tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Restructuring of AAID using aidl_interface build system.

Browse source 
Making changes to use cpp backend generated by aidl_interface
build system for KeyAttestationApplicationProvider.
Removed custom parcelables defined for AAID.
Updated the tests to use the aidl_interface generated bindings.

Bug: 267452060
Test: atest android.keystore.cts.KeyAttestationTest; atest
keystore_unit_tests; keystoreSignature_fuzzer;
keystorePackageInfo_fuzzer; keystoreApplicationId_fuzzer;
keystoreAttestationId_fuzzer

Change-Id: Ibdfb8e2837538d01a04b6771b1a71c38529d1307
This commit is contained in:
Rajesh Nyamagoud 2023-03-11 01:26:48 +00:00
parent 1a7cd1d195
commit 3f6c15c656
17 changed files with 122 additions and 411 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
identity/Android.bp
View file

@ -51,6 +51,7 @@ cc_defaults {
"liblog",
"libutils",
"libutilscallstack",
"libkeystore-attestation-application-id",
],
static_libs: [
"android.hardware.keymaster-V3-cpp",
@ -60,7 +61,6 @@ cc_defaults {
"libcppbor_external",
"libcredstore_aidl",
"libkeymaster4support",
"libkeystore-attestation-application-id",
"librkp_support",
],
}

7
keystore/Android.bp
View file

@ -69,19 +69,16 @@ cc_library {
defaults: ["keystore_defaults"],
srcs: [
":IKeyAttestationApplicationIdProvider.aidl",
"keystore_attestation_id.cpp",
"KeyAttestationApplicationId.cpp",
"KeyAttestationPackageInfo.cpp",
"Signature.cpp",
],
shared_libs: [
"android.security.aaid_aidl-cpp",
"libbase",
"libbinder",
"libcrypto",
"libhidlbase",
"liblog",
"libutils",
"libcrypto",
],
export_include_dirs: ["include"],

54
keystore/KeyAttestationApplicationId.cpp
View file

@ -1,54 +0,0 @@
/*
**
** Copyright 2016, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#include "include/keystore/KeyAttestationApplicationId.h"
#include <binder/Parcel.h>
namespace android {
namespace security {
namespace keymaster {
KeyAttestationApplicationId::KeyAttestationApplicationId() = default;
KeyAttestationApplicationId::KeyAttestationApplicationId(
std::optional<KeyAttestationPackageInfo> package)
: packageInfos_(new std::vector<std::optional<KeyAttestationPackageInfo>>()) {
packageInfos_->push_back(std::move(package));
}
KeyAttestationApplicationId::KeyAttestationApplicationId(PackageInfoVector packages)
: packageInfos_(std::make_shared<PackageInfoVector>(std::move(packages))) {}
status_t KeyAttestationApplicationId::writeToParcel(Parcel* parcel) const {
return parcel->writeParcelableVector(packageInfos_);
}
status_t KeyAttestationApplicationId::readFromParcel(const Parcel* parcel) {
std::optional<std::vector<std::optional<KeyAttestationPackageInfo>>> temp_vector;
auto rc = parcel->readParcelableVector(&temp_vector);
if (rc != NO_ERROR) return rc;
packageInfos_.reset();
if (temp_vector) {
packageInfos_ = std::make_shared<PackageInfoVector>(std::move(*temp_vector));
}
return NO_ERROR;
}
} // namespace keymaster
} // namespace security
} // namespace android

