Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a15f40bd authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge changes I487000cc,I9310a851

* changes:
  Update Keymaster 4.0 VTS to use parameterized tests.
  Remove dependency on libsoftkeymaster.
parents 502d38d9 ef28554d
Loading
Loading
Loading
Loading
+3 −0
Original line number Diff line number Diff line
@@ -52,6 +52,9 @@ inline static hidl_vec<uint8_t> blob2hidlVec(const std::vector<uint8_t>& blob) {
HardwareAuthToken hidlVec2AuthToken(const hidl_vec<uint8_t>& buffer);
hidl_vec<uint8_t> authToken2HidlVec(const HardwareAuthToken& token);

uint32_t getOsVersion();
uint32_t getOsPatchlevel();

}  // namespace support
}  // namespace V4_0
}  // namespace keymaster
+101 −15
Original line number Diff line number Diff line
@@ -14,11 +14,13 @@
 * limitations under the License.
 */

#include <regex.h>

#include <android-base/properties.h>
#include <hardware/hw_auth_token.h>
#include <keymasterV4_0/keymaster_utils.h>

namespace android {
namespace hardware {
namespace android::hardware {

inline static bool operator<(const hidl_vec<uint8_t>& a, const hidl_vec<uint8_t>& b) {
    auto result = memcmp(a.data(), b.data(), std::min(a.size(), b.size()));
@@ -32,8 +34,7 @@ inline static bool operator<(const hidl_array<uint8_t, SIZE>& a,
    return memcmp(a.data(), b.data(), SIZE) == -1;
}

namespace keymaster {
namespace V4_0 {
namespace keymaster::V4_0 {

bool operator<(const HmacSharingParameters& a, const HmacSharingParameters& b) {
    return std::tie(a.seed, a.nonce) < std::tie(b.seed, b.nonce);
@@ -109,8 +110,93 @@ HardwareAuthToken hidlVec2AuthToken(const hidl_vec<uint8_t>& buffer) {
    return token;
}

namespace {

constexpr char kPlatformVersionProp[] = "ro.build.version.release";
constexpr char kPlatformVersionRegex[] = "^([0-9]{1,2})(\\.([0-9]{1,2}))?(\\.([0-9]{1,2}))?";
constexpr size_t kMajorVersionMatch = 1;
constexpr size_t kMinorVersionMatch = 3;
constexpr size_t kSubminorVersionMatch = 5;
constexpr size_t kPlatformVersionMatchCount = kSubminorVersionMatch + 1;

constexpr char kPlatformPatchlevelProp[] = "ro.build.version.security_patch";
constexpr char kPlatformPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$";
constexpr size_t kYearMatch = 1;
constexpr size_t kMonthMatch = 2;
constexpr size_t kPlatformPatchlevelMatchCount = kMonthMatch + 1;

uint32_t match_to_uint32(const char* expression, const regmatch_t& match) {
    if (match.rm_so == -1) return 0;

    size_t len = match.rm_eo - match.rm_so;
    std::string s(expression + match.rm_so, len);
    return std::stoul(s);
}

std::string wait_and_get_property(const char* prop) {
    std::string prop_value;
    while (!android::base::WaitForPropertyCreation(prop))
        ;
    prop_value = android::base::GetProperty(prop, "" /* default */);
    return prop_value;
}

}  // anonymous namespace

uint32_t getOsVersion(const char* version_str) {
    regex_t regex;
    if (regcomp(&regex, kPlatformVersionRegex, REG_EXTENDED)) {
        return 0;
    }

    regmatch_t matches[kPlatformVersionMatchCount];
    int not_match =
            regexec(&regex, version_str, kPlatformVersionMatchCount, matches, 0 /* flags */);
    regfree(&regex);
    if (not_match) {
        return 0;
    }

    uint32_t major = match_to_uint32(version_str, matches[kMajorVersionMatch]);
    uint32_t minor = match_to_uint32(version_str, matches[kMinorVersionMatch]);
    uint32_t subminor = match_to_uint32(version_str, matches[kSubminorVersionMatch]);

    return (major * 100 + minor) * 100 + subminor;
}

uint32_t getOsVersion() {
    std::string version = wait_and_get_property(kPlatformVersionProp);
    return getOsVersion(version.c_str());
}

uint32_t getOsPatchlevel(const char* patchlevel_str) {
    regex_t regex;
    if (regcomp(&regex, kPlatformPatchlevelRegex, REG_EXTENDED) != 0) {
        return 0;
    }

    regmatch_t matches[kPlatformPatchlevelMatchCount];
    int not_match =
            regexec(&regex, patchlevel_str, kPlatformPatchlevelMatchCount, matches, 0 /* flags */);
    regfree(&regex);
    if (not_match) {
        return 0;
    }

    uint32_t year = match_to_uint32(patchlevel_str, matches[kYearMatch]);
    uint32_t month = match_to_uint32(patchlevel_str, matches[kMonthMatch]);

    if (month < 1 || month > 12) {
        return 0;
    }
    return year * 100 + month;
}

uint32_t getOsPatchlevel() {
    std::string patchlevel = wait_and_get_property(kPlatformPatchlevelProp);
    return getOsPatchlevel(patchlevel.c_str());
}

