nagendra modadugu | bdcfaa8 | 2017-09-17 17:11:36 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2017 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | syntax = "proto3"; |
| 18 | |
| 19 | package nugget.app.keymaster; |
| 20 | |
Andrew Scull | b5f24a5 | 2017-10-13 19:46:40 +0100 | [diff] [blame] | 21 | /* |
| 22 | * Minimal type definitions required for building protos. Sourced from: |
| 23 | * ::android::hardware::keymaster::V3_0 |
| 24 | */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 25 | enum TagType { |
| 26 | TAG_TYPE_INVALID = 0x0; /* 0 << 16 */ |
| 27 | ENUM = 0x10000; /* 1 << 16 */ |
| 28 | ENUM_REP = 0x20000; /* 2 << 16 */ |
| 29 | UINT = 0x30000; /* 3 << 16 */ |
| 30 | UINT_REP = 0x40000; /* 4 << 16 */ |
| 31 | ULONG = 0x50000; /* 5 << 16 */ |
| 32 | DATE = 0x60000; /* 6 << 16 */ |
| 33 | BOOL = 0x70000; /* 7 << 16 */ |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 34 | /* BIGNUM = 0x80000; 8 << 16 */ /* Unused. */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 35 | BYTES = 0x90000; /* 9 << 16 */ |
| 36 | ULONG_REP = 0xA0000; /* 10 << 16 */ |
| 37 | }; |
| 38 | |
| 39 | enum Tag { |
| 40 | TAG_INVALID = 0; // (TagType:INVALID | 0) |
| 41 | PURPOSE = 0x20001; // (TagType:ENUM_REP | 1) |
| 42 | ALGORITHM = 0x10002; // (TagType:ENUM | 2) |
| 43 | KEY_SIZE = 0x30003; // (TagType:UINT | 3) |
| 44 | BLOCK_MODE = 0x20004; // (TagType:ENUM_REP | 4) |
| 45 | DIGEST = 0x20005; // (TagType:ENUM_REP | 5) |
| 46 | PADDING = 0x20006; // (TagType:ENUM_REP | 6) |
| 47 | CALLER_NONCE = 0x70007; // (TagType:BOOL | 7) |
| 48 | MIN_MAC_LENGTH = 0x30008; // (TagType:UINT | 8) |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 49 | /* RESERVED: KDF = 0x20009; // (TagType:ENUM_REP | 9) */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 50 | EC_CURVE = 0x1000a; // (TagType:ENUM | 10) |
| 51 | RSA_PUBLIC_EXPONENT = 0x500c8; // (TagType:ULONG | 200) |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 52 | /* RESERVED: ECIES_SINGLE_HASH_MODE = 0x700c9; // (TagType:BOOL | 201) */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 53 | INCLUDE_UNIQUE_ID = 0x700ca; // (TagType:BOOL | 202) |
| 54 | BLOB_USAGE_REQUIREMENTS = 0x1012d; // (TagType:ENUM | 301) |
| 55 | BOOTLOADER_ONLY = 0x7012e; // (TagType:BOOL | 302) |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 56 | ROLLBACK_RESISTANCE = 0x7012f; // (TagType:BOOL | 303) |
| 57 | HARDWARE_TYPE = 0x10130; // TagType:ENUM | 304, |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 58 | ACTIVE_DATETIME = 0x60190; // (TagType:DATE | 400) |
| 59 | ORIGINATION_EXPIRE_DATETIME = 0x60191; // (TagType:DATE | 401) |
| 60 | USAGE_EXPIRE_DATETIME = 0x60192; // (TagType:DATE | 402) |
| 61 | MIN_SECONDS_BETWEEN_OPS = 0x30193; // (TagType:UINT | 403) |
| 62 | MAX_USES_PER_BOOT = 0x30194; // (TagType:UINT | 404) |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 63 | /* RESERVED: ALL_USERS = 0x701f4; // (TagType:BOOL | 500) */ |
| 64 | /* RESERVED: USER_ID = 0x301f5; // (TagType:UINT | 501) */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 65 | USER_SECURE_ID = 0xa01f6; // (TagType:ULONG_REP | 502) |
| 66 | NO_AUTH_REQUIRED = 0x701f7; // (TagType:BOOL | 503) |
