5387878a5b
Included changes: - 676ac7be8548d80c420591fc0b4fb9a11723ef34 Backwards compatibility script for CDM v18 and OPK v19 by Vicky Min <vickymin@google.com> - 3cd4f71fda91245ac0b61c4c847950952f3021c0 Change BuildInformation ree fields to optional by Matt Feddersen <mattfedd@google.com> - a2259e95dea40c27a4be02ad479aec8f1fc84737 Created a DICE CBOR Cert parser/serializer. by Alex Dale <sigquit@google.com> - b8f2c364afeb6279e5aee6488d4527e189ac42ff Don't create invalid enum value by John "Juce" Bruce <juce@google.com> - b0aed212a3b2dd8f752d8fc43982848c1aa6c152 Created an HLS Key type. by Alex Dale <sigquit@google.com> - f8cfc54b41f124ba849596dbe6438b7f271a72b7 Specify C/C++ standard when running clang-tidy on OPK by John "Juce" Bruce <juce@google.com> GitOrigin-RevId: 676ac7be8548d80c420591fc0b4fb9a11723ef34
562 lines
19 KiB
C++
562 lines
19 KiB
C++
// Copyright 2025 Google LLC. All Rights Reserved. This file and proprietary
|
|
// source code may only be used and distributed under the Widevine License
|
|
// Agreement.
|
|
//
|
|
// Reference implementation utilities of OEMCrypto APIs
|
|
//
|
|
#include "dice_cert_utils.h"
|
|
|
|
#include <inttypes.h>
|
|
|
|
#include <optional>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include <cppbor.h>
|
|
#include <gtest/gtest.h>
|
|
|
|
#include "oemcrypto_ref_test_utils.h"
|
|
|
|
namespace wvoec {
|
|
namespace util {
|
|
|
|
TEST(DiceCertDataTest, Empty) {
|
|
const DiceCertData cert_data;
|
|
|
|
EXPECT_FALSE(cert_data.has_issuer());
|
|
EXPECT_FALSE(cert_data.has_subject());
|
|
EXPECT_FALSE(cert_data.has_audience());
|
|
EXPECT_FALSE(cert_data.has_expiration_time());
|
|
EXPECT_FALSE(cert_data.has_not_before_time());
|
|
EXPECT_FALSE(cert_data.has_issued_time());
|
|
EXPECT_FALSE(cert_data.has_cwt_id());
|
|
EXPECT_FALSE(cert_data.has_code_hash());
|
|
EXPECT_FALSE(cert_data.has_code_descriptor());
|
|
EXPECT_FALSE(cert_data.has_config_hash());
|
|
EXPECT_FALSE(cert_data.has_config_descriptor());
|
|
EXPECT_FALSE(cert_data.has_authority_hash());
|
|
EXPECT_FALSE(cert_data.has_authority_descriptor());
|
|
EXPECT_FALSE(cert_data.has_mode());
|
|
EXPECT_FALSE(cert_data.has_subject_public_key());
|
|
EXPECT_FALSE(cert_data.has_key_usage());
|
|
EXPECT_FALSE(cert_data.has_profile_name());
|
|
|
|
EXPECT_EQ(cert_data.issuer(), std::nullopt);
|
|
EXPECT_EQ(cert_data.subject(), std::nullopt);
|
|
EXPECT_EQ(cert_data.audience(), std::nullopt);
|
|
EXPECT_EQ(cert_data.expiration_time(), std::nullopt);
|
|
EXPECT_EQ(cert_data.not_before_time(), std::nullopt);
|
|
EXPECT_EQ(cert_data.issued_time(), std::nullopt);
|
|
EXPECT_EQ(cert_data.cwt_id(), std::nullopt);
|
|
EXPECT_EQ(cert_data.code_hash(), std::nullopt);
|
|
EXPECT_EQ(cert_data.code_descriptor(), std::nullopt);
|
|
EXPECT_EQ(cert_data.config_hash(), std::nullopt);
|
|
EXPECT_EQ(cert_data.config_descriptor(), std::nullopt);
|
|
EXPECT_EQ(cert_data.authority_hash(), std::nullopt);
|
|
EXPECT_EQ(cert_data.authority_descriptor(), std::nullopt);
|
|
EXPECT_EQ(cert_data.mode(), std::nullopt);
|
|
EXPECT_EQ(cert_data.subject_public_key(), std::nullopt);
|
|
EXPECT_EQ(cert_data.key_usage(), std::nullopt);
|
|
EXPECT_EQ(cert_data.profile_name(), std::nullopt);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_IssuerOnly) {
|
|
const std::string kIssuer = "issuer";
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceIssuerLabel, cppbor::Tstr(kIssuer));
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_TRUE(cert_data.has_issuer());
|
|
EXPECT_FALSE(cert_data.has_subject());
|
|
EXPECT_FALSE(cert_data.has_audience());
|
|
|
|
EXPECT_EQ(cert_data.issuer(), kIssuer);
|
|
EXPECT_EQ(cert_data.subject(), std::nullopt);
|
|
EXPECT_EQ(cert_data.audience(), std::nullopt);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_SubjectOnly) {
|
|
const std::string kSubject = "subject";
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceSubjectLabel, cppbor::Tstr(kSubject));
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_FALSE(cert_data.has_issuer());
|
|
EXPECT_TRUE(cert_data.has_subject());
|
|
EXPECT_FALSE(cert_data.has_audience());
|
|
|
|
