Merge "hardware keyguard HAL"
diff --git a/include/hardware/camera3.h b/include/hardware/camera3.h
index b705103..5fcbf0f 100644
--- a/include/hardware/camera3.h
+++ b/include/hardware/camera3.h
@@ -21,7 +21,7 @@
#include "camera_common.h"
/**
- * Camera device HAL 3.2 [ CAMERA_DEVICE_API_VERSION_3_2 ]
+ * Camera device HAL 3.3 [ CAMERA_DEVICE_API_VERSION_3_3 ]
*
* This is the current recommended version of the camera device HAL.
*
@@ -29,9 +29,14 @@
* android.hardware.camera2 API in LIMITED or FULL modes.
*
* Camera devices that support this version of the HAL must return
- * CAMERA_DEVICE_API_VERSION_3_2 in camera_device_t.common.version and in
+ * CAMERA_DEVICE_API_VERSION_3_3 in camera_device_t.common.version and in
* camera_info_t.device_version (from camera_module_t.get_camera_info).
*
+ * CAMERA_DEVICE_API_VERSION_3_3:
+ * Camera modules that may contain version 3.3 devices must implement at
+ * least version 2.2 of the camera module interface (as defined by
+ * camera_module_t.common.module_api_version).
+ *
* CAMERA_DEVICE_API_VERSION_3_2:
* Camera modules that may contain version 3.2 devices must implement at
* least version 2.2 of the camera module interface (as defined by
@@ -54,6 +59,7 @@
* S7. Key Performance Indicator (KPI) glossary
* S8. Sample Use Cases
* S9. Notes on Controls and Metadata
+ * S10. Reprocessing flow and controls
*/
/**
@@ -119,6 +125,9 @@
* - change the input buffer return path. The buffer is returned in
* process_capture_result instead of process_capture_request.
*
+ * 3.3: Minor revision of expanded-capability HAL:
+ *
+ * - OPAQUE and YUV reprocessing API updates.
*/
/**
@@ -1073,34 +1082,7 @@
*
* This includes some typical use case examples the camera HAL may support.
*
- * S8.1 Zero Shutter Lag (ZSL) with CAMERA3_STREAM_INPUT stream.
- *
- * When Zero Shutter Lag (ZSL) is supported by the camera device, the INPUT stream
- * can be used for application/framework implemented ZSL use case. This kind of stream
- * will be used by the framework as follows:
- *
- * 1. Framework configures an opaque raw format output stream that is used to
- * produce the ZSL output buffers. The stream pixel format will be
- * HAL_PIXEL_FORMAT_RAW_OPAQUE.
- *
- * 2. Framework configures an opaque raw format input stream that is used to
- * send the reprocess ZSL buffers to the HAL. The stream pixel format will
- * also be HAL_PIXEL_FORMAT_RAW_OPAQUE.
- *
- * 3. Framework configures a YUV/JPEG output stream that is used to receive the
- * reprocessed data. The stream pixel format will be YCbCr_420/HAL_PIXEL_FORMAT_BLOB.
- *
- * 4. Framework picks a ZSL buffer from the output stream when a ZSL capture is
- * issued by the application, and sends the data back as an input buffer in a
- * reprocessing request, then sends to the HAL for reprocessing.
- *
- * 5. The HAL sends back the output JPEG result to framework.
- *
- * The HAL can select the actual raw buffer format and configure the ISP pipeline
- * appropriately based on the HAL_PIXEL_FORMAT_RAW_OPAQUE format. See this format
- * definition for more details.
- *
- * S8.2 Zero Shutter Lag (ZSL) with CAMERA3_STREAM_BIDIRECTIONAL stream.
+ * S8.1 Zero Shutter Lag (ZSL) with CAMERA3_STREAM_BIDIRECTIONAL stream.
*
* For this use case, the bidirectional stream will be used by the framework as follows:
*
@@ -1136,6 +1118,56 @@
* as input.
* - And a HAL_PIXEL_FORMAT_BLOB (JPEG) output stream.
*
+ * S8.2 ZSL (OPAQUE) reprocessing with CAMERA3_STREAM_INPUT stream.
+ *
+ * CAMERA_DEVICE_API_VERSION_3_3:
+ * When OPAQUE_REPROCESSING capability is supported by the camera device, the INPUT stream
+ * can be used for application/framework implemented use case like Zero Shutter Lag (ZSL).
+ * This kind of stream will be used by the framework as follows:
+ *
+ * 1. Application/framework configures an opaque (RAW or YUV based) format output stream that is
+ * used to produce the ZSL output buffers. The stream pixel format will be
+ * HAL_PIXEL_FORMAT_IMPLEMENTATION_DEFINED.
+ *
+ * 2. Application/framework configures an opaque format input stream that is used to
+ * send the reprocessing ZSL buffers to the HAL. The stream pixel format will
+ * also be HAL_PIXEL_FORMAT_IMPLEMENTATION_DEFINED.
+ *
+ * 3. Application/framework configures a YUV/JPEG output stream that is used to receive the
+ * reprocessed data. The stream pixel format will be YCbCr_420/HAL_PIXEL_FORMAT_BLOB.
+ *
+ * 4. Application/framework picks a ZSL buffer from the ZSL output stream when a ZSL capture is
+ * issued by the application, and sends the data back as an input buffer in a
+ * reprocessing request, then sends to the HAL for reprocessing.
+ *
+ * 5. The HAL sends back the output YUV/JPEG result to framework.
+ *
+ * The HAL can select the actual opaque buffer format and configure the ISP pipeline
+ * appropriately based on the HAL_PIXEL_FORMAT_IMPLEMENTATION_DEFINED format and
+ * the gralloc usage flag GRALLOC_USAGE_HW_CAMERA_ZSL.
+
+ * S8.3 YUV reprocessing with CAMERA3_STREAM_INPUT stream.
+ *
+ * When YUV reprocessing is supported by the HAL, the INPUT stream
+ * can be used for the YUV reprocessing use cases like lucky-shot and image fusion.
+ * This kind of stream will be used by the framework as follows:
+ *
+ * 1. Application/framework configures an YCbCr_420 format output stream that is
+ * used to produce the output buffers.
+ *
+ * 2. Application/framework configures an YCbCr_420 format input stream that is used to
+ * send the reprocessing YUV buffers to the HAL.
+ *
+ * 3. Application/framework configures a YUV/JPEG output stream that is used to receive the
+ * reprocessed data. The stream pixel format will be YCbCr_420/HAL_PIXEL_FORMAT_BLOB.
+ *
+ * 4. Application/framework processes the output buffers (could be as simple as picking
+ * an output buffer directly) from the output stream when a capture is issued, and sends
+ * the data back as an input buffer in a reprocessing request, then sends to the HAL
+ * for reprocessing.
+ *
+ * 5. The HAL sends back the output YUV/JPEG result to framework.
+ *
*/
/**
@@ -1164,6 +1196,100 @@
* be included in the 'available modes' tag to represent this operating
* mode.
*/
+
+/**
+ * S10. Reprocessing flow and controls
+ *
+ * This section describes the OPAQUE and YUV reprocessing flow and controls. OPAQUE reprocessing
+ * uses an opaque format that is not directly application-visible, and the application can
+ * only select some of the output buffers and send back to HAL for reprocessing, while YUV
+ * reprocessing gives the application opportunity to process the buffers before reprocessing.
+ *
+ * S8 gives the stream configurations for the typical reprocessing uses cases,
+ * this section specifies the buffer flow and controls in more details.
+ *
+ * S10.1 OPAQUE (typically for ZSL use case) reprocessing flow and controls
+ *
+ * For OPAQUE reprocessing (e.g. ZSL) use case, after the application creates the specific
+ * output and input streams, runtime buffer flow and controls are specified as below:
+ *
+ * 1. Application starts output streaming by sending repeating requests for output
+ * opaque buffers and preview. The buffers are held by an application
+ * maintained circular buffer. The requests are based on CAMERA3_TEMPLATE_ZERO_SHUTTER_LAG
+ * capture template, which should have all necessary settings that guarantee output
+ * frame rate is not slowed down relative to sensor output frame rate.
+ *
+ * 2. When a capture is issued, the application selects one output buffer based
+ * on application buffer selection logic, e.g. good AE and AF statistics etc.
+ * Application then creates an reprocess request based on the capture result associated
+ * with this selected buffer. The selected output buffer is now added to this reprocess
+ * request as an input buffer, the output buffer of this reprocess request should be
+ * either JPEG output buffer or YUV output buffer, or both, depending on the application
+ * choice.
+ *
+ * 3. Application then alters the reprocess settings to get best image quality. The HAL must
+ * support and only support below controls if the HAL support OPAQUE_REPROCESSING capability:
+ * - android.jpeg.* (if JPEG buffer is included as one of the output)
+ * - android.noiseReduction.mode (change to HIGH_QUALITY if it is supported)
+ * - android.edge.mode (change to HIGH_QUALITY if it is supported)
+ * All other controls must be ignored by the HAL.
+ * 4. HAL processed the input buffer and return the output buffers in the capture results
+ * as normal.
+ *
+ * S10.2 YUV reprocessing flow and controls
+ *
+ * The YUV reprocessing buffer flow is similar as OPAQUE reprocessing, with below difference:
+ *
+ * 1. Application may want to have finer granularity control of the intermediate YUV images
+ * (before reprocessing). For example, application may choose
+ * - android.noiseReduction.mode == MINIMAL
+ * to make sure the no YUV domain noise reduction has applied to the output YUV buffers,
+ * then it can do its own advanced noise reduction on them. For OPAQUE reprocessing case, this
+ * doesn't matter, as long as the final reprocessed image has the best quality.
+ * 2. Application may modify the YUV output buffer data. For example, for image fusion use
+ * case, where multiple output images are merged together to improve the signal-to-noise
+ * ratio (SNR). The input buffer may be generated from multiple buffers by the application.
+ * To avoid excessive amount of noise reduction and insufficient amount of edge enhancement
+ * being applied to the input buffer, the application can hint the HAL how much effective
+ * exposure time improvement has been done by the application, then the HAL can adjust the
+ * noise reduction and edge enhancement paramters to get best reprocessed image quality.
+ * Below tag can be used for this purpose:
+ * - android.reprocess.effectiveExposureFactor
+ * The value would be exposure time increase factor applied to the original output image,
+ * for example, if there are N image merged, the exposure time increase factor would be up
+ * to sqrt(N). See this tag spec for more details.
