1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_HARDWARE_KEYMASTER1_H 18 #define ANDROID_HARDWARE_KEYMASTER1_H 19 20 #include <hardware/keymaster_common.h> 21 #include <hardware/keymaster_defs.h> 22 23 __BEGIN_DECLS 24 25 /** 26 * Keymaster1 device definition 27 */ 28 struct keymaster1_device { 29 /** 30 * Common methods of the keymaster device. This *must* be the first member of 31 * keymaster_device as users of this structure will cast a hw_device_t to 32 * keymaster_device pointer in contexts where it's known the hw_device_t references a 33 * keymaster_device. 34 */ 35 struct hw_device_t common; 36 37 /** 38 * THIS IS DEPRECATED. Use the new "module_api_version" and "hal_api_version" 39 * fields in the keymaster_module initialization instead. 40 */ 41 uint32_t client_version; 42 43 /** 44 * See flags defined for keymaster0_devices::flags in keymaster_common.h 45 */ 46 uint32_t flags; 47 48 void* context; 49 50 /** 51 * \deprecated Generates a public and private key. The key-blob returned is opaque and must 52 * subsequently provided for signing and verification. 53 * 54 * Returns: 0 on success or an error code less than 0. 55 */ 56 int (*generate_keypair)(const struct keymaster1_device* dev, const keymaster_keypair_t key_type, 57 const void* key_params, uint8_t** key_blob, size_t* key_blob_length); 58 59 /** 60 * \deprecated Imports a public and private key pair. The imported keys will be in PKCS#8 format 61 * with DER encoding (Java standard). The key-blob returned is opaque and will be subsequently 62 * provided for signing and verification. 63 * 64 * Returns: 0 on success or an error code less than 0. 65 */ 66 int (*import_keypair)(const struct keymaster1_device* dev, const uint8_t* key, 67 const size_t key_length, uint8_t** key_blob, size_t* key_blob_length); 68 69 /** 70 * \deprecated Gets the public key part of a key pair. The public key must be in X.509 format 71 * (Java standard) encoded byte array. 72 * 73 * Returns: 0 on success or an error code less than 0. On error, x509_data 74 * should not be allocated. 75 */ 76 int (*get_keypair_public)(const struct keymaster1_device* dev, const uint8_t* key_blob, 77 const size_t key_blob_length, uint8_t** x509_data, 78 size_t* x509_data_length); 79 80 /** 81 * \deprecated Deletes the key pair associated with the key blob. 82 * 83 * This function is optional and should be set to NULL if it is not 84 * implemented. 85 * 86 * Returns 0 on success or an error code less than 0. 87 */ 88 int (*delete_keypair)(const struct keymaster1_device* dev, const uint8_t* key_blob, 89 const size_t key_blob_length); 90 91 /** 92 * \deprecated Deletes all keys in the hardware keystore. Used when keystore is reset 93 * completely. 94 * 95 * This function is optional and should be set to NULL if it is not 96 * implemented. 97 * 98 * Returns 0 on success or an error code less than 0. 99 */ 100 int (*delete_all)(const struct keymaster1_device* dev); 101 102 /** 103 * \deprecated Signs data using a key-blob generated before. This can use either an asymmetric 104 * key or a secret key. 105 * 106 * Returns: 0 on success or an error code less than 0. 107 */ 108 int (*sign_data)(const struct keymaster1_device* dev, const void* signing_params, 109 const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data, 110 const size_t data_length, uint8_t** signed_data, size_t* signed_data_length); 111 112 /** 113 * \deprecated Verifies data signed with a key-blob. This can use either an asymmetric key or a 114 * secret key. 115 * 116 * Returns: 0 on successful verification or an error code less than 0. 117 */ 118 int (*verify_data)(const struct keymaster1_device* dev, const void* signing_params, 119 const uint8_t* key_blob, const size_t key_blob_length, 120 const uint8_t* signed_data, const size_t signed_data_length, 121 const uint8_t* signature, const size_t signature_length); 122 123 /** 124 * Gets algorithms supported. 