Loading security/keymint/support/keymint_utils.cpp +26 −12 Original line number Diff line number Diff line Loading @@ -32,10 +32,11 @@ constexpr size_t kPlatformVersionMatchCount = kSubminorVersionMatch + 1; constexpr char kPlatformPatchlevelProp[] = "ro.build.version.security_patch"; constexpr char kVendorPatchlevelProp[] = "ro.vendor.build.security_patch"; constexpr char kPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$"; constexpr char kPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-([0-9]{2})$"; constexpr size_t kYearMatch = 1; constexpr size_t kMonthMatch = 2; constexpr size_t kPatchlevelMatchCount = kMonthMatch + 1; constexpr size_t kDayMatch = 3; constexpr size_t kPatchlevelMatchCount = kDayMatch + 1; uint32_t match_to_uint32(const char* expression, const regmatch_t& match) { if (match.rm_so == -1) return 0; Loading @@ -53,8 +54,6 @@ std::string wait_and_get_property(const char* prop) { return prop_value; } } // anonymous namespace uint32_t getOsVersion(const char* version_str) { regex_t regex; if (regcomp(®ex, kPlatformVersionRegex, REG_EXTENDED)) { Loading @@ -76,12 +75,9 @@ uint32_t getOsVersion(const char* version_str) { return (major * 100 + minor) * 100 + subminor; } uint32_t getOsVersion() { std::string version = wait_and_get_property(kPlatformVersionProp); return getOsVersion(version.c_str()); } enum class PatchlevelOutput { kYearMonthDay, kYearMonth }; uint32_t getPatchlevel(const char* patchlevel_str) { uint32_t getPatchlevel(const char* patchlevel_str, PatchlevelOutput detail) { regex_t regex; if (regcomp(®ex, kPatchlevelRegex, REG_EXTENDED) != 0) { return 0; Loading @@ -100,17 +96,35 @@ uint32_t getPatchlevel(const char* patchlevel_str) { if (month < 1 || month > 12) { return 0; } switch (detail) { case PatchlevelOutput::kYearMonthDay: { uint32_t day = match_to_uint32(patchlevel_str, matches[kDayMatch]); if (day < 1 || day > 31) { return 0; } return year * 10000 + month * 100 + day; } case PatchlevelOutput::kYearMonth: return year * 100 + month; } } } // anonymous namespace uint32_t getOsVersion() { std::string version = wait_and_get_property(kPlatformVersionProp); return getOsVersion(version.c_str()); } uint32_t getOsPatchlevel() { std::string patchlevel = wait_and_get_property(kPlatformPatchlevelProp); return getPatchlevel(patchlevel.c_str()); return getPatchlevel(patchlevel.c_str(), PatchlevelOutput::kYearMonth); } uint32_t getVendorPatchlevel() { std::string patchlevel = wait_and_get_property(kVendorPatchlevelProp); return getPatchlevel(patchlevel.c_str()); return getPatchlevel(patchlevel.c_str(), PatchlevelOutput::kYearMonthDay); } } // namespace aidl::android::hardware::security::keymint security/secureclock/aidl/vts/functional/SecureClockAidlTest.cpp +4 −0 Original line number Diff line number Diff line Loading @@ -114,6 +114,7 @@ TEST_P(SecureClockAidlTest, TestCreation) { EXPECT_EQ(ErrorCode::OK, result1.error); EXPECT_EQ(1U, result1.token.challenge); EXPECT_GT(result1.token.timestamp.milliSeconds, 0U); EXPECT_EQ(32U, result1.token.mac.size()); unsigned long time_to_sleep = 200; sleep_ms(time_to_sleep); Loading @@ -123,6 +124,7 @@ TEST_P(SecureClockAidlTest, TestCreation) { EXPECT_EQ(ErrorCode::OK, result2.error); EXPECT_EQ(2U, result2.token.challenge); EXPECT_GT(result2.token.timestamp.milliSeconds, 0U); EXPECT_EQ(32U, result2.token.mac.size()); auto host_time_delta = result2_time - result1_time; Loading Loading @@ -153,6 +155,7 @@ TEST_P(SecureClockAidlTest, MacChangesOnChangingTimestamp) { EXPECT_EQ(ErrorCode::OK, result1.error); EXPECT_EQ(0U, result1.token.challenge); EXPECT_GT(result1.token.timestamp.milliSeconds, 0U); EXPECT_EQ(32U, result1.token.mac.size()); unsigned long time_to_sleep = 200; sleep_ms(time_to_sleep); Loading @@ -162,6 +165,7 @@ TEST_P(SecureClockAidlTest, MacChangesOnChangingTimestamp) { EXPECT_EQ(ErrorCode::OK, result2.error); EXPECT_EQ(1U, result2.token.challenge); EXPECT_GT(result2.token.timestamp.milliSeconds, 