Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / a722ff42a961e12d284b64f3b2d633dc4c2ee81f^! / .
commita722ff42a961e12d284b64f3b2d633dc4c2ee81f[log] [tgz]
authorMax Bires <jbires@google.com>Wed Oct 16 13:02:11 2019 -0700
committerMax Bires <jbires@google.com>Wed Oct 16 15:21:14 2019 -0700
tree067e04fb15ad1dfd29b99ac7c4bb63e805b4eb36
parent21eb2f5359d8aa74313b9cff1315fa53079f5bf0 [diff]
Adding test to check that ASN.1 lengths are properly encoded

This test checks that length metadata for the ASN.1 encoding of
attestation application ids are correct. It generates an app id that
will have a length between 127 and 256, which should create an encoding
that requires two bytes of length metadata - one byte to specify how many
bytes are needed for the length, and one byte for the length.

Some implementations of keymaster only use one byte in this case, which
will fail on strict ASN.1 parsers.

Bug: 142674020
Test: m VtsHalKeymasterV4_0TargetTest && adb sync data \
&& adb shell data/nativetest64/VtsHalKeymasterV4_0TargetTest/VtsHalKeymasterV4_0TargetTest

Change-Id: I7dfc38a09247eb3cb237f33a202044668d15cbca

diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 0ac7e48..c5acf8c 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

@@ -4413,6 +4413,35 @@
 }
 
 /*
+ * AttestationTest.AttestationApplicationIDLengthProperlyEncoded
+ *
+ * Verifies that the Attestation Application ID software enforced tag has a proper length encoding.
+ * Some implementations break strict encoding rules by encoding a length between 127 and 256 in one
+ * byte. Proper DER encoding specifies that for lengths greather than 127, one byte should be used
+ * to specify how many following bytes will be used to encode the length.
+ */
+TEST_F(AttestationTest, AttestationApplicationIDLengthProperlyEncoded) {
+    auto creation_time = std::chrono::system_clock::now();
+    ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
+                                                 .Authorization(TAG_NO_AUTH_REQUIRED)
+                                                 .EcdsaSigningKey(EcCurve::P_256)
+                                                 .Digest(Digest::SHA_2_256)));
+
+    hidl_vec<hidl_vec<uint8_t>> cert_chain;
+    const string app_id(143, 'a');
+    ASSERT_EQ(ErrorCode::OK,
+              AttestKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))
+                                .Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf(app_id)),
+                        &cert_chain));
+    EXPECT_GE(cert_chain.size(), 2U);
+
+    EXPECT_TRUE(verify_attestation_record("challenge", app_id,                    //
+                                          key_characteristics_.softwareEnforced,  //
+                                          key_characteristics_.hardwareEnforced,  //
+                                          SecLevel(), cert_chain[0], creation_time));
+}
+/*
  * AttestationTest.AesAttestation
  *
  * Verifies that attesting to AES keys fails in the expected way.