Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / bba3270c34c9ee5e70a02d39e398114600d6a553 / . / core / java / android / security / keymaster / KeymasterDefs.java
blob: 40baf9ce1322d9d6cc22eb56ede774e0fee3d4bf [file] [log] [blame]
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]1/**
2 * Copyright (c) 2015, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security.keymaster;
18
Alex Klyubind23a1f72015-03-27 14:39:28 -0700[diff] [blame]19import java.util.HashMap;
20import java.util.Map;
21
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]22/**
23 * Class tracking all the keymaster enum values needed for the binder API to keystore.
24 * This must be kept in sync with hardware/libhardware/include/hardware/keymaster_defs.h
25 * See keymaster_defs.h for detailed descriptions of each constant.
26 * @hide
27 */
28public final class KeymasterDefs {
29
30 private KeymasterDefs() {}
31
32 // Tag types.
33 public static final int KM_INVALID = 0 << 28;
34 public static final int KM_ENUM = 1 << 28;
35 public static final int KM_ENUM_REP = 2 << 28;
36 public static final int KM_INT = 3 << 28;
37 public static final int KM_INT_REP = 4 << 28;
38 public static final int KM_LONG = 5 << 28;
39 public static final int KM_DATE = 6 << 28;
40 public static final int KM_BOOL = 7 << 28;
41 public static final int KM_BIGNUM = 8 << 28;
42 public static final int KM_BYTES = 9 << 28;
Shawn Willden7714a942015-03-14 08:35:57 -0600[diff] [blame]43 public static final int KM_LONG_REP = 10 << 28;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]44
45 // Tag values.
46 public static final int KM_TAG_INVALID = KM_INVALID | 0;
47 public static final int KM_TAG_PURPOSE = KM_ENUM_REP | 1;
48 public static final int KM_TAG_ALGORITHM = KM_ENUM | 2;
49 public static final int KM_TAG_KEY_SIZE = KM_INT | 3;
Chad Brubaker59f977c2015-03-05 14:46:16 -0800[diff] [blame]50 public static final int KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4;
51 public static final int KM_TAG_DIGEST = KM_ENUM_REP | 5;
52 public static final int KM_TAG_PADDING = KM_ENUM_REP | 6;
53 public static final int KM_TAG_RETURN_UNAUTHED = KM_BOOL | 7;
54 public static final int KM_TAG_CALLER_NONCE = KM_BOOL | 8;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]55
56 public static final int KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101;
57 public static final int KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102;
58 public static final int KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705;
59
60 public static final int KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]61 public static final int KM_TAG_ACTIVE_DATETIME = KM_DATE | 400;
62 public static final int KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401;
63 public static final int KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402;
64 public static final int KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403;
65 public static final int KM_TAG_MAX_USES_PER_BOOT = KM_INT | 404;
66
67 public static final int KM_TAG_ALL_USERS = KM_BOOL | 500;
68 public static final int KM_TAG_USER_ID = KM_INT | 501;
Shawn Willden7714a942015-03-14 08:35:57 -0600[diff] [blame]69 public static final int KM_TAG_USER_SECURE_ID = KM_LONG_REP | 502;
70 public static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503;
Shawn Willdene90774d2015-03-18 18:28:39 -0600[diff] [blame]71 public static final int KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504;
Shawn Willden7714a942015-03-14 08:35:57 -0600[diff] [blame]72 public static final int KM_TAG_AUTH_TIMEOUT = KM_INT | 505;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]73
74 public static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600;
75 public static final int KM_TAG_APPLICATION_ID = KM_BYTES | 601;
76
77 public static final int KM_TAG_APPLICATION_DATA = KM_BYTES | 700;
78 public static final int KM_TAG_CREATION_DATETIME = KM_DATE | 701;
79 public static final int KM_TAG_ORIGIN = KM_ENUM | 702;
80 public static final int KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703;
81 public static final int KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704;
82
83 public static final int KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000;
84 public static final int KM_TAG_NONCE = KM_BYTES | 1001;
85 public static final int KM_TAG_CHUNK_LENGTH = KM_INT | 1002;
Shawn Willdenfe2b1a82015-03-14 10:51:56 -0600[diff] [blame]86 public static final int KM_TAG_AUTH_TOKEN = KM_BYTES | 1003;
Chad Brubaker59f977c2015-03-05 14:46:16 -0800[diff] [blame]87 public static final int KM_TAG_MAC_LENGTH = KM_INT | 1004;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]88
89 // Algorithm values.
90 public static final int KM_ALGORITHM_RSA = 1;
Alex Klyubin862e6c72015-04-09 16:58:58 -0700[diff] [blame]91 public static final int KM_ALGORITHM_EC = 3;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]92 public static final int KM_ALGORITHM_AES = 32;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]93 public static final int KM_ALGORITHM_HMAC = 128;
94
95 // Block modes.
96 public static final int KM_MODE_FIRST_UNAUTHENTICATED = 1;
97 public static final int KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED;
98 public static final int KM_MODE_CBC = 2;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]99 public static final int KM_MODE_CTR = 4;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]100 public static final int KM_MODE_FIRST_AUTHENTICATED = 32;
101 public static final int KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]102
103 // Padding modes.
