Merge changes I487000cc,I9310a851

HardwareAuthToken hidlVec2AuthToken(const hidl_vec<uint8_t>& buffer);

hidl_vec<uint8_t> authToken2HidlVec(const HardwareAuthToken& token);

uint32_t getOsVersion();

uint32_t getOsPatchlevel();

}  // namespace support

}  // namespace V4_0

}  // namespace keymaster

 * limitations under the License.

 */

#include <regex.h>

#include <android-base/properties.h>

#include <hardware/hw_auth_token.h>

#include <keymasterV4_0/keymaster_utils.h>

namespace android {

namespace hardware {

namespace android::hardware {

inline static bool operator<(const hidl_vec<uint8_t>& a, const hidl_vec<uint8_t>& b) {

    auto result = memcmp(a.data(), b.data(), std::min(a.size(), b.size()));

    return memcmp(a.data(), b.data(), SIZE) == -1;

}

namespace keymaster {

namespace V4_0 {

namespace keymaster::V4_0 {

bool operator<(const HmacSharingParameters& a, const HmacSharingParameters& b) {

    return std::tie(a.seed, a.nonce) < std::tie(b.seed, b.nonce);

    return token;

}

namespace {

constexpr char kPlatformVersionProp[] = "ro.build.version.release";

constexpr char kPlatformVersionRegex[] = "^([0-9]{1,2})(\\.([0-9]{1,2}))?(\\.([0-9]{1,2}))?";

constexpr size_t kMajorVersionMatch = 1;

constexpr size_t kMinorVersionMatch = 3;

constexpr size_t kSubminorVersionMatch = 5;

constexpr size_t kPlatformVersionMatchCount = kSubminorVersionMatch + 1;

constexpr char kPlatformPatchlevelProp[] = "ro.build.version.security_patch";

constexpr char kPlatformPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$";

constexpr size_t kYearMatch = 1;

constexpr size_t kMonthMatch = 2;

constexpr size_t kPlatformPatchlevelMatchCount = kMonthMatch + 1;

uint32_t match_to_uint32(const char* expression, const regmatch_t& match) {

    if (match.rm_so == -1) return 0;

    size_t len = match.rm_eo - match.rm_so;

    std::string s(expression + match.rm_so, len);

    return std::stoul(s);

}

std::string wait_and_get_property(const char* prop) {

    std::string prop_value;

    while (!android::base::WaitForPropertyCreation(prop))

        ;

    prop_value = android::base::GetProperty(prop, "" /* default */);

    return prop_value;

}

}  // anonymous namespace

uint32_t getOsVersion(const char* version_str) {

    regex_t regex;

    if (regcomp(&regex, kPlatformVersionRegex, REG_EXTENDED)) {

        return 0;

    }

    regmatch_t matches[kPlatformVersionMatchCount];

    int not_match =

            regexec(&regex, version_str, kPlatformVersionMatchCount, matches, 0 /* flags */);

    regfree(&regex);

    if (not_match) {

        return 0;

    }

    uint32_t major = match_to_uint32(version_str, matches[kMajorVersionMatch]);

    uint32_t minor = match_to_uint32(version_str, matches[kMinorVersionMatch]);

    uint32_t subminor = match_to_uint32(version_str, matches[kSubminorVersionMatch]);

    return (major * 100 + minor) * 100 + subminor;

}

uint32_t getOsVersion() {

    std::string version = wait_and_get_property(kPlatformVersionProp);

    return getOsVersion(version.c_str());

}

uint32_t getOsPatchlevel(const char* patchlevel_str) {

    regex_t regex;

    if (regcomp(&regex, kPlatformPatchlevelRegex, REG_EXTENDED) != 0) {

        return 0;

    }

    regmatch_t matches[kPlatformPatchlevelMatchCount];

    int not_match =

            regexec(&regex, patchlevel_str, kPlatformPatchlevelMatchCount, matches, 0 /* flags */);

    regfree(&regex);

    if (not_match) {

        return 0;

    }

    uint32_t year = match_to_uint32(patchlevel_str, matches[kYearMatch]);

    uint32_t month = match_to_uint32(patchlevel_str, matches[kMonthMatch]);

    if (month < 1 || month > 12) {

        return 0;

