summaryrefslogtreecommitdiffstats
path: root/security/secureclock/aidl
diff options
context:
space:
mode:
authorJanis Danisevskis <jdanis@google.com>2021-01-05 09:15:57 -0800
committerJanis Danisevskis <jdanis@google.com>2021-01-14 10:19:28 -0800
commit6251827cda9b256e1c9c00add6fb4bebfe70a026 (patch)
treed456bb84dfc924bdb6dc356dcb9607be4d521ab6 /security/secureclock/aidl
parent600b7775ef945b70b211d67bf2a3285a0071c252 (diff)
downloadplatform_hardware_interfaces-6251827cda9b256e1c9c00add6fb4bebfe70a026.tar.gz
platform_hardware_interfaces-6251827cda9b256e1c9c00add6fb4bebfe70a026.tar.bz2
platform_hardware_interfaces-6251827cda9b256e1c9c00add6fb4bebfe70a026.zip
KeyMint/SecureClock: Reverse dependency between keymint and secureclock.
This patch removes verifyAuthorization from the KeyMint spec in favor of secureclock and the TimeStampToken. Timestamp has moved to secureclock and the VerificationToken was removed from keymint. This reverses the dependency between keymint and secureclock because keymint no imports TimeStampToken and Timestamp from secureclock. Test: Tested with CtsVerifier Fingerprint bound keys test. Change-Id: I4e0bde0d77e74918e2b5483c30be8057417e3bf1
Diffstat (limited to 'security/secureclock/aidl')
-rw-r--r--security/secureclock/aidl/Android.bp3
-rw-r--r--security/secureclock/aidl/aidl_api/android.hardware.security.secureclock/current/android/hardware/security/secureclock/TimeStampToken.aidl3
-rw-r--r--security/secureclock/aidl/aidl_api/android.hardware.security.secureclock/current/android/hardware/security/secureclock/Timestamp.aidl23
-rw-r--r--security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl8
-rw-r--r--security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl28
5 files changed, 53 insertions, 12 deletions
diff --git a/security/secureclock/aidl/Android.bp b/security/secureclock/aidl/Android.bp
index 7d26a9bd58..5a6d7ae538 100644
--- a/security/secureclock/aidl/Android.bp
+++ b/security/secureclock/aidl/Android.bp
@@ -5,9 +5,6 @@ aidl_interface {
"android/hardware/security/secureclock/*.aidl",
],
stability: "vintf",
- imports: [
- "android.hardware.security.keymint",
- ],
backend: {
java: {
sdk_version: "module_current",
diff --git a/security/secureclock/aidl/aidl_api/android.hardware.security.secureclock/current/android/hardware/security/secureclock/TimeStampToken.aidl b/security/secureclock/aidl/aidl_api/android.hardware.security.secureclock/current/android/hardware/security/secureclock/TimeStampToken.aidl
index c23ddca2c9..51b1824da1 100644
--- a/security/secureclock/aidl/aidl_api/android.hardware.security.secureclock/current/android/hardware/security/secureclock/TimeStampToken.aidl
+++ b/security/secureclock/aidl/aidl_api/android.hardware.security.secureclock/current/android/hardware/security/secureclock/TimeStampToken.aidl
@@ -20,7 +20,6 @@ package android.hardware.security.secureclock;
@VintfStability
parcelable TimeStampToken {
long challenge;
- android.hardware.security.keymint.Timestamp timestamp;
- android.hardware.security.keymint.SecurityLevel securityLevel;
+ android.hardware.security.secureclock.Timestamp timestamp;
byte[] mac;
}
diff --git a/security/secureclock/aidl/aidl_api/android.hardware.security.secureclock/current/android/hardware/security/secureclock/Timestamp.aidl b/security/secureclock/aidl/aidl_api/android.hardware.security.secureclock/current/android/hardware/security/secureclock/Timestamp.aidl
new file mode 100644
index 0000000000..50b8b9ff13
--- /dev/null
+++ b/security/secureclock/aidl/aidl_api/android.hardware.security.secureclock/current/android/hardware/security/secureclock/Timestamp.aidl
@@ -0,0 +1,23 @@
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.secureclock;
+@VintfStability
+parcelable Timestamp {
+ long milliSeconds;
+}
diff --git a/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl b/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl
index 76a2d28780..b24d3355e5 100644
--- a/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl
+++ b/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl
@@ -16,8 +16,7 @@
package android.hardware.security.secureclock;
-import android.hardware.security.keymint.SecurityLevel;
-import android.hardware.security.keymint.Timestamp;
+import android.hardware.security.secureclock.Timestamp;
/**
* TimeStampToken instances are used for secure environments that requires secure time information.
@@ -36,11 +35,6 @@ parcelable TimeStampToken {
Timestamp timestamp;
/**
- * SecurityLevel of the secure environment that generated the token.
- */
- SecurityLevel securityLevel;
-
- /**
* 32-byte HMAC-SHA256 of the above values, computed as:
*
* HMAC(H,
diff --git a/security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl b/security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl
new file mode 100644
index 0000000000..7bd1f9eab1
--- /dev/null
+++ b/security/secureclock/aidl/android/hardware/security/secureclock/Timestamp.aidl
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.secureclock;
+
+/**
+ * Time in milliseconds since some arbitrary point in time. Time must be monotonically increasing,
+ * and a secure environment's notion of "current time" must not repeat until the Android device
+ * reboots, or until at least 50 million years have elapsed (note that this requirement is satisfied
+ * by setting the clock to zero during each boot, and then counting time accurately).
+ */
+@VintfStability
+parcelable Timestamp {
+ long milliSeconds;
+}