summaryrefslogtreecommitdiffstats
path: root/include/hardware/keymaster_defs.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/hardware/keymaster_defs.h')
-rw-r--r--include/hardware/keymaster_defs.h73
1 files changed, 35 insertions, 38 deletions
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index 77067d5..32374f1 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -34,14 +34,14 @@ typedef enum {
KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */
KM_ENUM = 1 << 28,
KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */
- KM_INT = 3 << 28,
- KM_INT_REP = 4 << 28, /* Repeatable integer value */
- KM_LONG = 5 << 28,
+ KM_UINT = 3 << 28,
+ KM_UINT_REP = 4 << 28, /* Repeatable integer value */
+ KM_ULONG = 5 << 28,
KM_DATE = 6 << 28,
KM_BOOL = 7 << 28,
KM_BIGNUM = 8 << 28,
KM_BYTES = 9 << 28,
- KM_LONG_REP = 10 << 28, /* Repeatable long value */
+ KM_ULONG_REP = 10 << 28, /* Repeatable long value */
} keymaster_tag_type_t;
typedef enum {
@@ -54,14 +54,14 @@ typedef enum {
/* Crypto parameters */
KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */
KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */
- KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */
+ KM_TAG_KEY_SIZE = KM_UINT | 3, /* Key size in bits. */
KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4, /* keymaster_block_mode_t. */
KM_TAG_DIGEST = KM_ENUM_REP | 5, /* keymaster_digest_t. */
KM_TAG_PADDING = KM_ENUM_REP | 6, /* keymaster_padding_t. */
KM_TAG_CALLER_NONCE = KM_BOOL | 7, /* Allow caller to specify nonce or IV. */
/* Algorithm-specific. */
- KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */
+ KM_TAG_RSA_PUBLIC_EXPONENT = KM_ULONG | 200,
/* Other hardware-enforced. */
KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 301, /* keymaster_key_blob_usage_requirements_t */
@@ -78,34 +78,32 @@ typedef enum {
longer be created. */
KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402, /* Date when existing "messages" should no
longer be trusted. */
- KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403, /* Minimum elapsed time between
+ KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_UINT | 403, /* Minimum elapsed time between
cryptographic operations with the key. */
- KM_TAG_MAX_USES_PER_BOOT = KM_INT | 404, /* Number of times the key can be used per
+ KM_TAG_MAX_USES_PER_BOOT = KM_UINT | 404, /* Number of times the key can be used per
boot. */
/* User authentication */
- KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */
- KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if
- KM_TAG_ALL_USERS is present. */
- KM_TAG_USER_SECURE_ID = KM_LONG_REP | 502, /* Secure ID of authorized user or authenticator(s).
- Disallowed if KM_TAG_ALL_USERS or
- KM_TAG_NO_AUTH_REQUIRED is present. */
- KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503, /* If key is usable without authentication. */
- KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504, /* Bitmask of authenticator types allowed when
- * KM_TAG_USER_SECURE_ID contains a secure user ID,
- * rather than a secure authenticator ID. Defined in
- * hw_authenticator_type_t in hw_auth_token.h. */
- KM_TAG_AUTH_TIMEOUT = KM_INT | 505, /* Required freshness of user authentication for
- private/secret key operations, in seconds.
- Public key operations require no authentication.
- If absent, authentication is required for every
- use. Authentication state is lost when the
- device is powered off. */
+ KM_TAG_ALL_USERS = KM_BOOL | 500, /* Reserved for future use -- ignore */
+ KM_TAG_USER_ID = KM_UINT | 501, /* Reserved for future use -- ignore */
+ KM_TAG_USER_SECURE_ID = KM_ULONG_REP | 502, /* Secure ID of authorized user or authenticator(s).
+ Disallowed if KM_TAG_ALL_USERS or
+ KM_TAG_NO_AUTH_REQUIRED is present. */
+ KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503, /* If key is usable without authentication. */
+ KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504, /* Bitmask of authenticator types allowed when
+ * KM_TAG_USER_SECURE_ID contains a secure user ID,
+ * rather than a secure authenticator ID. Defined in
+ * hw_authenticator_type_t in hw_auth_token.h. */
+ KM_TAG_AUTH_TIMEOUT = KM_UINT | 505, /* Required freshness of user authentication for
+ private/secret key operations, in seconds.
+ Public key operations require no authentication.
+ If absent, authentication is required for every
+ use. Authentication state is lost when the
+ device is powered off. */
/* Application access control */
- KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* If key is usable by all applications. */
- KM_TAG_APPLICATION_ID = KM_BYTES | 601, /* ID of authorized application. Disallowed if
- KM_TAG_ALL_APPLICATIONS is present. */
+ KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* Reserved for future use -- ignore */
+ KM_TAG_APPLICATION_ID = KM_BYTES | 601, /* Reserved for fugure use -- ignore */
/*
* Semantically unenforceable tags, either because they have no specific meaning or because
@@ -121,13 +119,10 @@ typedef enum {
/* Tags used only to provide data to or receive data from operations */
KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000, /* Used to provide associated data for AEAD modes. */
KM_TAG_NONCE = KM_BYTES | 1001, /* Nonce or Initialization Vector */
- KM_TAG_AEAD_TAG = KM_BYTES | 1002, /* AEAD tag data. Returned from finish() during AEAD
- * encryption and provided to begin() during AEAD
- * decryption.*/
- KM_TAG_AUTH_TOKEN = KM_BYTES | 1003, /* Authentication token that proves secure user
+ KM_TAG_AUTH_TOKEN = KM_BYTES | 1002, /* Authentication token that proves secure user
authentication has been performed. Structure
defined in hw_auth_token_t in hw_auth_token.h. */
- KM_TAG_MAC_LENGTH = KM_INT | 1004, /* MAC or AEAD authentication tag length in bits. */
+ KM_TAG_MAC_LENGTH = KM_UINT | 1003, /* MAC or AEAD authentication tag length in bits. */
} keymaster_tag_t;
/**
@@ -338,7 +333,9 @@ typedef enum {
KM_ERROR_MISSING_NONCE = -51,
KM_ERROR_INVALID_NONCE = -52,
KM_ERROR_MISSING_MAC_LENGTH = -53,
+ KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = -54,
KM_ERROR_CALLER_NONCE_PROHIBITED = -55,
+ KM_ERROR_KEY_MAX_OPS_EXCEEDED = -56,
KM_ERROR_UNIMPLEMENTED = -100,
KM_ERROR_VERSION_MISMATCH = -101,
@@ -360,7 +357,7 @@ static inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) {
static inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) {
switch (type) {
- case KM_INT_REP:
+ case KM_UINT_REP:
case KM_ENUM_REP:
return true;
default:
@@ -443,11 +440,11 @@ inline int keymaster_param_compare(const keymaster_key_param_t* a, const keymast
case KM_ENUM:
case KM_ENUM_REP:
return KEYMASTER_SIMPLE_COMPARE(a->enumerated, b->enumerated);
- case KM_INT:
- case KM_INT_REP:
+ case KM_UINT:
+ case KM_UINT_REP:
return KEYMASTER_SIMPLE_COMPARE(a->integer, b->integer);
- case KM_LONG:
- case KM_LONG_REP:
+ case KM_ULONG:
+ case KM_ULONG_REP:
return KEYMASTER_SIMPLE_COMPARE(a->long_integer, b->long_integer);
case KM_DATE:
return KEYMASTER_SIMPLE_COMPARE(a->date_time, b->date_time);
generated by cgit v1.1 at 2024-05-18 03:54:49 +0000