summaryrefslogtreecommitdiff
path: root/security/keymint/support/authorization_set.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'security/keymint/support/authorization_set.cpp')
-rw-r--r--security/keymint/support/authorization_set.cpp12
1 files changed, 12 insertions, 0 deletions
diff --git a/security/keymint/support/authorization_set.cpp b/security/keymint/support/authorization_set.cpp
index 3d44dff27c..25eace3caf 100644
--- a/security/keymint/support/authorization_set.cpp
+++ b/security/keymint/support/authorization_set.cpp
@@ -191,6 +191,10 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::EncryptionKey() {
return Authorization(TAG_PURPOSE, KeyPurpose::DECRYPT);
}
+AuthorizationSetBuilder& AuthorizationSetBuilder::AttestKey() {
+ return Authorization(TAG_PURPOSE, KeyPurpose::ATTEST_KEY);
+}
+
AuthorizationSetBuilder& AuthorizationSetBuilder::NoDigestOrPadding() {
Authorization(TAG_DIGEST, Digest::NONE);
return Authorization(TAG_PADDING, PaddingMode::NONE);
@@ -243,4 +247,12 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::Padding(
return *this;
}
+AuthorizationSetBuilder& AuthorizationSetBuilder::SetDefaultValidity() {
+ // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to
+ // GeneralizedTime 999912312359559, which is 253402300799000 ms from Jan 1, 1970.
+ constexpr uint64_t kUndefinedExpirationDateTime = 253402300799000;
+ Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0);
+ return Authorization(TAG_CERTIFICATE_NOT_AFTER, kUndefinedExpirationDateTime);
+}
+
} // namespace aidl::android::hardware::security::keymint
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 13:54:43 +0000