Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4a065416 authored by Orlando Arbildo's avatar Orlando Arbildo
Browse files

hwcrypto: Add get_keyslot_data to HWCryptoKey AIDL definition 

Adding getKeyslotData function to access device specific
keys.

Bug: 284152719
Test: qemu android build
Change-Id: I75d7a3694a5b0330e1721a671621763917295867
parent 60d8a03e

staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl

+4 −0
Original line number Diff line number Diff line
@@ -40,10 +40,14 @@ interface IHwCryptoKey { 
  android.hardware.security.see.hwcrypto.IOpaqueKey importClearKey(in android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial keyMaterial, in android.hardware.security.see.hwcrypto.KeyPolicy newKeyPolicy);

  byte[] getCurrentDicePolicy();

  android.hardware.security.see.hwcrypto.IOpaqueKey keyTokenImport(in android.hardware.security.see.hwcrypto.types.OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);

  android.hardware.security.see.hwcrypto.IOpaqueKey getKeyslotData(android.hardware.security.see.hwcrypto.IHwCryptoKey.KeySlot slotId);

  enum DeviceKeyId {

    DEVICE_BOUND_KEY,

    BATCH_KEY,

  }

  enum KeySlot {

    KEYMINT_SHARED_HMAC_KEY,

  }

  union DiceBoundDerivationKey {

    android.hardware.security.see.hwcrypto.IOpaqueKey opaqueKey;

    android.hardware.security.see.hwcrypto.IHwCryptoKey.DeviceKeyId keyId;

staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl

+1 −0
Original line number Diff line number Diff line
@@ -41,4 +41,5 @@ parcelable HalErrorCode { 
  const int ALLOCATION_ERROR = (-5) /* -5 */;

  const int INVALID_KEY = (-6) /* -6 */;

  const int BAD_PARAMETER = (-7) /* -7 */;

  const int UNAUTHORIZED = (-8) /* -8 */;

}

staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl

+30 −0
Original line number Diff line number Diff line
@@ -37,6 +37,19 @@ interface IHwCryptoKey { 
        DEVICE_BOUND_KEY,

        BATCH_KEY,

    }



    /*

     * Identifier for the requested key slot. The currently supported identifiers are:

     *

     * KEYMINT_SHARED_HMAC_KEY:

     *      This is the shared HMAC key that will now be computed by HwCryptoKey after participating

     *      in the ISharedSecret protocol that can be shared with KeyMint and authenticators. See

     *      ISharedSecret.aidl for more information.

     */

    enum KeySlot {

        KEYMINT_SHARED_HMAC_KEY,

    }



    union DiceBoundDerivationKey {

        /*

         * Opaque to be used to derive the DICE bound key.
@@ -256,4 +269,21 @@ interface IHwCryptoKey { 
     *      success, service specific error based on <code>HalErrorCode</code> otherwise.

     */

    IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);



    /*

     * getKeyslotData() - Gets the keyslot key material referenced by slotId.

     *

     * @slotId:

     *      Identifier for the requested keyslot

     *

     * This interface is used to access device specific keys with known types and uses. Because the

     * returned key is opaque, it can only be used through the different HwCrypto interfaces.

     * Because the keys live in a global namespace the identity of the caller needs to be

     * checked to verify that it has permission to accesses the requested key.

     *

     * Return:

     *      Ok(IOpaqueKey) on success, UNAUTHORIZED if the caller cannot access the requested key,

     *      another specific error code otherwise.

     */

    IOpaqueKey getKeyslotData(KeySlot slotId);

}

staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl

+3 −0
Original line number Diff line number Diff line
@@ -42,4 +42,7 @@ parcelable HalErrorCode { 


    /* Bad parameter supplied for the desired operation */

    const int BAD_PARAMETER = -7;



    /* Caller is not authorized to make this call */

    const int UNAUTHORIZED = -8;

}