summaryrefslogtreecommitdiff
path: root/security/keymint/aidl/vts/functional/KeyMintTest.cpp
Commit message (Collapse)AuthorAgeFilesLines
* KeyMint VTS: extra unique ID testDavid Drysdale2021-11-101-2/+10
| | | | | | | | | Test that specifying RESET_SINCE_ID_ROTATION results in a different unique ID value. Test: VtsAidlKeyMintTargetTest Bug: 202487002 Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
* KeyMint VTS: check INCLUDE_UNIQUE_ID worksDavid Drysdale2021-11-101-0/+88
| | | | | | | | Bug: 202487002 Test: atest VtsAidlKeyMintTargetTest (on CF, O6) Merged-In: I8bc674b47549aa1133f816c510289774db752e04 Change-Id: I8bc674b47549aa1133f816c510289774db752e04 Ignore-AOSP-First: already in aosp/master
* Disable KeyMint -> IRemotelyProvisionedComponent test am: 11860f2984David Drysdale2021-09-081-1/+5
|\ | | | | | | | | | | Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15787697 Change-Id: I4ccd90ddad225c6a0b3db4c39f0eca08c985dcb0
| * Disable KeyMint -> IRemotelyProvisionedComponent testDavid Drysdale2021-09-081-1/+5
| | | | | | | | | | | | | | | | | | Not required yet. Test: VtsAidlKeyMintTargetTest Bug: 186586864 Change-Id: Ie8fecc4ea4795d7fa4fd6bcf0e6d8013c15f50e5 Merged-In: Ie8fecc4ea4795d7fa4fd6bcf0e6d8013c15f50e5
* | KeyMint VTS: add missing purpose/algoDavid Drysdale2021-08-191-2/+3
|/ | | | | | | | | | | Test was producing an invalid set of parameters in a different way than intended. Bug: 197222749 Test: VtsAidlKeyMintTargetTest Merged-In: I07f706fec81d91e8eee9c0561428142559c54f12 Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12 Ignore-AOSP-First: this is a manual cross-merge
* Don't fail if TAG_ALLOW_WHILE_ON_BODY is missingSeth Moore2021-07-121-6/+4
| | | | | | | | | | The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be supported, and if it is not supported it's a noop. Don't expect the tag to fail with UNSUPPORTED_TAG on devices that don't support it. Test: VtsAidlKeyMintTargetTest Bug: 192222727 Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
* KeyMint VTS: require curve for ECDSA keysDavid Drysdale2021-06-211-109/+45
| | | | | | | | | | | | The KeyMint AIDL spec requires that "Tag::EC_CURVE must be provided to generate an ECDSA key". Move the VTS tests to always create ECDSA keys by curve not key size. Bug: 188672564 Test: VtsAidlKeyMintTargetTest Merged-In: I33036387c243b21ab0ecd49221b7e7757598913e Change-Id: I33036387c243b21ab0ecd49221b7e7757598913e Ignore-AOSP-First: already merged in aosp/master
* KeyMint VTS: more attestation info testsDavid Drysdale2021-06-211-0/+166
| | | | | | | | | | Try all tags in attestion extension one by one Test: VtsAidlKeyMintTargetTest on CF Bug: 186735514 Merged-In: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d Change-Id: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d Ignore-AOSP-First: already merged in aosp/master
* KeyMint VTS: better early boot key testsDavid Drysdale2021-06-081-1/+29
| | | | | | | | | | | Add a check that the TAG_EARLY_BOOT_ONLY is included in the returned key characteristics. Bug: 188672564 Test: VtsAidlKeyMintTargetTest Merged-In: I200c61f34888c720c47f6289d79cd21d78436b58 Change-Id: I200c61f34888c720c47f6289d79cd21d78436b58 Ignore-AOSP-First: already merged in aosp/master
* KeyMint VTS: test getKeyCharacteristics()David Drysdale2021-06-071-0/+25
| | | | | | | | | Bug: 186685601 Bug: 188855306 Test: VtsAidlKeyMintTargetTest Merged-In: Icf400533b0ded98b9338f2d782d95d90c7efbff4 Change-Id: Icf400533b0ded98b9338f2d782d95d90c7efbff4 Ignore-AOSP-First: already merged in aosp/master
* Merge "KeyMint: improve HAL spec and tests" into sc-devDavid Drysdale2021-05-211-0/+41
|\
| * KeyMint: improve HAL spec and testsDavid Drysdale2021-05-211-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | - clarify & test BIGNUM spec - allow alternative return codes when requesting device unique attestation - use specific error for early boot import failure - test more early boot key scenarios (in post-early-boot mode) Bug: 188672564 Test: VtsAidlKeyMintTargetTest Merged-In: I70a342084a29144aef1ed0ff80fec02cc06ffbc0 Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
* | Merge "KeyMint vts: Correct the EC curve parameter and some return code" ↵TreeHugger Robot2021-05-211-5/+5
