Loading identity/aidl/android/hardware/identity/IIdentityCredential.aidl +6 −7 Original line number Original line Diff line number Diff line Loading @@ -176,6 +176,10 @@ interface IIdentityCredential { * @param itemsRequest * @param itemsRequest * If non-empty, contains request data that is signed by the reader. See above. * If non-empty, contains request data that is signed by the reader. See above. * * * @param signingKeyBlob is either empty or a signingKeyBlob (see generateSigningKeyPair(), * below) containing the signing key to use to sign the data retrieved. If this * is not in the right format the call fails with STATUS_INVALID_DATA. * * @param sessionTranscript * @param sessionTranscript * Either empty or the CBOR of the SessionTranscript. See above. * Either empty or the CBOR of the SessionTranscript. See above. * * Loading @@ -195,8 +199,7 @@ interface IIdentityCredential { * and remove the corresponding requests from the counts. * and remove the corresponding requests from the counts. */ */ void startRetrieval(in SecureAccessControlProfile[] accessControlProfiles, void startRetrieval(in SecureAccessControlProfile[] accessControlProfiles, in HardwareAuthToken authToken, in HardwareAuthToken authToken, in byte[] itemsRequest, in byte[] signingKeyBlob, in byte[] itemsRequest, in byte[] sessionTranscript, in byte[] readerSignature, in int[] requestCounts); in byte[] sessionTranscript, in byte[] readerSignature, in int[] requestCounts); /** /** Loading Loading @@ -254,10 +257,6 @@ interface IIdentityCredential { * If signingKeyBlob or the sessionTranscript parameter passed to startRetrieval() is * If signingKeyBlob or the sessionTranscript parameter passed to startRetrieval() is * empty then the returned MAC will be empty. * empty then the returned MAC will be empty. * * * @param signingKeyBlob is either empty or a signingKeyBlob (see generateSigningKeyPair(), * below) containing the signing key to use to sign the data retrieved. If this * is not in the right format the call fails with STATUS_INVALID_DATA. * * @param out mac is empty if signingKeyBlob or the sessionTranscript passed to * @param out mac is empty if signingKeyBlob or the sessionTranscript passed to * startRetrieval() is empty. Otherwise it is a COSE_Mac0 with empty payload * startRetrieval() is empty. Otherwise it is a COSE_Mac0 with empty payload * and the detached content is set to DeviceAuthentication as defined below. * and the detached content is set to DeviceAuthentication as defined below. Loading Loading @@ -304,7 +303,7 @@ interface IIdentityCredential { * * * @param out deviceNameSpaces the bytes of DeviceNameSpaces. * @param out deviceNameSpaces the bytes of DeviceNameSpaces. */ */ void finishRetrieval(in byte[] signingKeyBlob, out byte[] mac, out byte[] deviceNameSpaces); void finishRetrieval(out byte[] mac, out byte[] deviceNameSpaces); /** /** * Generate a key pair to be used for signing session data and retrieved data items. * Generate a key pair to be used for signing session data and retrieved data items. Loading identity/aidl/default/IdentityCredential.cpp +7 −8 Original line number Original line Diff line number Diff line Loading @@ -256,8 +256,8 @@ bool checkUserAuthentication(const SecureAccessControlProfile& profile, ndk::ScopedAStatus IdentityCredential::startRetrieval( ndk::ScopedAStatus IdentityCredential::startRetrieval( const vector<SecureAccessControlProfile>& accessControlProfiles, const vector<SecureAccessControlProfile>& accessControlProfiles, const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS, const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS, const vector<int8_t>& sessionTranscriptS, const