Shawn Willden | 9d645a0 | 2014-06-12 13:48:46 -0600 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #ifndef ANDROID_HARDWARE_KEYMASTER_DEFS_H |
| 18 | #define ANDROID_HARDWARE_KEYMASTER_DEFS_H |
| 19 | |
| 20 | #include <stdint.h> |
| 21 | #include <stdlib.h> |
| 22 | #include <string.h> |
| 23 | |
| 24 | #if defined(__cplusplus) |
| 25 | extern "C" { |
| 26 | #endif // defined(__cplusplus) |
| 27 | |
| 28 | /*! |
| 29 | * \deprecated Flags for keymaster_device::flags |
| 30 | * |
| 31 | * keymaster_device::flags is deprecated and will be removed in the |
| 32 | * next version of the API in favor of the more detailed information |
| 33 | * available from TODO: |
| 34 | */ |
| 35 | enum { |
| 36 | /* |
| 37 | * Indicates this keymaster implementation does not have hardware that |
| 38 | * keeps private keys out of user space. |
| 39 | * |
| 40 | * This should not be implemented on anything other than the default |
| 41 | * implementation. |
| 42 | */ |
| 43 | KEYMASTER_SOFTWARE_ONLY = 1 << 0, |
| 44 | |
| 45 | /* |
| 46 | * This indicates that the key blobs returned via all the primitives |
| 47 | * are sufficient to operate on their own without the trusted OS |
| 48 | * querying userspace to retrieve some other data. Key blobs of |
| 49 | * this type are normally returned encrypted with a |
| 50 | * Key Encryption Key (KEK). |
| 51 | * |
| 52 | * This is currently used by "vold" to know whether the whole disk |
| 53 | * encryption secret can be unwrapped without having some external |
| 54 | * service started up beforehand since the "/data" partition will |
| 55 | * be unavailable at that point. |
| 56 | */ |
| 57 | KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1, |
| 58 | |
| 59 | /* |
| 60 | * Indicates that the keymaster module supports DSA keys. |
| 61 | */ |
| 62 | KEYMASTER_SUPPORTS_DSA = 1 << 2, |
| 63 | |
| 64 | /* |
| 65 | * Indicates that the keymaster module supports EC keys. |
| 66 | */ |
| 67 | KEYMASTER_SUPPORTS_EC = 1 << 3, |
| 68 | }; |
| 69 | |
| 70 | /** |
| 71 | * \deprecated Asymmetric key pair types. |
| 72 | */ |
| 73 | typedef enum { |
| 74 | TYPE_RSA = 1, |
| 75 | TYPE_DSA = 2, |
| 76 | TYPE_EC = 3, |
| 77 | } keymaster_keypair_t; |
| 78 | |
| 79 | /** |
| 80 | * Authorization tags each have an associated type. This enumeration facilitates tagging each with |
| 81 | * a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to |
| 82 | * 16 data types. These values are ORed with tag IDs to generate the final tag ID values. |
| 83 | */ |
| 84 | typedef enum { |
| 85 | KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */ |
| 86 | KM_ENUM = 1 << 28, |
| 87 | KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */ |
| 88 | KM_INT = 3 << 28, |
| 89 | KM_INT_REP = 4 << 28, /* Repeatable integer value */ |
| 90 | KM_LONG = 5 << 28, |
| 91 | KM_DATE = 6 << 28, |
| 92 | KM_BOOL = 7 << 28, |
| 93 | KM_BIGNUM = 8 << 28, |
| 94 | KM_BYTES = 9 << 28, |
| 95 | } keymaster_tag_type_t; |
| 96 | |
| 97 | typedef enum { |
| 98 | KM_TAG_INVALID = KM_INVALID | 0, |
| 99 | |
| 100 | /* |
| 101 | * Tags that must be semantically enforced by hardware and software implementations. |
| 102 | */ |
| 103 | |
| 104 | /* Crypto parameters */ |
| 105 | KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */ |
