Merge "[LSC] Add LOCAL_LICENSE_KINDS to hardware/interfaces"
diff --git a/automotive/audiocontrol/1.0/default/Android.bp b/automotive/audiocontrol/1.0/default/Android.bp
index 3cae4f1..7180a70 100644
--- a/automotive/audiocontrol/1.0/default/Android.bp
+++ b/automotive/audiocontrol/1.0/default/Android.bp
@@ -28,7 +28,7 @@
relative_install_path: "hw",
srcs: [
"AudioControl.cpp",
- "service.cpp"
+ "service.cpp",
],
init_rc: ["android.hardware.automotive.audiocontrol@1.0-service.rc"],
@@ -40,3 +40,16 @@
],
vintf_fragments: ["audiocontrol_manifest.xml"],
}
+
+filegroup {
+ name: "audiocontrolV1.0_source",
+ srcs: [
+ "AudioControl.cpp",
+ ],
+}
+
+cc_library_headers {
+ name: "audiocontrolV1.0_header",
+ host_supported: true,
+ export_include_dirs: ["."],
+}
diff --git a/automotive/audiocontrol/1.0/default/test/fuzzer/Android.bp b/automotive/audiocontrol/1.0/default/test/fuzzer/Android.bp
new file mode 100644
index 0000000..9228ee4
--- /dev/null
+++ b/automotive/audiocontrol/1.0/default/test/fuzzer/Android.bp
@@ -0,0 +1,43 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
+ */
+
+cc_fuzz {
+ name: "audiocontrolV1.0_fuzzer",
+ host_supported: true,
+ srcs: [
+ "audiocontrolV1.0_fuzzer.cpp",
+ ":audiocontrolV1.0_source",
+ ],
+ header_libs: [
+ "audiocontrolV1.0_header",
+ ],
+ shared_libs: [
+ "android.hardware.automotive.audiocontrol@1.0",
+ "libhidlbase",
+ "liblog",
+ "libutils",
+ ],
+ fuzz_config: {
+ cc: [
+ "android-media-fuzzing-reports@google.com",
+ ],
+ componentid: 533764,
+ },
+}
diff --git a/automotive/audiocontrol/1.0/default/test/fuzzer/audiocontrolV1.0_fuzzer.cpp b/automotive/audiocontrol/1.0/default/test/fuzzer/audiocontrolV1.0_fuzzer.cpp
new file mode 100644
index 0000000..268df08
--- /dev/null
+++ b/automotive/audiocontrol/1.0/default/test/fuzzer/audiocontrolV1.0_fuzzer.cpp
@@ -0,0 +1,41 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
+ */
+#include <AudioControl.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+using ::android::sp;
+using ::android::hardware::automotive::audiocontrol::V1_0::ContextNumber;
+using ::android::hardware::automotive::audiocontrol::V1_0::implementation::AudioControl;
+
+namespace android::hardware::automotive::audiocontrol::V1_0::implementation::fuzzer {
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ if (size < 1) {
+ return 0;
+ }
+ if (sp<AudioControl> audioControl = new AudioControl(); audioControl != nullptr) {
+ FuzzedDataProvider fdp = FuzzedDataProvider(data, size);
+ ContextNumber contextNumber = static_cast<ContextNumber>(fdp.ConsumeIntegral<uint32_t>());
+ audioControl->getBusForContext(contextNumber);
+ audioControl->setBalanceTowardRight(fdp.ConsumeFloatingPoint<float>());
+ audioControl->setFadeTowardFront(fdp.ConsumeFloatingPoint<float>());
+ }
+ return 0;
+}
+} // namespace android::hardware::automotive::audiocontrol::V1_0::implementation::fuzzer
diff --git a/automotive/vehicle/2.0/default/Android.bp b/automotive/vehicle/2.0/default/Android.bp
index d092f7a..50b603c 100644
--- a/automotive/vehicle/2.0/default/Android.bp
+++ b/automotive/vehicle/2.0/default/Android.bp
@@ -222,3 +222,29 @@
"android.hardware.automotive.vehicle@2.0-libproto-native",
],
}
+
+cc_fuzz {
+ name: "vehicleManager_fuzzer",
+ vendor: true,
+ defaults: ["vhal_v2_0_target_defaults"],
+ whole_static_libs: ["android.hardware.automotive.vehicle@2.0-manager-lib"],
+ srcs: [
+ "tests/fuzzer/VehicleManager_fuzzer.cpp",
+ ],
+ shared_libs: [
+ "libbase",
+ "libcutils",
+ "libbinder_ndk",
+ ],
+ header_libs: ["libbase_headers"],
+ local_include_dirs: [
+ "common/include",
+ "tests",
+ ],
+ fuzz_config: {
+ cc: [
+ "android-media-fuzzing-reports@google.com",
+ ],
+ componentid: 533764,
+ },
+}
diff --git a/automotive/vehicle/2.0/default/tests/fuzzer/README.md b/automotive/vehicle/2.0/default/tests/fuzzer/README.md
new file mode 100644
index 0000000..3fa0d3f
--- /dev/null
+++ b/automotive/vehicle/2.0/default/tests/fuzzer/README.md
@@ -0,0 +1,66 @@
+# Fuzzer for android.hardware.automotive.vehicle@2.0-manager-lib
+
+## Plugin Design Considerations
+The fuzzer plugin for android.hardware.automotive.vehicle@2.0-manager-lib is
+designed based on the understanding of the library and tries to achieve the following:
+
+##### Maximize code coverage
+The configuration parameters are not hardcoded, but instead selected based on
+incoming data. This ensures more code paths are reached by the fuzzer.
+
+Vehicle Manager supports the following parameters:
+1. Vehicle Property (parameter name: `vehicleProp`)
+2. Diagnostic Integer Sensor Index (parameter name: `diagnosticIntIndex`)
+3. Diagnostic Float Sensor Index (parameter name: `diagnosticFloatIndex`)
+4. Availability Message Type (parameter name: `availabilityMsgType`)
+5. Subscription Message Type (parameter name: `subscriptionMsgType`)
+
+| Parameter| Valid Values| Configured Value|
+|------------- |-------------| ----- |
+| `vehicleProp` | 0.`VehicleProperty::INVALID` 1.`VehicleProperty::HVAC_FAN_SPEED` 2.`VehicleProperty::INFO_MAKE` 3.`VehicleProperty::DISPLAY_BRIGHTNESS` 4.`VehicleProperty::INFO_FUEL_CAPACITY` 5.`VehicleProperty::HVAC_SEAT_TEMPERATURE`| Value obtained from FuzzedDataProvider |
+| `diagnosticIntIndex` | 0.`DiagnosticIntegerSensorIndex::FUEL_SYSTEM_STATUS` 1.`DiagnosticIntegerSensorIndex::MALFUNCTION_INDICATOR_LIGHT_ON` 2.`DiagnosticIntegerSensorIndex::NUM_OXYGEN_SENSORS_PRESENT` 3.`DiagnosticIntegerSensorIndex::FUEL_TYPE` | Value obtained from FuzzedDataProvider |
+| `diagnosticFloatIndex` | 0.`DiagnosticFloatSensorIndex::CALCULATED_ENGINE_LOAD` 1.`DiagnosticFloatSensorIndex::SHORT_TERM_FUEL_TRIM_BANK1` 2.`DiagnosticFloatSensorIndex::LONG_TERM_FUEL_TRIM_BANK1` 3.`DiagnosticFloatSensorIndex::THROTTLE_POSITION` | Value obtained from FuzzedDataProvider |
+| `availabilityMsgType` | 0.`VmsMessageType::AVAILABILITY_CHANGE` 1.`VmsMessageType::AVAILABILITY_RESPONSE` | Value obtained from FuzzedDataProvider |
+| `subscriptionMsgType` | 0.`VmsMessageType::SUBSCRIPTIONS_CHANGE` 1.`VmsMessageType::SUBSCRIPTIONS_RESPONSE` | Value obtained from FuzzedDataProvider |
+
+This also ensures that the plugin is always deterministic for any given input.
+
+## Build
+
+This describes steps to build vehicleManager_fuzzer binary.
+
+### Android
+
+#### Steps to build
+Build the fuzzer
+```
+ $ mm -j$(nproc) vehicleManager_fuzzer
+```
+
+#### Steps to run
+Create a directory CORPUS_DIR
+```
+ $ adb shell mkdir /data/local/tmp/CORPUS_DIR
+```
+
+##### Some Additional steps needed to run the vehicleManager_fuzzer successfully on device
+
+1. Push the following libraries from /vendor/lib/ and /vendor/lib64/ folders of your workspace to the device's /vendor/lib/ and /vendor/lib64/ :
+```
+1.1 android.hardware.automotive.vehicle@2.0.so
+1.2 carwatchdog_aidl_interface-V2-ndk_platform.so
+```
+2. Now, reboot the device using command
+```
+ $ adb reboot
+```
+
+##### To run the fuzzer on device
+```
+ $ adb sync data
+ $ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/${TARGET_ARCH}/vehicleManager_fuzzer/vendor/vehicleManager_fuzzer /data/local/tmp/CORPUS_DIR
+```
+
+## References:
+ * http://llvm.org/docs/LibFuzzer.html
+ * https://github.com/google/oss-fuzz
diff --git a/automotive/vehicle/2.0/default/tests/fuzzer/VehicleManager_fuzzer.cpp b/automotive/vehicle/2.0/default/tests/fuzzer/VehicleManager_fuzzer.cpp
new file mode 100644
index 0000000..796c08f
--- /dev/null
+++ b/automotive/vehicle/2.0/default/tests/fuzzer/VehicleManager_fuzzer.cpp
@@ -0,0 +1,433 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
+ */
+
+#include "VehicleManager_fuzzer.h"
+#include <utils/SystemClock.h>
+#include <vhal_v2_0/Obd2SensorStore.h>
+#include <vhal_v2_0/WatchdogClient.h>
+
+namespace android::hardware::automotive::vehicle::V2_0::fuzzer {
+
+using ::aidl::android::automotive::watchdog::TimeoutLength;
+using ::android::elapsedRealtimeNano;
+using ::android::Looper;
+using ::android::sp;
+using ::android::hardware::hidl_handle;
+using ::android::hardware::hidl_string;
+using ::android::hardware::hidl_vec;
+using ::android::hardware::automotive::vehicle::V2_0::DiagnosticFloatSensorIndex;
+using ::android::hardware::automotive::vehicle::V2_0::DiagnosticIntegerSensorIndex;
+using ::android::hardware::automotive::vehicle::V2_0::kCustomComplexProperty;
+using ::android::hardware::automotive::vehicle::V2_0::kVehicleProperties;
+using ::android::hardware::automotive::vehicle::V2_0::MockedVehicleCallback;
+using ::android::hardware::automotive::vehicle::V2_0::Obd2SensorStore;
+using ::android::hardware::automotive::vehicle::V2_0::recyclable_ptr;
+using ::android::hardware::automotive::vehicle::V2_0::StatusCode;
+using ::android::hardware::automotive::vehicle::V2_0::SubscribeFlags;
+using ::android::hardware::automotive::vehicle::V2_0::SubscribeOptions;
+using ::android::hardware::automotive::vehicle::V2_0::VehicleAreaConfig;
+using ::android::hardware::automotive::vehicle::V2_0::VehicleHal;
+using ::android::hardware::automotive::vehicle::V2_0::VehicleHalManager;
+using ::android::hardware::automotive::vehicle::V2_0::VehiclePropConfig;
+using ::android::hardware::automotive::vehicle::V2_0::VehicleProperty;
+using ::android::hardware::automotive::vehicle::V2_0::VehiclePropertyAccess;
+using ::android::hardware::automotive::vehicle::V2_0::VehiclePropertyChangeMode;
+using ::android::hardware::automotive::vehicle::V2_0::VehiclePropertyStore;
+using ::android::hardware::automotive::vehicle::V2_0::VehiclePropertyType;
+using ::android::hardware::automotive::vehicle::V2_0::VehiclePropValue;
+using ::android::hardware::automotive::vehicle::V2_0::VehiclePropValuePool;
+using ::android::hardware::automotive::vehicle::V2_0::VmsMessageType;
+using ::android::hardware::automotive::vehicle::V2_0::WatchdogClient;
+using ::android::hardware::automotive::vehicle::V2_0::vms::createAvailabilityRequest;
+using ::android::hardware::automotive::vehicle::V2_0::vms::createBaseVmsMessage;
+using ::android::hardware::automotive::vehicle::V2_0::vms::createPublisherIdRequest;
+using ::android::hardware::automotive::vehicle::V2_0::vms::createStartSessionMessage;
+using ::android::hardware::automotive::vehicle::V2_0::vms::createSubscriptionsRequest;
+using ::android::hardware::automotive::vehicle::V2_0::vms::getAvailableLayers;
+using ::android::hardware::automotive::vehicle::V2_0::vms::getSequenceNumberForAvailabilityState;
+using ::android::hardware::automotive::vehicle::V2_0::vms::getSequenceNumberForSubscriptionsState;
+using ::android::hardware::automotive::vehicle::V2_0::vms::hasServiceNewlyStarted;
+using ::android::hardware::automotive::vehicle::V2_0::vms::isAvailabilitySequenceNumberNewer;
