Snap for 12359238 from dd1673f69ac8bb07d893b1d913efa4a411e52299 to android15-tests-release Change-Id: Icf9174ac22d6a50e1c445e5e133fb6fcd03b32d7
diff --git a/app/apploader/tests/apploader_test.c b/app/apploader/tests/apploader_test.c index a58d36f..25e53a1 100644 --- a/app/apploader/tests/apploader_test.c +++ b/app/apploader/tests/apploader_test.c
@@ -17,6 +17,7 @@ #include <interface/apploader/apploader.h> #include <interface/apploader/apploader_secure.h> #include <inttypes.h> +#include <lib/rng/trusty_rng.h> #include <lib/system_state/system_state.h> #include <lib/tipc/tipc.h> #include <lib/unittest/unittest.h> @@ -515,6 +516,50 @@ test_abort:; } +extern char integrity_test_app_start[], integrity_test_app_end[]; + +TEST_F(apploader_user, LoadCmdCorruptImage) { + uint32_t error = APPLOADER_NO_ERROR; + + const uint8_t bits_per_byte = 8; + const size_t max_bit_flip_count = 1 << 9; + uint8_t* const app_buf = (void*)integrity_test_app_start; + const size_t app_size = integrity_test_app_end - integrity_test_app_start; + + unsigned int seed; + int rc = trusty_rng_hw_rand((uint8_t*)&seed, sizeof seed); + ASSERT_EQ(rc, NO_ERROR); + srand(seed); + + for (size_t i = 0; i < max_bit_flip_count; ++i) { + const size_t bit_offset = rand() % (app_size * bits_per_byte); + const size_t byte_offset = bit_offset / bits_per_byte; + const uint8_t bit_offset_in_byte = bit_offset % bits_per_byte; + const uint8_t mask = 1 << bit_offset_in_byte; + + app_buf[byte_offset] ^= mask; + error = load_test_app(_state->channel, integrity_test_app_start, + integrity_test_app_end); + + ASSERT_EQ(false, HasFailure()); + ASSERT_EQ(error, APPLOADER_ERR_VERIFICATION_FAILED, + "Unexpected signature verification success. " + "Offending byte::bit: %zu::%d (bit offset: %zu) of " + "total bytes: %zu\n", + byte_offset, (int)bit_offset_in_byte, bit_offset, app_size); + + app_buf[byte_offset] ^= mask; /* Restore the flipped bit */ + } + + error = load_test_app(_state->channel, integrity_test_app_start, + integrity_test_app_end); + ASSERT_EQ(false, HasFailure()); + ASSERT_EQ(true, error == APPLOADER_NO_ERROR || + error == APPLOADER_ERR_ALREADY_EXISTS); + +test_abort:; +} + typedef struct apploader_service { handle_t channel; } apploader_service_t;
diff --git a/app/apploader/tests/integrity_test_app/integrity_test_app.c b/app/apploader/tests/integrity_test_app/integrity_test_app.c new file mode 100644 index 0000000..801fdcc --- /dev/null +++ b/app/apploader/tests/integrity_test_app/integrity_test_app.c
@@ -0,0 +1,19 @@ +/* + * Copyright (C) 2024 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +int main(void) { + return 0; +}
diff --git a/app/apploader/tests/integrity_test_app/manifest.json b/app/apploader/tests/integrity_test_app/manifest.json new file mode 100644 index 0000000..da2f8fa --- /dev/null +++ b/app/apploader/tests/integrity_test_app/manifest.json
@@ -0,0 +1,5 @@ +{ + "uuid": "6e321238-1c38-42af-9a3e-008a6083c410", + "min_heap": 4096, + "min_stack": 4096 +}
