Commit graph

434 commits

Author SHA1 Message Date
Automerger Merge Worker
1026f2c33f Merge "Adding sanity check for VBMeta device state" am: 63cc8d12a5 am: 051f044853 am: ff9179099e
Change-Id: I305f6f30a2f5f4ddb483131a5ef48cf501fb2b74
2019-12-19 17:10:29 +00:00
Treehugger Robot
3702b15a2a Merge "Updating a public exponent check" 2019-12-19 15:28:33 +00:00
Max Bires
444468b3dd Updating a public exponent check
This is updating the public exponent being checked from 3 to 65537. The
test was updated to use the latter public exponent without the check
also being updated

Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: I55fa2e67c94f0c52a1d65644f16b5f703a661e00
2019-12-19 00:49:24 -08:00
Treehugger Robot
63cc8d12a5 Merge "Adding sanity check for VBMeta device state" 2019-12-19 08:43:15 +00:00
Automerger Merge Worker
82bf9e83f9 Merge "Convert VtsHalKeymasterV*_0TargetTest to be parameterized test" am: aae9ff2315 am: 5960d7b49e am: 78648b8a28
Change-Id: I6d7383a4649ac9c1f2144c7ec05580e3c79486ca
2019-12-11 22:28:32 +00:00
Dan Shi
3bacd7f634 Convert VtsHalKeymasterV*_0TargetTest to be parameterized test
Bug: 142397658
Test: atest VtsHalKeymasterV3_0TargetTest \
  VtsHalKeymasterV4_0TargetTest

Change-Id: I0fbda4d9ab810a4ef616f8741919c522d5d58cc0
2019-12-11 09:46:54 -08:00
Max Bires
3d5713851e Adding sanity check for VBMeta device state
This test should will flag builds running as eng or userdebug that
report back the device is locked during development. This will also
catch the case where the device is a user build but reporting that it
isn't locked. This should help to avoid instances in the future where
userdebug builds report a locked device in the VBMeta information.

This patch also does a little bit of cleanup of the surrounding VBMeta
checking code.

Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: I3b387ade5eeee6a68b9ff307e503417d264ecbfe
2019-12-09 15:01:29 -08:00
Automerger Merge Worker
db21c8e59e Merge "Fixing RSA tests not using the correct exponent" am: ba111275cb am: 97a8659242
Change-Id: I6914b88f2a65188bd5057cca7c85c6bd58e05126
2019-12-03 20:03:33 +00:00
Max Bires
ee1ccd88ba Fixing RSA tests not using the correct exponent
The Keymaster 4.0 HAL specifies that the public exponent for RSA is F4
(2^16+1). There were a few tests still using 3 as the exponent. This
patch updates those incorrect exponents accordingly.

Bug: 143404829
Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: Ibc82a8a912bc5926bcdd544e0370e4185a888c0d
2019-12-03 09:45:39 -08:00
Rob Barnes
4fffa4a9d8 Merge "Added standalone benchmark for keymaster." am: 3f7f55b378 am: 7d67ad3453
am: 3213e8a929

Change-Id: I3fa6d9d485edb066f8c79e27775c58e4485bbfa2
2019-12-02 14:32:31 -08:00
Rob Barnes
3f7f55b378 Merge "Added standalone benchmark for keymaster." 2019-12-02 22:13:23 +00:00
Steven Moreland
c2a2995047 Merge "./update-makefiles.sh, for union changes/memory" am: 00daede4d5 am: 0942e33017
am: 87fe284668

Change-Id: I3a331b5e1c5418426a084f1c7bfe436214a1b68f
2019-11-26 15:00:11 -08:00
Steven Moreland
7696aa885f ./update-makefiles.sh, for union changes/memory
Many more types can be used in Java.

