Snap for 5450365 from b18f050a4e354e817cec1d01a4b30a98bbb158e5 to pi-platform-release
Change-Id: Iaccfbbd561c96fec76db472976afc68dc909d9b1
diff --git a/audio/4.0/config/audio_policy_configuration.xsd b/audio/4.0/config/audio_policy_configuration.xsd
index ee17fc9..58bab22 100644
--- a/audio/4.0/config/audio_policy_configuration.xsd
+++ b/audio/4.0/config/audio_policy_configuration.xsd
@@ -280,6 +280,19 @@
<xs:enumeration value="AUDIO_DEVICE_IN_STUB"/>
</xs:restriction>
</xs:simpleType>
+ <xs:simpleType name="vendorExtension">
+ <!-- Vendor extension names must be prefixed by "VX_" to distinguish them from AOSP values.
+ Vendor are encouraged to namespace their module names to avoid conflicts.
+ Example for an hypothetical Google virtual reality device:
+ <devicePort tagName="VR" type="VX_GOOGLE_VR" role="sink">
+ -->
+ <xs:restriction base="xs:string">
+ <xs:pattern value="VX_[_a-zA-Z0-9]+"/>
+ </xs:restriction>
+ </xs:simpleType>
+ <xs:simpleType name="extendableAudioDevice">
+ <xs:union memberTypes="audioDevice vendorExtension"/>
+ </xs:simpleType>
<!-- Enum values of audio_format_t in audio.h
TODO: generate from hidl to avoid manual sync. -->
<xs:simpleType name="audioFormat">
@@ -346,6 +359,9 @@
<xs:enumeration value="AUDIO_FORMAT_LDAC"/>
</xs:restriction>
</xs:simpleType>
+ <xs:simpleType name="extendableAudioFormat">
+ <xs:union memberTypes="audioFormat vendorExtension"/>
+ </xs:simpleType>
<!-- Enum values of audio::common::4_0::AudioUsage
TODO: generate from HIDL to avoid manual sync. -->
<xs:simpleType name="audioUsage">
@@ -388,7 +404,7 @@
</xs:simpleType>
<xs:complexType name="profile">
<xs:attribute name="name" type="xs:token" use="optional"/>
- <xs:attribute name="format" type="audioFormat" use="optional"/>
+ <xs:attribute name="format" type="extendableAudioFormat" use="optional"/>
<xs:attribute name="samplingRates" type="samplingRates" use="optional"/>
<xs:attribute name="channelMasks" type="channelMask" use="optional"/>
</xs:complexType>
@@ -425,7 +441,7 @@
<xs:element name="gains" type="gains" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="tagName" type="xs:token" use="required"/>
- <xs:attribute name="type" type="audioDevice" use="required"/>
+ <xs:attribute name="type" type="extendableAudioDevice" use="required"/>
<xs:attribute name="role" type="role" use="required"/>
<xs:attribute name="address" type="xs:string" use="optional" default=""/>
<!-- Note that XSD 1.0 can not check that a type only has one default. -->
diff --git a/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp b/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
index 71b78f4..22b7382 100644
--- a/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
+++ b/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
@@ -651,7 +651,8 @@
void createStreamConfiguration(const ::android::hardware::hidl_vec<V3_2::Stream>& streams3_2,
StreamConfigurationMode configMode,
::android::hardware::camera::device::V3_2::StreamConfiguration *config3_2,
- ::android::hardware::camera::device::V3_4::StreamConfiguration *config3_4);
+ ::android::hardware::camera::device::V3_4::StreamConfiguration *config3_4,
+ uint32_t jpegBufferSize = 0);
void configurePreviewStreams3_4(const std::string &name, int32_t deviceVersion,
sp<ICameraProvider> provider,
@@ -673,6 +674,8 @@
static Status getAvailableOutputStreams(camera_metadata_t *staticMeta,
std::vector<AvailableStream> &outputStreams,
const AvailableStream *threshold = nullptr);
