Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 11:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change KeyCharacteristics

Browse Source 
Support key characteristics with three security levels, do not store
unenforced authorizations with keys or bind them to keys.

Bug: 163606833
Test: atest VtsAidlKeyMintTargetTest
Change-Id: Idbc523f16d8ef66ec38e0d503ad579a93c49e7b4
This commit is contained in:
Shawn Willden
2021-01-10 18:06:50 -07:00
parent 46f91823cf
commit 7f42437ebb
36 changed files with 494 additions and 420 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Algorithm.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BeginResult.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BlockMode.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Certificate.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Digest.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

19
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped
@@ -21,9 +22,9 @@ interface IKeyMintDevice {
android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo();
android.hardware.security.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.security.keymint.HardwareAuthToken token);
void addRngEntropy(in byte[] data);
void generateKey(in android.hardware.security.keymint.KeyParameter[] keyParams, out android.hardware.security.keymint.ByteArray generatedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
void importKey(in android.hardware.security.keymint.KeyParameter[] inKeyParams, in android.hardware.security.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.security.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics);
android.hardware.security.keymint.KeyCreationResult generateKey(in android.hardware.security.keymint.KeyParameter[] keyParams);
android.hardware.security.keymint.KeyCreationResult importKey(in android.hardware.security.keymint.KeyParameter[] keyParams, in android.hardware.security.keymint.KeyFormat keyFormat, in byte[] keyData);
android.hardware.security.keymint.KeyCreationResult importWrappedKey(in byte[] wrappedKeyData, in byte[] wrappingKeyBlob, in byte[] maskingKey, in android.hardware.security.keymint.KeyParameter[] unwrappingParams, in long passwordSid, in long biometricSid);
byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.security.keymint.KeyParameter[] inUpgradeParams);
void deleteKey(in byte[] inKeyBlob);
void deleteAllKeys();

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

17
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped
@@ -18,6 +19,6 @@
package android.hardware.security.keymint;
@VintfStability
parcelable KeyCharacteristics {
android.hardware.security.keymint.KeyParameter[] softwareEnforced;
android.hardware.security.keymint.KeyParameter[] hardwareEnforced;
android.hardware.security.keymint.SecurityLevel securityLevel;
android.hardware.security.keymint.KeyParameter[] authorizations;
}

25
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCreationResult.aidl Normal file
View File

@@ -0,0 +1,25 @@
///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.keymint;
@VintfStability
parcelable KeyCreationResult {
byte[] keyBlob;
android.hardware.security.keymint.KeyCharacteristics[] keyCharacteristics;
android.hardware.security.keymint.Certificate[] certificateChain;
}

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyFormat.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyOrigin.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterValue.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyPurpose.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/PaddingMode.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Timestamp.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

13
security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/VerificationToken.aidl
View File

@@ -2,13 +2,14 @@
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
// This file is a snapshot of an AIDL file. Do not edit it manually. There are
// two cases:
// 1). this is a frozen version file - do not edit this in any case.
// 2). this is a 'current' file. If you make a backwards compatible change to
// the interface (from the latest frozen version), the build system will
// prompt you to update this file with `m <name>-update-api`.
//
// You must not make a backward incompatible changes to the AIDL files built
// You must not make a backward incompatible change to any AIDL file built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped

3
security/keymint/aidl/android/hardware/security/keymint/Certificate.aidl
View File

@@ -17,9 +17,8 @@
package android.hardware.security.keymint;
/**
* This encodes the IKeyMintDevice attestation generated certificate.
* This encodes an IKeyMintDevice certificate, generated for a KeyMint asymmetric public key.
*/
@VintfStability
parcelable Certificate {
/**

