summaryrefslogtreecommitdiff
path: root/security/keymint/support/remote_prov_utils.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Add a utility to JSON-format a CSR with build infoSeth Moore2021-06-301-4/+38
| | | | | | | | | | | | | We need both the build fingerprint as well as the CSR when uploading data to the APFE provisioning server. Add a utility function to format the output as a JSON blob so that it may be easily collected in the factory in a serialized data format, then later uploaded. Test: libkeymint_remote_prov_support_test Test: VtsAidlKeyMintTargetTest Test: VtsHalRemotelyProvisionedComponentTargetTest Bug: 191301285 Change-Id: I751c5461876d83251869539f1a395ba13cb5cf84
* Add real GEEK for RKP factory enrollmentSeth Moore2021-06-231-0/+14
| | | | | | | | | Include a unit test to verify the GEEK cert chain is valid. Test: libkeymint_remote_prov_support_test Ignore-AOSP-First: No merge path to aosp, will manually merge Bug: 191301285 Change-Id: Icf9cfa165fbccb24b36b03ff3ce729a7e9c44cfd
* Add a unit test for remote_prov_utilsSeth Moore2021-06-221-0/+4
| | | | | | | | | | | This functionality will be used for the factory tooling, so we should test it. Additionally, some new functionality will soon be added, and it also needs to be tested. Ignore-AOSP-First: No merge path to aosp, will manually merge Test: libkeymint_remote_prov_support_test Bug: 191301285 Change-Id: I6a8798fc4b09fff1e829185a4b9e471921e5d2a9
* Remove ignoreSignature for cose signature checksSeth Moore2021-06-171-20/+14
| | | | | | | | | | | | This flag is never used anywhere, so just remove it. When used, it would bypass signature checks. This is something we generally don't want to do, even in testing. So remove the flag so there's no temptation to use it. Ignore-AOSP-First: Will cherry-pick to AOSP Bug: 190942528 Test: VtsHalRemotelyProvisionedComponentTargetTest Change-Id: I0433c1eedc08e9a5a5ad71347154867dba61689e
* Add more EEK variant tests and related fixesDavid Drysdale2021-03-291-0/+2
| | | | | | | | | | | | | | | | | | | | - Test with deliberately-invalid EEK in request: - corrupt signature - missing initial self-signed cert - Test with different sizes of EEK chain. These tests will only really take effect when we have a valid GEEK to test with. Other changes: - Fix encoding of KeyUsage bitset. - Add a made-up allowed-root pubkey for prod mode. This needs to be replaced with the real GEEK when available. - Fix generateEek() so that the first private key isn't used for all signing operations. Test: VtsHalRemotelyProvisionedComponentTargetTest Change-Id: I833894d33cd1757b7a0cfcf18f79b61e4e56a556
* COSE unprotected parameters are a map not a bstrDavid Drysdale2021-03-151-1/+1
| | | | | | | | | As per RFC 8152 section 3, the unprotected parameters in the headers of COSE objects are just encoded as a map, not as a bstr that contains the CBOR-encoding of a map. Test: TreeHugger presubmit Change-Id: Id4eeb023d3a81ad1398d78d410c8224bf941f9b1
* Add RemotelyProvisionedComponent HAL.Shawn Willden2021-02-161-0/+169
Test: VtsHalRemotelyProvisionedComponentTargetTest Change-Id: I51fb01f4c52949c81f3ad2d694a4afdf0fa67788
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-22 02:44:22 +0000