On a bramble device, observed a crash in the VTS binary itself when
executing BoringSSL signature verification code locally (i.e. with no
KeyMaster interaction involved).
The crash call stack involves CFI checks, and seems to occur at the
point when some BoringSSL digest calculation code invokes a function
pointer.
- SHA1_Update passes &sha1_block_data_order to (inlined)...
- crypto_md32_update() which invokes the function pointer
via its block_func parameter.
Moving the BoringSSL dependency from static_libs: libcrypto_static to
shared_libs: libcrypto makes the crash go away, but a smaller change
that also fixes the problem is to disable CFI checks for the test
binary.
This approach was inspired by:
ab65cd0e89%5E%21/#F0
The same problem looks to be relevant for the bugs listed below.
Bug: 206496340
Bug: 206498742
Test: VtsHalKeymasterV4_0TargetTest --gtest_filter="*VerificationOperationsTest.RsaAllPaddingsAndDigests*"
Change-Id: I12b145dad5535846d68c97954d31a93123bb95e7
Transfer the fix in http://aosp/1745035 from the KeyMint VTS test back
into the keymaster VTS test.
Bug: 189261752
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5f0a69255cfe980dd6e71fa29ff06a84cb668f6d
Each VTS module is required to have OWNERS file. The ownership is based on
go/vts-owners. For more information about ownership policy, please visit
go/xts-owners-policy.
Test: Tree Hugger
Bug: 143903671
Change-Id: Ifdf098e6bd86abfbe4917beb20c3aff3abc9f150
Each VTS module is required to have OWNERS file. The ownership is based on
go/vts-owners. For more information about ownership policy, please visit
go/xts-owners-policy.
Test: Tree Hugger
Bug: 143903671
Change-Id: I4328efc697dafa313fd685f12d867006b8b332ee
Each VTS module is required to have OWNERS file. The ownership is based on
go/vts-owners. For more information about ownership policy, please visit
go/xts-owners-policy.
Test: Tree Hugger
Bug: 143903671
Change-Id: Iba4f8145d1d525f262a3c0634a5bbf7d4e499059
This reverts commit eb8b0577e8.
Reason for revert: Broke a different TEE implementation
Bug: 196922051
Change-Id: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
Merged-In: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.
Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: Ic0ff19d2d19d6e18dfbc0fad4b8182264f36b2f6
This reverts commit eb8b0577e8.
Reason for revert: Broke a different TEE implementation
Bug: 196922051
Change-Id: I9f136d237bd06bfe2a1cc29d11bb1fbe0b8ace5e
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.
Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: I1a27a0d61e5247ad90c8f5b1423f2a1567016bac
This change clarifies the language to specify that StrongBox devices
must only support key sizes of 128 and 256. Additionally, it changes the
new AesInvalidKeySize test to only enforce against StrongBox instances
on devices that launch on S or later, not previously launched devices.
Ignore-AOSP-First: CP to AOSP
Bug: 191736606
Test: Test passes on a StrongBox enabled device
Change-Id: I1a27a0d61e5247ad90c8f5b1423f2a1567016bac
Commit f18a8328a1 ("keymaster: Relax testing under GSI") disabled
some tag checks for devices running with GSI, but detected GSI by
looking for an absence of the ro.boot.vbmeta.device_state property.
This property is currently present on GSI, so instead detect GSI using
the existing is_gsi() helper, which checks ro.product.system.name
against "mainline".
Bug: 192513934
Test: atest VtsHalKeymasterV4_0TargetTest:PerInstance/AttestationTest
Merged-In: If3c7d84a9e091b9b0842e4d8919453600bc239ea
Change-Id: If3c7d84a9e091b9b0842e4d8919453600bc239ea
Commit f18a8328a1 ("keymaster: Relax testing under GSI") disabled
some tag checks for devices running with GSI, but detected GSI by
looking for an absence of the ro.boot.vbmeta.device_state property.
This property is currently present on GSI, so instead detect GSI using
the existing is_gsi() helper, which checks ro.product.system.name
against "mainline".
Bug: 192513934
Test: atest VtsHalKeymasterV4_0TargetTest:PerInstance/AttestationTest
Change-Id: If3c7d84a9e091b9b0842e4d8919453600bc239ea
Ignore-AOSP-First: manual merge to aosp/master to follow
Check that the various ATTESTATION_ID_* tags are included if they
have the correct value, and that keygen fails if they have an invalid
value.
Also fix the support libraries to add the missing fields to the ASN.1
schema and fix the existing ordering.
Bug: 190757200
Test: VtsHalKeymasterV4_1TargetTest, VtsHalKeymasterV4_0TargetTest
Merged-In: I11d28d71676d44ebdc79b25b2eb70947022bb1cf
Ignore-AOSP-First: to be cross-merged manually
Change-Id: I5e19880bbc9e2e667f1204bdc2247ae53a3dada7
Check that the various ATTESTATION_ID_* tags are included if they
have the correct value, and that keygen fails if they have an invalid
value.
Also fix the support libraries to add the missing fields to the ASN.1
schema and fix the existing ordering.
Bug: 190757200
Test: VtsHalKeymasterV4_1TargetTest, VtsHalKeymasterV4_0TargetTest
Change-Id: I11d28d71676d44ebdc79b25b2eb70947022bb1cf
Ignore-AOSP-First: to be cross-merged manually
Test the validity of the chain produced when device-unique attestation
is requested.
When the caller requests that the key attestation be signed using the
device-unique attestation key, the chain will look different than
a chain signed by the batch key (common case):
(1) The chain is exactly of length 2.
(2) The root is self-signed and is unique to the device.
Test that the chain is correctly signed in this change. The root is not
currently correctly self-signed, so don't test (2) yet.
Bug: 189425310
Bug: 187803288
Test: atest VtsHalKeymasterV4_1TargetTest:PerInstance/DeviceUniqueAttestationTest
Ignore-AOSP-First: Already merged in aosp
Merged-In: I91578eb2b7588685cc86c467423e9394c3f3c262
Change-Id: I7e83ba7c9c8c68b95b1456fb37bb5aa939c4e6f8
Test the validity of the chain produced when device-unique attestation
is requested.
When the caller requests that the key attestation be signed using the
device-unique attestation key, the chain will look different than
a chain signed by the batch key (common case):
(1) The chain is exactly of length 2.
(2) The root is self-signed and is unique to the device.
Test that the chain is correctly signed in this change. The root is not
currently correctly self-signed, so don't test (2) yet.
Bug: 189425310
Bug: 187803288
Test: atest VtsHalKeymasterV4_1TargetTest:PerInstance/DeviceUniqueAttestationTest
Change-Id: I91578eb2b7588685cc86c467423e9394c3f3c262