+ *
+ * S10.3 Reprocessing pipeline characteristics
+ *
+ * Reprocessing pipeline has below different characteristics comparing with normal output
+ * pipeline:
+ *
+ * 1. The reprocessing result can be returned ahead of the pending normal output results. But
+ * the FIFO ordering must be maintained for all reprocessing results. For example, there are
+ * below requests (A stands for output requests, B stands for reprocessing requests)
+ * being processed by the HAL:
+ * A1, A2, A3, A4, B1, A5, B2, A6...
+ * result of B1 can be returned before A1-A4, but result of B2 must be returned after B1.
+ * 2. Single input rule: For a given reprocessing request, all output buffers must be from the
+ * input buffer, rather than sensor output. For example, if a reprocess request include both
+ * JPEG and preview buffers, all output buffers must be produced from the input buffer
+ * included by the reprocessing request, rather than sensor. The HAL must not output preview
+ * buffers from sensor, while output JPEG buffer from the input buffer.
+ * 3. Input buffer will be from camera output directly (ZSL case) or indirectly(image fusion
+ * case). For the case where buffer is modified, the size will remain same. The HAL can
+ * notify CAMERA3_MSG_ERROR_REQUEST if buffer from unknown source is sent.
+ * 4. Result as reprocessing request: The HAL can expect that a reprocessing request is a copy
+ * of one of the output results with minor allowed setting changes. The HAL can notify
+ * CAMERA3_MSG_ERROR_REQUEST if a request from unknown source is issued.
+ * 5. Output buffers may not be used as inputs across the configure stream boundary, This is
+ * because an opaque stream like the ZSL output stream may have different actual image size
+ * inside of the ZSL buffer to save power and bandwidth for smaller resolution JPEG capture.
+ * The HAL may notify CAMERA3_MSG_ERROR_REQUEST if this case occurs.
+ * 6. HAL Reprocess requests error reporting during flush should follow the same rule specified
+ * by flush() method.
+ *
+ */
+
__BEGIN_DECLS
struct camera3_device;
@@ -1211,8 +1337,9 @@
* quality images (that otherwise would cause a frame rate performance
* loss), or to do off-line reprocessing.
*
- * A typical use case is Zero Shutter Lag (ZSL), see S8.1 for more details.
- *
+ * CAMERA_DEVICE_API_VERSION_3_3:
+ * The typical use cases are OPAQUE (typically ZSL) and YUV reprocessing,
+ * see S8.2, S8.3 and S10 for more details.
*/
CAMERA3_STREAM_INPUT = 1,
@@ -1223,7 +1350,7 @@
*
* This kind of stream is meant generally for Zero Shutter Lag (ZSL)
* features, where copying the captured image from the output buffer to the
- * reprocessing input buffer would be expensive. See S8.2 for more details.
+ * reprocessing input buffer would be expensive. See S8.1 for more details.
*
* Note that the HAL will always be reprocessing data it produced.
*
diff --git a/include/hardware/camera_common.h b/include/hardware/camera_common.h
index f941991..f315bfb 100644
--- a/include/hardware/camera_common.h
+++ b/include/hardware/camera_common.h
@@ -90,15 +90,29 @@
*******************************************************************************
* Version: 2.4 [CAMERA_MODULE_API_VERSION_2_4]
*
- * This camera module version adds torch mode support. The framework can
- * use it to turn on torch mode for any camera device that has a flash unit,
- * without opening a camera device. The camera device has a higher priority
- * accessing the flash unit than the camera module; opening a camera device
- * will turn off the torch if it had been enabled through the module
- * interface. When there are any resource conflicts, such as open() is called
- * to open a camera device, the camera HAL module must notify the framework
- * through the torch mode status callback that the torch mode has been turned
- * off.
+ * This camera module version adds below API changes:
+ *
+ * 1. Torch mode support. The framework can use it to turn on torch mode for
+ * any camera device that has a flash unit, without opening a camera device. The
+ * camera device has a higher priority accessing the flash unit than the camera
+ * module; opening a camera device will turn off the torch if it had been enabled
+ * through the module interface. When there are any resource conflicts, such as
+ * open() is called to open a camera device, the camera HAL module must notify the
+ * framework through the torch mode status callback that the torch mode has been
+ * turned off.
+ *
+ * 2. External camera (e.g. USB hot-plug camera) support. The API updates specify that
+ * the camera static info is only available when camera is connected and ready to
+ * use for external hot-plug cameras. Calls to get static info will be invalid
+ * calls when camera status is not CAMERA_DEVICE_STATUS_PRESENT. The frameworks
+ * will only count on device status change callbacks to manage the available external
+ * camera list.
+ *
+ * 3. Camera arbitration hints. This module version adds support for explicitly
+ * indicating the number of camera devices that can be simultaneously opened and used.
+ * To specify valid combinations of devices, the resource_cost and conflicting_devices
+ * fields should always be set in the camera_info structure returned by the
+ * get_camera_info call.
*/
/**
@@ -128,10 +142,11 @@
#define CAMERA_DEVICE_API_VERSION_3_0 HARDWARE_DEVICE_API_VERSION(3, 0)
#define CAMERA_DEVICE_API_VERSION_3_1 HARDWARE_DEVICE_API_VERSION(3, 1)
#define CAMERA_DEVICE_API_VERSION_3_2 HARDWARE_DEVICE_API_VERSION(3, 2)
+#define CAMERA_DEVICE_API_VERSION_3_3 HARDWARE_DEVICE_API_VERSION(3, 3)
-// Device version 3.2 is current, older HAL camera device versions are not
+// Device version 3.3 is current, older HAL camera device versions are not
// recommended for new devices.
-#define CAMERA_DEVICE_API_VERSION_CURRENT CAMERA_DEVICE_API_VERSION_3_2
+#define CAMERA_DEVICE_API_VERSION_CURRENT CAMERA_DEVICE_API_VERSION_3_3
/**
* Defined in /system/media/camera/include/system/camera_metadata.h
@@ -140,11 +155,19 @@
typedef struct camera_info {
/**
- * The direction that the camera faces to. It should be CAMERA_FACING_BACK
- * or CAMERA_FACING_FRONT.
+ * The direction that the camera faces to. See system/core/include/system/camera.h
+ * for camera facing definitions.
*
- * Version information:
- * Valid in all camera_module versions
+ * Version information (based on camera_module_t.common.module_api_version):
+ *
+ * CAMERA_MODULE_API_VERSION_2_3 or lower:
+ *
+ * It should be CAMERA_FACING_BACK or CAMERA_FACING_FRONT.
+ *
+ * CAMERA_MODULE_API_VERSION_2_4 or higher:
+ *
+ * It should be CAMERA_FACING_BACK, CAMERA_FACING_FRONT or
+ * CAMERA_FACING_EXTERNAL.
*/
int facing;
@@ -160,8 +183,16 @@
* top side of a front-facing camera sensor is aligned with the right of the
* screen, the value should be 270.
*
- * Version information:
- * Valid in all camera_module versions
+ * Version information (based on camera_module_t.common.module_api_version):
+ *
+ * CAMERA_MODULE_API_VERSION_2_3 or lower:
+ *
+ * Valid in all camera_module versions.
+ *
+ * CAMERA_MODULE_API_VERSION_2_4 or higher:
+ *
+ * Valid if camera facing is CAMERA_FACING_BACK or CAMERA_FACING_FRONT,
+ * not valid if camera facing is CAMERA_FACING_EXTERNAL.
*/
int orientation;
@@ -183,9 +214,9 @@
uint32_t device_version;
/**
- * The camera's fixed characteristics, which include all camera metadata in
- * the android.*.info.* sections. This should be a sorted metadata buffer,
- * and may not be modified or freed by the caller. The pointer should remain
+ * The camera's fixed characteristics, which include all static camera metadata
+ * specified in system/media/camera/docs/docs.html. This should be a sorted metadata
+ * buffer, and may not be modified or freed by the caller. The pointer should remain
* valid for the lifetime of the camera module, and values in it may not
* change after it is returned by get_camera_info().
*
@@ -203,6 +234,80 @@
*
*/
const camera_metadata_t *static_camera_characteristics;
+
+ /**
+ * The total resource "cost" of using this this camera, represented as
+ * an integer value in the range [0, 100] where 100 represents total usage
+ * of the shared resource that is the limiting bottleneck of the camera
+ * subsystem.
+ *
+ * The camera service must be able to simultaneously open and use any
+ * combination of camera devices exposed by the HAL where the sum of
+ * the resource costs of these cameras is <= 100. For determining cost,
+ * each camera device must be assumed to be configured and operating at
+ * the maximally resource-consuming framerate and stream size settings
+ * available in the configuration settings exposed for that device through
+ * the camera metadata.
+ *
+ * Note: The camera service may still attempt to simultaneously open
+ * combinations of camera devices with a total resource cost > 100. This
+ * may succeed or fail. If this succeeds, combinations of configurations
+ * that are not supported should fail during the configure calls. If the
+ * total resource cost is <= 100, configuration should never fail due to
+ * resource constraints.
+ *
+ * Version information (based on camera_module_t.common.module_api_version):
+ *
+ * CAMERA_MODULE_API_VERSION_2_3 or lower:
+ *
+ * Not valid. Can be assumed to be 100. Do not read this field.
+ *
+ * CAMERA_MODULE_API_VERSION_2_4 or higher:
+ *
+ * Always valid.
+ */
+ int resource_cost;
+
+ /**
+ * An array of camera device IDs represented as NULL-terminated strings
+ * indicating other devices that cannot be simultaneously opened while this
+ * camera device is in use.
+ *
+ * This field is intended to be used to indicate that this camera device
+ * is a composite of several other camera devices, or otherwise has
+ * hardware dependencies that prohibit simultaneous usage. If there are no
+ * dependencies, a NULL may be returned in this field to indicate this.
+ *
+ * The camera service will never simultaneously open any of the devices
+ * in this list while this camera device is open.
+ *
+ * Version information (based on camera_module_t.common.module_api_version):
+ *
+ * CAMERA_MODULE_API_VERSION_2_3 or lower:
+ *
+ * Not valid. Can be assumed to be NULL. Do not read this field.
+ *
+ * CAMERA_MODULE_API_VERSION_2_4 or higher:
+ *
+ * Always valid.
+ */
+ char** conflicting_devices;
+
+ /**
+ * The length of the array given in the conflicting_devices field.
