[rkp] Verify the MAC of the public keys to sign in RKP HAL
Bug: 299256925
Test: atest rialto_test
Change-Id: I9d7ff281166e5acbe47936fa103cbe6c5fa2c2da
diff --git a/rialto/tests/test.rs b/rialto/tests/test.rs
index e975bbf..c9d68ed 100644
--- a/rialto/tests/test.rs
+++ b/rialto/tests/test.rs
@@ -49,8 +49,8 @@
let mut vm = start_service_vm(vm_type)?;
check_processing_reverse_request(&mut vm)?;
- check_processing_generating_key_pair_request(&mut vm)?;
- check_processing_generating_certificate_request(&mut vm)?;
+ let maced_public_key = check_processing_generating_key_pair_request(&mut vm)?;
+ check_processing_generating_certificate_request(&mut vm, maced_public_key)?;
Ok(())
}
@@ -68,7 +68,7 @@
Ok(())
}
-fn check_processing_generating_key_pair_request(vm: &mut ServiceVm) -> Result<()> {
+fn check_processing_generating_key_pair_request(vm: &mut ServiceVm) -> Result<Vec<u8>> {
let request = Request::GenerateEcdsaP256KeyPair;
let response = vm.process_request(request)?;
@@ -77,9 +77,9 @@
match response {
Response::GenerateEcdsaP256KeyPair(EcdsaP256KeyPair { maced_public_key, .. }) => {
assert_array_has_nonzero(&maced_public_key[..]);
- Ok(())
+ Ok(maced_public_key)
}
- _ => bail!("Incorrect response type"),
+ _ => bail!("Incorrect response type: {response:?}"),
}
}
@@ -87,8 +87,14 @@
assert!(v.iter().any(|&x| x != 0))
}
-fn check_processing_generating_certificate_request(vm: &mut ServiceVm) -> Result<()> {
- let params = GenerateCertificateRequestParams { keys_to_sign: vec![], challenge: vec![] };
+fn check_processing_generating_certificate_request(
+ vm: &mut ServiceVm,
+ maced_public_key: Vec<u8>,
+) -> Result<()> {
+ let params = GenerateCertificateRequestParams {
+ keys_to_sign: vec![maced_public_key],
+ challenge: vec![],
+ };
let request = Request::GenerateCertificateRequest(params);
let response = vm.process_request(request)?;
@@ -96,7 +102,7 @@
match response {
Response::GenerateCertificateRequest(_) => Ok(()),
- _ => bail!("Incorrect response type"),
+ _ => bail!("Incorrect response type: {response:?}"),
}
}