VtsKernelEncryptionTest: fix wrapped key tests and test adding corrupted key am: 7c2b88b5b7 am: c0452de443

Original change: https://android-review.googlesource.com/c/platform/test/vts-testcase/kernel/+/1326333 Change-Id: Ide8222564a946a9f38ca22f990e3a6b4da403d33
author: Gaurav Kashyap <quic_gaurkash@quicinc.com> 2020-06-20 03:35:25 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2020-06-20 03:35:25 +0000
commit: a0b590e742aa17c1be6bdd37ba42ed539cf66f78 (patch)
tree: 7ff26c0ff22a7ef339457747570e4b4bdd6ade0e
parent: 82b37a8c0393f3369c5479a16c9fb54f1193c9b4 (diff)
parent: c0452de4436ebd0ba4b736195645c2be2d045a85 (diff)
download: platform_test_vts-testcase_kernel-a0b590e742aa17c1be6bdd37ba42ed539cf66f78.tar.gz
platform_test_vts-testcase_kernel-a0b590e742aa17c1be6bdd37ba42ed539cf66f78.tar.bz2
platform_test_vts-testcase_kernel-a0b590e742aa17c1be6bdd37ba42ed539cf66f78.zip
3 files changed, 64 insertions, 23 deletions
diff --git a/encryption/file_based_encryption_tests.cpp b/encryption/file_based_encryption_tests.cpp
index 0120eed7..b57b94bc 100644
--- a/encryption/file_based_encryption_tests.cpp
+++ b/encryption/file_based_encryption_tests.cpp
@@ -438,10 +438,7 @@ bool FBEPolicyTest::SetMasterKey(const std::vector<uint8_t> &master_key,
     return false;
   }
   if (ioctl(mntfd, FS_IOC_ADD_ENCRYPTION_KEY, arg.get()) != 0) {
-    if ((errno == EINVAL || errno == EOPNOTSUPP) && !required) {
-      GTEST_LOG_(INFO) << "Skipping test because FS_IOC_ADD_ENCRYPTION_KEY "
-                       << "with this key is unsupported" << Errno();
-    } else {
+    if (required || (errno != EINVAL && errno != EOPNOTSUPP)) {
       ADD_FAILURE() << "FS_IOC_ADD_ENCRYPTION_KEY failed on " << kTestMountpoint
                     << Errno();
     }
@@ -466,15 +463,16 @@ bool FBEPolicyTest::CreateAndSetHwWrappedKey(std::vector<uint8_t> *enc_key,
   std::vector<uint8_t> master_key, exported_key;
   if (!CreateHwWrappedKey(&master_key, &exported_key)) return false;
 
-  // If this fails, it just means fscrypt doesn't have support for hardware
-  // wrapped keys, which is OK.
-  if (!SetMasterKey(exported_key, __FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED, false))
+  if (!SetMasterKey(exported_key, __FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED, false)) {
+    if (!HasFailure()) {
+      GTEST_LOG_(INFO) << "Skipping test because kernel doesn't support "
+                          "hardware-wrapped keys";
+    }
     return false;
+  }
 
   if (!DeriveHwWrappedEncryptionKey(master_key, enc_key)) return false;
-
-  // FIXME: placeholder value.  Derive this correctly.
-  *sw_secret = std::vector<uint8_t>(32, 0);
+  if (!DeriveHwWrappedRawSecret(master_key, sw_secret)) return false;
 
   if (!VerifyKeyIdentifier(*sw_secret)) return false;
 
@@ -1002,6 +1000,22 @@ TEST_F(FBEPolicyTest, TestAdiantumPolicy) {
   VerifyCiphertext(enc_key, iv, AdiantumCipher(), file_info);
 }
 
+// Tests adding a corrupted wrapped key to fscrypt keyring.
+// If wrapped key is corrupted, fscrypt should return a failure.
+TEST_F(FBEPolicyTest, TestHwWrappedKeyCorruption) {
+  if (skip_test_) return;
+
+  std::vector<uint8_t> master_key, exported_key;
+  if (!CreateHwWrappedKey(&master_key, &exported_key)) return;
+
+  for (int i = 0; i < exported_key.size(); i++) {
+    std::vector<uint8_t> corrupt_key(exported_key.begin(), exported_key.end());
+    corrupt_key[i] = ~corrupt_key[i];
+    ASSERT_FALSE(
+        SetMasterKey(corrupt_key, __FSCRYPT_ADD_KEY_FLAG_HW_WRAPPED, false));
+  }
+}
+
 // Tests that if the device uses FBE, then the ciphertext for file contents in
 // encrypted directories seems to be random.
 //
diff --git a/encryption/utils.cpp b/encryption/utils.cpp
index 1956d0a1..03a46bfc 100644
--- a/encryption/utils.cpp
+++ b/encryption/utils.cpp
@@ -379,6 +379,27 @@ static void GetFixedInputString(uint32_t counter,
   PushBigEndian32(derived_key_len, fixed_input_string);
 }
 
