9f9d1821730edc7969da1c993d9e07a4f95ec80e - platform/tools/security

commit	9f9d1821730edc7969da1c993d9e07a4f95ec80e	[log] [tgz]
author	Alan Stokes <alanstokes@google.com>	Wed Mar 30 15:45:50 2022 +0100
committer	Alan Stokes <alanstokes@google.com>	Thu Apr 07 10:25:24 2022 +0100
tree	7e6c7a06e5e100face3837b4de0d965bb1699692
parent	afada5a8a3cdedf92eddd9634eceb7b96d2c1b63 [diff]

Add validation for a complete BCC

We may have a complete Bcc chain encoded in a single CBOR value -
e.g. from IDiceNode::getAttestationChain. Add support for parsing and
validating these.

Enhance the command-line argument handling of the bcc_validator tool
to support both individual certs and a complete chain.

Add some more tests.

Bug: 225177477
Test: atest libcert_request_validator_tests
Test: Manual testing of argument handling
Change-Id: Ic190743334780734d49cf4e0610ed7c1f9350ba4

remote_provisioning/cert_validator/Android.bp[diff]
remote_provisioning/cert_validator/src/bcc.rs[diff]
remote_provisioning/cert_validator/src/bcc_main.rs[diff]
remote_provisioning/cert_validator/src/lib.rs[diff]
remote_provisioning/cert_validator/testdata/bcc/bad_final_signature.chain[Added - diff]
remote_provisioning/cert_validator/testdata/bcc/bad_pub_key.chain[Added - diff]
remote_provisioning/cert_validator/testdata/bcc/valid.chain[Added - diff]

7 files changed

tree: 7e6c7a06e5e100face3837b4de0d965bb1699692

fuzzing/
gdb/
remote_provisioning/
sanitizer-status/
CleanSpec.mk
OWNERS