Improve UNIQUE_ID generation
- Remove unused generate_unique_id() function.
- Fix unique ID generation code to use ATTESTATION_APPLICATION_ID
rather than APPLICATION_ID.
- Add km_openssl helper functions to build a UNIQUE_ID value from the
inputs and an HBK value for the HMAC-SHA256 function.
- Treat Tag::INCLUDE_UNIQUE_ID as a key generation parameter, similar
to the various ATTESTATION_ID_* tags.
Individual KeyMint implementations still need to provide an
implementation of AttestationContext::GenerateUniqueId(), but that
implementation can be a one-line invocation of
keymaster::generate_unique_id() using a suitable HBK.
Bug: 202487002
Test: VtsAidlKeyMintTargetTest
Change-Id: I3eb8cf22cf52a6d5c7a085ae497500800ecd5438
diff --git a/ng/AndroidKeyMintDevice.cpp b/ng/AndroidKeyMintDevice.cpp
index f511c3f..89201bd 100644
--- a/ng/AndroidKeyMintDevice.cpp
+++ b/ng/AndroidKeyMintDevice.cpp
@@ -121,6 +121,7 @@
case KM_TAG_CONFIRMATION_TOKEN:
case KM_TAG_DEVICE_UNIQUE_ATTESTATION:
case KM_TAG_IDENTITY_CREDENTIAL_KEY:
+ case KM_TAG_INCLUDE_UNIQUE_ID:
case KM_TAG_MAC_LENGTH:
case KM_TAG_NONCE:
case KM_TAG_RESET_SINCE_ID_ROTATION:
@@ -140,7 +141,6 @@
case KM_TAG_EARLY_BOOT_ONLY:
case KM_TAG_EC_CURVE:
case KM_TAG_EXPORTABLE:
- case KM_TAG_INCLUDE_UNIQUE_ID:
case KM_TAG_KEY_SIZE:
case KM_TAG_MAX_USES_PER_BOOT:
case KM_TAG_MIN_MAC_LENGTH: