diff --git a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl index 461357d4e3..2a4cba1f0e 100644 --- a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl +++ b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl @@ -134,6 +134,10 @@ interface IRemotelyProvisionedComponent { * are marked (see the definition of PublicKey in the MacedPublicKey structure) to * prevent them from being confused with production keys. * + * This parameter has been deprecated since version 3 of the HAL and will always be + * false. From v3, if this parameter is true, the method must raise a + * ServiceSpecificException with an error of code of STATUS_REMOVED. + * * @param out MacedPublicKey macedPublicKey contains the public key of the generated key pair, * MACed so that generateCertificateRequest can easily verify, without the * privateKeyHandle, that the contained public key is for remote certification. diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp index 94bfbb48de..8906543e7f 100644 --- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp @@ -47,7 +47,11 @@ using ::std::vector; namespace { constexpr int32_t VERSION_WITH_UNIQUE_ID_SUPPORT = 2; + +constexpr int32_t VERSION_WITHOUT_EEK = 3; constexpr int32_t VERSION_WITHOUT_TEST_MODE = 3; +constexpr int32_t VERSION_WITH_CERTIFICATE_REQUEST_V2 = 3; +constexpr int32_t VERSION_WITH_SUPPORTED_NUM_KEYS_IN_CSR = 3; constexpr uint8_t MIN_CHALLENGE_SIZE = 0; constexpr uint8_t MAX_CHALLENGE_SIZE = 64; @@ -226,21 +230,13 @@ TEST_P(GetHardwareInfoTests, supportsValidCurve) { RpcHardwareInfo hwInfo; ASSERT_TRUE(provisionable_->getHardwareInfo(&hwInfo).isOk()); - const std::set validCurves = {RpcHardwareInfo::CURVE_P256, RpcHardwareInfo::CURVE_25519}; - // First check for the implementations that supports only IRPC V3+. - if (rpcHardwareInfo.versionNumber >= VERSION_WITHOUT_TEST_MODE) { - bytevec keysToSignMac; - DeviceInfo deviceInfo; - ProtectedData protectedData; - auto status = provisionable_->generateCertificateRequest(false, {}, {}, {}, &deviceInfo, - &protectedData, &keysToSignMac); - if (!status.isOk() && - (status.getServiceSpecificError() == BnRemotelyProvisionedComponent::STATUS_REMOVED)) { - ASSERT_EQ(hwInfo.supportedEekCurve, RpcHardwareInfo::CURVE_NONE) - << "Invalid curve: " << hwInfo.supportedEekCurve; - return; - } + if (rpcHardwareInfo.versionNumber >= VERSION_WITHOUT_EEK) { + ASSERT_EQ(hwInfo.supportedEekCurve, RpcHardwareInfo::CURVE_NONE) + << "Invalid curve: " << hwInfo.supportedEekCurve; + return; } + + const std::set validCurves = {RpcHardwareInfo::CURVE_P256, RpcHardwareInfo::CURVE_25519}; ASSERT_EQ(validCurves.count(hwInfo.supportedEekCurve), 1) << "Invalid curve: " << hwInfo.supportedEekCurve; } @@ -264,7 +260,7 @@ TEST_P(GetHardwareInfoTests, uniqueId) { * Verify implementation supports at least MIN_SUPPORTED_NUM_KEYS_IN_CSR keys in a CSR. */ TEST_P(GetHardwareInfoTests, supportedNumKeysInCsr) { - if (rpcHardwareInfo.versionNumber < VERSION_WITHOUT_TEST_MODE) { + if (rpcHardwareInfo.versionNumber < VERSION_WITH_SUPPORTED_NUM_KEYS_IN_CSR) { return; } @@ -365,6 +361,13 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_testMode) { bytevec privateKeyBlob; bool testMode = true; auto status = provisionable_->generateEcdsaP256KeyPair(testMode, &macedPubKey, &privateKeyBlob); + + if (rpcHardwareInfo.versionNumber >= VERSION_WITHOUT_TEST_MODE) { + ASSERT_FALSE(status.isOk()); + EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_REMOVED); + return; + } + ASSERT_TRUE(status.isOk()); check_maced_pubkey(macedPubKey, testMode, nullptr); } @@ -410,7 +413,7 @@ class CertificateRequestTest : public CertificateRequestTestBase { CertificateRequestTestBase::SetUp(); ASSERT_FALSE(HasFatalFailure()); - if (rpcHardwareInfo.versionNumber >= VERSION_WITHOUT_TEST_MODE) { + if (rpcHardwareInfo.versionNumber >= VERSION_WITH_CERTIFICATE_REQUEST_V2) { GTEST_SKIP() << "This test case only applies to RKP v1 and v2. " << "RKP version discovered: " << rpcHardwareInfo.versionNumber; } @@ -688,7 +691,7 @@ class CertificateRequestV2Test : public CertificateRequestTestBase { CertificateRequestTestBase::SetUp(); ASSERT_FALSE(HasFatalFailure()); - if (rpcHardwareInfo.versionNumber < VERSION_WITHOUT_TEST_MODE) { + if (rpcHardwareInfo.versionNumber < VERSION_WITH_CERTIFICATE_REQUEST_V2) { GTEST_SKIP() << "This test case only applies to RKP v3 and above. " << "RKP version discovered: " << rpcHardwareInfo.versionNumber; } @@ -802,23 +805,23 @@ TEST_P(CertificateRequestV2Test, NonEmptyRequestCorruptMac) { } /** - * Generate a non-empty certificate request in prod mode, with test keys. Must fail with - * STATUS_TEST_KEY_IN_PRODUCTION_REQUEST. + * Call generateCertificateRequest(). Make sure it's removed. */ -TEST_P(CertificateRequestV2Test, NonEmptyRequest_testKeyInProdCert) { - generateKeys(true /* testMode */, 1 /* numKeys */); - - bytevec csr; - auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr); +TEST_P(CertificateRequestV2Test, CertificateRequestV1Removed_prodMode) { + bytevec keysToSignMac; + DeviceInfo deviceInfo; + ProtectedData protectedData; + auto status = provisionable_->generateCertificateRequest( + false /* testMode */, {} /* keysToSign */, {} /* EEK chain */, challenge_, &deviceInfo, + &protectedData, &keysToSignMac); ASSERT_FALSE(status.isOk()) << status.getMessage(); - ASSERT_EQ(status.getServiceSpecificError(), - BnRemotelyProvisionedComponent::STATUS_TEST_KEY_IN_PRODUCTION_REQUEST); + EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_REMOVED); } /** - * Call generateCertificateRequest(). Make sure it's removed. + * Call generateCertificateRequest() in test mode. Make sure it's removed. */ -TEST_P(CertificateRequestV2Test, CertificateRequestV1Removed) { +TEST_P(CertificateRequestV2Test, CertificateRequestV1Removed_testMode) { bytevec keysToSignMac; DeviceInfo deviceInfo; ProtectedData protectedData;