| Age | Commit message (Collapse) | Author |
|---|
|
Test: VtsAidlKeyMintTargetTest & VtsHalKeymasterV4_0TargetTest
Bug: 235099905
Ignore-AOSP-First: Cherry pick from aosp/2115214
Change-Id: Ie10b705bb06990a2a2c6223fcce28f5fde6bf3f3
Merged-In: Ie10b705bb06990a2a2c6223fcce28f5fde6bf3f3
|
|
The data for a key agreement operation should always send in the
SubjectPublicKeyInfo structure, not a raw key for X25519.
Test: VtsAidlKeyMintTargetTest
Bug: 231959070
Change-Id: Ib5157da6a986d957162fab60dbe927017cfdd703
Merged-In: Ib5157da6a986d957162fab60dbe927017cfdd703
|
|
Bug: 229356841
Test: VtsAidlKeyMintTargetTest
Change-Id: I3182bad5584c35df7b1eeb476dabb39d19fdf12c
(cherry picked from commit 555ba00c0f2adb6bed6f507a78e43885e9f46048)
Merged-In: I3182bad5584c35df7b1eeb476dabb39d19fdf12c
|
|
2e449950d6
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2059787
Change-Id: I1a4bf228d73452cbc718ab126165bf09e0cdf833
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
The AesEcbPkcs7PaddingCorrupted test has been incorrect since it was
originally introduced -- it was feeding the original message as input to
the decryption operation, rather than the corrupted ciphertext. As a
result, the expected error code was also wrong -- INVALID_INPUT_LENGTH
is appropriate for a too-short cipher text (length 1 in this case),
whereas a corrupt-but-correct-length cipher text should give
INVALID_ARGUMENT.
Fix the test, and add a separate test to cover what was inadvertently
being tested before. Add a sentence to the HAL spec to describe what
expected and tested by CTS/VTS.
Bug: 194126736
Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest
Change-Id: Iaa5e42768814197f373797831093cf344d342b77
|
|
d8fdf0b804 am: 8adaed5f62
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2028224
Change-Id: I2937358195e0218cf7337b989686f649b7e82d22
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Updated VTS testcases where Device IDs Attestation expected as optional
and made it mandatory if KeyMint version >= 2 or device first shipped
with api_level 33.
Bug: 221190197
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I8870a9301d36abdc4fa6585b9f8d62cc1cfd3d96
|
|
do not support factory attestation." am: 950b7b8026 am: cc399cf7b0 am: af1490f3f7
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2027803
Change-Id: I07f19f0c03955d3931842688d8a2ee31dbf174cf
|
|
do not support factory attestation."
|
|
do not support factory attestation.
Bug: b/219962281
Test: Run vts tests.
Change-Id: Ie3f3f33f773227d879e11f11e2ef0eaee33db648
|
|
am: 3056221f7c
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2033925
Change-Id: I2783a11812212640bbca13a8fd0faadba57e7103
|
|
Bug: 223537775
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: Ib77d52e4a91233c936b3a44f5eac71f53b2af450
|
|
blockmodes-ECB,CBC,GCM,CTR)" am: 90019d46c2 am: bfdd991c76 am: 8be10ddce6
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2007030
Change-Id: Iffe169fcff0a11478672bf8f5895a93fcdcc9003
|
|
Change mentioned above is done in VTS for Keymaster4.0
and Keymint
Test: VTS tests with tradefed
Change-Id: Id62fdce65131ee00c88e5849955a937f1c171748
|
|
parameters" am: 72358dab6a am: 9a7ab7c60b am: 140062e6fb
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1895034
Change-Id: If1d224518b75ce8d90061aa243ad3959fed6b5f1
|
|
parameters"
|
|
Run keymint Vts tests." am: 0f7d419136 am: c1603e8ef5 am: 07c1601d5f
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1972595
Change-Id: I27812795afb51c66ebacc735b1986bd508c71cc4
|
|
A VTS testcase is added to validate Asymmetric key generation fails if TAG_CERTIFICATE_NOT_(BEFORE/AFTER) is missing.
