Print device keys in test mode

When using the rkp_factory_extraction_tool in test mode, a fake device key is generated on the fly. This makes verifying the output difficult as the key is permanently lost. In test mode, print out the generated keys so that we can test if the output data is good or not. Test: Manually tested against backend service tooling not in AOSP Change-Id: Ibc30044c03f5107990da6d3a03b17aa652d4b1bc
2021-07-22 16:46:07 -07:00 · 2021-07-22 16:46:07 -07:00 · 9a4bc972c0
commit 9a4bc972c0
parent f2a9f3d234
1 changed files with 25 additions and 1 deletions
--- a/provisioner/rkp_factory_extraction_tool.cpp
+++ b/provisioner/rkp_factory_extraction_tool.cpp
@ -22,6 +22,7 @@
 #include <cppbor.h>
 #include <gflags/gflags.h>
 #include <keymaster/cppcose/cppcose.h>
+#include <openssl/base64.h>
 #include <remote_prov/remote_prov_utils.h>
 #include <sys/random.h>

@ -49,6 +50,26 @@ constexpr std::string_view kBuildPlusCsr = "build+csr";  // Text-encoded (JSON)

 constexpr size_t kChallengeSize = 16;

+std::string toBase64(const std::vector<uint8_t>& buffer) {
+    size_t base64Length;
+    int rc = EVP_EncodedLength(&base64Length, buffer.size());
+    if (!rc) {
+        std::cerr << "Error getting base64 length. Size overflow?" << std::endl;
+        exit(-1);
+    }
+
+    std::string base64(base64Length, ' ');
+    rc = EVP_EncodeBlock(reinterpret_cast<uint8_t*>(base64.data()), buffer.data(), buffer.size());
+    ++rc;  // Account for NUL, which BoringSSL does not for some reason.
+    if (rc != base64Length) {
+        std::cerr << "Error writing base64. Expected " << base64Length
+                  << " bytes to be written, but " << rc << " bytes were actually written."
+                  << std::endl;
+        exit(-1);
+    }
+    return base64;
+}
+
 std::vector<uint8_t> generateChallenge() {
    std::vector<uint8_t> challenge(kChallengeSize);

@ -96,7 +117,10 @@ std::vector<uint8_t> getEekChain() {
            std::cerr << "Failed to generate test EEK somehow: " << eekOrErr.message() << std::endl;
            exit(-1);
        }
-        auto [eek, ignored_pubkey, ignored_privkey] = eekOrErr.moveValue();
+        auto [eek, pubkey, privkey] = eekOrErr.moveValue();
+        std::cout << "EEK raw keypair:" << std::endl;
+        std::cout << "  pub:  " << toBase64(pubkey) << std::endl;
+        std::cout << "  priv: " << toBase64(privkey) << std::endl;
        return eek;
    }