Keystore 2.0: Use secure clock service.

Test: CtsVerifier Fingerprint Bound Keys Test
Change-Id: Ia93794f7bcd9f5e26a4121a7bf689440fb1eeed4
diff --git a/keystore2/src/operation.rs b/keystore2/src/operation.rs
index f306df4..8e4f800 100644
--- a/keystore2/src/operation.rs
+++ b/keystore2/src/operation.rs
@@ -134,7 +134,10 @@
     ByteArray::ByteArray, HardwareAuthToken::HardwareAuthToken,
     IKeyMintOperation::IKeyMintOperation, KeyParameter::KeyParameter as KmParam,
     KeyParameterArray::KeyParameterArray, KeyParameterValue::KeyParameterValue as KmParamValue,
-    Tag::Tag, VerificationToken::VerificationToken,
+    Tag::Tag,
+};
+use android_hardware_security_secureclock::aidl::android::hardware::security::secureclock::{
+    TimeStampToken::TimeStampToken,
 };
 use android_system_keystore2::aidl::android::system::keystore2::{
     IKeystoreOperation::BnKeystoreOperation, IKeystoreOperation::IKeystoreOperation,
@@ -356,7 +359,7 @@
                 None,
                 // TODO Get auth token from enforcement module if required.
                 None,
-                // TODO Get verification token from enforcement module if required.
+                // TODO Get timestamp token from enforcement module if required.
                 None,
                 &mut out_params,
                 &mut output,
@@ -369,14 +372,14 @@
 
     /// Based on the authorization information stored in the operation during create_operation(),
     /// and any previous calls to update(), this function returns appropriate auth token and
-    /// verification token to be passed to keymint.
+    /// timestamp token to be passed to keymint.
     /// Note that the call to the global enforcement object happens only during the first call to
     /// update or if finish() is called right after create_opertation.
     fn handle_authorization<'a>(
         auth_token_handler: &'a mut AuthTokenHandler,
         key_params: Option<&Vec<KeyParameter>>,
         op_challenge: Option<&OperationChallenge>,
-    ) -> Result<(Option<&'a HardwareAuthToken>, Option<&'a VerificationToken>)> {
+    ) -> Result<(Option<&'a HardwareAuthToken>, Option<&'a TimeStampToken>)> {
         // keystore performs authorization only if key parameters have been loaded during
         // create_operation()
         if let Some(key_parameters) = key_params {
@@ -395,7 +398,7 @@
                 // this variant is found in every subsequent call to update/finish,
                 // unless the authorization is not required for the key
                 AuthTokenHandler::Token(_, _) => {
-                    auth_token_handler.retrieve_auth_and_verification_tokens()
+                    auth_token_handler.retrieve_auth_and_timestamp_tokens()
                 }
                 _ => Ok((None, None))
             }
@@ -418,7 +421,7 @@
             self.km_op.get_interface().context("In update: Failed to get KeyMintOperation.")?;
 
         let mut auth_handler = self.auth_token_handler.lock().unwrap();
-        let (auth_token_for_km, verification_token_for_km) = Self::handle_authorization(
+        let (auth_token_for_km, timestamp_token_for_km) = Self::handle_authorization(
             &mut auth_handler,
             self.key_params.as_ref(),
             self.op_challenge.as_ref(),
@@ -431,7 +434,7 @@
                 None,
                 Some(input),
                 auth_token_for_km,
-                verification_token_for_km,
+                timestamp_token_for_km,
                 &mut out_params,
                 &mut output,
             )),
@@ -465,7 +468,7 @@
             self.km_op.get_interface().context("In finish: Failed to get KeyMintOperation.")?;
 
         let mut auth_handler = self.auth_token_handler.lock().unwrap();
-        let (auth_token_for_km, verification_token_for_km) = Self::handle_authorization(
+        let (auth_token_for_km, timestamp_token_for_km) = Self::handle_authorization(
             &mut auth_handler,
             self.key_params.as_ref(),
             self.op_challenge.as_ref(),
@@ -480,7 +483,7 @@
                     input,
                     signature,
                     auth_token_for_km,
-                    verification_token_for_km,
+                    timestamp_token_for_km,
                     &mut out_params,
                 )),
             )