diff --git a/include/hardware/keymaster.h b/include/hardware/keymaster.h index 8c5ff14d..a6200a54 100644 --- a/include/hardware/keymaster.h +++ b/include/hardware/keymaster.h @@ -22,6 +22,7 @@ #include #include +#include __BEGIN_DECLS @@ -36,51 +37,19 @@ __BEGIN_DECLS * Settings for "module_api_version" and "hal_api_version" * fields in the keymaster_module initialization. */ -#define KEYMASTER_HEADER_VERSION 3 +#define KEYMASTER_HEADER_VERSION 4 -#define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2) -#define KEYMASTER_DEVICE_API_VERSION_0_2 HARDWARE_DEVICE_API_VERSION_2(0, 2, KEYMASTER_HEADER_VERSION) +#define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2) +#define KEYMASTER_DEVICE_API_VERSION_0_2 \ + HARDWARE_DEVICE_API_VERSION_2(0, 2, KEYMASTER_HEADER_VERSION) -#define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3) -#define KEYMASTER_DEVICE_API_VERSION_0_3 HARDWARE_DEVICE_API_VERSION_2(0, 3, KEYMASTER_HEADER_VERSION) +#define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3) +#define KEYMASTER_DEVICE_API_VERSION_0_3 \ + HARDWARE_DEVICE_API_VERSION_2(0, 3, KEYMASTER_HEADER_VERSION) -/** - * Flags for keymaster_device::flags - */ -enum { - /* - * Indicates this keymaster implementation does not have hardware that - * keeps private keys out of user space. - * - * This should not be implemented on anything other than the default - * implementation. - */ - KEYMASTER_SOFTWARE_ONLY = 1 << 0, - - /* - * This indicates that the key blobs returned via all the primitives - * are sufficient to operate on their own without the trusted OS - * querying userspace to retrieve some other data. Key blobs of - * this type are normally returned encrypted with a - * Key Encryption Key (KEK). - * - * This is currently used by "vold" to know whether the whole disk - * encryption secret can be unwrapped without having some external - * service started up beforehand since the "/data" partition will - * be unavailable at that point. - */ - KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1, - - /* - * Indicates that the keymaster module supports DSA keys. - */ - KEYMASTER_SUPPORTS_DSA = 1 << 2, - - /* - * Indicates that the keymaster module supports EC keys. - */ - KEYMASTER_SUPPORTS_EC = 1 << 3, -}; +#define KEYMASTER_MODULE_API_VERSION_0_4 HARDWARE_MODULE_API_VERSION(0, 4) +#define KEYMASTER_DEVICE_API_VERSION_0_4 \ + HARDWARE_DEVICE_API_VERSION_2(0, 4, KEYMASTER_HEADER_VERSION) struct keystore_module { /** @@ -92,82 +61,6 @@ struct keystore_module { hw_module_t common; }; -/** - * Asymmetric key pair types. - */ -typedef enum { - TYPE_RSA = 1, - TYPE_DSA = 2, - TYPE_EC = 3, -} keymaster_keypair_t; - -/** - * Parameters needed to generate an RSA key. - */ -typedef struct { - uint32_t modulus_size; - uint64_t public_exponent; -} keymaster_rsa_keygen_params_t; - -/** - * Parameters needed to generate a DSA key. - */ -typedef struct { - uint32_t key_size; - uint32_t generator_len; - uint32_t prime_p_len; - uint32_t prime_q_len; - const uint8_t* generator; - const uint8_t* prime_p; - const uint8_t* prime_q; -} keymaster_dsa_keygen_params_t; - -/** - * Parameters needed to generate an EC key. - * - * Field size is the only parameter in version 2. The sizes correspond to these required curves: - * - * 192 = NIST P-192 - * 224 = NIST P-224 - * 256 = NIST P-256 - * 384 = NIST P-384 - * 521 = NIST P-521 - * - * The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf - * in Chapter 4. - */ -typedef struct { - uint32_t field_size; -} keymaster_ec_keygen_params_t; - -/** - * Digest type. - */ -typedef enum { - DIGEST_NONE, -} keymaster_digest_t; - -/** - * Type of padding used for RSA operations. - */ -typedef enum { - PADDING_NONE, -} keymaster_rsa_padding_t; - - -typedef struct { - keymaster_digest_t digest_type; -} keymaster_dsa_sign_params_t; - -typedef struct { - keymaster_digest_t digest_type; -} keymaster_ec_sign_params_t; - -typedef struct { - keymaster_digest_t digest_type; - keymaster_rsa_padding_t padding_type; -} keymaster_rsa_sign_params_t; - /** * The parameters that can be set for a given keymaster implementation. */ @@ -194,52 +87,49 @@ struct keymaster_device { void* context; /** - * Generates a public and private key. The key-blob returned is opaque - * and must subsequently provided for signing and verification. + * \deprecated Generates a public and private key. The key-blob returned is opaque and must + * subsequently provided for signing and verification. * * Returns: 0 on success or an error code less than 0. */ - int (*generate_keypair)(const struct keymaster_device* dev, - const keymaster_keypair_t key_type, const void* key_params, - uint8_t** key_blob, size_t* key_blob_length); + int (*generate_keypair)(const struct keymaster_device* dev, const keymaster_keypair_t key_type, + const void* key_params, uint8_t** key_blob, size_t* key_blob_length); /** - * Imports a public and private key pair. The imported keys will be in - * PKCS#8 format with DER encoding (Java standard). The key-blob - * returned is opaque and will be subsequently provided for signing - * and verification. + * \deprecated Imports a public and private key pair. The imported keys will be in PKCS#8 format + * with DER encoding (Java standard). The key-blob returned is opaque and will be subsequently + * provided for signing and verification. * * Returns: 0 on success or an error code less than 0. */ - int (*import_keypair)(const struct keymaster_device* dev, - const uint8_t* key, const size_t key_length, - uint8_t** key_blob, size_t* key_blob_length); + int (*import_keypair)(const struct keymaster_device* dev, const uint8_t* key, + const size_t key_length, uint8_t** key_blob, size_t* key_blob_length); /** - * Gets the public key part of a key pair. The public key must be in - * X.509 format (Java standard) encoded byte array. + * \deprecated Gets the public key part of a key pair. The public key must be in X.509 format + * (Java standard) encoded byte array. * - * Returns: 0 on success or an error code less than 0. - * On error, x509_data should not be allocated. + * Returns: 0 on success or an error code less than 0. On error, x509_data + * should not be allocated. */ - int (*get_keypair_public)(const struct keymaster_device* dev, - const uint8_t* key_blob, const size_t key_blob_length, - uint8_t** x509_data, size_t* x509_data_length); + int (*get_keypair_public)(const