hwcrypto: Moving hwcrypto files out of staging
Moving hwcrypto AIDL files out of staging folder. Marking
stability of files as vintf.
Bug: 284152719
Test: qemu android build
Change-Id: I57c2b618085fa1975305f2f1e5f7572d92ef97ac
diff --git a/compatibility_matrices/compatibility_matrix.202504.xml b/compatibility_matrices/compatibility_matrix.202504.xml
index e019902..1cd49bb 100644
--- a/compatibility_matrices/compatibility_matrix.202504.xml
+++ b/compatibility_matrices/compatibility_matrix.202504.xml
@@ -507,6 +507,14 @@
<instance>nonsecure</instance>
</interface>
</hal>
+ <hal format="aidl">
+ <name>android.hardware.security.see.hwcrypto</name>
+ <version>1</version>
+ <interface>
+ <name>IHwCryptoKey</name>
+ <instance>default</instance>
+ </interface>
+ </hal>
<hal format="aidl" updatable-via-apex="true">
<name>android.hardware.security.secureclock</name>
<version>1</version>
diff --git a/compatibility_matrices/exclude/fcm_exclude.cpp b/compatibility_matrices/exclude/fcm_exclude.cpp
index 79dd0bb..61fb2b3 100644
--- a/compatibility_matrices/exclude/fcm_exclude.cpp
+++ b/compatibility_matrices/exclude/fcm_exclude.cpp
@@ -156,6 +156,7 @@
// Fastboot HAL is only used by recovery. Recovery is owned by OEM. Framework
// does not depend on this HAL, hence it is not declared in any manifests or matrices.
"android.hardware.fastboot@",
+ "android.hardware.security.see.hwcrypto.types",
"android.hardware.security.see.storage",
};
diff --git a/staging/security/see/hwcrypto/aidl/Android.bp b/security/see/hwcrypto/aidl/Android.bp
similarity index 77%
rename from staging/security/see/hwcrypto/aidl/Android.bp
rename to security/see/hwcrypto/aidl/Android.bp
index 2da59a4..e15f494 100644
--- a/staging/security/see/hwcrypto/aidl/Android.bp
+++ b/security/see/hwcrypto/aidl/Android.bp
@@ -8,10 +8,8 @@
}
aidl_interface {
- name: "android.hardware.security.see",
- unstable: false,
- // TODO Remove this owner field when this interface is moved out of /staging
- owner: "google_while_staging",
+ name: "android.hardware.security.see.hwcrypto",
+ stability: "vintf",
host_supported: true,
srcs: [
"android/hardware/security/see/hwcrypto/*.aidl",
@@ -22,11 +20,15 @@
enabled: false,
},
cpp: {
- enabled: false,
+ enabled: true,
},
rust: {
enabled: true,
},
+ ndk: {
+ enabled: true,
+ },
},
frozen: false,
+ system_ext_specific: true,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
index 0a7e7a2..fd2904b 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
union CryptoOperation {
android.hardware.security.see.hwcrypto.MemoryBufferParameter setMemoryBuffer;
android.hardware.security.see.hwcrypto.OperationParameters setOperationParameters;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
index 05780e1..66bed55 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable CryptoOperationErrorAdditionalInfo {
long failingCommandIndex;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
index 1088e27..7996b9a 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable CryptoOperationResult {
@nullable android.hardware.security.see.hwcrypto.ICryptoOperationContext context;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
index f3b9b43..75bb0dc 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable CryptoOperationSet {
@nullable android.hardware.security.see.hwcrypto.ICryptoOperationContext context;
android.hardware.security.see.hwcrypto.CryptoOperation[] operations;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
index 472215f..7646656 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
@@ -32,5 +32,6 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
interface ICryptoOperationContext {
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
index 5b34572..83b8496 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
interface IHwCryptoKey {
android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey);
android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundKeyResult deriveDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
index 5c26cc2..7c87dd3 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
interface IHwCryptoOperations {
android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
index 88dbdf1..1121f01 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
interface IOpaqueKey {
byte[] exportWrappedKey(in android.hardware.security.see.hwcrypto.IOpaqueKey wrappingKey);
android.hardware.security.see.hwcrypto.KeyPolicy getKeyPolicy();
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
index 0e3896e..ca114c3 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable KeyPolicy {
android.hardware.security.see.hwcrypto.types.KeyUse usage;
android.hardware.security.see.hwcrypto.types.KeyLifetime keyLifetime = android.hardware.security.see.hwcrypto.types.KeyLifetime.EPHEMERAL;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
index d88d5c8..1c49297 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable MemoryBufferParameter {
android.hardware.security.see.hwcrypto.MemoryBufferParameter.MemoryBuffer bufferHandle;
int sizeBytes;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
index e069610..d6f57ab 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
union OperationParameters {
android.hardware.security.see.hwcrypto.types.SymmetricAuthOperationParameters symmetricAuthCrypto;
android.hardware.security.see.hwcrypto.types.SymmetricOperationParameters symmetricCrypto;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
index 0fd1ee7..7b9924e 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto;
+@VintfStability
parcelable PatternParameters {
long numberBlocksProcess;
long numberBlocksCopy;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
index e7501ff..6ad2c09 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union AesCipherMode {
android.hardware.security.see.hwcrypto.types.CipherModeParameters cbc;
android.hardware.security.see.hwcrypto.types.CipherModeParameters ctr;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
index 4084abb..68ad142 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union AesGcmMode {
android.hardware.security.see.hwcrypto.types.AesGcmMode.AesGcmModeParameters gcmTag16;
parcelable AesGcmModeParameters {
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
index f4bf786..78b1ff8 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union AesKey {
byte[16] aes128 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
byte[32] aes256;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
index 7a77521..83713ff 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable CipherModeParameters {
byte[16] nonce;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
index 9970678..45cb234 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union ExplicitKeyMaterial {
android.hardware.security.see.hwcrypto.types.AesKey aes;
android.hardware.security.see.hwcrypto.types.HmacKey hmac;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
index 742314c..969e9c8 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable HalErrorCode {
const int NO_ERROR = 0;
const int GENERIC_ERROR = (-1) /* -1 */;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
index f8de94a..4d4e65d 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union HmacKey {
byte[32] sha256 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
byte[64] sha512;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
index 532cd8d..33a518d 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable HmacOperationParameters {
