am b1a12188
: Merge "Define keymaster HAL v0.4."
* commit 'b1a1218845eb32564b2f7f0297096ec43b27e41b': Define keymaster HAL v0.4.
This commit is contained in:
commit
bde6c2bb3f
2 changed files with 1140 additions and 166 deletions
|
@ -22,6 +22,7 @@
|
|||
#include <sys/types.h>
|
||||
|
||||
#include <hardware/hardware.h>
|
||||
#include <hardware/keymaster_defs.h>
|
||||
|
||||
__BEGIN_DECLS
|
||||
|
||||
|
@ -36,51 +37,19 @@ __BEGIN_DECLS
|
|||
* Settings for "module_api_version" and "hal_api_version"
|
||||
* fields in the keymaster_module initialization.
|
||||
*/
|
||||
#define KEYMASTER_HEADER_VERSION 3
|
||||
#define KEYMASTER_HEADER_VERSION 4
|
||||
|
||||
#define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2)
|
||||
#define KEYMASTER_DEVICE_API_VERSION_0_2 HARDWARE_DEVICE_API_VERSION_2(0, 2, KEYMASTER_HEADER_VERSION)
|
||||
#define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2)
|
||||
#define KEYMASTER_DEVICE_API_VERSION_0_2 \
|
||||
HARDWARE_DEVICE_API_VERSION_2(0, 2, KEYMASTER_HEADER_VERSION)
|
||||
|
||||
#define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3)
|
||||
#define KEYMASTER_DEVICE_API_VERSION_0_3 HARDWARE_DEVICE_API_VERSION_2(0, 3, KEYMASTER_HEADER_VERSION)
|
||||
#define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3)
|
||||
#define KEYMASTER_DEVICE_API_VERSION_0_3 \
|
||||
HARDWARE_DEVICE_API_VERSION_2(0, 3, KEYMASTER_HEADER_VERSION)
|
||||
|
||||
/**
|
||||
* Flags for keymaster_device::flags
|
||||
*/
|
||||
enum {
|
||||
/*
|
||||
* Indicates this keymaster implementation does not have hardware that
|
||||
* keeps private keys out of user space.
|
||||
*
|
||||
* This should not be implemented on anything other than the default
|
||||
* implementation.
|
||||
*/
|
||||
KEYMASTER_SOFTWARE_ONLY = 1 << 0,
|
||||
|
||||
/*
|
||||
* This indicates that the key blobs returned via all the primitives
|
||||
* are sufficient to operate on their own without the trusted OS
|
||||
* querying userspace to retrieve some other data. Key blobs of
|
||||
* this type are normally returned encrypted with a
|
||||
* Key Encryption Key (KEK).
|
||||
*
|
||||
* This is currently used by "vold" to know whether the whole disk
|
||||
* encryption secret can be unwrapped without having some external
|
||||
* service started up beforehand since the "/data" partition will
|
||||
* be unavailable at that point.
|
||||
*/
|
||||
KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1,
|
||||
|
||||
/*
|
||||
* Indicates that the keymaster module supports DSA keys.
|
||||
*/
|
||||
KEYMASTER_SUPPORTS_DSA = 1 << 2,
|
||||
|
||||
/*
|
||||
* Indicates that the keymaster module supports EC keys.
|
||||
*/
|
||||
KEYMASTER_SUPPORTS_EC = 1 << 3,
|
||||
};
|
||||
#define KEYMASTER_MODULE_API_VERSION_0_4 HARDWARE_MODULE_API_VERSION(0, 4)
|
||||
#define KEYMASTER_DEVICE_API_VERSION_0_4 \
|
||||
HARDWARE_DEVICE_API_VERSION_2(0, 4, KEYMASTER_HEADER_VERSION)
|
||||
|
||||
struct keystore_module {
|
||||
/**
|
||||
|
@ -92,82 +61,6 @@ struct keystore_module {
|
|||
hw_module_t common;
|
||||
};
|
||||
|
||||
/**
|
||||
* Asymmetric key pair types.
|
||||
*/
|
||||
typedef enum {
|
||||
TYPE_RSA = 1,
|
||||
TYPE_DSA = 2,
|
||||
TYPE_EC = 3,
|
||||
} keymaster_keypair_t;
|
||||
|
||||
/**
|
||||
* Parameters needed to generate an RSA key.
|
||||
*/
|
||||
typedef struct {
|
||||
uint32_t modulus_size;
|
||||
uint64_t public_exponent;
|
||||
} keymaster_rsa_keygen_params_t;
|
||||
|
||||
/**
|
||||
* Parameters needed to generate a DSA key.
|
||||
*/
|
||||
typedef struct {
|
||||
uint32_t key_size;
|
||||
uint32_t generator_len;
|
||||
uint32_t prime_p_len;
|
||||
uint32_t prime_q_len;
|
||||
const uint8_t* generator;
|
||||
const uint8_t* prime_p;
|
||||
const uint8_t* prime_q;
|
||||
} keymaster_dsa_keygen_params_t;
|
||||
|
||||
/**
|
||||
* Parameters needed to generate an EC key.
|
||||
*
|
||||
* Field size is the only parameter in version 2. The sizes correspond to these required curves:
|
||||
*
|
||||
* 192 = NIST P-192
|
||||
* 224 = NIST P-224
|
||||
* 256 = NIST P-256
|
||||
* 384 = NIST P-384
|
||||
* 521 = NIST P-521
|
||||
*
|
||||
* The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf
|
||||
* in Chapter 4.
|
||||
*/
|
||||
typedef struct {
|
||||
uint32_t field_size;
|
||||
} keymaster_ec_keygen_params_t;
|
||||
|
||||
/**
|
||||
* Digest type.
|
||||
*/
|
||||
typedef enum {
|
||||
DIGEST_NONE,
|
||||
} keymaster_digest_t;
|
||||
|
||||
/**
|
||||
* Type of padding used for RSA operations.
|
||||
*/
|
||||
typedef enum {
|
||||
PADDING_NONE,
|
||||
} keymaster_rsa_padding_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
keymaster_digest_t digest_type;
|
||||
} keymaster_dsa_sign_params_t;
|
||||
|
||||
typedef struct {
|
||||
keymaster_digest_t digest_type;
|
||||
} keymaster_ec_sign_params_t;
|
||||
|
||||
typedef struct {
|
||||
keymaster_digest_t digest_type;
|
||||
keymaster_rsa_padding_t padding_type;
|
||||
} keymaster_rsa_sign_params_t;
|
||||
|
||||
/**
|
||||
* The parameters that can be set for a given keymaster implementation.
|
||||
*/
|
||||
|
@ -194,52 +87,49 @@ struct keymaster_device {
|
|||
void* context;
|
||||
|
||||
/**
|
||||
* Generates a public and private key. The key-blob returned is opaque
|
||||
* and must subsequently provided for signing and verification.
|
||||
* \deprecated Generates a public and private key. The key-blob returned is opaque and must
|
||||
* subsequently provided for signing and verification.
|
||||
*
|
||||
* Returns: 0 on success or an error code less than 0.
|
||||
*/
|
||||
int (*generate_keypair)(const struct keymaster_device* dev,
|
||||
const keymaster_keypair_t key_type, const void* key_params,
|
||||
uint8_t** key_blob, size_t* key_blob_length);
|
||||
int (*generate_keypair)(const struct keymaster_device* dev, const keymaster_keypair_t key_type,
|
||||
const void* key_params, uint8_t** key_blob, size_t* key_blob_length);
|
||||
|
||||
/**
|
||||
* Imports a public and private key pair. The imported keys will be in
|
||||
* PKCS#8 format with DER encoding (Java standard). The key-blob
|
||||
* returned is opaque and will be subsequently provided for signing
|
||||
* and verification.
|
||||
* \deprecated Imports a public and private key pair. The imported keys will be in PKCS#8 format
|
||||
* with DER encoding (Java standard). The key-blob returned is opaque and will be subsequently
|
||||
* provided for signing and verification.
|
||||
*
|
||||
* Returns: 0 on success or an error code less than 0.