diff --git a/app/apploader/tests/integrity_test_app/rules.mk b/app/apploader/tests/integrity_test_app/rules.mk new file mode 100644 index 0000000..3cf58af --- /dev/null +++ b/app/apploader/tests/integrity_test_app/rules.mk
@@ -0,0 +1,28 @@ +# Copyright (C) 2024 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +LOCAL_DIR := $(GET_LOCAL_DIR) + +MODULE := $(LOCAL_DIR) + +MANIFEST := $(LOCAL_DIR)/manifest.json + +MODULE_SRCS += \ + $(LOCAL_DIR)/integrity_test_app.c \ + +MODULE_LIBRARY_DEPS += \ + trusty/user/base/lib/libc-trusty \ + +include make/trusted_app.mk
diff --git a/app/apploader/tests/rules.mk b/app/apploader/tests/rules.mk index 4ba5b5e..9b6025c 100644 --- a/app/apploader/tests/rules.mk +++ b/app/apploader/tests/rules.mk
@@ -25,6 +25,7 @@ MODULE_LIBRARY_DEPS += \ trusty/user/base/lib/libc-trusty \ + trusty/user/base/lib/rng \ trusty/user/base/lib/system_state \ trusty/user/base/lib/tipc \ trusty/user/base/lib/unittest \ @@ -58,6 +59,9 @@ ENCRYPTION_TEST_APP_UNENCRYPTED_APP_ENCRYPTION_REQUIRED := \ $(APPLOADER_TESTS_DIR)/encryption_test_apps/unencrypted_app/encryption_required/encryption_required.app +INTEGRITY_TEST_APP := \ + $(APPLOADER_TESTS_DIR)/integrity_test_app/integrity_test_app.app + MODULE_ASMFLAGS += \ -DVERSION_TEST_APP_V1=\"$(VERSION_TEST_APP_V1)\" \ -DVERSION_TEST_APP_V2=\"$(VERSION_TEST_APP_V2)\" \ @@ -70,6 +74,7 @@ -DENCRYPTION_TEST_APP_ENCRYPTED_APP_ENCRYPTION_REQUIRED=\"$(ENCRYPTION_TEST_APP_ENCRYPTED_APP_ENCRYPTION_REQUIRED)\" \ -DENCRYPTION_TEST_APP_UNENCRYPTED_APP_ENCRYPTION_OPTIONAL=\"$(ENCRYPTION_TEST_APP_UNENCRYPTED_APP_ENCRYPTION_OPTIONAL)\" \ -DENCRYPTION_TEST_APP_UNENCRYPTED_APP_ENCRYPTION_REQUIRED=\"$(ENCRYPTION_TEST_APP_UNENCRYPTED_APP_ENCRYPTION_REQUIRED)\" \ + -DINTEGRITY_TEST_APP=\"$(INTEGRITY_TEST_APP)\" \ MODULE_SRCDEPS += \ $(VERSION_TEST_APP_V1) \ @@ -83,5 +88,6 @@ $(ENCRYPTION_TEST_APP_ENCRYPTED_APP_ENCRYPTION_REQUIRED) \ $(ENCRYPTION_TEST_APP_UNENCRYPTED_APP_ENCRYPTION_OPTIONAL) \ $(ENCRYPTION_TEST_APP_UNENCRYPTED_APP_ENCRYPTION_REQUIRED) \ + $(INTEGRITY_TEST_APP) \ include make/trusted_app.mk
diff --git a/app/apploader/tests/test_apps.S b/app/apploader/tests/test_apps.S index 91aed60..b82874d 100644 --- a/app/apploader/tests/test_apps.S +++ b/app/apploader/tests/test_apps.S
@@ -99,3 +99,10 @@ encryption_test_app_unencrypted_app_encryption_required_start: .incbin ENCRYPTION_TEST_APP_UNENCRYPTED_APP_ENCRYPTION_REQUIRED encryption_test_app_unencrypted_app_encryption_required_end: + +.global integrity_test_app_start, integrity_test_app_end +.hidden integrity_test_app_start, integrity_test_app_end +.balign 4096 +integrity_test_app_start: +.incbin INTEGRITY_TEST_APP +integrity_test_app_end:
diff --git a/app/metrics/rules.mk b/app/metrics/rules.mk index e538b81..d2963a3 100644 --- a/app/metrics/rules.mk +++ b/app/metrics/rules.mk
@@ -31,9 +31,5 @@ trusty/user/base/lib/metrics_atoms \ trusty/user/base/lib/tipc \ trusty/user/base/interface/metrics \ - trusty/user/base/interface/stats/nw \ - trusty/user/base/interface/stats/tz \ - trusty/user/base/interface/stats_setter \ - frameworks/native/libs/binder/trusty \ include make/trusted_app.mk
