Merge "vts: Added support for ATSC Frontend types"
diff --git a/automotive/vehicle/2.0/default/impl/vhal_v2_0/DefaultConfig.h b/automotive/vehicle/2.0/default/impl/vhal_v2_0/DefaultConfig.h
index 9edd2bd..edc8949 100644
--- a/automotive/vehicle/2.0/default/impl/vhal_v2_0/DefaultConfig.h
+++ b/automotive/vehicle/2.0/default/impl/vhal_v2_0/DefaultConfig.h
@@ -1118,6 +1118,19 @@
},
.initialValue = {.stringValue = {"Test"}},
},
+ // This property is later defined in the AIDL VHAL interface. However, HIDL VHAL might
+ // require support for this property to meet EU regulation.
+ {
+ .config =
+ {
+ // GENERAL_SAFETY_REGULATION_COMPLIANCE_REQUIREMENT
+ .prop = 0x11400F47,
+ .access = VehiclePropertyAccess::READ,
+ .changeMode = VehiclePropertyChangeMode::STATIC,
+ },
+ // GsrComplianceRequirementType::GSR_COMPLIANCE_REQUIRED_V1
+ .initialValue = {.int32Values = {1}},
+ },
#ifdef ENABLE_VENDOR_CLUSTER_PROPERTY_FOR_TESTING
// Vendor propetry for E2E ClusterHomeService testing.
{
diff --git a/automotive/vehicle/2.0/default/impl/vhal_v2_0/tests/DefaultVhalImpl_test.cpp b/automotive/vehicle/2.0/default/impl/vhal_v2_0/tests/DefaultVhalImpl_test.cpp
index f01444e..74f5a7a 100644
--- a/automotive/vehicle/2.0/default/impl/vhal_v2_0/tests/DefaultVhalImpl_test.cpp
+++ b/automotive/vehicle/2.0/default/impl/vhal_v2_0/tests/DefaultVhalImpl_test.cpp
@@ -141,7 +141,7 @@
TEST_F(DefaultVhalImplTest, testListProperties) {
std::vector<VehiclePropConfig> configs = mHal->listProperties();
- EXPECT_EQ((size_t)122, configs.size());
+ EXPECT_EQ((size_t)123, configs.size());
}
TEST_F(DefaultVhalImplTest, testGetDefaultPropertyFloat) {
diff --git a/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp b/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp
index c431d85..5de206b 100644
--- a/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp
+++ b/automotive/vehicle/vts/src/VtsHalAutomotiveVehicle_TargetTest.cpp
@@ -48,6 +48,7 @@
using ::android::getAidlHalInstanceNames;
using ::android::base::ScopedLockAssertion;
using ::android::base::StringPrintf;
+using ::android::frameworks::automotive::vhal::ErrorCode;
using ::android::frameworks::automotive::vhal::HalPropError;
using ::android::frameworks::automotive::vhal::IHalPropConfig;
using ::android::frameworks::automotive::vhal::IHalPropValue;
@@ -287,7 +288,7 @@
auto setValueResult = mVhalClient->setValueSync(*getValueResult.value());
ASSERT_FALSE(setValueResult.ok()) << "Expect set a read-only value to fail";
- ASSERT_EQ(setValueResult.error().code(), StatusCode::ACCESS_DENIED);
+ ASSERT_EQ(setValueResult.error().code(), ErrorCode::ACCESS_DENIED_FROM_VHAL);
}
// Test subscribe() and unsubscribe().
diff --git a/security/keymint/RKP_CHANGELOG.md b/security/keymint/RKP_CHANGELOG.md
new file mode 100644
index 0000000..67d68d4
--- /dev/null
+++ b/security/keymint/RKP_CHANGELOG.md
@@ -0,0 +1,18 @@
+# Remote Provisioning Changelog
+
+This document provides an exact description of which changes have occurred in the
+`IRemotelyProvisionedComponent` HAL interface in each Android release.
+
+## Releases
+* **Android S (12):** IRemotelyProvisionedComponent v1
+* **Android T (13):** IRemotelyProvisionedComponent v2
+
+## IRemotelyProvisionedComponent 1 -> 2
+* DeviceInfo
+ * Most entries are no longer optional.
