OSDN > Developer > pins_enock > Chamber > system-hardware-interfaces > Commit

system-hardware-interfaces
Fork

Fork origin: android-x86 / system-hardware-interfaces

R/O
HTTP
SSH
HTTPS

Commit

Commit MetaInfo

Revisão	ce7ccf42a9a803f46217409028fed417ab2a22ce (tree)
Hora	2019-02-01 01:29:41
Autor	Branden Archer <brarcher@goog...>
Commiter	android-build-merger

Mensagem de Log

Add VTS for Wifi Keystore HAL's sign() am: 317497a968 am: 316ec32f1a
am: 84df885f1c

Change-Id: I908c7f15a79016595f6d138075246f94b50a2edb

Mudança Sumário

modified: wifi/keystore/1.0/vts/functional/Android.bp (diff)
modified: wifi/keystore/1.0/vts/functional/VtsHalWifiKeystoreV1_0TargetTest.cpp (diff)

Diff

--- a/wifi/keystore/1.0/vts/functional/Android.bp

+++ b/wifi/keystore/1.0/vts/functional/Android.bp

		@@ -28,6 +28,12 @@ cc_test {
28	28	"libnativehelper",
29	29	"libutils",
30	30	"android.system.wifi.keystore@1.0",
	31	+ "libwifikeystorehal",
	32	+ "libkeystore_binder",
	33	+ "libbinder",
	34	+ "libkeystore_aidl",
	35	+ "libkeystore_parcelables",
	36	+ "libkeymaster4support",
31	37	],
32	38	static_libs: ["VtsHalHidlTargetTestBase"],
33	39	cflags: [