|\ \ | |/ |/| | | into sc-dev
| * KeyMint vts: Correct the EC curve parameter and some return codeTommy Chiu2021-05-181-5/+5
| | | | | | | | | | | | | | | | | | | | | | Strongbox doens't support p-224. Change the curve to p-256 for better compatibility. Also update the tags to be filtered on the hw-enforcement list. Bug: 186735514 Test: VtsAidlKeyMintTargetTest Change-Id: I3f587c5471ca68b88a565ee9ec2e27d1e9e11b17 Merged-In: Ia8eb4c8e28810de5f37295abd8baed6f01b19a3c
* | KeyMint VTS: local RSA encryptionDavid Drysdale2021-05-171-111/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change RSA encryption (with public key) so it happens locally in the test, rather than by invoking an ENCRYPT operation against KeyMint. - Specify MGF1 digest for OAEP mode as (now) required by AIDL spec. - Drop tests for too-long encryption inputs. - Adjust test comments to reflect decryption-only nature. - Change parameter checking tests to do so on DECRYPT rather than ENCRYPT. Bug: 188385353 Test: VtsAidlKeyMintTargetTest Merged-In: I10c4beea28387eecfd0bc7c5dfd59a1b66fec21e Change-Id: I10c4beea28387eecfd0bc7c5dfd59a1b66fec21e
* | KeyMint VTS: local asymmetric verificationDavid Drysdale2021-05-171-209/+83
|/ | | | | | | | | | Change verification of ECDSA and RSA signatures so it happens locally in the test, rather than by invoking a VERIFY operation against KeyMint. Bug: 188385353 Test: VtsAidlKeyMintTargetTest Merged-In: I0efc30f3c96cd70ac636d34718eff53cc23f1480 Change-Id: I0efc30f3c96cd70ac636d34718eff53cc23f1480
* KeyMint VTS: fix 3DES key sizesDavid Drysdale2021-05-101-5/+5
| | | | | | | DES key size is 7/8 of what's provided. Test: VtsAidlKeyMintTargetTest Change-Id: I645c1df11646d129a9421630cb6e5ed86edb8899
* KeyMint VTS: symmetric import test with bad keylenDavid Drysdale2021-05-051-3/+43
| | | | | Test: VtsAidlKeyMintTargetTest Change-Id: I32ad8ad2ca2b18d3279ebe77ba63b34457ab888d
* Merge "vts: Correct the parameters on strongbox"Tommy Chiu2021-05-051-9/+13
|\
| * vts: Correct the parameters on strongboxTommy Chiu2021-05-041-9/+13
| | | | | | | | | | | | | | | | | | | | | | If GenerateKey() with user-provide key_blob, it needs to be specified in the following begin() operations as well. Update the test case just to take key_blob from private member instead of creating a local one. Note: - Remove redudent TAG_NO_AUTH_REQUIRED in DeviceUniqueAttestationTest Change-Id: I81860294e1e7e01a57e66e08e75507a8292ec0c3
* | More KeyMint VTS testcasesDavid Drysdale2021-04-301-197/+1005
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | Tests for: - non-prime RSA exponent (fails with CF KeyMint) - RSA exponent value of 3 - key size > 512 for `STRONGBOX` - unknown tag inclusion - CBC input size not block size multiple - challenge omitted for attestation (fails with CF KeyMint) - import RSA key with implicit params - vestigial upgradeKey test - importWrappedKey errors - importWrappedKey sids ignored - duplicate/missing params on begin() - more tests for incompatible params on begin() - HMAC size not multiple of 8 (fails with CF KeyMint) - wrong size caller IV for 3DES rejected - too large MIN_MAC_LENGTH for HMAC - invalid AES-GCM minimum MAC length values - check failed updateAad() cancels operation - check that auto-generated nonces are distinct - (DISABLED_) invoke destroyAttestationIds() - omitting optional RSA keygen tags Also add commenting to illustrate the ASN.1 structure of hex data. Test: VtsKeyMintAidlTargetTest Change-Id: I4663c42671cbb094ffe8d603e0352ffa9f1dbf2e
* Test for patchlevels and too much entropyDavid Drysdale2021-04-301-0/+25
| | | | | | | | | | | | | | | Add tests for: - Too much entropy should be rejected with INVALID_INPUT_LENGTH - All authorization lists should include a vendor and boot patchlevel. These requirements are in both the KeyMint and the KeyMaster 4.0 AIDL specificications, but have never been policed before. Currently disabled with a command-line flag because CF does not have the patchlevels and so fails lots of tests. Test: VtsKeyMintAidlTargetTest Change-Id: Ic9622ef3f1b80e013a34059218e3e029f392eb72
* Add more symmetric KeyMint testsDavid Drysdale2021-04-301-25/+394
| | | | | | | Also fix some test name comments along the way. Test: VtsKeyMintAidlTargetTest Change-Id: I828acfaa676e1b9fa2e3c6f184f9dafb936b0e82
* Merge "Align KeyMint AIDL with usage"David Drysdale2021-04-271-10/+0
|\
| * Align KeyMint AIDL with usageDavid Drysdale2021-04-221-10/+0
| | | | | | | | | | | | | | | | | | - Make HardwareAuthToken nullable on begin() - Drop unused vestigial performOperation() entrypoint - Drop unused Tag::BLOB_USAGE_REQUIREMENTS Test: TreeHugger, VtsKeyMintAidlTargetTest (CF) Change-Id: I577ac04d843ee6d03cbfb99e56ef3e69eb034532
* | Added vts tests for certificate subject and serial for variousSelene Huang2021-04-221-55/+125
|/ | | | | | | algorithms and self sign or non-self sign certificates. Test: atest VtsAidlKeyMintTargetTest Change-Id: I4e9d8db7be500f165c3a9f240ea2dfe00c2a70d1
* Added 12 various attestation related vts tests.Selene Huang2021-04-201-6/+421
| | | | | | | | | | | | | | | - Check for app id only if challenge is provided. - Verify self sign certificate works for RSA and Ecdsa. - Verified attestation is generated for encryption keys too. - Verify no attestation is generated for symetric keys. - Verify app id is always required when attestation challenge is provided to the new key generation. - Verify app id is ignored when challenge is missing. - Verify app id length is properly encoded. - Added vts tests for various attestation success and fail cases. Test: atest VtsAidlKeyMintTargetTest Change-Id: If29249b0913fd9c2f91d20188ca5cfbaa04bead8
* Add Rsa 2048 import key test for strongbox.Selene Huang2021-04-131-3/+62
| | | | | Test: atest VtsAidlKeyMintTargetTest Change-Id: If228b11fe23d2aaaa68e8ff53f0420c5e5ae62fb
* Check that KeyMint provides IRemotelyProvisionedComponentDavid Drysdale2021-04-121-0/+100
| | | | | | | Move helper utilities across into KeyMintAidlTestBase to allow re-use. Test: VtsHalRemotelyProvisionedComponentTargetTest, VtsAidlKeyMintTargetTest Change-Id: Ib9e55a7d72fd197016ae1a1f073dadedafa09c25
* Add performOperation stub.Shawn Willden2021-03-011-2/+14
| | | | | Test: VtsAidlKeyMintTargetTest Change-Id: I3689fd2993941343c6b9ba503fbe56153742fb3e
* Separate updateAad from update & other cleanupsShawn Willden2021-02-241-144/+50
| | | | | Test: VtsKeyMintAidlTargetTest Change-Id: Ib4ab43dbf2604a7642fb2b551646fd7f0adac615
* Add KeyPurpose::ATTEST_KEY.Shawn Willden2021-02-171-293/+17
| | | | | | | | | This allows applications to generate their own attestation keys and then use them to attest other application-generated keys. Bug: 171845652 Test: VtsAidlKeyMintTargetTest Change-Id: I32add16dcc2d1b29665a88024610f7bef7e50200
* Merge "Add more tests for limited use key feature."Treehugger Robot2021-02-151-2/+55
|\
| * Add more tests for limited use key feature.Qi Wu2021-02-111-2/+55
| | | | | | | | | | | | | | | | Verify that when keymint implementation supports rollback resistance, it must also enforce the single use key in hardware by secure hardware. Test: atest -c VtsAidlKeyMintTargetTest Change-Id: Ib984003247906ded7266da620e2d82e826d916bc
* | Vts tests for earlyBoot and deviceLocked functionality.Chirag Pathak2021-02-101-2/+96
|/ | | | | | | Test: atest VtsAidlKeyMintTargetTest Bug: b/171287439. Change-Id: I41c0b7b6b608b26147669b007225ad6f2d3cdfed
* Fix Keymint VTS test after adding CERTIFICATE_* tagsJanis Danisevskis2021-02-091-84/+155
| | | | | | | | Pass required tags to generateKey and importKey. Bug: 179809936 Test: VtsAidlKeyMintTargetTest Change-Id: I762f73de50ca35c2f1ed271385d863910f53dcd2
* Add more vts tests related to limited use key.Qi Wu2021-02-021-18/+159
| | | | | | | | | | | | 1. Fix test case for usage count limit tag = 1 case, when hardware cannot enforce it, the tag should by enforced by keystore. 2. Add test case for usage count limit tag > 1. 3. Add test case to verify the usage count limit tag appears correctly in the attestation certificate for asymmetic key. Test: atest -c VtsAidlKeyMintTargetTest Change-Id: I01df278b42a91a78c8888c13c4f81b7ec70cfa22
* Merge "Add limited use keys related tag into KeyMint aidl. And add vts test ↵Treehugger Robot2021-01-261-2/+210
|\ | | | | | | to verify the tag appears in the key characteristics. also if the tag is enforced in the hardware, afer the usage of the key is exhausted, the key blob should be invalidated from the secure storage (such as RPMB partition)."
