The attestation code used boringssl's ASN.1 encoding tools
incorrectly, causing it to encode incorrect values in device_locked.
Bug: b/152503089
Test: Build & boot
Change-Id: I3c5352523b2db37d539ad353ac8c48c1585eb08d
* changes:
Keymaster 4.1 VTS tests
Update KM4 VTS tests to allow s/w implementation to pass.
Remove service death test.
Change finish input test to avoid large sizes.
Although no real devices should have a software implementation,
emulator and cloud devices do, and it's useful to be able to use them
as a development platform, which is facilitated by having useful VTS
tests.
This is in preparation for Keymaster 4.1 implementation and VTS work.
Bug: 140193672
Bug: 140192237
Bug: 140824829
Test: VtsHalKeymaster4.0TargetTest
Change-Id: Idc5de13c342ef1ac62d3131a1a2185d5e78a0d45
This is part of a refactor to facilitate reuse in Keymaster 4.1 VTS
tests.
Bug: 140193672
Bug: 140192237
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I9310a851648c028850f9795d303419c6a7e29a11
NullOr now stores the references a pointers internally. This fixes UB
where the internal reference was initalized by dereferencing nullptr.
Test: Compiles
Bug: 121390225
Change-Id: I2073e5aeac401309aa63b08e05db3c467fab6b69
Since these were combined into libhidlbase.
Bug: 135686713
Test: build only (libhwbinder/libhidltransport are empty)
Change-Id: I075670b64eebbbbd6a6ae0e84ad51bf1c6f5ba36
Object derived from RefBase must be owned by sp rather then other smart
pointer implementations.
Bug: 79474587
Change-Id: I866f67e1cb091efb3026450d50a410b5985539b6
This does two things:
- makes sure that HALs configured as lazy HALs will be retrieved
- will detect bad manifest entries earlier
Bug: 131703193
Test: boot
Change-Id: I82e10f49367b097023eb31797c877c15eedb5e00
Keymaster VTS test coverage on 4.0 was incomplete. This significantly
expands the coverage of the spec. The bugs listed are errors found that
these tests will cover, but are not indicative of the complete set of
things tested.
Test: atest VtsHalKeymasterV4_0TargetTest
Bug: 79953279
Bug: 119553313
Bug: 119541233
Bug: 119396995
Bug: 119542230
Bug: 119549128
Bug: 119549677
Bug: 122184852
Bug: 122261372
Change-Id: I42d78091b48398597bbebe1d9c91b806494ddf4c
(cherry picked from commit 8c0edf6c84)
operator< on hidl_vec<uint8_t> violates strict weak ordering in the case
that one oparand is shorter that the other and the shorter is a prefix
of the longer.
if x and y are incomparable, i.e., neither x < y nor y < x and
y and z are incomparable, i.e., neither y < z nor z < y, then
x and z must be incomparable.
As for the current implementation the first two statements are true but
the third is not given the following example input:
x:="aa", y:="a", z:="ab".
This patch fixes the issue by defining a < b if a is a prefix of b.
As this relation is used in a std::sort algorithm which demands strict
weak ordering this bug leads to undefined behavior.
Change-Id: I4961bb35e2fd4f5fcf561ec0c7c536f81830aab8
It is unclear whether author intentionally meant to cause segfault here.
While waiting for the author to explain/fix the code, suppress the
warning to unblock enabling the warning globally.
Test: m checkbuild
Bug: 121390225
Change-Id: Iad03842833cfdc243404a32f6b31d161387c3890
C++17 adds a non-const std::basic_string::data, so non-const std::strings in the
test are `char*` and the const std::strings are `const char*`. See
https://en.cppreference.com/w/cpp/string/basic_string/data for details.
Without adding the non-const overload, the varargs overload is preferred, leading
to static_assert failures:
In file included from hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:33:
In file included from hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:20:
hardware/interfaces/keymaster/3.0/vts/functional/keymaster_tags.h:257:5: error: static_assert failed "Authorization other then TagType::BOOL take exactly one parameter."
static_assert(tag_type == TagType::BOOL || (sizeof...(args) == 1),
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:213:19: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::Authorization<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA, char *, unsigned long>' requested here
push_back(Authorization(tag, std::forward<Value>(val)...));
^
hardware/interfaces/keymaster/3.0/vts/functional/authorization_set.h:245:9: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSet::push_back<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
push_back(ttag, std::forward<ValueType>(value)...);
^
hardware/interfaces/keymaster/3.0/vts/functional/keymaster_hidl_hal_test.cpp:3426:35: note: in instantiation of function template specialization 'android::hardware::keymaster::V3_0::AuthorizationSetBuilder::Authorization<android::hardware::keymaster::V3_0::TypedTag<android::hardware::keymaster::V3_0::TagType::BYTES, android::hardware::keymaster::V3_0::Tag::ASSOCIATED_DATA>, char *, unsigned long>' requested here
AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
^
Bug: http://b/111067277
Test: builds
Change-Id: I3d70fb5a41db16cc9dff50364cd793e0c3510ed0
Invalid and unknown tags were treated as zero size but they where still
counted as entry. This lead to invalid tags being persisted. When
Serialized blobs were used to cache key characteristics, these invalid
tags were send to clients of keystore. However, the serialization cannot
cope with invalid tags.
