diff options
| author | Seth Moore <sethmo@google.com> | 2021-06-22 17:13:05 -0700 |
|---|---|---|
| committer | Seth Moore <sethmo@google.com> | 2021-06-25 10:48:49 -0700 |
| commit | 50d62b0b15ecf05502e4b119f8509be1fdc47496 (patch) | |
| tree | b230bd3d5ca9fc9089f76b4389a4d88c132e4bb3 /security/keymint/support/remote_prov_utils_test.cpp | |
| parent | 42a2f6b6e26dac1b282d91e7726203f10f4b4249 (diff) | |
Add real GEEK for RKP factory enrollment
Include a unit test to verify the GEEK cert chain is valid.
Test: libkeymint_remote_prov_support_test
Bug: 191301285
Change-Id: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
Merged-In: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
Diffstat (limited to 'security/keymint/support/remote_prov_utils_test.cpp')
| -rw-r--r-- | security/keymint/support/remote_prov_utils_test.cpp | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp index fbf5b95897..c360c06506 100644 --- a/security/keymint/support/remote_prov_utils_test.cpp +++ b/security/keymint/support/remote_prov_utils_test.cpp @@ -14,13 +14,16 @@ * limitations under the License. */ +#include <cppbor_parse.h> #include <gmock/gmock.h> #include <gtest/gtest.h> #include <keymaster/android_keymaster_utils.h> +#include <keymaster/logger.h> #include <keymaster/remote_provisioning_utils.h> #include <openssl/curve25519.h> #include <remote_prov/remote_prov_utils.h> #include <cstdint> +#include "keymaster/cppcose/cppcose.h" namespace aidl::android::hardware::security::keymint::remote_prov { namespace { @@ -51,5 +54,31 @@ TEST(RemoteProvUtilsTest, GenerateEekChain) { } } +TEST(RemoteProvUtilsTest, GetProdEekChain) { + auto chain = getProdEekChain(); + + auto validation_result = validateAndExtractEekPubAndId( + /*testMode=*/false, KeymasterBlob(chain.data(), chain.size())); + ASSERT_TRUE(validation_result.isOk()) << "Error: " << validation_result.moveError(); + + auto& [eekPub, eekId] = *validation_result; + + auto [geekCert, ignoredNewPos, error] = + cppbor::parse(kCoseEncodedGeekCert, sizeof(kCoseEncodedGeekCert)); + ASSERT_NE(geekCert, nullptr) << "Error: " << error; + ASSERT_NE(geekCert->asArray(), nullptr); + + auto& encodedGeekCoseKey = geekCert->asArray()->get(kCoseSign1Payload); + ASSERT_NE(encodedGeekCoseKey, nullptr); + ASSERT_NE(encodedGeekCoseKey->asBstr(), nullptr); + + auto geek = CoseKey::parse(encodedGeekCoseKey->asBstr()->value()); + ASSERT_TRUE(geek) << "Error: " << geek.message(); + + const std::vector<uint8_t> empty; + EXPECT_THAT(eekId, ElementsAreArray(geek->getBstrValue(CoseKey::KEY_ID).value_or(empty))); + EXPECT_THAT(eekPub, ElementsAreArray(geek->getBstrValue(CoseKey::PUBKEY_X).value_or(empty))); +} + } // namespace } // namespace aidl::android::hardware::security::keymint::remote_prov |