Loading security/keymint/support/include/remote_prov/remote_prov_utils.h +8 −0 Original line number Diff line number Diff line Loading @@ -214,6 +214,14 @@ ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(const cppbor::Array ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr, const std::string& instanceName); /** Checks whether the CSRs contain DICE certificate chains that have root certificates * with the same public key. */ ErrMsgOr<bool> compareRootPublicKeysInDiceChains(const std::vector<uint8_t>& csr1, std::string_view instanceName1, const std::vector<uint8_t>& csr2, std::string_view instanceName2); /** Verify the DICE chain. */ ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc, hwtrust::DiceChain::Kind kind, bool allowAnyMode, Loading security/keymint/support/remote_prov_utils.cpp +62 −0 Original line number Diff line number Diff line Loading @@ -882,4 +882,66 @@ ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& encodedCsr, return diceChain->IsProper(); } std::string hexlify(const std::vector<unsigned char>& bytes) { std::stringstream ss; ss << std::hex << std::setfill('0'); for (const auto& byte : bytes) { ss << std::setw(2) << static_cast<int>(byte); } return ss.str(); } ErrMsgOr<bool> compareRootPublicKeysInDiceChains(const std::vector<uint8_t>& encodedCsr1, std::string_view instanceName1, const std::vector<uint8_t>& encodedCsr2, std::string_view instanceName2) { auto diceChainKind = getDiceChainKind(); if (!diceChainKind) { return diceChainKind.message(); } auto csr1 = hwtrust::Csr::validate(encodedCsr1, *diceChainKind, false /*isFactory*/, false /*allowAnyMode*/, deviceSuffix(instanceName1)); if (!csr1.ok()) { return csr1.error().message(); } auto diceChain1 = csr1->getDiceChain(); if (!diceChain1.ok()) { return diceChain1.error().message(); } auto proper1 = diceChain1->IsProper(); if (!proper1) { return std::string(instanceName1) + " has a degenerate DICE chain:\n" + hexlify(encodedCsr1); } auto csr2 = hwtrust::Csr::validate(encodedCsr2, *diceChainKind, false /*isFactory*/, false /*allowAnyMode*/, deviceSuffix(instanceName2)); if (!csr2.ok()) { return csr2.error().message(); } auto diceChain2 = csr2->getDiceChain(); if (!diceChain2.ok()) { return diceChain2.error().message(); } auto proper2 = diceChain2->IsProper(); if (!proper2) { return std::string(instanceName2) + " has a degenerate DICE chain:\n" + hexlify(encodedCsr2); } auto result = diceChain1->compareRootPublicKey(*diceChain2); if (!result.ok()) { return result.error().message(); } return *result; } } // namespace aidl::android::hardware::security::keymint::remote_prov security/keymint/support/remote_prov_utils_test.cpp +165 −0 Original line number Diff line number Diff line Loading @@ -408,6 +408,156 @@ inline const std::vector<uint8_t> kCsrWithoutUdsCerts{ 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73}; inline const std::vector<uint8_t> kCsrWithSharedUdsRoot1{ 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96, 0xf9, 0xf7, 0x16, 0xa7, 0xe2, 0x20, 0xe3, 0x6e, 0x19, 0x8e, 0xc0, 0xc4, 0x82, 0xc5, 0xca, 0x8d, 0x1d, 0xb4, 0xda, 0x94, 0x6d, 0xf8, 0xbc, 0x0b, 0x0e, 0xc7, 0x90, 0x83, 0x5b, 0xc3, 0x4b, 0x22, 0x58, 0x20, 0xed, 0xe0, 0xa1, 0x56, 0x46, 0x5b, 0xe0, 0x67, 0x2d, 0xbc, 0x08, 0x84, 0x6f, 0x43, 0xd0, 0x10, 0xf3, 0x70, 0x90, 0xc2, 0xbf, 0xe3, 0x6b, 0x32, 0x9f, 0xf3, 0xca, 0x57, 0x0f, 0xa8, 0xb9, 0xdd, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x01, 0x04, 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x04, 0x25, 0x41, 0x6f, 0x6a, 0xdc, 0x88, 0x56, 0x9a, 0xd4, 0x39, 0x82, 0xde, 0xd1, 0xe6, 0x65, 0xd4, 0x09, 0xb8, 0x9f, 0xde, 0xbf, 0x09, 0x03, 0xe3, 0x9a, 0x48, 0xd4, 0x4f, 0x13, 0xaa, 0x5b, 0x22, 0x58, 0x20, 0x3a, 0xfb, 0x46, 0x2d, 0xe1, 0xdf, 0x34, 0x76, 0x03, 0x37, 0x1e, 0xcf, 0xea, 0xd5, 0xf6, 0xd3, 0x99, 0x3e, 0x55, 0x2a, 0xd1, 0x9d, 0x10, 0x21, 0xb1, 0xc8, 0x4f, 0xbd, 0xec, 0xb6, 0x67, 0x82, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x10, 0xda, 0xc8, 0x8d, 0x83, 0x6d, 0xdd, 0x85, 0x48, 0x92, 0xdc, 0xc0, 0xc8, 0xde, 0xe4, 0x61, 0x03, 0x04, 0xfb, 0x77, 0xdf, 0xc1, 0xce, 0xb7, 0x9b, 0x74, 0x9a, 0x31, 0x7a, 0xca, 0xcb, 0x7c, 0x45, 0x65, 0xf5, 0xc1, 0x3b, 0x29, 0x53, 0x22, 0xbc, 0xda, 0xa9, 0xfa, 0x97, 0x84, 0x42, 0xfc, 0xcb, 0x36, 0xae, 0xe9, 0x67, 0x1c, 0xb1, 0x19, 0x42, 0x74, 