struct keymaster_device* dev, const uint8_t* key_blob, + const size_t key_blob_length, uint8_t** x509_data, + size_t* x509_data_length); /** - * Deletes the key pair associated with the key blob. + * \deprecated Deletes the key pair associated with the key blob. * * This function is optional and should be set to NULL if it is not * implemented. * * Returns 0 on success or an error code less than 0. */ - int (*delete_keypair)(const struct keymaster_device* dev, - const uint8_t* key_blob, const size_t key_blob_length); + int (*delete_keypair)(const struct keymaster_device* dev, const uint8_t* key_blob, + const size_t key_blob_length); /** - * Deletes all keys in the hardware keystore. Used when keystore is - * reset completely. + * \deprecated Deletes all keys in the hardware keystore. Used when keystore is reset + * completely. * * This function is optional and should be set to NULL if it is not * implemented. @@ -249,45 +139,515 @@ struct keymaster_device { int (*delete_all)(const struct keymaster_device* dev); /** - * Signs data using a key-blob generated before. This can use either - * an asymmetric key or a secret key. + * \deprecated Signs data using a key-blob generated before. This can use either an asymmetric + * key or a secret key. * * Returns: 0 on success or an error code less than 0. */ - int (*sign_data)(const struct keymaster_device* dev, - const void* signing_params, - const uint8_t* key_blob, const size_t key_blob_length, - const uint8_t* data, const size_t data_length, - uint8_t** signed_data, size_t* signed_data_length); + int (*sign_data)(const struct keymaster_device* dev, const void* signing_params, + const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data, + const size_t data_length, uint8_t** signed_data, size_t* signed_data_length); /** - * Verifies data signed with a key-blob. This can use either - * an asymmetric key or a secret key. + * \deprecated Verifies data signed with a key-blob. This can use either an asymmetric key or a + * secret key. * * Returns: 0 on successful verification or an error code less than 0. */ - int (*verify_data)(const struct keymaster_device* dev, - const void* signing_params, - const uint8_t* key_blob, const size_t key_blob_length, - const uint8_t* signed_data, const size_t signed_data_length, - const uint8_t* signature, const size_t signature_length); + int (*verify_data)(const struct keymaster_device* dev, const void* signing_params, + const uint8_t* key_blob, const size_t key_blob_length, + const uint8_t* signed_data, const size_t signed_data_length, + const uint8_t* signature, const size_t signature_length); + + /** + * Gets algorithms supported. + * + * \param[in] dev The keymaster device structure. + * + * \param[out] algorithms Array of algorithms supported. The caller takes ownership of the + * array and must free() it. + * + * \param[out] algorithms_length Length of \p algorithms. + */ + keymaster_error_t (*get_supported_algorithms)(const struct keymaster_device* dev, + keymaster_algorithm_t** algorithms, + size_t* algorithms_length); + + /** + * Gets the block modes supported for the specified algorithm. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] algorithm The algorithm for which supported modes will be returned. + * + * \param[out] modes Array of modes supported. The caller takes ownership of the array and must + * free() it. + * + * \param[out] modes_length Length of \p modes. + */ + keymaster_error_t (*get_supported_block_modes)(const struct keymaster_device* dev, + keymaster_algorithm_t algorithm, + keymaster_purpose_t purpose, + keymaster_block_mode_t** modes, + size_t* modes_length); + + /** + * Gets the padding modes supported for the specified algorithm. Caller assumes ownership of + * the allocated array. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] algorithm The algorithm for which supported padding modes will be returned. + * + * \param[out] modes Array of padding modes supported. The caller takes ownership of the array + * and must free() it. + * + * \param[out] modes_length Length of \p modes. + */ + keymaster_error_t (*get_supported_padding_modes)(const struct keymaster_device* dev, + keymaster_algorithm_t algorithm, + keymaster_purpose_t purpose, + keymaster_padding_t** modes, + size_t* modes_length); + + /** + * Gets the digests supported for the specified algorithm. Caller assumes ownership of the + * allocated array. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] algorithm The algorithm for which supported digests will be returned. + * + * \param[out] digests Array of digests supported. The caller takes ownership of the array and + * must free() it. + * + * \param[out] digests_length Length of \p digests. + */ + keymaster_error_t (*get_supported_digests)(const struct keymaster_device* dev, + keymaster_algorithm_t algorithm, + keymaster_purpose_t purpose, + keymaster_digest_t** digests, + size_t* digests_length); + + /** + * Gets the key import formats supported for keys of the specified algorithm. Caller assumes + * ownership of the allocated array. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] algorithm The algorithm for which supported formats will be returned. + * + * \param[out] formats Array of formats supported. The caller takes ownership of the array and + * must free() it. + * + * \param[out] formats_length Length of \p formats. + */ + keymaster_error_t (*get_supported_import_formats)(const struct keymaster_device* dev, + keymaster_algorithm_t algorithm, + keymaster_key_format_t** formats, + size_t* formats_length); + + /** + * Gets the key export formats supported for keys of the specified algorithm. Caller assumes + * ownership of the allocated array. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] algorithm The algorithm for which supported formats will be returned. + * + * \param[out] formats Array of formats supported. The caller takes ownership of the array and + * must free() it. + * + * \param[out] formats_length Length of \p formats. + */ + keymaster_error_t (*get_supported_export_formats)(const struct keymaster_device* dev, + keymaster_algorithm_t algorithm, + keymaster_key_format_t** formats, + size_t* formats_length); + + /** + * Adds entropy to the RNG used by keymaster. Entropy added through this method is guaranteed + * not to be the only source of entropy used, and the mixing function is required to be secure, + * in the sense that if the RNG is seeded (from any source) with any data the attacker cannot + * predict (or control), then the RNG output is indistinguishable from random. Thus, if the + * entropy from any source is good, the output will be good. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] data Random data to be mixed in. + * + * \param[in] data_length Length of \p data. + */ + keymaster_error_t (*add_rng_entropy)(const struct keymaster_device* dev, uint8_t* data, + size_t data_length); + + /** + * Generates a key, or key pair, returning a key blob and/or a description of the key. + * + * Key generation parameters are defined as keymaster tag/value pairs, provided in \p params. + * See keymaster_tag_t for the full list. Some values that are always required for generation + * of useful keys are: + * + * - KM_TAG_ALGORITHM; + * - KM_TAG_PURPOSE; + * - KM_TAG_USER_ID or KM_TAG_ALL_USERS; + * - KM_TAG_USER_AUTH_ID or KM_TAG_NO_AUTH_REQUIRED; + * - KM_TAG_APPLICATION_ID or KM_TAG_ALL_APPLICATIONS; and + * - KM_TAG_ORIGINATION_EXPIRE_DATETIME + * + * KM_TAG_AUTH_TIMEOUT should generally be specified unless KM_TAG_NO_AUTH_REQUIRED is present, + * or the user will have to authenticate for every use. + * + * KM_TAG_BLOCK_MODE, KM_TAG_PADDING, KM_TAG_MAC_LENGTH and KM_TAG_DIGEST must be specified for + * algorithms that require them. + * + * The following tags will take default values if unspecified: + * + * - KM_TAG_KEY_SIZE defaults to a recommended key size for the specified algorithm. + * + * - KM_TAG_USAGE_EXPIRE_DATETIME defaults to the value of KM_TAG_ORIGINATION_EXPIRE_DATETIME. + * + * - KM_TAG_ACTIVE_DATETIME will default to the value of KM_TAG_CREATION_DATETIME + * + * - KM_TAG_ROOT_OF_TRUST will default to the current root of trust. + * + * - KM_TAG_{RSA|DSA|DH}_* will default to values appropriate for the specified key size. + * + * The following tags may not be specified; their values will be provided by the implementation. + * + * - KM_TAG_ORIGIN, + * + * - KM_TAG_ROLLBACK_RESISTANT, + * + * - KM_TAG_CREATION_DATETIME, + * + * \param[in] dev The keymaster device structure. + * + * \param[in] params Array of key generation parameters. + * + * \param[in] params_count Length of \p params. + * + * \param[out] key_blob returns the generated key. If \p key_blob is NULL, no key is generated, + * but the characteristics of the key that would be generated are returned. The caller assumes + * ownership key_blob->key_material and must free() it. + * + * \param[out] characteristics returns the characteristics of the key that was, or would be, + * generated, if non-NULL. The caller assumes ownership, and the object must be freed with + * keymaster_free_characteristics(). Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and + * KM_TAG_APPLICATION_DATA are never returned. + */ + keymaster_error_t (*generate_key)(const struct keymaster_device* dev, + const keymaster_key_param_t* params, size_t params_count, + keymaster_key_blob_t* key_blob, + keymaster_key_characteristics_t** characteristics); + + /** + * Returns the characteristics of the specified key, or NULL if the key_blob is invalid + * (implementations must fully validate the integrity of the key). client_id and app_data must + * be the ID and data provided when the key was generated or imported. Those values are not + * included in the returned characteristics. Caller assumes ownership of the allocated + * characteristics object, which must be deallocated with keymaster_free_characteristics(). + * + * Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA are never + * returned. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] key_blob The key to retreive characteristics from. + * + * \param[in] client_id The client ID data, or NULL if none associated. + * + * \param[in] app_id The app data, or NULL if none associated. + * + * \param[out] characteristics The key characteristics. + */ + keymaster_error_t (*get_key_characteristics)(const struct keymaster_device* dev, + const keymaster_key_blob_t* key_blob, + const keymaster_blob_t* client_id, + const keymaster_blob_t* app_data, + keymaster_key_characteristics_t** characteristics); + + /** + * Change a key's authorizations. + * + * Update the authorizations associated with key_blob to the list specified in new_params, which + * must contain the complete set of authorizations desired (hw_enforced and sw_enforced). Tags + * will be added, removed and/or updated only if the appropriate KM_TAG_RESCOPING_ADD and + * KM_TAG_RESCOPING_DEL tags exist in the key's authorizations, otherwise + * KM_ERROR_INVALID_RESCOPING will be returned and no changes will be made. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] new_params The new authorization list to be associated with the key. + * + * \param[in] new_params_count The number of entries in \p new_params. + * + * \param[in] key_blob The key to update. + * + * \param[in] client_id The client ID associated with the key, or NULL if none is associated. + * + * \param[in] app_data The application data associated with the key, or NULL if none is + * associated. + * + * \param[out] rescoped_key_blob The key blob with the updated authorizations, if successful. + * The caller assumes ownership of rescoped_key_blob->key_material and must free() it. + * + * \param[out] characteristics If not null will contain the new key authorizations, divided into + * hw_enforced and sw_enforced lists. The caller takes ownership and must call + * keymaster_free_characteristics() to free. + */ + keymaster_error_t (*rescope)(const struct keymaster_device* dev, + const keymaster_key_param_t* new_params, size_t new_params_count, + const keymaster_key_blob_t* key_blob, + const keymaster_blob_t* client_id, + const keymaster_blob_t* app_data, + const keymaster_key_blob_t* rescoped_key_blob, + keymaster_key_characteristics_t** characteristics); + + /** + * Imports a key, or key pair, returning a key blob and/or a description of the key. + * + * Most key import parameters are defined as keymaster tag/value pairs, provided in "params". + * See keymaster_tag_t for the full list. Some values that are always required for import of + * useful keys are: + * + * - KM_TAG_PURPOSE; + * + * - KM_TAG_USER_ID + * + * - KM_TAG_USER_AUTH_ID; + * + * - KM_TAG_APPLICATION_ID or KM_TAG_ALL_APPLICATIONS; + * + * - KM_TAG_PRIVKEY_EXPIRE_DATETIME. + * + * KM_TAG_AUTH_TIMEOUT