+using ::android::hardware::automotive::vehicle::V2_0::vms::isSequenceNumberNewer;
+using ::android::hardware::automotive::vehicle::V2_0::vms::isValidVmsMessage;
+using ::android::hardware::automotive::vehicle::V2_0::vms::parseData;
+using ::android::hardware::automotive::vehicle::V2_0::vms::parseMessageType;
+using ::android::hardware::automotive::vehicle::V2_0::vms::parsePublisherIdResponse;
+using ::android::hardware::automotive::vehicle::V2_0::vms::parseStartSessionMessage;
+using ::android::hardware::automotive::vehicle::V2_0::vms::VmsLayer;
+using ::android::hardware::automotive::vehicle::V2_0::vms::VmsLayerAndPublisher;
+using ::android::hardware::automotive::vehicle::V2_0::vms::VmsLayerOffering;
+using ::android::hardware::automotive::vehicle::V2_0::vms::VmsOffers;
+
+constexpr const char kCarMake[] = "Default Car";
+constexpr VehicleProperty kVehicleProp[] = {VehicleProperty::INVALID,
+ VehicleProperty::HVAC_FAN_SPEED,
+ VehicleProperty::INFO_MAKE,
+ VehicleProperty::DISPLAY_BRIGHTNESS,
+ VehicleProperty::INFO_FUEL_CAPACITY,
+ VehicleProperty::HVAC_SEAT_TEMPERATURE};
+constexpr DiagnosticIntegerSensorIndex kDiagnosticIntIndex[] = {
+ DiagnosticIntegerSensorIndex::FUEL_SYSTEM_STATUS,
+ DiagnosticIntegerSensorIndex::MALFUNCTION_INDICATOR_LIGHT_ON,
+ DiagnosticIntegerSensorIndex::NUM_OXYGEN_SENSORS_PRESENT,
+ DiagnosticIntegerSensorIndex::FUEL_TYPE};
+constexpr DiagnosticFloatSensorIndex kDiagnosticFloatIndex[] = {
+ DiagnosticFloatSensorIndex::CALCULATED_ENGINE_LOAD,
+ DiagnosticFloatSensorIndex::SHORT_TERM_FUEL_TRIM_BANK1,
+ DiagnosticFloatSensorIndex::LONG_TERM_FUEL_TRIM_BANK1,
+ DiagnosticFloatSensorIndex::THROTTLE_POSITION};
+constexpr size_t kVehiclePropArrayLength = std::size(kVehicleProp);
+constexpr size_t kIntSensorArrayLength = std::size(kDiagnosticIntIndex);
+constexpr size_t kFloatSensorArrayLength = std::size(kDiagnosticFloatIndex);
+constexpr VmsMessageType kAvailabilityMessageType[] = {VmsMessageType::AVAILABILITY_CHANGE,
+ VmsMessageType::AVAILABILITY_RESPONSE};
+constexpr VmsMessageType kSubscriptionMessageType[] = {VmsMessageType::SUBSCRIPTIONS_CHANGE,
+ VmsMessageType::SUBSCRIPTIONS_RESPONSE};
+
+MockedVehicleHal::VehiclePropValuePtr MockedVehicleHal::get(
+ const VehiclePropValue& requestedPropValue, StatusCode* outStatus) {
+ VehiclePropValuePtr pValue = nullptr;
+ if (outStatus == nullptr) {
+ return pValue;
+ }
+ auto property = static_cast<VehicleProperty>(requestedPropValue.prop);
+ int32_t areaId = requestedPropValue.areaId;
+ *outStatus = StatusCode::OK;
+
+ switch (property) {
+ case VehicleProperty::INFO_MAKE:
+ pValue = getValuePool()->obtainString(kCarMake);
+ break;
+ case VehicleProperty::INFO_FUEL_CAPACITY:
+ if (mFuelCapacityAttemptsLeft-- > 0) {
+ *outStatus = StatusCode::TRY_AGAIN;
+ } else {
+ pValue = getValuePool()->obtainFloat(42.42);
+ }
+ break;
+ default:
+ if (requestedPropValue.prop == kCustomComplexProperty) {
+ pValue = getValuePool()->obtainComplex();
+ pValue->value.int32Values = hidl_vec<int32_t>{10, 20};
+ pValue->value.int64Values = hidl_vec<int64_t>{30, 40};
+ pValue->value.floatValues = hidl_vec<float_t>{1.1, 2.2};
+ pValue->value.bytes = hidl_vec<uint8_t>{1, 2, 3};
+ pValue->value.stringValue = kCarMake;
+ break;
+ }
+ auto key = makeKey(toInt(property), areaId);
+ pValue = getValuePool()->obtain(mValues[key]);
+ }
+
+ if (*outStatus == StatusCode::OK && pValue.get() != nullptr) {
+ pValue->prop = toInt(property);
+ pValue->areaId = areaId;
+ pValue->timestamp = elapsedRealtimeNano();
+ }
+
+ return pValue;
+}
+
+void VehicleHalManagerFuzzer::process(const uint8_t* data, size_t size) {
+ mFuzzedDataProvider = new FuzzedDataProvider(data, size);
+ invokeDebug();
+ invokePropConfigs();
+ invokeSubscribe();
+ invokeSetAndGetValues();
+ invokeObd2SensorStore();
+ invokeVmsUtils();
+ invokeVehiclePropStore();
+ invokeWatchDogClient();
+}
+
+void VehicleHalManagerFuzzer::invokeDebug() {
+ hidl_string debugOption = mFuzzedDataProvider->PickValueInArray(
+ {"--help", "--list", "--get", "--set", "", "invalid"});
+ hidl_handle fd = {};
+ fd.setTo(native_handle_create(/*numFds=*/1, /*numInts=*/0), /*shouldOwn=*/true);
+
+ mManager->debug(fd, {});
+ mManager->debug(fd, {debugOption});
+}
+
+void VehicleHalManagerFuzzer::invokePropConfigs() {
+ int32_t vehicleProp1 = mFuzzedDataProvider->ConsumeIntegral<int32_t>();
+ int32_t vehicleProp2 = mFuzzedDataProvider->ConsumeIntegral<int32_t>();
+
+ hidl_vec<int32_t> properties = {vehicleProp1, vehicleProp2};
+
+ mManager->getPropConfigs(properties,
+ []([[maybe_unused]] StatusCode status,
+ [[maybe_unused]] const hidl_vec<VehiclePropConfig>& c) {});
+
+ mManager->getPropConfigs({toInt(kVehicleProp[abs(vehicleProp1) % kVehiclePropArrayLength])},
+ []([[maybe_unused]] StatusCode status,
+ [[maybe_unused]] const hidl_vec<VehiclePropConfig>& c) {});
+
+ mManager->getAllPropConfigs(
+ []([[maybe_unused]] const hidl_vec<VehiclePropConfig>& propConfigs) {});
+}
+
+void VehicleHalManagerFuzzer::invokeSubscribe() {
+ int32_t vehicleProp1 = mFuzzedDataProvider->ConsumeIntegral<int32_t>();
+ int32_t vehicleProp2 = mFuzzedDataProvider->ConsumeIntegral<int32_t>();
+ int32_t vehicleProp3 = mFuzzedDataProvider->ConsumeIntegral<int32_t>();
+
+ const auto prop1 = toInt(kVehicleProp[abs(vehicleProp1) % kVehiclePropArrayLength]);
+ sp<MockedVehicleCallback> cb = new MockedVehicleCallback();
+
+ hidl_vec<SubscribeOptions> options = {
+ SubscribeOptions{.propId = prop1, .flags = SubscribeFlags::EVENTS_FROM_CAR}};
+
+ mManager->subscribe(cb, options);
+
+ auto unsubscribedValue = mObjectPool->obtain(VehiclePropertyType::INT32);
+ unsubscribedValue->prop = toInt(kVehicleProp[abs(vehicleProp2) % kVehiclePropArrayLength]);
+
+ mHal->sendPropEvent(std::move(unsubscribedValue));
+ cb->getReceivedEvents();
+ cb->waitForExpectedEvents(0);
+
+ auto subscribedValue = mObjectPool->obtain(VehiclePropertyType::INT32);
+ subscribedValue->prop = toInt(kVehicleProp[abs(vehicleProp2) % kVehiclePropArrayLength]);
+ subscribedValue->value.int32Values[0] = INT32_MAX;
+
+ cb->reset();
+ VehiclePropValue actualValue(*subscribedValue.get());
+ mHal->sendPropEvent(std::move(subscribedValue));
+ cb->waitForExpectedEvents(1);
+ mManager->unsubscribe(cb, prop1);
+
+ sp<MockedVehicleCallback> cb2 = new MockedVehicleCallback();
+
+ hidl_vec<SubscribeOptions> options2 = {
+ SubscribeOptions{
+ .propId = toInt(kVehicleProp[abs(vehicleProp3) % kVehiclePropArrayLength]),
+ .flags = SubscribeFlags::EVENTS_FROM_CAR},
+ };
+
+ mManager->subscribe(cb2, options2);
+
+ mHal->sendHalError(StatusCode::TRY_AGAIN,
+ toInt(kVehicleProp[abs(vehicleProp3) % kVehiclePropArrayLength]),
+ /*areaId=*/0);
+}
+
+void VehicleHalManagerFuzzer::invokeSetAndGetValues() {
+ uint32_t vehicleProp1 =
+ mFuzzedDataProvider->ConsumeIntegralInRange<uint32_t>(0, kVehiclePropArrayLength - 1);
+ uint32_t vehicleProp2 =
+ mFuzzedDataProvider->ConsumeIntegralInRange<uint32_t>(0, kVehiclePropArrayLength - 1);
+ uint32_t vehicleProp3 =
+ mFuzzedDataProvider->ConsumeIntegralInRange<uint32_t>(0, kVehiclePropArrayLength - 1);
+
+ invokeGet(kCustomComplexProperty, 0);
+ invokeGet(toInt(kVehicleProp[vehicleProp2]), 0);
+ invokeGet(toInt(kVehicleProp[vehicleProp1]), 0);
+
+ auto expectedValue = mObjectPool->obtainInt32(mFuzzedDataProvider->ConsumeIntegral<int32_t>());
+ mObjectPool->obtainInt64(mFuzzedDataProvider->ConsumeIntegral<int64_t>());
+ mObjectPool->obtainFloat(mFuzzedDataProvider->ConsumeFloatingPoint<float>());
+ mObjectPool->obtainBoolean(mFuzzedDataProvider->ConsumeBool());
+ expectedValue->prop = toInt(kVehicleProp[vehicleProp2]);
+ expectedValue->areaId = 0;
+
+ mManager->set(*expectedValue.get());
+ invokeGet(toInt(kVehicleProp[vehicleProp2]), 0);
+ expectedValue->prop = toInt(kVehicleProp[vehicleProp3]);
+ mManager->set(*expectedValue.get());
+ expectedValue->prop = toInt(VehicleProperty::INVALID);
+ mManager->set(*expectedValue.get());
+}
+
+void VehicleHalManagerFuzzer::invokeObd2SensorStore() {
+ uint32_t diagnosticIntIndex =
+ mFuzzedDataProvider->ConsumeIntegralInRange<uint32_t>(0, kIntSensorArrayLength - 1);
+ int32_t diagnosticIntValue = mFuzzedDataProvider->ConsumeIntegral<int32_t>();
+ uint32_t diagnosticFloatIndex =
+ mFuzzedDataProvider->ConsumeIntegralInRange<uint32_t>(0, kFloatSensorArrayLength - 1);
+ float diagnosticFloatValue = mFuzzedDataProvider->ConsumeFloatingPoint<float>();
+
+ std::unique_ptr<Obd2SensorStore> sensorStore(
+ new Obd2SensorStore(kIntSensorArrayLength, kFloatSensorArrayLength));
+ if (sensorStore) {
+ sensorStore->setIntegerSensor(kDiagnosticIntIndex[diagnosticIntIndex], diagnosticIntValue);
+ sensorStore->setFloatSensor(kDiagnosticFloatIndex[diagnosticFloatIndex],
+ diagnosticFloatValue);
+ sensorStore->getIntegerSensors();
+ sensorStore->getFloatSensors();
+ sensorStore->getSensorsBitmask();
+ static std::vector<std::string> sampleDtcs = {"P0070",
+ "P0102"
+ "P0123"};
+ for (auto&& dtc : sampleDtcs) {
+ auto freezeFrame = createVehiclePropValue(VehiclePropertyType::MIXED, 0);
+ sensorStore->fillPropValue(dtc, freezeFrame.get());
+ freezeFrame->prop = static_cast<int>(VehicleProperty::OBD2_FREEZE_FRAME);
+ }
+ }
+}
+
+void VehicleHalManagerFuzzer::invokeVmsUtils() {
+ bool availabilityMsgType = mFuzzedDataProvider->ConsumeBool();
+ bool subscriptionMsgType = mFuzzedDataProvider->ConsumeBool();
+ int32_t intValue = mFuzzedDataProvider->ConsumeIntegral<int32_t>();
+
+ VmsLayer layer(1, 0, 2);
+ auto message = createSubscribeMessage(layer);
+ isValidVmsMessage(*message);
+ message = createUnsubscribeMessage(layer);
+
+ VmsOffers offers = {intValue, {VmsLayerOffering(VmsLayer(1, 0, 2))}};
+ message = createOfferingMessage(offers);
+ std::vector<VmsLayer> dependencies = {VmsLayer(2, 0, 2), VmsLayer(3, 0, 3)};
+ std::vector<VmsLayerOffering> offering = {VmsLayerOffering(layer, dependencies)};
+ offers = {intValue, offering};
+ message = createOfferingMessage(offers);
+
+ message = createAvailabilityRequest();
+ message = createSubscriptionsRequest();
+
+ std::string bytes = "placeholder";
+ const VmsLayerAndPublisher layer_and_publisher(VmsLayer(2, 0, 1), intValue);
+ message = createDataMessageWithLayerPublisherInfo(layer_and_publisher, bytes);
+ parseData(*message);
+ createSubscribeToPublisherMessage(layer_and_publisher);
+ createUnsubscribeToPublisherMessage(layer_and_publisher);
+
+ std::string pub_bytes = "pub_id";
+ message = createPublisherIdRequest(pub_bytes);
+ message = createBaseVmsMessage(2);
+ message->value.int32Values =
+ hidl_vec<int32_t>{toInt(VmsMessageType::PUBLISHER_ID_RESPONSE), intValue};
+ parsePublisherIdResponse(*message);
+
+ message->value.int32Values =
+ hidl_vec<int32_t>{toInt(kSubscriptionMessageType[subscriptionMsgType]), intValue};