+ static Status getJpegBufferSize(camera_metadata_t *staticMeta,
+ uint32_t* outBufSize);
static Status isConstrainedModeAvailable(camera_metadata_t *staticMeta);
static Status isLogicalMultiCamera(camera_metadata_t *staticMeta);
static Status getPhysicalCameraIds(camera_metadata_t *staticMeta,
@@ -2511,6 +2514,10 @@
ASSERT_EQ(Status::OK, getAvailableOutputStreams(staticMeta, outputStreams));
ASSERT_NE(0u, outputStreams.size());
+ uint32_t jpegBufferSize = 0;
+ ASSERT_EQ(Status::OK, getJpegBufferSize(staticMeta, &jpegBufferSize));
+ ASSERT_NE(0u, jpegBufferSize);
+
int32_t streamId = 0;
for (auto& it : outputStreams) {
V3_2::Stream stream3_2;
@@ -2527,7 +2534,7 @@
::android::hardware::camera::device::V3_4::StreamConfiguration config3_4;
::android::hardware::camera::device::V3_2::StreamConfiguration config3_2;
createStreamConfiguration(streams3_2, StreamConfigurationMode::NORMAL_MODE,
- &config3_2, &config3_4);
+ &config3_2, &config3_4, jpegBufferSize);
if (session3_4 != nullptr) {
ret = session3_4->configureStreams_3_4(config3_4,
[streamId](Status s, device::V3_4::HalStreamConfiguration halConfig) {
@@ -2587,6 +2594,10 @@
ASSERT_EQ(Status::OK, getAvailableOutputStreams(staticMeta, outputStreams));
ASSERT_NE(0u, outputStreams.size());
+ uint32_t jpegBufferSize = 0;
+ ASSERT_EQ(Status::OK, getJpegBufferSize(staticMeta, &jpegBufferSize));
+ ASSERT_NE(0u, jpegBufferSize);
+
int32_t streamId = 0;
V3_2::Stream stream3_2 = {streamId++,
StreamType::OUTPUT,
@@ -2600,7 +2611,7 @@
::android::hardware::camera::device::V3_4::StreamConfiguration config3_4;
::android::hardware::camera::device::V3_2::StreamConfiguration config3_2;
createStreamConfiguration(streams, StreamConfigurationMode::NORMAL_MODE,
- &config3_2, &config3_4);
+ &config3_2, &config3_4, jpegBufferSize);
if(session3_4 != nullptr) {
ret = session3_4->configureStreams_3_4(config3_4,
[](Status s, device::V3_4::HalStreamConfiguration) {
@@ -2632,7 +2643,7 @@
StreamRotation::ROTATION_0};
streams[0] = stream3_2;
createStreamConfiguration(streams, StreamConfigurationMode::NORMAL_MODE,
- &config3_2, &config3_4);
+ &config3_2, &config3_4, jpegBufferSize);
if(session3_4 != nullptr) {
ret = session3_4->configureStreams_3_4(config3_4, [](Status s,
device::V3_4::HalStreamConfiguration) {
@@ -2662,7 +2673,7 @@
StreamRotation::ROTATION_0};
streams[0] = stream3_2;
createStreamConfiguration(streams, StreamConfigurationMode::NORMAL_MODE,
- &config3_2, &config3_4);
+ &config3_2, &config3_4, jpegBufferSize);
if(session3_4 != nullptr) {
ret = session3_4->configureStreams_3_4(config3_4,
[](Status s, device::V3_4::HalStreamConfiguration) {
@@ -2691,7 +2702,7 @@
static_cast<StreamRotation>(UINT32_MAX)};
streams[0] = stream3_2;
createStreamConfiguration(streams, StreamConfigurationMode::NORMAL_MODE,
- &config3_2, &config3_4);
+ &config3_2, &config3_4, jpegBufferSize);
if(session3_4 != nullptr) {
ret = session3_4->configureStreams_3_4(config3_4,
[](Status s, device::V3_4::HalStreamConfiguration) {
@@ -2758,6 +2769,10 @@
ASSERT_EQ(Status::OK, getZSLInputOutputMap(staticMeta, inputOutputMap));
ASSERT_NE(0u, inputOutputMap.size());
+ uint32_t jpegBufferSize = 0;
+ ASSERT_EQ(Status::OK, getJpegBufferSize(staticMeta, &jpegBufferSize));
+ ASSERT_NE(0u, jpegBufferSize);
+
int32_t streamId = 0;
for (auto& inputIter : inputOutputMap) {
AvailableStream input;
@@ -2802,7 +2817,7 @@
::android::hardware::camera::device::V3_4::StreamConfiguration config3_4;