59
keystore/KeyAttestationPackageInfo.cpp
View file

@ -1,59 +0,0 @@
/*
**
** Copyright 2016, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#include "include/keystore/KeyAttestationPackageInfo.h"
#include <binder/Parcel.h>
namespace android {
namespace security {
namespace keymaster {
KeyAttestationPackageInfo::KeyAttestationPackageInfo() = default;
KeyAttestationPackageInfo::KeyAttestationPackageInfo(const String16& packageName,
int64_t versionCode,
SharedSignaturesVector signatures)
: packageName_(packageName), versionCode_(versionCode), signatures_(signatures) {}
status_t KeyAttestationPackageInfo::writeToParcel(Parcel* parcel) const {
auto rc = parcel->writeString16(packageName_);
if (rc != NO_ERROR) return rc;
rc = parcel->writeInt64(versionCode_);
if (rc != NO_ERROR) return rc;
return parcel->writeParcelableVector(signatures_);
}
status_t KeyAttestationPackageInfo::readFromParcel(const Parcel* parcel) {
auto rc = parcel->readString16(&packageName_);
if (rc != NO_ERROR) return rc;
rc = parcel->readInt64(&versionCode_);
if (rc != NO_ERROR) return rc;
std::optional<SignaturesVector> temp_vector;
rc = parcel->readParcelableVector(&temp_vector);
if (rc != NO_ERROR) return rc;
signatures_.reset();
if (temp_vector) {
signatures_ = std::make_shared<SignaturesVector>(std::move(*temp_vector));
}
return NO_ERROR;
}
} // namespace keymaster
} // namespace security
} // namespace android

38
keystore/Signature.cpp
View file

@ -1,38 +0,0 @@
/*
**
** Copyright 2016, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#include "include/keystore/Signature.h"
#include <binder/Parcel.h>
namespace android {
namespace content {
namespace pm {
status_t Signature::writeToParcel(Parcel* parcel) const {
return parcel->writeByteVector(sig_data_);
}
status_t Signature::readFromParcel(const Parcel* parcel) {
return parcel->readByteVector(&sig_data_);
}
Signature::Signature(std::vector<uint8_t> signature_data) : sig_data_(std::move(signature_data)) {}
} // namespace pm
} // namespace content
} // namespace android

58
keystore/include/keystore/KeyAttestationApplicationId.h
View file

@ -1,58 +0,0 @@
// Copyright 2016 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_
#define KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_
#include <memory>
#include <optional>
#include <vector>
#include <binder/Parcelable.h>
#include "KeyAttestationPackageInfo.h"
namespace android {
namespace security {
namespace keymaster {
class KeyAttestationApplicationId : public Parcelable {
public:
typedef SharedNullableIterator<const KeyAttestationPackageInfo, std::vector>
ConstKeyAttestationPackageInfoIterator;
typedef std::vector<std::optional<KeyAttestationPackageInfo>> PackageInfoVector;
KeyAttestationApplicationId();
// Following c'tors are for initializing instances containing test data.
explicit KeyAttestationApplicationId(std::optional<KeyAttestationPackageInfo> package);
explicit KeyAttestationApplicationId(PackageInfoVector packages);
status_t writeToParcel(Parcel*) const override;
status_t readFromParcel(const Parcel* parcel) override;
ConstKeyAttestationPackageInfoIterator pinfos_begin() const {
return ConstKeyAttestationPackageInfoIterator(packageInfos_);
}
ConstKeyAttestationPackageInfoIterator pinfos_end() const {
return ConstKeyAttestationPackageInfoIterator();
}
private:
std::shared_ptr<PackageInfoVector> packageInfos_;
};
} // namespace keymaster
} // namespace security
} // namespace android
#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_

