Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +1 −0 Original line number Diff line number Diff line Loading @@ -170,6 +170,7 @@ void KeyMintAidlTestBase::InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyM os_version_ = getOsVersion(); os_patch_level_ = getOsPatchlevel(); vendor_patch_level_ = getVendorPatchlevel(); } void KeyMintAidlTestBase::SetUp() { Loading security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +2 −0 Original line number Diff line number Diff line Loading @@ -71,6 +71,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { IKeyMintDevice& keyMint() { return *keymint_; } uint32_t os_version() { return os_version_; } uint32_t os_patch_level() { return os_patch_level_; } uint32_t vendor_patch_level() { return vendor_patch_level_; } ErrorCode GetReturnErrorCode(const Status& result); Loading Loading @@ -266,6 +267,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { std::shared_ptr<IKeyMintDevice> keymint_; uint32_t os_version_; uint32_t os_patch_level_; uint32_t vendor_patch_level_; SecurityLevel securityLevel_; string name_; Loading security/keymint/aidl/vts/functional/KeyMintTest.cpp +25 −0 Original line number Diff line number Diff line Loading @@ -67,6 +67,8 @@ namespace aidl::android::hardware::security::keymint::test { namespace { bool check_patchLevels = false; template <TagType tag_type, Tag tag, typename ValueT> bool contains(const vector<KeyParameter>& set, TypedTag<tag_type, tag> ttag, ValueT expected_value) { Loading Loading @@ -330,6 +332,15 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase { EXPECT_TRUE(os_pl); EXPECT_EQ(*os_pl, os_patch_level()); if (check_patchLevels) { // Should include vendor and boot patchlevels. auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL); EXPECT_TRUE(vendor_pl); EXPECT_EQ(*vendor_pl, vendor_patch_level()); auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL); EXPECT_TRUE(boot_pl); } return auths; } }; Loading Loading @@ -5312,6 +5323,16 @@ TEST_P(AddEntropyTest, AddLargeEntropy) { EXPECT_TRUE(keyMint().addRngEntropy(AidlBuf(string(2 * 1024, 'a'))).isOk()); } /* * AddEntropyTest.AddTooLargeEntropy * * Verifies that the addRngEntropy method rejects more than 2KiB of data. */ TEST_P(AddEntropyTest, AddTooLargeEntropy) { ErrorCode rc = GetReturnErrorCode(keyMint().addRngEntropy(AidlBuf(string(2 * 1024 + 1, 'a')))); EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, rc); } INSTANTIATE_KEYMINT_AIDL_TEST(AddEntropyTest); typedef KeyMintAidlTestBase KeyDeletionTest; Loading Loading @@ -5765,6 +5786,10 @@ int main(int argc, char** argv) { } else { std::cout << "NOT dumping attestations" << std::endl; } // TODO(drysdale): Remove this flag when available KeyMint devices comply with spec if (std::string(argv[i]) == "--check_patchLevels") { aidl::android::hardware::security::keymint::test::check_patchLevels = true; } } } return RUN_ALL_TESTS(); Loading security/keymint/support/include/keymint_support/keymint_utils.h +1 −0 Original line number Diff line number Diff line Loading @@ -38,5 +38,6 @@ vector<uint8_t> authToken2vector(const HardwareAuthToken& token); uint32_t getOsVersion(); uint32_t getOsPatchlevel(); uint32_t getVendorPatchlevel(); } // namespace aidl::android::hardware::security::keymint security/keymint/support/keymint_utils.cpp +13 −8 Original line number Diff line number Diff line Loading @@ -31,10 +31,11 @@ constexpr size_t kSubminorVersionMatch = 5; constexpr size_t kPlatformVersionMatchCount = kSubminorVersionMatch + 1; constexpr char