diff options
author | Tri Vo <trong@google.com> | 2023-03-20 19:38:04 +0000 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2023-03-20 19:38:04 +0000 |
commit | 128453ec879d19ea90eb0d1baa380c9c3d823019 (patch) | |
tree | ef90e3ecb3bd723e83da81e805e57e21facf6f0b | |
parent | 8c8feac74540f2832b7195311ea00a5a963512a7 (diff) | |
download | security-128453ec879d19ea90eb0d1baa380c9c3d823019.tar.gz |
Revert^2 "Remove android.security.remoteprovisioning interfaces"
These interfaces are deprecated and replaced by
android.security.rkp_aidl ones.
Bug: 273325840
Change-Id: I6f561d7c332fc3cc5921453b5bd5938154b700d0
Test: m
7 files changed, 0 insertions, 377 deletions
diff --git a/keystore2/aidl/Android.bp b/keystore2/aidl/Android.bp index e3961da3..8f5c13b0 100644 --- a/keystore2/aidl/Android.bp +++ b/keystore2/aidl/Android.bp @@ -103,28 +103,6 @@ aidl_interface { } aidl_interface { - name: "android.security.remoteprovisioning", - srcs: [ "android/security/remoteprovisioning/*.aidl" ], - imports: [ - "android.hardware.security.keymint-V3", - "android.hardware.security.rkp-V3", - ], - unstable: true, - backend: { - java: { - platform_apis: true, - }, - ndk: { - enabled: true, - apps_enabled: false, - }, - rust: { - enabled: true, - }, - }, -} - -aidl_interface { name: "android.security.maintenance", srcs: [ "android/security/maintenance/*.aidl" ], imports: [ diff --git a/keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl b/keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl deleted file mode 100644 index 3528b423..00000000 --- a/keystore2/aidl/android/security/remoteprovisioning/AttestationPoolStatus.aidl +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright 2020, The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.remoteprovisioning; - -/** - * This parcelable provides information about the state of the attestation key pool. - * @hide - */ -parcelable AttestationPoolStatus { - /** - * The number of signed attestation certificate chains which will expire when the date provided - * to keystore to check against is reached. - */ - int expiring; - /** - * The number of signed attestation certificate chains which have not yet been assigned to an - * app. This should be less than or equal to signed keys. The remainder of `signed` - - * `unassigned` gives the number of signed keys that have been assigned to an app. - */ - int unassigned; - /** - * The number of signed attestation keys. This should be less than or equal to `total`. The - * remainder of `total` - `attested` gives the number of keypairs available to be sent off to - * the server for signing. - */ - int attested; - /** - * The total number of attestation keys. - */ - int total; -} diff --git a/keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl b/keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl deleted file mode 100644 index ecdc7901..00000000 --- a/keystore2/aidl/android/security/remoteprovisioning/IRemoteProvisioning.aidl +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright (C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.remoteprovisioning; - -import android.hardware.security.keymint.DeviceInfo; -import android.hardware.security.keymint.ProtectedData; -import android.hardware.security.keymint.SecurityLevel; -import android.security.remoteprovisioning.AttestationPoolStatus; -import android.security.remoteprovisioning.ImplInfo; - -/** - * `IRemoteProvisioning` is the interface provided to use the remote provisioning functionality - * provided through KeyStore. The intent is for a higher level system component to use these - * functions in order to drive the process through which the device can receive functioning - * attestation certificates. - * - * ## Error conditions - * Error conditions are reported as service specific errors. - * Positive codes correspond to `android.security.remoteprovisioning.ResponseCode` - * and indicate error conditions diagnosed by the Keystore 2.0 service. - * TODO: Remote Provisioning HAL error code info - * - * `ResponseCode::PERMISSION_DENIED` if the caller does not have the permissions - * to use the RemoteProvisioning API. This permission is defined under access_vectors in SEPolicy - * in the keystore2 class: remotely_provision - * - * `ResponseCode::SYSTEM_ERROR` for any unexpected errors like IO or IPC failures. - * - * @hide - */ -interface IRemoteProvisioning { - - /** - * Returns the status of the attestation key pool in the database. - * - * @param