Add tests for:
- Too much entropy should be rejected with INVALID_INPUT_LENGTH
- All authorization lists should include a vendor and boot patchlevel.
These requirements are in both the KeyMint and the KeyMaster 4.0 AIDL
specificications, but have never been policed before.
Currently disabled with a command-line flag because CF does not have
the patchlevels and so fails lots of tests.
Test: VtsKeyMintAidlTargetTest
Change-Id: Ic9622ef3f1b80e013a34059218e3e029f392eb72
Somehow the attestation format docs got dropped from KeyMint in the
transition from Keymaster. This replaces them, and also clarifies
that KeyMint StrongBox should not support device attestation.
Test: VtsAidlKeyMintTargetTest
Change-Id: I2334e99b4797c7a0e2e59727ffa730cf7504df31
- Added tests for signing attest key with factory chain.
- Added test for signing encryption keys.
- Added tests for chaining many RSA attest keys on the same chain.
- Added tests for chaining many Ec attest keys on the same chain.
- Added tests for alternate chaining of rsa-ec-rsa-ec-rsa attesti
keys on the same chain.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I9c67e2b928d6bba6cc4074a4b65f639f33c9ec26
- Check for app id only if challenge is provided.
- Verify self sign certificate works for RSA and Ecdsa.
- Verified attestation is generated for encryption keys too.
- Verify no attestation is generated for symetric keys.
- Verify app id is always required when attestation challenge is
provided to the new key generation.
- Verify app id is ignored when challenge is missing.
- Verify app id length is properly encoded.
- Added vts tests for various attestation success and fail cases.
Test: atest VtsAidlKeyMintTargetTest
Change-Id: If29249b0913fd9c2f91d20188ca5cfbaa04bead8
This is the change that removes the functionality that has been shifted
over to appropriate classes and contexts in system/keymaster.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I491f4ef823868322ea6a804d88ca09662c099a44
Move helper utilities across into KeyMintAidlTestBase to allow re-use.
Test: VtsHalRemotelyProvisionedComponentTargetTest, VtsAidlKeyMintTargetTest
Change-Id: Ib9e55a7d72fd197016ae1a1f073dadedafa09c25
TAG_BOOT_PATCHLEVEL and TAG_VENDOR_PATCHLEVEL should be interger type.
Fixed: 184796337
Test: VtsAidlKeyMintTargetTest not abort
Change-Id: Iccd6ac93910d44c0a02b798210909c404a98d8ab
This allows applications to generate their own attestation keys and
then use them to attest other application-generated keys.
Bug: 171845652
Test: VtsAidlKeyMintTargetTest
Change-Id: I32add16dcc2d1b29665a88024610f7bef7e50200
1. Fix test case for usage count limit tag = 1 case, when
hardware cannot enforce it, the tag should by enforced by keystore.
2. Add test case for usage count limit tag > 1.
3. Add test case to verify the usage count limit tag appears
correctly in the attestation certificate for asymmetic key.
Test: atest -c VtsAidlKeyMintTargetTest
Change-Id: I01df278b42a91a78c8888c13c4f81b7ec70cfa22
This is by no means complete, but it validates basic functionality.
More is coming.
Test: VtsAidlKeyMintTargetTest
Change-Id: I0727a9f5b137b58b9a2f0aaf9935bfdc6525df8f
Support key characteristics with three security levels, do not store
unenforced authorizations with keys or bind them to keys.
Bug: 163606833
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Idbc523f16d8ef66ec38e0d503ad579a93c49e7b4
* replace NullOr with std::optional.
* Add mising tag.
* Undefine helper macros so that keymint_tags.h can be used together
with keymaster_tags.h
* Check if KeyParameterValue variant matches KeyParameterTag in
accessors.
Test: VtsAidlKeyMintTargetTest
Change-Id: I6c951071f30fd27c8c21a2e8cc86f421a3bc37d9
1ffcdebadd
Bug: 175345910
Bug: 171429297
Exempt-From-Owner-Approval: re-landing topic with no changes in this CL.
Change-Id: I691cad252f188b54a8076589d9955774d74d4729
