1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #ifndef ANDROID_HARDWARE_KEYMASTER1_H
18 #define ANDROID_HARDWARE_KEYMASTER1_H
19
20 #include <hardware/keymaster_common.h>
21 #include <hardware/keymaster_defs.h>
22
23 __BEGIN_DECLS
24
25 /**
26 * Keymaster1 device definition
27 */
28 struct keymaster1_device {
29 /**
30 * Common methods of the keymaster device. This *must* be the first member of
31 * keymaster_device as users of this structure will cast a hw_device_t to
32 * keymaster_device pointer in contexts where it's known the hw_device_t references a
33 * keymaster_device.
34 */
35 struct hw_device_t common;
36
37 /**
38 * THIS IS DEPRECATED. Use the new "module_api_version" and "hal_api_version"
39 * fields in the keymaster_module initialization instead.
40 */
41 uint32_t client_version;
42
43 /**
44 * See flags defined for keymaster0_devices::flags in keymaster_common.h
45 */
46 uint32_t flags;
47
48 void* context;
49
50 /**
51 * \deprecated Generates a public and private key. The key-blob returned is opaque and must
52 * subsequently provided for signing and verification.
53 *
54 * Returns: 0 on success or an error code less than 0.
55 */
56 int (*generate_keypair)(const struct keymaster1_device* dev, const keymaster_keypair_t key_type,
57 const void* key_params, uint8_t** key_blob, size_t* key_blob_length);
58
59 /**
60 * \deprecated Imports a public and private key pair. The imported keys will be in PKCS#8 format
61 * with DER encoding (Java standard). The key-blob returned is opaque and will be subsequently
62 * provided for signing and verification.
63 *
64 * Returns: 0 on success or an error code less than 0.
65 */
66 int (*import_keypair)(const struct keymaster1_device* dev, const uint8_t* key,
67 const size_t key_length, uint8_t** key_blob, size_t* key_blob_length);
68
69 /**
70 * \deprecated Gets the public key part of a key pair. The public key must be in X.509 format
71 * (Java standard) encoded byte array.
72 *
73 * Returns: 0 on success or an error code less than 0. On error, x509_data
74 * should not be allocated.
75 */
76 int (*get_keypair_public)(const struct keymaster1_device* dev, const uint8_t* key_blob,
77 const size_t key_blob_length, uint8_t** x509_data,
78 size_t* x509_data_length);
79
80 /**
81 * \deprecated Deletes the key pair associated with the key blob.
82 *
83 * This function is optional and should be set to NULL if it is not
84 * implemented.
85 *
86 * Returns 0 on success or an error code less than 0.
87 */
88 int (*delete_keypair)(const struct keymaster1_device* dev, const uint8_t* key_blob,
89 const size_t key_blob_length);
90
91 /**
92 * \deprecated Deletes all keys in the hardware keystore. Used when keystore is reset
93 * completely.
94 *
95 * This function is optional and should be set to NULL if it is not
96 * implemented.
97 *
98 * Returns 0 on success or an error code less than 0.
99 */
100 int (*delete_all)(const struct keymaster1_device* dev);
101
102 /**
103 * \deprecated Signs data using a key-blob generated before. This can use either an asymmetric
104 * key or a secret key.
105 *
106 * Returns: 0 on success or an error code less than 0.
107 */
108 int (*sign_data)(const struct keymaster1_device* dev, const void* signing_params,
109 const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data,
110 const size_t data_length, uint8_t** signed_data, size_t* signed_data_length);
111
112 /**
113 * \deprecated Verifies data signed with a key-blob. This can use either an asymmetric key or a
114 * secret key.
115 *
116 * Returns: 0 on successful verification or an error code less than 0.
117 */
118 int (*verify_data)(const struct keymaster1_device* dev, const void* signing_params,
119 const uint8_t* key_blob, const size_t key_blob_length,
120 const uint8_t* signed_data, const size_t signed_data_length,
121 const uint8_t* signature, const size_t signature_length);
122
123 /**
124 * Gets algorithms supported.
