Strongbox may not support 1024 bit key size for RSA.
So in NoUserConfirmation test updated the key size to
2048 so that the test works for both TEE and Strongbox.
Bug: 280117495
Test: run VtsAidlKeyMintTarget
Change-Id: I32bb28001aca9b69eedb1bd3d0bcff43052d06e4
Updated the BootLoaderStateTest for strongbox implementations which
do not support factory attestation.
Test: vts -m VtsAidlKeyMintTarget
Change-Id: I8fe176a18fc0b9e2b2d0b012b7b63124d15c9e2f
A bug in the Trusty HAL service caused it to replace MGF1 digest tags
with Tag::INVALID. This tests that MGF1 tags are returned properly in
the MGF1 success test, and verifies that Tag::INVALID is never
returned by any test.
Bug: 278157584
Test: adb shell /data/nativetest/VtsAidlKeyMintTargetTest/VtsAidlKeyMintTargetTest
Change-Id: I5d391310795c99f37acf3c48310c127a7a31fac3
No tests are instantiated if KeyMint is present on the the device.
Explicitly allow that.
Bug: 277975776
Test: VtsAidlKeyMintTargetTest
Change-Id: I88f1c0a81f36d198dabcb1420b62a00bacdbb6e7
Enable some tests that are bypassed on strongbox implementation.
Bug: 262255219
Test: VtsAidlKeyMintTargetTest
Change-Id: I548bddcd16c0a1ee1c1cb8266d4d99dbdff3d39b
The DICE chain specification changes slightly between VSR versions so
the VSR is used to select the set of validation rules that should be
applied.
Test: TH
Change-Id: I3697279d9348705a0279736c61e8333720321214
RKP allows 0 ~ 64 byte challenge to be provided.
Test it by several different size inputs.
Bug: 272392463
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I488c75745dc68778ff6d862506a5beeec82f7ac1
Detect if there is an IRemotelyProvisionedComponent for strongbox, and
if so run the associated keymint tests. Else, allow strongbox to skip
the test as it's not required to implement the IRPC HAL.
Bug: 271948302
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibf98e594e725d6ad14c0ff189ab9fbcc25b51f80
Ensure that v3 HALs have exactly the expected number of entries present
when returning DeviceInfo inside of the Certificate Signing Request. Do
not allow for additional or fewer entries.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I8ea628335d5eed35ca2b65e22980e13fc9806738
The support level for strongbox is different from the tee
implementation. Additionally, we were incorrectly checking the keymint
aidl version. KeyMint 1.0 supported ATTEST_KEY, so it's unclear why we
were ever checking for KeyMint 2.0.
Test: VtsAidlKeyMintTargetTest
Bug: 263844771
Change-Id: I750367902fec90204d71c1e158404b2421f9ad87
The DICE chain in the ProtectedData objects are evaluated against the
specification from v1 and v2 of the HAL whereas the chain in
AuthenticatedMessage objects are evaluated against the specification
from v3.
There are only small differences with v3 aligning to the standards where
there was previously more leniency.
Fix: 262599829
Test: TH
Change-Id: Ied14362b5530485eb6c2302a0ae0f21da9cdb33f
Put the test arm that just involves checking a property
first, so that tests which involve a round trip to the Package
Manager are only executed when they're needed.
Test: VtsAidlKeyMintTargetTest
Bug: 271026714
Change-Id: I4caad6243a3b9d511a32717fd95f58864b857eeb
In 32-bit builds a `long` may be 32 bits, but the `long` values on an
AIDL interface are 64 bits. Therefore need to use `int64_t` for the
corresponding C++ type, not `long`.
Bug: 271056044
Test: VtsAidlKeyMintTargetTest --gtest_filter="*AuthTest*" (32-b)
Change-Id: I19f5a1d825dfcc45087534bbd4239a13cdfec3f7
to not to hold the CRL Distribution Points extension in it.
Bug: 260332189
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I7b191b4351984ce82db0e9440027ddbfc14b1c3a
hardware/interfaces/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp:79:26: error: reference to stack memory associated with local variable 'message' returned [-Werror,-Wreturn-stack-address]
return std::move(message);
^~~~~~~
Test: presubmit
Change-Id: I4298b4a25ccb809a7ae180bb218e673a7f1aa623
The test exempted KeyMint on the affected chips from having to implement
ATTEST_KEY if they have StrongBox in all Android releases from Android S
onwards, but the waiver was given only for Android S and T. This CL
changes the test to reinstate the requirement after Android T.
Test: VtsAidlKeyMintTargetTest
Change-Id: I8481ae31de34aae220af7e7188632edcc2d391f0
Add tests that directly exercise Gatekeeper to get auth tokens for use
with auth-bound keys.
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie668674d81ca487e8bbc18fdd9f36610bcab4c8c
1. Using second IMEI as attestation id without using first IMEI.
Test should generate a key using second IMEI as attestation id
without using first IMEI as attestation id. Test should validate
second IMEI in attesation record.
2. Using first IMEI as well as second IMEI as attestation ids.
Test should generate a key using first IMEI and second IMEI as
attestation ids. Test should validate first IMEI and second IMEI
in attestation record.
Test: atest -c VtsAidlKeyMintTargetTest
Bug: 263197083, 264979486
Change-Id: I61c3f32e15a8d478a838d14e7db9917a33682267
