From 5083a851412dd0dbb48d40a1dd174206dce22e50 Mon Sep 17 00:00:00 2001
From: Subrahmanyaman <subrahmanyaman@google.com>
Date: Mon, 25 Apr 2022 18:03:44 +0000
Subject: [PATCH] Updated the description for APPLICATION_ID and
 APPLICATION_DATA

As the signature of the getKeyCharacteristics() does not
use Tag Mechanism for app_id and app_data, there is no way
to distinguish between appId / appData  values that are
absent, vs values that are present but of zero length. Due to
this limitation a key with a zero-length app_id / app_data
cannot have its key characteristics retrieved using
getKeyCharacteristics()

Test: VtsAidlKeyMintTarget
Change-Id: I145dcba878171c174d48ad42fadeb49e045b5c55
---
 .../aidl/android/hardware/security/keymint/Tag.aidl       | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index b28ebcb5de..42dfad56b1 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -504,7 +504,9 @@ enum Tag {
      * that is necessary during all uses of the key.  In particular, calls to exportKey() and
      * getKeyCharacteristics() must provide the same value to the clientId parameter, and calls to
      * begin() must provide this tag and the same associated data as part of the inParams set.  If
-     * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+     * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.  Note
+     * that a key with a zero-length APPLICATION_ID cannot have its key characteristics retrieved
+     * using getKeyCharacteristics() due to a historical limitation of the API.
      *
      * The content of this tag must be bound to the key cryptographically, meaning it must not be
      * possible for an adversary who has access to all of the secure world secrets but does not have
@@ -525,7 +527,9 @@ enum Tag {
      * that is necessary during all uses of the key.  In particular, calls to begin() and
      * exportKey() must provide the same value to the appData parameter, and calls to begin must
      * provide this tag and the same associated data as part of the inParams set.  If the correct
-     * data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+     * data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.  Note that a key
+     * with a zero-length APPLICATION_DATA cannot have its key characteristics retrieved using
+     * getKeyCharacteristics() due to a historical limitation of the API.
      *
      * The content of this tag must be bound to the key cryptographically, meaning it must not be
      * possible for an adversary who has access to all of the secure world secrets but does not have