125 *
126 * \param[in] dev The keymaster device structure.
127 *
128 * \param[out] algorithms Array of algorithms supported. The caller takes ownership of the
129 * array and must free() it.
130 *
131 * \param[out] algorithms_length Length of \p algorithms.
132 */
133 keymaster_error_t (*get_supported_algorithms)(const struct keymaster1_device* dev,
134 keymaster_algorithm_t** algorithms,
135 size_t* algorithms_length);
136
137 /**
138 * Gets the block modes supported for the specified algorithm.
139 *
140 * \param[in] dev The keymaster device structure.
141 *
142 * \param[in] algorithm The algorithm for which supported modes will be returned.
143 *
144 * \param[out] modes Array of modes supported. The caller takes ownership of the array and must
145 * free() it.
146 *
147 * \param[out] modes_length Length of \p modes.
148 */
149 keymaster_error_t (*get_supported_block_modes)(const struct keymaster1_device* dev,
150 keymaster_algorithm_t algorithm,
151 keymaster_purpose_t purpose,
152 keymaster_block_mode_t** modes,
153 size_t* modes_length);
154
155 /**
156 * Gets the padding modes supported for the specified algorithm. Caller assumes ownership of
157 * the allocated array.
158 *
159 * \param[in] dev The keymaster device structure.
160 *
161 * \param[in] algorithm The algorithm for which supported padding modes will be returned.
162 *
163 * \param[out] modes Array of padding modes supported. The caller takes ownership of the array
164 * and must free() it.
165 *
166 * \param[out] modes_length Length of \p modes.
167 */
168 keymaster_error_t (*get_supported_padding_modes)(const struct keymaster1_device* dev,
169 keymaster_algorithm_t algorithm,
170 keymaster_purpose_t purpose,
171 keymaster_padding_t** modes,
172 size_t* modes_length);
173
174 /**
175 * Gets the digests supported for the specified algorithm. Caller assumes ownership of the
176 * allocated array.
177 *
178 * \param[in] dev The keymaster device structure.
179 *
180 * \param[in] algorithm The algorithm for which supported digests will be returned.
181 *
182 * \param[out] digests Array of digests supported. The caller takes ownership of the array and
183 * must free() it.
184 *
185 * \param[out] digests_length Length of \p digests.
186 */
187 keymaster_error_t (*get_supported_digests)(const struct keymaster1_device* dev,
188 keymaster_algorithm_t algorithm,
189 keymaster_purpose_t purpose,
190 keymaster_digest_t** digests,
191 size_t* digests_length);
192
193 /**
194 * Gets the key import formats supported for keys of the specified algorithm. Caller assumes
195 * ownership of the allocated array.
196 *
197 * \param[in] dev The keymaster device structure.
198 *
199 * \param[in] algorithm The algorithm for which supported formats will be returned.
200 *
201 * \param[out] formats Array of formats supported. The caller takes ownership of the array and
202 * must free() it.
203 *
204 * \param[out] formats_length Length of \p formats.
205 */
206 keymaster_error_t (*get_supported_import_formats)(const struct keymaster1_device* dev,
207 keymaster_algorithm_t algorithm,
208 keymaster_key_format_t** formats,
209 size_t* formats_length);
210
211 /**
212 * Gets the key export formats supported for keys of the specified algorithm. Caller assumes
213 * ownership of the allocated array.
214 *
215 * \param[in] dev The keymaster device structure.
216 *
217 * \param[in] algorithm The algorithm for which supported formats will be returned.
218 *
219 * \param[out] formats Array of formats supported. The caller takes ownership of the array and
220 * must free() it.
221 *
222 * \param[out] formats_length Length of \p formats.
