commit 8d046265b87f5b40c341accc72246a24d36b5e99
author Max Bires <jbires@google.com> Mon Nov 21 01:48:59 2022 -0800
committer Max Bires <jbires@google.com> Tue Nov 22 10:45:55 2022 -0800
tree 3e0fb1aff47cbdd8088e548c5498d735a6b49a47
parent 3777e1cb44cb6b9b8004fc55df025598f63b2889

Document changes and clean up spec

This change clarifies some more items that have changed between v2 and
v3 of the IRPC spec, along with fixing and clarifying some more
messaging in the .aidl documentation.

Test: Someone else can intelligibly read what was written
Change-Id: Ia9fa1595a72c818f93ce6fb31ea38c97d997488b

security/rkp/CHANGELOG.md

diff --git a/security/rkp/CHANGELOG.md b/security/rkp/CHANGELOG.md
index 29b1a1c..c3e3609 100644
--- a/security/rkp/CHANGELOG.md
+++ b/security/rkp/CHANGELOG.md
@@ -27,7 +27,7 @@
     `"android.hardward.security.keymint"`).
 * ProtectedData has been removed.
 * DeviceInfo
-  * `version` has moved to a top-level field within the CSR generated by the HAL
+  * `version` has moved to a top-level field within the CSR generated by the HAL.
 * IRemotelyProvisionedComponent
   * The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.
   * Test mode has been removed.
@@ -36,5 +36,10 @@
     * the chain of signing, MACing, and encryption operations has been replaced with a single
       COSE_Sign1 object.
     * CertificateType has been added to identify the type of certificate being requested.
+    * The structure has been composed to enable a clear split between what is required to validate a
+      payload and the implementation-defined payload itself. This is done by creating a typed
+      `AuthenticatedRequest<T>` object representing the top level data required to authenticate
+      the data provided in the payload, `T`.
 * RpcHardwareInfo
   * `supportedNumKeysInCsr` added to report the maximum number of keys supported in a CSR.
+  * `supportedEekCurve` is no longer used, due to the removal of the EEK from the scheme.

security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

diff --git a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
index 78969d1..2fc780c 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
@@ -345,20 +345,20 @@
      * ]
      *
      * ; COSE_Sign1 (untagged)
-     * SignedData<T> = [
+     * SignedData<Data> = [
      *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
      *     unprotected: {},
-     *     payload: bstr .cbor T / nil,
-     *     signature: bstr         ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<T>) /
-     *                             ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<T>)
+     *     payload: bstr .cbor Data / nil,
+     *     signature: bstr      ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<Data>) /
+     *                          ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<Data>)
      * ]
      *
      * ; Sig_structure for SignedData
-     * SignedDataSigStruct<T> = [
+     * SignedDataSigStruct<Data> = [
      *     context: "Signature1",
      *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
      *     external_aad: bstr .size 0,
-     *     payload: bstr .cbor T
+     *     payload: bstr .cbor Data / nil,
      * ]
      *
      * ; UdsCerts allows the platform to provide additional certifications for the UDS_Pub. For

security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl

diff --git a/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl b/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
index 5fe5b00..d0b059d 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl
@@ -29,9 +29,9 @@
     const int CURVE_25519 = 2;
 
     /**
-     * Implementation version of the remotely provisioned component hardware.  The version number is
-     * implementation defined, and not necessarily globally meaningful.  The version is used to
-     * distinguish between different versions of a given implementation.
+     * Implementation version of the remotely provisioned component hardware. The version provided
+     * here must match the version reported in the CsrPayload produced by the HAL interface. This
+     * field primarily acts as a convenience for the system components interacting with the HALs.
      */
     int versionNumber;
 
@@ -43,6 +43,9 @@
     @utf8InCpp String rpcAuthorName;
 
     /**
+     * NOTE: This field is no longer used as of version 3 of the HAL interface. This is because the
+     *       Endpoint Encryption Key is no longer used in the provisioning scheme.
+     *
      * supportedEekCurve returns an int representing which curve is supported for validating
      * signatures over the Endpoint Encryption Key certificate chain and for using the corresponding
      * signed encryption key in ECDH. Only one curve should be supported, with preference for 25519