The underlying array may be cleaned up once its lifetime has ended,
the initializer_list would become ill-formed. Return as std::vector
instead.
This fixes "-Wreturn-stack-address" (clang) / "-Winit-list-lifetime"
(gcc) warning.
Test: mma
Bug: 111998531
Change-Id: Ie5bb6bc3d0d7689744fd573c5683b22e6fb6b178
Since Confirmation UI is optional for Strongbox
implementation, skipping the test.
Bug: 112189538
Test: This is an update to the vts test
Change-Id: Ie3485a1de92444b0c49670b198de30ea25e0673e
Signed-off-by: Max Bires <jbires@google.com>
Keymaster HAL documentation documents the bootPatchLevel as having
tag 718, while types.hal indicates the tag value for it is actually
719.
Test: N/A
Bug: 78104779
Merged-In: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
Change-Id: I0dde0b3c863081f2594e20466d8e82866a5f2d2e
(cherry picked from commit ae8da1b70a)
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.
Test: Patches the strongbox tests
Bug: 112189538
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
Change I5f877b2a1ac66026a876e145416ba078d486e4b5 inadvertently changed
the digest used for ImportWrappedKey, breaking the test. This CL
reverts that portion of the change.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112279922
Bug: 80246122
Change-Id: Ib8e2e7793ba46ae0d29d8407bb730a35bdb5ea98
Note that devices with KM4 will fail to pass VTS after this
lands, until the fix from Qualcomm arrives.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 112040197
Bug: 80246122
Change-Id: Ie2cd917af704b9f19de3537297b3a7e4f0c861e9
Strongbox is not required to support SHA-2 digests,
so skip the related tests.
Bug: 109771020
Bug: 80246122
Test: This is the test
Change-Id: I5f877b2a1ac66026a876e145416ba078d486e4b5
Remove out of spec enforcement on the amount of data returned
by update, as this is not specified in the HAL.
Bug: 109771020
Bug: 80246122
Test: yes it is
Change-Id: Ic41afbd01d51faf48d3c0fe090409ebcd257cc1e
The buffer is allocated by OPENSSL_malloc() in X509_NAME_oneline(name, nullptr, 0).
Should be reclaimed by OPENSSL_free() instead of free().
The patch is provided by vink.shen@mediatek.corp-partner.google.com
Bug: 109708231
Test: build pass
Merged-In: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
Change-Id: I66a864e3e28905eebac2e7d3a4517d4d5aaa39df
(cherry picked from commit 79db3ec849)
With this patch the KM VTS test apply the restricted requirements on
supported key sizes, EC curves, and Digests to Strongbox keymaster
implementations.
Also amend tests to use Update().
Test: Yes it is
Bug: 74519020
Merged-In: Ibec9c3398671f81dbc0ecf78e554726276160579
Change-Id: Ibec9c3398671f81dbc0ecf78e554726276160579
(cherry picked from commit 3a7e2cade3)
Gramatical and punctuation corrections; addition of missing
userSecureId to AuthorizationList schema and removal of extraneous
rollbackResistant from same; correction of OS_PATCHLEVEL source
property; and addition of missing TAG_UNLOCKED_DEVICE_REQUIRED
documentation.
Bug: 69550260
Test: N/A
Change-Id: I04092b7df3af69201ba1467cddc09f6f44e861a8
Bug: 80102279
Bug: 80251973
Test: N/A; this keymaster exists only for policy compliance. It's never used.
Change-Id: I45f0eefd9abdd02f6774aa52f238040510c5d62c
This had to be disabled because Qualcomm's keymaster4 returned a bad
value.
Bug: 77588764
Bug: 79698245
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ieb150d7f17c36f01acf2eeb665792594251b51ae
Doc comments look like "/** ... */" and they
can only be in certain places.
Bug: 79865343
Test: m
Change-Id: Ic15c08ff7dc6e4f9827c1dbe7f7236c11a572ec1
Merged-In: Ic15c08ff7dc6e4f9827c1dbe7f7236c11a572ec1
To make it easier for clients (vold & keystore) to perform key
agreement, this CL adds a service method that does it. To make key
agreement consistent, this method sorts the HMAC sharing parameters
lexicographically. The requirement for sorting is documented in the
HAL.
Test: Boot device
Bug: 79307225
Bug: 78766190
Change-Id: Idb224f27f8e4426281d9a0105605ba22bf7c7e95
Keymaster VTS is failing to verify that the last certificate in the
chain is self-signed. CTS and GTS tests verify this, but it should be
validated at this level as well.
Bug: 79123157
Test: VtsHalKeymasterV3_0TargetTest
Change-Id: I5ff33fc8186182c2cf8d43d90cd59f89ce45d416
This test was added on a bad assumption about the behavior of the
keymaster spec, and is now being removed.
Test: VTS
Bug: 77307569
Change-Id: Iac2f6f45ea1816505ff3b47bbdc548ff1161c96b
The key sharing test modified the seed in an invalid way.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I0b2ac90397a3f23258ebd4dddc5f6043af7b1600
The golden test keys didn't include TAG_NO_AUTH_REQUIRED, which causes
them to be rejected by strictly compliant implementations.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I5157537e5407618ddc37debf00486977abb00f99
The TripleDes tests failed to set TAG_NO_AUTH_REQUIRED, which causes
operations to be rejected by strictly compliant implementations.
Bug: 77588764
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I25cd5ec0ccede2b148f5da4566b8e1e20e8edbde
Bug: 38430282
Test: VtsHalKeymasterV3_0TargetTest pass with exception
of (AesEcbWithUserId, RsaAttestation, EcAttestation)
which are expected failures.
Change-Id: I48e7195f512190deb608f1a69783c92254eef1aa
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Merged-In: Id19d19b19532ac8d4c52aad46a954faa4515289d
Change-Id: Id19d19b19532ac8d4c52aad46a954faa4515289d
(cherry picked from commit 1840be6d35)
Only DES3 is supported (168-bit), so remove
tests for 112-bit DES.
Also replace the RSA public exponent 3, with
65537 in most tests so that RSA key generation
is faster.
Change-Id: I9958df81fe46d752d82072dc6c7effa34b2921a8
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit 95b60a0f41.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: I2893c23ab173ff5c39085d56b555e54770900cbc
Keymaster clients need to see all the available devices and figure out
which they want to use. This method finds them all and returns them
in a vector sorted from most secure to least, according to a heuristic
defined in Keymaster::VersionResult::operator<
This CL also makes a few other minor improvements to the support
library, providing more information in VersionResult and adding some
more convenience methods in AuthorizationSetBuilder.
Test: Build & boot
Change-Id: I876238ee9ff72573c30d60e1cec665dd610bcde6
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: go/asym-write-test-plan
Bug: 67752510
Change-Id: I466dfad3e2e515c43e68f08e0ec6163e0e86b933