::android::hardware::camera::device::V3_2::StreamConfiguration config3_2;
createStreamConfiguration(streams, StreamConfigurationMode::NORMAL_MODE,
- &config3_2, &config3_4);
+ &config3_2, &config3_4, jpegBufferSize);
if (session3_4 != nullptr) {
ret = session3_4->configureStreams_3_4(config3_4,
[](Status s, device::V3_4::HalStreamConfiguration halConfig) {
@@ -2832,7 +2847,7 @@
}
}
-// Check wehether session parameters are supported. If Hal support for them
+// Check whether session parameters are supported. If Hal support for them
// exist, then try to configure a preview stream using them.
TEST_F(CameraHidlTest, configureStreamsWithSessionParameters) {
hidl_vec<hidl_string> cameraDeviceNames = getCameraDeviceNames(mProvider);
@@ -2881,6 +2896,8 @@
continue;
}
+ outputPreviewStreams.clear();
+
ASSERT_EQ(Status::OK, getAvailableOutputStreams(staticMetaBuffer, outputPreviewStreams,
&previewThreshold));
ASSERT_NE(0u, outputPreviewStreams.size());
@@ -2894,6 +2911,7 @@
GRALLOC1_CONSUMER_USAGE_HWCOMPOSER,
0,
StreamRotation::ROTATION_0};
+ previewStream.bufferSize = 0;
::android::hardware::hidl_vec<V3_4::Stream> streams = {previewStream};
::android::hardware::camera::device::V3_4::StreamConfiguration config;
config.streams = streams;
@@ -2955,6 +2973,10 @@
&previewThreshold));
ASSERT_NE(0u, outputPreviewStreams.size());
+ uint32_t jpegBufferSize = 0;
+ ASSERT_EQ(Status::OK, getJpegBufferSize(staticMeta, &jpegBufferSize));
+ ASSERT_NE(0u, jpegBufferSize);
+
int32_t streamId = 0;
for (auto& blobIter : outputBlobStreams) {
for (auto& previewIter : outputPreviewStreams) {
@@ -2979,7 +3001,7 @@
::android::hardware::camera::device::V3_4::StreamConfiguration config3_4;
::android::hardware::camera::device::V3_2::StreamConfiguration config3_2;
createStreamConfiguration(streams, StreamConfigurationMode::NORMAL_MODE,
- &config3_2, &config3_4);
+ &config3_2, &config3_4, jpegBufferSize);
if (session3_4 != nullptr) {
ret = session3_4->configureStreams_3_4(config3_4,
[](Status s, device::V3_4::HalStreamConfiguration halConfig) {
@@ -3220,6 +3242,10 @@
&videoThreshold));
ASSERT_NE(0u, outputVideoStreams.size());
+ uint32_t jpegBufferSize = 0;
+ ASSERT_EQ(Status::OK, getJpegBufferSize(staticMeta, &jpegBufferSize));
+ ASSERT_NE(0u, jpegBufferSize);
+
int32_t streamId = 0;
for (auto& blobIter : outputBlobStreams) {
for (auto& videoIter : outputVideoStreams) {
@@ -3243,7 +3269,7 @@
::android::hardware::camera::device::V3_4::StreamConfiguration config3_4;
::android::hardware::camera::device::V3_2::StreamConfiguration config3_2;
createStreamConfiguration(streams, StreamConfigurationMode::NORMAL_MODE,
- &config3_2, &config3_4);
+ &config3_2, &config3_4, jpegBufferSize);
if (session3_4 != nullptr) {
ret = session3_4->configureStreams_3_4(config3_4,
[](Status s, device::V3_4::HalStreamConfiguration halConfig) {
@@ -4143,6 +4169,23 @@
return Status::OK;
}
+// Get max jpeg buffer size in android.jpeg.maxSize
+Status CameraHidlTest::getJpegBufferSize(camera_metadata_t *staticMeta, uint32_t* outBufSize) {
+ if (nullptr == staticMeta || nullptr == outBufSize) {
+ return Status::ILLEGAL_ARGUMENT;
+ }
+
+ camera_metadata_ro_entry entry;
+ int rc = find_camera_metadata_ro_entry(staticMeta,
+ ANDROID_JPEG_MAX_SIZE, &entry);
+ if ((0 != rc) || (1 != entry.count)) {
+ return Status::ILLEGAL_ARGUMENT;
+ }
+
+ *outBufSize = static_cast<uint32_t>(entry.data.i32[0]);
+ return Status::OK;
+}
+
// Check if the camera device has logical multi-camera capability.
Status CameraHidlTest::isLogicalMultiCamera(camera_metadata_t *staticMeta) {
Status ret = Status::METHOD_NOT_SUPPORTED;
@@ -4394,7 +4437,8 @@
const ::android::hardware::hidl_vec<V3_2::Stream>& streams3_2,
StreamConfigurationMode configMode,
::android::hardware::camera::device::V3_2::StreamConfiguration *config3_2 /*out*/,
- ::android::hardware::camera::device::V3_4::StreamConfiguration *config3_4 /*out*/) {
+ ::android::hardware::camera::device::V3_4::StreamConfiguration *config3_4 /*out*/,
+ uint32_t jpegBufferSize) {
ASSERT_NE(nullptr, config3_2);
ASSERT_NE(nullptr, config3_4);
@@ -4403,6 +4447,11 @@
for (auto& stream3_2 : streams3_2) {
V3_4::Stream stream;
stream.v3_2 = stream3_2;
+ stream.bufferSize = 0;
+ if (stream3_2.format == PixelFormat::BLOB &&
+ stream3_2.dataSpace == static_cast<V3_2::DataspaceFlags>(Dataspace::V0_JFIF)) {
+ stream.bufferSize = jpegBufferSize;
+ }
streams3_4[idx++] = stream;
}
*config3_4 = {streams3_4, configMode, {}};
@@ -4580,6 +4629,11 @@
outputPreviewStreams.clear();
auto rc = getAvailableOutputStreams(staticMeta,
outputPreviewStreams, previewThreshold);
+
+ uint32_t jpegBufferSize = 0;
+ ASSERT_EQ(Status::OK, getJpegBufferSize(staticMeta, &jpegBufferSize));
+ ASSERT_NE(0u, jpegBufferSize);
+
free_camera_metadata(staticMeta);
ASSERT_EQ(Status::OK, rc);
ASSERT_FALSE(outputPreviewStreams.empty());
@@ -4593,7 +4647,7 @@
::android::hardware::camera::device::V3_2::StreamConfiguration config3_2;
::android::hardware::camera::device::V3_4::StreamConfiguration config3_4;
createStreamConfiguration(streams3_2, StreamConfigurationMode::NORMAL_MODE,
- &config3_2, &config3_4);
+ &config3_2, &config3_4, jpegBufferSize);
if (session3_4 != nullptr) {
RequestTemplate reqTemplate = RequestTemplate::PREVIEW;
ret = session3_4->constructDefaultRequestSettings(reqTemplate,
diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
index c89abd9..6ed61da 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
@@ -651,6 +651,8 @@
return {3072, 4096};
case Algorithm::EC:
return {224, 384, 521};
+ case Algorithm::AES:
+ return {192};
default:
return {};
}
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 3919a69..c1d8a95 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -773,7 +773,7 @@
*/
TEST_F(SigningOperationsTest, RsaPkcs1Sha256Success) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::SHA_2_256)
.Authorization(TAG_NO_AUTH_REQUIRED)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
@@ -790,7 +790,7 @@
*/
TEST_F(SigningOperationsTest, RsaPkcs1NoDigestSuccess) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
@@ -808,11 +808,11 @@
*/
TEST_F(SigningOperationsTest, RsaPkcs1NoDigestTooLong) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
- string message(129, 'a');
+ string message(257, 'a');
EXPECT_EQ(ErrorCode::OK,
Begin(KeyPurpose::SIGN, AuthorizationSetBuilder()
@@ -855,12 +855,12 @@
*/
TEST_F(SigningOperationsTest, RsaNoPaddingTooLong) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)));
// One byte too long
- string message(1024 / 8 + 1, 'a');
+ string message(2048 / 8 + 1, 'a');
ASSERT_EQ(ErrorCode::OK,
Begin(KeyPurpose::SIGN, AuthorizationSetBuilder()
.Digest(Digest::NONE)
@@ -889,7 +889,7 @@
*/
TEST_F(SigningOperationsTest, RsaAbort) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
.Padding(PaddingMode::NONE)));
@@ -914,7 +914,7 @@
*/
TEST_F(SigningOperationsTest, RsaUnsupportedPadding) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED)
.Digest(Digest::SHA_2_256 /* supported digest */)