+ getSequenceNumberForSubscriptionsState(*message);
+
+ message->value.int32Values = hidl_vec<int32_t>{toInt(kSubscriptionMessageType[0]), intValue};
+ isSequenceNumberNewer(*message, intValue + 1);
+ invokeGetSubscribedLayers(kSubscriptionMessageType[subscriptionMsgType]);
+
+ message->value.int32Values =
+ hidl_vec<int32_t>{toInt(kAvailabilityMessageType[availabilityMsgType]), 0};
+ hasServiceNewlyStarted(*message);
+ message = createStartSessionMessage(intValue, intValue + 1);
+ parseMessageType(*message);
+
+ message->value.int32Values =
+ hidl_vec<int32_t>{toInt(kAvailabilityMessageType[availabilityMsgType]), intValue};
+ isAvailabilitySequenceNumberNewer(*message, intValue + 1);
+
+ message->value.int32Values =
+ hidl_vec<int32_t>{toInt(kAvailabilityMessageType[availabilityMsgType]), intValue};
+ getSequenceNumberForAvailabilityState(*message);
+ message = createBaseVmsMessage(3);
+ int new_service_id;
+ message->value.int32Values = hidl_vec<int32_t>{toInt(VmsMessageType::START_SESSION), 0, -1};
+ parseStartSessionMessage(*message, -1, 0, &new_service_id);
+}
+
+void VehicleHalManagerFuzzer::invokeGet(int32_t property, int32_t areaId) {
+ VehiclePropValue requestedValue{};
+ requestedValue.prop = property;
+ requestedValue.areaId = areaId;
+ mActualValue = VehiclePropValue{}; // reset previous values
+
+ StatusCode refStatus;
+ VehiclePropValue refValue;
+ mManager->get(requestedValue,
+ [&refStatus, &refValue](StatusCode status, const VehiclePropValue& value) {
+ refStatus = status;
+ refValue = value;
+ });
+
+ mActualValue = refValue;
+ mActualStatusCode = refStatus;
+}
+
+void VehicleHalManagerFuzzer::invokeGetSubscribedLayers(VmsMessageType type) {
+ VmsOffers offers = {123,
+ {VmsLayerOffering(VmsLayer(1, 0, 1), {VmsLayer(4, 1, 1)}),
+ VmsLayerOffering(VmsLayer(2, 0, 1))}};
+ auto message = createBaseVmsMessage(16);
+ message->value.int32Values = hidl_vec<int32_t>{toInt(type),
+ 1234, // sequence number
+ 2, // number of layers
+ 1, // number of associated layers
+ 1, // layer 1
+ 0, 1,
+ 4, // layer 2
+ 1, 1,
+ 2, // associated layer
+ 0, 1,
+ 2, // number of publisher IDs
+ 111, // publisher IDs
+ 123};
+ isValidVmsMessage(*message);
+ getSubscribedLayers(*message, offers);
+ getAvailableLayers(*message);
+}
+
+void VehicleHalManagerFuzzer::invokeVehiclePropStore() {
+ bool shouldWriteStatus = mFuzzedDataProvider->ConsumeBool();
+ int32_t vehicleProp = mFuzzedDataProvider->ConsumeIntegral<int32_t>();
+ auto store = std::make_unique<VehiclePropertyStore>();
+ VehiclePropConfig config{
+ .prop = vehicleProp,
+ .access = VehiclePropertyAccess::READ,
+ .changeMode = VehiclePropertyChangeMode::STATIC,
+ .areaConfigs = {VehicleAreaConfig{.areaId = (0)}},
+ };
+ store->registerProperty(config);
+ VehiclePropValue propValue{};
+ propValue.prop = vehicleProp;
+ propValue.areaId = 0;
+ store->writeValue(propValue, shouldWriteStatus);
+ store->readAllValues();
+ store->getAllConfigs();
+ store->getConfigOrNull(vehicleProp);
+ store->readValuesForProperty(vehicleProp);
+ store->readValueOrNull(propValue);
+ store->readValueOrNull(propValue.prop, propValue.areaId, 0);
+ store->removeValuesForProperty(vehicleProp);
+ store->removeValue(propValue);
+ store->getConfigOrDie(vehicleProp);
+}
+
+void VehicleHalManagerFuzzer::invokeWatchDogClient() {
+ auto service = new VehicleHalManager(mHal.get());
+ sp<Looper> looper(Looper::prepare(/*opts=*/mFuzzedDataProvider->ConsumeBool()));
+ if (auto watchdogClient = ndk::SharedRefBase::make<WatchdogClient>(looper, service);
+ watchdogClient->initialize()) {
+ watchdogClient->checkIfAlive(-1, TimeoutLength::TIMEOUT_NORMAL);
+ watchdogClient->prepareProcessTermination();
+ }
+ delete service;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ VehicleHalManagerFuzzer vmFuzzer;
+ vmFuzzer.process(data, size);
+ return 0;
+}
+
+} // namespace android::hardware::automotive::vehicle::V2_0::fuzzer
diff --git a/automotive/vehicle/2.0/default/tests/fuzzer/VehicleManager_fuzzer.h b/automotive/vehicle/2.0/default/tests/fuzzer/VehicleManager_fuzzer.h
new file mode 100644
index 0000000..e9335d3
--- /dev/null
+++ b/automotive/vehicle/2.0/default/tests/fuzzer/VehicleManager_fuzzer.h
@@ -0,0 +1,124 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ * Originally developed and contributed by Ittiam Systems Pvt. Ltd, Bangalore
+ */
+
+#ifndef __VEHICLE_MANAGER_FUZZER_H__
+#define __VEHICLE_MANAGER_FUZZER_H__
+
+#include <vhal_v2_0/VehicleHalManager.h>
+#include <vhal_v2_0/VehiclePropertyStore.h>
+#include <vhal_v2_0/VmsUtils.h>
+
+#include <VehicleHalTestUtils.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+namespace android::hardware::automotive::vehicle::V2_0::fuzzer {
+
+constexpr int kRetriableAttempts = 3;
+
+class MockedVehicleHal : public VehicleHal {
+ public:
+ MockedVehicleHal()
+ : mFuelCapacityAttemptsLeft(kRetriableAttempts),
+ mMirrorFoldAttemptsLeft(kRetriableAttempts) {
+ mConfigs.assign(std::begin(kVehicleProperties), std::end(kVehicleProperties));
+ }
+
+ std::vector<VehiclePropConfig> listProperties() override { return mConfigs; }
+
+ VehiclePropValuePtr get(const VehiclePropValue& requestedPropValue,
+ StatusCode* outStatus) override;
+
+ StatusCode set(const VehiclePropValue& propValue) override {
+ if (toInt(VehicleProperty::MIRROR_FOLD) == propValue.prop &&
+ mMirrorFoldAttemptsLeft-- > 0) {
+ return StatusCode::TRY_AGAIN;
+ }
+
+ mValues[makeKey(propValue)] = propValue;
+ return StatusCode::OK;
+ }
+
+ StatusCode subscribe(int32_t /* property */, float /* sampleRate */) override {
+ return StatusCode::OK;
+ }
+
+ StatusCode unsubscribe(int32_t /* property */) override { return StatusCode::OK; }
+
+ void sendPropEvent(recyclable_ptr<VehiclePropValue> value) { doHalEvent(std::move(value)); }
+
+ void sendHalError(StatusCode error, int32_t property, int32_t areaId) {
+ doHalPropertySetError(error, property, areaId);
+ }
+
+ private:
+ int64_t makeKey(const VehiclePropValue& v) const { return makeKey(v.prop, v.areaId); }
+
+ int64_t makeKey(int32_t prop, int32_t area) const {
+ return (static_cast<int64_t>(prop) << 32) | area;
+ }
+
+ private:
+ std::vector<VehiclePropConfig> mConfigs;
+ std::unordered_map<int64_t, VehiclePropValue> mValues;
+ int mFuelCapacityAttemptsLeft;
+ int mMirrorFoldAttemptsLeft;
+};
+
+class VehicleHalManagerFuzzer {
+ public:
+ VehicleHalManagerFuzzer() {
+ mHal.reset(new MockedVehicleHal);
+ mManager.reset(new VehicleHalManager(mHal.get()));
+ mObjectPool = mHal->getValuePool();
+ }
+ ~VehicleHalManagerFuzzer() {
+ mManager.reset(nullptr);
+ mHal.reset(nullptr);
+ mObjectPool = nullptr;
+ if (mFuzzedDataProvider) {
+ delete mFuzzedDataProvider;
+ }
+ }
+ void process(const uint8_t* data, size_t size);
+
+ private:
+ FuzzedDataProvider* mFuzzedDataProvider = nullptr;
+ VehiclePropValue mActualValue = VehiclePropValue{};
+ StatusCode mActualStatusCode = StatusCode::OK;
+
+ VehiclePropValuePool* mObjectPool = nullptr;
+ std::unique_ptr<MockedVehicleHal> mHal;
+ std::unique_ptr<VehicleHalManager> mManager;
+
+ void invokeDebug();
+ void invokePropConfigs();
+ void invokeSubscribe();
+ void invokeSetAndGetValues();
+ void invokeObd2SensorStore();
+ void invokeVmsUtils();
+ void invokeVehiclePropStore();
+ void invokeWatchDogClient();
+ void invokeGetSubscribedLayers(VmsMessageType type);
+ void invokeGet(int32_t property, int32_t areaId);
+};
+
+} // namespace android::hardware::automotive::vehicle::V2_0::fuzzer
+
+#endif // __VEHICLE_MANAGER_FUZZER_H__
diff --git a/bluetooth/audio/2.0/default/BluetoothAudioProvidersFactory.cpp b/bluetooth/audio/2.0/default/BluetoothAudioProvidersFactory.cpp
index df89cc8..0e5b7e4 100644
--- a/bluetooth/audio/2.0/default/BluetoothAudioProvidersFactory.cpp
+++ b/bluetooth/audio/2.0/default/BluetoothAudioProvidersFactory.cpp
@@ -75,7 +75,7 @@
android::bluetooth::audio::GetOffloadCodecCapabilities(sessionType);
if (db_codec_capabilities.size()) {
audio_capabilities.resize(db_codec_capabilities.size());
- for (int i = 0; i < db_codec_capabilities.size(); ++i) {
+ for (std::size_t i = 0; i < db_codec_capabilities.size(); ++i) {
audio_capabilities[i].codecCapabilities(db_codec_capabilities[i]);
}
}
diff --git a/bluetooth/audio/utils/OWNERS b/bluetooth/audio/utils/OWNERS
new file mode 100644
index 0000000..a35dde2
--- /dev/null
+++ b/bluetooth/audio/utils/OWNERS
@@ -0,0 +1,3 @@
+include platform/system/bt:/OWNERS
+
+cheneyni@google.com
\ No newline at end of file
diff --git a/bluetooth/audio/utils/session/BluetoothAudioSession.cpp b/bluetooth/audio/utils/session/BluetoothAudioSession.cpp
index 50119bf..2f3ddaf 100644
--- a/bluetooth/audio/utils/session/BluetoothAudioSession.cpp
+++ b/bluetooth/audio/utils/session/BluetoothAudioSession.cpp
@@ -43,7 +43,10 @@
AudioConfiguration BluetoothAudioSession::invalidOffloadAudioConfiguration = {};
static constexpr int kFmqSendTimeoutMs = 1000; // 1000 ms timeout for sending
+static constexpr int kFmqReceiveTimeoutMs =
+ 1000; // 1000 ms timeout for receiving
static constexpr int kWritePollMs = 1; // polled non-blocking interval
+static constexpr int kReadPollMs = 1; // polled non-blocking interval
static inline timespec timespec_convert_from_hal(const TimeSpec& TS) {
return {.tv_sec = static_cast<long>(TS.tvSec),
@@ -402,6 +405,39 @@
return totalWritten;
}
+// The control function reads stream from FMQ
+size_t BluetoothAudioSession::InReadPcmData(void* buffer, size_t bytes) {
+ if (buffer == nullptr || !bytes) return 0;
+ size_t totalRead = 0;
+ int ms_timeout = kFmqReceiveTimeoutMs;
+ do {
+ std::unique_lock<std::recursive_mutex> lock(mutex_);
+ if (!IsSessionReady()) break;
+ size_t availableToRead = mDataMQ->availableToRead();
+ if (availableToRead) {
+ if (availableToRead > (bytes - totalRead)) {
+ availableToRead = bytes - totalRead;
+ }
+ if (!mDataMQ->read(static_cast<uint8_t*>(buffer) + totalRead,
+ availableToRead)) {
+ ALOGE("FMQ datapath reading %zu/%zu failed", totalRead, bytes);
+ return totalRead;
+ }
+ totalRead += availableToRead;
+ } else if (ms_timeout >= kReadPollMs) {
+ lock.unlock();
+ usleep(kReadPollMs * 1000);
+ ms_timeout -= kReadPollMs;
+ continue;
+ } else {
+ ALOGD("in data %zu/%zu overflow %d ms", totalRead, bytes,
+ (kFmqReceiveTimeoutMs - ms_timeout));
+ return totalRead;
+ }
+ } while (totalRead < bytes);
+ return totalRead;
+}
+
std::unique_ptr<BluetoothAudioSessionInstance>
BluetoothAudioSessionInstance::instance_ptr =
std::unique_ptr<BluetoothAudioSessionInstance>(
diff --git a/bluetooth/audio/utils/session/BluetoothAudioSession.h b/bluetooth/audio/utils/session/BluetoothAudioSession.h
index 838d1cc..8d02387 100644
--- a/bluetooth/audio/utils/session/BluetoothAudioSession.h
