Merge "Use non nostd secretkeeper_* libraries" into main
diff --git a/audio/aidl/default/ModulePrimary.cpp b/audio/aidl/default/ModulePrimary.cpp
index 6cb9251..7121fe1 100644
--- a/audio/aidl/default/ModulePrimary.cpp
+++ b/audio/aidl/default/ModulePrimary.cpp
@@ -115,7 +115,7 @@
desc->sharedMemory.fd = ndk::ScopedFileDescriptor(fd);
desc->sharedMemory.size = bufferSizeBytes;
desc->burstSizeFrames = bufferSizeFrames / 2;
- desc->flags = 0;
+ desc->flags = 1 << MmapBufferDescriptor::FLAG_INDEX_APPLICATION_SHAREABLE;
LOG(DEBUG) << __func__ << ": " << desc->toString();
return ndk::ScopedAStatus::ok();
}
diff --git a/audio/aidl/default/stub/StreamMmapStub.cpp b/audio/aidl/default/stub/StreamMmapStub.cpp
index f48aea4..5516702 100644
--- a/audio/aidl/default/stub/StreamMmapStub.cpp
+++ b/audio/aidl/default/stub/StreamMmapStub.cpp
@@ -269,7 +269,7 @@
desc->sharedMemory.fd = mSharedMemoryFd.dup();
desc->sharedMemory.size = bufferSizeBytes;
desc->burstSizeFrames = bufferSizeFrames / 2;
- desc->flags = 0;
+ desc->flags = 1 << MmapBufferDescriptor::FLAG_INDEX_APPLICATION_SHAREABLE;
LOG(DEBUG) << __func__ << ": " << desc->toString();
return ndk::ScopedAStatus::ok();
}
diff --git a/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp b/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
index 5b78981..6ea6453 100644
--- a/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
+++ b/audio/aidl/vts/VtsHalAudioEffectTargetTest.cpp
@@ -72,8 +72,9 @@
mEffect.reset();
}
}
-
- static const long kInputFrameCount = 0x100, kOutputFrameCount = 0x100;
+ // Ensuring frame count keeps input clip duration above 10 ms, as
+ // preprocessing effect tests pass only for durations exceeding 10 ms.
+ static const long kInputFrameCount = 512, kOutputFrameCount = 512;
std::shared_ptr<IFactory> mFactory;
std::shared_ptr<IEffect> mEffect;
Descriptor mDescriptor;
diff --git a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
index 98f7d79..7553b0f 100644
--- a/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
+++ b/audio/aidl/vts/VtsHalDynamicsProcessingTest.cpp
@@ -120,7 +120,7 @@
void setParamsAndProcess(std::vector<float>& input, std::vector<float>& output);
- float calculateDb(const std::vector<float>& input, size_t startSamplePos);
+ float calculateDb(const std::vector<float>& input, size_t startSamplePos, size_t endSamplePos);
void getMagnitudeValue(const std::vector<float>& output, std::vector<float>& bufferMag);
@@ -430,9 +430,11 @@
// This function calculates power for both and mono and stereo data as the total power for
// interleaved multichannel data can be calculated by treating it as a continuous mono input.
