1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_HARDWARE_KEYMASTER2_H 18 #define ANDROID_HARDWARE_KEYMASTER2_H 19 20 #include <hardware/keymaster_common.h> 21 #include <hardware/keymaster_defs.h> 22 23 __BEGIN_DECLS 24 25 /** 26 * Keymaster2 device definition 27 */ 28 struct keymaster2_device { 29 /** 30 * Common methods of the keymaster device. This *must* be the first member of 31 * keymaster_device as users of this structure will cast a hw_device_t to 32 * keymaster_device pointer in contexts where it's known the hw_device_t references a 33 * keymaster_device. 34 */ 35 struct hw_device_t common; 36 37 void* context; 38 39 /** 40 * See flags defined for keymaster0_devices::flags in keymaster_common.h. Used only for 41 * backward compatibility; keymaster2 hardware devices must set this to zero. 42 */ 43 uint32_t flags; 44 45 /** 46 * Configures keymaster. This method must be called once after the device is opened and before 47 * it is used. It's used to provide KM_TAG_OS_VERSION and KM_TAG_OS_PATCHLEVEL to keymaster. 48 * Until this method is called, all other methods will return KM_ERROR_KEYMASTER_NOT_CONFIGURED. 49 * The values provided by this method are only accepted by keymaster once per boot. Subsequent 50 * calls will return KM_ERROR_OK, but do nothing. 51 * 52 * If the keymaster implementation is in secure hardware and the OS version and patch level 53 * values provided do not match the values provided to the secure hardware by the bootloader (or 54 * if the bootloader did not provide values), then this method will return 55 * KM_ERROR_INVALID_ARGUMENT, and all other methods will continue returning 56 * KM_ERROR_KEYMASTER_NOT_CONFIGURED. 57 */ 58 keymaster_error_t (*configure)(const struct keymaster2_device* dev, 59 const keymaster_key_param_set_t* params); 60 61 /** 62 * Adds entropy to the RNG used by keymaster. Entropy added through this method is guaranteed 63 * not to be the only source of entropy used, and the mixing function is required to be secure, 64 * in the sense that if the RNG is seeded (from any source) with any data the attacker cannot 65 * predict (or control), then the RNG output is indistinguishable from random. Thus, if the 66 * entropy from any source is good, the output will be good. 67 * 68 * \param[in] dev The keymaster device structure. 69 * 70 * \param[in] data Random data to be mixed in. 71 * 72 * \param[in] data_length Length of \p data. 73 */ 74 keymaster_error_t (*add_rng_entropy)(const struct keymaster2_device* dev, const uint8_t* data, 75 size_t data_length); 76 77 /** 78 * Generates a key, or key pair, returning a key blob and/or a description of the key. 79 * 80 * Key generation parameters are defined as keymaster tag/value pairs, provided in \p params. 81 * See keymaster_tag_t for the full list. Some values that are always required for generation 82 * of useful keys are: 83 * 84 * - KM_TAG_ALGORITHM; 85 * - KM_TAG_PURPOSE; and 86 * - (KM_TAG_USER_SECURE_ID and KM_TAG_USER_AUTH_TYPE) or KM_TAG_NO_AUTH_REQUIRED. 87 * 88 * KM_TAG_AUTH_TIMEOUT should generally be specified unless KM_TAG_NO_AUTH_REQUIRED is present, 89 * or the user will have to authenticate for every use. 90 * 91 * KM_TAG_BLOCK_MODE, KM_TAG_PADDING, KM_TAG_MAC_LENGTH and KM_TAG_DIGEST must be specified for 92 * algorithms that require them. 93 * 94 * The following tags may not be specified; their values will be provided by the implementation. 95 * 96 * - KM_TAG_ORIGIN, 97 * - KM_TAG_ROLLBACK_RESISTANT, 98 * - KM_TAG_CREATION_DATETIME 99 * 100 * \param[in] dev The keymaster device structure. 101 * 102 * \param[in] params Array of key generation param 103 * 104 * \param[out] key_blob returns the generated key. \p key_blob must not be NULL. The caller 105 * assumes ownership key_blob->key_material and must free() it. 106 * 107 * \param[out] characteristics returns the characteristics of the key that was, generated, if 108 * non-NULL. If non-NULL, the caller assumes ownership and must deallocate with 109 * keymaster_free_characteristics(). Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and 110 * KM_TAG_APPLICATION_DATA are never returned. 111 */ 112 keymaster_error_t (*generate_key)(const struct keymaster2_device* dev, 113 const keymaster_key_param_set_t* params, 114 keymaster_key_blob_t* key_blob, 115 keymaster_key_characteristics_t* characteristics); 116 117 /** 118 * Returns the characteristics of the specified key, or KM_ERROR_INVALID_KEY_BLOB if the 119 * key_blob is invalid (implementations must fully validate the integrity of the key). 120 * client_id and app_data must be the ID and data provided when the key was generated or 121 * imported, or empty if KM_TAG_APPLICATION_ID and/or KM_TAG_APPLICATION_DATA were not provided 122 * during generation. Those values are not included in the returned characteristics. The 123 * caller assumes ownership of the allocated characteristics object, which must be deallocated 124 * with keymaster_free_characteristics(). 125 * 126 * Note that KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA are never returned. 127 * 128 * \param[in] dev The keymaster device structure. 129 * 130 * \param[in] key_blob The key to retreive characteristics from. 131 * 132 * \param[in] client_id The client ID data, or NULL if none associated. 133 * 134 * \param[in] app_id The app data, or NULL if none associated. 135 * 136 * \param[out] characteristics The key characteristics. Must not be NULL. The caller assumes 137 * ownership of the contents and must deallocate with keymaster_free_characteristics(). 138 */ 139 keymaster_error_t (*get_key_characteristics)(const struct keymaster2_device* dev, 140 const keymaster_key_blob_t* key_blob, 141 const keymaster_blob_t* client_id, 142 const keymaster_blob_t* app_data, 143 keymaster_key_characteristics_t* characteristics); 144 145 /** 146 * Imports a key, or key pair, returning a key blob and/or a description of the key. 147 * 148 * Most key import parameters are defined as keymaster tag/value pairs, provided in "params". 149 * See keymaster_tag_t for the full list. Values that are always required for import of useful 150 * keys are: 151 * 152 * - KM_TAG_ALGORITHM; 153 * - KM_TAG_PURPOSE; and 154 * - (KM_TAG_USER_SECURE_ID and KM_TAG_USER_AUTH_TYPE) or KM_TAG_NO_AUTH_REQUIRED. 155 * 156 * KM_TAG_AUTH_TIMEOUT should generally be specified. If unspecified, the user will have to 157 * authenticate for every use. 158 * 159 * The following tags will take default values if unspecified: 160 * 161 * - KM_TAG_KEY_SIZE will default to the size of the key provided. 162 * - KM_TAG_RSA_PUBLIC_EXPONENT will default to the value in the key provided (for RSA keys) 163 * 164 * The following tags may not be specified; their values will be provided by the implementation. 165 * 166 * - KM_TAG_ORIGIN, 167 * - KM_TAG_ROLLBACK_RESISTANT, 168 * - KM_TAG_CREATION_DATETIME 169 * 170 * \param[in] dev The keymaster device structure. 171 * 172 * \param[in] params Parameters defining the imported key. 173 * 174 * \param[in] params_count The number of entries in \p params. 175 * 176 * \param[in] key_format specifies the format of the key data in key_data. 177 * 178 * \param[out] key_blob Used to return the opaque key blob. Must be non-NULL. The caller 179 * assumes ownership of the contained key_material. 180 * 181 * \param[out] characteristics Used to return the characteristics of the imported key. May be 182 * NULL, in which case no characteristics will be returned. If non-NULL, the caller assumes 183 * ownership of the contents and must deallocate with keymaster_free_characteristics(). Note 184 * that KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA are never returned. 185 */ 186 keymaster_error_t (*import_key)(const struct keymaster2_device* dev, 187 const keymaster_key_param_set_t* params, 188 keymaster_key_format_t key_format, 189 const keymaster_blob_t* key_data, 190 keymaster_key_blob_t* key_blob, 191 keymaster_key_characteristics_t* characteristics); 192 193 /** 194 * Exports a public or symmetric key, returning a byte array in the specified format. 