| 106 | KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */ |
| 107 | KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */ |
| 108 | KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */ |
| 109 | KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */ |
| 110 | KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC length in bits. */ |
| 111 | KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */ |
| 112 | KM_TAG_CHUNK_LENGTH = KM_INT | 8, /* AEAD mode minimum decryption chunk size, in bytes. */ |
| 113 | KM_TAG_NONCE = KM_BYTES | 9, /* Nonce or Initialization Vector */ |
| 114 | |
| 115 | /* Other hardware-enforced. */ |
| 116 | KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */ |
| 117 | KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102, /* Tags authorized for removal via rescoping. */ |
| 118 | KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705, /* keymaster_key_blob_usage_requirements_t */ |
| 119 | |
| 120 | /* Algorithm-specific. */ |
| 121 | KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */ |
| 122 | KM_TAG_DSA_GENERATOR = KM_BIGNUM | 201, |
| 123 | KM_TAG_DSA_P = KM_BIGNUM | 202, |
| 124 | KM_TAG_DSA_Q = KM_BIGNUM | 203, |
| 125 | /* Note there are no EC-specific params. Field size is defined by KM_TAG_KEY_SIZE, and the |
| 126 | curve is chosen from NIST recommendations for field size */ |
| 127 | |
| 128 | /* |
| 129 | * Tags that should be semantically enforced by hardware if possible and will otherwise be |
| 130 | * enforced by software (keystore). |
| 131 | */ |
| 132 | |
| 133 | /* Key validity period */ |
| 134 | KM_TAG_ACTIVE_DATETIME = KM_DATE | 400, /* Start of validity */ |
| 135 | KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401, /* Date when new "messages" should no |
| 136 | longer be created. */ |
| 137 | KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402, /* Date when existing "messages" should no |
| 138 | longer be trusted. */ |
| 139 | KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403, /* Minimum elapsed time between |
| 140 | cryptographic operations with the key. */ |
| 141 | KM_TAG_SINGLE_USE_PER_BOOT = KM_BOOL | 404, /* If true, the key can only be used once |
| 142 | per boot. */ |
| 143 | |
| 144 | /* User authentication */ |
| 145 | KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */ |
| 146 | KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if KM_TAG_ALL_USERS is |
| 147 | present. */ |
| 148 | KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 502, /* If key is usable without authentication. */ |
| 149 | KM_TAG_USER_AUTH_ID = KM_INT_REP | 503, /* ID of the authenticator to use (e.g. password, |
| 150 | fingerprint, etc.). Repeatable to support |
| 151 | multi-factor auth. Disallowed if |
| 152 | KM_TAG_NO_AUTH_REQUIRED is present. */ |
| 153 | KM_TAG_AUTH_TIMEOUT = KM_INT | 504, /* Required freshness of user authentication for |
| 154 | private/secret key operations, in seconds. |
| 155 | Public key operations require no authentication. |
| 156 | If absent, authentication is required for every |
| 157 | use. Authentication state is lost when the |
| 158 | device is powered off. */ |
| 159 | KM_TAG_RESCOPE_AUTH_TIMEOUT = KM_INT | 505, /* Required freshness of user authentication for key |
