ID attestation: Pass second IMEIs to Keystore
To support attestation of a second IMEI, when ID attestation (with IMEI)
is requested, pass in the 2nd IMEI as a SECOND_IMEI KeyMint tag.
Bug: 244732345
Test: atest android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I19a3733746fa6a35c6225f0c60fd9f4b51a62ab1
diff --git a/core/java/android/security/keymaster/KeymasterDefs.java b/core/java/android/security/keymaster/KeymasterDefs.java
index e720f1a..4d6422c 100644
--- a/core/java/android/security/keymaster/KeymasterDefs.java
+++ b/core/java/android/security/keymaster/KeymasterDefs.java
@@ -126,6 +126,8 @@
Tag.BOOT_PATCHLEVEL; // KM_UINT | 719;
public static final int KM_TAG_DEVICE_UNIQUE_ATTESTATION =
Tag.DEVICE_UNIQUE_ATTESTATION; // KM_BOOL | 720;
+ public static final int KM_TAG_ATTESTATION_ID_SECOND_IMEI =
+ Tag.ATTESTATION_ID_SECOND_IMEI; // KM_BYTES | 723;
public static final int KM_TAG_NONCE = Tag.NONCE; // KM_BYTES | 1001;
public static final int KM_TAG_MAC_LENGTH = Tag.MAC_LENGTH; // KM_UINT | 1003;
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
index acc0005..afec830 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java
@@ -52,6 +52,7 @@
import android.system.keystore2.KeyMetadata;
import android.system.keystore2.ResponseCode;
import android.telephony.TelephonyManager;
+import android.text.TextUtils;
import android.util.ArraySet;
import android.util.Log;
@@ -856,6 +857,13 @@
KeymasterDefs.KM_TAG_ATTESTATION_ID_IMEI,
imei.getBytes(StandardCharsets.UTF_8)
));
+ final String secondImei = telephonyService.getImei(1);
+ if (!TextUtils.isEmpty(secondImei)) {
+ params.add(KeyStore2ParameterUtils.makeBytes(
+ KeymasterDefs.KM_TAG_ATTESTATION_ID_SECOND_IMEI,
+ secondImei.getBytes(StandardCharsets.UTF_8)
+ ));
+ }
break;
}
case AttestationUtils.ID_TYPE_MEID: {