Merge changes from topic "nnapi-aidl-memory"
* changes:
Update NN utility code and VTS tests with new Memory type
Improve the structure of NNAPI AIDL Memory
diff --git a/identity/aidl/default/Android.bp b/identity/aidl/default/Android.bp
index 05b3662..a124b1e 100644
--- a/identity/aidl/default/Android.bp
+++ b/identity/aidl/default/Android.bp
@@ -31,7 +31,7 @@
],
static_libs: [
"libbase",
- "libcppbor",
+ "libcppbor_external",
"libutils",
"libsoft_attestation_cert",
"libkeymaster_portable",
@@ -91,7 +91,7 @@
],
static_libs: [
"libbase",
- "libcppbor",
+ "libcppbor_external",
"libutils",
"libsoft_attestation_cert",
"libkeymaster_portable",
diff --git a/identity/aidl/default/common/IdentityCredential.cpp b/identity/aidl/default/common/IdentityCredential.cpp
index c8ee0dd..95557b5 100644
--- a/identity/aidl/default/common/IdentityCredential.cpp
+++ b/identity/aidl/default/common/IdentityCredential.cpp
@@ -488,7 +488,7 @@
}
for (size_t n = 0; n < nsMap->size(); n++) {
- auto [nsKeyItem, nsValueItem] = (*nsMap)[n];
+ auto& [nsKeyItem, nsValueItem] = (*nsMap)[n];
const cppbor::Tstr* nsKey = nsKeyItem->asTstr();
const cppbor::Map* nsInnerMap = nsValueItem->asMap();
if (nsKey == nullptr || nsInnerMap == nullptr) {
diff --git a/identity/aidl/default/common/IdentityCredential.h b/identity/aidl/default/common/IdentityCredential.h
index 9913b86..ef9d133 100644
--- a/identity/aidl/default/common/IdentityCredential.h
+++ b/identity/aidl/default/common/IdentityCredential.h
@@ -27,7 +27,7 @@
#include <string>
#include <vector>
-#include <cppbor/cppbor.h>
+#include <cppbor.h>
#include "IdentityCredentialStore.h"
#include "SecureHardwareProxy.h"
diff --git a/identity/aidl/default/common/WritableIdentityCredential.cpp b/identity/aidl/default/common/WritableIdentityCredential.cpp
index 2d897c7..25f129b 100644
--- a/identity/aidl/default/common/WritableIdentityCredential.cpp
+++ b/identity/aidl/default/common/WritableIdentityCredential.cpp
@@ -23,8 +23,8 @@
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
-#include <cppbor/cppbor.h>
-#include <cppbor/cppbor_parse.h>
+#include <cppbor.h>
+#include <cppbor_parse.h>
#include <utility>
diff --git a/identity/aidl/vts/Android.bp b/identity/aidl/vts/Android.bp
index 82c4011..3592d3e 100644
--- a/identity/aidl/vts/Android.bp
+++ b/identity/aidl/vts/Android.bp
@@ -34,7 +34,7 @@
"libcrypto",
],
static_libs: [
- "libcppbor",
+ "libcppbor_external",
"libkeymaster_portable",
"libpuresoftkeymasterdevice",
"android.hardware.keymaster@4.0",
diff --git a/identity/aidl/vts/AuthenticationKeyTests.cpp b/identity/aidl/vts/AuthenticationKeyTests.cpp
index bda3e70..25d74d4 100644
--- a/identity/aidl/vts/AuthenticationKeyTests.cpp
+++ b/identity/aidl/vts/AuthenticationKeyTests.cpp
@@ -118,7 +118,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
diff --git a/identity/aidl/vts/DeleteCredentialTests.cpp b/identity/aidl/vts/DeleteCredentialTests.cpp
index 1d30067..d3addf4 100644
--- a/identity/aidl/vts/DeleteCredentialTests.cpp
+++ b/identity/aidl/vts/DeleteCredentialTests.cpp
@@ -126,7 +126,7 @@
optional<vector<uint8_t>> proofOfDeletion =
support::coseSignGetPayload(proofOfDeletionSignature);
ASSERT_TRUE(proofOfDeletion);
- string cborPretty = support::cborPrettyPrint(proofOfDeletion.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfDeletion.value(), 32, {});
EXPECT_EQ("['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', true, ]", cborPretty);
EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfDeletionSignature, {}, // Additional data
credentialPubKey_));
@@ -153,7 +153,7 @@
optional<vector<uint8_t>> proofOfDeletion =
support::coseSignGetPayload(proofOfDeletionSignature);
ASSERT_TRUE(proofOfDeletion);
- string cborPretty = support::cborPrettyPrint(proofOfDeletion.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfDeletion.value(), 32, {});
EXPECT_EQ("['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', {0x41, 0x42, 0x43}, true, ]",
cborPretty);
EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfDeletionSignature, {}, // Additional data
diff --git a/identity/aidl/vts/EndToEndTests.cpp b/identity/aidl/vts/EndToEndTests.cpp
index 5798b4c..67db915 100644
--- a/identity/aidl/vts/EndToEndTests.cpp
+++ b/identity/aidl/vts/EndToEndTests.cpp
@@ -231,7 +231,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"});
+ cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
@@ -339,8 +339,8 @@
vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode();
vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode();
cppbor::Array sessionTranscript = cppbor::Array()
- .add(cppbor::Semantic(24, deviceEngagementBytes))
- .add(cppbor::Semantic(24, eReaderPubBytes));
+ .add(cppbor::SemanticTag(24, deviceEngagementBytes))
+ .add(cppbor::SemanticTag(24, eReaderPubBytes));
vector<uint8_t> sessionTranscriptEncoded = sessionTranscript.encode();
vector<uint8_t> itemsRequestBytes =
@@ -353,7 +353,7 @@
.add("Home address", true))
.add("Image", cppbor::Map().add("Portrait image", false)))
.encode();
- cborPretty = support::cborPrettyPrint(itemsRequestBytes, 32, {"EphemeralPublicKey"});
+ cborPretty = cppbor::prettyPrint(itemsRequestBytes, 32, {"EphemeralPublicKey"});
EXPECT_EQ(
"{\n"
" 'nameSpaces' : {\n"
@@ -373,10 +373,10 @@
cppbor::Array()
.add("ReaderAuthentication")
.add(sessionTranscript.clone())
- .add(cppbor::Semantic(24, itemsRequestBytes))
+ .add(cppbor::SemanticTag(24, itemsRequestBytes))
.encode();
vector<uint8_t> encodedReaderAuthenticationBytes =
- cppbor::Semantic(24, encodedReaderAuthentication).encode();
+ cppbor::SemanticTag(24, encodedReaderAuthentication).encode();
optional<vector<uint8_t>> readerSignature =
support::coseSignEcDsa(readerKey, {}, // content
encodedReaderAuthenticationBytes, // detached content
@@ -443,7 +443,7 @@
vector<uint8_t> mac;
vector<uint8_t> deviceNameSpacesEncoded;
ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesEncoded).isOk());
- cborPretty = support::cborPrettyPrint(deviceNameSpacesEncoded, 32, {});
+ cborPretty = cppbor::prettyPrint(deviceNameSpacesEncoded, 32, {});
ASSERT_EQ(
"{\n"
" 'PersonalData' : {\n"
@@ -462,10 +462,11 @@
string docType = "org.iso.18013-5.2019.mdl";
optional<vector<uint8_t>> readerEphemeralPrivateKey =
support::ecKeyPairGetPrivateKey(readerEphemeralKeyPair.value());
- optional<vector<uint8_t>> eMacKey = support::calcEMacKey(
- readerEphemeralPrivateKey.value(), // Private Key
- signingPubKey.value(), // Public Key
- cppbor::Semantic(24, sessionTranscript.encode()).encode()); // SessionTranscriptBytes
+ optional<vector<uint8_t>> eMacKey =
+ support::calcEMacKey(readerEphemeralPrivateKey.value(), // Private Key
+ signingPubKey.value(), // Public Key
+ cppbor::SemanticTag(24, sessionTranscript.encode())
+ .encode()); // SessionTranscriptBytes
optional<vector<uint8_t>> calculatedMac =
support::calcMac(sessionTranscript.encode(), // SessionTranscript
docType, // DocType
@@ -486,7 +487,7 @@
testEntriesEntryCounts)
.isOk());
ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesEncoded).isOk());
- cborPretty = support::cborPrettyPrint(deviceNameSpacesEncoded, 32, {});
+ cborPretty = cppbor::prettyPrint(deviceNameSpacesEncoded, 32, {});
ASSERT_EQ("{}", cborPretty);