}  // namespace support
}  // namespace V4_0
}  // namespace keymaster
}  // namespace hardware
}  // namespace android
}  // namespace keymaster::V4_0
}  // namespace android::hardware
+4 −2
Original line number Diff line number Diff line
@@ -27,7 +27,9 @@ cc_test {
        "android.hardware.keymaster@4.0",
        "libcrypto_static",
        "libkeymaster4support",
        "libsoftkeymasterdevice",
    ],
    test_suites: ["general-tests", "vts-core"],
    test_suites: [
        "general-tests",
        "vts-core",
    ],
}
+42 −28
Original line number Diff line number Diff line
@@ -28,6 +28,16 @@ namespace test {
 */
class HmacKeySharingTest : public KeymasterHidlTest {
   protected:
     const std::vector<sp<IKeymasterDevice>>& allKeymasters() {
         if (all_keymasters_.empty()) {
             auto names = android::hardware::getAllHalInstanceNames(IKeymasterDevice::descriptor);
             for (const auto& name : names) {
                 all_keymasters_.push_back(IKeymasterDevice::getService(name));
             }
         }
         return all_keymasters_;
     }

    struct GetParamsResult {
        ErrorCode error;
        HmacSharingParameters params;
@@ -99,8 +109,13 @@ class HmacKeySharingTest : public KeymasterHidlTest {
            EXPECT_EQ(expected, response.sharing_check) << "Sharing check values should match.";
        }
    }

  private:
    static std::vector<sp<IKeymasterDevice>> all_keymasters_;
};

std::vector<sp<IKeymasterDevice>> HmacKeySharingTest::all_keymasters_;

TEST_P(HmacKeySharingTest, GetParameters) {
    auto result1 = getHmacSharingParameters(keymaster());
    EXPECT_EQ(ErrorCode::OK, result1.error);
@@ -115,26 +130,26 @@ TEST_P(HmacKeySharingTest, GetParameters) {
}

TEST_P(HmacKeySharingTest, ComputeSharedHmac) {
    auto params = getHmacSharingParameters(all_keymasters());
    ASSERT_EQ(all_keymasters().size(), params.size())
    auto params = getHmacSharingParameters(allKeymasters());
    ASSERT_EQ(allKeymasters().size(), params.size())
            << "One or more keymasters failed to provide parameters.";

    auto nonces = copyNonces(params);
    EXPECT_EQ(all_keymasters().size(), nonces.size());
    EXPECT_EQ(allKeymasters().size(), nonces.size());
    std::sort(nonces.begin(), nonces.end());
    std::unique(nonces.begin(), nonces.end());
    EXPECT_EQ(all_keymasters().size(), nonces.size());
    EXPECT_EQ(allKeymasters().size(), nonces.size());

    auto responses = computeSharedHmac(all_keymasters(), params);
    auto responses = computeSharedHmac(allKeymasters(), params);
    ASSERT_GT(responses.size(), 0U);
    verifyResponses(responses[0].sharing_check, responses);

    // Do it a second time.  Should get the same answers.
    params = getHmacSharingParameters(all_keymasters());
    ASSERT_EQ(all_keymasters().size(), params.size())
    params = getHmacSharingParameters(allKeymasters());
    ASSERT_EQ(allKeymasters().size(), params.size())
            << "One or more keymasters failed to provide parameters.";

    responses = computeSharedHmac(all_keymasters(), params);
    responses = computeSharedHmac(allKeymasters(), params);
    ASSERT_GT(responses.size(), 0U);
    ASSERT_EQ(32U, responses[0].sharing_check.size());
    verifyResponses(responses[0].sharing_check, responses);
@@ -160,15 +175,16 @@ TEST_P(HmacKeySharingTest, ComputeSharedHmacCorruptNonce) {
    // sync with respect to the HMAC key.  Granted that VTS tests aren't run on in-use production
    // devices, this still has the potential to cause confusion.  To mitigate that, we always
    // (barring crashes :-/) re-run the unmodified agreement process on our way out.
    auto fixup_hmac = finally(
        [&]() { computeSharedHmac(all_keymasters(), getHmacSharingParameters(all_keymasters())); });
    auto fixup_hmac = finally([&]() {
        computeSharedHmac(allKeymasters(), getHmacSharingParameters(allKeymasters()));
    });

    auto params = getHmacSharingParameters(all_keymasters());
    ASSERT_EQ(all_keymasters().size(), params.size())
    auto params = getHmacSharingParameters(allKeymasters());
    ASSERT_EQ(allKeymasters().size(), params.size())
            << "One or more keymasters failed to provide parameters.";