| 160 | rescoping operations, in seconds. Public key |
| 161 | operations require no authentication. If absent, |
| 162 | authentication required for every rescoping. */ |
| 163 | |
| 164 | /* Application access control */ |
| 165 | KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* If key is usable by all applications. */ |
| 166 | KM_TAG_APPLICATION_ID = KM_BYTES | 601, /* ID of authorized application. Disallowed if |
| 167 | KM_TAG_ALL_APPLICATIONS is present. */ |
| 168 | |
| 169 | /* |
| 170 | * Semantically unenforceable tags, either because they have no specific meaning or because |
| 171 | * they're informational only. |
| 172 | */ |
| 173 | KM_TAG_APPLICATION_DATA = KM_BYTES | 700, /* Data provided by authorized application. */ |
| 174 | KM_TAG_CREATION_DATETIME = KM_DATE | 701, /* Key creation time */ |
| 175 | KM_TAG_ORIGIN = KM_ENUM | 702, /* keymaster_key_origin_t. */ |
| 176 | KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703, /* Whether key is rollback-resistant. */ |
| 177 | KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704, /* Root of trust ID. Empty array means usable by all |
| 178 | roots. */ |
| 179 | |
| 180 | /* Tags used only to provide data to operations */ |
| 181 | KM_TAG_ADDITIONAL_DATA = KM_BYTES | 1000, /* Used to provide additional data for AEAD modes. */ |
| 182 | } keymaster_tag_t; |
| 183 | |
| 184 | /** |
| 185 | * Algorithms that may be provided by keymaster implementations. Those that must be provided by all |
| 186 | * implementations are tagged as "required". Note that where the values in this enumeration overlap |
| 187 | * with the values for the deprecated keymaster_keypair_t, the same algorithm must be |
| 188 | * specified. This type is new in 0_4 and replaces the deprecated keymaster_keypair_t. |
| 189 | */ |
| 190 | typedef enum { |
| 191 | /* Asymmetric algorithms. */ |
| 192 | KM_ALGORITHM_RSA = 1, /* required */ |
| 193 | KM_ALGORITHM_DSA = 2, /* required */ |
| 194 | KM_ALGORITHM_ECDSA = 3, /* required */ |
| 195 | KM_ALGORITHM_ECIES = 4, |
| 196 | /* FIPS Approved Ciphers */ |
| 197 | KM_ALGORITHM_AES = 32, /* required */ |
| 198 | KM_ALGORITHM_3DES = 33, |
| 199 | KM_ALGORITHM_SKIPJACK = 34, |
| 200 | /* AES Finalists */ |
| 201 | KM_ALGORITHM_MARS = 48, |
| 202 | KM_ALGORITHM_RC6 = 49, |
| 203 | KM_ALGORITHM_SERPENT = 50, |
| 204 | KM_ALGORITHM_TWOFISH = 51, |
| 205 | /* Other common block ciphers */ |
| 206 | KM_ALGORITHM_IDEA = 52, |
| 207 | KM_ALGORITHM_RC5 = 53, |
| 208 | KM_ALGORITHM_CAST5 = 54, |
| 209 | KM_ALGORITHM_BLOWFISH = 55, |
| 210 | /* Common stream ciphers */ |
| 211 | KM_ALGORITHM_RC4 = 64, |
| 212 | KM_ALGORITHM_CHACHA20 = 65, |
| 213 | /* MAC algorithms */ |
| 214 | KM_ALGORITHM_HMAC = 128, /* required */ |
| 215 | } keymaster_algorithm_t; |
| 216 | |
| 217 | /** |
| 218 | * Symmetric block cipher modes that may be provided by keymaster implementations. Those that must |
| 219 | * be provided by all implementations are tagged as "required". This type is new in 0_4. |
| 220 | * |
| 221 | * KM_MODE_FIRST_UNAUTHENTICATED, KM_MODE_FIRST_AUTHENTICATED and KM_MODE_FIRST_MAC are not modes, |
| 222 | * but markers used to separate the available modes into classes. |
| 223 | */ |
| 224 | typedef enum { |
