Merge "Add list of OuiKeyedData to the Hostapd AIDL IfaceParams type." into main
diff --git a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Spatializer.aidl b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Spatializer.aidl
index 9f97de0..98ecee0 100644
--- a/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Spatializer.aidl
+++ b/audio/aidl/aidl_api/android.hardware.audio.effect/current/android/hardware/audio/effect/Spatializer.aidl
@@ -35,12 +35,13 @@
@VintfStability
union Spatializer {
android.hardware.audio.effect.VendorExtension vendor;
- android.media.audio.common.Spatialization.Level spatializationLevel;
- android.media.audio.common.HeadTracking.Mode headTrackingMode;
android.media.audio.common.AudioChannelLayout[] supportedChannelLayout;
+ android.media.audio.common.Spatialization.Level spatializationLevel;
android.media.audio.common.Spatialization.Mode spatializationMode;
- float[6] headToStage;
- const int HEAD_TO_STAGE_VEC_SIZE = 6;
+ int headTrackingSensorId;
+ android.media.audio.common.HeadTracking.Mode headTrackingMode;
+ android.media.audio.common.HeadTracking.ConnectionMode headTrackingConnectionMode;
+ android.media.audio.common.HeadTracking.SensorData headTrackingSensorData;
@VintfStability
union Id {
android.hardware.audio.effect.VendorExtension vendorExtensionTag;
diff --git a/audio/aidl/android/hardware/audio/effect/Spatializer.aidl b/audio/aidl/android/hardware/audio/effect/Spatializer.aidl
index 4edb2e8..6ebe0d5 100644
--- a/audio/aidl/android/hardware/audio/effect/Spatializer.aidl
+++ b/audio/aidl/android/hardware/audio/effect/Spatializer.aidl
@@ -52,29 +52,37 @@
VendorExtension vendor;
/**
- * Level of spatialization.
- */
- Spatialization.Level spatializationLevel;
-
- /**
- * Head tracking mode for spatialization.
- */
- HeadTracking.Mode headTrackingMode;
-
- /**
* List of supported input channel layouts.
*/
AudioChannelLayout[] supportedChannelLayout;
/**
+ * Level of spatialization.
+ */
+ Spatialization.Level spatializationLevel;
+
+ /**
* Spatialization mode, Binaural or Transaural for example.
*/
Spatialization.Mode spatializationMode;
/**
- * Vector representing of the head-to-stage pose with six floats: first three are a translation
- * vector, and the last three are a rotation vector.
+ * Head tracking sensor ID.
*/
- const int HEAD_TO_STAGE_VEC_SIZE = 6;
- float[HEAD_TO_STAGE_VEC_SIZE] headToStage;
+ int headTrackingSensorId;
+
+ /**
+ * Head tracking mode for spatialization.
+ */
+ HeadTracking.Mode headTrackingMode;
+
+ /**
+ * Head tracking sensor connection mode for spatialization.
+ */
+ HeadTracking.ConnectionMode headTrackingConnectionMode;
+
+ /**
+ * Headtracking sensor data.
+ */
+ HeadTracking.SensorData headTrackingSensorData;
}
diff --git a/audio/aidl/default/acousticEchoCanceler/AcousticEchoCancelerSw.cpp b/audio/aidl/default/acousticEchoCanceler/AcousticEchoCancelerSw.cpp
index 8727232..5e18f1b 100644
--- a/audio/aidl/default/acousticEchoCanceler/AcousticEchoCancelerSw.cpp
+++ b/audio/aidl/default/acousticEchoCanceler/AcousticEchoCancelerSw.cpp
@@ -76,7 +76,7 @@
.proxy = std::nullopt},
.flags = {.type = Flags::Type::PRE_PROC,
.insert = Flags::Insert::FIRST,
- .volume = Flags::Volume::CTRL},
+ .volume = Flags::Volume::NONE},
.name = AcousticEchoCancelerSw::kEffectName,
.implementor = "The Android Open Source Project"},
.capability = AcousticEchoCancelerSw::kCapability};
diff --git a/audio/aidl/default/noiseSuppression/NoiseSuppressionSw.cpp b/audio/aidl/default/noiseSuppression/NoiseSuppressionSw.cpp
index 99f2caf..a3208df 100644
--- a/audio/aidl/default/noiseSuppression/NoiseSuppressionSw.cpp
+++ b/audio/aidl/default/noiseSuppression/NoiseSuppressionSw.cpp
@@ -67,7 +67,7 @@
.proxy = std::nullopt},
.flags = {.type = Flags::Type::PRE_PROC,
.insert = Flags::Insert::FIRST,
- .volume = Flags::Volume::CTRL},
+ .volume = Flags::Volume::NONE},
.name = NoiseSuppressionSw::kEffectName,
.implementor = "The Android Open Source Project"}};
diff --git a/audio/aidl/default/visualizer/VisualizerSw.cpp b/audio/aidl/default/visualizer/VisualizerSw.cpp
index 0909f25..285c102 100644
--- a/audio/aidl/default/visualizer/VisualizerSw.cpp
+++ b/audio/aidl/default/visualizer/VisualizerSw.cpp
@@ -73,7 +73,7 @@
.proxy = std::nullopt},
.flags = {.type = Flags::Type::INSERT,
.insert = Flags::Insert::FIRST,
- .volume = Flags::Volume::CTRL},
+ .volume = Flags::Volume::NONE},
.name = VisualizerSw::kEffectName,
.implementor = "The Android Open Source Project"},
.capability = VisualizerSw::kCapability};
diff --git a/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp b/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
index ca1cea9..aaf9ad4 100644
--- a/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
@@ -596,8 +596,14 @@
Parameter::Id id = Parameter::Id::make<Parameter::Id::commonTag>(Parameter::volumeStereo);
Parameter::VolumeStereo volume = {.left = 10.0, .right = 10.0};
- ASSERT_NO_FATAL_FAILURE(
- setAndGetParameter(id, Parameter::make<Parameter::volumeStereo>(volume)));
+ if (mDescriptor.common.flags.volume == Flags::Volume::CTRL) {
+ Parameter get;
+ EXPECT_IS_OK(mEffect->setParameter(volume));
+ EXPECT_IS_OK(mEffect->getParameter(id, &get));
+ } else {
+ ASSERT_NO_FATAL_FAILURE(
+ setAndGetParameter(id, Parameter::make<Parameter::volumeStereo>(volume)));
+ }
ASSERT_NO_FATAL_FAILURE(command(mEffect, CommandId::STOP));
ASSERT_NO_FATAL_FAILURE(expectState(mEffect, State::IDLE));
diff --git a/automotive/vehicle/2.0/default/common/include/vhal_v2_0/RecurrentTimer.h b/automotive/vehicle/2.0/default/common/include/vhal_v2_0/RecurrentTimer.h
index 0ed8742..0f5987e 100644
--- a/automotive/vehicle/2.0/default/common/include/vhal_v2_0/RecurrentTimer.h
+++ b/automotive/vehicle/2.0/default/common/include/vhal_v2_0/RecurrentTimer.h
@@ -122,21 +122,29 @@
}
std::unique_lock<std::mutex> g(mLock);
+ // mStopRequested might be set to true after we enter the loop. Must check inside
+ // the lock to make sure the value will not change before we start the wait.
+ if (mStopRequested) {
+ return;
+ }
mCond.wait_until(g, nextEventTime); // nextEventTime can be nanoseconds::max()
}
}
void stop() {
- mStopRequested = true;
{
std::lock_guard<std::mutex> g(mLock);
mCookieToEventsMap.clear();
+ // Even though this is atomic, this must be set inside the lock to make sure we will
+ // not change this after we check mStopRequested, but before we start the wait.
+ mStopRequested = true;
}
mCond.notify_one();
if (mTimerThread.joinable()) {
mTimerThread.join();
}
}
+
private:
mutable std::mutex mLock;
std::thread mTimerThread;
diff --git a/bluetooth/audio/utils/aidl_session/BluetoothAudioSession.cpp b/bluetooth/audio/utils/aidl_session/BluetoothAudioSession.cpp
index e5cf53c..c283148 100644
--- a/bluetooth/audio/utils/aidl_session/BluetoothAudioSession.cpp
+++ b/bluetooth/audio/utils/aidl_session/BluetoothAudioSession.cpp
@@ -439,6 +439,9 @@
}
void BluetoothAudioSession::ReportLowLatencyModeAllowedChanged(bool allowed) {
+ if (session_type_ != SessionType::A2DP_HARDWARE_OFFLOAD_ENCODING_DATAPATH) {
+ return;
+ }
std::lock_guard<std::recursive_mutex> guard(mutex_);
low_latency_allowed_ = allowed;
// TODO(b/294498919): Remove this after there is API to update latency mode
diff --git a/compatibility_matrices/compatibility_matrix.9.xml b/compatibility_matrices/compatibility_matrix.9.xml
index d197e5a..2f33a28 100644
--- a/compatibility_matrices/compatibility_matrix.9.xml
+++ b/compatibility_matrices/compatibility_matrix.9.xml
@@ -85,6 +85,14 @@
</interface>
</hal>
<hal format="aidl" optional="true">
+ <name>android.hardware.macsec</name>
+ <version>1</version>
+ <interface>
+ <name>IMacsecPskPlugin</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+ <hal format="aidl" optional="true">
<name>android.hardware.automotive.occupant_awareness</name>
<version>1</version>
<interface>
@@ -296,6 +304,14 @@
<instance>default</instance>
</interface>
</hal>
+ <hal format="aidl" optional="true">
+ <name>android.hardware.security.secretkeeper</name>
+ <version>1</version>
+ <interface>
+ <name>ISecretkeeper</name>
+ <instance>nonsecure</instance>
+ </interface>
+ </hal>
<hal format="aidl" optional="true" updatable-via-apex="true">
<name>android.hardware.security.keymint</name>
<version>1-3</version>
diff --git a/macsec/OWNERS b/macsec/OWNERS
new file mode 100644
index 0000000..6934f86
--- /dev/null
+++ b/macsec/OWNERS
@@ -0,0 +1 @@
+keithmok@google.com
diff --git a/macsec/aidl/Android.bp b/macsec/aidl/Android.bp
new file mode 100644
index 0000000..5e47999
--- /dev/null
+++ b/macsec/aidl/Android.bp
@@ -0,0 +1,40 @@
+//
+// Copyright (C) 2023 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+aidl_interface {
+ name: "android.hardware.macsec",
+ vendor_available: true,
+ srcs: ["android/hardware/macsec/*.aidl"],
+ stability: "vintf",
+ host_supported: true,
+ backend: {
+ java: {
+ enabled: false,
+ },
+ rust: {
+ enabled: false,
+ },
+ },
+}
diff --git a/macsec/aidl/aidl_api/android.hardware.macsec/current/android/hardware/macsec/IMacsecPskPlugin.aidl b/macsec/aidl/aidl_api/android.hardware.macsec/current/android/hardware/macsec/IMacsecPskPlugin.aidl
new file mode 100644
index 0000000..6a93919
--- /dev/null
+++ b/macsec/aidl/aidl_api/android.hardware.macsec/current/android/hardware/macsec/IMacsecPskPlugin.aidl
@@ -0,0 +1,80 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.macsec;
+
+/**
+ * MACSEC (IEEE 802.1AE) pre-shared key plugin for wpa_supplicant
+ *
+ * The goal of this service is to provide function for using the MACSEC CAK
+ *
+ */
+@VintfStability
+interface IMacsecPskPlugin {
+ /**
+ * For xTS test only inject a key to verify implementation correctness, not called in production
+ *
+ * @param keyId is key id to add
+ * @param Connectivity Association Keys (CAK) to set
+ * @param Connectivity Association Key Name (CKN) to set
+ *
+ */
+ void addTestKey(in byte[] keyId, in byte[] CAK, in byte[] CKN);
+
+ /**
+ * Use ICV key do AES CMAC
+ * same as ieee802_1x_icv_aes_cmac in wpa_supplicant
+ *
+ * @param keyId is key id to be used for AES CMAC
+ * @param data, a data pointer to the buffer for calculate the ICV
+ *
+ * @return Integrity check value (ICV).
+ */
+ byte[] calcIcv(in byte[] keyId, in byte[] data);
+
+ /**
+ * KDF with CAK key to generate Secure Association Key (SAK)
+ * same as ieee802_1x_sak_aes_cmac in wpa_supplicant
+ *
+ * @param keyId is key id to be used for KDF
+ * @param data is key seed (random number)
+ * @param sakLength generated SAK length (16 or 32)
+ *
+ * @return Secure Association Key (SAK).
+ */
+ byte[] generateSak(in byte[] keyId, in byte[] data, in int sakLength);
+
+ /**
+ * Encrypt using KEK key, this is same as aes_wrap with kek.key in wpa_supplicant
+ * which used to wrap a SAK key
+ *
+ * @param keyId is key id to be used for encryption
+ * @param sak is the SAK key (16 or 32 bytes) to be wrapped.
