19d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/* 29d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Copyright (C) 2014 The Android Open Source Project 39d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * 49d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 59d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * you may not use this file except in compliance with the License. 69d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * You may obtain a copy of the License at 79d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * 89d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * http://www.apache.org/licenses/LICENSE-2.0 99d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * 109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Unless required by applicable law or agreed to in writing, software 119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * See the License for the specific language governing permissions and 149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * limitations under the License. 159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#ifndef ANDROID_HARDWARE_KEYMASTER_DEFS_H 189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#define ANDROID_HARDWARE_KEYMASTER_DEFS_H 199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#include <stdint.h> 219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#include <stdlib.h> 229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#include <string.h> 239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 247eaa15ffa65239e8f4f23d21ff1a6ed66ed9a13fShawn Willden#ifdef __cplusplus 25c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willdenextern "C" { 26c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willden#endif // __cplusplus 279d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 289d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 299d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Authorization tags each have an associated type. This enumeration facilitates tagging each with 309d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to 319d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * 16 data types. These values are ORed with tag IDs to generate the final tag ID values. 329d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 349d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */ 359d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ENUM = 1 << 28, 369d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */ 37fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_UINT = 3 << 28, 38fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_UINT_REP = 4 << 28, /* Repeatable integer value */ 39fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_ULONG = 5 << 28, 409d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_DATE = 6 << 28, 419d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_BOOL = 7 << 28, 429d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_BIGNUM = 8 << 28, 439d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_BYTES = 9 << 28, 44fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_ULONG_REP = 10 << 28, /* Repeatable long value */ 459d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_tag_type_t; 469d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 479d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 489d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_TAG_INVALID = KM_INVALID | 0, 499d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 509d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* 519d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Tags that must be semantically enforced by hardware and software implementations. 529d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 539d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 549d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* Crypto parameters */ 55cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */ 56cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */ 57cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_KEY_SIZE = KM_UINT | 3, /* Key size in bits. */ 58cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4, /* keymaster_block_mode_t. */ 59cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_DIGEST = KM_ENUM_REP | 5, /* keymaster_digest_t. */ 60cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_PADDING = KM_ENUM_REP | 6, /* keymaster_padding_t. */ 61cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_CALLER_NONCE = KM_BOOL | 7, /* Allow caller to specify nonce or IV. */ 62cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_MIN_MAC_LENGTH = KM_UINT | 8, /* Minimum length of MAC or AEAD authentication tag in 63cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * bits. */ 64cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_KDF = KM_ENUM_REP | 9, /* keymaster_kdf_t (keymaster2) */ 65cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_EC_CURVE = KM_ENUM | 10, /* keymaster_ec_curve_t (keymaster2) */ 669d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 679d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* Algorithm-specific. */ 68fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_RSA_PUBLIC_EXPONENT = KM_ULONG | 200, 6940d59c8155ba3e47126993d96031ea088e45b22dThai Duong KM_TAG_ECIES_SINGLE_HASH_MODE = KM_BOOL | 201, /* Whether the ephemeral public key is fed into 70cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * the KDF */ 71cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_INCLUDE_UNIQUE_ID = KM_BOOL | 202, /* If true, attestation certificates for this key 72cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * will contain an application-scoped and 73cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * time-bounded device-unique ID. (keymaster2) */ 749d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 75fb769fc3125d2939683f2f5bff2cf25816e5838cShawn Willden /* Other hardware-enforced. */ 76fb769fc3125d2939683f2f5bff2cf25816e5838cShawn Willden KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 301, /* keymaster_key_blob_usage_requirements_t */ 77fb769fc3125d2939683f2f5bff2cf25816e5838cShawn Willden KM_TAG_BOOTLOADER_ONLY = KM_BOOL | 302, /* Usable only by bootloader */ 78fb769fc3125d2939683f2f5bff2cf25816e5838cShawn Willden 799d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* 809d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Tags that should be semantically enforced by hardware if possible and will otherwise be 819d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * enforced by software (keystore). 