Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ea113e83 authored by Seth Moore's avatar Seth Moore Committed by Automerger Merge Worker
Browse files

Add ensuring that test BCC keys not unique ids am: 42c1133f 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1755320

Change-Id: Iba4468d4fd8c311425bbcd7f8a6d9d9ff3e20787
parents 5b6e9e92 42c1133f

security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

+49 −1
Original line number Diff line number Diff line
@@ -29,6 +29,7 @@ 
#include <openssl/ec_key.h>

#include <openssl/x509.h>

#include <remote_prov/remote_prov_utils.h>

#include <vector>



#include "KeyMintAidlTestBase.h"
@@ -297,7 +298,8 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { 
    }



    void checkProtectedData(const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign,

                            const bytevec& keysToSignMac, const ProtectedData& protectedData) {

                            const bytevec& keysToSignMac, const ProtectedData& protectedData,

                            std::vector<BccEntryData>* bccOutput = nullptr) {

        auto [parsedProtectedData, _, protDataErrMsg] = cppbor::parse(protectedData.protectedData);

        ASSERT_TRUE(parsedProtectedData) << protDataErrMsg;

        ASSERT_TRUE(parsedProtectedData->asArray());
@@ -354,6 +356,10 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { 


        auto macPayload = verifyAndParseCoseMac0(&coseMac0, *macKey);

        ASSERT_TRUE(macPayload) << macPayload.message();



        if (bccOutput) {

            *bccOutput = std::move(*bccContents);

        }

    }



    bytevec eekId_;
@@ -386,6 +392,48 @@ TEST_P(CertificateRequestTest, EmptyRequest_testMode) { 
    }

}



/**

 * Ensure that test mode outputs a unique BCC root key every time we request a

 * certificate request. Else, it's possible that the test mode API could be used

 * to fingerprint devices. Only the GEEK should be allowed to decrypt the same

 * device public key multiple times.

 */

TEST_P(CertificateRequestTest, NewKeyPerCallInTestMode) {

    constexpr bool testMode = true;

    constexpr size_t eekLength = 2;



    generateEek(eekLength);



    bytevec keysToSignMac;

    DeviceInfo deviceInfo;

    ProtectedData protectedData;

    auto status = provisionable_->generateCertificateRequest(

            testMode, {} /* keysToSign */, eekChain_.chain, challenge_, &deviceInfo, &protectedData,

            &keysToSignMac);

    ASSERT_TRUE(status.isOk()) << status.getMessage();



    std::vector<BccEntryData> firstBcc;

    checkProtectedData(deviceInfo, /*keysToSign=*/cppbor::Array(), keysToSignMac, protectedData,

                       &firstBcc);



    status = provisionable_->generateCertificateRequest(testMode, {} /* keysToSign */,

                                                        eekChain_.chain, challenge_, &deviceInfo,

                                                        &protectedData, &keysToSignMac);

    ASSERT_TRUE(status.isOk()) << status.getMessage();



    std::vector<BccEntryData> secondBcc;

    checkProtectedData(deviceInfo, /*keysToSign=*/cppbor::Array(), keysToSignMac, protectedData,

                       &secondBcc);



    // Verify that none of the keys in the first BCC are repeated in the second one.

    for (const auto& i : firstBcc) {

        for (auto& j : secondBcc) {

            ASSERT_THAT(i.pubKey, testing::Not(testing::ElementsAreArray(j.pubKey)))

                    << "Found a repeated pubkey in two generateCertificateRequest test mode calls";

        }

    }

}



/**

 * Generate an empty certificate request in prod mode.  Generation will fail because we don't have a

 * valid GEEK.