Define AuthMgr API for client authorization
Test: atest VtsAidlAuthMgrNonExistentTest
Change-Id: I584cab0039b1b41ad3136a644465aceac3e985c5
diff --git a/security/see/authmgr/aidl/Android.bp b/security/see/authmgr/aidl/Android.bp
new file mode 100644
index 0000000..a32d4e9
--- /dev/null
+++ b/security/see/authmgr/aidl/Android.bp
@@ -0,0 +1,57 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+aidl_interface {
+ name: "android.hardware.security.see.authmgr",
+ vendor_available: true,
+ srcs: [
+ "android/hardware/security/see/authmgr/*.aidl",
+ ],
+ stability: "vintf",
+ frozen: false,
+ backend: {
+ java: {
+ platform_apis: true,
+ },
+ ndk: {
+ enabled: true,
+ },
+ rust: {
+ enabled: true,
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.virt",
+ ],
+ },
+ },
+}
+
+// A rust_defaults that includes the latest authmgr AIDL library.
+// Modules that depend on authmgr directly can include this rust_defaults to avoid
+// managing dependency versions explicitly.
+rust_defaults {
+ name: "authmgr_use_latest_hal_aidl_rust",
+ rustlibs: [
+ "android.hardware.security.see.authmgr-V1-rust",
+ ],
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceChainEntry.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceChainEntry.aidl
new file mode 100644
index 0000000..b775f95
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceChainEntry.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable DiceChainEntry {
+ byte[] diceChainEntry;
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
new file mode 100644
index 0000000..0f61900
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable DiceLeafArtifacts {
+ android.hardware.security.see.authmgr.DiceChainEntry diceLeaf;
+ android.hardware.security.see.authmgr.DicePolicy diceLeafPolicy;
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DicePolicy.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DicePolicy.aidl
new file mode 100644
index 0000000..f434c3c
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/DicePolicy.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable DicePolicy {
+ byte[] dicePolicy;
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/Error.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/Error.aidl
new file mode 100644
index 0000000..9e6a501
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/Error.aidl
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@Backing(type="int") @VintfStability
+enum Error {
+ OK = 0,
+ AUTHENTICATION_ALREADY_STARTED = (-1) /* -1 */,
+ INSTANCE_ALREADY_AUTHENTICATED = (-2) /* -2 */,
+ INVALID_DICE_CERT_CHAIN = (-3) /* -3 */,
+ INVALID_DICE_LEAF = (-4) /* -4 */,
+ INVALID_DICE_POLICY = (-5) /* -5 */,
+ DICE_POLICY_MATCHING_FAILED = (-6) /* -6 */,
+ SIGNATURE_VERIFICATION_FAILED = (-7) /* -7 */,
+ CONNECTION_HANDOVER_FAILED = (-8) /* -8 */,
+ CONNECTION_NOT_AUTHENTICATED = (-9) /* -9 */,
+ NO_CONNECTION_TO_AUTHORIZE = (-10) /* -10 */,
+ INVALID_INSTANCE_IDENTIFIER = (-11) /* -11 */,
+ MEMORY_ALLOCATION_FAILED = (-12) /* -12 */,
+ INSTANCE_PENDING_DELETION = (-13) /* -13 */,
+ CLIENT_PENDING_DELETION = (-14) /* -14 */,
+ AUTHENTICATION_NOT_STARTED = (-15) /* -15 */,
+ INSTANCE_CONTEXT_CREATION_DENIED = (-16) /* -16 */,
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
new file mode 100644
index 0000000..18d90eb
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable ExplicitKeyDiceCertChain {
+ byte[] diceCertChain;
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
new file mode 100644
index 0000000..a120b49
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@VintfStability
+interface IAuthMgrAuthorization {
+ byte[32] initAuthentication(in android.hardware.security.see.authmgr.ExplicitKeyDiceCertChain diceCertChain, in @nullable byte[] instanceIdentifier);
+ void completeAuthentication(in android.hardware.security.see.authmgr.SignedConnectionRequest signedConnectionRequest, in android.hardware.security.see.authmgr.DicePolicy dicePolicy);
+ void authorizeAndConnectClientToTrustedService(in byte[] clientID, String serviceName, in byte[32] token, in android.hardware.security.see.authmgr.DiceLeafArtifacts clientDiceArtifacts);
+}
diff --git a/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
new file mode 100644
index 0000000..46d8373
--- /dev/null
+++ b/security/see/authmgr/aidl/aidl_api/android.hardware.security.see.authmgr/current/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.authmgr;
