summaryrefslogtreecommitdiff
path: root/security/keymint/support/include
AgeCommit message (Collapse)Author
2022-03-10remote_prov_utils: Add instance name in the JSON outputTommy Chiu
Bug: 223509807 Test: libkeymint_remote_prov_support_test Change-Id: I45d2ee46f6fe3c8a7da55c7cc0b04fc007ddea43
2022-02-23Support for P256 curve in RKP for Strongboxsubrahmanyaman
Test: Run Rkp Vts tests. Change-Id: Ic38fd2318dd8749ae125f1e78d25f2722bd367e5
2021-10-14Specify KeyMint EC keys by curve not sizeDavid Drysdale
Future addition of extra curves means that key size is not enough to identify the particular EC curve required. Use the EcCurve enum instead. Test: VtsHalRemotelyProvisionedComponentTargetTest Change-Id: Ia6b7d86a387cfc06db05e4ba6ff8f331e9c6345f
2021-07-01Add a utility to JSON-format a CSR with build infoSeth Moore
We need both the build fingerprint as well as the CSR when uploading data to the APFE provisioning server. Add a utility function to format the output as a JSON blob so that it may be easily collected in the factory in a serialized data format, then later uploaded. Test: libkeymint_remote_prov_support_test Test: VtsAidlKeyMintTargetTest Test: VtsHalRemotelyProvisionedComponentTargetTest Bug: 191301285 Change-Id: I751c5461876d83251869539f1a395ba13cb5cf84
2021-06-25Add real GEEK for RKP factory enrollmentSeth Moore
Include a unit test to verify the GEEK cert chain is valid. Test: libkeymint_remote_prov_support_test Bug: 191301285 Change-Id: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd Merged-In: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
2021-04-30Test for patchlevels and too much entropyDavid Drysdale
Add tests for: - Too much entropy should be rejected with INVALID_INPUT_LENGTH - All authorization lists should include a vendor and boot patchlevel. These requirements are in both the KeyMint and the KeyMaster 4.0 AIDL specificications, but have never been policed before. Currently disabled with a command-line flag because CF does not have the patchlevels and so fails lots of tests. Test: VtsKeyMintAidlTargetTest Change-Id: Ic9622ef3f1b80e013a34059218e3e029f392eb72
2021-04-22Added vts tests for certificate subject and serial for variousSelene Huang
algorithms and self sign or non-self sign certificates. Test: atest VtsAidlKeyMintTargetTest Change-Id: I4e9d8db7be500f165c3a9f240ea2dfe00c2a70d1
2021-04-17Porting IRPC functionality.Max Bires
This is the change that removes the functionality that has been shifted over to appropriate classes and contexts in system/keymaster. Test: atest VtsHalRemotelyProvisionedComponentTargetTest Change-Id: I491f4ef823868322ea6a804d88ca09662c099a44
2021-03-29Test that provisioned keys can be used with KeyMintDavid Drysdale
Test: VtsRemotelyProvisionedComponentTests Change-Id: I2f5187bfb4fd1572d10c306377e07a6d167689fa
2021-02-26Add MAX_BOOT_LEVEL tag, BOOT_LEVEL_EXCEEDED errorPaul Crowley
A key with the MAX_BOOT_LEVEL tag cannot be used past a particular stage of device boot. Test: Treehugger Bug: 176450483 Change-Id: I113e3101734736a8621a01ed85969a4ecbe12a68
2021-02-17Add KeyPurpose::ATTEST_KEY.Shawn Willden
This allows applications to generate their own attestation keys and then use them to attest other application-generated keys. Bug: 171845652 Test: VtsAidlKeyMintTargetTest Change-Id: I32add16dcc2d1b29665a88024610f7bef7e50200
2021-02-16Add RemotelyProvisionedComponent HAL.Shawn Willden
Test: VtsHalRemotelyProvisionedComponentTargetTest Change-Id: I51fb01f4c52949c81f3ad2d694a4afdf0fa67788
2021-02-09Fix Keymint VTS test after adding CERTIFICATE_* tagsJanis Danisevskis
Pass required tags to generateKey and importKey. Bug: 179809936 Test: VtsAidlKeyMintTargetTest Change-Id: I762f73de50ca35c2f1ed271385d863910f53dcd2
2021-02-01Keymint: Add CERTIFICATE_* tags required for certificate generation.Janis Danisevskis
Also fixes some formatting. Test: N/A Change-Id: I27e9dcfa638b544ab49befa208b294e55a04f2c1
2021-01-31Keymint Support: Fix keymint_tags.hJanis Danisevskis
authorizationValue checked the uion value tag twice instead of checking the actual tag value. Test: N/A Change-Id: I348b5ac06801a04ca7243088d758374148910d39
2021-01-26Merge "Add limited use keys related tag into KeyMint aidl. And add vts test ↵Treehugger Robot
to verify the tag appears in the key characteristics. also if the tag is enforced in the hardware, afer the usage of the key is exhausted, the key blob should be invalidated from the secure storage (such as RPMB partition)."