    }

    return year * 100 + month;

}

uint32_t getOsPatchlevel() {

    std::string patchlevel = wait_and_get_property(kPlatformPatchlevelProp);

    return getOsPatchlevel(patchlevel.c_str());

}

}  // namespace support

}  // namespace V4_0

}  // namespace keymaster

}  // namespace hardware

}  // namespace android

}  // namespace keymaster::V4_0

}  // namespace android::hardware

        "android.hardware.keymaster@4.0",

        "libcrypto_static",

        "libkeymaster4support",

        "libsoftkeymasterdevice",

    ],

    test_suites: ["general-tests", "vts-core"],

    test_suites: [

        "general-tests",

        "vts-core",

    ],

}

 */

class HmacKeySharingTest : public KeymasterHidlTest {

   protected:

     const std::vector<sp<IKeymasterDevice>>& allKeymasters() {

         if (all_keymasters_.empty()) {

             auto names = android::hardware::getAllHalInstanceNames(IKeymasterDevice::descriptor);

             for (const auto& name : names) {

                 all_keymasters_.push_back(IKeymasterDevice::getService(name));

             }

         }

         return all_keymasters_;

     }

    struct GetParamsResult {

        ErrorCode error;

        HmacSharingParameters params;

            EXPECT_EQ(expected, response.sharing_check) << "Sharing check values should match.";

        }

    }

  private:

    static std::vector<sp<IKeymasterDevice>> all_keymasters_;

};

std::vector<sp<IKeymasterDevice>> HmacKeySharingTest::all_keymasters_;

TEST_P(HmacKeySharingTest, GetParameters) {

    auto result1 = getHmacSharingParameters(keymaster());

    EXPECT_EQ(ErrorCode::OK, result1.error);

}

TEST_P(HmacKeySharingTest, ComputeSharedHmac) {

    auto params = getHmacSharingParameters(all_keymasters());

    ASSERT_EQ(all_keymasters().size(), params.size())

    auto params = getHmacSharingParameters(allKeymasters());

    ASSERT_EQ(allKeymasters().size(), params.size())

            << "One or more keymasters failed to provide parameters.";

    auto nonces = copyNonces(params);

    EXPECT_EQ(all_keymasters().size(), nonces.size());

    EXPECT_EQ(allKeymasters().size(), nonces.size());

    std::sort(nonces.begin(), nonces.end());

    std::unique(nonces.begin(), nonces.end());

    EXPECT_EQ(all_keymasters().size(), nonces.size());

    EXPECT_EQ(allKeymasters().size(), nonces.size());

    auto responses = computeSharedHmac(all_keymasters(), params);

    auto responses = computeSharedHmac(allKeymasters(), params);

    ASSERT_GT(responses.size(), 0U);

    verifyResponses(responses[0].sharing_check, responses);

    // Do it a second time.  Should get the same answers.

    params = getHmacSharingParameters(all_keymasters());

    ASSERT_EQ(all_keymasters().size(), params.size())

    params = getHmacSharingParameters(allKeymasters());

    ASSERT_EQ(allKeymasters().size(), params.size())

            << "One or more keymasters failed to provide parameters.";

    responses = computeSharedHmac(all_keymasters(), params);

    responses = computeSharedHmac(allKeymasters(), params);

    ASSERT_GT(responses.size(), 0U);

    ASSERT_EQ(32U, responses[0].sharing_check.size());

    verifyResponses(responses[0].sharing_check, responses);

    // sync with respect to the HMAC key.  Granted that VTS tests aren't run on in-use production

    // devices, this still has the potential to cause confusion.  To mitigate that, we always

    // (barring crashes :-/) re-run the unmodified agreement process on our way out.

    auto fixup_hmac = finally(

        [&]() { computeSharedHmac(all_keymasters(), getHmacSharingParameters(all_keymasters())); });

    auto fixup_hmac = finally([&]() {

        computeSharedHmac(allKeymasters(), getHmacSharingParameters(allKeymasters()));

    });

    auto params = getHmacSharingParameters(all_keymasters());

