Merge "Fixing security vuln by tightening race condition window."
diff --git a/keystore-engine/Android.mk b/keystore-engine/Android.mk
index 8988857..c995dfc 100644
--- a/keystore-engine/Android.mk
+++ b/keystore-engine/Android.mk
@@ -30,6 +30,7 @@
libcrypto \
libcutils \
libhidlbase \
+ libkeystore_aidl \
libkeystore_binder \
liblog \
libutils
diff --git a/keystore/Android.bp b/keystore/Android.bp
index 68a81e6..42fcf8e 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -50,7 +50,9 @@
"libkeymaster_messages",
"libkeymaster_portable",
"libkeymaster_staging",
+ "libkeystore_aidl",
"libkeystore_binder",
+ "libkeystore_parcelables",
"liblog",
"libselinux",
"libsoftkeymasterdevice",
@@ -82,7 +84,9 @@
"libcutils",
"libhidlbase",
"libhwbinder",
+ "libkeystore_aidl", // for IKeyStoreService.asInterface()
"libkeystore_binder",
+ "libkeystore_parcelables",
"liblog",
"libutils",
],
@@ -109,12 +113,23 @@
local_include_dirs: ["include"],
}
-cc_library_headers {
- name: "libkeystore_headers",
+cc_library_shared {
+ name: "libkeystore_parcelables",
+ defaults: ["keystore_defaults"],
export_include_dirs: ["include"],
+ srcs: [
+ "KeyAttestationApplicationId.cpp",
+ "KeyAttestationPackageInfo.cpp",
+ "KeymasterArguments.cpp",
+ "KeystoreArguments.cpp",
+ "OperationResult.cpp",
+ "Signature.cpp",
+ "keystore_aidl_hidl_marshalling_utils.cpp",
+ ],
shared_libs: [
"android.hardware.keymaster@3.0",
"libbinder",
+ "libhardware",
"libhidlbase",
"libhwbinder",
"liblog",
@@ -134,27 +149,21 @@
defaults: ["keystore_defaults"],
srcs: [
- "KeyAttestationApplicationId.cpp",
- "KeyAttestationPackageInfo.cpp",
- "KeymasterArguments.cpp",
- "KeystoreArguments.cpp",
- "OperationResult.cpp",
- "Signature.cpp",
"authorization_set.cpp",
"keyblob_utils.cpp",
- "keystore_aidl_hidl_marshalling_utils.cpp",
"keystore_client.proto",
"keystore_client_impl.cpp",
"keystore_get.cpp",
"keystore_tags_utils.cpp",
],
- static_libs: ["libkeystore_aidl",],
shared_libs: [
"android.hardware.keymaster@3.0",
"libbinder",
"libhidlbase",
"libhwbinder",
"liblog",
+ "libkeystore_aidl",
+ "libkeystore_parcelables",
"libprotobuf-cpp-lite",
"libutils",
],
@@ -168,14 +177,13 @@
include_dirs: ["frameworks/base/core/java/"],
},
export_include_dirs: ["include"],
- export_static_lib_headers: [
- "libkeystore_aidl",
- ],
export_shared_lib_headers: [
"android.hardware.keymaster@3.0",
"libbinder",
"libhidlbase",
"libhwbinder",
+ "libkeystore_aidl",
+ "libkeystore_parcelables",
],
}
diff --git a/keystore/include/keystore/KeymasterArguments.h b/keystore/include/keystore/KeymasterArguments.h
index d14e270..0e7e64d 100644
--- a/keystore/include/keystore/KeymasterArguments.h
+++ b/keystore/include/keystore/KeymasterArguments.h
@@ -17,7 +17,6 @@
#include "authorization_set.h"
#include <binder/Parcelable.h>
-#include <hardware/keymaster_defs.h>
namespace android {
namespace security {
diff --git a/keystore/include/keystore/KeystoreArguments.h b/keystore/include/keystore/KeystoreArguments.h
index 44e1436..a54a6d2 100644
--- a/keystore/include/keystore/KeystoreArguments.h
+++ b/keystore/include/keystore/KeystoreArguments.h
@@ -17,7 +17,6 @@
#include "KeystoreArg.h"
#include <binder/Parcelable.h>
-#include <hardware/keymaster_defs.h>
#include <utils/RefBase.h>
namespace android {
diff --git a/keystore/include/keystore/OperationResult.h b/keystore/include/keystore/OperationResult.h
index e84d1e9..ada88fe 100644
--- a/keystore/include/keystore/OperationResult.h
+++ b/keystore/include/keystore/OperationResult.h
@@ -19,7 +19,6 @@
#include "keystore_return_types.h"
#include <binder/Parcelable.h>
#include <binder/Parcel.h>
-#include <hardware/keymaster_defs.h>
namespace android {
namespace security {
diff --git a/keystore/include/keystore/keystore_hidl_support.h b/keystore/include/keystore/keystore_hidl_support.h
index 2a4d1eb..0edaa3b 100644
--- a/keystore/include/keystore/keystore_hidl_support.h
+++ b/keystore/include/keystore/keystore_hidl_support.h
@@ -125,8 +125,8 @@
template <typename T, typename InIter>
inline static InIter copy_bytes_from_iterator(T* value, InIter src) {
uint8_t* value_ptr = reinterpret_cast<uint8_t*>(value);
- std::copy(src, src + sizeof(value), value_ptr);
- return src + sizeof(value);
+ std::copy(src, src + sizeof(T), value_ptr);
