hwcrypto: Moving hwcrypto files out of staging
Moving hwcrypto AIDL files out of staging folder. Marking
stability of files as vintf.
Bug: 284152719
Test: qemu android build
Change-Id: I57c2b618085fa1975305f2f1e5f7572d92ef97ac
diff --git a/security/see/hwcrypto/aidl/Android.bp b/security/see/hwcrypto/aidl/Android.bp
new file mode 100644
index 0000000..e15f494
--- /dev/null
+++ b/security/see/hwcrypto/aidl/Android.bp
@@ -0,0 +1,34 @@
+package {
+ // See: http://go/android-license-faq
+ // A large-scale-change added 'default_applicable_licenses' to import
+ // all of the 'license_kinds' from "hardware_interfaces_license"
+ // to get the below license kinds:
+ // SPDX-license-identifier-Apache-2.0
+ default_applicable_licenses: ["hardware_interfaces_license"],
+}
+
+aidl_interface {
+ name: "android.hardware.security.see.hwcrypto",
+ stability: "vintf",
+ host_supported: true,
+ srcs: [
+ "android/hardware/security/see/hwcrypto/*.aidl",
+ "android/hardware/security/see/hwcrypto/types/*.aidl",
+ ],
+ backend: {
+ java: {
+ enabled: false,
+ },
+ cpp: {
+ enabled: true,
+ },
+ rust: {
+ enabled: true,
+ },
+ ndk: {
+ enabled: true,
+ },
+ },
+ frozen: false,
+ system_ext_specific: true,
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
new file mode 100644
index 0000000..fd2904b
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+union CryptoOperation {
+ android.hardware.security.see.hwcrypto.MemoryBufferParameter setMemoryBuffer;
+ android.hardware.security.see.hwcrypto.OperationParameters setOperationParameters;
+ android.hardware.security.see.hwcrypto.PatternParameters setPattern;
+ android.hardware.security.see.hwcrypto.types.OperationData copyData;
+ android.hardware.security.see.hwcrypto.types.OperationData aadInput;
+ android.hardware.security.see.hwcrypto.types.OperationData dataInput;
+ android.hardware.security.see.hwcrypto.types.OperationData dataOutput;
+ @nullable android.hardware.security.see.hwcrypto.types.Void finish;
+ @nullable android.hardware.security.see.hwcrypto.types.Void destroyContext;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
new file mode 100644
index 0000000..66bed55
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+parcelable CryptoOperationErrorAdditionalInfo {
+ long failingCommandIndex;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
new file mode 100644
index 0000000..7996b9a
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+parcelable CryptoOperationResult {
+ @nullable android.hardware.security.see.hwcrypto.ICryptoOperationContext context;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
new file mode 100644
index 0000000..75bb0dc
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+parcelable CryptoOperationSet {
+ @nullable android.hardware.security.see.hwcrypto.ICryptoOperationContext context;
+ android.hardware.security.see.hwcrypto.CryptoOperation[] operations;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
new file mode 100644
index 0000000..7646656
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+interface ICryptoOperationContext {
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
new file mode 100644
index 0000000..83b8496
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+interface IHwCryptoKey {
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey);
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundKeyResult deriveDicePolicyBoundKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKey deriveKey(in android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKeyParameters parameters);
+ android.hardware.security.see.hwcrypto.IHwCryptoOperations getHwCryptoOperations();
+ android.hardware.security.see.hwcrypto.IOpaqueKey importClearKey(in android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial keyMaterial, in android.hardware.security.see.hwcrypto.KeyPolicy newKeyPolicy);
+ byte[] getCurrentDicePolicy();
+ android.hardware.security.see.hwcrypto.IOpaqueKey keyTokenImport(in android.hardware.security.see.hwcrypto.types.OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
+ android.hardware.security.see.hwcrypto.IOpaqueKey getKeyslotData(android.hardware.security.see.hwcrypto.IHwCryptoKey.KeySlot slotId);
+ enum DeviceKeyId {
+ DEVICE_BOUND_KEY,
+ BATCH_KEY,
+ }
+ enum KeySlot {
+ KEYMINT_SHARED_HMAC_KEY,
+ }
+ union DiceBoundDerivationKey {
+ android.hardware.security.see.hwcrypto.IOpaqueKey opaqueKey;
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DeviceKeyId keyId;
+ }
+ parcelable DiceCurrentBoundKeyResult {
+ android.hardware.security.see.hwcrypto.IOpaqueKey diceBoundKey;
+ byte[] dicePolicyForKeyVersion;
+ }
+ parcelable DiceBoundKeyResult {
+ android.hardware.security.see.hwcrypto.IOpaqueKey diceBoundKey;
+ boolean dicePolicyWasCurrent;
+ }
+ parcelable ClearKeyPolicy {
+ int keySizeBytes;
+ }
+ union DerivedKeyPolicy {
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.ClearKeyPolicy clearKey;
+ byte[] opaqueKey;
+ }
+ parcelable DerivedKeyParameters {
+ android.hardware.security.see.hwcrypto.IOpaqueKey derivationKey;
+ android.hardware.security.see.hwcrypto.IHwCryptoKey.DerivedKeyPolicy keyPolicy;
+ byte[] context;
+ }
+ union DerivedKey {
+ byte[] explicitKey = {};
+ android.hardware.security.see.hwcrypto.IOpaqueKey opaque;
+ }
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
new file mode 100644
index 0000000..7c87dd3
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+interface IHwCryptoOperations {
+ android.hardware.security.see.hwcrypto.CryptoOperationResult[] processCommandList(inout android.hardware.security.see.hwcrypto.CryptoOperationSet[] operations, out android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo additionalErrorInfo);
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
new file mode 100644
index 0000000..1121f01
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+interface IOpaqueKey {
+ byte[] exportWrappedKey(in android.hardware.security.see.hwcrypto.IOpaqueKey wrappingKey);
+ android.hardware.security.see.hwcrypto.KeyPolicy getKeyPolicy();
+ byte[] getPublicKey();
+ android.hardware.security.see.hwcrypto.types.OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
+ void setProtectionId(in android.hardware.security.see.hwcrypto.types.ProtectionId protectionId, in android.hardware.security.see.hwcrypto.types.OperationType[] allowedOperations);
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
new file mode 100644
index 0000000..ca114c3
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+parcelable KeyPolicy {
+ android.hardware.security.see.hwcrypto.types.KeyUse usage;
+ android.hardware.security.see.hwcrypto.types.KeyLifetime keyLifetime = android.hardware.security.see.hwcrypto.types.KeyLifetime.EPHEMERAL;
+ android.hardware.security.see.hwcrypto.types.KeyPermissions[] keyPermissions;
+ boolean keyManagementKey;
+ android.hardware.security.see.hwcrypto.types.KeyType keyType = android.hardware.security.see.hwcrypto.types.KeyType.AES_256_GCM;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
new file mode 100644
index 0000000..1c49297
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+parcelable MemoryBufferParameter {
+ android.hardware.security.see.hwcrypto.MemoryBufferParameter.MemoryBuffer bufferHandle;
+ int sizeBytes;
+ union MemoryBuffer {
+ ParcelFileDescriptor input;
+ ParcelFileDescriptor output;
+ }
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
new file mode 100644
index 0000000..d6f57ab
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/OperationParameters.aidl
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+union OperationParameters {
+ android.hardware.security.see.hwcrypto.types.SymmetricAuthOperationParameters symmetricAuthCrypto;
+ android.hardware.security.see.hwcrypto.types.SymmetricOperationParameters symmetricCrypto;
