In Keymaster 3, both INVALID_INPUT_LENGTH and INVALID_ARGUMENT were
acceptable for oversized messages. Keymaster 4 VTS requires that
INVALID_ARGUMENT be returned, but the spec has no such restriction. This
loosens VTS to allow either INVALID_INPUT_LENGTH or INVALID_ARGUMENT in
this case.
Bug: 129297054
Test: atest VtsHalKeymasterV4_0TargetTest Pixel 3, Trusty tests
hidl-generated makefiles are now generated such that bpfmt(file) == file.
Bug: 67417008
Test: enable bpfmt hook
Change-Id: I1f69d292bc23a7cc293a66110cb02d597e1019ad
Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915
specification (which requires the curve OID in key in addition to the
wrapper) and the same key encoded using SEC1 (which allows omitting the
OID if it's known from the wrapper).
Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest
Bug: 124437839
Bug: 127799174
Bug: 129398850
Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3
Merged-In: I5f5df86e55a758ed739403d830baa5c7308813a3
operator< on hidl_vec<uint8_t> violates strict weak ordering in the case
that one oparand is shorter that the other and the shorter is a prefix
of the longer.
if x and y are incomparable, i.e., neither x < y nor y < x and
y and z are incomparable, i.e., neither y < z nor z < y, then
x and z must be incomparable.
As for the current implementation the first two statements are true but
the third is not given the following example input:
x:="aa", y:="a", z:="ab".
This patch fixes the issue by defining a < b if a is a prefix of b.
As this relation is used in a std::sort algorithm which demands strict
weak ordering this bug leads to undefined behavior.
Change-Id: I4961bb35e2fd4f5fcf561ec0c7c536f81830aab8
It is unclear whether author intentionally meant to cause segfault here.
While waiting for the author to explain/fix the code, suppress the
warning to unblock enabling the warning globally.
Test: m checkbuild
Bug: 121390225
Change-Id: Iad03842833cfdc243404a32f6b31d161387c3890
C++17 adds a non-const std::basic_string::data, so non-const std::strings in the
test are `char*` and the const std::strings are `const char*`. See
https://en.cppreference.com/w/cpp/string/basic_string/data for details.
Without adding the non-const overload, the varargs overload is preferred, leading
to static_assert failures:
In file included from hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:33:
In file included from hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:20:
hardware/interfaces/keymaster/3.0/vts/functional/keymaster_tags.h:257:5: error: static_assert failed "Authorization other then TagType::BOOL take exactly one parameter."
static_assert(tag_type == TagType::BOOL || (sizeof...(args) == 1),
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:213:19: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::Authorization<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA, char *, unsigned long>' requested here
push_back(Authorization(tag, std::forward<Value>(val)...));
^
hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:245:9: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSet::push_back<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
push_back(ttag, std::forward<ValueType>(value)...);
^
hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:3426:35: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSetBuilder::Authorization<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
^
Bug: http://b/111067277
Test: builds
Change-Id: I3d70fb5a41db16cc9dff50364cd793e0c3510ed0
Invalid and unknown tags were treated as zero size but they where still
counted as entry. This lead to invalid tags being persisted. When
Serialized blobs were used to cache key characteristics, these invalid
tags were send to clients of keystore. However, the serialization cannot
cope with invalid tags.
Bug: 119414176
Test: Successfully used the Skype app which triggered the problem
Change-Id: Ia46ac4a16395db3d10f93d3722eda69d523db478
hidl_vec objects that do not own their associated buffer are highly
unsafe in multithreaded environments where move semantic is used to
transfer ownership between threads. With keystore transitioning to a
multi threaded execution model we can no longer use this optimization
safely.
Bug: 111443219
Test: Ran full keystore cts test suite.
Change-Id: I9a366fc7df5dfee508dc092855545963ef6d9665
* Added missing Tag::HARDWARE_TYPE and Tag::TRUSTED_CONFIRMATION_REQUIRED
* Made AuthorizationSet::hidl_data() safer to use.
hidl_data() initializes a hidl_vec with the internal data of
std::vector using setToExternal and returns it by value. This means
the returned temporay does not own the buffer which has the life cycle
of the AuthorizationSet. This is fine if passed as parameter to a
function where it is bound to a cont reference. But if the temporary
gets assigned to something with longer life cycle move semantics kicks
in and the buffer is now tracked by something with a longer life
cycle. This patch marks the returned temporary const, so that it can
no longer be moved. It can still be bound to a const reference, but
when assigned to a variable it must get copied.
* Add Filter function to AuthorizationSet.
Bug: 111443219
Test: KeyStore CTS tests
Change-Id: I4744b7c87d01fbd905c3afb8ebeefba93605994b
The underlying array may be cleaned up once its lifetime has ended,
the initializer_list would become ill-formed. Return as std::vector
instead.
This fixes "-Wreturn-stack-address" (clang) / "-Winit-list-lifetime"
(gcc) warning.
Test: mma
Bug: 111998531
Change-Id: Ie5bb6bc3d0d7689744fd573c5683b22e6fb6b178
Since Confirmation UI is optional for Strongbox
implementation, skipping the test.
Bug: 112189538
Test: This is an update to the vts test
Change-Id: Ie3485a1de92444b0c49670b198de30ea25e0673e
Signed-off-by: Max Bires <jbires@google.com>
Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.
Test: N/A
Bug: 78104779
Merged-In: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
(cherry picked from commit ae8da1b70a)
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.
Test: Patches the strongbox tests
Bug: 112189538
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test. This CL
reverts that portion of the change.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Bug: 80246122
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Bug: 80246122
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Strongbox is not required to support SHA-2 digests,
so skip the related tests.
Bug: 109771020
Bug: 80246122
Test: This is the test
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Bug: 80246122
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().
The patch is provided by vink.shen@mediatek.corp-partner.google.com
Bug: 109708231
Test: build pass
Merged-In: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
(cherry picked from commit 79db3ec849)
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.
Also amend tests to use Update().
Test: Yes it is
Bug: 74519020
Merged-In: Ibec9c3398671f81dbc0ecf78e554726276160579
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
(cherry picked from commit 3a7e2cade3)
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.
Test: N/A
Bug: 78104779
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
This KM4 key agreement check is causing some pain on early units
that aren't completely provisioned in both locked and non-Green
(unlocked) states.
This doesn't impact KM3 devices (Pixel 2016/2017 etc.)
Bug: 110301629
Change-Id: I5a737ac8a335863b1099c29cf3c0496adeb41e15
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.
Also amend tests to use Update().
Test: Yes it is
Bug: 74519020
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().
The patch is provided by vink.shen@mediatek.corp-partner.google.com
Bug: 109708231
Test: build pass
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Gramatical and punctuation corrections; addition of missing
userSecureId to AuthorizationList schema and removal of extraneous
rollbackResistant from same; correction of OS_PATCHLEVEL source
property; and addition of missing TAG_UNLOCKED_DEVICE_REQUIRED
documentation.
Bug: 69550260
Test: N/A
Change-Id: I04092b7df3af69201ba1467cddc09f6f44e861a8
Bug: 80102279
Bug: 80251973
Test: N/A; this keymaster exists only for policy compliance. It's never used.
Change-Id: I45f0eefd9abdd02f6774aa52f238040510c5d62c
