Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 11:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "Test for malformed modulus in attestation cert"

Browse Source
This commit is contained in:
Janis Danisevskis
2018-11-09 17:10:57 +00:00
committed by Android (Google) Code Review
parent c4c84ea6dd 78e8f44b7c
commit 3fdc002bd2
1 changed files with 43 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
View File

@@ -181,7 +181,35 @@ X509* parse_cert_blob(const hidl_vec<uint8_t>& blob) {
return d2i_X509(nullptr, &p, blob.size());
}
bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) {
bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain, const std::string& msg,
const std::string& signature) {
{
EVP_MD_CTX md_ctx_verify;
X509_Ptr signing_cert(parse_cert_blob(chain[0]));
EVP_PKEY_Ptr signing_pubkey(X509_get_pubkey(signing_cert.get()));
EXPECT_TRUE(signing_pubkey);
ERR_print_errors_cb(
[](const char* str, size_t len, void* ctx) -> int {
(void)ctx;
std::cerr << std::string(str, len) << std::endl;
return 1;
},
nullptr);
EVP_MD_CTX_init(&md_ctx_verify);
bool result = false;
EXPECT_TRUE((result = EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL,
signing_pubkey.get())));
EXPECT_TRUE(
(result = result && EVP_DigestVerifyUpdate(&md_ctx_verify, msg.c_str(), msg.size())));
EXPECT_TRUE((result = result && EVP_DigestVerifyFinal(
&md_ctx_verify,
reinterpret_cast<const uint8_t*>(signature.c_str()),
signature.size())));
EVP_MD_CTX_cleanup(&md_ctx_verify);
if (!result) return false;
}
for (size_t i = 0; i < chain.size(); ++i) {
X509_Ptr key_cert(parse_cert_blob(chain[i]));
X509_Ptr signing_cert;
@@ -3833,8 +3861,8 @@ TEST_F(AttestationTest, RsaAttestation) {
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
.Authorization(TAG_INCLUDE_UNIQUE_ID)));
hidl_vec<hidl_vec<uint8_t>> cert_chain;
@@ -3844,7 +3872,13 @@ TEST_F(AttestationTest, RsaAttestation) {
.Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")),
&cert_chain));
EXPECT_GE(cert_chain.size(), 2U);
EXPECT_TRUE(verify_chain(cert_chain));
string message = "12345678901234567890123456789012";
string signature = SignMessage(message, AuthorizationSetBuilder()
.Digest(Digest::SHA_2_256)
.Padding(PaddingMode::RSA_PKCS1_1_5_SIGN));
EXPECT_TRUE(verify_chain(cert_chain, message, signature));
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //
key_characteristics_.hardwareEnforced, //
@@ -3890,7 +3924,11 @@ TEST_F(AttestationTest, EcAttestation) {
.Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")),
&cert_chain));
EXPECT_GE(cert_chain.size(), 2U);
EXPECT_TRUE(verify_chain(cert_chain));
string message(1024, 'a');
string signature = SignMessage(message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
EXPECT_TRUE(verify_chain(cert_chain, message, signature));
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //