Test Store/Get api of SecretManagement HAL. We use a hard coded
hypothetical chain & a dice policy (which the dice chain matches
against) for testing the store/get functionality.
This patch also adds required error codes in SecretManagement.cddl
Bug: 291224769
Test: atest VtsSecretkeeperTargetTest
Change-Id: I0aa2dfc7413791e9de62a6e753bda4ab2f813d2c
We introduce InMemoryStore, an implementation of KeyValueStore trait.
This can be used for implementing backends that VTS can run against.
Bug: 291224769
Test: atest VtsSecretkeeperTargetTest
Change-Id: Id109ee3bd38ec0979953b6285019c97d418172ef
Update __ANDROID_API_V__ with 202404 for the vendor api level.
Bug: 312798205
Bug: 315246126
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I0e6ff71e57137e3f6d7e5e5bf082d10026cec2e0
With Request/Response packets impl CborSerializable. Use the methods
from those.
Test: atest libsecretkeeper_comm_nostd
Bug: 291228655
Change-Id: Ib0daf9c0aa3417befedbc130725fb3445b327079
[Description]
1.Add patch to modify rkp_factory_extraction_tool, so
that it can meet TV customer's factory product line.
2.Change the method for
rkp_factory_extraction_tool to get the serial number.
3.Introduce a new input parameter, serialno_prop,
to the function jsonEncodeCsrWithBuild.
4.Use the new property of serialno_prop if it is set,
otherwise defaults to "ro.serialno".
Test:
1.build pass
2.AC on/off pass
3.run "rkp_factory_extraction_tool
--output_format build+csr
--serialno_prop $(customer_prop) > csr.json" pass
4.run "rkp_factory_extraction_tool
--output_format build+csr > csr.json" pass
5.VtsHalRemotelyProvisionedComponentTargetTest pass
6.libkeymint_remote_prov_support_test pass
7.VtsAidlKeyMintTargetTest pass
Bug: 313811996
Change-Id: I8aa83bacab22f0a28bc54aea9e816f75a382ffde
Add `ISecretkeeper::getAuthGraphKe()` method to the Secretkeeper HAL.
Align the AIDL targets between AuthGraph and Secretkeeper, and add
some defaults that automatically link to the current version of the
Secretkeeper AIDL targets.
Move the non-secure implementation of AuthGraph to run the TA in a
separate thread.
Alter the nonsecure implementation of Secretkeeper so that it no longer
directly implements Secretkeeper functionality, but instead re-uses
common code from the Secretkeeper reference implementation. This
involves re-using the common implementation of the HAL service (from
`authgraph_hal`), but also involves using the reference implementation
of the the TA code that would normally run in a separate secure
environment. The latter code expects to run in a single-threaded
environment, so run it in a single local thread.
Note that the negotiated session keys emitted by AuthGraph are not yet
used by Secretkeeper (coming in a subsequent CL).
Extend the Secretkeeper VTS tests to invoke the AuthGraph VTS inner
tests on the returned IAuthGraphKeyExchange instance, exercising the
instance as an AuthGraph sink.
Bug: 291228560
Test: VtsSecretkeeperTargetTest
Change-Id: Ia2c97976edc4530b2c902d95a74f3c340d342174
The RKP VM is part of the Android Virtualization Framework. It will be
uniquely authenticated by the RKP server, and therefore needs its own
certificate type.
Bug: 300624493
Change-Id: Ice586ad85ae43235dd80a5d220603e7394c1c49b
Revert submission 2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Reason for revert: Relands the original topic:
https://r.android.com/q/topic:%22expose-avf-rkp-hal%22
PS2 is the same as the original cl: aosp/2796032
Reverted changes: /q/submissionid:2829351-revert-2812456-revert-2812435-revert-2778549-expose-avf-rkp-hal-GTFGLMUUKQ-PAWNEHUQBT-WYENGHRTXK
Test: atest MicrodroidHostTests librkp_support_test
Change-Id: I7200599131c01908db7fa3bb4a6f989418a89288
Add VTS for testing ISecretkeeper implementation. At present, VTS is
limited to testing GetVersion operation of SecretManagement.
Test: atest VtsSecretkeeperTargetTest
Bug: 291224769
Change-Id: I6084af2fa6cb578e27996e26a0505b267a10b4ef
A failure to get the IAuthGraphKeyExchange/nonsecure instance might
be because it's not registered (likely on most non-Cuttlefish devices)
or it might be for some other reason, such as SELinux denial.
So detect other kinds of failure to get the service, and also change
the VTS to require root so SELinux denials don't happen.
Also tweak the expected return code when a source is given a corrupt
key; now that replay protection is implemented, the reference
implementation rejects this earlier (and with a different error)
because the session lookup fails.
