diff options
author | Andrew Scull <ascull@google.com> | 2023-03-29 15:41:45 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-03-29 15:41:45 +0000 |
commit | 793d827e7ad1bbdf9932dae8dbc15fc9266c6c48 (patch) | |
tree | a4c77b2186c05510ff8476f4aa86cd1a966dc077 | |
parent | 0d2ecdbf78555e81d4be461548260cc6907feb04 (diff) | |
parent | 487c541111c50b2da794953042ea5116c682f9f1 (diff) | |
download | keymaster-793d827e7ad1bbdf9932dae8dbc15fc9266c6c48.tar.gz |
Merge "Revert "Implement IRPC v2 behavior in v3"" am: fd71b7216f am: 11c59434c7 am: 487c541111
Original change: https://android-review.googlesource.com/c/platform/system/keymaster/+/2510136
Change-Id: I8a5eacaa69a07adbc347f09ce3dec10b8f290bbe
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | android_keymaster/android_keymaster.cpp | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/android_keymaster/android_keymaster.cpp b/android_keymaster/android_keymaster.cpp index 4a97bad..3e97f04 100644 --- a/android_keymaster/android_keymaster.cpp +++ b/android_keymaster/android_keymaster.cpp @@ -360,6 +360,8 @@ void AndroidKeymaster::GenerateKey(const GenerateKeyRequest& request, &response->certificate_chain); } +constexpr int kRkpVersionWithoutSuperencryption = 3; + void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response) { if (response == nullptr) return; @@ -370,6 +372,11 @@ void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, return; } + GetHwInfoResponse hwInfo(message_version()); + rem_prov_ctx->GetHwInfo(&hwInfo); + bool test_mode = + (hwInfo.version >= kRkpVersionWithoutSuperencryption) ? false : request.test_mode; + // Generate the keypair that will become the attestation key. GenerateKeyRequest gen_key_request(message_version_); gen_key_request.key_description.Reinitialize(kKeyMintEcdsaP256Params, @@ -403,13 +410,13 @@ void AndroidKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, .add(CoseKey::CURVE, P256) .add(CoseKey::PUBKEY_X, x_coord) .add(CoseKey::PUBKEY_Y, y_coord); - if (request.test_mode) { + if (test_mode) { cose_public_key_map.add(CoseKey::TEST_KEY, cppbor::Null()); } std::vector<uint8_t> cosePublicKey = cose_public_key_map.canonicalize().encode(); - auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx); + auto macFunction = getMacFunction(test_mode, rem_prov_ctx); auto macedKey = constructCoseMac0(macFunction, {} /* externalAad */, cosePublicKey); if (!macedKey) { response->error = static_cast<keymaster_error_t>(kStatusFailed); @@ -432,6 +439,13 @@ void AndroidKeymaster::GenerateCsr(const GenerateCsrRequest& request, return; } + GetHwInfoResponse hwInfo(message_version()); + rem_prov_ctx->GetHwInfo(&hwInfo); + if (hwInfo.version >= kRkpVersionWithoutSuperencryption) { + response->error = static_cast<keymaster_error_t>(kStatusRemoved); + return; + } + auto macFunction = getMacFunction(request.test_mode, rem_prov_ctx); auto pubKeysToSign = validateAndExtractPubkeys(request.test_mode, request.num_keys, request.keys_to_sign_array, macFunction); |