Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / fe584fb317bc7e22d88c97629679a875ee5d9433^! / .
commitfe584fb317bc7e22d88c97629679a875ee5d9433[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Mon Apr 23 08:56:16 2018 -0700
committerJanis Danisevskis <jdanis@google.com>Thu Apr 26 10:35:57 2018 -0700
tree850937d1ad61ee2f88067d7d31b3397c5ab0b4ff
parent3c50fab04876f7fc3c6a02f42b718be27944c0fc [diff]
Fix wrongly initialized test key.

According to spec the test key has 32 bytes set to TextKeyBits::BYTE.
The VTS test and default implmementation only set the first 16 bytes and
left the remaining 16 bytes zero.

This bug fixes both, the VTS test and the default implementation.

Also some long overdue changes to how the auth token key is handled
by the generic operation.

Bug: 78456249
Test: VtsHalConfirmationUIV1_0TargetTest
Change-Id: I509f2c2a99704ee00625e6f6169479771a3bc17a

diff --git a/confirmationui/1.0/default/PlatformSpecifics.cpp b/confirmationui/1.0/default/PlatformSpecifics.cpp
index dd039e2..03d6165 100644
--- a/confirmationui/1.0/default/PlatformSpecifics.cpp
+++ b/confirmationui/1.0/default/PlatformSpecifics.cpp

@@ -36,11 +36,11 @@
     }
 }
 
-support::NullOr<support::array<uint8_t, 32>> HMacImplementation::hmac256(
-    const uint8_t key[32], std::initializer_list<support::ByteBufferProxy> buffers) {
+support::NullOr<support::hmac_t> HMacImplementation::hmac256(
+    const support::auth_token_key_t& key, std::initializer_list<support::ByteBufferProxy> buffers) {
     HMAC_CTX hmacCtx;
     HMAC_CTX_init(&hmacCtx);
-    if (!HMAC_Init_ex(&hmacCtx, key, 32, EVP_sha256(), nullptr)) {
+    if (!HMAC_Init_ex(&hmacCtx, key.data(), key.size(), EVP_sha256(), nullptr)) {
         return {};
     }
     for (auto& buffer : buffers) {
@@ -48,7 +48,7 @@
             return {};
         }
     }
-    support::array<uint8_t, 32> result;
+    support::hmac_t result;
     if (!HMAC_Final(&hmacCtx, result.data(), nullptr)) {
         return {};
     }

diff --git a/confirmationui/1.0/default/PlatformSpecifics.h b/confirmationui/1.0/default/PlatformSpecifics.h
index 488da6d..29f299c 100644
--- a/confirmationui/1.0/default/PlatformSpecifics.h
+++ b/confirmationui/1.0/default/PlatformSpecifics.h

@@ -48,8 +48,9 @@
 
 class HMacImplementation {
    public:
-    static support::NullOr<support::array<uint8_t, 32>> hmac256(
-        const uint8_t key[32], std::initializer_list<support::ByteBufferProxy> buffers);
+    static support::NullOr<support::hmac_t> hmac256(
+        const support::auth_token_key_t& key,
+        std::initializer_list<support::ByteBufferProxy> buffers);
 };
 
 class MyOperation : public generic::Operation<sp<IConfirmationResultCallback>,

diff --git a/confirmationui/1.0/vts/functional/VtsHalConfirmationUIV1_0TargetTest.cpp b/confirmationui/1.0/vts/functional/VtsHalConfirmationUIV1_0TargetTest.cpp
index 463bb40..278d1f4 100644
--- a/confirmationui/1.0/vts/functional/VtsHalConfirmationUIV1_0TargetTest.cpp
+++ b/confirmationui/1.0/vts/functional/VtsHalConfirmationUIV1_0TargetTest.cpp

