1
2 /*
3 * Copyright (c) 2025 Huawei Device Co., Ltd.
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <string>
18 #include <gtest/gtest.h>
19 #include <openssl/pem.h>
20 #include "securec.h"
21 #include "cf_memory.h"
22 #include "hm_attestation_cert_verify.h"
23 #include "attestation_cert_ext_legacy.h"
24 #include "attestation_cert_ext.h"
25 #include "attestation_cert_verify.h"
26 #include "attestation_common.h"
27
28 using namespace std;
29 using namespace testing::ext;
30
31 namespace {
32 class CfAttestationTest : public testing::Test {
33 public:
34 static void SetUpTestCase(void);
35 static void TearDownTestCase(void);
36 void SetUp();
37 void TearDown();
38 };
39
SetUpTestCase(void)40 void CfAttestationTest::SetUpTestCase(void)
41 {
42 }
43
TearDownTestCase(void)44 void CfAttestationTest::TearDownTestCase(void)
45 {
46 }
47
SetUp()48 void CfAttestationTest::SetUp()
49 {
50 }
51
TearDown()52 void CfAttestationTest::TearDown()
53 {
54 }
55
56 const char *EC_ROOT_CA = "-----BEGIN CERTIFICATE-----\n"
57 "MIIB2TCCAX+gAwIBAgIFAt/cGLEwCgYIKoZIzj0EAwIwQzEPMA0GA1UECgwGVEVT\n"
58 "VCBYMTAwLgYDVQQDDCdURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBSb290\n"
59 "IENBIDEwHhcNMjUwNjA3MDkzMTE5WhcNNDUwNDAzMDkzMTE5WjBDMQ8wDQYDVQQK\n"
60 "DAZURVNUIFgxMDAuBgNVBAMMJ1RFU1QgWCBFQ0MgRGV2aWNlIEF0dGVzdGF0aW9u\n"
61 "IFJvb3QgQ0EgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNIRo0npO5bdiWHm\n"
62 "5+Gfe90YWh+8RmGlPI4VnP2gDJamPlZfKSokvcPX72IIZZen0KYoU92jlPoLy4mo\n"
63 "vCoFFYCjYDBeMB0GA1UdDgQWBBT8QJ0aBENv/QK9b9yA+whHSj9AJDAfBgNVHSME\n"
64 "GDAWgBT8QJ0aBENv/QK9b9yA+whHSj9AJDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\n"
65 "DwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiEA/AuETYSOLM4MXvZYv14QimHv8slQ\n"
66 "RRCItMDzYbUO6hQCIH8k97AK+7bFipGLJIjd8hY4oG7iWlGgUtwU9Kx6ne7q\n"
67 "-----END CERTIFICATE-----";
68
69 const char *BAD_CERT = "-----BEGIN CERTIFICATE-----\n"
70 "MIIB2TCCAX+gAwIBAgIFAt/cGLEwCgYIKoZIzj0EAwIwQzEPMA0GA1UECgwGVEVT\n"
71 "VCBYMTAwLgYDVQQDDCdURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBSb290\n"
72 "IENBIDEwHhcNMjUwNjA3MDkzMTE5WhcNNDUwNDAzMDkzMTE5WjBDMQ8wDQYDVQQK\n"
73 "DAZURVNUIFgxMDAuBgNVBAMMJ1RFU1QgWCBFQ0MgRGV2aWNlIEF0dGVzdGF0aW9u\n"
74 "IFJvb3QgQ0EgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNIRo0npO5bdiWHm\n"
75 "5+Gfe90YWh+8RmGlPI4VnP2gDJamPlZfKSokvcPX72IIZZen0KYoU92jlPoLy4mo\n"
76 "vCoFFYCjYDBeMB0GA1UdDgQWBBT8QJ0aBENv/QK9b9yA+whHSj9AJDAfBgNVHSME\n"
77 "GDAWgBT8QJ0aBENv/QK9b9yA+whHSj9AJDAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\n"
78 "DwQEAwIBBjAKBggqhkjOPQQDAgNIADBFAiEA/AuETYSOLM4MXvZYv14QimHv8slQ\n"
79 "RRCItMDzYbUO6hQCIH8k97AK+7bFipGLJIjd8hY4oG7iWlGgUtwU9Kx6ne7q\n";
80
81 const char *EC_APP_CERT = "-----BEGIN CERTIFICATE-----\n"
82 "MIIBrDCCAVGgAwIBAgIFBTPn/LEwCgYIKoZIzj0EAwIwTTEPMA0GA1UECgwGVEVT\n"
83 "VCBYMS0wKwYDVQQDDCRURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBERVZJ\n"
84 "Q0UxCzAJBgNVBAYTAkNOMB4XDTI1MDYwNzA5MzExOVoXDTQ1MDQwMzA5MzExOVow\n"
85 "ETEPMA0GA1UECwwGZnV0dXJlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEQTyG\n"
86 "YoRJ4XYWEIi0aQYn5dPTkXlA7pc5TBuK5/9BBlrjiuxz571TDXR9fazshKW9Z95O\n"
87 "d+zh1MvVoPDIMp2kjaNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCBeAwHQYDVR0O\n"
88 "BBYEFL/oq2cWVndUXzTFzScpHiX1qn/FMB8GA1UdIwQYMBaAFFaxkHCk+M2NY+6n\n"
89 "gTqmGhCWPFq5MAoGCCqGSM49BAMCA0kAMEYCIQC/+lDbY/ZjvZE9q4ZcaoTaY56D\n"
90 "md7dYhvERA8S3lVjbQIhAJkNkVQd/cQFNDSSDep1OpGAxHRFi0fBB5gRF4wo2fHx\n"
91 "-----END CERTIFICATE-----";
92
93 const char *EC_DEVICE_CERT = "-----BEGIN CERTIFICATE-----\n"
94 "MIIB7DCCAZGgAwIBAgIFAt/cGLIwCgYIKoZIzj0EAwIwSzEPMA0GA1UECgwGVEVT\n"
95 "VCBYMSswKQYDVQQDDCJURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBDQSAx\n"
96 "MQswCQYDVQQGEwJDTjAeFw0yNTA2MDcwOTMxMTlaFw00NTA0MDMwOTMxMTlaME0x\n"
97 "DzANBgNVBAoMBlRFU1QgWDEtMCsGA1UEAwwkVEVTVCBYIEVDQyBEZXZpY2UgQXR0\n"
98 "ZXN0YXRpb24gREVWSUNFMQswCQYDVQQGEwJDTjBZMBMGByqGSM49AgEGCCqGSM49\n"
99 "AwEHA0IABP5NtT48Y7hI8goGFfSmtZMuANRYgG1eB2qnalZOb5kGpABpnqdDaKvo\n"
100 "Fv+k6xkjOJ5a8REuN4rDnVtpkg9ObE2jYDBeMB0GA1UdDgQWBBRWsZBwpPjNjWPu\n"
101 "p4E6phoQljxauTAfBgNVHSMEGDAWgBQtzg7qzZ2yDH1ZUzGgPTSJoMUBLjAPBgNV\n"
102 "HRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNJADBGAiEAmmX4\n"
103 "N55vDsPijPbE6Q2I7enHQWevRnJzfzJCoK5lzFQCIQD6dIN1XV9rMh0dTXtPQVmO\n"
104 "QD1SSlQCb2fuy+oQgyDD2Q==\n"
105 "-----END CERTIFICATE-----";
106
107 const char *EC_SUB_CA_CERT = "-----BEGIN CERTIFICATE-----\n"
108 "MIIB4jCCAYegAwIBAgIFAt/cGLIwCgYIKoZIzj0EAwIwQzEPMA0GA1UECgwGVEVT\n"
109 "VCBYMTAwLgYDVQQDDCdURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBSb290\n"
110 "IENBIDEwHhcNMjUwNjA3MDkzMTE5WhcNNDUwNDAzMDkzMTE5WjBLMQ8wDQYDVQQK\n"
111 "DAZURVNUIFgxKzApBgNVBAMMIlRFU1QgWCBFQ0MgRGV2aWNlIEF0dGVzdGF0aW9u\n"
112 "IENBIDExCzAJBgNVBAYTAkNOMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsqsm\n"
113 "SmDeZ12OsC+/6+b7z2w7ga9IOqdB4JohzWMtrIsrFSpPMwtI7XeMwr3+4I7l/KGM\n"
114 "bYxVaekO0D0su64EBaNgMF4wHQYDVR0OBBYEFC3ODurNnbIMfVlTMaA9NImgxQEu\n"
115 "MB8GA1UdIwQYMBaAFPxAnRoEQ2/9Ar1v3ID7CEdKP0AkMA8GA1UdEwEB/wQFMAMB\n"
116 "Af8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0kAMEYCIQDybyPn3hcuCQ50CVHb\n"
117 "IpwSJlzGmwltoKkh0TyYDvA9LQIhAI4wq85zQ/M2Z1yrrx+yYttySw+9dxQ/wW3P\n"
118 "OHJr6vQk\n"
119 "-----END CERTIFICATE-----";
120
121 const char *RSA_ROOT_CA = "-----BEGIN CERTIFICATE-----\n"
122 "MIIDZTCCAk2gAwIBAgIFAt/cGLEwDQYJKoZIhvcNAQELBQAwQzEPMA0GA1UECgwG\n"
123 "VEVTVCBYMTAwLgYDVQQDDCdURVNUIFggUlNBIERldmljZSBBdHRlc3RhdGlvbiBS\n"
124 "b290IENBIDEwHhcNMjUwNjA3MDcwOTI5WhcNNDUwNDAzMDcwOTI5WjBDMQ8wDQYD\n"
125 "VQQKDAZURVNUIFgxMDAuBgNVBAMMJ1RFU1QgWCBSU0EgRGV2aWNlIEF0dGVzdGF0\n"
126 "aW9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM4m\n"
127 "Io2yEXYN8ltRBdiEjxhYy8Z6xZIQZfBwC0hUmio2PQXAlPzwv4OCuBFgi1hcvZL9\n"
128 "PsbvIYG2APKVc31ktiMpPJmSWkxTu/SKA1cbc5APEFx+PTJhVZ5F3I3rwRwGQybt\n"
129 "NrxvE946Q7eauna9jkyURJtuN2bnxGtON0rcrdW10tLN2DBnLMxJYlTw5gMIzfWQ\n"
130 "02CYr5D3DPcovyaF8661N/JEGHgQih3H6attna7Gw663YQiWy2tpXiS2BFZU1PYl\n"
131 "C9iHbqACZ5cLIIHg4X9Y0Zhqun9O0lprJHJZua3DW8yRqlyhstWPpFtGBKtKLe6J\n"
132 "adsesMuTpP5M87EN7VcCAwEAAaNgMF4wHQYDVR0OBBYEFBbEAVsSD7EoOcDfCqMI\n"
133 "snoSmjc3MB8GA1UdIwQYMBaAFBbEAVsSD7EoOcDfCqMIsnoSmjc3MA8GA1UdEwEB\n"
134 "/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQBPCOxCd7in\n"
135 "UCXOjX0/06t+baBCeU9RN3cz3ArI6R73LoJlBXMhEc7xzzXMKzVN3uZEBTRDInNU\n"
136 "XIE730Y07QrIL5Q5Jqc8bb2W2xWksvBbV+x6uh/zw0kRnOnJwCxgpaXCCQ8Pfukn\n"
137 "rb7rOu5+A4QBZwu2IvSN7swxYoIgRD81XOMpyIsNAbuI7w6lvpWuXeG/gyeVwQ9P\n"
138 "TPgxcZRMrTa/9bJr1aWYJPjOw4QkarHx5IVRhZR57k2mZ9cOVlFEV0KInQyF1LrU\n"
139 "9yIAFV0nHSp0zt8dBdtxmNiWEZTBh2f4BrZ5Lz41GSoD8OJi9u12ySxgaAH43LPN\n"
140 "UBoMYLvARABk\n"
141 "-----END CERTIFICATE-----";
142
143 const char *RSA_APP_CERT = "-----BEGIN CERTIFICATE-----\n"
144 "MIIDOzCCAiOgAwIBAgIFBTPn/LEwDQYJKoZIhvcNAQELBQAwTTEPMA0GA1UECgwG\n"
145 "VEVTVCBYMS0wKwYDVQQDDCRURVNUIFggUlNBIERldmljZSBBdHRlc3RhdGlvbiBE\n"
146 "RVZJQ0UxCzAJBgNVBAYTAkNOMB4XDTI1MDYwNzA3MDkzMFoXDTQ1MDQwMzA3MDkz\n"
147 "MFowFTETMBEGA1UECwwKcnNhIGZ1dHVyZTCCASIwDQYJKoZIhvcNAQEBBQADggEP\n"
148 "ADCCAQoCggEBAJ10aK/cLN4sIYJoL9ObdSxez0brLJSnpJvht1nu9pYbQJ3KZtAz\n"
149 "OQ8D3QoILUsUI+SSM3bJMGLtwzZqSVKpU6ciVlAnLkogLdAsKCK2TFB4l3Uqa2MD\n"
150 "NUXqT6ezTRg5DjSJ/SGSRU0uIRZaFYBPrWe5b926FdEwmP3aqHOyrJToQOdwNwmw\n"
