identity: Add support for setting minimum validity period for AuthKey.

This change adds support for specifying that an AuthKey should be
replaced if it's going to expire within a certain amount of time
configurable by the application. This also adds a way for the
application to learn about the expiration time of currently configured
AuthKeys.

Combined these two changes allow an application to get a perfect
picture of which AuthKeys are available, when they expire, and allows
the application to refresh AuthKeys well ahead of expiration dates.

Also remove checking storeStaticAuthenticationDataWithExpiration() is
only available on HAL version 3 and later (feature version 202101 and
later). This works on any HAL version.

Bug: 241912421
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Ic8274088035c31f73ad61645ee5e0281b3460837

1 files changed, 5 insertions, 1 deletions

diff --git a/identity/binder/android/security/identity/ICredential.aidl b/identity/binder/android/security/identity/ICredential.aidl
index e6a9fae0..875b9341 100644
--- a/identity/binder/android/security/identity/ICredential.aidl
+++ b/identity/binder/android/security/identity/ICredential.aidl
@@ -60,7 +60,9 @@ interface ICredential {
                                       in boolean allowUsingExpiredKeys,
                                       in boolean incrementUsageCount);
 
-    void setAvailableAuthenticationKeys(in int keyCount, in int maxUsesPerKey);
+    void setAvailableAuthenticationKeys(in int keyCount,
+                                        in int maxUsesPerKey,
+                                        in long minValidTimeMillis);
 
     AuthKeyParcel[] getAuthKeysNeedingCertification();
 
@@ -73,6 +75,8 @@ interface ICredential {
 
     int[] getAuthenticationDataUsageCount();
 
+    long[] getAuthenticationDataExpirations();
+
     IWritableCredential update();
 }