Commit graph

502 commits

Author SHA1 Message Date
Steven Moreland
6d494b2346 Merge "Update hidl makefiles for bpfmt" am: ff0bd741ca
am: 96f40f7b02

Change-Id: Idbf030e4993067bdb8181321bca2de00c9b6f7ef
2019-04-18 14:34:45 -07:00
Steven Moreland
1ae4615d9f Update hidl makefiles for bpfmt
hidl-generated makefiles are now generated such that bpfmt(file) == file.

Bug: 67417008
Test: enable bpfmt hook
Change-Id: I1f69d292bc23a7cc293a66110cb02d597e1019ad
2019-04-17 09:38:50 -07:00
Max Bires
873d889730 Expanding VTS test coverage
Keymaster VTS test coverage on 4.0 was incomplete. This significantly
expands the coverage of the spec. The bugs listed are errors found that
these tests will cover, but are not indicative of the complete set of
things tested.

Test: atest VtsHalKeymasterV4_0TargetTest
Bug: 79953279
Bug: 119553313
Bug: 119541233
Bug: 119396995
Bug: 119542230
Bug: 119549128
Bug: 119549677
Bug: 122184852
Bug: 122261372
Change-Id: I42d78091b48398597bbebe1d9c91b806494ddf4c
(cherry picked from commit 8c0edf6c84)
2019-04-11 15:17:19 +00:00
Max Bires
8c0edf6c84 Expanding VTS test coverage
Keymaster VTS test coverage on 4.0 was incomplete. This significantly
expands the coverage of the spec. The bugs listed are errors found that
these tests will cover, but are not indicative of the complete set of
things tested.

Test: atest VtsHalKeymasterV4_0TargetTest
Bug: 79953279
Bug: 119553313
Bug: 119541233
Bug: 119396995
Bug: 119542230
Bug: 119549128
Bug: 119549677
Bug: 122184852
Bug: 122261372
Change-Id: I42d78091b48398597bbebe1d9c91b806494ddf4c
2019-04-08 10:18:32 -07:00
Eran Messeri
04a7045117 Test importing EC P-256 keys with multiple encodings
Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915
specification (which requires the curve OID in key in addition to the
wrapper) and the same key encoded using SEC1 (which allows omitting the
OID if it's known from the wrapper).

Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest
Bug: 124437839
Bug: 127799174
Bug: 129398850
Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3
Merged-In: I5f5df86e55a758ed739403d830baa5c7308813a3
2019-04-01 14:54:00 +01:00
TreeHugger Robot
300fc770e9 Merge "Test importing EC P-256 keys with multiple encodings" 2019-03-27 18:29:46 +00:00
Janis Danisevskis
f6f522c525 Merge "Fix strict weak ordering requirement of less than operation" am: e82263dd74 am: 36b364abfb
am: 22368369f7

Change-Id: I2301e7fec1c5c28516dafff483a8a0f2a2e00b0a
2019-03-26 09:34:44 -07:00
Janis Danisevskis
22368369f7 Merge "Fix strict weak ordering requirement of less than operation" am: e82263dd74
am: 36b364abfb

Change-Id: I7a97aaecd25f3a78a3f9508388a88ace9c97642e
2019-03-26 09:30:01 -07:00
Eran Messeri
68289f76f2 Test importing EC P-256 keys with multiple encodings
Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915
specification (which requires the curve OID in key in addition to the
wrapper) and the same key encoded using SEC1 (which allows omitting the
OID if it's known from the wrapper).

Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest
Bug: 124437839
Bug: 127799174
Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3
2019-03-26 12:01:03 +00:00
Janis Danisevskis
c7a8b863cd Keymaster support: Verbose vendor errors
Added function for verbosely logging Keymaster vendor errors.

Bug: 123562864
Test: atest android.keystore.cts
Change-Id: Ida093941d3b76b3d2e953439229081345909c16b
2019-03-20 16:13:53 +00:00
Janis Danisevskis
93c7276e3a Fix strict weak ordering requirement of less than operation
operator< on hidl_vec<uint8_t> violates strict weak ordering in the case
that one oparand is shorter that the other and the shorter is a prefix
of the longer.

if x and y are incomparable, i.e., neither x < y nor y < x and
   y and z are incomparable, i.e., neither y < z nor z < y, then
   x and z must be incomparable.
As for the current implementation the first two statements are true but
the third is not given the following example input:
x:="aa", y:="a", z:="ab".

This patch fixes the issue by defining a < b if a is a prefix of b.

As this relation is used in a std::sort algorithm which demands strict
weak ordering this bug leads to undefined behavior.

Change-Id: I4961bb35e2fd4f5fcf561ec0c7c536f81830aab8
2019-03-19 09:54:04 -07:00
Steven Moreland
7f4e21adda Merge "Update makefies: no 'types'" am: 4ee5ec1469 am: bab622f6a6
am: 7224bc9bcf

Change-Id: I434939e0770afa436c532a945542fce30a71ef7d
2019-03-04 16:05:59 -08:00
Steven Moreland
7224bc9bcf Merge "Update makefies: no 'types'" am: 4ee5ec1469
am: bab622f6a6

Change-Id: Iaeb7cc7ff2b16d610136c4a20a6a64884d563f68
2019-03-04 15:27:24 -08:00
Steven Moreland
a878aee9ab Update makefies: no 'types'
Bug: 123976090
Test: N/A
Change-Id: I30fb04c81889b62775e1b764b965fdb0f893de17
2019-03-04 11:27:17 -08:00
nagendra modadugu
31266a9780 [DO NOT MERGE] keymaster: add an EC attestation test
am: d0a5c1dda5

Change-Id: I797704e86fb125a0986c3fb658ddc9b86df3b9fe
2019-02-22 17:26:13 -08:00
nagendra modadugu
d0a5c1dda5 [DO NOT MERGE] keymaster: add an EC attestation test
Add a test that creates an EC key by
using key-bits (rather than curve-id),
and check that the attestation message
corresponds to key characteristics.

Bug: 122375834
Bug: 119542230
Test: VTS passes
Change-Id: Iad6ff2ca90a951124940943f2484f9fb9f813a19
2019-02-22 13:33:03 -08:00
Sasha Smundak
791b843bcb Merge "Explicitly include log/log.h or android/log.h instead of cutils/log.h" am: b5db125860 am: 4a1f714ed0
am: 1e45903dd5

Change-Id: I1a54776b7560154304573a8cd3dfeae5babf43e5
2019-02-01 13:22:37 -08:00
Sasha Smundak
769c053d7c Explicitly include log/log.h or android/log.h instead of cutils/log.h
Eliminates the warning.
Test: treehugger

Bug: 123758136
Change-Id: Ibe50261efc18d659a10129977342bc765a9ba9d5
2019-02-01 10:52:09 -08:00
Baranidharan Muthukumaran
43d64bbee6 Merge "Fix KM VTS tests for Strongbox implementations" into pie-vts-dev
am: c08c73653a

Change-Id: Ic8b48ca2afb2d942182043281836927698966874
2019-01-09 12:10:41 -08:00
Yi Kong
a574ede20b Merge "Suppress null-dereference warning" am: 3b7ecd55f8 am: 86f9078b54
am: 1633275bb7

Change-Id: I43f5feaf279921c4dc0adc98afc9c5f528c01fcc
2019-01-08 20:33:47 -08:00
Yi Kong
45cb85f8c0 Suppress null-dereference warning
It is unclear whether author intentionally meant to cause segfault here.
While waiting for the author to explain/fix the code, suppress the
warning to unblock enabling the warning globally.

Test: m checkbuild
Bug: 121390225
Change-Id: Iad03842833cfdc243404a32f6b31d161387c3890
2018-12-21 14:52:47 -08:00
Keun Soo YIM
68ae05dd2d pack VTS cc_test binaries as general-tests
Test: make general-tests
Bug: 120093339
Merged-In: I363450d205868f900e4925ccff1430e2a569f2a4
Change-Id: I363450d205868f900e4925ccff1430e2a569f2a4
2018-12-07 10:49:56 -08:00
Keun Soo Yim
868c0694bb Merge "pack VTS cc_test binaries as general-tests" 2018-11-28 21:20:36 +00:00
Elliott Hughes
8009b3ccce Merge "C++17 compatibility: add a non-const char* overload." am: f919d0a0b8 am: 9ef0004adc
am: 6464114f34

Change-Id: If291303fec3c252f90a119431c6124d81ec46b2d
2018-11-27 17:15:05 -08:00
Keun Soo YIM
ff84c37bc1 pack VTS cc_test binaries as general-tests
Test: make general-tests
Bug: 120093339
Change-Id: I363450d205868f900e4925ccff1430e2a569f2a4
2018-11-27 16:11:41 -08:00
Elliott Hughes
d9de6aa270 C++17 compatibility: add a non-const char* overload.
C++17 adds a non-const std::basic_string::data, so non-const std::strings in the
test are `char*` and the const std::strings are `const char*`. See
https://en.cppreference.com/w/cpp/string/basic_string/data for details.