.Padding(PaddingMode::PKCS7)));
@@ -931,7 +931,7 @@
*/
TEST_F(SigningOperationsTest, RsaNoDigest) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED)
.Digest(Digest::NONE)
.Padding(PaddingMode::RSA_PSS)));
@@ -952,7 +952,7 @@
TEST_F(SigningOperationsTest, RsaNoPadding) {
// Padding must be specified
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaKey(1024, 65537)
+ .RsaKey(2048, 65537)
.Authorization(TAG_NO_AUTH_REQUIRED)
.SigningKey()
.Digest(Digest::NONE)));
@@ -968,12 +968,12 @@
TEST_F(SigningOperationsTest, RsaTooShortMessage) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)));
// Barely shorter
- string message(1024 / 8 - 1, 'a');
+ string message(2048 / 8 - 1, 'a');
SignMessage(message, AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
// Much shorter
@@ -989,7 +989,7 @@
TEST_F(SigningOperationsTest, RsaSignWithEncryptionKey) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(1024, 65537)
+ .RsaEncryptionKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)));
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
@@ -1006,12 +1006,12 @@
TEST_F(SigningOperationsTest, RsaSignTooLargeMessage) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)));
// Largest possible message will always be larger than the public modulus.
- string message(1024 / 8, static_cast<char>(0xff));
+ string message(2048 / 8, static_cast<char>(0xff));
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::SIGN, AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.Digest(Digest::NONE)
@@ -1328,7 +1328,7 @@
TEST_F(VerificationOperationsTest, RsaSuccess) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)));
string message = "12345678901234567890123456789012";
@@ -1567,7 +1567,7 @@
*/
TEST_F(ExportKeyTest, RsaUnsupportedKeyFormat) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)));
HidlBuf export_data;
@@ -1583,7 +1583,7 @@
TEST_F(ExportKeyTest, RsaCorruptedKeyBlob) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)));
for (size_t i = 0; i < key_blob_.size(); ++i) {
@@ -1975,16 +1975,16 @@
TEST_F(EncryptionOperationsTest, RsaNoPaddingSuccess) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(1024, 65537)
+ .RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::NONE)));
- string message = string(1024 / 8, 'a');
+ string message = string(2048 / 8, 'a');
auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
string ciphertext1 = EncryptMessage(message, params);
- EXPECT_EQ(1024U / 8, ciphertext1.size());
+ EXPECT_EQ(2048U / 8, ciphertext1.size());
string ciphertext2 = EncryptMessage(message, params);
- EXPECT_EQ(1024U / 8, ciphertext2.size());
+ EXPECT_EQ(2048U / 8, ciphertext2.size());
// Unpadded RSA is deterministic
EXPECT_EQ(ciphertext1, ciphertext2);
@@ -1998,16 +1998,16 @@
TEST_F(EncryptionOperationsTest, RsaNoPaddingShortMessage) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(1024, 65537)
+ .RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::NONE)));
string message = "1";
auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
string ciphertext = EncryptMessage(message, params);
- EXPECT_EQ(1024U / 8, ciphertext.size());
+ EXPECT_EQ(2048U / 8, ciphertext.size());
- string expected_plaintext = string(1024 / 8 - 1, 0) + message;
+ string expected_plaintext = string(2048U / 8 - 1, 0) + message;
string plaintext = DecryptMessage(ciphertext, params);
EXPECT_EQ(expected_plaintext, plaintext);
@@ -2015,8 +2015,8 @@
// Degenerate case, encrypting a numeric 1 yields 0x00..01 as the ciphertext.
