Merge "aidl: Suppress warnings on out-array"
diff --git a/current.txt b/current.txt
index 454d43e..f446754 100644
--- a/current.txt
+++ b/current.txt
@@ -776,8 +776,8 @@
dabe23dde7c9e3ad65c61def7392f186d7efe7f4216f9b6f9cf0863745b1a9f4 android.hardware.keymaster@4.1::IKeymasterDevice
cd84ab19c590e0e73dd2307b591a3093ee18147ef95e6d5418644463a6620076 android.hardware.neuralnetworks@1.2::IDevice
f729ee6a5f136b25d79ea6895d24700fce413df555baaecf2c39e4440d15d043 android.hardware.neuralnetworks@1.0::types
-a84f8dac7a9b75de1cc2936a9b429b9b62b32a31ea88ca52c29f98f5ddc0fa95 android.hardware.neuralnetworks@1.2::types
-cd331b92312d16ab89f475c39296abbf539efc4114a8c5c2b136ad99b904ef33 android.hardware.neuralnetworks@1.3::types
+38c1a3eb5c3dfa4cc40b7cf4be0e9850440e2c57197fba7407081679b358aa22 android.hardware.neuralnetworks@1.2::types
+550619f876cadbea1f718edce120f0e1dd4a6f4bd4c28b59d479677dc86b0aec android.hardware.neuralnetworks@1.3::types
c3fec5bd470984402997f78a74b6511efc4063b270f2bd9ee7b78f48b683a1bb android.hardware.neuralnetworks@1.3::IDevice
0fdfad62c2ec33b52e6687004e5a1971c02d10b93ee4d26df5ccff7ce032494a android.hardware.neuralnetworks@1.3::IPreparedModel
e8c86c69c438da8d1549856c1bb3e2d1b8da52722f8235ff49a30f2cce91742c android.hardware.soundtrigger@2.1::ISoundTriggerHwCallback
diff --git a/graphics/common/aidl/aidl_api/android.hardware.graphics.common/current/android/hardware/graphics/common/HardwareBufferDescription.aidl b/graphics/common/aidl/aidl_api/android.hardware.graphics.common/current/android/hardware/graphics/common/HardwareBufferDescription.aidl
index 8b12169..232e023 100644
--- a/graphics/common/aidl/aidl_api/android.hardware.graphics.common/current/android/hardware/graphics/common/HardwareBufferDescription.aidl
+++ b/graphics/common/aidl/aidl_api/android.hardware.graphics.common/current/android/hardware/graphics/common/HardwareBufferDescription.aidl
@@ -21,7 +21,7 @@
int width;
int height;
int layers;
- android.hardware.graphics.common.PixelFormat format;
- android.hardware.graphics.common.BufferUsage usage;
+ android.hardware.graphics.common.PixelFormat format = android.hardware.graphics.common.PixelFormat.UNSPECIFIED;
+ android.hardware.graphics.common.BufferUsage usage = android.hardware.graphics.common.BufferUsage.CPU_READ_NEVER;
int stride;
}
diff --git a/graphics/common/aidl/android/hardware/graphics/common/HardwareBufferDescription.aidl b/graphics/common/aidl/android/hardware/graphics/common/HardwareBufferDescription.aidl
index e1e3492..078c512 100644
--- a/graphics/common/aidl/android/hardware/graphics/common/HardwareBufferDescription.aidl
+++ b/graphics/common/aidl/android/hardware/graphics/common/HardwareBufferDescription.aidl
@@ -29,7 +29,7 @@
int width;
int height;
int layers;
- PixelFormat format;
- BufferUsage usage;
+ PixelFormat format = PixelFormat.UNSPECIFIED;
+ BufferUsage usage = BufferUsage.CPU_READ_NEVER;
int stride;
}
diff --git a/graphics/composer/2.4/vts/functional/VtsHalGraphicsComposerV2_4TargetTest.cpp b/graphics/composer/2.4/vts/functional/VtsHalGraphicsComposerV2_4TargetTest.cpp
index eb65ce5..46f95dd 100644
--- a/graphics/composer/2.4/vts/functional/VtsHalGraphicsComposerV2_4TargetTest.cpp
+++ b/graphics/composer/2.4/vts/functional/VtsHalGraphicsComposerV2_4TargetTest.cpp
@@ -73,15 +73,15 @@
IComposerClient::Rect getFrameRect() const { return {0, 0, mDisplayWidth, mDisplayHeight}; }
- void setDimensions(int32_t displayWidth, int32_t displayHeight) const {
+ void setDimensions(int32_t displayWidth, int32_t displayHeight) {
mDisplayWidth = displayWidth;
mDisplayHeight = displayHeight;
}
private:
const Display mDisplay;
- mutable int32_t mDisplayWidth;
- mutable int32_t mDisplayHeight;
+ int32_t mDisplayWidth;
+ int32_t mDisplayHeight;
};
class GraphicsComposerHidlTest : public ::testing::TestWithParam<std::string> {
@@ -200,7 +200,7 @@
const ContentType& contentType, const char* contentTypeStr);
Error setActiveConfigWithConstraints(
- const VtsDisplay& display, Config config,
+ VtsDisplay& display, Config config,
const IComposerClient::VsyncPeriodChangeConstraints& constraints,
VsyncPeriodChangeTimeline* timeline) {
const auto error = mComposerClient->setActiveConfigWithConstraints(display.get(), config,
@@ -215,7 +215,7 @@
return error;
}
- void setActiveConfig(const VtsDisplay& display, Config config) {
+ void setActiveConfig(VtsDisplay& display, Config config) {
mComposerClient->setActiveConfig(display.get(), config);
const int32_t displayWidth = mComposerClient->getDisplayAttribute_2_4(
display.get(), config, IComposerClient::Attribute::WIDTH);
@@ -377,7 +377,7 @@
}
TEST_P(GraphicsComposerHidlTest, getDisplayVsyncPeriod) {
- for (const auto& display : mDisplays) {
+ for (VtsDisplay& display : mDisplays) {
for (Config config : mComposerClient->getDisplayConfigs(display.get())) {
VsyncPeriodNanos expectedVsyncPeriodNanos = mComposerClient->getDisplayAttribute_2_4(
display.get(), config,
@@ -441,7 +441,7 @@
constraints.seamlessRequired = false;
constraints.desiredTimeNanos = systemTime();