| 67 | USER_AUTH_TYPE = 0x101f8; // (TagType:ENUM | 504) |
| 68 | AUTH_TIMEOUT = 0x301f9; // (TagType:UINT | 505) |
| 69 | ALLOW_WHILE_ON_BODY = 0x701fa; // (TagType:BOOL | 506) |
nagendra modadugu | e52e8ab | 2018-01-10 08:08:00 -0800 | [diff] [blame] | 70 | TRUSTED_USER_PRESENCE_REQUIRED = 0x701fb; // (TagType:BOOL | 507) |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 71 | /* RESERVED: ALL_APPLICATIONS = 0x70258; // (TagType:BOOL | 600) */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 72 | APPLICATION_ID = 0x90259; // (TagType:BYTES | 601) |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 73 | /* RESERVED: EXPORTABLE = 0x7025a; // (TagType:BOOL | 602) */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 74 | APPLICATION_DATA = 0x902bc; // (TagType:BYTES | 700) |
| 75 | CREATION_DATETIME = 0x602bd; // (TagType:DATE | 701) |
| 76 | ORIGIN = 0x102be; // (TagType:ENUM | 702) |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 77 | /* RESERVED: ROLLBACK_RESISTANT = 0x702bf; // (TagType:BOOL | 703) */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 78 | ROOT_OF_TRUST = 0x902c0; // (TagType:BYTES | 704) |
| 79 | OS_VERSION = 0x302c1; // (TagType:UINT | 705) |
| 80 | OS_PATCHLEVEL = 0x302c2; // (TagType:UINT | 706) |
| 81 | UNIQUE_ID = 0x902c3; // (TagType:BYTES | 707) |
| 82 | ATTESTATION_CHALLENGE = 0x902c4; // (TagType:BYTES | 708) |
| 83 | ATTESTATION_APPLICATION_ID = 0x902c5; // (TagType:BYTES | 709) |
| 84 | ATTESTATION_ID_BRAND = 0x902c6; // (TagType:BYTES | 710) |
| 85 | ATTESTATION_ID_DEVICE = 0x902c7; // (TagType:BYTES | 711) |
| 86 | ATTESTATION_ID_PRODUCT = 0x902c8; // (TagType:BYTES | 712) |
| 87 | ATTESTATION_ID_SERIAL = 0x902c9; // (TagType:BYTES | 713) |
| 88 | ATTESTATION_ID_IMEI = 0x902ca; // (TagType:BYTES | 714) |
| 89 | ATTESTATION_ID_MEID = 0x902cb; // (TagType:BYTES | 715) |
| 90 | ATTESTATION_ID_MANUFACTURER = 0x902cc; // (TagType:BYTES | 716) |
| 91 | ATTESTATION_ID_MODEL = 0x902cd; // (TagType:BYTES | 717) |
Allen Webb | 91df0bd | 2018-05-24 09:01:05 -0700 | [diff] [blame] | 92 | VENDOR_PATCHLEVEL = 0x302ce; // (TagType:UINT | 718) |
| 93 | BOOT_PATCHLEVEL = 0x302cf; // (TagType:UINT | 719) |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 94 | ASSOCIATED_DATA = 0x903e8; // (TagType:BYTES | 1000) |
| 95 | NONCE = 0x903e9; // (TagType:BYTES | 1001) |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 96 | /* RESERVED: AUTH_TOKEN = 0x903ea; // (TagType:BYTES | 1002) */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 97 | MAC_LENGTH = 0x303eb; // (TagType:UINT | 1003) |
| 98 | RESET_SINCE_ID_ROTATION = 0x703ec; // (TagType:BOOL | 1004) |
| 99 | }; |
| 100 | |
| 101 | enum Algorithm { |
| 102 | RSA = 0; |
| 103 | EC = 1; |
| 104 | AES = 2; |
| 105 | DES = 3; |
| 106 | HMAC = 4; |
| 107 | ALGORITHM_MAX = 5; |
| 108 | }; |
| 109 | |
| 110 | enum BlockMode { |
| 111 | ECB = 0; |
| 112 | CBC = 1; |
| 113 | CTR = 2; |
| 114 | GCM = 3; |
| 115 | BLOCK_MODE_MAX = 4; |
| 116 | }; |
| 117 | |
| 118 | enum PaddingMode { |
| 119 | PADDING_NONE = 0; |
| 120 | PADDING_RSA_OAEP = 1; |
| 121 | PADDING_RSA_PSS = 2; |
| 122 | PADDING_RSA_PKCS1_1_5_ENCRYPT = 3; |