vector<int8_t>& readerSignatureS, const vector<int8_t>& signingKeyBlobS, const vector<int8_t>& sessionTranscriptS, const vector<int32_t>& requestCounts) { const vector<int8_t>& readerSignatureS, const vector<int32_t>& requestCounts) { auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS); auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS); auto itemsRequest = byteStringToUnsigned(itemsRequestS); auto itemsRequest = byteStringToUnsigned(itemsRequestS); auto readerSignature = byteStringToUnsigned(readerSignatureS); auto readerSignature = byteStringToUnsigned(readerSignatureS); Loading Loading @@ -498,6 +498,7 @@ ndk::ScopedAStatus IdentityCredential::startRetrieval( currentNameSpace_ = ""; currentNameSpace_ = ""; itemsRequest_ = itemsRequest; itemsRequest_ = itemsRequest; signingKeyBlob_ = byteStringToUnsigned(signingKeyBlobS); numStartRetrievalCalls_ += 1; numStartRetrievalCalls_ += 1; return ndk::ScopedAStatus::ok(); return ndk::ScopedAStatus::ok(); Loading Loading @@ -650,11 +651,8 @@ ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>& return ndk::ScopedAStatus::ok(); return ndk::ScopedAStatus::ok(); } } ndk::ScopedAStatus IdentityCredential::finishRetrieval(const vector<int8_t>& signingKeyBlobS, ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac, vector<int8_t>* outMac, vector<int8_t>* outDeviceNameSpaces) { vector<int8_t>* outDeviceNameSpaces) { auto signingKeyBlob = byteStringToUnsigned(signingKeyBlobS); if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) { if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) { deviceNameSpacesMap_.add(currentNameSpace_, deviceNameSpacesMap_.add(currentNameSpace_, std::move(currentNameSpaceDeviceNameSpacesMap_)); std::move(currentNameSpaceDeviceNameSpacesMap_)); Loading @@ -664,7 +662,8 @@ ndk::ScopedAStatus IdentityCredential::finishRetrieval(const vector<int8_t>& sig // If there's no signing key or no sessionTranscript or no reader ephemeral // If there's no signing key or no sessionTranscript or no reader ephemeral // public key, we return the empty MAC. // public key, we return the empty MAC. optional<vector<uint8_t>> mac; optional<vector<uint8_t>> mac; if (signingKeyBlob.size() > 0 && sessionTranscript_.size() > 0 && readerPublicKey_.size() > 0) { if (signingKeyBlob_.size() > 0 && sessionTranscript_.size() > 0 && readerPublicKey_.size() > 0) { cppbor::Array array; cppbor::Array array; array.add("DeviceAuthentication"); array.add("DeviceAuthentication"); array.add(sessionTranscriptItem_->clone()); array.add(sessionTranscriptItem_->clone()); Loading @@ -674,7 +673,7 @@ ndk::ScopedAStatus IdentityCredential::finishRetrieval(const vector<int8_t>& sig vector<uint8_t> docTypeAsBlob(docType_.begin(), docType_.end()); vector<uint8_t> docTypeAsBlob(docType_.begin(), docType_.end()); optional<vector<uint8_t>> signingKey = optional<vector<uint8_t>> signingKey = support::decryptAes128Gcm(storageKey_, signingKeyBlob, docTypeAsBlob); support::decryptAes128Gcm(storageKey_, signingKeyBlob_, docTypeAsBlob); if (!signingKey) { if (!signingKey) { return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( IIdentityCredentialStore::STATUS_INVALID_DATA, IIdentityCredentialStore::STATUS_INVALID_DATA, Loading identity/aidl/default/IdentityCredential.h +4 −3 Original line number Original line Diff line number Diff line Loading @@ -54,14 +54,14 @@ class IdentityCredential : public BnIdentityCredential { ndk::ScopedAStatus startRetrieval( ndk::ScopedAStatus startRetrieval( const vector<SecureAccessControlProfile>& accessControlProfiles, const vector<SecureAccessControlProfile>& accessControlProfiles, const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest, const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest, const