| Chung-yih Wang | 70246eb | 2009-06-29 03:12:56 +0800 | [diff] [blame] | 1 | /* |
| 2 | ** Copyright 2009, The Android Open Source Project |
| 3 | ** |
| 4 | ** Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | ** you may not use this file except in compliance with the License. |
| 6 | ** You may obtain a copy of the License at |
| 7 | ** |
| 8 | ** http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | ** |
| 10 | ** Unless required by applicable law or agreed to in writing, software |
| 11 | ** distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | ** See the License for the specific language governing permissions and |
| 14 | ** limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #ifndef __KEYMGMT_H__ |
| 18 | #define __KEYMGMT_H__ |
| 19 | |
| 20 | #define MASTER_KEY_TAG "master_key" |
| 21 | #define MASTER_KEY ".keymaster" |
| 22 | #define MAX_PATH_LEN 128 |
| 23 | #define SALT "Android Keystore 0.1" |
| 24 | #define NAME_DELIMITER "_" |
| 25 | #define KEYFILE_NAME "%s"NAME_DELIMITER"%s" |
| 26 | #define KEYGEN_ITER 1024 |
| 27 | #define AES_KEY_LEN 128 |
| 28 | #define USER_KEY_LEN (AES_KEY_LEN/8) |
| 29 | #define IV_LEN USER_KEY_LEN |
| Chung-yih Wang | a734207 | 2009-07-03 12:09:52 +0800 | [diff] [blame] | 30 | #define MAX_RETRY_COUNT 6 |
| 31 | #define MIN_PASSWD_LENGTH 8 |
| Chung-yih Wang | 70246eb | 2009-06-29 03:12:56 +0800 | [diff] [blame] | 32 | |
| 33 | #define gen_key(passwd, key, len) \ |
| 34 | PKCS5_PBKDF2_HMAC_SHA1(passwd, strlen(passwd), \ |
| 35 | (unsigned char*)SALT, \ |
| 36 | strlen(SALT), KEYGEN_ITER, \ |
| 37 | len, key) |
| 38 | |
| 39 | #define KEYFILE_LEN MAX_NAMESPACE_LENGTH + MAX_KEY_NAME_LENGTH + 6 |
| 40 | |
| 41 | #define get_blob_size(blob) \ |
| 42 | (((blob->value_size + sizeof(uint32_t) + MAX_KEY_NAME_LENGTH \ |
| 43 | + USER_KEY_LEN - 1) / USER_KEY_LEN) * USER_KEY_LEN) |
| 44 | |
| 45 | #define MAX_BLOB_LEN ((MAX_KEY_VALUE_LENGTH + MAX_KEY_NAME_LENGTH + \ |
| 46 | sizeof(uint32_t) + USER_KEY_LEN - 1) / USER_KEY_LEN)\ |
| 47 | * USER_KEY_LEN |
| 48 | |
| 49 | #define data_blob_size(blob) USER_KEY_LEN + sizeof(uint32_t) + blob->blob_size |
| 50 | |
| 51 | typedef struct { |
| 52 | unsigned char iv[USER_KEY_LEN]; |
| 53 | uint32_t blob_size; |
| 54 | union { |
| 55 | unsigned char blob[1]; |
| 56 | struct { |
| 57 | uint32_t value_size; |
| 58 | char keyname[MAX_KEY_NAME_LENGTH]; |
| 59 | unsigned char value[MAX_KEY_VALUE_LENGTH]; |
| 60 | } __attribute__((packed)); |
| 61 | }; |
| 62 | } DATA_BLOB; |
| 63 | |
| 64 | typedef struct { |
| 65 | char tag[USER_KEY_LEN]; |
| 66 | unsigned char master_key[USER_KEY_LEN]; |
| 67 | } MASTER_BLOB; |
| 68 | |
| 69 | int put_key(const char *namespace, const char *keyname, |
| 70 | unsigned char *data, int size); |
| 71 | int get_key(const char *namespace, const char *keyname, |
| 72 | unsigned char *data, int *size); |
| 73 | int remove_key(const char *namespace, const char *keyname); |
| 74 | int list_keys(const char *namespace, char reply[BUFFER_MAX]); |
| 75 | int passwd(char *data); |
| 76 | int lock(); |
| 77 | int unlock(char *passwd); |
| 78 | KEYSTORE_STATE get_state(); |
| 79 | int reset_keystore(); |
| 80 | int init_keystore(const char *dir); |
| 81 | |
| 82 | #endif |