diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2021-08-17 22:57:37 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2021-08-17 22:57:37 +0000 |
commit | 858d482871f3b757af1da04777a3bd9be9ea427a (patch) | |
tree | 4ddca85806e8b136eee21b47e74d25a5c2134f91 | |
parent | 589d5814fddea9bf7574db8e85f9ebfa335e896e (diff) | |
parent | b5e402bf17321bbee5b824e929ac1be45e89ffc6 (diff) | |
download | interfaces-android12-security-release.tar.gz |
Merge cherrypicks of [15601928, 15601978, 15601929, 15602376, 15602372, 15601960, 15601961, 15601962, 15601963, 15601964, 15602416, 15602437, 15602438, 15602440, 15602441, 15602443, 15602444, 15602445, 15602446, 15602447, 15601006, 15601007, 15601008, 15601009, 15601010, 15601011, 15601932, 15601933, 15601934, 15601935, 15602456, 15602457, 15602458, 15602459, 15601981, 15601982, 15601983, 15601984, 15602417, 15602418, 15602419, 15602420, 15602421, 15602422, 15602423, 15602379, 15602380, 15602381, 15602382, 15602383, 15602384, 15602385, 15602386, 15601012, 15601013, 15601014, 15601015, 15602476, 15602477] into sc-releaseandroid-vts-12.0_r1android-security-12.0.0_r60android-security-12.0.0_r59android-security-12.0.0_r58android-security-12.0.0_r57android-security-12.0.0_r56android-security-12.0.0_r55android-security-12.0.0_r54android-security-12.0.0_r53android-security-12.0.0_r52android-security-12.0.0_r51android-security-12.0.0_r50android-security-12.0.0_r49android-security-12.0.0_r48android-security-12.0.0_r47android-security-12.0.0_r46android-security-12.0.0_r45android-security-12.0.0_r44android-security-12.0.0_r43android-security-12.0.0_r42android-security-12.0.0_r41android-security-12.0.0_r40android-security-12.0.0_r39android-security-12.0.0_r38android-security-12.0.0_r37android-security-12.0.0_r36android-security-12.0.0_r35android-security-12.0.0_r34android-platform-12.0.0_r1android-cts-12.0_r1android-12.0.0_r9android-12.0.0_r8android-12.0.0_r34android-12.0.0_r33android-12.0.0_r31android-12.0.0_r30android-12.0.0_r3android-12.0.0_r25android-12.0.0_r2android-12.0.0_r11android-12.0.0_r10android-12.0.0_r1android12-security-releaseandroid12-s5-releaseandroid12-s4-releaseandroid12-s3-releaseandroid12-s2-releaseandroid12-s1-releaseandroid12-release
Change-Id: Ib5779eaebe4343915079821bbdf260ae9d3672c7
-rw-r--r-- | wifi/keystore/1.0/default/keystore.cpp | 43 | ||||
-rw-r--r-- | wifi/keystore/1.0/default/test/Android.bp | 1 | ||||
-rw-r--r-- | wifi/keystore/1.0/default/test/WifiLegacyKeystoreIntegrationTest.cpp | 144 | ||||
-rw-r--r-- | wifi/keystore/1.0/default/wifikeystorehal_utils.h | 51 |
4 files changed, 129 insertions, 110 deletions