vector<int8_t>& sessionTranscript, const vector<int8_t>& readerSignature, const vector<int8_t>& signingKeyBlob, const vector<int8_t>& sessionTranscript, const vector<int32_t>& requestCounts) override; const vector<int8_t>& readerSignature, const vector<int32_t>& requestCounts) override; ndk::ScopedAStatus startRetrieveEntryValue( ndk::ScopedAStatus startRetrieveEntryValue( const string& nameSpace, const string& name, int32_t entrySize, const string& nameSpace, const string& name, int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override; const vector<int32_t>& accessControlProfileIds) override; ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent, ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent, vector<int8_t>* outContent) override; vector<int8_t>* outContent) override; ndk::ScopedAStatus finishRetrieval(const vector<int8_t>& signingKeyBlob, vector<int8_t>* outMac, ndk::ScopedAStatus finishRetrieval(vector<int8_t>* outMac, vector<int8_t>* outDeviceNameSpaces) override; vector<int8_t>* outDeviceNameSpaces) override; ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob, ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) override; Certificate* outSigningKeyCertificate) override; Loading @@ -88,6 +88,7 @@ class IdentityCredential : public BnIdentityCredential { // Set at startRetrieval() time. // Set at startRetrieval() time. map<int32_t, int> profileIdToAccessCheckResult_; map<int32_t, int> profileIdToAccessCheckResult_; vector<uint8_t> signingKeyBlob_; vector<uint8_t> sessionTranscript_; vector<uint8_t> sessionTranscript_; std::unique_ptr<cppbor::Item> sessionTranscriptItem_; std::unique_ptr<cppbor::Item> sessionTranscriptItem_; vector<uint8_t> itemsRequest_; vector<uint8_t> itemsRequest_; Loading identity/aidl/vts/VtsHalIdentityTargetTest.cpp +8 −8 Original line number Original line Diff line number Diff line Loading @@ -352,10 +352,15 @@ TEST_P(IdentityAidl, createAndRetrieveCredential) { readerCertificate.value()); readerCertificate.value()); ASSERT_TRUE(readerSignature); ASSERT_TRUE(readerSignature); // Generate the key that will be used to sign AuthenticatedData. vector<uint8_t> signingKeyBlob; Certificate signingKeyCertificate; ASSERT_TRUE(credential->generateSigningKeyPair(&signingKeyBlob, &signingKeyCertificate).isOk()); ASSERT_TRUE(credential ASSERT_TRUE(credential ->startRetrieval(returnedSecureProfiles, authToken, itemsRequestBytes, ->startRetrieval(returnedSecureProfiles, authToken, itemsRequestBytes, sessionTranscriptBytes, readerSignature.value(), signingKeyBlob, sessionTranscriptBytes, testEntriesEntryCounts) readerSignature.value(), testEntriesEntryCounts) .isOk()); .isOk()); for (const auto& entry : testEntries) { for (const auto& entry : testEntries) { Loading @@ -377,14 +382,9 @@ TEST_P(IdentityAidl, createAndRetrieveCredential) { EXPECT_EQ(content, entry.valueCbor); EXPECT_EQ(content, entry.valueCbor); } } // Generate the key that will be used to sign AuthenticatedData. vector<uint8_t> signingKeyBlob; Certificate signingKeyCertificate; ASSERT_TRUE(credential->generateSigningKeyPair(&signingKeyBlob, &signingKeyCertificate).isOk()); vector<uint8_t> mac; vector<uint8_t> mac; vector<uint8_t> deviceNameSpacesBytes; vector<uint8_t> deviceNameSpacesBytes; ASSERT_TRUE(credential->finishRetrieval(signingKeyBlob, &mac, &deviceNameSpacesBytes).isOk()); ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesBytes).isOk()); cborPretty = support::cborPrettyPrint(deviceNameSpacesBytes, 32, {}); cborPretty = support::cborPrettyPrint(deviceNameSpacesBytes, 32, {}); ASSERT_EQ( ASSERT_EQ( "{\n" "{\n" Loading Loading