should generally be specified. If unspecified, the user will have to + * authenticate for every use, unless KM_TAG_USER_AUTH_ID is set to + * KM_NO_AUTHENTICATION_REQUIRED. + * + * The following tags will take default values if unspecified: + * + * - KM_TAG_PUBKEY_EXPIRE_DATETIME will default to the value for KM_TAG_PRIVKEY_EXPIRE_DATETIME. + * + * - KM_TAG_ACTIVE_DATETIME will default to the value of KM_TAG_CREATION_DATETIME + * + * - KM_TAG_ROOT_OF_TRUST will default to the current root of trust. + * + * The following tags may not be specified; their values will be provided by the implementation. + * + * - KM_TAG_ORIGIN, + * + * - KM_TAG_ROLLBACK_RESISTANT, + * + * - KM_TAG_CREATION_DATETIME, + * + * \param[in] dev The keymaster device structure. + * + * \param[in] params Parameters defining the imported key. + * + * \param[in] params_count The number of entries in \p params. + * + * \param[in] key_format specifies the format of the key data in key_data. + * + * \param[out] key_blob Used to return the opaque key blob. Must be non-NULL. The caller + * assumes ownership of the contained key_material. + * + * \param[out] characteristics Used to return the characteristics of the imported key. May be + * NULL, in which case no characteristics will be returned. If non-NULL, the caller assumes + * ownership and must deallocate with keymaster_free_characteristics(). + */ + keymaster_error_t (*import_key)(const struct keymaster_device* dev, + const keymaster_key_param_t* params, size_t params_count, + keymaster_key_format_t key_format, const uint8_t* key_data, + size_t key_data_length, keymaster_key_blob_t* key_blob, + keymaster_key_characteristics_t** characteristics); + + /** + * Exports a public key, returning a byte array in the specified format. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] export_format The format to be used for exporting the key. + * + * \param[in] key_to_export The key to export. + * + * \param[out] export_data The exported key material. The caller assumes ownership. + * + * \param[out] export_data_length The length of \p export_data. + */ + keymaster_error_t (*export_key)(const struct keymaster_device* dev, + keymaster_key_format_t export_format, + const keymaster_key_blob_t* key_to_export, + const keymaster_blob_t* client_id, + const keymaster_blob_t* app_data, uint8_t** export_data, + size_t* export_data_length); + + /** + * Deletes the key, or key pair, associated with the key blob. After calling this function it + * will be impossible to use the key for any other operations (though rescoped versions may + * exist, and if so will be usable). May be applied to keys from foreign roots of trust (keys + * not usable under the current root of trust). + * + * This function is optional and should be set to NULL if it is not implemented. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] key The key to be deleted. + */ + keymaster_error_t (*delete_key)(const struct keymaster_device* dev, + const keymaster_key_blob_t* key); + + /** + * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After + * calling this function it will be impossible to use any previously generated or imported key + * blobs for any operations. + * + * This function is optional and should be set to NULL if it is not implemented. + * + * \param[in] dev The keymaster device structure. + * + * Returns 0 on success or an error code less than 0. + */ + int (*delete_all_keys)(const struct keymaster_device* dev); + + /** + * Begins a cryptographic operation using the specified key. If all is well, begin() will + * return KM_ERROR_OK and create an operation handle which must be passed to subsequent calls to + * update(), finish() or abort(). + * + * It is critical that each call to begin() be paired with a subsequent call to finish() or + * abort(), to allow the keymaster implementation to clean up any internal operation state. + * Failure to do this will leak internal state space or other internal resources and will + * eventually cause begin() to return KM_ERROR_TOO_MANY_OPERATIONS when it runs out of space for + * operations. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] purpose The purpose of the operation, one of KM_PURPOSE_ENCRYPT, + * KM_PURPOSE_DECRYPT, KM_PURPOSE_SIGN or KM_PURPOSE_VERIFY. Note that for AEAD modes, + * encryption and decryption imply signing and verification, respectively. + * + * \param[in] key The key to be used for the operation. \p key must have a purpose compatible + * with \p purpose and all of its usage requirements must be satisfied, or begin() will return + * an appropriate error code. + * + * \param[in] params Additional parameters for the operation. This is typically used to provide + * client ID information, with tags KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA. If the + * client information associated with the key is not provided, begin() will fail and return + * KM_ERROR_INVALID_KEY_BLOB. Less commonly, \params can be used to provide AEAD additional + * data and chunk size with KM_TAG_ADDITIONAL_DATA or KM_TAG_CHUNK_SIZE respectively. + * + * \param[in] params_count The number of entries in \p params. + * + * \param[out] out_params Array of output parameters. The caller takes ownership of the output + * parametes array and must free it. out_params may be set to NULL if no output parameters are + * expected. If NULL, and output paramaters are generated, begin() will return + * KM_ERROR_OUTPUT_PARAMETER_NULL. + * + * \param[out] out_params_count The length of out_params. + * + * \param[out] operation_handle The newly-created operation handle which must be passed to + * update(), finish() or abort(). + */ + keymaster_error_t (*begin)(const struct keymaster_device* dev, keymaster_purpose_t purpose, + const keymaster_key_blob_t* key, const keymaster_key_param_t* params, + size_t params_count, keymaster_key_param_t** out_params, + size_t* out_params_count, + keymaster_operation_handle_t* operation_handle); + + /** + * Get an estimate of the output that will be generated by calling update() with the specified + * number of input bytes, followed by finish(). The estimate may not be exact, but is + * guaranteed not to be smaller than sum of the output lengths from update() and finish(). The + * estimate takes into account input data already provided. + * + * \param[in] input_length The number of additional input