Skip to content

Add CryptoEngine and KeyVault HAL interfaces #387

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Ulrond wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

Add CryptoEngine and KeyVault HAL interfaces #387

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
bcb2f3b
Add CryptoEngine and KeyVault HAL interfaces
Ulrond Apr 1, 2026
52d089f
Add CMAC and Concat KDF support for Widevine OEMCrypto
Ulrond Apr 1, 2026
af8d63b
Rename to crypto_engine/key_vault and add design documentation
Ulrond Apr 1, 2026
1c9c9b2
Fix document headers to match repo pattern
Ulrond Apr 1, 2026
60278d5
Address Copilot review feedback
Ulrond Apr 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions crypto_engine/current/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
cmake_minimum_required(VERSION 3.8)
project(CryptoEngine LANGUAGES NONE VERSION 1.0)

if (NOT COMMAND compile_aidl)
message(FATAL_ERROR "Do not invoke module level CMake directly!\nInvoke CMake at root level instead!")
endif()

set(SRC_DIR com/rdk/hal/cryptoengine)

set(SRC
${SRC_DIR}/ICryptoEngine.aidl
${SRC_DIR}/ICryptoEngineController.aidl
${SRC_DIR}/ICryptoOperation.aidl
${SRC_DIR}/CryptoConfig.aidl
${SRC_DIR}/EngineCapabilities.aidl
${SRC_DIR}/Algorithm.aidl
${SRC_DIR}/BlockMode.aidl
${SRC_DIR}/Digest.aidl
${SRC_DIR}/EcCurve.aidl
${SRC_DIR}/KeyDerivation.aidl
${SRC_DIR}/KeyPurpose.aidl
${SRC_DIR}/KeyType.aidl
${SRC_DIR}/PaddingMode.aidl
${SRC_DIR}/SecurityLevel.aidl
)

set(INCLUDE_DIRECTORY
.
)

compile_aidl(${SRC} INCLUDE_DIRECTORY ${INCLUDE_DIRECTORY})
Copy link

Copilot AI Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This module CMakeLists does not forward the root-level AIDL_GEN_DIR / AIDL_BIN variables into compile_aidl(). Most other modules build a COMPILE_AIDL_ARGV list and pass TARGET_DIRECTORY ${AIDL_GEN_DIR} (and AIDL_BIN when set) so generated sources go under gen/ rather than the module source tree (e.g. avbuffer/current/CMakeLists.txt:56-67). As-is, building with the repo-root CMake will generate output into cryptoengine/current/, which is likely unintended and can dirty the working tree.

Suggested change
compile_aidl(${SRC} INCLUDE_DIRECTORY ${INCLUDE_DIRECTORY})
set(COMPILE_AIDL_ARGV
INCLUDE_DIRECTORY ${INCLUDE_DIRECTORY}
TARGET_DIRECTORY ${AIDL_GEN_DIR}
)
if (AIDL_BIN)
list(APPEND COMPILE_AIDL_ARGV AIDL_BIN ${AIDL_BIN})
endif()
compile_aidl(${SRC} ${COMPILE_AIDL_ARGV})

Copilot uses AI. Check for mistakes.
44 changes: 44 additions & 0 deletions crypto_engine/current/com/rdk/hal/cryptoengine/Algorithm.aidl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
/*
* If not stated otherwise in this file or this component's LICENSE file the
* following copyright and licenses apply:
*
* Copyright 2026 RDK Management
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.rdk.hal.cryptoengine;

/**
* @brief Cryptographic algorithms.
*
* Based on PRD Firebolt Cryptography Capabilities requirements and
* W3C WebCrypto algorithm registry.
*/
@VintfStability
@Backing(type="int")
enum Algorithm {
/** Not configured. Must be explicitly set by the caller. */
UNSET = -1,
/** AES symmetric cipher (128, 192, 256-bit). */
AES = 0,
/** Elliptic Curve (ECDSA sign/verify, ECDH key agreement, Ed25519). */
EC = 1,
/** HMAC message authentication code. */
HMAC = 2,
/** RSA asymmetric cipher (RSA-OAEP, RSA-PSS, RSASSA-PKCS1-v1_5). */
RSA = 3,
/** ChaCha20-Poly1305 authenticated encryption. */
CHACHA20_POLY1305 = 4,
/** CMAC message authentication code (AES-128). Required by Widevine OEMCrypto for key derivation. */
CMAC = 5,
}
39 changes: 39 additions & 0 deletions crypto_engine/current/com/rdk/hal/cryptoengine/BlockMode.aidl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/*
* If not stated otherwise in this file or this component's LICENSE file the
* following copyright and licenses apply:
*
* Copyright 2026 RDK Management
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.rdk.hal.cryptoengine;

