Merge "KeyMint HAL: add curve 25519, bump version" am: f21e1a5c4a am: 5a63e3ea57 am: e373da49f8 am: e274e87d59

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1900930 Change-Id: Id2cc500639fe34fdd84fbbaa67c5092033b51267
2021-12-13 16:06:50 +00:00 · 2021-12-13 16:06:50 +00:00 · 92b51f25f7
commit 92b51f25f7
parent ee18fa3bad e274e87d59
7 changed files with 35 additions and 12 deletions
--- a/compatibility_matrices/compatibility_matrix.current.xml
+++ b/compatibility_matrices/compatibility_matrix.current.xml
@ -381,7 +381,7 @@
    </hal>
    <hal format="aidl" optional="true">
        <name>android.hardware.security.keymint</name>
-        <version>1</version>
+        <version>1-2</version>
        <interface>
            <name>IKeyMintDevice</name>
            <instance>default</instance>
@ -390,6 +390,7 @@
    </hal>
    <hal format="aidl" optional="true">
        <name>android.hardware.security.keymint</name>
+        <version>1-2</version>
        <interface>
            <name>IRemotelyProvisionedComponent</name>
            <instance>default</instance>
--- a/security/keymint/aidl/Android.bp
+++ b/security/keymint/aidl/Android.bp
@ -45,14 +45,14 @@ aidl_interface {
 cc_defaults {
    name: "keymint_use_latest_hal_aidl_ndk_static",
    static_libs: [
-        "android.hardware.security.keymint-V1-ndk",
+        "android.hardware.security.keymint-V2-ndk",
    ],
 }

 cc_defaults {
    name: "keymint_use_latest_hal_aidl_ndk_shared",
    shared_libs: [
-        "android.hardware.security.keymint-V1-ndk",
+        "android.hardware.security.keymint-V2-ndk",
    ],
 }

