Merge "rkp: pull out remaining CDDL and make compliant" into main
This commit is contained in:
commit
05f682fd3d
9 changed files with 130 additions and 128 deletions
|
@ -32,79 +32,9 @@ parcelable DeviceInfo {
|
|||
* non-canonical to group similar entries semantically.
|
||||
*
|
||||
* The DeviceInfo has changed across versions 1, 2, and 3 of the HAL. All versions of the
|
||||
* DeviceInfo CDDL are described as follows. Please refer to the CDDL structure version
|
||||
* that corresponds to the HAL version you are working with:
|
||||
* DeviceInfo CDDL are described in the DeviceInfoV*.cddl files. Please refer to the CDDL
|
||||
* structure version that corresponds to the HAL version you are working with.
|
||||
*
|
||||
* Version 3, introduced in Android 14:
|
||||
* DeviceInfo = {
|
||||
* "brand" : tstr,
|
||||
* "manufacturer" : tstr,
|
||||
* "product" : tstr,
|
||||
* "model" : tstr,
|
||||
* "device" : tstr,
|
||||
* "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values
|
||||
* "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values
|
||||
* "vbmeta_digest": bstr, ; Taken from the AVB values
|
||||
* ? "os_version" : tstr, ; Same as
|
||||
* ; android.os.Build.VERSION.release
|
||||
* ; Not optional for TEE.
|
||||
* "system_patch_level" : uint, ; YYYYMM, must match KeyMint OS_PATCHLEVEL
|
||||
* "boot_patch_level" : uint, ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
|
||||
* "vendor_patch_level" : uint, ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
|
||||
* "security_level" : "tee" / "strongbox",
|
||||
* "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC
|
||||
* ; implementation is contained in. 0 otherwise.
|
||||
* }
|
||||
*
|
||||
* ---------------------------------------------------------------------------------------------
|
||||
*
|
||||
* Version 2, introduced in Android 13:
|
||||
* DeviceInfo = {
|
||||
* "brand" : tstr,
|
||||
* "manufacturer" : tstr,
|
||||
* "product" : tstr,
|
||||
* "model" : tstr,
|
||||
* "device" : tstr,
|
||||
* "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values
|
||||
* "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values
|
||||
* "vbmeta_digest": bstr, ; Taken from the AVB values
|
||||
* ? "os_version" : tstr, ; Same as
|
||||
* ; android.os.Build.VERSION.release
|
||||
* ; Not optional for TEE.
|
||||
* "system_patch_level" : uint, ; YYYYMM, must match KeyMint OS_PATCHLEVEL
|
||||
* "boot_patch_level" : uint, ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
|
||||
* "vendor_patch_level" : uint, ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
|
||||
* "version" : 2, ; The CDDL schema version.
|
||||
* "security_level" : "tee" / "strongbox",
|
||||
* "fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC
|
||||
* ; implementation is contained in. 0 otherwise.
|
||||
*
|
||||
* ---------------------------------------------------------------------------------------------
|
||||
*
|
||||
* Version 1, introduced in Android 12:
|
||||
* DeviceInfo = {
|
||||
* ? "brand" : tstr,
|
||||
* ? "manufacturer" : tstr,
|
||||
* ? "product" : tstr,
|
||||
* ? "model" : tstr,
|
||||
* ? "board" : tstr,
|
||||
* ? "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values
|
||||
* ? "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values
|
||||
* ? "vbmeta_digest": bstr, ; Taken from the AVB values
|
||||
* ? "os_version" : tstr, ; Same as
|
||||
* ; android.os.Build.VERSION.release
|
||||
* ? "system_patch_level" : uint, ; YYYYMM, must match KeyMint OS_PATCHLEVEL
|
||||
* ? "boot_patch_level" : uint, ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
|
||||
* ? "vendor_patch_level" : uint, ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
|
||||
* "version" : 1, ; The CDDL schema version.
|
||||
* "security_level" : "tee" / "strongbox"
|
||||
* "att_id_state": "locked" / "open", ; Attestation IDs State. If "locked", this
|
||||
* ; indicates a device's attestable IDs are
|
||||
* ; factory-locked and immutable. If "open",
|
||||
* ; this indicates the device is still in a
|
||||
* ; provisionable state and the attestable IDs
|
||||
* ; are not yet frozen.
