Merge "hwcrypto: Moving hwcrypto files out of staging" into main
diff --git a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
index f106d83..6e8d410 100644
--- a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
+++ b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
@@ -818,6 +818,7 @@
[](const char c) { return !std::isalnum(c); }, '_');
return name;
});
+GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(DynamicsProcessingLimiterConfigDataTest);
/**
* Test DynamicsProcessing ChannelConfig
diff --git a/graphics/composer/aidl/vts/RenderEngineVts.h b/graphics/composer/aidl/vts/RenderEngineVts.h
index bbe508f..6553720 100644
--- a/graphics/composer/aidl/vts/RenderEngineVts.h
+++ b/graphics/composer/aidl/vts/RenderEngineVts.h
@@ -51,9 +51,10 @@
private:
common::PixelFormat mFormat;
- std::vector<::android::renderengine::LayerSettings> mCompositionLayers;
std::unique_ptr<::android::renderengine::RenderEngine> mRenderEngine;
- std::vector<::android::renderengine::LayerSettings> mRenderLayers;
+ // Delete RenderEngine layers before RenderEngine -- ExternalTexture holds a reference to
+ // RenderEngine.
+ std::vector<::android::renderengine::LayerSettings> mCompositionLayers;
::android::sp<::android::GraphicBuffer> mGraphicBuffer;
DisplaySettings mDisplaySettings;
diff --git a/nfc/aidl/Android.bp b/nfc/aidl/Android.bp
index b34e4f2..1ffd274 100644
--- a/nfc/aidl/Android.bp
+++ b/nfc/aidl/Android.bp
@@ -33,8 +33,9 @@
enabled: false,
},
java: {
- sdk_version: "module_current",
enabled: false,
+ sdk_version: "module_current",
+ min_sdk_version: "35",
},
ndk: {
enabled: true,
@@ -42,6 +43,7 @@
"//apex_available:platform",
"com.android.nfcservices",
],
+ min_sdk_version: "35",
},
rust: {
enabled: true,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index 4fe3bd9..2d2f307 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -125,14 +125,25 @@
* straightforward translation of the KeyMint tag/value parameter lists to ASN.1.
*
* KeyDescription ::= SEQUENCE {
- * attestationVersion INTEGER, # Value 400
- * attestationSecurityLevel SecurityLevel, # See below
- * keyMintVersion INTEGER, # Value 400
- * keymintSecurityLevel SecurityLevel, # See below
- * attestationChallenge OCTET_STRING, # Tag::ATTESTATION_CHALLENGE from attestParams
- * uniqueId OCTET_STRING, # Empty unless key has Tag::INCLUDE_UNIQUE_ID
- * softwareEnforced AuthorizationList, # See below
- * hardwareEnforced AuthorizationList, # See below
+ * -- attestationVersion must be 400.
+ * attestationVersion INTEGER,
+ * -- attestationSecurityLevel is the SecurityLevel of the location where the attested
+ * -- key is stored. Must match keymintSecurityLevel.
+ * attestationSecurityLevel SecurityLevel,
+ * -- keyMintVersion must be 400.
+ * keyMintVersion INTEGER,
+ * -- keyMintSecurityLevel is the SecurityLevel of the IKeyMintDevice. Must match
+ * -- attestationSecurityLevel.
+ * keyMintSecurityLevel SecurityLevel,
+ * -- attestationChallenge contains Tag::ATTESTATION_CHALLENGE from attestParams.
+ * attestationChallenge OCTET_STRING,
+ * -- uniqueId is empty unless the key has Tag::INCLUDE_UNIQUE_ID.
+ * uniqueId OCTET_STRING,
+ * -- softwareEnforced contains the authorization tags enforced by the Android system.
+ * softwareEnforced AuthorizationList,
+ * -- hardwareEnforced contains the authorization tags enforced by a secure environment
+ * -- (TEE or StrongBox).
