Test that specifying RESET_SINCE_ID_ROTATION results in a different
unique ID value.
Test: VtsAidlKeyMintTargetTest
Bug: 202487002
Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
Existing comment is incorrect: the ATTESTATION_ID_* values that the test
provided are rejected because they do not match the device values, not
because the tags are specific to device-unique attestation.
Fix the test comment (and make the values more obviously wrong), and
add a separate test that includes correct values of ATTESTATION_ID_*
values.
Test: VtsAidlKeyMintTargetTest
Change-Id: I5c5f5ef6a228990c9e46f90727e0f135dfc2c528
When a KeyMint VTS exercises optional functionality, where possible
use GTEST_SKIP() when that functionality is absent, so the test
summary includes information about what is present and what isn't.
This should not affect the overall test result.
Test: VtsAidlKeyMintTargetTest
Change-Id: I62d244d2e4ecc67737906009575e64b50450d4c4
Believe that all KeyMint implementations are now in compliance with
the HAL specification and so we can enable the checks that all
generated keys include vendor and boot patchlevel.
Test: VtsAidlKeyMintTargetTest
Change-Id: I99741af308023fe12268e9875e252470fbaaaf9e
Test was producing an invalid set of parameters in a different way than
intended.
Bug: 197222749
Test: VtsAidlKeyMintTargetTest
Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12
Test failed to set default key validity, which caused keygen to fail.
Wasn't noticed because this test is typically disarmed.
Note: This test will destroy all user data on the device (which is
why it is typically disarmed).
Bug: 187105270
Test: VtsAidlKeyMintTargetTest --arm_deleteAllKeys
Change-Id: I67e317fdfca15c95c6420918948d1416e97de482
Merged-In: I67e317fdfca15c95c6420918948d1416e97de482
The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be
supported, and if it is not supported it's a noop. Don't expect the tag
to fail with UNSUPPORTED_TAG on devices that don't support it.
Test: VtsAidlKeyMintTargetTest
Bug: 192222727
Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
Merged-In: I2e80ca59151e79f595a65cae94ac966b4ba7020d
It's possible that corrupted ciphertext decrypts just fine. e.g. the
output ends with "0x01".
However, the chances of this happening are relatively low
(roughly 1/256). Corrupt the ciphertext up to 8 times, ensuring that
the likelihood of multiple successful decryptions is so miniscule that
it's effectively impossible.
Test: Ran *PaddingCorrupted tests 50000 times
Change-Id: If40ecd7817819921c020ea9b86ada18c4c77ea55
The KeyMint AIDL spec requires that "Tag::EC_CURVE must be provided to
generate an ECDSA key". Move the VTS tests to always create ECDSA keys
by curve not key size.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Change-Id: I33036387c243b21ab0ecd49221b7e7757598913e
Try all tags in attestion extension one by one
Test: VtsAidlKeyMintTargetTest on CF
Bug: 186735514
Change-Id: I63ca8d298d2d16f707f2437ab48aaa69c1d7563d
Add a check that the TAG_EARLY_BOOT_ONLY is included in the returned key
characteristics.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Change-Id: I200c61f34888c720c47f6289d79cd21d78436b58
- clarify & test BIGNUM spec
- allow alternative return codes when requesting device unique
attestation
- use specific error for early boot import failure
- test more early boot key scenarios (in post-early-boot mode)
Test: VtsAidlKeyMintTargetTest
Change-Id: I70a342084a29144aef1ed0ff80fec02cc06ffbc0
Change RSA encryption (with public key) so it happens locally in the
test, rather than by invoking an ENCRYPT operation against KeyMint.
- Specify MGF1 digest for OAEP mode as (now) required by AIDL spec.
- Drop tests for too-long encryption inputs.
- Adjust test comments to reflect decryption-only nature.
- Change parameter checking tests to do so on DECRYPT rather than ENCRYPT.
Test: VtsAidlKeyMintTargetTest
Change-Id: I10c4beea28387eecfd0bc7c5dfd59a1b66fec21e
Strongbox doens't support p-224. Change the curve to p-256 for better
compatibility.
Also update the tags to be filtered on the hw-enforcement list.
Change-Id: I3f587c5471ca68b88a565ee9ec2e27d1e9e11b17
Change verification of ECDSA and RSA signatures so it happens locally
in the test, rather than by invoking a VERIFY operation against KeyMint.
Test: VtsAidlKeyMintTargetTest
Change-Id: I0efc30f3c96cd70ac636d34718eff53cc23f1480
If GenerateKey() with user-provide key_blob, it needs to be specified in
the following begin() operations as well. Update the test case just to
take key_blob from private member instead of creating a local one.
