tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Generate COSE MAC with a callback, not raw key

Browse source 
The cppcose_rkp library was updated to generate MAC via callback instead
of passing keys around to allow for stronger MAC key protection.

Bug: 182928606
Test: VtsHalRemotelyProvisionedComponentTargetTest
Test: RemoteProvisionerUnitTests
Change-Id: Ia8a0410408fe3064e904c5282b52f172f8134b9a
This commit is contained in:
Seth Moore 2021-04-30 11:41:18 -07:00
parent d02d9f2767
commit 7735ba5ea9
1 changed files with 9 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
View file

@ -44,7 +44,9 @@ using std::unique_ptr;
using ::testing::AssertionFailure; using ::testing::AssertionFailure;
using ::testing::AssertionResult; using ::testing::AssertionResult;
using ::testing::AssertionSuccess; using ::testing::AssertionSuccess;
using ::testing::ElementsAreArray;
using ::testing::MatchesRegex; using ::testing::MatchesRegex;
using ::testing::Not;
::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) { ::std::ostream& operator<<(::std::ostream& os, const AuthorizationSet& set) {
if (set.size() == 0) if (set.size() == 0)
@ -1548,14 +1550,17 @@ void check_maced_pubkey(const MacedPublicKey& macedPubKey, bool testMode,
EXPECT_EQ(extractedTag.size(), 32U); EXPECT_EQ(extractedTag.size(), 32U);
// Compare with tag generated with kTestMacKey. Should only match in test mode // Compare with tag generated with kTestMacKey. Should only match in test mode
auto testTag = cppcose::generateCoseMac0Mac(remote_prov::kTestMacKey, {} /* external_aad */, auto macFunction = [](const cppcose::bytevec& input) {
payload->value()); return cppcose::generateHmacSha256(remote_prov::kTestMacKey, input);
};
auto testTag =
cppcose::generateCoseMac0Mac(macFunction, {} /* external_aad */, payload->value());
ASSERT_TRUE(testTag) << "Tag calculation failed: " << testTag.message(); ASSERT_TRUE(testTag) << "Tag calculation failed: " << testTag.message();
if (testMode) { if (testMode) {
EXPECT_EQ(*testTag, extractedTag); EXPECT_THAT(*testTag, ElementsAreArray(extractedTag));
} else { } else {
EXPECT_NE(*testTag, extractedTag); EXPECT_THAT(*testTag, Not(ElementsAreArray(extractedTag)));
} }
if (payload_value != nullptr) { if (payload_value != nullptr) {
*payload_value = payload->value(); *payload_value = payload->value();