--- a/wifi/keystore/1.0/vts/functional/VtsHalWifiKeystoreV1_0TargetTest.cpp

+++ b/wifi/keystore/1.0/vts/functional/VtsHalWifiKeystoreV1_0TargetTest.cpp

		@@ -17,10 +17,233 @@
17	17	#include <android-base/logging.h>
18	18
19	19	#include <VtsHalHidlTargetTestBase.h>
	20	+#include <binder/ProcessState.h>
	21	+#include <keymasterV4_0/authorization_set.h>
	22	+#include <keystore/keystore_promises.h>
	23	+#include <private/android_filesystem_config.h>
	24	+#include <utils/String16.h>
	25	+#include <wifikeystorehal/keystore.h>
	26	+
	27	+using namespace std;
	28	+using namespace ::testing;
	29	+using namespace android;
	30	+using namespace android::binder;
	31	+using namespace android::security::keystore;
	32	+using namespace android::security::keymaster;
	33	+using namespace android::system::wifi::keystore::V1_0;
20	34
21	35	int main(int argc, char** argv) {
22		- ::testing::InitGoogleTest(&argc, argv);
	36	+ // Start thread pool for Binder
	37	+ android::ProcessState::self()->startThreadPool();
	38	+
	39	+ InitGoogleTest(&argc, argv);
23	40	int status = RUN_ALL_TESTS();
24		- LOG(INFO) << "Test result = " << status;
25	41	return status;
26	42	}
	43	+
	44	+namespace {
	45	+
	46	+enum KeyPurpose {
	47	+ ENCRYPTION,
	48	+ SIGNING,
	49	+};
	50	+
	51	+// The fixture for testing the Wifi Keystore HAL
	52	+class WifiKeystoreHalTest : public Test {
	53	+ protected:
	54	+ void SetUp() override {
	55	+ keystore = implementation::HIDL_FETCH_IKeystore(nullptr);
	56	+
	57	+ sp<android::IServiceManager> service_manager = android::defaultServiceManager();
	58	+ sp<android::IBinder> keystore_binder =
	59	+ service_manager->getService(String16(kKeystoreServiceName));
	60	+ service = interface_cast<IKeystoreService>(keystore_binder);
	61	+
	62	+ EXPECT_NE(nullptr, service.get());
	63	+
	64	+ deleteKey(kTestKeyName);
	65	+ }
	66	+
	67	+ void TearDown() override { deleteKey(kTestKeyName); }
	68	+
	69	+ /**
	70	+ * Delete a key if it exists.
	71	+ *
	72	+ * @param keyName: name of the key to delete
	73	+ *
	74	+ * @return true iff the key existed and is now deleted, false otherwise.
	75	+ */
	76	+ bool deleteKey(std::string keyName) {
	77	+ String16 keyName16(keyName.data(), keyName.size());
	78	+ int32_t result;
	79	+ auto binder_result = service->del(keyName16, -1 /* process' uid*/, &result);
	80	+ if (!binder_result.isOk()) {
	81	+ cout << "deleteKey: failed binder call" << endl;
	82	+ return false;
	83	+ }
	84	+
	85	+ keystore::KeyStoreNativeReturnCode wrappedResult(result);
	86	+ return wrappedResult.isOk();
	87	+ }
	88	+
	89	+ /**
	90	+ * Generate a key for a specific purpose.
	91	+ *
	92	+ * This generates a key which can be used either for signing
	93	+ * or encryption. The signing key is setup to be used in
	94	+ * the Wifi Keystore HAL's sign() call. The data
	95	+ * about the key returning from its generation is discarded.
	96	+ * If this returns 'true' the key generation has completed
	97	+ * and the key is ready for use.
	98	+ *
	99	+ * @param keyName: name of the key to generate
	100	+ * @param purpose: the purpose the generated key will support
	101	+ *
	102	+ * @return true iff the key was successfully generated and is
	103	+ * ready for use, false otherwise.
	104	+ */
	105	+ bool generateKey(std::string keyName, KeyPurpose purpose) {
	106	+ constexpr uint32_t kAESKeySize = 256;
	107	+
	108	+ int32_t aidl_return;
	109	+ vector<uint8_t> entropy;
	110	+ keystore::AuthorizationSetBuilder key_parameters;
	111	+ if (purpose == KeyPurpose::SIGNING) {
	112	+ key_parameters.EcdsaSigningKey(kAESKeySize);
	113	+ }
	114	+
	115	+ if (purpose == KeyPurpose::ENCRYPTION) {
	116	+ key_parameters.AesEncryptionKey(kAESKeySize);
	117	+ }
	118	+
	119	+ key_parameters.NoDigestOrPadding()
	120	+ .Authorization(keystore::keymaster::TAG_BLOCK_MODE, keystore::keymaster::BlockMode::CBC)
	121	+ .Authorization(keystore::keymaster::TAG_NO_AUTH_REQUIRED);
	122	+
	123	+ sp<keystore::KeyCharacteristicsPromise> promise(new keystore::KeyCharacteristicsPromise);
	124	+ auto future = promise->get_future();
	125	+