125 * 126 * \param[in] dev The keymaster device structure. 127 * 128 * \param[out] algorithms Array of algorithms supported. The caller takes ownership of the 129 * array and must free() it. 130 * 131 * \param[out] algorithms_length Length of \p algorithms. 132 */ 133 keymaster_error_t (*get_supported_algorithms)(const struct keymaster1_device* dev, 134 keymaster_algorithm_t** algorithms, 135 size_t* algorithms_length); 136 137 /** 138 * Gets the block modes supported for the specified algorithm. 139 * 140 * \param[in] dev The keymaster device structure. 141 * 142 * \param[in] algorithm The algorithm for which supported modes will be returned. 143 * 144 * \param[out] modes Array of modes supported. The caller takes ownership of the array and must 145 * free() it. 146 * 147 * \param[out] modes_length Length of \p modes. 148 */ 149 keymaster_error_t (*get_supported_block_modes)(const struct keymaster1_device* dev, 150 keymaster_algorithm_t algorithm, 151 keymaster_purpose_t purpose, 152 keymaster_block_mode_t** modes, 153 size_t* modes_length); 154 155 /** 156 * Gets the padding modes supported for the specified algorithm. Caller assumes ownership of 157 * the allocated array. 158 * 159 * \param[in] dev The keymaster device structure. 160 * 161 * \param[in] algorithm The algorithm for which supported padding modes will be returned. 162 * 163 * \param[out] modes Array of padding modes supported. The caller takes ownership of the array 164 * and must free() it. 165 * 166 * \param[out] modes_length Length of \p modes. 167 */ 168 keymaster_error_t (*get_supported_padding_modes)(const struct keymaster1_device* dev, 169 keymaster_algorithm_t algorithm, 170 keymaster_purpose_t purpose, 171 keymaster_padding_t** modes, 172 size_t* modes_length); 173 174 /** 175 * Gets the digests supported for the specified algorithm. Caller assumes ownership of the 176 * allocated array. 177 * 178 * \param[in] dev The keymaster device structure. 179 * 180 * \param[in] algorithm The algorithm for which supported digests will be returned. 181 * 182 * \param[out] digests Array of digests supported. The caller takes ownership of the array and 183 * must free() it. 184 * 185 * \param[out] digests_length Length of \p digests. 186 */ 187 keymaster_error_t (*get_supported_digests)(const struct keymaster1_device* dev, 188 keymaster_algorithm_t algorithm, 189 keymaster_purpose_t purpose, 190 keymaster_digest_t** digests, 191 size_t* digests_length); 192 193 /** 194 * Gets the key import formats supported for keys of the specified algorithm. Caller assumes 195 * ownership of the allocated array. 196 * 197 * \param[in] dev The keymaster device structure. 198 * 199 * \param[in] algorithm The algorithm for which supported formats will be returned. 200 * 201 * \param[out] formats Array of formats supported. The caller takes ownership of the array and 202 * must free() it. 203 * 204 * \param[out] formats_length Length of \p formats. 205 */ 206 keymaster_error_t (*get_supported_import_formats)(const struct keymaster1_device* dev, 207 keymaster_algorithm_t algorithm, 208 keymaster_key_format_t** formats, 209 size_t* formats_length); 210 211 /** 212 * Gets the key export formats supported for keys of the specified algorithm. Caller assumes 213 * ownership of the allocated array. 214 * 215 * \param[in] dev The keymaster device structure. 216 * 217 * \param[in] algorithm The algorithm for which supported formats will be returned. 218 * 219 * \param[out] formats Array of formats supported. The caller takes ownership of the array and 220 * must free() it. 221 * 222 * \param[out] formats_length Length of \p formats. 