+ *
+ * Version information (based on camera_module_t.common.module_api_version):
+ *
+ * CAMERA_MODULE_API_VERSION_2_3 or lower:
+ *
+ * Not valid. Can be assumed to be 0. Do not read this field.
+ *
+ * CAMERA_MODULE_API_VERSION_2_4 or higher:
+ *
+ * Always valid.
+ */
+ size_t conflicting_devices_length;
+
} camera_info_t;
/**
@@ -226,23 +331,51 @@
typedef enum camera_device_status {
/**
* The camera device is not currently connected, and opening it will return
- * failure. Calls to get_camera_info must still succeed, and provide the
- * same information it would if the camera were connected
+ * failure.
+ *
+ * Version information (based on camera_module_t.common.module_api_version):
+ *
+ * CAMERA_MODULE_API_VERSION_2_3 or lower:
+ *
+ * Calls to get_camera_info must still succeed, and provide the same information
+ * it would if the camera were connected.
+ *
+ * CAMERA_MODULE_API_VERSION_2_4:
+ *
+ * The camera device at this status must return -EINVAL for get_camera_info call,
+ * as the device is not connected.
*/
CAMERA_DEVICE_STATUS_NOT_PRESENT = 0,
/**
- * The camera device is connected, and opening it will succeed. The
- * information returned by get_camera_info cannot change due to this status
- * change. By default, the framework will assume all devices are in this
- * state.
+ * The camera device is connected, and opening it will succeed.
+ *
+ * CAMERA_MODULE_API_VERSION_2_3 or lower:
+ *
+ * The information returned by get_camera_info cannot change due to this status
+ * change. By default, the framework will assume all devices are in this state.
+ *
+ * CAMERA_MODULE_API_VERSION_2_4:
+ *
+ * The information returned by get_camera_info will become valid after a device's
+ * status changes to this. By default, the framework will assume all devices are in
+ * this state.
*/
CAMERA_DEVICE_STATUS_PRESENT = 1,
/**
* The camera device is connected, but it is undergoing an enumeration and
- * so opening the device will return -EBUSY. Calls to get_camera_info
- * must still succeed, as if the camera was in the PRESENT status.
+ * so opening the device will return -EBUSY.
+ *
+ * CAMERA_MODULE_API_VERSION_2_3 or lower:
+ *
+ * Calls to get_camera_info must still succeed, as if the camera was in the
+ * PRESENT status.
+ *
+ * CAMERA_MODULE_API_VERSION_2_4:
+ *
+ * The camera device at this status must return -EINVAL for get_camera_info for call,
+ * as the device is not ready.
*/
CAMERA_DEVICE_STATUS_ENUMERATING = 2,
@@ -422,8 +555,21 @@
* simply the number converted to a string. That is, "0" for camera ID 0,
* "1" for camera ID 1.
*
- * The value here must be static, and cannot change after the first call to
- * this method
+ * Version information (based on camera_module_t.common.module_api_version):
+ *
+ * CAMERA_MODULE_API_VERSION_2_3 or lower:
+ *
+ * The value here must be static, and cannot change after the first call
+ * to this method.
+ *
+ * CAMERA_MODULE_API_VERSION_2_4 or higher:
+ *
+ * The value here must be static, and must count only built-in cameras,
+ * which have CAMERA_FACING_BACK or CAMERA_FACING_FRONT camera facing values
+ * (camera_info.facing). The HAL must not include the external cameras
+ * (camera_info.facing == CAMERA_FACING_EXTERNAL) into the return value
+ * of this call. Frameworks will use camera_device_status_change callback
+ * to manage number of external cameras.
*/
int (*get_number_of_cameras)(void);
@@ -442,6 +588,14 @@
*
* -EINVAL: The input arguments are invalid, i.e. the id is invalid,
* and/or the module is invalid.
+ *
+ * Version information (based on camera_module_t.common.module_api_version):
+ *
+ * CAMERA_MODULE_API_VERSION_2_4 or higher:
+ *
+ * When a camera is disconnected, its camera id becomes invalid. Calling this
+ * this method with this invalid camera id will get -EINVAL and NULL camera
+ * static metadata (camera_info.static_camera_characteristics).
*/
int (*get_camera_info)(int camera_id, struct camera_info *info);
diff --git a/include/hardware/keymaster.h b/include/hardware/keymaster.h
index 8c5ff14..2c6e29d 100644
--- a/include/hardware/keymaster.h
+++ b/include/hardware/keymaster.h
@@ -22,6 +22,7 @@
#include <sys/types.h>
#include <hardware/hardware.h>
+#include <hardware/keymaster_defs.h>
__BEGIN_DECLS
@@ -36,51 +37,19 @@
* Settings for "module_api_version" and "hal_api_version"
* fields in the keymaster_module initialization.
*/
-#define KEYMASTER_HEADER_VERSION 3
+#define KEYMASTER_HEADER_VERSION 4
-#define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2)
-#define KEYMASTER_DEVICE_API_VERSION_0_2 HARDWARE_DEVICE_API_VERSION_2(0, 2, KEYMASTER_HEADER_VERSION)
+#define KEYMASTER_MODULE_API_VERSION_0_2 HARDWARE_MODULE_API_VERSION(0, 2)
+#define KEYMASTER_DEVICE_API_VERSION_0_2 \
+ HARDWARE_DEVICE_API_VERSION_2(0, 2, KEYMASTER_HEADER_VERSION)
-#define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3)
-#define KEYMASTER_DEVICE_API_VERSION_0_3 HARDWARE_DEVICE_API_VERSION_2(0, 3, KEYMASTER_HEADER_VERSION)
+#define KEYMASTER_MODULE_API_VERSION_0_3 HARDWARE_MODULE_API_VERSION(0, 3)
+#define KEYMASTER_DEVICE_API_VERSION_0_3 \
+ HARDWARE_DEVICE_API_VERSION_2(0, 3, KEYMASTER_HEADER_VERSION)
-/**
- * Flags for keymaster_device::flags
- */
-enum {
- /*
- * Indicates this keymaster implementation does not have hardware that
- * keeps private keys out of user space.
- *
- * This should not be implemented on anything other than the default
- * implementation.
- */
- KEYMASTER_SOFTWARE_ONLY = 1 << 0,
-
- /*
- * This indicates that the key blobs returned via all the primitives
- * are sufficient to operate on their own without the trusted OS
- * querying userspace to retrieve some other data. Key blobs of
- * this type are normally returned encrypted with a
- * Key Encryption Key (KEK).
- *
- * This is currently used by "vold" to know whether the whole disk
- * encryption secret can be unwrapped without having some external
- * service started up beforehand since the "/data" partition will
- * be unavailable at that point.
- */
- KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1,
-
- /*
- * Indicates that the keymaster module supports DSA keys.
- */
- KEYMASTER_SUPPORTS_DSA = 1 << 2,
-
- /*
- * Indicates that the keymaster module supports EC keys.
- */
- KEYMASTER_SUPPORTS_EC = 1 << 3,
-};
+#define KEYMASTER_MODULE_API_VERSION_0_4 HARDWARE_MODULE_API_VERSION(0, 4)
+#define KEYMASTER_DEVICE_API_VERSION_0_4 \
+ HARDWARE_DEVICE_API_VERSION_2(0, 4, KEYMASTER_HEADER_VERSION)
struct keystore_module {
/**
@@ -93,82 +62,6 @@
};
/**
- * Asymmetric key pair types.
- */
-typedef enum {
- TYPE_RSA = 1,
- TYPE_DSA = 2,
- TYPE_EC = 3,
-} keymaster_keypair_t;
-
-/**
- * Parameters needed to generate an RSA key.
- */
-typedef struct {
- uint32_t modulus_size;
- uint64_t public_exponent;
-} keymaster_rsa_keygen_params_t;
-
-/**
- * Parameters needed to generate a DSA key.
- */
-typedef struct {
- uint32_t key_size;
- uint32_t generator_len;
- uint32_t prime_p_len;
- uint32_t prime_q_len;
- const uint8_t* generator;
- const uint8_t* prime_p;
- const uint8_t* prime_q;
-} keymaster_dsa_keygen_params_t;
-
-/**
- * Parameters needed to generate an EC key.
- *
- * Field size is the only parameter in version 2. The sizes correspond to these required curves:
- *
- * 192 = NIST P-192
- * 224 = NIST P-224
- * 256 = NIST P-256
- * 384 = NIST P-384
- * 521 = NIST P-521
- *
- * The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf
- * in Chapter 4.
- */
-typedef struct {
- uint32_t field_size;
-} keymaster_ec_keygen_params_t;
-
-/**
- * Digest type.
- */
-typedef enum {
- DIGEST_NONE,
-} keymaster_digest_t;
-
-/**
- * Type of padding used for RSA operations.
- */
-typedef enum {
- PADDING_NONE,
-} keymaster_rsa_padding_t;
-
-
-typedef struct {
- keymaster_digest_t digest_type;
-} keymaster_dsa_sign_params_t;
-
-typedef struct {
- keymaster_digest_t digest_type;
-} keymaster_ec_sign_params_t;
-
-typedef struct {
- keymaster_digest_t digest_type;
- keymaster_rsa_padding_t padding_type;
-} keymaster_rsa_sign_params_t;
-
-/**
* The parameters that can be set for a given keymaster implementation.
*/
struct keymaster_device {
@@ -194,52 +87,49 @@
void* context;
/**
- * Generates a public and private key. The key-blob returned is opaque
- * and must subsequently provided for signing and verification.
+ * \deprecated Generates a public and private key. The key-blob returned is opaque and must
+ * subsequently provided for signing and verification.
*
* Returns: 0 on success or an error code less than 0.
*/
- int (*generate_keypair)(const struct keymaster_device* dev,
- const keymaster_keypair_t key_type, const void* key_params,
- uint8_t** key_blob, size_t* key_blob_length);
+ int (*generate_keypair)(const struct keymaster_device* dev, const keymaster_keypair_t key_type,
+ const void* key_params, uint8_t** key_blob, size_t* key_blob_length);
/**
- * Imports a public and private key pair. The imported keys will be in
- * PKCS#8 format with DER encoding (Java standard). The key-blob
- * returned is opaque and will be subsequently provided for signing
- * and verification.
+ * \deprecated Imports a public and private key pair. The imported keys will be in PKCS#8 format
+ * with DER encoding (Java standard). The key-blob returned is opaque and will be subsequently
+ * provided for signing and verification.
