keymaster: Add SOTER tags and API definations
Add SOTER tags and API definations according to SOTER
specification.
Change-Id: I20ba0f51d8825a326b51f47ef4d2a3e4f60e2172
diff --git a/include/hardware/keymaster1.h b/include/hardware/keymaster1.h
index afd202c..ac2cc2b 100644
--- a/include/hardware/keymaster1.h
+++ b/include/hardware/keymaster1.h
@@ -530,6 +530,55 @@
*/
keymaster_error_t (*abort)(const struct keymaster1_device* dev,
keymaster_operation_handle_t operation_handle);
+
+ /**
+ * Generates a pair of ATTK defined in SOTER. Save the private key into RPMB.
+ * Note that the ATTK generated will never be touched outside the keymaster.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] copy_num The number of copies that will be saved in the RPMB.
+ */
+ keymaster_error_t (*generate_attk_key_pair)(const struct keymaster1_device* dev,
+ const uint8_t copy_num);
+
+ /**
+ * Verify the existance ATTK defined in SOTER.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * Returns: 0 if the ATTK exists.
+ */
+ keymaster_error_t (*verify_attk_key_pair)(const struct keymaster1_device* dev);
+
+ /**
+ * Export the public key of ATTK in PEM format.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[out] pub_key_data The public key data in X.509v3 format PEM encoded
+ *
+ * \param[out] pub_key_data_length The length of the public key data.
+ */
+ keymaster_error_t (*export_attk_public_key)(const struct keymaster1_device* dev,
+ const uint8_t* pub_key_data,
+ const size_t pub_key_data_length);
+
+ /**
+ * Get Unique device ID.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[out] device_id The unique id for each device, format as below:
+ * 1.bytes 0-3: Identify each silicon provider id.
+ * 2.bytes 4-7: SoC model ID, defined by each silicon provider
+ * 3.bytes 8-15: Public Chip Serial *Number of SoC, defined by each silicon provider
+ *
+ * \param[out] device_id_length The length of the device id.
+ */
+ keymaster_error_t (*get_device_id)(const struct keymaster1_device* dev,
+ const uint8_t* device_id,
+ const size_t device_id_length);
};
typedef struct keymaster1_device keymaster1_device_t;
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index 5be956d..1a723c9 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -124,6 +124,27 @@
authentication has been performed. Structure
defined in hw_auth_token_t in hw_auth_token.h. */
KM_TAG_MAC_LENGTH = KM_UINT | 1003, /* MAC or AEAD authentication tag length in bits. */
+
+ /* Tags used only for SOTER */
+ /* Tags used only to check if the key is for SOTER */
+ KM_TAG_SOTER_IS_FROM_SOTER = KM_BOOL | 11000,
+ /* Attach signature signed with ATTK[pri] while exporting public key */
+ KM_TAG_SOTER_IS_AUTO_SIGNED_WITH_ATTK_WHEN_GET_PUBLIC_KEY = KM_BOOL | 11001,
+ /* Attach signature signed with specified private key while exporting public key */
+ KM_TAG_SOTER_IS_AUTO_SIGNED_WITH_COMMON_KEY_WHEN_GET_PUBLIC_KEY = KM_BOOL | 11002,
+ /* keyalias for the keypair of KM_TAG_SOTER_IS_AUTO_SIGNED_WITH_COMMON_KEY_WHEN_GET_PUBLIC_KEY */
+ KM_TAG_SOTER_AUTO_SIGNED_COMMON_KEY_WHEN_GET_PUBLIC_KEY = KM_BYTES | 11003,
+ /* Attach counter while exporting publick key */
+ KM_TAG_SOTER_AUTO_ADD_COUNTER_WHEN_GET_PUBLIC_KEY = KM_BOOL | 11004,
+ /* Attach secmsg(TEE_Name, TEE_Version, Fingerprint_Sensor_Name, Fingerprint_Sensor_Version)
+ fingerprint_id and counter while signing */
+ KM_TAG_SOTER_IS_SECMSG_FID_COUNTER_SIGNED_WHEN_SIGN = KM_BOOL | 11005,
+ /* use and set ATTK index to next backup ATTK */
+ KM_TAG_SOTER_USE_NEXT_ATTK = KM_BOOL | 11006,
+ /* attach soter uid */
+ KM_TAG_SOTER_UID = KM_UINT | 11007,
+ /* attach key blob of KM_TAG_SOTER_AUTO_SIGNED_COMMON_KEY_WHEN_GET_PUBLIC_KEY if needed */
+ KM_TAG_SOTER_AUTO_SIGNED_COMMON_KEY_WHEN_GET_PUBLIC_KEY_BLOB = KM_BYTES | 11008,
} keymaster_tag_t;
/**