tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Enforcing canonicalization of DeviceInfo." am: 4820b542fa am: 2b8301c90e

Browse source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1968997

Change-Id: Ic5f285a2109b8f49cf7d1e548b21c4e672736290
This commit is contained in:
Max Bires 2022-02-04 03:11:20 +00:00 committed by Automerger Merge Worker
commit 78e11bb6f4
2 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
View file

@ -27,7 +27,9 @@ package android.hardware.security.keymint;
@VintfStability
parcelable DeviceInfo {
/**
* DeviceInfo is a CBOR Map structure described by the following CDDL.
* DeviceInfo is a CBOR Map structure described by the following CDDL. DeviceInfo must be
* canonicalized according to the specification in RFC 7049. The ordering presented here is
* non-canonical to group similar entries semantically.
*
* DeviceInfo = {
* "brand" : tstr,

6
security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
View file

@ -422,7 +422,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
ASSERT_TRUE(deviceInfoMap) << "Failed to parse deviceInfo: " << deviceInfoErrMsg;
ASSERT_TRUE(deviceInfoMap->asMap());
checkDeviceInfo(deviceInfoMap->asMap());
checkDeviceInfo(deviceInfoMap->asMap(), deviceInfo.deviceInfo);
auto& signingKey = bccContents->back().pubKey;
auto macKey = verifyAndParseCoseSign1(signedMac->asArray(), signingKey,
@ -466,7 +466,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
}
}
void checkDeviceInfo(const cppbor::Map* deviceInfo) {
void checkDeviceInfo(const cppbor::Map* deviceInfo, bytevec deviceInfoBytes) {
const auto& version = deviceInfo->get("version");
ASSERT_TRUE(version);
ASSERT_TRUE(version->asUint());
@ -518,6 +518,8 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
default:
FAIL() << "Unrecognized version: " << version->asUint()->value();
}
ASSERT_EQ(deviceInfo->clone()->asMap()->canonicalize().encode(), deviceInfoBytes)
<< "DeviceInfo ordering is non-canonical.";
}
bytevec eekId_;