Merge "Add permission denied reason to Reason.aidl" into main
diff --git a/automotive/audiocontrol/aidl/aidl_api/android.hardware.automotive.audiocontrol/current/android/hardware/automotive/audiocontrol/AudioZone.aidl b/automotive/audiocontrol/aidl/aidl_api/android.hardware.automotive.audiocontrol/current/android/hardware/automotive/audiocontrol/AudioZone.aidl
index 2cb1760..57a9812 100644
--- a/automotive/audiocontrol/aidl/aidl_api/android.hardware.automotive.audiocontrol/current/android/hardware/automotive/audiocontrol/AudioZone.aidl
+++ b/automotive/audiocontrol/aidl/aidl_api/android.hardware.automotive.audiocontrol/current/android/hardware/automotive/audiocontrol/AudioZone.aidl
@@ -35,11 +35,10 @@
@JavaDerive(equals=true, toString=true) @VintfStability
parcelable AudioZone {
String name;
- int id;
+ int id = android.media.audio.common.AudioHalProductStrategy.ZoneId.DEFAULT /* 0 */;
int occupantZoneId = UNASSIGNED_OCCUPANT /* -1 */;
android.hardware.automotive.audiocontrol.AudioZoneContext audioZoneContext;
List<android.hardware.automotive.audiocontrol.AudioZoneConfig> audioZoneConfigs;
List<android.media.audio.common.AudioPort> inputAudioDevices;
- const int PRIMARY_AUDIO_ZONE = 0;
const int UNASSIGNED_OCCUPANT = (-1) /* -1 */;
}
diff --git a/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/AudioFadeConfiguration.aidl b/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/AudioFadeConfiguration.aidl
index d3181da..4190c46 100644
--- a/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/AudioFadeConfiguration.aidl
+++ b/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/AudioFadeConfiguration.aidl
@@ -73,6 +73,10 @@
/**
* Fade in delayed duration for audio focus offender in milliseconds
+ *
+ * <p>Fade offender are defined as audio players that do not stop playback after audio focus
+ * lost. This timeout serves to continue to fadeout the offender until audio is stopped or the
+ * timeout expires.
*/
long fadeInDelayedForOffendersMs = DEFAULT_DELAY_FADE_IN_OFFENDERS_MS;
diff --git a/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/AudioZone.aidl b/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/AudioZone.aidl
index c90bcfd..d31d6fd 100644
--- a/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/AudioZone.aidl
+++ b/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/AudioZone.aidl
@@ -18,6 +18,7 @@
import android.hardware.automotive.audiocontrol.AudioZoneConfig;
import android.hardware.automotive.audiocontrol.AudioZoneContext;
+import android.media.audio.common.AudioHalProductStrategy;
import android.media.audio.common.AudioPort;
/**
@@ -27,11 +28,6 @@
@VintfStability
parcelable AudioZone {
/**
- * Value indicating the primary audio zone
- */
- const int PRIMARY_AUDIO_ZONE = 0;
-
- /**
* Value indicating the occupant zone is not assigned.
*/
const int UNASSIGNED_OCCUPANT = -1;
@@ -47,8 +43,11 @@
/**
* Audio zone id use to distiguish between the different audio zones for
* volume management, fade, and min/max activation management.
+ *
+ * <p>Value must start at {@link AudioHalProductStrategy#ZoneId#DEFAULT} for the primary zone
+ * and increase for each different zone. Zone id must also not repeat for different zones.
*/
- int id;
+ int id = AudioHalProductStrategy.ZoneId.DEFAULT;
/**
* Occupant zone id that should be mapped to this audio zone.
diff --git a/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/VolumeGroupConfig.aidl b/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/VolumeGroupConfig.aidl
index 7e3bc60..bea80ce 100644
--- a/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/VolumeGroupConfig.aidl
+++ b/automotive/audiocontrol/aidl/android/hardware/automotive/audiocontrol/VolumeGroupConfig.aidl
@@ -33,8 +33,9 @@
/**
* Audio zone group name.
*
- * <p>Must be non-empty if using configurable audio policy engine volume management, see
- * {@code AudioDeviceConfiguration#useCoreAudioVolume} for details.
+ * <p>Must be non-empty if using configurable audio policy engine volume management,
+ * {@see AudioDeviceConfiguration#useCoreAudioVolume} for details. For non-core volume group
+ * management this can be left empty or use for debugging purposes.
*/
String name;
diff --git a/automotive/audiocontrol/aidl/default/converter/src/CarAudioConfigurationXmlConverter.cpp b/automotive/audiocontrol/aidl/default/converter/src/CarAudioConfigurationXmlConverter.cpp
index 206ce0c..f4e8123 100644
--- a/automotive/audiocontrol/aidl/default/converter/src/CarAudioConfigurationXmlConverter.cpp
+++ b/automotive/audiocontrol/aidl/default/converter/src/CarAudioConfigurationXmlConverter.cpp
@@ -49,6 +49,7 @@
using aidl::android::media::audio::common::AudioDeviceAddress;
using aidl::android::media::audio::common::AudioDeviceDescription;
using aidl::android::media::audio::common::AudioDeviceType;
+using aidl::android::media::audio::common::AudioHalProductStrategy;
using aidl::android::media::audio::common::AudioPort;
using aidl::android::media::audio::common::AudioPortDeviceExt;
using aidl::android::media::audio::common::AudioPortExt;
@@ -537,6 +538,7 @@
bool parseAudioZone(const xsd::ZoneType& zone, const ActivationMap& activations,
const FadeConfigurationMap& fadeConfigurations, api::AudioZone& audioZone) {
+ static int kPrimaryZoneId = static_cast<int>(AudioHalProductStrategy::ZoneId::DEFAULT);
if (zone.hasName()) {
audioZone.name = zone.getName();
}
@@ -558,7 +560,7 @@
bool isPrimary = zone.hasIsPrimary() && zone.getIsPrimary();
if (isPrimary) {
- audioZone.id = api::AudioZone::PRIMARY_AUDIO_ZONE;
+ audioZone.id = kPrimaryZoneId;
}
// ID not required in XML for primary zone
@@ -569,10 +571,10 @@
return false;
}
- if (isPrimary && audioZone.id != api::AudioZone::PRIMARY_AUDIO_ZONE) {
+ if (isPrimary && audioZone.id != kPrimaryZoneId) {
LOG(ERROR) << __func__ << " Audio zone is primary but has zone id "
<< std::to_string(audioZone.id) << " instead of primary zone id "
- << std::to_string(api::AudioZone::PRIMARY_AUDIO_ZONE);
+ << std::to_string(kPrimaryZoneId);
return false;
}
diff --git a/automotive/audiocontrol/aidl/default/converter/test/AudioControlConverterUnitTest.cpp b/automotive/audiocontrol/aidl/default/converter/test/AudioControlConverterUnitTest.cpp
index b6bebe5..d11a59a 100644
--- a/automotive/audiocontrol/aidl/default/converter/test/AudioControlConverterUnitTest.cpp
+++ b/automotive/audiocontrol/aidl/default/converter/test/AudioControlConverterUnitTest.cpp
@@ -38,6 +38,7 @@
using ::aidl::android::media::audio::common::AudioDeviceAddress;
using ::aidl::android::media::audio::common::AudioDeviceDescription;
using ::aidl::android::media::audio::common::AudioDeviceType;
+using ::aidl::android::media::audio::common::AudioHalProductStrategy;
using ::aidl::android::media::audio::common::AudioPort;
using ::aidl::android::media::audio::common::AudioPortDeviceExt;
using ::aidl::android::media::audio::common::AudioPortExt;
@@ -476,7 +477,7 @@
{kBusMediaVolumeGroup, kBusNavVolumeGroup, kBusCallVolumeGroup, kBusSysVolumeGroup}, true);
const api::AudioZone kDriverZone =
- createAudioZone("driver zone", api::AudioZone::PRIMARY_AUDIO_ZONE,
+ createAudioZone("driver zone", static_cast<int>(AudioHalProductStrategy::ZoneId::DEFAULT),
kSimpleCarAudioConfigurationContext, {kDriverZoneConfig});
const api::AudioZoneFadeConfiguration kZoneAudioConfigFading = createAudioZoneFadeConfiguration(
@@ -491,9 +492,9 @@
"oem_system_sound", "oem_notification"})});
const api::AudioZoneConfig kFrontZoneConfig = createAudioZoneConfig(
"front passenger config 0", kZoneAudioConfigFading, {kFrontVolumeGroup}, true);
-const api::AudioZone kFrontZone =
- createAudioZone("front passenger zone", api::AudioZone::PRIMARY_AUDIO_ZONE + 1,
- kSimpleCarAudioConfigurationContext, {kFrontZoneConfig});
+const api::AudioZone kFrontZone = createAudioZone(
+ "front passenger zone", static_cast<int>(AudioHalProductStrategy::ZoneId::DEFAULT) + 1,
+ kSimpleCarAudioConfigurationContext, {kFrontZoneConfig});
const AudioPort kBusRearDevice = createAudioPort("BUS_REAR", AudioDeviceType::OUT_BUS);
const api::VolumeGroupConfig kRearVolumeGroup =
@@ -503,9 +504,9 @@
"oem_system_sound", "oem_notification"})});
const api::AudioZoneConfig kRearZoneConfig = createAudioZoneConfig(
"rear seat config 0", kZoneAudioConfigFading, {kRearVolumeGroup}, true);
-const api::AudioZone kRearZone =
- createAudioZone("rear seat zone", api::AudioZone::PRIMARY_AUDIO_ZONE + 2,
- kSimpleCarAudioConfigurationContext, {kRearZoneConfig});
+const api::AudioZone kRearZone = createAudioZone(
+ "rear seat zone", static_cast<int>(AudioHalProductStrategy::ZoneId::DEFAULT) + 2,
+ kSimpleCarAudioConfigurationContext, {kRearZoneConfig});
std::vector<api::AudioZone> kMultiZones = {kDriverZone, kFrontZone, kRearZone};
@@ -624,7 +625,7 @@
EXPECT_EQ(zones.size(), 1);
const auto& zone = zones.front();
- EXPECT_EQ(zone.id, api::AudioZone::PRIMARY_AUDIO_ZONE);
+ EXPECT_EQ(zone.id, static_cast<int>(AudioHalProductStrategy::ZoneId::DEFAULT));
EXPECT_EQ(zone.occupantZoneId, 0);
EXPECT_EQ(zone.name, "primary zone");
@@ -685,7 +686,7 @@
EXPECT_EQ(zones.size(), 1);
const auto& zone = zones.front();
- EXPECT_EQ(zone.id, api::AudioZone::PRIMARY_AUDIO_ZONE);
+ EXPECT_EQ(zone.id, static_cast<int>(AudioHalProductStrategy::ZoneId::DEFAULT));
EXPECT_EQ(zone.occupantZoneId, 0);
EXPECT_EQ(zone.name, "primary zone");
diff --git a/automotive/audiocontrol/aidl/vts/VtsHalAudioControlTargetTest.cpp b/automotive/audiocontrol/aidl/vts/VtsHalAudioControlTargetTest.cpp
index cd58f40..f01f04d 100644
--- a/automotive/audiocontrol/aidl/vts/VtsHalAudioControlTargetTest.cpp
+++ b/automotive/audiocontrol/aidl/vts/VtsHalAudioControlTargetTest.cpp
@@ -26,6 +26,7 @@
#include <android/hardware/automotive/audiocontrol/BnModuleChangeCallback.h>
#include <android/hardware/automotive/audiocontrol/IAudioControl.h>
#include <android/log.h>
+#include <android/media/audio/common/AudioHalProductStrategy.h>
#include <binder/IServiceManager.h>
#include <binder/ProcessState.h>
#include <include/AudioControlTestUtils.h>
@@ -63,6 +64,8 @@
DEFAULT_MAX_ACTIVATION_VALUE;
using android::hardware::automotive::audiocontrol::VolumeActivationConfigurationEntry::
DEFAULT_MIN_ACTIVATION_VALUE;
+using android::media::audio::common::AudioHalProductStrategy;
+
using ::testing::AnyOf;
using ::testing::Eq;
@@ -628,7 +631,7 @@
std::set<android::String16> zoneNames;
std::set<std::string> deviceAddresses;
for (const auto& zone : audioZones) {
- if (zone.id == AudioZone::PRIMARY_AUDIO_ZONE) {
+ if (zone.id == static_cast<int>(AudioHalProductStrategy::ZoneId::DEFAULT)) {
EXPECT_FALSE(primaryZoneFound) << "There can only be one primary zone";
primaryZoneFound = true;
}
diff --git a/gnss/aidl/aidl_api/android.hardware.gnss/current/android/hardware/gnss/gnss_assistance/GnssAssistance.aidl b/gnss/aidl/aidl_api/android.hardware.gnss/current/android/hardware/gnss/gnss_assistance/GnssAssistance.aidl
index 5f8fee7..1df2123 100644
--- a/gnss/aidl/aidl_api/android.hardware.gnss/current/android/hardware/gnss/gnss_assistance/GnssAssistance.aidl
+++ b/gnss/aidl/aidl_api/android.hardware.gnss/current/android/hardware/gnss/gnss_assistance/GnssAssistance.aidl
@@ -43,7 +43,7 @@
@VintfStability
parcelable GnssSatelliteCorrections {
int svid;
- android.hardware.gnss.gnss_assistance.IonosphericCorrection[] inonosphericCorrections;
+ android.hardware.gnss.gnss_assistance.IonosphericCorrection[] ionosphericCorrections;
}
@VintfStability
parcelable GpsAssistance {
diff --git a/gnss/aidl/aidl_api/android.hardware.gnss/current/android/hardware/gnss/gnss_assistance/IonosphericCorrection.aidl b/gnss/aidl/aidl_api/android.hardware.gnss/current/android/hardware/gnss/gnss_assistance/IonosphericCorrection.aidl
index e02d97f..6e8434a 100644
--- a/gnss/aidl/aidl_api/android.hardware.gnss/current/android/hardware/gnss/gnss_assistance/IonosphericCorrection.aidl
+++ b/gnss/aidl/aidl_api/android.hardware.gnss/current/android/hardware/gnss/gnss_assistance/IonosphericCorrection.aidl
@@ -36,5 +36,5 @@
@VintfStability
parcelable IonosphericCorrection {
long carrierFrequencyHz;
- android.hardware.gnss.gnss_assistance.GnssCorrectionComponent ionosphericCorrection;
+ android.hardware.gnss.gnss_assistance.GnssCorrectionComponent ionosphericCorrectionComponent;
}
diff --git a/gnss/aidl/android/hardware/gnss/gnss_assistance/GnssAssistance.aidl b/gnss/aidl/android/hardware/gnss/gnss_assistance/GnssAssistance.aidl
index ddff848..4bf6154 100644
--- a/gnss/aidl/android/hardware/gnss/gnss_assistance/GnssAssistance.aidl
+++ b/gnss/aidl/android/hardware/gnss/gnss_assistance/GnssAssistance.aidl
@@ -46,7 +46,7 @@
* OSN number for Glonass. The distinction is made by looking at the constellation field.
* Values must be in the range of:
*
- * - GNSS: 1-32
+ * - GPS: 1-32
* - GLONASS: 1-25
* - QZSS: 183-206
* - Galileo: 1-36
@@ -55,7 +55,7 @@
int svid;
/** Ionospheric corrections */
- IonosphericCorrection[] inonosphericCorrections;
+ IonosphericCorrection[] ionosphericCorrections;
}
/** Contains GPS assistance. */
diff --git a/gnss/aidl/android/hardware/gnss/gnss_assistance/IonosphericCorrection.aidl b/gnss/aidl/android/hardware/gnss/gnss_assistance/IonosphericCorrection.aidl
index e8e50bd..fe6b63d 100644
--- a/gnss/aidl/android/hardware/gnss/gnss_assistance/IonosphericCorrection.aidl
+++ b/gnss/aidl/android/hardware/gnss/gnss_assistance/IonosphericCorrection.aidl
@@ -31,6 +31,6 @@
*/
long carrierFrequencyHz;
- /** Ionospheric correction. */
- GnssCorrectionComponent ionosphericCorrection;
+ /** Ionospheric correction component. */
+ GnssCorrectionComponent ionosphericCorrectionComponent;
}
diff --git a/gnss/aidl/android/hardware/gnss/gnss_assistance/RealTimeIntegrityModel.aidl b/gnss/aidl/android/hardware/gnss/gnss_assistance/RealTimeIntegrityModel.aidl
index 4a4122c..10a511f 100644
--- a/gnss/aidl/android/hardware/gnss/gnss_assistance/RealTimeIntegrityModel.aidl
+++ b/gnss/aidl/android/hardware/gnss/gnss_assistance/RealTimeIntegrityModel.aidl
@@ -29,7 +29,7 @@
* OSN number for Glonass. The distinction is made by looking at the constellation field.
