keymaster_defs.h revision 8412fdc42866b4d5c07370f06c2767a4cad5c23a 
19d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/*
29d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Copyright (C) 2014 The Android Open Source Project
39d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden *
49d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Licensed under the Apache License, Version 2.0 (the "License");
59d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * you may not use this file except in compliance with the License.
69d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * You may obtain a copy of the License at
79d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden *
89d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden *      http://www.apache.org/licenses/LICENSE-2.0
99d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden *
109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Unless required by applicable law or agreed to in writing, software
119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * distributed under the License is distributed on an "AS IS" BASIS,
129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * See the License for the specific language governing permissions and
149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * limitations under the License.
159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#ifndef ANDROID_HARDWARE_KEYMASTER_DEFS_H
189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#define ANDROID_HARDWARE_KEYMASTER_DEFS_H
199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#include <stdint.h>
219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#include <stdlib.h>
229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#include <string.h>
239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
24c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willden#ifndef __cplusplus
25c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willdenextern "C" {
26c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willden#endif  // __cplusplus
279d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
289d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
299d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Authorization tags each have an associated type.  This enumeration facilitates tagging each with
309d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to
319d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * 16 data types.  These values are ORed with tag IDs to generate the final tag ID values.
329d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
349d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */
359d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ENUM = 1 << 28,
369d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */
379d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_INT = 3 << 28,
389d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_INT_REP = 4 << 28, /* Repeatable integer value */
399d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_LONG = 5 << 28,
409d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_DATE = 6 << 28,
419d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_BOOL = 7 << 28,
429d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_BIGNUM = 8 << 28,
439d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_BYTES = 9 << 28,
444719acae0218b38226b6479a400efdcbb3593f21Shawn Willden    KM_LONG_REP = 10 << 28, /* Repeatable long value */
459d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_tag_type_t;
469d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
479d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
489d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_INVALID = KM_INVALID | 0,
499d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
509d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /*
519d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     * Tags that must be semantically enforced by hardware and software implementations.
529d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     */
539d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
549d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* Crypto parameters */
5579d79346843e03e390ccc61787959ab9e59edf0fShawn Willden    KM_TAG_PURPOSE = KM_ENUM_REP | 1,     /* keymaster_purpose_t. */
5679d79346843e03e390ccc61787959ab9e59edf0fShawn Willden    KM_TAG_ALGORITHM = KM_ENUM | 2,       /* keymaster_algorithm_t. */
5779d79346843e03e390ccc61787959ab9e59edf0fShawn Willden    KM_TAG_KEY_SIZE = KM_INT | 3,         /* Key size in bits. */
5879d79346843e03e390ccc61787959ab9e59edf0fShawn Willden    KM_TAG_BLOCK_MODE = KM_ENUM | 4,      /* keymaster_block_mode_t. */
5979d79346843e03e390ccc61787959ab9e59edf0fShawn Willden    KM_TAG_DIGEST = KM_ENUM | 5,          /* keymaster_digest_t. */
60340d0b12c5446f1d8c38209780fb00c205289d37Alex Klyubin    KM_TAG_MAC_LENGTH = KM_INT | 6,       /* MAC or AEAD authentication tag length in bits. */
6179d79346843e03e390ccc61787959ab9e59edf0fShawn Willden    KM_TAG_PADDING = KM_ENUM | 7,         /* keymaster_padding_t. */
6279d79346843e03e390ccc61787959ab9e59edf0fShawn Willden    KM_TAG_RETURN_UNAUTHED = KM_BOOL | 8, /* Allow AEAD decryption to return plaintext before it has
6379d79346843e03e390ccc61787959ab9e59edf0fShawn Willden                                             been authenticated.  WARNING: Not recommended. */
6479d79346843e03e390ccc61787959ab9e59edf0fShawn Willden    KM_TAG_CALLER_NONCE = KM_BOOL | 9,    /* Allow caller to specify nonce or IV. */
659d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
669d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* Other hardware-enforced. */
679d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */
689d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102, /* Tags authorized for removal via rescoping. */
699d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705, /* keymaster_key_blob_usage_requirements_t */
709d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
719d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* Algorithm-specific. */
729d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */
739d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
749d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /*
759d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     * Tags that should be semantically enforced by hardware if possible and will otherwise be
769d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     * enforced by software (keystore).