| 225 | /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended |
| 226 | * except for compatibility with existing other protocols. */ |
| 227 | KM_MODE_FIRST_UNAUTHENTICATED = 1, |
| 228 | KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, /* required */ |
| 229 | KM_MODE_CBC = 2, /* required */ |
| 230 | KM_MODE_CBC_CTS = 3, /* recommended */ |
| 231 | KM_MODE_CTR = 4, /* recommended */ |
| 232 | KM_MODE_OFB = 5, |
| 233 | KM_MODE_CFB = 6, |
| 234 | KM_MODE_XTS = 7, /* Note: requires double-length keys */ |
| 235 | /* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended |
| 236 | * over unauthenticated modes for all purposes. One of KM_MODE_GCM and KM_MODE_OCB is |
| 237 | * required. */ |
| 238 | KM_MODE_FIRST_AUTHENTICATED = 32, |
| 239 | KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED, |
| 240 | KM_MODE_OCB = 33, |
| 241 | KM_MODE_CCM = 34, |
| 242 | /* MAC modes -- only for signing/verification */ |
| 243 | KM_MODE_FIRST_MAC = 128, |
| 244 | KM_MODE_CMAC = KM_MODE_FIRST_MAC, |
| 245 | KM_MODE_POLY1305 = 129, |
| 246 | } keymaster_block_mode_t; |
| 247 | |
| 248 | /** |
| 249 | * Padding modes that may be applied to plaintext for encryption operations. This list includes |
| 250 | * padding modes for both symmetric and asymmetric algorithms. Note that implementations should not |
| 251 | * provide all possible combinations of algorithm and padding, only the |
| 252 | * cryptographically-appropriate pairs. |
| 253 | */ |
| 254 | typedef enum { |
| 255 | KM_PAD_NONE = 1, /* required, deprecated */ |
| 256 | KM_PAD_RSA_OAEP = 2, /* required */ |
| 257 | KM_PAD_RSA_PSS = 3, /* required */ |
| 258 | KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4, |
| 259 | KM_PAD_RSA_PKCS1_1_5_SIGN = 5, |
| 260 | KM_PAD_ANSI_X923 = 32, |
| 261 | KM_PAD_ISO_10126 = 33, |
| 262 | KM_PAD_ZERO = 64, /* required */ |
| 263 | KM_PAD_PKCS7 = 65, /* required */ |
| 264 | KM_PAD_ISO_7816_4 = 66, |
| 265 | } keymaster_padding_t; |
| 266 | |
| 267 | /** |
| 268 | * Digests that may be provided by keymaster implementations. Those that must be provided by all |
| 269 | * implementations are tagged as "required". Those that have been added since version 0_2 of the |
| 270 | * API are tagged as "new". |
| 271 | */ |
| 272 | typedef enum { |
| 273 | KM_DIGEST_NONE = 0, /* new, required */ |
| 274 | DIGEST_NONE = KM_DIGEST_NONE, /* For 0_2 compatibility */ |
| 275 | KM_DIGEST_MD5 = 1, /* new, for compatibility with old protocols only */ |
| 276 | KM_DIGEST_SHA1 = 2, /* new */ |
| 277 | KM_DIGEST_SHA_2_224 = 3, /* new */ |
| 278 | KM_DIGEST_SHA_2_256 = 4, /* new, required */ |
| 279 | KM_DIGEST_SHA_2_384 = 5, /* new, recommended */ |
| 280 | KM_DIGEST_SHA_2_512 = 6, /* new, recommended */ |
| 281 | KM_DIGEST_SHA_3_256 = 7, /* new */ |
| 282 | KM_DIGEST_SHA_3_384 = 8, /* new */ |
| 283 | KM_DIGEST_SHA_3_512 = 9, /* new */ |
| 284 | } keymaster_digest_t; |
| 285 | |
| 286 | /** |
| 287 | * The origin of a key (or pair), i.e. where it was generated. Origin and can be used together to |
| 288 | * determine whether a key may have existed outside of secure hardware. This type is new in 0_4. |
| 289 | */ |
| 290 | typedef enum { |
| 291 | KM_ORIGIN_HARDWARE = 0, /* Generated in secure hardware */ |
| 292 | KM_ORIGIN_SOFTWARE = 1, /* Generated in non-secure software */ |