+ *
+ * @return wrapped data using Key Encrypting Key (KEK).
+ */
+ byte[] wrapSak(in byte[] keyId, in byte[] sak);
+
+ /**
+ * Decrypt using KEK key, this is same as aes_unwrap with kek.key in wpa_supplicant
+ * which used to unwrap a SAK key
+ *
+ * @param keyId is key id to be used for decryption
+ * @param sak is wrapped SAK key.
+ *
+ * @return unwrapped data using KEK key.
+ */
+ byte[] unwrapSak(in byte[] keyId, in byte[] sak);
+}
diff --git a/macsec/aidl/android/hardware/macsec/IMacsecPskPlugin.aidl b/macsec/aidl/android/hardware/macsec/IMacsecPskPlugin.aidl
new file mode 100644
index 0000000..a98cfa6
--- /dev/null
+++ b/macsec/aidl/android/hardware/macsec/IMacsecPskPlugin.aidl
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.macsec;
+
+/**
+ * MACSEC (IEEE 802.1AE) pre-shared key plugin for wpa_supplicant
+ *
+ * The goal of this service is to provide function for using the MACSEC CAK
+ *
+ */
+@VintfStability
+interface IMacsecPskPlugin {
+ /**
+ * For xTS test only inject a key to verify implementation correctness, not called in production
+ *
+ * @param keyId is key id to add
+ * @param Connectivity Association Keys (CAK) to set
+ * @param Connectivity Association Key Name (CKN) to set
+ * @throws EX_ILLEGAL_ARGUMENT If CAK size is not 16 or 32 or keyID size not equals to CAK size
+ */
+ void addTestKey(in byte[] keyId, in byte[] CAK, in byte[] CKN);
+
+ /**
+ * Use ICV key do AES CMAC
+ * same as ieee802_1x_icv_aes_cmac in wpa_supplicant
+ *
+ * @param keyId is key id to be used for AES CMAC
+ * @param data, a data pointer to the buffer for calculate the ICV
+ *
+ * @return Integrity check value (ICV).
+ * @throws EX_ILLEGAL_ARGUMENT If keyId does not exist
+ */
+ byte[] calcIcv(in byte[] keyId, in byte[] data);
+
+ /**
+ * KDF with CAK key to generate Secure Association Key (SAK)
+ * same as ieee802_1x_sak_aes_cmac in wpa_supplicant
+ *
+ * @param keyId is key id to be used for KDF
+ * @param data is key seed (random number)
+ * @param sakLength generated SAK length (16 or 32)
+ *
+ * @return Secure Association Key (SAK).
+ * @throws EX_ILLEGAL_ARGUMENT In the following cases:
+ * - If keyId does not exist
+ * - sakLength != 16 or 32
+ * - data length < sakLength
+ */
+ byte[] generateSak(in byte[] keyId, in byte[] data, in int sakLength);
+
+ /**
+ * Encrypt using KEK key, this is same as aes_wrap with kek.key in wpa_supplicant
+ * which used to wrap a SAK key
+ *
+ * @param keyId is key id to be used for encryption
+ * @param sak is the SAK key (16 or 32 bytes) to be wrapped.
+ *
+ * @return wrapped data using Key Encrypting Key (KEK).
+ * @throws EX_ILLEGAL_ARGUMENT In the following cases:
+ * - If keyId does not exist
+ * - sak size eqauls to 0 or not multiples of 8
+ */
+ byte[] wrapSak(in byte[] keyId, in byte[] sak);
+
+ /**
+ * Decrypt using KEK key, this is same as aes_unwrap with kek.key in wpa_supplicant
+ * which used to unwrap a SAK key
+ *
+ * @param keyId is key id to be used for decryption
+ * @param sak is wrapped SAK key.
+ *
+ * @return unwrapped data using KEK key.
+ * @throws EX_ILLEGAL_ARGUMENT In the following cases:
+ * - If keyId does not exist
+ * - sak size <= 8 or not multiples of 8
+ */
+ byte[] unwrapSak(in byte[] keyId, in byte[] sak);
+}
diff --git a/macsec/aidl/default/Android.bp b/macsec/aidl/default/Android.bp
new file mode 100644
index 0000000..7c7346f
--- /dev/null
+++ b/macsec/aidl/default/Android.bp
@@ -0,0 +1,64 @@
+//
+// Copyright (C) 2023 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+cc_binary {
+ name: "android.hardware.macsec-service",
+ init_rc: ["android.hardware.macsec.rc"],
+ vendor: true,
+ relative_install_path: "hw",
+ srcs: [
+ "MacsecPskPlugin.cpp",
+ "service.cpp",
+ ],
+ shared_libs: [
+ "android.hardware.macsec-V1-ndk",
+ "libcrypto",
+ "libbase",
+ "libbinder_ndk",
+ ],
+ vintf_fragments: ["android.hardware.macsec.xml"],
+}
+
+cc_fuzz {
+ name: "android.hardware.macsec@V1-default-service.aidl_fuzzer",
+ vendor: true,
+ srcs: [
+ "MacsecPskPlugin.cpp",
+ "fuzzer/fuzzer.cpp",
+ ],
+ shared_libs: [
+ "android.hardware.macsec-V1-ndk",
+ "libcrypto",
+ "liblog",
+ ],
+ defaults: [
+ "service_fuzzer_defaults",
+ ],
+ fuzz_config: {
+ cc: [
+ "keithmok@google.com",
+ ],
+ },
+}
diff --git a/macsec/aidl/default/MacsecPskPlugin.cpp b/macsec/aidl/default/MacsecPskPlugin.cpp
new file mode 100644
index 0000000..82d2545
--- /dev/null
+++ b/macsec/aidl/default/MacsecPskPlugin.cpp
@@ -0,0 +1,308 @@
+/*
+ * Copyright 2023, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "MacsecPskPlugin.h"
+#include <openssl/cipher.h>
+#include <openssl/mem.h>
+
+#include <android-base/format.h>
+#include <android-base/logging.h>
+
+namespace aidl::android::hardware::macsec {
+
+constexpr auto ok = &ndk::ScopedAStatus::ok;
+
+// vendor should hide the key in TEE/TA
+// CAK key can be either 16 / 32 bytes
+const std::vector<uint8_t> CAK_ID_1 = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
+const std::vector<uint8_t> CAK_KEY_1 = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF};
+std::vector<uint8_t> CKN_1 = {0x31, 0x32, 0x33, 0x34}; // maximum 16 bytes
+
+const std::vector<uint8_t> CAK_ID_2 = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02};
+const std::vector<uint8_t> CAK_KEY_2 = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF};
+std::vector<uint8_t> CKN_2 = {0x35, 0x36, 0x37, 0x38}; // maximum 16 bytes
+
+static ndk::ScopedAStatus resultToStatus(binder_exception_t res, const std::string& msg = "") {
+ if (msg.empty()) {
+ return ndk::ScopedAStatus::fromExceptionCode(res);
+ }
+ return ndk::ScopedAStatus::fromExceptionCodeWithMessage(res, msg.c_str());
+}
+
+static int omac1_aes(CMAC_CTX* ctx, const uint8_t* data, size_t data_len,
+ uint8_t* mac /* 16 bytes */) {
+ size_t outlen;
+
+ // Just reuse same key in ctx
+ if (!CMAC_Reset(ctx)) {
+ return -1;
+ }
+
+ if (!CMAC_Update(ctx, data, data_len)) {
+ return -1;
+ }
+
+ if (!CMAC_Final(ctx, mac, &outlen) || outlen != 16) {
+ return -1;
+ }
+ return 0;
+}
+
+static void put_be16(uint8_t* addr, uint16_t value) {
+ *addr++ = value >> 8;
+ *addr = value & 0xff;
+}
+
+/* IEEE Std 802.1X-2010, 6.2.1 KDF */
+static int aes_kdf(CMAC_CTX* ctx, const char* label, const uint8_t* context, int ctx_bits,
+ int ret_bits, uint8_t* ret) {
+ const int h = 128;
+ const int r = 8;
+ int i, n;
+ int lab_len, ctx_len, ret_len, buf_len;
+ uint8_t* buf;
+
+ lab_len = strlen(label);
+ ctx_len = (ctx_bits + 7) / 8;
+ ret_len = ((ret_bits & 0xffff) + 7) / 8;
+ buf_len = lab_len + ctx_len + 4;
+
+ memset(ret, 0, ret_len);
+
+ n = (ret_bits + h - 1) / h;
+ if (n > ((0x1 << r) - 1)) return -1;
+
+ buf = (uint8_t*)calloc(1, buf_len);
+ if (buf == NULL) return -1;
+
+ memcpy(buf + 1, label, lab_len);
+ memcpy(buf + lab_len + 2, context, ctx_len);
+ put_be16(&buf[buf_len - 2], ret_bits);
+
+ for (i = 0; i < n; i++) {
+ int res;
+
+ buf[0] = (uint8_t)(i + 1);
+ res = omac1_aes(ctx, buf, buf_len, ret);
+ if (res) {
+ free(buf);
+ return -1;
+ }
+ ret = ret + h / 8;
+ }
+ free(buf);
+ return 0;
+}
+
+MacsecPskPlugin::MacsecPskPlugin() {
+ // always make sure ckn is 16 bytes, zero padded
+ CKN_1.resize(16);
+ CKN_2.resize(16);
+
+ addTestKey(CAK_ID_1, CAK_KEY_1, CKN_1);
+ addTestKey(CAK_ID_2, CAK_KEY_2, CKN_2);
+}
+
+MacsecPskPlugin::~MacsecPskPlugin() {
+ for (auto s : mKeys) {
+ OPENSSL_cleanse(&s.kekEncCtx, sizeof(AES_KEY));
+ OPENSSL_cleanse(&s.kekDecCtx, sizeof(AES_KEY));
+ CMAC_CTX_free(s.ickCtx);
+ CMAC_CTX_free(s.cakCtx);
+ }
+}
+
+ndk::ScopedAStatus MacsecPskPlugin::addTestKey(const std::vector<uint8_t>& keyId,
+ const std::vector<uint8_t>& CAK,
+ const std::vector<uint8_t>& CKN) {
+ if (CAK.size() != 16 && CAK.size() != 32) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT, "CAK length must be 16 or 32 bytes");
+ }
+
+ if (keyId.size() != CAK.size()) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key ID must be same as CAK length");
+ }
+
+ std::vector<uint8_t> ckn;
+ ckn = CKN;
+ ckn.resize(16); // make sure it is always zero padded with maximum length of
+ // 16 bytes
+
+ AES_KEY kekEncCtx;
+ AES_KEY kekDecCtx;
+ CMAC_CTX* ickCtx;
+ CMAC_CTX* cakCtx;
+
+ // Create the CAK openssl context
+ cakCtx = CMAC_CTX_new();
+
+ CMAC_Init(cakCtx, CAK.data(), CAK.size(),
+ CAK.size() == 16 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), NULL);
+
+ // derive KEK from CAK (ieee802_1x_kek_aes_cmac)
+ std::vector<uint8_t> kek;
+ kek.resize(CAK.size());
+
+ aes_kdf(cakCtx, "IEEE8021 KEK", (const uint8_t*)ckn.data(), ckn.size() * 8, 8 * kek.size(),
+ kek.data());
+
+ AES_set_encrypt_key(kek.data(), kek.size() << 3, &kekEncCtx);
+ AES_set_decrypt_key(kek.data(), kek.size() << 3, &kekDecCtx);
+
+ // derive ICK from CAK (ieee802_1x_ick_aes_cmac)
+ std::vector<uint8_t> ick;
+ ick.resize(CAK.size());
+
+ aes_kdf(cakCtx, "IEEE8021 ICK", (const uint8_t*)CKN.data(), CKN.size() * 8, 8 * ick.size(),
+ ick.data());
+
+ ickCtx = CMAC_CTX_new();
+
+ CMAC_Init(ickCtx, ick.data(), ick.size(),
+ ick.size() == 16 ? EVP_aes_128_cbc() : EVP_aes_256_cbc(), NULL);
+
+ mKeys.push_back({keyId, kekEncCtx, kekDecCtx, ickCtx, cakCtx});
+
+ return ok();
+}
+
+ndk::ScopedAStatus MacsecPskPlugin::calcIcv(const std::vector<uint8_t>& keyId,
+ const std::vector<uint8_t>& data,
+ std::vector<uint8_t>* out) {
+ CMAC_CTX* ctx = NULL;
+
+ for (auto s : mKeys) {
+ if (s.keyId == keyId) {
+ ctx = s.ickCtx;
+ break;
+ }
+ }
+
+ if (ctx == NULL) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key not exist");
+ }
+
+ out->resize(16);
+ if (omac1_aes(ctx, data.data(), data.size(), out->data()) != 0) {
+ return resultToStatus(EX_SERVICE_SPECIFIC, "Internal error");
+ }
+
+ return ok();
+}
+
+ndk::ScopedAStatus MacsecPskPlugin::generateSak(const std::vector<uint8_t>& keyId,
+ const std::vector<uint8_t>& data,
+ const int sakLength, std::vector<uint8_t>* out) {
+ CMAC_CTX* ctx = NULL;
+
+ if ((sakLength != 16) && (sakLength != 32)) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT, "Invalid SAK length");
+ }
+