171
security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
View File

@@ -18,10 +18,9 @@ package android.hardware.security.keymint;
import android.hardware.security.keymint.BeginResult;
import android.hardware.security.keymint.ByteArray;
import android.hardware.security.keymint.Certificate;
import android.hardware.security.keymint.HardwareAuthToken;
import android.hardware.security.keymint.IKeyMintOperation;
import android.hardware.security.keymint.KeyCharacteristics;
import android.hardware.security.keymint.KeyCreationResult;
import android.hardware.security.keymint.KeyFormat;
import android.hardware.security.keymint.KeyParameter;
import android.hardware.security.keymint.KeyMintHardwareInfo;
@@ -126,16 +125,22 @@ import android.hardware.security.keymint.VerificationToken;
* attacker can use them at will (though they're more secure than keys which can be
* exfiltrated). Therefore, IKeyMintDevice must enforce access controls.
*
* Access controls are defined as an "authorization list" of tag/value pairs. Authorization tags
* are 32-bit integers from the Tag enum, and the values are a variety of types, defined in the
* TagType enum. Some tags may be repeated to specify multiple values. Whether a tag may be
* repeated is specified in the documentation for the tag and in the TagType. When a key is
* created or imported, the caller specifies an authorization list. The IKeyMintDevice must divide
* the caller-provided authorizations into two lists, those it enforces in tee secure zone and
* those enforced in the strongBox hardware. These two lists are returned as the "teeEnforced"
* and "strongboxEnforced" elements of the KeyCharacteristics struct. Note that software enforced
* authorization list entries are not returned because they are not enforced by keymint. The
* IKeyMintDevice must also add the following authorizations to the appropriate list:
* Access controls are defined as "authorization lists" of tag/value pairs. Authorization tags are
* 32-bit integers from the Tag enum, and the values are a variety of types, defined in the TagType
* enum. Some tags may be repeated to specify multiple values. Whether a tag may be repeated is
* specified in the documentation for the tag and in the TagType. When a key is created or
* imported, the caller specifies a `key_description` authorization list. The IKeyMintDevice must
* determine which tags it can and cannot enforce, and at what SecurityLevel, and return an array of
* `KeyCharacteristics` structures that contains everything it will enforce, associated with the
* appropriate security level, which is one of SOFTWARE, TRUSTED_ENVIRONMENT and STRONGBOX.
* Typically, implementations will only return a single KeyCharacteristics structure, because
* everything they enforce is enforced at the same security level. There may be cases, however, for
* which multiple security levels are relevant. One example is that of a StrongBox IKeyMintDevice
* that relies on a TEE to enforce biometric user authentication. In that case, the generate/import
* methods must return two KeyCharacteristics structs, one with SecurityLevel::TRUSTED_ENVIRONMENT
* and the biometric authentication-related tags, and another with SecurityLevel::STRONGBOX and
* everything else. The IKeyMintDevice must also add the following authorizations to the
* appropriate list:
*
* o Tag::OS_VERSION
* o Tag::OS_PATCHLEVEL
@@ -148,26 +153,27 @@ import android.hardware.security.keymint.VerificationToken;
* The caller must always provide the current date time in the keyParameter CREATION_DATETIME
* tags.
*
* All authorization tags and their values, both teeEnforced and strongboxEnforced, including
* unknown tags, must be cryptographically bound to the private/secret key material such that any
* modification of the portion of the key blob that contains the authorization list makes it
* impossible for the secure environment to obtain the private/secret key material. The
* recommended approach to meet this requirement is to use the full set of authorization tags
* associated with a key as input to a secure key derivation function used to derive a key that
* is used to encrypt the private/secret key material.
* All authorization tags and their values enforced by an IKeyMintDevice must be cryptographically
* bound to the private/secret key material such that any modification of the portion of the key
* blob that contains the authorization list makes it impossible for the secure environment to
* obtain the private/secret key material. The recommended approach to meet this requirement is to
* use the full set of authorization tags associated with a key as input to a secure key derivation
* function used to derive a key (the KEK) that is used to encrypt the private/secret key material.
* Note that it is NOT acceptable to use a static KEK to encrypt the private/secret key material
* with an AEAD cipher mode, using the enforced authorization tags as AAD. This is because
* Tag::APPLICATION_DATA must not be included in the authorization tags stored in the key blob, but
* must be provided by the caller for every use. Assuming the Tag::APPLICATION_DATA value has
* sufficient entropy, this provides a cryptographic guarantee that an attacker cannot use a key
* without knowing the Tag::APPLICATION_DATA value, even if they compromise the IKeyMintDevice.
*
* IKeyMintDevice implementations ignore any tags they cannot enforce and do not return them
* in KeyCharacteristics. For example, Tag::ORIGINATION_EXPIRE_DATETIME provides the date and
* time after which a key may not be used to encrypt or sign new messages. Unless the
* IKeyMintDevice has access to a secure source of current date/time information, it is not
* possible for the IKeyMintDevice to enforce this tag. An IKeyMintDevice implementation will
* not rely on the non-secure world's notion of time, because it could be controlled by an
* attacker. Similarly, it cannot rely on GPSr time, even if it has exclusive control of the
* GPSr, because that might be spoofed by attacker RF signals.
*
* IKeyMintDevices do not use or enforce any tags they place in the softwareEnforced
* list. The IKeyMintDevice caller must enforce them, and it is unnecessary to enforce them
* twice.
* IKeyMintDevice implementations must ignore any tags they cannot enforce and must not return them
* in KeyCharacteristics. For example, Tag::ORIGINATION_EXPIRE_DATETIME provides the date and time
* after which a key may not be used to encrypt or sign new messages. Unless the IKeyMintDevice has
* access to a secure source of current date/time information, it is not possible for the
* IKeyMintDevice to enforce this tag. An IKeyMintDevice implementation will not rely on the
* non-secure world's notion of time, because it could be controlled by an attacker. Similarly, it
* cannot rely on GPSr time, even if it has exclusive control of the GPSr, because that might be
* spoofed by attacker RF signals.
*
* Some tags must be enforced by the IKeyMintDevice. See the detailed documentation on each Tag
* in Tag.aidl.
@@ -337,38 +343,9 @@ interface IKeyMintDevice {
* provided in params. See above for detailed specifications of which tags are required
* for which types of keys.
*
* @return generatedKeyBlob Opaque descriptor of the generated key. The recommended
* implementation strategy is to include an encrypted copy of the key material, wrapped
* in a key unavailable outside secure hardware.
