Revert "Keystore 2.0: Add CREATE_DATETIME unconditionally."
This reverts commit 5aca5d6947a8cf1b1018e087a6e143bc4cfd635f.
Reason for revert: Bug: 204841659
Change-Id: I391f540e117d85146d52f984dee4127b70e544c2
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index da1ff16..ee725eb 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -54,11 +54,9 @@
Domain::Domain, EphemeralStorageKeyResponse::EphemeralStorageKeyResponse,
IKeystoreOperation::IKeystoreOperation, IKeystoreSecurityLevel::BnKeystoreSecurityLevel,
IKeystoreSecurityLevel::IKeystoreSecurityLevel, KeyDescriptor::KeyDescriptor,
- KeyMetadata::KeyMetadata, KeyParameters::KeyParameters, ResponseCode::ResponseCode,
+ KeyMetadata::KeyMetadata, KeyParameters::KeyParameters,
};
use anyhow::{anyhow, Context, Result};
-use std::convert::TryInto;
-use std::time::SystemTime;
/// Implementation of the IKeystoreSecurityLevel Interface.
pub struct KeystoreSecurityLevel {
@@ -388,50 +386,25 @@
})
}
- fn add_required_parameters(
+ fn add_certificate_parameters(
&self,
uid: u32,
params: &[KeyParameter],
key: &KeyDescriptor,
) -> Result<Vec<KeyParameter>> {
let mut result = params.to_vec();
-
- // Unconditionally add the CREATION_DATETIME tag and prevent callers from
- // specifying it.
- if params.iter().any(|kp| kp.tag == Tag::CREATION_DATETIME) {
- return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT)).context(
- "In KeystoreSecurityLevel::add_required_parameters: \
- Specifying Tag::CREATION_DATETIME is not allowed.",
- );
- }
-
- result.push(KeyParameter {
- tag: Tag::CREATION_DATETIME,
- value: KeyParameterValue::DateTime(
- SystemTime::now()
- .duration_since(SystemTime::UNIX_EPOCH)
- .context(
- "In KeystoreSecurityLevel::add_required_parameters: \
- Failed to get epoch time.",
- )?
- .as_millis()
- .try_into()
- .context(
- "In KeystoreSecurityLevel::add_required_parameters: \
- Failed to convert epoch time.",
- )?,
- ),
- });
-
// If there is an attestation challenge we need to get an application id.
if params.iter().any(|kp| kp.tag == Tag::ATTESTATION_CHALLENGE) {
let aaid = {
let _wp = self.watch_millis(
- "In KeystoreSecurityLevel::add_required_parameters calling: get_aaid",
+ "In KeystoreSecurityLevel::add_certificate_parameters calling: get_aaid",
500,
);
keystore2_aaid::get_aaid(uid).map_err(|e| {
- anyhow!(format!("In add_required_parameters: get_aaid returned status {}.", e))
+ anyhow!(format!(
+ "In add_certificate_parameters: get_aaid returned status {}.",
+ e
+ ))
})
}?;
@@ -443,13 +416,13 @@
if params.iter().any(|kp| kp.tag == Tag::INCLUDE_UNIQUE_ID) {
check_key_permission(KeyPerm::GenUniqueId, key, &None).context(concat!(
- "In add_required_parameters: ",
+ "In add_certificate_parameters: ",
"Caller does not have the permission to generate a unique ID"
))?;
if self.id_rotation_state.had_factory_reset_since_id_rotation().context(
- "In add_required_parameters: Call to had_factory_reset_since_id_rotation failed.",
+ "In add_certificate_parameters: Call to had_factory_reset_since_id_rotation failed."
)? {
- result.push(KeyParameter {
+ result.push(KeyParameter{
tag: Tag::RESET_SINCE_ID_ROTATION,
value: KeyParameterValue::BoolValue(true),
})
@@ -460,7 +433,7 @@
// correct Android permission.
if params.iter().any(|kp| is_device_id_attestation_tag(kp.tag)) {
check_device_attestation_permissions().context(concat!(
- "In add_required_parameters: ",
+ "In add_certificate_parameters: ",
"Caller does not have the permission to attest device identifiers."
))?;
}
@@ -532,7 +505,7 @@
.context("In generate_key: Trying to get an attestation key")?,
};
let params = self
- .add_required_parameters(caller_uid, params, &key)
+ .add_certificate_parameters(caller_uid, params, &key)
.context("In generate_key: Trying to get aaid.")?;
let creation_result = match attestation_key_info {
@@ -631,7 +604,7 @@
check_key_permission(KeyPerm::Rebind, &key, &None).context("In import_key.")?;
let params = self
- .add_required_parameters(caller_uid, params, &key)
+ .add_certificate_parameters(caller_uid, params, &key)
.context("In import_key: Trying to get aaid.")?;
let format = params