Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-01 16:50:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

COSE unprotected parameters are a map not a bstr

Browse Source 
As per RFC 8152 section 3, the unprotected parameters in the headers
of COSE objects are just encoded as a map, not as a bstr that contains
the CBOR-encoding of a map.

Test: TreeHugger presubmit
Change-Id: Id4eeb023d3a81ad1398d78d410c8224bf941f9b1
This commit is contained in:
David Drysdale
2021-03-15 14:36:57 +00:00
parent 9d746597e8
commit 31a2b56ca2
7 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
View File

@@ -165,7 +165,7 @@ interface IRemotelyProvisionedComponent {
* protected: bstr .cbor {
* 1 : -8, // Algorithm : EdDSA
* },
* unprotected: bstr .size 0
* unprotected: { },
* payload: bstr .cbor SignatureKey,
* signature: bstr PureEd25519(.cbor SignatureKeySignatureInput)
* ]
@@ -190,7 +190,7 @@ interface IRemotelyProvisionedComponent {
* protected: bstr .cbor {
* 1 : -8, // Algorithm : EdDSA
* },
* unprotected: bstr .size 0
* unprotected: { },
* payload: bstr .cbor Eek,
* signature: bstr PureEd25519(.cbor EekSignatureInput)
* ]
@@ -239,7 +239,7 @@ interface IRemotelyProvisionedComponent {
* protected : bstr .cbor {
* 1 : 5, // Algorithm : HMAC-256
* },
* unprotected : bstr .size 0,
* unprotected : { },
* // Payload is PublicKeys from keysToSign argument, in provided order.
* payload: bstr .cbor [ * PublicKey ],
* tag: bstr

2
security/keymint/aidl/android/hardware/security/keymint/MacedPublicKey.aidl
View File

@@ -29,7 +29,7 @@ parcelable MacedPublicKey {
*
* MacedPublicKey = [ // COSE_Mac0
* protected: bstr .cbor { 1 : 5}, // Algorithm : HMAC-256
* unprotected: bstr .size 0,
* unprotected: { },
* payload : bstr .cbor PublicKey,
* tag : bstr HMAC-256(K_mac, MAC_structure)
* ]

4
security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
View File

@@ -80,7 +80,7 @@ parcelable ProtectedData {
* bstr .cbor { // Protected params
* 1 : -8, // Algorithm : EdDSA
* },
* bstr .size 0, // Unprotected params
* { }, // Unprotected params
* bstr .size 32, // MAC key
* bstr PureEd25519(DK_priv, .cbor SignedMac_structure)
* ]
@@ -127,7 +127,7 @@ parcelable ProtectedData {
* protected: bstr .cbor {
* 1 : -8, // Algorithm : EdDSA
* },
* unprotected: bstr .size 0,
* unprotected: { },
* payload: bstr .cbor BccPayload,
* // First entry in the chain is signed by DK_pub, the others are each signed by their
* // immediate predecessor. See RFC 8032 for signature representation.

2
security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
View File

@@ -156,7 +156,7 @@ StatusOr<bytevec /* pubkeys */> validateAndExtractPubkeys(bool testMode,
}
auto protectedParms = macedKeyItem->asArray()->get(kCoseMac0ProtectedParams)->asBstr();
auto unprotectedParms = macedKeyItem->asArray()->get(kCoseMac0UnprotectedParams)->asBstr();
auto unprotectedParms = macedKeyItem->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
auto payload = macedKeyItem->asArray()->get(kCoseMac0Payload)->asBstr();
auto tag = macedKeyItem->asArray()->get(kCoseMac0Tag)->asBstr();
if (!protectedParms || !unprotectedParms || !payload || !tag) {