diff --git a/wifi/keystore/1.0/default/keystore.cpp b/wifi/keystore/1.0/default/keystore.cpp index 68b682e..69bac18 100644 --- a/wifi/keystore/1.0/default/keystore.cpp +++ b/wifi/keystore/1.0/default/keystore.cpp @@ -7,19 +7,17 @@ #include <android-base/strings.h> #include <android/binder_manager.h> #include <binder/IServiceManager.h> -#include <ctype.h> #include <openssl/base.h> #include <openssl/bio.h> #include <openssl/pem.h> #include <openssl/x509.h> #include <private/android_filesystem_config.h> #include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <future> #include <vector> +#include "wifikeystorehal_utils.h" + #define AT __func__ << ":" << __LINE__ << " " namespace ks2 = ::aidl::android::system::keystore2; @@ -35,43 +33,6 @@ constexpr const char kLegacyKeystoreServiceName[] = "android.security.legacykeys const std::string keystore2_grant_id_prefix("ks2_keystore-engine_grant_id:"); -// Helper method to extract public key from the certificate. -std::vector<uint8_t> extractPubKey(const std::vector<uint8_t>& cert_bytes) { - bssl::UniquePtr<BIO> cert_bio(BIO_new_mem_buf(cert_bytes.data(), cert_bytes.size())); - if (!cert_bio) { - LOG(ERROR) << AT << "Failed to create BIO"; - return {}; - } - bssl::UniquePtr<X509> decoded_cert(d2i_X509_bio(cert_bio.get(), nullptr)); - if (!decoded_cert) { - LOG(INFO) << AT << "Could not decode the cert, trying decoding as PEM"; - decoded_cert = - bssl::UniquePtr<X509>(PEM_read_bio_X509(cert_bio.get(), nullptr, nullptr, nullptr)); - } - if (!decoded_cert) { - LOG(ERROR) << AT << "Could not decode the cert."; - return {}; - } - bssl::UniquePtr<EVP_PKEY> pub_key(X509_get_pubkey(decoded_cert.get())); - if (!pub_key) { - LOG(ERROR) << AT << "Could not extract public key."; - return {}; - } - bssl::UniquePtr<BIO> pub_key_bio(BIO_new(BIO_s_mem())); - if (!pub_key_bio || i2d_PUBKEY_bio(pub_key_bio.get(), pub_key.get()) <= 0) { - LOG(ERROR) << AT << "Could not serialize public key."; - return {}; - } - const uint8_t* pub_key_bytes; - size_t pub_key_len; - if (!BIO_mem_contents(pub_key_bio.get(), &pub_key_bytes, &pub_key_len)) { - LOG(ERROR) << AT << "Could not get bytes from BIO."; - return {}; - } - - return {pub_key_bytes, pub_key_bytes + pub_key_len}; -} - ks2::KeyDescriptor mkKeyDescriptor(const std::string& alias) { // If the key_id starts with the grant id prefix, we parse the following string as numeric // grant id. We can then use the grant domain without alias to load the designated key. diff --git a/wifi/keystore/1.0/default/test/Android.bp b/wifi/keystore/1.0/default/test/Android.bp index e16155b..eef58e9 100644 --- a/wifi/keystore/1.0/default/test/Android.bp +++ b/wifi/keystore/1.0/default/test/Android.bp @@ -23,6 +23,7 @@ cc_test { shared_libs: [ "libbase", "liblog", + "libcrypto", "libcutils", "libhidlbase", "libnativehelper", diff --git a/wifi/keystore/1.0/default/test/WifiLegacyKeystoreIntegrationTest.cpp b/wifi/keystore/1.0/default/test/WifiLegacyKeystoreIntegrationTest.cpp index 5fa1684..ac801e5 100644 --- a/wifi/keystore/1.0/default/test/WifiLegacyKeystoreIntegrationTest.cpp +++ b/wifi/keystore/1.0/default/test/WifiLegacyKeystoreIntegrationTest.cpp @@ -15,19 +15,16 @@ */ #include <aidl/android/security/legacykeystore/ILegacyKeystore.h> -#include <aidl/android/system/keystore2/IKeystoreOperation.h> -#include <aidl/android/system/keystore2/IKeystoreSecurityLevel.h> -#include <aidl/android/system/keystore2/IKeystoreService.h> #include <aidl/android/system/keystore2/ResponseCode.h> #include <android/binder_manager.h> #include <android/system/wifi/keystore/1.0/IKeystore.h> -#include <binder/IServiceManager.h> #include <cutils/properties.h> #include <gtest/gtest.h> #include <hidl/GtestPrinter.h> #include <hidl/ServiceManagement.h> #include <private/android_filesystem_config.h> -#include <utils/String16.h> + +#include "../wifikeystorehal_utils.h" using namespace std; using namespace ::testing; @@ -50,6 +47,65 @@ enum KeyPurpose { SIGNING, }; +// Some test certificate in PEM encoding. +static const char kPemTestCert[] = R"(-----BEGIN CERTIFICATE----- +MIICWDCCAcGgAwIBAgIUMpH52TRcL1gTknsm5eR+wvCGxNMwDQYJKoZIhvcNAQEL +BQAwPjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxGjAYBgNVBAoM +EUFuZHJvaWQgVGVzdCBDZXJ0MB4XDTIxMDczMDAwMzY1OVoXDTIyMDczMDAwMzY1 +OVowPjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxGjAYBgNVBAoM +EUFuZHJvaWQgVGVzdCBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL +q7JTXvL3ErVX2ZU9hQ0PLnkyw984qweNhQw8xIvwzTs3hXtV0K4hmWJiPKxOv3H7 +Q//TOcxI6+Qp4qOa79UUYDvmObjOCW1jQvZ9UQQfvdMO1WSa3BQoPJYQXiuyiuPs ++XM58Yl8TPV+IQ+Znx5axn5PxEmoqCUmeBv/wbJlDwIDAQABo1MwUTAdBgNVHQ4E +FgQUEbhF5fYkUPchj+GdWX1aoOHkH3owHwYDVR0jBBgwFoAUEbhF5fYkUPchj+Gd +WX1aoOHkH3owDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQChejph +iYWFBeQEQtPYGGwSNO1HgzRhvsdGKDJUtRDAvDPxlRO8jkGmrSaD3QJUY4bCkx5c +S9W7oRxyiUaxJFtw9Lbxkc4G3v0hpxYqfX4R4lzM8oU/50cPEpZGVaIZNrqBiXbd +wFzPSv/UTXFBKlR5grYTmsiHCBbEv0apNJNI0g== +-----END CERTIFICATE----- +)"; + +// Some test certificate in DER encoding. +static const std::vector<uint8_t> kDerTestCert{ + 0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0xc1, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x32, + 0x91, 0xf9, 0xd9, 0x34, 0x5c, 0x2f, 0x58, 0x13, 0x92, 0x7b, 0x26, 0xe5, 0xe4, 0x7e, 0xc2, 0xf0, + 0x86, 0xc4, 0xd3, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, + 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x11, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, + 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35, + 0x39, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, + 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x11, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, + 0x72, 0x74, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcb, + 0xab, 0xb2, 0x53, 0x5e, 0xf2, 0xf7, 0x12, 0xb5, 0x57, 0xd9, 0x95, 0x3d, 0x85, 0x0d, 0x0f, 0x2e, + 0x79, 0x32, 0xc3, 0xdf, 0x38, 0xab, 0x07, 0x8d, 0x85, 0x0c, 0x3c, 0xc4, 0x8b, 0xf0, 0xcd, 0x3b, + 0x37, 0x85, 0x7b, 0x55, 0xd0, 0xae, 0x21, 0x99, 0x62, 0x62, 0x3c, 0xac, 0x4e, 0xbf, 0x71, 0xfb, + 0x43, 0xff, 0xd3, 0x39, 0xcc, 0x48, 0xeb, 0xe4, 0x29, 0xe2, 0xa3, 0x9a, 0xef, 0xd5, 0x14, 0x60, + 0x3b, 0xe6, 0x39, 0xb8, 0xce, 0x09, 0x6d, 0x63, 0x42, 0xf6, 0x7d, 0x51, 0x04, 0x1f, 0xbd, 0xd3, + 0x0e, 0xd5, 0x64, 0x9a, 0xdc, 0x14, 0x28, 0x3c, 0x96, 0x10, 0x5e, 0x2b, 0xb2, 0x8a, 0xe3, 0xec, + 0xf9, 0x73, 0x39, 0xf1, 0x89, 0x7c, 0x4c, 0xf5, 0x7e, 0x21, 0x0f, 0x99, 0x9f, 0x1e, 0x5a, 0xc6, + 0x7e, 0x4f, 0xc4, 0x49, 0xa8, 0xa8, 0x25, 0x26, 0x78, 0x1b, 0xff, 0xc1, 0xb2, 0x65, 0x0f, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, + 0x16, 0x04, 0x14, 