151 "N8G2tY3V5CPl6uwbqBrPhrPXsM8kcD3AnrefM7KGv0hR4Rwra4udIzPpxVzytH2x\n"
152 "qzxA5rLufbl/NWLLO8QM5tAwrbYv4zCIjzKPgEI9Pb8Gx/qo65xHrOR33tRHz87r\n"
153 "ZhWltG788FXAZyKmDHeXu8onthwscqoIO40CAwEAAaNaMFgwCQYDVR0TBAIwADAL\n"
154 "BgNVHQ8EBAMCBeAwHQYDVR0OBBYEFNCx8F06FN4a8+duXFRi2l/xHIU4MB8GA1Ud\n"
155 "IwQYMBaAFA2CvxOKeGVoIPLLySJOpnlqUlgfMA0GCSqGSIb3DQEBCwUAA4IBAQBy\n"
156 "km7QLiqz6icijns0vu6h3ycxPVfjMFfTOF+nnQA7DVtaSqFswF+Ee6oS3WEzK50p\n"
157 "J7/MVWqIEY+u/3/pdmxbh/fc/+VfFGkSG8MXin2fzEgUFuG7pgVpP8bYIW1NWyN8\n"
158 "4DqOycKECE1BfGz67Z6kY3yZFdep9573klqfM8BLGzYPJOlrdLZcxKHvD7evomQk\n"
159 "+iGtFZJl1/hBX9/Sqs7irbn4qNtsux2lTJMdt72goDeQA3nHWaErL3yJWG8hfTMh\n"
160 "hf9D5XZdxs6FD1W2WYiME5ssU7QKjLb3iCNwJH/0sdIJphW6ngSzMKNSBdsNZ0aV\n"
161 "RMXkP7i3EkHhitvL2Kj7\n"
162 "-----END CERTIFICATE-----";
163
164 const char *RSA_DEVICE_CERT = "-----BEGIN CERTIFICATE-----\n"
165 "MIIDdzCCAl+gAwIBAgIFAt/cGLIwDQYJKoZIhvcNAQELBQAwSzEPMA0GA1UECgwG\n"
166 "VEVTVCBYMSswKQYDVQQDDCJURVNUIFggUlNBIERldmljZSBBdHRlc3RhdGlvbiBD\n"
167 "QSAxMQswCQYDVQQGEwJDTjAeFw0yNTA2MDcwNzA5MzBaFw00NTA0MDMwNzA5MzBa\n"
168 "ME0xDzANBgNVBAoMBlRFU1QgWDEtMCsGA1UEAwwkVEVTVCBYIFJTQSBEZXZpY2Ug\n"
169 "QXR0ZXN0YXRpb24gREVWSUNFMQswCQYDVQQGEwJDTjCCASIwDQYJKoZIhvcNAQEB\n"
170 "BQADggEPADCCAQoCggEBANOsuN3tcgiaGFZmwNzBMfMZi67ZFxY1I5D75Qajwrmt\n"
171 "yAo5R/NMPucVMrvckd1IsDHN7UQcPIvmJ7ldGPOlS6SEzLpStK8umhwzFtPm7D60\n"
172 "Z8pvAmdlkVzL2zjgMHFpBHfxHv+8jQmsjp97NpKHDka4PMJyzde66GlnttHKcgl0\n"
173 "BTF8oCJaIxFjdkQJo9ysDGGPzdf2kup7Wtw2hx85pW+1pkdTds4T26ana9lAUyZ7\n"
174 "TU7wwTYhVRA66q3glsUe00VS42oVHEdMLQ7/OttcPYykdxXnB8S0UpMRm8+lv5AK\n"
175 "RV8oZNLEiLhoGlYuhedrER9PJzwa9fDAgMRoAoqpS/8CAwEAAaNgMF4wHQYDVR0O\n"
176 "BBYEFA2CvxOKeGVoIPLLySJOpnlqUlgfMB8GA1UdIwQYMBaAFHHvU7ekzs8s7dmC\n"
177 "kxSnj0xYpwJCMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3\n"
178 "DQEBCwUAA4IBAQBATEYG/J99XumDMNNpacz/HGSAvR9iu9yb0lRZEMvZKPd56Z/U\n"
179 "fPxBZPiXIDJLvK36skkhLLaHL4Op6dWYIC2Jp8SjfrsfIpyylxwkEh0Gtbs/+NFt\n"
180 "53E4QtcNilFDQ17wcuKv0UVQCG3DlgzaS9jdyrQ2C4/zwOnC/vQD5tUvXJUFaQel\n"
181 "PbQth4+amxl1pHQA7XSBKHvL9hWalRJEUOsKnwAAGwcZgmWQyyqDv9eosab68Kvw\n"
182 "PaNXdE5awQRtlfNj4xTfXqkNye9q4QuxqjEB4gW5UKv9OTld1kWM7rgRAKOSNPvX\n"
183 "OQGMH1BpjHLmYtZgrqhuZ/4zZgj0Zpq99dzo\n"
184 "-----END CERTIFICATE-----";
185
186 const char *RSA_SUB_CA_CERT = "-----BEGIN CERTIFICATE-----\n"
187 "MIIDbTCCAlWgAwIBAgIFAt/cGLIwDQYJKoZIhvcNAQELBQAwQzEPMA0GA1UECgwG\n"
188 "VEVTVCBYMTAwLgYDVQQDDCdURVNUIFggUlNBIERldmljZSBBdHRlc3RhdGlvbiBS\n"
189 "b290IENBIDEwHhcNMjUwNjA3MDcwOTMwWhcNNDUwNDAzMDcwOTMwWjBLMQ8wDQYD\n"
190 "VQQKDAZURVNUIFgxKzApBgNVBAMMIlRFU1QgWCBSU0EgRGV2aWNlIEF0dGVzdGF0\n"
191 "aW9uIENBIDExCzAJBgNVBAYTAkNOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n"
192 "CgKCAQEAlr25YgexwMxxZ8qNL2+kIbkE5Hb1uXJvIGkSw5T3jz8ux4atgJY7uX7X\n"
193 "eiXOmSf7FQZJBHwB8YZRXUyXuDqr1rCPa+OFN+Nq4i0xr68oIfaCxNPF758Nd5m2\n"
194 "fWR62bNha3s14NlP2XGAcX0xxiVRYYDu/Onqp3L+JfwM5a+JMED8TMfha7YBqRV0\n"
195 "1uVPPKokuClLS8qbKZW5KCTkC64UX3hhBsAZW6LFESIn710mWje9iqQgOyxnj7QE\n"
196 "DIvhtGwITNCk9QHN6u8ZZILJpLzlr7Fw/2viPw7tBJvtIvXQ9TqXdYZZLCrpCW3m\n"
197 "CnjWku/XNQcafoN52LmS8RN8zeLPwQIDAQABo2AwXjAdBgNVHQ4EFgQUce9Tt6TO\n"
198 "zyzt2YKTFKePTFinAkIwHwYDVR0jBBgwFoAUFsQBWxIPsSg5wN8KowiyehKaNzcw\n"
199 "DwYDVR0TAQH/BAUwAwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEB\n"
200 "AEVAKVjptSLKIE4CNl8BleRRi+1lQz0d3PZljrGpUs5fZoNuCxQHys4wsb8lOeBI\n"
201 "OOEQlv4aKov2Rvc98CMtGq5h16J3X4JqRgFVrdlAO1TzIVz2/L0AhuEw+nY5R5la\n"
202 "8i8qZowlqEJ/QpmDqHOkrt7MpsTR0+79hBuXzTUkhClqy/WTH/k4T0v233Anf7gm\n"
203 "MLlS2b7TWAgNSOdqKrVz8BCIuSOUoH4X5PKCQOUISI7tepVm+krNjYTnUAa7SEJ6\n"
204 "ZcQs3ZUk5dH1XneYDU5ST/py/pwYGx3+wlmWkkebVkl4BwdAlSe7ijQlkiFkg+8S\n"
205 "fvSxx0+k1nQrvNGuu91+le4=\n"
206 "-----END CERTIFICATE-----";
207
208 string g_cn1 = "TEST X ECC Device Attestation CA";
209 string g_o = "TEST X";
210 string g_c = "CN";
211 string g_cn2 = "TEST X RSA Device Attestation CA";
212
213 string g_ou9 = "ou9";
214 string g_o9 = "o9";
215 string g_c9 = "CX";
216
217 const static CertSnInfo SUB_CA_SUBJECT_INFO[] = {
218 {const_cast<char *>(g_cn1.c_str()), const_cast<char *>(g_ou9.c_str()), const_cast<char *>(g_o9.c_str()),
219 const_cast<char *>(g_c9.c_str())},
220 {const_cast<char *>(g_cn1.c_str()), const_cast<char *>(g_o.c_str()), const_cast<char *>(g_o9.c_str()),
221 const_cast<char *>(g_c9.c_str())},
222 {const_cast<char *>(g_cn1.c_str()), const_cast<char *>(g_o.c_str()), const_cast<char *>(g_c.c_str()),
223 const_cast<char *>(g_c9.c_str())},
224 {const_cast<char *>(g_cn1.c_str()), nullptr, const_cast<char *>(g_o.c_str()), const_cast<char *>(g_c.c_str())},
225 {const_cast<char *>(g_cn2.c_str()), nullptr, const_cast<char *>(g_o.c_str()), const_cast<char *>(g_c.c_str())},
226 };
227
228 #define SUB_CA_SUBJECT_INFO_LEN 5
229
230 string g_cn3 = "XXXX";
231 const static CertSnInfo SUB_CA_SUBJECT_INFO_ERROR[] = {
232 {const_cast<char *>(g_cn3.c_str()), nullptr, nullptr, nullptr},
233 };
234
BaseTest(HcfAttestCertVerifyParam * param,char * certs)235 void BaseTest(HcfAttestCertVerifyParam *param, char *certs)
236 {
237 CfEncodingBlob data = {0};
238 data.encodingFormat = CF_FORMAT_PEM;
239 data.data = reinterpret_cast<uint8_t *>(certs);
240 data.len = strlen(certs);
241 HmAttestationInfo *info = nullptr;
242 CfResult ret = HcfAttestCertVerify(&data, param, &info);
243 ASSERT_EQ(ret, CF_SUCCESS);
244
245 ret = HcfAttestCertParseExtension(info);
246 ASSERT_EQ(ret, CF_SUCCESS);
247
248 ret = HcfAttestCheckBoundedWithUdId(info);
249 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
250
251 ret = HcfAttestCheckBoundedWithSocid(info);
252 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
253
254 HmAttestationCertExt ext = { 0 };
255 ret = HcfAttestGetCertExtension(info, DEVICE_ACTIVATION_DEVICE_ID1, &ext);
256 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
257 ret = HcfAttestGetCertExtension(info, ATTESTATION_ENC_PADDING, &ext);
258 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
259 ret = HcfAttestGetCertExtension(info, ATTESTATION_CERT_EXT_TYPE_MAX, &ext);
260 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
261
262 ret = HcfAttestGetCertExtension(info, LEGACY_VERSION, &ext);
263 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
264 ret = HcfAttestGetCertExtension(info, KM_TAG_TYPE_MAX, &ext);
265 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
266 HcfAttestInfoFree(info);
267 }
268
CreateCertChain(const char * certs[],int num,char ** chain)269 static int CreateCertChain(const char *certs[], int num, char **chain)
270 {
271 int i = 0;
272 size_t len = 0;
273 for (i = 0; i < num; i++) {
274 len += strlen(certs[i]);
275 }
276
277 len += num;
278 char *out = reinterpret_cast<char *>(CfMalloc(len + 1, 0));
279 if (out == nullptr) {
280 return -1;
281 }
282
283 for (i = 0; i < num; i++) {
284 if (memcpy_s(out + strlen(out), len - strlen(out), certs[i], strlen(certs[i])) != EOK) {
285 CfFree(out);
286 return -1;
287 }
288 void *src = reinterpret_cast<void *>(const_cast<char *>("\n"));
289 if (memcpy_s(out + strlen(out), len - strlen(out), src, 1) != EOK) {
290 CfFree(out);
291 return -1;
292 }
293 }
294 *chain = out;
295 return 0;
296 }
297
298 /**
299 * @tc.name: CfAttestationTest001
300 * @tc.desc: attestation cert verify and parse
301 * @tc.type: FUNC
302 * @tc.require: NA
303 */
304 HWTEST_F(CfAttestationTest, CfAttestationTest001, TestSize.Level0)
305 {
306 HcfAttestCertVerifyParam *param = nullptr;
307 CfResult ret = HcfAttestCreateVerifyParam(¶m);
308 ASSERT_EQ(ret, CF_SUCCESS);
309 ret = HcfAttestSetVerifyParamCheckTime(param, true);
310 ASSERT_EQ(ret, CF_SUCCESS);
311 CfEncodingBlob rootCa = {0};
312 rootCa.encodingFormat = CF_FORMAT_PEM;
313 rootCa.data = reinterpret_cast<uint8_t *>(const_cast<char *>(EC_ROOT_CA));
314 rootCa.len = strlen(EC_ROOT_CA);
315 ret = HcfAttestSetVerifyParamRootCa(param, &rootCa);
316 ASSERT_EQ(ret, CF_SUCCESS);
317
318 HmAttestationSnInfo snInfos = { 0 };
319 snInfos.certSnInfos = const_cast<CertSnInfo *>(&SUB_CA_SUBJECT_INFO[0]);
320 snInfos.num = SUB_CA_SUBJECT_INFO_LEN;
321 ret = HcfAttestSetVerifyParamSnInfos(param, &snInfos);
322 ASSERT_EQ(ret, CF_SUCCESS);
323
324 char *chain = nullptr;
325 const char *certs[] = {EC_APP_CERT, EC_DEVICE_CERT, EC_SUB_CA_CERT};
326 int num = sizeof(certs) / sizeof(certs[0]);
327 int res = CreateCertChain(certs, num, &chain);
328 ASSERT_EQ(res, 0);
329 BaseTest(param, chain);
330 HcfAttestFreeVerifyParam(param);
331 CfFree(chain);
332 }
333
334 /**
335 * @tc.name: CfAttestationTest002
336 * @tc.desc: attestation cert verify and parse
337 * @tc.type: FUNC
338 * @tc.require: NA
339 */
340 HWTEST_F(CfAttestationTest, CfAttestationTest002, TestSize.Level0)
341 {
342 HcfAttestCertVerifyParam *param = nullptr;
343 CfResult ret = HcfAttestCreateVerifyParam(¶m);
344 ASSERT_EQ(ret, CF_SUCCESS);
345 ret = HcfAttestSetVerifyParamCheckTime(param, false);
346 ASSERT_EQ(ret, CF_SUCCESS);
347 CfEncodingBlob rootCa = {0};
348 rootCa.encodingFormat = CF_FORMAT_PEM;
349 rootCa.data = reinterpret_cast<uint8_t *>(const_cast<char *>(RSA_ROOT_CA));
350 rootCa.len = strlen(RSA_ROOT_CA);
351 ret = HcfAttestSetVerifyParamRootCa(param, &rootCa);
352 ASSERT_EQ(ret, CF_SUCCESS);
353
354 HmAttestationSnInfo snInfos = { 0 };
355 snInfos.certSnInfos = const_cast<CertSnInfo *>(&SUB_CA_SUBJECT_INFO[0]);
356 snInfos.num = SUB_CA_SUBJECT_INFO_LEN;
357 ret = HcfAttestSetVerifyParamSnInfos(param, &snInfos);
358 ASSERT_EQ(ret, CF_SUCCESS);
359
360 char *chain = nullptr;
361 const char *certs[] = {RSA_APP_CERT, RSA_DEVICE_CERT, RSA_SUB_CA_CERT};
362 int num = sizeof(certs) / sizeof(certs[0]);
363 int res = CreateCertChain(certs, num, &chain);
364 ASSERT_EQ(res, 0);
365 BaseTest(param, chain);
366 HcfAttestFreeVerifyParam(param);
367 CfFree(chain);
368 }
369
370 /**
371 * @tc.name: CfAttestationTest003
372 * @tc.desc: attestation cert verify sn failed
373 * @tc.type: FUNC
374 * @tc.require: NA
375 */
376 HWTEST_F(CfAttestationTest, CfAttestationTest003, TestSize.Level0)
377 {
378 HcfAttestCertVerifyParam *param = nullptr;
379 CfResult ret = HcfAttestCreateVerifyParam(¶m);
380 ASSERT_EQ(ret, CF_SUCCESS);
381
382 CfEncodingBlob rootCa = {0};
383 rootCa.encodingFormat = CF_FORMAT_PEM;
384 rootCa.data = reinterpret_cast<uint8_t *>(const_cast<char *>(EC_ROOT_CA));
385 rootCa.len = strlen(EC_ROOT_CA);
386 ret = HcfAttestSetVerifyParamRootCa(param, &rootCa);
387 ASSERT_EQ(ret, CF_SUCCESS);
388
389 HmAttestationSnInfo snInfos = { 0 };
390 snInfos.certSnInfos = const_cast<CertSnInfo *>(&SUB_CA_SUBJECT_INFO_ERROR[0]);
391 snInfos.num = 1;
392 ret = HcfAttestSetVerifyParamSnInfos(param, &snInfos);
393 ASSERT_EQ(ret, CF_SUCCESS);
394
395 char *chain = nullptr;
396 const char *certs[] = {EC_APP_CERT, EC_DEVICE_CERT, EC_SUB_CA_CERT};
397 int num = sizeof(certs) / sizeof(certs[0]);
398 int res = CreateCertChain(certs, num, &chain);
399 ASSERT_EQ(res, 0);
400 CfEncodingBlob certsChain = {0};
401 certsChain.encodingFormat = CF_FORMAT_PEM;
402 certsChain.data = reinterpret_cast<uint8_t *>(chain);
403 certsChain.len = strlen(chain);
404 HmAttestationInfo *info = nullptr;
405 ret= HcfAttestCertVerify(&certsChain, param, &info);
406 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
407
408 HcfAttestFreeVerifyParam(param);
409 CfFree(chain);
410 }
411
412 /**
413 * @tc.name: CfAttestationTest004
414 * @tc.desc: attestation cert verify failed
415 * @tc.type: FUNC
416 * @tc.require: NA
417 */
418 HWTEST_F(CfAttestationTest, CfAttestationTest004, TestSize.Level0)
419 {
420 HcfAttestCertVerifyParam *param = nullptr;
421 CfResult ret = HcfAttestCreateVerifyParam(¶m);
422 ASSERT_EQ(ret, CF_SUCCESS);
423
424 HmAttestationSnInfo snInfos = { 0 };
425 snInfos.certSnInfos = const_cast<CertSnInfo *>(&SUB_CA_SUBJECT_INFO[0]);
426 snInfos.num = SUB_CA_SUBJECT_INFO_LEN;
427 ret = HcfAttestSetVerifyParamSnInfos(param, &snInfos);
428 ASSERT_EQ(ret, CF_SUCCESS);
429
430 char *chain = nullptr;
431 const char *certs[] = {EC_APP_CERT, EC_DEVICE_CERT, EC_SUB_CA_CERT};
432 int num = sizeof(certs) / sizeof(certs[0]);
433 int res = CreateCertChain(certs, num, &chain);
434 ASSERT_EQ(res, 0);
435 CfEncodingBlob certsChain = {0};
436 certsChain.encodingFormat = CF_FORMAT_PEM;
437 certsChain.data = reinterpret_cast<uint8_t *>(chain);
438 certsChain.len = strlen(chain);
439 HmAttestationInfo *info = nullptr;
440 ret= HcfAttestCertVerify(&certsChain, param, &info);
441 ASSERT_EQ(ret, CF_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
442
443 HcfAttestFreeVerifyParam(param);
444 CfFree(chain);
445 }
446
447 /**
448 * @tc.name: CfAttestationTest005
449 * @tc.desc: attestation cert verify failed
450 * @tc.type: FUNC
451 * @tc.require: NA
452 */
453 HWTEST_F(CfAttestationTest, CfAttestationTest005, TestSize.Level0)
454 {
455 HcfAttestCertVerifyParam *param = nullptr;
456 CfResult ret = HcfAttestCreateVerifyParam(¶m);
457 ASSERT_EQ(ret, CF_SUCCESS);
458
459 CfEncodingBlob rootCa = {0};
460 rootCa.encodingFormat = CF_FORMAT_PEM;
461 rootCa.data = reinterpret_cast<uint8_t *>(const_cast<char *>(EC_ROOT_CA));
462 rootCa.len = strlen(EC_ROOT_CA);
463 ret = HcfAttestSetVerifyParamRootCa(param, &rootCa);
464 ASSERT_EQ(ret, CF_SUCCESS);
465
466 HmAttestationSnInfo snInfos = { 0 };
467 snInfos.certSnInfos = const_cast<CertSnInfo *>(&SUB_CA_SUBJECT_INFO[0]);
468 snInfos.num = SUB_CA_SUBJECT_INFO_LEN;
469 ret = HcfAttestSetVerifyParamSnInfos(param, &snInfos);
470 ASSERT_EQ(ret, CF_SUCCESS);
471
472 char *chain = nullptr;
473 const char *certs[] = {EC_APP_CERT, EC_SUB_CA_CERT, EC_DEVICE_CERT};
474 int num = sizeof(certs) / sizeof(certs[0]);
475 int res = CreateCertChain(certs, num, &chain);
476 ASSERT_EQ(res, 0);
477 CfEncodingBlob certsChain = {0};
478 certsChain.encodingFormat = CF_FORMAT_PEM;
479 certsChain.data = reinterpret_cast<uint8_t *>(chain);
480 certsChain.len = strlen(chain);
481 HmAttestationInfo *info = nullptr;
482 ret= HcfAttestCertVerify(&certsChain, param, &info);
483 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
484
485 HcfAttestFreeVerifyParam(param);
486 CfFree(chain);
487 }
488
489 /**
490 * @tc.name: CfAttestationTest006
491 * @tc.desc: nullptr param
492 * @tc.type: FUNC
493 * @tc.require: NA
494 */
495 HWTEST_F(CfAttestationTest, CfAttestationTest006, TestSize.Level0)
496 {
497 CfResult ret = HcfAttestCreateVerifyParam(nullptr);
498 ASSERT_EQ(ret, CF_NULL_POINTER);
499
500 ret = HcfAttestSetVerifyParamRootCa(nullptr, nullptr);
501 ASSERT_EQ(ret, CF_NULL_POINTER);
502
503 ret = HcfAttestSetVerifyParamSnInfos(nullptr, nullptr);
504 ASSERT_EQ(ret, CF_NULL_POINTER);