195 * 196 * Note that symmetric key export is allowed only if the key was created with KM_TAG_EXPORTABLE, 197 * and only if all of the requirements for key usage (e.g. authentication) are met. 198 * 199 * \param[in] dev The keymaster device structure. 200 * 201 * \param[in] export_format The format to be used for exporting the key. 202 * 203 * \param[in] key_to_export The key to export. 204 * 205 * \param[in] client_id Client ID blob, which must match the blob provided in 206 * KM_TAG_APPLICATION_ID during key generation (if any). 207 * 208 * \param[in] app_data Appliation data blob, which must match the blob provided in 209 * KM_TAG_APPLICATION_DATA during key generation (if any). 210 * 211 * \param[out] export_data The exported key material. The caller assumes ownership. 212 */ 213 keymaster_error_t (*export_key)(const struct keymaster2_device* dev, 214 keymaster_key_format_t export_format, 215 const keymaster_key_blob_t* key_to_export, 216 const keymaster_blob_t* client_id, 217 const keymaster_blob_t* app_data, 218 keymaster_blob_t* export_data); 219 220 /** 221 * Generates a signed X.509 certificate chain attesting to the presence of \p key_to_attest in 222 * keymaster (TODO(swillden): Describe certificate contents in more detail). The certificate 223 * will contain an extension with OID 1.3.6.1.4.1.11129.2.1.17 and value defined in 224 * <TODO:swillden -- insert link here> which contains the key description. 225 * 226 * \param[in] dev The keymaster device structure. 227 * 228 * \param[in] key_to_attest The keymaster key for which the attestation certificate will be 229 * generated. 230 * 231 * \param[in] attest_params Parameters defining how to do the attestation. At present the only 232 * parameter is KM_TAG_ALGORITHM, which must be either KM_ALGORITHM_EC or KM_ALGORITHM_RSA. 233 * This selects which of the provisioned attestation keys will be used to sign the certificate. 234 * 235 * \param[out] cert_chain An array of DER-encoded X.509 certificates. The first will be the 236 * certificate for \p key_to_attest. The remaining entries will chain back to the root. The 237 * caller takes ownership and must deallocate with keymaster_free_cert_chain. 238 */ 239 keymaster_error_t (*attest_key)(const struct keymaster2_device* dev, 240 const keymaster_key_blob_t* key_to_attest, 241 const keymaster_key_param_set_t* attest_params, 242 keymaster_cert_chain_t* cert_chain); 243 244 /** 245 * Upgrades an old key. Keys can become "old" in two ways: Keymaster can be upgraded to a new 246 * version, or the system can be updated to invalidate the OS version and/or patch level. In 247 * either case, attempts to use an old key will result in keymaster returning 248 * KM_ERROR_KEY_REQUIRES_UPGRADE. This method should then be called to upgrade the key. 249 * 250 * \param[in] dev The keymaster device structure. 251 * 252 * \param[in] key_to_upgrade The keymaster key to upgrade. 253 * 254 * \param[in] upgrade_params Parameters needed to complete the upgrade. In particular, 255 * KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA will be required if they were defined for 256 * the key. 257 * 258 * \param[out] upgraded_key The upgraded key blob. 259 */ 260 keymaster_error_t (*upgrade_key)(const struct keymaster2_device* dev, 261 const keymaster_key_blob_t* key_to_upgrade, 262 const keymaster_key_param_set_t* upgrade_params, 263 keymaster_key_blob_t* upgraded_key); 264 265 /** 266 * Deletes the key, or key pair, associated with the key blob. After calling this function it 267 * will be impossible to use the key for any other operations. May be applied to keys from 268 * foreign roots of trust (keys not usable under the current root of trust). 269 * 270 * This function is optional and should be set to NULL if it is not implemented. 271 * 272 * \param[in] dev The keymaster device structure. 273 * 274 * \param[in] key The key to be deleted. 275 */ 276 keymaster_error_t (*delete_key)(const struct keymaster2_device* dev, 277 const keymaster_key_blob_t* key); 278 279 /** 280 * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After 281 * calling this function it will be impossible to use any previously generated or imported key 282 * blobs for any operations. 283 * 284 * This function is optional and should be set to NULL if it is not implemented. 285 * 286 * \param[in] dev The keymaster device structure. 287 */ 288 keymaster_error_t (*delete_all_keys)(const struct keymaster2_device* dev); 289 290 /** 291 * Begins a cryptographic operation using the specified key. If all is well, begin() will 292 * return KM_ERROR_OK and create an operation handle which must be passed to subsequent calls to 293 * update(), finish() or abort(). 294 * 295 * It is critical that each call to begin() be paired with a subsequent call to finish() or 296 * abort(), to allow the keymaster implementation to clean up any internal operation state. 297 * Failure to do this may leak internal state space or other internal resources and may 298 * eventually cause begin() to return KM_ERROR_TOO_MANY_OPERATIONS when it runs out of space for 299 * operations. Any result other than KM_ERROR_OK from begin(), update() or finish() implicitly 300 * aborts the operation, in which case abort() need not be called (and will return 301 * KM_ERROR_INVALID_OPERATION_HANDLE if called). 302 * 303 * \param[in] dev The keymaster device structure. 304 * 305 * \param[in] purpose The purpose of the operation, one of KM_PURPOSE_ENCRYPT, 306 * KM_PURPOSE_DECRYPT, KM_PURPOSE_SIGN or KM_PURPOSE_VERIFY. Note that for AEAD modes, 307 * encryption and decryption imply signing and verification, respectively, but should be 308 * specified as KM_PURPOSE_ENCRYPT and KM_PURPOSE_DECRYPT. 309 * 310 * \param[in] key The key to be used for the operation. \p key must have a purpose compatible 311 * with \p purpose and all of its usage requirements must be satisfied, or begin() will return 312 * an appropriate error code. 313 * 314 * \param[in] in_params Additional parameters for the operation. This is typically used to 315 * provide authentication data, with KM_TAG_AUTH_TOKEN. If KM_TAG_APPLICATION_ID or 316 * KM_TAG_APPLICATION_DATA were provided during generation, they must be provided here, or the 317 * operation will fail with KM_ERROR_INVALID_KEY_BLOB. For operations that require a nonce or 318 * IV, on keys that were generated with KM_TAG_CALLER_NONCE, in_params may contain a tag 319 * KM_TAG_NONCE. 320 * 321 * \param[out] out_params Output parameters. Used to return additional data from the operation 322 * initialization, notably to return the IV or nonce from operations that generate an IV or 323 * nonce. The caller takes ownership of the output parameters array and must free it with 324 * keymaster_free_param_set(). out_params may be set to NULL if no output parameters are 325 * expected. If out_params is NULL, and output paramaters are generated, begin() will return 326 * KM_ERROR_OUTPUT_PARAMETER_NULL. 327 * 328 * \param[out] operation_handle The newly-created operation handle which must be passed to 329 * update(), finish() or abort(). If operation_handle is NULL, begin() will return 330 * KM_ERROR_OUTPUT_PARAMETER_NULL. 331 */ 332 keymaster_error_t (*begin)(const struct keymaster2_device* dev, keymaster_purpose_t purpose, 333 const keymaster_key_blob_t* key, 334 const keymaster_key_param_set_t* in_params, 335 keymaster_key_param_set_t* out_params, 336 keymaster_operation_handle_t* operation_handle); 337 338 /** 339 * Provides data to, and possibly receives output from, an ongoing cryptographic operation begun 340 * with begin(). 341 * 342 * If operation_handle is invalid, update() will return KM_ERROR_INVALID_OPERATION_HANDLE. 343 * 344 * update() may not consume all of the data provided in the data buffer. update() will return 345 * the amount consumed in *data_consumed. The caller should provide the unconsumed data in a 346 * subsequent call. 347 * 348 * \param[in] dev The keymaster device structure. 