+ * hardwareEnforced AuthorizationList,
* }
*
* SecurityLevel ::= ENUMERATED {
@@ -142,12 +153,15 @@
* }
*
* RootOfTrust ::= SEQUENCE {
+ * -- verifiedBootKey must contain a SHA-256 digest of the public key embedded in the
+ * -- "vbmeta" partition if the device's bootloader is locked, or 32 bytes of zeroes if the
+ * -- device's bootloader is unlocked.
* verifiedBootKey OCTET_STRING,
* deviceLocked BOOLEAN,
* verifiedBootState VerifiedBootState,
- * # verifiedBootHash must contain a SHA-256 digest of all binaries and components validated
- * # by Verified Boot. Updating any verified binary or component must cause this value to
- * # change.
+ * -- verifiedBootHash must contain a SHA-256 digest of all binaries and components
+ * -- validated by Verified Boot. Updating any verified binary or component must cause this
+ * -- value to change.
* verifiedBootHash OCTET_STRING,
* }
*
@@ -158,15 +172,15 @@
* Failed (3),
* }
*
- * # Modules contains version information for APEX modules.
- * # Note that the Modules information is DER-encoded before being hashed, which requires a
- * # specific ordering (lexicographic by encoded value) for the constituent Module entries. This
- * # ensures that the ordering of Module entries is predictable and that the resulting SHA-256
- * # hash value is identical for the same set of modules.
+ * -- Modules contains version information for APEX modules.
+ * -- Note that the Modules information is DER-encoded before being hashed, which requires a
+ * -- specific ordering (lexicographic by encoded value) for the constituent Module entries.
+ * -- This ensures that the ordering of Module entries is predictable and that the resulting
+ * -- SHA-256 hash value is identical for the same set of modules.
* Modules ::= SET OF Module
* Module ::= SEQUENCE {
* packageName OCTET_STRING,
- * version INTEGER, # As determined at boot time
+ * version INTEGER, -- As determined at boot time
* }
*
* -- Note that the AuthorizationList SEQUENCE is also used in IKeyMintDevice::importWrappedKey
@@ -181,11 +195,11 @@
* purpose [1] EXPLICIT SET OF INTEGER OPTIONAL,
* algorithm [2] EXPLICIT INTEGER OPTIONAL,
* keySize [3] EXPLICIT INTEGER OPTIONAL,
- * blockMode [4] EXPLICIT SET OF INTEGER OPTIONAL, -- symmetric only
+ * blockMode [4] EXPLICIT SET OF INTEGER OPTIONAL, -- Symmetric keys only
* digest [5] EXPLICIT SET OF INTEGER OPTIONAL,
* padding [6] EXPLICIT SET OF INTEGER OPTIONAL,
- * callerNonce [7] EXPLICIT NULL OPTIONAL, -- symmetric only
- * minMacLength [8] EXPLICIT INTEGER OPTIONAL, -- symmetric only
+ * callerNonce [7] EXPLICIT NULL OPTIONAL, -- Symmetric keys only
+ * minMacLength [8] EXPLICIT INTEGER OPTIONAL, -- Symmetric keys only
* ecCurve [10] EXPLICIT INTEGER OPTIONAL,
* rsaPublicExponent [200] EXPLICIT INTEGER OPTIONAL,
* mgfDigest [203] EXPLICIT SET OF INTEGER OPTIONAL,
@@ -195,7 +209,7 @@
* originationExpireDateTime [401] EXPLICIT INTEGER OPTIONAL,
* usageExpireDateTime [402] EXPLICIT INTEGER OPTIONAL,
* usageCountLimit [405] EXPLICIT INTEGER OPTIONAL,
- * userSecureId [502] EXPLICIT INTEGER OPTIONAL, -- only used on import
+ * userSecureId [502] EXPLICIT INTEGER OPTIONAL, -- Only used on key import
* noAuthRequired [503] EXPLICIT NULL OPTIONAL,
* userAuthType [504] EXPLICIT INTEGER OPTIONAL,
* authTimeout [505] EXPLICIT INTEGER OPTIONAL,
@@ -221,7 +235,8 @@
* bootPatchLevel [719] EXPLICIT INTEGER OPTIONAL,
