Fix for the documentation in TimeStampToken.aidl. HMAC computation will always use 1, which is the value of SecurityLevel.TRUSTED_ENVIRONMENT. This is done for backwards compatibility purpose.

Test: N/A Bug: None. Change-Id: I1fd979908103f9095cc7c306e0d5036d6b357b30
2026-02-01 11:36:00 +00:00 · 2021-05-25 16:01:27 +00:00
parent 4477ee052f
commit 8ac0743508
1 changed files with 2 additions and 4 deletions
--- a/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl
+++ b/security/secureclock/aidl/android/hardware/security/secureclock/TimeStampToken.aidl
@@ -39,7 +39,7 @@ parcelable TimeStampToken {
     * 32-byte HMAC-SHA256 of the above values, computed as:
     *
     *    HMAC(H,
-     *         ISecureClock.TIME_STAMP_MAC_LABEL || challenge || timestamp || securityLevel )
+     *         ISecureClock.TIME_STAMP_MAC_LABEL || challenge || timestamp || 1 )
     *
     * where:
     *
@@ -50,9 +50,7 @@ parcelable TimeStampToken {
     *   ``||'' represents concatenation
     *
     * The representation of challenge and timestamp is as 64-bit unsigned integers in big-endian
-     * order. SecurityLevel is represented as a 32-bit unsigned integer in big-endian order as
-     * described in android.hardware.security.keymint.SecurityLevel. It represents the security
-     * level of the secure clock environment.
+     * order.  1, above, is a 32-bit unsigned integer, also big-endian.
     */
    byte[] mac;
 }