*
* Returns: 0 on success or an error code less than 0.
*/
- int (*import_keypair)(const struct keymaster_device* dev,
- const uint8_t* key, const size_t key_length,
- uint8_t** key_blob, size_t* key_blob_length);
+ int (*import_keypair)(const struct keymaster_device* dev, const uint8_t* key,
+ const size_t key_length, uint8_t** key_blob, size_t* key_blob_length);
/**
- * Gets the public key part of a key pair. The public key must be in
- * X.509 format (Java standard) encoded byte array.
+ * \deprecated Gets the public key part of a key pair. The public key must be in X.509 format
+ * (Java standard) encoded byte array.
*
- * Returns: 0 on success or an error code less than 0.
- * On error, x509_data should not be allocated.
+ * Returns: 0 on success or an error code less than 0. On error, x509_data
+ * should not be allocated.
*/
- int (*get_keypair_public)(const struct keymaster_device* dev,
- const uint8_t* key_blob, const size_t key_blob_length,
- uint8_t** x509_data, size_t* x509_data_length);
+ int (*get_keypair_public)(const struct keymaster_device* dev, const uint8_t* key_blob,
+ const size_t key_blob_length, uint8_t** x509_data,
+ size_t* x509_data_length);
/**
- * Deletes the key pair associated with the key blob.
+ * \deprecated Deletes the key pair associated with the key blob.
*
* This function is optional and should be set to NULL if it is not
* implemented.
*
* Returns 0 on success or an error code less than 0.
*/
- int (*delete_keypair)(const struct keymaster_device* dev,
- const uint8_t* key_blob, const size_t key_blob_length);
+ int (*delete_keypair)(const struct keymaster_device* dev, const uint8_t* key_blob,
+ const size_t key_blob_length);
/**
- * Deletes all keys in the hardware keystore. Used when keystore is
- * reset completely.
+ * \deprecated Deletes all keys in the hardware keystore. Used when keystore is reset
+ * completely.
*
* This function is optional and should be set to NULL if it is not
* implemented.
@@ -249,45 +139,515 @@
int (*delete_all)(const struct keymaster_device* dev);
/**
- * Signs data using a key-blob generated before. This can use either
- * an asymmetric key or a secret key.
+ * \deprecated Signs data using a key-blob generated before. This can use either an asymmetric
+ * key or a secret key.
*
* Returns: 0 on success or an error code less than 0.
*/
- int (*sign_data)(const struct keymaster_device* dev,
- const void* signing_params,
- const uint8_t* key_blob, const size_t key_blob_length,
- const uint8_t* data, const size_t data_length,
- uint8_t** signed_data, size_t* signed_data_length);
+ int (*sign_data)(const struct keymaster_device* dev, const void* signing_params,
+ const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data,
+ const size_t data_length, uint8_t** signed_data, size_t* signed_data_length);
/**
- * Verifies data signed with a key-blob. This can use either
- * an asymmetric key or a secret key.
+ * \deprecated Verifies data signed with a key-blob. This can use either an asymmetric key or a
+ * secret key.
*
* Returns: 0 on successful verification or an error code less than 0.
*/
- int (*verify_data)(const struct keymaster_device* dev,
- const void* signing_params,
- const uint8_t* key_blob, const size_t key_blob_length,
- const uint8_t* signed_data, const size_t signed_data_length,
- const uint8_t* signature, const size_t signature_length);
+ int (*verify_data)(const struct keymaster_device* dev, const void* signing_params,
+ const uint8_t* key_blob, const size_t key_blob_length,
+ const uint8_t* signed_data, const size_t signed_data_length,
+ const uint8_t* signature, const size_t signature_length);
+
+ /**
+ * Gets algorithms supported.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[out] algorithms Array of algorithms supported. The caller takes ownership of the
+ * array and must free() it.
+ *
+ * \param[out] algorithms_length Length of \p algorithms.
+ */
+ keymaster_error_t (*get_supported_algorithms)(const struct keymaster_device* dev,
+ keymaster_algorithm_t** algorithms,
+ size_t* algorithms_length);
+
+ /**
+ * Gets the block modes supported for the specified algorithm.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] algorithm The algorithm for which supported modes will be returned.
+ *
+ * \param[out] modes Array of modes supported. The caller takes ownership of the array and must
+ * free() it.
+ *
+ * \param[out] modes_length Length of \p modes.
+ */
+ keymaster_error_t (*get_supported_block_modes)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_purpose_t purpose,
+ keymaster_block_mode_t** modes,
+ size_t* modes_length);
+
+ /**
+ * Gets the padding modes supported for the specified algorithm. Caller assumes ownership of
+ * the allocated array.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] algorithm The algorithm for which supported padding modes will be returned.
+ *
+ * \param[out] modes Array of padding modes supported. The caller takes ownership of the array
+ * and must free() it.
+ *
+ * \param[out] modes_length Length of \p modes.
+ */
+ keymaster_error_t (*get_supported_padding_modes)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_purpose_t purpose,
+ keymaster_padding_t** modes,
+ size_t* modes_length);
+
+ /**
+ * Gets the digests supported for the specified algorithm. Caller assumes ownership of the
+ * allocated array.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] algorithm The algorithm for which supported digests will be returned.
+ *
+ * \param[out] digests Array of digests supported. The caller takes ownership of the array and
+ * must free() it.
+ *
+ * \param[out] digests_length Length of \p digests.
+ */
+ keymaster_error_t (*get_supported_digests)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_purpose_t purpose,
+ keymaster_digest_t** digests,
+ size_t* digests_length);
+
+ /**
+ * Gets the key import formats supported for keys of the specified algorithm. Caller assumes
+ * ownership of the allocated array.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] algorithm The algorithm for which supported formats will be returned.
+ *
+ * \param[out] formats Array of formats supported. The caller takes ownership of the array and
+ * must free() it.
+ *
+ * \param[out] formats_length Length of \p formats.
+ */
+ keymaster_error_t (*get_supported_import_formats)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_key_format_t** formats,
+ size_t* formats_length);
+
+ /**
+ * Gets the key export formats supported for keys of the specified algorithm. Caller assumes
+ * ownership of the allocated array.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] algorithm The algorithm for which supported formats will be returned.
+ *
+ * \param[out] formats Array of formats supported. The caller takes ownership of the array and
+ * must free() it.
+ *
+ * \param[out] formats_length Length of \p formats.
+ */
+ keymaster_error_t (*get_supported_export_formats)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_key_format_t** formats,
+ size_t* formats_length);
+
+ /**
+ * Adds entropy to the RNG used by keymaster. Entropy added through this method is guaranteed
+ * not to be the only source of entropy used, and the mixing function is required to be secure,
+ * in the sense that if the RNG is seeded (from any source) with any data the attacker cannot
+ * predict (or control), then the RNG output is indistinguishable from random. Thus, if the
+ * entropy from any source is good, the output will be good.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] data Random data to be mixed in.
+ *
+ * \param[in] data_length Length of \p data.
+ */
+ keymaster_error_t (*add_rng_entropy)(const struct keymaster_device* dev, const uint8_t* data,
+ size_t data_length);
+
+ /**
+ * Generates a key, or key pair, returning a key blob and/or a description of the key.
+ *
+ * Key generation parameters are defined as keymaster tag/value pairs, provided in \p params.
+ * See keymaster_tag_t for the full list. Some values that are always required for generation
+ * of useful keys are:
+ *
+ * - KM_TAG_ALGORITHM;
+ * - KM_TAG_PURPOSE;
+ * - KM_TAG_USER_ID or KM_TAG_ALL_USERS;
+ * - KM_TAG_USER_AUTH_ID or KM_TAG_NO_AUTH_REQUIRED;
+ * - KM_TAG_APPLICATION_ID or KM_TAG_ALL_APPLICATIONS; and
+ * - KM_TAG_ORIGINATION_EXPIRE_DATETIME
+ *
+ * KM_TAG_AUTH_TIMEOUT should generally be specified unless KM_TAG_NO_AUTH_REQUIRED is present,
+ * or the user will have to authenticate for every use.
+ *
+ * KM_TAG_BLOCK_MODE, KM_TAG_PADDING, KM_TAG_MAC_LENGTH and KM_TAG_DIGEST must be specified for
+ * algorithms that require them.
+ *
+ * The following tags will take default values if unspecified:
+ *
+ * - KM_TAG_KEY_SIZE defaults to a recommended key size for the specified algorithm.
+ *
+ * - KM_TAG_USAGE_EXPIRE_DATETIME defaults to the value of KM_TAG_ORIGINATION_EXPIRE_DATETIME.
+ *
+ * - KM_TAG_ACTIVE_DATETIME will default to the value of KM_TAG_CREATION_DATETIME
+ *
+ * - KM_TAG_ROOT_OF_TRUST will default to the current root of trust.
+ *
+ * - KM_TAG_{RSA|DSA|DH}_* will default to values appropriate for the specified key size.
+ *
+ * The following tags may not be specified; their values will be provided by the implementation.
+ *
+ * - KM_TAG_ORIGIN,
+ *
+ * - KM_TAG_ROLLBACK_RESISTANT,
+ *
+ * - KM_TAG_CREATION_DATETIME,
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] params Array of key generation parameters.
+ *
+ * \param[in] params_count Length of \p params.
+ *
+ * \param[out] key_blob returns the generated key. If \p key_blob is NULL, no key is generated,
+ * but the characteristics of the key that would be generated are returned. The caller assumes
+ * ownership key_blob->key_material and must free() it.
+ *
+ * \param[out] characteristics returns the characteristics of the key that was, or would be,
+ * generated, if non-NULL. The caller assumes ownership, and the object must be freed with
+ * keymaster_free_characteristics(). Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and
+ * KM_TAG_APPLICATION_DATA are never returned.
+ */
+ keymaster_error_t (*generate_key)(const struct keymaster_device* dev,
+ const keymaster_key_param_t* params, size_t params_count,
+ keymaster_key_blob_t* key_blob,
+ keymaster_key_characteristics_t** characteristics);
+
+ /**
+ * Returns the characteristics of the specified key, or NULL if the key_blob is invalid
+ * (implementations must fully validate the integrity of the key). client_id and app_data must
+ * be the ID and data provided when the key was generated or imported. Those values are not
+ * included in the returned characteristics. Caller assumes ownership of the allocated
+ * characteristics object, which must be deallocated with keymaster_free_characteristics().
