The Done flag of VtsAidlKeyMintTargetTest is false during running
the module with ‘--collect-tests-only’ because it uses standard
output to print logs.
Bug: 340576534
Test: run vts -m VtsAidlKeyMintTargetTest --collect-tests-only
Change-Id: I3d81f7e59b6189fab1b146320263509f2694c11e
Signed-off-by: Huang Rui <rui1.huang@intel.com>
Signed-off-by: Liu Kai <kai1.liu@intel.com>
Make it clearer that the default implementation is non-secure in
various ways, most notably because the TA code is running in-process
in the HAL service.
Bug: 314513765
Test: VtsAidlKeyMintTargetTest
Change-Id: I83509110c32a4df8df6c0b288d14659e022442ff
Because Keystore2 always requires valid auth tokens for user keys, this
copies and extends the existing in-guest GateKeeper implementation to
negotiate a shared secret key with Keymint in order to generate a
session key for signing auth tokens.
This implementation also uses AIDL rather than HIDL to interact with the
framework. It's also packaged in an APEX.
The files are cobbled together from a few sources:
- SoftGateKeeper.h is based on hardware/interfaces/gatekeeper/1.0/software/SoftGateKeeper.h
- GateKeeper.{cpp,h} are based on device/google/cuttlefish/guest/hals/gatekeeper/remote/remote_gatekeeper.{cpp,h}
- SharedSecret.{cpp,h} are based on device/google/cuttlefish/guest/hals/keymint/remote/remote_shared_secret.{cpp,h}
- Apex files are based on device/google/cuttlefish/guest/hals/keymint/rust/
Keymint modifications to use BOOT_TIME are lifted from
https://android-review.git.corp.google.com/c/platform/hardware/interfaces/+/2856649/6..8/security/keymint/aidl/default/ta/clock.rs#38
Bug: 332376454
Change-Id: I81845d5e6370bdddb1a24d67437964e03a5fb243
Test: Run with rust-nonsecure keymint on Cuttlefish
Add test paths for HALs that are RKP-only so that they may pass tests.
Fix up a few tests that were just being skipped for RKP-only HALs.
Test: ran VTS against cuttlefish with no factory key
Bug: 329409739
Change-Id: I5400874dd2f9885c061970a30ea44985353d23ed
error: field `0` is never read
--> hardware/interfaces/security/keymint/aidl/default/main.rs:38:24
|
38 | struct HalServiceError(String);
| --------------- ^^^^^^
| |
| field in this struct
|
= note: `HalServiceError` has derived impls for the traits `Clone` and `Debug`, but these are intentionally ignored during dead code analysis
= note: `-D dead-code` implied by `-D warnings`
= help: to override `-D warnings` add `#[allow(dead_code)]`
help: consider changing the field to be of unit type to suppress this warning while preserving the field numbering, or remove the field
|
38 | struct HalServiceError(());
| ~~
error: aborting due to 1 previous err
Bug: http://b/330185853
Test: ./test_compiler.py --prebuilt-path dist/rust-dev.tar.xz --target aosp_cf_x86_64_phone --image
Change-Id: I57f3bd1d702c97929f5fd34f909aa72aa2f2ba02
This will make it easier to swap in and out with the Cuttlefish remote
implementation.
Bug: 331474817
Test: m com.android.hardware.keymint.rust_nonsecure
Change-Id: I0e9a350b62a90ef6126db109195e19b4181d0cf8
This target was using the same `.rc` as the keymint-service target,
though it had a different name.
Bug: 331474817
Test: LOCAL_KEYMINT_PRODUCT_PACKAGE=android.hardware.security.keymint-service.nonsecure m && launch_cvd --noresume --secure_hals=keymint,oemlock
Change-Id: I0f744b75e451f6780d8f6c9bddbd5ea80c579a20
Only applies for devices on VSR API level 35 and above, so that existing
devices which previously passed VTS should not need to pass the new
tests.
Bug: 292534977
Test: VtsAidlKeyMintTargetTest
Change-Id: I8281c3cebf05795e3f9a1ed2b112fc149d8a104c
This is a partial revert of aosp/2856649, changeID
Ia450e9a8f2dc530f79e8d74d7ce65f7d67ea129f, because it turns out
that there are Wear devices that are using the default implementation
(but which are not covered by TreeHugger/presubmit).
It restores the C++ implementation for KeyMint as
android.hardware.security.keymint-service, but preserves the Rust
libraries that were moved here in that CL as a subsequent CL
(aosp/2852598) means that Cuttlefish now uses the libraries here.
Test: VtsAidlKeyMintTargetTest on Cuttlefish
Bug: 328251011
Bug: 314513765
Change-Id: Id6f3491144588e418cd6e18e51262fe839bfdf39
Copy code that can be re-used from the Cuttlefish KeyMint
implementation, specifically from the following directories
under device/google/cuttlefish:
- HAL-side code from guest/hals/keymint/rust/
- TA-side code from host/commands/secure_env/rust/
Create a corresponding pair of libkmr_{hal,ta}_nonsecure libraries here.
The only changes to the copied code are:
- Convert `pub(crate)` to `pub` in `attest.rs`.
- Add some missing doc comments.
