diff options
author | Shawn Willden <swillden@google.com> | 2015-10-26 13:27:50 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2015-10-26 13:27:50 +0000 |
commit | 5c0e13490a6035296333e942623b40e23bebc110 (patch) | |
tree | 835a98ea843542ed053a665f303be5fad04dd2fe | |
parent | c015fb20d730e4b9b5b1b66ec8a8c44eaea4d43f (diff) | |
parent | d91cf18037763a129c0fac2dedcf3f4d15928e17 (diff) | |
download | security-5c0e13490a6035296333e942623b40e23bebc110.tar.gz |
Merge "Revive test script for keystore" am: 91e439b0e8
am: d91cf18037
* commit 'd91cf18037763a129c0fac2dedcf3f4d15928e17':
Revive test script for keystore
-rw-r--r-- | keystore/keystore_cli.cpp | 62 | ||||
-rwxr-xr-x | keystore/test-keystore | 238 |
2 files changed, 185 insertions, 115 deletions
diff --git a/keystore/keystore_cli.cpp b/keystore/keystore_cli.cpp index a3088e4c..34f1d9c1 100644 --- a/keystore/keystore_cli.cpp +++ b/keystore/keystore_cli.cpp @@ -104,7 +104,7 @@ static const char* responses[] = { int uid = -1; \ if (argc > 3) { \ uid = atoi(argv[3]); \ - fprintf(stderr, "Running as uid %d\n", uid); \ + fprintf(stderr, "Working with uid %d\n", uid); \ } \ int32_t ret = service->cmd(String16(argv[2]), uid); \ if (ret < 0) { \ @@ -117,17 +117,28 @@ static const char* responses[] = { } \ } while (0) -#define STING_ARG_DATA_STDIN_INT_RETURN(cmd) \ +#define STING_ARG_DATA_STDIN_PLUS_UID_PLUS_FLAGS_INT_RETURN(cmd) \ do { \ if (strcmp(argv[1], #cmd) == 0) { \ if (argc < 3) { \ - fprintf(stderr, "Usage: %s " #cmd " <name>\n", argv[0]); \ + fprintf(stderr, "Usage: %s " #cmd " <name> [<uid>, <flags>]\n", argv[0]); \ return 1; \ } \ uint8_t* data; \ size_t dataSize; \ read_input(&data, &dataSize); \ - int32_t ret = service->cmd(String16(argv[2]), data, dataSize); \ + int uid = -1; \ + if (argc > 3) { \ + uid = atoi(argv[3]); \ + fprintf(stderr, "Working with uid %d\n", uid); \ + } \ + int32_t flags = 0; \ + if (argc > 4) { \ + flags = int32_t(atoi(argv[4])); \ + fprintf(stderr, "Using flags %04x\n", flags); \ + } \ + int32_t ret = service->cmd(String16(argv[2]), data, dataSize, uid, flags); \ + free(data); \ if (ret < 0) { \ fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ return 1; \ @@ -151,14 +162,16 @@ static const char* responses[] = { if (ret < 0) { \ fprintf(stderr, "%s: could not connect: %d\n", argv[0], ret); \ return 1; \ - } else if (ret != ::NO_ERROR) { \ + } else if (ret) { \ fprintf(stderr, "%s: " #cmd ": %s (%d)\n", argv[0], responses[ret], ret); \ return 1; \ - } else { \ + } else if (dataSize) { \ fwrite(data, dataSize, 1, stdout); \ fflush(stdout); \ free(data); \ return 0; \ + } else { \ + return 1; \ } \ } \ } while (0) @@ -181,6 +194,39 @@ static int list(sp<IKeystoreService> service, const String16& name, int uid) { } } +#define BUF_SIZE 1024 +static void read_input(uint8_t** data, size_t* dataSize) { + char buffer[BUF_SIZE]; + size_t contentSize = 0; + char *content = (char *) malloc(sizeof(char) * BUF_SIZE); + + if (content == NULL) { + fprintf(stderr, "read_input: failed to allocate content"); + exit(1); + } + content[0] = '\0'; + while (fgets(buffer, BUF_SIZE, stdin)) { + char *old = content; + contentSize += strlen(buffer); + content = (char *) realloc(content, contentSize); + if (content == NULL) { + fprintf(stderr, "read_input: failed to reallocate content."); + free(old); + exit(1); + } + strcat(content, buffer); + } + + if (ferror(stdin)) { + free(content); + fprintf(stderr, "read_input: error reading from stdin."); + exit(1); + } + + *data = (uint8_t*) content; + *dataSize = contentSize; +} + int main(int argc, char* argv[]) { if (argc < 2) { @@ -205,7 +251,7 @@ int main(int argc, char* argv[]) SINGLE_ARG_DATA_RETURN(get); - // TODO: insert + STING_ARG_DATA_STDIN_PLUS_UID_PLUS_FLAGS_INT_RETURN(insert); SINGLE_ARG_PLUS_UID_INT_RETURN(del); @@ -230,7 +276,7 @@ int main(int argc, char* argv[]) SINGLE_ARG_DATA_RETURN(get_pubkey); - // TODO: grant + SINGLE_ARG_PLUS_UID_INT_RETURN(grant); // TODO: ungrant diff --git a/keystore/test-keystore b/keystore/test-keystore index 