2016-10-12 12:23:58 +02:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2016 The Android Open Source Project
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package android.hardware.keymaster@3.0;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Keymaster device definition. For thorough documentation see the implementer's reference, at
|
|
|
|
* https://source.android.com/security/keystore/implementer-ref.html
|
|
|
|
*/
|
|
|
|
interface IKeymasterDevice {
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns information about the underlying keymaster hardware.
|
|
|
|
*
|
|
|
|
* @return isSecure is true if keys are stored and never leave secure hardware (Trusted
|
|
|
|
* Execution Environment or similar). CDD requires that all devices initially
|
|
|
|
* launched with Marshmallow or later must have secure hardware.
|
|
|
|
*
|
|
|
|
* @return supportsEllipticCurve is true if the hardware supports Elliptic Curve cryptography
|
|
|
|
* with the NIST curves (P-224, P-256, P-384, and P-521). CDD requires that all
|
|
|
|
* devices initially launched with Nougat or later must support Elliptic Curve
|
|
|
|
* cryptography.
|
|
|
|
*
|
|
|
|
* @return supportsSymmetricCryptography is true if the hardware supports symmetric
|
|
|
|
* cryptography, including AES and HMAC. CDD requires that all devices initially
|
|
|
|
* launched with Nougat or later must support hardware enforcement of Keymaster
|
|
|
|
* authorizations.
|
|
|
|
*
|
|
|
|
* @return supportsAttestation is true if the hardware supports generation of Keymaster public
|
|
|
|
* key attestation certificates, signed with a key injected in a secure
|
|
|
|
* environment. CDD requires that all devices initially launched with Android O or
|
|
|
|
* later must support hardware attestation.
|
2017-02-23 19:01:49 +01:00
|
|
|
*
|
|
|
|
* @return supportsAllDigests is true if the hardware supports all keymaster digest functions,
|
|
|
|
* namely ND-5, SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512. CDD requires that all
|
|
|
|
* devices launched initially with Android O or later must support all digests.
|
|
|
|
*
|
|
|
|
* @return keymasterName is the name of the keymaster implementation.
|
|
|
|
*
|
|
|
|
* @return keymasterAuthorName is the name of the author of the keymaster implementation
|
|
|
|
* (generally this should be the name of an organization, not an individual.)
|
2016-10-12 12:23:58 +02:00
|
|
|
*/
|
|
|
|
getHardwareFeatures()
|
2017-02-23 19:01:49 +01:00
|
|
|
generates(bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
|
|
|
|
bool supportsAttestation, bool supportsAllDigests, string keymasterName,
|
|
|
|
string keymasterAuthorName);
|
2016-10-12 12:23:58 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Adds entropy to the RNG used by keymaster. Entropy added through this method is guaranteed
|
|
|
|
* not to be the only source of entropy used, and the mixing function is required to be secure,
|
|
|
|
* in the sense that if the RNG is seeded (from any source) with any data the attacker cannot
|
|
|
|
* predict (or control), then the RNG output is indistinguishable from random. Thus, if the
|
|
|
|
* entropy from any source is good, the output must be good.
|
|
|
|
*
|
|
|
|
* @param data Bytes to be mixed into the RNG.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum in types.hal.
|
|
|
|
*/
|
|
|
|
addRngEntropy(vec<uint8_t> data) generates(ErrorCode error);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generates a key, or key pair, returning a key blob and/or a description of the key.
|
|
|
|
*
|
|
|
|
* @param keyParams Key generation parameters are defined as keymaster tag/value pairs, provided
|
|
|
|
* in params. See Tag in types.hal for the full list.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum in types.hal.
|
|
|
|
*
|
|
|
|
* @return keyBlob Opaque, encrypted descriptor of the generated key, which generally contains a
|
|
|
|
* copy of the key material, wrapped in a key unavailable outside secure hardware.
|
|
|
|
*
|
|
|
|
* @return keyCharacteristics Description of the generated key. See KeyCharacteristis in
|
|
|
|
* types.hal.
|
|
|
|
*/
|
|
|
|
generateKey(vec<KeyParameter> keyParams)
|
|
|
|
generates(ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Imports a key, or key pair, returning a key blob and/or a description of the key.
|
|
|
|
*
|
|
|
|
* @param keyParams Key generation parameters are defined as keymaster tag/value pairs, provided
|
|
|
|
* in params. See Tag for the full list.
|
|
|
|
*
|
|
|
|
* @param keyFormat The format of the key material to import. See KeyFormat in types.hal.
|
|
|
|
*
|
|
|
|
* @pram keyData The key material to import, in the format specifed in keyFormat.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum.
