Revert^2 "Add remote key provisioning to the IC HAL"
be32113307d67f54e594e5322f85b65e4e2c4fdb
Change-Id: I55ddbddd0bc317f1f077a63b0275c4d55fd9c76f
diff --git a/identity/aidl/default/common/SecureHardwareProxy.h b/identity/aidl/default/common/SecureHardwareProxy.h
index a580444..9f63ad8 100644
--- a/identity/aidl/default/common/SecureHardwareProxy.h
+++ b/identity/aidl/default/common/SecureHardwareProxy.h
@@ -82,6 +82,18 @@
virtual optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge,
const vector<uint8_t>& applicationId) = 0;
+ // Returns public key certificate with a remotely provisioned attestation key.
+ //
+ // This returns a single certificate that is signed by the given |attestationKeyBlob|.
+ // The implementation of eicOpsCreateCredentialKey() on the TA side must coordinate
+ // with its corresponding keymint implementation to sign using the attestation key. The
+ // |attestationKeyCert| parameter is the certificates for |attestationKeyBlob|,
+ // formatted as concatenated, DER-encoded, X.509 certificates.
+ virtual optional<vector<uint8_t>> createCredentialKeyUsingRkp(
+ const vector<uint8_t>& challenge, const vector<uint8_t>& applicationId,
+ const vector<uint8_t>& attestationKeyBlob,
+ const vector<uint8_t>& attestationKeyCert) = 0;
+
virtual bool startPersonalization(int accessControlProfileCount, const vector<int>& entryCounts,
const string& docType,
size_t expectedProofOfProvisioningSize) = 0;