|
||||
* }
|
||||
*/
|
||||
byte[] deviceInfo;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,24 @@
|
|||
; Version 1, introduced in Android 12:
|
||||
DeviceInfo = {
|
||||
? "brand" : tstr,
|
||||
? "manufacturer" : tstr,
|
||||
? "product" : tstr,
|
||||
? "model" : tstr,
|
||||
? "board" : tstr,
|
||||
? "vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values
|
||||
? "bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values
|
||||
? "vbmeta_digest": bstr, ; Taken from the AVB values
|
||||
? "os_version" : tstr, ; Same as
|
||||
; android.os.Build.VERSION.release
|
||||
? "system_patch_level" : uint, ; YYYYMM, must match KeyMint OS_PATCHLEVEL
|
||||
? "boot_patch_level" : uint, ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
|
||||
? "vendor_patch_level" : uint, ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
|
||||
"version" : 1, ; The CDDL schema version.
|
||||
"security_level" : "tee" / "strongbox"
|
||||
"att_id_state": "locked" / "open", ; Attestation IDs State. If "locked", this
|
||||
; indicates a device's attestable IDs are
|
||||
; factory-locked and immutable. If "open",
|
||||
; this indicates the device is still in a
|
||||
; provisionable state and the attestable IDs
|
||||
; are not yet frozen.
|
||||
}
|
|
@ -0,0 +1,21 @@
|
|||
; Version 2, introduced in Android 13:
|
||||
DeviceInfo = {
|
||||
"brand" : tstr,
|
||||
"manufacturer" : tstr,
|
||||
"product" : tstr,
|
||||
"model" : tstr,
|
||||
"device" : tstr,
|
||||
"vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values
|
||||
"bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values
|
||||
"vbmeta_digest": bstr, ; Taken from the AVB values
|
||||
? "os_version" : tstr, ; Same as
|
||||
; android.os.Build.VERSION.release
|
||||
; Not optional for TEE.
|
||||
"system_patch_level" : uint, ; YYYYMM, must match KeyMint OS_PATCHLEVEL
|
||||
"boot_patch_level" : uint, ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
|
||||
"vendor_patch_level" : uint, ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
|
||||
"version" : 2, ; The CDDL schema version.
|
||||
"security_level" : "tee" / "strongbox",
|
||||
"fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC
|
||||
; implementation is contained in. 0 otherwise.
|
||||
}
|
|
@ -0,0 +1,20 @@
|
|||
; Version 3, introduced in Android 14:
|
||||
DeviceInfo = {
|
||||
"brand" : tstr,
|
||||
"manufacturer" : tstr,
|
||||
"product" : tstr,
|
||||
"model" : tstr,
|
||||
"device" : tstr,
|
||||
"vb_state" : "green" / "yellow" / "orange", ; Taken from the AVB values
|
||||
"bootloader_state" : "locked" / "unlocked", ; Taken from the AVB values
|
||||
"vbmeta_digest": bstr, ; Taken from the AVB values
|
||||
? "os_version" : tstr, ; Same as
|
||||
; android.os.Build.VERSION.release
|
||||
; Not optional for TEE.
|
||||
"system_patch_level" : uint, ; YYYYMM, must match KeyMint OS_PATCHLEVEL
|
||||
"boot_patch_level" : uint, ; YYYYMMDD, must match KeyMint BOOT_PATCHLEVEL
|
||||
"vendor_patch_level" : uint, ; YYYYMMDD, must match KeyMint VENDOR_PATCHLEVEL
|
||||
"security_level" : "tee" / "strongbox",
|
||||
"fused": 1 / 0, ; 1 if secure boot is enforced for the processor that the IRPC
|
||||
; implementation is contained in. 0 otherwise.
|
||||
}
|
|
@ -28,33 +28,8 @@ parcelable MacedPublicKey {
|
|||
* only to the secure environment, as proof that the public key was generated by that
|
||||
* environment. In CDDL, assuming the contained key is a P-256 public key:
|
||||
*
|
||||
* MacedPublicKey = [ ; COSE_Mac0
|
||||
* protected: bstr .cbor { 1 : 5}, ; Algorithm : HMAC-256
|
||||
* unprotected: { },
|
||||
* payload : bstr .cbor PublicKey,
|
||||
* tag : bstr HMAC-256(K_mac, MAC_structure)
|
||||
* ]
|
||||
* See MacedPublicKey.cddl for CDDL definition.
|
||||
*
|
||||
* ; NOTE: -70000 is deprecated for v3 HAL implementations.