+ *
+ * Note that KM_TAG_ROOT_OF_TRUST, KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA are never
+ * returned.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] key_blob The key to retreive characteristics from.
+ *
+ * \param[in] client_id The client ID data, or NULL if none associated.
+ *
+ * \param[in] app_id The app data, or NULL if none associated.
+ *
+ * \param[out] characteristics The key characteristics.
+ */
+ keymaster_error_t (*get_key_characteristics)(const struct keymaster_device* dev,
+ const keymaster_key_blob_t* key_blob,
+ const keymaster_blob_t* client_id,
+ const keymaster_blob_t* app_data,
+ keymaster_key_characteristics_t** characteristics);
+
+ /**
+ * Change a key's authorizations.
+ *
+ * Update the authorizations associated with key_blob to the list specified in new_params, which
+ * must contain the complete set of authorizations desired (hw_enforced and sw_enforced). Tags
+ * will be added, removed and/or updated only if the appropriate KM_TAG_RESCOPING_ADD and
+ * KM_TAG_RESCOPING_DEL tags exist in the key's authorizations, otherwise
+ * KM_ERROR_INVALID_RESCOPING will be returned and no changes will be made.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] new_params The new authorization list to be associated with the key.
+ *
+ * \param[in] new_params_count The number of entries in \p new_params.
+ *
+ * \param[in] key_blob The key to update.
+ *
+ * \param[in] client_id The client ID associated with the key, or NULL if none is associated.
+ *
+ * \param[in] app_data The application data associated with the key, or NULL if none is
+ * associated.
+ *
+ * \param[out] rescoped_key_blob The key blob with the updated authorizations, if successful.
+ * The caller assumes ownership of rescoped_key_blob->key_material and must free() it.
+ *
+ * \param[out] characteristics If not null will contain the new key authorizations, divided into
+ * hw_enforced and sw_enforced lists. The caller takes ownership and must call
+ * keymaster_free_characteristics() to free.
+ */
+ keymaster_error_t (*rescope)(const struct keymaster_device* dev,
+ const keymaster_key_param_t* new_params, size_t new_params_count,
+ const keymaster_key_blob_t* key_blob,
+ const keymaster_blob_t* client_id,
+ const keymaster_blob_t* app_data,
+ keymaster_key_blob_t* rescoped_key_blob,
+ keymaster_key_characteristics_t** characteristics);
+
+ /**
+ * Imports a key, or key pair, returning a key blob and/or a description of the key.
+ *
+ * Most key import parameters are defined as keymaster tag/value pairs, provided in "params".
+ * See keymaster_tag_t for the full list. Some values that are always required for import of
+ * useful keys are:
+ *
+ * - KM_TAG_PURPOSE;
+ *
+ * - KM_TAG_USER_ID
+ *
+ * - KM_TAG_USER_AUTH_ID;
+ *
+ * - KM_TAG_APPLICATION_ID or KM_TAG_ALL_APPLICATIONS;
+ *
+ * - KM_TAG_PRIVKEY_EXPIRE_DATETIME.
+ *
+ * KM_TAG_AUTH_TIMEOUT should generally be specified. If unspecified, the user will have to
+ * authenticate for every use, unless KM_TAG_USER_AUTH_ID is set to
+ * KM_NO_AUTHENTICATION_REQUIRED.
+ *
+ * The following tags will take default values if unspecified:
+ *
+ * - KM_TAG_PUBKEY_EXPIRE_DATETIME will default to the value for KM_TAG_PRIVKEY_EXPIRE_DATETIME.
+ *
+ * - KM_TAG_ACTIVE_DATETIME will default to the value of KM_TAG_CREATION_DATETIME
+ *
+ * - KM_TAG_ROOT_OF_TRUST will default to the current root of trust.
+ *
+ * The following tags may not be specified; their values will be provided by the implementation.
+ *
+ * - KM_TAG_ORIGIN,
+ *
+ * - KM_TAG_ROLLBACK_RESISTANT,
+ *
+ * - KM_TAG_CREATION_DATETIME,
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] params Parameters defining the imported key.
+ *
+ * \param[in] params_count The number of entries in \p params.
+ *
+ * \param[in] key_format specifies the format of the key data in key_data.
+ *
+ * \param[out] key_blob Used to return the opaque key blob. Must be non-NULL. The caller
+ * assumes ownership of the contained key_material.
+ *
+ * \param[out] characteristics Used to return the characteristics of the imported key. May be
+ * NULL, in which case no characteristics will be returned. If non-NULL, the caller assumes
+ * ownership and must deallocate with keymaster_free_characteristics().
+ */
+ keymaster_error_t (*import_key)(const struct keymaster_device* dev,
+ const keymaster_key_param_t* params, size_t params_count,
+ keymaster_key_format_t key_format, const uint8_t* key_data,
+ size_t key_data_length, keymaster_key_blob_t* key_blob,
+ keymaster_key_characteristics_t** characteristics);
+
+ /**
+ * Exports a public key, returning a byte array in the specified format.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] export_format The format to be used for exporting the key.
+ *
+ * \param[in] key_to_export The key to export.
+ *
+ * \param[out] export_data The exported key material. The caller assumes ownership.
+ *
+ * \param[out] export_data_length The length of \p export_data.
+ */
+ keymaster_error_t (*export_key)(const struct keymaster_device* dev,
+ keymaster_key_format_t export_format,
+ const keymaster_key_blob_t* key_to_export,
+ const keymaster_blob_t* client_id,
+ const keymaster_blob_t* app_data, uint8_t** export_data,
+ size_t* export_data_length);
+
+ /**
+ * Deletes the key, or key pair, associated with the key blob. After calling this function it
+ * will be impossible to use the key for any other operations (though rescoped versions may
+ * exist, and if so will be usable). May be applied to keys from foreign roots of trust (keys
+ * not usable under the current root of trust).
+ *
+ * This function is optional and should be set to NULL if it is not implemented.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] key The key to be deleted.
+ */
+ keymaster_error_t (*delete_key)(const struct keymaster_device* dev,
+ const keymaster_key_blob_t* key);
+
+ /**
+ * Deletes all keys in the hardware keystore. Used when keystore is reset completely. After
+ * calling this function it will be impossible to use any previously generated or imported key
+ * blobs for any operations.
+ *
+ * This function is optional and should be set to NULL if it is not implemented.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * Returns 0 on success or an error code less than 0.
+ */
+ int (*delete_all_keys)(const struct keymaster_device* dev);
+
+ /**
+ * Begins a cryptographic operation using the specified key. If all is well, begin() will
+ * return KM_ERROR_OK and create an operation handle which must be passed to subsequent calls to
+ * update(), finish() or abort().
+ *
+ * It is critical that each call to begin() be paired with a subsequent call to finish() or
+ * abort(), to allow the keymaster implementation to clean up any internal operation state.
+ * Failure to do this will leak internal state space or other internal resources and will
+ * eventually cause begin() to return KM_ERROR_TOO_MANY_OPERATIONS when it runs out of space for
+ * operations.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] purpose The purpose of the operation, one of KM_PURPOSE_ENCRYPT,
+ * KM_PURPOSE_DECRYPT, KM_PURPOSE_SIGN or KM_PURPOSE_VERIFY. Note that for AEAD modes,
+ * encryption and decryption imply signing and verification, respectively.
+ *
+ * \param[in] key The key to be used for the operation. \p key must have a purpose compatible
+ * with \p purpose and all of its usage requirements must be satisfied, or begin() will return
+ * an appropriate error code.
+ *
+ * \param[in] params Additional parameters for the operation. This is typically used to provide
+ * client ID information, with tags KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA. If the
+ * client information associated with the key is not provided, begin() will fail and return
+ * KM_ERROR_INVALID_KEY_BLOB. Less commonly, \params can be used to provide AEAD additional
+ * data and chunk size with KM_TAG_ADDITIONAL_DATA or KM_TAG_CHUNK_SIZE respectively.
+ *
+ * \param[in] params_count The number of entries in \p params.
+ *
+ * \param[out] out_params Array of output parameters. The caller takes ownership of the output
+ * parametes array and must free it. out_params may be set to NULL if no output parameters are
+ * expected. If NULL, and output paramaters are generated, begin() will return
+ * KM_ERROR_OUTPUT_PARAMETER_NULL.
+ *
+ * \param[out] out_params_count The length of out_params.
+ *
+ * \param[out] operation_handle The newly-created operation handle which must be passed to
+ * update(), finish() or abort().
+ */
+ keymaster_error_t (*begin)(const struct keymaster_device* dev, keymaster_purpose_t purpose,
+ const keymaster_key_blob_t* key, const keymaster_key_param_t* params,
+ size_t params_count, keymaster_key_param_t** out_params,
+ size_t* out_params_count,
+ keymaster_operation_handle_t* operation_handle);
+
+ /**
+ * Get an estimate of the output that will be generated by calling update() with the specified
+ * number of input bytes, followed by finish(). The estimate may not be exact, but is
+ * guaranteed not to be smaller than sum of the output lengths from update() and finish(). The
+ * estimate takes into account input data already provided.
+ *
+ * \param[in] input_length The number of additional input bytes to be processed.
+ *
+ * \param[out] output_estimate The length of the output that will be produced.
+ */
+ keymaster_error_t (*get_output_size)(size_t input_length, size_t* output_estimate);
+
+ /**
+ * Provides data to, and possibly receives output from, an ongoing cryptographic operation begun
+ * with begin().
+ *
+ * If operation_handle is invalid, update() will return KM_ERROR_INVALID_OPERATION_HANDLE.
+ *
+ * Not all of the data provided in the data buffer may be consumed. update() will return the
+ * amount consumed in *data_consumed. The caller should provide the unconsumed data in a
+ * subsequent call.
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] operation_handle The operation handle returned by begin().
+ *
+ * \param[in] input Data to be processed, per the parameters established in the call to begin().
+ * Note that update() may or may not consume all of the data provided. See \p data_consumed.
+ *
+ * \param[in] input_length Length of \p input.
+ *
+ * \param[out] input_consumed Amount of data that was consumed by update(). If this is less
+ * than the amount provided, the caller should provide the remainder in a subsequent call to
+ * update().
+ *
+ * \param[out] output The output data, if any. The caller assumes ownership of the allocated
+ * buffer. If output is NULL then NO input data is consumed and no output is produced, but
+ * *output_length is set to an estimate of the size that would have been produced by this
+ * update() and a subsequent finish().
+ *
+ * \param[out] output_length The length of the output buffer.