message = static_cast<char>(1);
ciphertext = EncryptMessage(message, params);
- EXPECT_EQ(1024U / 8, ciphertext.size());
- EXPECT_EQ(ciphertext, string(1024 / 8 - 1, 0) + message);
+ EXPECT_EQ(2048U / 8, ciphertext.size());
+ EXPECT_EQ(ciphertext, string(2048U / 8 - 1, 0) + message);
}
/*
@@ -2027,10 +2027,10 @@
TEST_F(EncryptionOperationsTest, RsaNoPaddingTooLong) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(1024, 65537)
+ .RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::NONE)));
- string message(1024 / 8 + 1, 'a');
+ string message(2048 / 8 + 1, 'a');
auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
@@ -2047,7 +2047,7 @@
TEST_F(EncryptionOperationsTest, RsaNoPaddingTooLarge) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(1024, 65537)
+ .RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::NONE)));
HidlBuf exported;
@@ -2058,7 +2058,7 @@
RSA_Ptr rsa(EVP_PKEY_get1_RSA(pkey.get()));
size_t modulus_len = BN_num_bytes(rsa->n);
- ASSERT_EQ(1024U / 8, modulus_len);
+ ASSERT_EQ(2048U / 8, modulus_len);
std::unique_ptr<uint8_t[]> modulus_buf(new uint8_t[modulus_len]);
BN_bn2bin(rsa->n, modulus_buf.get());
@@ -2074,7 +2074,7 @@
// One smaller than the modulus is okay.
BN_sub(rsa->n, rsa->n, BN_value_one());
modulus_len = BN_num_bytes(rsa->n);
- ASSERT_EQ(1024U / 8, modulus_len);
+ ASSERT_EQ(2048U / 8, modulus_len);
BN_bn2bin(rsa->n, modulus_buf.get());
message = string(reinterpret_cast<const char*>(modulus_buf.get()), modulus_len);
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
@@ -2140,7 +2140,7 @@
TEST_F(EncryptionOperationsTest, RsaOaepInvalidDigest) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(1024, 65537)
+ .RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_OAEP)
.Digest(Digest::NONE)));
string message = "Hello World!";
@@ -2186,12 +2186,12 @@
TEST_F(EncryptionOperationsTest, RsaOaepTooLarge) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(1024, 65537)
+ .RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_OAEP)
.Digest(Digest::SHA_2_256)));
constexpr size_t digest_size = 256 /* SHA_2_256 */ / 8;
constexpr size_t oaep_overhead = 2 * digest_size + 2;
- string message(1024 / 8 - oaep_overhead + 1, 'a');
+ string message(2048 / 8 - oaep_overhead + 1, 'a');
EXPECT_EQ(ErrorCode::OK,
Begin(KeyPurpose::ENCRYPT,
AuthorizationSetBuilder().Padding(PaddingMode::RSA_OAEP).Digest(Digest::SHA_2_256)));
@@ -2208,16 +2208,16 @@
TEST_F(EncryptionOperationsTest, RsaPkcs1Success) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(1024, 65537)
+ .RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT)));
string message = "Hello World!";
auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT);
string ciphertext1 = EncryptMessage(message, params);
- EXPECT_EQ(1024U / 8, ciphertext1.size());
+ EXPECT_EQ(2048U / 8, ciphertext1.size());
string ciphertext2 = EncryptMessage(message, params);
- EXPECT_EQ(1024U / 8, ciphertext2.size());
+ EXPECT_EQ(2048U / 8, ciphertext2.size());
// PKCS1 v1.5 randomizes padding so every result should be different.
