keymaster_defs.h revision 67411d6f5116c52c1b82330b6cd096974636db36
1/* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#ifndef ANDROID_HARDWARE_KEYMASTER_DEFS_H 18#define ANDROID_HARDWARE_KEYMASTER_DEFS_H 19 20#include <stdint.h> 21#include <stdlib.h> 22#include <string.h> 23 24#if defined(__cplusplus) 25extern "C" { 26#endif // defined(__cplusplus) 27 28/** 29 * Authorization tags each have an associated type. This enumeration facilitates tagging each with 30 * a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to 31 * 16 data types. These values are ORed with tag IDs to generate the final tag ID values. 32 */ 33typedef enum { 34 KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */ 35 KM_ENUM = 1 << 28, 36 KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */ 37 KM_INT = 3 << 28, 38 KM_INT_REP = 4 << 28, /* Repeatable integer value */ 39 KM_LONG = 5 << 28, 40 KM_DATE = 6 << 28, 41 KM_BOOL = 7 << 28, 42 KM_BIGNUM = 8 << 28, 43 KM_BYTES = 9 << 28, 44} keymaster_tag_type_t; 45 46typedef enum { 47 KM_TAG_INVALID = KM_INVALID | 0, 48 49 /* 50 * Tags that must be semantically enforced by hardware and software implementations. 51 */ 52 53 /* Crypto parameters */ 54 KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */ 55 KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */ 56 KM_TAG_KEY_SIZE = KM_INT | 3, /* Key size in bits. */ 57 KM_TAG_BLOCK_MODE = KM_ENUM | 4, /* keymaster_block_mode_t. */ 58 KM_TAG_DIGEST = KM_ENUM | 5, /* keymaster_digest_t. */ 59 KM_TAG_MAC_LENGTH = KM_INT | 6, /* MAC or AEAD authentication tag length in bits. */ 60 KM_TAG_PADDING = KM_ENUM | 7, /* keymaster_padding_t. */ 61 KM_TAG_RETURN_UNAUTHED = KM_BOOL | 8, /* Allow AEAD decryption to return plaintext before it has 62 been authenticated. WARNING: Not recommended. */ 63 KM_TAG_CALLER_NONCE = KM_BOOL | 9, /* Allow caller to specify nonce or IV. */ 64 65 /* Other hardware-enforced. */ 66 KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101, /* Tags authorized for addition via rescoping. */ 67 KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102, /* Tags authorized for removal via rescoping. */ 68 KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705, /* keymaster_key_blob_usage_requirements_t */ 69 70 /* Algorithm-specific. */ 71 KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200, /* Defaults to 2^16+1 */ 72 KM_TAG_DSA_GENERATOR = KM_BIGNUM | 201, 73 KM_TAG_DSA_P = KM_BIGNUM | 202, 74 KM_TAG_DSA_Q = KM_BIGNUM | 203, 75 /* Note there are no EC-specific params. Field size is defined by KM_TAG_KEY_SIZE, and the 76 curve is chosen from NIST recommendations for field size */ 77 78 /* 79 * Tags that should be semantically enforced by hardware if possible and will otherwise be 80 * enforced by software (keystore). 81 */ 82 83 /* Key validity period */ 84 KM_TAG_ACTIVE_DATETIME = KM_DATE | 400, /* Start of validity */ 85 KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401, /* Date when new "messages" should no 86 longer be created. */ 87 KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402, /* Date when existing "messages" should no 88 longer be trusted. */ 89 KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403, /* Minimum elapsed time between 90 cryptographic operations with the key. */ 91 KM_TAG_MAX_USES_PER_BOOT = KM_INT | 404, /* Number of times the key can be used per 92 boot. */ 93 94 /* User authentication */ 95 KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */ 96 KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if 97 KM_TAG_ALL_USERS is present. */ 98 KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 502, /* If key is usable without authentication. */ 99 KM_TAG_USER_AUTH_ID = KM_INT_REP | 503, /* ID of the authenticator to use (e.g. password, 100 fingerprint, etc.). Repeatable to support 101 multi-factor auth. Disallowed if 102 KM_TAG_NO_AUTH_REQUIRED is present. */ 103 KM_TAG_AUTH_TIMEOUT = KM_INT | 504, /* Required freshness of user authentication for 104 private/secret key operations, in seconds. 105 Public key operations require no authentication. 106 If absent, authentication is required for every 107 use. Authentication state is lost when the 108 device is powered off. */ 109 110 /* Application access control */ 111 KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* If key is usable by all applications. */ 112 KM_TAG_APPLICATION_ID = KM_BYTES | 601, /* ID of authorized application. Disallowed if 113 KM_TAG_ALL_APPLICATIONS is present. */ 114 115 /* 116 * Semantically unenforceable tags, either because they have no specific meaning or because 117 * they're informational only. 118 */ 119 KM_TAG_APPLICATION_DATA = KM_BYTES | 700, /* Data provided by authorized application. */ 120 KM_TAG_CREATION_DATETIME = KM_DATE | 701, /* Key creation time */ 121 KM_TAG_ORIGIN = KM_ENUM | 702, /* keymaster_key_origin_t. */ 122 KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703, /* Whether key is rollback-resistant. */ 123 KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704, /* Root of trust ID. Empty array means usable by all 124 roots. */ 125 126 /* Tags used only to provide data to or receive data from operations */ 127 KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000, /* Used to provide associated data for AEAD modes. */ 128 KM_TAG_NONCE = KM_BYTES | 1001, /* Nonce or Initialization Vector */ 129 KM_TAG_CHUNK_LENGTH = KM_INT | 1002, /* AEAD mode chunk size, in bytes. 0 means no limit, 130 which requires KM_TAG_RETURN_UNAUTHED. */ 131} keymaster_tag_t; 132 133/** 134 * Algorithms that may be provided by keymaster implementations. Those that must be provided by all 135 * implementations are tagged as "required". 136 */ 137typedef enum { 138 /* Asymmetric algorithms. */ 139 KM_ALGORITHM_RSA = 1, /* required */ 140 KM_ALGORITHM_DSA = 2, 141 KM_ALGORITHM_ECDSA = 3, /* required */ 142 KM_ALGORITHM_ECIES = 4, 143 /* FIPS Approved Ciphers */ 144 KM_ALGORITHM_AES = 32, /* required */ 145 KM_ALGORITHM_3DES = 33, 146 KM_ALGORITHM_SKIPJACK = 34, 147 /* AES Finalists */ 148 KM_ALGORITHM_MARS = 48, 149 KM_ALGORITHM_RC6 = 49, 150 KM_ALGORITHM_SERPENT = 50, 151 KM_ALGORITHM_TWOFISH = 51, 152 /* Other common block ciphers */ 153 KM_ALGORITHM_IDEA = 52, 154 KM_ALGORITHM_RC5 = 53, 155 KM_ALGORITHM_CAST5 = 54, 156 KM_ALGORITHM_BLOWFISH = 55, 157 /* Common stream ciphers */ 158 KM_ALGORITHM_RC4 = 64, 159 KM_ALGORITHM_CHACHA20 = 65, 160 /* MAC algorithms */ 161 KM_ALGORITHM_HMAC = 128, /* required */ 162} keymaster_algorithm_t; 163 164/** 165 * Symmetric block cipher modes that may be provided by keymaster implementations. Those that must 166 * be provided by all implementations are tagged as "required". This type is new in 0_4. 167 * 168 * KM_MODE_FIRST_UNAUTHENTICATED, KM_MODE_FIRST_AUTHENTICATED and KM_MODE_FIRST_MAC are not modes, 169 * but markers used to separate the available modes into classes. 