From eb644cfcbe8f383ab2995177151e88e64cf4de47 Mon Sep 17 00:00:00 2001 From: Rajesh Nyamagoud Date: Thu, 15 Dec 2022 03:50:52 +0000 Subject: [PATCH] Extending `AttestKeyTest#EcdsaAttestationID` test to use IMEI as attestation id. Get IMEI value from Telephony Service and use it as attestation id. Bug: 261847629 Test: atest VtsAidlKeyMintTargetTest Change-Id: I0212def48d761a45f514161e5576a954bf388c56 --- .../keymint/aidl/vts/functional/Android.bp | 1 + .../aidl/vts/functional/AttestKeyTest.cpp | 56 +++++++++++++++++++ 2 files changed, 57 insertions(+) diff --git a/security/keymint/aidl/vts/functional/Android.bp b/security/keymint/aidl/vts/functional/Android.bp index 58b0645664..26e91bd091 100644 --- a/security/keymint/aidl/vts/functional/Android.bp +++ b/security/keymint/aidl/vts/functional/Android.bp @@ -34,6 +34,7 @@ cc_defaults { "libbinder", "libbinder_ndk", "libcrypto", + "libbase", "packagemanager_aidl-cpp", ], static_libs: [ diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp index ea4ba1811c..970ae671ad 100644 --- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp @@ -15,6 +15,8 @@ */ #define LOG_TAG "keymint_1_attest_key_test" +#include +#include #include #include @@ -26,12 +28,61 @@ namespace aidl::android::hardware::security::keymint::test { namespace { +string TELEPHONY_CMD_GET_IMEI = "cmd phone get-imei "; bool IsSelfSigned(const vector& chain) { if (chain.size() != 1) return false; return ChainSignaturesAreValid(chain); } +/* + * Run a shell command and collect the output of it. If any error, set an empty string as the + * output. + */ +string exec_command(string command) { + char buffer[128]; + string result = ""; + + FILE* pipe = popen(command.c_str(), "r"); + if (!pipe) { + LOG(ERROR) << "popen failed."; + return result; + } + + // read till end of process: + while (!feof(pipe)) { + if (fgets(buffer, 128, pipe) != NULL) { + result += buffer; + } + } + + pclose(pipe); + return result; +} + +/* + * Get IMEI using Telephony service shell command. If any error while executing the command + * then empty string will be returned as output. + */ +string get_imei(int slot) { + string cmd = TELEPHONY_CMD_GET_IMEI + std::to_string(slot); + string output = exec_command(cmd); + + if (output.empty()) { + LOG(ERROR) << "Command failed. Cmd: " << cmd; + return ""; + } + + vector out = ::android::base::Tokenize(::android::base::Trim(output), "Device IMEI:"); + + if (out.size() != 1) { + LOG(ERROR) << "Error in parsing the command output. Cmd: " << cmd; + return ""; + } + + return ::android::base::Trim(out[0]); +} + } // namespace class AttestKeyTest : public KeyMintAidlTestBase { @@ -803,6 +854,11 @@ TEST_P(AttestKeyTest, EcdsaAttestationID) { "ro.product.manufacturer"); add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model"); + string imei = get_imei(0); + if (!imei.empty()) { + attestation_id_tags.Authorization(TAG_ATTESTATION_ID_IMEI, imei.data(), imei.size()); + } + for (const KeyParameter& tag : attestation_id_tags) { SCOPED_TRACE(testing::Message() << "+tag-" << tag); // Use attestation key to sign an ECDSA key, but include an attestation ID field.