104 public static final int KM_PAD_NONE = 1;
105 public static final int KM_PAD_RSA_OAEP = 2;
106 public static final int KM_PAD_RSA_PSS = 3;
107 public static final int KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4;
108 public static final int KM_PAD_RSA_PKCS1_1_5_SIGN = 5;
Alex Klyubin55f7c272015-04-09 19:59:00 -0700[diff] [blame]109 public static final int KM_PAD_PKCS7 = 64;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]110
111 // Digest modes.
112 public static final int KM_DIGEST_NONE = 0;
113 public static final int KM_DIGEST_MD5 = 1;
114 public static final int KM_DIGEST_SHA1 = 2;
115 public static final int KM_DIGEST_SHA_2_224 = 3;
116 public static final int KM_DIGEST_SHA_2_256 = 4;
117 public static final int KM_DIGEST_SHA_2_384 = 5;
118 public static final int KM_DIGEST_SHA_2_512 = 6;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]119
120 // Key origins.
Alex Klyubin45d27832015-04-14 10:52:34 -0700[diff] [blame]121 public static final int KM_ORIGIN_GENERATED = 0;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]122 public static final int KM_ORIGIN_IMPORTED = 2;
Alex Klyubin45d27832015-04-14 10:52:34 -0700[diff] [blame]123 public static final int KM_ORIGIN_UNKNOWN = 3;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]124
125 // Key usability requirements.
126 public static final int KM_BLOB_STANDALONE = 0;
127 public static final int KM_BLOB_REQUIRES_FILE_SYSTEM = 1;
128
129 // Operation Purposes.
130 public static final int KM_PURPOSE_ENCRYPT = 0;
131 public static final int KM_PURPOSE_DECRYPT = 1;
132 public static final int KM_PURPOSE_SIGN = 2;
133 public static final int KM_PURPOSE_VERIFY = 3;
134
135 // Key formats.
136 public static final int KM_KEY_FORMAT_X509 = 0;
137 public static final int KM_KEY_FORMAT_PKCS8 = 1;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]138 public static final int KM_KEY_FORMAT_RAW = 3;
139
Alex Klyubinc46e9e72015-04-06 15:36:25 -0700[diff] [blame]140 // User authenticators.
141 public static final int HW_AUTH_PASSWORD = 1 << 0;
Alex Klyubin1620a652015-04-07 11:39:51 -0700[diff] [blame]142 public static final int HW_AUTH_FINGERPRINT = 1 << 1;
Alex Klyubinc46e9e72015-04-06 15:36:25 -0700[diff] [blame]143
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]144 // Error codes.
145 public static final int KM_ERROR_OK = 0;
146 public static final int KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1;
147 public static final int KM_ERROR_UNSUPPORTED_PURPOSE = -2;
148 public static final int KM_ERROR_INCOMPATIBLE_PURPOSE = -3;
149 public static final int KM_ERROR_UNSUPPORTED_ALGORITHM = -4;
150 public static final int KM_ERROR_INCOMPATIBLE_ALGORITHM = -5;
151 public static final int KM_ERROR_UNSUPPORTED_KEY_SIZE = -6;
152 public static final int KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7;
153 public static final int KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8;
Alex Klyubinc0eb55c2015-03-31 17:16:31 -0700[diff] [blame]154 public static final int KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]155 public static final int KM_ERROR_UNSUPPORTED_PADDING_MODE = -10;
156 public static final int KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11;
157 public static final int KM_ERROR_UNSUPPORTED_DIGEST = -12;
158 public static final int KM_ERROR_INCOMPATIBLE_DIGEST = -13;
159 public static final int KM_ERROR_INVALID_EXPIRATION_TIME = -14;
160 public static final int KM_ERROR_INVALID_USER_ID = -15;
161 public static final int KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16;
162 public static final int KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17;
163 public static final int KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18;
164 public static final int KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19;
165 public static final int KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20;
166 public static final int KM_ERROR_INVALID_INPUT_LENGTH = -21;
167 public static final int KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22;
168 public static final int KM_ERROR_DELEGATION_NOT_ALLOWED = -23;
169 public static final int KM_ERROR_KEY_NOT_YET_VALID = -24;
170 public static final int KM_ERROR_KEY_EXPIRED = -25;
171 public static final int KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26;
172 public static final int KM_ERROR_OUTPUT_PARAMETER_NULL = -27;
173 public static final int KM_ERROR_INVALID_OPERATION_HANDLE = -28;
174 public static final int KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29;
175 public static final int KM_ERROR_VERIFICATION_FAILED = -30;
176 public static final int KM_ERROR_TOO_MANY_OPERATIONS = -31;
177 public static final int KM_ERROR_UNEXPECTED_NULL_POINTER = -32;
178 public static final int KM_ERROR_INVALID_KEY_BLOB = -33;
179 public static final int KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34;
180 public static final int KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35;
181 public static final int KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36;
182 public static final int KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37;
183 public static final int KM_ERROR_INVALID_ARGUMENT = -38;
