Merge "Remove METADATA file" into main
diff --git a/neuralnetworks/1.2/utils/test/DeviceTest.cpp b/neuralnetworks/1.2/utils/test/DeviceTest.cpp
index 0e855c4..0d8c141 100644
--- a/neuralnetworks/1.2/utils/test/DeviceTest.cpp
+++ b/neuralnetworks/1.2/utils/test/DeviceTest.cpp
@@ -54,10 +54,6 @@
.execTime = std::numeric_limits<float>::max(),
.powerUsage = std::numeric_limits<float>::max()};
-// FIXME: This function causes Clang to hang indefinitely when building with
-// -O1. Turn off optimization as a temporary workaround.
-// http://b/296850773
-#pragma clang optimize off
template <typename... Args>
auto makeCallbackReturn(Args&&... args) {
return [argPack = std::make_tuple(std::forward<Args>(args)...)](const auto& cb) {
@@ -65,7 +61,6 @@
return Void();
};
}
-#pragma clang optimize on
sp<MockDevice> createMockDevice() {
const auto mockDevice = MockDevice::create();
diff --git a/radio/aidl/android/hardware/radio/modem/HardwareConfigModem.aidl b/radio/aidl/android/hardware/radio/modem/HardwareConfigModem.aidl
index 4818c9e..0389170 100644
--- a/radio/aidl/android/hardware/radio/modem/HardwareConfigModem.aidl
+++ b/radio/aidl/android/hardware/radio/modem/HardwareConfigModem.aidl
@@ -32,9 +32,12 @@
*/
int rilModel;
/**
- * Bitset value, based on RadioTechnology.
+ * All supported radio technologies.
+ *
+ * Despite the stated type, this is an int bitset: a mask where each bit position represents a
+ * radio technology.
*/
- RadioTechnology rat = RadioTechnology.UNKNOWN;
+ RadioTechnology rat = RadioTechnology.UNKNOWN; // it's really an empty bitmask
/**
* Maximum number of concurrent active voice calls.
*/
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index e8eed71..b57dd8a 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -548,10 +548,8 @@
void deleteKey(in byte[] keyBlob);
/**
- * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
- * this function is called all keys with Tag::ROLLBACK_RESISTANCE in their hardware-enforced
- * authorization lists must be rendered permanently unusable. Keys without
- * Tag::ROLLBACK_RESISTANCE may or may not be rendered unusable.
+ * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
+ * this function is called all keys created previously must be rendered permanently unusable.
*/
void deleteAllKeys();
diff --git a/security/keymint/aidl/default/hal/lib.rs b/security/keymint/aidl/default/hal/lib.rs
index 621f077..fad807f 100644
--- a/security/keymint/aidl/default/hal/lib.rs
+++ b/security/keymint/aidl/default/hal/lib.rs
@@ -47,11 +47,9 @@
/// Get boot information based on system properties.
pub fn get_boot_info() -> kmr_wire::SetBootInfoRequest {
- // No access to a verified boot key.
- let verified_boot_key = vec![0; 32];
let vbmeta_digest = get_property("ro.boot.vbmeta.digest").unwrap_or_else(|_| "00".repeat(32));
let verified_boot_hash = hex::decode(&vbmeta_digest).unwrap_or_else(|_e| {
- error!("failed to parse hex data in '{}'", vbmeta_digest);
+ error!("failed to parse VBMeta digest hex data in '{vbmeta_digest}': {_e:?}");
vec![0; 32]
});
let device_boot_locked = match get_property("ro.boot.vbmeta.device_state")
@@ -65,6 +63,18 @@
false
}
};
+ let verified_boot_key_digest =
+ get_property("ro.boot.vbmeta.public_key_digest").unwrap_or_else(|_| "00".repeat(32));
+ let verified_boot_key = match device_boot_locked {
+ true => hex::decode(&verified_boot_key_digest).unwrap_or_else(|_e| {
+ error!("Failed to parse Verified Boot key hex data in '{verified_boot_key_digest}': {_e:?}");
+ vec![0; 32]
+ }),
+ // VTS-16+ requires the attested Verified Boot key to be 32 bytes of zeroes when the
+ // bootloader is unlocked, so we ignore the property's value in that case. Behaviour
+ // prior to VTS-16 is unspecified, so it's fine to return the same.
+ false => vec![0; 32],
+ };
let verified_boot_state = match get_property("ro.boot.verifiedbootstate")
.unwrap_or_else(|_| "no-prop".to_string())
.as_str()
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 067db78..416e6c0 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -8305,21 +8305,15 @@
GTEST_SKIP() << "Option --arm_deleteAllKeys not set";
return;
}
+ // This test was introduced in API level 36, but is not version guarded because it requires a
+ // manual opt-in anyway. This makes it easier to run on older devices.
auto error = GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
- if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
- GTEST_SKIP() << "Rollback resistance not supported";
- }
-
- // Delete must work if rollback protection is implemented
ASSERT_EQ(ErrorCode::OK, error);
- AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
- ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());
diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h
index 6cb00f2..3fa23cc 100644
--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h
+++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h
@@ -29,6 +29,11 @@
using bytevec = std::vector<uint8_t>;
using namespace cppcose;
+constexpr std::string_view kErrorChallengeMismatch = "challenges do not match";
+constexpr std::string_view kErrorUdsCertsAreRequired = "UdsCerts are required";
+constexpr std::string_view kErrorKeysToSignMismatch = "KeysToSign do not match";
+constexpr std::string_view kErrorDiceChainIsDegenerate = "DICE chain is degenerate";
+
extern bytevec kTestMacKey;
// The Google root key for the Endpoint Encryption Key chain, encoded as COSE_Sign1
@@ -209,6 +214,14 @@
ErrMsgOr<bool> isCsrWithProperDiceChain(const std::vector<uint8_t>& csr,
const std::string& instanceName);
+/** Checks whether the CSRs contain DICE certificate chains that have root certificates
+ * with the same public key.
+ */
+ErrMsgOr<bool> compareRootPublicKeysInDiceChains(const std::vector<uint8_t>& csr1,
+ std::string_view instanceName1,
+ const std::vector<uint8_t>& csr2,
+ std::string_view instanceName2);
+
/** Verify the DICE chain. */
ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc,
hwtrust::DiceChain::Kind kind, bool allowAnyMode,
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index e11f021..15b2144 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -123,37 +123,6 @@
return std::make_tuple(std::move(pubX), std::move(pubY));
}
-ErrMsgOr<bytevec> getRawPublicKey(const EVP_PKEY_Ptr& pubKey) {
- if (pubKey.get() == nullptr) {
- return "pkey is null.";
- }
- int keyType = EVP_PKEY_base_id(pubKey.get());
- switch (keyType) {
- case EVP_PKEY_EC: {
- int nid = EVP_PKEY_bits(pubKey.get()) == 384 ? NID_secp384r1 : NID_X9_62_prime256v1;
- auto ecKey = EC_KEY_Ptr(EVP_PKEY_get1_EC_KEY(pubKey.get()));
- if (ecKey.get() == nullptr) {
- return "Failed to get ec key";
- }
- return ecKeyGetPublicKey(ecKey.get(), nid);
- }
- case EVP_PKEY_ED25519: {
- bytevec rawPubKey;
- size_t rawKeySize = 0;
- if (!EVP_PKEY_get_raw_public_key(pubKey.get(), NULL, &rawKeySize)) {
- return "Failed to get raw public key.";
- }
- rawPubKey.resize(rawKeySize);
- if (!EVP_PKEY_get_raw_public_key(pubKey.get(), rawPubKey.data(), &rawKeySize)) {
- return "Failed to get raw public key.";
- }
- return rawPubKey;
- }
- default:
- return "Unknown key type.";
- }
-}
-
ErrMsgOr<std::tuple<bytevec, bytevec>> generateEc256KeyPair() {
auto ec_key = EC_KEY_Ptr(EC_KEY_new());
if (ec_key.get() == nullptr) {
@@ -166,7 +135,7 @@
}
if (EC_KEY_set_group(ec_key.get(), group.get()) != 1 ||
- EC_KEY_generate_key(ec_key.get()) != 1 || EC_KEY_check_key(ec_key.get()) < 0) {
+ EC_KEY_generate_key(ec_key.get()) != 1 || EC_KEY_check_key(ec_key.get()) != 1) {
return "Error generating key";
}
@@ -331,17 +300,22 @@
return chain.encode();
}
+bool maybeOverrideAllowAnyMode(bool allowAnyMode) {
+ // Use ro.build.type instead of ro.debuggable because ro.debuggable=1 for VTS testing
+ std::string build_type = ::android::base::GetProperty("ro.build.type", "");
+ if (!build_type.empty() && build_type != "user") {
+ return true;
+ }
+ return allowAnyMode;
+}
+
ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc,
hwtrust::DiceChain::Kind kind, bool allowAnyMode,
bool allowDegenerate,
const std::string& instanceName) {
auto encodedBcc = bcc->encode();
- // Use ro.build.type instead of ro.debuggable because ro.debuggable=1 for VTS testing
- std::string build_type = ::android::base::GetProperty("ro.build.type", "");
- if (!build_type.empty() && build_type != "user") {
- allowAnyMode = true;
- }
+ allowAnyMode = maybeOverrideAllowAnyMode(allowAnyMode);
auto chain =
hwtrust::DiceChain::Verify(encodedBcc, kind, allowAnyMode, deviceSuffix(instanceName));
@@ -779,233 +753,9 @@
/*isFactory=*/false, allowAnyMode);
}
-ErrMsgOr<X509_Ptr> parseX509Cert(const std::vector<uint8_t>& cert) {
- CRYPTO_BUFFER_Ptr certBuf(CRYPTO_BUFFER_new(cert.data(), cert.size(), nullptr));
- if (!certBuf.get()) {
- return "Failed to create crypto buffer.";
- }
- X509_Ptr result(X509_parse_from_buffer(certBuf.get()));
- if (!result.get()) {
- return "Failed to parse certificate.";
- }
- return result;
-}
-
-std::string getX509IssuerName(const X509_Ptr& cert) {
- char* name = X509_NAME_oneline(X509_get_issuer_name(cert.get()), nullptr, 0);
- std::string result(name);
- OPENSSL_free(name);
- return result;
-}
-
-std::string getX509SubjectName(const X509_Ptr& cert) {
- char* name = X509_NAME_oneline(X509_get_subject_name(cert.get()), nullptr, 0);
- std::string result(name);
- OPENSSL_free(name);
- return result;
-}
-
-// Validates the certificate chain and returns the leaf public key.
-ErrMsgOr<bytevec> validateCertChain(const cppbor::Array& chain) {
- bytevec rawPubKey;
- for (size_t i = 0; i < chain.size(); ++i) {
- // Root must be self-signed.
- size_t signingCertIndex = (i > 0) ? i - 1 : i;
- auto& keyCertItem = chain[i];
- auto& signingCertItem = chain[signingCertIndex];
- if (!keyCertItem || !keyCertItem->asBstr()) {
- return "Key certificate must be a Bstr.";
- }
- if (!signingCertItem || !signingCertItem->asBstr()) {
- return "Signing certificate must be a Bstr.";
- }
-
- auto keyCert = parseX509Cert(keyCertItem->asBstr()->value());
- if (!keyCert) {
- return keyCert.message();
- }
- auto signingCert = parseX509Cert(signingCertItem->asBstr()->value());
- if (!signingCert) {
- return signingCert.message();
- }
-
- EVP_PKEY_Ptr pubKey(X509_get_pubkey(keyCert->get()));
- if (!pubKey.get()) {
- return "Failed to get public key.";
- }
- EVP_PKEY_Ptr signingPubKey(X509_get_pubkey(signingCert->get()));
- if (!signingPubKey.get()) {
- return "Failed to get signing public key.";
- }
-
- if (!X509_verify(keyCert->get(), signingPubKey.get())) {
- return "Verification of certificate " + std::to_string(i) +
- " faile. OpenSSL error string: " + ERR_error_string(ERR_get_error(), NULL);
- }
-
- auto certIssuer = getX509IssuerName(*keyCert);
- auto signerSubj = getX509SubjectName(*signingCert);
- if (certIssuer != signerSubj) {
- return "Certificate " + std::to_string(i) + " has wrong issuer. Signer subject is " +
- signerSubj + " Issuer subject is " + certIssuer;
- }
- if (i == chain.size() - 1) {
- auto key = getRawPublicKey(pubKey);
- if (!key) return key.moveMessage();
- rawPubKey = key.moveValue();
- }
- }
- return rawPubKey;
-}
-
-std::optional<std::string> validateUdsCerts(const cppbor::Map& udsCerts,
- const bytevec& udsCoseKeyBytes) {
- for (const auto& [signerName, udsCertChain] : udsCerts) {
- if (!signerName || !signerName->asTstr()) {
- return "Signer Name must be a Tstr.";
- }
- if (!udsCertChain || !udsCertChain->asArray()) {
- return "UDS certificate chain must be an Array.";
- }
- if (udsCertChain->asArray()->size() < 2) {
- return "UDS certificate chain must have at least two entries: root and leaf.";
- }
-
- auto leafPubKey = validateCertChain(*udsCertChain->asArray());
- if (!leafPubKey) {
- return leafPubKey.message();
- }
- auto coseKey = CoseKey::parse(udsCoseKeyBytes);
- if (!coseKey) {
- return coseKey.moveMessage();
- }
- auto curve = coseKey->getIntValue(CoseKey::CURVE);
- if (!curve) {
- return "CoseKey must contain curve.";
- }
- bytevec udsPub;
- if (curve == CoseKeyCurve::P256 || curve == CoseKeyCurve::P384) {
- auto pubKey = coseKey->getEcPublicKey();
- if (!pubKey) {
- return pubKey.moveMessage();
- }
- // convert public key to uncompressed form by prepending 0x04 at begin.
- pubKey->insert(pubKey->begin(), 0x04);
- udsPub = pubKey.moveValue();
- } else if (curve == CoseKeyCurve::ED25519) {
- auto& pubkey = coseKey->getMap().get(cppcose::CoseKey::PUBKEY_X);
- if (!pubkey || !pubkey->asBstr()) {
- return "Invalid public key.";
- }
- udsPub = pubkey->asBstr()->value();
- } else {
- return "Unknown curve.";
- }
- if (*leafPubKey != udsPub) {
- return "Leaf public key in UDS certificate chain doesn't match UDS public key.";
- }
- }
- return std::nullopt;
-}
-
-ErrMsgOr<std::unique_ptr<cppbor::Array>> parseAndValidateCsrPayload(
- const cppbor::Array& keysToSign, const std::vector<uint8_t>& csrPayload,
- const RpcHardwareInfo& rpcHardwareInfo, bool isFactory) {
- auto [parsedCsrPayload, _, errMsg] = cppbor::parse(csrPayload);
- if (!parsedCsrPayload) {
- return errMsg;
- }
-
- std::unique_ptr<cppbor::Array> parsed(parsedCsrPayload.release()->asArray());
- if (!parsed) {
- return "CSR payload is not a CBOR array.";
- }
-
- if (parsed->size() != 4U) {
- return "CSR payload must contain version, certificate type, device info, keys. "
- "However, the parsed CSR payload has " +
- std::to_string(parsed->size()) + " entries.";
- }
-
- auto signedVersion = parsed->get(0)->asUint();
- auto signedCertificateType = parsed->get(1)->asTstr();
- auto signedDeviceInfo = parsed->get(2)->asMap();
- auto signedKeys = parsed->get(3)->asArray();
-
- if (!signedVersion || signedVersion->value() != 3U) {
- return "CSR payload version must be an unsigned integer and must be equal to 3.";
- }
- if (!signedCertificateType) {
- // Certificate type is allowed to be extendend by vendor, i.e. we can't
- // enforce its value.