223 */
224 keymaster_error_t (*get_supported_export_formats)(const struct keymaster1_device* dev,
225 keymaster_algorithm_t algorithm,
226 keymaster_key_format_t** formats,
227 size_t* formats_length);
228
229 /**
230 * Adds entropy to the RNG used by keymaster. Entropy added through this method is guaranteed
231 * not to be the only source of entropy used, and the mixing function is required to be secure,
232 * in the sense that if the RNG is seeded (from any source) with any data the attacker cannot
233 * predict (or control), then the RNG output is indistinguishable from random. Thus, if the
234 * entropy from any source is good, the output will be good.
235 *
236 * \param[in] dev The keymaster device structure.
237 *
238 * \param[in] data Random data to be mixed in.
239 *
240 * \param[in] data_length Length of \p data.
241 */
242 keymaster_error_t (*add_rng_entropy)(const struct keymaster1_device* dev, const uint8_t* data,
243 size_t data_length);
244
245 /**
246 * Generates a key, or key pair, returning a key blob and/or a description of the key.
247 *
248 * Key generation parameters are defined as keymaster tag/value pairs, provided in \p params.
249 * See keymaster_tag_t for the full list. Some values that are always required for generation
250 * of useful keys are:
251 *
252 * - KM_TAG_ALGORITHM;
253 * - KM_TAG_PURPOSE; and
254 * - (KM_TAG_USER_SECURE_ID and KM_TAG_USER_AUTH_TYPE) or KM_TAG_NO_AUTH_REQUIRED.
255 *
256 * KM_TAG_AUTH_TIMEOUT should generally be specified unless KM_TAG_NO_AUTH_REQUIRED is present,
257 * or the user will have to authenticate for every use.
258 *
259 * KM_TAG_BLOCK_MODE, KM_TAG_PADDING, KM_TAG_MAC_LENGTH and KM_TAG_DIGEST must be specified for
260 * algorithms that require them.
261 *
262 * The following tags may not be specified; their values will be provided by the implementation.
263 *
264 * - KM_TAG_ORIGIN,
265 * - KM_TAG_ROLLBACK_RESISTANT,
266 * - KM_TAG_CREATION_DATETIME
267 *
268 * \param[in] dev The keymaster device structure.
269 *
270 * \param[in] params Array of key generation parameters.
271 *
272 * \param[in] params_count Length of \p params.
273 *
274 * \param[out] key_blob returns the generated key. \p key_blob must not be NULL. The caller
275 * assumes ownership key_blob->key_material and must free() it.
276 *
277 * \param[out] characteristics returns the characteristics of the key that was, generated, if
278 * non-NULL. If non-NULL, the caller assumes ownership and must deallocate with
279 * keymaster_free_characteristics(). Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and
280 * KM_TAG_APPLICATION_DATA are never returned.
281 */
282 keymaster_error_t (*generate_key)(const struct keymaster1_device* dev,
283 const keymaster_key_param_set_t* params,
284 keymaster_key_blob_t* key_blob,
285 keymaster_key_characteristics_t** characteristics);
286
287 /**
288 * Returns the characteristics of the specified key, or KM_ERROR_INVALID_KEY_BLOB if the
289 * key_blob is invalid (implementations must fully validate the integrity of the key).
290 * client_id and app_data must be the ID and data provided when the key was generated or
291 * imported, or empty if KM_TAG_APPLICATION_ID and/or KM_TAG_APPLICATION_DATA were not provided
292 * during generation. Those values are not included in the returned characteristics. The
293 * caller assumes ownership of the allocated characteristics object, which must be deallocated
294 * with keymaster_free_characteristics().
295 *
296 * Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA are never
297 * returned.
298 *
299 * \param[in] dev The keymaster device structure.
300 *
301 * \param[in] key_blob The key to retreive characteristics from.
302 *
303 * \param[in] client_id The client ID data, or NULL if none associated.
304 *
305 * \param[in] app_id The app data, or NULL if none associated.
306 *
307 * \param[out] characteristics The key characteristics.
308 */
309 keymaster_error_t (*get_key_characteristics)(const struct keymaster1_device* dev,
310 const keymaster_key_blob_t* key_blob,
311 const keymaster_blob_t* client_id,
312 const keymaster_blob_t* app_data,
313 keymaster_key_characteristics_t** characteristics);
314
315 /**
316 * Imports a key, or key pair, returning a key blob and/or a description of the key.
317 *
318 * Most key import parameters are defined as keymaster tag/value pairs, provided in "params".
319 * See keymaster_tag_t for the full list. Values that are always required for import of useful
320 * keys are:
321 *
322 * - KM_TAG_ALGORITHM;
323 * - KM_TAG_PURPOSE; and
324 * - (KM_TAG_USER_SECURE_ID and KM_TAG_USER_AUTH_TYPE) or KM_TAG_NO_AUTH_REQUIRED.
325 *
326 * KM_TAG_AUTH_TIMEOUT should generally be specified. If unspecified, the user will have to
327 * authenticate for every use.
328 *
329 * The following tags will take default values if unspecified:
330 *
331 * - KM_TAG_KEY_SIZE will default to the size of the key provided.
332 * - KM_TAG_RSA_PUBLIC_EXPONENT will default to the value in the key provided (for RSA keys)
333 *
334 * The following tags may not be specified; their values will be provided by the implementation.
335 *
336 * - KM_TAG_ORIGIN,
337 * - KM_TAG_ROLLBACK_RESISTANT,
338 * - KM_TAG_CREATION_DATETIME
339 *
340 * \param[in] dev The keymaster device structure.
341 *
342 * \param[in] params Parameters defining the imported key.
343 *
344 * \param[in] params_count The number of entries in \p params.
345 *
346 * \param[in] key_format specifies the format of the key data in key_data.
347 *
348 * \param[out] key_blob Used to return the opaque key blob. Must be non-NULL. The caller
349 * assumes ownership of the contained key_material.
350 *
351 * \param[out] characteristics Used to return the characteristics of the imported key. May be
352 * NULL, in which case no characteristics will be returned. If non-NULL, the caller assumes
353 * ownership and must deallocate with keymaster_free_characteristics(). Note that
354 * KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and
355 * KM_TAG_APPLICATION_DATA are never returned.
356 */
357 keymaster_error_t (*import_key)(const struct keymaster1_device* dev,
358 const keymaster_key_param_set_t* params,
359 keymaster_key_format_t key_format,
360 const keymaster_blob_t* key_data,
361 keymaster_key_blob_t* key_blob,
362 keymaster_key_characteristics_t** characteristics);
363
364 /**
365 * Exports a public key, returning a byte array in the specified format.
366 *
367 * \param[in] dev The keymaster device structure.
368 *
369 * \param[in] export_format The format to be used for exporting the key.
370 *
371 * \param[in] key_to_export The key to export.
372 *
373 * \param[out] export_data The exported key material. The caller assumes ownership.
374 *
375 * \param[out] export_data_length The length of \p export_data.
376 */
377 keymaster_error_t (*export_key)(const struct keymaster1_device* dev,
378 keymaster_key_format_t export_format,
379 const keymaster_key_blob_t* key_to_export,
380 const keymaster_blob_t* client_id,
381 const keymaster_blob_t* app_data,
382 keymaster_blob_t* export_data);
383
384 /**
385 * Deletes the key, or key pair, associated with the key blob. After calling this function it
386 * will be impossible to use the key for any other operations. May be applied to keys from
387 * foreign roots of trust (keys not usable under the current root of trust).
388 *
389 * This function is optional and should be set to NULL if it is not implemented.
390 *
391 * \param[in] dev The keymaster device structure.
392 *
393 * \param[in] key The key to be deleted.
394 */
395 keymaster_error_t (*delete_key)(const struct keymaster1_device* dev,
396 const keymaster_key_blob_t* key);
397
398 /**
399 * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
400 * calling this function it will be impossible to use any previously generated or imported key
401 * blobs for any operations.
