diff options
author | Tri Vo <trong@google.com> | 2023-09-13 18:01:04 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-09-13 18:01:04 +0000 |
commit | fd8e66c99d45d7f091e7c23fe678267c5693d327 (patch) | |
tree | ea0ac3c5beffac8161e445b9bafc6b3ae8bcf30f | |
parent | c06ff747340270e4a1016d695a02967b98119788 (diff) | |
parent | 77ec0e4279983ed83a33be594440fba4490a01f8 (diff) | |
download | keymaster-tmp_amf_298295554.tar.gz |
Fix asymmetric secure key import am: 77ec0e4279tmp_amf_298295554
Original change: https://android-review.googlesource.com/c/platform/system/keymaster/+/2748557
Change-Id: Ia1ea2078755198d5a916113a11196df40ac63e9a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | android_keymaster/android_keymaster.cpp | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/android_keymaster/android_keymaster.cpp b/android_keymaster/android_keymaster.cpp index c2bf15c..b28e3c9 100644 --- a/android_keymaster/android_keymaster.cpp +++ b/android_keymaster/android_keymaster.cpp @@ -954,16 +954,18 @@ void AndroidKeymaster::ImportWrappedKey(const ImportWrappedKeyRequest& request, if (sids & HW_AUTH_FINGERPRINT) { key_description.push_back(TAG_USER_SECURE_ID, request.biometric_sid); } - - if (context_->GetKmVersion() >= KmVersion::KEYMINT_1) { - key_description.push_back(TAG_CERTIFICATE_NOT_BEFORE, 0); - key_description.push_back(TAG_CERTIFICATE_NOT_AFTER, kUndefinedExpirationDateTime); - } } const KeyFactory* factory = get_key_factory(key_description, *context_, &response->error); if (!factory) return; + // There is no way for clients to pass CERTIFICATE_NOT_BEFORE and CERTIFICATE_NOT_AFTER. + // importWrappedKey must use validity with no well-defined expiration date. + if (context_->GetKmVersion() >= KmVersion::KEYMINT_1) { + key_description.push_back(TAG_CERTIFICATE_NOT_BEFORE, 0); + key_description.push_back(TAG_CERTIFICATE_NOT_AFTER, kUndefinedExpirationDateTime); + } + response->error = factory->ImportKey(key_description, // key_format, // secret_key, // |