tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Revert^2 "Remove android.security.remoteprovisioning interfaces"

Browse source 
These interfaces are deprecated and replaced by
android.security.rkp_aidl ones.

Bug: 273325840
Change-Id: I6f561d7c332fc3cc5921453b5bd5938154b700d0
Test: m
This commit is contained in:
Tri Vo 2023-03-20 19:38:04 +00:00 committed by Gerrit Code Review
parent 8c8feac745
commit 128453ec87
7 changed files with 0 additions and 377 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
keystore2/aidl/Android.bp
View file

@ -102,28 +102,6 @@ aidl_interface {
},
}
aidl_interface {
name: "android.security.remoteprovisioning",
srcs: [ "android/security/remoteprovisioning/*.aidl" ],
imports: [
"android.hardware.security.keymint-V3",
"android.hardware.security.rkp-V3",
],
unstable: true,
backend: {
java: {
platform_apis: true,
},
ndk: {
enabled: true,
apps_enabled: false,
},
rust: {
enabled: true,
},
},
}
aidl_interface {
name: "android.security.maintenance",
srcs: [ "android/security/maintenance/*.aidl" ],

45
keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl
View file

@ -1,45 +0,0 @@
/*
* Copyright 2020, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security.remoteprovisioning;
/**
* This parcelable provides information about the state of the attestation key pool.
* @hide
*/
parcelable AttestationPoolStatus {
/**
* The number of signed attestation certificate chains which will expire when the date provided
* to keystore to check against is reached.
*/
int expiring;
/**
* The number of signed attestation certificate chains which have not yet been assigned to an
* app. This should be less than or equal to signed keys. The remainder of `signed` -
* `unassigned` gives the number of signed keys that have been assigned to an app.
*/
int unassigned;
/**
* The number of signed attestation keys. This should be less than or equal to `total`. The
* remainder of `total` - `attested` gives the number of keypairs available to be sent off to
* the server for signing.
*/
int attested;
/**
* The total number of attestation keys.
*/
int total;
}

148
keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl
View file

@ -1,148 +0,0 @@
/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security.remoteprovisioning;
import android.hardware.security.keymint.DeviceInfo;
import android.hardware.security.keymint.ProtectedData;
import android.hardware.security.keymint.SecurityLevel;
import android.security.remoteprovisioning.AttestationPoolStatus;
import android.security.remoteprovisioning.ImplInfo;
/**
* `IRemoteProvisioning` is the interface provided to use the remote provisioning functionality
* provided through KeyStore. The intent is for a higher level system component to use these
* functions in order to drive the process through which the device can receive functioning
* attestation certificates.
*
* ## Error conditions
* Error conditions are reported as service specific errors.
* Positive codes correspond to `android.security.remoteprovisioning.ResponseCode`
* and indicate error conditions diagnosed by the Keystore 2.0 service.
* TODO: Remote Provisioning HAL error code info
*
* `ResponseCode::PERMISSION_DENIED` if the caller does not have the permissions
* to use the RemoteProvisioning API. This permission is defined under access_vectors in SEPolicy
* in the keystore2 class: remotely_provision
*
* `ResponseCode::SYSTEM_ERROR` for any unexpected errors like IO or IPC failures.
*
* @hide
*/
interface IRemoteProvisioning {
/**
* Returns the status of the attestation key pool in the database.
*
* @param expiredBy The date as seconds since epoch by which to judge expiration status of
* certificates.
*
* @param secLevel The security level to specify which KM instance to get the pool for.
*
* @return The `AttestationPoolStatus` parcelable contains fields communicating information
* relevant to making decisions about when to generate and provision
* more attestation keys.
*/
AttestationPoolStatus getPoolStatus(in long expiredBy, in SecurityLevel secLevel);
/**
* This is the primary entry point for beginning a remote provisioning flow. The caller
* specifies how many CSRs should be generated and provides an X25519 ECDH public key along
* with a challenge to encrypt privacy sensitive portions of the returned CBOR blob and
* guarantee freshness of the request to the certifying third party.
*
* ## Error conditions
* `ResponseCode::NO_UNSIGNED_KEYS` if there are no unsigned keypairs in the database that can
* be used for the CSRs.
*
* A RemoteProvisioning HAL response code may indicate backend errors such as failed EEK
* verification.
*
* @param testMode Whether or not the TA implementing the Remote Provisioning HAL should accept
* any EEK (Endpoint Encryption Key), or only one signed by a chain
* that verifies back to the Root of Trust baked into the TA. True
* means that any key is accepted.
*
* @param numCsr How many certificate signing requests should be generated.
*
* @param eek A chain of certificates terminating in an X25519 public key, the Endpoint
* Encryption Key.
*
* @param challenge A challenge to be included and MACed in the returned CBOR blob.
*
* @param secLevel The security level to specify which KM instance from which to generate a
* CSR.
*
* @param protectedData The encrypted CBOR blob generated by the remote provisioner
*
* @return A CBOR blob composed of various elements required by the server to verify the
* request.
*/
byte[] generateCsr(in boolean testMode, in int numCsr, in byte[] eek, in byte[] challenge,
in SecurityLevel secLevel, out ProtectedData protectedData, out DeviceInfo deviceInfo);
/**
* This method provides a way for the returned attestation certificate chains to be provisioned
* to the attestation key database. When an app requests an attesation key, it will be assigned
* one of these certificate chains along with the corresponding private key.
*
* @param publicKey The raw public key encoded in the leaf certificate.
*
* @param batchCert The batch certificate corresponding to the attestation key. Separated for
* the purpose of making Subject lookup for KM attestation easier.
*
* @param certs An X.509, DER encoded certificate chain for the attestation key.
*
* @param expirationDate The expiration date on the certificate chain, provided by the caller
* for convenience.
*
* @param secLevel The security level representing the KM instance containing the key that this
* chain corresponds to.
*/
void provisionCertChain(in byte[] publicKey, in byte[] batchCert, in byte[] certs,
in long expirationDate, in SecurityLevel secLevel);
/**
* This method allows the caller to instruct KeyStore to generate and store a key pair to be
* used for attestation in the `generateCsr` method. The caller should handle spacing out these
* requests so as not to jam up the KeyStore work queue.
*
* @param is_test_mode Instructs the underlying HAL interface to mark the generated key with a
* tag to indicate that it's for testing.
*
* @param secLevel The security level to specify which KM instance should generate a key pair.
*/
void generateKeyPair(in boolean is_test_mode, in SecurityLevel secLevel);
/**
* This method returns implementation information for whichever instances of
* IRemotelyProvisionedComponent are running on the device. The RemoteProvisioner app needs to
* know which KM instances it should be generating and managing attestation keys for, and which
* EC curves are supported in those instances.
*
* @return The array of ImplInfo parcelables.
*/
ImplInfo[] getImplementationInfo();
/**
* This method deletes all remotely provisioned attestation keys in the database, regardless
* of what state in their life cycle they are in. This is primarily useful to facilitate
* testing.
*
* @return Number of keys deleted
*/
long deleteAllKeys();
}

