Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 77f4bced authored by Tri Vo's avatar Tri Vo
Browse files

keymint: Clarify usage of certificate tags with importWrappedKey 

Bug: 292534977
Test: atest android.keystore.cts.ImportWrappedKeyTest
Change-Id: I2cb65bc27e4f6b64c331bae4e4a8242ff1d91e43
parent 49e64336

security/keymint/aidl/android/hardware/security/keymint/Tag.aidl

+5 −2
Original line number Diff line number Diff line
@@ -971,7 +971,9 @@ enum Tag { 
     * Tag::CERTIFICATE_NOT_BEFORE the beginning of the validity of the certificate in UNIX epoch

     * time in milliseconds.  This value is used when generating attestation or self signed

     * certificates.  ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if

     * this tag is not provided to generateKey or importKey.

     * this tag is not provided to generateKey or importKey.  For importWrappedKey, there is no way

     * to specify the value of this tag for the wrapped key, so a value of 0 must be used for

     * certificate generation.

     */

    CERTIFICATE_NOT_BEFORE = TagType.DATE | 1008,
@@ -979,7 +981,8 @@ enum Tag { 
     * Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch time in

     * milliseconds.  This value is used when generating attestation or self signed certificates.

     * ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey or

     * importKey.

     * importKey.  For importWrappedKey, there is no way to specify the value of this tag for the

     * wrapped key, so a value of 253402300799000 is used for certificate generation.

     */

    CERTIFICATE_NOT_AFTER = TagType.DATE | 1009,