170 */ 171typedef enum { 172 /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended 173 * except for compatibility with existing other protocols. */ 174 KM_MODE_FIRST_UNAUTHENTICATED = 1, 175 KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, /* required */ 176 KM_MODE_CBC = 2, /* required */ 177 KM_MODE_CBC_CTS = 3, /* recommended */ 178 KM_MODE_CTR = 4, /* recommended */ 179 KM_MODE_OFB = 5, 180 KM_MODE_CFB = 6, 181 KM_MODE_XTS = 7, /* Note: requires double-length keys */ 182 /* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended 183 * over unauthenticated modes for all purposes. One of KM_MODE_GCM and KM_MODE_OCB is 184 * required. */ 185 KM_MODE_FIRST_AUTHENTICATED = 32, 186 KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED, 187 KM_MODE_OCB = 33, 188 KM_MODE_CCM = 34, 189 /* MAC modes -- only for signing/verification */ 190 KM_MODE_FIRST_MAC = 128, 191 KM_MODE_CMAC = KM_MODE_FIRST_MAC, 192 KM_MODE_POLY1305 = 129, 193} keymaster_block_mode_t; 194 195/** 196 * Padding modes that may be applied to plaintext for encryption operations. This list includes 197 * padding modes for both symmetric and asymmetric algorithms. Note that implementations should not 198 * provide all possible combinations of algorithm and padding, only the 199 * cryptographically-appropriate pairs. 200 */ 201typedef enum { 202 KM_PAD_NONE = 1, /* required, deprecated */ 203 KM_PAD_RSA_OAEP = 2, /* required */ 204 KM_PAD_RSA_PSS = 3, /* required */ 205 KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4, 206 KM_PAD_RSA_PKCS1_1_5_SIGN = 5, 207 KM_PAD_ANSI_X923 = 32, 208 KM_PAD_ISO_10126 = 33, 209 KM_PAD_ZERO = 64, /* required */ 210 KM_PAD_PKCS7 = 65, /* required */ 211 KM_PAD_ISO_7816_4 = 66, 212} keymaster_padding_t; 213 214/** 215 * Digests that may be provided by keymaster implementations. Those that must be provided by all 216 * implementations are tagged as "required". Those that have been added since version 0_2 of the 217 * API are tagged as "new". 218 */ 219typedef enum { 220 KM_DIGEST_NONE = 0, /* new, required */ 221 KM_DIGEST_MD5 = 1, /* new, for compatibility with old protocols only */ 222 KM_DIGEST_SHA1 = 2, /* new */ 223 KM_DIGEST_SHA_2_224 = 3, /* new */ 224 KM_DIGEST_SHA_2_256 = 4, /* new, required */ 225 KM_DIGEST_SHA_2_384 = 5, /* new, recommended */ 226 KM_DIGEST_SHA_2_512 = 6, /* new, recommended */ 227 KM_DIGEST_SHA_3_256 = 7, /* new */ 228 KM_DIGEST_SHA_3_384 = 8, /* new */ 229 KM_DIGEST_SHA_3_512 = 9, /* new */ 230} keymaster_digest_t; 231 232/** 233 * The origin of a key (or pair), i.e. where it was generated. Origin and can be used together to 234 * determine whether a key may have existed outside of secure hardware. This type is new in 0_4. 235 */ 236typedef enum { 237 KM_ORIGIN_HARDWARE = 0, /* Generated in secure hardware */ 238 KM_ORIGIN_SOFTWARE = 1, /* Generated in non-secure software */ 239 KM_ORIGIN_IMPORTED = 2, /* Imported, origin unknown */ 240} keymaster_key_origin_t; 241 242/** 243 * Usability requirements of key blobs. This defines what system functionality must be available 244 * for the key to function. For example, key "blobs" which are actually handles referencing 245 * encrypted key material stored in the file system cannot be used until the file system is 246 * available, and should have BLOB_REQUIRES_FILE_SYSTEM. Other requirements entries will be added 247 * as needed for implementations. This type is new in 0_4. 248 */ 249typedef enum { 250 KM_BLOB_STANDALONE = 0, 251 KM_BLOB_REQUIRES_FILE_SYSTEM = 1, 252} keymaster_key_blob_usage_requirements_t; 253 254/** 255 * Possible purposes of a key (or pair). This type is new in 0_4. 