Snap for 11219529 from 0070c5a549188eaa17b5a4eabf1226891f5d6779 to mainline-tzdata4-releaseaml_tz4_332714070 aml_tz4_332714050 aml_tz4_332714010 aml_tz4_332714010

Change-Id: I8a7e8eaa5d747d009a32cea0205e84337e8e9d3d
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-12-14 16:40:16 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-12-14 16:40:16 +0000
commit: 1ec429f8b763fd1b419afcfebd6e5bc701c8563f (patch)
tree: e9d5fdb793233821e76ab8bffb412a5ef699df54
parent: c82d60ab0d0f0112752486c9b2f5e38e546772ff (diff)
parent: 0070c5a549188eaa17b5a4eabf1226891f5d6779 (diff)
download: kernel-aml_tz4_332714010.tar.gz
5 files changed, 45 insertions, 20 deletions
diff --git a/encryption/utils.cpp b/encryption/utils.cpp
index da3632cf..b7a0b575 100644
--- a/encryption/utils.cpp
+++ b/encryption/utils.cpp
@@ -37,6 +37,36 @@ using namespace android::dm;
 
 namespace android {
 namespace kernel {
+// Context in fixed input string comprises of software provided context,
+// padding to eight bytes (if required) and the key policy.
+static const std::vector<std::vector<uint8_t>> HwWrappedEncryptionKeyContexts =
+    {
+        {'i',  'n',  'l',  'i',  'n',  'e',  ' ',  'e',  'n', 'c', 'r', 'y',
+         'p',  't',  'i',  'o',  'n',  ' ',  'k',  'e',  'y', 0x0, 0x0, 0x0,
+         0x00, 0x00, 0x00, 0x02, 0x43, 0x00, 0x82, 0x50, 0x0, 0x0, 0x0, 0x0},
+        // Below for "legacy && kdf tied to Trusted Execution
+        // Environment(TEE)".
+        // Where as above caters ( "all latest targets" || ("legacy && kdf
+        // not tied to TEE)).
+        {'i',  'n',  'l',  'i',  'n',  'e',  ' ',  'e',  'n', 'c', 'r', 'y',
+         'p',  't',  'i',  'o',  'n',  ' ',  'k',  'e',  'y', 0x0, 0x0, 0x0,
+         0x00, 0x00, 0x00, 0x01, 0x43, 0x00, 0x82, 0x18, 0x0, 0x0, 0x0, 0x0},
+};
+
+static bool GetKdfContext(std::vector<uint8_t> *ctx) {
+  std::string kdf =
+      android::base::GetProperty("ro.crypto.hw_wrapped_keys.kdf", "v1");
+  if (kdf == "v1") {
+    *ctx = HwWrappedEncryptionKeyContexts[0];
+    return true;
+  }
+  if (kdf == "legacykdf") {
+    *ctx = HwWrappedEncryptionKeyContexts[1];
+    return true;
+  }
+  ADD_FAILURE() << "Unknown KDF: " << kdf;
+  return false;
+}
 
 // Offset in bytes to the filesystem superblock, relative to the beginning of
 // the block device
@@ -403,17 +433,12 @@ bool DeriveHwWrappedEncryptionKey(const std::vector<uint8_t> &master_key,
                                   std::vector<uint8_t> *enc_key) {
   std::vector<uint8_t> label{0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
                              0x00, 0x00, 0x00, 0x00, 0x20};
-  // Context in fixed input string comprises of software provided context,
-  // padding to eight bytes (if required) and the key policy.
-  std::vector<uint8_t> context = {
-      'i', 'n', 'l', 'i', 'n', 'e', ' ', 'e',
-      'n', 'c', 'r', 'y', 'p', 't', 'i', 'o',
-      'n', ' ', 'k', 'e', 'y', 0x0, 0x0, 0x0,
-      0x00, 0x00, 0x00, 0x02, 0x43, 0x00, 0x82, 0x50,
-      0x0,  0x0,  0x0,  0x0};
-
-  return AesCmacKdfHelper(master_key, label, context, kAes256XtsKeySize,
-                          enc_key);
+
+  std::vector<uint8_t> ctx;
+
+  if (!GetKdfContext(&ctx)) return false;
+
+  return AesCmacKdfHelper(master_key, label, ctx, kAes256XtsKeySize, enc_key);
 }
 
 bool DeriveHwWrappedRawSecret(const std::vector<uint8_t> &master_key,
diff --git a/linux_kselftest/testcases/vts_linux_kselftest_arm_32.xml b/linux_kselftest/testcases/vts_linux_kselftest_arm_32.xml
index 75426602..0394223f 100644
--- a/linux_kselftest/testcases/vts_linux_kselftest_arm_32.xml
+++ b/linux_kselftest/testcases/vts_linux_kselftest_arm_32.xml
@@ -32,9 +32,9 @@
 
