diff options
author | Andrew Scull <ascull@google.com> | 2023-03-27 22:02:35 +0000 |
---|---|---|
committer | Andrew Scull <ascull@google.com> | 2023-03-27 22:04:05 +0000 |
commit | bcfcc2697c41ac5ed050a0f160759f3cd9a43bcc (patch) | |
tree | c5bda3d8d8b67c3ce16a1b805f7006bc34ff1459 | |
parent | 25924fca88b34419adb9a123928931721d21c36a (diff) | |
download | keymaster-bcfcc2697c41ac5ed050a0f160759f3cd9a43bcc.tar.gz |
Revert "Implement IRPC v2 behavior in v3"
This reverts commit 7d26415185673735e1d41cd4922ba725fcd34362.
Bug: 260920864
Test: TH
Change-Id: Icaa82e80c05f82fa0d5febba93b3dc2dcb61c126
-rw-r--r-- | android_keymaster/android_keymaster.cpp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/android_keymaster/android_keymaster.cpp b/android_keymaster/android_keymaster.cpp index 4a97bad..3e97f04 100644 --- a/android_keymaster/android_keymaster.cpp +++ b/android_keymaster/android_keymaster.cpp @@ -360,6 +360,8 @@ void AndroidKeymaster::GenerateKey(const GenerateKeyRequest& request, &response->certificate_chain); } +constexpr int kRkpVersionWithoutSuperencryption = 3; + void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response) { if (response == nullptr) return; @@ -370,6 +372,11 @@ void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, return; } + GetHwInfoResponse hwInfo(message_version()); + rem_prov_ctx->GetHwInfo(&hwInfo); + bool test_mode = + (hwInfo.version >= kRkpVersionWithoutSuperencryption) ? false : request.test_mode; + // Generate the keypair that will become the attestation key. GenerateKeyRequest gen_key_request(message_version_); gen_key_request.key_description.Reinitialize(kKeyMintEcdsaP256Params, @@ -403,13 +410,13 @@ void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, .add(CoseKey::CURVE, P256) .add(CoseKey::PUBKEY_X, x_coord) .add(CoseKey::PUBKEY_Y, y_coord); - if (request.test_mode) { + if (test_mode) { cose_public_key_map.add(CoseKey::TEST_KEY, cppbor::Null()); } std::vector<uint8_t> cosePublicKey = cose_public_key_map.canonicalize().encode(); - auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx); + auto macFunction = getMacFunction(test_mode, rem_prov_ctx); auto macedKey = constructCoseMac0(macFunction, {} /* externalAad */, cosePublicKey); if (!macedKey) { response->error = static_cast<keymaster_error_t>(kStatusFailed); @@ -432,6 +439,13 @@ void AndroidKeymaster::GenerateCsr(const GenerateCsrRequest& request, return; } + GetHwInfoResponse hwInfo(message_version()); + rem_prov_ctx->GetHwInfo(&hwInfo); + if (hwInfo.version >= kRkpVersionWithoutSuperencryption) { + response->error = static_cast<keymaster_error_t>(kStatusRemoved); + return; + } + auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx); auto pubKeysToSign = validateAndExtractPubkeys(request.test_mode, request.num_keys, request.keys_to_sign_array, macFunction); |