49
keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl
View file

@ -1,49 +0,0 @@
/*
* Copyright (C) 2021 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security.remoteprovisioning;
import android.security.remoteprovisioning.RemotelyProvisionedKey;
/**
* This is the interface providing access to remotely-provisioned attestation keys
* for an `IRemotelyProvisionedComponent`.
*
* @hide
*/
interface IRemotelyProvisionedKeyPool {
/**
* Fetches an attestation key for the given uid and `IRemotelyProvisionedComponent`, as
* identified by the given id.
* Callers require the keystore2::get_attestation_key permission.
*
* ## Error conditions
* `android.system.keystore2.ResponseCode::PERMISSION_DENIED` if the caller does not have the
* `keystore2::get_attestation_key` permission
*
* @param clientUid The client application for which an attestation key is needed.
*
* @param irpcId The unique identifier for the `IRemotelyProvisionedComponent` for which a key
* is requested. This id may be retrieved from a given component via the
* `IRemotelyProvisionedComponent::getHardwareInfo` function.
*
* @return A `RemotelyProvisionedKey` parcelable containing a key and certification chain for
* the given `IRemotelyProvisionedComponent`.
*/
RemotelyProvisionedKey getAttestationKey(in int clientUid, in @utf8InCpp String irpcId);
}

37
keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl
View file

@ -1,37 +0,0 @@
/*
* Copyright 2021, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security.remoteprovisioning;
import android.hardware.security.keymint.SecurityLevel;
/**
* This parcelable provides information about the underlying IRemotelyProvisionedComponent
* implementation.
* @hide
*/
parcelable ImplInfo {
/**
* The security level of the underlying implementation: TEE or StrongBox.
*/
SecurityLevel secLevel;
/**
* An integer denoting which EC curve is supported in the underlying implementation. The current
* options are either P256 or 25519, with values defined in
* hardware/interfaces/security/keymint/aidl/.../RpcHardwareInfo.aidl
*/
int supportedCurve;
}

42
keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl
View file

@ -1,42 +0,0 @@
/*
* Copyright 2021, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security.remoteprovisioning;
/**
* A `RemotelyProvisionedKey` holds an attestation key and the corresponding remotely provisioned
* certificate chain.
*
* @hide
*/
@RustDerive(Eq=true, PartialEq=true)
parcelable RemotelyProvisionedKey {
/**
* The remotely-provisioned key that may be used to sign attestations. The format of this key
* is opaque, and need only be understood by the IRemotelyProvisionedComponent that generated
* it.
*
* Any private key material contained within this blob must be encrypted.
*/
byte[] keyBlob;
/**
* Sequence of DER-encoded X.509 certificates that make up the attestation key's certificate
* chain. This is the binary encoding for a chain that is supported by Java's
* CertificateFactory.generateCertificates API.
*/
byte[] encodedCertChain;
}

34
keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl
View file

@ -1,34 +0,0 @@
/*
* Copyright 2020, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security.remoteprovisioning;
@Backing(type="int")
/** @hide */
enum ResponseCode {
/**
* Returned if there are no keys available in the database to be used in a CSR
*/
NO_UNSIGNED_KEYS = 1,
/**
* The caller has imrproper SELinux permissions to access the Remote Provisioning API.
*/
PERMISSION_DENIED = 2,
/**
* An unexpected error occurred, likely with IO or IPC.
*/
SYSTEM_ERROR = 3,
}