+ * `att_id_state` is now `fused`. `fused` is used to indicate if SecureBoot is enabled.
+ * `version` is now `2`.
+ * `board` has been removed.
+ * `device` has been added.
+* RpcHardwareInfo
+ * `uniqueId` String added as a field in order to differentiate IRPC instances on device.
\ No newline at end of file
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index b9694e9..2caa4d5 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -336,6 +336,17 @@
* Only Tag::KEY_SIZE is required to generate an 3DES key, and its value must be 168. If
* omitted, generateKey must return ErrorCode::UNSUPPORTED_KEY_SIZE.
*
+ * == HMAC Keys ==
+ *
+ * Tag::KEY_SIZE must be provided to generate an HMAC key, and its value must be >= 64 and a
+ * multiple of 8. All devices must support key sizes up to 512 bits, but StrongBox devices must
+ * not support key sizes larger than 512 bits. If omitted or invalid, generateKey() must return
+ * ErrorCode::UNSUPPORTED_KEY_SIZE.
+ *
+ * Tag::MIN_MAC_LENGTH must be provided, and must be a multiple of 8 in the range 64 to 512
+ * bits (inclusive). If omitted, generateKey must return ErrorCode::MISSING_MIN_MAC_LENGTH; if
+ * invalid, generateKey must return ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH.
+ *
* @param keyParams Key generation parameters are defined as KeyMintDevice tag/value pairs,
* provided in params. See above for detailed specifications of which tags are required
* for which types of keys.
@@ -661,19 +672,19 @@
* structure, because it cannot add the DigestInfo structure. Instead, the IKeyMintDevice
* must construct 0x00 || 0x01 || PS || 0x00 || M, where M is the provided message and PS is a
* random padding string at least eight bytes in length. The size of the RSA key has to be at
- * least 11 bytes larger than the message, otherwise begin() must return
+ * least 11 bytes larger than the message, otherwise finish() must return
* ErrorCode::INVALID_INPUT_LENGTH.
*
* o PaddingMode::RSA_PKCS1_1_1_5_ENCRYPT padding does not require a digest.
*
- * o PaddingMode::RSA_PSS padding requires a digest, which must match one of the padding values
+ * o PaddingMode::RSA_PSS padding requires a digest, which must match one of the digest values
* in the key authorizations, and which may not be Digest::NONE. begin() must return
* ErrorCode::INCOMPATIBLE_DIGEST if this is not the case. In addition, the size of the RSA
- * key must be at least 2 + D bytes larger than the output size of the digest, where D is the
- * size of the digest, in bytes. Otherwise begin() must return
- * ErrorCode::INCOMPATIBLE_DIGEST. The salt size must be D.
+ * key must be at least (D + S + 9) bits, where D is the size of the digest (in bits) and
+ * S is the size of the salt (in bits). The salt size S must equal D, so the RSA key must
+ * be at least (2*D + 9) bits. Otherwise begin() must return ErrorCode::INCOMPATIBLE_DIGEST.
*
- * o PaddingMode::RSA_OAEP padding requires a digest, which must match one of the padding values
+ * o PaddingMode::RSA_OAEP padding requires a digest, which must match one of the digest values
* in the key authorizations, and which may not be Digest::NONE. begin() must return
* ErrorCode::INCOMPATIBLE_DIGEST if this is not the case. RSA_OAEP padding also requires an
* MGF1 digest, specified with Tag::RSA_OAEP_MGF_DIGEST, which must match one of the MGF1
@@ -683,9 +694,9 @@
*
* -- EC Keys --
*
- * Private key operations (KeyPurpose::SIGN) need authorization of digest and padding, which
- * means that the key authorizations must contain the specified values. If not, begin() must
- * return ErrorCode::INCOMPATIBLE_DIGEST.
+ * Private key operations (KeyPurpose::SIGN) need authorization of digest, which means that the
+ * key authorizations must contain the specified values. If not, begin() must return
+ * ErrorCode::INCOMPATIBLE_DIGEST.