* deviceUniqueAttestation [720] EXPLICIT NULL OPTIONAL,
* attestationIdSecondImei [723] EXPLICIT OCTET_STRING OPTIONAL,
- * moduleHash [724] EXPLICIT OCTET_STRING OPTIONAL, -- SHA-256 hash of DER-encoded `Modules`
+ * -- moduleHash contains a SHA-256 hash of DER-encoded `Modules`
+ * moduleHash [724] EXPLICIT OCTET_STRING OPTIONAL,
* }
*/
Certificate[] certificateChain;
diff --git a/security/keymint/aidl/default/Android.bp b/security/keymint/aidl/default/Android.bp
index ff2393c..0197141 100644
--- a/security/keymint/aidl/default/Android.bp
+++ b/security/keymint/aidl/default/Android.bp
@@ -104,6 +104,7 @@
],
}
+// The following target declares the latest version of KeyMint.
prebuilt_etc {
name: "android.hardware.hardware_keystore.xml",
sub_dir: "permissions",
@@ -111,6 +112,24 @@
src: "android.hardware.hardware_keystore.xml",
}
+// The following targets (and underlying XML files) declare specific
+// versions of KeyMint. Vendors should use the version that matches the
+// version of the KeyMint HAL that the device implements.
+
+prebuilt_etc {
+ name: "android.hardware.hardware_keystore_V1.xml",
+ sub_dir: "permissions",
+ vendor: true,
+ src: "android.hardware.hardware_keystore_V1.xml",
+}
+
+prebuilt_etc {
+ name: "android.hardware.hardware_keystore_V2.xml",
+ sub_dir: "permissions",
+ vendor: true,
+ src: "android.hardware.hardware_keystore_V2.xml",
+}
+
prebuilt_etc {
name: "android.hardware.hardware_keystore_V3.xml",
sub_dir: "permissions",
@@ -118,6 +137,13 @@
src: "android.hardware.hardware_keystore_V3.xml",
}
+prebuilt_etc {
+ name: "android.hardware.hardware_keystore_V4.xml",
+ sub_dir: "permissions",
+ vendor: true,
+ src: "android.hardware.hardware_keystore_V4.xml",
+}
+
rust_library {
name: "libkmr_hal_nonsecure",
crate_name: "kmr_hal_nonsecure",
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml
new file mode 100644
index 0000000..e5a9345
--- /dev/null
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore_V1.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<permissions>
+ <feature name="android.hardware.hardware_keystore" version="100" />
+</permissions>
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml
new file mode 100644
index 0000000..2ebf1fe
--- /dev/null
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore_V2.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<permissions>
+ <feature name="android.hardware.hardware_keystore" version="200" />
+</permissions>
diff --git a/security/keymint/aidl/default/android.hardware.hardware_keystore_V4.xml b/security/keymint/aidl/default/android.hardware.hardware_keystore_V4.xml
new file mode 100644
index 0000000..1ab2133
--- /dev/null
+++ b/security/keymint/aidl/default/android.hardware.hardware_keystore_V4.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright 2021 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<permissions>
+ <feature name="android.hardware.hardware_keystore" version="400" />
+</permissions>
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 3aa5d76..0ce6a15 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -2232,6 +2232,33 @@
namespace {
+std::optional<std::string> validateP256Point(const std::vector<uint8_t>& x_buffer,
+ const std::vector<uint8_t>& y_buffer) {
+ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
+ if (group.get() == nullptr) {
+ return "Error creating EC group by curve name for prime256v1";
