summaryrefslogtreecommitdiff
path: root/keymaster
AgeCommit message (Collapse)Author
2022-06-29Merge TP1A.220624.003Deyao Ren
Change-Id: I6a3d36f9b277ec85fb7e678e6c3f44a8345fe4f6
2022-06-17Read VSR level from correct property.Shawn Willden
Bug: 235424890 Test: VtsHalKeymasterV4_0TargetTest & VtsAidlKeyMintTargetTest Ignore-AOSP-First: Cherry-pick of aosp/2128833 Change-Id: I39109c097d129124097a303c3f108d015cb367e3 Merged-In: I39109c097d129124097a303c3f108d015cb367e3
2022-06-13Merge TP1A.220609.001Scott Lobdell
Change-Id: If8cb4cb43231ff7552ab8a531716ac2689c06e22
2022-06-06Implement KeyMint2 test for VSR13Shawn Willden
Test: VtsAidlKeyMintTargetTest & VtsHalKeymasterV4_0TargetTest Bug: 235099905 Ignore-AOSP-First: Cherry pick from aosp/2115214 Change-Id: Ie10b705bb06990a2a2c6223fcce28f5fde6bf3f3 Merged-In: Ie10b705bb06990a2a2c6223fcce28f5fde6bf3f3
2022-04-22Merge TP1A.220414.003Scott Lobdell
Change-Id: Id8894d5b946744d159e41f802b49bc770b28e4b5
2022-04-11Merge "Fix AES corrupt padding test" am: b474607b7c am: b661792d06 am: ↵David Drysdale
2e449950d6 Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2059787 Change-Id: I1a4bf228d73452cbc718ab126165bf09e0cdf833 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-11Fix AES corrupt padding testDavid Drysdale
The AesEcbPkcs7PaddingCorrupted test has been incorrect since it was originally introduced -- it was feeding the original message as input to the decryption operation, rather than the corrupted ciphertext. As a result, the expected error code was also wrong -- INVALID_INPUT_LENGTH is appropriate for a too-short cipher text (length 1 in this case), whereas a corrupt-but-correct-length cipher text should give INVALID_ARGUMENT. Fix the test, and add a separate test to cover what was inadvertently being tested before. Add a sentence to the HAL spec to describe what expected and tested by CTS/VTS. Bug: 194126736 Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest Change-Id: Iaa5e42768814197f373797831093cf344d342b77
2022-04-07Merge "Build with upstream lld: Fix incorrect static dependencies" am: ↵Pirama Arumuga Nainar
2c76c6867e am: 5f96cab8c0 am: e18c0f85fd Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2056641 Change-Id: Ibad4f98dce239fc2e1cf689688bf296bb25ea1a8 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-06Build with upstream lld: Fix incorrect static dependenciesPirama Arumuga Nainar
Bug: http://b/197965342 Remove unnecessary `static_libs` dependencies or move them to `shared_libs` to build with upstream LLD. See b/197965342#comment1 (internal) for rationale. Some info is available externally at https://github.com/llvm/llvm-project/issues/42899. Per go/android-lld-static-lib-fix, OWNERS are added for visibility. No action is needed if the change looks good. This change will be merged after two business days with Global Approvers. Test: Build modules with aosp/2036867 in addition to presubmit Change-Id: I6b607969ab89605d392344d307f5deeb883d4191
2022-03-25Merge TP1A.220321.002Scott Lobdell
Change-Id: If51d1324897593e6bb61bf4795bc157004c10083
2022-03-17Merge TP1A.220310.002Daniel Norman
Change-Id: Ic15874018152ca90e6f51bdb1be1b24eb32d57dd
2022-03-14Merge "Add OWNER for keymaster VTS" am: d3e783be43 am: fc5b6ac127 am: 4723499cc0David Drysdale
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2024663 Change-Id: I3329c009c09a3d44cef90d826d86fcbc4cbd845b
