Merge "[LSC] Add LOCAL_LICENSE_KINDS to hardware/interfaces"

commit: 4cb51afac923599ac1199a845d34032144b96f9c [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Fri Oct 29 20:41:35 2021 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Fri Oct 29 20:41:35 2021 +0000
tree: cc2497661d6d171618dd2b7cb52e202aadb7b57d
parent: 55190e272dbd9bf2314d6c411031ff46b8610d16 [diff]
parent: a88d5b1cb3f67b94b6c0ff77803d906a881580ef [diff]
diff --git a/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp b/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
index 49e00f4..5c886ee 100644
--- a/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
+++ b/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp

@@ -6197,14 +6197,13 @@
         return;
     }
 
-    // Test that if more than one color cameras facing the same direction are
-    // supported, there must be at least one logical camera facing that
-    // direction.
+    // Test that if more than one rear-facing color camera is
+    // supported, there must be at least one rear-facing logical camera.
     hidl_vec<hidl_string> cameraDeviceNames = getCameraDeviceNames(mProvider);
-    // Front and back facing non-logical color cameras
-    std::set<std::string> frontColorCameras, rearColorCameras;
-    // Front and back facing logical cameras' physical camera Id sets
-    std::set<std::set<std::string>> frontPhysicalIds, rearPhysicalIds;
+    // Back facing non-logical color cameras
+    std::set<std::string> rearColorCameras;
+    // Back facing logical cameras' physical camera Id sets
+    std::set<std::set<std::string>> rearPhysicalIds;
     for (const auto& name : cameraDeviceNames) {
         std::string cameraId;
         int deviceVersion = getCameraDeviceVersionAndId(name, mProviderType, &cameraId);
@@ -6236,8 +6235,8 @@
                         return;
                     }
 
-                    // Check camera facing. Skip if facing is neither FRONT
-                    // nor BACK. If this is not a logical camera, only note down
+                    // Check camera facing. Skip if facing is not BACK.
+                    // If this is not a logical camera, only note down
                     // the camera ID, and skip.
                     camera_metadata_ro_entry entry;
                     int retcode = find_camera_metadata_ro_entry(
@@ -6246,18 +6245,12 @@
                     ASSERT_GT(entry.count, 0);
                     uint8_t facing = entry.data.u8[0];
                     bool isLogicalCamera = (isLogicalMultiCamera(metadata) == Status::OK);
-                    if (facing == ANDROID_LENS_FACING_FRONT) {
-                        if (!isLogicalCamera) {
-                            frontColorCameras.insert(cameraId);
-                            return;
-                        }
-                    } else if (facing == ANDROID_LENS_FACING_BACK) {
-                        if (!isLogicalCamera) {
-                            rearColorCameras.insert(cameraId);
-                            return;
-                        }
-                    } else {
-                        // Not FRONT or BACK facing. Skip.
+                    if (facing != ANDROID_LENS_FACING_BACK) {
+                        // Not BACK facing. Skip.
+                        return;
+                    }
+                    if (!isLogicalCamera) {
+                        rearColorCameras.insert(cameraId);
                         return;
                     }
 
@@ -6266,11 +6259,7 @@
                     std::unordered_set<std::string> physicalCameraIds;
                     Status s = getPhysicalCameraIds(metadata, &physicalCameraIds);
                     ASSERT_EQ(Status::OK, s);
-                    if (facing == ANDROID_LENS_FACING_FRONT) {
-                        frontPhysicalIds.emplace(physicalCameraIds.begin(), physicalCameraIds.end());
-                    } else {
-                        rearPhysicalIds.emplace(physicalCameraIds.begin(), physicalCameraIds.end());
-                    }
+                    rearPhysicalIds.emplace(physicalCameraIds.begin(), physicalCameraIds.end());
                     for (const auto& physicalId : physicalCameraIds) {
                         // Skip if the physicalId is publicly available
                         for (auto& deviceName : cameraDeviceNames) {
@@ -6297,11 +6286,7 @@
                                     (camera_metadata_t*)chars.data();
 
                             if (CameraHidlTest::isColorCamera(physicalMetadata)) {
-                                if (facing == ANDROID_LENS_FACING_FRONT) {
-                                    frontColorCameras.insert(physicalId);
-                                } else if (facing == ANDROID_LENS_FACING_BACK) {
-                                    rearColorCameras.insert(physicalId);
-                                }
+                                rearColorCameras.insert(physicalId);
                             }
                         });
                         ASSERT_TRUE(ret.isOk());
@@ -6319,20 +6304,9 @@
         }
     }
 
