Loading keymaster/4.0/support/attestation_record.cpp +25 −4 Original line number Diff line number Diff line Loading @@ -49,12 +49,14 @@ typedef struct km_root_of_trust { ASN1_OCTET_STRING* verified_boot_key; ASN1_BOOLEAN* device_locked; ASN1_ENUMERATED* verified_boot_state; ASN1_OCTET_STRING* verified_boot_hash; } KM_ROOT_OF_TRUST; ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = { ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING), ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN), ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED), ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_hash, ASN1_OCTET_STRING), } ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST); IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST); Loading @@ -77,11 +79,16 @@ typedef struct km_auth_list { ASN1_OCTET_STRING* application_id; ASN1_INTEGER* creation_date_time; ASN1_INTEGER* origin; ASN1_NULL* rollback_resistant; ASN1_NULL* rollback_resistance; KM_ROOT_OF_TRUST* root_of_trust; ASN1_INTEGER* os_version; ASN1_INTEGER* os_patchlevel; ASN1_OCTET_STRING* attestation_application_id; ASN1_NULL* trusted_user_presence_required; ASN1_NULL* trusted_confirmation_required; ASN1_NULL* unlocked_device_required; ASN1_INTEGER* vendor_patchlevel; ASN1_INTEGER* boot_patchlevel; } KM_AUTH_LIST; ASN1_SEQUENCE(KM_AUTH_LIST) = { Loading @@ -93,6 +100,7 @@ ASN1_SEQUENCE(KM_AUTH_LIST) = { ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER, TAG_RSA_PUBLIC_EXPONENT.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER, TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()), Loading @@ -102,13 +110,19 @@ ASN1_SEQUENCE(KM_AUTH_LIST) = { ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, trusted_user_presence_required, ASN1_NULL, TAG_TRUSTED_USER_PRESENCE_REQUIRED.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, trusted_confirmation_required, ASN1_NULL, TAG_TRUSTED_CONFIRMATION_REQUIRED.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, unlocked_device_required, ASN1_NULL, TAG_UNLOCKED_DEVICE_REQUIRED.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER, TAG_VENDOR_PATCHLEVEL.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING, TAG_ATTESTATION_APPLICATION_ID.maskedTag()), } ASN1_SEQUENCE_END(KM_AUTH_LIST); Loading Loading @@ -237,11 +251,18 @@ static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet* copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list); copyAuthTag(record->padding, TAG_PADDING, auth_list); copyAuthTag(record->purpose, TAG_PURPOSE, auth_list); copyAuthTag(record->rollback_resistant, TAG_ROLLBACK_RESISTANCE, auth_list); copyAuthTag(record->rollback_resistance, TAG_ROLLBACK_RESISTANCE, auth_list); copyAuthTag(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list); copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list); copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list); copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list); copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list); copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list); copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED, auth_list); copyAuthTag(record->trusted_confirmation_required, TAG_TRUSTED_CONFIRMATION_REQUIRED, auth_list); copyAuthTag(record->unlocked_device_required, TAG_UNLOCKED_DEVICE_REQUIRED, auth_list); return ErrorCode::OK; } Loading keymaster/4.0/support/include/keymasterV4_0/key_param_output.h +4 −0 Original line number Diff line number Diff line Loading @@ -53,6 +53,10 @@ inline ::std::ostream& operator<<(::std::ostream& os, PaddingMode value) { return os << toString(value); } inline ::std::ostream& operator<<(::std::ostream& os, SecurityLevel value) { return os << toString(value); } template <typename ValueT> ::std::ostream& operator<<(::std::ostream& os, const NullOr<ValueT>& value) { if (!value.isOk()) { Loading keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h +5 −1 Original line number Diff line number Diff line Loading @@ -116,6 +116,7 @@ DECLARE_TYPED_TAG(AUTH_TIMEOUT); DECLARE_TYPED_TAG(BLOB_USAGE_REQUIREMENTS); DECLARE_TYPED_TAG(BLOCK_MODE); DECLARE_TYPED_TAG(BOOTLOADER_ONLY); DECLARE_TYPED_TAG(BOOT_PATCHLEVEL); DECLARE_TYPED_TAG(CALLER_NONCE); DECLARE_TYPED_TAG(CONFIRMATION_TOKEN); DECLARE_TYPED_TAG(CREATION_DATETIME); Loading @@ -141,12 +142,14 @@ DECLARE_TYPED_TAG(ROLLBACK_RESISTANCE); DECLARE_TYPED_TAG(ROOT_OF_TRUST); DECLARE_TYPED_TAG(RSA_PUBLIC_EXPONENT); DECLARE_TYPED_TAG(TRUSTED_CONFIRMATION_REQUIRED); DECLARE_TYPED_TAG(TRUSTED_USER_PRESENCE_REQUIRED); DECLARE_TYPED_TAG(UNIQUE_ID); DECLARE_TYPED_TAG(UNLOCKED_DEVICE_REQUIRED); DECLARE_TYPED_TAG(USAGE_EXPIRE_DATETIME); DECLARE_TYPED_TAG(USER_AUTH_TYPE); DECLARE_TYPED_TAG(USER_ID); DECLARE_TYPED_TAG(USER_SECURE_ID); DECLARE_TYPED_TAG(VENDOR_PATCHLEVEL); template <typename... Elems> struct MetaList {}; Loading @@ -163,7 +166,8 @@ using all_tags_t = TAG_OS_VERSION_t, TAG_OS_PATCHLEVEL_t, TAG_UNIQUE_ID_t, TAG_ATTESTATION_CHALLENGE_t, TAG_ATTESTATION_APPLICATION_ID_t, TAG_RESET_SINCE_ID_ROTATION_t, TAG_PURPOSE_t, TAG_ALGORITHM_t, TAG_BLOCK_MODE_t, TAG_DIGEST_t, TAG_PADDING_t, TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t, TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t>; TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t, TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t, TAG_BOOT_PATCHLEVEL_t, TAG_VENDOR_PATCHLEVEL_t, TAG_TRUSTED_USER_PRESENCE_REQUIRED_t>; template <typename TypedTagType> struct TypedTag2ValueType; Loading keymaster/4.0/vts/functional/VerificationTokenTest.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -111,8 +111,9 @@ TEST_F(VerificationTokenTest, TestCreation) { EXPECT_GE(host_time_delta, time_to_sleep) << "We slept for " << time_to_sleep << " ms, the clock must have advanced by that much"; EXPECT_LE(host_time_delta, time_to_sleep + 10) << "The verifyAuthorization call took more than 10 ms? That's awful!"; EXPECT_LE(host_time_delta, time_to_sleep + 20) << "The verifyAuthorization call took " << (host_time_delta - time_to_sleep) << " ms? That's awful!"; auto km_time_delta = result2.token.timestamp - result1.token.timestamp; Loading keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +22 −25 Original line number Diff line number Diff line Loading @@ -182,7 +182,7 @@ X509* parse_cert_blob(const hidl_vec<uint8_t>& blob) { } bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) { for (size_t i = 0; i < chain.size() - 1; ++i) { for (size_t i = 0; i < chain.size(); ++i) { X509_Ptr key_cert(parse_cert_blob(chain[i])); X509_Ptr signing_cert; if (i < chain.size() - 1) { Loading Loading @@ -246,8 +246,7 @@ bool tag_in_list(const KeyParameter& entry) { // Attestations don't contain everything in key authorization lists, so we need to filter // the key lists to produce the lists that we expect to match the attestations. auto tag_list = { Tag::INCLUDE_UNIQUE_ID, Tag::BLOB_USAGE_REQUIREMENTS, Tag::EC_CURVE /* Tag::EC_CURVE will be included by KM2 implementations */, Tag::INCLUDE_UNIQUE_ID, Tag::BLOB_USAGE_REQUIREMENTS, Tag::EC_CURVE, Tag::HARDWARE_TYPE, }; return std::find(tag_list.begin(), tag_list.end(), entry.tag) != tag_list.end(); } Loading @@ -271,7 +270,7 @@ std::string make_string(const uint8_t (&a)[N]) { bool verify_attestation_record(const string& challenge, const string& app_id, AuthorizationSet expected_sw_enforced, AuthorizationSet expected_tee_enforced, AuthorizationSet expected_tee_enforced, SecurityLevel security_level, const hidl_vec<uint8_t>& attestation_cert) { X509_Ptr cert(parse_cert_blob(attestation_cert)); EXPECT_TRUE(!!cert.get()); Loading @@ -290,8 +289,8 @@ bool verify_attestation_record(const string& challenge, const