    ASSERT_EQ(all_keymasters().size(), params.size())

    auto params = getHmacSharingParameters(allKeymasters());

    ASSERT_EQ(allKeymasters().size(), params.size())

            << "One or more keymasters failed to provide parameters.";

    // All should be well in the normal case

    auto responses = computeSharedHmac(all_keymasters(), params);

    auto responses = computeSharedHmac(allKeymasters(), params);

    ASSERT_GT(responses.size(), 0U);

    HidlBuf correct_response = responses[0].sharing_check;

    uint8_t bit_to_tweak = rand() % 8;

    params[param_to_tweak].nonce[byte_to_tweak] ^= (1 << bit_to_tweak);

    responses = computeSharedHmac(all_keymasters(), params);

    responses = computeSharedHmac(allKeymasters(), params);

    for (size_t i = 0; i < responses.size(); ++i) {

        if (i == param_to_tweak) {

            EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error)

    // sync with respect to the HMAC key.  Granted that VTS tests aren't run on in-use production

    // devices, this still has the potential to cause confusion.  To mitigate that, we always

    // (barring crashes :-/) re-run the unmodified agreement process on our way out.

    auto fixup_hmac = finally(

        [&]() { computeSharedHmac(all_keymasters(), getHmacSharingParameters(all_keymasters())); });

    auto fixup_hmac = finally([&]() {

        computeSharedHmac(allKeymasters(), getHmacSharingParameters(allKeymasters()));

    });

    auto params = getHmacSharingParameters(all_keymasters());

    ASSERT_EQ(all_keymasters().size(), params.size())

    auto params = getHmacSharingParameters(allKeymasters());

    ASSERT_EQ(allKeymasters().size(), params.size())

            << "One or more keymasters failed to provide parameters.";

    // All should be well in the normal case

    auto responses = computeSharedHmac(all_keymasters(), params);

    auto responses = computeSharedHmac(allKeymasters(), params);

    ASSERT_GT(responses.size(), 0U);

    HidlBuf correct_response = responses[0].sharing_check;

    }

    to_tweak[0]++;

    responses = computeSharedHmac(all_keymasters(), params);

    responses = computeSharedHmac(allKeymasters(), params);

    for (size_t i = 0; i < responses.size(); ++i) {

        if (i == param_to_tweak) {

            EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error)

    }

}

INSTANTIATE_TEST_SUITE_P(

        PerInstance, HmacKeySharingTest,

        testing::ValuesIn(android::hardware::getAllHalInstanceNames(IKeymasterDevice::descriptor)),

        android::hardware::PrintInstanceNameToString);

INSTANTIATE_KEYMASTER_HIDL_TEST(HmacKeySharingTest);

}  // namespace test

}  // namespace V4_0

#include <android/hidl/manager/1.0/IServiceManager.h>

#include <keymasterV4_0/key_param_output.h>

#include <keymasterV4_0/keymaster_utils.h>

namespace android {

namespace hardware {

namespace test {

using namespace std::literals::chrono_literals;

void KeymasterHidlTest::InitializeKeymaster() {

    service_name_ = GetParam();

    keymaster_ = IKeymasterDevice::getService(service_name_);

    keymaster_ = IKeymasterDevice::getService(GetParam());

    ASSERT_NE(keymaster_, nullptr);

    ASSERT_TRUE(keymaster_

void KeymasterHidlTest::SetUp() {

    InitializeKeymaster();

    os_version_ = ::keymaster::GetOsVersion();

    os_patch_level_ = ::keymaster::GetOsPatchlevel();

    auto service_manager = android::hidl::manager::V1_0::IServiceManager::getService();

    ASSERT_NE(nullptr, service_manager.get());

    all_keymasters_.push_back(keymaster_);

    service_manager->listByInterface(

        IKeymasterDevice::descriptor, [&](const hidl_vec<hidl_string>& names) {

            for (auto& name : names) {

                if (name == service_name_) continue;

                auto keymaster = IKeymasterDevice::getService(name);

                ASSERT_NE(keymaster, nullptr);

                all_keymasters_.push_back(keymaster);

            }

        });

    os_version_ = support::getOsVersion();

    os_patch_level_ = support::getOsPatchlevel();

}

ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,