Keystore 2.0: Add support for the new CERTIFICATE_* tags. Test: Keystore CTS tests Change-Id: Ifbecd4517e8b6fb143283ed3f815aed4812a3c4a

commit: 2c08401f93da3fce54187299e3364dd341c345fe [log] [tgz]
author: Janis Danisevskis <jdanis@google.com> Sun Jan 31 22:23:17 2021 -0800
committer: Janis Danisevskis <jdanis@google.com> Sun Feb 07 19:12:00 2021 -0800
tree: 2ee1b15f67be053b8b0c83fd4c4f97656ddecb42
parent: ae6899d2d9353cb93d13bc996b63a71b74591ab5 [diff] [blame]
diff --git a/keystore2/src/km_compat/lib.rs b/keystore2/src/km_compat/lib.rs
index d264e7a..097e6d4 100644
--- a/keystore2/src/km_compat/lib.rs
+++ b/keystore2/src/km_compat/lib.rs

@@ -76,6 +76,10 @@
         creation_result
     }
 
+    // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to GeneralizedTime
+    // 999912312359559, which is 253402300799000 ms from Jan 1, 1970.
+    const UNDEFINED_NOT_AFTER: i64 = 253402300799000i64;
+
     fn generate_rsa_key(legacy: &dyn IKeyMintDevice, encrypt: bool, attest: bool) -> Vec<u8> {
         let mut kps = vec![
             KeyParameter {
@@ -97,6 +101,14 @@
                 tag: Tag::PURPOSE,
                 value: KeyParameterValue::KeyPurpose(KeyPurpose::SIGN),
             },
+            KeyParameter {
+                tag: Tag::CERTIFICATE_NOT_BEFORE,
+                value: KeyParameterValue::DateTime(0),
+            },
+            KeyParameter {
+                tag: Tag::CERTIFICATE_NOT_AFTER,
+                value: KeyParameterValue::DateTime(UNDEFINED_NOT_AFTER),
+            },
         ];
         if encrypt {
             kps.push(KeyParameter {
commit	2c08401f93da3fce54187299e3364dd341c345fe	[log] [tgz]
author	Janis Danisevskis <jdanis@google.com>	Sun Jan 31 22:23:17 2021 -0800
committer	Janis Danisevskis <jdanis@google.com>	Sun Feb 07 19:12:00 2021 -0800
tree	2ee1b15f67be053b8b0c83fd4c4f97656ddecb42
parent	ae6899d2d9353cb93d13bc996b63a71b74591ab5 [diff] [blame]