Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-03 08:25:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c8452d57a052d40b274aff3e98c0d3886f85e3c1
hardware_interfaces/security/keymint/support/fuzzer
History
Akhilesh Sanikop 0e568bc8e5 Added keymint_authSet_fuzzer 
exec/s: 490
Test: ./keymint_authSet_fuzzer
Bug: 337985606

Change-Id: I47ee42e6e97b98110bab8f923a94ed7b6e8b992d
2024-05-13 23:47:19 +05:30
..
Android.bp
Added keymint_authSet_fuzzer
2024-05-13 23:47:19 +05:30
keymint_attestation_fuzzer.cpp
Added keymint_attestation_fuzzer
2024-05-13 23:46:36 +05:30
keymint_authSet_fuzzer.cpp
Added keymint_authSet_fuzzer
2024-05-13 23:47:19 +05:30
keymint_common.h
Added keymint_attestation_fuzzer
2024-05-13 23:46:36 +05:30
README.md
Added keymint_authSet_fuzzer
2024-05-13 23:47:19 +05:30

README.md

Fuzzers for libkeymint_support

Plugin Design Considerations

The fuzzer plugins for libkeymint_support are designed based on the understanding of the source code and try to achieve the following:

Maximize code coverage

The configuration parameters are not hardcoded, but instead selected based on incoming data. This ensures more code paths are reached by the fuzzers.

Maximize utilization of input data

The plugins feed the entire input data to the module. This ensures that the plugins tolerate any kind of input (empty, huge, malformed, etc) and dont exit() on any input and thereby increasing the chance of identifying vulnerabilities.

Table of contents

Fuzzer for KeyMintAttestation

KeyMintAttestation supports the following parameters:

  1. PaddingMode(parameter name: "padding")
  2. Digest(parameter name: "digest")
  3. Index(parameter name: "idx")
  4. Timestamp(parameter name: "timestamp")
  5. AuthSet(parameter name: "authSet")
  6. IssuerSubjectName(parameter name: "issuerSubjectName")
  7. AttestationChallenge(parameter name: "challenge")
  8. AttestationApplicationId(parameter name: "id")
  9. EcCurve(parameter name: "ecCurve")
  10. BlockMode(parameter name: "blockmode")
  11. minMacLength(parameter name: "minMacLength")
  12. macLength(parameter name: "macLength")
Parameter Valid Values Configured Value
padding PaddingMode Value obtained from FuzzedDataProvider
digest Digest Value obtained from FuzzedDataProvider
idx size_t Value obtained from FuzzedDataProvider
timestamp uint64_t Value obtained from FuzzedDataProvider
authSet uint32_t Value obtained from FuzzedDataProvider
issuerSubjectName uint8_t Value obtained from FuzzedDataProvider
AttestationChallenge string Value obtained from FuzzedDataProvider
AttestationApplicationId string Value obtained from FuzzedDataProvider
blockmode BlockMode Value obtained from FuzzedDataProvider
minMacLength uint32_t Value obtained from FuzzedDataProvider
macLength uint32_t Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_attestation_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_attestation_fuzzer/keymint_attestation_fuzzer

Fuzzer for KeyMintAuthSet

KeyMintAuthSet supports the following parameters:

  1. AuthorizationSet(parameter name: "authSet")
  2. AuthorizationSet(parameter name: "params")
  3. KeyParameters(parameter name: "numKeyParam")
  4. Tag(parameter name: "tag")
Parameter Valid Values Configured Value
authSet AuthorizationSet Value obtained from FuzzedDataProvider
params AuthorizationSet Value obtained from FuzzedDataProvider
numKeyParam size_t Value obtained from FuzzedDataProvider
tag Tag Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_authSet_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_authSet_fuzzer/keymint_authSet_fuzzer
Reference in New Issue View Git Blame Copy Permalink