|
||||
*/
|
||||
int (*import_keypair)(const struct keymaster_device* dev,
|
||||
const uint8_t* key, const size_t key_length,
|
||||
uint8_t** key_blob, size_t* key_blob_length);
|
||||
int (*import_keypair)(const struct keymaster_device* dev, const uint8_t* key,
|
||||
const size_t key_length, uint8_t** key_blob, size_t* key_blob_length);
|
||||
|
||||
/**
|
||||
* Gets the public key part of a key pair. The public key must be in
|
||||
* X.509 format (Java standard) encoded byte array.
|
||||
* \deprecated Gets the public key part of a key pair. The public key must be in X.509 format
|
||||
* (Java standard) encoded byte array.
|
||||
*
|
||||
* Returns: 0 on success or an error code less than 0.
|
||||
* On error, x509_data should not be allocated.
|
||||
* Returns: 0 on success or an error code less than 0. On error, x509_data
|
||||
* should not be allocated.
|
||||
*/
|
||||
int (*get_keypair_public)(const struct keymaster_device* dev,
|
||||
const uint8_t* key_blob, const size_t key_blob_length,
|
||||
uint8_t** x509_data, size_t* x509_data_length);
|
||||
int (*get_keypair_public)(const struct keymaster_device* dev, const uint8_t* key_blob,
|
||||
const size_t key_blob_length, uint8_t** x509_data,
|
||||
size_t* x509_data_length);
|
||||
|
||||
/**
|
||||
* Deletes the key pair associated with the key blob.
|
||||
* \deprecated Deletes the key pair associated with the key blob.
|
||||
*
|
||||
* This function is optional and should be set to NULL if it is not
|
||||
* implemented.
|
||||
*
|
||||
* Returns 0 on success or an error code less than 0.
|
||||
*/
|
||||
int (*delete_keypair)(const struct keymaster_device* dev,
|
||||
const uint8_t* key_blob, const size_t key_blob_length);
|
||||
int (*delete_keypair)(const struct keymaster_device* dev, const uint8_t* key_blob,
|
||||
const size_t key_blob_length);
|
||||
|
||||
/**
|
||||
* Deletes all keys in the hardware keystore. Used when keystore is
|
||||
* reset completely.
|
||||
* \deprecated Deletes all keys in the hardware keystore. Used when keystore is reset
|
||||
* completely.
|
||||
*
|
||||
* This function is optional and should be set to NULL if it is not
|
||||
* implemented.
|
||||
|
@ -249,45 +139,515 @@ struct keymaster_device {
|
|||
int (*delete_all)(const struct keymaster_device* dev);
|
||||
|
||||
/**
|
||||
* Signs data using a key-blob generated before. This can use either
|
||||
* an asymmetric key or a secret key.
|
||||
* \deprecated Signs data using a key-blob generated before. This can use either an asymmetric
|
||||
* key or a secret key.
|
||||
*
|
||||
* Returns: 0 on success or an error code less than 0.
|
||||
*/
|
||||
int (*sign_data)(const struct keymaster_device* dev,
|
||||
const void* signing_params,
|
||||
const uint8_t* key_blob, const size_t key_blob_length,
|
||||
const uint8_t* data, const size_t data_length,
|
||||
uint8_t** signed_data, size_t* signed_data_length);
|
||||
int (*sign_data)(const struct keymaster_device* dev, const void* signing_params,
|
||||
const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data,
|
||||
const size_t data_length, uint8_t** signed_data, size_t* signed_data_length);
|
||||
|
||||
/**
|
||||
* Verifies data signed with a key-blob. This can use either
|
||||
* an asymmetric key or a secret key.
|
||||
* \deprecated Verifies data signed with a key-blob. This can use either an asymmetric key or a
|
||||
* secret key.
|
||||
*
|
||||
* Returns: 0 on successful verification or an error code less than 0.
|
||||
*/
|
||||
int (*verify_data)(const struct keymaster_device* dev,
|
||||
const void* signing_params,
|
||||
const uint8_t* key_blob, const size_t key_blob_length,
|
||||
const uint8_t* signed_data, const size_t signed_data_length,
|
||||
const uint8_t* signature, const size_t signature_length);
|
||||
int (*verify_data)(const struct keymaster_device* dev, const void* signing_params,
|
||||
const uint8_t* key_blob, const size_t key_blob_length,
|
||||
const uint8_t* signed_data, const size_t signed_data_length,
|
||||
const uint8_t* signature, const size_t signature_length);
|
||||
|
||||
/**
|
||||
* Gets algorithms supported.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[out] algorithms Array of algorithms supported. The caller takes ownership of the
|
||||
* array and must free() it.
|
||||
*
|
||||
* \param[out] algorithms_length Length of \p algorithms.
|
||||
*/
|
||||
keymaster_error_t (*get_supported_algorithms)(const struct keymaster_device* dev,
|
||||
keymaster_algorithm_t** algorithms,
|
||||
size_t* algorithms_length);
|
||||
|
||||
/**
|
||||
* Gets the block modes supported for the specified algorithm.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] algorithm The algorithm for which supported modes will be returned.
|
||||
*
|
||||
* \param[out] modes Array of modes supported. The caller takes ownership of the array and must
|
||||
* free() it.
|
||||
*
|
||||
* \param[out] modes_length Length of \p modes.
|
||||
*/
|
||||
keymaster_error_t (*get_supported_block_modes)(const struct keymaster_device* dev,
|
||||
keymaster_algorithm_t algorithm,
|
||||
keymaster_purpose_t purpose,
|
||||
keymaster_block_mode_t** modes,
|
||||
size_t* modes_length);
|
||||
|
||||
/**
|
||||
* Gets the padding modes supported for the specified algorithm. Caller assumes ownership of
|
||||
* the allocated array.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] algorithm The algorithm for which supported padding modes will be returned.
|
||||
*
|
||||
* \param[out] modes Array of padding modes supported. The caller takes ownership of the array
|
||||
* and must free() it.
|
||||
*
|
||||
* \param[out] modes_length Length of \p modes.
|
||||
*/
|
||||
keymaster_error_t (*get_supported_padding_modes)(const struct keymaster_device* dev,
|
||||
keymaster_algorithm_t algorithm,
|
||||
keymaster_purpose_t purpose,
|
||||
keymaster_padding_t** modes,
|
||||
size_t* modes_length);
|
||||
|
||||
/**
|
||||
* Gets the digests supported for the specified algorithm. Caller assumes ownership of the
|
||||
* allocated array.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] algorithm The algorithm for which supported digests will be returned.
|
||||
*
|
||||
* \param[out] digests Array of digests supported. The caller takes ownership of the array and
|
||||
* must free() it.
|
||||
*
|
||||
* \param[out] digests_length Length of \p digests.
|
||||
*/
|
||||
keymaster_error_t (*get_supported_digests)(const struct keymaster_device* dev,
|
||||
keymaster_algorithm_t algorithm,
|
||||
keymaster_purpose_t purpose,
|
||||
keymaster_digest_t** digests,
|
||||
size_t* digests_length);
|
||||
|
||||
/**
|
||||
* Gets the key import formats supported for keys of the specified algorithm. Caller assumes
|
||||
* ownership of the allocated array.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] algorithm The algorithm for which supported formats will be returned.
|
||||
*
|
||||
* \param[out] formats Array of formats supported. The caller takes ownership of the array and
|
||||
* must free() it.
|
||||
*
|
||||
* \param[out] formats_length Length of \p formats.
|
||||
*/
|
||||
keymaster_error_t (*get_supported_import_formats)(const struct keymaster_device* dev,
|
||||
keymaster_algorithm_t algorithm,
|
||||
keymaster_key_format_t** formats,
|
||||
size_t* formats_length);
|
||||
|
||||
/**
|
||||
* Gets the key export formats supported for keys of the specified algorithm. Caller assumes
|
||||
* ownership of the allocated array.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] algorithm The algorithm for which supported formats will be returned.
|
||||
*
|
||||
* \param[out] formats Array of formats supported. The caller takes ownership of the array and
|
||||
* must free() it.
|
||||
*
|
||||
* \param[out] formats_length Length of \p formats.
