KeyMaster VTS: improve attestation tests (e3cdcb24) · Commits · e / os / android_hardware_interfaces

keymaster/4.0/support/attestation_record.cpp

+74 −37

Original line number	Diff line number	Diff line
		@@ -71,6 +71,7 @@ typedef struct km_auth_list {
		ASN1_INTEGER_SET* padding;
		ASN1_INTEGER* ec_curve;
		ASN1_INTEGER* rsa_public_exponent;
		ASN1_NULL* rollback_resistance;
		ASN1_INTEGER* active_date_time;
		ASN1_INTEGER* origination_expire_date_time;
		ASN1_INTEGER* usage_expire_date_time;
		@@ -78,18 +79,25 @@ typedef struct km_auth_list {
		ASN1_INTEGER* user_auth_type;
		ASN1_INTEGER* auth_timeout;
		ASN1_NULL* allow_while_on_body;
		ASN1_NULL* trusted_user_presence_required;
		ASN1_NULL* trusted_confirmation_required;
		ASN1_NULL* unlocked_device_required;
		ASN1_NULL* all_applications;
		ASN1_OCTET_STRING* application_id;
		ASN1_INTEGER* creation_date_time;
		ASN1_INTEGER* origin;
		ASN1_NULL* rollback_resistance;
		KM_ROOT_OF_TRUST* root_of_trust;
		ASN1_INTEGER* os_version;
		ASN1_INTEGER* os_patchlevel;
		ASN1_OCTET_STRING* attestation_application_id;
		ASN1_NULL* trusted_user_presence_required;
		ASN1_NULL* trusted_confirmation_required;
		ASN1_NULL* unlocked_device_required;
		ASN1_OCTET_STRING* attestation_id_brand;
		ASN1_OCTET_STRING* attestation_id_device;
		ASN1_OCTET_STRING* attestation_id_product;
		ASN1_OCTET_STRING* attestation_id_serial;
		ASN1_OCTET_STRING* attestation_id_imei;
		ASN1_OCTET_STRING* attestation_id_meid;
		ASN1_OCTET_STRING* attestation_id_manufacturer;
		ASN1_OCTET_STRING* attestation_id_model;
		ASN1_INTEGER* vendor_patchlevel;
		ASN1_INTEGER* boot_patchlevel;
		} KM_AUTH_LIST;
		@@ -103,7 +111,9 @@ ASN1_SEQUENCE(KM_AUTH_LIST) = {
		ASN1_EXP_OPT(KM_AUTH_LIST, ec_curve, ASN1_INTEGER, TAG_EC_CURVE.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, rsa_public_exponent, ASN1_INTEGER,
		TAG_RSA_PUBLIC_EXPONENT.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL, TAG_ROLLBACK_RESISTANCE.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL,
		TAG_ROLLBACK_RESISTANCE.maskedTag()),

		ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
		TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),
		@@ -112,22 +122,41 @@ ASN1_SEQUENCE(KM_AUTH_LIST) = {
		ASN1_EXP_OPT(KM_AUTH_LIST, no_auth_required, ASN1_NULL, TAG_NO_AUTH_REQUIRED.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, user_auth_type, ASN1_INTEGER, TAG_USER_AUTH_TYPE.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, auth_timeout, ASN1_INTEGER, TAG_AUTH_TIMEOUT.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL, TAG_ALLOW_WHILE_ON_BODY.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, allow_while_on_body, ASN1_NULL,
		TAG_ALLOW_WHILE_ON_BODY.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, trusted_user_presence_required, ASN1_NULL,
		TAG_TRUSTED_USER_PRESENCE_REQUIRED.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, trusted_confirmation_required, ASN1_NULL,
		TAG_TRUSTED_CONFIRMATION_REQUIRED.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, unlocked_device_required, ASN1_NULL,
		TAG_UNLOCKED_DEVICE_REQUIRED.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER, TAG_CREATION_DATETIME.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, creation_date_time, ASN1_INTEGER,
		TAG_CREATION_DATETIME.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, origin, ASN1_INTEGER, TAG_ORIGIN.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER, TAG_VENDOR_PATCHLEVEL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
		TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_brand, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_BRAND.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_device, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_DEVICE.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_product, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_PRODUCT.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_serial, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_SERIAL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_imei, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_IMEI.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_meid, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_MEID.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_manufacturer, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_MANUFACTURER.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_model, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_MODEL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER,
		TAG_VENDOR_PATCHLEVEL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),
		} ASN1_SEQUENCE_END(KM_AUTH_LIST);
		IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);