Without adding the non-const overload, the varargs overload is preferred, leading
to static_assert failures:

  In file included from hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:33:
  In file included from hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:20:
  hardware/interfaces/keymaster/3.0/vts/functional/keymaster_tags.h:257:5: error: static_assert failed "Authorization other then TagType::BOOL take exactly one parameter."
  static_assert(tag_type == TagType::BOOL || (sizeof...(args) == 1),
  ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:213:19: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::Authorization<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA, char *, unsigned long>' requested here
  push_back(Authorization(tag, std::forward<Value>(val)...));
  ^
  hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:245:9: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSet::push_back<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
  push_back(ttag, std::forward<ValueType>(value)...);
  ^
  hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:3426:35: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSetBuilder::Authorization<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
  AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
  ^

Bug: http://b/111067277
Test: builds
Change-Id: I3d70fb5a41db16cc9dff50364cd793e0c3510ed0
2018-11-27 16:40:33 +00:00
Baranidharan Muthukumaran
3f127ca4d1 Fix KM VTS tests for Strongbox implementations
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.

Test: Patches the strongbox tests
Bug: 112189538
Bug: 119172331
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
(cherry picked from commit 88a376b0a0)
2018-11-20 21:23:19 +00:00
Janis Danisevskis
679515f5c7 Merge "Removed unsafe use of hidl_vec<>.setToExternal" am: 91a01c5cfc am: 7b5b901b62
am: 6ad8d58110

Change-Id: Ia00aa483e97481b350f0e6f9e5138d46c84e7755
2018-11-15 05:55:17 -08:00
Janis Danisevskis
91a01c5cfc Merge "Removed unsafe use of hidl_vec<>.setToExternal" 2018-11-15 01:19:10 +00:00
Janis Danisevskis
53e3336c22 Merge "keymaster: fix authorization set serialization" am: 0cad4822d5 am: fd62cdf4b1
am: 1b46ee35a6

Change-Id: I96161538ba7fd7821db425fcf6de53a970514722
2018-11-13 17:32:33 -08:00
Janis Danisevskis
8f45a1c5c3 keymaster: fix authorization set serialization
Invalid and unknown tags were treated as zero size but they where still
counted as entry. This lead to invalid tags being persisted. When
Serialized blobs were used to cache key characteristics, these invalid
tags were send to clients of keystore. However, the serialization cannot
cope with invalid tags.

Bug: 119414176
Test: Successfully used the Skype app which triggered the problem
Change-Id: Ia46ac4a16395db3d10f93d3722eda69d523db478
2018-11-13 13:21:30 -08:00
Janis Danisevskis
7f3995f7f5 Merge "authorization_set.cpp: relax serialization of unknown tags" am: 949ab7dbb9 am: eba18e906f
am: bb222282d5

Change-Id: Ie59897dbe8e3fc0b9812067da2dded2233f57289
2018-11-12 17:48:26 -08:00
Janis Danisevskis
28a6b79f4b authorization_set.cpp: relax serialization of unknown tags
Bug: 119414176
Change-Id: I16722f2a2b1a00a352322c603d2bf18a996d6ee7
2018-11-12 12:06:32 -08:00
Janis Danisevskis
50b4d3b5d8 Various fixes for async keystore. am: 2ecd6597f3 am: 2116843b17
am: 5acd9002ab

Change-Id: I7be81b6b9427abb16f53989361d1ff24aa68f1e8
2018-11-09 13:16:15 -08:00
Janis Danisevskis
9c41221206 Removed unsafe use of hidl_vec<>.setToExternal
hidl_vec objects that do not own their associated buffer are highly
unsafe in multithreaded environments where move semantic is used to
transfer ownership between threads. With keystore transitioning to a
multi threaded execution model we can no longer use this optimization
safely.

Bug: 111443219
Test: Ran full keystore cts test suite.
Change-Id: I9a366fc7df5dfee508dc092855545963ef6d9665
2018-11-09 10:49:55 -08:00
Janis Danisevskis
2ecd6597f3 Various fixes for async keystore.
* Added missing Tag::HARDWARE_TYPE and Tag::TRUSTED_CONFIRMATION_REQUIRED
* Made AuthorizationSet::hidl_data() safer to use.
  hidl_data() initializes a hidl_vec with the internal data of
  std::vector using setToExternal and returns it by value. This means
  the returned temporay does not own the buffer which has the life cycle
  of the AuthorizationSet. This is fine if passed as parameter to a
  function where it is bound to a cont reference. But if the temporary
  gets assigned to something with longer life cycle move semantics kicks
  in and the buffer is now tracked by something with a longer life
  cycle. This patch marks the returned temporary const, so that it can
  no longer be moved. It can still be bound to a const reference, but
  when assigned to a variable it must get copied.
* Add Filter function to AuthorizationSet.

Bug: 111443219
Test: KeyStore CTS tests
Change-Id: I4744b7c87d01fbd905c3afb8ebeefba93605994b
2018-11-07 11:32:03 -08:00
Janis Danisevskis
78e8f44b7c Test for malformed modulus in attestation cert
With this patch the attestation tests use the attested to key to sign a
message and use the public key in the attestation certificate to verify
the signature. Thereby tripping up over malformed public keys.

Bug: 118372436
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I4ce75c689cd5b6bb04a56e283c1202501ee821c9
2018-10-24 13:40:50 +00:00
Chih-Hung Hsieh
8cca54bec0 Add noexcept to move constructors and assignment operators.
am: 19a5da4c13

Change-Id: Ib5b417deddc9af28a2de012e379f55d869053ec4
2018-10-01 16:13:05 -07:00
Chih-Hung Hsieh
19a5da4c13 Add noexcept to move constructors and assignment operators.
Bug: 116614593
Test: build with WITH_TIDY=1
Change-Id: Ib50ced82d650737cf99a9757133119945a3409f3
2018-10-01 20:30:38 +00:00
Rob Barnes
57ba8d23ee Fixed minor comment typos in IKeymasterDevice.hal
am: 2c46b2e3b8

Change-Id: I540e52241d5096d5fbff8ccce26ed498eaa9036d
2018-09-26 14:40:18 -07:00
Rob Barnes
2c46b2e3b8 Fixed minor comment typos in IKeymasterDevice.hal
Test: 'make checkbuild' finished successfully.
Change-Id: I4ceb39475fff176bfcd57e10335aa1af64849739
2018-09-26 06:10:20 +00:00
Yi Kong
fa8dfc724e Merge "Don't use initializer_list as return type"
am: 9c6b9bf7c3

Change-Id: Ided6c9a8952938912bf036b4c83544a568088e42
2018-09-24 14:32:46 -07:00
Yi Kong
7392175ccd Don't use initializer_list as return type
The underlying array may be cleaned up once its lifetime has ended,
the initializer_list would become ill-formed. Return as std::vector
instead.

This fixes "-Wreturn-stack-address" (clang) / "-Winit-list-lifetime"
(gcc) warning.

Test: mma
Bug: 111998531
Change-Id: Ie5bb6bc3d0d7689744fd573c5683b22e6fb6b178
2018-09-21 15:36:57 -07:00
Roberto Pereira
fdea589ea0 keymaster 3.0: make service use nobody as user and remove system group
am: 848607a121

Change-Id: Ib91c3acfb7ba8c0bd6b4864dedb7c92e09f5f8d2
2018-09-10 14:44:54 -07:00
Roberto Pereira
848607a121 keymaster 3.0: make service use nobody as user and remove system group
Only the drmrpc group is necessary

Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I2be255215df827c9f17ecaffcb9d0ba402dd3405
2018-09-10 12:44:42 -07:00
Baranidharan Muthukumaran
65b9c173ea Skip NoUserConfirmation VTS test for Strongbox
am: 709aa5f453

Change-Id: I6dff83b19396fcf599cb8f3be235124d0073beaf
2018-09-06 21:14:02 -07:00
Baranidharan Muthukumaran
709aa5f453 Skip NoUserConfirmation VTS test for Strongbox
Since Confirmation UI is optional for Strongbox
implementation, skipping the test.

Bug: 112189538
Test: This is an update to the vts test
Change-Id: Ie3485a1de92444b0c49670b198de30ea25e0673e
Signed-off-by: Max Bires <jbires@google.com>
2018-09-07 02:37:12 +00:00
Baranidharan Muthukumaran
3f200e078e Merge "Fix KM VTS tests for Strongbox implementations"
am: d6b4242d52

Change-Id: I52cd833dfa2c8cc4fb130544f5cb5d35217a0fc4
2018-09-04 03:55:02 -07:00
Treehugger Robot
d6b4242d52 Merge "Fix KM VTS tests for Strongbox implementations" 2018-09-04 10:44:18 +00:00
Eran Messeri
8ee59f2aa6 Merge "Fixing Keymaster documentation." into pie-vts-dev
am: 33f7970672

Change-Id: I0bd196af03f96817cbd23620b109e7665456f586
2018-08-29 01:11:55 -07:00
Shawn Willden
f7c0a7938d Change ImportWrappedKeyTest back to SHA1
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test.  This CL
reverts that portion of the change.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Merged-In: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
(cherry picked from commit 0dba888612)
2018-08-28 15:19:40 -07:00
Shawn Willden
0b166a2daf Require keymaster4 attestations to contain the right version.
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Merged-In: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
(cherry picked from commit 4e006c2b92)
2018-08-28 15:19:03 -07:00
nagendra modadugu
913053419e keymaster: skip SHA2 digest tests for strongbox
Strongbox is not required to support SHA-2 digests,
so skip the related tests.

Bug: 109771020
Merged-In: I5f877b2a1ac66026a876e145416ba078d486e4b5
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
(cherry picked from commit 8cec80be1f)
2018-08-28 15:18:32 -07:00
nagendra modadugu
8414fb8556 keymaster: spec does not require that update produce output
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.