*
* @return generatedKeyCharacteristics Description of the generated key, divided into two sets:
* hardware-enforced and software-enforced. The description here applies equally
* to the key characteristics lists returned by generateKey, importKey and
* importWrappedKey. The characteristics returned by this parameter completely
* describe the type and usage of the specified key.
*
* The rule that IKeyMintDevice implementations must use for deciding whether a
* given tag belongs in the hardware-enforced or software-enforced list is that if
* the meaning of the tag is fully assured by secure hardware, it is hardware
* enforced. Otherwise, it's software enforced.
*
* @return outCertChain If the key is an asymmetric key, and proper keyparameters for
* attestation (such as challenge) is provided, then this parameter will return the
* attestation certificate. If the signing of the attestation certificate is from a
* factory key, additional certificates back to the root attestation certificate will
* also be provided. Clients will need to check root certificate against a known-good
* value. The certificates must be DER-encoded. Caller needs to provide
* CREATION_DATETIME as one of the attestation parameters, otherwise the attestation
* certificate will not contain the creation datetime. The first certificate in the
* vector is the attestation for the generated key itself, the next certificate is
* the key that signs the first certificate, and so forth. The last certificate in
* the chain is the root certificate. If the key is a symmetric key, then no
* certificate will be returned and this variable will return empty. TODO: change
* certificate return to a single certificate and make it nullable b/163604282.
* @return The result of key creation. See KeyCreationResult.aidl.
*/
void generateKey(in KeyParameter[] keyParams, out ByteArray generatedKeyBlob,
out KeyCharacteristics generatedKeyCharacteristics,
out Certificate[] outCertChain);
KeyCreationResult generateKey(in KeyParameter[] keyParams);
/**
* Imports key material into an IKeyMintDevice. Key definition parameters and return values
@@ -396,29 +373,10 @@ interface IKeyMintDevice {
*
* @param inKeyData The key material to import, in the format specified in keyFormat.
*
* @return outImportedKeyBlob descriptor of the imported key. The format of the keyblob will
* be the google specified keyblob format.
*
* @return outImportedKeyCharacteristics Description of the generated key. See the
* keyCharacteristics description in generateKey.
*
* @return outCertChain If the key is an asymmetric key, and proper keyparameters for
* attestation (such as challenge) is provided, then this parameter will return the
* attestation certificate. If the signing of the attestation certificate is from a
* factory key, additional certificates back to the root attestation certificate will
* also be provided. Clients will need to check root certificate against a known-good
* value. The certificates must be DER-encoded. Caller needs to provide
* CREATION_DATETIME as one of the attestation parameters, otherwise the attestation
* certificate will not contain the creation datetime. The first certificate in the
* vector is the attestation for the generated key itself, the next certificate is
* the key that signs the first certificate, and so forth. The last certificate in
* the chain is the root certificate. If the key is a symmetric key, then no
* certificate will be returned and this variable will return empty.
* @return The result of key creation. See KeyCreationResult.aidl.
*/
void importKey(in KeyParameter[] inKeyParams, in KeyFormat inKeyFormat,
in byte[] inKeyData, out ByteArray outImportedKeyBlob,
out KeyCharacteristics outImportedKeyCharacteristics,
out Certificate[] outCertChain);
KeyCreationResult importKey(in KeyParameter[] keyParams, in KeyFormat keyFormat,
in byte[] keyData);
/**
* Securely imports a key, or key pair, returning a key blob and a description of the imported
@@ -474,45 +432,38 @@ interface IKeyMintDevice {
* 5. Perform the equivalent of calling importKey(keyParams, keyFormat, keyData), except
* that the origin tag should be set to SECURELY_IMPORTED.
*
* @param inWrappingKeyBlob The opaque key descriptor returned by generateKey() or importKey().
* @param wrappingKeyBlob The opaque key descriptor returned by generateKey() or importKey().
* This key must have been created with Purpose::WRAP_KEY.
*
* @param inMaskingKey The 32-byte value XOR'd with the transport key in the SecureWrappedKey
* @param maskingKey The 32-byte value XOR'd with the transport key in the SecureWrappedKey
* structure.
*
* @param inUnwrappingParams must contain any parameters needed to perform the unwrapping
* operation. For example, if the wrapping key is an AES key the block and padding
* modes must be specified in this argument.
* @param unwrappingParams must contain any parameters needed to perform the unwrapping
* operation. For example, if the wrapping key is an AES key the block and padding modes
* must be specified in this argument.
*
* @param inPasswordSid specifies the password secure ID (SID) of the user that owns the key
* being installed. If the authorization list in wrappedKeyData contains a
* Tag::USER_SECURE_IDwith a value that has the HardwareAuthenticatorType::PASSWORD
* bit set, the constructed key must be bound to the SID value provided by this
* argument. If the wrappedKeyData does not contain such a tag and value, this argument
* must be ignored.
* @param passwordSid specifies the password secure ID (SID) of the user that owns the key being
* installed. If the authorization list in wrappedKeyData contains a
* Tag::USER_SECURE_IDwith a value that has the HardwareAuthenticatorType::PASSWORD bit
* set, the constructed key must be bound to the SID value provided by this argument. If
* the wrappedKeyData does not contain such a tag and value, this argument must be
* ignored.
*
* @param inBiometricSid specifies the biometric secure ID (SID) of the user that owns the key
* @param biometricSid specifies the biometric secure ID (SID) of the user that owns the key
* being installed. If the authorization list in wrappedKeyData contains a
* Tag::USER_SECURE_ID with a value that has the HardwareAuthenticatorType::FINGERPRINT
* bit set, the constructed key must be bound to the SID value provided by this argument.
* If the wrappedKeyData does not contain such a tag and value, this argument must be
* ignored.
*
* @return outImportedKeyBlob Opaque descriptor of the imported key. It is recommended that
* the keyBlob contain a copy of the key material, wrapped in a key unavailable outside
* secure hardware.
*
* @return outImportedKeyCharacteristics Description of the generated key. See the description
* of keyCharacteristics parameter in generateKey.
* @return The result of key creation. See KeyCreationResult.aidl.
*/
void importWrappedKey(in byte[] inWrappedKeyData,
in byte[] inWrappingKeyBlob,
in byte[] inMaskingKey,
in KeyParameter[] inUnwrappingParams,
in long inPasswordSid,
in long inBiometricSid,
out ByteArray outImportedKeyBlob,
out KeyCharacteristics outImportedKeyCharacteristics);
KeyCreationResult importWrappedKey(in byte[] wrappedKeyData,
in byte[] wrappingKeyBlob,
in byte[] maskingKey,
in KeyParameter[] unwrappingParams,
in long passwordSid,
in long biometricSid);
/**
* Upgrades an old key blob. Keys can become "old" in two ways: IKeyMintDevice can be

25
security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl
View File

@@ -17,25 +17,20 @@
package android.hardware.security.keymint;
import android.hardware.security.keymint.KeyParameter;
import android.hardware.security.keymint.SecurityLevel;
/**
* KeyCharacteristics defines the attributes of a key, including cryptographic parameters, and usage
* restrictions. It consits of two vectors of KeyParameters, one for "softwareEnforced" attributes
* and one for "hardwareEnforced" attributes.
* KeyCharacteristics defines the attributes of a key that are enforced by KeyMint, and the security
* level (see SecurityLevel.aidl) of that enforcement.
*
* KeyCharacteristics objects are returned by generateKey, importKey, importWrappedKey and
* getKeyCharacteristics. The IKeyMintDevice secure environment is responsible for allocating the
* parameters, all of which are Tags with associated values, to the correct vector. The
* hardwareEnforced vector must contain only those attributes which are enforced by secure hardware.
* All others should be in the softwareEnforced vector. See the definitions of individual Tag enums
* for specification of which must be hardware-enforced, which may be software-enforced and which
* must never appear in KeyCharacteristics.
* The `generateKey` `importKey` and `importWrappedKey` methods each return an array of
* KeyCharacteristics, specifying the security levels of enforcement and the authorizations
* enforced. Note that enforcement at a given security level means that the semantics of the tag
* and value are fully enforced. See the definition of individual tags for specifications of what
* must be enforced.
*/
@VintfStability
parcelable KeyCharacteristics {
/* TODO(seleneh) get rid of the software enforced in keymint. replace hardware enforced with
* tee enforced and strongbox enforced.
*/
KeyParameter[] softwareEnforced;
KeyParameter[] hardwareEnforced;
SecurityLevel securityLevel;
KeyParameter[] authorizations;
}

62
security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl Normal file
View File

@@ -0,0 +1,62 @@
/*
* Copyright (C) 2021 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.hardware.security.keymint;
import android.hardware.security.keymint.Certificate;
import android.hardware.security.keymint.KeyCharacteristics;
/**
* This structure is returned when a new key is created with generateKey(), importKey() or
* importWrappedKey().
*/
@VintfStability
parcelable KeyCreationResult {
/**
* `keyBlob` is an descriptor of the generated/imported key key.
*/
byte[] keyBlob;
/**
* `keyCharacteristics` is a description of the generated key in the form of authorization lists
* associated with security levels. The rules that IKeyMintDevice implementations must use for
* deciding whether a given tag from `keyParams` argument to the generation/import method should
* be returned in `keyCharacteristics` are:
*
* - If the IKeyMintDevice cannot fully enforce the semantics of the tag, it should be omitted.
* - If the semantics of the tag are fully enforced by the IKeyMintDevice, without any
* assistance from components running at other security levels, it should be included in an
* entry with the SecurityLevel of the IKeyMintDevice.
* - If the semantics of the tag are fully enforced, but with the assistance of components
* running at another SecurityLevel, it should be included in an entry with the minimum
* SecurityLevel of the involved components. For example if a StrongBox IKeyMintDevice relies
* on a TEE to validate biometric authentication, biometric authentication tags go in an entry
* with SecurityLevel::TRUSTED_ENVIRONMENT.
*/
KeyCharacteristics[] keyCharacteristics;
/**
* If the generated/imported key is an asymmetric key, `certificateChain` will contain a chain
* of one or more certificates. If the key parameters provided to the generate/import method
* contains Tag::ATTESTATION_CHALLENGE the first certificate will contain an attestation
* extension, and will be signed by a factory-installed attestation key and followed by a chain
* of certificates leading to an authoritative root. If there is no attestation challenge, only
* one certificate will be returned, and it will be self-signed or contain a fake signature,
* depending on whether the key has KeyPurpose::SIGN. If the generated key is symmetric,
* certificateChain will be empty.
*/
Certificate[] certificateChain;
}

8
security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
View File

@@ -512,10 +512,10 @@ enum Tag {
/**
* Tag::APPLICATION_DATA. When provided to generateKey or importKey, this tag specifies data
* that is necessary during all uses of the key. In particular, calls to exportKey() and
* getKeyCharacteristics() must provide the same value to the appData parameter, and calls to
* begin must provide this tag and the same associated data as part of the inParams set. If
* the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
* that is necessary during all uses of the key. In particular, calls to begin() and
* exportKey() must provide the same value to the appData parameter, and calls to begin must
* provide this tag and the same associated data as part of the inParams set. If the correct
* data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
*
* The content of this tag msut be bound to the key cryptographically, meaning it must not be
* possible for an adversary who has access to all of the secure world secrets but does not have

