xref: /aosp_15_r20/system/authgraph/boringssl/src/tests.rs (revision 4185b0660fbe514985fdcf75410317caad8afad1) 
1*4185b066SAndroid Build Coastguard Worker // Copyright 2023 Google LLC
2*4185b066SAndroid Build Coastguard Worker //
3*4185b066SAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License");
4*4185b066SAndroid Build Coastguard Worker // you may not use this file except in compliance with the License.
5*4185b066SAndroid Build Coastguard Worker // You may obtain a copy of the License at
6*4185b066SAndroid Build Coastguard Worker //
7*4185b066SAndroid Build Coastguard Worker //      http://www.apache.org/licenses/LICENSE-2.0
8*4185b066SAndroid Build Coastguard Worker //
9*4185b066SAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software
10*4185b066SAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS,
11*4185b066SAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*4185b066SAndroid Build Coastguard Worker // See the License for the specific language governing permissions and
13*4185b066SAndroid Build Coastguard Worker // limitations under the License.
14*4185b066SAndroid Build Coastguard Worker //
15*4185b066SAndroid Build Coastguard Worker ////////////////////////////////////////////////////////////////////////////////
16*4185b066SAndroid Build Coastguard Worker 
17*4185b066SAndroid Build Coastguard Worker //! Tests for BoringSSL-based implementations of AuthGraph traits.
18*4185b066SAndroid Build Coastguard Worker use alloc::rc::Rc;
19*4185b066SAndroid Build Coastguard Worker use authgraph_core::{
20*4185b066SAndroid Build Coastguard Worker     key::{
21*4185b066SAndroid Build Coastguard Worker         CertChain, EcSignKey, EcVerifyKey, Identity, EXPLICIT_KEY_DICE_CERT_CHAIN_VERSION,
22*4185b066SAndroid Build Coastguard Worker         IDENTITY_VERSION,
23*4185b066SAndroid Build Coastguard Worker     },
24*4185b066SAndroid Build Coastguard Worker     keyexchange,
25*4185b066SAndroid Build Coastguard Worker };
26*4185b066SAndroid Build Coastguard Worker use authgraph_core_test as ag_test;
27*4185b066SAndroid Build Coastguard Worker use core::cell::RefCell;
28*4185b066SAndroid Build Coastguard Worker use coset::{cbor::value::Value, iana, CborOrdering, CborSerializable, Label};
29*4185b066SAndroid Build Coastguard Worker 
30*4185b066SAndroid Build Coastguard Worker #[test]
test_rng()31*4185b066SAndroid Build Coastguard Worker fn test_rng() {
32*4185b066SAndroid Build Coastguard Worker     let mut rng = crate::BoringRng;
33*4185b066SAndroid Build Coastguard Worker     ag_test::test_rng(&mut rng);
34*4185b066SAndroid Build Coastguard Worker }
35*4185b066SAndroid Build Coastguard Worker 
36*4185b066SAndroid Build Coastguard Worker #[test]
test_sha256()37*4185b066SAndroid Build Coastguard Worker fn test_sha256() {
38*4185b066SAndroid Build Coastguard Worker     ag_test::test_sha256(&crate::BoringSha256);
39*4185b066SAndroid Build Coastguard Worker }
40*4185b066SAndroid Build Coastguard Worker 
41*4185b066SAndroid Build Coastguard Worker #[test]
test_hmac()42*4185b066SAndroid Build Coastguard Worker fn test_hmac() {
43*4185b066SAndroid Build Coastguard Worker     ag_test::test_hmac(&crate::BoringHmac);
44*4185b066SAndroid Build Coastguard Worker }
45*4185b066SAndroid Build Coastguard Worker 
46*4185b066SAndroid Build Coastguard Worker #[test]
test_hkdf()47*4185b066SAndroid Build Coastguard Worker fn test_hkdf() {
48*4185b066SAndroid Build Coastguard Worker     ag_test::test_hkdf(&crate::BoringHkdf);
49*4185b066SAndroid Build Coastguard Worker }
50*4185b066SAndroid Build Coastguard Worker 
51*4185b066SAndroid Build Coastguard Worker #[test]
test_aes_gcm_keygen()52*4185b066SAndroid Build Coastguard Worker fn test_aes_gcm_keygen() {
53*4185b066SAndroid Build Coastguard Worker     ag_test::test_aes_gcm_keygen(&crate::BoringAes, &mut crate::BoringRng);
54*4185b066SAndroid Build Coastguard Worker }
55*4185b066SAndroid Build Coastguard Worker 
56*4185b066SAndroid Build Coastguard Worker #[test]
test_aes_gcm_roundtrip()57*4185b066SAndroid Build Coastguard Worker fn test_aes_gcm_roundtrip() {
58*4185b066SAndroid Build Coastguard Worker     ag_test::test_aes_gcm_roundtrip(&crate::BoringAes, &mut crate::BoringRng);
59*4185b066SAndroid Build Coastguard Worker }
60*4185b066SAndroid Build Coastguard Worker 
61*4185b066SAndroid Build Coastguard Worker #[test]
test_aes_gcm()62*4185b066SAndroid Build Coastguard Worker fn test_aes_gcm() {
63*4185b066SAndroid Build Coastguard Worker     ag_test::test_aes_gcm(&crate::BoringAes);