string& app_id, HidlBuf att_challenge; HidlBuf att_unique_id; HidlBuf att_app_id; EXPECT_EQ(ErrorCode::OK, parse_attestation_record(attest_rec->data, // auto error = parse_attestation_record(attest_rec->data, // attest_rec->length, // &att_attestation_version, // &att_attestation_security_level, // Loading @@ -300,19 +299,17 @@ bool verify_attestation_record(const string& challenge, const string& app_id, &att_challenge, // &att_sw_enforced, // &att_tee_enforced, // &att_unique_id)); &att_unique_id); EXPECT_EQ(ErrorCode::OK, error); if (error != ErrorCode::OK) return false; EXPECT_TRUE(att_attestation_version == 1 || att_attestation_version == 2); EXPECT_TRUE(att_attestation_version == 3); expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, HidlBuf(app_id)); EXPECT_GE(att_keymaster_version, 3U); EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE, att_keymaster_security_level); EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE, att_attestation_security_level); EXPECT_EQ(security_level, att_keymaster_security_level); EXPECT_EQ(security_level, att_attestation_security_level); EXPECT_EQ(challenge.length(), att_challenge.size()); EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length())); Loading Loading @@ -3827,7 +3824,7 @@ TEST_F(AttestationTest, RsaAttestation) { EXPECT_TRUE(verify_attestation_record("challenge", "foo", // key_characteristics_.softwareEnforced, // key_characteristics_.hardwareEnforced, // cert_chain[0])); SecLevel(), cert_chain[0])); } /* Loading Loading @@ -3874,7 +3871,7 @@ TEST_F(AttestationTest, EcAttestation) { EXPECT_TRUE(verify_attestation_record("challenge", "foo", // key_characteristics_.softwareEnforced, // key_characteristics_.hardwareEnforced, // cert_chain[0])); SecLevel(), cert_chain[0])); } /* Loading Loading
keymaster/4.0/support/attestation_record.cpp +25 −4 Original line number Diff line number Diff line Loading @@ -49,12 +49,14 @@ typedef struct km_root_of_trust { ASN1_OCTET_STRING* verified_boot_key; ASN1_BOOLEAN* device_locked; ASN1_ENUMERATED* verified_boot_state; ASN1_OCTET_STRING* verified_boot_hash; } KM_ROOT_OF_TRUST; ASN1_SEQUENCE(KM_ROOT_OF_TRUST) = { ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_key, ASN1_OCTET_STRING), ASN1_SIMPLE(KM_ROOT_OF_TRUST, device_locked, ASN1_BOOLEAN), ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_state, ASN1_ENUMERATED), ASN1_SIMPLE(KM_ROOT_OF_TRUST, verified_boot_hash, ASN1_OCTET_STRING), } ASN1_SEQUENCE_END(KM_ROOT_OF_TRUST); IMPLEMENT_ASN1_FUNCTIONS(KM_ROOT_OF_TRUST); Loading @@ -77,11 +79,16 @@ typedef struct km_auth_list { ASN1_OCTET_STRING* application_id; ASN1_INTEGER* creation_date_time; ASN1_INTEGER* origin; ASN1_NULL* rollback_resistant; ASN1_NULL* rollback_resistance; KM_ROOT_OF_TRUST* root_of_trust; ASN1_INTEGER* os_version; ASN1_INTEGER* os_patchlevel; ASN1_OCTET_STRING* attestation_application_id; ASN1_NULL* trusted_user_presence_required; ASN1_NULL* trusted_confirmation_required; ASN1_NULL* unlocked_device_required; ASN1_INTEGER* vendor_patchlevel; ASN1_INTEGER* boot_patchlevel; } KM_AUTH_LIST; ASN1_SEQUENCE(KM_AUTH_LIST) = { Loading @@ -93,6 +100,7 @@ ASN1_SEQUENCE(KM_AUTH_LIST) = { ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER, TAG_RSA_PUBLIC_EXPONENT.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER, TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()), Loading @@ -102,13 +110,19 @@ ASN1_SEQUENCE(KM_AUTH_LIST) = { ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, application_id, ASN1_OCTET_STRING, TAG_APPLICATION_ID.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, trusted_user_presence_required, ASN1_NULL, TAG_TRUSTED_USER_PRESENCE_REQUIRED.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, trusted_confirmation_required, ASN1_NULL, TAG_TRUSTED_CONFIRMATION_REQUIRED.