	126	+ String16 keyName16(keyName.data(), keyName.size());
	127	+
	128	+ fflush(stdout);
	129	+ auto binder_result = service->generateKey(
	130	+ promise, keyName16, KeymasterArguments(key_parameters.hidl_data()), entropy,
	131	+ -1, // create key for process' uid
	132	+ 0, // empty flags; pick default key provider
	133	+ &aidl_return);
	134	+
	135	+ if (!binder_result.isOk()) {
	136	+ cout << "generateKey: Failed binder call" << endl;
	137	+ return false;
	138	+ }
	139	+
	140	+ keystore::KeyStoreNativeReturnCode rc(aidl_return);
	141	+ if (!rc.isOk()) {
	142	+ cout << "generateKey: Failed to generate key" << endl;
	143	+ return false;
	144	+ }
	145	+
	146	+ auto [km_response, characteristics] = future.get();
	147	+
	148	+ return true;
	149	+ }
	150	+
	151	+ /**
	152	+ * Creates a TYPE_GENERIC key blob. This cannot be used for signing.
	153	+ *
	154	+ * @param keyName: name of the key to generate.
	155	+ *
	156	+ * @returns true iff the key was successfully created, false otherwise.
	157	+ */
	158	+ bool insert(std::string keyName) {
	159	+ int32_t aidl_return;
	160	+ vector<uint8_t> item;
	161	+
	162	+ String16 keyName16(keyName.data(), keyName.size());
	163	+ auto binder_result = service->insert(keyName16, item,
	164	+ -1, // Use process' uid
	165	+ 0, // empty flags; pick default key provider
	166	+ &aidl_return);
	167	+
	168	+ if (!binder_result.isOk()) {
	169	+ cout << "insert: Failed binder call" << endl;
	170	+ return false;
	171	+ }
	172	+
	173	+ keystore::KeyStoreNativeReturnCode rc(aidl_return);
	174	+ if (!rc.isOk()) {
	175	+ cout << "insert: Failed to generate key" << endl;
	176	+ return false;
	177	+ }
	178	+
	179	+ return true;
	180	+ }
	181	+
	182	+ constexpr static const char kKeystoreServiceName[] = "android.security.keystore";
	183	+ constexpr static const char kTestKeyName[] = "TestKeyName";
	184	+
	185	+ IKeystore* keystore = nullptr;
	186	+ sp<IKeystoreService> service;
	187	+};
	188	+
	189	+/**
	190	+ * Test for the Wifi Keystore HAL's sign() call.
	191	+ */
	192	+TEST_F(WifiKeystoreHalTest, Sign) {
	193	+ IKeystore::KeystoreStatusCode statusCode;
	194	+
	195	+ auto callback = [&statusCode](IKeystore::KeystoreStatusCode status,
	196	+ const ::android::hardware::hidl_vec<uint8_t>& /value/) {
	197	+ statusCode = status;
	198	+ return;
	199	+ };
	200	+
	201	+ ::android::hardware::hidl_vec<uint8_t> dataToSign;
	202	+
	203	+ // These attempts do not include an existing key to use
	204	+
	205	+ keystore->sign(nullptr, dataToSign, callback);
	206	+ EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
	207	+
	208	+ keystore->sign("", dataToSign, callback);
	209	+ EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
	210	+
	211	+ bool result = generateKey(kTestKeyName, KeyPurpose::SIGNING);
	212	+ EXPECT_EQ(result, true);
	213	+
	214	+ // The data to sign is empty, and a failure is expected
	215	+
	216	+ keystore->sign(kTestKeyName, dataToSign, callback);
	217	+ EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
	218	+
	219	+ // With data the signing attempt should succeed
	220	+
	221	+ dataToSign.resize(100);
	222	+ keystore->sign(kTestKeyName, dataToSign, callback);
	223	+ EXPECT_EQ(IKeystore::KeystoreStatusCode::SUCCESS, statusCode);
	224	+
	225	+ // Create a key which cannot sign; any signing attempt should fail.
	226	+
	227	+ result = deleteKey(kTestKeyName);
	228	+ EXPECT_EQ(result, true);
	229	+
	230	+ result = generateKey(kTestKeyName, KeyPurpose::ENCRYPTION);
	231	+ EXPECT_EQ(result, true);
	232	+
	233	+ keystore->sign(kTestKeyName, dataToSign, callback);
	234	+ EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
	235	+
	236	+ // Generate a TYPE_GENERIC key instead of a TYPE_KEYMASTER_10 key.
	237	+ // This also cannot be used to sign.
	238	+
	239	+ result = deleteKey(kTestKeyName);
	240	+ EXPECT_EQ(result, true);
	241	+
	242	+ result = insert(kTestKeyName);
	243	+ EXPECT_EQ(result, true);
	244	+
	245	+ keystore->sign(kTestKeyName, dataToSign, callback);
	246	+ EXPECT_EQ(IKeystore::KeystoreStatusCode::ERROR_UNKNOWN, statusCode);
	247	+}
	248	+
	249	+} // namespace

system-hardware-interfaces Fork