Commit graph

111 commits

Author SHA1 Message Date
Xin Li
fef0cab5e9 DO NOT MERGE - Merge pi-platform-release (PPRL.190505.001) into stage-aosp-master
Bug: 132622481
Change-Id: Ie2af73fae9852849b11796bb1e77f0fc62c28ce2
2019-05-13 15:39:13 -07:00
Janis Danisevskis
33d75d090b Verify mac change on time stamp change
This test verifies that verification tokens with different time stamps do
not have the same MAC. This may not guarantee that the MAC is computed
correctly but it catches implementation that do not include the time
stamp in the mac.

It also checks that the MAC changes when both time stamp and challenge
changes.

Test: yes it is
Bug: 131859731
Bug: 132288466
Bug: 132287277
Change-Id: I85aa1d873eff46df7a66fc69bd61a031e6e6fbe0
2019-05-09 12:50:11 -07:00
Janis Danisevskis
3414222e3a Keymaster support: Verbose vendor errors
Added function for verbosely logging Keymaster vendor errors.

Bug: 123562864
Test: atest android.keystore.cts
Merged-In: Ida093941d3b76b3d2e953439229081345909c16b
Change-Id: Ida093941d3b76b3d2e953439229081345909c16b
2019-05-03 16:04:02 -07:00
Shawn Willden
744a37115a Correct IKeymasterDevice documentation.
Bug: 129931913
Bug: 130144003
Test: ./update-makefiles.sh (checks hashes)
Change-Id: Ia8101f8410a728b28653416300c1a3eb480eb469
2019-04-19 00:59:01 +00:00
Steven Moreland
1ae4615d9f Update hidl makefiles for bpfmt
hidl-generated makefiles are now generated such that bpfmt(file) == file.

Bug: 67417008
Test: enable bpfmt hook
Change-Id: I1f69d292bc23a7cc293a66110cb02d597e1019ad
2019-04-17 09:38:50 -07:00
Eran Messeri
04a7045117 Test importing EC P-256 keys with multiple encodings
Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915
specification (which requires the curve OID in key in addition to the
wrapper) and the same key encoded using SEC1 (which allows omitting the
OID if it's known from the wrapper).

Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest
Bug: 124437839
Bug: 127799174
Bug: 129398850
Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3
Merged-In: I5f5df86e55a758ed739403d830baa5c7308813a3
2019-04-01 14:54:00 +01:00
Janis Danisevskis
93c7276e3a Fix strict weak ordering requirement of less than operation
operator< on hidl_vec<uint8_t> violates strict weak ordering in the case
that one oparand is shorter that the other and the shorter is a prefix
of the longer.

if x and y are incomparable, i.e., neither x < y nor y < x and
   y and z are incomparable, i.e., neither y < z nor z < y, then
   x and z must be incomparable.
As for the current implementation the first two statements are true but
the third is not given the following example input:
x:="aa", y:="a", z:="ab".

This patch fixes the issue by defining a < b if a is a prefix of b.

As this relation is used in a std::sort algorithm which demands strict
weak ordering this bug leads to undefined behavior.

Change-Id: I4961bb35e2fd4f5fcf561ec0c7c536f81830aab8
2019-03-19 09:54:04 -07:00
Steven Moreland
a878aee9ab Update makefies: no 'types'
Bug: 123976090
Test: N/A
Change-Id: I30fb04c81889b62775e1b764b965fdb0f893de17
2019-03-04 11:27:17 -08:00
nagendra modadugu
d0a5c1dda5 [DO NOT MERGE] keymaster: add an EC attestation test
Add a test that creates an EC key by
using key-bits (rather than curve-id),
and check that the attestation message
corresponds to key characteristics.

Bug: 122375834
Bug: 119542230
Test: VTS passes
Change-Id: Iad6ff2ca90a951124940943f2484f9fb9f813a19
2019-02-22 13:33:03 -08:00
Baranidharan Muthukumaran
43d64bbee6 Merge "Fix KM VTS tests for Strongbox implementations" into pie-vts-dev
am: c08c73653a

Change-Id: Ic8b48ca2afb2d942182043281836927698966874
2019-01-09 12:10:41 -08:00
Yi Kong
45cb85f8c0 Suppress null-dereference warning
It is unclear whether author intentionally meant to cause segfault here.
While waiting for the author to explain/fix the code, suppress the
warning to unblock enabling the warning globally.