Bug: 143566068
Test: N/A
Change-Id: Ie18e1e0f9c22f2ea15b755df3b048c9d651c4945
2019-11-26 09:24:31 -08:00
Rob Barnes
f82aa5d4fe Added standalone benchmark for keymaster.
Test: Run benchmark
Bug: 139890773
Change-Id: I23c511b70bd27c58a188b5fc8ae690cdbb775dec
2019-11-25 21:16:01 +00:00
Shawn Willden
bdc9434b3c Merge changes from topic "add-km-41" am: f66777ad50 am: 7f7e9608dc
am: 78926e3375

Change-Id: I7964555358e9150d58f53eb154ee7acf5eea1a78
2019-11-21 15:01:55 -08:00
Shawn Willden
94ad891792 Add Keymaster 4.1
Note that CL is missing complete tests (what's included is just a
stub, really) and support library code.  All of that will come in
near-future CLs.  This CL omits them because they'll take time and
there's a need to unblock Keymaster 4.1 implementers now.

Bug: 140193672
Bug: 140192237
Bug: 140824829
Test: Will be in a future CL
Change-Id: I0e6e3a38356f0517158a10604b549415641ad1b9
2019-11-20 12:14:36 -07:00
Rob Barnes
b046774b26 Merge "Added LargeFinishInput test" am: 0cd9dd3893 am: 2b7a5caaf1
am: e5567ae93d

Change-Id: I2f7cd04aef3847dfebc6dda8ad335858283f167b
2019-11-15 12:27:57 -08:00
Rob Barnes
0cd9dd3893 Merge "Added LargeFinishInput test" 2019-11-15 19:56:44 +00:00
Rob Barnes
f5fc7c640b Added LargeFinishInput test
This tests passing a large input to finish. This should either succeed
or fail with the right error code.

Test: Run new VTS test
Change-Id: Ic4ef90adc6274317796bbe752f95fc9efa5fdb07
2019-11-14 18:05:25 -07:00
Max Bires
c7cb2e9cc8 Merge "Adding test to check another ASN.1 Encoding Case" am: 8fb7cbd26b am: 2e220a7507
am: 2dd6fa731b

Change-Id: I35f3a58b3299c2cff56f829f0efececd0f5f8045
2019-11-14 14:19:18 -08:00
Treehugger Robot
8fb7cbd26b Merge "Adding test to check another ASN.1 Encoding Case" 2019-11-14 21:54:44 +00:00
Max Bires
05f700ffeb Merge "Removing invalid HMAC tests." am: b09819f2da am: 2557502d5e
am: 6c54a3df7e

Change-Id: I68f5ba01fc1d3357263dfbc54aca9f72e3dc8297
2019-11-12 15:09:54 -08:00
Max Bires
ff02baaca9 Adding test to check another ASN.1 Encoding Case
This test will check that the length of the attestation application id
field will be properly encoded in valid DER ASN.1 in cases where the
length is long enough to require extra bytes to encode. In those cases,
the encoding of that field should include:
-A byte to specify how many bytes are required to enumerate the length
-The bytes required to enumerate the length
-The actual data that follows

Bug: 142674020
Test: atest keymaster_hidl_hal_test
Change-Id: I6d162efa4c8c6e0922989e234d0377caf3c1758e
2019-11-12 09:35:18 -08:00
Max Bires
2cdc273e8f Removing invalid HMAC tests.
Per Keymaster 4.0 spec, TEE and StrongBox implementations are only
required to support HMAC keys between 64 and 512 bits in length.
StrongBox implementations additionally must not support anything larger
than 512 bits. The tests removed in this CL specified key sizes larger
than 512 bits.

Bug: 143404829
Test: m VtsHalKeymasterV4_0TargetTest && adb sync data && \
adb shell data/nativetest64/VtsHalKeymasterV4_0TargetTest/VtsHalKeymasterV4_0TargetTest

Change-Id: I96ee3a20b981c288d88366f536b9924f907268f3
2019-11-07 12:48:07 -08:00
Max Bires
99d0ee3e26 Merge "Adding jbires to VTS OWNERS" am: 9756532b64 am: 3137c54d4f am: 7558ead96c
am: c70d259d06

Change-Id: Id6b967b677d60eaf49dcce53b9b1dd19f9f2ff9d
2019-10-25 11:51:23 -07:00
Treehugger Robot
9756532b64 Merge "Adding jbires to VTS OWNERS" 2019-10-25 17:54:54 +00:00
Max Bires
9f30a06060 Merge "Adding test to check that ASN.1 lengths are properly encoded" am: c6b086785d am: b3ee534556 am: 96098b0cd9
am: 995fa3dbe8

Change-Id: I8eb3a3b80f219a050250eb266949978d531bf3fb
2019-10-24 15:54:26 -07:00
Max Bires
a722ff42a9 Adding test to check that ASN.1 lengths are properly encoded
This test checks that length metadata for the ASN.1 encoding of
attestation application ids are correct. It generates an app id that
will have a length between 127 and 256, which should create an encoding
that requires two bytes of length metadata - one byte to specify how many
bytes are needed for the length, and one byte for the length.

