Merge "Keymint: Use ndk_platform." am: dfe843477b am: 24f8ba41c4 am: c670b8d592 (f468b740) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/default/Android.bp

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -9,7 +9,7 @@ cc_binary {
	"-Wextra",		"-Wextra",
	],		],
	shared_libs: [		shared_libs: [
	"android.hardware.security.keymint-ndk_platform",		"android.hardware.security.keymint-unstable-ndk_platform",
	"libbase",		"libbase",
	"libbinder_ndk",		"libbinder_ndk",
	"libcppbor",		"libcppbor",

security/keymint/aidl/vts/functional/Android.bp

+4 −4

Original line number	Original line	Diff line number	Diff line
	@@ -25,13 +25,13 @@ cc_test {
	"VerificationTokenTest.cpp",		"VerificationTokenTest.cpp",
	],		],
	shared_libs: [		shared_libs: [
	"libbinder",		"libbinder_ndk",
	"libcrypto",		"libcrypto",
	"libkeymint",		"libkeymint",
	"libkeymint_support",		"libkeymint_support",
	],		],
	static_libs: [		static_libs: [
	"android.hardware.security.keymint-cpp",		"android.hardware.security.keymint-unstable-ndk_platform",
	"libcppbor_external",		"libcppbor_external",
	"libkeymint_vts_test_utils",		"libkeymint_vts_test_utils",
	],		],
	@@ -54,13 +54,13 @@ cc_test_library {
	".",		".",
	],		],
	shared_libs: [		shared_libs: [
	"libbinder",		"libbinder_ndk",
	"libcrypto",		"libcrypto",
	"libkeymint",		"libkeymint",
	"libkeymint_support",		"libkeymint_support",
	],		],
	static_libs: [		static_libs: [
	"android.hardware.security.keymint-cpp",		"android.hardware.security.keymint-unstable-ndk_platform",
	"libcppbor",		"libcppbor",
	],		],
	}		}

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+24 −18

Original line number	Original line	Diff line number	Diff line
	@@ -20,11 +20,12 @@
	#include <vector>		#include <vector>

	#include <android-base/logging.h>		#include <android-base/logging.h>
			#include <android/binder_manager.h>

	#include <keymint_support/key_param_output.h>		#include <keymint_support/key_param_output.h>
	#include <keymint_support/keymint_utils.h>		#include <keymint_support/keymint_utils.h>

	namespace android::hardware::security::keymint {		namespace aidl::android::hardware::security::keymint {

	using namespace std::literals::chrono_literals;		using namespace std::literals::chrono_literals;
	using std::endl;		using std::endl;
	@@ -42,19 +43,19 @@ using std::optional;

	namespace test {		namespace test {

	ErrorCode KeyMintAidlTestBase::GetReturnErrorCode(Status result) {		ErrorCode KeyMintAidlTestBase::GetReturnErrorCode(const Status& result) {
	if (result.isOk()) return ErrorCode::OK;		if (result.isOk()) return ErrorCode::OK;

	if (result.exceptionCode() == binder::Status::EX_SERVICE_SPECIFIC) {		if (result.getExceptionCode() == EX_SERVICE_SPECIFIC) {
	return static_cast<ErrorCode>(result.serviceSpecificErrorCode());		return static_cast<ErrorCode>(result.getServiceSpecificError());
	}		}

	return ErrorCode::UNKNOWN_ERROR;		return ErrorCode::UNKNOWN_ERROR;
	}		}

	void KeyMintAidlTestBase::InitializeKeyMint(sp<IKeyMintDevice> keyMint) {		void KeyMintAidlTestBase::InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint) {
	ASSERT_NE(keyMint, nullptr);		ASSERT_NE(keyMint, nullptr);
	keymint_ = keyMint;		keymint_ = std::move(keyMint);

	KeyMintHardwareInfo info;		KeyMintHardwareInfo info;
	ASSERT_TRUE(keymint_->getHardwareInfo(&info).isOk());		ASSERT_TRUE(keymint_->getHardwareInfo(&info).isOk());
	@@ -68,8 +69,12 @@ void KeyMintAidlTestBase::InitializeKeyMint(sp<IKeyMintDevice> keyMint) {
	}		}

	void KeyMintAidlTestBase::SetUp() {		void KeyMintAidlTestBase::SetUp() {
	InitializeKeyMint(		if (AServiceManager_isDeclared(GetParam().c_str())) {
	android::waitForDeclaredService<IKeyMintDevice>(String16(GetParam().c_str())));		::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str()));
			InitializeKeyMint(IKeyMintDevice::fromBinder(binder));
			} else {
			InitializeKeyMint(nullptr);
			}
	}		}

	ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc,		ErrorCode KeyMintAidlTestBase::GenerateKey(const AuthorizationSet& key_desc,
	@@ -176,7 +181,7 @@ ErrorCode KeyMintAidlTestBase::DeleteKey(vector<uint8_t>* key_blob, bool keep_ke
	*key_blob = vector<uint8_t>();		*key_blob = vector<uint8_t>();
	}		}

	EXPECT_TRUE(result.isOk()) << result.serviceSpecificErrorCode() << endl;		EXPECT_TRUE(result.isOk()) << result.getServiceSpecificError() << endl;
	return GetReturnErrorCode(result);		return GetReturnErrorCode(result);
	}		}

	@@ -186,7 +191,7 @@ ErrorCode KeyMintAidlTestBase::DeleteKey(bool keep_key_blob) {

	ErrorCode KeyMintAidlTestBase::DeleteAllKeys() {		ErrorCode KeyMintAidlTestBase::DeleteAllKeys() {
	Status result = keymint_->deleteAllKeys();		Status result = keymint_->deleteAllKeys();
	EXPECT_TRUE(result.isOk()) << result.serviceSpecificErrorCode() << endl;		EXPECT_TRUE(result.isOk()) << result.getServiceSpecificError() << endl;
	return GetReturnErrorCode(result);		return GetReturnErrorCode(result);
	}		}

	@@ -201,7 +206,8 @@ void KeyMintAidlTestBase::CheckedDeleteKey() {

	ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,		ErrorCode KeyMintAidlTestBase::Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
	const AuthorizationSet& in_params,		const AuthorizationSet& in_params,
	AuthorizationSet* out_params, sp<IKeyMintOperation>& op) {		AuthorizationSet* out_params,
			std::shared_ptr<IKeyMintOperation>& op) {
	SCOPED_TRACE("Begin");		SCOPED_TRACE("Begin");
	Status result;		Status result;
	BeginResult out;		BeginResult out;
	@@ -326,7 +332,7 @@ ErrorCode KeyMintAidlTestBase::Finish(const AuthorizationSet& in_params, const s
	output->append(oPut.begin(), oPut.end());		output->append(oPut.begin(), oPut.end());
	}		}

	op_.clear(); // So dtor doesn't Abort().		op_.reset();
	return GetReturnErrorCode(result);		return GetReturnErrorCode(result);
	}		}

	@@ -358,7 +364,7 @@ ErrorCode KeyMintAidlTestBase::Finish(const string& message, const string& signa
	return result;		return result;
	}		}

	ErrorCode KeyMintAidlTestBase::Abort(const sp<IKeyMintOperation>& op) {		ErrorCode KeyMintAidlTestBase::Abort(const std::shared_ptr<IKeyMintOperation>& op) {
	SCOPED_TRACE("Abort");		SCOPED_TRACE("Abort");

	EXPECT_NE(op, nullptr);		EXPECT_NE(op, nullptr);
	@@ -368,7 +374,7 @@ ErrorCode KeyMintAidlTestBase::Abort(const sp<IKeyMintOperation>& op) {

	Status retval = op->abort();		Status retval = op->abort();
	EXPECT_TRUE(retval.isOk());		EXPECT_TRUE(retval.isOk());
	return static_cast<ErrorCode>(retval.serviceSpecificErrorCode());		return static_cast<ErrorCode>(retval.getServiceSpecificError());
	}		}

	ErrorCode KeyMintAidlTestBase::Abort() {		ErrorCode KeyMintAidlTestBase::Abort() {
	@@ -380,14 +386,14 @@ ErrorCode KeyMintAidlTestBase::Abort() {
	}		}

	Status retval = op_->abort();		Status retval = op_->abort();
	return static_cast<ErrorCode>(retval.serviceSpecificErrorCode());		return static_cast<ErrorCode>(retval.getServiceSpecificError());
	}		}

	void KeyMintAidlTestBase::AbortIfNeeded() {		void KeyMintAidlTestBase::AbortIfNeeded() {
	SCOPED_TRACE("AbortIfNeeded");		SCOPED_TRACE("AbortIfNeeded");
	if (op_) {		if (op_) {
	EXPECT_EQ(ErrorCode::OK, Abort());		EXPECT_EQ(ErrorCode::OK, Abort());
	op_.clear();		op_.reset();
	}		}
	}		}