float DynamicsProcessingTestHelper::calculateDb(const std::vector<float>& input,
- size_t startSamplePos = 0) {
+ size_t startSamplePos = 0,
+ size_t endSamplePos = 0) {
+ size_t sampleCount = (endSamplePos == 0 ? input.size() : endSamplePos) - startSamplePos;
return audio_utils_compute_power_mono(input.data() + startSamplePos, AUDIO_FORMAT_PCM_FLOAT,
- input.size() - startSamplePos);
+ sampleCount);
}
void DynamicsProcessingTestHelper::setParamsAndProcess(std::vector<float>& input,
@@ -900,6 +902,54 @@
}
}
+ void testReleaseTimeParam(float thresholdDb, bool isLimiterEngaged) {
+ for (size_t i = mInput.size() / 2; i < mInput.size(); i++) {
+ mInput[i] = mInput[i] / 2;
+ }
+ float firstHalfDb = calculateDb(mInput, 0, mInput.size() / 2);
+ float secondHalfDb = calculateDb(mInput, mInput.size() / 2, mInput.size());
+ mInputDb = calculateDb(mInput, 0, mInput.size());
+
+ float referenceDb;
+ if (isLimiterEngaged) {
+ ASSERT_TRUE(thresholdDb < firstHalfDb && thresholdDb >= secondHalfDb)
+ << "Threshold level: " << thresholdDb << "First half level: " << firstHalfDb
+ << "Second half level: " << secondHalfDb;
+ referenceDb = FLT_MAX;
+ } else {
+ ASSERT_TRUE(thresholdDb > firstHalfDb && thresholdDb > secondHalfDb)
+ << "Threshold level: " << thresholdDb << "First half level: " << firstHalfDb
+ << "Second half level: " << secondHalfDb;
+ referenceDb = mInputDb;
+ }
+ std::vector<float> output(mInput.size());
+ for (float releaseTimeMs : kReleaseTimeMsValues) {
+ cleanUpLimiterConfig();
+ for (int i = 0; i < mChannelCount; i++) {
+ fillLimiterConfig(mLimiterConfigList, i, true, kDefaultLinkerGroup,
+ kDefaultAttackTime, releaseTimeMs, kDefaultRatio, thresholdDb,
+ kDefaultPostGain);
+ }
+ ASSERT_NO_FATAL_FAILURE(setLimiterParamsAndProcess(mInput, output));
+ if (!isAllParamsValid()) {
+ continue;
+ }
+ float outputDb = calculateDb(output, kStartIndex);
+ if (isLimiterEngaged) {
+ /*Release time determines how quickly the compressor returns to normal after the
+ * input falls below the threshold. As the release time increases, it takes longer
+ * for the compressor to stop compressing, resulting in a decrease in output
+ * decibels as the release time increases*/
+ ASSERT_LT(outputDb, referenceDb) << "Release Time: " << releaseTimeMs;
+ referenceDb = outputDb;
+ } else {
+ // No change in the outputdB when the limiter is not enganged
+ EXPECT_NEAR(outputDb, referenceDb, kToleranceDb)
+ << "Release Time: " << releaseTimeMs;
+ }
+ }
+ }
+
void cleanUpLimiterConfig() {
CleanUp();
mLimiterConfigList.clear();
@@ -913,6 +963,7 @@
static constexpr float kLimiterTestToleranceDb = 0.05;
static constexpr float kMinDifferenceDb = 5;
const std::vector<bool> kEnableValues = {true, false, true};
+ const std::vector<float> kReleaseTimeMsValues = {0, 10, 20, 30, 40, 50};
std::vector<DynamicsProcessing::LimiterConfig> mLimiterConfigList;
int mBufferSize;
};
@@ -1007,6 +1058,18 @@
}
}
+TEST_P(DynamicsProcessingLimiterConfigDataTest, LimiterReleaseTime) {
+ // Using a threshold dB value that compresses only the first half of the input.
+ float thresholdDb = -7;
+ ASSERT_NO_FATAL_FAILURE(testReleaseTimeParam(thresholdDb, true));
+}
+
+TEST_P(DynamicsProcessingLimiterConfigDataTest, LimiterNotEngagedReleaseTimeTest) {
+ // Using threshold value such that limiter does not engage with the input
+ float thresholdDb = -1;
+ ASSERT_NO_FATAL_FAILURE(testReleaseTimeParam(thresholdDb, false));
+}
+
INSTANTIATE_TEST_SUITE_P(DynamicsProcessingTest, DynamicsProcessingLimiterConfigDataTest,
testing::ValuesIn(EffectFactoryHelper::getAllEffectDescriptors(
IFactory::descriptor, getEffectTypeUuidDynamicsProcessing())),
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
index b82dee6..3efa337 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl
@@ -32,21 +32,27 @@
*/
int versionNumber;
- /* securityLevel is the security level of the IKeyMintDevice implementation accessed
- * through this aidl package. */
+ /**
+ * securityLevel is the security level of the IKeyMintDevice implementation accessed
+ * through this aidl package.
+ */
SecurityLevel securityLevel = SecurityLevel.SOFTWARE;
- /* keyMintName is the name of the IKeyMintDevice implementation. */
+ /**
+ * keyMintName is the name of the IKeyMintDevice implementation. The name must not be empty.
+ */
@utf8InCpp String keyMintName;
- /* keyMintAuthorName is the name of the author of the IKeyMintDevice implementation
- * (organization name, not individual). This name is implementation defined,
- * so it can be used to distinguish between different implementations from the
- * same author.
+ /**
+ * keyMintAuthorName is the name of the author of the IKeyMintDevice implementation
+ * (organization name, not individual). This name is implementation defined, so it can be used
+ * to distinguish between different implementations from the same author. The name must not be
+ * empty.
*/
@utf8InCpp String keyMintAuthorName;
- /* The timestampTokenRequired is a boolean flag, which when true reflects that IKeyMintDevice
+ /**
+ * The timestampTokenRequired is a boolean flag, which when true reflects that IKeyMintDevice
* instance will expect a valid TimeStampToken with various operations. This will typically
* required by the StrongBox implementations that generally don't have secure clock hardware to
* generate timestamp tokens.
diff --git a/security/keymint/aidl/vts/functional/AuthTest.cpp b/security/keymint/aidl/vts/functional/AuthTest.cpp
index f435513..b3bf4d3 100644
--- a/security/keymint/aidl/vts/functional/AuthTest.cpp
+++ b/security/keymint/aidl/vts/functional/AuthTest.cpp
@@ -28,6 +28,7 @@
#include <aidl/android/hardware/security/secureclock/ISecureClock.h>
#include <android-base/logging.h>
#include <android/binder_manager.h>
+#include <vendorsupport/api_level.h>
using aidl::android::hardware::gatekeeper::GatekeeperEnrollResponse;
using aidl::android::hardware::gatekeeper::GatekeeperVerifyResponse;
@@ -540,6 +541,92 @@
Finish(message, {} /* signature */, &ciphertext, dodgy_hat.value()));
}
+// Test use of a key with large message that requires an auth token for each action on the
+// operation, with a per-operation challenge value included.
+TEST_P(AuthTest, AuthPerOperationLargeMessage) {
+ if (!GatekeeperAvailable()) {
+ GTEST_SKIP() << "No Gatekeeper available";
+ }
+ if (SecLevel() == SecurityLevel::STRONGBOX &&
+ get_vendor_api_level() <= AVendorSupport_getVendorApiLevelOf(__ANDROID_API_V__)) {
+ // Certain Strongbox implementations incorrectly handle Auth-bound key
+ // operations with large input messages, leading to VERIFICATION_FAILED
+ // error. This test is skipped for these older implementations.
+ GTEST_SKIP() << "Skip test on StrongBox device with vendor-api-level <= __ANDROID_API_V__";
+ }
+
+ // Create an AES key that requires authentication per-action.
+ auto builder = AuthorizationSetBuilder()
+ .AesEncryptionKey(256)
+ .BlockMode(BlockMode::CBC)
+ .Padding(PaddingMode::PKCS7)
+ .Authorization(TAG_USER_SECURE_ID, sid_)
+ .Authorization(TAG_USER_AUTH_TYPE, HardwareAuthenticatorType::PASSWORD);
+ vector<uint8_t> keyblob;
+ vector<KeyCharacteristics> key_characteristics;
+ vector<Certificate> cert_chain;
+ ASSERT_EQ(ErrorCode::OK,
+ GenerateKey(builder, std::nullopt, &keyblob, &key_characteristics, &cert_chain));
+
+ vector<vector<size_t>> chunk_sizes = {
+ {2048},
+ {2048, 0},
+ {1024, 1024},
+ {1024, 1024, 0},
+ {512, 512, 512, 512},
+ {512, 512, 512, 512, 0},
+ };
+ auto params = AuthorizationSetBuilder().BlockMode(BlockMode::CBC).Padding(PaddingMode::PKCS7);
+
+ for (const auto& chunks : chunk_sizes) {
+ AuthorizationSet out_params;
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, keyblob, params, &out_params));
+ auto iv = out_params.GetTagValue(TAG_NONCE);
+ EXPECT_TRUE(iv);
+
+ // Get a HAT with the challenge from an in-progress operation.
+ auto hat = doVerify(challenge_, handle_, password_);
+ ASSERT_TRUE(hat.has_value());
+ ASSERT_EQ(hat->userId, sid_);
+
+ // Encrypt in the given chunk sizes.
