Set attestation certificate issuer and subject correctly.
Bug: 38394614
Test: VtsHalKeymasterV3_0TargetTest
Merged-In: Ie400a94b5cd856c81ed111cfab24ae609d98cdbd
Change-Id: Ie400a94b5cd856c81ed111cfab24ae609d98cdbd
diff --git a/asymmetric_key.cpp b/asymmetric_key.cpp
index 782e87b..35406e6 100644
--- a/asymmetric_key.cpp
+++ b/asymmetric_key.cpp
@@ -290,19 +290,10 @@
!X509_set_serialNumber(certificate.get(), serialNumber.get() /* Don't release; copied */))
return TranslateLastOpenSslError();
- // TODO(swillden): Find useful values (if possible) for issuerName and subjectName.
- X509_NAME_Ptr issuerName(X509_NAME_new());
- if (!issuerName.get() ||
- !X509_NAME_add_entry_by_txt(issuerName.get(), "CN", MBSTRING_ASC,
- reinterpret_cast<const uint8_t*>("Android Keymaster"),
- -1 /* len */, -1 /* loc */, 0 /* set */) ||
- !X509_set_issuer_name(certificate.get(), issuerName.get() /* Don't release; copied */))
- return TranslateLastOpenSslError();
-
X509_NAME_Ptr subjectName(X509_NAME_new());
if (!subjectName.get() ||
!X509_NAME_add_entry_by_txt(subjectName.get(), "CN", MBSTRING_ASC,
- reinterpret_cast<const uint8_t*>("A Keymaster Key"),
+ reinterpret_cast<const uint8_t*>("Android Keystore Key"),
-1 /* len */, -1 /* loc */, 0 /* set */) ||
!X509_set_subject_name(certificate.get(), subjectName.get() /* Don't release; copied */))
return TranslateLastOpenSslError();
@@ -354,6 +345,15 @@
return TranslateLastOpenSslError();
}
+ // Set issuer to subject of batch certificate.
+ X509_NAME* issuerSubject = X509_get_subject_name(signing_cert.get());
+ if (!issuerSubject) {
+ return KM_ERROR_UNKNOWN_ERROR;
+ }
+ if (!X509_set_issuer_name(certificate.get(), issuerSubject)) {
+ return TranslateLastOpenSslError();
+ }
+
UniquePtr<X509V3_CTX> x509v3_ctx(new X509V3_CTX);
*x509v3_ctx = {};
X509V3_set_ctx(x509v3_ctx.get(), signing_cert.get(), certificate.get(), nullptr /* req */,