- for (const auto& display : mDisplays) {
+ for (VtsDisplay& display : mDisplays) {
Config invalidConfigId = GetInvalidConfigId(display.get());
EXPECT_EQ(Error::BAD_CONFIG,
setActiveConfigWithConstraints(display, invalidConfigId, constraints, &timeline));
@@ -455,7 +455,7 @@
constraints.seamlessRequired = true;
constraints.desiredTimeNanos = systemTime();
- for (const auto& display : mDisplays) {
+ for (VtsDisplay& display : mDisplays) {
forEachTwoConfigs(display.get(), [&](Config config1, Config config2) {
const auto configGroup1 = mComposerClient->getDisplayAttribute_2_4(
display.get(), config1,
@@ -553,7 +553,7 @@
}
void GraphicsComposerHidlTest::Test_setActiveConfigWithConstraints(const TestParameters& params) {
- for (const auto& display : mDisplays) {
+ for (VtsDisplay& display : mDisplays) {
forEachTwoConfigs(display.get(), [&](Config config1, Config config2) {
setActiveConfig(display, config1);
sendRefreshFrame(display, nullptr);
diff --git a/keymaster/aidl/aidl_api/android.hardware.keymaster/current/android/hardware/keymaster/HardwareAuthToken.aidl b/keymaster/aidl/aidl_api/android.hardware.keymaster/current/android/hardware/keymaster/HardwareAuthToken.aidl
index db1df2b..4f21cba 100644
--- a/keymaster/aidl/aidl_api/android.hardware.keymaster/current/android/hardware/keymaster/HardwareAuthToken.aidl
+++ b/keymaster/aidl/aidl_api/android.hardware.keymaster/current/android/hardware/keymaster/HardwareAuthToken.aidl
@@ -21,7 +21,7 @@
long challenge;
long userId;
long authenticatorId;
- android.hardware.keymaster.HardwareAuthenticatorType authenticatorType;
+ android.hardware.keymaster.HardwareAuthenticatorType authenticatorType = android.hardware.keymaster.HardwareAuthenticatorType.NONE;
android.hardware.keymaster.Timestamp timestamp;
byte[] mac;
}
diff --git a/keymaster/aidl/aidl_api/android.hardware.keymaster/current/android/hardware/keymaster/VerificationToken.aidl b/keymaster/aidl/aidl_api/android.hardware.keymaster/current/android/hardware/keymaster/VerificationToken.aidl
index 0633765..b116dac 100644
--- a/keymaster/aidl/aidl_api/android.hardware.keymaster/current/android/hardware/keymaster/VerificationToken.aidl
+++ b/keymaster/aidl/aidl_api/android.hardware.keymaster/current/android/hardware/keymaster/VerificationToken.aidl
@@ -20,6 +20,6 @@
parcelable VerificationToken {
long challenge;
android.hardware.keymaster.Timestamp timestamp;
- android.hardware.keymaster.SecurityLevel securityLevel;
+ android.hardware.keymaster.SecurityLevel securityLevel = android.hardware.keymaster.SecurityLevel.SOFTWARE;
byte[] mac;
}
diff --git a/keymaster/aidl/android/hardware/keymaster/HardwareAuthToken.aidl b/keymaster/aidl/android/hardware/keymaster/HardwareAuthToken.aidl
index 58602aa..99b036a 100644
--- a/keymaster/aidl/android/hardware/keymaster/HardwareAuthToken.aidl
+++ b/keymaster/aidl/android/hardware/keymaster/HardwareAuthToken.aidl
@@ -55,7 +55,7 @@
* authenticatorType describes the type of authentication that took place, e.g. password or
* fingerprint.
*/
- HardwareAuthenticatorType authenticatorType;
+ HardwareAuthenticatorType authenticatorType = HardwareAuthenticatorType.NONE;
/**
* timestamp indicates when the user authentication took place, in milliseconds since some
diff --git a/keymaster/aidl/android/hardware/keymaster/VerificationToken.aidl b/keymaster/aidl/android/hardware/keymaster/VerificationToken.aidl
index f053254..5efd937 100644
--- a/keymaster/aidl/android/hardware/keymaster/VerificationToken.aidl
+++ b/keymaster/aidl/android/hardware/keymaster/VerificationToken.aidl
@@ -43,7 +43,7 @@
/**
* SecurityLevel of the secure environment that generated the token.
*/
- SecurityLevel securityLevel;
+ SecurityLevel securityLevel = SecurityLevel.SOFTWARE;
/**
* 32-byte HMAC-SHA256 of the above values, computed as:
diff --git a/neuralnetworks/1.2/types.hal b/neuralnetworks/1.2/types.hal
index 03aed86..f5b6ead 100644
--- a/neuralnetworks/1.2/types.hal
+++ b/neuralnetworks/1.2/types.hal
@@ -3618,7 +3618,7 @@
* front of dimension i.
* padding[i, 1] specifies the number of elements to be padded after
* the end of dimension i.
- * * 2: An scalar specifying the value to use for padding input0.
+ * * 2: A scalar specifying the value to use for padding input0.
* For input tensor of {@link OperandType::TENSOR_FLOAT16}, the
* pad value must be of {@link OperandType::FLOAT16}.
* For input tensor of {@link OperandType::TENSOR_FLOAT32}, the
diff --git a/neuralnetworks/1.3/types.hal b/neuralnetworks/1.3/types.hal
index a5dbd5e..a26b858 100644
--- a/neuralnetworks/1.3/types.hal
+++ b/neuralnetworks/1.3/types.hal
@@ -3834,7 +3834,7 @@
* front of dimension i.
* padding[i, 1] specifies the number of elements to be padded after
* the end of dimension i.
- * * 2: An scalar specifying the value to use for padding input0.
+ * * 2: A scalar specifying the value to use for padding input0.
* For input tensor of {@link OperandType::TENSOR_FLOAT16}, the
* pad value must be of {@link OperandType::FLOAT16}.
