Keymint: Add CERTIFICATE_* tags

Add CERTIFICATE_NOT_BEFORE/AFTER and change CERTIFICATE_SERIAL to bignum type. Test: N/A Change-Id: I5b1ed20a9babe8425e98a03637cdc14be842872c
author: Janis Danisevskis <jdanis@google.com> 2021-01-31 22:08:17 -0800
committer: Janis Danisevskis <jdanis@google.com> 2021-01-31 22:08:17 -0800
commit: 06cd71d88aeb76094c7a4b3c67059e88443db426 (patch)
tree: cebd7df69c9bb23a82325fd829ba79d9ced7567e
parent: 541a8d3e5b6d5f9667c25f72aa669eabe8ae6305 (diff)
download: libhardware-06cd71d88aeb76094c7a4b3c67059e88443db426.tar.gz
1 files changed, 15 insertions, 1 deletions
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index a0a1c8e5..f6223ffb 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -193,7 +193,7 @@ typedef enum {
                                                         proving that the user confirmed a signing
                                                         request. */
 
-    KM_TAG_CERTIFICATE_SERIAL = KM_UINT | 1006,      /* The serial number that should be
+    KM_TAG_CERTIFICATE_SERIAL = KM_BIGNUM | 1006,      /* The serial number that should be
                                                         set in the attestation certificate
                                                         to be generated. */
 
@@ -201,6 +201,18 @@ typedef enum {
                                                         set in the attestation certificate
                                                         to be generated. */
 
+    KM_TAG_CERTIFICATE_NOT_BEFORE = KM_DATE | 1008,  /* Epoch time in milliseconds of the start of
+                                                        the to be generated certificate's validity.
+                                                        The value should interpreted as too's
+                                                        complement signed integer. Negative values
+                                                        indicate dates before Jan 1970 */
+
+    KM_TAG_CERTIFICATE_NOT_AFTER = KM_DATE | 1009,  /*  Epoch time in milliseconds of the end of
+                                                        the to be generated certificate's validity.
+                                                        The value should interpreted as too's
+                                                        complement signed integer. Negative values
+                                                        indicate dates before Jan 1970 */
+
 
 } keymaster_tag_t;
 
@@ -496,6 +508,8 @@ typedef enum {
     KM_ERROR_ATTESTATION_IDS_NOT_PROVISIONED = -75,
     KM_ERROR_INCOMPATIBLE_MGF_DIGEST = -78,
     KM_ERROR_UNSUPPORTED_MGF_DIGEST = -79,
+    KM_ERROR_MISSING_NOT_BEFORE = -80,
+    KM_ERROR_MISSING_NOT_AFTER = -81,
 
     KM_ERROR_UNIMPLEMENTED = -100,
     KM_ERROR_VERSION_MISMATCH = -101,
author	Janis Danisevskis <jdanis@google.com>	2021-01-31 22:08:17 -0800
committer	Janis Danisevskis <jdanis@google.com>	2021-01-31 22:08:17 -0800
commit	06cd71d88aeb76094c7a4b3c67059e88443db426 (patch)
tree	cebd7df69c9bb23a82325fd829ba79d9ced7567e
parent	541a8d3e5b6d5f9667c25f72aa669eabe8ae6305 (diff)
download	libhardware-06cd71d88aeb76094c7a4b3c67059e88443db426.tar.gz