184 public static final int KM_ERROR_UNSUPPORTED_TAG = -39;
185 public static final int KM_ERROR_INVALID_TAG = -40;
186 public static final int KM_ERROR_MEMORY_ALLOCATION_FAILED = -41;
187 public static final int KM_ERROR_INVALID_RESCOPING = -42;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]188 public static final int KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44;
189 public static final int KM_ERROR_SECURE_HW_ACCESS_DENIED = -45;
190 public static final int KM_ERROR_OPERATION_CANCELLED = -46;
191 public static final int KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47;
192 public static final int KM_ERROR_SECURE_HW_BUSY = -48;
193 public static final int KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49;
194 public static final int KM_ERROR_UNSUPPORTED_EC_FIELD = -50;
Alex Klyubin37d81d02015-04-15 17:16:23 -0700[diff] [blame]195 public static final int KM_ERROR_MISSING_NONCE = -51;
196 public static final int KM_ERROR_INVALID_NONCE = -52;
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]197 public static final int KM_ERROR_UNIMPLEMENTED = -100;
198 public static final int KM_ERROR_VERSION_MISMATCH = -101;
199 public static final int KM_ERROR_UNKNOWN_ERROR = -1000;
200
Alex Klyubind23a1f72015-03-27 14:39:28 -0700[diff] [blame]201 public static final Map<Integer, String> sErrorCodeToString = new HashMap<Integer, String>();
202 static {
203 sErrorCodeToString.put(KM_ERROR_OK, "OK");
204 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PURPOSE, "Unsupported purpose");
205 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PURPOSE, "Incompatible purpose");
206 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_ALGORITHM, "Unsupported algorithm");
207 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_ALGORITHM, "Incompatible algorithm");
208 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_SIZE, "Unsupported key size");
209 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_BLOCK_MODE, "Unsupported block mode");
210 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, "Incompatible block mode");
Alex Klyubinc0eb55c2015-03-31 17:16:31 -0700[diff] [blame]211 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_MAC_LENGTH,
212 "Unsupported MAC or authentication tag length");
Alex Klyubind23a1f72015-03-27 14:39:28 -0700[diff] [blame]213 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PADDING_MODE, "Unsupported padding mode");
214 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PADDING_MODE, "Incompatible padding mode");
215 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_DIGEST, "Unsupported digest");
216 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_DIGEST, "Incompatible digest");
217 sErrorCodeToString.put(KM_ERROR_INVALID_EXPIRATION_TIME, "Invalid expiration time");
218 sErrorCodeToString.put(KM_ERROR_INVALID_USER_ID, "Invalid user ID");
219 sErrorCodeToString.put(KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT,
220 "Invalid user authorization timeout");
221 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_FORMAT, "Unsupported key format");
222 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_KEY_FORMAT, "Incompatible key format");
223 sErrorCodeToString.put(KM_ERROR_INVALID_INPUT_LENGTH, "Invalid input length");
224 sErrorCodeToString.put(KM_ERROR_KEY_NOT_YET_VALID, "Key not yet valid");
225 sErrorCodeToString.put(KM_ERROR_KEY_EXPIRED, "Key expired");
226 sErrorCodeToString.put(KM_ERROR_KEY_USER_NOT_AUTHENTICATED, "Key user not authenticated");
227 sErrorCodeToString.put(KM_ERROR_INVALID_OPERATION_HANDLE, "Invalid operation handle");
228 sErrorCodeToString.put(KM_ERROR_VERIFICATION_FAILED, "Signature/MAC verification failed");
229 sErrorCodeToString.put(KM_ERROR_TOO_MANY_OPERATIONS, "Too many operations");
230 sErrorCodeToString.put(KM_ERROR_INVALID_KEY_BLOB, "Invalid key blob");
231 sErrorCodeToString.put(KM_ERROR_INVALID_ARGUMENT, "Invalid argument");
232 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_TAG, "Unsupported tag");
233 sErrorCodeToString.put(KM_ERROR_INVALID_TAG, "Invalid tag");
234 sErrorCodeToString.put(KM_ERROR_MEMORY_ALLOCATION_FAILED, "Memory allocation failed");
Alex Klyubinc0eb55c2015-03-31 17:16:31 -0700[diff] [blame]235 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_EC_FIELD, "Unsupported EC field");
Alex Klyubin37d81d02015-04-15 17:16:23 -0700[diff] [blame]236 sErrorCodeToString.put(KM_ERROR_MISSING_NONCE, "Required IV missing");
237 sErrorCodeToString.put(KM_ERROR_INVALID_NONCE, "Invalid IV");
Alex Klyubind23a1f72015-03-27 14:39:28 -0700[diff] [blame]238 sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented");
239 sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error");
240 }
241
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]242 public static int getTagType(int tag) {
243 return tag & (0xF << 28);
244 }
Alex Klyubind23a1f72015-03-27 14:39:28 -0700[diff] [blame]245
246 public static String getErrorMessage(int errorCode) {
247 String result = sErrorCodeToString.get(errorCode);
248 if (result != null) {
249 return result;
250 }
251 return String.valueOf(errorCode);
252 }
Chad Brubaker45ff13e2015-01-21 14:00:55 -0800[diff] [blame]253}