64*4185b066SAndroid Build Coastguard Worker }
65*4185b066SAndroid Build Coastguard Worker 
66*4185b066SAndroid Build Coastguard Worker #[test]
test_ecdh()67*4185b066SAndroid Build Coastguard Worker fn test_ecdh() {
68*4185b066SAndroid Build Coastguard Worker     ag_test::test_ecdh(&crate::BoringEcDh);
69*4185b066SAndroid Build Coastguard Worker }
70*4185b066SAndroid Build Coastguard Worker 
71*4185b066SAndroid Build Coastguard Worker #[test]
test_ecdsa()72*4185b066SAndroid Build Coastguard Worker fn test_ecdsa() {
73*4185b066SAndroid Build Coastguard Worker     ag_test::test_ecdsa(&crate::BoringEcDsa);
74*4185b066SAndroid Build Coastguard Worker }
75*4185b066SAndroid Build Coastguard Worker 
76*4185b066SAndroid Build Coastguard Worker #[test]
test_ed25519_round_trip()77*4185b066SAndroid Build Coastguard Worker fn test_ed25519_round_trip() {
78*4185b066SAndroid Build Coastguard Worker     ag_test::test_ed25519_round_trip(&crate::BoringEcDsa);
79*4185b066SAndroid Build Coastguard Worker }
80*4185b066SAndroid Build Coastguard Worker 
81*4185b066SAndroid Build Coastguard Worker #[test]
test_p256_round_trip()82*4185b066SAndroid Build Coastguard Worker fn test_p256_round_trip() {
83*4185b066SAndroid Build Coastguard Worker     ag_test::test_p256_round_trip(&crate::BoringEcDsa);
84*4185b066SAndroid Build Coastguard Worker }
85*4185b066SAndroid Build Coastguard Worker 
86*4185b066SAndroid Build Coastguard Worker #[test]
test_p384_round_trip()87*4185b066SAndroid Build Coastguard Worker fn test_p384_round_trip() {
88*4185b066SAndroid Build Coastguard Worker     ag_test::test_p384_round_trip(&crate::BoringEcDsa);
89*4185b066SAndroid Build Coastguard Worker }
90*4185b066SAndroid Build Coastguard Worker 
91*4185b066SAndroid Build Coastguard Worker #[test]
test_key_exchange_protocol()92*4185b066SAndroid Build Coastguard Worker fn test_key_exchange_protocol() {
93*4185b066SAndroid Build Coastguard Worker     let mut source = keyexchange::AuthGraphParticipant::new(
94*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
95*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(crate::test_device::AgDevice::default())),
96*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
97*4185b066SAndroid Build Coastguard Worker     )
98*4185b066SAndroid Build Coastguard Worker     .unwrap();
99*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_create(&mut source);
100*4185b066SAndroid Build Coastguard Worker     let mut sink = keyexchange::AuthGraphParticipant::new(
101*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
102*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(crate::test_device::AgDevice::default())),
103*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
104*4185b066SAndroid Build Coastguard Worker     )
105*4185b066SAndroid Build Coastguard Worker     .unwrap();
106*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_init(&mut source, &mut sink);
107*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_finish(&mut source, &mut sink);
108*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_auth_complete(&mut source, &mut sink);
109*4185b066SAndroid Build Coastguard Worker }
110*4185b066SAndroid Build Coastguard Worker 
111*4185b066SAndroid Build Coastguard Worker #[test]
test_ke_with_newer_source()112*4185b066SAndroid Build Coastguard Worker fn test_ke_with_newer_source() {
113*4185b066SAndroid Build Coastguard Worker     let source_device = crate::test_device::AgDevice::default();
114*4185b066SAndroid Build Coastguard Worker     source_device.set_version(2);
115*4185b066SAndroid Build Coastguard Worker 
116*4185b066SAndroid Build Coastguard Worker     let sink_device = crate::test_device::AgDevice::default();
117*4185b066SAndroid Build Coastguard Worker     sink_device.set_version(1);
118*4185b066SAndroid Build Coastguard Worker 
119*4185b066SAndroid Build Coastguard Worker     let mut source = keyexchange::AuthGraphParticipant::new(
120*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
121*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(source_device)),
122*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
123*4185b066SAndroid Build Coastguard Worker     )
124*4185b066SAndroid Build Coastguard Worker     .unwrap();
125*4185b066SAndroid Build Coastguard Worker 
126*4185b066SAndroid Build Coastguard Worker     let mut sink = keyexchange::AuthGraphParticipant::new(
127*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
