hardware/interfaces/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp:79:26: error: reference to stack memory associated with local variable 'message' returned [-Werror,-Wreturn-stack-address]
return std::move(message);
^~~~~~~
Test: presubmit
Change-Id: I4298b4a25ccb809a7ae180bb218e673a7f1aa623
The test exempted KeyMint on the affected chips from having to implement
ATTEST_KEY if they have StrongBox in all Android releases from Android S
onwards, but the waiver was given only for Android S and T. This CL
changes the test to reinstate the requirement after Android T.
Test: VtsAidlKeyMintTargetTest
Change-Id: I8481ae31de34aae220af7e7188632edcc2d391f0
Add tests that directly exercise Gatekeeper to get auth tokens for use
with auth-bound keys.
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie668674d81ca487e8bbc18fdd9f36610bcab4c8c
1. Using second IMEI as attestation id without using first IMEI.
Test should generate a key using second IMEI as attestation id
without using first IMEI as attestation id. Test should validate
second IMEI in attesation record.
2. Using first IMEI as well as second IMEI as attestation ids.
Test should generate a key using first IMEI and second IMEI as
attestation ids. Test should validate first IMEI and second IMEI
in attestation record.
Test: atest -c VtsAidlKeyMintTargetTest
Bug: 263197083, 264979486
Change-Id: I61c3f32e15a8d478a838d14e7db9917a33682267
Skip attestation key tests if the feature
FEATURE_KEYSTORE_APP_ATTEST_KEY is disabled on device,
as done in KeyMint CTS.
Bug: 244460948
Bug: 265740739
Test: VtsAidlKeyMintTargetTest
Change-Id: I8199e5c7570b10b71f127c7439b889c0b3327865
attestation id.
Get IMEI value from Telephony Service and use it as attestation id.
Bug: 261847629
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I0212def48d761a45f514161e5576a954bf388c56
Updated the digest to SHA_2_256 in manaul key upgrade tests
so that these tests works for StrongBox as well.
Test: VtsAidlKeyMintTargetTest
Change-Id: I971f6e13272450d39537cc44c59f8ed8dbd19bf0
libcert_request_validator is now called libhwtrust so update the
references to match.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I3c73e2749996ef684da4567a3c86daf8b9c0fd09
Remove one of the DICE chain validation implementations and replace it
with a call to the libcert_request_validator library which has the most
complete validation and is planned to be the only implementation we
support.
VTS will now check both degenerate and proper DICE chain more completely
and will be consistent with other tools like `bcc_validator`. P-384 will
become a supported key type in the DICE chain.
The whole static library is included so that clients that statically
link remote_prov_utils don't need to be aware of the dependency.
Bug: 254510672
Bug: 265455904
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I067f7e8710e379a4b404ef9d2c04fe6410f73dc4
Clarify that the tag for the 2nd IMEI must denote an IMEI different to
the tag used for the first IMEI, and may be used independently of it.
Bug: 264979486
Test: N/A
Change-Id: I45a46d1052e45a965c8be391d11157cc4481545b
This made it easier to run libkeymint_remote_prov_support_test.
Bug: 264302050
Test: atest libkeymint_remote_prov_support_test
Change-Id: Ided4e9bb442274ea7711d283bc947c35f34ebc35
To help with error reporting on the RKP servers in the future it
will be helpful to be able to address CSRs by serial number when
possible.
Bug: 264302050
Test: libkeymint_remote_prov_support_test and sent JSON to server
Change-Id: I2808441c200d0679e618580abc464cd3c71c220e
It's not enough to verify that the system is running KeyMint 2+. We
also need to verify that the vendor partition has RKP support.
Since VSR 13+ requires KeyMint 2+, change the test assumption so that
we don't run the test against systems that may have shipped with an
older VSR chipset (which won't support RKP).
Bug: 263844771
Test: VtsAidlKeyMintTargetTest (on old and new device)
Change-Id: Iac15f69db1152851f5a92d3929cb258b1b1a6b02
Alternet device properties used for attestation on AOSP and GSI builds.
Attestation ids were different in AOSP/GSI builds than provisioned ids
in keymint. Hence additional properties used to make these ids identical
to provisioned ids.
Bug: 110779648
Bug: 259376922
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/0_android_hardware_security_keymint_IKeyMintDevice_default
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/1_android_hardware_security_keymint_IKeyMintDevice_strongbox
Test: atest CtsKeystoreTestCases:android.keystore.cts.KeyAttestationTest CtsKeystoreTestCases:DeviceOwnerKeyManagementTest
Change-Id: I4bb2e2ebba617972e29ad86ea477eb9b6f35d21a
This integration was technically a requirement on keymint v2, but we
weren't enforcing it with a test. So realistically we are only able
to start enforcing the test with keymint v3.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Ia4feb8ce4b7fd1e47a5c6c9b06ddb12276a9c5ee
Now that the RKP HAL AIDL has been moved to it's own directory, we
should keep the tests with the AIDL.
Test: atest VtsAidlKeyMintTargetTest
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ia87d3ea0a1b9e6704f0dea8f98b0bbaa049472fe
As we've updated the KeyMint version to 3, update the default feature
version to 300. That allows external developers to tell which KeyMint
version is running on the device.
Bug: 244732345
Test: atest android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I9b333eeb77a62a79e8e664d40b5564767643aa3d
This add a cpp default so that the latest cpp code can be
used across the codebase. When this is changed we dont
need to bump versions across multiple files and can just
change it in this one file.
Test: Run and tested using `atest keystore2_test` for Rust test and CTS test with `atest CtsKeystoreTestCases`
Bug: 244730020
Change-Id: Ifae1c5f2403210c2dec1bc337553fbbde73ed4c8
Specifically, we want IRPC v3 to be able to serve old v2 clients. This
way we can ship parts IRPC v3 stack incrementally.
To that end, allow IRPC v3 to implement v2 behavior of
generateCertificateRequest and testMode.
Bug: 260920864
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I9e47697bd948c8fd6b82147165d0c67bdef9fbd3
Previous versions of VTS had to allow a Device ID attestation failure
to return INVALID_TAG even though this is inconsistent with the KeyMint
spec. This was due to previous KM implementations returning this before
the test was added to validate the precise error code being returned
from Device ID attestation.
For VSR-14 and newer devices, the test will now enforce that only
CANNOT_ATTEST_IDS is returned from a failed device ID attestation call.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I6acff3fd32f3f251f946e3603283535f36d99a5d
Update the comment describing the attestation record:
* KeyMint version bump to V3
* Inclusion of the 2nd IMEI.
Bug: 244732345
Test: That it builds
Change-Id: I19f89bc9936b747647dc690d4702c60d2bbe92c5
Rationale here is that many IRPC implementations are memory constrained.
We add a way for implementations to report the maximum number of
supported keys. This way we can guarantee consistent behavior across
different devices.
For implementation of IRPC version 3 and later we define the lowest
number of keys supported to be 20. This specific value was chosen
because the current implementation of RemoteProvisioner already combines
keys into batches of exactly 20.
Bug: 254137722
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ib6fb6d6ec7c74004524a5505a37aa82c9e44ef91