kPlatformPatchlevelProp[] = "ro.build.version.security_patch"; constexpr char kPlatformPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$"; constexpr char kVendorPatchlevelProp[] = "ro.vendor.build.security_patch"; constexpr char kPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$"; constexpr size_t kYearMatch = 1; constexpr size_t kMonthMatch = 2; constexpr size_t kPlatformPatchlevelMatchCount = kMonthMatch + 1; constexpr size_t kPatchlevelMatchCount = kMonthMatch + 1; uint32_t match_to_uint32(const char* expression, const regmatch_t& match) { if (match.rm_so == -1) return 0; Loading Loading @@ -80,15 +81,14 @@ uint32_t getOsVersion() { return getOsVersion(version.c_str()); } uint32_t getOsPatchlevel(const char* patchlevel_str) { uint32_t getPatchlevel(const char* patchlevel_str) { regex_t regex; if (regcomp(®ex, kPlatformPatchlevelRegex, REG_EXTENDED) != 0) { if (regcomp(®ex, kPatchlevelRegex, REG_EXTENDED) != 0) { return 0; } regmatch_t matches[kPlatformPatchlevelMatchCount]; int not_match = regexec(®ex, patchlevel_str, kPlatformPatchlevelMatchCount, matches, 0 /* flags */); regmatch_t matches[kPatchlevelMatchCount]; int not_match = regexec(®ex, patchlevel_str, kPatchlevelMatchCount, matches, 0 /* flags */); regfree(®ex); if (not_match) { return 0; Loading @@ -105,7 +105,12 @@ uint32_t getOsPatchlevel(const char* patchlevel_str) { uint32_t getOsPatchlevel() { std::string patchlevel = wait_and_get_property(kPlatformPatchlevelProp); return getOsPatchlevel(patchlevel.c_str()); return getPatchlevel(patchlevel.c_str()); } uint32_t getVendorPatchlevel() { std::string patchlevel = wait_and_get_property(kVendorPatchlevelProp); return getPatchlevel(patchlevel.c_str()); } } // namespace aidl::android::hardware::security::keymint Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +1 −0 Original line number Diff line number Diff line Loading @@ -170,6 +170,7 @@ void KeyMintAidlTestBase::InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyM os_version_ = getOsVersion(); os_patch_level_ = getOsPatchlevel(); vendor_patch_level_ = getVendorPatchlevel(); } void KeyMintAidlTestBase::SetUp() { Loading
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +2 −0 Original line number Diff line number Diff line Loading @@ -71,6 +71,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { IKeyMintDevice& keyMint() { return *keymint_; } uint32_t os_version() { return os_version_; } uint32_t os_patch_level() { return os_patch_level_; } uint32_t vendor_patch_level() { return vendor_patch_level_; } ErrorCode GetReturnErrorCode(const Status& result); Loading Loading @@ -266,6 +267,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { std::shared_ptr<IKeyMintDevice> keymint_; uint32_t os_version_; uint32_t os_patch_level_; uint32_t vendor_patch_level_; SecurityLevel securityLevel_; string name_; Loading
security/keymint/aidl/vts/functional/KeyMintTest.cpp +25 −0 Original line number Diff line number Diff line Loading @@ -67,6 +67,8 @@ namespace aidl::android::hardware::security::keymint::test { namespace { bool check_patchLevels = false; template <TagType tag_type, Tag tag, typename ValueT> bool contains(const vector<KeyParameter>& set, TypedTag<tag_type, tag> ttag, ValueT expected_value) { Loading Loading @@ -330,6 +332,15 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase { EXPECT_TRUE(os_pl); EXPECT_EQ(*os_pl, os_patch_level()); if (check_patchLevels) { // Should include vendor and boot