Ed25519 signing operations require the secure world to accumulate the
entirety of the message; consequently, impose a limit on message size
for this operation.
Bug: 194358913
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibfb6a54c1d546b5b4e51f42795d2bb4660add772
Various block cipher testing fixups. Some of these changes reflect edge
cases I encountered when running local GSC builds.
Change:
* Extend ciphertext lengths.
* Add SCOPED_TRACE() within for loops.
* Use '\t' instead of 'a' for PKCS7 padding.
Test: CTS/VTS
Signed-off-by: Brian J Murray <brianjmurray@google.com>
Change-Id: I4555519787e0133367ad3f40609d43a7bc71c36e
- Add CURVE_25519 as a supported curve for EC operations.
- Add a helper that checks whether the HAL is of a version that is
expected to support curve 25519, and skip relevant tests if not.
- Ed25519 support
- Update KeyMintAidlTestBase::LocalVerifyMessage to cope with a public
key of type EVP_PKEY_ED25519.
- Add a test key pair generated with openssl command line.
- Key generation test
- Key import test for raw format
- Key import test for PKCS#8 format
- Key import failures tests
- Signature test
- Check that purposes cannot be combined (Ed25519 != X25519)
- Check that Ed25519 key can be attested to
- Implicitly check that an Ed25519 key can be used for attestation
(as it is in ValidCurves())
- Force Digest::NONE for Ed25519 throughout.
- X25519 support
- Add a test key pair generated with openssl command line.
- Key generation test
- Key import test for raw format
- Key import test for PKCS#8 format
- Key import failures tests
- Key agreement test, including...
- Refactoring of existing key agreement test for re-use
- Update key agreement checks to cope with a public key of type
EVP_PLEY_X25519.
- Key agreement test using imported key
- Check that purposes cannot be combined (Ed25519 != X25519)
Bug: 194358913
Test: VtsAidlKeyMintTargetTest
Change-Id: Ifa0f95fdfba4387843c8e821c2ca977da0488fa6
For the time being, allow the version number in the attestation record
to be 100 even if the AIDL version is 2, so that implementations don't
have to update both versions simultaneously.
Bug: 194358913
Test: TreeHugger, VtsAidlKeyMintTargetTest
Change-Id: I9aae69327a62014e286ce30ca2a4d91c4c280714
Revert "Bump keystore2 AIDL API version 1->2"
Revert "Advertise support of KeyMint V2"
Revert submission 1900930-version-bump
Reason for revert: Broken build on sc-qpr1-dev-plus-aosp, b/210450339
Reverted Changes:
I42a9b854f:keystore2: cope with new curve25519 enum
I167d568d6:Bump keystore2 AIDL API version 1->2
I3a16d072e:Advertise support of KeyMint V2
Ibf2325329:KeyMint HAL: add curve 25519, bump version
Change-Id: I78d4b07c41aa6bfeb367b56a58deeac6adb6ec46
Marked as required for TRUSTED_ENVIRONMENT impls but not STRONGBOX.
Bump keymint HAL version 1->2 in defaults and in current compatibility
matrix.
Bug: 194358913
Test: build
Change-Id: Ibf2325329f0656a2d1fc416c2f9a74d505d0bf20
A VTS test case to verify HMAC signature verification fails if data or
signature is currupted.
Bug: 209452930
Test: run vts -m VtsAidlKeyMintTargetTest
Change-Id: I2177fd99cfab4ef4a347d50461db0d2e3ad8c612
The KeyMint spec requires that all generated keys include the
BOOT_PATCHLEVEL for the device.
However, the VTS test sometimes gets run in an environment where this
is not possible; specifically the Trusty QEMU tests don't have the
bootloader -> KeyMint communication that is needed to populate this
information.
Add a command line flag that disables checks for BOOT_PATCHLEVEL to
cope with these scenarios, making sure that it defaults to having the
checks enabled.
