Add additional parameters to importWrappedKey (8d28efa9) · Commits · e / os / android_hardware_interfaces

keymaster/4.0/IKeymasterDevice.hal

+20 −2

Original line number	Diff line number	Diff line
		@@ -274,6 +274,23 @@ interface IKeymasterDevice {
		* @param maskingKey The 32-byte value XOR'd with the transport key in the SecureWrappedKey
		* structure.
		*
		* @param unwrappingParams must contain any parameters needed to perform the unwrapping
		* operation. For example, if the wrapping key is an AES key the block and padding modes
		* must be specified in this argument.
		*
		* @param passwordSid specifies the password secure ID (SID) of the user that owns the key being
		* installed. If the authorization list in wrappedKeyData contains a Tag::USER_SECURE_ID
		* with a value that has the HardwareAuthenticatorType::PASSWORD bit set, the constructed
		* key must be bound to the SID value provided by this argument. If the wrappedKeyData
		* does not contain such a tag and value, this argument must be ignored.
		*
		* @param biometricSid specifies the biometric secure ID (SID) of the user that owns the key
		* being installed. If the authorization list in wrappedKeyData contains a
		* Tag::USER_SECURE_ID with a value that has the HardwareAuthenticatorType::FINGERPRINT
		* bit set, the constructed key must be bound to the SID value provided by this argument.
		* If the wrappedKeyData does not contain such a tag and value, this argument must be
		* ignored.
		*
		* @return error See the ErrorCode enum.
		*
		* @return keyBlob Opaque descriptor of the imported key. It is recommended that the keyBlob
		@@ -281,7 +298,8 @@ interface IKeymasterDevice {
		* hardware.
		*/
		importWrappedKey(vec<uint8_t> wrappedKeyData, vec<uint8_t> wrappingKeyBlob,
		vec<uint8_t> maskingKey)
		vec<uint8_t> maskingKey, vec<KeyParameter> unwrappingParams,
		uint64_t passwordSid, uint64_t biometricSid)
		generates(ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);

		/**

keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h

+6 −2

Original line number	Diff line number	Diff line
		@@ -74,8 +74,12 @@ class Keymaster3 : public Keymaster {
		Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
		const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;

		Return<void> importWrappedKey(const hidl_vec<uint8_t>&, const hidl_vec<uint8_t>&,
		const hidl_vec<uint8_t>&, importWrappedKey_cb _hidl_cb) {
		Return<void> importWrappedKey(const hidl_vec<uint8_t>& /* wrappedKeyData */,
		const hidl_vec<uint8_t>& /* wrappingKeyBlob */,
		const hidl_vec<uint8_t>& /* maskingKey */,
		const hidl_vec<KeyParameter>& /* unwrappingParams */,
		uint64_t /* passwordSid /, uint64_t / biometricSid */,
		importWrappedKey_cb _hidl_cb) {
		_hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {});
		return Void();
		}

keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h

+4 −1

Original line number	Diff line number	Diff line
		@@ -81,8 +81,11 @@ class Keymaster4 : public Keymaster {
		Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
		const hidl_vec<uint8_t>& wrappingKeyBlob,
		const hidl_vec<uint8_t>& maskingKey,
		const hidl_vec<KeyParameter>& unwrappingParams,
		uint64_t passwordSid, uint64_t biometricSid,
		importWrappedKey_cb _hidl_cb) {
		return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, _hidl_cb);
		return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, unwrappingParams,
		passwordSid, biometricSid, _hidl_cb);
		}

		Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,

keymaster/4.0/vts/functional/KeymasterHidlTest.cpp

+4 −1

Original line number	Diff line number	Diff line
		@@ -137,11 +137,14 @@ ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyForm

		ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
		const AuthorizationSet& wrapping_key_desc,
		string masking_key) {
		string masking_key,
		const AuthorizationSet& unwrapping_params) {
		ErrorCode error;
		ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
		EXPECT_TRUE(keymaster_
		->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
		unwrapping_params.hidl_data(), 0 /* passwordSid */,
		0 /* biometricSid */,
		[&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
		const KeyCharacteristics& hidl_key_characteristics) {
		error = hidl_error;

keymaster/4.0/vts/functional/KeymasterHidlTest.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -116,7 +116,8 @@ class KeymasterHidlTest : public ::testing::VtsHalHidlTargetTestBase {
		const string& key_material);

		ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
		const AuthorizationSet& wrapping_key_desc, string masking_key);
		const AuthorizationSet& wrapping_key_desc, string masking_key,
		const AuthorizationSet& unwrapping_params);

		ErrorCode ExportKey(KeyFormat format, const HidlBuf& key_blob, const HidlBuf& client_id,
		const HidlBuf& app_data, HidlBuf* key_material);