+ if (data.size() < sakLength) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT, "Invalid data length");
+ }
+
+ for (auto s : mKeys) {
+ if (s.keyId == keyId) {
+ ctx = s.cakCtx;
+ break;
+ }
+ }
+
+ if (ctx == NULL) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key not exist");
+ }
+
+ out->resize(sakLength);
+
+ if (aes_kdf(ctx, "IEEE8021 SAK", data.data(), data.size() * 8, out->size() * 8, out->data()) !=
+ 0) {
+ return resultToStatus(EX_SERVICE_SPECIFIC, "Internal error");
+ }
+
+ return ok();
+}
+
+ndk::ScopedAStatus MacsecPskPlugin::wrapSak(const std::vector<uint8_t>& keyId,
+ const std::vector<uint8_t>& sak,
+ std::vector<uint8_t>* out) {
+ if (sak.size() == 0 || sak.size() % 8 != 0) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT,
+ "SAK length not multiple of 8 or greater than 0");
+ }
+
+ AES_KEY* ctx = NULL;
+
+ for (auto s : mKeys) {
+ if (s.keyId == keyId) {
+ ctx = &s.kekEncCtx;
+ break;
+ }
+ }
+
+ if (ctx == NULL) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key not exist");
+ }
+
+ out->resize(sak.size() + 8);
+
+ if (AES_wrap_key(ctx, NULL, out->data(), sak.data(), sak.size()) > 0) {
+ return ok();
+ }
+
+ return resultToStatus(EX_SERVICE_SPECIFIC, "Internal error");
+}
+
+ndk::ScopedAStatus MacsecPskPlugin::unwrapSak(const std::vector<uint8_t>& keyId,
+ const std::vector<uint8_t>& sak,
+ std::vector<uint8_t>* out) {
+ if (sak.size() <= 8 || sak.size() % 8 != 0) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT,
+ "SAK length not multiple of 8 or greater than 0");
+ }
+
+ AES_KEY* ctx = NULL;
+
+ for (auto s : mKeys) {
+ if (s.keyId == keyId) {
+ ctx = &s.kekDecCtx;
+ break;
+ }
+ }
+
+ if (ctx == NULL) {
+ return resultToStatus(EX_ILLEGAL_ARGUMENT, "Key not exist");
+ }
+
+ out->resize(sak.size() - 8);
+
+ if (AES_unwrap_key(ctx, NULL, out->data(), sak.data(), sak.size()) > 0) {
+ return ok();
+ }
+
+ return resultToStatus(EX_SERVICE_SPECIFIC, "Internal error");
+}
+
+} // namespace aidl::android::hardware::macsec
diff --git a/macsec/aidl/default/MacsecPskPlugin.h b/macsec/aidl/default/MacsecPskPlugin.h
new file mode 100644
index 0000000..0b056e3
--- /dev/null
+++ b/macsec/aidl/default/MacsecPskPlugin.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2023, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/macsec/BnMacsecPskPlugin.h>
+
+#include <openssl/aes.h>
+#include <openssl/cmac.h>
+
+namespace aidl::android::hardware::macsec {
+
+struct keys {
+ std::vector<uint8_t> keyId;
+ AES_KEY kekEncCtx;
+ AES_KEY kekDecCtx;
+ CMAC_CTX* ickCtx;
+ CMAC_CTX* cakCtx;
+};
+
+class MacsecPskPlugin : public BnMacsecPskPlugin {
+ public:
+ MacsecPskPlugin();
+ ~MacsecPskPlugin();
+ ndk::ScopedAStatus addTestKey(const std::vector<uint8_t>& keyId,
+ const std::vector<uint8_t>& CAK,
+ const std::vector<uint8_t>& CKN) override;
+ ndk::ScopedAStatus calcIcv(const std::vector<uint8_t>& keyId, const std::vector<uint8_t>& data,
+ std::vector<uint8_t>* out) override;
+
+ ndk::ScopedAStatus generateSak(const std::vector<uint8_t>& keyId,
+ const std::vector<uint8_t>& data, const int sakLength,
+ std::vector<uint8_t>* out);
+
+ ndk::ScopedAStatus wrapSak(const std::vector<uint8_t>& keyId, const std::vector<uint8_t>& sak,
+ std::vector<uint8_t>* out) override;
+
+ ndk::ScopedAStatus unwrapSak(const std::vector<uint8_t>& keyId, const std::vector<uint8_t>& sak,
+ std::vector<uint8_t>* out) override;
+
+ private:
+ std::vector<struct keys> mKeys;
+};
+} // namespace aidl::android::hardware::macsec
diff --git a/macsec/aidl/default/android.hardware.macsec.rc b/macsec/aidl/default/android.hardware.macsec.rc
new file mode 100644
index 0000000..0ff0e53
--- /dev/null
+++ b/macsec/aidl/default/android.hardware.macsec.rc
@@ -0,0 +1,3 @@
+service android.hardware.macsec /vendor/bin/hw/android.hardware.macsec-service
+ class early_hal
+ user nobody
diff --git a/macsec/aidl/default/android.hardware.macsec.xml b/macsec/aidl/default/android.hardware.macsec.xml
new file mode 100644
index 0000000..9cf9e5a
--- /dev/null
+++ b/macsec/aidl/default/android.hardware.macsec.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Copyright (C) 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manifest version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.hardware.macsec</name>
+ <version>1</version>
+ <interface>
+ <name>IMacsecPskPlugin</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
+</manifest>
diff --git a/macsec/aidl/default/fuzzer/fuzzer.cpp b/macsec/aidl/default/fuzzer/fuzzer.cpp
new file mode 100644
index 0000000..d912a67
--- /dev/null
+++ b/macsec/aidl/default/fuzzer/fuzzer.cpp
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzbinder/libbinder_ndk_driver.h>
+#include <fuzzer/FuzzedDataProvider.h>
+#include "MacsecPskPlugin.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ std::shared_ptr<aidl::android::hardware::macsec::MacsecPskPlugin> service =
+ ndk::SharedRefBase::make<aidl::android::hardware::macsec::MacsecPskPlugin>();
+ android::fuzzService(service->asBinder().get(), FuzzedDataProvider(data, size));
+
+ return 0;
+}
diff --git a/macsec/aidl/default/service.cpp b/macsec/aidl/default/service.cpp
new file mode 100644
index 0000000..faf3a09
--- /dev/null
+++ b/macsec/aidl/default/service.cpp
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2023, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "MacsecPskPlugin.h"
+
+#include <android-base/logging.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+
+namespace android::hardware::macsec {
+
+using namespace std::string_literals;
+using ::aidl::android::hardware::macsec::MacsecPskPlugin;
+
+extern "C" int main() {
+ base::SetDefaultTag("MacsecPskPlugin");
+ base::SetMinimumLogSeverity(base::VERBOSE);
+
+ LOG(VERBOSE) << "Starting up...";
+ auto service = ndk::SharedRefBase::make<MacsecPskPlugin>();
+ const auto instance = MacsecPskPlugin::descriptor + "/default"s;
+ const auto status = AServiceManager_addService(service->asBinder().get(), instance.c_str());
+ CHECK_EQ(status, STATUS_OK) << "Failed to add service " << instance;
+ LOG(VERBOSE) << "Started successfully!";
+
+ ABinderProcess_joinThreadPool();
+ LOG(FATAL) << "MacsecPskPlugin exited unexpectedly!";
+ return EXIT_FAILURE;
+}
+} // namespace android::hardware::macsec
diff --git a/macsec/aidl/vts/functional/Android.bp b/macsec/aidl/vts/functional/Android.bp
new file mode 100644
index 0000000..0c8f43d
--- /dev/null
+++ b/macsec/aidl/vts/functional/Android.bp
@@ -0,0 +1,48 @@
+//
+// Copyright (C) 2023 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+cc_test {
+ name: "VtsHalMacsecPskPluginV1Test",
+ defaults: [
+ "VtsHalTargetTestDefaults",
+ "use_libaidlvintf_gtest_helper_static",
+ ],
+ cpp_std: "experimental",
+ srcs: [
+ "MacsecAidlTest.cpp",
+ ],
+ shared_libs: [
+ "libbase",
+ "libbinder_ndk",
+ ],
+ static_libs: [
+ "android.hardware.macsec-V1-ndk",
+ "libgmock",
+ ],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
+}
diff --git a/macsec/aidl/vts/functional/MacsecAidlTest.cpp b/macsec/aidl/vts/functional/MacsecAidlTest.cpp
new file mode 100644
index 0000000..e94c049
--- /dev/null
+++ b/macsec/aidl/vts/functional/MacsecAidlTest.cpp
@@ -0,0 +1,142 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <aidl/Gtest.h>
+#include <aidl/Vintf.h>
+#include <aidl/android/hardware/macsec/IMacsecPskPlugin.h>
+#include <android-base/logging.h>
+#include <android/binder_manager.h>
+#include <gtest/gtest.h>
+
+#include <chrono>
+#include <thread>
+
+using aidl::android::hardware::macsec::IMacsecPskPlugin;
+using namespace std::chrono_literals;
+using namespace std::string_literals;
+
+const std::vector<uint8_t> CAK_ID_1 = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01};
+const std::vector<uint8_t> CAK_KEY_1 = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF};
+const std::vector<uint8_t> CKN_1 = {0x31, 0x32, 0x33, 0x34}; // maximum 16 bytes
+const std::vector<uint8_t> SAK_DATA_1 = {0x31, 0x32, 0x33, 0x34, 0x11, 0x12, 0x12, 0x14,
+ 0x31, 0x32, 0x33, 0x34, 0x11, 0x12, 0x12, 0x14};
+const std::vector<uint8_t> SAK_1 = {0x13, 0xD9, 0xEE, 0x5B, 0x26, 0x8B, 0x44, 0xFB,
+ 0x37, 0x63, 0x3D, 0x41, 0xC8, 0xE7, 0x0D, 0x93};
+const std::vector<uint8_t> WRAPPED_SAK_1 = {0x3B, 0x39, 0xAB, 0x4C, 0xD8, 0xDA, 0x2E, 0xC5,
+ 0xD1, 0x38, 0x6A, 0x13, 0x9D, 0xE3, 0x78, 0xD9,
+ 0x93, 0xD2, 0xA0, 0x70, 0x88, 0xCB, 0xF5, 0xEC};
+const std::vector<uint8_t> DATA_1 = {0x31, 0x32, 0x33, 0x34, 0x31, 0x32, 0x34, 0x29,
+ 0x51, 0x52, 0x53, 0x54, 0x51, 0x35, 0x54, 0x59};
+const std::vector<uint8_t> ICV_1 = {0xDF, 0x54, 0xFF, 0xCD, 0xE0, 0xA9, 0x78, 0x10,
+ 0x6B, 0x7B, 0xD2, 0xBF, 0xEF, 0xD9, 0x0C, 0x81};
+
+const std::vector<uint8_t> CAK_ID_2 = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02};
+const std::vector<uint8_t> CAK_KEY_2 = {0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+ 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF};
+const std::vector<uint8_t> CKN_2 = {0x35, 0x36, 0x37, 0x38}; // maximum 16 bytes
+const std::vector<uint8_t> SAK_DATA_2 = {0x31, 0x32, 0x33, 0x34, 0x31, 0x32, 0x33, 0x34,
+ 0x31, 0x32, 0x33, 0x34, 0x31, 0x32, 0x33, 0x34,
+ 0x31, 0x32, 0x33, 0x34, 0x31, 0x32, 0x33, 0x34,
+ 0x31, 0x32, 0x33, 0x34, 0x31, 0x32, 0x33, 0x34};
+const std::vector<uint8_t> SAK_2 = {0x39, 0x09, 0x36, 0x60, 0x18, 0x07, 0x2B, 0x5D,
+ 0xF0, 0x81, 0x81, 0x45, 0xCD, 0x71, 0xC6, 0xBA,
+ 0x1D, 0x2B, 0x87, 0xC4, 0xEF, 0x79, 0x68, 0x82,
+ 0x28, 0xD0, 0x25, 0x86, 0xD3, 0x63, 0xFF, 0x89};
+const std::vector<uint8_t> WRAPPED_SAK_2 = {
+ 0x2f, 0x6a, 0x22, 0x29, 0x68, 0x0e, 0x6e, 0x35, 0x91, 0x64, 0x05, 0x4a, 0x31, 0x8d,
+ 0x35, 0xea, 0x95, 0x85, 0x40, 0xc6, 0xea, 0x55, 0xe5, 0xc5, 0x68, 0x40, 0xae, 0x4d,
+ 0x6f, 0xeb, 0x73, 0xcd, 0x4e, 0x2a, 0x43, 0xb1, 0xda, 0x49, 0x4f, 0x0a};
+const std::vector<uint8_t> DATA_2 = {0x71, 0x82, 0x13, 0x24, 0x31, 0x82, 0xA4, 0x2F,
+ 0x51, 0x52, 0x53, 0x44, 0x21, 0x35, 0x54, 0x59};
+const std::vector<uint8_t> ICV_2 = {0x8D, 0xF1, 0x1D, 0x6E, 0xAC, 0x62, 0xC1, 0x2A,
+ 0xE8, 0xF8, 0x4E, 0xB1, 0x00, 0x45, 0x9A, 0xAD};
+