+ android.hardware.security.see.hwcrypto.types.HmacOperationParameters hmac;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
new file mode 100644
index 0000000..7b9924e
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/PatternParameters.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto;
+@VintfStability
+parcelable PatternParameters {
+ long numberBlocksProcess;
+ long numberBlocksCopy;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
new file mode 100644
index 0000000..6ad2c09
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+union AesCipherMode {
+ android.hardware.security.see.hwcrypto.types.CipherModeParameters cbc;
+ android.hardware.security.see.hwcrypto.types.CipherModeParameters ctr;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
new file mode 100644
index 0000000..68ad142
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+union AesGcmMode {
+ android.hardware.security.see.hwcrypto.types.AesGcmMode.AesGcmModeParameters gcmTag16;
+ parcelable AesGcmModeParameters {
+ byte[12] nonce;
+ }
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
new file mode 100644
index 0000000..78b1ff8
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/AesKey.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+union AesKey {
+ byte[16] aes128 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ byte[32] aes256;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
new file mode 100644
index 0000000..83713ff
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+parcelable CipherModeParameters {
+ byte[16] nonce;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
new file mode 100644
index 0000000..45cb234
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+union ExplicitKeyMaterial {
+ android.hardware.security.see.hwcrypto.types.AesKey aes;
+ android.hardware.security.see.hwcrypto.types.HmacKey hmac;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
new file mode 100644
index 0000000..969e9c8
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+parcelable HalErrorCode {
+ const int NO_ERROR = 0;
+ const int GENERIC_ERROR = (-1) /* -1 */;
+ const int BAD_STATE = (-2) /* -2 */;
+ const int UNSUPPORTED = (-3) /* -3 */;
+ const int SERIALIZATION_ERROR = (-4) /* -4 */;
+ const int ALLOCATION_ERROR = (-5) /* -5 */;
+ const int INVALID_KEY = (-6) /* -6 */;
+ const int BAD_PARAMETER = (-7) /* -7 */;
+ const int UNAUTHORIZED = (-8) /* -8 */;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
new file mode 100644
index 0000000..4d4e65d
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+union HmacKey {
+ byte[32] sha256 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+ byte[64] sha512;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
new file mode 100644
index 0000000..33a518d
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+parcelable HmacOperationParameters {
+ android.hardware.security.see.hwcrypto.IOpaqueKey key;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
new file mode 100644
index 0000000..ddee337
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@Backing(type="byte") @VintfStability
+enum KeyLifetime {
+ EPHEMERAL,
+ HARDWARE,
+ PORTABLE,
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
new file mode 100644
index 0000000..919be32
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+enum KeyPermissions {
+ ALLOW_EPHEMERAL_KEY_WRAPPING,
+ ALLOW_HARDWARE_KEY_WRAPPING,
+ ALLOW_PORTABLE_KEY_WRAPPING,
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
new file mode 100644
index 0000000..07a7ce4
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyType.aidl
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+enum KeyType {
+ AES_128_CBC_NO_PADDING,
+ AES_128_CBC_PKCS7_PADDING,
+ AES_128_CTR,
+ AES_128_GCM,
+ AES_128_CMAC,
+ AES_256_CBC_NO_PADDING,
+ AES_256_CBC_PKCS7_PADDING,
+ AES_256_CTR,
+ AES_256_GCM,
+ AES_256_CMAC,
+ HMAC_SHA256,
+ HMAC_SHA512,
+ RSA2048_PSS_SHA256,
+ RSA2048_PKCS1_5_SHA256,
+ ECC_NIST_P256_SIGN_NO_PADDING,
+ ECC_NIST_P256_SIGN_SHA256,
+ ECC_NIST_P521_SIGN_NO_PADDING,
+ ECC_NIST_P521_SIGN_SHA512,
+ ECC_ED25519_SIGN,
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
new file mode 100644
index 0000000..b607fd5
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@Backing(type="int") @VintfStability
+enum KeyUse {
+ ENCRYPT = 1,
+ DECRYPT = 2,
+ ENCRYPT_DECRYPT = (ENCRYPT | DECRYPT) /* 3 */,
+ SIGN = 4,
+ DERIVE = 8,
+ WRAP = 16,
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
new file mode 100644
index 0000000..184e21f
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@RustDerive(Clone=true, Copy=true) @VintfStability
+parcelable MemoryBufferReference {
+ int startOffset;
+ int sizeBytes;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
new file mode 100644
index 0000000..6dfefcb
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+parcelable OpaqueKeyToken {
+ byte[] keyToken;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
new file mode 100644
index 0000000..858ef1c
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationData.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+union OperationData {
+ android.hardware.security.see.hwcrypto.types.MemoryBufferReference memoryBufferReference;
+ byte[] dataBuffer;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
new file mode 100644
index 0000000..03c2bba
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/OperationType.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+enum OperationType {
+ READ,
+ WRITE,
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
new file mode 100644
index 0000000..cb963ee
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+enum ProtectionId {
+ WIDEVINE_OUTPUT_BUFFER = 1,
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
new file mode 100644
index 0000000..e42190e
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+union SymmetricAuthCryptoParameters {
+ android.hardware.security.see.hwcrypto.types.AesGcmMode aes;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
new file mode 100644
index 0000000..78c4a4f
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+parcelable SymmetricAuthOperationParameters {
+ android.hardware.security.see.hwcrypto.IOpaqueKey key;
+ android.hardware.security.see.hwcrypto.types.SymmetricOperation direction;
+ android.hardware.security.see.hwcrypto.types.SymmetricAuthCryptoParameters parameters;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
new file mode 100644
index 0000000..8fd5e85
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+union SymmetricCryptoParameters {
+ android.hardware.security.see.hwcrypto.types.AesCipherMode aes;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
new file mode 100644
index 0000000..40fd2d5
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+enum SymmetricOperation {
+ ENCRYPT,
+ DECRYPT,
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
new file mode 100644
index 0000000..7007074
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
@@ -0,0 +1,40 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+parcelable SymmetricOperationParameters {
+ android.hardware.security.see.hwcrypto.IOpaqueKey key;
+ android.hardware.security.see.hwcrypto.types.SymmetricOperation direction;
+ android.hardware.security.see.hwcrypto.types.SymmetricCryptoParameters parameters;
+}
diff --git a/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
new file mode 100644
index 0000000..80c91ee
--- /dev/null
+++ b/security/see/hwcrypto/aidl/aidl_api/android.hardware.security.see.hwcrypto/current/android/hardware/security/see/hwcrypto/types/Void.aidl
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL file. Do not edit it manually. There are
+// two cases:
+// 1). this is a frozen version file - do not edit this in any case.
