diff --git a/security/rkp/CHANGELOG.md b/security/rkp/CHANGELOG.md index 29b1a1c9bd..c3e36091d7 100644 --- a/security/rkp/CHANGELOG.md +++ b/security/rkp/CHANGELOG.md @@ -27,7 +27,7 @@ This document provides an exact description of which changes have occurred in th `"android.hardward.security.keymint"`). * ProtectedData has been removed. * DeviceInfo - * `version` has moved to a top-level field within the CSR generated by the HAL + * `version` has moved to a top-level field within the CSR generated by the HAL. * IRemotelyProvisionedComponent * The need for an EEK has been removed. There is no longer an encrypted portion of the CSR. * Test mode has been removed. @@ -36,5 +36,10 @@ This document provides an exact description of which changes have occurred in th * the chain of signing, MACing, and encryption operations has been replaced with a single COSE_Sign1 object. * CertificateType has been added to identify the type of certificate being requested. + * The structure has been composed to enable a clear split between what is required to validate a + payload and the implementation-defined payload itself. This is done by creating a typed + `AuthenticatedRequest` object representing the top level data required to authenticate + the data provided in the payload, `T`. * RpcHardwareInfo * `supportedNumKeysInCsr` added to report the maximum number of keys supported in a CSR. + * `supportedEekCurve` is no longer used, due to the removal of the EEK from the scheme. diff --git a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl index 78969d1d32..2fc780c38e 100644 --- a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl +++ b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl @@ -345,20 +345,20 @@ interface IRemotelyProvisionedComponent { * ] * * ; COSE_Sign1 (untagged) - * SignedData = [ + * SignedData = [ * protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 }, * unprotected: {}, - * payload: bstr .cbor T / nil, - * signature: bstr ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct) / - * ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct) + * payload: bstr .cbor Data / nil, + * signature: bstr ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct) / + * ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct) * ] * * ; Sig_structure for SignedData - * SignedDataSigStruct = [ + * SignedDataSigStruct = [ * context: "Signature1", * protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 }, * external_aad: bstr .size 0, - * payload: bstr .cbor T + * payload: bstr .cbor Data / nil, * ] * * ; UdsCerts allows the platform to provide additional certifications for the UDS_Pub. For diff --git a/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl b/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl index 5fe5b00b89..d0b059dc6b 100644 --- a/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl +++ b/security/rkp/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl @@ -29,9 +29,9 @@ parcelable RpcHardwareInfo { const int CURVE_25519 = 2; /** - * Implementation version of the remotely provisioned component hardware. The version number is - * implementation defined, and not necessarily globally meaningful. The version is used to - * distinguish between different versions of a given implementation. + * Implementation version of the remotely provisioned component hardware. The version provided + * here must match the version reported in the CsrPayload produced by the HAL interface. This + * field primarily acts as a convenience for the system components interacting with the HALs. */ int versionNumber; @@ -43,6 +43,9 @@ parcelable RpcHardwareInfo { @utf8InCpp String rpcAuthorName; /** + * NOTE: This field is no longer used as of version 3 of the HAL interface. This is because the + * Endpoint Encryption Key is no longer used in the provisioning scheme. + * * supportedEekCurve returns an int representing which curve is supported for validating * signatures over the Endpoint Encryption Key certificate chain and for using the corresponding * signed encryption key in ECDH. Only one curve should be supported, with preference for 25519