Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +3 −7 Original line number Diff line number Diff line Loading @@ -14,19 +14,17 @@ * limitations under the License. */ #ifndef VTS_KEYMINT_AIDL_TEST_UTILS_H #define VTS_KEYMINT_AIDL_TEST_UTILS_H #pragma once #include <aidl/Gtest.h> #include <aidl/Vintf.h> #include <android/hardware/security/keymint/ErrorCode.h> #include <android/hardware/security/keymint/IKeyMintDevice.h> #include <binder/IServiceManager.h> #include <binder/ProcessState.h> #include <gtest/gtest.h> #include <android/hardware/security/keymint/ErrorCode.h> #include <android/hardware/security/keymint/IKeyMintDevice.h> #include <keymint_support/authorization_set.h> namespace android::hardware::security::keymint::test { Loading Loading @@ -187,5 +185,3 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { android::PrintInstanceNameToString) } // namespace android::hardware::security::keymint::test #endif // VTS_KEYMINT_AIDL_TEST_UTILS_H security/keymint/support/attestation_record.cpp +7 −8 Original line number Diff line number Diff line Loading @@ -18,6 +18,9 @@ #include <assert.h> #include <android/hardware/security/keymint/Tag.h> #include <android/hardware/security/keymint/TagType.h> #include <android-base/logging.h> #include <openssl/asn1t.h> Loading @@ -25,9 +28,6 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <android/hardware/security/keymint/Tag.h> #include <android/hardware/security/keymint/TagType.h> #include <keymint_support/authorization_set.h> #include <keymint_support/openssl_utils.h> Loading Loading @@ -326,9 +326,8 @@ ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key } ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len, vector<uint8_t>* verified_boot_key, keymint_verified_boot_t* verified_boot_state, bool* device_locked, vector<uint8_t>* verified_boot_hash) { vector<uint8_t>* verified_boot_key, VerifiedBoot* verified_boot_state, bool* device_locked, vector<uint8_t>* verified_boot_hash) { if (!verified_boot_key || !verified_boot_state || !device_locked || !verified_boot_hash) { LOG(ERROR) << AT << "null pointer input(s)"; return ErrorCode::INVALID_ARGUMENT; Loading Loading @@ -358,8 +357,8 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc verified_boot_key->resize(vb_key->length); memcpy(verified_boot_key->data(), vb_key->data, vb_key->length); *verified_boot_state = static_cast<keymint_verified_boot_t>( ASN1_ENUMERATED_get(root_of_trust->verified_boot_state)); *verified_boot_state = static_cast<VerifiedBoot>(ASN1_ENUMERATED_get(root_of_trust->verified_boot_state)); if (!verified_boot_state) { LOG(ERROR) << AT << " Failed verified boot state parsing"; return ErrorCode::INVALID_ARGUMENT; Loading security/keymint/support/authorization_set.cpp +0 −10 Original line number Diff line number Diff line Loading @@ -76,16 +76,6 @@ void AuthorizationSet::Subtract(const AuthorizationSet& other) { } } void AuthorizationSet::Filter(std::function<bool(const KeyParameter&)> doKeep) { std::vector<KeyParameter> result; for (auto& param : data_) { if (doKeep(param)) { result.push_back(std::move(param)); } } std::swap(data_, result); } KeyParameter& AuthorizationSet::operator[](int at) { return data_[at]; } Loading security/keymint/support/include/keymint_support/attestation_record.h +7 −7 Original line number Diff line number Diff line Loading @@ -43,18 +43,18 @@ class AuthorizationSet; */ static const char kAttestionRecordOid[] = "1.3.6.1.4.1.11129.2.1.17"; enum keymint_verified_boot_t { KM_VERIFIED_BOOT_VERIFIED = 0, KM_VERIFIED_BOOT_SELF_SIGNED = 1, KM_VERIFIED_BOOT_UNVERIFIED = 2, KM_VERIFIED_BOOT_FAILED = 3, enum class VerifiedBoot : uint8_t { VERIFIED = 0, SELF_SIGNED = 1, UNVERIFIED = 2, FAILED = 3, }; struct RootOfTrust { SecurityLevel