128*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(sink_device)),
129*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
130*4185b066SAndroid Build Coastguard Worker     )
131*4185b066SAndroid Build Coastguard Worker     .unwrap();
132*4185b066SAndroid Build Coastguard Worker 
133*4185b066SAndroid Build Coastguard Worker     ag_test::test_ke_with_newer_source(&mut source, &mut sink);
134*4185b066SAndroid Build Coastguard Worker }
135*4185b066SAndroid Build Coastguard Worker 
136*4185b066SAndroid Build Coastguard Worker #[test]
test_ke_with_newer_sink()137*4185b066SAndroid Build Coastguard Worker fn test_ke_with_newer_sink() {
138*4185b066SAndroid Build Coastguard Worker     let source_device = crate::test_device::AgDevice::default();
139*4185b066SAndroid Build Coastguard Worker     source_device.set_version(1);
140*4185b066SAndroid Build Coastguard Worker 
141*4185b066SAndroid Build Coastguard Worker     let sink_device = crate::test_device::AgDevice::default();
142*4185b066SAndroid Build Coastguard Worker     sink_device.set_version(2);
143*4185b066SAndroid Build Coastguard Worker 
144*4185b066SAndroid Build Coastguard Worker     let mut source = keyexchange::AuthGraphParticipant::new(
145*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
146*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(source_device)),
147*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
148*4185b066SAndroid Build Coastguard Worker     )
149*4185b066SAndroid Build Coastguard Worker     .unwrap();
150*4185b066SAndroid Build Coastguard Worker 
151*4185b066SAndroid Build Coastguard Worker     let mut sink = keyexchange::AuthGraphParticipant::new(
152*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
153*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(sink_device)),
154*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
155*4185b066SAndroid Build Coastguard Worker     )
156*4185b066SAndroid Build Coastguard Worker     .unwrap();
157*4185b066SAndroid Build Coastguard Worker 
158*4185b066SAndroid Build Coastguard Worker     ag_test::test_ke_with_newer_sink(&mut source, &mut sink);
159*4185b066SAndroid Build Coastguard Worker }
160*4185b066SAndroid Build Coastguard Worker 
161*4185b066SAndroid Build Coastguard Worker #[test]
test_ke_for_protocol_downgrade()162*4185b066SAndroid Build Coastguard Worker fn test_ke_for_protocol_downgrade() {
163*4185b066SAndroid Build Coastguard Worker     let source_device = crate::test_device::AgDevice::default();
164*4185b066SAndroid Build Coastguard Worker     source_device.set_version(2);
165*4185b066SAndroid Build Coastguard Worker 
166*4185b066SAndroid Build Coastguard Worker     let sink_device = crate::test_device::AgDevice::default();
167*4185b066SAndroid Build Coastguard Worker     sink_device.set_version(2);
168*4185b066SAndroid Build Coastguard Worker 
169*4185b066SAndroid Build Coastguard Worker     let mut source = keyexchange::AuthGraphParticipant::new(
170*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
171*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(source_device)),
172*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
173*4185b066SAndroid Build Coastguard Worker     )
174*4185b066SAndroid Build Coastguard Worker     .unwrap();
175*4185b066SAndroid Build Coastguard Worker 
176*4185b066SAndroid Build Coastguard Worker     let mut sink = keyexchange::AuthGraphParticipant::new(
177*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
178*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(sink_device)),
179*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
180*4185b066SAndroid Build Coastguard Worker     )
181*4185b066SAndroid Build Coastguard Worker     .unwrap();
182*4185b066SAndroid Build Coastguard Worker 
183*4185b066SAndroid Build Coastguard Worker     ag_test::test_ke_for_version_downgrade(&mut source, &mut sink);
184*4185b066SAndroid Build Coastguard Worker }
185*4185b066SAndroid Build Coastguard Worker 
186*4185b066SAndroid Build Coastguard Worker #[test]
test_ke_for_replay()187*4185b066SAndroid Build Coastguard Worker fn test_ke_for_replay() {
188*4185b066SAndroid Build Coastguard Worker     let mut source = keyexchange::AuthGraphParticipant::new(
189*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
190*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(crate::test_device::AgDevice::default())),
191*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
192*4185b066SAndroid Build Coastguard Worker     )
