Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / e6c789cfbe9cd452b0ff347b1d304e29f20dd4b8^! / . / cppcose / cppcose.cpp
commite6c789cfbe9cd452b0ff347b1d304e29f20dd4b8[log] [tgz]
authorMax Bires <jbires@google.com>Sun Jun 13 14:36:18 2021 -0700
committerSeth Moore <sethmo@google.com>Thu Jun 17 12:31:44 2021 -0700
tree60baffadc5acdd8a2a538212b00c78f97150e87a
parent351da8db2ec3e3df050a0b8b00bc972e8ff0763c [diff] [blame]
Check the signature on the EEK Chain.

Signatures on the EEK chain weren't actually being checked when RKP was
being run in test mode. This is not the desired behavior. When in test
mode, the only thing that should be disabled is verifying that the EEK
Chain root matches the Google root. The EEK Chain provided to KM should
still be a valid chain, where each certificate verifies the next one.

Ignore-AOSP-First: CP from AOSP to SC-Dev
Fixes: 190942528
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: Ibc4697a29a84e3840aa3f19733aeea212fcf6236

diff --git a/cppcose/cppcose.cpp b/cppcose/cppcose.cpp
index 2d8652e..0db9c84 100644
--- a/cppcose/cppcose.cpp
+++ b/cppcose/cppcose.cpp

@@ -170,7 +170,7 @@
     return constructCoseSign1(key, {} /* protectedParams */, payload, aad);
 }
 
-ErrMsgOr<bytevec> verifyAndParseCoseSign1(bool ignoreSignature, const cppbor::Array* coseSign1,
+ErrMsgOr<bytevec> verifyAndParseCoseSign1(const cppbor::Array* coseSign1,
                                           const bytevec& signingCoseKey, const bytevec& aad) {
     if (!coseSign1 || coseSign1->size() != kCoseSign1EntryCount) {
         return "Invalid COSE_Sign1";
@@ -197,25 +197,23 @@
         return "Unsupported signature algorithm";
     }
 
-    if (!ignoreSignature) {
-        const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr();
-        if (!signature || signature->value().empty()) {
-            return "Missing signature input";
-        }
+    const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr();
+    if (!signature || signature->value().empty()) {
+        return "Missing signature input";
+    }
 
-        bool selfSigned = signingCoseKey.empty();
-        auto key = CoseKey::parseEd25519(selfSigned ? payload->value() : signingCoseKey);
-        if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty()) {
-            return "Bad signing key: " + key.moveMessage();
-        }
+    bool selfSigned = signingCoseKey.empty();
+    auto key = CoseKey::parseEd25519(selfSigned ? payload->value() : signingCoseKey);
+    if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty()) {
+        return "Bad signing key: " + key.moveMessage();
+    }
 
-        bytevec signatureInput =
-            cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode();
+    bytevec signatureInput =
+        cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode();
 
-        if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(),
-                            key->getBstrValue(CoseKey::PUBKEY_X)->data())) {
-            return "Signature verification failed";
-        }
+    if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(),
+                        key->getBstrValue(CoseKey::PUBKEY_X)->data())) {
+        return "Signature verification failed";
     }
 
     return payload->value();