Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 8d28efa9b81a717fb839111e13ba51104269877a^! / . / keymaster / 4.0 / IKeymasterDevice.hal
commit8d28efa9b81a717fb839111e13ba51104269877a[log] [tgz]
authorShawn Willden <swillden@google.com>Fri Jan 19 13:37:42 2018 -0700
committerShawn Willden <swillden@google.com>Fri Jan 19 20:09:05 2018 -0700
tree054a1694001ee9e08c6f40983670651874027644
parent1b2ad166a46ad395491cc335a72a35eb814e4b8a [diff] [blame]
Add additional parameters to importWrappedKey

Bug: 31675676
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I31166d0c562d92bbdcf3357782ac2a076a1bc2d9

diff --git a/keymaster/4.0/IKeymasterDevice.hal b/keymaster/4.0/IKeymasterDevice.hal
index 14c9c35..5dac929 100644
--- a/keymaster/4.0/IKeymasterDevice.hal
+++ b/keymaster/4.0/IKeymasterDevice.hal

@@ -274,6 +274,23 @@
      * @param maskingKey The 32-byte value XOR'd with the transport key in the SecureWrappedKey
      *        structure.
      *
+     * @param unwrappingParams must contain any parameters needed to perform the unwrapping
+     *        operation.  For example, if the wrapping key is an AES key the block and padding modes
+     *        must be specified in this argument.
+     *
+     * @param passwordSid specifies the password secure ID (SID) of the user that owns the key being
+     *        installed.  If the authorization list in wrappedKeyData contains a Tag::USER_SECURE_ID
+     *        with a value that has the HardwareAuthenticatorType::PASSWORD bit set, the constructed
+     *        key must be bound to the SID value provided by this argument.  If the wrappedKeyData
+     *        does not contain such a tag and value, this argument must be ignored.
+     *
+     * @param biometricSid specifies the biometric secure ID (SID) of the user that owns the key
+     *        being installed.  If the authorization list in wrappedKeyData contains a
+     *        Tag::USER_SECURE_ID with a value that has the HardwareAuthenticatorType::FINGERPRINT
+     *        bit set, the constructed key must be bound to the SID value provided by this argument.
+     *        If the wrappedKeyData does not contain such a tag and value, this argument must be
+     *        ignored.
+     *
      * @return error See the ErrorCode enum.
      *
      * @return keyBlob Opaque descriptor of the imported key.  It is recommended that the keyBlob
@@ -281,8 +298,9 @@
      *         hardware.
      */
     importWrappedKey(vec<uint8_t> wrappedKeyData, vec<uint8_t> wrappingKeyBlob,
-                     vec<uint8_t> maskingKey)
-        generates (ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
+                     vec<uint8_t> maskingKey, vec<KeyParameter> unwrappingParams,
+                     uint64_t passwordSid, uint64_t biometricSid)
+        generates(ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
 
     /**
      * Returns the characteristics of the specified key, if the keyBlob is valid (implementations