Create a new certificate for 2021 CTS UICCs.

This certificate will be used to enforce a clean break between "old" CTS UICCs and new ones. The new UICCs will have hardware support for new calculations that the old ones aren't capable of. Old certificate: ./testkey.x509.pem SHA-1: 61:ED:37:7E:85:D3:86:A8:DF:EE:6B:86:4B:D8:5B:0B:FA:A5:AF:81 SHA-256: A4:0D:A8:0A:59:D1:70:CA:A9:50:CF:15:C1:8C:45:4D:47:A3:9B:26:98:9D:8B:64:0E:CD:74:5B:A7:1B:F5:DC New certificate: ./cts_uicc_2021.x509.pem SHA-1: 06:97:71:39:21:E8:65:D0:1C:45:C4:A8:8D:45:7A:9D:96:F4:39:27 SHA-256: CE:7B:2B:47:AE:2B:75:52:C8:F9:2C:C2:91:24:27:98:83:04:1F:B6:23:A5:F1:94:A8:2C:9B:F1:5D:49:2A:A0 We won't yet submit the change to switch the signature of CtsCarrierApiTestCases, as that will introduce downstream presubmit and postsubmit failures until the new hardware is available for device labs. Bug: 178419755 Test: temporarily switch CtsCarrierApiTestCases to be signed with cts-uicc-2021-testkey, ensure: - Suite fails on a device with the old CTS SIM due to lack of carrier privileges - Suite passes with updated cuttlefish modem simulator ARF content Change-Id: I7598426bd3e4db90a8f0d8d80ea03468fb30f876
2021-01-25 16:23:34 -08:00 · 2021-01-25 16:23:34 -08:00 · 06353ef218
parent 1e3771f9ed
commit 06353ef218
4 changed files with 39 additions and 5 deletions
--- a/target/product/security/Android.bp
+++ b/target/product/security/Android.bp
@ -13,7 +13,16 @@ android_app_certificate {
    certificate: "testkey",
 }

-// Google-owned certificate for CTS testing, since we can't trust arbitrary keys on release devices.
+// Certificate for CTS tests that rely on UICC hardware conforming to the
+// updated CTS UICC card specification introduced in 2021. See
+// //cts/tests/tests/carrierapi/Android.bp for more details.
+android_app_certificate {
+    name: "cts-uicc-2021-testkey",
+    certificate: "cts_uicc_2021",
+}
+
+// Google-owned certificate for CTS testing, since we can't trust arbitrary keys
+// on release devices.
 prebuilt_etc {
    name: "fsverity-release-cert-der",
    src: "fsverity-release.x509.der",
--- a/target/product/security/README
+++ b/target/product/security/README
@ -11,10 +11,11 @@ key generation

 The following commands were used to generate the test key pairs:

-  development/tools/make_key testkey  '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
-  development/tools/make_key platform '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
-  development/tools/make_key shared   '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
-  development/tools/make_key media    '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+  development/tools/make_key testkey       '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+  development/tools/make_key platform      '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+  development/tools/make_key shared        '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+  development/tools/make_key media         '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'
+  development/tools/make_key cts_uicc_2021 '/C=US/ST=California/L=Mountain View/O=Android/OU=Android/CN=Android/emailAddress=android@android.com'

 signing using the openssl commandline (for boot/system images)
 --------------------------------------------------------------
--- a/target/product/security/cts_uicc_2021.pk8
+++ b/target/product/security/cts_uicc_2021.pk8
--- a/target/product/security/cts_uicc_2021.x509.pem
+++ b/target/product/security/cts_uicc_2021.x509.pem
@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECzCCAvOgAwIBAgIUHYLIIL60vWPD6aOBwZUcdbsae+cwDQYJKoZIhvcNAQEL
+BQAwgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
+DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRy
+b2lkMRAwDgYDVQQDDAdBbmRyb2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFu
+ZHJvaWQuY29tMB4XDTIxMDEyNjAwMjAyMVoXDTQ4MDYxMzAwMjAyMVowgZQxCzAJ
+BgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFp
+biBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRyb2lkMRAwDgYD
+VQQDDAdBbmRyb2lkMSIwIAYJKoZIhvcNAQkBFhNhbmRyb2lkQGFuZHJvaWQuY29t
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlOMSHqBu0ihUDfFgwMfO
+pJtpyxHe0KKfHRndUQcYU/1v6/auy2YqkgKv+AraoukuU3gJeOiWoaqaWFNcm6md
+WfGRNT4oABhhNS43n5PI4NlLjI4yeUJJppZn5LPpc/8vZ0P8ZFE9CJmtckCh+hES
+BzqnxkCnq1PoxlcF3S/f8lOtd6ymaMDf3sYcePaoU8yTWFksl7EWRVwhBUIf7/r8
+epbNiV14/aH2cQfHVfpf54TIdk7s0/ehVA70A5gQp7Utn6mY2zEJlMrTKWRqA/a5
+oYiob3y+v2JWNcljHY6twwDOGwW7G0NWJVtaWj76Z3o9RpIhAglivhOrHTflIU3+
+2QIDAQABo1MwUTAdBgNVHQ4EFgQUZJ1oGb33n/OY+Mm8ykci4I6c9OcwHwYDVR0j
+BBgwFoAUZJ1oGb33n/OY+Mm8ykci4I6c9OcwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEASajvU0KCN2kfATPV95LQVE3N/URPi/lX9MfQptE54E+R
+6dHwHQIwU/fBFapAHfGgrpwUZftJO+Bad2iu5s1IhTJ0Q5v0yHdvWfo4EzVeMzPV
+/DWU786pPEomFkb9ZKhgVkFNPcbXlkUm/9HxRHPRTm8x+BE/75PKI+kh+pDmM+P
+5v4W0qDKPgFzIY/D4F++gVyPZ3O+/GhunjsJozO+dvN+50FH6o/kBHm2+QqQNYPW
+f232F3CYtH4uWI0TkbwmSvVGW8iOqh330Cef5zqwSdOkzybUirXFsHUu1Zad1aLT
+t0mu6RgNEmX8efOQCcz2Z/on8lkIAxCBwLX7wkH5JA==
+-----END CERTIFICATE-----