| // Copyright 2020 The Chromium OS Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef HWSEC_TEST_UTILS_VERIFIED_ACCESS_VERIFIED_ACCESS_H_ |
| #define HWSEC_TEST_UTILS_VERIFIED_ACCESS_VERIFIED_ACCESS_H_ |
| |
| #include <string> |
| |
| #include <attestation/proto_bindings/attestation_ca.pb.h> |
| #include <base/optional.h> |
| |
| namespace hwsec_test_utils { |
| namespace verified_access { |
| |
| // This functional class performs the operation at VA server part w/o expect for |
| // checking validity of key used to sign challenges. |
| class VerifiedAccessChallenge { |
| public: |
| VerifiedAccessChallenge(); |
| ~VerifiedAccessChallenge() = default; |
| // Not copyable or movable. |
| VerifiedAccessChallenge(const VerifiedAccessChallenge&) = delete; |
| VerifiedAccessChallenge& operator=(const VerifiedAccessChallenge&) = delete; |
| VerifiedAccessChallenge(VerifiedAccessChallenge&&) = delete; |
| VerifiedAccessChallenge& operator=(VerifiedAccessChallenge&&) = delete; |
| |
| // Creates |attestation::SignedData| which can be verified with the well-known |
| // VA signing key. The challenge string is set to |prefix|. Returns |
| // |base::nullopt| if the generation fails. |
| base::Optional<attestation::SignedData> GenerateChallenge( |
| const std::string& prefix); |
| |
| // Verifies |challenge_response|, which is generated by attestation service |
| // repsonding to the challenge with |prefix|. The SPKAC in |
| // |challenge_response| is encrypted by with well-known VA encryption key. |
| bool VerifyChallengeResponse( |
| const attestation::SignedData& signed_challenge_response, |
| const std::string& prefix); |
| }; |
| |
| } // namespace verified_access |
| } // namespace hwsec_test_utils |
| |
| #endif // HWSEC_TEST_UTILS_VERIFIED_ACCESS_VERIFIED_ACCESS_H_ |