* Values must be in the range of:
*
- * - GNSS: 1-32
+ * - GPS: 1-32
* - GLONASS: 1-25
* - QZSS: 183-206
* - Galileo: 1-36
diff --git a/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp b/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp
index 2c53377..c1900d7 100644
--- a/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp
+++ b/graphics/composer/aidl/vts/VtsHalGraphicsComposer3_TargetTest.cpp
@@ -3362,15 +3362,11 @@
mComposerClient->createLayer(getPrimaryDisplayId(), kBufferSlotCount, &writer);
EXPECT_TRUE(layerStatus.isOk());
const auto& [status, properties] = mComposerClient->getOverlaySupport();
- if (!status.isOk() && status.getExceptionCode() == EX_SERVICE_SPECIFIC &&
- status.getServiceSpecificError() == IComposerClient::EX_UNSUPPORTED) {
- GTEST_SUCCEED() << "getOverlaySupport is not supported";
- return;
- }
- ASSERT_TRUE(status.isOk());
// TODO (b/362319189): add Lut VTS enforcement
- if (!properties.lutProperties) {
+ if ((!status.isOk() && status.getExceptionCode() == EX_SERVICE_SPECIFIC &&
+ status.getServiceSpecificError() == IComposerClient::EX_UNSUPPORTED) ||
+ (status.isOk() && !properties.lutProperties)) {
int32_t size = 7;
size_t bufferSize = static_cast<size_t>(size) * sizeof(float);
int32_t fd = ashmem_create_region("lut_shared_mem", bufferSize);
@@ -3384,13 +3380,22 @@
{LutProperties::Dimension::ONE_D, size, {LutProperties::SamplingKey::RGB}}};
luts.pfd = ndk::ScopedFileDescriptor(fd);
+ const auto layer = createOnScreenLayer(getPrimaryDisplayId());
+ const auto buffer = allocate(::android::PIXEL_FORMAT_RGBA_8888);
+ ASSERT_NE(nullptr, buffer->handle);
+ writer.setLayerBuffer(getPrimaryDisplayId(), layer, /*slot*/ 0, buffer->handle,
+ /*acquireFence*/ -1);
writer.setLayerLuts(getPrimaryDisplayId(), layer, luts);
writer.validateDisplay(getPrimaryDisplayId(), ComposerClientWriter::kNoTimestamp,
VtsComposerClient::kNoFrameIntervalNs);
execute();
+ const auto errors = mReader.takeErrors();
+ if (errors.size() == 1 && errors[0].errorCode == IComposerClient::EX_UNSUPPORTED) {
+ GTEST_SUCCEED() << "setLayerLuts is not supported";
+ return;
+ }
// change to client composition
ASSERT_FALSE(mReader.takeChangedCompositionTypes(getPrimaryDisplayId()).empty());
- ASSERT_TRUE(mReader.takeErrors().empty());
}
}
diff --git a/neuralnetworks/1.2/utils/test/DeviceTest.cpp b/neuralnetworks/1.2/utils/test/DeviceTest.cpp
index 0e855c4..0d8c141 100644
--- a/neuralnetworks/1.2/utils/test/DeviceTest.cpp
+++ b/neuralnetworks/1.2/utils/test/DeviceTest.cpp
@@ -54,10 +54,6 @@
.execTime = std::numeric_limits<float>::max(),
.powerUsage = std::numeric_limits<float>::max()};
-// FIXME: This function causes Clang to hang indefinitely when building with
-// -O1. Turn off optimization as a temporary workaround.
-// http://b/296850773
-#pragma clang optimize off
template <typename... Args>
auto makeCallbackReturn(Args&&... args) {
return [argPack = std::make_tuple(std::forward<Args>(args)...)](const auto& cb) {
@@ -65,7 +61,6 @@
return Void();
};
}
-#pragma clang optimize on
sp<MockDevice> createMockDevice() {
const auto mockDevice = MockDevice::create();
diff --git a/radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetwork.aidl b/radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetwork.aidl
index a6fd27a..ad7473b 100644
--- a/radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetwork.aidl
+++ b/radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetwork.aidl
@@ -36,6 +36,9 @@
@VintfStability
interface IRadioNetwork {
oneway void getAllowedNetworkTypesBitmap(in int serial);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void getAvailableBandModes(in int serial);
oneway void getAvailableNetworks(in int serial);
oneway void getBarringInfo(in int serial);
@@ -58,6 +61,9 @@
oneway void isNrDualConnectivityEnabled(in int serial);
oneway void responseAcknowledgement();
oneway void setAllowedNetworkTypesBitmap(in int serial, in int networkTypeBitmap);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void setBandMode(in int serial, in android.hardware.radio.network.RadioBandMode mode);
oneway void setBarringPassword(in int serial, in String facility, in String oldPassword, in String newPassword);
/**
@@ -67,12 +73,18 @@
oneway void setCellInfoListRate(in int serial, in int rate);
oneway void setIndicationFilter(in int serial, in int indicationFilter);
oneway void setLinkCapacityReportingCriteria(in int serial, in int hysteresisMs, in int hysteresisDlKbps, in int hysteresisUlKbps, in int[] thresholdsDownlinkKbps, in int[] thresholdsUplinkKbps, in android.hardware.radio.AccessNetwork accessNetwork);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void setLocationUpdates(in int serial, in boolean enable);
oneway void setNetworkSelectionModeAutomatic(in int serial);
oneway void setNetworkSelectionModeManual(in int serial, in String operatorNumeric, in android.hardware.radio.AccessNetwork ran);
oneway void setNrDualConnectivityState(in int serial, in android.hardware.radio.network.NrDualConnectivityState nrDualConnectivityState);
oneway void setResponseFunctions(in android.hardware.radio.network.IRadioNetworkResponse radioNetworkResponse, in android.hardware.radio.network.IRadioNetworkIndication radioNetworkIndication);
oneway void setSignalStrengthReportingCriteria(in int serial, in android.hardware.radio.network.SignalThresholdInfo[] signalThresholdInfos);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void setSuppServiceNotifications(in int serial, in boolean enable);
oneway void setSystemSelectionChannels(in int serial, in boolean specifyChannels, in android.hardware.radio.network.RadioAccessSpecifier[] specifiers);
oneway void startNetworkScan(in int serial, in android.hardware.radio.network.NetworkScanRequest request);
diff --git a/radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetworkResponse.aidl b/radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetworkResponse.aidl
index 080b4aa..3c220ab 100644
--- a/radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetworkResponse.aidl
+++ b/radio/aidl/aidl_api/android.hardware.radio.network/current/android/hardware/radio/network/IRadioNetworkResponse.aidl
@@ -37,6 +37,9 @@
interface IRadioNetworkResponse {
oneway void acknowledgeRequest(in int serial);
oneway void getAllowedNetworkTypesBitmapResponse(in android.hardware.radio.RadioResponseInfo info, in int networkTypeBitmap);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void getAvailableBandModesResponse(in android.hardware.radio.RadioResponseInfo info, in android.hardware.radio.network.RadioBandMode[] bandModes);
oneway void getAvailableNetworksResponse(in android.hardware.radio.RadioResponseInfo info, in android.hardware.radio.network.OperatorInfo[] networkInfos);
oneway void getBarringInfoResponse(in android.hardware.radio.RadioResponseInfo info, in android.hardware.radio.network.CellIdentity cellIdentity, in android.hardware.radio.network.BarringInfo[] barringInfos);
@@ -58,6 +61,9 @@
oneway void getVoiceRegistrationStateResponse(in android.hardware.radio.RadioResponseInfo info, in android.hardware.radio.network.RegStateResult voiceRegResponse);
oneway void isNrDualConnectivityEnabledResponse(in android.hardware.radio.RadioResponseInfo info, in boolean isEnabled);
oneway void setAllowedNetworkTypesBitmapResponse(in android.hardware.radio.RadioResponseInfo info);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void setBandModeResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void setBarringPasswordResponse(in android.hardware.radio.RadioResponseInfo info);
/**
@@ -67,11 +73,17 @@
oneway void setCellInfoListRateResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void setIndicationFilterResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void setLinkCapacityReportingCriteriaResponse(in android.hardware.radio.RadioResponseInfo info);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void setLocationUpdatesResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void setNetworkSelectionModeAutomaticResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void setNetworkSelectionModeManualResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void setNrDualConnectivityStateResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void setSignalStrengthReportingCriteriaResponse(in android.hardware.radio.RadioResponseInfo info);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void setSuppServiceNotificationsResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void setSystemSelectionChannelsResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void startNetworkScanResponse(in android.hardware.radio.RadioResponseInfo info);
diff --git a/radio/aidl/aidl_api/android.hardware.radio.sim/current/android/hardware/radio/sim/IRadioSim.aidl b/radio/aidl/aidl_api/android.hardware.radio.sim/current/android/hardware/radio/sim/IRadioSim.aidl
index 5a4c5c1..c868f81 100644
--- a/radio/aidl/aidl_api/android.hardware.radio.sim/current/android/hardware/radio/sim/IRadioSim.aidl
+++ b/radio/aidl/aidl_api/android.hardware.radio.sim/current/android/hardware/radio/sim/IRadioSim.aidl
@@ -76,6 +76,9 @@
oneway void setFacilityLockForApp(in int serial, in String facility, in boolean lockState, in String password, in int serviceClass, in String appId);
oneway void setResponseFunctions(in android.hardware.radio.sim.IRadioSimResponse radioSimResponse, in android.hardware.radio.sim.IRadioSimIndication radioSimIndication);
oneway void setSimCardPower(in int serial, in android.hardware.radio.sim.CardPowerState powerUp);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void setUiccSubscription(in int serial, in android.hardware.radio.sim.SelectUiccSub uiccSub);
oneway void supplyIccPin2ForApp(in int serial, in String pin2, in String aid);
oneway void supplyIccPinForApp(in int serial, in String pin, in String aid);
diff --git a/radio/aidl/aidl_api/android.hardware.radio.sim/current/android/hardware/radio/sim/IRadioSimResponse.aidl b/radio/aidl/aidl_api/android.hardware.radio.sim/current/android/hardware/radio/sim/IRadioSimResponse.aidl
index a512bae..6526d8b 100644
--- a/radio/aidl/aidl_api/android.hardware.radio.sim/current/android/hardware/radio/sim/IRadioSimResponse.aidl
+++ b/radio/aidl/aidl_api/android.hardware.radio.sim/current/android/hardware/radio/sim/IRadioSimResponse.aidl
@@ -75,6 +75,9 @@
oneway void setCdmaSubscriptionSourceResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void setFacilityLockForAppResponse(in android.hardware.radio.RadioResponseInfo info, in int retry);
oneway void setSimCardPowerResponse(in android.hardware.radio.RadioResponseInfo info);
+ /**
+ * @deprecated Android Telephony framework doesn't use this.
+ */
oneway void setUiccSubscriptionResponse(in android.hardware.radio.RadioResponseInfo info);
oneway void supplyIccPin2ForAppResponse(in android.hardware.radio.RadioResponseInfo info, in int remainingRetries);
oneway void supplyIccPinForAppResponse(in android.hardware.radio.RadioResponseInfo info, in int remainingRetries);
diff --git a/radio/aidl/android/hardware/radio/modem/HardwareConfigModem.aidl b/radio/aidl/android/hardware/radio/modem/HardwareConfigModem.aidl
index 4818c9e..0389170 100644
--- a/radio/aidl/android/hardware/radio/modem/HardwareConfigModem.aidl
+++ b/radio/aidl/android/hardware/radio/modem/HardwareConfigModem.aidl
@@ -32,9 +32,12 @@
*/
int rilModel;
/**
- * Bitset value, based on RadioTechnology.
+ * All supported radio technologies.
+ *
+ * Despite the stated type, this is an int bitset: a mask where each bit position represents a
+ * radio technology.
*/
- RadioTechnology rat = RadioTechnology.UNKNOWN;
+ RadioTechnology rat = RadioTechnology.UNKNOWN; // it's really an empty bitmask
/**
* Maximum number of concurrent active voice calls.
*/
diff --git a/radio/aidl/android/hardware/radio/network/IRadioNetwork.aidl b/radio/aidl/android/hardware/radio/network/IRadioNetwork.aidl
index 68e4829..2509b6d 100644
--- a/radio/aidl/android/hardware/radio/network/IRadioNetwork.aidl
+++ b/radio/aidl/android/hardware/radio/network/IRadioNetwork.aidl
@@ -61,6 +61,8 @@
* Response function is IRadioNetworkResponse.getAvailableBandModesResponse()
*
* This is available when android.hardware.telephony.radio.access is defined.
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void getAvailableBandModes(in int serial);
@@ -247,6 +249,8 @@
* Response function is IRadioNetworkResponse.setBandModeResponse()
*
* This is available when android.hardware.telephony.radio.access is defined.
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void setBandMode(in int serial, in RadioBandMode mode);
@@ -348,6 +352,8 @@
* Response function is IRadioNetworkResponse.setLocationUpdatesResponse()
*
* This is available when android.hardware.telephony.radio.access is defined.
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void setLocationUpdates(in int serial, in boolean enable);
@@ -441,6 +447,8 @@
* Response function is IRadioNetworkResponse.setSuppServiceNotificationsResponse()
*
* This is available when android.hardware.telephony.calling is defined.
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void setSuppServiceNotifications(in int serial, in boolean enable);
diff --git a/radio/aidl/android/hardware/radio/network/IRadioNetworkResponse.aidl b/radio/aidl/android/hardware/radio/network/IRadioNetworkResponse.aidl
index 4c1a394..fd332fc 100644
--- a/radio/aidl/android/hardware/radio/network/IRadioNetworkResponse.aidl
+++ b/radio/aidl/android/hardware/radio/network/IRadioNetworkResponse.aidl
@@ -80,6 +80,8 @@
* RadioError:MODEM_ERR
* RadioError:NO_RESOURCES
* RadioError:CANCELLED
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void getAvailableBandModesResponse(in RadioResponseInfo info, in RadioBandMode[] bandModes);
@@ -332,6 +334,8 @@
* RadioError:MODEM_ERR
* RadioError:NO_RESOURCES
* RadioError:CANCELLED
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void setBandModeResponse(in RadioResponseInfo info);
@@ -437,6 +441,8 @@
* RadioError:NO_RESOURCES
* RadioError:CANCELLED
* RadioError:SIM_ABSENT
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void setLocationUpdatesResponse(in RadioResponseInfo info);
@@ -528,6 +534,8 @@
* RadioError:NO_RESOURCES
* RadioError:CANCELLED
* RadioError:SIM_ABSENT
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void setSuppServiceNotificationsResponse(in RadioResponseInfo info);
diff --git a/radio/aidl/android/hardware/radio/sim/IRadioSim.aidl b/radio/aidl/android/hardware/radio/sim/IRadioSim.aidl
index 24c7320..16573f4 100644
--- a/radio/aidl/android/hardware/radio/sim/IRadioSim.aidl
+++ b/radio/aidl/android/hardware/radio/sim/IRadioSim.aidl
@@ -485,6 +485,8 @@
* Response function is IRadioSimResponse.setUiccSubscriptionResponse()
*
* This is available when android.hardware.telephony.subscription is defined.
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void setUiccSubscription(in int serial, in SelectUiccSub uiccSub);
diff --git a/radio/aidl/android/hardware/radio/sim/IRadioSimResponse.aidl b/radio/aidl/android/hardware/radio/sim/IRadioSimResponse.aidl
index 92815d2..62fa674 100644
--- a/radio/aidl/android/hardware/radio/sim/IRadioSimResponse.aidl
+++ b/radio/aidl/android/hardware/radio/sim/IRadioSimResponse.aidl
@@ -544,6 +544,8 @@
* RadioError:INVALID_ARGUMENTS
* RadioError:NO_RESOURCES
* RadioError:CANCELLED
+ *
+ * @deprecated Android Telephony framework doesn't use this.
*/
void setUiccSubscriptionResponse(in RadioResponseInfo info);
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index e8eed71..b57dd8a 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -548,10 +548,8 @@
void deleteKey(in byte[] keyBlob);
/**
- * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
- * this function is called all keys with Tag::ROLLBACK_RESISTANCE in their hardware-enforced
- * authorization lists must be rendered permanently unusable. Keys without
- * Tag::ROLLBACK_RESISTANCE may or may not be rendered unusable.
+ * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
+ * this function is called all keys created previously must be rendered permanently unusable.
*/
void deleteAllKeys();
diff --git a/security/keymint/aidl/default/hal/lib.rs b/security/keymint/aidl/default/hal/lib.rs
index 621f077..fad807f 100644
--- a/security/keymint/aidl/default/hal/lib.rs
+++ b/security/keymint/aidl/default/hal/lib.rs
@@ -47,11 +47,9 @@
/// Get boot information based on system properties.
pub fn get_boot_info() -> kmr_wire::SetBootInfoRequest {
- // No access to a verified boot key.
- let verified_boot_key = vec![0; 32];
let vbmeta_digest = get_property("ro.boot.vbmeta.digest").unwrap_or_else(|_| "00".repeat(32));
let verified_boot_hash = hex::decode(&vbmeta_digest).unwrap_or_else(|_e| {
- error!("failed to parse hex data in '{}'", vbmeta_digest);
+ error!("failed to parse VBMeta digest hex data in '{vbmeta_digest}': {_e:?}");
vec![0; 32]
});
let device_boot_locked = match get_property("ro.boot.vbmeta.device_state")
@@ -65,6 +63,18 @@
false
}
};
+ let verified_boot_key_digest =
+ get_property("ro.boot.vbmeta.public_key_digest").unwrap_or_else(|_| "00".repeat(32));
+ let verified_boot_key = match device_boot_locked {
+ true => hex::decode(&verified_boot_key_digest).unwrap_or_else(|_e| {
+ error!("Failed to parse Verified Boot key hex data in '{verified_boot_key_digest}': {_e:?}");
+ vec![0; 32]
+ }),
+ // VTS-16+ requires the attested Verified Boot key to be 32 bytes of zeroes when the
+ // bootloader is unlocked, so we ignore the property's value in that case. Behaviour
+ // prior to VTS-16 is unspecified, so it's fine to return the same.
