summaryrefslogtreecommitdiffstats
path: root/include/hardware/keymaster_defs.h
Commit message (Collapse)AuthorAgeFilesLines
* keymaster: Add SOTER tags and API definationsMao Li2016-08-191-0/+21
| | | | | | | Add SOTER tags and API definations according to SOTER specification. Change-Id: I20ba0f51d8825a326b51f47ef4d2a3e4f60e2172
* Correct keymaster1 documentation.Shawn Willden2015-07-231-2/+1
| | | | | Bug: 22291207 Change-Id: I130d2ab2110321dc2228d41a154750da3a3f0b75
* Add KM_TAG_MIN_MAC_LENGTH.Shawn Willden2015-07-151-0/+5
| | | | | | | | | | This allows the binding of minimum length for MACs or tags to HMAC keys and AEAD symmetric keys. Later attempts to use these keys with a shorter MAC or tag specification (provided to begin() with KM_TAG_MAC_LENGTH) will fail with KM_ERROR_INVALID_MAC_LENGTH. Bug: 22337277 Change-Id: Ic5292ce01bdd6ecde25aad115e4b407aadc85f23
* Revert "Revert "Rename keymaster tag types to clarify that integers are ↵Shawn Willden2015-06-241-30/+30
| | | | | | | | unsigned."" This reverts commit 1fb6c227deb04b66dc0fe947a7ebb027dde0ecda. Change-Id: Iccc8a7ff40a694b1e4420a5de4b847e62289ff42
* Revert "Rename keymaster tag types to clarify that integers are unsigned."Shawn Willden2015-06-241-30/+30
| | | | | | This reverts commit 335920edaec77b77eac09f7966c337cbed93aa17. Change-Id: Ib65f744b93ad2b62d5848dcf743397124a08911b
* Rename keymaster tag types to clarify that integers are unsigned.Shawn Willden2015-06-241-30/+30
| | | | | Bug: 22008538 Change-Id: I699a0f03aaf0f9f49a78b310763364fc2fb34c90
* Add new error codes for rate-limit and max-use failures.Shawn Willden2015-06-181-0/+2
| | | | | Bug: 21607106 Change-Id: I2e5515efe51b84200ade8c4c4cc5db3800d4b658
* Update comments on now-unsed user ID and app ID tags.Shawn Willden2015-06-181-6/+4
| | | | | | | | | I'd just remove them but Trusty keymaster has been generating keys with KM_TAG_ALL_USERS and KM_TAG_ALL_APPLICATIONS, so removing them without breaking those keys is tricky. Plus I think they may come back. Bug: 21845167 Change-Id: I3b807e3e4bee64eba72b7fa6f1ee1929c4ca9dd0
* Remove KM_TAG_AEAD_TAG.Shawn Willden2015-06-181-5/+2
| | | | | Bug: 19919114 Change-Id: I06fdd0f9b8e247587d800031d3367078423baa50
* Fix extern "C" guards.Shawn Willden2015-06-031-2/+2
| | | | Change-Id: Ibc8e023e3712903dbcbfac5fc64223e32775fe40
* Remove KM_TAG_CHUNK_LENGTH and add KM_TAG_AEAD_TAGShawn Willden2015-06-021-6/+5
| | | | | Bug: 19919114 Change-Id: I384f3d2fee2f68279c6518d9ac0a79e29bed0e52
* Fix block mode numbering (CTR got added as 4 rather than 3)Shawn Willden2015-06-011-8/+3
| | | | Change-Id: I8c886c67ba081255ef18eb0f99ca1e6003fabb33
* Add KM_TAG_BOOTLOADER_ONLY.Shawn Willden2015-05-121-6/+7
| | | | | Change-Id: Ia507a1378487640683985dbce2e76679261900d3 (cherry picked from commit 3eed99a54b55a120c835de63b5872121b2fe98d1)
* Remove rescoping.Shawn Willden2015-05-121-4/+0
| | | | | | | | | Rescoping was never a very good solution to the problem of supporting multiple sets of authorizations for a given key material. For M we're removing it and in the future a better solution will be provided. Change-Id: I6f7585274487bd66e4d90e89014af41e9aa30411 (cherry picked from commit 7f10ab99fc63e99252d924b9e0bdfefef5374b40)
* Add KM_ERROR_CALLER_NONCE_PROHIBITED error code.Shawn Willden2015-04-291-0/+1
| | | | | Bug: 20127433 Change-Id: I32eab62459003c526d3cf9ef108be7b2fd709960
* Add KM_ORIGIN_UNKNOWN.Shawn Willden2015-04-131-1/+5
| | | | | | | This designates keys whose origin cannot be determined because the keymaster implementation is old and did not record it. Change-Id: I3c366d527ed211c59f6dc04ddb48f3e9b3a07c7d
* Make several key crypto parameters repeatable.Shawn Willden2015-04-101-6/+6
| | | | | | | | | Note that there's a pre-requisite to landing this CL: The Nexus 9 keystore.flounder.so must be modified to translate between new and old tag numbers when the TEE side is version 0. Bug: 19509156 Change-Id: Ic584d8a6bf5601f9754563b67b3cc6b3ca6b5ff9
* Simplify keymaster_key_origin_t.Shawn Willden2015-04-101-4/+5
| | | | Change-Id: Iaba6156f238ea3bb1ad103b88ccea17344d296af
* Reduce the list of keymaster key formats to the required set.Shawn Willden2015-04-091-4/+3
| | | | Change-Id: I3a0830ab2066d4c16c084d19040ec98e520896d4
