Snap for 10654726 from 9face09a03c8921bf46d0707a013717a4e3e0102 to mainline-rkpd-release
Change-Id: Ia5a4002550bcb88bbe13b49d715db3f6c0e83347
diff --git a/Android.bp b/Android.bp
index 2ca2b75..acb2b89 100644
--- a/Android.bp
+++ b/Android.bp
@@ -161,6 +161,7 @@
"com.android.compos",
"com.android.conscrypt",
"com.android.extservices",
+ "com.android.ondevicepersonalization",
"com.android.resolv",
"com.android.virt",
],
@@ -302,6 +303,7 @@
"com.android.conscrypt",
"com.android.extservices",
"com.android.resolv",
+ "com.android.ondevicepersonalization",
"com.android.virt",
],
min_sdk_version: "29",
diff --git a/src/crypto/fipsmodule/self_check/self_check.c b/src/crypto/fipsmodule/self_check/self_check.c
index 525cd16..edfef6d 100644
--- a/src/crypto/fipsmodule/self_check/self_check.c
+++ b/src/crypto/fipsmodule/self_check/self_check.c
@@ -918,11 +918,6 @@
}
// TLS KDF KAT
- static const uint8_t kTLSSecret[32] = {
- 0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82,
- 0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e,
- 0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31,
- };
static const char kTLSLabel[] = "FIPS self test";
static const uint8_t kTLSSeed1[16] = {
0x8f, 0x0d, 0xe8, 0xb6, 0x90, 0x8f, 0xb1, 0xd2,
@@ -932,17 +927,45 @@
0x7d, 0x24, 0x1a, 0x9d, 0x3c, 0x59, 0xbf, 0x3c,
0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
};
- static const uint8_t kTLSOutput[32] = {
- 0xe2, 0x1d, 0xd6, 0xc2, 0x68, 0xc7, 0x57, 0x03, 0x2c, 0x2c, 0xeb,
- 0xbb, 0xb8, 0xa9, 0x7d, 0xe9, 0xee, 0xe6, 0xc9, 0x47, 0x83, 0x0a,
- 0xbd, 0x11, 0x60, 0x5d, 0xd5, 0x2c, 0x47, 0xb6, 0x05, 0x88,
+
+ static const uint8_t kTLS10Secret[32] = {
+ 0xab, 0xc3, 0x65, 0x7b, 0x09, 0x4c, 0x76, 0x28, 0xa0, 0xb2, 0x82,
+ 0x99, 0x6f, 0xe7, 0x5a, 0x75, 0xf4, 0x98, 0x4f, 0xd9, 0x4d, 0x4e,
+ 0xcc, 0x2f, 0xcf, 0x53, 0xa2, 0xc4, 0x69, 0xa3, 0xf7, 0x31,
};
- uint8_t tls_output[sizeof(kTLSOutput)];
- if (!CRYPTO_tls1_prf(EVP_sha256(), tls_output, sizeof(tls_output), kTLSSecret,
- sizeof(kTLSSecret), kTLSLabel, sizeof(kTLSLabel),
- kTLSSeed1, sizeof(kTLSSeed1), kTLSSeed2,
- sizeof(kTLSSeed2)) ||
- !check_test(kTLSOutput, tls_output, sizeof(kTLSOutput), "TLS-KDF KAT")) {
+ static const uint8_t kTLS10Output[32] = {
+ 0x69, 0x7c, 0x4e, 0x2c, 0xee, 0x82, 0xb1, 0xd2, 0x8b, 0xac, 0x90,
+ 0x7a, 0xa1, 0x8a, 0x81, 0xfe, 0xc5, 0x58, 0x45, 0x57, 0x61, 0x2f,
+ 0x7a, 0x8d, 0x80, 0xfb, 0x44, 0xd8, 0x81, 0x60, 0xe5, 0xf8,
+ };
+ uint8_t tls10_output[sizeof(kTLS10Output)];
+ if (!CRYPTO_tls1_prf(EVP_md5_sha1(), tls10_output, sizeof(tls10_output),
+ kTLS10Secret, sizeof(kTLS10Secret), kTLSLabel,
+ sizeof(kTLSLabel), kTLSSeed1, sizeof(kTLSSeed1),
+ kTLSSeed2, sizeof(kTLSSeed2)) ||
+ !check_test(kTLS10Output, tls10_output, sizeof(kTLS10Output),
+ "TLS10-KDF KAT")) {
+ fprintf(stderr, "TLS KDF failed.\n");
+ goto err;
+ }
+
+ static const uint8_t kTLS12Secret[32] = {
+ 0xc5, 0x43, 0x8e, 0xe2, 0x6f, 0xd4, 0xac, 0xbd, 0x25, 0x9f, 0xc9,
+ 0x18, 0x55, 0xdc, 0x69, 0xbf, 0x88, 0x4e, 0xe2, 0x93, 0x22, 0xfc,