* For input tensor of {@link OperandType::TENSOR_FLOAT32}, the
diff --git a/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/Operand.aidl b/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/Operand.aidl
index 5a9f4ff..1d9bdd8 100644
--- a/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/Operand.aidl
+++ b/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/Operand.aidl
@@ -34,11 +34,11 @@
package android.hardware.neuralnetworks;
@VintfStability
parcelable Operand {
- android.hardware.neuralnetworks.OperandType type;
+ android.hardware.neuralnetworks.OperandType type = android.hardware.neuralnetworks.OperandType.FLOAT32;
int[] dimensions;
float scale;
int zeroPoint;
- android.hardware.neuralnetworks.OperandLifeTime lifetime;
+ android.hardware.neuralnetworks.OperandLifeTime lifetime = android.hardware.neuralnetworks.OperandLifeTime.TEMPORARY_VARIABLE;
android.hardware.neuralnetworks.DataLocation location;
@nullable android.hardware.neuralnetworks.OperandExtraParams extraParams;
}
diff --git a/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/OperandPerformance.aidl b/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/OperandPerformance.aidl
index de93d8b..ebb361b 100644
--- a/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/OperandPerformance.aidl
+++ b/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/OperandPerformance.aidl
@@ -34,6 +34,6 @@
package android.hardware.neuralnetworks;
@VintfStability
parcelable OperandPerformance {
- android.hardware.neuralnetworks.OperandType type;
+ android.hardware.neuralnetworks.OperandType type = android.hardware.neuralnetworks.OperandType.FLOAT32;
android.hardware.neuralnetworks.PerformanceInfo info;
}
diff --git a/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/Operation.aidl b/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/Operation.aidl
index 33fcd60..a4a3fbe 100644
--- a/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/Operation.aidl
+++ b/neuralnetworks/aidl/aidl_api/android.hardware.neuralnetworks/current/android/hardware/neuralnetworks/Operation.aidl
@@ -34,7 +34,7 @@
package android.hardware.neuralnetworks;
@VintfStability
parcelable Operation {
- android.hardware.neuralnetworks.OperationType type;
+ android.hardware.neuralnetworks.OperationType type = android.hardware.neuralnetworks.OperationType.ADD;
int[] inputs;
int[] outputs;
}
diff --git a/neuralnetworks/aidl/android/hardware/neuralnetworks/Operand.aidl b/neuralnetworks/aidl/android/hardware/neuralnetworks/Operand.aidl
index 4d2260f..998e06d 100644
--- a/neuralnetworks/aidl/android/hardware/neuralnetworks/Operand.aidl
+++ b/neuralnetworks/aidl/android/hardware/neuralnetworks/Operand.aidl
@@ -33,7 +33,7 @@
* {@link IDevice::OPERAND_TYPE_BASE_MAX} is possible and should be interpreted as an extension
* type according to {@link Model::extensionNameToPrefix}.
*/
- OperandType type;
+ OperandType type = OperandType.FLOAT32;
/**
* Dimensions of the operand.
*
@@ -86,7 +86,7 @@
/**
* How the operand is used.
*/
- OperandLifeTime lifetime;
+ OperandLifeTime lifetime = OperandLifeTime.TEMPORARY_VARIABLE;
/**
* Where to find the data for this operand.
* If the lifetime is TEMPORARY_VARIABLE, SUBGRAPH_INPUT, SUBGRAPH_OUTPUT, or NO_VALUE:
diff --git a/neuralnetworks/aidl/android/hardware/neuralnetworks/OperandPerformance.aidl b/neuralnetworks/aidl/android/hardware/neuralnetworks/OperandPerformance.aidl
index 7fd86f9..7f53967 100644
--- a/neuralnetworks/aidl/android/hardware/neuralnetworks/OperandPerformance.aidl
+++ b/neuralnetworks/aidl/android/hardware/neuralnetworks/OperandPerformance.aidl
@@ -25,6 +25,6 @@
*/
@VintfStability
parcelable OperandPerformance {
- OperandType type;
+ OperandType type = OperandType.FLOAT32;
PerformanceInfo info;
}
diff --git a/neuralnetworks/aidl/android/hardware/neuralnetworks/Operation.aidl b/neuralnetworks/aidl/android/hardware/neuralnetworks/Operation.aidl
index 0c6032f..366d9a4 100644
--- a/neuralnetworks/aidl/android/hardware/neuralnetworks/Operation.aidl
+++ b/neuralnetworks/aidl/android/hardware/neuralnetworks/Operation.aidl
@@ -30,7 +30,7 @@
* {@link IDevice::OPERATION_TYPE_BASE_MAX} is possible and should be interpreted as an
* extension type according to {@link Model::extensionNameToPrefix}.
*/
- OperationType type;
+ OperationType type = OperationType.ADD;
/**
* Describes the table that contains the indexes of the inputs of the operation. The offset is
* the index in the operandIndexes table.
diff --git a/neuralnetworks/aidl/android/hardware/neuralnetworks/OperationType.aidl b/neuralnetworks/aidl/android/hardware/neuralnetworks/OperationType.aidl
index 3f49154..e7fb90d 100644
--- a/neuralnetworks/aidl/android/hardware/neuralnetworks/OperationType.aidl
+++ b/neuralnetworks/aidl/android/hardware/neuralnetworks/OperationType.aidl
@@ -3693,7 +3693,7 @@
* front of dimension i.
* padding[i, 1] specifies the number of elements to be padded after
* the end of dimension i.
- * * 2: An scalar specifying the value to use for padding input0.
+ * * 2: A scalar specifying the value to use for padding input0.
* For input tensor of {@link OperandType::TENSOR_FLOAT16}, the
* pad value must be of {@link OperandType::FLOAT16}.
* For input tensor of {@link OperandType::TENSOR_FLOAT32}, the
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
index bf30999..3f75af6 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -44,10 +44,9 @@
void deleteKey(in byte[] keyBlob);
void deleteAllKeys();
void destroyAttestationIds();
- android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose purpose, in byte[] keyBlob, in android.hardware.security.keymint.KeyParameter[] params, in android.hardware.security.keymint.HardwareAuthToken authToken);
+ android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose purpose, in byte[] keyBlob, in android.hardware.security.keymint.KeyParameter[] params, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken);
void deviceLocked(in boolean passwordOnly, in @nullable android.hardware.security.secureclock.TimeStampToken timestampToken);
void earlyBootEnded();
byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);
- byte[] performOperation(in byte[] request);
const int AUTH_TOKEN_MAC_LENGTH = 32;
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
index 7591318..e310b44 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
@@ -48,7 +48,6 @@
RSA_PUBLIC_EXPONENT = 1342177480,
INCLUDE_UNIQUE_ID = 1879048394,
RSA_OAEP_MGF_DIGEST = 536871115,
- BLOB_USAGE_REQUIREMENTS = 268435757,
BOOTLOADER_ONLY = 1879048494,
ROLLBACK_RESISTANCE = 1879048495,
HARDWARE_TYPE = 268435760,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 1c503c2..a3260f5 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -257,9 +257,6 @@
*
* o Tag::ORIGIN with the value KeyOrigin::GENERATED.
*
- * o Tag::BLOB_USAGE_REQUIREMENTS with the appropriate value (see KeyBlobUsageRequirements in
- * Tag.aidl).
- *
* o Tag::OS_VERSION, Tag::OS_PATCHLEVEL, Tag::VENDOR_PATCHLEVEL and Tag::BOOT_PATCHLEVEL with
* appropriate values.
