1/**
2 * Copyright (c) 2015, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *     http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19import android.security.keymaster.ExportResult;
20import android.security.keymaster.KeyCharacteristics;
21import android.security.keymaster.KeymasterArguments;
22import android.security.keymaster.KeymasterCertificateChain;
23import android.security.keymaster.KeymasterBlob;
24import android.security.keymaster.OperationResult;
25import android.security.KeystoreArguments;
26
27/**
28 * This must be kept manually in sync with system/security/keystore until AIDL
29 * can generate both Java and C++ bindings.
30 *
31 * @hide
32 */
33interface IKeystoreService {
34    int getState(int userId);
35    byte[] get(String name, int uid);
36    int insert(String name, in byte[] item, int uid, int flags);
37    int del(String name, int uid);
38    int exist(String name, int uid);
39    String[] list(String namePrefix, int uid);
40    int reset();
41    int onUserPasswordChanged(int userId, String newPassword);
42    int lock(int userId);
43    int unlock(int userId, String userPassword);
44    int isEmpty(int userId);
45    int generate(String name, int uid, int keyType, int keySize, int flags,
46        in KeystoreArguments args);
47    int import_key(String name, in byte[] data, int uid, int flags);
48    byte[] sign(String name, in byte[] data);
49    int verify(String name, in byte[] data, in byte[] signature);
50    byte[] get_pubkey(String name);
51    int grant(String name, int granteeUid);
52    int ungrant(String name, int granteeUid);
53    long getmtime(String name, int uid);
54    int duplicate(String srcKey, int srcUid, String destKey, int destUid);
55    int is_hardware_backed(String string);
56    int clear_uid(long uid);
57
58    // Keymaster 0.4 methods
59    int addRngEntropy(in byte[] data);
60    int generateKey(String alias, in KeymasterArguments arguments, in byte[] entropy, int uid,
61        int flags, out KeyCharacteristics characteristics);
62    int getKeyCharacteristics(String alias, in KeymasterBlob clientId, in KeymasterBlob appId,
63        int uid, out KeyCharacteristics characteristics);
64    int importKey(String alias, in KeymasterArguments arguments, int format,
65        in byte[] keyData, int uid, int flags, out KeyCharacteristics characteristics);
66    ExportResult exportKey(String alias, int format, in KeymasterBlob clientId,
67        in KeymasterBlob appId, int uid);
68    OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable,
69        in KeymasterArguments params, in byte[] entropy, int uid);
70    OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input);
71    OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature,
72        in byte[] entropy);
73    int abort(IBinder handle);
74    boolean isOperationAuthorized(IBinder token);
75    int addAuthToken(in byte[] authToken);
76    int onUserAdded(int userId, int parentId);
77    int onUserRemoved(int userId);
78    int attestKey(String alias, in KeymasterArguments params, out KeymasterCertificateChain chain);
79}
80