Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c45edf9e authored by Paul Crowley's avatar Paul Crowley Committed by Automerger Merge Worker
Browse files

Merge "Add getKeyCharacteristics method to KeyMint" am: 8b25958b am: 08e40ff4 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1690690

Change-Id: If3f6752a1b7fa175f8bd4d882974e005fc3fe41c
parents dd1756f2 08e40ff4

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl

+1 −0
Original line number Diff line number Diff line
@@ -48,5 +48,6 @@ interface IKeyMintDevice { 
  void deviceLocked(in boolean passwordOnly, in @nullable android.hardware.security.secureclock.TimeStampToken timestampToken);

  void earlyBootEnded();

  byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);

  android.hardware.security.keymint.KeyCharacteristics[] getKeyCharacteristics(in byte[] keyBlob, in byte[] appId, in byte[] appData);

  const int AUTH_TOKEN_MAC_LENGTH = 32;

}

security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

+24 −1
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ import android.hardware.security.keymint.AttestationKey; 
import android.hardware.security.keymint.BeginResult;

import android.hardware.security.keymint.HardwareAuthToken;

import android.hardware.security.keymint.IKeyMintOperation;

import android.hardware.security.keymint.KeyCharacteristics;

import android.hardware.security.keymint.KeyCreationResult;

import android.hardware.security.keymint.KeyFormat;

import android.hardware.security.keymint.KeyMintHardwareInfo;
@@ -782,7 +783,7 @@ interface IKeyMintDevice { 
     */

    void earlyBootEnded();



    /*

    /**

     * Called by the client to get a wrapped per-boot ephemeral key from a wrapped storage key.

     * Clients will then use the returned per-boot ephemeral key in place of the wrapped storage

     * key. Whenever the hardware is presented with a per-boot ephemeral key for an operation, it
@@ -802,4 +803,26 @@ interface IKeyMintDevice { 
     *         place of the input storageKeyBlob

     */

    byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);



    /**

     * Returns parameters associated with the provided key. This should match the

     * KeyCharacteristics present in the KeyCreationResult returned by generateKey(),

     * importKey(), or importWrappedKey().

     *

     * @param keyBlob The opaque descriptor returned by generateKey, importKey or importWrappedKey.

     *

     * @param appId An opaque byte string identifying the client.  This value must match the

     *        Tag::APPLICATION_ID data provided during key generation/import.  Without the correct

     *        value, it must be computationally infeasible for the secure hardware to obtain the

     *        key material.

     *

     * @param appData An opaque byte string provided by the application.  This value must match the

     *        Tag::APPLICATION_DATA data provided during key generation/import.  Without the

     *        correct value, it must be computationally infeasible for the secure hardware to

     *        obtain the key material.

     *

     * @return Characteristics of the generated key. See KeyCreationResult for details.

     */

    KeyCharacteristics[] getKeyCharacteristics(

            in byte[] keyBlob, in byte[] appId, in byte[] appData);

}