3be51b3e..071cfcd0 100755 --- a/keystore/test-keystore +++ b/keystore/test-keystore @@ -44,7 +44,7 @@ function append() { function run() { # strip out carriage returns from adb # strip out date/time from ls -l - "$@" | tr --delete '\r' | sed -E 's/[0-9]{4}-[0-9]{2}-[0-9]{2} +[0-9]{1,2}:[0-9]{2} //' >> $log_file + "$@" | tr -d '\r' | sed -E 's/[0-9]{4}-[0-9]{2}-[0-9]{2} +[0-9]{1,2}:[0-9]{2} //' >> $log_file } function keystore() { @@ -53,8 +53,15 @@ function keystore() { run adb shell su $user keystore_cli "$@" } +function keystore_in() { + declare -r user=$1 + declare -r input=$2 + shift; shift + run adb shell "echo '$input' | su $user keystore_cli $@" +} + function list_keystore_directory() { - run adb shell ls -al /data/misc/keystore + run adb shell ls -al /data/misc/keystore$@ } function compare() { @@ -68,195 +75,211 @@ function test_basic() { # reset # log "reset keystore as system user" - keystore system r - expect "1 No error" + keystore system reset + expect "reset: No error (1)" list_keystore_directory + expect "-rw------- keystore keystore 4 .metadata" + expect "drwx------ keystore keystore user_0" # # basic tests as system/root # log "root does not have permission to run test" - keystore root t - expect "6 Permission denied" - + keystore root test + expect "test: Permission denied (6)" + log "but system user does" - keystore system t - expect "3 Uninitialized" + keystore system test + expect "test: Uninitialized (3)" list_keystore_directory + expect "-rw------- keystore keystore 4 .metadata" + expect "drwx------ keystore keystore user_0" log "password is now bar" - keystore system p bar - expect "1 No error" - list_keystore_directory + keystore system password bar + expect "password: No error (1)" + list_keystore_directory /user_0 expect "-rw------- keystore keystore 84 .masterkey" - + log "no error implies initialized and unlocked" - keystore system t - expect "1 No error" - + keystore system test + expect "test: No error (1)" + log "saw with no argument" - keystore system s - expect "5 Protocol error" + keystore system saw log "saw nothing" - keystore system s "" - expect "1 No error" + keystore system saw "" log "add key baz" - keystore system i baz quux - expect "1 No error" + keystore_in system quux insert baz + expect "insert: No error (1)" log "1000 is uid of system" - list_keystore_directory + list_keystore_directory /user_0 expect "-rw------- keystore keystore 84 .masterkey" expect "-rw------- keystore keystore 52 1000_baz" log "saw baz" - keystore system s "" - expect "1 No error" + keystore system saw expect "baz" log "get baz" - keystore system g baz - expect "1 No error" + keystore system get baz expect "quux" log "root can read system user keys (as can wifi or vpn users)" - keystore root g baz - expect "1 No error" + keystore root get baz expect "quux" # # app user tests # - # app_0 has uid 10000, as seen below + # u0_a0 has uid 10000, as seen below log "other uses cannot see the system keys" - keystore app_0 g baz - expect "7 Key not found" - + keystore u0_a0 get baz + log "app user cannot use reset, password, lock, unlock" - keystore app_0 r - expect "6 Permission denied" - keystore app_0 p - expect "6 Permission denied" - keystore app_0 l - expect "6 Permission denied" - keystore app_0 u - expect "6 Permission denied" - - log "install app_0 key" - keystore app_0 i 0x deadbeef - expect 1 No error - list_keystore_directory + keystore u0_a0 reset + expect "reset: Permission denied (6)" + keystore u0_a0 password some_pass + expect "password: Permission denied (6)" + keystore u0_a0 lock + expect "lock: Permission denied (6)" + keystore u0_a0 unlock some_pass + expect "unlock: Permission denied (6)" + + log "install u0_a0 key" + keystore_in u0_a0 deadbeef insert 0x + expect "insert: No error (1)" + list_keystore_directory /user_0 expect "-rw------- keystore keystore 84 .masterkey" expect "-rw------- keystore keystore 52 10000_0x" expect "-rw------- keystore keystore 52 1000_baz" log "get with no argument" - keystore app_0 g - expect "5 Protocol