63
keystore/include/keystore/KeyAttestationPackageInfo.h
View file

@ -1,63 +0,0 @@
// Copyright 2016 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONPACKAGEINFO_H_
#define KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONPACKAGEINFO_H_
#include <stdint.h>
#include <memory>
#include <optional>
#include <vector>
#include <binder/Parcelable.h>
#include "Signature.h"
#include "utils.h"
namespace android {
namespace security {
namespace keymaster {
class KeyAttestationPackageInfo : public Parcelable {
public:
typedef SharedNullableIterator<const content::pm::Signature, std::vector>
ConstSignatureIterator;
typedef std::vector<std::optional<content::pm::Signature>> SignaturesVector;
typedef std::shared_ptr<SignaturesVector> SharedSignaturesVector;
KeyAttestationPackageInfo(const String16& packageName, int64_t versionCode,
SharedSignaturesVector signatures);
KeyAttestationPackageInfo();
status_t writeToParcel(Parcel*) const override;
status_t readFromParcel(const Parcel* parcel) override;
const std::optional<String16>& package_name() const { return packageName_; }
int64_t version_code() const { return versionCode_; }
ConstSignatureIterator sigs_begin() const { return ConstSignatureIterator(signatures_); }
ConstSignatureIterator sigs_end() const { return ConstSignatureIterator(); }
private:
std::optional<String16> packageName_;
int64_t versionCode_;
SharedSignaturesVector signatures_;
};
} // namespace keymaster
} // namespace security
} // namespace android
#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONPACKAGEINFO_H_

47
keystore/include/keystore/Signature.h
View file

@ -1,47 +0,0 @@
// Copyright 2016 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef KEYSTORE_INCLUDE_KEYSTORE_SIGNATURE_H_
#define KEYSTORE_INCLUDE_KEYSTORE_SIGNATURE_H_
#include <vector>
#include <binder/Parcelable.h>
namespace android {
namespace content {
namespace pm {
class Signature : public Parcelable {
public:
Signature() = default;
// Intended for initializing instances containing test data.
explicit Signature(std::vector<uint8_t> signature_data);
status_t writeToParcel(Parcel*) const override;
status_t readFromParcel(const Parcel* parcel) override;
const std::vector<uint8_t>& data() const & { return sig_data_; }
std::vector<uint8_t>& data() & { return sig_data_; }
std::vector<uint8_t>&& data() && { return std::move(sig_data_); }
private:
std::vector<uint8_t> sig_data_;
};
} // namespace pm
} // namespace content
} // namespace android
#endif // KEYSTORE_INCLUDE_KEYSTORE_SIGNATURE_H_

6
keystore/include/keystore/keystore_attestation_id.h
View file

@ -25,11 +25,11 @@ namespace security {
constexpr size_t KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE = 1024;
namespace keymaster {
namespace keystore {
class KeyAttestationApplicationId;
} // namespace keymaster
} // namespace keystore
template <typename T> class StatusOr {
public:
@ -77,7 +77,7 @@ StatusOr<std::vector<uint8_t>> gather_attestation_application_id(uid_t uid);
*/
StatusOr<std::vector<uint8_t>> build_attestation_application_id(
const ::android::security::keymaster::KeyAttestationApplicationId& key_attestation_id);
const ::android::security::keystore::KeyAttestationApplicationId& key_attestation_id);
} // namespace security
} // namespace android

