Handle software keymaster implementations.
am: 1404b6e8b0
Change-Id: Ia054c30244e989cf60e3abb81304ed9fed0b2fbf
diff --git a/audio/common/all-versions/default/service/android.hardware.audio@2.0-service.rc b/audio/common/all-versions/default/service/android.hardware.audio@2.0-service.rc
index 8217b94..6e91bcc 100644
--- a/audio/common/all-versions/default/service/android.hardware.audio@2.0-service.rc
+++ b/audio/common/all-versions/default/service/android.hardware.audio@2.0-service.rc
@@ -2,7 +2,8 @@
class hal
user audioserver
# media gid needed for /dev/fm (radio) and for /data/misc/media (tee)
- group audio camera drmrpc inet media mediadrm net_bt net_bt_admin net_bw_acct
+ group audio camera drmrpc inet media mediadrm net_bt net_bt_admin net_bw_acct wakelock
+ capabilities BLOCK_SUSPEND
ioprio rt 4
writepid /dev/cpuset/foreground/tasks /dev/stune/foreground/tasks
# audioflinger restarts itself when it loses connection with the hal
diff --git a/audio/core/4.0/vts/functional/AudioPrimaryHidlHalTest.cpp b/audio/core/4.0/vts/functional/AudioPrimaryHidlHalTest.cpp
index dab9f7c..9c9b749 100644
--- a/audio/core/4.0/vts/functional/AudioPrimaryHidlHalTest.cpp
+++ b/audio/core/4.0/vts/functional/AudioPrimaryHidlHalTest.cpp
@@ -106,7 +106,10 @@
static auto okOrNotSupported = {Result::OK, Result::NOT_SUPPORTED};
static auto okOrNotSupportedOrInvalidArgs = {Result::OK, Result::NOT_SUPPORTED,
Result::INVALID_ARGUMENTS};
+static auto okOrInvalidStateOrNotSupported = {Result::OK, Result::INVALID_STATE,
+ Result::NOT_SUPPORTED};
static auto invalidArgsOrNotSupported = {Result::INVALID_ARGUMENTS, Result::NOT_SUPPORTED};
+static auto invalidStateOrNotSupported = {Result::INVALID_STATE, Result::NOT_SUPPORTED};
class AudioHidlTestEnvironment : public ::Environment {
public:
@@ -555,11 +558,11 @@
address.device = deviceType;
auto ret = device->setConnectedState(address, state);
ASSERT_TRUE(ret.isOk());
- if (res == Result::NOT_SUPPORTED) {
+ if (ret == Result::NOT_SUPPORTED) {
doc::partialTest("setConnectedState is not supported");
return;
}
- ASSERT_OK(res);
+ ASSERT_OK(ret);
}
}
}
@@ -949,8 +952,6 @@
TEST_IO_STREAM(standby, "Make sure the stream can be put in stanby",
ASSERT_OK(stream->standby())) // can not fail
-static constexpr auto invalidStateOrNotSupported = {Result::INVALID_STATE, Result::NOT_SUPPORTED};
-
TEST_IO_STREAM(startNoMmap, "Starting a mmaped stream before mapping it should fail",
ASSERT_RESULT(invalidStateOrNotSupported, stream->start()))
@@ -1070,11 +1071,15 @@
TEST_P(InputStreamTest, getCapturePosition) {
doc::test(
"The capture position of a non prepared stream should not be "
- "retrievable");
+ "retrievable or 0");
uint64_t frames;
uint64_t time;
ASSERT_OK(stream->getCapturePosition(returnIn(res, frames, time)));
- ASSERT_RESULT(invalidStateOrNotSupported, res);
+ ASSERT_RESULT(okOrInvalidStateOrNotSupported, res);
+ if (res == Result::OK) {
+ ASSERT_EQ(0U, frames);
+ ASSERT_LE(0U, time);
+ }
}
TEST_P(InputStreamTest, updateSinkMetadata) {
diff --git a/audio/effect/2.0/xml/audio_effects_conf_V2_0.xsd b/audio/effect/2.0/xml/audio_effects_conf_V2_0.xsd
index ca6a7dc..df281b3 100644
--- a/audio/effect/2.0/xml/audio_effects_conf_V2_0.xsd
+++ b/audio/effect/2.0/xml/audio_effects_conf_V2_0.xsd
@@ -234,7 +234,7 @@
<xs:field xpath="@library"/>
</xs:keyref>
<xs:key name="effectName">
- <xs:selector xpath="aec:effects/aec:effect"/>
+ <xs:selector xpath="aec:effects/aec:effect|aec:effects/aec:effectProxy"/>
<xs:field xpath="@name"/>
</xs:key>
<xs:keyref name="effectNamePreRef" refer="aec:effectName">
diff --git a/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp b/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
index 95c7167..1a245c4 100644
--- a/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
+++ b/camera/provider/2.4/vts/functional/VtsHalCameraProviderV2_4TargetTest.cpp
@@ -87,7 +87,6 @@
using ::android::hardware::camera::device::V3_2::BufferCache;
using ::android::hardware::camera::device::V3_2::CaptureRequest;
using ::android::hardware::camera::device::V3_2::CaptureResult;
-using ::android::hardware::camera::device::V3_2::ICameraDeviceCallback;
using ::android::hardware::camera::device::V3_2::ICameraDeviceSession;
using ::android::hardware::camera::device::V3_2::NotifyMsg;
using ::android::hardware::camera::device::V3_2::RequestTemplate;
@@ -532,7 +531,7 @@
hidl_vec<hidl_string> getCameraDeviceNames(sp<ICameraProvider> provider);
- struct EmptyDeviceCb : public ICameraDeviceCallback {
+ struct EmptyDeviceCb : public V3_4::ICameraDeviceCallback {
virtual Return<void> processCaptureResult(
const hidl_vec<CaptureResult>& /*results*/) override {
ALOGI("processCaptureResult callback");
@@ -540,6 +539,13 @@
return Void();
}
+ virtual Return<void> processCaptureResult_3_4(
+ const hidl_vec<V3_4::CaptureResult>& /*results*/) override {
+ ALOGI("processCaptureResult_3_4 callback");
+ ADD_FAILURE(); // Empty callback should not reach here
+ return Void();
+ }
+
virtual Return<void> notify(const hidl_vec<NotifyMsg>& /*msgs*/) override {
ALOGI("notify callback");
ADD_FAILURE(); // Empty callback should not reach here
@@ -3643,6 +3649,7 @@
static_cast<int32_t>(PixelFormat::IMPLEMENTATION_DEFINED)};
uint64_t bufferId = 1;
uint32_t frameNumber = 1;
+ float isoTol = .03f;
::android::hardware::hidl_vec<uint8_t> settings;
for (const auto& name : cameraDeviceNames) {
@@ -3772,7 +3779,8 @@
ASSERT_TRUE(inflightReqs[i].collectedResult.exists(ANDROID_SENSOR_SENSITIVITY));
camera_metadata_entry_t isoResult = inflightReqs[i].collectedResult.find(
ANDROID_SENSOR_SENSITIVITY);
- ASSERT_TRUE(isoResult.data.i32[0] == isoValues[i]);
+ ASSERT_TRUE(std::abs(isoResult.data.i32[0] - isoValues[i]) <=
+ std::round(isoValues[i]*isoTol));
}
ret = session->close();
diff --git a/current.txt b/current.txt
index 3b23392..94c80fa 100644
--- a/current.txt
+++ b/current.txt
@@ -335,7 +335,7 @@
675682dd3007805c985eaaec91612abc88f4c25b3431fb84070b7584a1a741fb android.hardware.health@2.0::IHealth
434c4c32c00b0e54bb05e40c79503208b40f786a318029a2a4f66e34f10f2a76 android.hardware.health@2.0::IHealthInfoCallback
c9e498f1ade5e26f00d290b4763a9671ec6720f915e7d592844b62e8cb1f9b5c android.hardware.health@2.0::types
-201f9723353fdbd40bf3705537fb7e015e4c399879425e68688fe0f43606ea4d android.hardware.keymaster@4.0::IKeymasterDevice
+6122abe9bc2e7868463d3787db2991c1e47cc01fe3e4cfb7293c5ba421ff8ad9 android.hardware.keymaster@4.0::IKeymasterDevice
1b7d2090c0a28b229d37c4b96160796b1f0d703950ac6ccc163fccd280830503 android.hardware.keymaster@4.0::types
6d5c646a83538f0f9d8438c259932509f4353410c6c76e56db0d6ca98b69c3bb android.hardware.media.bufferpool@1.0::IAccessor
b8c7ed58aa8740361e63d0ce9e7c94227572a629f356958840b34809d2393a7c android.hardware.media.bufferpool@1.0::IClientManager
diff --git a/gnss/1.0/vts/functional/VtsHalGnssV1_0TargetTest.cpp b/gnss/1.0/vts/functional/VtsHalGnssV1_0TargetTest.cpp
index 010a46d..c26f60a 100644
--- a/gnss/1.0/vts/functional/VtsHalGnssV1_0TargetTest.cpp
+++ b/gnss/1.0/vts/functional/VtsHalGnssV1_0TargetTest.cpp
@@ -404,7 +404,11 @@
ASSERT_TRUE(result.isOk());
EXPECT_TRUE(result);
- auto resultVoid = gnss_hal_->deleteAidingData(IGnss::GnssAidingData::DELETE_ALL);
+ auto resultVoid = gnss_hal_->deleteAidingData(IGnss::GnssAidingData::DELETE_POSITION);
+
+ ASSERT_TRUE(resultVoid.isOk());
+
+ resultVoid = gnss_hal_->deleteAidingData(IGnss::GnssAidingData::DELETE_TIME);
ASSERT_TRUE(resultVoid.isOk());
@@ -472,6 +476,16 @@
}
}
+/*
+ * SchedulingCapabilities:
+ * Verifies that 2018+ hardware supports Scheduling capabilities.