bytes to be processed. + * + * \param[out] output_estimate The length of the output that will be produced. + */ + keymaster_error_t (*get_output_size)(size_t input_length, size_t* output_estimate); + + /** + * Provides data to, and possibly receives output from, an ongoing cryptographic operation begun + * with begin(). + * + * If operation_handle is invalid, update() will return KM_ERROR_INVALID_OPERATION_HANDLE. + * + * Not all of the data provided in the data buffer may be consumed. update() will return the + * amount consumed in *data_consumed. The caller should provide the unconsumed data in a + * subsequent call. + * + * \param[in] dev The keymaster device structure. + * + * \param[in] operation_handle The operation handle returned by begin(). + * + * \param[in] input Data to be processed, per the parameters established in the call to begin(). + * Note that update() may or may not consume all of the data provided. See \p data_consumed. + * + * \param[in] input_length Length of \p input. + * + * \param[out] input_consumed Amount of data that was consumed by update(). If this is less + * than the amount provided, the caller should provide the remainder in a subsequent call to + * update(). + * + * \param[out] output The output data, if any. The caller assumes ownership of the allocated + * buffer. If output is NULL then NO input data is consumed and no output is produced, but + * *output_length is set to an estimate of the size that would have been produced by this + * update() and a subsequent finish(). + * + * \param[out] output_length The length of the output buffer. + * + * Note that update() may not provide any output, in which case *output_length will be zero, and + * *output may be either NULL or zero-length (so the caller should always free() it). + */ + keymaster_error_t (*update)(const struct keymaster_device* dev, + keymaster_operation_handle_t operation_handle, const uint8_t* input, + size_t input_length, size_t* input_consumed, uint8_t** output, + size_t* output_length); + + /** + * Finalizes a cryptographic operation begun with begin() and invalidates operation_handle + * (except in the insufficient buffer case, detailed below). + * + * \param[in] dev The keymaster device structure. + * + * \param[in] operation_handle The operation handle returned by begin(). This handle will be + * invalidated. + * + * \param[in] signature The signature to be verified if the purpose specified in the begin() + * call was KM_PURPOSE_VERIFY. + * + * \param[in] signature_length The length of \p signature. + * + * \param[out] output The output data, if any. The caller assumes ownership of the allocated + * buffer. + * + * \param[out] output_length The length of the output buffer. + * + * If the operation being finished is a signature verification or an AEAD-mode decryption and + * verification fails then finish() will return KM_ERROR_VERIFICATION_FAILED. + */ + keymaster_error_t (*finish)(const struct keymaster_device* dev, + keymaster_operation_handle_t operation_handle, + const uint8_t* signature, size_t signature_length, uint8_t** output, + size_t* output_length); + + /** + * Aborts a cryptographic operation begun with begin(), freeing all internal resources and + * invalidating operation_handle. + */ + keymaster_error_t (*abort)(const struct keymaster_device* dev, + keymaster_operation_handle_t operation_handle); }; typedef struct keymaster_device keymaster_device_t; - /* Convenience API for opening and closing keymaster devices */ -static inline int keymaster_open(const struct hw_module_t* module, - keymaster_device_t** device) -{ - int rc = module->methods->open(module, KEYSTORE_KEYMASTER, - (struct hw_device_t**) device); - - return rc; +static inline int keymaster_open(const struct hw_module_t* module, keymaster_device_t** device) { + return module->methods->open(module, KEYSTORE_KEYMASTER, (struct hw_device_t**)device); } -static inline int keymaster_close(keymaster_device_t* device) -{ +static inline int keymaster_close(keymaster_device_t* device) { return device->common.close(&device->common); } diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h new file mode 100644 index 00000000..3a0aeccb --- /dev/null +++ b/include/hardware/keymaster_defs.h @@ -0,0 +1,614 @@ +/* + * Copyright (C) 2014 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ANDROID_HARDWARE_KEYMASTER_DEFS_H +#define ANDROID_HARDWARE_KEYMASTER_DEFS_H + +#include +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif // defined(__cplusplus) + +/*! + * \deprecated Flags for keymaster_device::flags + * + * keymaster_device::flags is deprecated and will be removed in the + * next version of the API in favor of the more detailed information + * available from TODO: + */ +enum { + /* + * Indicates this keymaster implementation does not have hardware that + * keeps private keys out of user space. + * + * This should not be implemented on anything other than the default + * implementation. + */ + KEYMASTER_SOFTWARE_ONLY = 1 << 0, + + /* + * This indicates that the key blobs returned via all the primitives + * are sufficient to operate on their own without the trusted OS + * querying userspace to retrieve some other data. Key blobs of + * this type are normally returned encrypted with a + * Key Encryption Key (KEK). + * + * This is currently used by "vold" to know whether the whole disk + * encryption secret can be unwrapped without having some external + * service started up beforehand since the "/data" partition will + * be unavailable at that point. + */ + KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1, + + /* + * Indicates that the keymaster module supports DSA keys. + */ + KEYMASTER_SUPPORTS_DSA = 1 << 2, + + /* + * Indicates that the keymaster module supports EC keys. + */ + KEYMASTER_SUPPORTS_EC = 1 << 3, +}; + +/** + * \deprecated Asymmetric key pair types. + */ +typedef enum { + TYPE_RSA = 1, + TYPE_DSA = 2, + TYPE_EC = 3, +} keymaster_keypair_t; + +/** + * Authorization tags each have an associated type. This enumeration facilitates tagging each with + * a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to + * 16 data types. These values are ORed with tag IDs to generate the final tag ID values. + */ +typedef enum { + KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */ + KM_ENUM = 1 << 28, + KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */ + KM_INT = 3 << 