EXPECT_EQ(cert_data.issuer(), std::nullopt);
|
|
EXPECT_EQ(cert_data.subject(), kSubject);
|
|
EXPECT_EQ(cert_data.audience(), std::nullopt);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_AudienceOnly) {
|
|
const std::string kAudience = "audience";
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceAudienceLabel, cppbor::Tstr(kAudience));
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_FALSE(cert_data.has_issuer());
|
|
EXPECT_FALSE(cert_data.has_subject());
|
|
EXPECT_TRUE(cert_data.has_audience());
|
|
|
|
EXPECT_EQ(cert_data.issuer(), std::nullopt);
|
|
EXPECT_EQ(cert_data.subject(), std::nullopt);
|
|
EXPECT_EQ(cert_data.audience(), kAudience);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_ExpirationTimeOnly) {
|
|
const int64_t kTime = 12345;
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceExpirationTimeLabel, kTime);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_TRUE(cert_data.has_expiration_time());
|
|
EXPECT_FALSE(cert_data.has_not_before_time());
|
|
EXPECT_FALSE(cert_data.has_issued_time());
|
|
|
|
EXPECT_EQ(cert_data.expiration_time(), kTime);
|
|
EXPECT_EQ(cert_data.not_before_time(), std::nullopt);
|
|
EXPECT_EQ(cert_data.issued_time(), std::nullopt);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_NotBeforeTimeOnly) {
|
|
const int64_t kTime = 12345;
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceNotBeforeLabel, kTime);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_FALSE(cert_data.has_expiration_time());
|
|
EXPECT_TRUE(cert_data.has_not_before_time());
|
|
EXPECT_FALSE(cert_data.has_issued_time());
|
|
|
|
EXPECT_EQ(cert_data.expiration_time(), std::nullopt);
|
|
EXPECT_EQ(cert_data.not_before_time(), kTime);
|
|
EXPECT_EQ(cert_data.issued_time(), std::nullopt);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_IssuedAtTimeOnly) {
|
|
const int64_t kTime = 12345;
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceIssuedAtLabel, kTime);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_FALSE(cert_data.has_expiration_time());
|
|
EXPECT_FALSE(cert_data.has_not_before_time());
|
|
EXPECT_TRUE(cert_data.has_issued_time());
|
|
|
|
EXPECT_EQ(cert_data.expiration_time(), std::nullopt);
|
|
EXPECT_EQ(cert_data.not_before_time(), std::nullopt);
|
|
EXPECT_EQ(cert_data.issued_time(), kTime);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_ModeOnly) {
|
|
const uint8_t kMode = kDiceModeDebug;
|
|
const std::vector<uint8_t> kModeBytes = {kMode};
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceModeLabel, kModeBytes);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_TRUE(cert_data.has_mode());
|
|
EXPECT_EQ(cert_data.mode(), kMode);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_KeyUsageOnly_Zero) {
|
|
const DiceKeyUsageFlags kKeyUsage = 0;
|
|
// little-endian
|
|
const std::vector<uint8_t> kKeyUsageBytes = {0};
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceKeyUsageLabel, kKeyUsageBytes);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_TRUE(cert_data.has_key_usage());
|
|
EXPECT_EQ(cert_data.key_usage(), kKeyUsage);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_KeyUsageOnly_SingleByte) {
|
|
const DiceKeyUsageFlags kKeyUsage = 0x40;
|
|
// little-endian
|
|
const std::vector<uint8_t> kKeyUsageBytes = {0x40};
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceKeyUsageLabel, kKeyUsageBytes);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_TRUE(cert_data.has_key_usage());
|
|
EXPECT_EQ(cert_data.key_usage(), kKeyUsage);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_KeyUsageOnly_TwoBytes) {
|
|
const DiceKeyUsageFlags kKeyUsage = 0x0245;
|
|
// little-endian
|
|
const std::vector<uint8_t> kKeyUsageBytes = {0x45, 0x02};
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceKeyUsageLabel, kKeyUsageBytes);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_TRUE(cert_data.has_key_usage());
|
|
EXPECT_EQ(cert_data.key_usage(), kKeyUsage);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, Parse_WidevineCert) {
|
|
const std::string kIssuer = "Issuer";
|
|
const std::string kSubject = "Subject";
|
|
const int64_t kExpiryTime = 3003016585;
|
|