- return "Certificate type must be a Tstr.";
- }
- if (!signedDeviceInfo) {
- return "Device info must be an Map.";
- }
- if (!signedKeys) {
- return "Keys must be an Array.";
- }
-
- auto result =
- parseAndValidateDeviceInfo(signedDeviceInfo->encode(), rpcHardwareInfo, isFactory);
- if (!result) {
- return result.message();
- }
-
- if (signedKeys->encode() != keysToSign.encode()) {
- return "Signed keys do not match.";
- }
-
- return std::move(parsed);
-}
-
-ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequestSignedPayload(
- const std::vector<uint8_t>& signedPayload, const std::vector<uint8_t>& challenge) {
- auto [parsedSignedPayload, _, errMsg] = cppbor::parse(signedPayload);
- if (!parsedSignedPayload) {
- return errMsg;
- }
- if (!parsedSignedPayload->asArray()) {
- return "SignedData payload is not a CBOR array.";
- }
- if (parsedSignedPayload->asArray()->size() != 2U) {
- return "SignedData payload must contain the challenge and request. However, the parsed "
- "SignedData payload has " +
- std::to_string(parsedSignedPayload->asArray()->size()) + " entries.";
- }
-
- auto signedChallenge = parsedSignedPayload->asArray()->get(0)->asBstr();
- auto signedRequest = parsedSignedPayload->asArray()->get(1)->asBstr();
-
- if (!signedChallenge) {
- return "Challenge must be a Bstr.";
- }
-
- if (challenge.size() > 64) {
- return "Challenge size must be between 0 and 64 bytes inclusive. "
- "However, challenge is " +
- std::to_string(challenge.size()) + " bytes long.";
- }
-
- auto challengeBstr = cppbor::Bstr(challenge);
- if (*signedChallenge != challengeBstr) {
- return "Signed challenge does not match."
- "\n Actual: " +
- cppbor::prettyPrint(signedChallenge->asBstr(), 64 /* maxBStrSize */) +
- "\nExpected: " + cppbor::prettyPrint(&challengeBstr, 64 /* maxBStrSize */);
- }
-
- if (!signedRequest) {
- return "Request must be a Bstr.";
- }
-
- return signedRequest->value();
-}
-
ErrMsgOr<hwtrust::DiceChain::Kind> getDiceChainKind() {
int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1);
- if (vendor_api_level == __ANDROID_API_T__) {
+ if (vendor_api_level <= __ANDROID_API_T__) {
return hwtrust::DiceChain::Kind::kVsr13;
} else if (vendor_api_level == __ANDROID_API_U__) {
return hwtrust::DiceChain::Kind::kVsr14;
@@ -1018,87 +768,8 @@
}
}
-ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t>& request,
- const std::vector<uint8_t>& challenge,
- const std::string& instanceName,
- bool allowAnyMode = false,
- bool allowDegenerate = true,
- bool requireUdsCerts = false) {
- auto [parsedRequest, _, csrErrMsg] = cppbor::parse(request);
- if (!parsedRequest) {
- return csrErrMsg;
- }
- if (!parsedRequest->asArray()) {
- return "AuthenticatedRequest is not a CBOR array.";
- }
- if (parsedRequest->asArray()->size() != 4U) {
- return "AuthenticatedRequest must contain version, UDS certificates, DICE chain, and "
- "signed data. However, the parsed AuthenticatedRequest has " +
- std::to_string(parsedRequest->asArray()->size()) + " entries.";
- }
-
- auto version = parsedRequest->asArray()->get(0)->asUint();
- auto udsCerts = parsedRequest->asArray()->get(1)->asMap();
- auto diceCertChain = parsedRequest->asArray()->get(2)->asArray();
- auto signedData = parsedRequest->asArray()->get(3)->asArray();
-
- if (!version || version->value() != 1U) {
- return "AuthenticatedRequest version must be an unsigned integer and must be equal to 1.";
- }
-
- if (!udsCerts) {
- return "AuthenticatedRequest UdsCerts must be a Map.";
- }
- if (requireUdsCerts && udsCerts->size() == 0) {
- return "AuthenticatedRequest UdsCerts must not be empty.";
- }
- if (!diceCertChain) {
- return "AuthenticatedRequest DiceCertChain must be an Array.";
- }
- if (!signedData) {
- return "AuthenticatedRequest SignedData must be an Array.";
- }
-
- // DICE chain is [ pubkey, + DiceChainEntry ].
- auto diceChainKind = getDiceChainKind();
- if (!diceChainKind) {
- return diceChainKind.message();
- }
-
- auto diceContents =
- validateBcc(diceCertChain, *diceChainKind, allowAnyMode, allowDegenerate, instanceName);
- if (!diceContents) {
- return diceContents.message() + "\n" + prettyPrint(diceCertChain);
- }
-
- if (!diceCertChain->get(0)->asMap()) {
- return "AuthenticatedRequest The first entry in DiceCertChain must be a Map.";
- }
- auto udsPub = diceCertChain->get(0)->asMap()->encode();
- auto error = validateUdsCerts(*udsCerts, udsPub);
- if (error) {
- return *error;
- }
-
- if (diceContents->empty()) {
- return "AuthenticatedRequest DiceContents must not be empty.";
- }
- auto& kmDiceKey = diceContents->back().pubKey;
- auto signedPayload = verifyAndParseCoseSign1(signedData, kmDiceKey, /*aad=*/{});
- if (!signedPayload) {
- return signedPayload.message();
- }
-
- auto payload = parseAndValidateAuthenticatedRequestSignedPayload(*signedPayload, challenge);
- if (!payload) {
- return payload.message();
- }
-
- return payload;
-}
-
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyCsr(
- const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
+ const cppbor::Array& keysToSign, const std::vector<uint8_t>& encodedCsr,
const RpcHardwareInfo& rpcHardwareInfo, const std::string& instanceName,
const std::vector<uint8_t>& challenge, bool isFactory, bool allowAnyMode = false,
bool allowDegenerate = true, bool requireUdsCerts = false) {
@@ -1108,14 +779,68 @@
") does not match expected version (3).";
}
- auto csrPayload = parseAndValidateAuthenticatedRequest(
- csr, challenge, instanceName, allowAnyMode, allowDegenerate, requireUdsCerts);
-
- if (!csrPayload) {
- return csrPayload.message();
+ auto diceChainKind = getDiceChainKind();
+ if (!diceChainKind) {
+ return diceChainKind.message();
}
- return parseAndValidateCsrPayload(keysToSign, *csrPayload, rpcHardwareInfo, isFactory);
+ allowAnyMode = maybeOverrideAllowAnyMode(allowAnyMode);
+
+ auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, isFactory, allowAnyMode,
+ deviceSuffix(instanceName));
+
+ if (!csr.ok()) {
+ return csr.error().message();
+ }
+
+ if (!allowDegenerate) {
+ auto diceChain = csr->getDiceChain();
+ if (!diceChain.ok()) {
+ return diceChain.error().message();
+ }
+
+ if (!diceChain->IsProper()) {
+ return kErrorDiceChainIsDegenerate;
+ }
+ }
+
+ if (requireUdsCerts && !csr->hasUdsCerts()) {
+ return kErrorUdsCertsAreRequired;
+ }
+
+ auto equalChallenges = csr->compareChallenge(challenge);
+ if (!equalChallenges.ok()) {
+ return equalChallenges.error().message();
+ }
+
+ if (!*equalChallenges) {
+ return kErrorChallengeMismatch;
+ }
+
+ auto equalKeysToSign = csr->compareKeysToSign(keysToSign.encode());
+ if (!equalKeysToSign.ok()) {
+ return equalKeysToSign.error().message();
+ }
+
+ if (!*equalKeysToSign) {
+ return kErrorKeysToSignMismatch;
+ }
+
+ auto csrPayload = csr->getCsrPayload();
+ if (!csrPayload) {
+ return csrPayload.error().message();
+ }
+
+ auto [csrPayloadDecoded, _, errMsg] = cppbor::parse(*csrPayload);
+ if (!csrPayloadDecoded) {
+ return errMsg;
+ }
+
+ if (!csrPayloadDecoded->asArray()) {
+ return "CSR payload is not an array.";
+ }
+
+ return std::unique_ptr<cppbor::Array>(csrPayloadDecoded.release()->asArray());
}
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyFactoryCsr(
@@ -1143,8 +868,8 @@
return diceChainKind.message();
}
- auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*allowAnyMode*/,
- deviceSuffix(instanceName));
+ auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*isFactory*/,
+ false /*allowAnyMode*/, deviceSuffix(instanceName));
if (!csr.ok()) {
return csr.error().message();
}
@@ -1157,4 +882,66 @@
return diceChain->IsProper();
}
+std::string hexlify(const std::vector<unsigned char>& bytes) {
+ std::stringstream ss;
+ ss << std::hex << std::setfill('0');
+
+ for (const auto& byte : bytes) {
+ ss << std::setw(2) << static_cast<int>(byte);
+ }
+
+ return ss.str();
+}
+
+ErrMsgOr<bool> compareRootPublicKeysInDiceChains(const std::vector<uint8_t>& encodedCsr1,
+ std::string_view instanceName1,
+ const std::vector<uint8_t>& encodedCsr2,
+ std::string_view instanceName2) {
+ auto diceChainKind = getDiceChainKind();
+ if (!diceChainKind) {
+ return diceChainKind.message();
+ }
+
+ auto csr1 = hwtrust::Csr::validate(encodedCsr1, *diceChainKind, false /*isFactory*/,
+ false /*allowAnyMode*/, deviceSuffix(instanceName1));
+ if (!csr1.ok()) {
+ return csr1.error().message();
+ }
+
+ auto diceChain1 = csr1->getDiceChain();
+ if (!diceChain1.ok()) {
+ return diceChain1.error().message();
+ }
+
+ auto proper1 = diceChain1->IsProper();
+ if (!proper1) {
+ return std::string(instanceName1) + " has a degenerate DICE chain:\n" +
+ hexlify(encodedCsr1);
+ }
+
+ auto csr2 = hwtrust::Csr::validate(encodedCsr2, *diceChainKind, false /*isFactory*/,
+ false /*allowAnyMode*/, deviceSuffix(instanceName2));
+ if (!csr2.ok()) {
+ return csr2.error().message();
+ }
+
+ auto diceChain2 = csr2->getDiceChain();
+ if (!diceChain2.ok()) {
+ return diceChain2.error().message();
+ }
+
+ auto proper2 = diceChain2->IsProper();
+ if (!proper2) {
+ return std::string(instanceName2) + " has a degenerate DICE chain:\n" +
+ hexlify(encodedCsr2);
+ }
+
+ auto result = diceChain1->compareRootPublicKey(*diceChain2);
+ if (!result.ok()) {
+ return result.error().message();
+ }
+
+ return *result;
+}
+
} // namespace aidl::android::hardware::security::keymint::remote_prov
diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp
index 6f6a2d6..c6080cd 100644
--- a/security/keymint/support/remote_prov_utils_test.cpp
+++ b/security/keymint/support/remote_prov_utils_test.cpp
@@ -81,30 +81,362 @@
0x50, 0x12, 0x82, 0x37, 0xfe, 0xa4, 0x07, 0xc3, 0xd5, 0xc3, 0x78, 0xcc, 0xf9, 0xef, 0xe1,
0x95, 0x38, 0x9f, 0xb0, 0x79, 0x16, 0x4c, 0x4a, 0x23, 0xc4, 0xdc, 0x35, 0x4e, 0x0f};
+inline const std::vector<uint8_t> kKeysToSignForCsrWithDegenerateDiceChain{
+ 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x1d, 0x94, 0xf2, 0x27,
+ 0xc3, 0x70, 0x01, 0xde, 0x3c, 0xaf, 0x6f, 0xfd, 0x78, 0x08, 0x37, 0x39, 0x21, 0xdd, 0x46,
+ 0x6f, 0x08, 0x4f, 0x77, 0xf7, 0x80, 0x34, 0x30, 0x74, 0x78, 0x69, 0xeb, 0xb1, 0x22, 0x58,
+ 0x20, 0x6b, 0x71, 0xd7, 0x7f, 0x0e, 0x51, 0xb2, 0xc9, 0x3d, 0x1a, 0xa0, 0xe8, 0x7a, 0x0d,
+ 0x57, 0xfc, 0x91, 0xd0, 0x68, 0xf9, 0x33, 0x5f, 0x80, 0x29, 0x00, 0x80, 0x98, 0x78, 0x63,
+ 0x5b, 0x30, 0x24, 0x23, 0x58, 0x20, 0x09, 0x83, 0xa6, 0x5a, 0xbb, 0x3a, 0xf8, 0x90, 0x88,
+ 0x87, 0x16, 0x37, 0xb4, 0xe7, 0x11, 0x9b, 0xcc, 0xbb, 0x15, 0x82, 0xa9, 0x97, 0xa5, 0xad,
+ 0xa9, 0x85, 0x39, 0x30, 0x55, 0x46, 0x99, 0xc6, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01,
+ 0x21, 0x58, 0x20, 0xa8, 0xaa, 0x4b, 0x63, 0x86, 0xf6, 0x5c, 0xe4, 0x28, 0xda, 0x26, 0x3f,
+ 0x9a, 0x42, 0x6e, 0xb9, 0x2b, 0x4d, 0x5a, 0x49, 0x4c, 0x5f, 0x1a, 0xa2, 0x5f, 0xd4, 0x8f,
+ 0x84, 0xd7, 0x25, 0xe4, 0x6c, 0x22, 0x58, 0x20, 0x6b, 0xef, 0xde, 0xd6, 0x04, 0x58, 0x12,
+ 0xdb, 0xf8, 0x90, 0x2c, 0x9c, 0xe0, 0x5e, 0x43, 0xbc, 0xcf, 0x22, 0x01, 0x4d, 0x5c, 0x0c,
+ 0x86, 0x7b, 0x66, 0xd2, 0xa1, 0xfc, 0x69, 0x8a, 0x91, 0xfc, 0x23, 0x58, 0x20, 0x31, 0xaf,
+ 0x30, 0x85, 0x1f, 0x2a, 0x82, 0xe1, 0x9c, 0xda, 0xe5, 0x68, 0xed, 0x79, 0xc1, 0x35, 0x1a,
+ 0x02, 0xb4, 0x8a, 0xd2, 0x4c, 0xc4, 0x70, 0x6b, 0x88, 0x98, 0x23, 0x9e, 0xb3, 0x52, 0xb1};