+class MacsecAidlTest : public ::testing::TestWithParam<std::string> {
+ public:
+ virtual void SetUp() override {
+ android::base::SetDefaultTag("MACSEC_HAL_VTS");
+ android::base::SetMinimumLogSeverity(android::base::VERBOSE);
+ const auto instance = IMacsecPskPlugin::descriptor + "/default"s;
+ mMacsecPskPluginService = IMacsecPskPlugin::fromBinder(
+ ndk::SpAIBinder(AServiceManager_waitForService(instance.c_str())));
+
+ ASSERT_NE(mMacsecPskPluginService, nullptr);
+ auto aidlStatus = mMacsecPskPluginService->addTestKey(CAK_ID_1, CAK_KEY_1, CKN_1);
+ ASSERT_TRUE(aidlStatus.isOk());
+ aidlStatus = mMacsecPskPluginService->addTestKey(CAK_ID_2, CAK_KEY_2, CKN_2);
+ ASSERT_TRUE(aidlStatus.isOk());
+ }
+ virtual void TearDown() override {}
+
+ std::shared_ptr<IMacsecPskPlugin> mMacsecPskPluginService;
+};
+
+TEST_P(MacsecAidlTest, calcIcv) {
+ std::vector<uint8_t> out;
+ auto aidlStatus = mMacsecPskPluginService->calcIcv(CAK_ID_1, DATA_1, &out);
+ ASSERT_TRUE(aidlStatus.isOk()) << "calcIcv KEY 1 failed: " << aidlStatus.getMessage();
+ EXPECT_EQ(out, ICV_1);
+
+ aidlStatus = mMacsecPskPluginService->calcIcv(CAK_ID_2, DATA_2, &out);
+ ASSERT_TRUE(aidlStatus.isOk()) << "calcIcv KEY 2 failed: " << aidlStatus.getMessage();
+ EXPECT_EQ(out, ICV_2);
+}
+
+TEST_P(MacsecAidlTest, generateSak) {
+ std::vector<uint8_t> out;
+ auto aidlStatus = mMacsecPskPluginService->generateSak(CAK_ID_1, SAK_DATA_1, 16, &out);
+ ASSERT_TRUE(aidlStatus.isOk()) << "generateSak KEY 1 failed: " << aidlStatus.getMessage();
+ EXPECT_EQ(out, SAK_1);
+
+ aidlStatus = mMacsecPskPluginService->generateSak(CAK_ID_2, SAK_DATA_2, 32, &out);
+ ASSERT_TRUE(aidlStatus.isOk()) << "generateSak KEY 2 failed: " << aidlStatus.getMessage();
+ EXPECT_EQ(out, SAK_2);
+}
+
+TEST_P(MacsecAidlTest, wrapSak) {
+ std::vector<uint8_t> out;
+ auto aidlStatus = mMacsecPskPluginService->wrapSak(CAK_ID_1, SAK_1, &out);
+ ASSERT_TRUE(aidlStatus.isOk()) << "wrapSak KEY 1 failed: " << aidlStatus.getMessage();
+ EXPECT_EQ(out, WRAPPED_SAK_1);
+
+ aidlStatus = mMacsecPskPluginService->wrapSak(CAK_ID_2, SAK_2, &out);
+ ASSERT_TRUE(aidlStatus.isOk()) << "wrapSak KEY 2 failed: " << aidlStatus.getMessage();
+ EXPECT_EQ(out, WRAPPED_SAK_2);
+}
+
+TEST_P(MacsecAidlTest, unwrapSak) {
+ std::vector<uint8_t> out;
+ auto aidlStatus = mMacsecPskPluginService->unwrapSak(CAK_ID_1, WRAPPED_SAK_1, &out);
+ ASSERT_TRUE(aidlStatus.isOk()) << "unwrapSak KEY 1 failed: " << aidlStatus.getMessage();
+ EXPECT_EQ(out, SAK_1);
+
+ aidlStatus = mMacsecPskPluginService->unwrapSak(CAK_ID_2, WRAPPED_SAK_2, &out);
+ ASSERT_TRUE(aidlStatus.isOk()) << "unwrapSak KEY 2 failed: " << aidlStatus.getMessage();
+ EXPECT_EQ(out, SAK_2);
+}
+
+GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(MacsecAidlTest);
+INSTANTIATE_TEST_SUITE_P(
+ PerInstance, MacsecAidlTest,
+ testing::ValuesIn(android::getAidlHalInstanceNames(IMacsecPskPlugin::descriptor)),
+ android::PrintInstanceNameToString);
diff --git a/macsec/aidl/vts/functional/OWNERS b/macsec/aidl/vts/functional/OWNERS
new file mode 100644
index 0000000..5009a88
--- /dev/null
+++ b/macsec/aidl/vts/functional/OWNERS
@@ -0,0 +1,2 @@
+# Bug component: 533426
+keithmok@google.com
diff --git a/power/aidl/aidl_api/android.hardware.power/current/android/hardware/power/WorkDuration.aidl b/power/aidl/aidl_api/android.hardware.power/current/android/hardware/power/WorkDuration.aidl
index 45013dd..e86cd40 100644
--- a/power/aidl/aidl_api/android.hardware.power/current/android/hardware/power/WorkDuration.aidl
+++ b/power/aidl/aidl_api/android.hardware.power/current/android/hardware/power/WorkDuration.aidl
@@ -36,7 +36,4 @@
parcelable WorkDuration {
long timeStampNanos;
long durationNanos;
- long workPeriodStartTimestampNanos;
- long cpuDurationNanos;
- long gpuDurationNanos;
}
diff --git a/power/aidl/android/hardware/power/WorkDuration.aidl b/power/aidl/android/hardware/power/WorkDuration.aidl
index fcd638b..a06a058 100644
--- a/power/aidl/android/hardware/power/WorkDuration.aidl
+++ b/power/aidl/android/hardware/power/WorkDuration.aidl
@@ -23,30 +23,8 @@
* sample was measured.
*/
long timeStampNanos;
-
/**
- * Total work duration in nanoseconds.
+ * Work duration in nanoseconds.
*/
long durationNanos;
-
- /**
- * Timestamp in nanoseconds based on CLOCK_MONOTONIC when the work starts.
- * The work period start timestamp could be zero if the call is from
- * the legacy SDK/NDK reportActualWorkDuration API.
- */
- long workPeriodStartTimestampNanos;
-
- /**
- * CPU work duration in nanoseconds.
- * The CPU work duration could be the same as the total work duration if
- * the call is from the legacy SDK/NDK reportActualWorkDuration API.
- */
- long cpuDurationNanos;
-
- /**
- * GPU work duration in nanoseconds.
- * The GPU work duration could be zero if the call is from the legacy
- * SDK/NDK reportActualWorkDuration API.
- */
- long gpuDurationNanos;
}
diff --git a/radio/aidl/aidl_api/android.hardware.radio.ims/current/android/hardware/radio/ims/SuggestedAction.aidl b/radio/aidl/aidl_api/android.hardware.radio.ims/current/android/hardware/radio/ims/SuggestedAction.aidl
index 120e7e8..6dbf09d 100644
--- a/radio/aidl/aidl_api/android.hardware.radio.ims/current/android/hardware/radio/ims/SuggestedAction.aidl
+++ b/radio/aidl/aidl_api/android.hardware.radio.ims/current/android/hardware/radio/ims/SuggestedAction.aidl
@@ -38,4 +38,6 @@
NONE,
TRIGGER_PLMN_BLOCK,
TRIGGER_PLMN_BLOCK_WITH_TIMEOUT,
+ TRIGGER_RAT_BLOCK,
+ TRIGGER_CLEAR_RAT_BLOCK,
}
diff --git a/radio/aidl/android/hardware/radio/ims/SuggestedAction.aidl b/radio/aidl/android/hardware/radio/ims/SuggestedAction.aidl
index 443042d..f0e28fc 100644
--- a/radio/aidl/android/hardware/radio/ims/SuggestedAction.aidl
+++ b/radio/aidl/android/hardware/radio/ims/SuggestedAction.aidl
@@ -35,4 +35,18 @@
* management timer value as per the carrier requirements.
*/
TRIGGER_PLMN_BLOCK_WITH_TIMEOUT,
+ /**
+ * Indicates that the IMS registration on current RAT failed multiple times.
+ * The radio shall block the current RAT and search for other available RATs in the
+ * background. If no other RAT is available that meets the carrier requirements, the
+ * radio may remain on the current RAT for internet service. The radio clears all
+ * RATs marked as unavailable if {@link IRadioIms#updateImsRegistrationInfo()} API
+ * with REGISTERED state is invoked.
+ */
+ TRIGGER_RAT_BLOCK,
+ /**
+ * Indicates that the radio clears all RATs marked as unavailable and tries to find
+ * an available RAT that meets the carrier requirements.
+ */
+ TRIGGER_CLEAR_RAT_BLOCK,
}
diff --git a/security/authgraph/aidl/android/hardware/security/authgraph/Arc.cddl b/security/authgraph/aidl/android/hardware/security/authgraph/Arc.cddl
index 4c1b965..0bc39d6 100644
--- a/security/authgraph/aidl/android/hardware/security/authgraph/Arc.cddl
+++ b/security/authgraph/aidl/android/hardware/security/authgraph/Arc.cddl
@@ -28,19 +28,19 @@
? -70003 : int, ; Timestamp in milliseconds since some starting point (generally
; the most recent device boot) which all of the applications within
; the secure domain must agree upon
- ? -70004 : bstr .size 16, ; Nonce used in key exchange methods
+ ? -70004 : bstr .size 16, ; Nonce (a cryptographic random number of 16 bytes) used in key
+ ; exchange methods
? -70005 : PayloadType, ; Payload type, if needed to disambiguate, when processing an arc
? -70006 : int, ; Version of the payload structure (if applicable)
? -70007 : int, ; Sequence number (if needed to prevent replay attacks)
? -70008 : Direction ; Direction of the encryption key (i.e. whether it is used to
; encrypt incoming messages or outgoing messages)
? -70009 : bool, ; "authentication_completed" - this is used during authenticated
- ; key exchange indicate whether signature verification is done
- ? -70010 : bstr .size 32 ; "session_id" computed during key exchange protocol
+ ; key exchange to indicate whether signature verification is done
+ ? -70010 : bstr .size 32 ; "session_id" computed during the key exchange protocol
}
-; Permissions indicate what an arc can be used with. Permissions are added to an arc during the
-; `create()` primitive operation and are propagated during `mint` and `snap` primitive operations.
+; Permissions indicate what an arc can be used with.
Permission = &(
-4770552 : IdentityEncoded, ; "source_id" - in the operations performed by a source, the
; source adds its own identity to the permissions of an arc.
@@ -54,12 +54,10 @@
; biometrics.
)
-; Limitations indicate what restrictions are applied on the usage of an arc. Permissions are added
-; to an arc during the `create` primitive operation and are propagated during `snap` primitive
-; operation.
+; Limitations indicate what restrictions are applied on the usage of an arc.
Limitation = &(
- -4770554 : bstr, ; "challenge" - is added to an arc that transfers an auth key to a channel
- ; key, in order to ensure the freshness of the authentication.
+ -4770554 : bstr, ; "challenge" - is added to an arc that encrypts an auth key from a
+ ; channel key, in order to ensure the freshness of the authentication.
; A challenge is issued by a sink (e.g. Keymint TA, Biometric TAs).
)
@@ -83,7 +81,7 @@
; Any other payload formats should also be defined here
)
-SecretKey = &( ; One of the payload types of an Arc is a secret key
+SecretKey = &(
SymmetricKey,
ECPrivateKey, ; Private key of a key pair generated for key exchange
)
diff --git a/security/authgraph/aidl/android/hardware/security/authgraph/IAuthGraphKeyExchange.aidl b/security/authgraph/aidl/android/hardware/security/authgraph/IAuthGraphKeyExchange.aidl
index 6ceb09c..a3fb959 100644
--- a/security/authgraph/aidl/android/hardware/security/authgraph/IAuthGraphKeyExchange.aidl
+++ b/security/authgraph/aidl/android/hardware/security/authgraph/IAuthGraphKeyExchange.aidl
@@ -41,8 +41,8 @@
interface IAuthGraphKeyExchange {
/**
* This method is invoked on P1 (source).
- * Create an ephermeral EC key pair on NIST curve P-256 and a nonce (of 16 bytes) for
- * key exchange.