- Add comment noting need for SELinux permission to read ro.serialno.
- Add comment noting need for clock to be in sync with Gatekeeper.
(A subsequent CL aosp/2852598 adjusts Cuttlefish so that it uses the
copied modules here, and can remove the original copies.)
In addition to the moved code, the default implementation also needs
a new implementation of a monotonic clock, added here in clock.rs
using `std::time::Instant`.
With the new nonsecure HAL and TA libraries in place, implement the
default KeyMint HAL service using the former, and spin up a single
thread running a nonsecure TA using the latter. Communicate between
the two via a pair of mpsc::channel()s.
Test: VtsAidlKeyMintTargetTest with normal Cuttlefish (all pass)
Test: VtsAidlKeyMintTargetTest with default/nonsecure impl (auth
tests fail, but this is expected as Gatekeeper hasn't moved)
Bug: 314513765
Change-Id: Ia450e9a8f2dc530f79e8d74d7ce65f7d67ea129f
When dumping attestation certificate chains with the --dump_attestations
option, add a separator between distinct chains to make them easier to
analyze.
Bug: 326564087
Test: VtsAidlKeyMintTargetTest
Change-Id: Ife19edfddef6c8cd26de9f9816c3c9bf65cbb929
2024-02-28 11:32:35 +00:00
Subrahmanya Manikanta Venkateswarlu Bhamidipati Kameswara Sri
Used ASN1_TIME_to_posix API instead of ASN1_TIME_to_time_t
to avoid integer overflow on 32-bit systems.
Bug: 325853206
Test: vts -m VtsAidlKeyMintTarget
Change-Id: I7a01a521d389482a61ad9974b7e40eaa099c3571
KeyMint enforcement of UNLOCKED_DEVICE_REQUIRED is broken, has never
been used, and cannot be fixed. So, document that it does not need to
be implemented. Also remove the VTS test for it, which was disabled.
UNLOCKED_DEVICE_REQUIRED remains supported in Keystore.
Bug: 321100166
Test: Build
Change-Id: If4d47ee49c9d4a595820cfceb0f5f3027f99ee9f
Given that we are not expecting to release a v4 of the KeyMint HAL for
Android V, tweak some spec and test details so that existing v3
implementations do not need to change.
- Soften the requirement to use (1970-01-01, 9999-12-31) as cert dates
when secure-importing an asymmetric to be a suggestion instead.
- Change the version gate for the test of importing an EC key with no
specified `EC_CURVE` to be VSR-gated rather than gated on a putative
future version of the HAL.
Test: VtsAidlKeyMintTargetTest
Bug: 292318194
Bug: 292534977
Change-Id: Ib8d6e79ea948ee77eeb2528d698205179f026fd3
Only police for future versions of KeyMint, so that any existing
implementations that use the full key don't suddenly start to fail
VTS.
Bug: 305103215
Test: VtsAidlKeyMintTargetTest
Change-Id: If6534b84b6eff8cdb281586e17a5f89c7bf5f5d0
KeyMint should be able to handle challenges up to 128 bytes.
Document this (and the expected error code) in Tag.aidl.
Bug: 307714384
Test: m
Change-Id: Id099dd055c81b10d777effdf364395f84d8b35c6
Since there were no VTS test to strictly check RSA_OAEP_MGF_DIGEST,
there are released devices with Keymint which do not include this tag in
key characteristics, hence these test fails on such Keymint and UDC
Android framework.
Hence version check is added before asserting MGF digest checks.
Bug: 297306437
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I43054f8dbbd46de53deef5e6771c736e770280e0
Negative test cases should not expect UNKNOWN_ERROR from Keymint since
the exact cause of failure is known.
In general, we should avoid UNKNOWN_ERROR because it makes error
attribution difficult.
To avoid adding retroactive requirements KM implementation, relax the
check to expect any error.
Bug: 298194325
Test: VtsAidlKeyMintTargetTest
Change-Id: I136fb6d36ae92c9e3722ffefe9a067d3515dcbf9
The original change to add this test didn't make it into the Android 13
version of the VTS test, so the version gate needs to be updated to be
v3+
Bug: 292318194
Test: VtsAidlKeyMintTargetTest --gtest_filter="*EcdsaMissingCurve*"
Change-Id: I94bf816688e57c7c04893a23cf0399129de94229
Allow for devices that claim to need external timestamps, but don't.
Test: VtsAidlKeyMintTargetTest
Bug: 300211206
Change-Id: Ie450d9969c337d5274502f3600e14c0b481e8b34
Earlier, attestation properties didn't match on GSI images, hence
EcdsaAttestationIdTags VTS test case was skipped on GSI images.
Recently attestation properties reading priority changed as
ro.product.*_for_attestation -> ro.product.vendor.* -> ro.product.*
that means on GSI images ro.product.vendor.* properties could be used
and hence attestation should work. Incase ro.product.vendor.* properties
are not same as provisioned values to KM. They should be set as
ro.product.*_for_attestation on base build.
Bug: 298586194
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/0_android_hardware_security_keymint_IKeyMintDevice_default
Change-Id: Ie945bd8f7060e0e768daf9681d121ea5f170a6e1
