Given that we are not expecting to release a v4 of the KeyMint HAL for
Android V, tweak some spec and test details so that existing v3
implementations do not need to change.
- Soften the requirement to use (1970-01-01, 9999-12-31) as cert dates
when secure-importing an asymmetric to be a suggestion instead.
- Change the version gate for the test of importing an EC key with no
specified `EC_CURVE` to be VSR-gated rather than gated on a putative
future version of the HAL.
Test: VtsAidlKeyMintTargetTest
Bug: 292318194
Bug: 292534977
Change-Id: Ib8d6e79ea948ee77eeb2528d698205179f026fd3
Only police for future versions of KeyMint, so that any existing
implementations that use the full key don't suddenly start to fail
VTS.
Bug: 305103215
Test: VtsAidlKeyMintTargetTest
Change-Id: If6534b84b6eff8cdb281586e17a5f89c7bf5f5d0
KeyMint should be able to handle challenges up to 128 bytes.
Document this (and the expected error code) in Tag.aidl.
Bug: 307714384
Test: m
Change-Id: Id099dd055c81b10d777effdf364395f84d8b35c6
Since there were no VTS test to strictly check RSA_OAEP_MGF_DIGEST,
there are released devices with Keymint which do not include this tag in
key characteristics, hence these test fails on such Keymint and UDC
Android framework.
Hence version check is added before asserting MGF digest checks.
Bug: 297306437
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I43054f8dbbd46de53deef5e6771c736e770280e0
Negative test cases should not expect UNKNOWN_ERROR from Keymint since
the exact cause of failure is known.
In general, we should avoid UNKNOWN_ERROR because it makes error
attribution difficult.
To avoid adding retroactive requirements KM implementation, relax the
check to expect any error.
Bug: 298194325
Test: VtsAidlKeyMintTargetTest
Change-Id: I136fb6d36ae92c9e3722ffefe9a067d3515dcbf9
The original change to add this test didn't make it into the Android 13
version of the VTS test, so the version gate needs to be updated to be
v3+
Bug: 292318194
Test: VtsAidlKeyMintTargetTest --gtest_filter="*EcdsaMissingCurve*"
Change-Id: I94bf816688e57c7c04893a23cf0399129de94229
Allow for devices that claim to need external timestamps, but don't.
Test: VtsAidlKeyMintTargetTest
Bug: 300211206
Change-Id: Ie450d9969c337d5274502f3600e14c0b481e8b34
Earlier, attestation properties didn't match on GSI images, hence
EcdsaAttestationIdTags VTS test case was skipped on GSI images.
Recently attestation properties reading priority changed as
ro.product.*_for_attestation -> ro.product.vendor.* -> ro.product.*
that means on GSI images ro.product.vendor.* properties could be used
and hence attestation should work. Incase ro.product.vendor.* properties
are not same as provisioned values to KM. They should be set as
ro.product.*_for_attestation on base build.
Bug: 298586194
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/0_android_hardware_security_keymint_IKeyMintDevice_default
Change-Id: Ie945bd8f7060e0e768daf9681d121ea5f170a6e1
This solution was adopted from Cuttlefish's host side Keymint
implementation: I22bde00aed311c6774f83acc08a2c21e6e75141f.
Bug: 296983430
Test: Tested with Cuttlefish that the logs are present in logcat.
Change-Id: I942b0200bb164a2a865b255c6f26d628cbd345a4
It turns out we had a bug (b/263844771) in how RKP support was
detected, and that was fixed. However, due to this bug, some S chipests
shipped without RKP support which is now required by the tests.
This change drops the RKP requirement from S chipsets. There should be
no new S chipsets, so this effectively grandfathers in the previous
ones that were skipped by the RKP VTS tests.
T+ tests (both VTS and other suites) will verify that RKP support is
there, so there is no gap introduced by this change.
Bug: 297139913
Test: VtsAidlKeyMintTargetTest
Change-Id: I387e5f058ada698747aac103c1745682291f2d1c
The test case for an auth-per-operation HAT with an invalid HMAC
is wrong -- it is re-using the previous HAT, which fails for a
different reason (has an old challenge).
Fix the test to use the HAT that's wrong in the intended way.
Bug: 297333975
Test: VtsAidlKeyMintTargetTest
Change-Id: I15fe9b0c1b53452df0f67dd44534fdb80a6c2a9c
Update TimeoutAuthenticationMultiSid test to support
generateKey for Strongbox implementations without
factory attestation.
Bug: 293211157
Test: run vts -m VtsAidlKeyMintTarget
Change-Id: I27bf08d2fd2d9e0217a90ee8ccb789adfd9d5f7f
The invalid value used for the second IMEI attestation test is
potentially wrong in two ways:
- It doesn't match the provisioned value.
- It's not a valid IMEI, not least because it is longer than 16 bytes.
Make the test value shorter so the second failure doesn't apply and
the test can reliably expect CANNOT_ATTEST_IDS.
Bug: 292959871
Test: VtsAidlKeyMintTargetTest
Change-Id: If8c6b9e08b48e6caf5c767578e1ac43964214619
continuing the execution of the test.
If generateKey fails and execution continues then it leads to issues
while verifying the attest records and causing the crash.
Test: atest VtsAidlKeyMintTargetTest
Bug: 292300030
Change-Id: I66bd650423e9e5bbbfe8411a1455c4ea5846f1ff
Some of the SE Javacard OS implementations does not fulfill all of the
expectations as to when cipher text is to be generated. However, the
implementations are compliant with Javacard Specifications. This patch
skips the known VTS failures till U.
Bug: 290850651
Test: run vts -m VtsAidlKeyMintTarget
Change-Id: Id3746adc7385b41f4b4b2ebc8e7583972769134d
Removed the check to skip the attest-id tests on GSI, modified the
attest-id tests to support this.
Bug: 290643623
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Id79d7fb4c70ed94ed76bc57f3d66ce47e9b67b48