0x01, 0xb1, 0x11, 0xc9, 0x7b, 0x58, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0f, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf6, 0x86, 0x74, 0x7d, 0x1a, 0x83, 0x75, 0xec, 0x8c, 0xf9, 0x3a, 0xa9, 0x20, 0x88, 0xe5, 0xca, 0x24, 0x34, 0x24, 0xbf, 0x89, 0xe7, 0xdb, 0x44, 0xc3, 0x6e, 0xdd, 0x5d, 0x1a, 0xe1, 0xf0, 0xd8, 0x22, 0x58, 0x20, 0xae, 0xcb, 0x01, 0x2e, 0x73, 0xac, 0xb5, 0x52, 0x0e, 0x73, 0x15, 0xd8, 0x9d, 0x78, 0x64, 0x10, 0x35, 0x41, 0x0e, 0xc9, 0x7d, 0x9a, 0x11, 0xa3, 0xed, 0x7f, 0x53, 0xa6, 0xff, 0xc4, 0xad, 0x61, 0x23, 0x58, 0x20, 0x5a, 0xd2, 0xc5, 0xd0, 0x58, 0x2e, 0x94, 0x93, 0xd7, 0xa4, 0x2d, 0x5b, 0x12, 0x43, 0x52, 0x93, 0xc3, 0x95, 0x91, 0xac, 0x6a, 0xa3, 0x31, 0x08, 0xda, 0x33, 0x6a, 0xce, 0x7e, 0x8e, 0xae, 0xb1, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x8f, 0xb1, 0x85, 0xa5, 0xf5, 0x68, 0x74, 0xfc, 0x8a, 0x87, 0x2b, 0x13, 0xea, 0xf7, 0xff, 0x82, 0x6d, 0xcf, 0xc3, 0xea, 0x04, 0x80, 0x40, 0xe5, 0xcb, 0x80, 0xdb, 0x07, 0x8b, 0x36, 0x8c, 0x29, 0x22, 0x58, 0x20, 0x6a, 0x8c, 0x52, 0x3f, 0xf7, 0x26, 0xb3, 0xf9, 0xa8, 0x91, 0x08, 0x4e, 0xec, 0x7a, 0x03, 0x16, 0x1c, 0xab, 0x12, 0xcd, 0x8b, 0x05, 0x77, 0x33, 0x16, 0x1c, 0x80, 0x99, 0x79, 0x14, 0x6a, 0x5c, 0x23, 0x58, 0x21, 0x00, 0xd0, 0x0a, 0xa2, 0xaa, 0x27, 0x62, 0x10, 0x24, 0x0c, 0x74, 0x34, 0xe7, 0x06, 0xb3, 0x4d, 0x33, 0x9c, 0x86, 0xa6, 0x62, 0xb9, 0x0f, 0x1a, 0x4b, 0xe2, 0x8b, 0x45, 0x0a, 0xc9, 0xe3, 0x43, 0x28, 0x58, 0x40, 0xea, 0xe3, 0xd3, 0xd9, 0x7f, 0x4e, 0x08, 0x8a, 0x5b, 0xb9, 0xef, 0x28, 0x5a, 0xe0, 0x02, 0x40, 0xf5, 0x68, 0x49, 0x8b, 0xa7, 0xf7, 0x9d, 0xa3, 0xb3, 0x37, 0x72, 0x79, 0xa9, 0x32, 0x47, 0xf6, 0x8d, 0x5d, 0x08, 0xe7, 0xec, 0x00, 0x19, 0x09, 0x6f, 0x0a, 0x4d, 0x7c, 0x62, 0x6c, 0x2b, 0xaa, 0x33, 0x61, 0xe5, 0xa5, 0x3f, 0x2a, 0xfe, 0xcc, 0xdf, 0x8e, 0x62, 0x1c, 0x31, 0xe1, 0x56, 0x6b, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73}; inline const std::vector<uint8_t> kCsrWithSharedUdsRoot2{ 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96, 0xf9, 0xf7, 0x16, 0xa7, 0xe2, 0x20, 0xe3, 0x6e, 0x19, 0x8e, 0xc0, 0xc4, 0x82, 0xc5, 0xca, 0x8d, 0x1d, 0xb4, 0xda, 0x94, 0x6d, 0xf8, 0xbc, 0x0b, 0x0e, 0xc7, 0x90, 0x83, 0x5b, 0xc3, 0x4b, 0x22, 0x58, 0x20, 0xed, 0xe0, 0xa1, 0x56, 0x46, 0x5b, 0xe0, 0x67, 0x2d, 0xbc, 0x08, 0x84, 0x6f, 0x43, 0xd0, 0x10, 0xf3, 0x70, 0x90, 0xc2, 0xbf, 0xe3, 0x6b, 0x32, 0x9f, 0xf3, 0xca, 0x57, 0x0f, 0xa8, 0xb9, 0xdd, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x01, 0x04, 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x2d, 0xbd, 0x92, 0x58, 0xc8, 0xcd, 0xc3, 0xc5, 0x14, 0xe3, 0x6e, 0x5f, 0xab, 0x71, 0x41, 0x46, 0x83, 0xb4, 0x3e, 0x82, 0xdb, 0xe7, 0x7d, 0x27, 0xe5, 0x26, 0x36, 0x94, 0xcb, 0x4c, 0x72, 0x8f, 0x22, 0x58, 0x20, 0xbf, 0xa2, 0xa7, 0x15, 0x46, 0x5a, 0xea, 0xa8, 0xc7, 0xad, 0x22, 0x61, 0x9c, 0xba, 0x87, 0x70, 0x65, 0x64, 0x11, 0x05, 0x8a, 0x58, 0x8c, 0x0c, 0x25, 0xc7, 0xf8, 0x5f, 0xfc, 0x4a, 0xee, 0xa1, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x43, 0xba, 0xff, 0xdb, 0xbb, 0xa9, 0x9e, 0x8f, 0x06, 0xdf, 0x33, 0xa0, 0x3f, 0x30, 0xc3, 0x64, 0x84, 0x32, 0xb5, 0x2a, 0x06, 0x53, 0x13, 0x70, 0xbe, 0xa3, 0x0b, 0x4d, 0xbe, 0x8d, 0x8c, 0x90, 0xde, 0x6c, 0x1d, 0xa8, 0xea, 0x40, 0xd5, 0x17, 0xa1, 0xea, 0x62, 0x95, 0x37, 0x64, 0x92, 0xc3, 0xc4, 0xef, 0xd7, 0xcf, 0x87, 0x0c, 0x9a, 0xd2, 0x5c, 0x10, 0x1d, 0x00, 0x2e, 0xe4, 0xe9, 0x1f, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x10, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xea, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xad, 0xd2, 0x8c, 0xcc, 0xfb, 0x22, 0xd8, 0x5a, 0x3b, 0x9d, 0x22, 0x58, 0xb3, 0x7c, 0xcc, 0xa5, 0x22, 0x46, 0x86, 0x2b, 0x29, 0x87, 0x49, 0xdd, 0xe4, 0x2c, 0xb4, 0x3f, 0xf2, 0x4e, 0x6a, 0xed, 0x22, 0x58, 0x20, 0xe9, 0x34, 0x28, 0x54, 0x21, 0x7e, 0x88, 0x34, 0x82, 0x0d, 0x0f, 0x14, 0x5b, 0xec, 0x61, 0xc4, 0xf2, 0xa4, 0xef, 0xf8, 0x17, 0xeb, 0xeb, 0x05, 0x01, 0x36, 0x14, 0x52, 0xc7, 0xc2, 0xd8, 0xd3, 0x23, 0x58, 0x21, 0x00, 0xd9, 0xb4, 0x13, 0xd0, 0x86, 0x31, 0x5e, 0x97, 0xc2, 0x54, 0x03, 0x72, 0x80, 0x6f, 0x14, 0x53, 0xbe, 0x2e, 0xe5, 0x1b, 0x02, 0x1a, 0x62, 0x1a, 0x88, 0xe8, 0xa2, 0xde, 0xd0, 0x7d, 0xf6, 0x53, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xca, 0x7d, 0x6e, 0xb5, 0x78, 0x99, 0x9e, 0x66, 0xf4, 0x5d, 0xfe, 0xd5, 0x92, 0xe3, 0x30, 0xf5, 0xd5, 0xc2, 