Fix CSR format for RKPv3
The data format changed a bit, and the fingerprint needs to be included
at the end of the CSRv3 data. Make sure to include that, else the RKP
server rejects the payload.
Test: run tool + upload output
Test: rkp_factory_extraction_lib_test
Change-Id: I5a13b21e65c64f19b9417a7d1e169710867e7a8f
diff --git a/provisioner/rkp_factory_extraction_lib.cpp b/provisioner/rkp_factory_extraction_lib.cpp
index d85e85f..8db62e6 100644
--- a/provisioner/rkp_factory_extraction_lib.cpp
+++ b/provisioner/rkp_factory_extraction_lib.cpp
@@ -17,6 +17,7 @@
#include "rkp_factory_extraction_lib.h"
#include <aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.h>
+#include <android-base/properties.h>
#include <android/binder_manager.h>
#include <cppbor.h>
#include <cstddef>
@@ -198,6 +199,8 @@
}
CborResult<Array> composeCertificateRequestV3(const std::vector<uint8_t>& csr) {
+ const std::string kFingerprintProp = "ro.build.fingerprint";
+
auto [parsedCsr, _, csrErrMsg] = cppbor::parse(csr);
if (!parsedCsr) {
return {nullptr, csrErrMsg};
@@ -206,6 +209,13 @@
return {nullptr, "CSR is not a CBOR array."};
}
+ if (!::android::base::WaitForPropertyCreation(kFingerprintProp)) {
+ return {nullptr, "Unable to read build fingerprint"};
+ }
+
+ Map unverifiedDeviceInfo =
+ Map().add("fingerprint", ::android::base::GetProperty(kFingerprintProp, /*default=*/""));
+ parsedCsr->asArray()->add(std::move(unverifiedDeviceInfo));
return {std::unique_ptr<Array>(parsedCsr.release()->asArray()), ""};
}