|
|
|
|
*
|
|
|
|
* @return keyBlob Opaque, encrypted descriptor of the generated key, which will generally
|
|
|
|
* contain a copy of the key material, wrapped in a key unavailable outside secure
|
|
|
|
* hardware.
|
|
|
|
*
|
|
|
|
* @return keyCharacteristics Decription of the generated key. See KeyCharacteristis.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum.
|
|
|
|
*/
|
|
|
|
importKey(vec<KeyParameter> params, KeyFormat keyFormat, vec<uint8_t> keyData)
|
|
|
|
generates(ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns the characteristics of the specified key, if the keyBlob is valid (implementations
|
|
|
|
* must fully validate the integrity of the key).
|
|
|
|
*
|
|
|
|
* @param keyBlob The opaque descriptor returned by generateKey() or importKey();
|
|
|
|
*
|
|
|
|
* @param clientId An opaque byte string identifying the client. This value must match the
|
|
|
|
* Tag::APPLICATION_ID data provided during key generation/import. Without the
|
|
|
|
* correct value it must be cryptographically impossible for the secure hardware to
|
|
|
|
* obtain the key material.
|
|
|
|
*
|
|
|
|
* @param appData An opaque byte string provided by the application. This value must match the
|
|
|
|
* Tag::APPLICATION_DATA data provided during key generation/import. Without the
|
|
|
|
* correct value it must be cryptographically impossible for the secure hardware to
|
|
|
|
* obtain the key material.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum in types.hal.
|
|
|
|
*
|
|
|
|
* @return keyCharacteristics Decription of the generated key. See KeyCharacteristis in
|
|
|
|
* types.hal.
|
|
|
|
*/
|
|
|
|
getKeyCharacteristics(vec<uint8_t> keyBlob, vec<uint8_t> clientId, vec<uint8_t> appData)
|
|
|
|
generates(ErrorCode error, KeyCharacteristics keyCharacteristics);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Exports a public key, returning the key in the specified format.
|
|
|
|
*
|
|
|
|
* @parm keyFormat The format used for export. See KeyFormat in types.hal.
|
|
|
|
*
|
|
|
|
* @param keyBlob The opaque descriptor returned by generateKey() or importKey(). The
|
|
|
|
* referenced key must be asymmetric.
|
|
|
|
*
|
|
|
|
* @param clientId An opaque byte string identifying the client. This value must match the
|
|
|
|
* Tag::APPLICATION_ID data provided during key generation/import. Without the
|
|
|
|
* correct value it must be cryptographically impossible for the secure hardware to
|
|
|
|
* obtain the key material.
|
|
|
|
*
|
|
|
|
* @param appData An opaque byte string provided by the application. This value must match the
|
|
|
|
* Tag::APPLICATION_DATA data provided during key generation/import. Without the
|
|
|
|
* correct value it must be cryptographically impossible for the secure hardware to
|
|
|
|
* obtain the key material.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum in types.hal.
|
|
|
|
*
|
|
|
|
* @return keyMaterial The public key material in PKCS#8 format.
|
|
|
|
*/
|
|
|
|
exportKey(KeyFormat keyFormat, vec<uint8_t> keyBlob, vec<uint8_t> clientId,
|
|
|
|
vec<uint8_t> appData) generates(ErrorCode error, vec<uint8_t> keyMaterial);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generates a signed X.509 certificate chain attesting to the presence of keyToAttest in
|
|
|
|
* keymaster. The certificate will contain an extension with OID 1.3.6.1.4.1.11129.2.1.17 and
|
|
|
|
* value defined in:
|
|
|
|
*
|
|
|
|
* https://developer.android.com/training/articles/security-key-attestation.html.
|
|
|
|
*
|
|
|
|
* @param keyToAttest The opaque descriptor returned by generateKey() or importKey(). The
|
|
|
|
* referenced key must be asymmetric.
|
|
|
|
*
|
|
|
|
* @param attestParams Parameters for the attestation, notably Tag::ATTESTATION_CHALLENGE.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum in types.hal.
|
|
|
|
*/
|
|
|
|
attestKey(vec<uint8_t> keyToAttest, vec<KeyParameter> attestParams)
|
|
|
|
generates(ErrorCode error, vec<vec<uint8_t>> certChain);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Upgrades an old key. Keys can become "old" in two ways: Keymaster can be upgraded to a new
|
|
|
|
* version, or the system can be updated to invalidate the OS version and/or patch level. In
|
|
|
|
* either case, attempts to use an old key with getKeyCharacteristics(), exportKey(),
|
|
|
|
* attestKey() or begin() will result in keymaster returning
|
|
|
|
* ErrorCode::KEY_REQUIRES_UPGRADE. This method must then be called to upgrade the key.