+static bool AesCmacKdfHelper(const std::vector<uint8_t> &key,
+                             const std::vector<uint8_t> &label,
+                             const std::vector<uint8_t> &context,
+                             uint32_t output_key_size,
+                             std::vector<uint8_t> *output_data) {
+  output_data->resize(output_key_size);
+  for (size_t count = 0; count < (output_key_size / kAesBlockSize); count++) {
+    std::vector<uint8_t> fixed_input_string;
+    GetFixedInputString(count + 1, label, context, (output_key_size * 8),
+                        &fixed_input_string);
+    if (!AES_CMAC(output_data->data() + (kAesBlockSize * count), key.data(),
+                  key.size(), fixed_input_string.data(),
+                  fixed_input_string.size())) {
+      ADD_FAILURE()
+          << "AES_CMAC failed while deriving subkey from HW wrapped key";
+      return false;
+    }
+  }
+  return true;
+}
+
 bool DeriveHwWrappedEncryptionKey(const std::vector<uint8_t> &master_key,
                                   std::vector<uint8_t> *enc_key) {
   std::vector<uint8_t> label{0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
@@ -392,19 +413,22 @@ bool DeriveHwWrappedEncryptionKey(const std::vector<uint8_t> &master_key,
       0x00, 0x00, 0x00, 0x02, 0x43, 0x00, 0x82, 0x50,
       0x0,  0x0,  0x0,  0x0};
 
-  enc_key->resize(kAes256XtsKeySize);
-  for (size_t count = 0; count < (kAes256XtsKeySize / kAesBlockSize); count++) {
-    std::vector<uint8_t> fixed_input_string;
-    GetFixedInputString(count + 1, label, context, (kAes256XtsKeySize * 8),
-                        &fixed_input_string);
-    if (!AES_CMAC(enc_key->data() + (kAesBlockSize * count), master_key.data(),
-                  master_key.size(), fixed_input_string.data(),
-                  fixed_input_string.size())) {
-      ADD_FAILURE() << "AES_CMAC failed while deriving inline encryption key";
-      return false;
-    }
-  }
-  return true;
+  return AesCmacKdfHelper(master_key, label, context, kAes256XtsKeySize,
+                          enc_key);
+}
+
+bool DeriveHwWrappedRawSecret(const std::vector<uint8_t> &master_key,
+                              std::vector<uint8_t> *secret) {
+  std::vector<uint8_t> label{0x00, 0x00, 0x40, 0x00, 0x00, 0x00,
+                             0x00, 0x00, 0x00, 0x00, 0x20};
+  // Context in fixed input string comprises of software provided context,
+  // padding to eight bytes (if required) and the key policy.
+  std::vector<uint8_t> context = {'r',  'a',  'w',  ' ',  's',  'e',  'c',
+                                  'r',  'e',  't',  0x0,  0x0,  0x0,  0x0,
+                                  0x0,  0x0,  0x00, 0x00, 0x00, 0x02, 0x17,
+                                  0x00, 0x80, 0x50, 0x0,  0x0,  0x0,  0x0};
+
+  return AesCmacKdfHelper(master_key, label, context, kAes256KeySize, secret);
 }
 
 }  // namespace kernel
diff --git a/encryption/vts_kernel_encryption.h b/encryption/vts_kernel_encryption.h
index f2e325f5..f335c84b 100644
--- a/encryption/vts_kernel_encryption.h
+++ b/encryption/vts_kernel_encryption.h
@@ -97,5 +97,8 @@ bool CreateHwWrappedKey(std::vector<uint8_t> *master_key,
 
 bool DeriveHwWrappedEncryptionKey(const std::vector<uint8_t> &master_key,
                                   std::vector<uint8_t> *enc_key);
+
+bool DeriveHwWrappedRawSecret(const std::vector<uint8_t> &master_key,
+                              std::vector<uint8_t> *secret);
 }  // namespace kernel
 }  // namespace android
author	Gaurav Kashyap <quic_gaurkash@quicinc.com>	2020-06-20 03:35:25 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2020-06-20 03:35:25 +0000
commit	a0b590e742aa17c1be6bdd37ba42ed539cf66f78 (patch)
tree	7ff26c0ff22a7ef339457747570e4b4bdd6ade0e
parent	82b37a8c0393f3369c5479a16c9fb54f1193c9b4 (diff)
parent	c0452de4436ebd0ba4b736195645c2be2d045a85 (diff)
download	platform_test_vts-testcase_kernel-a0b590e742aa17c1be6bdd37ba42ed539cf66f78.tar.gz platform_test_vts-testcase_kernel-a0b590e742aa17c1be6bdd37ba42ed539cf66f78.tar.bz2 platform_test_vts-testcase_kernel-a0b590e742aa17c1be6bdd37ba42ed539cf66f78.zip