| * Add limited use keys related tag into KeyMint aidl.Qi Wu2021-01-221-2/+210
| | | | | | | | | | | | | | | | | | | | | | | | And add vts test to verify the tag appears in the key characteristics. also if the tag is enforced in the hardware, afer the usage of the key is exhausted, the key blob should be invalidated from the secure storage (such as RPMB partition). Bug: b/174140443 Test: atest VtsHalKeyMintV1_0TargetTest Change-Id: Ic65b855c5a8692ab8d1281dd46562ad0844ab1b0
* | KeyMint: Add support for key agreement operation and use it for ECDH.David Zeuthen2021-01-261-0/+117
|/ | | | | | Test: VtsAidlKeyMintTargetTest Bug: 171847641 Change-Id: Id9dc0ee3c69d9c2421ce7b0f228580a90411169e
* Add basic testing for KeyMint certs.Shawn Willden2021-01-201-13/+319
| | | | | | | | This is by no means complete, but it validates basic functionality. More is coming. Test: VtsAidlKeyMintTargetTest Change-Id: I0727a9f5b137b58b9a2f0aaf9935bfdc6525df8f
* Change KeyCharacteristicsShawn Willden2021-01-121-76/+50
| | | | | | | | | Support key characteristics with three security levels, do not store unenforced authorizations with keys or bind them to keys. Bug: 163606833 Test: atest VtsAidlKeyMintTargetTest Change-Id: Idbc523f16d8ef66ec38e0d503ad579a93c49e7b4
* Add support and VTS test for RSA OAEP MGF1.Chirag Pathak2020-12-221-0/+101
| | | | | | Test: atest VtsAidlKeyMintV1_0TargetTest Bug: 160968519 Change-Id: I7093b26217b69ea36b4be8837b42cb9446887685
* Revise keymint_tags.hJanis Danisevskis2020-12-181-14/+17
| | | | | | | | | | | | * replace NullOr with std::optional. * Add mising tag. * Undefine helper macros so that keymint_tags.h can be used together with keymaster_tags.h * Check if KeyParameterValue variant matches KeyParameterTag in accessors. Test: VtsAidlKeyMintTargetTest Change-Id: I6c951071f30fd27c8c21a2e8cc86f421a3bc37d9
* Keymint: Use ndk_platform.Janis Danisevskis2020-12-171-12/+12
| | | | | Test: N/A Change-Id: I7e97d9d475a639cfe92c9e6b01689c9ff80d2abc
* Revert^2 "Move keymint to android.hardware.security."Shawn Willden2020-12-111-0/+4058
| | | | | | | | | 1ffcdebadd7229af65c575dc1271084b17fe42d7 Bug: 175345910 Bug: 171429297 Exempt-From-Owner-Approval: re-landing topic with no changes in this CL. Change-Id: I691cad252f188b54a8076589d9955774d74d4729
* Revert "Move keymint to android.hardware.security."Orion Hodson2020-12-111-4058/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Revert "Keystore 2.0 SPI: Move keymint spec to security namespace." Revert "Keystore 2.0: Move keymint spec to security namespace." Revert "Keystore 2.0: Move keymint spec to security namespace." Revert "Move keymint to android.hardware.security." Revert "Configure CF to start KeyMint service by default." Revert "Move keymint to android.hardware.security." Revert "Move keymint to android.hardware.security." Revert submission 1522123-move_keymint Reason for revert: Build breakage Bug: 175345910 Bug: 171429297 Reverted Changes: Ief0e9884a:Keystore 2.0: Move keymint spec to security namesp... Idb54e8846:Keystore 2.0: Move keymint spec to security namesp... I9f70db0e4:Remove references to keymint1 I2b4ce3349:Keystore 2.0 SPI: Move keymint spec to security na... I2498073aa:Move keymint to android.hardware.security. I098711e7d:Move keymint to android.hardware.security. I3ec8d70fe:Configure CF to start KeyMint service by default. Icbb373c50:Move keymint to android.hardware.security. I86bccf40e:Move keymint to android.hardware.security. Change-Id: I160cae568ed6b15698bd0af0b19c6c949528762d
* Move keymint to android.hardware.security.Shawn Willden2020-12-091-0/+4058
Test: VtsAidlKeyMintTargetTest Change-Id: I2498073aa834584229e9a4955a97f279a94d1dd5
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-20 17:35:14 +0000