1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_HARDWARE_KEYMASTER_DEFS_H 18 #define ANDROID_HARDWARE_KEYMASTER_DEFS_H 19 20 #include <stdint.h> 21 #include <stdlib.h> 22 #include <string.h> 23 24 #ifdef __cplusplus 25 extern "C" { 26 #endif // __cplusplus 27 28 /** 29 * Authorization tags each have an associated type. This enumeration facilitates tagging each with 30 * a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to 31 * 16 data types. These values are ORed with tag IDs to generate the final tag ID values. 32 */ 33 typedef enum { 34 KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */ 35 KM_ENUM = 1 << 28, 36 KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */ 37 KM_UINT = 3 << 28, 38 KM_UINT_REP = 4 << 28, /* Repeatable integer value */ 39 KM_ULONG = 5 << 28, 40 KM_DATE = 6 << 28, 41 KM_BOOL = 7 << 28, 42 KM_BIGNUM = 8 << 28, 43 KM_BYTES = 9 << 28, 44 KM_ULONG_REP = 10 << 28, /* Repeatable long value */ 45 } keymaster_tag_type_t; 46 47 typedef enum { 48 KM_TAG_INVALID = KM_INVALID | 0, 49 50 /* 51 * Tags that must be semantically enforced by hardware and software implementations. 52 */ 53 54 /* Crypto parameters */ 55 KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */ 56 KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */ 57 KM_TAG_KEY_SIZE = KM_UINT | 3, /* Key size in bits. */ 58 KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4, /* keymaster_block_mode_t. */ 59 KM_TAG_DIGEST = KM_ENUM_REP | 5, /* keymaster_digest_t. */ 60 KM_TAG_PADDING = KM_ENUM_REP | 6, /* keymaster_padding_t. */ 61 KM_TAG_CALLER_NONCE = KM_BOOL | 7, /* Allow caller to specify nonce or IV. */ 62 KM_TAG_MIN_MAC_LENGTH = KM_UINT | 8, /* Minimum length of MAC or AEAD authentication tag in 63 * bits. */ 64 65 /* Algorithm-specific. */ 66 KM_TAG_RSA_PUBLIC_EXPONENT = KM_ULONG | 200, 67 68 /* Other hardware-enforced. */ 69 KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 301, /* keymaster_key_blob_usage_requirements_t */ 70 KM_TAG_BOOTLOADER_ONLY = KM_BOOL | 302, /* Usable only by bootloader */ 71 72 /* 73 * Tags that should be semantically enforced by hardware if possible and will otherwise be 74 * enforced by software (keystore). 75 */ 76 77 /* Key validity period */ 78 KM_TAG_ACTIVE_DATETIME = KM_DATE | 400, /* Start of validity */ 79 KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401, /* Date when new "messages" should no 80 longer be created. */ 81 KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402, /* Date when existing "messages" should no 82 longer be trusted. */ 83 KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_UINT | 403, /* Minimum elapsed time between 84 cryptographic operations with the key. */ 85 KM_TAG_MAX_USES_PER_BOOT = KM_UINT | 404, /* Number of times the key can be used per 86 boot. */ 87 88 /* User authentication */ 89 KM_TAG_ALL_USERS = KM_BOOL | 500, /* Reserved for future use -- ignore */ 90 KM_TAG_USER_ID = KM_UINT | 501, /* Reserved for future use -- ignore */ 91 KM_TAG_USER_SECURE_ID = KM_ULONG_REP | 502, /* Secure ID of authorized user or authenticator(s). 92 Disallowed if KM_TAG_ALL_USERS or 93 KM_TAG_NO_AUTH_REQUIRED is present. */ 94 KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503, /* If key is usable without authentication. */ 95 KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504, /* Bitmask of authenticator types allowed when 96 * KM_TAG_USER_SECURE_ID contains a secure user ID, 97 * rather than a secure authenticator ID. Defined in 98 * hw_authenticator_type_t in hw_auth_token.h. */ 99 KM_TAG_AUTH_TIMEOUT = KM_UINT | 505, /* Required freshness of user authentication for 100 private/secret key operations, in seconds. 101 Public key operations require no authentication. 