Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / hardware / libhardware / refs/heads/int/p/fp2 / . / include / hardware / keymaster_common.h
blob: c79c1226f4954bdf0a7f8021ce021a2e8acd2369 [file] [log] [blame]
Shawn Willden302d2522015-02-24 09:17:38 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef ANDROID_HARDWARE_KEYMASTER_COMMON_H
18#define ANDROID_HARDWARE_KEYMASTER_COMMON_H
19
20#include <stdint.h>
21#include <sys/cdefs.h>
22#include <sys/types.h>
23
24#include <hardware/hardware.h>
25
26__BEGIN_DECLS
27
28/**
29 * The id of this module
30 */
31#define KEYSTORE_HARDWARE_MODULE_ID "keystore"
32
33#define KEYSTORE_KEYMASTER "keymaster"
34
35
36/**
37 * Settings for "module_api_version" and "hal_api_version"
38 * fields in the keymaster_module initialization.
39 */
40
41/**
42 * Keymaster 0.X module version provide the same APIs, but later versions add more options
43 * for algorithms and flags.
44 */
45#define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2)
46#define KEYMASTER_DEVICE_API_VERSION_0_2 HARDWARE_DEVICE_API_VERSION(0, 2)
47
48#define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3)
49#define KEYMASTER_DEVICE_API_VERSION_0_3 HARDWARE_DEVICE_API_VERSION(0, 3)
50
51/**
52 * Keymaster 1.0 module version provides a completely different API, incompatible with 0.X.
53 */
54#define KEYMASTER_MODULE_API_VERSION_1_0 HARDWARE_MODULE_API_VERSION(1, 0)
55#define KEYMASTER_DEVICE_API_VERSION_1_0 HARDWARE_DEVICE_API_VERSION(1, 0)
56
Shawn Willdencf30fe12015-12-21 16:29:10 -0700[diff] [blame]57/**
58 * Keymaster 2.0 module version provides third API, slightly modified and extended from 1.0.
59 */
60#define KEYMASTER_MODULE_API_VERSION_2_0 HARDWARE_MODULE_API_VERSION(2, 0)
61#define KEYMASTER_DEVICE_API_VERSION_2_0 HARDWARE_DEVICE_API_VERSION(2, 0)
62
Shawn Willden302d2522015-02-24 09:17:38 -0700[diff] [blame]63struct keystore_module {
64 /**
65 * Common methods of the keystore module. This *must* be the first member of keystore_module as
66 * users of this structure will cast a hw_module_t to keystore_module pointer in contexts where
67 * it's known the hw_module_t references a keystore_module.
68 */
69 hw_module_t common;
70
71 /* There are no keystore module methods other than the common ones. */
72};
73
74/**
75 * Flags for keymaster0_device::flags
76 */
77enum {
78 /*
79 * Indicates this keymaster implementation does not have hardware that
80 * keeps private keys out of user space.
81 *
82 * This should not be implemented on anything other than the default
83 * implementation.
84 */
85 KEYMASTER_SOFTWARE_ONLY = 1 << 0,
86
87 /*
88 * This indicates that the key blobs returned via all the primitives
89 * are sufficient to operate on their own without the trusted OS
90 * querying userspace to retrieve some other data. Key blobs of
91 * this type are normally returned encrypted with a
92 * Key Encryption Key (KEK).
93 *
94 * This is currently used by "vold" to know whether the whole disk
95 * encryption secret can be unwrapped without having some external
96 * service started up beforehand since the "/data" partition will
97 * be unavailable at that point.
98 */
99 KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1,
100
101 /*
102 * Indicates that the keymaster module supports DSA keys.
103 */
104 KEYMASTER_SUPPORTS_DSA = 1 << 2,
105
106 /*
107 * Indicates that the keymaster module supports EC keys.
108 */
109 KEYMASTER_SUPPORTS_EC = 1 << 3,
110};
111
112/**
113 * Asymmetric key pair types.
114 */
115typedef enum {
116 TYPE_RSA = 1,
117 TYPE_DSA = 2,
118 TYPE_EC = 3,
119} keymaster_keypair_t;
120
121/**
122 * Parameters needed to generate an RSA key.
123 */
124typedef struct {
125 uint32_t modulus_size;
126 uint64_t public_exponent;
127} keymaster_rsa_keygen_params_t;
128
129/**
130 * Parameters needed to generate a DSA key.
131 */
132typedef struct {
133 uint32_t key_size;
134 uint32_t generator_len;
135 uint32_t prime_p_len;
136 uint32_t prime_q_len;
137 const uint8_t* generator;
138 const uint8_t* prime_p;
139 const uint8_t* prime_q;
140} keymaster_dsa_keygen_params_t;
141
142/**
143 * Parameters needed to generate an EC key.
144 *
145 * Field size is the only parameter in version 2. The sizes correspond to these required curves:
146 *
147 * 192 = NIST P-192
148 * 224 = NIST P-224
149 * 256 = NIST P-256
150 * 384 = NIST P-384
151 * 521 = NIST P-521
152 *
153 * The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf
154 * in Chapter 4.
155 */
156typedef struct {
157 uint32_t field_size;
158} keymaster_ec_keygen_params_t;
159
160
161/**
162 * Digest type.
163 */
164typedef enum {
165 DIGEST_NONE,
166} keymaster_digest_algorithm_t;
167
168/**
169 * Type of padding used for RSA operations.
170 */
171typedef enum {
172 PADDING_NONE,
173} keymaster_rsa_padding_t;
174
175
176typedef struct {
177 keymaster_digest_algorithm_t digest_type;
178} keymaster_dsa_sign_params_t;
179
180typedef struct {
181 keymaster_digest_algorithm_t digest_type;
182} keymaster_ec_sign_params_t;
183
184typedef struct {
185 keymaster_digest_algorithm_t digest_type;
186 keymaster_rsa_padding_t padding_type;
187} keymaster_rsa_sign_params_t;
188
189__END_DECLS
190
191#endif // ANDROID_HARDWARE_KEYMASTER_COMMON_H