+ */
+TEST_F(GnssHalTest, SchedulingCapabilities) {
+ if (info_called_count_ > 0 && last_info_.yearOfHw >= 2018) {
+ EXPECT_TRUE(last_capabilities_ & IGnssCallback::Capabilities::SCHEDULING);
+ }
+}
+
int main(int argc, char** argv) {
::testing::AddGlobalTestEnvironment(GnssHidlEnvironment::Instance());
::testing::InitGoogleTest(&argc, argv);
diff --git a/gnss/1.1/vts/functional/gnss_hal_test.cpp b/gnss/1.1/vts/functional/gnss_hal_test.cpp
index 46d61e5..433f5cb 100644
--- a/gnss/1.1/vts/functional/gnss_hal_test.cpp
+++ b/gnss/1.1/vts/functional/gnss_hal_test.cpp
@@ -83,6 +83,7 @@
*/
while (wait(TIMEOUT_SEC) == std::cv_status::no_timeout) {
}
+ location_called_count_ = 0;
}
void GnssHalTest::SetPositionMode(const int min_interval_msec, const bool low_power_mode) {
@@ -97,17 +98,17 @@
EXPECT_TRUE(result);
}
-bool GnssHalTest::StartAndGetSingleLocation() {
+bool GnssHalTest::StartAndCheckFirstLocation() {
auto result = gnss_hal_->start();
EXPECT_TRUE(result.isOk());
EXPECT_TRUE(result);
/*
- * GPS signals initially optional for this test, so don't expect fast fix,
- * or no timeout, unless signal is present
+ * GnssLocationProvider support of AGPS SUPL & XtraDownloader is not available in VTS,
+ * so allow time to demodulate ephemeris over the air.
*/
- const int kFirstGnssLocationTimeoutSeconds = 15;
+ const int kFirstGnssLocationTimeoutSeconds = 75;
wait(kFirstGnssLocationTimeoutSeconds);
EXPECT_EQ(location_called_count_, 1);
@@ -195,7 +196,7 @@
SetPositionMode(kMinIntervalMsec, kLowPowerMode);
- EXPECT_TRUE(StartAndGetSingleLocation());
+ EXPECT_TRUE(StartAndCheckFirstLocation());
for (int i = 1; i < count; i++) {
EXPECT_EQ(std::cv_status::no_timeout, wait(kLocationTimeoutSubsequentSec));
diff --git a/gnss/1.1/vts/functional/gnss_hal_test.h b/gnss/1.1/vts/functional/gnss_hal_test.h
index 269366a..64478b5 100644
--- a/gnss/1.1/vts/functional/gnss_hal_test.h
+++ b/gnss/1.1/vts/functional/gnss_hal_test.h
@@ -107,12 +107,15 @@
void SetUpGnssCallback();
/*
- * StartAndGetSingleLocation:
- * Helper function to get one Location and check fields
+ * StartAndCheckFirstLocation:
+ * Helper function to start location, and check the first one.
+ *
+ * <p> Note this leaves the Location request active, to enable Stop call vs. other call
+ * reordering tests.