diff --git a/lib/apploader_package/cose.cpp b/lib/apploader_package/cose.cpp index ce4bfae..3b86faf 100644 --- a/lib/apploader_package/cose.cpp +++ b/lib/apploader_package/cose.cpp
@@ -198,39 +198,15 @@ return false; } - const BIGNUM* rBn; - const BIGNUM* sBn; - ECDSA_SIG_get0(sig.get(), &rBn, &sBn); - - /* - * Older versions of OpenSSL also do not have BN_bn2binpad, - * so we need to use BN_bn2bin with the correct offsets. - * Each of the output values is a 32-byte big-endian number, - * while the inputs are BIGNUMs stored in host format. - * We can insert the padding ourselves by zeroing the output array, - * then placing the output of BN_bn2bin so its end aligns - * with the end of the 32-byte big-endian number. - */ - auto rBnSize = BN_num_bytes(rBn); - if (rBnSize < 0 || static_cast<size_t>(rBnSize) > kEcdsaValueSize) { - COSE_PRINT_ERROR("Invalid ECDSA r value size (%d)\n", rBnSize); - return false; - } - auto sBnSize = BN_num_bytes(sBn); - if (sBnSize < 0 || static_cast<size_t>(sBnSize) > kEcdsaValueSize) { - COSE_PRINT_ERROR("Invalid ECDSA s value size (%d)\n", sBnSize); - return false; - } - ecdsaCoseSignature.clear(); - ecdsaCoseSignature.resize(kEcdsaSignatureSize, 0); - if (BN_bn2bin(rBn, ecdsaCoseSignature.data() + kEcdsaValueSize - rBnSize) != - rBnSize) { + ecdsaCoseSignature.resize(kEcdsaSignatureSize); + if (!BN_bn2bin_padded(ecdsaCoseSignature.data(), kEcdsaValueSize, + ECDSA_SIG_get0_r(sig.get()))) { COSE_PRINT_ERROR("Error encoding r\n"); return false; } - if (BN_bn2bin(sBn, ecdsaCoseSignature.data() + kEcdsaSignatureSize - - sBnSize) != sBnSize) { + if (!BN_bn2bin_padded(ecdsaCoseSignature.data() + kEcdsaValueSize, + kEcdsaValueSize, ECDSA_SIG_get0_s(sig.get()))) { COSE_PRINT_ERROR("Error encoding s\n"); return false; }
diff --git a/lib/hwbcc/client/rules.mk b/lib/hwbcc/client/rules.mk index 2d59146..c511691 100644 --- a/lib/hwbcc/client/rules.mk +++ b/lib/hwbcc/client/rules.mk
@@ -16,6 +16,8 @@ MODULE := $(LOCAL_DIR) +MODULE_SDK_LIB_NAME := hwbcc_client + MODULE_SRCS := \ $(LOCAL_DIR)/hwbcc.c \
diff --git a/lib/hwbcc/common/include/lib/hwbcc/common/swbcc.h b/lib/hwbcc/common/include/lib/hwbcc/common/swbcc.h index f9565d1..7e6806f 100644 --- a/lib/hwbcc/common/include/lib/hwbcc/common/swbcc.h +++ b/lib/hwbcc/common/include/lib/hwbcc/common/swbcc.h
@@ -47,6 +47,13 @@ int swbcc_init(swbcc_session_t* s, const struct uuid* client); +/** + * swbcc_get_client() - Get UUID of session client. + * @s - swbcc session data + * @client - uuid of swbcc session client + */ +void swbcc_get_client(const swbcc_session_t s, struct uuid* client); + void swbcc_close(swbcc_session_t s); int swbcc_sign_key(swbcc_session_t s,
diff --git a/lib/hwbcc/common/swbcc.c b/lib/hwbcc/common/swbcc.c index 81f82cd..a0af7e2 100644 --- a/lib/hwbcc/common/swbcc.c +++ b/lib/hwbcc/common/swbcc.c