12
security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
View File

@@ -97,9 +97,9 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_prodMode) {
ASSERT_NE(protParms, nullptr);
ASSERT_EQ(cppbor::prettyPrint(protParms->value()), "{\n 1 : 5,\n}");
auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asBstr();
auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
ASSERT_NE(unprotParms, nullptr);
ASSERT_EQ(unprotParms->value().size(), 0);
ASSERT_EQ(unprotParms->size(), 0);
auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
ASSERT_NE(payload, nullptr);
@@ -150,9 +150,9 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_testMode) {
ASSERT_NE(protParms, nullptr);
ASSERT_EQ(cppbor::prettyPrint(protParms->value()), "{\n 1 : 5,\n}");
auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asBstr();
auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
ASSERT_NE(unprotParms, nullptr);
ASSERT_EQ(unprotParms->value().size(), 0);
ASSERT_EQ(unprotParms->size(), 0);
auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
ASSERT_NE(payload, nullptr);
@@ -279,7 +279,7 @@ TEST_P(CertificateRequestTest, EmptyRequest_testMode) {
.add(ALGORITHM, HMAC_256)
.canonicalize()
.encode())
.add(cppbor::Bstr()) // unprotected
.add(cppbor::Map()) // unprotected
.add(cppbor::Array().encode()) // payload (keysToSign)
.add(std::move(keysToSignMac)); // tag
@@ -364,7 +364,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_testMode) {
.add(ALGORITHM, HMAC_256)
.canonicalize()
.encode())
.add(cppbor::Bstr()) // unprotected
.add(cppbor::Map()) // unprotected
.add(cborKeysToSign_.encode()) // payload
.add(std::move(keysToSignMac)); // tag

10
security/keymint/support/cppcose.cpp
View File

@@ -85,7 +85,7 @@ ErrMsgOr<cppbor::Array> constructCoseMac0(const bytevec& macKey, const bytevec&
return cppbor::Array()
.add(cppbor::Map().add(ALGORITHM, HMAC_256).canonicalize().encode())
.add(cppbor::Bstr() /* unprotected */)
.add(cppbor::Map() /* unprotected */)
.add(payload)
.add(tag.moveValue());
}
@@ -97,7 +97,7 @@ ErrMsgOr<bytevec /* payload */> parseCoseMac0(const cppbor::Item* macItem) {
}
auto protectedParms = mac->get(kCoseMac0ProtectedParams)->asBstr();
auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asBstr();
auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asMap();
auto payload = mac->get(kCoseMac0Payload)->asBstr();
auto tag = mac->get(kCoseMac0Tag)->asBstr();
if (!protectedParms || !unprotectedParms || !payload || !tag) {
@@ -115,7 +115,7 @@ ErrMsgOr<bytevec /* payload */> verifyAndParseCoseMac0(const cppbor::Item* macIt
}
auto protectedParms = mac->get(kCoseMac0ProtectedParams)->asBstr();
auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asBstr();
auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asMap();
auto payload = mac->get(kCoseMac0Payload)->asBstr();
auto tag = mac->get(kCoseMac0Tag)->asBstr();
if (!protectedParms || !unprotectedParms || !payload || !tag) {
@@ -168,7 +168,7 @@ ErrMsgOr<cppbor::Array> constructCoseSign1(const bytevec& key, cppbor::Map prote
return cppbor::Array()
.add(protParms)
.add(bytevec{} /* unprotected parameters */)
.add(cppbor::Map() /* unprotected parameters */)
.add(payload)
.add(*signature);
}
@@ -185,7 +185,7 @@ ErrMsgOr<bytevec> verifyAndParseCoseSign1(bool ignoreSignature, const cppbor::Ar
}
const cppbor::Bstr* protectedParams = coseSign1->get(kCoseSign1ProtectedParams)->asBstr();
const cppbor::Bstr* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asBstr();
const cppbor::Map* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asMap();
const cppbor::Bstr* payload = coseSign1->get(kCoseSign1Payload)->asBstr();
const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr();

2
security/keymint/support/remote_prov_utils.cpp
View File

@@ -83,7 +83,7 @@ ErrMsgOr<bytevec> verifyAndParseCoseSign1Cwt(bool ignoreSignature, const cppbor:
}
const cppbor::Bstr* protectedParams = coseSign1->get(kCoseSign1ProtectedParams)->asBstr();
const cppbor::Bstr* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asBstr();
const cppbor::Map* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asMap();
const cppbor::Bstr* payload = coseSign1->get(kCoseSign1Payload)->asBstr();
const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr();