Merge "Fix bug for none fe test case"
diff --git a/audio/core/all-versions/default/Android.bp b/audio/core/all-versions/default/Android.bp
index f61964e..615655d 100644
--- a/audio/core/all-versions/default/Android.bp
+++ b/audio/core/all-versions/default/Android.bp
@@ -56,6 +56,7 @@
"android.hardware.audio-impl_headers",
"android.hardware.audio.common.util@all-versions",
"libaudioclient_headers",
+ "libaudioutils_headers",
"libaudio_system_headers",
"libhardware_headers",
"libmedia_headers",
diff --git a/audio/core/all-versions/default/StreamOut.cpp b/audio/core/all-versions/default/StreamOut.cpp
index a089f6b..4fe6601 100644
--- a/audio/core/all-versions/default/StreamOut.cpp
+++ b/audio/core/all-versions/default/StreamOut.cpp
@@ -28,6 +28,7 @@
#include <HidlUtils.h>
#include <android/log.h>
+#include <audio_utils/Metadata.h>
#include <hardware/audio.h>
#include <util/CoreUtils.h>
#include <utils/Trace.h>
@@ -742,7 +743,11 @@
switch (event) {
case STREAM_EVENT_CBK_TYPE_CODEC_FORMAT_CHANGED: {
hidl_vec<uint8_t> audioMetadata;
- audioMetadata.setToExternal((uint8_t*)param, strlen((char*)param));
+ // void* param is the byte string buffer from byte_string_from_audio_metadata().
+ // As the byte string buffer may have embedded zeroes, we cannot use strlen()
+ // but instead use audio_utils::metadata::dataByteStringLen().
+ audioMetadata.setToExternal((uint8_t*)param, audio_utils::metadata::dataByteStringLen(
+ (const uint8_t*)param));
result = eventCallback->onCodecFormatChanged(audioMetadata);
} break;
default:
diff --git a/current.txt b/current.txt
index 0b6f698..2bd03ba 100644
--- a/current.txt
+++ b/current.txt
@@ -831,7 +831,7 @@
c9ad18729268593d14681d88ffad1c97e707444a45e1b4ed804dab949edbd84f android.hardware.radio.config@1.3::IRadioConfigResponse
78dcb9a6975e8b377cb90bbe952078162960941468c992dcd2e1830a477b8c03 android.hardware.radio.config@1.3::types
fd43298c43f70130c747a642ee43b0c242ac0cebffb377faa24f2725f0aa6caf android.hardware.tetheroffload.control@1.1::IOffloadControl
-fe18c9032e4063efca3fff3c377dd69780de1f96e8e2bc3f7d100a5d8bd467b4 android.hardware.tetheroffload.control@1.1::ITetheringOffloadCallback
+ead4ec8713a2cb40906fe31ba793d21a6b1190143c446690d16a6ea686aa2fea android.hardware.tetheroffload.control@1.1::ITetheringOffloadCallback
e34b4c7bec5e032c14804707ca924dd6b99ed5ba139da7505fe7d698d0fe178f android.hardware.tetheroffload.control@1.1::types
# There should be no more HIDL HALs - please use AIDL instead.
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index e0d60fc..9e37ed0 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -921,6 +921,23 @@
.Authorization(TAG_MIN_MAC_LENGTH, 128)));
}
+/**
+ * NewKeyGenerationTest.AesInvalidKeySize
+ *
+ * Verifies that specifying an invalid key size for AES key generation returns
+ * UNSUPPORTED_KEY_SIZE.
+ */
+TEST_P(NewKeyGenerationTest, AesInvalidKeySize) {
+ for (auto key_size : InvalidKeySizes(Algorithm::AES)) {
+ ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+ GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .AesEncryptionKey(key_size)
+ .Authorization(TAG_BLOCK_MODE, BlockMode::ECB)
+ .Padding(PaddingMode::NONE)));
+ }
+}
+
INSTANTIATE_KEYMASTER_HIDL_TEST(NewKeyGenerationTest);
typedef KeymasterHidlTest SigningOperationsTest;
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index 1e101ab..8fbc91a 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -505,10 +505,10 @@
/**
* Tag::APPLICATION_ID. When provided to generateKey or importKey, this tag specifies data
- * that is necessary during all uses of the key. In particular, calls to exportKey() must
- * provide the same value to the clientId parameter, and calls to begin() must provide this
- * tag and the same associated data as part of the inParams set. If the correct data is not
- * provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+ * that is necessary during all uses of the key. In particular, calls to exportKey() and
+ * getKeyCharacteristics() must provide the same value to the clientId parameter, and calls to
+ * begin() must provide this tag and the same associated data as part of the inParams set. If
+ * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
*
* The content of this tag must be bound to the key cryptographically, meaning it must not be
* possible for an adversary who has access to all of the secure world secrets but does not have
@@ -573,8 +573,8 @@
* Tag::OS_VERSION specifies the system OS version with which the key may be used. This tag is
* never sent to the IKeyMintDevice, but is added to the hardware-enforced authorization list
* by the TA. Any attempt to use a key with a Tag::OS_VERSION value different from the
- * currently-running OS version must cause begin() or exportKey() to return
- * ErrorCode::KEY_REQUIRES_UPGRADE. See upgradeKey() for details.