Bug: 109771020
Test: yes it is
Merged-In: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
(cherry picked from commit 7b75f015a7)
2018-08-28 15:17:31 -07:00
Shawn Willden
e1e08f8dde Fix attestation test.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Merged-In: Ibe264d08ae7b3333a6949761a92759f5305b3fcb
Change-Id: Ibe264d08ae7b3333a6949761a92759f5305b3fcb
(cherry picked from commit d898d0a422)
2018-08-28 15:16:58 -07:00
Eran Messeri
ff29edcc71 Fixing Keymaster documentation.
Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.

Test: N/A
Bug: 78104779
Merged-In: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
(cherry picked from commit ae8da1b70a)
2018-08-28 15:08:39 -07:00
Baranidharan Muthukumaran
88a376b0a0 Fix KM VTS tests for Strongbox implementations
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.

Test: Patches the strongbox tests
Bug: 112189538
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
2018-08-28 10:58:49 -07:00
Shawn Willden
d033196431 Change ImportWrappedKeyTest back to SHA1
am: ad5b5ff2f0

Change-Id: Ia36eb6dd3aa4a07b5a72291c81de6e0cede202af
2018-08-17 09:14:47 -07:00
Shawn Willden
a795d5e3e7 Require KM4 attestations contain the right version
am: 0f2b0966c6

Change-Id: I04801fc26713513d8d39a836e30545e148fd1f50
2018-08-17 09:14:39 -07:00
nagendra modadugu
95f20ea7c5 keymaster: skip SHA2 digest tests for strongbox
am: 7194604cd8

Change-Id: Id44ef77aea880dd565a1a8e466f6ac2e1c98047f
2018-08-17 09:14:31 -07:00
Shawn Willden
ad5b5ff2f0 Change ImportWrappedKeyTest back to SHA1
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test.  This CL
reverts that portion of the change.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Bug: 80246122
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
2018-08-17 06:58:32 -06:00
Shawn Willden
0f2b0966c6 Require KM4 attestations contain the right version
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Bug: 80246122
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
2018-08-17 06:58:12 -06:00
nagendra modadugu
7194604cd8 keymaster: skip SHA2 digest tests for strongbox
Strongbox is not required to support SHA-2 digests,
so skip the related tests.

Bug: 109771020
Bug: 80246122
Test: This is the test
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
2018-08-17 06:58:12 -06:00
nagendra modadugu
683bd5d1b9 keymaster spec doesn't require update to output
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.

Bug: 109771020
Bug: 80246122
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
2018-08-17 06:57:28 -06:00
Shawn Willden
7b00c75643 Fix attestation test.
Bug: 77588764
Bug: 80246122
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ibe264d08ae7b3333a6949761a92759f5305b3fcb
2018-08-17 06:51:06 -06:00
Shawn Willden
66efa86145 Handle software keymaster implementations.
am: 1404b6e8b0

Change-Id: Ia054c30244e989cf60e3abb81304ed9fed0b2fbf
2018-08-15 15:29:30 -07:00
Shawn Willden
1404b6e8b0 Handle software keymaster implementations.
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I0ca923fab3e312c576abc2f51f6dd28482176db7
2018-08-15 12:13:34 -06:00
Hung-ying Tyan
3c07de32fc Fix free() in keymaster VTS
am: 555cb5e13b

Change-Id: Ida0db54bf04cc81b8dfe218f4e2835e59947e6b7
2018-08-10 14:31:03 -07:00
nagendra modadugu
4fce12f113 Respect limited requirements for Strongbox KM implementations
am: bbe9263f85

Change-Id: I16e0071a70b1ab5bc4317b608b36c8eeef559c58
2018-08-10 14:30:49 -07:00
Hung-ying Tyan
555cb5e13b Fix free() in keymaster VTS
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().

The patch is provided by vink.shen@mediatek.corp-partner.google.com

Bug: 109708231
Test: build pass
Merged-In: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
(cherry picked from commit 79db3ec849)
2018-08-10 00:48:32 +00:00
nagendra modadugu
bbe9263f85 Respect limited requirements for Strongbox KM implementations
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.

Also amend tests to use Update().

Test: Yes it is
Bug: 74519020
Merged-In: Ibec9c3398671f81dbc0ecf78e554726276160579
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
(cherry picked from commit 3a7e2cade3)
2018-08-10 00:48:11 +00:00
Shawn Willden
0dba888612 Change ImportWrappedKeyTest back to SHA1
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test.  This CL
reverts that portion of the change.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
2018-08-06 17:23:23 -06:00
Shawn Willden
4e006c2b92 Require keymaster4 attestations to contain the right version.
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
2018-08-02 21:01:10 +00:00
nagendra modadugu
8cec80be1f keymaster: skip SHA2 digest tests for strongbox
Strongbox is not required to support SHA-2 digests,
so skip the related tests.

Bug: 109771020
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
2018-07-23 11:25:00 -07:00
Eran Messeri
f1aa9d6b88 Merge "Fixing Keymaster documentation." into pi-dev
am: 897b56e2a8

Change-Id: I2089c6a5ca411b95b9e925e92999d246d4240b5f
2018-06-29 04:00:40 -07:00
TreeHugger Robot
897b56e2a8 Merge "Fixing Keymaster documentation." into pi-dev 2018-06-29 10:57:17 +00:00
nagendra modadugu
c7d39cf9ac Merge "keymaster: spec does not require that update produce output" into pi-dev
am: 409b5fd5fb

Change-Id: Ieb194a3116abcfee249c2033ed346aa7151fc26c
2018-06-26 17:05:10 -07:00
TreeHugger Robot
409b5fd5fb Merge "keymaster: spec does not require that update produce output" into pi-dev 2018-06-26 23:57:01 +00:00
nagendra modadugu
7b75f015a7 keymaster: spec does not require that update produce output
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.

Bug: 109771020
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
2018-06-26 15:44:36 -07:00
Shawn Willden
0804bb0cfc Merge "Fix attestation test." into pi-dev
am: be04f192e9

Change-Id: I276a5f18b35b5923590ab2c5f6d9688bd06d05bd
2018-06-25 16:47:51 -07:00
Shawn Willden
d898d0a422 Fix attestation test.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ibe264d08ae7b3333a6949761a92759f5305b3fcb
2018-06-25 06:36:02 -06:00
Eran Messeri
ae8da1b70a Fixing Keymaster documentation.
Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.

Test: N/A
Bug: 78104779
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
2018-06-21 20:35:45 +01:00
Janis Danisevskis
fdaab3d2a7 Merge "Relax HMAC computation check" into pi-dev
am: b6093dccf0

Change-Id: I205cf45af3e58028c120c2a118dd9dd6509e0bad
2018-06-20 15:36:46 -07:00
Janis Danisevskis
b6093dccf0 Merge "Relax HMAC computation check" into pi-dev 2018-06-20 22:32:13 +00:00
Janis Danisevskis
a1c4e0ec5d Relax HMAC computation check
This KM4 key agreement check is causing some pain on early units
that aren't completely provisioned in both locked and non-Green
(unlocked) states.

This doesn't impact KM3 devices (Pixel 2016/2017 etc.)

Bug: 110301629
Change-Id: I5a737ac8a335863b1099c29cf3c0496adeb41e15
2018-06-20 05:25:22 +00:00
nagendra modadugu
69242ea30b Merge "Respect limited requirements for Strongbox KM implementations" into pi-dev
am: 17be71d397

Change-Id: I16bde9c0defeb971cba8684c021a331a59b7937f
2018-06-18 10:32:22 -07:00
nagendra modadugu
3a7e2cade3 Respect limited requirements for Strongbox KM implementations
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.

Also amend tests to use Update().

Test: Yes it is
Bug: 74519020
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
2018-06-18 09:20:56 -07:00
Hung-ying Tyan
e874dd7741 Fix free() in keymaster VTS
am: 79db3ec849

Change-Id: Ib555c571fb5aede39c7f1f9418a91f24b193c5a8
2018-06-10 21:58:19 -07:00
Xin Li
27353e7065 Merge pi-dev-plus-aosp-without-vendor into stage-aosp-master
Bug: 79597307
Change-Id: Ifa37597ef6090bfbf1b41307a60cf65cfa1f563d
2018-06-08 11:07:51 -07:00
Shawn Willden
fddc15e1ec Merge "Fix bug in VTS attestation cert verification." am: 636650bd84
am: 03a2fcd89f

Change-Id: I1270383112047ab90d87bee4a483a91bb9093090
2018-06-08 06:11:43 -07:00
Treehugger Robot
636650bd84 Merge "Fix bug in VTS attestation cert verification." 2018-06-08 13:00:19 +00:00
Hung-ying Tyan
79db3ec849 Fix free() in keymaster VTS
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().

The patch is provided by vink.shen@mediatek.corp-partner.google.com

Bug: 109708231
Test: build pass
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
2018-06-08 17:53:48 +08:00
TreeHugger Robot
8bac8dcba5 Merge "Minor corrections to the Keymaster4 documentation." into pi-dev 2018-05-31 16:49:10 +00:00
Shawn Willden
5b60a1b72e Minor corrections to the Keymaster4 documentation.
Gramatical and punctuation corrections; addition of missing
userSecureId to AuthorizationList schema and removal of extraneous
rollbackResistant from same; correction of OS_PATCHLEVEL source
property; and addition of missing TAG_UNLOCKED_DEVICE_REQUIRED
documentation.