android.hardware.security.see.hwcrypto.IOpaqueKey key;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
similarity index 97%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
index db5964c..ddee337 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
@@ -32,7 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
-@Backing(type="byte")
+@Backing(type="byte") @VintfStability
enum KeyLifetime {
EPHEMERAL,
HARDWARE,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
index ea3a173..919be32 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum KeyPermissions {
ALLOW_EPHEMERAL_KEY_WRAPPING,
ALLOW_HARDWARE_KEY_WRAPPING,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
index 59b83c4..07a7ce4 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum KeyType {
AES_128_CBC_NO_PADDING,
AES_128_CBC_PKCS7_PADDING,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
similarity index 97%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
index e888bdf..b607fd5 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
@@ -32,7 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
-@Backing(type="int")
+@Backing(type="int") @VintfStability
enum KeyUse {
ENCRYPT = 1,
DECRYPT = 2,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
similarity index 96%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
index 59c8757..184e21f 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
@@ -32,7 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
-@RustDerive(Clone=true, Copy=true)
+@RustDerive(Clone=true, Copy=true) @VintfStability
parcelable MemoryBufferReference {
int startOffset;
int sizeBytes;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
index fc2dd63..6dfefcb 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable OpaqueKeyToken {
byte[] keyToken;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
index aad3ac1..858ef1c 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union OperationData {
android.hardware.security.see.hwcrypto.types.MemoryBufferReference memoryBufferReference;
byte[] dataBuffer;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
index ca8b3eb..03c2bba 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum OperationType {
READ,
WRITE,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
index 1e304ab..cb963ee 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum ProtectionId {
WIDEVINE_OUTPUT_BUFFER = 1,
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
index d3d1763..e42190e 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union SymmetricAuthCryptoParameters {
android.hardware.security.see.hwcrypto.types.AesGcmMode aes;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
index 8a8ef09..78c4a4f 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable SymmetricAuthOperationParameters {
android.hardware.security.see.hwcrypto.IOpaqueKey key;
android.hardware.security.see.hwcrypto.types.SymmetricOperation direction;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
index cc93094..8fd5e85 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
union SymmetricCryptoParameters {
android.hardware.security.see.hwcrypto.types.AesCipherMode aes;
}
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
index 1a17525..40fd2d5 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
enum SymmetricOperation {
ENCRYPT,
DECRYPT,
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
index 769833b..7007074 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
@@ -32,6 +32,7 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable SymmetricOperationParameters {
android.hardware.security.see.hwcrypto.IOpaqueKey key;
android.hardware.security.see.hwcrypto.types.SymmetricOperation direction;
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/Void.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/Void.aidl
rename to security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
index b37848b..80c91ee 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/Void.aidl
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
@@ -32,5 +32,6 @@
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.see.hwcrypto.types;
+@VintfStability
parcelable Void {
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
similarity index 99%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
index 2fdbc78..0859d2a 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
@@ -25,6 +25,7 @@
* Type that describes the different operations that can be performed along with its required
* parameters. It will be used to construct a vector of operation that are executed sequentially.
*/
+@VintfStability
union CryptoOperation {
/*
* Sets a memory buffer to operate on. References to positions of this memory buffer can be used
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
index f3ac8ea..cc94b02 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
@@ -18,6 +18,7 @@
/*
* Type that provides more information about failures when processing a list of commands.
*/
+@VintfStability
parcelable CryptoOperationErrorAdditionalInfo {
/*
* Index indicating the first step of <code>CryptoOperationSet::operations</code> that failed
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
index 07c2983..5c3b81e 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
@@ -20,6 +20,7 @@
/*
* Type that describes the result of a set of crypto operations.
*/
+@VintfStability
parcelable CryptoOperationResult {
/*
* Token that can be passed on a CryptoOperationSet to issue more operations on the same context
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
index 9aff1e8..285ed36 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
@@ -21,6 +21,7 @@
/*
* Type that describes a set of crypto operations to execute
*/
+@VintfStability
parcelable CryptoOperationSet {
/*
* Token to be used to issue the operations. If NULL, a new context will be created and
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
index 68d0c03..8cfa735 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
@@ -22,4 +22,5 @@
* operation in progress context includes any memory buffer previously mapped by a
* <code>CryptoOperation::SetMemoryBuffer</code> call.
*/
+@VintfStability
interface ICryptoOperationContext {}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
new file mode 100644
index 0000000..44ec32f
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -0,0 +1,298 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.IHwCryptoOperations;
+import android.hardware.security.see.hwcrypto.IOpaqueKey;
+import android.hardware.security.see.hwcrypto.KeyPolicy;
+import android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial;
+import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
+
+/*
+ * Higher level interface to access and generate keys.
+ */
+@VintfStability
+interface IHwCryptoKey {
+ /*
+ * Identifier for the requested device provided key. The currently supported identifiers are:
+ *
+ */
+ enum DeviceKeyId {
+ /*
+ * This is a key unique to the device.
+ */
+ DEVICE_BOUND_KEY,
+ /*
+ * This is a shared by a set of devices.
+ */
+ BATCH_KEY,
+ }
+
+ /*
+ * Identifier for the requested key slot. The currently supported identifiers are:
+ *
+ */
+ enum KeySlot {
+ /*
+ * This is the shared HMAC key that will now be computed by HwCryptoKey after participating
+ * in the ISharedSecret protocol that can be shared with KeyMint and authenticators. See
+ * ISharedSecret.aidl for more information.
