android · copybara-service · Jul 31, 2025
diff --git a/src/main/kotlin/Extension.kt b/src/main/kotlin/Extension.kt
@@ -133,8 +133,8 @@ data class DeviceIdentity(
 data class KeyDescription(
   val attestationVersion: BigInteger,
   val attestationSecurityLevel: SecurityLevel,
-  val keymasterVersion: BigInteger,
-  val keymasterSecurityLevel: SecurityLevel,
+  val keyMintVersion: BigInteger,
+  val keyMintSecurityLevel: SecurityLevel,
   val attestationChallenge: ByteString,
   val uniqueId: ByteString,
   val softwareEnforced: AuthorizationList,
@@ -148,8 +148,8 @@ data class KeyDescription(
     buildList {
         add(attestationVersion.toAsn1())
         add(attestationSecurityLevel.toAsn1())
-        add(keymasterVersion.toAsn1())
-        add(keymasterSecurityLevel.toAsn1())
+        add(keyMintVersion.toAsn1())
+        add(keyMintSecurityLevel.toAsn1())
         add(attestationChallenge.toAsn1())
         add(uniqueId.toAsn1())
         add(softwareEnforced.toAsn1())
@@ -185,8 +185,8 @@ data class KeyDescription(
       return KeyDescription(
         attestationVersion = seq.getObjectAt(0).toInt(),
         attestationSecurityLevel = seq.getObjectAt(1).toSecurityLevel(),
-        keymasterVersion = seq.getObjectAt(2).toInt(),
-        keymasterSecurityLevel = seq.getObjectAt(3).toSecurityLevel(),
+        keyMintVersion = seq.getObjectAt(2).toInt(),
+        keyMintSecurityLevel = seq.getObjectAt(3).toSecurityLevel(),
         attestationChallenge = seq.getObjectAt(4).toByteString(),
         uniqueId = seq.getObjectAt(5).toByteString(),
         softwareEnforced = seq.getObjectAt(6).toAuthorizationList(),

diff --git a/src/main/kotlin/Verifier.kt b/src/main/kotlin/Verifier.kt
@@ -130,11 +130,11 @@ open class Verifier(
     }
 
     val securityLevel =
-      if (keyDescription.attestationSecurityLevel == keyDescription.keymasterSecurityLevel) {
+      if (keyDescription.attestationSecurityLevel == keyDescription.keyMintSecurityLevel) {
         keyDescription.attestationSecurityLevel
       } else {
         return VerificationResult.ExtensionConstraintViolation(
-          "attestationSecurityLevel != keymasterSecurityLevel: ${keyDescription.attestationSecurityLevel} != ${keyDescription.keymasterSecurityLevel}"
+          "attestationSecurityLevel != keyMintSecurityLevel: ${keyDescription.attestationSecurityLevel} != ${keyDescription.keyMintSecurityLevel}"
         )
       }
     val rootOfTrust =

diff --git a/src/main/kotlin/testing/KeyAttestationCertFactory.kt b/src/main/kotlin/testing/KeyAttestationCertFactory.kt
@@ -125,8 +125,8 @@ internal class KeyAttestationCertFactory(val fakeCalendar: FakeCalendar = FakeCa
     KeyDescription(
         attestationVersion = 1.toBigInteger(),
         attestationSecurityLevel = SecurityLevel.TRUSTED_ENVIRONMENT,
-        keymasterVersion = 1.toBigInteger(),
-        keymasterSecurityLevel = SecurityLevel.TRUSTED_ENVIRONMENT,
+        keyMintVersion = 1.toBigInteger(),
+        keyMintSecurityLevel = SecurityLevel.TRUSTED_ENVIRONMENT,
         attestationChallenge = ByteString.copyFromUtf8("A random 40-byte challenge for no reason"),
         uniqueId = ByteString.empty(),
         softwareEnforced = AuthorizationList(),

diff --git a/src/test/kotlin/ExtensionTest.kt b/src/test/kotlin/ExtensionTest.kt
@@ -85,7 +85,7 @@ class ExtensionTest {
   @Ignore("TODO: b/356172932 - Reenable test once enabling tag order validator is configurable.")
   fun parseFrom_tagsNotInAscendingOrder_Throws() {
     assertFailsWith<IllegalArgumentException> {
-      readCertPath("invalid/tags_not_in_accending_order.pem").leafCert().keyDescription()
+      readCertPath("invalid/tags_not_in_ascending_order.pem").leafCert().keyDescription()
     }
   }
 
