Google Git
Sign in
android/platform/hardware/interfaces/android17-release/./security/timestamp
tree: ad093dabfd4818f0f9befa5c5890de8b0378b352
  1. aidl/
  2. README.md
security/timestamp/README.md

ITimeStamper HAL

Purpose

This HAL provides an interface to request RFC3161 timestamp tokens for a given hash. This is typically used for secure timestamping of data in conjunction with a Trusted Execution Environment (TEE).

AIDL Interface

The interface is defined in aidl/android/hardware/security/timestamp/ITimeStamper.aidl.

  • TimeStampReq: A parcelable containing the DER encoded RFC3161 TimeStampReq structure.
  • createRfc3161TimestampToken(in TimeStampReq timestampReq): Takes a TimeStampReq and returns a byte[] containing the DER encoded RFC3161 TimeStampToken.

Implementations

Default (Non-Secure TA)

The default implementation located in system/keymint/hal/src/timestamp.rs is an INSECURE implementation that communicates with a non-secure Trusted Application (TA) via a serialized channel.

  • Communication: Uses the SerializedChannel interface to send requests to the non-secure KeyMint TA.
  • Timestamp Generation: The non-secure TA (system/keymint/ta/src/timestamp.rs) provides a dummy implementation, returning a fixed ASN.1 SEQUENCE.
  • Signing: Uses a dummy signature generated by the non-secure TA.
  • Purpose: Intended for testing, development, and use on virtual devices like Cuttlefish where a real secure TEE is not available or necessary for the test case.