     <test class="com.android.tradefed.testtype.binary.KernelTargetTest" >
         <option name="exit-code-skip" value="4" />
-	<option name="test-command-line" key="binderfs_arm_32" value="chmod 755 &ktest_dir;/filesystems/binderfs/binderfs_test; cd &ktest_dir;/filesystems/binderfs; ./binderfs_test" />
+        <option name="test-command-line" key="binderfs_arm_32" value="chmod 755 &ktest_dir;/filesystems/binderfs/binderfs_test; cd &ktest_dir;/filesystems/binderfs; ./binderfs_test" />
         <option name="test-command-line" key="capabilities_test_execve_arm_32" value="chmod 755 &ktest_dir;/capabilities/test_execve; cd &ktest_dir;/capabilities; ./test_execve" />
-        <option name="test-command-line" key="futex_functional_run.sh_arm_32" value="chmod 755 &ktest_dir;/futex/functional/run.sh; cd &ktest_dir;/futex/functional; ./run.sh" />
+        <option name="test-command-line" key="futex_functional_run.sh_arm_32" value="chmod 755 &ktest_dir;/futex/functional/run.sh; cd &ktest_dir;/futex/functional; USE_COLOR=0 ./run.sh" />
         <option name="test-command-line" key="kcmp_kcmp_test_arm_32" value="chmod 755 &ktest_dir;/kcmp/kcmp_test; cd &ktest_dir;/kcmp; ./kcmp_test" />
         <option name="test-command-line" key="net_reuseaddr_conflict_arm_32" value="chmod 755 &ktest_dir;/net/reuseaddr_conflict; cd &ktest_dir;/net; ./reuseaddr_conflict" />
         <option name="test-command-line" key="net_socket_arm_32" value="chmod 755 &ktest_dir;/net/socket; cd &ktest_dir;/net; ./socket" />
diff --git a/linux_kselftest/testcases/vts_linux_kselftest_arm_64.xml b/linux_kselftest/testcases/vts_linux_kselftest_arm_64.xml
index 2a33f2c2..0cbe6945 100644
--- a/linux_kselftest/testcases/vts_linux_kselftest_arm_64.xml
+++ b/linux_kselftest/testcases/vts_linux_kselftest_arm_64.xml
@@ -32,12 +32,12 @@
 
     <test class="com.android.tradefed.testtype.binary.KernelTargetTest" >
         <option name="exit-code-skip" value="4" />
-	<option name="test-command-line" key="binderfs_arm_64" value="chmod 755 &ktest_dir;/filesystems/binderfs/binderfs_test; cd &ktest_dir;/filesystems/binderfs; ./binderfs_test" />
+        <option name="test-command-line" key="binderfs_arm_64" value="chmod 755 &ktest_dir;/filesystems/binderfs/binderfs_test; cd &ktest_dir;/filesystems/binderfs; ./binderfs_test" />
         <option name="test-command-line" key="breakpoints_breakpoint_test_arm64_arm_64" value="chmod 755 &ktest_dir;/breakpoints/breakpoint_test_arm64; cd &ktest_dir;/breakpoints; ./breakpoint_test_arm64" />
         <option name="test-command-line" key="capabilities_test_execve_arm_64" value="chmod 755 &ktest_dir;/capabilities/test_execve; cd &ktest_dir;/capabilities; ./test_execve" />
-        <option name="test-command-line" key="futex_functional_run.sh_arm_64" value="chmod 755 &ktest_dir;/futex/functional/run.sh; cd &ktest_dir;/futex/functional; ./run.sh" />
+        <option name="test-command-line" key="futex_functional_run.sh_arm_64" value="chmod 755 &ktest_dir;/futex/functional/run.sh; cd &ktest_dir;/futex/functional; USE_COLOR=0 ./run.sh" />
         <option name="test-command-line" key="kcmp_kcmp_test_arm_64" value="chmod 755 &ktest_dir;/kcmp/kcmp_test; cd &ktest_dir;/kcmp; ./kcmp_test" />
-	<option name="test-command-line" key="kvm_pvm_wipe_mem_arm_64" value="chmod 755 &ktest_dir;/kvm/aarch64/pvm_wipe_mem; cd &ktest_dir;/kvm/aarch64; ./pvm_wipe_mem" />
+        <option name="test-command-line" key="kvm_pvm_wipe_mem_arm_64" value="chmod 755 &ktest_dir;/kvm/aarch64/pvm_wipe_mem; cd &ktest_dir;/kvm/aarch64; ./pvm_wipe_mem" />
         <option name="test-command-line" key="net_psock_tpacket_arm_64" value="chmod 755 &ktest_dir;/net/psock_tpacket; cd &ktest_dir;/net; ./psock_tpacket" />
         <option name="test-command-line" key="net_reuseaddr_conflict_arm_64" value="chmod 755 &ktest_dir;/net/reuseaddr_conflict; cd &ktest_dir;/net; ./reuseaddr_conflict" />
         <option name="test-command-line" key="net_socket_arm_64" value="chmod 755 &ktest_dir;/net/socket; cd &ktest_dir;/net; ./socket" />
diff --git a/linux_kselftest/testcases/vts_linux_kselftest_x86_32.xml b/linux_kselftest/testcases/vts_linux_kselftest_x86_32.xml
index 01375908..60ccc0f1 100644
--- a/linux_kselftest/testcases/vts_linux_kselftest_x86_32.xml
+++ b/linux_kselftest/testcases/vts_linux_kselftest_x86_32.xml
@@ -33,9 +33,9 @@
 