779d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     */
789d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
799d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* Key validity period */
809d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_ACTIVE_DATETIME = KM_DATE | 400,             /* Start of validity */
819d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401, /* Date when new "messages" should no
829d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden                                                           longer be created. */
839d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402,       /* Date when existing "messages" should no
849d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden                                                           longer be trusted. */
859d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403,      /* Minimum elapsed time between
869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden                                                           cryptographic operations with the key. */
87dc0007bdb41f4ed49bc7a6e30908967cea503bf7Shawn Willden    KM_TAG_MAX_USES_PER_BOOT = KM_INT | 404,            /* Number of times the key can be used per
88dc0007bdb41f4ed49bc7a6e30908967cea503bf7Shawn Willden                                                           boot. */
899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* User authentication */
914719acae0218b38226b6479a400efdcbb3593f21Shawn Willden    KM_TAG_ALL_USERS = KM_BOOL | 500,          /* If key is usable by all users. */
924719acae0218b38226b6479a400efdcbb3593f21Shawn Willden    KM_TAG_USER_ID = KM_INT | 501,             /* ID of authorized user.  Disallowed if
934719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                  KM_TAG_ALL_USERS is present. */
944719acae0218b38226b6479a400efdcbb3593f21Shawn Willden    KM_TAG_USER_SECURE_ID = KM_LONG_REP | 502, /* Secure ID of authorized user or authenticator(s).
954719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                  Disallowed if KM_TAG_ALL_USERS or
964719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                  KM_TAG_NO_AUTH_REQUIRED is present. */
974719acae0218b38226b6479a400efdcbb3593f21Shawn Willden    KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503,   /* If key is usable without authentication. */
984719acae0218b38226b6479a400efdcbb3593f21Shawn Willden    KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504,     /* Bitmask of authenticator types allowed when
994719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                * KM_TAG_USER_SECURE_ID contains a secure user ID,
1004719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                * rather than a secure authenticator ID.  Defined in
1014719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                * hw_authenticator_type_t in hw_auth_token.h. */
1024719acae0218b38226b6479a400efdcbb3593f21Shawn Willden    KM_TAG_AUTH_TIMEOUT = KM_INT | 505,        /* Required freshness of user authentication for
1034719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                  private/secret key operations, in seconds.
1044719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                  Public key operations require no authentication.
1054719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                  If absent, authentication is required for every
1064719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                  use.  Authentication state is lost when the
1074719acae0218b38226b6479a400efdcbb3593f21Shawn Willden                                                  device is powered off. */
1089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
1099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* Application access control */
1109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* If key is usable by all applications. */
1119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_APPLICATION_ID = KM_BYTES | 601,  /* ID of authorized application. Disallowed if
1129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden                                                KM_TAG_ALL_APPLICATIONS is present. */
1139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
1149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /*
1159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     * Semantically unenforceable tags, either because they have no specific meaning or because
1169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     * they're informational only.
