Loading current.txt +1 −1 Original line number Diff line number Diff line Loading @@ -772,7 +772,7 @@ a64467bae843569f0d465c5be7f0c7a5b987985b55a3ef4794dd5afc68538650 android.hardwar e042522daa4b5f7fd4a0a19bcdadb93c79a1b04c09ef2c9813a3a8941032f3f5 android.hardware.contexthub@1.0::IContexthub c2f64133b83ede65c9939ef97ab5bd867b73faf3dba0e7e69f77c3c43d9e487e android.hardware.contexthub@1.0::IContexthubCallback bda492ec4021d13869de72bd6f8c15c5837b78d6136b8d538efec5320573a5ec android.hardware.gnss@1.0::IGnssMeasurementCallback 6a271e493907e8ba20912e42771bd0d99ae45431a851d5675ef9496d02510a34 android.hardware.gnss@1.1::IGnssMeasurementCallback 7ae2025662e30e690a3ffa1c65cc972c6297a68638174055c33cbf3d2e4bbddc android.hardware.gnss@1.1::IGnssMeasurementCallback 11e9e1a1fd0c9b3d9648750d4b10dc2a839d3a6688904c3fc49500a4e7ca75b0 android.hardware.gnss@2.1::IGnssMeasurementCallback 2c331a9605f3a08d9c1e0a36169ca57758bc43c11a78ef3f3730509885e52c15 android.hardware.graphics.composer@2.4::IComposerClient 3da3ce039247872d95c6bd48621dbfdfa1c2d2a91a90f257862f87ee2bc46300 android.hardware.health@2.1::types Loading gnss/1.1/IGnssMeasurementCallback.hal +26 −1 Original line number Diff line number Diff line Loading @@ -24,13 +24,38 @@ interface IGnssMeasurementCallback extends @1.0::IGnssMeasurementCallback { * Flags indicating the Accumulated Delta Range's states. * * See the table below for a detailed interpretation of each state. This is * a continuation of the table from 1.1/IGnssMeasurementCallback.hal. * a continuation of the table from 1.0/IGnssMeasurementCallback.hal. * * +---------------------+-------------------+-----------------------------+ * | ADR_STATE | Time of relevance | Interpretation | * +---------------------+-------------------+-----------------------------+ * | HALF_CYCLE_RESOLVED | ADR(t) | Half cycle ambiguity is | * | | | resolved at time t. | * | | | | * | | | For signals that have | * | | | databits, the carrier phase | * | | | tracking loops typically | * | | | use a costas loop | * | | | discriminator. This type of | * | | | tracking loop introduces a | * | | | half-cycle ambiguity that | * | | | is resolved by searching | * | | | through the received data | * | | | for known patterns of | * | | | databits (e.g. GPS uses the | * | | | TLM word) which then | * | | | determines the polarity of | * | | | the incoming data and | * | | | resolves the half-cycle | * | | | ambiguity. | * | | | | * | | | Before the half-cycle | * | | | ambiguity has been resolved | * | | | it is possible that the | * | | | ADR_STATE_VALID flag is | * | | | set, but the ADR_STATE_ | * | | | HALF_CYCLE_RESOLVED flag is | * | | | not set. | * +---------------------+-------------------+-----------------------------+ */ enum GnssAccumulatedDeltaRangeState Loading gnss/aidl/android/hardware/gnss/GnssMeasurement.aidl +25 −0 Original line number Diff line number Diff line Loading @@ -438,6 +438,31 @@ parcelable GnssMeasurement { * +---------------------+-------------------+-----------------------------+ * | HALF_CYCLE_RESOLVED | ADR(t) | Half cycle ambiguity is | * | | | resolved at time t. | * | | | | * | | | For signals that have | * | | | databits, the carrier phase | * | | | tracking loops typically | * | | | use a costas loop | * | | | discriminator. This type of | * | | | tracking loop introduces a | * | | | half-cycle ambiguity that | * | | | is resolved by searching | * | | | through the received data | * | | | for known patterns of | * | | | databits (e.g. GPS uses the | * | | | TLM word) which then | * | | | determines the polarity of | * | | | the incoming data and | * | | | resolves the half-cycle | * | | | ambiguity. | * | | | | * | | | Before the half-cycle | * | | | ambiguity has been resolved | * | | | it is possible that the | * | | | ADR_STATE_VALID flag is | * | | | set, but the ADR_STATE_ | * | | | HALF_CYCLE_RESOLVED flag is | * | | | not set. | * +---------------------+-------------------+-----------------------------+ */ const int ADR_STATE_UNKNOWN = 0; Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +42 −34 Original line number Diff line number Diff line Loading @@ -62,6 +62,9 @@ namespace test { namespace { // Invalid