Add getKeyCharacteristics method to KeyMint
(cherry picked from commit 402d62f7bee0ef162d25543886a5310b1ebb9221)
Bug: 186685601
Test: Treehugger
Merged-In: Ie72d865a37e2b6834fe6a86bf843d30286384aa5
Change-Id: Ie72d865a37e2b6834fe6a86bf843d30286384aa5
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
index 3f75af6..fa643fc 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -48,5 +48,6 @@
void deviceLocked(in boolean passwordOnly, in @nullable android.hardware.security.secureclock.TimeStampToken timestampToken);
void earlyBootEnded();
byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);
+ android.hardware.security.keymint.KeyCharacteristics[] getKeyCharacteristics(in byte[] keyBlob, in byte[] appId, in byte[] appData);
const int AUTH_TOKEN_MAC_LENGTH = 32;
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index a3260f5..b4a2bed7 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -20,6 +20,7 @@
import android.hardware.security.keymint.BeginResult;
import android.hardware.security.keymint.HardwareAuthToken;
import android.hardware.security.keymint.IKeyMintOperation;
+import android.hardware.security.keymint.KeyCharacteristics;
import android.hardware.security.keymint.KeyCreationResult;
import android.hardware.security.keymint.KeyFormat;
import android.hardware.security.keymint.KeyMintHardwareInfo;
@@ -766,7 +767,7 @@
*/
void earlyBootEnded();
- /*
+ /**
* Called by the client to get a wrapped per-boot ephemeral key from a wrapped storage key.
* Clients will then use the returned per-boot ephemeral key in place of the wrapped storage
* key. Whenever the hardware is presented with a per-boot ephemeral key for an operation, it
@@ -786,4 +787,26 @@
* place of the input storageKeyBlob
*/
byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);
+
+ /**
+ * Returns parameters associated with the provided key. This should match the
+ * KeyCharacteristics present in the KeyCreationResult returned by generateKey(),
+ * importKey(), or importWrappedKey().
+ *
+ * @param keyBlob The opaque descriptor returned by generateKey, importKey or importWrappedKey.
+ *
+ * @param appId An opaque byte string identifying the client. This value must match the
+ * Tag::APPLICATION_ID data provided during key generation/import. Without the correct
+ * value, it must be computationally infeasible for the secure hardware to obtain the
+ * key material.
+ *
+ * @param appData An opaque byte string provided by the application. This value must match the
+ * Tag::APPLICATION_DATA data provided during key generation/import. Without the
+ * correct value, it must be computationally infeasible for the secure hardware to
+ * obtain the key material.
+ *
+ * @return Characteristics of the generated key. See KeyCreationResult for details.
+ */
+ KeyCharacteristics[] getKeyCharacteristics(
+ in byte[] keyBlob, in byte[] appId, in byte[] appData);
}