+ * Create an ephermeral EC key pair on NIST curve P-256 and a nonce (a cryptographic random
+ * number of 16 bytes) for key exchange.
*
* @return SessionInitiationInfo including the `Key` containing the public key of the created
* key pair and an arc from the per-boot key to the private key, the nonce, the persistent
@@ -52,8 +52,8 @@
* `SessionInitiationInfo` serves two purposes:
* i. A mapping to correlate `create` and `finish` calls to P1 in a particular instance of the
* key exchange protocol.
- * ii.A way to minimize the in-memory storage (P1 can include the nonce in the protected headers
- * of the arc).
+ * ii.A way to minimize the in-memory storage of P1 allocated for key exchange (P1 can include
+ * the nonce in the protected headers of the arc).
* However, P1 should maintain some form of in-memory record to be able to verify that the input
* `Key` sent to `finish` is from an unfinished instance of a key exchange protocol, to prevent
* any replay attacks in `finish`.
@@ -66,9 +66,9 @@
* 0. If either `peerPubKey`, `peerId`, `peerNonce` is not in the expected format, return
* errors: INVALID_PEER_KE_KEY, INVALID_IDENTITY, INVALID_PEER_NONCE respectively.
* 1. Create an ephemeral EC key pair on NIST curve P-256.
- * 2. Create a nonce (of 16 bytes).
- * 3. Compute the diffie-hellman shared secret: Z.
- * 4. Compute a salt = bstr .cbor [
+ * 2. Create a nonce (a cryptographic random number of 16 bytes).
+ * 3. Compute the Diffie-Hellman shared secret: Z.
+ * 4. Compute a salt_input = bstr .cbor [
* source_version: int, ; from input `peerVersion`
* sink_pub_key: bstr .cbor PlainPubKey, ; from step #1
* source_pub_key: bstr .cbor PlainPubKey, ; from input `peerPubKey`
@@ -77,7 +77,8 @@
* sink_cert_chain: bstr .cbor ExplicitKeyDiceCertChain, ; from own identity
* source_cert_chain: bstr .cbor ExplicitKeyDiceCertChain, ; from input `peerId`
* ]
- * 5. Extract a cryptographic secret S from Z, using the salt from #4 above.
+ * 5. Extract a cryptographic secret S from Z, using the SHA256 digest of the salt_input
+ * as the salt.
* 6. Derive two symmetric encryption keys of 256 bits with:
* i. b"KE_ENCRYPTION_KEY_SOURCE_TO_SINK" as context for the key used to encrypt incoming
* messages
@@ -96,28 +97,29 @@
* part of the party's identity.
*
* @param peerPubKey - the public key of the key pair created by the peer (P1) for key exchange
+ * in `create`
*
* @param peerId - the persistent identity of the peer
*
- * @param peerNonce - nonce created by the peer
+ * @param peerNonce - nonce created by the peer in `create`
*
* @param peerVersion - an integer representing the latest protocol version (i.e. AIDL version)
* supported by the peer
*
- * @return KeInitResult including the `Key` containing the public key of the created key pair,
- * the nonce, the persistent identity, two shared key arcs from step #7, session id, signature
- * over the session id and the negotiated protocol version. The negotiated protocol version
- * should be less than or equal to the peer's version.
+ * @return KeInitResult including the `Key` containing the public key of the key pair created in
+ * step #1, the nonce from step #2, the persistent identity of P2, two shared key arcs
+ * from step #7, session id from step #10, signature over the session id from step #11 and the
+ * negotiated protocol version. The negotiated protocol version should be less than or equal to
+ * the `peerVersion`.
*
- * Note: The two shared key arcs in the return type: `KeInitResult` serves two purposes:
+ * Note: The two shared key arcs in the return type: `KeInitResult` serve two purposes:
* i. A mapping to correlate `init` and `authenticationComplete` calls to P2 in a particular
* instance of the key exchange protocol.
* ii.A way to minimize the in-memory storage of P2 allocated for key exchange.
* However, P2 should maintain some in-memory record to be able to verify that the input
- * `sharedkeys` sent to `authenticationComplete` and to any subsequent AuthGraph protocol
- * methods are valid shared keys agreed with the party identified by `peerId`, to prevent
- * any replay attacks in `authenticationComplete` and in any subsequent AuthGraph protocol
- * methods which use the shared keys to encrypt the secret messages.
+ * `sharedkeys` sent to `authenticationComplete` are from an unfinished instance of a key
+ * exchange protocol carried out with the party identified by `peerId`, to prevent any replay
+ * attacks in `authenticationComplete`.
*/
KeInitResult init(
in PubKey peerPubKey, in Identity peerId, in byte[] peerNonce, in int peerVersion);
@@ -133,8 +135,8 @@
* exchange protocol, return error: INVALID_KE_KEY. Similarly, if the public key or the
* arc containing the private key in `ownKey` is invalid, return INVALID_PUB_KEY_IN_KEY
* and INVALID_PRIV_KEY_ARC_IN_KEY respectively.
- * 1. Compute the diffie-hellman shared secret: Z.
- * 2. Compute a salt = bstr .cbor [
+ * 1. Compute the Diffie-Hellman shared secret: Z.
+ * 2. Compute a salt_input = bstr .cbor [
* source_version: int, ; the protocol version used in `create`
* sink_pub_key: bstr .cbor PlainPubKey, ; from input `peerPubKey`
* source_pub_key: bstr .cbor PlainPubKey, ; from the output of `create`
@@ -143,7 +145,8 @@
* sink_cert_chain: bstr .cbor ExplicitKeyDiceCertChain, ; from input `peerId`
* source_cert_chain: bstr .cbor ExplicitKeyDiceCertChain, ; from own identity
* ]
- * 3. Extract a cryptographic secret S from Z, using the salt from #2 above.
+ * 3. Extract a cryptographic secret S from Z, using the SHA256 digest of the salt_input
+ * as the salt.
* 4. Derive two symmetric encryption keys of 256 bits with:
* i. b"KE_ENCRYPTION_KEY_SOURCE_TO_SINK" as context for the key used to encrypt outgoing
* messages
@@ -164,25 +167,26 @@
* part of the party's identity.
*
* @param peerPubKey - the public key of the key pair created by the peer (P2) for key exchange
+ * in `init`
*
* @param peerId - the persistent identity of the peer
*
* @param peerSignature - the signature created by the peer over the session id computed by the
- * peer
+ * peer in `init`
*
- * @param peerNonce - nonce created by the peer
+ * @param peerNonce - nonce created by the peer in `init`
*
* @param peerVersion - an integer representing the protocol version (i.e. AIDL version)
* negotiated with the peer
*
- * @param ownKey - the key created by P1 (source) in `create()` for key exchange
+ * @param ownKey - the key created by P1 (source) in `create` for key exchange
*
- * @return SessionInfo including the two shared key arcs from step #9, session id and the
- * signature over the session id.
+ * @return SessionInfo including the two shared key arcs from step #9, session id from step #7
+ * and the signature over the session id from step #10.
*
- * Note: The two shared key arcs in the return type: `SessionInfo` serves two purposes:
+ * Note: The two shared key arcs in the return type: `SessionInfo` serve two purposes:
* i. A mapping to correlate the key exchange protocol taken place with a particular peer and
- * subsequent AuthGraph protocols execued with the same peer.
+ * subsequent AuthGraph protocols executed with the same peer.
* ii.A way to minimize the in-memory storage for shared keys.
* However, P1 should maintain some in-memory record to be able to verify that the shared key
* arcs sent to any subsequent AuthGraph protocol methods are valid shared keys agreed with the
@@ -196,21 +200,33 @@
* This method is invoked on P2 (sink).
* Perform the following steps:
* 0. If input `sharedKeys` is invalid (i.e. they cannot be decrypted with P2's per-boot key
- * or they are not in P2's in-memory records as valid shared keys agreed with the party
- * identified by `peerId`), return error: INVALID_SHARED_KEY_ARCS.
+ * or they are not in P2's in-memory records for unfinished instances of a key exchange
+ * protocol carried out with the party identified by the identity included in the
+ * `source_id` protected header of the shared key arcs),
+ * return error: INVALID_SHARED_KEY_ARCS.
* 1. Verify that both shared key arcs have the same session id and peer identity.
- * 2. Verify the peer's signature over the session id attached to the shared key arcs'
- * headers. If successful, proceed, otherwise, return error: INVALID_SIGNATURE.
- * 3. Mark authentication_complete = true in the shared key arcs' headers
+ * 2. Verify the `peerSignature` over the session id included in the `session_id` protected
+ * header of the shared key arcs.
+ * If successful, proceed, otherwise, return error: INVALID_SIGNATURE.
+ * 3. Mark authentication_complete = true in the shared key arcs' headers.
*
* @param peerSignature - the signature created by the peer over the session id computed by the
- * peer
+ * peer in `finish`
*
* @param sharedKeys - two shared key arcs created by P2 in `init`. P2 obtains from the arcs'
* protected headers, the session id and the peer's identity to verify the
* peer's signature over the session id.
*
* @return Arc[] - an array of two updated shared key arcs
+ *
+ * Note: The two returned shared key arcs serve two purposes:
+ * i. A mapping to correlate the key exchange protocol taken place with a particular peer and
+ * subsequent AuthGraph protocols executed with the same peer.
+ * ii.A way to minimize the in-memory storage for shared keys.
+ * However, P2 should maintain some in-memory record to be able to verify that the shared key
+ * arcs sent to any subsequent AuthGraph protocol methods are valid shared keys agreed with the
+ * party identified by the identity included in the `source_id` protected header of the shared
+ * key arcs, to prevent any replay attacks.
*/
Arc[2] authenticationComplete(in SessionIdSignature peerSignature, in Arc[2] sharedKeys);
}
diff --git a/security/authgraph/aidl/android/hardware/security/authgraph/SessionInfo.aidl b/security/authgraph/aidl/android/hardware/security/authgraph/SessionInfo.aidl
index ef49a1a..82b8c17 100644
--- a/security/authgraph/aidl/android/hardware/security/authgraph/SessionInfo.aidl
+++ b/security/authgraph/aidl/android/hardware/security/authgraph/SessionInfo.aidl
@@ -26,8 +26,8 @@
@RustDerive(Clone=true, Eq=true, PartialEq=true)
parcelable SessionInfo {
/**
- * The arcs that encrypt the two derived symmetric encryption keys (for two-way communication)
- * from the party's per-boot key.
+ * The arcs that encrypt the two derived symmetric encryption keys (for two-way communication).
+ * The encryption key is the party's per-boot key.
*/
Arc[2] sharedKeys;
diff --git a/security/authgraph/aidl/android/hardware/security/authgraph/SessionInitiationInfo.aidl b/security/authgraph/aidl/android/hardware/security/authgraph/SessionInitiationInfo.aidl
index c630d91..8179ac2 100644
--- a/security/authgraph/aidl/android/hardware/security/authgraph/SessionInitiationInfo.aidl
+++ b/security/authgraph/aidl/android/hardware/security/authgraph/SessionInitiationInfo.aidl
@@ -27,20 +27,22 @@
@RustDerive(Clone=true, Eq=true, PartialEq=true)
parcelable SessionInitiationInfo {
/**
- * An ephemeral EC key created for the ECDH process.
+ * An ephemeral EC key created for the Elliptic-curve Diffie-Hellman (ECDH) process.
*/
Key key;
/**
- * The identity of the party who created the Diffie-Hellman key exchange key.
+ * The identity of the party who creates this `SessionInitiationInfo`.
*/
Identity identity;
/**
- * Nonce value specific to this session. The nonce serves three purposes:
+ * Nonce (a cryptographic random number of 16 bytes) specific to this session.
+ * The nonce serves three purposes:
* 1. freshness of key exchange
* 2. creating a session id (a publicly known value related to the exchanged keys)
- * 3. usage as salt into the HKDF-EXTRACT function during key derivation from the shared DH key
+ * 3. usage as salt into the HKDF-EXTRACT function during key derivation from the Diffie-Hellman
+ * shared secret
*/
byte[] nonce;
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index aa7bf28..be29f59 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -974,8 +974,8 @@
* time in milliseconds. This value is used when generating attestation or self signed
* certificates. ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if
* this tag is not provided to generateKey or importKey. For importWrappedKey, there is no way
- * to specify the value of this tag for the wrapped key, so a value of 0 must be used for
- * certificate generation.
+ * to specify the value of this tag for a wrapped asymmetric key, so a value of 0 is suggested
+ * for certificate generation.
*/
CERTIFICATE_NOT_BEFORE = TagType.DATE | 1008,
@@ -983,8 +983,9 @@
* Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch time in
* milliseconds. This value is used when generating attestation or self signed certificates.
* ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey or
- * importKey. For importWrappedKey, there is no way to specify the value of this tag for the
- * wrapped key, so a value of 253402300799000 is used for certificate generation.
