summaryrefslogtreecommitdiff
path: root/test/tpm_test
diff options
context:
space:
mode:
authornagendra modadugu <ngm@google.com>2016-06-08 17:38:24 -0700
committerchrome-bot <chrome-bot@chromium.org>2016-06-12 04:38:01 -0700
commita8473bf87d47dc6d00a881328ccda73514c6696f (patch)
treeac8a2d45eaa2f82942f631161741327d5ae5e23c /test/tpm_test
parent2698aba559975f402190e58c9a8dc6e3d5827e32 (diff)
downloadchrome-ec-a8473bf87d47dc6d00a881328ccda73514c6696f.tar.gz
CR50: add a simple ASN.1 parser & certificate verifierstabilize-8447.B
Add a certificate verifier, so that endorsement certificates may be verified upon installation. Doing so allows for catching certificate errors early. BRANCH=none BUG=chrome-os-partner:43025,chrome-os-partner:47524 TEST=all tests in test/tpm_test/tpmtest.py pass Change-Id: I9339a6bc36e4d82ae875ce774e31848ae983fa1f Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/351031 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'test/tpm_test')
-rw-r--r--test/tpm_test/rsa_test.py26
1 files changed, 25 insertions, 1 deletions
diff --git a/test/tpm_test/rsa_test.py b/test/tpm_test/rsa_test.py
index 8fea03c449..7f7c28d5e6 100644
--- a/test/tpm_test/rsa_test.py
+++ b/test/tpm_test/rsa_test.py
@@ -21,7 +21,8 @@ _RSA_OPCODES = {
'VERIFY': 0x03,
'KEYGEN': 0x04,
'KEYTEST': 0x05,
- 'PRIMEGEN': 0x06
+ 'PRIMEGEN': 0x06,
+ 'X509_VERIFY': 0x07
}
@@ -135,6 +136,16 @@ def _primegen_cmd(seed):
ml=struct.pack('>H', len(seed)), msg=seed,
dl=struct.pack('>H', 0), dig='')
+def _x509_verify_cmd(key_len):
+ op = _RSA_OPCODES['X509_VERIFY']
+ padding = _RSA_PADDING['NONE']
+ hashing = _HASH['NONE']
+ return _RSA_CMD_FORMAT.format(o=op, p=padding, h=hashing,
+ kl=struct.pack('>H', key_len),
+ ml=struct.pack('>H', 0), msg='',
+ dl=struct.pack('>H', 0), dig='')
+
+
_PRIMES = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53,
59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131,
137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199,
@@ -723,9 +734,22 @@ def _primegen_tests(tpm):
print('%sSUCCESS: %s' % (utils.cursor_back(), test_name))
+def _x509_verify_tests(tpm):
+ test_name = 'RSA-X509-2048-VERIFY'
+ cmd = _x509_verify_cmd(2048)
+ wrapped_response = tpm.command(tpm.wrap_ext_command(subcmd.RSA, cmd))
+ valid = tpm.unwrap_ext_response(subcmd.RSA, wrapped_response)
+ expected = '\x01'
+ if valid != expected:
+ raise subcmd.TpmTestError('%s error:%s%s' % (
+ test_name, utils.hex_dump(valid), utils.hex_dump(expected)))
+ print('%sSUCCESS: %s' % (utils.cursor_back(), test_name))
+
+
def rsa_test(tpm):
_encrypt_tests(tpm)
_sign_tests(tpm)
_keytest_tests(tpm)
_keygen_tests(tpm)
_primegen_tests(tpm)
+ _x509_verify_tests(tpm)