on CF
Bug: 186735514
Merged-In: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d
Change-Id: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d
Ignore-AOSP-First: already merged in aosp/master
|
