summaryrefslogtreecommitdiff
path: root/security/keymint/aidl
Commit message (Collapse)AuthorAgeFilesLines
* Merge "KeyMint VTS: don't combine ATTEST_KEY with SIGN" into sc-v2-devDavid Drysdale2021-11-301-15/+15
|\
| * KeyMint VTS: don't combine ATTEST_KEY with SIGNDavid Drysdale2021-11-291-15/+15
| | | | | | | | | | | | | | | | | | | | | | Update the VTS tests so that attestation keys are not created with another purpose. Bug: 197096139 Test: VtsAidlKeyMintTargetTest Merged-In: Ib6e4ad98cbe5c3015138854679b11fa0e683ade9 Change-Id: Ib6e4ad98cbe5c3015138854679b11fa0e683ade9 Ignore-AOSP-First: cross-merge from aosp/master
* | KeyMint VTS: extra unique ID testDavid Drysdale2021-11-102-18/+34
| | | | | | | | | | | | | | | | | | Test that specifying RESET_SINCE_ID_ROTATION results in a different unique ID value. Test: VtsAidlKeyMintTargetTest Bug: 202487002 Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
* | KeyMint VTS: check INCLUDE_UNIQUE_ID worksDavid Drysdale2021-11-103-2/+96
|/ | | | | | | | Bug: 202487002 Test: atest VtsAidlKeyMintTargetTest (on CF, O6) Merged-In: I8bc674b47549aa1133f816c510289774db752e04 Change-Id: I8bc674b47549aa1133f816c510289774db752e04 Ignore-AOSP-First: already in aosp/master
* Disable KeyMint -> IRemotelyProvisionedComponent test am: 11860f2984David Drysdale2021-09-081-1/+5
|\ | | | | | | | | | | Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15787697 Change-Id: I4ccd90ddad225c6a0b3db4c39f0eca08c985dcb0
| * Disable KeyMint -> IRemotelyProvisionedComponent testDavid Drysdale2021-09-081-1/+5
| | | | | | | | | | | | | | | | | | Not required yet. Test: VtsAidlKeyMintTargetTest Bug: 186586864 Change-Id: Ie8fecc4ea4795d7fa4fd6bcf0e6d8013c15f50e5 Merged-In: Ie8fecc4ea4795d7fa4fd6bcf0e6d8013c15f50e5
* | Merge "AesInvalidKeySize skip 192 on SB devices" into sc-devMax Bires2021-08-201-1/+2
|\ \
| * | AesInvalidKeySize skip 192 on SB devicesMax Bires2021-08-191-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change clarifies the language to specify that StrongBox devices must only support key sizes of 128 and 256. Additionally, it changes the new AesInvalidKeySize test to only enforce against StrongBox instances on devices that launch on S or later, not previously launched devices. Ignore-AOSP-First: CP to AOSP Bug: 191736606 Test: Test passes on a StrongBox enabled device Change-Id: Ic0ff19d2d19d6e18dfbc0fad4b8182264f36b2f6
* | | KeyMint VTS: add missing purpose/algoDavid Drysdale2021-08-191-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Test was producing an invalid set of parameters in a different way than intended. Bug: 197222749 Test: VtsAidlKeyMintTargetTest Merged-In: I07f706fec81d91e8eee9c0561428142559c54f12 Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12 Ignore-AOSP-First: this is a manual cross-merge
* | | Merge "Revert "AesInvalidKeySize skip 192 on SB devices"" into sc-devBill Richardson2021-08-181-2/+1
|\ \ \
| * | | Revert "AesInvalidKeySize skip 192 on SB devices"Max Bires2021-08-171-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit eb8b0577e87ac19fce7c307b542fa9406857d48a. Reason for revert: Broke a different TEE implementation Bug: 196922051 Change-Id: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
* | | | Merge "AesInvalidKeySize skip 192 on SB devices" into sc-devMax Bires2021-08-131-1/+2
|\| | |
| * | | AesInvalidKeySize skip 192 on SB devicesMax Bires2021-08-091-1/+2