1179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     */
1189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_APPLICATION_DATA = KM_BYTES | 700,  /* Data provided by authorized application. */
1199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_CREATION_DATETIME = KM_DATE | 701,  /* Key creation time */
1209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_ORIGIN = KM_ENUM | 702,             /* keymaster_key_origin_t. */
1219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703, /* Whether key is rollback-resistant. */
1229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704,     /* Root of trust ID.  Empty array means usable by all
1239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden                                                  roots. */
1249d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
12567ba9e8144ba65ef6fe55bf8211530f2a55b320cShawn Willden    /* Tags used only to provide data to or receive data from operations */
12667ba9e8144ba65ef6fe55bf8211530f2a55b320cShawn Willden    KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000, /* Used to provide associated data for AEAD modes. */
12741e91e9fa3ac011ade869238f3ce0b3f3ce1e025Shawn Willden    KM_TAG_NONCE = KM_BYTES | 1001,           /* Nonce or Initialization Vector */
12879d79346843e03e390ccc61787959ab9e59edf0fShawn Willden    KM_TAG_CHUNK_LENGTH = KM_INT | 1002,      /* AEAD mode chunk size, in bytes.  0 means no limit,
12979d79346843e03e390ccc61787959ab9e59edf0fShawn Willden                                                 which requires KM_TAG_RETURN_UNAUTHED. */
130c3ab05c3c40311cdae88eed35dc8884ecb5b1fd9Shawn Willden    KM_TAG_AUTH_TOKEN = KM_BYTES | 1003,      /* Authentication token that proves secure user
131c3ab05c3c40311cdae88eed35dc8884ecb5b1fd9Shawn Willden                                                 authentication has been performed.  Structure
132c3ab05c3c40311cdae88eed35dc8884ecb5b1fd9Shawn Willden                                                 defined in hw_auth_token_t in hw_auth_token.h. */
1339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_tag_t;
1349d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
1359d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
1369d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Algorithms that may be provided by keymaster implementations.  Those that must be provided by all
137fd4b4d5a9b692bbeedc310f3bc970d849035f43dShawn Willden * implementations are tagged as "required".
1389d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
1399d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
1409d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* Asymmetric algorithms. */
141e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden    KM_ALGORITHM_RSA = 1,
142e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden    // KM_ALGORITHM_DSA = 2, -- Removed, do not re-use value 2.
143e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden    KM_ALGORITHM_EC = 3,
144e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden
145e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden    /* Block ciphers algorithms */
146e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden    KM_ALGORITHM_AES = 32,
147e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden
1489d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* MAC algorithms */
149e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden    KM_ALGORITHM_HMAC = 128,
1509d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_algorithm_t;
1519d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
1529d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
153c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden * Symmetric block cipher modes provided by keymaster implementations.
1549d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden *
155c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden * KM_MODE_FIRST_UNAUTHENTICATED and KM_MODE_FIRST_AUTHENTICATED are not modes but markers used to
156c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden * separate the available modes into classes.
1579d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
1589d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
1599d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended
1609d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     * except for compatibility with existing other protocols. */
1619d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_MODE_FIRST_UNAUTHENTICATED = 1,
162c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden    KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED,
163c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden    KM_MODE_CBC = 2,
164c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden    KM_MODE_CTR = 4,
165c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden
1669d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* Authenticated modes, usable for encryption/decryption and signing/verification.  Recommended
167c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden     * over unauthenticated modes for all purposes. */
1689d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_MODE_FIRST_AUTHENTICATED = 32,
1699d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED,
1709d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_block_mode_t;
1719d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
1729d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
1739d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Padding modes that may be applied to plaintext for encryption operations.  This list includes
1749d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * padding modes for both symmetric and asymmetric algorithms.  Note that implementations should not
1759d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * provide all possible combinations of algorithm and padding, only the
1769d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * cryptographically-appropriate pairs.
1779d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
1789d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
1798412fdc42866b4d5c07370f06c2767a4cad5c23aShawn Willden    KM_PAD_NONE = 1, /* deprecated */
1808412fdc42866b4d5c07370f06c2767a4cad5c23aShawn Willden    KM_PAD_RSA_OAEP = 2,
1818412fdc42866b4d5c07370f06c2767a4cad5c23aShawn Willden    KM_PAD_RSA_PSS = 3,
1829d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4,
1839d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_PAD_RSA_PKCS1_1_5_SIGN = 5,
1848412fdc42866b4d5c07370f06c2767a4cad5c23aShawn Willden    KM_PAD_PKCS7 = 64,
1859d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_padding_t;
1869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
1879d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
188fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden * Digests provided by keymaster implementations.