+ * importKey. For importWrappedKey, there is no way to specify the value of this tag for a
+ * wrapped asymmetric key, so a value of 253402300799000 is suggested for certificate
+ * generation.
*/
CERTIFICATE_NOT_AFTER = TagType.DATE | 1009,
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index a8f17dd..d4adab5 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -4123,13 +4123,13 @@
* when the EC_CURVE is not explicitly specified.
*/
TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) {
- if (AidlVersion() < 4) {
+ if (get_vsr_api_level() < __ANDROID_API_V__) {
/*
- * The KeyMint spec before V4 was not clear as to whether EC_CURVE was optional on import of
- * EC keys. However, this was not checked at the time so we can only be strict about
- * checking this for implementations of KeyMint version 4 and above.
+ * The KeyMint spec was previously not clear as to whether EC_CURVE was optional on import
+ * of EC keys. However, this was not checked at the time so we can only be strict about
+ * checking this for implementations at VSR-V or later.
*/
- GTEST_SKIP() << "Skipping EC_CURVE on import only strict since KeyMint v4";
+ GTEST_SKIP() << "Skipping EC_CURVE on import only strict >= VSR-V";
}
ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
diff --git a/security/secretkeeper/aidl/Android.bp b/security/secretkeeper/aidl/Android.bp
new file mode 100644
index 0000000..c77d299
--- /dev/null
+++ b/security/secretkeeper/aidl/Android.bp
@@ -0,0 +1,36 @@
+// Copyright (C) 2023 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+aidl_interface {
+ name: "android.hardware.security.secretkeeper",
+ vendor_available: true,
+ srcs: ["android/hardware/security/secretkeeper/*.aidl"],
+ stability: "vintf",
+ backend: {
+ ndk: {
+ enabled: true,
+ },
+ rust: {
+ enabled: true,
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.virt",
+ ],
+ },
+ },
+}
diff --git a/security/secretkeeper/aidl/aidl_api/android.hardware.security.secretkeeper/current/android/hardware/security/secretkeeper/ISecretkeeper.aidl b/security/secretkeeper/aidl/aidl_api/android.hardware.security.secretkeeper/current/android/hardware/security/secretkeeper/ISecretkeeper.aidl
new file mode 100644
index 0000000..2eb33c5
--- /dev/null
+++ b/security/secretkeeper/aidl/aidl_api/android.hardware.security.secretkeeper/current/android/hardware/security/secretkeeper/ISecretkeeper.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.secretkeeper;
+@VintfStability
+interface ISecretkeeper {
+ byte[] processSecretManagementRequest(in byte[] request);
+}
diff --git a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
new file mode 100644
index 0000000..af715a9
--- /dev/null
+++ b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/ISecretkeeper.aidl
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.secretkeeper;
+
+@VintfStability
+/**
+ * Secretkeeper service definition.
+ *
+ * An ISecretkeeper instance provides secure storage of secrets on behalf of other components in
+ * Android, in particular for protected virtual machine instances. From the perspective of security
+ * privilege, Secretkeeper must be implemented in an environment with privilege higher than any of
+ * its clients. Since AVF based protected Virtual Machines are one set of its clients, the
+ * implementation of ISecretkeeper should live in a secure environment, such as:
+ * - A trusted execution environment such as ARM TrustZone.
+ * - A completely separate, purpose-built and certified secure CPU.
+ *
+ * TODO(b/291224769): Extend the HAL interface to include:
+ * 1. Session setup api: This is used to perform cryptographic operations that allow shared keys to
+ * be exchanged between session participants, typically (but not necessarily) a pVM instance and
+ * Secretkeeper. This session setup is based on public key cryptography.
+ * 2. Dice policy operation - These allow sealing of the secrets with a class of Dice chains.
+ * Typical operations are (securely) updating the dice policy sealing the Secrets above. These
+ * operations are core to AntiRollback protected secrets - ie, ensuring secrets of a pVM are only
+ * accessible to same or higher versions of the images.
+ * 3. Maintenance api: This is required for removing the Secretkeeper entries for obsolete pvMs.
+ */
+interface ISecretkeeper {
+ /**
+ * processSecretManagementRequest method is used for interacting with the Secret Management API
+ *
+ * Secret Management API: The clients can use this API to store (& get) 32 bytes of data.
+ * The API is a CBOR based protocol, which follows request/response model.
+ * See SecretManagement.cddl for the API spec.
+ *
+ * Further, the requests (from client) & responses (from service) must be encrypted into
+ * ProtectedRequestPacket & ProtectedResponsePacket using symmetric keys agreed between
+ * the client & service. This cryptographic protection is required because the messages are
+ * ferried via Android, which is allowed to be outside the TCB of clients (for example protected
+ * Virtual Machines). For this, service (& client) must implement a key exchange protocol, which
+ * is critical for establishing the secure channel.
+ *
+ * Secretkeeper database should guarantee the following properties:
+ * 1. Confidentiality: No entity (of security privilege lower than Secretkeeper) should
+ * be able to get a client's data in clear.
+ *
+ * 2. Integrity: The data is protected against malicious Android OS tampering with database.
+ * ie, if Android (userspace & kernel) tampers with the client's secret, the Secretkeeper
+ * service must be able to detect it & return error when clients requests for their secrets.
+ * Note: the integrity requirements also include Antirollback protection ie, reverting the
+ * database into an old state should be detected.
+ *
+ * 3. The data is persistent across device boot.
+ * Note: Denial of service is not in scope. A malicious Android may be able to delete data,
+ * but for ideal Android, the data should be persistent.
+ *
+ * @param CBOR-encoded ProtectedRequestPacket. See SecretManagement.cddl for its definition.
+ * @return CBOR-encoded ProtectedResponsePacket. See SecretManagement.cddl for its definition
+ */
+ byte[] processSecretManagementRequest(in byte[] request);
+}
diff --git a/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
new file mode 100644
index 0000000..5631937
--- /dev/null
+++ b/security/secretkeeper/aidl/android/hardware/security/secretkeeper/SecretManagement.cddl
@@ -0,0 +1,116 @@
+; CDDL for the Secret Management API.
+; Also see processSecretManagementRequest method in ISecretkeeper.aidl
+
+; ProtectedRequestPacket is used by client for accessing Secret Management API
+; in Secretkeeper service. The service returns ProtectedResponsePacket of the corresponding type.
+
+; ProtectedRequestPacket & ProtectedResponsePacket are encrypted wrappers
+; on RequestPacket & ResponsePacket using symmetric keys agreed between Secretkeeper & clients
+; (these are referred to as KeySourceToSink & KeySinkToSource)
+;
+; The API operation required is encoded using 'Opcode', the arguments using 'Params'
+; and returned values as 'Result'.
+
+ProtectedRequestPacket =
+ ProtectedGetVersionRequest / ProtectedStoreSecretRequest / ProtectedGetSecretRequest
+ProtectedResponsePacket =
+ ProtectedGetVersionResponse / ProtectedStoreSecretResponse / ProtectedGetSecretResponse
+
+ProtectedGetVersionRequest = ProtectedRequestPacket<GetVersionRequestPacket>
+ProtectedGetVersionResponse = ProtectedResponsePacket<GetVersionResponsePacket>
+ProtectedStoreSecretRequest = ProtectedRequestPacket<StoreSecretRequestPacket>
+ProtectedStoreSecretResponse = ProtectedResponsePacket<StoreSecretResponsePacket>
+ProtectedGetSecretRequest = ProtectedRequestPacket<GetSecretRequestPacket>
+ProtectedGetSecretResponse = ProtectedResponsePacket<GetSecretResponsePacket>
+
+GetVersionRequestPacket = RequestPacket<GetVersionOpcode, GetVersionParams>
+GetVersionResponsePacket = ResponsePacket<GetVersionResult>
+StoreSecretRequestPacket = RequestPacket<StoreSecretOpcode, StoreSecretParams>
+StoreSecretResponsePacket = ResponsePacket<StoreSecretResult>
+GetSecretRequestPacket = RequestPacket<GetOpcode, GetSecretParams>
+GetSecretResponsePacket = ResponsePacket<GetSecretResult>
+
+RequestPacket<Opcode, Params> = [
+ Opcode,
+ Params
+]
+ResponsePacket<Result> = ResponsePacketError / ResponsePacketSuccess<Result>
+
+ResponsePacketSuccess = [
+ 0, ; Indicates successful Response
+ result : Result
+]
+ResponsePacketError = [
+ error_code: ErrorCode, ; Indicate the error
+ error_message: tstr ; Additional human-readable context
+]
+
+Opcode = &(
+ GetVersionOpcode: 1, ; Get version of the SecretManagement API
+ StoreSecretOpcode: 2, ; Store a secret
+ GetSecretOpcode: 3, ; Get the secret
+)
+
+GetVersionParams = ()
+GetVersionResult = (version : uint)
+
+StoreSecretParams = (
+ id : bstr .size 64 ; Unique identifier of the secret
+ secret : bstr .size 32,
+ sealing_policy : bstr .cbor DicePolicy, ; See DicePolicy.cddl for definition of DicePolicy
+)
+StoreSecretResult = ()
+
+GetSecretParams = (
+ id : bstr .size 64 ; Unique identifier of the secret
+ ; Use this to update the sealing policy associated with a secret during GetSecret operation.
+ updated_sealing_policy : bstr .cbor DicePolicy / nil,
+)
+GetSecretResult = (secret : bstr .size 32)
+
+
+ProtectedRequestPacket<Payload, Key> = CryptoPayload<Payload, KeySourceToSink>
+ProtectedResponsePacket<Payload, Key> = ProtectedResponseError
+ / ProtectedResponseSuccess<Payload>
+
+ProtectedResponseSuccess<Payload> = [
+ 0, ; Indicates successful crypto operations. Note: Payload
+ ; may contain Error from functional layer.
+ message: CryptoPayload<Payload, KeySinkToSource> ; message is the encrypted payload
+]
+
+ProtectedResponseError = [
+ error_code: CryptoErrorCode, ; Indicates the error. This is in cleartext & will be
+ ; visible to Android. These are errors from crypto
+ ; layer & indicates the request could not even be read
+ message: tstr ; Additional human-readable context
+]
+
+CryptoPayload<Payload, Key> = [ ; COSE_Encrypt0 (untagged), [RFC 9052 s5.2]
+ protected: bstr .cbor {
+ 1 : 3, ; Algorithm: AES-GCM mode w/ 256-bit key, 128-bit tag
+ 4 : bstr ; key identifier, uniquely identifies the session
+ ; TODO(b/291228560): Refer to the Key Exchange spec.
+ },
+ unprotected: {
+ 5 : bstr .size 12 ; IV
+ },
+ ciphertext : bstr ; AES-GCM-256(Key, bstr .cbor Payload)
+ ; AAD for the encryption is CBOR-serialized
+ ; Enc_structure (RFC 9052 s5.3) with empty external_aad.
+]
+
+; TODO(b/291224769): Create a more exhaustive set of CryptoErrorCode
+CryptoErrorCode = &(
+ CryptoErrorCode_SessionExpired: 1,
+)
+
+; TODO(b/291224769): Create a more exhaustive set of ErrorCodes
+ErrorCode = &(
+ ; Use this as if no other error code can be used.
+ ErrorCode_UnexpectedServerError: 1,
+ ; Indicate the Request was malformed & hence couldnt be served.
+ ErrorCode_RequestMalformed: 2,
+)
+
+; INCLUDE DicePolicy.cddl for: DicePolicy
\ No newline at end of file
diff --git a/security/secretkeeper/aidl/vts/Android.bp b/security/secretkeeper/aidl/vts/Android.bp
new file mode 100644
index 0000000..6818298
--- /dev/null
+++ b/security/secretkeeper/aidl/vts/Android.bp
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_test {
+ name: "VtsSecretkeeperTargetTest",
+ srcs: ["secretkeeper_test_client.rs"],
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
+ rustlibs: [
+ "libsecretkeeper_comm_nostd",
+ "android.hardware.security.secretkeeper-V1-rust",
+ "libbinder_rs",
+ "liblog_rust",
+ ],
+ require_root: true,
+}
diff --git a/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs b/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
new file mode 100644
index 0000000..28923f7
--- /dev/null
+++ b/security/secretkeeper/aidl/vts/secretkeeper_test_client.rs
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#[cfg(test)]
+use binder::StatusCode;
+use log::warn;
+use secretkeeper_comm::data_types::error::SecretkeeperError;
+use secretkeeper_comm::data_types::request::Request;
+use secretkeeper_comm::data_types::request_response_impl::{
+ GetVersionRequest, GetVersionResponse,
+};
+use secretkeeper_comm::data_types::response::Response;
+use secretkeeper_comm::data_types::packet::{ResponsePacket, ResponseType};
+use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::ISecretkeeper;
+
+const SECRETKEEPER_IDENTIFIER: &str =
+ "android.hardware.security.secretkeeper.ISecretkeeper/nonsecure";
+const CURRENT_VERSION: u64 = 1;
+
+fn get_connection() -> Option<binder::Strong<dyn ISecretkeeper>> {
+ match binder::get_interface(SECRETKEEPER_IDENTIFIER) {
+ Ok(sk) => Some(sk),
+ Err(StatusCode::NAME_NOT_FOUND) => None,
+ Err(e) => {
+ panic!(
+ "unexpected error while fetching connection to Secretkeeper {:?}",
+ e
+ );
+ }
+ }
+}
+
+// TODO(b/2797757): Add tests that match different HAL defined objects (like request/response)
+// with expected bytes.