829d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 839d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 849d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* Key validity period */ 859d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_TAG_ACTIVE_DATETIME = KM_DATE | 400, /* Start of validity */ 869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401, /* Date when new "messages" should no 879d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden longer be created. */ 889d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402, /* Date when existing "messages" should no 899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden longer be trusted. */ 90fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_UINT | 403, /* Minimum elapsed time between 919d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden cryptographic operations with the key. */ 92fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_MAX_USES_PER_BOOT = KM_UINT | 404, /* Number of times the key can be used per 93dc0007bdb41f4ed49bc7a6e30908967cea503bf7Shawn Willden boot. */ 949d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 959d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* User authentication */ 96fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_ALL_USERS = KM_BOOL | 500, /* Reserved for future use -- ignore */ 97fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_USER_ID = KM_UINT | 501, /* Reserved for future use -- ignore */ 98fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_USER_SECURE_ID = KM_ULONG_REP | 502, /* Secure ID of authorized user or authenticator(s). 99fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden Disallowed if KM_TAG_ALL_USERS or 100fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_NO_AUTH_REQUIRED is present. */ 101fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503, /* If key is usable without authentication. */ 102fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504, /* Bitmask of authenticator types allowed when 103fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden * KM_TAG_USER_SECURE_ID contains a secure user ID, 104fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden * rather than a secure authenticator ID. Defined in 105fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden * hw_authenticator_type_t in hw_auth_token.h. */ 106fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden KM_TAG_AUTH_TIMEOUT = KM_UINT | 505, /* Required freshness of user authentication for 107fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden private/secret key operations, in seconds. 108fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden Public key operations require no authentication. 109fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden If absent, authentication is required for every 110fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden use. Authentication state is lost when the 111fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden device is powered off. */ 11271ca0109becc23c7cfe49c57cbcb56e142667771Shawn Willden KM_TAG_ALLOW_WHILE_ON_BODY = KM_BOOL | 506, /* Allow key to be used after authentication timeout 11371ca0109becc23c7cfe49c57cbcb56e142667771Shawn Willden * if device is still on-body (requires secure 11471ca0109becc23c7cfe49c57cbcb56e142667771Shawn Willden * on-body sensor. */ 1159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 1169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* Application access control */ 117cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* Specified to indicate key is usable by all 118cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * applications. */ 119cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_APPLICATION_ID = KM_BYTES | 601, /* Byte string identifying the authorized 120cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * application. */ 121cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_EXPORTABLE = KM_BOOL | 602, /* If true, private/secret key can be exported, but 122cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * only if all access control requirements for use are 123cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * met. (keymaster2) */ 1249d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 1259d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* 1269d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Semantically unenforceable tags, either because they have no specific meaning or because 1279d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * they're informational only. 1289d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 1297fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_TAG_APPLICATION_DATA = KM_BYTES | 700, /* Data provided by authorized application. */ 1307fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_TAG_CREATION_DATETIME = KM_DATE | 701, /* Key creation time */ 1317fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_TAG_ORIGIN = KM_ENUM | 702, /* keymaster_key_origin_t. */ 1327fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703, /* Whether key is rollback-resistant. */ 1337fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704, /* Root of trust ID. */ 1347fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_TAG_OS_VERSION = KM_UINT | 705, /* Version of system (keymaster2) */ 1357fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_TAG_OS_PATCHLEVEL = KM_UINT | 706, /* Patch level of system (keymaster2) */ 1367fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_TAG_UNIQUE_ID = KM_BYTES | 707, /* Used to provide unique ID in attestation */ 1377fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_TAG_ATTESTATION_CHALLENGE = KM_BYTES | 708, /* Used to provide challenge in attestation */ 138b62995e42e434d328a5f41dd3844e06df24323a9Janis Danisevskis KM_TAG_ATTESTATION_APPLICATION_ID = KM_BYTES | 709, /* Used to identify the set of possible 139b62995e42e434d328a5f41dd3844e06df24323a9Janis Danisevskis * applications of which one has initiated 140b62995e42e434d328a5f41dd3844e06df24323a9Janis Danisevskis * a key attestation */ 1419d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski KM_TAG_ATTESTATION_ID_BRAND = KM_BYTES | 710, /* Used to provide the device's brand name to be 1429d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski included in attestation */ 1439d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski KM_TAG_ATTESTATION_ID_DEVICE = KM_BYTES | 711, /* Used to provide the device's device name to be 1449d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski included in attestation */ 1459d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski KM_TAG_ATTESTATION_ID_PRODUCT = KM_BYTES | 712, /* Used to provide the device's product name to 1469d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski be included in attestation */ 1479d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski KM_TAG_ATTESTATION_ID_SERIAL = KM_BYTES | 713, /* Used to provide the device's serial number to 1489d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski be included in attestation */ 1499d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski KM_TAG_ATTESTATION_ID_IMEI = KM_BYTES | 714, /* Used to provide the device's IMEI to be 1509d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski included in attestation */ 1519d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski KM_TAG_ATTESTATION_ID_MEID = KM_BYTES | 715, /* Used to provide the device's MEID to be 1529d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski included in attestation */ 15381b7b5f68ce27b146933e93dc601e9e6de27473aBartosz Fabianowski KM_TAG_ATTESTATION_ID_MANUFACTURER = KM_BYTES | 716, /* Used to provide the device's 15481b7b5f68ce27b146933e93dc601e9e6de27473aBartosz Fabianowski manufacturer name to be included in 15581b7b5f68ce27b146933e93dc601e9e6de27473aBartosz Fabianowski attestation */ 15681b7b5f68ce27b146933e93dc601e9e6de27473aBartosz Fabianowski KM_TAG_ATTESTATION_ID_MODEL = KM_BYTES | 717, /* Used to provide the device's model name to be 15781b7b5f68ce27b146933e93dc601e9e6de27473aBartosz Fabianowski included in attestation */ 1589d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 15967ba9e8144ba65ef6fe55bf8211530f2a55b320cShawn Willden /* Tags used only to provide data to or receive data from operations */ 16067ba9e8144ba65ef6fe55bf8211530f2a55b320cShawn Willden KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000, /* Used to provide associated data for AEAD modes. */ 16141e91e9fa3ac011ade869238f3ce0b3f3ce1e025Shawn Willden KM_TAG_NONCE = KM_BYTES | 1001, /* Nonce or Initialization Vector */ 162da89dde9787dfbd8c053119ab52d9e671106b18eShawn Willden KM_TAG_AUTH_TOKEN = KM_BYTES | 1002, /* Authentication token that proves secure user 163c3ab05c3c40311cdae88eed35dc8884ecb5b1fd9Shawn Willden authentication has been performed. Structure 164c3ab05c3c40311cdae88eed35dc8884ecb5b1fd9Shawn Willden defined in hw_auth_token_t in hw_auth_token.h. */ 165cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_MAC_LENGTH = KM_UINT | 1003, /* MAC or AEAD authentication tag length in 166cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * bits. */ 167cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden 168cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_TAG_RESET_SINCE_ID_ROTATION = KM_BOOL | 1004, /* Whether the device has beeen factory reset 169cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden since the last unique ID rotation. Used for 170cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden key attestation. */ 1719d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_tag_t; 1729d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 1739d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 1749d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Algorithms that may be provided by keymaster implementations. Those that must be provided by all 175fd4b4d5a9b692bbeedc310f3bc970d849035f43dShawn Willden * implementations are tagged as "required". 1769d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 1779d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 1789d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* Asymmetric algorithms. */ 179e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden KM_ALGORITHM_RSA = 1, 180e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden // KM_ALGORITHM_DSA = 2, -- Removed, do not re-use value 2. 181e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden KM_ALGORITHM_EC = 3, 182e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden 183e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden /* Block ciphers algorithms */ 184e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden KM_ALGORITHM_AES = 32, 185e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden 1869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* MAC algorithms */ 187e9797a740c913cff9152f89d04fd6fb360dda048Shawn Willden KM_ALGORITHM_HMAC = 128, 1889d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_algorithm_t; 1899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 1909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 191c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden * Symmetric block cipher modes provided by keymaster implementations. 1929d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 1939d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 1949d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended 1959d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * except for compatibility with existing other protocols. */ 1964c19a3af3535eb3442ff7cc4235420baf16322b7Shawn Willden KM_MODE_ECB = 1, 197c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden KM_MODE_CBC = 2, 1984c19a3af3535eb3442ff7cc4235420baf16322b7Shawn Willden KM_MODE_CTR = 3, 199c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden 2009d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden /* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended 201c7deedad047c6e5833daeaa2a73f25b77ba0b9ebShawn Willden * over unauthenticated modes for all purposes. */ 2024c19a3af3535eb3442ff7cc4235420baf16322b7Shawn Willden KM_MODE_GCM = 32, 2039d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_block_mode_t; 2049d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 2059d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 2069d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Padding modes that may be applied to plaintext for encryption operations. This list includes 2079d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * padding modes for both symmetric and asymmetric algorithms. Note that implementations should not 2089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * provide all possible combinations of algorithm and padding, only the 2099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * cryptographically-appropriate pairs. 2109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 2119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 2128412fdc42866b4d5c07370f06c2767a4cad5c23aShawn Willden KM_PAD_NONE = 1, /* deprecated */ 2138412fdc42866b4d5c07370f06c2767a4cad5c23aShawn Willden KM_PAD_RSA_OAEP = 2, 2148412fdc42866b4d5c07370f06c2767a4cad5c23aShawn Willden KM_PAD_RSA_PSS = 3, 2159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4, 2169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_PAD_RSA_PKCS1_1_5_SIGN = 5, 2178412fdc42866b4d5c07370f06c2767a4cad5c23aShawn Willden KM_PAD_PKCS7 = 64, 2189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_padding_t; 2199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 2209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 221fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden * Digests provided by keymaster implementations. 2229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 2239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 224fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden KM_DIGEST_NONE = 0, 225fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden KM_DIGEST_MD5 = 1, /* Optional, may not be implemented in hardware, will be handled in software 226fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden * if needed. */ 227fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden KM_DIGEST_SHA1 = 2, 228fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden KM_DIGEST_SHA_2_224 = 3, 229fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden KM_DIGEST_SHA_2_256 = 4, 230fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden KM_DIGEST_SHA_2_384 = 5, 231fe6c4f0633aa88c1cb84a46362cc74de1c4ddd1eShawn Willden KM_DIGEST_SHA_2_512 = 6, 2329d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_digest_t; 2339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 23440d59c8155ba3e47126993d96031ea088e45b22dThai Duong/* 23540d59c8155ba3e47126993d96031ea088e45b22dThai Duong * Key derivation functions, mostly used in ECIES. 