505
506 ret= HcfAttestCertVerify(nullptr, nullptr, nullptr);
507 ASSERT_EQ(ret, CF_NULL_POINTER);
508
509 HcfAttestFreeVerifyParam(nullptr);
510
511 ret = HcfAttestCertParseExtension(nullptr);
512 ASSERT_EQ(ret, CF_NULL_POINTER);
513
514 ret = HcfAttestCheckBoundedWithUdId(nullptr);
515 ASSERT_EQ(ret, CF_NULL_POINTER);
516
517 ret = HcfAttestCheckBoundedWithSocid(nullptr);
518 ASSERT_EQ(ret, CF_NULL_POINTER);
519
520 ret = GetHmKeyDescription(nullptr, nullptr);
521 ASSERT_EQ(ret, CF_NULL_POINTER);
522
523 FreeHmKeyDescription(nullptr);
524
525 ret = GetKeyDescriptionExt(nullptr, KM_TAG_ATTESTATION_ID_UDID, nullptr);
526 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
527
528 ret = GetHmAttestationRecord(nullptr, nullptr);
529 ASSERT_EQ(ret, CF_NULL_POINTER);
530 ret = GetDeviceCertSecureLevel(nullptr, nullptr);
531 ASSERT_EQ(ret, CF_NULL_POINTER);
532 ret = GetDeviceActivationCertExt(nullptr, nullptr);
533 ASSERT_EQ(ret, CF_NULL_POINTER);
534
535 ret = GetDeviceSecureLevel(nullptr, nullptr, nullptr);
536 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
537
538 ret = GetAttestCertExt(nullptr, KM_TAG_ATTESTATION_ID_SOCID, nullptr);
539 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
540
541 FreeHmAttestationRecord(nullptr);
542 FreeAttestationDevSecLevel(nullptr);
543 FreeDeviveActiveCertExt(nullptr);
544
545 bool res = CmpObjOid(nullptr, nullptr, 0);
546 ASSERT_EQ(res, false);
547
548 ret = FindCertExt(nullptr, nullptr, 0, nullptr);
549 ASSERT_EQ(ret, CF_NULL_POINTER);
550
551 ret = GetOctectOrUtf8Data(nullptr, nullptr);
552 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
553 }
554
555 /**
556 * @tc.name: CfAttestationTest007
557 * @tc.desc: FindCertExt test
558 * @tc.type: FUNC
559 * @tc.require: NA
560 */
561 HWTEST_F(CfAttestationTest, CfAttestationTest007, TestSize.Level0)
562 {
563 BIO *bio = BIO_new_mem_buf(RSA_APP_CERT, -1);
564 ASSERT_NE(bio, nullptr);
565 X509 *cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
566 ASSERT_NE(cert, nullptr);
567 BIO_free(bio);
568
569 const uint8_t oid[] = {0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x01};
570 X509_EXTENSION *extension = nullptr;
571 CfResult ret = FindCertExt(cert, oid, sizeof(oid) / sizeof(uint8_t), &extension);
572 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
573
574 const uint8_t keyUsageOid[] = {0x55, 0x1D, 0x0F};
575 ret = FindCertExt(cert, keyUsageOid, sizeof(keyUsageOid) / sizeof(uint8_t), &extension);
576 ASSERT_EQ(ret, CF_SUCCESS);
577 X509_free(cert);
578 }
579
580 const char *EC_CERT = "-----BEGIN CERTIFICATE-----\n"
581 "MIICqTCCAk+gAwIBAgIBATAKBggqhkjOPQQDAjBvMQswCQYDVQ\n"
582 "QGEwJDTjEPMA0GA1UECgwGSHVhd2VpMRMwEQYDVQQLDApIdWF3\n"
583 "ZWkgQ0JHMTowOAYDVQQDDDFIVUFXRUlfRFVNTVlfY2UyMzkxMT\n"
584 "AtYmE3Yy00MTgzLWEyMWItMWQzZmVlMWJmODAxMB4XDTI0MDcz\n"
585 "MDA4MDU0OFoXDTM0MDczMDA4MDU0OFowLDEqMCgGA1UEAxMhRG\n"
586 "V2aWNlIENlcnRpZmljYXRlIE1hbmFnZW1lbnQgS2V5MFkwEwYH\n"
587 "KoZIzj0CAQYIKoZIzj0DAQcDQgAE/dEvnvemtQcef2qD2vrzPc\n"
588 "5mg1cLZtr/sJ2+Yl7TqYwXfKxy7kmttZEcVO86EbN7VqYnp3BO\n"
589 "KiRtxjQvvWF+mKOCAR0wggEZMAsGA1UdDwQEAwIHgDAIBgNVHR\n"
590 "8EAQAwgf8GDCsGAQQBj1sCgngBAwSB7jCB6wIBADA0AgEABg0r\n"
591 "BgEEAY9bAoJ4AgEEBCAAAQIDBAUGBwgJCgsMDQ4PEBESExQVFh\n"
592 "cYGRobHB0eHzAcAgEDBg4rBgEEAY9bAoJ4AgIECgwHSURfVURJ\n"
593 "RDAdAgEDBg4rBgEEAY9bAoJ4AgIECQwISURfU09DSUQwHAIBAw\n"
594 "YOKwYBBAGPWwKCeAICBAEMB0lEX0lNRUkwHgIBAwYOKwYBBAGP\n"
595 "WwKCeAICBAMMCUlEX1NFUklBTDA1AgEDBg4rBgEEAY9bAoJ4Ag\n"
596 "ICCQQgbm5sYGE1NjAICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8w\n"
597 "CgYIKoZIzj0EAwIDSAAwRQIgflpGB+qDfK+0/sas+nFXzV4RS3\n"
598 "np+XpdrUQoDRqjQQACIQC6aPfMdND3VP3n/3BYDjatM0ZI9ms2\n"
599 "UHiE7qDAqjDGRw==\n"
600 "-----END CERTIFICATE-----";
601
602 const char *RSA_CERT = "-----BEGIN CERTIFICATE-----\n"
603 "MIID8zCCA5egAwIBAgIBATAMBggqhkjOPQQDAgUAMC8xGTAXBgNVBAUTEDY5N2Jj\n"
604 "NjRiNmNkNGMwMWUxEjAQBgNVBAwMCVN0cm9uZ0JveDAeFw03MDAxMDEwMDAwMDBa\n"
605 "Fw0yODA1MjMyMzU5NTlaMB8xHTAbBgNVBAMMFEFuZHJvaWQgS2V5c3RvcmUgS2V5\n"
606 "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECstYocmJbek7v23h3GMNnK7dU3fC\n"
607 "UstHmvOWiV63ueF0duOMAn44jo/yzPT7UKoaAy8Q4KMEUUTAtPI/8M6YzKOCArAw\n"
608 "ggKsMA4GA1UdDwEB/wQEAwIHgDCCApgGCisGAQQB1nkCAREEggKIMIIChAIBAwoB\n"
609 "AgIBBAoBAgQDYWJjBAAwggHNv4U9CAIGAWt5u/FKv4VFggG7BIIBtzCCAbMxggGL\n"
610 "MAwEB2FuZHJvaWQCAR0wGQQUY29tLmFuZHJvaWQua2V5Y2hhaW4CAR0wGQQUY29t\n"
611 "LmFuZHJvaWQuc2V0dGluZ3MCAR0wGQQUY29tLnF0aS5kaWFnc2VydmljZXMCAR0w\n"
612 "GgQVY29tLmFuZHJvaWQuZHluc3lzdGVtAgEdMB0EGGNvbS5hbmRyb2lkLmlucHV0\n"
613 "ZGV2aWNlcwIBHTAfBBpjb20uYW5kcm9pZC5sb2NhbHRyYW5zcG9ydAIBHTAfBBpj\n"
614 "b20uYW5kcm9pZC5sb2NhdGlvbi5mdXNlZAIBHTAfBBpjb20uYW5kcm9pZC5zZXJ2\n"
615 "ZXIudGVsZWNvbQIBHTAgBBtjb20uYW5kcm9pZC53YWxscGFwZXJiYWNrdXACAR0w\n"
616 "IQQcY29tLmdvb2dsZS5TU1Jlc3RhcnREZXRlY3RvcgIBHTAiBB1jb20uZ29vZ2xl\n"
617 "LmFuZHJvaWQuaGlkZGVubWVudQIBATAjBB5jb20uYW5kcm9pZC5wcm92aWRlcnMu\n"
618 "c2V0dGluZ3MCAR0xIgQgMBqjywgRNFAcRfFCKrxmwkIk/V3tX9yPF+aXF2/YZqow\n"
619 "gZ2hCDEGAgECAgEDogMCAQOjBAICAQClBTEDAgEEv4N3AgUAv4U+AwIBAL+FQEww\n"
620 "SgQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQAKAQIEIHKNsSdP\n"
621 "HxzxVx3kOAsEilVKxKOA529TVQg1KQhKk3gBv4VBAwIBAL+FQgUCAwMUs7+FTgYC\n"
622 "BAE0FfG/hU8GAgQBNBXsMAwGCCqGSM49BAMCBQADSAAwRQIgKYHTtsFSBwKkCelW\n"
623 "n0/SlsYZSQm9MWafyTO+uFblMHMCIQCvw4IiiEajx6WqDPPAnZO4NyKAj5tElqdD\n"
624 "FPaMKikScg==\n"
625 "-----END CERTIFICATE-----";
626
TestGetAttestCertExt(AttestationRecord * record)627 static void TestGetAttestCertExt(AttestationRecord *record)
628 {
629 CfResult ret;
630 HmAttestationCertExt ext = {0};
631 ret = GetAttestCertExt(record, ATTESTATION_KEY_PURPOSE, &ext);
632 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
633 ret = GetAttestCertExt(record, ATTESTATION_APP_ID_HAP_ID, &ext);
634 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
635 ret = GetAttestCertExt(record, ATTESTATION_APP_ID_SA_ID, &ext);
636 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
637 ret = GetAttestCertExt(record, ATTESTATION_APP_ID_UNIFIED_ID, &ext);
638 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
639 ret = GetAttestCertExt(record, ATTESTATION_APP_ID_UNIFIED_ID, &ext);
640 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
641 ret = GetAttestCertExt(record, ATTESTATION_CHALLENGE, &ext);
642 ASSERT_EQ(ret, CF_SUCCESS);
643 ret = GetAttestCertExt(record, ATTESTATION_KEY_FLAG, &ext);
644 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
645 ret = GetAttestCertExt(record, ATTESTATION_DIGEST, &ext);
646 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
647 ret = GetAttestCertExt(record, ATTESTATION_ENC_PADDING, &ext);
648 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
649 ret = GetAttestCertExt(record, ATTESTATION_SIGN_TYPE, &ext);
650 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
651 ret = GetAttestCertExt(record, ATTESTATION_VERSION_INFO, &ext);
652 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
653 ret = GetAttestCertExt(record, ATTESTATION_PURPOSE, &ext);
654 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
655 ret = GetAttestCertExt(record, ATTESTATION_ID_PADDING_FLAG, &ext);
656 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
657 ret = GetAttestCertExt(record, ATTESTATION_NONCE, &ext);