|
|
|
|
*
|
|
|
|
* @param keyBlobToUpgrade The opaque descriptor returned by generateKey() or importKey();
|
|
|
|
*
|
|
|
|
* @param upgradeParams A parameter list containing any parameters needed to complete the
|
|
|
|
* upgrade, including Tag::APPLICATION_ID and Tag::APPLICATION_DATA.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum.
|
|
|
|
*/
|
|
|
|
upgradeKey(vec<uint8_t> keyBlobToUpgrade, vec<KeyParameter> upgradeParams)
|
|
|
|
generates(ErrorCode error, vec<uint8_t> upgradedKeyBlob);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Deletes the key, or key pair, associated with the key blob. After calling this function it
|
|
|
|
* will be impossible to use the key for any other operations. May be applied to keys from
|
|
|
|
* foreign roots of trust (keys not usable under the current root of trust).
|
|
|
|
*
|
|
|
|
* This is a NOP for keys that don't have rollback protection.
|
|
|
|
*
|
|
|
|
* @param keyBlobToUpgrade The opaque descriptor returned by generateKey() or importKey();
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum.
|
|
|
|
*/
|
|
|
|
deleteKey(vec<uint8_t> keyBlob) generates(ErrorCode error);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
|
|
|
|
* calling this function it will be impossible to use any previously generated or imported key
|
|
|
|
* blobs for any operations.
|
|
|
|
*
|
|
|
|
* This is a NOP if keys don't have rollback protection.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum.
|
|
|
|
*/
|
|
|
|
deleteAllKeys() generates(ErrorCode error);
|
|
|
|
|
2017-01-23 13:51:10 +01:00
|
|
|
/**
|
|
|
|
* Destroys knowledge of the device's ids. This prevents all device id attestation in the
|
|
|
|
* future. The destruction must be permanent so that not even a factory reset will restore the
|
|
|
|
* device ids.
|
|
|
|
*
|
|
|
|
* Device id attestation may be provided only if this method is fully implemented, allowing the
|
|
|
|
* user to permanently disable device id attestation. If this cannot be guaranteed, the device
|
|
|
|
* must never attest any device ids.
|
|
|
|
*
|
|
|
|
* This is a NOP if device id attestation is not supported.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum.
|
|
|
|
*/
|
|
|
|
destroyAttestationIds() generates(ErrorCode error);
|
|
|
|
|
2016-10-12 12:23:58 +02:00
|
|
|
/**
|
|
|
|
* Begins a cryptographic operation using the specified key. If all is well, begin() will return
|
|
|
|
* ErrorCode::OK and create an operation handle which must be passed to subsequent calls to
|
|
|
|
* update(), finish() or abort().
|
|
|
|
*
|
|
|
|
* It is critical that each call to begin() be paired with a subsequent call to finish() or
|
|
|
|
* abort(), to allow the keymaster implementation to clean up any internal operation state.
|
|
|
|
* Failure to do this may leak internal state space or other internal resources and may
|
|
|
|
* eventually cause begin() to return ErrorCode::TOO_MANY_OPERATIONS when it runs out of space
|
|
|
|
* for operations. Any result other than ErrorCode::OK from begin(), update() or finish()
|
|
|
|
* implicitly aborts the operation, in which case abort() need not be called (and will return
|
|
|
|
* ErrorCode::INVALID_OPERATION_HANDLE if called).
|
|
|
|
*
|
|
|
|
* @param purpose The purpose of the operation, one of KeyPurpose::ENCRYPT, KeyPurpose::DECRYPT,
|
|
|
|
* KeyPurpose::SIGN or KeyPurpose::VERIFY. Note that for AEAD modes, encryption and
|
|
|
|
* decryption imply signing and verification, respectively, but must be specified as
|
|
|
|
* KeyPurpose::ENCRYPT and KeyPurpose::DECRYPT.
|
|
|
|
*
|
|
|
|
* @param keyBlob The opaque key descriptor returned by generateKey() or importKey(). The key
|
|
|
|
* must have a purpose compatible with purpose and all of its usage requirements
|
|
|
|
* must be satisfied, or begin() will return an appropriate error code.
|
|
|
|
*
|
|
|
|
* @param inParams Additional parameters for the operation. This is typically used to provide
|
|
|
|
* authentication data, with Tag::AUTH_TOKEN. If Tag::APPLICATION_ID or
|
|
|
|
* Tag::APPLICATION_DATA were provided during generation, they must be provided
|
|
|
|
* here, or the operation will fail with ErrorCode::INVALID_KEY_BLOB. For operations
|
|
|
|
* that require a nonce or IV, on keys that were generated with Tag::CALLER_NONCE,
|
|
|
|
* inParams may contain a tag Tag::NONCE.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum in types.hal.
