Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / c239db4114246dbca23482bd4f2e3237fcb3524e
commitc239db4114246dbca23482bd4f2e3237fcb3524e[log] [tgz]
authorDavid Zeuthen <zeuthen@google.com>Mon Nov 14 15:22:24 2022 -0500
committerDavid Zeuthen <zeuthen@google.com>Fri Dec 09 02:58:18 2022 -0500
tree5ed03d409794fff486474f12f0d678148cc84fb6
parentfdf7f52a1d20e2c1f9bd03e363692f3562d1f287 [diff]
identity: Add support for setting minimum validity period for AuthKey.

This change adds support for specifying that an AuthKey should be
replaced if it's going to expire within a certain amount of time
configurable by the application. This also adds a way for the
application to learn about the expiration time of currently configured
AuthKeys.

Combined these two changes allow an application to get a perfect
picture of which AuthKeys are available, when they expire, and allows
the application to refresh AuthKeys well ahead of expiration dates.

Also remove checking storeStaticAuthenticationDataWithExpiration() is
only available on HAL version 3 and later (feature version 202101 and
later). This works on any HAL version.

Bug: 241912421
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Ic8274088035c31f73ad61645ee5e0281b3460837
7 files changed
tree: 5ed03d409794fff486474f12f0d678148cc84fb6
  1. diced/
  2. fsverity/
  3. fsverity_init/
  4. identity/
  5. keystore/
  6. keystore-engine/
  7. keystore2/
  8. ondevice-signing/
  9. prng_seeder/
  10. provisioner/
  11. rustfmt.toml ⇨ ../../build/soong/scripts/rustfmt.toml
  12. .clang-format
  13. .gitignore
  14. Android.bp
  15. METADATA
  16. MODULE_LICENSE_APACHE2
  17. NOTICE
  18. OWNERS
  19. PREUPLOAD.cfg