+ */
+ KEYMINT_SHARED_HMAC_KEY,
+ }
+
+ union DiceBoundDerivationKey {
+ /*
+ * Opaque to be used to derive the DICE bound key.
+ */
+ IOpaqueKey opaqueKey;
+
+ /*
+ * Device provided key to be used to derive the DICE bound key.
+ */
+ DeviceKeyId keyId;
+ }
+
+ parcelable DiceCurrentBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Current dice policy which was used to generate the returned key. This policy is opaque
+ * from this service perspective (it will be sent to an Authentication Manager Service to be
+ * verified). It follows the structure defined on DicePolicy.cddl, located under
+ * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/ with the
+ * caveat that it could be encrypted if the client does not have enough permissions to see
+ * the device dice policy information.
+ */
+ byte[] dicePolicyForKeyVersion;
+ }
+
+ parcelable DiceBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Indicates if the diceBoundKey returned was created using a current DICE policy. The
+ * caller can use this to detect if an old policy was provided and rotate its keys if so
+ * desired. Old, valid policies remain usable, but care needs to be taken to not continue to
+ * use a potentially compromised key.
+ */
+ boolean dicePolicyWasCurrent;
+ }
+
+ parcelable ClearKeyPolicy {
+ /*
+ * Indicates the desired key size. It will be used to calculate how many bytes of key
+ * material should be returned.
+ */
+ int keySizeBytes;
+ }
+
+ union DerivedKeyPolicy {
+ /*
+ * If used we will derive a clear key and pass it back as an array of bytes on
+ * <code>HwCryptoKeyMaterial::explicitKey</code>.
+ */
+ ClearKeyPolicy clearKey;
+
+ /*
+ * Policy for the newly derived opaque key. Defines how the key can be used and its type.
+ */
+ byte[] opaqueKey;
+ }
+
+ parcelable DerivedKeyParameters {
+ /*
+ * Key to be used to derive the new key using HKDF.
+ */
+ IOpaqueKey derivationKey;
+
+ /*
+ * Policy for the newly derived key. Depending on its type, either a clear or opaque key
+ * will be derived.
+ */
+ DerivedKeyPolicy keyPolicy;
+
+ /*
+ * An arbitrary set of bytes incorporated into the key derivation. May have an
+ * implementation-specific maximum length, but it is guaranteed to accept at least 32 bytes.
+ */
+ byte[] context;
+ }
+
+ union DerivedKey {
+ /*
+ * Derived key in clear format.
+ */
+ byte[] explicitKey = {};
+
+ /*
+ * Derived key as a key token to be used only through the HWCrypto service.
+ */
+ IOpaqueKey opaque;
+ }
+
+ /*
+ * Derives a versioned key tied to the caller's current DICE policy. It will return this current
+ * policy back to the caller along with the generated key.
+ *
+ * @param derivationKey:
+ * Key to be used to derive the new key using HKDF.
+ *
+ * @return:
+ * A DiceCurrentBoundKeyResult containint the versioned key tied the current client version
+ * on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(
+ in DiceBoundDerivationKey derivationKey);
+
+ /*
+ * Derive a versioned key by checking the provided DICE policy against the caller and then using
+ * it as a context for deriving the returned key.
+ *
+ * @param derivationKey:
+ * Key to be used to derive the new key using HKDF.
+ *
+ * @param dicePolicyForKeyVersion:
+ * Policy used to derive keys tied to specific versions. Using this parameter the caller can
+ * tie a derived key to a minimum version of itself, so in the future only itself or a more
+ * recent version can derive the same key. This parameter is opaque to the caller and it
+ * could be encrypted in the case the client doesn't have permission to know the dice chain.
+ * When implementing this function, this parameter shall be one of the components fed to the
+ * KDF context and it needs to be checked against the caller DICE certificate before being
+ * used.
+ *
+ * @return:
+ * A DiceBoundKeyResult containing the versioned key tied to the provided DICE policy on
+ * success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ DiceBoundKeyResult deriveDicePolicyBoundKey(
+ in DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
+
+ /*
+ * Derive a new key based on the given key, policy and context.
+ *
+ * @param parameters:
+ * Parameters used for the key derivation. See <code>DerivedKeyParameters</code> on this
+ * file for more information.
+ *
+ * @return:
+ * A HwCryptoKeyMaterial containing the derived key on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ DerivedKey deriveKey(in DerivedKeyParameters parameters);
+
+ /*
+ * Returns an interface used to work on opaque keys. This interface can also be used to operate
+ * on any opaque key generated by hwkeyDeriveVersioned, even if this key has been generated
+ * after retrieving a IHwCryptoOperations binder object, as long as the parent
+ * IHwCryptoDeviceKeyAccess is not dropped between retrieving the IHwCryptoOperations binder
+ * object and deriving the key. IHwCryptoOperations can also be used to create opaque keys that
+ * are not bound to the device.
+ *
+ * @return:
+ * IHwCryptoOperations on success
+ */
+ IHwCryptoOperations getHwCryptoOperations();
+
+ /*
+ * Imports a SW clear key into the secure environment.
+ *
+ * @param keyMaterial:
+ * key to be imported.
+ *
+ * @param newKeyPolicy:
+ * Policy of the new key. Defines how the newly created key can be used. Because any clear
+ * key imported into the system is considered to have a <code>KeyLifetime::PORTABLE</code>
+ * lifetime, a call to this function will return an error if
+ * <code>newKeyPolicy.newKeyPolicy</code> is not set to portable.
+ *
+ * @return:
+ * IOpaqueKey on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ IOpaqueKey importClearKey(in ExplicitKeyMaterial keyMaterial, in KeyPolicy newKeyPolicy);
+
+ /*
+ * Returns the client current DICE policy. This policy is encrypted and considered opaque from
+ * the client perspective. This policy is the same used to create DICE bound keys and will also
+ * be used to seal secrets that can only be retrieved by the DICE policy owner. The first use of
+ * this seal operation will be <code>IOpaqueKey::getShareableToken</code> and will call this
+ * <code>IHwCryptoKey::keyTokenImport</code>. To start this process, the intended key receiver
+ * function and then pass the generated DICE policy to the owner of the key that the receiver
+ * wants to import. The key owner will then call <code>IOpaqueKey::getShareableToken</code>
+ * passing the receiver DICE policy to insure that only that receiver can import the key.
