Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 1 | /** |
| 2 | * Copyright (c) 2015, The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.security.keymaster; |
| 18 | |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 19 | import java.util.HashMap; |
| 20 | import java.util.Map; |
| 21 | |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 22 | /** |
| 23 | * Class tracking all the keymaster enum values needed for the binder API to keystore. |
| 24 | * This must be kept in sync with hardware/libhardware/include/hardware/keymaster_defs.h |
| 25 | * See keymaster_defs.h for detailed descriptions of each constant. |
| 26 | * @hide |
| 27 | */ |
| 28 | public final class KeymasterDefs { |
| 29 | |
| 30 | private KeymasterDefs() {} |
| 31 | |
| 32 | // Tag types. |
| 33 | public static final int KM_INVALID = 0 << 28; |
| 34 | public static final int KM_ENUM = 1 << 28; |
| 35 | public static final int KM_ENUM_REP = 2 << 28; |
| 36 | public static final int KM_INT = 3 << 28; |
| 37 | public static final int KM_INT_REP = 4 << 28; |
| 38 | public static final int KM_LONG = 5 << 28; |
| 39 | public static final int KM_DATE = 6 << 28; |
| 40 | public static final int KM_BOOL = 7 << 28; |
| 41 | public static final int KM_BIGNUM = 8 << 28; |
| 42 | public static final int KM_BYTES = 9 << 28; |
Shawn Willden | 7714a94 | 2015-03-14 08:35:57 -0600 | [diff] [blame] | 43 | public static final int KM_LONG_REP = 10 << 28; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 44 | |
| 45 | // Tag values. |
| 46 | public static final int KM_TAG_INVALID = KM_INVALID | 0; |
| 47 | public static final int KM_TAG_PURPOSE = KM_ENUM_REP | 1; |
| 48 | public static final int KM_TAG_ALGORITHM = KM_ENUM | 2; |
| 49 | public static final int KM_TAG_KEY_SIZE = KM_INT | 3; |
Chad Brubaker | 59f977c | 2015-03-05 14:46:16 -0800 | [diff] [blame] | 50 | public static final int KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4; |
| 51 | public static final int KM_TAG_DIGEST = KM_ENUM_REP | 5; |
| 52 | public static final int KM_TAG_PADDING = KM_ENUM_REP | 6; |
| 53 | public static final int KM_TAG_RETURN_UNAUTHED = KM_BOOL | 7; |
| 54 | public static final int KM_TAG_CALLER_NONCE = KM_BOOL | 8; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 55 | |
| 56 | public static final int KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101; |
| 57 | public static final int KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102; |
| 58 | public static final int KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705; |
| 59 | |
| 60 | public static final int KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 61 | public static final int KM_TAG_ACTIVE_DATETIME = KM_DATE | 400; |
| 62 | public static final int KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401; |
| 63 | public static final int KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402; |
| 64 | public static final int KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403; |
| 65 | public static final int KM_TAG_MAX_USES_PER_BOOT = KM_INT | 404; |
| 66 | |
| 67 | public static final int KM_TAG_ALL_USERS = KM_BOOL | 500; |
| 68 | public static final int KM_TAG_USER_ID = KM_INT | 501; |
Shawn Willden | 7714a94 | 2015-03-14 08:35:57 -0600 | [diff] [blame] | 69 | public static final int KM_TAG_USER_SECURE_ID = KM_LONG_REP | 502; |
| 70 | public static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503; |
Shawn Willden | e90774d | 2015-03-18 18:28:39 -0600 | [diff] [blame] | 71 | public static final int KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504; |
Shawn Willden | 7714a94 | 2015-03-14 08:35:57 -0600 | [diff] [blame] | 72 | public static final int KM_TAG_AUTH_TIMEOUT = KM_INT | 505; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 73 | |
| 74 | public static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600; |
| 75 | public static final int KM_TAG_APPLICATION_ID = KM_BYTES | 601; |
| 76 | |
| 77 | public static final int KM_TAG_APPLICATION_DATA = KM_BYTES | 700; |
| 78 | public static final int KM_TAG_CREATION_DATETIME = KM_DATE | 701; |
| 79 | public static final int KM_TAG_ORIGIN = KM_ENUM | 702; |
| 80 | public static final int KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703; |