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, unlocked_device_required, ASN1_NULL, TAG_UNLOCKED_DEVICE_REQUIRED.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistant, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER, TAG_VENDOR_PATCHLEVEL.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()), ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING, TAG_ATTESTATION_APPLICATION_ID.maskedTag()), } ASN1_SEQUENCE_END(KM_AUTH_LIST); Loading Loading @@ -237,11 +251,18 @@ static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet* copyAuthTag(record->os_version, TAG_OS_VERSION, auth_list); copyAuthTag(record->padding, TAG_PADDING, auth_list); copyAuthTag(record->purpose, TAG_PURPOSE, auth_list); copyAuthTag(record->rollback_resistant, TAG_ROLLBACK_RESISTANCE, auth_list); copyAuthTag(record->rollback_resistance, TAG_ROLLBACK_RESISTANCE, auth_list); copyAuthTag(record->rsa_public_exponent, TAG_RSA_PUBLIC_EXPONENT, auth_list); copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list); copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list); copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list); copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list); copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list); copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED, auth_list); copyAuthTag(record->trusted_confirmation_required, TAG_TRUSTED_CONFIRMATION_REQUIRED, auth_list); copyAuthTag(record->unlocked_device_required, TAG_UNLOCKED_DEVICE_REQUIRED, auth_list); return ErrorCode::OK; } Loading
keymaster/4.0/support/include/keymasterV4_0/key_param_output.h +4 −0 Original line number Diff line number Diff line Loading @@ -53,6 +53,10 @@ inline ::std::ostream& operator<<(::std::ostream& os, PaddingMode value) { return os << toString(value); } inline ::std::ostream& operator<<(::std::ostream& os, SecurityLevel value) { return os << toString(value); } template <typename ValueT> ::std::ostream& operator<<(::std::ostream& os, const NullOr<ValueT>& value) { if (!value.isOk()) { Loading
keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h +5 −1 Original line number Diff line number Diff line Loading @@ -116,6 +116,7 @@ DECLARE_TYPED_TAG(AUTH_TIMEOUT); DECLARE_TYPED_TAG(BLOB_USAGE_REQUIREMENTS); DECLARE_TYPED_TAG(BLOCK_MODE); DECLARE_TYPED_TAG(BOOTLOADER_ONLY); DECLARE_TYPED_TAG(BOOT_PATCHLEVEL); DECLARE_TYPED_TAG(CALLER_NONCE); DECLARE_TYPED_TAG(CONFIRMATION_TOKEN); DECLARE_TYPED_TAG(CREATION_DATETIME); Loading @@ -141,12 +142,14 @@ DECLARE_TYPED_TAG(ROLLBACK_RESISTANCE); DECLARE_TYPED_TAG(ROOT_OF_TRUST); DECLARE_TYPED_TAG(RSA_PUBLIC_EXPONENT); DECLARE_TYPED_TAG(TRUSTED_CONFIRMATION_REQUIRED); DECLARE_TYPED_TAG(TRUSTED_USER_PRESENCE_REQUIRED); DECLARE_TYPED_TAG(UNIQUE_ID); DECLARE_TYPED_TAG(UNLOCKED_DEVICE_REQUIRED); DECLARE_TYPED_TAG(USAGE_EXPIRE_DATETIME); DECLARE_TYPED_TAG(USER_AUTH_TYPE); DECLARE_TYPED_TAG(USER_ID); DECLARE_TYPED_TAG(USER_SECURE_ID); DECLARE_TYPED_TAG(VENDOR_PATCHLEVEL); template <typename... Elems> struct MetaList {}; Loading @@ -163,7 +166,8 @@ using all_tags_t = TAG_OS_VERSION_t, TAG_OS_PATCHLEVEL_t, TAG_UNIQUE_ID_t, TAG_ATTESTATION_CHALLENGE_t, TAG_ATTESTATION_APPLICATION_ID_t, TAG_RESET_SINCE_ID_ROTATION_t, TAG_PURPOSE_t, TAG_ALGORITHM_t, TAG_BLOCK_MODE_t, TAG_DIGEST_t, TAG_PADDING_t, TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t, TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t>; TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t, TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t, TAG_BOOT_PATCHLEVEL_t, TAG_VENDOR_PATCHLEVEL_t, TAG_TRUSTED_USER_PRESENCE_REQUIRED_t>; template <typename TypedTagType> struct TypedTag2ValueType; Loading
