Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 49888764 authored by Seth Moore's avatar Seth Moore Committed by Automerger Merge Worker
Browse files

Add ensuring that test BCC keys not unique ids am: 42c1133f am: ea113e83... 

Add ensuring that test BCC keys not unique ids am: 42c1133f am: ea113e83 am: 9c59da82 am: b6684b32

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1755320

Change-Id: Idcf0c64d0292998dd867b8330770ac513c620e9e
parents e19a494c b6684b32

security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

+49 −1
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ 
#include <openssl/ec_key.h>

#include <openssl/x509.h>

#include <remote_prov/remote_prov_utils.h>

#include <vector>



#include "KeyMintAidlTestBase.h"
@@ -297,7 +298,8 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { 
    }



    void checkProtectedData(const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,

                            const bytevec& keysToSignMac, const ProtectedData& protectedData) {

                            const bytevec& keysToSignMac, const ProtectedData& protectedData,

                            std::vector<BccEntryData>* bccOutput = nullptr) {

        auto [parsedProtectedData, _, protDataErrMsg] = cppbor::parse(protectedData.protectedData);

        ASSERT_TRUE(parsedProtectedData) << protDataErrMsg;

        ASSERT_TRUE(parsedProtectedData->asArray());
@@ -354,6 +356,10 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { 


        auto macPayload = verifyAndParseCoseMac0(&coseMac0, *macKey);

        ASSERT_TRUE(macPayload) << macPayload.message();



        if (bccOutput) {

            *bccOutput = std::move(*bccContents);

        }

    }



    bytevec eekId_;
@@ -386,6 +392,48 @@ TEST_P(CertificateRequestTest, EmptyRequest_testMode) { 
    }

}



/**

 * Ensure that test mode outputs a unique BCC root key every time we request a

 * certificate request. Else, it's possible that the test mode API could be used

 * to fingerprint devices. Only the GEEK should be allowed to decrypt the same

 * device public key multiple times.

 */

TEST_P(CertificateRequestTest, NewKeyPerCallInTestMode) {

    constexpr bool testMode = true;

    constexpr size_t eekLength = 2;



    generateEek(eekLength);



    bytevec keysToSignMac;

    DeviceInfo deviceInfo;

    ProtectedData protectedData;

    auto status = provisionable_->generateCertificateRequest(

            testMode, {} /* keysToSign */, eekChain_.chain, challenge_, &deviceInfo, &protectedData,

            &keysToSignMac);

    ASSERT_TRUE(status.isOk()) << status.getMessage();



    std::vector<BccEntryData> firstBcc;

    checkProtectedData(deviceInfo, /*keysToSign=*/cppbor::Array(), keysToSignMac, protectedData,

                       &firstBcc);



    status = provisionable_->generateCertificateRequest(testMode, {} /* keysToSign */,

                                                        eekChain_.chain, challenge_, &deviceInfo,

                                                        &protectedData, &keysToSignMac);

    ASSERT_TRUE(status.isOk()) << status.getMessage();



    std::vector<BccEntryData> secondBcc;

    checkProtectedData(deviceInfo, /*keysToSign=*/cppbor::Array(), keysToSignMac, protectedData,

                       &secondBcc);



    // Verify that none of the keys in the first BCC are repeated in the second one.

    for (const auto& i : firstBcc) {

        for (auto& j : secondBcc) {

            ASSERT_THAT(i.pubKey, testing::Not(testing::ElementsAreArray(j.pubKey)))

                    << "Found a repeated pubkey in two generateCertificateRequest test mode calls";

        }

    }

}



/**

 * Generate an empty certificate request in prod mode.  Generation will fail because we don't have a

 * valid GEEK.