tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_hardware_interfaces/security
History
David Drysdale 7ea97a310a KeyMint HAL: reinstate tags in extension schema 
Commit 93c72cef92 ("KeyMint: sync all attestation tags",
http://aosp/1719302) removed various tags from the attestation that are
only applicable to symmetric keys, on the assumption that these are
irrelevant for the attestation extension that is generated for the
certificate holding asymmetric public keys.

However, that change did not take into account the fact that the
AuthorizationList ASN.1 schema is re-used elsewhere in the KeyMint API,
specifically as a way of describing the characteristics associated with
a key that is being securely imported via
IKeyMintDevice::importWrappedKey.

That import process may be used for symmetrics keys, and so the tags
that are specific to symmetric keys still need to be included in
AuthorizationList.

Similarly, USER_SECURE_ID values are never included in attestation
extensions because they have no meaning off-device, but they may be
needed as part of the import of a wrapped key.

Test: TreeHugger, comment change only
Bug: 244693617
Change-Id: Iaa941e120e3641a6e6c369b7c6a51f10b44df78a
2022-09-02 17:08:04 +01:00
..
dice/aidl Remove AIDL-libs from VNDK 2022-06-14 16:42:42 +09:00
keymint KeyMint HAL: reinstate tags in extension schema 2022-09-02 17:08:04 +01:00
secureclock/aidl Remove AIDL-libs from VNDK 2022-06-14 16:42:42 +09:00
sharedsecret/aidl Merge "KeyMint HALs: clarifications" 2022-06-27 12:01:14 +00:00
OWNERS Remove jdanis@ from OWNERS 2022-06-09 06:40:42 -06:00