Loading security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +1 −2 Original line number Diff line number Diff line Loading @@ -335,8 +335,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { ASSERT_TRUE(deviceInfoMap->asMap()); auto& signingKey = bccContents->back().pubKey; auto macKey = verifyAndParseCoseSign1(/* ignore_signature = */ false, signedMac->asArray(), signingKey, auto macKey = verifyAndParseCoseSign1(signedMac->asArray(), signingKey, cppbor::Array() // SignedMacAad .add(challenge_) .add(std::move(deviceInfoMap)) Loading security/keymint/support/remote_prov_utils.cpp +14 −20 Original line number Diff line number Diff line Loading @@ -78,7 +78,7 @@ ErrMsgOr<EekChain> generateEekChain(size_t length, const bytevec& eekId) { return EekChain{eekChain.encode(), pub_key, priv_key}; } ErrMsgOr<bytevec> verifyAndParseCoseSign1Cwt(bool ignoreSignature, const cppbor::Array* coseSign1, ErrMsgOr<bytevec> verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1, const bytevec& signingCoseKey, const bytevec& aad) { if (!coseSign1 || coseSign1->size() != kCoseSign1EntryCount) { return "Invalid COSE_Sign1"; Loading Loading @@ -115,27 +115,22 @@ ErrMsgOr<bytevec> verifyAndParseCoseSign1Cwt(bool ignoreSignature, const cppbor: auto serializedKey = parsedPayload->asMap()->get(-4670552)->clone(); if (!serializedKey || !serializedKey->asBstr()) return "Could not find key entry"; if (!ignoreSignature) { bool selfSigned = signingCoseKey.empty(); auto key = CoseKey::parseEd25519(selfSigned ? serializedKey->asBstr()->value() : signingCoseKey); auto key = CoseKey::parseEd25519(selfSigned ? serializedKey->asBstr()->value() : signingCoseKey); if (!key) return "Bad signing key: " + key.moveMessage(); bytevec signatureInput = cppbor::Array() .add("Signature1") .add(*protectedParams) .add(aad) .add(*payload) .encode(); bytevec signatureInput = cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode(); if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), key->getBstrValue(CoseKey::PUBKEY_X)->data())) { return "Signature verification failed"; } } return serializedKey->asBstr()->value(); } ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc) { if (!bcc || bcc->size() == 0) return "Invalid BCC"; Loading @@ -148,8 +143,7 @@ ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc) { if (!entry || entry->size() != kCoseSign1EntryCount) { return "Invalid BCC entry " + std::to_string(i) + ": " + prettyPrint(entry); } auto payload = verifyAndParseCoseSign1Cwt(false /* ignoreSignature */, entry, std::move(prevKey), bytevec{} /* AAD */); auto payload = verifyAndParseCoseSign1Cwt(entry, std::move(prevKey), bytevec{} /* AAD */); if (!payload) { return "Failed to verify entry " + std::to_string(i) + ": " + payload.moveMessage(); } Loading Loading
security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +1 −2 Original line number Diff line number Diff line Loading @@ -335,8 +335,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { ASSERT_TRUE(deviceInfoMap->asMap()); auto& signingKey = bccContents->back().pubKey; auto macKey = verifyAndParseCoseSign1(/* ignore_signature = */ false, signedMac->asArray(), signingKey, auto macKey = verifyAndParseCoseSign1(signedMac->asArray(), signingKey, cppbor::Array() // SignedMacAad .add(challenge_) .add(std::move(deviceInfoMap)) Loading
security/keymint/support/remote_prov_utils.cpp +14 −20 Original line number Diff line number Diff line Loading @@ -78,7 +78,7 @@ ErrMsgOr<EekChain> generateEekChain(size_t length, const bytevec& eekId) { return EekChain{eekChain.encode(), pub_key, priv_key}; } ErrMsgOr<bytevec> verifyAndParseCoseSign1Cwt(bool ignoreSignature, const cppbor::Array* coseSign1, ErrMsgOr<bytevec> verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1, const bytevec& signingCoseKey, const bytevec& aad) { if (!coseSign1 || coseSign1->size() != kCoseSign1EntryCount) { return "Invalid COSE_Sign1"; Loading Loading @@ -115,27 +115,22 @@ ErrMsgOr<bytevec> verifyAndParseCoseSign1Cwt(bool ignoreSignature, const cppbor: auto serializedKey = parsedPayload->asMap()->get(-4670552)->clone(); if (!serializedKey || !serializedKey->asBstr()) return "Could not find key entry"; if (!ignoreSignature) { bool selfSigned = signingCoseKey.empty(); auto key = CoseKey::parseEd25519(selfSigned ? serializedKey->asBstr()->value() : signingCoseKey); auto key = CoseKey::parseEd25519(selfSigned ? serializedKey->asBstr()->value() : signingCoseKey); if (!key) return "Bad signing key: " + key.moveMessage(); bytevec signatureInput = cppbor::Array() .add("Signature1") .add(*protectedParams) .add(aad) .add(*payload) .encode(); bytevec signatureInput = cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode(); if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), key->getBstrValue(CoseKey::PUBKEY_X)->data())) { return "Signature verification failed"; } } return serializedKey->asBstr()->value(); } ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc) { if (!bcc || bcc->size() == 0) return "Invalid BCC"; Loading @@ -148,8 +143,7 @@ ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc) { if (!entry || entry->size() != kCoseSign1EntryCount) { return "Invalid BCC entry " + std::to_string(i) + ": " + prettyPrint(entry); } auto payload = verifyAndParseCoseSign1Cwt(false /* ignoreSignature */, entry, std::move(prevKey), bytevec{} /* AAD */); auto payload = verifyAndParseCoseSign1Cwt(entry, std::move(prevKey), bytevec{} /* AAD */); if (!payload) { return "Failed to verify entry " + std::to_string(i) + ": " + payload.moveMessage(); } Loading