*
* returns true if a location was successfully generated
*/
- bool StartAndGetSingleLocation();
+ bool StartAndCheckFirstLocation();
/*
* CheckLocation:
diff --git a/gnss/1.1/vts/functional/gnss_hal_test_cases.cpp b/gnss/1.1/vts/functional/gnss_hal_test_cases.cpp
index cce46f1..c9f840e 100644
--- a/gnss/1.1/vts/functional/gnss_hal_test_cases.cpp
+++ b/gnss/1.1/vts/functional/gnss_hal_test_cases.cpp
@@ -60,24 +60,46 @@
*/
TEST_F(GnssHalTest, GetLocationLowPower) {
const int kMinIntervalMsec = 5000;
- const int kLocationTimeoutSubsequentSec = (kMinIntervalMsec / 1000) + 1;
- const int kNoLocationPeriodSec = 2;
+ const int kLocationTimeoutSubsequentSec = (kMinIntervalMsec / 1000) * 2;
+ const int kNoLocationPeriodSec = (kMinIntervalMsec / 1000) / 2;
const int kLocationsToCheck = 5;
const bool kLowPowerMode = true;
+ // Warmup period - VTS doesn't have AGPS access via GnssLocationProvider
+ StartAndCheckLocations(5);
+ StopAndClearLocations();
+
+ // Start of Low Power Mode test
SetPositionMode(kMinIntervalMsec, kLowPowerMode);
- EXPECT_TRUE(StartAndGetSingleLocation());
+ // Don't expect true - as without AGPS access
+ if (!StartAndCheckFirstLocation()) {
+ ALOGW("GetLocationLowPower test - no first low power location received.");
+ }
for (int i = 1; i < kLocationsToCheck; i++) {
// Verify that kMinIntervalMsec is respected by waiting kNoLocationPeriodSec and
// ensure that no location is received yet
+
wait(kNoLocationPeriodSec);
- EXPECT_EQ(location_called_count_, i);
- EXPECT_EQ(std::cv_status::no_timeout,
- wait(kLocationTimeoutSubsequentSec - kNoLocationPeriodSec));
- EXPECT_EQ(location_called_count_, i + 1);
- CheckLocation(last_location_, true);
+ // Tolerate (ignore) one extra location right after the first one
+ // to handle startup edge case scheduling limitations in some implementations
+ if ((i == 1) && (location_called_count_ == 2)) {
+ CheckLocation(last_location_, true);
+ continue; // restart the quiet wait period after this too-fast location
+ }
+ EXPECT_LE(location_called_count_, i);
+ if (location_called_count_ != i) {
+ ALOGW("GetLocationLowPower test - not enough locations received. %d vs. %d expected ",
+ location_called_count_, i);
+ }
+
+ if (std::cv_status::no_timeout !=
+ wait(kLocationTimeoutSubsequentSec - kNoLocationPeriodSec)) {
+ ALOGW("GetLocationLowPower test - timeout awaiting location %d", i);
+ } else {
+ CheckLocation(last_location_, true);
+ }
}
StopAndClearLocations();
@@ -177,7 +199,8 @@
StartAndCheckLocations(kLocationsToAwait);
- EXPECT_GE((int)list_gnss_sv_status_.size(), kLocationsToAwait);
+ // Tolerate 1 less sv status to handle edge cases in reporting.
+ EXPECT_GE((int)list_gnss_sv_status_.size() + 1, kLocationsToAwait);
ALOGD("Observed %d GnssSvStatus, while awaiting %d Locations", (int)list_gnss_sv_status_.size(),
kLocationsToAwait);
@@ -217,7 +240,8 @@
location_called_count_ = 0;
StartAndCheckLocations(kLocationsToAwait);
- EXPECT_GE((int)list_gnss_sv_status_.size(), kLocationsToAwait);
+ // Tolerate 1 less sv status to handle edge cases in reporting.
+ EXPECT_GE((int)list_gnss_sv_status_.size() + 1, kLocationsToAwait);
ALOGD("Observed %d GnssSvStatus, while awaiting %d Locations", (int)list_gnss_sv_status_.size(),
kLocationsToAwait);
for (const auto& gnss_sv_status : list_gnss_sv_status_) {
@@ -236,13 +260,13 @@
ASSERT_TRUE(result.isOk());
EXPECT_TRUE(result);
- location_called_count_ = 0;
StopAndClearLocations();
list_gnss_sv_status_.clear();
StartAndCheckLocations(kLocationsToAwait);
- EXPECT_GE((int)list_gnss_sv_status_.size(), kLocationsToAwait);
+ // Tolerate 1 less sv status to handle edge cases in reporting.
+ EXPECT_GE((int)list_gnss_sv_status_.size() + 1, kLocationsToAwait);
ALOGD("Observed %d GnssSvStatus, while awaiting %d Locations", (int)list_gnss_sv_status_.size(),
kLocationsToAwait);
@@ -278,7 +302,8 @@
StartAndCheckLocations(kLocationsToAwait);
- EXPECT_GE((int)list_gnss_sv_status_.size(), kLocationsToAwait);
+ // Tolerate 1 less sv status to handle edge cases in reporting.
+ EXPECT_GE((int)list_gnss_sv_status_.size() + 1, kLocationsToAwait);
ALOGD("Observed %d GnssSvStatus, while awaiting %d Locations", (int)list_gnss_sv_status_.size(),
kLocationsToAwait);
@@ -328,7 +353,8 @@
location_called_count_ = 0;
StartAndCheckLocations(kLocationsToAwait);
- EXPECT_GE((int)list_gnss_sv_status_.size(), kLocationsToAwait);
+ // Tolerate 1 less sv status to handle edge cases in reporting.
+ EXPECT_GE((int)list_gnss_sv_status_.size() + 1, kLocationsToAwait);
ALOGD("Observed %d GnssSvStatus, while awaiting %d Locations", (int)list_gnss_sv_status_.size(),
kLocationsToAwait);
for (const auto& gnss_sv_status : list_gnss_sv_status_) {
@@ -353,23 +379,8 @@
* Ensure successfully injecting a location.
