Given that we are not expecting to release a v4 of the KeyMint HAL for
Android V, tweak some spec and test details so that existing v3
implementations do not need to change.
- Soften the requirement to use (1970-01-01, 9999-12-31) as cert dates
when secure-importing an asymmetric to be a suggestion instead.
- Change the version gate for the test of importing an EC key with no
specified `EC_CURVE` to be VSR-gated rather than gated on a putative
future version of the HAL.
Test: VtsAidlKeyMintTargetTest
Bug: 292318194
Bug: 292534977
Change-Id: Ib8d6e79ea948ee77eeb2528d698205179f026fd3
Since there were no VTS test to strictly check RSA_OAEP_MGF_DIGEST,
there are released devices with Keymint which do not include this tag in
key characteristics, hence these test fails on such Keymint and UDC
Android framework.
Hence version check is added before asserting MGF digest checks.
Bug: 297306437
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I43054f8dbbd46de53deef5e6771c736e770280e0
Negative test cases should not expect UNKNOWN_ERROR from Keymint since
the exact cause of failure is known.
In general, we should avoid UNKNOWN_ERROR because it makes error
attribution difficult.
To avoid adding retroactive requirements KM implementation, relax the
check to expect any error.
Bug: 298194325
Test: VtsAidlKeyMintTargetTest
Change-Id: I136fb6d36ae92c9e3722ffefe9a067d3515dcbf9
The original change to add this test didn't make it into the Android 13
version of the VTS test, so the version gate needs to be updated to be
v3+
Bug: 292318194
Test: VtsAidlKeyMintTargetTest --gtest_filter="*EcdsaMissingCurve*"
Change-Id: I94bf816688e57c7c04893a23cf0399129de94229
Earlier, attestation properties didn't match on GSI images, hence
EcdsaAttestationIdTags VTS test case was skipped on GSI images.
Recently attestation properties reading priority changed as
ro.product.*_for_attestation -> ro.product.vendor.* -> ro.product.*
that means on GSI images ro.product.vendor.* properties could be used
and hence attestation should work. Incase ro.product.vendor.* properties
are not same as provisioned values to KM. They should be set as
ro.product.*_for_attestation on base build.
Bug: 298586194
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/0_android_hardware_security_keymint_IKeyMintDevice_default
Change-Id: Ie945bd8f7060e0e768daf9681d121ea5f170a6e1
When deliberately testing invalid ID attestation, use the helper
function (which checks the error return code is correct) in one more
place.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I6ea5bd7ee19b3b172330117bfde1b16745debba7
Updated VTS tests to verify mgf-digests in key characteristics of
RSA-OAEP keys. Added new tests to import RSA-OAEP keys with
mgf-digests and verified imported key characteristics.
Bug: 279721313
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I06474a85c9e77fded264031ff5636f2c35bee6b4
If some check in a VTS test case fails, the test function may exit early
and not call CheckedDeleteKey(&some_keyblob), thus "leaking" a key blob.
This isn't normally an issue, but if the key blob happens to use a
feature that uses some secure storage (e.g. ROLLBACK_RESISTANCE or
USAGE_COUNT_LIMIT=1) then this may leak some scarse resource.
To avoid the chance of this, use an RAII holder to ensure that
manually-managed keyblobs (i.e. key blobs that are not held in the
key_blob_ member of the base test class) are always deleted.
Bug: 262212842
Test: VtsAidlKeyMintTargetTest
Change-Id: Ie8806095e249870484b9875eb660070607f339a3
It should definitely be the case that a different SPL triggers key
requires upgrade, but the converse isn't true -- if no SPL change, it's
OK for the device to request upgrade anyhow.
Bug: 281604435
Change-Id: Ic03ce51fb4b18ff669595ab430f9fccd1da48997
Strongbox may not support 1024 bit key size for RSA.
So in NoUserConfirmation test updated the key size to
2048 so that the test works for both TEE and Strongbox.
Bug: 280117495
Test: run VtsAidlKeyMintTarget
Change-Id: I32bb28001aca9b69eedb1bd3d0bcff43052d06e4
A bug in the Trusty HAL service caused it to replace MGF1 digest tags
with Tag::INVALID. This tests that MGF1 tags are returned properly in
the MGF1 success test, and verifies that Tag::INVALID is never
returned by any test.
Bug: 278157584
Test: adb shell /data/nativetest/VtsAidlKeyMintTargetTest/VtsAidlKeyMintTargetTest
Change-Id: I5d391310795c99f37acf3c48310c127a7a31fac3
Enable some tests that are bypassed on strongbox implementation.
