commit 7ea97a310a4b95cbd92d001a330a65fc69c96ff6
author David Drysdale <drysdale@google.com> Fri Sep 02 10:08:40 2022 +0100
committer David Drysdale <drysdale@google.com> Fri Sep 02 17:08:04 2022 +0100
tree b1ec5816a4ea8eef1f30b82be6bdff008eed2e3f
parent 4683a5383ffd8ac0e76b09d096b9a3d85dd0a379

KeyMint HAL: reinstate tags in extension schema

Commit 93c72cef924e ("KeyMint: sync all attestation tags",
http://aosp/1719302) removed various tags from the attestation that are
only applicable to symmetric keys, on the assumption that these are
irrelevant for the attestation extension that is generated for the
certificate holding asymmetric public keys.

However, that change did not take into account the fact that the
AuthorizationList ASN.1 schema is re-used elsewhere in the KeyMint API,
specifically as a way of describing the characteristics associated with
a key that is being securely imported via
IKeyMintDevice::importWrappedKey.

That import process may be used for symmetrics keys, and so the tags
that are specific to symmetric keys still need to be included in
AuthorizationList.

Similarly, USER_SECURE_ID values are never included in attestation
extensions because they have no meaning off-device, but they may be
needed as part of the import of a wrapped key.

Test: TreeHugger, comment change only
Bug: 244693617
Change-Id: Iaa941e120e3641a6e6c369b7c6a51f10b44df78a

security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl

diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index ae75579..4c2be89 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -158,12 +158,23 @@
      *     Failed                     (3),
      * }
      *
+     * -- Note that the AuthorizationList SEQUENCE is also used in IKeyMintDevice::importWrappedKey
+     * -- as a way of describing the authorizations associated with a key that is being securely
+     * -- imported.  As such, it includes the ability to describe tags that are only relevant for
+     * -- symmetric keys, and which will never appear in the attestation extension of an X.509
+     * -- certificate that holds the public key part of an asymmetric keypair. Importing a wrapped
+     * -- key also allows the use of Tag::USER_SECURE_ID, which is never included in an attestation
+     * -- extension because it has no meaning off-device.
+     *
      * AuthorizationList ::= SEQUENCE {
      *     purpose                    [1] EXPLICIT SET OF INTEGER OPTIONAL,
      *     algorithm                  [2] EXPLICIT INTEGER OPTIONAL,
      *     keySize                    [3] EXPLICIT INTEGER OPTIONAL,
+     *     blockMode                  [4] EXPLICIT SET OF INTEGER OPTIONAL, -- symmetric only
      *     digest                     [5] EXPLICIT SET OF INTEGER OPTIONAL,
      *     padding                    [6] EXPLICIT SET OF INTEGER OPTIONAL,
+     *     callerNonce                [7] EXPLICIT NULL OPTIONAL, -- symmetric only
+     *     minMacLength               [8] EXPLICIT INTEGER OPTIONAL, -- symmetric only
      *     ecCurve                    [10] EXPLICIT INTEGER OPTIONAL,
      *     rsaPublicExponent          [200] EXPLICIT INTEGER OPTIONAL,
      *     mgfDigest                  [203] EXPLICIT SET OF INTEGER OPTIONAL,
@@ -173,6 +184,7 @@
      *     originationExpireDateTime  [401] EXPLICIT INTEGER OPTIONAL,
      *     usageExpireDateTime        [402] EXPLICIT INTEGER OPTIONAL,
      *     usageCountLimit            [405] EXPLICIT INTEGER OPTIONAL,
+     *     userSecureId               [502] EXPLICIT INTEGER OPTIONAL, -- only used on import
      *     noAuthRequired             [503] EXPLICIT NULL OPTIONAL,
      *     userAuthType               [504] EXPLICIT INTEGER OPTIONAL,
      *     authTimeout                [505] EXPLICIT INTEGER OPTIONAL,