• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.compat;
18 
19 import android.hardware.security.keymint.IKeyMintDevice;
20 import android.hardware.security.keymint.SecurityLevel;
21 import android.hardware.security.secureclock.ISecureClock;
22 import android.hardware.security.sharedsecret.ISharedSecret;
23 
24 /**
25  * The compatibility service allows Keystore 2.0 to connect to legacy wrapper implementations that
26  * it hosts itself without registering them as a service. Keystore 2.0 would not be allowed to
27  * register a HAL service, so instead it registers this service which it can then connect to.
28  * @hide
29  */
30 interface IKeystoreCompatService {
31     /**
32      * Return an implementation of IKeyMintDevice, that it implemented by Keystore 2.0 itself.
33      * The underlying implementation depends on the requested securityLevel:
34      * - TRUSTED_ENVIRONMENT or STRONGBOX: implementation is by means of a hardware-backed
35      *   Keymaster 4.x instance. In this case, the returned device supports version 1 of
36      *   the IKeyMintDevice interface, with some small omissions:
37      *     - KeyPurpose::ATTEST_KEY is not supported (b/216437537)
38      *     - Specification of the MGF1 digest for RSA-OAEP is not supported (b/216436980)
39      *     - Specification of CERTIFICATE_{SUBJECT,SERIAL} is not supported for keys attested
40      *       by hardware (b/216468666).
41      * - SOFTWARE: implementation is entirely software based.  In this case, the returned device
42      *   supports the current version of the IKeyMintDevice interface.
43      */
getKeyMintDevice(SecurityLevel securityLevel)44     IKeyMintDevice getKeyMintDevice (SecurityLevel securityLevel);
45 
46     /**
47      * Returns an implementation of ISecureClock, that is implemented by Keystore 2.0 itself
48      * by means of Keymaster 4.x.
49      */
getSecureClock()50     ISecureClock getSecureClock ();
51 
52     /**
53      * Returns an implementation of ISharedSecret, that is implemented by Keystore 2.0 itself
54      * by means of Keymaster 4.x.
55      */
getSharedSecret(SecurityLevel securityLevel)56     ISharedSecret getSharedSecret (SecurityLevel securityLevel);
57 }
58