*
@@ -325,6 +322,10 @@
* return ErrorCode::INCOMPATIBLE_PURPOSE. If the provided AttestationKey has an empty
* issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
*
+ * If `attestationKey` is null and `keyParams` contains Tag::ATTESTATION_CHALLENGE but
+ * the KeyMint implementation does not have factory-provisioned attestation keys, it must
+ * return ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED.
+ *
* @return The result of key creation. See KeyCreationResult.aidl.
*/
KeyCreationResult generateKey(
@@ -364,6 +365,10 @@
* return ErrorCode::INCOMPATIBLE_PURPOSE. If the provided AttestationKey has an empty
* issuer subject name, the IKeyMintDevice must return ErrorCode::INVALID_ARGUMENT.
*
+ * If `attestationKey` is null and `keyParams` contains Tag::ATTESTATION_CHALLENGE but
+ * the KeyMint implementation does not have factory-provisioned attestation keys, it must
+ * return ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED.
+ *
* @return The result of key creation. See KeyCreationResult.aidl.
*/
KeyCreationResult importKey(in KeyParameter[] keyParams, in KeyFormat keyFormat,
@@ -713,9 +718,7 @@
* contain a tag Tag::NONCE. If Tag::NONCE is provided for a key without
* Tag:CALLER_NONCE, ErrorCode::CALLER_NONCE_PROHIBITED must be returned.
*
- * @param inAuthToken Authentication token. Callers that provide no token must set all numeric
- * fields to zero and the MAC must be an empty vector. TODO: make this field nullable.
- * b/173483024.
+ * @param inAuthToken Authentication token.
*
* @return BeginResult as output, which contains the challenge, KeyParameters which haves
* additional data from the operation initialization, notably to return the IV or nonce
@@ -723,7 +726,7 @@
* which is used to perform update(), finish() or abort() operations.
*/
BeginResult begin(in KeyPurpose purpose, in byte[] keyBlob, in KeyParameter[] params,
- in HardwareAuthToken authToken);
+ in @nullable HardwareAuthToken authToken);
/**
* Called by client to notify the IKeyMintDevice that the device is now locked, and keys with
@@ -783,18 +786,4 @@
* place of the input storageKeyBlob
*/
byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);
-
- /**
- * Called by the client to perform a KeyMint operation.
- *
- * This method is added primarily as a placeholder. Details will be fleshed before the KeyMint
- * V1 interface is frozen. Until then, implementations must return ErrorCode::UNIMPLEMENTED.
- *
- * @param request is an encrypted buffer containing a description of the operation the client
- * wishes to perform. Structure, content and encryption are TBD.
- *
- * @return an encrypted buffer containing the result of the operation. Structure, content and
- * encryption are TBD.
- */
- byte[] performOperation(in byte[] request);
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index c2e21b6..972a6a5 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -66,7 +66,8 @@
* provisioned attestation key, and the full certificate chain for that factory-provisioned
* attestation key. Tag::ATTESTATION_APPLICATION_ID must also be provided when the
* ATTESTATION_CHALLENGE is provided, otherwise ATTESTATION_APPLICATION_ID_MISSING will be
- * returned.
+ * returned. KeyMint implementations are not required to support factory-provisioned
+ * attestation keys.
*
* 2. Asymmetric key attestation with caller-provided key. If Tag::ATTESTATION_CHALLENGE is
* provided and the `attestationKey` parameter on the generat/import call is non-null and
@@ -90,6 +91,110 @@
* 5. Symmetric key. If the generated/imported key is symmetric, the certificate chain must
* return empty, any Tag::ATTESTATION_CHALLENGE or Tag::ATTESTATION_APPLICATION_ID inputs,
* if provided, are ignored.
+ *
+ * In all cases except the symmetric key, the contents of certificate chain must be DER-encoded
+ * X.509 certificates ordered such that each certificate is signed by the subsequent one, up to
+ * the root which must be self-signed (or contain a fake signature in the case of case 4 above).
+ * The first certificate in the chain signs the public key info of the newly-generated or
+ * newly-imported key pair. In the attestation cases (1 and 2 above), the first certificate
+ * must also satisfy some other requirements:
+ *
+ * o It must have the serial number provided in Tag::CERTIFICATE_SERIAL, or default to 1 if the
+ * tag is not provided.
+ *
+ * o It must have the subject provided in Tag::CERTIFICATE_SUBJECT, or default to CN="Android
+ * Keystore Key", if the tag is not provided.
+ *
+ * o It must contain the notBefore and notAfter date-times specified in
+ * Tag::CERTIFICATE_NOT_BEFORE and Tag::CERTIFICATE_NOT_AFTER, respectively.
+ *
+ * o It must contain a Key Usage extension with:
+ *
+ * - the digitalSignature bit set iff the attested key has KeyPurpose::SIGN,
+ * - the dataEncipherment bit set iff the attested key has KeyPurpose::DECRYPT,
+ * - the keyEncipherment bit set iff the attested key has KeyPurpose::WRAP_KEY,
+ * - the keyAgreement bit set iff the attested key has KeyPurpose::AGREE_KEY, and
+ * - the keyCertSignBit set iff the attested key has KeyPurpose::ATTEST_KEY.
+ *
+ * o it must contain a KeyDescription attestation extension with OID 1.3.6.1.4.1.11129.2.1.17.
+ *
+ * The KeyDescription content is defined by the following ASN.1 schema, which is mostly a
+ * straightforward translation of the KeyMint tag/value parameter lists to ASN.1.
+ *
+ * KeyDescription ::= SEQUENCE {
+ * attestationVersion INTEGER, # Value 100
+ * attestationSecurityLevel SecurityLevel, # See below
+ * keyMintVersion INTEGER, # Value 100
+ * keymintSecurityLevel SecurityLevel, # See below
+ * attestationChallenge OCTET_STRING, # Tag::ATTESTATION_CHALLENGE from attestParams
+ * uniqueId OCTET_STRING, # Empty unless key has Tag::INCLUDE_UNIQUE_ID
+ * softwareEnforced AuthorizationList, # See below
+ * hardwareEnforced AuthorizationList, # See below
+ * }
+ *
+ * SecurityLevel ::= ENUMERATED {
+ * Software (0),
+ * TrustedEnvironment (1),
+ * StrongBox (2),
+ * }
+ *
+ * RootOfTrust ::= SEQUENCE {
+ * verifiedBootKey OCTET_STRING,
+ * deviceLocked BOOLEAN,
+ * verifiedBootState VerifiedBootState,
+ * # verifiedBootHash must contain 32-byte value that represents the state of all binaries
+ * # or other components validated by verified boot. Updating any verified binary or
+ * # component must cause this value to change.
