commit 241450c84276dd421eebecd2f2059b1648aa4a84
author Eran Messeri <eranm@google.com> Thu Dec 21 20:58:41 2017 +0000
committer Eran Messeri <eranm@google.com> Wed Dec 27 14:55:36 2017 +0000
tree 81052452e029a02be16e63037a8c1dffc68f9dde
parent 4b18d65b1d061288081ff8c31a7194816484941a

KeyChain: Support Device ID attestation

Support inclusion of Device identifiers in the key attestation request.
Since Device ID attestation is already implemented in AttestationUtils,
all that is needed is to get the right Keystore parameters from this
class if any of the Device identifiers are requested by the caller.

Bug: 63388672
Test: cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement
Change-Id: If75a9ce2d6199e9d9c5e818eb04bc303750d14b3

src/com/android/keychain/KeyChainService.java

diff --git a/src/com/android/keychain/KeyChainService.java b/src/com/android/keychain/KeyChainService.java
index 3f695fe..4ce8378 100644
--- a/src/com/android/keychain/KeyChainService.java
+++ b/src/com/android/keychain/KeyChainService.java
@@ -39,6 +39,8 @@
 import android.security.keymaster.KeymasterCertificateChain;
 import android.security.keymaster.KeymasterDefs;
 import android.security.KeyStore;
+import android.security.keystore.AttestationUtils;
+import android.security.keystore.DeviceIdAttestationException;
 import android.security.keystore.KeyGenParameterSpec;
 import android.security.keystore.ParcelableKeyGenParameterSpec;
 import android.text.TextUtils;
@@ -89,6 +91,7 @@
         private final KeyStore mKeyStore = KeyStore.getInstance();
         private final TrustedCertificateStore mTrustedCertificateStore
                 = new TrustedCertificateStore();
+        private final Context mContext = KeyChainService.this;
 
         @Override
         public String requestPrivateKey(String alias) {
@@ -163,6 +166,7 @@
 
         @Override public boolean attestKey(
                 String alias, byte[] attestationChallenge,
+                int[] idAttestationFlags,
                 KeymasterCertificateChain attestationChain) {
             checkSystemCaller();
             validateAlias(alias);
@@ -172,8 +176,14 @@
                 return false;
             }
 
-            KeymasterArguments attestArgs = new KeymasterArguments();
-            attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_CHALLENGE, attestationChallenge);
+            final KeymasterArguments attestArgs;
+            try {
+                attestArgs = AttestationUtils.prepareAttestationArguments(
+                        mContext, idAttestationFlags, attestationChallenge);
+            } catch (DeviceIdAttestationException e) {
+                Log.e(TAG, "Failed collecting attestation data", e);
+                return false;
+            }
             final String keystoreAlias = Credentials.USER_PRIVATE_KEY + alias;
             final int errorCode = mKeyStore.attestKey(keystoreAlias, attestArgs, attestationChain);
             return errorCode == KeyStore.NO_ERROR;