+ *
+ * @return:
+ * byte[] on success, which is the caller encrypted DICE policy.
+ */
+ byte[] getCurrentDicePolicy();
+
+ /*
+ * Imports a key from a different client service instance. Because IOpaqueKey are binder objects
+ * that cannot be directly shared between binder rpc clients, this method provide a way to send
+ * a key to another client. Keys to be imported by the receiver are represented by a token
+ * created using <code>IOpaqueKey::getShareableToken</code>. The flow to create this token is
+ * described in <code>IHwCryptoKey::getCurrentDicePolicy</code>.
+ *
+ * @param requested_key:
+ * Handle to the key to be imported to the caller service.
+ *
+ * @param sealingDicePolicy:
+ * DICE policy used to seal the exported key.
+ *
+ * @return:
+ * An IOpaqueKey that can be directly be used on the local HWCrypto service on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
+
+ /*
+ * Gets the keyslot key material referenced by slotId. This interface is used to access device
+ * specific keys with known types and uses. Because the returned key is opaque, it can only be
+ * used through the different HwCrypto interfaces. Because the keys live in a global namespace
+ * the identity of the caller needs to be checked to verify that it has permission to access the
+ * requested key.
+ *
+ * @param slotId:
+ * Identifier for the requested keyslot
+ *
+ * @return:
+ * An IOpaqueKey corresponding to the requested key slot on success.
+ *
+ * @throws:
+ * ServiceSpecificException <code>UNAUTHORIZED</code> if the caller cannot access the
+ * requested key, another specific error based on <code>HalErrorCode</code> otherwise.
+ */
+ IOpaqueKey getKeyslotData(KeySlot slotId);
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
similarity index 84%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
index 4d394ed..9df6d67 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
@@ -24,20 +24,25 @@
* cryptographic keys. Interactions with this interface are done through a command-base API,
* which allow callers to execute a large set of operations on a single call.
*/
+@VintfStability
interface IHwCryptoOperations {
/*
- * processCommandList() - Executes a list of cryptographic commands in order
+ * Executes a list of cryptographic commands in order
*
- * @operations:
+ * @param operations:
* Parameter containing 1 or more set of commands to execute. Additionally, each set can
* also contain a context on which the commands will be executed.
- * @additionalErrorInfo:
+ *
+ * @param additionalErrorInfo:
* Structure containing additional info when errors are encountered. Only valid if the
* function failed its execution.
- * Return:
+ *
+ * @return:
* CryptoOperationResult[] on success, which can contain a context to continue executing
- * each of the provided operations sets, service specific error based on
- * <code>HalErrorCode</code> otherwise.
+ * each of the provided operations sets.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
*/
CryptoOperationResult[] processCommandList(inout CryptoOperationSet[] operations,
out CryptoOperationErrorAdditionalInfo additionalErrorInfo);
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
new file mode 100644
index 0000000..318a27e
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.KeyPolicy;
+import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
+import android.hardware.security.see.hwcrypto.types.OperationType;
+import android.hardware.security.see.hwcrypto.types.ProtectionId;
+
+@VintfStability
+interface IOpaqueKey {
+ /*
+ * Exports this key as a wrapped (encrypted) blob.
+ *
+ * @param wrapping_key:
+ * wrapping key. It needs to be an opaque key and its policy needs to indicate that it can
+ * be used for key wrapping.
+ *
+ * @return:
+ * Wrapped key blob as a byte array on success. Format of the blob is opaque to the service
+ * but has to match the command accepted by
+ * <code>IHwCryptoKeyGeneration::importWrappedKey</code>
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ byte[] exportWrappedKey(in IOpaqueKey wrappingKey);
+
+ /*
+ * Returns the key policy.
+ *
+ * @return:
+ * A <code>KeyPolicy</code> on success
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ KeyPolicy getKeyPolicy();
+
+ /*
+ * Returns the public key portion of this OpaqueKey. This operation is only valid for asymmetric
+ * keys.
+ *
+ * @return:
+ * public key as a byte array on success. Format used for the returned public key is COSE.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ byte[] getPublicKey();
+
+ /*
+ * Returns a token that can shared with another HWCrypto client.
+ *
+ * @param sealingDicePolicy:
+ * Token to be used to protect the returned OpaqueKeyToken. It will be used so only
+ * the owner of the sealingDicePolicy can import the key.
+ *
+ * @return:
+ * <code>OpaqueKeyMaterial</code> token on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
+
+ /*
+ * Sets the protectionID associated with the buffers where the operation will be performed. A
+ * protection ID serves as a limitation on the key so it can only operate on buffers with a
+ * matching protection ID. The client calling this functions needs to have the necessary
+ * permissions to read and/or write to this buffer. Setting this parameter means that if the key
+ * is shared with a different client, the client receiving the key will be limited in which
+ * buffers can be used to read/write data for this operation.
+ *
+ * @param protectionId:
+ * ID of the given use case to provide protection for. The method of protecting the buffer
+ * will be platform dependent.
+ *
+ * @param allowedOperations:
+ * array of allowed operations. Allowed operations are either READ or WRITE.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ void setProtectionId(in ProtectionId protectionId, in OperationType[] allowedOperations);
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
index 9266bfa..a20e99b 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
@@ -23,6 +23,7 @@
/*
* Parcelable that specified how a key can be used.
*/
+@VintfStability
parcelable KeyPolicy {
/*
* Enum specifying the operations the key can perform (encryption, decryption, etc.).
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
similarity index 100%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
index c5a6a5c..efc5767 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
@@ -18,6 +18,7 @@
/*
* Parcelable representing a memory buffer.
