commit da0b04ce83d87366100cefb3d5ae0c54990a7eea
author David Drysdale <drysdale@google.com> Thu Nov 07 13:35:43 2024 +0000
committer David Drysdale <drysdale@google.com> Tue Nov 12 15:50:35 2024 +0000
tree e2e15eb12e48f2ad1a24462443ea759527ee16da
parent d65b3820b584e61f048849f0568b45cb3ac0c67f

KeyMint VTS tests for module hash feature

Test: VtsAidlKeyMintTargetTest
Bug: 369375199
Bug: 373446864
Bug: 373446999
Bug: 360941058
Change-Id: Iaca508f39be4d76d07ae4f7cf6e640466af78ae4

security/keymint/support/Android.bp

diff --git a/security/keymint/support/Android.bp b/security/keymint/support/Android.bp
index f313cf3..a334244 100644
--- a/security/keymint/support/Android.bp
+++ b/security/keymint/support/Android.bp
@@ -30,6 +30,7 @@
         "-Wall",
         "-Wextra",
         "-Werror",
+        "-DKEYMINT_HAL_V4",
     ],
     srcs: [
         "attestation_record.cpp",

security/keymint/support/attestation_record.cpp

diff --git a/security/keymint/support/attestation_record.cpp b/security/keymint/support/attestation_record.cpp
index 5a26611..d2cbf88 100644
--- a/security/keymint/support/attestation_record.cpp
+++ b/security/keymint/support/attestation_record.cpp
@@ -106,6 +106,7 @@
     ASN1_NULL* device_unique_attestation;
     ASN1_NULL* identity_credential;
     ASN1_OCTET_STRING* attestation_id_second_imei;
+    ASN1_OCTET_STRING* module_hash;
 } KM_AUTH_LIST;
 
 ASN1_SEQUENCE(KM_AUTH_LIST) = {
@@ -173,6 +174,7 @@
                      TAG_IDENTITY_CREDENTIAL_KEY.maskedTag()),
         ASN1_EXP_OPT(KM_AUTH_LIST, attestation_id_second_imei, ASN1_OCTET_STRING,
                      TAG_ATTESTATION_ID_SECOND_IMEI.maskedTag()),
+        ASN1_EXP_OPT(KM_AUTH_LIST, module_hash, ASN1_OCTET_STRING, TAG_MODULE_HASH.maskedTag()),
 } ASN1_SEQUENCE_END(KM_AUTH_LIST);
 IMPLEMENT_ASN1_FUNCTIONS(KM_AUTH_LIST);
 
@@ -327,6 +329,7 @@
     copyAuthTag(record->device_unique_attestation, TAG_DEVICE_UNIQUE_ATTESTATION, auth_list);
     copyAuthTag(record->identity_credential, TAG_IDENTITY_CREDENTIAL_KEY, auth_list);
     copyAuthTag(record->attestation_id_second_imei, TAG_ATTESTATION_ID_SECOND_IMEI, auth_list);
+    copyAuthTag(record->module_hash, TAG_MODULE_HASH, auth_list);
 
     return ErrorCode::OK;
 }

security/keymint/support/include/keymint_support/keymint_tags.h

diff --git a/security/keymint/support/include/keymint_support/keymint_tags.h b/security/keymint/support/include/keymint_support/keymint_tags.h
index 823899a..89c9c0b 100644
--- a/security/keymint/support/include/keymint_support/keymint_tags.h
+++ b/security/keymint/support/include/keymint_support/keymint_tags.h
@@ -103,6 +103,15 @@
 DECLARE_TYPED_TAG(MAX_USES_PER_BOOT);
 DECLARE_TYPED_TAG(MIN_MAC_LENGTH);
 DECLARE_TYPED_TAG(MIN_SECONDS_BETWEEN_OPS);
+// TODO: remove special case macro once v4 HAL is frozen
+#ifdef KEYMINT_HAL_V4
+DECLARE_TYPED_TAG(MODULE_HASH);
+#else
+// When building for previous frozen HAL, the `Tag::MODULE_NAME` constant is not available.
+static const Tag Tag_MODULE_HASH = static_cast<Tag>(-1879047468);
+typedef typename Tag2TypedTag<Tag_MODULE_HASH>::type TAG_MODULE_HASH_t;
+static TAG_MODULE_HASH_t TAG_MODULE_HASH;
+#endif
 DECLARE_TYPED_TAG(NONCE);
 DECLARE_TYPED_TAG(NO_AUTH_REQUIRED);
 DECLARE_TYPED_TAG(ORIGIN);