Remove the inline definition of the Android Profile for DICE and instead
reference the definition that exists alongside the Open Profile for DICE
and is now the source of truth for the profile.
Test: n/a
Change-Id: Ia71a674234be13542ad0ce4db0b764e8ee0c7a62
Update TimeoutAuthenticationMultiSid test to support
generateKey for Strongbox implementations without
factory attestation.
Bug: 293211157
Test: run vts -m VtsAidlKeyMintTarget
Change-Id: I27bf08d2fd2d9e0217a90ee8ccb789adfd9d5f7f
The invalid value used for the second IMEI attestation test is
potentially wrong in two ways:
- It doesn't match the provisioned value.
- It's not a valid IMEI, not least because it is longer than 16 bytes.
Make the test value shorter so the second failure doesn't apply and
the test can reliably expect CANNOT_ATTEST_IDS.
Bug: 292959871
Test: VtsAidlKeyMintTargetTest
Change-Id: If8c6b9e08b48e6caf5c767578e1ac43964214619
continuing the execution of the test.
If generateKey fails and execution continues then it leads to issues
while verifying the attest records and causing the crash.
Test: atest VtsAidlKeyMintTargetTest
Bug: 292300030
Change-Id: I66bd650423e9e5bbbfe8411a1455c4ea5846f1ff
Specify that DICE-based RKP implementations may also allow a ROM
extension to manage the UDS public key.
Test: The words are semantically parseable
Change-Id: I8f9c6efb01fc76318220cf1bc4a0eb3a3ad42f87
Removed the check to skip the attest-id tests on GSI, modified the
attest-id tests to support this.
Bug: 290643623
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Id79d7fb4c70ed94ed76bc57f3d66ce47e9b67b48
When deliberately testing invalid ID attestation, use the helper
function (which checks the error return code is correct) in one more
place.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I6ea5bd7ee19b3b172330117bfde1b16745debba7
Avoid the ADD_FAILURE at the end if attestion ID failure uses an allowed
return code.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I0dcac312ac4516a078b2742721e3a19074da52b1
Updated VTS tests to verify mgf-digests in key characteristics of
RSA-OAEP keys. Added new tests to import RSA-OAEP keys with
mgf-digests and verified imported key characteristics.
Bug: 279721313
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I06474a85c9e77fded264031ff5636f2c35bee6b4
Update the default KeyMint version to v3.
Note this affects the pure software implementation of KeyMint that is
not used for anything that tests currently run against.
Bug: 275982952
Test: m (that it builds)
Change-Id: I6ab10329af590bd2a045710dfff47c6e78740464
Generalize the existing helper function to allow more variants.
Remove a couple of pointless invocations of the existing helper.
Bug: 286733800
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic01c53cbe79f55c2d403a66acbfd04029395c287
If some check in a VTS test case fails, the test function may exit early
and not call CheckedDeleteKey(&some_keyblob), thus "leaking" a key blob.
This isn't normally an issue, but if the key blob happens to use a
feature that uses some secure storage (e.g. ROLLBACK_RESISTANCE or
USAGE_COUNT_LIMIT=1) then this may leak some scarse resource.
To avoid the chance of this, use an RAII holder to ensure that
manually-managed keyblobs (i.e. key blobs that are not held in the
key_blob_ member of the base test class) are always deleted.
Bug: 262212842
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie8806095e249870484b9875eb660070607f339a3
Update the RKP readme to match contemporary philosophy about the design.
This includes replacing discussion if the obsolete term `BCC` with a
description of the Android Profile for DICE.
The privacy concerns are relaxed to match updates to the HAL which
remove the superencryption of the DICE chain.
Test: n/a
Fix: 281755202
Change-Id: I3a6fd2cd12599c5843b5dce0044eb16c2afbffa2
It should definitely be the case that a different SPL triggers key
requires upgrade, but the converse isn't true -- if no SPL change, it's
OK for the device to request upgrade anyhow.
Bug: 281604435
Change-Id: Ic03ce51fb4b18ff669595ab430f9fccd1da48997
Align with the Open Profile for DICE by requiring that the configuration
hash be included because the configuration input is a hash of the
specified configuration desscriptor.
Test: n/a
Change-Id: I9d2ef560dc8e6f567b5b8d1a244f5138c45ae420
Introduce a field to the configuration descriptor that provides a
standard semantically-defined version number rather than the
vendor-defined component version which acts more like a build ID.
Test: n/a
Bug: 282205139
Change-Id: Idb0c991ab12ae75687236f2489e639e4422a0225
Only specify the requirements for `normal` DICE mode and allow vendors
to choose the non-normal mode that fits their need per the ope-dice
specification.
Add a note that RKP required `normal` mode in the DICE chain in order to
trust the device.
Test: n/a
Bug: 263144485
Change-Id: Iaaa3799c53234de61a51ebc855822b93ab3e5bb8
The Open Profile for DICE give possible guidelines on the requirements
for the DICE mode but Android needs those to be strictly specified.
Fix: 263144485
Test: n/a
Change-Id: Ia5fc937654504199cabf4709f1c15484242e0161
Added a check to make sure IMEI is not "null".
Bug: 281676499
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Ia1569a30412d633eee4d4de8cd00dea077d1c23d
In the second case out of the two cases of authorization enforcement
described for update(), it seems like the challenge is expected in
the timestamp token.
Test: N/A
Change-Id: I33e1b84bf8218335665b31ca144b3b4ecb342328