0x11, 0xb8, 0x45, 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59, + 0x7d, 0x5a, 0xa0, 0xe1, 0xe4, 0x1f, 0x7a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x11, 0xb8, 0x45, 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, + 0x59, 0x7d, 0x5a, 0xa0, 0xe1, 0xe4, 0x1f, 0x7a, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, + 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xa1, 0x7a, 0x3a, 0x61, + 0x89, 0x85, 0x85, 0x05, 0xe4, 0x04, 0x42, 0xd3, 0xd8, 0x18, 0x6c, 0x12, 0x34, 0xed, 0x47, 0x83, + 0x34, 0x61, 0xbe, 0xc7, 0x46, 0x28, 0x32, 0x54, 0xb5, 0x10, 0xc0, 0xbc, 0x33, 0xf1, 0x95, 0x13, + 0xbc, 0x8e, 0x41, 0xa6, 0xad, 0x26, 0x83, 0xdd, 0x02, 0x54, 0x63, 0x86, 0xc2, 0x93, 0x1e, 0x5c, + 0x4b, 0xd5, 0xbb, 0xa1, 0x1c, 0x72, 0x89, 0x46, 0xb1, 0x24, 0x5b, 0x70, 0xf4, 0xb6, 0xf1, 0x91, + 0xce, 0x06, 0xde, 0xfd, 0x21, 0xa7, 0x16, 0x2a, 0x7d, 0x7e, 0x11, 0xe2, 0x5c, 0xcc, 0xf2, 0x85, + 0x3f, 0xe7, 0x47, 0x0f, 0x12, 0x96, 0x46, 0x55, 0xa2, 0x19, 0x36, 0xba, 0x81, 0x89, 0x76, 0xdd, + 0xc0, 0x5c, 0xcf, 0x4a, 0xff, 0xd4, 0x4d, 0x71, 0x41, 0x2a, 0x54, 0x79, 0x82, 0xb6, 0x13, 0x9a, + 0xc8, 0x87, 0x08, 0x16, 0xc4, 0xbf, 0x46, 0xa9, 0x34, 0x93, 0x48, 0xd2}; + // The fixture for testing the Wifi Keystore HAL legacy keystore integration. class WifiLegacyKeystoreTest : public TestWithParam<std::string> { protected: @@ -163,27 +219,10 @@ TEST_P(WifiLegacyKeystoreTest, GetLegacyKeystoreTest) { << "Cannot transition to AID_SYSTEM."; } - // Only AID_SYSTEM (and AID_WIFI) is allowed to manipulate + // Only AID_SYSTEM (and AID_WIFI) is allowed to manipulate the wifi namespace. ASSERT_EQ(0, seteuid(AID_SYSTEM)) << "Failed to set uid to AID_SYSTEM: " << strerror(errno); - // Some test certificate in PEM encoding. - static const char kTestBlob[] = R"(-----BEGIN CERTIFICATE----- -MIICWDCCAcGgAwIBAgIUMpH52TRcL1gTknsm5eR+wvCGxNMwDQYJKoZIhvcNAQEL -BQAwPjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxGjAYBgNVBAoM -EUFuZHJvaWQgVGVzdCBDZXJ0MB4XDTIxMDczMDAwMzY1OVoXDTIyMDczMDAwMzY1 -OVowPjELMAkGA1UEBhMCVVMxEzARBgNVBAgMClNvbWUtU3RhdGUxGjAYBgNVBAoM -EUFuZHJvaWQgVGVzdCBDZXJ0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDL -q7JTXvL3ErVX2ZU9hQ0PLnkyw984qweNhQw8xIvwzTs3hXtV0K4hmWJiPKxOv3H7 -Q//TOcxI6+Qp4qOa79UUYDvmObjOCW1jQvZ9UQQfvdMO1WSa3BQoPJYQXiuyiuPs -+XM58Yl8TPV+IQ+Znx5axn5PxEmoqCUmeBv/wbJlDwIDAQABo1MwUTAdBgNVHQ4E -FgQUEbhF5fYkUPchj+GdWX1aoOHkH3owHwYDVR0jBBgwFoAUEbhF5fYkUPchj+Gd -WX1aoOHkH3owDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOBgQChejph -iYWFBeQEQtPYGGwSNO1HgzRhvsdGKDJUtRDAvDPxlRO8jkGmrSaD3QJUY4bCkx5c -S9W7oRxyiUaxJFtw9Lbxkc4G3v0hpxYqfX4R4lzM8oU/50cPEpZGVaIZNrqBiXbd -wFzPSv/UTXFBKlR5grYTmsiHCBbEv0apNJNI0g== ------END CERTIFICATE----- -)"; - const std::vector<uint8_t> TESTBLOB(std::begin(kTestBlob), std::end(kTestBlob)); + const std::vector<uint8_t> TESTBLOB(std::begin(kPemTestCert), std::end(kPemTestCert)); const std::string TESTALIAS = "LegacyKeystoreWifiTestAlias"; ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI)); @@ -217,54 +256,10 @@ TEST_P(WifiLegacyKeystoreTest, IKeystoreGetAlwaysReturnsPem) { // Only