Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 14d0c897 authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Revise keymint_tags.h" am: 2528ddca am: 90ea1579 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1533203

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I567a8c63bb6ef77fa3aba54b703736ab4d743bb4
parents d6d80602 90ea1579

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+2 −2
Original line number Diff line number Diff line
@@ -577,8 +577,8 @@ string KeyMintAidlTestBase::EncryptMessage(const string& message, BlockMode bloc 
    string ciphertext = EncryptMessage(message, params, &out_params);

    EXPECT_EQ(1U, out_params.size());

    auto ivVal = out_params.GetTagValue(TAG_NONCE);

    EXPECT_TRUE(ivVal.isOk());

    if (ivVal.isOk()) *iv_out = ivVal.value();

    EXPECT_TRUE(ivVal);

    if (ivVal) *iv_out = *ivVal;

    return ciphertext;

}

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+17 −14
Original line number Diff line number Diff line
@@ -80,7 +80,10 @@ namespace { 
template <TagType tag_type, Tag tag, typename ValueT>

bool contains(vector<KeyParameter>& set, TypedTag<tag_type, tag> ttag, ValueT expected_value) {

    auto it = std::find_if(set.begin(), set.end(), [&](const KeyParameter& param) {

        return param.tag == tag && accessTagValue(ttag, param) == expected_value;

        if (auto p = authorizationValue(ttag, param)) {

            return *p == expected_value;

        }

        return false;

    });

    return (it != set.end());

}
@@ -251,10 +254,10 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase { 


        EXPECT_TRUE(auths.Contains(TAG_OS_VERSION, os_version()))

                << "OS version is " << os_version() << " key reported "

                << auths.GetTagValue(TAG_OS_VERSION);

                << auths.GetTagValue(TAG_OS_VERSION)->get();

        EXPECT_TRUE(auths.Contains(TAG_OS_PATCHLEVEL, os_patch_level()))

                << "OS patch level is " << os_patch_level() << " key reported "

                << auths.GetTagValue(TAG_OS_PATCHLEVEL);

                << auths.GetTagValue(TAG_OS_PATCHLEVEL)->get();

    }

};
@@ -2333,8 +2336,8 @@ TEST_P(EncryptionOperationsTest, AesEcbPkcs7PaddingCorrupted) { 


vector<uint8_t> CopyIv(const AuthorizationSet& set) {

    auto iv = set.GetTagValue(TAG_NONCE);

    EXPECT_TRUE(iv.isOk());

    return iv.value();

    EXPECT_TRUE(iv);

    return iv->get();

}



/*
@@ -2459,13 +2462,13 @@ TEST_P(EncryptionOperationsTest, AesIncremental) { 
                case BlockMode::CBC:

                case BlockMode::GCM:

                case BlockMode::CTR:

                    ASSERT_TRUE(iv.isOk()) << "No IV for block mode " << block_mode;

                    EXPECT_EQ(block_mode == BlockMode::GCM ? 12U : 16U, iv.value().size());

                    params.push_back(TAG_NONCE, iv.value());

                    ASSERT_TRUE(iv) << "No IV for block mode " << block_mode;

                    EXPECT_EQ(block_mode == BlockMode::GCM ? 12U : 16U, iv->get().size());

                    params.push_back(TAG_NONCE, iv->get());

                    break;



                case BlockMode::ECB:

                    EXPECT_FALSE(iv.isOk()) << "ECB mode should not generate IV";

                    EXPECT_FALSE(iv) << "ECB mode should not generate IV";

                    break;

            }
@@ -2649,9 +2652,9 @@ TEST_P(EncryptionOperationsTest, AesCallerNonce) { 
    AuthorizationSet out_params;

    string ciphertext = EncryptMessage(message, params, &out_params);

    EXPECT_EQ(message.size(), ciphertext.size());

    EXPECT_EQ(16U, out_params.GetTagValue(TAG_NONCE).value().size());

    EXPECT_EQ(16U, out_params.GetTagValue(TAG_NONCE)->get().size());



    params.push_back(TAG_NONCE, out_params.GetTagValue(TAG_NONCE).value());

    params.push_back(TAG_NONCE, out_params.GetTagValue(TAG_NONCE)->get());

    string plaintext = DecryptMessage(ciphertext, params);

