patches/system/security/0001-Keystore-2.0-Add-CREATION_DATETIME-only-for-Keymint-.patch

69 lines
2.6 KiB
Diff

From 0c610f5f6935977142a7dbb9dbca4b9b1bc83c55 Mon Sep 17 00:00:00 2001
From: Janis Danisevskis <jdanis@google.com>
Date: Mon, 20 Dec 2021 13:16:23 -0800
Subject: [PATCH] Keystore 2.0: Add CREATION_DATETIME only for Keymint V1 and
higher.
Adding CREATION_DATETIME unconditionally should be accepted by all
keymaster implementations. Alas, VTS tests never covered this before
Keymint V1 and so there are implementations that fail when the caller
presents the tag.
Test: CtsKeystoreTestCases for regression testing.
Bug: 210792876
Bug: 204578637
Change-Id: I3cf7e8def7a369839844ef1b3628f477d8fe6b53
---
keystore2/src/security_level.rs | 33 ++++++++++++++++++---------------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index 1b2e3485..0f4c0f7d 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -405,23 +405,26 @@ impl KeystoreSecurityLevel {
);
}
- result.push(KeyParameter {
- tag: Tag::CREATION_DATETIME,
- value: KeyParameterValue::DateTime(
- SystemTime::now()
- .duration_since(SystemTime::UNIX_EPOCH)
- .context(
- "In KeystoreSecurityLevel::add_required_parameters: \
+ // Add CREATION_DATETIME only if the backend version Keymint V1 (100) or newer.
+ if self.hw_info.versionNumber >= 100 {
+ result.push(KeyParameter {
+ tag: Tag::CREATION_DATETIME,
+ value: KeyParameterValue::DateTime(
+ SystemTime::now()
+ .duration_since(SystemTime::UNIX_EPOCH)
+ .context(
+ "In KeystoreSecurityLevel::add_required_parameters: \
Failed to get epoch time.",
- )?
- .as_millis()
- .try_into()
- .context(
- "In KeystoreSecurityLevel::add_required_parameters: \
+ )?
+ .as_millis()
+ .try_into()
+ .context(
+ "In KeystoreSecurityLevel::add_required_parameters: \
Failed to convert epoch time.",
- )?,
- ),
- });
+ )?,
+ ),
+ });
+ }
// If there is an attestation challenge we need to get an application id.
if params.iter().any(|kp| kp.tag == Tag::ATTESTATION_CHALLENGE) {
--
2.35.3