+ false => vec![0; 32],
+ };
let verified_boot_state = match get_property("ro.boot.verifiedbootstate")
.unwrap_or_else(|_| "no-prop".to_string())
.as_str()
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 067db78..416e6c0 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -8305,21 +8305,15 @@
GTEST_SKIP() << "Option --arm_deleteAllKeys not set";
return;
}
+ // This test was introduced in API level 36, but is not version guarded because it requires a
+ // manual opt-in anyway. This makes it easier to run on older devices.
auto error = GenerateKey(AuthorizationSetBuilder()
.RsaSigningKey(2048, 65537)
.Digest(Digest::NONE)
.Padding(PaddingMode::NONE)
.Authorization(TAG_NO_AUTH_REQUIRED)
- .Authorization(TAG_ROLLBACK_RESISTANCE)
.SetDefaultValidity());
- if (error == ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE) {
- GTEST_SKIP() << "Rollback resistance not supported";
- }
-
- // Delete must work if rollback protection is implemented
ASSERT_EQ(ErrorCode::OK, error);
- AuthorizationSet hardwareEnforced(SecLevelAuthorizations());
- ASSERT_TRUE(hardwareEnforced.Contains(TAG_ROLLBACK_RESISTANCE));
ASSERT_EQ(ErrorCode::OK, DeleteAllKeys());
diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h
index 6cb00f2..9035d79 100644
--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h
+++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h
@@ -29,6 +29,11 @@
using bytevec = std::vector<uint8_t>;
using namespace cppcose;
+constexpr std::string_view kErrorChallengeMismatch = "challenges do not match";
+constexpr std::string_view kErrorUdsCertsAreRequired = "UdsCerts are required";
+constexpr std::string_view kErrorKeysToSignMismatch = "KeysToSign do not match";
+constexpr std::string_view kErrorDiceChainIsDegenerate = "DICE chain is degenerate";
+
extern bytevec kTestMacKey;
// The Google root key for the Endpoint Encryption Key chain, encoded as COSE_Sign1
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index e11f021..ccb2768 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -123,37 +123,6 @@
return std::make_tuple(std::move(pubX), std::move(pubY));
}
-ErrMsgOr<bytevec> getRawPublicKey(const EVP_PKEY_Ptr& pubKey) {
- if (pubKey.get() == nullptr) {
- return "pkey is null.";
- }
- int keyType = EVP_PKEY_base_id(pubKey.get());
- switch (keyType) {
- case EVP_PKEY_EC: {
- int nid = EVP_PKEY_bits(pubKey.get()) == 384 ? NID_secp384r1 : NID_X9_62_prime256v1;
- auto ecKey = EC_KEY_Ptr(EVP_PKEY_get1_EC_KEY(pubKey.get()));
- if (ecKey.get() == nullptr) {
- return "Failed to get ec key";
- }
- return ecKeyGetPublicKey(ecKey.get(), nid);
- }
- case EVP_PKEY_ED25519: {
- bytevec rawPubKey;
- size_t rawKeySize = 0;
- if (!EVP_PKEY_get_raw_public_key(pubKey.get(), NULL, &rawKeySize)) {
- return "Failed to get raw public key.";
- }
- rawPubKey.resize(rawKeySize);
- if (!EVP_PKEY_get_raw_public_key(pubKey.get(), rawPubKey.data(), &rawKeySize)) {
- return "Failed to get raw public key.";
- }
- return rawPubKey;
- }
- default:
- return "Unknown key type.";
- }
-}
-
ErrMsgOr<std::tuple<bytevec, bytevec>> generateEc256KeyPair() {
auto ec_key = EC_KEY_Ptr(EC_KEY_new());
if (ec_key.get() == nullptr) {
@@ -166,7 +135,7 @@
}
if (EC_KEY_set_group(ec_key.get(), group.get()) != 1 ||
- EC_KEY_generate_key(ec_key.get()) != 1 || EC_KEY_check_key(ec_key.get()) < 0) {
+ EC_KEY_generate_key(ec_key.get()) != 1 || EC_KEY_check_key(ec_key.get()) != 1) {
return "Error generating key";
}
@@ -331,17 +300,22 @@
return chain.encode();
}
+bool maybeOverrideAllowAnyMode(bool allowAnyMode) {
+ // Use ro.build.type instead of ro.debuggable because ro.debuggable=1 for VTS testing
+ std::string build_type = ::android::base::GetProperty("ro.build.type", "");
+ if (!build_type.empty() && build_type != "user") {
+ return true;
+ }
+ return allowAnyMode;
+}
+
ErrMsgOr<std::vector<BccEntryData>> validateBcc(const cppbor::Array* bcc,
hwtrust::DiceChain::Kind kind, bool allowAnyMode,
bool allowDegenerate,
const std::string& instanceName) {
auto encodedBcc = bcc->encode();
- // Use ro.build.type instead of ro.debuggable because ro.debuggable=1 for VTS testing
- std::string build_type = ::android::base::GetProperty("ro.build.type", "");
- if (!build_type.empty() && build_type != "user") {
- allowAnyMode = true;
- }
+ allowAnyMode = maybeOverrideAllowAnyMode(allowAnyMode);
auto chain =
hwtrust::DiceChain::Verify(encodedBcc, kind, allowAnyMode, deviceSuffix(instanceName));
@@ -779,233 +753,9 @@
/*isFactory=*/false, allowAnyMode);
}
-ErrMsgOr<X509_Ptr> parseX509Cert(const std::vector<uint8_t>& cert) {
- CRYPTO_BUFFER_Ptr certBuf(CRYPTO_BUFFER_new(cert.data(), cert.size(), nullptr));
- if (!certBuf.get()) {
- return "Failed to create crypto buffer.";
- }
- X509_Ptr result(X509_parse_from_buffer(certBuf.get()));
- if (!result.get()) {
- return "Failed to parse certificate.";
- }
- return result;
-}
-
-std::string getX509IssuerName(const X509_Ptr& cert) {
- char* name = X509_NAME_oneline(X509_get_issuer_name(cert.get()), nullptr, 0);
- std::string result(name);
- OPENSSL_free(name);
- return result;
-}
-
-std::string getX509SubjectName(const X509_Ptr& cert) {
- char* name = X509_NAME_oneline(X509_get_subject_name(cert.get()), nullptr, 0);
- std::string result(name);
- OPENSSL_free(name);
- return result;
-}
-
-// Validates the certificate chain and returns the leaf public key.
-ErrMsgOr<bytevec> validateCertChain(const cppbor::Array& chain) {
- bytevec rawPubKey;
- for (size_t i = 0; i < chain.size(); ++i) {
- // Root must be self-signed.
- size_t signingCertIndex = (i > 0) ? i - 1 : i;
- auto& keyCertItem = chain[i];
- auto& signingCertItem = chain[signingCertIndex];
- if (!keyCertItem || !keyCertItem->asBstr()) {
- return "Key certificate must be a Bstr.";
- }
- if (!signingCertItem || !signingCertItem->asBstr()) {
- return "Signing certificate must be a Bstr.";
- }
-
- auto keyCert = parseX509Cert(keyCertItem->asBstr()->value());
- if (!keyCert) {
- return keyCert.message();
- }
- auto signingCert = parseX509Cert(signingCertItem->asBstr()->value());
- if (!signingCert) {
- return signingCert.message();
- }
-
- EVP_PKEY_Ptr pubKey(X509_get_pubkey(keyCert->get()));
- if (!pubKey.get()) {
- return "Failed to get public key.";
- }
- EVP_PKEY_Ptr signingPubKey(X509_get_pubkey(signingCert->get()));
- if (!signingPubKey.get()) {
- return "Failed to get signing public key.";
- }
-
- if (!X509_verify(keyCert->get(), signingPubKey.get())) {
- return "Verification of certificate " + std::to_string(i) +
- " faile. OpenSSL error string: " + ERR_error_string(ERR_get_error(), NULL);
- }
-
- auto certIssuer = getX509IssuerName(*keyCert);
- auto signerSubj = getX509SubjectName(*signingCert);
- if (certIssuer != signerSubj) {
- return "Certificate " + std::to_string(i) + " has wrong issuer. Signer subject is " +
- signerSubj + " Issuer subject is " + certIssuer;
- }
- if (i == chain.size() - 1) {
- auto key = getRawPublicKey(pubKey);
- if (!key) return key.moveMessage();
- rawPubKey = key.moveValue();
- }
- }
- return rawPubKey;
-}
-
-std::optional<std::string> validateUdsCerts(const cppbor::Map& udsCerts,
- const bytevec& udsCoseKeyBytes) {
- for (const auto& [signerName, udsCertChain] : udsCerts) {
- if (!signerName || !signerName->asTstr()) {
- return "Signer Name must be a Tstr.";
- }
- if (!udsCertChain || !udsCertChain->asArray()) {
- return "UDS certificate chain must be an Array.";
- }
- if (udsCertChain->asArray()->size() < 2) {
- return "UDS certificate chain must have at least two entries: root and leaf.";
- }
-
- auto leafPubKey = validateCertChain(*udsCertChain->asArray());
- if (!leafPubKey) {
- return leafPubKey.message();
- }
- auto coseKey = CoseKey::parse(udsCoseKeyBytes);
- if (!coseKey) {
- return coseKey.moveMessage();
- }
- auto curve = coseKey->getIntValue(CoseKey::CURVE);
- if (!curve) {
- return "CoseKey must contain curve.";
- }
- bytevec udsPub;
- if (curve == CoseKeyCurve::P256 || curve == CoseKeyCurve::P384) {
- auto pubKey = coseKey->getEcPublicKey();
- if (!pubKey) {
- return pubKey.moveMessage();
- }
- // convert public key to uncompressed form by prepending 0x04 at begin.
- pubKey->insert(pubKey->begin(), 0x04);
- udsPub = pubKey.moveValue();
- } else if (curve == CoseKeyCurve::ED25519) {
- auto& pubkey = coseKey->getMap().get(cppcose::CoseKey::PUBKEY_X);
- if (!pubkey || !pubkey->asBstr()) {
- return "Invalid public key.";
- }
- udsPub = pubkey->asBstr()->value();
- } else {
- return "Unknown curve.";
- }
- if (*leafPubKey != udsPub) {
- return "Leaf public key in UDS certificate chain doesn't match UDS public key.";
- }
- }
- return std::nullopt;
-}
-
-ErrMsgOr<std::unique_ptr<cppbor::Array>> parseAndValidateCsrPayload(
- const cppbor::Array& keysToSign, const std::vector<uint8_t>& csrPayload,
- const RpcHardwareInfo& rpcHardwareInfo, bool isFactory) {
- auto [parsedCsrPayload, _, errMsg] = cppbor::parse(csrPayload);
- if (!parsedCsrPayload) {
- return errMsg;
- }
-
- std::unique_ptr<cppbor::Array> parsed(parsedCsrPayload.release()->asArray());
- if (!parsed) {
- return "CSR payload is not a CBOR array.";
- }
-
- if (parsed->size() != 4U) {
- return "CSR payload must contain version, certificate type, device info, keys. "
- "However, the parsed CSR payload has " +
- std::to_string(parsed->size()) + " entries.";
- }
-
- auto signedVersion = parsed->get(0)->asUint();
- auto signedCertificateType = parsed->get(1)->asTstr();
- auto signedDeviceInfo = parsed->get(2)->asMap();
- auto signedKeys = parsed->get(3)->asArray();
-
- if (!signedVersion || signedVersion->value() != 3U) {
- return "CSR payload version must be an unsigned integer and must be equal to 3.";
- }
- if (!signedCertificateType) {
- // Certificate type is allowed to be extendend by vendor, i.e. we can't
- // enforce its value.
- return "Certificate type must be a Tstr.";
- }
- if (!signedDeviceInfo) {
- return "Device info must be an Map.";
- }
- if (!signedKeys) {
- return "Keys must be an Array.";
- }
-
- auto result =
- parseAndValidateDeviceInfo(signedDeviceInfo->encode(), rpcHardwareInfo, isFactory);
- if (!result) {
- return result.message();
- }
-
- if (signedKeys->encode() != keysToSign.encode()) {
- return "Signed keys do not match.";
- }
-
- return std::move(parsed);
-}
-
-ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequestSignedPayload(
- const std::vector<uint8_t>& signedPayload, const std::vector<uint8_t>& challenge) {
- auto [parsedSignedPayload, _, errMsg] = cppbor::parse(signedPayload);
- if (!parsedSignedPayload) {
- return errMsg;
- }
- if (!parsedSignedPayload->asArray()) {
- return "SignedData payload is not a CBOR array.";
- }
- if (parsedSignedPayload->asArray()->size() != 2U) {
- return "SignedData payload must contain the challenge and request. However, the parsed "
- "SignedData payload has " +
- std::to_string(parsedSignedPayload->asArray()->size()) + " entries.";
- }
-
- auto signedChallenge = parsedSignedPayload->asArray()->get(0)->asBstr();
- auto signedRequest = parsedSignedPayload->asArray()->get(1)->asBstr();
-
- if (!signedChallenge) {
- return "Challenge must be a Bstr.";
- }
-
- if (challenge.size() > 64) {
- return "Challenge size must be between 0 and 64 bytes inclusive. "
- "However, challenge is " +
- std::to_string(challenge.size()) + " bytes long.";
- }
-
- auto challengeBstr = cppbor::Bstr(challenge);
- if (*signedChallenge != challengeBstr) {
- return "Signed challenge does not match."
- "\n Actual: " +
- cppbor::prettyPrint(signedChallenge->asBstr(), 64 /* maxBStrSize */) +
- "\nExpected: " + cppbor::prettyPrint(&challengeBstr, 64 /* maxBStrSize */);
- }
-
- if (!signedRequest) {
- return "Request must be a Bstr.";
- }
-
- return signedRequest->value();
-}
-
ErrMsgOr<hwtrust::DiceChain::Kind> getDiceChainKind() {
int vendor_api_level = ::android::base::GetIntProperty("ro.vendor.api_level", -1);
- if (vendor_api_level == __ANDROID_API_T__) {
+ if (vendor_api_level <= __ANDROID_API_T__) {
return hwtrust::DiceChain::Kind::kVsr13;
} else if (vendor_api_level == __ANDROID_API_U__) {
return hwtrust::DiceChain::Kind::kVsr14;
@@ -1018,87 +768,8 @@
}
}
-ErrMsgOr<bytevec> parseAndValidateAuthenticatedRequest(const std::vector<uint8_t>& request,
- const std::vector<uint8_t>& challenge,
- const std::string& instanceName,
- bool allowAnyMode = false,
- bool allowDegenerate = true,
- bool requireUdsCerts = false) {
- auto [parsedRequest, _, csrErrMsg] = cppbor::parse(request);
- if (!parsedRequest) {
- return csrErrMsg;
- }
- if (!parsedRequest->asArray()) {
- return "AuthenticatedRequest is not a CBOR array.";
- }
- if (parsedRequest->asArray()->size() != 4U) {
- return "AuthenticatedRequest must contain version, UDS certificates, DICE chain, and "
- "signed data. However, the parsed AuthenticatedRequest has " +
- std::to_string(parsedRequest->asArray()->size()) + " entries.";
- }
-
- auto version = parsedRequest->asArray()->get(0)->asUint();
- auto udsCerts = parsedRequest->asArray()->get(1)->asMap();
- auto diceCertChain = parsedRequest->asArray()->get(2)->asArray();
- auto signedData = parsedRequest->asArray()->get(3)->asArray();
-
- if (!version || version->value() != 1U) {
- return "AuthenticatedRequest version must be an unsigned integer and must be equal to 1.";
- }
-
- if (!udsCerts) {
- return "AuthenticatedRequest UdsCerts must be a Map.";
- }
- if (requireUdsCerts && udsCerts->size() == 0) {
- return "AuthenticatedRequest UdsCerts must not be empty.";
- }
- if (!diceCertChain) {
- return "AuthenticatedRequest DiceCertChain must be an Array.";
- }
- if (!signedData) {
- return "AuthenticatedRequest SignedData must be an Array.";
- }
-
- // DICE chain is [ pubkey, + DiceChainEntry ].
