Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 685d50cf authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Changes for Vts related to Strongbox. Strongbox is only required to... 

Merge "Changes for Vts related to Strongbox. Strongbox is only required to supports 2048 bit keys and optionally required to support Device Unique Attestations. Test: atest VtsHalKeymasterV4_0TargetTest and atest VtsHalKeymasterV4_1TargetTest. Bug: Related to b/150122447." am: 58a8db21 am: 37a59e40

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1597153

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I7d82cf74c3a7f7d7c6c534eb0710a0e871f06eca
parents f991f619 37a59e40

keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

+60 −7
Original line number Diff line number Diff line
@@ -136,6 +136,49 @@ string bin2hex(const hidl_vec<uint8_t>& data) { 
    return retval;

}



string rsa_2048_key =

        hex2str("308204a50201000282010100caa620db7bbadfd351153a804e05a3115a0"

                "eea067316c7d6ae010086cc4d636edcc50b725c495027e79d7c6d65ec50"

                "5ab84107b0ca9f8389d0d812d42df3af0c1c50f1083b1eedd18921283e3"

                "9ebe95bd56795c9ba129afc63d60fb020b300c44861a73845508a992c54"

                "7cf4ce7694955c684bc130fe9a0478285d686da954989a7be3cd970de7e"

                "5eca8574c0617fed74717f7035655f65af7b5f9b982feca8eed643b96d8"

                "f1c4e6dcd96a9ccfcca3366d8f1c95f83a83ab785f997b78918ceca567d"

                "91cf2ea85c340c0d4462f31f8a31e648cd26e1116a97d17dcfec51e4336"

                "fa0725ff49216005911966748f94789c055795da023362091c977bdc0bd"

                "8e31902030100010282010100ca562da0785e1275d013be21b5c5731834"

                "2f8803808e52624bc2bc5fdb45b9ee4b8882f160abe2d8b52e4dba7d760"

                "295523bbc0e0d824fb81f4a5f2273ef47ec73a96dc0a6272f9573b22398"

                "5e04eb2fc25876fac04b2b6cadd2623f9da69d315e84028ef0c6865c822"

                "2a9d15504993eb8d17a321f55573af72e76757a690408c36909eb44a555"

                "4b571007edde150b47952287d942559e7f8cbcb2c47086aa291515f55c4"

                "deba6d1ebde0cca5ee899b3b0c4c21123bbf92feac53db515fe02d03b83"

                "2154e31122abcbb6fc80b49e1c8fc5528605935f8f6ead1237b16e83d23"

                "ad73e82ee008c3ff7b4666f4c137c20f52ae6fea5b54ed104c1c1bf75fc"

                "3c020102818100efa6b29bb0f6b81c8fecf3e73c3e5a59b71ffd31075c4"

                "0282269ee245367c2e54f0244301dad0b90dcce73f25c1caca2f4ef1774"

                "42a5d9e98a354bcd5ddae129bea2c0771d1ad51341f44ddf0c5c0f22252"

                "414e2de7af6c67754dba610ee2743f21789a89829ad91efc02c7c5588fe"

                "84b64df12dc5cee90df2e7dd4a1ca2886902818100d87937f039df50054"

                "7c7d5435ec8e89789b36a0e5c4004d4612a6ef2dce39ee4f24fb5d2da38"

                "dbf5f3d639681a11fc416618554b1ff51a8215446b676363f6a5e91ea6c"

                "957483e0a47ae36582bde9fba45c00e6e3fadc651cc87c170171d7fef6d"

                "0dc1f0ddb6eca2674064925b78542b32f2821605c29b6d0b65485081f5a"

                "f3102818100ee21453ee153f6d422cb7ffc586758dde6d239835b5df63e"

                "2b1bf94f4d35407b1ccc12b780f56f15ade2d36192d7c74f5174b66886c"

                "5484800563f113cde7e783d7e7922a2e003b3d4088ecc40fac4ead7df07"

                "85fb2e524219574fbeaefa063844b9d0c69f1462ed2d3f56b4e145742aa"

                "8ffbfd40cc731daf37023fa3d83df6902818055dc2e8dbfc68d2caafddd"

                "deacd7af397bca87c44e5eae0bb6c667df3831a83252d1bee274df9c8ef"

                "f39f6e70d8018b7afd0f2f3ab27426e5a151b2c94c56f6cfafbc75790a0"

                "fcca8307dc5238844282556c09cd3cc0a62a879f48e036aae2b58a61ac8"

                "ce6c3c933d914374fbdac0a665ffcc4100c14d624f82221fe9cad5fe102"

                "818100964193ee55581c9a82fe03f8eb018cdce8965f30745cc6e68154c"

                "b6618ef3cc57ae4798ff2a509306a135f7cf705ceb215fda6939c7a6353"

                "0c86a5ba02f491a64f6079e62b1b00b86859899febf3ed300edcc0b8b35"

                "1855a90d9d39a279be963f0972a256084a3c46575f796ad27dc801f67a3"

                "7a59e62e076b996f025a9c9042");



string rsa_key = hex2str(

    "30820275020100300d06092a864886f70d01010105000482025f3082025b"

    "02010002818100c6095409047d8634812d5a218176e45c41d60a75b13901"
@@ -1905,21 +1948,31 @@ class ImportKeyTest : public KeymasterHidlTest { 
 * Verifies that importing and using an RSA key pair works correctly.