+ }
+
+ auto point = EC_POINT_Ptr(EC_POINT_new(group.get()));
+ BIGNUM_Ptr x(BN_bin2bn(x_buffer.data(), x_buffer.size(), nullptr));
+ BIGNUM_Ptr y(BN_bin2bn(y_buffer.data(), y_buffer.size(), nullptr));
+ if (!EC_POINT_set_affine_coordinates_GFp(group.get(), point.get(), x.get(), y.get(), nullptr)) {
+ return "Failed to set affine coordinates.";
+ }
+ if (!EC_POINT_is_on_curve(group.get(), point.get(), nullptr)) {
+ return "Point is not on curve.";
+ }
+ if (EC_POINT_is_at_infinity(group.get(), point.get())) {
+ return "Point is at infinity.";
+ }
+ const auto* generator = EC_GROUP_get0_generator(group.get());
+ if (!EC_POINT_cmp(group.get(), generator, point.get(), nullptr)) {
+ return "Point is equal to generator.";
+ }
+
+ return std::nullopt;
+}
+
void check_cose_key(const vector<uint8_t>& data, bool testMode) {
auto [parsedPayload, __, payloadParseErr] = cppbor::parse(data);
ASSERT_TRUE(parsedPayload) << "Key parse failed: " << payloadParseErr;
@@ -2265,6 +2292,24 @@
" -3 : \\{(0x[0-9a-f]{2}, ){31}0x[0-9a-f]{2}\\},\n" // pub_y: data
"\\}"));
}
+
+ ASSERT_TRUE(parsedPayload->asMap()) << "CBOR item was not a map";
+
+ ASSERT_TRUE(parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_X))
+ << "CBOR map did not contain x coordinate of public key";
+ ASSERT_TRUE(parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_X)->asBstr())
+ << "x coordinate of public key was not a bstr";
+ const auto& x = parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_X)->asBstr()->value();
+
+ ASSERT_TRUE(parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_Y))
+ << "CBOR map did not contain y coordinate of public key";
+ ASSERT_TRUE(parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_Y)->asBstr())
+ << "y coordinate of public key was not a bstr";
+ const auto& y = parsedPayload->asMap()->get(CoseKey::Label::PUBKEY_Y)->asBstr()->value();
+
+ auto errorMessage = validateP256Point(x, y);
+ EXPECT_EQ(errorMessage, std::nullopt)
+ << *errorMessage << " x: " << bin2hex(x) << " y: " << bin2hex(y);
}
} // namespace
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 5467679..b9c742a 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -416,6 +416,32 @@
check_maced_pubkey(macedPubKey, testMode, nullptr);
}
+/**
+ * Generate and validate at most 2**16 production-mode keys. This aims to catch issues that do not
+ * deterministically show up. In practice, this will test far fewer keys, but a certain number are
+ * tested at a minimum.
+ */
+TEST_P(GenerateKeyTests, generateManyEcdsaP256KeysInProdMode) {
+ const auto start = std::chrono::steady_clock::now();
+ const auto time_bound = std::chrono::seconds(5);
+ const auto upper_bound = 1 << 16;
+ const auto lower_bound = 1 << 8;
+ for (auto iteration = 0; iteration < upper_bound; iteration++) {
+ MacedPublicKey macedPubKey;
+ bytevec privateKeyBlob;
+ bool testMode = false;
+ auto status =
+ provisionable_->generateEcdsaP256KeyPair(testMode, &macedPubKey, &privateKeyBlob);
+ ASSERT_TRUE(status.isOk());
+ vector<uint8_t> coseKeyData;
+ check_maced_pubkey(macedPubKey, testMode, &coseKeyData);
+ const auto current_time = std::chrono::steady_clock::now() - start;
+ if (iteration >= lower_bound && current_time >= time_bound) {
+ break;
+ }
+ }
+}
+
class CertificateRequestTestBase : public VtsRemotelyProvisionedComponentTests {
protected:
CertificateRequestTestBase()