expiredBy The date as seconds since epoch by which to judge expiration status of - * certificates. - * - * @param secLevel The security level to specify which KM instance to get the pool for. - * - * @return The `AttestationPoolStatus` parcelable contains fields communicating information - * relevant to making decisions about when to generate and provision - * more attestation keys. - */ - AttestationPoolStatus getPoolStatus(in long expiredBy, in SecurityLevel secLevel); - - /** - * This is the primary entry point for beginning a remote provisioning flow. The caller - * specifies how many CSRs should be generated and provides an X25519 ECDH public key along - * with a challenge to encrypt privacy sensitive portions of the returned CBOR blob and - * guarantee freshness of the request to the certifying third party. - * - * ## Error conditions - * `ResponseCode::NO_UNSIGNED_KEYS` if there are no unsigned keypairs in the database that can - * be used for the CSRs. - * - * A RemoteProvisioning HAL response code may indicate backend errors such as failed EEK - * verification. - * - * @param testMode Whether or not the TA implementing the Remote Provisioning HAL should accept - * any EEK (Endpoint Encryption Key), or only one signed by a chain - * that verifies back to the Root of Trust baked into the TA. True - * means that any key is accepted. - * - * @param numCsr How many certificate signing requests should be generated. - * - * @param eek A chain of certificates terminating in an X25519 public key, the Endpoint - * Encryption Key. - * - * @param challenge A challenge to be included and MACed in the returned CBOR blob. - * - * @param secLevel The security level to specify which KM instance from which to generate a - * CSR. - * - * @param protectedData The encrypted CBOR blob generated by the remote provisioner - * - * @return A CBOR blob composed of various elements required by the server to verify the - * request. - */ - byte[] generateCsr(in boolean testMode, in int numCsr, in byte[] eek, in byte[] challenge, - in SecurityLevel secLevel, out ProtectedData protectedData, out DeviceInfo deviceInfo); - - /** - * This method provides a way for the returned attestation certificate chains to be provisioned - * to the attestation key database. When an app requests an attesation key, it will be assigned - * one of these certificate chains along with the corresponding private key. - * - * @param publicKey The raw public key encoded in the leaf certificate. - * - * @param batchCert The batch certificate corresponding to the attestation key. Separated for - * the purpose of making Subject lookup for KM attestation easier. - * - * @param certs An X.509, DER encoded certificate chain for the attestation key. - * - * @param expirationDate The expiration date on the certificate chain, provided by the caller - * for convenience. - * - * @param secLevel The security level representing the KM instance containing the key that this - * chain corresponds to. - */ - void provisionCertChain(in byte[] publicKey, in byte[] batchCert, in byte[] certs, - in long expirationDate, in SecurityLevel secLevel); - - /** - * This method allows the caller to instruct KeyStore to generate and store a key pair to be - * used for attestation in the `generateCsr` method. The caller should handle spacing out these - * requests so as not to jam up the KeyStore work queue. - * - * @param is_test_mode Instructs the underlying HAL interface to mark the generated key with a - * tag to indicate that it's for testing. - * - * @param secLevel The security level to specify which KM instance should generate a key pair. - */ - void generateKeyPair(in boolean is_test_mode, in SecurityLevel secLevel); - - /** - * This method returns implementation information for whichever instances of - * IRemotelyProvisionedComponent are running on the device. The RemoteProvisioner app needs to - * know which KM instances it should be generating and managing attestation keys for, and which - * EC curves are supported in those instances. - * - * @return The array of ImplInfo parcelables. - */ - ImplInfo[] getImplementationInfo(); - - /** - * This method deletes all remotely provisioned attestation keys in the database, regardless - * of what state in their life cycle they are in. This is primarily useful to facilitate - * testing. - * - * @return Number of keys deleted - */ - long deleteAllKeys(); -} diff --git a/keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl b/keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl deleted file mode 100644 index 7d45e52e..00000000 --- a/keystore2/aidl/android/security/remoteprovisioning/IRemotelyProvisionedKeyPool.aidl +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.remoteprovisioning; - -import android.security.remoteprovisioning.RemotelyProvisionedKey; - -/** - * This is the interface providing access to remotely-provisioned attestation keys - * for an `IRemotelyProvisionedComponent`. - * - * @hide - */ -interface IRemotelyProvisionedKeyPool { - - /** - * Fetches an attestation key for the given uid and `IRemotelyProvisionedComponent`, as - * identified by the given id. - - * Callers require the keystore2::get_attestation_key permission. - * - * ## Error conditions - * `android.system.keystore2.ResponseCode::PERMISSION_DENIED` if the caller does not have the - * `keystore2::get_attestation_key` permission - * - * @param clientUid The client application for which an attestation key is needed. - * - * @param irpcId The unique identifier for the `IRemotelyProvisionedComponent` for which a key - * is requested. This id may be retrieved from a given component via the - * `IRemotelyProvisionedComponent::getHardwareInfo` function. - * - * @return A `RemotelyProvisionedKey` parcelable containing a key and certification chain for - * the given `IRemotelyProvisionedComponent`. - */ - RemotelyProvisionedKey getAttestationKey(in int clientUid, in @utf8InCpp String irpcId); -} diff --git a/keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl b/keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl deleted file mode 100644 index 9baeb24b..00000000 --- a/keystore2/aidl/android/security/remoteprovisioning/ImplInfo.aidl +++ /dev/null @@ -1,37 +0,0 @@ -/* - * Copyright 2021, The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.remoteprovisioning; - -import android.hardware.security.keymint.SecurityLevel; - -/** - * This parcelable provides information about the underlying IRemotelyProvisionedComponent - * implementation. - * @hide - */ -parcelable ImplInfo { - /** - * The security level of the underlying implementation: TEE or StrongBox. - */ - SecurityLevel secLevel; - /** - * An integer denoting which EC curve is supported in the underlying implementation. The current - * options are either P256 or 25519, with values defined in - * hardware/interfaces/security/keymint/aidl/.../RpcHardwareInfo.aidl - */ - int supportedCurve; -} diff --git a/keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl b/keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl deleted file mode 100644 index ae218550..00000000 --- a/keystore2/aidl/android/security/remoteprovisioning/RemotelyProvisionedKey.aidl +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright 2021, The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.remoteprovisioning; - -/** - * A `RemotelyProvisionedKey` holds an attestation key and the corresponding remotely provisioned - * certificate chain. - * - * @hide - */ -@RustDerive(Eq=true, PartialEq=true) -parcelable RemotelyProvisionedKey { - /** - * The remotely-provisioned key that may be used to sign attestations. The format of this key - * is opaque, and need only be understood by the IRemotelyProvisionedComponent that generated - * it. - * - * Any private key material contained within this blob must be encrypted. - */ - byte[] keyBlob; - - /** - * Sequence of DER-encoded X.509 certificates that make up the attestation key's certificate - * chain. This is the binary encoding for a chain that is supported by Java's - * CertificateFactory.generateCertificates API. - */ - byte[] encodedCertChain; -} diff --git a/keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl b/keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl deleted file mode 100644 index c9877db5..00000000 --- a/keystore2/aidl/android/security/remoteprovisioning/ResponseCode.aidl +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Copyright 2020, The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.remoteprovisioning; - -@Backing(type="int") -/** @hide */ -enum ResponseCode { - /** - * Returned if there are no keys available in the database to be used in a CSR - */ - NO_UNSIGNED_KEYS = 1, - /** - * The caller has imrproper SELinux permissions to access the Remote Provisioning API. - */ - PERMISSION_DENIED = 2, - /** - * An unexpected error occurred, likely with IO or IPC. - */ - SYSTEM_ERROR = 3, -} |