diff options
author | Janis Danisevskis <jdanis@google.com> | 2021-01-05 09:15:57 -0800 |
---|---|---|
committer | Janis Danisevskis <jdanis@google.com> | 2021-01-14 10:19:28 -0800 |
commit | 6251827cda9b256e1c9c00add6fb4bebfe70a026 (patch) | |
tree | d456bb84dfc924bdb6dc356dcb9607be4d521ab6 /security/secureclock/aidl/android | |
parent | 600b7775ef945b70b211d67bf2a3285a0071c252 (diff) | |
download | platform_hardware_interfaces-6251827cda9b256e1c9c00add6fb4bebfe70a026.tar.gz platform_hardware_interfaces-6251827cda9b256e1c9c00add6fb4bebfe70a026.tar.bz2 platform_hardware_interfaces-6251827cda9b256e1c9c00add6fb4bebfe70a026.zip |
KeyMint/SecureClock: Reverse dependency between keymint and secureclock.
This patch removes verifyAuthorization from the KeyMint spec in favor of
secureclock and the TimeStampToken. Timestamp has moved to secureclock
and the VerificationToken was removed from keymint. This reverses the
dependency between keymint and secureclock because keymint no imports
TimeStampToken and Timestamp from secureclock.
Test: Tested with CtsVerifier Fingerprint bound keys test.
Change-Id: I4e0bde0d77e74918e2b5483c30be8057417e3bf1
Diffstat (limited to 'security/secureclock/aidl/android')
-rw-r--r-- | security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl | 8 | ||||
-rw-r--r-- | security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl | 28 |
2 files changed, 29 insertions, 7 deletions
diff --git a/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl b/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl index 76a2d28780..b24d3355e5 100644 --- a/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl +++ b/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl @@ -16,8 +16,7 @@ package android.hardware.security.secureclock; -import android.hardware.security.keymint.SecurityLevel; -import android.hardware.security.keymint.Timestamp; +import android.hardware.security.secureclock.Timestamp; /** * TimeStampToken instances are used for secure environments that requires secure time information. @@ -36,11 +35,6 @@ parcelable TimeStampToken { Timestamp timestamp; /** - * SecurityLevel of the secure environment that generated the token. - */ - SecurityLevel securityLevel; - - /** * 32-byte HMAC-SHA256 of the above values, computed as: * * HMAC(H, diff --git a/security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl b/security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl new file mode 100644 index 0000000000..7bd1f9eab1 --- /dev/null +++ b/security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl @@ -0,0 +1,28 @@ +/* + * Copyright 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.hardware.security.secureclock; + +/** + * Time in milliseconds since some arbitrary point in time. Time must be monotonically increasing, + * and a secure environment's notion of "current time" must not repeat until the Android device + * reboots, or until at least 50 million years have elapsed (note that this requirement is satisfied + * by setting the clock to zero during each boot, and then counting time accurately). + */ +@VintfStability +parcelable Timestamp { + long milliSeconds; +} |