Merge "Add checks for different size of challenge" am: a95f69da2e

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2495456

Change-Id: I8f7754a2d655c2d806808acc68dd1073ddb91cba
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

security/keymint/support/remote_prov_utils.cpp

@@ -855,8 +855,8 @@ ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequestSignedPayload(
         return "Challenge must be a Bstr.";
     }
 
-    if (challenge.size() < 16 || challenge.size() > 64) {
+    if (challenge.size() > 64) {
-        return "Challenge size must be between 16 and 64 bytes inclusive. "
+        return "Challenge size must be between 0 and 64 bytes inclusive. "
                "However, challenge is " +
                std::to_string(challenge.size()) + " bytes long.";
     }

security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

@@ -315,7 +315,7 @@ interface IRemotelyProvisionedComponent {
      *
      * @param in challenge contains a byte string from the provisioning server which will be
      *        included in the signed data of the CSR structure. Different provisioned backends may
-     *        use different semantic data for this field, but the supported sizes must be between 16
+     *        use different semantic data for this field, but the supported sizes must be between 0
      *        and 64 bytes, inclusive.
      *
      * @return the following CBOR Certificate Signing Request (Csr) serialized into a byte array:
@@ -344,7 +344,7 @@ interface IRemotelyProvisionedComponent {
      *     UdsCerts,
      *     DiceCertChain,
      *     SignedData<[
-     *         challenge: bstr .size (16..64), ; Provided by the method parameters
+     *         challenge: bstr .size (0..64), ; Provided by the method parameters
      *         bstr .cbor T,
      *     ]>,
      * ]

security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

@@ -49,6 +49,9 @@ namespace {
 constexpr int32_t VERSION_WITH_UNIQUE_ID_SUPPORT = 2;
 constexpr int32_t VERSION_WITHOUT_TEST_MODE = 3;
 
+constexpr uint8_t MIN_CHALLENGE_SIZE = 0;
+constexpr uint8_t MAX_CHALLENGE_SIZE = 64;
+
 #define INSTANTIATE_REM_PROV_AIDL_TEST(name)                                         \
     GTEST_ALLOW_UNINSTANTIATED_PARAMETERIZED_TEST(name);                             \
     INSTANTIATE_TEST_SUITE_P(                                                        \
@@ -693,32 +696,54 @@ class CertificateRequestV2Test : public CertificateRequestTestBase {
 };
 
 /**
- * Generate an empty certificate request, and decrypt and verify the structure and content.
+ * Generate an empty certificate request with all possible length of challenge, and decrypt and
+ * verify the structure and content.
  */
 TEST_P(CertificateRequestV2Test, EmptyRequest) {
     bytevec csr;
 
-    auto status =
+    for (auto size = MIN_CHALLENGE_SIZE; size <= MAX_CHALLENGE_SIZE; size++) {
-            provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge_, &csr);
+        SCOPED_TRACE(testing::Message() << "challenge[" << size << "]");
-    ASSERT_TRUE(status.isOk()) << status.getMessage();
+        auto challenge = randomBytes(size);
+        auto status =
+                provisionable_->generateCertificateRequestV2({} /* keysToSign */, challenge, &csr);
+        ASSERT_TRUE(status.isOk()) << status.getMessage();
 
-    auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge_);
+        auto result = verifyProductionCsr(cppbor::Array(), csr, provisionable_.get(), challenge);
-    ASSERT_TRUE(result) << result.message();
+        ASSERT_TRUE(result) << result.message();
+    }
 }
 
 /**
- * Generate a non-empty certificate request.  Decrypt, parse and validate the contents.
+ * Generate a non-empty certificate request with all possible length of challenge.  Decrypt, parse
+ * and validate the contents.
  */
 TEST_P(CertificateRequestV2Test, NonEmptyRequest) {
     generateKeys(false /* testMode */, 1 /* numKeys */);
 
     bytevec csr;
 
-    auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge_, &csr);
+    for (auto size = MIN_CHALLENGE_SIZE; size <= MAX_CHALLENGE_SIZE; size++) {
-    ASSERT_TRUE(status.isOk()) << status.getMessage();
+        SCOPED_TRACE(testing::Message() << "challenge[" << size << "]");
+        auto challenge = randomBytes(size);
+        auto status = provisionable_->generateCertificateRequestV2(keysToSign_, challenge, &csr);
+        ASSERT_TRUE(status.isOk()) << status.getMessage();
 
-    auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge_);
+        auto result = verifyProductionCsr(cborKeysToSign_, csr, provisionable_.get(), challenge);
-    ASSERT_TRUE(result) << result.message();
+        ASSERT_TRUE(result) << result.message();
+    }
+}
+
+/**
+ * Generate an empty certificate request with invalid size of challenge
+ */
+TEST_P(CertificateRequestV2Test, EmptyRequestWithInvalidChallengeFail) {
+    bytevec csr;
+
+    auto status = provisionable_->generateCertificateRequestV2(
+            /* keysToSign */ {}, randomBytes(MAX_CHALLENGE_SIZE + 1), &csr);
+    EXPECT_FALSE(status.isOk()) << status.getMessage();
+    EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_FAILED);
 }
 
 /**