Merge "IRemotelyProvisionedComponent returns DeviceInfo" am: 459bf527

/*

 * Copyright (C) 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

///////////////////////////////////////////////////////////////////////////////

// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //

///////////////////////////////////////////////////////////////////////////////

// This file is a snapshot of an AIDL file. Do not edit it manually. There are

// two cases:

// 1). this is a frozen version file - do not edit this in any case.

// 2). this is a 'current' file. If you make a backwards compatible change to

//     the interface (from the latest frozen version), the build system will

//     prompt you to update this file with `m <name>-update-api`.

//

// You must not make a backward incompatible change to any AIDL file built

// with the aidl_interface module type with versions property set. The module

// type is used to build AIDL files in a way that they can be used across

// independently updatable components of the system. If a device is shipped

// with such a backward incompatible change, it has a high risk of breaking

// later when a module using the interface is updated, e.g., Mainline modules.

package android.hardware.security.keymint;

/* @hide */

@VintfStability

parcelable DeviceInfo {

  byte[] deviceInfo;

}

@VintfStability

interface IRemotelyProvisionedComponent {

  byte[] generateEcdsaP256KeyPair(in boolean testMode, out android.hardware.security.keymint.MacedPublicKey macedPublicKey);

  void generateCertificateRequest(in boolean testMode, in android.hardware.security.keymint.MacedPublicKey[] keysToSign, in byte[] endpointEncryptionCertChain, in byte[] challenge, out byte[] keysToSignMac, out android.hardware.security.keymint.ProtectedData protectedData);

  byte[] generateCertificateRequest(in boolean testMode, in android.hardware.security.keymint.MacedPublicKey[] keysToSign, in byte[] endpointEncryptionCertChain, in byte[] challenge, out android.hardware.security.keymint.DeviceInfo deviceInfo, out android.hardware.security.keymint.ProtectedData protectedData);

  const int STATUS_FAILED = 1;

  const int STATUS_INVALID_MAC = 2;

  const int STATUS_PRODUCTION_KEY_IN_TEST_REQUEST = 3;

/*

 * Copyright (C) 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.hardware.security.keymint;

/**

 * DeviceInfo contains information about the device that's fed in as AAD in the signature of the

 * device private key over the MAC key used for the bundle of public keys. These values are intended

 * to be checked by the server to verify that the certificate signing request crafted by

 * an IRemotelyProvisionedComponent HAL instance is coming from the expected device based

 * on values initially uploaded during device manufacture in the factory.

 * @hide

 */

@VintfStability

parcelable DeviceInfo {

    /**

     * DeviceInfo is a CBOR Map structure described by the following CDDL.

     *

     *     DeviceInfo = {

     *         ? "brand" : tstr,

     *         ? "manufacturer" : tstr,

     *         ? "product" : tstr,

     *         ? "model" : tstr,

     *         ? "board" : tstr,

     *         ? "vb_state" : "green" / "yellow" / "orange",    // Taken from the AVB values

     *         ? "bootloader_state" : "locked" / "unlocked",    // Taken from the AVB values

     *         ? "os_version" : tstr,                    // Same as android.os.Build.VERSION.release

     *         ? "system_patch_level" : uint,                   // YYYYMMDD

     *         ? "boot_patch_level" : uint,                     // YYYYMMDD

     *         ? "vendor_patch_level" : uint,                   // YYYYMMDD

     *     }

     */

    byte[] deviceInfo;

}

package android.hardware.security.keymint;

import android.hardware.security.keymint.DeviceInfo;

import android.hardware.security.keymint.MacedPublicKey;

import android.hardware.security.keymint.ProtectedData;

     * @param out ProtectedData contains the encrypted BCC and the ephemeral MAC key used to

     *        authenticate the keysToSign (see keysToSignMac output argument).

     */

    void generateCertificateRequest(in boolean testMode, in MacedPublicKey[] keysToSign,

            in byte[] endpointEncryptionCertChain, in byte[] challenge, out byte[] keysToSignMac,

    byte[] generateCertificateRequest(in boolean testMode, in MacedPublicKey[] keysToSign,

            in byte[] endpointEncryptionCertChain, in byte[] challenge, out DeviceInfo deviceInfo,

            out ProtectedData protectedData);

}

ScopedAStatus RemotelyProvisionedComponent::generateCertificateRequest(

        bool testMode, const vector<MacedPublicKey>& keysToSign,

        const bytevec& endpointEncCertChain, const bytevec& challenge, bytevec* keysToSignMac,

        ProtectedData* protectedData) {

        const bytevec& endpointEncCertChain, const bytevec& challenge, DeviceInfo* deviceInfo,

        ProtectedData* protectedData, bytevec* keysToSignMac) {

    auto pubKeysToSign = validateAndExtractPubkeys(testMode, keysToSign,

                                                   testMode ? remote_prov::kTestMacKey : macKey_);

    if (!pubKeysToSign.isOk()) return pubKeysToSign.moveError();

        bcc = bcc_.clone();

    }

    deviceInfo->deviceInfo = createDeviceInfo();

    auto signedMac = constructCoseSign1(devicePrivKey /* Signing key */,  //

                                        ephemeralMacKey /* Payload */,

                                        cppbor::Array() /* AAD */

                                                .add(challenge)

                                                .add(createDeviceInfo())

                                                .add(deviceInfo->deviceInfo)

                                                .encode());

    if (!signedMac) return Status(signedMac.moveMessage());