Some implementations of keymaster only use one byte in this case, which
will fail on strict ASN.1 parsers.

Bug: 142674020
Test: m VtsHalKeymasterV4_0TargetTest && adb sync data \
&& adb shell data/nativetest64/VtsHalKeymasterV4_0TargetTest/VtsHalKeymasterV4_0TargetTest

Change-Id: I7dfc38a09247eb3cb237f33a202044668d15cbca
2019-10-16 15:21:14 -07:00
Janis Danisevskis
1a4755ee0a Fix UB in class NullOr am: cf5d7e83fd am: 24db85e33e am: 51bbd6719b
am: 6f630d198f

Change-Id: Id21d0cfa6852dda9f0158f233063c462989b93f4
2019-10-10 21:47:58 -07:00
Janis Danisevskis
cf5d7e83fd Fix UB in class NullOr
NullOr now stores the references a pointers internally. This fixes UB
where the internal reference was initalized by dereferencing nullptr.

Test: Compiles
Bug: 121390225
Change-Id: I2073e5aeac401309aa63b08e05db3c467fab6b69
2019-10-10 09:21:18 -07:00
Rob Barnes
147f26b1ea Merge "Add Keymaster VTS tests for some AES cases:" am: 772fb53999 am: 0baa38ed55 am: 0eb84f484a
am: e70544b15c

Change-Id: Id496d05e590aa8e1e9f2c78bdc21306e8c839faa
2019-10-02 01:29:54 -07:00
Treehugger Robot
772fb53999 Merge "Add Keymaster VTS tests for some AES cases:" 2019-10-02 07:04:26 +00:00
Rob Barnes
1b598f5da3 Merge "Added VTS tests for clearing operation slots after service death." am: fd877b5479 am: 2b3640a442 am: 89cd80c9da
am: f610e72c81

Change-Id: Ie2c68f4195d494a1c5af712234f6a7d98c98892e
2019-10-01 10:28:23 -07:00
Rob Barnes
fd877b5479 Merge "Added VTS tests for clearing operation slots after service death." 2019-10-01 16:52:49 +00:00
Colin Cross
6962c45657 Merge "Use libcrypto_static instead of libcrypto" am: c048c187be am: 06b758a918 am: 978e59e401
am: 135b3a4417

Change-Id: I2ae264a5c9998b7c6a2a4bb868e313161f1a3701
2019-09-26 08:20:46 -07:00
Rob Barnes
8ddc1c700d Add Keymaster VTS tests for some AES cases:
1.  AES operation attempted with unauthorized purpose.
2.  AES-GCM encryption performed with different nonces, should
generate different ciphertexts.
3.  AES-GCM encryption decryption round trip with delays between
begin and update and finish.

Bug: 133258003
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ia8b4b4b317ecff51b18e64dfa3b84bf77475812d
2019-09-19 10:03:35 -06:00
Colin Cross
263d2df2c7 Use libcrypto_static instead of libcrypto
Replace libcrypto with libcrypto_static, which can be protected through
visibility to ensure only modules that don't affect FIPS certification
can use it.

