summaryrefslogtreecommitdiff
path: root/security/keymint/support/remote_prov_utils.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'security/keymint/support/remote_prov_utils.cpp')
-rw-r--r--security/keymint/support/remote_prov_utils.cpp18
1 files changed, 18 insertions, 0 deletions
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 33f1ed3353..982a1eb7b1 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -14,6 +14,8 @@
* limitations under the License.
*/
+#include <tuple>
+
#include <remote_prov/remote_prov_utils.h>
#include <openssl/rand.h>
@@ -31,6 +33,10 @@ bytevec randomBytes(size_t numBytes) {
}
ErrMsgOr<EekChain> generateEekChain(size_t length, const bytevec& eekId) {
+ if (length < 2) {
+ return "EEK chain must contain at least 2 certs.";
+ }
+
auto eekChain = cppbor::Array();
bytevec prev_priv_key;
@@ -78,6 +84,18 @@ ErrMsgOr<EekChain> generateEekChain(size_t length, const bytevec& eekId) {
return EekChain{eekChain.encode(), pub_key, priv_key};
}
+bytevec getProdEekChain() {
+ bytevec prodEek;
+ prodEek.reserve(1 + sizeof(kCoseEncodedRootCert) + sizeof(kCoseEncodedGeekCert));
+
+ // In CBOR encoding, 0x82 indicates an array of two items
+ prodEek.push_back(0x82);
+ prodEek.insert(prodEek.end(), std::begin(kCoseEncodedRootCert), std::end(kCoseEncodedRootCert));
+ prodEek.insert(prodEek.end(), std::begin(kCoseEncodedGeekCert), std::end(kCoseEncodedGeekCert));
+
+ return prodEek;
+}
+
ErrMsgOr<bytevec> verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1,
const bytevec& signingCoseKey, const bytevec& aad) {
if (!coseSign1 || coseSign1->size() != kCoseSign1EntryCount) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-04 01:52:39 +0000