The DICE chain in the ProtectedData objects are evaluated against the
specification from v1 and v2 of the HAL whereas the chain in
AuthenticatedMessage objects are evaluated against the specification
from v3.
There are only small differences with v3 aligning to the standards where
there was previously more leniency.
Fix: 262599829
Test: TH
Change-Id: Ied14362b5530485eb6c2302a0ae0f21da9cdb33f
libcert_request_validator is now called libhwtrust so update the
references to match.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I3c73e2749996ef684da4567a3c86daf8b9c0fd09
Remove one of the DICE chain validation implementations and replace it
with a call to the libcert_request_validator library which has the most
complete validation and is planned to be the only implementation we
support.
VTS will now check both degenerate and proper DICE chain more completely
and will be consistent with other tools like `bcc_validator`. P-384 will
become a supported key type in the DICE chain.
The whole static library is included so that clients that statically
link remote_prov_utils don't need to be aware of the dependency.
Bug: 254510672
Bug: 265455904
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I067f7e8710e379a4b404ef9d2c04fe6410f73dc4
To help with error reporting on the RKP servers in the future it
will be helpful to be able to address CSRs by serial number when
possible.
Bug: 264302050
Test: libkeymint_remote_prov_support_test and sent JSON to server
Change-Id: I2808441c200d0679e618580abc464cd3c71c220e
Conform to the latest CDDL changes. Organize parsing to observe the
AuthenticatedRequest structure.
Return the deserialized CSR payload rather than the DICE chain keys
because it simplified the return types. The return value is only used
by one VTS test that checks sequential CSRs consist of the same request.
The test was incomplete before and it now only looks as the CSR payload
whereas it previously only look at the DICE chain keys.
Bug: 250910137
Test: atest libkeymint_remote_prov_support_test librkp_factory_extraction_test
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I1ba2e0cec22e25312fb890923a4c93043e9046cd
This way, rkp_factory_extraction_tool can reuse the code to perform a
test on the factory line if a partner so chooses.
Test: rkp_factory_extraction_tool --self_test
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Bug: 239839050
Change-Id: I3989ba606750be77f1945a50fe2307a631d19d11
rkp_factory_extraction_tool now reuses the VTS logic for validating the
DeviceInfo. This way, partners doing RKP testing can see locally if they
are getting bad DeviceInfo before they try to upload the data to the
google service.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Test: rkp_factory_extraction_tool
Bug: 239838563
Change-Id: I80fba3e624e1f5ab6da7aac889a0168f7cb8dbe4
This change modifies the VTS tests to validate the structure of the CBOR
Web Token (CWT) which contains the public key as one of several fields
in the map. It only validates the subset of fields expected to be seen
in the VTS tests. The ones related to the actual BCC will not be
present in test mode due to the security guarantees of the interface.
Additionally, the test will also now check that the first key in the BCC
array matches the public key that should be self-signed in the
certificate located in the second index of the BCC array.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I9e7769861529b8095d77ce8fee3c78222579d38c
We need both the build fingerprint as well as the CSR when uploading
data to the APFE provisioning server. Add a utility function to format
the output as a JSON blob so that it may be easily collected in the
factory in a serialized data format, then later uploaded.
Test: libkeymint_remote_prov_support_test
Test: VtsAidlKeyMintTargetTest
Test: VtsHalRemotelyProvisionedComponentTargetTest
Bug: 191301285
Change-Id: I751c5461876d83251869539f1a395ba13cb5cf84
Include a unit test to verify the GEEK cert chain is valid.
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
Merged-In: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
This functionality will be used for the factory tooling, so we should
test it. Additionally, some new functionality will soon be added, and
it also needs to be tested.
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: I6a8798fc4b09fff1e829185a4b9e471921e5d2a9
Merged-In: I6a8798fc4b09fff1e829185a4b9e471921e5d2a9
This flag is never used anywhere, so just remove it. When used, it would
bypass signature checks. This is something we generally don't want to
do, even in testing. So remove the flag so there's no temptation to use
it.
Bug: 190942528
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I0433c1eedc08e9a5a5ad71347154867dba61689e
Merged-In: I0433c1eedc08e9a5a5ad71347154867dba61689e
- Test with deliberately-invalid EEK in request:
- corrupt signature
- missing initial self-signed cert
- Test with different sizes of EEK chain.
These tests will only really take effect when we have a valid GEEK to
test with.
Other changes:
- Fix encoding of KeyUsage bitset.
- Add a made-up allowed-root pubkey for prod mode. This needs to be
replaced with the real GEEK when available.
- Fix generateEek() so that the first private key isn't used for
all signing operations.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I833894d33cd1757b7a0cfcf18f79b61e4e56a556
As per RFC 8152 section 3, the unprotected parameters in the headers
of COSE objects are just encoded as a map, not as a bstr that contains
the CBOR-encoding of a map.
Test: TreeHugger presubmit
Change-Id: Id4eeb023d3a81ad1398d78d410c8224bf941f9b1
