The DICE chain specification changes slightly between VSR versions so
the VSR is used to select the set of validation rules that should be
applied.
Test: TH
Change-Id: I3697279d9348705a0279736c61e8333720321214
RKP allows 0 ~ 64 byte challenge to be provided.
Test it by several different size inputs.
Bug: 272392463
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I488c75745dc68778ff6d862506a5beeec82f7ac1
Ensure that v3 HALs have exactly the expected number of entries present
when returning DeviceInfo inside of the Certificate Signing Request. Do
not allow for additional or fewer entries.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I8ea628335d5eed35ca2b65e22980e13fc9806738
The DICE chain in the ProtectedData objects are evaluated against the
specification from v1 and v2 of the HAL whereas the chain in
AuthenticatedMessage objects are evaluated against the specification
from v3.
There are only small differences with v3 aligning to the standards where
there was previously more leniency.
Fix: 262599829
Test: TH
Change-Id: Ied14362b5530485eb6c2302a0ae0f21da9cdb33f
to not to hold the CRL Distribution Points extension in it.
Bug: 260332189
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I7b191b4351984ce82db0e9440027ddbfc14b1c3a
1. Using second IMEI as attestation id without using first IMEI.
Test should generate a key using second IMEI as attestation id
without using first IMEI as attestation id. Test should validate
second IMEI in attesation record.
2. Using first IMEI as well as second IMEI as attestation ids.
Test should generate a key using first IMEI and second IMEI as
attestation ids. Test should validate first IMEI and second IMEI
in attestation record.
Test: atest -c VtsAidlKeyMintTargetTest
Bug: 263197083, 264979486
Change-Id: I61c3f32e15a8d478a838d14e7db9917a33682267
libcert_request_validator is now called libhwtrust so update the
references to match.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I3c73e2749996ef684da4567a3c86daf8b9c0fd09
Remove one of the DICE chain validation implementations and replace it
with a call to the libcert_request_validator library which has the most
complete validation and is planned to be the only implementation we
support.
VTS will now check both degenerate and proper DICE chain more completely
and will be consistent with other tools like `bcc_validator`. P-384 will
become a supported key type in the DICE chain.
The whole static library is included so that clients that statically
link remote_prov_utils don't need to be aware of the dependency.
Bug: 254510672
Bug: 265455904
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I067f7e8710e379a4b404ef9d2c04fe6410f73dc4
This made it easier to run libkeymint_remote_prov_support_test.
Bug: 264302050
Test: atest libkeymint_remote_prov_support_test
Change-Id: Ided4e9bb442274ea7711d283bc947c35f34ebc35
To help with error reporting on the RKP servers in the future it
will be helpful to be able to address CSRs by serial number when
possible.
Bug: 264302050
Test: libkeymint_remote_prov_support_test and sent JSON to server
Change-Id: I2808441c200d0679e618580abc464cd3c71c220e
Conform to the latest CDDL changes. Organize parsing to observe the
AuthenticatedRequest structure.
Return the deserialized CSR payload rather than the DICE chain keys
because it simplified the return types. The return value is only used
by one VTS test that checks sequential CSRs consist of the same request.
The test was incomplete before and it now only looks as the CSR payload
whereas it previously only look at the DICE chain keys.
Bug: 250910137
Test: atest libkeymint_remote_prov_support_test librkp_factory_extraction_test
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I1ba2e0cec22e25312fb890923a4c93043e9046cd
This way, rkp_factory_extraction_tool can reuse the code to perform a
test on the factory line if a partner so chooses.
Test: rkp_factory_extraction_tool --self_test
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Bug: 239839050
Change-Id: I3989ba606750be77f1945a50fe2307a631d19d11
rkp_factory_extraction_tool now reuses the VTS logic for validating the
DeviceInfo. This way, partners doing RKP testing can see locally if they
are getting bad DeviceInfo before they try to upload the data to the
google service.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Test: rkp_factory_extraction_tool
Bug: 239838563
Change-Id: I80fba3e624e1f5ab6da7aac889a0168f7cb8dbe4
This change modifies the VTS tests to validate the structure of the CBOR
Web Token (CWT) which contains the public key as one of several fields
in the map. It only validates the subset of fields expected to be seen
in the VTS tests. The ones related to the actual BCC will not be
present in test mode due to the security guarantees of the interface.