+++ b/bluetooth/audio/utils/session/BluetoothAudioSession.h
@@ -153,6 +153,8 @@
// The control function writes stream to FMQ
size_t OutWritePcmData(const void* buffer, size_t bytes);
+ // The control function read stream from FMQ
+ size_t InReadPcmData(void* buffer, size_t bytes);
static constexpr PcmParameters kInvalidPcmParameters = {
.sampleRate = SampleRate::RATE_UNKNOWN,
diff --git a/bluetooth/audio/utils/session/BluetoothAudioSessionControl_2_1.h b/bluetooth/audio/utils/session/BluetoothAudioSessionControl_2_1.h
index 86af468..168de48 100644
--- a/bluetooth/audio/utils/session/BluetoothAudioSessionControl_2_1.h
+++ b/bluetooth/audio/utils/session/BluetoothAudioSessionControl_2_1.h
@@ -141,6 +141,17 @@
}
return 0;
}
+
+ // The control API reads stream from FMQ
+ static size_t InReadPcmData(const SessionType_2_1& session_type, void* buffer,
+ size_t bytes) {
+ std::shared_ptr<BluetoothAudioSession_2_1> session_ptr =
+ BluetoothAudioSessionInstance_2_1::GetSessionInstance(session_type);
+ if (session_ptr != nullptr) {
+ return session_ptr->GetAudioSession()->InReadPcmData(buffer, bytes);
+ }
+ return 0;
+ }
};
} // namespace audio
diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp
index 6418028..aba89c1 100644
--- a/identity/support/src/IdentityCredentialSupport.cpp
+++ b/identity/support/src/IdentityCredentialSupport.cpp
@@ -928,7 +928,7 @@
// translate certificate format from keymaster_cert_chain_t to vector<vector<uint8_t>>.
vector<vector<uint8_t>> attestationCertificate;
- for (int i = 0; i < cert_chain_out.entry_count; i++) {
+ for (std::size_t i = 0; i < cert_chain_out.entry_count; i++) {
attestationCertificate.insert(
attestationCertificate.end(),
vector<uint8_t>(
diff --git a/radio/1.0/vts/functional/Android.bp b/radio/1.0/vts/functional/Android.bp
index 3867842..9e92d93 100644
--- a/radio/1.0/vts/functional/Android.bp
+++ b/radio/1.0/vts/functional/Android.bp
@@ -26,46 +26,56 @@
cc_test {
name: "VtsHalRadioV1_0TargetTest",
defaults: ["VtsHalTargetTestDefaults"],
- srcs: ["radio_hidl_hal_cell_broadcast.cpp",
- "radio_hidl_hal_data.cpp",
- "radio_hidl_hal_icc.cpp",
- "radio_hidl_hal_ims.cpp",
- "radio_hidl_hal_misc.cpp",
- "radio_hidl_hal_sms.cpp",
- "radio_hidl_hal_stk.cpp",
- "radio_hidl_hal_test.cpp",
- "radio_hidl_hal_voice.cpp",
- "radio_indication.cpp",
- "radio_response.cpp",
- "VtsHalRadioV1_0TargetTest.cpp",
- "vts_test_util.cpp"],
+ srcs: [
+ "radio_hidl_hal_cell_broadcast.cpp",
+ "radio_hidl_hal_data.cpp",
+ "radio_hidl_hal_icc.cpp",
+ "radio_hidl_hal_ims.cpp",
+ "radio_hidl_hal_misc.cpp",
+ "radio_hidl_hal_sms.cpp",
+ "radio_hidl_hal_stk.cpp",
+ "radio_hidl_hal_test.cpp",
+ "radio_hidl_hal_voice.cpp",
+ "radio_indication.cpp",
+ "radio_response.cpp",
+ "VtsHalRadioV1_0TargetTest.cpp",
+ "vts_test_util.cpp",
+ ],
static_libs: [
"android.hardware.radio@1.0",
],
test_config: "vts_hal_radio_target_test.xml",
- test_suites: ["general-tests", "vts"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
cc_test {
name: "VtsHalSapV1_0TargetTest",
defaults: ["VtsHalTargetTestDefaults"],
- srcs: ["sap_callback.cpp",
- "sap_hidl_hal_api.cpp",
- "sap_hidl_hal_test.cpp",
- "VtsHalSapV1_0TargetTest.cpp",
- "vts_test_util.cpp"],
+ srcs: [
+ "sap_callback.cpp",
+ "sap_hidl_hal_api.cpp",
+ "sap_hidl_hal_test.cpp",
+ "VtsHalSapV1_0TargetTest.cpp",
+ "vts_test_util.cpp",
+ ],
static_libs: [
"android.hardware.radio@1.0",
],
test_config: "vts_hal_sap_target_test.xml",
- test_suites: ["general-tests", "vts"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
cc_library_static {
name: "RadioVtsTestUtilBase",
defaults: ["VtsHalTargetTestDefaults"],
- srcs : [
- "vts_test_util.cpp"
+ srcs: [
+ "vts_test_util.cpp",
],
shared_libs: [
"android.hardware.radio@1.0",
diff --git a/radio/1.1/vts/functional/Android.bp b/radio/1.1/vts/functional/Android.bp
index c576fe8..3ada6ff 100644
--- a/radio/1.1/vts/functional/Android.bp
+++ b/radio/1.1/vts/functional/Android.bp
@@ -26,11 +26,13 @@
cc_test {
name: "VtsHalRadioV1_1TargetTest",
defaults: ["VtsHalTargetTestDefaults"],
- srcs: ["radio_hidl_hal_api.cpp",
- "radio_hidl_hal_test.cpp",
- "radio_indication.cpp",
- "radio_response.cpp",
- "VtsHalRadioV1_1TargetTest.cpp"],
+ srcs: [
+ "radio_hidl_hal_api.cpp",
+ "radio_hidl_hal_test.cpp",
+ "radio_indication.cpp",
+ "radio_response.cpp",
+ "VtsHalRadioV1_1TargetTest.cpp",
+ ],
static_libs: [
"RadioVtsTestUtilBase",
"android.hardware.radio@1.1",
@@ -39,5 +41,8 @@
header_libs: [
"radio.util.header@1.0",
],
- test_suites: ["general-tests", "vts"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
diff --git a/radio/1.2/vts/functional/Android.bp b/radio/1.2/vts/functional/Android.bp
index cb42cc7..1447ade 100644
--- a/radio/1.2/vts/functional/Android.bp
+++ b/radio/1.2/vts/functional/Android.bp
@@ -43,5 +43,8 @@
"android.hardware.radio.config@1.1",
],
header_libs: ["radio.util.header@1.0"],
- test_suites: ["general-tests", "vts"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
diff --git a/radio/1.3/vts/functional/Android.bp b/radio/1.3/vts/functional/Android.bp
index 516e904..d96d391 100644
--- a/radio/1.3/vts/functional/Android.bp
+++ b/radio/1.3/vts/functional/Android.bp
@@ -41,5 +41,8 @@
"android.hardware.radio@1.0",
],
header_libs: ["radio.util.header@1.0"],
- test_suites: ["general-tests", "vts"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
diff --git a/radio/1.4/vts/functional/Android.bp b/radio/1.4/vts/functional/Android.bp
index 681e716..167dec8 100644
--- a/radio/1.4/vts/functional/Android.bp
+++ b/radio/1.4/vts/functional/Android.bp
@@ -44,5 +44,8 @@
"android.hardware.radio.config@1.1",
],
header_libs: ["radio.util.header@1.0"],
- test_suites: ["general-tests", "vts"]
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
diff --git a/radio/1.5/vts/functional/Android.bp b/radio/1.5/vts/functional/Android.bp
index c04edcf..4549d3c 100644
--- a/radio/1.5/vts/functional/Android.bp
+++ b/radio/1.5/vts/functional/Android.bp
@@ -45,5 +45,8 @@
"android.hardware.radio.config@1.1",
],
header_libs: ["radio.util.header@1.0"],
- test_suites: ["general-tests", "vts"]
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
diff --git a/radio/config/1.0/vts/functional/Android.bp b/radio/config/1.0/vts/functional/Android.bp
index ef11d7e..36aecff 100644
--- a/radio/config/1.0/vts/functional/Android.bp
+++ b/radio/config/1.0/vts/functional/Android.bp
@@ -38,5 +38,8 @@
"android.hardware.radio.config@1.0",
],
header_libs: ["radio.util.header@1.0"],
- test_suites: ["general-tests", "vts"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
diff --git a/radio/config/1.1/vts/functional/Android.bp b/radio/config/1.1/vts/functional/Android.bp
index 3635f83..9037b79 100644
--- a/radio/config/1.1/vts/functional/Android.bp
+++ b/radio/config/1.1/vts/functional/Android.bp
@@ -38,5 +38,8 @@
"android.hardware.radio.config@1.1",
],
header_libs: ["radio.util.header@1.0"],
- test_suites: ["general-tests", "vts"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
diff --git a/radio/config/1.2/vts/functional/Android.bp b/radio/config/1.2/vts/functional/Android.bp
index e7cc155..1a15d3f 100644
--- a/radio/config/1.2/vts/functional/Android.bp
+++ b/radio/config/1.2/vts/functional/Android.bp
@@ -40,5 +40,8 @@
"android.hardware.radio.config@1.2",
],
header_libs: ["radio.util.header@1.0"],
- test_suites: ["general-tests", "vts"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl
deleted file mode 100644
index 34f2749..0000000
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *////////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.keymint;
-@VintfStability
-parcelable ByteArray {
- byte[] data;
-}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
index 3faba48..2eb6e35 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl
@@ -115,6 +115,7 @@
MISSING_NOT_AFTER = -81,
MISSING_ISSUER_SUBJECT = -82,
INVALID_ISSUER_SUBJECT = -83,
+ BOOT_LEVEL_EXCEEDED = -84,
UNIMPLEMENTED = -100,
VERSION_MISMATCH = -101,
UNKNOWN_ERROR = -1000,
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl
index bd304f1..30fe6dc 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl
@@ -36,7 +36,7 @@
long challenge;
long userId;
long authenticatorId;
- android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType;
+ android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType = android.hardware.security.keymint.HardwareAuthenticatorType.NONE;
android.hardware.security.secureclock.Timestamp timestamp;
byte[] mac;
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
index a9b9a05..80ed526 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl
@@ -33,7 +33,8 @@
package android.hardware.security.keymint;
@VintfStability
interface IKeyMintOperation {
- int update(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.security.secureclock.TimeStampToken inTimeStampToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams, out @nullable android.hardware.security.keymint.ByteArray output);
- byte[] finish(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken inTimeStampToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams);
+ void updateAad(in byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken timeStampToken);
+ byte[] update(in byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken timeStampToken);
+ byte[] finish(in @nullable byte[] input, in @nullable byte[] signature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken timestampToken, in @nullable byte[] confirmationToken);
void abort();
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl
index b430da9..994bd4c 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl
@@ -33,6 +33,6 @@
package android.hardware.security.keymint;
@VintfStability
parcelable KeyCharacteristics {
- android.hardware.security.keymint.SecurityLevel securityLevel;
+ android.hardware.security.keymint.SecurityLevel securityLevel = android.hardware.security.keymint.SecurityLevel.SOFTWARE;
android.hardware.security.keymint.KeyParameter[] authorizations;
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
index d06312a..7747c59 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
@@ -34,7 +34,7 @@
@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
parcelable KeyMintHardwareInfo {
int versionNumber;
- android.hardware.security.keymint.SecurityLevel securityLevel;
+ android.hardware.security.keymint.SecurityLevel securityLevel = android.hardware.security.keymint.SecurityLevel.SOFTWARE;
@utf8InCpp String keyMintName;
@utf8InCpp String keyMintAuthorName;
boolean timestampTokenRequired;
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl
index f534952..21b083c 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl
@@ -33,6 +33,6 @@