Test: m checkbuild
Bug: 121390225
Change-Id: Iad03842833cfdc243404a32f6b31d161387c3890
2018-12-21 14:52:47 -08:00
Keun Soo YIM
68ae05dd2d pack VTS cc_test binaries as general-tests
Test: make general-tests
Bug: 120093339
Merged-In: I363450d205868f900e4925ccff1430e2a569f2a4
Change-Id: I363450d205868f900e4925ccff1430e2a569f2a4
2018-12-07 10:49:56 -08:00
Elliott Hughes
d9de6aa270 C++17 compatibility: add a non-const char* overload.
C++17 adds a non-const std::basic_string::data, so non-const std::strings in the
test are `char*` and the const std::strings are `const char*`. See
https://en.cppreference.com/w/cpp/string/basic_string/data for details.

Without adding the non-const overload, the varargs overload is preferred, leading
to static_assert failures:

  In file included from hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:33:
  In file included from hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:20:
  hardware/interfaces/keymaster/3.0/vts/functional/keymaster_tags.h:257:5: error: static_assert failed "Authorization other then TagType::BOOL take exactly one parameter."
  static_assert(tag_type == TagType::BOOL || (sizeof...(args) == 1),
  ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:213:19: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::Authorization<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA, char *, unsigned long>' requested here
  push_back(Authorization(tag, std::forward<Value>(val)...));
  ^
  hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:245:9: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSet::push_back<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
  push_back(ttag, std::forward<ValueType>(value)...);
  ^
  hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:3426:35: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSetBuilder::Authorization<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
  AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
  ^

Bug: http://b/111067277
Test: builds
Change-Id: I3d70fb5a41db16cc9dff50364cd793e0c3510ed0
2018-11-27 16:40:33 +00:00
Baranidharan Muthukumaran
3f127ca4d1 Fix KM VTS tests for Strongbox implementations
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.

Test: Patches the strongbox tests
Bug: 112189538
Bug: 119172331
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
(cherry picked from commit 88a376b0a0)
2018-11-20 21:23:19 +00:00
Janis Danisevskis
91a01c5cfc Merge "Removed unsafe use of hidl_vec<>.setToExternal" 2018-11-15 01:19:10 +00:00
Janis Danisevskis
8f45a1c5c3 keymaster: fix authorization set serialization
Invalid and unknown tags were treated as zero size but they where still
counted as entry. This lead to invalid tags being persisted. When
Serialized blobs were used to cache key characteristics, these invalid
tags were send to clients of keystore. However, the serialization cannot
cope with invalid tags.

Bug: 119414176
Test: Successfully used the Skype app which triggered the problem
Change-Id: Ia46ac4a16395db3d10f93d3722eda69d523db478
2018-11-13 13:21:30 -08:00
Janis Danisevskis
28a6b79f4b authorization_set.cpp: relax serialization of unknown tags
Bug: 119414176
Change-Id: I16722f2a2b1a00a352322c603d2bf18a996d6ee7
2018-11-12 12:06:32 -08:00
Janis Danisevskis
9c41221206 Removed unsafe use of hidl_vec<>.setToExternal
hidl_vec objects that do not own their associated buffer are highly
unsafe in multithreaded environments where move semantic is used to
transfer ownership between threads. With keystore transitioning to a
multi threaded execution model we can no longer use this optimization
safely.

Bug: 111443219
Test: Ran full keystore cts test suite.
Change-Id: I9a366fc7df5dfee508dc092855545963ef6d9665
2018-11-09 10:49:55 -08:00
Janis Danisevskis
2ecd6597f3 Various fixes for async keystore.
* Added missing Tag::HARDWARE_TYPE and Tag::TRUSTED_CONFIRMATION_REQUIRED
* Made AuthorizationSet::hidl_data() safer to use.
  hidl_data() initializes a hidl_vec with the internal data of
  std::vector using setToExternal and returns it by value. This means
  the returned temporay does not own the buffer which has the life cycle
  of the AuthorizationSet. This is fine if passed as parameter to a
  function where it is bound to a cont reference. But if the temporary
  gets assigned to something with longer life cycle move semantics kicks
  in and the buffer is now tracked by something with a longer life
  cycle. This patch marks the returned temporary const, so that it can
  no longer be moved. It can still be bound to a const reference, but
  when assigned to a variable it must get copied.
* Add Filter function to AuthorizationSet.

