diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl index 3763f0a39a..6837a2f2e0 100644 --- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl +++ b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl @@ -38,6 +38,8 @@ interface IHwCryptoKey { android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKey deriveKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKeyParameters parameters); android.hardware.security.see.hwcrypto.IHwCryptoOperations getHwCryptoOperations(); android.hardware.security.see.hwcrypto.IOpaqueKey importClearKey(in android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial keyMaterial, in android.hardware.security.see.hwcrypto.KeyPolicy newKeyPolicy); + byte[] getCurrentDicePolicy(); + android.hardware.security.see.hwcrypto.IOpaqueKey keyTokenImport(in android.hardware.security.see.hwcrypto.types.OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy); enum DeviceKeyId { DEVICE_BOUND_KEY, BATCH_KEY, diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl index 9cbf272ff9..c74e71f50b 100644 --- a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl +++ b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl @@ -36,4 +36,5 @@ interface IOpaqueKey { byte[] exportWrappedKey(in android.hardware.security.see.hwcrypto.IOpaqueKey wrappingKey); android.hardware.security.see.hwcrypto.KeyPolicy getKeyPolicy(); byte[] getPublicKey(); + android.hardware.security.see.hwcrypto.types.OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy); } diff --git a/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl new file mode 100644 index 0000000000..fc2dd63e3d --- /dev/null +++ b/staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl @@ -0,0 +1,37 @@ +/* + * Copyright 2024 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL file. Do not edit it manually. There are +// two cases: +// 1). this is a frozen version file - do not edit this in any case. +// 2). this is a 'current' file. If you make a backwards compatible change to +// the interface (from the latest frozen version), the build system will +// prompt you to update this file with `m -update-api`. +// +// You must not make a backward incompatible change to any AIDL file built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.security.see.hwcrypto.types; +parcelable OpaqueKeyToken { + byte[] keyToken; +} diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl index b5e7e9d740..e472f4c101 100644 --- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl +++ b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl @@ -19,6 +19,7 @@ import android.hardware.security.see.hwcrypto.IHwCryptoOperations; import android.hardware.security.see.hwcrypto.IOpaqueKey; import android.hardware.security.see.hwcrypto.KeyPolicy; import android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial; +import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken; /* * Higher level interface to access and generate keys. @@ -217,4 +218,42 @@ interface IHwCryptoKey { * otherwise. */ IOpaqueKey importClearKey(in ExplicitKeyMaterial keyMaterial, in KeyPolicy newKeyPolicy); + + /* + * getCurrentDicePolicy() - Returns the client current DICE policy. This policy is encrypted and + * considered opaque from the client perspective. This policy is the + * same used to create DICE bound keys and will also be used to seal + * secrets that can only be retrieved by the DICE policy owner. The + * first use of this seal operation will be + * IOpaqueKey::getShareableToken and + * IHwCryptoKey::keyTokenImport. To start this process, + * the intended key receiver will call this function and then pass the + * generated DICE policy to the owner of the key that the receiver + * wants to import. The key owner will then call + * IOpaqueKey::getShareableToken passing the receiver DICE + * policy to insure that only that receiver can import the key. + * + * Return: + * byte[] on success, which is the caller encrypted DICE policy. + */ + byte[] getCurrentDicePolicy(); + + /* + * key_token_import() - Imports a key from a different client service instance. Because + * IOpaqueKey are binder objects that cannot be directly shared between + * binder rpc clients, this method provide a way to send a key to another + * client. Keys to be imported by the receiver are represented by a token + * created using IOpaqueKey::getShareableToken. The flow + * to create this token is described in + * IHwCryptoKey::getCurrentDicePolicy. + * + * @requested_key: + * Handle to the key to be imported to the caller service. + * @sealingDicePolicy: + * DICE policy used to seal the exported key. + * Return: + * A IOpaqueKey that can be directly be used on the local HWCrypto service on + * success, service specific error based on HalErrorCode otherwise. + */ + IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy); } diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl index 0d0f6131f5..eba4d1ce5e 100644 --- a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl +++ b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl @@ -16,6 +16,7 @@ package android.hardware.security.see.hwcrypto; import android.hardware.security.see.hwcrypto.KeyPolicy; +import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken; import android.hardware.security.see.hwcrypto.types.OperationType; interface IOpaqueKey { @@ -52,4 +53,16 @@ interface IOpaqueKey { * HalErrorCode otherwise. Format used for the returned public key is COSE. */ byte[] getPublicKey(); + + /* + * getShareableToken() - Returns a token that can shared with another HWCrypto client. + * + * @sealingDicePolicy: + * Token to be used to protect the returned OpaqueKeyToken. It will be used so only + * the owner of the sealingDicePolicy can import the key. + * Return: + * OpaqueKeyMaterial token on success, service specific error based on + * HalErrorCode otherwise. + */ + OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy); } diff --git a/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl new file mode 100644 index 0000000000..db95c180e1 --- /dev/null +++ b/staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl @@ -0,0 +1,29 @@ +/* + * Copyright 2024 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package android.hardware.security.see.hwcrypto.types; + +/* + * Implementation defined structure that represents a key and its associated metadata. It is only + * valid on the current boot, and its reuse after a session is closed (or between sessions) is not + * guaranteed. + */ +parcelable OpaqueKeyToken { + /* + * Opaque type used to send IOpaqueKeys keys to different clients. Its format is implementation + * dependant. + */ + byte[] keyToken; +}