Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / 3a30fec3f6b588241afbdf1619e61fad02fb21a8^! / . / cppcose / cppcose.cpp
commit3a30fec3f6b588241afbdf1619e61fad02fb21a8[log] [tgz]
authorMax Bires <jbires@google.com>Sun Jun 13 14:36:18 2021 -0700
committerMax Bires <jbires@google.com>Tue Jun 22 18:35:09 2021 -0700
tree3d740649d91db2ee0b8101ee721c75a63c3a4dd8
parenta7b61e5ff3cced698dc02e7d0b7962c1b7e356d5 [diff] [blame]
Check the signature on the EEK Chain.

Signatures on the EEK chain weren't actually being checked when RKP was
being run in test mode. This is not the desired behavior. When in test
mode, the only thing that should be disabled is verifying that the EEK
Chain root matches the Google root. The EEK Chain provided to KM should
still be a valid chain, where each certificate verifies the next one.

Fixes: 190942528
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ibc4697a29a84e3840aa3f19733aeea212fcf6236
Merged-In: Ibc4697a29a84e3840aa3f19733aeea212fcf6236

diff --git a/cppcose/cppcose.cpp b/cppcose/cppcose.cpp
index b37900e..bfe9928 100644
--- a/cppcose/cppcose.cpp
+++ b/cppcose/cppcose.cpp

@@ -170,7 +170,7 @@
     return constructCoseSign1(key, {} /* protectedParams */, payload, aad);
 }
 
-ErrMsgOr<bytevec> verifyAndParseCoseSign1(bool ignoreSignature, const cppbor::Array* coseSign1,
+ErrMsgOr<bytevec> verifyAndParseCoseSign1(const cppbor::Array* coseSign1,
                                           const bytevec& signingCoseKey, const bytevec& aad) {
     if (!coseSign1 || coseSign1->size() != kCoseSign1EntryCount) {
         return "Invalid COSE_Sign1";
@@ -197,25 +197,23 @@
         return "Unsupported signature algorithm";
     }
 
-    if (!ignoreSignature) {
-        const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr();
-        if (!signature || signature->value().empty()) {
-            return "Missing signature input";
-        }
+    const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr();
+    if (!signature || signature->value().empty()) {
+        return "Missing signature input";
+    }
 
-        bool selfSigned = signingCoseKey.empty();
-        auto key = CoseKey::parseEd25519(selfSigned ? payload->value() : signingCoseKey);
-        if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty()) {
-            return "Bad signing key: " + key.moveMessage();
-        }
+    bool selfSigned = signingCoseKey.empty();
+    auto key = CoseKey::parseEd25519(selfSigned ? payload->value() : signingCoseKey);
+    if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty()) {
+        return "Bad signing key: " + key.moveMessage();
+    }
 
-        bytevec signatureInput =
-            cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode();
+    bytevec signatureInput =
+        cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode();
 
-        if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(),
-                            key->getBstrValue(CoseKey::PUBKEY_X)->data())) {
-            return "Signature verification failed";
-        }
+    if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(),
+                        key->getBstrValue(CoseKey::PUBKEY_X)->data())) {
+        return "Signature verification failed";
     }
 
     return payload->value();