28, + KM_INT_REP = 4 << 28, /* Repeatable integer value */ + KM_LONG = 5 << 28, + KM_DATE = 6 << 28, + KM_BOOL = 7 << 28, + KM_BIGNUM = 8 << 28, + KM_BYTES = 9 << 28, +} keymaster_tag_type_t; + +typedef enum { + KM_TAG_INVALID = KM_INVALID | 0, + + /* + * Tags that must be semantically enforced by hardware and software implementations. + */ + + /* Crypto parameters */ + KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */ + KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */ + KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */ + KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */ + KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */ + KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC length in bits. */ + KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */ + KM_TAG_CHUNK_LENGTH = KM_INT | 8, /* AEAD mode minimum decryption chunk size, in bytes. */ + KM_TAG_NONCE = KM_BYTES | 9, /* Nonce or Initialization Vector */ + + /* Other hardware-enforced. */ + KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */ + KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102, /* Tags authorized for removal via rescoping. */ + KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705, /* keymaster_key_blob_usage_requirements_t */ + + /* Algorithm-specific. */ + KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */ + KM_TAG_DSA_GENERATOR = KM_BIGNUM | 201, + KM_TAG_DSA_P = KM_BIGNUM | 202, + KM_TAG_DSA_Q = KM_BIGNUM | 203, + /* Note there are no EC-specific params. Field size is defined by KM_TAG_KEY_SIZE, and the + curve is chosen from NIST recommendations for field size */ + + /* + * Tags that should be semantically enforced by hardware if possible and will otherwise be + * enforced by software (keystore). + */ + + /* Key validity period */ + KM_TAG_ACTIVE_DATETIME = KM_DATE | 400, /* Start of validity */ + KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401, /* Date when new "messages" should no + longer be created. */ + KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402, /* Date when existing "messages" should no + longer be trusted. */ + KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403, /* Minimum elapsed time between + cryptographic operations with the key. */ + KM_TAG_SINGLE_USE_PER_BOOT = KM_BOOL | 404, /* If true, the key can only be used once + per boot. */ + + /* User authentication */ + KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */ + KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if KM_TAG_ALL_USERS is + present. */ + KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 502, /* If key is usable without authentication. */ + KM_TAG_USER_AUTH_ID = KM_INT_REP | 503, /* ID of the authenticator to use (e.g. password, + fingerprint, etc.). Repeatable to support + multi-factor auth. Disallowed if + KM_TAG_NO_AUTH_REQUIRED is present. */ + KM_TAG_AUTH_TIMEOUT = KM_INT | 504, /* Required freshness of user authentication for + private/secret key operations, in seconds. + Public key operations require no authentication. + If absent, authentication is required for every + use. Authentication state is lost when the + device is powered off. */ + KM_TAG_RESCOPE_AUTH_TIMEOUT = KM_INT | 505, /* Required freshness of user authentication for key + rescoping operations, in seconds. Public key + operations require no authentication. If absent, + authentication required for every rescoping. */ + + /* Application access control */ + KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* If key is usable by all applications. */ + KM_TAG_APPLICATION_ID = KM_BYTES | 601, /* ID of authorized application. Disallowed if + KM_TAG_ALL_APPLICATIONS is present. */ + + /* + * Semantically unenforceable tags, either because they have no specific meaning or because + * they're informational only. + */ + KM_TAG_APPLICATION_DATA = KM_BYTES | 700, /* Data provided by authorized application. */ + KM_TAG_CREATION_DATETIME = KM_DATE | 701, /* Key creation time */ + KM_TAG_ORIGIN = KM_ENUM | 702, /* keymaster_key_origin_t. */ + KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703, /* Whether key is rollback-resistant. */ + KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704, /* Root of trust ID. Empty array means usable by all + roots. */ + + /* Tags used only to provide data to operations */ + KM_TAG_ADDITIONAL_DATA = KM_BYTES | 1000, /* Used to provide additional data for AEAD modes. */ +} keymaster_tag_t; + +/** + * Algorithms that may be provided by keymaster implementations. Those that must be provided by all + * implementations are tagged as "required". Note that where the values in this enumeration overlap + * with the values for the deprecated keymaster_keypair_t, the same algorithm must be + * specified. This type is new in 0_4 and replaces the deprecated keymaster_keypair_t. + */ +typedef enum { + /* Asymmetric algorithms. */ + KM_ALGORITHM_RSA = 1, /* required */ + KM_ALGORITHM_DSA = 2, /* required */ + KM_ALGORITHM_ECDSA = 3, /* required */ + KM_ALGORITHM_ECIES = 4, + /* FIPS Approved Ciphers */ + KM_ALGORITHM_AES = 32, /* required */ + KM_ALGORITHM_3DES = 33, + KM_ALGORITHM_SKIPJACK = 34, + /* AES Finalists */ + KM_ALGORITHM_MARS = 48, + KM_ALGORITHM_RC6 = 49, + KM_ALGORITHM_SERPENT = 50, + KM_ALGORITHM_TWOFISH = 51, + /* Other common block ciphers */ + KM_ALGORITHM_IDEA = 52, + KM_ALGORITHM_RC5 = 53, + KM_ALGORITHM_CAST5 = 54, + KM_ALGORITHM_BLOWFISH = 55, + /* Common stream ciphers */ + KM_ALGORITHM_RC4 = 64, + KM_ALGORITHM_CHACHA20 = 65, + /* MAC algorithms */ + KM_ALGORITHM_HMAC = 128, /* required */ +} keymaster_algorithm_t; + +/** + * Symmetric block cipher modes that may be provided by keymaster implementations. Those that must + * be provided by all implementations are tagged as "required". This type is new in 0_4. + * + * KM_MODE_FIRST_UNAUTHENTICATED, KM_MODE_FIRST_AUTHENTICATED and KM_MODE_FIRST_MAC are not modes, + * but markers used to separate the available modes into classes. + */ +typedef enum { + /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended + * except for compatibility with existing other protocols. */ + KM_MODE_FIRST_UNAUTHENTICATED = 1, + KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, /* required */ + KM_MODE_CBC = 2, /* required */ + KM_MODE_CBC_CTS = 3, /* recommended */ + KM_MODE_CTR = 4, /* recommended */ + KM_MODE_OFB = 5, + KM_MODE_CFB = 6, + KM_MODE_XTS = 