*/
+@VintfStability
parcelable MemoryBufferParameter {
union MemoryBuffer {
ParcelFileDescriptor input;
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
index a977f56..bf0b720 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
@@ -22,6 +22,7 @@
/*
* Type that describes the parameters for the different operations that can be performed.
*/
+@VintfStability
union OperationParameters {
/*
* Parameters for authenticated symmetric cryptography (AES GCM).
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
index 3f62abe..9f8950f 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
@@ -18,6 +18,7 @@
/*
* Parcelable that specifies a pattern to process data.
*/
+@VintfStability
parcelable PatternParameters {
/*
* Number of blocks that will be processed. The size of the block matches the size of the
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
index ac31557..8ce83aa 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
@@ -21,6 +21,7 @@
/*
* Type used for the parameters needed to run a non-authenticated AES operation.
*/
+@VintfStability
union AesCipherMode {
/*
* Cipher Block Chaining mode. Padding will either be none or PKCS#7 depending on the key policy
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
index 4025553..1c6551c 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
@@ -18,6 +18,7 @@
/*
* Type used for the parameters needed to run an authenticated AES operation (GCM).
*/
+@VintfStability
union AesGcmMode {
parcelable AesGcmModeParameters {
/*
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
index cf9082d..ae62ef9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
@@ -18,6 +18,7 @@
/*
* Type that represents an AES key.
*/
+@VintfStability
union AesKey {
/*
* Raw AES 128 bit key material.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
similarity index 88%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
index bfa5daa..e7ede57 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
@@ -19,6 +19,10 @@
/*
* Type encapsulating nonce used on non-authenticated AES symmetric encryption.
*/
+@VintfStability
parcelable CipherModeParameters {
+ /*
+ * nonce to be used as IV for AES-CBC or as the nonce in AES-CTR
+ */
byte[16] nonce;
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
similarity index 88%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
index 3aa5611..a5bf594 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
@@ -21,7 +21,15 @@
/*
* Type encapsulating a clear key.
*/
+@VintfStability
union ExplicitKeyMaterial {
+ /*
+ * AES key in clear format.
+ */
AesKey aes;
+
+ /*
+ * HMAC key in clear format.
+ */
HmacKey hmac;
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
index f536c0e..df12262 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
@@ -18,6 +18,7 @@
/*
* Service error codes. Will be returned as service specific errors.
*/
+@VintfStability
parcelable HalErrorCode {
/* Success */
const int NO_ERROR = 0;
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
index a0b6ba7..b1a988e 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
@@ -18,6 +18,7 @@
/*
* Type that represents an Hmac key.
*/
+@VintfStability
union HmacKey {
/*
* Raw Hmac key for use with sha256.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
similarity index 97%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
index da09a2c..faa3072 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
@@ -19,6 +19,7 @@
/*
* Data needed to perform HMAC operations.
*/
+@VintfStability
parcelable HmacOperationParameters {
/*
* Key to be used for the HMAC operation.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
index 9958a0b..b03b850 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
@@ -20,6 +20,7 @@
* represented as a bitmask to allow us to internally combine them on a single property to describe
* a set of allowed lifetimes.
*/
+@VintfStability
@Backing(type="byte")
enum KeyLifetime {
/*
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
index a1e4f21..c48ef8b 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
@@ -18,6 +18,7 @@
/*
* Additional characteristics and permissions of the key.
*/
+@VintfStability
enum KeyPermissions {
/*
* Key can be wrapped by an ephemeral key.
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
new file mode 100644
index 0000000..ed90899
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Enum describing all supported key types. Key types are strongly bound to the algorithm to
+ * prevent reusing the same key on different algorithms (e.g. using the same key for 2 different AES
+ * 128 Cipher modes).
+ */
+@VintfStability
+enum KeyType {
+ /*
+ * AES with key size 128 bits using CBC mode of operation and no padding.
+ */
+ AES_128_CBC_NO_PADDING,
+
+ /*
+ * AES with key size 128 bits using CBC mode of operation and PKCS7 padding.
+ */
+ AES_128_CBC_PKCS7_PADDING,
+
+ /*
+ * AES with key size 128 bits using counter mode.
+ */
+ AES_128_CTR,
+
+ /*
+ * AES with key size 128 bits using GCM mode for authenticated encryption.
+ */
+ AES_128_GCM,
+
+ /*
+ * AES with key size 128 bits for CMAC calculation.
+ */
+ AES_128_CMAC,
+
+ /*
+ * AES with key size 256 bits using CBC mode of operation and no padding.
+ */
+ AES_256_CBC_NO_PADDING,
+
+ /*
+ * AES with key size 256 bits using CBC mode of operation and PKCS7 padding.
+ */
+ AES_256_CBC_PKCS7_PADDING,
+
+ /*
+ * AES with key size 128 bits using counter mode.
+ */
+ AES_256_CTR,
+
+ /*
+ * AES with key size 128 bits using GCM mode for authenticated encryption.
+ */
+ AES_256_GCM,
+
+ /*
+ * AES with key size 128 bits for CMAC calculation.
+ */
+ AES_256_CMAC,
+
+ /*
+ * Key of length of 32 bytes for HMAC operations using SHA256.
+ */
+ HMAC_SHA256,
+
+ /*
+ * Key of length of 64 bytes for HMAC operations using SHA512.
+ */
+ HMAC_SHA512,
+
+ /*
+ * RSA of key size of 2048 bits for signing using PSS.
+ */
+ RSA2048_PSS_SHA256,
+
+ /*
+ * RSA of key size of 2048 bits for signing with padding PKCS 1.5 and SHA256 as the digest
+ * algorithm.
+ */
+ RSA2048_PKCS1_5_SHA256,
+
+ /*
+ * ECC key for signing using curve P-256 and no padding.
+ */
+ ECC_NIST_P256_SIGN_NO_PADDING,
+
+ /*
+ * ECC key for signing using curve P-256 and SHA256 as hashing algorithm.
