Drop minimum RKP challenge size to 16 bytes

The current RKP server produces challenges smaller than 32 bytes. As existing devices in the field may have some length limitations due to this, let's not start sending larger challenges to those devices. Instead, drop the challenge to 16 bytes to maintain compat. There should be plenty of entropy in 16 bytes. Test: n/a Change-Id: I1dfd9b4b06131df907683207e4b6bfb2d1c93d65
2026-02-01 16:50:18 +00:00 · 2023-01-13 15:37:33 -08:00
parent fb373b0613
commit 8a0f18051d
2 changed files with 2 additions and 2 deletions
--- a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
@@ -335,7 +335,7 @@ interface IRemotelyProvisionedComponent {
     *     UdsCerts,
     *     DiceCertChain,
     *     SignedData<[
-     *         challenge: bstr .size (32..64), ; Provided by the method parameters
+     *         challenge: bstr .size (16..64), ; Provided by the method parameters
     *         bstr .cbor T,
     *     ]>,
     * ]
--- a/security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl
@@ -134,7 +134,7 @@ parcelable ProtectedData {
     *     ]
     *
     *     SignedMacAad = [
-     *         challenge : bstr .size (32..64),   ; Size between 32 - 64
+     *         challenge : bstr .size (16..64),   ; Size between 16 - 64
     *                                            ; bytes inclusive
     *         VerifiedDeviceInfo,
     *         tag: bstr                 ; This is the tag from COSE_Mac0 of