349 * 350 * \param[in] operation_handle The operation handle returned by begin(). 351 * 352 * \param[in] in_params Additional parameters for the operation. For AEAD modes, this is used 353 * to specify KM_TAG_ADDITIONAL_DATA. Note that additional data may be provided in multiple 354 * calls to update(), but only until input data has been provided. 355 * 356 * \param[in] input Data to be processed, per the parameters established in the call to begin(). 357 * Note that update() may or may not consume all of the data provided. See \p input_consumed. 358 * 359 * \param[out] input_consumed Amount of data that was consumed by update(). If this is less 360 * than the amount provided, the caller should provide the remainder in a subsequent call to 361 * update(). 362 * 363 * \param[out] out_params Output parameters. Used to return additional data from the operation 364 * The caller takes ownership of the output parameters array and must free it with 365 * keymaster_free_param_set(). out_params may be set to NULL if no output parameters are 366 * expected. If out_params is NULL, and output paramaters are generated, begin() will return 367 * KM_ERROR_OUTPUT_PARAMETER_NULL. 368 * 369 * \param[out] output The output data, if any. The caller assumes ownership of the allocated 370 * buffer. output must not be NULL. 371 * 372 * Note that update() may not provide any output, in which case output->data_length will be 373 * zero, and output->data may be either NULL or zero-length (so the caller should always free() 374 * it). 375 */ 376 keymaster_error_t (*update)(const struct keymaster2_device* dev, 377 keymaster_operation_handle_t operation_handle, 378 const keymaster_key_param_set_t* in_params, 379 const keymaster_blob_t* input, size_t* input_consumed, 380 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 381 382 /** 383 * Finalizes a cryptographic operation begun with begin() and invalidates \p operation_handle. 384 * 385 * \param[in] dev The keymaster device structure. 386 * 387 * \param[in] operation_handle The operation handle returned by begin(). This handle will be 388 * invalidated. 389 * 390 * \param[in] in_params Additional parameters for the operation. For AEAD modes, this is used 391 * to specify KM_TAG_ADDITIONAL_DATA, but only if no input data was provided to update(). 392 * 393 * \param[in] input Data to be processed, per the parameters established in the call to 394 * begin(). finish() must consume all provided data or return KM_ERROR_INVALID_INPUT_LENGTH. 395 * 396 * \param[in] signature The signature to be verified if the purpose specified in the begin() 397 * call was KM_PURPOSE_VERIFY. 398 * 399 * \param[out] output The output data, if any. The caller assumes ownership of the allocated 400 * buffer. 401 * 402 * If the operation being finished is a signature verification or an AEAD-mode decryption and 403 * verification fails then finish() will return KM_ERROR_VERIFICATION_FAILED. 404 */ 405 keymaster_error_t (*finish)(const struct keymaster2_device* dev, 406 keymaster_operation_handle_t operation_handle, 407 const keymaster_key_param_set_t* in_params, 408 const keymaster_blob_t* input, const keymaster_blob_t* signature, 409 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 410 411 /** 412 * Aborts a cryptographic operation begun with begin(), freeing all internal resources and 413 * invalidating \p operation_handle. 414 */ 415 keymaster_error_t (*abort)(const struct keymaster2_device* dev, 416 keymaster_operation_handle_t operation_handle); 417 }; 418 typedef struct keymaster2_device keymaster2_device_t; 419 420 /* Convenience API for opening and closing keymaster devices */ 421 422 static inline int keymaster2_open(const struct hw_module_t* module, keymaster2_device_t** device) { 423 return module->methods->open(module, KEYSTORE_KEYMASTER, TO_HW_DEVICE_T_OPEN(device)); 424 } 425 426 static inline int keymaster2_close(keymaster2_device_t* device) { 427 return device->common.close(&device->common); 428 } 429 430 __END_DECLS 431 432 #endif // ANDROID_HARDWARE_KEYMASTER2_H 433