Also updated DeviceUniqueAttestationTest to set validity in
AuthorizationSetBuilder using .SetDefaultValidity().
Bug: 205679495
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: Ibf63a6c8e173326502c7bf1b8f3af8666ecb1caf
|
|
Test: Run keymint Vts tests.
Change-Id: I8055fef8df5ec77e317f810f9b95a53311b23cf0
|
|
b6b6d6151c am: 5225d85341
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1939114
Change-Id: I03ab9d0df56a8e939b11d45d0401566f937a4959
|
|
* changes:
KeyMint VTS: police Ed25519 msg size limit
KeyMint VTS: test curve 25519 functionality
|
|
Ed25519 signing operations require the secure world to accumulate the
entirety of the message; consequently, impose a limit on message size
for this operation.
Bug: 194358913
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibfb6a54c1d546b5b4e51f42795d2bb4660add772
|
|
ffacdad4a9
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1949538
Change-Id: I297f1b3a562df834c4021cdf5bfd395fa49cbc5a
|
|
Various block cipher testing fixups. Some of these changes reflect edge
cases I encountered when running local GSC builds.
Change:
* Extend ciphertext lengths.
* Add SCOPED_TRACE() within for loops.
* Use '\t' instead of 'a' for PKCS7 padding.
Test: CTS/VTS
Signed-off-by: Brian J Murray <brianjmurray@google.com>
Change-Id: I4555519787e0133367ad3f40609d43a7bc71c36e
|
|
- Add CURVE_25519 as a supported curve for EC operations.
- Add a helper that checks whether the HAL is of a version that is
expected to support curve 25519, and skip relevant tests if not.
- Ed25519 support
- Update KeyMintAidlTestBase::LocalVerifyMessage to cope with a public
key of type EVP_PKEY_ED25519.
- Add a test key pair generated with openssl command line.
- Key generation test
- Key import test for raw format
- Key import test for PKCS#8 format
- Key import failures tests
- Signature test
- Check that purposes cannot be combined (Ed25519 != X25519)
- Check that Ed25519 key can be attested to
- Implicitly check that an Ed25519 key can be used for attestation
(as it is in ValidCurves())
- Force Digest::NONE for Ed25519 throughout.
- X25519 support
- Add a test key pair generated with openssl command line.
- Key generation test
- Key import test for raw format
- Key import test for PKCS#8 format
- Key import failures tests
- Key agreement test, including...
- Refactoring of existing key agreement test for re-use
- Update key agreement checks to cope with a public key of type
EVP_PLEY_X25519.
- Key agreement test using imported key
- Check that purposes cannot be combined (Ed25519 != X25519)
Bug: 194358913
Test: VtsAidlKeyMintTargetTest
Change-Id: Ifa0f95fdfba4387843c8e821c2ca977da0488fa6
|
|
0a3c90f904 am: bb5882c6b3 am: 1cce1762fe
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1918628
Change-Id: Ie6b1966ff710b4fea1275c8b06b329f9b451910f
|
|
|
|
For the time being, allow the version number in the attestation record
to be 100 even if the AIDL version is 2, so that implementations don't
have to update both versions simultaneously.