Bug: 69550260
Test: N/A
Change-Id: I04092b7df3af69201ba1467cddc09f6f44e861a8
2018-05-30 16:20:48 -06:00
Shawn Willden
8d815f659d Fix default keymaster so it doesn't start an extra thread.
Bug: 80102279
Bug: 80251973
Test: N/A; this keymaster exists only for policy compliance. It's never used.
Change-Id: I45f0eefd9abdd02f6774aa52f238040510c5d62c
2018-05-24 20:52:11 +00:00
TreeHugger Robot
1f74538cdb Merge "Move Keymaster docs into HAL" into pi-dev 2018-05-24 02:11:43 +00:00
Shawn Willden
b20a5dd5d9 Move Keymaster docs into HAL
Bug: 69550260
Test: N/A
Change-Id: Ib135e4e4060f3a89480f6784b30e9008126b3b76
2018-05-23 18:26:42 -06:00
Shawn Willden
6dad2b3a4b Activate HMAC sharing check.
This had to be disabled because Qualcomm's keymaster4 returned a bad
value.

Bug: 77588764
Bug: 79698245
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ieb150d7f17c36f01acf2eeb665792594251b51ae
2018-05-23 05:44:42 -06:00
Steven Moreland
913c071391 Update comments for doc comments.
Doc comments look like "/** ... */" and they
can only be in certain places.

Bug: 79865343
Test: m
Change-Id: Ic15c08ff7dc6e4f9827c1dbe7f7236c11a572ec1
Merged-In: Ic15c08ff7dc6e4f9827c1dbe7f7236c11a572ec1
2018-05-21 14:36:29 -07:00
Steven Moreland
4ee4582230 Update comments for doc comments.
Doc comments look like "/** ... */" and they
can only be in certain places.

Bug: 79865343
Test: m
Change-Id: Ic15c08ff7dc6e4f9827c1dbe7f7236c11a572ec1
2018-05-18 10:10:32 -07:00
Shawn Willden
f0f05d4052 Add utility method to perform HMAC agreement
To make it easier for clients (vold & keystore) to perform key
agreement, this CL adds a service method that does it.  To make key
agreement consistent, this method sorts the HMAC sharing parameters
lexicographically.  The requirement for sorting is documented in the
HAL.

Test: Boot device
Bug: 79307225
Bug: 78766190
Change-Id: Idb224f27f8e4426281d9a0105605ba22bf7c7e95
2018-05-10 18:28:51 -06:00
Shawn Willden
44dc86edf8 Fix bug in VTS attestation cert verification.
Keymaster VTS is failing to verify that the last certificate in the
chain is self-signed.  CTS and GTS tests verify this, but it should be
validated at this level as well.

Bug: 79123157
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I5ff33fc8186182c2cf8d43d90cd59f89ce45d416
2018-05-04 16:15:06 +00:00
Brian C. Young
9fca9719a3 Remove superfluous test
This test was added on a bad assumption about the behavior of the
keymaster spec, and is now being removed.

Test: VTS
Bug: 77307569
Change-Id: Iac2f6f45ea1816505ff3b47bbdc548ff1161c96b
2018-04-11 12:38:52 -07:00
Shawn Willden
86a33acfce Correct bug in HmacKeySharingTest
The key sharing test modified the seed in an invalid way.

Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I0b2ac90397a3f23258ebd4dddc5f6043af7b1600
2018-04-09 14:16:38 -06:00
Shawn Willden
44f8b71874 Correct import wrapped key golden keys.
The golden test keys didn't include TAG_NO_AUTH_REQUIRED, which causes
them to be rejected by strictly compliant implementations.

Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5157537e5407618ddc37debf00486977abb00f99
2018-04-04 21:35:11 +00:00
TreeHugger Robot
a71ab794a6 Merge "Correct TripleDes tests." into pi-dev 2018-04-04 21:31:25 +00:00
Shawn Willden
08839105dc Correct TripleDes tests.
The TripleDes tests failed to set TAG_NO_AUTH_REQUIRED, which causes
operations to be rejected by strictly compliant implementations.

Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I25cd5ec0ccede2b148f5da4566b8e1e20e8edbde
2018-04-04 21:31:22 +00:00
nagendra modadugu
9c36c91945 keymaster: provide instance name to getService()
Bug: 38430282
Test: VtsHalKeymasterV3_0TargetTest pass with exception
  of (AesEcbWithUserId, RsaAttestation, EcAttestation)
  which are expected failures.

Change-Id: I48e7195f512190deb608f1a69783c92254eef1aa
2018-03-30 18:31:35 -07:00
Brian Young
3f48322658 Add "Unlocked device required" key API
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.

This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.

Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed

Bug: 67752510

Merged-In: Id19d19b19532ac8d4c52aad46a954faa4515289d
Change-Id: Id19d19b19532ac8d4c52aad46a954faa4515289d
(cherry picked from commit 1840be6d35)
2018-03-28 08:38:56 -07:00
nagendra modadugu
a63596436b Remove DES 112 tests, and speed up RSA keygen
Only DES3 is supported (168-bit), so remove
tests for 112-bit DES.

Also replace the RSA public exponent 3, with
65537 in most tests so that RSA key generation
is faster.

Change-Id: I9958df81fe46d752d82072dc6c7effa34b2921a8
2018-03-01 17:26:12 -08:00
Brian Young
f67e953919 Revert "Restore "Add "Unlocked device required" parameter to keys""
This reverts commit 97e02689d9.

Reason for revert: Regression in creating auth-bound keys

Bug: 73773914

Bug: 67752510

Change-Id: I8ccba28580099c4c533f53b0be92f1d607ce63c6
2018-02-23 01:31:40 +00:00
Brian C. Young
97e02689d9 Restore "Add "Unlocked device required" parameter to keys"
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.

This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.

This reverts commit 95b60a0f41.

Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed

Bug: 67752510

Change-Id: I2893c23ab173ff5c39085d56b555e54770900cbc
2018-02-15 11:19:40 -08:00
Zhuoyao Zhang
bc02ee16e4 Merge "Convert keymaster hal test to use VtsHalHidlTargetTestEnvBase" am: eeeaaf5589 am: 6e4263fa6b
am: 75cfb6b035

Change-Id: I5a2b49315d74cc53b6205346e39d953826a15dab
2018-02-12 17:51:39 +00:00
Zhuoyao Zhang
14ab40b9e7 Convert keymaster hal test to use VtsHalHidlTargetTestEnvBase
Bug: 64203181
Test: make vts
      vts-tradefed run vts -m VtsHalKeymasterV3_0Target

Change-Id: I6f245996749a53418b71f516ba782fe9d4321501
2018-02-10 12:40:25 -08:00
Jorim Jaggi
62df80180b Merge "Revert "Add "Unlocked device required" parameter to keys"" 2018-01-30 15:36:28 +00:00
Brian Young
95b60a0f41 Revert "Add "Unlocked device required" parameter to keys"
This reverts commit 5fe872413b.

Reason for revert: Build breakages on elfin, gce_x86_phone.

Bug: 72679761
Bug: 67752510
Change-Id: I2857b2a9b6ff26735bd4989a36c5e5deb4953904
2018-01-30 15:31:19 +00:00
TreeHugger Robot
ea52a4d3b8 Merge "Add "Unlocked device required" parameter to keys" 2018-01-29 23:16:02 +00:00
Shawn Willden
98b998b59a Support library enhancements, to ease transition of vold to KM4
Keymaster clients need to see all the available devices and figure out
which they want to use.  This method finds them all and returns them
in a vector sorted from most secure to least, according to a heuristic
defined in Keymaster::VersionResult::operator<

This CL also makes a few other minor improvements to the support
library, providing more information in VersionResult and adding some
more convenience methods in AuthorizationSetBuilder.

Test: Build & boot
Change-Id: I876238ee9ff72573c30d60e1cec665dd610bcde6
2018-01-25 22:38:56 -07:00
Brian C. Young
5fe872413b Add "Unlocked device required" parameter to keys
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.

This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.

