Merge "hwcrypto: Add get_keyslot_data to HWCryptoKey AIDL definition" into main

  android.hardware.security.see.hwcrypto.IOpaqueKey importClearKey(in android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial keyMaterial, in android.hardware.security.see.hwcrypto.KeyPolicy newKeyPolicy);

  byte[] getCurrentDicePolicy();

  android.hardware.security.see.hwcrypto.IOpaqueKey keyTokenImport(in android.hardware.security.see.hwcrypto.types.OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);

  android.hardware.security.see.hwcrypto.IOpaqueKey getKeyslotData(android.hardware.security.see.hwcrypto.IHwCryptoKey.KeySlot slotId);

  enum DeviceKeyId {

    DEVICE_BOUND_KEY,

    BATCH_KEY,

  }

  enum KeySlot {

    KEYMINT_SHARED_HMAC_KEY,

  }

  union DiceBoundDerivationKey {

    android.hardware.security.see.hwcrypto.IOpaqueKey opaqueKey;

    android.hardware.security.see.hwcrypto.IHwCryptoKey.DeviceKeyId keyId;

  const int ALLOCATION_ERROR = (-5) /* -5 */;

  const int INVALID_KEY = (-6) /* -6 */;

  const int BAD_PARAMETER = (-7) /* -7 */;

  const int UNAUTHORIZED = (-8) /* -8 */;

}

        DEVICE_BOUND_KEY,

        BATCH_KEY,

    }

    /*

     * Identifier for the requested key slot. The currently supported identifiers are:

     *

     * KEYMINT_SHARED_HMAC_KEY:

     *      This is the shared HMAC key that will now be computed by HwCryptoKey after participating

     *      in the ISharedSecret protocol that can be shared with KeyMint and authenticators. See

     *      ISharedSecret.aidl for more information.

     */

    enum KeySlot {

        KEYMINT_SHARED_HMAC_KEY,

    }

    union DiceBoundDerivationKey {

        /*

         * Opaque to be used to derive the DICE bound key.

     *      success, service specific error based on <code>HalErrorCode</code> otherwise.

     */

    IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);

    /*

     * getKeyslotData() - Gets the keyslot key material referenced by slotId.

     *

     * @slotId:

     *      Identifier for the requested keyslot

     *

     * This interface is used to access device specific keys with known types and uses. Because the

     * returned key is opaque, it can only be used through the different HwCrypto interfaces.

     * Because the keys live in a global namespace the identity of the caller needs to be

     * checked to verify that it has permission to accesses the requested key.

     *

     * Return:

     *      Ok(IOpaqueKey) on success, UNAUTHORIZED if the caller cannot access the requested key,

     *      another specific error code otherwise.

     */

    IOpaqueKey getKeyslotData(KeySlot slotId);

}

    /* Bad parameter supplied for the desired operation */

    const int BAD_PARAMETER = -7;

    /* Caller is not authorized to make this call */

    const int UNAUTHORIZED = -8;

}