diff options
author | Andrew Scull <ascull@google.com> | 2023-03-29 16:14:35 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-03-29 16:14:35 +0000 |
commit | ec1e66c6b92607839cf80512859411db00ef2568 (patch) | |
tree | a4c77b2186c05510ff8476f4aa86cd1a966dc077 | |
parent | 573f1195ab475dd478e0be7c53d65d01bd9c205c (diff) | |
parent | 793d827e7ad1bbdf9932dae8dbc15fc9266c6c48 (diff) | |
download | keymaster-ec1e66c6b92607839cf80512859411db00ef2568.tar.gz |
Merge "Revert "Implement IRPC v2 behavior in v3"" am: fd71b7216f am: 11c59434c7 am: 487c541111 am: 793d827e7a
Original change: https://android-review.googlesource.com/c/platform/system/keymaster/+/2510136
Change-Id: Id3dcf7401f0fa2106e6394c528d1ed9ddf78a0c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | android_keymaster/android_keymaster.cpp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/android_keymaster/android_keymaster.cpp b/android_keymaster/android_keymaster.cpp index 4a97bad..3e97f04 100644 --- a/android_keymaster/android_keymaster.cpp +++ b/android_keymaster/android_keymaster.cpp @@ -360,6 +360,8 @@ void AndroidKeymaster::GenerateKey(const GenerateKeyRequest& request, &response->certificate_chain); } +constexpr int kRkpVersionWithoutSuperencryption = 3; + void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response) { if (response == nullptr) return; @@ -370,6 +372,11 @@ void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, return; } + GetHwInfoResponse hwInfo(message_version()); + rem_prov_ctx->GetHwInfo(&hwInfo); + bool test_mode = + (hwInfo.version >= kRkpVersionWithoutSuperencryption) ? false : request.test_mode; + // Generate the keypair that will become the attestation key. GenerateKeyRequest gen_key_request(message_version_); gen_key_request.key_description.Reinitialize(kKeyMintEcdsaP256Params, @@ -403,13 +410,13 @@ void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, .add(CoseKey::CURVE, P256) .add(CoseKey::PUBKEY_X, x_coord) .add(CoseKey::PUBKEY_Y, y_coord); - if (request.test_mode) { + if (test_mode) { cose_public_key_map.add(CoseKey::TEST_KEY, cppbor::Null()); } std::vector<uint8_t> cosePublicKey = cose_public_key_map.canonicalize().encode(); - auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx); + auto macFunction = getMacFunction(test_mode, rem_prov_ctx); auto macedKey = constructCoseMac0(macFunction, {} /* externalAad */, cosePublicKey); if (!macedKey) { response->error = static_cast<keymaster_error_t>(kStatusFailed); @@ -432,6 +439,13 @@ void AndroidKeymaster::GenerateCsr(const GenerateCsrRequest& request, return; } + GetHwInfoResponse hwInfo(message_version()); + rem_prov_ctx->GetHwInfo(&hwInfo); + if (hwInfo.version >= kRkpVersionWithoutSuperencryption) { + response->error = static_cast<keymaster_error_t>(kStatusRemoved); + return; + } + auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx); auto pubKeysToSign = validateAndExtractPubkeys(request.test_mode, request.num_keys, request.keys_to_sign_array, macFunction); |