Merge "Test for patchlevels and too much entropy" am: b5ee70f125 am: fac02e6354
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1673208 Change-Id: I94218d8a6f289a646b8f0fdc637282365f1e2f6a
This commit is contained in:
David Drysdale
Automerger Merge Worker
commit
e89f9b8e30
5 changed files with 42 additions and 8 deletions
|
|
@ -170,6 +170,7 @@ void KeyMintAidlTestBase::InitializeKeyMint(std::shared_ptr<IKeyMintDevice> keyM
|
|||
|
||||
os_version_ = getOsVersion();
|
||||
os_patch_level_ = getOsPatchlevel();
|
||||
vendor_patch_level_ = getVendorPatchlevel();
|
||||
}
|
||||
|
||||
void KeyMintAidlTestBase::SetUp() {
|
||||
|
|
|
|||
|
|
@ -71,6 +71,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
|
|||
IKeyMintDevice& keyMint() { return *keymint_; }
|
||||
uint32_t os_version() { return os_version_; }
|
||||
uint32_t os_patch_level() { return os_patch_level_; }
|
||||
uint32_t vendor_patch_level() { return vendor_patch_level_; }
|
||||
|
||||
ErrorCode GetReturnErrorCode(const Status& result);
|
||||
|
||||
|
|
@ -266,6 +267,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
|
|||
std::shared_ptr<IKeyMintDevice> keymint_;
|
||||
uint32_t os_version_;
|
||||
uint32_t os_patch_level_;
|
||||
uint32_t vendor_patch_level_;
|
||||
|
||||
SecurityLevel securityLevel_;
|
||||
string name_;
|
||||
|
|
|
|||
|
|
@ -67,6 +67,8 @@ namespace aidl::android::hardware::security::keymint::test {
|
|||
|
||||
namespace {
|
||||
|
||||
bool check_patchLevels = false;
|
||||
|
||||
template <TagType tag_type, Tag tag, typename ValueT>
|
||||
bool contains(const vector<KeyParameter>& set, TypedTag<tag_type, tag> ttag,
|
||||
ValueT expected_value) {
|
||||
|
|
@ -330,6 +332,15 @@ class NewKeyGenerationTest : public KeyMintAidlTestBase {
|
|||
EXPECT_TRUE(os_pl);
|
||||
EXPECT_EQ(*os_pl, os_patch_level());
|
||||
|
||||
if (check_patchLevels) {
|
||||
// Should include vendor and boot patchlevels.
|
||||
auto vendor_pl = auths.GetTagValue(TAG_VENDOR_PATCHLEVEL);
|
||||
EXPECT_TRUE(vendor_pl);
|
||||
EXPECT_EQ(*vendor_pl, vendor_patch_level());
|
||||
auto boot_pl = auths.GetTagValue(TAG_BOOT_PATCHLEVEL);
|
||||
EXPECT_TRUE(boot_pl);
|
||||
}
|
||||
|
||||
return auths;
|
||||
}
|
||||
};
|
||||
|
|
@ -5312,6 +5323,16 @@ TEST_P(AddEntropyTest, AddLargeEntropy) {
|
|||
EXPECT_TRUE(keyMint().addRngEntropy(AidlBuf(string(2 * 1024, 'a'))).isOk());
|
||||
}
|
||||
|
||||
/*
|
||||
* AddEntropyTest.AddTooLargeEntropy
|
||||
*
|
||||
* Verifies that the addRngEntropy method rejects more than 2KiB of data.