	@@ -522,7 +528,7 @@ void KeyMintAidlTestBase::VerifyMessage(const vector<uint8_t>& key_blob, const s
	AuthorizationSet finish_out_params;		AuthorizationSet finish_out_params;
	EXPECT_EQ(ErrorCode::OK, Finish(finish_params, message.substr(consumed), signature,		EXPECT_EQ(ErrorCode::OK, Finish(finish_params, message.substr(consumed), signature,
	&finish_out_params, &output));		&finish_out_params, &output));
	op_.clear();		op_.reset();
	EXPECT_TRUE(output.empty());		EXPECT_TRUE(output.empty());
	}		}

	@@ -750,4 +756,4 @@ vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {

	} // namespace test		} // namespace test

	} // namespace android::hardware::security::keymint		} // namespace aidl::android::hardware::security::keymint

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

+13 −13

Original line number	Original line	Diff line number	Diff line
	@@ -22,15 +22,15 @@
	#include <binder/ProcessState.h>		#include <binder/ProcessState.h>
	#include <gtest/gtest.h>		#include <gtest/gtest.h>

	#include <android/hardware/security/keymint/ErrorCode.h>		#include <aidl/android/hardware/security/keymint/ErrorCode.h>
	#include <android/hardware/security/keymint/IKeyMintDevice.h>		#include <aidl/android/hardware/security/keymint/IKeyMintDevice.h>

	#include <keymint_support/authorization_set.h>		#include <keymint_support/authorization_set.h>

	namespace android::hardware::security::keymint::test {		namespace aidl::android::hardware::security::keymint::test {

	using ::android::sp;		using ::android::sp;
	using binder::Status;		using Status = ::ndk::ScopedAStatus;
	using ::std::shared_ptr;		using ::std::shared_ptr;
	using ::std::string;		using ::std::string;
	using ::std::vector;		using ::std::vector;
	@@ -49,12 +49,12 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
	AbortIfNeeded();		AbortIfNeeded();
	}		}

	void InitializeKeyMint(sp<IKeyMintDevice> keyMint);		void InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyMint);
	IKeyMintDevice& keyMint() { return *keymint_; }		IKeyMintDevice& keyMint() { return *keymint_; }
	uint32_t os_version() { return os_version_; }		uint32_t os_version() { return os_version_; }
	uint32_t os_patch_level() { return os_patch_level_; }		uint32_t os_patch_level() { return os_patch_level_; }

	ErrorCode GetReturnErrorCode(Status result);		ErrorCode GetReturnErrorCode(const Status& result);
	ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,		ErrorCode GenerateKey(const AuthorizationSet& key_desc, vector<uint8_t>* key_blob,
	KeyCharacteristics* key_characteristics);		KeyCharacteristics* key_characteristics);

	@@ -80,7 +80,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {

	ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,		ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
	const AuthorizationSet& in_params, AuthorizationSet* out_params,		const AuthorizationSet& in_params, AuthorizationSet* out_params,
	sp<IKeyMintOperation>& op);		std::shared_ptr<IKeyMintOperation>& op);
	ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,		ErrorCode Begin(KeyPurpose purpose, const vector<uint8_t>& key_blob,
	const AuthorizationSet& in_params, AuthorizationSet* out_params);		const AuthorizationSet& in_params, AuthorizationSet* out_params);
	ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params,		ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params,
	@@ -98,7 +98,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
	ErrorCode Finish(string* output) { return Finish(string(), output); }		ErrorCode Finish(string* output) { return Finish(string(), output); }

	ErrorCode Abort();		ErrorCode Abort();
	ErrorCode Abort(const sp<IKeyMintOperation>& op);		ErrorCode Abort(const shared_ptr<IKeyMintOperation>& op);
	void AbortIfNeeded();		void AbortIfNeeded();

	string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,		string ProcessMessage(const vector<uint8_t>& key_blob, KeyPurpose operation,
	@@ -159,17 +159,17 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
	vector<Digest> ValidDigests(bool withNone, bool withMD5);		vector<Digest> ValidDigests(bool withNone, bool withMD5);

	static vector<string> build_params() {		static vector<string> build_params() {
	auto params = android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);		auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
	return params;		return params;
	}		}

	sp<IKeyMintOperation> op_;		std::shared_ptr<IKeyMintOperation> op_;
	vector<Certificate> certChain_;		vector<Certificate> certChain_;
	vector<uint8_t> key_blob_;		vector<uint8_t> key_blob_;
	KeyCharacteristics key_characteristics_;		KeyCharacteristics key_characteristics_;

	private:		private:
	sp<IKeyMintDevice> keymint_;		std::shared_ptr<IKeyMintDevice> keymint_;
	uint32_t os_version_;		uint32_t os_version_;
	uint32_t os_patch_level_;		uint32_t os_patch_level_;

