diff options
author | Firas Sammoura <fsammoura@google.com> | 2022-08-29 19:36:26 +0000 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-08-30 15:24:41 +0000 |
commit | 5513feaaba485c716c2d5e182c2d433af3636ee4 (patch) | |
tree | ea73eff4b228d82d19bcbd68790c0b955d02dff4 | |
parent | 49b6b7f2c9b0327bb028e2529ce6b5f8b76e29eb (diff) | |
download | chrome-ec-5513feaaba485c716c2d5e182c2d433af3636ee4.tar.gz |
test: Add test for get_ikm succeed
Add test for get_ikm succeeds when the tmp seed is set and the rollback
can successfully get the secret.
BRANCH=None
BUG=b:242720240
TEST=make run-fpsensor_crypto
TEST=make runhosttests
Signed-off-by: Firas Sammoura <fsammoura@google.com>
Change-Id: I14d0887aa2ecafe4565141a89ad5fb43317cc1a7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3863124
Reviewed-by: Bobby Casey <bobbycasey@google.com>
-rw-r--r-- | test/fpsensor_crypto.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/test/fpsensor_crypto.c b/test/fpsensor_crypto.c index 596a367e1e..81bb9428d1 100644 --- a/test/fpsensor_crypto.c +++ b/test/fpsensor_crypto.c @@ -132,6 +132,38 @@ test_static int test_get_ikm_failure_cannot_get_rollback_secret(void) return EC_SUCCESS; } +test_static int test_get_ikm_success(void) +{ + /* + * Expected ikm is the concatenation of the rollback secret and the + * seed from the TPM. + */ + uint8_t ikm[CONFIG_ROLLBACK_SECRET_SIZE + FP_CONTEXT_TPM_BYTES]; + static const uint8_t expected_ikm[] = { + 0xcf, 0xe3, 0x23, 0x76, 0x35, 0x04, 0xc2, 0x0f, 0x0d, 0xb6, + 0x02, 0xa9, 0x68, 0xba, 0x2a, 0x61, 0x86, 0x2a, 0x85, 0xd1, + 0xca, 0x09, 0x54, 0x8a, 0x6b, 0xe2, 0xe3, 0x38, 0xde, 0x5d, + 0x59, 0x14, 0xd9, 0x71, 0xaf, 0xc4, 0xcd, 0x36, 0xe3, 0x60, + 0xf8, 0x5a, 0xa0, 0xa6, 0x2c, 0xb3, 0xf5, 0xe2, 0xeb, 0xb9, + 0xd8, 0x2f, 0xb5, 0x78, 0x5c, 0x79, 0x82, 0xce, 0x06, 0x3f, + 0xcc, 0x23, 0xb9, 0xe7 + }; + + /* GIVEN that the TPM seed has been set. */ + TEST_ASSERT(fp_tpm_seed_is_set()); + + /* GIVEN that reading the rollback secret will succeed. */ + mock_ctrl_rollback.get_secret_fail = false; + + /* THEN get_ikm will succeed. */ + TEST_ASSERT(get_ikm(ikm) == EC_SUCCESS); + TEST_ASSERT_ARRAY_EQ(ikm, expected_ikm, + CONFIG_ROLLBACK_SECRET_SIZE + + FP_CONTEXT_TPM_BYTES); + + return EC_SUCCESS; +} + static int test_hkdf_expand_raw(const uint8_t *prk, size_t prk_size, const uint8_t *info, size_t info_size, const uint8_t *expected_okm, size_t okm_size) @@ -732,6 +764,7 @@ void run_test(int argc, char **argv) /* The following test requires TPM seed to be already set. */ RUN_TEST(test_get_ikm_failure_cannot_get_rollback_secret); + RUN_TEST(test_get_ikm_success); RUN_TEST(test_derive_encryption_key); RUN_TEST(test_derive_encryption_key_failure_rollback_fail); RUN_TEST(test_derive_new_pos_match_secret); |