Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 8c255e69bf3edf5bbfc6ddc5910f1fb91a228e9b^! / . / security / keymint / aidl / vts / functional / VtsRemotelyProvisionedComponentTests.cpp
commit8c255e69bf3edf5bbfc6ddc5910f1fb91a228e9b[log] [tgz]
authorMax Bires <jbires@google.com>Wed Feb 02 12:03:28 2022 -0800
committerMax Bires <jbires@google.com>Thu Feb 03 01:00:03 2022 +0000
tree1827a74116d740f4470c9390c4951e120ceb0f6b
parent87a6fbc5cdb6f7767d53e87bcdb63ddde7c30220 [diff] [blame]
Enforcing canonicalization of DeviceInfo.

This change specifies that the DeviceInfo map returned by the IRPC HAL
implementation should be canonicalized. Additionally, it adds coverage
to the VTS tests to ensure this requirement is enforced.

Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I276f38497a307c407d305b62a3e9af78a403054e

diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 3a7e000..927d7d7 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

@@ -422,7 +422,7 @@
         ASSERT_TRUE(deviceInfoMap) << "Failed to parse deviceInfo: " << deviceInfoErrMsg;
         ASSERT_TRUE(deviceInfoMap->asMap());
 
-        checkDeviceInfo(deviceInfoMap->asMap());
+        checkDeviceInfo(deviceInfoMap->asMap(), deviceInfo.deviceInfo);
 
         auto& signingKey = bccContents->back().pubKey;
         auto macKey = verifyAndParseCoseSign1(signedMac->asArray(), signingKey,
@@ -466,7 +466,7 @@
         }
     }
 
-    void checkDeviceInfo(const cppbor::Map* deviceInfo) {
+    void checkDeviceInfo(const cppbor::Map* deviceInfo, bytevec deviceInfoBytes) {
         const auto& version = deviceInfo->get("version");
         ASSERT_TRUE(version);
         ASSERT_TRUE(version->asUint());
@@ -518,6 +518,8 @@
             default:
                 FAIL() << "Unrecognized version: " << version->asUint()->value();
         }
+        ASSERT_EQ(deviceInfo->clone()->asMap()->canonicalize().encode(), deviceInfoBytes)
+                << "DeviceInfo ordering is non-canonical.";
     }
 
     bytevec eekId_;