Bug: 119414176
Test: Successfully used the Skype app which triggered the problem
Change-Id: Ia46ac4a16395db3d10f93d3722eda69d523db478
hidl_vec objects that do not own their associated buffer are highly
unsafe in multithreaded environments where move semantic is used to
transfer ownership between threads. With keystore transitioning to a
multi threaded execution model we can no longer use this optimization
safely.
Bug: 111443219
Test: Ran full keystore cts test suite.
Change-Id: I9a366fc7df5dfee508dc092855545963ef6d9665
* Added missing Tag::HARDWARE_TYPE and Tag::TRUSTED_CONFIRMATION_REQUIRED
* Made AuthorizationSet::hidl_data() safer to use.
hidl_data() initializes a hidl_vec with the internal data of
std::vector using setToExternal and returns it by value. This means
the returned temporay does not own the buffer which has the life cycle
of the AuthorizationSet. This is fine if passed as parameter to a
function where it is bound to a cont reference. But if the temporary
gets assigned to something with longer life cycle move semantics kicks
in and the buffer is now tracked by something with a longer life
cycle. This patch marks the returned temporary const, so that it can
no longer be moved. It can still be bound to a const reference, but
when assigned to a variable it must get copied.
* Add Filter function to AuthorizationSet.
Bug: 111443219
Test: KeyStore CTS tests
Change-Id: I4744b7c87d01fbd905c3afb8ebeefba93605994b
The underlying array may be cleaned up once its lifetime has ended,
the initializer_list would become ill-formed. Return as std::vector
instead.
This fixes "-Wreturn-stack-address" (clang) / "-Winit-list-lifetime"
(gcc) warning.
Test: mma
Bug: 111998531
Change-Id: Ie5bb6bc3d0d7689744fd573c5683b22e6fb6b178
This KM4 key agreement check is causing some pain on early units
that aren't completely provisioned in both locked and non-Green
(unlocked) states.
This doesn't impact KM3 devices (Pixel 2016/2017 etc.)
Bug: 110301629
Change-Id: I5a737ac8a335863b1099c29cf3c0496adeb41e15
This had to be disabled because Qualcomm's keymaster4 returned a bad
value.
Bug: 77588764
Bug: 79698245
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: Ieb150d7f17c36f01acf2eeb665792594251b51ae
To make it easier for clients (vold & keystore) to perform key
agreement, this CL adds a service method that does it. To make key
agreement consistent, this method sorts the HMAC sharing parameters
lexicographically. The requirement for sorting is documented in the
HAL.
Test: Boot device
Bug: 79307225
Bug: 78766190
Change-Id: Idb224f27f8e4426281d9a0105605ba22bf7c7e95
Bug: 38430282
Test: VtsHalKeymasterV3_0TargetTest pass with exception
of (AesEcbWithUserId, RsaAttestation, EcAttestation)
which are expected failures.
Change-Id: I48e7195f512190deb608f1a69783c92254eef1aa
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Merged-In: Id19d19b19532ac8d4c52aad46a954faa4515289d
Change-Id: Id19d19b19532ac8d4c52aad46a954faa4515289d
(cherry picked from commit 1840be6d35)
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
This reverts commit 95b60a0f41.
Test: CTS tests in I8a5affd1eaed176756175158e3057e44934fffed
Bug: 67752510
Change-Id: I2893c23ab173ff5c39085d56b555e54770900cbc
Keymaster clients need to see all the available devices and figure out
which they want to use. This method finds them all and returns them
in a vector sorted from most secure to least, according to a heuristic
defined in Keymaster::VersionResult::operator<
This CL also makes a few other minor improvements to the support
library, providing more information in VersionResult and adding some
more convenience methods in AuthorizationSetBuilder.
Test: Build & boot
Change-Id: I876238ee9ff72573c30d60e1cec665dd610bcde6
Add a keymaster parameter for keys that should be inaccessible when
the device screen is locked. "Locked" here is a state where the device
can be used or accessed without any further trust factor such as a
PIN, password, fingerprint, or trusted face or voice.
This parameter is added to the Java keystore interface for key
creation and import, as well as enums specified by and for the native
keystore process.
Test: go/asym-write-test-plan
Bug: 67752510
Change-Id: I466dfad3e2e515c43e68f08e0ec6163e0e86b933