- auto diceChainKind = getDiceChainKind();
- if (!diceChainKind) {
- return diceChainKind.message();
- }
-
- auto diceContents =
- validateBcc(diceCertChain, *diceChainKind, allowAnyMode, allowDegenerate, instanceName);
- if (!diceContents) {
- return diceContents.message() + "\n" + prettyPrint(diceCertChain);
- }
-
- if (!diceCertChain->get(0)->asMap()) {
- return "AuthenticatedRequest The first entry in DiceCertChain must be a Map.";
- }
- auto udsPub = diceCertChain->get(0)->asMap()->encode();
- auto error = validateUdsCerts(*udsCerts, udsPub);
- if (error) {
- return *error;
- }
-
- if (diceContents->empty()) {
- return "AuthenticatedRequest DiceContents must not be empty.";
- }
- auto& kmDiceKey = diceContents->back().pubKey;
- auto signedPayload = verifyAndParseCoseSign1(signedData, kmDiceKey, /*aad=*/{});
- if (!signedPayload) {
- return signedPayload.message();
- }
-
- auto payload = parseAndValidateAuthenticatedRequestSignedPayload(*signedPayload, challenge);
- if (!payload) {
- return payload.message();
- }
-
- return payload;
-}
-
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyCsr(
- const cppbor::Array& keysToSign, const std::vector<uint8_t>& csr,
+ const cppbor::Array& keysToSign, const std::vector<uint8_t>& encodedCsr,
const RpcHardwareInfo& rpcHardwareInfo, const std::string& instanceName,
const std::vector<uint8_t>& challenge, bool isFactory, bool allowAnyMode = false,
bool allowDegenerate = true, bool requireUdsCerts = false) {
@@ -1108,14 +779,68 @@
") does not match expected version (3).";
}
- auto csrPayload = parseAndValidateAuthenticatedRequest(
- csr, challenge, instanceName, allowAnyMode, allowDegenerate, requireUdsCerts);
-
- if (!csrPayload) {
- return csrPayload.message();
+ auto diceChainKind = getDiceChainKind();
+ if (!diceChainKind) {
+ return diceChainKind.message();
}
- return parseAndValidateCsrPayload(keysToSign, *csrPayload, rpcHardwareInfo, isFactory);
+ allowAnyMode = maybeOverrideAllowAnyMode(allowAnyMode);
+
+ auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, isFactory, allowAnyMode,
+ deviceSuffix(instanceName));
+
+ if (!csr.ok()) {
+ return csr.error().message();
+ }
+
+ if (!allowDegenerate) {
+ auto diceChain = csr->getDiceChain();
+ if (!diceChain.ok()) {
+ return diceChain.error().message();
+ }
+
+ if (!diceChain->IsProper()) {
+ return kErrorDiceChainIsDegenerate;
+ }
+ }
+
+ if (requireUdsCerts && !csr->hasUdsCerts()) {
+ return kErrorUdsCertsAreRequired;
+ }
+
+ auto equalChallenges = csr->compareChallenge(challenge);
+ if (!equalChallenges.ok()) {
+ return equalChallenges.error().message();
+ }
+
+ if (!*equalChallenges) {
+ return kErrorChallengeMismatch;
+ }
+
+ auto equalKeysToSign = csr->compareKeysToSign(keysToSign.encode());
+ if (!equalKeysToSign.ok()) {
+ return equalKeysToSign.error().message();
+ }
+
+ if (!*equalKeysToSign) {
+ return kErrorKeysToSignMismatch;
+ }
+
+ auto csrPayload = csr->getCsrPayload();
+ if (!csrPayload) {
+ return csrPayload.error().message();
+ }
+
+ auto [csrPayloadDecoded, _, errMsg] = cppbor::parse(*csrPayload);
+ if (!csrPayloadDecoded) {
+ return errMsg;
+ }
+
+ if (!csrPayloadDecoded->asArray()) {
+ return "CSR payload is not an array.";
+ }
+
+ return std::unique_ptr<cppbor::Array>(csrPayloadDecoded.release()->asArray());
}
ErrMsgOr<std::unique_ptr<cppbor::Array>> verifyFactoryCsr(
@@ -1143,8 +868,8 @@
return diceChainKind.message();
}
- auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*allowAnyMode*/,
- deviceSuffix(instanceName));
+ auto csr = hwtrust::Csr::validate(encodedCsr, *diceChainKind, false /*isFactory*/,
+ false /*allowAnyMode*/, deviceSuffix(instanceName));
if (!csr.ok()) {
return csr.error().message();
}
diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp
index 6f6a2d6..4ea8bd8 100644
--- a/security/keymint/support/remote_prov_utils_test.cpp
+++ b/security/keymint/support/remote_prov_utils_test.cpp
@@ -81,75 +81,88 @@
0x50, 0x12, 0x82, 0x37, 0xfe, 0xa4, 0x07, 0xc3, 0xd5, 0xc3, 0x78, 0xcc, 0xf9, 0xef, 0xe1,
0x95, 0x38, 0x9f, 0xb0, 0x79, 0x16, 0x4c, 0x4a, 0x23, 0xc4, 0xdc, 0x35, 0x4e, 0x0f};
+inline const std::vector<uint8_t> kKeysToSignForCsrWithDegenerateDiceChain{
+ 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x1d, 0x94, 0xf2, 0x27,
+ 0xc3, 0x70, 0x01, 0xde, 0x3c, 0xaf, 0x6f, 0xfd, 0x78, 0x08, 0x37, 0x39, 0x21, 0xdd, 0x46,
+ 0x6f, 0x08, 0x4f, 0x77, 0xf7, 0x80, 0x34, 0x30, 0x74, 0x78, 0x69, 0xeb, 0xb1, 0x22, 0x58,
+ 0x20, 0x6b, 0x71, 0xd7, 0x7f, 0x0e, 0x51, 0xb2, 0xc9, 0x3d, 0x1a, 0xa0, 0xe8, 0x7a, 0x0d,
+ 0x57, 0xfc, 0x91, 0xd0, 0x68, 0xf9, 0x33, 0x5f, 0x80, 0x29, 0x00, 0x80, 0x98, 0x78, 0x63,
+ 0x5b, 0x30, 0x24, 0x23, 0x58, 0x20, 0x09, 0x83, 0xa6, 0x5a, 0xbb, 0x3a, 0xf8, 0x90, 0x88,
+ 0x87, 0x16, 0x37, 0xb4, 0xe7, 0x11, 0x9b, 0xcc, 0xbb, 0x15, 0x82, 0xa9, 0x97, 0xa5, 0xad,
+ 0xa9, 0x85, 0x39, 0x30, 0x55, 0x46, 0x99, 0xc6, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01,
+ 0x21, 0x58, 0x20, 0xa8, 0xaa, 0x4b, 0x63, 0x86, 0xf6, 0x5c, 0xe4, 0x28, 0xda, 0x26, 0x3f,
+ 0x9a, 0x42, 0x6e, 0xb9, 0x2b, 0x4d, 0x5a, 0x49, 0x4c, 0x5f, 0x1a, 0xa2, 0x5f, 0xd4, 0x8f,
+ 0x84, 0xd7, 0x25, 0xe4, 0x6c, 0x22, 0x58, 0x20, 0x6b, 0xef, 0xde, 0xd6, 0x04, 0x58, 0x12,
+ 0xdb, 0xf8, 0x90, 0x2c, 0x9c, 0xe0, 0x5e, 0x43, 0xbc, 0xcf, 0x22, 0x01, 0x4d, 0x5c, 0x0c,
+ 0x86, 0x7b, 0x66, 0xd2, 0xa1, 0xfc, 0x69, 0x8a, 0x91, 0xfc, 0x23, 0x58, 0x20, 0x31, 0xaf,
+ 0x30, 0x85, 0x1f, 0x2a, 0x82, 0xe1, 0x9c, 0xda, 0xe5, 0x68, 0xed, 0x79, 0xc1, 0x35, 0x1a,
+ 0x02, 0xb4, 0x8a, 0xd2, 0x4c, 0xc4, 0x70, 0x6b, 0x88, 0x98, 0x23, 0x9e, 0xb3, 0x52, 0xb1};
+
inline const std::vector<uint8_t> kCsrWithDegenerateDiceChain{
- 0x85, 0x01, 0xa0, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x65,
- 0xe0, 0x51, 0x62, 0x45, 0x17, 0xcc, 0xa8, 0x40, 0x41, 0x6d, 0xc0, 0x86, 0x7a, 0x15, 0x6e,
- 0xee, 0x04, 0xae, 0xbd, 0x05, 0x13, 0x36, 0xcb, 0xd2, 0x8d, 0xd8, 0x80, 0x16, 0xc1, 0x69,
- 0x0d, 0x22, 0x58, 0x20, 0xea, 0xa1, 0x37, 0xd5, 0x01, 0xbd, 0xe0, 0x25, 0x6a, 0x3d, 0x4c,
- 0xcd, 0x31, 0xa1, 0x4d, 0xa6, 0x80, 0x82, 0x03, 0x40, 0xe2, 0x88, 0x81, 0x53, 0xc3, 0xb3,
- 0x6d, 0xf7, 0xf4, 0x10, 0xde, 0x96, 0x23, 0x58, 0x20, 0x24, 0x69, 0x44, 0x6e, 0xf5, 0xcc,
- 0x18, 0xfe, 0x63, 0xac, 0x5e, 0x85, 0x9c, 0xfc, 0x9d, 0xfa, 0x90, 0xee, 0x6c, 0xc2, 0x22,
- 0x49, 0x02, 0xc7, 0x93, 0xf4, 0x30, 0xf1, 0x51, 0x11, 0x20, 0x33, 0x84, 0x43, 0xa1, 0x01,
- 0x26, 0xa0, 0x58, 0x97, 0xa5, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67,
- 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a,
- 0x00, 0x47, 0x44, 0x57, 0x58, 0x70, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58,
- 0x20, 0x65, 0xe0, 0x51, 0x62, 0x45, 0x17, 0xcc, 0xa8, 0x40, 0x41, 0x6d, 0xc0, 0x86, 0x7a,
- 0x15, 0x6e, 0xee, 0x04, 0xae, 0xbd, 0x05, 0x13, 0x36, 0xcb, 0xd2, 0x8d, 0xd8, 0x80, 0x16,
- 0xc1, 0x69, 0x0d, 0x22, 0x58, 0x20, 0xea, 0xa1, 0x37, 0xd5, 0x01, 0xbd, 0xe0, 0x25, 0x6a,
- 0x3d, 0x4c, 0xcd, 0x31, 0xa1, 0x4d, 0xa6, 0x80, 0x82, 0x03, 0x40, 0xe2, 0x88, 0x81, 0x53,
- 0xc3, 0xb3, 0x6d, 0xf7, 0xf4, 0x10, 0xde, 0x96, 0x23, 0x58, 0x20, 0x24, 0x69, 0x44, 0x6e,
- 0xf5, 0xcc, 0x18, 0xfe, 0x63, 0xac, 0x5e, 0x85, 0x9c, 0xfc, 0x9d, 0xfa, 0x90, 0xee, 0x6c,
- 0xc2, 0x22, 0x49, 0x02, 0xc7, 0x93, 0xf4, 0x30, 0xf1, 0x51, 0x11, 0x20, 0x33, 0x3a, 0x00,
- 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x16, 0xb9, 0x51, 0xdf, 0x31, 0xad, 0xa0, 0x3d,
- 0x98, 0x40, 0x85, 0xdf, 0xd9, 0xbe, 0xf6, 0x79, 0x62, 0x36, 0x8b, 0x60, 0xaa, 0x79, 0x8e,
- 0x52, 0x04, 0xdd, 0xba, 0x39, 0xa2, 0x58, 0x9c, 0x60, 0xd5, 0x96, 0x51, 0x42, 0xe2, 0xa5,
- 0x57, 0x58, 0xb4, 0x89, 0x2c, 0x94, 0xb9, 0xda, 0xe7, 0x93, 0x85, 0xda, 0x64, 0xa0, 0x52,
- 0xfc, 0x6b, 0xb1, 0x0a, 0xa8, 0x13, 0xd9, 0x84, 0xfb, 0x34, 0x77, 0x84, 0x43, 0xa1, 0x01,
- 0x26, 0xa0, 0x59, 0x02, 0x0f, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
- 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03,
- 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64,
- 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65,
- 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76,
- 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64,
- 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74,
- 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65,
- 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61,
- 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76,
- 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22,
- 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73,
- 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74,
- 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c,
- 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c,
- 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63,
- 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63,
- 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65,
- 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65,
- 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21,
- 0x58, 0x20, 0x46, 0xbd, 0xfc, 0xed, 0xa6, 0x94, 0x9a, 0xc4, 0x5e, 0x27, 0xcf, 0x24, 0x25,
- 0xc5, 0x0c, 0x7d, 0xed, 0x8f, 0x21, 0xe0, 0x47, 0x81, 0x5a, 0xdc, 0x3b, 0xd4, 0x9e, 0x13,
- 0xb6, 0x06, 0x36, 0x70, 0x22, 0x58, 0x20, 0x0a, 0xbd, 0xbc, 0x0d, 0x19, 0xba, 0xcc, 0xdc,
- 0x00, 0x64, 0x31, 0x4c, 0x84, 0x66, 0x1d, 0xfb, 0x50, 0xd0, 0xe3, 0xf8, 0x78, 0x9d, 0xf9,
- 0x77, 0x2b, 0x40, 0x6b, 0xb5, 0x8e, 0xd3, 0xf8, 0xa9, 0x23, 0x58, 0x21, 0x00, 0x9c, 0x42,
- 0x3f, 0x79, 0x76, 0xa0, 0xd1, 0x98, 0x58, 0xbb, 0x9b, 0x9e, 0xfb, 0x3b, 0x08, 0xf2, 0xe1,
- 0xa3, 0xfe, 0xf4, 0x21, 0x5b, 0x97, 0x2d, 0xcb, 0x9a, 0x55, 0x1a, 0x7f, 0xa7, 0xc1, 0xa8,
- 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xef, 0xd3, 0x88, 0xc4, 0xbc,
- 0xce, 0x51, 0x4d, 0x4b, 0xd3, 0x81, 0x26, 0xc6, 0xcc, 0x66, 0x3b, 0x12, 0x38, 0xbf, 0x23,
- 0x7a, 0x2e, 0x7f, 0x82, 0xa7, 0x81, 0x74, 0x21, 0xc0, 0x12, 0x79, 0xf4, 0x22, 0x58, 0x20,
- 0xdc, 0x85, 0x6c, 0x1c, 0xcc, 0xf9, 0xf3, 0xe8, 0xff, 0x90, 0xfd, 0x89, 0x03, 0xf5, 0xaf,
- 0x75, 0xa0, 0x79, 0xbb, 0x53, 0x9a, 0x1f, 0x2b, 0x34, 0x86, 0x47, 0x3d, 0x66, 0x2a, 0x07,
- 0x3b, 0x1e, 0x23, 0x58, 0x20, 0x34, 0x7b, 0x15, 0xcc, 0xbf, 0x26, 0xc9, 0x28, 0x0e, 0xee,
- 0xc5, 0x47, 0xac, 0x00, 0xc4, 0x4d, 0x81, 0x2b, 0x1e, 0xac, 0x31, 0xd2, 0x6f, 0x36, 0x85,
- 0xe6, 0xa8, 0xf0, 0x46, 0xfc, 0xd2, 0x83, 0x58, 0x40, 0x55, 0x4c, 0x38, 0xdf, 0xfe, 0x49,
- 0xa8, 0xa0, 0xa5, 0x08, 0xce, 0x2f, 0xe5, 0xf6, 0x6e, 0x2b, 0xc2, 0x95, 0x39, 0xc8, 0xca,
- 0x77, 0xd6, 0xf6, 0x67, 0x24, 0x6b, 0x0e, 0x63, 0x5d, 0x11, 0x97, 0x26, 0x52, 0x30, 0xbc,
- 0x28, 0x1d, 0xbf, 0x2a, 0x3e, 0x8c, 0x90, 0x54, 0xaa, 0xaa, 0xd1, 0x7c, 0x53, 0x7b, 0x48,
- 0x1f, 0x51, 0x50, 0x6c, 0x32, 0xe1, 0x0f, 0x57, 0xea, 0x47, 0x76, 0x85, 0x0c, 0xa1, 0x6b,
- 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72,
- 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64,
- 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30,
- 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f,
- 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
+ 0x85, 0x01, 0xa0, 0x82, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf2,
+ 0xc6, 0x50, 0xd2, 0x42, 0x59, 0xe0, 0x4e, 0x7b, 0xc0, 0x75, 0x41, 0xa2, 0xe9, 0xd0, 0xe8,
+ 0x18, 0xd7, 0xd7, 0x63, 0x7e, 0x41, 0x04, 0x7e, 0x52, 0x1a, 0xb1, 0xb7, 0xdc, 0x13, 0xb3,
+ 0x0f, 0x22, 0x58, 0x20, 0x1a, 0xf3, 0x8b, 0x0f, 0x7a, 0xc6, 0xf2, 0xb8, 0x31, 0x0b, 0x40,
+ 0x9b, 0x7e, 0xb6, 0xd6, 0xec, 0x9c, 0x21, 0xad, 0xde, 0xd1, 0x6c, 0x52, 0xfc, 0x06, 0xf1,
+ 0x39, 0x31, 0xa0, 0x22, 0x65, 0x86, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x58, 0x74, 0xa5,
+ 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65,