|
||||
*/
|
||||
keymaster_error_t (*get_supported_export_formats)(const struct keymaster_device* dev,
|
||||
keymaster_algorithm_t algorithm,
|
||||
keymaster_key_format_t** formats,
|
||||
size_t* formats_length);
|
||||
|
||||
/**
|
||||
* Adds entropy to the RNG used by keymaster. Entropy added through this method is guaranteed
|
||||
* not to be the only source of entropy used, and the mixing function is required to be secure,
|
||||
* in the sense that if the RNG is seeded (from any source) with any data the attacker cannot
|
||||
* predict (or control), then the RNG output is indistinguishable from random. Thus, if the
|
||||
* entropy from any source is good, the output will be good.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] data Random data to be mixed in.
|
||||
*
|
||||
* \param[in] data_length Length of \p data.
|
||||
*/
|
||||
keymaster_error_t (*add_rng_entropy)(const struct keymaster_device* dev, uint8_t* data,
|
||||
size_t data_length);
|
||||
|
||||
/**
|
||||
* Generates a key, or key pair, returning a key blob and/or a description of the key.
|
||||
*
|
||||
* Key generation parameters are defined as keymaster tag/value pairs, provided in \p params.
|
||||
* See keymaster_tag_t for the full list. Some values that are always required for generation
|
||||
* of useful keys are:
|
||||
*
|
||||
* - KM_TAG_ALGORITHM;
|
||||
* - KM_TAG_PURPOSE;
|
||||
* - KM_TAG_USER_ID or KM_TAG_ALL_USERS;
|
||||
* - KM_TAG_USER_AUTH_ID or KM_TAG_NO_AUTH_REQUIRED;
|
||||
* - KM_TAG_APPLICATION_ID or KM_TAG_ALL_APPLICATIONS; and
|
||||
* - KM_TAG_ORIGINATION_EXPIRE_DATETIME
|
||||
*
|
||||
* KM_TAG_AUTH_TIMEOUT should generally be specified unless KM_TAG_NO_AUTH_REQUIRED is present,
|
||||
* or the user will have to authenticate for every use.
|
||||
*
|
||||
* KM_TAG_BLOCK_MODE, KM_TAG_PADDING, KM_TAG_MAC_LENGTH and KM_TAG_DIGEST must be specified for
|
||||
* algorithms that require them.
|
||||
*
|
||||
* The following tags will take default values if unspecified:
|
||||
*
|
||||
* - KM_TAG_KEY_SIZE defaults to a recommended key size for the specified algorithm.
|
||||
*
|
||||
* - KM_TAG_USAGE_EXPIRE_DATETIME defaults to the value of KM_TAG_ORIGINATION_EXPIRE_DATETIME.
|
||||
*
|
||||
* - KM_TAG_ACTIVE_DATETIME will default to the value of KM_TAG_CREATION_DATETIME
|
||||
*
|
||||
* - KM_TAG_ROOT_OF_TRUST will default to the current root of trust.
|
||||
*
|
||||
* - KM_TAG_{RSA|DSA|DH}_* will default to values appropriate for the specified key size.
|
||||
*
|
||||
* The following tags may not be specified; their values will be provided by the implementation.
|
||||
*
|
||||
* - KM_TAG_ORIGIN,
|
||||
*
|
||||
* - KM_TAG_ROLLBACK_RESISTANT,
|
||||
*
|
||||
* - KM_TAG_CREATION_DATETIME,
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] params Array of key generation parameters.
|
||||
*
|
||||
* \param[in] params_count Length of \p params.
|
||||
*
|
||||
* \param[out] key_blob returns the generated key. If \p key_blob is NULL, no key is generated,
|
||||
* but the characteristics of the key that would be generated are returned. The caller assumes
|
||||
* ownership key_blob->key_material and must free() it.
|
||||
*
|
||||
* \param[out] characteristics returns the characteristics of the key that was, or would be,
|
||||
* generated, if non-NULL. The caller assumes ownership, and the object must be freed with
|
||||
* keymaster_free_characteristics(). Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and
|
||||
* KM_TAG_APPLICATION_DATA are never returned.
|
||||
*/
|
||||
keymaster_error_t (*generate_key)(const struct keymaster_device* dev,
|
||||
const keymaster_key_param_t* params, size_t params_count,
|
||||
keymaster_key_blob_t* key_blob,
|
||||
keymaster_key_characteristics_t** characteristics);
|
||||
|
||||
/**
|
||||
* Returns the characteristics of the specified key, or NULL if the key_blob is invalid
|
||||
* (implementations must fully validate the integrity of the key). client_id and app_data must
|
||||
* be the ID and data provided when the key was generated or imported. Those values are not
|
||||
* included in the returned characteristics. Caller assumes ownership of the allocated
|
||||
* characteristics object, which must be deallocated with keymaster_free_characteristics().
|
||||
*
|
||||
* Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA are never
|
||||
* returned.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] key_blob The key to retreive characteristics from.
|
||||
*
|
||||
* \param[in] client_id The client ID data, or NULL if none associated.
|
||||
*
|
||||
* \param[in] app_id The app data, or NULL if none associated.
|
||||
*
|
||||
* \param[out] characteristics The key characteristics.
|
||||
*/
|
||||
keymaster_error_t (*get_key_characteristics)(const struct keymaster_device* dev,
|
||||
const keymaster_key_blob_t* key_blob,
|
||||
const keymaster_blob_t* client_id,
|
||||
const keymaster_blob_t* app_data,
|
||||
keymaster_key_characteristics_t** characteristics);
|
||||
|
||||
/**
|
||||
* Change a key's authorizations.
|
||||
*
|
||||
* Update the authorizations associated with key_blob to the list specified in new_params, which
|
||||
* must contain the complete set of authorizations desired (hw_enforced and sw_enforced). Tags
|
||||
* will be added, removed and/or updated only if the appropriate KM_TAG_RESCOPING_ADD and
|
||||
* KM_TAG_RESCOPING_DEL tags exist in the key's authorizations, otherwise
|
||||
* KM_ERROR_INVALID_RESCOPING will be returned and no changes will be made.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] new_params The new authorization list to be associated with the key.
|
||||
*
|
||||
* \param[in] new_params_count The number of entries in \p new_params.
|
||||
*
|
||||
* \param[in] key_blob The key to update.
|
||||
*
|
||||
* \param[in] client_id The client ID associated with the key, or NULL if none is associated.
|
||||
*
|
||||
* \param[in] app_data The application data associated with the key, or NULL if none is
|
||||
* associated.
|
||||
*
|
||||
* \param[out] rescoped_key_blob The key blob with the updated authorizations, if successful.
|
||||
* The caller assumes ownership of rescoped_key_blob->key_material and must free() it.
|
||||
*
|
||||
* \param[out] characteristics If not null will contain the new key authorizations, divided into
|
||||
* hw_enforced and sw_enforced lists. The caller takes ownership and must call
|
||||
* keymaster_free_characteristics() to free.
|
||||
*/
|
||||
keymaster_error_t (*rescope)(const struct keymaster_device* dev,
|
||||
const keymaster_key_param_t* new_params, size_t new_params_count,
|
||||
const keymaster_key_blob_t* key_blob,
|
||||
const keymaster_blob_t* client_id,
|
||||
const keymaster_blob_t* app_data,
|
||||
const keymaster_key_blob_t* rescoped_key_blob,
|
||||
keymaster_key_characteristics_t** characteristics);
|
||||
|
||||
/**
|
||||
* Imports a key, or key pair, returning a key blob and/or a description of the key.
|
||||
*
|
||||
* Most key import parameters are defined as keymaster tag/value pairs, provided in "params".
|
||||
* See keymaster_tag_t for the full list. Some values that are always required for import of
|
||||
* useful keys are:
|
||||
*
|
||||
* - KM_TAG_PURPOSE;
|
||||
*
|
||||
* - KM_TAG_USER_ID
|
||||
*
|
||||
* - KM_TAG_USER_AUTH_ID;
|
||||
*
|
||||
* - KM_TAG_APPLICATION_ID or KM_TAG_ALL_APPLICATIONS;
|
||||
*
|
||||
* - KM_TAG_PRIVKEY_EXPIRE_DATETIME.
