You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
223 lines
7.1 KiB
223 lines
7.1 KiB
/*
|
|
* Copyright (C) 2012 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you
|
|
* may not use this file except in compliance with the License. You may
|
|
* obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
* implied. See the License for the specific language governing
|
|
* permissions and limitations under the License.
|
|
*/
|
|
|
|
#ifndef ANDROID_HARDWARE_QCOM_KEYMASTER_H
|
|
#define ANDROID_HARDWARE_QCOM_KEYMASTER_H
|
|
|
|
#include <stdint.h>
|
|
#include <sys/cdefs.h>
|
|
#include <sys/types.h>
|
|
|
|
__BEGIN_DECLS
|
|
|
|
#ifdef _ION_HEAP_MASK_COMPATIBILITY_WA
|
|
#define ION_HEAP_MASK heap_mask
|
|
#else
|
|
#define ION_HEAP_MASK heap_id_mask
|
|
#endif
|
|
|
|
/**
|
|
* The id of this module
|
|
*/
|
|
#define QCOM_KEYSTORE_KEYMASTER "qcom_keymaster"
|
|
/**
|
|
* Operation result
|
|
*/
|
|
#define KEYMATER_SUCCESS 0
|
|
#define KEYMASTER_FAILURE -1
|
|
|
|
/**
|
|
* The API level of this version of the header. The allows the implementing
|
|
* module to recognize which API level of the client it is dealing with in
|
|
* the case of pre-compiled binary clients.
|
|
*/
|
|
#define QCOM_KEYMASTER_API_VERSION KEYMASTER_MODULE_API_VERSION_0_3
|
|
|
|
#define KM_MAGIC_NUM (0x4B4D4B42) /* "KMKB" Key Master Key Blob in hex */
|
|
#define KM_KEY_SIZE_MAX (512) /* 4096 bits */
|
|
#define KM_IV_LENGTH (16) /* AES128 CBC IV */
|
|
#define KM_HMAC_LENGTH (32) /* SHA2 will be used for HMAC */
|
|
|
|
struct qcom_km_key_blob {
|
|
uint32_t magic_num;
|
|
uint32_t version_num;
|
|
uint8_t modulus[KM_KEY_SIZE_MAX];
|
|
uint32_t modulus_size;
|
|
uint8_t public_exponent[KM_KEY_SIZE_MAX];
|
|
uint32_t public_exponent_size;
|
|
uint8_t iv[KM_IV_LENGTH];
|
|
uint8_t encrypted_private_exponent[KM_KEY_SIZE_MAX];
|
|
uint32_t encrypted_private_exponent_size;
|
|
uint8_t hmac[KM_HMAC_LENGTH];
|
|
};
|
|
typedef struct qcom_km_key_blob qcom_km_key_blob_t;
|
|
/**
|
|
* Commands supported
|
|
*/
|
|
enum keymaster_cmd_t {
|
|
/*
|
|
* List the commands supportedin by the hardware.
|
|
*/
|
|
KEYMASTER_GENERATE_KEYPAIR = 0x00000001,
|
|
KEYMASTER_IMPORT_KEYPAIR = 0x00000002,
|
|
KEYMASTER_SIGN_DATA = 0x00000003,
|
|
KEYMASTER_VERIFY_DATA = 0x00000004,
|
|
};
|
|
|
|
|
|
/**
|
|
* Command to Generate a public and private key. The key data returned
|
|
* (by secure app) is in shared buffer at offset of "key_blob" and is opaque
|
|
*
|
|
* cmd_id : Command issue to secure app
|
|
* key_type : Currently on RSA_TYPE is supported
|
|
* rsa_params : Parameters needed to generate an RSA key
|
|
*/
|
|
struct keymaster_gen_keypair_cmd {
|
|
keymaster_cmd_t cmd_id;
|
|
keymaster_keypair_t key_type;
|
|
keymaster_rsa_keygen_params_t rsa_params;
|
|
};
|
|
typedef struct keymaster_gen_keypair_cmd keymaster_gen_keypair_cmd_t;
|
|
|
|
/**
|
|
* Response to Generate a public and private key. The key data returned
|
|
* (by secure app) is in shared buffer at offset of "key_blob" and is opaque
|
|
*
|
|
* cmd_id : Command issue to secure app
|
|
* key_blob : key blob data
|
|
* key_blob_len : Total length of key blob information
|
|
* status : Result (success 0, or failure -1)
|
|
*/
|
|
struct keymaster_gen_keypair_resp {
|
|
keymaster_cmd_t cmd_id;
|
|
qcom_km_key_blob_t key_blob;
|
|
size_t key_blob_len;
|
|
int32_t status;
|
|
};
|
|
typedef struct keymaster_gen_keypair_resp keymaster_gen_keypair_resp_t;
|
|
|
|
|
|
/**
|
|
* Command to import a public and private key pair. The imported keys
