1 /*
2  * Copyright (C) 2011 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef ANDROID_HARDWARE_KEYMASTER_0_H
18 #define ANDROID_HARDWARE_KEYMASTER_0_H
19 
20 #include <hardware/keymaster_common.h>
21 
22 __BEGIN_DECLS
23 
24 /**
25  * Keymaster0 device definition.
26  */
27 struct keymaster0_device {
28     /**
29      * Common methods of the keymaster device.  This *must* be the first member of
30      * keymaster0_device as users of this structure will cast a hw_device_t to
31      * keymaster0_device pointer in contexts where it's known the hw_device_t references a
32      * keymaster0_device.
33      */
34     struct hw_device_t common;
35 
36     /**
37      * THIS IS DEPRECATED. Use the new "module_api_version" and "hal_api_version"
38      * fields in the keymaster_module initialization instead.
39      */
40     uint32_t client_version;
41 
42     /**
43      * See flags defined for keymaster0_device::flags in keymaster_common.h
44      */
45     uint32_t flags;
46 
47     void* context;
48 
49     /**
50      * Generates a public and private key. The key-blob returned is opaque
51      * and must subsequently provided for signing and verification.
52      *
53      * Returns: 0 on success or an error code less than 0.
54      */
55     int (*generate_keypair)(const struct keymaster0_device* dev,
56             const keymaster_keypair_t key_type, const void* key_params,
57             uint8_t** key_blob, size_t* key_blob_length);
58 
59     /**
60      * Imports a public and private key pair. The imported keys will be in
61      * PKCS#8 format with DER encoding (Java standard). The key-blob
62      * returned is opaque and will be subsequently provided for signing
63      * and verification.
64      *
65      * Returns: 0 on success or an error code less than 0.
66      */
67     int (*import_keypair)(const struct keymaster0_device* dev,
68             const uint8_t* key, const size_t key_length,
69             uint8_t** key_blob, size_t* key_blob_length);
70 
71     /**
72      * Gets the public key part of a key pair. The public key must be in
73      * X.509 format (Java standard) encoded byte array.
74      *
75      * Returns: 0 on success or an error code less than 0.
76      * On error, x509_data should not be allocated.
77      */
78     int (*get_keypair_public)(const struct keymaster0_device* dev,
79             const uint8_t* key_blob, const size_t key_blob_length,
80             uint8_t** x509_data, size_t* x509_data_length);
81 
82     /**
83      * Deletes the key pair associated with the key blob.
84      *
85      * This function is optional and should be set to NULL if it is not
86      * implemented.
87      *
88      * Returns 0 on success or an error code less than 0.
89      */
90     int (*delete_keypair)(const struct keymaster0_device* dev,
91             const uint8_t* key_blob, const size_t key_blob_length);
92 
93     /**
94      * Deletes all keys in the hardware keystore. Used when keystore is
95      * reset completely.
96      *
97      * This function is optional and should be set to NULL if it is not
98      * implemented.
99      *
100      * Returns 0 on success or an error code less than 0.
101      */
102     int (*delete_all)(const struct keymaster0_device* dev);
103 
104     /**
105      * Signs data using a key-blob generated before. This can use either
106      * an asymmetric key or a secret key.
107      *
108      * Returns: 0 on success or an error code less than 0.
109      */
110     int (*sign_data)(const struct keymaster0_device* dev,
111             const void* signing_params,
112             const uint8_t* key_blob, const size_t key_blob_length,
113             const uint8_t* data, const size_t data_length,
114             uint8_t** signed_data, size_t* signed_data_length);
115 
116     /**
117      * Verifies data signed with a key-blob. This can use either
118      * an asymmetric key or a secret key.
119      *
120      * Returns: 0 on successful verification or an error code less than 0.
121      */
122     int (*verify_data)(const struct keymaster0_device* dev,
123             const void* signing_params,
124             const uint8_t* key_blob, const size_t key_blob_length,
125             const uint8_t* signed_data, const size_t signed_data_length,
126             const uint8_t* signature, const size_t signature_length);
127 };
128 typedef struct keymaster0_device keymaster0_device_t;
129 
130 
131 /* Convenience API for opening and closing keymaster devices */
132 
keymaster0_open(const struct hw_module_t * module,keymaster0_device_t ** device)133 static inline int keymaster0_open(const struct hw_module_t* module,
134         keymaster0_device_t** device)
135 {
136     int rc = module->methods->open(module, KEYSTORE_KEYMASTER,
137             (struct hw_device_t**) device);
138 
139     return rc;
140 }
141 
keymaster0_close(keymaster0_device_t * device)142 static inline int keymaster0_close(keymaster0_device_t* device)
143 {
144     return device->common.close(&device->common);
145 }
146 
147 __END_DECLS
148 
149 #endif  // ANDROID_HARDWARE_KEYMASTER_0_H
150