* Reduce the list of keymaster padding modes to the required set.Shawn Willden2015-04-091-8/+4
| | | | Change-Id: If04ffc8e92678f57e2b730f77c0fab195e1096c4
* Reduce keymaster digest list to required set.Shawn Willden2015-04-091-13/+9
| | | | Change-Id: Id5c660feb7e71ea76473523e3a86e1ba01f19c82
* Reduce keymaster block modes to the required set.Shawn Willden2015-04-091-19/+8
| | | | Change-Id: I8f804978208e2c8701bd52dc79b5597a307b7e7a
* Reduce keymaster algorithm list to the required set.Shawn Willden2015-04-091-28/+8
| | | | Change-Id: Ibffddc5c3a5c728182f5ca7f6a76381413fc8645
* Add KM_TAG_USER_SECURE_ID.Shawn Willden2015-03-181-14/+19
| | | | | | | | | | This tag identifies the user authorized to use the key. Unlike KM_TAG_USER_ID, its value does not reference the Linux-side user ID, but a secure-world user ID, generated and managed by secure-world authentication apps. Bug: 19511945 Change-Id: I629ab2c47ee6d42de20a963ef283e330364c8ee7
* Use extern "C" rather than BEGIN/END_DECLS.Shawn Willden2015-03-181-2/+6
| | | | | | | For compatibility with Trusty. I'll probably revert this later after I find a proper fix for Trusty. Change-Id: I49b4ae55251398eec2a6633e09bbc468f16a4d14
* Add KM_TAG_AUTH_TOKEN and corresponding auth token structure.Shawn Willden2015-03-181-6/+5
| | | | | | | | We may want to put the auth token structure elsewhere; it's consumed by keymaster but produced by other components. Bug: 19511945 Change-Id: Id9a22ad32137f3e0380c2812f790bbecab511d11
* Add error codes.Shawn Willden2015-03-111-0/+5
| | | | Change-Id: I78cac1887fd41dd426e7d125a5f9c54e73188983
* Add keymaster_key_param_compare function.Shawn Willden2015-03-041-0/+48
| | | | | | This provides a reasonable ordering for params. Change-Id: I1e3b403070d9e7621cc55c03ff9876ea3bbc699f
* Separate keymaster0 and keymaster1 HALs.Shawn Willden2015-02-241-117/+1
| | | | | | | | | For now the keymaster1 HAL still includes all of the keymaster0 entry points, and soft_keymaster_device will continue to implement them. In the near future the keymaster0 entry points will be removed, as soon as we can ensure that keystore no longer needs them. Change-Id: I5c54282c12d1c4b8b22ed4929b6e6c724a94ede4
* Clarify the meaning of KM_TAG_MAC_LENGTH.Alex Klyubin2015-02-201-1/+1
| | | | Change-Id: I18478923059783e955613142a8d3352f98f5d7b0
* Merge changes Id4bdfdcb,Ib94f3606Shawn Willden2015-02-181-9/+12
|\ | | | | | | | | | | * changes: Added insecure (chunkless) AEAD option. Add additional param lists to update and finish.
| * Added insecure (chunkless) AEAD option.Shawn Willden2015-02-101-9/+12
| | | | | | | | | | | | | | Also moved chunk length specification to operation parameter rather than keygen parameter. Change-Id: Id4bdfdcb1c7b64b3f22b4027e037e37c2860ec39
* | Merge "Rename KM_TAG_ADDITIONAL_DATA to KM_TAG_ASSOCIATED_DATA"Shawn Willden2015-02-181-2/+2
|\ \ | |/
| * Rename KM_TAG_ADDITIONAL_DATA to KM_TAG_ASSOCIATED_DATAShawn Willden2015-02-091-2/+2
| | | | | | | | Change-Id: Ieddd706ee205100719f7e2f9e18b3d9b07c37669
* | Add explicit values to keymaster_key_format_tChad Brubaker2015-02-131-4/+4
|/ | | | Change-Id: I4113286396b16ca687fbd8bc38b2f16063fc1024
* Add raw key format, for symmetric key import.Shawn Willden2015-02-031-0/+1
| | | | Change-Id: I38700cdafcf1f244584d6e88f8d9540c70a7de56
* Remove "required" label from DSA algorithm.Shawn Willden2015-02-031-1/+1
| | | | Change-Id: I088e6094ec56f434356d11ab2032b1a5b1223334
* Add tag to allow caller-specified nonce.Shawn Willden2015-02-021-23/+24
| | | | Change-Id: I7c3c5bd5f26a4d465554c998f673e0ee2ab8b86e
* Rename KM_ERROR_UNSUPPORTED_TAG_LENGTH toShawn Willden2015-01-261-1/+1
| | | | | | KM_ERROR_UNSUPPORTED_MAC_LENGTH. Change-Id: I514a136b5cbdb1ab1df67d44a22d68a09427a711
* Change per-boot tag and remove rescope auth timeout tag.Shawn Willden2015-01-231-9/+5
| | | | | | | | | | | Change the boolean KM_TAG_SINGLE_USE_PER_BOOT to an integer-valued KM_TAG_USES_PER_BOOT. This makes it more flexible without changing implementation complexity. Remove KM_TAG_RESCOPE_AUTH_TIMEOUT because there's no clear use case and it seems unnecessarily complex. Change-Id: Iad1512f5cc80f517e5ea7622288179c162bed2ad
* Define keymaster HAL v0.4.Shawn Willden2015-01-221-0/+614
Change-Id: I040412443bbbe25bce3d44759d710b78eac36caa
generated by cgit v1.1 at 2024-05-24 01:12:14 +0000