2022-03-14Merge "Key{Mint,Master} VTS: fix incremental AES tags" am: e5c2bf01fc am: ↵David Drysdale
523b300da7 am: a219992eef Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2020421 Change-Id: I771b72b5f4f439c8b6eea264010b90f0efa876a8
2022-03-14Merge "Add OWNER for keymaster VTS"David Drysdale
2022-03-14Add OWNER for keymaster VTSDavid Drysdale
Test: TreeHugger Change-Id: I2ff243a2cadbfcc9bedf634f9a9327b2fa8ccd63
2022-03-14Key{Mint,Master} VTS: fix incremental AES tagsDavid Drysdale
Change Id62fdce65131ee00c88e5849955a937f1c171748 split up the AES incremental encryption tests into individual tests for each encryption mode. This meant that each generated key is only valid for a single mode, which in turn means that for non-GCM mode keys it is not valid to specify MIN_MAC_LENGTH. Bug: 223934835 Test: VtsAidlKeyMintTargetTest Change-Id: I38f34f60116bde3d23f203365d62e5b25d7b254b
2022-03-11Merge TP1A.220225.003Scott Lobdell
Change-Id: Iad9e960e034127e3320f78d2eadd23e36300b10c
2022-03-04Merge "Split AESincremental VTS test into 4 Tests(For ↵Treehugger Robot
blockmodes-ECB,CBC,GCM,CTR)" am: 90019d46c2 am: bfdd991c76 am: 8be10ddce6 Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2007030 Change-Id: Iffe169fcff0a11478672bf8f5895a93fcdcc9003
2022-03-03Split AESincremental VTS test into 4 Tests(For blockmodes-ECB,CBC,GCM,CTR)anil.hiranniah
Change mentioned above is done in VTS for Keymaster4.0 and Keymint Test: VTS tests with tradefed Change-Id: Id62fdce65131ee00c88e5849955a937f1c171748
2022-02-24Merge "Add timed out test files to tidy_timeout_srcs" am: ff54f73b4f am: ↵Chih-hung Hsieh
fa83970b3a am: 581616e658 Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1992232 Change-Id: I2eac13fe3b5ab0b4f15d6ceadf376e5e74124a81
2022-02-18Add timed out test files to tidy_timeout_srcsChih-Hung Hsieh
* Timed out runs do not show any warning messages. * These test files cannot finish clang-tidy runs with the following settings: TIDY_TIMEOUT=90 WITH_TIDY=1 CLANG_ANALYZER_CHECKS=1 * When TIDY_TIMEOUT is set, in Android continuous builds, tidy_timeout_srcs files will not be compiled by clang-tidy. When developers build locally without TIDY_TIMEOUT, tidy_timeout_srcs files will be compiled. * Some of these test modules may be split into smaller ones, or disable some time consuming checks, and then enable clang-tidy to run within limited time. Bug: 201099167 Test: make droid tidy-hardware-interfaces_subset Change-Id: I1de28f1572fff368f67eab512fffec9f2e5c2a9b
2022-02-09Merge TP1A.220126.001Haamed Gheibi
Change-Id: Ibf6bd2c20d9927fde8b2a05dde2b58bd8faea20f
2022-02-04Merge TP1A.220120.003Haamed Gheibi
Change-Id: Ie5eba313ee102e452f5f96942ed2f3a7bb4e8f01
2022-01-24Merge TP1A.211214.001Scott Lobdell
Change-Id: Ib12bd53bdfdf84dde7b986f5e2ae5392cd672882
2022-01-21Merge "Turn off CFI for other Keymaster VTS versions" am: 4daee77052 am: ↵David Drysdale
23040264d1 am: c810dae469 am: 7fbaeac5be Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1954816 Change-Id: I6e820809f9a3c9b94545ff60201c3f86c87104d0
2022-01-21Merge "Turn off CFI for other Keymaster VTS versions"David Drysdale
2022-01-21Merge TP1A.211206.001Scott Lobdell
Change-Id: I8b3a43021a3328cf6afb4e7e157339d8e214ddbe
2022-01-19Turn off CFI for other Keymaster VTS versionsDavid Drysdale