value for a patchlevel (which is of form YYYYMMDD). const uint32_t kInvalidPatchlevel = 99998877; // Overhead for PKCS#1 v1.5 signature padding of undigested messages. Digested messages have // additional overhead, for the digest algorithmIdentifier required by PKCS#1. const size_t kPkcs1UndigestedSignaturePaddingOverhead = 11; Loading Loading @@ -127,7 +130,6 @@ char nibble2hex[16] = {'0', '1', '2', '3', '4', '5', '6', '7', // lists to produce the lists that we expect to match the attestations. auto kTagsToFilter = { Tag::CREATION_DATETIME, Tag::EC_CURVE, Tag::HARDWARE_TYPE, Tag::INCLUDE_UNIQUE_ID, }; Loading Loading @@ -163,6 +165,28 @@ string x509NameToStr(X509_NAME* name) { bool KeyMintAidlTestBase::arm_deleteAllKeys = false; bool KeyMintAidlTestBase::dump_Attestations = false; uint32_t KeyMintAidlTestBase::boot_patch_level( const vector<KeyCharacteristics>& key_characteristics) { // The boot patchlevel is not available as a property, but should be present // in the key characteristics of any created key. AuthorizationSet allAuths; for (auto& entry : key_characteristics) { allAuths.push_back(AuthorizationSet(entry.authorizations)); } auto patchlevel = allAuths.GetTagValue(TAG_BOOT_PATCHLEVEL); if (patchlevel.has_value()) { return patchlevel.value(); } else { // No boot patchlevel is available. Return a value that won't match anything // and so will trigger test failures. return kInvalidPatchlevel; } } uint32_t KeyMintAidlTestBase::boot_patch_level() { return boot_patch_level(key_characteristics_); } ErrorCode KeyMintAidlTestBase::GetReturnErrorCode(const Status& result) { if (result.isOk()) return ErrorCode::OK; Loading Loading @@ -998,16 +1022,7 @@ vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) { } break; case Algorithm::EC: switch (SecLevel()) { case SecurityLevel::SOFTWARE: case SecurityLevel::TRUSTED_ENVIRONMENT: return {224, 256, 384, 521}; case SecurityLevel::STRONGBOX: return {256}; default: ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel()); break; } ADD_FAILURE() << "EC keys must be specified by curve not size"; break; case Algorithm::AES: return {128, 256}; Loading Loading @@ -1123,9 +1138,11 @@ vector<EcCurve> KeyMintAidlTestBase::ValidCurves() { } vector<EcCurve> KeyMintAidlTestBase::InvalidCurves() { if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {}; CHECK(SecLevel() == SecurityLevel::STRONGBOX); if (SecLevel() == SecurityLevel::STRONGBOX) { return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521}; } else { return {}; } } vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) { Loading Loading @@ -1293,9 +1310,9 @@ bool verify_attestation_record(const string& challenge, // AuthorizationSet att_sw_enforced; AuthorizationSet att_hw_enforced; uint32_t att_attestation_version; uint32_t att_keymaster_version; uint32_t att_keymint_version; SecurityLevel att_attestation_security_level; SecurityLevel att_keymaster_security_level; SecurityLevel att_keymint_security_level; vector<uint8_t> att_challenge; vector<uint8_t> att_unique_id; vector<uint8_t> att_app_id; Loading @@ -1304,8 +1321,8 @@ bool verify_attestation_record(const string& challenge, // attest_rec->length, // &att_attestation_version, // &att_attestation_security_level, // &att_keymaster_version, // &att_keymaster_security_level, // &att_keymint_version, // &att_keymint_security_level, // &att_challenge, // &att_sw_enforced, // &att_hw_enforced, // Loading @@ -1324,14 +1341,14 @@ bool verify_attestation_record(const string& challenge, // expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, appId); } EXPECT_EQ(att_keymaster_version, 100U); EXPECT_EQ(security_level, att_keymaster_security_level); EXPECT_EQ(att_keymint_version, 100U); EXPECT_EQ(security_level, att_keymint_security_level); EXPECT_EQ(security_level, att_attestation_security_level); char property_value[PROPERTY_VALUE_MAX] = {}; // TODO(b/136282179): When running under VTS-on-GSI the TEE-backed // keymaster implementation will report YYYYMM dates instead of YYYYMMDD // keymint implementation will report YYYYMM dates instead of YYYYMMDD // for the BOOT_PATCH_LEVEL. if (avb_verification_enabled()) { for (int i = 0; i < att_hw_enforced.size(); i++) { Loading