// Calculate DeviceAuthentication and MAC (MACing key hasn't changed)
calculatedMac = support::calcMac(sessionTranscript.encode(), // SessionTranscript
@@ -508,7 +509,7 @@
testEntriesEntryCounts)
.isOk());
ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesEncoded).isOk());
- cborPretty = support::cborPrettyPrint(deviceNameSpacesEncoded, 32, {});
+ cborPretty = cppbor::prettyPrint(deviceNameSpacesEncoded, 32, {});
ASSERT_EQ("{}", cborPretty);
// Calculate DeviceAuthentication and MAC (MACing key hasn't changed)
calculatedMac = support::calcMac(sessionTranscript.encode(), // SessionTranscript
diff --git a/identity/aidl/vts/ProveOwnershipTests.cpp b/identity/aidl/vts/ProveOwnershipTests.cpp
index d1a3d39..fa0e293 100644
--- a/identity/aidl/vts/ProveOwnershipTests.cpp
+++ b/identity/aidl/vts/ProveOwnershipTests.cpp
@@ -131,7 +131,7 @@
optional<vector<uint8_t>> proofOfOwnership =
support::coseSignGetPayload(proofOfOwnershipSignature);
ASSERT_TRUE(proofOfOwnership);
- string cborPretty = support::cborPrettyPrint(proofOfOwnership.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfOwnership.value(), 32, {});
EXPECT_EQ("['ProofOfOwnership', 'org.iso.18013-5.2019.mdl', {0x11, 0x12}, true, ]", cborPretty);
EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfOwnershipSignature, {}, // Additional data
credentialPubKey_));
diff --git a/identity/aidl/vts/ReaderAuthTests.cpp b/identity/aidl/vts/ReaderAuthTests.cpp
index 7656c8e..c4a58c3 100644
--- a/identity/aidl/vts/ReaderAuthTests.cpp
+++ b/identity/aidl/vts/ReaderAuthTests.cpp
@@ -262,8 +262,8 @@
vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode();
vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode();
cppbor::Array sessionTranscript = cppbor::Array()
- .add(cppbor::Semantic(24, deviceEngagementBytes))
- .add(cppbor::Semantic(24, eReaderPubBytes));
+ .add(cppbor::SemanticTag(24, deviceEngagementBytes))
+ .add(cppbor::SemanticTag(24, eReaderPubBytes));
vector<uint8_t> sessionTranscriptBytes = sessionTranscript.encode();
vector<uint8_t> itemsRequestBytes;
@@ -293,10 +293,10 @@
cppbor::Array()
.add("ReaderAuthentication")
.add(sessionTranscript.clone())
- .add(cppbor::Semantic(24, itemsRequestBytes))
+ .add(cppbor::SemanticTag(24, itemsRequestBytes))
.encode();
vector<uint8_t> encodedReaderAuthenticationBytes =
- cppbor::Semantic(24, encodedReaderAuthentication).encode();
+ cppbor::SemanticTag(24, encodedReaderAuthentication).encode();
optional<vector<uint8_t>> readerSignature =
support::coseSignEcDsa(readerPrivateKey, // private key for reader
@@ -517,8 +517,8 @@
vector<uint8_t> deviceEngagementBytes = deviceEngagement.encode();
vector<uint8_t> eReaderPubBytes = cppbor::Tstr("ignored").encode();
cppbor::Array sessionTranscript = cppbor::Array()
- .add(cppbor::Semantic(24, deviceEngagementBytes))
- .add(cppbor::Semantic(24, eReaderPubBytes));
+ .add(cppbor::SemanticTag(24, deviceEngagementBytes))
+ .add(cppbor::SemanticTag(24, eReaderPubBytes));
vector<uint8_t> sessionTranscriptBytes = sessionTranscript.encode();
vector<uint8_t> itemsRequestBytes;
@@ -535,10 +535,10 @@
cppbor::Array()
.add("ReaderAuthentication")
.add(sessionTranscript.clone())
- .add(cppbor::Semantic(24, itemsRequestBytes))
+ .add(cppbor::SemanticTag(24, itemsRequestBytes))
.encode();
vector<uint8_t> encodedReaderAuthenticationBytes =
- cppbor::Semantic(24, encodedReaderAuthentication).encode();
+ cppbor::SemanticTag(24, encodedReaderAuthentication).encode();
vector<vector<uint8_t>> readerCertChain = {cert_reader_SelfSigned_};
optional<vector<uint8_t>> readerSignature =
diff --git a/identity/aidl/vts/TestCredentialTests.cpp b/identity/aidl/vts/TestCredentialTests.cpp
index d53de3b..46c2229 100644
--- a/identity/aidl/vts/TestCredentialTests.cpp
+++ b/identity/aidl/vts/TestCredentialTests.cpp
@@ -114,7 +114,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
diff --git a/identity/aidl/vts/UpdateCredentialTests.cpp b/identity/aidl/vts/UpdateCredentialTests.cpp
index 9c5ca55..e05bb3b 100644
--- a/identity/aidl/vts/UpdateCredentialTests.cpp
+++ b/identity/aidl/vts/UpdateCredentialTests.cpp
@@ -114,7 +114,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
@@ -195,7 +195,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(), 32, {});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
diff --git a/identity/aidl/vts/UserAuthTests.cpp b/identity/aidl/vts/UserAuthTests.cpp
index ef89d1c..edd1725 100644
--- a/identity/aidl/vts/UserAuthTests.cpp
+++ b/identity/aidl/vts/UserAuthTests.cpp
@@ -160,8 +160,8 @@
// Let SessionTranscript be a map here (it's an array in EndToEndTest) just
// to check that the implementation can deal with either.
cppbor::Map sessionTranscript;
- sessionTranscript.add(42, cppbor::Semantic(24, deviceEngagementBytes));
- sessionTranscript.add(43, cppbor::Semantic(24, eReaderPubBytes));
+ sessionTranscript.add(42, cppbor::SemanticTag(24, deviceEngagementBytes));
+ sessionTranscript.add(43, cppbor::SemanticTag(24, eReaderPubBytes));
return sessionTranscript;
}
@@ -209,7 +209,7 @@
vector<uint8_t> dataToSign = cppbor::Array()
.add("ReaderAuthentication")
.add(sessionTranscript_.clone())
- .add(cppbor::Semantic(24, itemsRequestBytes))
+ .add(cppbor::SemanticTag(24, itemsRequestBytes))
.encode();
}
diff --git a/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp b/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp
index cc63c48..bc37020 100644
--- a/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp
+++ b/identity/aidl/vts/VtsIWritableIdentityCredentialTests.cpp
@@ -338,8 +338,7 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty =
- support::cborPrettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(), 32, {"readerCertificate"});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
@@ -449,9 +448,9 @@
optional<vector<uint8_t>> proofOfProvisioning =
support::coseSignGetPayload(proofOfProvisioningSignature);
ASSERT_TRUE(proofOfProvisioning);
- string cborPretty = support::cborPrettyPrint(proofOfProvisioning.value(),
- 32, //
- {"readerCertificate"});
+ string cborPretty = cppbor::prettyPrint(proofOfProvisioning.value(),
+ 32, //
+ {"readerCertificate"});
EXPECT_EQ(
"[\n"
" 'ProofOfProvisioning',\n"
diff --git a/identity/support/Android.bp b/identity/support/Android.bp
index d00f59a..774bc40 100644
--- a/identity/support/Android.bp
+++ b/identity/support/Android.bp
@@ -42,7 +42,7 @@
"libpuresoftkeymasterdevice",
],
static_libs: [
- "libcppbor",
+ "libcppbor_external",
],
}
@@ -59,7 +59,7 @@
"libhardware",
],
static_libs: [
- "libcppbor",
+ "libcppbor_external",
"libgmock",
],
test_suites: ["general-tests"],
@@ -89,7 +89,7 @@
"tests/cppbor_test.cpp",
],
shared_libs: [
- "libcppbor",
+ "libcppbor_external",
"libbase",
],
static_libs: [
@@ -104,7 +104,7 @@
"tests/cppbor_test.cpp",
],
shared_libs: [
- "libcppbor",
+ "libcppbor_external",
"libbase",
],
static_libs: [
diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp
index aba89c1..4547624 100644
--- a/identity/support/src/IdentityCredentialSupport.cpp
+++ b/identity/support/src/IdentityCredentialSupport.cpp
@@ -148,199 +148,6 @@
}
// ---------------------------------------------------------------------------
-// CBOR utilities.