identity/aidl/android/hardware/identity/IIdentityCredential.aidl +6 −7 Original line number Original line Diff line number Diff line Loading @@ -176,6 +176,10 @@ interface IIdentityCredential { * @param itemsRequest * @param itemsRequest * If non-empty, contains request data that is signed by the reader. See above. * If non-empty, contains request data that is signed by the reader. See above. * * * @param signingKeyBlob is either empty or a signingKeyBlob (see generateSigningKeyPair(), * below) containing the signing key to use to sign the data retrieved. If this * is not in the right format the call fails with STATUS_INVALID_DATA. * * @param sessionTranscript * @param sessionTranscript * Either empty or the CBOR of the SessionTranscript. See above. * Either empty or the CBOR of the SessionTranscript. See above. * * Loading @@ -195,8 +199,7 @@ interface IIdentityCredential { * and remove the corresponding requests from the counts. * and remove the corresponding requests from the counts. */ */ void startRetrieval(in SecureAccessControlProfile[] accessControlProfiles, void startRetrieval(in SecureAccessControlProfile[] accessControlProfiles, in HardwareAuthToken authToken, in HardwareAuthToken authToken, in byte[] itemsRequest, in byte[] signingKeyBlob, in byte[] itemsRequest, in byte[] sessionTranscript, in byte[] readerSignature, in int[] requestCounts); in byte[] sessionTranscript, in byte[] readerSignature, in int[] requestCounts); /** /** Loading Loading @@ -254,10 +257,6 @@ interface IIdentityCredential { * If signingKeyBlob or the sessionTranscript parameter passed to startRetrieval() is * If signingKeyBlob or the sessionTranscript parameter passed to startRetrieval() is * empty then the returned MAC will be empty. * empty then the returned MAC will be empty. * * * @param signingKeyBlob is either empty or a signingKeyBlob (see generateSigningKeyPair(), * below) containing the signing key to use to sign the data retrieved. If this * is not in the right format the call fails with STATUS_INVALID_DATA. * * @param out mac is empty if signingKeyBlob or the sessionTranscript passed to * @param out mac is empty if signingKeyBlob or the sessionTranscript passed to * startRetrieval() is empty. Otherwise it is a COSE_Mac0 with empty payload * startRetrieval() is empty. Otherwise it is a COSE_Mac0 with empty payload * and the detached content is set to DeviceAuthentication as defined below. * and the detached content is set to DeviceAuthentication as defined below. Loading Loading @@ -304,7 +303,7 @@ interface IIdentityCredential { * * * @param out deviceNameSpaces the bytes of DeviceNameSpaces. * @param out deviceNameSpaces the bytes of DeviceNameSpaces. */ */ void finishRetrieval(in byte[] signingKeyBlob, out byte[] mac, out byte[] deviceNameSpaces); void finishRetrieval(out byte[] mac, out byte[] deviceNameSpaces); /** /** * Generate a key pair to be used for signing session data and retrieved data items. * Generate a key pair to be used for signing session data and retrieved data items. Loading
identity/aidl/default/IdentityCredential.cpp +7 −8 Original line number Original line Diff line number Diff line Loading @@ -256,8 +256,8 @@ bool checkUserAuthentication(const SecureAccessControlProfile& profile, ndk::ScopedAStatus IdentityCredential::startRetrieval( ndk::ScopedAStatus IdentityCredential::startRetrieval( const vector<SecureAccessControlProfile>& accessControlProfiles, const vector<SecureAccessControlProfile>& accessControlProfiles, const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS, const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS, const vector<int8_t>& sessionTranscriptS, const