@@ -46,13 +46,16 @@
 
 namespace test {
 namespace {
+const support::auth_token_key_t testKey(static_cast<uint8_t>(TestKeyBits::BYTE));
+
 class HMacImplementation {
    public:
-    static support::NullOr<support::array<uint8_t, 32>> hmac256(
-        const uint8_t key[32], std::initializer_list<support::ByteBufferProxy> buffers) {
+    static support::NullOr<support::hmac_t> hmac256(
+        const support::auth_token_key_t& key,
+        std::initializer_list<support::ByteBufferProxy> buffers) {
         HMAC_CTX hmacCtx;
         HMAC_CTX_init(&hmacCtx);
-        if (!HMAC_Init_ex(&hmacCtx, key, 32, EVP_sha256(), nullptr)) {
+        if (!HMAC_Init_ex(&hmacCtx, key.data(), key.size(), EVP_sha256(), nullptr)) {
             return {};
         }
         for (auto& buffer : buffers) {
@@ -60,7 +63,7 @@
                 return {};
             }
         }
-        support::array<uint8_t, 32> result;
+        support::hmac_t result;
         if (!HMAC_Final(&hmacCtx, result.data(), nullptr)) {
             return {};
         }
@@ -70,23 +73,15 @@
 
 using HMacer = support::HMac<HMacImplementation>;
 
-constexpr uint8_t testKeyByte = static_cast<uint8_t>(TestKeyBits::BYTE);
-
 template <typename... Data>
 hidl_vec<uint8_t> testHMAC(const Data&... data) {
-    constexpr uint8_t testKey[32] = {testKeyByte, testKeyByte, testKeyByte, testKeyByte,
-                                     testKeyByte, testKeyByte, testKeyByte, testKeyByte,
-                                     testKeyByte, testKeyByte, testKeyByte, testKeyByte,
-                                     testKeyByte, testKeyByte, testKeyByte, testKeyByte};
-    constexpr uint8_t hmac_size_bytes = sizeof testKey;
-
     auto hmac = HMacer::hmac256(testKey, data...);
     if (!hmac.isOk()) {
         EXPECT_TRUE(false) << "Failed to compute test hmac.  This is a self-test error.";
         return {};
     }
-    hidl_vec<uint8_t> result(hmac_size_bytes);
-    copy(hmac.value().data(), hmac.value().data() + hmac_size_bytes, result.data());
+    hidl_vec<uint8_t> result(hmac.value().size());
+    copy(hmac.value().data(), hmac.value().data() + hmac.value().size(), result.data());
     return result;
 }
 

diff --git a/confirmationui/support/include/android/hardware/confirmationui/1.0/generic/GenericOperation.h b/confirmationui/support/include/android/hardware/confirmationui/1.0/generic/GenericOperation.h
index b480942..b1c322c 100644
--- a/confirmationui/support/include/android/hardware/confirmationui/1.0/generic/GenericOperation.h
+++ b/confirmationui/support/include/android/hardware/confirmationui/1.0/generic/GenericOperation.h

@@ -99,7 +99,8 @@
 
     void setPending() { error_ = ResponseCode::OK; }
 
-    void setHmacKey(const uint8_t (&key)[32]) { hmacKey_ = {key}; }
+    void setHmacKey(const auth_token_key_t& key) { hmacKey_ = key; }
+    NullOr<auth_token_key_t> hmacKey() const { return hmacKey_; }
 
     void abort() {
         if (isPending()) {
@@ -112,7 +113,7 @@
         if (isPending()) error_ = ResponseCode::Canceled;
     }
 
-    void finalize(const uint8_t key[32]) {
+    void finalize(const auth_token_key_t& key) {
         if (error_ == ResponseCode::Ignored) return;
         resultCB_->result(error_, getMessage(), userConfirm(key));
         error_ = ResponseCode::Ignored;
@@ -127,11 +128,7 @@
     }
 
