Generalize RKP CDDL schema beyond CSRs The certificate signing request (CSR) CDDL schema comprises and authentication wrapper and an inner payload containing details of the request. Seperate these two parts more clearly in the schema with a view to reusing the authentication wrapper for other messages. The change of Csr to be defined in terms of the AuthenticatedMessage generic type has no effective change on the schema. A version field is added to CsrPayload, formerly SignedDataPayload, so that the AuthenticatedMessage and CsrPayload schemas can evolve independently. The cert_type field of DeviceInfo is moved up a level into CsrPayload. This means DeviceInfo only contains device information and not other fields related to the CSR. The payload of AuthenticatedMessage is not self-describing. The expected schema of the payload will be inferred from context, for example the server endpoint the message is sent to. Bug: 250910137 Test: n/a - comments only Change-Id: I2c981ec8fe63995779ce119168ad3d9b40d5b8c5

commit: bff2cae4f80b85d541c265e411220057fbf51e31 [log] [tgz]
author: Andrew Scull <ascull@google.com> Tue Oct 04 16:36:34 2022 +0000
committer: Andrew Scull <ascull@google.com> Wed Oct 05 10:00:52 2022 +0000
tree: eda3c3ff9aab12b762a7f9dca4a0d4acbe647c44
parent: 6e69625012278a55a8f3cc648f0c7c98185f189d [diff]
diff --git a/security/keymint/RKP_CHANGELOG.md b/security/keymint/RKP_CHANGELOG.md
index dfcc938..243fc26 100644
--- a/security/keymint/RKP_CHANGELOG.md
+++ b/security/keymint/RKP_CHANGELOG.md

@@ -21,13 +21,13 @@
 ## IRemotelyProvisionedComponent 2 -> 3
 * ProtectedData has been removed.
 * DeviceInfo
-  * `cert_type` has been added, with values corresponding to `widevine` or `keymint`
   * `version` has moved to a top-level field within the CSR generated by the HAL
 * IRemotelyProvisionedComponent
   * The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.
   * Test mode has been removed.
   * The schema for the CSR itself has been significantly simplified, please see
-    IRemotelyProvisionedComponent.aidl for more details.
-    * Notably, the chain of signing, MACing, and encryption operations has been replaced with a single
+    IRemotelyProvisionedComponent.aidl for more details. Notably,
+    * the chain of signing, MACing, and encryption operations has been replaced with a single
       COSE_Sign1 object.
+    * CertificateType has been added to identify the type of certificate being requested.
 

diff --git a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
index 6854851..f0af619 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl

@@ -49,16 +49,7 @@
      *         "security_level" : "tee" / "strongbox",
      *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC
      *                          ; implementation is contained in. 0 otherwise.
-     *         "cert_type": CertificateType;
      *     }
-     *
-     *     ; A tstr identifying the type of certificate. The set of supported certificate types may
-     *     ; be extended without requiring a version bump of the HAL. Custom certificate types may
-     *     ; be used, but the provisioning server may reject the request for an unknown certificate
-     *     ; type. The currently defined certificate types are:
-     *     ;  - "widevine"
-     *     ;  - "keymint"
-     *     CertificateType = tstr
      */
     byte[] deviceInfo;
 }

diff --git a/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
index 3f1f2f7..3b2a8c3 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

@@ -315,38 +315,50 @@
      *
      * @return the following CBOR Certificate Signing Request (Csr) serialized into a byte array:
      *
-     * Csr = [
-     *    version: 3,              ; The CDDL Schema version.
-     *    UdsCerts,
-     *    DiceCertChain,
-     *    SignedData
-     * ]
+     * Csr = AuthenticatedMessage<CsrPayload>
      *
-     * ; COSE_Sign1 (untagged)
-     * SignedData = [
-     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
-     *     unprotected: {},
-     *     payload: bstr .cbor SignedDataPayload,
-     *     signature: bstr            ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct) /
-     *                                ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct)
-     * ]
-     *
-     * ; Sig_structure for SignedData
-     * SignedDataSigStruct = [
-     *     context: "Signature1",
-     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
-     *     external_aad: bstr .size 0,
-     *     payload: bstr .cbor SignedDataPayload
-     * ]
-     *
-     * SignedDataPayload = [               ; CBOR Array defining the payload for SignedData
+     * CsrPayload = [                      ; CBOR Array defining the payload for Csr
+     *     version: 1,                     ; The CsrPayload CDDL Schema version.
+     *     CertificateType,                ; The type of certificate being requested.
      *     DeviceInfo,                     ; Defined in DeviceInfo.aidl
      *     challenge: bstr .size (32..64), ; Provided by the method parameters
      *     KeysToSign,                     ; Provided by the method parameters
      * ]
      *
+     *  ; A tstr identifying the type of certificate. The set of supported certificate types may
+     *  ; be extended without requiring a version bump of the HAL. Custom certificate types may
+     *  ; be used, but the provisioning server may reject the request for an unknown certificate
+     *  ; type. The currently defined certificate types are:
+     *  ;  - "widevine"
+     *  ;  - "keymint"
+     *  CertificateType = tstr
+     *
      * KeysToSign = [ * PublicKey ]   ; Please see MacedPublicKey.aidl for the PublicKey definition.
      *
+     * AuthenticatedMessage<T> = [
+     *    version: 3,              ; The AuthenticatedMessage CDDL Schema version.
+     *    UdsCerts,
+     *    DiceCertChain,
+     *    SignedData<T>,
+     * ]
+     *
+     * ; COSE_Sign1 (untagged)
+     * SignedData<T> = [
+     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
+     *     unprotected: {},
+     *     payload: bstr .cbor T / nil,
+     *     signature: bstr         ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<T>) /
+     *                             ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<T>)
+     * ]
+     *
+     * ; Sig_structure for SignedData
+     * SignedDataSigStruct<T> = [
+     *     context: "Signature1",
+     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
+     *     external_aad: bstr .size 0,
+     *     payload: bstr .cbor T
+     * ]
+     *
      * ; UdsCerts allows the platform to provide additional certifications for the UDS_Pub. For
      * ; example, this could be provided by the hardware vendor, who certifies all of their chips.
      * ; The SignerName is a free-form string describing who generated the signature. The root
commit	bff2cae4f80b85d541c265e411220057fbf51e31	[log] [tgz]
author	Andrew Scull <ascull@google.com>	Tue Oct 04 16:36:34 2022 +0000
committer	Andrew Scull <ascull@google.com>	Wed Oct 05 10:00:52 2022 +0000
tree	eda3c3ff9aab12b762a7f9dca4a0d4acbe647c44
parent	6e69625012278a55a8f3cc648f0c7c98185f189d [diff]