Bug: 111443219
Test: KeyStore CTS tests
Change-Id: I4744b7c87d01fbd905c3afb8ebeefba93605994b
2018-11-07 11:32:03 -08:00
Chih-Hung Hsieh
8cca54bec0 Add noexcept to move constructors and assignment operators.
am: 19a5da4c13

Change-Id: Ib5b417deddc9af28a2de012e379f55d869053ec4
2018-10-01 16:13:05 -07:00
Chih-Hung Hsieh
19a5da4c13 Add noexcept to move constructors and assignment operators.
Bug: 116614593
Test: build with WITH_TIDY=1
Change-Id: Ib50ced82d650737cf99a9757133119945a3409f3
2018-10-01 20:30:38 +00:00
Rob Barnes
57ba8d23ee Fixed minor comment typos in IKeymasterDevice.hal
am: 2c46b2e3b8

Change-Id: I540e52241d5096d5fbff8ccce26ed498eaa9036d
2018-09-26 14:40:18 -07:00
Rob Barnes
2c46b2e3b8 Fixed minor comment typos in IKeymasterDevice.hal
Test: 'make checkbuild' finished successfully.
Change-Id: I4ceb39475fff176bfcd57e10335aa1af64849739
2018-09-26 06:10:20 +00:00
Yi Kong
fa8dfc724e Merge "Don't use initializer_list as return type"
am: 9c6b9bf7c3

Change-Id: Ided6c9a8952938912bf036b4c83544a568088e42
2018-09-24 14:32:46 -07:00
Yi Kong
7392175ccd Don't use initializer_list as return type
The underlying array may be cleaned up once its lifetime has ended,
the initializer_list would become ill-formed. Return as std::vector
instead.

This fixes "-Wreturn-stack-address" (clang) / "-Winit-list-lifetime"
(gcc) warning.

Test: mma
Bug: 111998531
Change-Id: Ie5bb6bc3d0d7689744fd573c5683b22e6fb6b178
2018-09-21 15:36:57 -07:00
Baranidharan Muthukumaran
65b9c173ea Skip NoUserConfirmation VTS test for Strongbox
am: 709aa5f453

Change-Id: I6dff83b19396fcf599cb8f3be235124d0073beaf
2018-09-06 21:14:02 -07:00
Baranidharan Muthukumaran
709aa5f453 Skip NoUserConfirmation VTS test for Strongbox
Since Confirmation UI is optional for Strongbox
implementation, skipping the test.

Bug: 112189538
Test: This is an update to the vts test
Change-Id: Ie3485a1de92444b0c49670b198de30ea25e0673e
Signed-off-by: Max Bires <jbires@google.com>
2018-09-07 02:37:12 +00:00
Baranidharan Muthukumaran
3f200e078e Merge "Fix KM VTS tests for Strongbox implementations"
am: d6b4242d52

Change-Id: I52cd833dfa2c8cc4fb130544f5cb5d35217a0fc4
2018-09-04 03:55:02 -07:00
Treehugger Robot
d6b4242d52 Merge "Fix KM VTS tests for Strongbox implementations" 2018-09-04 10:44:18 +00:00
Eran Messeri
8ee59f2aa6 Merge "Fixing Keymaster documentation." into pie-vts-dev
am: 33f7970672

Change-Id: I0bd196af03f96817cbd23620b109e7665456f586
2018-08-29 01:11:55 -07:00
Shawn Willden
f7c0a7938d Change ImportWrappedKeyTest back to SHA1
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test.  This CL
reverts that portion of the change.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Merged-In: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
(cherry picked from commit 0dba888612)
2018-08-28 15:19:40 -07:00
Shawn Willden
0b166a2daf Require keymaster4 attestations to contain the right version.
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Merged-In: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
(cherry picked from commit 4e006c2b92)
2018-08-28 15:19:03 -07:00
nagendra modadugu
913053419e keymaster: skip SHA2 digest tests for strongbox
Strongbox is not required to support SHA-2 digests,
so skip the related tests.