Additionally, the test will also now check that the first key in the BCC
array matches the public key that should be self-signed in the
certificate located in the second index of the BCC array.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I9e7769861529b8095d77ce8fee3c78222579d38c
The KeyMint HAL will soon be updated for a new version. To make this
process easier, add a cc_defaults and rust_defaults that references
the "current" version, and use this elsewhere. This should hopefully
mean that a future version bump only needs to happen in the defaults.
Test: TreeHugger
Change-Id: If7dd0c5778acb92177e16fd4fb4a04dcb837ad06
This support function is supposed to be useable by vendor in treble.
Add "vendor_available" to reflect that.
Bug: 203481954
Test: Link by vendor successfully
Change-Id: I9709ac0ab79405c336ed8a1bc44b2ef643dd5b2d
Future addition of extra curves means that key size is not enough to
identify the particular EC curve required. Use the EcCurve enum instead.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ia6b7d86a387cfc06db05e4ba6ff8f331e9c6345f
The ndk_platform backend will soon be deprecated because the ndk backend
can serve the same purpose. This is to eliminate the confusion about
having two variants (ndk and ndk_platform) for the same 'ndk' backend.
Bug: 161456198
Test: m
Change-Id: Ibe8beeaf0d1b33968fb782f1f70c17ae9e9bf871
We need both the build fingerprint as well as the CSR when uploading
data to the APFE provisioning server. Add a utility function to format
the output as a JSON blob so that it may be easily collected in the
factory in a serialized data format, then later uploaded.
Test: libkeymint_remote_prov_support_test
Test: VtsAidlKeyMintTargetTest
Test: VtsHalRemotelyProvisionedComponentTargetTest
Bug: 191301285
Change-Id: I751c5461876d83251869539f1a395ba13cb5cf84
Include a unit test to verify the GEEK cert chain is valid.
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
Merged-In: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
This functionality will be used for the factory tooling, so we should
test it. Additionally, some new functionality will soon be added, and
it also needs to be tested.
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: I6a8798fc4b09fff1e829185a4b9e471921e5d2a9
Merged-In: I6a8798fc4b09fff1e829185a4b9e471921e5d2a9
This flag is never used anywhere, so just remove it. When used, it would
bypass signature checks. This is something we generally don't want to
do, even in testing. So remove the flag so there's no temptation to use
it.
Bug: 190942528
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I0433c1eedc08e9a5a5ad71347154867dba61689e
Merged-In: I0433c1eedc08e9a5a5ad71347154867dba61689e
The vendor patchlevel is YYYYMMDD not YYYYMM
Bug: 188672564
Bug: 186735514
Test: VtsAidlKeyMintTargetTest
Change-Id: Ia641f8eef84a85aec8f2a0551c192b6874301126
Get description of ASN.1 schema in HAL and the keymint support library
in sync with each other. Change code to always list tags in the same
order (by numeric tag).
Bug: 188672564
Bug: 186735514
Test: VtsAidlKeyMintTargetTest
Change-Id: I620f54ba4a265ea69d174f6f44765a8508bfe803
Add tests for:
- Too much entropy should be rejected with INVALID_INPUT_LENGTH
- All authorization lists should include a vendor and boot patchlevel.
These requirements are in both the KeyMint and the KeyMaster 4.0 AIDL
specificications, but have never been policed before.
Currently disabled with a command-line flag because CF does not have
the patchlevels and so fails lots of tests.
Test: VtsKeyMintAidlTargetTest
Change-Id: Ic9622ef3f1b80e013a34059218e3e029f392eb72
This is the change that removes the functionality that has been shifted
over to appropriate classes and contexts in system/keymaster.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I491f4ef823868322ea6a804d88ca09662c099a44
This change adds the host supported flag to the libcppcose and removes
some unnecessary dependencies from the blueprint file.
Test: libcppcose builds
Change-Id: I45bca44267a50d0d401fc1964f96363e558317ff
- Test with deliberately-invalid EEK in request:
- corrupt signature
- missing initial self-signed cert
- Test with different sizes of EEK chain.
These tests will only really take effect when we have a valid GEEK to
test with.
Other changes:
- Fix encoding of KeyUsage bitset.
- Add a made-up allowed-root pubkey for prod mode. This needs to be
replaced with the real GEEK when available.
- Fix generateEek() so that the first private key isn't used for
all signing operations.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I833894d33cd1757b7a0cfcf18f79b61e4e56a556
As per RFC 8152 section 3, the unprotected parameters in the headers
of COSE objects are just encoded as a map, not as a bstr that contains
the CBOR-encoding of a map.
Test: TreeHugger presubmit
Change-Id: Id4eeb023d3a81ad1398d78d410c8224bf941f9b1
