--- /dev/null
+/*
+ * Copyright (C) 2011 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ANDROID_HARDWARE_KEYMASTER_0_H
+#define ANDROID_HARDWARE_KEYMASTER_0_H
+
+#include <hardware/keymaster_common.h>
+
+__BEGIN_DECLS
+
+/**
+ * Keymaster0 device definition.
+ */
+struct keymaster0_device {
+ /**
+ * Common methods of the keymaster device. This *must* be the first member of
+ * keymaster0_device as users of this structure will cast a hw_device_t to
+ * keymaster0_device pointer in contexts where it's known the hw_device_t references a
+ * keymaster0_device.
+ */
+ struct hw_device_t common;
+
+ /**
+ * THIS IS DEPRECATED. Use the new "module_api_version" and "hal_api_version"
+ * fields in the keymaster_module initialization instead.
+ */
+ uint32_t client_version;
+
+ /**
+ * See flags defined for keymaster0_device::flags in keymaster_common.h
+ */
+ uint32_t flags;
+
+ void* context;
+
+ /**
+ * Generates a public and private key. The key-blob returned is opaque
+ * and must subsequently provided for signing and verification.
+ *
+ * Returns: 0 on success or an error code less than 0.
+ */
+ int (*generate_keypair)(const struct keymaster0_device* dev,
+ const keymaster_keypair_t key_type, const void* key_params,
+ uint8_t** key_blob, size_t* key_blob_length);
+
+ /**
+ * Imports a public and private key pair. The imported keys will be in
+ * PKCS#8 format with DER encoding (Java standard). The key-blob
+ * returned is opaque and will be subsequently provided for signing
+ * and verification.
+ *
+ * Returns: 0 on success or an error code less than 0.
+ */
+ int (*import_keypair)(const struct keymaster0_device* dev,
+ const uint8_t* key, const size_t key_length,
+ uint8_t** key_blob, size_t* key_blob_length);
+
+ /**
+ * Gets the public key part of a key pair. The public key must be in
+ * X.509 format (Java standard) encoded byte array.
+ *
+ * Returns: 0 on success or an error code less than 0.
+ * On error, x509_data should not be allocated.
+ */
+ int (*get_keypair_public)(const struct keymaster0_device* dev,
+ const uint8_t* key_blob, const size_t key_blob_length,
+ uint8_t** x509_data, size_t* x509_data_length);
+
+ /**
+ * Deletes the key pair associated with the key blob.
+ *
+ * This function is optional and should be set to NULL if it is not
+ * implemented.
+ *
+ * Returns 0 on success or an error code less than 0.
+ */
+ int (*delete_keypair)(const struct keymaster0_device* dev,
+ const uint8_t* key_blob, const size_t key_blob_length);
+
+ /**
+ * Deletes all keys in the hardware keystore. Used when keystore is
+ * reset completely.
+ *
+ * This function is optional and should be set to NULL if it is not
+ * implemented.
+ *
+ * Returns 0 on success or an error code less than 0.
+ */
+ int (*delete_all)(const struct keymaster0_device* dev);
+
+ /**
+ * Signs data using a key-blob generated before. This can use either
+ * an asymmetric key or a secret key.
+ *
+ * Returns: 0 on success or an error code less than 0.
+ */
+ int (*sign_data)(const struct keymaster0_device* dev,
+ const void* signing_params,
+ const uint8_t* key_blob, const size_t key_blob_length,
+ const uint8_t* data, const size_t data_length,
+ uint8_t** signed_data, size_t* signed_data_length);
+
+ /**
+ * Verifies data signed with a key-blob. This can use either
+ * an asymmetric key or a secret key.
+ *
+ * Returns: 0 on successful verification or an error code less than 0.
