mirror of
https://github.com/Evolution-X/hardware_interfaces
synced 2026-02-01 22:04:26 +00:00
authgraph: add parallel session VTS tests am: d42cb6fa69
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2786799 Change-Id: I6f6fad4898255b2bc8bfb16f3ffa44ff6104a9ef Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
David Drysdale
Automerger Merge Worker
@@ -166,6 +166,171 @@ TEST_P(AuthGraphSessionTest, Mainline) {
|
||||
// encoded as `sink_info.sharedKeys` and `source_info.sharedKeys`.
|
||||
}
|
||||
|
||||
TEST_P(AuthGraphSessionTest, ParallelSink) {
|
||||
std::shared_ptr<IAuthGraphKeyExchange> source = authNode_;
|
||||
std::shared_ptr<IAuthGraphKeyExchange> sink1 = authNode_;
|
||||
std::shared_ptr<IAuthGraphKeyExchange> sink2 = authNode_;
|
||||
|
||||
// Step 1: create ephemeral ECDH keys at the source.
|
||||
SessionInitiationInfo source_init1_info;
|
||||
ASSERT_EQ(OK, GetReturnError(source->create(&source_init1_info)));
|
||||
ASSERT_TRUE(source_init1_info.key.pubKey.has_value());
|
||||
ASSERT_TRUE(source_init1_info.key.arcFromPBK.has_value());
|
||||
SessionInitiationInfo source_init2_info;
|
||||
ASSERT_EQ(OK, GetReturnError(source->create(&source_init2_info)));
|
||||
ASSERT_TRUE(source_init2_info.key.pubKey.has_value());
|
||||
ASSERT_TRUE(source_init2_info.key.arcFromPBK.has_value());
|
||||
|
||||
// Step 2: pass the source's ECDH public keys and other session info to the sinks.
|
||||
KeInitResult init1_result;
|
||||
ASSERT_EQ(OK, GetReturnError(sink1->init(source_init1_info.key.pubKey.value(),
|
||||
source_init1_info.identity, source_init1_info.nonce,
|
||||
source_init1_info.version, &init1_result)));
|
||||
SessionInitiationInfo sink1_init_info = init1_result.sessionInitiationInfo;
|
||||
ASSERT_TRUE(sink1_init_info.key.pubKey.has_value());
|
||||
|
||||
SessionInfo sink1_info = init1_result.sessionInfo;
|
||||
ASSERT_EQ((int)sink1_info.sharedKeys.size(), 2) << "Expect two symmetric keys from init()";
|
||||
ASSERT_GT((int)sink1_info.sessionId.size(), 0) << "Expect non-empty session ID from sink";
|
||||
std::vector<uint8_t> sink1_signing_key = SigningKeyFromIdentity(sink1_init_info.identity);
|
||||
CheckSignature(sink1_signing_key, sink1_info.sessionId, sink1_info.signature);
|
||||
KeInitResult init2_result;
|
||||
ASSERT_EQ(OK, GetReturnError(sink2->init(source_init2_info.key.pubKey.value(),
|
||||
source_init2_info.identity, source_init2_info.nonce,
|
||||
source_init2_info.version, &init2_result)));
|
||||
SessionInitiationInfo sink2_init_info = init2_result.sessionInitiationInfo;
|
||||
ASSERT_TRUE(sink2_init_info.key.pubKey.has_value());
|
||||
|
||||
SessionInfo sink2_info = init2_result.sessionInfo;
|
||||
ASSERT_EQ((int)sink2_info.sharedKeys.size(), 2) << "Expect two symmetric keys from init()";
|
||||
ASSERT_GT((int)sink2_info.sessionId.size(), 0) << "Expect non-empty session ID from sink";
|
||||
std::vector<uint8_t> sink2_signing_key = SigningKeyFromIdentity(sink2_init_info.identity);
|
||||
CheckSignature(sink2_signing_key, sink2_info.sessionId, sink2_info.signature);
|
||||
|
||||
// Step 3: pass each sink's ECDH public key and other session info to the source, so it can
|
||||
// calculate the same pair of symmetric keys.
|
||||
SessionInfo source_info1;
|
||||
ASSERT_EQ(OK, GetReturnError(source->finish(sink1_init_info.key.pubKey.value(),
|
||||
sink1_init_info.identity, sink1_info.signature,
|
||||
sink1_init_info.nonce, sink1_init_info.version,
|
||||
source_init1_info.key, &source_info1)));
|
||||
ASSERT_EQ((int)source_info1.sharedKeys.size(), 2) << "Expect two symmetric keys from finsh()";
|
||||
ASSERT_GT((int)source_info1.sessionId.size(), 0) << "Expect non-empty session ID from source";
|
||||
std::vector<uint8_t> source_signing_key1 = SigningKeyFromIdentity(source_init1_info.identity);
|
||||
CheckSignature(source_signing_key1, source_info1.sessionId, source_info1.signature);
|
||||
SessionInfo source_info2;
|
||||
ASSERT_EQ(OK, GetReturnError(source->finish(sink2_init_info.key.pubKey.value(),
|
||||
sink2_init_info.identity, sink2_info.signature,
|
||||
sink2_init_info.nonce, sink2_init_info.version,
|
||||
source_init2_info.key, &source_info2)));
|
||||
ASSERT_EQ((int)source_info2.sharedKeys.size(), 2) << "Expect two symmetric keys from finsh()";
|
||||
ASSERT_GT((int)source_info2.sessionId.size(), 0) << "Expect non-empty session ID from source";
|
||||
std::vector<uint8_t> source_signing_key2 = SigningKeyFromIdentity(source_init2_info.identity);
|
||||
CheckSignature(source_signing_key2, source_info2.sessionId, source_info2.signature);
|
||||
|
||||
// Both ends should agree on the session ID.
|
||||
ASSERT_EQ(source_info1.sessionId, sink1_info.sessionId);
|
||||
ASSERT_EQ(source_info2.sessionId, sink2_info.sessionId);
|
||||
|
||||
// Step 4: pass the source's session ID info back to the sink, so it can check it and
|
||||
// update the symmetric keys so they're marked as authentication complete.
|
||||
std::array<Arc, 2> auth_complete_result1;
|
||||
ASSERT_EQ(OK, GetReturnError(sink1->authenticationComplete(
|
||||
source_info1.signature, sink1_info.sharedKeys, &auth_complete_result1)));
|
||||
ASSERT_EQ((int)auth_complete_result1.size(), 2)
|
||||
<< "Expect two symmetric keys from authComplete()";
|
||||
sink1_info.sharedKeys = auth_complete_result1;
|
||||
std::array<Arc, 2> auth_complete_result2;
|
||||
ASSERT_EQ(OK, GetReturnError(sink2->authenticationComplete(
|
||||
source_info2.signature, sink2_info.sharedKeys, &auth_complete_result2)));
|
||||
ASSERT_EQ((int)auth_complete_result2.size(), 2)
|
||||
<< "Expect two symmetric keys from authComplete()";
|
||||
sink2_info.sharedKeys = auth_complete_result2;
|
||||
}
|
||||
|
||||
TEST_P(AuthGraphSessionTest, ParallelSource) {
|
||||
std::shared_ptr<IAuthGraphKeyExchange> source1 = authNode_;
|
||||
std::shared_ptr<IAuthGraphKeyExchange> source2 = authNode_;
|
||||
std::shared_ptr<IAuthGraphKeyExchange> sink = authNode_;
|
||||
|
||||
// Step 1: create an ephemeral ECDH key at each of the sources.
|
||||
SessionInitiationInfo source1_init_info;
|
||||
ASSERT_EQ(OK, GetReturnError(source1->create(&source1_init_info)));
|
||||
ASSERT_TRUE(source1_init_info.key.pubKey.has_value());
|
||||
ASSERT_TRUE(source1_init_info.key.arcFromPBK.has_value());
|
||||
SessionInitiationInfo source2_init_info;
|
||||
ASSERT_EQ(OK, GetReturnError(source1->create(&source2_init_info)));
|
||||
ASSERT_TRUE(source2_init_info.key.pubKey.has_value());
|
||||
ASSERT_TRUE(source2_init_info.key.arcFromPBK.has_value());
|
||||
|
||||
// Step 2: pass each source's ECDH public key and other session info to the sink.