193*4185b066SAndroid Build Coastguard Worker     .unwrap();
194*4185b066SAndroid Build Coastguard Worker     let mut sink = keyexchange::AuthGraphParticipant::new(
195*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
196*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(crate::test_device::AgDevice::default())),
197*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
198*4185b066SAndroid Build Coastguard Worker     )
199*4185b066SAndroid Build Coastguard Worker     .unwrap();
200*4185b066SAndroid Build Coastguard Worker     ag_test::test_ke_for_replay(&mut source, &mut sink);
201*4185b066SAndroid Build Coastguard Worker }
202*4185b066SAndroid Build Coastguard Worker 
203*4185b066SAndroid Build Coastguard Worker #[test]
test_identity_validation()204*4185b066SAndroid Build Coastguard Worker fn test_identity_validation() {
205*4185b066SAndroid Build Coastguard Worker     ag_test::validate_identity(&crate::BoringEcDsa);
206*4185b066SAndroid Build Coastguard Worker }
207*4185b066SAndroid Build Coastguard Worker 
208*4185b066SAndroid Build Coastguard Worker #[test]
test_example_identity_validate()209*4185b066SAndroid Build Coastguard Worker fn test_example_identity_validate() {
210*4185b066SAndroid Build Coastguard Worker     ag_test::test_example_identity_validate(&crate::BoringEcDsa);
211*4185b066SAndroid Build Coastguard Worker }
212*4185b066SAndroid Build Coastguard Worker 
213*4185b066SAndroid Build Coastguard Worker #[test]
test_key_exchange_with_non_empty_dice_chains()214*4185b066SAndroid Build Coastguard Worker fn test_key_exchange_with_non_empty_dice_chains() {
215*4185b066SAndroid Build Coastguard Worker     // Both parties have identities containing a DICE certificate chains of non-zero length.
216*4185b066SAndroid Build Coastguard Worker     let source_device = crate::test_device::AgDevice::default();
217*4185b066SAndroid Build Coastguard Worker     let (source_pvt_sign_key, source_cbor_identity) = ag_test::create_identity(4).unwrap();
218*4185b066SAndroid Build Coastguard Worker     let source_identity = Identity::from_slice(&source_cbor_identity).unwrap();
219*4185b066SAndroid Build Coastguard Worker     source_device.set_identity((source_pvt_sign_key, source_identity), iana::Algorithm::EdDSA);
220*4185b066SAndroid Build Coastguard Worker     let mut source = keyexchange::AuthGraphParticipant::new(
221*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
222*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(source_device)),
223*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
224*4185b066SAndroid Build Coastguard Worker     )
225*4185b066SAndroid Build Coastguard Worker     .unwrap();
226*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_create(&mut source);
227*4185b066SAndroid Build Coastguard Worker     let sink_device = crate::test_device::AgDevice::default();
228*4185b066SAndroid Build Coastguard Worker     let (sink_pvt_sign_key, sink_cbor_identity) = ag_test::create_identity(5).unwrap();
229*4185b066SAndroid Build Coastguard Worker     let sink_identity = Identity::from_slice(&sink_cbor_identity).unwrap();
230*4185b066SAndroid Build Coastguard Worker     sink_device.set_identity((sink_pvt_sign_key, sink_identity), iana::Algorithm::EdDSA);
231*4185b066SAndroid Build Coastguard Worker     let mut sink = keyexchange::AuthGraphParticipant::new(
232*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
233*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(sink_device)),
234*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
235*4185b066SAndroid Build Coastguard Worker     )
236*4185b066SAndroid Build Coastguard Worker     .unwrap();
237*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_init(&mut source, &mut sink);
238*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_finish(&mut source, &mut sink);
239*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_auth_complete(&mut source, &mut sink);
240*4185b066SAndroid Build Coastguard Worker }
241*4185b066SAndroid Build Coastguard Worker 
242*4185b066SAndroid Build Coastguard Worker #[test]
test_key_exchange_with_mixed_dice_chains()243*4185b066SAndroid Build Coastguard Worker fn test_key_exchange_with_mixed_dice_chains() {
244*4185b066SAndroid Build Coastguard Worker     // One party has an identity with an empty DICE certificate chain and the other party has an
245*4185b066SAndroid Build Coastguard Worker     // identity with DICE certificate chainss of non-zero length.
