From dadb18dd290fb7f6fe3ef3c0b82f83a9c6207e00 Mon Sep 17 00:00:00 2001 From: Paul Crowley Date: Thu, 29 Apr 2021 10:07:30 -0700 Subject: [PATCH] Add getKeyCharacteristics method to KeyMint (cherry picked from commit 402d62f7bee0ef162d25543886a5310b1ebb9221) Bug: 186685601 Test: Treehugger Merged-In: Ie72d865a37e2b6834fe6a86bf843d30286384aa5 Change-Id: Ie72d865a37e2b6834fe6a86bf843d30286384aa5 --- .../security/keymint/IKeyMintDevice.aidl | 1 + .../security/keymint/IKeyMintDevice.aidl | 25 ++++++++++++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl index 3f75af6dd0..fa643fc494 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl +++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl @@ -48,5 +48,6 @@ interface IKeyMintDevice { void deviceLocked(in boolean passwordOnly, in @nullable android.hardware.security.secureclock.TimeStampToken timestampToken); void earlyBootEnded(); byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob); + android.hardware.security.keymint.KeyCharacteristics[] getKeyCharacteristics(in byte[] keyBlob, in byte[] appId, in byte[] appData); const int AUTH_TOKEN_MAC_LENGTH = 32; } diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl index a3260f51c6..b4a2bed72d 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl @@ -20,6 +20,7 @@ import android.hardware.security.keymint.AttestationKey; import android.hardware.security.keymint.BeginResult; import android.hardware.security.keymint.HardwareAuthToken; import android.hardware.security.keymint.IKeyMintOperation; +import android.hardware.security.keymint.KeyCharacteristics; import android.hardware.security.keymint.KeyCreationResult; import android.hardware.security.keymint.KeyFormat; import android.hardware.security.keymint.KeyMintHardwareInfo; @@ -766,7 +767,7 @@ interface IKeyMintDevice { */ void earlyBootEnded(); - /* + /** * Called by the client to get a wrapped per-boot ephemeral key from a wrapped storage key. * Clients will then use the returned per-boot ephemeral key in place of the wrapped storage * key. Whenever the hardware is presented with a per-boot ephemeral key for an operation, it @@ -786,4 +787,26 @@ interface IKeyMintDevice { * place of the input storageKeyBlob */ byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob); + + /** + * Returns parameters associated with the provided key. This should match the + * KeyCharacteristics present in the KeyCreationResult returned by generateKey(), + * importKey(), or importWrappedKey(). + * + * @param keyBlob The opaque descriptor returned by generateKey, importKey or importWrappedKey. + * + * @param appId An opaque byte string identifying the client. This value must match the + * Tag::APPLICATION_ID data provided during key generation/import. Without the correct + * value, it must be computationally infeasible for the secure hardware to obtain the + * key material. + * + * @param appData An opaque byte string provided by the application. This value must match the + * Tag::APPLICATION_DATA data provided during key generation/import. Without the + * correct value, it must be computationally infeasible for the secure hardware to + * obtain the key material. + * + * @return Characteristics of the generated key. See KeyCreationResult for details. + */ + KeyCharacteristics[] getKeyCharacteristics( + in byte[] keyBlob, in byte[] appId, in byte[] appData); }