658 ASSERT_EQ(ret, CF_SUCCESS);
659 ret = GetAttestCertExt(record, ATTESTATION_IMEI, &ext);
660 ASSERT_EQ(ret, CF_SUCCESS);
661 ret = GetAttestCertExt(record, ATTESTATION_SERIAL, &ext);
662 ASSERT_EQ(ret, CF_SUCCESS);
663 ret = GetAttestCertExt(record, ATTESTATION_MEID, &ext);
664 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
665 ret = GetAttestCertExt(record, ATTESTATION_MODEL, &ext);
666 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
667 ret = GetAttestCertExt(record, ATTESTATION_SOCID, &ext);
668 ASSERT_EQ(ret, CF_SUCCESS);
669 ret = GetAttestCertExt(record, ATTESTATION_UDID, &ext);
670 ASSERT_EQ(ret, CF_SUCCESS);
671 ret = GetAttestCertExt(record, ATTESTATION_VERSION, &ext);
672 ASSERT_EQ(ret, CF_SUCCESS);
673 }
674
675 /**
676 * @tc.name: CfAttestationTest008
677 * @tc.desc: GetHmAttestationRecord ec test
678 * @tc.type: FUNC
679 * @tc.require: NA
680 */
681 HWTEST_F(CfAttestationTest, CfAttestationTest008, TestSize.Level0)
682 {
683 BIO *bio = BIO_new_mem_buf(EC_CERT, -1);
684 ASSERT_NE(bio, nullptr);
685 X509 *cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
686 ASSERT_NE(cert, nullptr);
687 BIO_free(bio);
688
689 AttestationRecord *record = nullptr;
690 CfResult ret = GetHmAttestationRecord(cert, &record);
691 ASSERT_EQ(ret, CF_SUCCESS);
692 TestGetAttestCertExt(record);
693 FreeHmAttestationRecord(record);
694 X509_free(cert);
695 }
696
TestGetKeyDescriptionBase(LegacyKeyDescription * record)697 static void TestGetKeyDescriptionBase(LegacyKeyDescription *record)
698 {
699 CfResult ret;
700 HmAttestationCertExt ext = {0};
701 ret = GetKeyDescriptionExt(record, LEGACY_VERSION, &ext);
702 ASSERT_EQ(ret, CF_SUCCESS);
703 ret = GetKeyDescriptionExt(record, LEGACY_SECURITY_LEVEL, &ext);
704 ASSERT_EQ(ret, CF_SUCCESS);
705 ret = GetKeyDescriptionExt(record, LEGACY_KM_VERSION, &ext);
706 ASSERT_EQ(ret, CF_SUCCESS);
707 ret = GetKeyDescriptionExt(record, LEGACY_KM_SECURITY_LEVEL, &ext);
708 ASSERT_EQ(ret, CF_SUCCESS);
709 ret = GetKeyDescriptionExt(record, LEGACY_CHALLENGE, &ext);
710 ASSERT_EQ(ret, CF_SUCCESS);
711 ret = GetKeyDescriptionExt(record, LEGACY_UNIQUE_ID, &ext);
712 ASSERT_EQ(ret, CF_SUCCESS);
713 }
714
TestGetHmKeyDescription(LegacyKeyDescription * record)715 static void TestGetHmKeyDescription(LegacyKeyDescription *record)
716 {
717 CfResult ret;
718 HmAttestationCertExt ext = {0};
719 ret = GetKeyDescriptionExt(record, KM_TAG_PURPOSE, &ext);
720 ASSERT_EQ(ret, CF_SUCCESS);
721 ret = GetKeyDescriptionExt(record, KM_TAG_ALGORITHM, &ext);
722 ASSERT_EQ(ret, CF_SUCCESS);
723 ret = GetKeyDescriptionExt(record, KM_TAG_KEY_SIZE, &ext);
724 ASSERT_EQ(ret, CF_SUCCESS);
725 ret = GetKeyDescriptionExt(record, KM_TAG_KEY_DIGEST, &ext);
726 ASSERT_EQ(ret, CF_SUCCESS);
727 ret = GetKeyDescriptionExt(record, KM_TAG_KEY_PADDING, &ext);
728 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
729 ret = GetKeyDescriptionExt(record, KM_TAG_EC_CURVE, &ext);
730 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
731 ret = GetKeyDescriptionExt(record, KM_TAG_RSA_PUBLIC_EXPONENT, &ext);
732 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
733 ret = GetKeyDescriptionExt(record, KM_TAG_NO_AUTH_REQUIRED, &ext);
734 ASSERT_EQ(ret, CF_SUCCESS);
735 ret = GetKeyDescriptionExt(record, KM_TAG_USER_AUTH_TYPE, &ext);
736 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
737 ret = GetKeyDescriptionExt(record, KM_TAG_CREATION_DATETIME, &ext);
738 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
739 ret = GetKeyDescriptionExt(record, KM_TAG_ORIGIN, &ext);
740 ASSERT_EQ(ret, CF_SUCCESS);
741 ret = GetKeyDescriptionExt(record, KM_TAG_OS_VERSION, &ext);
742 ASSERT_EQ(ret, CF_SUCCESS);
743 ret = GetKeyDescriptionExt(record, KM_TAG_OS_PATCH_LEVEL, &ext);
744 ASSERT_EQ(ret, CF_SUCCESS);
745 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_BRAND, &ext);
746 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
747 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_DEVICE, &ext);
748 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
749 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_PRODUCT, &ext);
750 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
751 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_SERIAL, &ext);
752 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
753 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_IMEI, &ext);
754 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
755 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_MEID, &ext);
756 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
757 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_MANUFACTURER, &ext);
758 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
759 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_MODEL, &ext);
760 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
761 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_SOCID, &ext); // integer
762 ASSERT_EQ(ret, CF_ERR_INVALID_EXTENSION);
763 ret = GetKeyDescriptionExt(record, KM_TAG_ATTESTATION_ID_UDID, &ext);
764 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
765 }
766
767 /**
768 * @tc.name: CfAttestationTest009
769 * @tc.desc: GetHmAttestationRecord rsa test
770 * @tc.type: FUNC
771 * @tc.require: NA
772 */
773 HWTEST_F(CfAttestationTest, CfAttestationTest009, TestSize.Level0)
774 {
775 BIO *bio = BIO_new_mem_buf(RSA_CERT, -1);
776 ASSERT_NE(bio, nullptr);
777 X509 *cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
778 ASSERT_NE(cert, nullptr);
779 BIO_free(bio);
780
781 LegacyKeyDescription *record = nullptr;
782 CfResult ret = GetHmKeyDescription(cert, &record);
783 ASSERT_EQ(ret, CF_SUCCESS);
784 TestGetKeyDescriptionBase(record);
785 TestGetHmKeyDescription(record);
786 FreeHmKeyDescription(record);
787 X509_free(cert);
788 }
789
790 /**
791 * @tc.name: CfAttestationTest010
792 * @tc.desc: Wrong number of certificates
793 * @tc.type: FUNC
794 * @tc.require: NA
795 */
796 HWTEST_F(CfAttestationTest, CfAttestationTest010, TestSize.Level0)
797 {
798 HmAttestationInfo *info = nullptr;
799 char *chain = nullptr;
800 const char *certs[] = {RSA_APP_CERT};
801 int num = sizeof(certs) / sizeof(certs[0]);
802 int res = CreateCertChain(certs, num, &chain);
803 ASSERT_EQ(res, 0);
804 CfEncodingBlob certsChain = {0};
805 certsChain.encodingFormat = CF_FORMAT_PEM;
806 certsChain.data = reinterpret_cast<uint8_t *>(chain);
807 certsChain.len = strlen(chain);
808 CfResult ret = HcfAttestCertVerify(&certsChain, nullptr, &info);
809 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
810 CfFree(chain);
811
812 chain = nullptr;
813 const char *certs2[] = {RSA_APP_CERT, RSA_DEVICE_CERT, RSA_SUB_CA_CERT, RSA_SUB_CA_CERT, RSA_SUB_CA_CERT,
814 RSA_SUB_CA_CERT};
815 num = sizeof(certs2) / sizeof(certs2[0]);
816 res = CreateCertChain(certs2, num, &chain);
817 ASSERT_EQ(res, 0);
818 certsChain.data = reinterpret_cast<uint8_t *>(chain);
819 certsChain.len = strlen(chain);
820 ret = HcfAttestCertVerify(&certsChain, nullptr, &info);
821 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
822 CfFree(chain);
823
824 chain = nullptr;
825 const char *certs3[] = {BAD_CERT};
826 num = sizeof(certs3) / sizeof(certs3[0]);
827 res = CreateCertChain(certs, num, &chain);
828 ASSERT_EQ(res, 0);
829 certsChain.data = reinterpret_cast<uint8_t *>(chain);
