Google Git
Sign in
android/platform/system/hardware/interfaces/56fde8e14f5f1d86c098d43a1355b63e97b147dd^1..56fde8e14f5f1d86c098d43a1355b63e97b147dd/.
commit
56fde8e14f5f1d86c098d43a1355b63e97b147dd
[log]
author
Karuna Wadhera <kwadhera@google.com>
Fri Nov 15 04:57:53 2024 +0000
committer
Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
Fri Nov 15 04:57:53 2024 +0000
tree
f7c74bd29b8085bd5f786f665096a5d18c420d09
parent
642693d17e94c6a407d478ccc757b10ae3ec28c6 [diff]
parent
7aa858ad03b921949877d0791edc2d3773aaa23c [diff]
Merge "Add getSupplementaryAttestationInfo" into main am: 9d2c2205f9 am: 7aa858ad03

Original change: https://android-review.googlesource.com/c/platform/system/hardware/interfaces/+/3343440

Change-Id: Ibea709ed56e64cc94df9c5d6589cd03e3bd20263
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
index d2f03cf..0c292c8 100644
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl
+++ b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/IKeystoreService.aidl

@@ -47,4 +47,5 @@
   void ungrant(in android.system.keystore2.KeyDescriptor key, in int granteeUid);
   int getNumberOfEntries(in android.system.keystore2.Domain domain, in long nspace);
   android.system.keystore2.KeyDescriptor[] listEntriesBatched(in android.system.keystore2.Domain domain, in long nspace, in @nullable String startingPastAlias);
+  byte[] getSupplementaryAttestationInfo(in android.hardware.security.keymint.Tag tag);
 }

diff --git a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl
index e1ff0bb..51dddf0 100644
--- a/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl
+++ b/keystore2/aidl/aidl_api/android.system.keystore2/current/android/system/keystore2/ResponseCode.aidl

@@ -55,4 +55,5 @@
   OUT_OF_KEYS_TRANSIENT_ERROR = 25,
   OUT_OF_KEYS_PERMANENT_ERROR = 26,
   GET_ATTESTATION_APPLICATION_ID_FAILED = 27,
+  INFO_NOT_AVAILABLE = 28,
 }

diff --git a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
index 9beac0a..666985c 100644
--- a/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl
+++ b/keystore2/aidl/android/system/keystore2/IKeystoreService.aidl

@@ -17,14 +17,15 @@
 package android.system.keystore2;
 
 import android.hardware.security.keymint.SecurityLevel;
+import android.hardware.security.keymint.Tag;
 import android.system.keystore2.Domain;
 import android.system.keystore2.IKeystoreSecurityLevel;
 import android.system.keystore2.KeyDescriptor;
 import android.system.keystore2.KeyEntryResponse;
 
 /**
- * `IKeystoreService` is the primary interface to Keystore. It provides
- * access simple database bound requests. Request that require interactions
+ * `IKeystoreService` is the primary interface to Keystore. It primarily provides
+ * access to simple database bound requests. Request that require interactions
  * with a KeyMint backend are delegated to `IKeystoreSecurityLevel` which
  * may be acquired through this interface as well.
  *
@@ -246,4 +247,19 @@
     KeyDescriptor[] listEntriesBatched(in Domain domain, in long nspace,
             in @nullable String startingPastAlias);
 
+    /**
+     * Returns tag-specific info required to interpret a tag's attested value.
+     * Attested values themselves are located in the attestation certificate.
+     *
+     * The semantics of the return value is specific to the input tag:
+     *
+     * o Tag::MODULE_HASH: returns the DER-encoded structure corresponding to the `Modules` schema
+     *   described in the KeyMint HAL's KeyCreationResult.aidl. The SHA-256 hash of this encoded
+     *   structure is what's included with the tag in attestations.
+     *
+     * ## Error conditions
+     * `ResponseCode::INVALID_ARGUMENT` if `tag` is not specified in the list above.
+     * `ResponseCode::INFO_NOT_AVAILABLE` if `IKeystoreService` does not have the requested info.
+     */
+    byte[] getSupplementaryAttestationInfo(in Tag tag);
 }

diff --git a/keystore2/aidl/android/system/keystore2/ResponseCode.aidl b/keystore2/aidl/android/system/keystore2/ResponseCode.aidl
index 4fe7db3..0424f5b 100644
--- a/keystore2/aidl/android/system/keystore2/ResponseCode.aidl
+++ b/keystore2/aidl/android/system/keystore2/ResponseCode.aidl

@@ -137,4 +137,8 @@
      */
     GET_ATTESTATION_APPLICATION_ID_FAILED = 27,
 
+    /**
+     * Indicates that some information is not available.
+     */
+    INFO_NOT_AVAILABLE = 28,
 }