tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Prevent test crashes if device sets invalid curve" am: ceedbb0d1a

Browse source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2020155

Change-Id: I8ca787e6f309d430b3859909d9c951a6511cc242
This commit is contained in:
David Drysdale 2022-03-15 08:06:22 +00:00 committed by Automerger Merge Worker
commit cd2af34d63
2 changed files with 9 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
View file

@ -363,7 +363,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests {
void generateTestEekChain(size_t eekLength) { void generateTestEekChain(size_t eekLength) {
auto chain = generateEekChain(rpcHardwareInfo.supportedEekCurve, eekLength, eekId_); auto chain = generateEekChain(rpcHardwareInfo.supportedEekCurve, eekLength, eekId_);
EXPECT_TRUE(chain) << chain.message(); ASSERT_TRUE(chain) << chain.message();
if (chain) testEekChain_ = chain.moveValue(); if (chain) testEekChain_ = chain.moveValue();
testEekLength_ = eekLength; testEekLength_ = eekLength;
} }
@ -669,7 +669,9 @@ TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_prodMode) {
TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_testMode) { TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_testMode) {
bool testMode = true; bool testMode = true;
generateKeys(testMode, 1 /* numKeys */); generateKeys(testMode, 1 /* numKeys */);
MacedPublicKey keyWithCorruptMac = corrupt_maced_key(keysToSign_[0]).moveValue(); auto result = corrupt_maced_key(keysToSign_[0]);
ASSERT_TRUE(result) << result.moveMessage();
MacedPublicKey keyWithCorruptMac = result.moveValue();
bytevec keysToSignMac; bytevec keysToSignMac;
DeviceInfo deviceInfo; DeviceInfo deviceInfo;
@ -688,7 +690,9 @@ TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_testMode) {
TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_prodMode) { TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_prodMode) {
bool testMode = false; bool testMode = false;
generateKeys(testMode, 1 /* numKeys */); generateKeys(testMode, 1 /* numKeys */);
MacedPublicKey keyWithCorruptMac = corrupt_maced_key(keysToSign_[0]).moveValue(); auto result = corrupt_maced_key(keysToSign_[0]);
ASSERT_TRUE(result) << result.moveMessage();
MacedPublicKey keyWithCorruptMac = result.moveValue();
bytevec keysToSignMac; bytevec keysToSignMac;
DeviceInfo deviceInfo; DeviceInfo deviceInfo;

4
security/keymint/support/remote_prov_utils.cpp
View file

@ -225,7 +225,7 @@ ErrMsgOr<EekChain> generateEekChain(int32_t supportedEekCurve, size_t length,
bytevec prev_priv_key; bytevec prev_priv_key;
for (size_t i = 0; i < length - 1; ++i) { for (size_t i = 0; i < length - 1; ++i) {
auto keyPair = generateKeyPair(supportedEekCurve, false); auto keyPair = generateKeyPair(supportedEekCurve, false);
if (!keyPair) keyPair.moveMessage(); if (!keyPair) return keyPair.moveMessage();
auto [pub_key, priv_key] = keyPair.moveValue(); auto [pub_key, priv_key] = keyPair.moveValue();
// The first signing key is self-signed. // The first signing key is self-signed.
@ -242,7 +242,7 @@ ErrMsgOr<EekChain> generateEekChain(int32_t supportedEekCurve, size_t length,
prev_priv_key = priv_key; prev_priv_key = priv_key;
} }
auto keyPair = generateKeyPair(supportedEekCurve, true); auto keyPair = generateKeyPair(supportedEekCurve, true);
if (!keyPair) keyPair.moveMessage(); if (!keyPair) return keyPair.moveMessage();
auto [pub_key, priv_key] = keyPair.moveValue(); auto [pub_key, priv_key] = keyPair.moveValue();
auto coseKey = constructCoseKey(supportedEekCurve, eekId, pub_key); auto coseKey = constructCoseKey(supportedEekCurve, eekId, pub_key);