diff --git a/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
index 1b09e9dfb7..327e4a1e5d 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
@@ -165,7 +165,7 @@ interface IRemotelyProvisionedComponent {
* protected: bstr .cbor {
* 1 : -8, // Algorithm : EdDSA
* },
- * unprotected: bstr .size 0
+ * unprotected: { },
* payload: bstr .cbor SignatureKey,
* signature: bstr PureEd25519(.cbor SignatureKeySignatureInput)
* ]
@@ -190,7 +190,7 @@ interface IRemotelyProvisionedComponent {
* protected: bstr .cbor {
* 1 : -8, // Algorithm : EdDSA
* },
- * unprotected: bstr .size 0
+ * unprotected: { },
* payload: bstr .cbor Eek,
* signature: bstr PureEd25519(.cbor EekSignatureInput)
* ]
@@ -239,7 +239,7 @@ interface IRemotelyProvisionedComponent {
* protected : bstr .cbor {
* 1 : 5, // Algorithm : HMAC-256
* },
- * unprotected : bstr .size 0,
+ * unprotected : { },
* // Payload is PublicKeys from keysToSign argument, in provided order.
* payload: bstr .cbor [ * PublicKey ],
* tag: bstr
diff --git a/security/keymint/aidl/android/hardware/security/keymint/MacedPublicKey.aidl b/security/keymint/aidl/android/hardware/security/keymint/MacedPublicKey.aidl
index da85a5048f..cb5492dc48 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/MacedPublicKey.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/MacedPublicKey.aidl
@@ -29,7 +29,7 @@ parcelable MacedPublicKey {
*
* MacedPublicKey = [ // COSE_Mac0
* protected: bstr .cbor { 1 : 5}, // Algorithm : HMAC-256
- * unprotected: bstr .size 0,
+ * unprotected: { },
* payload : bstr .cbor PublicKey,
* tag : bstr HMAC-256(K_mac, MAC_structure)
* ]
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
index 1ec3bf0718..438505ebec 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
@@ -80,7 +80,7 @@ parcelable ProtectedData {
* bstr .cbor { // Protected params
* 1 : -8, // Algorithm : EdDSA
* },
- * bstr .size 0, // Unprotected params
+ * { }, // Unprotected params
* bstr .size 32, // MAC key
* bstr PureEd25519(DK_priv, .cbor SignedMac_structure)
* ]
@@ -127,7 +127,7 @@ parcelable ProtectedData {
* protected: bstr .cbor {
* 1 : -8, // Algorithm : EdDSA
* },
- * unprotected: bstr .size 0,
+ * unprotected: { },
* payload: bstr .cbor BccPayload,
* // First entry in the chain is signed by DK_pub, the others are each signed by their
* // immediate predecessor. See RFC 8032 for signature representation.
diff --git a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
index 2373b2682b..749f0bc15a 100644
--- a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
+++ b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
@@ -156,7 +156,7 @@ StatusOr validateAndExtractPubkeys(bool testMode,
}
auto protectedParms = macedKeyItem->asArray()->get(kCoseMac0ProtectedParams)->asBstr();
- auto unprotectedParms = macedKeyItem->asArray()->get(kCoseMac0UnprotectedParams)->asBstr();
+ auto unprotectedParms = macedKeyItem->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
auto payload = macedKeyItem->asArray()->get(kCoseMac0Payload)->asBstr();
auto tag = macedKeyItem->asArray()->get(kCoseMac0Tag)->asBstr();
if (!protectedParms || !unprotectedParms || !payload || !tag) {
diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index db53a8f8fa..50e6cceb4c 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -97,9 +97,9 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_prodMode) {
ASSERT_NE(protParms, nullptr);
ASSERT_EQ(cppbor::prettyPrint(protParms->value()), "{\n 1 : 5,\n}");
- auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asBstr();
+ auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
ASSERT_NE(unprotParms, nullptr);
- ASSERT_EQ(unprotParms->value().size(), 0);
+ ASSERT_EQ(unprotParms->size(), 0);
auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
ASSERT_NE(payload, nullptr);
@@ -150,9 +150,9 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_testMode) {
