diff options
author | Shawn Willden <swillden@google.com> | 2021-05-21 08:50:19 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2021-05-26 05:55:32 -0600 |
commit | 0faf82f20f1e7a1d7ee85f1a9a7c89d57c59a0c5 (patch) | |
tree | d4f8862690c9b71e22730df462e4522f4e3a7a9f | |
parent | 75c01e67213316cc195cd6d8ba0824838d9da14c (diff) | |
download | keymaster-0faf82f20f1e7a1d7ee85f1a9a7c89d57c59a0c5.tar.gz |
Correct handling of notBefore and notAfter for KM4
Ignore-AOSP-First: No merge path from AOSP
Bug: 188897273
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I86afde4e61ebb308975b353498623da01f85ffb2
-rw-r--r-- | km_openssl/certificate_utils.cpp | 40 |
1 files changed, 31 insertions, 9 deletions
diff --git a/km_openssl/certificate_utils.cpp b/km_openssl/certificate_utils.cpp index 15792f3..d9419c8 100644 --- a/km_openssl/certificate_utils.cpp +++ b/km_openssl/certificate_utils.cpp @@ -126,18 +126,40 @@ keymaster_error_t get_certificate_params(const AuthorizationSet& caller_params, } cert_params->serial = move(serial); + cert_params->active_date_time = 0; + cert_params->expire_date_time = kUndefinedExpirationDateTime; + uint64_t tmp; - if (!caller_params.GetTagValue(TAG_CERTIFICATE_NOT_BEFORE, &tmp)) { - if (kmVersion >= KmVersion::KEYMINT_1) return KM_ERROR_MISSING_NOT_BEFORE; - cert_params->active_date_time = 0; - } - cert_params->active_date_time = static_cast<int64_t>(tmp); + switch (kmVersion) { + case KmVersion::KEYMASTER_1: + case KmVersion::KEYMASTER_1_1: + case KmVersion::KEYMASTER_2: + case KmVersion::KEYMASTER_3: + case KmVersion::KEYMASTER_4: + case KmVersion::KEYMASTER_4_1: + if (caller_params.GetTagValue(TAG_ACTIVE_DATETIME, &tmp)) { + LOG_D("Using TAG_ACTIVE_DATETIME: %lu", tmp); + cert_params->active_date_time = static_cast<int64_t>(tmp); + } + if (caller_params.GetTagValue(TAG_ORIGINATION_EXPIRE_DATETIME, &tmp)) { + LOG_D("Using TAG_ORIGINATION_EXPIRE_DATETIME: %lu", tmp); + cert_params->expire_date_time = static_cast<int64_t>(tmp); + } + break; - if (!caller_params.GetTagValue(TAG_CERTIFICATE_NOT_AFTER, &tmp)) { - if (kmVersion >= KmVersion::KEYMINT_1) return KM_ERROR_MISSING_NOT_AFTER; - cert_params->expire_date_time = kUndefinedExpirationDateTime; + case KmVersion::KEYMINT_1: + if (!caller_params.GetTagValue(TAG_CERTIFICATE_NOT_BEFORE, &tmp)) { + return KM_ERROR_MISSING_NOT_BEFORE; + } + LOG_D("Using TAG_CERTIFICATE_NOT_BEFORE: %lu", tmp); + cert_params->active_date_time = static_cast<int64_t>(tmp); + + if (!caller_params.GetTagValue(TAG_CERTIFICATE_NOT_AFTER, &tmp)) { + return KM_ERROR_MISSING_NOT_AFTER; + } + LOG_D("Using TAG_CERTIFICATE_NOT_AFTER: %lu", tmp); + cert_params->expire_date_time = static_cast<int64_t>(tmp); } - cert_params->expire_date_time = static_cast<int64_t>(tmp); LOG_D("Got certificate date params: NotBefore = %ld, NotAfter = %ld", cert_params->active_date_time, cert_params->expire_date_time); |