Bug: 109771020
Merged-In: I5f877b2a1ac66026a876e145416ba078d486e4b5
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
(cherry picked from commit 8cec80be1f)
2018-08-28 15:18:32 -07:00
nagendra modadugu
8414fb8556 keymaster: spec does not require that update produce output
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.

Bug: 109771020
Test: yes it is
Merged-In: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
(cherry picked from commit 7b75f015a7)
2018-08-28 15:17:31 -07:00
Shawn Willden
e1e08f8dde Fix attestation test.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Merged-In: Ibe264d08ae7b3333a6949761a92759f5305b3fcb
Change-Id: Ibe264d08ae7b3333a6949761a92759f5305b3fcb
(cherry picked from commit d898d0a422)
2018-08-28 15:16:58 -07:00
Eran Messeri
ff29edcc71 Fixing Keymaster documentation.
Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.

Test: N/A
Bug: 78104779
Merged-In: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
(cherry picked from commit ae8da1b70a)
2018-08-28 15:08:39 -07:00
Baranidharan Muthukumaran
88a376b0a0 Fix KM VTS tests for Strongbox implementations
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.

Test: Patches the strongbox tests
Bug: 112189538
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
2018-08-28 10:58:49 -07:00
Shawn Willden
d033196431 Change ImportWrappedKeyTest back to SHA1
am: ad5b5ff2f0

Change-Id: Ia36eb6dd3aa4a07b5a72291c81de6e0cede202af
2018-08-17 09:14:47 -07:00
Shawn Willden
a795d5e3e7 Require KM4 attestations contain the right version
am: 0f2b0966c6

Change-Id: I04801fc26713513d8d39a836e30545e148fd1f50
2018-08-17 09:14:39 -07:00
nagendra modadugu
95f20ea7c5 keymaster: skip SHA2 digest tests for strongbox
am: 7194604cd8

Change-Id: Id44ef77aea880dd565a1a8e466f6ac2e1c98047f
2018-08-17 09:14:31 -07:00
Shawn Willden
ad5b5ff2f0 Change ImportWrappedKeyTest back to SHA1
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test.  This CL
reverts that portion of the change.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Bug: 80246122
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
2018-08-17 06:58:32 -06:00
Shawn Willden
0f2b0966c6 Require KM4 attestations contain the right version
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Bug: 80246122
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
2018-08-17 06:58:12 -06:00
nagendra modadugu
7194604cd8 keymaster: skip SHA2 digest tests for strongbox
Strongbox is not required to support SHA-2 digests,
so skip the related tests.

Bug: 109771020
Bug: 80246122
Test: This is the test
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
2018-08-17 06:58:12 -06:00
nagendra modadugu
683bd5d1b9 keymaster spec doesn't require update to output
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.

Bug: 109771020
Bug: 80246122
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
2018-08-17 06:57:28 -06:00
Shawn Willden
7b00c75643 Fix attestation test.
Bug: 77588764
Bug: 80246122
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ibe264d08ae7b3333a6949761a92759f5305b3fcb
2018-08-17 06:51:06 -06:00
Hung-ying Tyan
555cb5e13b Fix free() in keymaster VTS
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().

The patch is provided by vink.shen@mediatek.corp-partner.google.com

Bug: 109708231
Test: build pass
Merged-In: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
(cherry picked from commit 79db3ec849)
2018-08-10 00:48:32 +00:00
nagendra modadugu
bbe9263f85 Respect limited requirements for Strongbox KM implementations
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.

Also amend tests to use Update().

Test: Yes it is
Bug: 74519020
Merged-In: Ibec9c3398671f81dbc0ecf78e554726276160579
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
(cherry picked from commit 3a7e2cade3)
2018-08-10 00:48:11 +00:00
Shawn Willden
0dba888612 Change ImportWrappedKeyTest back to SHA1
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test.  This CL
reverts that portion of the change.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
2018-08-06 17:23:23 -06:00
Shawn Willden
4e006c2b92 Require keymaster4 attestations to contain the right version.
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.

Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
2018-08-02 21:01:10 +00:00
nagendra modadugu
8cec80be1f keymaster: skip SHA2 digest tests for strongbox
Strongbox is not required to support SHA-2 digests,
so skip the related tests.

Bug: 109771020
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
2018-07-23 11:25:00 -07:00