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change clarifies the language to specify that StrongBox devices must only support key sizes of 128 and 256. Additionally, it changes the new AesInvalidKeySize test to only enforce against StrongBox instances on devices that launch on S or later, not previously launched devices. Ignore-AOSP-First: CP to AOSP Bug: 191736606 Test: Test passes on a StrongBox enabled device Change-Id: I1a27a0d61e5247ad90c8f5b1423f2a1567016bac
* | / KeyMint VTS: catch empty cert chainsDavid Drysdale2021-08-111-0/+3
| |/ |/| | | | | | | | | | | | | | | | | | | Explicitly detect empty cert chains returned by GenerateKey rather than crashing when trying to dereference the first entry. Bug: 195605180 Test: VtsAidlKeyMintTargetTest Merged-In: Idad2703b458952ff599c6ccdd04a941aef7aedde Change-Id: Idad2703b458952ff599c6ccdd04a941aef7aedde Ignore-AOSP-First: already merged in aosp/master
* | Allow uninstantiated remote provisioning testsSeth Moore2021-07-271-0/+1
|/ | | | | | | | | | Not all devices have an IRemotelyProvisionedComponent HAL, so on those devices 0 of the tests in VtsRemotelyProvisionedComponentTests will be run. Fixes: 194770385 Test: Ran tests on two devices: one with and one without the HAL. Change-Id: I8624096158f29058189dfab7cd876804ae178e60
* Add VtsRemotelyProvisionedComponentTests configSeth Moore2021-07-202-0/+35
| | | | | | | | | | | | | | VtsHalRemotelyProvisionedComponentTargetTest was picking up the same config file (AndroidTest.xml) as VtsAidlKeyMintTargetTest. When atest or TF was used to run VtsHalRemotelyProvisionedComponentTargetTest, it actually ran VtsAidlKeyMintTargetTest. Add a separate test config file so that we run the correct test binary. Test: atest VtsAidlKeyMintTargetTest Test: atest VtsHalRemotelyProvisionedComponentTargetTest Fixes: 192824779 Change-Id: I7ba0f8d364690209722f9a06c6c0ce2957781beb
* Merge "Don't fail if TAG_ALLOW_WHILE_ON_BODY is missing" into sc-devTreeHugger Robot2021-07-131-6/+4
|\
| * Don't fail if TAG_ALLOW_WHILE_ON_BODY is missingSeth Moore2021-07-121-6/+4
| | | | | | | | | | | | | | | | | | | | The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be supported, and if it is not supported it's a noop. Don't expect the tag to fail with UNSUPPORTED_TAG on devices that don't support it. Test: VtsAidlKeyMintTargetTest Bug: 192222727 Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
* | Merge "KeyMint: Fix device-unique attestation chain specification" into sc-devTreeHugger Robot2021-07-134-10/+27
|\ \ | |/ |/|
| * KeyMint: Fix device-unique attestation chain specificationEran Messeri2021-07-094-10/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix the device-unique attestation chain specification: The chain should have two or three certificates. In case of two certificates, the device-unique key should be used for the self-signed root. In case of three certificates, the device-unique key should be certified by another key (ideally shared by all StrongBox instances from the same manufacturer, to ease validation). Adjust the device-unique attestation tests to accept two or three certificates in the chain. Additionally, the current StrongBox KeyMint implementation can not yet generate fully-valid chains (with matching subjects and issuers), so relax that check. Bug: 191361618 Test: m VtsAidlKeyMintTargetTest Merged-In: I6e6bca33ebb4af67cac8e41a39e9c305d0f1345f Change-Id: Iebefafe72148c919d10308eff7a19fc1bc40c619
* | Update KeyMint VTS tests with prod GEEKSeth Moore2021-07-091-87/+62
| | | | | | | | | | | | | | | | | | | | | | Now that we have the production Google Endpoint Encryption Key, we can update the tests to use the correct GEEK cert chain where applicable. Ignore-AOSP-First: No merge path to aosp, will manually merge Test: VtsHalRemotelyProvisionedComponentTargetTest Test: VtsAidlKeyMintTargetTest Bug: 191301285 Change-Id: I84b557c6bad34741ffe6671fc941d9e266b73241