+@RustDerive(Clone=true, Eq=true, PartialEq=true) @VintfStability
+parcelable SignedConnectionRequest {
+ byte[] signedConnectionRequest;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceChainEntry.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceChainEntry.aidl
new file mode 100644
index 0000000..3b4a35b
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceChainEntry.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * A CBOR encoded DICE certificate.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable DiceChainEntry {
+ /**
+ * Data is CBOR encoded according to the `DiceChainEntry` CDDL in
+ * hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/
+ * generateCertificateRequestV2.cddl
+ */
+ byte[] diceChainEntry;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
new file mode 100644
index 0000000..333096f
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DiceLeafArtifacts.aidl
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+import android.hardware.security.see.authmgr.DiceChainEntry;
+import android.hardware.security.see.authmgr.DicePolicy;
+
+/**
+ * This contains the DICE certificate and the DICE policy created for the client by the AuthMgr FE.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable DiceLeafArtifacts {
+ DiceChainEntry diceLeaf;
+ DicePolicy diceLeafPolicy;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DicePolicy.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DicePolicy.aidl
new file mode 100644
index 0000000..4b55330
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/DicePolicy.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * DICE policy - CBOR encoded according to DicePolicy.cddl.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable DicePolicy {
+ /**
+ * Data is CBOR encoded according to the `DicePolicy` CDDL in
+ * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
+ * DicePolicy.cddl
+ */
+ byte[] dicePolicy;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/Error.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/Error.aidl
new file mode 100644
index 0000000..f7c3592
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/Error.aidl
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * AuthMgr error codes. Aidl will return these error codes as service specific errors in
+ * EX_SERVICE_SPECIFIC.
+ */
+@VintfStability
+@Backing(type="int")
+enum Error {
+ /** Success */
+ OK = 0,
+
+ /** Duplicated attempt to start authentication from the same transport ID */
+ AUTHENTICATION_ALREADY_STARTED = -1,
+
+ /** Duplicated authenticated attempt with the same instance ID */
+ INSTANCE_ALREADY_AUTHENTICATED = -2,
+
+ /** Invalid DICE certificate chain of the AuthMgr FE */
+ INVALID_DICE_CERT_CHAIN = -3,
+
+ /** Invalid DICE leaf of the client */
+ INVALID_DICE_LEAF = -4,
+
+ /** Invalid DICE policy */
+ INVALID_DICE_POLICY = -5,
+
+ /** The DICE chain to policy matching failed */
+ DICE_POLICY_MATCHING_FAILED = -6,
+
+ /** Invalid signature */
+ SIGNATURE_VERIFICATION_FAILED = -7,
+
+ /** Failed to handover the connection to the trusted service */
+ CONNECTION_HANDOVER_FAILED = -8,
+
+ /**
+ * An authentication required request (e.g. phase 2) is invoked on a non-authenticated
+ * connection
+ */
+ CONNECTION_NOT_AUTHENTICATED = -9,
+
+ /** There is no pending connection with a matching token to authorize in phase 2 */
+ NO_CONNECTION_TO_AUTHORIZE = -10,
+
+ /** Invalid instance identifier */
+ INVALID_INSTANCE_IDENTIFIER = -11,
+
+ /** Failed to allocate memory */
+ MEMORY_ALLOCATION_FAILED = -12,
+
+ /** An instance which is pending deletion is trying to authenticate */
+ INSTANCE_PENDING_DELETION = -13,
+
+ /** A client which is pending deletion is trying to authorize */
+ CLIENT_PENDING_DELETION = -14,
+
+ /** Trying to complete authentication for an instance for which authentication is not started */
+ AUTHENTICATION_NOT_STARTED = -15,
+
+ /** Creation of the pVM instance's context in the secure storage is not allowed */
+ INSTANCE_CONTEXT_CREATION_DENIED = -16,
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
new file mode 100644
index 0000000..de23530
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/ExplicitKeyDiceCertChain.aidl
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * DICE certificate chain - CBOR encoded according to ExplicitKeyDiceCertChain.cddl.