1899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
1909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
191fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden    KM_DIGEST_NONE = 0,
192fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden    KM_DIGEST_MD5 = 1, /* Optional, may not be implemented in hardware, will be handled in software
193fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden                        * if needed. */
194fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden    KM_DIGEST_SHA1 = 2,
195fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden    KM_DIGEST_SHA_2_224 = 3,
196fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden    KM_DIGEST_SHA_2_256 = 4,
197fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden    KM_DIGEST_SHA_2_384 = 5,
198fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden    KM_DIGEST_SHA_2_512 = 6,
1999d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_digest_t;
2009d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2019d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
2029d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * The origin of a key (or pair), i.e. where it was generated.  Origin and can be used together to
2039d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * determine whether a key may have existed outside of secure hardware.  This type is new in 0_4.
2049d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
2059d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
2069d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ORIGIN_HARDWARE = 0, /* Generated in secure hardware */
2079d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ORIGIN_SOFTWARE = 1, /* Generated in non-secure software */
2089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */
2099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_origin_t;
2109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
2129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Usability requirements of key blobs.  This defines what system functionality must be available
2139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * for the key to function.  For example, key "blobs" which are actually handles referencing
2149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * encrypted key material stored in the file system cannot be used until the file system is
2159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * available, and should have BLOB_REQUIRES_FILE_SYSTEM.  Other requirements entries will be added
2169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * as needed for implementations.  This type is new in 0_4.
2179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
2189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
2199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_BLOB_STANDALONE = 0,
2209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_BLOB_REQUIRES_FILE_SYSTEM = 1,
2219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_blob_usage_requirements_t;
2229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
2249d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Possible purposes of a key (or pair). This type is new in 0_4.
2259d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
2269d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
2279d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_PURPOSE_ENCRYPT = 0,
2289d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_PURPOSE_DECRYPT = 1,
2299d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_PURPOSE_SIGN = 2,
2309d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_PURPOSE_VERIFY = 3,
2319d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_purpose_t;
2329d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct {
2349d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    const uint8_t* data;
2359d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    size_t data_length;
2369d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_blob_t;
2379d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2389d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct {
2399d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_tag_t tag;
2409d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    union {
2419d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        uint32_t enumerated;   /* KM_ENUM and KM_ENUM_REP */
2429d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        bool boolean;          /* KM_BOOL */
2439d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        uint32_t integer;      /* KM_INT and KM_INT_REP */
2449d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        uint64_t long_integer; /* KM_LONG */
2459d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        uint64_t date_time;    /* KM_DATE */
2469d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        keymaster_blob_t blob; /* KM_BIGNUM and KM_BYTES*/
2479d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    };
2489d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_param_t;
2499d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2509d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct {
2519d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_key_param_t* params; /* may be NULL if length == 0 */
2529d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    size_t length;
2539d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_param_set_t;
2549d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2559d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
2569d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Parameters that define a key's characteristics, including authorized modes of usage and access
2579d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * control restrictions.  The parameters are divided into two categories, those that are enforced by
2589d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * secure hardware, and those that are not.  For a software-only keymaster implementation the
2599d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * enforced array must NULL.  Hardware implementations must enforce everything in the enforced
2609d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * array.
2619d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
2629d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct {
2639d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_key_param_set_t hw_enforced;
2649d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_key_param_set_t sw_enforced;
2659d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_characteristics_t;
2669d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2679d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct {
2689d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    const uint8_t* key_material;
2699d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    size_t key_material_size;
2709d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_blob_t;
2719d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2729d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
2739d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Formats for key import and export.  At present, only asymmetric key import/export is supported.
2749d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * In the future this list will expand greatly to accommodate asymmetric key import/export.
2759d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
2769d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
277f883b988e7fa3b750c5a4b0ed8b53ce999ca3842Chad Brubaker    KM_KEY_FORMAT_X509 = 0,   /* for public key export, required */
278f883b988e7fa3b750c5a4b0ed8b53ce999ca3842Chad Brubaker    KM_KEY_FORMAT_PKCS8 = 1,  /* for asymmetric key pair import, required */
279f883b988e7fa3b750c5a4b0ed8b53ce999ca3842Chad Brubaker    KM_KEY_FORMAT_PKCS12 = 2, /* for asymmetric key pair import, not required */
280f883b988e7fa3b750c5a4b0ed8b53ce999ca3842Chad Brubaker    KM_KEY_FORMAT_RAW = 3,    /* for symmetric key import, required */
2819d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_format_t;
2829d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2839d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/**
2849d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * The keymaster operation API consists of begin, update, finish and abort. This is the type of the
2859d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * handle used to tie the sequence of calls together.  A 64-bit value is used because it's important
2869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * that handles not be predictable.  Implementations must use strong random numbers for handle
2879d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * values.
2889d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */
2899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef uint64_t keymaster_operation_handle_t;
2909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
2919d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum {
2929d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_OK = 0,
2939d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1,
2949d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_PURPOSE = -2,
2959d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INCOMPATIBLE_PURPOSE = -3,
2969d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_ALGORITHM = -4,
2979d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INCOMPATIBLE_ALGORITHM = -5,
2989d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_KEY_SIZE = -6,
2999d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7,
3009d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8,
3016b424bea8074c997745b3758f8fde0ef925e3218Shawn Willden    KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9,
3029d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_PADDING_MODE = -10,
3039d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11,
3049d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_DIGEST = -12,
3059d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INCOMPATIBLE_DIGEST = -13,
3069d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INVALID_EXPIRATION_TIME = -14,
3079d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INVALID_USER_ID = -15,
3089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16,
3099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17,
3109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18,
3119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19,   /* For PKCS8 & PKCS12 */
3129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */
3139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INVALID_INPUT_LENGTH = -21,
3149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22,
3159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_DELEGATION_NOT_ALLOWED = -23,
3169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_KEY_NOT_YET_VALID = -24,
3179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_KEY_EXPIRED = -25,
3189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26,
3199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_OUTPUT_PARAMETER_NULL = -27,
3209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INVALID_OPERATION_HANDLE = -28,
3219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29,
3229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_VERIFICATION_FAILED = -30,
3239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_TOO_MANY_OPERATIONS = -31,
3249d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNEXPECTED_NULL_POINTER = -32,
3259d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INVALID_KEY_BLOB = -33,
3269d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34,
3279d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35,
3289d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36,
3299d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37,
3309d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INVALID_ARGUMENT = -38,
3319d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_TAG = -39,
3329d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INVALID_TAG = -40,
3339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_MEMORY_ALLOCATION_FAILED = -41,
3349d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_INVALID_RESCOPING = -42,
3359d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44,
3369d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_SECURE_HW_ACCESS_DENIED = -45,
3379d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_OPERATION_CANCELLED = -46,
3389d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47,
3399d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_SECURE_HW_BUSY = -48,
3409d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49,
3419d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNSUPPORTED_EC_FIELD = -50,
342ed94111cce5b3b6fff9833f99ea80f4ab7b37c04Shawn Willden    KM_ERROR_MISSING_NONCE = -51,
343ed94111cce5b3b6fff9833f99ea80f4ab7b37c04Shawn Willden    KM_ERROR_INVALID_NONCE = -52,
344ed94111cce5b3b6fff9833f99ea80f4ab7b37c04Shawn Willden    KM_ERROR_UNSUPPORTED_CHUNK_LENGTH = -53,
345ed94111cce5b3b6fff9833f99ea80f4ab7b37c04Shawn Willden    KM_ERROR_RESCOPABLE_KEY_NOT_USABLE = -54,
346ed94111cce5b3b6fff9833f99ea80f4ab7b37c04Shawn Willden
3479d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNIMPLEMENTED = -100,
3489d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_VERSION_MISMATCH = -101,
3499d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3509d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    /* Additional error codes may be added by implementations, but implementers should coordinate
3519d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden     * with Google to avoid code collision. */
3529d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    KM_ERROR_UNKNOWN_ERROR = -1000,
3539d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_error_t;
3549d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3559d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/* Convenience functions for manipulating keymaster tag types */
3569d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3579d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdenstatic inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) {
3589d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    return (keymaster_tag_type_t)(tag & (0xF << 28));
3599d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
3609d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3619d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdenstatic inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) {
3629d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    return tag & 0x0FFFFFFF;
3639d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
3649d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3659d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdenstatic inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) {
3669d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    switch (type) {
3679d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    case KM_INT_REP:
3689d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    case KM_ENUM_REP:
3699d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        return true;
3709d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    default:
3719d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        return false;
3729d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    }
3739d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
3749d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3759d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdenstatic inline bool keymaster_tag_repeatable(keymaster_tag_t tag) {
3769d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    return keymaster_tag_type_repeatable(keymaster_tag_get_type(tag));
3779d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