| 81 | public static final int KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704; |
| 82 | |
| 83 | public static final int KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000; |
| 84 | public static final int KM_TAG_NONCE = KM_BYTES | 1001; |
| 85 | public static final int KM_TAG_CHUNK_LENGTH = KM_INT | 1002; |
Shawn Willden | fe2b1a8 | 2015-03-14 10:51:56 -0600 | [diff] [blame] | 86 | public static final int KM_TAG_AUTH_TOKEN = KM_BYTES | 1003; |
Chad Brubaker | 59f977c | 2015-03-05 14:46:16 -0800 | [diff] [blame] | 87 | public static final int KM_TAG_MAC_LENGTH = KM_INT | 1004; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 88 | |
| 89 | // Algorithm values. |
| 90 | public static final int KM_ALGORITHM_RSA = 1; |
Alex Klyubin | 862e6c7 | 2015-04-09 16:58:58 -0700 | [diff] [blame] | 91 | public static final int KM_ALGORITHM_EC = 3; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 92 | public static final int KM_ALGORITHM_AES = 32; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 93 | public static final int KM_ALGORITHM_HMAC = 128; |
| 94 | |
| 95 | // Block modes. |
| 96 | public static final int KM_MODE_FIRST_UNAUTHENTICATED = 1; |
| 97 | public static final int KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED; |
| 98 | public static final int KM_MODE_CBC = 2; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 99 | public static final int KM_MODE_CTR = 4; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 100 | public static final int KM_MODE_FIRST_AUTHENTICATED = 32; |
| 101 | public static final int KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 102 | |
| 103 | // Padding modes. |
| 104 | public static final int KM_PAD_NONE = 1; |
| 105 | public static final int KM_PAD_RSA_OAEP = 2; |
| 106 | public static final int KM_PAD_RSA_PSS = 3; |
| 107 | public static final int KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4; |
| 108 | public static final int KM_PAD_RSA_PKCS1_1_5_SIGN = 5; |
Alex Klyubin | 55f7c27 | 2015-04-09 19:59:00 -0700 | [diff] [blame] | 109 | public static final int KM_PAD_PKCS7 = 64; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 110 | |
| 111 | // Digest modes. |
| 112 | public static final int KM_DIGEST_NONE = 0; |
| 113 | public static final int KM_DIGEST_MD5 = 1; |
| 114 | public static final int KM_DIGEST_SHA1 = 2; |
| 115 | public static final int KM_DIGEST_SHA_2_224 = 3; |
| 116 | public static final int KM_DIGEST_SHA_2_256 = 4; |
| 117 | public static final int KM_DIGEST_SHA_2_384 = 5; |
| 118 | public static final int KM_DIGEST_SHA_2_512 = 6; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 119 | |
| 120 | // Key origins. |
| 121 | public static final int KM_ORIGIN_HARDWARE = 0; |
| 122 | public static final int KM_ORIGIN_SOFTWARE = 1; |
| 123 | public static final int KM_ORIGIN_IMPORTED = 2; |
| 124 | |
| 125 | // Key usability requirements. |
| 126 | public static final int KM_BLOB_STANDALONE = 0; |
| 127 | public static final int KM_BLOB_REQUIRES_FILE_SYSTEM = 1; |
| 128 | |
| 129 | // Operation Purposes. |
| 130 | public static final int KM_PURPOSE_ENCRYPT = 0; |
| 131 | public static final int KM_PURPOSE_DECRYPT = 1; |
| 132 | public static final int KM_PURPOSE_SIGN = 2; |
| 133 | public static final int KM_PURPOSE_VERIFY = 3; |
| 134 | |
| 135 | // Key formats. |
| 136 | public static final int KM_KEY_FORMAT_X509 = 0; |
| 137 | public static final int KM_KEY_FORMAT_PKCS8 = 1; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 138 | public static final int KM_KEY_FORMAT_RAW = 3; |
| 139 | |
Alex Klyubin | c46e9e7 | 2015-04-06 15:36:25 -0700 | [diff] [blame] | 140 | // User authenticators. |
| 141 | public static final int HW_AUTH_PASSWORD = 1 << 0; |
Alex Klyubin | 1620a65 | 2015-04-07 11:39:51 -0700 | [diff] [blame] | 142 | public static final int HW_AUTH_FINGERPRINT = 1 << 1; |
Alex Klyubin | c46e9e7 | 2015-04-06 15:36:25 -0700 | [diff] [blame] | 143 | |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 144 | // Error codes. |
| 145 | public static final int KM_ERROR_OK = 0; |
| 146 | public static final int KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1; |
| 147 | public static final int KM_ERROR_UNSUPPORTED_PURPOSE = -2; |
| 148 | public static final int KM_ERROR_INCOMPATIBLE_PURPOSE = -3; |