@ -62,6 +62,6 @@ cc_defaults {
 rust_defaults {
    name: "keymint_use_latest_hal_aidl_rust",
    rustlibs: [
-        "android.hardware.security.keymint-V1-rust",
+        "android.hardware.security.keymint-V2-rust",
    ],
 }
--- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl
+++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl
@ -39,4 +39,5 @@ enum EcCurve {
  P_256 = 1,
  P_384 = 2,
  P_521 = 3,
+  CURVE_25519 = 4,
 }
--- a/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl
@ -27,4 +27,5 @@ enum EcCurve {
    P_256 = 1,
    P_384 = 2,
    P_521 = 3,
+    CURVE_25519 = 4,
 }
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@ -93,6 +93,11 @@ import android.hardware.security.secureclock.TimeStampToken;
 *        P-521.  STRONGBOX IKeyMintDevices must support NIST curve P-256.
 *      - TRUSTED_ENVIRONMENT IKeyMintDevices must support SHA1, SHA-2 224, SHA-2 256, SHA-2
 *        384 and SHA-2 512 digest modes.  STRONGBOX IKeyMintDevices must support SHA-2 256.
+ *      - TRUSTED_ENVRIONMENT IKeyMintDevices must support curve 25519 for Purpose::SIGN (Ed25519,
+ *        as specified in RFC 8032), Purpose::ATTEST_KEY (Ed25519) or for KeyPurpose::AGREE_KEY
+ *        (X25519, as specified in RFC 7748).  However, a key must have exactly one of these
+ *        purpose values; the same key cannot be used for multiple purposes.
+ *        STRONGBOX IKeyMintDevices do not support curve 25519.
 *
 * o   AES
 *
@ -287,7 +292,7 @@ interface IKeyMintDevice {
     *   except AGREE_KEY must be supported for RSA keys.
     *
     * o Tag::DIGEST specifies digest algorithms that may be used with the new key.  TEE
-     *   IKeyMintDevice implementations must support all Digest values (see digest.aidl) for RSA
+     *   IKeyMintDevice implementations must support all Digest values (see Digest.aidl) for RSA
     *   keys.  StrongBox IKeyMintDevice implementations must support SHA_2_256.
     *
     * o Tag::PADDING specifies the padding modes that may be used with the new
@ -298,13 +303,24 @@ interface IKeyMintDevice {
     * == ECDSA Keys ==
     *
     * Tag::EC_CURVE must be provided to generate an ECDSA key.  If it is not provided, generateKey
-     * must return ErrorCode::UNSUPPORTED_KEY_SIZE. TEE IKeyMintDevice implementations must support
-     * all curves.  StrongBox implementations must support P_256.
-
+     * must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE. TEE
+     * IKeyMintDevice implementations must support all required curves.  StrongBox implementations
+     * must support P_256 and no other curves.
+     *
     * Tag::CERTIFICATE_NOT_BEFORE and Tag::CERTIFICATE_NOT_AFTER must be provided to specify the
     * valid date range for the returned X.509 certificate holding the public key. If omitted,
     * generateKey must return ErrorCode::MISSING_NOT_BEFORE or ErrorCode::MISSING_NOT_AFTER.
     *
+     * Keys with EC_CURVE of EcCurve::CURVE_25519 must have exactly one purpose in the set
+     * {KeyPurpose::SIGN, KeyPurpose::ATTEST_KEY, KeyPurpose::AGREE_KEY}.  Key generation with more
+     * than one purpose should be rejected with ErrorCode::INCOMPATIBLE_PURPOSE.
+     * StrongBox implementation do not support CURVE_25519.
+     *
+     * Tag::DIGEST specifies digest algorithms that may be used with the new key.  TEE
+     * IKeyMintDevice implementations must support all Digest values (see Digest.aidl) for ECDSA
+     * keys; Ed25519 keys only support Digest::NONE. StrongBox IKeyMintDevice implementations must
+     * support SHA_2_256.
+     *
     * == AES Keys ==
     *
     * Only Tag::KEY_SIZE is required to generate an AES key.  If omitted, generateKey must return
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl
@ -25,8 +25,10 @@ package android.hardware.security.keymint;
 enum KeyFormat {
    /** X.509 certificate format, for public key export. */
    X509 = 0,
-    /** PCKS#8 format, asymmetric key pair import. */
+    /** PKCS#8 format, asymmetric key pair import. */
    PKCS8 = 1,
-    /** Raw bytes, for symmetric key import. */
+    /**
+     * Raw bytes, for symmetric key import, and for import of raw asymmetric keys for curve 25519.
+     */
    RAW = 3,
 }
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@ -6609,7 +6609,7 @@ INSTANTIATE_KEYMINT_AIDL_TEST(TransportLimitTest);

 typedef KeyMintAidlTestBase KeyAgreementTest;

-int CurveToOpenSslCurveName(EcCurve curve) {
+static int EcdhCurveToOpenSslCurveName(EcCurve curve) {
    switch (curve) {
        case EcCurve::P_224:
            return NID_secp224r1;
@ -6619,6 +6619,8 @@ int CurveToOpenSslCurveName(EcCurve curve) {
            return NID_secp384r1;
        case EcCurve::P_521:
            return NID_secp521r1;
+        case EcCurve::CURVE_25519:
+            return NID_X25519;
    }
 }

@ -6640,7 +6642,7 @@ TEST_P(KeyAgreementTest, Ecdh) {
        for (auto localCurve : ValidCurves()) {
            // Generate EC key locally (with access to private key material)
            auto ecKey = EC_KEY_Ptr(EC_KEY_new());
-            int curveName = CurveToOpenSslCurveName(localCurve);
+            int curveName = EcdhCurveToOpenSslCurveName(localCurve);
            auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(curveName));
            ASSERT_NE(group, nullptr);
            ASSERT_EQ(EC_KEY_set_group(ecKey.get(), group.get()), 1);