23640d59c8155ba3e47126993d96031ea088e45b22dThai Duong */ 23740d59c8155ba3e47126993d96031ea088e45b22dThai Duongtypedef enum { 238cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden /* Do not apply a key derivation function; use the raw agreed key */ 239cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_KDF_NONE = 0, 24040d59c8155ba3e47126993d96031ea088e45b22dThai Duong /* HKDF defined in RFC 5869 with SHA256 */ 241cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_KDF_RFC5869_SHA256 = 1, 24240d59c8155ba3e47126993d96031ea088e45b22dThai Duong /* KDF1 defined in ISO 18033-2 with SHA1 */ 243cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_KDF_ISO18033_2_KDF1_SHA1 = 2, 24440d59c8155ba3e47126993d96031ea088e45b22dThai Duong /* KDF1 defined in ISO 18033-2 with SHA256 */ 245cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_KDF_ISO18033_2_KDF1_SHA256 = 3, 24640d59c8155ba3e47126993d96031ea088e45b22dThai Duong /* KDF2 defined in ISO 18033-2 with SHA1 */ 247cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_KDF_ISO18033_2_KDF2_SHA1 = 4, 24840d59c8155ba3e47126993d96031ea088e45b22dThai Duong /* KDF2 defined in ISO 18033-2 with SHA256 */ 249cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_KDF_ISO18033_2_KDF2_SHA256 = 5, 25040d59c8155ba3e47126993d96031ea088e45b22dThai Duong} keymaster_kdf_t; 25140d59c8155ba3e47126993d96031ea088e45b22dThai Duong 25240d59c8155ba3e47126993d96031ea088e45b22dThai Duong/** 25340d59c8155ba3e47126993d96031ea088e45b22dThai Duong * Supported EC curves, used in ECDSA/ECIES. 25440d59c8155ba3e47126993d96031ea088e45b22dThai Duong */ 25540d59c8155ba3e47126993d96031ea088e45b22dThai Duongtypedef enum { 25640d59c8155ba3e47126993d96031ea088e45b22dThai Duong KM_EC_CURVE_P_224 = 0, 25740d59c8155ba3e47126993d96031ea088e45b22dThai Duong KM_EC_CURVE_P_256 = 1, 25840d59c8155ba3e47126993d96031ea088e45b22dThai Duong KM_EC_CURVE_P_384 = 2, 25940d59c8155ba3e47126993d96031ea088e45b22dThai Duong KM_EC_CURVE_P_521 = 3, 26040d59c8155ba3e47126993d96031ea088e45b22dThai Duong} keymaster_ec_curve_t; 26140d59c8155ba3e47126993d96031ea088e45b22dThai Duong 2629d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 2638d6cf2594c9524205a6f5823378d1b983a1ad073Shawn Willden * The origin of a key (or pair), i.e. where it was generated. Note that KM_TAG_ORIGIN can be found 2648d6cf2594c9524205a6f5823378d1b983a1ad073Shawn Willden * in either the hardware-enforced or software-enforced list for a key, indicating whether the key 2658d6cf2594c9524205a6f5823378d1b983a1ad073Shawn Willden * is hardware or software-based. Specifically, a key with KM_ORIGIN_GENERATED in the 2668d6cf2594c9524205a6f5823378d1b983a1ad073Shawn Willden * hardware-enforced list is guaranteed never to have existed outide the secure hardware. 2679d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 2689d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 269cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_ORIGIN_GENERATED = 0, /* Generated in keymaster. Should not exist outside the TEE. */ 270cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_ORIGIN_DERIVED = 1, /* Derived inside keymaster. Likely exists off-device. */ 271cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_ORIGIN_IMPORTED = 2, /* Imported into keymaster. Existed as cleartext in Android. */ 272d359b044830b292f492f8a8df5471f869e358399Shawn Willden KM_ORIGIN_UNKNOWN = 3, /* Keymaster did not record origin. This value can only be seen on 273d359b044830b292f492f8a8df5471f869e358399Shawn Willden * keys in a keymaster0 implementation. The keymaster0 adapter uses 274d359b044830b292f492f8a8df5471f869e358399Shawn Willden * this value to document the fact that it is unkown whether the key 275d359b044830b292f492f8a8df5471f869e358399Shawn Willden * was generated inside or imported into keymaster. */ 2769d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_origin_t; 2779d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 2789d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 2799d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Usability requirements of key blobs. This defines what system functionality must be available 2809d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * for the key to function. For example, key "blobs" which are actually handles referencing 2819d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * encrypted key material stored in the file system cannot be used until the file system is 2829d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * available, and should have BLOB_REQUIRES_FILE_SYSTEM. Other requirements entries will be added 283cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * as needed for implementations. 2849d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 2859d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 2869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_BLOB_STANDALONE = 0, 2879d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_BLOB_REQUIRES_FILE_SYSTEM = 1, 2889d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_blob_usage_requirements_t; 2899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 2909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 291cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * Possible purposes of a key (or pair). 2929d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 2939d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 294cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_PURPOSE_ENCRYPT = 0, /* Usable with RSA, EC and AES keys. */ 295cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_PURPOSE_DECRYPT = 1, /* Usable with RSA, EC and AES keys. */ 296cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_PURPOSE_SIGN = 2, /* Usable with RSA, EC and HMAC keys. */ 297cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_PURPOSE_VERIFY = 3, /* Usable with RSA, EC and HMAC keys. */ 298cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_PURPOSE_DERIVE_KEY = 4, /* Usable with EC keys. */ 2999d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_purpose_t; 3009d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 3019d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct { 3029d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden const uint8_t* data; 3039d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden size_t data_length; 3049d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_blob_t; 3059d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 3069d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct { 3079d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_tag_t tag; 3089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden union { 3099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden uint32_t enumerated; /* KM_ENUM and KM_ENUM_REP */ 