58
keystore/keystore_attestation_id.cpp
View file

@ -29,11 +29,11 @@
#include <binder/Parcelable.h>
#include <binder/PersistableBundle.h>
#include <android/security/keymaster/BpKeyAttestationApplicationIdProvider.h>
#include <android/security/keymaster/IKeyAttestationApplicationIdProvider.h>
#include <keystore/KeyAttestationApplicationId.h>
#include <keystore/KeyAttestationPackageInfo.h>
#include <keystore/Signature.h>
#include <android/security/keystore/BpKeyAttestationApplicationIdProvider.h>
#include <android/security/keystore/IKeyAttestationApplicationIdProvider.h>
#include <android/security/keystore/KeyAttestationApplicationId.h>
#include <android/security/keystore/KeyAttestationPackageInfo.h>
#include <android/security/keystore/Signature.h>
#include <private/android_filesystem_config.h> /* for AID_SYSTEM */
@ -50,13 +50,13 @@ namespace {
constexpr const char* kAttestationSystemPackageName = "AndroidSystem";
constexpr const char* kUnknownPackageName = "UnknownPackage";
std::vector<uint8_t> signature2SHA256(const content::pm::Signature& sig) {
std::vector<uint8_t> signature2SHA256(const security::keystore::Signature& sig) {
std::vector<uint8_t> digest_buffer(SHA256_DIGEST_LENGTH);
SHA256(sig.data().data(), sig.data().size(), digest_buffer.data());
SHA256(sig.data.data(), sig.data.size(), digest_buffer.data());
return digest_buffer;
}
using ::android::security::keymaster::BpKeyAttestationApplicationIdProvider;
using ::android::security::keystore::BpKeyAttestationApplicationIdProvider;
class KeyAttestationApplicationIdProvider : public BpKeyAttestationApplicationIdProvider {
public:
@ -141,8 +141,8 @@ namespace android {
namespace security {
namespace {
using ::android::security::keymaster::KeyAttestationApplicationId;
using ::android::security::keymaster::KeyAttestationPackageInfo;
using ::android::security::keystore::KeyAttestationApplicationId;
using ::android::security::keystore::KeyAttestationPackageInfo;
status_t build_attestation_package_info(const KeyAttestationPackageInfo& pinfo,
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO>* attestation_package_info_ptr) {
@ -153,12 +153,12 @@ status_t build_attestation_package_info(const KeyAttestationPackageInfo& pinfo,
attestation_package_info.reset(KM_ATTESTATION_PACKAGE_INFO_new());
if (!attestation_package_info.get()) return NO_MEMORY;
if (!pinfo.package_name()) {
if (!pinfo.packageName) {
ALOGE("Key attestation package info lacks package name");
return BAD_VALUE;
}
std::string pkg_name(String8(*pinfo.package_name()).c_str());
std::string pkg_name(String8(pinfo.packageName).c_str());
if (!ASN1_OCTET_STRING_set(attestation_package_info->package_name,
reinterpret_cast<const unsigned char*>(pkg_name.data()),
pkg_name.size())) {
@ -169,7 +169,7 @@ status_t build_attestation_package_info(const KeyAttestationPackageInfo& pinfo,
if (bn_version == nullptr) {
return NO_MEMORY;
}
if (BN_set_u64(bn_version, static_cast<uint64_t>(pinfo.version_code())) != 1) {
if (BN_set_u64(bn_version, static_cast<uint64_t>(pinfo.versionCode)) != 1) {
BN_free(bn_version);
return UNKNOWN_ERROR;