		@@ -259,6 +288,14 @@ static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet*
		copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);
		copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);
		copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);
		copyAuthTag(record->attestation_id_brand, TAG_ATTESTATION_ID_BRAND, auth_list);
		copyAuthTag(record->attestation_id_device, TAG_ATTESTATION_ID_DEVICE, auth_list);
		copyAuthTag(record->attestation_id_product, TAG_ATTESTATION_ID_PRODUCT, auth_list);
		copyAuthTag(record->attestation_id_serial, TAG_ATTESTATION_ID_SERIAL, auth_list);
		copyAuthTag(record->attestation_id_imei, TAG_ATTESTATION_ID_IMEI, auth_list);
		copyAuthTag(record->attestation_id_meid, TAG_ATTESTATION_ID_MEID, auth_list);
		copyAuthTag(record->attestation_id_manufacturer, TAG_ATTESTATION_ID_MANUFACTURER, auth_list);
		copyAuthTag(record->attestation_id_model, TAG_ATTESTATION_ID_MODEL, auth_list);
		copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);
		copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);
		copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED,

keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

+101 −0

Original line number	Diff line number	Diff line
		@@ -96,6 +96,18 @@ bool contains(hidl_vec<KeyParameter>& set, TypedTag<tag_type, tag>) {
		return count > 0;
		}

		// If the given property is available, add it to the tag set under the given tag ID.
		template <Tag tag>
		void add_tag_from_prop(AuthorizationSetBuilder* tags, TypedTag<TagType::BYTES, tag> ttag,
		const char* prop) {
		char value[PROPERTY_VALUE_MAX];
		int len = property_get(prop, value, /* default = */ "");
		if (len > 0) {
		tags->Authorization(ttag, reinterpret_cast<const uint8_t*>(value),
		static_cast<size_t>(len));
		}
		}

		constexpr char hex_value[256] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //
		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //
		0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, //
		@@ -4408,6 +4420,95 @@ TEST_P(AttestationTest, EcAttestation) {
		SecLevel(), cert_chain[0]));
		}

		/*
		* AttestationTest.EcAttestationID
		*
		* Verifies that attesting to EC keys with correct attestation ID fields works and generates the
		* expected output.
		*/
		TEST_P(AttestationTest, EcAttestationID) {
		ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.EcdsaSigningKey(EcCurve::P_256)
		.Digest(Digest::SHA_2_256)
		.Authorization(TAG_INCLUDE_UNIQUE_ID)));

		// Collection of valid attestation ID tags.
		auto attestation_id_tags = AuthorizationSetBuilder();
		add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_BRAND, "ro.product.brand");
		add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_DEVICE, "ro.product.device");
		add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_PRODUCT, "ro.product.name");
		add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_SERIAL, "ro.serial");
		add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MANUFACTURER,
		"ro.product.manufacturer");
		add_tag_from_prop(&attestation_id_tags, TAG_ATTESTATION_ID_MODEL, "ro.product.model");

		for (const KeyParameter& tag : attestation_id_tags) {
		AuthorizationSetBuilder builder =
		AuthorizationSetBuilder()
		.Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))
		.Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo"));
		// Include one of the (valid) attestation ID tags.
		builder.push_back(tag);
		hidl_vec<hidl_vec<uint8_t>> cert_chain;
		auto result = AttestKey(builder, &cert_chain);
		if (result == ErrorCode::CANNOT_ATTEST_IDS) {
		continue;
		}

		ASSERT_EQ(ErrorCode::OK, result);
		EXPECT_GE(cert_chain.size(), 2U);

		std::vector<KeyParameter> expected_hw_enforced = key_characteristics_.hardwareEnforced;
		expected_hw_enforced.push_back(tag);

		EXPECT_TRUE(verify_attestation_record(
		"challenge", "foo", key_characteristics_.softwareEnforced,
		hidl_vec<KeyParameter>(expected_hw_enforced), SecLevel(), cert_chain[0]));
		}
		}

		/*
		* AttestationTest.EcAttestationMismatchID
		*
		* Verifies that attesting to EC keys with incorrect attestation ID fields fails.
		*/
		TEST_P(AttestationTest, EcAttestationMismatchID) {
		ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder()
		.Authorization(TAG_NO_AUTH_REQUIRED)
		.EcdsaSigningKey(EcCurve::P_256)
		.Digest(Digest::SHA_2_256)
		.Authorization(TAG_INCLUDE_UNIQUE_ID)));