| 123 | PADDING_RSA_PKCS1_1_5_SIGN = 4; |
| 124 | PADDING_PKCS7 = 5; |
| 125 | PADDING_MODE_MAX = 6; |
| 126 | }; |
| 127 | |
| 128 | enum Digest { |
| 129 | DIGEST_NONE = 0; |
| 130 | DIGEST_MD5 = 1; |
| 131 | DIGEST_SHA1 = 2; |
| 132 | DIGEST_SHA_2_224 = 3; |
| 133 | DIGEST_SHA_2_256 = 4; |
| 134 | DIGEST_SHA_2_384 = 5; |
| 135 | DIGEST_SHA_2_512 = 6; |
| 136 | DIGEST_MAX = 7; |
| 137 | }; |
| 138 | |
| 139 | enum EcCurve { |
| 140 | P_224 = 0; |
| 141 | P_256 = 1; |
| 142 | P_384 = 2; |
| 143 | P_521 = 3; |
| 144 | EC_CURVE_MAX = 4; |
| 145 | }; |
| 146 | |
| 147 | enum KeyOrigin { |
| 148 | GENERATED = 0; |
| 149 | DERIVED = 1; |
| 150 | IMPORTED = 2; |
| 151 | UNKNOWN = 3; |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 152 | SECURELY_IMPORTED = 4; |
| 153 | KEY_ORIGIN_MAX = 5; |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 154 | }; |
| 155 | |
| 156 | enum KeyBlobUsageRequirements { |
| 157 | STANDALONE = 0; |
| 158 | REQUIRES_FILE_SYSTEM = 1; |
| 159 | KEY_USAGE_MAX = 2; |
| 160 | }; |
| 161 | |
Andrew Scull | b5f24a5 | 2017-10-13 19:46:40 +0100 | [diff] [blame] | 162 | enum KeyPurpose { |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 163 | ENCRYPT = 0; |
| 164 | DECRYPT = 1; |
| 165 | SIGN = 2; |
| 166 | VERIFY = 3; |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 167 | /* RESERVED: DERIVE_KEY = 4; */ |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 168 | WRAP_KEY = 5; |
| 169 | PURPOSE_MAX = 6; |
| 170 | }; |
| 171 | |
| 172 | enum ErrorCode { |
| 173 | OK = 0; |
| 174 | ROOT_OF_TRUST_ALREADY_SET = 1; |
| 175 | UNSUPPORTED_PURPOSE = 2; |
| 176 | INCOMPATIBLE_PURPOSE = 3; |
| 177 | UNSUPPORTED_ALGORITHM = 4; |
| 178 | INCOMPATIBLE_ALGORITHM = 5; |
| 179 | UNSUPPORTED_KEY_SIZE = 6; |
| 180 | UNSUPPORTED_BLOCK_MODE = 7; |
| 181 | INCOMPATIBLE_BLOCK_MODE = 8; |
| 182 | UNSUPPORTED_MAC_LENGTH = 9; |
| 183 | UNSUPPORTED_PADDING_MODE = 10; |
| 184 | INCOMPATIBLE_PADDING_MODE = 11; |
| 185 | UNSUPPORTED_DIGEST = 12; |
| 186 | INCOMPATIBLE_DIGEST = 13; |
| 187 | INVALID_EXPIRATION_TIME = 14; |
| 188 | INVALID_USER_ID = 15; |
| 189 | INVALID_AUTHORIZATION_TIMEOUT = 16; |
| 190 | UNSUPPORTED_KEY_FORMAT = 17; |
| 191 | INCOMPATIBLE_KEY_FORMAT = 18; |
| 192 | UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; |
| 193 | UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20; |
| 194 | INVALID_INPUT_LENGTH = 21; |
| 195 | KEY_EXPORT_OPTIONS_INVALID = 22; |
| 196 | DELEGATION_NOT_ALLOWED = 23; |
| 197 | KEY_NOT_YET_VALID = 24; |
| 198 | KEY_EXPIRED = 25; |
| 199 | KEY_USER_NOT_AUTHENTICATED = 26; |
| 200 | OUTPUT_PARAMETER_NULL = 27; |
| 201 | INVALID_OPERATION_HANDLE = 28; |
| 202 | INSUFFICIENT_BUFFER_SPACE = 29; |
| 203 | VERIFICATION_FAILED = 30; |
| 204 | TOO_MANY_OPERATIONS = 31; |
| 205 | UNEXPECTED_NULL_POINTER = 32; |
| 206 | INVALID_KEY_BLOB = 33; |
| 207 | IMPORTED_KEY_NOT_ENCRYPTED = 34; |
| 208 | IMPORTED_KEY_DECRYPTION_FAILED = 35; |
| 209 | IMPORTED_KEY_NOT_SIGNED = 36; |
| 210 | IMPORTED_KEY_VERIFICATION_FAILED = 37; |
| 211 | INVALID_ARGUMENT = 38; |
| 212 | UNSUPPORTED_TAG = 39; |
| 213 | INVALID_TAG = 40; |
| 214 | MEMORY_ALLOCATION_FAILED = 41; |