+ * verifiedBootHash OCTET_STRING,
+ * }
+ *
+ * VerifiedBootState ::= ENUMERATED {
+ * Verified (0),
+ * SelfSigned (1),
+ * Unverified (2),
+ * Failed (3),
+ * }
+ *
+ * AuthorizationList ::= SEQUENCE {
+ * purpose [1] EXPLICIT SET OF INTEGER OPTIONAL,
+ * algorithm [2] EXPLICIT INTEGER OPTIONAL,
+ * keySize [3] EXPLICIT INTEGER OPTIONAL,
+ * blockMode [4] EXPLICIT SET OF INTEGER OPTIONAL,
+ * digest [5] EXPLICIT SET OF INTEGER OPTIONAL,
+ * padding [6] EXPLICIT SET OF INTEGER OPTIONAL,
+ * callerNonce [7] EXPLICIT NULL OPTIONAL,
+ * minMacLength [8] EXPLICIT INTEGER OPTIONAL,
+ * ecCurve [10] EXPLICIT INTEGER OPTIONAL,
+ * rsaPublicExponent [200] EXPLICIT INTEGER OPTIONAL,
+ * rollbackResistance [303] EXPLICIT NULL OPTIONAL,
+ * activeDateTime [400] EXPLICIT INTEGER OPTIONAL,
+ * originationExpireDateTime [401] EXPLICIT INTEGER OPTIONAL,
+ * usageExpireDateTime [402] EXPLICIT INTEGER OPTIONAL,
+ * userSecureId [502] EXPLICIT INTEGER OPTIONAL,
+ * noAuthRequired [503] EXPLICIT NULL OPTIONAL,
+ * userAuthType [504] EXPLICIT INTEGER OPTIONAL,
+ * authTimeout [505] EXPLICIT INTEGER OPTIONAL,
+ * allowWhileOnBody [506] EXPLICIT NULL OPTIONAL,
+ * trustedUserPresenceReq [507] EXPLICIT NULL OPTIONAL,
+ * trustedConfirmationReq [508] EXPLICIT NULL OPTIONAL,
+ * unlockedDeviceReq [509] EXPLICIT NULL OPTIONAL,
+ * creationDateTime [701] EXPLICIT INTEGER OPTIONAL,
+ * origin [702] EXPLICIT INTEGER OPTIONAL,
+ * rootOfTrust [704] EXPLICIT RootOfTrust OPTIONAL,
+ * osVersion [705] EXPLICIT INTEGER OPTIONAL,
+ * osPatchLevel [706] EXPLICIT INTEGER OPTIONAL,
+ * attestationApplicationId [709] EXPLICIT OCTET_STRING OPTIONAL,
+ * attestationIdBrand [710] EXPLICIT OCTET_STRING OPTIONAL,
+ * attestationIdDevice [711] EXPLICIT OCTET_STRING OPTIONAL,
+ * attestationIdProduct [712] EXPLICIT OCTET_STRING OPTIONAL,
+ * attestationIdSerial [713] EXPLICIT OCTET_STRING OPTIONAL,
+ * attestationIdImei [714] EXPLICIT OCTET_STRING OPTIONAL,
+ * attestationIdMeid [715] EXPLICIT OCTET_STRING OPTIONAL,
+ * attestationIdManufacturer [716] EXPLICIT OCTET_STRING OPTIONAL,
+ * attestationIdModel [717] EXPLICIT OCTET_STRING OPTIONAL,
+ * vendorPatchLevel [718] EXPLICIT INTEGER OPTIONAL,
+ * bootPatchLevel [719] EXPLICIT INTEGER OPTIONAL,
+ * }
*/
Certificate[] certificateChain;
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index cde1fc0..02e7f00 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -203,22 +203,7 @@
*/
RSA_OAEP_MGF_DIGEST = (2 << 28) /* TagType:ENUM_REP */ | 203,
- /**
- * TODO(seleneh) this tag needs to be deleted from all codes.
- *
- * Tag::BLOB_USAGE_REQUIREMENTS specifies the necessary system environment conditions for the
- * generated key to be used. Possible values are defined by the KeyBlobUsageRequirements enum.
- *
- * This tag is specified by the caller during key generation or import to require that the key
- * is usable in the specified condition. If the caller specifies Tag::BLOB_USAGE_REQUIREMENTS
- * with value KeyBlobUsageRequirements::STANDALONE the IKeyMintDevice must return a key blob
- * that can be used without file system support. This is critical for devices with encrypted
- * disks, where the file system may not be available until after a KeyMint key is used to
- * decrypt the disk.
- *
- * Must be hardware-enforced.
- */
- BLOB_USAGE_REQUIREMENTS = (1 << 28) /* TagType:ENUM */ | 301,
+ // Tag 301 reserved
/**
* Tag::BOOTLOADER_ONLY specifies only the bootloader can use the key.
@@ -935,33 +920,34 @@
CONFIRMATION_TOKEN = (9 << 28) /* TagType:BYTES */ | 1005,
/**
- * Tag::CERTIFICATE_SERIAL specifies the serial number to be assigned to the
- * attestation certificate to be generated for the given key. This parameter should only
- * be passed to keyMint in the attestation parameters during generateKey() and importKey().
+ * Tag::CERTIFICATE_SERIAL specifies the serial number to be assigned to the attestation
+ * certificate to be generated for the given key. This parameter should only be passed to
+ * keyMint in the attestation parameters during generateKey() and importKey(). If not provided,
+ * the serial shall default to 1.
*/
CERTIFICATE_SERIAL = (8 << 28) /* TagType:BIGNUM */ | 1006,
/**
- * Tag::CERTIFICATE_SUBJECT the certificate subject. The value is a DER encoded X509 NAME.
- * This value is used when generating a self signed certificates. This tag may be specified
+ * Tag::CERTIFICATE_SUBJECT the certificate subject. The value is a DER encoded X509 NAME.
+ * This value is used when generating a self signed certificates. This tag may be specified
* during generateKey and importKey. If not provided the subject name shall default to
- * <TODO default subject here>.
+ * CN="Android Keystore Key".
*/
CERTIFICATE_SUBJECT = (9 << 28) /* TagType:BYTES */ | 1007,
/**
* Tag::CERTIFICATE_NOT_BEFORE the beginning of the validity of the certificate in UNIX epoch
- * time in seconds. This value is used when generating attestation or self signed certificates.
- * ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if this tag is
- * not provided to generateKey or importKey.
+ * time in seconds. This value is used when generating attestation or self signed certificates.
+ * ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if this tag is not
+ * provided to generateKey or importKey.
*/
CERTIFICATE_NOT_BEFORE = (6 << 28) /* TagType:DATE */ | 1008,
/**
- * Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch
- * time in seconds. This value is used when generating attestation or self signed certificates.
- * ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey
- * or importKey.
+ * Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch time in
+ * seconds. This value is used when generating attestation or self signed certificates.
+ * ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey or
+ * importKey.
*/
CERTIFICATE_NOT_AFTER = (6 << 28) /* TagType:DATE */ | 1009,
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index daa3e18..4e951d6 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -35,6 +35,12 @@
using AttestKeyTest = KeyMintAidlTestBase;
+/*
+ * AttestKeyTest.AllRsaSizes
+ *
+ * This test creates self signed RSA attestation keys of various sizes, and verify they can be
+ * used to sign other RSA and EC keys.
+ */
TEST_P(AttestKeyTest, AllRsaSizes) {
for (auto size : ValidKeySizes(Algorithm::RSA)) {
/*
@@ -54,7 +60,7 @@
EXPECT_TRUE(IsSelfSigned(attest_key_cert_chain)) << "Failed on size " << size;
/*
- * Use attestation key to sign RSA key
+ * Use attestation key to sign RSA signing key
*/
attest_key.issuerSubjectName = make_name_from_str("Android Keystore Key");
vector<uint8_t> attested_key_blob;
@@ -81,14 +87,47 @@
EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
// Appending the attest_key chain to the attested_key_chain should yield a valid chain.
- if (attest_key_cert_chain.size() > 0) {
- attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
- }
+ attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
+ EXPECT_EQ(attested_key_cert_chain.size(), 2);
+
+ /*
+ * Use attestation key to sign RSA decryption key
+ */
+ attested_key_characteristics.resize(0);
+ attested_key_cert_chain.resize(0);
+ EXPECT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .RsaEncryptionKey(2048, 65537)
+ .Digest(Digest::NONE)
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .AttestationChallenge("foo2")
+ .AttestationApplicationId("bar2")
+ .SetDefaultValidity(),
+ attest_key, &attested_key_blob, &attested_key_characteristics,
+ &attested_key_cert_chain));
+
+ CheckedDeleteKey(&attested_key_blob);
+
+ hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
+ sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
+ EXPECT_TRUE(verify_attestation_record("foo2", "bar2", sw_enforced, hw_enforced, SecLevel(),
+ attested_key_cert_chain[0].encodedCertificate));
+
+ // Attestation by itself is not valid (last entry is not self-signed).
+ EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
+
+ // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
+ attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
+ EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
+ EXPECT_EQ(attested_key_cert_chain.size(), 2);
/*
* Use attestation key to sign EC key
*/
+ attested_key_characteristics.resize(0);
+ attested_key_cert_chain.resize(0);
EXPECT_EQ(ErrorCode::OK,
GenerateKey(AuthorizationSetBuilder()
.EcdsaSigningKey(EcCurve::P_256)
@@ -111,9 +150,7 @@
EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
// Appending the attest_key chain to the attested_key_chain should yield a valid chain.
- if (attest_key_cert_chain.size() > 0) {
- attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
- }
+ attested_key_cert_chain.push_back(attest_key_cert_chain[0]);
EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
// Bail early if anything failed.
@@ -121,6 +158,327 @@
}
}
+/*
+ * AttestKeyTest.RsaAttestedAttestKeys
+ *
+ * This test creates an RSA attestation key signed by factory keys, and varifies it can be
+ * used to sign other RSA and EC keys.
+ */
+TEST_P(AttestKeyTest, RsaAttestedAttestKeys) {
+ auto challenge = "hello";
+ auto app_id = "foo";
+
+ auto subject = "cert subj 2";
+ vector<uint8_t> subject_der(make_name_from_str(subject));
+
+ uint64_t serial_int = 66;
+ vector<uint8_t> serial_blob(build_serial_blob(serial_int));
+
+ /*
+ * Create attestation key.
+ */
+ AttestationKey attest_key;
+ vector<KeyCharacteristics> attest_key_characteristics;
+ vector<Certificate> attest_key_cert_chain;
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .RsaSigningKey(2048, 65537)
+ .AttestKey()
+ .AttestationChallenge(challenge)
+ .AttestationApplicationId(app_id)
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
+ {} /* attestation signing key */, &attest_key.keyBlob,
+ &attest_key_characteristics, &attest_key_cert_chain));
+
+ EXPECT_GT(attest_key_cert_chain.size(), 1);
+ verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false);
+ EXPECT_TRUE(ChainSignaturesAreValid(attest_key_cert_chain));
+
+ AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attest_key_characteristics);
+ AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attest_key_characteristics);
+ EXPECT_TRUE(verify_attestation_record(challenge, app_id, //
+ sw_enforced, hw_enforced, SecLevel(),
+ attest_key_cert_chain[0].encodedCertificate));
+
+ /*
+ * Use attestation key to sign RSA key
+ */
+ attest_key.issuerSubjectName = subject_der;
+ vector<uint8_t> attested_key_blob;
+ vector<KeyCharacteristics> attested_key_characteristics;
+ vector<Certificate> attested_key_cert_chain;
+
+ auto subject2 = "cert subject";
+ vector<uint8_t> subject_der2(make_name_from_str(subject2));
+
+ uint64_t serial_int2 = 987;
+ vector<uint8_t> serial_blob2(build_serial_blob(serial_int2));
+
+ EXPECT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .RsaSigningKey(2048, 65537)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob2)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der2)
+ .SetDefaultValidity(),
+ attest_key, &attested_key_blob, &attested_key_characteristics,
+ &attested_key_cert_chain));
+
+ CheckedDeleteKey(&attested_key_blob);
+ CheckedDeleteKey(&attest_key.keyBlob);
+
+ AuthorizationSet hw_enforced2 = HwEnforcedAuthorizations(attested_key_characteristics);
+ AuthorizationSet sw_enforced2 = SwEnforcedAuthorizations(attested_key_characteristics);
+ EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced2, hw_enforced2, SecLevel(),
+ attested_key_cert_chain[0].encodedCertificate));
+
+ // Attestation by itself is not valid (last entry is not self-signed).