Bug: 262255219
Test: VtsAidlKeyMintTargetTest
Change-Id: I548bddcd16c0a1ee1c1cb8266d4d99dbdff3d39b
Detect if there is an IRemotelyProvisionedComponent for strongbox, and
if so run the associated keymint tests. Else, allow strongbox to skip
the test as it's not required to implement the IRPC HAL.
Bug: 271948302
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibf98e594e725d6ad14c0ff189ab9fbcc25b51f80
The support level for strongbox is different from the tee
implementation. Additionally, we were incorrectly checking the keymint
aidl version. KeyMint 1.0 supported ATTEST_KEY, so it's unclear why we
were ever checking for KeyMint 2.0.
Test: VtsAidlKeyMintTargetTest
Bug: 263844771
Change-Id: I750367902fec90204d71c1e158404b2421f9ad87
It's not enough to verify that the system is running KeyMint 2+. We
also need to verify that the vendor partition has RKP support.
Since VSR 13+ requires KeyMint 2+, change the test assumption so that
we don't run the test against systems that may have shipped with an
older VSR chipset (which won't support RKP).
Bug: 263844771
Test: VtsAidlKeyMintTargetTest (on old and new device)
Change-Id: Iac15f69db1152851f5a92d3929cb258b1b1a6b02
Alternet device properties used for attestation on AOSP and GSI builds.
Attestation ids were different in AOSP/GSI builds than provisioned ids
in keymint. Hence additional properties used to make these ids identical
to provisioned ids.
Bug: 110779648
Bug: 259376922
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/0_android_hardware_security_keymint_IKeyMintDevice_default
Test: atest VtsAidlKeyMintTargetTest:PerInstance/NewKeyGenerationTest#EcdsaAttestationIdTags/1_android_hardware_security_keymint_IKeyMintDevice_strongbox
Test: atest CtsKeystoreTestCases:android.keystore.cts.KeyAttestationTest CtsKeystoreTestCases:DeviceOwnerKeyManagementTest
Change-Id: I4bb2e2ebba617972e29ad86ea477eb9b6f35d21a
This integration was technically a requirement on keymint v2, but we
weren't enforcing it with a test. So realistically we are only able
to start enforcing the test with keymint v3.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Ia4feb8ce4b7fd1e47a5c6c9b06ddb12276a9c5ee
The key validity can be ignored when generatKey on Android-12 (S).
Bug: 257445538
Test: Pass on S builds
Change-Id: Iafd8d080f324c7d8d6affbb9d28d4f265f13e2ab
"ImportWrappedKeyTest.WrongDigest" tried to wrap a keyBlob by one digest
type and unwrap it by another digest type.
It's been OK for KeyMint implementations to allow unsupported
parameters/characteristics at key generation time, and only police their
use, at begin() time. However if an implementation wants to secure it at
the key generation/importing time the first digest type must be
supported by all implementation.
Bug: 249276913
Test: VtsAidlKeyMintTargetTest
Change-Id: I6bc000026e9e4aec0aa82078a98c75e2d7c56847
Test size requirements for symmetric (Stream and Block) ciphers.
These tests are similar to CTS tests of symmetric ciphers.
For reference CTS test BlockCipherTestBase#testKatEncryptOneByteAtATime
for all its derived classes eg. AES128CBCNoPaddingCipherTest,
AES128CBCPKCS7PaddingCipherTest etc.
Bug: 226899425
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I78408071fbf5a360d89c5bbae479faffd7c6d935
KeyMint supports the specification of a separate MGF digest when
performing RSA-OAEP decryption, with a default value of SHA-1.
Test the expected behaviour here:
- SHA-1 is used if nothing specified in key characteristics.
- If something is specified in key characteristics, the operation
parameter value has to be one of those values.
Bug: 203688354
Test: VtsAidlKeyMintTargetTest
Change-Id: Ic2dd3641be732a273724faa20cf4edf8a1752506
Check if the zero input data with AES-CBC-[NONE|PKCS7] padding mode
generates correct output data and length.
Bug: 200553873
Test: VtsHalKeymasterV4_0TargetTest, VtsAidlKeyMintTargetTest
Merged-In: I729c2bad65e9d8b194422032346e5ee3c4b0dce5
Change-Id: I729c2bad65e9d8b194422032346e5ee3c4b0dce5
