Add key parameter to deriveDicePolicyBoundKey (287187f1) · Commits · e / os / android_hardware_interfaces

staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl

+10 −2

Original line number	Original line	Diff line number	Diff line
	@@ -33,9 +33,17 @@

	package android.hardware.security.see.hwcrypto;		package android.hardware.security.see.hwcrypto;
	interface IHwCryptoKey {		interface IHwCryptoKey {
	android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey();		android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey);
	android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundKeyResult deriveDicePolicyBoundKey(in byte[] dicePolicyForKeyVersion);		android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundKeyResult deriveDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
	android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKey deriveKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKeyParameters parameters);		android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKey deriveKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKeyParameters parameters);
			enum DeviceKeyId {
			DEVICE_BOUND_KEY,
			BATCH_KEY,
			}
			union DiceBoundDerivationKey {
			android.hardware.security.see.hwcrypto.IOpaqueKey opaqueKey;
			android.hardware.security.see.hwcrypto.IHwCryptoKey.DeviceKeyId keyId;
			}
	parcelable DiceCurrentBoundKeyResult {		parcelable DiceCurrentBoundKeyResult {
	android.hardware.security.see.hwcrypto.IOpaqueKey diceBoundKey;		android.hardware.security.see.hwcrypto.IOpaqueKey diceBoundKey;
	byte[] dicePolicyForKeyVersion;		byte[] dicePolicyForKeyVersion;

staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl

+34 −2

Original line number	Original line	Diff line number	Diff line
	@@ -22,6 +22,30 @@ import android.hardware.security.see.hwcrypto.KeyPolicy;
	* Higher level interface to access and generate keys.		* Higher level interface to access and generate keys.
	*/		*/
	interface IHwCryptoKey {		interface IHwCryptoKey {
			/*
			* Identifier for the requested device provided key. The currently supported identifiers are:
			*
			* DEVICE_BOUND_KEY:
			* This is a key unique to the device.
			* BATCH_KEY:
			* This is a shared by a set of devices.
			*/
			enum DeviceKeyId {
			DEVICE_BOUND_KEY,
			BATCH_KEY,
			}
			union DiceBoundDerivationKey {
			/*
			* Opaque to be used to derive the DICE bound key.
			*/
			IOpaqueKey opaqueKey;

			/*
			* Device provided key to be used to derive the DICE bound key.
			*/
			DeviceKeyId keyId;
			}

	parcelable DiceCurrentBoundKeyResult {		parcelable DiceCurrentBoundKeyResult {
	/*		/*
	* Key cryptographically bound to a DICE policy.		* Key cryptographically bound to a DICE policy.
	@@ -112,17 +136,24 @@ interface IHwCryptoKey {
	* policy. It will return this current policy back to the caller		* policy. It will return this current policy back to the caller
	* along with the generated key.		* along with the generated key.
	*		*
			* @derivationKey:
			* Key to be used to derive the new key using HKDF.
			*
	* Return:		* Return:
	* Ok(DiceCurrentBoundKeyResult) on success, service specific error based on		* Ok(DiceCurrentBoundKeyResult) on success, service specific error based on
	* <code>HalErrorCode</code> otherwise.		* <code>HalErrorCode</code> otherwise.
	*/		*/
	DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey();		DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(
			in DiceBoundDerivationKey derivationKey);

	/*		/*
	* deriveDicePolicyBoundKey() - Derive a versioned key by checking the provided DICE policy		* deriveDicePolicyBoundKey() - Derive a versioned key by checking the provided DICE policy
	* against the caller and then using it as a context for deriving		* against the caller and then using it as a context for deriving
	* the returned key.		* the returned key.
	*		*
			* @derivationKey:
			* Key to be used to derive the new key using HKDF.
			*
	* @dicePolicyForKeyVersion:		* @dicePolicyForKeyVersion:
	* Policy used to derive keys tied to specific versions. Using this parameter		* Policy used to derive keys tied to specific versions. Using this parameter
	* the caller can tie a derived key to a minimum version of itself, so in the future only		* the caller can tie a derived key to a minimum version of itself, so in the future only
	@@ -137,7 +168,8 @@ interface IHwCryptoKey {
	* Ok(DiceBoundKeyResult) on success, service specific error based on		* Ok(DiceBoundKeyResult) on success, service specific error based on
	* <code>HalErrorCode</code> otherwise.		* <code>HalErrorCode</code> otherwise.
	*/		*/
	DiceBoundKeyResult deriveDicePolicyBoundKey(in byte[] dicePolicyForKeyVersion);		DiceBoundKeyResult deriveDicePolicyBoundKey(
			in DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);

	/*		/*
	* deriveKey() - Derive a new key based on the given key, policy and context.		* deriveKey() - Derive a new key based on the given key, policy and context.