package android.hardware.security.keymint;
@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
parcelable KeyParameter {
- android.hardware.security.keymint.Tag tag;
+ android.hardware.security.keymint.Tag tag = android.hardware.security.keymint.Tag.INVALID;
android.hardware.security.keymint.KeyParameterValue value;
}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl
deleted file mode 100644
index 2706623..0000000
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *////////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL file. Do not edit it manually. There are
-// two cases:
-// 1). this is a frozen version file - do not edit this in any case.
-// 2). this is a 'current' file. If you make a backwards compatible change to
-// the interface (from the latest frozen version), the build system will
-// prompt you to update this file with `m <name>-update-api`.
-//
-// You must not make a backward incompatible change to any AIDL file built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.keymint;
-@VintfStability
-parcelable KeyParameterArray {
- android.hardware.security.keymint.KeyParameter[] params;
-}
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
index 03982e3..2469d27 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl
@@ -98,4 +98,5 @@
CERTIFICATE_SUBJECT = -1879047185,
CERTIFICATE_NOT_BEFORE = 1610613744,
CERTIFICATE_NOT_AFTER = 1610613745,
+ MAX_BOOT_LEVEL = 805307378,
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl b/security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl
deleted file mode 100644
index c3b402e..0000000
--- a/security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.keymint;
-
-/**
- * This is used to contain a byte[], to make out parameters of byte arrays
- * more convenient for callers.
- */
-@VintfStability
-parcelable ByteArray {
- byte[] data;
-}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl b/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl
index 5765130..95b38f2 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl
@@ -105,6 +105,7 @@
MISSING_NOT_AFTER = -81,
MISSING_ISSUER_SUBJECT = -82,
INVALID_ISSUER_SUBJECT = -83,
+ BOOT_LEVEL_EXCEEDED = -84,
UNIMPLEMENTED = -100,
VERSION_MISMATCH = -101,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl b/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl
index 417a0b1..57150d5 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl
@@ -16,17 +16,17 @@
package android.hardware.security.keymint;
-import android.hardware.security.secureclock.Timestamp;
import android.hardware.security.keymint.HardwareAuthenticatorType;
+import android.hardware.security.secureclock.Timestamp;
/**
* HardwareAuthToken is used to prove successful user authentication, to unlock the use of a key.
*
* HardwareAuthTokens are produced by other secure environment applications, notably GateKeeper and
- * biometric authenticators, in response to successful user authentication events. These tokens are passed to
- * begin(), update(), and finish() to prove that authentication occurred. See those methods for
- * more details. It is up to the caller to determine which of the generated auth tokens is
- * appropriate for a given key operation.
+ * biometric authenticators, in response to successful user authentication events. These tokens are
+ * passed to begin(), update(), and finish() to prove that authentication occurred. See those
+ * methods for more details. It is up to the caller to determine which of the generated auth tokens
+ * is appropriate for a given key operation.
*/
@VintfStability
@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
@@ -55,7 +55,7 @@
* authenticatorType describes the type of authentication that took place, e.g. password or
* fingerprint.
*/
- HardwareAuthenticatorType authenticatorType;
+ HardwareAuthenticatorType authenticatorType = HardwareAuthenticatorType.NONE;
/**
* timestamp indicates when the user authentication took place, in milliseconds since some
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 13e98af..6d42db2 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -18,7 +18,6 @@
import android.hardware.security.keymint.AttestationKey;
import android.hardware.security.keymint.BeginResult;
-import android.hardware.security.keymint.ByteArray;
import android.hardware.security.keymint.HardwareAuthToken;
import android.hardware.security.keymint.IKeyMintOperation;
import android.hardware.security.keymint.KeyCreationResult;
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
index 8c49602..1c2511b 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl
@@ -16,15 +16,75 @@
package android.hardware.security.keymint;
-import android.hardware.security.keymint.ByteArray;
import android.hardware.security.keymint.HardwareAuthToken;
import android.hardware.security.keymint.KeyParameter;
-import android.hardware.security.keymint.KeyParameterArray;
import android.hardware.security.secureclock.TimeStampToken;
@VintfStability
interface IKeyMintOperation {
/**
+ * Provides additional authentication data (AAD) to a cryptographic operation begun with
+ * begin(), provided in the input argument. This method only applies to AEAD modes. This
+ * method may be called multiple times, supplying the AAD in chunks, but may not be called after
+ * update() is called. If updateAad() is called after update(), it must return
+ * ErrorCode::INVALID_TAG.
+ *
+ * If operation is in an invalid state (was aborted or had an error) update() must return
+ * ErrorCode::INVALID_OPERATION_HANDLE.
+ *
+ * If this method returns an error code other than ErrorCode::OK, the operation is aborted and
+ * the operation handle must be invalidated. Any future use of the handle, with this method,
+ * finish, or abort, must return ErrorCode::INVALID_OPERATION_HANDLE.
+ *
+ * == Authorization Enforcement ==
+ *
+ * Key authorization enforcement is performed primarily in begin(). The one exception is the
+ * case where the key has:
+ *
+ * o One or more Tag::USER_SECURE_IDs, and
+ *
+ * o Does not have a Tag::AUTH_TIMEOUT
+ *
+ * In this case, the key requires an authorization per operation, and the update method must
+ * receive a non-null and valid HardwareAuthToken. For the auth token to be valid, all of the
+ * following has to be true:
+ *
+ * o The HMAC field must validate correctly.
+ *
+ * o At least one of the Tag::USER_SECURE_ID values from the key must match at least one of
+ * the secure ID values in the token.
+ *
+ * o The key must have a Tag::USER_AUTH_TYPE that matches the auth type in the token.
+ *
+ * o The challenge field in the auth token must contain the operationHandle
+ *
+ * If any of these conditions are not met, update() must return
+ * ErrorCode::KEY_USER_NOT_AUTHENTICATED.
+ *
+ * The caller must provide the auth token on every call to updateAad(), update() and finish().
+ *
+ *
+ * For GCM encryption, the AEAD tag must be appended to the ciphertext by finish(). During
+ * decryption, the last Tag::MAC_LENGTH bytes of the data provided to the last update call must
+ * be the AEAD tag. Since a given invocation of update cannot know if it's the last invocation,
+ * it must process all but the tag length and buffer the possible tag data for processing during
+ * finish().
+ *
+ * @param input Additional Authentication Data to be processed.
+ *
+ * @param authToken Authentication token. Can be nullable if not provided.
+ *
+ * @param timeStampToken timestamp token, certifies the freshness of an auth token in case
+ * the security domain of this KeyMint instance has a different clock than the
+ * authenticator issuing the auth token.
+ *
+ * @return error Returns ErrorCode encountered in keymint as service specific errors. See the
+ * ErrorCode enum in ErrorCode.aidl.
+ */
+ void updateAad(in byte[] input, in @nullable HardwareAuthToken authToken,
+ in @nullable TimeStampToken timeStampToken);
+
+ /**
* Provides data to, and possibly receives output from, an ongoing cryptographic operation begun
* with begin().
*
@@ -96,53 +156,28 @@
*
* -- AES keys --
*
- * AES GCM mode supports "associated authentication data," provided via the Tag::ASSOCIATED_DATA
- * tag in the inParams argument. The associated data may be provided in repeated calls
- * (important if the data is too large to send in a single block) but must always precede data
- * to be encrypted or decrypted. An update call may receive both associated data and data to
- * encrypt/decrypt, but subsequent updates must not include associated data. If the caller
- * provides associated data to an update call after a call that includes data to
- * encrypt/decrypt, update() must return ErrorCode::INVALID_TAG.
- *
* For GCM encryption, the AEAD tag must be appended to the ciphertext by finish(). During
* decryption, the last Tag::MAC_LENGTH bytes of the data provided to the last update call must
* be the AEAD tag. Since a given invocation of update cannot know if it's the last invocation,
* it must process all but the tag length and buffer the possible tag data for processing during
* finish().
*
- * TODO: update() needs to be refactored b/168665179.
- *
- * @param inParams Additional parameters for the operation. For AEAD modes, this is used to
- * specify Tag::ADDITIONAL_DATA. Note that additional data may be provided in multiple
- * calls to update(), but only until input data has been provided.
- *
* @param input Data to be processed. Note that update() may or may not consume all of the data
* provided. See return value.
*
- * @param inTimeStampToken timestamp token, certifies the freshness of an auth token in case
- * the security domain of this KeyMint instance has a different clock than the
- * authenticator issuing the auth token.
+ * @param authToken Authentication token. Can be nullable if not provided.
+ *
+ * @param timeStampToken certifies the freshness of an auth token in case the security domain of
+ * this KeyMint instance has a different clock than the authenticator issuing the auth
+ * token.
*
* @return error Returns ErrorCode encountered in keymint as service specific errors. See the
* ErrorCode enum in ErrorCode.aidl.
*
- * @return int Amount of data that was consumed by update(). If this is less than the
- * amount provided, the caller may provide the remainder in a subsequent call to
- * update() or finish(). Every call to update must consume at least one byte, unless
- * the input is empty, and implementations should consume as much data as reasonably
- * possible for each call.
- *
- * @return outParams returns the updated key parameters from the blob, if needed.
- * operation.
- *
- * @return out variable output The output data, if any.
+ * @return byte[] The output data, if any.