+ 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58,
+ 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xf2, 0xc6, 0x50, 0xd2,
+ 0x42, 0x59, 0xe0, 0x4e, 0x7b, 0xc0, 0x75, 0x41, 0xa2, 0xe9, 0xd0, 0xe8, 0x18, 0xd7, 0xd7,
+ 0x63, 0x7e, 0x41, 0x04, 0x7e, 0x52, 0x1a, 0xb1, 0xb7, 0xdc, 0x13, 0xb3, 0x0f, 0x22, 0x58,
+ 0x20, 0x1a, 0xf3, 0x8b, 0x0f, 0x7a, 0xc6, 0xf2, 0xb8, 0x31, 0x0b, 0x40, 0x9b, 0x7e, 0xb6,
+ 0xd6, 0xec, 0x9c, 0x21, 0xad, 0xde, 0xd1, 0x6c, 0x52, 0xfc, 0x06, 0xf1, 0x39, 0x31, 0xa0,
+ 0x22, 0x65, 0x86, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40, 0x1e, 0xdf, 0xe0,
+ 0x1c, 0xca, 0xbb, 0xb2, 0x13, 0xae, 0xe2, 0x49, 0x32, 0x3c, 0x6e, 0x9c, 0x6e, 0xf4, 0x23,
+ 0x87, 0x41, 0x60, 0x04, 0x34, 0xe6, 0x32, 0xe2, 0xf1, 0x22, 0x55, 0xcc, 0x89, 0x4b, 0x4f,
+ 0xdb, 0x05, 0x89, 0x8a, 0x3c, 0x2f, 0x8a, 0x52, 0x84, 0x43, 0xdc, 0x43, 0x62, 0x7e, 0x85,
+ 0xb3, 0xea, 0x49, 0x3b, 0x0b, 0x4a, 0xf0, 0x64, 0xfe, 0x8f, 0x41, 0xb6, 0xd1, 0xcc, 0xe3,
+ 0xf6, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0e, 0x82, 0x58, 0x20, 0x01, 0x02,
+ 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11,
+ 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+ 0x59, 0x01, 0xe8, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65,
+ 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75,
+ 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65,
+ 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
+ 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68,
+ 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a,
+ 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d,
+ 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f,
+ 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65,
+ 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc,
+ 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65,
+ 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61,
+ 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70,
+ 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74,
+ 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d,
+ 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34,
+ 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68,
+ 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02,
+ 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x1d, 0x94, 0xf2, 0x27, 0xc3, 0x70, 0x01, 0xde,
+ 0x3c, 0xaf, 0x6f, 0xfd, 0x78, 0x08, 0x37, 0x39, 0x21, 0xdd, 0x46, 0x6f, 0x08, 0x4f, 0x77,
+ 0xf7, 0x80, 0x34, 0x30, 0x74, 0x78, 0x69, 0xeb, 0xb1, 0x22, 0x58, 0x20, 0x6b, 0x71, 0xd7,
+ 0x7f, 0x0e, 0x51, 0xb2, 0xc9, 0x3d, 0x1a, 0xa0, 0xe8, 0x7a, 0x0d, 0x57, 0xfc, 0x91, 0xd0,
+ 0x68, 0xf9, 0x33, 0x5f, 0x80, 0x29, 0x00, 0x80, 0x98, 0x78, 0x63, 0x5b, 0x30, 0x24, 0x23,
+ 0x58, 0x20, 0x09, 0x83, 0xa6, 0x5a, 0xbb, 0x3a, 0xf8, 0x90, 0x88, 0x87, 0x16, 0x37, 0xb4,
+ 0xe7, 0x11, 0x9b, 0xcc, 0xbb, 0x15, 0x82, 0xa9, 0x97, 0xa5, 0xad, 0xa9, 0x85, 0x39, 0x30,
+ 0x55, 0x46, 0x99, 0xc6, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xa8,
+ 0xaa, 0x4b, 0x63, 0x86, 0xf6, 0x5c, 0xe4, 0x28, 0xda, 0x26, 0x3f, 0x9a, 0x42, 0x6e, 0xb9,
+ 0x2b, 0x4d, 0x5a, 0x49, 0x4c, 0x5f, 0x1a, 0xa2, 0x5f, 0xd4, 0x8f, 0x84, 0xd7, 0x25, 0xe4,
+ 0x6c, 0x22, 0x58, 0x20, 0x6b, 0xef, 0xde, 0xd6, 0x04, 0x58, 0x12, 0xdb, 0xf8, 0x90, 0x2c,
+ 0x9c, 0xe0, 0x5e, 0x43, 0xbc, 0xcf, 0x22, 0x01, 0x4d, 0x5c, 0x0c, 0x86, 0x7b, 0x66, 0xd2,
+ 0xa1, 0xfc, 0x69, 0x8a, 0x91, 0xfc, 0x23, 0x58, 0x20, 0x31, 0xaf, 0x30, 0x85, 0x1f, 0x2a,
+ 0x82, 0xe1, 0x9c, 0xda, 0xe5, 0x68, 0xed, 0x79, 0xc1, 0x35, 0x1a, 0x02, 0xb4, 0x8a, 0xd2,
+ 0x4c, 0xc4, 0x70, 0x6b, 0x88, 0x98, 0x23, 0x9e, 0xb3, 0x52, 0xb1, 0x58, 0x40, 0x8e, 0x7e,
+ 0xdf, 0x77, 0x13, 0xdb, 0x51, 0xf6, 0xc1, 0x67, 0x52, 0x48, 0x48, 0x79, 0xe6, 0xbc, 0x89,
+ 0xe2, 0xfe, 0x7c, 0x0d, 0x2c, 0x88, 0x3b, 0x23, 0x66, 0x93, 0x7b, 0x94, 0x59, 0xc4, 0x87,
+ 0x16, 0xc4, 0x3a, 0x85, 0x60, 0xe3, 0x62, 0x45, 0x53, 0xa8, 0x1d, 0x4e, 0xa4, 0x2b, 0x61,
+ 0x33, 0x17, 0x71, 0xb6, 0x40, 0x11, 0x7d, 0x23, 0x64, 0xe6, 0x49, 0xbe, 0xa6, 0x85, 0x32,
+ 0x1a, 0x89, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74,
+ 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63,
+ 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69,
+ 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75,
+ 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79,
+ 0x73};
// The challenge that is in kKeysToSignForCsrWithUdsCerts and kCsrWithUdsCerts
inline const std::vector<uint8_t> kChallenge{0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
@@ -158,244 +171,242 @@
0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20};
inline const std::vector<uint8_t> kKeysToSignForCsrWithUdsCerts{
- 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x35, 0xeb, 0x56, 0xed,
- 0x62, 0x13, 0x6a, 0x41, 0x89, 0xf6, 0x72, 0xa6, 0xf1, 0x5c, 0xd1, 0xf6, 0x34, 0xbd, 0x81,
- 0xdb, 0x2e, 0x0b, 0x4d, 0xf6, 0x69, 0x6f, 0xa6, 0xf3, 0xce, 0x27, 0x2c, 0x78, 0x22, 0x58,
- 0x20, 0xac, 0xa9, 0x9f, 0x62, 0x81, 0x58, 0xc7, 0x10, 0xd7, 0xb5, 0xa8, 0xa0, 0x7b, 0x11,
- 0xf5, 0x75, 0xdb, 0xd9, 0xa2, 0x1d, 0x86, 0x34, 0xc6, 0xf4, 0x23, 0x79, 0xcc, 0x8a, 0x87,
- 0x3c, 0xb2, 0xd0, 0x23, 0x58, 0x20, 0x0f, 0x2c, 0x5a, 0xb7, 0xe1, 0x3b, 0x24, 0xa3, 0x4f,
- 0xaa, 0x49, 0x51, 0xfc, 0x8c, 0xd0, 0x35, 0x43, 0x7c, 0x21, 0xfa, 0x7d, 0x56, 0x97, 0x69,
- 0xe1, 0x81, 0xf5, 0x88, 0x15, 0x33, 0xa0, 0x7f, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01,
- 0x21, 0x58, 0x20, 0xb5, 0xcc, 0xd9, 0x4f, 0x7a, 0xe2, 0xca, 0xac, 0xfe, 0xa5, 0x65, 0x0c,
- 0x6a, 0xa8, 0x16, 0x45, 0x40, 0x41, 0x1c, 0xb2, 0x64, 0xcd, 0x34, 0xe8, 0x37, 0x88, 0xb9,
- 0x9a, 0xb3, 0xc3, 0xfd, 0x6a, 0x22, 0x58, 0x20, 0x5e, 0xbe, 0xff, 0x98, 0x60, 0x6e, 0x1d,
- 0x6b, 0x42, 0x60, 0x59, 0xe9, 0x42, 0x95, 0xc8, 0x2e, 0xc5, 0xb6, 0x66, 0x4a, 0x53, 0xf1,
- 0x73, 0x02, 0xcb, 0x89, 0x8a, 0x2a, 0xc9, 0xa5, 0xa3, 0x39, 0x23, 0x58, 0x21, 0x00, 0xdb,
- 0xda, 0x3c, 0x3e, 0x27, 0x71, 0x5e, 0xd0, 0x2b, 0x09, 0xb8, 0x6f, 0xe2, 0x2c, 0xdd, 0x0a,
- 0xbf, 0x1d, 0x94, 0x36, 0xd2, 0x33, 0x88, 0x6e, 0x66, 0x05, 0x21, 0x92, 0x64, 0x79, 0xa9,
- 0x10};
+ 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xd5, 0x0b, 0x27, 0x39,
+ 0xa3, 0xd5, 0xfd, 0xd9, 0x4f, 0x87, 0x4a, 0x97, 0x17, 0x60, 0x6c, 0x63, 0x55, 0x13, 0xa0,
+ 0xf5, 0x1c, 0x2b, 0xe7, 0x0e, 0x8e, 0xdb, 0x76, 0x82, 0x69, 0x5a, 0x46, 0xec, 0x22, 0x58,
+ 0x20, 0xa6, 0x08, 0xb3, 0x57, 0xaa, 0x5f, 0x72, 0x2b, 0xb1, 0xf0, 0x43, 0x52, 0xf4, 0xcb,
+ 0x97, 0x39, 0xfd, 0x54, 0x79, 0xa3, 0xaf, 0x07, 0xb7, 0xbe, 0xbc, 0x93, 0xc1, 0xb6, 0x9b,
+ 0x2f, 0x75, 0x1b, 0x23, 0x58, 0x21, 0x00, 0xb4, 0x59, 0xe3, 0x78, 0x6f, 0x3f, 0xbd, 0xdc,
+ 0x38, 0x8a, 0xa5, 0x7d, 0xbe, 0xe0, 0xce, 0xf9, 0x2e, 0x9a, 0x5b, 0xfc, 0xbd, 0x4d, 0x27,
+ 0x7b, 0xa7, 0xc8, 0xda, 0xaa, 0xe4, 0xcd, 0xf3, 0xd2, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20,
+ 0x01, 0x21, 0x58, 0x20, 0x10, 0x6c, 0xe8, 0x71, 0xa8, 0x78, 0x9d, 0x29, 0xbe, 0xf8, 0x84,
+ 0x39, 0xd4, 0xa2, 0xf5, 0x3e, 0x09, 0xf1, 0xd4, 0x81, 0x59, 0x24, 0x63, 0x07, 0xae, 0x25,
+ 0xad, 0x24, 0x72, 0x0f, 0x8b, 0xd0, 0x22, 0x58, 0x20, 0xe8, 0xba, 0x76, 0x49, 0x7b, 0x97,
+ 0x98, 0xcf, 0xbb, 0x90, 0xfa, 0x30, 0x3a, 0x2d, 0x88, 0xfe, 0x3f, 0xc6, 0x75, 0x05, 0x7b,
+ 0x59, 0xdf, 0x14, 0xd8, 0xde, 0x4d, 0x51, 0x8b, 0x2f, 0x5a, 0xc7, 0x23, 0x58, 0x20, 0x76,
+ 0x11, 0x2f, 0x31, 0xe5, 0xc2, 0xbb, 0xa7, 0x2c, 0x2b, 0x2f, 0x73, 0x16, 0x29, 0xf8, 0x67,
+ 0x66, 0x44, 0x7f, 0x3f, 0x22, 0xa2, 0x40, 0x45, 0x12, 0xac, 0x97, 0x06, 0xc8, 0x66, 0x08,
+ 0xc9, 0x0a};
inline const std::vector<uint8_t> kCsrWithUdsCerts{
- 0x84, 0x01, 0xa1, 0x70, 0x74, 0x65, 0x73, 0x74, 0x2d, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72,
+ 0x85, 0x01, 0xa1, 0x70, 0x74, 0x65, 0x73, 0x74, 0x2d, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72,
0x2d, 0x6e, 0x61, 0x6d, 0x65, 0x82, 0x59, 0x01, 0x6c, 0x30, 0x82, 0x01, 0x68, 0x30, 0x82,
0x01, 0x1a, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x7b, 0x30, 0x05, 0x06, 0x03, 0x2b,
0x65, 0x70, 0x30, 0x2b, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c,
0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x12, 0x30,
0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x52, 0x6f,
- 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x30, 0x31, 0x37, 0x31, 0x39, 0x32,
- 0x33, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x31, 0x31, 0x36, 0x31, 0x39, 0x32,
- 0x33, 0x30, 0x39, 0x5a, 0x30, 0x2b, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a,
+ 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x31, 0x31, 0x34, 0x30, 0x39, 0x35,
+ 0x32, 0x30, 0x37, 0x5a, 0x17, 0x0d, 0x34, 0x39, 0x31, 0x31, 0x30, 0x38, 0x30, 0x39, 0x35,
+ 0x32, 0x30, 0x37, 0x5a, 0x30, 0x2b, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a,
0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31,
0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x09, 0x46, 0x61, 0x6b, 0x65, 0x20,
0x52, 0x6f, 0x6f, 0x74, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21,
- 0x00, 0x20, 0xc5, 0xfa, 0x42, 0xe9, 0x23, 0xd3, 0x72, 0x83, 0x96, 0xc5, 0x73, 0x1e, 0xec,
- 0x07, 0x39, 0x4f, 0xc8, 0xb7, 0xd1, 0x9f, 0x77, 0xb6, 0x0b, 0x59, 0x9e, 0x62, 0xc0, 0xec,
- 0x06, 0x06, 0xad, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
- 0x16, 0x04, 0x14, 0xec, 0x36, 0x07, 0x83, 0xf0, 0xda, 0x23, 0xfc, 0x0f, 0xb1, 0x08, 0xd0,
- 0x60, 0x97, 0xc1, 0x9a, 0x14, 0x54, 0xbf, 0x63, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
- 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xec, 0x36, 0x07, 0x83, 0xf0, 0xda, 0x23, 0xfc, 0x0f,
- 0xb1, 0x08, 0xd0, 0x60, 0x97, 0xc1, 0x9a, 0x14, 0x54, 0xbf, 0x63, 0x30, 0x0f, 0x06, 0x03,
+ 0x00, 0x54, 0x40, 0x8c, 0x1b, 0x60, 0x39, 0x81, 0xe7, 0x38, 0x87, 0xb9, 0x75, 0x10, 0x30,
+ 0x6a, 0x1b, 0x9b, 0x38, 0x61, 0xa0, 0x94, 0x49, 0xb0, 0xf3, 0xae, 0x39, 0x53, 0x2d, 0x61,
+ 0x8d, 0x6e, 0x59, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04,
+ 0x16, 0x04, 0x14, 0x6d, 0xd5, 0xea, 0x8c, 0xe0, 0x5a, 0x50, 0xd9, 0x36, 0xf3, 0x28, 0xc2,
+ 0x54, 0x1d, 0xfa, 0x9d, 0x94, 0x19, 0x98, 0x76, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23,
+ 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x6d, 0xd5, 0xea, 0x8c, 0xe0, 0x5a, 0x50, 0xd9, 0x36,
+ 0xf3, 0x28, 0xc2, 0x54, 0x1d, 0xfa, 0x9d, 0x94, 0x19, 0x98, 0x76, 0x30, 0x0f, 0x06, 0x03,
0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e,
0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30,
- 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x41, 0xfa, 0x27, 0xfd, 0xe3, 0x42,
- 0x89, 0x43, 0x68, 0x92, 0x48, 0x39, 0xb1, 0x93, 0x93, 0x8b, 0x69, 0x16, 0x50, 0xbe, 0xc0,
- 0xc5, 0x83, 0xd6, 0x1e, 0x4b, 0x2f, 0x6e, 0x18, 0x32, 0x78, 0xfe, 0x35, 0x78, 0xed, 0x6d,
- 0xc8, 0x36, 0xb2, 0x4e, 0x0d, 0x10, 0x23, 0xab, 0x28, 0x32, 0xa1, 0xfc, 0x83, 0x2a, 0xa3,
- 0xca, 0xe1, 0xca, 0x82, 0xd2, 0x5f, 0xf1, 0x7f, 0xf2, 0xba, 0xbe, 0x86, 0x0b, 0x59, 0x01,
- 0x70, 0x30, 0x82, 0x01, 0x6c, 0x30, 0x82, 0x01, 0x1e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
+ 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0x1e, 0x27, 0x99, 0xd3, 0x05, 0xa7,
+ 0xd2, 0xc6, 0xad, 0x1f, 0x2c, 0xbd, 0xef, 0x34, 0x18, 0xbd, 0x37, 0xb9, 0x96, 0x57, 0x63,
+ 0x72, 0x7e, 0xf8, 0xe5, 0xa2, 0xb5, 0x9a, 0x20, 0x42, 0x1d, 0x9c, 0x8e, 0xdc, 0x97, 0xd4,
+ 0x3b, 0x65, 0xe0, 0x52, 0xb4, 0x0d, 0x95, 0x59, 0x94, 0x94, 0x7a, 0x31, 0x9e, 0x45, 0x4b,
+ 0x93, 0x3d, 0x5d, 0x88, 0x98, 0xb1, 0x52, 0xf5, 0x46, 0x1c, 0x2a, 0x0b, 0x05, 0x59, 0x01,
+ 0x9f, 0x30, 0x82, 0x01, 0x9b, 0x30, 0x82, 0x01, 0x4d, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02,
0x02, 0x01, 0xc8, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x2b, 0x31, 0x15, 0x30,
