diff options
author | nagendra modadugu <ngm@google.com> | 2016-06-08 17:38:24 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-06-12 04:38:01 -0700 |
commit | a8473bf87d47dc6d00a881328ccda73514c6696f (patch) | |
tree | ac8a2d45eaa2f82942f631161741327d5ae5e23c /test/tpm_test | |
parent | 2698aba559975f402190e58c9a8dc6e3d5827e32 (diff) | |
download | chrome-ec-a8473bf87d47dc6d00a881328ccda73514c6696f.tar.gz |
CR50: add a simple ASN.1 parser & certificate verifierstabilize-8447.B
Add a certificate verifier, so that endorsement
certificates may be verified upon installation.
Doing so allows for catching certificate errors early.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=all tests in test/tpm_test/tpmtest.py pass
Change-Id: I9339a6bc36e4d82ae875ce774e31848ae983fa1f
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/351031
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'test/tpm_test')
-rw-r--r-- | test/tpm_test/rsa_test.py | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/test/tpm_test/rsa_test.py b/test/tpm_test/rsa_test.py index 8fea03c449..7f7c28d5e6 100644 --- a/test/tpm_test/rsa_test.py +++ b/test/tpm_test/rsa_test.py @@ -21,7 +21,8 @@ _RSA_OPCODES = { 'VERIFY': 0x03, 'KEYGEN': 0x04, 'KEYTEST': 0x05, - 'PRIMEGEN': 0x06 + 'PRIMEGEN': 0x06, + 'X509_VERIFY': 0x07 } @@ -135,6 +136,16 @@ def _primegen_cmd(seed): ml=struct.pack('>H', len(seed)), msg=seed, dl=struct.pack('>H', 0), dig='') +def _x509_verify_cmd(key_len): + op = _RSA_OPCODES['X509_VERIFY'] + padding = _RSA_PADDING['NONE'] + hashing = _HASH['NONE'] + return _RSA_CMD_FORMAT.format(o=op, p=padding, h=hashing, + kl=struct.pack('>H', key_len), + ml=struct.pack('>H', 0), msg='', + dl=struct.pack('>H', 0), dig='') + + _PRIMES = [2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, @@ -723,9 +734,22 @@ def _primegen_tests(tpm): print('%sSUCCESS: %s' % (utils.cursor_back(), test_name)) +def _x509_verify_tests(tpm): + test_name = 'RSA-X509-2048-VERIFY' + cmd = _x509_verify_cmd(2048) + wrapped_response = tpm.command(tpm.wrap_ext_command(subcmd.RSA, cmd)) + valid = tpm.unwrap_ext_response(subcmd.RSA, wrapped_response) + expected = '\x01' + if valid != expected: + raise subcmd.TpmTestError('%s error:%s%s' % ( + test_name, utils.hex_dump(valid), utils.hex_dump(expected))) + print('%sSUCCESS: %s' % (utils.cursor_back(), test_name)) + + def rsa_test(tpm): _encrypt_tests(tpm) _sign_tests(tpm) _keytest_tests(tpm) _keygen_tests(tpm) _primegen_tests(tpm) + _x509_verify_tests(tpm) |