+// 2). this is a 'current' file. If you make a backwards compatible change to
+// the interface (from the latest frozen version), the build system will
+// prompt you to update this file with `m <name>-update-api`.
+//
+// You must not make a backward incompatible change to any AIDL file built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.security.see.hwcrypto.types;
+@VintfStability
+parcelable Void {
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
new file mode 100644
index 0000000..0859d2a
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperation.aidl
@@ -0,0 +1,89 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.MemoryBufferParameter;
+import android.hardware.security.see.hwcrypto.OperationParameters;
+import android.hardware.security.see.hwcrypto.PatternParameters;
+import android.hardware.security.see.hwcrypto.types.OperationData;
+import android.hardware.security.see.hwcrypto.types.Void;
+
+/*
+ * Type that describes the different operations that can be performed along with its required
+ * parameters. It will be used to construct a vector of operation that are executed sequentially.
+ */
+@VintfStability
+union CryptoOperation {
+ /*
+ * Sets a memory buffer to operate on. References to positions of this memory buffer can be used
+ * when setting the parameters for <code>UpdateAad</code>, <code>UpdateData</code>,
+ * <code>Finish</code> and <code>CopyData</code>.
+ */
+ MemoryBufferParameter setMemoryBuffer;
+
+ /*
+ * Sets the parameters for the current operation, for more info on specific parameters see
+ * <code>OperationParameters</code>.
+ */
+ OperationParameters setOperationParameters;
+
+ /*
+ * Sets the pattern for a decrypt type operation. A pattern is used to describe that the Input
+ * data provided is not completely encrypted, but that it has some blocks encrypted followed by
+ * some blocks in the clear. Currently it shall only be supported for cbcs mode as defined on
+ * IEC 23001-7:2016.
+ */
+ PatternParameters setPattern;
+
+ /*
+ * Copies data from input to output.
+ */
+ OperationData copyData;
+
+ /*
+ * Adds additional authenticated data. This type is only valid after a
+ * <code>SetOperationParameters</code> of type <code>SymmetricAuthOperationParameters</code>.
+ */
+ OperationData aadInput;
+
+ /*
+ * Adds data to the operation for processing. This type is only valid after a
+ * <code>SetOperationParameters</code> and it will trigger the operation, so output buffers
+ * need to be set first.
+ */
+ OperationData dataInput;
+
+ /*
+ * Adds output buffers to store results form the operation. This type is only valid after a
+ * <code>SetOperationParameters</code> and it needs to be done before calling
+ * <code>DataInput</code>
+ */
+ OperationData dataOutput;
+
+ /*
+ * Finalizes a cryptographic operation in flight. Because operations are initiated with a call
+ * to <code>SetOperationParameters</code>, a <code>finish</code> element is only valid after a
+ * <code>SetOperationParameters</code> element.
+ */
+ @nullable Void finish;
+
+ /*
+ * Specifies that we do not want to continue using this context anymore. The result of this
+ * call is that all resources are freed after finishing operating on the set of commands and no
+ * context is returned to the caller.
+ */
+ @nullable Void destroyContext;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
new file mode 100644
index 0000000..cc94b02
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationErrorAdditionalInfo.aidl
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+/*
+ * Type that provides more information about failures when processing a list of commands.
+ */
+@VintfStability
+parcelable CryptoOperationErrorAdditionalInfo {
+ /*
+ * Index indicating the first step of <code>CryptoOperationSet::operations</code> that failed
+ * when executing a set of commands. No more commands would have been executed after this.
+ */
+ long failingCommandIndex;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
new file mode 100644
index 0000000..5c3b81e
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationResult.aidl
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.ICryptoOperationContext;
+
+/*
+ * Type that describes the result of a set of crypto operations.
+ */
+@VintfStability
+parcelable CryptoOperationResult {
+ /*
+ * Token that can be passed on a CryptoOperationSet to issue more operations on the same context
+ * on future calls.
+ */
+ @nullable ICryptoOperationContext context;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
new file mode 100644
index 0000000..285ed36
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/CryptoOperationSet.aidl
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.CryptoOperation;
+import android.hardware.security.see.hwcrypto.ICryptoOperationContext;
+
+/*
+ * Type that describes a set of crypto operations to execute
+ */
+@VintfStability
+parcelable CryptoOperationSet {
+ /*
+ * Token to be used to issue the operations. If NULL, a new context will be created and
+ * returned.
+ */
+ @nullable ICryptoOperationContext context;
+
+ /*
+ * Set of operations to execute.
+ */
+ CryptoOperation[] operations;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
new file mode 100644
index 0000000..8cfa735
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/ICryptoOperationContext.aidl
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+/*
+ * Token that can be used to execute more commands when passed as an input on a
+ * <code>CryptoOperationSet::context</code> parcelable. It represents an operation being executed
+ * and is valid until a <code>CryptoOperation::Finish</code> is issued using the token. The
+ * operation in progress context includes any memory buffer previously mapped by a
+ * <code>CryptoOperation::SetMemoryBuffer</code> call.
+ */
+@VintfStability
+interface ICryptoOperationContext {}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
new file mode 100644
index 0000000..44ec32f
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.aidl
@@ -0,0 +1,298 @@
+/*
+ * Copyright 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.IHwCryptoOperations;
+import android.hardware.security.see.hwcrypto.IOpaqueKey;
+import android.hardware.security.see.hwcrypto.KeyPolicy;
+import android.hardware.security.see.hwcrypto.types.ExplicitKeyMaterial;
+import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
+
+/*
+ * Higher level interface to access and generate keys.
+ */
+@VintfStability
+interface IHwCryptoKey {
+ /*
+ * Identifier for the requested device provided key. The currently supported identifiers are:
+ *
+ */
+ enum DeviceKeyId {
+ /*
+ * This is a key unique to the device.
+ */
+ DEVICE_BOUND_KEY,
+ /*
+ * This is a shared by a set of devices.
+ */
+ BATCH_KEY,
+ }
+
+ /*
+ * Identifier for the requested key slot. The currently supported identifiers are:
+ *
+ */
+ enum KeySlot {
+ /*
+ * This is the shared HMAC key that will now be computed by HwCryptoKey after participating
+ * in the ISharedSecret protocol that can be shared with KeyMint and authenticators. See
+ * ISharedSecret.aidl for more information.