*/
TEST_F(GnssHalTest, InjectBestLocation) {
- GnssLocation gnssLocation = {.gnssLocationFlags = 0, // set below
- .latitudeDegrees = 43.0,
- .longitudeDegrees = -180,
- .altitudeMeters = 1000,
- .speedMetersPerSec = 0,
- .bearingDegrees = 0,
- .horizontalAccuracyMeters = 0.1,
- .verticalAccuracyMeters = 0.1,
- .speedAccuracyMetersPerSecond = 0.1,
- .bearingAccuracyDegrees = 0.1,
- .timestamp = 1534567890123L};
- gnssLocation.gnssLocationFlags |=
- GnssLocationFlags::HAS_LAT_LONG | GnssLocationFlags::HAS_ALTITUDE |
- GnssLocationFlags::HAS_SPEED | GnssLocationFlags::HAS_HORIZONTAL_ACCURACY |
- GnssLocationFlags::HAS_VERTICAL_ACCURACY | GnssLocationFlags::HAS_SPEED_ACCURACY |
- GnssLocationFlags::HAS_BEARING | GnssLocationFlags::HAS_BEARING_ACCURACY;
-
+ StartAndCheckLocations(1);
+ GnssLocation gnssLocation = last_location_;
CheckLocation(gnssLocation, true);
auto result = gnss_hal_->injectBestLocation(gnssLocation);
@@ -377,7 +388,7 @@
ASSERT_TRUE(result.isOk());
EXPECT_TRUE(result);
- auto resultVoid = gnss_hal_->deleteAidingData(IGnss::GnssAidingData::DELETE_ALL);
+ auto resultVoid = gnss_hal_->deleteAidingData(IGnss::GnssAidingData::DELETE_POSITION);
ASSERT_TRUE(resultVoid.isOk());
}
@@ -428,7 +439,7 @@
EXPECT_GE(data.position.ageSeconds, 0);
}
- EXPECT_GE(data.time.timeEstimate, 1514764800000); // Jan 01 2018 00:00:00
+ EXPECT_GE(data.time.timeEstimate, 1483228800000); // Jan 01 2017 00:00:00 GMT.
EXPECT_GT(data.time.timeUncertaintyNs, 0);
diff --git a/graphics/composer/2.2/default/android.hardware.graphics.composer@2.2-service.rc b/graphics/composer/2.2/default/android.hardware.graphics.composer@2.2-service.rc
index a41d902..efe6dad 100644
--- a/graphics/composer/2.2/default/android.hardware.graphics.composer@2.2-service.rc
+++ b/graphics/composer/2.2/default/android.hardware.graphics.composer@2.2-service.rc
@@ -4,3 +4,4 @@
group graphics drmrpc
capabilities SYS_NICE
onrestart restart surfaceflinger
+ writepid /dev/cpuset/system-background/tasks
diff --git a/keymaster/4.0/IKeymasterDevice.hal b/keymaster/4.0/IKeymasterDevice.hal
index 74d13d8..85a25c6 100644
--- a/keymaster/4.0/IKeymasterDevice.hal
+++ b/keymaster/4.0/IKeymasterDevice.hal
@@ -753,7 +753,7 @@
* attestationIdManufacturer [716] EXPLICIT OCTET_STRING OPTIONAL,
* attestationIdModel [717] EXPLICIT OCTET_STRING OPTIONAL,
* vendorPatchLevel [718] EXPLICIT INTEGER OPTIONAL,
- * bootPatchLevel [718] EXPLICIT INTEGER OPTIONAL,
+ * bootPatchLevel [719] EXPLICIT INTEGER OPTIONAL,
* }
*
* The above schema is mostly a straightforward translation of the IKeymasterDevice tag/value
diff --git a/keymaster/4.0/support/Keymaster.cpp b/keymaster/4.0/support/Keymaster.cpp
index 444298b..9325cc0 100644
--- a/keymaster/4.0/support/Keymaster.cpp
+++ b/keymaster/4.0/support/Keymaster.cpp
@@ -164,10 +164,10 @@
sharingCheck = curSharingCheck;
firstKeymaster = false;
}
- CHECK(curSharingCheck == sharingCheck)
- << "HMAC computation failed for " << *keymaster //
- << " Expected: " << sharingCheck //
- << " got: " << curSharingCheck;
+ if (curSharingCheck != sharingCheck)
+ LOG(WARNING) << "HMAC computation failed for " << *keymaster //
+ << " Expected: " << sharingCheck //
+ << " got: " << curSharingCheck;
});
CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
<< " error: " << rc.description();
diff --git a/keymaster/4.0/support/attestation_record.cpp b/keymaster/4.0/support/attestation_record.cpp
index 8f37d9c..6de0c1c 100644
--- a/keymaster/4.0/support/attestation_record.cpp
+++ b/keymaster/4.0/support/attestation_record.cpp
@@ -49,12 +49,14 @@
ASN1_OCTET_STRING* verified_boot_key;
ASN1_BOOLEAN* device_locked;
ASN1_ENUMERATED* verified_boot_state;
+ ASN1_OCTET_STRING* verified_boot_hash;
} KM_ROOT_OF_TRUST;
ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = {
ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING),
ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN),
ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED),
+ ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_hash, ASN1_OCTET_STRING),
} ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST);
IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST);
@@ -77,11 +79,16 @@
