Add device id attestation

This adds device id attestation to KeyStoreService. The service
validates that the user holds the required permissions before
allowing attestation to proceed.

Bug: 34597337
Test: CTS CtsKeystoreTestCases and GTS DeviceIdAttestationHostTest

Change-Id: I6ff6146fad4656b8e1367650de922124b3d7f7b2
diff --git a/keystore/legacy_keymaster_device_wrapper.cpp b/keystore/legacy_keymaster_device_wrapper.cpp
index 9e36ae6..440eb50 100644
--- a/keystore/legacy_keymaster_device_wrapper.cpp
+++ b/keystore/legacy_keymaster_device_wrapper.cpp
@@ -348,6 +348,24 @@
 
     hidl_vec<hidl_vec<uint8_t>> resultCertChain;
 
+    for (size_t i = 0; i < attestParams.size(); ++i) {
+        switch (attestParams[i].tag) {
+            case Tag::ATTESTATION_ID_BRAND:
+            case Tag::ATTESTATION_ID_DEVICE:
+            case Tag::ATTESTATION_ID_PRODUCT:
+            case Tag::ATTESTATION_ID_SERIAL:
+            case Tag::ATTESTATION_ID_IMEI:
+            case Tag::ATTESTATION_ID_MEID:
+                // Device id attestation may only be supported if the device is able to permanently
+                // destroy its knowledge of the ids. This device is unable to do this, so it must
+                // never perform any device id attestation.
+                _hidl_cb(ErrorCode::CANNOT_ATTEST_IDS, resultCertChain);
+                return Void();
+            default:
+                break;
+        }
+    }
+
     keymaster_cert_chain_t cert_chain = {};
 
     auto kmKeyToAttest = hidlVec2KmKeyBlob(keyToAttest);
@@ -404,6 +422,10 @@
     return legacy_enum_conversion(keymaster_device_->delete_all_keys(keymaster_device_));
 }
 
+Return<ErrorCode> LegacyKeymasterDeviceWrapper::destroyAttestationIds() {
+    return ErrorCode::UNIMPLEMENTED;
+}
+
 Return<void> LegacyKeymasterDeviceWrapper::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
                                                  const hidl_vec<KeyParameter>& inParams,
                                                  begin_cb _hidl_cb) {