1/*
2 * Copyright 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.system.wifi.keystore@1.0;
18
19/**
20 * This is the root of the HAL module and is the interface returned when
21 * loading an implementation of the Wi-Fi HAL. There must be at most one
22 * module loaded in the system.
23 */
24interface IKeystore {
25  /**
26   * Return values for Keystore requests.
27   */
28  enum KeystoreStatusCode : uint32_t {
29    /** No errors. */
30    SUCCESS,
31    ERROR_UNKNOWN
32  };
33
34  /**
35   * Requests a binary blob from the keystore's key-value store.
36   *
37   * @param key the key into the keystore.
38   * @return status KeystoreStatusCode of the operation.
39   *         Possible status codes:
40   *         |KeystoreStatusCode.SUCCESS|,
41   *         |KeystoreStatusCode.ERROR_UNKNOWN|
42   * @return value the value associated with |key| in the keystore.
43   */
44  getBlob(string key)
45      generates (KeystoreStatusCode status, vec<uint8_t> value);
46
47  /**
48   * Requests the public key associated with the credential referred to by
49   * |keyId|.
50   *
51   * @param keyId the key identifier associated with the credential.
52   * @return status KeystoreStatusCode of the operation.
53   *         Possible status codes:
54   *         |KeystoreStatusCode.SUCCESS|,
55   *         |KeystoreStatusCode.ERROR_UNKNOWN|
56   * @return publicKey the public key associated with the credential.
57   */
58  getPublicKey(string keyId)
59      generates (KeystoreStatusCode status, vec<uint8_t> publicKey);
60
61  /**
62   * Signs the digest in |dataToSign| with the private key associated with
63   * the credential identified by |keyId|.  This is a raw RSA or ECDSA
64   * operation that assumes |dataToSign| is already propertly digested and
65   * padded if necessary for the type of key.
66   *
67   * @param keyId the key identifier associated with the credential.
68   * @return status KeystoreStatusCode of the operation.
69   *         Possible status codes:
70   *         |KeystoreStatusCode.SUCCESS|,
71   *         |KeystoreStatusCode.UNKNOWN|
72   * @return signedData the signed data.
73   */
74  sign(string keyId, vec<uint8_t> dataToSign)
75      generates (KeystoreStatusCode status, vec<uint8_t> signedData);
76};
77