Move keystore to foreground cpuset.
am: 1140ef6
* commit '1140ef674e2098bb3ac4360baafb1562760b441c':
Move keystore to foreground cpuset.
Change-Id: I7729240d6f98e9c76e0845c272de639339ea09ce
diff --git a/keystore-engine/android_engine.cpp b/keystore-engine/android_engine.cpp
index d23f169..d9c99fe 100644
--- a/keystore-engine/android_engine.cpp
+++ b/keystore-engine/android_engine.cpp
@@ -217,7 +217,7 @@
NULL /* mod_exp */,
NULL /* bn_mod_exp */,
- RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_OPAQUE | RSA_FLAG_EXT_PKEY,
+ RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_OPAQUE,
NULL /* keygen */,
NULL /* multi_prime_keygen */,
diff --git a/keystore/Android.mk b/keystore/Android.mk
index baff509..f17d5eb 100644
--- a/keystore/Android.mk
+++ b/keystore/Android.mk
@@ -113,6 +113,7 @@
LOCAL_MODULE_TAGS := optional
LOCAL_C_INCLUDES := $(LOCAL_PATH)/include $(call keystore_proto_include)
LOCAL_EXPORT_C_INCLUDE_DIRS := $(LOCAL_PATH)/include
+LOCAL_EXPORT_SHARED_LIBRARY_HEADERS := libbinder
LOCAL_CLANG := true
LOCAL_SANITIZE := integer
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
diff --git a/keystore/keystore_cli_v2.cpp b/keystore/keystore_cli_v2.cpp
index c4dbf5d..6c229db 100644
--- a/keystore/keystore_cli_v2.cpp
+++ b/keystore/keystore_cli_v2.cpp
@@ -19,6 +19,7 @@
#include "base/command_line.h"
#include "base/files/file_util.h"
+#include "base/strings/string_util.h"
#include "keymaster/authorization_set.h"
#include "keymaster/keymaster_tags.h"
#include "keystore/keystore_client_impl.h"
@@ -38,7 +39,7 @@
void PrintUsageAndExit() {
printf("Usage: keystore_client_v2 <command> [options]\n");
- printf("Commands: brillo-platform-test [--prefix=<test_name_prefix>]\n"
+ printf("Commands: brillo-platform-test [--prefix=<test_name_prefix>] [--test_for_0_3]\n"
" list-brillo-tests\n"
" add-entropy --input=<entropy>\n"
" generate --name=<key_name>\n"
@@ -58,7 +59,7 @@
}
#ifndef KEYMASTER_NAME_TAGS
-#erro KEYMASTER_NAME_TAGS must be defined
+#error KEYMASTER_NAME_TAGS must be defined
#endif
void PrintTags(const AuthorizationSet& parameters) {
@@ -82,28 +83,25 @@
AuthorizationSet software_enforced_characteristics;
int32_t result = keystore->generateKey("tmp", parameters, &hardware_enforced_characteristics,
&software_enforced_characteristics);
+ const char kBoldRedAbort[] = "\033[1;31mABORT\033[0m";
if (result != KM_ERROR_OK) {
LOG(ERROR) << "Failed to generate key: " << result;
- printf("%s Result: ABORT\n", name.c_str());
+ printf("[%s] %s\n", kBoldRedAbort, name.c_str());
return false;
}
result = keystore->deleteKey("tmp");
if (result != KM_ERROR_OK) {
LOG(ERROR) << "Failed to delete key: " << result;
- printf("%s Result: ABORT\n", name.c_str());
+ printf("[%s] %s\n", kBoldRedAbort, name.c_str());
return false;
}
printf("===============================================================\n");
printf("%s Key Characteristics:\n", name.c_str());
PrintKeyCharacteristics(hardware_enforced_characteristics, software_enforced_characteristics);
bool hardware_backed = (hardware_enforced_characteristics.size() > 0);
- if (software_enforced_characteristics.GetTagCount(KM_TAG_PURPOSE) > 0 ||
- software_enforced_characteristics.GetTagCount(KM_TAG_ALGORITHM) > 0 ||
+ if (software_enforced_characteristics.GetTagCount(KM_TAG_ALGORITHM) > 0 ||
software_enforced_characteristics.GetTagCount(KM_TAG_KEY_SIZE) > 0 ||
- software_enforced_characteristics.GetTagCount(KM_TAG_RSA_PUBLIC_EXPONENT) > 0 ||
- software_enforced_characteristics.GetTagCount(KM_TAG_DIGEST) > 0 ||
- software_enforced_characteristics.GetTagCount(KM_TAG_PADDING) > 0 ||
- software_enforced_characteristics.GetTagCount(KM_TAG_BLOCK_MODE) > 0) {
+ software_enforced_characteristics.GetTagCount(KM_TAG_RSA_PUBLIC_EXPONENT) > 0) {
VLOG(1) << "Hardware-backed key but required characteristics enforced in software.";
hardware_backed = false;
}
@@ -164,6 +162,7 @@
parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_ECB);
parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CBC);
parameters.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CTR);
+ parameters.Padding(KM_PAD_NONE);
}
return parameters.build();
}
@@ -205,12 +204,23 @@
return std::vector<TestCase>(&test_cases[0], &test_cases[arraysize(test_cases)]);
}
-int BrilloPlatformTest(const std::string& prefix) {
+int BrilloPlatformTest(const std::string& prefix, bool test_for_0_3) {
+ const char kBoldYellowWarning[] = "\033[1;33mWARNING\033[0m";
+ if (test_for_0_3) {
+ printf("%s: Testing for keymaster v0.3. "
+ "This does not meet Brillo requirements.\n", kBoldYellowWarning);
+ }
int test_count = 0;
int fail_count = 0;
std::vector<TestCase> test_cases = GetTestCases();
for (const auto& test_case : test_cases) {
- if (!prefix.empty() && test_case.name.find(prefix) != 0) {
+ if (!prefix.empty() &&
+ !base::StartsWith(test_case.name, prefix, base::CompareCase::SENSITIVE)) {
+ continue;
+ }
+ if (test_for_0_3 &&
+ (base::StartsWith(test_case.name, "AES", base::CompareCase::SENSITIVE) ||
+ base::StartsWith(test_case.name, "HMAC", base::CompareCase::SENSITIVE))) {
continue;
}
++test_count;
@@ -432,7 +442,8 @@
PrintUsageAndExit();
}
if (args[0] == "brillo-platform-test") {
- return BrilloPlatformTest(command_line->GetSwitchValueASCII("prefix"));
+ return BrilloPlatformTest(command_line->GetSwitchValueASCII("prefix"),
+ command_line->HasSwitch("test_for_0_3"));
} else if (args[0] == "list-brillo-tests") {
return ListTestCases();
} else if (args[0] == "add-entropy") {
diff --git a/softkeymaster/keymaster_openssl.cpp b/softkeymaster/keymaster_openssl.cpp
index 6f31195..927b4a6 100644
--- a/softkeymaster/keymaster_openssl.cpp
+++ b/softkeymaster/keymaster_openssl.cpp
@@ -208,17 +208,11 @@
return NULL;
}
- Unique_EVP_PKEY pkey(EVP_PKEY_new());
+ Unique_EVP_PKEY pkey(d2i_PrivateKey(type, nullptr, &p, privateLen));
if (pkey.get() == NULL) {
logOpenSSLError("unwrap_key");
return NULL;
}
- EVP_PKEY* tmp = pkey.get();
-
- if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) {
- logOpenSSLError("unwrap_key");
- return NULL;
- }
return pkey.release();
}