+ */
+ ECC_NIST_P256_SIGN_SHA256,
+
+ /*
+ * ECC key for signing using curve P-521 and no padding.
+ */
+ ECC_NIST_P521_SIGN_NO_PADDING,
+
+ /*
+ * ECC key for signing using curve P-512 and SHA512 as hashing algorithm.
+ */
+ ECC_NIST_P521_SIGN_SHA512,
+
+ /*
+ * ECC key for signing using EdDSA.
+ */
+ ECC_ED25519_SIGN,
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
similarity index 77%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
index 76bfd62..60bfd06 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
@@ -18,12 +18,24 @@
/*
* Enum describing the allowed operations that can be performed with the given key.
*/
+@VintfStability
@Backing(type="int")
enum KeyUse {
+ /* Key can be used to encrypt */
ENCRYPT = 1,
+
+ /* Key can be used to decrypt */
DECRYPT = 2,
+
+ /* Key can be used to encrypt or decrypt */
ENCRYPT_DECRYPT = ENCRYPT | DECRYPT,
+
+ /* Key can be used to sign */
SIGN = 4,
+
+ /* Key can be used to derive other keys */
DERIVE = 8,
+
+ /* Key can be used to wrap other keys */
WRAP = 16,
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
index 1175dc5..0f3c099 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
@@ -18,6 +18,7 @@
/*
* Structure representing a section of a memory buffer.
*/
+@VintfStability
@RustDerive(Copy=true, Clone=true)
parcelable MemoryBufferReference {
/*
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
index db95c18..25cc6fb 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
@@ -20,6 +20,7 @@
* valid on the current boot, and its reuse after a session is closed (or between sessions) is not
* guaranteed.
*/
+@VintfStability
parcelable OpaqueKeyToken {
/*
* Opaque type used to send IOpaqueKeys keys to different clients. Its format is implementation
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
index 642d05e..8dfca72 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
@@ -20,6 +20,7 @@
/*
* Union holding buffers to be used by the cryptographic operation.
*/
+@VintfStability
union OperationData {
/*
* Reference (offset, size) to the active operations' MemoryBuffer.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
similarity index 90%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
index 76878a3..2dc9ae9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
@@ -18,7 +18,11 @@
/*
* Enum describing the different types of operations allowed on a buffer.
*/
+@VintfStability
enum OperationType {
+ /* Read operations allowed*/
READ,
+
+ /* Write operations allowed*/
WRITE,
}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
index 8686882..8fd0551 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
@@ -19,6 +19,7 @@
* Enum describing the different types of protected buffers. Protected buffers are named by its
* corresponding use case and its underlaying implementation is platform dependant.
*/
+@VintfStability
enum ProtectionId {
/*
* ProtectionID used by HwCrypto to enable Keys that can be used for Widevine video buffers.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
index 278e48d..79c39f9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
@@ -20,6 +20,7 @@
/*
* Data needed to perform authenticated symmetric cryptographic operations.
*/
+@VintfStability
union SymmetricAuthCryptoParameters {
/*
* AES (Advanced Encryption Standard) GCM parameters.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
index 46568c3..844a3bc 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
@@ -23,6 +23,7 @@
* Parameters needed to perform an authenticated symmetric cryptographic operation. Currently only
* AES-GCM is supported.
*/
+@VintfStability
parcelable SymmetricAuthOperationParameters {
/*
* Key to be used on the operation.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
index 2350242..679fe6a 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
@@ -20,6 +20,7 @@
/*
* Data needed to perform non-authenticated symmetric cryptographic operations.
*/
+@VintfStability
union SymmetricCryptoParameters {
/*
* AES (Advanced Encryption Standard) parameters.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
similarity index 92%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
index 2717472..d88d4e9 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
@@ -18,4 +18,4 @@
/*
* Enum describing the type of symmetric operation desired.
*/
-enum SymmetricOperation { ENCRYPT, DECRYPT }
+@VintfStability enum SymmetricOperation { ENCRYPT, DECRYPT }
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
similarity index 98%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
index 1d1554d..509d416 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
@@ -22,6 +22,7 @@
/*
* Parameters needed to perform a non-authenticated symmetric cryptographic operation.
*/
+@VintfStability
parcelable SymmetricOperationParameters {
/*
* Key to be used on the operation.
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
similarity index 92%
rename from staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
rename to security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
index f9f608d..243fb45 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
@@ -15,4 +15,8 @@
*/
package android.hardware.security.see.hwcrypto.types;
+/*
+ * Type used to represent no data.
+ */
+@VintfStability
parcelable Void {}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
deleted file mode 100644
index bb194a3..0000000
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
+++ /dev/null
@@ -1,289 +0,0 @@
-/*
- * Copyright 2023 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.hardware.security.see.hwcrypto;
-
-import android.hardware.security.see.hwcrypto.IHwCryptoOperations;
-import android.hardware.security.see.hwcrypto.IOpaqueKey;
-import android.hardware.security.see.hwcrypto.KeyPolicy;
-import android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial;
-import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
-
-/*
- * Higher level interface to access and generate keys.
- */
-interface IHwCryptoKey {
- /*
- * Identifier for the requested device provided key. The currently supported identifiers are:
- *
- * DEVICE_BOUND_KEY:
- * This is a key unique to the device.
- * BATCH_KEY:
- * This is a shared by a set of devices.
- */
- enum DeviceKeyId {
- DEVICE_BOUND_KEY,
- BATCH_KEY,
- }
-
- /*
- * Identifier for the requested key slot. The currently supported identifiers are:
- *
- * KEYMINT_SHARED_HMAC_KEY:
- * This is the shared HMAC key that will now be computed by HwCryptoKey after participating
- * in the ISharedSecret protocol that can be shared with KeyMint and authenticators. See
- * ISharedSecret.aidl for more information.
- */
- enum KeySlot {
- KEYMINT_SHARED_HMAC_KEY,
- }
-
- union DiceBoundDerivationKey {
- /*
- * Opaque to be used to derive the DICE bound key.