+ EXPECT_FALSE(ChainSignaturesAreValid(attested_key_cert_chain));
+
+ // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
+ attested_key_cert_chain.insert(attested_key_cert_chain.end(), attest_key_cert_chain.begin(),
+ attest_key_cert_chain.end());
+
+ EXPECT_TRUE(ChainSignaturesAreValid(attested_key_cert_chain));
+ EXPECT_GT(attested_key_cert_chain.size(), 2);
+ verify_subject_and_serial(attested_key_cert_chain[0], serial_int2, subject2, false);
+}
+
+/*
+ * AttestKeyTest.RsaAttestKeyChaining
+ *
+ * This test creates a chain of multiple RSA attest keys, each used to sign the next attest key,
+ * with the last attest key signed by the factory chain.
+ */
+TEST_P(AttestKeyTest, RsaAttestKeyChaining) {
+ const int chain_size = 6;
+ vector<vector<uint8_t>> key_blob_list(chain_size);
+ vector<vector<Certificate>> cert_chain_list(chain_size);
+
+ for (int i = 0; i < chain_size; i++) {
+ string sub = "attest key chaining ";
+ char index = '1' + i;
+ string subject = sub + index;
+ vector<uint8_t> subject_der(make_name_from_str(subject));
+
+ uint64_t serial_int = 7000 + i;
+ vector<uint8_t> serial_blob(build_serial_blob(serial_int));
+
+ vector<KeyCharacteristics> attested_key_characteristics;
+ AttestationKey attest_key;
+ optional<AttestationKey> attest_key_opt;
+
+ if (i > 0) {
+ attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
+ attest_key.keyBlob = key_blob_list[i - 1];
+ attest_key_opt = attest_key;
+ }
+
+ EXPECT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .RsaSigningKey(2048, 65537)
+ .AttestKey()
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .SetDefaultValidity(),
+ attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
+ &cert_chain_list[i]));
+
+ AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
+ AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
+ EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ cert_chain_list[i][0].encodedCertificate));
+
+ if (i > 0) {
+ /*
+ * The first key is attestated with factory chain, but all the rest of the keys are
+ * not supposed to be returned in attestation certificate chains.
+ */
+ EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
+
+ // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
+ cert_chain_list[i].insert(cert_chain_list[i].end(), //
+ cert_chain_list[i - 1].begin(), //
+ cert_chain_list[i - 1].end());
+ }
+
+ EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
+ EXPECT_GT(cert_chain_list[i].size(), i + 1);
+ verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
+ }
+
+ for (int i = 0; i < chain_size; i++) {
+ CheckedDeleteKey(&key_blob_list[i]);
+ }
+}
+
+/*
+ * AttestKeyTest.EcAttestKeyChaining
+ *
+ * This test creates a chain of multiple Ec attest keys, each used to sign the next attest key,
+ * with the last attest key signed by the factory chain.
+ */
+TEST_P(AttestKeyTest, EcAttestKeyChaining) {
+ const int chain_size = 6;
+ vector<vector<uint8_t>> key_blob_list(chain_size);
+ vector<vector<Certificate>> cert_chain_list(chain_size);
+
+ for (int i = 0; i < chain_size; i++) {
+ string sub = "Ec attest key chaining ";
+ char index = '1' + i;
+ string subject = sub + index;
+ vector<uint8_t> subject_der(make_name_from_str(subject));
+
+ uint64_t serial_int = 800000 + i;
+ vector<uint8_t> serial_blob(build_serial_blob(serial_int));
+
+ vector<KeyCharacteristics> attested_key_characteristics;
+ AttestationKey attest_key;
+ optional<AttestationKey> attest_key_opt;
+
+ if (i > 0) {
+ attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
+ attest_key.keyBlob = key_blob_list[i - 1];
+ attest_key_opt = attest_key;
+ }
+
+ EXPECT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .EcdsaSigningKey(224)
+ .AttestKey()
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
+ attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
+ &cert_chain_list[i]));
+
+ AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
+ AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
+ EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ cert_chain_list[i][0].encodedCertificate));
+
+ if (i > 0) {
+ /*
+ * The first key is attestated with factory chain, but all the rest of the keys are
+ * not supposed to be returned in attestation certificate chains.
+ */
+ EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
+
+ // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
+ cert_chain_list[i].insert(cert_chain_list[i].end(), //
+ cert_chain_list[i - 1].begin(), //
+ cert_chain_list[i - 1].end());
+ }
+
+ EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
+ EXPECT_GT(cert_chain_list[i].size(), i + 1);
+ verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
+ }
+
+ for (int i = 0; i < chain_size; i++) {
+ CheckedDeleteKey(&key_blob_list[i]);
+ }
+}
+
+/*
+ * AttestKeyTest.AlternateAttestKeyChaining
+ *
+ * This test creates a chain of multiple attest keys, in the order Ec - RSA - Ec - RSA ....
+ * Each attest key is used to sign the next attest key, with the last attest key signed by
+ * the factory chain. This is to verify different algorithms of attest keys can
+ * cross sign each other and be chained together.
+ */
+TEST_P(AttestKeyTest, AlternateAttestKeyChaining) {
+ const int chain_size = 6;
+ vector<vector<uint8_t>> key_blob_list(chain_size);
+ vector<vector<Certificate>> cert_chain_list(chain_size);
+
+ for (int i = 0; i < chain_size; i++) {
+ string sub = "Alt attest key chaining ";
+ char index = '1' + i;
+ string subject = sub + index;
+ vector<uint8_t> subject_der(make_name_from_str(subject));
+
+ uint64_t serial_int = 90000000 + i;
+ vector<uint8_t> serial_blob(build_serial_blob(serial_int));
+
+ vector<KeyCharacteristics> attested_key_characteristics;
+ AttestationKey attest_key;
+ optional<AttestationKey> attest_key_opt;
+
+ if (i > 0) {
+ attest_key.issuerSubjectName = make_name_from_str(sub + (char)(index - 1));
+ attest_key.keyBlob = key_blob_list[i - 1];
+ attest_key_opt = attest_key;
+ }
+
+ if ((i & 0x1) == 1) {
+ EXPECT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .EcdsaSigningKey(224)
+ .AttestKey()
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
+ attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
+ &cert_chain_list[i]));
+ } else {
+ EXPECT_EQ(ErrorCode::OK,
+ GenerateKey(AuthorizationSetBuilder()
+ .RsaSigningKey(2048, 65537)
+ .AttestKey()
+ .AttestationChallenge("foo")
+ .AttestationApplicationId("bar")
+ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob)
+ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity(),
+ attest_key_opt, &key_blob_list[i], &attested_key_characteristics,
+ &cert_chain_list[i]));
+ }
+
+ AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics);
+ AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics);
+ EXPECT_TRUE(verify_attestation_record("foo", "bar", sw_enforced, hw_enforced, SecLevel(),
+ cert_chain_list[i][0].encodedCertificate));
+
+ if (i > 0) {
+ /*
+ * The first key is attestated with factory chain, but all the rest of the keys are
+ * not supposed to be returned in attestation certificate chains.