| 215 | IMPORT_PARAMETER_MISMATCH = 42; |
| 216 | SECURE_HW_ACCESS_DENIED = 43; |
| 217 | OPERATION_CANCELLED = 44; |
| 218 | CONCURRENT_ACCESS_CONFLICT = 45; |
| 219 | SECURE_HW_BUSY = 46; |
| 220 | SECURE_HW_COMMUNICATION_FAILED = 47; |
| 221 | UNSUPPORTED_EC_FIELD = 48; |
| 222 | MISSING_NONCE = 49; |
| 223 | INVALID_NONCE = 50; |
| 224 | MISSING_MAC_LENGTH = 51; |
| 225 | KEY_RATE_LIMIT_EXCEEDED = 52; |
| 226 | CALLER_NONCE_PROHIBITED = 53; |
| 227 | KEY_MAX_OPS_EXCEEDED = 54; |
| 228 | INVALID_MAC_LENGTH = 55; |
| 229 | MISSING_MIN_MAC_LENGTH = 56; |
| 230 | UNSUPPORTED_MIN_MAC_LENGTH = 57; |
| 231 | UNSUPPORTED_KDF = 58; |
| 232 | UNSUPPORTED_EC_CURVE = 59; |
| 233 | KEY_REQUIRES_UPGRADE = 60; |
| 234 | ATTESTATION_CHALLENGE_MISSING = 61; |
| 235 | KEYMASTER_NOT_CONFIGURED = 62; |
| 236 | ATTESTATION_APPLICATION_ID_MISSING = 63; |
| 237 | CANNOT_ATTEST_IDS = 64; |
| 238 | UNIMPLEMENTED = 65; |
| 239 | VERSION_MISMATCH = 66; |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 240 | ROLLBACK_RESISTANCE_UNAVAILABLE = 67; |
| 241 | HARDWARE_TYPE_UNAVAILABLE = 68; |
nagendra modadugu | e52e8ab | 2018-01-10 08:08:00 -0800 | [diff] [blame] | 242 | PROOF_OF_PRESENCE_REQUIRED = 69; |
| 243 | CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70; |
| 244 | UNKNOWN_ERROR = 71; |
nagendra modadugu | f32029b | 2018-03-27 15:30:13 -0700 | [diff] [blame] | 245 | INVALID_DEVICE_IDS = 72; // Vendor specific. |
| 246 | PRODUCTION_MODE_PROVISIONING = 73; // Vendor specific. |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 247 | }; |
| 248 | |
| 249 | enum HardwareAuthenticatorType { |
| 250 | AUTH_NONE = 0; |
| 251 | AUTH_PASSWORD = 1; // (1 << 0) |
| 252 | AUTH_FINGERPRINT = 2; // (1 << 1) |
| 253 | AUTH_ANY = 3; |
| 254 | AUTH_MAX = 4; |
| 255 | }; |
| 256 | |
| 257 | enum SecurityLevel { |
| 258 | SOFTWARE = 0; |
| 259 | TRUSTED_ENVIRONMENT = 1; |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 260 | STRONGBOX = 2; |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 261 | }; |
Andrew Scull | b5f24a5 | 2017-10-13 19:46:40 +0100 | [diff] [blame] | 262 | |
| 263 | enum KeyFormat { |
nagendra modadugu | ebfdd37 | 2017-10-25 23:52:25 -0700 | [diff] [blame] | 264 | X509 = 0; /* for public key export */ |
| 265 | PKCS8 = 1; /* for asymmetric key pair import */ |
nagendra modadugu | bdf53cd | 2017-12-04 21:28:02 -0800 | [diff] [blame] | 266 | RAW = 3; /* for symmetric key import and export*/ |
Andrew Scull | b5f24a5 | 2017-10-13 19:46:40 +0100 | [diff] [blame] | 267 | } |
Janis Danisevskis | e0a319a | 2018-04-11 16:51:44 -0700 | [diff] [blame] | 268 | |
| 269 | enum DTupError { |
| 270 | DTUP_OK = 0; |
| 271 | DTUP_NO_EVENT = 1; |
| 272 | } |
| 273 | |
| 274 | /* matches Linux event device codes */ |
| 275 | enum DTupKeyEvent { |
| 276 | DTUP_RESERVED = 0; |
| 277 | DTUP_VOL_DOWN = 114; |
| 278 | DTUP_VOL_UP = 115; |
| 279 | DTUP_PWR = 116; |
| 280 | } |
nagendra modadugu | 53158e9 | 2018-05-29 12:40:54 -0700 | [diff] [blame] | 281 | |
| 282 | enum BootColor { |
| 283 | BOOT_VERIFIED_GREEN = 0; |
| 284 | BOOT_SELFSIGNED_YELLOW = 1; |
| 285 | BOOT_UNVERIFIED_ORANGE = 2; |
| 286 | BOOT_VERIFY_FAILED_RED = 3; |
| 287 | } |