+ */
+ KEYMINT_SHARED_HMAC_KEY,
+ }
+
+ union DiceBoundDerivationKey {
+ /*
+ * Opaque to be used to derive the DICE bound key.
+ */
+ IOpaqueKey opaqueKey;
+
+ /*
+ * Device provided key to be used to derive the DICE bound key.
+ */
+ DeviceKeyId keyId;
+ }
+
+ parcelable DiceCurrentBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Current dice policy which was used to generate the returned key. This policy is opaque
+ * from this service perspective (it will be sent to an Authentication Manager Service to be
+ * verified). It follows the structure defined on DicePolicy.cddl, located under
+ * hardware/interfaces/security/authgraph/aidl/android/hardware/security/authgraph/ with the
+ * caveat that it could be encrypted if the client does not have enough permissions to see
+ * the device dice policy information.
+ */
+ byte[] dicePolicyForKeyVersion;
+ }
+
+ parcelable DiceBoundKeyResult {
+ /*
+ * Key cryptographically bound to a DICE policy.
+ */
+ IOpaqueKey diceBoundKey;
+
+ /*
+ * Indicates if the diceBoundKey returned was created using a current DICE policy. The
+ * caller can use this to detect if an old policy was provided and rotate its keys if so
+ * desired. Old, valid policies remain usable, but care needs to be taken to not continue to
+ * use a potentially compromised key.
+ */
+ boolean dicePolicyWasCurrent;
+ }
+
+ parcelable ClearKeyPolicy {
+ /*
+ * Indicates the desired key size. It will be used to calculate how many bytes of key
+ * material should be returned.
+ */
+ int keySizeBytes;
+ }
+
+ union DerivedKeyPolicy {
+ /*
+ * If used we will derive a clear key and pass it back as an array of bytes on
+ * <code>HwCryptoKeyMaterial::explicitKey</code>.
+ */
+ ClearKeyPolicy clearKey;
+
+ /*
+ * Policy for the newly derived opaque key. Defines how the key can be used and its type.
+ */
+ byte[] opaqueKey;
+ }
+
+ parcelable DerivedKeyParameters {
+ /*
+ * Key to be used to derive the new key using HKDF.
+ */
+ IOpaqueKey derivationKey;
+
+ /*
+ * Policy for the newly derived key. Depending on its type, either a clear or opaque key
+ * will be derived.
+ */
+ DerivedKeyPolicy keyPolicy;
+
+ /*
+ * An arbitrary set of bytes incorporated into the key derivation. May have an
+ * implementation-specific maximum length, but it is guaranteed to accept at least 32 bytes.
+ */
+ byte[] context;
+ }
+
+ union DerivedKey {
+ /*
+ * Derived key in clear format.
+ */
+ byte[] explicitKey = {};
+
+ /*
+ * Derived key as a key token to be used only through the HWCrypto service.
+ */
+ IOpaqueKey opaque;
+ }
+
+ /*
+ * Derives a versioned key tied to the caller's current DICE policy. It will return this current
+ * policy back to the caller along with the generated key.
+ *
+ * @param derivationKey:
+ * Key to be used to derive the new key using HKDF.
+ *
+ * @return:
+ * A DiceCurrentBoundKeyResult containint the versioned key tied the current client version
+ * on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ DiceCurrentBoundKeyResult deriveCurrentDicePolicyBoundKey(
+ in DiceBoundDerivationKey derivationKey);
+
+ /*
+ * Derive a versioned key by checking the provided DICE policy against the caller and then using
+ * it as a context for deriving the returned key.
+ *
+ * @param derivationKey:
+ * Key to be used to derive the new key using HKDF.
+ *
+ * @param dicePolicyForKeyVersion:
+ * Policy used to derive keys tied to specific versions. Using this parameter the caller can
+ * tie a derived key to a minimum version of itself, so in the future only itself or a more
+ * recent version can derive the same key. This parameter is opaque to the caller and it
+ * could be encrypted in the case the client doesn't have permission to know the dice chain.
+ * When implementing this function, this parameter shall be one of the components fed to the
+ * KDF context and it needs to be checked against the caller DICE certificate before being
+ * used.
+ *
+ * @return:
+ * A DiceBoundKeyResult containing the versioned key tied to the provided DICE policy on
+ * success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ DiceBoundKeyResult deriveDicePolicyBoundKey(
+ in DiceBoundDerivationKey derivationKey, in byte[] dicePolicyForKeyVersion);
+
+ /*
+ * Derive a new key based on the given key, policy and context.
+ *
+ * @param parameters:
+ * Parameters used for the key derivation. See <code>DerivedKeyParameters</code> on this
+ * file for more information.
+ *
+ * @return:
+ * A HwCryptoKeyMaterial containing the derived key on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ DerivedKey deriveKey(in DerivedKeyParameters parameters);
+
+ /*
+ * Returns an interface used to work on opaque keys. This interface can also be used to operate
+ * on any opaque key generated by hwkeyDeriveVersioned, even if this key has been generated
+ * after retrieving a IHwCryptoOperations binder object, as long as the parent
+ * IHwCryptoDeviceKeyAccess is not dropped between retrieving the IHwCryptoOperations binder
+ * object and deriving the key. IHwCryptoOperations can also be used to create opaque keys that
+ * are not bound to the device.
+ *
+ * @return:
+ * IHwCryptoOperations on success
+ */
+ IHwCryptoOperations getHwCryptoOperations();
+
+ /*
+ * Imports a SW clear key into the secure environment.
+ *
+ * @param keyMaterial:
+ * key to be imported.
+ *
+ * @param newKeyPolicy:
+ * Policy of the new key. Defines how the newly created key can be used. Because any clear
+ * key imported into the system is considered to have a <code>KeyLifetime::PORTABLE</code>
+ * lifetime, a call to this function will return an error if
+ * <code>newKeyPolicy.newKeyPolicy</code> is not set to portable.
+ *
+ * @return:
+ * IOpaqueKey on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ IOpaqueKey importClearKey(in ExplicitKeyMaterial keyMaterial, in KeyPolicy newKeyPolicy);
+
+ /*
+ * Returns the client current DICE policy. This policy is encrypted and considered opaque from
+ * the client perspective. This policy is the same used to create DICE bound keys and will also
+ * be used to seal secrets that can only be retrieved by the DICE policy owner. The first use of
+ * this seal operation will be <code>IOpaqueKey::getShareableToken</code> and will call this
+ * <code>IHwCryptoKey::keyTokenImport</code>. To start this process, the intended key receiver
+ * function and then pass the generated DICE policy to the owner of the key that the receiver
+ * wants to import. The key owner will then call <code>IOpaqueKey::getShareableToken</code>
+ * passing the receiver DICE policy to insure that only that receiver can import the key.