256 */ 257typedef enum { 258 KM_PURPOSE_ENCRYPT = 0, 259 KM_PURPOSE_DECRYPT = 1, 260 KM_PURPOSE_SIGN = 2, 261 KM_PURPOSE_VERIFY = 3, 262} keymaster_purpose_t; 263 264typedef struct { 265 const uint8_t* data; 266 size_t data_length; 267} keymaster_blob_t; 268 269typedef struct { 270 keymaster_tag_t tag; 271 union { 272 uint32_t enumerated; /* KM_ENUM and KM_ENUM_REP */ 273 bool boolean; /* KM_BOOL */ 274 uint32_t integer; /* KM_INT and KM_INT_REP */ 275 uint64_t long_integer; /* KM_LONG */ 276 uint64_t date_time; /* KM_DATE */ 277 keymaster_blob_t blob; /* KM_BIGNUM and KM_BYTES*/ 278 }; 279} keymaster_key_param_t; 280 281typedef struct { 282 keymaster_key_param_t* params; /* may be NULL if length == 0 */ 283 size_t length; 284} keymaster_key_param_set_t; 285 286/** 287 * Parameters that define a key's characteristics, including authorized modes of usage and access 288 * control restrictions. The parameters are divided into two categories, those that are enforced by 289 * secure hardware, and those that are not. For a software-only keymaster implementation the 290 * enforced array must NULL. Hardware implementations must enforce everything in the enforced 291 * array. 292 */ 293typedef struct { 294 keymaster_key_param_set_t hw_enforced; 295 keymaster_key_param_set_t sw_enforced; 296} keymaster_key_characteristics_t; 297 298typedef struct { 299 const uint8_t* key_material; 300 size_t key_material_size; 301} keymaster_key_blob_t; 302 303/** 304 * Formats for key import and export. At present, only asymmetric key import/export is supported. 305 * In the future this list will expand greatly to accommodate asymmetric key import/export. 306 */ 307typedef enum { 308 KM_KEY_FORMAT_X509 = 0, /* for public key export, required */ 309 KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import, required */ 310 KM_KEY_FORMAT_PKCS12 = 2, /* for asymmetric key pair import, not required */ 311 KM_KEY_FORMAT_RAW = 3, /* for symmetric key import, required */ 312} keymaster_key_format_t; 313 314/** 315 * The keymaster operation API consists of begin, update, finish and abort. This is the type of the 316 * handle used to tie the sequence of calls together. A 64-bit value is used because it's important 317 * that handles not be predictable. Implementations must use strong random numbers for handle 318 * values. 319 */ 320typedef uint64_t keymaster_operation_handle_t; 321 322typedef enum { 323 KM_ERROR_OK = 0, 324 KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1, 325 KM_ERROR_UNSUPPORTED_PURPOSE = -2, 326 KM_ERROR_INCOMPATIBLE_PURPOSE = -3, 327 KM_ERROR_UNSUPPORTED_ALGORITHM = -4, 328 KM_ERROR_INCOMPATIBLE_ALGORITHM = -5, 329 KM_ERROR_UNSUPPORTED_KEY_SIZE = -6, 330 KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7, 331 KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8, 332 KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9, 333 KM_ERROR_UNSUPPORTED_PADDING_MODE = -10, 334 KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11, 335 KM_ERROR_UNSUPPORTED_DIGEST = -12, 336 KM_ERROR_INCOMPATIBLE_DIGEST = -13, 337 KM_ERROR_INVALID_EXPIRATION_TIME = -14, 338 KM_ERROR_INVALID_USER_ID = -15, 339 KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16, 340 KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17, 341 KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18, 342 KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19, /* For PKCS8 & PKCS12 */ 343 KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */ 344 KM_ERROR_INVALID_INPUT_LENGTH = -21, 345 KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22, 346 KM_ERROR_DELEGATION_NOT_ALLOWED = -23, 347 KM_ERROR_KEY_NOT_YET_VALID = -24, 348 KM_ERROR_KEY_EXPIRED = -25, 349 KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26, 350 KM_ERROR_OUTPUT_PARAMETER_NULL = -27, 351 KM_ERROR_INVALID_OPERATION_HANDLE = -28, 352 KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29, 353 KM_ERROR_VERIFICATION_FAILED = -30, 354 KM_ERROR_TOO_MANY_OPERATIONS = -31, 355 KM_ERROR_UNEXPECTED_NULL_POINTER = -32, 356 KM_ERROR_INVALID_KEY_BLOB = -33, 357 KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34, 358 KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35, 359 KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36, 360 KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37, 361 KM_ERROR_INVALID_ARGUMENT = -38, 362 KM_ERROR_UNSUPPORTED_TAG = -39, 363 KM_ERROR_INVALID_TAG = -40, 364 KM_ERROR_MEMORY_ALLOCATION_FAILED = -41, 365 KM_ERROR_INVALID_RESCOPING = -42, 366 KM_ERROR_INVALID_DSA_PARAMS = -43, 367 KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44, 368 KM_ERROR_SECURE_HW_ACCESS_DENIED = -45, 369 KM_ERROR_OPERATION_CANCELLED = -46, 370 KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47, 371 KM_ERROR_SECURE_HW_BUSY = -48, 372 KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49, 373 KM_ERROR_UNSUPPORTED_EC_FIELD = -50, 374 KM_ERROR_UNIMPLEMENTED = -100, 375 KM_ERROR_VERSION_MISMATCH = -101, 376 377 /* Additional error codes may be added by implementations, but implementers should coordinate 378 * with Google to avoid code collision. */ 379 KM_ERROR_UNKNOWN_ERROR = -1000, 380} keymaster_error_t; 381 382/* Convenience functions for manipulating keymaster tag types */ 383 384static inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) { 385 return (keymaster_tag_type_t)(tag & (0xF << 28)); 386} 387 388static inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) { 389 return tag & 0x0FFFFFFF; 390} 391 392static inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) { 393 switch (type) { 394 case KM_INT_REP: 395 case KM_ENUM_REP: 396 return true; 397 default: 398 return false; 399 } 400} 401 402static inline bool keymaster_tag_repeatable(keymaster_tag_t tag) { 403 return keymaster_tag_type_repeatable(keymaster_tag_get_type(tag)); 404} 405 406/* Convenience functions for manipulating keymaster_key_param_t structs */ 407 408inline keymaster_key_param_t keymaster_param_enum(keymaster_tag_t tag, uint32_t value) { 409 // assert(keymaster_tag_get_type(tag) == KM_ENUM || keymaster_tag_get_type(tag) == KM_ENUM_REP); 410 keymaster_key_param_t param; 411 memset(¶m, 0, sizeof(param)); 412 param.tag = tag; 413 param.enumerated = value; 414 return param; 415} 416 417inline keymaster_key_param_t keymaster_param_int(keymaster_tag_t tag, uint32_t value) { 418 // assert(keymaster_tag_get_type(tag) == KM_INT || keymaster_tag_get_type(tag) == KM_INT_REP); 419 keymaster_key_param_t param; 420 memset(¶m, 0, sizeof(param)); 421 param.tag = tag; 422 param.integer = value; 423 return param; 424} 425 426inline keymaster_key_param_t keymaster_param_long(keymaster_tag_t tag, uint64_t value) { 427 // assert(keymaster_tag_get_type(tag) == KM_LONG); 428 keymaster_key_param_t param; 429 memset(¶m, 0, sizeof(param)); 430 param.tag = tag; 431 param.long_integer = value; 432 return param; 433} 434 435inline keymaster_key_param_t