Loading security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl +8 −7 Original line number Diff line number Diff line Loading @@ -78,15 +78,16 @@ parcelable KeyCreationResult { * provided, otherwise ATTESTATION_APPLICATION_ID_MISSING will be returned. * * 3. Asymmetric key non-attestation with signing key. If Tag::ATTESTATION_CHALLENGE is not * provided and the generated/imported key has KeyPurpose::SIGN, then the returned * certificate chain must contain only a single self-signed certificate with no attestation * extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if provided. * provided and the generated/imported key has KeyPurpose::SIGN or KeyPurpose::ATTEST_KEY, * then the returned certificate chain must contain only a single self-signed certificate * with no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if * provided. * * 4. Asymmetric key non-attestation with non-signing key. If TAG::ATTESTATION_CHALLENGE is * not provided and the generated/imported key does not have KeyPurpose::SIGN, then the * returned certificate chain must contain only a single certificate with an empty signature * and no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if * provided. * not provided and the generated/imported key does not have KeyPurpose::SIGN nor * KeyPurpose::ATTEST_KEY, then the returned certificate chain must contain only a single * certificate with an empty signature and no attestation extension. * Tag::ATTESTATION_APPLICATION_ID will be ignored if provided. * * 5. Symmetric key. If the generated/imported key is symmetric, the certificate chain must * return empty, any Tag::ATTESTATION_CHALLENGE or Tag::ATTESTATION_APPLICATION_ID inputs, Loading security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl +4 −4 Original line number Diff line number Diff line Loading @@ -92,8 +92,8 @@ parcelable ProtectedData { * }, * {}, // Unprotected params * bstr .size 32, // MAC key * bstr PureEd25519(KM_priv, .cbor SignedMac_structure) / * ECDSA(KM_priv, bstr .cbor SignedMac_structure) * bstr // PureEd25519(KM_priv, bstr .cbor SignedMac_structure) / * // ECDSA(KM_priv, bstr .cbor SignedMac_structure) * ] * * SignedMac_structure = [ Loading Loading @@ -144,8 +144,8 @@ parcelable ProtectedData { * }, * unprotected: {}, * payload: bstr .cbor BccPayload, * signature: bstr .cbor PureEd25519(SigningKey, bstr .cbor BccEntryInput) / * bstr .cbor ECDSA(SigningKey, bstr .cbor BccEntryInput) * signature: bstr // PureEd25519(SigningKey, bstr .cbor BccEntryInput) / * // ECDSA(SigningKey, bstr .cbor BccEntryInput) * // See RFC 8032 for details of how to encode the signature value for Ed25519. * ] * Loading security/keymint/aidl/vts/functional/AttestKeyTest.cpp +15 −0 Original line number Diff line number Diff line Loading @@ -183,6 +183,14 @@ TEST_P(AttestKeyTest, AllRsaSizes) { * This test attempts to create an RSA attestation key that also allows signing. */ TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) { if (AidlVersion() < 2) { // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined // with other key purposes. However, this was not checked at the time // so we can only be strict about checking this for implementations of KeyMint // version 2 and above. GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2"; } vector<uint8_t> attest_key_blob; vector<KeyCharacteristics> attest_key_characteristics; vector<Certificate> attest_key_cert_chain; Loading Loading @@ -453,6 +461,13 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { * This test attempts to create an EC attestation key that also allows signing. */ TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) { if (AidlVersion() < 2) { // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined // with other key purposes. However, this was not checked at the time // so we can only be strict about checking this for implementations of KeyMint // version 2 and above. GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2"; } vector<uint8_t> attest_key_blob; vector<KeyCharacteristics> attest_key_characteristics; vector<Certificate> attest_key_cert_chain; Loading security/keymint/aidl/vts/functional/KeyMintTest.cpp +14 −0 Original line number Diff line number Diff line Loading @@ -3821,6 +3821,13 @@ TEST_P(ImportKeyTest, RsaPublicExponentMismatch) { * Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails. */ TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) { if (AidlVersion() < 2) { // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined // with other key purposes. However, this was not checked at the time // so we can only