Bug: 141248879
Test: m checkbuild
Change-Id: I8685cb06d15f3425eeb96d998ffda54c82dcd387
2019-09-18 11:07:09 -07:00
Rob Barnes
bd37c3bf35 Added VTS tests for clearing operation slots after service death.
BUG: b/139689895
TEST: Added VTS tests to keymaster_hidl_hal_test.cpp
TEST: Ran on emulator against soft keymaster::v4_0::ng
Change-Id: I6c682cafee65cf7ea426bd03865bf868586efc62
2019-09-10 21:14:14 +00:00
Steven Moreland
38c46d0b98 Merge "Remove libhwbinder/libhidltransport deps" am: 6b62c58a9a am: 8c22c3862f am: 6684ee8c36
am: 9a5ffa3196

Change-Id: I3a80895d10767fe68e90a907312a83ded976cbcc
2019-09-06 16:06:13 -07:00
Steven Moreland
b3a4d3832e Remove libhwbinder/libhidltransport deps
Since these were combined into libhidlbase.

Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I075670b64eebbbbd6a6ae0e84ad51bf1c6f5ba36
2019-09-06 01:07:02 +00:00
Max Bires
c806e75033 Merge "Adding testing functionality for TAG_ROLLBACK_RESISTANCE" am: 28a7fed681 am: dddf75c01b am: 28446e0722 am: 9031031e47
am: eb651fa35d

Change-Id: Ic920d776365bbd94d2cb9031760ee4a3eec417c2
2019-08-23 06:05:10 -07:00
Max Bires
dddf75c01b Merge "Adding testing functionality for TAG_ROLLBACK_RESISTANCE"
am: 28a7fed681

Change-Id: I48327bcf5effe56e5f57fa53092cde6c10c62ecd
2019-08-23 05:28:49 -07:00
Max Bires
b1b45ff81c Adding testing functionality for TAG_ROLLBACK_RESISTANCE
Due to changes in implementation between keymaster 3.0 and 4.0, rollback
resistance is now specified by the caller. This patch addresses that
inconsistency to make sure rollback resistance is properly tested. If
rollback resistance is supported by the hardware, then it will now be
tested.

Test: atest VtsHalKeymasterV4_0TargetTest
Change-Id: I21e8d1e66932ddfad2d42ce8a43591431f3ff284
2019-08-15 12:46:56 -07:00
Max Bires
a0a2e8a035 Adding jbires to VTS OWNERS
Added OWNERS entry for Keymaster 4.0 VTS changes.

Test: jbires can +2 changes in VTS
Change-Id: I152d1e9f6fa7a021caa83d4b74beddde03384331
2019-08-14 17:39:31 -07:00
Felix
84af4f6e7e Merge "Add interface info to .rc files" am: 98d0f4d52c am: 37298a7616 am: 3531ec0183
am: bf481c99ed

Change-Id: Ie44e2aa87f7407a9820dc6f1ad6298b61bae34f3
2019-07-08 12:57:01 -07:00
Felix
37298a7616 Merge "Add interface info to .rc files"
am: 98d0f4d52c

Change-Id: Ie6cfbacd523c4b09f77bee3369ec8e88b3fa0419
2019-07-08 12:22:23 -07:00
nagendra modadugu
ff3170c48a Merge "keymaster: Relax testing under GSI" into qt-dev am: d10841a83d am: eec090610b
am: 7ad0166631

Change-Id: I03ecf5d514221673891486bcc06e6b512e6c6a3e
2019-06-29 12:46:49 -07:00
nagendra modadugu
eec090610b Merge "keymaster: Relax testing under GSI" into qt-dev
am: d10841a83d

Change-Id: If435ebd75ee04f1f6ea6324437683713b85a613a
2019-06-29 12:03:43 -07:00
nagendra modadugu
f18a8328a1 keymaster: Relax testing under GSI
GSI images do not have AVB verification enabled and therefore lack
several properties the keymaster HAL test depended on.  Selectively
disable those parts of the test that would fail with AVB verification
disabled.  Also disable date format checks under GSI.  When invoked from
GSI the TEE-backed keymaster doesn't use the correct date format.