+ */
+ int (*verify_data)(const struct keymaster0_device* dev,
+ const void* signing_params,
+ const uint8_t* key_blob, const size_t key_blob_length,
+ const uint8_t* signed_data, const size_t signed_data_length,
+ const uint8_t* signature, const size_t signature_length);
+};
+typedef struct keymaster0_device keymaster0_device_t;
+
+
+/* Convenience API for opening and closing keymaster devices */
+
+static inline int keymaster0_open(const struct hw_module_t* module,
+ keymaster0_device_t** device)
+{
+ int rc = module->methods->open(module, KEYSTORE_KEYMASTER,
+ (struct hw_device_t**) device);
+
+ return rc;
+}
+
+static inline int keymaster0_close(keymaster0_device_t* device)
+{
+ return device->common.close(&device->common);
+}
+
+__END_DECLS
+
+#endif // ANDROID_HARDWARE_KEYMASTER_0_H
/*
- * Copyright (C) 2011 The Android Open Source Project
+ * Copyright (C) 2015 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* limitations under the License.
*/
-#ifndef ANDROID_HARDWARE_KEYMASTER_H
-#define ANDROID_HARDWARE_KEYMASTER_H
+#ifndef ANDROID_HARDWARE_KEYMASTER1_H
+#define ANDROID_HARDWARE_KEYMASTER1_H
-#include <stdint.h>
-#include <sys/cdefs.h>
-#include <sys/types.h>
-
-#include <hardware/hardware.h>
+#include <hardware/keymaster_common.h>
#include <hardware/keymaster_defs.h>
__BEGIN_DECLS
/**
- * The id of this module
- */
-#define KEYSTORE_HARDWARE_MODULE_ID "keystore"
-
-#define KEYSTORE_KEYMASTER "keymaster"
-
-/**
- * Settings for "module_api_version" and "hal_api_version"
- * fields in the keymaster_module initialization.
- */
-#define KEYMASTER_HEADER_VERSION 4
-
-#define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2)
-#define KEYMASTER_DEVICE_API_VERSION_0_2 \
- HARDWARE_DEVICE_API_VERSION_2(0, 2, KEYMASTER_HEADER_VERSION)
-
-#define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3)
-#define KEYMASTER_DEVICE_API_VERSION_0_3 \
- HARDWARE_DEVICE_API_VERSION_2(0, 3, KEYMASTER_HEADER_VERSION)
-
-#define KEYMASTER_MODULE_API_VERSION_0_4 HARDWARE_MODULE_API_VERSION(0, 4)
-#define KEYMASTER_DEVICE_API_VERSION_0_4 \
- HARDWARE_DEVICE_API_VERSION_2(0, 4, KEYMASTER_HEADER_VERSION)
-
-struct keystore_module {
- /**
- * Common methods of the keystore module. This *must* be the first member of
- * keystore_module as users of this structure will cast a hw_module_t to
- * keystore_module pointer in contexts where it's known the hw_module_t references a
- * keystore_module.
- */
- hw_module_t common;
-};
-
-/**
- * The parameters that can be set for a given keymaster implementation.
+ * Keymaster1 device definition
*/
-struct keymaster_device {
+struct keymaster1_device {
/**
* Common methods of the keymaster device. This *must* be the first member of
* keymaster_device as users of this structure will cast a hw_device_t to
uint32_t client_version;
/**
- * See flags defined for keymaster_device::flags above.
+ * See flags defined for keymaster0_devices::flags in keymaster_common.h
*/
uint32_t flags;
*
* Returns: 0 on success or an error code less than 0.
*/
- int (*generate_keypair)(const struct keymaster_device* dev, const keymaster_keypair_t key_type,
+ int (*generate_keypair)(const struct keymaster1_device* dev, const keymaster_keypair_t key_type,
const void* key_params, uint8_t** key_blob, size_t* key_blob_length);
/**
*
* Returns: 0 on success or an error code less than 0.
*/
- int (*import_keypair)(const struct keymaster_device* dev, const uint8_t* key,
+ int (*import_keypair)(const struct keymaster1_device* dev, const uint8_t* key,
const size_t key_length, uint8_t** key_blob, size_t* key_blob_length);
/**
* Returns: 0 on success or an error code less than 0. On error, x509_data
* should not be allocated.