|
||||
*
|
||||
* KM_TAG_AUTH_TIMEOUT should generally be specified. If unspecified, the user will have to
|
||||
* authenticate for every use, unless KM_TAG_USER_AUTH_ID is set to
|
||||
* KM_NO_AUTHENTICATION_REQUIRED.
|
||||
*
|
||||
* The following tags will take default values if unspecified:
|
||||
*
|
||||
* - KM_TAG_PUBKEY_EXPIRE_DATETIME will default to the value for KM_TAG_PRIVKEY_EXPIRE_DATETIME.
|
||||
*
|
||||
* - KM_TAG_ACTIVE_DATETIME will default to the value of KM_TAG_CREATION_DATETIME
|
||||
*
|
||||
* - KM_TAG_ROOT_OF_TRUST will default to the current root of trust.
|
||||
*
|
||||
* The following tags may not be specified; their values will be provided by the implementation.
|
||||
*
|
||||
* - KM_TAG_ORIGIN,
|
||||
*
|
||||
* - KM_TAG_ROLLBACK_RESISTANT,
|
||||
*
|
||||
* - KM_TAG_CREATION_DATETIME,
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] params Parameters defining the imported key.
|
||||
*
|
||||
* \param[in] params_count The number of entries in \p params.
|
||||
*
|
||||
* \param[in] key_format specifies the format of the key data in key_data.
|
||||
*
|
||||
* \param[out] key_blob Used to return the opaque key blob. Must be non-NULL. The caller
|
||||
* assumes ownership of the contained key_material.
|
||||
*
|
||||
* \param[out] characteristics Used to return the characteristics of the imported key. May be
|
||||
* NULL, in which case no characteristics will be returned. If non-NULL, the caller assumes
|
||||
* ownership and must deallocate with keymaster_free_characteristics().
|
||||
*/
|
||||
keymaster_error_t (*import_key)(const struct keymaster_device* dev,
|
||||
const keymaster_key_param_t* params, size_t params_count,
|
||||
keymaster_key_format_t key_format, const uint8_t* key_data,
|
||||
size_t key_data_length, keymaster_key_blob_t* key_blob,
|
||||
keymaster_key_characteristics_t** characteristics);
|
||||
|
||||
/**
|
||||
* Exports a public key, returning a byte array in the specified format.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] export_format The format to be used for exporting the key.
|
||||
*
|
||||
* \param[in] key_to_export The key to export.
|
||||
*
|
||||
* \param[out] export_data The exported key material. The caller assumes ownership.
|
||||
*
|
||||
* \param[out] export_data_length The length of \p export_data.
|
||||
*/
|
||||
keymaster_error_t (*export_key)(const struct keymaster_device* dev,
|
||||
keymaster_key_format_t export_format,
|
||||
const keymaster_key_blob_t* key_to_export,
|
||||
const keymaster_blob_t* client_id,
|
||||
const keymaster_blob_t* app_data, uint8_t** export_data,
|
||||
size_t* export_data_length);
|
||||
|
||||
/**
|
||||
* Deletes the key, or key pair, associated with the key blob. After calling this function it
|
||||
* will be impossible to use the key for any other operations (though rescoped versions may
|
||||
* exist, and if so will be usable). May be applied to keys from foreign roots of trust (keys
|
||||
* not usable under the current root of trust).
|
||||
*
|
||||
* This function is optional and should be set to NULL if it is not implemented.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] key The key to be deleted.
|
||||
*/
|
||||
keymaster_error_t (*delete_key)(const struct keymaster_device* dev,
|
||||
const keymaster_key_blob_t* key);
|
||||
|
||||
/**
|
||||
* Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
|
||||
* calling this function it will be impossible to use any previously generated or imported key
|
||||
* blobs for any operations.
|
||||
*
|
||||
* This function is optional and should be set to NULL if it is not implemented.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* Returns 0 on success or an error code less than 0.
|
||||
*/
|
||||
int (*delete_all_keys)(const struct keymaster_device* dev);
|
||||
|
||||
/**
|
||||
* Begins a cryptographic operation using the specified key. If all is well, begin() will
|
||||
* return KM_ERROR_OK and create an operation handle which must be passed to subsequent calls to
|
||||
* update(), finish() or abort().
|
||||
*
|
||||
* It is critical that each call to begin() be paired with a subsequent call to finish() or
|
||||
* abort(), to allow the keymaster implementation to clean up any internal operation state.
|
||||
* Failure to do this will leak internal state space or other internal resources and will
|
||||
* eventually cause begin() to return KM_ERROR_TOO_MANY_OPERATIONS when it runs out of space for
|
||||
* operations.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] purpose The purpose of the operation, one of KM_PURPOSE_ENCRYPT,
|
||||
* KM_PURPOSE_DECRYPT, KM_PURPOSE_SIGN or KM_PURPOSE_VERIFY. Note that for AEAD modes,
|
||||
* encryption and decryption imply signing and verification, respectively.
|
||||
*
|
||||
* \param[in] key The key to be used for the operation. \p key must have a purpose compatible
|
||||
* with \p purpose and all of its usage requirements must be satisfied, or begin() will return
|
||||
* an appropriate error code.
|
||||
*
|
||||
* \param[in] params Additional parameters for the operation. This is typically used to provide
|
||||
* client ID information, with tags KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA. If the
|
||||
* client information associated with the key is not provided, begin() will fail and return
|
||||
* KM_ERROR_INVALID_KEY_BLOB. Less commonly, \params can be used to provide AEAD additional
|
||||
* data and chunk size with KM_TAG_ADDITIONAL_DATA or KM_TAG_CHUNK_SIZE respectively.
|
||||
*
|
||||
* \param[in] params_count The number of entries in \p params.
|
||||
*
|
||||
* \param[out] out_params Array of output parameters. The caller takes ownership of the output
|
||||
* parametes array and must free it. out_params may be set to NULL if no output parameters are
|
||||
* expected. If NULL, and output paramaters are generated, begin() will return
|
||||
* KM_ERROR_OUTPUT_PARAMETER_NULL.
|
||||
*
|
||||
* \param[out] out_params_count The length of out_params.
|
||||
*
|
||||
* \param[out] operation_handle The newly-created operation handle which must be passed to
|
||||
* update(), finish() or abort().
|
||||
*/
|
||||
keymaster_error_t (*begin)(const struct keymaster_device* dev, keymaster_purpose_t purpose,
|
||||
const keymaster_key_blob_t* key, const keymaster_key_param_t* params,
|
||||
size_t params_count, keymaster_key_param_t** out_params,
|
||||
size_t* out_params_count,
|
||||
keymaster_operation_handle_t* operation_handle);
|
||||
|
||||
/**
|
||||
* Get an estimate of the output that will be generated by calling update() with the specified
|
||||
* number of input bytes, followed by finish(). The estimate may not be exact, but is
|
||||
* guaranteed not to be smaller than sum of the output lengths from update() and finish(). The
|
||||
* estimate takes into account input data already provided.
|
||||
*
|
||||
* \param[in] input_length The number of additional input bytes to be processed.
|
||||
*
|
||||
* \param[out] output_estimate The length of the output that will be produced.
|
||||
*/
|
||||
keymaster_error_t (*get_output_size)(size_t input_length, size_t* output_estimate);
|
||||
|
||||
/**
|
||||
* Provides data to, and possibly receives output from, an ongoing cryptographic operation begun
|
||||
* with begin().
|
||||
*
|
||||
* If operation_handle is invalid, update() will return KM_ERROR_INVALID_OPERATION_HANDLE.
|
||||
*
|
||||
* Not all of the data provided in the data buffer may be consumed. update() will return the
|
||||
* amount consumed in *data_consumed. The caller should provide the unconsumed data in a
|
||||
* subsequent call.