0x82, 0xf2, 0x6d, 0x58, 0x16, 0x26, 0xa5, 0xe7, 0xfc, 0x62, 0x8f, 0xf3, 0x61, 0x56, 0x22, 0x58, 0x20, 0x9f, 0x42, 0x22, 0x11, 0x1c, 0x45, 0x5c, 0x3a, 0x30, 0x95, 0xb4, 0xb3, 0x63, 0x26, 0x09, 0xfc, 0x2e, 0x6e, 0x99, 0xdd, 0x44, 0x37, 0x34, 0xa9, 0x68, 0x42, 0xf5, 0x91, 0x40, 0xae, 0xfa, 0x52, 0x23, 0x58, 0x21, 0x00, 0xe2, 0x3b, 0xaa, 0x88, 0xfc, 0xec, 0x23, 0xe7, 0x93, 0x91, 0x04, 0x8e, 0xae, 0xa7, 0x44, 0xb4, 0x5e, 0x46, 0xe8, 0x91, 0x59, 0x3e, 0x43, 0x13, 0x82, 0x8e, 0xa1, 0xee, 0x47, 0xbd, 0x13, 0x27, 0x58, 0x40, 0x43, 0x1d, 0xc8, 0x35, 0x44, 0xbf, 0xd5, 0x06, 0x2c, 0xac, 0x18, 0x3c, 0xbb, 0xc6, 0x77, 0x99, 0x2f, 0x4e, 0x71, 0xcd, 0x7a, 0x9b, 0x93, 0xc7, 0x08, 0xa3, 0x71, 0x89, 0xb5, 0xb2, 0x04, 0xbe, 0x69, 0x22, 0xf3, 0x66, 0xb8, 0xa9, 0xc6, 0x5e, 0x7c, 0x45, 0xf6, 0x2f, 0x8a, 0xa9, 0x3e, 0xee, 0x6f, 0x92, 0x2a, 0x9c, 0x91, 0xe2, 0x1d, 0x4a, 0x4e, 0x4a, 0xb4, 0xcc, 0x87, 0xd2, 0x85, 0x5f, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73}; const RpcHardwareInfo kRpcHardwareInfo = {.versionNumber = 3}; inline bool equal_byte_views(const byte_view& view1, const byte_view& view2) { Loading Loading @@ -765,6 +915,21 @@ TEST(RemoteProvUtilsTest, dontRequireUdsCertsWhenNotPresent) { ASSERT_TRUE(csr) << csr.message(); } TEST(RemoteProvUtilsTest, compareRootPublicKeysInDiceChains) { ASSERT_NE(kCsrWithSharedUdsRoot1, kCsrWithSharedUdsRoot2); ASSERT_NE(kCsrWithUdsCerts, kCsrWithSharedUdsRoot1); auto equal = compareRootPublicKeysInDiceChains(kCsrWithSharedUdsRoot1, DEFAULT_INSTANCE_NAME, kCsrWithSharedUdsRoot2, DEFAULT_INSTANCE_NAME); ASSERT_TRUE(equal) << equal.message(); ASSERT_TRUE(*equal) << "Root public keys in DICE chains do not match."; auto notEqual = compareRootPublicKeysInDiceChains(kCsrWithSharedUdsRoot1, DEFAULT_INSTANCE_NAME, kCsrWithUdsCerts, DEFAULT_INSTANCE_NAME); ASSERT_TRUE(notEqual) << notEqual.message(); ASSERT_FALSE(*notEqual) << "Root public keys in DICE chains match."; } TEST(RemoteProvUtilsTest, parseFullyQualifiedInstanceNames) { ASSERT_EQ(deviceSuffix(RKPVM_INSTANCE_NAME), "avf"); ASSERT_EQ(deviceSuffix(DEFAULT_INSTANCE_NAME), "default"); Loading security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +69 −23 Original line number Diff line number Diff line Loading @@ -151,20 +151,24 @@ ErrMsgOr<bytevec> corrupt_sig_chain(const bytevec& encodedEekChain, int which) { return corruptChain.encode(); } bool matching_keymint_device(const string& rp_name, std::shared_ptr<IKeyMintDevice>* keyMint) { auto rp_suffix = deviceSuffix(rp_name); template <class T> auto getHandle(const string& serviceName) { ::ndk::SpAIBinder binder(AServiceManager_waitForService(serviceName.c_str())); return T::fromBinder(binder); } std::shared_ptr<IKeyMintDevice> matchingKeyMintDevice(const string& rpcName) { auto rpcSuffix = deviceSuffix(rpcName); vector<string> km_names = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor); for (const string& km_name : km_names) { vector<string> kmNames = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor); for (const string& kmName : kmNames) { // If the suffix of the KeyMint instance equals the suffix of the // RemotelyProvisionedComponent instance, assume they match. if (deviceSuffix(km_name) == rp_suffix && AServiceManager_isDeclared(km_name.c_str())) { ::ndk::SpAIBinder binder(AServiceManager_waitForService(km_name.c_str())); *keyMint = IKeyMintDevice::fromBinder(binder); return true; if (deviceSuffix(kmName) == rpcSuffix && AServiceManager_isDeclared(kmName.c_str())) { getHandle<IKeyMintDevice>(kmName); } } return false; return nullptr; } } // namespace Loading @@ -173,8 +177,7 @@ class VtsRemotelyProvisionedComponentTests : public testing::TestWithParam<std:: public: virtual void SetUp() override { if (AServiceManager_isDeclared(GetParam().c_str())) { ::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str())); provisionable_ = IRemotelyProvisionedComponent::fromBinder(binder); provisionable_ = getHandle<IRemotelyProvisionedComponent>(GetParam()); } ASSERT_NE(provisionable_, nullptr); auto status = provisionable_->getHardwareInfo(&rpcHardwareInfo); Loading Loading @@ -210,9 +213,7 @@ TEST(NonParameterizedTests, eachRpcHasAUniqueId) { std::set<std::string> uniqueIds; for (auto hal : ::android::getAidlHalInstanceNames(IRemotelyProvisionedComponent::descriptor)) { ASSERT_TRUE(AServiceManager_isDeclared(hal.c_str())); ::ndk::SpAIBinder binder(AServiceManager_waitForService(hal.c_str())); std::shared_ptr<IRemotelyProvisionedComponent> rpc = IRemotelyProvisionedComponent::fromBinder(binder); auto rpc = getHandle<IRemotelyProvisionedComponent>(hal); ASSERT_NE(rpc, nullptr); RpcHardwareInfo hwInfo; Loading Loading @@ -248,9 +249,7 @@ TEST(NonParameterizedTests, requireDiceOnDefaultInstanceIfStrongboxPresent) { GTEST_SKIP() << "Strongbox is not present on this device."; } ::ndk::SpAIBinder binder(AServiceManager_waitForService(DEFAULT_INSTANCE_NAME.c_str())); std::shared_ptr<IRemotelyProvisionedComponent> rpc = IRemotelyProvisionedComponent::fromBinder(binder); auto rpc = getHandle<IRemotelyProvisionedComponent>(DEFAULT_INSTANCE_NAME); ASSERT_NE(rpc, nullptr); bytevec challenge = randomBytes(64); Loading @@ -263,6 +262,55 @@ TEST(NonParameterizedTests, requireDiceOnDefaultInstanceIfStrongboxPresent) { ASSERT_TRUE(*result); } /** * Verify that if a protected VM (also called `avf` or RKP VM) implementation exists, then the * protected VM and the primary KeyMint (also called 'default') implementation's DICE certificate * chain has the same root public key, i.e., the same UDS public key */ // @VsrTest = 7.1-003.001 TEST(NonParameterizedTests, equalUdsPubInDiceCertChainForRkpVmAndPrimaryKeyMintInstances) { int apiLevel = get_vsr_api_level(); if (apiLevel < 202504) { if (!AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str())) { GTEST_SKIP() << "The RKP VM (" << RKPVM_INSTANCE_NAME << ") is not present on this device."; } } else { ASSERT_TRUE(AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str())); } auto rkpVmRpc = getHandle<IRemotelyProvisionedComponent>(RKPVM_INSTANCE_NAME); ASSERT_NE(rkpVmRpc, nullptr) << "The RKP VM (" << RKPVM_INSTANCE_NAME << ") RPC is unavailable."; RpcHardwareInfo hardwareInfo; auto status = rkpVmRpc->getHardwareInfo(&hardwareInfo); if (!status.isOk()) { GTEST_SKIP() << "The RKP VM is not supported on this system."; } bytevec rkpVmChallenge = randomBytes(MAX_CHALLENGE_SIZE); bytevec rkpVmCsr; auto rkpVmStatus = rkpVmRpc->generateCertificateRequestV2({} /* keysToSign */, rkpVmChallenge, &rkpVmCsr); ASSERT_TRUE(rkpVmStatus.isOk()) << rkpVmStatus.getDescription(); auto primaryKeyMintRpc = getHandle<IRemotelyProvisionedComponent>(DEFAULT_INSTANCE_NAME); ASSERT_NE(primaryKeyMintRpc, nullptr) << "The Primary KeyMint (" << DEFAULT_INSTANCE_NAME << ") RPC is unavailable."; bytevec primaryKeyMintChallenge = randomBytes(MAX_CHALLENGE_SIZE); bytevec primaryKeyMintCsr; auto primaryKeyMintStatus = primaryKeyMintRpc->generateCertificateRequestV2( {} /* keysToSign */, primaryKeyMintChallenge, &primaryKeyMintCsr); ASSERT_TRUE(primaryKeyMintStatus.isOk()) << primaryKeyMintStatus.getDescription(); auto equal = compareRootPublicKeysInDiceChains(rkpVmCsr, RKPVM_INSTANCE_NAME, primaryKeyMintCsr, DEFAULT_INSTANCE_NAME); ASSERT_TRUE(equal) << equal.message(); ASSERT_TRUE(*equal) << "Primary KeyMint and RKP VM RPCs have different UDS public keys"; } using GetHardwareInfoTests = VtsRemotelyProvisionedComponentTests; INSTANTIATE_REM_PROV_AIDL_TEST(GetHardwareInfoTests); Loading Loading @@ -336,9 +384,8 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_prodMode) { */ TEST_P(GenerateKeyTests, generateAndUseEcdsaP256Key_prodMode) { // See if there is a matching IKeyMintDevice for this IRemotelyProvisionedComponent. std::shared_ptr<IKeyMintDevice> keyMint; if (!matching_keymint_device(GetParam(), &keyMint)) { // No matching IKeyMintDevice. auto keyMint = matchingKeyMintDevice(GetParam()); if (!keyMint) { GTEST_SKIP() << "Skipping key use test as no matching KeyMint device found"; return; } Loading Loading @@ -931,9 +978,8 @@ void parse_root_of_trust(const vector<uint8_t>& attestation_cert, // @VsrTest = 3.10-015 TEST_P(CertificateRequestV2Test, DeviceInfo) { // See if there is a matching IKeyMintDevice for this IRemotelyProvisionedComponent. std::shared_ptr<IKeyMintDevice> keyMint; if (!matching_keymint_device(GetParam(), &keyMint)) { // No matching IKeyMintDevice. std::shared_ptr<IKeyMintDevice> keyMint = matchingKeyMintDevice(GetParam()); if (!keyMint) { GTEST_SKIP() << "Skipping key use test as no matching KeyMint device found"; return; } Loading Loading