3109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden bool boolean; /* KM_BOOL */ 3119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden uint32_t integer; /* KM_INT and KM_INT_REP */ 3129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden uint64_t long_integer; /* KM_LONG */ 3139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden uint64_t date_time; /* KM_DATE */ 3149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_blob_t blob; /* KM_BIGNUM and KM_BYTES*/ 3159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden }; 3169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_param_t; 3179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 3189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct { 3199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_key_param_t* params; /* may be NULL if length == 0 */ 3209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden size_t length; 3219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_param_set_t; 3229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 3239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 3249d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * Parameters that define a key's characteristics, including authorized modes of usage and access 3259d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * control restrictions. The parameters are divided into two categories, those that are enforced by 3269d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * secure hardware, and those that are not. For a software-only keymaster implementation the 3279d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * enforced array must NULL. Hardware implementations must enforce everything in the enforced 3289d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * array. 3299d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 3309d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct { 3319d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_key_param_set_t hw_enforced; 3329d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_key_param_set_t sw_enforced; 3339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_characteristics_t; 3349d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 3359d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef struct { 3369d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden const uint8_t* key_material; 3379d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden size_t key_material_size; 3389d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_blob_t; 3399d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 340cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willdentypedef struct { 341cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden keymaster_blob_t* entries; 342cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden size_t entry_count; 343cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden} keymaster_cert_chain_t; 344cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden 3453080276974953e4c61716a71760831f392a75986Shawn Willdentypedef enum { 3463080276974953e4c61716a71760831f392a75986Shawn Willden KM_VERIFIED_BOOT_VERIFIED = 0, /* Full chain of trust extending from the bootloader to 3473080276974953e4c61716a71760831f392a75986Shawn Willden * verified partitions, including the bootloader, boot 3483080276974953e4c61716a71760831f392a75986Shawn Willden * partition, and all verified partitions*/ 3493080276974953e4c61716a71760831f392a75986Shawn Willden KM_VERIFIED_BOOT_SELF_SIGNED = 1, /* The boot partition has been verified using the embedded 3503080276974953e4c61716a71760831f392a75986Shawn Willden * certificate, and the signature is valid. The bootloader 3513080276974953e4c61716a71760831f392a75986Shawn Willden * displays a warning and the fingerprint of the public 3523080276974953e4c61716a71760831f392a75986Shawn Willden * key before allowing the boot process to continue.*/ 3533080276974953e4c61716a71760831f392a75986Shawn Willden KM_VERIFIED_BOOT_UNVERIFIED = 2, /* The device may be freely modified. Device integrity is left 3543080276974953e4c61716a71760831f392a75986Shawn Willden * to the user to verify out-of-band. The bootloader 3553080276974953e4c61716a71760831f392a75986Shawn Willden * displays a warning to the user before allowing the boot 3563080276974953e4c61716a71760831f392a75986Shawn Willden * process to continue */ 3573080276974953e4c61716a71760831f392a75986Shawn Willden KM_VERIFIED_BOOT_FAILED = 3, /* The device failed verification. The bootloader displays a 3583080276974953e4c61716a71760831f392a75986Shawn Willden * warning and stops the boot process, so no keymaster 3593080276974953e4c61716a71760831f392a75986Shawn Willden * implementation should ever actually return this value, 3603080276974953e4c61716a71760831f392a75986Shawn Willden * since it should not run. Included here only for 3613080276974953e4c61716a71760831f392a75986Shawn Willden * completeness. */ 3623080276974953e4c61716a71760831f392a75986Shawn Willden} keymaster_verified_boot_t; 3633080276974953e4c61716a71760831f392a75986Shawn Willden 364aeb15d64fc331476150622fc693222e3d920b9ecShawn Willdentypedef enum { 365aeb15d64fc331476150622fc693222e3d920b9ecShawn Willden KM_SECURITY_LEVEL_SOFTWARE = 0, 366aeb15d64fc331476150622fc693222e3d920b9ecShawn Willden KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 1, 367aeb15d64fc331476150622fc693222e3d920b9ecShawn Willden} keymaster_security_level_t; 368aeb15d64fc331476150622fc693222e3d920b9ecShawn Willden 3699d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 370cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden * Formats for key import and export. 3719d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 3729d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 373fb769fc3125d2939683f2f5bff2cf25816e5838cShawn Willden KM_KEY_FORMAT_X509 = 0, /* for public key export */ 374fb769fc3125d2939683f2f5bff2cf25816e5838cShawn Willden KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import */ 375cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_KEY_FORMAT_RAW = 3, /* for symmetric key import and export*/ 3769d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_key_format_t; 3779d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 3789d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/** 3799d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * The keymaster operation API consists of begin, update, finish and abort. This is the type of the 3809d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * handle used to tie the sequence of calls together. A 64-bit value is used because it's important 3819d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * that handles not be predictable. Implementations must use strong random numbers for handle 3829d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden * values. 