|
||||
* ; NOTE: Integer encoding is different for Ed25519 and P256 keys:
|
||||
* ; - Ed25519 is LE: https://www.rfc-editor.org/rfc/rfc8032#section-3.1
|
||||
* ; - P256 is BE: https://www.secg.org/sec1-v2.pdf#page=19 (section 2.3.7)
|
||||
* PublicKey = { ; COSE_Key
|
||||
* 1 : 2, ; Key type : EC2
|
||||
* 3 : -7, ; Algorithm : ES256
|
||||
* -1 : 1, ; Curve : P256
|
||||
* -2 : bstr, ; X coordinate, big-endian
|
||||
* -3 : bstr, ; Y coordinate, big-endian
|
||||
* -70000 : nil ; Presence indicates this is a test key. If set, K_mac is
|
||||
* ; all zeros.
|
||||
* },
|
||||
*
|
||||
* MAC_structure = [
|
||||
* context : "MAC0",
|
||||
* protected : bstr .cbor { 1 : 5 },
|
||||
* external_aad : bstr .size 0,
|
||||
* payload : bstr .cbor PublicKey
|
||||
* ]
|
||||
*/
|
||||
byte[] macedKey;
|
||||
}
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
MacedPublicKey = [ ; COSE_Mac0 [RFC9052 s6.2]
|
||||
protected: bstr .cbor { 1 : 5}, ; Algorithm : HMAC-256
|
||||
unprotected: { },
|
||||
payload : bstr .cbor PublicKey,
|
||||
tag : bstr ; HMAC-256(K_mac, MAC_structure)
|
||||
]
|
||||
|
||||
MAC_structure = [ ; [RFC9052 s6.3]
|
||||
context : "MAC0",
|
||||
protected : bstr .cbor { 1 : 5 },
|
||||
external_aad : bstr .size 0,
|
||||
payload : bstr .cbor PublicKey
|
||||
]
|
||||
|
||||
; INCLUDE PublicKey.cddl for: PublicKey
|
|
@ -0,0 +1,13 @@
|
|||
; NOTE: -70000 is deprecated for v3 HAL implementations.
|
||||
; NOTE: Integer encoding is different for Ed25519 and P256 keys:
|
||||
; - Ed25519 is LE: https://www.rfc-editor.org/rfc/rfc8032#section-3.1
|
||||
; - P256 is BE: https://www.secg.org/sec1-v2.pdf#page=19 (section 2.3.7)
|
||||
PublicKey = { ; COSE_Key [RFC9052 s7]
|
||||
1 : 2, ; Key type : EC2
|
||||
3 : -7, ; Algorithm : ES256
|
||||
-1 : 1, ; Curve : P256
|
||||
-2 : bstr, ; X coordinate, big-endian
|
||||
-3 : bstr, ; Y coordinate, big-endian
|
||||
? -70000 : nil ; Presence indicates this is a test key. If set, K_mac is
|
||||
; all zeros.
|
||||
}
|
|
@ -3,25 +3,25 @@
|
|||
|
||||
EekChain = [ + SignedSignatureKey, SignedEek ]
|
||||
|
||||
SignedSignatureKey = [ ; COSE_Sign1
|
||||
SignedSignatureKey = [ ; COSE_Sign1 [RFC9052 s4.2]
|
||||
protected: bstr .cbor {
|
||||
1 : AlgorithmEdDSA / AlgorithmES256, ; Algorithm
|
||||
},
|
||||
unprotected: {},
|
||||
payload: bstr .cbor SignatureKeyEd25519 /
|
||||
bstr .cbor SignatureKeyP256,
|
||||
signature: bstr PureEd25519(.cbor SignatureKeySignatureInput) /
|
||||
bstr ECDSA(.cbor SignatureKeySignatureInput)
|
||||
signature: bstr ; PureEd25519(.cbor SignatureKeySignatureInput) /
|
||||
; ECDSA(.cbor SignatureKeySignatureInput)
|
||||
]
|
||||
|
||||
SignatureKeyEd25519 = { ; COSE_Key
|
||||
SignatureKeyEd25519 = { ; COSE_Key [RFC9052 s7]
|
||||
1 : 1, ; Key type : Octet Key Pair
|
||||
3 : AlgorithmEdDSA, ; Algorithm
|
||||
-1 : 6, ; Curve : Ed25519
|
||||
-2 : bstr ; Ed25519 public key
|
||||
}
|
||||
|
||||
SignatureKeyP256 = { ; COSE_Key
|
||||
SignatureKeyP256 = { ; COSE_Key [RC9052 s7]
|