     ResponseCode deliverSecureInputEvent(const HardwareAuthToken& secureInputToken) {
-        constexpr uint8_t testKeyByte = static_cast<uint8_t>(TestKeyBits::BYTE);
-        constexpr uint8_t testKey[32] = {testKeyByte, testKeyByte, testKeyByte, testKeyByte,
-                                         testKeyByte, testKeyByte, testKeyByte, testKeyByte,
-                                         testKeyByte, testKeyByte, testKeyByte, testKeyByte,
-                                         testKeyByte, testKeyByte, testKeyByte, testKeyByte};
+        const auth_token_key_t testKey(static_cast<uint8_t>(TestKeyBits::BYTE));
 
         auto hmac = HMacer::hmac256(testKey, "\0", bytes_cast(secureInputToken.challenge),
                                     bytes_cast(secureInputToken.userId),
@@ -171,7 +168,7 @@
         result.setToExternal(formattedMessageBuffer_, formattedMessageLength_);
         return result;
     }
-    hidl_vec<uint8_t> userConfirm(const uint8_t key[32]) {
+    hidl_vec<uint8_t> userConfirm(const auth_token_key_t& key) {
         if (error_ != ResponseCode::OK) return {};
         confirmationTokenScratchpad_ = HMacer::hmac256(key, "confirmation token", getMessage());
         if (!confirmationTokenScratchpad_.isOk()) {
@@ -188,10 +185,10 @@
     uint8_t formattedMessageBuffer_[uint32_t(MessageSize::MAX)];
     char promptStringBuffer_[uint32_t(MessageSize::MAX)];
     size_t formattedMessageLength_ = 0;
-    NullOr<array<uint8_t, 32>> confirmationTokenScratchpad_;
+    NullOr<hmac_t> confirmationTokenScratchpad_;
     Callback resultCB_;
     typename TimeStamper::TimeStamp startTime_;
-    NullOr<array<uint8_t, 32>> hmacKey_;
+    NullOr<auth_token_key_t> hmacKey_;
 };
 
 }  // namespace

diff --git a/confirmationui/support/include/android/hardware/confirmationui/support/confirmationui_utils.h b/confirmationui/support/include/android/hardware/confirmationui/support/confirmationui_utils.h
index d551433..3f7810a 100644
--- a/confirmationui/support/include/android/hardware/confirmationui/support/confirmationui_utils.h
+++ b/confirmationui/support/include/android/hardware/confirmationui/support/confirmationui_utils.h

@@ -81,17 +81,23 @@
    public:
     array() : data_{} {}
     array(const T (&data)[elements]) { std::copy(data, data + elements, data_); }
+    explicit array(const T& v) { fill(v); }
 
     T* data() { return data_; }
     const T* data() const { return data_; }
     constexpr size_t size() const { return elements; }
-    operator const array_type&() const { return data_; }
 
     T* begin() { return data_; }
     T* end() { return data_ + elements; }
     const T* begin() const { return data_; }
     const T* end() const { return data_ + elements; }
 
+    void fill(const T& v) {
+        for (size_t i = 0; i < elements; ++i) {
+            data_[i] = v;
+        }
+    }
+
    private:
     array_type data_;
 };
@@ -157,6 +163,11 @@
     size_t size_;
 };
 
+constexpr uint8_t auth_token_key_size = 32;
+constexpr uint8_t hmac_size_bytes = support::auth_token_key_size;
+using auth_token_key_t = array<uint8_t, auth_token_key_size>;
+using hmac_t = auth_token_key_t;
+
 /**
  * Implementer are expected to provide an implementation with the following prototype:
  *  static NullOr<array<uint8_t, 32>> hmac256(const uint8_t key[32],
@@ -166,7 +177,7 @@
 class HMac {
    public:
     template <typename... Data>
-    static NullOr<array<uint8_t, 32>> hmac256(const uint8_t key[32], const Data&... data) {
+    static NullOr<hmac_t> hmac256(const auth_token_key_t& key, const Data&... data) {
         return Impl::hmac256(key, {data...});
     }
 };