+
+#[test]
+fn secret_management_get_version() {
+ let secretkeeper = match get_connection() {
+ Some(sk) => sk,
+ None => {
+ warn!("Secretkeeper HAL is unavailable, skipping test");
+ return;
+ }
+ };
+ let request = GetVersionRequest {};
+ let request_packet = request.serialize_to_packet();
+ let request_bytes = request_packet.into_bytes().unwrap();
+
+ // TODO(b/291224769) The request will need to be encrypted & response need to be decrypted
+ // with key & related artifacts pre-shared via Authgraph Key Exchange HAL.
+
+ let response_bytes = secretkeeper
+ .processSecretManagementRequest(&request_bytes)
+ .unwrap();
+
+ let response_packet = ResponsePacket::from_bytes(&response_bytes).unwrap();
+ assert_eq!(
+ response_packet.response_type().unwrap(),
+ ResponseType::Success
+ );
+ let get_version_response =
+ *GetVersionResponse::deserialize_from_packet(response_packet).unwrap();
+ assert_eq!(get_version_response.version(), CURRENT_VERSION);
+}
+
+#[test]
+fn secret_management_malformed_request() {
+ let secretkeeper = match get_connection() {
+ Some(sk) => sk,
+ None => {
+ warn!("Secretkeeper HAL is unavailable, skipping test");
+ return;
+ }
+ };
+ let request = GetVersionRequest {};
+ let request_packet = request.serialize_to_packet();
+ let mut request_bytes = request_packet.into_bytes().unwrap();
+
+ // Deform the request
+ request_bytes[0] = !request_bytes[0];
+
+ // TODO(b/291224769) The request will need to be encrypted & response need to be decrypted
+ // with key & related artifacts pre-shared via Authgraph Key Exchange HAL.
+
+ let response_bytes = secretkeeper
+ .processSecretManagementRequest(&request_bytes)
+ .unwrap();
+
+ let response_packet = ResponsePacket::from_bytes(&response_bytes).unwrap();
+ assert_eq!(
+ response_packet.response_type().unwrap(),
+ ResponseType::Error
+ );
+ let err = *SecretkeeperError::deserialize_from_packet(response_packet).unwrap();
+ assert_eq!(err, SecretkeeperError::RequestMalformed);
+}
diff --git a/security/secretkeeper/default/Android.bp b/security/secretkeeper/default/Android.bp
new file mode 100644
index 0000000..1c39fa6
--- /dev/null
+++ b/security/secretkeeper/default/Android.bp
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_binary {
+ name: "android.hardware.security.secretkeeper-service.nonsecure",
+ relative_install_path: "hw",
+ vendor: true,
+ init_rc: ["secretkeeper.rc"],
+ vintf_fragments: ["secretkeeper.xml"],
+ rustlibs: [
+ "android.hardware.security.secretkeeper-V1-rust",
+ "libandroid_logger",
+ "libbinder_rs",
+ "liblog_rust",
+ "libsecretkeeper_comm_nostd",
+ ],
+ srcs: [
+ "src/main.rs",
+ ],
+}
diff --git a/security/secretkeeper/default/secretkeeper.rc b/security/secretkeeper/default/secretkeeper.rc
new file mode 100644
index 0000000..f39f9b7
--- /dev/null
+++ b/security/secretkeeper/default/secretkeeper.rc
@@ -0,0 +1,5 @@
+service vendor.secretkeeper /vendor/bin/hw/android.hardware.security.secretkeeper-service.nonsecure
+ interface aidl android.hardware.security.secretkeeper.ISecretkeeper/nonsecure
+ class hal
+ user nobody
+ group nobody
diff --git a/security/secretkeeper/default/secretkeeper.xml b/security/secretkeeper/default/secretkeeper.xml
new file mode 100644
index 0000000..40aebe0
--- /dev/null
+++ b/security/secretkeeper/default/secretkeeper.xml
@@ -0,0 +1,28 @@
+<manifest version="1.0" type="device">
+<!--
+/*
+** Copyright 2022, The Android Open Source Project.
+**
+** Licensed under the Apache License, Version 2.0 (the "License");
+** you may not use this file except in compliance with the License.
+** You may obtain a copy of the License at
+**
+** http://www.apache.org/licenses/LICENSE-2.0
+**
+** Unless required by applicable law or agreed to in writing, software
+** distributed under the License is distributed on an "AS IS" BASIS,
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+** See the License for the specific language governing permissions and
+** limitations under the License.
+*/
+-->
+
+ <hal format="aidl">
+ <name>android.hardware.security.secretkeeper</name>
+ <version>1</version>
+ <interface>
+ <name>ISecretkeeper</name>
+ <instance>nonsecure</instance>
+ </interface>
+ </hal>
+</manifest>
diff --git a/security/secretkeeper/default/src/main.rs b/security/secretkeeper/default/src/main.rs
new file mode 100644
index 0000000..2d367c5
--- /dev/null
+++ b/security/secretkeeper/default/src/main.rs
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+use binder::{BinderFeatures, Interface};
+use log::{error, info, Level};
+use secretkeeper_comm::data_types::error::SecretkeeperError;
+use secretkeeper_comm::data_types::packet::{RequestPacket, ResponsePacket};
+use secretkeeper_comm::data_types::request::Request;
+use secretkeeper_comm::data_types::request_response_impl::{
+ GetVersionRequest, GetVersionResponse, Opcode,
+};
+use secretkeeper_comm::data_types::response::Response;
+
+use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::{
+ BnSecretkeeper, BpSecretkeeper, ISecretkeeper,
+};
+
+const CURRENT_VERSION: u64 = 1;
+
+#[derive(Debug, Default)]
+pub struct NonSecureSecretkeeper;
+
+impl Interface for NonSecureSecretkeeper {}
+
+impl ISecretkeeper for NonSecureSecretkeeper {
+ fn processSecretManagementRequest(&self, request: &[u8]) -> binder::Result<Vec<u8>> {
+ Ok(self.process_opaque_request(request))
+ }
+}
+
+impl NonSecureSecretkeeper {
+ // A set of requests to Secretkeeper are 'opaque' - encrypted bytes with inner structure
+ // described by CDDL. They need to be decrypted, deserialized and processed accordingly.
+ fn process_opaque_request(&self, request: &[u8]) -> Vec<u8> {
+ // TODO(b/291224769) The request will need to be decrypted & response need to be encrypted
+ // with key & related artifacts pre-shared via Authgraph Key Exchange HAL.
+ self.process_opaque_request_unhandled_error(request)
+ .unwrap_or_else(
+ // SecretkeeperError is also a valid 'Response', serialize to a response packet.
+ |sk_err| {
+ Response::serialize_to_packet(&sk_err)
+ .into_bytes()
+ .expect("Panicking due to serialization failing")
+ },
+ )
+ }
+
+ fn process_opaque_request_unhandled_error(
+ &self,
+ request: &[u8],
+ ) -> Result<Vec<u8>, SecretkeeperError> {
+ let request_packet = RequestPacket::from_bytes(request).map_err(|e| {
+ error!("Failed to get Request packet from bytes: {:?}", e);
+ SecretkeeperError::RequestMalformed
+ })?;
+ let response_packet = match request_packet
+ .opcode()
+ .map_err(|_| SecretkeeperError::RequestMalformed)?
+ {
+ Opcode::GetVersion => Self::process_get_version_request(request_packet)?,
+ _ => todo!("TODO(b/291224769): Unimplemented operations"),
+ };
+
+ response_packet
+ .into_bytes()
+ .map_err(|_| SecretkeeperError::UnexpectedServerError)
+ }
+
+ fn process_get_version_request(
+ request: RequestPacket,
+ ) -> Result<ResponsePacket, SecretkeeperError> {
+ // Deserialization really just verifies the structural integrity of the request such
+ // as args being empty.
+ let _request = GetVersionRequest::deserialize_from_packet(request)
+ .map_err(|_| SecretkeeperError::RequestMalformed)?;
+ let response = GetVersionResponse::new(CURRENT_VERSION);
+ Ok(response.serialize_to_packet())
+ }
+}
+
+fn main() {
+ // Initialize Android logging.
+ android_logger::init_once(
+ android_logger::Config::default()
+ .with_tag("NonSecureSecretkeeper")
+ .with_min_level(Level::Info)
+ .with_log_id(android_logger::LogId::System),
+ );
+ // Redirect panic messages to logcat.
+ std::panic::set_hook(Box::new(|panic_info| {
+ error!("{}", panic_info);
+ }));
+
+ let service = NonSecureSecretkeeper::default();
+ let service_binder = BnSecretkeeper::new_binder(service, BinderFeatures::default());
+ let service_name = format!(
+ "{}/nonsecure",
+ <BpSecretkeeper as ISecretkeeper>::get_descriptor()
+ );
+ binder::add_service(&service_name, service_binder.as_binder()).unwrap_or_else(|e| {
+ panic!(
+ "Failed to register service {} because of {:?}.",
+ service_name, e
+ );
+ });
+ info!("Registered Binder service, joining threadpool.");
+ binder::ProcessState::join_thread_pool();
+}
diff --git a/tv/tuner/aidl/default/Demux.cpp b/tv/tuner/aidl/default/Demux.cpp
index 34e3442..de94467 100644
--- a/tv/tuner/aidl/default/Demux.cpp
+++ b/tv/tuner/aidl/default/Demux.cpp
@@ -53,6 +53,9 @@
Demux::~Demux() {
ALOGV("%s", __FUNCTION__);
+ if (mDemuxIptvReadThread.joinable()) {
+ mDemuxIptvReadThread.join();
+ }
close();
}
@@ -114,16 +117,26 @@
}
}
-void Demux::readIptvThreadLoop(dtv_plugin* interface, dtv_streamer* streamer, void* buf,
- size_t buf_size, int timeout_ms, int buffer_timeout) {
+void Demux::setIptvThreadRunning(bool isIptvThreadRunning) {
+ std::unique_lock<std::mutex> lock(mIsIptvThreadRunningMutex);
+ mIsIptvReadThreadRunning = isIptvThreadRunning;
+ mIsIptvThreadRunningCv.notify_all();
+}
+
+void Demux::readIptvThreadLoop(dtv_plugin* interface, dtv_streamer* streamer, size_t buf_size,
+ int timeout_ms, int buffer_timeout) {
Timer *timer, *fullBufferTimer;
- while (mDemuxIptvReadThreadRunning) {
+ while (true) {
+ std::unique_lock<std::mutex> lock(mIsIptvThreadRunningMutex);
+ mIsIptvThreadRunningCv.wait(lock, [this] { return mIsIptvReadThreadRunning; });
if (mIsIptvDvrFMQFull && fullBufferTimer->get_elapsed_time_ms() > buffer_timeout) {
ALOGE("DVR FMQ has not been flushed within timeout of %d ms", buffer_timeout);
delete fullBufferTimer;
break;
}
timer = new Timer();
+ void* buf = malloc(sizeof(char) * IPTV_BUFFER_SIZE);
+ if (buf == nullptr) ALOGI("Buffer allocation failed");
ssize_t bytes_read = interface->read_stream(streamer, buf, buf_size, timeout_ms);
if (bytes_read == 0) {
double elapsed_time = timer->get_elapsed_time_ms();
@@ -157,8 +170,9 @@
default:
ALOGI("Invalid DVR Status");
}
+
+ free(buf);
}
- mDemuxIptvReadThreadRunning = false;
}
::ndk::ScopedAStatus Demux::setFrontendDataSource(int32_t in_frontendId) {
@@ -216,17 +230,8 @@
// while thread is alive, keep reading data
int timeout_ms = 20;
int buffer_timeout = 10000; // 10s
- void* buf = malloc(sizeof(char) * IPTV_BUFFER_SIZE);
- if (buf == nullptr) ALOGI("malloc buf failed");
- ALOGI("[ INFO ] Allocated buffer of size %d", IPTV_BUFFER_SIZE);
- ALOGI("Getting FMQ from DVR instance to write socket data");
- mDemuxIptvReadThreadRunning = true;
mDemuxIptvReadThread = std::thread(&Demux::readIptvThreadLoop, this, interface, streamer,
- buf, IPTV_BUFFER_SIZE, timeout_ms, buffer_timeout);
- if (mDemuxIptvReadThread.joinable()) {
- mDemuxIptvReadThread.join();
- }
- free(buf);
+ IPTV_BUFFER_SIZE, timeout_ms, buffer_timeout);
}
return ::ndk::ScopedAStatus::ok();
}
diff --git a/tv/tuner/aidl/default/Demux.h b/tv/tuner/aidl/default/Demux.h
index a23063f..ad7b7a7 100644
--- a/tv/tuner/aidl/default/Demux.h
+++ b/tv/tuner/aidl/default/Demux.h
@@ -103,7 +103,7 @@
void setIsRecording(bool isRecording);
bool isRecording();
void startFrontendInputLoop();
- void readIptvThreadLoop(dtv_plugin* interface, dtv_streamer* streamer, void* buf, size_t size,
+ void readIptvThreadLoop(dtv_plugin* interface, dtv_streamer* streamer, size_t size,
int timeout_ms, int buffer_timeout);
/**
@@ -124,6 +124,11 @@
void setInUse(bool inUse);
void setTunerService(std::shared_ptr<Tuner> tuner);
+ /**
+ * Setter for IPTV Reading thread
+ */
+ void setIptvThreadRunning(bool isIptvThreadRunning);
+
private:
// Tuner service
std::shared_ptr<Tuner> mTuner;
@@ -196,10 +201,16 @@
* If a specific filter's writing loop is still running
*/
std::atomic<bool> mFrontendInputThreadRunning;
- std::atomic<bool> mDemuxIptvReadThreadRunning;
std::atomic<bool> mKeepFetchingDataFromFrontend;
/**
+ * Controls IPTV reading thread status
+ */
+ bool mIsIptvReadThreadRunning;
+ std::mutex mIsIptvThreadRunningMutex;
+ std::condition_variable mIsIptvThreadRunningCv;
+
+ /**
* If the dvr recording is running.
