diff options
| author | Firas Sammoura <fsammoura@google.com> | 2022-08-29 16:18:48 +0000 |
|---|---|---|
| committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-08-30 15:24:31 +0000 |
| commit | 56d8b360f98a08f947af6ff9c4f635fa70dbf48a (patch) | |
| tree | 6d2be8f310aabd8989256eb6d1549fbd220746a2 | |
| parent | 3a3d6c36902f1570887b2322075e64a682ebe296 (diff) | |
| download | chrome-ec-56d8b360f98a08f947af6ff9c4f635fa70dbf48a.tar.gz | |
test: Add test for get ikm failure when seed not set
Add a test for get_ikm when the fp tpm seed is not set. Change the
declaration of get_ikm function inside fpsensor_crypto.c to
test_export_static such that it can be visible in the test library.
Declare get_ikm as an extern function inside the test/fpsensor_crypto.c
file.
BRANCH=None
BUG=b:242720240
TEST=make run-fpsensor_crypto
TEST=make runhosttests
Signed-off-by: Firas Sammoura <fsammoura@google.com>
Change-Id: Ibd4993bbeb6e8d166b3d0307fd1b3c90c55cc264
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3862148
Reviewed-by: Bobby Casey <bobbycasey@google.com>
| -rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 2 | ||||
| -rw-r--r-- | test/fpsensor_crypto.c | 13 |
2 files changed, 13 insertions, 2 deletions
diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 8279e0d3d3..d8f2f1daa6 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -17,7 +17,7 @@ #error "fpsensor requires AES, AES_GCM and ROLLBACK_SECRET_SIZE" #endif -static int get_ikm(uint8_t *ikm) +test_export_static int get_ikm(uint8_t *ikm) { int ret; diff --git a/test/fpsensor_crypto.c b/test/fpsensor_crypto.c index a71d66a5d7..1db58ed61c 100644 --- a/test/fpsensor_crypto.c +++ b/test/fpsensor_crypto.c @@ -17,6 +17,8 @@ #include "test_util.h" #include "util.h" +extern int get_ikm(uint8_t *ikm); + static const uint8_t fake_positive_match_salt[] = { 0x04, 0x1f, 0x5a, 0xac, 0x5f, 0x79, 0x10, 0xaf, 0x04, 0x1d, 0x46, 0x3a, 0x5f, 0x08, 0xee, 0xcb, @@ -99,6 +101,15 @@ static const uint8_t expected_positive_match_secret_for_fake_user_id[] = { 0x5f, 0x4d, 0x54, 0xeb, 0x7b, 0xad, 0x5d, 0x1b, 0xbe, 0x30, }; +test_static int test_get_ikm_failure_seed_not_set(void) +{ + uint8_t ikm; + + TEST_ASSERT(fp_tpm_seed_is_set() == 0); + TEST_ASSERT(get_ikm(&ikm) == EC_ERROR_ACCESS_DENIED); + return EC_SUCCESS; +} + static int test_hkdf_expand_raw(const uint8_t *prk, size_t prk_size, const uint8_t *info, size_t info_size, const uint8_t *expected_okm, size_t okm_size) @@ -689,7 +700,7 @@ void run_test(int argc, char **argv) RUN_TEST(test_hkdf_expand); RUN_TEST(test_derive_encryption_key_failure_seed_not_set); RUN_TEST(test_derive_positive_match_secret_fail_seed_not_set); - + RUN_TEST(test_get_ikm_failure_seed_not_set); /* * Set the TPM seed here because it can only be set once and cannot be * cleared. |