17a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker/** 27a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * Copyright (c) 2015, The Android Open Source Project 37a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * 47a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * Licensed under the Apache License, Version 2.0 (the "License"); 57a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * you may not use this file except in compliance with the License. 67a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * You may obtain a copy of the License at 77a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * 87a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * http://www.apache.org/licenses/LICENSE-2.0 97a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * 107a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * Unless required by applicable law or agreed to in writing, software 117a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * distributed under the License is distributed on an "AS IS" BASIS, 127a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 137a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * See the License for the specific language governing permissions and 147a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * limitations under the License. 157a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker */ 167a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker 177a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubakerpackage android.security; 187a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker 1945ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubakerimport android.security.keymaster.ExportResult; 2045ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubakerimport android.security.keymaster.KeyCharacteristics; 2145ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubakerimport android.security.keymaster.KeymasterArguments; 228d8c7477746c357d54f586fc92e8d422a4fc6441Shawn Willdenimport android.security.keymaster.KeymasterCertificateChain; 235e73c0eec2bc77222a5a87fb2a135d8303836411Chad Brubakerimport android.security.keymaster.KeymasterBlob; 2445ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubakerimport android.security.keymaster.OperationResult; 257a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubakerimport android.security.KeystoreArguments; 267a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker 277a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker/** 287a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * This must be kept manually in sync with system/security/keystore until AIDL 297a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * can generate both Java and C++ bindings. 307a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * 317a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker * @hide 327a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker */ 337a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubakerinterface IKeystoreService { 34d8aacca3a197f65021e9b520807b7315b7a59d68Chad Brubaker int getState(int userId); 355bbf04803f050296a6deab10a3c7104743c4e38cChad Brubaker byte[] get(String name, int uid); 367a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int insert(String name, in byte[] item, int uid, int flags); 377a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int del(String name, int uid); 387a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int exist(String name, int uid); 39d8aacca3a197f65021e9b520807b7315b7a59d68Chad Brubaker String[] list(String namePrefix, int uid); 407a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int reset(); 41d88fffa58de65e71f46f5da6b4cdd07f6cd5ab30Chad Brubaker int onUserPasswordChanged(int userId, String newPassword); 42d8aacca3a197f65021e9b520807b7315b7a59d68Chad Brubaker int lock(int userId); 43d88fffa58de65e71f46f5da6b4cdd07f6cd5ab30Chad Brubaker int unlock(int userId, String userPassword); 44d8aacca3a197f65021e9b520807b7315b7a59d68Chad Brubaker int isEmpty(int userId); 457a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int generate(String name, int uid, int keyType, int keySize, int flags, 467a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker in KeystoreArguments args); 477a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int import_key(String name, in byte[] data, int uid, int flags); 487a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker byte[] sign(String name, in byte[] data); 497a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int verify(String name, in byte[] data, in byte[] signature); 507a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker byte[] get_pubkey(String name); 517a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int grant(String name, int granteeUid); 527a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int ungrant(String name, int granteeUid); 535bbf04803f050296a6deab10a3c7104743c4e38cChad Brubaker long getmtime(String name, int uid); 547a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int duplicate(String srcKey, int srcUid, String destKey, int destUid); 557a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int is_hardware_backed(String string); 567a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker int clear_uid(long uid); 5745ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubaker 5845ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubaker // Keymaster 0.4 methods 5945ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubaker int addRngEntropy(in byte[] data); 60dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker int generateKey(String alias, in KeymasterArguments arguments, in byte[] entropy, int uid, 61dae79e540844741fc35c648efe8bbb00fc8ab781Chad Brubaker int flags, out KeyCharacteristics characteristics); 625e73c0eec2bc77222a5a87fb2a135d8303836411Chad Brubaker int getKeyCharacteristics(String alias, in KeymasterBlob clientId, in KeymasterBlob appId, 635bbf04803f050296a6deab10a3c7104743c4e38cChad Brubaker int uid, out KeyCharacteristics characteristics); 6445ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubaker int importKey(String alias, in KeymasterArguments arguments, int format, 6545ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubaker in byte[] keyData, int uid, int flags, out KeyCharacteristics characteristics); 665e73c0eec2bc77222a5a87fb2a135d8303836411Chad Brubaker ExportResult exportKey(String alias, int format, in KeymasterBlob clientId, 675bbf04803f050296a6deab10a3c7104743c4e38cChad Brubaker in KeymasterBlob appId, int uid); 6845ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubaker OperationResult begin(IBinder appToken, String alias, int purpose, boolean pruneable, 695bbf04803f050296a6deab10a3c7104743c4e38cChad Brubaker in KeymasterArguments params, in byte[] entropy, int uid); 7045ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubaker OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input); 719ce30624a448f439e19960d0dd88103c04676e7dChad Brubaker OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature, 729ce30624a448f439e19960d0dd88103c04676e7dChad Brubaker in byte[] entropy); 7345ff13ea28005b5af0caa80dbdeb09d49bd73fafChad Brubaker int abort(IBinder handle); 745654b36b4667431e49d27c07a06d275656071e75Chad Brubaker boolean isOperationAuthorized(IBinder token); 755654b36b4667431e49d27c07a06d275656071e75Chad Brubaker int addAuthToken(in byte[] authToken); 7631c2897105e6d71f8e6edeab312d2147bbdbaeb1Chad Brubaker int onUserAdded(int userId, int parentId); 7731c2897105e6d71f8e6edeab312d2147bbdbaeb1Chad Brubaker int onUserRemoved(int userId); 788d8c7477746c357d54f586fc92e8d422a4fc6441Shawn Willden int attestKey(String alias, in KeymasterArguments params, out KeymasterCertificateChain chain); 79237f4b369bfd8021882007d103b9921fca789263Bartosz Fabianowski int attestDeviceIds(in KeymasterArguments params, out KeymasterCertificateChain chain); 80b32aae2a46bc3678e11c7f0ca88e01a192829490Tucker Sylvestro int onDeviceOffBody(); 817a2c973db7756a60f1cdd6cf67411115c1576081Chad Brubaker} 82