diff options
| author | Seth Moore <sethmo@google.com> | 2022-01-25 22:44:24 +0000 |
|---|---|---|
| committer | Seth Moore <sethmo@google.com> | 2022-01-25 22:44:24 +0000 |
| commit | be32113307d67f54e594e5322f85b65e4e2c4fdb (patch) | |
| tree | a9b8786c217a28e6c47f127ae518109cc98c3a41 /identity/aidl/vts/Util.cpp | |
| parent | b5b69f0e009388fccb000a9a8aac5a38dbbd2726 (diff) | |
Revert "Add remote key provisioning to the IC HAL"
Revert "Add dependency on keymint cpp lib"
Revert "Allow default identity service to call keymint"
Revert submission 1956689-add rkp to identity-default
Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint
Change-Id: I76a898c04090c5befe5fb5a5d07ec2e397fdd8b3
Diffstat (limited to 'identity/aidl/vts/Util.cpp')
| -rw-r--r-- | identity/aidl/vts/Util.cpp | 80 |
1 files changed, 1 insertions, 79 deletions
diff --git a/identity/aidl/vts/Util.cpp b/identity/aidl/vts/Util.cpp index f3d7c30548..1148cb0b60 100644 --- a/identity/aidl/vts/Util.cpp +++ b/identity/aidl/vts/Util.cpp @@ -20,16 +20,12 @@ #include <android-base/logging.h> -#include <KeyMintAidlTestBase.h> #include <aidl/Gtest.h> -#include <aidl/android/hardware/security/keymint/MacedPublicKey.h> #include <android-base/stringprintf.h> #include <keymaster/km_openssl/openssl_utils.h> #include <keymasterV4_1/attestation_record.h> -#include <keymint_support/openssl_utils.h> -#include <openssl/evp.h> - #include <charconv> + #include <map> namespace android::hardware::identity::test_utils { @@ -40,13 +36,10 @@ using std::optional; using std::string; using std::vector; -using ::aidl::android::hardware::security::keymint::test::check_maced_pubkey; -using ::aidl::android::hardware::security::keymint::test::p256_pub_key; using ::android::sp; using ::android::String16; using ::android::base::StringPrintf; using ::android::binder::Status; -using ::android::hardware::security::keymint::MacedPublicKey; using ::keymaster::X509_Ptr; bool setupWritableCredential(sp<IWritableIdentityCredential>& writableCredential, @@ -65,77 +58,6 @@ bool setupWritableCredential(sp<IWritableIdentityCredential>& writableCredential } } -optional<vector<vector<uint8_t>>> createFakeRemotelyProvisionedCertificateChain( - const MacedPublicKey& macedPublicKey) { - // The helper library uses the NDK symbols, so play a little trickery here to convert - // the data into the proper type so we can reuse the helper function to get the pubkey. - ::aidl::android::hardware::security::keymint::MacedPublicKey ndkMacedPublicKey; - ndkMacedPublicKey.macedKey = macedPublicKey.macedKey; - - vector<uint8_t> publicKeyBits; - check_maced_pubkey(ndkMacedPublicKey, /*testMode=*/true, &publicKeyBits); - - ::aidl::android::hardware::security::keymint::EVP_PKEY_Ptr publicKey; - p256_pub_key(publicKeyBits, &publicKey); - - // Generate an arbitrary root key for our chain - bssl::UniquePtr<EC_KEY> ecRootKey(EC_KEY_new()); - bssl::UniquePtr<EVP_PKEY> rootKey(EVP_PKEY_new()); - if (ecRootKey.get() == nullptr || rootKey.get() == nullptr) { - LOG(ERROR) << "Memory allocation failed"; - return {}; - } - - bssl::UniquePtr<EC_GROUP> group(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); - if (group.get() == nullptr) { - LOG(ERROR) << "Error creating EC group by curve name"; - return {}; - } - - if (EC_KEY_set_group(ecRootKey.get(), group.get()) != 1 || - EC_KEY_generate_key(ecRootKey.get()) != 1 || EC_KEY_check_key(ecRootKey.get()) < 0) { - LOG(ERROR) << "Error generating key"; - return {}; - } - - if (EVP_PKEY_set1_EC_KEY(rootKey.get(), ecRootKey.get()) != 1) { - LOG(ERROR) << "Error getting private key"; - return {}; - } - - // The VTS test does not fully validate the chain, so we're ok without the proper CA extensions. - map<string, vector<uint8_t>> extensions; - - // Now make a self-signed cert - optional<vector<uint8_t>> root = support::ecPublicKeyGenerateCertificate( - rootKey.get(), rootKey.get(), - /*serialDecimal=*/"31415", - /*subject=*/"Android IdentityCredential VTS Test Root Certificate", - /*subject=*/"Android IdentityCredential VTS Test Root Certificate", - /*validityNotBefore=*/time(nullptr), - /*validityNotAfter=*/time(nullptr) + 365 * 24 * 3600, extensions); - if (!root) { - LOG(ERROR) << "Error generating root cert"; - return std::nullopt; - } - - // Now sign a CA cert so that we have a chain that's good enough to satisfy - // the VTS tests. - optional<vector<uint8_t>> intermediate = support::ecPublicKeyGenerateCertificate( - publicKey.get(), rootKey.get(), - /*serialDecimal=*/"42", - /*subject=*/"Android IdentityCredential VTS Test Root Certificate", - /*subject=*/"Android IdentityCredential VTS Test Attestation Certificate", - /*validityNotBefore=*/time(nullptr), - /*validityNotAfter=*/time(nullptr) + 365 * 24 * 3600, extensions); - if (!intermediate) { - LOG(ERROR) << "Error generating intermediate cert"; - return std::nullopt; - } - - return vector<vector<uint8_t>>{std::move(*intermediate), std::move(*root)}; -} - optional<vector<uint8_t>> generateReaderCertificate(string serialDecimal) { vector<uint8_t> privKey; return generateReaderCertificate(serialDecimal, &privKey); |