Merge "Revert "Implement IRPC v2 behavior in v3"" am: fd71b7216f am: 11c59434c7

Original change: https://android-review.googlesource.com/c/platform/system/keymaster/+/2510136 Change-Id: If285f2d5aa2f0de058b10f9614892e46e608f169 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Andrew Scull <ascull@google.com> 2023-03-29 15:10:58 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2023-03-29 15:10:58 +0000
commit: 487c541111c50b2da794953042ea5116c682f9f1 (patch)
tree: 8ad21c04ca6b467b4b851352eb1e4b9385a3c99c
parent: 62a0386f3db4c271a2ce395c4386902871a76d74 (diff)
parent: 11c59434c710e2fe59eedb30fd53241a80f697d1 (diff)
download: keymaster-487c541111c50b2da794953042ea5116c682f9f1.tar.gz
1 files changed, 16 insertions, 2 deletions
diff --git a/android_keymaster/android_keymaster.cpp b/android_keymaster/android_keymaster.cpp
index 4a97bad..3e97f04 100644
--- a/android_keymaster/android_keymaster.cpp
+++ b/android_keymaster/android_keymaster.cpp
@@ -360,6 +360,8 @@ void AndroidKeymaster::GenerateKey(const GenerateKeyRequest& request,
                                            &response->certificate_chain);
 }
 
+constexpr int kRkpVersionWithoutSuperencryption = 3;
+
 void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request,
                                       GenerateRkpKeyResponse* response) {
     if (response == nullptr) return;
@@ -370,6 +372,11 @@ void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request,
         return;
     }
 
+    GetHwInfoResponse hwInfo(message_version());
+    rem_prov_ctx->GetHwInfo(&hwInfo);
+    bool test_mode =
+        (hwInfo.version >= kRkpVersionWithoutSuperencryption) ? false : request.test_mode;
+
     // Generate the keypair that will become the attestation key.
     GenerateKeyRequest gen_key_request(message_version_);
     gen_key_request.key_description.Reinitialize(kKeyMintEcdsaP256Params,
@@ -403,13 +410,13 @@ void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request,
                                           .add(CoseKey::CURVE, P256)
                                           .add(CoseKey::PUBKEY_X, x_coord)
                                           .add(CoseKey::PUBKEY_Y, y_coord);
-    if (request.test_mode) {
+    if (test_mode) {
         cose_public_key_map.add(CoseKey::TEST_KEY, cppbor::Null());
     }
 
     std::vector<uint8_t> cosePublicKey = cose_public_key_map.canonicalize().encode();
 
-    auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx);
+    auto macFunction = getMacFunction(test_mode, rem_prov_ctx);
     auto macedKey = constructCoseMac0(macFunction, {} /* externalAad */, cosePublicKey);
     if (!macedKey) {
         response->error = static_cast<keymaster_error_t>(kStatusFailed);
@@ -432,6 +439,13 @@ void AndroidKeymaster::GenerateCsr(const GenerateCsrRequest& request,
         return;
     }
 
+    GetHwInfoResponse hwInfo(message_version());
+    rem_prov_ctx->GetHwInfo(&hwInfo);
+    if (hwInfo.version >= kRkpVersionWithoutSuperencryption) {
+        response->error = static_cast<keymaster_error_t>(kStatusRemoved);
+        return;
+    }
+
     auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx);
     auto pubKeysToSign = validateAndExtractPubkeys(request.test_mode, request.num_keys,
                                                    request.keys_to_sign_array, macFunction);
author	Andrew Scull <ascull@google.com>	2023-03-29 15:10:58 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2023-03-29 15:10:58 +0000
commit	487c541111c50b2da794953042ea5116c682f9f1 (patch)
tree	8ad21c04ca6b467b4b851352eb1e4b9385a3c99c
parent	62a0386f3db4c271a2ce395c4386902871a76d74 (diff)
parent	11c59434c710e2fe59eedb30fd53241a80f697d1 (diff)
download	keymaster-487c541111c50b2da794953042ea5116c682f9f1.tar.gz