diff options
-rw-r--r-- | identity/support/src/IdentityCredentialSupport.cpp | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/identity/support/src/IdentityCredentialSupport.cpp b/identity/support/src/IdentityCredentialSupport.cpp index 38348ac1b0..91985ceca6 100644 --- a/identity/support/src/IdentityCredentialSupport.cpp +++ b/identity/support/src/IdentityCredentialSupport.cpp @@ -874,8 +874,11 @@ optional<vector<vector<uint8_t>>> createAttestation( i2d_X509_NAME(subjectName.get(), &subjectPtr); + uint64_t nowMilliSeconds = time(nullptr) * 1000; ::keymaster::AuthorizationSet auth_set( ::keymaster::AuthorizationSetBuilder() + .Authorization(::keymaster::TAG_CERTIFICATE_NOT_BEFORE, nowMilliSeconds) + .Authorization(::keymaster::TAG_CERTIFICATE_NOT_AFTER, expireTimeMilliSeconds) .Authorization(::keymaster::TAG_ATTESTATION_CHALLENGE, challenge.data(), challenge.size()) .Authorization(::keymaster::TAG_ACTIVE_DATETIME, activeTimeMilliSeconds) @@ -918,7 +921,7 @@ optional<vector<vector<uint8_t>>> createAttestation( // the VTS tests. Of course, this is a pretend-only game since hopefully no // relying party is ever going to trust our batch key and those keys above // it. - ::keymaster::PureSoftKeymasterContext context(::keymaster::KmVersion::KEYMASTER_4_1, + ::keymaster::PureSoftKeymasterContext context(::keymaster::KmVersion::KEYMINT_1, KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT); ::keymaster::CertificateChain cert_chain_out = generate_attestation_from_EVP( @@ -926,7 +929,7 @@ optional<vector<vector<uint8_t>>> createAttestation( *attestation_signing_key, &error); if (KM_ERROR_OK != error) { - LOG(ERROR) << "Error generate attestation from EVP key" << error; + LOG(ERROR) << "Error generating attestation from EVP key: " << error; return {}; } |