tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Use TagType constants"

Browse source
This commit is contained in:
Eran Messeri 2021-06-15 15:13:51 +00:00 committed by Gerrit Code Review
commit 1e6730acec
1 changed files with 65 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
View file

@ -18,10 +18,6 @@ package android.hardware.security.keymint;
import android.hardware.security.keymint.TagType;
// TODO(seleneh) : note aidl currently does not support double nested enum definitions such as
// ROOT_OF_TRUST = TagType:BYTES | 704. So we are forced to write definitions as
// ROOT_OF_TRUST = (9 << 28) for now. Will need to flip this back later when aidl support is added.
/**
* Tag specifies various kinds of tags that can be set in KeyParameter to identify what kind of
* data are stored in KeyParameter.
@ -33,7 +29,7 @@ enum Tag {
/**
* Tag::INVALID should never be set. It means you hit an error.
*/
INVALID = (0 << 28) | 0,
INVALID = 0,
/**
* Tag::PURPOSE specifies the set of purposes for which the key may be used. Possible values
@ -47,7 +43,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
PURPOSE = (2 << 28) /* TagType:ENUM_REP */ | 1,
PURPOSE = TagType.ENUM_REP | 1,
/**
* Tag::ALGORITHM specifies the cryptographic algorithm with which the key is used. This tag
@ -56,7 +52,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
ALGORITHM = (1 << 28) /* TagType:ENUM */ | 2,
ALGORITHM = TagType.ENUM | 2,
/**
* Tag::KEY_SIZE specifies the size, in bits, of the key, measuring in the normal way for the
@ -68,7 +64,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
KEY_SIZE = (3 << 28) /* TagType:UINT */ | 3,
KEY_SIZE = TagType.UINT | 3,
/**
* Tag::BLOCK_MODE specifies the block cipher mode(s) with which the key may be used. This tag
@ -81,7 +77,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
BLOCK_MODE = (2 << 28) /* TagType:ENUM_REP */ | 4,
BLOCK_MODE = TagType.ENUM_REP | 4,
/**
* Tag::DIGEST specifies the digest algorithms that may be used with the key to perform signing
@ -95,7 +91,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
DIGEST = (2 << 28) /* TagType:ENUM_REP */ | 5,
DIGEST = TagType.ENUM_REP | 5,
/**
* Tag::PADDING specifies the padding modes that may be used with the key. This tag is relevant
@ -123,7 +119,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
PADDING = (2 << 28) /* TagType:ENUM_REP */ | 6,
PADDING = TagType.ENUM_REP | 6,
/**
* Tag::CALLER_NONCE specifies that the caller can provide a nonce for nonce-requiring
@ -136,7 +132,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
CALLER_NONCE = (7 << 28) /* TagType:BOOL */ | 7,
CALLER_NONCE = TagType.BOOL | 7,
/**
* Tag::MIN_MAC_LENGTH specifies the minimum length of MAC that can be requested or verified
@ -149,7 +145,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
MIN_MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 8,
MIN_MAC_LENGTH = TagType.UINT | 8,
// Tag 9 reserved
@ -159,7 +155,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
EC_CURVE = (1 << 28) /* TagType:ENUM */ | 10,
EC_CURVE = TagType.ENUM | 10,
/**
* Tag::RSA_PUBLIC_EXPONENT specifies the value of the public exponent for an RSA key pair.
@ -173,7 +169,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
RSA_PUBLIC_EXPONENT = (5 << 28) /* TagType:ULONG */ | 200,
RSA_PUBLIC_EXPONENT = TagType.ULONG | 200,
// Tag 201 reserved
@ -184,7 +180,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
INCLUDE_UNIQUE_ID = (7 << 28) /* TagType:BOOL */ | 202,
INCLUDE_UNIQUE_ID = TagType.BOOL | 202,
/**
* Tag::RSA_OAEP_MGF_DIGEST specifies the MGF1 digest algorithms that may be used with RSA
@ -197,7 +193,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
RSA_OAEP_MGF_DIGEST = (2 << 28) /* TagType:ENUM_REP */ | 203,
RSA_OAEP_MGF_DIGEST = TagType.ENUM_REP | 203,
// Tag 301 reserved
@ -209,7 +205,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
BOOTLOADER_ONLY = (7 << 28) /* TagType:BOOL */ | 302,
BOOTLOADER_ONLY = TagType.BOOL | 302,
/**
* Tag::ROLLBACK_RESISTANCE specifies that the key has rollback resistance, meaning that when
@ -224,10 +220,10 @@ enum Tag {
*
* Must be hardware-enforced.