+ */
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable ExplicitKeyDiceCertChain {
+ /**
+ * Data is CBOR encoded according to the `ExplicitKeyDiceCertChain` CDDL in
+ * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
+ * ExplicitKeyDiceCertChain.cddl
+ */
+ byte[] diceCertChain;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
new file mode 100644
index 0000000..43c3bde
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/IAuthMgrAuthorization.aidl
@@ -0,0 +1,276 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+import android.hardware.security.see.authmgr.DiceLeafArtifacts;
+import android.hardware.security.see.authmgr.DicePolicy;
+import android.hardware.security.see.authmgr.ExplicitKeyDiceCertChain;
+import android.hardware.security.see.authmgr.SignedConnectionRequest;
+
+/**
+ * This is the interface to be implemented by an AuthMgr backend component (AuthMgr BE), in order to
+ * allow the AuthMgr frontend component (AuthMgr FE) in a pVM instance to authenticate itself and
+ * to authorize one or more clients in the pVM instance, in order to let the clients access
+ * trusted services in the Trusted Execution Environment (TEE).
+ *
+ * The following assumptions must be true for the underlying IPC mechanism and the transport layer:
+ * 1. Both parties should be able to retrieve a non-spoofable identifier of the other party from
+ * the transport layer (a.k.a transport ID or vM ID), which stays the same throughout a given
+ * boot cycle of a pVM instance. This is important to prevent person-in-the-middle (PITM)
+ * attacks and to authorize a new connection from a pVM instance based on an already
+ * authenicated connection from the same pVM instance.
+ *
+ * 2. Each of AuthMgr FE and the AuthMgr BE should be able to hand over a connection that is
+ * setup between them to another party so that such connection can be used for communication
+ * between the two new parties subsequently. This is important to be able to handover an
+ * authorized connection established between the AuthMgr FE and the AuthMgr BE to a client in
+ * in a pVM instance and a trusted service in TEE respectively.
+ *
+ * 3. This API should be exposed over an IPC mechanism that supports statefull connections. This
+ * is important for the AuthMgr FE to setup an authenicated connection once per boot cycle
+ * and reuse it to authorize multiple client connections afterwards, if needed.
+ *
+ * 4. AuthMgr FE has a mechanism for discovering and establishing a connection to the trusted
+ * AuthMgr BE. Based on this assumptionson, mutual authentication is not covered by this
+ * API.
+ *
+ * The AuthMgr authorization protocol consists of two phases:
+ * 1. Phase 1 authenticates the AuthMgr FE to the AuthMgr BE via the first two methods of this
+ * API: `initAuthentication` and `completeAuthentication`. At the end of the successful
+ * excecution of phase 1, the AuthMgr FE and the AuthMgr BE have an authenticated connection
+ * established between them. Phase 1 also enforces rollback protection on AuthMgr FE in
+ * addition to authentication.
+ *
+ * Authentication is performed by verifying the AuthMgr FE's signature on the challenge
+ * issued by the AuthMgr BE. The public signing key of the AuthMgr FE is obtained from the
+ * validated DICE certificate chain for verifying the signature. Rollback protection is
+ * enforced by matching the DICE certificate chain against the stored DICE policy.
+ * AuthMgr FE uses this authenticated connection throughout the boot cycle of the pVM to send
+ * phase 2 requests to the AuthMgr BE. Therefore, phase 1 needs to be executed only once per
+ * boot cycle of the pVM. AuthMgr BE should take measures to prevent any duplicate
+ * authentication attempts from the same instance or from any impersonating instances.
+ *
+ * 2. Phase 2 authorizes a client in the pVM to access trusted service(s) in the TEE and
+ * establishes a new connection between the client and the trusted service based on the trust
+ * in the authenticated connection established in phase 1. The client and the trusted service
+ * can communicate independently from the AuthMgr(s) after the successful execution of
+ * phase 2 of the authorization protocol.
+ *
+ * The AuthMgr FE first opens a new vsock connection to the AuthMgr BE and sends a one-time
+ * token over that connection. The AuthMgr FE then invokes the third method of this API
+ * (`authorizeAndConnectClientToTrustedService`) on the authenticated connection established
+ * with the AuthMgr BE in phase 1. Rollback protection is enforced on the client by matching
+ * the client's DICE certificate against the stored DICE policy. The new connection is
+ * authorized by matching the token sent over the new connection and the token sent over the
+ * authenicated connection.