Test: VtsAidlAuthGraphRoleTest
Bug: 291228560
Change-Id: I032600ac809f43a3642fa9ef9aae788d3ca2378f
Given that we are not expecting to release a v4 of the KeyMint HAL for
Android V, tweak some spec and test details so that existing v3
implementations do not need to change.
- Soften the requirement to use (1970-01-01, 9999-12-31) as cert dates
when secure-importing an asymmetric to be a suggestion instead.
- Change the version gate for the test of importing an EC key with no
specified `EC_CURVE` to be VSR-gated rather than gated on a putative
future version of the HAL.
Test: VtsAidlKeyMintTargetTest
Bug: 292318194
Bug: 292534977
Change-Id: Ib8d6e79ea948ee77eeb2528d698205179f026fd3
Only police for future versions of KeyMint, so that any existing
implementations that use the full key don't suddenly start to fail
VTS.
Bug: 305103215
Test: VtsAidlKeyMintTargetTest
Change-Id: If6534b84b6eff8cdb281586e17a5f89c7bf5f5d0
Create the default/reference implementation of Secretkeeper HAL. Status
quo, this is non-secure implementation. In reality, the HAL should be
backed by a privileged component such a trusted app.
Bug: 291224769
Test: Topic includes VTS
Change-Id: I6a4ad50482d537f5438de6201275f4020cd827df
Secretkeeper is a privileged component which seals the secrets of pVM
instances & releases them on successful authentication of the pVM.
The HAL should be backed by a secure TA of higher privilege than a pVM.
This patch introduces a subset of HAL spec - the SecretManagement api. The
protocol is cbor based (specified in SecretManagement.cddl).
Test: atest VtsSecretkeeperTargetTest
Bug: 293429085
Change-Id: I8e650f27d506d378a94bbc8834c68a005fb12253
This CL updates description of the `Nonce` used in key exchange as per
API council review.
Additionally, this includes updates to the documentation that are found
to be suitable as per further proof reading.
Test: N/A
Change-Id: Ie59e3a10eb8844fcfac9dad60c9d431ae499ee40
Add VTS tests that just exercise a single role, sink or source.
Use the AuthGraph core library to provide the implementation of the
other role. This means that the tests are best written in Rust.
Put the test code into a library, so that other HALs which include
AuthGraph as a component can exercise the AuthGraph parts in their own
VTS tests.
Test: VtsAidlAuthGraphRoleTest
Bug: 284470121
Change-Id: I73f6aa277b41cc728587d707d7a6f82f0d18e08f
Use the core library's new service implementation, which wraps a
channel to the TA.
In this nonsecure case, the TA is local in-process, so use the core
library's AuthGraphTa, and implement the SerializedChannel as just
a direct invocation of the TA.
Move this code into a _nonsecure library, so the main.rs just has
the code needed to start the executable and register the service.
Test: VtsAidlAuthGraphSessionTest
Bug: 284470121
Change-Id: I738d3876872a8cd248f0ebec708676d1173b6e37
The authgraph_hal library should only depend on libauthgraph_wire, not
on libauthgraph_core, so adjust error processing accordingly.
Test: VtsAidlAuthGraphSessionTest
Bug: 284470121
Change-Id: I48056db6ceeab409d0f165f8e051809129643c6f
KeyMint should be able to handle challenges up to 128 bytes.
Document this (and the expected error code) in Tag.aidl.
Bug: 307714384
Test: m
Change-Id: Id099dd055c81b10d777effdf364395f84d8b35c6
Add an implementation for the AuthGraph key exchange HAL, to allow
testing and policy compliance.
In real use, IAuthGraphKeyExchange instances are expected to be
retrieved from some other HAL, allowing the AuthGraph instance to be
specifically correlated with the component that uses it.
Bug: 284470121
Bug: 291228560
Test: hal_implementation_test
Test: VtsAidlAuthGraphSessionTest
Change-Id: Ib064292d60bead663af7721fd1406f2a9b5d8ecd
Introduce the AIDL methods for key exchange and the CDDLs for
the relevant input/output types that are CBOR encoded.
Use a standard comment format in CDDL files to indicate where additional
structure definitions can be found, in the hope that one day tooling
will be available to automatically check schema syntax.
Add authgraph to compatibility matrix
This CL merges the CLs: aosp/2750484, aosp/2750485, aosp/2750486 by
drysdale@google.com
Co-authored-by: David Drysdale <drysdale@google.com>
Bug: 284470121
Test: validate schemas with https://cddl.anweiss.tech/
Test: VtsAidlAuthGraphSessionTest (with nonsecure default impl)
Change-Id: I2793666ede028f8abe91569587c09dcac21c67e0