+ *
+ * Note that update() may not provide any output, in which case *output_length will be zero, and
+ * *output may be either NULL or zero-length (so the caller should always free() it).
+ */
+ keymaster_error_t (*update)(const struct keymaster_device* dev,
+ keymaster_operation_handle_t operation_handle, const uint8_t* input,
+ size_t input_length, size_t* input_consumed, uint8_t** output,
+ size_t* output_length);
+
+ /**
+ * Finalizes a cryptographic operation begun with begin() and invalidates operation_handle
+ * (except in the insufficient buffer case, detailed below).
+ *
+ * \param[in] dev The keymaster device structure.
+ *
+ * \param[in] operation_handle The operation handle returned by begin(). This handle will be
+ * invalidated.
+ *
+ * \param[in] signature The signature to be verified if the purpose specified in the begin()
+ * call was KM_PURPOSE_VERIFY.
+ *
+ * \param[in] signature_length The length of \p signature.
+ *
+ * \param[out] output The output data, if any. The caller assumes ownership of the allocated
+ * buffer.
+ *
+ * \param[out] output_length The length of the output buffer.
+ *
+ * If the operation being finished is a signature verification or an AEAD-mode decryption and
+ * verification fails then finish() will return KM_ERROR_VERIFICATION_FAILED.
+ */
+ keymaster_error_t (*finish)(const struct keymaster_device* dev,
+ keymaster_operation_handle_t operation_handle,
+ const uint8_t* signature, size_t signature_length, uint8_t** output,
+ size_t* output_length);
+
+ /**
+ * Aborts a cryptographic operation begun with begin(), freeing all internal resources and
+ * invalidating operation_handle.
+ */
+ keymaster_error_t (*abort)(const struct keymaster_device* dev,
+ keymaster_operation_handle_t operation_handle);
};
typedef struct keymaster_device keymaster_device_t;
-
/* Convenience API for opening and closing keymaster devices */
-static inline int keymaster_open(const struct hw_module_t* module,
- keymaster_device_t** device)
-{
- int rc = module->methods->open(module, KEYSTORE_KEYMASTER,
- (struct hw_device_t**) device);
-
- return rc;
+static inline int keymaster_open(const struct hw_module_t* module, keymaster_device_t** device) {
+ return module->methods->open(module, KEYSTORE_KEYMASTER, (struct hw_device_t**)device);
}
-static inline int keymaster_close(keymaster_device_t* device)
-{
+static inline int keymaster_close(keymaster_device_t* device) {
return device->common.close(&device->common);
}
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
new file mode 100644
index 0000000..3f409b4
--- /dev/null
+++ b/include/hardware/keymaster_defs.h
@@ -0,0 +1,610 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef ANDROID_HARDWARE_KEYMASTER_DEFS_H
+#define ANDROID_HARDWARE_KEYMASTER_DEFS_H
+
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+
+#if defined(__cplusplus)
+extern "C" {
+#endif // defined(__cplusplus)
+
+/*!
+ * \deprecated Flags for keymaster_device::flags
+ *
+ * keymaster_device::flags is deprecated and will be removed in the
+ * next version of the API in favor of the more detailed information
+ * available from TODO:
+ */
+enum {
+ /*
+ * Indicates this keymaster implementation does not have hardware that
+ * keeps private keys out of user space.
+ *
+ * This should not be implemented on anything other than the default
+ * implementation.
+ */
+ KEYMASTER_SOFTWARE_ONLY = 1 << 0,
+
+ /*
+ * This indicates that the key blobs returned via all the primitives
+ * are sufficient to operate on their own without the trusted OS
+ * querying userspace to retrieve some other data. Key blobs of
+ * this type are normally returned encrypted with a
+ * Key Encryption Key (KEK).
+ *
+ * This is currently used by "vold" to know whether the whole disk
+ * encryption secret can be unwrapped without having some external
+ * service started up beforehand since the "/data" partition will
+ * be unavailable at that point.
+ */
+ KEYMASTER_BLOBS_ARE_STANDALONE = 1 << 1,
+
+ /*
+ * Indicates that the keymaster module supports DSA keys.
+ */
+ KEYMASTER_SUPPORTS_DSA = 1 << 2,
+
+ /*
+ * Indicates that the keymaster module supports EC keys.
+ */
+ KEYMASTER_SUPPORTS_EC = 1 << 3,
+};
+
+/**
+ * \deprecated Asymmetric key pair types.
+ */
+typedef enum {
+ TYPE_RSA = 1,
+ TYPE_DSA = 2,
+ TYPE_EC = 3,
+} keymaster_keypair_t;
+
+/**
+ * Authorization tags each have an associated type. This enumeration facilitates tagging each with
+ * a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to
+ * 16 data types. These values are ORed with tag IDs to generate the final tag ID values.
+ */
+typedef enum {
+ KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */
+ KM_ENUM = 1 << 28,
+ KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */
+ KM_INT = 3 << 28,
+ KM_INT_REP = 4 << 28, /* Repeatable integer value */
+ KM_LONG = 5 << 28,
+ KM_DATE = 6 << 28,
+ KM_BOOL = 7 << 28,
+ KM_BIGNUM = 8 << 28,
+ KM_BYTES = 9 << 28,
+} keymaster_tag_type_t;
+
+typedef enum {
+ KM_TAG_INVALID = KM_INVALID | 0,
+
+ /*
+ * Tags that must be semantically enforced by hardware and software implementations.
+ */
+
+ /* Crypto parameters */
+ KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */
+ KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */
+ KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */
+ KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */
+ KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */
+ KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC length in bits. */
+ KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */
+ KM_TAG_CHUNK_LENGTH = KM_INT | 8, /* AEAD mode minimum decryption chunk size, in bytes. */
+ KM_TAG_NONCE = KM_BYTES | 9, /* Nonce or Initialization Vector */
+
+ /* Other hardware-enforced. */
+ KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */
+ KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102, /* Tags authorized for removal via rescoping. */
+ KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705, /* keymaster_key_blob_usage_requirements_t */
+
+ /* Algorithm-specific. */
+ KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */
+ KM_TAG_DSA_GENERATOR = KM_BIGNUM | 201,
+ KM_TAG_DSA_P = KM_BIGNUM | 202,
+ KM_TAG_DSA_Q = KM_BIGNUM | 203,
+ /* Note there are no EC-specific params. Field size is defined by KM_TAG_KEY_SIZE, and the
+ curve is chosen from NIST recommendations for field size */
+
+ /*
+ * Tags that should be semantically enforced by hardware if possible and will otherwise be
+ * enforced by software (keystore).
+ */
+
+ /* Key validity period */
+ KM_TAG_ACTIVE_DATETIME = KM_DATE | 400, /* Start of validity */
+ KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401, /* Date when new "messages" should no
+ longer be created. */
+ KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402, /* Date when existing "messages" should no
+ longer be trusted. */
+ KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403, /* Minimum elapsed time between
+ cryptographic operations with the key. */
+ KM_TAG_MAX_USES_PER_BOOT = KM_INT | 404, /* Number of times the key can be used per
+ boot. */
+
+ /* User authentication */
+ KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */
+ KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if
+ KM_TAG_ALL_USERS is present. */
+ KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 502, /* If key is usable without authentication. */
+ KM_TAG_USER_AUTH_ID = KM_INT_REP | 503, /* ID of the authenticator to use (e.g. password,
+ fingerprint, etc.). Repeatable to support
+ multi-factor auth. Disallowed if
+ KM_TAG_NO_AUTH_REQUIRED is present. */
+ KM_TAG_AUTH_TIMEOUT = KM_INT | 504, /* Required freshness of user authentication for
+ private/secret key operations, in seconds.
+ Public key operations require no authentication.
+ If absent, authentication is required for every
+ use. Authentication state is lost when the
+ device is powered off. */
+
+ /* Application access control */
+ KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* If key is usable by all applications. */
+ KM_TAG_APPLICATION_ID = KM_BYTES | 601, /* ID of authorized application. Disallowed if
+ KM_TAG_ALL_APPLICATIONS is present. */
+
+ /*
+ * Semantically unenforceable tags, either because they have no specific meaning or because
+ * they're informational only.
+ */
+ KM_TAG_APPLICATION_DATA = KM_BYTES | 700, /* Data provided by authorized application. */
+ KM_TAG_CREATION_DATETIME = KM_DATE | 701, /* Key creation time */
+ KM_TAG_ORIGIN = KM_ENUM | 702, /* keymaster_key_origin_t. */
+ KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703, /* Whether key is rollback-resistant. */
+ KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704, /* Root of trust ID. Empty array means usable by all
+ roots. */
+
+ /* Tags used only to provide data to operations */
+ KM_TAG_ADDITIONAL_DATA = KM_BYTES | 1000, /* Used to provide additional data for AEAD modes. */
+} keymaster_tag_t;
+
+/**
+ * Algorithms that may be provided by keymaster implementations. Those that must be provided by all
+ * implementations are tagged as "required". Note that where the values in this enumeration overlap
+ * with the values for the deprecated keymaster_keypair_t, the same algorithm must be
+ * specified. This type is new in 0_4 and replaces the deprecated keymaster_keypair_t.
+ */
+typedef enum {
+ /* Asymmetric algorithms. */
+ KM_ALGORITHM_RSA = 1, /* required */
+ KM_ALGORITHM_DSA = 2, /* required */
+ KM_ALGORITHM_ECDSA = 3, /* required */
+ KM_ALGORITHM_ECIES = 4,
+ /* FIPS Approved Ciphers */
+ KM_ALGORITHM_AES = 32, /* required */
+ KM_ALGORITHM_3DES = 33,
+ KM_ALGORITHM_SKIPJACK = 34,
+ /* AES Finalists */
+ KM_ALGORITHM_MARS = 48,
+ KM_ALGORITHM_RC6 = 49,
+ KM_ALGORITHM_SERPENT = 50,
+ KM_ALGORITHM_TWOFISH = 51,
+ /* Other common block ciphers */
+ KM_ALGORITHM_IDEA = 52,
+ KM_ALGORITHM_RC5 = 53,
+ KM_ALGORITHM_CAST5 = 54,
+ KM_ALGORITHM_BLOWFISH = 55,
+ /* Common stream ciphers */
+ KM_ALGORITHM_RC4 = 64,
+ KM_ALGORITHM_CHACHA20 = 65,
+ /* MAC algorithms */
+ KM_ALGORITHM_HMAC = 128, /* required */
+} keymaster_algorithm_t;
+
+/**
+ * Symmetric block cipher modes that may be provided by keymaster implementations. Those that must
+ * be provided by all implementations are tagged as "required". This type is new in 0_4.
+ *
+ * KM_MODE_FIRST_UNAUTHENTICATED, KM_MODE_FIRST_AUTHENTICATED and KM_MODE_FIRST_MAC are not modes,
+ * but markers used to separate the available modes into classes.
+ */
+typedef enum {
+ /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended
+ * except for compatibility with existing other protocols. */
+ KM_MODE_FIRST_UNAUTHENTICATED = 1,
+ KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, /* required */
+ KM_MODE_CBC = 2, /* required */
+ KM_MODE_CBC_CTS = 3, /* recommended */
+ KM_MODE_CTR = 4, /* recommended */
+ KM_MODE_OFB = 5,
+ KM_MODE_CFB = 6,
+ KM_MODE_XTS = 7, /* Note: requires double-length keys */
+ /* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended
+ * over unauthenticated modes for all purposes. One of KM_MODE_GCM and KM_MODE_OCB is
+ * required. */
+ KM_MODE_FIRST_AUTHENTICATED = 32,
+ KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED,
+ KM_MODE_OCB = 33,
+ KM_MODE_CCM = 34,
+ /* MAC modes -- only for signing/verification */
+ KM_MODE_FIRST_MAC = 128,
+ KM_MODE_CMAC = KM_MODE_FIRST_MAC,
+ KM_MODE_POLY1305 = 129,
+} keymaster_block_mode_t;
+
+/**
+ * Padding modes that may be applied to plaintext for encryption operations. This list includes
+ * padding modes for both symmetric and asymmetric algorithms. Note that implementations should not
+ * provide all possible combinations of algorithm and padding, only the
+ * cryptographically-appropriate pairs.
+ */
+typedef enum {
+ KM_PAD_NONE = 1, /* required, deprecated */
+ KM_PAD_RSA_OAEP = 2, /* required */
+ KM_PAD_RSA_PSS = 3, /* required */
+ KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4,
+ KM_PAD_RSA_PKCS1_1_5_SIGN = 5,
+ KM_PAD_ANSI_X923 = 32,
+ KM_PAD_ISO_10126 = 33,
+ KM_PAD_ZERO = 64, /* required */
+ KM_PAD_PKCS7 = 65, /* required */
+ KM_PAD_ISO_7816_4 = 66,
+} keymaster_padding_t;
+
+/**
+ * Digests that may be provided by keymaster implementations. Those that must be provided by all
+ * implementations are tagged as "required". Those that have been added since version 0_2 of the
+ * API are tagged as "new".
+ */
+typedef enum {
+ KM_DIGEST_NONE = 0, /* new, required */
+ DIGEST_NONE = KM_DIGEST_NONE, /* For 0_2 compatibility */
+ KM_DIGEST_MD5 = 1, /* new, for compatibility with old protocols only */
+ KM_DIGEST_SHA1 = 2, /* new */
+ KM_DIGEST_SHA_2_224 = 3, /* new */
+ KM_DIGEST_SHA_2_256 = 4, /* new, required */
+ KM_DIGEST_SHA_2_384 = 5, /* new, recommended */
+ KM_DIGEST_SHA_2_512 = 6, /* new, recommended */
+ KM_DIGEST_SHA_3_256 = 7, /* new */
+ KM_DIGEST_SHA_3_384 = 8, /* new */
+ KM_DIGEST_SHA_3_512 = 9, /* new */
+} keymaster_digest_t;
+
+/**
+ * The origin of a key (or pair), i.e. where it was generated. Origin and can be used together to
+ * determine whether a key may have existed outside of secure hardware. This type is new in 0_4.
+ */
+typedef enum {
+ KM_ORIGIN_HARDWARE = 0, /* Generated in secure hardware */
+ KM_ORIGIN_SOFTWARE = 1, /* Generated in non-secure software */
+ KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */
+} keymaster_key_origin_t;
+
+/**
+ * Usability requirements of key blobs. This defines what system functionality must be available
+ * for the key to function. For example, key "blobs" which are actually handles referencing
+ * encrypted key material stored in the file system cannot be used until the file system is
+ * available, and should have BLOB_REQUIRES_FILE_SYSTEM. Other requirements entries will be added
+ * as needed for implementations. This type is new in 0_4.
+ */
+typedef enum {
+ KM_BLOB_STANDALONE = 0,
+ KM_BLOB_REQUIRES_FILE_SYSTEM = 1,
+} keymaster_key_blob_usage_requirements_t;
+
+/**
+ * Possible purposes of a key (or pair). This type is new in 0_4.
+ */
+typedef enum {
+ KM_PURPOSE_ENCRYPT = 0,
+ KM_PURPOSE_DECRYPT = 1,
+ KM_PURPOSE_SIGN = 2,
+ KM_PURPOSE_VERIFY = 3,
+} keymaster_purpose_t;
+
+typedef struct {
+ const uint8_t* data;
+ size_t data_length;
+} keymaster_blob_t;
+
+typedef struct {
+ keymaster_tag_t tag;
+ union {
+ uint32_t enumerated; /* KM_ENUM and KM_ENUM_REP */
+ bool boolean; /* KM_BOOL */
+ uint32_t integer; /* KM_INT and KM_INT_REP */
+ uint64_t long_integer; /* KM_LONG */
+ uint64_t date_time; /* KM_DATE */
+ keymaster_blob_t blob; /* KM_BIGNUM and KM_BYTES*/
+ };
+} keymaster_key_param_t;
+
+typedef struct {
+ keymaster_key_param_t* params; /* may be NULL if length == 0 */
+ size_t length;
+} keymaster_key_param_set_t;
+
+/**
+ * Parameters that define a key's characteristics, including authorized modes of usage and access
+ * control restrictions. The parameters are divided into two categories, those that are enforced by
+ * secure hardware, and those that are not. For a software-only keymaster implementation the
+ * enforced array must NULL. Hardware implementations must enforce everything in the enforced
+ * array.
+ */
+typedef struct {
+ keymaster_key_param_set_t hw_enforced;
+ keymaster_key_param_set_t sw_enforced;
+} keymaster_key_characteristics_t;
+
+typedef struct {
+ const uint8_t* key_material;
+ size_t key_material_size;
+} keymaster_key_blob_t;
+
+/**
+ * Formats for key import and export. At present, only asymmetric key import/export is supported.
+ * In the future this list will expand greatly to accommodate asymmetric key import/export.
+ */
+typedef enum {
+ KM_KEY_FORMAT_X509, /* for public key export, required */
+ KM_KEY_FORMAT_PKCS8, /* for asymmetric key pair import, required */
+ KM_KEY_FORMAT_PKCS12, /* for asymmetric key pair import, not required */
+} keymaster_key_format_t;
+
+/**
+ * The keymaster operation API consists of begin, update, finish and abort. This is the type of the
+ * handle used to tie the sequence of calls together. A 64-bit value is used because it's important
+ * that handles not be predictable. Implementations must use strong random numbers for handle
+ * values.
+ */
+typedef uint64_t keymaster_operation_handle_t;
+
+typedef enum {
+ KM_ERROR_OK = 0,
+ KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1,
+ KM_ERROR_UNSUPPORTED_PURPOSE = -2,
+ KM_ERROR_INCOMPATIBLE_PURPOSE = -3,
+ KM_ERROR_UNSUPPORTED_ALGORITHM = -4,
+ KM_ERROR_INCOMPATIBLE_ALGORITHM = -5,
+ KM_ERROR_UNSUPPORTED_KEY_SIZE = -6,
+ KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7,
+ KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8,
+ KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9,
+ KM_ERROR_UNSUPPORTED_PADDING_MODE = -10,
+ KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11,
+ KM_ERROR_UNSUPPORTED_DIGEST = -12,
+ KM_ERROR_INCOMPATIBLE_DIGEST = -13,
+ KM_ERROR_INVALID_EXPIRATION_TIME = -14,
+ KM_ERROR_INVALID_USER_ID = -15,
+ KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16,
+ KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17,
+ KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18,
+ KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19, /* For PKCS8 & PKCS12 */
+ KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */
+ KM_ERROR_INVALID_INPUT_LENGTH = -21,
+ KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22,
+ KM_ERROR_DELEGATION_NOT_ALLOWED = -23,
+ KM_ERROR_KEY_NOT_YET_VALID = -24,
+ KM_ERROR_KEY_EXPIRED = -25,
+ KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26,
+ KM_ERROR_OUTPUT_PARAMETER_NULL = -27,
+ KM_ERROR_INVALID_OPERATION_HANDLE = -28,
+ KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29,
+ KM_ERROR_VERIFICATION_FAILED = -30,
+ KM_ERROR_TOO_MANY_OPERATIONS = -31,
+ KM_ERROR_UNEXPECTED_NULL_POINTER = -32,
+ KM_ERROR_INVALID_KEY_BLOB = -33,
+ KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34,
+ KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35,
+ KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36,
+ KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37,
+ KM_ERROR_INVALID_ARGUMENT = -38,
+ KM_ERROR_UNSUPPORTED_TAG = -39,
+ KM_ERROR_INVALID_TAG = -40,
+ KM_ERROR_MEMORY_ALLOCATION_FAILED = -41,
+ KM_ERROR_INVALID_RESCOPING = -42,
+ KM_ERROR_INVALID_DSA_PARAMS = -43,
+ KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44,
+ KM_ERROR_SECURE_HW_ACCESS_DENIED = -45,
+ KM_ERROR_OPERATION_CANCELLED = -46,
+ KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47,
+ KM_ERROR_SECURE_HW_BUSY = -48,
+ KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49,
+ KM_ERROR_UNSUPPORTED_EC_FIELD = -50,
+ KM_ERROR_UNIMPLEMENTED = -100,
+ KM_ERROR_VERSION_MISMATCH = -101,
+
+ /* Additional error codes may be added by implementations, but implementers should coordinate
+ * with Google to avoid code collision. */
+ KM_ERROR_UNKNOWN_ERROR = -1000,
+} keymaster_error_t;
+
+/**
+ * \deprecated Parameters needed to generate an RSA key.
+ */
+typedef struct {
+ uint32_t modulus_size; /* bits */
+ uint64_t public_exponent;
+} keymaster_rsa_keygen_params_t;
+
+/**
+ * \deprecated Parameters needed to generate a DSA key.