+ *
+ * AuthMgr BE should make sure that "use-after-destroy" threats are prevented in the implementation
+ * of this authorization protocol. This means that even if a client/pVM instance is created with the
+ * same identifier(s) of a deleted client/pVM instance, the new client should not be able to access
+ * the deleted client's secrets/resources created in the trusted services. The following
+ * requirements should be addressed in order to ensure this:
+ * 1) Each client should be identified by a unique identifier at the AuthMgr BE. The uniqueness
+ * should be guaranteed across factory resets.
+ * 2) The client's unique identifier should be used when constructing the file path to store the
+ * client's context, including the client's DICE policy, in the AuthMgr BE's secure storage.
+ * 3) The client's unique identifier should be conveyed to the trusted service(s) that the client
+ * accesses, when an authorized connection is setup between the client and the trusted service in
+ * phase 2. The trusted service(s) should mix in this unique client identifier when providing the
+ * critical services to the clients (e.g. deriving HW-backed keys by the HWCrypto service,
+ * storing data by the SecureStorage service).
+ *
+ * An example approach to build a unique identifier for a client is as follows:
+ * The AuthMgr BE stores a `global sequence number` in the secure storage that does not get
+ * wiped upon factory reset. Everytime the AuthMgr BE sees a new instance or a client, it assigns
+ * the current `global sequence number` as the unique sequence number of the instance or the client
+ * and increments the `global sequence number`.
+ */
+@VintfStability
+interface IAuthMgrAuthorization {
+ /**
+ * AuthMgr FE initiates the challenge-response protocol with the AuthMgr BE in order to
+ * authenticate the AuthMgr FE to the AuthMgr BE. AuthMgr BE creates and returns a challenge
+ * (a cryptographic random of 32 bytes) to the AuthMgr FE.
+ *
+ * The AuthMgr BE extracts the instance identifier from the DICE certificate chain of the
+ * AuthMgr FE (given in the input: `diceCertChain`). If the instance identifier is not included
+ * in the DICE certificate chain, then it should be sent in the optional
+ * input: `instanceIdentifier`. The instance identifier is used by the AuthMgr BE in this step
+ * to detect and reject any duplicate authentication attempts.
+ * The instance identifier is used in step 2 to build the file path in the secure storage to
+ * store the instance's context.
+ *
+ * If authentication is already started (but not completed) from the same transport ID, return
+ * the error code `AUTHENTICATION_ALREADY_STARTED`.
+ *
+ * @param diceCertChain - DICE certificate chain of the AuthMgr FE.
+ *
+ * @param instanceIdentifier - optional parameter to send the instance identifier, if it is not
+ * included in the DICE certificate chain
+ *
+ * @return challenge to be included in the signed response sent by the AuthMgr FE in
+ * `completeAuthentication`
+ *
+ * @throws ServiceSpecificException:
+ * Error::INSTANCE_ALREADY_AUTHENTICATED - when a pVM instance with the same
+ * `instanceIdentifier` or the same transport id has already been authenticated.
+ * Error::AUTHENTICATION_ALREADY_STARTED - when a pVM instance with the same
+ * the same transport id has already started authentication
+ */
+ byte[32] initAuthentication(in ExplicitKeyDiceCertChain diceCertChain,
+ in @nullable byte[] instanceIdentifier);
+
+ /**
+ * AuthMgr FE invokes this method to complete phase 1 of the authorization protocol. The AuthMgr
+ * BE verifies the signature in `signedConnectionRequest` with the public signing key of the
+ * AuthMgr FE obtained from the DICE certificate chain.
+ *
+ * As per the CDDL for `SignedConnectionRequest` in SignedConnectionRequest.cddl, the AuthMgr FE
+ * includes the challenge sent by the AuthMgr BE and the unique transport IDs of the AuthMgr FE
+ * and AuthMgr BE in the signed response. This is to prevent replay attacks in the presence of
+ * more than one AuthMgr BE, where one AuthMgr BE may impersonate a pVM instance/AuthMgr FE to
+ * another AuthMgr BE. Both transport IDs are included for completeness, although it is
+ * sufficient to include either of them for the purpose of preventing such attacks.
+ *
+ * AuthMgr BE validates the DICE certificate chain by verifying all the signatures in the chain
+ * and by checking wither the root public key is trusted.
