IRemotelyProvisionedComponent returns DeviceInfo

This alters the AIDL interface and underlying functionality to have the component return the DeviceInfo CBOR blob that is used as AAD in verification of a signature over a MAC key. Trying to reconstruct this from userspace is very likely to lead to pain and subtle errors in the future as adoption of this HAL increases, and multiple instances of this HAL may exist on device simultaneously. Test: atest VtsRemotelyProvisionedComponentTests Change-Id: I44bd588586652630ed31a87cfda7e9c01cbf0a2f
author: Max Bires <jbires@google.com> 2021-03-23 12:43:38 -0700
committer: Max Bires <jbires@google.com> 2021-03-24 10:04:23 -0700
commit: fdbb904a0c0994a67e1bf9224325434188ae303d (patch)
tree: 31b8956cf71b7894fd67473f6fd27d1ccf6f114d /security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
parent: dfefe265deaffabce218b875b98ad692629e7992 (diff)
1 files changed, 4 insertions, 3 deletions
diff --git a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
index 749f0bc15a..4dbaa05d54 100644
--- a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
+++ b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
@@ -322,8 +322,8 @@ ScopedAStatus RemotelyProvisionedComponent::generateEcdsaP256KeyPair(bool testMo
 
 ScopedAStatus RemotelyProvisionedComponent::generateCertificateRequest(
         bool testMode, const vector<MacedPublicKey>& keysToSign,
-        const bytevec& endpointEncCertChain, const bytevec& challenge, bytevec* keysToSignMac,
-        ProtectedData* protectedData) {
+        const bytevec& endpointEncCertChain, const bytevec& challenge, DeviceInfo* deviceInfo,
+        ProtectedData* protectedData, bytevec* keysToSignMac) {
     auto pubKeysToSign = validateAndExtractPubkeys(testMode, keysToSign,
                                                    testMode ? remote_prov::kTestMacKey : macKey_);
     if (!pubKeysToSign.isOk()) return pubKeysToSign.moveError();
@@ -343,11 +343,12 @@ ScopedAStatus RemotelyProvisionedComponent::generateCertificateRequest(
         bcc = bcc_.clone();
     }
 
+    deviceInfo->deviceInfo = createDeviceInfo();
     auto signedMac = constructCoseSign1(devicePrivKey /* Signing key */,  //
                                         ephemeralMacKey /* Payload */,
                                         cppbor::Array() /* AAD */
                                                 .add(challenge)
-                                                .add(createDeviceInfo())
+                                                .add(deviceInfo->deviceInfo)
                                                 .encode());
     if (!signedMac) return Status(signedMac.moveMessage());
author	Max Bires <jbires@google.com>	2021-03-23 12:43:38 -0700
committer	Max Bires <jbires@google.com>	2021-03-24 10:04:23 -0700
commit	fdbb904a0c0994a67e1bf9224325434188ae303d (patch)
tree	31b8956cf71b7894fd67473f6fd27d1ccf6f114d /security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
parent	dfefe265deaffabce218b875b98ad692629e7992 (diff)