Define a KeyMint tag for a second IMEI to be included in the attestation
record.
Also clarify that the IMEI tag is meant to include one, and only one,
IMEI.
Bug: 244732345
Test: android.keystore.cts.DeviceOwnerKeyManagementTest
Merged-In: I70ecbb0245ba2e517e5d0db0cfdce4525846f3e5
Change-Id: I70ecbb0245ba2e517e5d0db0cfdce4525846f3e5
We are now checking the imports of frozen versions of interfaces and
need mark keystore2 as `frozen: false` so the aidl_interfaces that
import it will import the latest unfrozen version.
Test: hal_implementation_test
Bug: 257338648
Change-Id: Ibcb151abd2fc13e3f7dfbcf515d0f62839d1caf9
"ImportWrappedKeyTest.WrongDigest" tried to wrap a keyBlob by one digest
type and unwrap it by another digest type.
It's been OK for KeyMint implementations to allow unsupported
parameters/characteristics at key generation time, and only police their
use, at begin() time. However if an implementation wants to secure it at
the key generation/importing time the first digest type must be
supported by all implementation.
Bug: 249276913
Test: VtsAidlKeyMintTargetTest
Change-Id: I6bc000026e9e4aec0aa82078a98c75e2d7c56847
Imported interfaces are versioned, i.e. bumping an interface version
necessiates bumping the version of importing interfaces.
Keystore and Identity import KM. We are uprevving KM, so all three need
to be bumped at the same time.
Test: m
Change-Id: I46b253e72f2f245bd628ed2ae1f2f4e0572827e7
Check against version of the interface reported by the HAL rather than
the one from generated code.
AIDL interface are meant to be backwards compatible. Having the HAL
report its version dynamically makes it easier to maintain legacy
behavior while evolving the interface, e.g. we bump IRPC to v3
across our codebase, but devices that already shipped may still behave
as v1/2 devices.
Bug: 235265072
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I49e3a09723590ac1a7c432b11450c1438563c787
The certificate signing request (CSR) CDDL schema comprises and
authentication wrapper and an inner payload containing details of the
request. Seperate these two parts more clearly in the schema with a view
to reusing the authentication wrapper for other messages.
The change of Csr to be defined in terms of the AuthenticatedMessage
generic type has no effective change on the schema.
A version field is added to CsrPayload, formerly SignedDataPayload, so
that the AuthenticatedMessage and CsrPayload schemas can evolve
independently.
The cert_type field of DeviceInfo is moved up a level into CsrPayload.
This means DeviceInfo only contains device information and not other
fields related to the CSR.
The payload of AuthenticatedMessage is not self-describing. The expected
schema of the payload will be inferred from context, for example the
server endpoint the message is sent to.
Bug: 250910137
Test: n/a - comments only
Change-Id: I2c981ec8fe63995779ce119168ad3d9b40d5b8c5
Change the cert_type field from an enum of strings to a tstr type with
the known types documented in comments. The types are part of the
protocol between the HAL implementation and the provisioning server that
is opaque to the Android platform, so there's not need to bump the HAL
version in order to add new certificate types.
Replace the undefined Dcc type/acronym with the term "DICE chain" for
smoother reading.
Make the behaviour of generateCertificateRequest() in the v3 HAL more
explicit by explaining that a ServiceSpecificException should be raised
with the same error code that is currently documented.
Bug: 240312857
Test: n/a - comments only
Change-Id: If5acc388b25fa24d240c936ddefd08943fc6dd8d
Changes:
- correct the sign of the timestamp comparison text
- make updateAad() and finish() refer to the auth text in begin()
- describe auth flows for keys with AUTH_TIMEOUT on devices without
a secure time source
Test: none, comment change only
Change-Id: Ia60a4a949e030a7a96772406e3b0f7b3211a0915
This way, rkp_factory_extraction_tool can reuse the code to perform a
test on the factory line if a partner so chooses.
Test: rkp_factory_extraction_tool --self_test
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Bug: 239839050
Change-Id: I3989ba606750be77f1945a50fe2307a631d19d11
rkp_factory_extraction_tool now reuses the VTS logic for validating the
DeviceInfo. This way, partners doing RKP testing can see locally if they
are getting bad DeviceInfo before they try to upload the data to the
google service.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Test: rkp_factory_extraction_tool
Bug: 239838563
Change-Id: I80fba3e624e1f5ab6da7aac889a0168f7cb8dbe4
This change gives additional context to the device info checks while.
