Commit graph

314 commits

Author SHA1 Message Date
Yinchu Chen
431aec3d2f Add an exception for QTI SM8550
SM8550 doesn't support Keymint2.0, per the discussion in b/
add an exception in the test case when SM8550 is detected.

Bug: b/245649355
Test: VtsHalKeymasterV4_0TargetTest

Change-Id: I788a80c0f9b011f73aac9a8c4774e70e203ac3d6
2022-12-23 07:14:34 +00:00
Shawn Willden
e5364d7617 Read VSR level from correct property.
Bug: 235424890
Test: VtsHalKeymasterV4_0TargetTest & VtsAidlKeyMintTargetTest
Ignore-AOSP-First: Cherry-pick of aosp/2128833
Change-Id: I39109c097d129124097a303c3f108d015cb367e3
Merged-In: I39109c097d129124097a303c3f108d015cb367e3
2022-06-17 10:49:46 +09:00
Shawn Willden
8292bc9292 Implement KeyMint2 test for VSR13
Test: VtsAidlKeyMintTargetTest & VtsHalKeymasterV4_0TargetTest
Bug: 235099905
Ignore-AOSP-First: Cherry pick from aosp/2115214
Change-Id: Ie10b705bb06990a2a2c6223fcce28f5fde6bf3f3
Merged-In: Ie10b705bb06990a2a2c6223fcce28f5fde6bf3f3
2022-06-06 17:13:01 +00:00
David Drysdale
2c19304e56 Merge "Fix AES corrupt padding test" am: b474607b7c am: b661792d06 am: 2e449950d6
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2059787

Change-Id: I1a4bf228d73452cbc718ab126165bf09e0cdf833
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-11 13:16:23 +00:00
David Drysdale
b809329dc7 Fix AES corrupt padding test
The AesEcbPkcs7PaddingCorrupted test has been incorrect since it was
originally introduced -- it was feeding the original message as input to
the decryption operation, rather than the corrupted ciphertext.  As a
result, the expected error code was also wrong -- INVALID_INPUT_LENGTH
is appropriate for a too-short cipher text (length 1 in this case),
whereas a corrupt-but-correct-length cipher text should give
INVALID_ARGUMENT.

Fix the test, and add a separate test to cover what was inadvertently
being tested before. Add a sentence to the HAL spec to describe what
expected and tested by CTS/VTS.

Bug: 194126736
Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest
Change-Id: Iaa5e42768814197f373797831093cf344d342b77
2022-04-11 08:35:11 +01:00
Pirama Arumuga Nainar
ebd891dca1 Merge "Build with upstream lld: Fix incorrect static dependencies" am: 2c76c6867e am: 5f96cab8c0 am: e18c0f85fd
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2056641

Change-Id: Ibad4f98dce239fc2e1cf689688bf296bb25ea1a8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-07 17:39:26 +00:00
Pirama Arumuga Nainar
da5fa76f9f Build with upstream lld: Fix incorrect static dependencies
Bug: http://b/197965342

Remove unnecessary `static_libs` dependencies or move them to
`shared_libs` to build with upstream LLD.  See b/197965342#comment1
(internal) for rationale.  Some info is available externally at
https://github.com/llvm/llvm-project/issues/42899.

Per go/android-lld-static-lib-fix, OWNERS are added for visibility.  No
action is needed if the change looks good.  This change will be merged
after two business days with Global Approvers.

Test: Build modules with aosp/2036867 in addition to presubmit
Change-Id: I6b607969ab89605d392344d307f5deeb883d4191
2022-04-06 23:05:20 +00:00
David Drysdale
5bcf2a423b Merge "Add OWNER for keymaster VTS" am: d3e783be43 am: fc5b6ac127 am: 4723499cc0
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2024663

Change-Id: I3329c009c09a3d44cef90d826d86fcbc4cbd845b
2022-03-14 17:03:22 +00:00
David Drysdale
79972e7645 Merge "Key{Mint,Master} VTS: fix incremental AES tags" am: e5c2bf01fc am: 523b300da7 am: a219992eef
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2020421

Change-Id: I771b72b5f4f439c8b6eea264010b90f0efa876a8
2022-03-14 17:02:36 +00:00
David Drysdale
d3e783be43 Merge "Add OWNER for keymaster VTS" 2022-03-14 16:04:31 +00:00
David Drysdale
f06d5d3978 Add OWNER for keymaster VTS
Test: TreeHugger
Change-Id: I2ff243a2cadbfcc9bedf634f9a9327b2fa8ccd63
2022-03-14 14:28:27 +00:00
David Drysdale
1a637199e4 Key{Mint,Master} VTS: fix incremental AES tags
Change Id62fdce65131ee00c88e5849955a937f1c171748 split up the AES
incremental encryption tests into individual tests for each encryption
mode.  This meant that each generated key is only valid for a single
mode, which in turn means that for non-GCM mode keys it is not valid
to specify MIN_MAC_LENGTH.