Test: go/asym-write-test-plan

Bug: 67752510

Change-Id: I466dfad3e2e515c43e68f08e0ec6163e0e86b933
2018-01-25 10:18:21 -08:00
TreeHugger Robot
406406fb90 Merge changes from topic "tui_keystore"
* changes:
  Add Trusted Confirmation support to Keymaster HAL.
  Sort tags in keymaster_tags.h alphabetically
2018-01-25 17:31:38 +00:00
Shawn Willden
129629bde4 Add Trusted Confirmation support to Keymaster HAL.
Bug: 63928580
Test: VtsHalKeymasterV4_0TargetTest

Change-Id: I402be6f182f7f375493334d5e000fec23f3551f6
2018-01-24 10:19:10 -08:00
Janis Danisevskis
83509cd758 Sort tags in keymaster_tags.h alphabetically
Test: No functional changes
Change-Id: I49c5632b5dae1f24634e99eb71a9471e91275fbd
2018-01-24 10:19:10 -08:00
Steven Moreland
12372db498 Merge "Update makefiles." 2018-01-23 22:37:32 +00:00
Steven Moreland
5d1e41a8fd Update makefiles.
Bug: N/A
Test: N/A
Change-Id: Idb1d74aeed9b82ca6568c76f35552f3fcc894239
2018-01-23 19:44:19 +00:00
Shawn Willden
b9be9ded26 Add support for BOOT and VENDOR patch levels to keymaster.
Bug: 68250869
Test: Manual.  VTS testing is not possible.
Change-Id: Ifa2025ce31592dbeb274ee3a2c300a7de416ae1f
2018-01-23 10:21:06 -07:00
TreeHugger Robot
af4d761cf5 Merge "Add additional parameters to importWrappedKey" 2018-01-22 20:18:17 +00:00
TreeHugger Robot
e541981ac2 Merge "Add VerificationToken tests." 2018-01-20 03:25:18 +00:00
Shawn Willden
8d28efa9b8 Add additional parameters to importWrappedKey
Bug: 31675676
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I31166d0c562d92bbdcf3357782ac2a076a1bc2d9
2018-01-19 20:09:05 -07:00
Shawn Willden
4fbc1d574b Add VerificationToken tests.
Bug: 70409878
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5458729ef8c3494f45fe8274b391133b997d43f2
2018-01-20 02:54:23 +00:00
TreeHugger Robot
dec9b4480d Merge "Specify SecurityLevel::SOFTWARE in default keymaster 4.0 service." 2018-01-19 22:49:27 +00:00
Shawn Willden
256929827a Move KeyParameter operator== to support lib.
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I4b71a9fbd986c1bd1001e3ab49de5d360b303b27
2018-01-19 09:44:11 -07:00
Shawn Willden
3d9433268f Add HMAC key sharing tests
Bug: 70409878
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I9da12a70ce04f606980b5c8bec8deaeaa318bf81
2018-01-18 21:35:54 -07:00
Shawn Willden
252233df69 Refactor VTS tests a bit, to enable adding tests in separate files.
Bug: 70409878
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Idd147d20761e7123005b468841a2ddb46cc19576
2018-01-18 21:35:49 -07:00
Shawn Willden
163063e15b Merge "Fix build breakage" 2018-01-19 02:20:37 +00:00
TreeHugger Robot
a7c5a47d64 Merge "ImportWrappedKey: preliminary VTS tests" 2018-01-19 02:14:56 +00:00
Shawn Willden
0555ddd6ba Fix build breakage
Previous CLs to move keymaster wrappers broke the build (but somehow
not in my tree, nor in TreeHugger's build).

Test: Build
Change-Id: I0494e1e38ee7e8806f3758d533b6b1e3a6c576d1
2018-01-18 19:12:53 -07:00
Frank Salim
ad57fa93fb ImportWrappedKey: preliminary VTS tests
• Happy-path import
• Masked
• Wrong mask
• Wrong Purpose

Bug: 63931634

Test: data/nativetest/VtsHalKeymasterV4_0TargetTest/VtsHalKeymasterV4_0TargetTest --hal_service_instance=android.hardware.keymaster@4.0::IKeymasterDevice/strongbox
Change-Id: Ie7948bca25ee4840d179fb879b054755199c96d9
2018-01-18 17:32:35 -07:00
Frank Salim
16350c9efc Specify SecurityLevel::SOFTWARE in default keymaster 4.0 service.
Test: it compiles

Change-Id: I0ae85000c802dd375f0c7d66c7c9c71b143107aa
2018-01-18 14:41:20 -08:00
Shawn Willden
7d339812c9 Move Keymaster wrapper into support library.
This wrapper was used to manage KM3/KM4 compatibility in keystore.
It's also needed in vold, so this CL moves it here, to make it usable
for vold.

Test: keystore CTS tests
Change-Id: I8079b8577f7d4a8fd67f47fbe1f48861e4a0734b
2018-01-18 15:39:50 -07:00
Shawn Willden
8823a4415c Add support for 3DES algorithm to Keymaster.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 31675676
Change-Id: I68a67b78979002a38e92454f79715ed516026889
2018-01-17 14:15:38 -07:00
Shawn Willden
2d6b39d034 Add Trusted User Presence support to Keymaster HAL.
Test: not yet
Change-Id: I99451cb6e21b577281bd7a889e1a44db7b26525f
2018-01-10 22:52:12 -07:00
Shawn Willden
a6eb3faeb5 Remove references to Keymaster::3.0 from Keymaster::4.0
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Idf627a3d7a51d2a464bd1723a32e88f43969bf45
2018-01-04 15:05:36 -07:00
Janis Danisevskis
c0af94ad84 Merge "Fix typos in KM4 interface definition documentation" 2018-01-02 17:36:26 +00:00
Janis Danisevskis
d29fb73c14 Fix typos in KM4 interface definition documentation
Test: N/A
Change-Id: I037ae8bc8cd35479a8e19af2f4651206fb02fda9
2017-12-27 09:09:54 -08:00
Steven Moreland
7d1e04051e Update Keymaster makefiles.
Test: none
Change-Id: Ic7cc31f9cee7ceaa834e48b6de39d4a351aff2b1
2017-12-22 14:59:16 -08:00
Shawn Willden
647357f6cb Remove libkeymaster_staging
Test: Builds
Change-Id: I742a3e36fd96c3a1b37181f48aab7e5faa63b063
2017-12-21 12:49:35 -07:00
TreeHugger Robot
4f7dabb1a9 Merge "Add support for StrongBox implementations to Keymaster HAL" 2017-12-12 18:48:05 +00:00
Shawn Willden
9e0c1fe534 Add support for StrongBox implementations to Keymaster HAL
Also adds secure key import.

Bug: 63931634
Test: not yet
Change-Id: I54f38a8787e2fcb51e01f378228e4a0c576fdfbe
2017-12-12 07:14:45 -07:00
Steven Moreland
4cd5506baa Update makefiles.
Been seeing these in CLs. Some were forgotten.

Test/Bug: none

Change-Id: I678f9ef157a3631586a3d3a9cc503121eed5a703
2017-12-11 20:48:11 +00:00
Shawn Willden
32aa7ecb55 Rename IKeymaster back to IKeymaserDevice
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ic5e7f936ef75aa64834677f6589822fbedce39cd
2017-11-30 19:37:07 -07:00
Steven Moreland
e5c6548346 Remove subdirs
Removing whenever I see these in code reviews.

Test: none
Merged-In: I4322f533a837d55618ec2ed2125e8966ace9d61d
Change-Id: I4322f533a837d55618ec2ed2125e8966ace9d61d
2017-11-28 14:23:43 -08:00
Shawn Willden
1e50c676f6 Add Keymaster V4.0
This CL merely duplicates all of the Keymaster V3.0 functionality and
VTS tests, and provides a pure software implementation of the 4.0 HAL,
which passes the VTS tests.  Future CLs will remove some cruft and
unused features, then add new features and accompanying tests.

Note that the reason that this is V4.0 rather than V3.1 is because V4.0
will not be fully backward compatible with V3.0.  Specifically, V4.0
will allow for "StrongBox" implementations, which will only provide a
subset of Keymaster functionality.  StrongBox versions of Keymaster will
be implemented in discrete, special-purpose hardware which will
generally be much less powerful (slower, less RAM, etc.) than is needed
to support a full Keymaster implementation.

So, while the V4.0 interface will be a strict superset of the V3.0
interface, which could normally be best implemented as an extension, it
will allow StrongBox implementations which are unable to pass the V3.0
test suite, which means that it will not be true that a V4.0
impementation IS-A V3.0 implementation, as would be expected of a V3.1
implementation.  The V4.0 test suite will distinguish between StrongBox
and non-StrongBox implementations and enforce appropriately-reduced
requirements on the former.

In addition to the duplication, 4.0 also cleans up some cruft from 3.0:

  - Removes tags and types which were in previous versions but never
    used;
  - Removes support for wrapping pre-Treble keymaster HALs with KM4,
    since they'll only be wrapped by the default KM3 implementation;
  - Renames the ROLLBACK_RESISTANT tag to ROLLBACK_RESISTANCE and
    defines new semantics for it;
  - Changes auth token handling to use the HardwareAuthToken struct
    passed in as an explicit argument to the relevant methods,
    rather than an opaque byte vector provided as a KeyParameter;
  - Updates the VTS tests to use a gtest "environment" for better
    integration with VTS test infrastructure;
  - Adds a test for upgradeKey.
  - Makes comment formatting more consistent, including using the
    correct two-space typographical convention to separate sentences.

Bug: 63931634
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I3f01a4991beaa5c4332f72c91e8878a3bf0dec67
2017-11-28 13:41:52 -07:00
Iris Chang
784e993ef6 Merge "Fix Keymaster VTS for OpenSSL error code change" am: fc23356909 am: f9fceff665
am: 11fab4809b

Change-Id: Ibe60ee37e674ff9622f795b6cce7ae9c255bd5d5
2017-11-22 02:16:25 +00:00
Iris Chang
f9fceff665 Merge "Fix Keymaster VTS for OpenSSL error code change"
am: fc23356909

Change-Id: If832fc5e82618c394fd253215cd5c8e5e0011e39
2017-11-22 02:04:08 +00:00
Treehugger Robot
fc23356909 Merge "Fix Keymaster VTS for OpenSSL error code change" 2017-11-22 01:55:27 +00:00
Ryan Campbell
6f62a49017 Transfer VTS test ownership. am: ae6b2a5f1e am: 8ca98990ab
am: 4596756e1b

Change-Id: I3f889b17ff28d49c120b4ce42f1b79a75441bc0d
2017-11-17 02:17:33 +00:00
Ryan Campbell
8ca98990ab Transfer VTS test ownership.
am: ae6b2a5f1e

Change-Id: I4dd526bbfc6e8fa51495f4298e820e62f2fb62dd
2017-11-17 02:10:09 +00:00
Ryan Campbell
ae6b2a5f1e Transfer VTS test ownership.
Remove self from test ownership and transfer to new owners as agreed.

