Failed cases:
AttestationTest.RsaAttestation
AttestationTest.EcAttestation
Analysis:
The verify_attestation_record() in Keymaster_hidl_hal_test.cpp calls
parse_attestation_record() to set the value of att_challenge. It fails
to compare att_challenge with challenge by memcmp.
Because setToExternal() method uses buffer pointer to local variable
(record), not use memcpy to copy into itself buffer in
parse_attestation_record(). When it leaves the parse_attestation_record(),
we will get the att_challenge which is null buffer to compare with challenge
incorrectly.
Fix: use memcpy to copy the buffer.
Bug: 65039571
Test: build passed. VtsHalKeymasterV3_0Target -> PASSED: 106, FAILED: 0.
Change-Id: I700a9242cc9a5f4cb196b62860823601e4088531
KM0 supports only asymmetric encryption. And for those we cannot
distinguish between imported and generated keys.
This patch adds correct handling for KM0 origin tags.
Test: run vts test with wrapped km0 module from
system/security/softkeymaster
Bug: 67358942
Bug: 67363396
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I7f5ddd21dde284dbfbd68b3b83fb75c1457dbd59
Some RSA operation tests expect ErrorCode::INVALID_ARGUMENT
and others ErrorCode::INVALID_INPUT_LENGTH for the same
diagnosed syndrome, i.e., the input message was too long.
This patch relaxes the expectations on one of these tests
expecting ErrorCode::INVALID_INPUT_LENGTH, to also accept the
more consistent ErrorCode::INVALID_ARGUMENT.
Bug: 67358942
Bug: 67359132
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I573d3a01b052f0256611064f23ae791007cf7122
This patch adds swillden@ and jdanis@ as owners of keymaster/3.0/vts
and keymaster/3.0/default.
Test: No code changed
Change-Id: I04bc0f741e8fafd53aee7c9dd62954548b81263d
To prevent property name collisions between properties of system and
vendor, 'vendor.' prefix must be added to a vendor HAL service name.
You can see the details in http://go/treble-sysprop-compatibility.
Test: succeeded building and tested on a walleye device
Bug: 36796459
Change-Id: I4e8fbee791ec917a8f627a1366f4d44ec7e6febc
This test now statically links to libs not guaranteed to be on the
device.
Bug: 64040096
Test: vts-tradefed run commandAndExit vts --skip-all-system-status-check
--skip-preconditions --module VtsHalKeymasterV3_0Target
Change-Id: I6a7b8c116153f18f61a71e5b5bef98343a4de43b
Update the Android.bp generated with hidl-gen.
Test: build with and without BOARD_VNDK_VERSION=current
Bug: 63866913
Change-Id: I1a9db1df49e0f13c5790da2b118ae9ec63ba34a7
Allow HAL definition libs to be static.
Bug: 32920003
Bug: 64040096
Test: update-all-google-makefiles.sh
Change-Id: I1483d572bea6799717d1614fb7d52fe225e31104
A pair of tests that send corrupted data to keymaster were disabled
because they cause a reboot on Angler and Bullhead. Because VTS is not
being run on those devices, I'm enabling them.
Separately, I'm going to get this bug triaged as a security
vulnerability, which may result in a fix being forthcoming. As a simple
functional defect, the vendor refused to fix the old devices.
Bug: 33385206
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: I3bdea4e9756d3f77d54de09fd7ed2de04edeb1fd
This failure is also diagnosed by CTS, but it should be validated in VTS
as well.
Merged-In: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
Bug: 33945114
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
This failure is also diagnosed by CTS, but it should be validated in VTS
as well.
Bug: 33945114
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
Support for 256 bit RSA keys are not mandated by keymaster specs and
must not be used in the VTS tests.
Bug: 62581389
Change-Id: If315088db2752ac2efe31fdb95db7ca13c3ce225
The attestation version cannot be infered from the keymaster version
because we provide software attestation for legacy keymaster 1 keys.
This patch changes the attestation test to expect either attestation
version 1 or 2.
Bug: 37351644
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I4db83a543db20191d288b2ca8308aa6597cd8e22
DeleteKey may legitimately return ErrorCode::UNIMPLEMENTED rather than
ErrorCode::OK, but the VTS test didn't allow that in all cases. In many
case the return code was also left unchecked.
Test: adb shell/data/nativetest64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Bug: 62193967
Change-Id: I19a90a87850675b0700baf7409e57098e0584d54
Fix a build breakage by renaming libkeymaster to
libkeymaster_staging. fugu's vendor tree already had
a libkeymaster.so which masked system/keymaster/libkeymaster.
Bug: 37997750
Change-Id: Ie478726bf81e965be64fb913844b881064e9b66c
libkeyamster1 was split into libkeymaster and
libkeymaster_portable.
Also removed UniquePtr usage from keymaster hal.
Bug: 37467707
Test: keymaster vts test and keystore cts test
Change-Id: Ic660586d3d9cfd20022a9c694f276da89e796e5d
android.hidl.base@1.0 and android.hidl.manager@1.0 are built into libhidltransport.
Test: links
Bug: 33276472
Merged-In: I08aaad80f7e2fc262aa3a8b66fe932e8133a928d
Change-Id: I08aaad80f7e2fc262aa3a8b66fe932e8133a928d
android.hidl.base@1.0 and android.hidl.manager@1.0 are built into libhidltransport.
Test: links
Bug: 33276472
Change-Id: I08aaad80f7e2fc262aa3a8b66fe932e8133a928d
libkeyamster1 was split into libkeymaster and
libkeymaster_portable.
Test: keymaster vts test and keystore cts test
Change-Id: Ia117199f07f6d55d35b2ae781ebab62386006474
Keymaster 3.0 VTS test required that deleteKey returns
ErrorCode::OK even if the key blob parameter is invalid or garbage.
The rationale is that deleteKey shall have the invariant that
key blobs are unusable after the deleteKey call. If it was unusable
before, this invariant is upheld.
This patch makes the legacy wrapper for the Keymaster HAL translate
an ErrorCode::INVALID_KEY_BLOB retuned by the legacy delete_key to
ErrorCode::OK.
Bug: 37351644
Test: Manually run VtsHalKeymasterV3_0TargetTest with legacy keymaster
HAL installed (tested with sailfish)
Change-Id: Ib22c8b8e10334770a1d4a5570acf16c2c52a6c60
This is a follow-up to change I5a9fd839497976cdb1e44cbe4a2d5b7730732b4c,
where manufacturer and model were added to the set of attestable device
IDs.
Bug: 37522655
Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest
Change-Id: Ied4246f4fc490feb2093f04c268aab83c8e1326d
The keymaster service is required by vold which starts very early
during boot up. This leads to the dependency loop:
init->installkey->vdc->vold->keymaster-service->init
This patch resolves this issue by adding service keymaster to the class
early-hal which will get started right after hwservicemanager on devices
that get treble.
Bug: 35764921
Test: Device boots. And lshal shows that service keymaster has two
clients, keystore and vold.
Change-Id: Id0b6722de900b5513d46adb81d76b02fa6e155df