Loading @@ -1370,13 +1387,6 @@ bool verify_attestation_record(const string& challenge, // EXPECT_TRUE(expected_hw_enforced.Contains(TAG_NO_AUTH_REQUIRED)); } // Alternatively this checks the opposite - a false boolean tag (one that isn't provided in // the authorization list during key generation) isn't being attested to in the certificate. EXPECT_FALSE(expected_sw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED)); EXPECT_FALSE(att_sw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED)); EXPECT_FALSE(expected_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED)); EXPECT_FALSE(att_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED)); if (att_hw_enforced.Contains(TAG_ALGORITHM, Algorithm::EC)) { // For ECDSA keys, either an EC_CURVE or a KEY_SIZE can be specified, but one must be. EXPECT_TRUE(att_hw_enforced.Contains(TAG_EC_CURVE) || Loading Loading @@ -1442,9 +1452,7 @@ bool verify_attestation_record(const string& challenge, // att_sw_enforced.Sort(); expected_sw_enforced.Sort(); auto a = filtered_tags(expected_sw_enforced); auto b = filtered_tags(att_sw_enforced); EXPECT_EQ(a, b); EXPECT_EQ(filtered_tags(expected_sw_enforced), filtered_tags(att_sw_enforced)); att_hw_enforced.Sort(); expected_hw_enforced.Sort(); Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +3 −1 Original line number Diff line number Diff line Loading @@ -76,6 +76,8 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { uint32_t os_version() { return os_version_; } uint32_t os_patch_level() { return os_patch_level_; } uint32_t vendor_patch_level() { return vendor_patch_level_; } uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics); uint32_t boot_patch_level(); ErrorCode GetReturnErrorCode(const Status& result); Loading Loading @@ -253,7 +255,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { /* ECDSA */ KeyData ecdsaKeyData; AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder() .EcdsaSigningKey(256) .EcdsaSigningKey(EcCurve::P_256) .Authorization(tagToTest) .Digest(Digest::SHA_2_256) .Authorization(TAG_NO_AUTH_REQUIRED) Loading Loading
current.txt +1 −1 Original line number Diff line number Diff line Loading @@ -772,7 +772,7 @@ a64467bae843569f0d465c5be7f0c7a5b987985b55a3ef4794dd5afc68538650 android.hardwar e042522daa4b5f7fd4a0a19bcdadb93c79a1b04c09ef2c9813a3a8941032f3f5 android.hardware.contexthub@1.0::IContexthub c2f64133b83ede65c9939ef97ab5bd867b73faf3dba0e7e69f77c3c43d9e487e android.hardware.contexthub@1.0::IContexthubCallback bda492ec4021d13869de72bd6f8c15c5837b78d6136b8d538efec5320573a5ec android.hardware.gnss@1.0::IGnssMeasurementCallback 6a271e493907e8ba20912e42771bd0d99ae45431a851d5675ef9496d02510a34 android.hardware.gnss@1.1::IGnssMeasurementCallback 7ae2025662e30e690a3ffa1c65cc972c6297a68638174055c33cbf3d2e4bbddc android.hardware.gnss@1.1::IGnssMeasurementCallback 11e9e1a1fd0c9b3d9648750d4b10dc2a839d3a6688904c3fc49500a4e7ca75b0 android.hardware.gnss@2.1::IGnssMeasurementCallback 2c331a9605f3a08d9c1e0a36169ca57758bc43c11a78ef3f3730509885e52c15 android.hardware.graphics.composer@2.4::IComposerClient 3da3ce039247872d95c6bd48621dbfdfa1c2d2a91a90f257862f87ee2bc46300 android.hardware.health@2.1::types Loading
gnss/1.1/IGnssMeasurementCallback.hal +26 −1 Original line number Diff line number Diff line Loading @@ -24,13 +24,38 @@ interface IGnssMeasurementCallback extends @1.0::IGnssMeasurementCallback { * Flags indicating the Accumulated Delta Range's states. * * See the table below for a detailed interpretation of each state. This is * a continuation of the table from 1.1/IGnssMeasurementCallback.hal. * a continuation of the table from 1.0/IGnssMeasurementCallback.hal. * * +---------------------+-------------------+-----------------------------+ * | ADR_STATE | Time of relevance | Interpretation | * +---------------------+-------------------+-----------------------------+ * | HALF_CYCLE_RESOLVED | ADR(t) | Half cycle ambiguity is | * | | | resolved at time t. | * | | | | * | | | For signals that have | * | | | databits, the carrier phase | * | | | tracking loops typically | * | | | use a costas loop | * | | | discriminator. This type of | * | | | tracking loop introduces a | * | | | half-cycle