0U); EXPECT_EQ(32U, result2.token.mac.size()); auto host_time_delta = result2_time - result1_time; Loading security/sharedsecret/aidl/vts/functional/SharedSecretAidlTest.cpp +81 −0 Original line number Diff line number Diff line Loading @@ -48,6 +48,9 @@ class SharedSecretAidlTest : public ::testing::Test { SharedSecretParameters params; auto error = GetReturnErrorCode(sharedSecret->getSharedSecretParameters(¶ms)); EXPECT_EQ(ErrorCode::OK, error); EXPECT_TRUE(params.seed.size() == 0 || params.seed.size() == 32); EXPECT_TRUE(params.nonce.size() == 32); GetParamsResult result; result.tie() = std::tie(error, params); return result; Loading Loading @@ -234,6 +237,45 @@ TEST_F(SharedSecretAidlTest, ComputeSharedSecretCorruptNonce) { } } TEST_F(SharedSecretAidlTest, ComputeSharedSecretShortNonce) { auto sharedSecrets = allSharedSecrets(); if (sharedSecrets.empty()) { GTEST_SKIP() << "Skipping the test as no shared secret service is found."; } auto fixup_hmac = finally([&]() { computeAllSharedSecrets(getAllSharedSecretParameters()); }); auto params = getAllSharedSecretParameters(); ASSERT_EQ(sharedSecrets.size(), params.size()) << "One or more shared secret services failed to provide parameters."; // All should be well in the normal case auto responses = computeAllSharedSecrets(params); ASSERT_GT(responses.size(), 0U); vector<uint8_t> correct_response = responses[0].sharing_check; verifyResponses(correct_response, responses); // Pick a random param and shorten that nonce by one. size_t param_to_tweak = rand() % params.size(); auto& to_tweak = params[param_to_tweak].nonce; ASSERT_TRUE(to_tweak.size() == 32); to_tweak.resize(31); responses = computeAllSharedSecrets(params); for (size_t i = 0; i < responses.size(); ++i) { if (i == param_to_tweak) { EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error) << "Shared secret service that provided tweaked param should fail to compute " "shared secret"; } else { EXPECT_EQ(ErrorCode::OK, responses[i].error) << "Others should succeed"; EXPECT_NE(correct_response, responses[i].sharing_check) << "Others should calculate a different shared secret, due to the tweaked " "nonce."; } } } TEST_F(SharedSecretAidlTest, ComputeSharedSecretCorruptSeed) { auto sharedSecrets = allSharedSecrets(); if (sharedSecrets.empty()) { Loading Loading @@ -275,6 +317,45 @@ TEST_F(SharedSecretAidlTest, ComputeSharedSecretCorruptSeed) { } } } TEST_F(SharedSecretAidlTest, ComputeSharedSecretShortSeed) { auto sharedSecrets = allSharedSecrets(); if (sharedSecrets.empty()) { GTEST_SKIP() << "Skipping the test as no shared secret service is found."; } auto fixup_hmac = finally([&]() { computeAllSharedSecrets(getAllSharedSecretParameters()); }); auto params = getAllSharedSecretParameters(); ASSERT_EQ(sharedSecrets.size(), params.size()) << "One or more shared secret service failed to provide parameters."; // All should be well in the normal case auto responses = computeAllSharedSecrets(params); ASSERT_GT(responses.size(), 0U); vector<uint8_t> correct_response = responses[0].sharing_check; verifyResponses(correct_response, responses); // Pick a random param and modify the seed to be of (invalid) length 31. auto param_to_tweak = rand() % params.size(); auto& to_tweak = params[param_to_tweak].seed; ASSERT_TRUE(to_tweak.size() == 32 || to_tweak.size() == 0); to_tweak.resize(31); responses = computeAllSharedSecrets(params); for (size_t i = 0; i < responses.size(); ++i) { if (i == param_to_tweak) { EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error) << "Shared secret service that provided tweaked param should fail to compute " "shared secret"; } else { EXPECT_EQ(ErrorCode::OK, responses[i].error) << "Others should succeed"; EXPECT_NE(correct_response, responses[i].sharing_check) << "Others should calculate a different shared secret, due to the tweaked " "nonce."; } } } } // namespace aidl::android::hardware::security::sharedsecret::test int main(int argc, char** argv) { Loading Loading