AID_SYSTEM (and AID_WIFI) is allowed to manipulate ASSERT_EQ(0, seteuid(AID_SYSTEM)) << "Failed to set uid to AID_SYSTEM: " << strerror(errno); - // Some test certificate in DER encoding. - const std::vector<uint8_t> TESTBLOB_DER{ - 0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x01, 0xc1, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, - 0x32, 0x91, 0xf9, 0xd9, 0x34, 0x5c, 0x2f, 0x58, 0x13, 0x92, 0x7b, 0x26, 0xe5, 0xe4, 0x7e, - 0xc2, 0xf0, 0x86, 0xc4, 0xd3, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, - 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18, - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x11, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, - 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, - 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x32, - 0x30, 0x37, 0x33, 0x30, 0x30, 0x30, 0x33, 0x36, 0x35, 0x39, 0x5a, 0x30, 0x3e, 0x31, 0x0b, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, - 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x2d, 0x53, 0x74, 0x61, - 0x74, 0x65, 0x31, 0x1a, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x11, 0x41, 0x6e, - 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x54, 0x65, 0x73, 0x74, 0x20, 0x43, 0x65, 0x72, 0x74, - 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xcb, - 0xab, 0xb2, 0x53, 0x5e, 0xf2, 0xf7, 0x12, 0xb5, 0x57, 0xd9, 0x95, 0x3d, 0x85, 0x0d, 0x0f, - 0x2e, 0x79, 0x32, 0xc3, 0xdf, 0x38, 0xab, 0x07, 0x8d, 0x85, 0x0c, 0x3c, 0xc4, 0x8b, 0xf0, - 0xcd, 0x3b, 0x37, 0x85, 0x7b, 0x55, 0xd0, 0xae, 0x21, 0x99, 0x62, 0x62, 0x3c, 0xac, 0x4e, - 0xbf, 0x71, 0xfb, 0x43, 0xff, 0xd3, 0x39, 0xcc, 0x48, 0xeb, 0xe4, 0x29, 0xe2, 0xa3, 0x9a, - 0xef, 0xd5, 0x14, 0x60, 0x3b, 0xe6, 0x39, 0xb8, 0xce, 0x09, 0x6d, 0x63, 0x42, 0xf6, 0x7d, - 0x51, 0x04, 0x1f, 0xbd, 0xd3, 0x0e, 0xd5, 0x64, 0x9a, 0xdc, 0x14, 0x28, 0x3c, 0x96, 0x10, - 0x5e, 0x2b, 0xb2, 0x8a, 0xe3, 0xec, 0xf9, 0x73, 0x39, 0xf1, 0x89, 0x7c, 0x4c, 0xf5, 0x7e, - 0x21, 0x0f, 0x99, 0x9f, 0x1e, 0x5a, 0xc6, 0x7e, 0x4f, 0xc4, 0x49, 0xa8, 0xa8, 0x25, 0x26, - 0x78, 0x1b, 0xff, 0xc1, 0xb2, 0x65, 0x0f, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, - 0x51, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x11, 0xb8, 0x45, - 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59, 0x7d, 0x5a, 0xa0, 0xe1, 0xe4, - 0x1f, 0x7a, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, - 0x11, 0xb8, 0x45, 0xe5, 0xf6, 0x24, 0x50, 0xf7, 0x21, 0x8f, 0xe1, 0x9d, 0x59, 0x7d, 0x5a, - 0xa0, 0xe1, 0xe4, 0x1f, 0x7a, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, - 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0xa1, 0x7a, 0x3a, 0x61, - 0x89, 0x85, 0x85, 0x05, 0xe4, 0x04, 0x42, 0xd3, 0xd8, 0x18, 0x6c, 0x12, 0x34, 0xed, 0x47, - 0x83, 0x34, 0x61, 0xbe, 0xc7, 0x46, 0x28, 0x32, 0x54, 0xb5, 0x10, 0xc0, 0xbc, 0x33, 0xf1, - 0x95, 0x13, 0xbc, 0x8e, 0x41, 0xa6, 0xad, 0x26, 0x83, 0xdd, 0x02, 0x54, 0x63, 0x86, 0xc2, - 0x93, 0x1e, 0x5c, 0x4b, 0xd5, 0xbb, 0xa1, 0x1c, 0x72, 0x89, 0x46, 0xb1, 0x24, 0x5b, 0x70, - 0xf4, 0xb6, 0xf1, 0x91, 0xce, 0x06, 0xde, 0xfd, 0x21, 0xa7, 0x16, 0x2a, 