+ *
+ * The AuthMgr BE matches the DICE certificate chain of the AuthMgr FE to the DICE policy given
+ * in the input: `dicePolicy`. If this is the first invocation of this method during the
+ * lifetime of the AuthMgr FE, the AuthMgr BE stores the DICE policy in the secure storage as
+ * part of the pVM instance's context, upon successful matching of DICE chain to the policy.
+ * The file path for the storage of the pVM context is constructed using the instance
+ * identifier. Note that the creation of a pVM instance's context in the secure storage is
+ * allowed only during the factory, for the first version of this API. In the future, we expect
+ * to allow the creation of a pVM instance's context in the secure storage even after the device
+ * leaves the factory, based on hard-coded DICE policies and/or via a separate
+ * `IAuthMgrInstanceContextMaintenance` API.
+ *
+ * In the subsequent invocations of this method, the AuthMgr BE matches the given DICE chain
+ * to the stored DICE policy in order to enforce rollback protection. If that succeeds and if
+ * the given DICE poliy is different from the stored DICE policy, the AuthMgr BE replaces the
+ * stored DICE policy with the given DICE policy.
+ *
+ * Upon successful execution of this method, the AuthMgr BE should store some state associated
+ * with the connection, in order to distinguish authenicated connections from any
+ * non-authenticated connections. The state associated with the connection may cache certain
+ * artifacts such as instance identifier, instance sequence number, transport ID, DICE chain
+ * and DICE policy of the AuthMgr FE, so that they can be reused when serving phase 2 requests.
+ * The requests for phase 2 of the authorization protocol are allowed only on authenticated
+ * connections.
+ *
+ * @param signedConnectionRequest - signature from AuthMgr FE (CBOR encoded according to
+ * SignedConnectionRequest.cddl)
+ *
+ * @param dicePolicy - DICE policy of the AuthMgr FE
+ *
+ * @throws ServiceSpecificException:
+ * Error::AUTHENTICATION_NOT_STARTED - when the authentication process has not been
+ * started for the pVM instance.
+ * Error::INSTANCE_ALREADY_AUTHENTICATED - when a pVM instance with the same
+ * `instanceIdentifier` or the same transport id has already been authenticated.
+ * Error::SIGNATURE_VERIFICATION_FAILED - when the signature verification fails.
+ * Error::INVALID_DICE_CERT_CHAIN - when the DICE certificate chain validation fails.
+ * Error::DICE_POLICY_MATCHING_FAILED - when the DICE certificate chain to DICE policy
+ * matching fails for the pVM instance.
+ * Error::INSTANCE_CONTEXT_CREATION_DENIED - when the creation of the pVM instances's
+ * context in the AuthMgr BE is not allowed.
+ * Error::INSTANCE_PENDING_DELETION - when a pVM that is being deleted is trying to
+ * authenticate.
+ *
+ */
+ void completeAuthentication(
+ in SignedConnectionRequest signedConnectionRequest, in DicePolicy dicePolicy);
+
+ /**
+ * When the AuthMgr FE receives a request from a client to access a trusted service, the
+ * AuthMgr FE first creates a new (out-of-band) connection with the AuthMgr BE and sends a
+ * one-time cryptographic token of 32 bytes over that new connection.
+ *
+ * The AuthMgr FE then invokes this method on the authenticated connection established with the
+ * AuthMgr BE in phase 1. When this method is invoked, the AuthMgr BE checks whether the
+ * underlying connection of this method call is already authenticated.
+ *
+ * The AuthMgr FE acts as the DICE manager for all the clients in the pVM and generates the DICE
+ * leaf certificate and the DICE leaf policy for the client, which are sent in the input:
+ * `clientDiceArtifacts`.
+ *
+ * The AuthMgr BE matches the client's DICE leaf certificate to the client's DICE policy.
+ * If this is the first invocation of this method in the lifetime of the client, the AuthMgr BE
+ * stores the client's DICE policy in the secure storage as part of the client's context, upon
+ * successful matching of the DICE certificate to the policy. The file path for the storage of
+ * the client's context should be constructed using the unique id assigned to the pVM instance
+ * by the AuthMgr BE (e.g. instance sequence number) and the client ID. There is no use
+ * case for deleting a client context or a pVM context created in the secure storage, for the
+ * first version of this API, outside of the factory reset. In the future, we expect to
+ * expose APIs for those tasks.