		// Collection of invalid attestation ID tags.
		std::string invalid = "completely-invalid";
		auto invalid_tags =
		AuthorizationSetBuilder()
		.Authorization(V4_0::TAG_ATTESTATION_ID_BRAND, invalid.data(), invalid.size())
		.Authorization(V4_0::TAG_ATTESTATION_ID_DEVICE, invalid.data(), invalid.size())
		.Authorization(V4_0::TAG_ATTESTATION_ID_PRODUCT, invalid.data(), invalid.size())
		.Authorization(V4_0::TAG_ATTESTATION_ID_SERIAL, invalid.data(), invalid.size())
		.Authorization(V4_0::TAG_ATTESTATION_ID_IMEI, invalid.data(), invalid.size())
		.Authorization(V4_0::TAG_ATTESTATION_ID_MEID, invalid.data(), invalid.size())
		.Authorization(V4_0::TAG_ATTESTATION_ID_MANUFACTURER, invalid.data(),
		invalid.size())
		.Authorization(V4_0::TAG_ATTESTATION_ID_MODEL, invalid.data(), invalid.size());

		for (const KeyParameter& invalid_tag : invalid_tags) {
		AuthorizationSetBuilder builder =
		AuthorizationSetBuilder()
		.Authorization(TAG_ATTESTATION_CHALLENGE, HidlBuf("challenge"))
		.Authorization(TAG_ATTESTATION_APPLICATION_ID, HidlBuf("foo"));
		// Include one of the invalid attestation ID tags.
		builder.push_back(invalid_tag);
		hidl_vec<hidl_vec<uint8_t>> cert_chain;
		auto result = AttestKey(builder, &cert_chain);

		EXPECT_TRUE(result == ErrorCode::CANNOT_ATTEST_IDS \|\| result == ErrorCode::INVALID_TAG)
		<< "result: " << static_cast<int32_t>(result);
		}
		}