+ *
+ * @return:
+ * byte[] on success, which is the caller encrypted DICE policy.
+ */
+ byte[] getCurrentDicePolicy();
+
+ /*
+ * Imports a key from a different client service instance. Because IOpaqueKey are binder objects
+ * that cannot be directly shared between binder rpc clients, this method provide a way to send
+ * a key to another client. Keys to be imported by the receiver are represented by a token
+ * created using <code>IOpaqueKey::getShareableToken</code>. The flow to create this token is
+ * described in <code>IHwCryptoKey::getCurrentDicePolicy</code>.
+ *
+ * @param requested_key:
+ * Handle to the key to be imported to the caller service.
+ *
+ * @param sealingDicePolicy:
+ * DICE policy used to seal the exported key.
+ *
+ * @return:
+ * An IOpaqueKey that can be directly be used on the local HWCrypto service on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ IOpaqueKey keyTokenImport(in OpaqueKeyToken requestedKey, in byte[] sealingDicePolicy);
+
+ /*
+ * Gets the keyslot key material referenced by slotId. This interface is used to access device
+ * specific keys with known types and uses. Because the returned key is opaque, it can only be
+ * used through the different HwCrypto interfaces. Because the keys live in a global namespace
+ * the identity of the caller needs to be checked to verify that it has permission to access the
+ * requested key.
+ *
+ * @param slotId:
+ * Identifier for the requested keyslot
+ *
+ * @return:
+ * An IOpaqueKey corresponding to the requested key slot on success.
+ *
+ * @throws:
+ * ServiceSpecificException <code>UNAUTHORIZED</code> if the caller cannot access the
+ * requested key, another specific error based on <code>HalErrorCode</code> otherwise.
+ */
+ IOpaqueKey getKeyslotData(KeySlot slotId);
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
new file mode 100644
index 0000000..9df6d67
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IHwCryptoOperations.aidl
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.CryptoOperationErrorAdditionalInfo;
+import android.hardware.security.see.hwcrypto.CryptoOperationResult;
+import android.hardware.security.see.hwcrypto.CryptoOperationSet;
+
+/*
+ * Interface used that provides cryptographic services, including the generation and use of
+ * cryptographic keys. Interactions with this interface are done through a command-base API,
+ * which allow callers to execute a large set of operations on a single call.
+ */
+@VintfStability
+interface IHwCryptoOperations {
+ /*
+ * Executes a list of cryptographic commands in order
+ *
+ * @param operations:
+ * Parameter containing 1 or more set of commands to execute. Additionally, each set can
+ * also contain a context on which the commands will be executed.
+ *
+ * @param additionalErrorInfo:
+ * Structure containing additional info when errors are encountered. Only valid if the
+ * function failed its execution.
+ *
+ * @return:
+ * CryptoOperationResult[] on success, which can contain a context to continue executing
+ * each of the provided operations sets.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ CryptoOperationResult[] processCommandList(inout CryptoOperationSet[] operations,
+ out CryptoOperationErrorAdditionalInfo additionalErrorInfo);
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
new file mode 100644
index 0000000..318a27e
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/IOpaqueKey.aidl
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.KeyPolicy;
+import android.hardware.security.see.hwcrypto.types.OpaqueKeyToken;
+import android.hardware.security.see.hwcrypto.types.OperationType;
+import android.hardware.security.see.hwcrypto.types.ProtectionId;
+
+@VintfStability
+interface IOpaqueKey {
+ /*
+ * Exports this key as a wrapped (encrypted) blob.
+ *
+ * @param wrapping_key:
+ * wrapping key. It needs to be an opaque key and its policy needs to indicate that it can
+ * be used for key wrapping.
+ *
+ * @return:
+ * Wrapped key blob as a byte array on success. Format of the blob is opaque to the service
+ * but has to match the command accepted by
+ * <code>IHwCryptoKeyGeneration::importWrappedKey</code>
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ byte[] exportWrappedKey(in IOpaqueKey wrappingKey);
+
+ /*
+ * Returns the key policy.
+ *
+ * @return:
+ * A <code>KeyPolicy</code> on success
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ KeyPolicy getKeyPolicy();
+
+ /*
+ * Returns the public key portion of this OpaqueKey. This operation is only valid for asymmetric
+ * keys.
+ *
+ * @return:
+ * public key as a byte array on success. Format used for the returned public key is COSE.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ byte[] getPublicKey();
+
+ /*
+ * Returns a token that can shared with another HWCrypto client.
+ *
+ * @param sealingDicePolicy:
+ * Token to be used to protect the returned OpaqueKeyToken. It will be used so only
+ * the owner of the sealingDicePolicy can import the key.
+ *
+ * @return:
+ * <code>OpaqueKeyMaterial</code> token on success.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ OpaqueKeyToken getShareableToken(in byte[] sealingDicePolicy);
+
+ /*
+ * Sets the protectionID associated with the buffers where the operation will be performed. A
+ * protection ID serves as a limitation on the key so it can only operate on buffers with a
+ * matching protection ID. The client calling this functions needs to have the necessary
+ * permissions to read and/or write to this buffer. Setting this parameter means that if the key
+ * is shared with a different client, the client receiving the key will be limited in which
+ * buffers can be used to read/write data for this operation.
+ *
+ * @param protectionId:
+ * ID of the given use case to provide protection for. The method of protecting the buffer
+ * will be platform dependent.
+ *
+ * @param allowedOperations:
+ * array of allowed operations. Allowed operations are either READ or WRITE.
+ *
+ * @throws:
+ * ServiceSpecificException based on <code>HalErrorCode</code> if any error occurs.
+ */
+ void setProtectionId(in ProtectionId protectionId, in OperationType[] allowedOperations);
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
new file mode 100644
index 0000000..a20e99b
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.aidl
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.types.KeyLifetime;
+import android.hardware.security.see.hwcrypto.types.KeyPermissions;
+import android.hardware.security.see.hwcrypto.types.KeyType;
+import android.hardware.security.see.hwcrypto.types.KeyUse;
+
+/*
+ * Parcelable that specified how a key can be used.
+ */
+@VintfStability
+parcelable KeyPolicy {
+ /*
+ * Enum specifying the operations the key can perform (encryption, decryption, etc.).
+ */
+ KeyUse usage;
+
+ /*
+ * Enum that describes the key lifetime characteristics. See the docstring on
+ * <code>KeyLifetime</code> for more details.
+ */
+ KeyLifetime keyLifetime = KeyLifetime.EPHEMERAL;
+
+ /*
+ * Additional permissions of the key (e.g. key types allowed to wrap the key, boot binding,
+ * etc.). See the docstring on <code>KeyPermissions</code> for more details.