@@ -288,6 +288,11 @@ return rc; } +void swbcc_get_client(swbcc_session_t s, struct uuid* client) { + struct swbcc_session* session = (struct swbcc_session*)s; + memcpy(client, &session->client_uuid, sizeof(struct uuid)); +} + int swbcc_ns_deprivilege(swbcc_session_t s) { srv_state.ns_deprivileged = true; return NO_ERROR;
diff --git a/lib/hwbcc/test/main.cpp b/lib/hwbcc/test/main.cpp index 5377544..cb57b2c 100644 --- a/lib/hwbcc/test/main.cpp +++ b/lib/hwbcc/test/main.cpp
@@ -60,6 +60,14 @@ swbcc_close(_state->s); } +TEST_F(swbcc, get_client) { + struct uuid client; + swbcc_get_client(_state->s, &client); + ASSERT_EQ(memcmp(&client, &self_uuid, sizeof(struct uuid)), 0); + +test_abort:; +} + TEST_F(swbcc, mac) { int rc; uint8_t cose_sign1[HWBCC_MAX_RESP_PAYLOAD_SIZE];
diff --git a/lib/keybox/client/rules.mk b/lib/keybox/client/rules.mk index 66f95fe..df5daab 100644 --- a/lib/keybox/client/rules.mk +++ b/lib/keybox/client/rules.mk
@@ -16,6 +16,8 @@ MODULE := $(LOCAL_DIR) +MODULE_SDK_LIB_NAME := keybox_client + MODULE_SRCS := \ $(LOCAL_DIR)/client.c \
diff --git a/lib/keymint-rust/boringssl/rules.mk b/lib/keymint-rust/boringssl/rules.mk index 1b9bdf8..f02e715 100644 --- a/lib/keymint-rust/boringssl/rules.mk +++ b/lib/keymint-rust/boringssl/rules.mk
@@ -23,7 +23,6 @@ MODULE_RUSTFLAGS += \ --cfg 'soong' \ - --allow rustdoc::broken-intra-doc-links \ MODULE_LIBRARY_EXPORTED_DEPS += \ trusty/user/base/lib/bssl-sys-rust \
diff --git a/lib/keymint-rust/common/rules.mk b/lib/keymint-rust/common/rules.mk index eb860f4..5d5397d 100644 --- a/lib/keymint-rust/common/rules.mk +++ b/lib/keymint-rust/common/rules.mk
@@ -21,9 +21,6 @@ MODULE_CRATE_NAME := kmr_common -MODULE_RUSTFLAGS += \ - --allow rustdoc::broken-intra-doc-links \ - MODULE_LIBRARY_EXPORTED_DEPS += \ $(call FIND_CRATE,enumn) \ trusty/user/base/host/keymint-rust/derive \
diff --git a/lib/keymint-rust/ta/rules.mk b/lib/keymint-rust/ta/rules.mk index 48057ce..b2a8f8c 100644 --- a/lib/keymint-rust/ta/rules.mk +++ b/lib/keymint-rust/ta/rules.mk
@@ -21,9 +21,6 @@ MODULE_CRATE_NAME := kmr_ta -MODULE_RUSTFLAGS += \ - --allow rustdoc::broken-intra-doc-links \ - MODULE_LIBRARY_EXPORTED_DEPS += \ $(call FIND_CRATE,ciborium) \ $(call FIND_CRATE,ciborium-io) \
diff --git a/lib/keymint-rust/wire/rules.mk b/lib/keymint-rust/wire/rules.mk index 685a26a..c96467b 100644 --- a/lib/keymint-rust/wire/rules.mk +++ b/lib/keymint-rust/wire/rules.mk
@@ -26,7 +26,7 @@ --cfg 'feature="hal_v3"' \ MODULE_LIBRARY_EXPORTED_DEPS += \ - $(call FIND_CRATE,enumn) \ + $(call FIND_CRATE,enumn) \ trusty/user/base/host/keymint-rust/derive \ $(call FIND_CRATE,ciborium-io) \ $(call FIND_CRATE,ciborium) \
diff --git a/lib/libcompiler_builtins-rust/rules.mk b/lib/libcompiler_builtins-rust/rules.mk index 113e552..86472c1 100644 --- a/lib/libcompiler_builtins-rust/rules.mk +++ b/lib/libcompiler_builtins-rust/rules.mk
@@ -41,6 +41,9 @@ MODULE_RUSTFLAGS += \ -A unstable-name-collisions +# Int and Float traits have some unused internal methods (for now) +MODULE_RUSTFLAGS += -A dead-code + MODULE_ADD_IMPLICIT_DEPS := false MODULE_SKIP_DOCS := true