*/
ROLLBACK_RESISTANCE = (7 << 28) /* TagType:BOOL */ | 303,
ROLLBACK_RESISTANCE = TagType.BOOL | 303,
// Reserved for future use.
HARDWARE_TYPE = (1 << 28) /* TagType:ENUM */ | 304,
HARDWARE_TYPE = TagType.ENUM | 304,
/**
* Keys tagged with EARLY_BOOT_ONLY may only be used during early boot, until
@ -236,7 +232,7 @@ enum Tag {
* provided to IKeyMintDevice::importKey, the import must fail with
* ErrorCode::EARLY_BOOT_ENDED.
*/
EARLY_BOOT_ONLY = (7 << 28) /* TagType:BOOL */ | 305,
EARLY_BOOT_ONLY = TagType.BOOL | 305,
/**
* Tag::ACTIVE_DATETIME specifies the date and time at which the key becomes active, in
@ -245,7 +241,7 @@ enum Tag {
*
* Need not be hardware-enforced.
*/
ACTIVE_DATETIME = (6 << 28) /* TagType:DATE */ | 400,
ACTIVE_DATETIME = TagType.DATE | 400,
/**
* Tag::ORIGINATION_EXPIRE_DATETIME specifies the date and time at which the key expires for
@ -257,7 +253,7 @@ enum Tag {
*
* Need not be hardware-enforced.
*/
ORIGINATION_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 401,
ORIGINATION_EXPIRE_DATETIME = TagType.DATE | 401,
/**
* Tag::USAGE_EXPIRE_DATETIME specifies the date and time at which the key expires for
@ -269,7 +265,7 @@ enum Tag {
*
* Need not be hardware-enforced.
*/
USAGE_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 402,
USAGE_EXPIRE_DATETIME = TagType.DATE | 402,
/**
* TODO(seleneh) this tag need to be deleted.
@ -294,7 +290,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
MIN_SECONDS_BETWEEN_OPS = (3 << 28) /* TagType:UINT */ | 403,
MIN_SECONDS_BETWEEN_OPS = TagType.UINT | 403,
/**
* Tag::MAX_USES_PER_BOOT specifies the maximum number of times that a key may be used between
@ -314,7 +310,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
MAX_USES_PER_BOOT = (3 << 28) /* TagType:UINT */ | 404,
MAX_USES_PER_BOOT = TagType.UINT | 404,
/**
* Tag::USAGE_COUNT_LIMIT specifies the number of times that a key may be used. This can be
@ -343,14 +339,14 @@ enum Tag {
* record. This tag must have the same SecurityLevel as the tag that is added to the key
* characteristics.
*/
USAGE_COUNT_LIMIT = (3 << 28) | 405, /* TagType:UINT */
USAGE_COUNT_LIMIT = TagType.UINT | 405,
/**
* Tag::USER_ID specifies the ID of the Android user that is permitted to use the key.
*
* Must not be hardware-enforced.
