1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_HARDWARE_KEYMASTER_COMMON_H 18 #define ANDROID_HARDWARE_KEYMASTER_COMMON_H 19 20 #include <stdint.h> 21 #include <sys/cdefs.h> 22 #include <sys/types.h> 23 24 #include <hardware/hardware.h> 25 26 __BEGIN_DECLS 27 28 /** 29 * The id of this module 30 */ 31 #define KEYSTORE_HARDWARE_MODULE_ID "keystore" 32 33 #define KEYSTORE_KEYMASTER "keymaster" 34 35 36 /** 37 * Settings for "module_api_version" and "hal_api_version" 38 * fields in the keymaster_module initialization. 39 */ 40 41 /** 42 * Keymaster 0.X module version provide the same APIs, but later versions add more options 43 * for algorithms and flags. 44 */ 45 #define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2) 46 #define KEYMASTER_DEVICE_API_VERSION_0_2 HARDWARE_DEVICE_API_VERSION(0, 2) 47 48 #define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3) 49 #define KEYMASTER_DEVICE_API_VERSION_0_3 HARDWARE_DEVICE_API_VERSION(0, 3) 50 51 /** 52 * Keymaster 1.0 module version provides a completely different API, incompatible with 0.X. 53 */ 54 #define KEYMASTER_MODULE_API_VERSION_1_0 HARDWARE_MODULE_API_VERSION(1, 0) 55 #define KEYMASTER_DEVICE_API_VERSION_1_0 HARDWARE_DEVICE_API_VERSION(1, 0) 56 57 /** 58 * Keymaster 2.0 module version provides third API, slightly modified and extended from 1.0. 59 */ 60 #define KEYMASTER_MODULE_API_VERSION_2_0 HARDWARE_MODULE_API_VERSION(2, 0) 61 #define KEYMASTER_DEVICE_API_VERSION_2_0 HARDWARE_DEVICE_API_VERSION(2, 0) 62 63 struct keystore_module { 64 /** 65 * Common methods of the keystore module. This *must* be the first member of keystore_module as 66 * users of this structure will cast a hw_module_t to keystore_module pointer in contexts where 67 * it's known the hw_module_t references a keystore_module. 68 */ 69 hw_module_t common; 70 71 /* There are no keystore module methods other than the common ones. */ 72 }; 73 74 /** 75 * Flags for keymaster0_device::flags 76 */ 77 enum { 78 /* 79 * Indicates this keymaster implementation does not have hardware that 80 * keeps private keys out of user space. 81 * 82 * This should not be implemented on anything other than the default 83 * implementation. 84 */ 85 KEYMASTER_SOFTWARE_ONLY = 1 << 0, 86 87 /* 88 * This indicates that the key blobs returned via all the primitives 89 * are sufficient to operate on their own without the trusted OS 90 * querying userspace to retrieve some other data. Key blobs of 91 * this type are normally returned encrypted with a 92 * Key Encryption Key (KEK). 93 * 94 * This is currently used by "vold" to know whether the whole disk 95 * encryption secret can be unwrapped without having some external 96 * service started up beforehand since the "/data" partition will 97 * be unavailable at that point. 98 */ 99 KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1, 100 101 /* 102 * Indicates that the keymaster module supports DSA keys. 103 */ 104 KEYMASTER_SUPPORTS_DSA = 1 << 2, 105 106 /* 107 * Indicates that the keymaster module supports EC keys. 108 */ 109 KEYMASTER_SUPPORTS_EC = 1 << 3, 110 }; 111 112 /** 113 * Asymmetric key pair types. 114 */ 115 typedef enum { 116 TYPE_RSA = 1, 117 TYPE_DSA = 2, 118 TYPE_EC = 3, 119 } keymaster_keypair_t; 120 121 /** 122 * Parameters needed to generate an RSA key. 123 */ 124 typedef struct { 125 uint32_t modulus_size; 126 uint64_t public_exponent; 127 } keymaster_rsa_keygen_params_t; 128 129 /** 130 * Parameters needed to generate a DSA key. 131 */ 132 typedef struct { 133 uint32_t key_size; 134 uint32_t generator_len; 135 uint32_t prime_p_len; 136 uint32_t prime_q_len; 137 const uint8_t* generator; 138 const uint8_t* prime_p; 139 const uint8_t* prime_q; 140 } keymaster_dsa_keygen_params_t; 141 142 /** 143 * Parameters needed to generate an EC key. 144 * 145 * Field size is the only parameter in version 2. The sizes correspond to these required curves: 146 * 147 * 192 = NIST P-192 148 * 224 = NIST P-224 149 * 256 = NIST P-256 150 * 384 = NIST P-384 151 * 521 = NIST P-521 152 * 153 * The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf 154 * in Chapter 4. 155 */ 156 typedef struct { 157 uint32_t field_size; 158 } keymaster_ec_keygen_params_t; 159 160 161 /** 162 * Digest type. 163 */ 164 typedef enum { 165 DIGEST_NONE, 166 } keymaster_digest_algorithm_t; 167 168 /** 169 * Type of padding used for RSA operations. 170 */ 171 typedef enum { 172 PADDING_NONE, 173 } keymaster_rsa_padding_t; 174 175 176 typedef struct { 177 keymaster_digest_algorithm_t digest_type; 178 } keymaster_dsa_sign_params_t; 179 180 typedef struct { 181 keymaster_digest_algorithm_t digest_type; 182 } keymaster_ec_sign_params_t; 183 184 typedef struct { 185 keymaster_digest_algorithm_t digest_type; 186 keymaster_rsa_padding_t padding_type; 187 } keymaster_rsa_sign_params_t; 188 189 __END_DECLS 190 191 #endif // ANDROID_HARDWARE_KEYMASTER_COMMON_H 192