}
@ -201,15 +201,16 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
auto attestation_pinfo_stack = reinterpret_cast<_STACK*>(attestation_id->package_infos);
if (key_attestation_id.pinfos_begin() == key_attestation_id.pinfos_end()) return BAD_VALUE;
if (key_attestation_id.packageInfos.begin() == key_attestation_id.packageInfos.end())
return BAD_VALUE;
for (auto pinfo = key_attestation_id.pinfos_begin(); pinfo != key_attestation_id.pinfos_end();
++pinfo) {
if (!pinfo->package_name()) {
for (auto pinfo = key_attestation_id.packageInfos.begin();
pinfo != key_attestation_id.packageInfos.end(); ++pinfo) {
if (!pinfo->packageName) {
ALOGE("Key attestation package info lacks package name");
return BAD_VALUE;
}
std::string package_name(String8(*pinfo->package_name()).c_str());
std::string package_name(String8(pinfo->packageName).c_str());
std::unique_ptr<KM_ATTESTATION_PACKAGE_INFO> attestation_package_info;
auto rc = build_attestation_package_info(*pinfo, &attestation_package_info);
if (rc != NO_ERROR) {
@ -231,10 +232,10 @@ build_attestation_application_id(const KeyAttestationApplicationId& key_attestat
* signature field actually holds the signing certificate, rather than a signature, we can
* simply use the set of signature digests of the first package info.
*/
const auto& pinfo = *key_attestation_id.pinfos_begin();
const auto& pinfo = *key_attestation_id.packageInfos.begin();
std::vector<std::vector<uint8_t>> signature_digests;
for (auto sig = pinfo.sigs_begin(); sig != pinfo.sigs_end(); ++sig) {
for (auto sig = pinfo.signatures.begin(); sig != pinfo.signatures.end(); ++sig) {
signature_digests.push_back(signature2SHA256(*sig));
}
@ -271,10 +272,10 @@ StatusOr<std::vector<uint8_t>> gather_attestation_application_id(uid_t uid) {
if (uid == AID_SYSTEM) {
/* Use a fixed ID for system callers */
auto pinfo = std::make_optional<KeyAttestationPackageInfo>(
String16(kAttestationSystemPackageName), 1 /* version code */,
std::make_shared<KeyAttestationPackageInfo::SignaturesVector>());
key_attestation_id = KeyAttestationApplicationId(std::move(pinfo));
auto pinfo = KeyAttestationPackageInfo();
pinfo.packageName = String16(kAttestationSystemPackageName);
pinfo.versionCode = 1;
key_attestation_id.packageInfos.push_back(std::move(pinfo));
} else {
/* Get the attestation application ID from package manager */
auto& pm = KeyAttestationApplicationIdProvider::get();
@ -284,10 +285,11 @@ StatusOr<std::vector<uint8_t>> gather_attestation_application_id(uid_t uid) {
if (!status.isOk()) {
ALOGW("package manager request for key attestation ID failed with: %s %d",
status.exceptionMessage().c_str(), status.exceptionCode());
auto pinfo = std::make_optional<KeyAttestationPackageInfo>(
String16(kUnknownPackageName), 1 /* version code */,
std::make_shared<KeyAttestationPackageInfo::SignaturesVector>());
key_attestation_id = KeyAttestationApplicationId(std::move(pinfo));
auto pinfo = KeyAttestationPackageInfo();
pinfo.packageName = String16(kUnknownPackageName);
pinfo.versionCode = 1;
key_attestation_id.packageInfos.push_back(std::move(pinfo));
}
}