+ return src + sizeof(T);
}
inline static HardwareAuthToken hidlVec2AuthToken(const hidl_vec<uint8_t>& buffer) {
diff --git a/keystore/tests/Android.bp b/keystore/tests/Android.bp
index 5718b73..6d8f75d 100644
--- a/keystore/tests/Android.bp
+++ b/keystore/tests/Android.bp
@@ -6,7 +6,11 @@
"-Werror",
"-Wextra",
],
- srcs: ["auth_token_table_test.cpp"],
+ srcs: [
+ "auth_token_table_test.cpp",
+ "auth_token_formatting_test.cpp",
+ "gtest_main.cpp",
+ ],
name: "keystore_unit_tests",
tags: ["test"],
static_libs: [
diff --git a/keystore/tests/auth_token_formatting_test.cpp b/keystore/tests/auth_token_formatting_test.cpp
new file mode 100644
index 0000000..d6e712e
--- /dev/null
+++ b/keystore/tests/auth_token_formatting_test.cpp
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <gtest/gtest.h>
+
+#include <endian.h>
+#include <keymaster/logger.h>
+#include <hidl/HidlSupport.h>
+#include <android/hardware/keymaster/3.0/types.h>
+#include <hardware/hw_auth_token.h>
+
+#include "../auth_token_table.h"
+#include <keystore/keystore_hidl_support.h>
+
+using std::vector;
+
+namespace keystore {
+namespace test {
+
+namespace {
+
+class StdoutLogger : public keymaster::Logger {
+ public:
+ StdoutLogger() { set_instance(this); }
+
+ int log_msg(LogLevel level, const char* fmt, va_list args) const {
+ int output_len = 0;
+ switch (level) {
+ case DEBUG_LVL:
+ output_len = printf("DEBUG: ");
+ break;
+ case INFO_LVL:
+ output_len = printf("INFO: ");
+ break;
+ case WARNING_LVL:
+ output_len = printf("WARNING: ");
+ break;
+ case ERROR_LVL:
+ output_len = printf("ERROR: ");
+ break;
+ case SEVERE_LVL:
+ output_len = printf("SEVERE: ");
+ break;
+ }
+
+ output_len += vprintf(fmt, args);
+ output_len += printf("\n");
+ return output_len;
+ }
+};
+
+StdoutLogger logger;
+
+}
+
+
+using android::hardware::keymaster::V3_0::HardwareAuthToken;
+using android::hardware::hidl_vec;
+using android::hardware::hidl_array;
+
+constexpr const uint8_t test_token[69] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+ 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+ 0x40, 0x41, 0x42, 0x43, 0x44
+};
+
+
+constexpr const uint8_t test_hmac_data[] = {
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c,
+ 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, 0x33, 0x34,
+ 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c,
+ 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44 };
+
+static const HardwareAuthToken hidl_test_token_little_endian = {
+ UINT64_C(0x0807060504030201),
+ UINT64_C(0x100f0e0d0c0b0a09),
+ UINT64_C(0x1817161514131211),
+ UINT32_C(0x1c1b1a19),
+ UINT64_C(0x24232221201f1e1d),
+ hidl_array<uint8_t, 32>(test_hmac_data)
+};
+
+
+TEST(AuthenticationTokenFormattingTest, hidlVec2AuthToken) {
+ static_assert(sizeof(hw_auth_token_t) == sizeof(test_token), "test_token has wrong size");
+ hidl_vec<uint8_t> hidl_test_token;
+ hidl_test_token.setToExternal(const_cast<unsigned char*>(test_token), sizeof(test_token));
+ ASSERT_EQ(hidl_test_token_little_endian, hidlVec2AuthToken(hidl_test_token));
+}
+
+TEST(AuthenticationTokenFormattingTest, authToken2HidlVec) {
+ static_assert(sizeof(hw_auth_token_t) == sizeof(test_token), "test_token has wrong size");
+ hidl_vec<uint8_t> hidl_test_token;
+ hidl_test_token.setToExternal(const_cast<unsigned char*>(test_token), sizeof(test_token));
+ ASSERT_EQ(hidl_test_token, authToken2HidlVec(hidl_test_token_little_endian));
+}
+
+TEST(AuthenticationTokenFormattingTest, backAndForth) {
+ static_assert(sizeof(hw_auth_token_t) == sizeof(test_token), "test_token has wrong size");
+ hidl_vec<uint8_t> hidl_test_token;
+ hidl_test_token.setToExternal(const_cast<unsigned char*>(test_token), sizeof(test_token));
+ ASSERT_EQ(hidl_test_token_little_endian, hidlVec2AuthToken(authToken2HidlVec(hidl_test_token_little_endian)));
+}
+
+TEST(AuthenticationTokenFormattingTest, forthAndBack) {
+ static_assert(sizeof(hw_auth_token_t) == sizeof(test_token), "test_token has wrong size");
+ hidl_vec<uint8_t> hidl_test_token;
+ hidl_test_token.setToExternal(const_cast<unsigned char*>(test_token), sizeof(test_token));
+ ASSERT_EQ(hidl_test_token, authToken2HidlVec(hidlVec2AuthToken(hidl_test_token)));
+}
+
+} // namespace keymaster
+} // namespace test