+ */
+ KeyPermissions[] keyPermissions;
+
+ /*
+ * Key can be used to wrap or derive other keys.
+ */
+ boolean keyManagementKey;
+
+ /*
+ * Enum that specifies the key type.
+ */
+ KeyType keyType = KeyType.AES_256_GCM;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
new file mode 100644
index 0000000..77b632b
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/KeyPolicy.cddl
@@ -0,0 +1,66 @@
+;
+; Copyright (C) 2024 The Android Open Source Project
+;
+; Licensed under the Apache License, Version 2.0 (the "License");
+; you may not use this file except in compliance with the License.
+; You may obtain a copy of the License at
+;
+; http://www.apache.org/licenses/LICENSE-2.0
+;
+; Unless required by applicable law or agreed to in writing, software
+; distributed under the License is distributed on an "AS IS" BASIS,
+; WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+; See the License for the specific language governing permissions and
+; limitations under the License.
+;
+
+KeyPolicy = [
+ -65701: KeyUse, ;usage
+ -65702: KeyLifetime ;keyLifetime
+ -65703: KeyPermissions ;keyPermissions
+ -65704: KeyType ;keyType
+ -65705: bool ;keyManagementKey
+]
+
+KeyUse = &(
+ ENCRYPT: 1,
+ DECRYPT: 2,
+ ENCRYPT_DECRYPT: ENCRYPT | DECRYPT,
+ SIGN: 4,
+ DERIVE: 8,
+ WRAP: 16,
+)
+
+KeyLifetime = &(
+ EPHEMERAL: 0,
+ HARDWARE: 1,
+ PORTABLE: 2,
+)
+
+KeyPermissions = &(
+ ALLOW_EPHEMERAL_KEY_WRAPPING: 0,
+ ALLOW_HARDWARE_KEY_WRAPPING: 1,
+ ALLOW_PORTABLE_KEY_WRAPPING: 2,
+)
+
+enum KeyType = &(
+ AES_128_CBC_NO_PADDING: 0,
+ AES_128_CBC_PKCS7_PADDING: 1,
+ AES_128_CTR: 2,
+ AES_128_GCM: 3,
+ AES_128_CMAC: 4,
+ AES_256_CBC_NO_PADDING: 5,
+ AES_256_CBC_PKCS7_PADDING: 6,
+ AES_256_CTR: 7,
+ AES_256_GCM: 8,
+ AES_256_CMAC: 9,
+ HMAC_SHA256: 10,
+ HMAC_SHA512: 11,
+ RSA2048_PSS_SHA256: 12,
+ RSA2048_PKCS1_5_SHA256: 13,
+ ECC_NIST_P256_SIGN_NO_PADDING: 14,
+ ECC_NIST_P256_SIGN_SHA256: 15,
+ ECC_NIST_P521_SIGN_NO_PADDING: 16,
+ ECC_NIST_P521_SIGN_SHA512: 17,
+ ECC_ED25519_SIGN:18,
+)
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
new file mode 100644
index 0000000..efc5767
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/MemoryBufferParameter.aidl
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+/*
+ * Parcelable representing a memory buffer.
+ */
+@VintfStability
+parcelable MemoryBufferParameter {
+ union MemoryBuffer {
+ ParcelFileDescriptor input;
+ ParcelFileDescriptor output;
+ }
+
+ /*
+ * Handle used to access this memory area.
+ */
+ MemoryBuffer bufferHandle;
+
+ /*
+ * Total size of the memory buffer.
+ */
+ int sizeBytes;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
new file mode 100644
index 0000000..bf0b720
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/OperationParameters.aidl
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+import android.hardware.security.see.hwcrypto.types.HmacOperationParameters;
+import android.hardware.security.see.hwcrypto.types.SymmetricAuthOperationParameters;
+import android.hardware.security.see.hwcrypto.types.SymmetricOperationParameters;
+
+/*
+ * Type that describes the parameters for the different operations that can be performed.
+ */
+@VintfStability
+union OperationParameters {
+ /*
+ * Parameters for authenticated symmetric cryptography (AES GCM).
+ */
+ SymmetricAuthOperationParameters symmetricAuthCrypto;
+
+ /*
+ * Parameters for non-authenticated symmetric cryptography (AES/TDES).
+ */
+ SymmetricOperationParameters symmetricCrypto;
+
+ /*
+ * Parameters for hash based message authenticated code operations.
+ */
+ HmacOperationParameters hmac;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
new file mode 100644
index 0000000..9f8950f
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/PatternParameters.aidl
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto;
+
+/*
+ * Parcelable that specifies a pattern to process data.
+ */
+@VintfStability
+parcelable PatternParameters {
+ /*
+ * Number of blocks that will be processed. The size of the block matches the size of the
+ * cipher used (e.g. for AES this parameter indicates the number of 16 bytes blocks to be
+ * processed).
+ */
+ long numberBlocksProcess;
+
+ /*
+ * Number of blocks that will be copied. The size of the block matches the size of the cipher
+ * used to process the encrypted areas (e.g. for AES this parameter indicates the number of 16
+ * bytes blocks to be copied).
+ */
+ long numberBlocksCopy;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
new file mode 100644
index 0000000..8ce83aa
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesCipherMode.aidl
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+import android.hardware.security.see.hwcrypto.types.CipherModeParameters;
+import android.hardware.security.see.hwcrypto.types.Void;
+
+/*
+ * Type used for the parameters needed to run a non-authenticated AES operation.
+ */
+@VintfStability
+union AesCipherMode {
+ /*
+ * Cipher Block Chaining mode. Padding will either be none or PKCS#7 depending on the key policy
+ * padding parameter. It contains the nonce for the operation.
+ */
+ CipherModeParameters cbc;
+
+ /*
+ * Counter mode. Type contains the nonce for the operation.
+ */
+ CipherModeParameters ctr;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
new file mode 100644
index 0000000..1c6551c
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesGcmMode.aidl
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Type used for the parameters needed to run an authenticated AES operation (GCM).
+ */
+@VintfStability
+union AesGcmMode {
+ parcelable AesGcmModeParameters {
+ /*
+ * Galois Counter Mode nonce. Only 12-bytes nonce are supported.
+ */
+ byte[12] nonce;
+ }
+
+ /*
+ * Galois Counter Mode with an authentication Tag that has a length of 16 bytes.
+ */
+ AesGcmModeParameters gcmTag16;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
new file mode 100644
index 0000000..ae62ef9
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/AesKey.aidl
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Type that represents an AES key.
+ */
+@VintfStability
+union AesKey {
+ /*
+ * Raw AES 128 bit key material.
+ */
+ byte[16] aes128 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+ /*
+ * Raw AES 256 bit key material.
+ */
+ byte[32] aes256;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
new file mode 100644
index 0000000..e7ede57
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/CipherModeParameters.aidl
@@ -0,0 +1,28 @@
+
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Type encapsulating nonce used on non-authenticated AES symmetric encryption.