Test: none
Bug: 69425312
Change-Id: I8b189e6f2d7076b9ee7f3bad91445ccf6c5e1767
Merged-In: I8b189e6f2d7076b9ee7f3bad91445ccf6c5e1767
2017-11-16 14:48:00 -08:00
Iris Chang
890d3dfe27 Fix Keymaster VTS for OpenSSL error code change
OpenSSL changes error code of large RSA data from
KM_ERROR_INVALID_INPUT_LENGTH to KM_ERROR_INVALID_ARGUMENT which causes
HidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge and 
HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLarge tests failed. 
Fix keymaster VTS to accept both the error codes.

Bug: 68289922
Test: HidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge and
      HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLargeHidlHalGTest#EncryptionOperationsTest.RsaOaepTooLarge
      and HidlHalGTest#EncryptionOperationsTest.RsaPkcs1TooLarge are
      passed after applying this modification and other Keymaster 3.0
      VTS test cases are not affected.
Change-Id: I493bfa1c6e4b69560dfae3585a416b5c3d33e215
2017-11-15 08:09:52 +00:00
Xin Li
bb9e38fef9 Merge commit '1a06284b24f5eb7bb9c1fea0817da8898b3b1bff' from
oc-mr1-dev-plus-aosp into stage-aosp-master

Change-Id: I2a044eb8c9981d0a8198ffe2df55559afbd76341
Merged-In: I4fb9f18884f7ef21162015a0032c4431444f7025
2017-11-14 12:08:38 -08:00
Steven Moreland
8db261bc99 Updating makefiles for hidl_interface.
Bug: 64487114
Test: manual
Merged-In: Ie13d9e014cf2b81c18c67f551b4644fb9f0ba812
Change-Id: Ie13d9e014cf2b81c18c67f551b4644fb9f0ba812
2017-11-13 10:00:18 -08:00
Steven Moreland
a1169dd600 Update makefiles for hidl_interface.
Bug: 35570956
Test: manual
Change-Id: I7a220b78ee081240e1dc30ef5672ba39e3e98375
2017-11-10 09:06:55 -08:00
Steven Moreland
1d7374c5e1 Update for Soong java makefiles. am: c3e80fa01e am: 0fff75dee1 am: 6c811964a1
am: 116161d94e

Change-Id: I33643636e2511de77fdf7de57777eb67edee2e52
2017-10-11 16:39:21 +00:00
Steven Moreland
116161d94e Update for Soong java makefiles. am: c3e80fa01e am: 0fff75dee1
am: 6c811964a1

Change-Id: I85ccbb4a15cd18938607f5bca4e065b9d7e0182b
2017-10-11 16:31:07 +00:00
Steven Moreland
6c811964a1 Update for Soong java makefiles. am: c3e80fa01e
am: 0fff75dee1

Change-Id: I5b524ccf13233f3696881a2a670b5d2134fd5f15
2017-10-11 16:27:24 +00:00
Steven Moreland
0fff75dee1 Update for Soong java makefiles.
am: c3e80fa01e

Change-Id: Ia8835f9c95bd98a96f5fd3aff11191e7d3726fb9
2017-10-11 16:23:54 +00:00
Steven Moreland
c3e80fa01e Update for Soong java makefiles.
Test: pass
Bug: 33420795
Change-Id: Id9b1919a19b8ff682738cfb0869a479b4dbb4293
2017-10-10 23:07:20 +00:00
Iris Chang
13edc1a4d3 Merge "VTS: fix VtsHalKeymasterV3_0Target issue" am: 1912c73a7f am: b87becf1c2 am: 7fdf8d791f
am: 41df3d9063

Change-Id: I98db06ff0ca957ea35bf0793e1ed8163dc64e2c2
2017-10-06 01:55:09 +00:00
Iris Chang
41df3d9063 Merge "VTS: fix VtsHalKeymasterV3_0Target issue" am: 1912c73a7f am: b87becf1c2
am: 7fdf8d791f

Change-Id: I63b0905fc6091f62b297ed9c85f21e97fe84decd
2017-10-06 01:53:28 +00:00
Iris Chang
7fdf8d791f Merge "VTS: fix VtsHalKeymasterV3_0Target issue" am: 1912c73a7f
am: b87becf1c2

Change-Id: I4674864a39b3f558d30bf63f1b79505c69330867
2017-10-06 01:51:40 +00:00
Iris Chang
b87becf1c2 Merge "VTS: fix VtsHalKeymasterV3_0Target issue"
am: 1912c73a7f

Change-Id: I781812c77d96a0a7beb832298df8d537ce1d55da
2017-10-06 01:49:29 +00:00
Treehugger Robot
1912c73a7f Merge "VTS: fix VtsHalKeymasterV3_0Target issue" 2017-10-06 01:43:54 +00:00
Iris Chang
54ca32a130 VTS: fix VtsHalKeymasterV3_0Target issue
Failed cases:
AttestationTest.RsaAttestation
AttestationTest.EcAttestation

Analysis:
The verify_attestation_record() in Keymaster_hidl_hal_test.cpp calls
parse_attestation_record() to set the value of att_challenge. It fails
to compare att_challenge with challenge by memcmp.
Because setToExternal() method uses buffer pointer to local variable
(record), not use memcpy to copy into itself buffer in
parse_attestation_record(). When it leaves the parse_attestation_record(),
we will get the att_challenge which is null buffer to compare with challenge
incorrectly.

Fix: use memcpy to copy the buffer.

Bug: 65039571
Test: build passed. VtsHalKeymasterV3_0Target -> PASSED: 106, FAILED: 0.

Change-Id: I700a9242cc9a5f4cb196b62860823601e4088531
2017-10-06 00:45:42 +00:00
Steven Moreland
70bfb9d250 Merge "Update for hidl adapter module defaults." am: 988c977079 am: 861651985f am: b53e6ad535
am: 9a17f41f6f

Change-Id: I78d9292068b372238554fd9d35128e69f5b5f9d2
2017-10-04 21:54:11 +00:00
Steven Moreland
9a17f41f6f Merge "Update for hidl adapter module defaults." am: 988c977079 am: 861651985f
am: b53e6ad535

Change-Id: I23269fb7a9bdd352e670a80f390527d9eef31412
2017-10-04 21:51:00 +00:00
Steven Moreland
b53e6ad535 Merge "Update for hidl adapter module defaults." am: 988c977079
am: 861651985f

Change-Id: Ifdb878720d42120e7309dd2a49e5a91059ff4b72
2017-10-04 21:48:04 +00:00
Steven Moreland
861651985f Merge "Update for hidl adapter module defaults."
am: 988c977079

Change-Id: I289818be1b30397391847ba1c532d1014fdbed27
2017-10-04 21:45:09 +00:00
Steven Moreland
527fd76a0e Update for hidl adapter module defaults.
Test: pass
Change-Id: Idc6a943149a279bf17cfcfd0f2571473e53bbbbf
2017-10-04 12:47:03 -07:00
Janis Danisevskis
5a07ed4802 Switch to new NG AndroidKeymaster3Device
Test: VtsHalKeymasterV3_0TargetTest
Bug: 67358942
Change-Id: Idc7ac599c359b3af2e4866b9eb446a05e96132a0
2017-10-03 16:13:21 -07:00
Janis Danisevskis
b17178a1a4 Fix wrong origin assumption for wrapped KM0 hals
KM0 supports only asymmetric encryption. And for those we cannot
distinguish between imported and generated keys.
This patch adds correct handling for KM0 origin tags.

Test: run vts test with wrapped km0 module from
      system/security/softkeymaster

Bug: 67358942
Bug: 67363396

Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I7f5ddd21dde284dbfbd68b3b83fb75c1457dbd59
2017-10-03 16:13:21 -07:00
Janis Danisevskis
957b1dc654 Reflect: Removed KeymasterEnforcement dependencies on openssl
in system/keymaster.

Test: VtsHalKeymasterV3_0TargetTest

Bug: 67358942
Change-Id: Ie3e1fb94a299635e6c7cf45d78822b03bedf5d11
2017-10-03 16:13:21 -07:00
Janis Danisevskis
7e03f98bd2 Software keymaster attestations return 3 as keymaster version
Bug: 67358942
Bug: 67359348
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: Ia04a55b407343ddddd4467c401ee2556e8fe9bd9
2017-10-03 16:13:21 -07:00
Janis Danisevskis
1235d348e6 Relax finish result on RSA operations
Some RSA operation tests expect ErrorCode::INVALID_ARGUMENT
and others ErrorCode::INVALID_INPUT_LENGTH for the same
diagnosed syndrome, i.e., the input message was too long.

This patch relaxes the expectations on one of these tests
expecting ErrorCode::INVALID_INPUT_LENGTH, to also accept the
more consistent ErrorCode::INVALID_ARGUMENT.