*/
- int update(in @nullable KeyParameterArray inParams,
- in @nullable byte[] input,
- in @nullable HardwareAuthToken inAuthToken,
- in @nullable TimeStampToken inTimeStampToken,
- out @nullable KeyParameterArray outParams,
- out @nullable ByteArray output);
+ byte[] update(in byte[] input, in @nullable HardwareAuthToken authToken,
+ in @nullable TimeStampToken timeStampToken);
/**
* Finalizes a cryptographic operation begun with begin() and invalidates operation.
@@ -229,8 +264,7 @@
*
* TODO: update() will need to be refactored into 2 function. b/168665179.
*
- * @param inParams Additional parameters for the operation. For AEAD modes, this is used to
- * specify Tag::ADDITIONAL_DATA, but only if no input data was provided to update().
+ * @param inParams Additional parameters for the operation.
*
* @param input Data to be processed, per the parameters established in the call to begin().
* finish() must consume all provided data or return ErrorCode::INVALID_INPUT_LENGTH.
@@ -240,19 +274,21 @@
*
* @param authToken Authentication token. Can be nullable if not provided.
*
- * @param inTimeStampToken timestamp token, certifies the freshness of an auth token in case
- * the security domain of this KeyMint instance has a different clock than the
- * authenticator issuing the auth token.
+ * @param timestampToken certifies the freshness of an auth token in case the security domain of
+ * this KeyMint instance has a different clock than the authenticator issuing the auth
+ * token.
*
- * @return outParams Any output parameters generated by finish().
+ * @param confirmationToken is the confirmation token required by keys with
+ * Tag::TRUSTED_CONFIRMATION_REQUIRED.
*
* @return The output data, if any.
+ *
+ * @return outParams Any output parameters generated by finish().
*/
- byte[] finish(in @nullable KeyParameterArray inParams, in @nullable byte[] input,
- in @nullable byte[] inSignature,
- in @nullable HardwareAuthToken authToken,
- in @nullable TimeStampToken inTimeStampToken,
- out @nullable KeyParameterArray outParams);
+ byte[] finish(in @nullable byte[] input, in @nullable byte[] signature,
+ in @nullable HardwareAuthToken authToken,
+ in @nullable TimeStampToken timestampToken,
+ in @nullable byte[] confirmationToken);
/**
* Aborts a cryptographic operation begun with begin(), freeing all internal resources. If an
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl
index edd4d8f..3a32e4d 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl
@@ -31,6 +31,6 @@
*/
@VintfStability
parcelable KeyCharacteristics {
- SecurityLevel securityLevel;
+ SecurityLevel securityLevel = SecurityLevel.SOFTWARE;
KeyParameter[] authorizations;
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
index 2fcaf4c..ae0d152 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
@@ -34,7 +34,7 @@
/* securityLevel is the security level of the IKeyMintDevice implementation accessed
* through this aidl package. */
- SecurityLevel securityLevel;
+ SecurityLevel securityLevel = SecurityLevel.SOFTWARE;
/* keyMintName is the name of the IKeyMintDevice implementation. */
@utf8InCpp String keyMintName;
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl
index f3ed96b..bf6c9b2 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl
@@ -16,8 +16,8 @@
package android.hardware.security.keymint;
-import android.hardware.security.keymint.Tag;
import android.hardware.security.keymint.KeyParameterValue;
+import android.hardware.security.keymint.Tag;
/**
* Identifies the key authorization parameters to be used with keyMint. This is usually
@@ -26,6 +26,6 @@
@VintfStability
@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
parcelable KeyParameter {
- Tag tag;
+ Tag tag = Tag.INVALID;
KeyParameterValue value;
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl
deleted file mode 100644
index acab435..0000000
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl
+++ /dev/null
@@ -1,31 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.hardware.security.keymint;
-
-import android.hardware.security.keymint.KeyParameter;
-
-/**
- * Identifies the key authorization parameters to be used with keyMint. This is usually
- * provided as an array of KeyParameters to IKeyMintDevice or Operation.
- */
-@VintfStability
-parcelable KeyParameterArray {
- /**
- * Identify list of key parameters corresponding to a particular key blob.
- */
- KeyParameter[] params;
-}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index 4f58cbe..aa9aa6f 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -883,11 +883,7 @@
STORAGE_KEY = (7 << 28) /* TagType:BOOL */ | 722,
/**
- * Tag::ASSOCIATED_DATA Provides "associated data" for AES-GCM encryption or decryption. This
- * tag is provided to update and specifies data that is not encrypted/decrypted, but is used in
- * computing the GCM tag.
- *
- * Must never appear KeyCharacteristics.
+ * TODO: Delete when keystore1 is deleted.
*/
ASSOCIATED_DATA = (9 << 28) /* TagType:BYTES */ | 1000,
@@ -964,4 +960,15 @@
* or importKey.
*/
CERTIFICATE_NOT_AFTER = (6 << 28) /* TagType:DATE */ | 1009,
+
+ /**
+ * Tag::MAX_BOOT_LEVEL specifies a maximum boot level at which a key should function.
+ *
+ * Over the course of the init process, the boot level will be raised to
+ * monotonically increasing integer values. Implementations MUST NOT allow the key
+ * to be used once the boot level advances beyond the value of this tag.
+ *
+ * Cannot be hardware enforced in this version.
+ */
+ MAX_BOOT_LEVEL = (3 << 28) /* TagType:UINT */ | 1010,
}
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index d61a081..3e87b6b 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -386,122 +386,50 @@
return result;
}
-ErrorCode KeyMintAidlTestBase::Update(const AuthorizationSet& in_params, const string& input,
- AuthorizationSet* out_params, string* output,
- int32_t* input_consumed) {
+ErrorCode KeyMintAidlTestBase::UpdateAad(const string& input) {
+ return GetReturnErrorCode(op_->updateAad(vector<uint8_t>(input.begin(), input.end()),
+ {} /* hardwareAuthToken */,
+ {} /* verificationToken */));
+}
+
+ErrorCode KeyMintAidlTestBase::Update(const string& input, string* output) {
SCOPED_TRACE("Update");
Status result;
- EXPECT_NE(op_, nullptr);
- if (!op_) {
- return ErrorCode::UNEXPECTED_NULL_POINTER;
- }
+ if (!output) return ErrorCode::UNEXPECTED_NULL_POINTER;
- KeyParameterArray key_params;
- key_params.params = in_params.vector_data();
+ std::vector<uint8_t> o_put;
+ result = op_->update(vector<uint8_t>(input.begin(), input.end()), {}, {}, &o_put);
- KeyParameterArray in_keyParams;
- in_keyParams.params = in_params.vector_data();
-
- optional<KeyParameterArray> out_keyParams;
- optional<ByteArray> o_put;
- result = op_->update(in_keyParams, vector<uint8_t>(input.begin(), input.end()), {}, {},
- &out_keyParams, &o_put, input_consumed);
-
- if (result.isOk()) {
- if (o_put) {
- output->append(o_put->data.begin(), o_put->data.end());
- }
-
- if (out_keyParams) {
- out_params->push_back(AuthorizationSet(out_keyParams->params));
- }
- }
+ if (result.isOk()) output->append(o_put.begin(), o_put.end());
return GetReturnErrorCode(result);
}
-ErrorCode KeyMintAidlTestBase::Update(const string& input, string* out, int32_t* input_consumed) {
- SCOPED_TRACE("Update");
- AuthorizationSet out_params;
- ErrorCode result =
- Update(AuthorizationSet() /* in_params */, input, &out_params, out, input_consumed);
- EXPECT_TRUE(out_params.empty());
- return result;
-}
-
-ErrorCode KeyMintAidlTestBase::Finish(const AuthorizationSet& in_params, const string& input,
- const string& signature, AuthorizationSet* out_params,
+ErrorCode KeyMintAidlTestBase::Finish(const string& input, const string& signature,
string* output) {
SCOPED_TRACE("Finish");
Status result;
EXPECT_NE(op_, nullptr);
- if (!op_) {
- return ErrorCode::UNEXPECTED_NULL_POINTER;
- }
-
- KeyParameterArray key_params;
- key_params.params = in_params.vector_data();
-
- KeyParameterArray in_keyParams;
- in_keyParams.params = in_params.vector_data();
-
- optional<KeyParameterArray> out_keyParams;
- optional<vector<uint8_t>> o_put;
+ if (!op_) return ErrorCode::UNEXPECTED_NULL_POINTER;
vector<uint8_t> oPut;
- result = op_->finish(in_keyParams, vector<uint8_t>(input.begin(), input.end()),
- vector<uint8_t>(signature.begin(), signature.end()), {}, {},
- &out_keyParams, &oPut);
+ result = op_->finish(vector<uint8_t>(input.begin(), input.end()),
+ vector<uint8_t>(signature.begin(), signature.end()), {} /* authToken */,
+ {} /* timestampToken */, {} /* confirmationToken */, &oPut);
- if (result.isOk()) {
- if (out_keyParams) {
- out_params->push_back(AuthorizationSet(out_keyParams->params));
- }
+ if (result.isOk()) output->append(oPut.begin(), oPut.end());
- output->append(oPut.begin(), oPut.end());
- }
-
- op_.reset();
+ op_ = {};
return GetReturnErrorCode(result);
}
-ErrorCode KeyMintAidlTestBase::Finish(const string& message, string* output) {
- SCOPED_TRACE("Finish");
- AuthorizationSet out_params;
- string finish_output;
- ErrorCode result = Finish(AuthorizationSet() /* in_params */, message, "" /* signature */,
- &out_params, output);
- if (result != ErrorCode::OK) {
- return result;
- }
- EXPECT_EQ(0U, out_params.size());
- return result;
-}
-
-ErrorCode KeyMintAidlTestBase::Finish(const string& message, const string& signature,
- string* output) {
- SCOPED_TRACE("Finish");
- AuthorizationSet out_params;
- ErrorCode result =
- Finish(AuthorizationSet() /* in_params */, message, signature, &out_params, output);
-
- if (result != ErrorCode::OK) {
- return result;
- }
-
- EXPECT_EQ(0U, out_params.size());
- return result;
-}
-
ErrorCode KeyMintAidlTestBase::Abort(const std::shared_ptr<IKeyMintOperation>& op) {
SCOPED_TRACE("Abort");
EXPECT_NE(op, nullptr);
- if (!op) {
- return ErrorCode::UNEXPECTED_NULL_POINTER;
- }
+ if (!op) return ErrorCode::UNEXPECTED_NULL_POINTER;
Status retval = op->abort();
EXPECT_TRUE(retval.isOk());
@@ -512,9 +440,7 @@
SCOPED_TRACE("Abort");
EXPECT_NE(op_, nullptr);
- if (!op_) {
- return ErrorCode::UNEXPECTED_NULL_POINTER;
- }
+ if (!op_) return ErrorCode::UNEXPECTED_NULL_POINTER;
Status retval = op_->abort();
return static_cast<ErrorCode>(retval.getServiceSpecificError());
@@ -530,30 +456,13 @@
auto KeyMintAidlTestBase::ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
const string& message, const AuthorizationSet& in_params)
- -> std::tuple<ErrorCode, string, AuthorizationSet /* out_params */> {
+ -> std::tuple<ErrorCode, string> {
AuthorizationSet begin_out_params;
ErrorCode result = Begin(operation, key_blob, in_params, &begin_out_params);
- AuthorizationSet out_params(std::move(begin_out_params));
- if (result != ErrorCode::OK) {
- return {result, {}, out_params};
- }
+ if (result != ErrorCode::OK) return {result, {}};
string output;
- int32_t consumed = 0;
- AuthorizationSet update_params;
- AuthorizationSet update_out_params;
- result = Update(update_params, message, &update_out_params, &output, &consumed);
- out_params.push_back(update_out_params);
- if (result != ErrorCode::OK) {
- return {result, output, out_params};
- }
-
- string unused;
- AuthorizationSet finish_params;
- AuthorizationSet finish_out_params;
- result = Finish(finish_params, message.substr(consumed), unused, &finish_out_params, &output);
- out_params.push_back(finish_out_params);
- return {result, output, out_params};
+ return {Finish(message, &output), output};
}
string KeyMintAidlTestBase::ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
@@ -561,30 +470,14 @@
AuthorizationSet* out_params) {
SCOPED_TRACE("ProcessMessage");
AuthorizationSet begin_out_params;
- ErrorCode result = Begin(operation, key_blob, in_params, &begin_out_params);
+ ErrorCode result = Begin(operation, key_blob, in_params, out_params);
EXPECT_EQ(ErrorCode::OK, result);
if (result != ErrorCode::OK) {
return "";
}
string output;
- int32_t consumed = 0;
- AuthorizationSet update_params;
- AuthorizationSet update_out_params;
- result = Update(update_params, message, &update_out_params, &output, &consumed);
