This change removes the interface layer between the client and the
underlying HAL. This is one part of a two part change to properly finish
migrating all of the RemotelyProvisionedComponent functionality to
system/keymaster.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ibccc6b3af86a63b8a6c6207fffd43cfc41b903b5
This is the change that removes the functionality that has been shifted
over to appropriate classes and contexts in system/keymaster.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I491f4ef823868322ea6a804d88ca09662c099a44
This adds a way to derive information about the hardware for clients
that call the HAL. The primary functional usecase here is to
differentiate which EC curve the underlying hardware for a given
instance of IRemotelyProvisionedComponent is supported.
Originally, curve 25519 would have been used in all implementations for
verifying the EEK certificate chain and doing ECDH, but secure elements
do not offer 25519 support yet. In order to support remote provisioning
on SEs, we have to relax the standard here a bit to allow for P256.
Test: Everything builds
Change-Id: I9245c6f4e27bd118fe093bffc0152549ed7f0825
Move helper utilities across into KeyMintAidlTestBase to allow re-use.
Test: VtsHalRemotelyProvisionedComponentTargetTest, VtsAidlKeyMintTargetTest
Change-Id: Ib9e55a7d72fd197016ae1a1f073dadedafa09c25
TAG_BOOT_PATCHLEVEL and TAG_VENDOR_PATCHLEVEL should be interger type.
Fixed: 184796337
Test: VtsAidlKeyMintTargetTest not abort
Change-Id: Iccd6ac93910d44c0a02b798210909c404a98d8ab
This change adds the host supported flag to the libcppcose and removes
some unnecessary dependencies from the blueprint file.
Test: libcppcose builds
Change-Id: I45bca44267a50d0d401fc1964f96363e558317ff
Also adds a test to verify that implementations return the expected
error code.
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic8e9953a2572eb0cc8fefc363934eaf9b432b5a4
Every KeyMint device should have a corresponding
IRemotelyProvisionedComponent instance, but the converse is not true.
So given an IRPC instance under test, look for a corresponding KeyMint
device by comparing suffixes, but just skip the test if not found.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I390aa7025eb77f75a3280e8d85dc453b784c23ee
- Make the default implementation include the DeviceInfo as a map, not
a bstr-holding-a-map, to match the spec.
- Check the signature of the signed MAC even in test mode.
- Include the DeviceInfo in the data that the signature covers.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I9084343c1273c16a9cbd5a1156e7057a1c54a860
* changes:
Test that provisioned keys can be used with KeyMint
Add tests with corrupted MAC on keypair
Add more EEK variant tests and related fixes
Commonize MacedPublicKey and ProtectedData checks
Tweak IRemotelyProvisionedComponent AIDL docs
- Test with deliberately-invalid EEK in request:
- corrupt signature
- missing initial self-signed cert
- Test with different sizes of EEK chain.
These tests will only really take effect when we have a valid GEEK to
test with.
Other changes:
- Fix encoding of KeyUsage bitset.
- Add a made-up allowed-root pubkey for prod mode. This needs to be
replaced with the real GEEK when available.
- Fix generateEek() so that the first private key isn't used for
all signing operations.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I833894d33cd1757b7a0cfcf18f79b61e4e56a556
- Use P-256 in MacedPublicKey: The main place that MacedPublicKey is
used requires a P-256 key, so use that as the example in the comment.
- Fix leaf key type comment
- Fix AES key size comment
- Typo fix
Test: none, just comment change
Change-Id: I47a810f2a965facad6ddcd251341f233884e5f7c
This change includes permission files for the new permission
FEATURE_HARDWARE_KEYSTORE for the default KeyMaster and KeyMint
implementations.
Test: Manually inspected that permission files are installed.
Test: atest android.keystore.cts.KeyAttestationTest#testAttestationKmVersionMatchesFeatureVersion
Bug: 160616951
Change-Id: Ia35e1ba6c894624999eed62e8434a20ebc833b97
Any device that provides an implementation for
IRemotelyProvisionedComponent will need the RemoteProvisioner system app
to actually drive the business logic and handle communicating out to
external servers. If this HAL is not present, then the app should not be
present on device either.
Test: app appears on CF, does not appear on e.g. blueline, coral
Change-Id: I84c3e450486ecff841b848b5e5e7a15f26895725
This alters the AIDL interface and underlying functionality to have the
component return the DeviceInfo CBOR blob that is used as AAD in
verification of a signature over a MAC key. Trying to reconstruct this
from userspace is very likely to lead to pain and subtle errors in the
future as adoption of this HAL increases, and multiple instances of this
HAL may exist on device simultaneously.
Test: atest VtsRemotelyProvisionedComponentTests
Change-Id: I44bd588586652630ed31a87cfda7e9c01cbf0a2f
With great powers comes great responsibility. Or reverts.
Test: jbires can give owners vote on CLs in gerrit
Change-Id: I2efa65047b15be4a5138e6b343a534b3da245909
Add a function convertStorageKeyToEphemeral to IKeymintDevice that vold
can use to get a per-boot ephemeral key from a wrapped storage key.
Bug: 181806377
Bug: 181910578
Change-Id: I1b008423e3e24797132c8eb79ab3899e2b1c68e8
Enable generation of java sources for AIDL interfaces. This allows
enabling the @SensitiveData annotation without causing circular build
dependencies.
Also mark doc comments as @hide to prevent the interface from being
included in the SDK.
Bug: 174857732
Test: N/A
Merged-In: If00e4dfc24bf776f87c7e2b2e3f42350aa4d4379
Change-Id: If00e4dfc24bf776f87c7e2b2e3f42350aa4d4379
The output format of headers generated by
"m android.hardware.security.keymint-update-api" has changed. This patch
updates the format of those generated files in the tree.
Change-Id: If00a194f136c67197c96081b3c211d615fad5f07
As per RFC 8152 section 3, the unprotected parameters in the headers
of COSE objects are just encoded as a map, not as a bstr that contains
the CBOR-encoding of a map.
Test: TreeHugger presubmit
Change-Id: Id4eeb023d3a81ad1398d78d410c8224bf941f9b1
