- Make the default implementation include the DeviceInfo as a map, not
a bstr-holding-a-map, to match the spec.
- Check the signature of the signed MAC even in test mode.
- Include the DeviceInfo in the data that the signature covers.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I9084343c1273c16a9cbd5a1156e7057a1c54a860
- Test with deliberately-invalid EEK in request:
- corrupt signature
- missing initial self-signed cert
- Test with different sizes of EEK chain.
These tests will only really take effect when we have a valid GEEK to
test with.
Other changes:
- Fix encoding of KeyUsage bitset.
- Add a made-up allowed-root pubkey for prod mode. This needs to be
replaced with the real GEEK when available.
- Fix generateEek() so that the first private key isn't used for
all signing operations.
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I833894d33cd1757b7a0cfcf18f79b61e4e56a556
This alters the AIDL interface and underlying functionality to have the
component return the DeviceInfo CBOR blob that is used as AAD in
verification of a signature over a MAC key. Trying to reconstruct this
from userspace is very likely to lead to pain and subtle errors in the
future as adoption of this HAL increases, and multiple instances of this
HAL may exist on device simultaneously.
Test: atest VtsRemotelyProvisionedComponentTests
Change-Id: I44bd588586652630ed31a87cfda7e9c01cbf0a2f
As per RFC 8152 section 3, the unprotected parameters in the headers
of COSE objects are just encoded as a map, not as a bstr that contains
the CBOR-encoding of a map.
Test: TreeHugger presubmit
Change-Id: Id4eeb023d3a81ad1398d78d410c8224bf941f9b1
This CL re-enables the IRemotelyProvisionedComponent VTS tests after
updating the IRemotelyProvisionedComponent HAL to generate keys with
PURPOSE_ATTEST_KEY instead of PURPOSE_ATTEST_SIGN to match the new
PURPOSE_* functionality in KeyMint.
Test: atest VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: I70c7918b460898d31e343c060ac07986271148a9