| 293 | KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */ |
| 294 | } keymaster_key_origin_t; |
| 295 | |
| 296 | /** |
| 297 | * Usability requirements of key blobs. This defines what system functionality must be available |
| 298 | * for the key to function. For example, key "blobs" which are actually handles referencing |
| 299 | * encrypted key material stored in the file system cannot be used until the file system is |
| 300 | * available, and should have BLOB_REQUIRES_FILE_SYSTEM. Other requirements entries will be added |
| 301 | * as needed for implementations. This type is new in 0_4. |
| 302 | */ |
| 303 | typedef enum { |
| 304 | KM_BLOB_STANDALONE = 0, |
| 305 | KM_BLOB_REQUIRES_FILE_SYSTEM = 1, |
| 306 | } keymaster_key_blob_usage_requirements_t; |
| 307 | |
| 308 | /** |
| 309 | * Possible purposes of a key (or pair). This type is new in 0_4. |
| 310 | */ |
| 311 | typedef enum { |
| 312 | KM_PURPOSE_ENCRYPT = 0, |
| 313 | KM_PURPOSE_DECRYPT = 1, |
| 314 | KM_PURPOSE_SIGN = 2, |
| 315 | KM_PURPOSE_VERIFY = 3, |
| 316 | } keymaster_purpose_t; |
| 317 | |
| 318 | typedef struct { |
| 319 | const uint8_t* data; |
| 320 | size_t data_length; |
| 321 | } keymaster_blob_t; |
| 322 | |
| 323 | typedef struct { |
| 324 | keymaster_tag_t tag; |
| 325 | union { |
| 326 | uint32_t enumerated; /* KM_ENUM and KM_ENUM_REP */ |
| 327 | bool boolean; /* KM_BOOL */ |
| 328 | uint32_t integer; /* KM_INT and KM_INT_REP */ |
| 329 | uint64_t long_integer; /* KM_LONG */ |
| 330 | uint64_t date_time; /* KM_DATE */ |
| 331 | keymaster_blob_t blob; /* KM_BIGNUM and KM_BYTES*/ |
| 332 | }; |
| 333 | } keymaster_key_param_t; |
| 334 | |
| 335 | typedef struct { |
| 336 | keymaster_key_param_t* params; /* may be NULL if length == 0 */ |
| 337 | size_t length; |
| 338 | } keymaster_key_param_set_t; |
| 339 | |
| 340 | /** |
| 341 | * Parameters that define a key's characteristics, including authorized modes of usage and access |
| 342 | * control restrictions. The parameters are divided into two categories, those that are enforced by |
| 343 | * secure hardware, and those that are not. For a software-only keymaster implementation the |
| 344 | * enforced array must NULL. Hardware implementations must enforce everything in the enforced |
| 345 | * array. |
| 346 | */ |
| 347 | typedef struct { |
| 348 | keymaster_key_param_set_t hw_enforced; |
| 349 | keymaster_key_param_set_t sw_enforced; |
| 350 | } keymaster_key_characteristics_t; |
| 351 | |
| 352 | typedef struct { |
| 353 | const uint8_t* key_material; |
| 354 | size_t key_material_size; |
| 355 | } keymaster_key_blob_t; |
| 356 | |
| 357 | /** |
| 358 | * Formats for key import and export. At present, only asymmetric key import/export is supported. |
| 359 | * In the future this list will expand greatly to accommodate asymmetric key import/export. |
| 360 | */ |
| 361 | typedef enum { |
| 362 | KM_KEY_FORMAT_X509, /* for public key export, required */ |
| 363 | KM_KEY_FORMAT_PKCS8, /* for asymmetric key pair import, required */ |
| 364 | KM_KEY_FORMAT_PKCS12, /* for asymmetric key pair import, not required */ |
| 365 | } keymaster_key_format_t; |
| 366 | |
| 367 | /** |
| 368 | * The keymaster operation API consists of begin, update, finish and abort. This is the type of the |