	@@ -182,6 +182,6 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
	#define INSTANTIATE_KEYMINT_AIDL_TEST(name) \		#define INSTANTIATE_KEYMINT_AIDL_TEST(name) \
	INSTANTIATE_TEST_SUITE_P(PerInstance, name, \		INSTANTIATE_TEST_SUITE_P(PerInstance, name, \
	testing::ValuesIn(KeyMintAidlTestBase::build_params()), \		testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
	android::PrintInstanceNameToString)		::android::PrintInstanceNameToString)

	} // namespace android::hardware::security::keymint::test		} // namespace aidl::android::hardware::security::keymint::test

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+12 −12

Original line number	Original line	Diff line number	Diff line
	@@ -26,7 +26,7 @@

	#include <cutils/properties.h>		#include <cutils/properties.h>

	#include <android/hardware/security/keymint/KeyFormat.h>		#include <aidl/android/hardware/security/keymint/KeyFormat.h>

	#include <keymint_support/attestation_record.h>		#include <keymint_support/attestation_record.h>
	#include <keymint_support/key_param_output.h>		#include <keymint_support/key_param_output.h>
	@@ -37,21 +37,21 @@
	static bool arm_deleteAllKeys = false;		static bool arm_deleteAllKeys = false;
	static bool dump_Attestations = false;		static bool dump_Attestations = false;

	using android::hardware::security::keymint::AuthorizationSet;		using aidl::android::hardware::security::keymint::AuthorizationSet;
	using android::hardware::security::keymint::KeyCharacteristics;		using aidl::android::hardware::security::keymint::KeyCharacteristics;
	using android::hardware::security::keymint::KeyFormat;		using aidl::android::hardware::security::keymint::KeyFormat;

	namespace android::hardware::security::keymint {		namespace aidl::android::hardware::security::keymint {

	bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {		bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
	return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());		return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
	}		}

	} // namespace android::hardware::security::keymint		} // namespace aidl::android::hardware::security::keymint

	namespace std {		namespace std {

	using namespace android::hardware::security::keymint;		using namespace aidl::android::hardware::security::keymint;

	template <>		template <>
	struct std::equal_to<KeyCharacteristics> {		struct std::equal_to<KeyCharacteristics> {
	@@ -73,7 +73,7 @@ struct std::equal_to<KeyCharacteristics> {

	} // namespace std		} // namespace std

	namespace android::hardware::security::keymint::test {		namespace aidl::android::hardware::security::keymint::test {

	namespace {		namespace {

	@@ -834,7 +834,7 @@ TEST_P(SigningOperationsTest, RsaAbort) {
	EXPECT_EQ(ErrorCode::INVALID_OPERATION_HANDLE, Abort());		EXPECT_EQ(ErrorCode::INVALID_OPERATION_HANDLE, Abort());

	// Set to sentinel, so TearDown() doesn't try to abort again.		// Set to sentinel, so TearDown() doesn't try to abort again.
	op_.clear();		op_.reset();
	}		}

	/*		/*
	@@ -3115,7 +3115,7 @@ TEST_P(EncryptionOperationsTest, AesGcmAadOutOfOrder) {
	EXPECT_EQ(ErrorCode::INVALID_TAG,		EXPECT_EQ(ErrorCode::INVALID_TAG,
	Update(update_params, "", &update_out_params, &ciphertext, &input_consumed));		Update(update_params, "", &update_out_params, &ciphertext, &input_consumed));

	op_.clear();		op_.reset();
	}		}

	/*		/*
	@@ -3973,7 +3973,7 @@ TEST_P(ClearOperationsTest, TooManyOperations) {

	auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);		auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE);
	constexpr size_t max_operations = 100; // set to arbituary large number		constexpr size_t max_operations = 100; // set to arbituary large number
	sp<IKeyMintOperation> op_handles[max_operations];		std::shared_ptr<IKeyMintOperation> op_handles[max_operations];
	AuthorizationSet out_params;		AuthorizationSet out_params;
	ErrorCode result;		ErrorCode result;
	size_t i;		size_t i;
	@@ -4040,7 +4040,7 @@ TEST_P(TransportLimitTest, LargeFinishInput) {

	INSTANTIATE_KEYMINT_AIDL_TEST(TransportLimitTest);		INSTANTIATE_KEYMINT_AIDL_TEST(TransportLimitTest);

	} // namespace android::hardware::security::keymint::test		} // namespace aidl::android::hardware::security::keymint::test

	int main(int argc, char** argv) {		int main(int argc, char** argv) {
	::testing::InitGoogleTest(&argc, argv);		::testing::InitGoogleTest(&argc, argv);