402 *
403 * This function is optional and should be set to NULL if it is not implemented.
404 *
405 * \param[in] dev The keymaster device structure.
406 */
407 keymaster_error_t (*delete_all_keys)(const struct keymaster1_device* dev);
408
409 /**
410 * Begins a cryptographic operation using the specified key. If all is well, begin() will
411 * return KM_ERROR_OK and create an operation handle which must be passed to subsequent calls to
412 * update(), finish() or abort().
413 *
414 * It is critical that each call to begin() be paired with a subsequent call to finish() or
415 * abort(), to allow the keymaster implementation to clean up any internal operation state.
416 * Failure to do this may leak internal state space or other internal resources and may
417 * eventually cause begin() to return KM_ERROR_TOO_MANY_OPERATIONS when it runs out of space for
418 * operations. Any result other than KM_ERROR_OK from begin(), update() or finish() implicitly
419 * aborts the operation, in which case abort() need not be called (and will return
420 * KM_ERROR_INVALID_OPERATION_HANDLE if called).
421 *
422 * \param[in] dev The keymaster device structure.
423 *
424 * \param[in] purpose The purpose of the operation, one of KM_PURPOSE_ENCRYPT,
425 * KM_PURPOSE_DECRYPT, KM_PURPOSE_SIGN or KM_PURPOSE_VERIFY. Note that for AEAD modes,
426 * encryption and decryption imply signing and verification, respectively, but should be
427 * specified as KM_PURPOSE_ENCRYPT and KM_PURPOSE_DECRYPT.
428 *
429 * \param[in] key The key to be used for the operation. \p key must have a purpose compatible
430 * with \p purpose and all of its usage requirements must be satisfied, or begin() will return
431 * an appropriate error code.
432 *
433 * \param[in] in_params Additional parameters for the operation. This is typically used to
434 * provide authentication data, with KM_TAG_AUTH_TOKEN. If KM_TAG_APPLICATION_ID or
435 * KM_TAG_APPLICATION_DATA were provided during generation, they must be provided here, or the
436 * operation will fail with KM_ERROR_INVALID_KEY_BLOB. For operations that require a nonce or
437 * IV, on keys that were generated with KM_TAG_CALLER_NONCE, in_params may contain a tag
438 * KM_TAG_NONCE. For AEAD operations KM_TAG_CHUNK_SIZE is specified here.
439 *
440 * \param[out] out_params Output parameters. Used to return additional data from the operation
441 * initialization, notably to return the IV or nonce from operations that generate an IV or
442 * nonce. The caller takes ownership of the output parameters array and must free it with
443 * keymaster_free_param_set(). out_params may be set to NULL if no output parameters are
444 * expected. If out_params is NULL, and output paramaters are generated, begin() will return
445 * KM_ERROR_OUTPUT_PARAMETER_NULL.
446 *
447 * \param[out] operation_handle The newly-created operation handle which must be passed to
448 * update(), finish() or abort(). If operation_handle is NULL, begin() will return
449 * KM_ERROR_OUTPUT_PARAMETER_NULL.
450 */
451 keymaster_error_t (*begin)(const struct keymaster1_device* dev, keymaster_purpose_t purpose,
452 const keymaster_key_blob_t* key,
453 const keymaster_key_param_set_t* in_params,
454 keymaster_key_param_set_t* out_params,
455 keymaster_operation_handle_t* operation_handle);
456
457 /**
458 * Provides data to, and possibly receives output from, an ongoing cryptographic operation begun
459 * with begin().
460 *
461 * If operation_handle is invalid, update() will return KM_ERROR_INVALID_OPERATION_HANDLE.
462 *
463 * update() may not consume all of the data provided in the data buffer. update() will return
464 * the amount consumed in *data_consumed. The caller should provide the unconsumed data in a
465 * subsequent call.
466 *
467 * \param[in] dev The keymaster device structure.