*/
USER_ID = (3 << 28) /* TagType:UINT */ | 501,
USER_ID = TagType.UINT | 501,
/**
* Tag::USER_SECURE_ID specifies that a key may only be used under a particular secure user
@ -383,7 +379,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
USER_SECURE_ID = (10 << 28) /* TagType:ULONG_REP */ | 502,
USER_SECURE_ID = TagType.ULONG_REP | 502,
/**
* Tag::NO_AUTH_REQUIRED specifies that no authentication is required to use this key. This tag
@ -391,7 +387,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
NO_AUTH_REQUIRED = (7 << 28) /* TagType:BOOL */ | 503,
NO_AUTH_REQUIRED = TagType.BOOL | 503,
/**
* Tag::USER_AUTH_TYPE specifies the types of user authenticators that may be used to authorize
@ -410,7 +406,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
USER_AUTH_TYPE = (1 << 28) /* TagType:ENUM */ | 504,
USER_AUTH_TYPE = TagType.ENUM | 504,
/**
* Tag::AUTH_TIMEOUT specifies the time in seconds for which the key is authorized for use,
@ -424,7 +420,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
AUTH_TIMEOUT = (3 << 28) /* TagType:UINT */ | 505,
AUTH_TIMEOUT = TagType.UINT | 505,
/**
* Tag::ALLOW_WHILE_ON_BODY specifies that the key may be used after authentication timeout if
@ -432,7 +428,7 @@ enum Tag {
*
* Cannot be hardware-enforced.
*/
ALLOW_WHILE_ON_BODY = (7 << 28) /* TagType:BOOL */ | 506,
ALLOW_WHILE_ON_BODY = TagType.BOOL | 506,
/**
* TRUSTED_USER_PRESENCE_REQUIRED is an optional feature that specifies that this key must be
@ -479,7 +475,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 507,
TRUSTED_USER_PRESENCE_REQUIRED = TagType.BOOL | 507,
/**
* Tag::TRUSTED_CONFIRMATION_REQUIRED is only applicable to keys with KeyPurpose SIGN, and
@ -493,7 +489,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) /* TagType:BOOL */ | 508,
TRUSTED_CONFIRMATION_REQUIRED = TagType.BOOL | 508,
/**
* Tag::UNLOCKED_DEVICE_REQUIRED specifies that the key may only be used when the device is
@ -501,7 +497,7 @@ enum Tag {
*
* Must be software-enforced.
*/
UNLOCKED_DEVICE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 509,
UNLOCKED_DEVICE_REQUIRED = TagType.BOOL | 509,
/**
* Tag::APPLICATION_ID. When provided to generateKey or importKey, this tag specifies data
@ -517,7 +513,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 601,
APPLICATION_ID = TagType.BYTES | 601,
/*
* Semantically unenforceable tags, either because they have no specific meaning or because
@ -538,7 +534,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
APPLICATION_DATA = (9 << 28) /* TagType:BYTES */ | 700,
APPLICATION_DATA = TagType.BYTES | 700,
/**
* Tag::CREATION_DATETIME specifies the date and time the key was created, in milliseconds since
@ -546,7 +542,7 @@ enum Tag {
*
* Must be in the software-enforced list, if provided.
*/
CREATION_DATETIME = (6 << 28) /* TagType:DATE */ | 701,
CREATION_DATETIME = TagType.DATE | 701,
/**
* Tag::ORIGIN specifies where the key was created, if known. This tag must not be specified
@ -555,7 +551,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
ORIGIN = (1 << 28) /* TagType:ENUM */ | 702,
ORIGIN = TagType.ENUM | 702,
// 703 is unused.
@ -567,7 +563,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ROOT_OF_TRUST = (9 << 28) /* TagType:BYTES */ | 704,
ROOT_OF_TRUST = TagType.BYTES | 704,
/**
* Tag::OS_VERSION specifies the system OS version with which the key may be used. This tag is
@ -590,7 +586,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
OS_VERSION = (3 << 28) /* TagType:UINT */ | 705,
OS_VERSION = TagType.UINT | 705,
/**
* Tag::OS_PATCHLEVEL specifies the system security patch level with which the key may be used.
@ -611,7 +607,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
OS_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 706,
OS_PATCHLEVEL = TagType.UINT | 706,
/**
* Tag::UNIQUE_ID specifies a unique, time-based identifier. This tag is never provided to or
@ -646,7 +642,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
UNIQUE_ID = (9 << 28) /* TagType:BYTES */ | 707,
UNIQUE_ID = TagType.BYTES | 707,
/**
* Tag::ATTESTATION_CHALLENGE is used to deliver a "challenge" value to the attested key
@ -655,7 +651,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_CHALLENGE = (9 << 28) /* TagType:BYTES */ | 708,
ATTESTATION_CHALLENGE = TagType.BYTES | 708,
/**
* Tag::ATTESTATION_APPLICATION_ID identifies the set of applications which may use a key, used
@ -681,7 +677,7 @@ enum Tag {
*
* Cannot be hardware-enforced.