830 certsChain.len = strlen(chain);
831 ret = HcfAttestCertVerify(&certsChain, nullptr, &info);
832 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
833 CfFree(chain);
834 }
835
836 /**
837 * @tc.name: CfAttestationTest011
838 * @tc.desc: use built-in CA certificate, verify failed
839 * @tc.type: FUNC
840 * @tc.require: NA
841 */
842 HWTEST_F(CfAttestationTest, CfAttestationTest011, TestSize.Level0)
843 {
844 HmAttestationInfo *info = nullptr;
845 char *chain = nullptr;
846 const char *certs[] = {EC_APP_CERT, EC_DEVICE_CERT, EC_SUB_CA_CERT, EC_ROOT_CA};
847 int num = sizeof(certs) / sizeof(certs[0]);
848 int res = CreateCertChain(certs, num, &chain);
849 ASSERT_EQ(res, 0);
850 CfEncodingBlob certsChain = {0};
851 certsChain.encodingFormat = CF_FORMAT_PEM;
852 certsChain.data = reinterpret_cast<uint8_t *>(chain);
853 certsChain.len = strlen(chain);
854 CfResult ret = HcfAttestCertVerify(&certsChain, nullptr, &info);
855 ASSERT_EQ(ret, CF_ERR_CRYPTO_OPERATION);
856 CfFree(chain);
857 }
858
859 /**
860 * @tc.name: CfAttestationTest012
861 * @tc.desc: HcfAttestCertVerifyParam test
862 * @tc.type: FUNC
863 * @tc.require: NA
864 */
865 HWTEST_F(CfAttestationTest, CfAttestationTest012, TestSize.Level0)
866 {
867 HcfAttestCertVerifyParam *param = nullptr;
868 CfResult ret = HcfAttestCreateVerifyParam(¶m);
869 ASSERT_EQ(ret, CF_SUCCESS);
870
871 CfEncodingBlob rootCa = {0};
872 rootCa.encodingFormat = CF_FORMAT_PEM;
873 rootCa.data = reinterpret_cast<uint8_t *>(const_cast<char *>(EC_ROOT_CA));
874 rootCa.len = strlen(EC_ROOT_CA);
875 ret = HcfAttestSetVerifyParamRootCa(param, &rootCa);
876 ASSERT_EQ(ret, CF_SUCCESS);
877 ret = HcfAttestSetVerifyParamRootCa(param, &rootCa);
878 ASSERT_EQ(ret, CF_ERR_SHOULD_NOT_CALL);
879
880 HmAttestationSnInfo snInfos = { 0 };
881 snInfos.certSnInfos = const_cast<CertSnInfo *>(&SUB_CA_SUBJECT_INFO[0]);
882 snInfos.num = SUB_CA_SUBJECT_INFO_LEN;
883 ret = HcfAttestSetVerifyParamSnInfos(param, &snInfos);
884 ASSERT_EQ(ret, CF_SUCCESS);
885 ret = HcfAttestSetVerifyParamSnInfos(param, &snInfos);
886 ASSERT_EQ(ret, CF_ERR_SHOULD_NOT_CALL);
887 HcfAttestFreeVerifyParam(param);
888
889 ret = HcfAttestCreateVerifyParam(¶m);
890 ASSERT_EQ(ret, CF_SUCCESS);
891 rootCa.data = reinterpret_cast<uint8_t *>(const_cast<char *>(BAD_CERT));
892 rootCa.len = strlen(BAD_CERT);
893 ret = HcfAttestSetVerifyParamRootCa(param, &rootCa);
894 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
895 HcfAttestFreeVerifyParam(param);
896 }
897
898 const char *APP_CERT_HM = "-----BEGIN CERTIFICATE-----\n"
899 "MIIEHTCCA8KgAwIBAgIFBTPn/LEwCgYIKoZIzj0EAwIwTTEPMA0GA1UECgwGVEVT\n"
900 "VCBYMS0wKwYDVQQDDCRURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBERVZJ\n"
901 "Q0UxCzAJBgNVBAYTAkNOMB4XDTI1MDYxMTA5MTA0NloXDTQ1MDQwNzA5MTA0Nlow\n"
902 "ETEPMA0GA1UECwwGZnV0dXJlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGXqK\n"
903 "9yhyiPTpqUwlaQoRSv/+mhh2GIdTJItsJF88vVgUxqw4zjwFGLvjDAdK+fpqk1it\n"
904 "nXBqdUYBwdecU9c+k6OCAskwggLFMIICaQYMKwYBBAGPWwKCeAEDBIICVzCCAlMC\n"
905 "AQEwHwIBAQYNKwYBBAGPWwKCeAIBAQQLa2V5X3B1cnBvc2UwNAIBAQYNKwYBBAGP\n"
906 "WwKCeAIBAwQgMB4GDisGAQQBj1sCgngCAQMBBAxhcHBJRF9oYXBfaWQwHgIBAQYN\n"
907 "KwYBBAGPWwKCeAIBBAQKY2hhbmxsZW5nZTAcAgEBBg0rBgEEAY9bAoJ4AgEFBAhr\n"
908 "ZXlfZmxhZzAaAgEBBg0rBgEEAY9bAoJ4AgEIBAZkaWdlc3QwIAIBAQYNKwYBBAGP\n"
909 "WwKCeAIBCQQMc2lnbl9wYWRkaW5nMB8CAQEGDSsGAQQBj1sCgngCAQoEC2VuY19w\n"
910 "YWRkaW5nMB0CAQEGDSsGAQQBj1sCgngCAQsECXNpZ25fdHlwZTAhAgEBBg4rBgEE\n"
911 "AY9bAoJ4AgICBAQMdmVyc2lvbl9pbmZvMCYCAQEGDisGAQQBj1sCgngCAgIGBBFr\n"
912 "ZXlfbWFuYWdlcl90YV9pZDAWAgEBBg4rBgEEAY9bAoJ4AgICBwIBATAWAgEBBg4r\n"
913 "BgEEAY9bAoJ4AgICCAEBADAaAgEBBg4rBgEEAY9bAoJ4AgICCQQFbm9uY2UwGQIB\n"
914 "AQYOKwYBBAGPWwKCeAICBAEEBGltZWkwGQIBAQYOKwYBBAGPWwKCeAICBAIEBG1l\n"
915 "aWQwGwIBAQYOKwYBBAGPWwKCeAICBAMEBnNlcmlhbDAaAgEBBg4rBgEEAY9bAoJ4\n"
916 "AgIECAQFbW9kZWwwGgIBAQYOKwYBBAGPWwKCeAICBAkEBXNvY2lkMBkCAQEGDisG\n"
917 "AQQBj1sCgngCAgQKBAR1ZGlkMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgXgMB0GA1Ud\n"
918 "DgQWBBStGuOfFobr5l3NyIFGEXKsB0sfdTAfBgNVHSMEGDAWgBQPv0aZM32Ue16i\n"
919 "rkp+/UWhP7v+lDAKBggqhkjOPQQDAgNJADBGAiEA1c4KtlsR8COuMWmQcE1kbcBq\n"
920 "m9Yql1BuARHL7As8eOACIQDVKR7mKXoRV6mWJHebFIka0FrOmUtxrMw6A7/R7M23\n"
921 "kA==\n"
922 "-----END CERTIFICATE-----";
923 const char *APP_CERT_HM_CA = "-----BEGIN CERTIFICATE-----\n"
924 "MIICYTCCAgigAwIBAgIFAt/cGLIwCgYIKoZIzj0EAwIwSzEPMA0GA1UECgwGVEVT\n"
925 "VCBYMSswKQYDVQQDDCJURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBDQSAx\n"
926 "MQswCQYDVQQGEwJDTjAeFw0yNTA2MTEwOTEwNDZaFw00NTA0MDcwOTEwNDZaME0x\n"
927 "DzANBgNVBAoMBlRFU1QgWDEtMCsGA1UEAwwkVEVTVCBYIEVDQyBEZXZpY2UgQXR0\n"
928 "ZXN0YXRpb24gREVWSUNFMQswCQYDVQQGEwJDTjBZMBMGByqGSM49AgEGCCqGSM49\n"
929 "AwEHA0IABB9z62x5cIqCb0l2+94sF5puhw+h+JFXzK4xROIFKuBMF51uJ/Ru77uT\n"
930 "C/PgWbX+za0Lk0Qo7Ggy0Xs03flsBzOjgdYwgdMwWQYMKwYBBAGPWwKCeAEFBEkw\n"
931 "RwIBATAgAgEBBg0rBgEEAY9bAoJ4AQUBBAwxMjM0NTY3ODkwMDEwIAIBAQYNKwYB\n"
932 "BAGPWwKCeAEFAgQMMTIzNDU2Nzg5MDAyMBgGDCsGAQQBj1sCgngBAQQIMAYCAQEK\n"
933 "AQIwHQYDVR0OBBYEFA+/RpkzfZR7XqKuSn79RaE/u/6UMB8GA1UdIwQYMBaAFLaQ\n"
934 "Bh8fH+UmPI7qUZ1X8FxfFC0uMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG\n"
935 "MAoGCCqGSM49BAMCA0cAMEQCIBeoLU+c0bOq5sBTulvXB1ExhN4AuN/BY9rnPYO8\n"
936 "Czy5AiBVk30qH+UExeD9gbh+nRsWm+kJttJfnm1PuzxknA28xA==\n"
937 "-----END CERTIFICATE-----";
938 const char *APP_CERT_HM_CA_CA = "-----BEGIN CERTIFICATE-----\n"
939 "MIIB4TCCAYegAwIBAgIFAt/cGLIwCgYIKoZIzj0EAwIwQzEPMA0GA1UECgwGVEVT\n"
940 "VCBYMTAwLgYDVQQDDCdURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBSb290\n"
941 "IENBIDEwHhcNMjUwNjExMDkxMDQ2WhcNNDUwNDA3MDkxMDQ2WjBLMQ8wDQYDVQQK\n"
942 "DAZURVNUIFgxKzApBgNVBAMMIlRFU1QgWCBFQ0MgRGV2aWNlIEF0dGVzdGF0aW9u\n"
943 "IENBIDExCzAJBgNVBAYTAkNOMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERn/d\n"
944 "cxxC3CnQXUWuyFQNjOSh+W3YJasPvYAWLEks8HbTZDIRkA026TLNZkCGaogr13PU\n"
945 "4AaQ136lqU3nh4aFkKNgMF4wHQYDVR0OBBYEFLaQBh8fH+UmPI7qUZ1X8FxfFC0u\n"
946 "MB8GA1UdIwQYMBaAFObuOKqjI4nQ0hBjLSXtAHqkq5nfMA8GA1UdEwEB/wQFMAMB\n"
947 "Af8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0gAMEUCIQCMG1GEOthyP8c+8yRr\n"
948 "dbUGSzC1cFeUfqvZHbV03ryBtQIgBzx1Gd7SK4ytgvkGuHPViMaEstZKIFbZpJbT\n"
949 "hScQLm0=\n"
950 "-----END CERTIFICATE-----";
951 const char *APP_CERT_HM_CA_CA_CA = "-----BEGIN CERTIFICATE-----\n"
952 "MIIB2jCCAX+gAwIBAgIFAt/cGLEwCgYIKoZIzj0EAwIwQzEPMA0GA1UECgwGVEVT\n"
953 "VCBYMTAwLgYDVQQDDCdURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBSb290\n"
954 "IENBIDEwHhcNMjUwNjExMDkxMDQ2WhcNNDUwNDA3MDkxMDQ2WjBDMQ8wDQYDVQQK\n"
955 "DAZURVNUIFgxMDAuBgNVBAMMJ1RFU1QgWCBFQ0MgRGV2aWNlIEF0dGVzdGF0aW9u\n"
956 "IFJvb3QgQ0EgMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNM+ugXYvVwmi4nX\n"
957 "3Qg3C1wAa20fLAfWV3Grt6SdBBIpAZN3gBfsTW6K7jUibU89KcMCxTl/kFFp0e0V\n"
958 "3d9y+qSjYDBeMB0GA1UdDgQWBBTm7jiqoyOJ0NIQYy0l7QB6pKuZ3zAfBgNVHSME\n"
959 "GDAWgBTm7jiqoyOJ0NIQYy0l7QB6pKuZ3zAPBgNVHRMBAf8EBTADAQH/MAsGA1Ud\n"
960 "DwQEAwIBBjAKBggqhkjOPQQDAgNJADBGAiEA+2uLSqMByXRUht4TYniLJ49XHJ/o\n"
961 "HNDvXTx0p1G+hmwCIQDJdBYp2XCgzbBIvC6iFLSM2uvkAKlfjOudTV3Ym25OyA==\n"
962 "-----END CERTIFICATE-----";
963
TestGetAttestCertExtALL(AttestationRecord * record)964 static void TestGetAttestCertExtALL(AttestationRecord *record)
965 {
966 CfResult ret;
