commit fc0dbfee704e95ae87f9020caa11ae3e0d841a51
author Shikha Panwar <shikhapanwar@google.com> Thu Jan 11 14:24:14 2024 +0000
committer Shikha Panwar <shikhapanwar@google.com> Fri Jan 12 06:32:08 2024 +0000
tree 97a7d7bb0775301c71468c11cb916ca664108928
parent 23776d5001db746b84da19e5df4c08add4b19b16

InitialPayload of ExplicitKeyDiceCertChain

Change the spec for DiceCertChainInitialPayload, removing the map &
directly equating it to bstr .cbor PubKey. Also mandate it to stick to
Core Deterministic Encoding Requirements. The deterministic encoding is
essential to ensure DicePolicies can be applied on the root key.

Test: Builds
Bug: 319613231
Change-Id: I5e12ecbcbae84ae608d784a12f8ae4afc49b5a9d

security/authgraph/aidl/android/hardware/security/authgraph/ExplicitKeyDiceCertChain.cddl

diff --git a/security/authgraph/aidl/android/hardware/security/authgraph/ExplicitKeyDiceCertChain.cddl b/security/authgraph/aidl/android/hardware/security/authgraph/ExplicitKeyDiceCertChain.cddl
index 3de5617..2d6c696 100644
--- a/security/authgraph/aidl/android/hardware/security/authgraph/ExplicitKeyDiceCertChain.cddl
+++ b/security/authgraph/aidl/android/hardware/security/authgraph/ExplicitKeyDiceCertChain.cddl
@@ -19,11 +19,10 @@
     * DiceChainEntry
 ]
 
-DiceCertChainInitialPayload = {
-    -4670552 : bstr .cbor PubKeyEd25519 /
-               bstr .cbor PubKeyECDSA256 /
-               bstr .cbor PubKeyECDSA384 ; subjectPublicKey
-}
+; Encoded in accordance with Core Deterministic Encoding Requirements [RFC 8949 s4.2.1]
+DiceCertChainInitialPayload = bstr .cbor PubKeyEd25519
+                            / bstr .cbor PubKeyECDSA256
+                            / bstr .cbor PubKeyECDSA384 ; subjectPublicKey
 
 ; INCLUDE generateCertificateRequestV2.cddl for: PubKeyEd25519, PubKeyECDSA256, PubKeyECDSA384,
 ;                                                DiceChainEntry