vector<int8_t>& readerSignatureS, const vector<int8_t>& signingKeyBlobS, const vector<int8_t>& sessionTranscriptS, const vector<int32_t>& requestCounts) { const vector<int8_t>& readerSignatureS, const vector<int32_t>& requestCounts) { auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS); auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS); auto itemsRequest = byteStringToUnsigned(itemsRequestS); auto itemsRequest = byteStringToUnsigned(itemsRequestS); auto readerSignature = byteStringToUnsigned(readerSignatureS); auto readerSignature = byteStringToUnsigned(readerSignatureS); Loading Loading @@ -498,6 +498,7 @@ ndk::ScopedAStatus IdentityCredential::startRetrieval( currentNameSpace_ = ""; currentNameSpace_ = ""; itemsRequest_ = itemsRequest; itemsRequest_ = itemsRequest; signingKeyBlob_ = byteStringToUnsigned(signingKeyBlobS); numStartRetrievalCalls_ += 1; numStartRetrievalCalls_ += 1; return ndk::ScopedAStatus::ok(); return ndk::ScopedAStatus::ok(); Loading Loading @@ -650,11 +651,8 @@ ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>& return ndk::ScopedAStatus::ok(); return ndk::ScopedAStatus::ok(); } } ndk::ScopedAStatus IdentityCredential::finishRetrieval(const vector<int8_t>& signingKeyBlobS, ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac, vector<int8_t>* outMac, vector<int8_t>* outDeviceNameSpaces) { vector<int8_t>* outDeviceNameSpaces) { auto signingKeyBlob = byteStringToUnsigned(signingKeyBlobS); if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) { if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) { deviceNameSpacesMap_.add(currentNameSpace_, deviceNameSpacesMap_.add(currentNameSpace_, std::move(currentNameSpaceDeviceNameSpacesMap_)); std::move(currentNameSpaceDeviceNameSpacesMap_)); Loading @@ -664,7 +662,8 @@ ndk::ScopedAStatus IdentityCredential::finishRetrieval(const vector<int8_t>& sig // If there's no signing key or no sessionTranscript or no reader ephemeral // If there's no signing key or no sessionTranscript or no reader ephemeral // public key, we return the empty MAC. // public key, we return the empty MAC. optional<vector<uint8_t>> mac; optional<vector<uint8_t>> mac; if (signingKeyBlob.size() > 0 && sessionTranscript_.size() > 0 && readerPublicKey_.size() > 0) { if (signingKeyBlob_.size() > 0 && sessionTranscript_.size() > 0 && readerPublicKey_.size() > 0) { cppbor::Array array; cppbor::Array array; array.add("DeviceAuthentication"); array.add("DeviceAuthentication"); array.add(sessionTranscriptItem_->clone()); array.add(sessionTranscriptItem_->clone()); Loading @@ -674,7 +673,7 @@ ndk::ScopedAStatus IdentityCredential::finishRetrieval(const vector<int8_t>& sig vector<uint8_t> docTypeAsBlob(docType_.begin(), docType_.end()); vector<uint8_t> docTypeAsBlob(docType_.begin(), docType_.end()); optional<vector<uint8_t>> signingKey = optional<vector<uint8_t>> signingKey = support::decryptAes128Gcm(storageKey_, signingKeyBlob, docTypeAsBlob); support::decryptAes128Gcm(storageKey_, signingKeyBlob_, docTypeAsBlob); if (!signingKey) { if (!signingKey) { return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( IIdentityCredentialStore::STATUS_INVALID_DATA, IIdentityCredentialStore::STATUS_INVALID_DATA, Loading