223 */ 224 keymaster_error_t (*get_supported_export_formats)(const struct keymaster1_device* dev, 225 keymaster_algorithm_t algorithm, 226 keymaster_key_format_t** formats, 227 size_t* formats_length); 228 229 /** 230 * Adds entropy to the RNG used by keymaster. Entropy added through this method is guaranteed 231 * not to be the only source of entropy used, and the mixing function is required to be secure, 232 * in the sense that if the RNG is seeded (from any source) with any data the attacker cannot 233 * predict (or control), then the RNG output is indistinguishable from random. Thus, if the 234 * entropy from any source is good, the output will be good. 235 * 236 * \param[in] dev The keymaster device structure. 237 * 238 * \param[in] data Random data to be mixed in. 239 * 240 * \param[in] data_length Length of \p data. 241 */ 242 keymaster_error_t (*add_rng_entropy)(const struct keymaster1_device* dev, const uint8_t* data, 243 size_t data_length); 244 245 /** 246 * Generates a key, or key pair, returning a key blob and/or a description of the key. 247 * 248 * Key generation parameters are defined as keymaster tag/value pairs, provided in \p params. 249 * See keymaster_tag_t for the full list. Some values that are always required for generation 250 * of useful keys are: 251 * 252 * - KM_TAG_ALGORITHM; 253 * - KM_TAG_PURPOSE; and 254 * - (KM_TAG_USER_SECURE_ID and KM_TAG_USER_AUTH_TYPE) or KM_TAG_NO_AUTH_REQUIRED. 255 * 256 * KM_TAG_AUTH_TIMEOUT should generally be specified unless KM_TAG_NO_AUTH_REQUIRED is present, 257 * or the user will have to authenticate for every use. 258 * 259 * KM_TAG_BLOCK_MODE, KM_TAG_PADDING, KM_TAG_MAC_LENGTH and KM_TAG_DIGEST must be specified for 260 * algorithms that require them. 261 * 262 * The following tags may not be specified; their values will be provided by the implementation. 263 * 264 * - KM_TAG_ORIGIN, 265 * - KM_TAG_ROLLBACK_RESISTANT, 266 * - KM_TAG_CREATION_DATETIME 267 * 268 * \param[in] dev The keymaster device structure. 269 * 270 * \param[in] params Array of key generation parameters. 271 * 272 * \param[in] params_count Length of \p params. 273 * 274 * \param[out] key_blob returns the generated key. \p key_blob must not be NULL. The caller 275 * assumes ownership key_blob->key_material and must free() it. 276 * 277 * \param[out] characteristics returns the characteristics of the key that was, generated, if 278 * non-NULL. If non-NULL, the caller assumes ownership and must deallocate with 279 * keymaster_free_characteristics(). Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and 280 * KM_TAG_APPLICATION_DATA are never returned. 281 */ 282 keymaster_error_t (*generate_key)(const struct keymaster1_device* dev, 283 const keymaster_key_param_set_t* params, 284 keymaster_key_blob_t* key_blob, 285 keymaster_key_characteristics_t** characteristics); 286 287 /** 288 * Returns the characteristics of the specified key, or KM_ERROR_INVALID_KEY_BLOB if the 289 * key_blob is invalid (implementations must fully validate the integrity of the key). 290 * client_id and app_data must be the ID and data provided when the key was generated or 291 * imported, or empty if KM_TAG_APPLICATION_ID and/or KM_TAG_APPLICATION_DATA were not provided 292 * during generation. Those values are not included in the returned characteristics. The 293 * caller assumes ownership of the allocated characteristics object, which must be deallocated 294 * with keymaster_free_characteristics(). 295 * 296 * Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA are never 297 * returned. 298 * 299 * \param[in] dev The keymaster device structure. 300 * 301 * \param[in] key_blob The key to retreive characteristics from. 302 * 303 * \param[in] client_id The client ID data, or NULL if none associated. 304 * 305 * \param[in] app_id The app data, or NULL if none associated. 306 * 307 * \param[out] characteristics The key characteristics. 