- The docs said that IdentityCredential.createEphemeralKey() returned
data encoded PKCS#8 which is wrong. It's supposed to be in DER format
which is also what the VTS tests and credstore expects.
- Clarify that createEphemeralKeyPair(), setReaderEphemeralPublicKey(),
and createAuthChallenge() are all optional.
- Avoid passing an invalid profile ID in the IdentityCredentialTests.
verifyOneProfileAndEntryPass test.
- Update requirements for which tags must be present in the attestation
for CredentialKey as well as the requirements on expiration date and
the issuer name. Update default implementation to satisfy these
requirements. Update VTS tests to carefully verify these requrements
are met.
- Clarify requirements for X.509 cert for AuthenticationKey. Add VTS
test to verify.
- Mandate that TAG_IDENTITY_CREDENTIAL_KEY must not be set for test
credentials. Add VTS test to verify this.
- Make default implementation pretend to be implemented in a trusted
environment and streamline VTS tests to not special-case for the
default implementation.
- Switch to using the attestation extension parser from the KM 4.1
support library instead of the one from system/keymaster. The latter
one did not support the latest attestation extension and thus would
fail for pretty much anything that wasn't the default HAL impl.
- Fix a couple of bugs in keymaster::V4_1::parse_attestation_record():
- Report root_of_trust.security_level
- Add support for Tag::IDENTITY_CREDENTIAL_KEY
- Fix how EMacKey is calculated.
- Add test vectors to verify how EMacKey and DeviceMac is calculated.
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Bug: 171745570
Change-Id: I2f8bd772de078556733f769cec2021918d1d7de6
The GSI patch level might be greater than the vbmeta SPL, because
GSI system.img might be updated via the DSU flow, where vbmeta.img won't
be updated in this scenario.
https://developer.android.com/topic/dsu
Allowing GSI patch level to be greater than or equal to the vbmeta SPL,
since Treble allows new system.img works on old vendor images.
Bug: 145377203
Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: Ib761d80c88695eb2db08b0dc00e30fcdc2788865
The test fails on devices because an unknown
client starts a keymaster BEGIN operation during
bootup but does not finish it. This affects the
keymaster hardware implementation's capability
to support the maximum possible operations while
running this test.
Bug: 154801042
Change-Id: Ib6adc6c28ebe76ddfdc2c66cd17cf78c04e5b468
HIDL libs are not necessarily part of VNDK now. Because some are
used by VNDK libs, they are still VNDK. But rest are now just
vendor-available.
.hidl_for_test files are also removed because they are used to exclude
test-purpose hidl libs from VNDK libs.
Instead, .hidl_for_system_ext files are added to tests/lazy to
distinguish them from others which are installed /system.
Bug: 143933769
Test: update-makefiles.sh && m com.android.vndk.current
Merged-In: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
Change-Id: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
(cherry picked from commit b0907a6bb8)
In deserializeVerificationToken(), we use extractUint64() to extract
VerificationToken.challenge. A potential bug was found in
extractUint64() that will cause VerificationToken.challenge()
incorrect.
Bug: 160198696
Change-Id: Ie0d2c0127cc34f1bb90455e4f7869e15e5542173
HIDL libs are not necessarily part of VNDK now. Because some are
used by VNDK libs, they are still VNDK. But rest are now just
vendor-available.
.hidl_for_test files are also removed because they are used to exclude
test-purpose hidl libs from VNDK libs.
Instead, .hidl_for_system_ext files are added to tests/lazy to
distinguish them from others which are installed /system.
Bug: 143933769
Test: update-makefiles.sh && m com.android.vndk.current
Merged-In: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
Change-Id: Ia81312dda340b6b5cbdd7a3c21e1d323bda39a4a
(cherry picked from commit b0907a6bb8)
Bug: 152932559
Test: Boot and observe that Strongbox gets the message
Merged-In: I752b44f5cc20d85bf819188ccaaf0813a5607ba5
Change-Id: I752b44f5cc20d85bf819188ccaaf0813a5607ba5
VTS was running on a userdebug build GSI before Android 10.
Starting from Android 10, VTS is switched to running on top of a
user build GSI image, plus the device-specific boot-debug.img to
allow adb root.
https://source.android.com/compatibility/vts/vts-on-gsi
So 'ro.build.type' will be 'user' because the value comes from
/system/build.prop. Switching to using 'ro.debuggable' to decide
whether we should check the device is locked or not. Note that
'ro.debuggable' will be '1' for userdebug/eng images or when a
boot-debug.img is used.
Bug: 154449286
Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: If5a90d62f77489aa58f96e908553a052cf6d1e18
This is to facilitate HAL implementations using a TA existing in a
different environment than where auth tokens are minted. This method
will be used by credstore in a companion CL.