- EXPECT_EQ(ErrorCode::OK, result);
- if (result != ErrorCode::OK) {
- return "";
- }
-
- string unused;
- AuthorizationSet finish_params;
- AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message.substr(consumed), unused, &finish_out_params, &output));
-
- out_params->push_back(begin_out_params);
- out_params->push_back(finish_out_params);
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &output));
return output;
}
@@ -674,21 +567,9 @@
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params));
string output;
- AuthorizationSet update_params;
- AuthorizationSet update_out_params;
- int32_t consumed;
- ASSERT_EQ(ErrorCode::OK,
- Update(update_params, message, &update_out_params, &output, &consumed));
+ EXPECT_EQ(ErrorCode::OK, Finish(message, signature, &output));
EXPECT_TRUE(output.empty());
- EXPECT_GT(consumed, 0U);
-
- string unused;
- AuthorizationSet finish_params;
- AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK, Finish(finish_params, message.substr(consumed), signature,
- &finish_out_params, &output));
- op_.reset();
- EXPECT_TRUE(output.empty());
+ op_ = {};
}
void KeyMintAidlTestBase::VerifyMessage(const string& message, const string& signature,
@@ -955,14 +836,14 @@
}
ErrorCode KeyMintAidlTestBase::UseAesKey(const vector<uint8_t>& aesKeyBlob) {
- auto [result, ciphertext, out_params] = ProcessMessage(
+ auto [result, ciphertext] = ProcessMessage(
aesKeyBlob, KeyPurpose::ENCRYPT, "1234567890123456",
AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE));
return result;
}
ErrorCode KeyMintAidlTestBase::UseHmacKey(const vector<uint8_t>& hmacKeyBlob) {
- auto [result, mac, out_params] = ProcessMessage(
+ auto [result, mac] = ProcessMessage(
hmacKeyBlob, KeyPurpose::SIGN, "1234567890123456",
AuthorizationSetBuilder().Authorization(TAG_MAC_LENGTH, 128).Digest(Digest::SHA_2_256));
return result;
@@ -970,16 +851,15 @@
ErrorCode KeyMintAidlTestBase::UseRsaKey(const vector<uint8_t>& rsaKeyBlob) {
std::string message(2048 / 8, 'a');
- auto [result, signature, out_params] = ProcessMessage(
+ auto [result, signature] = ProcessMessage(
rsaKeyBlob, KeyPurpose::SIGN, message,
AuthorizationSetBuilder().Digest(Digest::NONE).Padding(PaddingMode::NONE));
return result;
}
ErrorCode KeyMintAidlTestBase::UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob) {
- auto [result, signature, out_params] =
- ProcessMessage(ecdsaKeyBlob, KeyPurpose::SIGN, "a",
- AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
+ auto [result, signature] = ProcessMessage(ecdsaKeyBlob, KeyPurpose::SIGN, "a",
+ AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
return result;
}
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 452d2b6..e79fe80 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -112,15 +112,14 @@
AuthorizationSet* out_params);
ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
- ErrorCode Update(const AuthorizationSet& in_params, const string& input,
- AuthorizationSet* out_params, string* output, int32_t* input_consumed);
- ErrorCode Update(const string& input, string* out, int32_t* input_consumed);
+ ErrorCode UpdateAad(const string& input);
+ ErrorCode Update(const string& input, string* output);
- ErrorCode Finish(const AuthorizationSet& in_params, const string& input,
- const string& signature, AuthorizationSet* out_params, string* output);
- ErrorCode Finish(const string& message, string* output);
ErrorCode Finish(const string& message, const string& signature, string* output);
- ErrorCode Finish(string* output) { return Finish(string(), output); }
+ ErrorCode Finish(const string& message, string* output) {
+ return Finish(message, {} /* signature */, output);
+ }
+ ErrorCode Finish(string* output) { return Finish({} /* message */, output); }
ErrorCode Abort();
ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op);
@@ -129,9 +128,9 @@
string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
const string& message, const AuthorizationSet& in_params,
AuthorizationSet* out_params);
- std::tuple<ErrorCode, std::string /* processedMessage */, AuthorizationSet /* out_params */>
- ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
- const std::string& message, const AuthorizationSet& in_params);
+ std::tuple<ErrorCode, std::string /* processedMessage */> ProcessMessage(
+ const vector<uint8_t>& key_blob, KeyPurpose operation, const std::string& message,
+ const AuthorizationSet& in_params);
string SignMessage(const vector<uint8_t>& key_blob, const string& message,
const AuthorizationSet& params);
string SignMessage(const string& message, const AuthorizationSet& params);
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 71aae90..f8eca6b 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -2751,39 +2751,22 @@
for (int increment = 1; increment <= 240; ++increment) {
for (auto block_mode : block_modes) {
string message(240, 'a');
- auto params = AuthorizationSetBuilder()
- .BlockMode(block_mode)
- .Padding(PaddingMode::NONE)
- .Authorization(TAG_MAC_LENGTH, 128) /* for GCM */;
+ auto params =
+ AuthorizationSetBuilder().BlockMode(block_mode).Padding(PaddingMode::NONE);
+ if (block_mode == BlockMode::GCM) {
+ params.Authorization(TAG_MAC_LENGTH, 128) /* for GCM */;
+ }
AuthorizationSet output_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &output_params));
string ciphertext;
- int32_t input_consumed;
string to_send;
for (size_t i = 0; i < message.size(); i += increment) {
- to_send.append(message.substr(i, increment));
- EXPECT_EQ(ErrorCode::OK, Update(to_send, &ciphertext, &input_consumed));
- EXPECT_EQ(to_send.length(), input_consumed);
- to_send = to_send.substr(input_consumed);
- EXPECT_EQ(0U, to_send.length());
-
- switch (block_mode) {
- case BlockMode::ECB:
- case BlockMode::CBC:
- // Implementations must take as many blocks as possible, leaving less
- // than a block.
- EXPECT_LE(to_send.length(), 16U);
- break;
- case BlockMode::GCM:
- case BlockMode::CTR:
- // Implementations must always take all the data.
- EXPECT_EQ(0U, to_send.length());
- break;
- }
+ EXPECT_EQ(ErrorCode::OK, Update(message.substr(i, increment), &ciphertext));
}
- EXPECT_EQ(ErrorCode::OK, Finish(to_send, &ciphertext)) << "Error sending " << to_send;
+ EXPECT_EQ(ErrorCode::OK, Finish(to_send, &ciphertext))
+ << "Error sending " << to_send << " with block mode " << block_mode;
switch (block_mode) {
case BlockMode::GCM:
@@ -2818,9 +2801,7 @@
string plaintext;
for (size_t i = 0; i < ciphertext.size(); i += increment) {
- to_send.append(ciphertext.substr(i, increment));
- EXPECT_EQ(ErrorCode::OK, Update(to_send, &plaintext, &input_consumed));
- to_send = to_send.substr(input_consumed);
+ EXPECT_EQ(ErrorCode::OK, Update(ciphertext.substr(i, increment), &plaintext));
}
ErrorCode error = Finish(to_send, &plaintext);
ASSERT_EQ(ErrorCode::OK, error) << "Decryption failed for block mode " << block_mode
@@ -3077,17 +3058,13 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params))
<< "Begin encrypt";
string ciphertext;
- AuthorizationSet update_out_params;
- ASSERT_EQ(ErrorCode::OK, Finish(update_params, message, "", &update_out_params, &ciphertext));
-
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
+ ASSERT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
ASSERT_EQ(ciphertext.length(), message.length() + 16);
// Grab nonce
@@ -3095,12 +3072,9 @@
// Decrypt.
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)) << "Begin decrypt";
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
string plaintext;
- int32_t input_consumed;
- ASSERT_EQ(ErrorCode::OK,
- Update(update_params, ciphertext, &update_out_params, &plaintext, &input_consumed));
- EXPECT_EQ(ciphertext.size(), input_consumed);
- EXPECT_EQ(ErrorCode::OK, Finish("", &plaintext));
+ EXPECT_EQ(ErrorCode::OK, Finish(ciphertext, &plaintext));
EXPECT_EQ(message.length(), plaintext.length());
EXPECT_EQ(message, plaintext);
}
@@ -3127,17 +3101,15 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params))
<< "Begin encrypt";
string ciphertext;
AuthorizationSet update_out_params;
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
sleep(5);
- ASSERT_EQ(ErrorCode::OK, Finish(update_params, message, "", &update_out_params, &ciphertext));
+ ASSERT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
ASSERT_EQ(ciphertext.length(), message.length() + 16);
@@ -3147,11 +3119,9 @@
// Decrypt.
ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params)) << "Begin decrypt";
string plaintext;
- int32_t input_consumed;
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
sleep(5);
- ASSERT_EQ(ErrorCode::OK,
- Update(update_params, ciphertext, &update_out_params, &plaintext, &input_consumed));
- EXPECT_EQ(ciphertext.size(), input_consumed);
+ ASSERT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
sleep(5);
EXPECT_EQ(ErrorCode::OK, Finish("", &plaintext));
EXPECT_EQ(message.length(), plaintext.length());
@@ -3230,9 +3200,6 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
@@ -3241,8 +3208,8 @@
AuthorizationSet finish_out_params;
string ciphertext;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message, "" /* signature */, &finish_out_params, &ciphertext));
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
params = AuthorizationSetBuilder()
.Authorizations(begin_out_params)
@@ -3326,16 +3293,13 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
string ciphertext;
AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK, Finish(finish_params, "" /* input */, "" /* signature */,
- &finish_out_params, &ciphertext));
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
+ EXPECT_EQ(ErrorCode::OK, Finish(&ciphertext));
EXPECT_TRUE(finish_out_params.empty());
// Grab nonce
@@ -3343,9 +3307,9 @@
// Decrypt.
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
+ ASSERT_EQ(ErrorCode::OK, UpdateAad(aad));
string plaintext;
- EXPECT_EQ(ErrorCode::OK, Finish(finish_params, ciphertext, "" /* signature */,
- &finish_out_params, &plaintext));
+ EXPECT_EQ(ErrorCode::OK, Finish(ciphertext, &plaintext));
EXPECT_TRUE(finish_out_params.empty());
@@ -3374,43 +3338,26 @@
.Authorization(TAG_MAC_LENGTH, tag_bits);
AuthorizationSet begin_out_params;
- auto update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foo", (size_t)3);
-
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
// No data, AAD only.
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
string ciphertext;
- int32_t input_consumed;
- AuthorizationSet update_out_params;
- EXPECT_EQ(ErrorCode::OK, Update(update_params, "" /* input */, &update_out_params, &ciphertext,
- &input_consumed));
- EXPECT_EQ(0U, input_consumed);
- EXPECT_EQ(0U, ciphertext.size());
- EXPECT_TRUE(update_out_params.empty());
+ EXPECT_EQ(ErrorCode::OK, Update(message, &ciphertext));
+ EXPECT_EQ(ErrorCode::OK, Finish(&ciphertext));
- // AAD and data.
- EXPECT_EQ(ErrorCode::OK,
- Update(update_params, message, &update_out_params, &ciphertext, &input_consumed));
- EXPECT_EQ(message.size(), input_consumed);
- EXPECT_TRUE(update_out_params.empty());
-
- EXPECT_EQ(ErrorCode::OK, Finish("" /* input */, &ciphertext));
// Expect 128-bit (16-byte) tag appended to ciphertext.
- EXPECT_EQ(message.size() + (tag_bits >> 3), ciphertext.size());
+ EXPECT_EQ(message.size() + (tag_bits / 8), ciphertext.size());
// Grab nonce.
begin_params.push_back(begin_out_params);
// Decrypt
- update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foofoo", (size_t)6);
-
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foofoo"));
string plaintext;
- EXPECT_EQ(ErrorCode::OK, Finish(update_params, ciphertext, "" /* signature */,
- &update_out_params, &plaintext));
- EXPECT_TRUE(update_out_params.empty());
+ EXPECT_EQ(ErrorCode::OK, Finish(ciphertext, &plaintext));
EXPECT_EQ(message, plaintext);
}
@@ -3434,32 +3381,14 @@
.Authorization(TAG_MAC_LENGTH, 128);
AuthorizationSet begin_out_params;
- auto update_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foo", (size_t)3);
-
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
- // No data, AAD only.