Repeat the change for the 4.0 KeyMaster VTS tests in 3.0 and 4.1. See previous change: I12b145dad5535846d68c97954d31a93123bb95e7 Bug: 206498742 Test: VtsHalKeymasterV4_1TargetTest, VtsHalKeymasterV3_0TargetTest Change-Id: I3b4f9bc13e155ff451d03318d114a01abbbf138e
2022-01-13Alter spec text for RSA-PSS to match realityDavid Drysdale
The Key{Mint,Master} spec previously said that RSA-PSS mode should use SHA-1 for the MGF1 digest, separately from whatever Tag::DIGEST gets specified as the main digest. However, both the reference implementation and the VTS/CTS tests use BoringSSL's defaults, which is to re-use the main digest as the MGF1 digest if none is separately specified. Given that this behaviour is embedded in many implementations over several years (and given that there isn't a security implication), change the spec to match this behaviour. Also update the VTS test code to make this clear/obvious. Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest Bug: 210424594 Change-Id: I4303f28d094ef4d4b9dc931d6728b1fa040de20d Ignore-AOSP-First: target internal master first due to merge conflict
2022-01-13Alter spec text for RSA-PSS to match realityDavid Drysdale
The Key{Mint,Master} spec previously said that RSA-PSS mode should use SHA-1 for the MGF1 digest, separately from whatever Tag::DIGEST gets specified as the main digest. However, both the reference implementation and the VTS/CTS tests use BoringSSL's defaults, which is to re-use the main digest as the MGF1 digest if none is separately specified. Given that this behaviour is embedded in many implementations over several years (and given that there isn't a security implication), change the spec to match this behaviour. Also update the VTS test code to make this clear/obvious. Test: VtsAidlKeyMintTargetTest, VtsHalKeymasterV4_0TargetTest Bug: 210424594 Merged-In: I4303f28d094ef4d4b9dc931d6728b1fa040de20d Change-Id: I4303f28d094ef4d4b9dc931d6728b1fa040de20d
2021-12-07Merge "Turn off CFI for the Keymaster VTS" am: 1ff635ab2d am: ab78c4b682 am: ↵David Drysdale
2a20554f45 am: fe9a70a53e Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1906291 Change-Id: I9730d389cf119e539f9f4a85916065fc40656577
2021-12-07Merge "Turn off CFI for the Keymaster VTS" am: 1ff635ab2dDavid Drysdale
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1906291 Change-Id: Idf81c498e1b5ef26b8d5ade160217556a81340a3
2021-12-07Merge "Turn off CFI for the Keymaster VTS"David Drysdale
2021-11-30Turn off CFI for the Keymaster VTSDavid Drysdale
On a bramble device, observed a crash in the VTS binary itself when executing BoringSSL signature verification code locally (i.e. with no KeyMaster interaction involved). The crash call stack involves CFI checks, and seems to occur at the point when some BoringSSL digest calculation code invokes a function pointer. - SHA1_Update passes &sha1_block_data_order to (inlined)... - crypto_md32_update() which invokes the function pointer via its block_func parameter. Moving the BoringSSL dependency from static_libs: libcrypto_static to shared_libs: libcrypto makes the crash go away, but a smaller change that also fixes the problem is to disable CFI checks for the test binary. This approach was inspired by: https://googleplex-android.googlesource.com/platform/system/security/+/ab65cd0e89829675fec75d629019b10511584100%5E%21/#F0 The same problem looks to be relevant for the bugs listed below. Bug: 206496340 Bug: 206498742 Test: VtsHalKeymasterV4_0TargetTest --gtest_filter="*VerificationOperationsTest.RsaAllPaddingsAndDigests*" Change-Id: I12b145dad5535846d68c97954d31a93123bb95e7