be strict about checking this for implementations of KeyMint // version 2 and above. GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2"; } uint32_t key_size = 2048; string key = rsa_2048_key; Loading Loading @@ -3959,6 +3966,13 @@ TEST_P(ImportKeyTest, EcdsaCurveMismatch) { * Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails. */ TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) { if (AidlVersion() < 2) { // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined // with other key purposes. However, this was not checked at the time // so we can only be strict about checking this for implementations of KeyMint // version 2 and above. GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2"; } ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) Loading wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp +0 −31 Original line number Diff line number Diff line Loading @@ -43,7 +43,6 @@ using aidl::android::hardware::wifi::supplicant::ISupplicant; using aidl::android::hardware::wifi::supplicant::ISupplicantStaIface; using aidl::android::hardware::wifi::supplicant::ISupplicantStaNetwork; using aidl::android::hardware::wifi::supplicant::KeyMgmtMask; using aidl::android::hardware::wifi::supplicant::RxFilterType; using aidl::android::hardware::wifi::supplicant::WpaDriverCapabilitiesMask; using aidl::android::hardware::wifi::supplicant::WpsConfigMethods; using android::ProcessState; Loading Loading @@ -543,36 +542,6 @@ TEST_P(SupplicantStaIfaceAidlTest, SetPowerSave) { EXPECT_TRUE(sta_iface_->setPowerSave(false).isOk()); } /* * StartRxFilter */ TEST_P(SupplicantStaIfaceAidlTest, StartRxFilter) { EXPECT_TRUE(sta_iface_->startRxFilter().isOk()); } /* * StopRxFilter */ TEST_P(SupplicantStaIfaceAidlTest, StopRxFilter) { EXPECT_TRUE(sta_iface_->stopRxFilter().isOk()); } /* * AddRxFilter */ TEST_P(SupplicantStaIfaceAidlTest, AddRxFilter) { EXPECT_TRUE(sta_iface_->addRxFilter(RxFilterType::V4_MULTICAST).isOk()); EXPECT_TRUE(sta_iface_->addRxFilter(RxFilterType::V6_MULTICAST).isOk()); } /* * RemoveRxFilter */ TEST_P(SupplicantStaIfaceAidlTest, RemoveRxFilter) { EXPECT_TRUE(sta_iface_->removeRxFilter(RxFilterType::V4_MULTICAST).isOk()); EXPECT_TRUE(sta_iface_->removeRxFilter(RxFilterType::V6_MULTICAST).isOk()); } /* * AddExtRadioWork */ Loading Loading
security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl +8 −7 Original line number Diff line number Diff line Loading @@ -78,15 +78,16 @@ parcelable KeyCreationResult { * provided, otherwise ATTESTATION_APPLICATION_ID_MISSING will be returned. * * 3. Asymmetric key non-attestation with signing key. If Tag::ATTESTATION_CHALLENGE is not * provided and the generated/imported key has KeyPurpose::SIGN, then the returned * certificate chain must contain only a single self-signed certificate with no attestation * extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if provided. * provided and the generated/imported key has KeyPurpose::SIGN or KeyPurpose::ATTEST_KEY, * then the returned certificate chain must contain only a single self-signed certificate * with no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if * provided. * * 4. Asymmetric key non-attestation with non-signing key. If TAG::ATTESTATION_CHALLENGE is * not provided and the generated/imported key does not have KeyPurpose::SIGN, then the * returned certificate chain must contain only a single certificate with an empty signature * and no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if * provided. * not provided and the generated/imported key does not have KeyPurpose::SIGN nor * KeyPurpose::ATTEST_KEY, then the returned certificate chain must contain only a single * certificate with an empty signature and no attestation extension. * Tag::ATTESTATION_APPLICATION_ID will be ignored if provided. * * 5. Symmetric key. If the generated/imported key is symmetric, the certificate chain must * return empty, any Tag::ATTESTATION_CHALLENGE or Tag::ATTESTATION_APPLICATION_ID inputs, Loading
security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl +4 −4 Original line number Diff line number Diff line Loading @@ -92,8 +92,8 @@ parcelable ProtectedData { * }, * {}, // Unprotected params * bstr .size 32, // MAC key * bstr PureEd25519(KM_priv, .cbor SignedMac_structure) / * ECDSA(KM_priv, bstr .cbor SignedMac_structure) * bstr // PureEd25519(KM_priv, bstr .cbor SignedMac_structure) / * // ECDSA(KM_priv, bstr .cbor SignedMac_structure) * ] * * SignedMac_structure = [ Loading Loading @@ -144,8 +144,8 @@ parcelable ProtectedData { * }, * unprotected: {}, * payload: bstr .cbor BccPayload, * signature: bstr .cbor PureEd25519(SigningKey, bstr .cbor BccEntryInput) / * bstr .cbor ECDSA(SigningKey, bstr .cbor BccEntryInput) * signature: bstr // PureEd25519(SigningKey, bstr .cbor BccEntryInput) / * // ECDSA(SigningKey, bstr .cbor BccEntryInput) * // See RFC 8032 for details of how to encode the signature value for Ed25519. * ] * Loading
