Test for malformed modulus in attestation cert
With this patch the attestation tests use the attested to key to sign a
message and use the public key in the attestation certificate to verify
the signature. Thereby tripping up over malformed public keys.
Bug: 118372436
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I4ce75c689cd5b6bb04a56e283c1202501ee821c9
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 784ae30..a9c6f6c 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -181,7 +181,35 @@
return d2i_X509(nullptr, &p, blob.size());
}
-bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain) {
+bool verify_chain(const hidl_vec<hidl_vec<uint8_t>>& chain, const std::string& msg,
+ const std::string& signature) {
+ {
+ EVP_MD_CTX md_ctx_verify;
+ X509_Ptr signing_cert(parse_cert_blob(chain[0]));
+ EVP_PKEY_Ptr signing_pubkey(X509_get_pubkey(signing_cert.get()));
+ EXPECT_TRUE(signing_pubkey);
+ ERR_print_errors_cb(
+ [](const char* str, size_t len, void* ctx) -> int {
+ (void)ctx;
+ std::cerr << std::string(str, len) << std::endl;
+ return 1;
+ },
+ nullptr);
+
+ EVP_MD_CTX_init(&md_ctx_verify);
+
+ bool result = false;
+ EXPECT_TRUE((result = EVP_DigestVerifyInit(&md_ctx_verify, NULL, EVP_sha256(), NULL,
+ signing_pubkey.get())));
+ EXPECT_TRUE(
+ (result = result && EVP_DigestVerifyUpdate(&md_ctx_verify, msg.c_str(), msg.size())));
+ EXPECT_TRUE((result = result && EVP_DigestVerifyFinal(
+ &md_ctx_verify,
+ reinterpret_cast<const uint8_t*>(signature.c_str()),
+ signature.size())));
+ EVP_MD_CTX_cleanup(&md_ctx_verify);
+ if (!result) return false;
+ }
for (size_t i = 0; i < chain.size(); ++i) {
X509_Ptr key_cert(parse_cert_blob(chain[i]));
X509_Ptr signing_cert;
@@ -3833,8 +3861,8 @@
ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
.RsaSigningKey(2048, 65537)
- .Digest(Digest::NONE)
- .Padding(PaddingMode::NONE)
+ .Digest(Digest::SHA_2_256)
+ .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN)
.Authorization(TAG_INCLUDE_UNIQUE_ID)));
hidl_vec<hidl_vec<uint8_t>> cert_chain;
@@ -3844,7 +3872,13 @@
.Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")),
&cert_chain));
EXPECT_GE(cert_chain.size(), 2U);
- EXPECT_TRUE(verify_chain(cert_chain));
+
+ string message = "12345678901234567890123456789012";
+ string signature = SignMessage(message, AuthorizationSetBuilder()
+ .Digest(Digest::SHA_2_256)
+ .Padding(PaddingMode::RSA_PKCS1_1_5_SIGN));
+
+ EXPECT_TRUE(verify_chain(cert_chain, message, signature));
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //
key_characteristics_.hardwareEnforced, //
@@ -3890,7 +3924,11 @@
.Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo")),
&cert_chain));
EXPECT_GE(cert_chain.size(), 2U);
- EXPECT_TRUE(verify_chain(cert_chain));
+
+ string message(1024, 'a');
+ string signature = SignMessage(message, AuthorizationSetBuilder().Digest(Digest::SHA_2_256));
+
+ EXPECT_TRUE(verify_chain(cert_chain, message, signature));
EXPECT_TRUE(verify_attestation_record("challenge", "foo", //
key_characteristics_.softwareEnforced, //