1*9860b763SAndroid Build Coastguard Worker // Copyright 2022, The Android Open Source Project
2*9860b763SAndroid Build Coastguard Worker //
3*9860b763SAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License");
4*9860b763SAndroid Build Coastguard Worker // you may not use this file except in compliance with the License.
5*9860b763SAndroid Build Coastguard Worker // You may obtain a copy of the License at
6*9860b763SAndroid Build Coastguard Worker //
7*9860b763SAndroid Build Coastguard Worker // http://www.apache.org/licenses/LICENSE-2.0
8*9860b763SAndroid Build Coastguard Worker //
9*9860b763SAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software
10*9860b763SAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS,
11*9860b763SAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*9860b763SAndroid Build Coastguard Worker // See the License for the specific language governing permissions and
13*9860b763SAndroid Build Coastguard Worker // limitations under the License.
14*9860b763SAndroid Build Coastguard Worker
15*9860b763SAndroid Build Coastguard Worker //! TA functionality for secure clocks.
16*9860b763SAndroid Build Coastguard Worker
17*9860b763SAndroid Build Coastguard Worker use alloc::vec::Vec;
18*9860b763SAndroid Build Coastguard Worker use core::mem::size_of;
19*9860b763SAndroid Build Coastguard Worker use kmr_common::{km_err, vec_try_with_capacity, Error};
20*9860b763SAndroid Build Coastguard Worker use kmr_wire::secureclock::{TimeStampToken, TIME_STAMP_MAC_LABEL};
21*9860b763SAndroid Build Coastguard Worker
22*9860b763SAndroid Build Coastguard Worker impl crate::KeyMintTa {
generate_timestamp(&self, challenge: i64) -> Result<TimeStampToken, Error>23*9860b763SAndroid Build Coastguard Worker pub(crate) fn generate_timestamp(&self, challenge: i64) -> Result<TimeStampToken, Error> {
24*9860b763SAndroid Build Coastguard Worker if let Some(clock) = &self.imp.clock {
25*9860b763SAndroid Build Coastguard Worker let mut ret =
26*9860b763SAndroid Build Coastguard Worker TimeStampToken { challenge, timestamp: clock.now().into(), mac: Vec::new() };
27*9860b763SAndroid Build Coastguard Worker let mac_input = self.dev.keys.timestamp_token_mac_input(&ret)?;
28*9860b763SAndroid Build Coastguard Worker ret.mac = self.device_hmac(&mac_input)?;
29*9860b763SAndroid Build Coastguard Worker Ok(ret)
30*9860b763SAndroid Build Coastguard Worker } else {
31*9860b763SAndroid Build Coastguard Worker Err(km_err!(Unimplemented, "no clock available"))
32*9860b763SAndroid Build Coastguard Worker }
33*9860b763SAndroid Build Coastguard Worker }
34*9860b763SAndroid Build Coastguard Worker }
35*9860b763SAndroid Build Coastguard Worker
36*9860b763SAndroid Build Coastguard Worker /// Build the HMAC input for a [`TimeStampToken`]
timestamp_token_mac_input(token: &TimeStampToken) -> Result<Vec<u8>, Error>37*9860b763SAndroid Build Coastguard Worker pub fn timestamp_token_mac_input(token: &TimeStampToken) -> Result<Vec<u8>, Error> {
38*9860b763SAndroid Build Coastguard Worker let mut result = vec_try_with_capacity!(
39*9860b763SAndroid Build Coastguard Worker TIME_STAMP_MAC_LABEL.len() +
40*9860b763SAndroid Build Coastguard Worker size_of::<i64>() + // challenge (BE)
41*9860b763SAndroid Build Coastguard Worker size_of::<i64>() + // timestamp (BE)
42*9860b763SAndroid Build Coastguard Worker size_of::<u32>() // 1u32 (BE)
43*9860b763SAndroid Build Coastguard Worker )?;
44*9860b763SAndroid Build Coastguard Worker result.extend_from_slice(TIME_STAMP_MAC_LABEL);
45*9860b763SAndroid Build Coastguard Worker result.extend_from_slice(&token.challenge.to_be_bytes()[..]);
46*9860b763SAndroid Build Coastguard Worker result.extend_from_slice(&token.timestamp.milliseconds.to_be_bytes()[..]);
47*9860b763SAndroid Build Coastguard Worker result.extend_from_slice(&1u32.to_be_bytes()[..]);
48*9860b763SAndroid Build Coastguard Worker Ok(result)
49*9860b763SAndroid Build Coastguard Worker }
50