102 If absent, authentication is required for every 103 use. Authentication state is lost when the 104 device is powered off. */ 105 106 /* Application access control */ 107 KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* Reserved for future use -- ignore */ 108 KM_TAG_APPLICATION_ID = KM_BYTES | 601, /* Reserved for fugure use -- ignore */ 109 110 /* 111 * Semantically unenforceable tags, either because they have no specific meaning or because 112 * they're informational only. 113 */ 114 KM_TAG_APPLICATION_DATA = KM_BYTES | 700, /* Data provided by authorized application. */ 115 KM_TAG_CREATION_DATETIME = KM_DATE | 701, /* Key creation time */ 116 KM_TAG_ORIGIN = KM_ENUM | 702, /* keymaster_key_origin_t. */ 117 KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703, /* Whether key is rollback-resistant. */ 118 KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704, /* Root of trust ID. */ 119 120 /* Tags used only to provide data to or receive data from operations */ 121 KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000, /* Used to provide associated data for AEAD modes. */ 122 KM_TAG_NONCE = KM_BYTES | 1001, /* Nonce or Initialization Vector */ 123 KM_TAG_AUTH_TOKEN = KM_BYTES | 1002, /* Authentication token that proves secure user 124 authentication has been performed. Structure 125 defined in hw_auth_token_t in hw_auth_token.h. */ 126 KM_TAG_MAC_LENGTH = KM_UINT | 1003, /* MAC or AEAD authentication tag length in bits. */ 127 } keymaster_tag_t; 128 129 /** 130 * Algorithms that may be provided by keymaster implementations. Those that must be provided by all 131 * implementations are tagged as "required". 132 */ 133 typedef enum { 134 /* Asymmetric algorithms. */ 135 KM_ALGORITHM_RSA = 1, 136 // KM_ALGORITHM_DSA = 2, -- Removed, do not re-use value 2. 137 KM_ALGORITHM_EC = 3, 138 139 /* Block ciphers algorithms */ 140 KM_ALGORITHM_AES = 32, 141 142 /* MAC algorithms */ 143 KM_ALGORITHM_HMAC = 128, 144 } keymaster_algorithm_t; 145 146 /** 147 * Symmetric block cipher modes provided by keymaster implementations. 148 */ 149 typedef enum { 150 /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended 151 * except for compatibility with existing other protocols. */ 152 KM_MODE_ECB = 1, 153 KM_MODE_CBC = 2, 154 KM_MODE_CTR = 3, 155 156 /* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended 157 * over unauthenticated modes for all purposes. */ 158 KM_MODE_GCM = 32, 159 } keymaster_block_mode_t; 160 161 /** 162 * Padding modes that may be applied to plaintext for encryption operations. This list includes 163 * padding modes for both symmetric and asymmetric algorithms. Note that implementations should not 164 * provide all possible combinations of algorithm and padding, only the 165 * cryptographically-appropriate pairs. 166 */ 167 typedef enum { 168 KM_PAD_NONE = 1, /* deprecated */ 169 KM_PAD_RSA_OAEP = 2, 170 KM_PAD_RSA_PSS = 3, 171 KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4, 172 KM_PAD_RSA_PKCS1_1_5_SIGN = 5, 173 KM_PAD_PKCS7 = 64, 174 } keymaster_padding_t; 175 176 /** 177 * Digests provided by keymaster implementations. 178 */ 179 typedef enum { 180 KM_DIGEST_NONE = 0, 181 KM_DIGEST_MD5 = 1, /* Optional, may not be implemented in hardware, will be handled in software 182 * if needed. */ 183 KM_DIGEST_SHA1 = 2, 184 KM_DIGEST_SHA_2_224 = 3, 185 KM_DIGEST_SHA_2_256 = 4, 186 KM_DIGEST_SHA_2_384 = 5, 187 KM_DIGEST_SHA_2_512 = 6, 188 } keymaster_digest_t; 189 190 /** 191 * The origin of a key (or pair), i.e. where it was generated. Note that KM_TAG_ORIGIN can be found 192 * in either the hardware-enforced or software-enforced list for a key, indicating whether the key 193 * is hardware or software-based. Specifically, a key with KM_ORIGIN_GENERATED in the 194 * hardware-enforced list is guaranteed never to have existed outide the secure hardware. 