Bug: 130843899
Test: VtsHalKeymasterV4_0TargetTest
Exempt-From-Owner-Approval: change only affects VTS-on-GSI behavior
Change-Id: Idaafb7b515c41290c766a8132f35d498ca15f48a
2019-06-29 18:27:38 +00:00
Garret Kelly
f947777ec0 Merge "Increase leniency of attestation record timestamps" into qt-dev am: 6c4e33d079 am: 89fda5c7f9
am: 4684c6f469

Change-Id: I6a10db36c762a589cc04ac7bac7f01cec603f7d8
2019-06-25 23:36:37 -07:00
Garret Kelly
4684c6f469 Merge "Increase leniency of attestation record timestamps" into qt-dev am: 6c4e33d079
am: 89fda5c7f9

Change-Id: I063e8cd6e53da1af4a50df9273a5ada4b9e7ea87
2019-06-25 23:28:39 -07:00
Garret Kelly
72c4746cda Merge "Increase leniency of attestation record timestamps" into qt-dev
am: 6c4e33d079

Change-Id: I741568f862d553a92344618406f0fb2f7a3d46f5
2019-06-25 23:19:49 -07:00
Felix
551b8d15ce Add interface info to .rc files
Signed-off-by: Felix <google@ix5.org>
Change-Id: I6d70bbdb66c3dce280bf6908c3750316a6f6cf70
2019-06-25 20:00:07 +02:00
Garret Kelly
9c0a45795f Increase leniency of attestation record timestamps
The TEE keymaster has been seen to be almost a minute out of sync with
the host clock during attestation.  Increase the leniency window to two
minutes.

Bug: 134408892
Bug: 134408367
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ic256a939dcd7e7b108099cfcf237cacde8dde059
2019-06-24 23:28:52 +00:00
Max Bires
90cda58d54 Merge "Removing an extraneous test" into qt-dev
am: 16b2c77456

Change-Id: I2bd55543991178bf313996841e51aff838986a5c
2019-06-17 14:44:44 -07:00
Max Bires
cf9daece29 Removing an extraneous test
Test: VTS passes
Bug: 133316458
Change-Id: I98d73ff025515a89e2743ed20950c840aedb5114
(cherry picked from commit b28e69f37e)
2019-06-17 15:32:05 +00:00
Janis Danisevskis
f69d8bc9c5 Keymaster memory management is inconsistent
Object derived from RefBase must be owned by sp rather then other smart
pointer implementations.

Bug: 79474587
Change-Id: I866f67e1cb091efb3026450d50a410b5985539b6
2019-06-14 14:26:55 -07:00
TreeHugger Robot
aefd16ace9 Merge "Removing an extraneous test" 2019-05-30 20:13:31 +00:00
Max Bires
b28e69f37e Removing an extraneous test
Test: VTS passes
Bug: 133316458
Change-Id: I98d73ff025515a89e2743ed20950c840aedb5114
2019-05-22 19:22:45 +00:00
Steven Moreland
10363938d7 Merge "listByInterface -> listManifestByInterface" am: 877c7f5ce1
am: 5427525c6b

Change-Id: I780f4cdd4c01b89af28d81c21111053ffdde99df
2019-05-16 18:18:41 -07:00
Xin Li
4b6ac97b7d Merge "DO NOT MERGE - Merge pie-platform-release (PPRL.190505.001) into master." 2019-05-17 00:58:07 +00:00
Steven Moreland
5427525c6b Merge "listByInterface -> listManifestByInterface"
am: 877c7f5ce1

Change-Id: I0cc69469c3804fd189e4f021a835c7c4f46879ab
2019-05-16 17:08:19 -07:00
Treehugger Robot
877c7f5ce1 Merge "listByInterface -> listManifestByInterface" 2019-05-16 23:25:19 +00:00
Matthew Maurer
d65e81b1fb Merge "Allow INVALID_INPUT_LENGTH for oversized messages" am: b397fc8e88
am: 6194c02c64

Change-Id: I24a72716540258f6e790464b2951537d5bbc92c4
2019-05-16 14:49:45 -07:00
Matthew Maurer
6194c02c64 Merge "Allow INVALID_INPUT_LENGTH for oversized messages"
am: b397fc8e88

Change-Id: Ia3e4641b9fa4936655da6db1d8def5f31cee6e06
2019-05-16 13:36:35 -07:00
Matthew Maurer
b397fc8e88 Merge "Allow INVALID_INPUT_LENGTH for oversized messages" 2019-05-16 19:06:39 +00:00
Matthew Maurer
0690156c0d Merge "Use SHA_2_256 for importWrappedKey" am: 0ce3156f97
am: b2a847aea7

