Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 2b8301c90e3ac7b720a0cda93bb0886736aa57c9^1..2b8301c90e3ac7b720a0cda93bb0886736aa57c9 / .
commit2b8301c90e3ac7b720a0cda93bb0886736aa57c9[log] [tgz]
authorMax Bires <jbires@google.com>Fri Feb 04 03:00:09 2022 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Fri Feb 04 03:00:09 2022 +0000
treebe74ffb4b3ff3c314f9536ca822fe52d786315ed
parent9793b79ce753bf4e4ea99c3f825c3a8995a07302 [diff]
parent4820b542faae475520ba61e5938ac2dd07135ba0 [diff]
Merge "Enforcing canonicalization of DeviceInfo." am: 4820b542fa

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1968997

Change-Id: I6d2b837f7f2592fad29546d2e68c559d1ef4904e

diff --git a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
index 586e659..153a04f 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl

@@ -27,7 +27,9 @@
 @VintfStability
 parcelable DeviceInfo {
     /**
-     * DeviceInfo is a CBOR Map structure described by the following CDDL.
+     * DeviceInfo is a CBOR Map structure described by the following CDDL. DeviceInfo must be
+     * canonicalized according to the specification in RFC 7049. The ordering presented here is
+     * non-canonical to group similar entries semantically.
      *
      *     DeviceInfo = {
      *         "brand" : tstr,

diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 3a7e000..927d7d7 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

@@ -422,7 +422,7 @@
         ASSERT_TRUE(deviceInfoMap) << "Failed to parse deviceInfo: " << deviceInfoErrMsg;
         ASSERT_TRUE(deviceInfoMap->asMap());
 
-        checkDeviceInfo(deviceInfoMap->asMap());
+        checkDeviceInfo(deviceInfoMap->asMap(), deviceInfo.deviceInfo);
 
         auto& signingKey = bccContents->back().pubKey;
         auto macKey = verifyAndParseCoseSign1(signedMac->asArray(), signingKey,
@@ -466,7 +466,7 @@
         }
     }
 
-    void checkDeviceInfo(const cppbor::Map* deviceInfo) {
+    void checkDeviceInfo(const cppbor::Map* deviceInfo, bytevec deviceInfoBytes) {
         const auto& version = deviceInfo->get("version");
         ASSERT_TRUE(version);
         ASSERT_TRUE(version->asUint());
@@ -518,6 +518,8 @@
             default:
                 FAIL() << "Unrecognized version: " << version->asUint()->value();
         }
+        ASSERT_EQ(deviceInfo->clone()->asMap()->canonicalize().encode(), deviceInfoBytes)
+                << "DeviceInfo ordering is non-canonical.";
     }
 
     bytevec eekId_;