Google Git
Sign in
fuchsia/third_party/android.googlesource.com/platform/system/keymint/refs/tags/android-security-15.0.0_r13^1..refs/tags/android-security-15.0.0_r13/.
commit
96f84bfc34920789f7321c400f7438dbf980cb99
[log]
author
Android Build Coastguard Worker <android-build-coastguard-worker@google.com>
Sat Jun 01 01:24:55 2024 +0000
committer
Android Build Coastguard Worker <android-build-coastguard-worker@google.com>
Sat Jun 01 01:24:55 2024 +0000
tree
641437b6f0df7894c07f30260e542ea374ec6fe5
parent
8e34c4481059d7f893df2ad633803137a12cc22f [diff]
parent
003daeec9e62ef349d41b927bcaa9f341ab29159 [diff]
Snap for 11914274 from 003daeec9e62ef349d41b927bcaa9f341ab29159 to 24Q3-release

Change-Id: Ie7c1d70f8ddb6de02e323fd4c5aa80ca6833e72f

diff --git a/common/Android.bp b/common/Android.bp
index 05f3b32..df0d860 100644
--- a/common/Android.bp
+++ b/common/Android.bp

@@ -50,7 +50,6 @@
     ],
 }
 
-
 rust_library_rlib {
     name: "libkmr_common_nostd",
     crate_name: "kmr_common",
@@ -107,17 +106,19 @@
     ],
 }
 
-// The fuzzer target cannot be built for the device because some
-// of the dependencies have restricted visibility.
-rust_fuzz_host {
+rust_fuzz {
     name: "libkmr_common_fuzz_keyblob",
     srcs: ["fuzz/fuzz_targets/keyblob.rs"],
     rustlibs: ["libkmr_common"],
+    host_supported: true,
     fuzz_config: {
-        cc: ["drysdale@google.com", "hasinitg@google.com"],
+        cc: [
+            "drysdale@google.com",
+            "hasinitg@google.com",
+        ],
         componentid: 1084733,
         hotlists: ["4271696"],
-        fuzz_on_haiku_device: false,
+        fuzz_on_haiku_device: true,
         fuzz_on_haiku_host: true,
     },
 }

diff --git a/ta/Android.bp b/ta/Android.bp
index b5ed668..8528c26 100644
--- a/ta/Android.bp
+++ b/ta/Android.bp

@@ -34,7 +34,7 @@
         "libkmr_wire",
         "liblog_rust",
         "libspki",
-        "libx509_cert"
+        "libx509_cert",
     ],
     proc_macros: [
         "libkmr_derive",
@@ -58,7 +58,7 @@
         "libkmr_wire_nostd",
         "liblog_rust_nostd",
         "libspki_nostd",
-        "libx509_cert_nostd"
+        "libx509_cert_nostd",
     ],
     proc_macros: [
         "libkmr_derive",
@@ -86,10 +86,30 @@
         "libkmr_wire",
         "liblog_rust",
         "libspki",
-        "libx509_cert"
+        "libx509_cert",
     ],
     proc_macros: [
         "libkmr_derive",
     ],
     test_suites: ["general-tests"],
 }
+
+rust_fuzz {
+    name: "libkmr_ta_fuzz_keydescription",
+    srcs: ["fuzz/fuzz_targets/keydescription.rs"],
+    rustlibs: [
+        "libder",
+        "libkmr_ta",
+    ],
+    host_supported: true,
+    fuzz_config: {
+        cc: [
+            "drysdale@google.com",
+            "hasinitg@google.com",
+        ],
+        componentid: 1084733,
+        hotlists: ["4271696"],
+        fuzz_on_haiku_device: true,
+        fuzz_on_haiku_host: true,
+    },
+}

diff --git a/ta/fuzz/.gitignore b/ta/fuzz/.gitignore
new file mode 100644
index 0000000..1a45eee
--- /dev/null
+++ b/ta/fuzz/.gitignore

@@ -0,0 +1,4 @@
+target
+corpus
+artifacts
+coverage

diff --git a/ta/fuzz/Cargo.toml b/ta/fuzz/Cargo.toml
new file mode 100644
index 0000000..c28d135
--- /dev/null
+++ b/ta/fuzz/Cargo.toml

@@ -0,0 +1,32 @@
+[package]
+name = "kmr-ta-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2021"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+der = { version = "^0.7.8", features = ["alloc", "derive"] }
+libfuzzer-sys = "0.4"
+
+[dependencies.kmr-ta]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "keydescription"
+path = "fuzz_targets/keydescription.rs"
+test = false
+doc = false
+bench = false
+
+[patch.crates-io]
+kmr-common = { path = "../../common" }
+kmr-derive = { path = "../../derive" }
+kmr-wire = { path = "../../wire" }

diff --git a/ta/fuzz/fuzz_targets/keydescription.rs b/ta/fuzz/fuzz_targets/keydescription.rs
new file mode 100644
index 0000000..3e4d129
--- /dev/null
+++ b/ta/fuzz/fuzz_targets/keydescription.rs

@@ -0,0 +1,9 @@
+//! Fuzzer for parsing ASN.1 key descriptions.
+#![no_main]
+
+use der::Decode;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    let _result = kmr_ta::keys::SecureKeyWrapper::from_der(data);
+});

diff --git a/ta/src/keys.rs b/ta/src/keys.rs
index c9f563f..8d6fab3 100644
--- a/ta/src/keys.rs
+++ b/ta/src/keys.rs

@@ -53,14 +53,20 @@
 /// ```
 #[derive(Debug, Clone, Sequence)]
 pub struct SecureKeyWrapper<'a> {
+    /// Version of this structure.
     pub version: i32,
+    /// Encrypted transport key.
     #[asn1(type = "OCTET STRING")]
     pub encrypted_transport_key: &'a [u8],
+    /// IV to use for decryption.
     #[asn1(type = "OCTET STRING")]
     pub initialization_vector: &'a [u8],
+    /// Key parameters and description.
     pub key_description: KeyDescription<'a>,
+    /// Ciphertext of the imported key.
     #[asn1(type = "OCTET STRING")]
     pub encrypted_key: &'a [u8],
+    /// Tag value.
     #[asn1(type = "OCTET STRING")]
     pub tag: &'a [u8],
 }
@@ -69,7 +75,7 @@
 
 /// Contents of key description.
 ///
-/// ``asn1
+/// ```asn1
 /// KeyDescription ::= SEQUENCE {
 ///     keyFormat    INTEGER, # Values from KeyFormat enum
 ///     keyParams    AuthorizationList, # See cert.rs
@@ -77,7 +83,9 @@
 /// ```
 #[derive(Debug, Clone, Sequence)]
 pub struct KeyDescription<'a> {
+    /// Format of imported key.
     pub key_format: i32,
+    /// Key parameters.
     pub key_params: cert::AuthorizationList<'a>,
 }
 

diff --git a/ta/src/lib.rs b/ta/src/lib.rs
index c2001a8..44e144a 100644
--- a/ta/src/lib.rs
+++ b/ta/src/lib.rs

@@ -45,7 +45,7 @@
 mod cert;
 mod clock;
 pub mod device;
-mod keys;
+pub mod keys;
 mod operation;
 pub mod rkp;
 mod secret;