+ *
+ * In the subsequent invocations of this method, the AuthMgr BE matches the given DICE leaf
+ * certificate to the stored DICE policy in order to enforce rollback protection. If that
+ * succeeds and if the given DICE policy is different from the stored DICE policy, the AuthMgr
+ * BE replaces the stored DICE policy with the given DICE policy.
+ *
+ * If the same client requests multiple trusted services or connects to the same trusted service
+ * multiple times during the same boot cycle of the pVM instance, it is recommended to validate
+ * the client's DICE artifacts only once for a given client as an optimization.
+ *
+ * The AuthMgr BE keeps track of the aforementioned new connections that are pending
+ * authorization along with the tokens sent over them and the transport ID of the pVM instance
+ * which created those connections.
+ *
+ * The AuthMgr FE sends the same token that was sent over an aforementioned new connection
+ * in the input: `token` of this method call, in order to authorize the new connection, based on
+ * the trust in the authenticated connection established in phase 1.
+ *
+ * Once the validation of the client's DICE artifacts is completed, the AuthMgr BE retrieves the
+ * pending new connection to be authorized, which is associated with a token that matches the
+ * token sent in this method call and a transport ID that matches the transport ID associated
+ * with the connection underlying this method call.
+ *
+ * Next the AuthMgr BE connects to the trusted service requested by the client in order to
+ * handover the new authorized connection to the trusted service. Once the connection
+ * handover is successful, the AuthMgr BE returns OK to the AuthMgr FE. Then the AuthMgr FE
+ * returns to the client a handle to the new connection (created at the beginning of phase 2).
+ * At this point, an authorized connection is setup between the client and the trusted service,
+ * which they can use to communicate independently of the AuthMgr FE and the AuthMgr BE.
+ *
+ * @param clientID - the identifier of the client in the pVM instance, which is unique in the
+ * context of the pVM instance
+ *
+ * @param service name - the name of the trusted service requested by the client
+ *
+ * @param token - the one-time token used to authorize the new connection created between the
+ * AuthMgr FE and the AuthMgr BE
+ *
+ * @param clientDiceArtifacts - DICE leaf certificate and the DICE leaf policy of the client
+ *
+ * @throws ServiceSpecificException:
+ * Error::CONNECTION_NOT_AUTHENTICATED - when the underlying connection of this method
+ * call is not authenticated.
+ * Error::DICE_POLICY_MATCHING_FAILED - when the DICE certificate chain to DICE policy
+ * matching fails for the client.
+ * Error::NO_CONNECTION_TO_AUTHORIZE - when there is no pending new connection that
+ * is associated with a token and a transport ID that matches those of this
+ * method call.
+ * Error::CONNECTION_HANDOVER_FAILED - when the hanover of the authorized connection to
+ * the trusted service fails.
+ * Error::CLIENT_PENDING_DELETION - when a client that is being deleted is trying to be
+ * authorized.
+ */
+ void authorizeAndConnectClientToTrustedService(in byte[] clientID, String serviceName,
+ in byte[32] token, in DiceLeafArtifacts clientDiceArtifacts);
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
new file mode 100644
index 0000000..f258603
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.aidl
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.hardware.security.see.authmgr;
+
+/**
+ * The response from the AuthMgr FE which includes the challenge sent by the AuthMgr BE and other
+ * information signed by the AuthMgr FE's signing key.