3789d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3799d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/* Convenience functions for manipulating keymaster_key_param_t structs */
3809d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3819d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_enum(keymaster_tag_t tag, uint32_t value) {
3829d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    // assert(keymaster_tag_get_type(tag) == KM_ENUM || keymaster_tag_get_type(tag) == KM_ENUM_REP);
3839d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_key_param_t param;
3849d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    memset(&param, 0, sizeof(param));
3859d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.tag = tag;
3869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.enumerated = value;
3879d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    return param;
3889d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
3899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_int(keymaster_tag_t tag, uint32_t value) {
3919d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    // assert(keymaster_tag_get_type(tag) == KM_INT || keymaster_tag_get_type(tag) == KM_INT_REP);
3929d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_key_param_t param;
3939d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    memset(&param, 0, sizeof(param));
3949d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.tag = tag;
3959d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.integer = value;
3969d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    return param;
3979d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
3989d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
3999d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_long(keymaster_tag_t tag, uint64_t value) {
4009d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    // assert(keymaster_tag_get_type(tag) == KM_LONG);
4019d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_key_param_t param;
4029d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    memset(&param, 0, sizeof(param));
4039d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.tag = tag;
4049d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.long_integer = value;
4059d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    return param;
4069d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
4079d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
4089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_blob(keymaster_tag_t tag, const uint8_t* bytes,
4099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden                                                  size_t bytes_len) {
4109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    // assert(keymaster_tag_get_type(tag) == KM_BYTES || keymaster_tag_get_type(tag) == KM_BIGNUM);
4119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_key_param_t param;
4129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    memset(&param, 0, sizeof(param));
4139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.tag = tag;
4149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.blob.data = (uint8_t*)bytes;
4159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.blob.data_length = bytes_len;
4169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    return param;
4179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
4189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
4199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_bool(keymaster_tag_t tag) {
4209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    // assert(keymaster_tag_get_type(tag) == KM_BOOL);
4219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_key_param_t param;
4229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    memset(&param, 0, sizeof(param));
4239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.tag = tag;
4249d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.boolean = true;
4259d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    return param;
4269d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
4279d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
4289d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_date(keymaster_tag_t tag, uint64_t value) {
4299d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    // assert(keymaster_tag_get_type(tag) == KM_DATE);
4309d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    keymaster_key_param_t param;
4319d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    memset(&param, 0, sizeof(param));
4329d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.tag = tag;
4339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    param.date_time = value;
4349d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    return param;
4359d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
4369d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
43767411d6f5116c52c1b82330b6cd096974636db36Shawn Willden#define KEYMASTER_SIMPLE_COMPARE(a, b) (a < b) ? -1 : ((a > b) ? 1 : 0)
43867411d6f5116c52c1b82330b6cd096974636db36Shawn Willdeninline int keymaster_param_compare(const keymaster_key_param_t* a, const keymaster_key_param_t* b) {
43967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    int retval = KEYMASTER_SIMPLE_COMPARE(a->tag, b->tag);
44067411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    if (retval != 0)
44167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        return retval;
44267411d6f5116c52c1b82330b6cd096974636db36Shawn Willden
44367411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    switch (keymaster_tag_get_type(a->tag)) {
44467411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_INVALID:
44567411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_BOOL:
44667411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        return 0;
44767411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_ENUM:
44867411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_ENUM_REP:
44967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        return KEYMASTER_SIMPLE_COMPARE(a->enumerated, b->enumerated);
45067411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_INT:
45167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_INT_REP:
45267411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        return KEYMASTER_SIMPLE_COMPARE(a->integer, b->integer);
45367411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_LONG:
4544719acae0218b38226b6479a400efdcbb3593f21Shawn Willden    case KM_LONG_REP:
45567411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        return KEYMASTER_SIMPLE_COMPARE(a->long_integer, b->long_integer);
45667411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_DATE:
45767411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        return KEYMASTER_SIMPLE_COMPARE(a->date_time, b->date_time);
45867411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_BIGNUM:
45967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    case KM_BYTES:
46067411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        // Handle the empty cases.