+ */
+typedef struct {
+ uint32_t key_size; /* bits */
+ uint32_t generator_len;
+ uint32_t prime_p_len;
+ uint32_t prime_q_len;
+ const uint8_t* generator;
+ const uint8_t* prime_p;
+ const uint8_t* prime_q;
+} keymaster_dsa_keygen_params_t;
+
+/**
+ * \deprecated Parameters needed to generate an EC key.
+ *
+ * Field size is the only parameter in version 4. The sizes correspond to these required curves:
+ *
+ * 192 = NIST P-192
+ * 224 = NIST P-224
+ * 256 = NIST P-256
+ * 384 = NIST P-384
+ * 521 = NIST P-521
+ *
+ * The parameters for these curves are available at: http://www.nsa.gov/ia/_files/nist-routines.pdf
+ * in Chapter 4.
+ */
+typedef struct { uint32_t field_size; /* bits */ } keymaster_ec_keygen_params_t;
+
+/**
+ * \deprecated Type of padding used for RSA operations.
+ */
+typedef enum {
+ PADDING_NONE,
+} keymaster_rsa_padding_t;
+
+/**
+ * \deprecated
+ */
+typedef struct { keymaster_digest_t digest_type; } keymaster_dsa_sign_params_t;
+
+/**
+ * \deprecated
+ */
+typedef struct { keymaster_digest_t digest_type; } keymaster_ec_sign_params_t;
+
+/**
+ *\deprecated
+ */
+typedef struct {
+ keymaster_digest_t digest_type;
+ keymaster_rsa_padding_t padding_type;
+} keymaster_rsa_sign_params_t;
+
+/* Convenience functions for manipulating keymaster tag types */
+
+static inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) {
+ return (keymaster_tag_type_t)(tag & (0xF << 28));
+}
+
+static inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) {
+ return tag & 0x0FFFFFFF;
+}
+
+static inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) {
+ switch (type) {
+ case KM_INT_REP:
+ case KM_ENUM_REP:
+ return true;
+ default:
+ return false;
+ }
+}
+
+static inline bool keymaster_tag_repeatable(keymaster_tag_t tag) {
+ return keymaster_tag_type_repeatable(keymaster_tag_get_type(tag));
+}
+
+/* Convenience functions for manipulating keymaster_key_param_t structs */
+
+inline keymaster_key_param_t keymaster_param_enum(keymaster_tag_t tag, uint32_t value) {
+ // assert(keymaster_tag_get_type(tag) == KM_ENUM || keymaster_tag_get_type(tag) == KM_ENUM_REP);
+ keymaster_key_param_t param;
+ memset(¶m, 0, sizeof(param));
+ param.tag = tag;
+ param.enumerated = value;
+ return param;
+}
+
+inline keymaster_key_param_t keymaster_param_int(keymaster_tag_t tag, uint32_t value) {
+ // assert(keymaster_tag_get_type(tag) == KM_INT || keymaster_tag_get_type(tag) == KM_INT_REP);
+ keymaster_key_param_t param;
+ memset(¶m, 0, sizeof(param));
+ param.tag = tag;
+ param.integer = value;
+ return param;
+}
+
+inline keymaster_key_param_t keymaster_param_long(keymaster_tag_t tag, uint64_t value) {
+ // assert(keymaster_tag_get_type(tag) == KM_LONG);
+ keymaster_key_param_t param;
+ memset(¶m, 0, sizeof(param));
+ param.tag = tag;
+ param.long_integer = value;
+ return param;
+}
+
+inline keymaster_key_param_t keymaster_param_blob(keymaster_tag_t tag, const uint8_t* bytes,
+ size_t bytes_len) {
+ // assert(keymaster_tag_get_type(tag) == KM_BYTES || keymaster_tag_get_type(tag) == KM_BIGNUM);
+ keymaster_key_param_t param;
+ memset(¶m, 0, sizeof(param));
+ param.tag = tag;
+ param.blob.data = (uint8_t*)bytes;
+ param.blob.data_length = bytes_len;
+ return param;
+}
+
+inline keymaster_key_param_t keymaster_param_bool(keymaster_tag_t tag) {
+ // assert(keymaster_tag_get_type(tag) == KM_BOOL);
+ keymaster_key_param_t param;
+ memset(¶m, 0, sizeof(param));
+ param.tag = tag;
+ param.boolean = true;
+ return param;
+}
+
+inline keymaster_key_param_t keymaster_param_date(keymaster_tag_t tag, uint64_t value) {
+ // assert(keymaster_tag_get_type(tag) == KM_DATE);
+ keymaster_key_param_t param;
+ memset(¶m, 0, sizeof(param));
+ param.tag = tag;
+ param.date_time = value;
+ return param;
+}
+
+inline void keymaster_free_param_values(keymaster_key_param_t* param, size_t param_count) {
+ while (param_count-- > 0) {
+ switch (keymaster_tag_get_type(param->tag)) {
+ case KM_BIGNUM:
+ case KM_BYTES:
+ free((void*)param->blob.data);
+ param->blob.data = NULL;
+ break;
+ default:
+ // NOP
+ break;
+ }
+ ++param;
+ }
+}
+
+inline void keymaster_free_param_set(keymaster_key_param_set_t* set) {
+ if (set) {
+ keymaster_free_param_values(set->params, set->length);
+ free(set->params);
+ set->params = NULL;
+ }
+}
+
+inline void keymaster_free_characteristics(keymaster_key_characteristics_t* characteristics) {
+ if (characteristics) {
+ keymaster_free_param_set(&characteristics->hw_enforced);
+ keymaster_free_param_set(&characteristics->sw_enforced);
+ }
+}
+
+#if defined(__cplusplus)
+} // extern "C"
+#endif // defined(__cplusplus)
+
+#endif // ANDROID_HARDWARE_KEYMASTER_DEFS_H
diff --git a/modules/audio/audio_hw.c b/modules/audio/audio_hw.c
index 18c0e59..637e3f4 100644
--- a/modules/audio/audio_hw.c
+++ b/modules/audio/audio_hw.c
@@ -18,6 +18,7 @@
//#define LOG_NDEBUG 0
#include <errno.h>
+#include <malloc.h>
#include <pthread.h>
#include <stdint.h>
#include <sys/time.h>
diff --git a/modules/consumerir/consumerir.c b/modules/consumerir/consumerir.c
index 87039cc..f3eac0b 100644
--- a/modules/consumerir/consumerir.c
+++ b/modules/consumerir/consumerir.c
@@ -16,6 +16,7 @@
#define LOG_TAG "ConsumerIrHal"
#include <errno.h>
+#include <malloc.h>
#include <string.h>
#include <cutils/log.h>
#include <hardware/hardware.h>
diff --git a/modules/fingerprint/fingerprint.c b/modules/fingerprint/fingerprint.c
index 14dac12..0346518 100644
--- a/modules/fingerprint/fingerprint.c
+++ b/modules/fingerprint/fingerprint.c
@@ -16,6 +16,7 @@
#define LOG_TAG "FingerprintHal"
#include <errno.h>
+#include <malloc.h>
#include <string.h>
#include <cutils/log.h>
#include <hardware/hardware.h>
diff --git a/modules/hwcomposer/hwcomposer.cpp b/modules/hwcomposer/hwcomposer.cpp
index f0a5512..9d1aa34 100644
--- a/modules/hwcomposer/hwcomposer.cpp
+++ b/modules/hwcomposer/hwcomposer.cpp
@@ -16,8 +16,9 @@
#include <hardware/hardware.h>
-#include <fcntl.h>
#include <errno.h>
+#include <fcntl.h>
+#include <malloc.h>
#include <cutils/log.h>
#include <cutils/atomic.h>
diff --git a/modules/local_time/local_time_hw.c b/modules/local_time/local_time_hw.c
index 308f7d9..ac597f4 100644
--- a/modules/local_time/local_time_hw.c
+++ b/modules/local_time/local_time_hw.c
@@ -18,9 +18,10 @@
//#define LOG_NDEBUG 0
#include <errno.h>
+#include <malloc.h>
#include <stdint.h>
+#include <string.h>
#include <sys/time.h>
-#include <linux/time.h>
#include <cutils/log.h>
diff --git a/modules/nfc-nci/nfc_nci_example.c b/modules/nfc-nci/nfc_nci_example.c
index 2514225..758c2b7 100644
--- a/modules/nfc-nci/nfc_nci_example.c
+++ b/modules/nfc-nci/nfc_nci_example.c
@@ -14,6 +14,7 @@
* limitations under the License.
*/
#include <errno.h>
+#include <malloc.h>
#include <string.h>
#include <cutils/log.h>
diff --git a/modules/nfc/nfc_pn544_example.c b/modules/nfc/nfc_pn544_example.c
index 54c9c56..71bfd6b 100644
--- a/modules/nfc/nfc_pn544_example.c
+++ b/modules/nfc/nfc_pn544_example.c
@@ -14,6 +14,7 @@
* limitations under the License.
*/
#include <errno.h>
+#include <malloc.h>
#include <string.h>
#include <hardware/hardware.h>
diff --git a/modules/tv_input/tv_input.cpp b/modules/tv_input/tv_input.cpp
index bc02786..114e80e 100644
--- a/modules/tv_input/tv_input.cpp
+++ b/modules/tv_input/tv_input.cpp
@@ -14,8 +14,9 @@
* limitations under the License.
*/
-#include <fcntl.h>
#include <errno.h>
+#include <fcntl.h>
+#include <malloc.h>
#include <cutils/log.h>
#include <cutils/native_handle.h>
diff --git a/modules/vibrator/vibrator.c b/modules/vibrator/vibrator.c
index ce4c03c..6b3ce57 100644
--- a/modules/vibrator/vibrator.c
+++ b/modules/vibrator/vibrator.c
@@ -19,6 +19,7 @@
#include <cutils/log.h>
+#include <malloc.h>
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
diff --git a/tests/keymaster/Android.mk b/tests/keymaster/Android.mk
index c420db9..0c11795 100644
--- a/tests/keymaster/Android.mk
+++ b/tests/keymaster/Android.mk
@@ -6,9 +6,6 @@
LOCAL_SRC_FILES:= \
keymaster_test.cpp
-LOCAL_C_INCLUDES := \
- external/openssl/include \
-
LOCAL_SHARED_LIBRARIES := \
liblog \
libutils \