*/
- int (*get_keypair_public)(const struct keymaster_device* dev, const uint8_t* key_blob,
+ int (*get_keypair_public)(const struct keymaster1_device* dev, const uint8_t* key_blob,
const size_t key_blob_length, uint8_t** x509_data,
size_t* x509_data_length);
*
* Returns 0 on success or an error code less than 0.
*/
- int (*delete_keypair)(const struct keymaster_device* dev, const uint8_t* key_blob,
+ int (*delete_keypair)(const struct keymaster1_device* dev, const uint8_t* key_blob,
const size_t key_blob_length);
/**
*
* Returns 0 on success or an error code less than 0.
*/
- int (*delete_all)(const struct keymaster_device* dev);
+ int (*delete_all)(const struct keymaster1_device* dev);
/**
* \deprecated Signs data using a key-blob generated before. This can use either an asymmetric
*
* Returns: 0 on success or an error code less than 0.
*/
- int (*sign_data)(const struct keymaster_device* dev, const void* signing_params,
+ int (*sign_data)(const struct keymaster1_device* dev, const void* signing_params,
const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data,
const size_t data_length, uint8_t** signed_data, size_t* signed_data_length);
*
* Returns: 0 on successful verification or an error code less than 0.
*/
- int (*verify_data)(const struct keymaster_device* dev, const void* signing_params,
+ int (*verify_data)(const struct keymaster1_device* dev, const void* signing_params,
const uint8_t* key_blob, const size_t key_blob_length,
const uint8_t* signed_data, const size_t signed_data_length,
const uint8_t* signature, const size_t signature_length);
*
* \param[out] algorithms_length Length of \p algorithms.
*/
- keymaster_error_t (*get_supported_algorithms)(const struct keymaster_device* dev,
+ keymaster_error_t (*get_supported_algorithms)(const struct keymaster1_device* dev,
keymaster_algorithm_t** algorithms,
size_t* algorithms_length);
*
* \param[out] modes_length Length of \p modes.
*/
- keymaster_error_t (*get_supported_block_modes)(const struct keymaster_device* dev,
+ keymaster_error_t (*get_supported_block_modes)(const struct keymaster1_device* dev,
keymaster_algorithm_t algorithm,
keymaster_purpose_t purpose,
keymaster_block_mode_t** modes,
*
* \param[out] modes_length Length of \p modes.
*/
- keymaster_error_t (*get_supported_padding_modes)(const struct keymaster_device* dev,
+ keymaster_error_t (*get_supported_padding_modes)(const struct keymaster1_device* dev,
keymaster_algorithm_t algorithm,
keymaster_purpose_t purpose,
keymaster_padding_t** modes,
*
* \param[out] digests_length Length of \p digests.
*/
- keymaster_error_t (*get_supported_digests)(const struct keymaster_device* dev,
+ keymaster_error_t (*get_supported_digests)(const struct keymaster1_device* dev,
keymaster_algorithm_t algorithm,
keymaster_purpose_t purpose,
keymaster_digest_t** digests,
*
* \param[out] formats_length Length of \p formats.
*/
- keymaster_error_t (*get_supported_import_formats)(const struct keymaster_device* dev,
+ keymaster_error_t (*get_supported_import_formats)(const struct keymaster1_device* dev,
keymaster_algorithm_t algorithm,
keymaster_key_format_t** formats,
size_t* formats_length);
*
* \param[out] formats_length Length of \p formats.
*/
- keymaster_error_t (*get_supported_export_formats)(const struct keymaster_device* dev,
+ keymaster_error_t (*get_supported_export_formats)(const struct keymaster1_device* dev,
keymaster_algorithm_t algorithm,
keymaster_key_format_t** formats,
size_t* formats_length);
*
* \param[in] data_length Length of \p data.
*/
- keymaster_error_t (*add_rng_entropy)(const struct keymaster_device* dev, const uint8_t* data,
+ keymaster_error_t (*add_rng_entropy)(const struct keymaster1_device* dev, const uint8_t* data,
size_t data_length);
/**
* keymaster_free_characteristics(). Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and
* KM_TAG_APPLICATION_DATA are never returned.