Change-Id: Ib382c184dc01505819f16c86007ab5578f0574f4
2019-05-16 10:09:01 -07:00
Matthew Maurer
b2a847aea7 Merge "Use SHA_2_256 for importWrappedKey"
am: 0ce3156f97

Change-Id: I4ff814128ad16f62c47b0e19b9adb0a296afa178
2019-05-16 09:57:22 -07:00
Matthew Maurer
0ce3156f97 Merge "Use SHA_2_256 for importWrappedKey" 2019-05-16 16:43:54 +00:00
Xin Li
fef0cab5e9 DO NOT MERGE - Merge pi-platform-release (PPRL.190505.001) into stage-aosp-master
Bug: 132622481
Change-Id: Ie2af73fae9852849b11796bb1e77f0fc62c28ce2
2019-05-13 15:39:13 -07:00
Steven Moreland
6106299c4f listByInterface -> listManifestByInterface
This does two things:
- makes sure that HALs configured as lazy HALs will be retrieved
- will detect bad manifest entries earlier

Bug: 131703193
Test: boot
Change-Id: I82e10f49367b097023eb31797c877c15eedb5e00
2019-05-13 13:01:08 -07:00
Matthew Maurer
66f842ceec Allow INVALID_INPUT_LENGTH for oversized messages
In Keymaster 3, both INVALID_INPUT_LENGTH and INVALID_ARGUMENT were
acceptable for oversized messages. Keymaster 4 VTS requires that
INVALID_ARGUMENT be returned, but the spec has no such restriction. This
loosens VTS to allow either INVALID_INPUT_LENGTH or INVALID_ARGUMENT in
this case.

Bug: 129297054
Test: atest VtsHalKeymasterV4_0TargetTest Pixel 3, Trusty tests
2019-05-13 09:52:12 -07:00
Matthew Maurer
41cb84029a Use SHA_2_256 for importWrappedKey
The spec requires that SHA1 not be allowed for wrapped keys and that
only SHA_2_256 be used. Unfortunately, the previous VTS required SHA1
support. This patch takes the middle ground by requiring SHA_2_256 be
supported for importWrappedKey, but not disallowing it from supporting
SHA1.

This makes it possible for a spec compliant keymaster to pass VTS
while not disqualifying shipped devices.

Bug: 129291873
Test: atest VtsHalKeymasterV4_0TargetTest:ImportWrappedKeyTest, Trusty
Change-Id: I6c3a9182b51f2e7a46173d5bfc34d3c3264d954f
2019-05-10 14:27:53 -07:00
Janis Danisevskis
e08ba7a9fd Verify mac change on time stamp change am: 33d75d090b
am: 3b8bae3554

Change-Id: I26af43007c28b1b251ce5e2d22dc0975711ad8a3
2019-05-09 15:50:26 -07:00
Janis Danisevskis
33d75d090b Verify mac change on time stamp change
This test verifies that verification tokens with different time stamps do
not have the same MAC. This may not guarantee that the MAC is computed
correctly but it catches implementation that do not include the time
stamp in the mac.

It also checks that the MAC changes when both time stamp and challenge
changes.

Test: yes it is
Bug: 131859731
Bug: 132288466
Bug: 132287277
Change-Id: I85aa1d873eff46df7a66fc69bd61a031e6e6fbe0
2019-05-09 12:50:11 -07:00
Janis Danisevskis
3414222e3a Keymaster support: Verbose vendor errors
Added function for verbosely logging Keymaster vendor errors.