*
* -- AES Keys --
*
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl
index fd103ef..32e71a7 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl
@@ -23,7 +23,7 @@
@VintfStability
@Backing(type="int")
enum KeyPurpose {
- /* Usable with RSA, 3DES and AES keys. */
+ /* Usable with 3DES and AES keys. */
ENCRYPT = 0,
/* Usable with RSA, 3DES and AES keys. */
@@ -32,7 +32,7 @@
/* Usable with RSA, EC and HMAC keys. */
SIGN = 2,
- /* Usable with RSA, EC and HMAC keys. */
+ /* Usable with HMAC keys. */
VERIFY = 3,
/* 4 is reserved */
diff --git a/security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl b/security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl
index e71a9c9..6ff4b29 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl
@@ -26,7 +26,7 @@
@VintfStability
@Backing(type="int")
enum PaddingMode {
- NONE = 1, /* deprecated */
+ NONE = 1,
RSA_OAEP = 2,
RSA_PSS = 3,
RSA_PKCS1_1_5_ENCRYPT = 4,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index 42dfad5..871a1ac 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -186,10 +186,16 @@
* Tag::RSA_OAEP_MGF_DIGEST specifies the MGF1 digest algorithms that may be used with RSA
* encryption/decryption with OAEP padding. Possible values are defined by the Digest enum.
*
- * This tag is repeatable for key generation/import. RSA cipher operations with OAEP padding
- * must specify an MGF1 digest in the params argument of begin(). If this tag is missing or the
- * specified digest is not in the MGF1 digests associated with the key then begin operation must
- * fail with ErrorCode::INCOMPATIBLE_MGF_DIGEST.
+ * This tag is repeatable for key generation/import.
+ *
+ * If the caller specifies an MGF1 digest in the params argument of begin(), that digest must be
+ * present as an RSA_OAEP_MGF_DIGEST value in the key characteristics (or the begin() operation
+ * must fail with ErrorCode::INCOMPATIBLE_MGF_DIGEST).
+ *
+ * If the caller does not specify an MGF1 digest in the params argument of begin(), a default
+ * MGF1 digest of SHA1 is used. If the key characteristics have any explicitly specified values
+ * for RSA_OAEP_MGF_DIGEST, then SHA1 must be included (or the begin() operation must fail with
+ * ErrorCode::INCOMPATIBLE_MGF_DIGEST).
*
* Must be hardware-enforced.
*/
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 371b589..7c398d3 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -613,7 +613,7 @@
class NewKeyGenerationTest : public KeyMintAidlTestBase {
protected:
void CheckBaseParams(const vector<KeyCharacteristics>& keyCharacteristics) {
- AuthorizationSet auths = CheckCommonParams(keyCharacteristics);
+ AuthorizationSet auths = CheckCommonParams(keyCharacteristics, KeyOrigin::GENERATED);
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN));
// Check that some unexpected tags/values are NOT present.
@@ -622,20 +622,21 @@
}
void CheckSymmetricParams(const vector<KeyCharacteristics>& keyCharacteristics) {
- AuthorizationSet auths = CheckCommonParams(keyCharacteristics);
+ AuthorizationSet auths = CheckCommonParams(keyCharacteristics, KeyOrigin::GENERATED);
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::ENCRYPT));
EXPECT_TRUE(auths.Contains(TAG_PURPOSE, KeyPurpose::DECRYPT));
EXPECT_FALSE(auths.Contains(TAG_PURPOSE, KeyPurpose::SIGN));
}
- AuthorizationSet CheckCommonParams(const vector<KeyCharacteristics>& keyCharacteristics) {
+ AuthorizationSet CheckCommonParams(const vector<KeyCharacteristics>& keyCharacteristics,
+ const KeyOrigin expectedKeyOrigin) {
// TODO(swillden): Distinguish which params should be in which auth list.
AuthorizationSet auths;
for (auto& entry : keyCharacteristics) {
auths.push_back(AuthorizationSet(entry.authorizations));
}
- EXPECT_TRUE(auths.Contains(TAG_ORIGIN, KeyOrigin::GENERATED));
+ EXPECT_TRUE(auths.Contains(TAG_ORIGIN, expectedKeyOrigin));
// Verify that App data, ROT and auth timeout are NOT included.
