Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6251827c authored by Janis Danisevskis's avatar Janis Danisevskis
Browse files

KeyMint/SecureClock: Reverse dependency between keymint and secureclock. 

This patch removes verifyAuthorization from the KeyMint spec in favor of
secureclock and the TimeStampToken. Timestamp has moved to secureclock
and the VerificationToken was removed from keymint. This reverses the
dependency between keymint and secureclock because keymint no imports
TimeStampToken and Timestamp from secureclock.

Test: Tested with CtsVerifier Fingerprint bound keys test.
Change-Id: I4e0bde0d77e74918e2b5483c30be8057417e3bf1
parent 600b7775

security/keymint/aidl/Android.bp

+3 −0
Original line number Diff line number Diff line
@@ -4,6 +4,9 @@ aidl_interface { 
    srcs: [

        "android/hardware/security/keymint/*.aidl",

    ],

    imports: [

        "android.hardware.security.secureclock",

    ],

    stability: "vintf",

    backend: {

        java: {

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl

+1 −1
Original line number Diff line number Diff line
@@ -23,6 +23,6 @@ parcelable HardwareAuthToken { 
  long userId;

  long authenticatorId;

  android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType;

  android.hardware.security.keymint.Timestamp timestamp;

  android.hardware.security.secureclock.Timestamp timestamp;

  byte[] mac;

}

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl

+0 −1
Original line number Diff line number Diff line
@@ -20,7 +20,6 @@ package android.hardware.security.keymint; 
@VintfStability

interface IKeyMintDevice {

  android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo();

  android.hardware.security.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.security.keymint.HardwareAuthToken token);

  void addRngEntropy(in byte[] data);

  android.hardware.security.keymint.KeyCreationResult generateKey(in android.hardware.security.keymint.KeyParameter[] keyParams);

  android.hardware.security.keymint.KeyCreationResult importKey(in android.hardware.security.keymint.KeyParameter[] keyParams, in android.hardware.security.keymint.KeyFormat keyFormat, in byte[] keyData);

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl

+2 −2
Original line number Diff line number Diff line
@@ -19,7 +19,7 @@ 
package android.hardware.security.keymint;

@VintfStability

interface IKeyMintOperation {

  int update(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams, out @nullable android.hardware.security.keymint.ByteArray output);

  byte[] finish(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams);

  int update(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.security.secureclock.TimeStampToken inTimeStampToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams, out @nullable android.hardware.security.keymint.ByteArray output);

  byte[] finish(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.secureclock.TimeStampToken inTimeStampToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams);

  void abort();

}

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/VerificationToken.aidl

deleted100644 → 0
+0 −26
Original line number Diff line number Diff line 
///////////////////////////////////////////////////////////////////////////////

// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //

///////////////////////////////////////////////////////////////////////////////



// This file is a snapshot of an AIDL file. Do not edit it manually. There are

// two cases:

// 1). this is a frozen version file - do not edit this in any case.

// 2). this is a 'current' file. If you make a backwards compatible change to

//     the interface (from the latest frozen version), the build system will

//     prompt you to update this file with `m <name>-update-api`.

//

// You must not make a backward incompatible change to any AIDL file built

// with the aidl_interface module type with versions property set. The module

// type is used to build AIDL files in a way that they can be used across

// independently updatable components of the system. If a device is shipped

// with such a backward incompatible change, it has a high risk of breaking

// later when a module using the interface is updated, e.g., Mainline modules.



package android.hardware.security.keymint;

@VintfStability

parcelable VerificationToken {

  long challenge;

  android.hardware.security.keymint.Timestamp timestamp;

  android.hardware.security.keymint.SecurityLevel securityLevel;

  byte[] mac;

}