ASN1_OCTET_STRING* application_id;
ASN1_INTEGER* creation_date_time;
ASN1_INTEGER* origin;
- ASN1_NULL* rollback_resistant;
+ ASN1_NULL* rollback_resistance;
KM_ROOT_OF_TRUST* root_of_trust;
ASN1_INTEGER* os_version;
ASN1_INTEGER* os_patchlevel;
ASN1_OCTET_STRING* attestation_application_id;
+ ASN1_NULL* trusted_user_presence_required;
+ ASN1_NULL* trusted_confirmation_required;
+ ASN1_NULL* unlocked_device_required;
+ ASN1_INTEGER* vendor_patchlevel;
+ ASN1_INTEGER* boot_patchlevel;
} KM_AUTH_LIST;
ASN1_SEQUENCE(KM_AUTH_LIST) = {
@@ -93,6 +100,7 @@
ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
TAG_RSA_PUBLIC_EXPONENT.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),
@@ -102,13 +110,19 @@
ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()),
- ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, trusted_user_presence_required, ASN1_NULL,
+ TAG_TRUSTED_USER_PRESENCE_REQUIRED.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, trusted_confirmation_required, ASN1_NULL,
+ TAG_TRUSTED_CONFIRMATION_REQUIRED.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, unlocked_device_required, ASN1_NULL,
+ TAG_UNLOCKED_DEVICE_REQUIRED.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()),
- ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER, TAG_VENDOR_PATCHLEVEL.maskedTag()),
+ ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),
ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
} ASN1_SEQUENCE_END(KM_AUTH_LIST);
@@ -237,11 +251,18 @@
copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list);
copyAuthTag(record->padding, TAG_PADDING, auth_list);
copyAuthTag(record->purpose, TAG_PURPOSE, auth_list);
- copyAuthTag(record->rollback_resistant, TAG_ROLLBACK_RESISTANCE, auth_list);
+ copyAuthTag(record->rollback_resistance, TAG_ROLLBACK_RESISTANCE, auth_list);
copyAuthTag(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list);
copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);
copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);
copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);
+ copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);
+ copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);
+ copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED,
+ auth_list);
+ copyAuthTag(record->trusted_confirmation_required, TAG_TRUSTED_CONFIRMATION_REQUIRED,
+ auth_list);
+ copyAuthTag(record->unlocked_device_required, TAG_UNLOCKED_DEVICE_REQUIRED, auth_list);
return ErrorCode::OK;
}
diff --git a/keymaster/4.0/support/include/keymasterV4_0/key_param_output.h b/keymaster/4.0/support/include/keymasterV4_0/key_param_output.h
index 74be343..6e2b691 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/key_param_output.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/key_param_output.h
@@ -53,6 +53,10 @@
return os << toString(value);
}
+inline ::std::ostream& operator<<(::std::ostream& os, SecurityLevel value) {
+ return os << toString(value);
+}
+
template <typename ValueT>
::std::ostream& operator<<(::std::ostream& os, const NullOr<ValueT>& value) {
if (!value.isOk()) {
diff --git a/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h b/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
index ce213bc..9e7d252 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
@@ -116,6 +116,7 @@
DECLARE_TYPED_TAG(BLOB_USAGE_REQUIREMENTS);
DECLARE_TYPED_TAG(BLOCK_MODE);
DECLARE_TYPED_TAG(BOOTLOADER_ONLY);
+DECLARE_TYPED_TAG(BOOT_PATCHLEVEL);
DECLARE_TYPED_TAG(CALLER_NONCE);
DECLARE_TYPED_TAG(CONFIRMATION_TOKEN);
DECLARE_TYPED_TAG(CREATION_DATETIME);
@@ -141,12 +142,14 @@
DECLARE_TYPED_TAG(ROOT_OF_TRUST);
DECLARE_TYPED_TAG(RSA_PUBLIC_EXPONENT);
DECLARE_TYPED_TAG(TRUSTED_CONFIRMATION_REQUIRED);
+DECLARE_TYPED_TAG(TRUSTED_USER_PRESENCE_REQUIRED);
DECLARE_TYPED_TAG(UNIQUE_ID);
DECLARE_TYPED_TAG(UNLOCKED_DEVICE_REQUIRED);
DECLARE_TYPED_TAG(USAGE_EXPIRE_DATETIME);
DECLARE_TYPED_TAG(USER_AUTH_TYPE);
DECLARE_TYPED_TAG(USER_ID);
DECLARE_TYPED_TAG(USER_SECURE_ID);
+DECLARE_TYPED_TAG(VENDOR_PATCHLEVEL);
template <typename... Elems>
struct MetaList {};
@@ -163,7 +166,8 @@
TAG_OS_VERSION_t, TAG_OS_PATCHLEVEL_t, TAG_UNIQUE_ID_t, TAG_ATTESTATION_CHALLENGE_t,
