From 4594638a486288a046f377fc8ff60bbabe5ef393 Mon Sep 17 00:00:00 2001 From: Eran Messeri Date: Mon, 31 Oct 2022 12:21:06 +0000 Subject: ID attestation: Pass second IMEIs to Keystore To support attestation of a second IMEI, when ID attestation (with IMEI) is requested, pass in the 2nd IMEI as a SECOND_IMEI KeyMint tag. Bug: 244732345 Test: atest android.keystore.cts.DeviceOwnerKeyManagementTest Change-Id: I19a3733746fa6a35c6225f0c60fd9f4b51a62ab1 --- .../security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'keystore/java') diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java index acc0005154b4..afec8304716f 100644 --- a/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java +++ b/keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java @@ -52,6 +52,7 @@ import android.system.keystore2.KeyEntryResponse; import android.system.keystore2.KeyMetadata; import android.system.keystore2.ResponseCode; import android.telephony.TelephonyManager; +import android.text.TextUtils; import android.util.ArraySet; import android.util.Log; @@ -856,6 +857,13 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato KeymasterDefs.KM_TAG_ATTESTATION_ID_IMEI, imei.getBytes(StandardCharsets.UTF_8) )); + final String secondImei = telephonyService.getImei(1); + if (!TextUtils.isEmpty(secondImei)) { + params.add(KeyStore2ParameterUtils.makeBytes( + KeymasterDefs.KM_TAG_ATTESTATION_ID_SECOND_IMEI, + secondImei.getBytes(StandardCharsets.UTF_8) + )); + } break; } case AttestationUtils.ID_TYPE_MEID: { -- cgit v1.2.3-59-g8ed1b