This does two things:
- makes sure that HALs configured as lazy HALs will be retrieved
- will detect bad manifest entries earlier
Bug: 131703193
Test: boot
Change-Id: I82e10f49367b097023eb31797c877c15eedb5e00
In Keymaster 3, both INVALID_INPUT_LENGTH and INVALID_ARGUMENT were
acceptable for oversized messages. Keymaster 4 VTS requires that
INVALID_ARGUMENT be returned, but the spec has no such restriction. This
loosens VTS to allow either INVALID_INPUT_LENGTH or INVALID_ARGUMENT in
this case.
Bug: 129297054
Test: atest VtsHalKeymasterV4_0TargetTest Pixel 3, Trusty tests
The spec requires that SHA1 not be allowed for wrapped keys and that
only SHA_2_256 be used. Unfortunately, the previous VTS required SHA1
support. This patch takes the middle ground by requiring SHA_2_256 be
supported for importWrappedKey, but not disallowing it from supporting
SHA1.
This makes it possible for a spec compliant keymaster to pass VTS
while not disqualifying shipped devices.
Bug: 129291873
Test: atest VtsHalKeymasterV4_0TargetTest:ImportWrappedKeyTest, Trusty
Change-Id: I6c3a9182b51f2e7a46173d5bfc34d3c3264d954f
This test verifies that verification tokens with different time stamps do
not have the same MAC. This may not guarantee that the MAC is computed
correctly but it catches implementation that do not include the time
stamp in the mac.
It also checks that the MAC changes when both time stamp and challenge
changes.
Test: yes it is
Bug: 131859731
Bug: 132288466
Bug: 132287277
Change-Id: I85aa1d873eff46df7a66fc69bd61a031e6e6fbe0
The BOOT_PATCHLEVEL value is allowed to have 00 in the days position
according to the keymaster specification. This test's comment already
suggests that it's allowed, so update the expectation to match.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 130843899
Change-Id: Ib43da43b2e0398b48fb59710bf4066f2641de2eb
The verified boot hash in the attestation record is a binary blob, while
the property read from the system is a hex-encoded value. Convert the
boot hash from the attestation record into hex before comparing.
Test: VtsHalKeymasterV4_0TargetTest
Bug: 130843899
Change-Id: I6f6e0da71501d741dd8b27d0778e1854af17ace6
hidl-generated makefiles are now generated such that bpfmt(file) == file.
Bug: 67417008
Test: enable bpfmt hook
Change-Id: I1f69d292bc23a7cc293a66110cb02d597e1019ad
Keymaster VTS test coverage on 4.0 was incomplete. This significantly
expands the coverage of the spec. The bugs listed are errors found that
these tests will cover, but are not indicative of the complete set of
things tested.
Test: atest VtsHalKeymasterV4_0TargetTest
Bug: 79953279
Bug: 119553313
Bug: 119541233
Bug: 119396995
Bug: 119542230
Bug: 119549128
Bug: 119549677
Bug: 122184852
Bug: 122261372
Change-Id: I42d78091b48398597bbebe1d9c91b806494ddf4c
(cherry picked from commit 8c0edf6c84)
Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915
specification (which requires the curve OID in key in addition to the
wrapper) and the same key encoded using SEC1 (which allows omitting the
OID if it's known from the wrapper).
Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest
Bug: 124437839
Bug: 127799174
Bug: 129398850
Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3
Merged-In: I5f5df86e55a758ed739403d830baa5c7308813a3
Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915
specification (which requires the curve OID in key in addition to the
wrapper) and the same key encoded using SEC1 (which allows omitting the
OID if it's known from the wrapper).
Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest
Bug: 124437839
Bug: 127799174
Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3
operator< on hidl_vec<uint8_t> violates strict weak ordering in the case
that one oparand is shorter that the other and the shorter is a prefix
of the longer.
if x and y are incomparable, i.e., neither x < y nor y < x and
y and z are incomparable, i.e., neither y < z nor z < y, then
x and z must be incomparable.
As for the current implementation the first two statements are true but
the third is not given the following example input:
x:="aa", y:="a", z:="ab".
This patch fixes the issue by defining a < b if a is a prefix of b.
As this relation is used in a std::sort algorithm which demands strict
weak ordering this bug leads to undefined behavior.
Change-Id: I4961bb35e2fd4f5fcf561ec0c7c536f81830aab8
Add a test that creates an EC key by
using key-bits (rather than curve-id),
and check that the attestation message
corresponds to key characteristics.
Bug: 122375834
Bug: 119542230
Test: VTS passes
Change-Id: Iad6ff2ca90a951124940943f2484f9fb9f813a19
It is unclear whether author intentionally meant to cause segfault here.
While waiting for the author to explain/fix the code, suppress the
warning to unblock enabling the warning globally.
Test: m checkbuild
Bug: 121390225
Change-Id: Iad03842833cfdc243404a32f6b31d161387c3890
C++17 adds a non-const std::basic_string::data, so non-const std::strings in the
test are `char*` and the const std::strings are `const char*`. See
https://en.cppreference.com/w/cpp/string/basic_string/data for details.
Without adding the non-const overload, the varargs overload is preferred, leading
to static_assert failures:
In file included from hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:33:
In file included from hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:20:
hardware/interfaces/keymaster/3.0/vts/functional/keymaster_tags.h:257:5: error: static_assert failed "Authorization other then TagType::BOOL take exactly one parameter."
static_assert(tag_type == TagType::BOOL || (sizeof...(args) == 1),
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:213:19: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::Authorization<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA, char *, unsigned long>' requested here
push_back(Authorization(tag, std::forward<Value>(val)...));
^
hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:245:9: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSet::push_back<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
push_back(ttag, std::forward<ValueType>(value)...);
^
hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:3426:35: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSetBuilder::Authorization<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
^
Bug: http://b/111067277
Test: builds
Change-Id: I3d70fb5a41db16cc9dff50364cd793e0c3510ed0
Modify RSA keysize used in various tests
to ensure both TEE and Strongbox implementations
can be validated.
Skip invalid keysizes that Strongbox does not
support.
Test: Patches the strongbox tests
Bug: 112189538
Bug: 119172331
Change-Id: I46ab01ce9b8224403e2a334a894967761d6799c9
Signed-off-by: Max Bires <jbires@google.com>
(cherry picked from commit 88a376b0a0)