0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x6f,
0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13,
0x09, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x32,
- 0x34, 0x31, 0x30, 0x31, 0x37, 0x31, 0x39, 0x32, 0x33, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x32,
- 0x34, 0x31, 0x31, 0x31, 0x36, 0x31, 0x39, 0x32, 0x33, 0x30, 0x39, 0x5a, 0x30, 0x2e, 0x31,
+ 0x34, 0x31, 0x31, 0x31, 0x34, 0x30, 0x39, 0x35, 0x32, 0x30, 0x37, 0x5a, 0x17, 0x0d, 0x34,
+ 0x39, 0x31, 0x31, 0x30, 0x38, 0x30, 0x39, 0x35, 0x32, 0x30, 0x37, 0x5a, 0x30, 0x2e, 0x31,
0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20,
0x43, 0x6f, 0x6d, 0x70, 0x61, 0x6e, 0x79, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
0x03, 0x13, 0x0c, 0x46, 0x61, 0x6b, 0x65, 0x20, 0x43, 0x68, 0x69, 0x70, 0x73, 0x65, 0x74,
- 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0x14, 0xf4, 0x4a,
- 0x88, 0x56, 0x9f, 0xc0, 0xf5, 0x1f, 0xe5, 0xef, 0xfb, 0xf4, 0x06, 0xbc, 0xb1, 0xe4, 0x4a,
- 0x37, 0xe5, 0x07, 0xf8, 0x65, 0x95, 0x55, 0x54, 0xfd, 0x90, 0xf9, 0x8b, 0xa7, 0xc6, 0xa3,
- 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xef,
- 0x05, 0x40, 0x0a, 0x1b, 0x74, 0x3e, 0x4d, 0x2e, 0x22, 0xf5, 0x66, 0x0c, 0xd7, 0xf9, 0xb8,
- 0x8e, 0x81, 0x3d, 0xab, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16,
- 0x80, 0x14, 0xec, 0x36, 0x07, 0x83, 0xf0, 0xda, 0x23, 0xfc, 0x0f, 0xb1, 0x08, 0xd0, 0x60,
- 0x97, 0xc1, 0x9a, 0x14, 0x54, 0xbf, 0x63, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01,
- 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
- 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x05, 0x06, 0x03, 0x2b,
- 0x65, 0x70, 0x03, 0x41, 0x00, 0x64, 0x32, 0x42, 0x06, 0xa7, 0x11, 0xb0, 0x67, 0x81, 0x73,
- 0x19, 0x70, 0xb6, 0x60, 0x1c, 0xd2, 0x43, 0xde, 0x42, 0xec, 0x71, 0x4d, 0x6e, 0xa8, 0xed,
- 0x6f, 0xe2, 0x59, 0x3e, 0xa3, 0x45, 0x82, 0x8b, 0x25, 0x25, 0xf9, 0xc6, 0xb3, 0xf5, 0xb5,
- 0x3d, 0x11, 0x7d, 0xcf, 0xf2, 0x50, 0x22, 0xff, 0x2b, 0xc5, 0x14, 0x94, 0x64, 0xbf, 0xbf,
- 0x52, 0x69, 0xb1, 0xfe, 0x07, 0x81, 0x83, 0xb3, 0x0d, 0x82, 0xa5, 0x01, 0x01, 0x03, 0x27,
- 0x20, 0x06, 0x21, 0x58, 0x20, 0x14, 0xf4, 0x4a, 0x88, 0x56, 0x9f, 0xc0, 0xf5, 0x1f, 0xe5,
- 0xef, 0xfb, 0xf4, 0x06, 0xbc, 0xb1, 0xe4, 0x4a, 0x37, 0xe5, 0x07, 0xf8, 0x65, 0x95, 0x55,
- 0x54, 0xfd, 0x90, 0xf9, 0x8b, 0xa7, 0xc6, 0x23, 0x58, 0x20, 0x8d, 0x38, 0x0d, 0x38, 0xcb,
- 0x76, 0x73, 0xef, 0x13, 0xd1, 0x08, 0x02, 0xa5, 0x0e, 0xd2, 0x16, 0xd4, 0x0f, 0x2c, 0x29,
- 0xf8, 0xd0, 0x20, 0xb8, 0x6a, 0x7f, 0xa2, 0xd1, 0x1e, 0xeb, 0xd1, 0x5c, 0x84, 0x43, 0xa1,
- 0x01, 0x27, 0xa0, 0x59, 0x01, 0x27, 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75, 0x65, 0x72,
- 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44, 0x50, 0x58,
- 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08,
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xc9, 0x35, 0xf7,
+ 0x7e, 0x71, 0xc9, 0xa4, 0xd2, 0x13, 0x58, 0x5a, 0xc1, 0x0c, 0x17, 0xa8, 0x2c, 0x28, 0x99,
+ 0x32, 0x8e, 0x01, 0x45, 0xb8, 0xf1, 0xf4, 0xf8, 0x37, 0x25, 0x4a, 0x25, 0x1f, 0xbf, 0x8f,
+ 0xd8, 0xdf, 0x53, 0xdd, 0x95, 0x7a, 0x90, 0xff, 0xe3, 0x40, 0xbf, 0xda, 0x19, 0x0c, 0x14,
+ 0x41, 0x1c, 0x76, 0x73, 0x4e, 0x86, 0x94, 0x7d, 0x2c, 0x21, 0x5f, 0x5e, 0x05, 0x26, 0x15,
+ 0x4f, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04,
+ 0x14, 0x12, 0x84, 0xe1, 0x31, 0xef, 0xa8, 0xfd, 0xcc, 0xbb, 0x35, 0x22, 0xb9, 0x99, 0xd1,
+ 0xca, 0x64, 0x19, 0x09, 0x54, 0x4c, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18,
+ 0x30, 0x16, 0x80, 0x14, 0x6d, 0xd5, 0xea, 0x8c, 0xe0, 0x5a, 0x50, 0xd9, 0x36, 0xf3, 0x28,
+ 0xc2, 0x54, 0x1d, 0xfa, 0x9d, 0x94, 0x19, 0x98, 0x76, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d,
+ 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03,
+ 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x04, 0x30, 0x05, 0x06,
+ 0x03, 0x2b, 0x65, 0x70, 0x03, 0x41, 0x00, 0xc7, 0x93, 0x86, 0x58, 0xb2, 0x31, 0x30, 0x4f,
+ 0x1a, 0x53, 0x06, 0x87, 0x0e, 0xdf, 0xc4, 0xd8, 0x03, 0xf4, 0xaf, 0xa3, 0x2d, 0xfb, 0x7d,
+ 0xab, 0x08, 0x70, 0x47, 0x38, 0x10, 0xc5, 0xa8, 0x5e, 0x67, 0x64, 0xc7, 0xdc, 0x28, 0xe8,
+ 0x63, 0x3c, 0xa7, 0xb8, 0xf9, 0xbe, 0x3e, 0x75, 0xa7, 0x1c, 0xac, 0xc4, 0x81, 0x82, 0x4a,
+ 0x21, 0xf0, 0x89, 0x8e, 0x99, 0xf4, 0x52, 0x23, 0x30, 0x6d, 0x04, 0x82, 0xa5, 0x01, 0x02,
+ 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xc9, 0x35, 0xf7, 0x7e, 0x71, 0xc9, 0xa4, 0xd2,
+ 0x13, 0x58, 0x5a, 0xc1, 0x0c, 0x17, 0xa8, 0x2c, 0x28, 0x99, 0x32, 0x8e, 0x01, 0x45, 0xb8,
+ 0xf1, 0xf4, 0xf8, 0x37, 0x25, 0x4a, 0x25, 0x1f, 0xbf, 0x22, 0x58, 0x20, 0x8f, 0xd8, 0xdf,
+ 0x53, 0xdd, 0x95, 0x7a, 0x90, 0xff, 0xe3, 0x40, 0xbf, 0xda, 0x19, 0x0c, 0x14, 0x41, 0x1c,
+ 0x76, 0x73, 0x4e, 0x86, 0x94, 0x7d, 0x2c, 0x21, 0x5f, 0x5e, 0x05, 0x26, 0x15, 0x4f, 0x84,
+ 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x01, 0x04, 0xa9, 0x01, 0x66, 0x69, 0x73, 0x73, 0x75,
+ 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00, 0x47, 0x44,
+ 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54, 0xe2, 0x2c,
- 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d, 0x2e, 0x20,
- 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a, 0x00, 0x47,
- 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d, 0x70, 0x6f,
- 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44, 0x54, 0x58,
- 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8, 0x96, 0x54,
+ 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0, 0x66, 0x0d,
+ 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30, 0x38, 0x3a,
+ 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63, 0x6f, 0x6d,
+ 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00, 0x47, 0x44,
+ 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47, 0x44, 0x57,
- 0x58, 0x70, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x76, 0x82, 0x58,
- 0xce, 0x99, 0x1c, 0x29, 0xa1, 0x81, 0x3e, 0x22, 0xe3, 0x02, 0x13, 0xea, 0x2a, 0x25, 0x2e,
- 0x20, 0x14, 0xeb, 0x45, 0x0d, 0xb8, 0xdb, 0x8c, 0x38, 0xef, 0xeb, 0x25, 0xd6, 0x31, 0x22,
- 0x58, 0x20, 0xbe, 0x55, 0xba, 0x87, 0x17, 0xc2, 0x5b, 0xb6, 0x56, 0xff, 0x4b, 0xf0, 0x8a,
- 0x98, 0x57, 0x86, 0xa4, 0x36, 0x0a, 0x90, 0x38, 0xce, 0x66, 0xec, 0xcb, 0x25, 0x30, 0x29,
- 0x83, 0x02, 0x02, 0xc0, 0x23, 0x58, 0x20, 0x73, 0xdf, 0xc3, 0x4a, 0xe4, 0x2e, 0xbd, 0x04,
- 0x09, 0xec, 0x91, 0xc7, 0xe7, 0xf1, 0xec, 0x55, 0x10, 0x7e, 0xd1, 0x36, 0x5e, 0x9d, 0x11,
- 0x71, 0x27, 0xee, 0x30, 0x7b, 0x04, 0x45, 0x5f, 0x95, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41,
- 0x20, 0x58, 0x40, 0x44, 0x7f, 0x1a, 0x67, 0x16, 0xa0, 0x49, 0xfe, 0x2c, 0xde, 0x87, 0x38,
- 0xef, 0xb9, 0xe0, 0x19, 0x25, 0x7d, 0xcc, 0x39, 0x53, 0x27, 0xbd, 0x2c, 0x04, 0x6c, 0xe3,
- 0x5c, 0x5e, 0xd6, 0x27, 0x09, 0xb9, 0xf7, 0x8c, 0x2b, 0xd2, 0x68, 0xc3, 0xf1, 0x23, 0xcf,
- 0xc6, 0xfc, 0x21, 0xb3, 0x52, 0x48, 0xe6, 0x8a, 0x89, 0x3e, 0x37, 0x24, 0x13, 0x23, 0x80,
- 0xb2, 0xc7, 0xa7, 0xc6, 0xf1, 0xec, 0x04, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02,
- 0x0f, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a,
- 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79,
- 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f,
- 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65,
- 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66,
- 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65,
- 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65,
- 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f,
- 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72,
- 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74,
- 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66,
- 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72,
- 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62,
- 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c,
- 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65,
- 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72,
- 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65,
- 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a, 0x00, 0x47,
+ 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xb8,
+ 0x42, 0x01, 0xd7, 0xf0, 0xb7, 0x57, 0x98, 0xe3, 0x05, 0xf5, 0xcf, 0xef, 0x7b, 0x38, 0x39,
+ 0x6d, 0x55, 0x68, 0x72, 0xa6, 0x46, 0xd3, 0x16, 0x89, 0x1a, 0x3a, 0x9b, 0xc8, 0xce, 0xc0,
+ 0x1c, 0x22, 0x58, 0x20, 0xd1, 0xd5, 0x0e, 0xb8, 0xd0, 0x99, 0x09, 0x41, 0x63, 0x93, 0x33,
+ 0x20, 0xef, 0x84, 0xbb, 0xf5, 0xc9, 0x27, 0x4b, 0x52, 0x33, 0xa9, 0x07, 0xcc, 0x5d, 0x22,
+ 0xab, 0xf6, 0x8f, 0x2d, 0x15, 0x41, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x40,
+ 0xd0, 0x6d, 0xb0, 0xd2, 0x49, 0xc8, 0xd3, 0x81, 0xdd, 0x10, 0x4b, 0xd9, 0x49, 0x45, 0x93,
+ 0x10, 0xd5, 0x1b, 0xc7, 0x59, 0x66, 0x6f, 0x6c, 0x06, 0xb5, 0x72, 0x98, 0x51, 0x2d, 0xed,
+ 0xa0, 0xd9, 0xbb, 0x4a, 0xe6, 0x9b, 0x67, 0x31, 0xd9, 0x27, 0xd0, 0x9c, 0xf8, 0x3d, 0xfc,
+ 0x61, 0x8d, 0x53, 0x13, 0x53, 0x68, 0xb4, 0xb5, 0x41, 0x4c, 0xea, 0x6a, 0x28, 0xbb, 0xcb,
+ 0x63, 0x4d, 0xd0, 0x20, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0f, 0x82, 0x58,
+ 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
+ 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d,
+ 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e,
+ 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+ 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d,
+ 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76,
+ 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78,
+ 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65,
+ 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31,
+ 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66,
+ 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64,
+ 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
+ 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79,
+ 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74,
0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34,
- 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x35, 0xeb,
- 0x56, 0xed, 0x62, 0x13, 0x6a, 0x41, 0x89, 0xf6, 0x72, 0xa6, 0xf1, 0x5c, 0xd1, 0xf6, 0x34,
- 0xbd, 0x81, 0xdb, 0x2e, 0x0b, 0x4d, 0xf6, 0x69, 0x6f, 0xa6, 0xf3, 0xce, 0x27, 0x2c, 0x78,
- 0x22, 0x58, 0x20, 0xac, 0xa9, 0x9f, 0x62, 0x81, 0x58, 0xc7, 0x10, 0xd7, 0xb5, 0xa8, 0xa0,
- 0x7b, 0x11, 0xf5, 0x75, 0xdb, 0xd9, 0xa2, 0x1d, 0x86, 0x34, 0xc6, 0xf4, 0x23, 0x79, 0xcc,
- 0x8a, 0x87, 0x3c, 0xb2, 0xd0, 0x23, 0x58, 0x20, 0x0f, 0x2c, 0x5a, 0xb7, 0xe1, 0x3b, 0x24,
- 0xa3, 0x4f, 0xaa, 0x49, 0x51, 0xfc, 0x8c, 0xd0, 0x35, 0x43, 0x7c, 0x21, 0xfa, 0x7d, 0x56,
- 0x97, 0x69, 0xe1, 0x81, 0xf5, 0x88, 0x15, 0x33, 0xa0, 0x7f, 0xa6, 0x01, 0x02, 0x03, 0x26,
- 0x20, 0x01, 0x21, 0x58, 0x20, 0xb5, 0xcc, 0xd9, 0x4f, 0x7a, 0xe2, 0xca, 0xac, 0xfe, 0xa5,
- 0x65, 0x0c, 0x6a, 0xa8, 0x16, 0x45, 0x40, 0x41, 0x1c, 0xb2, 0x64, 0xcd, 0x34, 0xe8, 0x37,
- 0x88, 0xb9, 0x9a, 0xb3, 0xc3, 0xfd, 0x6a, 0x22, 0x58, 0x20, 0x5e, 0xbe, 0xff, 0x98, 0x60,
- 0x6e, 0x1d, 0x6b, 0x42, 0x60, 0x59, 0xe9, 0x42, 0x95, 0xc8, 0x2e, 0xc5, 0xb6, 0x66, 0x4a,
- 0x53, 0xf1, 0x73, 0x02, 0xcb, 0x89, 0x8a, 0x2a, 0xc9, 0xa5, 0xa3, 0x39, 0x23, 0x58, 0x21,
- 0x00, 0xdb, 0xda, 0x3c, 0x3e, 0x27, 0x71, 0x5e, 0xd0, 0x2b, 0x09, 0xb8, 0x6f, 0xe2, 0x2c,
- 0xdd, 0x0a, 0xbf, 0x1d, 0x94, 0x36, 0xd2, 0x33, 0x88, 0x6e, 0x66, 0x05, 0x21, 0x92, 0x64,
- 0x79, 0xa9, 0x10, 0x58, 0x40, 0x87, 0xcf, 0xaa, 0x82, 0x6a, 0xba, 0x25, 0x8b, 0x81, 0xd8,
- 0x14, 0xca, 0xbd, 0xf4, 0x67, 0xdf, 0xc8, 0x2c, 0xa1, 0x04, 0x57, 0x99, 0xa0, 0x54, 0xe7,
- 0x9b, 0xb2, 0xd0, 0xaf, 0xdd, 0x07, 0x46, 0x0a, 0xd7, 0xbd, 0xa7, 0xf9, 0xa8, 0x0c, 0x08,
- 0x1e, 0x9c, 0xae, 0x73, 0x4c, 0x22, 0x6e, 0x56, 0x8b, 0xe4, 0x91, 0x54, 0xa4, 0x7a, 0xb0,
