Add manufacturer and model to device ID attestation

Discussions have shown that in addition to brand, device and product,
we should also allow devices to attest their manufacturer and model.

Bug: 36433192
Test: GTS com.google.android.gts.security.DeviceIdAttestationHostTest

Change-Id: Idd48929d6a0c9fe6656c6d2656e2c3f6f370a21e
diff --git a/core/java/android/security/keymaster/KeymasterDefs.java b/core/java/android/security/keymaster/KeymasterDefs.java
index ad8ad69..f409e5b 100644
--- a/core/java/android/security/keymaster/KeymasterDefs.java
+++ b/core/java/android/security/keymaster/KeymasterDefs.java
@@ -89,6 +89,8 @@
     public static final int KM_TAG_ATTESTATION_ID_SERIAL = KM_BYTES | 713;
     public static final int KM_TAG_ATTESTATION_ID_IMEI = KM_BYTES | 714;
     public static final int KM_TAG_ATTESTATION_ID_MEID = KM_BYTES | 715;
+    public static final int KM_TAG_ATTESTATION_ID_MANUFACTURER = KM_BYTES | 716;
+    public static final int KM_TAG_ATTESTATION_ID_MODEL = KM_BYTES | 717;
 
     public static final int KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000;
     public static final int KM_TAG_NONCE = KM_BYTES | 1001;
diff --git a/keystore/java/android/security/keystore/AttestationUtils.java b/keystore/java/android/security/keystore/AttestationUtils.java
index e36632a..2ec8d33 100644
--- a/keystore/java/android/security/keystore/AttestationUtils.java
+++ b/keystore/java/android/security/keystore/AttestationUtils.java
@@ -81,9 +81,9 @@
     /**
      * Performs attestation of the device's identifiers. This method returns a certificate chain
      * whose first element contains the requested device identifiers in an extension. The device's
-     * brand, device and product are always also included in the attestation. If the device supports
-     * attestation in secure hardware, the chain will be rooted at a trustworthy CA key. Otherwise,
-     * the chain will be rooted at an untrusted certificate. See
+     * manufacturer, model, brand, device and product are always also included in the attestation.
+     * If the device supports attestation in secure hardware, the chain will be rooted at a
+     * trustworthy CA key. Otherwise, the chain will be rooted at an untrusted certificate. See
      * <a href="https://developer.android.com/training/articles/security-key-attestation.html">
      * Key Attestation</a> for the format of the certificate extension.
      * <p>
@@ -169,6 +169,10 @@
                 Build.DEVICE.getBytes(StandardCharsets.UTF_8));
         attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_PRODUCT,
                 Build.PRODUCT.getBytes(StandardCharsets.UTF_8));
+        attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_MANUFACTURER,
+                Build.MANUFACTURER.getBytes(StandardCharsets.UTF_8));
+        attestArgs.addBytes(KeymasterDefs.KM_TAG_ATTESTATION_ID_MODEL,
+                Build.MODEL.getBytes(StandardCharsets.UTF_8));
 
         final KeyStore keyStore = KeyStore.getInstance();
         final String keyAlias = "android_internal_device_id_attestation-"