Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-02 10:05:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge "KeyMint HAL: clarify ATTEST_KEY is like SIGN" am: afa73442b7 am: bbbc278300

Browse Source 
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2033928

Change-Id: Ibbab83f50f2f1956006341e68e9ffc57884444e6
This commit is contained in:
David Drysdale
2022-03-22 10:05:32 +00:00
committed by Automerger Merge Worker
parent 9cad82c4b7 bbbc278300
commit be65672ee4
1 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
View File

@@ -78,15 +78,16 @@ parcelable KeyCreationResult {
* provided, otherwise ATTESTATION_APPLICATION_ID_MISSING will be returned.
*
* 3. Asymmetric key non-attestation with signing key. If Tag::ATTESTATION_CHALLENGE is not
* provided and the generated/imported key has KeyPurpose::SIGN, then the returned
* certificate chain must contain only a single self-signed certificate with no attestation
* extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
* provided and the generated/imported key has KeyPurpose::SIGN or KeyPurpose::ATTEST_KEY,
* then the returned certificate chain must contain only a single self-signed certificate
* with no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
* provided.
*
* 4. Asymmetric key non-attestation with non-signing key. If TAG::ATTESTATION_CHALLENGE is
* not provided and the generated/imported key does not have KeyPurpose::SIGN, then the
* returned certificate chain must contain only a single certificate with an empty signature
* and no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
* provided.
* not provided and the generated/imported key does not have KeyPurpose::SIGN nor
* KeyPurpose::ATTEST_KEY, then the returned certificate chain must contain only a single
* certificate with an empty signature and no attestation extension.
* Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
*
* 5. Symmetric key. If the generated/imported key is symmetric, the certificate chain must
* return empty, any Tag::ATTESTATION_CHALLENGE or Tag::ATTESTATION_APPLICATION_ID inputs,