security_level; vector<uint8_t> verified_boot_key; vector<uint8_t> verified_boot_hash; keymint_verified_boot_t verified_boot_state; VerifiedBoot verified_boot_state; bool device_locked; }; Loading @@ -81,7 +81,7 @@ ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len, std::vector<uint8_t>* verified_boot_key, keymint_verified_boot_t* verified_boot_state, bool* device_locked, VerifiedBoot* verified_boot_state, bool* device_locked, std::vector<uint8_t>* verified_boot_hash); } // namespace android::hardware::security::keymint security/keymint/support/include/keymint_support/authorization_set.h +5 −11 Original line number Diff line number Diff line Loading @@ -14,8 +14,7 @@ * limitations under the License. */ #ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ #define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ #pragma once #include <vector> Loading Loading @@ -138,18 +137,15 @@ class AuthorizationSet { /** * Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration */ std::vector<KeyParameter>::const_iterator begin() const { return data_.begin(); } auto begin() { return data_.begin(); } auto begin() const { return data_.begin(); } /** * Returns iterator (pointer) one past end of elems array, to enable STL-style iteration */ std::vector<KeyParameter>::const_iterator end() const { return data_.end(); } auto end() { return data_.end(); } auto end() const { return data_.end(); } /** * Modifies this Authorization set such that it only keeps the entries for which doKeep * returns true. */ void Filter(std::function<bool(const KeyParameter&)> doKeep); /** * Returns the nth element of the set. * Like for std::vector::operator[] there is no range check performed. Use of out of range Loading Loading @@ -316,5 +312,3 @@ class AuthorizationSetBuilder : public AuthorizationSet { }; } // namespace android::hardware::security::keymint #endif // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +3 −7 Original line number Diff line number Diff line Loading @@ -14,19 +14,17 @@ * limitations under the License. */ #ifndef VTS_KEYMINT_AIDL_TEST_UTILS_H #define VTS_KEYMINT_AIDL_TEST_UTILS_H #pragma once #include <aidl/Gtest.h> #include <aidl/Vintf.h> #include <android/hardware/security/keymint/ErrorCode.h> #include <android/hardware/security/keymint/IKeyMintDevice.h> #include <binder/IServiceManager.h> #include <binder/ProcessState.h> #include <gtest/gtest.h> #include <android/hardware/security/keymint/ErrorCode.h> #include <android/hardware/security/keymint/IKeyMintDevice.h> #include <keymint_support/authorization_set.h> namespace android::hardware::security::keymint::test { Loading Loading @@ -187,5 +185,3 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { android::PrintInstanceNameToString) } // namespace android::hardware::security::keymint::test #endif // VTS_KEYMINT_AIDL_TEST_UTILS_H
security/keymint/support/attestation_record.cpp +7 −8 Original line number Diff line number Diff line Loading @@ -18,6 +18,9 @@ #include <assert.h> #include <android/hardware/security/keymint/Tag.h> #include <android/hardware/security/keymint/TagType.h> #include <android-base/logging.h> #include <openssl/asn1t.h> Loading @@ -25,9 +28,6 @@ #include <openssl/evp.h> #include <openssl/x509.h> #include <android/hardware/security/keymint/Tag.h> #include <android/hardware/security/keymint/TagType.h> #include <keymint_support/authorization_set.h> #include <keymint_support/openssl_utils.h> Loading Loading @@ -326,9 +326,8 @@ ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key } ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len, vector<uint8_t>* verified_boot_key, keymint_verified_boot_t* verified_boot_state, bool* device_locked, vector<uint8_t>* verified_boot_hash) { vector<uint8_t>* verified_boot_key, VerifiedBoot* verified_boot_state, bool* device_locked, vector<uint8_t>* verified_boot_hash) { if (!verified_boot_key || !verified_boot_state || !device_locked || !verified_boot_hash) { LOG(ERROR) << AT << "null pointer input(s)"; return ErrorCode::INVALID_ARGUMENT; Loading Loading @@ -358,8 +357,8 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc verified_boot_key->resize(vb_key->length); memcpy(verified_boot_key->data(), vb_key->data, vb_key->length); *verified_boot_state = static_cast<keymint_verified_boot_t>( ASN1_ENUMERATED_get(root_of_trust->verified_boot_state)); *verified_boot_state = static_cast<VerifiedBoot>(ASN1_ENUMERATED_get(root_of_trust->verified_boot_state)); if (!verified_boot_state) { LOG(ERROR) << AT << " Failed verified boot state parsing"; return ErrorCode::INVALID_ARGUMENT; Loading
security/keymint/support/authorization_set.cpp +0 −10 Original line number Diff line number Diff line Loading @@ -76,16 +76,6 @@ void AuthorizationSet::Subtract(const AuthorizationSet& other) { } } void AuthorizationSet::Filter(std::function<bool(const KeyParameter&)> doKeep) { std::vector<KeyParameter> result; for (auto& param : data_) { if (doKeep(param)) { result.push_back(std::move(param)); } } std::swap(data_, result); } KeyParameter& AuthorizationSet::operator[](int at) { return data_[at]; } Loading
security/keymint/support/include/keymint_support/attestation_record.h +7 −7 Original line number Diff line number Diff line Loading @@ -43,18 +43,18 @@ class AuthorizationSet; */ static const char kAttestionRecordOid[] = "1.3.6.1.4.1.11129.2.1.17"; enum keymint_verified_boot_t { KM_VERIFIED_BOOT_VERIFIED = 0, KM_VERIFIED_BOOT_SELF_SIGNED = 1, KM_VERIFIED_BOOT_UNVERIFIED = 2, KM_VERIFIED_BOOT_FAILED = 3, enum class VerifiedBoot : uint8_t { VERIFIED = 0, SELF_SIGNED = 1, UNVERIFIED = 2, FAILED = 3, }; struct RootOfTrust { SecurityLevel security_level; vector<uint8_t> verified_boot_key; vector<uint8_t> verified_boot_hash; keymint_verified_boot_t verified_boot_state; VerifiedBoot verified_boot_state; bool device_locked; }; Loading @@ -81,7 +81,7 @@ ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len, std::vector<uint8_t>* verified_boot_key, keymint_verified_boot_t* verified_boot_state, bool* device_locked, VerifiedBoot* verified_boot_state, bool* device_locked, std::vector<uint8_t>* verified_boot_hash); } // namespace android::hardware::security::keymint
security/keymint/support/include/keymint_support/authorization_set.h +5 −11 Original line number Diff line number Diff line Loading @@ -14,8 +14,7 @@ * limitations under the License. */ #ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ #define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ #pragma once #include <vector> Loading Loading @@ -138,18 +137,15 @@ class AuthorizationSet { /** * Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration */ std::vector<KeyParameter>::const_iterator begin() const { return data_.begin(); } auto begin() { return data_.begin(); } auto begin() const { return data_.begin(); } /** * Returns iterator (pointer) one past end of elems array, to enable STL-style iteration */ std::vector<KeyParameter>::const_iterator end() const { return data_.end(); } auto end() { return data_.end(); } auto end() const { return data_.end(); } /** * Modifies this Authorization set such that it only keeps the entries for which doKeep * returns true. */ void Filter(std::function<bool(const KeyParameter&)> doKeep); /** * Returns the nth element of the set. * Like for std::vector::operator[] there is no range check performed. Use of out of range Loading Loading @@ -316,5 +312,3 @@ class AuthorizationSetBuilder : public AuthorizationSet { }; } // namespace android::hardware::security::keymint #endif // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