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foo"));
string ciphertext;
- int32_t input_consumed;
- AuthorizationSet update_out_params;
- EXPECT_EQ(ErrorCode::OK, Update(update_params, "" /* input */, &update_out_params, &ciphertext,
- &input_consumed));
- EXPECT_EQ(0U, input_consumed);
- EXPECT_EQ(0U, ciphertext.size());
- EXPECT_TRUE(update_out_params.empty());
+ EXPECT_EQ(ErrorCode::OK, Update(message, &ciphertext));
+ EXPECT_EQ(ErrorCode::INVALID_TAG, UpdateAad("foo"));
- // AAD and data.
- EXPECT_EQ(ErrorCode::OK,
- Update(update_params, message, &update_out_params, &ciphertext, &input_consumed));
- EXPECT_EQ(message.size(), input_consumed);
- EXPECT_TRUE(update_out_params.empty());
-
- // More AAD
- EXPECT_EQ(ErrorCode::INVALID_TAG,
- Update(update_params, "", &update_out_params, &ciphertext, &input_consumed));
-
- op_.reset();
+ op_ = {};
}
/*
@@ -3481,28 +3410,21 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foobar", (size_t)6);
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
string ciphertext;
- AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message, "" /* signature */, &finish_out_params, &ciphertext));
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
// Grab nonce
begin_params.push_back(begin_out_params);
- finish_params = AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA,
- "barfoo" /* Wrong AAD */, (size_t)6);
-
// Decrypt.
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("barfoo"));
string plaintext;
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(finish_params, ciphertext, "" /* signature */,
- &finish_out_params, &plaintext));
+ EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
}
/*
@@ -3524,25 +3446,22 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, "foobar", (size_t)6);
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, begin_params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
string ciphertext;
AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message, "" /* signature */, &finish_out_params, &ciphertext));
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
// Wrong nonce
begin_params.push_back(TAG_NONCE, AidlBuf("123456789012"));
// Decrypt.
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad("foobar"));
string plaintext;
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(finish_params, ciphertext, "" /* signature */,
- &finish_out_params, &plaintext));
+ EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
// With wrong nonce, should have gotten garbage plaintext (or none).
EXPECT_NE(message, plaintext);
@@ -3569,17 +3488,12 @@
.Padding(PaddingMode::NONE)
.Authorization(TAG_MAC_LENGTH, 128);
- auto finish_params =
- AuthorizationSetBuilder().Authorization(TAG_ASSOCIATED_DATA, aad.data(), aad.size());
-
// Encrypt
AuthorizationSet begin_out_params;
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));
string ciphertext;
- AuthorizationSet finish_out_params;
- EXPECT_EQ(ErrorCode::OK,
- Finish(finish_params, message, "" /* signature */, &finish_out_params, &ciphertext));
- EXPECT_TRUE(finish_out_params.empty());
+ EXPECT_EQ(ErrorCode::OK, Finish(message, &ciphertext));
// Corrupt tag
++(*ciphertext.rbegin());
@@ -3589,10 +3503,9 @@
// Decrypt.
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, params));
+ EXPECT_EQ(ErrorCode::OK, UpdateAad(aad));
string plaintext;
- EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(finish_params, ciphertext, "" /* signature */,
- &finish_out_params, &plaintext));
- EXPECT_TRUE(finish_out_params.empty());
+ EXPECT_EQ(ErrorCode::VERIFICATION_FAILED, Finish(ciphertext, &plaintext));
}
/*
@@ -3704,9 +3617,7 @@
begin_params.push_back(TAG_PADDING, PaddingMode::PKCS7);
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
string plaintext;
- int32_t input_consumed;
- EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext, &input_consumed));
- EXPECT_EQ(ciphertext.size(), input_consumed);
+ EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(&plaintext));
}
@@ -4020,9 +3931,7 @@
.Authorization(TAG_NONCE, iv);
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, begin_params));
string plaintext;
- int32_t input_consumed;
- EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext, &input_consumed));
- EXPECT_EQ(ciphertext.size(), input_consumed);
+ EXPECT_EQ(ErrorCode::OK, Update(ciphertext, &plaintext));
EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, Finish(&plaintext));
}
@@ -4046,10 +3955,8 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, input_params, &output_params));
string ciphertext;
- int32_t input_consumed;
for (size_t i = 0; i < message.size(); i += increment)
- EXPECT_EQ(ErrorCode::OK,
- Update(message.substr(i, increment), &ciphertext, &input_consumed));
+ EXPECT_EQ(ErrorCode::OK, Update(message.substr(i, increment), &ciphertext));
EXPECT_EQ(ErrorCode::OK, Finish(&ciphertext));
EXPECT_EQ(message.size(), ciphertext.size());
@@ -4062,8 +3969,7 @@
EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, input_params, &output_params));
string plaintext;
for (size_t i = 0; i < ciphertext.size(); i += increment)
- EXPECT_EQ(ErrorCode::OK,
- Update(ciphertext.substr(i, increment), &plaintext, &input_consumed));
+ EXPECT_EQ(ErrorCode::OK, Update(ciphertext.substr(i, increment), &plaintext));
EXPECT_EQ(ErrorCode::OK, Finish(&plaintext));
EXPECT_EQ(ciphertext.size(), plaintext.size());
EXPECT_EQ(message, plaintext);
diff --git a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
index f87ca78..6c795f5 100644
--- a/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
+++ b/security/keymint/aidl/vts/performance/KeyMintBenchmark.cpp
@@ -206,41 +206,15 @@
return std::move(builder);
}
- optional<string> Process(const string& message, const AuthorizationSet& /*in_params*/,
- AuthorizationSet* out_params, const string& signature = "") {
- static const int HIDL_BUFFER_LIMIT = 1 << 14; // 16KB
+ optional<string> Process(const string& message, const string& signature = "") {
ErrorCode result;
- // Update
- AuthorizationSet update_params;
- AuthorizationSet update_out_params;
string output;
- string aidl_output;
- int32_t input_consumed = 0;
- int32_t aidl_input_consumed = 0;
- while (message.length() - input_consumed > 0) {
- result = Update(update_params, message.substr(input_consumed, HIDL_BUFFER_LIMIT),
- &update_out_params, &aidl_output, &aidl_input_consumed);
- if (result != ErrorCode::OK) {
- error_ = result;
- return {};
- }
- output.append(aidl_output);
- input_consumed += aidl_input_consumed;
- aidl_output.clear();
- }
-
- // Finish
- AuthorizationSet finish_params;
- AuthorizationSet finish_out_params;
- result = Finish(finish_params, message.substr(input_consumed), signature,
- &finish_out_params, &aidl_output);
+ result = Finish(message, signature, &output);
if (result != ErrorCode::OK) {
error_ = result;
return {};
}
- output.append(aidl_output);
- out_params->push_back(finish_out_params);
return output;
}
@@ -296,66 +270,36 @@
name_.assign(info.keyMintName.begin(), info.keyMintName.end());
}
- ErrorCode Finish(const AuthorizationSet& in_params, const string& input,
- const string& signature, AuthorizationSet* out_params, string* output) {
- Status result;
+ ErrorCode Finish(const string& input, const string& signature, string* output) {
if (!op_) {
std::cerr << "Finish: Operation is nullptr" << std::endl;
return ErrorCode::UNEXPECTED_NULL_POINTER;
}
- KeyParameterArray key_params;
- key_params.params = in_params.vector_data();
-
- KeyParameterArray in_keyParams;
- in_keyParams.params = in_params.vector_data();
-
- std::optional<KeyParameterArray> out_keyParams;
- std::optional<vector<uint8_t>> o_put;
vector<uint8_t> oPut;
- result = op_->finish(in_keyParams, vector<uint8_t>(input.begin(), input.end()),
- vector<uint8_t>(signature.begin(), signature.end()), {}, {},
- &out_keyParams, &oPut);
+ Status result =
+ op_->finish(vector<uint8_t>(input.begin(), input.end()),
+ vector<uint8_t>(signature.begin(), signature.end()), {} /* authToken */,
+ {} /* timestampToken */, {} /* confirmationToken */, &oPut);
- if (result.isOk()) {
- if (out_keyParams) {
- out_params->push_back(AuthorizationSet(out_keyParams->params));
- }
- output->append(oPut.begin(), oPut.end());
- }
+ if (result.isOk()) output->append(oPut.begin(), oPut.end());
+
op_.reset();
return GetReturnErrorCode(result);
}
- ErrorCode Update(const AuthorizationSet& in_params, const string& input,
- AuthorizationSet* out_params, string* output, int32_t* input_consumed) {
+ ErrorCode Update(const string& input, string* output) {
Status result;
if (!op_) {
std::cerr << "Update: Operation is nullptr" << std::endl;
return ErrorCode::UNEXPECTED_NULL_POINTER;
}
- KeyParameterArray key_params;
- key_params.params = in_params.vector_data();
+ std::vector<uint8_t> o_put;
+ result = op_->update(vector<uint8_t>(input.begin(), input.end()), {} /* authToken */,
+ {} /* timestampToken */, &o_put);
- KeyParameterArray in_keyParams;
- in_keyParams.params = in_params.vector_data();
-
- std::optional<KeyParameterArray> out_keyParams;
- std::optional<ByteArray> o_put;
- result = op_->update(in_keyParams, vector<uint8_t>(input.begin(), input.end()), {}, {},
- &out_keyParams, &o_put, input_consumed);
-
- if (result.isOk()) {
- if (o_put) {
- output->append(o_put->data.begin(), o_put->data.end());
- }
-
- if (out_keyParams) {
- out_params->push_back(AuthorizationSet(out_keyParams->params));
- }
- }
-
+ if (result.isOk() && output) *output = {o_put.begin(), o_put.end()};
return GetReturnErrorCode(result);
}
@@ -493,7 +437,7 @@
}
state.ResumeTiming();
out_params.Clear();
- if (!keymintTest->Process(message, in_params, &out_params)) {
+ if (!keymintTest->Process(message)) {
state.SkipWithError(("Sign error, " + std::to_string(keymintTest->getError())).c_str());
break;
}
@@ -516,7 +460,7 @@
("Error beginning sign, " + std::to_string(keymintTest->getError())).c_str());
return;
}
- std::optional<string> signature = keymintTest->Process(message, in_params, &out_params);
+ std::optional<string> signature = keymintTest->Process(message);
if (!signature) {
state.SkipWithError(("Sign error, " + std::to_string(keymintTest->getError())).c_str());
return;
@@ -534,7 +478,7 @@
return;
}
state.ResumeTiming();
- if (!keymintTest->Process(message, in_params, &out_params, *signature)) {
+ if (!keymintTest->Process(message, *signature)) {
state.SkipWithError(
("Verify error, " + std::to_string(keymintTest->getError())).c_str());
break;
@@ -612,7 +556,7 @@
}
out_params.Clear();
state.ResumeTiming();
- if (!keymintTest->Process(message, in_params, &out_params)) {
+ if (!keymintTest->Process(message)) {
state.SkipWithError(
("Encryption error, " + std::to_string(keymintTest->getError())).c_str());
break;
@@ -636,7 +580,7 @@
("Encryption begin error, " + std::to_string(keymintTest->getError())).c_str());
return;
}
- auto encryptedMessage = keymintTest->Process(message, in_params, &out_params);
+ auto encryptedMessage = keymintTest->Process(message);
if (!encryptedMessage) {
state.SkipWithError(
("Encryption error, " + std::to_string(keymintTest->getError())).c_str());
@@ -653,7 +597,7 @@
return;
}
state.ResumeTiming();
- if (!keymintTest->Process(*encryptedMessage, in_params, &out_params)) {
+ if (!keymintTest->Process(*encryptedMessage)) {
state.SkipWithError(
("Decryption error, " + std::to_string(keymintTest->getError())).c_str());
break;
diff --git a/security/keymint/support/include/keymint_support/keymint_tags.h b/security/keymint/support/include/keymint_support/keymint_tags.h
index 479a11d..ae21125 100644
--- a/security/keymint/support/include/keymint_support/keymint_tags.h
+++ b/security/keymint/support/include/keymint_support/keymint_tags.h
@@ -130,6 +130,7 @@
DECLARE_TYPED_TAG(CERTIFICATE_SUBJECT);
DECLARE_TYPED_TAG(CERTIFICATE_NOT_BEFORE);
DECLARE_TYPED_TAG(CERTIFICATE_NOT_AFTER);
+DECLARE_TYPED_TAG(MAX_BOOT_LEVEL);
#undef DECLARE_TYPED_TAG