diff options
| -rw-r--r-- | core/java/android/security/IKeystoreService.aidl | 2 | ||||
| -rw-r--r-- | keystore/java/android/security/KeyStore.java | 30 |
2 files changed, 32 insertions, 0 deletions
diff --git a/core/java/android/security/IKeystoreService.aidl b/core/java/android/security/IKeystoreService.aidl index 14b5748..579cdbe 100644 --- a/core/java/android/security/IKeystoreService.aidl +++ b/core/java/android/security/IKeystoreService.aidl @@ -73,4 +73,6 @@ interface IKeystoreService { OperationResult update(IBinder token, in KeymasterArguments params, in byte[] input); OperationResult finish(IBinder token, in KeymasterArguments params, in byte[] signature); int abort(IBinder handle); + boolean isOperationAuthorized(IBinder token); + int addAuthToken(in byte[] authToken); } diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index f68b3f6..94a479b 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -476,4 +476,34 @@ public class KeyStore { return SYSTEM_ERROR; } } + + /** + * Check if the operation referenced by {@code token} is currently authorized. + * + * @param token An operation token returned by a call to {@link KeyStore.begin}. + */ + public boolean isOperationAuthorized(IBinder token) { + try { + return mBinder.isOperationAuthorized(token); + } catch (RemoteException e) { + Log.w(TAG, "Cannot connect to keystore", e); + return false; + } + } + + /** + * Add an authentication record to the keystore authorization table. + * + * @param authToken The packed bytes of a hw_auth_token_t to be provided to keymaster. + * @return {@code KeyStore.NO_ERROR} on success, otherwise an error value corresponding to + * a {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode. + */ + public int addAuthToken(byte[] authToken) { + try { + return mBinder.addAuthToken(authToken); + } catch (RemoteException e) { + Log.w(TAG, "Cannot connect to keystore", e); + return SYSTEM_ERROR; + } + } } |