*/
- keymaster_error_t (*generate_key)(const struct keymaster_device* dev,
+ keymaster_error_t (*generate_key)(const struct keymaster1_device* dev,
const keymaster_key_param_t* params, size_t params_count,
keymaster_key_blob_t* key_blob,
keymaster_key_characteristics_t** characteristics);
*
* \param[out] characteristics The key characteristics.
*/
- keymaster_error_t (*get_key_characteristics)(const struct keymaster_device* dev,
+ keymaster_error_t (*get_key_characteristics)(const struct keymaster1_device* dev,
const keymaster_key_blob_t* key_blob,
const keymaster_blob_t* client_id,
const keymaster_blob_t* app_data,
* hw_enforced and sw_enforced lists. The caller takes ownership and must call
* keymaster_free_characteristics() to free.
*/
- keymaster_error_t (*rescope)(const struct keymaster_device* dev,
+ keymaster_error_t (*rescope)(const struct keymaster1_device* dev,
const keymaster_key_param_t* new_params, size_t new_params_count,
const keymaster_key_blob_t* key_blob,
const keymaster_blob_t* client_id,
* NULL, in which case no characteristics will be returned. If non-NULL, the caller assumes
* ownership and must deallocate with keymaster_free_characteristics().
*/
- keymaster_error_t (*import_key)(const struct keymaster_device* dev,
+ keymaster_error_t (*import_key)(const struct keymaster1_device* dev,
const keymaster_key_param_t* params, size_t params_count,
keymaster_key_format_t key_format, const uint8_t* key_data,
size_t key_data_length, keymaster_key_blob_t* key_blob,
*
* \param[out] export_data_length The length of \p export_data.
*/
- keymaster_error_t (*export_key)(const struct keymaster_device* dev,
+ keymaster_error_t (*export_key)(const struct keymaster1_device* dev,
keymaster_key_format_t export_format,
const keymaster_key_blob_t* key_to_export,
const keymaster_blob_t* client_id,
*
* \param[in] key The key to be deleted.
*/
- keymaster_error_t (*delete_key)(const struct keymaster_device* dev,
+ keymaster_error_t (*delete_key)(const struct keymaster1_device* dev,
const keymaster_key_blob_t* key);
/**
*
* Returns 0 on success or an error code less than 0.
*/
- int (*delete_all_keys)(const struct keymaster_device* dev);
+ int (*delete_all_keys)(const struct keymaster1_device* dev);
/**
* Begins a cryptographic operation using the specified key. If all is well, begin() will
* \param[out] operation_handle The newly-created operation handle which must be passed to
* update(), finish() or abort().
*/
- keymaster_error_t (*begin)(const struct keymaster_device* dev, keymaster_purpose_t purpose,
+ keymaster_error_t (*begin)(const struct keymaster1_device* dev, keymaster_purpose_t purpose,
const keymaster_key_blob_t* key, const keymaster_key_param_t* params,
size_t params_count, keymaster_key_param_t** out_params,
size_t* out_params_count,
* Note that update() may not provide any output, in which case *output_length will be zero, and
* *output may be either NULL or zero-length (so the caller should always free() it).
*/
- keymaster_error_t (*update)(const struct keymaster_device* dev,
+ keymaster_error_t (*update)(const struct keymaster1_device* dev,
keymaster_operation_handle_t operation_handle,
const keymaster_key_param_t* params, size_t params_count,
const uint8_t* input, size_t input_length, size_t* input_consumed,
* If the operation being finished is a signature verification or an AEAD-mode decryption and
* verification fails then finish() will return KM_ERROR_VERIFICATION_FAILED.
*/
- keymaster_error_t (*finish)(const struct keymaster_device* dev,
+ keymaster_error_t (*finish)(const struct keymaster1_device* dev,
keymaster_operation_handle_t operation_handle,
const keymaster_key_param_t* params, size_t params_count,
const uint8_t* signature, size_t signature_length, uint8_t** output,
* Aborts a cryptographic operation begun with begin(), freeing all internal resources and
* invalidating operation_handle.