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] operation_handle The operation handle returned by begin().
|
||||
*
|
||||
* \param[in] input Data to be processed, per the parameters established in the call to begin().
|
||||
* Note that update() may or may not consume all of the data provided. See \p data_consumed.
|
||||
*
|
||||
* \param[in] input_length Length of \p input.
|
||||
*
|
||||
* \param[out] input_consumed Amount of data that was consumed by update(). If this is less
|
||||
* than the amount provided, the caller should provide the remainder in a subsequent call to
|
||||
* update().
|
||||
*
|
||||
* \param[out] output The output data, if any. The caller assumes ownership of the allocated
|
||||
* buffer. If output is NULL then NO input data is consumed and no output is produced, but
|
||||
* *output_length is set to an estimate of the size that would have been produced by this
|
||||
* update() and a subsequent finish().
|
||||
*
|
||||
* \param[out] output_length The length of the output buffer.
|
||||
*
|
||||
* Note that update() may not provide any output, in which case *output_length will be zero, and
|
||||
* *output may be either NULL or zero-length (so the caller should always free() it).
|
||||
*/
|
||||
keymaster_error_t (*update)(const struct keymaster_device* dev,
|
||||
keymaster_operation_handle_t operation_handle, const uint8_t* input,
|
||||
size_t input_length, size_t* input_consumed, uint8_t** output,
|
||||
size_t* output_length);
|
||||
|
||||
/**
|
||||
* Finalizes a cryptographic operation begun with begin() and invalidates operation_handle
|
||||
* (except in the insufficient buffer case, detailed below).
|
||||
*
|
||||
* \param[in] dev The keymaster device structure.
|
||||
*
|
||||
* \param[in] operation_handle The operation handle returned by begin(). This handle will be
|
||||
* invalidated.
|
||||
*
|
||||
* \param[in] signature The signature to be verified if the purpose specified in the begin()
|
||||
* call was KM_PURPOSE_VERIFY.
|
||||
*
|
||||
* \param[in] signature_length The length of \p signature.
|
||||
*
|
||||
* \param[out] output The output data, if any. The caller assumes ownership of the allocated
|
||||
* buffer.
|
||||
*
|
||||
* \param[out] output_length The length of the output buffer.
|
||||
*
|
||||
* If the operation being finished is a signature verification or an AEAD-mode decryption and
|
||||
* verification fails then finish() will return KM_ERROR_VERIFICATION_FAILED.
|
||||
*/
|
||||
keymaster_error_t (*finish)(const struct keymaster_device* dev,
|
||||
keymaster_operation_handle_t operation_handle,
|
||||
const uint8_t* signature, size_t signature_length, uint8_t** output,
|
||||
size_t* output_length);
|
||||
|
||||
/**
|
||||
* Aborts a cryptographic operation begun with begin(), freeing all internal resources and
|
||||
* invalidating operation_handle.
|
||||
*/
|
||||
keymaster_error_t (*abort)(const struct keymaster_device* dev,
|
||||
keymaster_operation_handle_t operation_handle);
|
||||
};
|
||||
typedef struct keymaster_device keymaster_device_t;
|
||||
|
||||
|
||||
/* Convenience API for opening and closing keymaster devices */
|
||||
|
||||
static inline int keymaster_open(const struct hw_module_t* module,
|
||||
keymaster_device_t** device)
|
||||
{
|
||||
int rc = module->methods->open(module, KEYSTORE_KEYMASTER,
|
||||
(struct hw_device_t**) device);
|
||||
|
||||
return rc;
|
||||
static inline int keymaster_open(const struct hw_module_t* module, keymaster_device_t** device) {
|
||||
return module->methods->open(module, KEYSTORE_KEYMASTER, (struct hw_device_t**)device);
|
||||
}
|
||||
|
||||
static inline int keymaster_close(keymaster_device_t* device)
|
||||
{
|
||||
static inline int keymaster_close(keymaster_device_t* device) {
|
||||
return device->common.close(&device->common);
|
||||
}
|
||||
|
||||
|
|
614
include/hardware/keymaster_defs.h
Normal file
614
include/hardware/keymaster_defs.h
Normal file
|
@ -0,0 +1,614 @@
|
|||
/*
|
||||
* Copyright (C) 2014 The Android Open Source Project
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#ifndef ANDROID_HARDWARE_KEYMASTER_DEFS_H
|
||||
#define ANDROID_HARDWARE_KEYMASTER_DEFS_H
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#if defined(__cplusplus)
|
||||
extern "C" {
|
||||
#endif // defined(__cplusplus)
|
||||
|
||||
/*!
|
||||
* \deprecated Flags for keymaster_device::flags
|
||||
*
|
||||
* keymaster_device::flags is deprecated and will be removed in the
|
||||
* next version of the API in favor of the more detailed information
|
||||
* available from TODO:
|
||||
*/
|
||||
enum {
|
||||
/*
|
||||
* Indicates this keymaster implementation does not have hardware that
|
||||
* keeps private keys out of user space.
|
||||
*
|
||||
* This should not be implemented on anything other than the default
|
||||
* implementation.
|
||||
*/
|
||||
KEYMASTER_SOFTWARE_ONLY = 1 << 0,
|
||||
|
||||
/*
|
||||
* This indicates that the key blobs returned via all the primitives
|
||||
* are sufficient to operate on their own without the trusted OS
|
||||
* querying userspace to retrieve some other data. Key blobs of
|
||||
* this type are normally returned encrypted with a
|
||||
* Key Encryption Key (KEK).
|
||||
*
|
||||
* This is currently used by "vold" to know whether the whole disk
|
||||
* encryption secret can be unwrapped without having some external
|
||||
* service started up beforehand since the "/data" partition will
|
||||
* be unavailable at that point.
|
||||
*/
|
||||
KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1,
|
||||
|
||||
/*
|
||||
* Indicates that the keymaster module supports DSA keys.
|
||||
*/
|
||||
KEYMASTER_SUPPORTS_DSA = 1 << 2,
|
||||
|
||||
/*
|
||||
* Indicates that the keymaster module supports EC keys.
|
||||
*/
|
||||
KEYMASTER_SUPPORTS_EC = 1 << 3,
|
||||
};
|
||||
|
||||
/**
|
||||
* \deprecated Asymmetric key pair types.
|
||||
*/
|
||||
typedef enum {
|
||||
TYPE_RSA = 1,
|
||||
TYPE_DSA = 2,
|
||||
TYPE_EC = 3,
|
||||
} keymaster_keypair_t;
|
||||
|
||||
/**
|
||||
* Authorization tags each have an associated type. This enumeration facilitates tagging each with
|
||||
* a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to
|
||||
* 16 data types. These values are ORed with tag IDs to generate the final tag ID values.
|
||||
*/
|
||||
typedef enum {
|
||||
KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */
|
||||
KM_ENUM = 1 << 28,
|
||||
KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */
|
||||
KM_INT = 3 << 28,
|
||||
KM_INT_REP = 4 << 28, /* Repeatable integer value */
|
||||
KM_LONG = 5 << 28,
|
||||
KM_DATE = 6 << 28,
|
||||
KM_BOOL = 7 << 28,
|
||||
KM_BIGNUM = 8 << 28,
|
||||
KM_BYTES = 9 << 28,
|
||||
} keymaster_tag_type_t;
|
||||
|
||||
typedef enum {
|
||||
KM_TAG_INVALID = KM_INVALID | 0,
|
||||
|
||||
/*
|
||||
* Tags that must be semantically enforced by hardware and software implementations.
|
||||
*/
|
||||
|
||||
/* Crypto parameters */
|
||||
KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */
|
||||
KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */
|
||||
KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */
|
||||
KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */
|
||||
KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */
|
||||
KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC length in bits. */
|
||||
KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */
|
||||
KM_TAG_CHUNK_LENGTH = KM_INT | 8, /* AEAD mode minimum decryption chunk size, in bytes. */
|
||||
KM_TAG_NONCE = KM_BYTES | 9, /* Nonce or Initialization Vector */
|
||||
|
||||
/* Other hardware-enforced. */
|
||||
KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */
|
||||
KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102, /* Tags authorized for removal via rescoping. */
|
||||
KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705, /* keymaster_key_blob_usage_requirements_t */
|
||||
|
||||
/* Algorithm-specific. */
|
||||
KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */
|
||||
KM_TAG_DSA_GENERATOR = KM_BIGNUM | 201,
|
||||
KM_TAG_DSA_P = KM_BIGNUM | 202,
|
||||
KM_TAG_DSA_Q = KM_BIGNUM | 203,
|
||||
/* Note there are no EC-specific params. Field size is defined by KM_TAG_KEY_SIZE, and the
|
||||
curve is chosen from NIST recommendations for field size */
|
||||
|
||||
/*
|
||||
* Tags that should be semantically enforced by hardware if possible and will otherwise be
|
||||
* enforced by software (keystore).