EXPECT_FALSE(auths.Contains(TAG_ROOT_OF_TRUST));
@@ -3801,7 +3802,7 @@
// TODO(seleneh) add ExportKey to GenerateKey
// check result
-class ImportKeyTest : public KeyMintAidlTestBase {
+class ImportKeyTest : public NewKeyGenerationTest {
public:
template <TagType tag_type, Tag tag, typename ValueT>
void CheckCryptoParam(TypedTag<tag_type, tag> ttag, ValueT expected) {
@@ -4511,6 +4512,65 @@
VerifyMessage(message, signature, AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
}
+/*
+ * ImportKeyTest.GetKeyCharacteristics
+ *
+ * Verifies that imported keys have the correct characteristics.
+ */
+TEST_P(ImportKeyTest, GetKeyCharacteristics) {
+ vector<uint8_t> key_blob;
+ vector<KeyCharacteristics> key_characteristics;
+ auto base_builder = AuthorizationSetBuilder()
+ .Padding(PaddingMode::NONE)
+ .Authorization(TAG_NO_AUTH_REQUIRED)
+ .SetDefaultValidity();
+ vector<Algorithm> algorithms = {Algorithm::RSA, Algorithm::EC, Algorithm::HMAC, Algorithm::AES,
+ Algorithm::TRIPLE_DES};
+ ErrorCode result;
+ string symKey = hex2str("a49d7564199e97cb529d2c9d97bf2f98"); // 128 bits
+ string tdesKey = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358"); // 192 bits
+ for (auto alg : algorithms) {
+ SCOPED_TRACE(testing::Message() << "Algorithm-" << alg);
+ AuthorizationSetBuilder builder(base_builder);
+ switch (alg) {
+ case Algorithm::RSA:
+ builder.RsaSigningKey(2048, 65537).Digest(Digest::NONE);
+
+ result = ImportKey(builder, KeyFormat::PKCS8, rsa_2048_key, &key_blob,
+ &key_characteristics);
+ break;
+ case Algorithm::EC:
+ builder.EcdsaSigningKey(EcCurve::P_256).Digest(Digest::NONE);
+ result = ImportKey(builder, KeyFormat::PKCS8, ec_256_key, &key_blob,
+ &key_characteristics);
+ break;
+ case Algorithm::HMAC:
+ builder.HmacKey(128)
+ .Digest(Digest::SHA_2_256)
+ .Authorization(TAG_MIN_MAC_LENGTH, 128);
+ result =
+ ImportKey(builder, KeyFormat::RAW, symKey, &key_blob, &key_characteristics);
+ break;
+ case Algorithm::AES:
+ builder.AesEncryptionKey(128).BlockMode(BlockMode::ECB);
+ result =
+ ImportKey(builder, KeyFormat::RAW, symKey, &key_blob, &key_characteristics);
+ break;
+ case Algorithm::TRIPLE_DES:
+ builder.TripleDesEncryptionKey(168).BlockMode(BlockMode::ECB);
+ result = ImportKey(builder, KeyFormat::RAW, tdesKey, &key_blob,
+ &key_characteristics);
+ break;
+ default:
+ ADD_FAILURE() << "Invalid Algorithm " << uint32_t(alg);
+ continue;
+ }
+ ASSERT_EQ(ErrorCode::OK, result);
+ CheckCharacteristics(key_blob, key_characteristics);
+ CheckCommonParams(key_characteristics, KeyOrigin::IMPORTED);
+ }
+}
+
INSTANTIATE_KEYMINT_AIDL_TEST(ImportKeyTest);
auto wrapped_key = hex2str(
diff --git a/security/sharedsecret/aidl/android/hardware/security/sharedsecret/SharedSecretParameters.aidl b/security/sharedsecret/aidl/android/hardware/security/sharedsecret/SharedSecretParameters.aidl
index 8144699..b72f0de 100644
--- a/security/sharedsecret/aidl/android/hardware/security/sharedsecret/SharedSecretParameters.aidl
+++ b/security/sharedsecret/aidl/android/hardware/security/sharedsecret/SharedSecretParameters.aidl
@@ -33,9 +33,9 @@
byte[] seed;
/**
- * A 32-byte value which is guaranteed to be different each time
- * getSharedSecretParameters() is called. Probabilistic uniqueness (i.e. random) is acceptable,
- * though a stronger uniqueness guarantee (e.g. counter) is recommended where possible.
