diff options
| author | David Drysdale <drysdale@google.com> | 2021-03-31 16:14:31 +0100 |
|---|---|---|
| committer | David Drysdale <drysdale@google.com> | 2021-03-31 18:08:59 +0100 |
| commit | f6fc5a63363d94e2ac2f3460ad852e0c737c9b1e (patch) | |
| tree | 6a3dd25313e474f27f4b492fcc05103947872933 /security/keymint/aidl/default/RemotelyProvisionedComponent.cpp | |
| parent | b39baeaa928e645cc6bc15498119caf8f853df81 (diff) | |
Fix DeviceInfo encoding and checks
- Make the default implementation include the DeviceInfo as a map, not
a bstr-holding-a-map, to match the spec.
- Check the signature of the signed MAC even in test mode.
- Include the DeviceInfo in the data that the signature covers.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I9084343c1273c16a9cbd5a1156e7057a1c54a860
Diffstat (limited to 'security/keymint/aidl/default/RemotelyProvisionedComponent.cpp')
| -rw-r--r-- | security/keymint/aidl/default/RemotelyProvisionedComponent.cpp | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp index ca06abc48e..5b027292fe 100644 --- a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp +++ b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp @@ -358,12 +358,13 @@ ScopedAStatus RemotelyProvisionedComponent::generateCertificateRequest( bcc = bcc_.clone(); } - deviceInfo->deviceInfo = createDeviceInfo(); + std::unique_ptr<cppbor::Map> deviceInfoMap = createDeviceInfo(); + deviceInfo->deviceInfo = deviceInfoMap->encode(); auto signedMac = constructCoseSign1(devicePrivKey /* Signing key */, // ephemeralMacKey /* Payload */, cppbor::Array() /* AAD */ .add(challenge) - .add(deviceInfo->deviceInfo) + .add(std::move(deviceInfoMap)) .encode()); if (!signedMac) return Status(signedMac.moveMessage()); @@ -409,8 +410,24 @@ bytevec RemotelyProvisionedComponent::deriveBytesFromHbk(const string& context, return result; } -bytevec RemotelyProvisionedComponent::createDeviceInfo() const { - return cppbor::Map().encode(); +std::unique_ptr<cppbor::Map> RemotelyProvisionedComponent::createDeviceInfo() const { + auto result = std::make_unique<cppbor::Map>(cppbor::Map()); + + // The following placeholders show how the DeviceInfo map would be populated. + // result->add(cppbor::Tstr("brand"), cppbor::Tstr("Google")); + // result->add(cppbor::Tstr("manufacturer"), cppbor::Tstr("Google")); + // result->add(cppbor::Tstr("product"), cppbor::Tstr("Fake")); + // result->add(cppbor::Tstr("model"), cppbor::Tstr("Imaginary")); + // result->add(cppbor::Tstr("board"), cppbor::Tstr("Chess")); + // result->add(cppbor::Tstr("vb_state"), cppbor::Tstr("orange")); + // result->add(cppbor::Tstr("bootloader_state"), cppbor::Tstr("unlocked")); + // result->add(cppbor::Tstr("os_version"), cppbor::Tstr("SC")); + // result->add(cppbor::Tstr("system_patch_level"), cppbor::Uint(20210331)); + // result->add(cppbor::Tstr("boot_patch_level"), cppbor::Uint(20210331)); + // result->add(cppbor::Tstr("vendor_patch_level"), cppbor::Uint(20210331)); + + result->canonicalize(); + return result; } std::pair<bytevec /* privKey */, cppbor::Array /* BCC */> |