@@ -147,8 +147,8 @@ class ExtensionTest {
       KeyDescription(
         attestationVersion = 1.toBigInteger(),
         attestationSecurityLevel = SecurityLevel.SOFTWARE,
-        keymasterVersion = 1.toBigInteger(),
-        keymasterSecurityLevel = SecurityLevel.SOFTWARE,
+        keyMintVersion = 1.toBigInteger(),
+        keyMintSecurityLevel = SecurityLevel.SOFTWARE,
         attestationChallenge = ByteString.empty(),
         uniqueId = ByteString.empty(),
         softwareEnforced = authorizationList,

diff --git a/testdata/akita/sdk34/SB_RSA_NONE.json b/testdata/akita/sdk34/SB_RSA_NONE.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "300",
   "attestationSecurityLevel": "STRONG_BOX",
-  "keymasterVersion": "300",
-  "keymasterSecurityLevel": "STRONG_BOX",
+  "keyMintVersion": "300",
+  "keyMintSecurityLevel": "STRONG_BOX",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/akita/sdk34/TEE_EC_NONE.json b/testdata/akita/sdk34/TEE_EC_NONE.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "300",
   "attestationSecurityLevel": "TRUSTED_ENVIRONMENT",
-  "keymasterVersion": "300",
-  "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT",
+  "keyMintVersion": "300",
+  "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/akita/sdk34/TEE_RSA_BASE+IMEI.json b/testdata/akita/sdk34/TEE_RSA_BASE+IMEI.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "300",
   "attestationSecurityLevel": "TRUSTED_ENVIRONMENT",
-  "keymasterVersion": "300",
-  "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT",
+  "keyMintVersion": "300",
+  "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/akita/sdk34/TEE_RSA_NONE.json b/testdata/akita/sdk34/TEE_RSA_NONE.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "300",
   "attestationSecurityLevel": "TRUSTED_ENVIRONMENT",
-  "keymasterVersion": "300",
-  "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT",
+  "keyMintVersion": "300",
+  "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/akita/sdk34/TEE_RSA_NONE_USERAUTH.json b/testdata/akita/sdk34/TEE_RSA_NONE_USERAUTH.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "300",
   "attestationSecurityLevel": "TRUSTED_ENVIRONMENT",
-  "keymasterVersion": "300",
-  "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT",
+  "keyMintVersion": "300",
+  "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/blueline/sdk28/SB_RSA_NONE.json b/testdata/blueline/sdk28/SB_RSA_NONE.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "3",
   "attestationSecurityLevel": "STRONG_BOX",
-  "keymasterVersion": "4",
-  "keymasterSecurityLevel": "STRONG_BOX",
+  "keyMintVersion": "4",
+  "keyMintSecurityLevel": "STRONG_BOX",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/blueline/sdk28/SB_RSA_NONE_USERAUTH.json b/testdata/blueline/sdk28/SB_RSA_NONE_USERAUTH.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "3",
   "attestationSecurityLevel": "STRONG_BOX",
-  "keymasterVersion": "4",
-  "keymasterSecurityLevel": "STRONG_BOX",
+  "keyMintVersion": "4",
+  "keyMintSecurityLevel": "STRONG_BOX",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/blueline/sdk28/TEE_EC_NONE.json b/testdata/blueline/sdk28/TEE_EC_NONE.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "3",
   "attestationSecurityLevel": "TRUSTED_ENVIRONMENT",
-  "keymasterVersion": "4",
-  "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT",
+  "keyMintVersion": "4",
+  "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/blueline/sdk28/TEE_RSA_BASE+IMEI.json b/testdata/blueline/sdk28/TEE_RSA_BASE+IMEI.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "3",
   "attestationSecurityLevel": "TRUSTED_ENVIRONMENT",
-  "keymasterVersion": "4",
-  "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT",
+  "keyMintVersion": "4",
+  "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/blueline/sdk28/TEE_RSA_NONE.json b/testdata/blueline/sdk28/TEE_RSA_NONE.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "3",
   "attestationSecurityLevel": "TRUSTED_ENVIRONMENT",
-  "keymasterVersion": "4",
-  "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT",
+  "keyMintVersion": "4",
+  "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/...a/invalid/tags_not_in_accending_order.pem → ...a/invalid/tags_not_in_ascending_order.pem b/...a/invalid/tags_not_in_accending_order.pem → ...a/invalid/tags_not_in_ascending_order.pem
diff --git a/testdata/marlin/sdk29/TEE_EC_NONE.json b/testdata/marlin/sdk29/TEE_EC_NONE.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "2",
   "attestationSecurityLevel": "SOFTWARE",
-  "keymasterVersion": "1",
-  "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT",
+  "keyMintVersion": "1",
+  "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {

diff --git a/testdata/marlin/sdk29/TEE_RSA_NONE.json b/testdata/marlin/sdk29/TEE_RSA_NONE.json
@@ -1,8 +1,8 @@
 {
   "attestationVersion": "2",
   "attestationSecurityLevel": "SOFTWARE",
-  "keymasterVersion": "1",
-  "keymasterSecurityLevel": "TRUSTED_ENVIRONMENT",
+  "keyMintVersion": "1",
+  "keyMintSecurityLevel": "TRUSTED_ENVIRONMENT",
   "attestationChallenge": "Y2hhbGxlbmdl",
   "uniqueId": "",
   "softwareEnforced": {