+ string message;
+ string ciphertext;
+ for (int i = 0; i < chunks.size(); i++) {
+ SCOPED_TRACE(testing::Message()
+ << "chunk[" << i << "] of " << chunks.size() << ", size " << chunks[i]);
+ string msg_chunk = string(chunks[i], 'A');
+ string ct_chunk;
+ if (i < chunks.size() - 1) {
+ // Pass in n-1 chunks to `update()`
+ std::cerr << "Update(size=" << chunks[i] << ")\n";
+ ASSERT_EQ(ErrorCode::OK, Update(msg_chunk, &ct_chunk, hat.value(), {}));
+ } else {
+ // Pass the final chunk to `finish()`
+ std::cerr << "Finish(size=" << chunks[i] << ")\n";
+ ASSERT_EQ(ErrorCode::OK,
+ Finish(msg_chunk, {} /* signature */, &ct_chunk, hat.value()));
+ }
+ message += msg_chunk;
+ ciphertext += ct_chunk;
+ }
+
+ auto params_iv = AuthorizationSetBuilder().Authorizations(params).Authorization(TAG_NONCE,
+ iv->get());
+ out_params.Clear();
+ // Decrypt in one go
+ ASSERT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, keyblob, params_iv, &out_params));
+ hat = doVerify(challenge_, handle_, password_);
+ ASSERT_TRUE(hat.has_value());
+ ASSERT_EQ(hat->userId, sid_);
+
+ string plaintext;
+ ASSERT_EQ(ErrorCode::OK, Finish(ciphertext, {} /* signature */, &plaintext, hat.value()));
+
+ EXPECT_EQ(message, plaintext);
+ }
+}
+
// Test use of a key that requires an auth token for each action on the operation, with
// a per-operation challenge value included, with multiple secure IDs allowed.
TEST_P(AuthTest, AuthPerOperationMultiSid) {
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 0ec76a5..22c1511 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -730,7 +730,9 @@
{} /* verificationToken */));
}
-ErrorCode KeyMintAidlTestBase::Update(const string& input, string* output) {
+ErrorCode KeyMintAidlTestBase::Update(const string& input, string* output,
+ std::optional<HardwareAuthToken> hat,
+ std::optional<secureclock::TimeStampToken> time_token) {
SCOPED_TRACE("Update");
Status result;
@@ -740,7 +742,7 @@
if (!op_) return ErrorCode::UNEXPECTED_NULL_POINTER;
std::vector<uint8_t> o_put;
- result = op_->update(vector<uint8_t>(input.begin(), input.end()), {}, {}, &o_put);
+ result = op_->update(vector<uint8_t>(input.begin(), input.end()), hat, time_token, &o_put);
if (result.isOk()) {
output->append(o_put.begin(), o_put.end());
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 6c327bb..d4ce034 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -173,7 +173,9 @@
ErrorCode Begin(KeyPurpose purpose, const AuthorizationSet& in_params);
ErrorCode UpdateAad(const string& input);
- ErrorCode Update(const string& input, string* output);
+ ErrorCode Update(const string& input, string* output) { return Update(input, output, {}, {}); }
+ ErrorCode Update(const string& input, string* output, std::optional<HardwareAuthToken> hat,
+ std::optional<secureclock::TimeStampToken> time_token);
ErrorCode Finish(const string& message, const string& signature, string* output,
std::optional<HardwareAuthToken> hat = std::nullopt,
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 5a6eea1..0c3bbfb 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -8198,6 +8198,18 @@
EXPECT_EQ(info, info2);
}
+TEST_P(GetHardwareInfoTest, GetHardwareInfoNonEmptyNames) {
+ KeyMintHardwareInfo info;
+ ASSERT_TRUE(keyMint().getHardwareInfo(&info).isOk());
+ int vendor_api_level = get_vendor_api_level();
+ if (vendor_api_level <= 202504) {
+ GTEST_SKIP() << "Applies only to vendor API level > 202504, but this device is: "
+ << vendor_api_level;
+ }
+ EXPECT_NE(info.keyMintName, "");
+ EXPECT_NE(info.keyMintAuthorName, "");
+}
+
INSTANTIATE_KEYMINT_AIDL_TEST(GetHardwareInfoTest);
typedef KeyMintAidlTestBase AddEntropyTest;