Bug: 194358913
Test: TreeHugger, VtsAidlKeyMintTargetTest
Change-Id: I9aae69327a62014e286ce30ca2a4d91c4c280714
|
|
02c4ee0dca am: 35392ef70e am: 6e2b1afdeb
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1844276
Change-Id: Idd7c93ed9a4ad0b36ce06006cef11f0990b7ffcf
|
|
|
|
am: 07069c9e35 am: e41208c9b4 am: 3d160da02b
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1920687
Change-Id: I3ead1f90d9a091b16eaa938e9640978c75ad9f6e
|
|
|
|
e76045d7b098b6f1a216472c23c41031b96b8a13
Change-Id: Ia167fd45b6e590e34523810ee10118c5c141f538
|
|
am: f121b2c2bb am: 4df4387267 am: 633046efb2
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1918632
Change-Id: I465283c26ef3a281a07a83dbe3c33a138c2eac75
|
|
fails" am: 924613950c am: 309c32adb7 am: a7ee9f53ed am: 4a9da1da1a
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1915101
Change-Id: Ifb396f5f61426d445dcbb20453f5b42ea42347e6
|
|
|
|
5a63e3ea57 am: e373da49f8 am: e274e87d59
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1900930
Change-Id: Id2cc500639fe34fdd84fbbaa67c5092033b51267
|
|
Revert "Bump keystore2 AIDL API version 1->2"
Revert "Advertise support of KeyMint V2"
Revert submission 1900930-version-bump
Reason for revert: Broken build on sc-qpr1-dev-plus-aosp, b/210450339
Reverted Changes:
I42a9b854f:keystore2: cope with new curve25519 enum
I167d568d6:Bump keystore2 AIDL API version 1->2
I3a16d072e:Advertise support of KeyMint V2
Ibf2325329:KeyMint HAL: add curve 25519, bump version
Change-Id: I78d4b07c41aa6bfeb367b56a58deeac6adb6ec46
|
|
|
|
Marked as required for TRUSTED_ENVIRONMENT impls but not STRONGBOX.
Bump keymint HAL version 1->2 in defaults and in current compatibility
matrix.
Bug: 194358913
Test: build
Change-Id: Ibf2325329f0656a2d1fc416c2f9a74d505d0bf20
|
|
A VTS test case to verify HMAC signature verification fails if data or
signature is currupted.
Bug: 209452930
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I2177fd99cfab4ef4a347d50461db0d2e3ad8c612
|
|
8a2977f698 am: 4f6428aada am: 8e2cc360ee
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1907696
Change-Id: I1254ed22f8ecdefccbffa0531256a18ae2089c38
|
|
|
|
The KeyMint spec requires that all generated keys include the
BOOT_PATCHLEVEL for the device.
However, the VTS test sometimes gets run in an environment where this
is not possible; specifically the Trusty QEMU tests don't have the
bootloader -> KeyMint communication that is needed to populate this
information.
Add a command line flag that disables checks for BOOT_PATCHLEVEL to
cope with these scenarios, making sure that it defaults to having the
checks enabled.
Test: VtsAidlKeyMintTargetTest
Change-Id: I215c8a18afbd68af199d49f74b977ad7cac6b805
|
|
02951d1167 am: d1c5ed5bec
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1903312
Change-Id: I803c4549b635d900934403c775886b1153b91a12
|
|
Transfer the fix in http://aosp/1745035 from the KeyMint VTS test back
into the keymaster VTS test.
Bug: 189261752
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5f0a69255cfe980dd6e71fa29ff06a84cb668f6d
|
|
f103c76afe am: 37afdad0c5 am: 6a20b8d8c2
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1877242
Change-Id: Iab4f133f9ccbb5afcf04d05cd46ba316f38c03e2
|
|
Test that specifying RESET_SINCE_ID_ROTATION results in a different
unique ID value.
Test: VtsAidlKeyMintTargetTest
Bug: 202487002
Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
|
|
The KeyMint spec has always required that keys with the ATTEST_KEY
purpose "must not have any other purpose".
Add explicit tests for combined-purpose keys to be rejected.
Also expand the spec text to require a specific error code, and to
explain the rationale for single-purpose ATTEST_KEY keys.
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: I2a2014f0ddc497128ba51bb3f43671f759789912
|
|
010a23aa0d am: 460d22a4da am: f6a0f5fb9d am: 44d56954a2
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1853960
Change-Id: Ifb0d3669578cd75b964c74b40e9032a31c89261c
|
