Add device id attestation This adds device id attestation to KeyStoreService. The service validates that the user holds the required permissions before allowing attestation to proceed. Bug: 34597337 Test: CTS CtsKeystoreTestCases and GTS DeviceIdAttestationHostTest Change-Id: I6ff6146fad4656b8e1367650de922124b3d7f7b2

commit: a9452d92ca705108dcb61545024348f3c24a62aa [log] [tgz]
author: Bartosz Fabianowski <bartfab@google.com> Mon Jan 23 22:21:11 2017 +0100
committer: Bartosz Fabianowski <bartfab@google.com> Wed Jan 25 03:55:15 2017 +0100
tree: 399928f023b4be331a673a172c6e1a9c97a10235
parent: 25daf8b2d66c412d7a7821e947fe77c7b596c8bd [diff] [blame]
diff --git a/keystore/keymaster_enforcement.cpp b/keystore/keymaster_enforcement.cpp
index 117f048..8333860 100644
--- a/keystore/keymaster_enforcement.cpp
+++ b/keystore/keymaster_enforcement.cpp

@@ -289,6 +289,12 @@
         case Tag::APPLICATION_DATA:
         case Tag::ATTESTATION_CHALLENGE:
         case Tag::ATTESTATION_APPLICATION_ID:
+        case Tag::ATTESTATION_ID_BRAND:
+        case Tag::ATTESTATION_ID_DEVICE:
+        case Tag::ATTESTATION_ID_PRODUCT:
+        case Tag::ATTESTATION_ID_SERIAL:
+        case Tag::ATTESTATION_ID_IMEI:
+        case Tag::ATTESTATION_ID_MEID:
             return ErrorCode::INVALID_KEY_BLOB;
 
         /* Tags used for cryptographic parameters in keygen.  Nothing to enforce. */
commit	a9452d92ca705108dcb61545024348f3c24a62aa	[log] [tgz]
author	Bartosz Fabianowski <bartfab@google.com>	Mon Jan 23 22:21:11 2017 +0100
committer	Bartosz Fabianowski <bartfab@google.com>	Wed Jan 25 03:55:15 2017 +0100
tree	399928f023b4be331a673a172c6e1a9c97a10235
parent	25daf8b2d66c412d7a7821e947fe77c7b596c8bd [diff] [blame]