| 369 | * handle used to tie the sequence of calls together. A 64-bit value is used because it's important |
| 370 | * that handles not be predictable. Implementations must use strong random numbers for handle |
| 371 | * values. |
| 372 | */ |
| 373 | typedef uint64_t keymaster_operation_handle_t; |
| 374 | |
| 375 | typedef enum { |
| 376 | KM_ERROR_OK = 0, |
| 377 | KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1, |
| 378 | KM_ERROR_UNSUPPORTED_PURPOSE = -2, |
| 379 | KM_ERROR_INCOMPATIBLE_PURPOSE = -3, |
| 380 | KM_ERROR_UNSUPPORTED_ALGORITHM = -4, |
| 381 | KM_ERROR_INCOMPATIBLE_ALGORITHM = -5, |
| 382 | KM_ERROR_UNSUPPORTED_KEY_SIZE = -6, |
| 383 | KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7, |
| 384 | KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8, |
| 385 | KM_ERROR_UNSUPPORTED_TAG_LENGTH = -9, |
| 386 | KM_ERROR_UNSUPPORTED_PADDING_MODE = -10, |
| 387 | KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11, |
| 388 | KM_ERROR_UNSUPPORTED_DIGEST = -12, |
| 389 | KM_ERROR_INCOMPATIBLE_DIGEST = -13, |
| 390 | KM_ERROR_INVALID_EXPIRATION_TIME = -14, |
| 391 | KM_ERROR_INVALID_USER_ID = -15, |
| 392 | KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16, |
| 393 | KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17, |
| 394 | KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18, |
| 395 | KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19, /* For PKCS8 & PKCS12 */ |
| 396 | KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */ |
| 397 | KM_ERROR_INVALID_INPUT_LENGTH = -21, |
| 398 | KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22, |
| 399 | KM_ERROR_DELEGATION_NOT_ALLOWED = -23, |
| 400 | KM_ERROR_KEY_NOT_YET_VALID = -24, |
| 401 | KM_ERROR_KEY_EXPIRED = -25, |
| 402 | KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26, |
| 403 | KM_ERROR_OUTPUT_PARAMETER_NULL = -27, |
| 404 | KM_ERROR_INVALID_OPERATION_HANDLE = -28, |
| 405 | KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29, |
| 406 | KM_ERROR_VERIFICATION_FAILED = -30, |
| 407 | KM_ERROR_TOO_MANY_OPERATIONS = -31, |
| 408 | KM_ERROR_UNEXPECTED_NULL_POINTER = -32, |
| 409 | KM_ERROR_INVALID_KEY_BLOB = -33, |
| 410 | KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34, |
| 411 | KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35, |
| 412 | KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36, |
| 413 | KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37, |
| 414 | KM_ERROR_INVALID_ARGUMENT = -38, |
| 415 | KM_ERROR_UNSUPPORTED_TAG = -39, |
| 416 | KM_ERROR_INVALID_TAG = -40, |
| 417 | KM_ERROR_MEMORY_ALLOCATION_FAILED = -41, |
| 418 | KM_ERROR_INVALID_RESCOPING = -42, |
| 419 | KM_ERROR_INVALID_DSA_PARAMS = -43, |
| 420 | KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44, |
| 421 | KM_ERROR_SECURE_HW_ACCESS_DENIED = -45, |
| 422 | KM_ERROR_OPERATION_CANCELLED = -46, |
| 423 | KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47, |
| 424 | KM_ERROR_SECURE_HW_BUSY = -48, |
| 425 | KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49, |
| 426 | KM_ERROR_UNSUPPORTED_EC_FIELD = -50, |
| 427 | KM_ERROR_UNIMPLEMENTED = -100, |
| 428 | KM_ERROR_VERSION_MISMATCH = -101, |
| 429 | |