967 HmAttestationCertExt ext = {0};
968 ret = GetAttestCertExt(record, ATTESTATION_KEY_PURPOSE, &ext);
969 ASSERT_EQ(ret, CF_SUCCESS);
970 ret = GetAttestCertExt(record, ATTESTATION_APP_ID_HAP_ID, &ext);
971 ASSERT_EQ(ret, CF_SUCCESS);
972 ret = GetAttestCertExt(record, ATTESTATION_APP_ID_SA_ID, &ext);
973 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
974 ret = GetAttestCertExt(record, ATTESTATION_APP_ID_UNIFIED_ID, &ext);
975 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
976 ret = GetAttestCertExt(record, ATTESTATION_CHALLENGE, &ext);
977 ASSERT_EQ(ret, CF_SUCCESS);
978 ret = GetAttestCertExt(record, ATTESTATION_KEY_FLAG, &ext);
979 ASSERT_EQ(ret, CF_SUCCESS);
980 ret = GetAttestCertExt(record, ATTESTATION_DIGEST, &ext);
981 ASSERT_EQ(ret, CF_SUCCESS);
982 ret = GetAttestCertExt(record, ATTESTATION_ENC_PADDING, &ext);
983 ASSERT_EQ(ret, CF_SUCCESS);
984 ret = GetAttestCertExt(record, ATTESTATION_SIGN_TYPE, &ext);
985 ASSERT_EQ(ret, CF_SUCCESS);
986 ret = GetAttestCertExt(record, ATTESTATION_VERSION_INFO, &ext);
987 ASSERT_EQ(ret, CF_SUCCESS);
988 ret = GetAttestCertExt(record, ATTESTATION_PURPOSE, &ext);
989 ASSERT_EQ(ret, CF_SUCCESS);
990 ret = GetAttestCertExt(record, ATTESTATION_ID_PADDING_FLAG, &ext);
991 ASSERT_EQ(ret, CF_SUCCESS);
992 ret = GetAttestCertExt(record, ATTESTATION_NONCE, &ext);
993 ASSERT_EQ(ret, CF_SUCCESS);
994 ret = GetAttestCertExt(record, ATTESTATION_IMEI, &ext);
995 ASSERT_EQ(ret, CF_SUCCESS);
996 ret = GetAttestCertExt(record, ATTESTATION_SERIAL, &ext);
997 ASSERT_EQ(ret, CF_SUCCESS);
998 ret = GetAttestCertExt(record, ATTESTATION_MEID, &ext);
999 ASSERT_EQ(ret, CF_SUCCESS);
1000 ret = GetAttestCertExt(record, ATTESTATION_MODEL, &ext);
1001 ASSERT_EQ(ret, CF_SUCCESS);
1002 ret = GetAttestCertExt(record, ATTESTATION_SOCID, &ext);
1003 ASSERT_EQ(ret, CF_SUCCESS);
1004 ret = GetAttestCertExt(record, ATTESTATION_UDID, &ext);
1005 ASSERT_EQ(ret, CF_SUCCESS);
1006 ret = GetAttestCertExt(record, ATTESTATION_VERSION, &ext);
1007 ASSERT_EQ(ret, CF_SUCCESS);
1008 }
1009
1010 /**
1011 * @tc.name: CfAttestationTest013
1012 * @tc.desc: GetHmAttestationRecord all ext
1013 * @tc.type: FUNC
1014 * @tc.require: NA
1015 */
1016 HWTEST_F(CfAttestationTest, CfAttestationTest013, TestSize.Level0)
1017 {
1018 BIO *bio = BIO_new_mem_buf(APP_CERT_HM, -1);
1019 ASSERT_NE(bio, nullptr);
1020 X509 *cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
1021 ASSERT_NE(cert, nullptr);
1022 BIO_free(bio);
1023
1024 AttestationRecord *record = nullptr;
1025 CfResult ret = GetHmAttestationRecord(cert, &record);
1026 ASSERT_EQ(ret, CF_SUCCESS);
1027 TestGetAttestCertExtALL(record);
1028 FreeHmAttestationRecord(record);
1029 X509_free(cert);
1030 }
1031
GetHcfAttestCertVerifyParam(const char * in)1032 static HcfAttestCertVerifyParam *GetHcfAttestCertVerifyParam(const char *in)
1033 {
1034 HcfAttestCertVerifyParam *param = nullptr;
1035 CfResult ret = HcfAttestCreateVerifyParam(¶m);
1036 if (ret != CF_SUCCESS) {
1037 return nullptr;
1038 }
1039 ret = HcfAttestSetVerifyParamCheckTime(param, true);
1040 if (ret != CF_SUCCESS) {
1041 HcfAttestFreeVerifyParam(param);
1042 return nullptr;
1043 }
1044 CfEncodingBlob rootCa = {0};
1045 rootCa.encodingFormat = CF_FORMAT_PEM;
1046 rootCa.data = reinterpret_cast<uint8_t *>(const_cast<char *>(in));
1047 rootCa.len = strlen(in);
1048 ret = HcfAttestSetVerifyParamRootCa(param, &rootCa);
1049 if (ret != CF_SUCCESS) {
1050 HcfAttestFreeVerifyParam(param);
1051 return nullptr;
1052 }
1053
1054 return param;
1055 }
1056 /**
1057 * @tc.name: CfAttestationTest014
1058 * @tc.desc: HmAttestation cert test, include all ext, but decvice id is invalid
1059 * @tc.type: FUNC
1060 * @tc.require: NA
1061 */
1062 HWTEST_F(CfAttestationTest, CfAttestationTest014, TestSize.Level0)
1063 {
1064 HcfAttestCertVerifyParam *param = GetHcfAttestCertVerifyParam(APP_CERT_HM_CA_CA_CA);
1065 ASSERT_NE(param, nullptr);
1066
1067 char *chain = nullptr;
1068 const char *certs[] = {APP_CERT_HM, APP_CERT_HM_CA, APP_CERT_HM_CA_CA};
1069 int num = sizeof(certs) / sizeof(certs[0]);
1070 int res = CreateCertChain(certs, num, &chain);
1071 ASSERT_EQ(res, 0);
1072
1073 CfEncodingBlob data = {0};
1074 data.encodingFormat = CF_FORMAT_PEM;
1075 data.data = reinterpret_cast<uint8_t *>(chain);
1076 data.len = strlen(chain);
1077 HmAttestationInfo *info = nullptr;
1078 CfResult ret = HcfAttestCertVerify(&data, param, &info);
1079 ASSERT_EQ(ret, CF_SUCCESS);
1080
1081 ret = HcfAttestCertParseExtension(info);
1082 ASSERT_EQ(ret, CF_SUCCESS);
1083
1084 ret = HcfAttestCheckBoundedWithUdId(info);
1085 ASSERT_EQ(ret, CF_ERR_INVALID_EXTENSION);
1086
1087 ret = HcfAttestCheckBoundedWithSocid(info);
1088 ASSERT_EQ(ret, CF_ERR_INVALID_EXTENSION);
1089
1090 HmAttestationCertExt ext = { 0 };
1091 ret = HcfAttestGetCertExtension(info, DEVICE_ACTIVATION_DEVICE_ID1, &ext);
1092 ASSERT_EQ(ret, CF_SUCCESS);
1093 ret = HcfAttestGetCertExtension(info, ATTESTATION_ENC_PADDING, &ext);
1094 ASSERT_EQ(ret, CF_SUCCESS);
1095 ret = HcfAttestGetCertExtension(info, ATTESTATION_CERT_EXT_TYPE_MAX, &ext);
1096 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
1097
1098 ret = HcfAttestGetCertExtension(info, LEGACY_VERSION, &ext);
1099 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
1100 ret = HcfAttestGetCertExtension(info, KM_TAG_TYPE_MAX, &ext);
1101 ASSERT_EQ(ret, CF_ERR_PARAMETER_CHECK);
1102 HcfAttestInfoFree(info);
1103
1104 HcfAttestFreeVerifyParam(param);
1105 CfFree(chain);
1106 }
1107
1108 const char *CERT_NULL_DEVICE_ID_AND_SECURITY_LEVEL = "-----BEGIN CERTIFICATE-----\n"
1109 "MIICEDCCAbegAwIBAgIFAt/cGLIwCgYIKoZIzj0EAwIwSzEPMA0GA1UECgwGVEVT\n"
1110 "VCBYMSswKQYDVQQDDCJURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBDQSAx\n"
1111 "MQswCQYDVQQGEwJDTjAeFw0yNTA2MTExMTE2MzJaFw00NTA0MDcxMTE2MzJaME0x\n"
1112 "DzANBgNVBAoMBlRFU1QgWDEtMCsGA1UEAwwkVEVTVCBYIEVDQyBEZXZpY2UgQXR0\n"
1113 "ZXN0YXRpb24gREVWSUNFMQswCQYDVQQGEwJDTjBZMBMGByqGSM49AgEGCCqGSM49\n"
1114 "AwEHA0IABKajoZhKBUabke4UMgHfBo21qVDxcahoeuN7xkXWjZ3Y1L9xlDSimwbu\n"
1115 "Qik4boItfPbOqgGfbV2mpZu7pVXWXmqjgYUwgYIwEAYMKwYBBAGPWwKCeAEFBAAw\n"
1116 "EAYMKwYBBAGPWwKCeAEBBAAwHQYDVR0OBBYEFEZHzj9m6AMkUPwOSvcQlrexySFU\n"
1117 "MB8GA1UdIwQYMBaAFLaQBh8fH+UmPI7qUZ1X8FxfFC0uMA8GA1UdEwEB/wQFMAMB\n"
1118 "Af8wCwYDVR0PBAQDAgEGMAoGCCqGSM49BAMCA0cAMEQCIBa5ZHOp9LqbFxbcGD2H\n"
1119 "d7YupzRWKNE8WT4Xn7AHrD28AiAbDQ3dEEzGsU91dKWU9nx5eVqGU560Lxya80SY\n"
1120 "CnpHmw==\n"
1121 "-----END CERTIFICATE-----";
1122 /**
1123 * @tc.name: CfAttestationTest015
1124 * @tc.desc: test GetDeviceCertSecureLevel with null null security level
1125 * @tc.type: FUNC
1126 * @tc.require: NA
1127 */
1128 HWTEST_F(CfAttestationTest, CfAttestationTest015, TestSize.Level0)
1129 {
1130 BIO *bio = BIO_new_mem_buf(CERT_NULL_DEVICE_ID_AND_SECURITY_LEVEL, -1);
1131 ASSERT_NE(bio, nullptr);
1132 X509 *cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
1133 BIO_free(bio);
1134 ASSERT_NE(cert, nullptr);
1135
1136 DeviceCertSecureLevel *record = nullptr;
1137 CfResult ret = GetDeviceCertSecureLevel(cert, &record);
1138 ASSERT_EQ(ret, CF_ERR_INVALID_EXTENSION);
1139 X509_free(cert);
1140 }
1141
1142 /**
1143 * @tc.name: CfAttestationTest016
1144 * @tc.desc: test GetDeviceActivationCertExt with null device
1145 * @tc.type: FUNC