+
inline const std::vector<uint8_t> kCsrWithDegenerateDiceChain{
- 0x85, 0x01, 0xa0, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x65,
- 0xe0, 0x51, 0x62, 0x45, 0x17, 0xcc, 0xa8, 0x40, 0x41, 0x6d, 0xc0, 0x86, 0x7a, 0x15, 0x6e,
- 0xee, 0x04, 0xae, 0xbd, 0x05, 0x13, 0x36, 0xcb, 0xd2, 0x8d, 0xd8, 0x80, 0x16, 0xc1, 0x69,
- 0x0d, 0x22, 0x58, 0x20, 0xea, 0xa1, 0x37, 0xd5, 0x01, 0xbd, 0xe0, 0x25, 0x6a, 0x3d, 0x4c,
- 0xcd, 0x31, 0xa1, 0x4d, 0xa6, 0x80, 0x82, 0x03, 0x40, 0xe2, 0x88, 0x81, 0x53, 0xc3, 0xb3,
- 0x6d, 0xf7, 0xf4, 0x10, 0xde, 0x96, 0x23, 0x58, 0x20, 0x24, 0x69, 0x44, 0x6e, 0xf5, 0xcc,
- 0x18, 0xfe, 0x63, 0xac, 0x5e, 0x85, 0x9c, 0xfc, 0x9d, 0xfa, 0x90, 0xee, 0x6c, 0xc2, 0x22,
- 0x49, 0x02, 0xc7, 0x93, 0xf4, 0x30, 0xf1, 0x51, 0x11, 0x20, 0x33, 0x84, 0x43, 0xa1, 0x01,
- 0x26, 0xa0, 0x58, 0x97, 0xa5, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67,
- 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a,
- 0x00, 0x47, 0x44, 0x57, 0x58, 0x70, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58,
- 0x20, 0x65, 0xe0, 0x51, 0x62, 0x45, 0x17, 0xcc, 0xa8, 0x40, 0x41, 0x6d, 0xc0, 0x86, 0x7a,
- 0x15, 0x6e, 0xee, 0x04, 0xae, 0xbd, 0x05, 0x13, 0x36, 0xcb, 0xd2, 0x8d, 0xd8, 0x80, 0x16,
- 0xc1, 0x69, 0x0d, 0x22, 0x58, 0x20, 0xea, 0xa1, 0x37, 0xd5, 0x01, 0xbd, 0xe0, 0x25, 0x6a,
- 0x3d, 0x4c, 0xcd, 0x31, 0xa1, 0x4d, 0xa6, 0x80, 0x82, 0x03, 0x40, 0xe2, 0x88, 0x81, 0x53,
- 0xc3, 0xb3, 0x6d, 0xf7, 0xf4, 0x10, 0xde, 0x96, 0x23, 0x58, 0x20, 0x24, 0x69, 0x44, 0x6e,
- 0xf5, 0xcc, 0x18, 0xfe, 0x63, 0xac, 0x5e, 0x85, 0x9c, 0xfc, 0x9d, 0xfa, 0x90, 0xee, 0x6c,
- 0xc2, 0x22, 0x49, 0x02, 0xc7, 0x93, 0xf4, 0x30, 0xf1, 0x51, 0x11, 0x20, 0x33, 0x3a, 0x00,
- 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x16, 0xb9, 0x51, 0xdf, 0x31, 0xad, 0xa0, 0x3d,
- 0x98, 0x40, 0x85, 0xdf, 0xd9, 0xbe, 0xf6, 0x79, 0x62, 0x36, 0x8b, 0x60, 0xaa, 0x79, 0x8e,
- 0x52, 0x04, 0xdd, 0xba, 0x39, 0xa2, 0x58, 0x9c, 0x60, 0xd5, 0x96, 0x51, 0x42, 0xe2, 0xa5,
- 0x57, 0x58, 0xb4, 0x89, 0x2c, 0x94, 0xb9, 0xda, 0xe7, 0x93, 0x85, 0xda, 0x64, 0xa0, 0x52,
- 0xfc, 0x6b, 0xb1, 0x0a, 0xa8, 0x13, 0xd9, 0x84, 0xfb, 0x34, 0x77, 0x84, 0x43, 0xa1, 0x01,
+ 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf2,
+ 0xc6, 0x50, 0xd2, 0x42, 0x59, 0xe0, 0x4e, 0x7b, 0xc0, 0x75, 0x41, 0xa2, 0xe9, 0xd0, 0xe8,
+ 0x18, 0xd7, 0xd7, 0x63, 0x7e, 0x41, 0x04, 0x7e, 0x52, 0x1a, 0xb1, 0xb7, 0xdc, 0x13, 0xb3,
+ 0x0f, 0x22, 0x58, 0x20, 0x1a, 0xf3, 0x8b, 0x0f, 0x7a, 0xc6, 0xf2, 0xb8, 0x31, 0x0b, 0x40,
+ 0x9b, 0x7e, 0xb6, 0xd6, 0xec, 0x9c, 0x21, 0xad, 0xde, 0xd1, 0x6c, 0x52, 0xfc, 0x06, 0xf1,
+ 0x39, 0x31, 0xa0, 0x22, 0x65, 0x86, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x58, 0x74, 0xa5,
+ 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65,
+ 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58,
+ 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf2, 0xc6, 0x50, 0xd2,
+ 0x42, 0x59, 0xe0, 0x4e, 0x7b, 0xc0, 0x75, 0x41, 0xa2, 0xe9, 0xd0, 0xe8, 0x18, 0xd7, 0xd7,
+ 0x63, 0x7e, 0x41, 0x04, 0x7e, 0x52, 0x1a, 0xb1, 0xb7, 0xdc, 0x13, 0xb3, 0x0f, 0x22, 0x58,
+ 0x20, 0x1a, 0xf3, 0x8b, 0x0f, 0x7a, 0xc6, 0xf2, 0xb8, 0x31, 0x0b, 0x40, 0x9b, 0x7e, 0xb6,
+ 0xd6, 0xec, 0x9c, 0x21, 0xad, 0xde, 0xd1, 0x6c, 0x52, 0xfc, 0x06, 0xf1, 0x39, 0x31, 0xa0,
+ 0x22, 0x65, 0x86, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x1e, 0xdf, 0xe0,
+ 0x1c, 0xca, 0xbb, 0xb2, 0x13, 0xae, 0xe2, 0x49, 0x32, 0x3c, 0x6e, 0x9c, 0x6e, 0xf4, 0x23,
+ 0x87, 0x41, 0x60, 0x04, 0x34, 0xe6, 0x32, 0xe2, 0xf1, 0x22, 0x55, 0xcc, 0x89, 0x4b, 0x4f,
+ 0xdb, 0x05, 0x89, 0x8a, 0x3c, 0x2f, 0x8a, 0x52, 0x84, 0x43, 0xdc, 0x43, 0x62, 0x7e, 0x85,
+ 0xb3, 0xea, 0x49, 0x3b, 0x0b, 0x4a, 0xf0, 0x64, 0xfe, 0x8f, 0x41, 0xb6, 0xd1, 0xcc, 0xe3,
+ 0xf6, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0e, 0x82, 0x58, 0x20, 0x01, 0x02,
+ 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11,
+ 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+ 0x59, 0x01, 0xe8, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65,
+ 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75,
+ 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65,
+ 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
+ 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68,
+ 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a,
+ 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d,
+ 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f,
+ 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65,
+ 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc,
+ 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65,
+ 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61,
+ 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70,
+ 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74,
+ 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d,
+ 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34,
+ 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68,
+ 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02,
+ 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x1d, 0x94, 0xf2, 0x27, 0xc3, 0x70, 0x01, 0xde,
+ 0x3c, 0xaf, 0x6f, 0xfd, 0x78, 0x08, 0x37, 0x39, 0x21, 0xdd, 0x46, 0x6f, 0x08, 0x4f, 0x77,
+ 0xf7, 0x80, 0x34, 0x30, 0x74, 0x78, 0x69, 0xeb, 0xb1, 0x22, 0x58, 0x20, 0x6b, 0x71, 0xd7,
+ 0x7f, 0x0e, 0x51, 0xb2, 0xc9, 0x3d, 0x1a, 0xa0, 0xe8, 0x7a, 0x0d, 0x57, 0xfc, 0x91, 0xd0,
+ 0x68, 0xf9, 0x33, 0x5f, 0x80, 0x29, 0x00, 0x80, 0x98, 0x78, 0x63, 0x5b, 0x30, 0x24, 0x23,
+ 0x58, 0x20, 0x09, 0x83, 0xa6, 0x5a, 0xbb, 0x3a, 0xf8, 0x90, 0x88, 0x87, 0x16, 0x37, 0xb4,
+ 0xe7, 0x11, 0x9b, 0xcc, 0xbb, 0x15, 0x82, 0xa9, 0x97, 0xa5, 0xad, 0xa9, 0x85, 0x39, 0x30,
+ 0x55, 0x46, 0x99, 0xc6, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xa8,
+ 0xaa, 0x4b, 0x63, 0x86, 0xf6, 0x5c, 0xe4, 0x28, 0xda, 0x26, 0x3f, 0x9a, 0x42, 0x6e, 0xb9,
+ 0x2b, 0x4d, 0x5a, 0x49, 0x4c, 0x5f, 0x1a, 0xa2, 0x5f, 0xd4, 0x8f, 0x84, 0xd7, 0x25, 0xe4,
+ 0x6c, 0x22, 0x58, 0x20, 0x6b, 0xef, 0xde, 0xd6, 0x04, 0x58, 0x12, 0xdb, 0xf8, 0x90, 0x2c,
+ 0x9c, 0xe0, 0x5e, 0x43, 0xbc, 0xcf, 0x22, 0x01, 0x4d, 0x5c, 0x0c, 0x86, 0x7b, 0x66, 0xd2,
+ 0xa1, 0xfc, 0x69, 0x8a, 0x91, 0xfc, 0x23, 0x58, 0x20, 0x31, 0xaf, 0x30, 0x85, 0x1f, 0x2a,
+ 0x82, 0xe1, 0x9c, 0xda, 0xe5, 0x68, 0xed, 0x79, 0xc1, 0x35, 0x1a, 0x02, 0xb4, 0x8a, 0xd2,
+ 0x4c, 0xc4, 0x70, 0x6b, 0x88, 0x98, 0x23, 0x9e, 0xb3, 0x52, 0xb1, 0x58, 0x40, 0x8e, 0x7e,
+ 0xdf, 0x77, 0x13, 0xdb, 0x51, 0xf6, 0xc1, 0x67, 0x52, 0x48, 0x48, 0x79, 0xe6, 0xbc, 0x89,
+ 0xe2, 0xfe, 0x7c, 0x0d, 0x2c, 0x88, 0x3b, 0x23, 0x66, 0x93, 0x7b, 0x94, 0x59, 0xc4, 0x87,
+ 0x16, 0xc4, 0x3a, 0x85, 0x60, 0xe3, 0x62, 0x45, 0x53, 0xa8, 0x1d, 0x4e, 0xa4, 0x2b, 0x61,
+ 0x33, 0x17, 0x71, 0xb6, 0x40, 0x11, 0x7d, 0x23, 0x64, 0xe6, 0x49, 0xbe, 0xa6, 0x85, 0x32,
+ 0x1a, 0x89, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74,
+ 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
+ 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69,
+ 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75,
+ 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79,
+ 0x73};
+
+// The challenge that is in kKeysToSignForCsrWithUdsCerts and kCsrWithUdsCerts
+inline const std::vector<uint8_t> kChallenge{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
+ 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+ 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20};
+
+inline const std::vector<uint8_t> kKeysToSignForCsrWithUdsCerts{
+ 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xd5, 0x0b, 0x27, 0x39,
+ 0xa3, 0xd5, 0xfd, 0xd9, 0x4f, 0x87, 0x4a, 0x97, 0x17, 0x60, 0x6c, 0x63, 0x55, 0x13, 0xa0,
+ 0xf5, 0x1c, 0x2b, 0xe7, 0x0e, 0x8e, 0xdb, 0x76, 0x82, 0x69, 0x5a, 0x46, 0xec, 0x22, 0x58,
+ 0x20, 0xa6, 0x08, 0xb3, 0x57, 0xaa, 0x5f, 0x72, 0x2b, 0xb1, 0xf0, 0x43, 0x52, 0xf4, 0xcb,
+ 0x97, 0x39, 0xfd, 0x54, 0x79, 0xa3, 0xaf, 0x07, 0xb7, 0xbe, 0xbc, 0x93, 0xc1, 0xb6, 0x9b,
+ 0x2f, 0x75, 0x1b, 0x23, 0x58, 0x21, 0x00, 0xb4, 0x59, 0xe3, 0x78, 0x6f, 0x3f, 0xbd, 0xdc,
+ 0x38, 0x8a, 0xa5, 0x7d, 0xbe, 0xe0, 0xce, 0xf9, 0x2e, 0x9a, 0x5b, 0xfc, 0xbd, 0x4d, 0x27,
+ 0x7b, 0xa7, 0xc8, 0xda, 0xaa, 0xe4, 0xcd, 0xf3, 0xd2, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20,
+ 0x01, 0x21, 0x58, 0x20, 0x10, 0x6c, 0xe8, 0x71, 0xa8, 0x78, 0x9d, 0x29, 0xbe, 0xf8, 0x84,
+ 0x39, 0xd4, 0xa2, 0xf5, 0x3e, 0x09, 0xf1, 0xd4, 0x81, 0x59, 0x24, 0x63, 0x07, 0xae, 0x25,
+ 0xad, 0x24, 0x72, 0x0f, 0x8b, 0xd0, 0x22, 0x58, 0x20, 0xe8, 0xba, 0x76, 0x49, 0x7b, 0x97,
+ 0x98, 0xcf, 0xbb, 0x90, 0xfa, 0x30, 0x3a, 0x2d, 0x88, 0xfe, 0x3f, 0xc6, 0x75, 0x05, 0x7b,
+ 0x59, 0xdf, 0x14, 0xd8, 0xde, 0x4d, 0x51, 0x8b, 0x2f, 0x5a, 0xc7, 0x23, 0x58, 0x20, 0x76,
+ 0x11, 0x2f, 0x31, 0xe5, 0xc2, 0xbb, 0xa7, 0x2c, 0x2b, 0x2f, 0x73, 0x16, 0x29, 0xf8, 0x67,
+ 0x66, 0x44, 0x7f, 0x3f, 0x22, 0xa2, 0x40, 0x45, 0x12, 0xac, 0x97, 0x06, 0xc8, 0x66, 0x08,
+ 0xc9, 0x0a};
+
+inline const std::vector<uint8_t> kCsrWithUdsCerts{
+ 0x85, 0x01, 0xa1, 0x70, 0x74, 0x65, 0x73, 0x74, 0x2d, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72,
+ 0x2d, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0x59, 0x01, 0x6c, 0x30, 0x82, 0x01, 0x68, 0x30, 0x82,
+ 0x01, 0x1a, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x7b, 0x30, 0x05, 0x06, 0x03, 0x2b,
+ 0x65, 0x70, 0x30, 0x2b, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c,
+ 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x12, 0x30,
+ 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x52, 0x6f,
+ 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x31, 0x31, 0x34, 0x30, 0x39, 0x35,
+ 0x32, 0x30, 0x37, 0x5a, 0x17, 0x0d, 0x34, 0x39, 0x31, 0x31, 0x30, 0x38, 0x30, 0x39, 0x35,
+ 0x32, 0x30, 0x37, 0x5a, 0x30, 0x2b, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31,
+ 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x46, 0x61, 0x6b, 0x65, 0x20,
+ 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21,
+ 0x00, 0x54, 0x40, 0x8c, 0x1b, 0x60, 0x39, 0x81, 0xe7, 0x38, 0x87, 0xb9, 0x75, 0x10, 0x30,
+ 0x6a, 0x1b, 0x9b, 0x38, 0x61, 0xa0, 0x94, 0x49, 0xb0, 0xf3, 0xae, 0x39, 0x53, 0x2d, 0x61,
+ 0x8d, 0x6e, 0x59, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
+ 0x16, 0x04, 0x14, 0x6d, 0xd5, 0xea, 0x8c, 0xe0, 0x5a, 0x50, 0xd9, 0x36, 0xf3, 0x28, 0xc2,
+ 0x54, 0x1d, 0xfa, 0x9d, 0x94, 0x19, 0x98, 0x76, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6d, 0xd5, 0xea, 0x8c, 0xe0, 0x5a, 0x50, 0xd9, 0x36,
+ 0xf3, 0x28, 0xc2, 0x54, 0x1d, 0xfa, 0x9d, 0x94, 0x19, 0x98, 0x76, 0x30, 0x0f, 0x06, 0x03,
+ 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e,
+ 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30,
+ 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x1e, 0x27, 0x99, 0xd3, 0x05, 0xa7,
+ 0xd2, 0xc6, 0xad, 0x1f, 0x2c, 0xbd, 0xef, 0x34, 0x18, 0xbd, 0x37, 0xb9, 0x96, 0x57, 0x63,
+ 0x72, 0x7e, 0xf8, 0xe5, 0xa2, 0xb5, 0x9a, 0x20, 0x42, 0x1d, 0x9c, 0x8e, 0xdc, 0x97, 0xd4,
+ 0x3b, 0x65, 0xe0, 0x52, 0xb4, 0x0d, 0x95, 0x59, 0x94, 0x94, 0x7a, 0x31, 0x9e, 0x45, 0x4b,
+ 0x93, 0x3d, 0x5d, 0x88, 0x98, 0xb1, 0x52, 0xf5, 0x46, 0x1c, 0x2a, 0x0b, 0x05, 0x59, 0x01,
+ 0x9f, 0x30, 0x82, 0x01, 0x9b, 0x30, 0x82, 0x01, 0x4d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