3839d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden */ 3849d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef uint64_t keymaster_operation_handle_t; 3859d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 3869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdentypedef enum { 3879d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_OK = 0, 3889d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1, 3899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_PURPOSE = -2, 3909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INCOMPATIBLE_PURPOSE = -3, 3919d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_ALGORITHM = -4, 3929d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INCOMPATIBLE_ALGORITHM = -5, 3939d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_KEY_SIZE = -6, 3949d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7, 3959d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8, 3966b424bea8074c997745b3758f8fde0ef925e3218Shawn Willden KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9, 3979d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_PADDING_MODE = -10, 3989d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11, 3999d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_DIGEST = -12, 4009d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INCOMPATIBLE_DIGEST = -13, 4019d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INVALID_EXPIRATION_TIME = -14, 4029d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INVALID_USER_ID = -15, 4039d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16, 4049d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17, 4059d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18, 4069d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19, /* For PKCS8 & PKCS12 */ 4079d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */ 4089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INVALID_INPUT_LENGTH = -21, 4099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22, 4109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_DELEGATION_NOT_ALLOWED = -23, 4119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_KEY_NOT_YET_VALID = -24, 4129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_KEY_EXPIRED = -25, 4139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26, 4149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_OUTPUT_PARAMETER_NULL = -27, 4159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INVALID_OPERATION_HANDLE = -28, 4169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29, 4179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_VERIFICATION_FAILED = -30, 4189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_TOO_MANY_OPERATIONS = -31, 4199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNEXPECTED_NULL_POINTER = -32, 4209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INVALID_KEY_BLOB = -33, 4219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34, 4229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35, 4239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36, 4249d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37, 4259d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INVALID_ARGUMENT = -38, 4269d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_TAG = -39, 4279d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_INVALID_TAG = -40, 4289d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_MEMORY_ALLOCATION_FAILED = -41, 4299d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44, 4309d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_SECURE_HW_ACCESS_DENIED = -45, 4319d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_OPERATION_CANCELLED = -46, 4329d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47, 4339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_SECURE_HW_BUSY = -48, 4349d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49, 4359d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNSUPPORTED_EC_FIELD = -50, 436ed94111cce5b3b6fff9833f99ea80f4ab7b37c04Shawn Willden KM_ERROR_MISSING_NONCE = -51, 437ed94111cce5b3b6fff9833f99ea80f4ab7b37c04Shawn Willden KM_ERROR_INVALID_NONCE = -52, 4384144c64818fcb88905bc2632e3747be3681a1405Shawn Willden KM_ERROR_MISSING_MAC_LENGTH = -53, 439396d6cbce987deac076ac1a636d3f7282ec9338dShawn Willden KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = -54, 4404bdd7cbd47c7b89f6a47c3dbba648a3d95f9a45dShawn Willden KM_ERROR_CALLER_NONCE_PROHIBITED = -55, 441396d6cbce987deac076ac1a636d3f7282ec9338dShawn Willden KM_ERROR_KEY_MAX_OPS_EXCEEDED = -56, 442a3f0ab55a73d4c21de9f34ec21f27a2609b568fdShawn Willden KM_ERROR_INVALID_MAC_LENGTH = -57, 443a3f0ab55a73d4c21de9f34ec21f27a2609b568fdShawn Willden KM_ERROR_MISSING_MIN_MAC_LENGTH = -58, 444a3f0ab55a73d4c21de9f34ec21f27a2609b568fdShawn Willden KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59, 44540d59c8155ba3e47126993d96031ea088e45b22dThai Duong KM_ERROR_UNSUPPORTED_KDF = -60, 44640d59c8155ba3e47126993d96031ea088e45b22dThai Duong KM_ERROR_UNSUPPORTED_EC_CURVE = -61, 447cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden KM_ERROR_KEY_REQUIRES_UPGRADE = -62, 4487fd11186a6731402fd5a33b26da9edf738dd750bShawn Willden KM_ERROR_ATTESTATION_CHALLENGE_MISSING = -63, 4493080276974953e4c61716a71760831f392a75986Shawn Willden KM_ERROR_KEYMASTER_NOT_CONFIGURED = -64, 4503696685df4a57bb1cf6ef3a0e99c0ea7a2368ff3Janis Danisevskis KM_ERROR_ATTESTATION_APPLICATION_ID_MISSING = -65, 4519d2f5b911e758b372abccf10ff25c926929a217aBartosz Fabianowski KM_ERROR_CANNOT_ATTEST_IDS = -66, 452ed94111cce5b3b6fff9833f99ea80f4ab7b37c04Shawn Willden 4539d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNIMPLEMENTED = -100, 4549d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_VERSION_MISMATCH = -101, 4559d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 4569d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden KM_ERROR_UNKNOWN_ERROR = -1000, 4579d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} keymaster_error_t; 4589d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 4599d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/* Convenience functions for manipulating keymaster tag types */ 4609d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 4619d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdenstatic inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) { 4629d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return (keymaster_tag_type_t)(tag & (0xF << 28)); 4639d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 4649d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 4659d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdenstatic inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) { 4669d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return tag & 0x0FFFFFFF; 4679d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 4689d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 4699d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdenstatic inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) { 4709d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden switch (type) { 471fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden case KM_UINT_REP: 4729d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden case KM_ENUM_REP: 