[attestation] Add the first version of DeviceInfo
For CSRs originating from AVF, device info is currently not
important. To facilitate the parsing of AVF CSRs by the RKP
server, avf fields have been introduced into various entries.
Bug: 301592917
Test: atest rialto_test
Change-Id: I306683e8a2fdcc637e3798755bfa0aa4889bd7e3
diff --git a/service_vm/requests/src/rkp.rs b/service_vm/requests/src/rkp.rs
index 9901a92..569ab01 100644
--- a/service_vm/requests/src/rkp.rs
+++ b/service_vm/requests/src/rkp.rs
@@ -76,13 +76,10 @@
public_keys.push(public_key.to_cbor_value()?);
}
// Builds `CsrPayload`.
- // TODO(b/299256925): The device information is currently empty as we do not
- // have sufficient details to include.
- let device_info = Value::Map(Vec::new());
let csr_payload = cbor!([
Value::Integer(CSR_PAYLOAD_SCHEMA_V3.into()),
Value::Text(String::from(CERTIFICATE_TYPE)),
- device_info,
+ device_info(),
Value::Array(public_keys),
])?;
let csr_payload = cbor_util::serialize(&csr_payload)?;
@@ -107,6 +104,22 @@
Ok(cbor_util::serialize(&auth_req)?)
}
+/// Generates the device info required by the RKP server as a temporary placeholder.
+/// More details in b/301592917.
+fn device_info() -> Value {
+ cbor!({"brand" => "aosp-avf",
+ "manufacturer" => "aosp-avf",
+ "product" => "avf",
+ "model" => "avf",
+ "device" => "avf",
+ "vbmeta_digest" => Value::Bytes(vec![0u8; 0]),
+ "system_patch_level" => 202402,
+ "boot_patch_level" => 20240202,
+ "vendor_patch_level" => 20240202,
+ "fused" => 1})
+ .unwrap()
+}
+
fn derive_hmac_key(dice_artifacts: &dyn DiceArtifacts) -> Result<Zeroizing<[u8; HMAC_KEY_LENGTH]>> {
let mut key = Zeroizing::new([0u8; HMAC_KEY_LENGTH]);
kdf(dice_artifacts.cdi_seal(), &HMAC_KEY_SALT, HMAC_KEY_INFO, key.as_mut()).map_err(|e| {