Bug: 123562864
Test: atest android.keystore.cts
Merged-In: Ida093941d3b76b3d2e953439229081345909c16b
Change-Id: Ida093941d3b76b3d2e953439229081345909c16b
2019-05-03 16:04:02 -07:00
Garret Kelly
5b6d16c9dd Merge "Make test expectation match comment" into qt-dev
am: 282c8d0694

Change-Id: I47b9aeff0fcf7798ebcc900040771d95bdc91b5b
2019-05-03 15:41:31 -07:00
Garret Kelly
d47288dde5 Make test expectation match comment
The BOOT_PATCHLEVEL value is allowed to have 00 in the days position
according to the keymaster specification.  This test's comment already
suggests that it's allowed, so update the expectation to match.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 130843899
Change-Id: Ib43da43b2e0398b48fb59710bf4066f2641de2eb
2019-05-01 15:18:38 -04:00
Garret Kelly
0c098a4af0 Merge "Fix comparison between hex and binary values" into qt-dev
am: a8a23aa389

Change-Id: I2974a3c02139d31038e759d65383ce4a91530b75
2019-04-26 16:57:36 -07:00
Garret Kelly
ebfdba67d2 Fix comparison between hex and binary values
The verified boot hash in the attestation record is a binary blob, while
the property read from the system is a hex-encoded value.  Convert the
boot hash from the attestation record into hex before comparing.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 130843899
Change-Id: I6f6e0da71501d741dd8b27d0778e1854af17ace6
2019-04-24 17:39:57 -04:00
Shawn Willden
ca9e5b3caa Correct IKeymasterDevice documentation. am: 744a37115a
am: dff8dd72a3

Change-Id: I476e9dc8d644339e05a92d7815f0fc5ee08c3923
2019-04-23 11:43:42 -07:00
Shawn Willden
744a37115a Correct IKeymasterDevice documentation.
Bug: 129931913
Bug: 130144003
Test: ./update-makefiles.sh (checks hashes)
Change-Id: Ia8101f8410a728b28653416300c1a3eb480eb469
2019-04-19 00:59:01 +00:00
Steven Moreland
6d494b2346 Merge "Update hidl makefiles for bpfmt" am: ff0bd741ca
am: 96f40f7b02

Change-Id: Idbf030e4993067bdb8181321bca2de00c9b6f7ef
2019-04-18 14:34:45 -07:00
Steven Moreland
1ae4615d9f Update hidl makefiles for bpfmt
hidl-generated makefiles are now generated such that bpfmt(file) == file.

Bug: 67417008
Test: enable bpfmt hook
Change-Id: I1f69d292bc23a7cc293a66110cb02d597e1019ad
2019-04-17 09:38:50 -07:00
Max Bires
873d889730 Expanding VTS test coverage
Keymaster VTS test coverage on 4.0 was incomplete. This significantly
expands the coverage of the spec. The bugs listed are errors found that
these tests will cover, but are not indicative of the complete set of
things tested.

Test: atest VtsHalKeymasterV4_0TargetTest
Bug: 79953279
Bug: 119553313
Bug: 119541233
Bug: 119396995
Bug: 119542230
Bug: 119549128
Bug: 119549677
Bug: 122184852
Bug: 122261372
Change-Id: I42d78091b48398597bbebe1d9c91b806494ddf4c
(cherry picked from commit 8c0edf6c84)
2019-04-11 15:17:19 +00:00
Max Bires
8c0edf6c84 Expanding VTS test coverage
Keymaster VTS test coverage on 4.0 was incomplete. This significantly
expands the coverage of the spec. The bugs listed are errors found that
these tests will cover, but are not indicative of the complete set of
things tested.

Test: atest VtsHalKeymasterV4_0TargetTest
Bug: 79953279
Bug: 119553313
Bug: 119541233
Bug: 119396995
Bug: 119542230
Bug: 119549128
Bug: 119549677
Bug: 122184852
Bug: 122261372
Change-Id: I42d78091b48398597bbebe1d9c91b806494ddf4c
2019-04-08 10:18:32 -07:00
Eran Messeri
04a7045117 Test importing EC P-256 keys with multiple encodings
Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915
specification (which requires the curve OID in key in addition to the
wrapper) and the same key encoded using SEC1 (which allows omitting the
OID if it's known from the wrapper).

Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest
Bug: 124437839
Bug: 127799174
Bug: 129398850
Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3
Merged-In: I5f5df86e55a758ed739403d830baa5c7308813a3
2019-04-01 14:54:00 +01:00
TreeHugger Robot
300fc770e9 Merge "Test importing EC P-256 keys with multiple encodings" 2019-03-27 18:29:46 +00:00
Janis Danisevskis
f6f522c525 Merge "Fix strict weak ordering requirement of less than operation" am: e82263dd74 am: 36b364abfb
am: 22368369f7

Change-Id: I2301e7fec1c5c28516dafff483a8a0f2a2e00b0a
2019-03-26 09:34:44 -07:00
Janis Danisevskis
22368369f7 Merge "Fix strict weak ordering requirement of less than operation" am: e82263dd74
am: 36b364abfb

Change-Id: I7a97aaecd25f3a78a3f9508388a88ace9c97642e
2019-03-26 09:30:01 -07:00
Eran Messeri
68289f76f2 Test importing EC P-256 keys with multiple encodings
Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915
specification (which requires the curve OID in key in addition to the
wrapper) and the same key encoded using SEC1 (which allows omitting the
OID if it's known from the wrapper).

Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest
Bug: 124437839
Bug: 127799174
Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3
2019-03-26 12:01:03 +00:00
Janis Danisevskis
c7a8b863cd Keymaster support: Verbose vendor errors
Added function for verbosely logging Keymaster vendor errors.

Bug: 123562864
Test: atest android.keystore.cts
Change-Id: Ida093941d3b76b3d2e953439229081345909c16b
2019-03-20 16:13:53 +00:00
Janis Danisevskis
93c7276e3a Fix strict weak ordering requirement of less than operation
operator< on hidl_vec<uint8_t> violates strict weak ordering in the case
that one oparand is shorter that the other and the shorter is a prefix
of the longer.

if x and y are incomparable, i.e., neither x < y nor y < x and
   y and z are incomparable, i.e., neither y < z nor z < y, then
   x and z must be incomparable.
As for the current implementation the first two statements are true but
the third is not given the following example input:
x:="aa", y:="a", z:="ab".

This patch fixes the issue by defining a < b if a is a prefix of b.

As this relation is used in a std::sort algorithm which demands strict
weak ordering this bug leads to undefined behavior.

Change-Id: I4961bb35e2fd4f5fcf561ec0c7c536f81830aab8
2019-03-19 09:54:04 -07:00
Steven Moreland
7f4e21adda Merge "Update makefies: no 'types'" am: 4ee5ec1469 am: bab622f6a6
am: 7224bc9bcf

Change-Id: I434939e0770afa436c532a945542fce30a71ef7d
2019-03-04 16:05:59 -08:00
Steven Moreland
7224bc9bcf Merge "Update makefies: no 'types'" am: 4ee5ec1469
am: bab622f6a6

Change-Id: Iaeb7cc7ff2b16d610136c4a20a6a64884d563f68
2019-03-04 15:27:24 -08:00
Steven Moreland
a878aee9ab Update makefies: no 'types'
Bug: 123976090
Test: N/A
Change-Id: I30fb04c81889b62775e1b764b965fdb0f893de17
2019-03-04 11:27:17 -08:00
nagendra modadugu
31266a9780 [DO NOT MERGE] keymaster: add an EC attestation test
am: d0a5c1dda5

Change-Id: I797704e86fb125a0986c3fb658ddc9b86df3b9fe
2019-02-22 17:26:13 -08:00
nagendra modadugu
d0a5c1dda5 [DO NOT MERGE] keymaster: add an EC attestation test
Add a test that creates an EC key by
using key-bits (rather than curve-id),
and check that the attestation message
corresponds to key characteristics.

Bug: 122375834
Bug: 119542230
Test: VTS passes
Change-Id: Iad6ff2ca90a951124940943f2484f9fb9f813a19
2019-02-22 13:33:03 -08:00
Sasha Smundak
791b843bcb Merge "Explicitly include log/log.h or android/log.h instead of cutils/log.h" am: b5db125860 am: 4a1f714ed0
am: 1e45903dd5

Change-Id: I1a54776b7560154304573a8cd3dfeae5babf43e5
2019-02-01 13:22:37 -08:00
Sasha Smundak
769c053d7c Explicitly include log/log.h or android/log.h instead of cutils/log.h
Eliminates the warning.
Test: treehugger

Bug: 123758136
Change-Id: Ibe50261efc18d659a10129977342bc765a9ba9d5
2019-02-01 10:52:09 -08:00