From e65066734109f3cd9df28ffeb8fa4ca971c94225 Mon Sep 17 00:00:00 2001
From: David Drysdale <drysdale@google.com>
Date: Thu, 6 May 2021 08:24:06 +0100
Subject: [PATCH] KeyMint HAL: cert dates are in milliseconds

Test: None, comment change only
Change-Id: I6251d4a0ba74d111f4c107f9a54a5c45811aa90f
---
 .../hardware/security/keymint/KeyParameterValue.aidl      | 2 +-
 .../aidl/android/hardware/security/keymint/Tag.aidl       | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyParameterValue.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyParameterValue.aidl
index 59016f2c3b..924f4023ba 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyParameterValue.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyParameterValue.aidl
@@ -48,7 +48,7 @@ union KeyParameterValue {
     boolean boolValue; // Always true, if present.
     int integer;
     long longInteger;
-    long dateTime;
+    long dateTime; // In milliseconds from epoch
 
     byte[] blob;
 }
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index 8fbc91a0ef..66f79ce041 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -935,15 +935,15 @@ enum Tag {
 
     /**
      * Tag::CERTIFICATE_NOT_BEFORE the beginning of the validity of the certificate in UNIX epoch
-     * time in seconds.  This value is used when generating attestation or self signed certificates.
-     * ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if this tag is not
-     * provided to generateKey or importKey.
+     * time in milliseconds.  This value is used when generating attestation or self signed
+     * certificates.  ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if
+     * this tag is not provided to generateKey or importKey.
      */
     CERTIFICATE_NOT_BEFORE = (6 << 28) /* TagType:DATE */ | 1008,
 
     /**
      * Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch time in
-     * seconds.  This value is used when generating attestation or self signed certificates.
+     * milliseconds.  This value is used when generating attestation or self signed certificates.
      * ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey or
      * importKey.
      */