summaryrefslogtreecommitdiffstats
path: root/security/secureclock/aidl/android
diff options
context:
space:
mode:
authorJanis Danisevskis <jdanis@google.com>2021-01-05 09:15:57 -0800
committerJanis Danisevskis <jdanis@google.com>2021-01-14 10:19:28 -0800
commit6251827cda9b256e1c9c00add6fb4bebfe70a026 (patch)
treed456bb84dfc924bdb6dc356dcb9607be4d521ab6 /security/secureclock/aidl/android
parent600b7775ef945b70b211d67bf2a3285a0071c252 (diff)
downloadplatform_hardware_interfaces-6251827cda9b256e1c9c00add6fb4bebfe70a026.tar.gz
platform_hardware_interfaces-6251827cda9b256e1c9c00add6fb4bebfe70a026.tar.bz2
platform_hardware_interfaces-6251827cda9b256e1c9c00add6fb4bebfe70a026.zip
KeyMint/SecureClock: Reverse dependency between keymint and secureclock.
This patch removes verifyAuthorization from the KeyMint spec in favor of secureclock and the TimeStampToken. Timestamp has moved to secureclock and the VerificationToken was removed from keymint. This reverses the dependency between keymint and secureclock because keymint no imports TimeStampToken and Timestamp from secureclock. Test: Tested with CtsVerifier Fingerprint bound keys test. Change-Id: I4e0bde0d77e74918e2b5483c30be8057417e3bf1
Diffstat (limited to 'security/secureclock/aidl/android')
-rw-r--r--security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl8
-rw-r--r--security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl28
2 files changed, 29 insertions, 7 deletions
diff --git a/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl b/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl
index 76a2d28780..b24d3355e5 100644
--- a/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl
+++ b/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl
@@ -16,8 +16,7 @@
package android.hardware.security.secureclock;
-import android.hardware.security.keymint.SecurityLevel;
-import android.hardware.security.keymint.Timestamp;
+import android.hardware.security.secureclock.Timestamp;
/**
* TimeStampToken instances are used for secure environments that requires secure time information.
@@ -36,11 +35,6 @@ parcelable TimeStampToken {
Timestamp timestamp;
/**
- * SecurityLevel of the secure environment that generated the token.
- */
- SecurityLevel securityLevel;
-
- /**
* 32-byte HMAC-SHA256 of the above values, computed as:
*
* HMAC(H,
diff --git a/security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl b/security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl
new file mode 100644
index 0000000000..7bd1f9eab1
--- /dev/null
+++ b/security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.secureclock;
+
+/**
+ * Time in milliseconds since some arbitrary point in time. Time must be monotonically increasing,
+ * and a secure environment's notion of "current time" must not repeat until the Android device
+ * reboots, or until at least 50 million years have elapsed (note that this requirement is satisfied
+ * by setting the clock to zero during each boot, and then counting time accurately).
+ */
+@VintfStability
+parcelable Timestamp {
+ long milliSeconds;
+}