2021-01-26KeyMint: Add support for key agreement operation and use it for ECDH.David Zeuthen
Test: VtsAidlKeyMintTargetTest Bug: 171847641 Change-Id: Id9dc0ee3c69d9c2421ce7b0f228580a90411169e
2021-01-22Add limited use keys related tag into KeyMint aidl.Qi Wu
And add vts test to verify the tag appears in the key characteristics. also if the tag is enforced in the hardware, afer the usage of the key is exhausted, the key blob should be invalidated from the secure storage (such as RPMB partition). Bug: b/174140443 Test: atest VtsHalKeyMintV1_0TargetTest Change-Id: Ic65b855c5a8692ab8d1281dd46562ad0844ab1b0
2021-01-20Add basic testing for KeyMint certs.Shawn Willden
This is by no means complete, but it validates basic functionality. More is coming. Test: VtsAidlKeyMintTargetTest Change-Id: I0727a9f5b137b58b9a2f0aaf9935bfdc6525df8f
2021-01-12Change KeyCharacteristicsShawn Willden
Support key characteristics with three security levels, do not store unenforced authorizations with keys or bind them to keys. Bug: 163606833 Test: atest VtsAidlKeyMintTargetTest Change-Id: Idbc523f16d8ef66ec38e0d503ad579a93c49e7b4
2020-12-22Add support and VTS test for RSA OAEP MGF1.Chirag Pathak
Test: atest VtsAidlKeyMintV1_0TargetTest Bug: 160968519 Change-Id: I7093b26217b69ea36b4be8837b42cb9446887685
2020-12-18Revise keymint_tags.hJanis Danisevskis
* replace NullOr with std::optional. * Add mising tag. * Undefine helper macros so that keymint_tags.h can be used together with keymaster_tags.h * Check if KeyParameterValue variant matches KeyParameterTag in accessors. Test: VtsAidlKeyMintTargetTest Change-Id: I6c951071f30fd27c8c21a2e8cc86f421a3bc37d9
2020-12-18Change KeyParameters to use a union.Shawn Willden
AIDL now supports union types. This CL changes KeyParameter to use one. Test: VtsAidlKeyMintTargetTest Change-Id: I5112611b161e3de1ea86105ea3c7ed0912036a7b
2020-12-17Keymint: Use ndk_platform.Janis Danisevskis
Test: N/A Change-Id: I7e97d9d475a639cfe92c9e6b01689c9ff80d2abc
2020-12-13Remove authorization set serialization.Shawn Willden
This is no longer needed in KeyMint. Keystore2 implements similar functionality in Rust. Test: Build Change-Id: Ia43716449756935619fb22ef5aba113e420c2687
2020-12-13Various cleanupsShawn Willden
Mostly just removal of old-style #include guards in favor of #pragm once, reorganization of header includes, correction of copyright years, etc. Test: VtsAidlKeyMintTargetTest Change-Id: I070584ecec550a2f133b1c19f36f99e7b5544e7c
2020-12-11Revert^2 "Move keymint to android.hardware.security."Shawn Willden
1ffcdebadd7229af65c575dc1271084b17fe42d7 Bug: 175345910 Bug: 171429297 Exempt-From-Owner-Approval: re-landing topic with no changes in this CL. Change-Id: I691cad252f188b54a8076589d9955774d74d4729
2020-12-11Revert "Move keymint to android.hardware.security."Orion Hodson
Revert "Keystore 2.0 SPI: Move keymint spec to security namespace." Revert "Keystore 2.0: Move keymint spec to security namespace." Revert "Keystore 2.0: Move keymint spec to security namespace." Revert "Move keymint to android.hardware.security." Revert "Configure CF to start KeyMint service by default." Revert "Move keymint to android.hardware.security." Revert "Move keymint to android.hardware.security." Revert submission 1522123-move_keymint Reason for revert: Build breakage Bug: 175345910 Bug: 171429297 Reverted Changes: Ief0e9884a:Keystore 2.0: Move keymint spec to security namesp... Idb54e8846:Keystore 2.0: Move keymint spec to security namesp... I9f70db0e4:Remove references to keymint1 I2b4ce3349:Keystore 2.0 SPI: Move keymint spec to security na... I2498073aa:Move keymint to android.hardware.security. I098711e7d:Move keymint to android.hardware.security. I3ec8d70fe:Configure CF to start KeyMint service by default. Icbb373c50:Move keymint to android.hardware.security. I86bccf40e:Move keymint to android.hardware.security. Change-Id: I160cae568ed6b15698bd0af0b19c6c949528762d
2020-12-09Move keymint to android.hardware.security.Shawn Willden
Test: VtsAidlKeyMintTargetTest Change-Id: I2498073aa834584229e9a4955a97f279a94d1dd5
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 20:44:07 +0000