*/
ATTESTATION_APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 709,
ATTESTATION_APPLICATION_ID = TagType.BYTES | 709,
/**
* Tag::ATTESTATION_ID_BRAND provides the device's brand name, as returned by Build.BRAND in
@ -694,7 +690,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_BRAND = (9 << 28) /* TagType:BYTES */ | 710,
ATTESTATION_ID_BRAND = TagType.BYTES | 710,
/**
* Tag::ATTESTATION_ID_DEVICE provides the device's device name, as returned by Build.DEVICE in
@ -707,7 +703,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_DEVICE = (9 << 28) /* TagType:BYTES */ | 711,
ATTESTATION_ID_DEVICE = TagType.BYTES | 711,
/**
* Tag::ATTESTATION_ID_PRODUCT provides the device's product name, as returned by Build.PRODUCT
@ -720,7 +716,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_PRODUCT = (9 << 28) /* TagType:BYTES */ | 712,
ATTESTATION_ID_PRODUCT = TagType.BYTES | 712,
/**
* Tag::ATTESTATION_ID_SERIAL the device's serial number. This field must be set only when
@ -732,7 +728,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_SERIAL = (9 << 28) /* TagType:BYTES */ | 713,
ATTESTATION_ID_SERIAL = TagType.BYTES | 713,
/**
* Tag::ATTESTATION_ID_IMEI provides the IMEIs for all radios on the device to attested key
@ -745,7 +741,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_IMEI = (9 << 28) /* TagType:BYTES */ | 714,
ATTESTATION_ID_IMEI = TagType.BYTES | 714,
/**
* Tag::ATTESTATION_ID_MEID provides the MEIDs for all radios on the device to attested key
@ -758,7 +754,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_MEID = (9 << 28) /* TagType:BYTES */ | 715,
ATTESTATION_ID_MEID = TagType.BYTES | 715,
/**
* Tag::ATTESTATION_ID_MANUFACTURER provides the device's manufacturer name, as returned by
@ -771,7 +767,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_MANUFACTURER = (9 << 28) /* TagType:BYTES */ | 716,
ATTESTATION_ID_MANUFACTURER = TagType.BYTES | 716,
/**
* Tag::ATTESTATION_ID_MODEL provides the device's model name, as returned by Build.MODEL in
@ -784,7 +780,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_MODEL = (9 << 28) /* TagType:BYTES */ | 717,
ATTESTATION_ID_MODEL = TagType.BYTES | 717,
/**
* Tag::VENDOR_PATCHLEVEL specifies the vendor image security patch level with which the key may
@ -806,7 +802,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
VENDOR_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 718,
VENDOR_PATCHLEVEL = TagType.UINT | 718,
/**
* Tag::BOOT_PATCHLEVEL specifies the boot image (kernel) security patch level with which the
@ -826,7 +822,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
BOOT_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 719,
BOOT_PATCHLEVEL = TagType.UINT | 719,
/**
* DEVICE_UNIQUE_ATTESTATION is an argument to IKeyMintDevice::attested key generation/import
@ -852,7 +848,7 @@ enum Tag {
* IKeyMintDevice implementations that support device-unique attestation MUST add the
* DEVICE_UNIQUE_ATTESTATION tag to device-unique attestations.
*/
DEVICE_UNIQUE_ATTESTATION = (7 << 28) /* TagType:BOOL */ | 720,
DEVICE_UNIQUE_ATTESTATION = TagType.BOOL | 720,
/**
* IDENTITY_CREDENTIAL_KEY is never used by IKeyMintDevice, is not a valid argument to key
@ -860,7 +856,7 @@ enum Tag {
* attestation. It is used in attestations produced by the IIdentityCredential HAL when that
* HAL attests to Credential Keys. IIdentityCredential produces KeyMint-style attestations.
