The original change to add this test didn't make it into the Android 13
version of the VTS test, so the version gate needs to be updated to be
v3+
Bug: 292318194
Test: VtsAidlKeyMintTargetTest --gtest_filter="*EcdsaMissingCurve*"
(cherry picked from https://android-review.googlesource.com/q/commit:9ed7d2c5bfa3958ef399567e12d84a3f67f0cb80)
Merged-In: I94bf816688e57c7c04893a23cf0399129de94229
Change-Id: I94bf816688e57c7c04893a23cf0399129de94229
It turns out we had a bug (b/263844771) in how RKP support was
detected, and that was fixed. However, due to this bug, some S chipests
shipped without RKP support which is now required by the tests.
This change drops the RKP requirement from S chipsets. There should be
no new S chipsets, so this effectively grandfathers in the previous
ones that were skipped by the RKP VTS tests.
T+ tests (both VTS and other suites) will verify that RKP support is
there, so there is no gap introduced by this change.
Bug: 297139913
Test: VtsAidlKeyMintTargetTest
(cherry picked from https://android-review.googlesource.com/q/commit:8be875e0d0c18b8de67744c8b9629f2ff518dd60)
Merged-In: I387e5f058ada698747aac103c1745682291f2d1c
Change-Id: I387e5f058ada698747aac103c1745682291f2d1c
When deliberately testing invalid ID attestation, use the helper
function (which checks the error return code is correct) in one more
place.
Test: VtsAidlKeyMintTargetTest
Bug: 286733800
Change-Id: I6ea5bd7ee19b3b172330117bfde1b16745debba7
(cherry-picked from commit c68dc93788)
Merged-In: I6ea5bd7ee19b3b172330117bfde1b16745debba7
Generalize the existing helper function to allow more variants.
Remove a couple of pointless invocations of the existing helper.
Bug: 286733800
Test: VtsAidlKeyMintTargetTest
(cherry picked from https://android-review.googlesource.com/q/commit:f42238c99ffe0df2e51cec84a96ed859a878b2b0)
Merged-In: Ic01c53cbe79f55c2d403a66acbfd04029395c287
Change-Id: Ic01c53cbe79f55c2d403a66acbfd04029395c287
Generalize the existing helper function to allow more variants.
Manual cherry-pick of aosp/2627969 combined with aosp/2648423 to avoid
merge conflicts
Bug: 286733800
Test: VtsAidlKeyMintTargetTest
Merged-In: Ic01c53cbe79f55c2d403a66acbfd04029395c287
Merged-In: I0dcac312ac4516a078b2742721e3a19074da52b1
Change-Id: I328f7b3195d4b4dd1ed1da17377696261094ea76
Strongbox may not support 1024 bit key size for RSA.
So in NoUserConfirmation test updated the key size to
2048 so that the test works for both TEE and Strongbox.
Bug: 280117495
Test: run VtsAidlKeyMintTarget
(cherry picked from https://android-review.googlesource.com/q/commit:ce2bebdd79cf7536b06c2d67cdee8867475a3b10)
Merged-In: I32bb28001aca9b69eedb1bd3d0bcff43052d06e4
Change-Id: I32bb28001aca9b69eedb1bd3d0bcff43052d06e4
Updated the BootLoaderStateTest for strongbox implementations which
do not support factory attestation.
Bug: 255344624
Test: vts -m VtsAidlKeyMintTarget
Change-Id: I8fe176a18fc0b9e2b2d0b012b7b63124d15c9e2f
Merged-In: I8fe176a18fc0b9e2b2d0b012b7b63124d15c9e2f
No tests are instantiated if KeyMint is present on the the device.
Explicitly allow that.
Bug: 277975776
Test: VtsAidlKeyMintTargetTest
Change-Id: I88f1c0a81f36d198dabcb1420b62a00bacdbb6e7
Enable some tests that are bypassed on strongbox implementation.
Bug: 262255219
Test: VtsAidlKeyMintTargetTest
Change-Id: I548bddcd16c0a1ee1c1cb8266d4d99dbdff3d39b
The DICE chain specification changes slightly between VSR versions so
the VSR is used to select the set of validation rules that should be
applied.
Test: TH
Change-Id: I3697279d9348705a0279736c61e8333720321214
RKP allows 0 ~ 64 byte challenge to be provided.
Test it by several different size inputs.
Bug: 272392463
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I488c75745dc68778ff6d862506a5beeec82f7ac1
Detect if there is an IRemotelyProvisionedComponent for strongbox, and
if so run the associated keymint tests. Else, allow strongbox to skip
the test as it's not required to implement the IRPC HAL.
Bug: 271948302
Test: VtsAidlKeyMintTargetTest
Change-Id: Ibf98e594e725d6ad14c0ff189ab9fbcc25b51f80
Ensure that v3 HALs have exactly the expected number of entries present
when returning DeviceInfo inside of the Certificate Signing Request. Do
not allow for additional or fewer entries.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I8ea628335d5eed35ca2b65e22980e13fc9806738
The support level for strongbox is different from the tee
implementation. Additionally, we were incorrectly checking the keymint
aidl version. KeyMint 1.0 supported ATTEST_KEY, so it's unclear why we
were ever checking for KeyMint 2.0.
Test: VtsAidlKeyMintTargetTest
Bug: 263844771
Change-Id: I750367902fec90204d71c1e158404b2421f9ad87
The DICE chain in the ProtectedData objects are evaluated against the
specification from v1 and v2 of the HAL whereas the chain in
AuthenticatedMessage objects are evaluated against the specification
from v3.
There are only small differences with v3 aligning to the standards where
there was previously more leniency.
Fix: 262599829
Test: TH
Change-Id: Ied14362b5530485eb6c2302a0ae0f21da9cdb33f
Put the test arm that just involves checking a property
first, so that tests which involve a round trip to the Package
Manager are only executed when they're needed.
Test: VtsAidlKeyMintTargetTest
Bug: 271026714
Change-Id: I4caad6243a3b9d511a32717fd95f58864b857eeb
In 32-bit builds a `long` may be 32 bits, but the `long` values on an
AIDL interface are 64 bits. Therefore need to use `int64_t` for the
corresponding C++ type, not `long`.
Bug: 271056044
Test: VtsAidlKeyMintTargetTest --gtest_filter="*AuthTest*" (32-b)
Change-Id: I19f5a1d825dfcc45087534bbd4239a13cdfec3f7
to not to hold the CRL Distribution Points extension in it.
Bug: 260332189
Test: atest VtsAidlKeyMintTargetTest
Change-Id: I7b191b4351984ce82db0e9440027ddbfc14b1c3a
hardware/interfaces/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp:79:26: error: reference to stack memory associated with local variable 'message' returned [-Werror,-Wreturn-stack-address]
return std::move(message);
^~~~~~~
Test: presubmit
Change-Id: I4298b4a25ccb809a7ae180bb218e673a7f1aa623