7, /* Note: requires double-length keys */ + /* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended + * over unauthenticated modes for all purposes. One of KM_MODE_GCM and KM_MODE_OCB is + * required. */ + KM_MODE_FIRST_AUTHENTICATED = 32, + KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED, + KM_MODE_OCB = 33, + KM_MODE_CCM = 34, + /* MAC modes -- only for signing/verification */ + KM_MODE_FIRST_MAC = 128, + KM_MODE_CMAC = KM_MODE_FIRST_MAC, + KM_MODE_POLY1305 = 129, +} keymaster_block_mode_t; + +/** + * Padding modes that may be applied to plaintext for encryption operations. This list includes + * padding modes for both symmetric and asymmetric algorithms. Note that implementations should not + * provide all possible combinations of algorithm and padding, only the + * cryptographically-appropriate pairs. + */ +typedef enum { + KM_PAD_NONE = 1, /* required, deprecated */ + KM_PAD_RSA_OAEP = 2, /* required */ + KM_PAD_RSA_PSS = 3, /* required */ + KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4, + KM_PAD_RSA_PKCS1_1_5_SIGN = 5, + KM_PAD_ANSI_X923 = 32, + KM_PAD_ISO_10126 = 33, + KM_PAD_ZERO = 64, /* required */ + KM_PAD_PKCS7 = 65, /* required */ + KM_PAD_ISO_7816_4 = 66, +} keymaster_padding_t; + +/** + * Digests that may be provided by keymaster implementations. Those that must be provided by all + * implementations are tagged as "required". Those that have been added since version 0_2 of the + * API are tagged as "new". + */ +typedef enum { + KM_DIGEST_NONE = 0, /* new, required */ + DIGEST_NONE = KM_DIGEST_NONE, /* For 0_2 compatibility */ + KM_DIGEST_MD5 = 1, /* new, for compatibility with old protocols only */ + KM_DIGEST_SHA1 = 2, /* new */ + KM_DIGEST_SHA_2_224 = 3, /* new */ + KM_DIGEST_SHA_2_256 = 4, /* new, required */ + KM_DIGEST_SHA_2_384 = 5, /* new, recommended */ + KM_DIGEST_SHA_2_512 = 6, /* new, recommended */ + KM_DIGEST_SHA_3_256 = 7, /* new */ + KM_DIGEST_SHA_3_384 = 8, /* new */ + KM_DIGEST_SHA_3_512 = 9, /* new */ +} keymaster_digest_t; + +/** + * The origin of a key (or pair), i.e. where it was generated. Origin and can be used together to + * determine whether a key may have existed outside of secure hardware. This type is new in 0_4. + */ +typedef enum { + KM_ORIGIN_HARDWARE = 0, /* Generated in secure hardware */ + KM_ORIGIN_SOFTWARE = 1, /* Generated in non-secure software */ + KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */ +} keymaster_key_origin_t; + +/** + * Usability requirements of key blobs. This defines what system functionality must be available + * for the key to function. For example, key "blobs" which are actually handles referencing + * encrypted key material stored in the file system cannot be used until the file system is + * available, and should have BLOB_REQUIRES_FILE_SYSTEM. Other requirements entries will be added + * as needed for implementations. This type is new in 0_4. + */ +typedef enum { + KM_BLOB_STANDALONE = 0, + KM_BLOB_REQUIRES_FILE_SYSTEM = 1, +} keymaster_key_blob_usage_requirements_t; + +/** + * Possible purposes of a key (or pair). This type is new in 0_4. + */ +typedef enum { + KM_PURPOSE_ENCRYPT = 0, + KM_PURPOSE_DECRYPT = 1, + KM_PURPOSE_SIGN = 2, + KM_PURPOSE_VERIFY = 3, +} keymaster_purpose_t; + +typedef struct { + const uint8_t* data; + size_t data_length; +} keymaster_blob_t; + +typedef struct { + keymaster_tag_t tag; + union { + uint32_t enumerated; /* KM_ENUM and KM_ENUM_REP */ + bool boolean; /* KM_BOOL */ + uint32_t integer; /* KM_INT and KM_INT_REP */ + uint64_t long_integer; /* KM_LONG */ + uint64_t date_time; /* KM_DATE */ + keymaster_blob_t blob; /* KM_BIGNUM and KM_BYTES*/ + }; +} keymaster_key_param_t; + +typedef struct { + keymaster_key_param_t* params; /* may be NULL if length == 0 */ + size_t length; +} keymaster_key_param_set_t; + +/** + * Parameters that define a key's characteristics, including authorized modes of usage and access + * control restrictions. The parameters are divided into two categories, those that are enforced by + * secure hardware, and those that are not. For a software-only keymaster implementation the + * enforced array must NULL. Hardware implementations must enforce everything in the enforced + * array. + */ +typedef struct { + keymaster_key_param_set_t hw_enforced; + keymaster_key_param_set_t sw_enforced; +} keymaster_key_characteristics_t; + +typedef struct { + const uint8_t* key_material; + size_t key_material_size; +} keymaster_key_blob_t; + +/** + * Formats for key import and export. At present, only asymmetric key import/export is supported. + * In the future this list will expand greatly to accommodate asymmetric key import/export. + */ +typedef enum { + KM_KEY_FORMAT_X509, /* for public key export, required */ + KM_KEY_FORMAT_PKCS8, /* for asymmetric key pair import, required */ + KM_KEY_FORMAT_PKCS12, /* for asymmetric key pair import, not required */ +} keymaster_key_format_t; + +/** + * The keymaster operation API consists of begin, update, finish and abort. This is the type of the + * handle used to tie the sequence of calls together. A 64-bit value is used because it's important + * that handles not be predictable. Implementations must use strong random numbers for handle + * values. + */ +typedef uint64_t keymaster_operation_handle_t; + +typedef enum { + KM_ERROR_OK = 0, + KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1, + KM_ERROR_UNSUPPORTED_PURPOSE = -2, + KM_ERROR_INCOMPATIBLE_PURPOSE = -3, + KM_ERROR_UNSUPPORTED_ALGORITHM = -4, + KM_ERROR_INCOMPATIBLE_ALGORITHM = -5, + KM_ERROR_UNSUPPORTED_KEY_SIZE = -6, + KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7, + KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8, + KM_ERROR_UNSUPPORTED_TAG_LENGTH = -9, + KM_ERROR_UNSUPPORTED_PADDING_MODE = -10, + KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11, + KM_ERROR_UNSUPPORTED_DIGEST = -12, + KM_ERROR_INCOMPATIBLE_DIGEST = -13, + KM_ERROR_INVALID_EXPIRATION_TIME = -14, + KM_ERROR_INVALID_USER_ID = -15, + KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16, + KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17, + KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18, + KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19, /* For PKCS8 & PKCS12 */ + KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */ + KM_ERROR_INVALID_INPUT_LENGTH = -21, + KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22, + KM_ERROR_DELEGATION_NOT_ALLOWED = -23, + KM_ERROR_KEY_NOT_YET_VALID = -24, + KM_ERROR_KEY_EXPIRED = -25, + KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26, + KM_ERROR_OUTPUT_PARAMETER_NULL = -27, + KM_ERROR_INVALID_OPERATION_HANDLE = -28, + KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29, + KM_ERROR_VERIFICATION_FAILED = -30, + KM_ERROR_TOO_MANY_OPERATIONS = -31, + KM_ERROR_UNEXPECTED_NULL_POINTER = -32, + KM_ERROR_INVALID_KEY_BLOB = -33, + KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34, + KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35, + KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36, + KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37, + KM_ERROR_INVALID_ARGUMENT = -38, + KM_ERROR_UNSUPPORTED_TAG = -39, + KM_ERROR_INVALID_TAG = -40, + KM_ERROR_MEMORY_ALLOCATION_FAILED = -41, + KM_ERROR_INVALID_RESCOPING = -42, + KM_ERROR_INVALID_DSA_PARAMS = -43, + KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44, + KM_ERROR_SECURE_HW_ACCESS_DENIED = -45, + KM_ERROR_OPERATION_CANCELLED = -46, + KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47, + KM_ERROR_SECURE_HW_BUSY = -48, + KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49, + KM_ERROR_UNSUPPORTED_EC_FIELD = -50, + KM_ERROR_UNIMPLEMENTED = -100, + KM_ERROR_VERSION_MISMATCH = -101, + + /* Additional error codes may be added by implementations, but implementers should coordinate + * with Google to avoid code collision. */ + KM_ERROR_UNKNOWN_ERROR = -1000, +} keymaster_error_t; + +/** + * \deprecated Parameters needed to generate an RSA key. + */ +typedef struct { + uint32_t modulus_size; /* bits */ + uint64_t public_exponent; +} keymaster_rsa_keygen_params_t; + +/** + * \deprecated Parameters needed to generate a DSA key. + */ +typedef struct { + uint32_t key_size; /* bits */ + uint32_t generator_len; + uint32_t prime_p_len; + uint32_t prime_q_len; + const uint8_t* generator; + const uint8_t* prime_p; + const uint8_t* prime_q; +} keymaster_dsa_keygen_params_t; + +/** + * \deprecated Parameters needed to generate an EC key. + * + * Field size is the only parameter in version 4. The sizes correspond to these required curves: + * + * 192 = NIST P-192 + * 224 = NIST P-224 + * 256 = NIST P-256 + * 384 = NIST P-384 + * 521 = NIST P-521 + * + * The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf + * in Chapter 4. + */ +typedef struct { uint32_t field_size; /* bits */ } keymaster_ec_keygen_params_t; + +/** + * \deprecated Type of padding used for RSA operations. + */ +typedef enum { + PADDING_NONE, +} keymaster_rsa_padding_t; + +/** + * \deprecated + */ +typedef struct { keymaster_digest_t digest_type; } keymaster_dsa_sign_params_t; + +/** + * \deprecated + */ +typedef struct { keymaster_digest_t digest_type; } keymaster_ec_sign_params_t; + +/** + *\deprecated + */ +typedef struct { + keymaster_digest_t digest_type; + keymaster_rsa_padding_t padding_type; +} keymaster_rsa_sign_params_t; + +/* Convenience functions for manipulating keymaster tag types */ + +static inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) { + return (keymaster_tag_type_t)(tag & (0xF << 28)); +} + +static inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) { + return tag & 0x0FFFFFFF; +} + +static inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) { + switch (type) { + case KM_INT_REP: + case KM_ENUM_REP: + return true; + default: + return false; + } +} + +static inline bool keymaster_tag_repeatable(keymaster_tag_t tag) { + return keymaster_tag_type_repeatable(keymaster_tag_get_type(tag)); +} + +/* Convenience functions for manipulating keymaster_key_param_t structs */ + +inline keymaster_key_param_t keymaster_param_enum(keymaster_tag_t tag, uint32_t value) { + // assert(keymaster_tag_get_type(tag) == KM_ENUM || keymaster_tag_get_type(tag) == KM_ENUM_REP); + keymaster_key_param_t param; + memset(¶m, 0, sizeof(param)); + param.tag = tag; + param.enumerated = value; + return param; +} + +inline keymaster_key_param_t keymaster_param_int(keymaster_tag_t tag, uint32_t value) { + // assert(keymaster_tag_get_type(tag) == KM_INT || keymaster_tag_get_type(tag) == KM_INT_REP); + keymaster_key_param_t param; + memset(¶m, 0, sizeof(param)); + param.tag = tag; + param.integer = value; + return param; +} + +inline keymaster_key_param_t keymaster_param_long(keymaster_tag_t tag, uint64_t value) { + // assert(keymaster_tag_get_type(tag) == KM_LONG); + keymaster_key_param_t param; + memset(¶m, 0, sizeof(param)); + param.tag = tag; + param.long_integer = value; + return param; +} + +inline keymaster_key_param_t keymaster_param_blob(keymaster_tag_t tag, const uint8_t* bytes, + size_t bytes_len) { + // assert(keymaster_tag_get_type(tag) == KM_BYTES || keymaster_tag_get_type(tag) == KM_BIGNUM); + keymaster_key_param_t param; + memset(¶m, 0, sizeof(param)); + param.tag = tag; + param.blob.data = (uint8_t*)bytes; + param.blob.data_length = bytes_len; + return param; +} + +inline keymaster_key_param_t keymaster_param_bool(keymaster_tag_t tag) { + // assert(keymaster_tag_get_type(tag) == KM_BOOL); + keymaster_key_param_t param; + memset(¶m, 0, sizeof(param)); + param.tag = tag; + param.boolean = true; + return param; +} + +inline keymaster_key_param_t keymaster_param_date(keymaster_tag_t tag, uint64_t value) { + // assert(keymaster_tag_get_type(tag) == KM_DATE); + keymaster_key_param_t param; + memset(¶m, 0, sizeof(param)); + param.tag = tag; + param.date_time = value; + return param; +} + +inline void keymaster_free_param_values(keymaster_key_param_t* param, size_t param_count) { + while (param_count-- > 0) { + switch (keymaster_tag_get_type(param->tag)) { + case KM_BIGNUM: + case KM_BYTES: + free((void*)param->blob.data); + param->blob.data = NULL; + break; + default: + // NOP + break; + } + ++param; + } +} + +inline void keymaster_free_param_set(keymaster_key_param_set_t* set) { + if (set) { + keymaster_free_param_values(set->params, set->length); + free(set->params); + set->params = NULL; + } +} + +inline void keymaster_free_characteristics(keymaster_key_characteristics_t* characteristics) { + if (characteristics) { + keymaster_free_param_set(&characteristics->hw_enforced); + keymaster_free_param_set(&characteristics->sw_enforced); + } +} + +#if defined(__cplusplus) +} // extern "C" +#endif // defined(__cplusplus) + +#endif // ANDROID_HARDWARE_KEYMASTER_DEFS_H