1 //! TA functionality for secure clocks.
2
3 use alloc::vec::Vec;
4 use core::mem::size_of;
5 use kmr_common::{km_err, vec_try_with_capacity, Error};
6 use kmr_wire::secureclock::{TimeStampToken, TIME_STAMP_MAC_LABEL};
7
8 impl<'a> crate::KeyMintTa<'a> {
generate_timestamp(&self, challenge: i64) -> Result<TimeStampToken, Error>9 pub(crate) fn generate_timestamp(&self, challenge: i64) -> Result<TimeStampToken, Error> {
10 if let Some(clock) = &self.imp.clock {
11 let mut ret =
12 TimeStampToken { challenge, timestamp: clock.now().into(), mac: Vec::new() };
13 let mac_input = self.dev.keys.timestamp_token_mac_input(&ret)?;
14 ret.mac = self.device_hmac(&mac_input)?;
15 Ok(ret)
16 } else {
17 Err(km_err!(Unimplemented, "no clock available"))
18 }
19 }
20 }
21
22 /// Build the HMAC input for a [`TimeStampToken`]
timestamp_token_mac_input(token: &TimeStampToken) -> Result<Vec<u8>, Error>23 pub fn timestamp_token_mac_input(token: &TimeStampToken) -> Result<Vec<u8>, Error> {
24 let mut result = vec_try_with_capacity!(
25 TIME_STAMP_MAC_LABEL.len() +
26 size_of::<i64>() + // challenge (BE)
27 size_of::<i64>() + // timestamp (BE)
28 size_of::<u32>() // 1u32 (BE)
29 )?;
30 result.extend_from_slice(TIME_STAMP_MAC_LABEL);
31 result.extend_from_slice(&token.challenge.to_be_bytes()[..]);
32 result.extend_from_slice(&token.timestamp.milliseconds.to_be_bytes()[..]);
33 result.extend_from_slice(&1u32.to_be_bytes()[..]);
34 Ok(result)
35 }
36