+ 0x02, 0x01, 0xc8, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x2b, 0x31, 0x15, 0x30,
+ 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x6f,
+ 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
+ 0x09, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32,
+ 0x34, 0x31, 0x31, 0x31, 0x34, 0x30, 0x39, 0x35, 0x32, 0x30, 0x37, 0x5a, 0x17, 0x0d, 0x34,
+ 0x39, 0x31, 0x31, 0x30, 0x38, 0x30, 0x39, 0x35, 0x32, 0x30, 0x37, 0x5a, 0x30, 0x2e, 0x31,
+ 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20,
+ 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
+ 0x03, 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x68, 0x69, 0x70, 0x73, 0x65, 0x74,
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xc9, 0x35, 0xf7,
+ 0x7e, 0x71, 0xc9, 0xa4, 0xd2, 0x13, 0x58, 0x5a, 0xc1, 0x0c, 0x17, 0xa8, 0x2c, 0x28, 0x99,
+ 0x32, 0x8e, 0x01, 0x45, 0xb8, 0xf1, 0xf4, 0xf8, 0x37, 0x25, 0x4a, 0x25, 0x1f, 0xbf, 0x8f,
+ 0xd8, 0xdf, 0x53, 0xdd, 0x95, 0x7a, 0x90, 0xff, 0xe3, 0x40, 0xbf, 0xda, 0x19, 0x0c, 0x14,
+ 0x41, 0x1c, 0x76, 0x73, 0x4e, 0x86, 0x94, 0x7d, 0x2c, 0x21, 0x5f, 0x5e, 0x05, 0x26, 0x15,
+ 0x4f, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
+ 0x14, 0x12, 0x84, 0xe1, 0x31, 0xef, 0xa8, 0xfd, 0xcc, 0xbb, 0x35, 0x22, 0xb9, 0x99, 0xd1,
+ 0xca, 0x64, 0x19, 0x09, 0x54, 0x4c, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18,
+ 0x30, 0x16, 0x80, 0x14, 0x6d, 0xd5, 0xea, 0x8c, 0xe0, 0x5a, 0x50, 0xd9, 0x36, 0xf3, 0x28,
+ 0xc2, 0x54, 0x1d, 0xfa, 0x9d, 0x94, 0x19, 0x98, 0x76, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d,
+ 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03,
+ 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x05, 0x06,
+ 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xc7, 0x93, 0x86, 0x58, 0xb2, 0x31, 0x30, 0x4f,
+ 0x1a, 0x53, 0x06, 0x87, 0x0e, 0xdf, 0xc4, 0xd8, 0x03, 0xf4, 0xaf, 0xa3, 0x2d, 0xfb, 0x7d,
+ 0xab, 0x08, 0x70, 0x47, 0x38, 0x10, 0xc5, 0xa8, 0x5e, 0x67, 0x64, 0xc7, 0xdc, 0x28, 0xe8,
+ 0x63, 0x3c, 0xa7, 0xb8, 0xf9, 0xbe, 0x3e, 0x75, 0xa7, 0x1c, 0xac, 0xc4, 0x81, 0x82, 0x4a,
+ 0x21, 0xf0, 0x89, 0x8e, 0x99, 0xf4, 0x52, 0x23, 0x30, 0x6d, 0x04, 0x82, 0xa5, 0x01, 0x02,
+ 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xc9, 0x35, 0xf7, 0x7e, 0x71, 0xc9, 0xa4, 0xd2,
+ 0x13, 0x58, 0x5a, 0xc1, 0x0c, 0x17, 0xa8, 0x2c, 0x28, 0x99, 0x32, 0x8e, 0x01, 0x45, 0xb8,
+ 0xf1, 0xf4, 0xf8, 0x37, 0x25, 0x4a, 0x25, 0x1f, 0xbf, 0x22, 0x58, 0x20, 0x8f, 0xd8, 0xdf,
+ 0x53, 0xdd, 0x95, 0x7a, 0x90, 0xff, 0xe3, 0x40, 0xbf, 0xda, 0x19, 0x0c, 0x14, 0x41, 0x1c,
+ 0x76, 0x73, 0x4e, 0x86, 0x94, 0x7d, 0x2c, 0x21, 0x5f, 0x5e, 0x05, 0x26, 0x15, 0x4f, 0x84,
+ 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x01, 0x04, 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75,
+ 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44,
+ 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54,
+ 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d,
+ 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a,
+ 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d,
+ 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44,
+ 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47,
+ 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xb8,
+ 0x42, 0x01, 0xd7, 0xf0, 0xb7, 0x57, 0x98, 0xe3, 0x05, 0xf5, 0xcf, 0xef, 0x7b, 0x38, 0x39,
+ 0x6d, 0x55, 0x68, 0x72, 0xa6, 0x46, 0xd3, 0x16, 0x89, 0x1a, 0x3a, 0x9b, 0xc8, 0xce, 0xc0,
+ 0x1c, 0x22, 0x58, 0x20, 0xd1, 0xd5, 0x0e, 0xb8, 0xd0, 0x99, 0x09, 0x41, 0x63, 0x93, 0x33,
+ 0x20, 0xef, 0x84, 0xbb, 0xf5, 0xc9, 0x27, 0x4b, 0x52, 0x33, 0xa9, 0x07, 0xcc, 0x5d, 0x22,
+ 0xab, 0xf6, 0x8f, 0x2d, 0x15, 0x41, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40,
+ 0xd0, 0x6d, 0xb0, 0xd2, 0x49, 0xc8, 0xd3, 0x81, 0xdd, 0x10, 0x4b, 0xd9, 0x49, 0x45, 0x93,
+ 0x10, 0xd5, 0x1b, 0xc7, 0x59, 0x66, 0x6f, 0x6c, 0x06, 0xb5, 0x72, 0x98, 0x51, 0x2d, 0xed,
+ 0xa0, 0xd9, 0xbb, 0x4a, 0xe6, 0x9b, 0x67, 0x31, 0xd9, 0x27, 0xd0, 0x9c, 0xf8, 0x3d, 0xfc,
+ 0x61, 0x8d, 0x53, 0x13, 0x53, 0x68, 0xb4, 0xb5, 0x41, 0x4c, 0xea, 0x6a, 0x28, 0xbb, 0xcb,
+ 0x63, 0x4d, 0xd0, 0x20, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0f, 0x82, 0x58,
+ 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
+ 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d,
+ 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e,
+ 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+ 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d,
+ 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76,
+ 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78,
+ 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65,
+ 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31,
+ 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66,
+ 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64,
+ 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
+ 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
+ 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74,
+ 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34,
+ 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73,
+ 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73,
+ 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c,
+ 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61,
+ 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82,
+ 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xd5, 0x0b, 0x27, 0x39, 0xa3,
+ 0xd5, 0xfd, 0xd9, 0x4f, 0x87, 0x4a, 0x97, 0x17, 0x60, 0x6c, 0x63, 0x55, 0x13, 0xa0, 0xf5,
+ 0x1c, 0x2b, 0xe7, 0x0e, 0x8e, 0xdb, 0x76, 0x82, 0x69, 0x5a, 0x46, 0xec, 0x22, 0x58, 0x20,
+ 0xa6, 0x08, 0xb3, 0x57, 0xaa, 0x5f, 0x72, 0x2b, 0xb1, 0xf0, 0x43, 0x52, 0xf4, 0xcb, 0x97,
+ 0x39, 0xfd, 0x54, 0x79, 0xa3, 0xaf, 0x07, 0xb7, 0xbe, 0xbc, 0x93, 0xc1, 0xb6, 0x9b, 0x2f,
+ 0x75, 0x1b, 0x23, 0x58, 0x21, 0x00, 0xb4, 0x59, 0xe3, 0x78, 0x6f, 0x3f, 0xbd, 0xdc, 0x38,
+ 0x8a, 0xa5, 0x7d, 0xbe, 0xe0, 0xce, 0xf9, 0x2e, 0x9a, 0x5b, 0xfc, 0xbd, 0x4d, 0x27, 0x7b,
+ 0xa7, 0xc8, 0xda, 0xaa, 0xe4, 0xcd, 0xf3, 0xd2, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01,
+ 0x21, 0x58, 0x20, 0x10, 0x6c, 0xe8, 0x71, 0xa8, 0x78, 0x9d, 0x29, 0xbe, 0xf8, 0x84, 0x39,
+ 0xd4, 0xa2, 0xf5, 0x3e, 0x09, 0xf1, 0xd4, 0x81, 0x59, 0x24, 0x63, 0x07, 0xae, 0x25, 0xad,
+ 0x24, 0x72, 0x0f, 0x8b, 0xd0, 0x22, 0x58, 0x20, 0xe8, 0xba, 0x76, 0x49, 0x7b, 0x97, 0x98,
+ 0xcf, 0xbb, 0x90, 0xfa, 0x30, 0x3a, 0x2d, 0x88, 0xfe, 0x3f, 0xc6, 0x75, 0x05, 0x7b, 0x59,
+ 0xdf, 0x14, 0xd8, 0xde, 0x4d, 0x51, 0x8b, 0x2f, 0x5a, 0xc7, 0x23, 0x58, 0x20, 0x76, 0x11,
+ 0x2f, 0x31, 0xe5, 0xc2, 0xbb, 0xa7, 0x2c, 0x2b, 0x2f, 0x73, 0x16, 0x29, 0xf8, 0x67, 0x66,
+ 0x44, 0x7f, 0x3f, 0x22, 0xa2, 0x40, 0x45, 0x12, 0xac, 0x97, 0x06, 0xc8, 0x66, 0x08, 0xc9,
+ 0x58, 0x40, 0x11, 0x65, 0x46, 0xfa, 0xbd, 0xe3, 0xd3, 0x1b, 0x0d, 0x78, 0x23, 0x2e, 0x5d,
+ 0x48, 0x3c, 0xab, 0xd3, 0x74, 0xf8, 0x41, 0x88, 0x9b, 0x48, 0xf3, 0x93, 0x06, 0x40, 0x1b,
+ 0x5f, 0x60, 0x7b, 0xbe, 0xd8, 0xa6, 0x65, 0xff, 0x6a, 0x89, 0x24, 0x12, 0x1b, 0xac, 0xa3,
+ 0xd5, 0x37, 0x85, 0x6e, 0x53, 0x8d, 0xa5, 0x07, 0xe7, 0xe7, 0x44, 0x2c, 0xba, 0xa0, 0xbe,
+ 0x1a, 0x43, 0xde, 0x28, 0x59, 0x65, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70,
+ 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72,
+ 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a,
+ 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e,
+ 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65,
+ 0x2d, 0x6b, 0x65, 0x79, 0x73};
+
+inline const std::vector<uint8_t> kKeysToSignForCsrWithoutUdsCerts = {
+ 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x11, 0x29, 0x11, 0x96,
+ 0x98, 0x26, 0xb2, 0x3a, 0xf2, 0xf9, 0x95, 0xb7, 0x46, 0xb9, 0x38, 0x6e, 0x5e, 0x3d, 0x5e,
+ 0xb2, 0x19, 0x90, 0xc7, 0xd3, 0xbd, 0x49, 0x47, 0x55, 0xcb, 0xef, 0xeb, 0x89, 0x22, 0x58,
+ 0x20, 0x42, 0x87, 0xea, 0x75, 0x27, 0x42, 0x34, 0xeb, 0xe8, 0xb5, 0x50, 0xdf, 0xb0, 0xbf,
+ 0xef, 0x6b, 0x62, 0x90, 0x5c, 0xd1, 0xe8, 0x2b, 0x4d, 0x02, 0x58, 0xe6, 0xca, 0xda, 0xe6,
+ 0x33, 0x97, 0xff, 0x23, 0x58, 0x21, 0x00, 0x9b, 0x34, 0xdb, 0x1e, 0xe6, 0x53, 0x72, 0xaf,
+ 0x67, 0xb5, 0x5e, 0x9a, 0xee, 0x07, 0x31, 0x77, 0xa3, 0x8b, 0x6a, 0xe9, 0x58, 0x97, 0x04,
+ 0xe2, 0xa2, 0x48, 0x0f, 0xdf, 0x26, 0x4d, 0xe5, 0xbb, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20,
+ 0x01, 0x21, 0x58, 0x20, 0xf9, 0xd7, 0x37, 0x75, 0x6b, 0x55, 0xc7, 0x64, 0xf9, 0xe2, 0x59,
+ 0x8f, 0x11, 0x48, 0xa1, 0xac, 0x95, 0xb1, 0xe3, 0x60, 0xe5, 0xa8, 0xa4, 0x2f, 0xb5, 0xcb,
+ 0x90, 0x1e, 0x9e, 0xcb, 0x4c, 0xab, 0x22, 0x58, 0x20, 0x20, 0xad, 0x7b, 0xeb, 0xba, 0x5d,
+ 0x3c, 0xd5, 0xa3, 0x6d, 0x86, 0x6e, 0x3f, 0x38, 0xb8, 0x44, 0x32, 0x4b, 0xe7, 0x97, 0xea,
+ 0xf8, 0x3d, 0xc2, 0xc0, 0x7c, 0x1b, 0x49, 0xe4, 0x22, 0x23, 0xc7, 0x23, 0x58, 0x20, 0x5f,
+ 0x1f, 0x80, 0xe2, 0xcf, 0x59, 0x1d, 0x7e, 0x98, 0x51, 0x78, 0xbe, 0xf8, 0x88, 0x0b, 0x64,
+ 0x1b, 0xc8, 0xf2, 0x7b, 0x12, 0x22, 0x53, 0xd9, 0xd5, 0x8d, 0x32, 0xe7, 0x7f, 0x0e, 0x97,
+ 0x09};
+
+inline const std::vector<uint8_t> kCsrWithoutUdsCerts{
+ 0x84, 0x01, 0xa0, 0x82, 0xa4, 0x01, 0x01, 0x03, 0x27, 0x20, 0x06, 0x21, 0x58, 0x20, 0xca,
+ 0x73, 0xd6, 0x09, 0x91, 0xec, 0x92, 0x63, 0xee, 0x9f, 0x7c, 0x79, 0x3e, 0x80, 0xa9, 0xc9,
+ 0x4e, 0xf7, 0x3b, 0x5b, 0x41, 0xa4, 0x56, 0xc1, 0x9e, 0xf3, 0x80, 0x16, 0x6d, 0xfe, 0x14,
+ 0x98, 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x04, 0xa9, 0x01, 0x66, 0x69, 0x73,
+ 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00,
+ 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8,
+ 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0,
+ 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30,
+ 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63,
+ 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00,
+ 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a,
+ 0x00, 0x47, 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58,
+ 0x20, 0x45, 0x71, 0x10, 0x9a, 0x1b, 0x9c, 0x9f, 0x3c, 0x6e, 0x29, 0xf9, 0x6d, 0xb9, 0x93,
+ 0x4a, 0xf2, 0x88, 0xf1, 0x3a, 0xf7, 0x69, 0xf9, 0xf3, 0x54, 0x91, 0x3a, 0x12, 0x4f, 0xd0,
+ 0xbb, 0xb7, 0x0d, 0x22, 0x58, 0x20, 0x56, 0x8b, 0xb0, 0x0e, 0xd3, 0x8d, 0x12, 0xf5, 0x17,
+ 0xd2, 0x6b, 0x21, 0xdf, 0x4d, 0xb8, 0xaa, 0x17, 0x65, 0x02, 0x4e, 0x5c, 0x0a, 0x77, 0x93,
+ 0x64, 0x1e, 0x8d, 0xbc, 0x6a, 0xa1, 0x26, 0xe7, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20,
+ 0x58, 0x40, 0xb0, 0x7b, 0xdd, 0xa5, 0x8e, 0xcb, 0xce, 0xf9, 0x89, 0xfb, 0x21, 0x4b, 0x29,
+ 0x34, 0xff, 0x6b, 0x0e, 0xc1, 0xff, 0x51, 0xba, 0x12, 0x12, 0xa0, 0x93, 0x2c, 0x09, 0xca,
+ 0x3a, 0x02, 0x81, 0x2a, 0x5b, 0x6f, 0x8d, 0x58, 0x21, 0x94, 0x30, 0xde, 0x99, 0x8b, 0x36,
+ 0x69, 0x45, 0xa1, 0x52, 0x5c, 0x7b, 0x36, 0x4f, 0xec, 0x4f, 0x40, 0x5f, 0x10, 0xdf, 0x26,
+ 0x18, 0xea, 0x4b, 0x72, 0x9f, 0x05, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0f,
+ 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+ 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d,
+ 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67,
+ 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c,
+ 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64,
+ 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70,
+ 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67,
