summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl1
-rw-r--r--security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl14
-rw-r--r--security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h2
-rw-r--r--security/keymint/aidl/vts/functional/KeyMintTest.cpp16
4 files changed, 30 insertions, 3 deletions
diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
index d3c691086b..7150c4412c 100644
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -45,5 +45,6 @@ interface IKeyMintDevice {
android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose purpose, in byte[] keyBlob, in android.hardware.security.keymint.KeyParameter[] params, in android.hardware.security.keymint.HardwareAuthToken authToken);
void deviceLocked(in boolean passwordOnly, in @nullable android.hardware.security.secureclock.TimeStampToken timestampToken);
void earlyBootEnded();
+ byte[] performOperation(in byte[] request);
const int AUTH_TOKEN_MAC_LENGTH = 32;
}
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 6d42db2322..384416e692 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -760,4 +760,18 @@ interface IKeyMintDevice {
* an EARLY_BOOT_ONLY key after this method is called must fail with Error::INVALID_KEY_BLOB.
*/
void earlyBootEnded();
+
+ /**
+ * Called by the client to perform a KeyMint operation.
+ *
+ * This method is added primarily as a placeholder. Details will be fleshed before the KeyMint
+ * V1 interface is frozen. Until then, implementations must return ErrorCode::UNIMPLEMENTED.
+ *
+ * @param request is an encrypted buffer containing a description of the operation the client
+ * wishes to perform. Structure, content and encryption are TBD.
+ *
+ * @return an encrypted buffer containing the result of the operation. Structure, content and
+ * encryption are TBD.
+ */
+ byte[] performOperation(in byte[] request);
}
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index e79fe80c13..0aef81bd6f 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -261,7 +261,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
ErrorCode UseRsaKey(const vector<uint8_t>& rsaKeyBlob);
ErrorCode UseEcdsaKey(const vector<uint8_t>& ecdsaKeyBlob);
- private:
+ protected:
std::shared_ptr<IKeyMintDevice> keymint_;
uint32_t os_version_;
uint32_t os_patch_level_;
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index f8eca6bc36..7ecfa3723f 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -4633,7 +4633,7 @@ TEST_P(KeyAgreementTest, Ecdh) {
INSTANTIATE_KEYMINT_AIDL_TEST(KeyAgreementTest);
-typedef KeyMintAidlTestBase EarlyBootKeyTest;
+using EarlyBootKeyTest = KeyMintAidlTestBase;
TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) {
auto [aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData] =
@@ -4690,9 +4690,10 @@ TEST_P(EarlyBootKeyTest, DISABLED_FullTest) {
CheckedDeleteKey(&rsaKeyData.blob);
CheckedDeleteKey(&ecdsaKeyData.blob);
}
+
INSTANTIATE_KEYMINT_AIDL_TEST(EarlyBootKeyTest);
-typedef KeyMintAidlTestBase UnlockedDeviceRequiredTest;
+using UnlockedDeviceRequiredTest = KeyMintAidlTestBase;
// This may be a problematic test. It can't be run repeatedly without unlocking the device in
// between runs... and on most test devices there are no enrolled credentials so it can't be
@@ -4724,8 +4725,19 @@ TEST_P(UnlockedDeviceRequiredTest, DISABLED_KeysBecomeUnusable) {
CheckedDeleteKey(&rsaKeyData.blob);
CheckedDeleteKey(&ecdsaKeyData.blob);
}
+
INSTANTIATE_KEYMINT_AIDL_TEST(UnlockedDeviceRequiredTest);
+using PerformOperationTest = KeyMintAidlTestBase;
+
+TEST_P(PerformOperationTest, RequireUnimplemented) {
+ vector<uint8_t> response;
+ auto result = keymint_->performOperation({} /* request */, &response);
+ ASSERT_EQ(GetReturnErrorCode(result), ErrorCode::UNIMPLEMENTED);
+}
+
+INSTANTIATE_KEYMINT_AIDL_TEST(PerformOperationTest);
+
} // namespace aidl::android::hardware::security::keymint::test
int main(int argc, char** argv) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-05 05:14:29 +0000