This modifies version 2 of the Identity Credential API (which was
never been released) to add a new method and creates version 2 of the
Keymaster types-only AIDL API to include the new VerificationToken
parcelable and SecurityLevel enum.
Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I7d05413a9ec70225ce419079f3cc9daf026cf744
This CL needs some polish. Changes
herein are somewhat brute-force to
make things work, particularly with
authorization-list parsing and validation.
This CL also copies over support for
dumping attestation records.
Bug: 129282228
Test: VtsHalKeymasterV4_1TargetTest
Change-Id: I4fc0183dc0b8a76e84d14054b38ad7c1540a1897
This test is expected to be run
on non-StrongBox instances.
Bug: 129282228
Test: StrongBoxOnly passes on TZ
Change-Id: Ia6b274d097b4c698904d1c51daed821188a50510
AIDL interfaces which are vintf-stable have to be frozen in release.
But these interfaces have been never frozen, so freeze them.
- android.hardware.power
- android.hardware.identity
- android.hardware.keymaster
- android.hardware.vibrator
- android.hardware.light
- android.hardware.tests.extension.vibrator
Bug: 153500421
Bug: 153500550
Bug: 153511407
Bug: 153500549
Bug: 153501107
Bug: 153501202
Test: m
Change-Id: I643c25fc695f9d1e874dcceb327d465c49e9cab6
Merged-In: I643c25fc695f9d1e874dcceb327d465c49e9cab6
AIDL interfaces which are vintf-stable have to be frozen in release.
But these interfaces have been never frozen, so freeze them.
- android.hardware.power
- android.hardware.identity
- android.hardware.keymaster
- android.hardware.vibrator
- android.hardware.light
- android.hardware.tests.extension.vibrator
Bug: 153500421
Bug: 153500550
Bug: 153511407
Bug: 153500549
Bug: 153501107
Bug: 153501202
Test: m
Change-Id: I643c25fc695f9d1e874dcceb327d465c49e9cab6
All aidl_interface modules should by default considered as stable, in
case it is used across system and vendor partitions, or across modules.
Like other API surfaces, we need to have a dump for the current
(yet-to-be-released) version and update it when there is an API change.
This is done via .
Then the owner of the interface can freeze the current version as a
numbered version via .
This change shal be rejected only when the owner is certain that the
interface is not used across the updatable boundaries.
Bug: 152655547
Test: m
Change-Id: Id167905590c0a596b0ed470ef668c47810966836
Merged-In: Id167905590c0a596b0ed470ef668c47810966836
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL update suite name vts-core to vts as
the suite name is updated. This CL won't change test logic or behavior.
Change-Id: I562b4dc50765e953800a814a8fd84a01c1b9352b
Merged-In: I562b4dc50765e953800a814a8fd84a01c1b9352b
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL update suite name vts-core to vts as
the suite name is updated. This CL won't change test logic or behavior.
Change-Id: I562b4dc50765e953800a814a8fd84a01c1b9352b
Merged-In: I562b4dc50765e953800a814a8fd84a01c1b9352b
The way I planned for this to work doesn't work. We'll revisit in
Keymaster5. For now, removing IOperation and beginOp.
Test: Build & boot
Merged-In: I017d17079380cc3bacc6f05b2486e1b6e6c3f675
Change-Id: I017d17079380cc3bacc6f05b2486e1b6e6c3f675
The attestation code used boringssl's ASN.1 encoding tools
incorrectly, causing it to encode incorrect values in device_locked.
Bug: b/152503089
Test: Build & boot
Change-Id: I3c5352523b2db37d539ad353ac8c48c1585eb08d
HMAC key was created with Digest(Digest::SHA_2_256) which is missing in
the UseHmacKey function
Bug: 152932473
Test: VtsHalKeymasterV4_1TargetTest
Change-Id: If63dd197fe12172e14be9890ab07a00c3eef4a4c
All aidl_interface modules should by default considered as stable, in
case it is used across system and vendor partitions, or across modules.
Like other API surfaces, we need to have a dump for the current
(yet-to-be-released) version and update it when there is an API change.
This is done via .
Then the owner of the interface can freeze the current version as a
numbered version via .
This change shal be rejected only when the owner is certain that the
interface is not used across the updatable boundaries.
Bug: 152655547
Test: m
Change-Id: Id167905590c0a596b0ed470ef668c47810966836
The way I planned for this to work doesn't work. We'll revisit in
Keymaster5. For now, removing IOperation and beginOp.
Bug: 152536287
Test: Build & boot
Change-Id: I017d17079380cc3bacc6f05b2486e1b6e6c3f675
