Update keymaster API to final signing spec

Switch from unspecified encoding for import of keys to PKCS#8 (Java standard encoding). Add function for obtaining the public key from a keypair. Add fields for RSA key generation that indicate modulus size and desired public exponent. Add in placeholder fields for possible digest and padding types for signatures. Currently the only thing supported is "none" and "none" respectively. Change-Id: I19ee02cf35321aee859e2460a963c7213791414b
author: Kenny Root <kroot@google.com> 2012-03-13 09:22:21 -0700
committer: Kenny Root <kroot@google.com> 2012-03-13 13:03:22 -0700
commit: 9271d04d888c5676ccd9707378d18cad0f06d607 (patch)
tree: a6889e437af581b2729a469a61369cac799312df
parent: a9a5f5d57fbcf0f953b940788625404dbcd2cc52 (diff)
download: libhardware-9271d04d888c5676ccd9707378d18cad0f06d607.tar.gz
1 files changed, 100 insertions, 23 deletions
diff --git a/include/hardware/keymaster.h b/include/hardware/keymaster.h
index 76ab75de..3c7799ac 100644
--- a/include/hardware/keymaster.h
+++ b/include/hardware/keymaster.h
@@ -32,16 +32,50 @@ __BEGIN_DECLS
 
 #define KEYSTORE_KEYMASTER "keymaster"
 
+/**
+ * The API level of this version of the header. The allows the implementing
+ * module to recognize which API level of the client it is dealing with in
+ * the case of pre-compiled binary clients.
+ */
+#define KEYMASTER_API_VERSION 1
+
 struct keystore_module {
-    struct hw_module_t common;
+    hw_module_t common;
 };
 
 /**
- * Key algorithm for imported keypairs.
+ * Asymmetric key pair types.
  */
 typedef enum {
-    ALGORITHM_RSA,
-} keymaster_keypair_algorithm_t;
+    TYPE_RSA = 1,
+} keymaster_keypair_t;
+
+/**
+ * Parameters needed to generate an RSA key.
+ */
+typedef struct {
+    uint32_t modulus_size;
+    uint64_t public_exponent;
+} keymaster_rsa_keygen_params_t;
+
+/**
+ * Digest type used for RSA operations.
+ */
+typedef enum {
+    DIGEST_NONE,
+} keymaster_rsa_digest_t;
+
+/**
+ * Type of padding used for RSA operations.
+ */
+typedef enum {
+    PADDING_NONE,
+} keymaster_rsa_padding_t;
+
+typedef struct {
+    keymaster_rsa_digest_t digest_type;
+    keymaster_rsa_padding_t padding_type;
+} keymaster_rsa_sign_params_t;
 
 /**
  * The parameters that can be set for a given keymaster implementation.
@@ -49,53 +83,96 @@ typedef enum {
 struct keymaster_device {
     struct hw_device_t common;
 
+    uint32_t client_version;
+
     void* context;
 
     /**
      * Generates a public and private key. The key-blob returned is opaque
-     * and will subsequently provided for signing and verification.
+     * and must subsequently provided for signing and verification.
      *
      * Returns: 0 on success or an error code less than 0.
      */
-    int (*generate_rsa_keypair)(const struct keymaster_device* dev,
-            int modulus_size, unsigned long public_exponent,
-            uint8_t** keyBlob, size_t* keyBlobLength);
+    int (*generate_keypair)(const struct keymaster_device* dev,
+            const keymaster_keypair_t key_type, const void* key_params,
+            uint8_t** key_blob, size_t* key_blob_length);
 
     /**
-     * Imports a public and private key pair. The imported keys should be in
-     * DER format. The key-blob returned is opaque and can be subsequently
-     * provided for signing and verification.
+     * Imports a public and private key pair. The imported keys will be in
+     * PKCS#8 format with DER encoding (Java standard). The key-blob
+     * returned is opaque and will be subsequently provided for signing
+     * and verification.
      *
      * Returns: 0 on success or an error code less than 0.
      */
     int (*import_keypair)(const struct keymaster_device* dev,
-            keymaster_keypair_algorithm_t algorithm,
-            uint8_t* privateKey, size_t* privateKeyLength,
-            uint8_t* publicKey, size_t* publicKeyLength,
-            uint8_t** keyBlob, size_t* keyBlobLength);
+            const uint8_t* key, const size_t key_length,
+            uint8_t** key_blob, size_t* key_blob_length);
 
     /**
-     * Signs data using a key-blob generated before.
+     * Gets the public key part of a key pair. The public key must be in
+     * X.509 format (Java standard) encoded byte array.
+     *
+     * Returns: 0 on success or an error code less than 0.
+     * On error, x509_data should not be allocated.
+     */
+    int (*get_keypair_public)(const struct keymaster_device* dev,
+            const uint8_t* key_blob, const size_t key_blob_length,
+            uint8_t** x509_data, size_t* x509_data_length);
+
+    /**
+     * Deletes the key pair associated with the key blob.
+     */
+    int (*delete_keypair)(const struct keymaster_device* dev,
+            const uint8_t* key_blob, const size_t key_blob_length);
+
+    /**
+     * Signs data using a key-blob generated before. This can use either
+     * an asymmetric key or a secret key.
      *
      * Returns: 0 on success or an error code less than 0.
      */
     int (*sign_data)(const struct keymaster_device* dev,
-            const uint8_t* keyBlob, const size_t keyBlobLength,
-            const uint8_t* data, const size_t dataLength,
-            uint8_t** signedData, size_t* signedDataLength);
+            const void* signing_params,
+            const uint8_t* key_blob, const size_t key_blob_length,
+            const uint8_t* data, const size_t data_length,
+            uint8_t** signed_data, size_t* signed_data_length);
 
     /**
-     * Verifies data signed with a key-blob.
+     * Verifies data signed with a key-blob. This can use either
+     * an asymmetric key or a secret key.
      *
      * Returns: 0 on successful verification or an error code less than 0.
      */
     int (*verify_data)(const struct keymaster_device* dev,
-            const uint8_t* keyBlob, const size_t keyBlobLength,
-            const uint8_t* signedData, const size_t signedDataLength,
-            const uint8_t* signature, const size_t signatureLength);
+            const void* signing_params,
+            const uint8_t* key_blob, const size_t key_blob_length,
+            const uint8_t* signed_data, const size_t signed_data_length,
+            const uint8_t* signature, const size_t signature_length);
 };
 typedef struct keymaster_device keymaster_device_t;
 
+
+/* Convenience API for opening and closing keymaster devices */
+
+static inline int keymaster_open(const struct hw_module_t* module,
+        keymaster_device_t** device)
+{
+    int rc = module->methods->open(module, KEYSTORE_KEYMASTER,
+            (struct hw_device_t**) device);
+
+    if (!rc) {
+        (*device)->client_version = KEYMASTER_API_VERSION;
+    }
+
+    return rc;
+}
+
+static inline int keymaster_close(keymaster_device_t* device)
+{
+    return device->common.close(&device->common);
+}
+
 __END_DECLS
 
 #endif  // ANDROID_HARDWARE_KEYMASTER_H
author	Kenny Root <kroot@google.com>	2012-03-13 09:22:21 -0700
committer	Kenny Root <kroot@google.com>	2012-03-13 13:03:22 -0700
commit	9271d04d888c5676ccd9707378d18cad0f06d607 (patch)
tree	a6889e437af581b2729a469a61369cac799312df
parent	a9a5f5d57fbcf0f953b940788625404dbcd2cc52 (diff)
download	libhardware-9271d04d888c5676ccd9707378d18cad0f06d607.tar.gz