+ 0xbf, 0xd2, 0x96, 0x6a, 0x46, 0x23, 0xd4, 0x2e, 0xc7, 0x81,
+ };
+ static const uint8_t kTLS12Output[32] = {
+ 0xee, 0x4a, 0xcd, 0x3f, 0xa3, 0xd3, 0x55, 0x89, 0x9e, 0x6f, 0xf1,
+ 0x38, 0x46, 0x9d, 0x2b, 0x33, 0xaa, 0x7f, 0xc4, 0x7f, 0x51, 0x85,
+ 0x8a, 0xf3, 0x13, 0x84, 0xbf, 0x53, 0x6a, 0x65, 0x37, 0x51,
+ };
+ uint8_t tls12_output[sizeof(kTLS12Output)];
+ if (!CRYPTO_tls1_prf(EVP_sha256(), tls12_output, sizeof(tls12_output),
+ kTLS12Secret, sizeof(kTLS12Secret), kTLSLabel,
+ sizeof(kTLSLabel), kTLSSeed1, sizeof(kTLSSeed1),
+ kTLSSeed2, sizeof(kTLSSeed2)) ||
+ !check_test(kTLS12Output, tls12_output, sizeof(kTLS12Output),
+ "TLS12-KDF KAT")) {
fprintf(stderr, "TLS KDF failed.\n");
goto err;
}
@@ -983,7 +1006,7 @@
!check_test(kTLS13ExpandLabelOutput, tls13_expand_label_output,
sizeof(kTLS13ExpandLabelOutput),
"CRYPTO_tls13_hkdf_expand_label")) {
- fprintf(stderr, "TLSv1.3 KDF failed.\n");
+ fprintf(stderr, "TLS13-KDF failed.\n");
goto err;
}
diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator.c b/src/crypto/fipsmodule/service_indicator/service_indicator.c
index b1ea28e..64325be 100644
--- a/src/crypto/fipsmodule/service_indicator/service_indicator.c
+++ b/src/crypto/fipsmodule/service_indicator/service_indicator.c
@@ -303,14 +303,11 @@
}
void TLSKDF_verify_service_indicator(const EVP_MD *md) {
- // HMAC-MD5, HMAC-SHA1, and HMAC-MD5/HMAC-SHA1 (both used concurrently) are
- // approved for use in the KDF in TLS 1.0/1.1.
- // HMAC-SHA{256, 384, 512} are approved for use in the KDF in TLS 1.2.
- // These Key Derivation functions are to be used in the context of the TLS
- // protocol.
+ // HMAC-MD5/HMAC-SHA1 (both used concurrently) is approved for use in the KDF
+ // in TLS 1.0/1.1. HMAC-SHA{256, 384, 512} are approved for use in the KDF in
+ // TLS 1.2. These Key Derivation functions are to be used in the context of
+ // the TLS protocol.
switch (EVP_MD_type(md)) {
- case NID_md5:
- case NID_sha1:
case NID_md5_sha1:
case NID_sha256:
case NID_sha384:
diff --git a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc
index 4389b98..41f263d 100644
--- a/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc
+++ b/src/crypto/fipsmodule/service_indicator/service_indicator_test.cc
@@ -422,24 +422,12 @@
0x31, 0x1e, 0x2b, 0x21, 0x41, 0x8d, 0x32, 0x81,
};
-static const uint8_t kTLSOutput_mdsha1[32] = {
+static const uint8_t kTLSOutput_md5_sha1[32] = {
0x36, 0xa9, 0x31, 0xb0, 0x43, 0xe3, 0x64, 0x72, 0xb9, 0x47, 0x54,
0x0d, 0x8a, 0xfc, 0xe3, 0x5c, 0x1c, 0x15, 0x67, 0x7e, 0xa3, 0x5d,
0xf2, 0x3a, 0x57, 0xfd, 0x50, 0x16, 0xe1, 0xa4, 0xa6, 0x37,
};
-static const uint8_t kTLSOutput_md[32] = {
- 0x79, 0xef, 0x46, 0xc4, 0x35, 0xbc, 0xe5, 0xda, 0xd3, 0x66, 0x91,
- 0xdc, 0x86, 0x09, 0x41, 0x66, 0xf2, 0x0c, 0xeb, 0xe6, 0xab, 0x5c,
- 0x58, 0xf4, 0x65, 0xce, 0x2f, 0x5f, 0x4b, 0x34, 0x1e, 0xa1,
-};
-
-static const uint8_t kTLSOutput_sha1[32] = {
- 0xbb, 0x0a, 0x73, 0x52, 0xf8, 0x85, 0xd7, 0xbd, 0x12, 0x34, 0x78,
- 0x3b, 0x54, 0x4c, 0x75, 0xfe, 0xd7, 0x23, 0x6e, 0x22, 0x3f, 0x42,
