Loading security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +14 −2 Original line number Diff line number Diff line Loading @@ -251,6 +251,19 @@ TEST_P(GetHardwareInfoTests, uniqueId) { EXPECT_LE(hwInfo.uniqueId->size(), 32); } /** * Verify implementation supports at least MIN_SUPPORTED_NUM_KEYS_IN_CSR keys in a CSR. */ TEST_P(GetHardwareInfoTests, supportedNumKeysInCsr) { if (rpcHardwareInfo.versionNumber < VERSION_WITHOUT_TEST_MODE) { return; } RpcHardwareInfo hwInfo; ASSERT_TRUE(provisionable_->getHardwareInfo(&hwInfo).isOk()); ASSERT_GE(hwInfo.supportedNumKeysInCsr, RpcHardwareInfo::MIN_SUPPORTED_NUM_KEYS_IN_CSR); } using GenerateKeyTests = VtsRemotelyProvisionedComponentTests; INSTANTIATE_REM_PROV_AIDL_TEST(GenerateKeyTests); Loading Loading @@ -728,8 +741,7 @@ TEST_P(CertificateRequestV2Test, NonEmptyRequestReproducible) { * Generate a non-empty certificate request with multiple keys. */ TEST_P(CertificateRequestV2Test, NonEmptyRequestMultipleKeys) { // TODO(b/254137722): define a minimum number of keys that must be supported. generateKeys(false /* testMode */, 5 /* numKeys */); generateKeys(false /* testMode */, rpcHardwareInfo.supportedNumKeysInCsr /* numKeys */); bytevec csr; Loading security/rkp/CHANGELOG.md +2 −1 Original line number Diff line number Diff line Loading @@ -36,4 +36,5 @@ This document provides an exact description of which changes have occurred in th * the chain of signing, MACing, and encryption operations has been replaced with a single COSE_Sign1 object. * CertificateType has been added to identify the type of certificate being requested. * RpcHardwareInfo * `supportedNumKeysInCsr` added to report the maximum number of keys supported in a CSR. security/rkp/aidl/aidl_api/android.hardware.security.rkp/current/android/hardware/security/keymint/RpcHardwareInfo.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -39,7 +39,9 @@ parcelable RpcHardwareInfo { @utf8InCpp String rpcAuthorName; int supportedEekCurve = 0; @nullable @utf8InCpp String uniqueId; int supportedNumKeysInCsr = 4; const int CURVE_NONE = 0; const int CURVE_P256 = 1; const int CURVE_25519 = 2; const int MIN_SUPPORTED_NUM_KEYS_IN_CSR = 20; } security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl +13 −0 Original line number Diff line number Diff line Loading @@ -74,4 +74,17 @@ parcelable RpcHardwareInfo { * */ @nullable @utf8InCpp String uniqueId; /** * supportedNumKeysInCsr is the maximum number of keys in a CSR that this implementation can * support. This value is implementation defined. * * From version 3 onwards, supportedNumKeysInCsr must be larger or equal to * MIN_SUPPORTED_NUM_KEYS_IN_CSR. * * The default value was chosen as the value enforced by the VTS test in versions 1 and 2 of * this interface. */ const int MIN_SUPPORTED_NUM_KEYS_IN_CSR = 20; int supportedNumKeysInCsr = 4; } Loading
security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +14 −2 Original line number Diff line number Diff line Loading @@ -251,6 +251,19 @@ TEST_P(GetHardwareInfoTests, uniqueId) { EXPECT_LE(hwInfo.uniqueId->size(), 32); } /** * Verify implementation supports at least MIN_SUPPORTED_NUM_KEYS_IN_CSR keys in a CSR. */ TEST_P(GetHardwareInfoTests, supportedNumKeysInCsr) { if (rpcHardwareInfo.versionNumber < VERSION_WITHOUT_TEST_MODE) { return; } RpcHardwareInfo hwInfo; ASSERT_TRUE(provisionable_->getHardwareInfo(&hwInfo).isOk()); ASSERT_GE(hwInfo.supportedNumKeysInCsr, RpcHardwareInfo::MIN_SUPPORTED_NUM_KEYS_IN_CSR); } using GenerateKeyTests = VtsRemotelyProvisionedComponentTests; INSTANTIATE_REM_PROV_AIDL_TEST(GenerateKeyTests); Loading Loading @@ -728,8 +741,7 @@ TEST_P(CertificateRequestV2Test, NonEmptyRequestReproducible) { * Generate a non-empty certificate request with multiple keys. */ TEST_P(CertificateRequestV2Test, NonEmptyRequestMultipleKeys) { // TODO(b/254137722): define a minimum number of keys that must be supported. generateKeys(false /* testMode */, 5 /* numKeys */); generateKeys(false /* testMode */, rpcHardwareInfo.supportedNumKeysInCsr /* numKeys */); bytevec csr; Loading
security/rkp/CHANGELOG.md +2 −1 Original line number Diff line number Diff line Loading @@ -36,4 +36,5 @@ This document provides an exact description of which changes have occurred in th * the chain of signing, MACing, and encryption operations has been replaced with a single COSE_Sign1 object. * CertificateType has been added to identify the type of certificate being requested. * RpcHardwareInfo * `supportedNumKeysInCsr` added to report the maximum number of keys supported in a CSR.
security/rkp/aidl/aidl_api/android.hardware.security.rkp/current/android/hardware/security/keymint/RpcHardwareInfo.aidl +2 −0 Original line number Diff line number Diff line Loading @@ -39,7 +39,9 @@ parcelable RpcHardwareInfo { @utf8InCpp String rpcAuthorName; int supportedEekCurve = 0; @nullable @utf8InCpp String uniqueId; int supportedNumKeysInCsr = 4; const int CURVE_NONE = 0; const int CURVE_P256 = 1; const int CURVE_25519 = 2; const int MIN_SUPPORTED_NUM_KEYS_IN_CSR = 20; }
security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl +13 −0 Original line number Diff line number Diff line Loading @@ -74,4 +74,17 @@ parcelable RpcHardwareInfo { * */ @nullable @utf8InCpp String uniqueId; /** * supportedNumKeysInCsr is the maximum number of keys in a CSR that this implementation can * support. This value is implementation defined. * * From version 3 onwards, supportedNumKeysInCsr must be larger or equal to * MIN_SUPPORTED_NUM_KEYS_IN_CSR. * * The default value was chosen as the value enforced by the VTS test in versions 1 and 2 of * this interface. */ const int MIN_SUPPORTED_NUM_KEYS_IN_CSR = 20; int supportedNumKeysInCsr = 4; }