1
keystore/tests/Android.bp
View file

@ -35,6 +35,7 @@ cc_test {
"libutils",
],
shared_libs: [
"android.security.aaid_aidl-cpp",
"libbinder",
"libkeymaster_messages",
"libkeystore-attestation-application-id",

65
keystore/tests/aaid_truncation_test.cpp
View file

@ -22,14 +22,14 @@
#include <keymaster/logger.h>
#include <keystore/keystore_attestation_id.h>
#include <keystore/KeyAttestationApplicationId.h>
#include <keystore/KeyAttestationPackageInfo.h>
#include <keystore/Signature.h>
#include <android/security/keystore/KeyAttestationApplicationId.h>
#include <android/security/keystore/KeyAttestationPackageInfo.h>
#include <android/security/keystore/Signature.h>
using ::android::String16;
using ::android::security::KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE;
using ::android::security::keymaster::KeyAttestationApplicationId;
using ::android::security::keymaster::KeyAttestationPackageInfo;
using ::android::security::keystore::KeyAttestationApplicationId;
using ::android::security::keystore::KeyAttestationPackageInfo;
using std::vector;
namespace keystore {
@ -72,24 +72,27 @@ constexpr const size_t kTooManySignatures = 35;
} // namespace
using ::android::content::pm::Signature;
using ::android::security::build_attestation_application_id;
using ::android::security::keystore::Signature;
std::optional<KeyAttestationPackageInfo>
make_package_info_with_signatures(const char* package_name,
KeyAttestationPackageInfo::SignaturesVector signatures) {
return std::make_optional<KeyAttestationPackageInfo>(
String16(package_name), 1 /* version code */,
std::make_shared<KeyAttestationPackageInfo::SignaturesVector>(std::move(signatures)));
KeyAttestationPackageInfo make_package_info_with_signatures(const char* package_name,
std::vector<Signature> signatures) {
auto pInfo = KeyAttestationPackageInfo();
pInfo.packageName = String16(package_name);
pInfo.versionCode = 1;
std::move(signatures.begin(), signatures.end(), std::back_inserter(pInfo.signatures));
return pInfo;
}
std::optional<KeyAttestationPackageInfo> make_package_info(const char* package_name) {
return make_package_info_with_signatures(package_name,
KeyAttestationPackageInfo::SignaturesVector());
KeyAttestationPackageInfo make_package_info(const char* package_name) {
return make_package_info_with_signatures(package_name, std::vector<Signature>());
}
TEST(AaidTruncationTest, shortPackageInfoTest) {
KeyAttestationApplicationId app_id(make_package_info(kDummyPackageName));
KeyAttestationApplicationId app_id;
auto pInfo = make_package_info(kDummyPackageName);
app_id.packageInfos.push_back(std::move(pInfo));
auto result = build_attestation_application_id(app_id);
ASSERT_TRUE(result.isOk());
@ -98,7 +101,9 @@ TEST(AaidTruncationTest, shortPackageInfoTest) {
}
TEST(AaidTruncationTest, tooLongPackageNameTest) {
KeyAttestationApplicationId app_id(make_package_info(kLongPackageName));
KeyAttestationApplicationId app_id;
auto pInfo = make_package_info(kLongPackageName);
app_id.packageInfos.push_back(std::move(pInfo));
auto result = build_attestation_application_id(app_id);
ASSERT_TRUE(result.isOk());
@ -108,14 +113,17 @@ TEST(AaidTruncationTest, tooLongPackageNameTest) {
TEST(AaidTruncationTest, tooManySignaturesTest) {
std::vector<uint8_t> dummy_sig_data(kDummySignature, kDummySignature + 32);
KeyAttestationPackageInfo::SignaturesVector signatures;
std::vector<Signature> signatures;
// Add 35 signatures which will surely exceed the 1K limit.
for (size_t i = 0; i < kTooManySignatures; ++i) {
signatures.push_back(std::make_optional<Signature>(dummy_sig_data));
auto sign = Signature();
sign.data = dummy_sig_data;
signatures.push_back(std::move(sign));
}
KeyAttestationApplicationId app_id(
make_package_info_with_signatures(kDummyPackageName, std::move(signatures)));
auto pInfo = make_package_info_with_signatures(kDummyPackageName, std::move(signatures));
KeyAttestationApplicationId app_id;
app_id.packageInfos.push_back(std::move(pInfo));
auto result = build_attestation_application_id(app_id);
ASSERT_TRUE(result.isOk());
@ -125,19 +133,22 @@ TEST(AaidTruncationTest, tooManySignaturesTest) {
TEST(AaidTruncationTest, combinedPackagesAndSignaturesTest) {
std::vector<uint8_t> dummy_sig_data(kDummySignature, kDummySignature + 32);
KeyAttestationApplicationId::PackageInfoVector packages;
::std::vector<KeyAttestationPackageInfo> packages;
for (size_t i = 0; i < kTooManyPackages; ++i) {
KeyAttestationPackageInfo::SignaturesVector signatures;
std::vector<Signature> signatures;
// Add a few signatures for each package
for (int j = 0; j < 3; ++j) {
signatures.push_back(std::make_optional<Signature>(dummy_sig_data));
auto sign = Signature();
sign.data = dummy_sig_data;
signatures.push_back(std::move(sign));
}
packages.push_back(
make_package_info_with_signatures(kReasonablePackageName, std::move(signatures)));
packages.push_back(std::move(
make_package_info_with_signatures(kReasonablePackageName, std::move(signatures))));
}
KeyAttestationApplicationId app_id;
std::move(packages.begin(), packages.end(), std::back_inserter(app_id.packageInfos));
KeyAttestationApplicationId app_id(std::move(packages));
auto result = build_attestation_application_id(app_id);
ASSERT_TRUE(result.isOk());
std::vector<uint8_t>& encoded_app_id = result;