- 0x34, 0x99, 0x57, 0x6b, 0x14, 0xc4, 0xc8, 0xae, 0x9f, 0x4c,
-};
-
static const uint8_t kTLSOutput_sha224[32] = {
0xdd, 0xaf, 0x6f, 0xaa, 0xd9, 0x2b, 0x3d, 0xb9, 0x46, 0x4c, 0x55,
0x8a, 0xf7, 0xa6, 0x9b, 0x0b, 0x35, 0xcc, 0x07, 0xa7, 0x55, 0x5b,
@@ -1783,9 +1771,7 @@
const uint8_t *expected_output;
const FIPSStatus expect_approved;
} kKDFTestVectors[] = {
- {EVP_md5, kTLSOutput_md, FIPSStatus::APPROVED},
- {EVP_sha1, kTLSOutput_sha1, FIPSStatus::APPROVED},
- {EVP_md5_sha1, kTLSOutput_mdsha1, FIPSStatus::APPROVED},
+ {EVP_md5_sha1, kTLSOutput_md5_sha1, FIPSStatus::APPROVED},
{EVP_sha224, kTLSOutput_sha224, FIPSStatus::NOT_APPROVED},
{EVP_sha256, kTLSOutput_sha256, FIPSStatus::APPROVED},
{EVP_sha384, kTLSOutput_sha384, FIPSStatus::APPROVED},
diff --git a/src/util/fipstools/break-kat.go b/src/util/fipstools/break-kat.go
index e4d323a..67c3300 100644
--- a/src/util/fipstools/break-kat.go
+++ b/src/util/fipstools/break-kat.go
@@ -1,5 +1,3 @@
-//go:build
-
// break-kat corrupts a known-answer-test input in a binary and writes the
// corrupted binary to stdout. This is used to demonstrate that the KATs in the
// binary notice the error.
@@ -27,7 +25,8 @@
"SHA-1": "132fd9bad5c1826263bafbb699f707a5",
"SHA-256": "ff3b857da7236a2baa0f396b51522217",
"SHA-512": "212512f8d2ad8322781c6c4d69a9daa1",
- "TLS-KDF": "abc3657b094c7628a0b282996fe75a75f4984fd94d4ecc2fcf53a2c469a3f731",
+ "TLS10-KDF": "abc3657b094c7628a0b282996fe75a75f4984fd94d4ecc2fcf53a2c469a3f731",
+ "TLS12-KDF": "c5438ee26fd4acbd259fc91855dc69bf884ee29322fcbfd2966a4623d42ec781",
"TLS13-KDF": "024a0d80f357f2499a1244dac26dab66fc13ed85fca71dace146211119525874",
"RSA-sign": "d2b56e53306f720d7929d8708bf46f1c22300305582b115bedcac722d8aa5ab2",
"RSA-verify": "abe2cbc13d6bd39d48db5334ddbf8d070a93bdcb104e2cc5d0ee486ee295f6b31bda126c41890b98b73e70e6b65d82f95c663121755a90744c8d1c21148a1960be0eca446e9ff497f1345c537ef8119b9a4398e95c5c6de2b1c955905c5299d8ce7a3b6ab76380d9babdd15f610237e1f3f2aa1c1f1e770b62fbb596381b2ebdd77ecef9c90d4c92f7b6b05fed2936285fa94826e62055322a33b6f04c74ce69e5d8d737fb838b79d2d48e3daf71387531882531a95ac964d02ea413bf85952982bbc089527daff5b845c9a0f4d14ef1956d9c3acae882d12da66da0f35794f5ee32232333517db9315232a183b991654dbea41615345c885325926744a53915",
diff --git a/src/util/fipstools/test_fips.c b/src/util/fipstools/test_fips.c
index 3a1f7fc..13b8d7d 100644
--- a/src/util/fipstools/test_fips.c
+++ b/src/util/fipstools/test_fips.c
@@ -291,6 +291,19 @@
printf(" got ");
hexdump(hkdf_output, sizeof(hkdf_output));
+ /* TLS v1.0 KDF */
+ printf("About to run TLS v1.0 KDF\n");
+ uint8_t tls10_output[32];
+ if (!CRYPTO_tls1_prf(EVP_md5_sha1(), tls10_output, sizeof(tls10_output),
+ kAESKey, sizeof(kAESKey), "foo", 3, kPlaintextSHA256,
+ sizeof(kPlaintextSHA256), kPlaintextSHA256,
+ sizeof(kPlaintextSHA256))) {
+ fprintf(stderr, "TLS v1.0 KDF failed.\n");
+ goto err;
+ }
+ printf(" got ");
+ hexdump(tls10_output, sizeof(tls10_output));
+
/* TLS v1.2 KDF */
printf("About to run TLS v1.2 KDF\n");
uint8_t tls12_output[32];