195 */ 196 typedef enum { 197 KM_ORIGIN_GENERATED = 0, /* Generated in keymaster */ 198 KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */ 199 KM_ORIGIN_UNKNOWN = 3, /* Keymaster did not record origin. This value can only be seen on 200 * keys in a keymaster0 implementation. The keymaster0 adapter uses 201 * this value to document the fact that it is unkown whether the key 202 * was generated inside or imported into keymaster. */ 203 } keymaster_key_origin_t; 204 205 /** 206 * Usability requirements of key blobs. This defines what system functionality must be available 207 * for the key to function. For example, key "blobs" which are actually handles referencing 208 * encrypted key material stored in the file system cannot be used until the file system is 209 * available, and should have BLOB_REQUIRES_FILE_SYSTEM. Other requirements entries will be added 210 * as needed for implementations. This type is new in 0_4. 211 */ 212 typedef enum { 213 KM_BLOB_STANDALONE = 0, 214 KM_BLOB_REQUIRES_FILE_SYSTEM = 1, 215 } keymaster_key_blob_usage_requirements_t; 216 217 /** 218 * Possible purposes of a key (or pair). This type is new in 0_4. 219 */ 220 typedef enum { 221 KM_PURPOSE_ENCRYPT = 0, 222 KM_PURPOSE_DECRYPT = 1, 223 KM_PURPOSE_SIGN = 2, 224 KM_PURPOSE_VERIFY = 3, 225 } keymaster_purpose_t; 226 227 typedef struct { 228 const uint8_t* data; 229 size_t data_length; 230 } keymaster_blob_t; 231 232 typedef struct { 233 keymaster_tag_t tag; 234 union { 235 uint32_t enumerated; /* KM_ENUM and KM_ENUM_REP */ 236 bool boolean; /* KM_BOOL */ 237 uint32_t integer; /* KM_INT and KM_INT_REP */ 238 uint64_t long_integer; /* KM_LONG */ 239 uint64_t date_time; /* KM_DATE */ 240 keymaster_blob_t blob; /* KM_BIGNUM and KM_BYTES*/ 241 }; 242 } keymaster_key_param_t; 243 244 typedef struct { 245 keymaster_key_param_t* params; /* may be NULL if length == 0 */ 246 size_t length; 247 } keymaster_key_param_set_t; 248 249 /** 250 * Parameters that define a key's characteristics, including authorized modes of usage and access 251 * control restrictions. The parameters are divided into two categories, those that are enforced by 252 * secure hardware, and those that are not. For a software-only keymaster implementation the 253 * enforced array must NULL. Hardware implementations must enforce everything in the enforced 254 * array. 255 */ 256 typedef struct { 257 keymaster_key_param_set_t hw_enforced; 258 keymaster_key_param_set_t sw_enforced; 259 } keymaster_key_characteristics_t; 260 261 typedef struct { 262 const uint8_t* key_material; 263 size_t key_material_size; 264 } keymaster_key_blob_t; 265 266 /** 267 * Formats for key import and export. At present, only asymmetric key import/export is supported. 268 * In the future this list will expand greatly to accommodate asymmetric key import/export. 269 */ 270 typedef enum { 271 KM_KEY_FORMAT_X509 = 0, /* for public key export */ 272 KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import */ 273 KM_KEY_FORMAT_RAW = 3, /* for symmetric key import */ 274 } keymaster_key_format_t; 275 276 /** 277 * The keymaster operation API consists of begin, update, finish and abort. This is the type of the 278 * handle used to tie the sequence of calls together. A 64-bit value is used because it's important 279 * that handles not be predictable. Implementations must use strong random numbers for handle 280 * values. 281 */ 282 typedef uint64_t keymaster_operation_handle_t; 283 284 typedef enum { 285 KM_ERROR_OK = 0, 286 KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1, 287 KM_ERROR_UNSUPPORTED_PURPOSE = -2, 288 KM_ERROR_INCOMPATIBLE_PURPOSE = -3, 289 KM_ERROR_UNSUPPORTED_ALGORITHM = -4, 290 KM_ERROR_INCOMPATIBLE_ALGORITHM = -5, 291 KM_ERROR_UNSUPPORTED_KEY_SIZE = -6, 292 KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7, 293 KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8, 294 KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9, 295 KM_ERROR_UNSUPPORTED_PADDING_MODE = -10, 296 KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11, 297 