Bug: 67358942
Bug: 67359132
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I573d3a01b052f0256611064f23ae791007cf7122
2017-10-03 16:13:20 -07:00
Janis Danisevskis
02bc2768d4 Add OWNERS files to keymaster resources am: e6014f69ea am: 1ff3510d29 am: 2d83c98987
am: a0e1f49a11

Change-Id: Ic1eab465d8392c79411ce6c6097c40585748db1f
2017-10-03 22:31:13 +00:00
Janis Danisevskis
a0e1f49a11 Add OWNERS files to keymaster resources am: e6014f69ea am: 1ff3510d29
am: 2d83c98987

Change-Id: I97cc35b7736319ae679f1ff88f07bf98857acf30
2017-10-03 21:47:46 +00:00
Janis Danisevskis
2d83c98987 Add OWNERS files to keymaster resources am: e6014f69ea
am: 1ff3510d29

Change-Id: Ida237f73875e70d9d1e24547f1e9b90de12a7729
2017-10-03 21:35:50 +00:00
Janis Danisevskis
1ff3510d29 Add OWNERS files to keymaster resources
am: e6014f69ea

Change-Id: I71c2388fd278869daa652ae10fb8b7848b6e5443
2017-10-03 21:22:58 +00:00
Janis Danisevskis
e6014f69ea Add OWNERS files to keymaster resources
This patch adds swillden@ and jdanis@ as owners of keymaster/3.0/vts
and keymaster/3.0/default.

Test: No code changed
Change-Id: I04bc0f741e8fafd53aee7c9dd62954548b81263d
2017-10-03 13:37:19 -07:00
Steven Moreland
91799c6cc7 Merge "Fix typo in update makefiles." am: 9960148420 am: f07e364ce3 am: 71a193a425
am: 9fdd241905

Change-Id: I1c852fa6600fecc44d5afd1a65a5f51c43ecf71c
2017-09-27 00:02:52 +00:00
Steven Moreland
9fdd241905 Merge "Fix typo in update makefiles." am: 9960148420 am: f07e364ce3
am: 71a193a425

Change-Id: I45ae43f07323254212532acbf0f891d11143b05f
2017-09-26 23:58:51 +00:00
Steven Moreland
71a193a425 Merge "Fix typo in update makefiles." am: 9960148420
am: f07e364ce3

Change-Id: If5bbf259458363b755989578c2f3828cbcb3d07c
2017-09-26 23:55:59 +00:00
Steven Moreland
f07e364ce3 Merge "Fix typo in update makefiles."
am: 9960148420

Change-Id: I949634e72f817f3a5411130e968acd8efd1d7725
2017-09-26 23:51:07 +00:00
Steven Moreland
a5299ee739 Fix typo in update makefiles.
Bug: 37518178
Test: pass
Change-Id: Ic401b3a473f15ca4c01e58b3072e19db7c31b653
2017-09-26 21:59:43 +00:00
Steven Moreland
7741c0e17b Update makefiles for hidl adapter. am: 26a0bb2762 am: 73949c1d7e am: b94d0c7290
am: 97228c0b7d

Change-Id: Ic4b459b7c1a4325453945b0b00db8f44e4e77c26
2017-09-26 13:36:09 +00:00
Steven Moreland
97228c0b7d Update makefiles for hidl adapter. am: 26a0bb2762 am: 73949c1d7e
am: b94d0c7290

Change-Id: If766cffbcc003cc0cc5eb98969b924aa918fff44
2017-09-26 12:53:13 +00:00
Steven Moreland
b94d0c7290 Update makefiles for hidl adapter. am: 26a0bb2762
am: 73949c1d7e

Change-Id: I9af2df255ccdac36c8c11bbca973c42ea2e758fe
2017-09-26 12:48:40 +00:00
Steven Moreland
73949c1d7e Update makefiles for hidl adapter.
am: 26a0bb2762

Change-Id: I3a811f5cd49bd4e81e8fcd5c8e88922115812539
2017-09-25 23:14:44 +00:00
Steven Moreland
26a0bb2762 Update makefiles for hidl adapter.
Bug: 37518178
Test: manual
Change-Id: I50e999907d3c64d2b039272b823971998da64d1b
2017-09-25 18:35:56 +00:00
Shawn Willden
b4766e598b Merge "Don't send more than 2K to addRngEntropy" into oc-dev am: 7eeb6b5079 am: 35e1be70b4
am: 64978d763d

Change-Id: I9e3f621fb66a357d7f81975bd7fe14ab79e07013
2017-09-12 16:37:22 +00:00
Shawn Willden
64978d763d Merge "Don't send more than 2K to addRngEntropy" into oc-dev am: 7eeb6b5079
am: 35e1be70b4

Change-Id: Ic1b7023117d6531da2f535a6b6cb145a228259bf
2017-09-12 16:34:52 +00:00
Shawn Willden
35e1be70b4 Merge "Don't send more than 2K to addRngEntropy" into oc-dev
am: 7eeb6b5079

Change-Id: Id0ee0e3f22ee4f2d2b730054043d28c01ac19c6f
2017-09-12 16:31:32 +00:00
TreeHugger Robot
7eeb6b5079 Merge "Don't send more than 2K to addRngEntropy" into oc-dev 2017-09-12 16:28:44 +00:00
Shawn Willden
e5266362e9 Merge "Reduce max keymaster message size to 2K" into oc-dev am: 42d61ce03a
am: ac06f7576e

Change-Id: Ib6e0f30a2ca4d6b075bdc4c232cbf47c6febc82e
2017-09-12 06:53:16 +00:00
Shawn Willden
859db2ba9e Merge "Reduce max keymaster message size to 2K" into oc-dev am: 42d61ce03a
am: ac06f7576e

Change-Id: I219c56653ec9051d35a4c7c8f012c9c06e555881
2017-09-12 06:53:16 +00:00
Shawn Willden
ac06f7576e Merge "Reduce max keymaster message size to 2K" into oc-dev
am: 42d61ce03a

Change-Id: Ia2915bb4305268e5048689ef3e4cf6cf9793d483
2017-09-12 06:50:47 +00:00
Jaekyun Seok
81104ae5ef Add 'vendor.' prefix to a vendor HAL service name
To prevent property name collisions between properties of system and
vendor, 'vendor.' prefix must be added to a vendor HAL service name.
You can see the details in http://go/treble-sysprop-compatibility.

Test: succeeded building and tested on a walleye device
Bug: 36796459
Change-Id: I4e8fbee791ec917a8f627a1366f4d44ec7e6febc
2017-09-12 08:01:42 +09:00
Shawn Willden
02ffb2be41 Don't send more than 2K to addRngEntropy
Bug: 63745893
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I136920d3b62e026b22fbe06594bc40ccddc57dc3
(cherry picked from commit 3e1267edf0)
2017-08-30 22:13:30 +00:00
Steven Moreland
dfd8287506 Updating all makefiles.
Bug: 64487114
Test: none
Merged-In: I8608c8f636c35f21e4246a805a9eff6d14124e0a
Merged-In: I2fa89b6661c39859ec4fb62c4bb0a05a35e645f0
Merged-In: Ifdc3c17cb2b85c18b37dac2d03bb5c8935c23180
Change-Id: I170fa1c4fe39f8109b1670db58ef99bb11afc0be
2017-08-14 20:25:09 +00:00
Steven Moreland
ff308ea6ba Updating all makefiles.
Bug: 64487114
Test: none
Merged-In: I8608c8f636c35f21e4246a805a9eff6d14124e0a
Merged-In: I2fa89b6661c39859ec4fb62c4bb0a05a35e645f0
Change-Id: Ifdc3c17cb2b85c18b37dac2d03bb5c8935c23180
2017-08-11 22:58:47 +00:00
Shawn Willden
3e1267edf0 Don't send more than 2K to addRngEntropy
Bug: 63745893
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I136920d3b62e026b22fbe06594bc40ccddc57dc3
2017-08-11 14:34:37 -06:00
Shawn Willden
cf1f4870fc Reduce max keymaster message size to 2K
Bug: 63745895
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I9b8c2e551f04bd2124462095f232bd08ff1f63c6
2017-08-11 14:34:37 -06:00
Tri Vo
fcc37424e5 Merge "Keymaster test statically links to dependencies." into oc-mr1-dev am: c20d4caa4c
am: a48a2eab55

Change-Id: I6a445e551b9a135a8411e1f351acd61a2e56a5ee
2017-08-11 01:41:33 +00:00
Tri Vo
c20d4caa4c Merge "Keymaster test statically links to dependencies." into oc-mr1-dev 2017-08-11 01:07:22 +00:00
Tri Vo
0631f8ea9a Keymaster test statically links to dependencies.
This test now statically links to libs not guaranteed to be on the
device.

Bug: 64040096
Test: vts-tradefed run commandAndExit vts --skip-all-system-status-check 
--skip-preconditions --module VtsHalKeymasterV3_0Target
Change-Id: I6a7b8c116153f18f61a71e5b5bef98343a4de43b
2017-08-10 20:18:36 +00:00
Justin Yun
723c2dbd43 Update make file for vndk enabled. am: 608d773ef8
am: d66371512c

Change-Id: I35b778c39c2349346278deb6dea56b8cd3701f7d
2017-08-05 02:17:38 +00:00
Justin Yun
608d773ef8 Update make file for vndk enabled.
Update the Android.bp generated with hidl-gen.

