Loading security/keymint/aidl/android/hardware/security/keymint/Tag.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -234,7 +234,7 @@ enum Tag { * IKeyMintDevice::earlyBootEnded() is called. Early boot keys may be created after * early boot. Early boot keys may not be imported at all, if Tag::EARLY_BOOT_ONLY is * provided to IKeyMintDevice::importKey, the import must fail with * ErrorCode::INVALID_ARGUMENT. * ErrorCode::EARLY_BOOT_ENDED. */ EARLY_BOOT_ONLY = (7 << 28) /* TagType:BOOL */ | 305, Loading security/keymint/aidl/android/hardware/security/keymint/TagType.aidl +15 −1 Original line number Diff line number Diff line Loading @@ -39,7 +39,21 @@ enum TagType { DATE = 6 << 28, /** Boolean. If a tag with this type is present, the value is "true". If absent, "false". */ BOOL = 7 << 28, /** Byte string containing an arbitrary-length integer, big-endian ordering. */ /** * Byte string containing an arbitrary-length integer, in a two's-complement big-endian * ordering. The byte array contains the minimum number of bytes needed to represent the * integer, including at least one sign bit (so zero encodes as the single byte 0x00. This * matches the encoding of both java.math.BigInteger.toByteArray() and contents octets for an * ASN.1 INTEGER value (X.690 section 8.3). Examples: * - value 65536 encodes as 0x01 0x00 0x00 * - value 65535 encodes as 0x00 0xFF 0xFF * - value 255 encodes as 0x00 0xFF * - value 1 encodes as 0x01 * - value 0 encodes as 0x00 * - value -1 encodes as 0xFF * - value -255 encodes as 0xFF 0x01 * - value -256 encodes as 0xFF 0x00 */ BIGNUM = 8 << 28, /** Byte string */ BYTES = 9 << 28, Loading security/keymint/aidl/vts/functional/AttestKeyTest.cpp +4 −2 Original line number Diff line number Diff line Loading @@ -180,7 +180,9 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { auto subject = "cert subj 2"; vector<uint8_t> subject_der(make_name_from_str(subject)); uint64_t serial_int = 66; // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check // that a zero value doesn't cause problems. uint64_t serial_int = 0; vector<uint8_t> serial_blob(build_serial_blob(serial_int)); /* Loading Loading @@ -223,7 +225,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { auto subject2 = "cert subject"; vector<uint8_t> subject_der2(make_name_from_str(subject2)); uint64_t serial_int2 = 987; uint64_t serial_int2 = 255; vector<uint8_t> serial_blob2(build_serial_blob(serial_int2)); EXPECT_EQ(ErrorCode::OK, Loading security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -75,7 +75,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) { .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), &key_blob, &key_characteristics); ASSERT_EQ(result, ErrorCode::INVALID_ARGUMENT); ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT || result == ErrorCode::UNSUPPORTED_TAG); } /* Loading @@ -101,7 +101,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) { .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), &key_blob, &key_characteristics); ASSERT_EQ(result, ErrorCode::INVALID_ARGUMENT); ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT || result == ErrorCode::UNSUPPORTED_TAG); } /* Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +8 −0 Original line number Diff line number Diff line Loading @@ -1185,6 +1185,14 @@ vector<uint8_t> build_serial_blob(const uint64_t serial_int) { return {}; } if (serial_blob.empty() || serial_blob[0] & 0x80) { // An empty blob is OpenSSL's encoding of the zero value; we need single zero byte. // Top bit being set indicates a negative number in two's complement, but our input // was positive. // In either case, prepend a zero byte. serial_blob.insert(serial_blob.begin(), 0x00); } return serial_blob; } Loading Loading
