Merge "COSE unprotected parameters are a map not a bstr" am: 72ca1d2a40 am: ae5a2b8454 (7503f1c8) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

+3 −3

Original line number	Diff line number	Diff line
		@@ -165,7 +165,7 @@ interface IRemotelyProvisionedComponent {
		* protected: bstr .cbor {
		* 1 : -8, // Algorithm : EdDSA
		* },
		* unprotected: bstr .size 0
		* unprotected: { },
		* payload: bstr .cbor SignatureKey,
		* signature: bstr PureEd25519(.cbor SignatureKeySignatureInput)
		* ]
		@@ -190,7 +190,7 @@ interface IRemotelyProvisionedComponent {
		* protected: bstr .cbor {
		* 1 : -8, // Algorithm : EdDSA
		* },
		* unprotected: bstr .size 0
		* unprotected: { },
		* payload: bstr .cbor Eek,
		* signature: bstr PureEd25519(.cbor EekSignatureInput)
		* ]
		@@ -239,7 +239,7 @@ interface IRemotelyProvisionedComponent {
		* protected : bstr .cbor {
		* 1 : 5, // Algorithm : HMAC-256
		* },
		* unprotected : bstr .size 0,
		* unprotected : { },
		* // Payload is PublicKeys from keysToSign argument, in provided order.
		* payload: bstr .cbor [ * PublicKey ],
		* tag: bstr

security/keymint/aidl/android/hardware/security/keymint/MacedPublicKey.aidl

+1 −1

Original line number	Diff line number	Diff line
		@@ -29,7 +29,7 @@ parcelable MacedPublicKey {
		*
		* MacedPublicKey = [ // COSE_Mac0
		* protected: bstr .cbor { 1 : 5}, // Algorithm : HMAC-256
		* unprotected: bstr .size 0,
		* unprotected: { },
		* payload : bstr .cbor PublicKey,
		* tag : bstr HMAC-256(K_mac, MAC_structure)
		* ]

security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl

+2 −2

Original line number	Diff line number	Diff line
		@@ -80,7 +80,7 @@ parcelable ProtectedData {
		* bstr .cbor { // Protected params
		* 1 : -8, // Algorithm : EdDSA
		* },
		* bstr .size 0, // Unprotected params
		* { }, // Unprotected params
		* bstr .size 32, // MAC key
		* bstr PureEd25519(DK_priv, .cbor SignedMac_structure)
		* ]
		@@ -127,7 +127,7 @@ parcelable ProtectedData {
		* protected: bstr .cbor {
		* 1 : -8, // Algorithm : EdDSA
		* },
		* unprotected: bstr .size 0,
		* unprotected: { },
		* payload: bstr .cbor BccPayload,
		* // First entry in the chain is signed by DK_pub, the others are each signed by their
		* // immediate predecessor. See RFC 8032 for signature representation.

security/keymint/aidl/default/RemotelyProvisionedComponent.cpp

+1 −1

Original line number	Diff line number	Diff line
		@@ -156,7 +156,7 @@ StatusOr<bytevec /* pubkeys */> validateAndExtractPubkeys(bool testMode,
		}

		auto protectedParms = macedKeyItem->asArray()->get(kCoseMac0ProtectedParams)->asBstr();
		auto unprotectedParms = macedKeyItem->asArray()->get(kCoseMac0UnprotectedParams)->asBstr();
		auto unprotectedParms = macedKeyItem->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
		auto payload = macedKeyItem->asArray()->get(kCoseMac0Payload)->asBstr();
		auto tag = macedKeyItem->asArray()->get(kCoseMac0Tag)->asBstr();
		if (!protectedParms \|\| !unprotectedParms \|\| !payload \|\| !tag) {

security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp

+6 −6

Original line number	Diff line number	Diff line
		@@ -97,9 +97,9 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_prodMode) {
		ASSERT_NE(protParms, nullptr);
		ASSERT_EQ(cppbor::prettyPrint(protParms->value()), "{\n 1 : 5,\n}");

		auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asBstr();
		auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
		ASSERT_NE(unprotParms, nullptr);
		ASSERT_EQ(unprotParms->value().size(), 0);
		ASSERT_EQ(unprotParms->size(), 0);

		auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
		ASSERT_NE(payload, nullptr);
		@@ -150,9 +150,9 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_testMode) {
		ASSERT_NE(protParms, nullptr);
		ASSERT_EQ(cppbor::prettyPrint(protParms->value()), "{\n 1 : 5,\n}");

		auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asBstr();
		auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
		ASSERT_NE(unprotParms, nullptr);
		ASSERT_EQ(unprotParms->value().size(), 0);
		ASSERT_EQ(unprotParms->size(), 0);

		auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
		ASSERT_NE(payload, nullptr);
		@@ -279,7 +279,7 @@ TEST_P(CertificateRequestTest, EmptyRequest_testMode) {
		.add(ALGORITHM, HMAC_256)
		.canonicalize()
		.encode())
		.add(cppbor::Bstr()) // unprotected
		.add(cppbor::Map()) // unprotected
		.add(cppbor::Array().encode()) // payload (keysToSign)
		.add(std::move(keysToSignMac)); // tag

		@@ -364,7 +364,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_testMode) {
		.add(ALGORITHM, HMAC_256)
		.canonicalize()
		.encode())
		.add(cppbor::Bstr()) // unprotected
		.add(cppbor::Map()) // unprotected
		.add(cborKeysToSign_.encode()) // payload
		.add(std::move(keysToSignMac)); // tag