* | Merge "Add Attestation IDs State to DeviceInfo" into sc-devSeth Moore2021-07-082-14/+7
|\ \
| * | Add Attestation IDs State to DeviceInfoSeth Moore2021-07-082-14/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We will use the 'Attestation IDs State' field in DeviceInfo to determine whether a device is still provisionable or not. Once a production device has left the factory, certain attestated device ids should be fixed, and 'Attestation IDs State' should reflect this by reporting "locked". Remove stale, duplicated DeviceInfo description from ProtectedData.aidl Test: None, just a doc change Bug: 192017485 Change-Id: I4e0a840a8f415b3b410801805a158c46be30ec6a
* | | Merge "Add test ensuring that BCC keys not unique ids" into sc-devTreeHugger Robot2021-07-081-1/+49
|\ \ \
| * | | Add test ensuring that BCC keys not unique idsSeth Moore2021-07-081-1/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Get two test BCCs, then ensure that no repeated keys are found. Ignore-AOSP-First: No merge path to AOSP, will manually port. Bug: 192687735 Test: VtsHalRemotelyProvisionedComponentTargetTest Change-Id: I48f86e7dfa9ab4bc6303a8d1b64ac7ca6ac76bbf
* | | | Merge "Use TagType constants" into sc-devTreeHugger Robot2021-07-081-69/+65
|\ \ \ \ | |_|/ / |/| | |
| * | | Use TagType constantsEran Messeri2021-07-081-69/+65
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that the aidl compiler supports it, use constants from TagType to indicate the type of each tag, rather than duplicating the values of the constants. Test: atest VtsAidlKeyMintTargetTest Bug: 183737811 Merged-In: Ie8af1f00d04fa05c59cfc72692caecbcf2fae483 Change-Id: Ie62b6ee8a8ced05a870711073bb3be16931f3d4d
* / | Annotate some TODOsEran Messeri2021-07-081-1/+4
|/ / | | | | | | | | | | | | | | | | | | | | There are two tags that cannot be currently removed but should be removed in KeyMint V2. Mark them as deprecated and point to the bug for deletion. Bug: 183737811 Test: That it compiles. Change-Id: I98b96cc8c49eb339a998d0abed9216aa57f6b19f Merged-In: I80ccaedeb777fdb249a8cb021db6628da32d6029
* / Correct the description for getKeyCharacteristicsSeth Moore2021-07-011-3/+4
|/ | | | | | | | | | | The description should note that keystore-enforced tags are not to be returned. This is done so that the keymint implementation doesn't have to bother keeping track of tags it's not repsonsible for dealing with. Fixes: 192575557 Test: none (it's just a comment change) Change-Id: I3ff94201c262a5071d271b150dbbf21888d678aa Merged-In: I3ff94201c262a5071d271b150dbbf21888d678aa
* Add a utility to JSON-format a CSR with build infoSeth Moore2021-06-301-34/+20
| | | | | | | | | | | | | We need both the build fingerprint as well as the CSR when uploading data to the APFE provisioning server. Add a utility function to format the output as a JSON blob so that it may be easily collected in the factory in a serialized data format, then later uploaded. Test: libkeymint_remote_prov_support_test Test: VtsAidlKeyMintTargetTest Test: VtsHalRemotelyProvisionedComponentTargetTest Bug: 191301285 Change-Id: I751c5461876d83251869539f1a395ba13cb5cf84
* KeyMint HAL: clarify spec textDavid Drysdale2021-06-282-12/+22