/**
* @brief Block cipher modes.
*/
@VintfStability
@Backing(type="int")
enum BlockMode {
/** Not configured. Must be explicitly set by the caller. */
UNSET = -1,
/** Cipher Block Chaining. */
CBC = 0,
/** Counter mode. */
CTR = 1,
/** Galois/Counter Mode (authenticated encryption). */
GCM = 2,
/** Electronic Codebook (not recommended for general use). */
ECB = 3,
/** AES Key Wrap (RFC 3394). */
KW = 4,
}
112 changes: 112 additions & 0 deletions crypto_engine/current/com/rdk/hal/cryptoengine/CryptoConfig.aidl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
/*
* If not stated otherwise in this file or this component's LICENSE file the
* following copyright and licenses apply:
*
* Copyright 2026 RDK Management
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.rdk.hal.cryptoengine;

import com.rdk.hal.cryptoengine.Algorithm;
import com.rdk.hal.cryptoengine.BlockMode;
import com.rdk.hal.cryptoengine.Digest;
import com.rdk.hal.cryptoengine.EcCurve;
import com.rdk.hal.cryptoengine.KeyDerivation;
import com.rdk.hal.cryptoengine.PaddingMode;

/**
* @brief Configuration for a crypto operation.
*
* Used with ICryptoEngineController.begin() when operating on
* caller-provided key material (not vault-managed keys).
*
* Describes the full set of parameters needed for any supported
* crypto operation. Callers must explicitly set all fields relevant
* to the requested operation. Fields default to UNSET and the
* implementation must reject operations with unconfigured required fields.
*/
@VintfStability
parcelable CryptoConfig {

// -- Algorithm selection --

/** Algorithm to use (AES, EC, HMAC, RSA, ChaCha20-Poly1305). Must be set. */
Algorithm algorithm = Algorithm.UNSET;

// -- Symmetric cipher parameters --

/** Block mode for AES operations (CBC, CTR, GCM, ECB, KW). */
BlockMode blockMode = BlockMode.UNSET;
/** Padding mode (NONE, PKCS7 for AES; RSA_OAEP, RSA_PSS for RSA). */
PaddingMode paddingMode = PaddingMode.UNSET;
/** Key size in bits (128, 192, 256 for AES; 2048, 3072, 4096 for RSA). 0 = not set. */
int keySizeBits = 0;
/** Raw key material for standalone operations. Empty when using vault-managed keys. */
byte[] keyData = {};

/** Initialization vector or nonce.
*
* If null, the engine auto-generates a random IV using the hardware RNG
* and prepends it to the ciphertext output. On decrypt, the engine reads
* the IV from the first bytes of the ciphertext input.
*
* If provided, the engine uses the given IV as-is and does NOT prepend it
* to the output. The caller is responsible for storing and providing the
* IV on decrypt.
*
* Sizes: AES-CBC/CTR: 16 bytes. AES-GCM: 12 bytes. ChaCha20: 12 bytes. */
@nullable byte[] iv;

// -- Authenticated encryption parameters (GCM, ChaCha20-Poly1305) --

/** Additional authenticated data. Authenticated but not encrypted. */
@nullable byte[] aad;
/** Authentication tag length in bits (GCM: 96, 104, 112, 120, 128). 0 = not set. */
int macLengthBits = 0;

// -- Digest / HMAC parameters --

/** Digest algorithm for HMAC, sign/verify, and KDF operations. */
Digest digest = Digest.UNSET;

// -- Elliptic curve parameters --

/** EC curve for key generation or agreement (P-256, P-384, Ed25519, X25519). */
EcCurve ecCurve = EcCurve.UNSET;

// -- Key derivation parameters --

/** Key derivation function (HKDF, PBKDF2, NFLX-DH, DH). */
KeyDerivation kdf = KeyDerivation.UNSET;
/** Salt for HKDF or PBKDF2. Null for unsalted derivation.
* HKDF: recommended HashLen bytes (e.g. 32 for SHA-256), any length valid.
* PBKDF2: minimum 16 bytes (NIST SP 800-132). */
@nullable byte[] salt;
/** Info/context string for HKDF. */
@nullable byte[] info;
/** Iteration count for PBKDF2. 0 = not set. */
int pbkdf2Iterations = 0;
/** Desired output key length in bits for key derivation. 0 = not set. */
int derivedKeyLengthBits = 0;

// -- RSA parameters --

/** RSA public exponent. Only used for RSA key generation. 0 = not set. */
long rsaPublicExponent = 0;

// -- Key wrapping --

/** Wrapped key data for unwrap operations. */
@nullable byte[] wrappedKeyData;
}
39 changes: 39 additions & 0 deletions crypto_engine/current/com/rdk/hal/cryptoengine/Digest.aidl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
/*
* If not stated otherwise in this file or this component's LICENSE file the
* following copyright and licenses apply:
*
* Copyright 2026 RDK Management
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.rdk.hal.cryptoengine;