246*4185b066SAndroid Build Coastguard Worker     let source_device = crate::test_device::AgDevice::default();
247*4185b066SAndroid Build Coastguard Worker     let (source_pvt_sign_key, source_cbor_identity) = ag_test::create_identity(0).unwrap();
248*4185b066SAndroid Build Coastguard Worker     let source_identity = Identity::from_slice(&source_cbor_identity).unwrap();
249*4185b066SAndroid Build Coastguard Worker     source_device.set_identity((source_pvt_sign_key, source_identity), iana::Algorithm::EdDSA);
250*4185b066SAndroid Build Coastguard Worker     let mut source = keyexchange::AuthGraphParticipant::new(
251*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
252*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(source_device)),
253*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
254*4185b066SAndroid Build Coastguard Worker     )
255*4185b066SAndroid Build Coastguard Worker     .unwrap();
256*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_create(&mut source);
257*4185b066SAndroid Build Coastguard Worker     let sink_device = crate::test_device::AgDevice::default();
258*4185b066SAndroid Build Coastguard Worker     let (sink_pvt_sign_key, sink_cbor_identity) = ag_test::create_identity(5).unwrap();
259*4185b066SAndroid Build Coastguard Worker     let sink_identity = Identity::from_slice(&sink_cbor_identity).unwrap();
260*4185b066SAndroid Build Coastguard Worker     sink_device.set_identity((sink_pvt_sign_key, sink_identity), iana::Algorithm::EdDSA);
261*4185b066SAndroid Build Coastguard Worker     let mut sink = keyexchange::AuthGraphParticipant::new(
262*4185b066SAndroid Build Coastguard Worker         crate::crypto_trait_impls(),
263*4185b066SAndroid Build Coastguard Worker         Rc::new(RefCell::new(sink_device)),
264*4185b066SAndroid Build Coastguard Worker         keyexchange::MAX_OPENED_SESSIONS,
265*4185b066SAndroid Build Coastguard Worker     )
266*4185b066SAndroid Build Coastguard Worker     .unwrap();
267*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_init(&mut source, &mut sink);
268*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_finish(&mut source, &mut sink);
269*4185b066SAndroid Build Coastguard Worker     ag_test::test_key_exchange_auth_complete(&mut source, &mut sink);
270*4185b066SAndroid Build Coastguard Worker }
271*4185b066SAndroid Build Coastguard Worker 
272*4185b066SAndroid Build Coastguard Worker #[test]
273*4185b066SAndroid Build Coastguard Worker #[should_panic(expected = "root key is not in the required canonical form")]
test_get_identity_with_root_key_in_incorrect_canonical_form()274*4185b066SAndroid Build Coastguard Worker fn test_get_identity_with_root_key_in_incorrect_canonical_form() {
275*4185b066SAndroid Build Coastguard Worker     // Check that the `Identity` returned from `get_identity` in the `Device` trait fails the
276*4185b066SAndroid Build Coastguard Worker     // validation, given that the root key is in incorrect canonical form.