const int64_t kNotBeforeTime = 1740798985;
|
|
const int64_t kIssuedAtTime = 1740712585;
|
|
|
|
const std::vector<uint8_t> kCodeHash = RandomData(64);
|
|
const std::vector<uint8_t> kConfigHash = RandomData(64);
|
|
const std::vector<uint8_t> kConfigDescriptor = RandomData(256);
|
|
const std::vector<uint8_t> kAuthorityHash = RandomData(64);
|
|
const uint8_t kMode = kDiceModeNormal;
|
|
const std::vector<uint8_t> kModeBytes = {kMode};
|
|
const std::vector<uint8_t> kSubjectPublicKey = RandomData(512);
|
|
const DiceKeyUsageFlags kKeyUsage = kKeyCertSignBit;
|
|
const std::vector<uint8_t> kKeyUsageBytes =
|
|
DiceCertData::EncodeKeyUsageBytes(kKeyUsage);
|
|
const std::string kProfileName = "Widevine";
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceIssuerLabel, kIssuer);
|
|
cert_map.add(kDiceSubjectLabel, kSubject);
|
|
// No audience
|
|
cert_map.add(kDiceExpirationTimeLabel, kExpiryTime);
|
|
cert_map.add(kDiceNotBeforeLabel, kNotBeforeTime);
|
|
cert_map.add(kDiceIssuedAtLabel, kIssuedAtTime);
|
|
// No CWT ID.
|
|
cert_map.add(kDiceCodeHashLabel, kCodeHash);
|
|
// No code descriptor.
|
|
cert_map.add(kDiceConfigHashLabel, kConfigHash);
|
|
cert_map.add(kDiceConfigDescriptorLabel, kConfigDescriptor);
|
|
cert_map.add(kDiceAuthorityHashLabel, kAuthorityHash);
|
|
// No authority descriptor.
|
|
cert_map.add(kDiceModeLabel, kModeBytes);
|
|
cert_map.add(kDiceSubjectPublicKeyLabel, kSubjectPublicKey);
|
|
cert_map.add(kDiceKeyUsageLabel, kKeyUsageBytes);
|
|
cert_map.add(kDiceProfileNameLabel, kProfileName);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
ASSERT_TRUE(cert_data.ParseCbor(cbor_cert));
|
|
|
|
EXPECT_TRUE(cert_data.has_issuer());
|
|
EXPECT_TRUE(cert_data.has_subject());
|
|
EXPECT_FALSE(cert_data.has_audience());
|
|
EXPECT_TRUE(cert_data.has_expiration_time());
|
|
EXPECT_TRUE(cert_data.has_not_before_time());
|
|
EXPECT_TRUE(cert_data.has_issued_time());
|
|
EXPECT_FALSE(cert_data.has_cwt_id());
|
|
EXPECT_TRUE(cert_data.has_code_hash());
|
|
EXPECT_FALSE(cert_data.has_code_descriptor());
|
|
EXPECT_TRUE(cert_data.has_config_hash());
|
|
EXPECT_TRUE(cert_data.has_config_descriptor());
|
|
EXPECT_TRUE(cert_data.has_authority_hash());
|
|
EXPECT_FALSE(cert_data.has_authority_descriptor());
|
|
EXPECT_TRUE(cert_data.has_mode());
|
|
EXPECT_TRUE(cert_data.has_subject_public_key());
|
|
EXPECT_TRUE(cert_data.has_key_usage());
|
|
EXPECT_TRUE(cert_data.has_profile_name());
|
|
|
|
EXPECT_EQ(cert_data.issuer(), kIssuer);
|
|
EXPECT_EQ(cert_data.subject(), kSubject);
|
|
EXPECT_EQ(cert_data.audience(), std::nullopt);
|
|
EXPECT_EQ(cert_data.expiration_time(), kExpiryTime);
|
|
EXPECT_EQ(cert_data.not_before_time(), kNotBeforeTime);
|
|
EXPECT_EQ(cert_data.issued_time(), kIssuedAtTime);
|
|
EXPECT_EQ(cert_data.cwt_id(), std::nullopt);
|
|
EXPECT_EQ(cert_data.code_hash(), kCodeHash);
|
|
EXPECT_EQ(cert_data.code_descriptor(), std::nullopt);
|
|
EXPECT_EQ(cert_data.config_hash(), kConfigHash);
|
|
EXPECT_EQ(cert_data.config_descriptor(), kConfigDescriptor);
|
|
EXPECT_EQ(cert_data.authority_hash(), kAuthorityHash);
|
|
EXPECT_EQ(cert_data.authority_descriptor(), std::nullopt);
|
|
EXPECT_EQ(cert_data.mode(), kMode);
|
|
EXPECT_EQ(cert_data.subject_public_key(), kSubjectPublicKey);
|
|
EXPECT_EQ(cert_data.key_usage(), kKeyUsage);
|
|
EXPECT_EQ(cert_data.profile_name(), kProfileName);
|
|
|
|
const std::vector<uint8_t> repackaged_cbor_cert = cert_data.SerializeCbor();
|
|
ASSERT_FALSE(repackaged_cbor_cert.empty());
|
|
EXPECT_EQ(cbor_cert, repackaged_cbor_cert);
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadIssuerType) {
|
|
const int64_t kBadIssuer = 64;
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceIssuerLabel, kBadIssuer); // Must be tstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadSubjectType) {
|
|
const std::vector<uint8_t> kBadSubject = {'b', 's', 't', 'r'};
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceSubjectLabel, kBadSubject); // Must be tstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadAudienceType) {
|
|
const bool kBadAudience = true;