-// ---------------------------------------------------------------------------
-
-static bool cborAreAllElementsNonCompound(const cppbor::CompoundItem* compoundItem) {
- if (compoundItem->type() == cppbor::ARRAY) {
- const cppbor::Array* array = compoundItem->asArray();
- for (size_t n = 0; n < array->size(); n++) {
- const cppbor::Item* entry = (*array)[n].get();
- switch (entry->type()) {
- case cppbor::ARRAY:
- case cppbor::MAP:
- return false;
- default:
- break;
- }
- }
- } else {
- const cppbor::Map* map = compoundItem->asMap();
- for (size_t n = 0; n < map->size(); n++) {
- auto [keyEntry, valueEntry] = (*map)[n];
- switch (keyEntry->type()) {
- case cppbor::ARRAY:
- case cppbor::MAP:
- return false;
- default:
- break;
- }
- switch (valueEntry->type()) {
- case cppbor::ARRAY:
- case cppbor::MAP:
- return false;
- default:
- break;
- }
- }
- }
- return true;
-}
-
-static bool cborPrettyPrintInternal(const cppbor::Item* item, string& out, size_t indent,
- size_t maxBStrSize, const vector<string>& mapKeysToNotPrint) {
- char buf[80];
-
- string indentString(indent, ' ');
-
- switch (item->type()) {
- case cppbor::UINT:
- snprintf(buf, sizeof(buf), "%" PRIu64, item->asUint()->unsignedValue());
- out.append(buf);
- break;
-
- case cppbor::NINT:
- snprintf(buf, sizeof(buf), "%" PRId64, item->asNint()->value());
- out.append(buf);
- break;
-
- case cppbor::BSTR: {
- const cppbor::Bstr* bstr = item->asBstr();
- const vector<uint8_t>& value = bstr->value();
- if (value.size() > maxBStrSize) {
- unsigned char digest[SHA_DIGEST_LENGTH];
- SHA_CTX ctx;
- SHA1_Init(&ctx);
- SHA1_Update(&ctx, value.data(), value.size());
- SHA1_Final(digest, &ctx);
- char buf2[SHA_DIGEST_LENGTH * 2 + 1];
- for (size_t n = 0; n < SHA_DIGEST_LENGTH; n++) {
- snprintf(buf2 + n * 2, 3, "%02x", digest[n]);
- }
- snprintf(buf, sizeof(buf), "<bstr size=%zd sha1=%s>", value.size(), buf2);
- out.append(buf);
- } else {
- out.append("{");
- for (size_t n = 0; n < value.size(); n++) {
- if (n > 0) {
- out.append(", ");
- }
- snprintf(buf, sizeof(buf), "0x%02x", value[n]);
- out.append(buf);
- }
- out.append("}");
- }
- } break;
-
- case cppbor::TSTR:
- out.append("'");
- {
- // TODO: escape "'" characters
- out.append(item->asTstr()->value().c_str());
- }
- out.append("'");
- break;
-
- case cppbor::ARRAY: {
- const cppbor::Array* array = item->asArray();
- if (array->size() == 0) {
- out.append("[]");
- } else if (cborAreAllElementsNonCompound(array)) {
- out.append("[");
- for (size_t n = 0; n < array->size(); n++) {
- if (!cborPrettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize,
- mapKeysToNotPrint)) {
- return false;
- }
- out.append(", ");
- }
- out.append("]");
- } else {
- out.append("[\n" + indentString);
- for (size_t n = 0; n < array->size(); n++) {
- out.append(" ");
- if (!cborPrettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize,
- mapKeysToNotPrint)) {
- return false;
- }
- out.append(",\n" + indentString);
- }
- out.append("]");
- }
- } break;
-
- case cppbor::MAP: {
- const cppbor::Map* map = item->asMap();
-
- if (map->size() == 0) {
- out.append("{}");
- } else {
- out.append("{\n" + indentString);
- for (size_t n = 0; n < map->size(); n++) {
- out.append(" ");
-
- auto [map_key, map_value] = (*map)[n];
-
- if (!cborPrettyPrintInternal(map_key.get(), out, indent + 2, maxBStrSize,
- mapKeysToNotPrint)) {
- return false;
- }
- out.append(" : ");
- if (map_key->type() == cppbor::TSTR &&
- std::find(mapKeysToNotPrint.begin(), mapKeysToNotPrint.end(),
- map_key->asTstr()->value()) != mapKeysToNotPrint.end()) {
- out.append("<not printed>");
- } else {
- if (!cborPrettyPrintInternal(map_value.get(), out, indent + 2, maxBStrSize,
- mapKeysToNotPrint)) {
- return false;
- }
- }
- out.append(",\n" + indentString);
- }
- out.append("}");
- }
- } break;
-
- case cppbor::SEMANTIC: {
- const cppbor::Semantic* semantic = item->asSemantic();
- snprintf(buf, sizeof(buf), "tag %" PRIu64 " ", semantic->value());
- out.append(buf);
- cborPrettyPrintInternal(semantic->child().get(), out, indent, maxBStrSize,
- mapKeysToNotPrint);
- } break;
-
- case cppbor::SIMPLE:
- const cppbor::Bool* asBool = item->asSimple()->asBool();
- const cppbor::Null* asNull = item->asSimple()->asNull();
- if (asBool != nullptr) {
- out.append(asBool->value() ? "true" : "false");
- } else if (asNull != nullptr) {
- out.append("null");
- } else {
- LOG(ERROR) << "Only boolean/null is implemented for SIMPLE";
- return false;
- }
- break;
- }
-
- return true;
-}
-
-string cborPrettyPrint(const vector<uint8_t>& encodedCbor, size_t maxBStrSize,
- const vector<string>& mapKeysToNotPrint) {
- auto [item, _, message] = cppbor::parse(encodedCbor);
- if (item == nullptr) {
- LOG(ERROR) << "Data to pretty print is not valid CBOR: " << message;
- return "";
- }
-
- string out;
- cborPrettyPrintInternal(item.get(), out, 0, maxBStrSize, mapKeysToNotPrint);
- return out;
-}
-
-// ---------------------------------------------------------------------------
// Crypto functionality / abstraction.
// ---------------------------------------------------------------------------
@@ -2140,7 +1947,7 @@
}
for (size_t n = 0; n < protectedHeaders->size(); n++) {
- auto [keyItem, valueItem] = (*protectedHeaders)[n];
+ auto& [keyItem, valueItem] = (*protectedHeaders)[n];
const cppbor::Int* number = keyItem->asInt();
if (number == nullptr) {
LOG(ERROR) << "Key item in top-level map is not a number";
@@ -2183,7 +1990,7 @@
}
for (size_t n = 0; n < unprotectedHeaders->size(); n++) {
- auto [keyItem, valueItem] = (*unprotectedHeaders)[n];
+ auto& [keyItem, valueItem] = (*unprotectedHeaders)[n];
const cppbor::Int* number = keyItem->asInt();
if (number == nullptr) {
LOG(ERROR) << "Key item in top-level map is not a number";
@@ -2335,9 +2142,9 @@
.add("DeviceAuthentication")
.add(std::move(sessionTranscriptItem))
.add(docType)
- .add(cppbor::Semantic(kSemanticTagEncodedCbor, deviceNameSpacesEncoded));
+ .add(cppbor::SemanticTag(kSemanticTagEncodedCbor, deviceNameSpacesEncoded));
vector<uint8_t> deviceAuthenticationBytes =
- cppbor::Semantic(kSemanticTagEncodedCbor, deviceAuthentication.encode()).encode();
+ cppbor::SemanticTag(kSemanticTagEncodedCbor, deviceAuthentication.encode()).encode();
optional<vector<uint8_t>> calculatedMac =
support::coseMac0(eMacKey, {}, // payload
deviceAuthenticationBytes); // detached content
diff --git a/identity/support/tests/IdentityCredentialSupportTest.cpp b/identity/support/tests/IdentityCredentialSupportTest.cpp
index 509133c..4c9b87a 100644
--- a/identity/support/tests/IdentityCredentialSupportTest.cpp
+++ b/identity/support/tests/IdentityCredentialSupportTest.cpp
@@ -55,99 +55,6 @@
EXPECT_FALSE(support::decodeHex("012"));
}
-TEST(IdentityCredentialSupport, CborPrettyPrint) {
- EXPECT_EQ("'Some text'", support::cborPrettyPrint(cppbor::Tstr("Some text").encode()));
-
- EXPECT_EQ("''", support::cborPrettyPrint(cppbor::Tstr("").encode()));
-
- EXPECT_EQ("{0x01, 0x00, 0x02, 0xf0, 0xff, 0x40}",
- support::cborPrettyPrint(
- cppbor::Bstr(vector<uint8_t>({1, 0, 2, 240, 255, 64})).encode()));
-
- EXPECT_EQ("{}", support::cborPrettyPrint(cppbor::Bstr(vector<uint8_t>()).encode()));
-
- EXPECT_EQ("true", support::cborPrettyPrint(cppbor::Bool(true).encode()));
-
