Source release 19.4.0

oemcrypto/test/oemcrypto_provisioning_test.cpp

@@ -5,6 +5,10 @@
 
 #include "oemcrypto_provisioning_test.h"
 
+#include <stdint.h>
+
+#include <string>
+
 #include "bcc_validator.h"
 #include "device_info_validator.h"
 #include "log.h"
@@ -15,6 +19,9 @@
 
 namespace wvoec {
 
+/// @addtogroup provision
+/// @{
+
 // This test is used to print the device ID to stdout.
 TEST_F(OEMCryptoKeyboxTest, NormalGetDeviceId) {
   OEMCryptoResult sts;
@@ -24,6 +31,7 @@ TEST_F(OEMCryptoKeyboxTest, NormalGetDeviceId) {
   ASSERT_EQ(OEMCrypto_SUCCESS, sts);
   cout << "             NormalGetDeviceId: dev_id = "
        << MaybeHex(dev_id, dev_id_len) << " len = " << dev_id_len << endl;
+  RecordWvProperty("device_id", wvutil::HexEncode(dev_id, dev_id_len));
 }
 
 TEST_F(OEMCryptoKeyboxTest, GetDeviceIdShortBuffer) {
@@ -53,8 +61,12 @@ TEST_F(OEMCryptoKeyboxTest, NormalGetKeyData) {
   sts = OEMCrypto_GetKeyData(key_data, &key_data_len);
 
   uint32_t* data = reinterpret_cast<uint32_t*>(key_data);
+  const uint32_t system_id = htonl(data[1]);
+  const uint32_t version = htonl(data[0]);
   printf("             NormalGetKeyData: system_id = %u = 0x%04X, version=%u\n",
-         htonl(data[1]), htonl(data[1]), htonl(data[0]));
+         system_id, system_id, version);
+  RecordWvProperty("system_id", std::to_string(system_id));
+  RecordWvProperty("key_data_version", std::to_string(version));
   ASSERT_EQ(OEMCrypto_SUCCESS, sts);
 }
 
@@ -91,6 +103,8 @@ TEST_F(OEMCryptoProv30Test, GetDeviceId) {
   dev_id.resize(dev_id_len);
   cout << "             NormalGetDeviceId: dev_id = " << MaybeHex(dev_id)
        << " len = " << dev_id_len << endl;
+  RecordWvProperty("device_id",
+                   wvutil::HexEncode(dev_id.data(), dev_id.size()));
 }
 
 // The OEM certificate must be valid.
@@ -241,6 +255,35 @@ TEST_F(OEMCryptoProv40Test, GetBootCertificateChainSuccess) {
   EXPECT_EQ(util::CborMessageStatus::kCborValidateOk, validator.Validate());
 }
 
+// Verifies BCC signature and its type if they are available.
+TEST_F(OEMCryptoProv40Test, AdditionalBccSignature) {
+  std::vector<uint8_t> bcc;
+  size_t bcc_size = 0;
+  std::vector<uint8_t> additional_signature;
+  size_t additional_signature_size = 0;
+  ASSERT_EQ(OEMCrypto_GetBootCertificateChain(bcc.data(), &bcc_size,
+                                              additional_signature.data(),
+                                              &additional_signature_size),
+            OEMCrypto_ERROR_SHORT_BUFFER);
+
+  bcc.resize(bcc_size);
+  additional_signature.resize(additional_signature_size);
+  ASSERT_EQ(OEMCrypto_GetBootCertificateChain(bcc.data(), &bcc_size,
+                                              additional_signature.data(),
+                                              &additional_signature_size),
+            OEMCrypto_SUCCESS);
+  OEMCrypto_BCCSignatureType bcc_signature_type;
+  const OEMCryptoResult result =
+      OEMCrypto_GetBCCSignatureType(&bcc_signature_type);
+  if (result == OEMCrypto_ERROR_NOT_IMPLEMENTED) return;
+  ASSERT_EQ(result, OEMCrypto_SUCCESS);
+  if (!additional_signature.empty()) {
+    ASSERT_NE(bcc_signature_type, OEMCrypto_BCCSigType_Unknown);
+  } else {
+    ASSERT_EQ(bcc_signature_type, OEMCrypto_BCCSigType_Unknown);
+  }
+}
+
 // Verifies that short buffer error returns when the buffer is short.
 TEST_F(OEMCryptoProv40Test, GenerateCertificateKeyPairShortBuffer) {
   Session s;
@@ -546,13 +589,13 @@ TEST_F(OEMCryptoProv40Test, InstallOemPrivateKeyCanBeUsed) {
   wrapped_private_key2.resize(wrapped_private_key_size2);
 
   // Verify public_key_signature2 with public_key1.
-  if (key_type2 == OEMCrypto_PrivateKeyType::OEMCrypto_RSA_Private_Key) {
+  if (key_type1 == OEMCrypto_PrivateKeyType::OEMCrypto_RSA_Private_Key) {
     ASSERT_NO_FATAL_FAILURE(s.SetRsaPublicKeyFromSubjectPublicKey(
         public_key1.data(), public_key1.size()));
     ASSERT_NO_FATAL_FAILURE(
         s.VerifyRsaSignature(public_key2, public_key_signature2.data(),
                              public_key_signature2.size(), kSign_RSASSA_PSS));
-  } else if (key_type2 == OEMCrypto_PrivateKeyType::OEMCrypto_ECC_Private_Key) {
+  } else if (key_type1 == OEMCrypto_PrivateKeyType::OEMCrypto_ECC_Private_Key) {
     ASSERT_NO_FATAL_FAILURE(s.SetEccPublicKeyFromSubjectPublicKey(
         public_key1.data(), public_key1.size()));
     ASSERT_NO_FATAL_FAILURE(s.VerifyEccSignature(public_key2,
@@ -620,6 +663,8 @@ TEST_F(OEMCryptoProv40Test, GetDeviceId) {
   dev_id.resize(dev_id_len);
   cout << "             NormalGetDeviceId: dev_id = " << MaybeHex(dev_id)
        << " len = " << dev_id_len << endl;
+  RecordWvProperty("device_id",
+                   wvutil::HexEncode(dev_id.data(), dev_id.size()));
   // Device id should be stable. Query again.
   std::vector<uint8_t> dev_id2(dev_id_len);
   sts = OEMCrypto_GetDeviceID(dev_id2.data(), &dev_id_len);
@@ -1282,4 +1327,5 @@ TEST_F(OEMCryptoLoadsCertificate, SupportsCertificatesAPI13) {
       << "Supported certificates is only " << OEMCrypto_SupportedCertificates();
 }
 
+/// @}
 }  // namespace wvoec