identity/aidl/default/IdentityCredential.h +4 −3 Original line number Original line Diff line number Diff line Loading @@ -54,14 +54,14 @@ class IdentityCredential : public BnIdentityCredential { ndk::ScopedAStatus startRetrieval( ndk::ScopedAStatus startRetrieval( const vector<SecureAccessControlProfile>& accessControlProfiles, const vector<SecureAccessControlProfile>& accessControlProfiles, const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest, const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest, const vector<int8_t>& sessionTranscript, const vector<int8_t>& readerSignature, const vector<int8_t>& signingKeyBlob, const vector<int8_t>& sessionTranscript, const vector<int32_t>& requestCounts) override; const vector<int8_t>& readerSignature, const vector<int32_t>& requestCounts) override; ndk::ScopedAStatus startRetrieveEntryValue( ndk::ScopedAStatus startRetrieveEntryValue( const string& nameSpace, const string& name, int32_t entrySize, const string& nameSpace, const string& name, int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override; const vector<int32_t>& accessControlProfileIds) override; ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent, ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent, vector<int8_t>* outContent) override; vector<int8_t>* outContent) override; ndk::ScopedAStatus finishRetrieval(const vector<int8_t>& signingKeyBlob, vector<int8_t>* outMac, ndk::ScopedAStatus finishRetrieval(vector<int8_t>* outMac, vector<int8_t>* outDeviceNameSpaces) override; vector<int8_t>* outDeviceNameSpaces) override; ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob, ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) override; Certificate* outSigningKeyCertificate) override; Loading @@ -88,6 +88,7 @@ class IdentityCredential : public BnIdentityCredential { // Set at startRetrieval() time. // Set at startRetrieval() time. map<int32_t, int> profileIdToAccessCheckResult_; map<int32_t, int> profileIdToAccessCheckResult_; vector<uint8_t> signingKeyBlob_; vector<uint8_t> sessionTranscript_; vector<uint8_t> sessionTranscript_; std::unique_ptr<cppbor::Item> sessionTranscriptItem_; std::unique_ptr<cppbor::Item> sessionTranscriptItem_; vector<uint8_t> itemsRequest_; vector<uint8_t> itemsRequest_; Loading
identity/aidl/vts/VtsHalIdentityTargetTest.cpp +8 −8 Original line number Original line Diff line number Diff line Loading @@ -352,10 +352,15 @@ TEST_P(IdentityAidl, createAndRetrieveCredential) { readerCertificate.value()); readerCertificate.value()); ASSERT_TRUE(readerSignature); ASSERT_TRUE(readerSignature); // Generate the key that will be used to sign AuthenticatedData. vector<uint8_t> signingKeyBlob; Certificate signingKeyCertificate; ASSERT_TRUE(credential->generateSigningKeyPair(&signingKeyBlob, &signingKeyCertificate).isOk()); ASSERT_TRUE(credential ASSERT_TRUE(credential ->startRetrieval(returnedSecureProfiles, authToken, itemsRequestBytes, ->startRetrieval(returnedSecureProfiles, authToken, itemsRequestBytes, sessionTranscriptBytes, readerSignature.value(), signingKeyBlob, sessionTranscriptBytes, testEntriesEntryCounts) readerSignature.value(), testEntriesEntryCounts) .isOk()); .isOk()); for (const auto& entry : testEntries) { for (const auto& entry : testEntries) { Loading @@ -377,14 +382,9 @@ TEST_P(IdentityAidl, createAndRetrieveCredential) { EXPECT_EQ(content, entry.valueCbor); EXPECT_EQ(content, entry.valueCbor); } } // Generate the key that will be used to sign AuthenticatedData. vector<uint8_t> signingKeyBlob; Certificate signingKeyCertificate; ASSERT_TRUE(credential->generateSigningKeyPair(&signingKeyBlob, &signingKeyCertificate).isOk()); vector<uint8_t> mac; vector<uint8_t> mac; vector<uint8_t> deviceNameSpacesBytes; vector<uint8_t> deviceNameSpacesBytes; ASSERT_TRUE(credential->finishRetrieval(signingKeyBlob, &mac, &deviceNameSpacesBytes).isOk()); ASSERT_TRUE(credential->finishRetrieval(&mac, &deviceNameSpacesBytes).isOk()); cborPretty = support::cborPrettyPrint(deviceNameSpacesBytes, 32, {}); cborPretty = support::cborPrettyPrint(deviceNameSpacesBytes, 32, {}); ASSERT_EQ( ASSERT_EQ( "{\n" "{\n" Loading