||||
1 : 2, ; Key type : EC2
|
||||
3 : AlgorithmES256, ; Algorithm
|
||||
-1 : 1, ; Curve: P256
|
||||
|
@ -37,16 +37,15 @@ SignatureKeySignatureInput = [
|
|||
bstr .cbor SignatureKeyP256
|
||||
]
|
||||
|
||||
; COSE_Sign1
|
||||
SignedEek = [
|
||||
SignedEek = [ ; COSE_Sign1 [RFC9052 s4.2]
|
||||
protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
|
||||
unprotected: {},
|
||||
payload: bstr .cbor EekX25519 / .cbor EekP256,
|
||||
signature: bstr PureEd25519(.cbor EekSignatureInput) /
|
||||
bstr ECDSA(.cbor EekSignatureInput)
|
||||
payload: bstr .cbor EekX25519 / EekP256,
|
||||
signature: bstr ; PureEd25519(.cbor EekSignatureInput) /
|
||||
; ECDSA(.cbor EekSignatureInput)
|
||||
]
|
||||
|
||||
EekX25519 = { ; COSE_Key
|
||||
EekX25519 = { ; COSE_Key [RFC9052 s7]
|
||||
1 : 1, ; Key type : Octet Key Pair
|
||||
2 : bstr ; KID : EEK ID
|
||||
3 : -25, ; Algorithm : ECDH-ES + HKDF-256
|
||||
|
@ -54,7 +53,7 @@ EekX25519 = { ; COSE_Key
|
|||
-2 : bstr ; X25519 public key, little-endian
|
||||
}
|
||||
|
||||
EekP256 = { ; COSE_Key
|
||||
EekP256 = { ; COSE_Key [RFC9052 s7]
|
||||
1 : 2, ; Key type : EC2
|
||||
2 : bstr ; KID : EEK ID
|
||||
3 : -25, ; Algorithm : ECDH-ES + HKDF-256
|
||||
|
@ -67,13 +66,13 @@ EekSignatureInput = [
|
|||
context: "Signature1",
|
||||
body_protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
|
||||
external_aad: bstr .size 0,
|
||||
payload: bstr .cbor EekX25519 / .cbor EekP256
|
||||
payload: bstr .cbor EekX25519 / EekP256
|
||||
]
|
||||
|
||||
AlgorithmES256 = -7 ; RFC 8152 section 8.1
|
||||
AlgorithmEdDSA = -8 ; RFC 8152 section 8.2
|
||||
AlgorithmES256 = -7 ; [RFC8152 s8.1]
|
||||
AlgorithmEdDSA = -8 ; [RFC8152 s8.2]
|
||||
|
||||
MacedKeys = [ ; COSE_Mac0
|
||||
MacedKeys = [ ; COSE_Mac0 [RFC9052 s6.2]
|
||||
protected : bstr .cbor {
|
||||
1 : 5, ; Algorithm : HMAC-256
|
||||
},
|
||||
|
@ -83,10 +82,12 @@ MacedKeys = [ ; COSE_Mac0
|
|||
tag: bstr
|
||||
]
|
||||
|
||||
KeysToMacStructure = [
|
||||
KeysToMacStructure = [ ; [RFC9052 s6.3]
|
||||
context : "MAC0",
|
||||
protected : bstr .cbor { 1 : 5 }, ; Algorithm : HMAC-256
|
||||
external_aad : bstr .size 0,
|
||||
; Payload is PublicKeys from keysToSign argument, in provided order.
|
||||
payload : bstr .cbor [ * PublicKey ]
|
||||
]
|
||||
|
||||
; INCLUDE PublicKey.cddl for: PublicKey
|
||||
|
|
|
@ -6,7 +6,7 @@ Csr = AuthenticatedRequest<CsrPayload>
|
|||
CsrPayload = [ ; CBOR Array defining the payload for Csr
|
||||
version: 3, ; The CsrPayload CDDL Schema version.
|
||||
CertificateType, ; The type of certificate being requested.
|
||||
DeviceInfo, ; Defined in DeviceInfo.aidl
|
||||
DeviceInfo, ; Defined in the relevant DeviceInfoV*.cddl file.
|
||||
KeysToSign, ; Provided by the method parameters
|
||||
]
|
||||
|
||||
|
@ -18,7 +18,7 @@ CsrPayload = [ ; CBOR Array defining the payload for Csr
|
|||
; - "keymint"
|
||||
CertificateType = tstr
|
||||
|
||||
KeysToSign = [ * PublicKey ] ; Please see MacedPublicKey.aidl for the PublicKey definition.
