1 use std::fmt;
2 
3 use crate::{dice::Chain, rkp::DeviceInfo};
4 
5 use super::ProtectedData;
6 
7 /// Represents a Certificate Signing Request that is sent to an RKP backend to request
8 /// certificates to be signed for a set of public keys. The CSR is partially generated by an
9 /// IRemotelyProvisionedComponent HAL. The set of public keys to be signed is authenticated
10 /// (signed) with a device-unique key.
11 #[derive(Clone, Eq, PartialEq)]
12 pub enum Csr {
13     /// CSR V2 was introduced in Android T. In this version, the payload is encrypted using
14     /// an Endpoint Encryption Key (EEK).
15     V2 {
16         /// Describes the device that is requesting certificates.
17         device_info: DeviceInfo,
18         /// This is the challenge that is authenticated inside the protected data.
19         challenge: Vec<u8>,
20         /// Contains the plaintext of the payload that was encrypted to an EEK.
21         protected_data: ProtectedData,
22     },
23     /// CSR V3 was introduced in Android T. This version drops encryption of the payload.
24     V3 {
25         /// Describes the device that is requesting certificates.
26         device_info: DeviceInfo,
27         /// The DICE chain for the device
28         dice_chain: Chain,
29     },
30 }
31 
32 impl fmt::Debug for Csr {
fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result33     fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result {
34         match self {
35             Csr::V2 { device_info, challenge, protected_data } => fmt
36                 .debug_struct("CSR V2")
37                 .field("DeviceInfo", &device_info)
38                 .field("Challenge", &hex::encode(challenge))
39                 .field("ProtectedData", &protected_data)
40                 .finish(),
41             Csr::V3 { device_info, dice_chain } => fmt
42                 .debug_struct("CSR V3")
43                 .field("DeviceInfo", &device_info)
44                 .field("DiceChain", &dice_chain)
45                 .finish(),
46         }
47     }
48 }
49