4739d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return true; 4749d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden default: 4759d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return false; 4769d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden } 4779d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 4789d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 4799d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdenstatic inline bool keymaster_tag_repeatable(keymaster_tag_t tag) { 4809d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return keymaster_tag_type_repeatable(keymaster_tag_get_type(tag)); 4819d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 4829d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 4839d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden/* Convenience functions for manipulating keymaster_key_param_t structs */ 4849d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 4859d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_enum(keymaster_tag_t tag, uint32_t value) { 4869d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden // assert(keymaster_tag_get_type(tag) == KM_ENUM || keymaster_tag_get_type(tag) == KM_ENUM_REP); 4879d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_key_param_t param; 4889d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden memset(¶m, 0, sizeof(param)); 4899d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.tag = tag; 4909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.enumerated = value; 4919d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return param; 4929d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 4939d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 4949d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_int(keymaster_tag_t tag, uint32_t value) { 4959d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden // assert(keymaster_tag_get_type(tag) == KM_INT || keymaster_tag_get_type(tag) == KM_INT_REP); 4969d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_key_param_t param; 4979d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden memset(¶m, 0, sizeof(param)); 4989d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.tag = tag; 4999d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.integer = value; 5009d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return param; 5019d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 5029d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 5039d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_long(keymaster_tag_t tag, uint64_t value) { 5049d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden // assert(keymaster_tag_get_type(tag) == KM_LONG); 5059d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_key_param_t param; 5069d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden memset(¶m, 0, sizeof(param)); 5079d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.tag = tag; 5089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.long_integer = value; 5099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return param; 5109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 5119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 5129d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_blob(keymaster_tag_t tag, const uint8_t* bytes, 5139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden size_t bytes_len) { 5149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden // assert(keymaster_tag_get_type(tag) == KM_BYTES || keymaster_tag_get_type(tag) == KM_BIGNUM); 5159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_key_param_t param; 5169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden memset(¶m, 0, sizeof(param)); 5179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.tag = tag; 5189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.blob.data = (uint8_t*)bytes; 5199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.blob.data_length = bytes_len; 5209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return param; 5219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 5229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 5239d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_bool(keymaster_tag_t tag) { 5249d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden // assert(keymaster_tag_get_type(tag) == KM_BOOL); 5259d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_key_param_t param; 5269d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden memset(¶m, 0, sizeof(param)); 5279d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.tag = tag; 5289d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.boolean = true; 5299d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return param; 5309d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 5319d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 5329d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline keymaster_key_param_t keymaster_param_date(keymaster_tag_t tag, uint64_t value) { 5339d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden // assert(keymaster_tag_get_type(tag) == KM_DATE); 5349d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_key_param_t param; 5359d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden memset(¶m, 0, sizeof(param)); 5369d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.tag = tag; 5379d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param.date_time = value; 5389d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden return param; 5399d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 5409d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 54167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden#define KEYMASTER_SIMPLE_COMPARE(a, b) (a < b) ? -1 : ((a > b) ? 1 : 0) 54267411d6f5116c52c1b82330b6cd096974636db36Shawn Willdeninline int keymaster_param_compare(const keymaster_key_param_t* a, const keymaster_key_param_t* b) { 54328a872eb797716868770a2115a6ef55f2178df6dTucker Sylvestro int retval = KEYMASTER_SIMPLE_COMPARE((uint32_t)a->tag, (uint32_t)b->tag); 54467411d6f5116c52c1b82330b6cd096974636db36Shawn Willden if (retval != 0) 54567411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return retval; 54667411d6f5116c52c1b82330b6cd096974636db36Shawn Willden 54767411d6f5116c52c1b82330b6cd096974636db36Shawn Willden switch (keymaster_tag_get_type(a->tag)) { 54867411d6f5116c52c1b82330b6cd096974636db36Shawn Willden case KM_INVALID: 54967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden case KM_BOOL: 55067411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return 0; 55167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden case KM_ENUM: 55267411d6f5116c52c1b82330b6cd096974636db36Shawn Willden case KM_ENUM_REP: 55367411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return KEYMASTER_SIMPLE_COMPARE(a->enumerated, b->enumerated); 554fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden case KM_UINT: 555fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden case KM_UINT_REP: 55667411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return KEYMASTER_SIMPLE_COMPARE(a->integer, b->integer); 557fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden case KM_ULONG: 558fe6bcfa71d7f79029b5b44d5fe8d7f8a80a967b2Shawn Willden case KM_ULONG_REP: 55967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return KEYMASTER_SIMPLE_COMPARE(a->long_integer, b->long_integer); 56067411d6f5116c52c1b82330b6cd096974636db36Shawn Willden case KM_DATE: 56167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return KEYMASTER_SIMPLE_COMPARE(a->date_time, b->date_time); 56267411d6f5116c52c1b82330b6cd096974636db36Shawn Willden case KM_BIGNUM: 56367411d6f5116c52c1b82330b6cd096974636db36Shawn Willden case KM_BYTES: 56467411d6f5116c52c1b82330b6cd096974636db36Shawn Willden // Handle the empty cases. 