Merge "Keystore 2.0: add convertStorageKeyToEphemeral() to IKeymintDevice" am:...

  android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose purpose, in byte[] keyBlob, in android.hardware.security.keymint.KeyParameter[] params, in android.hardware.security.keymint.HardwareAuthToken authToken);

  void deviceLocked(in boolean passwordOnly, in @nullable android.hardware.security.secureclock.TimeStampToken timestampToken);

  void earlyBootEnded();

  byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);

  byte[] performOperation(in byte[] request);

  const int AUTH_TOKEN_MAC_LENGTH = 32;

}

     */

    void earlyBootEnded();

    /*

     * Called by the client to get a wrapped per-boot ephemeral key from a wrapped storage key.

     * Clients will then use the returned per-boot ephemeral key in place of the wrapped storage

     * key. Whenever the hardware is presented with a per-boot ephemeral key for an operation, it

     * must use the storage key associated with that ephemeral key to perform the requested

     * operation.

     *

     * Implementations should return ErrorCode::UNIMPLEMENTED if they don't support wrapped storage

     * keys.

     *

     * Implementations should return ErrorCode::INVALID_ARGUMENT (as a ServiceSpecificException)

     * if the input key blob doesn't represent a valid long-lived wrapped storage key.

     *

     * @param storageKeyBlob is the wrapped storage key for which the client wants a per-boot

     *        ephemeral key

     *

     * @return a buffer containing the per-boot ephemeral keyblob that should henceforth be used in

     *         place of the input storageKeyBlob

     */

    byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);

    /**

     * Called by the client to perform a KeyMint operation.

     *