Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915
specification (which requires the curve OID in key in addition to the
wrapper) and the same key encoded using SEC1 (which allows omitting the
OID if it's known from the wrapper).
Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest
Bug: 124437839
Bug: 127799174
Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3
operator< on hidl_vec<uint8_t> violates strict weak ordering in the case
that one oparand is shorter that the other and the shorter is a prefix
of the longer.
if x and y are incomparable, i.e., neither x < y nor y < x and
y and z are incomparable, i.e., neither y < z nor z < y, then
x and z must be incomparable.
As for the current implementation the first two statements are true but
the third is not given the following example input:
x:="aa", y:="a", z:="ab".
This patch fixes the issue by defining a < b if a is a prefix of b.
As this relation is used in a std::sort algorithm which demands strict
weak ordering this bug leads to undefined behavior.
Change-Id: I4961bb35e2fd4f5fcf561ec0c7c536f81830aab8
Add a test that creates an EC key by
using key-bits (rather than curve-id),
and check that the attestation message
corresponds to key characteristics.
Bug: 122375834
Bug: 119542230
Test: VTS passes
Change-Id: Iad6ff2ca90a951124940943f2484f9fb9f813a19
It is unclear whether author intentionally meant to cause segfault here.
While waiting for the author to explain/fix the code, suppress the
warning to unblock enabling the warning globally.
Test: m checkbuild
Bug: 121390225
Change-Id: Iad03842833cfdc243404a32f6b31d161387c3890
C++17 adds a non-const std::basic_string::data, so non-const std::strings in the
test are `char*` and the const std::strings are `const char*`. See
https://en.cppreference.com/w/cpp/string/basic_string/data for details.
Without adding the non-const overload, the varargs overload is preferred, leading
to static_assert failures:
In file included from hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:33:
In file included from hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:20:
hardware/interfaces/keymaster/3.0/vts/functional/keymaster_tags.h:257:5: error: static_assert failed "Authorization other then TagType::BOOL take exactly one parameter."
static_assert(tag_type == TagType::BOOL || (sizeof...(args) == 1),
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:213:19: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::Authorization<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA, char *, unsigned long>' requested here
push_back(Authorization(tag, std::forward<Value>(val)...));
^
hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:245:9: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSet::push_back<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
push_back(ttag, std::forward<ValueType>(value)...);
^
hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:3426:35: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSetBuilder::Authorization<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
^
Bug: http://b/111067277
Test: builds
Change-Id: I3d70fb5a41db16cc9dff50364cd793e0c3510ed0
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.
Test: Patches the strongbox tests
Bug: 112189538
Bug: 119172331
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
(cherry picked from commit 88a376b0a0)
Invalid and unknown tags were treated as zero size but they where still
counted as entry. This lead to invalid tags being persisted. When
Serialized blobs were used to cache key characteristics, these invalid
tags were send to clients of keystore. However, the serialization cannot
cope with invalid tags.
Bug: 119414176
Test: Successfully used the Skype app which triggered the problem
Change-Id: Ia46ac4a16395db3d10f93d3722eda69d523db478
hidl_vec objects that do not own their associated buffer are highly
unsafe in multithreaded environments where move semantic is used to
transfer ownership between threads. With keystore transitioning to a
multi threaded execution model we can no longer use this optimization
safely.
Bug: 111443219
Test: Ran full keystore cts test suite.
Change-Id: I9a366fc7df5dfee508dc092855545963ef6d9665
* Added missing Tag::HARDWARE_TYPE and Tag::TRUSTED_CONFIRMATION_REQUIRED
* Made AuthorizationSet::hidl_data() safer to use.
hidl_data() initializes a hidl_vec with the internal data of
std::vector using setToExternal and returns it by value. This means
the returned temporay does not own the buffer which has the life cycle
of the AuthorizationSet. This is fine if passed as parameter to a
function where it is bound to a cont reference. But if the temporary
gets assigned to something with longer life cycle move semantics kicks
in and the buffer is now tracked by something with a longer life
cycle. This patch marks the returned temporary const, so that it can
no longer be moved. It can still be bound to a const reference, but
when assigned to a variable it must get copied.
* Add Filter function to AuthorizationSet.
Bug: 111443219
Test: KeyStore CTS tests
Change-Id: I4744b7c87d01fbd905c3afb8ebeefba93605994b
With this patch the attestation tests use the attested to key to sign a
message and use the public key in the attestation certificate to verify
the signature. Thereby tripping up over malformed public keys.
Bug: 118372436
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I4ce75c689cd5b6bb04a56e283c1202501ee821c9
The underlying array may be cleaned up once its lifetime has ended,
the initializer_list would become ill-formed. Return as std::vector
instead.
This fixes "-Wreturn-stack-address" (clang) / "-Winit-list-lifetime"
(gcc) warning.
Test: mma
Bug: 111998531
Change-Id: Ie5bb6bc3d0d7689744fd573c5683b22e6fb6b178
Since Confirmation UI is optional for Strongbox
implementation, skipping the test.
Bug: 112189538
Test: This is an update to the vts test
Change-Id: Ie3485a1de92444b0c49670b198de30ea25e0673e
Signed-off-by: Max Bires <jbires@google.com>
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test. This CL
reverts that portion of the change.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Merged-In: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
(cherry picked from commit 0dba888612)
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Merged-In: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
(cherry picked from commit 4e006c2b92)
Strongbox is not required to support SHA-2 digests,
so skip the related tests.
Bug: 109771020
Merged-In: I5f877b2a1ac66026a876e145416ba078d486e4b5
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
(cherry picked from commit 8cec80be1f)
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Test: yes it is
Merged-In: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
(cherry picked from commit 7b75f015a7)