ambiguity that | * | | | is resolved by searching | * | | | through the received data | * | | | for known patterns of | * | | | databits (e.g. GPS uses the | * | | | TLM word) which then | * | | | determines the polarity of | * | | | the incoming data and | * | | | resolves the half-cycle | * | | | ambiguity. | * | | | | * | | | Before the half-cycle | * | | | ambiguity has been resolved | * | | | it is possible that the | * | | | ADR_STATE_VALID flag is | * | | | set, but the ADR_STATE_ | * | | | HALF_CYCLE_RESOLVED flag is | * | | | not set. | * +---------------------+-------------------+-----------------------------+ */ enum GnssAccumulatedDeltaRangeState Loading
gnss/aidl/android/hardware/gnss/GnssMeasurement.aidl +25 −0 Original line number Diff line number Diff line Loading @@ -438,6 +438,31 @@ parcelable GnssMeasurement { * +---------------------+-------------------+-----------------------------+ * | HALF_CYCLE_RESOLVED | ADR(t) | Half cycle ambiguity is | * | | | resolved at time t. | * | | | | * | | | For signals that have | * | | | databits, the carrier phase | * | | | tracking loops typically | * | | | use a costas loop | * | | | discriminator. This type of | * | | | tracking loop introduces a | * | | | half-cycle ambiguity that | * | | | is resolved by searching | * | | | through the received data | * | | | for known patterns of | * | | | databits (e.g. GPS uses the | * | | | TLM word) which then | * | | | determines the polarity of | * | | | the incoming data and | * | | | resolves the half-cycle | * | | | ambiguity. | * | | | | * | | | Before the half-cycle | * | | | ambiguity has been resolved | * | | | it is possible that the | * | | | ADR_STATE_VALID flag is | * | | | set, but the ADR_STATE_ | * | | | HALF_CYCLE_RESOLVED flag is | * | | | not set. | * +---------------------+-------------------+-----------------------------+ */ const int ADR_STATE_UNKNOWN = 0; Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +42 −34 Original line number Diff line number Diff line Loading @@ -62,6 +62,9 @@ namespace test { namespace { // Invalid value for a patchlevel (which is of form YYYYMMDD). const uint32_t kInvalidPatchlevel = 99998877; // Overhead for PKCS#1 v1.5 signature padding of undigested messages. Digested messages have // additional overhead, for the digest algorithmIdentifier required by PKCS#1. const size_t kPkcs1UndigestedSignaturePaddingOverhead = 11; Loading Loading @@ -127,7 +130,6 @@ char nibble2hex[16] = {'0', '1', '2', '3', '4', '5', '6', '7', // lists to produce the lists that we expect to match the attestations. auto kTagsToFilter = { Tag::CREATION_DATETIME, Tag::EC_CURVE, Tag::HARDWARE_TYPE, Tag::INCLUDE_UNIQUE_ID, }; Loading Loading @@ -163,6 +165,28 @@ string x509NameToStr(X509_NAME* name) { bool KeyMintAidlTestBase::arm_deleteAllKeys = false; bool KeyMintAidlTestBase::dump_Attestations = false; uint32_t KeyMintAidlTestBase::boot_patch_level( const vector<KeyCharacteristics>& key_characteristics) { // The boot patchlevel is not available as a property, but should be present // in the key characteristics of any created key. AuthorizationSet allAuths; for (auto& entry : key_characteristics) { allAuths.push_back(AuthorizationSet(entry.authorizations)); } auto patchlevel = allAuths.GetTagValue(TAG_BOOT_PATCHLEVEL); if (patchlevel.has_value()) { return patchlevel.value(); } else { // No boot patchlevel is available. Return a value that won't match anything // and so will trigger test failures. return kInvalidPatchlevel; } } uint32_t KeyMintAidlTestBase::boot_patch_level() { return boot_patch_level(key_characteristics_); } ErrorCode KeyMintAidlTestBase::GetReturnErrorCode(const Status& result) { if (result.isOk()) return ErrorCode::OK; Loading Loading @@ -998,16 +1022,7 @@ vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) { } break; case Algorithm::EC: switch (SecLevel()) { case SecurityLevel::SOFTWARE: case SecurityLevel::TRUSTED_ENVIRONMENT: return {224, 256, 384, 521}; case SecurityLevel::STRONGBOX: return {256}; default: ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel()); break; } ADD_FAILURE() << "EC keys must be specified by curve not size"; break; case Algorithm::AES: return {128, 256}; Loading Loading @@ -1123,9 +1138,11 @@ vector<EcCurve> KeyMintAidlTestBase::ValidCurves() { } vector<EcCurve> KeyMintAidlTestBase::InvalidCurves() { if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {}; CHECK(SecLevel() == SecurityLevel::STRONGBOX); if (SecLevel() == SecurityLevel::STRONGBOX) { return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521}; } else { return {}; } } vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) { Loading Loading @@ -1293,9 +1310,9 @@ bool verify_attestation_record(const string& challenge, // AuthorizationSet att_sw_enforced; AuthorizationSet att_hw_enforced; uint32_t att_attestation_version; uint32_t att_keymaster_version; uint32_t att_keymint_version; SecurityLevel att_attestation_security_level; SecurityLevel att_keymaster_security_level; SecurityLevel att_keymint_security_level; vector<uint8_t> att_challenge; vector<uint8_t> att_unique_id; vector<uint8_t> att_app_id; Loading @@ -1304,8 +1321,8 @@ bool verify_attestation_record(const string& challenge, // attest_rec->length, // &att_attestation_version, // &att_attestation_security_level, // &att_keymaster_version, // &att_keymaster_security_level, // &att_keymint_version, // &att_keymint_security_level, // &att_challenge, // &att_sw_enforced, // &att_hw_enforced, // Loading @@ -1324,14 +1341,14 @@ bool verify_attestation_record(const string& challenge, // expected_sw_enforced.push_back(TAG_ATTESTATION_APPLICATION_ID, appId); } EXPECT_EQ(att_keymaster_version, 100U); EXPECT_EQ(security_level, att_keymaster_security_level); EXPECT_EQ(att_keymint_version, 100U); EXPECT_EQ(security_level, att_keymint_security_level); EXPECT_EQ(security_level, att_attestation_security_level); char property_value[PROPERTY_VALUE_MAX] = {}; // TODO(b/136282179): When running under VTS-on-GSI the TEE-backed // keymaster implementation will report YYYYMM dates instead of YYYYMMDD // keymint implementation will report YYYYMM dates instead of YYYYMMDD // for the BOOT_PATCH_LEVEL. if (avb_verification_enabled()) { for (int i = 0; i < att_hw_enforced.size(); i++) { Loading Loading @@ -1370,13 +1387,6 @@ bool verify_attestation_record(const string& challenge, // EXPECT_TRUE(expected_hw_enforced.Contains(TAG_NO_AUTH_REQUIRED)); } // Alternatively this checks the opposite - a false boolean tag (one that isn't provided in // the authorization list during key generation) isn't being attested to in the certificate. EXPECT_FALSE(expected_sw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED)); EXPECT_FALSE(att_sw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED)); EXPECT_FALSE(expected_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED)); EXPECT_FALSE(att_hw_enforced.Contains(TAG_TRUSTED_USER_PRESENCE_REQUIRED)); if (att_hw_enforced.Contains(TAG_ALGORITHM, Algorithm::EC)) { // For ECDSA keys, either an EC_CURVE or a KEY_SIZE can be specified, but one must be. EXPECT_TRUE(att_hw_enforced.Contains(TAG_EC_CURVE) || Loading Loading @@ -1442,9 +1452,7 @@ bool verify_attestation_record(const string& challenge, // att_sw_enforced.Sort(); expected_sw_enforced.Sort(); auto a = filtered_tags(expected_sw_enforced); auto b = filtered_tags(att_sw_enforced); EXPECT_EQ(a, b); EXPECT_EQ(filtered_tags(expected_sw_enforced), filtered_tags(att_sw_enforced)); att_hw_enforced.Sort(); expected_hw_enforced.Sort(); Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +3 −1 Original line number Diff line number Diff line Loading @@ -76,6 +76,8 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { uint32_t os_version() { return os_version_; } uint32_t os_patch_level() { return os_patch_level_; } uint32_t vendor_patch_level() { return vendor_patch_level_; } uint32_t boot_patch_level(const vector<KeyCharacteristics>& key_characteristics); uint32_t boot_patch_level(); ErrorCode GetReturnErrorCode(const Status& result); Loading Loading @@ -253,7 +255,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { /* ECDSA */ KeyData ecdsaKeyData; AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder() .EcdsaSigningKey(256) .EcdsaSigningKey(EcCurve::P_256) .Authorization(tagToTest) .Digest(Digest::SHA_2_256) .Authorization(TAG_NO_AUTH_REQUIRED) Loading