+ 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+ 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65,
+ 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61,
+ 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69,
+ 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f,
+ 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a,
+ 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72,
+ 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73,
+ 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76,
+ 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f,
+ 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c,
+ 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x11, 0x29, 0x11,
+ 0x96, 0x98, 0x26, 0xb2, 0x3a, 0xf2, 0xf9, 0x95, 0xb7, 0x46, 0xb9, 0x38, 0x6e, 0x5e, 0x3d,
+ 0x5e, 0xb2, 0x19, 0x90, 0xc7, 0xd3, 0xbd, 0x49, 0x47, 0x55, 0xcb, 0xef, 0xeb, 0x89, 0x22,
+ 0x58, 0x20, 0x42, 0x87, 0xea, 0x75, 0x27, 0x42, 0x34, 0xeb, 0xe8, 0xb5, 0x50, 0xdf, 0xb0,
+ 0xbf, 0xef, 0x6b, 0x62, 0x90, 0x5c, 0xd1, 0xe8, 0x2b, 0x4d, 0x02, 0x58, 0xe6, 0xca, 0xda,
+ 0xe6, 0x33, 0x97, 0xff, 0x23, 0x58, 0x21, 0x00, 0x9b, 0x34, 0xdb, 0x1e, 0xe6, 0x53, 0x72,
+ 0xaf, 0x67, 0xb5, 0x5e, 0x9a, 0xee, 0x07, 0x31, 0x77, 0xa3, 0x8b, 0x6a, 0xe9, 0x58, 0x97,
+ 0x04, 0xe2, 0xa2, 0x48, 0x0f, 0xdf, 0x26, 0x4d, 0xe5, 0xbb, 0xa6, 0x01, 0x02, 0x03, 0x26,
+ 0x20, 0x01, 0x21, 0x58, 0x20, 0xf9, 0xd7, 0x37, 0x75, 0x6b, 0x55, 0xc7, 0x64, 0xf9, 0xe2,
+ 0x59, 0x8f, 0x11, 0x48, 0xa1, 0xac, 0x95, 0xb1, 0xe3, 0x60, 0xe5, 0xa8, 0xa4, 0x2f, 0xb5,
+ 0xcb, 0x90, 0x1e, 0x9e, 0xcb, 0x4c, 0xab, 0x22, 0x58, 0x20, 0x20, 0xad, 0x7b, 0xeb, 0xba,
+ 0x5d, 0x3c, 0xd5, 0xa3, 0x6d, 0x86, 0x6e, 0x3f, 0x38, 0xb8, 0x44, 0x32, 0x4b, 0xe7, 0x97,
+ 0xea, 0xf8, 0x3d, 0xc2, 0xc0, 0x7c, 0x1b, 0x49, 0xe4, 0x22, 0x23, 0xc7, 0x23, 0x58, 0x20,
+ 0x5f, 0x1f, 0x80, 0xe2, 0xcf, 0x59, 0x1d, 0x7e, 0x98, 0x51, 0x78, 0xbe, 0xf8, 0x88, 0x0b,
+ 0x64, 0x1b, 0xc8, 0xf2, 0x7b, 0x12, 0x22, 0x53, 0xd9, 0xd5, 0x8d, 0x32, 0xe7, 0x7f, 0x0e,
+ 0x97, 0x09, 0x58, 0x40, 0xe1, 0x9a, 0x3f, 0x36, 0x65, 0x7a, 0xfe, 0x1b, 0x99, 0xc9, 0x35,
+ 0x8f, 0xb5, 0x5c, 0xfe, 0x12, 0x9c, 0x6f, 0x0e, 0x97, 0x12, 0xbd, 0x26, 0x32, 0x46, 0xd9,
+ 0x08, 0x6b, 0x7c, 0xa1, 0xd3, 0x47, 0xd6, 0xba, 0xf0, 0x9c, 0xe0, 0x12, 0x37, 0x39, 0x75,
+ 0x88, 0xb5, 0xbe, 0xd8, 0x37, 0x33, 0x9b, 0x26, 0xfc, 0x38, 0x14, 0x28, 0xea, 0x47, 0xcc,
+ 0x1f, 0xf3, 0xfe, 0x44, 0x0c, 0x1e, 0x6f, 0x2b, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65,
+ 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f,
+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
+ 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30,
+ 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61,
+ 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
+
+inline const std::vector<uint8_t> kCsrWithSharedUdsRoot1{
+ 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96,
+ 0xf9, 0xf7, 0x16, 0xa7, 0xe2, 0x20, 0xe3, 0x6e, 0x19, 0x8e, 0xc0, 0xc4, 0x82, 0xc5, 0xca,
+ 0x8d, 0x1d, 0xb4, 0xda, 0x94, 0x6d, 0xf8, 0xbc, 0x0b, 0x0e, 0xc7, 0x90, 0x83, 0x5b, 0xc3,
+ 0x4b, 0x22, 0x58, 0x20, 0xed, 0xe0, 0xa1, 0x56, 0x46, 0x5b, 0xe0, 0x67, 0x2d, 0xbc, 0x08,
+ 0x84, 0x6f, 0x43, 0xd0, 0x10, 0xf3, 0x70, 0x90, 0xc2, 0xbf, 0xe3, 0x6b, 0x32, 0x9f, 0xf3,
+ 0xca, 0x57, 0x0f, 0xa8, 0xb9, 0xdd, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x01, 0x04,
+ 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a,
+ 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47,
+ 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45,
+ 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54,
+ 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00,
+ 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e,
+ 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47,
+ 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03,
+ 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x04, 0x25, 0x41, 0x6f, 0x6a, 0xdc, 0x88, 0x56, 0x9a,
+ 0xd4, 0x39, 0x82, 0xde, 0xd1, 0xe6, 0x65, 0xd4, 0x09, 0xb8, 0x9f, 0xde, 0xbf, 0x09, 0x03,
+ 0xe3, 0x9a, 0x48, 0xd4, 0x4f, 0x13, 0xaa, 0x5b, 0x22, 0x58, 0x20, 0x3a, 0xfb, 0x46, 0x2d,
+ 0xe1, 0xdf, 0x34, 0x76, 0x03, 0x37, 0x1e, 0xcf, 0xea, 0xd5, 0xf6, 0xd3, 0x99, 0x3e, 0x55,
+ 0x2a, 0xd1, 0x9d, 0x10, 0x21, 0xb1, 0xc8, 0x4f, 0xbd, 0xec, 0xb6, 0x67, 0x82, 0x3a, 0x00,
+ 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x10, 0xda, 0xc8, 0x8d, 0x83, 0x6d, 0xdd, 0x85,
+ 0x48, 0x92, 0xdc, 0xc0, 0xc8, 0xde, 0xe4, 0x61, 0x03, 0x04, 0xfb, 0x77, 0xdf, 0xc1, 0xce,
+ 0xb7, 0x9b, 0x74, 0x9a, 0x31, 0x7a, 0xca, 0xcb, 0x7c, 0x45, 0x65, 0xf5, 0xc1, 0x3b, 0x29,
+ 0x53, 0x22, 0xbc, 0xda, 0xa9, 0xfa, 0x97, 0x84, 0x42, 0xfc, 0xcb, 0x36, 0xae, 0xe9, 0x67,
+ 0x1c, 0xb1, 0x19, 0x42, 0x74, 0x01, 0xb1, 0x11, 0xc9, 0x7b, 0x58, 0x84, 0x43, 0xa1, 0x01,
0x26, 0xa0, 0x59, 0x02, 0x0f, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03,
@@ -126,276 +458,105 @@
0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65,
0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65,
0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21,
- 0x58, 0x20, 0x46, 0xbd, 0xfc, 0xed, 0xa6, 0x94, 0x9a, 0xc4, 0x5e, 0x27, 0xcf, 0x24, 0x25,
- 0xc5, 0x0c, 0x7d, 0xed, 0x8f, 0x21, 0xe0, 0x47, 0x81, 0x5a, 0xdc, 0x3b, 0xd4, 0x9e, 0x13,
- 0xb6, 0x06, 0x36, 0x70, 0x22, 0x58, 0x20, 0x0a, 0xbd, 0xbc, 0x0d, 0x19, 0xba, 0xcc, 0xdc,
- 0x00, 0x64, 0x31, 0x4c, 0x84, 0x66, 0x1d, 0xfb, 0x50, 0xd0, 0xe3, 0xf8, 0x78, 0x9d, 0xf9,
- 0x77, 0x2b, 0x40, 0x6b, 0xb5, 0x8e, 0xd3, 0xf8, 0xa9, 0x23, 0x58, 0x21, 0x00, 0x9c, 0x42,
- 0x3f, 0x79, 0x76, 0xa0, 0xd1, 0x98, 0x58, 0xbb, 0x9b, 0x9e, 0xfb, 0x3b, 0x08, 0xf2, 0xe1,
- 0xa3, 0xfe, 0xf4, 0x21, 0x5b, 0x97, 0x2d, 0xcb, 0x9a, 0x55, 0x1a, 0x7f, 0xa7, 0xc1, 0xa8,
- 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xef, 0xd3, 0x88, 0xc4, 0xbc,
- 0xce, 0x51, 0x4d, 0x4b, 0xd3, 0x81, 0x26, 0xc6, 0xcc, 0x66, 0x3b, 0x12, 0x38, 0xbf, 0x23,
- 0x7a, 0x2e, 0x7f, 0x82, 0xa7, 0x81, 0x74, 0x21, 0xc0, 0x12, 0x79, 0xf4, 0x22, 0x58, 0x20,
- 0xdc, 0x85, 0x6c, 0x1c, 0xcc, 0xf9, 0xf3, 0xe8, 0xff, 0x90, 0xfd, 0x89, 0x03, 0xf5, 0xaf,
- 0x75, 0xa0, 0x79, 0xbb, 0x53, 0x9a, 0x1f, 0x2b, 0x34, 0x86, 0x47, 0x3d, 0x66, 0x2a, 0x07,
- 0x3b, 0x1e, 0x23, 0x58, 0x20, 0x34, 0x7b, 0x15, 0xcc, 0xbf, 0x26, 0xc9, 0x28, 0x0e, 0xee,
- 0xc5, 0x47, 0xac, 0x00, 0xc4, 0x4d, 0x81, 0x2b, 0x1e, 0xac, 0x31, 0xd2, 0x6f, 0x36, 0x85,
- 0xe6, 0xa8, 0xf0, 0x46, 0xfc, 0xd2, 0x83, 0x58, 0x40, 0x55, 0x4c, 0x38, 0xdf, 0xfe, 0x49,
- 0xa8, 0xa0, 0xa5, 0x08, 0xce, 0x2f, 0xe5, 0xf6, 0x6e, 0x2b, 0xc2, 0x95, 0x39, 0xc8, 0xca,
- 0x77, 0xd6, 0xf6, 0x67, 0x24, 0x6b, 0x0e, 0x63, 0x5d, 0x11, 0x97, 0x26, 0x52, 0x30, 0xbc,
- 0x28, 0x1d, 0xbf, 0x2a, 0x3e, 0x8c, 0x90, 0x54, 0xaa, 0xaa, 0xd1, 0x7c, 0x53, 0x7b, 0x48,
- 0x1f, 0x51, 0x50, 0x6c, 0x32, 0xe1, 0x0f, 0x57, 0xea, 0x47, 0x76, 0x85, 0x0c, 0xa1, 0x6b,
+ 0x58, 0x20, 0xf6, 0x86, 0x74, 0x7d, 0x1a, 0x83, 0x75, 0xec, 0x8c, 0xf9, 0x3a, 0xa9, 0x20,
+ 0x88, 0xe5, 0xca, 0x24, 0x34, 0x24, 0xbf, 0x89, 0xe7, 0xdb, 0x44, 0xc3, 0x6e, 0xdd, 0x5d,
+ 0x1a, 0xe1, 0xf0, 0xd8, 0x22, 0x58, 0x20, 0xae, 0xcb, 0x01, 0x2e, 0x73, 0xac, 0xb5, 0x52,
+ 0x0e, 0x73, 0x15, 0xd8, 0x9d, 0x78, 0x64, 0x10, 0x35, 0x41, 0x0e, 0xc9, 0x7d, 0x9a, 0x11,
+ 0xa3, 0xed, 0x7f, 0x53, 0xa6, 0xff, 0xc4, 0xad, 0x61, 0x23, 0x58, 0x20, 0x5a, 0xd2, 0xc5,
+ 0xd0, 0x58, 0x2e, 0x94, 0x93, 0xd7, 0xa4, 0x2d, 0x5b, 0x12, 0x43, 0x52, 0x93, 0xc3, 0x95,
+ 0x91, 0xac, 0x6a, 0xa3, 0x31, 0x08, 0xda, 0x33, 0x6a, 0xce, 0x7e, 0x8e, 0xae, 0xb1, 0xa6,
+ 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x8f, 0xb1, 0x85, 0xa5, 0xf5, 0x68,
+ 0x74, 0xfc, 0x8a, 0x87, 0x2b, 0x13, 0xea, 0xf7, 0xff, 0x82, 0x6d, 0xcf, 0xc3, 0xea, 0x04,
+ 0x80, 0x40, 0xe5, 0xcb, 0x80, 0xdb, 0x07, 0x8b, 0x36, 0x8c, 0x29, 0x22, 0x58, 0x20, 0x6a,
+ 0x8c, 0x52, 0x3f, 0xf7, 0x26, 0xb3, 0xf9, 0xa8, 0x91, 0x08, 0x4e, 0xec, 0x7a, 0x03, 0x16,
+ 0x1c, 0xab, 0x12, 0xcd, 0x8b, 0x05, 0x77, 0x33, 0x16, 0x1c, 0x80, 0x99, 0x79, 0x14, 0x6a,
+ 0x5c, 0x23, 0x58, 0x21, 0x00, 0xd0, 0x0a, 0xa2, 0xaa, 0x27, 0x62, 0x10, 0x24, 0x0c, 0x74,
+ 0x34, 0xe7, 0x06, 0xb3, 0x4d, 0x33, 0x9c, 0x86, 0xa6, 0x62, 0xb9, 0x0f, 0x1a, 0x4b, 0xe2,
+ 0x8b, 0x45, 0x0a, 0xc9, 0xe3, 0x43, 0x28, 0x58, 0x40, 0xea, 0xe3, 0xd3, 0xd9, 0x7f, 0x4e,
+ 0x08, 0x8a, 0x5b, 0xb9, 0xef, 0x28, 0x5a, 0xe0, 0x02, 0x40, 0xf5, 0x68, 0x49, 0x8b, 0xa7,
+ 0xf7, 0x9d, 0xa3, 0xb3, 0x37, 0x72, 0x79, 0xa9, 0x32, 0x47, 0xf6, 0x8d, 0x5d, 0x08, 0xe7,
+ 0xec, 0x00, 0x19, 0x09, 0x6f, 0x0a, 0x4d, 0x7c, 0x62, 0x6c, 0x2b, 0xaa, 0x33, 0x61, 0xe5,
+ 0xa5, 0x3f, 0x2a, 0xfe, 0xcc, 0xdf, 0x8e, 0x62, 0x1c, 0x31, 0xe1, 0x56, 0x6b, 0xa1, 0x6b,
0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72,
0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64,
0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30,
0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f,
0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
-// The challenge that is in kKeysToSignForCsrWithUdsCerts and kCsrWithUdsCerts
-inline const std::vector<uint8_t> kChallenge{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
- 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
- 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20};
-
-inline const std::vector<uint8_t> kKeysToSignForCsrWithUdsCerts{
- 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x35, 0xeb, 0x56, 0xed,
- 0x62, 0x13, 0x6a, 0x41, 0x89, 0xf6, 0x72, 0xa6, 0xf1, 0x5c, 0xd1, 0xf6, 0x34, 0xbd, 0x81,
- 0xdb, 0x2e, 0x0b, 0x4d, 0xf6, 0x69, 0x6f, 0xa6, 0xf3, 0xce, 0x27, 0x2c, 0x78, 0x22, 0x58,
- 0x20, 0xac, 0xa9, 0x9f, 0x62, 0x81, 0x58, 0xc7, 0x10, 0xd7, 0xb5, 0xa8, 0xa0, 0x7b, 0x11,
- 0xf5, 0x75, 0xdb, 0xd9, 0xa2, 0x1d, 0x86, 0x34, 0xc6, 0xf4, 0x23, 0x79, 0xcc, 0x8a, 0x87,
- 0x3c, 0xb2, 0xd0, 0x23, 0x58, 0x20, 0x0f, 0x2c, 0x5a, 0xb7, 0xe1, 0x3b, 0x24, 0xa3, 0x4f,
- 0xaa, 0x49, 0x51, 0xfc, 0x8c, 0xd0, 0x35, 0x43, 0x7c, 0x21, 0xfa, 0x7d, 0x56, 0x97, 0x69,
- 0xe1, 0x81, 0xf5, 0x88, 0x15, 0x33, 0xa0, 0x7f, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01,
- 0x21, 0x58, 0x20, 0xb5, 0xcc, 0xd9, 0x4f, 0x7a, 0xe2, 0xca, 0xac, 0xfe, 0xa5, 0x65, 0x0c,
- 0x6a, 0xa8, 0x16, 0x45, 0x40, 0x41, 0x1c, 0xb2, 0x64, 0xcd, 0x34, 0xe8, 0x37, 0x88, 0xb9,
- 0x9a, 0xb3, 0xc3, 0xfd, 0x6a, 0x22, 0x58, 0x20, 0x5e, 0xbe, 0xff, 0x98, 0x60, 0x6e, 0x1d,
- 0x6b, 0x42, 0x60, 0x59, 0xe9, 0x42, 0x95, 0xc8, 0x2e, 0xc5, 0xb6, 0x66, 0x4a, 0x53, 0xf1,
- 0x73, 0x02, 0xcb, 0x89, 0x8a, 0x2a, 0xc9, 0xa5, 0xa3, 0x39, 0x23, 0x58, 0x21, 0x00, 0xdb,
- 0xda, 0x3c, 0x3e, 0x27, 0x71, 0x5e, 0xd0, 0x2b, 0x09, 0xb8, 0x6f, 0xe2, 0x2c, 0xdd, 0x0a,
- 0xbf, 0x1d, 0x94, 0x36, 0xd2, 0x33, 0x88, 0x6e, 0x66, 0x05, 0x21, 0x92, 0x64, 0x79, 0xa9,
- 0x10};
-
-inline const std::vector<uint8_t> kCsrWithUdsCerts{
- 0x84, 0x01, 0xa1, 0x70, 0x74, 0x65, 0x73, 0x74, 0x2d, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72,
- 0x2d, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0x59, 0x01, 0x6c, 0x30, 0x82, 0x01, 0x68, 0x30, 0x82,
- 0x01, 0x1a, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x7b, 0x30, 0x05, 0x06, 0x03, 0x2b,
- 0x65, 0x70, 0x30, 0x2b, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c,
- 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x12, 0x30,
- 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x52, 0x6f,