- */
- IOpaqueKey opaqueKey;
-
- /*
- * Device provided key to be used to derive the DICE bound key.
- */
- DeviceKeyId keyId;
- }
-
- parcelable DiceCurrentBoundKeyResult {
- /*
- * Key cryptographically bound to a DICE policy.
- */
- IOpaqueKey diceBoundKey;
-
- /*
- * Current dice policy which was used to generate the returned key. This policy is
- * opaque from this service perspective (it will be sent to an Authentication Manager
- * Service to be verified). It follows the structure defined on DicePolicy.cddl, located
- * under hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
- * with the caveat that it could be encrypted if the client does not have enough permissions
- * to see the device dice policy information.
- */
- byte[] dicePolicyForKeyVersion;
- }
-
- parcelable DiceBoundKeyResult {
- /*
- * Key cryptographically bound to a DICE policy.
- */
- IOpaqueKey diceBoundKey;
-
- /*
- * Indicates if the diceBoundKey returned was created using a current DICE policy. The
- * caller can use this to detect if an old policy was provided and rotate its keys if so
- * desired. Old, valid policies remain usable, but care needs to be taken to not continue to
- * use a potentially compromised key.
- */
- boolean dicePolicyWasCurrent;
- }
-
- parcelable ClearKeyPolicy {
- /*
- * Indicates the desired key size. It will be used to calculate how many bytes of key
- * material should be returned.
- */
- int keySizeBytes;
- }
-
- union DerivedKeyPolicy {
- /*
- * If used we will derive a clear key and pass it back as an array of bytes on
- * <code>HwCryptoKeyMaterial::explicitKey</code>.
- */
- ClearKeyPolicy clearKey;
-
- /*
- * Policy for the newly derived opaque key. Defines how the key can be used and its type.
- */
- byte[] opaqueKey;
- }
-
- parcelable DerivedKeyParameters {
- /*
- * Key to be used to derive the new key using HKDF.
- */
- IOpaqueKey derivationKey;
-
- /*
- * Policy for the newly derived key. Depending on its type, either a clear or opaque key
- * will be derived.
- */
- DerivedKeyPolicy keyPolicy;
-
- /*
- * An arbitrary set of bytes incorporated into the key derivation. May have
- * an implementation-specific maximum length, but it is guaranteed to accept
- * at least 32 bytes.
- */
- byte[] context;
- }
-
- union DerivedKey {
- /*
- * Derived key in clear format.
- */
- byte[] explicitKey = {};
-
- /*
- * Derived key as a key token to be used only through the HWCrypto service.
- */
- IOpaqueKey opaque;
- }
-
- /*
- * deriveCurrentDicePolicyBoundKey() - Derives a versioned key tied to the caller's current DICE
- * policy. It will return this current policy back to the caller
- * along with the generated key.
- *
- * @derivationKey:
- * Key to be used to derive the new key using HKDF.
- *
- * Return:
- * Ok(DiceCurrentBoundKeyResult) on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(
- in DiceBoundDerivationKey derivationKey);
-
- /*
- * deriveDicePolicyBoundKey() - Derive a versioned key by checking the provided DICE policy
- * against the caller and then using it as a context for deriving
- * the returned key.
- *
- * @derivationKey:
- * Key to be used to derive the new key using HKDF.
- *
- * @dicePolicyForKeyVersion:
- * Policy used to derive keys tied to specific versions. Using this parameter
- * the caller can tie a derived key to a minimum version of itself, so in the future only
- * itself or a more recent version can derive the same key. This parameter is opaque to the
- * caller and it could be encrypted in the case the client doesn't have permission to know
- * the dice chain.
- * When implementing this function, this parameter shall be one of the components fed
- * to the KDF context and it needs to be checked against the caller DICE certificate before
- * being used.
- *
- * Return:
- * Ok(DiceBoundKeyResult) on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- DiceBoundKeyResult deriveDicePolicyBoundKey(
- in DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
-
- /*
- * deriveKey() - Derive a new key based on the given key, policy and context.
- *
- * @parameters:
- * Parameters used for the key derivation. See <code>DerivedKeyParameters</code> on this
- * file for more information.
- *
- * Return:
- * Ok(HwCryptoKeyMaterial) on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- DerivedKey deriveKey(in DerivedKeyParameters parameters);
-
- /*
- * getHwCryptoOperations() - Returns an interface used to work on opaque keys. This interface
- * can also be used to operate on any opaque key generated by
- * hwkeyDeriveVersioned, even if this key has been generated after
- * retrieving a IHwCryptoOperations binder object, as long as the
- * parent IHwCryptoDeviceKeyAccess is not dropped between retrieving
- * the IHwCryptoOperations binder object and deriving the key.
- * IHwCryptoOperations can also be used to create opaque keys that
- * are not bound to the device.
- *
- * Return:
- * IHwCryptoOperations on success
- */
- IHwCryptoOperations getHwCryptoOperations();
-
- /*
- * importClearKey() - Imports a SW clear key into the secure environment.
- *
- * @keyMaterial:
- * key to be imported.
- * @newKeyPolicy:
- * Policy of the new key. Defines how the newly created key can be used. Because any
- * clear key imported into the system is considered to have a
- * <code>KeyLifetime::PORTABLE</code> lifetime, a call to this function will return an
- * error if <code>newKeyPolicy.newKeyPolicy</code> is not set to portable.
- *
- * Return:
- * IOpaqueKey on success, service specific error based on <code>HalErrorCode</code>
- * otherwise.
