| Shawn Willden | 302d252 | 2015-02-24 09:17:38 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2011 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #ifndef ANDROID_HARDWARE_KEYMASTER_0_H |
| 18 | #define ANDROID_HARDWARE_KEYMASTER_0_H |
| 19 | |
| 20 | #include <hardware/keymaster_common.h> |
| 21 | |
| 22 | __BEGIN_DECLS |
| 23 | |
| 24 | /** |
| 25 | * Keymaster0 device definition. |
| 26 | */ |
| 27 | struct keymaster0_device { |
| 28 | /** |
| 29 | * Common methods of the keymaster device. This *must* be the first member of |
| 30 | * keymaster0_device as users of this structure will cast a hw_device_t to |
| 31 | * keymaster0_device pointer in contexts where it's known the hw_device_t references a |
| 32 | * keymaster0_device. |
| 33 | */ |
| 34 | struct hw_device_t common; |
| 35 | |
| 36 | /** |
| 37 | * THIS IS DEPRECATED. Use the new "module_api_version" and "hal_api_version" |
| 38 | * fields in the keymaster_module initialization instead. |
| 39 | */ |
| 40 | uint32_t client_version; |
| 41 | |
| 42 | /** |
| 43 | * See flags defined for keymaster0_device::flags in keymaster_common.h |
| 44 | */ |
| 45 | uint32_t flags; |
| 46 | |
| 47 | void* context; |
| 48 | |
| 49 | /** |
| 50 | * Generates a public and private key. The key-blob returned is opaque |
| 51 | * and must subsequently provided for signing and verification. |
| 52 | * |
| 53 | * Returns: 0 on success or an error code less than 0. |
| 54 | */ |
| 55 | int (*generate_keypair)(const struct keymaster0_device* dev, |
| 56 | const keymaster_keypair_t key_type, const void* key_params, |
| 57 | uint8_t** key_blob, size_t* key_blob_length); |
| 58 | |
| 59 | /** |
| 60 | * Imports a public and private key pair. The imported keys will be in |
| 61 | * PKCS#8 format with DER encoding (Java standard). The key-blob |
| 62 | * returned is opaque and will be subsequently provided for signing |
| 63 | * and verification. |
| 64 | * |
| 65 | * Returns: 0 on success or an error code less than 0. |
| 66 | */ |
| 67 | int (*import_keypair)(const struct keymaster0_device* dev, |
| 68 | const uint8_t* key, const size_t key_length, |
| 69 | uint8_t** key_blob, size_t* key_blob_length); |
| 70 | |
| 71 | /** |
| 72 | * Gets the public key part of a key pair. The public key must be in |
| 73 | * X.509 format (Java standard) encoded byte array. |
| 74 | * |
| 75 | * Returns: 0 on success or an error code less than 0. |
| 76 | * On error, x509_data should not be allocated. |
| 77 | */ |
| 78 | int (*get_keypair_public)(const struct keymaster0_device* dev, |
| 79 | const uint8_t* key_blob, const size_t key_blob_length, |
| 80 | uint8_t** x509_data, size_t* x509_data_length); |
| 81 | |
| 82 | /** |
| 83 | * Deletes the key pair associated with the key blob. |
| 84 | * |
| 85 | * This function is optional and should be set to NULL if it is not |
| 86 | * implemented. |
| 87 | * |
| 88 | * Returns 0 on success or an error code less than 0. |
| 89 | */ |
| 90 | int (*delete_keypair)(const struct keymaster0_device* dev, |
| 91 | const uint8_t* key_blob, const size_t key_blob_length); |
| 92 | |
| 93 | /** |
| 94 | * Deletes all keys in the hardware keystore. Used when keystore is |
| 95 | * reset completely. |
| 96 | * |
| 97 | * This function is optional and should be set to NULL if it is not |
| 98 | * implemented. |
| 99 | * |
| 100 | * Returns 0 on success or an error code less than 0. |
| 101 | */ |
| 102 | int (*delete_all)(const struct keymaster0_device* dev); |
| 103 | |
| 104 | /** |
| 105 | * Signs data using a key-blob generated before. This can use either |
| 106 | * an asymmetric key or a secret key. |
| 107 | * |
| 108 | * Returns: 0 on success or an error code less than 0. |
| 109 | */ |
| 110 | int (*sign_data)(const struct keymaster0_device* dev, |
| 111 | const void* signing_params, |
| 112 | const uint8_t* key_blob, const size_t key_blob_length, |
| 113 | const uint8_t* data, const size_t data_length, |
| 114 | uint8_t** signed_data, size_t* signed_data_length); |
| 115 | |
| 116 | /** |
| 117 | * Verifies data signed with a key-blob. This can use either |
| 118 | * an asymmetric key or a secret key. |
| 119 | * |
| 120 | * Returns: 0 on successful verification or an error code less than 0. |
| 121 | */ |
| 122 | int (*verify_data)(const struct keymaster0_device* dev, |
| 123 | const void* signing_params, |
| 124 | const uint8_t* key_blob, const size_t key_blob_length, |
| 125 | const uint8_t* signed_data, const size_t signed_data_length, |
| 126 | const uint8_t* signature, const size_t signature_length); |
| 127 | }; |
| 128 | typedef struct keymaster0_device keymaster0_device_t; |
| 129 | |
| 130 | |
| 131 | /* Convenience API for opening and closing keymaster devices */ |
| 132 | |
| 133 | static inline int keymaster0_open(const struct hw_module_t* module, |
| 134 | keymaster0_device_t** device) |
| 135 | { |
| 136 | int rc = module->methods->open(module, KEYSTORE_KEYMASTER, |
| 137 | (struct hw_device_t**) device); |
| 138 | |
| 139 | return rc; |
| 140 | } |
| 141 | |
| 142 | static inline int keymaster0_close(keymaster0_device_t* device) |
| 143 | { |
| 144 | return device->common.close(&device->common); |
| 145 | } |
| 146 | |
| 147 | __END_DECLS |
| 148 | |
| 149 | #endif // ANDROID_HARDWARE_KEYMASTER_0_H |