Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c5450766 authored by Eran Messeri's avatar Eran Messeri
Browse files

Wire individual attestation 

Properly define the constant for requesting the use of device individual
attestation certificate and use it in AttestationUtils.

This lets callers to DevicePolicyManager.generateKeyPair request the use
of device-unique attestation certificate, on Keymaster implementations
that support this.

Bug: 140193672
Bug: 136494773
Test: atest com.android.cts.devicepolicy.MixedDeviceOwnerTest#testKeyManagement
Change-Id: I74de89e4c121a27b0495dcb99b0775445c3d4eaf
parent 98547953

core/java/android/security/keymaster/KeymasterDefs.java

+1 −0
Original line number Diff line number Diff line
@@ -94,6 +94,7 @@ public final class KeymasterDefs { 
    public static final int KM_TAG_ATTESTATION_ID_MEID = KM_BYTES | 715;

    public static final int KM_TAG_ATTESTATION_ID_MANUFACTURER = KM_BYTES | 716;

    public static final int KM_TAG_ATTESTATION_ID_MODEL = KM_BYTES | 717;

    public static final int KM_TAG_DEVICE_UNIQUE_ATTESTATION = KM_BOOL | 720;



    public static final int KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000;

    public static final int KM_TAG_NONCE = KM_BYTES | 1001;

keystore/java/android/security/keystore/AttestationUtils.java

+1 −4
Original line number Diff line number Diff line
@@ -204,10 +204,7 @@ public abstract class AttestationUtils { 
                    break;

                }

                case USE_INDIVIDUAL_ATTESTATION: {

                    //TODO: Add the Keymaster tag for requesting the use of individual

                    //attestation certificate, which should be

                    //KeymasterDefs.KM_TAG_DEVICE_UNIQUE_ATTESTATION

                    attestArgs.addBoolean(720);

                    attestArgs.addBoolean(KeymasterDefs.KM_TAG_DEVICE_UNIQUE_ATTESTATION);

                    break;

                }

                default: