Merge "Enforcing canonicalization of DeviceInfo." am: 4820b542fa (2b8301c9) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl

+3 −1

Original line number	Diff line number	Diff line
		@@ -27,7 +27,9 @@ package android.hardware.security.keymint;
		@VintfStability
		parcelable DeviceInfo {
		/**
		* DeviceInfo is a CBOR Map structure described by the following CDDL.
		* DeviceInfo is a CBOR Map structure described by the following CDDL. DeviceInfo must be
		* canonicalized according to the specification in RFC 7049. The ordering presented here is
		* non-canonical to group similar entries semantically.
		*
		* DeviceInfo = {
		* "brand" : tstr,

+4 −2

Original line number	Diff line number	Diff line
		@@ -422,7 +422,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
		ASSERT_TRUE(deviceInfoMap) << "Failed to parse deviceInfo: " << deviceInfoErrMsg;
		ASSERT_TRUE(deviceInfoMap->asMap());

		checkDeviceInfo(deviceInfoMap->asMap());
		checkDeviceInfo(deviceInfoMap->asMap(), deviceInfo.deviceInfo);

		auto& signingKey = bccContents->back().pubKey;
		auto macKey = verifyAndParseCoseSign1(signedMac->asArray(), signingKey,
		@@ -466,7 +466,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
		}
		}

		void checkDeviceInfo(const cppbor::Map* deviceInfo) {
		void checkDeviceInfo(const cppbor::Map* deviceInfo, bytevec deviceInfoBytes) {
		const auto& version = deviceInfo->get("version");
		ASSERT_TRUE(version);
		ASSERT_TRUE(version->asUint());
		@@ -518,6 +518,8 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
		default:
		FAIL() << "Unrecognized version: " << version->asUint()->value();
		}
		ASSERT_EQ(deviceInfo->clone()->asMap()->canonicalize().encode(), deviceInfoBytes)
		<< "DeviceInfo ordering is non-canonical.";
		}

		bytevec eekId_;