0x7d, 0x7e, 0x11, - 0xe2, 0x5c, 0xcc, 0xf2, 0x85, 0x3f, 0xe7, 0x47, 0x0f, 0x12, 0x96, 0x46, 0x55, 0xa2, 0x19, - 0x36, 0xba, 0x81, 0x89, 0x76, 0xdd, 0xc0, 0x5c, 0xcf, 0x4a, 0xff, 0xd4, 0x4d, 0x71, 0x41, - 0x2a, 0x54, 0x79, 0x82, 0xb6, 0x13, 0x9a, 0xc8, 0x87, 0x08, 0x16, 0xc4, 0xbf, 0x46, 0xa9, - 0x34, 0x93, 0x48, 0xd2}; - const std::string TESTALIAS = "LegacyKeystoreWifiTestAlias"; ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI)); - ASSERT_TRUE(LegacyKeystorePut(TESTALIAS, TESTBLOB_DER, AID_WIFI)); + ASSERT_TRUE(LegacyKeystorePut(TESTALIAS, kDerTestCert, AID_WIFI)); IKeystore::KeystoreStatusCode statusCode; std::vector<uint8_t> blob; @@ -456,4 +451,15 @@ TEST_P(WifiLegacyKeystoreTest, IKeystoreGetAlwaysReturnsPemWithChain) { ASSERT_TRUE(LegacyKeystoreRemove(TESTALIAS, AID_WIFI)); } +TEST(WifiKeystoreUtilsTest, ExtractPublicKeyHandlesDer) { + auto cert = extractPubKey(kDerTestCert); + ASSERT_FALSE(cert.empty()); +} + +TEST(WifiKeystoreUtilsTest, ExtractPublicKeyHandlesPemFallback) { + const std::vector<uint8_t> TESTBLOB(std::begin(kPemTestCert), std::end(kPemTestCert)); + auto cert = extractPubKey(TESTBLOB); + ASSERT_FALSE(cert.empty()); +} + } // namespace diff --git a/wifi/keystore/1.0/default/wifikeystorehal_utils.h b/wifi/keystore/1.0/default/wifikeystorehal_utils.h new file mode 100644 index 0000000..d7a790e --- /dev/null +++ b/wifi/keystore/1.0/default/wifikeystorehal_utils.h @@ -0,0 +1,51 @@ +#pragma once + +#include <android-base/logging.h> +#include <openssl/base.h> +#include <openssl/bio.h> +#include <openssl/pem.h> +#include <openssl/x509.h> +#include <vector> + +#define AT __func__ << ":" << __LINE__ << " " + +namespace { +// Helper method to extract public key from the certificate. +std::vector<uint8_t> extractPubKey(const std::vector<uint8_t>& cert_bytes) { + const uint8_t* p = cert_bytes.data(); + bssl::UniquePtr<X509> decoded_cert(d2i_X509(nullptr, &p, cert_bytes.size())); + if (!decoded_cert) { + LOG(INFO) << AT << "Could not decode the cert, trying decoding as PEM"; + bssl::UniquePtr<BIO> cert_bio(BIO_new_mem_buf(cert_bytes.data(), cert_bytes.size())); + if (!cert_bio) { + LOG(ERROR) << AT << "Failed to create BIO"; + return {}; + } + decoded_cert = + bssl::UniquePtr<X509>(PEM_read_bio_X509(cert_bio.get(), nullptr, nullptr, nullptr)); + } + if (!decoded_cert) { + LOG(ERROR) << AT << "Could not decode the cert."; + return {}; + } + bssl::UniquePtr<EVP_PKEY> pub_key(X509_get_pubkey(decoded_cert.get())); + if (!pub_key) { + LOG(ERROR) << AT << "Could not extract public key."; + return {}; + } + bssl::UniquePtr<BIO> pub_key_bio(BIO_new(BIO_s_mem())); + if (!pub_key_bio || i2d_PUBKEY_bio(pub_key_bio.get(), pub_key.get()) <= 0) { + LOG(ERROR) << AT << "Could not serialize public key."; + return {}; + } + const uint8_t* pub_key_bytes; + size_t pub_key_len; + if (!BIO_mem_contents(pub_key_bio.get(), &pub_key_bytes, &pub_key_len)) { + LOG(ERROR) << AT << "Could not get bytes from BIO."; + return {}; + } + + return {pub_key_bytes, pub_key_bytes + pub_key_len}; +} + +} // namespace
\ No newline at end of file |