126
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
View File

@@ -17,6 +17,7 @@
#include "KeyMintAidlTestBase.h"
#include <chrono>
#include <unordered_set>
#include <vector>
#include <android-base/logging.h>
@@ -43,6 +44,34 @@ using std::optional;
namespace test {
namespace {
// Predicate for testing basic characteristics validity in generation or import.
bool KeyCharacteristicsBasicallyValid(SecurityLevel secLevel,
const vector<KeyCharacteristics>& key_characteristics) {
if (key_characteristics.empty()) return false;
std::unordered_set<SecurityLevel> levels_seen;
for (auto& entry : key_characteristics) {
if (entry.authorizations.empty()) return false;
if (levels_seen.find(entry.securityLevel) != levels_seen.end()) return false;
levels_seen.insert(entry.securityLevel);
// Generally, we should only have one entry, at the same security level as the KM
// instance. There is an exception: StrongBox KM can have some authorizations that are
// enforced by the TEE.
bool isExpectedSecurityLevel = secLevel == entry.securityLevel ||
(secLevel == SecurityLevel::STRONGBOX &&
entry.securityLevel == SecurityLevel::TRUSTED_ENVIRONMENT);
if (!isExpectedSecurityLevel) return false;
}
return true;
}
} // namespace
ErrorCode KeyMintAidlTestBase::GetReturnErrorCode(const Status& result) {
if (result.isOk()) return ErrorCode::OK;
@@ -78,35 +107,30 @@ void KeyMintAidlTestBase::SetUp() {
}
ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc,
vector<uint8_t>* keyBlob, KeyCharacteristics* keyChar) {
EXPECT_NE(keyBlob, nullptr) << "Key blob pointer must not be null. Test bug";
EXPECT_NE(keyChar, nullptr)
vector<uint8_t>* key_blob,
vector<KeyCharacteristics>* key_characteristics) {
EXPECT_NE(key_blob, nullptr) << "Key blob pointer must not be null. Test bug";
EXPECT_NE(key_characteristics, nullptr)
<< "Previous characteristics not deleted before generating key. Test bug.";
// Aidl does not clear these output parameters if the function returns
// error. This is different from hal where output parameter is always
// cleared due to hal returning void. So now we need to do our own clearing
// of the output variables prior to calling keyMint aidl libraries.
keyBlob->clear();
keyChar->softwareEnforced.clear();
keyChar->hardwareEnforced.clear();
certChain_.clear();
key_blob->clear();
key_characteristics->clear();
cert_chain_.clear();
Status result;
ByteArray blob;
KeyCreationResult creationResult;
Status result = keymint_->generateKey(key_desc.vector_data(), &creationResult);
result = keymint_->generateKey(key_desc.vector_data(), &blob, keyChar, &certChain_);
// On result, blob & characteristics should be empty.
if (result.isOk()) {
if (SecLevel() != SecurityLevel::SOFTWARE) {
EXPECT_GT(keyChar->hardwareEnforced.size(), 0);
}
EXPECT_GT(keyChar->softwareEnforced.size(), 0);
// TODO(seleneh) in a later version where we return @nullable
// single Certificate, check non-null single certificate is always
// non-empty.
*keyBlob = blob.data;
EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
creationResult.keyCharacteristics);
EXPECT_GT(creationResult.keyBlob.size(), 0);
*key_blob = std::move(creationResult.keyBlob);
*key_characteristics = std::move(creationResult.keyCharacteristics);
cert_chain_ = std::move(creationResult.certificateChain);
}
return GetReturnErrorCode(result);
@@ -118,25 +142,26 @@ ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc) {
ErrorCode KeyMintAidlTestBase::ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
const string& key_material, vector<uint8_t>* key_blob,
KeyCharacteristics* key_characteristics) {
vector<KeyCharacteristics>* key_characteristics) {
Status result;
certChain_.clear();
key_characteristics->softwareEnforced.clear();
key_characteristics->hardwareEnforced.clear();
cert_chain_.clear();
key_characteristics->clear();
key_blob->clear();
ByteArray blob;
KeyCreationResult creationResult;
result = keymint_->importKey(key_desc.vector_data(), format,
vector<uint8_t>(key_material.begin(), key_material.end()), &blob,
key_characteristics, &certChain_);
vector<uint8_t>(key_material.begin(), key_material.end()),
&creationResult);
if (result.isOk()) {
if (SecLevel() != SecurityLevel::SOFTWARE) {
EXPECT_GT(key_characteristics->hardwareEnforced.size(), 0);
}
EXPECT_GT(key_characteristics->softwareEnforced.size(), 0);
*key_blob = blob.data;
EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
creationResult.keyCharacteristics);
EXPECT_GT(creationResult.keyBlob.size(), 0);
*key_blob = std::move(creationResult.keyBlob);
*key_characteristics = std::move(creationResult.keyCharacteristics);
cert_chain_ = std::move(creationResult.certificateChain);
}
return GetReturnErrorCode(result);
@@ -151,25 +176,25 @@ ErrorCode KeyMintAidlTestBase::ImportWrappedKey(string wrapped_key, string wrapp
const AuthorizationSet& wrapping_key_desc,
string masking_key,
const AuthorizationSet& unwrapping_params) {
Status result;
EXPECT_EQ(ErrorCode::OK, ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key));
ByteArray outBlob;
key_characteristics_.softwareEnforced.clear();
key_characteristics_.hardwareEnforced.clear();
key_characteristics_.clear();
result = keymint_->importWrappedKey(vector<uint8_t>(wrapped_key.begin(), wrapped_key.end()),
key_blob_,
vector<uint8_t>(masking_key.begin(), masking_key.end()),
unwrapping_params.vector_data(), 0 /* passwordSid */,
0 /* biometricSid */, &outBlob, &key_characteristics_);
KeyCreationResult creationResult;
Status result = keymint_->importWrappedKey(
vector<uint8_t>(wrapped_key.begin(), wrapped_key.end()), key_blob_,
vector<uint8_t>(masking_key.begin(), masking_key.end()),
unwrapping_params.vector_data(), 0 /* passwordSid */, 0 /* biometricSid */,
&creationResult);
if (result.isOk()) {
key_blob_ = outBlob.data;
if (SecLevel() != SecurityLevel::SOFTWARE) {
EXPECT_GT(key_characteristics_.hardwareEnforced.size(), 0);
}
EXPECT_GT(key_characteristics_.softwareEnforced.size(), 0);
EXPECT_PRED2(KeyCharacteristicsBasicallyValid, SecLevel(),
creationResult.keyCharacteristics);
EXPECT_GT(creationResult.keyBlob.size(), 0);
key_blob_ = std::move(creationResult.keyBlob);
key_characteristics_ = std::move(creationResult.keyCharacteristics);
cert_chain_ = std::move(creationResult.certificateChain);
}
return GetReturnErrorCode(result);
@@ -754,6 +779,15 @@ vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {
return {};
}
static const vector<KeyParameter> kEmptyAuthList{};
const vector<KeyParameter>& KeyMintAidlTestBase::SecLevelAuthorizations(
const vector<KeyCharacteristics>& key_characteristics) {
auto found = std::find_if(key_characteristics.begin(), key_characteristics.end(),
[this](auto& entry) { return entry.securityLevel == SecLevel(); });
return (found == key_characteristics.end()) ? kEmptyAuthList : found->authorizations;
}
} // namespace test
} // namespace aidl::android::hardware::security::keymint