| | | | | | | | | | | | | | | - Make clear that CERTIFICATE_NOT_{BEFORE,AFTER} must be specified for generating/importing asymmetric keys. - Fix enforcement level of Tag::UNLOCKED_DEVICE_REQUIRED. - Fix reference to exportKey() for Tag::STORAGE_KEY to mention convertStorageKeyToEphemeral instead. - Mark Tag::CONFIRMATION_TOKEN as deprecated. Test: none, comment change Bug: 188672564 Merged-In: I68727b024f6b6743403941763aefca64e3eb091a Change-Id: I68727b024f6b6743403941763aefca64e3eb091a Ignore-AOSP-First: already merged in aosp/master
* Merge "Remove ignoreSignature for cose signature checks" into sc-devTreeHugger Robot2021-06-221-2/+1
|\
| * Remove ignoreSignature for cose signature checksSeth Moore2021-06-171-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | This flag is never used anywhere, so just remove it. When used, it would bypass signature checks. This is something we generally don't want to do, even in testing. So remove the flag so there's no temptation to use it. Ignore-AOSP-First: Will cherry-pick to AOSP Bug: 190942528 Test: VtsHalRemotelyProvisionedComponentTargetTest Change-Id: I0433c1eedc08e9a5a5ad71347154867dba61689e
* | KeyMint VTS: require curve for ECDSA keysDavid Drysdale2021-06-213-123/+52
| | | | | | | | | | | | | | | | | | | | | | | | The KeyMint AIDL spec requires that "Tag::EC_CURVE must be provided to generate an ECDSA key". Move the VTS tests to always create ECDSA keys by curve not key size. Bug: 188672564 Test: VtsAidlKeyMintTargetTest Merged-In: I33036387c243b21ab0ecd49221b7e7757598913e Change-Id: I33036387c243b21ab0ecd49221b7e7757598913e Ignore-AOSP-First: already merged in aosp/master
* | KeyMint VTS: more attestation info testsDavid Drysdale2021-06-213-21/+204
| | | | | | | | | | | | | | | | | | | | Try all tags in attestion extension one by one Test: VtsAidlKeyMintTargetTest on CF Bug: 186735514 Merged-In: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d Change-Id: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d Ignore-AOSP-First: already merged in aosp/master
* | Merge "Updating CDDL schemas to match the finalized spec." into sc-devMax Bires2021-06-213-75/+141
|\ \ | |/ |/|
| * Updating CDDL schemas to match the finalized spec.Max Bires2021-05-263-75/+141
| | | | | | | | | | | | | | | | | | | | | | | | This primarily updates CDDL to allow for OEMs who wish to use P256 instead of Ed25519 to do so. One structural change of note that affects all implementors is that SignedMacAad now includes the tag from the COSE_Mac0 of MacedKeysToSign to prevent a potential vulnerability that would exist if an attacker compromised the server's EEK private key. Bug: 189018262 Test: Purely a comment change Change-Id: I043a19c6aba0f771315d45c04ab5263b610b5de8
* | KeyMint VTS: improve attestation testsDavid Drysdale2021-06-173-29/+290
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Check that the various ATTESTATION_ID_* tags are included if they have the correct value, and that keygen fails if they have an invalid value. Also update attestation tags to include vendor/boot patchlevel if they're available. (They always should be, but fixing that is a separate task.) Bug: 190757200 Test: VtsAidlKeyMintTargetTest Change-Id: Ibaed7364c6d08c0982e2a9fb6cb864ae42cf39fe
* | Improve unique attestation docs & testsEran Messeri2021-06-162-6/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve the documentation and tests related to device-unique attestation on StrongBox KeyMint devices: * Test that the chain produced is exactly of length 2. * Document how the chain needs to be structured. * Explain the trust properties of the key used for the self-signed root. Test: atest VtsAidlKeyMintTargetTest Bug: 187803288 Ignore-AOSP-First: Already merged in AOSP Merged-In: I09bb16d6938b567c114485d2df00bde9d3e1ccf9 Change-Id: Ib7efdd428ce5a2e14c281077e3a77048c9721702