Bug: 223934835
Test: VtsAidlKeyMintTargetTest
Change-Id: I38f34f60116bde3d23f203365d62e5b25d7b254b
2022-03-14 09:23:29 +00:00
Treehugger Robot
04fc0c4fb2 Merge "Split AESincremental VTS test into 4 Tests(For blockmodes-ECB,CBC,GCM,CTR)" am: 90019d46c2 am: bfdd991c76 am: 8be10ddce6
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2007030

Change-Id: Iffe169fcff0a11478672bf8f5895a93fcdcc9003
2022-03-04 18:50:47 +00:00
anil.hiranniah
19a4ca17ea Split AESincremental VTS test into 4 Tests(For blockmodes-ECB,CBC,GCM,CTR)
Change mentioned above is done in VTS for Keymaster4.0
and Keymint

Test: VTS tests with tradefed
Change-Id: Id62fdce65131ee00c88e5849955a937f1c171748
2022-03-03 18:02:04 +05:30
Chih-hung Hsieh
34593d4e2a Merge "Add timed out test files to tidy_timeout_srcs" am: ff54f73b4f am: fa83970b3a am: 581616e658
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1992232

Change-Id: I2eac13fe3b5ab0b4f15d6ceadf376e5e74124a81
2022-02-24 01:32:09 +00:00
Chih-Hung Hsieh
ad1bf31b78 Add timed out test files to tidy_timeout_srcs
* Timed out runs do not show any warning messages.
* These test files cannot finish clang-tidy runs with
  the following settings:
    TIDY_TIMEOUT=90
    WITH_TIDY=1
    CLANG_ANALYZER_CHECKS=1
* When TIDY_TIMEOUT is set, in Android continuous builds,
  tidy_timeout_srcs files will not be compiled by clang-tidy.
  When developers build locally without TIDY_TIMEOUT,
  tidy_timeout_srcs files will be compiled.
* Some of these test modules may be split into smaller ones,
  or disable some time consuming checks, and then
  enable clang-tidy to run within limited time.

Bug: 201099167
Test: make droid tidy-hardware-interfaces_subset
Change-Id: I1de28f1572fff368f67eab512fffec9f2e5c2a9b
2022-02-18 17:25:41 -08:00
David Drysdale
ab1851e9f2 Alter spec text for RSA-PSS to match reality
The Key{Mint,Master} spec previously said that RSA-PSS mode should use
SHA-1 for the MGF1 digest, separately from whatever Tag::DIGEST gets
specified as the main digest.

However, both the reference implementation and the VTS/CTS tests
use BoringSSL's defaults, which is to re-use the main digest as the MGF1
digest if none is separately specified.

Given that this behaviour is embedded in many implementations over
several years (and given that there isn't a security implication),
change the spec to match this behaviour.  Also update the VTS test
code to make this clear/obvious.

Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest
Bug: 210424594
Change-Id: I4303f28d094ef4d4b9dc931d6728b1fa040de20d
Ignore-AOSP-First: target internal master first due to merge conflict
2022-01-13 09:13:39 +00:00
David Drysdale
c6b8907a32 Alter spec text for RSA-PSS to match reality
The Key{Mint,Master} spec previously said that RSA-PSS mode should use
SHA-1 for the MGF1 digest, separately from whatever Tag::DIGEST gets
specified as the main digest.

However, both the reference implementation and the VTS/CTS tests
use BoringSSL's defaults, which is to re-use the main digest as the MGF1
digest if none is separately specified.

Given that this behaviour is embedded in many implementations over
several years (and given that there isn't a security implication),
change the spec to match this behaviour.  Also update the VTS test
code to make this clear/obvious.

Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest
Bug: 210424594
Merged-In: I4303f28d094ef4d4b9dc931d6728b1fa040de20d
Change-Id: I4303f28d094ef4d4b9dc931d6728b1fa040de20d
2022-01-13 09:13:08 +00:00
David Drysdale
6c687127fa Merge "Turn off CFI for the Keymaster VTS" am: 1ff635ab2d am: ab78c4b682 am: 2a20554f45 am: fe9a70a53e
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1906291

Change-Id: I9730d389cf119e539f9f4a85916065fc40656577
2021-12-07 07:32:38 +00:00
David Drysdale
ab78c4b682 Merge "Turn off CFI for the Keymaster VTS" am: 1ff635ab2d
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1906291

Change-Id: Idf81c498e1b5ef26b8d5ade160217556a81340a3
2021-12-07 06:39:35 +00:00
David Drysdale
1ff635ab2d Merge "Turn off CFI for the Keymaster VTS" 2021-12-07 06:22:35 +00:00
David Drysdale
2bd0d43b24 Turn off CFI for the Keymaster VTS
On a bramble device, observed a crash in the VTS binary itself when
executing BoringSSL signature verification code locally (i.e. with no
KeyMaster interaction involved).