- 0xf5, 0xe4, 0x5d, 0xa9, 0x8f, 0xae, 0x43, 0x95, 0x7a};
+ 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73,
+ 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73,
+ 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c,
+ 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61,
+ 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82,
+ 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0xd5, 0x0b, 0x27, 0x39, 0xa3,
+ 0xd5, 0xfd, 0xd9, 0x4f, 0x87, 0x4a, 0x97, 0x17, 0x60, 0x6c, 0x63, 0x55, 0x13, 0xa0, 0xf5,
+ 0x1c, 0x2b, 0xe7, 0x0e, 0x8e, 0xdb, 0x76, 0x82, 0x69, 0x5a, 0x46, 0xec, 0x22, 0x58, 0x20,
+ 0xa6, 0x08, 0xb3, 0x57, 0xaa, 0x5f, 0x72, 0x2b, 0xb1, 0xf0, 0x43, 0x52, 0xf4, 0xcb, 0x97,
+ 0x39, 0xfd, 0x54, 0x79, 0xa3, 0xaf, 0x07, 0xb7, 0xbe, 0xbc, 0x93, 0xc1, 0xb6, 0x9b, 0x2f,
+ 0x75, 0x1b, 0x23, 0x58, 0x21, 0x00, 0xb4, 0x59, 0xe3, 0x78, 0x6f, 0x3f, 0xbd, 0xdc, 0x38,
+ 0x8a, 0xa5, 0x7d, 0xbe, 0xe0, 0xce, 0xf9, 0x2e, 0x9a, 0x5b, 0xfc, 0xbd, 0x4d, 0x27, 0x7b,
+ 0xa7, 0xc8, 0xda, 0xaa, 0xe4, 0xcd, 0xf3, 0xd2, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01,
+ 0x21, 0x58, 0x20, 0x10, 0x6c, 0xe8, 0x71, 0xa8, 0x78, 0x9d, 0x29, 0xbe, 0xf8, 0x84, 0x39,
+ 0xd4, 0xa2, 0xf5, 0x3e, 0x09, 0xf1, 0xd4, 0x81, 0x59, 0x24, 0x63, 0x07, 0xae, 0x25, 0xad,
+ 0x24, 0x72, 0x0f, 0x8b, 0xd0, 0x22, 0x58, 0x20, 0xe8, 0xba, 0x76, 0x49, 0x7b, 0x97, 0x98,
+ 0xcf, 0xbb, 0x90, 0xfa, 0x30, 0x3a, 0x2d, 0x88, 0xfe, 0x3f, 0xc6, 0x75, 0x05, 0x7b, 0x59,
+ 0xdf, 0x14, 0xd8, 0xde, 0x4d, 0x51, 0x8b, 0x2f, 0x5a, 0xc7, 0x23, 0x58, 0x20, 0x76, 0x11,
+ 0x2f, 0x31, 0xe5, 0xc2, 0xbb, 0xa7, 0x2c, 0x2b, 0x2f, 0x73, 0x16, 0x29, 0xf8, 0x67, 0x66,
+ 0x44, 0x7f, 0x3f, 0x22, 0xa2, 0x40, 0x45, 0x12, 0xac, 0x97, 0x06, 0xc8, 0x66, 0x08, 0xc9,
+ 0x58, 0x40, 0x11, 0x65, 0x46, 0xfa, 0xbd, 0xe3, 0xd3, 0x1b, 0x0d, 0x78, 0x23, 0x2e, 0x5d,
+ 0x48, 0x3c, 0xab, 0xd3, 0x74, 0xf8, 0x41, 0x88, 0x9b, 0x48, 0xf3, 0x93, 0x06, 0x40, 0x1b,
+ 0x5f, 0x60, 0x7b, 0xbe, 0xd8, 0xa6, 0x65, 0xff, 0x6a, 0x89, 0x24, 0x12, 0x1b, 0xac, 0xa3,
+ 0xd5, 0x37, 0x85, 0x6e, 0x53, 0x8d, 0xa5, 0x07, 0xe7, 0xe7, 0x44, 0x2c, 0xba, 0xa0, 0xbe,
+ 0x1a, 0x43, 0xde, 0x28, 0x59, 0x65, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70,
+ 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f, 0x70, 0x72,
+ 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x31, 0x3a,
+ 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30, 0x35, 0x2e,
+ 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61, 0x73, 0x65,
+ 0x2d, 0x6b, 0x65, 0x79, 0x73};
inline const std::vector<uint8_t> kKeysToSignForCsrWithoutUdsCerts = {
- 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x50, 0x43, 0xb4, 0xf1,
- 0xc1, 0x7f, 0x17, 0xc6, 0x3b, 0x56, 0x27, 0x63, 0x03, 0x18, 0x78, 0x9d, 0x63, 0x93, 0x3b,
- 0x98, 0xed, 0x55, 0x8c, 0x87, 0x1b, 0xd7, 0x89, 0xb6, 0x81, 0x92, 0x5f, 0x24, 0x22, 0x58,
- 0x20, 0xd5, 0x24, 0x93, 0xda, 0x3e, 0x32, 0x17, 0xfa, 0xe8, 0x8d, 0x1e, 0xa9, 0xe0, 0x84,
- 0x4e, 0x1c, 0x6a, 0xef, 0x9a, 0xe3, 0xbe, 0x1d, 0xf1, 0x14, 0xe0, 0x9e, 0x82, 0xc8, 0x92,
- 0x1a, 0x3a, 0x69, 0x23, 0x58, 0x20, 0x29, 0xcb, 0x16, 0x78, 0x61, 0x35, 0x92, 0x3f, 0x71,
- 0xc4, 0x66, 0x61, 0xd4, 0xd4, 0x20, 0x8a, 0x86, 0x1e, 0xb0, 0x2b, 0x2f, 0x4f, 0x13, 0xb4,
- 0x0d, 0x89, 0x60, 0x87, 0x77, 0xac, 0x1a, 0x0f, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01,
- 0x21, 0x58, 0x20, 0x4b, 0xcc, 0x7a, 0x09, 0x99, 0x76, 0xe7, 0xfa, 0x06, 0xb9, 0x19, 0x22,
- 0x15, 0x3b, 0x9f, 0xa8, 0x34, 0x77, 0x24, 0x27, 0x8c, 0x8a, 0x97, 0x61, 0xf3, 0x6f, 0x29,
- 0x74, 0x4e, 0x9a, 0x66, 0x23, 0x22, 0x58, 0x20, 0x8f, 0xa8, 0xaf, 0x2b, 0x02, 0x3a, 0xd4,
- 0x8a, 0xa2, 0x9d, 0x25, 0xa8, 0x01, 0xe7, 0xbd, 0x61, 0x25, 0x88, 0xb4, 0xc9, 0xce, 0x05,
- 0x43, 0xcc, 0x0d, 0x38, 0x7d, 0xe2, 0xda, 0x03, 0xb3, 0x33, 0x23, 0x58, 0x21, 0x00, 0xc8,
- 0x67, 0xb8, 0xbe, 0xc4, 0x1c, 0xca, 0x3c, 0x73, 0x3c, 0xbf, 0x52, 0xb2, 0x5a, 0x64, 0x9e,
- 0x9f, 0xae, 0xc6, 0x9f, 0x02, 0x2f, 0xee, 0x92, 0x1d, 0xdb, 0x01, 0x77, 0x27, 0x12, 0x84,
- 0x14};
+ 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x11, 0x29, 0x11, 0x96,
+ 0x98, 0x26, 0xb2, 0x3a, 0xf2, 0xf9, 0x95, 0xb7, 0x46, 0xb9, 0x38, 0x6e, 0x5e, 0x3d, 0x5e,
+ 0xb2, 0x19, 0x90, 0xc7, 0xd3, 0xbd, 0x49, 0x47, 0x55, 0xcb, 0xef, 0xeb, 0x89, 0x22, 0x58,
+ 0x20, 0x42, 0x87, 0xea, 0x75, 0x27, 0x42, 0x34, 0xeb, 0xe8, 0xb5, 0x50, 0xdf, 0xb0, 0xbf,
+ 0xef, 0x6b, 0x62, 0x90, 0x5c, 0xd1, 0xe8, 0x2b, 0x4d, 0x02, 0x58, 0xe6, 0xca, 0xda, 0xe6,
+ 0x33, 0x97, 0xff, 0x23, 0x58, 0x21, 0x00, 0x9b, 0x34, 0xdb, 0x1e, 0xe6, 0x53, 0x72, 0xaf,
+ 0x67, 0xb5, 0x5e, 0x9a, 0xee, 0x07, 0x31, 0x77, 0xa3, 0x8b, 0x6a, 0xe9, 0x58, 0x97, 0x04,
+ 0xe2, 0xa2, 0x48, 0x0f, 0xdf, 0x26, 0x4d, 0xe5, 0xbb, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20,
+ 0x01, 0x21, 0x58, 0x20, 0xf9, 0xd7, 0x37, 0x75, 0x6b, 0x55, 0xc7, 0x64, 0xf9, 0xe2, 0x59,
+ 0x8f, 0x11, 0x48, 0xa1, 0xac, 0x95, 0xb1, 0xe3, 0x60, 0xe5, 0xa8, 0xa4, 0x2f, 0xb5, 0xcb,
+ 0x90, 0x1e, 0x9e, 0xcb, 0x4c, 0xab, 0x22, 0x58, 0x20, 0x20, 0xad, 0x7b, 0xeb, 0xba, 0x5d,
+ 0x3c, 0xd5, 0xa3, 0x6d, 0x86, 0x6e, 0x3f, 0x38, 0xb8, 0x44, 0x32, 0x4b, 0xe7, 0x97, 0xea,
+ 0xf8, 0x3d, 0xc2, 0xc0, 0x7c, 0x1b, 0x49, 0xe4, 0x22, 0x23, 0xc7, 0x23, 0x58, 0x20, 0x5f,
+ 0x1f, 0x80, 0xe2, 0xcf, 0x59, 0x1d, 0x7e, 0x98, 0x51, 0x78, 0xbe, 0xf8, 0x88, 0x0b, 0x64,
+ 0x1b, 0xc8, 0xf2, 0x7b, 0x12, 0x22, 0x53, 0xd9, 0xd5, 0x8d, 0x32, 0xe7, 0x7f, 0x0e, 0x97,
+ 0x09};
inline const std::vector<uint8_t> kCsrWithoutUdsCerts{
- 0x84, 0x01, 0xa0, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x38, 0x22, 0x20, 0x02, 0x21, 0x58, 0x30,
- 0x21, 0x09, 0x81, 0xb2, 0x4c, 0x8e, 0x23, 0x63, 0x46, 0xe5, 0x32, 0x1e, 0x1b, 0xa3, 0x39,
- 0x47, 0xd1, 0x19, 0x91, 0xc5, 0xe1, 0xd0, 0x51, 0xa4, 0x4e, 0x6d, 0xfd, 0x21, 0x46, 0xf3,
- 0x65, 0x6b, 0xd3, 0xec, 0x20, 0x21, 0xf8, 0xef, 0x39, 0x50, 0x0a, 0xfc, 0x6d, 0x18, 0xf8,
- 0x90, 0x1c, 0xc8, 0x22, 0x58, 0x30, 0x80, 0x1f, 0xd8, 0xe3, 0x64, 0x51, 0x48, 0x66, 0xa5,
- 0xad, 0x05, 0xcb, 0xe4, 0xee, 0x0f, 0x20, 0xc1, 0xca, 0x84, 0xc2, 0xe0, 0xcc, 0x22, 0x06,
- 0x7c, 0x5e, 0x2c, 0xb3, 0x3b, 0x52, 0xd4, 0xe7, 0xc1, 0xe2, 0x57, 0x9d, 0x8a, 0xa6, 0x5c,
- 0x08, 0xbb, 0x77, 0x07, 0xa8, 0x39, 0xba, 0x9f, 0x5f, 0x23, 0x58, 0x31, 0x00, 0xff, 0x5f,
- 0xa3, 0x03, 0x87, 0x70, 0xe5, 0xf0, 0x69, 0xcd, 0x0a, 0x32, 0x9e, 0x4a, 0xe8, 0x07, 0x1f,
- 0x26, 0xb9, 0x8a, 0x01, 0x83, 0xfe, 0xb9, 0x21, 0x22, 0x49, 0x9d, 0x9f, 0x78, 0x48, 0xf4,
- 0x24, 0x87, 0xe8, 0x4d, 0xab, 0xd5, 0xe9, 0xd6, 0x90, 0x49, 0x4b, 0x42, 0xb4, 0x68, 0xac,
- 0xf1, 0x84, 0x44, 0xa1, 0x01, 0x38, 0x22, 0xa0, 0x59, 0x01, 0x28, 0xa9, 0x01, 0x66, 0x69,
- 0x73, 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a,
- 0x00, 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x84, 0x01, 0xa0, 0x82, 0xa4, 0x01, 0x01, 0x03, 0x27, 0x20, 0x06, 0x21, 0x58, 0x20, 0xca,
+ 0x73, 0xd6, 0x09, 0x91, 0xec, 0x92, 0x63, 0xee, 0x9f, 0x7c, 0x79, 0x3e, 0x80, 0xa9, 0xc9,
+ 0x4e, 0xf7, 0x3b, 0x5b, 0x41, 0xa4, 0x56, 0xc1, 0x9e, 0xf3, 0x80, 0x16, 0x6d, 0xfe, 0x14,
+ 0x98, 0x84, 0x43, 0xa1, 0x01, 0x27, 0xa0, 0x59, 0x01, 0x04, 0xa9, 0x01, 0x66, 0x69, 0x73,
+ 0x73, 0x75, 0x65, 0x72, 0x02, 0x67, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x3a, 0x00,
+ 0x47, 0x44, 0x50, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20,
- 0xb8, 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63,
- 0xf0, 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39,
- 0x30, 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e,
- 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a,
- 0x00, 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x52, 0x58, 0x20, 0xb8,
+ 0x96, 0x54, 0xe2, 0x2c, 0xa4, 0xd2, 0x4a, 0x9c, 0x0e, 0x45, 0x11, 0xc8, 0xf2, 0x63, 0xf0,
+ 0x66, 0x0d, 0x2e, 0x20, 0x48, 0x96, 0x90, 0x14, 0xf4, 0x54, 0x63, 0xc4, 0xf4, 0x39, 0x30,
+ 0x38, 0x3a, 0x00, 0x47, 0x44, 0x53, 0x55, 0xa1, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x6e, 0x63,
+ 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x00,
+ 0x47, 0x44, 0x54, 0x58, 0x20, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
- 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01,
- 0x3a, 0x00, 0x47, 0x44, 0x57, 0x58, 0x71, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21,
- 0x58, 0x20, 0x2d, 0x41, 0x43, 0x19, 0xf2, 0x91, 0x58, 0x12, 0x65, 0x2e, 0x96, 0xb5, 0x9d,
- 0x12, 0x18, 0x58, 0x54, 0x11, 0xed, 0x41, 0x30, 0xef, 0xa4, 0xee, 0x69, 0x8f, 0x0c, 0x6e,
- 0xe6, 0x27, 0xc5, 0x20, 0x22, 0x58, 0x20, 0x21, 0x0e, 0x8f, 0x83, 0xe5, 0xeb, 0x40, 0x89,
- 0xc2, 0x0a, 0x43, 0x6c, 0x9f, 0xa8, 0x4e, 0xe0, 0xba, 0x9e, 0xba, 0x4f, 0xe3, 0x27, 0xc4,
- 0xbd, 0x41, 0xa0, 0xd6, 0xe9, 0x55, 0x54, 0x17, 0x78, 0x23, 0x58, 0x21, 0x00, 0xb6, 0x33,
- 0x44, 0x98, 0xa7, 0x1c, 0x90, 0x13, 0xcc, 0x42, 0x71, 0x43, 0x29, 0xe5, 0xe1, 0x57, 0x89,
- 0x7a, 0x39, 0x17, 0x7c, 0xcc, 0x03, 0xac, 0xd3, 0x1b, 0xd2, 0xae, 0x29, 0x5f, 0xd6, 0xf8,
- 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20, 0x58, 0x60, 0xc4, 0x54, 0xad, 0x40, 0xa2, 0x07,
- 0xc7, 0x80, 0xbd, 0x41, 0x77, 0x5d, 0xa7, 0xa2, 0xef, 0xef, 0x92, 0x67, 0x24, 0xab, 0xa1,
- 0x4a, 0x5e, 0x4f, 0x73, 0xfb, 0x5c, 0x1f, 0xe6, 0x46, 0x2f, 0xb9, 0x1b, 0x71, 0x86, 0x87,
- 0x29, 0xc4, 0x66, 0xb7, 0x3e, 0x85, 0x13, 0x9a, 0xa3, 0xf8, 0xfc, 0x63, 0x26, 0xe0, 0xba,
- 0x0b, 0xe0, 0x9b, 0x2e, 0x7d, 0x06, 0x06, 0xb8, 0x2f, 0xdd, 0x0c, 0xa5, 0x90, 0x1c, 0x10,
- 0x1c, 0x55, 0xf9, 0x65, 0xf6, 0x26, 0x40, 0x41, 0xaf, 0x5c, 0x16, 0x03, 0xf3, 0xee, 0x8d,
- 0x72, 0x2c, 0x6b, 0x1e, 0xb3, 0x1f, 0x96, 0x97, 0x34, 0x61, 0x0d, 0x5c, 0xe4, 0x94, 0x6a,
- 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0f, 0x82, 0x58, 0x20, 0x01, 0x02, 0x03,
- 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
- 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59,
- 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d, 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62,
- 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73,
- 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c,
- 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x67,
- 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70, 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76,
- 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67, 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f,
- 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61,
- 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65, 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67,
- 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61, 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73,
- 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd,
- 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76,
- 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74,
- 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62,
- 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65,
- 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f,
+ 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x3a, 0x00, 0x47, 0x44, 0x56, 0x41, 0x01, 0x3a,
+ 0x00, 0x47, 0x44, 0x57, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58,
+ 0x20, 0x45, 0x71, 0x10, 0x9a, 0x1b, 0x9c, 0x9f, 0x3c, 0x6e, 0x29, 0xf9, 0x6d, 0xb9, 0x93,
+ 0x4a, 0xf2, 0x88, 0xf1, 0x3a, 0xf7, 0x69, 0xf9, 0xf3, 0x54, 0x91, 0x3a, 0x12, 0x4f, 0xd0,
+ 0xbb, 0xb7, 0x0d, 0x22, 0x58, 0x20, 0x56, 0x8b, 0xb0, 0x0e, 0xd3, 0x8d, 0x12, 0xf5, 0x17,
+ 0xd2, 0x6b, 0x21, 0xdf, 0x4d, 0xb8, 0xaa, 0x17, 0x65, 0x02, 0x4e, 0x5c, 0x0a, 0x77, 0x93,
+ 0x64, 0x1e, 0x8d, 0xbc, 0x6a, 0xa1, 0x26, 0xe7, 0x3a, 0x00, 0x47, 0x44, 0x58, 0x41, 0x20,
+ 0x58, 0x40, 0xb0, 0x7b, 0xdd, 0xa5, 0x8e, 0xcb, 0xce, 0xf9, 0x89, 0xfb, 0x21, 0x4b, 0x29,
