From 8a0f18051d880fc8dc8181faf051e2442d45535e Mon Sep 17 00:00:00 2001
From: Seth Moore <sethmo@google.com>
Date: Fri, 13 Jan 2023 15:37:33 -0800
Subject: [PATCH] Drop minimum RKP challenge size to 16 bytes

The current RKP server produces challenges smaller than 32 bytes.
As existing devices in the field may have some length limitations
due to this, let's not start sending larger challenges to those
devices. Instead, drop the challenge to 16 bytes to maintain compat.
There should be plenty of entropy in 16 bytes.

Test: n/a
Change-Id: I1dfd9b4b06131df907683207e4b6bfb2d1c93d65
---
 .../security/keymint/IRemotelyProvisionedComponent.aidl         | 2 +-
 .../aidl/android/hardware/security/keymint/ProtectedData.aidl   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
index ff710f14f6..75990daf0f 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
@@ -335,7 +335,7 @@ interface IRemotelyProvisionedComponent {
      *     UdsCerts,
      *     DiceCertChain,
      *     SignedData<[
-     *         challenge: bstr .size (32..64), ; Provided by the method parameters
+     *         challenge: bstr .size (16..64), ; Provided by the method parameters
      *         bstr .cbor T,
      *     ]>,
      * ]
diff --git a/security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl
index 3f699bc75a..bfe84176f4 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/ProtectedData.aidl
@@ -134,7 +134,7 @@ parcelable ProtectedData {
      *     ]
      *
      *     SignedMacAad = [
-     *         challenge : bstr .size (32..64),   ; Size between 32 - 64
+     *         challenge : bstr .size (16..64),   ; Size between 16 - 64
      *                                            ; bytes inclusive
      *         VerifiedDeviceInfo,
      *         tag: bstr                 ; This is the tag from COSE_Mac0 of