From 08696a75435a4eb5ea826bf92ecd2a59e9f07e7a Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Thu, 10 Mar 2022 10:43:25 +0000 Subject: [PATCH] Prevent test crashes if device sets invalid curve Test: VtsHalRemotelyProvisionedComponentTargetTest Change-Id: Ib623b3dcdd5a496b34314c1e0d1a310c8beeb18d --- .../VtsRemotelyProvisionedComponentTests.cpp | 10 +++++++--- security/keymint/support/remote_prov_utils.cpp | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp index 2e90e783c3..4341aa1449 100644 --- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp @@ -363,7 +363,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { void generateTestEekChain(size_t eekLength) { auto chain = generateEekChain(rpcHardwareInfo.supportedEekCurve, eekLength, eekId_); - EXPECT_TRUE(chain) << chain.message(); + ASSERT_TRUE(chain) << chain.message(); if (chain) testEekChain_ = chain.moveValue(); testEekLength_ = eekLength; } @@ -669,7 +669,9 @@ TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_prodMode) { TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_testMode) { bool testMode = true; generateKeys(testMode, 1 /* numKeys */); - MacedPublicKey keyWithCorruptMac = corrupt_maced_key(keysToSign_[0]).moveValue(); + auto result = corrupt_maced_key(keysToSign_[0]); + ASSERT_TRUE(result) << result.moveMessage(); + MacedPublicKey keyWithCorruptMac = result.moveValue(); bytevec keysToSignMac; DeviceInfo deviceInfo; @@ -688,7 +690,9 @@ TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_testMode) { TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_prodMode) { bool testMode = false; generateKeys(testMode, 1 /* numKeys */); - MacedPublicKey keyWithCorruptMac = corrupt_maced_key(keysToSign_[0]).moveValue(); + auto result = corrupt_maced_key(keysToSign_[0]); + ASSERT_TRUE(result) << result.moveMessage(); + MacedPublicKey keyWithCorruptMac = result.moveValue(); bytevec keysToSignMac; DeviceInfo deviceInfo; diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp index 0776282b27..5ff33db87e 100644 --- a/security/keymint/support/remote_prov_utils.cpp +++ b/security/keymint/support/remote_prov_utils.cpp @@ -225,7 +225,7 @@ ErrMsgOr generateEekChain(int32_t supportedEekCurve, size_t length, bytevec prev_priv_key; for (size_t i = 0; i < length - 1; ++i) { auto keyPair = generateKeyPair(supportedEekCurve, false); - if (!keyPair) keyPair.moveMessage(); + if (!keyPair) return keyPair.moveMessage(); auto [pub_key, priv_key] = keyPair.moveValue(); // The first signing key is self-signed. @@ -242,7 +242,7 @@ ErrMsgOr generateEekChain(int32_t supportedEekCurve, size_t length, prev_priv_key = priv_key; } auto keyPair = generateKeyPair(supportedEekCurve, true); - if (!keyPair) keyPair.moveMessage(); + if (!keyPair) return keyPair.moveMessage(); auto [pub_key, priv_key] = keyPair.moveValue(); auto coseKey = constructCoseKey(supportedEekCurve, eekId, pub_key);