security/keymint/support/keymint_utils.cpp +26 −12 Original line number Diff line number Diff line Loading @@ -32,10 +32,11 @@ constexpr size_t kPlatformVersionMatchCount = kSubminorVersionMatch + 1; constexpr char kPlatformPatchlevelProp[] = "ro.build.version.security_patch"; constexpr char kVendorPatchlevelProp[] = "ro.vendor.build.security_patch"; constexpr char kPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$"; constexpr char kPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-([0-9]{2})$"; constexpr size_t kYearMatch = 1; constexpr size_t kMonthMatch = 2; constexpr size_t kPatchlevelMatchCount = kMonthMatch + 1; constexpr size_t kDayMatch = 3; constexpr size_t kPatchlevelMatchCount = kDayMatch + 1; uint32_t match_to_uint32(const char* expression, const regmatch_t& match) { if (match.rm_so == -1) return 0; Loading @@ -53,8 +54,6 @@ std::string wait_and_get_property(const char* prop) { return prop_value; } } // anonymous namespace uint32_t getOsVersion(const char* version_str) { regex_t regex; if (regcomp(®ex, kPlatformVersionRegex, REG_EXTENDED)) { Loading @@ -76,12 +75,9 @@ uint32_t getOsVersion(const char* version_str) { return (major * 100 + minor) * 100 + subminor; } uint32_t getOsVersion() { std::string version = wait_and_get_property(kPlatformVersionProp); return getOsVersion(version.c_str()); } enum class PatchlevelOutput { kYearMonthDay, kYearMonth }; uint32_t getPatchlevel(const char* patchlevel_str) { uint32_t getPatchlevel(const char* patchlevel_str, PatchlevelOutput detail) { regex_t regex; if (regcomp(®ex, kPatchlevelRegex, REG_EXTENDED) != 0) { return 0; Loading @@ -100,17 +96,35 @@ uint32_t getPatchlevel(const char* patchlevel_str) { if (month < 1 || month > 12) { return 0; } switch (detail) { case PatchlevelOutput::kYearMonthDay: { uint32_t day = match_to_uint32(patchlevel_str, matches[kDayMatch]); if (day < 1 || day > 31) { return 0; } return year * 10000 + month * 100 + day; } case PatchlevelOutput::kYearMonth: return year * 100 + month; } } } // anonymous namespace uint32_t getOsVersion() { std::string version = wait_and_get_property(kPlatformVersionProp); return getOsVersion(version.c_str()); } uint32_t getOsPatchlevel() { std::string patchlevel = wait_and_get_property(kPlatformPatchlevelProp); return getPatchlevel(patchlevel.c_str()); return getPatchlevel(patchlevel.c_str(), PatchlevelOutput::kYearMonth); } uint32_t getVendorPatchlevel() { std::string patchlevel = wait_and_get_property(kVendorPatchlevelProp); return getPatchlevel(patchlevel.c_str()); return getPatchlevel(patchlevel.c_str(), PatchlevelOutput::kYearMonthDay); } } // namespace aidl::android::hardware::security::keymint
security/secureclock/aidl/vts/functional/SecureClockAidlTest.cpp +4 −0 Original line number Diff line number Diff line Loading @@ -114,6 +114,7 @@ TEST_P(SecureClockAidlTest, TestCreation) { EXPECT_EQ(ErrorCode::OK, result1.error); EXPECT_EQ(1U, result1.token.challenge); EXPECT_GT(result1.token.timestamp.milliSeconds, 0U); EXPECT_EQ(32U, result1.token.mac.size()); unsigned long time_to_sleep = 200; sleep_ms(time_to_sleep); Loading @@ -123,6 +124,7 @@ TEST_P(SecureClockAidlTest, TestCreation) { EXPECT_EQ(ErrorCode::OK, result2.error); EXPECT_EQ(2U, result2.token.challenge); EXPECT_GT(result2.token.timestamp.milliSeconds, 0U); EXPECT_EQ(32U, result2.token.mac.size()); auto host_time_delta = result2_time - result1_time; Loading Loading @@ -153,6 +155,7 @@ TEST_P(SecureClockAidlTest, MacChangesOnChangingTimestamp) { EXPECT_EQ(ErrorCode::OK, result1.error); EXPECT_EQ(0U, result1.token.challenge); EXPECT_GT(result1.token.timestamp.milliSeconds, 0U); EXPECT_EQ(32U, result1.token.mac.size()); unsigned long time_to_sleep = 200; sleep_ms(time_to_sleep); Loading @@ -162,6 +165,7 @@ TEST_P(SecureClockAidlTest, MacChangesOnChangingTimestamp) { EXPECT_EQ(ErrorCode::OK, result2.error); EXPECT_EQ(1U, result2.token.challenge); EXPECT_GT(result2.token.timestamp.milliSeconds, 0U); EXPECT_EQ(32U, result2.token.mac.size()); auto host_time_delta = result2_time - result1_time; Loading