+ */
+@VintfStability
+parcelable CipherModeParameters {
+ /*
+ * nonce to be used as IV for AES-CBC or as the nonce in AES-CTR
+ */
+ byte[16] nonce;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
new file mode 100644
index 0000000..a5bf594
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ExplicitKeyMaterial.aidl
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+import android.hardware.security.see.hwcrypto.types.AesKey;
+import android.hardware.security.see.hwcrypto.types.HmacKey;
+
+/*
+ * Type encapsulating a clear key.
+ */
+@VintfStability
+union ExplicitKeyMaterial {
+ /*
+ * AES key in clear format.
+ */
+ AesKey aes;
+
+ /*
+ * HMAC key in clear format.
+ */
+ HmacKey hmac;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
new file mode 100644
index 0000000..df12262
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.aidl
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Service error codes. Will be returned as service specific errors.
+ */
+@VintfStability
+parcelable HalErrorCode {
+ /* Success */
+ const int NO_ERROR = 0;
+
+ /* Generic error */
+ const int GENERIC_ERROR = -1;
+
+ /* Desired operation cannot be performed because of the server current state */
+ const int BAD_STATE = -2;
+
+ /* Operation or parameters are not supported by the server */
+ const int UNSUPPORTED = -3;
+
+ /* Error encountered when parsing parameters */
+ const int SERIALIZATION_ERROR = -4;
+
+ /* Server ran out of memory when performing operation */
+ const int ALLOCATION_ERROR = -5;
+
+ /* Provided key is not compatible with the operation */
+ const int INVALID_KEY = -6;
+
+ /* Bad parameter supplied for the desired operation */
+ const int BAD_PARAMETER = -7;
+
+ /* Caller is not authorized to make this call */
+ const int UNAUTHORIZED = -8;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
new file mode 100644
index 0000000..b1a988e
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacKey.aidl
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Type that represents an Hmac key.
+ */
+@VintfStability
+union HmacKey {
+ /*
+ * Raw Hmac key for use with sha256.
+ */
+ byte[32] sha256 = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0};
+
+ /*
+ * Raw Hmac key for use with sha512.
+ */
+ byte[64] sha512;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
new file mode 100644
index 0000000..faa3072
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/HmacOperationParameters.aidl
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+import android.hardware.security.see.hwcrypto.IOpaqueKey;
+/*
+ * Data needed to perform HMAC operations.
+ */
+@VintfStability
+parcelable HmacOperationParameters {
+ /*
+ * Key to be used for the HMAC operation.
+ */
+ IOpaqueKey key;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
new file mode 100644
index 0000000..b03b850
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyLifetime.aidl
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Enum that gives more information about the lifetime characteristics of the key. They are
+ * represented as a bitmask to allow us to internally combine them on a single property to describe
+ * a set of allowed lifetimes.
+ */
+@VintfStability
+@Backing(type="byte")
+enum KeyLifetime {
+ /*
+ * Hardware keys with limited validity (until key is erased or power cycle occurs).
+ */
+ EPHEMERAL,
+
+ /*
+ * Key only lives or was derived from a key that only lives in hardware. This key cannot be
+ * retrieved in the clear.
+ */
+ HARDWARE,
+
+ /*
+ * Key could have been at some point of its lifetime in the clear on a software component.
+ */
+ PORTABLE,
+
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
new file mode 100644
index 0000000..c48ef8b
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyPermissions.aidl
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Additional characteristics and permissions of the key.
+ */
+@VintfStability
+enum KeyPermissions {
+ /*
+ * Key can be wrapped by an ephemeral key.
+ */
+ ALLOW_EPHEMERAL_KEY_WRAPPING,
+
+ /*
+ * Key can be wrapped by a hardware key. Notice that ephemeral keys cannot be wrapped by
+ * hardware keys.
+ */
+ ALLOW_HARDWARE_KEY_WRAPPING,
+
+ /*
+ * Key can be wrapped by a portable key. Notice that neither ephemeral keys nor hardware keys
+ * can be wrapped by portable keys.
+ */
+ ALLOW_PORTABLE_KEY_WRAPPING,
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
new file mode 100644
index 0000000..ed90899
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyType.aidl
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Enum describing all supported key types. Key types are strongly bound to the algorithm to
+ * prevent reusing the same key on different algorithms (e.g. using the same key for 2 different AES
+ * 128 Cipher modes).
+ */
+@VintfStability
+enum KeyType {
+ /*
+ * AES with key size 128 bits using CBC mode of operation and no padding.
+ */
+ AES_128_CBC_NO_PADDING,
+
+ /*
+ * AES with key size 128 bits using CBC mode of operation and PKCS7 padding.
+ */
+ AES_128_CBC_PKCS7_PADDING,
+
+ /*
+ * AES with key size 128 bits using counter mode.
+ */
+ AES_128_CTR,
+
+ /*
+ * AES with key size 128 bits using GCM mode for authenticated encryption.
+ */
+ AES_128_GCM,
+
+ /*
+ * AES with key size 128 bits for CMAC calculation.
+ */
+ AES_128_CMAC,
+
+ /*
+ * AES with key size 256 bits using CBC mode of operation and no padding.
+ */
+ AES_256_CBC_NO_PADDING,
+
+ /*
+ * AES with key size 256 bits using CBC mode of operation and PKCS7 padding.
+ */
+ AES_256_CBC_PKCS7_PADDING,
+
+ /*
+ * AES with key size 128 bits using counter mode.
+ */
+ AES_256_CTR,
+
+ /*
+ * AES with key size 128 bits using GCM mode for authenticated encryption.
+ */
+ AES_256_GCM,
+
+ /*
+ * AES with key size 128 bits for CMAC calculation.
+ */
+ AES_256_CMAC,
+
+ /*
+ * Key of length of 32 bytes for HMAC operations using SHA256.
+ */
+ HMAC_SHA256,
+
+ /*
+ * Key of length of 64 bytes for HMAC operations using SHA512.
+ */
+ HMAC_SHA512,
+
+ /*
+ * RSA of key size of 2048 bits for signing using PSS.
+ */
+ RSA2048_PSS_SHA256,
+
+ /*
+ * RSA of key size of 2048 bits for signing with padding PKCS 1.5 and SHA256 as the digest
+ * algorithm.
+ */
+ RSA2048_PKCS1_5_SHA256,
+
+ /*
+ * ECC key for signing using curve P-256 and no padding.
+ */
+ ECC_NIST_P256_SIGN_NO_PADDING,
+
+ /*
+ * ECC key for signing using curve P-256 and SHA256 as hashing algorithm.
+ */
+ ECC_NIST_P256_SIGN_SHA256,
+
+ /*
+ * ECC key for signing using curve P-521 and no padding.
