Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a722ff42 authored by Max Bires's avatar Max Bires
Browse files

Adding test to check that ASN.1 lengths are properly encoded 

This test checks that length metadata for the ASN.1 encoding of
attestation application ids are correct. It generates an app id that
will have a length between 127 and 256, which should create an encoding
that requires two bytes of length metadata - one byte to specify how many
bytes are needed for the length, and one byte for the length.

Some implementations of keymaster only use one byte in this case, which
will fail on strict ASN.1 parsers.

Bug: 142674020
Test: m VtsHalKeymasterV4_0TargetTest && adb sync data \
&& adb shell data/nativetest64/VtsHalKeymasterV4_0TargetTest/VtsHalKeymasterV4_0TargetTest

Change-Id: I7dfc38a09247eb3cb237f33a202044668d15cbca
parent 21eb2f53

keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

+29 −0
Original line number Diff line number Diff line
@@ -4412,6 +4412,35 @@ TEST_F(AttestationTest, EcAttestationRequiresAttestationAppId) { 
                        &cert_chain));

}



/*

 * AttestationTest.AttestationApplicationIDLengthProperlyEncoded

 *

 * Verifies that the Attestation Application ID software enforced tag has a proper length encoding.

 * Some implementations break strict encoding rules by encoding a length between 127 and 256 in one

 * byte. Proper DER encoding specifies that for lengths greather than 127, one byte should be used

 * to specify how many following bytes will be used to encode the length.

 */

TEST_F(AttestationTest, AttestationApplicationIDLengthProperlyEncoded) {

    auto creation_time = std::chrono::system_clock::now();

    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()

                                                 .Authorization(TAG_NO_AUTH_REQUIRED)

                                                 .EcdsaSigningKey(EcCurve::P_256)

                                                 .Digest(Digest::SHA_2_256)));



    hidl_vec<hidl_vec<uint8_t>> cert_chain;

    const string app_id(143, 'a');

    ASSERT_EQ(ErrorCode::OK,

              AttestKey(AuthorizationSetBuilder()

                                .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))

                                .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf(app_id)),

                        &cert_chain));

    EXPECT_GE(cert_chain.size(), 2U);



    EXPECT_TRUE(verify_attestation_record("challenge", app_id,                    //

                                          key_characteristics_.softwareEnforced,  //

                                          key_characteristics_.hardwareEnforced,  //

                                          SecLevel(), cert_chain[0], creation_time));

}

/*

 * AttestationTest.AesAttestation

 *