     <test class="com.android.tradefed.testtype.binary.KernelTargetTest" >
         <option name="exit-code-skip" value="4" />
-	<option name="test-command-line" key="binderfs_x86_32" value="chmod 755 &ktest_dir;/filesystems/binderfs/binderfs_test; cd &ktest_dir;/filesystems/binderfs; ./binderfs_test" />
+        <option name="test-command-line" key="binderfs_x86_32" value="chmod 755 &ktest_dir;/filesystems/binderfs/binderfs_test; cd &ktest_dir;/filesystems/binderfs; ./binderfs_test" />
         <option name="test-command-line" key="capabilities_test_execve_x86_32" value="chmod 755 &ktest_dir;/capabilities/test_execve; cd &ktest_dir;/capabilities; ./test_execve" />
-        <option name="test-command-line" key="futex_functional_run.sh_x86_32" value="chmod 755 &ktest_dir;/futex/functional/run.sh; cd &ktest_dir;/futex/functional; ./run.sh" />
+        <option name="test-command-line" key="futex_functional_run.sh_x86_32" value="chmod 755 &ktest_dir;/futex/functional/run.sh; cd &ktest_dir;/futex/functional; USE_COLOR=0 ./run.sh" />
         <option name="test-command-line" key="kcmp_kcmp_test_x86_32" value="chmod 755 &ktest_dir;/kcmp/kcmp_test; cd &ktest_dir;/kcmp; ./kcmp_test" />
         <option name="test-command-line" key="net_reuseaddr_conflict_x86_32" value="chmod 755 &ktest_dir;/net/reuseaddr_conflict; cd &ktest_dir;/net; ./reuseaddr_conflict" />
         <option name="test-command-line" key="net_socket_x86_32" value="chmod 755 &ktest_dir;/net/socket; cd &ktest_dir;/net; ./socket" />
diff --git a/linux_kselftest/testcases/vts_linux_kselftest_x86_64.xml b/linux_kselftest/testcases/vts_linux_kselftest_x86_64.xml
index 2022e27c..85e5f2be 100644
--- a/linux_kselftest/testcases/vts_linux_kselftest_x86_64.xml
+++ b/linux_kselftest/testcases/vts_linux_kselftest_x86_64.xml
@@ -33,9 +33,9 @@
 
     <test class="com.android.tradefed.testtype.binary.KernelTargetTest" >
         <option name="exit-code-skip" value="4" />
-	<option name="test-command-line" key="binderfs_x86_64" value="chmod 755 &ktest_dir;/filesystems/binderfs/binderfs_test; cd &ktest_dir;/filesystems/binderfs; ./binderfs_test" />
+        <option name="test-command-line" key="binderfs_x86_64" value="chmod 755 &ktest_dir;/filesystems/binderfs/binderfs_test; cd &ktest_dir;/filesystems/binderfs; ./binderfs_test" />
         <option name="test-command-line" key="capabilities_test_execve_x86_64" value="chmod 755 &ktest_dir;/capabilities/test_execve; cd &ktest_dir;/capabilities; ./test_execve" />
-        <option name="test-command-line" key="futex_functional_run.sh_x86_64" value="chmod 755 &ktest_dir;/futex/functional/run.sh; cd &ktest_dir;/futex/functional; ./run.sh" />
+        <option name="test-command-line" key="futex_functional_run.sh_x86_64" value="chmod 755 &ktest_dir;/futex/functional/run.sh; cd &ktest_dir;/futex/functional; USE_COLOR=0 ./run.sh" />
         <option name="test-command-line" key="kcmp_kcmp_test_x86_64" value="chmod 755 &ktest_dir;/kcmp/kcmp_test; cd &ktest_dir;/kcmp; ./kcmp_test" />
         <option name="test-command-line" key="net_psock_tpacket_x86_64" value="chmod 755 &ktest_dir;/net/psock_tpacket; cd &ktest_dir;/net; ./psock_tpacket" />
         <option name="test-command-line" key="net_reuseaddr_conflict_x86_64" value="chmod 755 &ktest_dir;/net/reuseaddr_conflict; cd &ktest_dir;/net; ./reuseaddr_conflict" />
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-12-14 16:40:16 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-12-14 16:40:16 +0000
commit	1ec429f8b763fd1b419afcfebd6e5bc701c8563f (patch)
tree	e9d5fdb793233821e76ab8bffb412a5ef699df54
parent	c82d60ab0d0f0112752486c9b2f5e38e546772ff (diff)
parent	0070c5a549188eaa17b5a4eabf1226891f5d6779 (diff)
download	kernel-aml_tz4_332714010.tar.gz