TAG_ATTESTATION_APPLICATION_ID_t, TAG_RESET_SINCE_ID_ROTATION_t, TAG_PURPOSE_t,
TAG_ALGORITHM_t, TAG_BLOCK_MODE_t, TAG_DIGEST_t, TAG_PADDING_t,
- TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t, TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t>;
+ TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t, TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t,
+ TAG_BOOT_PATCHLEVEL_t, TAG_VENDOR_PATCHLEVEL_t, TAG_TRUSTED_USER_PRESENCE_REQUIRED_t>;
template <typename TypedTagType>
struct TypedTag2ValueType;
diff --git a/keymaster/4.0/vts/functional/VerificationTokenTest.cpp b/keymaster/4.0/vts/functional/VerificationTokenTest.cpp
index 6afba0c..3876b16 100644
--- a/keymaster/4.0/vts/functional/VerificationTokenTest.cpp
+++ b/keymaster/4.0/vts/functional/VerificationTokenTest.cpp
@@ -111,8 +111,9 @@
EXPECT_GE(host_time_delta, time_to_sleep)
<< "We slept for " << time_to_sleep << " ms, the clock must have advanced by that much";
- EXPECT_LE(host_time_delta, time_to_sleep + 10)
- << "The verifyAuthorization call took more than 10 ms? That's awful!";
+ EXPECT_LE(host_time_delta, time_to_sleep + 20)
+ << "The verifyAuthorization call took " << (host_time_delta - time_to_sleep)
+ << " ms? That's awful!";
auto km_time_delta = result2.token.timestamp - result1.token.timestamp;
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 450b3eb..5dc0c7f 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -182,7 +182,7 @@
}
bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) {
- for (size_t i = 0; i < chain.size() - 1; ++i) {
+ for (size_t i = 0; i < chain.size(); ++i) {
X509_Ptr key_cert(parse_cert_blob(chain[i]));
X509_Ptr signing_cert;
if (i < chain.size() - 1) {
@@ -246,8 +246,7 @@
// Attestations don't contain everything in key authorization lists, so we need to filter
// the key lists to produce the lists that we expect to match the attestations.
auto tag_list = {
- Tag::INCLUDE_UNIQUE_ID, Tag::BLOB_USAGE_REQUIREMENTS,
- Tag::EC_CURVE /* Tag::EC_CURVE will be included by KM2 implementations */,
+ Tag::INCLUDE_UNIQUE_ID, Tag::BLOB_USAGE_REQUIREMENTS, Tag::EC_CURVE, Tag::HARDWARE_TYPE,
};
return std::find(tag_list.begin(), tag_list.end(), entry.tag) != tag_list.end();
}
@@ -271,7 +270,7 @@
bool verify_attestation_record(const string& challenge, const string& app_id,
AuthorizationSet expected_sw_enforced,
- AuthorizationSet expected_tee_enforced,
+ AuthorizationSet expected_tee_enforced, SecurityLevel security_level,
const hidl_vec<uint8_t>& attestation_cert) {
X509_Ptr cert(parse_cert_blob(attestation_cert));
EXPECT_TRUE(!!cert.get());
@@ -290,29 +289,27 @@
HidlBuf att_challenge;
HidlBuf att_unique_id;
HidlBuf att_app_id;
- EXPECT_EQ(ErrorCode::OK,
- parse_attestation_record(attest_rec->data, //
- attest_rec->length, //
- &att_attestation_version, //
- &att_attestation_security_level, //
- &att_keymaster_version, //
- &att_keymaster_security_level, //
- &att_challenge, //
- &att_sw_enforced, //
- &att_tee_enforced, //
- &att_unique_id));
- EXPECT_TRUE(att_attestation_version == 1 || att_attestation_version == 2);
+ auto error = parse_attestation_record(attest_rec->data, //
+ attest_rec->length, //
+ &att_attestation_version, //
+ &att_attestation_security_level, //
+ &att_keymaster_version, //
+ &att_keymaster_security_level, //
+ &att_challenge, //
+ &att_sw_enforced, //
+ &att_tee_enforced, //
+ &att_unique_id);
+ EXPECT_EQ(ErrorCode::OK, error);
+ if (error != ErrorCode::OK) return false;
+
+ EXPECT_TRUE(att_attestation_version == 3);
expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, HidlBuf(app_id));
EXPECT_GE(att_keymaster_version, 3U);
- EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT
- : SecurityLevel::SOFTWARE,
- att_keymaster_security_level);
- EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT
- : SecurityLevel::SOFTWARE,
- att_attestation_security_level);
+ EXPECT_EQ(security_level, att_keymaster_security_level);
+ EXPECT_EQ(security_level, att_attestation_security_level);
EXPECT_EQ(challenge.length(), att_challenge.size());
EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length()));
@@ -3008,6 +3005,7 @@
* Verifies that AES GCM mode works when provided additional authenticated data in multiple chunks.
*/
TEST_F(EncryptionOperationsTest, AesGcmMultiPartAad) {
+ const size_t tag_bits = 128;
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.AesEncryptionKey(128)
@@ -3019,7 +3017,7 @@
auto begin_params = AuthorizationSetBuilder()
.BlockMode(BlockMode::GCM)
.Padding(PaddingMode::NONE)
- .Authorization(TAG_MAC_LENGTH, 128);
+ .Authorization(TAG_MAC_LENGTH, tag_bits);
AuthorizationSet begin_out_params;
auto update_params =
@@ -3041,10 +3039,11 @@
EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, message, &update_out_params,
&ciphertext, &input_consumed));
EXPECT_EQ(message.size(), input_consumed);
- EXPECT_EQ(message.size(), ciphertext.size());
EXPECT_TRUE(update_out_params.empty());
EXPECT_EQ(ErrorCode::OK, Finish("" /* input */, &ciphertext));
+ // Expect 128-bit (16-byte) tag appended to ciphertext.
+ EXPECT_EQ(message.size() + (tag_bits >> 3), ciphertext.size());
// Grab nonce.
begin_params.push_back(begin_out_params);
@@ -3100,7 +3099,6 @@
EXPECT_EQ(ErrorCode::OK, Update(op_handle_, update_params, message, &update_out_params,
&ciphertext, &input_consumed));
EXPECT_EQ(message.size(), input_consumed);
- EXPECT_EQ(message.size(), ciphertext.size());
EXPECT_TRUE(update_out_params.empty());
// More AAD
@@ -3827,7 +3825,7 @@
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //
key_characteristics_.hardwareEnforced, //
- cert_chain[0]));
+ SecLevel(), cert_chain[0]));
}
/*
@@ -3874,7 +3872,7 @@
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //
key_characteristics_.hardwareEnforced, //
- cert_chain[0]));
+ SecLevel(), cert_chain[0]));
}
/*
diff --git a/radio/1.0/vts/functional/radio_hidl_hal_misc.cpp b/radio/1.0/vts/functional/radio_hidl_hal_misc.cpp
index 10d45b6..3499762 100644
--- a/radio/1.0/vts/functional/radio_hidl_hal_misc.cpp
+++ b/radio/1.0/vts/functional/radio_hidl_hal_misc.cpp
@@ -694,9 +694,10 @@
EXPECT_EQ(serial, radioRsp->rspInfo.serial);
if (cardStatus.cardState == CardState::ABSENT) {
- ASSERT_TRUE(CheckAnyOfErrors(radioRsp->rspInfo.error,
- {RadioError::INTERNAL_ERR, RadioError::LCE_NOT_SUPPORTED,
- RadioError::RADIO_NOT_AVAILABLE, RadioError::SIM_ABSENT}));
+ ASSERT_TRUE(CheckAnyOfErrors(
+ radioRsp->rspInfo.error,
+ {RadioError::INTERNAL_ERR, RadioError::LCE_NOT_SUPPORTED,
+ RadioError::RADIO_NOT_AVAILABLE, RadioError::SIM_ABSENT, RadioError::NONE}));
}
}
@@ -730,10 +731,10 @@
EXPECT_EQ(serial, radioRsp->rspInfo.serial);
if (cardStatus.cardState == CardState::ABSENT) {
- ASSERT_TRUE(CheckAnyOfErrors(
- radioRsp->rspInfo.error,
- {RadioError::NONE, RadioError::INTERNAL_ERR, RadioError::RADIO_NOT_AVAILABLE},
- CHECK_OEM_ERROR));
+ ASSERT_TRUE(CheckAnyOfErrors(radioRsp->rspInfo.error,
+ {RadioError::NONE, RadioError::INTERNAL_ERR,
+ RadioError::RADIO_NOT_AVAILABLE, RadioError::SIM_ABSENT},
+ CHECK_OEM_ERROR));
}
}