+ */
+ EXPECT_FALSE(ChainSignaturesAreValid(cert_chain_list[i]));
+
+ // Appending the attest_key chain to the attested_key_chain should yield a valid chain.
+ cert_chain_list[i].insert(cert_chain_list[i].end(), //
+ cert_chain_list[i - 1].begin(), //
+ cert_chain_list[i - 1].end());
+ }
+
+ EXPECT_TRUE(ChainSignaturesAreValid(cert_chain_list[i]));
+ EXPECT_GT(cert_chain_list[i].size(), i + 1);
+ verify_subject_and_serial(cert_chain_list[i][0], serial_int, subject, false);
+ }
+
+ for (int i = 0; i < chain_size; i++) {
+ CheckedDeleteKey(&key_blob_list[i]);
+ }
+}
+
TEST_P(AttestKeyTest, AllEcCurves) {
for (auto curve : ValidCurves()) {
/*
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 64ef066..61f2f77 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -119,7 +119,6 @@
// Attestations don't contain everything in key authorization lists, so we need to filter the key
// lists to produce the lists that we expect to match the attestations.
auto kTagsToFilter = {
- Tag::BLOB_USAGE_REQUIREMENTS, //
Tag::CREATION_DATETIME, //
Tag::EC_CURVE,
Tag::HARDWARE_TYPE,
@@ -348,7 +347,7 @@
SCOPED_TRACE("Begin");
Status result;
BeginResult out;
- result = keymint_->begin(purpose, key_blob, in_params.vector_data(), HardwareAuthToken(), &out);
+ result = keymint_->begin(purpose, key_blob, in_params.vector_data(), std::nullopt, &out);
if (result.isOk()) {
*out_params = out.params;
@@ -366,7 +365,7 @@
Status result;
BeginResult out;
- result = keymint_->begin(purpose, key_blob, in_params.vector_data(), HardwareAuthToken(), &out);
+ result = keymint_->begin(purpose, key_blob, in_params.vector_data(), std::nullopt, &out);
if (result.isOk()) {
*out_params = out.params;
@@ -942,7 +941,7 @@
EXPECT_EQ(ErrorCode::OK, error);
if (error != ErrorCode::OK) return false;
- EXPECT_GE(att_attestation_version, 3U);
+ EXPECT_EQ(att_attestation_version, 100U);
vector<uint8_t> appId(app_id.begin(), app_id.end());
// check challenge and app id only if we expects a non-fake certificate
@@ -953,7 +952,7 @@
expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, appId);
}
- EXPECT_GE(att_keymaster_version, 4U);
+ EXPECT_EQ(att_keymaster_version, 100U);
EXPECT_EQ(security_level, att_keymaster_security_level);
EXPECT_EQ(security_level, att_attestation_security_level);
@@ -1142,7 +1141,10 @@
string cert_issuer = x509NameToStr(X509_get_issuer_name(key_cert.get()));
string signer_subj = x509NameToStr(X509_get_subject_name(signing_cert.get()));
if (cert_issuer != signer_subj) {
- return AssertionFailure() << "Cert " << i << " has wrong issuer.\n" << cert_data.str();
+ return AssertionFailure() << "Cert " << i << " has wrong issuer.\n"
+ << " Signer subject is " << signer_subj
+ << " Issuer subject is " << cert_issuer << endl
+ << cert_data.str();
}
}
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index aa008f8..a89cc5b 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -5372,16 +5372,6 @@
INSTANTIATE_KEYMINT_AIDL_TEST(UnlockedDeviceRequiredTest);
-using PerformOperationTest = KeyMintAidlTestBase;
-
-TEST_P(PerformOperationTest, RequireUnimplemented) {
- vector<uint8_t> response;
- auto result = keymint_->performOperation({} /* request */, &response);
- ASSERT_EQ(GetReturnErrorCode(result), ErrorCode::UNIMPLEMENTED);
-}
-
-INSTANTIATE_KEYMINT_AIDL_TEST(PerformOperationTest);
-
} // namespace aidl::android::hardware::security::keymint::test
int main(int argc, char** argv) {
diff --git a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
index 6c795f5..54b6fdc 100644
--- a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
+++ b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
@@ -228,8 +228,7 @@
AuthorizationSet* out_params) {
Status result;
BeginResult out;
- result = keymint_->begin(purpose, key_blob_, in_params.vector_data(), HardwareAuthToken(),
- &out);
+ result = keymint_->begin(purpose, key_blob_, in_params.vector_data(), std::nullopt, &out);
if (result.isOk()) {
*out_params = out.params;
op_ = out.operation;
diff --git a/vibrator/aidl/aidl_api/android.hardware.vibrator/current/android/hardware/vibrator/CompositeEffect.aidl b/vibrator/aidl/aidl_api/android.hardware.vibrator/current/android/hardware/vibrator/CompositeEffect.aidl
index 8cb259f..7431804 100644
--- a/vibrator/aidl/aidl_api/android.hardware.vibrator/current/android/hardware/vibrator/CompositeEffect.aidl
+++ b/vibrator/aidl/aidl_api/android.hardware.vibrator/current/android/hardware/vibrator/CompositeEffect.aidl
@@ -19,6 +19,6 @@
@VintfStability
parcelable CompositeEffect {
int delayMs;
- android.hardware.vibrator.CompositePrimitive primitive;
+ android.hardware.vibrator.CompositePrimitive primitive = android.hardware.vibrator.CompositePrimitive.NOOP;
float scale;
}
diff --git a/vibrator/aidl/android/hardware/vibrator/CompositeEffect.aidl b/vibrator/aidl/android/hardware/vibrator/CompositeEffect.aidl
index 406a899..5a990c0 100644
--- a/vibrator/aidl/android/hardware/vibrator/CompositeEffect.aidl
+++ b/vibrator/aidl/android/hardware/vibrator/CompositeEffect.aidl
@@ -22,7 +22,7 @@
parcelable CompositeEffect {
/* Period of silence preceding primitive. */
int delayMs;
- CompositePrimitive primitive;
+ CompositePrimitive primitive = CompositePrimitive.NOOP;
/*
* 0.0 (inclusive) - 1.0 (inclusive),
* where 0.0 is minimum "feelable" amplitude.