+ */
+
+@VintfStability
+@RustDerive(Clone=true, Eq=true, PartialEq=true)
+parcelable SignedConnectionRequest {
+ /* Data is CBOR encoded according the CDDL in ./SignedConnectionRequest.cddl */
+ byte[] signedConnectionRequest;
+}
diff --git a/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.cddl b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.cddl
new file mode 100644
index 0000000..a74ccd7
--- /dev/null
+++ b/security/see/authmgr/aidl/android/hardware/security/see/authmgr/SignedConnectionRequest.cddl
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+SignedConnectionRequestProtected = {
+ 1 : AlgorithmEdDSA / AlgorithmES256,
+}
+
+SignedConnectionRequest = [ ; COSE_Sign1 (untagged) [RFC9052 s4.2]
+ protected: bstr .cbor SignedConnectionRequesProtected,
+ unprotected: {},
+ payload: bstr .cbor ConnectionRequest,
+ signature: bstr ; PureEd25519(privateKey, SignedResponseSigStruct) /
+ ; ECDSA(privateKey, SignedResponseSigStruct)
+]
+
+ConnectionRequestSigStruct = [ ; Sig_structure for SignedConnectionRequest [ RFC9052 s4.4]
+ context: "Signature1",
+ body_protected: bstr .cbor SignedConnectionRequesProtected,
+ external_aad: bstr .cbor ExternalAADForDICESignedConnectionRequest,
+ payload: bstr .cbor ConnectionRequest,
+]
+
+; The payload structure signed by the DICE signing key
+ConnectionRequest [
+ challenge: bstr .size 32,
+ transport_type: TransportType, ; this indicates what CBOR structure should be exected for the
+ ; next element (i.e. transport_id_info)
+ transport_id_info: TransportIdInfo, ; this information is used to detect person-in-the-middle
+ ; attacks
+]
+
+; The unique id assigned to the `ConnectionRequest` payload structure
+ConnectionRequestUuid = h'34c82916 9579 4d86 baef 592a066419e4' ; bstr .size 16 (UUID v4 - RFC 9562)
+
+; An integer that identifies the type of the transport used for communication between clients and
+; trusted services
+TransportType = &(
+ FFA: 1,
+ ; Any other transport type(s) also be defined here
+)
+
+; Identity information of the peers provided by the transport layer
+TransportIdInfo = &(
+ FFATransportId,
+ ; Any other type(s) containing transport layer identity information should also be defiend here
+)
+
+; Transport ids (a.k.a VM IDs) provided by the FFA transport
+FFATransportId = [
+ feID: uint .size 2, ; FF-A partition ID of the AuthMgr FE
+ beID: uint .size 2, ; FF-A partition ID of the AuthMgr BE
+]
+
+; External AAD to be added to any Sig_structure signed by the DICE signing key, with the mandatory
+; field of `uuid_of_payload_struct` of type UUID v4 (RFC 9562). This field is required to ensure
+; that both the signer and the verifier refer to the same payload structure, given that there are
+; various payload structures signed by the DICE signing key in different protocols in Android.
+ExternalAADForDICESigned = [
+ uuid_of_payload_struct: buuid,
+]
+
+; RFC8610 - Section 3.6
+buuid = #6.37(bstr .size 16)
+
+ExternalAADForDICESignedConnectionRequest = [ ; ExternalAADForDICESigned for ConnectionRequest
+ uuid_of_payload_struct: #6.37(ConnectionRequestUuid),
+]
+
+AlgorithmES256 = -7 ; [RFC9053 s2.1]
+AlgorithmEdDSA = -8 ; [RFC9053 s2.2]
diff --git a/security/see/authmgr/aidl/vts/Android.bp b/security/see/authmgr/aidl/vts/Android.bp
new file mode 100644
index 0000000..3d6fce2
--- /dev/null
+++ b/security/see/authmgr/aidl/vts/Android.bp
@@ -0,0 +1,36 @@
+// Copyright (C) 2024 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["Android-Apache-2.0"],
+ default_team: "trendy_team_trusty",
+}
+
+rust_test {
+ name: "VtsAidlAuthMgrNonExistentTest",
+ srcs: ["test.rs"],
+ require_root: true,
+ test_suites: [
+ "general-tests",
+ "vts",
+ ],
+ rustlibs: [
+ "libbinder_rs",
+ ],
+}
diff --git a/security/see/authmgr/aidl/vts/test.rs b/security/see/authmgr/aidl/vts/test.rs
new file mode 100644
index 0000000..45533a7
--- /dev/null
+++ b/security/see/authmgr/aidl/vts/test.rs
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Test for asserting the non-existence of an IAuthMgrAuthorization.aidl
+
+#![cfg(test)]
+
+use binder;
+
+const AUTHMGR_INTERFACE_NAME: &str = "android.hardware.security.see.authmgr.IAuthMgrAuthorization";
+
+#[test]
+fn test_authmgr_non_existence() {
+ let authmgr_instances = match binder::get_declared_instances(AUTHMGR_INTERFACE_NAME) {
+ Ok(vec) => vec,
+ Err(e) => {
+ panic!("failed to retrieve the declared interfaces for AuthMgr: {:?}", e);
+ }
+ };
+ assert!(authmgr_instances.is_empty());
+}