diff options
| author | David Zeuthen <zeuthen@google.com> | 2020-06-03 13:24:52 -0400 |
|---|---|---|
| committer | David Zeuthen <zeuthen@google.com> | 2020-06-05 09:59:01 -0400 |
| commit | d16d0fa609a80a6c9136b28c9a92053828e749fd (patch) | |
| tree | 7a57fb2c37029f868e751bc955a0ffd1e8940bfc /identity/support/src | |
| parent | 744b02880730ffcb1cf4dade6269e81819a4a5ba (diff) | |
Update Identity Credential VTS tests.
These updates are based on input/experiences implementing this
HAL. There are no API changes.
- Specify that the validity for credentialKey certificate shall be
from current time and expire at the same time as the attestation
batch certificate.
- Require challenge passed to getAttestationCertificate() is
non-empty.
- Fix bug in VTS tests where the startPersonlization() result was not
checked.
- Remove verifyStartPersonalizationZero test since it cannot be
completed.
- Ensure secureUserId is non-zero if user authentication is needed.
- Specify format for signingKeyBlob in generateSigningKeyPair() same
way we do for credentialData in finishAddingEntries().
- Modify EndToEndTest to decrypt/unpack credentialData to obtain
credentialPrivKey and storageKey and do cross-checks on these.
- Modify EndToEndTest to decrypt/unpack signingKeyBlob to obtain
signingKeyPriv and check it matches the public key in the returned
certificate.
- Add new VTS tests for user and reader authentication.
- Relax unnecessary requirements about SessionTranscript structure -
just require it has X and Y of the ephemeral key created earlier.
- Allow calls in VTS tests to v2 HAL to fail - this should allow
these VTS tests to pass on a compliant v1 HAL.
Bug: 156911917
Bug: 158107945
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Merged-In: I11b79dbd57b1830609c70301fea9c99f9e5080cb
Change-Id: I93003389012e69c6df23e1bcebeafde8281caf9c
Diffstat (limited to 'identity/support/src')
| -rw-r--r-- | identity/support/src/IdentityCredentialSupport.cpp | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp index dc49ddc992..e9d5d6c7cc 100644 --- a/identity/support/src/IdentityCredentialSupport.cpp +++ b/identity/support/src/IdentityCredentialSupport.cpp @@ -1047,6 +1047,42 @@ optional<vector<uint8_t>> ecKeyPairGetPrivateKey(const vector<uint8_t>& keyPair) return privateKey; } +optional<vector<uint8_t>> ecPrivateKeyToKeyPair(const vector<uint8_t>& privateKey) { + auto bn = BIGNUM_Ptr(BN_bin2bn(privateKey.data(), privateKey.size(), nullptr)); + if (bn.get() == nullptr) { + LOG(ERROR) << "Error creating BIGNUM"; + return {}; + } + + auto ecKey = EC_KEY_Ptr(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + if (EC_KEY_set_private_key(ecKey.get(), bn.get()) != 1) { + LOG(ERROR) << "Error setting private key from BIGNUM"; + return {}; + } + + auto pkey = EVP_PKEY_Ptr(EVP_PKEY_new()); + if (pkey.get() == nullptr) { + LOG(ERROR) << "Memory allocation failed"; + return {}; + } + + if (EVP_PKEY_set1_EC_KEY(pkey.get(), ecKey.get()) != 1) { + LOG(ERROR) << "Error getting private key"; + return {}; + } + + int size = i2d_PrivateKey(pkey.get(), nullptr); + if (size == 0) { + LOG(ERROR) << "Error generating public key encoding"; + return {}; + } + vector<uint8_t> keyPair; + keyPair.resize(size); + unsigned char* p = keyPair.data(); + i2d_PrivateKey(pkey.get(), &p); + return keyPair; +} + optional<vector<uint8_t>> ecKeyPairGetPkcs12(const vector<uint8_t>& keyPair, const string& name, const string& serialDecimal, const string& issuer, const string& subject, time_t validityNotBefore, |