security/keymint/aidl/vts/functional/AttestKeyTest.cpp +15 −0 Original line number Diff line number Diff line Loading @@ -183,6 +183,14 @@ TEST_P(AttestKeyTest, AllRsaSizes) { * This test attempts to create an RSA attestation key that also allows signing. */ TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) { if (AidlVersion() < 2) { // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined // with other key purposes. However, this was not checked at the time // so we can only be strict about checking this for implementations of KeyMint // version 2 and above. GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2"; } vector<uint8_t> attest_key_blob; vector<KeyCharacteristics> attest_key_characteristics; vector<Certificate> attest_key_cert_chain; Loading Loading @@ -453,6 +461,13 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { * This test attempts to create an EC attestation key that also allows signing. */ TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) { if (AidlVersion() < 2) { // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined // with other key purposes. However, this was not checked at the time // so we can only be strict about checking this for implementations of KeyMint // version 2 and above. GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2"; } vector<uint8_t> attest_key_blob; vector<KeyCharacteristics> attest_key_characteristics; vector<Certificate> attest_key_cert_chain; Loading
security/keymint/aidl/vts/functional/KeyMintTest.cpp +14 −0 Original line number Diff line number Diff line Loading @@ -3821,6 +3821,13 @@ TEST_P(ImportKeyTest, RsaPublicExponentMismatch) { * Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails. */ TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) { if (AidlVersion() < 2) { // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined // with other key purposes. However, this was not checked at the time // so we can only be strict about checking this for implementations of KeyMint // version 2 and above. GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2"; } uint32_t key_size = 2048; string key = rsa_2048_key; Loading Loading @@ -3959,6 +3966,13 @@ TEST_P(ImportKeyTest, EcdsaCurveMismatch) { * Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails. */ TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) { if (AidlVersion() < 2) { // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined // with other key purposes. However, this was not checked at the time // so we can only be strict about checking this for implementations of KeyMint // version 2 and above. GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2"; } ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) Loading
wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp +0 −31 Original line number Diff line number Diff line Loading @@ -43,7 +43,6 @@ using aidl::android::hardware::wifi::supplicant::ISupplicant; using aidl::android::hardware::wifi::supplicant::ISupplicantStaIface; using aidl::android::hardware::wifi::supplicant::ISupplicantStaNetwork; using aidl::android::hardware::wifi::supplicant::KeyMgmtMask; using aidl::android::hardware::wifi::supplicant::RxFilterType; using aidl::android::hardware::wifi::supplicant::WpaDriverCapabilitiesMask; using aidl::android::hardware::wifi::supplicant::WpsConfigMethods; using android::ProcessState; Loading Loading @@ -543,36 +542,6 @@ TEST_P(SupplicantStaIfaceAidlTest, SetPowerSave) { EXPECT_TRUE(sta_iface_->setPowerSave(false).isOk()); } /* * StartRxFilter */ TEST_P(SupplicantStaIfaceAidlTest, StartRxFilter) { EXPECT_TRUE(sta_iface_->startRxFilter().isOk()); } /* * StopRxFilter */ TEST_P(SupplicantStaIfaceAidlTest, StopRxFilter) { EXPECT_TRUE(sta_iface_->stopRxFilter().isOk()); } /* * AddRxFilter */ TEST_P(SupplicantStaIfaceAidlTest, AddRxFilter) { EXPECT_TRUE(sta_iface_->addRxFilter(RxFilterType::V4_MULTICAST).isOk()); EXPECT_TRUE(sta_iface_->addRxFilter(RxFilterType::V6_MULTICAST).isOk()); } /* * RemoveRxFilter */ TEST_P(SupplicantStaIfaceAidlTest, RemoveRxFilter) { EXPECT_TRUE(sta_iface_->removeRxFilter(RxFilterType::V4_MULTICAST).isOk()); EXPECT_TRUE(sta_iface_->removeRxFilter(RxFilterType::V6_MULTICAST).isOk()); } /* * AddExtRadioWork */ Loading