46167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        if (a->blob.data_length != 0 && b->blob.data_length == 0)
46267411d6f5116c52c1b82330b6cd096974636db36Shawn Willden            return -1;
46367411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        if (a->blob.data_length == 0 && b->blob.data_length == 0)
46467411d6f5116c52c1b82330b6cd096974636db36Shawn Willden            return 0;
46567411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        if (a->blob.data_length == 0 && b->blob.data_length > 0)
46667411d6f5116c52c1b82330b6cd096974636db36Shawn Willden            return 1;
46767411d6f5116c52c1b82330b6cd096974636db36Shawn Willden
46867411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        retval = memcmp(a->blob.data, b->blob.data, a->blob.data_length < b->blob.data_length
46967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden                                                        ? a->blob.data_length
47067411d6f5116c52c1b82330b6cd096974636db36Shawn Willden                                                        : b->blob.data_length);
47167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        if (retval != 0)
47267411d6f5116c52c1b82330b6cd096974636db36Shawn Willden            return retval;
47367411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        else if (a->blob.data_length != b->blob.data_length) {
47467411d6f5116c52c1b82330b6cd096974636db36Shawn Willden            // Equal up to the common length; longer one is larger.
47567411d6f5116c52c1b82330b6cd096974636db36Shawn Willden            if (a->blob.data_length < b->blob.data_length)
47667411d6f5116c52c1b82330b6cd096974636db36Shawn Willden                return -1;
47767411d6f5116c52c1b82330b6cd096974636db36Shawn Willden            if (a->blob.data_length > b->blob.data_length)
47867411d6f5116c52c1b82330b6cd096974636db36Shawn Willden                return 1;
47967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden        };
48067411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    }
48167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden
48267411d6f5116c52c1b82330b6cd096974636db36Shawn Willden    return 0;
48367411d6f5116c52c1b82330b6cd096974636db36Shawn Willden}
48467411d6f5116c52c1b82330b6cd096974636db36Shawn Willden#undef KEYMASTER_SIMPLE_COMPARE
48567411d6f5116c52c1b82330b6cd096974636db36Shawn Willden
4869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline void keymaster_free_param_values(keymaster_key_param_t* param, size_t param_count) {
4879d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    while (param_count-- > 0) {
4889d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        switch (keymaster_tag_get_type(param->tag)) {
4899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        case KM_BIGNUM:
4909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        case KM_BYTES:
4919d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden            free((void*)param->blob.data);
4929d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden            param->blob.data = NULL;
4939d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden            break;
4949d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        default:
4959d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden            // NOP
4969d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden            break;
4979d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        }
4989d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        ++param;
4999d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    }
5009d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
5019d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
5029d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline void keymaster_free_param_set(keymaster_key_param_set_t* set) {
5039d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    if (set) {
5049d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        keymaster_free_param_values(set->params, set->length);
5059d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        free(set->params);
5069d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        set->params = NULL;
5079d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    }
5089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
5099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
5109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline void keymaster_free_characteristics(keymaster_key_characteristics_t* characteristics) {
5119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    if (characteristics) {
5129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        keymaster_free_param_set(&characteristics->hw_enforced);
5139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden        keymaster_free_param_set(&characteristics->sw_enforced);
5149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden    }
5159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden}
5169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
517c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willden#ifndef __cplusplus
518c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willden}  // extern "C"
519c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willden#endif  // __cplusplus
5209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden
5219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#endif  // ANDROID_HARDWARE_KEYMASTER_DEFS_H
522