+ */
+ ECC_NIST_P521_SIGN_NO_PADDING,
+
+ /*
+ * ECC key for signing using curve P-512 and SHA512 as hashing algorithm.
+ */
+ ECC_NIST_P521_SIGN_SHA512,
+
+ /*
+ * ECC key for signing using EdDSA.
+ */
+ ECC_ED25519_SIGN,
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
new file mode 100644
index 0000000..60bfd06
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/KeyUse.aidl
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Enum describing the allowed operations that can be performed with the given key.
+ */
+@VintfStability
+@Backing(type="int")
+enum KeyUse {
+ /* Key can be used to encrypt */
+ ENCRYPT = 1,
+
+ /* Key can be used to decrypt */
+ DECRYPT = 2,
+
+ /* Key can be used to encrypt or decrypt */
+ ENCRYPT_DECRYPT = ENCRYPT | DECRYPT,
+
+ /* Key can be used to sign */
+ SIGN = 4,
+
+ /* Key can be used to derive other keys */
+ DERIVE = 8,
+
+ /* Key can be used to wrap other keys */
+ WRAP = 16,
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
new file mode 100644
index 0000000..0f3c099
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/MemoryBufferReference.aidl
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Structure representing a section of a memory buffer.
+ */
+@VintfStability
+@RustDerive(Copy=true, Clone=true)
+parcelable MemoryBufferReference {
+ /*
+ * Start of the memory buffer section measured from the start of the memory buffer set for this
+ * operation.
+ */
+ int startOffset;
+
+ /*
+ * Total size of the memory buffer section.
+ */
+ int sizeBytes;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
new file mode 100644
index 0000000..25cc6fb
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OpaqueKeyToken.aidl
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Implementation defined structure that represents a key and its associated metadata. It is only
+ * valid on the current boot, and its reuse after a session is closed (or between sessions) is not
+ * guaranteed.
+ */
+@VintfStability
+parcelable OpaqueKeyToken {
+ /*
+ * Opaque type used to send IOpaqueKeys keys to different clients. Its format is implementation
+ * dependant.
+ */
+ byte[] keyToken;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
new file mode 100644
index 0000000..8dfca72
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationData.aidl
@@ -0,0 +1,34 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+import android.hardware.security.see.hwcrypto.types.MemoryBufferReference;
+
+/*
+ * Union holding buffers to be used by the cryptographic operation.
+ */
+@VintfStability
+union OperationData {
+ /*
+ * Reference (offset, size) to the active operations' MemoryBuffer.
+ */
+ MemoryBufferReference memoryBufferReference;
+
+ /*
+ * Vector of data to use for the operation.
+ */
+ byte[] dataBuffer;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
new file mode 100644
index 0000000..2dc9ae9
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/OperationType.aidl
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Enum describing the different types of operations allowed on a buffer.
+ */
+@VintfStability
+enum OperationType {
+ /* Read operations allowed*/
+ READ,
+
+ /* Write operations allowed*/
+ WRITE,
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
new file mode 100644
index 0000000..8fd0551
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/ProtectionId.aidl
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Enum describing the different types of protected buffers. Protected buffers are named by its
+ * corresponding use case and its underlaying implementation is platform dependant.
+ */
+@VintfStability
+enum ProtectionId {
+ /*
+ * ProtectionID used by HwCrypto to enable Keys that can be used for Widevine video buffers.
+ * These buffers should not be readable by non-trusted entities and HwCrypto should not allow
+ * any read access to them through its interface.
+ */
+ WIDEVINE_OUTPUT_BUFFER = 1,
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
new file mode 100644
index 0000000..79c39f9
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthCryptoParameters.aidl
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+import android.hardware.security.see.hwcrypto.types.AesGcmMode;
+
+/*
+ * Data needed to perform authenticated symmetric cryptographic operations.
+ */
+@VintfStability
+union SymmetricAuthCryptoParameters {
+ /*
+ * AES (Advanced Encryption Standard) GCM parameters.
+ */
+ AesGcmMode aes;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
new file mode 100644
index 0000000..844a3bc
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricAuthOperationParameters.aidl
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+import android.hardware.security.see.hwcrypto.IOpaqueKey;
+import android.hardware.security.see.hwcrypto.types.SymmetricAuthCryptoParameters;
+import android.hardware.security.see.hwcrypto.types.SymmetricOperation;
+
+/*
+ * Parameters needed to perform an authenticated symmetric cryptographic operation. Currently only
+ * AES-GCM is supported.
+ */
+@VintfStability
+parcelable SymmetricAuthOperationParameters {
+ /*
+ * Key to be used on the operation.
+ */
+ IOpaqueKey key;
+
+ /*
+ * Encryption or Decryption.
+ */
+ SymmetricOperation direction;
+
+ /*
+ * Parameters that specify the desired authenticated cryptographic operation.
+ */
+ SymmetricAuthCryptoParameters parameters;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
new file mode 100644
index 0000000..679fe6a
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricCryptoParameters.aidl
@@ -0,0 +1,29 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+import android.hardware.security.see.hwcrypto.types.AesCipherMode;
+
+/*
+ * Data needed to perform non-authenticated symmetric cryptographic operations.
+ */
+@VintfStability
+union SymmetricCryptoParameters {
+ /*
+ * AES (Advanced Encryption Standard) parameters.
+ */
+ AesCipherMode aes;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
new file mode 100644
index 0000000..d88d4e9
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperation.aidl
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Enum describing the type of symmetric operation desired.
+ */
+@VintfStability enum SymmetricOperation { ENCRYPT, DECRYPT }
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
new file mode 100644
index 0000000..509d416
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/SymmetricOperationParameters.aidl
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+import android.hardware.security.see.hwcrypto.IOpaqueKey;
+import android.hardware.security.see.hwcrypto.types.SymmetricCryptoParameters;
+import android.hardware.security.see.hwcrypto.types.SymmetricOperation;
+
+/*
+ * Parameters needed to perform a non-authenticated symmetric cryptographic operation.
+ */
+@VintfStability
+parcelable SymmetricOperationParameters {
+ /*
+ * Key to be used on the operation.
+ */
+ IOpaqueKey key;
+
+ /*
+ * Encryption or Decryption.
+ */
+ SymmetricOperation direction;
+
+ /*
+ * Parameters that specify the desired non-authenticated symmetric cryptographic operation.
+ */
+ SymmetricCryptoParameters parameters;
+}
diff --git a/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
new file mode 100644
index 0000000..243fb45
--- /dev/null
+++ b/security/see/hwcrypto/aidl/android/hardware/security/see/hwcrypto/types/Void.aidl
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.hardware.security.see.hwcrypto.types;
+
+/*
+ * Type used to represent no data.
+ */
+@VintfStability
+parcelable Void {}