fixup! add test to check protobuf encoding of the credential

[no changelog]

core/tests/test_apps.thp.credential_manager.py

@@ -14,6 +14,10 @@ def _dummy_log(name: str, msg: str, *args):
  pass
 
  log.debug = _dummy_log
+ DUMMY_KEY_1 = b"\x00\x00"
+ DUMMY_KEY_2 = b"\xff\xff"
+ HOST_NAME_1 = "host_name"
+ HOST_NAME_2 = "different host_name"
 
 
 @unittest.skipUnless(utils.USE_THP, "only needed for THP")
@@ -35,10 +39,6 @@ def test_invalidate_cred_auth_key(self):
  self.assertNotEqual(key1, key2)
 
  def test_credentials(self):
- DUMMY_KEY_1 = b"\x00\x00"
- DUMMY_KEY_2 = b"\xff\xff"
- HOST_NAME_1 = "host_name"
- HOST_NAME_2 = "different host_name"
 
  cred_1 = _issue_credential(HOST_NAME_1, DUMMY_KEY_1)
  cred_2 = _issue_credential(HOST_NAME_1, DUMMY_KEY_1)
@@ -58,6 +58,22 @@ def test_credentials(self):
  self.assertFalse(credential_manager.validate_credential(cred_3, DUMMY_KEY_1))
  self.assertTrue(credential_manager.validate_credential(cred_4, DUMMY_KEY_1))
 
+ def test_protobuf_encoding(self):
+ """
+ If the protobuf encoding of credentials changes in the future, this
+ test should be able to catch it.
+
+ When the test fails, it might be necessary to create custom parser
+ of credentials to ensure that credentials remain valid after FW update.
+ """
+ expected = b"\x0a\x0b\x0a\x09\x68\x6f\x73\x74\x5f\x6e\x61\x6d\x65\x12\x20\xf4\x44\x86\x2d\x00\x23\x1d\x02\xf3\x20\xbb\x58\xed\x13\x8f\xc6\x84\x9b\x6b\x73\x7a\x33\x25\xc4\x71\x79\x3b\x45\x15\xe4\x76\x67"
+
+ # Use hard-coded bytes as a "credential auth key" when issuing a credential
+ credential_manager.derive_cred_auth_key = lambda: b"\xBE\xEF"
+
+ credential = _issue_credential(HOST_NAME_1, DUMMY_KEY_1)
+ self.assertEqual(credential, expected)
+
 
 if __name__ == "__main__":
  unittest.main()