EXPECT_NE(ciphertext1, ciphertext2);
@@ -2247,9 +2247,9 @@
TEST_F(EncryptionOperationsTest, RsaPkcs1TooLarge) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaEncryptionKey(1024, 65537)
+ .RsaEncryptionKey(2048, 65537)
.Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT)));
- string message(1024 / 8 - 10, 'a');
+ string message(2048 / 8 - 10, 'a');
auto params = AuthorizationSetBuilder().Padding(PaddingMode::RSA_PKCS1_1_5_ENCRYPT);
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params));
@@ -2632,9 +2632,13 @@
* Verifies AES CTR implementation against SP800-38A test vectors.
*/
TEST_F(EncryptionOperationsTest, AesCtrSp80038aTestVector) {
+ std::vector<uint32_t> InvalidSizes = InvalidKeySizes(Algorithm::AES);
for (size_t i = 0; i < 3; i++) {
const AesCtrSp80038aTestVector& test(kAesCtrSp80038aTestVectors[i]);
const string key = hex2str(test.key);
+ if (std::find(InvalidSizes.begin(), InvalidSizes.end(), (key.size() * 8)) !=
+ InvalidSizes.end())
+ continue;
const string nonce = hex2str(test.nonce);
const string plaintext = hex2str(test.plaintext);
const string ciphertext = hex2str(test.ciphertext);
@@ -3827,7 +3831,7 @@
TEST_F(AttestationTest, RsaAttestation) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Authorization(TAG_INCLUDE_UNIQUE_ID)));
@@ -3854,7 +3858,7 @@
TEST_F(AttestationTest, RsaAttestationRequiresAppId) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Authorization(TAG_INCLUDE_UNIQUE_ID)));
@@ -3894,6 +3898,33 @@
}
/*
+ * AttestationTest.EcAttestationByKeySize
+ *
+ * Verifies that attesting to EC keys works and generates the expected output.
+ */
+TEST_F(AttestationTest, EcAttestationByKeySize) {
+ ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .EcdsaSigningKey(256)
+ .Digest(Digest::SHA_2_256)
+ .Authorization(TAG_INCLUDE_UNIQUE_ID)));
+
+ hidl_vec<hidl_vec<uint8_t>> cert_chain;
+ ASSERT_EQ(ErrorCode::OK,
+ AttestKey(AuthorizationSetBuilder()
+ .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))
+ .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")),
+ &cert_chain));
+ EXPECT_GE(cert_chain.size(), 2U);
+ EXPECT_TRUE(verify_chain(cert_chain));
+
+ EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
+ key_characteristics_.softwareEnforced, //
+ key_characteristics_.hardwareEnforced, //
+ SecLevel(), cert_chain[0]));
+}
+
+/*
* AttestationTest.EcAttestationRequiresAttestationAppId
*
* Verifies that attesting to EC keys requires app ID
@@ -3965,7 +3996,7 @@
*/
TEST_F(KeyDeletionTest, DeleteKey) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)));
@@ -4009,7 +4040,7 @@
TEST_F(KeyDeletionTest, DeleteInvalidKey) {
// Generate key just to check if rollback protection is implemented
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)));
@@ -4048,7 +4079,7 @@
TEST_F(KeyDeletionTest, DeleteAllKeys) {
if (!arm_deleteAllKeys) return;
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
- .RsaSigningKey(1024, 65537)
+ .RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)));