Merge "hwcrypto: Add key token export/import" into main am: 293607e427

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/3122113

Change-Id: I3591cc84dbc93762489e68a4394a48da317eb2cb
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl

@@ -38,6 +38,8 @@ interface IHwCryptoKey {
   android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKey deriveKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKeyParameters parameters);
   android.hardware.security.see.hwcrypto.IHwCryptoOperations getHwCryptoOperations();
   android.hardware.security.see.hwcrypto.IOpaqueKey importClearKey(in android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial keyMaterial, in android.hardware.security.see.hwcrypto.KeyPolicy newKeyPolicy);
+  byte[] getCurrentDicePolicy();
+  android.hardware.security.see.hwcrypto.IOpaqueKey keyTokenImport(in android.hardware.security.see.hwcrypto.types.OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
   enum DeviceKeyId {
     DEVICE_BOUND_KEY,
     BATCH_KEY,

staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl

@@ -36,4 +36,5 @@ interface IOpaqueKey {
   byte[] exportWrappedKey(in android.hardware.security.see.hwcrypto.IOpaqueKey wrappingKey);
   android.hardware.security.see.hwcrypto.KeyPolicy getKeyPolicy();
   byte[] getPublicKey();
+  android.hardware.security.see.hwcrypto.types.OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
 }

staging/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl

@@ -0,0 +1,37 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+//     the interface (from the latest frozen version), the build system will
+//     prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+parcelable OpaqueKeyToken {
+  byte[] keyToken;
+}

staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl

@@ -19,6 +19,7 @@ import android.hardware.security.see.hwcrypto.IHwCryptoOperations;
 import android.hardware.security.see.hwcrypto.IOpaqueKey;
 import android.hardware.security.see.hwcrypto.KeyPolicy;
 import android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial;
+import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
 
 /*
  * Higher level interface to access and generate keys.
@@ -217,4 +218,42 @@ interface IHwCryptoKey {
      *      otherwise.
      */
     IOpaqueKey importClearKey(in ExplicitKeyMaterial keyMaterial, in KeyPolicy newKeyPolicy);
+
+    /*
+     * getCurrentDicePolicy() - Returns the client current DICE policy. This policy is encrypted and
+     *                          considered opaque from the client perspective. This policy is the
+     *                          same used to create DICE bound keys and will also be used to seal
+     *                          secrets that can only be retrieved by the DICE policy owner. The
+     *                          first use of this seal operation will be
+     *                          <code>IOpaqueKey::getShareableToken</code> and
+     *                          <code>IHwCryptoKey::keyTokenImport</code>. To start this process,
+     *                          the intended key receiver will call this function and then pass the
+     *                          generated DICE policy to the owner of the key that the receiver
+     *                          wants to import. The key owner will then call
+     *                          <code>IOpaqueKey::getShareableToken</code> passing the receiver DICE
+     *                          policy to insure that only that receiver can import the key.
+     *
+     * Return:
+     *      byte[] on success, which is the caller encrypted DICE policy.
+     */
+    byte[] getCurrentDicePolicy();
+
+    /*
+     * key_token_import() - Imports a key from a different client service instance. Because
+     *                      IOpaqueKey are binder objects that cannot be directly shared between
+     *                      binder rpc clients, this method provide a way to send a key to another
+     *                      client. Keys to be imported by the receiver are represented by a token
+     *                      created using <code>IOpaqueKey::getShareableToken</code>. The flow
+     *                      to create this token is described in
+     *                      <code>IHwCryptoKey::getCurrentDicePolicy</code>.
+     *
+     * @requested_key:
+     *      Handle to the key to be imported to the caller service.
+     * @sealingDicePolicy:
+     *      DICE policy used to seal the exported key.
+     * Return:
+     *      A IOpaqueKey that can be directly be used on the local HWCrypto service on
+     *      success, service specific error based on <code>HalErrorCode</code> otherwise.
+     */
+    IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
 }

staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl

@@ -16,6 +16,7 @@
 package android.hardware.security.see.hwcrypto;
 
 import android.hardware.security.see.hwcrypto.KeyPolicy;
+import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
 import android.hardware.security.see.hwcrypto.types.OperationType;
 
 interface IOpaqueKey {
@@ -52,4 +53,16 @@ interface IOpaqueKey {
      *      <code>HalErrorCode</code> otherwise. Format used for the returned public key is COSE.
      */
     byte[] getPublicKey();
+
+    /*
+     * getShareableToken() - Returns a token that can shared with another HWCrypto client.
+     *
+     * @sealingDicePolicy:
+     *      Token to be used to protect the returned OpaqueKeyToken. It will be used so only
+     *      the owner of the sealingDicePolicy can import the key.
+     * Return:
+     *      <code>OpaqueKeyMaterial</code> token on success, service specific error based on
+     *      <code>HalErrorCode</code> otherwise.
+     */
+    OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
 }

staging/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl

@@ -0,0 +1,29 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Implementation defined structure that represents a key and its associated metadata. It is only
+ * valid on the current boot, and its reuse after a session is closed (or between sessions) is not
+ * guaranteed.
+ */
+parcelable OpaqueKeyToken {
+    /*
+     * Opaque type used to send IOpaqueKeys keys to different clients. Its format is implementation
+     * dependant.
+     */
+    byte[] keyToken;
+}