Merge "Generalize RKP CDDL schema beyond CSRs" am: ff8f1d6edd

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2237547

Change-Id: I95aaea4e6fa42160c06f367b4144e1b1180923f5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

security/keymint/RKP_CHANGELOG.md

@@ -21,13 +21,13 @@ This document provides an exact description of which changes have occurred in th
 ## IRemotelyProvisionedComponent 2 -> 3
 * ProtectedData has been removed.
 * DeviceInfo
-  * `cert_type` has been added, with values corresponding to `widevine` or `keymint`
   * `version` has moved to a top-level field within the CSR generated by the HAL
 * IRemotelyProvisionedComponent
   * The need for an EEK has been removed. There is no longer an encrypted portion of the CSR.
   * Test mode has been removed.
   * The schema for the CSR itself has been significantly simplified, please see
-    IRemotelyProvisionedComponent.aidl for more details.
-    * Notably, the chain of signing, MACing, and encryption operations has been replaced with a single
+    IRemotelyProvisionedComponent.aidl for more details. Notably,
+    * the chain of signing, MACing, and encryption operations has been replaced with a single
       COSE_Sign1 object.
+    * CertificateType has been added to identify the type of certificate being requested.
 

security/keymint/aidl/android/hardware/security/keymint/DeviceInfo.aidl

@@ -49,16 +49,7 @@ parcelable DeviceInfo {
      *         "security_level" : "tee" / "strongbox",
      *         "fused": 1 / 0,  ; 1 if secure boot is enforced for the processor that the IRPC
      *                          ; implementation is contained in. 0 otherwise.
-     *         "cert_type": CertificateType;
      *     }
-     *
-     *     ; A tstr identifying the type of certificate. The set of supported certificate types may
-     *     ; be extended without requiring a version bump of the HAL. Custom certificate types may
-     *     ; be used, but the provisioning server may reject the request for an unknown certificate
-     *     ; type. The currently defined certificate types are:
-     *     ;  - "widevine"
-     *     ;  - "keymint"
-     *     CertificateType = tstr
      */
     byte[] deviceInfo;
 }

security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl

@@ -315,38 +315,50 @@ interface IRemotelyProvisionedComponent {
      *
      * @return the following CBOR Certificate Signing Request (Csr) serialized into a byte array:
      *
-     * Csr = [
-     *    version: 3,              ; The CDDL Schema version.
-     *    UdsCerts,
-     *    DiceCertChain,
-     *    SignedData
-     * ]
+     * Csr = AuthenticatedMessage<CsrPayload>
      *
-     * ; COSE_Sign1 (untagged)
-     * SignedData = [
-     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
-     *     unprotected: {},
-     *     payload: bstr .cbor SignedDataPayload,
-     *     signature: bstr            ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct) /
-     *                                ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct)
-     * ]
-     *
-     * ; Sig_structure for SignedData
-     * SignedDataSigStruct = [
-     *     context: "Signature1",
-     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
-     *     external_aad: bstr .size 0,
-     *     payload: bstr .cbor SignedDataPayload
-     * ]
-     *
-     * SignedDataPayload = [               ; CBOR Array defining the payload for SignedData
+     * CsrPayload = [                      ; CBOR Array defining the payload for Csr
+     *     version: 1,                     ; The CsrPayload CDDL Schema version.
+     *     CertificateType,                ; The type of certificate being requested.
      *     DeviceInfo,                     ; Defined in DeviceInfo.aidl
      *     challenge: bstr .size (32..64), ; Provided by the method parameters
      *     KeysToSign,                     ; Provided by the method parameters
      * ]
      *
+     *  ; A tstr identifying the type of certificate. The set of supported certificate types may
+     *  ; be extended without requiring a version bump of the HAL. Custom certificate types may
+     *  ; be used, but the provisioning server may reject the request for an unknown certificate
+     *  ; type. The currently defined certificate types are:
+     *  ;  - "widevine"
+     *  ;  - "keymint"
+     *  CertificateType = tstr
+     *
      * KeysToSign = [ * PublicKey ]   ; Please see MacedPublicKey.aidl for the PublicKey definition.
      *
+     * AuthenticatedMessage<T> = [
+     *    version: 3,              ; The AuthenticatedMessage CDDL Schema version.
+     *    UdsCerts,
+     *    DiceCertChain,
+     *    SignedData<T>,
+     * ]
+     *
+     * ; COSE_Sign1 (untagged)
+     * SignedData<T> = [
+     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
+     *     unprotected: {},
+     *     payload: bstr .cbor T / nil,
+     *     signature: bstr         ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<T>) /
+     *                             ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<T>)
+     * ]
+     *
+     * ; Sig_structure for SignedData
+     * SignedDataSigStruct<T> = [
+     *     context: "Signature1",
+     *     protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
+     *     external_aad: bstr .size 0,
+     *     payload: bstr .cbor T
+     * ]
+     *
      * ; UdsCerts allows the platform to provide additional certifications for the UDS_Pub. For
      * ; example, this could be provided by the hardware vendor, who certifies all of their chips.
      * ; The SignerName is a free-form string describing who generated the signature. The root