+ * currently-running OS version must cause begin(), getKeyCharacteristics() or exportKey() to
+ * return ErrorCode::KEY_REQUIRES_UPGRADE. See upgradeKey() for details.
*
* The value of the tag is an integer of the form MMmmss, where MM is the major version number,
* mm is the minor version number, and ss is the sub-minor version number. For example, for a
@@ -596,8 +596,9 @@
* Tag::OS_PATCHLEVEL specifies the system security patch level with which the key may be used.
* This tag is never sent to the keyMint TA, but is added to the hardware-enforced
* authorization list by the TA. Any attempt to use a key with a Tag::OS_PATCHLEVEL value
- * different from the currently-running system patchlevel must cause begin() or
- * exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE. See upgradeKey() for details.
+ * different from the currently-running system patchlevel must cause begin(),
+ * getKeyCharacteristics() or exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE. See
+ * upgradeKey() for details.
*
* The value of the tag is an integer of the form YYYYMM, where YYYY is the four-digit year of
* the last update and MM is the two-digit month of the last update. For example, for a key
@@ -789,8 +790,9 @@
* Tag::VENDOR_PATCHLEVEL specifies the vendor image security patch level with which the key may
* be used. This tag is never sent to the keyMint TA, but is added to the hardware-enforced
* authorization list by the TA. Any attempt to use a key with a Tag::VENDOR_PATCHLEVEL value
- * different from the currently-running system patchlevel must cause begin() or
- * exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE. See upgradeKey() for details.
+ * different from the currently-running system patchlevel must cause begin(),
+ * getKeyCharacteristics() or exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE. See
+ * upgradeKey() for details.
*
* The value of the tag is an integer of the form YYYYMMDD, where YYYY is the four-digit year of
* the last update, MM is the two-digit month and DD is the two-digit day of the last
@@ -811,8 +813,8 @@
* key may be used. This tag is never sent to the keyMint TA, but is added to the
* hardware-enforced authorization list by the TA. Any attempt to use a key with a
* Tag::BOOT_PATCHLEVEL value different from the currently-running system patchlevel must
- * cause begin() or exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE. See upgradeKey() for
- * details.
+ * cause begin(), getKeyCharacteristics() or exportKey() to return
+ * ErrorCode::KEY_REQUIRES_UPGRADE. See upgradeKey() for details.
*
* The value of the tag is an integer of the form YYYYMMDD, where YYYY is the four-digit year of
* the last update, MM is the two-digit month and DD is the two-digit day of the last
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 0f73cfd..881354d 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -56,6 +56,7 @@
{} /* attestation signing key */, &attest_key.keyBlob,
&attest_key_characteristics, &attest_key_cert_chain));
+ ASSERT_GT(attest_key_cert_chain.size(), 0);
EXPECT_EQ(attest_key_cert_chain.size(), 1);
EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
@@ -549,6 +550,7 @@
{} /* attestation siging key */, &attest_key.keyBlob,
&attest_key_characteristics, &attest_key_cert_chain));
+ ASSERT_GT(attest_key_cert_chain.size(), 0);
EXPECT_EQ(attest_key_cert_chain.size(), 1);
EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on curve " << curve;
@@ -632,6 +634,7 @@
{} /* attestation siging key */, &non_attest_key.keyBlob,
&non_attest_key_characteristics, &non_attest_key_cert_chain));
+ ASSERT_GT(non_attest_key_cert_chain.size(), 0);
EXPECT_EQ(non_attest_key_cert_chain.size(), 1);
EXPECT_TRUE(IsSelfSigned(non_attest_key_cert_chain));
diff --git a/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp b/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
index 7009c6e..6f0ee4e 100644
--- a/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
+++ b/security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp
@@ -70,13 +70,12 @@
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
.Authorization(TAG_INCLUDE_UNIQUE_ID)
- .Authorization(TAG_NO_AUTH_REQUIRED)
.AttestationChallenge("challenge")
.AttestationApplicationId("foo")
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
&key_blob, &key_characteristics);
- ASSERT_TRUE(result == ErrorCode::UNSUPPORTED_TAG);
+ ASSERT_EQ(result, ErrorCode::INVALID_ARGUMENT);
}
/*
@@ -102,7 +101,7 @@
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
&key_blob, &key_characteristics);
- ASSERT_TRUE(result == ErrorCode::UNSUPPORTED_TAG);
+ ASSERT_EQ(result, ErrorCode::INVALID_ARGUMENT);
}
/*
@@ -124,7 +123,6 @@
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
.Authorization(TAG_INCLUDE_UNIQUE_ID)
- .Authorization(TAG_NO_AUTH_REQUIRED)
.AttestationChallenge("challenge")
.AttestationApplicationId("foo")
.Authorization(TAG_DEVICE_UNIQUE_ATTESTATION),
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 56dc836..cd7d603 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -634,9 +634,8 @@
for (auto padding_mode : InvalidPaddingModes(Algorithm::AES, block_mode)) {
SCOPED_TRACE(testing::Message()
<< "AES-" << key_size << "-" << block_mode << "-" << padding_mode);
- vector<uint8_t> key_blob;
- vector<KeyCharacteristics> key_characteristics;
auto builder = AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
.AesEncryptionKey(key_size)
.BlockMode(block_mode)
.Padding(padding_mode)
@@ -645,14 +644,18 @@
builder.Authorization(TAG_MIN_MAC_LENGTH, 128);
}
- auto result = GenerateKey(builder, &key_blob, &key_characteristics);
+ auto result = GenerateKey(builder);
if (result == ErrorCode::OK) {
// Key creation was OK but has generated a key that cannot be used.
auto params =
AuthorizationSetBuilder().BlockMode(block_mode).Padding(padding_mode);
+ if (block_mode == BlockMode::GCM) {
+ params.Authorization(TAG_MAC_LENGTH, 128);
+ }
auto result = Begin(KeyPurpose::ENCRYPT, params);
EXPECT_TRUE(result == ErrorCode::INCOMPATIBLE_PADDING_MODE ||
- result == ErrorCode::INVALID_KEY_BLOB);
+ result == ErrorCode::INVALID_KEY_BLOB)
+ << "unexpected result: " << result;
} else {
// The KeyMint implementation detected that the generated key
// is unusable.
@@ -3261,14 +3264,35 @@
string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
uint32_t bitlen = key.size() * 8;
for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
- ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
- ImportKey(AuthorizationSetBuilder()
+ // Explicit key size doesn't match that of the provided key.
+ auto result = ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.AesEncryptionKey(key_size)
.EcbMode()
.Padding(PaddingMode::PKCS7),
- KeyFormat::RAW, key));
+ KeyFormat::RAW, key);
+ ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
+ result == ErrorCode::UNSUPPORTED_KEY_SIZE)
+ << "unexpected result: " << result;
}
+
+ // Explicit key size matches that of the provided key, but it's not a valid size.
+ string long_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+ ImportKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .AesEncryptionKey(long_key.size() * 8)
+ .EcbMode()
+ .Padding(PaddingMode::PKCS7),
+ KeyFormat::RAW, long_key));
+ string short_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+ ImportKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .AesEncryptionKey(short_key.size() * 8)
+ .EcbMode()
+ .Padding(PaddingMode::PKCS7),
+ KeyFormat::RAW, short_key));
}
/*
@@ -3307,14 +3331,34 @@
string key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
uint32_t bitlen = key.size() * 8;
for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
- ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
- ImportKey(AuthorizationSetBuilder()
+ // Explicit key size doesn't match that of the provided key.
+ auto result = ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.TripleDesEncryptionKey(key_size)
.EcbMode()
.Padding(PaddingMode::PKCS7),
- KeyFormat::RAW, key));
+ KeyFormat::RAW, key);
+ ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
+ result == ErrorCode::UNSUPPORTED_KEY_SIZE)
+ << "unexpected result: " << result;
}
+ // Explicit key size matches that of the provided key, but it's not a valid size.
+ string long_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+ ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+ ImportKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .TripleDesEncryptionKey(long_key.size() * 8)
+ .EcbMode()
+ .Padding(PaddingMode::PKCS7),
+ KeyFormat::RAW, long_key));
+ string short_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+ ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+ ImportKey(AuthorizationSetBuilder()
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .TripleDesEncryptionKey(short_key.size() * 8)
+ .EcbMode()
+ .Padding(PaddingMode::PKCS7),
+ KeyFormat::RAW, short_key));
}
/*
diff --git a/tetheroffload/control/1.1/ITetheringOffloadCallback.hal b/tetheroffload/control/1.1/ITetheringOffloadCallback.hal
index 7a7d56d..9c74641 100644
--- a/tetheroffload/control/1.1/ITetheringOffloadCallback.hal
+++ b/tetheroffload/control/1.1/ITetheringOffloadCallback.hal
@@ -26,8 +26,8 @@
interface ITetheringOffloadCallback extends @1.0::ITetheringOffloadCallback {
/**
* Called when an asynchronous event is generated by the hardware
- * management process. Events which are common for 1.0 and 1.1 HAL
- * MUST be fired on both 1.0 and 1.1 callback.
+ * management process. Implementations that report events via this callback
+ * should not invoke onEvent of 1.0 HAL.
*/
oneway onEvent_1_1(OffloadCallbackEvent event);
};