*/
- keymaster_error_t (*abort)(const struct keymaster_device* dev,
+ keymaster_error_t (*abort)(const struct keymaster1_device* dev,
keymaster_operation_handle_t operation_handle);
};
-typedef struct keymaster_device keymaster_device_t;
+typedef struct keymaster1_device keymaster1_device_t;
/* Convenience API for opening and closing keymaster devices */
-static inline int keymaster_open(const struct hw_module_t* module, keymaster_device_t** device) {
+static inline int keymaster1_open(const struct hw_module_t* module, keymaster1_device_t** device) {
return module->methods->open(module, KEYSTORE_KEYMASTER, (struct hw_device_t**)device);
}
-static inline int keymaster_close(keymaster_device_t* device) {
+static inline int keymaster1_close(keymaster1_device_t* device) {
return device->common.close(&device->common);
}
__END_DECLS
-#endif // ANDROID_HARDWARE_KEYMASTER_H
+#endif // ANDROID_HARDWARE_KEYMASTER1_H
--- /dev/null
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ANDROID_HARDWARE_KEYMASTER_COMMON_H
+#define ANDROID_HARDWARE_KEYMASTER_COMMON_H
+
+#include <stdint.h>
+#include <sys/cdefs.h>
+#include <sys/types.h>
+
+#include <hardware/hardware.h>
+
+__BEGIN_DECLS
+
+/**
+ * The id of this module
+ */
+#define KEYSTORE_HARDWARE_MODULE_ID "keystore"
+
+#define KEYSTORE_KEYMASTER "keymaster"
+
+
+/**
+ * Settings for "module_api_version" and "hal_api_version"
+ * fields in the keymaster_module initialization.
+ */
+
+/**
+ * Keymaster 0.X module version provide the same APIs, but later versions add more options
+ * for algorithms and flags.
+ */
+#define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2)
+#define KEYMASTER_DEVICE_API_VERSION_0_2 HARDWARE_DEVICE_API_VERSION(0, 2)
+
+#define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3)
+#define KEYMASTER_DEVICE_API_VERSION_0_3 HARDWARE_DEVICE_API_VERSION(0, 3)
+
+/**
+ * Keymaster 1.0 module version provides a completely different API, incompatible with 0.X.
+ */
+#define KEYMASTER_MODULE_API_VERSION_1_0 HARDWARE_MODULE_API_VERSION(1, 0)
+#define KEYMASTER_DEVICE_API_VERSION_1_0 HARDWARE_DEVICE_API_VERSION(1, 0)
+
+struct keystore_module {
+ /**
+ * Common methods of the keystore module. This *must* be the first member of keystore_module as
+ * users of this structure will cast a hw_module_t to keystore_module pointer in contexts where
+ * it's known the hw_module_t references a keystore_module.
+ */
+ hw_module_t common;
+
+ /* There are no keystore module methods other than the common ones. */
+};
+
+/**
+ * Flags for keymaster0_device::flags
+ */
+enum {
+ /*
+ * Indicates this keymaster implementation does not have hardware that
+ * keeps private keys out of user space.
+ *
+ * This should not be implemented on anything other than the default
+ * implementation.
+ */
+ KEYMASTER_SOFTWARE_ONLY = 1 << 0,
+
+ /*
+ * This indicates that the key blobs returned via all the primitives
+ * are sufficient to operate on their own without the trusted OS
+ * querying userspace to retrieve some other data. Key blobs of
+ * this type are normally returned encrypted with a
+ * Key Encryption Key (KEK).
+ *
+ * This is currently used by "vold" to know whether the whole disk
+ * encryption secret can be unwrapped without having some external
+ * service started up beforehand since the "/data" partition will
+ * be unavailable at that point.
+ */
+ KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1,
+
+ /*
+ * Indicates that the keymaster module supports DSA keys.
+ */
+ KEYMASTER_SUPPORTS_DSA = 1 << 2,
+
+ /*
+ * Indicates that the keymaster module supports EC keys.
+ */
+ KEYMASTER_SUPPORTS_EC = 1 << 3,
+};
+
+/**
+ * Asymmetric key pair types.
+ */
+typedef enum {
+ TYPE_RSA = 1,
+ TYPE_DSA = 2,
+ TYPE_EC = 3,
+} keymaster_keypair_t;
+
+/**
+ * Parameters needed to generate an RSA key.
