From 56d8b360f98a08f947af6ff9c4f635fa70dbf48a Mon Sep 17 00:00:00 2001 From: Firas Sammoura Date: Mon, 29 Aug 2022 16:18:48 +0000 Subject: test: Add test for get ikm failure when seed not set Add a test for get_ikm when the fp tpm seed is not set. Change the declaration of get_ikm function inside fpsensor_crypto.c to test_export_static such that it can be visible in the test library. Declare get_ikm as an extern function inside the test/fpsensor_crypto.c file. BRANCH=None BUG=b:242720240 TEST=make run-fpsensor_crypto TEST=make runhosttests Signed-off-by: Firas Sammoura Change-Id: Ibd4993bbeb6e8d166b3d0307fd1b3c90c55cc264 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3862148 Reviewed-by: Bobby Casey --- common/fpsensor/fpsensor_crypto.c | 2 +- test/fpsensor_crypto.c | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 8279e0d3d3..d8f2f1daa6 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -17,7 +17,7 @@ #error "fpsensor requires AES, AES_GCM and ROLLBACK_SECRET_SIZE" #endif -static int get_ikm(uint8_t *ikm) +test_export_static int get_ikm(uint8_t *ikm) { int ret; diff --git a/test/fpsensor_crypto.c b/test/fpsensor_crypto.c index a71d66a5d7..1db58ed61c 100644 --- a/test/fpsensor_crypto.c +++ b/test/fpsensor_crypto.c @@ -17,6 +17,8 @@ #include "test_util.h" #include "util.h" +extern int get_ikm(uint8_t *ikm); + static const uint8_t fake_positive_match_salt[] = { 0x04, 0x1f, 0x5a, 0xac, 0x5f, 0x79, 0x10, 0xaf, 0x04, 0x1d, 0x46, 0x3a, 0x5f, 0x08, 0xee, 0xcb, @@ -99,6 +101,15 @@ static const uint8_t expected_positive_match_secret_for_fake_user_id[] = { 0x5f, 0x4d, 0x54, 0xeb, 0x7b, 0xad, 0x5d, 0x1b, 0xbe, 0x30, }; +test_static int test_get_ikm_failure_seed_not_set(void) +{ + uint8_t ikm; + + TEST_ASSERT(fp_tpm_seed_is_set() == 0); + TEST_ASSERT(get_ikm(&ikm) == EC_ERROR_ACCESS_DENIED); + return EC_SUCCESS; +} + static int test_hkdf_expand_raw(const uint8_t *prk, size_t prk_size, const uint8_t *info, size_t info_size, const uint8_t *expected_okm, size_t okm_size) @@ -689,7 +700,7 @@ void run_test(int argc, char **argv) RUN_TEST(test_hkdf_expand); RUN_TEST(test_derive_encryption_key_failure_seed_not_set); RUN_TEST(test_derive_positive_match_secret_fail_seed_not_set); - + RUN_TEST(test_get_ikm_failure_seed_not_set); /* * Set the TPM seed here because it can only be set once and cannot be * cleared. -- cgit v1.2.1