1
keystore/tests/fuzzer/Android.bp
View file

@ -55,6 +55,7 @@ cc_defaults {
"libhidlbase",
],
shared_libs: [
"android.security.aaid_aidl-cpp",
"libbinder",
"libcrypto",
"libutils",

35
keystore/tests/fuzzer/keystoreApplicationId_fuzzer.cpp
View file

@ -15,9 +15,9 @@
*/
#include "keystoreCommon.h"
#include <keystore/KeyAttestationApplicationId.h>
#include <android/security/keystore/KeyAttestationApplicationId.h>
using ::security::keymaster::KeyAttestationApplicationId;
using ::android::security::keystore::KeyAttestationApplicationId;
constexpr size_t kPackageVectorSizeMin = 1;
constexpr size_t kPackageVectorSizeMax = 10;
@ -33,26 +33,37 @@ class KeystoreApplicationId {
};
void KeystoreApplicationId::invokeApplicationId() {
std::optional<KeyAttestationApplicationId> applicationId;
KeyAttestationApplicationId applicationId;
bool shouldUsePackageInfoVector = mFdp->ConsumeBool();
if (shouldUsePackageInfoVector) {
KeyAttestationApplicationId::PackageInfoVector packageInfoVector;
::std::vector<KeyAttestationPackageInfo> packageInfoVector;
int32_t packageVectorSize =
mFdp->ConsumeIntegralInRange<int32_t>(kPackageVectorSizeMin, kPackageVectorSizeMax);
for (int32_t packageSize = 0; packageSize < packageVectorSize; ++packageSize) {
auto packageInfoData = initPackageInfoData(mFdp.get());
packageInfoVector.push_back(make_optional<KeyAttestationPackageInfo>(
String16((packageInfoData.packageName).c_str()), packageInfoData.versionCode,
packageInfoData.sharedSignaturesVector));
auto pInfo = KeyAttestationPackageInfo();
pInfo.packageName = String16((packageInfoData.packageName).c_str());
pInfo.versionCode = packageInfoData.versionCode;
std::move(packageInfoData.sharedSignaturesVector->begin(),
packageInfoData.sharedSignaturesVector->end(),
std::back_inserter(pInfo.signatures));
packageInfoVector.push_back(std::move(pInfo));
}
applicationId = KeyAttestationApplicationId(std::move(packageInfoVector));
std::move(packageInfoVector.begin(), packageInfoVector.end(),
std::back_inserter(applicationId.packageInfos));
} else {
auto packageInfoData = initPackageInfoData(mFdp.get());
applicationId = KeyAttestationApplicationId(make_optional<KeyAttestationPackageInfo>(
String16((packageInfoData.packageName).c_str()), packageInfoData.versionCode,
packageInfoData.sharedSignaturesVector));
auto pInfo = KeyAttestationPackageInfo();
pInfo.packageName = String16((packageInfoData.packageName).c_str());
pInfo.versionCode = packageInfoData.versionCode;
std::move(packageInfoData.sharedSignaturesVector->begin(),
packageInfoData.sharedSignaturesVector->end(),
std::back_inserter(pInfo.signatures));
applicationId.packageInfos.push_back(std::move(pInfo));
}
invokeReadWriteParcel(&applicationId.value());
invokeReadWriteParcel(&applicationId);
}
void KeystoreApplicationId::process(const uint8_t* data, size_t size) {

