diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl index f0df507a09..3763f0a39a 100644 --- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl +++ b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl @@ -58,8 +58,8 @@ interface IHwCryptoKey { int keySizeBytes; } union DerivedKeyPolicy { - android.hardware.security.see.hwcrypto.KeyPolicy opaqueKey; android.hardware.security.see.hwcrypto.IHwCryptoKey.ClearKeyPolicy clearKey; + byte[] opaqueKey; } parcelable DerivedKeyParameters { android.hardware.security.see.hwcrypto.IOpaqueKey derivationKey; diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl index d2b56045c6..b5e7e9d740 100644 --- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl +++ b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl @@ -89,16 +89,16 @@ interface IHwCryptoKey { } union DerivedKeyPolicy { - /* - * Policy for the newly derived opaque key. Defines how the key can be used and its type. - */ - KeyPolicy opaqueKey; - /* * If used we will derive a clear key and pass it back as an array of bytes on * HwCryptoKeyMaterial::explicitKey. */ ClearKeyPolicy clearKey; + + /* + * Policy for the newly derived opaque key. Defines how the key can be used and its type. + */ + byte[] opaqueKey; } parcelable DerivedKeyParameters { diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl new file mode 100644 index 0000000000..77b632bb49 --- /dev/null +++ b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl @@ -0,0 +1,66 @@ +; +; Copyright (C) 2024 The Android Open Source Project +; +; Licensed under the Apache License, Version 2.0 (the "License"); +; you may not use this file except in compliance with the License. +; You may obtain a copy of the License at +; +; http://www.apache.org/licenses/LICENSE-2.0 +; +; Unless required by applicable law or agreed to in writing, software +; distributed under the License is distributed on an "AS IS" BASIS, +; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +; See the License for the specific language governing permissions and +; limitations under the License. +; + +KeyPolicy = [ + -65701: KeyUse, ;usage + -65702: KeyLifetime ;keyLifetime + -65703: KeyPermissions ;keyPermissions + -65704: KeyType ;keyType + -65705: bool ;keyManagementKey +] + +KeyUse = &( + ENCRYPT: 1, + DECRYPT: 2, + ENCRYPT_DECRYPT: ENCRYPT | DECRYPT, + SIGN: 4, + DERIVE: 8, + WRAP: 16, +) + +KeyLifetime = &( + EPHEMERAL: 0, + HARDWARE: 1, + PORTABLE: 2, +) + +KeyPermissions = &( + ALLOW_EPHEMERAL_KEY_WRAPPING: 0, + ALLOW_HARDWARE_KEY_WRAPPING: 1, + ALLOW_PORTABLE_KEY_WRAPPING: 2, +) + +enum KeyType = &( + AES_128_CBC_NO_PADDING: 0, + AES_128_CBC_PKCS7_PADDING: 1, + AES_128_CTR: 2, + AES_128_GCM: 3, + AES_128_CMAC: 4, + AES_256_CBC_NO_PADDING: 5, + AES_256_CBC_PKCS7_PADDING: 6, + AES_256_CTR: 7, + AES_256_GCM: 8, + AES_256_CMAC: 9, + HMAC_SHA256: 10, + HMAC_SHA512: 11, + RSA2048_PSS_SHA256: 12, + RSA2048_PKCS1_5_SHA256: 13, + ECC_NIST_P256_SIGN_NO_PADDING: 14, + ECC_NIST_P256_SIGN_SHA256: 15, + ECC_NIST_P521_SIGN_NO_PADDING: 16, + ECC_NIST_P521_SIGN_SHA512: 17, + ECC_ED25519_SIGN:18, +)