* | KeyMint: sync all attestation tagsDavid Drysdale2021-06-091-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | Get description of ASN.1 schema in HAL and the keymint support library in sync with each other. Change code to always list tags in the same order (by numeric tag). Bug: 188672564 Bug: 186735514 Test: VtsAidlKeyMintTargetTest Merged-In: I620f54ba4a265ea69d174f6f44765a8508bfe803 Change-Id: I620f54ba4a265ea69d174f6f44765a8508bfe803 Ignore-AOSP-First: already merged into aosp/master
* | KeyMint VTS: better early boot key testsDavid Drysdale2021-06-082-31/+68
| | | | | | | | | | | | | | | | | | | | | | Add a check that the TAG_EARLY_BOOT_ONLY is included in the returned key characteristics. Bug: 188672564 Test: VtsAidlKeyMintTargetTest Merged-In: I200c61f34888c720c47f6289d79cd21d78436b58 Change-Id: I200c61f34888c720c47f6289d79cd21d78436b58 Ignore-AOSP-First: already merged in aosp/master
* | KeyMint VTS: test getKeyCharacteristics()David Drysdale2021-06-074-0/+114
| | | | | | | | | | | | | | | | | | Bug: 186685601 Bug: 188855306 Test: VtsAidlKeyMintTargetTest Merged-In: Icf400533b0ded98b9338f2d782d95d90c7efbff4 Change-Id: Icf400533b0ded98b9338f2d782d95d90c7efbff4 Ignore-AOSP-First: already merged in aosp/master
* | Fixing tests to reflect change in CDDLMax Bires2021-05-261-0/+1
|/ | | | | | | | | | | This fixes up the tests to go along with the change to the signature of the MAC key. Primarily, this adds the MAC tag from the MACing operation over the public key set to be signed into the AAD of the signature of said MAC key. Bug: 189018262 Test: atest VtsHalRemotelyProvisionedComponentTargetTest Change-Id: Ibdcf242e0ae73dee1a08fe98d939130055e4492e
* Merge "Freeze AIDL APIs for SC" into sc-devJiyong Park2021-05-2531-0/+1392
|\
| * Freeze AIDL APIs for SCJiyong Park2021-05-2531-0/+1392
| | | | | | | | | | | | | | | | Ignore-AOSP-First: part of SC finalization Bug: 188713899 Test: m Change-Id: Iee18cd05954dc8ea08cc4f985499a70977d1af4f
* | Merge "Shifting VTS libs to static_lib entry" into sc-devMax Bires2021-05-251-4/+4
|\ \
| * | Shifting VTS libs to static_lib entryMax Bires2021-05-231-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If these HALs aren't present on the device, then the test runner will fail due to test binary trying to dynamically link to libs that aren't present. Statically linking them will allow the test to fail gracefully when the test harness sees that the HAL interfaces aren't available on device. Fixes: 184797684 Test: atest VtsAidlKeyMintTargetTest Change-Id: I0f8dea081a51256cfb0e50d6af20038e2b8f1f07
* | | Generate COSE MAC with a callback, not raw keySeth Moore2021-05-241-4/+9
| |/ |/| | | | | | | | | | | | | | | | | The cppcose_rkp library was updated to generate MAC via callback instead of passing keys around to allow for stronger MAC key protection. Bug: 182928606 Test: VtsHalRemotelyProvisionedComponentTargetTest Test: RemoteProvisionerUnitTests Change-Id: Ia8a0410408fe3064e904c5282b52f172f8134b9a
* | Merge "KeyMint: improve HAL spec and tests" into sc-devDavid Drysdale2021-05-216-6/+71
|\ \
| * | KeyMint: improve HAL spec and testsDavid Drysdale2021-05-216-6/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - clarify & test BIGNUM spec - allow alternative return codes when requesting device unique attestation - use specific error for early boot import failure - test more early boot key scenarios (in post-early-boot mode) Bug: 188672564 Test: VtsAidlKeyMintTargetTest Merged-In: I70a342084a29144aef1ed0ff80fec02cc06ffbc0 Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 15:37:21 +0000