Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-02 10:05:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
121fedaa46cadbc06142c3bda6c5e52d45d3c8d2
hardware_interfaces/security/authgraph/aidl/vts/functional/source.rs
David Drysdale 087ead1608 AuthGraph VTS: detect additional errors 
A failure to get the IAuthGraphKeyExchange/nonsecure instance might
be because it's not registered (likely on most non-Cuttlefish devices)
or it might be for some other reason, such as SELinux denial.

So detect other kinds of failure to get the service, and also change
the VTS to require root so SELinux denials don't happen.

Also tweak the expected return code when a source is given a corrupt
key; now that replay protection is implemented, the reference
implementation rejects this earlier (and with a different error)
because the session lookup fails.

Test: VtsAidlAuthGraphRoleTest
Bug: 291228560
Change-Id: I032600ac809f43a3642fa9ef9aae788d3ca2378f
2023-11-21 11:09:42 +00:00

263 lines
9.8 KiB
Rust
Raw Blame History

/*
* Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
//! VTS tests for sources
use super::*;
use authgraph_core::{key, keyexchange as ke};
/// Run AuthGraph tests against the provided source, using a local test sink implementation.
pub fn test(
local_sink: &mut ke::AuthGraphParticipant,
source: binder::Strong<dyn IAuthGraphKeyExchange>,
) {
test_mainline(local_sink, source.clone());
test_corrupt_sig(local_sink, source.clone());
test_corrupt_key(local_sink, source);
}
/// Perform mainline AuthGraph key exchange with the provided source.
/// Return the agreed AES keys in plaintext.
pub fn test_mainline(
local_sink: &mut ke::AuthGraphParticipant,
source: binder::Strong<dyn IAuthGraphKeyExchange>,
) -> [key::AesKey; 2] {
// Step 1: create an ephemeral ECDH key at the (remote) source.
let source_init_info = source
.create()
.expect("failed to create() with remote impl");
assert!(source_init_info.key.pubKey.is_some());
assert!(source_init_info.key.arcFromPBK.is_some());
let source_pub_key = extract_plain_pub_key(&source_init_info.key.pubKey);
// Step 2: pass the source's ECDH public key and other session info to the (local) sink.
let init_result = local_sink
.init(
&source_pub_key.plainPubKey,
&source_init_info.identity.identity,
&source_init_info.nonce,
source_init_info.version,
)
.expect("failed to init() with local impl");
let sink_init_info = init_result.session_init_info;
let sink_pub_key = sink_init_info
.ke_key
.pub_key
.expect("expect pub_key to be populated");
let sink_info = init_result.session_info;
assert!(!sink_info.session_id.is_empty());
// The AuthGraph core library will verify the session ID signature, but do it here too.
let sink_verification_key = key::Identity::from_slice(&sink_init_info.identity)
.expect("invalid identity CBOR")
.cert_chain
.root_key;
local_sink
.verify_signature_on_session_id(
&sink_verification_key,
&sink_info.session_id,
&sink_info.session_id_signature,
)
.expect("failed verification of signed session ID");
// Step 3: pass the sink's ECDH public key and other session info to the (remote) source, so it
// can calculate the same pair of symmetric keys.
let source_info = source
.finish(
&PubKey::PlainKey(PlainPubKey {
plainPubKey: sink_pub_key,
}),
&Identity {
identity: sink_init_info.identity,
},
&vec_to_signature(&sink_info.session_id_signature),
&sink_init_info.nonce,
sink_init_info.version,
&source_init_info.key,
)
.expect("failed to finish() with remote impl");
assert!(!source_info.sessionId.is_empty());
// The AuthGraph core library will verify the session ID signature, but do it here too.
let source_verification_key = local_sink
.peer_verification_key_from_identity(&source_init_info.identity.identity)
.expect("failed to get peer verification from identity");
local_sink
.verify_signature_on_session_id(
&source_verification_key,
&source_info.sessionId,
&source_info.signature.signature,
)
.expect("failed verification of signed session ID");
// Both ends should agree on the session ID.
assert_eq!(source_info.sessionId, sink_info.session_id);
// Step 4: pass the (remote) source's session ID signature back to the sink, so it can check it
// and update the symmetric keys so they're marked as authentication complete.
let sink_arcs = local_sink
.authentication_complete(&source_info.signature.signature, sink_info.shared_keys)
.expect("failed to authenticationComplete() with local sink");
// Decrypt and return the session keys.
let decrypted_shared_keys = local_sink
.decipher_shared_keys_from_arcs(&sink_arcs)