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceAudienceLabel, cppbor::Bool(kBadAudience)); // Must be tstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadExpirationTimeType) {
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceExpirationTimeLabel, cppbor::Null()); // Must be int
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadNotBeforeTimeType) {
|
|
const std::string kBadNotBeforeTime = "02/27/25";
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceNotBeforeLabel, kBadNotBeforeTime); // Must be int
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadIssuedAtTimeType) {
|
|
const std::vector<uint8_t> kBadIssuedAtTime = {1, 2, 3, 4, 5};
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceIssuedAtLabel, kBadIssuedAtTime); // Must be int
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadCwtIdType) {
|
|
const std::string kBadCwtId = "CWT ID as string";
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceCwtIdLabel, kBadCwtId); // Must be bstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadCodeHashType) {
|
|
const int64_t kBadCodeHash = 1234;
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceCodeHashLabel, kBadCodeHash); // Must be bstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadCodeDescriptorType) {
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceCodeDescriptorLabel, cppbor::Null()); // Must be bstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadConfigHashType) {
|
|
const int64_t kBadConfigHash = 1234;
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceConfigHashLabel, kBadConfigHash); // Must be bstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadConfigDescriptorType) {
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceConfigDescriptorLabel, cppbor::Null()); // Must be bstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadAuthorityHashType) {
|
|
const int64_t kBadAuthorityHash = 1234;
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceAuthorityHashLabel, kBadAuthorityHash); // Must be bstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadAuthorityDescriptorType) {
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceAuthorityDescriptorLabel, cppbor::Null()); // Must be bstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadModeType) {
|
|
const std::string kBadMode = "Normal";
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceModeLabel, kBadMode); // Must be bstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadModeLength_TooLong) {
|
|
const std::vector<uint8_t> kBadMode = {kDiceModeRecovery, 0};
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceModeLabel, kBadMode);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadModeLength_TooShort) {
|
|
const std::vector<uint8_t> kBadMode;
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceModeLabel, kBadMode);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadSubjectPublicKeyType) {
|
|
const std::string kBadSubjectPublicKey = "I'm a key, not!";
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceSubjectPublicKeyLabel, kBadSubjectPublicKey);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadKeyUsageType) {
|
|
const int64_t kBadKeyUsage = 1234;
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceKeyUsageLabel, kBadKeyUsage); // Must be bstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadKeyUsageLength_TooLong) {
|
|
const std::vector<uint8_t> kBadKeyUsage = {0, 0, 1};
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceKeyUsageLabel, kBadKeyUsage);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadKeyUsageLength_TooShort) {
|
|
const std::vector<uint8_t> kBadKeyUsage;
|
|
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceKeyUsageLabel, kBadKeyUsage);
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
|
|
TEST(DiceCertDataTest, ParseBad_BadProfileNameType) {
|
|
cppbor::Map cert_map;
|
|
cert_map.add(kDiceProfileNameLabel, cppbor::Bool(false)); // Must be tstr
|
|
const std::vector<uint8_t> cbor_cert = cert_map.canonicalize().encode();
|
|
ASSERT_FALSE(cbor_cert.empty());
|
|
|
|
DiceCertData cert_data;
|
|
EXPECT_FALSE(cert_data.ParseCbor(cbor_cert));
|
|
}
|
|
} // namespace util
|
|
} // namespace wvoec
|