Test: VtsAidlKeyMintTargetTest
Change-Id: I215c8a18afbd68af199d49f74b977ad7cac6b805
Transfer the fix in http://aosp/1745035 from the KeyMint VTS test back
into the keymaster VTS test.
Bug: 189261752
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5f0a69255cfe980dd6e71fa29ff06a84cb668f6d
Test that specifying RESET_SINCE_ID_ROTATION results in a different
unique ID value.
Test: VtsAidlKeyMintTargetTest
Bug: 202487002
Change-Id: I2aed96514bf9e4802f0ef756f880cac79fa09554
The KeyMint spec has always required that keys with the ATTEST_KEY
purpose "must not have any other purpose".
Add explicit tests for combined-purpose keys to be rejected.
Also expand the spec text to require a specific error code, and to
explain the rationale for single-purpose ATTEST_KEY keys.
Bug: 197096139
Test: VtsAidlKeyMintTargetTest
Change-Id: I2a2014f0ddc497128ba51bb3f43671f759789912
Existing comment is incorrect: the ATTESTATION_ID_* values that the test
provided are rejected because they do not match the device values, not
because the tags are specific to device-unique attestation.
Fix the test comment (and make the values more obviously wrong), and
add a separate test that includes correct values of ATTESTATION_ID_*
values.
Test: VtsAidlKeyMintTargetTest
Change-Id: I5c5f5ef6a228990c9e46f90727e0f135dfc2c528
Keymint is not supposed to support public key operations.
Update the parameter to reflect that.
Bug: 202928979
Test: VtsAidlKeyMintTargetTest
Change-Id: Id746953f5c68be6730beb3a7340e075ef28039c2
When a KeyMint VTS exercises optional functionality, where possible
use GTEST_SKIP() when that functionality is absent, so the test
summary includes information about what is present and what isn't.
This should not affect the overall test result.
Test: VtsAidlKeyMintTargetTest
Change-Id: I62d244d2e4ecc67737906009575e64b50450d4c4
Check if the zero input data with AES-CBC-[NONE|PKCS7] padding mode
generates correct output data and length.
Bug: 200553873
Test: VtsHalKeymasterV4_0TargetTest, VtsAidlKeyMintTargetTest
Change-Id: I729c2bad65e9d8b194422032346e5ee3c4b0dce5
Believe that all KeyMint implementations are now in compliance with
the HAL specification and so we can enable the checks that all
generated keys include vendor and boot patchlevel.
Test: VtsAidlKeyMintTargetTest
Change-Id: I99741af308023fe12268e9875e252470fbaaaf9e
Test was producing an invalid set of parameters in a different way than
intended.
Bug: 197222749
Test: VtsAidlKeyMintTargetTest
Merged-In: I07f706fec81d91e8eee9c0561428142559c54f12
Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12
Ignore-AOSP-First: this is a manual cross-merge
Test was producing an invalid set of parameters in a different way than
intended.
Bug: 197222749
Test: VtsAidlKeyMintTargetTest
Change-Id: I07f706fec81d91e8eee9c0561428142559c54f12
Test failed to set default key validity, which caused keygen to fail.
Wasn't noticed because this test is typically disarmed.
Note: This test will destroy all user data on the device (which is
why it is typically disarmed).
Bug: 187105270
Test: VtsAidlKeyMintTargetTest --arm_deleteAllKeys
Change-Id: I67e317fdfca15c95c6420918948d1416e97de482
Merged-In: I67e317fdfca15c95c6420918948d1416e97de482
The TAG_ALLOW_WHILE_ON_BODY authorization is not required to be
supported, and if it is not supported it's a noop. Don't expect the tag
to fail with UNSUPPORTED_TAG on devices that don't support it.
Test: VtsAidlKeyMintTargetTest
Bug: 192222727
Change-Id: I2e80ca59151e79f595a65cae94ac966b4ba7020d
Merged-In: I2e80ca59151e79f595a65cae94ac966b4ba7020d
