1 use std::fmt; 2 3 use crate::{dice::Chain, rkp::DeviceInfo}; 4 5 use super::ProtectedData; 6 7 /// Represents a Certificate Signing Request that is sent to an RKP backend to request 8 /// certificates to be signed for a set of public keys. The CSR is partially generated by an 9 /// IRemotelyProvisionedComponent HAL. The set of public keys to be signed is authenticated 10 /// (signed) with a device-unique key. 11 #[derive(Clone, Eq, PartialEq)] 12 pub enum Csr { 13 /// CSR V2 was introduced in Android T. In this version, the payload is encrypted using 14 /// an Endpoint Encryption Key (EEK). 15 V2 { 16 /// Describes the device that is requesting certificates. 17 device_info: DeviceInfo, 18 /// This is the challenge that is authenticated inside the protected data. 19 challenge: Vec<u8>, 20 /// Contains the plaintext of the payload that was encrypted to an EEK. 21 protected_data: ProtectedData, 22 }, 23 /// CSR V3 was introduced in Android T. This version drops encryption of the payload. 24 V3 { 25 /// Describes the device that is requesting certificates. 26 device_info: DeviceInfo, 27 /// The DICE chain for the device 28 dice_chain: Chain, 29 }, 30 } 31 32 impl fmt::Debug for Csr { fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result33 fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { 34 match self { 35 Csr::V2 { device_info, challenge, protected_data } => fmt 36 .debug_struct("CSR V2") 37 .field("DeviceInfo", &device_info) 38 .field("Challenge", &hex::encode(challenge)) 39 .field("ProtectedData", &protected_data) 40 .finish(), 41 Csr::V3 { device_info, dice_chain } => fmt 42 .debug_struct("CSR V3") 43 .field("DeviceInfo", &device_info) 44 .field("DiceChain", &dice_chain) 45 .finish(), 46 } 47 } 48 } 49