security/keymint/support/include/remote_prov/remote_prov_utils.h +8 −0 Original line number Diff line number Diff line Loading @@ -214,6 +214,14 @@ ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyProductionCsr(const cppbor::Array ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr, const std::string& instanceName); /** Checks whether the CSRs contain DICE certificate chains that have root certificates * with the same public key. */ ErrMsgOr<bool> compareRootPublicKeysInDiceChains(const std::vector<uint8_t>& csr1, std::string_view instanceName1, const std::vector<uint8_t>& csr2, std::string_view instanceName2); /** Verify the DICE chain. */ ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc, hwtrust::DiceChain::Kind kind, bool allowAnyMode, Loading
security/keymint/support/remote_prov_utils.cpp +62 −0 Original line number Diff line number Diff line Loading @@ -882,4 +882,66 @@ ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& encodedCsr, return diceChain->IsProper(); } std::string hexlify(const std::vector<unsigned char>& bytes) { std::stringstream ss; ss << std::hex << std::setfill('0'); for (const auto& byte : bytes) { ss << std::setw(2) << static_cast<int>(byte); } return ss.str(); } ErrMsgOr<bool> compareRootPublicKeysInDiceChains(const std::vector<uint8_t>& encodedCsr1, std::string_view instanceName1, const std::vector<uint8_t>& encodedCsr2, std::string_view instanceName2) { auto diceChainKind = getDiceChainKind(); if (!diceChainKind) { return diceChainKind.message(); } auto csr1 = hwtrust::Csr::validate(encodedCsr1, *diceChainKind, false /*isFactory*/, false /*allowAnyMode*/, deviceSuffix(instanceName1)); if (!csr1.ok()) { return csr1.error().message(); } auto diceChain1 = csr1->getDiceChain(); if (!diceChain1.ok()) { return diceChain1.error().message(); } auto proper1 = diceChain1->IsProper(); if (!proper1) { return std::string(instanceName1) + " has a degenerate DICE chain:\n" + hexlify(encodedCsr1); } auto csr2 = hwtrust::Csr::validate(encodedCsr2, *diceChainKind, false /*isFactory*/, false /*allowAnyMode*/, deviceSuffix(instanceName2)); if (!csr2.ok()) { return csr2.error().message(); } auto diceChain2 = csr2->getDiceChain(); if (!diceChain2.ok()) { return diceChain2.error().message(); } auto proper2 = diceChain2->IsProper(); if (!proper2) { return std::string(instanceName2) + " has a degenerate DICE chain:\n" + hexlify(encodedCsr2); } auto result = diceChain1->compareRootPublicKey(*diceChain2); if (!result.ok()) { return result.error().message(); } return *result; } } // namespace aidl::android::hardware::security::keymint::remote_prov
security/keymint/support/remote_prov_utils_test.cpp +165 −0 Original line number Diff line number Diff line Loading @@ -408,6 +408,156 @@ inline const std::vector<uint8_t> kCsrWithoutUdsCerts{ 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73}; inline const std::vector<uint8_t> kCsrWithSharedUdsRoot1{ 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96, 0xf9, 0xf7, 0x16, 0xa7, 0xe2, 0x20, 0xe3, 0x6e, 0x19, 0x8e, 0xc0, 0xc4, 0x82, 0xc5, 0xca, 0x8d, 0x1d, 0xb4, 0xda, 0x94, 0x6d, 0xf8, 0xbc, 0x0b, 0x0e, 0xc7, 0x90, 0x83, 0x5b, 0xc3, 0x4b, 0x22, 0x58, 0x20, 0xed, 0xe0, 0xa1, 0x56, 0x46, 0x5b, 0xe0, 0x67, 0x2d, 0xbc, 0x08, 0x84, 0x6f, 0x43, 0xd0, 0x10, 0xf3, 0x70, 0x90, 0xc2, 0xbf, 0xe3, 0x6b, 0x32, 0x9f, 0xf3, 0xca, 0x57, 0x0f, 0xa8, 0xb9, 0xdd, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x01, 0x04, 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x04, 0x25, 0x41, 0x6f, 0x6a, 0xdc, 0x88, 0x56, 0x9a, 0xd4, 0x39, 0x82, 0xde, 0xd1, 0xe6, 0x65, 0xd4, 0x09, 0xb8, 0x9f, 0xde, 0xbf, 0x09, 0x03, 0xe3, 0x9a, 0x48, 0xd4, 0x4f, 0x13, 0xaa, 0x5b, 0x22, 0x58, 0x20, 0x3a, 0xfb, 0x46, 0x2d, 0xe1, 0xdf, 0x34, 0x76, 0x03, 0x37, 0x1e, 0xcf, 0xea, 0xd5, 0xf6, 0xd3, 0x99, 0x3e, 0x55, 0x2a, 0xd1, 0x9d, 0x10, 0x21, 0xb1, 0xc8, 0x4f, 0xbd, 0xec, 0xb6, 0x67, 0x82, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x10, 0xda, 0xc8, 0x8d, 0x83, 0x6d, 0xdd, 0x85, 0x48, 0x92, 0xdc, 0xc0, 0xc8, 0xde, 0xe4, 0x61, 0x03, 0x04, 0xfb, 0x77, 0xdf, 0xc1, 0xce, 0xb7, 0x9b, 0x74, 0x9a, 0x31, 0x7a, 0xca, 0xcb, 0x7c, 0x45, 0x65, 0xf5, 0xc1, 0x3b, 0x29, 0x53, 0x22, 0xbc, 0xda, 0xa9, 0xfa, 0x97, 0x84, 0x42, 0xfc, 0xcb, 0x36, 0xae, 0xe9, 0x67, 0x1c, 0xb1, 0x19, 0x42, 