Merge "deriveDicePolicyBoundKey AIDL definition" into main am: 22c8d13258
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3026285
Change-Id: Ic4de51259120e36e795b8cf953574436d8a027f6
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
new file mode 100644
index 0000000..0951fb2
--- /dev/null
+++ b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+interface IHwCryptoKey {
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey();
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundKeyResult deriveDicePolicyBoundKey(in byte[] dicePolicyForKeyVersion);
+ parcelable DiceCurrentBoundKeyResult {
+ android.hardware.security.see.hwcrypto.IOpaqueKey diceBoundKey;
+ byte[] dicePolicyForKeyVersion;
+ }
+ parcelable DiceBoundKeyResult {
+ android.hardware.security.see.hwcrypto.IOpaqueKey diceBoundKey;
+ boolean dicePolicyWasCurrent;
+ }
+}
diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
new file mode 100644
index 0000000..9cf1880
--- /dev/null
+++ b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.IOpaqueKey;
+import android.hardware.security.see.hwcrypto.KeyPolicy;
+
+/*
+ * Higher level interface to access and generate keys.
+ */
+interface IHwCryptoKey {
+ parcelable DiceCurrentBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Current dice policy which was used to generate the returned key. This policy is
+ * opaque from this service perspective (it will be sent to an Authentication Manager
+ * Service to be verified). It follows the structure defined on DicePolicy.cddl, located
+ * under hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/
+ * with the caveat that it could be encrypted if the client does not have enough permissions
+ * to see the device dice policy information.
+ */
+ byte[] dicePolicyForKeyVersion;
+ }
+
+ parcelable DiceBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Indicates if the diceBoundKey returned was created using a current DICE policy. The
+ * caller can use this to detect if an old policy was provided and rotate its keys if so
+ * desired. Old, valid policies remain usable, but care needs to be taken to not continue to
+ * use a potentially compromised key.
+ */
+ boolean dicePolicyWasCurrent;
+ }
+
+ /*
+ * deriveCurrentDicePolicyBoundKey() - Derives a versioned key tied to the caller's current DICE
+ * policy. It will return this current policy back to the caller
+ * along with the generated key.
+ *
+ * Return:
+ * Ok(DiceCurrentBoundKeyResult) on success, service specific error based on
+ * <code>HalErrorCode</code> otherwise.
+ */
+ DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey();
+
+ /*
+ * deriveDicePolicyBoundKey() - Derive a versioned key by checking the provided DICE policy
+ * against the caller and then using it as a context for deriving
+ * the returned key.
+ *
+ * @dicePolicyForKeyVersion:
+ * Policy used to derive keys tied to specific versions. Using this parameter
+ * the caller can tie a derived key to a minimum version of itself, so in the future only
+ * itself or a more recent version can derive the same key. This parameter is opaque to the
+ * caller and it could be encrypted in the case the client doesn't have permission to know
+ * the dice chain.
+ * When implementing this function, this parameter shall be one of the components fed
+ * to the KDF context and it needs to be checked against the caller DICE certificate before
+ * being used.
+ *
+ * Return:
+ * Ok(DiceBoundKeyResult) on success, service specific error based on
+ * <code>HalErrorCode</code> otherwise.
+ */
+ DiceBoundKeyResult deriveDicePolicyBoundKey(in byte[] dicePolicyForKeyVersion);
+}