		/*
		* AttestationTest.EcAttestationRequiresAttestationAppId
		*

keymaster/4.1/support/attestation_record.cpp

+40 −8

Original line number	Diff line number	Diff line
		@@ -79,6 +79,8 @@ typedef struct km_auth_list {
		ASN1_INTEGER_SET* padding;
		ASN1_INTEGER* ec_curve;
		ASN1_INTEGER* rsa_public_exponent;
		ASN1_NULL* rollback_resistance;
		ASN1_NULL* early_boot_only;
		ASN1_INTEGER* active_date_time;
		ASN1_INTEGER* origination_expire_date_time;
		ASN1_INTEGER* usage_expire_date_time;
		@@ -86,21 +88,27 @@ typedef struct km_auth_list {
		ASN1_INTEGER* user_auth_type;
		ASN1_INTEGER* auth_timeout;
		ASN1_NULL* allow_while_on_body;
		ASN1_NULL* trusted_user_presence_required;
		ASN1_NULL* trusted_confirmation_required;
		ASN1_NULL* unlocked_device_required;
		ASN1_NULL* all_applications;
		ASN1_OCTET_STRING* application_id;
		ASN1_INTEGER* creation_date_time;
		ASN1_INTEGER* origin;
		ASN1_NULL* rollback_resistance;
		KM_ROOT_OF_TRUST* root_of_trust;
		ASN1_INTEGER* os_version;
		ASN1_INTEGER* os_patchlevel;
		ASN1_OCTET_STRING* attestation_application_id;
		ASN1_NULL* trusted_user_presence_required;
		ASN1_NULL* trusted_confirmation_required;
		ASN1_NULL* unlocked_device_required;
		ASN1_OCTET_STRING* attestation_id_brand;
		ASN1_OCTET_STRING* attestation_id_device;
		ASN1_OCTET_STRING* attestation_id_product;
		ASN1_OCTET_STRING* attestation_id_serial;
		ASN1_OCTET_STRING* attestation_id_imei;
		ASN1_OCTET_STRING* attestation_id_meid;
		ASN1_OCTET_STRING* attestation_id_manufacturer;
		ASN1_OCTET_STRING* attestation_id_model;
		ASN1_INTEGER* vendor_patchlevel;
		ASN1_INTEGER* boot_patchlevel;
		ASN1_NULL* early_boot_only;
		ASN1_NULL* device_unique_attestation;
		ASN1_NULL* identity_credential_key;
		} KM_AUTH_LIST;
		@@ -116,6 +124,7 @@ ASN1_SEQUENCE(KM_AUTH_LIST) = {
		TAG_RSA_PUBLIC_EXPONENT.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, rollback_resistance, ASN1_NULL,
		TAG_ROLLBACK_RESISTANCE.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, early_boot_only, ASN1_NULL, TAG_EARLY_BOOT_ONLY.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, active_date_time, ASN1_INTEGER, TAG_ACTIVE_DATETIME.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, origination_expire_date_time, ASN1_INTEGER,
		TAG_ORIGINATION_EXPIRE_DATETIME.maskedTag()),
		@@ -138,12 +147,27 @@ ASN1_SEQUENCE(KM_AUTH_LIST) = {
		ASN1_EXP_OPT(KM_AUTH_LIST, root_of_trust, KM_ROOT_OF_TRUST, TAG_ROOT_OF_TRUST.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, os_version, ASN1_INTEGER, TAG_OS_VERSION.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, os_patchlevel, ASN1_INTEGER, TAG_OS_PATCHLEVEL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
		TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_brand, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_BRAND.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_device, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_DEVICE.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_product, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_PRODUCT.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_serial, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_SERIAL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_imei, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_IMEI.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_meid, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_MEID.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_manufacturer, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_MANUFACTURER.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_model, ASN1_OCTET_STRING,
		TAG_ATTESTATION_ID_MODEL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, vendor_patchlevel, ASN1_INTEGER,
		TAG_VENDOR_PATCHLEVEL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, boot_patchlevel, ASN1_INTEGER, TAG_BOOT_PATCHLEVEL.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, attestation_application_id, ASN1_OCTET_STRING,
		TAG_ATTESTATION_APPLICATION_ID.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, early_boot_only, ASN1_NULL, TAG_EARLY_BOOT_ONLY.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, device_unique_attestation, ASN1_NULL,
		TAG_DEVICE_UNIQUE_ATTESTATION.maskedTag()),
		ASN1_EXP_OPT(KM_AUTH_LIST, identity_credential_key, ASN1_NULL,
		@@ -279,6 +303,14 @@ static ErrorCode extract_auth_list(const KM_AUTH_LIST* record, AuthorizationSet*
		copyAuthTag(record->usage_expire_date_time, TAG_USAGE_EXPIRE_DATETIME, auth_list);
		copyAuthTag(record->user_auth_type, TAG_USER_AUTH_TYPE, auth_list);
		copyAuthTag(record->attestation_application_id, TAG_ATTESTATION_APPLICATION_ID, auth_list);
		copyAuthTag(record->attestation_id_brand, TAG_ATTESTATION_ID_BRAND, auth_list);
		copyAuthTag(record->attestation_id_device, TAG_ATTESTATION_ID_DEVICE, auth_list);
		copyAuthTag(record->attestation_id_product, TAG_ATTESTATION_ID_PRODUCT, auth_list);
		copyAuthTag(record->attestation_id_serial, TAG_ATTESTATION_ID_SERIAL, auth_list);
		copyAuthTag(record->attestation_id_imei, TAG_ATTESTATION_ID_IMEI, auth_list);
		copyAuthTag(record->attestation_id_meid, TAG_ATTESTATION_ID_MEID, auth_list);
		copyAuthTag(record->attestation_id_manufacturer, TAG_ATTESTATION_ID_MANUFACTURER, auth_list);
		copyAuthTag(record->attestation_id_model, TAG_ATTESTATION_ID_MODEL, auth_list);
		copyAuthTag(record->vendor_patchlevel, TAG_VENDOR_PATCHLEVEL, auth_list);
		copyAuthTag(record->boot_patchlevel, TAG_BOOT_PATCHLEVEL, auth_list);
		copyAuthTag(record->trusted_user_presence_required, TAG_TRUSTED_USER_PRESENCE_REQUIRED,

keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h

+8 −0

Original line number	Diff line number	Diff line
		@@ -53,6 +53,14 @@ using V4_0::TAG_APPLICATION_ID;
		using V4_0::TAG_ASSOCIATED_DATA;
		using V4_0::TAG_ATTESTATION_APPLICATION_ID;
		using V4_0::TAG_ATTESTATION_CHALLENGE;
		using V4_0::TAG_ATTESTATION_ID_BRAND;
		using V4_0::TAG_ATTESTATION_ID_DEVICE;
		using V4_0::TAG_ATTESTATION_ID_IMEI;
		using V4_0::TAG_ATTESTATION_ID_MANUFACTURER;
		using V4_0::TAG_ATTESTATION_ID_MEID;
		using V4_0::TAG_ATTESTATION_ID_MODEL;
		using V4_0::TAG_ATTESTATION_ID_PRODUCT;
		using V4_0::TAG_ATTESTATION_ID_SERIAL;
		using V4_0::TAG_AUTH_TIMEOUT;
		using V4_0::TAG_BLOB_USAGE_REQUIREMENTS;
		using V4_0::TAG_BLOCK_MODE;

keymaster/4.1/vts/functional/DeviceUniqueAttestationTest.cpp

+111 −4

File changed.

Preview size limit exceeded, changes collapsed.