security/keymint/aidl/android/hardware/security/keymint/Tag.aidl +1 −1 Original line number Diff line number Diff line Loading @@ -234,7 +234,7 @@ enum Tag { * IKeyMintDevice::earlyBootEnded() is called. Early boot keys may be created after * early boot. Early boot keys may not be imported at all, if Tag::EARLY_BOOT_ONLY is * provided to IKeyMintDevice::importKey, the import must fail with * ErrorCode::INVALID_ARGUMENT. * ErrorCode::EARLY_BOOT_ENDED. */ EARLY_BOOT_ONLY = (7 << 28) /* TagType:BOOL */ | 305, Loading
security/keymint/aidl/android/hardware/security/keymint/TagType.aidl +15 −1 Original line number Diff line number Diff line Loading @@ -39,7 +39,21 @@ enum TagType { DATE = 6 << 28, /** Boolean. If a tag with this type is present, the value is "true". If absent, "false". */ BOOL = 7 << 28, /** Byte string containing an arbitrary-length integer, big-endian ordering. */ /** * Byte string containing an arbitrary-length integer, in a two's-complement big-endian * ordering. The byte array contains the minimum number of bytes needed to represent the * integer, including at least one sign bit (so zero encodes as the single byte 0x00. This * matches the encoding of both java.math.BigInteger.toByteArray() and contents octets for an * ASN.1 INTEGER value (X.690 section 8.3). Examples: * - value 65536 encodes as 0x01 0x00 0x00 * - value 65535 encodes as 0x00 0xFF 0xFF * - value 255 encodes as 0x00 0xFF * - value 1 encodes as 0x01 * - value 0 encodes as 0x00 * - value -1 encodes as 0xFF * - value -255 encodes as 0xFF 0x01 * - value -256 encodes as 0xFF 0x00 */ BIGNUM = 8 << 28, /** Byte string */ BYTES = 9 << 28, Loading
security/keymint/aidl/vts/functional/AttestKeyTest.cpp +4 −2 Original line number Diff line number Diff line Loading @@ -180,7 +180,9 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { auto subject = "cert subj 2"; vector<uint8_t> subject_der(make_name_from_str(subject)); uint64_t serial_int = 66; // An X.509 certificate serial number SHOULD be >0, but this is not policed. Check // that a zero value doesn't cause problems. uint64_t serial_int = 0; vector<uint8_t> serial_blob(build_serial_blob(serial_int)); /* Loading Loading @@ -223,7 +225,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { auto subject2 = "cert subject"; vector<uint8_t> subject_der2(make_name_from_str(subject2)); uint64_t serial_int2 = 987; uint64_t serial_int2 = 255; vector<uint8_t> serial_blob2(build_serial_blob(serial_int2)); EXPECT_EQ(ErrorCode::OK, Loading
security/keymint/aidl/vts/functional/DeviceUniqueAttestationTest.cpp +2 −2 Original line number Diff line number Diff line Loading @@ -75,7 +75,7 @@ TEST_P(DeviceUniqueAttestationTest, RsaNonStrongBoxUnimplemented) { .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), &key_blob, &key_characteristics); ASSERT_EQ(result, ErrorCode::INVALID_ARGUMENT); ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT || result == ErrorCode::UNSUPPORTED_TAG); } /* Loading @@ -101,7 +101,7 @@ TEST_P(DeviceUniqueAttestationTest, EcdsaNonStrongBoxUnimplemented) { .Authorization(TAG_DEVICE_UNIQUE_ATTESTATION), &key_blob, &key_characteristics); ASSERT_EQ(result, ErrorCode::INVALID_ARGUMENT); ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT || result == ErrorCode::UNSUPPORTED_TAG); } /* Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +8 −0 Original line number Diff line number Diff line Loading @@ -1185,6 +1185,14 @@ vector<uint8_t> build_serial_blob(const uint64_t serial_int) { return {}; } if (serial_blob.empty() || serial_blob[0] & 0x80) { // An empty blob is OpenSSL's encoding of the zero value; we need single zero byte. // Top bit being set indicates a negative number in two's complement, but our input // was positive. // In either case, prepend a zero byte. serial_blob.insert(serial_blob.begin(), 0x00); } return serial_blob; } Loading