KM_ERROR_UNSUPPORTED_DIGEST = -12, 298 KM_ERROR_INCOMPATIBLE_DIGEST = -13, 299 KM_ERROR_INVALID_EXPIRATION_TIME = -14, 300 KM_ERROR_INVALID_USER_ID = -15, 301 KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16, 302 KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17, 303 KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18, 304 KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19, /* For PKCS8 & PKCS12 */ 305 KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */ 306 KM_ERROR_INVALID_INPUT_LENGTH = -21, 307 KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22, 308 KM_ERROR_DELEGATION_NOT_ALLOWED = -23, 309 KM_ERROR_KEY_NOT_YET_VALID = -24, 310 KM_ERROR_KEY_EXPIRED = -25, 311 KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26, 312 KM_ERROR_OUTPUT_PARAMETER_NULL = -27, 313 KM_ERROR_INVALID_OPERATION_HANDLE = -28, 314 KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29, 315 KM_ERROR_VERIFICATION_FAILED = -30, 316 KM_ERROR_TOO_MANY_OPERATIONS = -31, 317 KM_ERROR_UNEXPECTED_NULL_POINTER = -32, 318 KM_ERROR_INVALID_KEY_BLOB = -33, 319 KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34, 320 KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35, 321 KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36, 322 KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37, 323 KM_ERROR_INVALID_ARGUMENT = -38, 324 KM_ERROR_UNSUPPORTED_TAG = -39, 325 KM_ERROR_INVALID_TAG = -40, 326 KM_ERROR_MEMORY_ALLOCATION_FAILED = -41, 327 KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44, 328 KM_ERROR_SECURE_HW_ACCESS_DENIED = -45, 329 KM_ERROR_OPERATION_CANCELLED = -46, 330 KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47, 331 KM_ERROR_SECURE_HW_BUSY = -48, 332 KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49, 333 KM_ERROR_UNSUPPORTED_EC_FIELD = -50, 334 KM_ERROR_MISSING_NONCE = -51, 335 KM_ERROR_INVALID_NONCE = -52, 336 KM_ERROR_MISSING_MAC_LENGTH = -53, 337 KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = -54, 338 KM_ERROR_CALLER_NONCE_PROHIBITED = -55, 339 KM_ERROR_KEY_MAX_OPS_EXCEEDED = -56, 340 KM_ERROR_INVALID_MAC_LENGTH = -57, 341 KM_ERROR_MISSING_MIN_MAC_LENGTH = -58, 342 KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59, 343 344 KM_ERROR_UNIMPLEMENTED = -100, 345 KM_ERROR_VERSION_MISMATCH = -101, 346 347 /* Additional error codes may be added by implementations, but implementers should coordinate 348 * with Google to avoid code collision. */ 349 KM_ERROR_UNKNOWN_ERROR = -1000, 350 } keymaster_error_t; 351 352 /* Convenience functions for manipulating keymaster tag types */ 353 354 static inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) { 355 return (keymaster_tag_type_t)(tag & (0xF << 28)); 356 } 357 358 static inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) { 359 return tag & 0x0FFFFFFF; 360 } 361 362 static inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) { 363 switch (type) { 364 case KM_UINT_REP: 365 case KM_ENUM_REP: 366 return true; 367 default: 368 return false; 369 } 370 } 371 372 static inline bool keymaster_tag_repeatable(keymaster_tag_t tag) { 373 return keymaster_tag_type_repeatable(keymaster_tag_get_type(tag)); 374 } 375 376 /* Convenience functions for manipulating keymaster_key_param_t structs */ 377 378 inline keymaster_key_param_t keymaster_param_enum(keymaster_tag_t tag, uint32_t value) { 379 // assert(keymaster_tag_get_type(tag) == KM_ENUM || keymaster_tag_get_type(tag) == KM_ENUM_REP); 380 keymaster_key_param_t param; 381 memset(¶m, 0, sizeof(param)); 382 param.tag = tag; 383 param.enumerated = value; 384 return param; 385 } 386 387 inline keymaster_key_param_t keymaster_param_int(keymaster_tag_t tag, uint32_t value) { 388 // assert(keymaster_tag_get_type(tag) == KM_INT || keymaster_tag_get_type(tag) == KM_INT_REP); 389 keymaster_key_param_t param; 390 memset(¶m, 0, sizeof(param)); 391 param.tag = tag; 392 param.integer = value; 393 return param; 394 } 395 396 inline keymaster_key_param_t keymaster_param_long(keymaster_tag_t tag, uint64_t value) { 397 // assert(keymaster_tag_get_type(tag) == KM_LONG); 398 keymaster_key_param_t param; 399 memset(¶m, 0, sizeof(param)); 400 param.tag = tag; 401 param.long_integer = value; 402 return param; 403 } 404 405 inline keymaster_key_param_t keymaster_param_blob(keymaster_tag_t tag, const uint8_t* bytes, 406 size_t bytes_len) { 407 // assert(keymaster_tag_get_type(tag) == KM_BYTES || keymaster_tag_get_type(tag) == KM_BIGNUM); 408 keymaster_key_param_t param; 409 memset(¶m, 0, sizeof(param)); 410 param.tag = tag; 411 param.blob.data = (uint8_t*)bytes; 412 param.blob.data_length = bytes_len; 413 return param; 414 } 415 416 inline keymaster_key_param_t keymaster_param_bool(keymaster_tag_t tag) { 417 // assert(keymaster_tag_get_type(tag) == KM_BOOL); 418 keymaster_key_param_t param; 419 memset(¶m, 0, sizeof(param)); 420 param.tag = tag; 421 param.boolean = true; 422 return param; 423 } 424 425 inline keymaster_key_param_t keymaster_param_date(keymaster_tag_t tag, uint64_t value) { 426 // assert(keymaster_tag_get_type(tag) == KM_DATE); 427 keymaster_key_param_t param; 428 memset(¶m, 0, sizeof(param)); 429 param.tag = tag; 430 param.date_time = value; 431 return param; 432 } 433 434 #define KEYMASTER_SIMPLE_COMPARE(a, b) (a < b) ? -1 : ((a > b) ? 1 : 0) 435 inline int keymaster_param_compare(const keymaster_key_param_t* a, const keymaster_key_param_t* b) { 436 int retval = KEYMASTER_SIMPLE_COMPARE(a->tag, b->tag); 437 if (retval != 0) 438 return retval; 439 440 switch (keymaster_tag_get_type(a->tag)) { 441 case KM_INVALID: 442 case KM_BOOL: 443 return 0; 444 case KM_ENUM: 445 case KM_ENUM_REP: 446 return KEYMASTER_SIMPLE_COMPARE(a->enumerated, b->enumerated); 447 case KM_UINT: 448 case KM_UINT_REP: 449 return KEYMASTER_SIMPLE_COMPARE(a->integer, b->integer); 450 case KM_ULONG: 451 case KM_ULONG_REP: 452 return KEYMASTER_SIMPLE_COMPARE(a->long_integer, b->long_integer); 453 case KM_DATE: 454 return KEYMASTER_SIMPLE_COMPARE(a->date_time, b->date_time); 455 case KM_BIGNUM: 456 case KM_BYTES: 457 // Handle the empty cases. 458 if (a->blob.data_length != 0 && b->blob.data_length == 0) 459 return -1; 460 if (a->blob.data_length == 0 && b->blob.data_length == 0) 461 return 0; 462 if (a->blob.data_length == 0 && b->blob.data_length > 0) 463 return 1; 464 465 retval = memcmp(a->blob.data, b->blob.data, a->blob.data_length < b->blob.data_length 466 ? a->blob.data_length 467 : b->blob.data_length); 468 if (retval != 0) 469 return retval; 470 else if (a->blob.data_length != b->blob.data_length) { 471 // Equal up to the common length; longer one is larger. 472 if (a->blob.data_length < b->blob.data_length) 473 return -1; 474 if (a->blob.data_length > b->blob.data_length) 475 return 1; 476 }; 477 } 478 479 return 0; 480 } 481 #undef KEYMASTER_SIMPLE_COMPARE 482 483 inline void keymaster_free_param_values(keymaster_key_param_t* param, size_t param_count) { 484 while (param_count-- > 0) { 485 switch (keymaster_tag_get_type(param->tag)) { 486 case KM_BIGNUM: 487 case KM_BYTES: 488 free((void*)param->blob.data); 489 param->blob.data = NULL; 490 break; 491 default: 492 // NOP 493 break; 494 } 495 ++param; 496 } 497 } 498 499 inline void keymaster_free_param_set(keymaster_key_param_set_t* set) { 500 if (set) { 501 keymaster_free_param_values(set->params, set->length); 502 free(set->params); 503 set->params = NULL; 504 } 505 } 506 507 inline void keymaster_free_characteristics(keymaster_key_characteristics_t* characteristics) { 508 if (characteristics) { 509 keymaster_free_param_set(&characteristics->hw_enforced); 510 keymaster_free_param_set(&characteristics->sw_enforced); 511 } 512 } 513 514 #ifdef __cplusplus 515 } // extern "C" 516 #endif // __cplusplus 517 518 #endif // ANDROID_HARDWARE_KEYMASTER_DEFS_H 519