| 430 | /* Additional error codes may be added by implementations, but implementers should coordinate |
| 431 | * with Google to avoid code collision. */ |
| 432 | KM_ERROR_UNKNOWN_ERROR = -1000, |
| 433 | } keymaster_error_t; |
| 434 | |
| 435 | /** |
| 436 | * \deprecated Parameters needed to generate an RSA key. |
| 437 | */ |
| 438 | typedef struct { |
| 439 | uint32_t modulus_size; /* bits */ |
| 440 | uint64_t public_exponent; |
| 441 | } keymaster_rsa_keygen_params_t; |
| 442 | |
| 443 | /** |
| 444 | * \deprecated Parameters needed to generate a DSA key. |
| 445 | */ |
| 446 | typedef struct { |
| 447 | uint32_t key_size; /* bits */ |
| 448 | uint32_t generator_len; |
| 449 | uint32_t prime_p_len; |
| 450 | uint32_t prime_q_len; |
| 451 | const uint8_t* generator; |
| 452 | const uint8_t* prime_p; |
| 453 | const uint8_t* prime_q; |
| 454 | } keymaster_dsa_keygen_params_t; |
| 455 | |
| 456 | /** |
| 457 | * \deprecated Parameters needed to generate an EC key. |
| 458 | * |
| 459 | * Field size is the only parameter in version 4. The sizes correspond to these required curves: |
| 460 | * |
| 461 | * 192 = NIST P-192 |
| 462 | * 224 = NIST P-224 |
| 463 | * 256 = NIST P-256 |
| 464 | * 384 = NIST P-384 |
| 465 | * 521 = NIST P-521 |
| 466 | * |
| 467 | * The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf |
| 468 | * in Chapter 4. |
| 469 | */ |
| 470 | typedef struct { uint32_t field_size; /* bits */ } keymaster_ec_keygen_params_t; |
| 471 | |
| 472 | /** |
| 473 | * \deprecated Type of padding used for RSA operations. |
| 474 | */ |
| 475 | typedef enum { |
| 476 | PADDING_NONE, |
| 477 | } keymaster_rsa_padding_t; |
| 478 | |
| 479 | /** |
| 480 | * \deprecated |
| 481 | */ |
| 482 | typedef struct { keymaster_digest_t digest_type; } keymaster_dsa_sign_params_t; |
| 483 | |
| 484 | /** |
| 485 | * \deprecated |
| 486 | */ |
| 487 | typedef struct { keymaster_digest_t digest_type; } keymaster_ec_sign_params_t; |
| 488 | |
| 489 | /** |
| 490 | *\deprecated |
| 491 | */ |
| 492 | typedef struct { |
| 493 | keymaster_digest_t digest_type; |
| 494 | keymaster_rsa_padding_t padding_type; |
| 495 | } keymaster_rsa_sign_params_t; |
| 496 | |
| 497 | /* Convenience functions for manipulating keymaster tag types */ |
| 498 | |
| 499 | static inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) { |
| 500 | return (keymaster_tag_type_t)(tag & (0xF << 28)); |
| 501 | } |
| 502 | |
| 503 | static inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) { |
| 504 | return tag & 0x0FFFFFFF; |
| 505 | } |
| 506 | |
| 507 | static inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) { |
| 508 | switch (type) { |
| 509 | case KM_INT_REP: |
| 510 | case KM_ENUM_REP: |
| 511 | return true; |
| 512 | default: |
| 513 | return false; |
| 514 | } |
| 515 | } |
| 516 | |
| 517 | static inline bool keymaster_tag_repeatable(keymaster_tag_t tag) { |
| 518 | return keymaster_tag_type_repeatable(keymaster_tag_get_type(tag)); |
| 519 | } |
| 520 | |
| 521 | /* Convenience functions for manipulating keymaster_key_param_t structs */ |
| 522 | |
| 523 | inline keymaster_key_param_t keymaster_param_enum(keymaster_tag_t tag, uint32_t value) { |
| 524 | // assert(keymaster_tag_get_type(tag) == KM_ENUM || keymaster_tag_get_type(tag) == KM_ENUM_REP); |