+ 0x34, 0xff, 0x6b, 0x0e, 0xc1, 0xff, 0x51, 0xba, 0x12, 0x12, 0xa0, 0x93, 0x2c, 0x09, 0xca,
+ 0x3a, 0x02, 0x81, 0x2a, 0x5b, 0x6f, 0x8d, 0x58, 0x21, 0x94, 0x30, 0xde, 0x99, 0x8b, 0x36,
+ 0x69, 0x45, 0xa1, 0x52, 0x5c, 0x7b, 0x36, 0x4f, 0xec, 0x4f, 0x40, 0x5f, 0x10, 0xdf, 0x26,
+ 0x18, 0xea, 0x4b, 0x72, 0x9f, 0x05, 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x59, 0x02, 0x0f,
+ 0x82, 0x58, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c,
+ 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b,
+ 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x59, 0x01, 0xe9, 0x84, 0x03, 0x67, 0x6b, 0x65, 0x79, 0x6d,
+ 0x69, 0x6e, 0x74, 0xae, 0x65, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x66, 0x47, 0x6f, 0x6f, 0x67,
+ 0x6c, 0x65, 0x65, 0x66, 0x75, 0x73, 0x65, 0x64, 0x01, 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c,
+ 0x65, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x66, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65, 0x66, 0x64,
+ 0x65, 0x76, 0x69, 0x63, 0x65, 0x67, 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x65, 0x70,
+ 0x69, 0x78, 0x65, 0x6c, 0x68, 0x76, 0x62, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x65, 0x67,
+ 0x72, 0x65, 0x65, 0x6e, 0x6a, 0x6f, 0x73, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
+ 0x62, 0x31, 0x32, 0x6c, 0x6d, 0x61, 0x6e, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, 0x72, 0x65,
+ 0x72, 0x66, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x6d, 0x76, 0x62, 0x6d, 0x65, 0x74, 0x61,
+ 0x5f, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x4f, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+ 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69,
+ 0x74, 0x79, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x63, 0x74, 0x65, 0x65, 0x70, 0x62, 0x6f,
+ 0x6f, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a,
+ 0x01, 0x34, 0x8c, 0x62, 0x70, 0x62, 0x6f, 0x6f, 0x74, 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x72,
+ 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65, 0x66, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x72, 0x73,
+ 0x79, 0x73, 0x74, 0x65, 0x6d, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76,
+ 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f,
0x70, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c,
- 0x61, 0x72, 0x76, 0x65, 0x6e, 0x64, 0x6f, 0x72, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5f,
- 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x1a, 0x01, 0x34, 0x8c, 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03,
- 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x50, 0x43, 0xb4, 0xf1, 0xc1, 0x7f, 0x17, 0xc6, 0x3b,
- 0x56, 0x27, 0x63, 0x03, 0x18, 0x78, 0x9d, 0x63, 0x93, 0x3b, 0x98, 0xed, 0x55, 0x8c, 0x87,
- 0x1b, 0xd7, 0x89, 0xb6, 0x81, 0x92, 0x5f, 0x24, 0x22, 0x58, 0x20, 0xd5, 0x24, 0x93, 0xda,
- 0x3e, 0x32, 0x17, 0xfa, 0xe8, 0x8d, 0x1e, 0xa9, 0xe0, 0x84, 0x4e, 0x1c, 0x6a, 0xef, 0x9a,
- 0xe3, 0xbe, 0x1d, 0xf1, 0x14, 0xe0, 0x9e, 0x82, 0xc8, 0x92, 0x1a, 0x3a, 0x69, 0x23, 0x58,
- 0x20, 0x29, 0xcb, 0x16, 0x78, 0x61, 0x35, 0x92, 0x3f, 0x71, 0xc4, 0x66, 0x61, 0xd4, 0xd4,
- 0x20, 0x8a, 0x86, 0x1e, 0xb0, 0x2b, 0x2f, 0x4f, 0x13, 0xb4, 0x0d, 0x89, 0x60, 0x87, 0x77,
- 0xac, 0x1a, 0x0f, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x4b, 0xcc,
- 0x7a, 0x09, 0x99, 0x76, 0xe7, 0xfa, 0x06, 0xb9, 0x19, 0x22, 0x15, 0x3b, 0x9f, 0xa8, 0x34,
- 0x77, 0x24, 0x27, 0x8c, 0x8a, 0x97, 0x61, 0xf3, 0x6f, 0x29, 0x74, 0x4e, 0x9a, 0x66, 0x23,
- 0x22, 0x58, 0x20, 0x8f, 0xa8, 0xaf, 0x2b, 0x02, 0x3a, 0xd4, 0x8a, 0xa2, 0x9d, 0x25, 0xa8,
- 0x01, 0xe7, 0xbd, 0x61, 0x25, 0x88, 0xb4, 0xc9, 0xce, 0x05, 0x43, 0xcc, 0x0d, 0x38, 0x7d,
- 0xe2, 0xda, 0x03, 0xb3, 0x33, 0x23, 0x58, 0x21, 0x00, 0xc8, 0x67, 0xb8, 0xbe, 0xc4, 0x1c,
- 0xca, 0x3c, 0x73, 0x3c, 0xbf, 0x52, 0xb2, 0x5a, 0x64, 0x9e, 0x9f, 0xae, 0xc6, 0x9f, 0x02,
- 0x2f, 0xee, 0x92, 0x1d, 0xdb, 0x01, 0x77, 0x27, 0x12, 0x84, 0x14, 0x58, 0x40, 0x6c, 0xd5,
- 0x66, 0x0a, 0x99, 0xdd, 0x32, 0x47, 0x50, 0x1f, 0x5d, 0x46, 0x40, 0x8a, 0x60, 0x25, 0xa0,
- 0x1b, 0x3c, 0x2a, 0xcf, 0xa1, 0x92, 0x1a, 0xdc, 0x81, 0xaa, 0xb0, 0x0f, 0xf2, 0xe6, 0x94,
- 0xce, 0x3d, 0xff, 0xac, 0x25, 0x44, 0xea, 0xf7, 0x0a, 0x89, 0x9d, 0xc4, 0x7e, 0xe5, 0x02,
- 0xa7, 0xb6, 0xc2, 0x40, 0x06, 0x65, 0xc5, 0xff, 0x19, 0xc5, 0xcd, 0x1c, 0xd5, 0x78, 0x01,
- 0xd4, 0xb8};
+ 0x63, 0x82, 0xa6, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, 0x21, 0x58, 0x20, 0x11, 0x29, 0x11,
+ 0x96, 0x98, 0x26, 0xb2, 0x3a, 0xf2, 0xf9, 0x95, 0xb7, 0x46, 0xb9, 0x38, 0x6e, 0x5e, 0x3d,
+ 0x5e, 0xb2, 0x19, 0x90, 0xc7, 0xd3, 0xbd, 0x49, 0x47, 0x55, 0xcb, 0xef, 0xeb, 0x89, 0x22,
+ 0x58, 0x20, 0x42, 0x87, 0xea, 0x75, 0x27, 0x42, 0x34, 0xeb, 0xe8, 0xb5, 0x50, 0xdf, 0xb0,
+ 0xbf, 0xef, 0x6b, 0x62, 0x90, 0x5c, 0xd1, 0xe8, 0x2b, 0x4d, 0x02, 0x58, 0xe6, 0xca, 0xda,
+ 0xe6, 0x33, 0x97, 0xff, 0x23, 0x58, 0x21, 0x00, 0x9b, 0x34, 0xdb, 0x1e, 0xe6, 0x53, 0x72,
+ 0xaf, 0x67, 0xb5, 0x5e, 0x9a, 0xee, 0x07, 0x31, 0x77, 0xa3, 0x8b, 0x6a, 0xe9, 0x58, 0x97,
+ 0x04, 0xe2, 0xa2, 0x48, 0x0f, 0xdf, 0x26, 0x4d, 0xe5, 0xbb, 0xa6, 0x01, 0x02, 0x03, 0x26,
+ 0x20, 0x01, 0x21, 0x58, 0x20, 0xf9, 0xd7, 0x37, 0x75, 0x6b, 0x55, 0xc7, 0x64, 0xf9, 0xe2,
+ 0x59, 0x8f, 0x11, 0x48, 0xa1, 0xac, 0x95, 0xb1, 0xe3, 0x60, 0xe5, 0xa8, 0xa4, 0x2f, 0xb5,
+ 0xcb, 0x90, 0x1e, 0x9e, 0xcb, 0x4c, 0xab, 0x22, 0x58, 0x20, 0x20, 0xad, 0x7b, 0xeb, 0xba,
+ 0x5d, 0x3c, 0xd5, 0xa3, 0x6d, 0x86, 0x6e, 0x3f, 0x38, 0xb8, 0x44, 0x32, 0x4b, 0xe7, 0x97,
+ 0xea, 0xf8, 0x3d, 0xc2, 0xc0, 0x7c, 0x1b, 0x49, 0xe4, 0x22, 0x23, 0xc7, 0x23, 0x58, 0x20,
+ 0x5f, 0x1f, 0x80, 0xe2, 0xcf, 0x59, 0x1d, 0x7e, 0x98, 0x51, 0x78, 0xbe, 0xf8, 0x88, 0x0b,
+ 0x64, 0x1b, 0xc8, 0xf2, 0x7b, 0x12, 0x22, 0x53, 0xd9, 0xd5, 0x8d, 0x32, 0xe7, 0x7f, 0x0e,
+ 0x97, 0x09, 0x58, 0x40, 0xe1, 0x9a, 0x3f, 0x36, 0x65, 0x7a, 0xfe, 0x1b, 0x99, 0xc9, 0x35,
+ 0x8f, 0xb5, 0x5c, 0xfe, 0x12, 0x9c, 0x6f, 0x0e, 0x97, 0x12, 0xbd, 0x26, 0x32, 0x46, 0xd9,
+ 0x08, 0x6b, 0x7c, 0xa1, 0xd3, 0x47, 0xd6, 0xba, 0xf0, 0x9c, 0xe0, 0x12, 0x37, 0x39, 0x75,
+ 0x88, 0xb5, 0xbe, 0xd8, 0x37, 0x33, 0x9b, 0x26, 0xfc, 0x38, 0x14, 0x28, 0xea, 0x47, 0xcc,
+ 0x1f, 0xf3, 0xfe, 0x44, 0x0c, 0x1e, 0x6f, 0x2b, 0xa1, 0x6b, 0x66, 0x69, 0x6e, 0x67, 0x65,
+ 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x78, 0x3b, 0x62, 0x72, 0x61, 0x6e, 0x64, 0x31, 0x2f,
+ 0x70, 0x72, 0x6f, 0x64, 0x75, 0x63, 0x74, 0x31, 0x2f, 0x64, 0x65, 0x76, 0x69, 0x63, 0x65,
+ 0x31, 0x3a, 0x31, 0x31, 0x2f, 0x69, 0x64, 0x2f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x38, 0x30,
+ 0x35, 0x2e, 0x34, 0x32, 0x3a, 0x75, 0x73, 0x65, 0x72, 0x2f, 0x72, 0x65, 0x6c, 0x65, 0x61,
+ 0x73, 0x65, 0x2d, 0x6b, 0x65, 0x79, 0x73};
const RpcHardwareInfo kRpcHardwareInfo = {.versionNumber = 3};
@@ -640,14 +651,87 @@
ASSERT_FALSE(*result) << "DICE Chain is proper";
}
+TEST(RemoteProvUtils, csrHasUdsCerts) {
+ auto csr = hwtrust::Csr::validate(kCsrWithUdsCerts, hwtrust::DiceChain::Kind::kVsr16,
+ false /*isFactory*/, false /*allowAnyMode*/,
+ deviceSuffix(DEFAULT_INSTANCE_NAME));
+ ASSERT_TRUE(csr.ok()) << csr.error().message();
+ ASSERT_TRUE(csr->hasUdsCerts());
+}
+
+TEST(RemoteProvUtils, csrDoesntHaveUdsCerts) {
+ auto csr = hwtrust::Csr::validate(kCsrWithoutUdsCerts, hwtrust::DiceChain::Kind::kVsr16,
+ false /*isFactory*/, false /*allowAnyMode*/,
+ deviceSuffix(DEFAULT_INSTANCE_NAME));
+ ASSERT_TRUE(csr.ok()) << csr.error().message();
+ ASSERT_FALSE(csr->hasUdsCerts());
+}
+
+TEST(RemoteProvUtils, csrHasCorrectChallenge) {
+ auto csr = hwtrust::Csr::validate(kCsrWithoutUdsCerts, hwtrust::DiceChain::Kind::kVsr16,
+ false /*isFactory*/, false /*allowAnyMode*/,
+ deviceSuffix(DEFAULT_INSTANCE_NAME));
+ ASSERT_TRUE(csr.ok()) << csr.error().message();
+
+ auto equal = csr->compareChallenge(kChallenge);
+ ASSERT_TRUE(equal.ok()) << equal.error().message();
+
+ ASSERT_TRUE(*equal) << kErrorChallengeMismatch;
+
+ auto zeroes = std::vector<uint8_t>(32, 0);
+ auto notEqual = csr->compareChallenge(zeroes);
+ ASSERT_TRUE(notEqual.ok()) << notEqual.error().message();
+
+ ASSERT_FALSE(*notEqual) << "ERROR: challenges are not different";
+}
+
+TEST(RemoteProvUtils, csrHasCorrectKeysToSign) {
+ auto csr = hwtrust::Csr::validate(kCsrWithoutUdsCerts, hwtrust::DiceChain::Kind::kVsr16,
+ false /*isFactory*/, false /*allowAnyMode*/,
+ deviceSuffix(DEFAULT_INSTANCE_NAME));
+ ASSERT_TRUE(csr.ok()) << csr.error().message();
+
+ auto equal = csr->compareKeysToSign(kKeysToSignForCsrWithoutUdsCerts);
+ ASSERT_TRUE(equal.ok()) << equal.error().message();
+ ASSERT_TRUE(*equal) << kErrorKeysToSignMismatch;
+
+ auto zeroes = std::vector<uint8_t>(kKeysToSignForCsrWithoutUdsCerts.size(), 0);
+ auto notEqual = csr->compareKeysToSign(zeroes);
+ ASSERT_TRUE(notEqual.ok()) << notEqual.error().message();
+ ASSERT_FALSE(*notEqual) << kErrorKeysToSignMismatch;
+}
+
+TEST(RemoteProvUtilsTest, allowDegenerateDiceChainWhenDegenerate) {
+ auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithDegenerateDiceChain);
+ ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
+
+ const auto keysToSign = keysToSignPtr->asArray();
+ auto csr = verifyFactoryCsr(*keysToSign, kCsrWithDegenerateDiceChain, kRpcHardwareInfo,
+ DEFAULT_INSTANCE_NAME, kChallenge,
+ /*allowDegenerate=*/true, /*requireUdsCerts=*/false);
+ ASSERT_TRUE(csr) << csr.message();
+}
+
+TEST(RemoteProvUtilsTest, disallowDegenerateDiceChainWhenDegenerate) {
+ auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithDegenerateDiceChain);
+ ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
+
+ const auto keysToSign = keysToSignPtr->asArray();
+ auto csr = verifyFactoryCsr(*keysToSign, kCsrWithDegenerateDiceChain, kRpcHardwareInfo,
+ DEFAULT_INSTANCE_NAME, kChallenge,
+ /*allowDegenerate=*/false, /*requireUdsCerts=*/false);
+ ASSERT_FALSE(csr);
+ ASSERT_THAT(csr.message(), testing::HasSubstr(kErrorDiceChainIsDegenerate));
+}
+
TEST(RemoteProvUtilsTest, requireUdsCertsWhenPresent) {
auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithUdsCerts);
ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
const auto keysToSign = keysToSignPtr->asArray();
- auto csr =
- verifyFactoryCsr(*keysToSign, kCsrWithUdsCerts, kRpcHardwareInfo, "default", kChallenge,
- /*allowDegenerate=*/false, /*requireUdsCerts=*/true);
+ auto csr = verifyFactoryCsr(*keysToSign, kCsrWithUdsCerts, kRpcHardwareInfo,
+ DEFAULT_INSTANCE_NAME, kChallenge,
+ /*allowDegenerate=*/false, /*requireUdsCerts=*/true);
ASSERT_TRUE(csr) << csr.message();
}
@@ -667,13 +751,11 @@
DEFAULT_INSTANCE_NAME, kChallenge, /*allowDegenerate=*/false,
/*requireUdsCerts=*/true);
ASSERT_FALSE(csr);
- ASSERT_THAT(csr.message(), testing::HasSubstr("UdsCerts must not be empty"));
+ ASSERT_THAT(csr.message(), testing::HasSubstr(kErrorUdsCertsAreRequired));
}
TEST(RemoteProvUtilsTest, dontRequireUdsCertsWhenNotPresent) {
- auto [keysToSignPtr, _, errMsg] = cppbor::parse(
- kKeysToSignForCsrWithoutUdsCerts.data(),
- kKeysToSignForCsrWithoutUdsCerts.data() + kKeysToSignForCsrWithoutUdsCerts.size());
+ auto [keysToSignPtr, _, errMsg] = cppbor::parse(kKeysToSignForCsrWithoutUdsCerts);
ASSERT_TRUE(keysToSignPtr) << "Error: " << errMsg;
const auto* keysToSign = keysToSignPtr->asArray();
diff --git a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index b9c742a..f0745d7 100644
--- a/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/rkp/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -999,6 +999,7 @@
std::unique_ptr<cppbor::Array> csrPayload = std::move(*result);
ASSERT_TRUE(csrPayload);
+ ASSERT_TRUE(csrPayload->size() > 2);
auto deviceInfo = csrPayload->get(2)->asMap();
ASSERT_TRUE(deviceInfo);