- */
- IOpaqueKey importClearKey(in ExplicitKeyMaterial keyMaterial, in KeyPolicy newKeyPolicy);
-
- /*
- * getCurrentDicePolicy() - Returns the client current DICE policy. This policy is encrypted and
- * considered opaque from the client perspective. This policy is the
- * same used to create DICE bound keys and will also be used to seal
- * secrets that can only be retrieved by the DICE policy owner. The
- * first use of this seal operation will be
- * <code>IOpaqueKey::getShareableToken</code> and
- * <code>IHwCryptoKey::keyTokenImport</code>. To start this process,
- * the intended key receiver will call this function and then pass the
- * generated DICE policy to the owner of the key that the receiver
- * wants to import. The key owner will then call
- * <code>IOpaqueKey::getShareableToken</code> passing the receiver DICE
- * policy to insure that only that receiver can import the key.
- *
- * Return:
- * byte[] on success, which is the caller encrypted DICE policy.
- */
- byte[] getCurrentDicePolicy();
-
- /*
- * key_token_import() - Imports a key from a different client service instance. Because
- * IOpaqueKey are binder objects that cannot be directly shared between
- * binder rpc clients, this method provide a way to send a key to another
- * client. Keys to be imported by the receiver are represented by a token
- * created using <code>IOpaqueKey::getShareableToken</code>. The flow
- * to create this token is described in
- * <code>IHwCryptoKey::getCurrentDicePolicy</code>.
- *
- * @requested_key:
- * Handle to the key to be imported to the caller service.
- * @sealingDicePolicy:
- * DICE policy used to seal the exported key.
- * Return:
- * A IOpaqueKey that can be directly be used on the local HWCrypto service on
- * success, service specific error based on <code>HalErrorCode</code> otherwise.
- */
- IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
-
- /*
- * getKeyslotData() - Gets the keyslot key material referenced by slotId.
- *
- * @slotId:
- * Identifier for the requested keyslot
- *
- * This interface is used to access device specific keys with known types and uses. Because the
- * returned key is opaque, it can only be used through the different HwCrypto interfaces.
- * Because the keys live in a global namespace the identity of the caller needs to be
- * checked to verify that it has permission to accesses the requested key.
- *
- * Return:
- * Ok(IOpaqueKey) on success, UNAUTHORIZED if the caller cannot access the requested key,
- * another specific error code otherwise.
- */
- IOpaqueKey getKeyslotData(KeySlot slotId);
-}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
deleted file mode 100644
index 9a72639..0000000
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.hardware.security.see.hwcrypto;
-
-import android.hardware.security.see.hwcrypto.KeyPolicy;
-import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
-import android.hardware.security.see.hwcrypto.types.OperationType;
-import android.hardware.security.see.hwcrypto.types.ProtectionId;
-
-interface IOpaqueKey {
- /*
- * exportWrappedKey() - Exports this key as a wrapped (encrypted) blob.
- *
- * @wrapping_key:
- * wrapping key. It needs to be an opaque key and its policy needs to indicate that it can
- * be used for key wrapping.
- *
- * Return:
- * Wrapped key blob as a byte array on success. Format of the blob is opaque to the service
- * but has to match the command accepted by
- * <code>IHwCryptoKeyGeneration::importWrappedKey</code>, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- byte[] exportWrappedKey(in IOpaqueKey wrappingKey);
-
- /*
- * getKeyPolicy() - Returns the key policy.
- *
- * Return:
- * A <code>KeyPolicy</code> on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- KeyPolicy getKeyPolicy();
-
- /*
- * getPublicKey() - Returns the public key portion of this OpaqueKey. This operation is only
- * valid for asymmetric keys
- *
- * Return:
- * public key as a byte array on success, service specific error based on
- * <code>HalErrorCode</code> otherwise. Format used for the returned public key is COSE.
- */
- byte[] getPublicKey();
-
- /*
- * getShareableToken() - Returns a token that can shared with another HWCrypto client.
- *
- * @sealingDicePolicy:
- * Token to be used to protect the returned OpaqueKeyToken. It will be used so only
- * the owner of the sealingDicePolicy can import the key.
- * Return:
- * <code>OpaqueKeyMaterial</code> token on success, service specific error based on
- * <code>HalErrorCode</code> otherwise.
- */
- OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
-
- /*
- * setProtectionId() - Sets the protectionID associated with the buffers where the operation
- * will be performed. A protection ID serves as a limitation on the key so
- * it can only operate on buffers with a matching protection ID.
- * The client calling this functions needs to have the necessary permissions
- * to read and/or write to this buffer. Setting this parameter means that
- * if the key is shared with a different client, the client receiving the
- * key will be limited in which buffers can be used to read/write data for
- * this operation.
- *
- * @protectionId:
- * ID of the given use case to provide protection for. The method of protecting the buffer
- * will be platform dependent.
- * @allowedOperations:
- * array of allowed operations. Allowed operations are either READ or WRITE.
- *
- * Return:
- * service specific error based on <code>HalErrorCode</code> on failure.
- */
- void setProtectionId(in ProtectionId protectionId, in OperationType[] allowedOperations);
-}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
deleted file mode 100644
index 3cf4670..0000000
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright 2024 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package android.hardware.security.see.hwcrypto.types;
-
-/*
- * Enum describing all supported key types. Key types are strongly bound to the algorithm to
- * prevent reusing the same key on different algorithms (e.g. using the same key for 2 different AES
- * 128 Cipher modes).
- */
-enum KeyType {
- AES_128_CBC_NO_PADDING,
- AES_128_CBC_PKCS7_PADDING,
- AES_128_CTR,
- AES_128_GCM,
- AES_128_CMAC,
- AES_256_CBC_NO_PADDING,
- AES_256_CBC_PKCS7_PADDING,
- AES_256_CTR,
- AES_256_GCM,
- AES_256_CMAC,
- HMAC_SHA256,
- HMAC_SHA512,
- RSA2048_PSS_SHA256,
- RSA2048_PKCS1_5_SHA256,
- ECC_NIST_P256_SIGN_NO_PADDING,
- ECC_NIST_P256_SIGN_SHA256,
- ECC_NIST_P521_SIGN_NO_PADDING,
- ECC_NIST_P521_SIGN_SHA512,
- ECC_ED25519_SIGN,
-}