/**
* @brief Digest algorithms.
*
* Aligned with W3C WebCrypto digest algorithms.
*/
@VintfStability
@Backing(type="int")
enum Digest {
/** Not configured. Must be explicitly set by the caller. */
UNSET = -1,
NONE = 0,
SHA_2_224 = 2,
SHA_2_256 = 3,
SHA_2_384 = 4,
SHA_2_512 = 5,
SHA_3_256 = 6,
SHA_3_384 = 7,
SHA_3_512 = 8,
}
41 changes: 41 additions & 0 deletions crypto_engine/current/com/rdk/hal/cryptoengine/EcCurve.aidl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
/*
* If not stated otherwise in this file or this component's LICENSE file the
* following copyright and licenses apply:
*
* Copyright 2026 RDK Management
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.rdk.hal.cryptoengine;

/**
* @brief Elliptic curve identifiers.
*
* Aligned with W3C WebCrypto named curves.
*/
@VintfStability
@Backing(type="int")
enum EcCurve {
/** Not configured. Must be explicitly set by the caller. */
UNSET = -1,
/** NIST P-256 (secp256r1). Used by ECDSA and ECDH. */
P_256 = 0,
/** NIST P-384 (secp384r1). */
P_384 = 1,
/** NIST P-521 (secp521r1). */
P_521 = 2,
/** Curve25519 for Ed25519 signing. */
ED25519 = 3,
/** Curve25519 for X25519 key agreement. */
X25519 = 4,
}
50 changes: 50 additions & 0 deletions crypto_engine/current/com/rdk/hal/cryptoengine/EngineCapabilities.aidl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
/*
* If not stated otherwise in this file or this component's LICENSE file the
* following copyright and licenses apply:
*
* Copyright 2026 RDK Management
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.rdk.hal.cryptoengine;

import com.rdk.hal.cryptoengine.Algorithm;
import com.rdk.hal.cryptoengine.BlockMode;
import com.rdk.hal.cryptoengine.Digest;
import com.rdk.hal.cryptoengine.SecurityLevel;

/**
* @brief Capabilities of a crypto engine instance.
*
* Returned by ICryptoEngine.getCapabilities() to allow callers to
* introspect what the engine supports on this platform.
*/
@VintfStability
parcelable EngineCapabilities {
/** HAL version string. */
@utf8InCpp String halVersion;
/** Security level of this engine (SOFTWARE or TEE). */
SecurityLevel securityLevel = SecurityLevel.SOFTWARE;
/** Supported algorithms. */
Algorithm[] algorithms = {};
/** Supported block modes. */
BlockMode[] blockModes = {};
/** Supported digests. */
Digest[] digests = {};
/** Supported key sizes in bits. */
Copy link

Copilot AI Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EngineCapabilities.keySizes is a flat int[] which loses the association between supported algorithms and their valid key sizes (e.g. AES 128/192/256 vs RSA 2048/3072/4096). This makes capability-driven client validation ambiguous. Consider modelling key sizes per algorithm (e.g. an array of parcelables like {Algorithm algorithm; int[] sizes;}) or otherwise documenting that keySizes is a union and how callers should interpret it.

Suggested change
/** Supported key sizes in bits. */
/**
* @brief Supported key sizes in bits across all algorithms.
*
* This array is the union of all key sizes supported by the engine
* for the algorithms listed in {@link #algorithms}. It is not a
* per-algorithm mapping.
*
* Callers MUST NOT assume that every value in {@code keySizes}
* applies to every algorithm. For example, if {@code algorithms}
* contains AES and RSA and {@code keySizes} contains
* {128, 192, 256, 2048, 3072, 4096}, this does not imply that all
* sizes are valid for both AES and RSA.
*
* To validate support for a specific (Algorithm, keySize) pair,
* callers should consult algorithm-specific documentation for this
* platform or attempt the desired operation and handle failures.
*/

Copilot uses AI. Check for mistakes.
int[] keySizes = {};
/** Maximum concurrent operations. */
Comment on lines +38 to +46
Copy link

Copilot AI Apr 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EngineCapabilities is missing several capability dimensions that are declared in the CryptoEngine HFP and referenced in docs (e.g., padding modes, EC curves, key derivations, and per-algorithm key sizes). As-is, callers can’t reliably introspect what the engine supports. Consider adding explicit fields for these, or clarifying that they are not discoverable at runtime.

Copilot uses AI. Check for mistakes.
int maxConcurrentOperations = 0;
/** Whether hardware crypto acceleration is available. */
boolean hardwareAccelerated = false;
}
Loading
Loading