308 */ 309 keymaster_error_t (*get_key_characteristics)(const struct keymaster1_device* dev, 310 const keymaster_key_blob_t* key_blob, 311 const keymaster_blob_t* client_id, 312 const keymaster_blob_t* app_data, 313 keymaster_key_characteristics_t** characteristics); 314 315 /** 316 * Imports a key, or key pair, returning a key blob and/or a description of the key. 317 * 318 * Most key import parameters are defined as keymaster tag/value pairs, provided in "params". 319 * See keymaster_tag_t for the full list. Values that are always required for import of useful 320 * keys are: 321 * 322 * - KM_TAG_ALGORITHM; 323 * - KM_TAG_PURPOSE; and 324 * - (KM_TAG_USER_SECURE_ID and KM_TAG_USER_AUTH_TYPE) or KM_TAG_NO_AUTH_REQUIRED. 325 * 326 * KM_TAG_AUTH_TIMEOUT should generally be specified. If unspecified, the user will have to 327 * authenticate for every use. 328 * 329 * The following tags will take default values if unspecified: 330 * 331 * - KM_TAG_KEY_SIZE will default to the size of the key provided. 332 * - KM_TAG_RSA_PUBLIC_EXPONENT will default to the value in the key provided (for RSA keys) 333 * 334 * The following tags may not be specified; their values will be provided by the implementation. 335 * 336 * - KM_TAG_ORIGIN, 337 * - KM_TAG_ROLLBACK_RESISTANT, 338 * - KM_TAG_CREATION_DATETIME 339 * 340 * \param[in] dev The keymaster device structure. 341 * 342 * \param[in] params Parameters defining the imported key. 343 * 344 * \param[in] params_count The number of entries in \p params. 345 * 346 * \param[in] key_format specifies the format of the key data in key_data. 347 * 348 * \param[out] key_blob Used to return the opaque key blob. Must be non-NULL. The caller 349 * assumes ownership of the contained key_material. 350 * 351 * \param[out] characteristics Used to return the characteristics of the imported key. May be 352 * NULL, in which case no characteristics will be returned. If non-NULL, the caller assumes 353 * ownership and must deallocate with keymaster_free_characteristics(). Note that 354 * KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and 355 * KM_TAG_APPLICATION_DATA are never returned. 356 */ 357 keymaster_error_t (*import_key)(const struct keymaster1_device* dev, 358 const keymaster_key_param_set_t* params, 359 keymaster_key_format_t key_format, 360 const keymaster_blob_t* key_data, 361 keymaster_key_blob_t* key_blob, 362 keymaster_key_characteristics_t** characteristics); 363 364 /** 365 * Exports a public key, returning a byte array in the specified format. 366 * 367 * \param[in] dev The keymaster device structure. 368 * 369 * \param[in] export_format The format to be used for exporting the key. 370 * 371 * \param[in] key_to_export The key to export. 372 * 373 * \param[out] export_data The exported key material. The caller assumes ownership. 374 * 375 * \param[out] export_data_length The length of \p export_data. 376 */ 377 keymaster_error_t (*export_key)(const struct keymaster1_device* dev, 378 keymaster_key_format_t export_format, 379 const keymaster_key_blob_t* key_to_export, 380 const keymaster_blob_t* client_id, 381 const keymaster_blob_t* app_data, 382 keymaster_blob_t* export_data); 383 384 /** 385 * Deletes the key, or key pair, associated with the key blob. After calling this function it 386 * will be impossible to use the key for any other operations. May be applied to keys from 387 * foreign roots of trust (keys not usable under the current root of trust). 388 * 389 * This function is optional and should be set to NULL if it is not implemented. 390 * 391 * \param[in] dev The keymaster device structure. 392 * 393 * \param[in] key The key to be deleted. 394 */ 395 keymaster_error_t (*delete_key)(const struct keymaster1_device* dev, 396 const keymaster_key_blob_t* key); 397 398 /** 399 * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After 400 * calling this function it will be impossible to use any previously generated or imported key 401 * blobs for any operations. 