|
||||
KeysToSign = [ * PublicKey ] ; Please see PublicKey.cddl for the PublicKey definition.
|
||||
|
||||
AuthenticatedRequest<T> = [
|
||||
version: 1, ; The AuthenticatedRequest CDDL Schema version.
|
||||
|
@ -30,7 +30,7 @@ AuthenticatedRequest<T> = [
|
|||
]>,
|
||||
]
|
||||
|
||||
; COSE_Sign1 (untagged)
|
||||
; COSE_Sign1 (untagged) [RFC9052 s4.2]
|
||||
SignedData<Data> = [
|
||||
protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 / AlgorithmES384 },
|
||||
unprotected: {},
|
||||
|
@ -39,7 +39,7 @@ SignedData<Data> = [
|
|||
; ECDSA(CDI_Leaf_Priv, SignedDataSigStruct<Data>)
|
||||
]
|
||||
|
||||
; Sig_structure for SignedData
|
||||
; Sig_structure for SignedData [ RFC9052 s4.4]
|
||||
SignedDataSigStruct<Data> = [
|
||||
context: "Signature1",
|
||||
protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 / AlgorithmES384 },
|
||||
|
@ -113,7 +113,7 @@ DiceChainEntryPayload = { ; CWT [RFC8392]
|
|||
|
||||
; Each entry in the DICE chain is a DiceChainEntryPayload signed by the key from the previous
|
||||
; entry in the DICE chain array.
|
||||
DiceChainEntry = [ ; COSE_Sign1 (untagged)
|
||||
DiceChainEntry = [ ; COSE_Sign1 (untagged), [RFC9052 s4.2]
|
||||
protected : bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 / AlgorithmES384 },
|
||||
unprotected: {},
|
||||
payload: bstr .cbor DiceChainEntryPayload,
|
||||
|
@ -135,14 +135,14 @@ DiceChainEntryInput = [
|
|||
; NOTE: Integer encoding is different for Ed25519 and P256 keys:
|
||||
; - Ed25519 is LE: https://www.rfc-editor.org/rfc/rfc8032#section-3.1
|
||||
; - P256 is BE: https://www.secg.org/sec1-v2.pdf#page=19 (section 2.3.7)
|
||||
PubKeyEd25519 = { ; COSE_Key
|
||||
PubKeyEd25519 = { ; COSE_Key [RFC9052 s7]
|
||||
1 : 1, ; Key type : octet key pair
|
||||
3 : AlgorithmEdDSA, ; Algorithm : EdDSA
|
||||
-1 : 6, ; Curve : Ed25519
|
||||
-2 : bstr ; X coordinate, little-endian
|
||||
}
|
||||
|
||||
PubKeyECDSA256 = { ; COSE_Key
|
||||
PubKeyECDSA256 = { ; COSE_Key [RFC9052 s7]
|
||||
1 : 2, ; Key type : EC2
|
||||
3 : AlgorithmES256, ; Algorithm : ECDSA w/ SHA-256
|
||||
-1 : 1, ; Curve: P256
|
||||
|
@ -150,14 +150,17 @@ PubKeyECDSA256 = { ; COSE_Key
|
|||
-3 : bstr ; Y coordinate, big-endian
|
||||
}
|
||||
|
||||
PubKeyECDSA384 = { ; COSE_Key
|
||||
PubKeyECDSA384 = { ; COSE_Key [RFC9052 s7]
|
||||
1 : 2, ; Key type : EC2
|
||||
3 : AlgorithmES384, ; Algorithm : ECDSA w/ SHA-384
|
||||
-1 : 2, ; Curve: P384
|
||||
-2 : bstr, ; X coordinate
|
||||
-3 : bstr ; Y coordinate
|
||||
-2 : bstr, ; X coordinate, big-endian
|
||||
-3 : bstr ; Y coordinate, big-endian
|
||||
}
|
||||
|
||||
AlgorithmES256 = -7
|
||||
AlgorithmES384 = -35
|
||||
AlgorithmEdDSA = -8
|
||||
AlgorithmES256 = -7 ; [RFC9053 s2.1]
|
||||
AlgorithmES384 = -35 ; [RFC9053 s2.1]
|
||||
AlgorithmEdDSA = -8 ; [RFC9053 s2.2]
|
||||
|
||||
; INCLUDE PublicKey.cddl for: PublicKey
|
||||
; INCLUDE DeviceInfoV3.cddl for: DeviceInfo
|
||||
|
|
Loading…
Reference in a new issue