keymaster_param_blob(keymaster_tag_t tag, const uint8_t* bytes, 436 size_t bytes_len) { 437 // assert(keymaster_tag_get_type(tag) == KM_BYTES || keymaster_tag_get_type(tag) == KM_BIGNUM); 438 keymaster_key_param_t param; 439 memset(¶m, 0, sizeof(param)); 440 param.tag = tag; 441 param.blob.data = (uint8_t*)bytes; 442 param.blob.data_length = bytes_len; 443 return param; 444} 445 446inline keymaster_key_param_t keymaster_param_bool(keymaster_tag_t tag) { 447 // assert(keymaster_tag_get_type(tag) == KM_BOOL); 448 keymaster_key_param_t param; 449 memset(¶m, 0, sizeof(param)); 450 param.tag = tag; 451 param.boolean = true; 452 return param; 453} 454 455inline keymaster_key_param_t keymaster_param_date(keymaster_tag_t tag, uint64_t value) { 456 // assert(keymaster_tag_get_type(tag) == KM_DATE); 457 keymaster_key_param_t param; 458 memset(¶m, 0, sizeof(param)); 459 param.tag = tag; 460 param.date_time = value; 461 return param; 462} 463 464#define KEYMASTER_SIMPLE_COMPARE(a, b) (a < b) ? -1 : ((a > b) ? 1 : 0) 465inline int keymaster_param_compare(const keymaster_key_param_t* a, const keymaster_key_param_t* b) { 466 int retval = KEYMASTER_SIMPLE_COMPARE(a->tag, b->tag); 467 if (retval != 0) 468 return retval; 469 470 switch (keymaster_tag_get_type(a->tag)) { 471 case KM_INVALID: 472 case KM_BOOL: 473 return 0; 474 case KM_ENUM: 475 case KM_ENUM_REP: 476 return KEYMASTER_SIMPLE_COMPARE(a->enumerated, b->enumerated); 477 case KM_INT: 478 case KM_INT_REP: 479 return KEYMASTER_SIMPLE_COMPARE(a->integer, b->integer); 480 case KM_LONG: 481 return KEYMASTER_SIMPLE_COMPARE(a->long_integer, b->long_integer); 482 case KM_DATE: 483 return KEYMASTER_SIMPLE_COMPARE(a->date_time, b->date_time); 484 case KM_BIGNUM: 485 case KM_BYTES: 486 // Handle the empty cases. 487 if (a->blob.data_length != 0 && b->blob.data_length == 0) 488 return -1; 489 if (a->blob.data_length == 0 && b->blob.data_length == 0) 490 return 0; 491 if (a->blob.data_length == 0 && b->blob.data_length > 0) 492 return 1; 493 494 retval = memcmp(a->blob.data, b->blob.data, a->blob.data_length < b->blob.data_length 495 ? a->blob.data_length 496 : b->blob.data_length); 497 if (retval != 0) 498 return retval; 499 else if (a->blob.data_length != b->blob.data_length) { 500 // Equal up to the common length; longer one is larger. 501 if (a->blob.data_length < b->blob.data_length) 502 return -1; 503 if (a->blob.data_length > b->blob.data_length) 504 return 1; 505 }; 506 } 507 508 return 0; 509} 510#undef KEYMASTER_SIMPLE_COMPARE 511 512inline void keymaster_free_param_values(keymaster_key_param_t* param, size_t param_count) { 513 while (param_count-- > 0) { 514 switch (keymaster_tag_get_type(param->tag)) { 515 case KM_BIGNUM: 516 case KM_BYTES: 517 free((void*)param->blob.data); 518 param->blob.data = NULL; 519 break; 520 default: 521 // NOP 522 break; 523 } 524 ++param; 525 } 526} 527 528inline void keymaster_free_param_set(keymaster_key_param_set_t* set) { 529 if (set) { 530 keymaster_free_param_values(set->params, set->length); 531 free(set->params); 532 set->params = NULL; 533 } 534} 535 536inline void keymaster_free_characteristics(keymaster_key_characteristics_t* characteristics) { 537 if (characteristics) { 538 keymaster_free_param_set(&characteristics->hw_enforced); 539 keymaster_free_param_set(&characteristics->sw_enforced); 540 } 541} 542 543#if defined(__cplusplus) 544} // extern "C" 545#endif // defined(__cplusplus) 546 547#endif // ANDROID_HARDWARE_KEYMASTER_DEFS_H 548