| 525 | keymaster_key_param_t param; |
| 526 | memset(¶m, 0, sizeof(param)); |
| 527 | param.tag = tag; |
| 528 | param.enumerated = value; |
| 529 | return param; |
| 530 | } |
| 531 | |
| 532 | inline keymaster_key_param_t keymaster_param_int(keymaster_tag_t tag, uint32_t value) { |
| 533 | // assert(keymaster_tag_get_type(tag) == KM_INT || keymaster_tag_get_type(tag) == KM_INT_REP); |
| 534 | keymaster_key_param_t param; |
| 535 | memset(¶m, 0, sizeof(param)); |
| 536 | param.tag = tag; |
| 537 | param.integer = value; |
| 538 | return param; |
| 539 | } |
| 540 | |
| 541 | inline keymaster_key_param_t keymaster_param_long(keymaster_tag_t tag, uint64_t value) { |
| 542 | // assert(keymaster_tag_get_type(tag) == KM_LONG); |
| 543 | keymaster_key_param_t param; |
| 544 | memset(¶m, 0, sizeof(param)); |
| 545 | param.tag = tag; |
| 546 | param.long_integer = value; |
| 547 | return param; |
| 548 | } |
| 549 | |
| 550 | inline keymaster_key_param_t keymaster_param_blob(keymaster_tag_t tag, const uint8_t* bytes, |
| 551 | size_t bytes_len) { |
| 552 | // assert(keymaster_tag_get_type(tag) == KM_BYTES || keymaster_tag_get_type(tag) == KM_BIGNUM); |
| 553 | keymaster_key_param_t param; |
| 554 | memset(¶m, 0, sizeof(param)); |
| 555 | param.tag = tag; |
| 556 | param.blob.data = (uint8_t*)bytes; |
| 557 | param.blob.data_length = bytes_len; |
| 558 | return param; |
| 559 | } |
| 560 | |
| 561 | inline keymaster_key_param_t keymaster_param_bool(keymaster_tag_t tag) { |
| 562 | // assert(keymaster_tag_get_type(tag) == KM_BOOL); |
| 563 | keymaster_key_param_t param; |
| 564 | memset(¶m, 0, sizeof(param)); |
| 565 | param.tag = tag; |
| 566 | param.boolean = true; |
| 567 | return param; |
| 568 | } |
| 569 | |
| 570 | inline keymaster_key_param_t keymaster_param_date(keymaster_tag_t tag, uint64_t value) { |
| 571 | // assert(keymaster_tag_get_type(tag) == KM_DATE); |
| 572 | keymaster_key_param_t param; |
| 573 | memset(¶m, 0, sizeof(param)); |
| 574 | param.tag = tag; |
| 575 | param.date_time = value; |
| 576 | return param; |
| 577 | } |
| 578 | |
| 579 | inline void keymaster_free_param_values(keymaster_key_param_t* param, size_t param_count) { |
| 580 | while (param_count-- > 0) { |
| 581 | switch (keymaster_tag_get_type(param->tag)) { |
| 582 | case KM_BIGNUM: |
| 583 | case KM_BYTES: |
| 584 | free((void*)param->blob.data); |
| 585 | param->blob.data = NULL; |
| 586 | break; |
| 587 | default: |
| 588 | // NOP |
| 589 | break; |
| 590 | } |
| 591 | ++param; |
| 592 | } |
| 593 | } |
| 594 | |
| 595 | inline void keymaster_free_param_set(keymaster_key_param_set_t* set) { |
| 596 | if (set) { |
| 597 | keymaster_free_param_values(set->params, set->length); |
| 598 | free(set->params); |
| 599 | set->params = NULL; |
| 600 | } |
| 601 | } |
| 602 | |
| 603 | inline void keymaster_free_characteristics(keymaster_key_characteristics_t* characteristics) { |
| 604 | if (characteristics) { |
| 605 | keymaster_free_param_set(&characteristics->hw_enforced); |
| 606 | keymaster_free_param_set(&characteristics->sw_enforced); |
| 607 | } |
| 608 | } |
| 609 | |
| 610 | #if defined(__cplusplus) |
| 611 | } // extern "C" |
| 612 | #endif // defined(__cplusplus) |
| 613 | |
| 614 | #endif // ANDROID_HARDWARE_KEYMASTER_DEFS_H |