Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / f05dcc4cbdd63bc0c5ae9d971aca527a69c76ccb^1..f05dcc4cbdd63bc0c5ae9d971aca527a69c76ccb / .
commitf05dcc4cbdd63bc0c5ae9d971aca527a69c76ccb[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Thu Feb 11 23:44:00 2021 +0000
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Thu Feb 11 23:44:00 2021 +0000
tree98a5679374b13098b5500015764f6fee454c331a
parent999ab57db7fd04e2a5869eb0b949d4823ff99ff4 [diff]
parentfb669b9e3979ecb3e7ee3a05778405a9cd9cf3b8 [diff]
Merge "Identity: Fix breakage caused by recent changes in libsoft_attestation_cert." am: aef57a826a am: fb669b9e39

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1584471

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: Iae7a3c70e790f1211c4ce7c7de6f2df69106b07a

diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp
index 38348ac..91985ce 100644
--- a/identity/support/src/IdentityCredentialSupport.cpp
+++ b/identity/support/src/IdentityCredentialSupport.cpp

@@ -874,8 +874,11 @@
 
     i2d_X509_NAME(subjectName.get(), &subjectPtr);
 
+    uint64_t nowMilliSeconds = time(nullptr) * 1000;
     ::keymaster::AuthorizationSet auth_set(
             ::keymaster::AuthorizationSetBuilder()
+                    .Authorization(::keymaster::TAG_CERTIFICATE_NOT_BEFORE, nowMilliSeconds)
+                    .Authorization(::keymaster::TAG_CERTIFICATE_NOT_AFTER, expireTimeMilliSeconds)
                     .Authorization(::keymaster::TAG_ATTESTATION_CHALLENGE, challenge.data(),
                                    challenge.size())
                     .Authorization(::keymaster::TAG_ACTIVE_DATETIME, activeTimeMilliSeconds)
@@ -918,7 +921,7 @@
     // the VTS tests. Of course, this is a pretend-only game since hopefully no
     // relying party is ever going to trust our batch key and those keys above
     // it.
-    ::keymaster::PureSoftKeymasterContext context(::keymaster::KmVersion::KEYMASTER_4_1,
+    ::keymaster::PureSoftKeymasterContext context(::keymaster::KmVersion::KEYMINT_1,
                                                   KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT);
 
     ::keymaster::CertificateChain cert_chain_out = generate_attestation_from_EVP(
@@ -926,7 +929,7 @@
             *attestation_signing_key, &error);
 
     if (KM_ERROR_OK != error) {
-        LOG(ERROR) << "Error generate attestation from EVP key" << error;
+        LOG(ERROR) << "Error generating attestation from EVP key: " << error;
         return {};
     }