| 149 | public static final int KM_ERROR_UNSUPPORTED_ALGORITHM = -4; |
| 150 | public static final int KM_ERROR_INCOMPATIBLE_ALGORITHM = -5; |
| 151 | public static final int KM_ERROR_UNSUPPORTED_KEY_SIZE = -6; |
| 152 | public static final int KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7; |
| 153 | public static final int KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8; |
Alex Klyubin | c0eb55c | 2015-03-31 17:16:31 -0700 | [diff] [blame] | 154 | public static final int KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 155 | public static final int KM_ERROR_UNSUPPORTED_PADDING_MODE = -10; |
| 156 | public static final int KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11; |
| 157 | public static final int KM_ERROR_UNSUPPORTED_DIGEST = -12; |
| 158 | public static final int KM_ERROR_INCOMPATIBLE_DIGEST = -13; |
| 159 | public static final int KM_ERROR_INVALID_EXPIRATION_TIME = -14; |
| 160 | public static final int KM_ERROR_INVALID_USER_ID = -15; |
| 161 | public static final int KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16; |
| 162 | public static final int KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17; |
| 163 | public static final int KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18; |
| 164 | public static final int KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19; |
| 165 | public static final int KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20; |
| 166 | public static final int KM_ERROR_INVALID_INPUT_LENGTH = -21; |
| 167 | public static final int KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22; |
| 168 | public static final int KM_ERROR_DELEGATION_NOT_ALLOWED = -23; |
| 169 | public static final int KM_ERROR_KEY_NOT_YET_VALID = -24; |
| 170 | public static final int KM_ERROR_KEY_EXPIRED = -25; |
| 171 | public static final int KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26; |
| 172 | public static final int KM_ERROR_OUTPUT_PARAMETER_NULL = -27; |
| 173 | public static final int KM_ERROR_INVALID_OPERATION_HANDLE = -28; |
| 174 | public static final int KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29; |
| 175 | public static final int KM_ERROR_VERIFICATION_FAILED = -30; |
| 176 | public static final int KM_ERROR_TOO_MANY_OPERATIONS = -31; |
| 177 | public static final int KM_ERROR_UNEXPECTED_NULL_POINTER = -32; |
| 178 | public static final int KM_ERROR_INVALID_KEY_BLOB = -33; |
| 179 | public static final int KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34; |
| 180 | public static final int KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35; |
| 181 | public static final int KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36; |
| 182 | public static final int KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37; |
| 183 | public static final int KM_ERROR_INVALID_ARGUMENT = -38; |
| 184 | public static final int KM_ERROR_UNSUPPORTED_TAG = -39; |
| 185 | public static final int KM_ERROR_INVALID_TAG = -40; |
| 186 | public static final int KM_ERROR_MEMORY_ALLOCATION_FAILED = -41; |
| 187 | public static final int KM_ERROR_INVALID_RESCOPING = -42; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 188 | public static final int KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44; |
| 189 | public static final int KM_ERROR_SECURE_HW_ACCESS_DENIED = -45; |
| 190 | public static final int KM_ERROR_OPERATION_CANCELLED = -46; |
| 191 | public static final int KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47; |
| 192 | public static final int KM_ERROR_SECURE_HW_BUSY = -48; |
| 193 | public static final int KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49; |
| 194 | public static final int KM_ERROR_UNSUPPORTED_EC_FIELD = -50; |
Alex Klyubin | 37d81d0 | 2015-04-15 17:16:23 -0700 | [diff] [blame] | 195 | public static final int KM_ERROR_MISSING_NONCE = -51; |
| 196 | public static final int KM_ERROR_INVALID_NONCE = -52; |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 197 | public static final int KM_ERROR_UNIMPLEMENTED = -100; |
| 198 | public static final int KM_ERROR_VERSION_MISMATCH = -101; |
| 199 | public static final int KM_ERROR_UNKNOWN_ERROR = -1000; |