|
||||
*/
|
||||
TEST_P(AddEntropyTest, AddTooLargeEntropy) {
|
||||
ErrorCode rc = GetReturnErrorCode(keyMint().addRngEntropy(AidlBuf(string(2 * 1024 + 1, 'a'))));
|
||||
EXPECT_EQ(ErrorCode::INVALID_INPUT_LENGTH, rc);
|
||||
}
|
||||
|
||||
INSTANTIATE_KEYMINT_AIDL_TEST(AddEntropyTest);
|
||||
|
||||
typedef KeyMintAidlTestBase KeyDeletionTest;
|
||||
|
|
@ -5765,6 +5786,10 @@ int main(int argc, char** argv) {
|
|||
} else {
|
||||
std::cout << "NOT dumping attestations" << std::endl;
|
||||
}
|
||||
// TODO(drysdale): Remove this flag when available KeyMint devices comply with spec
|
||||
if (std::string(argv[i]) == "--check_patchLevels") {
|
||||
aidl::android::hardware::security::keymint::test::check_patchLevels = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return RUN_ALL_TESTS();
|
||||
|
|
|
|||
|
|
@ -38,5 +38,6 @@ vector<uint8_t> authToken2vector(const HardwareAuthToken& token);
|
|||
|
||||
uint32_t getOsVersion();
|
||||
uint32_t getOsPatchlevel();
|
||||
uint32_t getVendorPatchlevel();
|
||||
|
||||
} // namespace aidl::android::hardware::security::keymint
|
||||
|
|
|
|||
|
|
@ -31,10 +31,11 @@ constexpr size_t kSubminorVersionMatch = 5;
|
|||
constexpr size_t kPlatformVersionMatchCount = kSubminorVersionMatch + 1;
|
||||
|
||||
constexpr char kPlatformPatchlevelProp[] = "ro.build.version.security_patch";
|
||||
constexpr char kPlatformPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$";
|
||||
constexpr char kVendorPatchlevelProp[] = "ro.vendor.build.security_patch";
|
||||
constexpr char kPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-[0-9]{2}$";
|
||||
constexpr size_t kYearMatch = 1;
|
||||
constexpr size_t kMonthMatch = 2;
|
||||
constexpr size_t kPlatformPatchlevelMatchCount = kMonthMatch + 1;
|
||||
constexpr size_t kPatchlevelMatchCount = kMonthMatch + 1;
|
||||
|
||||
uint32_t match_to_uint32(const char* expression, const regmatch_t& match) {
|
||||
if (match.rm_so == -1) return 0;
|
||||
|
|
@ -80,15 +81,14 @@ uint32_t getOsVersion() {
|
|||
return getOsVersion(version.c_str());
|
||||
}
|
||||
|
||||
uint32_t getOsPatchlevel(const char* patchlevel_str) {
|
||||
uint32_t getPatchlevel(const char* patchlevel_str) {
|
||||
regex_t regex;
|
||||
if (regcomp(®ex, kPlatformPatchlevelRegex, REG_EXTENDED) != 0) {
|
||||
if (regcomp(®ex, kPatchlevelRegex, REG_EXTENDED) != 0) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
regmatch_t matches[kPlatformPatchlevelMatchCount];
|
||||
int not_match =
|
||||
regexec(®ex, patchlevel_str, kPlatformPatchlevelMatchCount, matches, 0 /* flags */);
|
||||
regmatch_t matches[kPatchlevelMatchCount];
|
||||
int not_match = regexec(®ex, patchlevel_str, kPatchlevelMatchCount, matches, 0 /* flags */);
|
||||
regfree(®ex);
|
||||
if (not_match) {
|
||||
return 0;
|
||||
|
|
@ -105,7 +105,12 @@ uint32_t getOsPatchlevel(const char* patchlevel_str) {
|
|||
|
||||
uint32_t getOsPatchlevel() {
|
||||
std::string patchlevel = wait_and_get_property(kPlatformPatchlevelProp);
|
||||
return getOsPatchlevel(patchlevel.c_str());
|
||||
return getPatchlevel(patchlevel.c_str());
|
||||
}
|
||||
|
||||
uint32_t getVendorPatchlevel() {
|
||||
std::string patchlevel = wait_and_get_property(kVendorPatchlevelProp);
|
||||
return getPatchlevel(patchlevel.c_str());
|
||||
}
|
||||
|
||||
} // namespace aidl::android::hardware::security::keymint
|
||||
|
|
|
|||
Loading…
Reference in a new issue