20
keystore/tests/fuzzer/keystoreCommon.h
View file

@ -16,18 +16,18 @@
#ifndef KEYSTORECOMMON_H
#define KEYSTORECOMMON_H
#include <android/security/keystore/KeyAttestationPackageInfo.h>
#include <android/security/keystore/Signature.h>
#include <binder/Parcel.h>
#include <binder/Parcelable.h>
#include <keystore/KeyAttestationPackageInfo.h>
#include <keystore/Signature.h>
#include <vector>
#include "fuzzer/FuzzedDataProvider.h"
using namespace android;
using namespace std;
using ::content::pm::Signature;
using ::security::keymaster::KeyAttestationPackageInfo;
using ::android::security::keystore::KeyAttestationPackageInfo;
using ::android::security::keystore::Signature;
constexpr size_t kSignatureSizeMin = 1;
constexpr size_t kSignatureSizeMax = 1000;
@ -38,7 +38,7 @@ constexpr size_t kSignatureVectorSizeMax = 1000;
struct PackageInfoData {
string packageName;
int64_t versionCode;
KeyAttestationPackageInfo::SharedSignaturesVector sharedSignaturesVector;
std::shared_ptr<std::vector<Signature>> sharedSignaturesVector;
};
inline void invokeReadWriteParcel(Parcelable* obj) {
@ -60,18 +60,20 @@ inline PackageInfoData initPackageInfoData(FuzzedDataProvider* fdp) {
packageInfoData.versionCode = fdp->ConsumeIntegral<int64_t>();
size_t signatureVectorSize =
fdp->ConsumeIntegralInRange(kSignatureVectorSizeMin, kSignatureVectorSizeMax);
KeyAttestationPackageInfo::SignaturesVector signatureVector;
std::vector<Signature> signatureVector;
for (size_t size = 0; size < signatureVectorSize; ++size) {
bool shouldUseParameterizedConstructor = fdp->ConsumeBool();
if (shouldUseParameterizedConstructor) {
vector<uint8_t> signatureData = initSignatureData(fdp);
signatureVector.push_back(make_optional<Signature>(signatureData));
auto sign = Signature();
sign.data = signatureData;
signatureVector.push_back(std::move(sign));
} else {
signatureVector.push_back(std::nullopt);
signatureVector.push_back(Signature());
}
}
packageInfoData.sharedSignaturesVector =
make_shared<KeyAttestationPackageInfo::SignaturesVector>(std::move(signatureVector));
make_shared<std::vector<Signature>>(std::move(signatureVector));
return packageInfoData;
}
#endif // KEYSTORECOMMON_H

9
keystore/tests/fuzzer/keystorePackageInfo_fuzzer.cpp
View file

@ -28,9 +28,12 @@ class KeystorePackageInfoFuzzer {
void KeystorePackageInfoFuzzer::invokePackageInfo() {
auto packageInfoData = initPackageInfoData(mFdp.get());
KeyAttestationPackageInfo packageInfo(String16((packageInfoData.packageName).c_str()),
packageInfoData.versionCode,
packageInfoData.sharedSignaturesVector);
auto packageInfo = KeyAttestationPackageInfo();
packageInfo.packageName = String16((packageInfoData.packageName).c_str());
packageInfo.versionCode = packageInfoData.versionCode;
std::move(packageInfoData.sharedSignaturesVector->begin(),
packageInfoData.sharedSignaturesVector->end(),
std::back_inserter(packageInfo.signatures));
invokeReadWriteParcel(&packageInfo);
}

10
keystore/tests/fuzzer/keystoreSignature_fuzzer.cpp
View file

@ -14,7 +14,9 @@
* limitations under the License.
*/
#include "keystoreCommon.h"
#include <keystore/Signature.h>
#include <android/security/keystore/Signature.h>
using ::android::security::keystore::Signature;
class KeystoreSignatureFuzzer {
public:
@ -27,15 +29,15 @@ class KeystoreSignatureFuzzer {
};
void KeystoreSignatureFuzzer::invokeSignature() {
std::optional<Signature> signature;
Signature signature;
bool shouldUseParameterizedConstructor = mFdp->ConsumeBool();
if (shouldUseParameterizedConstructor) {
std::vector<uint8_t> signatureData = initSignatureData(mFdp.get());
signature = Signature(signatureData);
signature.data = signatureData;
} else {
signature = Signature();
}
invokeReadWriteParcel(&signature.value());
invokeReadWriteParcel(&signature);
}
void KeystoreSignatureFuzzer::process(const uint8_t* data, size_t size) {