2nd IMEI attestation may be used independently.

The tag for the 2nd IMEI must denote an IMEI different to the tag used for the first IMEI, and may be used independently of it. Bug: 264979486 Test: run vts -m VtsAidlKeyMintTarget Change-Id: I3b03bbf1e6d0fb3e08de0b68b05dec250d5c51c4
author: Subrahmanya Manikanta Venkateswarlu Bhamidipati Kameswara Sri <subrahmanyaman@google.com> 2024-03-06 23:45:10 +0000
committer: Subrahmanya Manikanta Venkateswarlu Bhamidipati Kameswara Sri <subrahmanyaman@google.com> 2024-03-06 23:45:10 +0000
commit: 86e11ea3b714b78da4ba7acea16bf2b52734a201 (patch)
tree: 22850b2a3074e82b559ffaa28814f4fd0b2cfc6c
parent: 2765610a0c354d4538abf517fbc71c36ebb4383f (diff)
download: libese-86e11ea3b714b78da4ba7acea16bf2b52734a201.tar.gz
1 files changed, 0 insertions, 22 deletions
diff --git a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
index 78ea201..a05798c 100644
--- a/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
+++ b/ready_se/google/keymint/KM300/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java
@@ -4202,17 +4202,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
 
     data[CERTIFICATE] = KMArray.instance((short) 0); // by default the cert is empty.
     data[ORIGIN] = KMType.IMPORTED;
-    // ID_IMEI should be present if ID_SECOND_IMEI is present
-    short attIdTag =
-        KMKeyParameters.findTag(
-            KMType.BYTES_TAG, KMType.ATTESTATION_ID_SECOND_IMEI, data[KEY_PARAMETERS]);
-    if (attIdTag != KMType.INVALID_VALUE) {
-      KMTag.assertPresence(
-          data[KEY_PARAMETERS],
-          KMType.BYTES_TAG,
-          KMType.ATTESTATION_ID_IMEI,
-          KMError.CANNOT_ATTEST_IDS);
-    }
     importKey(apdu, keyFmt, scratchPad);
   }
 
@@ -4690,17 +4679,6 @@ public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLe
       KMException.throwIt(KMError.UNSUPPORTED_TAG);
     }
 
-    // ID_IMEI should be present if ID_SECOND_IMEI is present
-    short attIdTag =
-        KMKeyParameters.findTag(
-            KMType.BYTES_TAG, KMType.ATTESTATION_ID_SECOND_IMEI, data[KEY_PARAMETERS]);
-    if (attIdTag != KMType.INVALID_VALUE) {
-      KMTag.assertPresence(
-          data[KEY_PARAMETERS],
-          KMType.BYTES_TAG,
-          KMType.ATTESTATION_ID_IMEI,
-          KMError.CANNOT_ATTEST_IDS);
-    }
 
     short attKeyPurpose =
         KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PURPOSE, data[KEY_PARAMETERS]);
author	Subrahmanya Manikanta Venkateswarlu Bhamidipati Kameswara Sri <subrahmanyaman@google.com>	2024-03-06 23:45:10 +0000
committer	Subrahmanya Manikanta Venkateswarlu Bhamidipati Kameswara Sri <subrahmanyaman@google.com>	2024-03-06 23:45:10 +0000
commit	86e11ea3b714b78da4ba7acea16bf2b52734a201 (patch)
tree	22850b2a3074e82b559ffaa28814f4fd0b2cfc6c
parent	2765610a0c354d4538abf517fbc71c36ebb4383f (diff)
download	libese-86e11ea3b714b78da4ba7acea16bf2b52734a201.tar.gz