| 200 | |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 201 | public static final Map<Integer, String> sErrorCodeToString = new HashMap<Integer, String>(); |
| 202 | static { |
| 203 | sErrorCodeToString.put(KM_ERROR_OK, "OK"); |
| 204 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PURPOSE, "Unsupported purpose"); |
| 205 | sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PURPOSE, "Incompatible purpose"); |
| 206 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_ALGORITHM, "Unsupported algorithm"); |
| 207 | sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_ALGORITHM, "Incompatible algorithm"); |
| 208 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_SIZE, "Unsupported key size"); |
| 209 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_BLOCK_MODE, "Unsupported block mode"); |
| 210 | sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, "Incompatible block mode"); |
Alex Klyubin | c0eb55c | 2015-03-31 17:16:31 -0700 | [diff] [blame] | 211 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_MAC_LENGTH, |
| 212 | "Unsupported MAC or authentication tag length"); |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 213 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PADDING_MODE, "Unsupported padding mode"); |
| 214 | sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PADDING_MODE, "Incompatible padding mode"); |
| 215 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_DIGEST, "Unsupported digest"); |
| 216 | sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_DIGEST, "Incompatible digest"); |
| 217 | sErrorCodeToString.put(KM_ERROR_INVALID_EXPIRATION_TIME, "Invalid expiration time"); |
| 218 | sErrorCodeToString.put(KM_ERROR_INVALID_USER_ID, "Invalid user ID"); |
| 219 | sErrorCodeToString.put(KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT, |
| 220 | "Invalid user authorization timeout"); |
| 221 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_FORMAT, "Unsupported key format"); |
| 222 | sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_KEY_FORMAT, "Incompatible key format"); |
| 223 | sErrorCodeToString.put(KM_ERROR_INVALID_INPUT_LENGTH, "Invalid input length"); |
| 224 | sErrorCodeToString.put(KM_ERROR_KEY_NOT_YET_VALID, "Key not yet valid"); |
| 225 | sErrorCodeToString.put(KM_ERROR_KEY_EXPIRED, "Key expired"); |
| 226 | sErrorCodeToString.put(KM_ERROR_KEY_USER_NOT_AUTHENTICATED, "Key user not authenticated"); |
| 227 | sErrorCodeToString.put(KM_ERROR_INVALID_OPERATION_HANDLE, "Invalid operation handle"); |
| 228 | sErrorCodeToString.put(KM_ERROR_VERIFICATION_FAILED, "Signature/MAC verification failed"); |
| 229 | sErrorCodeToString.put(KM_ERROR_TOO_MANY_OPERATIONS, "Too many operations"); |
| 230 | sErrorCodeToString.put(KM_ERROR_INVALID_KEY_BLOB, "Invalid key blob"); |
| 231 | sErrorCodeToString.put(KM_ERROR_INVALID_ARGUMENT, "Invalid argument"); |
| 232 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_TAG, "Unsupported tag"); |
| 233 | sErrorCodeToString.put(KM_ERROR_INVALID_TAG, "Invalid tag"); |
| 234 | sErrorCodeToString.put(KM_ERROR_MEMORY_ALLOCATION_FAILED, "Memory allocation failed"); |
Alex Klyubin | c0eb55c | 2015-03-31 17:16:31 -0700 | [diff] [blame] | 235 | sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_EC_FIELD, "Unsupported EC field"); |
Alex Klyubin | 37d81d0 | 2015-04-15 17:16:23 -0700 | [diff] [blame] | 236 | sErrorCodeToString.put(KM_ERROR_MISSING_NONCE, "Required IV missing"); |
| 237 | sErrorCodeToString.put(KM_ERROR_INVALID_NONCE, "Invalid IV"); |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 238 | sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented"); |
| 239 | sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error"); |
| 240 | } |
| 241 | |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 242 | public static int getTagType(int tag) { |
| 243 | return tag & (0xF << 28); |
| 244 | } |
Alex Klyubin | d23a1f7 | 2015-03-27 14:39:28 -0700 | [diff] [blame] | 245 | |
| 246 | public static String getErrorMessage(int errorCode) { |
| 247 | String result = sErrorCodeToString.get(errorCode); |
| 248 | if (result != null) { |
| 249 | return result; |
| 250 | } |
| 251 | return String.valueOf(errorCode); |
| 252 | } |
Chad Brubaker | 45ff13e | 2015-01-21 14:00:55 -0800 | [diff] [blame] | 253 | } |