|
||||
*/
|
||||
|
||||
/* Key validity period */
|
||||
KM_TAG_ACTIVE_DATETIME = KM_DATE | 400, /* Start of validity */
|
||||
KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401, /* Date when new "messages" should no
|
||||
longer be created. */
|
||||
KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402, /* Date when existing "messages" should no
|
||||
longer be trusted. */
|
||||
KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403, /* Minimum elapsed time between
|
||||
cryptographic operations with the key. */
|
||||
KM_TAG_SINGLE_USE_PER_BOOT = KM_BOOL | 404, /* If true, the key can only be used once
|
||||
per boot. */
|
||||
|
||||
/* User authentication */
|
||||
KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */
|
||||
KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if KM_TAG_ALL_USERS is
|
||||
present. */
|
||||
KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 502, /* If key is usable without authentication. */
|
||||
KM_TAG_USER_AUTH_ID = KM_INT_REP | 503, /* ID of the authenticator to use (e.g. password,
|
||||
fingerprint, etc.). Repeatable to support
|
||||
multi-factor auth. Disallowed if
|
||||
KM_TAG_NO_AUTH_REQUIRED is present. */
|
||||
KM_TAG_AUTH_TIMEOUT = KM_INT | 504, /* Required freshness of user authentication for
|
||||
private/secret key operations, in seconds.
|
||||
Public key operations require no authentication.
|
||||
If absent, authentication is required for every
|
||||
use. Authentication state is lost when the
|
||||
device is powered off. */
|
||||
KM_TAG_RESCOPE_AUTH_TIMEOUT = KM_INT | 505, /* Required freshness of user authentication for key
|
||||
rescoping operations, in seconds. Public key
|
||||
operations require no authentication. If absent,
|
||||
authentication required for every rescoping. */
|
||||
|
||||
/* Application access control */
|
||||
KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* If key is usable by all applications. */
|
||||
KM_TAG_APPLICATION_ID = KM_BYTES | 601, /* ID of authorized application. Disallowed if
|
||||
KM_TAG_ALL_APPLICATIONS is present. */
|
||||
|
||||
/*
|
||||
* Semantically unenforceable tags, either because they have no specific meaning or because
|
||||
* they're informational only.
|
||||
*/
|
||||
KM_TAG_APPLICATION_DATA = KM_BYTES | 700, /* Data provided by authorized application. */
|
||||
KM_TAG_CREATION_DATETIME = KM_DATE | 701, /* Key creation time */
|
||||
KM_TAG_ORIGIN = KM_ENUM | 702, /* keymaster_key_origin_t. */
|
||||
KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703, /* Whether key is rollback-resistant. */
|
||||
KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704, /* Root of trust ID. Empty array means usable by all
|
||||
roots. */
|
||||
|
||||
/* Tags used only to provide data to operations */
|
||||
KM_TAG_ADDITIONAL_DATA = KM_BYTES | 1000, /* Used to provide additional data for AEAD modes. */
|
||||
} keymaster_tag_t;
|
||||
|
||||
/**
|
||||
* Algorithms that may be provided by keymaster implementations. Those that must be provided by all
|
||||
* implementations are tagged as "required". Note that where the values in this enumeration overlap
|
||||
* with the values for the deprecated keymaster_keypair_t, the same algorithm must be
|
||||
* specified. This type is new in 0_4 and replaces the deprecated keymaster_keypair_t.
|
||||
*/
|
||||
typedef enum {
|
||||
/* Asymmetric algorithms. */
|
||||
KM_ALGORITHM_RSA = 1, /* required */
|
||||
KM_ALGORITHM_DSA = 2, /* required */
|
||||
KM_ALGORITHM_ECDSA = 3, /* required */
|
||||
KM_ALGORITHM_ECIES = 4,
|
||||
/* FIPS Approved Ciphers */
|
||||
KM_ALGORITHM_AES = 32, /* required */
|
||||
KM_ALGORITHM_3DES = 33,
|
||||
KM_ALGORITHM_SKIPJACK = 34,
|
||||
/* AES Finalists */
|
||||
KM_ALGORITHM_MARS = 48,
|
||||
KM_ALGORITHM_RC6 = 49,
|
||||
KM_ALGORITHM_SERPENT = 50,
|
||||
KM_ALGORITHM_TWOFISH = 51,
|
||||
/* Other common block ciphers */
|
||||
KM_ALGORITHM_IDEA = 52,
|
||||
KM_ALGORITHM_RC5 = 53,
|
||||
KM_ALGORITHM_CAST5 = 54,
|
||||
KM_ALGORITHM_BLOWFISH = 55,
|
||||
/* Common stream ciphers */
|
||||
KM_ALGORITHM_RC4 = 64,
|
||||
KM_ALGORITHM_CHACHA20 = 65,
|
||||
/* MAC algorithms */
|
||||
KM_ALGORITHM_HMAC = 128, /* required */
|
||||
} keymaster_algorithm_t;
|
||||
|
||||
/**
|
||||
* Symmetric block cipher modes that may be provided by keymaster implementations. Those that must
|
||||
* be provided by all implementations are tagged as "required". This type is new in 0_4.
|
||||
*
|
||||
* KM_MODE_FIRST_UNAUTHENTICATED, KM_MODE_FIRST_AUTHENTICATED and KM_MODE_FIRST_MAC are not modes,
|
||||
* but markers used to separate the available modes into classes.
|
||||
*/
|
||||
typedef enum {
|
||||
/* Unauthenticated modes, usable only for encryption/decryption and not generally recommended
|
||||
* except for compatibility with existing other protocols. */
|
||||
KM_MODE_FIRST_UNAUTHENTICATED = 1,
|
||||
KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, /* required */
|
||||
KM_MODE_CBC = 2, /* required */
|
||||
KM_MODE_CBC_CTS = 3, /* recommended */
|
||||
KM_MODE_CTR = 4, /* recommended */
|
||||
KM_MODE_OFB = 5,
|
||||
KM_MODE_CFB = 6,
|
||||
KM_MODE_XTS = 7, /* Note: requires double-length keys */
|
||||
/* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended
|
||||
* over unauthenticated modes for all purposes. One of KM_MODE_GCM and KM_MODE_OCB is
|
||||
* required. */
|
||||
KM_MODE_FIRST_AUTHENTICATED = 32,
|
||||
KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED,
|
||||
KM_MODE_OCB = 33,
|
||||
KM_MODE_CCM = 34,
|
||||
/* MAC modes -- only for signing/verification */
|
||||
KM_MODE_FIRST_MAC = 128,
|
||||
KM_MODE_CMAC = KM_MODE_FIRST_MAC,
|
||||
KM_MODE_POLY1305 = 129,
|
||||
} keymaster_block_mode_t;
|
||||
|
||||
/**
|
||||
* Padding modes that may be applied to plaintext for encryption operations. This list includes
|
||||
* padding modes for both symmetric and asymmetric algorithms. Note that implementations should not
|
||||
* provide all possible combinations of algorithm and padding, only the
|
||||
* cryptographically-appropriate pairs.
|
||||
*/
|
||||
typedef enum {
|
||||
KM_PAD_NONE = 1, /* required, deprecated */
|
||||
KM_PAD_RSA_OAEP = 2, /* required */
|
||||
KM_PAD_RSA_PSS = 3, /* required */
|
||||
KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4,
|
||||
KM_PAD_RSA_PKCS1_1_5_SIGN = 5,
|
||||
KM_PAD_ANSI_X923 = 32,
|
||||
KM_PAD_ISO_10126 = 33,
|
||||
KM_PAD_ZERO = 64, /* required */
|
||||
KM_PAD_PKCS7 = 65, /* required */
|
||||
KM_PAD_ISO_7816_4 = 66,
|
||||
} keymaster_padding_t;
|
||||
|
||||
/**
|
||||
* Digests that may be provided by keymaster implementations. Those that must be provided by all
|
||||
* implementations are tagged as "required". Those that have been added since version 0_2 of the
|
||||
* API are tagged as "new".
