Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 245b8c64 authored by Karuna Wadhera's avatar Karuna Wadhera Committed by David Drysdale
Browse files

Add getSupplementaryAttestationInfo 

Allows clients to retrieve information required to interpret certain
attested values found in the attestation certificate.

Currently only relevant for Tag::MODULE_HASH, for which it returns the
encoded structure whose hash ends up in the attestation certificate.

Bug: 369375199
Test: treehugger
API-Coverage-Bug: 378549695
Flag: android.security.keystore2.attest_modules
Flag: build.RELEASE_ATTEST_MODULES
Change-Id: I7195aaca849eb53e603565a470b780ba91b3ec2c
Merged-In: I2bac10ad148279ea3aa3907a982a3e598502c788
Ignore-AOSP-First: aosp/3341662 had an incorrect Merged-In and so didn't
  get merged to internal main properly.
parent f2290c21

core/api/current.txt

+2 −0
Original line number Diff line number Diff line
@@ -40873,8 +40873,10 @@ package android.security.keystore { 
    method @NonNull public java.util.List<java.security.cert.X509Certificate> getGrantedCertificateChainFromId(long) throws android.security.keystore.KeyPermanentlyInvalidatedException, java.security.UnrecoverableKeyException;

    method @NonNull public java.security.Key getGrantedKeyFromId(long) throws android.security.keystore.KeyPermanentlyInvalidatedException, java.security.UnrecoverableKeyException;

    method @NonNull public java.security.KeyPair getGrantedKeyPairFromId(long) throws android.security.keystore.KeyPermanentlyInvalidatedException, java.security.UnrecoverableKeyException;

    method @FlaggedApi("android.security.keystore2.attest_modules") @NonNull public byte[] getSupplementaryAttestationInfo(int) throws android.security.KeyStoreException;

    method public long grantKeyAccess(@NonNull String, int) throws android.security.KeyStoreException, java.security.UnrecoverableKeyException;

    method public void revokeKeyAccess(@NonNull String, int) throws android.security.KeyStoreException, java.security.UnrecoverableKeyException;

    field public static final int MODULE_HASH = -1879047468; // 0x900002d4

  }















  public class SecureKeyImportUnavailableException extends java.security.ProviderException {

























keystore/java/Android.bp



+8
−0




























Original line number
Diff line number
Diff line








@@ -13,5 +13,13 @@ filegroup {













        "**/*.java",















        "**/*.aidl",















    ],













    exclude_srcs: select(release_flag("RELEASE_ATTEST_MODULES"), {













        true: [













            "android/security/KeyStore2HalCurrent.java",













        ],













        default: [













            "android/security/KeyStore2HalLatest.java",













        ],













    }),















    visibility: ["//frameworks/base"],















}
























keystore/java/android/security/KeyStore2.java



+13
−1




























Original line number
Diff line number
Diff line








@@ -101,7 +101,7 @@ public class KeyStore2 {













        R execute(IKeystoreService service) throws RemoteException;















    }





























    private <R> R handleRemoteExceptionWithRetry(@NonNull CheckedRemoteRequest<R> request)













    <R> R handleRemoteExceptionWithRetry(@NonNull CheckedRemoteRequest<R> request)















            throws KeyStoreException {















        IKeystoreService service = getService(false /* retryLookup */);















        boolean firstTry = true;










@@ -369,6 +369,18 @@ public class KeyStore2 {













        }















    }





























    /**













     * Returns tag-specific info required to interpret a tag's attested value.













     * @see IKeystoreService#getSupplementaryAttestationInfo(Tag) for more details.













     * @param tag













     * @return













     * @throws KeyStoreException













     * @hide













     */













    public byte[] getSupplementaryAttestationInfo(int tag) throws KeyStoreException {













        return KeyStore2HalVersion.getSupplementaryAttestationInfoHelper(tag, this);













    }





























    static KeyStoreException getKeyStoreException(int errorCode, String serviceErrorMessage) {















        if (errorCode > 0) {















            // KeyStore layer error

































keystore/java/android/security/KeyStore2HalCurrent.java
0 → 100644



+30
−0




























Original line number
Diff line number
Diff line













/*













 * Copyright (C) 2024 The Android Open Source Project













 *













 * Licensed under the Apache License, Version 2.0 (the "License");













 * you may not use this file except in compliance with the License.













 * You may obtain a copy of the License at













 *













 *      http://www.apache.org/licenses/LICENSE-2.0













 *













 * Unless required by applicable law or agreed to in writing, software













 * distributed under the License is distributed on an "AS IS" BASIS,













 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.













 * See the License for the specific language governing permissions and













 * limitations under the License.













 */



























package android.security;



























/**













 * @hide This class is necessary to allow the version of the AIDL interface for Keystore and













* KeyMint used in KeyStore2.java to differ by BUILD flag `RELEASE_ATTEST_MODULES`. When













* `RELEASE_ATTEST_MODULES` is not set, this file is included, and the current HALs for Keystore













* (V4) and KeyMint (V3) are used.













*/













class KeyStore2HalVersion {













    public static byte[] getSupplementaryAttestationInfoHelper(int tag, KeyStore2 ks)













            throws KeyStoreException {













        return new byte[0];













    }













}
























keystore/java/android/security/KeyStore2HalLatest.java
0 → 100644



+31
−0




























Original line number
Diff line number
Diff line













/*













 * Copyright (C) 2024 The Android Open Source Project













 *













 * Licensed under the Apache License, Version 2.0 (the "License");













 * you may not use this file except in compliance with the License.













 * You may obtain a copy of the License at













 *













 *      http://www.apache.org/licenses/LICENSE-2.0













 *













 * Unless required by applicable law or agreed to in writing, software













 * distributed under the License is distributed on an "AS IS" BASIS,













 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.













 * See the License for the specific language governing permissions and













 * limitations under the License.













 */



























package android.security;



























/**













 * @hide This class is necessary to allow the version of the AIDL interface for Keystore and













* KeyMint used in KeyStore2.java to differ by BUILD flag `RELEASE_ATTEST_MODULES`. When













* `RELEASE_ATTEST_MODULES` is set, this file is included, and the latest HALs for Keystore (V5)













* and KeyMint (V4) are used.













*/













class KeyStore2HalVersion {













    public static byte[] getSupplementaryAttestationInfoHelper(int tag, KeyStore2 ks)













            throws KeyStoreException {













        return ks.handleRemoteExceptionWithRetry(













            (service) -> service.getSupplementaryAttestationInfo(tag));













    }













}