Merge changes Iaa941e12,Icbd4c9cd am: 2530f9ca5e am: b361a6f5f4
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2203576
Change-Id: Ica5c6e96b7dd0c70077d56688d78d7a3c5d54fc7
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index ae75579..4c2be89 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -158,12 +158,23 @@
* Failed (3),
* }
*
+ * -- Note that the AuthorizationList SEQUENCE is also used in IKeyMintDevice::importWrappedKey
+ * -- as a way of describing the authorizations associated with a key that is being securely
+ * -- imported. As such, it includes the ability to describe tags that are only relevant for
+ * -- symmetric keys, and which will never appear in the attestation extension of an X.509
+ * -- certificate that holds the public key part of an asymmetric keypair. Importing a wrapped
+ * -- key also allows the use of Tag::USER_SECURE_ID, which is never included in an attestation
+ * -- extension because it has no meaning off-device.
+ *
* AuthorizationList ::= SEQUENCE {
* purpose [1] EXPLICIT SET OF INTEGER OPTIONAL,
* algorithm [2] EXPLICIT INTEGER OPTIONAL,
* keySize [3] EXPLICIT INTEGER OPTIONAL,
+ * blockMode [4] EXPLICIT SET OF INTEGER OPTIONAL, -- symmetric only
* digest [5] EXPLICIT SET OF INTEGER OPTIONAL,
* padding [6] EXPLICIT SET OF INTEGER OPTIONAL,
+ * callerNonce [7] EXPLICIT NULL OPTIONAL, -- symmetric only
+ * minMacLength [8] EXPLICIT INTEGER OPTIONAL, -- symmetric only
* ecCurve [10] EXPLICIT INTEGER OPTIONAL,
* rsaPublicExponent [200] EXPLICIT INTEGER OPTIONAL,
* mgfDigest [203] EXPLICIT SET OF INTEGER OPTIONAL,
@@ -173,6 +184,7 @@
* originationExpireDateTime [401] EXPLICIT INTEGER OPTIONAL,
* usageExpireDateTime [402] EXPLICIT INTEGER OPTIONAL,
* usageCountLimit [405] EXPLICIT INTEGER OPTIONAL,
+ * userSecureId [502] EXPLICIT INTEGER OPTIONAL, -- only used on import
* noAuthRequired [503] EXPLICIT NULL OPTIONAL,
* userAuthType [504] EXPLICIT INTEGER OPTIONAL,
* authTimeout [505] EXPLICIT INTEGER OPTIONAL,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index 871a1ac..47361d5 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -274,25 +274,10 @@
USAGE_EXPIRE_DATETIME = TagType.DATE | 402,
/**
- * Tag::MIN_SECONDS_BETWEEN_OPS specifies the minimum amount of time that elapses between
- * allowed operations using a key. This can be used to rate-limit uses of keys in contexts
- * where unlimited use may enable brute force attacks.
+ * OBSOLETE: Do not use.
*
- * The value is a 32-bit integer representing seconds between allowed operations.
- *
- * When a key with this tag is used in an operation, the IKeyMintDevice must start a timer
- * during the finish() or abort() call. Any call to begin() that is received before the timer
- * indicates that the interval specified by Tag::MIN_SECONDS_BETWEEN_OPS has elapsed must fail
- * with ErrorCode::KEY_RATE_LIMIT_EXCEEDED. This implies that the IKeyMintDevice must keep a
- * table of use counters for keys with this tag. Because memory is often limited, this table
- * may have a fixed maximum size and KeyMint may fail operations that attempt to use keys with
- * this tag when the table is full. The table must accommodate at least 8 in-use keys and
- * aggressively reuse table slots when key minimum-usage intervals expire. If an operation
- * fails because the table is full, KeyMint returns ErrorCode::TOO_MANY_OPERATIONS.
- *
- * Must be hardware-enforced.
- *
- * TODO(b/191738660): Remove in KeyMint V2. Currently only used for FDE.
+ * This tag value is included for historical reason, as it was present in Keymaster.
+ * KeyMint implementations do not need to support this tag.
*/
MIN_SECONDS_BETWEEN_OPS = TagType.UINT | 403,
@@ -898,8 +883,12 @@
STORAGE_KEY = TagType.BOOL | 722,
/**
- * OBSOLETE: Do not use. See IKeyMintOperation.updateAad instead.
- * TODO(b/191738660): Remove in KeyMint v2.
+ * OBSOLETE: Do not use.
+ *
+ * This tag value is included for historical reasons -- in Keymaster it was used to hold
+ * associated data for AEAD encryption, as an additional parameter to
+ * IKeymasterDevice::finish(). In KeyMint the IKeyMintOperation::updateAad() method is used for
+ * this.
*/
ASSOCIATED_DATA = TagType.BYTES | 1000,
@@ -938,10 +927,12 @@
RESET_SINCE_ID_ROTATION = TagType.BOOL | 1004,
/**
- * OBSOLETE: Do not use. See the authToken parameter for IKeyMintDevice::begin and for
- * IKeyMintOperation methods instead.
+ * OBSOLETE: Do not use.
*
- * TODO(b/191738660): Delete when keystore1 is deleted.
+ * This tag value is included for historical reasons -- in Keymaster it was used to hold
+ * a confirmation token as an additional parameter to
+ * IKeymasterDevice::finish(). In KeyMint the IKeyMintOperation::finish() method includes
+ * a confirmationToken argument for this.
*/
CONFIRMATION_TOKEN = TagType.BYTES | 1005,