- EXPECT_EQ("false", support::cborPrettyPrint(cppbor::Bool(false).encode()));
-
- EXPECT_EQ("42", support::cborPrettyPrint(cppbor::Uint(42).encode()));
-
- EXPECT_EQ("9223372036854775807", // 0x7fff ffff ffff ffff
- support::cborPrettyPrint(cppbor::Uint(std::numeric_limits<int64_t>::max()).encode()));
-
- EXPECT_EQ("-42", support::cborPrettyPrint(cppbor::Nint(-42).encode()));
-
- EXPECT_EQ("-9223372036854775808", // -0x8000 0000 0000 0000
- support::cborPrettyPrint(cppbor::Nint(std::numeric_limits<int64_t>::min()).encode()));
-}
-
-TEST(IdentityCredentialSupport, CborPrettyPrintCompound) {
- cppbor::Array array = cppbor::Array("foo", "bar", "baz");
- EXPECT_EQ("['foo', 'bar', 'baz', ]", support::cborPrettyPrint(array.encode()));
-
- cppbor::Map map = cppbor::Map().add("foo", 42).add("bar", 43).add("baz", 44);
- EXPECT_EQ(
- "{\n"
- " 'foo' : 42,\n"
- " 'bar' : 43,\n"
- " 'baz' : 44,\n"
- "}",
- support::cborPrettyPrint(map.encode()));
-
- cppbor::Array array2 = cppbor::Array(cppbor::Tstr("Some text"), cppbor::Nint(-42));
- EXPECT_EQ("['Some text', -42, ]", support::cborPrettyPrint(array2.encode()));
-
- cppbor::Map map2 = cppbor::Map().add(42, "foo").add(43, "bar").add(44, "baz");
- EXPECT_EQ(
- "{\n"
- " 42 : 'foo',\n"
- " 43 : 'bar',\n"
- " 44 : 'baz',\n"
- "}",
- support::cborPrettyPrint(map2.encode()));
-
- cppbor::Array deeplyNestedArrays =
- cppbor::Array(cppbor::Array(cppbor::Array("a", "b", "c")),
- cppbor::Array(cppbor::Array("d", "e", cppbor::Array("f", "g"))));
- EXPECT_EQ(
- "[\n"
- " ['a', 'b', 'c', ],\n"
- " [\n 'd',\n"
- " 'e',\n"
- " ['f', 'g', ],\n"
- " ],\n"
- "]",
- support::cborPrettyPrint(deeplyNestedArrays.encode()));
-
- EXPECT_EQ(
- "[\n"
- " {0x0a, 0x0b},\n"
- " 'foo',\n"
- " 42,\n"
- " ['foo', 'bar', 'baz', ],\n"
- " {\n"
- " 'foo' : 42,\n"
- " 'bar' : 43,\n"
- " 'baz' : 44,\n"
- " },\n"
- " {\n"
- " 'deep1' : ['Some text', -42, ],\n"
- " 'deep2' : {\n"
- " 42 : 'foo',\n"
- " 43 : 'bar',\n"
- " 44 : 'baz',\n"
- " },\n"
- " },\n"
- "]",
- support::cborPrettyPrint(cppbor::Array(cppbor::Bstr(vector<uint8_t>{10, 11}),
- cppbor::Tstr("foo"), cppbor::Uint(42),
- std::move(array), std::move(map),
- (cppbor::Map()
- .add("deep1", std::move(array2))
- .add("deep2", std::move(map2))))
- .encode()));
-}
-
TEST(IdentityCredentialSupport, Signatures) {
vector<uint8_t> data = {1, 2, 3};
@@ -219,7 +126,7 @@
ASSERT_EQ(data, payload.value());
// Finally, check that |coseSign1| are the bytes of a valid COSE_Sign1 message
- string out = support::cborPrettyPrint(coseSign1.value());
+ string out = cppbor::prettyPrint(coseSign1.value());
out = replaceLine(out, -2, " [] // Signature Removed");
EXPECT_EQ(
"[\n"
@@ -250,7 +157,7 @@
ASSERT_EQ(0, payload.value().size());
// Finally, check that |coseSign1| are the bytes of a valid COSE_Sign1 message
- string out = support::cborPrettyPrint(coseSign1.value());
+ string out = cppbor::prettyPrint(coseSign1.value());
out = replaceLine(out, -2, " [] // Signature Removed");
EXPECT_EQ(
"[\n"
@@ -411,7 +318,7 @@
"0x86, 0x5c, 0x28, 0x2c, 0xd5, 0xa5, 0x13, 0xff, 0x3b, 0xd1, 0xde, 0x70, 0x5e, 0xbb, "
"0xe2, 0x2d, 0x42, 0xbe, 0x53},\n"
"]",
- support::cborPrettyPrint(mac.value()));
+ cppbor::prettyPrint(mac.value()));
}
TEST(IdentityCredentialSupport, CoseMac0DetachedContent) {
@@ -433,7 +340,7 @@
"0x86, 0x5c, 0x28, 0x2c, 0xd5, 0xa5, 0x13, 0xff, 0x3b, 0xd1, 0xde, 0x70, 0x5e, 0xbb, "
"0xe2, 0x2d, 0x42, 0xbe, 0x53},\n"
"]",
- support::cborPrettyPrint(mac.value()));
+ cppbor::prettyPrint(mac.value()));
}
// Generates a private key in DER format for a small value of 'd'.
@@ -460,8 +367,8 @@
const cppbor::Item* findValueForTstr(const cppbor::Map* map, const string& keyValue) {
// TODO: Need cast until libcppbor's Map::get() is marked as const
- auto [item, found] = ((cppbor::Map*)map)->get(keyValue);
- if (!found) {
+ const auto& item = map->get(keyValue);
+ if (!item) {
return nullptr;
}
return item.get();
@@ -483,12 +390,13 @@
return item->asMap();
}
-const cppbor::Semantic* findSemanticValueForTstr(const cppbor::Map* map, const string& keyValue) {
+const cppbor::SemanticTag* findSemanticValueForTstr(const cppbor::Map* map,
+ const string& keyValue) {
const cppbor::Item* item = findValueForTstr(map, keyValue);
if (item == nullptr) {
return nullptr;
}
- return item->asSemantic();
+ return item->asSemanticTag();
}
const std::string findStringValueForTstr(const cppbor::Map* map, const string& keyValue) {
@@ -576,11 +484,11 @@
auto [sessionEstablishmentItem, _se, _se2] = cppbor::parse(sessionEstablishmentEncoded.value());
const cppbor::Map* sessionEstablishment = sessionEstablishmentItem->asMap();
ASSERT_NE(sessionEstablishment, nullptr);
- const cppbor::Semantic* eReaderKeyBytes =
+ const cppbor::SemanticTag* eReaderKeyBytes =
findSemanticValueForTstr(sessionEstablishment, "eReaderKeyBytes");
ASSERT_NE(eReaderKeyBytes, nullptr);
- ASSERT_EQ(eReaderKeyBytes->value(), 24);
- const cppbor::Bstr* eReaderKeyBstr = eReaderKeyBytes->child()->asBstr();
+ ASSERT_EQ(eReaderKeyBytes->semanticTag(), 24);
+ const cppbor::Bstr* eReaderKeyBstr = eReaderKeyBytes->asBstr();
ASSERT_NE(eReaderKeyBstr, nullptr);
vector<uint8_t> eReaderKeyEncoded = eReaderKeyBstr->value();
// TODO: verify this agrees with ephemeralReaderKeyX and ephemeralReaderKeyY
@@ -605,12 +513,12 @@
// SessionTranscriptBytes = #6.24(bstr .cbor SessionTranscript)
//
cppbor::Array sessionTranscript;
- sessionTranscript.add(cppbor::Semantic(24, deviceEngagementEncoded));
- sessionTranscript.add(cppbor::Semantic(24, eReaderKeyEncoded));
+ sessionTranscript.add(cppbor::SemanticTag(24, deviceEngagementEncoded));
+ sessionTranscript.add(cppbor::SemanticTag(24, eReaderKeyEncoded));
sessionTranscript.add(cppbor::Null());
vector<uint8_t> sessionTranscriptEncoded = sessionTranscript.encode();
vector<uint8_t> sessionTranscriptBytes =
- cppbor::Semantic(24, sessionTranscriptEncoded).encode();
+ cppbor::SemanticTag(24, sessionTranscriptEncoded).encode();
// The expected EMacKey is 4c1ebb8aacc633465390fa44edfdb49cb57f2e079aaa771d812584699c0b97e2
//
@@ -696,11 +604,11 @@
// Dig out the encoded form of DeviceNameSpaces
//
- const cppbor::Semantic* deviceNameSpacesBytes =
+ const cppbor::SemanticTag* deviceNameSpacesBytes =
findSemanticValueForTstr(deviceSigned, "nameSpaces");
ASSERT_NE(deviceNameSpacesBytes, nullptr);
- ASSERT_EQ(deviceNameSpacesBytes->value(), 24);
- const cppbor::Bstr* deviceNameSpacesBstr = deviceNameSpacesBytes->child()->asBstr();
+ ASSERT_EQ(deviceNameSpacesBytes->semanticTag(), 24);
+ const cppbor::Bstr* deviceNameSpacesBstr = deviceNameSpacesBytes->asBstr();
ASSERT_NE(deviceNameSpacesBstr, nullptr);
vector<uint8_t> deviceNameSpacesEncoded = deviceNameSpacesBstr->value();
diff --git a/neuralnetworks/utils/service/src/Service.cpp b/neuralnetworks/utils/service/src/Service.cpp
index c83bcc9..75ab1f9 100644
--- a/neuralnetworks/utils/service/src/Service.cpp
+++ b/neuralnetworks/utils/service/src/Service.cpp
@@ -16,6 +16,7 @@
#include "Service.h"
+#include <AndroidVersionUtil.h>
#include <aidl/android/hardware/neuralnetworks/IDevice.h>
#include <android-base/logging.h>
#include <android/binder_manager.h>
@@ -82,7 +83,7 @@
// Devices with SDK level lower than 31 (Android S) don't have any AIDL drivers available, so
// there is no need for a workaround supported on lower levels.