security/sharedsecret/aidl/vts/functional/SharedSecretAidlTest.cpp +81 −0 Original line number Diff line number Diff line Loading @@ -48,6 +48,9 @@ class SharedSecretAidlTest : public ::testing::Test { SharedSecretParameters params; auto error = GetReturnErrorCode(sharedSecret->getSharedSecretParameters(¶ms)); EXPECT_EQ(ErrorCode::OK, error); EXPECT_TRUE(params.seed.size() == 0 || params.seed.size() == 32); EXPECT_TRUE(params.nonce.size() == 32); GetParamsResult result; result.tie() = std::tie(error, params); return result; Loading Loading @@ -234,6 +237,45 @@ TEST_F(SharedSecretAidlTest, ComputeSharedSecretCorruptNonce) { } } TEST_F(SharedSecretAidlTest, ComputeSharedSecretShortNonce) { auto sharedSecrets = allSharedSecrets(); if (sharedSecrets.empty()) { GTEST_SKIP() << "Skipping the test as no shared secret service is found."; } auto fixup_hmac = finally([&]() { computeAllSharedSecrets(getAllSharedSecretParameters()); }); auto params = getAllSharedSecretParameters(); ASSERT_EQ(sharedSecrets.size(), params.size()) << "One or more shared secret services failed to provide parameters."; // All should be well in the normal case auto responses = computeAllSharedSecrets(params); ASSERT_GT(responses.size(), 0U); vector<uint8_t> correct_response = responses[0].sharing_check; verifyResponses(correct_response, responses); // Pick a random param and shorten that nonce by one. size_t param_to_tweak = rand() % params.size(); auto& to_tweak = params[param_to_tweak].nonce; ASSERT_TRUE(to_tweak.size() == 32); to_tweak.resize(31); responses = computeAllSharedSecrets(params); for (size_t i = 0; i < responses.size(); ++i) { if (i == param_to_tweak) { EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error) << "Shared secret service that provided tweaked param should fail to compute " "shared secret"; } else { EXPECT_EQ(ErrorCode::OK, responses[i].error) << "Others should succeed"; EXPECT_NE(correct_response, responses[i].sharing_check) << "Others should calculate a different shared secret, due to the tweaked " "nonce."; } } } TEST_F(SharedSecretAidlTest, ComputeSharedSecretCorruptSeed) { auto sharedSecrets = allSharedSecrets(); if (sharedSecrets.empty()) { Loading Loading @@ -275,6 +317,45 @@ TEST_F(SharedSecretAidlTest, ComputeSharedSecretCorruptSeed) { } } } TEST_F(SharedSecretAidlTest, ComputeSharedSecretShortSeed) { auto sharedSecrets = allSharedSecrets(); if (sharedSecrets.empty()) { GTEST_SKIP() << "Skipping the test as no shared secret service is found."; } auto fixup_hmac = finally([&]() { computeAllSharedSecrets(getAllSharedSecretParameters()); }); auto params = getAllSharedSecretParameters(); ASSERT_EQ(sharedSecrets.size(), params.size()) << "One or more shared secret service failed to provide parameters."; // All should be well in the normal case auto responses = computeAllSharedSecrets(params); ASSERT_GT(responses.size(), 0U); vector<uint8_t> correct_response = responses[0].sharing_check; verifyResponses(correct_response, responses); // Pick a random param and modify the seed to be of (invalid) length 31. auto param_to_tweak = rand() % params.size(); auto& to_tweak = params[param_to_tweak].seed; ASSERT_TRUE(to_tweak.size() == 32 || to_tweak.size() == 0); to_tweak.resize(31); responses = computeAllSharedSecrets(params); for (size_t i = 0; i < responses.size(); ++i) { if (i == param_to_tweak) { EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error) << "Shared secret service that provided tweaked param should fail to compute " "shared secret"; } else { EXPECT_EQ(ErrorCode::OK, responses[i].error) << "Others should succeed"; EXPECT_NE(correct_response, responses[i].sharing_check) << "Others should calculate a different shared secret, due to the tweaked " "nonce."; } } } } // namespace aidl::android::hardware::security::sharedsecret::test int main(int argc, char** argv) { Loading