Note:
- Remove redudent TAG_NO_AUTH_REQUIRED in DeviceUniqueAttestationTest
Change-Id: I81860294e1e7e01a57e66e08e75507a8292ec0c3
Tests for:
- non-prime RSA exponent (fails with CF KeyMint)
- RSA exponent value of 3
- key size > 512 for `STRONGBOX`
- unknown tag inclusion
- CBC input size not block size multiple
- challenge omitted for attestation (fails with CF KeyMint)
- import RSA key with implicit params
- vestigial upgradeKey test
- importWrappedKey errors
- importWrappedKey sids ignored
- duplicate/missing params on begin()
- more tests for incompatible params on begin()
- HMAC size not multiple of 8 (fails with CF KeyMint)
- wrong size caller IV for 3DES rejected
- too large MIN_MAC_LENGTH for HMAC
- invalid AES-GCM minimum MAC length values
- check failed updateAad() cancels operation
- check that auto-generated nonces are distinct
- (DISABLED_) invoke destroyAttestationIds()
- omitting optional RSA keygen tags
Also add commenting to illustrate the ASN.1 structure of hex data.
Test: VtsKeyMintAidlTargetTest
Change-Id: I4663c42671cbb094ffe8d603e0352ffa9f1dbf2e
Add tests for:
- Too much entropy should be rejected with INVALID_INPUT_LENGTH
- All authorization lists should include a vendor and boot patchlevel.
These requirements are in both the KeyMint and the KeyMaster 4.0 AIDL
specificications, but have never been policed before.
Currently disabled with a command-line flag because CF does not have
the patchlevels and so fails lots of tests.
Test: VtsKeyMintAidlTargetTest
Change-Id: Ic9622ef3f1b80e013a34059218e3e029f392eb72
- Check for app id only if challenge is provided.
- Verify self sign certificate works for RSA and Ecdsa.
- Verified attestation is generated for encryption keys too.
- Verify no attestation is generated for symetric keys.
- Verify app id is always required when attestation challenge is
provided to the new key generation.
- Verify app id is ignored when challenge is missing.
- Verify app id length is properly encoded.
- Added vts tests for various attestation success and fail cases.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: If29249b0913fd9c2f91d20188ca5cfbaa04bead8
Move helper utilities across into KeyMintAidlTestBase to allow re-use.
Test: VtsHalRemotelyProvisionedComponentTargetTest, VtsAidlKeyMintTargetTest
Change-Id: Ib9e55a7d72fd197016ae1a1f073dadedafa09c25
This allows applications to generate their own attestation keys and
then use them to attest other application-generated keys.
Bug: 171845652
Test: VtsAidlKeyMintTargetTest
Change-Id: I32add16dcc2d1b29665a88024610f7bef7e50200
Verify that when keymint implementation supports rollback resistance,
it must also enforce the single use key in hardware by secure hardware.
Test: atest -c VtsAidlKeyMintTargetTest
Change-Id: Ib984003247906ded7266da620e2d82e826d916bc
1. Fix test case for usage count limit tag = 1 case, when
hardware cannot enforce it, the tag should by enforced by keystore.
2. Add test case for usage count limit tag > 1.
3. Add test case to verify the usage count limit tag appears
correctly in the attestation certificate for asymmetic key.
Test: atest -c VtsAidlKeyMintTargetTest
Change-Id: I01df278b42a91a78c8888c13c4f81b7ec70cfa22
And add vts test to verify the tag appears in the key characteristics.
also if the tag is enforced in the hardware, afer the usage of the key
is exhausted, the key blob should be invalidated from the secure storage
(such as RPMB partition).
Bug: b/174140443
Test: atest VtsHalKeyMintV1_0TargetTest
Change-Id: Ic65b855c5a8692ab8d1281dd46562ad0844ab1b0
This is by no means complete, but it validates basic functionality.
More is coming.
Test: VtsAidlKeyMintTargetTest
Change-Id: I0727a9f5b137b58b9a2f0aaf9935bfdc6525df8f
Support key characteristics with three security levels, do not store
unenforced authorizations with keys or bind them to keys.
Bug: 163606833
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Idbc523f16d8ef66ec38e0d503ad579a93c49e7b4
* replace NullOr with std::optional.
* Add mising tag.
* Undefine helper macros so that keymint_tags.h can be used together
with keymaster_tags.h
* Check if KeyParameterValue variant matches KeyParameterTag in
accessors.
Test: VtsAidlKeyMintTargetTest
Change-Id: I6c951071f30fd27c8c21a2e8cc86f421a3bc37d9
