From 49b6b7f2c9b0327bb028e2529ce6b5f8b76e29eb Mon Sep 17 00:00:00 2001 From: Firas Sammoura Date: Mon, 29 Aug 2022 18:24:15 +0000 Subject: test: Add test for get ikm failure with when secret fail Add a test for get_ikm when the tmp seed is set and the rollback_get_secret is failing. BRANCH=None BUG=b:242720240 TEST=make run-fpsensor_crypto TEST=make runhosttests Signed-off-by: Firas Sammoura Change-Id: Ida1f40943eb5fa7795a658a1c8a318036f164d11 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3861202 Reviewed-by: Bobby Casey --- test/fpsensor_crypto.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/test/fpsensor_crypto.c b/test/fpsensor_crypto.c index 1db58ed61c..596a367e1e 100644 --- a/test/fpsensor_crypto.c +++ b/test/fpsensor_crypto.c @@ -110,6 +110,28 @@ test_static int test_get_ikm_failure_seed_not_set(void) return EC_SUCCESS; } +test_static int test_get_ikm_failure_cannot_get_rollback_secret(void) +{ + uint8_t ikm[CONFIG_ROLLBACK_SECRET_SIZE + FP_CONTEXT_TPM_BYTES]; + + /* Given that the tmp seed has been set. */ + TEST_ASSERT(fp_tpm_seed_is_set()); + + /* GIVEN that reading the rollback secret will fail. */ + mock_ctrl_rollback.get_secret_fail = true; + + /* THEN get_ikm should fail. */ + TEST_ASSERT(get_ikm(ikm) == EC_ERROR_HW_INTERNAL); + + /* + * Enable get_rollback_secret to succeed before returning from this + * test function. + */ + mock_ctrl_rollback.get_secret_fail = false; + + return EC_SUCCESS; +} + static int test_hkdf_expand_raw(const uint8_t *prk, size_t prk_size, const uint8_t *info, size_t info_size, const uint8_t *expected_okm, size_t okm_size) @@ -709,6 +731,7 @@ void run_test(int argc, char **argv) EC_SUCCESS); /* The following test requires TPM seed to be already set. */ + RUN_TEST(test_get_ikm_failure_cannot_get_rollback_secret); RUN_TEST(test_derive_encryption_key); RUN_TEST(test_derive_encryption_key_failure_rollback_fail); RUN_TEST(test_derive_new_pos_match_secret); -- cgit v1.2.1