18
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
View File

@@ -56,13 +56,13 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
ErrorCode GetReturnErrorCode(const Status& result);
ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
KeyCharacteristics* key_characteristics);
vector<KeyCharacteristics>* key_characteristics);
ErrorCode GenerateKey(const AuthorizationSet& key_desc);
ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
const string& key_material, vector<uint8_t>* key_blob,
KeyCharacteristics* key_characteristics);
vector<KeyCharacteristics>* key_characteristics);
ErrorCode ImportKey(const AuthorizationSet& key_desc, KeyFormat format,
const string& key_material);
@@ -147,8 +147,8 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
std::pair<ErrorCode, vector<uint8_t>> UpgradeKey(const vector<uint8_t>& key_blob);
bool IsSecure() { return securityLevel_ != SecurityLevel::SOFTWARE; }
SecurityLevel SecLevel() { return securityLevel_; }
bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; }
SecurityLevel SecLevel() const { return securityLevel_; }
vector<uint32_t> ValidKeySizes(Algorithm algorithm);
vector<uint32_t> InvalidKeySizes(Algorithm algorithm);
@@ -164,9 +164,15 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
}
std::shared_ptr<IKeyMintOperation> op_;
vector<Certificate> certChain_;
vector<Certificate> cert_chain_;
vector<uint8_t> key_blob_;
KeyCharacteristics key_characteristics_;
vector<KeyCharacteristics> key_characteristics_;
const vector<KeyParameter>& SecLevelAuthorizations(
const vector<KeyCharacteristics>& key_characteristics);
inline const vector<KeyParameter>& SecLevelAuthorizations() {
return SecLevelAuthorizations(key_characteristics_);
}
private:
std::shared_ptr<IKeyMintDevice> keymint_;