- 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x30, 0x31, 0x37, 0x31, 0x39, 0x32,
- 0x33, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x31, 0x31, 0x36, 0x31, 0x39, 0x32,
- 0x33, 0x30, 0x39, 0x5a, 0x30, 0x2b, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a,
- 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31,
- 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x46, 0x61, 0x6b, 0x65, 0x20,
- 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21,
- 0x00, 0x20, 0xc5, 0xfa, 0x42, 0xe9, 0x23, 0xd3, 0x72, 0x83, 0x96, 0xc5, 0x73, 0x1e, 0xec,
- 0x07, 0x39, 0x4f, 0xc8, 0xb7, 0xd1, 0x9f, 0x77, 0xb6, 0x0b, 0x59, 0x9e, 0x62, 0xc0, 0xec,
- 0x06, 0x06, 0xad, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
- 0x16, 0x04, 0x14, 0xec, 0x36, 0x07, 0x83, 0xf0, 0xda, 0x23, 0xfc, 0x0f, 0xb1, 0x08, 0xd0,
- 0x60, 0x97, 0xc1, 0x9a, 0x14, 0x54, 0xbf, 0x63, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
- 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xec, 0x36, 0x07, 0x83, 0xf0, 0xda, 0x23, 0xfc, 0x0f,
- 0xb1, 0x08, 0xd0, 0x60, 0x97, 0xc1, 0x9a, 0x14, 0x54, 0xbf, 0x63, 0x30, 0x0f, 0x06, 0x03,
- 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e,
- 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30,
- 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x41, 0xfa, 0x27, 0xfd, 0xe3, 0x42,
- 0x89, 0x43, 0x68, 0x92, 0x48, 0x39, 0xb1, 0x93, 0x93, 0x8b, 0x69, 0x16, 0x50, 0xbe, 0xc0,
- 0xc5, 0x83, 0xd6, 0x1e, 0x4b, 0x2f, 0x6e, 0x18, 0x32, 0x78, 0xfe, 0x35, 0x78, 0xed, 0x6d,
- 0xc8, 0x36, 0xb2, 0x4e, 0x0d, 0x10, 0x23, 0xab, 0x28, 0x32, 0xa1, 0xfc, 0x83, 0x2a, 0xa3,
- 0xca, 0xe1, 0xca, 0x82, 0xd2, 0x5f, 0xf1, 0x7f, 0xf2, 0xba, 0xbe, 0x86, 0x0b, 0x59, 0x01,
- 0x70, 0x30, 0x82, 0x01, 0x6c, 0x30, 0x82, 0x01, 0x1e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
- 0x02, 0x01, 0xc8, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x2b, 0x31, 0x15, 0x30,
- 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x6f,
- 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
- 0x09, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32,
- 0x34, 0x31, 0x30, 0x31, 0x37, 0x31, 0x39, 0x32, 0x33, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x32,
- 0x34, 0x31, 0x31, 0x31, 0x36, 0x31, 0x39, 0x32, 0x33, 0x30, 0x39, 0x5a, 0x30, 0x2e, 0x31,
- 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20,
- 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
- 0x03, 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x68, 0x69, 0x70, 0x73, 0x65, 0x74,
- 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0x14, 0xf4, 0x4a,
- 0x88, 0x56, 0x9f, 0xc0, 0xf5, 0x1f, 0xe5, 0xef, 0xfb, 0xf4, 0x06, 0xbc, 0xb1, 0xe4, 0x4a,
- 0x37, 0xe5, 0x07, 0xf8, 0x65, 0x95, 0x55, 0x54, 0xfd, 0x90, 0xf9, 0x8b, 0xa7, 0xc6, 0xa3,
- 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xef,
- 0x05, 0x40, 0x0a, 0x1b, 0x74, 0x3e, 0x4d, 0x2e, 0x22, 0xf5, 0x66, 0x0c, 0xd7, 0xf9, 0xb8,
- 0x8e, 0x81, 0x3d, 0xab, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16,
- 0x80, 0x14, 0xec, 0x36, 0x07, 0x83, 0xf0, 0xda, 0x23, 0xfc, 0x0f, 0xb1, 0x08, 0xd0, 0x60,
- 0x97, 0xc1, 0x9a, 0x14, 0x54, 0xbf, 0x63, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
- 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
- 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x05, 0x06, 0x03, 0x2b,
- 0x65, 0x70, 0x03, 0x41, 0x00, 0x64, 0x32, 0x42, 0x06, 0xa7, 0x11, 0xb0, 0x67, 0x81, 0x73,
- 0x19, 0x70, 0xb6, 0x60, 0x1c, 0xd2, 0x43, 0xde, 0x42, 0xec, 0x71, 0x4d, 0x6e, 0xa8, 0xed,
- 0x6f, 0xe2, 0x59, 0x3e, 0xa3, 0x45, 0x82, 0x8b, 0x25, 0x25, 0xf9, 0xc6, 0xb3, 0xf5, 0xb5,
- 0x3d, 0x11, 0x7d, 0xcf, 0xf2, 0x50, 0x22, 0xff, 0x2b, 0xc5, 0x14, 0x94, 0x64, 0xbf, 0xbf,
- 0x52, 0x69, 0xb1, 0xfe, 0x07, 0x81, 0x83, 0xb3, 0x0d, 0x82, 0xa5, 0x01, 0x01, 0x03, 0x27,
- 0x20, 0x06, 0x21, 0x58, 0x20, 0x14, 0xf4, 0x4a, 0x88, 0x56, 0x9f, 0xc0, 0xf5, 0x1f, 0xe5,
- 0xef, 0xfb, 0xf4, 0x06, 0xbc, 0xb1, 0xe4, 0x4a, 0x37, 0xe5, 0x07, 0xf8, 0x65, 0x95, 0x55,
- 0x54, 0xfd, 0x90, 0xf9, 0x8b, 0xa7, 0xc6, 0x23, 0x58, 0x20, 0x8d, 0x38, 0x0d, 0x38, 0xcb,
- 0x76, 0x73, 0xef, 0x13, 0xd1, 0x08, 0x02, 0xa5, 0x0e, 0xd2, 0x16, 0xd4, 0x0f, 0x2c, 0x29,
- 0xf8, 0xd0, 0x20, 0xb8, 0x6a, 0x7f, 0xa2, 0xd1, 0x1e, 0xeb, 0xd1, 0x5c, 0x84, 0x43, 0xa1,
- 0x01, 0x27, 0xa0, 0x59, 0x01, 0x27, 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72,
- 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58,
- 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+inline const std::vector<uint8_t> kCsrWithSharedUdsRoot2{
+ 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x96,
+ 0xf9, 0xf7, 0x16, 0xa7, 0xe2, 0x20, 0xe3, 0x6e, 0x19, 0x8e, 0xc0, 0xc4, 0x82, 0xc5, 0xca,
+ 0x8d, 0x1d, 0xb4, 0xda, 0x94, 0x6d, 0xf8, 0xbc, 0x0b, 0x0e, 0xc7, 0x90, 0x83, 0x5b, 0xc3,
+ 0x4b, 0x22, 0x58, 0x20, 0xed, 0xe0, 0xa1, 0x56, 0x46, 0x5b, 0xe0, 0x67, 0x2d, 0xbc, 0x08,
+ 0x84, 0x6f, 0x43, 0xd0, 0x10, 0xf3, 0x70, 0x90, 0xc2, 0xbf, 0xe3, 0x6b, 0x32, 0x9f, 0xf3,
+ 0xca, 0x57, 0x0f, 0xa8, 0xb9, 0xdd, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x01, 0x04,
+ 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a,
+ 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54, 0xe2, 0x2c,
- 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d, 0x2e, 0x20,
- 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a, 0x00, 0x47,
- 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d, 0x70, 0x6f,
- 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58,
- 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47,
+ 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45,
+ 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54,
+ 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00,
+ 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e,
+ 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57,
- 0x58, 0x70, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x76, 0x82, 0x58,
- 0xce, 0x99, 0x1c, 0x29, 0xa1, 0x81, 0x3e, 0x22, 0xe3, 0x02, 0x13, 0xea, 0x2a, 0x25, 0x2e,
- 0x20, 0x14, 0xeb, 0x45, 0x0d, 0xb8, 0xdb, 0x8c, 0x38, 0xef, 0xeb, 0x25, 0xd6, 0x31, 0x22,
- 0x58, 0x20, 0xbe, 0x55, 0xba, 0x87, 0x17, 0xc2, 0x5b, 0xb6, 0x56, 0xff, 0x4b, 0xf0, 0x8a,
- 0x98, 0x57, 0x86, 0xa4, 0x36, 0x0a, 0x90, 0x38, 0xce, 0x66, 0xec, 0xcb, 0x25, 0x30, 0x29,
- 0x83, 0x02, 0x02, 0xc0, 0x23, 0x58, 0x20, 0x73, 0xdf, 0xc3, 0x4a, 0xe4, 0x2e, 0xbd, 0x04,
- 0x09, 0xec, 0x91, 0xc7, 0xe7, 0xf1, 0xec, 0x55, 0x10, 0x7e, 0xd1, 0x36, 0x5e, 0x9d, 0x11,
- 0x71, 0x27, 0xee, 0x30, 0x7b, 0x04, 0x45, 0x5f, 0x95, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41,
- 0x20, 0x58, 0x40, 0x44, 0x7f, 0x1a, 0x67, 0x16, 0xa0, 0x49, 0xfe, 0x2c, 0xde, 0x87, 0x38,
- 0xef, 0xb9, 0xe0, 0x19, 0x25, 0x7d, 0xcc, 0x39, 0x53, 0x27, 0xbd, 0x2c, 0x04, 0x6c, 0xe3,
- 0x5c, 0x5e, 0xd6, 0x27, 0x09, 0xb9, 0xf7, 0x8c, 0x2b, 0xd2, 0x68, 0xc3, 0xf1, 0x23, 0xcf,
- 0xc6, 0xfc, 0x21, 0xb3, 0x52, 0x48, 0xe6, 0x8a, 0x89, 0x3e, 0x37, 0x24, 0x13, 0x23, 0x80,
- 0xb2, 0xc7, 0xa7, 0xc6, 0xf1, 0xec, 0x04, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02,
- 0x0f, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a,
- 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79,
- 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f,
- 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65,
- 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66,
- 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65,
- 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65,
- 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f,
- 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72,
- 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74,
- 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66,
- 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72,
- 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62,
- 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c,
- 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65,
- 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72,
- 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65,
- 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72,
- 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34,
- 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x35, 0xeb,
- 0x56, 0xed, 0x62, 0x13, 0x6a, 0x41, 0x89, 0xf6, 0x72, 0xa6, 0xf1, 0x5c, 0xd1, 0xf6, 0x34,
- 0xbd, 0x81, 0xdb, 0x2e, 0x0b, 0x4d, 0xf6, 0x69, 0x6f, 0xa6, 0xf3, 0xce, 0x27, 0x2c, 0x78,
- 0x22, 0x58, 0x20, 0xac, 0xa9, 0x9f, 0x62, 0x81, 0x58, 0xc7, 0x10, 0xd7, 0xb5, 0xa8, 0xa0,
- 0x7b, 0x11, 0xf5, 0x75, 0xdb, 0xd9, 0xa2, 0x1d, 0x86, 0x34, 0xc6, 0xf4, 0x23, 0x79, 0xcc,
- 0x8a, 0x87, 0x3c, 0xb2, 0xd0, 0x23, 0x58, 0x20, 0x0f, 0x2c, 0x5a, 0xb7, 0xe1, 0x3b, 0x24,
- 0xa3, 0x4f, 0xaa, 0x49, 0x51, 0xfc, 0x8c, 0xd0, 0x35, 0x43, 0x7c, 0x21, 0xfa, 0x7d, 0x56,
- 0x97, 0x69, 0xe1, 0x81, 0xf5, 0x88, 0x15, 0x33, 0xa0, 0x7f, 0xa6, 0x01, 0x02, 0x03, 0x26,
- 0x20, 0x01, 0x21, 0x58, 0x20, 0xb5, 0xcc, 0xd9, 0x4f, 0x7a, 0xe2, 0xca, 0xac, 0xfe, 0xa5,
- 0x65, 0x0c, 0x6a, 0xa8, 0x16, 0x45, 0x40, 0x41, 0x1c, 0xb2, 0x64, 0xcd, 0x34, 0xe8, 0x37,
- 0x88, 0xb9, 0x9a, 0xb3, 0xc3, 0xfd, 0x6a, 0x22, 0x58, 0x20, 0x5e, 0xbe, 0xff, 0x98, 0x60,
- 0x6e, 0x1d, 0x6b, 0x42, 0x60, 0x59, 0xe9, 0x42, 0x95, 0xc8, 0x2e, 0xc5, 0xb6, 0x66, 0x4a,
- 0x53, 0xf1, 0x73, 0x02, 0xcb, 0x89, 0x8a, 0x2a, 0xc9, 0xa5, 0xa3, 0x39, 0x23, 0x58, 0x21,
- 0x00, 0xdb, 0xda, 0x3c, 0x3e, 0x27, 0x71, 0x5e, 0xd0, 0x2b, 0x09, 0xb8, 0x6f, 0xe2, 0x2c,
- 0xdd, 0x0a, 0xbf, 0x1d, 0x94, 0x36, 0xd2, 0x33, 0x88, 0x6e, 0x66, 0x05, 0x21, 0x92, 0x64,
- 0x79, 0xa9, 0x10, 0x58, 0x40, 0x87, 0xcf, 0xaa, 0x82, 0x6a, 0xba, 0x25, 0x8b, 0x81, 0xd8,
- 0x14, 0xca, 0xbd, 0xf4, 0x67, 0xdf, 0xc8, 0x2c, 0xa1, 0x04, 0x57, 0x99, 0xa0, 0x54, 0xe7,
- 0x9b, 0xb2, 0xd0, 0xaf, 0xdd, 0x07, 0x46, 0x0a, 0xd7, 0xbd, 0xa7, 0xf9, 0xa8, 0x0c, 0x08,
- 0x1e, 0x9c, 0xae, 0x73, 0x4c, 0x22, 0x6e, 0x56, 0x8b, 0xe4, 0x91, 0x54, 0xa4, 0x7a, 0xb0,
- 0xf5, 0xe4, 0x5d, 0xa9, 0x8f, 0xae, 0x43, 0x95, 0x7a};
-
-inline const std::vector<uint8_t> kKeysToSignForCsrWithoutUdsCerts = {
- 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x50, 0x43, 0xb4, 0xf1,
- 0xc1, 0x7f, 0x17, 0xc6, 0x3b, 0x56, 0x27, 0x63, 0x03, 0x18, 0x78, 0x9d, 0x63, 0x93, 0x3b,
- 0x98, 0xed, 0x55, 0x8c, 0x87, 0x1b, 0xd7, 0x89, 0xb6, 0x81, 0x92, 0x5f, 0x24, 0x22, 0x58,
- 0x20, 0xd5, 0x24, 0x93, 0xda, 0x3e, 0x32, 0x17, 0xfa, 0xe8, 0x8d, 0x1e, 0xa9, 0xe0, 0x84,
- 0x4e, 0x1c, 0x6a, 0xef, 0x9a, 0xe3, 0xbe, 0x1d, 0xf1, 0x14, 0xe0, 0x9e, 0x82, 0xc8, 0x92,
- 0x1a, 0x3a, 0x69, 0x23, 0x58, 0x20, 0x29, 0xcb, 0x16, 0x78, 0x61, 0x35, 0x92, 0x3f, 0x71,
- 0xc4, 0x66, 0x61, 0xd4, 0xd4, 0x20, 0x8a, 0x86, 0x1e, 0xb0, 0x2b, 0x2f, 0x4f, 0x13, 0xb4,
- 0x0d, 0x89, 0x60, 0x87, 0x77, 0xac, 0x1a, 0x0f, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01,
- 0x21, 0x58, 0x20, 0x4b, 0xcc, 0x7a, 0x09, 0x99, 0x76, 0xe7, 0xfa, 0x06, 0xb9, 0x19, 0x22,
- 0x15, 0x3b, 0x9f, 0xa8, 0x34, 0x77, 0x24, 0x27, 0x8c, 0x8a, 0x97, 0x61, 0xf3, 0x6f, 0x29,
- 0x74, 0x4e, 0x9a, 0x66, 0x23, 0x22, 0x58, 0x20, 0x8f, 0xa8, 0xaf, 0x2b, 0x02, 0x3a, 0xd4,
- 0x8a, 0xa2, 0x9d, 0x25, 0xa8, 0x01, 0xe7, 0xbd, 0x61, 0x25, 0x88, 0xb4, 0xc9, 0xce, 0x05,
- 0x43, 0xcc, 0x0d, 0x38, 0x7d, 0xe2, 0xda, 0x03, 0xb3, 0x33, 0x23, 0x58, 0x21, 0x00, 0xc8,