error" - - keystore app_0 g 0x - expect "1 No error" + keystore u0_a0 get + expect "Usage: keystore_cli get <name>" + + log "few get tests for an app" + keystore u0_a0 get 0x expect "deadbeef" - - keystore app_0 i fred barney - expect "1 No error" - - keystore app_0 s "" - expect "1 No error" + + keystore_in u0_a0 barney insert fred + expect "insert: No error (1)" + + keystore u0_a0 saw expect "0x" expect "fred" log "note that saw returns the suffix of prefix matches" - keystore app_0 s fr # fred - expect "1 No error" + keystore u0_a0 saw fr # fred expect "ed" # fred # # lock tests # log "lock the store as system" - keystore system l - expect "1 No error" - keystore system t - expect "2 Locked" - + keystore system lock + expect "lock: No error (1)" + keystore system test + expect "test: Locked (2)" + log "saw works while locked" - keystore app_0 s "" - expect "1 No error" + keystore u0_a0 saw expect "0x" expect "fred" - log "...but cannot read keys..." - keystore app_0 g 0x - expect "2 Locked" - - log "...but they can be deleted." - keystore app_0 e 0x - expect "1 No error" - keystore app_0 d 0x - expect "1 No error" - keystore app_0 e 0x - expect "7 Key not found" + log "...and app can read keys..." + keystore u0_a0 get 0x + expect "deadbeef" + + log "...but they cannot be deleted." + keystore u0_a0 exist 0x + expect "exist: No error (1)" + keystore u0_a0 del_key 0x + expect "del_key: Key not found (7)" # # password # log "wrong password" - keystore system u foo - expect "13 Wrong password (4 tries left)" + keystore system unlock foo + expect "unlock: Wrong password (4 tries left) (13)" log "right password" - keystore system u bar - expect "1 No error" - + keystore system unlock bar + expect "unlock: No error (1)" + log "make the password foo" - keystore system p foo - expect "1 No error" - + keystore system password foo + expect "password: No error (1)" + # # final reset # log "reset wipes everything for all users" - keystore system r - expect "1 No error" + keystore system reset + expect "reset: No error (1)" list_keystore_directory - - keystore system t - expect "3 Uninitialized" + expect "-rw------- keystore keystore 4 .metadata" + expect "drwx------ keystore keystore user_0" + list_keystore_directory /user_0 + + keystore system test + expect "test: Uninitialized (3)" +} +function test_grant() { + log "test granting" + keystore system reset + expect "reset: No error (1)" + keystore system password test_pass + expect "password: No error (1)" + + keystore_in system granted_key_value insert granted_key + expect "insert: No error (1)" + + # Cannot read before grant. + keystore u10_a0 get granted_key + + # Grant and read. + log "System grants to u0_a1" + keystore system grant granted_key 10001 + expect "Working with uid 10001" + expect "grant: No error (1)" + keystore u0_a1 get 1000_granted_key + expect "granted_key_value" } function test_4599735() { # http://b/4599735 log "start regression test for b/4599735" - keystore system r - expect "1 No error" + keystore system reset + expect "reset: No error (1)" + list_keystore_directory /user_0 - keystore system p foo - expect "1 No error" + keystore system password foo + expect "password: No error (1)" - keystore system i baz quux - expect "1 No error" - - keystore root g baz - expect "1 No error" + keystore_in system quux insert baz + expect "insert: No error (1)" + + keystore root get baz expect "quux" - keystore system l - expect "1 No error" + keystore system lock + expect "lock: No error (1)" - keystore system p foo - expect "1 No error" + keystore system password foo + expect "password: No error (1)" log "after unlock, regression led to result of '8 Value corrupted'" - keystore root g baz - expect "1 No error" + keystore root get baz expect "quux" - keystore system r - expect "1 No error" + keystore system reset + expect "reset: No error (1)" log "end regression test for b/4599735" } @@ -265,6 +288,7 @@ function main() { log $tag START test_basic test_4599735 + test_grant compare log $tag PASSED cleanup_output |