diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl index 88c479c7d2..f56646227b 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl +++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl @@ -35,6 +35,7 @@ package android.hardware.security.keymint; /* @hide */ @VintfStability interface IRemotelyProvisionedComponent { + android.hardware.security.keymint.RpcHardwareInfo getHardwareInfo(); byte[] generateEcdsaP256KeyPair(in boolean testMode, out android.hardware.security.keymint.MacedPublicKey macedPublicKey); byte[] generateCertificateRequest(in boolean testMode, in android.hardware.security.keymint.MacedPublicKey[] keysToSign, in byte[] endpointEncryptionCertChain, in byte[] challenge, out android.hardware.security.keymint.DeviceInfo deviceInfo, out android.hardware.security.keymint.ProtectedData protectedData); const int STATUS_FAILED = 1; diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/RpcHardwareInfo.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/RpcHardwareInfo.aidl new file mode 100644 index 0000000000..06bce19c82 --- /dev/null +++ b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/RpcHardwareInfo.aidl @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL file. Do not edit it manually. There are +// two cases: +// 1). this is a frozen version file - do not edit this in any case. +// 2). this is a 'current' file. If you make a backwards compatible change to +// the interface (from the latest frozen version), the build system will +// prompt you to update this file with `m -update-api`. +// +// You must not make a backward incompatible change to any AIDL file built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.security.keymint; +/* @hide */ +@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability +parcelable RpcHardwareInfo { + int versionNumber; + @utf8InCpp String rpcAuthorName; + int supportedEekCurve = 0; + const int CURVE_NONE = 0; + const int CURVE_P256 = 1; + const int CURVE_25519 = 2; +} diff --git a/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl index 1ae6762420..b6285d91eb 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl @@ -19,6 +19,7 @@ package android.hardware.security.keymint; import android.hardware.security.keymint.DeviceInfo; import android.hardware.security.keymint.MacedPublicKey; import android.hardware.security.keymint.ProtectedData; +import android.hardware.security.keymint.RpcHardwareInfo; /** * An IRemotelyProvisionedComponent is a secure-side component for which certificates can be @@ -120,6 +121,12 @@ interface IRemotelyProvisionedComponent { const int STATUS_TEST_KEY_IN_PRODUCTION_REQUEST = 4; const int STATUS_INVALID_EEK = 5; + /** + * @return info which contains information about the underlying IRemotelyProvisionedComponent + * hardware, such as version number, component name, author name, and supported curve. + */ + RpcHardwareInfo getHardwareInfo(); + /** * generateKeyPair generates a new ECDSA P-256 key pair that can be certified. Note that this * method only generates ECDSA P-256 key pairs, but the interface can be extended to add methods diff --git a/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl b/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl new file mode 100644 index 0000000000..d297f871fb --- /dev/null +++ b/security/keymint/aidl/android/hardware/security/keymint/RpcHardwareInfo.aidl @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.hardware.security.keymint; + +/** + * RpcHardwareInfo is the hardware information returned by calling RemotelyProvisionedComponent + * getHardwareInfo() + * @hide + */ +@VintfStability +@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true) +parcelable RpcHardwareInfo { + const int CURVE_NONE = 0; + const int CURVE_P256 = 1; + const int CURVE_25519 = 2; + + /** + * Implementation version of the remotely provisioned component hardware. The version number is + * implementation defined, and not necessarily globally meaningful. The version is used to + * distinguish between different versions of a given implementation. + */ + int versionNumber; + + /** + * rpcAuthorName is the name of the author of the IRemotelyProvisionedComponent implementation + * (organization name, not individual). This name is implementation defined, so it can be used + * to distinguish between different implementations from the same author. + */ + @utf8InCpp String rpcAuthorName; + + /** + * supportedEekCurve returns an int representing which curve is supported for validating + * signatures over the Endpoint Encryption Key certificate chain and for using the corresponding + * signed encryption key in ECDH. Only one curve should be supported, with preference for 25519 + * if it's available. These values are defined as constants above. + * + * CURVE_NONE is made the default to help ensure that an implementor doesn't accidentally forget + * to provide the correct information here, as the VTS tests will check to make certain that + * a passing implementation does not provide CURVE_NONE. + */ + int supportedEekCurve = CURVE_NONE; +} diff --git a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp index 6007663b58..e21efb7396 100644 --- a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp +++ b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp @@ -124,6 +124,13 @@ RemotelyProvisionedComponent::RemotelyProvisionedComponent( RemotelyProvisionedComponent::~RemotelyProvisionedComponent() {} +ScopedAStatus RemotelyProvisionedComponent::getHardwareInfo(RpcHardwareInfo* info) { + info->versionNumber = 1; + info->rpcAuthorName = "Google"; + info->supportedEekCurve = RpcHardwareInfo::CURVE_25519; + return ScopedAStatus::ok(); +} + ScopedAStatus RemotelyProvisionedComponent::generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey, bytevec* privateKeyHandle) { diff --git a/security/keymint/aidl/default/RemotelyProvisionedComponent.h b/security/keymint/aidl/default/RemotelyProvisionedComponent.h index 4b012bceb8..ff54d0406f 100644 --- a/security/keymint/aidl/default/RemotelyProvisionedComponent.h +++ b/security/keymint/aidl/default/RemotelyProvisionedComponent.h @@ -32,6 +32,8 @@ class RemotelyProvisionedComponent : public BnRemotelyProvisionedComponent { explicit RemotelyProvisionedComponent(std::shared_ptr keymint); virtual ~RemotelyProvisionedComponent(); + ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override; + ScopedAStatus generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey, std::vector* privateKeyHandle) override;