Modifying HwKey::deriveKey parameter
Changing the providede opaque key policy type to a CBOR formatted
byte array.
Bug: 284152719
Test: qemu android build
Change-Id: I0933c69bbfa3eeee956465b34fc163ed9b638eba
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
index f0df507..3763f0a 100644
--- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
+++ b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -58,8 +58,8 @@
int keySizeBytes;
}
union DerivedKeyPolicy {
- android.hardware.security.see.hwcrypto.KeyPolicy opaqueKey;
android.hardware.security.see.hwcrypto.IHwCryptoKey.ClearKeyPolicy clearKey;
+ byte[] opaqueKey;
}
parcelable DerivedKeyParameters {
android.hardware.security.see.hwcrypto.IOpaqueKey derivationKey;
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
index d2b5604..b5e7e9d 100644
--- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
+++ b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -90,15 +90,15 @@
union DerivedKeyPolicy {
/*
- * Policy for the newly derived opaque key. Defines how the key can be used and its type.
- */
- KeyPolicy opaqueKey;
-
- /*
* If used we will derive a clear key and pass it back as an array of bytes on
* <code>HwCryptoKeyMaterial::explicitKey</code>.
*/
ClearKeyPolicy clearKey;
+
+ /*
+ * Policy for the newly derived opaque key. Defines how the key can be used and its type.
+ */
+ byte[] opaqueKey;
}
parcelable DerivedKeyParameters {
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
new file mode 100644
index 0000000..77b632b
--- /dev/null
+++ b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
@@ -0,0 +1,66 @@
+;
+; Copyright (C) 2024 The Android Open Source Project
+;
+; Licensed under the Apache License, Version 2.0 (the "License");
+; you may not use this file except in compliance with the License.
+; You may obtain a copy of the License at
+;
+; http://www.apache.org/licenses/LICENSE-2.0
+;
+; Unless required by applicable law or agreed to in writing, software
+; distributed under the License is distributed on an "AS IS" BASIS,
+; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+; See the License for the specific language governing permissions and
+; limitations under the License.
+;
+
+KeyPolicy = [
+ -65701: KeyUse, ;usage
+ -65702: KeyLifetime ;keyLifetime
+ -65703: KeyPermissions ;keyPermissions
+ -65704: KeyType ;keyType
+ -65705: bool ;keyManagementKey
+]
+
+KeyUse = &(
+ ENCRYPT: 1,
+ DECRYPT: 2,
+ ENCRYPT_DECRYPT: ENCRYPT | DECRYPT,
+ SIGN: 4,
+ DERIVE: 8,
+ WRAP: 16,
+)
+
+KeyLifetime = &(
+ EPHEMERAL: 0,
+ HARDWARE: 1,
+ PORTABLE: 2,
+)
+
+KeyPermissions = &(
+ ALLOW_EPHEMERAL_KEY_WRAPPING: 0,
+ ALLOW_HARDWARE_KEY_WRAPPING: 1,
+ ALLOW_PORTABLE_KEY_WRAPPING: 2,
+)
+
+enum KeyType = &(
+ AES_128_CBC_NO_PADDING: 0,
+ AES_128_CBC_PKCS7_PADDING: 1,
+ AES_128_CTR: 2,
+ AES_128_GCM: 3,
+ AES_128_CMAC: 4,
+ AES_256_CBC_NO_PADDING: 5,
+ AES_256_CBC_PKCS7_PADDING: 6,
+ AES_256_CTR: 7,
+ AES_256_GCM: 8,
+ AES_256_CMAC: 9,
+ HMAC_SHA256: 10,
+ HMAC_SHA512: 11,
+ RSA2048_PSS_SHA256: 12,
+ RSA2048_PKCS1_5_SHA256: 13,
+ ECC_NIST_P256_SIGN_NO_PADDING: 14,
+ ECC_NIST_P256_SIGN_SHA256: 15,
+ ECC_NIST_P521_SIGN_NO_PADDING: 16,
+ ECC_NIST_P521_SIGN_SHA512: 17,
+ ECC_ED25519_SIGN:18,
+)