diff --git a/lib/pmu/aarch64 b/lib/pmu/aarch64 new file mode 120000 index 0000000..9adaa1c --- /dev/null +++ b/lib/pmu/aarch64
@@ -0,0 +1 @@ +../../../../kernel/lib/pmu/aarch64 \ No newline at end of file
diff --git a/lib/pmu/include b/lib/pmu/include new file mode 120000 index 0000000..81ba4ea --- /dev/null +++ b/lib/pmu/include
@@ -0,0 +1 @@ +../../../../kernel/lib/pmu/include \ No newline at end of file
diff --git a/lib/pmu/rules.mk b/lib/pmu/rules.mk new file mode 100644 index 0000000..b909c03 --- /dev/null +++ b/lib/pmu/rules.mk
@@ -0,0 +1,22 @@ +# Copyright (C) 2018 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +LOCAL_DIR := $(GET_LOCAL_DIR) + +MODULE := $(LOCAL_DIR) + +MODULE_EXPORT_INCLUDES += $(LOCAL_DIR)/include/ + +include make/library.mk
diff --git a/lib/unittest/rules.mk b/lib/unittest/rules.mk index b1f3223..afe50aa 100644 --- a/lib/unittest/rules.mk +++ b/lib/unittest/rules.mk
@@ -17,10 +17,10 @@ MODULE := $(LOCAL_DIR) -MODULE_SRCS := \ - $(LOCAL_DIR)/unittest.c +MODULE_SRCS := $(LOCAL_DIR)/unittest.c -MODULE_EXPORT_INCLUDES += $(LOCAL_DIR)/include/ +MODULE_EXPORT_INCLUDES += $(LOCAL_DIR)/include/ \ + $(LOCAL_DIR)/../pmu/include/ MODULE_LIBRARY_DEPS := \ trusty/user/base/interface/line-coverage \ @@ -28,5 +28,6 @@ trusty/user/base/lib/line-coverage \ trusty/user/base/lib/libc-trusty \ trusty/user/base/lib/tipc \ + trusty/user/base/lib/pmu include make/library.mk
diff --git a/make/library.mk b/make/library.mk index 6ca4795..dc8e6d8 100644 --- a/make/library.mk +++ b/make/library.mk
@@ -154,6 +154,11 @@ $(call INFO_DONE_SILENT,$(MODULE_RUST_LOG_NAME),processing) +else + +MODULE_RUST_TESTS := false +BUILD_AS_RUST_TEST_MODULE := + endif endif else # Not building rust test app
diff --git a/usertests-inc.mk b/usertests-inc.mk index 23d2300..c89420f 100644 --- a/usertests-inc.mk +++ b/usertests-inc.mk
@@ -34,8 +34,6 @@ trusty/user/base/lib/dlmalloc/test/srv \ trusty/user/base/app/metrics/test/crasher \ trusty/user/base/app/hwaes-unittest \ - trusty/user/base/app/hwaes-benchmark \ - trusty/user/base/app/swaes-benchmark \ trusty/user/base/lib/hwbcc/test \ trusty/user/base/lib/keymaster/test \ trusty/user/base/lib/libc-trusty/test \ @@ -47,6 +45,11 @@ trusty/user/base/app/cfi-test \ trusty/user/base/app/cfi-test/cfi-crasher \ +ifneq (true,$(call TOBOOL,$(UNITTEST_COVERAGE_ENABLED))) +TRUSTY_USER_TESTS += \ + trusty/user/base/app/hwaes-benchmark \ + trusty/user/base/app/swaes-benchmark +endif ifeq (false,$(call TOBOOL,$(CONFIRMATIONUI_DISABLED))) TRUSTY_USER_TESTS += \ @@ -86,6 +89,7 @@ trusty/user/base/app/apploader/tests/encryption_test_apps/encrypted_app/encryption_required \ trusty/user/base/app/apploader/tests/encryption_test_apps/unencrypted_app/encryption_optional \ trusty/user/base/app/apploader/tests/encryption_test_apps/unencrypted_app/encryption_required \ + trusty/user/base/app/apploader/tests/integrity_test_app \ TRUSTY_LOADABLE_USER_TESTS += \ trusty/user/base/app/trusty-crasher \