Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-02 20:24:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
066011258324d00a4d446faffee2cb68052ecc73
hardware_interfaces/security/keymint/support/fuzzer
History
Sean Thomas 2d2385bca3 Refactor function signatures to remove mocked IRPC 
Test: atest libkeymint_remote_prov_support_test
      atest VtsHalRemotelyProvisionedComponentTargetTest

Change-Id: I8dd47bca149bcef244c223f8e94d3965deb13f13
2024-11-12 17:42:56 +00:00
..
Android.bp
Updated fuzz_config in Android.bp file
2024-07-16 16:17:20 +05:30
keymint_attestation_fuzzer.cpp
security: Remove unnecessary std::move
2024-08-14 01:56:18 +08:00
keymint_authSet_fuzzer.cpp
Added keymint_authSet_fuzzer
2024-05-13 23:47:19 +05:30
keymint_common.h
Added keymint_attestation_fuzzer
2024-05-13 23:46:36 +05:30
keymint_remote_prov_fuzzer.cpp
Refactor function signatures to remove mocked IRPC
2024-11-12 17:42:56 +00:00
keymint_rkpsupport_fuzzer.cpp
Added keymint_rkpsupport_fuzzer
2024-07-03 15:07:54 +05:30
README.md
Added keymint_rkpsupport_fuzzer
2024-07-03 15:07:54 +05:30

README.md

Fuzzers for libkeymint_support

Plugin Design Considerations

The fuzzer plugins for libkeymint_support are designed based on the understanding of the source code and try to achieve the following:

Maximize code coverage

The configuration parameters are not hardcoded, but instead selected based on incoming data. This ensures more code paths are reached by the fuzzers.

Maximize utilization of input data

The plugins feed the entire input data to the module. This ensures that the plugins tolerate any kind of input (empty, huge, malformed, etc) and dont exit() on any input and thereby increasing the chance of identifying vulnerabilities.

Table of contents

Fuzzer for KeyMintAttestation

KeyMintAttestation supports the following parameters:

  1. PaddingMode(parameter name: "padding")
  2. Digest(parameter name: "digest")
  3. Index(parameter name: "idx")
  4. Timestamp(parameter name: "timestamp")
  5. AuthSet(parameter name: "authSet")
  6. IssuerSubjectName(parameter name: "issuerSubjectName")
  7. AttestationChallenge(parameter name: "challenge")
  8. AttestationApplicationId(parameter name: "id")
  9. EcCurve(parameter name: "ecCurve")
  10. BlockMode(parameter name: "blockmode")
  11. minMacLength(parameter name: "minMacLength")
  12. macLength(parameter name: "macLength")
Parameter Valid Values Configured Value
padding PaddingMode Value obtained from FuzzedDataProvider
digest Digest Value obtained from FuzzedDataProvider
idx size_t Value obtained from FuzzedDataProvider
timestamp uint64_t Value obtained from FuzzedDataProvider
authSet uint32_t Value obtained from FuzzedDataProvider
issuerSubjectName uint8_t Value obtained from FuzzedDataProvider
AttestationChallenge string Value obtained from FuzzedDataProvider
AttestationApplicationId string Value obtained from FuzzedDataProvider
blockmode BlockMode Value obtained from FuzzedDataProvider
minMacLength uint32_t Value obtained from FuzzedDataProvider
macLength uint32_t Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_attestation_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_attestation_fuzzer/keymint_attestation_fuzzer

Fuzzer for KeyMintAuthSet

KeyMintAuthSet supports the following parameters:

  1. AuthorizationSet(parameter name: "authSet")
  2. AuthorizationSet(parameter name: "params")
  3. KeyParameters(parameter name: "numKeyParam")
  4. Tag(parameter name: "tag")
Parameter Valid Values Configured Value
authSet AuthorizationSet Value obtained from FuzzedDataProvider
params AuthorizationSet Value obtained from FuzzedDataProvider
numKeyParam size_t Value obtained from FuzzedDataProvider
tag Tag Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_authSet_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_authSet_fuzzer/keymint_authSet_fuzzer

Fuzzer for KeyMintRemoteProv

KeyMintRemoteProv supports the following parameters:

  1. ChallengeSize(parameter name: "challengeSize")
  2. Challenge(parameter name: "challenge")
  3. NumKeys(parameter name: "numKeys")
Parameter Valid Values Configured Value
challengeSize uint8_t Value obtained from FuzzedDataProvider
challenge std::vector<uint8_t> Value obtained from FuzzedDataProvider
numKeys uint8_t Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_remote_prov_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_remote_prov_fuzzer/keymint_remote_prov_fuzzer

Fuzzer for KeyMintRemoteKeyProvSupport

KeyMintRemoteKeyProvSupport supports the following parameters:

  1. SupportedEekCurve(parameter name: "supportedEekCurve")
  2. Length(parameter name: "length")
  3. SerialNumberProp(parameter name: "serialNoProp")
  4. InstanceName(parameter name: "instanceName")
  5. Value(parameter name: "value")
Parameter Valid Values Configured Value
supportedEekCurve uint8_t Value obtained from FuzzedDataProvider
length uint8_t Value obtained from FuzzedDataProvider
serialNoProp string Value obtained from FuzzedDataProvider
instanceName string Value obtained from FuzzedDataProvider
value uint8_t Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_rkpsupport_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_rkpsupport_fuzzer/keymint_rkpsupport_fuzzer
Reference in New Issue View Git Blame Copy Permalink