Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 637259c81fa4e8419c07c4e9125c846c54c2c682^! / .
commit637259c81fa4e8419c07c4e9125c846c54c2c682[log] [tgz]
authorEran Messeri <eranm@google.com>Mon Oct 31 12:23:36 2022 +0000
committerEran Messeri <eranm@google.com>Mon Dec 05 13:18:01 2022 +0000
treeaa62f16f022f4c69d4023de9aa23114a75113480
parent4d6fb44a088dcff9fb8dd956fe0bf72c0bfd2a66 [diff]
ID attestation: Pass 2nd IMEI to KeyMint

Pass the 2nd IMEI tag, if provided, to KeyMint.

Bug: 244732345
Test: atest android.keystore.cts.DeviceOwnerKeyManagementTest
Change-Id: I52aea1ba59c4337ba0003784abfc178ab0efee55

diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index dbdb4e6..62fd579 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs

@@ -5335,6 +5335,10 @@
                 SecurityLevel::TRUSTED_ENVIRONMENT,
             ),
             KeyParameter::new(
+                KeyParameterValue::AttestationIdSecondIMEI(vec![4u8, 3u8, 1u8, 2u8]),
+                SecurityLevel::TRUSTED_ENVIRONMENT,
+            ),
+            KeyParameter::new(
                 KeyParameterValue::AttestationIdMEID(vec![4u8, 3u8, 1u8, 2u8]),
                 SecurityLevel::TRUSTED_ENVIRONMENT,
             ),

diff --git a/keystore2/src/key_parameter.rs b/keystore2/src/key_parameter.rs
index 9854974..b3dcf45 100644
--- a/keystore2/src/key_parameter.rs
+++ b/keystore2/src/key_parameter.rs

@@ -966,9 +966,12 @@
     /// Provides the device's serial number, to attestKey()
     #[key_param(tag = ATTESTATION_ID_SERIAL, field = Blob)]
     AttestationIdSerial(Vec<u8>),
-    /// Provides the IMEIs for all radios on the device, to attestKey()
+    /// Provides the primary IMEI for the device, to attestKey()
     #[key_param(tag = ATTESTATION_ID_IMEI, field = Blob)]
     AttestationIdIMEI(Vec<u8>),
+    /// Provides a second IMEI for the device, to attestKey()
+    #[key_param(tag = ATTESTATION_ID_SECOND_IMEI, field = Blob)]
+    AttestationIdSecondIMEI(Vec<u8>),
     /// Provides the MEIDs for all radios on the device, to attestKey()
     #[key_param(tag = ATTESTATION_ID_MEID, field = Blob)]
     AttestationIdMEID(Vec<u8>),

diff --git a/keystore2/src/raw_device.rs b/keystore2/src/raw_device.rs
index d32d210..fa9872a 100644
--- a/keystore2/src/raw_device.rs
+++ b/keystore2/src/raw_device.rs

@@ -63,6 +63,8 @@
     pub const KEY_MINT_V1: i32 = 100;
     /// Version number of KeyMintDevice@V2
     pub const KEY_MINT_V2: i32 = 200;
+    /// Version number of KeyMintDevice@V3
+    pub const KEY_MINT_V3: i32 = 300;
 
     /// Get a [`KeyMintDevice`] for the given [`SecurityLevel`]
     pub fn get(security_level: SecurityLevel) -> Result<KeyMintDevice> {

diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index fcfa979..75d98e2 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs

@@ -104,6 +104,7 @@
             | Tag::ATTESTATION_ID_MEID
             | Tag::ATTESTATION_ID_SERIAL
             | Tag::DEVICE_UNIQUE_ATTESTATION
+            | Tag::ATTESTATION_ID_SECOND_IMEI
     )
 }