- if (__builtin_available(android __ANDROID_API_S__, *)) {
+ if (__builtin_available(android __NNAPI_AIDL_MIN_ANDROID_API__, *)) {
AServiceManager_forEachDeclaredInstance(aidl_hal::IDevice::descriptor,
static_cast<void*>(&names), callback);
}
diff --git a/power/stats/aidl/vts/VtsHalPowerStatsTargetTest.cpp b/power/stats/aidl/vts/VtsHalPowerStatsTargetTest.cpp
index bed3fdf..c7ba96c 100644
--- a/power/stats/aidl/vts/VtsHalPowerStatsTargetTest.cpp
+++ b/power/stats/aidl/vts/VtsHalPowerStatsTargetTest.cpp
@@ -40,6 +40,12 @@
using ndk::SpAIBinder;
+#define ASSERT_OK(a) \
+ do { \
+ auto ret = a; \
+ ASSERT_TRUE(ret.isOk()) << ret.getDescription(); \
+ } while (0)
+
class PowerStatsAidl : public testing::TestWithParam<std::string> {
public:
virtual void SetUp() override {
@@ -108,7 +114,7 @@
// Each PowerEntity must have a valid name
TEST_P(PowerStatsAidl, ValidatePowerEntityNames) {
std::vector<PowerEntity> infos;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&infos).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&infos));
for (auto info : infos) {
testNameValid(info.name);
@@ -118,7 +124,7 @@
// Each power entity must have a unique name
TEST_P(PowerStatsAidl, ValidatePowerEntityUniqueNames) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
testUnique(entities, &PowerEntity::name);
}
@@ -126,7 +132,7 @@
// Each PowerEntity must have a unique ID
TEST_P(PowerStatsAidl, ValidatePowerEntityIds) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
testUnique(entities, &PowerEntity::id);
}
@@ -134,7 +140,7 @@
// Each power entity must have at least one state
TEST_P(PowerStatsAidl, ValidateStateSize) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
for (auto entity : entities) {
EXPECT_GT(entity.states.size(), 0);
@@ -144,7 +150,7 @@
// Each state must have a valid name
TEST_P(PowerStatsAidl, ValidateStateNames) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
for (auto entity : entities) {
for (auto state : entity.states) {
@@ -156,7 +162,7 @@
// Each state must have a name that is unique to the given PowerEntity
TEST_P(PowerStatsAidl, ValidateStateUniqueNames) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
for (auto entity : entities) {
testUnique(entity.states, &State::name);
@@ -166,7 +172,7 @@
// Each state must have an ID that is unique to the given PowerEntity
TEST_P(PowerStatsAidl, ValidateStateUniqueIds) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
for (auto entity : entities) {
testUnique(entity.states, &State::id);
@@ -176,16 +182,16 @@
// State residency must return a valid status
TEST_P(PowerStatsAidl, TestGetStateResidency) {
std::vector<StateResidencyResult> results;
- ASSERT_TRUE(powerstats->getStateResidency({}, &results).isOk());
+ ASSERT_OK(powerstats->getStateResidency({}, &results));
}
// State residency must return all results
TEST_P(PowerStatsAidl, TestGetStateResidencyAllResults) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
std::vector<StateResidencyResult> results;
- ASSERT_TRUE(powerstats->getStateResidency({}, &results).isOk());
+ ASSERT_OK(powerstats->getStateResidency({}, &results));
testMatching(entities, &PowerEntity::id, results, &StateResidencyResult::id);
}
@@ -193,10 +199,10 @@
// Each result must contain all state residencies
TEST_P(PowerStatsAidl, TestGetStateResidencyAllStateResidencies) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
std::vector<StateResidencyResult> results;
- ASSERT_TRUE(powerstats->getStateResidency({}, &results).isOk());
+ ASSERT_OK(powerstats->getStateResidency({}, &results));
for (auto entity : entities) {
auto it = std::find_if(results.begin(), results.end(),
@@ -210,7 +216,7 @@
// State residency must return results for each requested power entity
TEST_P(PowerStatsAidl, TestGetStateResidencySelectedResults) {
std::vector<PowerEntity> entities;
- ASSERT_TRUE(powerstats->getPowerEntityInfo(&entities).isOk());
+ ASSERT_OK(powerstats->getPowerEntityInfo(&entities));
if (entities.empty()) {
return;
}
@@ -222,7 +228,7 @@
}
std::vector<StateResidencyResult> selectedResults;
- ASSERT_TRUE(powerstats->getStateResidency(selectedIds, &selectedResults).isOk());
+ ASSERT_OK(powerstats->getStateResidency(selectedIds, &selectedResults));
testMatching(selectedEntities, &PowerEntity::id, selectedResults, &StateResidencyResult::id);
}
@@ -230,15 +236,25 @@
// Energy meter info must return a valid status
TEST_P(PowerStatsAidl, TestGetEnergyMeterInfo) {
std::vector<Channel> info;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&info).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&info));
}
-// Each channel must have a valid name and subsystem
+// Each channel must have a valid name
TEST_P(PowerStatsAidl, ValidateChannelNames) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
+
for (auto channel : channels) {
testNameValid(channel.name);
+ }
+}
+
+// Each channel must have a valid subsystem
+TEST_P(PowerStatsAidl, ValidateSubsystemNames) {
+ std::vector<Channel> channels;
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
+
+ for (auto channel : channels) {
testNameValid(channel.subsystem);
}
}
@@ -246,7 +262,7 @@
// Each channel must have a unique name
TEST_P(PowerStatsAidl, ValidateChannelUniqueNames) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
testUnique(channels, &Channel::name);
}
@@ -254,7 +270,7 @@
// Each channel must have a unique ID
TEST_P(PowerStatsAidl, ValidateChannelUniqueIds) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
testUnique(channels, &Channel::id);
}
@@ -262,16 +278,16 @@
// Reading energy meter must return a valid status
TEST_P(PowerStatsAidl, TestReadEnergyMeter) {
std::vector<EnergyMeasurement> data;
- ASSERT_TRUE(powerstats->readEnergyMeter({}, &data).isOk());
+ ASSERT_OK(powerstats->readEnergyMeter({}, &data));
}
// Reading energy meter must return results for all available channels
TEST_P(PowerStatsAidl, TestGetAllEnergyMeasurements) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
std::vector<EnergyMeasurement> measurements;
- ASSERT_TRUE(powerstats->readEnergyMeter({}, &measurements).isOk());
+ ASSERT_OK(powerstats->readEnergyMeter({}, &measurements));
testMatching(channels, &Channel::id, measurements, &EnergyMeasurement::id);
}
@@ -279,7 +295,7 @@
// Reading energy must must return results for each selected channel
TEST_P(PowerStatsAidl, TestGetSelectedEnergyMeasurements) {
std::vector<Channel> channels;
- ASSERT_TRUE(powerstats->getEnergyMeterInfo(&channels).isOk());
+ ASSERT_OK(powerstats->getEnergyMeterInfo(&channels));
if (channels.empty()) {
return;
}
@@ -291,7 +307,7 @@
}
std::vector<EnergyMeasurement> selectedMeasurements;
- ASSERT_TRUE(powerstats->readEnergyMeter(selectedIds, &selectedMeasurements).isOk());
+ ASSERT_OK(powerstats->readEnergyMeter(selectedIds, &selectedMeasurements));
testMatching(selectedChannels, &Channel::id, selectedMeasurements, &EnergyMeasurement::id);
}
@@ -299,13 +315,13 @@
// Energy consumer info must return a valid status
TEST_P(PowerStatsAidl, TestGetEnergyConsumerInfo) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
}
// Each energy consumer must have a unique id
TEST_P(PowerStatsAidl, TestGetEnergyConsumerUniqueId) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
testUnique(consumers, &EnergyConsumer::id);
}
@@ -313,7 +329,7 @@
// Each energy consumer must have a valid name
TEST_P(PowerStatsAidl, ValidateEnergyConsumerNames) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
for (auto consumer : consumers) {
testNameValid(consumer.name);
@@ -323,7 +339,7 @@
// Each energy consumer must have a unique name
TEST_P(PowerStatsAidl, ValidateEnergyConsumerUniqueNames) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
testUnique(consumers, &EnergyConsumer::name);
}
@@ -331,7 +347,7 @@
// Energy consumers of the same type must have ordinals that are 0,1,2,..., N - 1
TEST_P(PowerStatsAidl, ValidateEnergyConsumerOrdinals) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
std::unordered_map<EnergyConsumerType, std::set<int32_t>> ordinalMap;
@@ -350,16 +366,16 @@
// Energy consumed must return a valid status
TEST_P(PowerStatsAidl, TestGetEnergyConsumed) {
std::vector<EnergyConsumerResult> results;
- ASSERT_TRUE(powerstats->getEnergyConsumed({}, &results).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed({}, &results));
}
// Energy consumed must return data for all energy consumers
TEST_P(PowerStatsAidl, TestGetAllEnergyConsumed) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
std::vector<EnergyConsumerResult> results;