patchlevels. auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL); EXPECT_TRUE(vendor_pl); EXPECT_EQ(*vendor_pl, vendor_patch_level()); auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL); EXPECT_TRUE(boot_pl); } return auths; } }; Loading Loading @@ -5312,6 +5323,16 @@ TEST_P(AddEntropyTest, AddLargeEntropy) { EXPECT_TRUE(keyMint().addRngEntropy(AidlBuf(string(2 * 1024, 'a'))).isOk()); } /* * AddEntropyTest.AddTooLargeEntropy * * Verifies that the addRngEntropy method rejects more than 2KiB of data. */ TEST_P(AddEntropyTest, AddTooLargeEntropy) { ErrorCode rc = GetReturnErrorCode(keyMint().addRngEntropy(AidlBuf(string(2 * 1024 + 1, 'a')))); EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, rc); } INSTANTIATE_KEYMINT_AIDL_TEST(AddEntropyTest); typedef KeyMintAidlTestBase KeyDeletionTest; Loading Loading @@ -5765,6 +5786,10 @@ int main(int argc, char** argv) { } else { std::cout << "NOT dumping attestations" << std::endl; } // TODO(drysdale): Remove this flag when available KeyMint devices comply with spec if (std::string(argv[i]) == "--check_patchLevels") { aidl::android::hardware::security::keymint::test::check_patchLevels = true; } } } return RUN_ALL_TESTS(); Loading
security/keymint/support/include/keymint_support/keymint_utils.h +1 −0 Original line number Diff line number Diff line Loading @@ -38,5 +38,6 @@ vector<uint8_t> authToken2vector(const HardwareAuthToken& token); uint32_t getOsVersion(); uint32_t getOsPatchlevel(); uint32_t getVendorPatchlevel(); } // namespace aidl::android::hardware::security::keymint
security/keymint/support/keymint_utils.cpp +13 −8 Original line number Diff line number Diff line Loading @@ -31,10 +31,11 @@ constexpr size_t kSubminorVersionMatch = 5; constexpr size_t kPlatformVersionMatchCount = kSubminorVersionMatch + 1; constexpr char kPlatformPatchlevelProp[] = "ro.build.version.security_patch"; constexpr char kPlatformPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$"; constexpr char kVendorPatchlevelProp[] = "ro.vendor.build.security_patch"; constexpr char kPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$"; constexpr size_t kYearMatch = 1; constexpr size_t kMonthMatch = 2; constexpr size_t kPlatformPatchlevelMatchCount = kMonthMatch + 1; constexpr size_t kPatchlevelMatchCount = kMonthMatch + 1; uint32_t match_to_uint32(const char* expression, const regmatch_t& match) { if (match.rm_so == -1) return 0; Loading Loading @@ -80,15 +81,14 @@ uint32_t getOsVersion() { return getOsVersion(version.c_str()); } uint32_t getOsPatchlevel(const char* patchlevel_str) { uint32_t getPatchlevel(const char* patchlevel_str) { regex_t regex; if (regcomp(®ex, kPlatformPatchlevelRegex, REG_EXTENDED) != 0) { if (regcomp(®ex, kPatchlevelRegex, REG_EXTENDED) != 0) { return 0; } regmatch_t matches[kPlatformPatchlevelMatchCount]; int not_match = regexec(®ex, patchlevel_str, kPlatformPatchlevelMatchCount, matches, 0 /* flags */); regmatch_t matches[kPatchlevelMatchCount]; int not_match = regexec(®ex, patchlevel_str, kPatchlevelMatchCount, matches, 0 /* flags */); regfree(®ex); if (not_match) { return 0; Loading @@ -105,7 +105,12 @@ uint32_t getOsPatchlevel(const char* patchlevel_str) { uint32_t getOsPatchlevel() { std::string patchlevel = wait_and_get_property(kPlatformPatchlevelProp); return getOsPatchlevel(patchlevel.c_str()); return getPatchlevel(patchlevel.c_str()); } uint32_t getVendorPatchlevel() { std::string patchlevel = wait_and_get_property(kVendorPatchlevelProp); return getPatchlevel(patchlevel.c_str()); } } // namespace aidl::android::hardware::security::keymint