|
||||
KeInitResult init1_result;
|
||||
ASSERT_EQ(OK, GetReturnError(sink->init(source1_init_info.key.pubKey.value(),
|
||||
source1_init_info.identity, source1_init_info.nonce,
|
||||
source1_init_info.version, &init1_result)));
|
||||
SessionInitiationInfo sink_init1_info = init1_result.sessionInitiationInfo;
|
||||
ASSERT_TRUE(sink_init1_info.key.pubKey.has_value());
|
||||
|
||||
SessionInfo sink_info1 = init1_result.sessionInfo;
|
||||
ASSERT_EQ((int)sink_info1.sharedKeys.size(), 2) << "Expect two symmetric keys from init()";
|
||||
ASSERT_GT((int)sink_info1.sessionId.size(), 0) << "Expect non-empty session ID from sink";
|
||||
std::vector<uint8_t> sink_signing_key1 = SigningKeyFromIdentity(sink_init1_info.identity);
|
||||
CheckSignature(sink_signing_key1, sink_info1.sessionId, sink_info1.signature);
|
||||
|
||||
KeInitResult init2_result;
|
||||
ASSERT_EQ(OK, GetReturnError(sink->init(source2_init_info.key.pubKey.value(),
|
||||
source2_init_info.identity, source2_init_info.nonce,
|
||||
source2_init_info.version, &init2_result)));
|
||||
SessionInitiationInfo sink_init2_info = init2_result.sessionInitiationInfo;
|
||||
ASSERT_TRUE(sink_init2_info.key.pubKey.has_value());
|
||||
|
||||
SessionInfo sink_info2 = init2_result.sessionInfo;
|
||||
ASSERT_EQ((int)sink_info2.sharedKeys.size(), 2) << "Expect two symmetric keys from init()";
|
||||
ASSERT_GT((int)sink_info2.sessionId.size(), 0) << "Expect non-empty session ID from sink";
|
||||
std::vector<uint8_t> sink_signing_key2 = SigningKeyFromIdentity(sink_init2_info.identity);
|
||||
CheckSignature(sink_signing_key2, sink_info2.sessionId, sink_info2.signature);
|
||||
|
||||
// Step 3: pass the sink's ECDH public keys and other session info to the each of the sources.
|
||||
SessionInfo source1_info;
|
||||
ASSERT_EQ(OK, GetReturnError(source1->finish(sink_init1_info.key.pubKey.value(),
|
||||
sink_init1_info.identity, sink_info1.signature,
|
||||
sink_init1_info.nonce, sink_init1_info.version,
|
||||
source1_init_info.key, &source1_info)));
|
||||
ASSERT_EQ((int)source1_info.sharedKeys.size(), 2) << "Expect two symmetric keys from finsh()";
|
||||
ASSERT_GT((int)source1_info.sessionId.size(), 0) << "Expect non-empty session ID from source";
|
||||
std::vector<uint8_t> source1_signing_key = SigningKeyFromIdentity(source1_init_info.identity);
|
||||
CheckSignature(source1_signing_key, source1_info.sessionId, source1_info.signature);
|
||||
|
||||
SessionInfo source2_info;
|
||||
ASSERT_EQ(OK, GetReturnError(source2->finish(sink_init2_info.key.pubKey.value(),
|
||||
sink_init2_info.identity, sink_info2.signature,
|
||||
sink_init2_info.nonce, sink_init2_info.version,
|
||||
source2_init_info.key, &source2_info)));
|
||||
ASSERT_EQ((int)source2_info.sharedKeys.size(), 2) << "Expect two symmetric keys from finsh()";
|
||||
ASSERT_GT((int)source2_info.sessionId.size(), 0) << "Expect non-empty session ID from source";
|
||||
std::vector<uint8_t> source2_signing_key = SigningKeyFromIdentity(source2_init_info.identity);
|
||||
CheckSignature(source2_signing_key, source2_info.sessionId, source2_info.signature);
|
||||
|
||||
// Both ends should agree on the session ID.
|
||||
ASSERT_EQ(source1_info.sessionId, sink_info1.sessionId);
|
||||
ASSERT_EQ(source2_info.sessionId, sink_info2.sessionId);
|
||||
|
||||
// Step 4: pass the each source's session ID info back to the sink, so it can check it and
|
||||
// update the symmetric keys so they're marked as authentication complete.
|
||||
std::array<Arc, 2> auth_complete_result1;
|
||||
ASSERT_EQ(OK, GetReturnError(sink->authenticationComplete(
|
||||
source1_info.signature, sink_info1.sharedKeys, &auth_complete_result1)));
|
||||
ASSERT_EQ((int)auth_complete_result1.size(), 2)
|
||||
<< "Expect two symmetric keys from authComplete()";
|
||||
sink_info1.sharedKeys = auth_complete_result1;
|
||||
std::array<Arc, 2> auth_complete_result2;
|
||||
ASSERT_EQ(OK, GetReturnError(sink->authenticationComplete(
|
||||
source2_info.signature, sink_info2.sharedKeys, &auth_complete_result2)));
|
||||
ASSERT_EQ((int)auth_complete_result2.size(), 2)
|
||||
<< "Expect two symmetric keys from authComplete()";
|
||||
sink_info2.sharedKeys = auth_complete_result2;
|
||||
}
|
||||
|
||||
TEST_P(AuthGraphSessionTest, FreshNonces) {
|
||||
std::shared_ptr<IAuthGraphKeyExchange> source = authNode_;
|
||||
std::shared_ptr<IAuthGraphKeyExchange> sink = authNode_;
|
||||
|
||||
Reference in New Issue
Block a user