ASSERT_NE(protParms, nullptr);
ASSERT_EQ(cppbor::prettyPrint(protParms->value()), "{\n 1 : 5,\n}");
- auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asBstr();
+ auto unprotParms = coseMac0->asArray()->get(kCoseMac0UnprotectedParams)->asMap();
ASSERT_NE(unprotParms, nullptr);
- ASSERT_EQ(unprotParms->value().size(), 0);
+ ASSERT_EQ(unprotParms->size(), 0);
auto payload = coseMac0->asArray()->get(kCoseMac0Payload)->asBstr();
ASSERT_NE(payload, nullptr);
@@ -279,7 +279,7 @@ TEST_P(CertificateRequestTest, EmptyRequest_testMode) {
.add(ALGORITHM, HMAC_256)
.canonicalize()
.encode())
- .add(cppbor::Bstr()) // unprotected
+ .add(cppbor::Map()) // unprotected
.add(cppbor::Array().encode()) // payload (keysToSign)
.add(std::move(keysToSignMac)); // tag
@@ -364,7 +364,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_testMode) {
.add(ALGORITHM, HMAC_256)
.canonicalize()
.encode())
- .add(cppbor::Bstr()) // unprotected
+ .add(cppbor::Map()) // unprotected
.add(cborKeysToSign_.encode()) // payload
.add(std::move(keysToSignMac)); // tag
diff --git a/security/keymint/support/cppcose.cpp b/security/keymint/support/cppcose.cpp
index c626adeccb..bafb2b6bc9 100644
--- a/security/keymint/support/cppcose.cpp
+++ b/security/keymint/support/cppcose.cpp
@@ -85,7 +85,7 @@ ErrMsgOr constructCoseMac0(const bytevec& macKey, const bytevec&
return cppbor::Array()
.add(cppbor::Map().add(ALGORITHM, HMAC_256).canonicalize().encode())
- .add(cppbor::Bstr() /* unprotected */)
+ .add(cppbor::Map() /* unprotected */)
.add(payload)
.add(tag.moveValue());
}
@@ -97,7 +97,7 @@ ErrMsgOr parseCoseMac0(const cppbor::Item* macItem) {
}
auto protectedParms = mac->get(kCoseMac0ProtectedParams)->asBstr();
- auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asBstr();
+ auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asMap();
auto payload = mac->get(kCoseMac0Payload)->asBstr();
auto tag = mac->get(kCoseMac0Tag)->asBstr();
if (!protectedParms || !unprotectedParms || !payload || !tag) {
@@ -115,7 +115,7 @@ ErrMsgOr verifyAndParseCoseMac0(const cppbor::Item* macIt
}
auto protectedParms = mac->get(kCoseMac0ProtectedParams)->asBstr();
- auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asBstr();
+ auto unprotectedParms = mac->get(kCoseMac0UnprotectedParams)->asMap();
auto payload = mac->get(kCoseMac0Payload)->asBstr();
auto tag = mac->get(kCoseMac0Tag)->asBstr();
if (!protectedParms || !unprotectedParms || !payload || !tag) {
@@ -168,7 +168,7 @@ ErrMsgOr constructCoseSign1(const bytevec& key, cppbor::Map prote
return cppbor::Array()
.add(protParms)
- .add(bytevec{} /* unprotected parameters */)
+ .add(cppbor::Map() /* unprotected parameters */)
.add(payload)
.add(*signature);
}
@@ -185,7 +185,7 @@ ErrMsgOr verifyAndParseCoseSign1(bool ignoreSignature, const cppbor::Ar
}
const cppbor::Bstr* protectedParams = coseSign1->get(kCoseSign1ProtectedParams)->asBstr();
- const cppbor::Bstr* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asBstr();
+ const cppbor::Map* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asMap();
const cppbor::Bstr* payload = coseSign1->get(kCoseSign1Payload)->asBstr();
const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr();
diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp
index 111cb309b0..3e4f3f750e 100644
--- a/security/keymint/support/remote_prov_utils.cpp
+++ b/security/keymint/support/remote_prov_utils.cpp
@@ -83,7 +83,7 @@ ErrMsgOr verifyAndParseCoseSign1Cwt(bool ignoreSignature, const cppbor:
}
const cppbor::Bstr* protectedParams = coseSign1->get(kCoseSign1ProtectedParams)->asBstr();
- const cppbor::Bstr* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asBstr();
+ const cppbor::Map* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asMap();
const cppbor::Bstr* payload = coseSign1->get(kCoseSign1Payload)->asBstr();
const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr();