Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / fb49ad2f3cb8e3ac7f2de81c7524ccaa8bb75e15^! / . / security / keymint / aidl / vts
commitfb49ad2f3cb8e3ac7f2de81c7524ccaa8bb75e15[log] [tgz]
authorAndrew Scull <ascull@google.com>Wed Nov 09 21:02:48 2022 +0000
committerAndrew Scull <ascull@google.com>Fri Nov 11 15:24:38 2022 +0000
tree88e3b6ad82a5fff22f69f17e735a4d9e35033705
parent9aa150cee7121fa2f10323aa202553edc8c8e5b9 [diff]
Update the VTS test for CSRv3 updates

Conform to the latest CDDL changes. Organize parsing to observe the
AuthenticatedRequest structure.

Return the deserialized CSR payload rather than the DICE chain keys
because it simplified the return types.  The return value is only used
by one VTS test that checks sequential CSRs consist of the same request.
The test was incomplete before and it now only looks as the CSR payload
whereas it previously only look at the DICE chain keys.

Bug: 250910137
Test: atest libkeymint_remote_prov_support_test librkp_factory_extraction_test
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I1ba2e0cec22e25312fb890923a4c93043e9046cd

diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 4f361bb..5b11741 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

@@ -701,7 +701,8 @@
 }
 
 /**
- * Generate a non-empty certificate request.  Make sure contents are reproducible.
+ * Generate a non-empty certificate request.  Make sure contents are reproducible but allow for the
+ * signature to be different since algorithms including ECDSA P-256 can include a random value.
  */
 TEST_P(CertificateRequestV2Test, NonEmptyRequestReproducible) {
     generateKeys(false /* testMode */, 1 /* numKeys */);
@@ -711,19 +712,16 @@
     auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
     ASSERT_TRUE(status.isOk()) << status.getMessage();
 
-    auto firstBcc = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
-    ASSERT_TRUE(firstBcc) << firstBcc.message();
+    auto firstCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
+    ASSERT_TRUE(firstCsr) << firstCsr.message();
 
     status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
     ASSERT_TRUE(status.isOk()) << status.getMessage();
 
-    auto secondBcc = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
-    ASSERT_TRUE(secondBcc) << secondBcc.message();
+    auto secondCsr = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
+    ASSERT_TRUE(secondCsr) << secondCsr.message();
 
-    ASSERT_EQ(firstBcc->size(), secondBcc->size());
-    for (auto i = 0; i < firstBcc->size(); i++) {
-        ASSERT_EQ(firstBcc->at(i).pubKey, secondBcc->at(i).pubKey);
-    }
+    ASSERT_EQ(**firstCsr, **secondCsr);
 }
 
 /**