*/
bool mIsRecording = false;
diff --git a/tv/tuner/aidl/default/Filter.cpp b/tv/tuner/aidl/default/Filter.cpp
index d8f5dd5..212d329 100644
--- a/tv/tuner/aidl/default/Filter.cpp
+++ b/tv/tuner/aidl/default/Filter.cpp
@@ -328,6 +328,8 @@
std::vector<DemuxFilterEvent> events;
mFilterCount += 1;
+ mDemux->setIptvThreadRunning(true);
+
// All the filter event callbacks in start are for testing purpose.
switch (mType.mainType) {
case DemuxFilterMainType::TS:
@@ -365,6 +367,9 @@
ALOGV("%s", __FUNCTION__);
mFilterCount -= 1;
+ if (mFilterCount == 0) {
+ mDemux->setIptvThreadRunning(false);
+ }
mFilterThreadRunning = false;
if (mFilterThread.joinable()) {
diff --git a/tv/tuner/aidl/default/Frontend.cpp b/tv/tuner/aidl/default/Frontend.cpp
index 6bdbac5..57ed1ba 100644
--- a/tv/tuner/aidl/default/Frontend.cpp
+++ b/tv/tuner/aidl/default/Frontend.cpp
@@ -34,6 +34,8 @@
mTuner = nullptr;
// Init callback to nullptr
mCallback = nullptr;
+ mIptvPluginInterface = nullptr;
+ mIptvPluginStreamer = nullptr;
switch (mType) {
case FrontendType::ISDBS: {
@@ -215,7 +217,7 @@
void Frontend::readTuneByte(dtv_streamer* streamer, void* buf, size_t buf_size, int timeout_ms) {
ssize_t bytes_read = mIptvPluginInterface->read_stream(streamer, buf, buf_size, timeout_ms);
- if (bytes_read == 0) {
+ if (bytes_read <= 0) {
ALOGI("[ ERROR ] Tune byte couldn't be read.");
return;
}
diff --git a/wifi/supplicant/aidl/aidl_api/android.hardware.wifi.supplicant/current/android/hardware/wifi/supplicant/ISupplicantP2pIfaceCallback.aidl b/wifi/supplicant/aidl/aidl_api/android.hardware.wifi.supplicant/current/android/hardware/wifi/supplicant/ISupplicantP2pIfaceCallback.aidl
index 80d8546..8aa593f 100644
--- a/wifi/supplicant/aidl/aidl_api/android.hardware.wifi.supplicant/current/android/hardware/wifi/supplicant/ISupplicantP2pIfaceCallback.aidl
+++ b/wifi/supplicant/aidl/aidl_api/android.hardware.wifi.supplicant/current/android/hardware/wifi/supplicant/ISupplicantP2pIfaceCallback.aidl
@@ -45,6 +45,9 @@
oneway void onGroupStarted(in String groupIfname, in boolean isGroupOwner, in byte[] ssid, in int frequency, in byte[] psk, in String passphrase, in byte[] goDeviceAddress, in boolean isPersistent);
oneway void onInvitationReceived(in byte[] srcAddress, in byte[] goDeviceAddress, in byte[] bssid, in int persistentNetworkId, in int operatingFrequency);
oneway void onInvitationResult(in byte[] bssid, in android.hardware.wifi.supplicant.P2pStatusCode status);
+ /**
+ * @deprecated This callback is deprecated from AIDL v3, newer HAL should call onProvisionDiscoveryCompletedEvent.
+ */
oneway void onProvisionDiscoveryCompleted(in byte[] p2pDeviceAddress, in boolean isRequest, in android.hardware.wifi.supplicant.P2pProvDiscStatusCode status, in android.hardware.wifi.supplicant.WpsConfigMethods configMethods, in String generatedPin);
oneway void onR2DeviceFound(in byte[] srcAddress, in byte[] p2pDeviceAddress, in byte[] primaryDeviceType, in String deviceName, in android.hardware.wifi.supplicant.WpsConfigMethods configMethods, in byte deviceCapabilities, in android.hardware.wifi.supplicant.P2pGroupCapabilityMask groupCapabilities, in byte[] wfdDeviceInfo, in byte[] wfdR2DeviceInfo);
oneway void onServiceDiscoveryResponse(in byte[] srcAddress, in char updateIndicator, in byte[] tlvs);
@@ -61,4 +64,5 @@
oneway void onGroupStartedWithParams(in android.hardware.wifi.supplicant.P2pGroupStartedEventParams groupStartedEventParams);
oneway void onPeerClientJoined(in android.hardware.wifi.supplicant.P2pPeerClientJoinedEventParams clientJoinedEventParams);
oneway void onPeerClientDisconnected(in android.hardware.wifi.supplicant.P2pPeerClientDisconnectedEventParams clientDisconnectedEventParams);
+ oneway void onProvisionDiscoveryCompletedEvent(in android.hardware.wifi.supplicant.P2pProvisionDiscoveryCompletedEventParams provisionDiscoveryCompletedEventParams);
}
diff --git a/wifi/supplicant/aidl/aidl_api/android.hardware.wifi.supplicant/current/android/hardware/wifi/supplicant/P2pProvisionDiscoveryCompletedEventParams.aidl b/wifi/supplicant/aidl/aidl_api/android.hardware.wifi.supplicant/current/android/hardware/wifi/supplicant/P2pProvisionDiscoveryCompletedEventParams.aidl
new file mode 100644
index 0000000..587c7c6
--- /dev/null
+++ b/wifi/supplicant/aidl/aidl_api/android.hardware.wifi.supplicant/current/android/hardware/wifi/supplicant/P2pProvisionDiscoveryCompletedEventParams.aidl
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.wifi.supplicant;
+@VintfStability
+parcelable P2pProvisionDiscoveryCompletedEventParams {
+ byte[6] p2pDeviceAddress;
+ boolean isRequest;
+ android.hardware.wifi.supplicant.P2pProvDiscStatusCode status;
+ android.hardware.wifi.supplicant.WpsConfigMethods configMethods;
+ String generatedPin;
+ String groupInterfaceName;
+}
diff --git a/wifi/supplicant/aidl/android/hardware/wifi/supplicant/ISupplicantP2pIfaceCallback.aidl b/wifi/supplicant/aidl/android/hardware/wifi/supplicant/ISupplicantP2pIfaceCallback.aidl
index 810fe48..8befc0d 100644
--- a/wifi/supplicant/aidl/android/hardware/wifi/supplicant/ISupplicantP2pIfaceCallback.aidl
+++ b/wifi/supplicant/aidl/android/hardware/wifi/supplicant/ISupplicantP2pIfaceCallback.aidl
@@ -21,6 +21,7 @@
import android.hardware.wifi.supplicant.P2pPeerClientDisconnectedEventParams;
import android.hardware.wifi.supplicant.P2pPeerClientJoinedEventParams;
import android.hardware.wifi.supplicant.P2pProvDiscStatusCode;
+import android.hardware.wifi.supplicant.P2pProvisionDiscoveryCompletedEventParams;
import android.hardware.wifi.supplicant.P2pStatusCode;
import android.hardware.wifi.supplicant.WpsConfigMethods;
import android.hardware.wifi.supplicant.WpsDevPasswordId;
@@ -144,6 +145,9 @@
/**
* Used to indicate the completion of a P2P provision discovery request.
+ * <p>
+ * @deprecated This callback is deprecated from AIDL v3, newer HAL should call
+ * onProvisionDiscoveryCompletedEvent.
*
* @param p2pDeviceAddress P2P device address.
* @param isRequest Whether we received or sent the provision discovery.
@@ -275,4 +279,13 @@
*/
void onPeerClientDisconnected(
in P2pPeerClientDisconnectedEventParams clientDisconnectedEventParams);
+
+ /**
+ * Used to indicate the completion of a P2P provision discovery request.
+ *
+ * @param provisionDiscoveryCompletedEventParams Parameters associated with
+ * P2P provision discovery frame notification.
+ */
+ void onProvisionDiscoveryCompletedEvent(
+ in P2pProvisionDiscoveryCompletedEventParams provisionDiscoveryCompletedEventParams);
}
diff --git a/wifi/supplicant/aidl/android/hardware/wifi/supplicant/P2pProvisionDiscoveryCompletedEventParams.aidl b/wifi/supplicant/aidl/android/hardware/wifi/supplicant/P2pProvisionDiscoveryCompletedEventParams.aidl
new file mode 100644
index 0000000..7fa7f22
--- /dev/null
+++ b/wifi/supplicant/aidl/android/hardware/wifi/supplicant/P2pProvisionDiscoveryCompletedEventParams.aidl
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.wifi.supplicant;
+
+import android.hardware.wifi.supplicant.P2pProvDiscStatusCode;
+import android.hardware.wifi.supplicant.WpsConfigMethods;
+
+/**
+ * Parameters passed as a part of P2P provision discovery frame notification.
+ */
+@VintfStability
+parcelable P2pProvisionDiscoveryCompletedEventParams {
+ /**
+ * P2P device interface MAC address of the device who sent the request or responded to our
+ * request.
+ */
+ byte[6] p2pDeviceAddress;
+ /** True if this is a request, false if this is a response. */
+ boolean isRequest;
+ /** Status of the provision discovery */
+ P2pProvDiscStatusCode status;
+ /** Mask of WPS configuration methods supported */
+ WpsConfigMethods configMethods;
+ /** 8-digit pin generated */
+ String generatedPin;
+ /**
+ * Interface name of this device group owner. (For ex: p2p-p2p0-1)
+ * This field is filled only when the provision discovery request is received
+ * with P2P Group ID attribute. i.e., when the peer device is joining this
+ * device operating P2P group.
+ * Refer to WFA Wi-Fi_Direct_Specification_v1.9 section 3.2.1 for more details.
+ */
+ String groupInterfaceName;
+}
diff --git a/wifi/supplicant/aidl/vts/functional/supplicant_p2p_iface_aidl_test.cpp b/wifi/supplicant/aidl/vts/functional/supplicant_p2p_iface_aidl_test.cpp
index d3dd2e0..0db1653 100644
--- a/wifi/supplicant/aidl/vts/functional/supplicant_p2p_iface_aidl_test.cpp
+++ b/wifi/supplicant/aidl/vts/functional/supplicant_p2p_iface_aidl_test.cpp
@@ -41,6 +41,7 @@
using aidl::android::hardware::wifi::supplicant::P2pPeerClientDisconnectedEventParams;
using aidl::android::hardware::wifi::supplicant::P2pPeerClientJoinedEventParams;
using aidl::android::hardware::wifi::supplicant::P2pProvDiscStatusCode;
+using aidl::android::hardware::wifi::supplicant::P2pProvisionDiscoveryCompletedEventParams;
using aidl::android::hardware::wifi::supplicant::P2pStatusCode;
using aidl::android::hardware::wifi::supplicant::SupplicantStatusCode;
using aidl::android::hardware::wifi::supplicant::WpsConfigMethods;
@@ -193,6 +194,11 @@
override {
return ndk::ScopedAStatus::ok();
}
+ ::ndk::ScopedAStatus onProvisionDiscoveryCompletedEvent(
+ const P2pProvisionDiscoveryCompletedEventParams&
+ /* provisionDiscoveryCompletedEventParams */) override {
+ return ndk::ScopedAStatus::ok();
+ }
};
class SupplicantP2pIfaceAidlTest : public testing::TestWithParam<std::string> {