122
security/keymint/aidl/vts/functional/KeyMintTest.cpp
View File

@@ -56,18 +56,16 @@ using namespace aidl::android::hardware::security::keymint;
template <>
struct std::equal_to<KeyCharacteristics> {
bool operator()(const KeyCharacteristics& a, const KeyCharacteristics& b) const {
// This isn't very efficient. Oh, well.
AuthorizationSet a_sw(a.softwareEnforced);
AuthorizationSet b_sw(b.softwareEnforced);
AuthorizationSet a_tee(b.hardwareEnforced);
AuthorizationSet b_tee(b.hardwareEnforced);
if (a.securityLevel != b.securityLevel) return false;
a_sw.Sort();
b_sw.Sort();
a_tee.Sort();
b_tee.Sort();
// this isn't very efficient. Oh, well.
AuthorizationSet a_auths(a.authorizations);
AuthorizationSet b_auths(b.authorizations);
return ((a_sw == b_sw) && (a_tee == b_tee));
a_auths.Sort();
b_auths.Sort();
return a_auths == b_auths;
}
};
@@ -229,19 +227,20 @@ class AidlBuf : public vector<uint8_t> {
class NewKeyGenerationTest : public KeyMintAidlTestBase {
protected:
void CheckBaseParams(const KeyCharacteristics& keyCharacteristics) {
void CheckBaseParams(const vector<KeyCharacteristics>& keyCharacteristics) {
// TODO(swillden): Distinguish which params should be in which auth list.
AuthorizationSet auths(keyCharacteristics.hardwareEnforced);
auths.push_back(AuthorizationSet(keyCharacteristics.softwareEnforced));
AuthorizationSet auths;
for (auto& entry : keyCharacteristics) {
auths.push_back(AuthorizationSet(entry.authorizations));
}
EXPECT_TRUE(auths.Contains(TAG_ORIGIN, KeyOrigin::GENERATED));
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN));
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::VERIFY));
// Verify that App ID, App data and ROT are NOT included.
// Verify that App data and ROT are NOT included.
EXPECT_FALSE(auths.Contains(TAG_ROOT_OF_TRUST));
EXPECT_FALSE(auths.Contains(TAG_APPLICATION_ID));
EXPECT_FALSE(auths.Contains(TAG_APPLICATION_DATA));
// Check that some unexpected tags/values are NOT present.
@@ -249,15 +248,13 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase {
EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::DECRYPT));
EXPECT_FALSE(auths.Contains(TAG_AUTH_TIMEOUT, 301U));
// Now check that unspecified, defaulted tags are correct.
EXPECT_TRUE(auths.Contains(TAG_CREATION_DATETIME));
auto os_ver = auths.GetTagValue(TAG_OS_VERSION);
ASSERT_TRUE(os_ver);
EXPECT_EQ(*os_ver, os_version());
EXPECT_TRUE(auths.Contains(TAG_OS_VERSION, os_version()))
<< "OS version is " << os_version() << " key reported "
<< auths.GetTagValue(TAG_OS_VERSION)->get();
EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, os_patch_level()))
<< "OS patch level is " << os_patch_level() << " key reported "
<< auths.GetTagValue(TAG_OS_PATCHLEVEL)->get();
auto os_pl = auths.GetTagValue(TAG_OS_PATCHLEVEL);
ASSERT_TRUE(os_pl);
EXPECT_EQ(*os_pl, os_patch_level());
}
};
@@ -270,7 +267,7 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase {
TEST_P(NewKeyGenerationTest, Rsa) {
for (auto key_size : ValidKeySizes(Algorithm::RSA)) {
vector<uint8_t> key_blob;
KeyCharacteristics key_characteristics;
vector<KeyCharacteristics> key_characteristics;
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(key_size, 65537)
.Digest(Digest::NONE)
@@ -280,12 +277,7 @@ TEST_P(NewKeyGenerationTest, Rsa) {
ASSERT_GT(key_blob.size(), 0U);
CheckBaseParams(key_characteristics);
AuthorizationSet crypto_params;
if (IsSecure()) {
crypto_params = key_characteristics.hardwareEnforced;
} else {
crypto_params = key_characteristics.softwareEnforced;
}
AuthorizationSet crypto_params = SecLevelAuthorizations(key_characteristics);
EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::RSA));
EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size))
@@ -304,7 +296,7 @@ TEST_P(NewKeyGenerationTest, Rsa) {
TEST_P(NewKeyGenerationTest, NoInvalidRsaSizes) {
for (auto key_size : InvalidKeySizes(Algorithm::RSA)) {
vector<uint8_t> key_blob;
KeyCharacteristics key_characteristics;
vector<KeyCharacteristics> key_characteristics;
ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(key_size, 65537)
@@ -337,7 +329,7 @@ TEST_P(NewKeyGenerationTest, RsaNoDefaultSize) {
TEST_P(NewKeyGenerationTest, Ecdsa) {
for (auto key_size : ValidKeySizes(Algorithm::EC)) {
vector<uint8_t> key_blob;
KeyCharacteristics key_characteristics;
vector<KeyCharacteristics> key_characteristics;
ASSERT_EQ(ErrorCode::OK,
GenerateKey(
AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(Digest::NONE),
@@ -345,12 +337,7 @@ TEST_P(NewKeyGenerationTest, Ecdsa) {
ASSERT_GT(key_blob.size(), 0U);
CheckBaseParams(key_characteristics);
AuthorizationSet crypto_params;
if (IsSecure()) {
crypto_params = key_characteristics.hardwareEnforced;
} else {
crypto_params = key_characteristics.softwareEnforced;
}
AuthorizationSet crypto_params = SecLevelAuthorizations(key_characteristics);
EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::EC));
EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size))
@@ -383,7 +370,7 @@ TEST_P(NewKeyGenerationTest, EcdsaDefaultSize) {
TEST_P(NewKeyGenerationTest, EcdsaInvalidSize) {
for (auto key_size : InvalidKeySizes(Algorithm::EC)) {
vector<uint8_t> key_blob;
KeyCharacteristics key_characteristics;
vector<KeyCharacteristics> key_characteristics;
ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
GenerateKey(
AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(Digest::NONE),
@@ -454,7 +441,7 @@ TEST_P(NewKeyGenerationTest, EcdsaAllValidCurves) {
TEST_P(NewKeyGenerationTest, Hmac) {
for (auto digest : ValidDigests(false /* withNone */, true /* withMD5 */)) {
vector<uint8_t> key_blob;
KeyCharacteristics key_characteristics;
vector<KeyCharacteristics> key_characteristics;
constexpr size_t key_size = 128;
ASSERT_EQ(ErrorCode::OK,
GenerateKey(
@@ -465,17 +452,10 @@ TEST_P(NewKeyGenerationTest, Hmac) {
ASSERT_GT(key_blob.size(), 0U);
CheckBaseParams(key_characteristics);
AuthorizationSet hardwareEnforced = key_characteristics.hardwareEnforced;
AuthorizationSet softwareEnforced = key_characteristics.softwareEnforced;
if (IsSecure()) {
EXPECT_TRUE(hardwareEnforced.Contains(TAG_ALGORITHM, Algorithm::HMAC));
EXPECT_TRUE(hardwareEnforced.Contains(TAG_KEY_SIZE, key_size))
<< "Key size " << key_size << "missing";
} else {
EXPECT_TRUE(softwareEnforced.Contains(TAG_ALGORITHM, Algorithm::HMAC));
EXPECT_TRUE(softwareEnforced.Contains(TAG_KEY_SIZE, key_size))
<< "Key size " << key_size << "missing";
}
AuthorizationSet crypto_params = SecLevelAuthorizations(key_characteristics);
EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::HMAC));
EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size))
<< "Key size " << key_size << "missing";
CheckedDeleteKey(&key_blob);
}
@@ -600,7 +580,7 @@ TEST_P(SigningOperationsTest, RsaSuccess) {
/*
* SigningOperationsTest.RsaUseRequiresCorrectAppIdAppData
*
* Verifies that using an RSA key requires the correct app ID/data.
* Verifies that using an RSA key requires the correct app data.
*/
TEST_P(SigningOperationsTest, RsaUseRequiresCorrectAppIdAppData) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
@@ -1412,7 +1392,7 @@ TEST_P(VerificationOperationsTest, HmacSigningKeyCannotVerify) {
string key_material = "HelloThisIsAKey";
vector<uint8_t> signing_key, verification_key;
KeyCharacteristics signing_key_chars, verification_key_chars;
vector<KeyCharacteristics> signing_key_chars, verification_key_chars;
EXPECT_EQ(ErrorCode::OK,
ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
@@ -1466,28 +1446,22 @@ class ImportKeyTest : public KeyMintAidlTestBase {
template <TagType tag_type, Tag tag, typename ValueT>
void CheckCryptoParam(TypedTag<tag_type, tag> ttag, ValueT expected) {
SCOPED_TRACE("CheckCryptoParam");
if (IsSecure()) {
EXPECT_TRUE(contains(key_characteristics_.hardwareEnforced, ttag, expected))
<< "Tag " << tag << " with value " << expected << " not found";
EXPECT_FALSE(contains(key_characteristics_.softwareEnforced, ttag))
<< "Tag " << tag << " found";
} else {
EXPECT_TRUE(contains(key_characteristics_.softwareEnforced, ttag, expected))
<< "Tag " << tag << " with value " << expected << " not found";
EXPECT_FALSE(contains(key_characteristics_.hardwareEnforced, ttag))
<< "Tag " << tag << " found";
for (auto& entry : key_characteristics_) {
if (entry.securityLevel == SecLevel()) {
EXPECT_TRUE(contains(entry.authorizations, ttag, expected))
<< "Tag " << tag << " with value " << expected
<< " not found at security level" << entry.securityLevel;
} else {
EXPECT_FALSE(contains(entry.authorizations, ttag, expected))
<< "Tag " << tag << " found at security level " << entry.securityLevel;
}
}
}
void CheckOrigin() {
SCOPED_TRACE("CheckOrigin");
if (IsSecure()) {
EXPECT_TRUE(contains(key_characteristics_.hardwareEnforced, TAG_ORIGIN,
KeyOrigin::IMPORTED));
} else {
EXPECT_TRUE(contains(key_characteristics_.softwareEnforced, TAG_ORIGIN,
KeyOrigin::IMPORTED));
}
// Origin isn't a crypto param, but it always lives with them.
return CheckCryptoParam(TAG_ORIGIN, KeyOrigin::IMPORTED);
}
};
@@ -3950,7 +3924,7 @@ TEST_P(KeyDeletionTest, DeleteKey) {
// Delete must work if rollback protection is implemented
if (error == ErrorCode::OK) {
AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced);
AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, DeleteKey(true /* keep key blob */));
@@ -3983,8 +3957,8 @@ TEST_P(KeyDeletionTest, DeleteInvalidKey) {
// Delete must work if rollback protection is implemented
if (error == ErrorCode::OK) {
AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced);
ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
AuthorizationSet enforced(SecLevelAuthorizations());
ASSERT_TRUE(enforced.Contains(TAG_ROLLBACK_RESISTANCE));
// Delete the key we don't care about the result at this point.
DeleteKey();
@@ -4019,7 +3993,7 @@ TEST_P(KeyDeletionTest, DeleteAllKeys) {
// Delete must work if rollback protection is implemented
if (error == ErrorCode::OK) {
AuthorizationSet hardwareEnforced(key_characteristics_.hardwareEnforced);
AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());

6
security/keymint/support/include/keymint_support/key_param_output.h
View File

@@ -84,8 +84,10 @@ template <typename ValueT>
::std::ostream& operator<<(::std::ostream& os, const KeyParameter& param);
inline ::std::ostream& operator<<(::std::ostream& os, const KeyCharacteristics& value) {
return os << "SW: " << value.softwareEnforced << ::std::endl
<< "HW: " << value.hardwareEnforced << ::std::endl;
for (auto& entry : value.authorizations) {
os << value.securityLevel << ": " << entry;
}
return os;
}
inline ::std::ostream& operator<<(::std::ostream& os, KeyPurpose value) {