|
||||
*/
|
||||
typedef enum {
|
||||
KM_DIGEST_NONE = 0, /* new, required */
|
||||
DIGEST_NONE = KM_DIGEST_NONE, /* For 0_2 compatibility */
|
||||
KM_DIGEST_MD5 = 1, /* new, for compatibility with old protocols only */
|
||||
KM_DIGEST_SHA1 = 2, /* new */
|
||||
KM_DIGEST_SHA_2_224 = 3, /* new */
|
||||
KM_DIGEST_SHA_2_256 = 4, /* new, required */
|
||||
KM_DIGEST_SHA_2_384 = 5, /* new, recommended */
|
||||
KM_DIGEST_SHA_2_512 = 6, /* new, recommended */
|
||||
KM_DIGEST_SHA_3_256 = 7, /* new */
|
||||
KM_DIGEST_SHA_3_384 = 8, /* new */
|
||||
KM_DIGEST_SHA_3_512 = 9, /* new */
|
||||
} keymaster_digest_t;
|
||||
|
||||
/**
|
||||
* The origin of a key (or pair), i.e. where it was generated. Origin and can be used together to
|
||||
* determine whether a key may have existed outside of secure hardware. This type is new in 0_4.
|
||||
*/
|
||||
typedef enum {
|
||||
KM_ORIGIN_HARDWARE = 0, /* Generated in secure hardware */
|
||||
KM_ORIGIN_SOFTWARE = 1, /* Generated in non-secure software */
|
||||
KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */
|
||||
} keymaster_key_origin_t;
|
||||
|
||||
/**
|
||||
* Usability requirements of key blobs. This defines what system functionality must be available
|
||||
* for the key to function. For example, key "blobs" which are actually handles referencing
|
||||
* encrypted key material stored in the file system cannot be used until the file system is
|
||||
* available, and should have BLOB_REQUIRES_FILE_SYSTEM. Other requirements entries will be added
|
||||
* as needed for implementations. This type is new in 0_4.
|
||||
*/
|
||||
typedef enum {
|
||||
KM_BLOB_STANDALONE = 0,
|
||||
KM_BLOB_REQUIRES_FILE_SYSTEM = 1,
|
||||
} keymaster_key_blob_usage_requirements_t;
|
||||
|
||||
/**
|
||||
* Possible purposes of a key (or pair). This type is new in 0_4.
|
||||
*/
|
||||
typedef enum {
|
||||
KM_PURPOSE_ENCRYPT = 0,
|
||||
KM_PURPOSE_DECRYPT = 1,
|
||||
KM_PURPOSE_SIGN = 2,
|
||||
KM_PURPOSE_VERIFY = 3,
|
||||
} keymaster_purpose_t;
|
||||
|
||||
typedef struct {
|
||||
const uint8_t* data;
|
||||
size_t data_length;
|
||||
} keymaster_blob_t;
|
||||
|
||||
typedef struct {
|
||||
keymaster_tag_t tag;
|
||||
union {
|
||||
uint32_t enumerated; /* KM_ENUM and KM_ENUM_REP */
|
||||
bool boolean; /* KM_BOOL */
|
||||
uint32_t integer; /* KM_INT and KM_INT_REP */
|
||||
uint64_t long_integer; /* KM_LONG */
|
||||
uint64_t date_time; /* KM_DATE */
|
||||
keymaster_blob_t blob; /* KM_BIGNUM and KM_BYTES*/
|
||||
};
|
||||
} keymaster_key_param_t;
|
||||
|
||||
typedef struct {
|
||||
keymaster_key_param_t* params; /* may be NULL if length == 0 */
|
||||
size_t length;
|
||||
} keymaster_key_param_set_t;
|
||||
|
||||
/**
|
||||
* Parameters that define a key's characteristics, including authorized modes of usage and access
|
||||
* control restrictions. The parameters are divided into two categories, those that are enforced by
|
||||
* secure hardware, and those that are not. For a software-only keymaster implementation the
|
||||
* enforced array must NULL. Hardware implementations must enforce everything in the enforced
|
||||
* array.
|
||||
*/
|
||||
typedef struct {
|
||||
keymaster_key_param_set_t hw_enforced;
|
||||
keymaster_key_param_set_t sw_enforced;
|
||||
} keymaster_key_characteristics_t;
|
||||
|
||||
typedef struct {
|
||||
const uint8_t* key_material;
|
||||
size_t key_material_size;
|
||||
} keymaster_key_blob_t;
|
||||
|
||||
/**
|
||||
* Formats for key import and export. At present, only asymmetric key import/export is supported.
|
||||
* In the future this list will expand greatly to accommodate asymmetric key import/export.
|
||||
*/
|
||||
typedef enum {
|
||||
KM_KEY_FORMAT_X509, /* for public key export, required */
|
||||
KM_KEY_FORMAT_PKCS8, /* for asymmetric key pair import, required */
|
||||
KM_KEY_FORMAT_PKCS12, /* for asymmetric key pair import, not required */
|
||||
} keymaster_key_format_t;
|
||||
|
||||
/**
|
||||
* The keymaster operation API consists of begin, update, finish and abort. This is the type of the
|
||||
* handle used to tie the sequence of calls together. A 64-bit value is used because it's important
|
||||
* that handles not be predictable. Implementations must use strong random numbers for handle
|
||||
* values.
|
||||
*/
|
||||
typedef uint64_t keymaster_operation_handle_t;
|
||||
|
||||
typedef enum {
|
||||
KM_ERROR_OK = 0,
|
||||
KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1,
|
||||
KM_ERROR_UNSUPPORTED_PURPOSE = -2,
|
||||
KM_ERROR_INCOMPATIBLE_PURPOSE = -3,
|
||||
KM_ERROR_UNSUPPORTED_ALGORITHM = -4,
|
||||
KM_ERROR_INCOMPATIBLE_ALGORITHM = -5,
|
||||
KM_ERROR_UNSUPPORTED_KEY_SIZE = -6,
|
||||
KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7,
|
||||
KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8,
|
||||
KM_ERROR_UNSUPPORTED_TAG_LENGTH = -9,
|
||||
KM_ERROR_UNSUPPORTED_PADDING_MODE = -10,
|
||||
KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11,
|
||||
KM_ERROR_UNSUPPORTED_DIGEST = -12,
|
||||
KM_ERROR_INCOMPATIBLE_DIGEST = -13,
|
||||
KM_ERROR_INVALID_EXPIRATION_TIME = -14,
|
||||
KM_ERROR_INVALID_USER_ID = -15,
|
||||
KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16,
|
||||
KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17,
|
||||
KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18,
|
||||
KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19, /* For PKCS8 & PKCS12 */
|
||||
KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */
|
||||
KM_ERROR_INVALID_INPUT_LENGTH = -21,
|
||||
KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22,
|
||||
KM_ERROR_DELEGATION_NOT_ALLOWED = -23,
|
||||
KM_ERROR_KEY_NOT_YET_VALID = -24,
|
||||
KM_ERROR_KEY_EXPIRED = -25,
|
||||
KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26,
|
||||
KM_ERROR_OUTPUT_PARAMETER_NULL = -27,
|
||||
KM_ERROR_INVALID_OPERATION_HANDLE = -28,
|
||||
KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29,
|
||||
KM_ERROR_VERIFICATION_FAILED = -30,
|
||||
KM_ERROR_TOO_MANY_OPERATIONS = -31,
|
||||
KM_ERROR_UNEXPECTED_NULL_POINTER = -32,
|
||||
KM_ERROR_INVALID_KEY_BLOB = -33,
|
||||
KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34,
|
||||
KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35,
|
||||
KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36,
|
||||
KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37,
|
||||
KM_ERROR_INVALID_ARGUMENT = -38,
|
||||
KM_ERROR_UNSUPPORTED_TAG = -39,
|
||||
KM_ERROR_INVALID_TAG = -40,
|
||||
KM_ERROR_MEMORY_ALLOCATION_FAILED = -41,
|
||||
KM_ERROR_INVALID_RESCOPING = -42,
|
||||
KM_ERROR_INVALID_DSA_PARAMS = -43,
|
||||
KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44,
|
||||
KM_ERROR_SECURE_HW_ACCESS_DENIED = -45,
|
||||
KM_ERROR_OPERATION_CANCELLED = -46,
|
||||
KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47,
|
||||
KM_ERROR_SECURE_HW_BUSY = -48,
|
||||
KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49,
|
||||
KM_ERROR_UNSUPPORTED_EC_FIELD = -50,
|
||||
KM_ERROR_UNIMPLEMENTED = -100,
|
||||
KM_ERROR_VERSION_MISMATCH = -101,
|
||||
|
||||
/* Additional error codes may be added by implementations, but implementers should coordinate
|
||||
* with Google to avoid code collision. */
|
||||
KM_ERROR_UNKNOWN_ERROR = -1000,
|
||||
} keymaster_error_t;
|
||||
|
||||
/**
|
||||
* \deprecated Parameters needed to generate an RSA key.