0x74, 0x01, 0xb1, 0x11, 0xc9, 0x7b, 0x58, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0f, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf6, 0x86, 0x74, 0x7d, 0x1a, 0x83, 0x75, 0xec, 0x8c, 0xf9, 0x3a, 0xa9, 0x20, 0x88, 0xe5, 0xca, 0x24, 0x34, 0x24, 0xbf, 0x89, 0xe7, 0xdb, 0x44, 0xc3, 0x6e, 0xdd, 0x5d, 0x1a, 0xe1, 0xf0, 0xd8, 0x22, 0x58, 0x20, 0xae, 0xcb, 0x01, 0x2e, 0x73, 0xac, 0xb5, 0x52, 0x0e, 0x73, 0x15, 0xd8, 0x9d, 0x78, 0x64, 0x10, 0x35, 0x41, 0x0e, 0xc9, 0x7d, 0x9a, 0x11, 0xa3, 0xed, 0x7f, 0x53, 0xa6, 0xff, 0xc4, 0xad, 0x61, 0x23, 0x58, 0x20, 0x5a, 0xd2, 0xc5, 0xd0, 0x58, 0x2e, 0x94, 0x93, 0xd7, 0xa4, 0x2d, 0x5b, 0x12, 0x43, 0x52, 0x93, 0xc3, 0x95, 0x91, 0xac, 0x6a, 0xa3, 0x31, 0x08, 0xda, 0x33, 0x6a, 0xce, 0x7e, 0x8e, 0xae, 0xb1, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x8f, 0xb1, 0x85, 0xa5, 0xf5, 0x68, 0x74, 0xfc, 0x8a, 0x87, 0x2b, 0x13, 0xea, 0xf7, 0xff, 0x82, 0x6d, 0xcf, 0xc3, 0xea, 0x04, 0x80, 0x40, 0xe5, 0xcb, 0x80, 0xdb, 0x07, 0x8b, 0x36, 0x8c, 0x29, 0x22, 0x58, 0x20, 0x6a, 0x8c, 0x52, 0x3f, 0xf7, 0x26, 0xb3, 0xf9, 0xa8, 0x91, 0x08, 0x4e, 0xec, 0x7a, 0x03, 0x16, 0x1c, 0xab, 0x12, 0xcd, 0x8b, 0x05, 0x77, 0x33, 0x16, 0x1c, 0x80, 0x99, 0x79, 0x14, 0x6a, 0x5c, 0x23, 0x58, 0x21, 0x00, 0xd0, 0x0a, 0xa2, 0xaa, 0x27, 0x62, 0x10, 0x24, 0x0c, 0x74, 0x34, 0xe7, 0x06, 0xb3, 0x4d, 0x33, 0x9c, 0x86, 0xa6, 0x62, 0xb9, 0x0f, 0x1a, 0x4b, 0xe2, 0x8b, 0x45, 0x0a, 0xc9, 0xe3, 0x43, 0x28, 0x58, 0x40, 0xea, 0xe3, 0xd3, 0xd9, 0x7f, 0x4e, 0x08, 0x8a, 0x5b, 0xb9, 0xef, 0x28, 0x5a, 0xe0, 0x02, 0x40, 0xf5, 0x68, 0x49, 0x8b, 0xa7, 0xf7, 0x9d, 0xa3, 0xb3, 0x37, 0x72, 0x79, 0xa9, 0x32, 0x47, 0xf6, 0x8d, 0x5d, 0x08, 0xe7, 0xec, 0x00, 0x19, 0x09, 0x6f, 0x0a, 0x4d, 0x7c, 0x62, 0x6c, 0x2b, 0xaa, 0x33, 0x61, 0xe5, 0xa5, 0x3f, 0x2a, 0xfe, 0xcc, 0xdf, 0x8e, 0x62, 0x1c, 0x31, 0xe1, 0x56, 0x6b, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73}; inline const std::vector<uint8_t> kCsrWithSharedUdsRoot2{ 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96, 0xf9, 0xf7, 0x16, 0xa7, 0xe2, 0x20, 0xe3, 0x6e, 0x19, 0x8e, 0xc0, 0xc4, 0x82, 0xc5, 0xca, 0x8d, 0x1d, 0xb4, 0xda, 0x94, 0x6d, 0xf8, 0xbc, 0x0b, 0x0e, 0xc7, 0x90, 0x83, 0x5b, 0xc3, 0x4b, 0x22, 0x58, 0x20, 0xed, 0xe0, 0xa1, 0x56, 0x46, 0x5b, 0xe0, 0x67, 0x2d, 0xbc, 0x08, 0x84, 0x6f, 0x43, 0xd0, 0x10, 0xf3, 0x70, 0x90, 0xc2, 0xbf, 0xe3, 0x6b, 0x32, 0x9f, 0xf3, 0xca, 0x57, 0x0f, 0xa8, 0xb9, 0xdd, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x01, 0x04, 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x2d, 0xbd, 0x92, 0x58, 0xc8, 0xcd, 0xc3, 0xc5, 0x14, 0xe3, 0x6e, 0x5f, 0xab, 0x71, 0x41, 0x46, 0x83, 0xb4, 0x3e, 0x82, 0xdb, 0xe7, 0x7d, 0x27, 0xe5, 0x26, 0x36, 0x94, 0xcb, 0x4c, 0x72, 0x8f, 0x22, 0x58, 0x20, 0xbf, 0xa2, 0xa7, 0x15, 0x46, 0x5a, 0xea, 0xa8, 0xc7, 0xad, 0x22, 0x61, 0x9c, 0xba, 0x87, 0x70, 0x65, 0x64, 0x11, 0x05, 0x8a, 0x58, 0x8c, 0x0c, 0x25, 0xc7, 0xf8, 0x5f, 0xfc, 0x4a, 0xee, 0xa1, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x43, 0xba, 0xff, 0xdb, 0xbb, 0xa9, 0x9e, 0x8f, 0x06, 0xdf, 0x33, 0xa0, 0x3f, 0x30, 0xc3, 0x64, 0x84, 0x32, 0xb5, 0x2a, 0x06, 0x53, 0x13, 0x70, 0xbe, 0xa3, 0x0b, 0x4d, 0xbe, 0x8d, 0x8c, 0x90, 0xde, 0x6c, 0x1d, 0xa8, 0xea, 0x40, 0xd5, 0x17, 0xa1, 0xea, 0x62, 0x95, 0x37, 0x64, 0x92, 0xc3, 0xc4, 0xef, 0xd7, 0xcf, 0x87, 0x0c, 0x9a, 0xd2, 0x5c, 0x10, 0x1d, 0x00, 0x2e, 0xe4, 0xe9, 0x1f, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x10, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xea, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xad, 0xd2, 0x8c, 0xcc, 0xfb, 0x22, 0xd8, 0x5a, 0x3b, 0x9d, 0x22, 0x58, 0xb3, 0x7c, 0xcc, 0xa5, 0x22, 0x46, 0x86, 0x2b, 0x29, 0x87, 0x49, 0xdd, 0xe4, 0x2c, 0xb4, 0x3f, 0xf2, 0x4e, 0x6a, 0xed, 0x22, 0x58, 0x20, 0xe9, 0x34, 0x28, 0x54, 0x21, 0x7e, 0x88, 0x34, 0x82, 0x0d, 0x0f, 0x14, 0x5b, 0xec, 0x61, 0xc4, 0xf2, 0xa4, 0xef, 0xf8, 0x17, 0xeb, 0xeb, 0x05, 0x01, 0x36, 0x14, 0x52, 0xc7, 0xc2, 0xd8, 0xd3, 0x23, 0x58, 0x21, 0x00, 0xd9, 0xb4, 0x13, 0xd0, 0x86, 0x31, 0x5e, 0x97, 0xc2, 0x54, 0x03, 0x72, 0x80, 0x6f, 0x14, 0x53, 0xbe, 0x2e, 0xe5, 0x1b, 0x02, 0x1a, 0x62, 0x1a, 0x88, 0xe8, 0xa2, 0xde, 0xd0, 0x7d, 0xf6, 0x53, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xca, 0x7d, 0x6e, 0xb5, 0x78, 0x99, 0x9e, 0x66, 0xf4, 0x5d, 0xfe, 0xd5, 0x92, 0xe3, 0x30, 0xf5, 0xd5, 