|
|
|
|
*
|
|
|
|
* @return outParams Output parameters. Used to return additional data from the operation
|
|
|
|
* initialization, notably to return the IV or nonce from operations that generate
|
|
|
|
* an IV or nonce.
|
|
|
|
*
|
|
|
|
* @return operationHandle The newly-created operation handle which must be passed to update(),
|
|
|
|
* finish() or abort().
|
|
|
|
*/
|
|
|
|
begin(KeyPurpose purpose, vec<uint8_t> key, vec<KeyParameter> inParams)
|
|
|
|
generates(ErrorCode error, vec<KeyParameter> outParams, OperationHandle operationHandle);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Provides data to, and possibly receives output from, an ongoing cryptographic operation begun
|
|
|
|
* with begin().
|
|
|
|
*
|
|
|
|
* If operationHandle is invalid, update() will return ErrorCode::INVALID_OPERATION_HANDLE.
|
|
|
|
*
|
|
|
|
* update() may not consume all of the data provided in the data buffer. update() will return
|
|
|
|
* the amount consumed in inputConsumed. The caller may provide the unconsumed data in a
|
|
|
|
* subsequent call.
|
|
|
|
*
|
|
|
|
* @param operationHandle The operation handle returned by begin().
|
|
|
|
*
|
|
|
|
* @param inParams Additional parameters for the operation. For AEAD modes, this is used to
|
|
|
|
* specify Tag::ADDITIONAL_DATA. Note that additional data may be provided in
|
|
|
|
* multiple calls to update(), but only until input data has been provided.
|
|
|
|
*
|
|
|
|
* @param input Data to be processed, per the parameters established in the call to begin().
|
|
|
|
* Note that update() may or may not consume all of the data provided. See
|
|
|
|
* inputConsumed.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum in types.hal.
|
|
|
|
*
|
|
|
|
* @return inputConsumed Amount of data that was consumed by update(). If this is less than the
|
|
|
|
* amount provided, the caller may provide the remainder in a subsequent call to
|
|
|
|
* update() or finish().
|
|
|
|
*
|
|
|
|
* @return outParams Output parameters, used to return additional data from the operation The
|
|
|
|
* caller takes ownership of the output parameters array and must free it with
|
|
|
|
* keymaster_free_param_set().
|
|
|
|
*
|
|
|
|
* @return output The output data, if any.
|
|
|
|
*/
|
|
|
|
update(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input)
|
|
|
|
generates(ErrorCode error, uint32_t inputConsumed, vec<KeyParameter> outParams,
|
|
|
|
vec<uint8_t> output);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Finalizes a cryptographic operation begun with begin() and invalidates operationHandle.
|
|
|
|
*
|
|
|
|
* @param operationHandle The operation handle returned by begin(). This handle will be
|
|
|
|
* invalid when finish() returns.
|
|
|
|
*
|
|
|
|
* @param inParams Additional parameters for the operation. For AEAD modes, this is used to
|
|
|
|
* specify Tag::ADDITIONAL_DATA, but only if no input data was provided to update().
|
|
|
|
*
|
|
|
|
* @param input Data to be processed, per the parameters established in the call to
|
|
|
|
* begin(). finish() must consume all provided data or return
|
|
|
|
* ErrorCode::INVALID_INPUT_LENGTH.
|
|
|
|
*
|
|
|
|
* @param signature The signature to be verified if the purpose specified in the begin() call
|
|
|
|
* was KeyPurpose::VERIFY.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum in types.hal.
|
|
|
|
*
|
|
|
|
* @return outParams Any output parameters generated by finish().
|
|
|
|
*
|
|
|
|
* @return output The output data, if any.
|
|
|
|
*/
|
|
|
|
finish(OperationHandle operationHandle, vec<KeyParameter> inParams, vec<uint8_t> input,
|
|
|
|
vec<uint8_t> signature)
|
|
|
|
generates(ErrorCode error, vec<KeyParameter> outParams, vec<uint8_t> output);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Aborts a cryptographic operation begun with begin(), freeing all internal resources and
|
|
|
|
* invalidating operationHandle.
|
|
|
|
*
|
|
|
|
* @param operationHandle The operation handle returned by begin(). This handle will be
|
|
|
|
* invalid when abort() returns.
|
|
|
|
*
|
|
|
|
* @return error See the ErrorCode enum in types.hal.
|
|
|
|
*/
|
|
|
|
abort(OperationHandle operationHandle) generates(ErrorCode error);
|
|
|
|
};
|