Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 22:04:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
de13baae9eb9740e1e9ec406ecd417640d4e88cd
hardware_interfaces/security/keymint/support/fuzzer
History
Alice Wang f112ec92ee [vts] Verify RKP VM DICE chain in IRPC VTS 
This cl adds verifications to the IRPC VTS to check that:

- RKP VM DICE chains have a continuous presence of RKP VM markers
till the last DICE certificate.
- Non-RKP VM DICE chains do not have such continuous presence of
RKP VM markers.

Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Test: atest libkeymint_remote_prov_support_test
Bug: 314128697
Change-Id: Ib966b4bd584f1f931b7f19b4b58a1a37b5266f5e
2024-10-15 08:22:12 +00:00
..
Android.bp
Updated fuzz_config in Android.bp file
2024-07-16 16:17:20 +05:30
keymint_attestation_fuzzer.cpp
security: Remove unnecessary std::move
2024-08-14 01:56:18 +08:00
keymint_authSet_fuzzer.cpp
Added keymint_authSet_fuzzer
2024-05-13 23:47:19 +05:30
keymint_common.h
Added keymint_attestation_fuzzer
2024-05-13 23:46:36 +05:30
keymint_remote_prov_fuzzer.cpp
[vts] Verify RKP VM DICE chain in IRPC VTS
2024-10-15 08:22:12 +00:00
keymint_rkpsupport_fuzzer.cpp
Added keymint_rkpsupport_fuzzer
2024-07-03 15:07:54 +05:30
README.md
Added keymint_rkpsupport_fuzzer
2024-07-03 15:07:54 +05:30

README.md

Fuzzers for libkeymint_support

Plugin Design Considerations

The fuzzer plugins for libkeymint_support are designed based on the understanding of the source code and try to achieve the following:

Maximize code coverage

The configuration parameters are not hardcoded, but instead selected based on incoming data. This ensures more code paths are reached by the fuzzers.

Maximize utilization of input data

The plugins feed the entire input data to the module. This ensures that the plugins tolerate any kind of input (empty, huge, malformed, etc) and dont exit() on any input and thereby increasing the chance of identifying vulnerabilities.

Table of contents

Fuzzer for KeyMintAttestation

KeyMintAttestation supports the following parameters:

  1. PaddingMode(parameter name: "padding")
  2. Digest(parameter name: "digest")
  3. Index(parameter name: "idx")
  4. Timestamp(parameter name: "timestamp")
  5. AuthSet(parameter name: "authSet")
  6. IssuerSubjectName(parameter name: "issuerSubjectName")
  7. AttestationChallenge(parameter name: "challenge")
  8. AttestationApplicationId(parameter name: "id")
  9. EcCurve(parameter name: "ecCurve")
  10. BlockMode(parameter name: "blockmode")
  11. minMacLength(parameter name: "minMacLength")
  12. macLength(parameter name: "macLength")
Parameter Valid Values Configured Value
padding PaddingMode Value obtained from FuzzedDataProvider
digest Digest Value obtained from FuzzedDataProvider
idx size_t Value obtained from FuzzedDataProvider
timestamp uint64_t Value obtained from FuzzedDataProvider
authSet uint32_t Value obtained from FuzzedDataProvider
issuerSubjectName uint8_t Value obtained from FuzzedDataProvider
AttestationChallenge string Value obtained from FuzzedDataProvider
AttestationApplicationId string Value obtained from FuzzedDataProvider
blockmode BlockMode Value obtained from FuzzedDataProvider
minMacLength uint32_t Value obtained from FuzzedDataProvider
macLength uint32_t Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_attestation_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_attestation_fuzzer/keymint_attestation_fuzzer

Fuzzer for KeyMintAuthSet

KeyMintAuthSet supports the following parameters:

  1. AuthorizationSet(parameter name: "authSet")
  2. AuthorizationSet(parameter name: "params")
  3. KeyParameters(parameter name: "numKeyParam")
  4. Tag(parameter name: "tag")
Parameter Valid Values Configured Value
authSet AuthorizationSet Value obtained from FuzzedDataProvider
params AuthorizationSet Value obtained from FuzzedDataProvider
numKeyParam size_t Value obtained from FuzzedDataProvider
tag Tag Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_authSet_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_authSet_fuzzer/keymint_authSet_fuzzer

Fuzzer for KeyMintRemoteProv

KeyMintRemoteProv supports the following parameters:

  1. ChallengeSize(parameter name: "challengeSize")
  2. Challenge(parameter name: "challenge")
  3. NumKeys(parameter name: "numKeys")
Parameter Valid Values Configured Value
challengeSize uint8_t Value obtained from FuzzedDataProvider
challenge std::vector<uint8_t> Value obtained from FuzzedDataProvider
numKeys uint8_t Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_remote_prov_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_remote_prov_fuzzer/keymint_remote_prov_fuzzer

Fuzzer for KeyMintRemoteKeyProvSupport

KeyMintRemoteKeyProvSupport supports the following parameters:

  1. SupportedEekCurve(parameter name: "supportedEekCurve")
  2. Length(parameter name: "length")
  3. SerialNumberProp(parameter name: "serialNoProp")
  4. InstanceName(parameter name: "instanceName")
  5. Value(parameter name: "value")
Parameter Valid Values Configured Value
supportedEekCurve uint8_t Value obtained from FuzzedDataProvider
length uint8_t Value obtained from FuzzedDataProvider
serialNoProp string Value obtained from FuzzedDataProvider
instanceName string Value obtained from FuzzedDataProvider
value uint8_t Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) keymint_rkpsupport_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/keymint_rkpsupport_fuzzer/keymint_rkpsupport_fuzzer
Reference in New Issue View Git Blame Copy Permalink