From a1f4c0a260175d49bac5ddc4673d6d8784979739 Mon Sep 17 00:00:00 2001
From: destradaa <destradaa@google.com>
Date: Fri, 13 Sep 2013 15:45:03 -0700
Subject: Update to GpsHal to allow injection/revocation of certificates for
 SUPL connections.

Change-Id: I1fd432566623c4cebfb5b53e5f696ad359d49e6f
---
 include/hardware/gps.h | 75 ++++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 73 insertions(+), 2 deletions(-)

(limited to 'include/hardware/gps.h')

diff --git a/include/hardware/gps.h b/include/hardware/gps.h
index 458b5b4..d905725 100644
--- a/include/hardware/gps.h
+++ b/include/hardware/gps.h
@@ -221,6 +221,11 @@ typedef uint16_t AGpsStatusValue;
 #define AGPS_INTERFACE      "agps"
 
 /**
+ * Name of the Supl Certificate interface.
+ */
+#define SUPL_CERTIFICATE_INTERFACE  "supl-certificate"
+
+/**
  * Name for NI interface
  */
 #define GPS_NI_INTERFACE "gps-ni"
@@ -507,7 +512,7 @@ typedef struct {
      */
     void  (*init)( AGpsCallbacks* callbacks );
     /**
-     * Notifies that a data connection is available and sets 
+     * Notifies that a data connection is available and sets
      * the name of the APN to be used for SUPL.
      */
     int  (*data_conn_open)( const char* apn );
@@ -516,7 +521,7 @@ typedef struct {
      */
     int  (*data_conn_closed)();
     /**
-     * Notifies that a data connection is not available for AGPS. 
+     * Notifies that a data connection is not available for AGPS.
      */
     int  (*data_conn_failed)();
     /**
@@ -525,6 +530,72 @@ typedef struct {
     int  (*set_server)( AGpsType type, const char* hostname, int port );
 } AGpsInterface;
 
+/** Error codes associated with certificate operations */
+#define AGPS_CERTIFICATE_OPERATION_SUCCESS               0
+#define AGPS_CERTIFICATE_ERROR_GENERIC                -100
+#define AGPS_CERTIFICATE_ERROR_TOO_MANY_CERTIFICATES  -101
+
+/** A data structure that represents an X.509 certificate using DER encoding */
+typedef struct {
+    size_t  length;
+    u_char* data;
+} DerEncodedCertificate;
+
+/**
+ * A type definition for SHA1 Fingerprints used to identify X.509 Certificates
+ * The Fingerprint is a digest of the DER Certificate that uniquely identifies it.
+ */
+typedef struct {
+    u_char data[20];
+} Sha1CertificateFingerprint;
+
+/** AGPS Inteface to handle SUPL certificate operations */
+typedef struct {
+    /** set to sizeof(SuplCertificateInterface) */
+    size_t size;
+
+    /**
+     * Installs a set of Certificates used for SUPL connections to the AGPS server.
+     * If needed the HAL should find out internally any certificates that need to be removed to
+     * accommodate the certificates to install.
+     * The certificates installed represent a full set of valid certificates needed to connect to
+     * AGPS SUPL servers.
+     * The list of certificates is required, and all must be available at the same time, when trying
+     * to establish a connection with the AGPS Server.
+     *
+     * Parameters:
+     *      certificates - A pointer to an array of DER encoded certificates that are need to be
+     *                     installed in the HAL.
+     *      length - The number of certificates to install.
+     * Returns:
+     *      AGPS_CERTIFICATE_OPERATION_SUCCESS if the operation is completed successfully
+     *      AGPS_CERTIFICATE_ERROR_TOO_MANY_CERTIFICATES if the HAL cannot store the number of
+     *          certificates attempted to be installed, the state of the certificates stored should
+     *          remain the same as before on this error case.
+     *
+     * IMPORTANT:
+     *      If needed the HAL should find out internally the set of certificates that need to be
+     *      removed to accommodate the certificates to install.
+     */
+    int  (*install_certificates) ( const DerEncodedCertificate* certificates, size_t length );
+
+    /**
+     * Notifies the HAL that a list of certificates used for SUPL connections are revoked. It is
+     * expected that the given set of certificates is removed from the internal store of the HAL.
+     *
+     * Parameters:
+     *      fingerprints - A pointer to an array of SHA1 Fingerprints to identify the set of
+     *                     certificates to revoke.
+     *      length - The number of fingerprints provided.
+     * Returns:
+     *      AGPS_CERTIFICATE_OPERATION_SUCCESS if the operation is completed successfully.
+     *
+     * IMPORTANT:
+     *      If any of the certificates provided (through its fingerprint) is not known by the HAL,
+     *      it should be ignored and continue revoking/deleting the rest of them.
+     */
+    int  (*revoke_certificates) ( const Sha1CertificateFingerprint* fingerprints, size_t length );
+} SuplCertificateInteface;
 
 /** Represents an NI request */
 typedef struct {
-- 
cgit v1.1