diff options
| author | Eran Messeri <eranm@google.com> | 2017-12-11 17:48:47 +0000 |
|---|---|---|
| committer | Eran Messeri <eranm@google.com> | 2017-12-14 18:09:05 +0000 |
| commit | a173064047d304837d907b9b39ece5c14adf2b25 (patch) | |
| tree | 6b8716f7f503e84cb257b3154bf5cdded48e43f9 /keystore/tests/src/android/security/ParcelableKeyGenParameterSpecTest.java | |
| parent | 7d6688f35e37a96579db8ae2342eda3239a92c3c (diff) | |
DevicePolicyManager: Support attestation for generated keys.
If the KeyGenParameterSpec passed into
DevicePolicyManager.generateKeyPair contains an attestation challenge,
request an attestation record for the newly-generated key with the
challenge provided.
This particular implementation was chosen, rather than letting the
attestation record be generated at the same time as key generation, to
avoid having the attestation chain stored in Keystore and associated
with the generated alias.
The rationale is that this is a key that is potentially accessible by
multiple applications and the attestation chain may end up being sent
as a TLS client certificate chain, for example.
As the attestation challenge should be unique per device, to avoid
the potential of sending / sharing unique device information, by
explicitly requesting an attestation record after key generation, the
attestation record is only returned to the generateKeyPair client and
not persistend in Keystore.
Bug: 63388672
Test: New CTS test to be run with: 'cts-tradefed run commandAndExit cts-dev -a armeabi-v7a -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.DeviceOwnerTest#testKeyManagement -l DEBUG'
Change-Id: I95a9aef179173b571b533301ac438c675e8fe702
Diffstat (limited to 'keystore/tests/src/android/security/ParcelableKeyGenParameterSpecTest.java')
| -rw-r--r-- | keystore/tests/src/android/security/ParcelableKeyGenParameterSpecTest.java | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/keystore/tests/src/android/security/ParcelableKeyGenParameterSpecTest.java b/keystore/tests/src/android/security/ParcelableKeyGenParameterSpecTest.java index 73b489f98e1d..254b6be77ea8 100644 --- a/keystore/tests/src/android/security/ParcelableKeyGenParameterSpecTest.java +++ b/keystore/tests/src/android/security/ParcelableKeyGenParameterSpecTest.java @@ -55,7 +55,7 @@ public final class ParcelableKeyGenParameterSpecTest { static final int USER_AUTHENTICATION_DURATION = 300; static final byte[] ATTESTATION_CHALLENGE = new byte[] {'c', 'h'}; - KeyGenParameterSpec configureDefaultSpec() { + public static KeyGenParameterSpec configureDefaultSpec() { return new KeyGenParameterSpec.Builder(ALIAS, KEY_PURPOSES) .setUid(UID) .setKeySize(KEYSIZE) @@ -80,7 +80,7 @@ public final class ParcelableKeyGenParameterSpecTest { .build(); } - void validateSpecValues(KeyGenParameterSpec spec, int uid, String alias) { + public static void validateSpecValues(KeyGenParameterSpec spec, int uid, String alias) { assertThat(spec.getKeystoreAlias(), is(alias)); assertThat(spec.getPurposes(), is(KEY_PURPOSES)); assertThat(spec.getUid(), is(uid)); |