Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2a685c85 authored by Victor Hsieh's avatar Victor Hsieh
Browse files

VerityUtilsTest: add a test case of external signature 

Bug: 253668864
Test: atest FrameworksCoreTests:com.android.internal.security.VerityUtilsTest
Change-Id: I70a8fc399e09ed611a907e3fcc7506d7c370a397
parent 66ec7b27

core/tests/coretests/Android.bp

+1 −0
Original line number Diff line number Diff line
@@ -82,6 +82,7 @@ android_test { 


    resource_dirs: ["res"],

    resource_zips: [":FrameworksCoreTests_apks_as_resources"],

    java_resources: [":ApkVerityTestCertDer"],



    data: [

        ":BstatsTestApp",

core/tests/coretests/res/raw/fsverity_sig

0 → 100644
+672 B

File added.

No diff preview for this file type.

View file

core/tests/coretests/src/com/android/internal/security/VerityUtilsTest.java

+21 −0
Original line number Diff line number Diff line
@@ -22,8 +22,11 @@ import static org.junit.Assert.assertTrue; 
import android.platform.test.annotations.Presubmit;



import androidx.test.filters.SmallTest;

import androidx.test.platform.app.InstrumentationRegistry;

import androidx.test.runner.AndroidJUnit4;



import com.android.frameworks.coretests.R;



import org.bouncycastle.asn1.ASN1Encoding;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;

import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
@@ -61,6 +64,7 @@ import java.time.Duration; 
import java.time.Instant;

import java.util.Arrays;

import java.util.Date;

import java.util.HexFormat;



@Presubmit

@SmallTest
@@ -222,6 +226,23 @@ public class VerityUtilsTest { 
        assertFalse(verifySignature(pkcs7Signature, SAMPLE_DIGEST, mCertificateDerEncoded));

    }



    @Test

    public void testSignatureGeneratedExternally() throws Exception {

        var context = InstrumentationRegistry.getInstrumentation().getContext();

        byte[] cert = getClass().getClassLoader().getResourceAsStream("ApkVerityTestCert.der")

                .readAllBytes();

        // The signature is generated by:

        //   fsverity sign <(echo -n fs-verity) fsverity_sig --key=ApkVerityTestKey.pem \

        //   --cert=ApkVerityTestCert.pem

        byte[] sig = context.getResources().openRawResource(R.raw.fsverity_sig).readAllBytes();

        // The fs-verity digest is generated by:

        //   fsverity digest --compact <(echo -n fs-verity)

        byte[] digest = HexFormat.of().parseHex(

                "3d248ca542a24fc62d1c43b916eae5016878e2533c88238480b26128a1f1af95");



        assertTrue(verifySignature(sig, digest, cert));

    }



    private static boolean verifySignature(

            byte[] pkcs7Signature, byte[] fsverityDigest, byte[] certificateDerEncoded) {

        return VerityUtils.verifyPkcs7DetachedSignature(