- 0x67, 0xb8, 0xbe, 0xc4, 0x1c, 0xca, 0x3c, 0x73, 0x3c, 0xbf, 0x52, 0xb2, 0x5a, 0x64, 0x9e,
- 0x9f, 0xae, 0xc6, 0x9f, 0x02, 0x2f, 0xee, 0x92, 0x1d, 0xdb, 0x01, 0x77, 0x27, 0x12, 0x84,
- 0x14};
-
-inline const std::vector<uint8_t> kCsrWithoutUdsCerts{
- 0x84, 0x01, 0xa0, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x38, 0x22, 0x20, 0x02, 0x21, 0x58, 0x30,
- 0x21, 0x09, 0x81, 0xb2, 0x4c, 0x8e, 0x23, 0x63, 0x46, 0xe5, 0x32, 0x1e, 0x1b, 0xa3, 0x39,
- 0x47, 0xd1, 0x19, 0x91, 0xc5, 0xe1, 0xd0, 0x51, 0xa4, 0x4e, 0x6d, 0xfd, 0x21, 0x46, 0xf3,
- 0x65, 0x6b, 0xd3, 0xec, 0x20, 0x21, 0xf8, 0xef, 0x39, 0x50, 0x0a, 0xfc, 0x6d, 0x18, 0xf8,
- 0x90, 0x1c, 0xc8, 0x22, 0x58, 0x30, 0x80, 0x1f, 0xd8, 0xe3, 0x64, 0x51, 0x48, 0x66, 0xa5,
- 0xad, 0x05, 0xcb, 0xe4, 0xee, 0x0f, 0x20, 0xc1, 0xca, 0x84, 0xc2, 0xe0, 0xcc, 0x22, 0x06,
- 0x7c, 0x5e, 0x2c, 0xb3, 0x3b, 0x52, 0xd4, 0xe7, 0xc1, 0xe2, 0x57, 0x9d, 0x8a, 0xa6, 0x5c,
- 0x08, 0xbb, 0x77, 0x07, 0xa8, 0x39, 0xba, 0x9f, 0x5f, 0x23, 0x58, 0x31, 0x00, 0xff, 0x5f,
- 0xa3, 0x03, 0x87, 0x70, 0xe5, 0xf0, 0x69, 0xcd, 0x0a, 0x32, 0x9e, 0x4a, 0xe8, 0x07, 0x1f,
- 0x26, 0xb9, 0x8a, 0x01, 0x83, 0xfe, 0xb9, 0x21, 0x22, 0x49, 0x9d, 0x9f, 0x78, 0x48, 0xf4,
- 0x24, 0x87, 0xe8, 0x4d, 0xab, 0xd5, 0xe9, 0xd6, 0x90, 0x49, 0x4b, 0x42, 0xb4, 0x68, 0xac,
- 0xf1, 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x01, 0x28, 0xa9, 0x01, 0x66, 0x69,
- 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a,
- 0x00, 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20,
- 0xb8, 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63,
- 0xf0, 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39,
- 0x30, 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e,
- 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a,
- 0x00, 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01,
- 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x71, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21,
- 0x58, 0x20, 0x2d, 0x41, 0x43, 0x19, 0xf2, 0x91, 0x58, 0x12, 0x65, 0x2e, 0x96, 0xb5, 0x9d,
- 0x12, 0x18, 0x58, 0x54, 0x11, 0xed, 0x41, 0x30, 0xef, 0xa4, 0xee, 0x69, 0x8f, 0x0c, 0x6e,
- 0xe6, 0x27, 0xc5, 0x20, 0x22, 0x58, 0x20, 0x21, 0x0e, 0x8f, 0x83, 0xe5, 0xeb, 0x40, 0x89,
- 0xc2, 0x0a, 0x43, 0x6c, 0x9f, 0xa8, 0x4e, 0xe0, 0xba, 0x9e, 0xba, 0x4f, 0xe3, 0x27, 0xc4,
- 0xbd, 0x41, 0xa0, 0xd6, 0xe9, 0x55, 0x54, 0x17, 0x78, 0x23, 0x58, 0x21, 0x00, 0xb6, 0x33,
- 0x44, 0x98, 0xa7, 0x1c, 0x90, 0x13, 0xcc, 0x42, 0x71, 0x43, 0x29, 0xe5, 0xe1, 0x57, 0x89,
- 0x7a, 0x39, 0x17, 0x7c, 0xcc, 0x03, 0xac, 0xd3, 0x1b, 0xd2, 0xae, 0x29, 0x5f, 0xd6, 0xf8,
- 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x60, 0xc4, 0x54, 0xad, 0x40, 0xa2, 0x07,
- 0xc7, 0x80, 0xbd, 0x41, 0x77, 0x5d, 0xa7, 0xa2, 0xef, 0xef, 0x92, 0x67, 0x24, 0xab, 0xa1,
- 0x4a, 0x5e, 0x4f, 0x73, 0xfb, 0x5c, 0x1f, 0xe6, 0x46, 0x2f, 0xb9, 0x1b, 0x71, 0x86, 0x87,
- 0x29, 0xc4, 0x66, 0xb7, 0x3e, 0x85, 0x13, 0x9a, 0xa3, 0xf8, 0xfc, 0x63, 0x26, 0xe0, 0xba,
- 0x0b, 0xe0, 0x9b, 0x2e, 0x7d, 0x06, 0x06, 0xb8, 0x2f, 0xdd, 0x0c, 0xa5, 0x90, 0x1c, 0x10,
- 0x1c, 0x55, 0xf9, 0x65, 0xf6, 0x26, 0x40, 0x41, 0xaf, 0x5c, 0x16, 0x03, 0xf3, 0xee, 0x8d,
- 0x72, 0x2c, 0x6b, 0x1e, 0xb3, 0x1f, 0x96, 0x97, 0x34, 0x61, 0x0d, 0x5c, 0xe4, 0x94, 0x6a,
- 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0f, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03,
- 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
- 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59,
- 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62,
- 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73,
- 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c,
- 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67,
- 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76,
- 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f,
- 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61,
- 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73,
- 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd,
- 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76,
- 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74,
- 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62,
- 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65,
- 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f,
- 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c,
- 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f,
- 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03,
- 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x50, 0x43, 0xb4, 0xf1, 0xc1, 0x7f, 0x17, 0xc6, 0x3b,
- 0x56, 0x27, 0x63, 0x03, 0x18, 0x78, 0x9d, 0x63, 0x93, 0x3b, 0x98, 0xed, 0x55, 0x8c, 0x87,
- 0x1b, 0xd7, 0x89, 0xb6, 0x81, 0x92, 0x5f, 0x24, 0x22, 0x58, 0x20, 0xd5, 0x24, 0x93, 0xda,
- 0x3e, 0x32, 0x17, 0xfa, 0xe8, 0x8d, 0x1e, 0xa9, 0xe0, 0x84, 0x4e, 0x1c, 0x6a, 0xef, 0x9a,
- 0xe3, 0xbe, 0x1d, 0xf1, 0x14, 0xe0, 0x9e, 0x82, 0xc8, 0x92, 0x1a, 0x3a, 0x69, 0x23, 0x58,
- 0x20, 0x29, 0xcb, 0x16, 0x78, 0x61, 0x35, 0x92, 0x3f, 0x71, 0xc4, 0x66, 0x61, 0xd4, 0xd4,
- 0x20, 0x8a, 0x86, 0x1e, 0xb0, 0x2b, 0x2f, 0x4f, 0x13, 0xb4, 0x0d, 0x89, 0x60, 0x87, 0x77,
- 0xac, 0x1a, 0x0f, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x4b, 0xcc,
- 0x7a, 0x09, 0x99, 0x76, 0xe7, 0xfa, 0x06, 0xb9, 0x19, 0x22, 0x15, 0x3b, 0x9f, 0xa8, 0x34,
- 0x77, 0x24, 0x27, 0x8c, 0x8a, 0x97, 0x61, 0xf3, 0x6f, 0x29, 0x74, 0x4e, 0x9a, 0x66, 0x23,
- 0x22, 0x58, 0x20, 0x8f, 0xa8, 0xaf, 0x2b, 0x02, 0x3a, 0xd4, 0x8a, 0xa2, 0x9d, 0x25, 0xa8,
- 0x01, 0xe7, 0xbd, 0x61, 0x25, 0x88, 0xb4, 0xc9, 0xce, 0x05, 0x43, 0xcc, 0x0d, 0x38, 0x7d,
- 0xe2, 0xda, 0x03, 0xb3, 0x33, 0x23, 0x58, 0x21, 0x00, 0xc8, 0x67, 0xb8, 0xbe, 0xc4, 0x1c,
- 0xca, 0x3c, 0x73, 0x3c, 0xbf, 0x52, 0xb2, 0x5a, 0x64, 0x9e, 0x9f, 0xae, 0xc6, 0x9f, 0x02,
- 0x2f, 0xee, 0x92, 0x1d, 0xdb, 0x01, 0x77, 0x27, 0x12, 0x84, 0x14, 0x58, 0x40, 0x6c, 0xd5,
- 0x66, 0x0a, 0x99, 0xdd, 0x32, 0x47, 0x50, 0x1f, 0x5d, 0x46, 0x40, 0x8a, 0x60, 0x25, 0xa0,
- 0x1b, 0x3c, 0x2a, 0xcf, 0xa1, 0x92, 0x1a, 0xdc, 0x81, 0xaa, 0xb0, 0x0f, 0xf2, 0xe6, 0x94,
- 0xce, 0x3d, 0xff, 0xac, 0x25, 0x44, 0xea, 0xf7, 0x0a, 0x89, 0x9d, 0xc4, 0x7e, 0xe5, 0x02,
- 0xa7, 0xb6, 0xc2, 0x40, 0x06, 0x65, 0xc5, 0xff, 0x19, 0xc5, 0xcd, 0x1c, 0xd5, 0x78, 0x01,
- 0xd4, 0xb8};
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47,
+ 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03,
+ 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x2d, 0xbd, 0x92, 0x58, 0xc8, 0xcd, 0xc3, 0xc5, 0x14,
+ 0xe3, 0x6e, 0x5f, 0xab, 0x71, 0x41, 0x46, 0x83, 0xb4, 0x3e, 0x82, 0xdb, 0xe7, 0x7d, 0x27,
+ 0xe5, 0x26, 0x36, 0x94, 0xcb, 0x4c, 0x72, 0x8f, 0x22, 0x58, 0x20, 0xbf, 0xa2, 0xa7, 0x15,
+ 0x46, 0x5a, 0xea, 0xa8, 0xc7, 0xad, 0x22, 0x61, 0x9c, 0xba, 0x87, 0x70, 0x65, 0x64, 0x11,
+ 0x05, 0x8a, 0x58, 0x8c, 0x0c, 0x25, 0xc7, 0xf8, 0x5f, 0xfc, 0x4a, 0xee, 0xa1, 0x3a, 0x00,
+ 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x43, 0xba, 0xff, 0xdb, 0xbb, 0xa9, 0x9e, 0x8f,
+ 0x06, 0xdf, 0x33, 0xa0, 0x3f, 0x30, 0xc3, 0x64, 0x84, 0x32, 0xb5, 0x2a, 0x06, 0x53, 0x13,
+ 0x70, 0xbe, 0xa3, 0x0b, 0x4d, 0xbe, 0x8d, 0x8c, 0x90, 0xde, 0x6c, 0x1d, 0xa8, 0xea, 0x40,
+ 0xd5, 0x17, 0xa1, 0xea, 0x62, 0x95, 0x37, 0x64, 0x92, 0xc3, 0xc4, 0xef, 0xd7, 0xcf, 0x87,
+ 0x0c, 0x9a, 0xd2, 0x5c, 0x10, 0x1d, 0x00, 0x2e, 0xe4, 0xe9, 0x1f, 0x84, 0x43, 0xa1, 0x01,
+ 0x26, 0xa0, 0x59, 0x02, 0x10, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+ 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xea, 0x84, 0x03,
+ 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64,
+ 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65,
+ 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76,
+ 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64,
+ 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74,
+ 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65,
+ 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61,
+ 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76,
+ 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22,
+ 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73,
+ 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74,
+ 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c,
+ 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c,
+ 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63,
+ 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63,
+ 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65,
+ 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65,
+ 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21,
+ 0x58, 0x20, 0xad, 0xd2, 0x8c, 0xcc, 0xfb, 0x22, 0xd8, 0x5a, 0x3b, 0x9d, 0x22, 0x58, 0xb3,
+ 0x7c, 0xcc, 0xa5, 0x22, 0x46, 0x86, 0x2b, 0x29, 0x87, 0x49, 0xdd, 0xe4, 0x2c, 0xb4, 0x3f,
+ 0xf2, 0x4e, 0x6a, 0xed, 0x22, 0x58, 0x20, 0xe9, 0x34, 0x28, 0x54, 0x21, 0x7e, 0x88, 0x34,
+ 0x82, 0x0d, 0x0f, 0x14, 0x5b, 0xec, 0x61, 0xc4, 0xf2, 0xa4, 0xef, 0xf8, 0x17, 0xeb, 0xeb,
+ 0x05, 0x01, 0x36, 0x14, 0x52, 0xc7, 0xc2, 0xd8, 0xd3, 0x23, 0x58, 0x21, 0x00, 0xd9, 0xb4,
+ 0x13, 0xd0, 0x86, 0x31, 0x5e, 0x97, 0xc2, 0x54, 0x03, 0x72, 0x80, 0x6f, 0x14, 0x53, 0xbe,
+ 0x2e, 0xe5, 0x1b, 0x02, 0x1a, 0x62, 0x1a, 0x88, 0xe8, 0xa2, 0xde, 0xd0, 0x7d, 0xf6, 0x53,
+ 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xca, 0x7d, 0x6e, 0xb5, 0x78,
+ 0x99, 0x9e, 0x66, 0xf4, 0x5d, 0xfe, 0xd5, 0x92, 0xe3, 0x30, 0xf5, 0xd5, 0xc2, 0x82, 0xf2,
+ 0x6d, 0x58, 0x16, 0x26, 0xa5, 0xe7, 0xfc, 0x62, 0x8f, 0xf3, 0x61, 0x56, 0x22, 0x58, 0x20,
+ 0x9f, 0x42, 0x22, 0x11, 0x1c, 0x45, 0x5c, 0x3a, 0x30, 0x95, 0xb4, 0xb3, 0x63, 0x26, 0x09,
+ 0xfc, 0x2e, 0x6e, 0x99, 0xdd, 0x44, 0x37, 0x34, 0xa9, 0x68, 0x42, 0xf5, 0x91, 0x40, 0xae,
+ 0xfa, 0x52, 0x23, 0x58, 0x21, 0x00, 0xe2, 0x3b, 0xaa, 0x88, 0xfc, 0xec, 0x23, 0xe7, 0x93,
+ 0x91, 0x04, 0x8e, 0xae, 0xa7, 0x44, 0xb4, 0x5e, 0x46, 0xe8, 0x91, 0x59, 0x3e, 0x43, 0x13,
+ 0x82, 0x8e, 0xa1, 0xee, 0x47, 0xbd, 0x13, 0x27, 0x58, 0x40, 0x43, 0x1d, 0xc8, 0x35, 0x44,
+ 0xbf, 0xd5, 0x06, 0x2c, 0xac, 0x18, 0x3c, 0xbb, 0xc6, 0x77, 0x99, 0x2f, 0x4e, 0x71, 0xcd,
+ 0x7a, 0x9b, 0x93, 0xc7, 0x08, 0xa3, 0x71, 0x89, 0xb5, 0xb2, 0x04, 0xbe, 0x69, 0x22, 0xf3,
+ 0x66, 0xb8, 0xa9, 0xc6, 0x5e, 0x7c, 0x45, 0xf6, 0x2f, 0x8a, 0xa9, 0x3e, 0xee, 0x6f, 0x92,
+ 0x2a, 0x9c, 0x91, 0xe2, 0x1d, 0x4a, 0x4e, 0x4a, 0xb4, 0xcc, 0x87, 0xd2, 0x85, 0x5f, 0xa1,
+ 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62,
+ 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f,
+ 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32,
+ 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72,
+ 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
const RpcHardwareInfo kRpcHardwareInfo = {.versionNumber = 3};
@@ -640,14 +801,87 @@
ASSERT_FALSE(*result) << "DICE Chain is proper";
}
+TEST(RemoteProvUtils, csrHasUdsCerts) {
+ auto csr = hwtrust::Csr::validate(kCsrWithUdsCerts, hwtrust::DiceChain::Kind::kVsr16,
+ false /*isFactory*/, false /*allowAnyMode*/,
+ deviceSuffix(DEFAULT_INSTANCE_NAME));
+ ASSERT_TRUE(csr.ok()) << csr.error().message();
+ ASSERT_TRUE(csr->hasUdsCerts());
+}
+
+TEST(RemoteProvUtils, csrDoesntHaveUdsCerts) {
+ auto csr = hwtrust::Csr::validate(kCsrWithoutUdsCerts, hwtrust::DiceChain::Kind::kVsr16,
+ false /*isFactory*/, false /*allowAnyMode*/,
+ deviceSuffix(DEFAULT_INSTANCE_NAME));
+ ASSERT_TRUE(csr.ok()) << csr.error().message();
+ ASSERT_FALSE(csr->hasUdsCerts());
+}
+
+TEST(RemoteProvUtils, csrHasCorrectChallenge) {
+ auto csr = hwtrust::Csr::validate(kCsrWithoutUdsCerts, hwtrust::DiceChain::Kind::kVsr16,
+ false /*isFactory*/, false /*allowAnyMode*/,
+ deviceSuffix(DEFAULT_INSTANCE_NAME));
+ ASSERT_TRUE(csr.ok()) << csr.error().message();
+
+ auto equal = csr->compareChallenge(kChallenge);
+ ASSERT_TRUE(equal.ok()) << equal.error().message();
+
+ ASSERT_TRUE(*equal) << kErrorChallengeMismatch;
+
+ auto zeroes = std::vector<uint8_t>(32, 0);
+ auto notEqual = csr->compareChallenge(zeroes);
+ ASSERT_TRUE(notEqual.ok()) << notEqual.error().message();
+
+ ASSERT_FALSE(*notEqual) << "ERROR: challenges are not different";
+}
+
+TEST(RemoteProvUtils, csrHasCorrectKeysToSign) {
+ auto csr = hwtrust::Csr::validate(kCsrWithoutUdsCerts, hwtrust::DiceChain::Kind::kVsr16,
+ false /*isFactory*/, false /*allowAnyMode*/,
+ deviceSuffix(DEFAULT_INSTANCE_NAME));
+ ASSERT_TRUE(csr.ok()) << csr.error().message();
+
+ auto equal = csr->compareKeysToSign(kKeysToSignForCsrWithoutUdsCerts);
+ ASSERT_TRUE(equal.ok()) << equal.error().message();
+ ASSERT_TRUE(*equal) << kErrorKeysToSignMismatch;
+
+ auto zeroes = std::vector<uint8_t>(kKeysToSignForCsrWithoutUdsCerts.size(), 0);
+ auto notEqual = csr->compareKeysToSign(zeroes);
+ ASSERT_TRUE(notEqual.ok()) << notEqual.error().message();
+ ASSERT_FALSE(*notEqual) << kErrorKeysToSignMismatch;
+}
+
+TEST(RemoteProvUtilsTest, allowDegenerateDiceChainWhenDegenerate) {
+ auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithDegenerateDiceChain);
+ ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
+
+ const auto keysToSign = keysToSignPtr->asArray();
+ auto csr = verifyFactoryCsr(*keysToSign, kCsrWithDegenerateDiceChain, kRpcHardwareInfo,
+ DEFAULT_INSTANCE_NAME, kChallenge,
+ /*allowDegenerate=*/true, /*requireUdsCerts=*/false);
+ ASSERT_TRUE(csr) << csr.message();
+}
+
+TEST(RemoteProvUtilsTest, disallowDegenerateDiceChainWhenDegenerate) {
+ auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithDegenerateDiceChain);
+ ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
+
+ const auto keysToSign = keysToSignPtr->asArray();
+ auto csr = verifyFactoryCsr(*keysToSign, kCsrWithDegenerateDiceChain, kRpcHardwareInfo,
+ DEFAULT_INSTANCE_NAME, kChallenge,
+ /*allowDegenerate=*/false, /*requireUdsCerts=*/false);
+ ASSERT_FALSE(csr);
+ ASSERT_THAT(csr.message(), testing::HasSubstr(kErrorDiceChainIsDegenerate));
+}
+
TEST(RemoteProvUtilsTest, requireUdsCertsWhenPresent) {
auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithUdsCerts);
ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
const auto keysToSign = keysToSignPtr->asArray();
- auto csr =
- verifyFactoryCsr(*keysToSign, kCsrWithUdsCerts, kRpcHardwareInfo, "default", kChallenge,
- /*allowDegenerate=*/false, /*requireUdsCerts=*/true);
+ auto csr = verifyFactoryCsr(*keysToSign, kCsrWithUdsCerts, kRpcHardwareInfo,
+ DEFAULT_INSTANCE_NAME, kChallenge,
+ /*allowDegenerate=*/false, /*requireUdsCerts=*/true);
ASSERT_TRUE(csr) << csr.message();
}
@@ -667,13 +901,11 @@
DEFAULT_INSTANCE_NAME, kChallenge, /*allowDegenerate=*/false,
/*requireUdsCerts=*/true);
ASSERT_FALSE(csr);
- ASSERT_THAT(csr.message(), testing::HasSubstr("UdsCerts must not be empty"));
+ ASSERT_THAT(csr.message(), testing::HasSubstr(kErrorUdsCertsAreRequired));
}
TEST(RemoteProvUtilsTest, dontRequireUdsCertsWhenNotPresent) {
- auto [keysToSignPtr, _, errMsg] = cppbor::parse(
- kKeysToSignForCsrWithoutUdsCerts.data(),
- kKeysToSignForCsrWithoutUdsCerts.data() + kKeysToSignForCsrWithoutUdsCerts.size());
+ auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithoutUdsCerts);
ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
const auto* keysToSign = keysToSignPtr->asArray();
@@ -683,6 +915,21 @@
ASSERT_TRUE(csr) << csr.message();
}
+TEST(RemoteProvUtilsTest, compareRootPublicKeysInDiceChains) {
+ ASSERT_NE(kCsrWithSharedUdsRoot1, kCsrWithSharedUdsRoot2);
+ ASSERT_NE(kCsrWithUdsCerts, kCsrWithSharedUdsRoot1);
+
+ auto equal = compareRootPublicKeysInDiceChains(kCsrWithSharedUdsRoot1, DEFAULT_INSTANCE_NAME,
+ kCsrWithSharedUdsRoot2, DEFAULT_INSTANCE_NAME);
+ ASSERT_TRUE(equal) << equal.message();
+ ASSERT_TRUE(*equal) << "Root public keys in DICE chains do not match.";
+
+ auto notEqual = compareRootPublicKeysInDiceChains(kCsrWithSharedUdsRoot1, DEFAULT_INSTANCE_NAME,
+ kCsrWithUdsCerts, DEFAULT_INSTANCE_NAME);
+ ASSERT_TRUE(notEqual) << notEqual.message();
+ ASSERT_FALSE(*notEqual) << "Root public keys in DICE chains match.";
+}
+
TEST(RemoteProvUtilsTest, parseFullyQualifiedInstanceNames) {
ASSERT_EQ(deviceSuffix(RKPVM_INSTANCE_NAME), "avf");
ASSERT_EQ(deviceSuffix(DEFAULT_INSTANCE_NAME), "default");
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index b9c742a..d9bd0d8 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -151,20 +151,24 @@
return corruptChain.encode();
}
-bool matching_keymint_device(const string& rp_name, std::shared_ptr<IKeyMintDevice>* keyMint) {
- auto rp_suffix = deviceSuffix(rp_name);
+template <class T>
+auto getHandle(const string& serviceName) {
+ ::ndk::SpAIBinder binder(AServiceManager_waitForService(serviceName.c_str()));
+ return T::fromBinder(binder);
+}
- vector<string> km_names = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
- for (const string& km_name : km_names) {
+std::shared_ptr<IKeyMintDevice> matchingKeyMintDevice(const string& rpcName) {
+ auto rpcSuffix = deviceSuffix(rpcName);
+
+ vector<string> kmNames = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor);
+ for (const string& kmName : kmNames) {
// If the suffix of the KeyMint instance equals the suffix of the
// RemotelyProvisionedComponent instance, assume they match.
- if (deviceSuffix(km_name) == rp_suffix && AServiceManager_isDeclared(km_name.c_str())) {
- ::ndk::SpAIBinder binder(AServiceManager_waitForService(km_name.c_str()));
- *keyMint = IKeyMintDevice::fromBinder(binder);
- return true;
+ if (deviceSuffix(kmName) == rpcSuffix && AServiceManager_isDeclared(kmName.c_str())) {
+ getHandle<IKeyMintDevice>(kmName);
}
}
- return false;
+ return nullptr;
}
} // namespace
@@ -173,8 +177,7 @@
public:
virtual void SetUp() override {
if (AServiceManager_isDeclared(GetParam().c_str())) {
- ::ndk::SpAIBinder binder(AServiceManager_waitForService(GetParam().c_str()));
- provisionable_ = IRemotelyProvisionedComponent::fromBinder(binder);
+ provisionable_ = getHandle<IRemotelyProvisionedComponent>(GetParam());
}
ASSERT_NE(provisionable_, nullptr);
auto status = provisionable_->getHardwareInfo(&rpcHardwareInfo);
@@ -210,9 +213,7 @@
std::set<std::string> uniqueIds;
for (auto hal : ::android::getAidlHalInstanceNames(IRemotelyProvisionedComponent::descriptor)) {
ASSERT_TRUE(AServiceManager_isDeclared(hal.c_str()));
- ::ndk::SpAIBinder binder(AServiceManager_waitForService(hal.c_str()));
- std::shared_ptr<IRemotelyProvisionedComponent> rpc =
- IRemotelyProvisionedComponent::fromBinder(binder);
+ auto rpc = getHandle<IRemotelyProvisionedComponent>(hal);
ASSERT_NE(rpc, nullptr);
RpcHardwareInfo hwInfo;
@@ -248,9 +249,7 @@
GTEST_SKIP() << "Strongbox is not present on this device.";
}
- ::ndk::SpAIBinder binder(AServiceManager_waitForService(DEFAULT_INSTANCE_NAME.c_str()));
- std::shared_ptr<IRemotelyProvisionedComponent> rpc =
- IRemotelyProvisionedComponent::fromBinder(binder);
+ auto rpc = getHandle<IRemotelyProvisionedComponent>(DEFAULT_INSTANCE_NAME);
ASSERT_NE(rpc, nullptr);
bytevec challenge = randomBytes(64);
@@ -263,6 +262,55 @@
ASSERT_TRUE(*result);
}
+/**
+ * Verify that if a protected VM (also called `avf` or RKP VM) implementation exists, then the
+ * protected VM and the primary KeyMint (also called 'default') implementation's DICE certificate
+ * chain has the same root public key, i.e., the same UDS public key
+ */
+// @VsrTest = 7.1-003.001
+TEST(NonParameterizedTests, equalUdsPubInDiceCertChainForRkpVmAndPrimaryKeyMintInstances) {
+ int apiLevel = get_vsr_api_level();
+ if (apiLevel < 202504) {
+ if (!AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str())) {
+ GTEST_SKIP() << "The RKP VM (" << RKPVM_INSTANCE_NAME
+ << ") is not present on this device.";
+ }
+ } else {
+ ASSERT_TRUE(AServiceManager_isDeclared(RKPVM_INSTANCE_NAME.c_str()));
+ }
+
+ auto rkpVmRpc = getHandle<IRemotelyProvisionedComponent>(RKPVM_INSTANCE_NAME);
+ ASSERT_NE(rkpVmRpc, nullptr) << "The RKP VM (" << RKPVM_INSTANCE_NAME
+ << ") RPC is unavailable.";
+
+ RpcHardwareInfo hardwareInfo;
+ auto status = rkpVmRpc->getHardwareInfo(&hardwareInfo);
+ if (!status.isOk()) {
+ GTEST_SKIP() << "The RKP VM is not supported on this system.";
+ }
+
+ bytevec rkpVmChallenge = randomBytes(MAX_CHALLENGE_SIZE);
+ bytevec rkpVmCsr;
+ auto rkpVmStatus =
+ rkpVmRpc->generateCertificateRequestV2({} /* keysToSign */, rkpVmChallenge, &rkpVmCsr);
+ ASSERT_TRUE(rkpVmStatus.isOk()) << rkpVmStatus.getDescription();
+
+ auto primaryKeyMintRpc = getHandle<IRemotelyProvisionedComponent>(DEFAULT_INSTANCE_NAME);
+ ASSERT_NE(primaryKeyMintRpc, nullptr)
+ << "The Primary KeyMint (" << DEFAULT_INSTANCE_NAME << ") RPC is unavailable.";
+
+ bytevec primaryKeyMintChallenge = randomBytes(MAX_CHALLENGE_SIZE);
+ bytevec primaryKeyMintCsr;
+ auto primaryKeyMintStatus = primaryKeyMintRpc->generateCertificateRequestV2(
+ {} /* keysToSign */, primaryKeyMintChallenge, &primaryKeyMintCsr);
+ ASSERT_TRUE(primaryKeyMintStatus.isOk()) << primaryKeyMintStatus.getDescription();
+
+ auto equal = compareRootPublicKeysInDiceChains(rkpVmCsr, RKPVM_INSTANCE_NAME, primaryKeyMintCsr,
+ DEFAULT_INSTANCE_NAME);
+ ASSERT_TRUE(equal) << equal.message();
+ ASSERT_TRUE(*equal) << "Primary KeyMint and RKP VM RPCs have different UDS public keys";
+}
+
using GetHardwareInfoTests = VtsRemotelyProvisionedComponentTests;
INSTANTIATE_REM_PROV_AIDL_TEST(GetHardwareInfoTests);
@@ -336,9 +384,8 @@
*/
TEST_P(GenerateKeyTests, generateAndUseEcdsaP256Key_prodMode) {
// See if there is a matching IKeyMintDevice for this IRemotelyProvisionedComponent.
- std::shared_ptr<IKeyMintDevice> keyMint;
- if (!matching_keymint_device(GetParam(), &keyMint)) {
- // No matching IKeyMintDevice.
+ auto keyMint = matchingKeyMintDevice(GetParam());
+ if (!keyMint) {
GTEST_SKIP() << "Skipping key use test as no matching KeyMint device found";
return;
}
@@ -931,9 +978,8 @@
// @VsrTest = 3.10-015
TEST_P(CertificateRequestV2Test, DeviceInfo) {
// See if there is a matching IKeyMintDevice for this IRemotelyProvisionedComponent.
- std::shared_ptr<IKeyMintDevice> keyMint;
- if (!matching_keymint_device(GetParam(), &keyMint)) {
- // No matching IKeyMintDevice.
+ std::shared_ptr<IKeyMintDevice> keyMint = matchingKeyMintDevice(GetParam());
+ if (!keyMint) {
GTEST_SKIP() << "Skipping key use test as no matching KeyMint device found";
return;
}
@@ -999,6 +1045,7 @@
std::unique_ptr<cppbor::Array> csrPayload = std::move(*result);
ASSERT_TRUE(csrPayload);
+ ASSERT_TRUE(csrPayload->size() > 2);
auto deviceInfo = csrPayload->get(2)->asMap();
ASSERT_TRUE(deviceInfo);