Add strict equality check for VB key digest length on VSR-16+. (f6b7ba75) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+19 −6

Original line number	Diff line number	Diff line
		@@ -1908,16 +1908,29 @@ void verify_root_of_trust(const vector<uint8_t>& verified_boot_key, bool device_
		}
		}

		if (get_vsr_api_level() > __ANDROID_API_V__) {
		// The Verified Boot key field should be exactly 32 bytes since it
		// contains the SHA-256 hash of the key on locked devices or 32 bytes
		// of zeroes on unlocked devices. This wasn't checked for earlier
		// versions of the KeyMint HAL, so only only be strict for VSR-16+.
		EXPECT_EQ(verified_boot_key.size(), 32);
		} else if (get_vsr_api_level() == __ANDROID_API_V__) {
		// The Verified Boot key field should be:
		// - Exactly 32 bytes on locked devices since it should contain
		// the SHA-256 hash of the key, or
		// - Up to 32 bytes of zeroes on unlocked devices (behaviour on
		// unlocked devices isn't specified in the HAL interface
		// specification).
		// Thus, we can't check for strict equality in case unlocked devices
		// report values with less than 32 bytes. This wasn't checked for
		// earlier versions of the KeyMint HAL, so only check on VSR-15.
		EXPECT_LE(verified_boot_key.size(), 32);
		}

		// Verified Boot key should be all zeroes if the boot state is "orange".
		std::string empty_boot_key(32, '\0');
		std::string verified_boot_key_str((const char*)verified_boot_key.data(),
		verified_boot_key.size());
		if (get_vsr_api_level() >= __ANDROID_API_V__) {
		// The attestation should contain the SHA-256 hash of the verified boot
		// key. However, this was not checked for earlier versions of the KeyMint
		// HAL so only be strict for VSR-V and above.
		EXPECT_LE(verified_boot_key.size(), 32);
		}
		EXPECT_NE(property_get("ro.boot.verifiedbootstate", property_value, ""), 0);
		if (!strcmp(property_value, "green")) {
		EXPECT_EQ(verified_boot_state, VerifiedBoot::VERIFIED);

security/keymint/aidl/vts/functional/SecureElementProvisioningTest.cpp

+16 −4

Original line number	Diff line number	Diff line
		@@ -114,10 +114,22 @@ class SecureElementProvisioningTest : public testing::Test {
		const auto& vbKey = rot->asArray()->get(pos++);
		ASSERT_TRUE(vbKey);
		ASSERT_TRUE(vbKey->asBstr());
		if (get_vsr_api_level() >= __ANDROID_API_V__) {
		// The attestation should contain the SHA-256 hash of the verified boot
		// key. However, this not was checked for earlier versions of the KeyMint
		// HAL so only be strict for VSR-V and above.
		if (get_vsr_api_level() > __ANDROID_API_V__) {
		// The Verified Boot key field should be exactly 32 bytes since it
		// contains the SHA-256 hash of the key on locked devices or 32 bytes
		// of zeroes on unlocked devices. This wasn't checked for earlier
		// versions of the KeyMint HAL, so only only be strict for VSR-16+.
		ASSERT_EQ(vbKey->asBstr()->value().size(), 32);
		} else if (get_vsr_api_level() == __ANDROID_API_V__) {
		// The Verified Boot key field should be:
		// - Exactly 32 bytes on locked devices since it should contain
		// the SHA-256 hash of the key, or
		// - Up to 32 bytes of zeroes on unlocked devices (behaviour on
		// unlocked devices isn't specified in the HAL interface
		// specification).
		// Thus, we can't check for strict equality in case unlocked devices
		// report values with less than 32 bytes. This wasn't checked for
		// earlier versions of the KeyMint HAL, so only check on VSR-15.
		ASSERT_LE(vbKey->asBstr()->value().size(), 32);
		}