diff options
author | Shawn Willden <swillden@google.com> | 2015-02-18 16:05:11 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-02-18 16:05:11 +0000 |
commit | 301ef55a44ea9cf8fb1372fe416796a22fa2f7c5 (patch) | |
tree | 36b4a9bee5e9e2ef7a5e7b260ab7dd97e5a4ee1e | |
parent | 32034b5582d8bd649be29d79caa0dac362336dc6 (diff) | |
parent | 66b7b3899fdc76add9e728cebcde146b386210e0 (diff) | |
download | hardware_libhardware-301ef55a44ea9cf8fb1372fe416796a22fa2f7c5.zip hardware_libhardware-301ef55a44ea9cf8fb1372fe416796a22fa2f7c5.tar.gz hardware_libhardware-301ef55a44ea9cf8fb1372fe416796a22fa2f7c5.tar.bz2 |
am 66b7b389: am 0e5fca1c: Merge changes Id4bdfdcb,Ib94f3606
* commit '66b7b3899fdc76add9e728cebcde146b386210e0':
Added insecure (chunkless) AEAD option.
Add additional param lists to update and finish.
-rw-r--r-- | include/hardware/keymaster.h | 22 | ||||
-rw-r--r-- | include/hardware/keymaster_defs.h | 21 |
2 files changed, 29 insertions, 14 deletions
diff --git a/include/hardware/keymaster.h b/include/hardware/keymaster.h index 40380ad..db66a74 100644 --- a/include/hardware/keymaster.h +++ b/include/hardware/keymaster.h @@ -534,8 +534,8 @@ struct keymaster_device { * \param[in] params Additional parameters for the operation. This is typically used to provide * client ID information, with tags KM_TAG_APPLICATION_ID and KM_TAG_APPLICATION_DATA. If the * client information associated with the key is not provided, begin() will fail and return - * KM_ERROR_INVALID_KEY_BLOB. Less commonly, \params can be used to provide AEAD additional - * data and chunk size with KM_TAG_ADDITIONAL_DATA or KM_TAG_CHUNK_SIZE respectively. + * KM_ERROR_INVALID_KEY_BLOB. For operations that require a nonce or IV, this must contain a + * tag KM_TAG_NONCE. For AEAD operations KM_TAG_CHUNK_SIZE is specified here. * * \param[in] params_count The number of entries in \p params. * @@ -569,6 +569,11 @@ struct keymaster_device { * * \param[in] operation_handle The operation handle returned by begin(). * + * \param[in] params Additional parameters for the operation. For AEAD modes, this is used to + * specify KM_TAG_ADDITIONAL_DATA. + * + * \param[in] params_count Length of \p params. + * * \param[in] input Data to be processed, per the parameters established in the call to begin(). * Note that update() may or may not consume all of the data provided. See \p data_consumed. * @@ -589,9 +594,10 @@ struct keymaster_device { * *output may be either NULL or zero-length (so the caller should always free() it). */ keymaster_error_t (*update)(const struct keymaster_device* dev, - keymaster_operation_handle_t operation_handle, const uint8_t* input, - size_t input_length, size_t* input_consumed, uint8_t** output, - size_t* output_length); + keymaster_operation_handle_t operation_handle, + const keymaster_key_param_t* params, size_t params_count, + const uint8_t* input, size_t input_length, size_t* input_consumed, + uint8_t** output, size_t* output_length); /** * Finalizes a cryptographic operation begun with begin() and invalidates operation_handle @@ -602,6 +608,11 @@ struct keymaster_device { * \param[in] operation_handle The operation handle returned by begin(). This handle will be * invalidated. * + * \param[in] params Additional parameters for the operation. For AEAD modes, this is used to + * specify KM_TAG_ADDITIONAL_DATA. + * + * \param[in] params_count Length of \p params. + * * \param[in] signature The signature to be verified if the purpose specified in the begin() * call was KM_PURPOSE_VERIFY. * @@ -617,6 +628,7 @@ struct keymaster_device { */ keymaster_error_t (*finish)(const struct keymaster_device* dev, keymaster_operation_handle_t operation_handle, + const keymaster_key_param_t* params, size_t params_count, const uint8_t* signature, size_t signature_length, uint8_t** output, size_t* output_length); diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h index 548af7d..9c6ad9d 100644 --- a/include/hardware/keymaster_defs.h +++ b/include/hardware/keymaster_defs.h @@ -102,15 +102,16 @@ typedef enum { */ /* Crypto parameters */ - KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */ - KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */ - KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */ - KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */ - KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */ - KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC length in bits. */ - KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */ - KM_TAG_CHUNK_LENGTH = KM_INT | 8, /* AEAD mode minimum decryption chunk size, in bytes. */ - KM_TAG_CALLER_NONCE = KM_BOOL | 9, /* Allow caller to specify nonce or IV. */ + KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */ + KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */ + KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */ + KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */ + KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */ + KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC length in bits. */ + KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */ + KM_TAG_RETURN_UNAUTHED = KM_BOOL | 8, /* Allow AEAD decryption to return plaintext before it has + been authenticated. WARNING: Not recommended. */ + KM_TAG_CALLER_NONCE = KM_BOOL | 9, /* Allow caller to specify nonce or IV. */ /* Other hardware-enforced. */ KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */ @@ -176,6 +177,8 @@ typedef enum { /* Tags used only to provide data to or receive data from operations */ KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000, /* Used to provide associated data for AEAD modes. */ KM_TAG_NONCE = KM_BYTES | 1001, /* Nonce or Initialization Vector */ + KM_TAG_CHUNK_LENGTH = KM_INT | 1002, /* AEAD mode chunk size, in bytes. 0 means no limit, + which requires KM_TAG_RETURN_UNAUTHED. */ } keymaster_tag_t; /** |