Merge "Generalize RKP CDDL schema beyond CSRs" am: ff8f1d6e

## IRemotelyProvisionedComponent 2 -> 3

* ProtectedData has been removed.

* DeviceInfo

  * `cert_type` has been added, with values corresponding to `widevine` or `keymint`

  * `version` has moved to a top-level field within the CSR generated by the HAL

* IRemotelyProvisionedComponent

  * The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.

  * Test mode has been removed.

  * The schema for the CSR itself has been significantly simplified, please see

    IRemotelyProvisionedComponent.aidl for more details.

    * Notably, the chain of signing, MACing, and encryption operations has been replaced with a single

    IRemotelyProvisionedComponent.aidl for more details. Notably,

    * the chain of signing, MACing, and encryption operations has been replaced with a single

      COSE_Sign1 object.

    * CertificateType has been added to identify the type of certificate being requested.

     *         "security_level" : "tee" / "strongbox",

     *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC

     *                          ; implementation is contained in. 0 otherwise.

     *         "cert_type": CertificateType;

     *     }

     *

     *     ; A tstr identifying the type of certificate. The set of supported certificate types may

     *     ; be extended without requiring a version bump of the HAL. Custom certificate types may

     *     ; be used, but the provisioning server may reject the request for an unknown certificate

     *     ; type. The currently defined certificate types are:

     *     ;  - "widevine"

     *     ;  - "keymint"

     *     CertificateType = tstr

     */

    byte[] deviceInfo;

}

     *

     * @return the following CBOR Certificate Signing Request (Csr) serialized into a byte array:

     *

     * Csr = [

     *    version: 3,              ; The CDDL Schema version.

     * Csr = AuthenticatedMessage<CsrPayload>

     *

     * CsrPayload = [                      ; CBOR Array defining the payload for Csr

     *     version: 1,                     ; The CsrPayload CDDL Schema version.

     *     CertificateType,                ; The type of certificate being requested.

     *     DeviceInfo,                     ; Defined in DeviceInfo.aidl

     *     challenge: bstr .size (32..64), ; Provided by the method parameters

     *     KeysToSign,                     ; Provided by the method parameters

     * ]

     *

     *  ; A tstr identifying the type of certificate. The set of supported certificate types may

     *  ; be extended without requiring a version bump of the HAL. Custom certificate types may

     *  ; be used, but the provisioning server may reject the request for an unknown certificate

     *  ; type. The currently defined certificate types are:

     *  ;  - "widevine"

     *  ;  - "keymint"

     *  CertificateType = tstr

     *

     * KeysToSign = [ * PublicKey ]   ; Please see MacedPublicKey.aidl for the PublicKey definition.

     *

     * AuthenticatedMessage<T> = [

     *    version: 3,              ; The AuthenticatedMessage CDDL Schema version.

     *    UdsCerts,

     *    DiceCertChain,

     *    SignedData

     *    SignedData<T>,

     * ]

     *

     * ; COSE_Sign1 (untagged)

     * SignedData = [

     * SignedData<T> = [

     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },

     *     unprotected: {},

     *     payload: bstr .cbor SignedDataPayload,

     *     signature: bstr            ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct) /

     *                                ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct)

     *     payload: bstr .cbor T / nil,

     *     signature: bstr         ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<T>) /

     *                             ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<T>)

     * ]

     *

     * ; Sig_structure for SignedData

     * SignedDataSigStruct = [

     * SignedDataSigStruct<T> = [

     *     context: "Signature1",

     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },

     *     external_aad: bstr .size 0,

     *     payload: bstr .cbor SignedDataPayload

     * ]

     *

     * SignedDataPayload = [               ; CBOR Array defining the payload for SignedData

     *     DeviceInfo,                     ; Defined in DeviceInfo.aidl

     *     challenge: bstr .size (32..64), ; Provided by the method parameters

     *     KeysToSign,                     ; Provided by the method parameters

     *     payload: bstr .cbor T

     * ]

     *

     * KeysToSign = [ * PublicKey ]   ; Please see MacedPublicKey.aidl for the PublicKey definition.

     *

     * ; UdsCerts allows the platform to provide additional certifications for the UDS_Pub. For

     * ; example, this could be provided by the hardware vendor, who certifies all of their chips.

     * ; The SignerName is a free-form string describing who generated the signature. The root