Currently, an unprovisioned device will generate a massive spam of
failures which may be WAI for an early hardware revision device that
was not provisioned with attestation IDs.
Test: atest VtsHalRemotelyProvisionedComponentTest
Change-Id: I16069dba841a90aa55781148d3c268ced635e006
This change makes all of the changes to the HAL AIDL files, along with
corresponding documentation edits, to facilitate the definition for
version 3 of IRemotelyProvisionedComponent HAL.
The bulk of the changes are described within the RKP_CHANGELOG.md file
and will therefore not be discussed here within the commit message.
Bug: 240312857
Test: It is human readable and also builds.
Change-Id: I920550bdfe5a8f9ba677c4a4f67e975bcd3672ab
Commit 93c72cef92 ("KeyMint: sync all attestation tags",
http://aosp/1719302) removed various tags from the attestation that are
only applicable to symmetric keys, on the assumption that these are
irrelevant for the attestation extension that is generated for the
certificate holding asymmetric public keys.
However, that change did not take into account the fact that the
AuthorizationList ASN.1 schema is re-used elsewhere in the KeyMint API,
specifically as a way of describing the characteristics associated with
a key that is being securely imported via
IKeyMintDevice::importWrappedKey.
That import process may be used for symmetrics keys, and so the tags
that are specific to symmetric keys still need to be included in
AuthorizationList.
Similarly, USER_SECURE_ID values are never included in attestation
extensions because they have no meaning off-device, but they may be
needed as part of the import of a wrapped key.
Test: TreeHugger, comment change only
Bug: 244693617
Change-Id: Iaa941e120e3641a6e6c369b7c6a51f10b44df78a
The tag enum names can't be removed due to AIDL back-compatibility
requirements, and also it's useful to have the values present to avoid
inadvertent reuse.
Update the tag comment text to indicate that these tags are obsolete.
Bug: 191738660
Test: TreeHugger, comment change only
Change-Id: Icbd4c9cd0313f93bc491b49eb9077766d0f44e34
All attempts to use an EARLY_BOOT_ONLY key after earlyBootEnded()
is called must fail with Error::EARLY_BOOT_ENDED.
Test: run vts -m VtsAidlKeyMintTarget
Change-Id: Ic3d028ceb7f71e6e266993ec4e877770cd8e5c4a
Test size requirements for symmetric (Stream and Block) ciphers.
These tests are similar to CTS tests of symmetric ciphers.
For reference CTS test BlockCipherTestBase#testKatEncryptOneByteAtATime
for all its derived classes eg. AES128CBCNoPaddingCipherTest,
AES128CBCPKCS7PaddingCipherTest etc.
Bug: 226899425
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I78408071fbf5a360d89c5bbae479faffd7c6d935
KeyMint supports the specification of a separate MGF digest when
performing RSA-OAEP decryption, with a default value of SHA-1.
Test the expected behaviour here:
- SHA-1 is used if nothing specified in key characteristics.
- If something is specified in key characteristics, the operation
parameter value has to be one of those values.
Bug: 203688354
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic2dd3641be732a273724faa20cf4edf8a1752506
This document is meant to provide a clear summation for vendors looking
for a reference of what has changed from release to release, as well as
documentation for those working on developing the
IRemotelyProvisionedComponent interface.
Bug: 227266513
Test: The document is readable.
Change-Id: I909e22a31a88856af911a80a52ec7eda263693db
- Remove KeyPurpose comments that refer to public key operations.
- Clarify/fix description of RSA_OAEP_MGF_DIGEST.
- Describe HMAC key requirements.
- Clarify RSA_PSS key length requirement
- Clarify when shared secret should change (on restart)
- Padding::NONE is not deprecated
- Fix typos
Test: none, just comment changes
Change-Id: If58e8d8644aac926a990e50f7a873dca74cd4896
This document goes a little more in depth on the motivating factors and
background mechanisms that occur with RKP, that are not appropriate for
direct inclusion in the HAL docs in the .aidl files.
Fixes: 234159998
Test: Readable
Merged-In: I141fb098c536a5468b1113af64dcf6185ea7ae9f
Change-Id: I141fb098c536a5468b1113af64dcf6185ea7ae9f