The crash call stack involves CFI checks, and seems to occur at the
point when some BoringSSL digest calculation code invokes a function
pointer.

 - SHA1_Update passes &sha1_block_data_order to (inlined)...
 - crypto_md32_update() which invokes the function pointer
   via its block_func parameter.

Moving the BoringSSL dependency from static_libs: libcrypto_static to
shared_libs: libcrypto makes the crash go away, but a smaller change
that also fixes the problem is to disable CFI checks for the test
binary.

This approach was inspired by:
ab65cd0e89%5E%21/#F0

The same problem looks to be relevant for the bugs listed below.

Bug: 206496340
Bug: 206498742
Test: VtsHalKeymasterV4_0TargetTest --gtest_filter="*VerificationOperationsTest.RsaAllPaddingsAndDigests*"
Change-Id: I12b145dad5535846d68c97954d31a93123bb95e7
2021-11-30 15:27:32 +00:00
David Drysdale
f60d8c4535 Merge "Fix flaky corrupted padding tests" am: a33f46bc2a am: 61cf943208 am: 02951d1167 am: d1c5ed5bec
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1903312

Change-Id: I803c4549b635d900934403c775886b1153b91a12
2021-11-30 07:41:54 +00:00
David Drysdale
61cf943208 Merge "Fix flaky corrupted padding tests" am: a33f46bc2a
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1903312

Change-Id: I5e5b1e62c017e2e1db8ce099e1cabda6501ce44c
2021-11-30 07:00:16 +00:00
David Drysdale
4c1f6ac496 Fix flaky corrupted padding tests
Transfer the fix in http://aosp/1745035 from the KeyMint VTS test back
into the keymaster VTS test.

Bug: 189261752
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5f0a69255cfe980dd6e71fa29ff06a84cb668f6d
2021-11-29 16:17:11 +00:00
Xin Li
8f6d361f15 Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918
Bug: 205056467
Merged-In: I96a417467346a57b13c2efae12a183d78506afc3
Change-Id: I570a3b599281f519af7a440562c83f8484684fd5
2021-11-10 08:05:55 +00:00
Jim Blackler
6872cf4c1d Merge "Revert "Delete KM1"" am: 0531c94771 am: 7e0f50f4fe am: cb8a6b42d2 am: 1977dffb15 am: a47931ad1f
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1853098

Change-Id: I9e8aadf21c1f372458caf5e006a0ec714f449f2b
2021-10-11 15:27:29 +00:00
Jim Blackler
cb8a6b42d2 Merge "Revert "Delete KM1"" am: 0531c94771 am: 7e0f50f4fe
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1853098

Change-Id: I2bc88903556a42984553014cdbd3010939dded25
2021-10-11 14:39:01 +00:00
Jim Blackler
a08ea2d23f Revert "Delete KM1"
Revert "Delete KM1"

Revert "Delete KM1"

Revert "Delete KM1"

Revert submission 1844016-delkm1

Reason for revert: b/202675261
Reverted Changes:
Iba996962b:Delete KM1
Ia4c5359cd:Delete KM1
Iee6ec9816:Delete KM1
I6058e4d86:Delete KM1
I8abb9c570:Delete KM1
I9c4dc5c9e:Delete KM1

Change-Id: I2a2d4b737a90f8ce31cd14b68f64564d8d245ab3
2021-10-11 13:38:59 +00:00
Shawn Willden
56534c3412 Merge "Delete KM1" am: 13274fa22d am: 9c379e224f am: bb661ea978 am: b98e256589 am: 7cbfeb37c3
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1849793

Change-Id: I498a9212fdec4b3852c737bd18c9dd102774851a
2021-10-09 02:03:15 +00:00
Shawn Willden
bb661ea978 Merge "Delete KM1" am: 13274fa22d am: 9c379e224f
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1849793

Change-Id: I6d7acf78da1a57e078ffd21378d2021740633960
2021-10-09 01:19:59 +00:00
Shawn Willden
50f70d73da Delete KM1
Test: Build
Change-Id: Iee6ec98163dff3a969debd9f4343c7b06ebe8d4f
2021-10-07 09:43:32 -06:00
TreeHugger Robot
718b3bd4de Merge "Add EncryptionOperationsTest.AesCbcZeroInputSuccess" 2021-10-05 02:53:40 +00:00
Tommy Chiu
e6f9ff6c19 Add EncryptionOperationsTest.AesCbcZeroInputSuccess
Check if the zero input data with AES-CBC-[NONE|PKCS7] padding mode
generates correct output data and length.