468 *
469 * \param[in] operation_handle The operation handle returned by begin().
470 *
471 * \param[in] in_params Additional parameters for the operation. For AEAD modes, this is used
472 * to specify KM_TAG_ADDITIONAL_DATA. Note that additional data may be provided in multiple
473 * calls to update(), but only until input data has been provided.
474 *
475 * \param[in] input Data to be processed, per the parameters established in the call to begin().
476 * Note that update() may or may not consume all of the data provided. See \p input_consumed.
477 *
478 * \param[out] input_consumed Amount of data that was consumed by update(). If this is less
479 * than the amount provided, the caller should provide the remainder in a subsequent call to
480 * update().
481 *
482 * \param[out] out_params Output parameters. Used to return additional data from the operation
483 * The caller takes ownership of the output parameters array and must free it with
484 * keymaster_free_param_set(). out_params may be set to NULL if no output parameters are
485 * expected. If out_params is NULL, and output paramaters are generated, begin() will return
486 * KM_ERROR_OUTPUT_PARAMETER_NULL.
487 *
488 * \param[out] output The output data, if any. The caller assumes ownership of the allocated
489 * buffer. output must not be NULL.
490 *
491 * Note that update() may not provide any output, in which case output->data_length will be
492 * zero, and output->data may be either NULL or zero-length (so the caller should always free()
493 * it).
494 */
495 keymaster_error_t (*update)(const struct keymaster1_device* dev,
496 keymaster_operation_handle_t operation_handle,
497 const keymaster_key_param_set_t* in_params,
498 const keymaster_blob_t* input, size_t* input_consumed,
499 keymaster_key_param_set_t* out_params, keymaster_blob_t* output);
500
501 /**
502 * Finalizes a cryptographic operation begun with begin() and invalidates \p operation_handle.
503 *
504 * \param[in] dev The keymaster device structure.
505 *
506 * \param[in] operation_handle The operation handle returned by begin(). This handle will be
507 * invalidated.
508 *
509 * \param[in] params Additional parameters for the operation. For AEAD modes, this is used to
510 * specify KM_TAG_ADDITIONAL_DATA, but only if no input data was provided to update().
511 *
512 * \param[in] signature The signature to be verified if the purpose specified in the begin()
513 * call was KM_PURPOSE_VERIFY.
514 *
515 * \param[out] output The output data, if any. The caller assumes ownership of the allocated
516 * buffer.
517 *
518 * If the operation being finished is a signature verification or an AEAD-mode decryption and
519 * verification fails then finish() will return KM_ERROR_VERIFICATION_FAILED.
520 */
521 keymaster_error_t (*finish)(const struct keymaster1_device* dev,
522 keymaster_operation_handle_t operation_handle,
523 const keymaster_key_param_set_t* in_params,
524 const keymaster_blob_t* signature,
525 keymaster_key_param_set_t* out_params, keymaster_blob_t* output);
526
527 /**
528 * Aborts a cryptographic operation begun with begin(), freeing all internal resources and
529 * invalidating \p operation_handle.
530 */
531 keymaster_error_t (*abort)(const struct keymaster1_device* dev,
532 keymaster_operation_handle_t operation_handle);
533 };
534 typedef struct keymaster1_device keymaster1_device_t;
535
536 /* Convenience API for opening and closing keymaster devices */
537
keymaster1_open(const struct hw_module_t * module,keymaster1_device_t ** device)538 static inline int keymaster1_open(const struct hw_module_t* module, keymaster1_device_t** device) {
539 return module->methods->open(module, KEYSTORE_KEYMASTER, TO_HW_DEVICE_T_OPEN(device));
540 }
541
keymaster1_close(keymaster1_device_t * device)542 static inline int keymaster1_close(keymaster1_device_t* device) {
543 return device->common.close(&device->common);
544 }
545
546 __END_DECLS
547
548 #endif // ANDROID_HARDWARE_KEYMASTER1_H
549