From 7e3c282944c7fea0276a42aff89448dc6115eec6 Mon Sep 17 00:00:00 2001 From: Fred Gylys-Colwell Date: Fri, 8 Jan 2021 14:50:52 -0800 Subject: [PATCH] Disable dangerous test The test OEMCryptoMemoryInstallKeyboxForHugeKeyboxBuffer is dangerous because it attempts to pass garbage data to InstallKeybox. On a production device this might erase the keybox. --- oemcrypto/test/oemcrypto_test.cpp | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/oemcrypto/test/oemcrypto_test.cpp b/oemcrypto/test/oemcrypto_test.cpp index dc7e1ac..8ad6e47 100644 --- a/oemcrypto/test/oemcrypto_test.cpp +++ b/oemcrypto/test/oemcrypto_test.cpp @@ -752,7 +752,12 @@ class OEMCryptoKeyboxTest : public OEMCryptoClientTest { } }; -// Test that OEMCrypto_InstallKeyboxOrOEMCert doesn't crash for large keybox. +/******** Dangerous Tests - DO NOT RUN ***********/ +/*The following tests try to test InstallKeybox API with random buffers of +varying length in order to catch any overflow issues. These tests override the +actual keybox on the device. Remove the if and endif statement to run these +tests on a device ONLY IF YOU ARE ABLE TO RECOVER THE KEYBOX on the device.*/ +#if 0 TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryInstallKeyboxForHugeKeyboxBuffer) { auto f = [](size_t keybox_length) { vector keybox(keybox_length); @@ -765,6 +770,18 @@ TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryInstallKeyboxForHugeKeyboxBuffer) { kCheckStatus); } +TEST_F(OEMCryptoKeyboxTest, + OEMCryptoMemoryInstallKeyboxForHugeKeyboxBufferStartingFromLength1) { + auto f = [](size_t keybox_length) { + vector keybox(keybox_length); + return OEMCrypto_InstallKeyboxOrOEMCert(keybox.data(), keybox.size()); + }; + // We are testing for keybox lengths starting from 1 which would return error, + // hence skipping status check. + TestHugeLengthDoesNotCrashAPI(f, !kCheckStatus); +} +#endif + // This test verifies that load test key box doesn't crash for large // buffer length. TEST_F(OEMCryptoKeyboxTest, OEMCryptoMemoryLoadTestKeyBoxForHugeKeyboxBuffer) {