Refactoring app for server changes, P256 support
This change adds support for sending some device information up to the
server and receiving a CBOR encoded configuration package in response
during the fetching of an EEK certificate chain. This configuration
information is stored and accessed in the SettingsManager class, which
acts as a wrapper around the SharedPreferences API.
Since this device configuration API change is not yet ready, the app
will support both the current request/response and the
soon-to-be-accepted request/response on the fetchEek API in order to
facilitate a seamless change to the next version.
In addition to the device configuration, the server will also send down
an array of EekChains instead of just one. This is due to the fact that
P256 support has been added for the exchange between the server and the
underlying KM implementation to support StrongBox KMs that don't
currently have support for curve25519.
Finally, this change also adds logic to better support provisioning the
number of keys that are actually needed based on which keys are
expiring, how many unsigned keypairs are already generated and currently
available, and how many keys are actually assigned and in active use.
These numbers can start to diverge from what is expected due to the
ability for keystore to nudge the RemoteProvisioner app to provision
keys on demand in case there are more apps on device using attestation
than what the default number of signed keys is in the pool.
Test: atest RemoteProvisionerUnitTests
11 files changed