keymaster/4.0/vts/functional/VerificationTokenTest.cpp +3 −2 Original line number Diff line number Diff line Loading @@ -111,8 +111,9 @@ TEST_F(VerificationTokenTest, TestCreation) { EXPECT_GE(host_time_delta, time_to_sleep) << "We slept for " << time_to_sleep << " ms, the clock must have advanced by that much"; EXPECT_LE(host_time_delta, time_to_sleep + 10) << "The verifyAuthorization call took more than 10 ms? That's awful!"; EXPECT_LE(host_time_delta, time_to_sleep + 20) << "The verifyAuthorization call took " << (host_time_delta - time_to_sleep) << " ms? That's awful!"; auto km_time_delta = result2.token.timestamp - result1.token.timestamp; Loading
keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +22 −25 Original line number Diff line number Diff line Loading @@ -182,7 +182,7 @@ X509* parse_cert_blob(const hidl_vec<uint8_t>& blob) { } bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) { for (size_t i = 0; i < chain.size() - 1; ++i) { for (size_t i = 0; i < chain.size(); ++i) { X509_Ptr key_cert(parse_cert_blob(chain[i])); X509_Ptr signing_cert; if (i < chain.size() - 1) { Loading Loading @@ -246,8 +246,7 @@ bool tag_in_list(const KeyParameter& entry) { // Attestations don't contain everything in key authorization lists, so we need to filter // the key lists to produce the lists that we expect to match the attestations. auto tag_list = { Tag::INCLUDE_UNIQUE_ID, Tag::BLOB_USAGE_REQUIREMENTS, Tag::EC_CURVE /* Tag::EC_CURVE will be included by KM2 implementations */, Tag::INCLUDE_UNIQUE_ID, Tag::BLOB_USAGE_REQUIREMENTS, Tag::EC_CURVE, Tag::HARDWARE_TYPE, }; return std::find(tag_list.begin(), tag_list.end(), entry.tag) != tag_list.end(); } Loading @@ -271,7 +270,7 @@ std::string make_string(const uint8_t (&a)[N]) { bool verify_attestation_record(const string& challenge, const string& app_id, AuthorizationSet expected_sw_enforced, AuthorizationSet expected_tee_enforced, AuthorizationSet expected_tee_enforced, SecurityLevel security_level, const hidl_vec<uint8_t>& attestation_cert) { X509_Ptr cert(parse_cert_blob(attestation_cert)); EXPECT_TRUE(!!cert.get()); Loading @@ -290,8 +289,8 @@ bool verify_attestation_record(const string& challenge, const string& app_id, HidlBuf att_challenge; HidlBuf att_unique_id; HidlBuf att_app_id; EXPECT_EQ(ErrorCode::OK, parse_attestation_record(attest_rec->data, // auto error = parse_attestation_record(attest_rec->data, // attest_rec->length, // &att_attestation_version, // &att_attestation_security_level, // Loading @@ -300,19 +299,17 @@ bool verify_attestation_record(const string& challenge, const string& app_id, &att_challenge, // &att_sw_enforced, // &att_tee_enforced, // &att_unique_id)); &att_unique_id); EXPECT_EQ(ErrorCode::OK, error); if (error != ErrorCode::OK) return false; EXPECT_TRUE(att_attestation_version == 1 || att_attestation_version == 2); EXPECT_TRUE(att_attestation_version == 3); expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, HidlBuf(app_id)); EXPECT_GE(att_keymaster_version, 3U); EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE, att_keymaster_security_level); EXPECT_EQ(KeymasterHidlTest::IsSecure() ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE, att_attestation_security_level); EXPECT_EQ(security_level, att_keymaster_security_level); EXPECT_EQ(security_level, att_attestation_security_level); EXPECT_EQ(challenge.length(), att_challenge.size()); EXPECT_EQ(0, memcmp(challenge.data(), att_challenge.data(), challenge.length())); Loading Loading @@ -3827,7 +3824,7 @@ TEST_F(AttestationTest, RsaAttestation) { EXPECT_TRUE(verify_attestation_record("challenge", "foo", // key_characteristics_.softwareEnforced, // key_characteristics_.hardwareEnforced, // cert_chain[0])); SecLevel(), cert_chain[0])); } /* Loading Loading @@ -3874,7 +3871,7 @@ TEST_F(AttestationTest, EcAttestation) { EXPECT_TRUE(verify_attestation_record("challenge", "foo", // key_characteristics_.softwareEnforced, // key_characteristics_.hardwareEnforced, // cert_chain[0])); SecLevel(), cert_chain[0])); } /* Loading
