Merge changes from topic "rkp-factory-tool"

* changes:
  Add real GEEK for RKP factory enrollment
  Add a unit test for remote_prov_utils

1 files changed, 18 insertions, 0 deletions

diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 33f1ed3353..982a1eb7b1 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -14,6 +14,8 @@
  * limitations under the License.
  */
 
+#include <tuple>
+
 #include <remote_prov/remote_prov_utils.h>
 
 #include <openssl/rand.h>
@@ -31,6 +33,10 @@ bytevec randomBytes(size_t numBytes) {
 }
 
 ErrMsgOr<EekChain> generateEekChain(size_t length, const bytevec& eekId) {
+    if (length < 2) {
+        return "EEK chain must contain at least 2 certs.";
+    }
+
     auto eekChain = cppbor::Array();
 
     bytevec prev_priv_key;
@@ -78,6 +84,18 @@ ErrMsgOr<EekChain> generateEekChain(size_t length, const bytevec& eekId) {
     return EekChain{eekChain.encode(), pub_key, priv_key};
 }
 
+bytevec getProdEekChain() {
+    bytevec prodEek;
+    prodEek.reserve(1 + sizeof(kCoseEncodedRootCert) + sizeof(kCoseEncodedGeekCert));
+
+    // In CBOR encoding, 0x82 indicates an array of two items
+    prodEek.push_back(0x82);
+    prodEek.insert(prodEek.end(), std::begin(kCoseEncodedRootCert), std::end(kCoseEncodedRootCert));
+    prodEek.insert(prodEek.end(), std::begin(kCoseEncodedGeekCert), std::end(kCoseEncodedGeekCert));
+
+    return prodEek;
+}
+
 ErrMsgOr<bytevec> verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1,
                                              const bytevec& signingCoseKey, const bytevec& aad) {
     if (!coseSign1 || coseSign1->size() != kCoseSign1EntryCount) {