56567411d6f5116c52c1b82330b6cd096974636db36Shawn Willden if (a->blob.data_length != 0 && b->blob.data_length == 0) 56667411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return -1; 56767411d6f5116c52c1b82330b6cd096974636db36Shawn Willden if (a->blob.data_length == 0 && b->blob.data_length == 0) 56867411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return 0; 56967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden if (a->blob.data_length == 0 && b->blob.data_length > 0) 57067411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return 1; 57167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden 57267411d6f5116c52c1b82330b6cd096974636db36Shawn Willden retval = memcmp(a->blob.data, b->blob.data, a->blob.data_length < b->blob.data_length 57367411d6f5116c52c1b82330b6cd096974636db36Shawn Willden ? a->blob.data_length 57467411d6f5116c52c1b82330b6cd096974636db36Shawn Willden : b->blob.data_length); 57567411d6f5116c52c1b82330b6cd096974636db36Shawn Willden if (retval != 0) 57667411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return retval; 57767411d6f5116c52c1b82330b6cd096974636db36Shawn Willden else if (a->blob.data_length != b->blob.data_length) { 57867411d6f5116c52c1b82330b6cd096974636db36Shawn Willden // Equal up to the common length; longer one is larger. 57967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden if (a->blob.data_length < b->blob.data_length) 58067411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return -1; 58167411d6f5116c52c1b82330b6cd096974636db36Shawn Willden if (a->blob.data_length > b->blob.data_length) 58267411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return 1; 58367411d6f5116c52c1b82330b6cd096974636db36Shawn Willden }; 58467411d6f5116c52c1b82330b6cd096974636db36Shawn Willden } 58567411d6f5116c52c1b82330b6cd096974636db36Shawn Willden 58667411d6f5116c52c1b82330b6cd096974636db36Shawn Willden return 0; 58767411d6f5116c52c1b82330b6cd096974636db36Shawn Willden} 58867411d6f5116c52c1b82330b6cd096974636db36Shawn Willden#undef KEYMASTER_SIMPLE_COMPARE 58967411d6f5116c52c1b82330b6cd096974636db36Shawn Willden 5909d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline void keymaster_free_param_values(keymaster_key_param_t* param, size_t param_count) { 591a3c0ae16ac1a9f7a8fced4b196d138cefa9462a5Chad Brubaker while (param_count > 0) { 592a3c0ae16ac1a9f7a8fced4b196d138cefa9462a5Chad Brubaker param_count--; 5939d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden switch (keymaster_tag_get_type(param->tag)) { 5949d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden case KM_BIGNUM: 5959d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden case KM_BYTES: 5969d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden free((void*)param->blob.data); 5979d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden param->blob.data = NULL; 5989d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden break; 5999d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden default: 6009d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden // NOP 6019d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden break; 6029d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden } 6039d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden ++param; 6049d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden } 6059d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 6069d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 6079d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline void keymaster_free_param_set(keymaster_key_param_set_t* set) { 6089d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden if (set) { 6099d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_free_param_values(set->params, set->length); 6109d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden free(set->params); 6119d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden set->params = NULL; 612e366efd5bb89b2e7556055c5287c4e81e8820785Shawn Willden set->length = 0; 6139d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden } 6149d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 6159d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 6169d645a003b0d77462a5f9696a238aacc32580f07Shawn Willdeninline void keymaster_free_characteristics(keymaster_key_characteristics_t* characteristics) { 6179d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden if (characteristics) { 6189d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_free_param_set(&characteristics->hw_enforced); 6199d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden keymaster_free_param_set(&characteristics->sw_enforced); 6209d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden } 6219d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden} 6229d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 623cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willdeninline void keymaster_free_cert_chain(keymaster_cert_chain_t* chain) { 624cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden if (chain) { 625cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden for (size_t i = 0; i < chain->entry_count; ++i) { 626cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden free((uint8_t*)chain->entries[i].data); 627cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden chain->entries[i].data = NULL; 628cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden chain->entries[i].data_length = 0; 629cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden } 630cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden free(chain->entries); 631cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden chain->entries = NULL; 632cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden chain->entry_count = 0; 633cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden } 634cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden} 635cf30fe17fd6e367b43884a3091939fe6aa0ab603Shawn Willden 6367eaa15ffa65239e8f4f23d21ff1a6ed66ed9a13fShawn Willden#ifdef __cplusplus 637c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willden} // extern "C" 638c51d01ed029458e8809eeb9c16f9ed2dbe755be4Shawn Willden#endif // __cplusplus 6399d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden 6409d645a003b0d77462a5f9696a238aacc32580f07Shawn Willden#endif // ANDROID_HARDWARE_KEYMASTER_DEFS_H 641