- ASSERT_TRUE(powerstats->getEnergyConsumed({}, &results).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed({}, &results));
testMatching(consumers, &EnergyConsumer::id, results, &EnergyConsumerResult::id);
}
@@ -367,7 +383,7 @@
// Energy consumed must return data for each selected energy consumer
TEST_P(PowerStatsAidl, TestGetSelectedEnergyConsumed) {
std::vector<EnergyConsumer> consumers;
- ASSERT_TRUE(powerstats->getEnergyConsumerInfo(&consumers).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumerInfo(&consumers));
if (consumers.empty()) {
return;
}
@@ -379,7 +395,7 @@
}
std::vector<EnergyConsumerResult> selectedResults;
- ASSERT_TRUE(powerstats->getEnergyConsumed(selectedIds, &selectedResults).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed(selectedIds, &selectedResults));
testMatching(selectedConsumers, &EnergyConsumer::id, selectedResults,
&EnergyConsumerResult::id);
@@ -388,7 +404,7 @@
// Energy consumed attribution uids must be unique for a given energy consumer
TEST_P(PowerStatsAidl, ValidateEnergyConsumerAttributionUniqueUids) {
std::vector<EnergyConsumerResult> results;
- ASSERT_TRUE(powerstats->getEnergyConsumed({}, &results).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed({}, &results));
for (auto result : results) {
testUnique(result.attribution, &EnergyConsumerAttribution::uid);
@@ -398,7 +414,7 @@
// Energy consumed total energy >= sum total of uid-attributed energy
TEST_P(PowerStatsAidl, TestGetEnergyConsumedAttributedEnergy) {
std::vector<EnergyConsumerResult> results;
- ASSERT_TRUE(powerstats->getEnergyConsumed({}, &results).isOk());
+ ASSERT_OK(powerstats->getEnergyConsumed({}, &results));
for (auto result : results) {
int64_t totalAttributedEnergyUWs = 0;
diff --git a/security/keymint/aidl/Android.bp b/security/keymint/aidl/Android.bp
index 6766d99..0c11f3b 100644
--- a/security/keymint/aidl/Android.bp
+++ b/security/keymint/aidl/Android.bp
@@ -26,6 +26,7 @@
vndk: {
enabled: true,
},
+ apps_enabled: false,
},
rust: {
enabled: true,
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
index 4f6fb28..bf30999 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -33,7 +33,7 @@
package android.hardware.security.keymint;
/* @hide */
-@VintfStability
+@SensitiveData @VintfStability
interface IKeyMintDevice {
android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo();
void addRngEntropy(in byte[] data);
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
index 5ac2b4a..4ab4ffe 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
@@ -33,7 +33,7 @@
package android.hardware.security.keymint;
/* @hide */
-@VintfStability
+@SensitiveData @VintfStability
interface IKeyMintOperation {
void updateAad(in byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken timeStampToken);
byte[] update(in byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken timeStampToken);
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 5aa3070..1c503c2 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -214,6 +214,7 @@
* @hide
*/
@VintfStability
+@SensitiveData
interface IKeyMintDevice {
const int AUTH_TOKEN_MAC_LENGTH = 32;
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
index 5ad54cd..d2a993f 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
@@ -22,6 +22,7 @@
/** @hide */
@VintfStability
+@SensitiveData
interface IKeyMintOperation {
/**
* Provides additional authentication data (AAD) to a cryptographic operation begun with
diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp
index c1affa6..6c7309e 100644
--- a/security/keymint/aidl/vts/functional/Android.bp
+++ b/security/keymint/aidl/vts/functional/Android.bp
@@ -43,6 +43,8 @@
"android.hardware.security.keymint-V1-ndk_platform",
"android.hardware.security.secureclock-V1-ndk_platform",
"libcppbor_external",
+ "libcppcose",
+ "libkeymint_remote_prov_support",
"libkeymint_vts_test_utils",
],
test_suites: [
@@ -73,6 +75,9 @@
"android.hardware.security.keymint-V1-ndk_platform",
"android.hardware.security.secureclock-V1-ndk_platform",
"libcppbor_external",
+ "libcppcose",
+ "libgmock_ndk",
+ "libkeymint_remote_prov_support",
],
}
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index ce6f67a..3da0484 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -22,8 +22,12 @@
#include <android-base/logging.h>
#include <android/binder_manager.h>
+#include <cppbor_parse.h>
+#include <cppcose/cppcose.h>
#include <cutils/properties.h>
+#include <gmock/gmock.h>
#include <openssl/mem.h>
+#include <remote_prov/remote_prov_utils.h>
#include <keymint_support/attestation_record.h>
#include <keymint_support/key_param_output.h>
@@ -32,6 +36,7 @@
namespace aidl::android::hardware::security::keymint {
+using namespace cppcose;
using namespace std::literals::chrono_literals;
using std::endl;
using std::optional;
@@ -39,6 +44,7 @@
using ::testing::AssertionFailure;
using ::testing::AssertionResult;
using ::testing::AssertionSuccess;
+using ::testing::MatchesRegex;
::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
if (set.size() == 0)
@@ -897,7 +903,7 @@
if (att_hw_enforced[i].tag == TAG_BOOT_PATCHLEVEL ||
att_hw_enforced[i].tag == TAG_VENDOR_PATCHLEVEL) {
std::string date =
- std::to_string(att_hw_enforced[i].value.get<KeyParameterValue::dateTime>());
+ std::to_string(att_hw_enforced[i].value.get<KeyParameterValue::integer>());
// strptime seems to require delimiters, but the tag value will
// be YYYYMMDD
date.insert(6, "-");
@@ -1118,6 +1124,121 @@
return retval;
}
+namespace {
+
+void check_cose_key(const vector<uint8_t>& data, bool testMode) {
+ auto [parsedPayload, __, payloadParseErr] = cppbor::parse(data);
+ ASSERT_TRUE(parsedPayload) << "Key parse failed: " << payloadParseErr;
+
+ // The following check assumes that canonical CBOR encoding is used for the COSE_Key.
+ if (testMode) {
+ EXPECT_THAT(cppbor::prettyPrint(parsedPayload.get()),
+ MatchesRegex("{\n"
+ " 1 : 2,\n" // kty: EC2
+ " 3 : -7,\n" // alg: ES256
+ " -1 : 1,\n" // EC id: P256
+ // The regex {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}} matches a
+ // sequence of 32 hexadecimal bytes, enclosed in braces and
+ // separated by commas. In this case, some Ed25519 public key.
+ " -2 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_x: data
+ " -3 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_y: data
+ " -70000 : null,\n" // test marker
+ "}"));
+ } else {
+ EXPECT_THAT(cppbor::prettyPrint(parsedPayload.get()),
+ MatchesRegex("{\n"
+ " 1 : 2,\n" // kty: EC2
+ " 3 : -7,\n" // alg: ES256
+ " -1 : 1,\n" // EC id: P256
+ // The regex {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}} matches a
+ // sequence of 32 hexadecimal bytes, enclosed in braces and
+ // separated by commas. In this case, some Ed25519 public key.
+ " -2 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_x: data
+ " -3 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_y: data
+ "}"));
+ }
+}
+
+} // namespace
+
+void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
+ vector<uint8_t>* payload_value) {
+ auto [coseMac0, _, mac0ParseErr] = cppbor::parse(macedPubKey.macedKey);
+ ASSERT_TRUE(coseMac0) << "COSE Mac0 parse failed " << mac0ParseErr;
+
+ ASSERT_NE(coseMac0->asArray(), nullptr);
+ ASSERT_EQ(coseMac0->asArray()->size(), kCoseMac0EntryCount);
+
+ auto protParms = coseMac0->asArray()->get(kCoseMac0ProtectedParams)->asBstr();
+ ASSERT_NE(protParms, nullptr);
+
+ // Header label:value of 'alg': HMAC-256
+ ASSERT_EQ(cppbor::prettyPrint(protParms->value()), "{\n 1 : 5,\n}");
+
+ auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
+ ASSERT_NE(unprotParms, nullptr);
+ ASSERT_EQ(unprotParms->size(), 0);
+
+ // The payload is a bstr holding an encoded COSE_Key
+ auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
+ ASSERT_NE(payload, nullptr);
+ check_cose_key(payload->value(), testMode);
+
+ auto coseMac0Tag = coseMac0->asArray()->get(kCoseMac0Tag)->asBstr();
+ ASSERT_TRUE(coseMac0Tag);
+ auto extractedTag = coseMac0Tag->value();
+ EXPECT_EQ(extractedTag.size(), 32U);
+
+ // Compare with tag generated with kTestMacKey. Should only match in test mode
+ auto testTag = cppcose::generateCoseMac0Mac(remote_prov::kTestMacKey, {} /* external_aad */,
+ payload->value());
+ ASSERT_TRUE(testTag) << "Tag calculation failed: " << testTag.message();
+
+ if (testMode) {
+ EXPECT_EQ(*testTag, extractedTag);
+ } else {
+ EXPECT_NE(*testTag, extractedTag);
+ }
+ if (payload_value != nullptr) {
+ *payload_value = payload->value();
+ }
+}
+
+void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey) {
+ // Extract x and y affine coordinates from the encoded Cose_Key.