.expect("failed to decrypt shared key arcs")
.try_into();
let decrypted_shared_keys_array = match decrypted_shared_keys {
Ok(array) => array,
Err(_) => panic!("wrong number of decrypted shared key arcs"),
};
decrypted_shared_keys_array
}
/// Perform mainline AuthGraph key exchange with the provided source, but provide an invalid session
/// ID signature.
pub fn test_corrupt_sig(
local_sink: &mut ke::AuthGraphParticipant,
source: binder::Strong<dyn IAuthGraphKeyExchange>,
) {
// Step 1: create an ephemeral ECDH key at the (remote) source.
let source_init_info = source
.create()
.expect("failed to create() with remote impl");
assert!(source_init_info.key.pubKey.is_some());
assert!(source_init_info.key.arcFromPBK.is_some());
let source_pub_key = extract_plain_pub_key(&source_init_info.key.pubKey);
// Step 2: pass the source's ECDH public key and other session info to the (local) sink.
let init_result = local_sink
.init(
&source_pub_key.plainPubKey,
&source_init_info.identity.identity,
&source_init_info.nonce,
source_init_info.version,
)
.expect("failed to init() with local impl");
let sink_init_info = init_result.session_init_info;
let sink_pub_key = sink_init_info
.ke_key
.pub_key
.expect("expect pub_key to be populated");
let sink_info = init_result.session_info;
assert!(!sink_info.session_id.is_empty());
// Deliberately corrupt the sink's session ID signature.
let mut corrupt_signature = sink_info.session_id_signature.clone();
let sig_len = corrupt_signature.len();
corrupt_signature[sig_len - 1] ^= 0x01;
// Step 3: pass the sink's ECDH public key and other session info to the (remote) source, so it
// can calculate the same pair of symmetric keys.
let result = source.finish(
&PubKey::PlainKey(PlainPubKey {
plainPubKey: sink_pub_key,
}),
&Identity {
identity: sink_init_info.identity,
},
&vec_to_signature(&corrupt_signature),
&sink_init_info.nonce,
sink_init_info.version,
&source_init_info.key,
);
let err = result.expect_err("expect failure with corrupt signature");
assert_eq!(
err,
binder::Status::new_service_specific_error(Error::INVALID_SIGNATURE.0, None)
);
}
/// Perform mainline AuthGraph key exchange with the provided source, but give it back
/// a corrupted key.
pub fn test_corrupt_key(
local_sink: &mut ke::AuthGraphParticipant,
source: binder::Strong<dyn IAuthGraphKeyExchange>,
) {
// Step 1: create an ephemeral ECDH key at the (remote) source.
let source_init_info = source
.create()
.expect("failed to create() with remote impl");
assert!(source_init_info.key.pubKey.is_some());
assert!(source_init_info.key.arcFromPBK.is_some());
let source_pub_key = extract_plain_pub_key(&source_init_info.key.pubKey);
// Step 2: pass the source's ECDH public key and other session info to the (local) sink.
let init_result = local_sink
.init(
&source_pub_key.plainPubKey,
&source_init_info.identity.identity,
&source_init_info.nonce,
source_init_info.version,
)
.expect("failed to init() with local impl");
let sink_init_info = init_result.session_init_info;
let sink_pub_key = sink_init_info
.ke_key
.pub_key
.expect("expect pub_key to be populated");
let sink_info = init_result.session_info;
assert!(!sink_info.session_id.is_empty());
// The AuthGraph core library will verify the session ID signature, but do it here too.
let sink_verification_key = key::Identity::from_slice(&sink_init_info.identity)
.expect("invalid identity CBOR")
.cert_chain
.root_key;
local_sink
.verify_signature_on_session_id(
&sink_verification_key,
&sink_info.session_id,
&sink_info.session_id_signature,
)
.expect("failed verification of signed session ID");
// Deliberately corrupt the source's encrypted key.
let mut corrupt_key = source_init_info.key.clone();
match &mut corrupt_key.arcFromPBK {
Some(a) => {
let len = a.arc.len();
a.arc[len - 1] ^= 0x01;
}
None => panic!("no arc data"),
}
// Step 3: pass the sink's ECDH public key and other session info to the (remote) source, but
// give it back a corrupted version of its own key.
let result = source.finish(
&PubKey::PlainKey(PlainPubKey {
plainPubKey: sink_pub_key,
}),
&Identity {
identity: sink_init_info.identity,
},
&vec_to_signature(&sink_info.session_id_signature),
&sink_init_info.nonce,
sink_init_info.version,
&corrupt_key,
);
let err = result.expect_err("expect failure with corrupt key");
assert!(
err == binder::Status::new_service_specific_error(Error::INVALID_KE_KEY.0, None)
|| err
== binder::Status::new_service_specific_error(
Error::INVALID_PRIV_KEY_ARC_IN_KEY.0,
None
)
);
}
Reference in New Issue View Git Blame Copy Permalink