Test: build with and without BOARD_VNDK_VERSION=current
Bug: 63866913
Change-Id: I1a9db1df49e0f13c5790da2b118ae9ec63ba34a7
2017-08-04 14:12:23 +09:00
Shawn Willden
703c242322 Reduce max keymaster message size to 2K
Bug: 63745895
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I9b8c2e551f04bd2124462095f232bd08ff1f63c6
2017-08-03 20:45:46 +00:00
Tri Vo
0621d2f517 Update Android.bp HIDL makefiles am: f5d136c231
am: 7694738e26

Change-Id: I7592025d540bbe46d2e2726ae39ae34f352a1a30
2017-08-03 15:37:24 +00:00
Tri Vo
f5d136c231 Update Android.bp HIDL makefiles
Allow HAL definition libs to be static.

Bug: 32920003
Bug: 64040096
Test: update-all-google-makefiles.sh
Change-Id: I1483d572bea6799717d1614fb7d52fe225e31104
2017-08-03 00:30:01 +00:00
Shawn Willden
26dc50cefb Re-enable fuzzing tests
A pair of tests that send corrupted data to keymaster were disabled
because they cause a reboot on Angler and Bullhead.  Because VTS is not
being run on those devices, I'm enabling them.

Separately, I'm going to get this bug triaged as a security
vulnerability, which may result in a fix being forthcoming.  As a simple
functional defect, the vendor refused to fix the old devices.

Bug: 33385206
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: I3bdea4e9756d3f77d54de09fd7ed2de04edeb1fd
2017-07-25 13:15:02 -06:00
Shawn Willden
6715433ca7 Merge "Test import of a EC P-521 key." into oc-dev
am: ad40c6ccd7

Change-Id: I42bd0035153a5312b4654ec8b27f6ad6589d56e1
2017-06-23 15:39:19 +00:00
Shawn Willden
709e2e1ed9 Test import of a EC P-521 key.
This failure is also diagnosed by CTS, but it should be validated in VTS
as well.

Merged-In: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
Bug: 33945114
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
2017-06-22 15:14:30 -06:00
Shawn Willden
2bd3e23f3c Test import of a EC P-521 key.
This failure is also diagnosed by CTS, but it should be validated in VTS
as well.

Bug: 33945114
Test: adb shell data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: Ia7654ff8813942fbca9dfa838337e9de5839a9e2
2017-06-22 14:29:19 -06:00
Shawn Willden
18996b5aa5 Merge "Check return from DeleteKey correctly." into oc-dev
am: c4f859d1b5

Change-Id: Id817044028fa9bf060305fa7864d8d89755353dc
2017-06-21 00:54:09 +00:00
Shawn Willden
da4568eb18 Merge "Check return from DeleteKey correctly." into oc-dev
am: c4f859d1b5

Change-Id: Ib41e416ab79a56cddbaa61084645f626b4a3b22b
2017-06-21 00:54:07 +00:00
TreeHugger Robot
c4f859d1b5 Merge "Check return from DeleteKey correctly." into oc-dev 2017-06-21 00:45:17 +00:00
Janis Danisevskis
eb5a6056bc Merge "Purge unsupported RSA key sizes from VTS tests" into oc-dev
am: bc970b089f

Change-Id: Id5c16a9a8a2ff95e18254da4b8568d68e15e5834
2017-06-14 02:32:40 +00:00
Janis Danisevskis
324ffd65ee Merge "Purge unsupported RSA key sizes from VTS tests" into oc-dev
am: bc970b089f

Change-Id: Id40754b5761b2acca8a487d33a4479c3d9fb0c33
2017-06-14 02:32:40 +00:00
Janis Danisevskis
39daaa0f96 Purge unsupported RSA key sizes from VTS tests
Support for 256 bit RSA keys are not mandated by keymaster specs and
must not be used in the VTS tests.

Bug: 62581389
Change-Id: If315088db2752ac2efe31fdb95db7ca13c3ce225
2017-06-13 13:30:15 -07:00
Janis Danisevskis
d4c2e5d8a5 Fix expected attestation version.
am: 538b7d85ef

Change-Id: I5ba0326f7e2f1547a1e08c2f44055a8938414ae4
2017-06-08 01:55:37 +00:00
Janis Danisevskis
db5b71c924 Fix expected attestation version.
am: 538b7d85ef

Change-Id: I35fd340baa71984a9aa5b1db6d8df1b09cda7a6c
2017-06-08 01:51:38 +00:00
Janis Danisevskis
538b7d85ef Fix expected attestation version.
The attestation version cannot be infered from the keymaster version
because we provide software attestation for legacy keymaster 1 keys.
This patch changes the attestation test to expect either attestation
version 1 or 2.

Bug: 37351644
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I4db83a543db20191d288b2ca8308aa6597cd8e22
2017-06-07 11:49:56 -07:00
Shawn Willden
76627c3f72 Annotate DeleteKey test with bug number. am: abcd323019
am: 392db77668

Change-Id: If2800344b883ae35e8372d977cc63abdf1832e0d
2017-06-01 15:29:01 +00:00
Shawn Willden
392db77668 Annotate DeleteKey test with bug number.
am: abcd323019

Change-Id: I1e3eb2b93c0054fb48fc8dbd9e844a74736afe46
2017-06-01 15:26:30 +00:00
Shawn Willden
abcd323019 Annotate DeleteKey test with bug number.
Bug: 37623742
Change-Id: I2cb4bb39bacb3aabf5fff7937f60c7355c9636e3
Test: VTS test, manually run
2017-06-01 07:47:04 -06:00
Shawn Willden
1c69c5fcb8 Check return from DeleteKey correctly.
DeleteKey may legitimately return ErrorCode::UNIMPLEMENTED rather than
ErrorCode::OK, but the VTS test didn't allow that in all cases.  In many
case the return code was also left unchecked.

Test: adb shell/data/nativetest64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Bug: 62193967
Change-Id: I19a90a87850675b0700baf7409e57098e0584d54
2017-06-01 07:44:27 -06:00
Shawn Willden
41fbd43c10 Validate certificate names.
Bug: 38394614
Test: adb shell /data/nativetest64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: If9d985807000f54f57f979f0c2d9f38df8fbd3d3
2017-05-23 19:56:02 -06:00
Shawn Willden
319e5c5c02 Verify that attestation root is a valid self-signed cert.
Bug: 38243685
Test: adb shell /data/nativetests64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: I6b57025e4aab7d475116c51fb43ae9f31778d7c8
2017-05-23 19:45:47 -06:00
Shawn Willden
032d2afb2e Check HAL return codes.
Test: adb shell /data/nativetest64/VtsHalKeymasterV3_0TargetTest/VtsHalKeymasterV3_0TargetTest
Change-Id: I1772cfa97f60bab5acf12b4afccc242a11946085
2017-05-23 19:45:47 -06:00
Steven Moreland
7708449766 Update makefiles. (2/2) am: 76cfb84140
am: f203167814

Change-Id: I1f13401266f3c2f78c627088b09c79cd7c8d0276
2017-05-22 17:29:04 +00:00
Steven Moreland
f203167814 Update makefiles. (2/2)
am: 76cfb84140

Change-Id: I24d21438a5b2f447d2160929c6ff6e17b2b66820
2017-05-22 17:15:20 +00:00
Steven Moreland
76cfb84140 Update makefiles. (2/2)
Adds default configuration for all hals.

Bug: 38415912
Test: pass
Change-Id: Idd1f3a2b7b16ad956d31784a513e93a066cdd02e
2017-05-19 15:54:03 -07:00
Steven Moreland
d09cf863da Update makefiles for c++-sources and c++-headers. (2/2) am: bc71124120
am: a32ebce372

Change-Id: Ic1dd8f98e72656bc12a6e5224e541f75afb79daa
2017-05-11 01:38:14 +00:00
Steven Moreland
a32ebce372 Update makefiles for c++-sources and c++-headers. (2/2)
am: bc71124120

Change-Id: Icf36068a4d863a8520854c7a83e51f960c188e12
2017-05-11 00:48:55 +00:00
Steven Moreland
bc71124120 Update makefiles for c++-sources and c++-headers. (2/2)
Test: pass
Bug: 38174080
Change-Id: Icad451f9f9ad5f46412356a4171a8a1222f8e545
2017-05-09 19:58:43 -07:00
Shawn Willden
7c30ca2cc5 Merge "Add missing application ID tag to AES/HMAC attestation calls" into oc-dev am: 585acc6778
am: bc25041f6e

Change-Id: Ib18b4c599813d8503712d33f9070eea11948f4ca
2017-05-05 17:51:36 +00:00
Shawn Willden
bc25041f6e Merge "Add missing application ID tag to AES/HMAC attestation calls" into oc-dev
am: 585acc6778

Change-Id: I613bc59b8eeeed229131fcff32835e91d26adda6
2017-05-05 17:43:22 +00:00
TreeHugger Robot
585acc6778 Merge "Add missing application ID tag to AES/HMAC attestation calls" into oc-dev 2017-05-05 17:29:21 +00:00
Janis Danisevskis
71ebd5f6b4 Rename libkeymaster to libkeymaster_staging
Fix a build breakage by renaming libkeymaster to
libkeymaster_staging. fugu's vendor tree already had
a libkeymaster.so which masked system/keymaster/libkeymaster.

Bug: 37997750
Change-Id: Ie478726bf81e965be64fb913844b881064e9b66c
2017-05-04 14:16:20 -07:00
Janis Danisevskis
448b624803 Merge "libkeymaster1 was split into libkeymaster and _portable" 2017-05-04 16:16:45 +00:00