Loading keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +43 −5 Original line number Diff line number Diff line Loading @@ -181,7 +181,35 @@ X509* parse_cert_blob(const hidl_vec<uint8_t>& blob) { return d2i_X509(nullptr, &p, blob.size()); } bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) { bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain, const std::string& msg, const std::string& signature) { { EVP_MD_CTX md_ctx_verify; X509_Ptr signing_cert(parse_cert_blob(chain[0])); EVP_PKEY_Ptr signing_pubkey(X509_get_pubkey(signing_cert.get())); EXPECT_TRUE(signing_pubkey); ERR_print_errors_cb( [](const char* str, size_t len, void* ctx) -> int { (void)ctx; std::cerr << std::string(str, len) << std::endl; return 1; }, nullptr); EVP_MD_CTX_init(&md_ctx_verify); bool result = false; EXPECT_TRUE((result = EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, signing_pubkey.get()))); EXPECT_TRUE( (result = result && EVP_DigestVerifyUpdate(&md_ctx_verify, msg.c_str(), msg.size()))); EXPECT_TRUE((result = result && EVP_DigestVerifyFinal( &md_ctx_verify, reinterpret_cast<const uint8_t*>(signature.c_str()), signature.size()))); EVP_MD_CTX_cleanup(&md_ctx_verify); if (!result) return false; } for (size_t i = 0; i < chain.size(); ++i) { X509_Ptr key_cert(parse_cert_blob(chain[i])); X509_Ptr signing_cert; Loading Loading @@ -3833,8 +3861,8 @@ TEST_F(AttestationTest, RsaAttestation) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Digest(Digest::SHA_2_256) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) .Authorization(TAG_INCLUDE_UNIQUE_ID))); hidl_vec<hidl_vec<uint8_t>> cert_chain; Loading @@ -3844,7 +3872,13 @@ TEST_F(AttestationTest, RsaAttestation) { .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), &cert_chain)); EXPECT_GE(cert_chain.size(), 2U); EXPECT_TRUE(verify_chain(cert_chain)); string message = "12345678901234567890123456789012"; string signature = SignMessage(message, AuthorizationSetBuilder() .Digest(Digest::SHA_2_256) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)); EXPECT_TRUE(verify_chain(cert_chain, message, signature)); EXPECT_TRUE(verify_attestation_record("challenge", "foo", // key_characteristics_.softwareEnforced, // key_characteristics_.hardwareEnforced, // Loading Loading @@ -3890,7 +3924,11 @@ TEST_F(AttestationTest, EcAttestation) { .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), &cert_chain)); EXPECT_GE(cert_chain.size(), 2U); EXPECT_TRUE(verify_chain(cert_chain)); string message(1024, 'a'); string signature = SignMessage(message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256)); EXPECT_TRUE(verify_chain(cert_chain, message, signature)); EXPECT_TRUE(verify_attestation_record("challenge", "foo", // key_characteristics_.softwareEnforced, // Loading Loading
keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +43 −5 Original line number Diff line number Diff line Loading @@ -181,7 +181,35 @@ X509* parse_cert_blob(const hidl_vec<uint8_t>& blob) { return d2i_X509(nullptr, &p, blob.size()); } bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) { bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain, const std::string& msg, const std::string& signature) { { EVP_MD_CTX md_ctx_verify; X509_Ptr signing_cert(parse_cert_blob(chain[0])); EVP_PKEY_Ptr signing_pubkey(X509_get_pubkey(signing_cert.get())); EXPECT_TRUE(signing_pubkey); ERR_print_errors_cb( [](const char* str, size_t len, void* ctx) -> int { (void)ctx; std::cerr << std::string(str, len) << std::endl; return 1; }, nullptr); EVP_MD_CTX_init(&md_ctx_verify); bool result = false; EXPECT_TRUE((result = EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL, signing_pubkey.get()))); EXPECT_TRUE( (result = result && EVP_DigestVerifyUpdate(&md_ctx_verify, msg.c_str(), msg.size()))); EXPECT_TRUE((result = result && EVP_DigestVerifyFinal( &md_ctx_verify, reinterpret_cast<const uint8_t*>(signature.c_str()), signature.size()))); EVP_MD_CTX_cleanup(&md_ctx_verify); if (!result) return false; } for (size_t i = 0; i < chain.size(); ++i) { X509_Ptr key_cert(parse_cert_blob(chain[i])); X509_Ptr signing_cert; Loading Loading @@ -3833,8 +3861,8 @@ TEST_F(AttestationTest, RsaAttestation) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .RsaSigningKey(2048, 65537) .Digest(Digest::NONE) .Padding(PaddingMode::NONE) .Digest(Digest::SHA_2_256) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN) .Authorization(TAG_INCLUDE_UNIQUE_ID))); hidl_vec<hidl_vec<uint8_t>> cert_chain; Loading @@ -3844,7 +3872,13 @@ TEST_F(AttestationTest, RsaAttestation) { .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), &cert_chain)); EXPECT_GE(cert_chain.size(), 2U); EXPECT_TRUE(verify_chain(cert_chain)); string message = "12345678901234567890123456789012"; string signature = SignMessage(message, AuthorizationSetBuilder() .Digest(Digest::SHA_2_256) .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)); EXPECT_TRUE(verify_chain(cert_chain, message, signature)); EXPECT_TRUE(verify_attestation_record("challenge", "foo", // key_characteristics_.softwareEnforced, // key_characteristics_.hardwareEnforced, // Loading Loading @@ -3890,7 +3924,11 @@ TEST_F(AttestationTest, EcAttestation) { .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")), &cert_chain)); EXPECT_GE(cert_chain.size(), 2U); EXPECT_TRUE(verify_chain(cert_chain)); string message(1024, 'a'); string signature = SignMessage(message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256)); EXPECT_TRUE(verify_chain(cert_chain, message, signature)); EXPECT_TRUE(verify_attestation_record("challenge", "foo", // key_characteristics_.softwareEnforced, // Loading