402 * 403 * This function is optional and should be set to NULL if it is not implemented. 404 * 405 * \param[in] dev The keymaster device structure. 406 */ 407 keymaster_error_t (*delete_all_keys)(const struct keymaster1_device* dev); 408 409 /** 410 * Begins a cryptographic operation using the specified key. If all is well, begin() will 411 * return KM_ERROR_OK and create an operation handle which must be passed to subsequent calls to 412 * update(), finish() or abort(). 413 * 414 * It is critical that each call to begin() be paired with a subsequent call to finish() or 415 * abort(), to allow the keymaster implementation to clean up any internal operation state. 416 * Failure to do this may leak internal state space or other internal resources and may 417 * eventually cause begin() to return KM_ERROR_TOO_MANY_OPERATIONS when it runs out of space for 418 * operations. Any result other than KM_ERROR_OK from begin(), update() or finish() implicitly 419 * aborts the operation, in which case abort() need not be called (and will return 420 * KM_ERROR_INVALID_OPERATION_HANDLE if called). 421 * 422 * \param[in] dev The keymaster device structure. 423 * 424 * \param[in] purpose The purpose of the operation, one of KM_PURPOSE_ENCRYPT, 425 * KM_PURPOSE_DECRYPT, KM_PURPOSE_SIGN or KM_PURPOSE_VERIFY. Note that for AEAD modes, 426 * encryption and decryption imply signing and verification, respectively, but should be 427 * specified as KM_PURPOSE_ENCRYPT and KM_PURPOSE_DECRYPT. 428 * 429 * \param[in] key The key to be used for the operation. \p key must have a purpose compatible 430 * with \p purpose and all of its usage requirements must be satisfied, or begin() will return 431 * an appropriate error code. 432 * 433 * \param[in] in_params Additional parameters for the operation. This is typically used to 434 * provide authentication data, with KM_TAG_AUTH_TOKEN. If KM_TAG_APPLICATION_ID or 435 * KM_TAG_APPLICATION_DATA were provided during generation, they must be provided here, or the 436 * operation will fail with KM_ERROR_INVALID_KEY_BLOB. For operations that require a nonce or 437 * IV, on keys that were generated with KM_TAG_CALLER_NONCE, in_params may contain a tag 438 * KM_TAG_NONCE. For AEAD operations KM_TAG_CHUNK_SIZE is specified here. 439 * 440 * \param[out] out_params Output parameters. Used to return additional data from the operation 441 * initialization, notably to return the IV or nonce from operations that generate an IV or 442 * nonce. The caller takes ownership of the output parameters array and must free it with 443 * keymaster_free_param_set(). out_params may be set to NULL if no output parameters are 444 * expected. If out_params is NULL, and output paramaters are generated, begin() will return 445 * KM_ERROR_OUTPUT_PARAMETER_NULL. 446 * 447 * \param[out] operation_handle The newly-created operation handle which must be passed to 448 * update(), finish() or abort(). If operation_handle is NULL, begin() will return 449 * KM_ERROR_OUTPUT_PARAMETER_NULL. 450 */ 451 keymaster_error_t (*begin)(const struct keymaster1_device* dev, keymaster_purpose_t purpose, 452 const keymaster_key_blob_t* key, 453 const keymaster_key_param_set_t* in_params, 454 keymaster_key_param_set_t* out_params, 455 keymaster_operation_handle_t* operation_handle); 456 457 /** 458 * Provides data to, and possibly receives output from, an ongoing cryptographic operation begun 459 * with begin(). 460 * 461 * If operation_handle is invalid, update() will return KM_ERROR_INVALID_OPERATION_HANDLE. 462 * 463 * update() may not consume all of the data provided in the data buffer. update() will return 464 * the amount consumed in *data_consumed. The caller should provide the unconsumed data in a 465 * subsequent call. 466 * 467 * \param[in] dev The keymaster device structure. 