Merge "Keystore 2.0: add convertStorageKeyToEphemeral() to IKeymintDevice"
This commit is contained in:
commit
38b3bcee7f
2 changed files with 22 additions and 0 deletions
|
@ -47,6 +47,7 @@ interface IKeyMintDevice {
|
|||
android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose purpose, in byte[] keyBlob, in android.hardware.security.keymint.KeyParameter[] params, in android.hardware.security.keymint.HardwareAuthToken authToken);
|
||||
void deviceLocked(in boolean passwordOnly, in @nullable android.hardware.security.secureclock.TimeStampToken timestampToken);
|
||||
void earlyBootEnded();
|
||||
byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);
|
||||
byte[] performOperation(in byte[] request);
|
||||
const int AUTH_TOKEN_MAC_LENGTH = 32;
|
||||
}
|
||||
|
|
|
@ -762,6 +762,27 @@ interface IKeyMintDevice {
|
|||
*/
|
||||
void earlyBootEnded();
|
||||
|
||||
/*
|
||||
* Called by the client to get a wrapped per-boot ephemeral key from a wrapped storage key.
|
||||
* Clients will then use the returned per-boot ephemeral key in place of the wrapped storage
|
||||
* key. Whenever the hardware is presented with a per-boot ephemeral key for an operation, it
|
||||
* must use the storage key associated with that ephemeral key to perform the requested
|
||||
* operation.
|
||||
*
|
||||
* Implementations should return ErrorCode::UNIMPLEMENTED if they don't support wrapped storage
|
||||
* keys.
|
||||
*
|
||||
* Implementations should return ErrorCode::INVALID_ARGUMENT (as a ServiceSpecificException)
|
||||
* if the input key blob doesn't represent a valid long-lived wrapped storage key.
|
||||
*
|
||||
* @param storageKeyBlob is the wrapped storage key for which the client wants a per-boot
|
||||
* ephemeral key
|
||||
*
|
||||
* @return a buffer containing the per-boot ephemeral keyblob that should henceforth be used in
|
||||
* place of the input storageKeyBlob
|
||||
*/
|
||||
byte[] convertStorageKeyToEphemeral(in byte[] storageKeyBlob);
|
||||
|
||||
/**
|
||||
* Called by the client to perform a KeyMint operation.
|
||||
*
|
||||
|
|
Loading…
Reference in a new issue