+ */
+typedef struct {
+ uint32_t modulus_size;
+ uint64_t public_exponent;
+} keymaster_rsa_keygen_params_t;
+
+/**
+ * Parameters needed to generate a DSA key.
+ */
+typedef struct {
+ uint32_t key_size;
+ uint32_t generator_len;
+ uint32_t prime_p_len;
+ uint32_t prime_q_len;
+ const uint8_t* generator;
+ const uint8_t* prime_p;
+ const uint8_t* prime_q;
+} keymaster_dsa_keygen_params_t;
+
+/**
+ * Parameters needed to generate an EC key.
+ *
+ * Field size is the only parameter in version 2. The sizes correspond to these required curves:
+ *
+ * 192 = NIST P-192
+ * 224 = NIST P-224
+ * 256 = NIST P-256
+ * 384 = NIST P-384
+ * 521 = NIST P-521
+ *
+ * The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf
+ * in Chapter 4.
+ */
+typedef struct {
+ uint32_t field_size;
+} keymaster_ec_keygen_params_t;
+
+
+/**
+ * Digest type.
+ */
+typedef enum {
+ DIGEST_NONE,
+} keymaster_digest_algorithm_t;
+
+/**
+ * Type of padding used for RSA operations.
+ */
+typedef enum {
+ PADDING_NONE,
+} keymaster_rsa_padding_t;
+
+
+typedef struct {
+ keymaster_digest_algorithm_t digest_type;
+} keymaster_dsa_sign_params_t;
+
+typedef struct {
+ keymaster_digest_algorithm_t digest_type;
+} keymaster_ec_sign_params_t;
+
+typedef struct {
+ keymaster_digest_algorithm_t digest_type;
+ keymaster_rsa_padding_t padding_type;
+} keymaster_rsa_sign_params_t;
+
+__END_DECLS
+
+#endif // ANDROID_HARDWARE_KEYMASTER_COMMON_H
extern "C" {
#endif // defined(__cplusplus)
-/*!
- * \deprecated Flags for keymaster_device::flags
- *
- * keymaster_device::flags is deprecated and will be removed in the
- * next version of the API in favor of the more detailed information
- * available from TODO:
- */
-enum {
- /*
- * Indicates this keymaster implementation does not have hardware that
- * keeps private keys out of user space.
- *
- * This should not be implemented on anything other than the default
- * implementation.
- */
- KEYMASTER_SOFTWARE_ONLY = 1 << 0,
-
- /*
- * This indicates that the key blobs returned via all the primitives
- * are sufficient to operate on their own without the trusted OS
- * querying userspace to retrieve some other data. Key blobs of
- * this type are normally returned encrypted with a
- * Key Encryption Key (KEK).
- *
- * This is currently used by "vold" to know whether the whole disk
- * encryption secret can be unwrapped without having some external
- * service started up beforehand since the "/data" partition will
- * be unavailable at that point.
- */
- KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1,
-
- /*
- * Indicates that the keymaster module supports DSA keys.
- */
- KEYMASTER_SUPPORTS_DSA = 1 << 2,
-
- /*
- * Indicates that the keymaster module supports EC keys.
- */
- KEYMASTER_SUPPORTS_EC = 1 << 3,
-};
-
-/**
- * \deprecated Asymmetric key pair types.
- */
-typedef enum {
- TYPE_RSA = 1,
- TYPE_DSA = 2,
- TYPE_EC = 3,
-} keymaster_keypair_t;
-
/**
* Authorization tags each have an associated type. This enumeration facilitates tagging each with
* a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to
/**
* Algorithms that may be provided by keymaster implementations. Those that must be provided by all
- * implementations are tagged as "required". Note that where the values in this enumeration overlap
- * with the values for the deprecated keymaster_keypair_t, the same algorithm must be
- * specified. This type is new in 0_4 and replaces the deprecated keymaster_keypair_t.
+ * implementations are tagged as "required".