|
||||
*/
|
||||
typedef struct {
|
||||
uint32_t modulus_size; /* bits */
|
||||
uint64_t public_exponent;
|
||||
} keymaster_rsa_keygen_params_t;
|
||||
|
||||
/**
|
||||
* \deprecated Parameters needed to generate a DSA key.
|
||||
*/
|
||||
typedef struct {
|
||||
uint32_t key_size; /* bits */
|
||||
uint32_t generator_len;
|
||||
uint32_t prime_p_len;
|
||||
uint32_t prime_q_len;
|
||||
const uint8_t* generator;
|
||||
const uint8_t* prime_p;
|
||||
const uint8_t* prime_q;
|
||||
} keymaster_dsa_keygen_params_t;
|
||||
|
||||
/**
|
||||
* \deprecated Parameters needed to generate an EC key.
|
||||
*
|
||||
* Field size is the only parameter in version 4. The sizes correspond to these required curves:
|
||||
*
|
||||
* 192 = NIST P-192
|
||||
* 224 = NIST P-224
|
||||
* 256 = NIST P-256
|
||||
* 384 = NIST P-384
|
||||
* 521 = NIST P-521
|
||||
*
|
||||
* The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf
|
||||
* in Chapter 4.
|
||||
*/
|
||||
typedef struct { uint32_t field_size; /* bits */ } keymaster_ec_keygen_params_t;
|
||||
|
||||
/**
|
||||
* \deprecated Type of padding used for RSA operations.
|
||||
*/
|
||||
typedef enum {
|
||||
PADDING_NONE,
|
||||
} keymaster_rsa_padding_t;
|
||||
|
||||
/**
|
||||
* \deprecated
|
||||
*/
|
||||
typedef struct { keymaster_digest_t digest_type; } keymaster_dsa_sign_params_t;
|
||||
|
||||
/**
|
||||
* \deprecated
|
||||
*/
|
||||
typedef struct { keymaster_digest_t digest_type; } keymaster_ec_sign_params_t;
|
||||
|
||||
/**
|
||||
*\deprecated
|
||||
*/
|
||||
typedef struct {
|
||||
keymaster_digest_t digest_type;
|
||||
keymaster_rsa_padding_t padding_type;
|
||||
} keymaster_rsa_sign_params_t;
|
||||
|
||||
/* Convenience functions for manipulating keymaster tag types */
|
||||
|
||||
static inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) {
|
||||
return (keymaster_tag_type_t)(tag & (0xF << 28));
|
||||
}
|
||||
|
||||
static inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) {
|
||||
return tag & 0x0FFFFFFF;
|
||||
}
|
||||
|
||||
static inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) {
|
||||
switch (type) {
|
||||
case KM_INT_REP:
|
||||
case KM_ENUM_REP:
|
||||
return true;
|
||||
default:
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
static inline bool keymaster_tag_repeatable(keymaster_tag_t tag) {
|
||||
return keymaster_tag_type_repeatable(keymaster_tag_get_type(tag));
|
||||
}
|
||||
|
||||
/* Convenience functions for manipulating keymaster_key_param_t structs */
|
||||
|
||||
inline keymaster_key_param_t keymaster_param_enum(keymaster_tag_t tag, uint32_t value) {
|
||||
// assert(keymaster_tag_get_type(tag) == KM_ENUM || keymaster_tag_get_type(tag) == KM_ENUM_REP);
|
||||
keymaster_key_param_t param;
|
||||
memset(¶m, 0, sizeof(param));
|
||||
param.tag = tag;
|
||||
param.enumerated = value;
|
||||
return param;
|
||||
}
|
||||
|
||||
inline keymaster_key_param_t keymaster_param_int(keymaster_tag_t tag, uint32_t value) {
|
||||
// assert(keymaster_tag_get_type(tag) == KM_INT || keymaster_tag_get_type(tag) == KM_INT_REP);
|
||||
keymaster_key_param_t param;
|
||||
memset(¶m, 0, sizeof(param));
|
||||
param.tag = tag;
|
||||
param.integer = value;
|
||||
return param;
|
||||
}
|
||||
|
||||
inline keymaster_key_param_t keymaster_param_long(keymaster_tag_t tag, uint64_t value) {
|
||||
// assert(keymaster_tag_get_type(tag) == KM_LONG);
|
||||
keymaster_key_param_t param;
|
||||
memset(¶m, 0, sizeof(param));
|
||||
param.tag = tag;
|
||||
param.long_integer = value;
|
||||
return param;
|
||||
}
|
||||
|
||||
inline keymaster_key_param_t keymaster_param_blob(keymaster_tag_t tag, const uint8_t* bytes,
|
||||
size_t bytes_len) {
|
||||
// assert(keymaster_tag_get_type(tag) == KM_BYTES || keymaster_tag_get_type(tag) == KM_BIGNUM);
|
||||
keymaster_key_param_t param;
|
||||
memset(¶m, 0, sizeof(param));
|
||||
param.tag = tag;
|
||||
param.blob.data = (uint8_t*)bytes;
|
||||
param.blob.data_length = bytes_len;
|
||||
return param;
|
||||
}
|
||||
|
||||
inline keymaster_key_param_t keymaster_param_bool(keymaster_tag_t tag) {
|
||||
// assert(keymaster_tag_get_type(tag) == KM_BOOL);
|
||||
keymaster_key_param_t param;
|
||||
memset(¶m, 0, sizeof(param));
|
||||
param.tag = tag;
|
||||
param.boolean = true;
|
||||
return param;
|
||||
}
|
||||
|
||||
inline keymaster_key_param_t keymaster_param_date(keymaster_tag_t tag, uint64_t value) {
|
||||
// assert(keymaster_tag_get_type(tag) == KM_DATE);
|
||||
keymaster_key_param_t param;
|
||||
memset(¶m, 0, sizeof(param));
|
||||
param.tag = tag;
|
||||
param.date_time = value;
|
||||
return param;
|
||||
}
|
||||
|
||||
inline void keymaster_free_param_values(keymaster_key_param_t* param, size_t param_count) {
|
||||
while (param_count-- > 0) {
|
||||
switch (keymaster_tag_get_type(param->tag)) {
|
||||
case KM_BIGNUM:
|
||||
case KM_BYTES:
|
||||
free((void*)param->blob.data);
|
||||
param->blob.data = NULL;
|
||||
break;
|
||||
default:
|
||||
// NOP
|
||||
break;
|
||||
}
|
||||
++param;
|
||||
}
|
||||
}
|
||||
|
||||
inline void keymaster_free_param_set(keymaster_key_param_set_t* set) {
|
||||
if (set) {
|
||||
keymaster_free_param_values(set->params, set->length);
|
||||
free(set->params);
|
||||
set->params = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
inline void keymaster_free_characteristics(keymaster_key_characteristics_t* characteristics) {
|
||||
if (characteristics) {
|
||||
keymaster_free_param_set(&characteristics->hw_enforced);
|
||||
keymaster_free_param_set(&characteristics->sw_enforced);
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(__cplusplus)
|
||||
} // extern "C"
|
||||
#endif // defined(__cplusplus)
|
||||
|
||||
#endif // ANDROID_HARDWARE_KEYMASTER_DEFS_H
|
Loading…
Reference in a new issue