Bug: 200553873
Test: VtsHalKeymasterV4_0TargetTest, VtsAidlKeyMintTargetTest
Change-Id: I729c2bad65e9d8b194422032346e5ee3c4b0dce5
2021-09-29 21:08:58 +08:00
Yiming Pan
02aa333117 Merge "Backfill owner information for VTS module VtsHalKeymasterV4_0TargetTest." am: ea60a110ab am: e988b0f6c7
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1813761

Change-Id: Ie1be063bc1c976404fdb285c5653bb3c14c851e2
2021-09-28 16:02:04 +00:00
Yiming Pan
ea60a110ab Merge "Backfill owner information for VTS module VtsHalKeymasterV4_0TargetTest." 2021-09-28 01:24:22 +00:00
Bob Badour
b8995451aa [LSC] Add LOCAL_LICENSE_KINDS to hardware/interfaces
Added SPDX-license-identifier-Apache-2.0 to:
  bluetooth/1.0/default/test/fuzzer/Android.bp
  keymaster/4.0/support/fuzzer/Android.bp
  radio/aidl/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all
Change-Id: Id9c8b253a2402a07637f96281bcdaffbf3afc3c3
2021-09-13 17:50:14 -07:00
Bob Badour
bf387481b9 [LSC] Add LOCAL_LICENSE_KINDS to hardware/interfaces
Added SPDX-license-identifier-Apache-2.0 to:
  bluetooth/1.0/default/test/fuzzer/Android.bp
  keymaster/4.0/support/fuzzer/Android.bp
  radio/aidl/Android.bp

Bug: 68860345
Bug: 151177513
Bug: 151953481

Test: m all
Change-Id: If766e3abcdff8263e2cb2eb707d4743bfb395db6
2021-09-10 11:01:15 -07:00
Treehugger Robot
4134175657 Merge "Added fuzzers for libkeymaster4support" am: 03c30ca9a8 am: 52607dea82
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1729193

Change-Id: I79584356828bed8e4b40641cf615478c1e0f0822
2021-09-09 03:48:55 +00:00
Treehugger Robot
03c30ca9a8 Merge "Added fuzzers for libkeymaster4support" 2021-09-09 03:25:49 +00:00
Yiming Pan
7f3a1bf518 Backfill owner information for VTS module VtsHalKeymasterV4_0TargetTest.
Each VTS module is required to have OWNERS file. The ownership is based on
go/vts-owners. For more information about ownership policy, please visit
go/xts-owners-policy.

Test: Tree Hugger
Bug: 143903671
Change-Id: I4328efc697dafa313fd685f12d867006b8b332ee
2021-08-30 12:52:20 -07:00
Max Bires
f0394173a4 Merge "AesInvalidKeySize skip 192 on SB devices" into sc-dev 2021-08-20 16:15:29 +00:00
Max Bires
d067e790ab Revert "AesInvalidKeySize skip 192 on SB devices"
This reverts commit eb8b0577e8.

Reason for revert: Broke a different TEE implementation

Bug: 196922051
Change-Id: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
Merged-In: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
2021-08-20 07:30:36 +00:00
Max Bires
5b7f78d43b AesInvalidKeySize skip 192 on SB devices
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.

Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: Ic0ff19d2d19d6e18dfbc0fad4b8182264f36b2f6
2021-08-19 03:28:15 -07:00
Bill Richardson
f332d02bc6 Merge "Revert "AesInvalidKeySize skip 192 on SB devices"" into sc-dev 2021-08-18 16:54:06 +00:00
Ayushi Khopkar
20bf5e70bc Added fuzzers for libkeymaster4support
This patch adds following fuzz targets: keymaster4_attestation_fuzzer, keymaster4_authSet_fuzzer and keymaster4_utils_fuzzer

Test: ./keymaster4_attestation_fuzzer
Test: ./keymaster4_authSet_fuzzer
Test: ./keymaster4_utils_fuzzer
Bug: 189053968

Change-Id: Ieca5ba012f395a25cca9e37856d197031daf7dd9
2021-08-18 12:23:03 +05:30
Max Bires
0224cfe3e0 Revert "AesInvalidKeySize skip 192 on SB devices"
This reverts commit eb8b0577e8.

Reason for revert: Broke a different TEE implementation

Bug: 196922051
Change-Id: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
2021-08-17 14:41:49 +00:00
Max Bires
3828fb2214 Merge "AesInvalidKeySize skip 192 on SB devices" 2021-08-13 21:45:14 +00:00
Max Bires
f24a66f42a Merge "AesInvalidKeySize skip 192 on SB devices" into sc-dev 2021-08-13 21:45:03 +00:00
Max Bires
eb8b0577e8 AesInvalidKeySize skip 192 on SB devices
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.

Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: I1a27a0d61e5247ad90c8f5b1423f2a1567016bac
2021-08-09 23:04:26 -07:00