|
|
* will be in PKCS#8 format with DER encoding (Java standard). The key
|
|
* data returned (by secure app) is in shared buffer at offset of
|
|
* "key_blob" and is opaque
|
|
*
|
|
* cmd_id : Command issue to secure app
|
|
* pkcs8_key : Pointer to pkcs8 formatted key information
|
|
* pkcs8_key_len: PKCS8 formatted key length
|
|
*/
|
|
struct keymaster_import_keypair_cmd {
|
|
keymaster_cmd_t cmd_id;
|
|
uint32_t pkcs8_key;
|
|
size_t pkcs8_key_len;
|
|
};
|
|
typedef struct keymaster_import_keypair_cmd keymaster_import_keypair_cmd_t;
|
|
|
|
/**
|
|
* Response to import a public and private key. The key data returned
|
|
* (by secure app) is in shared buffer at offset of "key_blob" and is opaque
|
|
*
|
|
* cmd_id : Command issue to secure app
|
|
* key_blob : key blob data
|
|
* key_blob_len : Total length of key blob information
|
|
* status : Result (success 0, or failure -1)
|
|
*/
|
|
struct keymaster_import_keypair_resp {
|
|
keymaster_cmd_t cmd_id;
|
|
qcom_km_key_blob_t key_blob;
|
|
size_t key_blob_len;
|
|
int32_t status;
|
|
};
|
|
typedef struct keymaster_import_keypair_resp keymaster_import_keypair_resp_t;
|
|
|
|
/**
|
|
* Command to sign data using a key info generated before. This can use either
|
|
* an asymmetric key or a secret key.
|
|
* The signed data is returned (by secure app) at offset of data + dlen.
|
|
*
|
|
* cmd_id : Command issue to secure app
|
|
* sign_param :
|
|
* key_blob : Key data information (in shared buffer)
|
|
* data : Pointer to plain data buffer
|
|
* dlen : Plain data length
|
|
*/
|
|
struct keymaster_sign_data_cmd {
|
|
keymaster_cmd_t cmd_id;
|
|
keymaster_rsa_sign_params_t sign_param;
|
|
qcom_km_key_blob_t key_blob;
|
|
uint32_t data;
|
|
size_t dlen;
|
|
};
|
|
typedef struct keymaster_sign_data_cmd keymaster_sign_data_cmd_t;
|
|
|
|
/**
|
|
* Response to sign data response
|
|
*
|
|
* cmd_id : Command issue to secure app
|
|
* signed_data : signature
|
|
* sig_len : Signed data length
|
|
* status : Result (success 0, or failure -1)
|
|
*/
|
|
struct keymaster_sign_data_resp {
|
|
keymaster_cmd_t cmd_id;
|
|
uint8_t signed_data[KM_KEY_SIZE_MAX];
|
|
size_t sig_len;
|
|
int32_t status;
|
|
};
|
|
|
|
typedef struct keymaster_sign_data_resp keymaster_sign_data_resp_t;
|
|
|
|
/**
|
|
* Command to verify data using a key info generated before. This can use either
|
|
* an asymmetric key or a secret key.
|
|
*
|
|
* cmd_id : Command issue to secure app
|
|
* sign_param :
|
|
* key_blob : Key data information (in shared buffer)
|
|
* key_blob_len: Total key length
|
|
* signed_data : Pointer to signed data buffer
|
|
* signed_dlen : Signed data length
|
|
* signature : Offset to the signature data buffer (from signed data buffer)
|
|
* slen : Signature data length
|
|
*/
|
|
struct keymaster_verify_data_cmd {
|
|
keymaster_cmd_t cmd_id;
|
|
keymaster_rsa_sign_params_t sign_param;
|
|
qcom_km_key_blob_t key_blob;
|
|
uint32_t signed_data;
|
|
size_t signed_dlen;
|
|
uint32_t signature;
|
|
size_t slen;
|
|
};
|
|
typedef struct keymaster_verify_data_cmd keymaster_verify_data_cmd_t;
|
|
/**
|
|
* Response to verify data
|
|
*
|
|
* cmd_id : Command issue to secure app
|
|
* status : Result (success 0, or failure -1)
|
|
*/
|
|
struct keymaster_verify_data_resp {
|
|
keymaster_cmd_t cmd_id;
|
|
int32_t status;
|
|
};
|
|
typedef struct keymaster_verify_data_resp keymaster_verify_data_resp_t;
|
|
|
|
__END_DECLS
|
|
|
|
#endif // ANDROID_HARDWARE_QCOM_KEYMASTER_H
|