-    // If there are more than one color cameras facing one direction, a logical
-    // multi-camera must be defined consisting of all color cameras facing that
-    // direction.
-    if (frontColorCameras.size() > 1) {
-        bool hasFrontLogical = false;
-        for (const auto& physicalIds : frontPhysicalIds) {
-            if (std::includes(physicalIds.begin(), physicalIds.end(),
-                    frontColorCameras.begin(), frontColorCameras.end())) {
-                hasFrontLogical = true;
-                break;
-            }
-        }
-        ASSERT_TRUE(hasFrontLogical);
-    }
+    // If there are more than one rear-facing color camera, a logical
+    // multi-camera must be defined consisting of all rear-facing color
+    // cameras.
     if (rearColorCameras.size() > 1) {
         bool hasRearLogical = false;
         for (const auto& physicalIds : rearPhysicalIds) {

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 37acfa9..12ce859 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

@@ -1307,7 +1307,8 @@
                                AuthorizationSet expected_sw_enforced,  //
                                AuthorizationSet expected_hw_enforced,  //
                                SecurityLevel security_level,
-                               const vector<uint8_t>& attestation_cert) {
+                               const vector<uint8_t>& attestation_cert,
+                               vector<uint8_t>* unique_id) {
     X509_Ptr cert(parse_cert_blob(attestation_cert));
     EXPECT_TRUE(!!cert.get());
     if (!cert.get()) return false;
@@ -1472,6 +1473,10 @@
     expected_hw_enforced.Sort();
     EXPECT_EQ(filtered_tags(expected_hw_enforced), filtered_tags(att_hw_enforced));
 
+    if (unique_id != nullptr) {
+        *unique_id = att_unique_id;
+    }
+
     return true;
 }
 

diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index ec3fcf6..7b3b9d4 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

@@ -338,7 +338,8 @@
                                AuthorizationSet expected_sw_enforced,  //
                                AuthorizationSet expected_hw_enforced,  //
                                SecurityLevel security_level,
-                               const vector<uint8_t>& attestation_cert);
+                               const vector<uint8_t>& attestation_cert,
+                               vector<uint8_t>* unique_id = nullptr);
 
 string bin2hex(const vector<uint8_t>& data);
 X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index e41a851..670043d 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -1621,6 +1621,94 @@
 }
 
 /*
+ * NewKeyGenerationTest.EcdsaAttestationUniqueId
+ *
+ * Verifies that creation of an attested ECDSA key with a UNIQUE_ID included.
+ */
+TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) {
+    auto get_unique_id = [this](const std::string& app_id, uint64_t datetime,
+                                vector<uint8_t>* unique_id) {
+        auto challenge = "hello";
+        auto subject = "cert subj 2";
+        vector<uint8_t> subject_der(make_name_from_str(subject));
+        uint64_t serial_int = 0x1010;
+        vector<uint8_t> serial_blob(build_serial_blob(serial_int));
+        const AuthorizationSetBuilder builder =
+                AuthorizationSetBuilder()
+                        .Authorization(TAG_NO_AUTH_REQUIRED)
+                        .Authorization(TAG_INCLUDE_UNIQUE_ID)
+                        .EcdsaSigningKey(EcCurve::P_256)
+                        .Digest(Digest::NONE)
+                        .AttestationChallenge(challenge)
+                        .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+                        .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+                        .AttestationApplicationId(app_id)
+                        .Authorization(TAG_CREATION_DATETIME, datetime)
+                        .SetDefaultValidity();
+
+        ASSERT_EQ(ErrorCode::OK, GenerateKey(builder));
+        ASSERT_GT(key_blob_.size(), 0U);
+
+        EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_));
+        ASSERT_GT(cert_chain_.size(), 0);
+        verify_subject_and_serial(cert_chain_[0], serial_int, subject, /* self_signed = */ false);
+
+        AuthorizationSet hw_enforced = HwEnforcedAuthorizations(key_characteristics_);
+        AuthorizationSet sw_enforced = SwEnforcedAuthorizations(key_characteristics_);
+
+        // Check that the unique ID field in the extension is non-empty.
+        EXPECT_TRUE(verify_attestation_record(challenge, app_id, sw_enforced, hw_enforced,
+                                              SecLevel(), cert_chain_[0].encodedCertificate,
+                                              unique_id));
+        EXPECT_GT(unique_id->size(), 0);
+        CheckedDeleteKey();
+    };
+
+    // Generate unique ID
+    auto app_id = "foo";
+    uint64_t cert_date = 1619621648000;  // Wed Apr 28 14:54:08 2021 in ms since epoch
+    vector<uint8_t> unique_id;
+    get_unique_id(app_id, cert_date, &unique_id);
+
+    // Generating a new key with the same parameters should give the same unique ID.
+    vector<uint8_t> unique_id2;
+    get_unique_id(app_id, cert_date, &unique_id2);
+    EXPECT_EQ(unique_id, unique_id2);
+
+    // Generating a new key with a slightly different date should give the same unique ID.
+    uint64_t rounded_date = cert_date / 2592000000LLU;
+    uint64_t min_date = rounded_date * 2592000000LLU;
+    uint64_t max_date = ((rounded_date + 1) * 2592000000LLU) - 1;
+
+    vector<uint8_t> unique_id3;
+    get_unique_id(app_id, min_date, &unique_id3);
+    EXPECT_EQ(unique_id, unique_id3);
+
+    vector<uint8_t> unique_id4;
+    get_unique_id(app_id, max_date, &unique_id4);
+    EXPECT_EQ(unique_id, unique_id4);
+
+    // A different attestation application ID should yield a different unique ID.
+    auto app_id2 = "different_foo";
+    vector<uint8_t> unique_id5;
+    get_unique_id(app_id2, cert_date, &unique_id5);
+    EXPECT_NE(unique_id, unique_id5);
+
+    // A radically different date should yield a different unique ID.
+    vector<uint8_t> unique_id6;
+    get_unique_id(app_id, 1611621648000, &unique_id6);
+    EXPECT_NE(unique_id, unique_id6);
+
+    vector<uint8_t> unique_id7;
+    get_unique_id(app_id, max_date + 1, &unique_id7);
+    EXPECT_NE(unique_id, unique_id7);
+
+    vector<uint8_t> unique_id8;
+    get_unique_id(app_id, min_date - 1, &unique_id8);
+    EXPECT_NE(unique_id, unique_id8);
+}
+
+/*
  * NewKeyGenerationTest.EcdsaAttestationTagNoApplicationId
  *
  * Verifies that creation of an attested ECDSA key does not include APPLICATION_ID.

diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 38f3586..76fb79b 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

@@ -222,7 +222,7 @@
     // Generate an ECDSA key that is attested by the generated P256 keypair.
     AuthorizationSet keyDesc = AuthorizationSetBuilder()
                                        .Authorization(TAG_NO_AUTH_REQUIRED)
-                                       .EcdsaSigningKey(256)
+                                       .EcdsaSigningKey(EcCurve::P_256)
                                        .AttestationChallenge("foo")
                                        .AttestationApplicationId("bar")
                                        .Digest(Digest::NONE)

diff --git a/security/keymint/support/authorization_set.cpp b/security/keymint/support/authorization_set.cpp
index 25eace3..c1b5d48 100644
--- a/security/keymint/support/authorization_set.cpp
+++ b/security/keymint/support/authorization_set.cpp

@@ -161,11 +161,6 @@
     return EncryptionKey();
 }
 
-AuthorizationSetBuilder& AuthorizationSetBuilder::EcdsaSigningKey(uint32_t key_size) {
-    EcdsaKey(key_size);
-    return SigningKey();
-}
-
 AuthorizationSetBuilder& AuthorizationSetBuilder::EcdsaSigningKey(EcCurve curve) {
     EcdsaKey(curve);
     return SigningKey();

diff --git a/security/keymint/support/include/keymint_support/authorization_set.h b/security/keymint/support/include/keymint_support/authorization_set.h
index ca51b08..e41a329 100644
--- a/security/keymint/support/include/keymint_support/authorization_set.h
+++ b/security/keymint/support/include/keymint_support/authorization_set.h

@@ -281,7 +281,6 @@
 
     AuthorizationSetBuilder& RsaSigningKey(uint32_t key_size, uint64_t public_exponent);
     AuthorizationSetBuilder& RsaEncryptionKey(uint32_t key_size, uint64_t public_exponent);
-    AuthorizationSetBuilder& EcdsaSigningKey(uint32_t key_size);
     AuthorizationSetBuilder& EcdsaSigningKey(EcCurve curve);
     AuthorizationSetBuilder& AesEncryptionKey(uint32_t key_size);
     AuthorizationSetBuilder& TripleDesEncryptionKey(uint32_t key_size);
commit	4cb51afac923599ac1199a845d34032144b96f9c	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Fri Oct 29 20:41:35 2021 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Fri Oct 29 20:41:35 2021 +0000
tree	cc2497661d6d171618dd2b7cb52e202aadb7b57d
parent	55190e272dbd9bf2314d6c411031ff46b8610d16 [diff]
parent	a88d5b1cb3f67b94b6c0ff77803d906a881580ef [diff]