+ auto [parsedPayload, __, payloadParseErr] = cppbor::parse(coseKeyData);
+ ASSERT_TRUE(parsedPayload) << "Key parse failed: " << payloadParseErr;
+ auto coseKey = parsedPayload->asMap();
+ const std::unique_ptr<cppbor::Item>& xItem = coseKey->get(cppcose::CoseKey::PUBKEY_X);
+ ASSERT_NE(xItem->asBstr(), nullptr);
+ vector<uint8_t> x = xItem->asBstr()->value();
+ const std::unique_ptr<cppbor::Item>& yItem = coseKey->get(cppcose::CoseKey::PUBKEY_Y);
+ ASSERT_NE(yItem->asBstr(), nullptr);
+ vector<uint8_t> y = yItem->asBstr()->value();
+
+ // Concatenate: 0x04 (uncompressed form marker) | x | y
+ vector<uint8_t> pubKeyData{0x04};
+ pubKeyData.insert(pubKeyData.end(), x.begin(), x.end());
+ pubKeyData.insert(pubKeyData.end(), y.begin(), y.end());
+
+ EC_KEY_Ptr ecKey = EC_KEY_Ptr(EC_KEY_new());
+ ASSERT_NE(ecKey, nullptr);
+ EC_GROUP_Ptr group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+ ASSERT_NE(group, nullptr);
+ ASSERT_EQ(EC_KEY_set_group(ecKey.get(), group.get()), 1);
+ EC_POINT_Ptr point = EC_POINT_Ptr(EC_POINT_new(group.get()));
+ ASSERT_NE(point, nullptr);
+ ASSERT_EQ(EC_POINT_oct2point(group.get(), point.get(), pubKeyData.data(), pubKeyData.size(),
+ nullptr),
+ 1);
+ ASSERT_EQ(EC_KEY_set_public_key(ecKey.get(), point.get()), 1);
+
+ EVP_PKEY_Ptr pubKey = EVP_PKEY_Ptr(EVP_PKEY_new());
+ ASSERT_NE(pubKey, nullptr);
+ EVP_PKEY_assign_EC_KEY(pubKey.get(), ecKey.release());
+ *signingKey = std::move(pubKey);
+}
+
} // namespace test
} // namespace aidl::android::hardware::security::keymint
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 4d97ea9..da174ce 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -25,6 +25,7 @@
#include <aidl/android/hardware/security/keymint/ErrorCode.h>
#include <aidl/android/hardware/security/keymint/IKeyMintDevice.h>
+#include <aidl/android/hardware/security/keymint/MacedPublicKey.h>
#include <keymint_support/authorization_set.h>
#include <keymint_support/openssl_utils.h>
@@ -277,6 +278,10 @@
string bin2hex(const vector<uint8_t>& data);
X509_Ptr parse_cert_blob(const vector<uint8_t>& blob);
vector<uint8_t> make_name_from_str(const string& name);
+void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
+ vector<uint8_t>* payload_value);
+void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey);
+
AuthorizationSet HwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
AuthorizationSet SwEnforcedAuthorizations(const vector<KeyCharacteristics>& key_characteristics);
::testing::AssertionResult ChainSignaturesAreValid(const vector<Certificate>& chain);
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 7ecfa37..d5308dc 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -27,6 +27,9 @@
#include <cutils/properties.h>
+#include <android/binder_manager.h>
+
+#include <aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.h>
#include <aidl/android/hardware/security/keymint/KeyFormat.h>
#include <keymint_support/key_param_output.h>
@@ -209,6 +212,32 @@
string to_string() const { return string(reinterpret_cast<const char*>(data()), size()); }
};
+string device_suffix(const string& name) {
+ size_t pos = name.find('/');
+ if (pos == string::npos) {
+ return name;
+ }
+ return name.substr(pos + 1);
+}
+
+bool matching_rp_instance(const string& km_name,
+ std::shared_ptr<IRemotelyProvisionedComponent>* rp) {
+ string km_suffix = device_suffix(km_name);
+
+ vector<string> rp_names =
+ ::android::getAidlHalInstanceNames(IRemotelyProvisionedComponent::descriptor);
+ for (const string& rp_name : rp_names) {
+ // If the suffix of the RemotelyProvisionedComponent instance equals the suffix of the
+ // KeyMint instance, assume they match.
+ if (device_suffix(rp_name) == km_suffix && AServiceManager_isDeclared(rp_name.c_str())) {
+ ::ndk::SpAIBinder binder(AServiceManager_waitForService(rp_name.c_str()));
+ *rp = IRemotelyProvisionedComponent::fromBinder(binder);
+ return true;
+ }
+ }
+ return false;
+}
+
} // namespace
class NewKeyGenerationTest : public KeyMintAidlTestBase {
@@ -322,6 +351,77 @@
}
/*
+ * NewKeyGenerationTest.RsaWithRpkAttestation
+ *
+ * Verifies that keymint can generate all required RSA key sizes, using an attestation key
+ * that has been generated using an associate IRemotelyProvisionedComponent.
+ */
+TEST_P(NewKeyGenerationTest, RsaWithRpkAttestation) {
+ // There should be an IRemotelyProvisionedComponent instance associated with the KeyMint
+ // instance.
+ std::shared_ptr<IRemotelyProvisionedComponent> rp;
+ ASSERT_TRUE(matching_rp_instance(GetParam(), &rp))
+ << "No IRemotelyProvisionedComponent found that matches KeyMint device " << GetParam();
+
+ // Generate a P-256 keypair to use as an attestation key.
+ MacedPublicKey macedPubKey;
+ std::vector<uint8_t> privateKeyBlob;
+ auto status =
+ rp->generateEcdsaP256KeyPair(/* testMode= */ false, &macedPubKey, &privateKeyBlob);
+ ASSERT_TRUE(status.isOk());
+ vector<uint8_t> coseKeyData;
+ check_maced_pubkey(macedPubKey, /* testMode= */ false, &coseKeyData);
+
+ AttestationKey attestation_key;
+ attestation_key.keyBlob = std::move(privateKeyBlob);
+ attestation_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
+
+ for (auto key_size : ValidKeySizes(Algorithm::RSA)) {
+ auto challenge = "hello";
+ auto app_id = "foo";
+
+ vector<uint8_t> key_blob;
+ vector<KeyCharacteristics> key_characteristics;
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .RsaSigningKey(key_size, 65537)
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .AttestationChallenge(challenge)
+ .AttestationApplicationId(app_id)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
+ attestation_key, &key_blob, &key_characteristics, &cert_chain_));
+
+ ASSERT_GT(key_blob.size(), 0U);
+ CheckBaseParams(key_characteristics);
+
+ AuthorizationSet crypto_params = SecLevelAuthorizations(key_characteristics);
+
+ EXPECT_TRUE(crypto_params.Contains(TAG_ALGORITHM, Algorithm::RSA));
+ EXPECT_TRUE(crypto_params.Contains(TAG_KEY_SIZE, key_size))
+ << "Key size " << key_size << "missing";
+ EXPECT_TRUE(crypto_params.Contains(TAG_RSA_PUBLIC_EXPONENT, 65537U));
+
+ // Attestation by itself is not valid (last entry is not self-signed).
+ EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_));
+
+ // The signature over the attested key should correspond to the P256 public key.
+ X509_Ptr key_cert(parse_cert_blob(cert_chain_[0].encodedCertificate));
+ ASSERT_TRUE(key_cert.get());
+ EVP_PKEY_Ptr signing_pubkey;
+ p256_pub_key(coseKeyData, &signing_pubkey);
+ ASSERT_TRUE(signing_pubkey.get());
+
+ ASSERT_TRUE(X509_verify(key_cert.get(), signing_pubkey.get()))
+ << "Verification of attested certificate failed "
+ << "OpenSSL error string: " << ERR_error_string(ERR_get_error(), NULL);
+
+ CheckedDeleteKey(&key_blob);
+ }
+}
+
+/*
* NewKeyGenerationTest.LimitedUsageRsa
*
* Verifies that KeyMint can generate all required RSA key sizes with limited usage, and that the
diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 57bc27a..9e52b20 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -55,117 +55,6 @@
return bytevec(p, p + strlen(s));
}
-void p256_pub_key(const vector<uint8_t>& coseKeyData, EVP_PKEY_Ptr* signingKey) {
- // Extract x and y affine coordinates from the encoded Cose_Key.
- auto [parsedPayload, __, payloadParseErr] = cppbor::parse(coseKeyData);
- ASSERT_TRUE(parsedPayload) << "Key parse failed: " << payloadParseErr;
- auto coseKey = parsedPayload->asMap();
- const std::unique_ptr<cppbor::Item>& xItem = coseKey->get(cppcose::CoseKey::PUBKEY_X);
- ASSERT_NE(xItem->asBstr(), nullptr);
- vector<uint8_t> x = xItem->asBstr()->value();
- const std::unique_ptr<cppbor::Item>& yItem = coseKey->get(cppcose::CoseKey::PUBKEY_Y);
- ASSERT_NE(yItem->asBstr(), nullptr);
- vector<uint8_t> y = yItem->asBstr()->value();
-
- // Concatenate: 0x04 (uncompressed form marker) | x | y
- vector<uint8_t> pubKeyData{0x04};
- pubKeyData.insert(pubKeyData.end(), x.begin(), x.end());
- pubKeyData.insert(pubKeyData.end(), y.begin(), y.end());
-
- EC_KEY_Ptr ecKey = EC_KEY_Ptr(EC_KEY_new());
- ASSERT_NE(ecKey, nullptr);
- EC_GROUP_Ptr group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
- ASSERT_NE(group, nullptr);
- ASSERT_EQ(EC_KEY_set_group(ecKey.get(), group.get()), 1);
- EC_POINT_Ptr point = EC_POINT_Ptr(EC_POINT_new(group.get()));
- ASSERT_NE(point, nullptr);
- ASSERT_EQ(EC_POINT_oct2point(group.get(), point.get(), pubKeyData.data(), pubKeyData.size(),
- nullptr),
- 1);
- ASSERT_EQ(EC_KEY_set_public_key(ecKey.get(), point.get()), 1);
-
- EVP_PKEY_Ptr pubKey = EVP_PKEY_Ptr(EVP_PKEY_new());
- ASSERT_NE(pubKey, nullptr);
- EVP_PKEY_assign_EC_KEY(pubKey.get(), ecKey.release());
- *signingKey = std::move(pubKey);
-}
-
-void check_cose_key(const vector<uint8_t>& data, bool testMode) {
- auto [parsedPayload, __, payloadParseErr] = cppbor::parse(data);
- ASSERT_TRUE(parsedPayload) << "Key parse failed: " << payloadParseErr;
-
- // The following check assumes that canonical CBOR encoding is used for the COSE_Key.