+ * A 32-byte value which is guaranteed to be different each time getSharedSecretParameters() is
+ * called after a restart. Probabilistic uniqueness (i.e. random) is acceptable, though a
+ * stronger uniqueness guarantee (e.g. counter) is recommended where possible.
*/
byte[] nonce;
}
diff --git a/tv/tuner/aidl/default/Filter.cpp b/tv/tuner/aidl/default/Filter.cpp
index 769ebe2..1d56303 100644
--- a/tv/tuner/aidl/default/Filter.cpp
+++ b/tv/tuner/aidl/default/Filter.cpp
@@ -432,12 +432,12 @@
if (mSharedAvMemHandle != nullptr) {
*out_avMemory = ::android::dupToAidl(mSharedAvMemHandle);
- *_aidl_return = BUFFER_SIZE_16M;
+ *_aidl_return = BUFFER_SIZE;
mUsingSharedAvMem = true;
return ::ndk::ScopedAStatus::ok();
}
- int av_fd = createAvIonFd(BUFFER_SIZE_16M);
+ int av_fd = createAvIonFd(BUFFER_SIZE);
if (av_fd < 0) {
return ::ndk::ScopedAStatus::fromServiceSpecificError(
static_cast<int32_t>(Result::OUT_OF_MEMORY));
@@ -454,7 +454,7 @@
mUsingSharedAvMem = true;
*out_avMemory = ::android::dupToAidl(mSharedAvMemHandle);
- *_aidl_return = BUFFER_SIZE_16M;
+ *_aidl_return = BUFFER_SIZE;
return ::ndk::ScopedAStatus::ok();
}
@@ -1168,7 +1168,7 @@
mediaEvent.isPesPrivateData = true;
mediaEvent.extraMetaData.set<DemuxFilterMediaEventExtraMetaData::Tag::audio>(audio);
- int av_fd = createAvIonFd(BUFFER_SIZE_16M);
+ int av_fd = createAvIonFd(BUFFER_SIZE);
if (av_fd == -1) {
return;
}
diff --git a/tv/tuner/aidl/default/Filter.h b/tv/tuner/aidl/default/Filter.h
index e301249..c559862 100644
--- a/tv/tuner/aidl/default/Filter.h
+++ b/tv/tuner/aidl/default/Filter.h
@@ -50,7 +50,9 @@
using ::android::hardware::EventFlag;
using FilterMQ = AidlMessageQueue<int8_t, SynchronizedReadWrite>;
-const uint32_t BUFFER_SIZE_16M = 0x1000000;
+// Large buffer size can lead to sudden crashes due to being de-allocated
+// by the memory management system. Change the buffer size when needed.
+const uint32_t BUFFER_SIZE = 0x800000; // 8 MB
class Demux;
class Dvr;
diff --git a/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/current/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl b/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/current/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
index 17e4381..002e11a 100644
--- a/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/current/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
+++ b/uwb/aidl/aidl_api/android.hardware.uwb.fira_android/current/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
@@ -45,4 +45,5 @@
CCC_SUPPORTED_RAN_MULTIPLIER = 167,
SUPPORTED_AOA_RESULT_REQ_ANTENNA_INTERLEAVING = 227,
SUPPORTED_MIN_RANGING_INTERVAL_MS = 228,
+ SUPPORTED_RANGE_DATA_NTF_CONFIG = 229,
}
diff --git a/uwb/aidl/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl b/uwb/aidl/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
index 3961eda..e15edcb 100644
--- a/uwb/aidl/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
+++ b/uwb/aidl/android/hardware/uwb/fira_android/UwbVendorCapabilityTlvTypes.aidl
@@ -155,4 +155,12 @@
* 4 byte value to indicate supported min ranging interval in ms.
*/
SUPPORTED_MIN_RANGING_INTERVAL_MS = 0xE4,
+
+ /**
+ * 4 byte bitmask to indicate the supported RANGE_DATA_NTF_CONFIG values
+ *
+ * Bitmask where each bit corresponds to values used in
+ * RANGE_DATA_NTF_CONFIG in SET_APP_CFG_CMD
+ */
+ SUPPORTED_RANGE_DATA_NTF_CONFIG = 0xE5,
}