Loading security/keymint/aidl/vts/functional/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -34,6 +34,7 @@ cc_defaults { "libbinder", "libbinder_ndk", "libcrypto", "libbase", "packagemanager_aidl-cpp", ], static_libs: [ Loading security/keymint/aidl/vts/functional/AttestKeyTest.cpp +56 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,8 @@ */ #define LOG_TAG "keymint_1_attest_key_test" #include <android-base/logging.h> #include <android-base/strings.h> #include <cutils/log.h> #include <cutils/properties.h> Loading @@ -26,12 +28,61 @@ namespace aidl::android::hardware::security::keymint::test { namespace { string TELEPHONY_CMD_GET_IMEI = "cmd phone get-imei "; bool IsSelfSigned(const vector<Certificate>& chain) { if (chain.size() != 1) return false; return ChainSignaturesAreValid(chain); } /* * Run a shell command and collect the output of it. If any error, set an empty string as the * output. */ string exec_command(string command) { char buffer[128]; string result = ""; FILE* pipe = popen(command.c_str(), "r"); if (!pipe) { LOG(ERROR) << "popen failed."; return result; } // read till end of process: while (!feof(pipe)) { if (fgets(buffer, 128, pipe) != NULL) { result += buffer; } } pclose(pipe); return result; } /* * Get IMEI using Telephony service shell command. If any error while executing the command * then empty string will be returned as output. */ string get_imei(int slot) { string cmd = TELEPHONY_CMD_GET_IMEI + std::to_string(slot); string output = exec_command(cmd); if (output.empty()) { LOG(ERROR) << "Command failed. Cmd: " << cmd; return ""; } vector<string> out = ::android::base::Tokenize(::android::base::Trim(output), "Device IMEI:"); if (out.size() != 1) { LOG(ERROR) << "Error in parsing the command output. Cmd: " << cmd; return ""; } return ::android::base::Trim(out[0]); } } // namespace class AttestKeyTest : public KeyMintAidlTestBase { Loading Loading @@ -803,6 +854,11 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { "ro.product.manufacturer"); add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model"); string imei = get_imei(0); if (!imei.empty()) { attestation_id_tags.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size()); } for (const KeyParameter& tag : attestation_id_tags) { SCOPED_TRACE(testing::Message() << "+tag-" << tag); // Use attestation key to sign an ECDSA key, but include an attestation ID field. Loading Loading
security/keymint/aidl/vts/functional/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -34,6 +34,7 @@ cc_defaults { "libbinder", "libbinder_ndk", "libcrypto", "libbase", "packagemanager_aidl-cpp", ], static_libs: [ Loading
security/keymint/aidl/vts/functional/AttestKeyTest.cpp +56 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,8 @@ */ #define LOG_TAG "keymint_1_attest_key_test" #include <android-base/logging.h> #include <android-base/strings.h> #include <cutils/log.h> #include <cutils/properties.h> Loading @@ -26,12 +28,61 @@ namespace aidl::android::hardware::security::keymint::test { namespace { string TELEPHONY_CMD_GET_IMEI = "cmd phone get-imei "; bool IsSelfSigned(const vector<Certificate>& chain) { if (chain.size() != 1) return false; return ChainSignaturesAreValid(chain); } /* * Run a shell command and collect the output of it. If any error, set an empty string as the * output. */ string exec_command(string command) { char buffer[128]; string result = ""; FILE* pipe = popen(command.c_str(), "r"); if (!pipe) { LOG(ERROR) << "popen failed."; return result; } // read till end of process: while (!feof(pipe)) { if (fgets(buffer, 128, pipe) != NULL) { result += buffer; } } pclose(pipe); return result; } /* * Get IMEI using Telephony service shell command. If any error while executing the command * then empty string will be returned as output. */ string get_imei(int slot) { string cmd = TELEPHONY_CMD_GET_IMEI + std::to_string(slot); string output = exec_command(cmd); if (output.empty()) { LOG(ERROR) << "Command failed. Cmd: " << cmd; return ""; } vector<string> out = ::android::base::Tokenize(::android::base::Trim(output), "Device IMEI:"); if (out.size() != 1) { LOG(ERROR) << "Error in parsing the command output. Cmd: " << cmd; return ""; } return ::android::base::Trim(out[0]); } } // namespace class AttestKeyTest : public KeyMintAidlTestBase { Loading Loading @@ -803,6 +854,11 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { "ro.product.manufacturer"); add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model"); string imei = get_imei(0); if (!imei.empty()) { attestation_id_tags.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size()); } for (const KeyParameter& tag : attestation_id_tags) { SCOPED_TRACE(testing::Message() << "+tag-" << tag); // Use attestation key to sign an ECDSA key, but include an attestation ID field. Loading
