Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-02 10:05:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "Add an implementation defined limit on number of keys in CSR" am: 2ac5066335

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2275693

Change-Id: I24b6cf6e126721343aa9c4fffa29a7df69336c8d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
Tri Vo
2022-11-16 03:49:09 +00:00
committed by Automerger Merge Worker
parent ef8b8b95d2 2ac5066335
commit 2d5941a525
4 changed files with 31 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
View File

@@ -251,6 +251,19 @@ TEST_P(GetHardwareInfoTests, uniqueId) {
EXPECT_LE(hwInfo.uniqueId->size(), 32);
}
/**
* Verify implementation supports at least MIN_SUPPORTED_NUM_KEYS_IN_CSR keys in a CSR.
*/
TEST_P(GetHardwareInfoTests, supportedNumKeysInCsr) {
if (rpcHardwareInfo.versionNumber < VERSION_WITHOUT_TEST_MODE) {
return;
}
RpcHardwareInfo hwInfo;
ASSERT_TRUE(provisionable_->getHardwareInfo(&hwInfo).isOk());
ASSERT_GE(hwInfo.supportedNumKeysInCsr, RpcHardwareInfo::MIN_SUPPORTED_NUM_KEYS_IN_CSR);
}
using GenerateKeyTests = VtsRemotelyProvisionedComponentTests;
INSTANTIATE_REM_PROV_AIDL_TEST(GenerateKeyTests);
@@ -728,8 +741,7 @@ TEST_P(CertificateRequestV2Test, NonEmptyRequestReproducible) {
* Generate a non-empty certificate request with multiple keys.
*/
TEST_P(CertificateRequestV2Test, NonEmptyRequestMultipleKeys) {
// TODO(b/254137722): define a minimum number of keys that must be supported.
generateKeys(false /* testMode */, 5 /* numKeys */);
generateKeys(false /* testMode */, rpcHardwareInfo.supportedNumKeysInCsr /* numKeys */);
bytevec csr;

3
security/rkp/CHANGELOG.md
View File

@@ -36,4 +36,5 @@ This document provides an exact description of which changes have occurred in th
* the chain of signing, MACing, and encryption operations has been replaced with a single
COSE_Sign1 object.
* CertificateType has been added to identify the type of certificate being requested.
* RpcHardwareInfo
* `supportedNumKeysInCsr` added to report the maximum number of keys supported in a CSR.

2
security/rkp/aidl/aidl_api/android.hardware.security.rkp/current/android/hardware/security/keymint/RpcHardwareInfo.aidl
View File

@@ -39,7 +39,9 @@ parcelable RpcHardwareInfo {
@utf8InCpp String rpcAuthorName;
int supportedEekCurve = 0;
@nullable @utf8InCpp String uniqueId;
int supportedNumKeysInCsr = 4;
const int CURVE_NONE = 0;
const int CURVE_P256 = 1;
const int CURVE_25519 = 2;
const int MIN_SUPPORTED_NUM_KEYS_IN_CSR = 20;
}

13
security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
View File

@@ -74,4 +74,17 @@ parcelable RpcHardwareInfo {
*
*/
@nullable @utf8InCpp String uniqueId;
/**
* supportedNumKeysInCsr is the maximum number of keys in a CSR that this implementation can
* support. This value is implementation defined.
*
* From version 3 onwards, supportedNumKeysInCsr must be larger or equal to
* MIN_SUPPORTED_NUM_KEYS_IN_CSR.
*
* The default value was chosen as the value enforced by the VTS test in versions 1 and 2 of
* this interface.
*/
const int MIN_SUPPORTED_NUM_KEYS_IN_CSR = 20;
int supportedNumKeysInCsr = 4;
}