 */

TEST_P(ImportKeyTest, RsaSuccess) {

    uint32_t keysize;

    string key;

    if (SecLevel() == SecurityLevel::STRONGBOX) {

        keysize = 2048;

        key = rsa_2048_key;

    } else {

        keysize = 1024;

        key = rsa_key;

    }



    ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()

                                               .Authorization(TAG_NO_AUTH_REQUIRED)

                                           .RsaSigningKey(1024, 65537)

                                               .RsaSigningKey(keysize, 65537)

                                               .Digest(Digest::SHA_2_256)

                                               .Padding(PaddingMode::RSA_PSS),

                                       KeyFormat::PKCS8, rsa_key));

                                       KeyFormat::PKCS8, key));



    CheckCryptoParam(TAG_ALGORITHM, Algorithm::RSA);

    CheckCryptoParam(TAG_KEY_SIZE, 1024U);

    CheckCryptoParam(TAG_KEY_SIZE, keysize);

    CheckCryptoParam(TAG_RSA_PUBLIC_EXPONENT, 65537U);

    CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256);

    CheckCryptoParam(TAG_PADDING, PaddingMode::RSA_PSS);

    CheckOrigin();



    string message(1024 / 8, 'a');

    string message(keysize / 8, 'a');

    auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256).Padding(PaddingMode::RSA_PSS);

    string signature = SignMessage(message, params);

    VerifyMessage(message, signature, params);

keymaster/4.1/vts/functional/DeviceUniqueAttestationTest.cpp

+48 −41
Original line number Diff line number Diff line
@@ -221,8 +221,7 @@ TEST_P(DeviceUniqueAttestationTest, NonStrongBoxOnly) { 


TEST_P(DeviceUniqueAttestationTest, Rsa) {

    if (SecLevel() != SecurityLevel::STRONGBOX) return;

    ASSERT_EQ(ErrorCode::OK,

              convert(GenerateKey(AuthorizationSetBuilder()

    ASSERT_EQ(ErrorCode::OK, convert(GenerateKey(AuthorizationSetBuilder()

                                                         .Authorization(TAG_NO_AUTH_REQUIRED)

                                                         .RsaSigningKey(2048, 65537)

                                                         .Digest(Digest::SHA_2_256)
@@ -232,22 +231,26 @@ TEST_P(DeviceUniqueAttestationTest, Rsa) { 
    hidl_vec<hidl_vec<uint8_t>> cert_chain;

    HidlBuf challenge("challenge");

    HidlBuf app_id("foo");

    EXPECT_EQ(ErrorCode::OK,

    ErrorCode result =

            convert(AttestKey(AuthorizationSetBuilder()

                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)

                                      .Authorization(TAG_ATTESTATION_CHALLENGE, challenge)

                                      .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

                                &cert_chain)));

                              &cert_chain));



    // It is optional for Strong box to support DeviceUniqueAttestation.

    if (result == ErrorCode::CANNOT_ATTEST_IDS) return;



    EXPECT_EQ(ErrorCode::OK, result);

    EXPECT_EQ(2U, cert_chain.size());

    if (dumpAttestations) dumpContent(bin2hex(cert_chain[0]));

    auto [err, attestation] = parse_attestation_record(cert_chain[0]);

    ASSERT_EQ(ErrorCode::OK, err);



    check_attestation_record(attestation, challenge,

    check_attestation_record(

            attestation, challenge,

            /* sw_enforced */

                             AuthorizationSetBuilder()

                                     .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

            AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

            /* hw_enforced */

            AuthorizationSetBuilder()

                    .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)
@@ -263,8 +266,7 @@ TEST_P(DeviceUniqueAttestationTest, Rsa) { 


TEST_P(DeviceUniqueAttestationTest, Ecdsa) {

    if (SecLevel() != SecurityLevel::STRONGBOX) return;

    ASSERT_EQ(ErrorCode::OK,

              convert(GenerateKey(AuthorizationSetBuilder()

    ASSERT_EQ(ErrorCode::OK, convert(GenerateKey(AuthorizationSetBuilder()

                                                         .Authorization(TAG_NO_AUTH_REQUIRED)

                                                         .EcdsaSigningKey(256)

                                                         .Digest(Digest::SHA_2_256)
@@ -273,19 +275,24 @@ TEST_P(DeviceUniqueAttestationTest, Ecdsa) { 
    hidl_vec<hidl_vec<uint8_t>> cert_chain;

    HidlBuf challenge("challenge");

    HidlBuf app_id("foo");

    EXPECT_EQ(ErrorCode::OK,

    ErrorCode result =

            convert(AttestKey(AuthorizationSetBuilder()

                                      .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION)

                                      .Authorization(TAG_ATTESTATION_CHALLENGE, challenge)

                                      .Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

                                &cert_chain)));

                              &cert_chain));



    // It is optional for Strong box to support DeviceUniqueAttestation.

    if (result == ErrorCode::CANNOT_ATTEST_IDS) return;



    EXPECT_EQ(ErrorCode::OK, result);

    EXPECT_EQ(2U, cert_chain.size());

    if (dumpAttestations) dumpContent(bin2hex(cert_chain[0]));

    auto [err, attestation] = parse_attestation_record(cert_chain[0]);

    ASSERT_EQ(ErrorCode::OK, err);



    check_attestation_record(attestation, challenge,

    check_attestation_record(

            attestation, challenge,

            /* sw_enforced */

            AuthorizationSetBuilder().Authorization(TAG_ATTESTATION_APPLICATION_ID, app_id),

            /* hw_enforced */