468 * 469 * \param[in] operation_handle The operation handle returned by begin(). 470 * 471 * \param[in] in_params Additional parameters for the operation. For AEAD modes, this is used 472 * to specify KM_TAG_ADDITIONAL_DATA. Note that additional data may be provided in multiple 473 * calls to update(), but only until input data has been provided. 474 * 475 * \param[in] input Data to be processed, per the parameters established in the call to begin(). 476 * Note that update() may or may not consume all of the data provided. See \p input_consumed. 477 * 478 * \param[out] input_consumed Amount of data that was consumed by update(). If this is less 479 * than the amount provided, the caller should provide the remainder in a subsequent call to 480 * update(). 481 * 482 * \param[out] out_params Output parameters. Used to return additional data from the operation 483 * The caller takes ownership of the output parameters array and must free it with 484 * keymaster_free_param_set(). out_params may be set to NULL if no output parameters are 485 * expected. If out_params is NULL, and output paramaters are generated, begin() will return 486 * KM_ERROR_OUTPUT_PARAMETER_NULL. 487 * 488 * \param[out] output The output data, if any. The caller assumes ownership of the allocated 489 * buffer. output must not be NULL. 490 * 491 * Note that update() may not provide any output, in which case output->data_length will be 492 * zero, and output->data may be either NULL or zero-length (so the caller should always free() 493 * it). 494 */ 495 keymaster_error_t (*update)(const struct keymaster1_device* dev, 496 keymaster_operation_handle_t operation_handle, 497 const keymaster_key_param_set_t* in_params, 498 const keymaster_blob_t* input, size_t* input_consumed, 499 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 500 501 /** 502 * Finalizes a cryptographic operation begun with begin() and invalidates \p operation_handle. 503 * 504 * \param[in] dev The keymaster device structure. 505 * 506 * \param[in] operation_handle The operation handle returned by begin(). This handle will be 507 * invalidated. 508 * 509 * \param[in] params Additional parameters for the operation. For AEAD modes, this is used to 510 * specify KM_TAG_ADDITIONAL_DATA, but only if no input data was provided to update(). 511 * 512 * \param[in] signature The signature to be verified if the purpose specified in the begin() 513 * call was KM_PURPOSE_VERIFY. 514 * 515 * \param[out] output The output data, if any. The caller assumes ownership of the allocated 516 * buffer. 517 * 518 * If the operation being finished is a signature verification or an AEAD-mode decryption and 519 * verification fails then finish() will return KM_ERROR_VERIFICATION_FAILED. 520 */ 521 keymaster_error_t (*finish)(const struct keymaster1_device* dev, 522 keymaster_operation_handle_t operation_handle, 523 const keymaster_key_param_set_t* in_params, 524 const keymaster_blob_t* signature, 525 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 526 527 /** 528 * Aborts a cryptographic operation begun with begin(), freeing all internal resources and 529 * invalidating \p operation_handle. 530 */ 531 keymaster_error_t (*abort)(const struct keymaster1_device* dev, 532 keymaster_operation_handle_t operation_handle); 533 }; 534 typedef struct keymaster1_device keymaster1_device_t; 535 536 /* Convenience API for opening and closing keymaster devices */ 537 538 static inline int keymaster1_open(const struct hw_module_t* module, keymaster1_device_t** device) { 539 return module->methods->open(module, KEYSTORE_KEYMASTER, TO_HW_DEVICE_T_OPEN(device)); 540 } 541 542 static inline int keymaster1_close(keymaster1_device_t* device) { 543 return device->common.close(&device->common); 544 } 545 546 __END_DECLS 547 548 #endif // ANDROID_HARDWARE_KEYMASTER1_H 549