    EXPECT_EQ(message, plaintext);
@@ -2697,9 +2700,9 @@ TEST_P(EncryptionOperationsTest, AesCallerNonceProhibited) { 
    AuthorizationSet out_params;

    string ciphertext = EncryptMessage(message, params, &out_params);

    EXPECT_EQ(message.size(), ciphertext.size());

    EXPECT_EQ(16U, out_params.GetTagValue(TAG_NONCE).value().size());

    EXPECT_EQ(16U, out_params.GetTagValue(TAG_NONCE)->get().size());



    params.push_back(TAG_NONCE, out_params.GetTagValue(TAG_NONCE).value());

    params.push_back(TAG_NONCE, out_params.GetTagValue(TAG_NONCE)->get());

    string plaintext = DecryptMessage(ciphertext, params);

    EXPECT_EQ(message, plaintext);
@@ -2893,7 +2896,7 @@ TEST_P(EncryptionOperationsTest, AesGcmTooShortTagOnDecrypt) { 
    AuthorizationSet begin_out_params;

    EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, params, &begin_out_params));

    EXPECT_EQ(1U, begin_out_params.size());

    ASSERT_TRUE(begin_out_params.GetTagValue(TAG_NONCE).isOk());

    ASSERT_TRUE(begin_out_params.GetTagValue(TAG_NONCE));



    AuthorizationSet finish_out_params;

    string ciphertext;

security/keymint/support/authorization_set.cpp

+3 −2
Original line number Diff line number Diff line
@@ -106,10 +106,11 @@ bool AuthorizationSet::erase(int index) { 
    return false;

}



NullOr<const KeyParameter&> AuthorizationSet::GetEntry(Tag tag) const {

std::optional<std::reference_wrapper<const KeyParameter>> AuthorizationSet::GetEntry(

        Tag tag) const {

    int pos = find(tag);

    if (pos == -1) return {};

    return data_[pos];

    return std::reference_wrapper(data_[pos]);

}



AuthorizationSetBuilder& AuthorizationSetBuilder::RsaKey(uint32_t key_size,

security/keymint/support/include/keymint_support/authorization_set.h

+4 −4
Original line number Diff line number Diff line
@@ -168,7 +168,7 @@ class AuthorizationSet { 
    bool Contains(TypedTag<tag_type, tag> ttag, const ValueT& value) const {

        for (const auto& param : data_) {

            auto entry = authorizationValue(ttag, param);

            if (entry.isOk() && static_cast<ValueT>(entry.value()) == value) return true;

            if (entry && static_cast<ValueT>(*entry) == value) return true;

        }

        return false;

    }
@@ -178,9 +178,9 @@ class AuthorizationSet { 
    size_t GetTagCount(Tag tag) const;



    template <typename T>

    inline NullOr<const typename TypedTag2ValueType<T>::type&> GetTagValue(T tag) const {

    inline auto GetTagValue(T tag) const -> decltype(authorizationValue(tag, KeyParameter())) {

        auto entry = GetEntry(tag);

        if (entry.isOk()) return authorizationValue(tag, entry.value());

        if (entry) return authorizationValue(tag, *entry);

        return {};

    }
@@ -219,7 +219,7 @@ class AuthorizationSet { 
    }



  private:

    NullOr<const KeyParameter&> GetEntry(Tag tag) const;

    std::optional<std::reference_wrapper<const KeyParameter>> GetEntry(Tag tag) const;



    std::vector<KeyParameter> data_;

};

security/keymint/support/include/keymint_support/key_param_output.h

+1 −1
Original line number Diff line number Diff line
@@ -71,7 +71,7 @@ inline ::std::ostream& operator<<(::std::ostream& os, SecurityLevel value) { 
}



template <typename ValueT>

::std::ostream& operator<<(::std::ostream& os, const NullOr<ValueT>& value) {

::std::ostream& operator<<(::std::ostream& os, const std::optional<ValueT>& value) {

    if (!value.isOk()) {

        os << "(value not present)";

    } else {