0xc2, 0x82, 0xf2, 0x6d, 0x58, 0x16, 0x26, 0xa5, 0xe7, 0xfc, 0x62, 0x8f, 0xf3, 0x61, 0x56, 0x22, 0x58, 0x20, 0x9f, 0x42, 0x22, 0x11, 0x1c, 0x45, 0x5c, 0x3a, 0x30, 0x95, 0xb4, 0xb3, 0x63, 0x26, 0x09, 0xfc, 0x2e, 0x6e, 0x99, 0xdd, 0x44, 0x37, 0x34, 0xa9, 0x68, 0x42, 0xf5, 0x91, 0x40, 0xae, 0xfa, 0x52, 0x23, 0x58, 0x21, 0x00, 0xe2, 0x3b, 0xaa, 0x88, 0xfc, 0xec, 0x23, 0xe7, 0x93, 0x91, 0x04, 0x8e, 0xae, 0xa7, 0x44, 0xb4, 0x5e, 0x46, 0xe8, 0x91, 0x59, 0x3e, 0x43, 0x13, 0x82, 0x8e, 0xa1, 0xee, 0x47, 0xbd, 0x13, 0x27, 0x58, 0x40, 0x43, 0x1d, 0xc8, 0x35, 0x44, 0xbf, 0xd5, 0x06, 0x2c, 0xac, 0x18, 0x3c, 0xbb, 0xc6, 0x77, 0x99, 0x2f, 0x4e, 0x71, 0xcd, 0x7a, 0x9b, 0x93, 0xc7, 0x08, 0xa3, 0x71, 0x89, 0xb5, 0xb2, 0x04, 0xbe, 0x69, 0x22, 0xf3, 0x66, 0xb8, 0xa9, 0xc6, 0x5e, 0x7c, 0x45, 0xf6, 0x2f, 0x8a, 0xa9, 0x3e, 0xee, 0x6f, 0x92, 0x2a, 0x9c, 0x91, 0xe2, 0x1d, 0x4a, 0x4e, 0x4a, 0xb4, 0xcc, 0x87, 0xd2, 0x85, 0x5f, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73}; const RpcHardwareInfo kRpcHardwareInfo = {.versionNumber = 3}; inline bool equal_byte_views(const byte_view& view1, const byte_view& view2) { Loading Loading @@ -765,6 +915,21 @@ TEST(RemoteProvUtilsTest, dontRequireUdsCertsWhenNotPresent) { ASSERT_TRUE(csr) << csr.message(); } TEST(RemoteProvUtilsTest, compareRootPublicKeysInDiceChains) { ASSERT_NE(kCsrWithSharedUdsRoot1, kCsrWithSharedUdsRoot2); ASSERT_NE(kCsrWithUdsCerts, kCsrWithSharedUdsRoot1); auto equal = compareRootPublicKeysInDiceChains(kCsrWithSharedUdsRoot1, DEFAULT_INSTANCE_NAME, kCsrWithSharedUdsRoot2, DEFAULT_INSTANCE_NAME); ASSERT_TRUE(equal) << equal.message(); ASSERT_TRUE(*equal) << "Root public keys in DICE chains do not match."; auto notEqual = compareRootPublicKeysInDiceChains(kCsrWithSharedUdsRoot1, DEFAULT_INSTANCE_NAME, kCsrWithUdsCerts, DEFAULT_INSTANCE_NAME); ASSERT_TRUE(notEqual) << notEqual.message(); ASSERT_FALSE(*notEqual) << "Root public keys in DICE chains match."; } TEST(RemoteProvUtilsTest, parseFullyQualifiedInstanceNames) { ASSERT_EQ(deviceSuffix(RKPVM_INSTANCE_NAME), "avf"); ASSERT_EQ(deviceSuffix(DEFAULT_INSTANCE_NAME), "default"); Loading
security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +69 −23 Original line number Diff line number Diff line Loading @@ -151,20 +151,24 @@ ErrMsgOr<bytevec> corrupt_sig_chain(const bytevec& encodedEekChain, int which) { return corruptChain.encode(); } bool matching_keymint_device(const string& rp_name, std::shared_ptr<IKeyMintDevice>* keyMint) { auto rp_suffix = deviceSuffix(rp_name); template <class T> auto getHandle(const string& serviceName) { ::ndk::SpAIBinder binder(AServiceManager_waitForService(serviceName.c_str())); return T::fromBinder(binder); } std::shared_ptr<IKeyMintDevice> matchingKeyMintDevice(const string& rpcName) { auto rpcSuffix = deviceSuffix(rpcName); vector<string> km_names = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor); for (const string& km_name : km_names) { vector<string> kmNames = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor); for (const string& kmName : kmNames) { // If the suffix of the KeyMint instance equals the suffix of the // RemotelyProvisionedComponent instance, assume they match. if (deviceSuffix(km_name) == rp_suffix && AServiceManager_isDeclared(km_name.c_str())) { ::ndk::SpAIBinder binder(AServiceManager_waitForService(km_name.c_str())); *keyMint = IKeyMintDevice::fromBinder(binder); return true; if (deviceSuffix(kmName) == rpcSuffix && AServiceManager_isDeclared(kmName.c_str())) { getHandle<IKeyMintDevice>(kmName); } } return false; return nullptr; } } // namespace Loading @@ -173,8 +177,7 @@ class VtsRemotelyProvisionedComponentTests : public testing::TestWithParam<std:: public: virtual void SetUp() override { if (AServiceManager_isDeclared(GetParam().c_str())) { ::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str())); provisionable_ = IRemotelyProvisionedComponent::fromBinder(binder); provisionable_ = getHandle<IRemotelyProvisionedComponent>(GetParam()); } ASSERT_NE(provisionable_, nullptr); auto status = provisionable_->getHardwareInfo(&rpcHardwareInfo); Loading Loading @@ -210,9 +213,7 @@ TEST(NonParameterizedTests, eachRpcHasAUniqueId) { std::set<std::string> uniqueIds; for (auto hal : ::android::getAidlHalInstanceNames(IRemotelyProvisionedComponent::descriptor)) { ASSERT_TRUE(AServiceManager_isDeclared(hal.c_str())); ::ndk::SpAIBinder binder(AServiceManager_waitForService(hal.c_str())); std::shared_ptr<IRemotelyProvisionedComponent> rpc = IRemotelyProvisionedComponent::fromBinder(binder); auto rpc = getHandle<IRemotelyProvisionedComponent>(hal); ASSERT_NE(rpc, nullptr); RpcHardwareInfo hwInfo; Loading Loading @@ -248,9 +249,7 @@ TEST(NonParameterizedTests, requireDiceOnDefaultInstanceIfStrongboxPresent) { GTEST_SKIP() << "Strongbox is not present on this device."; } ::ndk::SpAIBinder binder(AServiceManager_waitForService(DEFAULT_INSTANCE_NAME.c_str())); std::shared_ptr<IRemotelyProvisionedComponent> rpc = IRemotelyProvisionedComponent::fromBinder(binder); auto rpc = getHandle<IRemotelyProvisionedComponent>(DEFAULT_INSTANCE_NAME); ASSERT_NE(rpc, nullptr); bytevec challenge = randomBytes(64); Loading @@ -263,6 +262,55 @@ TEST(NonParameterizedTests, requireDiceOnDefaultInstanceIfStrongboxPresent) { ASSERT_TRUE(*result); } /** * Verify that if a protected VM (also called `avf` or RKP VM) implementation exists, then the * protected VM and the primary KeyMint (also called 'default') implementation's DICE certificate * chain has the same root public key, i.e., the same UDS public key */ // @VsrTest = 7.1-003.001 TEST(NonParameterizedTests, equalUdsPubInDiceCertChainForRkpVmAndPrimaryKeyMintInstances) { int apiLevel = get_vsr_api_level(); if (apiLevel < 202504) { if (!AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str())) { GTEST_SKIP() << "The RKP VM (" << RKPVM_INSTANCE_NAME << ") is not present on this device."; } } else { ASSERT_TRUE(AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str())); } auto rkpVmRpc = getHandle<IRemotelyProvisionedComponent>(RKPVM_INSTANCE_NAME); ASSERT_NE(rkpVmRpc, nullptr) << "The RKP VM (" << RKPVM_INSTANCE_NAME << ") RPC is unavailable."; RpcHardwareInfo hardwareInfo; auto status = rkpVmRpc->getHardwareInfo(&hardwareInfo); if (!status.isOk()) { GTEST_SKIP() << "The RKP VM is not supported on this system."; } bytevec rkpVmChallenge = randomBytes(MAX_CHALLENGE_SIZE); bytevec rkpVmCsr; auto rkpVmStatus = rkpVmRpc->generateCertificateRequestV2({} /* keysToSign */, rkpVmChallenge, &rkpVmCsr); ASSERT_TRUE(rkpVmStatus.isOk()) << rkpVmStatus.getDescription(); auto primaryKeyMintRpc = getHandle<IRemotelyProvisionedComponent>(DEFAULT_INSTANCE_NAME); ASSERT_NE(primaryKeyMintRpc, nullptr) << "The Primary KeyMint (" << DEFAULT_INSTANCE_NAME << ") RPC is unavailable."; bytevec primaryKeyMintChallenge = randomBytes(MAX_CHALLENGE_SIZE); bytevec primaryKeyMintCsr; auto primaryKeyMintStatus = primaryKeyMintRpc->generateCertificateRequestV2( {} /* keysToSign */, primaryKeyMintChallenge, &primaryKeyMintCsr); ASSERT_TRUE(primaryKeyMintStatus.isOk()) << primaryKeyMintStatus.getDescription(); auto equal = compareRootPublicKeysInDiceChains(rkpVmCsr, RKPVM_INSTANCE_NAME, primaryKeyMintCsr, DEFAULT_INSTANCE_NAME); ASSERT_TRUE(equal) << equal.message(); ASSERT_TRUE(*equal) << "Primary KeyMint and RKP VM RPCs have different UDS public keys"; } using GetHardwareInfoTests = VtsRemotelyProvisionedComponentTests; INSTANTIATE_REM_PROV_AIDL_TEST(GetHardwareInfoTests); Loading Loading @@ -336,9 +384,8 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_prodMode) { */ TEST_P(GenerateKeyTests, generateAndUseEcdsaP256Key_prodMode) { // See if there is a matching IKeyMintDevice for this IRemotelyProvisionedComponent. std::shared_ptr<IKeyMintDevice> keyMint; if (!matching_keymint_device(GetParam(), &keyMint)) { // No matching IKeyMintDevice. auto keyMint = matchingKeyMintDevice(GetParam()); if (!keyMint) { GTEST_SKIP() << "Skipping key use test as no matching KeyMint device found"; return; } Loading Loading @@ -931,9 +978,8 @@ void parse_root_of_trust(const vector<uint8_t>& attestation_cert, // @VsrTest = 3.10-015 TEST_P(CertificateRequestV2Test, DeviceInfo) { // See if there is a matching IKeyMintDevice for this IRemotelyProvisionedComponent. std::shared_ptr<IKeyMintDevice> keyMint; if (!matching_keymint_device(GetParam(), &keyMint)) { // No matching IKeyMintDevice. std::shared_ptr<IKeyMintDevice> keyMint = matchingKeyMintDevice(GetParam()); if (!keyMint) { GTEST_SKIP() << "Skipping key use test as no matching KeyMint device found"; return; } Loading
