Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8a0f1805 authored by Seth Moore's avatar Seth Moore
Browse files

Drop minimum RKP challenge size to 16 bytes 

The current RKP server produces challenges smaller than 32 bytes.
As existing devices in the field may have some length limitations
due to this, let's not start sending larger challenges to those
devices. Instead, drop the challenge to 16 bytes to maintain compat.
There should be plenty of entropy in 16 bytes.

Test: n/a
Change-Id: I1dfd9b4b06131df907683207e4b6bfb2d1c93d65
parent fb373b06

security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

+1 −1
Original line number Diff line number Diff line
@@ -335,7 +335,7 @@ interface IRemotelyProvisionedComponent { 
     *     UdsCerts,

     *     DiceCertChain,

     *     SignedData<[

     *         challenge: bstr .size (32..64), ; Provided by the method parameters

     *         challenge: bstr .size (16..64), ; Provided by the method parameters

     *         bstr .cbor T,

     *     ]>,

     * ]

security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl

+1 −1
Original line number Diff line number Diff line
@@ -134,7 +134,7 @@ parcelable ProtectedData { 
     *     ]

     *

     *     SignedMacAad = [

     *         challenge : bstr .size (32..64),   ; Size between 32 - 64

     *         challenge : bstr .size (16..64),   ; Size between 16 - 64

     *                                            ; bytes inclusive

     *         VerifiedDeviceInfo,

     *         tag: bstr                 ; This is the tag from COSE_Mac0 of