277*4185b066SAndroid Build Coastguard Worker     let test_device = crate::test_device::AgDevice::default();
278*4185b066SAndroid Build Coastguard Worker     let (priv_key, mut pub_key) = crate::ec::create_p256_key_pair(iana::Algorithm::ES256).unwrap();
279*4185b066SAndroid Build Coastguard Worker     let mut test_params = Vec::<(Label, Value)>::new();
280*4185b066SAndroid Build Coastguard Worker     for param in pub_key.params {
281*4185b066SAndroid Build Coastguard Worker         test_params.push(param);
282*4185b066SAndroid Build Coastguard Worker     }
283*4185b066SAndroid Build Coastguard Worker     test_params.push((Label::Int(23), Value::Text("test1".to_string())));
284*4185b066SAndroid Build Coastguard Worker     test_params.push((Label::Int(1234), Value::Text("test2".to_string())));
285*4185b066SAndroid Build Coastguard Worker     pub_key.params = test_params;
286*4185b066SAndroid Build Coastguard Worker     pub_key.canonicalize(CborOrdering::LengthFirstLexicographic);
287*4185b066SAndroid Build Coastguard Worker     let identity = Identity {
288*4185b066SAndroid Build Coastguard Worker         version: IDENTITY_VERSION,
289*4185b066SAndroid Build Coastguard Worker         cert_chain: CertChain {
290*4185b066SAndroid Build Coastguard Worker             version: EXPLICIT_KEY_DICE_CERT_CHAIN_VERSION,
291*4185b066SAndroid Build Coastguard Worker             root_key: EcVerifyKey::P256(pub_key),
292*4185b066SAndroid Build Coastguard Worker             dice_cert_chain: None,
293*4185b066SAndroid Build Coastguard Worker         },
294*4185b066SAndroid Build Coastguard Worker         policy: None,
295*4185b066SAndroid Build Coastguard Worker     };
296*4185b066SAndroid Build Coastguard Worker     test_device.set_identity((EcSignKey::P256(priv_key), identity), iana::Algorithm::ES256);
297*4185b066SAndroid Build Coastguard Worker     ag_test::test_get_identity(&test_device, &crate::BoringEcDsa);
298*4185b066SAndroid Build Coastguard Worker }
299*4185b066SAndroid Build Coastguard Worker 
300*4185b066SAndroid Build Coastguard Worker #[test]
test_get_identity_with_root_key_in_correct_canonical_form()301*4185b066SAndroid Build Coastguard Worker fn test_get_identity_with_root_key_in_correct_canonical_form() {
302*4185b066SAndroid Build Coastguard Worker     // Check that the `Identity` returned from `get_identity` in the `Device` trait passes the
303*4185b066SAndroid Build Coastguard Worker     // validation, given that the root key is in correct canonical form.
304*4185b066SAndroid Build Coastguard Worker     let test_device = crate::test_device::AgDevice::default();
305*4185b066SAndroid Build Coastguard Worker     let (priv_key, mut pub_key) = crate::ec::create_p256_key_pair(iana::Algorithm::ES256).unwrap();
306*4185b066SAndroid Build Coastguard Worker     let mut test_params = Vec::<(Label, Value)>::new();
307*4185b066SAndroid Build Coastguard Worker     for param in pub_key.params {
308*4185b066SAndroid Build Coastguard Worker         test_params.push(param);
309*4185b066SAndroid Build Coastguard Worker     }
310*4185b066SAndroid Build Coastguard Worker     test_params.push((Label::Int(23), Value::Text("test1".to_string())));
311*4185b066SAndroid Build Coastguard Worker     test_params.push((Label::Int(1234), Value::Text("test2".to_string())));
312*4185b066SAndroid Build Coastguard Worker     pub_key.params = test_params;
313*4185b066SAndroid Build Coastguard Worker     pub_key.canonicalize(CborOrdering::Lexicographic);
314*4185b066SAndroid Build Coastguard Worker     let identity = Identity {
315*4185b066SAndroid Build Coastguard Worker         version: IDENTITY_VERSION,
316*4185b066SAndroid Build Coastguard Worker         cert_chain: CertChain {
317*4185b066SAndroid Build Coastguard Worker             version: EXPLICIT_KEY_DICE_CERT_CHAIN_VERSION,
318*4185b066SAndroid Build Coastguard Worker             root_key: EcVerifyKey::P256(pub_key),
319*4185b066SAndroid Build Coastguard Worker             dice_cert_chain: None,
320*4185b066SAndroid Build Coastguard Worker         },
321*4185b066SAndroid Build Coastguard Worker         policy: None,
322*4185b066SAndroid Build Coastguard Worker     };
323*4185b066SAndroid Build Coastguard Worker     test_device.set_identity((EcSignKey::P256(priv_key), identity), iana::Algorithm::ES256);
324*4185b066SAndroid Build Coastguard Worker     ag_test::test_get_identity(&test_device, &crate::BoringEcDsa);
325*4185b066SAndroid Build Coastguard Worker }
326