- if (testMode) {
- EXPECT_THAT(cppbor::prettyPrint(parsedPayload.get()),
- MatchesRegex("{\n"
- " 1 : 2,\n" // kty: EC2
- " 3 : -7,\n" // alg: ES256
- " -1 : 1,\n" // EC id: P256
- // The regex {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}} matches a
- // sequence of 32 hexadecimal bytes, enclosed in braces and
- // separated by commas. In this case, some Ed25519 public key.
- " -2 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_x: data
- " -3 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_y: data
- " -70000 : null,\n" // test marker
- "}"));
- } else {
- EXPECT_THAT(cppbor::prettyPrint(parsedPayload.get()),
- MatchesRegex("{\n"
- " 1 : 2,\n" // kty: EC2
- " 3 : -7,\n" // alg: ES256
- " -1 : 1,\n" // EC id: P256
- // The regex {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}} matches a
- // sequence of 32 hexadecimal bytes, enclosed in braces and
- // separated by commas. In this case, some Ed25519 public key.
- " -2 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_x: data
- " -3 : {(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}},\n" // pub_y: data
- "}"));
- }
-}
-
-void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
- vector<uint8_t>* payload_value) {
- auto [coseMac0, _, mac0ParseErr] = cppbor::parse(macedPubKey.macedKey);
- ASSERT_TRUE(coseMac0) << "COSE Mac0 parse failed " << mac0ParseErr;
-
- ASSERT_NE(coseMac0->asArray(), nullptr);
- ASSERT_EQ(coseMac0->asArray()->size(), kCoseMac0EntryCount);
-
- auto protParms = coseMac0->asArray()->get(kCoseMac0ProtectedParams)->asBstr();
- ASSERT_NE(protParms, nullptr);
-
- // Header label:value of 'alg': HMAC-256
- ASSERT_EQ(cppbor::prettyPrint(protParms->value()), "{\n 1 : 5,\n}");
-
- auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
- ASSERT_NE(unprotParms, nullptr);
- ASSERT_EQ(unprotParms->size(), 0);
-
- // The payload is a bstr holding an encoded COSE_Key
- auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
- ASSERT_NE(payload, nullptr);
- check_cose_key(payload->value(), testMode);
-
- auto coseMac0Tag = coseMac0->asArray()->get(kCoseMac0Tag)->asBstr();
- ASSERT_TRUE(coseMac0Tag);
- auto extractedTag = coseMac0Tag->value();
- EXPECT_EQ(extractedTag.size(), 32U);
-
- // Compare with tag generated with kTestMacKey. Should only match in test mode
- auto testTag = cppcose::generateCoseMac0Mac(remote_prov::kTestMacKey, {} /* external_aad */,
- payload->value());
- ASSERT_TRUE(testTag) << "Tag calculation failed: " << testTag.message();
-
- if (testMode) {
- EXPECT_EQ(*testTag, extractedTag);
- } else {
- EXPECT_NE(*testTag, extractedTag);
- }
- if (payload_value != nullptr) {
- *payload_value = payload->value();
- }
-}
-
ErrMsgOr<MacedPublicKey> corrupt_maced_key(const MacedPublicKey& macedPubKey) {
auto [coseMac0, _, mac0ParseErr] = cppbor::parse(macedPubKey.macedKey);
if (!coseMac0 || coseMac0->asArray()->size() != kCoseMac0EntryCount) {
diff --git a/security/keymint/support/Android.bp b/security/keymint/support/Android.bp
index fe04ede..4c4258b 100644
--- a/security/keymint/support/Android.bp
+++ b/security/keymint/support/Android.bp
@@ -66,6 +66,7 @@
cc_library {
name: "libcppcose",
vendor_available: true,
+ host_supported: true,
srcs: [
"cppcose.cpp",
],
@@ -73,13 +74,8 @@
"include",
],
shared_libs: [
- "libbinder_ndk",
"libcppbor_external",
"libcrypto",
"liblog",
],
- static_libs: [
- // TODO(swillden): Remove keymint NDK
- "android.hardware.security.keymint-V1-ndk_platform",
- ],
}
diff --git a/sensors/2.1/default/SensorsV2_1.cpp b/sensors/2.1/default/SensorsV2_1.cpp
index 4c5386a..06446a2 100644
--- a/sensors/2.1/default/SensorsV2_1.cpp
+++ b/sensors/2.1/default/SensorsV2_1.cpp
@@ -46,7 +46,8 @@
mSensorInfo.fifoMaxEventCount = 0;
mSensorInfo.requiredPermission = "";
mSensorInfo.flags = static_cast<uint32_t>(V1_0::SensorFlagBits::ON_CHANGE_MODE |
- V1_0::SensorFlagBits::WAKE_UP);
+ V1_0::SensorFlagBits::WAKE_UP |
+ V1_0::SensorFlagBits::DATA_INJECTION);
}
};
diff --git a/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/IWeaver.aidl b/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/IWeaver.aidl
index 29bd9a9..61627d9 100644
--- a/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/IWeaver.aidl
+++ b/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/IWeaver.aidl
@@ -12,7 +12,8 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *////////////////////////////////////////////////////////////////////////////////
+ */
+///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
@@ -37,6 +38,6 @@
android.hardware.weaver.WeaverReadResponse read(in int slotId, in byte[] key);
void write(in int slotId, in byte[] key, in byte[] value);
const int STATUS_FAILED = 1;
- const int INCORRECT_KEY = 2;
- const int THROTTLE = 3;
+ const int STATUS_INCORRECT_KEY = 2;
+ const int STATUS_THROTTLE = 3;
}
diff --git a/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/WeaverConfig.aidl b/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/WeaverConfig.aidl
index 239cdac..7491f32 100644
--- a/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/WeaverConfig.aidl
+++ b/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/WeaverConfig.aidl
@@ -12,7 +12,8 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *////////////////////////////////////////////////////////////////////////////////
+ */
+///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
@@ -33,7 +34,7 @@
package android.hardware.weaver;
@VintfStability
parcelable WeaverConfig {
- long slots;
- long keySize;
- long valueSize;
+ int slots;
+ int keySize;
+ int valueSize;
}
diff --git a/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/WeaverReadResponse.aidl b/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/WeaverReadResponse.aidl
index 7e5db59..47ee4c8 100644
--- a/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/WeaverReadResponse.aidl
+++ b/weaver/aidl/aidl_api/android.hardware.weaver/current/android/hardware/weaver/WeaverReadResponse.aidl
@@ -12,7 +12,8 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *////////////////////////////////////////////////////////////////////////////////
+ */
+///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
diff --git a/weaver/aidl/android/hardware/weaver/IWeaver.aidl b/weaver/aidl/android/hardware/weaver/IWeaver.aidl
index ebbfabe..f51034a 100644
--- a/weaver/aidl/android/hardware/weaver/IWeaver.aidl
+++ b/weaver/aidl/android/hardware/weaver/IWeaver.aidl
@@ -46,8 +46,8 @@
* Read binder calls may return a ServiceSpecificException with the following error codes.
*/
const int STATUS_FAILED = 1;
- const int INCORRECT_KEY = 2;
- const int THROTTLE = 3;
+ const int STATUS_INCORRECT_KEY = 2;
+ const int STATUS_THROTTLE = 3;
/**
* Attempts to retrieve the value stored in the identified slot.
diff --git a/weaver/aidl/android/hardware/weaver/WeaverConfig.aidl b/weaver/aidl/android/hardware/weaver/WeaverConfig.aidl
index 75d961e..a156a7b 100644
--- a/weaver/aidl/android/hardware/weaver/WeaverConfig.aidl
+++ b/weaver/aidl/android/hardware/weaver/WeaverConfig.aidl
@@ -21,14 +21,14 @@
/**
* The number of slots available.
*/
- long slots;
+ int slots;
/**
* The number of bytes used for a key.
*/
- long keySize;
+ int keySize;
/**
* The number of bytes used for a value.
*/
- long valueSize;
+ int valueSize;
}
diff --git a/weaver/aidl/vts/VtsHalWeaverTargetTest.cpp b/weaver/aidl/vts/VtsHalWeaverTargetTest.cpp
index 7d8daa2..878c762 100644
--- a/weaver/aidl/vts/VtsHalWeaverTargetTest.cpp
+++ b/weaver/aidl/vts/VtsHalWeaverTargetTest.cpp
@@ -156,7 +156,7 @@
ASSERT_FALSE(readRet.isOk());
ASSERT_EQ(EX_SERVICE_SPECIFIC, readRet.getExceptionCode());
- ASSERT_EQ(IWeaver::INCORRECT_KEY, readRet.getServiceSpecificError());
+ ASSERT_EQ(IWeaver::STATUS_INCORRECT_KEY, readRet.getServiceSpecificError());
EXPECT_TRUE(readValue.empty());
}