    // All should be well in the normal case
    auto responses = computeSharedHmac(all_keymasters(), params);
    auto responses = computeSharedHmac(allKeymasters(), params);

    ASSERT_GT(responses.size(), 0U);
    HidlBuf correct_response = responses[0].sharing_check;
@@ -181,7 +197,7 @@ TEST_P(HmacKeySharingTest, ComputeSharedHmacCorruptNonce) {
    uint8_t bit_to_tweak = rand() % 8;
    params[param_to_tweak].nonce[byte_to_tweak] ^= (1 << bit_to_tweak);

    responses = computeSharedHmac(all_keymasters(), params);
    responses = computeSharedHmac(allKeymasters(), params);
    for (size_t i = 0; i < responses.size(); ++i) {
        if (i == param_to_tweak) {
            EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error)
@@ -199,15 +215,16 @@ TEST_P(HmacKeySharingTest, ComputeSharedHmacCorruptSeed) {
    // sync with respect to the HMAC key.  Granted that VTS tests aren't run on in-use production
    // devices, this still has the potential to cause confusion.  To mitigate that, we always
    // (barring crashes :-/) re-run the unmodified agreement process on our way out.
    auto fixup_hmac = finally(
        [&]() { computeSharedHmac(all_keymasters(), getHmacSharingParameters(all_keymasters())); });
    auto fixup_hmac = finally([&]() {
        computeSharedHmac(allKeymasters(), getHmacSharingParameters(allKeymasters()));
    });

    auto params = getHmacSharingParameters(all_keymasters());
    ASSERT_EQ(all_keymasters().size(), params.size())
    auto params = getHmacSharingParameters(allKeymasters());
    ASSERT_EQ(allKeymasters().size(), params.size())
            << "One or more keymasters failed to provide parameters.";

    // All should be well in the normal case
    auto responses = computeSharedHmac(all_keymasters(), params);
    auto responses = computeSharedHmac(allKeymasters(), params);

    ASSERT_GT(responses.size(), 0U);
    HidlBuf correct_response = responses[0].sharing_check;
@@ -223,7 +240,7 @@ TEST_P(HmacKeySharingTest, ComputeSharedHmacCorruptSeed) {
    }
    to_tweak[0]++;

    responses = computeSharedHmac(all_keymasters(), params);
    responses = computeSharedHmac(allKeymasters(), params);
    for (size_t i = 0; i < responses.size(); ++i) {
        if (i == param_to_tweak) {
            EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error)
@@ -236,10 +253,7 @@ TEST_P(HmacKeySharingTest, ComputeSharedHmacCorruptSeed) {
    }
}

INSTANTIATE_TEST_SUITE_P(
        PerInstance, HmacKeySharingTest,
        testing::ValuesIn(android::hardware::getAllHalInstanceNames(IKeymasterDevice::descriptor)),
        android::hardware::PrintInstanceNameToString);
INSTANTIATE_KEYMASTER_HIDL_TEST(HmacKeySharingTest);

}  // namespace test
}  // namespace V4_0
+13 −24
Original line number Diff line number Diff line
@@ -23,6 +23,7 @@
#include <android/hidl/manager/1.0/IServiceManager.h>

#include <keymasterV4_0/key_param_output.h>
#include <keymasterV4_0/keymaster_utils.h>

namespace android {
namespace hardware {
@@ -41,9 +42,10 @@ namespace V4_0 {

namespace test {

using namespace std::literals::chrono_literals;

void KeymasterHidlTest::InitializeKeymaster() {
    service_name_ = GetParam();
    keymaster_ = IKeymasterDevice::getService(service_name_);
    keymaster_ = IKeymasterDevice::getService(GetParam());
    ASSERT_NE(keymaster_, nullptr);

    ASSERT_TRUE(keymaster_
@@ -59,21 +61,8 @@ void KeymasterHidlTest::InitializeKeymaster() {
void KeymasterHidlTest::SetUp() {
    InitializeKeymaster();

    os_version_ = ::keymaster::GetOsVersion();
    os_patch_level_ = ::keymaster::GetOsPatchlevel();

    auto service_manager = android::hidl::manager::V1_0::IServiceManager::getService();
    ASSERT_NE(nullptr, service_manager.get());
    all_keymasters_.push_back(keymaster_);
    service_manager->listByInterface(
        IKeymasterDevice::descriptor, [&](const hidl_vec<hidl_string>& names) {
            for (auto& name : names) {
                if (name == service_name_) continue;
                auto keymaster = IKeymasterDevice::getService(name);
                ASSERT_NE(keymaster, nullptr);
                all_keymasters_.push_back(keymaster);
            }
        });
    os_version_ = support::getOsVersion();
    os_patch_level_ = support::getOsPatchlevel();
}

ErrorCode KeymasterHidlTest::GenerateKey(const AuthorizationSet& key_desc, HidlBuf* key_blob,
Loading