KeyChain: Implement key attestation
Support attestation of keys owned by KeyChain by requesting an
attestation record from Keystore.
As key attestation is supported by requesting key attestation separately
of key generation, make sure a generation request with attestation
challenge is not handled.
Even though technically any service running as the system context could
request attestation for these keys, it is implemented in KeyChain to
avoid leaking implementation details (like the key prefix when stored in
Keystore) outside of KeyChain.
Bug: 63388672
Test: See cts tests
Change-Id: I7b893b77c67f0df3b1bad62f788ebf5b50dbcd27
1 file changed