2021-11-30Merge "Fix flaky corrupted padding tests" am: a33f46bc2a am: 61cf943208 am: ↵David Drysdale
02951d1167 am: d1c5ed5bec Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1903312 Change-Id: I803c4549b635d900934403c775886b1153b91a12
2021-11-30Merge "Fix flaky corrupted padding tests" am: a33f46bc2aDavid Drysdale
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1903312 Change-Id: I5e5b1e62c017e2e1db8ce099e1cabda6501ce44c
2021-11-29Fix flaky corrupted padding testsDavid Drysdale
Transfer the fix in http://aosp/1745035 from the KeyMint VTS test back into the keymaster VTS test. Bug: 189261752 Test: VtsHalKeymasterV4_0TargetTest Change-Id: I5f0a69255cfe980dd6e71fa29ff06a84cb668f6d
2021-11-10Merge sc-qpr1-dev-plus-aosp-without-vendor@7810918Xin Li
Bug: 205056467 Merged-In: I96a417467346a57b13c2efae12a183d78506afc3 Change-Id: I570a3b599281f519af7a440562c83f8484684fd5
2021-10-23Merge TP1A.211006.001Haamed Gheibi
Change-Id: I9165b331c1bb047a17950a425ae9eeed6aff127c
2021-10-11Merge "Revert "Delete KM1"" am: 0531c94771 am: 7e0f50f4fe am: cb8a6b42d2 am: ↵Jim Blackler
1977dffb15 am: a47931ad1f Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1853098 Change-Id: I9e8aadf21c1f372458caf5e006a0ec714f449f2b
2021-10-11Merge "Revert "Delete KM1"" am: 0531c94771 am: 7e0f50f4feJim Blackler
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1853098 Change-Id: I2bc88903556a42984553014cdbd3010939dded25
2021-10-11Merge "Revert "Delete KM1""Jim Blackler
2021-10-11Revert "Delete KM1"Jim Blackler
Revert "Delete KM1" Revert "Delete KM1" Revert "Delete KM1" Revert submission 1844016-delkm1 Reason for revert: b/202675261 Reverted Changes: Iba996962b:Delete KM1 Ia4c5359cd:Delete KM1 Iee6ec9816:Delete KM1 I6058e4d86:Delete KM1 I8abb9c570:Delete KM1 I9c4dc5c9e:Delete KM1 Change-Id: I2a2d4b737a90f8ce31cd14b68f64564d8d245ab3
2021-10-09Merge "Delete KM1" am: 13274fa22d am: 9c379e224f am: bb661ea978 am: ↵Shawn Willden
b98e256589 am: 7cbfeb37c3 Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1849793 Change-Id: I498a9212fdec4b3852c737bd18c9dd102774851a
2021-10-09Merge "Delete KM1" am: 13274fa22d am: 9c379e224fShawn Willden
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1849793 Change-Id: I6d7acf78da1a57e078ffd21378d2021740633960
2021-10-09Merge "Delete KM1"Shawn Willden
2021-10-07Delete KM1Shawn Willden
Test: Build Change-Id: Iee6ec98163dff3a969debd9f4343c7b06ebe8d4f
2021-10-05Merge "Add EncryptionOperationsTest.AesCbcZeroInputSuccess"TreeHugger Robot
2021-09-29Add EncryptionOperationsTest.AesCbcZeroInputSuccessTommy Chiu
Check if the zero input data with AES-CBC-[NONE|PKCS7] padding mode generates correct output data and length. Bug: 200553873 Test: VtsHalKeymasterV4_0TargetTest, VtsAidlKeyMintTargetTest Change-Id: I729c2bad65e9d8b194422032346e5ee3c4b0dce5
2021-09-28Merge "Backfill owner information for VTS module ↵Yiming Pan
VtsHalKeymasterV4_0TargetTest." am: ea60a110ab am: e988b0f6c7 Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1813761 Change-Id: Ie1be063bc1c976404fdb285c5653bb3c14c851e2
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 08:46:19 +0000