*/
typedef enum {
/* Asymmetric algorithms. */
*/
typedef enum {
KM_DIGEST_NONE = 0, /* new, required */
- DIGEST_NONE = KM_DIGEST_NONE, /* For 0_2 compatibility */
KM_DIGEST_MD5 = 1, /* new, for compatibility with old protocols only */
KM_DIGEST_SHA1 = 2, /* new */
KM_DIGEST_SHA_2_224 = 3, /* new */
KM_ERROR_UNKNOWN_ERROR = -1000,
} keymaster_error_t;
-/**
- * \deprecated Parameters needed to generate an RSA key.
- */
-typedef struct {
- uint32_t modulus_size; /* bits */
- uint64_t public_exponent;
-} keymaster_rsa_keygen_params_t;
-
-/**
- * \deprecated Parameters needed to generate a DSA key.
- */
-typedef struct {
- uint32_t key_size; /* bits */
- uint32_t generator_len;
- uint32_t prime_p_len;
- uint32_t prime_q_len;
- const uint8_t* generator;
- const uint8_t* prime_p;
- const uint8_t* prime_q;
-} keymaster_dsa_keygen_params_t;
-
-/**
- * \deprecated Parameters needed to generate an EC key.
- *
- * Field size is the only parameter in version 4. The sizes correspond to these required curves:
- *
- * 192 = NIST P-192
- * 224 = NIST P-224
- * 256 = NIST P-256
- * 384 = NIST P-384
- * 521 = NIST P-521
- *
- * The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf
- * in Chapter 4.
- */
-typedef struct { uint32_t field_size; /* bits */ } keymaster_ec_keygen_params_t;
-
-/**
- * \deprecated Type of padding used for RSA operations.
- */
-typedef enum {
- PADDING_NONE,
-} keymaster_rsa_padding_t;
-
-/**
- * \deprecated
- */
-typedef struct { keymaster_digest_t digest_type; } keymaster_dsa_sign_params_t;
-
-/**
- * \deprecated
- */
-typedef struct { keymaster_digest_t digest_type; } keymaster_ec_sign_params_t;
-
-/**
- *\deprecated
- */
-typedef struct {
- keymaster_digest_t digest_type;
- keymaster_rsa_padding_t padding_type;
-} keymaster_rsa_sign_params_t;
-
/* Convenience functions for manipulating keymaster tag types */
static inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) {
#include <UniquePtr.h>
-#include <hardware/keymaster.h>
+#include <hardware/keymaster0.h>
namespace android {
class UniqueKey : public UniqueBlob {
public:
- UniqueKey(keymaster_device_t** dev, uint8_t* bytes, size_t length) :
+ UniqueKey(keymaster0_device_t** dev, uint8_t* bytes, size_t length) :
UniqueBlob(bytes, length), mDevice(dev) {
}
~UniqueKey() {
if (mDevice != NULL && *mDevice != NULL) {
- keymaster_device_t* dev = *mDevice;
+ keymaster0_device_t* dev = *mDevice;
if (dev->delete_keypair != NULL) {
dev->delete_keypair(dev, get(), length());
}
}
private:
- keymaster_device_t** mDevice;
+ keymaster0_device_t** mDevice;
};
class UniqueReadOnlyBlob {
std::cout << "Using keymaster module: " << mod->name << std::endl;
- ASSERT_EQ(0, keymaster_open(mod, &sDevice))
+ ASSERT_EQ(0, keymaster0_open(mod, &sDevice))
<< "Should be able to open the keymaster device";
ASSERT_EQ(KEYMASTER_MODULE_API_VERSION_0_2, mod->module_api_version)
}
static void TearDownTestCase() {
- ASSERT_EQ(0, keymaster_close(sDevice));
+ ASSERT_EQ(0, keymaster0_close(sDevice));
}
protected:
- static keymaster_device_t* sDevice;
+ static keymaster0_device_t* sDevice;
};
-keymaster_device_t* KeymasterBaseTest::sDevice = NULL;
+keymaster0_device_t* KeymasterBaseTest::sDevice = NULL;
class KeymasterTest : public KeymasterBaseTest {
};
OSDN Git Service