1146 * @tc.require: NA
1147 */
1148 HWTEST_F(CfAttestationTest, CfAttestationTest016, TestSize.Level0)
1149 {
1150 BIO *bio = BIO_new_mem_buf(CERT_NULL_DEVICE_ID_AND_SECURITY_LEVEL, -1);
1151 ASSERT_NE(bio, nullptr);
1152 X509 *cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
1153 ASSERT_NE(cert, nullptr);
1154 BIO_free(bio);
1155
1156 DeviceActivationCertExt *record = nullptr;
1157 CfResult ret = GetDeviceActivationCertExt(cert, &record);
1158 ASSERT_EQ(ret, CF_ERR_EXTENSION_NOT_EXIST);
1159 X509_free(cert);
1160 }
1161
1162 const char *CERT_INVALID_DEVICE_ID_AND_SECURITY_LEVEL = "-----BEGIN CERTIFICATE-----\n"
1163 "MIICYDCCAgagAwIBAgIFAt/cGLIwCgYIKoZIzj0EAwIwSzEPMA0GA1UECgwGVEVT\n"
1164 "VCBYMSswKQYDVQQDDCJURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBDQSAx\n"
1165 "MQswCQYDVQQGEwJDTjAeFw0yNTA2MTExMTU3MDFaFw00NTA0MDcxMTU3MDFaME0x\n"
1166 "DzANBgNVBAoMBlRFU1QgWDEtMCsGA1UEAwwkVEVTVCBYIEVDQyBEZXZpY2UgQXR0\n"
1167 "ZXN0YXRpb24gREVWSUNFMQswCQYDVQQGEwJDTjBZMBMGByqGSM49AgEGCCqGSM49\n"
1168 "AwEHA0IABN7OsIvfUXFRNlIE1dtIyyf3T2reOWXUQDT0g2PgtOhk1MjkVx97ZqjQ\n"
1169 "Qklwlz2rJDbXOu34iSu4Pxb6KXtJv7WjgdQwgdEwWAYMKwYBBAGPWwKCeAEFBEgw\n"
1170 "RwIBATAgAgEBBg0rBgEEAY9bAoJ4AQUBBAwxMjM0NTY3ODkwMDEwIAIBAQYNKwYB\n"
1171 "BAGPWwKCeAEFAgQMMTIzNDU2Nzg5MDAwFwYMKwYBBAGPWwKCeAEBBAcwBgIBAQoB\n"
1172 "MB0GA1UdDgQWBBSVRRxZG7bnarFjpfzmAAcrlC26TTAfBgNVHSMEGDAWgBS2kAYf\n"
1173 "Hx/lJjyO6lGdV/BcXxQtLjAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBBjAK\n"
1174 "BggqhkjOPQQDAgNIADBFAiBjBytvedpG7xs3n6VnnaukA9FomBNj98BuwOjOpR+5\n"
1175 "4wIhANBWv1ZSnuAZEYUebTVSy3MsJx2j7smszcileXQLz1pz\n"
1176 "-----END CERTIFICATE-----";
1177
1178 /**
1179 * @tc.name: CfAttestationTest017
1180 * @tc.desc: test GetDeviceCertSecureLevel with invalid security level or invlaid device id
1181 * @tc.type: FUNC
1182 * @tc.require: NA
1183 */
1184 HWTEST_F(CfAttestationTest, CfAttestationTest017, TestSize.Level0)
1185 {
1186 BIO *bio = BIO_new_mem_buf(CERT_INVALID_DEVICE_ID_AND_SECURITY_LEVEL, -1);
1187 ASSERT_NE(bio, nullptr);
1188 X509 *cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
1189 ASSERT_NE(cert, nullptr);
1190 BIO_free(bio);
1191
1192 DeviceCertSecureLevel *record = nullptr;
1193 CfResult ret = GetDeviceCertSecureLevel(cert, &record);
1194 ASSERT_EQ(ret, CF_ERR_INVALID_EXTENSION);
1195 X509_free(cert);
1196
1197 bio = BIO_new_mem_buf(CERT_INVALID_DEVICE_ID_AND_SECURITY_LEVEL, -1);
1198 ASSERT_NE(bio, nullptr);
1199 cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
1200 ASSERT_NE(cert, nullptr);
1201 BIO_free(bio);
1202
1203 DeviceActivationCertExt *record2 = nullptr;
1204 ret = GetDeviceActivationCertExt(cert, &record2);
1205 ASSERT_EQ(ret, CF_ERR_INVALID_EXTENSION);
1206 X509_free(cert);
1207 }
1208
1209 const char *CERT_INVALID_SECURITY_VERSION_VALUE = "-----BEGIN CERTIFICATE-----\n"
1210 "MIICYTCCAgigAwIBAgIFAt/cGLIwCgYIKoZIzj0EAwIwSzEPMA0GA1UECgwGVEVT\n"
1211 "VCBYMSswKQYDVQQDDCJURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBDQSAx\n"
1212 "MQswCQYDVQQGEwJDTjAeFw0yNTA2MTExMjAxMjdaFw00NTA0MDcxMjAxMjdaME0x\n"
1213 "DzANBgNVBAoMBlRFU1QgWDEtMCsGA1UEAwwkVEVTVCBYIEVDQyBEZXZpY2UgQXR0\n"
1214 "ZXN0YXRpb24gREVWSUNFMQswCQYDVQQGEwJDTjBZMBMGByqGSM49AgEGCCqGSM49\n"
1215 "AwEHA0IABB9z62x5cIqCb0l2+94sF5puhw+h+JFXzK4xROIFKuBMF51uJ/Ru77uT\n"
1216 "C/PgWbX+za0Lk0Qo7Ggy0Xs03flsBzOjgdYwgdMwWQYMKwYBBAGPWwKCeAEFBEkw\n"
1217 "RwIBATAgAgEBBg0rBgEEAY9bAoJ4AQUBBAwxMjM0NTY3ODkwMDEwIAIBAQYNKwYB\n"
1218 "BAGPWwKCeAEFAgQMMTIzNDU2Nzg5MDAyMBgGDCsGAQQBj1sCgngBAQQIMAYCAQgK\n"
1219 "AVowHQYDVR0OBBYEFA+/RpkzfZR7XqKuSn79RaE/u/6UMB8GA1UdIwQYMBaAFLaQ\n"
1220 "Bh8fH+UmPI7qUZ1X8FxfFC0uMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG\n"
1221 "MAoGCCqGSM49BAMCA0cAMEQCIHlo2270zqNh2BCmfwFR84ht1e0JY1fcuL4+GeiT\n"
1222 "aoJEAiBqdweHEpE3plYKuMWbVkDsC9TuY7jxUsWNm9inAuP11w==\n"
1223 "-----END CERTIFICATE-----\n";
1224
1225 const char *CERT_INVALID_SECURITY_LEVEL_VALUE = "-----BEGIN CERTIFICATE-----\n"
1226 "MIICYTCCAgigAwIBAgIFAt/cGLIwCgYIKoZIzj0EAwIwSzEPMA0GA1UECgwGVEVT\n"
1227 "VCBYMSswKQYDVQQDDCJURVNUIFggRUNDIERldmljZSBBdHRlc3RhdGlvbiBDQSAx\n"
1228 "MQswCQYDVQQGEwJDTjAeFw0yNTA2MTExMjE1NTJaFw00NTA0MDcxMjE1NTJaME0x\n"
1229 "DzANBgNVBAoMBlRFU1QgWDEtMCsGA1UEAwwkVEVTVCBYIEVDQyBEZXZpY2UgQXR0\n"
1230 "ZXN0YXRpb24gREVWSUNFMQswCQYDVQQGEwJDTjBZMBMGByqGSM49AgEGCCqGSM49\n"
1231 "AwEHA0IABB9z62x5cIqCb0l2+94sF5puhw+h+JFXzK4xROIFKuBMF51uJ/Ru77uT\n"
1232 "C/PgWbX+za0Lk0Qo7Ggy0Xs03flsBzOjgdYwgdMwWQYMKwYBBAGPWwKCeAEFBEkw\n"
1233 "RwIBATAgAgEBBg0rBgEEAY9bAoJ4AQUBBAwxMjM0NTY3ODkwMDEwIAIBAQYNKwYB\n"
1234 "BAGPWwKCeAEFAgQMMTIzNDU2Nzg5MDAyMBgGDCsGAQQBj1sCgngBAQQIMAYCAQEK\n"
1235 "AVowHQYDVR0OBBYEFA+/RpkzfZR7XqKuSn79RaE/u/6UMB8GA1UdIwQYMBaAFLaQ\n"
1236 "Bh8fH+UmPI7qUZ1X8FxfFC0uMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEG\n"
1237 "MAoGCCqGSM49BAMCA0cAMEQCIAlIo06mXpbJSgUbPO6IJzPBJhXtwhbU0bCvR1vt\n"
1238 "OfjwAiB+tTtC4GnrYFnA+RfjmL9Qy7hHqSrg0gWbR+Wf2MwEQw==\n"
1239 "-----END CERTIFICATE-----";
1240
1241 /**
1242 * @tc.name: CfAttestationTest018
1243 * @tc.desc: test GetDeviceActivationCertExt with invlaid security version value
1244 * @tc.type: FUNC
1245 * @tc.require: NA
1246 */
1247 HWTEST_F(CfAttestationTest, CfAttestationTest018, TestSize.Level0)
1248 {
1249 HcfAttestCertVerifyParam *param = GetHcfAttestCertVerifyParam(APP_CERT_HM_CA_CA_CA);
1250 ASSERT_NE(param, nullptr);
1251
1252 char *chain = nullptr;
1253 const char *certs[] = {APP_CERT_HM, CERT_INVALID_SECURITY_VERSION_VALUE, APP_CERT_HM_CA_CA};
1254 int num = sizeof(certs) / sizeof(certs[0]);
1255 int res = CreateCertChain(certs, num, &chain);
1256 ASSERT_EQ(res, 0);
1257
1258 CfEncodingBlob data = {0};
1259 data.encodingFormat = CF_FORMAT_PEM;
1260 data.data = reinterpret_cast<uint8_t *>(chain);
1261 data.len = strlen(chain);
1262 HmAttestationInfo *info = nullptr;
1263 CfResult ret = HcfAttestCertVerify(&data, param, &info);
1264 ASSERT_EQ(ret, CF_SUCCESS);
1265
1266 ret = HcfAttestCertParseExtension(info);
1267 ASSERT_EQ(ret, CF_ERR_INVALID_EXTENSION);
1268
1269 HcfAttestInfoFree(info);
1270
1271 HcfAttestFreeVerifyParam(param);
1272 CfFree(chain);
1273 }
1274
1275 /**
1276 * @tc.name: CfAttestationTest019
1277 * @tc.desc: test GetDeviceActivationCertExt with invlaid security level value
1278 * @tc.type: FUNC
1279 * @tc.require: NA
1280 */
1281 HWTEST_F(CfAttestationTest, CfAttestationTest019, TestSize.Level0)
1282 {
1283 HcfAttestCertVerifyParam *param = GetHcfAttestCertVerifyParam(APP_CERT_HM_CA_CA_CA);
1284 ASSERT_NE(param, nullptr);
1285
1286 char *chain = nullptr;
1287 const char *certs[] = {APP_CERT_HM, CERT_INVALID_SECURITY_LEVEL_VALUE, APP_CERT_HM_CA_CA};
1288 int num = sizeof(certs) / sizeof(certs[0]);
1289 int res = CreateCertChain(certs, num, &chain);
1290 ASSERT_EQ(res, 0);
1291
1292 CfEncodingBlob data = {0};
1293 data.encodingFormat = CF_FORMAT_PEM;
1294 data.data = reinterpret_cast<uint8_t *>(chain);
1295 data.len = strlen(chain);
1296 HmAttestationInfo *info = nullptr;
1297 CfResult ret = HcfAttestCertVerify(&data, param, &info);
1298 ASSERT_EQ(ret, CF_SUCCESS);
1299
1300 ret = HcfAttestCertParseExtension(info);
1301 ASSERT_EQ(ret, CF_ERR_INVALID_EXTENSION);
1302
1303 HcfAttestInfoFree(info);
1304
1305 HcfAttestFreeVerifyParam(param);
1306 CfFree(chain);
1307 }
1308
1309 } // namespace
1310