*/
IDENTITY_CREDENTIAL_KEY = (7 << 28) /* TagType:BOOL */ | 721,
IDENTITY_CREDENTIAL_KEY = TagType.BOOL | 721,
/**
* To prevent keys from being compromised if an attacker acquires read access to system / kernel
@ -877,12 +873,12 @@ enum Tag {
* ErrorCode::INVALID_OPERATION is returned when a key with Tag::STORAGE_KEY is provided to
* begin().
*/
STORAGE_KEY = (7 << 28) /* TagType:BOOL */ | 722,
STORAGE_KEY = TagType.BOOL | 722,
/**
* TODO: Delete when keystore1 is deleted.
*/
ASSOCIATED_DATA = (9 << 28) /* TagType:BYTES */ | 1000,
ASSOCIATED_DATA = TagType.BYTES | 1000,
/**
* Tag::NONCE is used to provide or return a nonce or Initialization Vector (IV) for AES-GCM,
@ -897,7 +893,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
NONCE = (9 << 28) /* TagType:BYTES */ | 1001,
NONCE = TagType.BYTES | 1001,
/**
* Tag::MAC_LENGTH provides the requested length of a MAC or GCM authentication tag, in bits.
@ -908,7 +904,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 1003,
MAC_LENGTH = TagType.UINT | 1003,
/**
* Tag::RESET_SINCE_ID_ROTATION specifies whether the device has been factory reset since the
@ -916,7 +912,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
RESET_SINCE_ID_ROTATION = (7 << 28) /* TagType:BOOL */ | 1004,
RESET_SINCE_ID_ROTATION = TagType.BOOL | 1004,
/**
* Tag::CONFIRMATION_TOKEN is used to deliver a cryptographic token proving that the user
@ -925,7 +921,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
CONFIRMATION_TOKEN = (9 << 28) /* TagType:BYTES */ | 1005,
CONFIRMATION_TOKEN = TagType.BYTES | 1005,
/**
* Tag::CERTIFICATE_SERIAL specifies the serial number to be assigned to the attestation
@ -933,7 +929,7 @@ enum Tag {
* keyMint in the attestation parameters during generateKey() and importKey(). If not provided,
* the serial shall default to 1.
*/
CERTIFICATE_SERIAL = (8 << 28) /* TagType:BIGNUM */ | 1006,
CERTIFICATE_SERIAL = TagType.BIGNUM | 1006,
/**
* Tag::CERTIFICATE_SUBJECT the certificate subject. The value is a DER encoded X509 NAME.
@ -941,7 +937,7 @@ enum Tag {
* during generateKey and importKey. If not provided the subject name shall default to
* CN="Android Keystore Key".
*/
CERTIFICATE_SUBJECT = (9 << 28) /* TagType:BYTES */ | 1007,
CERTIFICATE_SUBJECT = TagType.BYTES | 1007,
/**
* Tag::CERTIFICATE_NOT_BEFORE the beginning of the validity of the certificate in UNIX epoch
@ -949,7 +945,7 @@ enum Tag {
* certificates. ErrorCode::MISSING_NOT_BEFORE must be returned if this tag is not provided if
* this tag is not provided to generateKey or importKey.
*/
CERTIFICATE_NOT_BEFORE = (6 << 28) /* TagType:DATE */ | 1008,
CERTIFICATE_NOT_BEFORE = TagType.DATE | 1008,
/**
* Tag::CERTIFICATE_NOT_AFTER the end of the validity of the certificate in UNIX epoch time in
@ -957,7 +953,7 @@ enum Tag {
* ErrorCode::MISSING_NOT_AFTER must be returned if this tag is not provided to generateKey or
* importKey.
*/
CERTIFICATE_NOT_AFTER = (6 << 28) /* TagType:DATE */ | 1009,
CERTIFICATE_NOT_AFTER = TagType.DATE | 1009,
/**
* Tag::MAX_BOOT_LEVEL specifies a maximum boot level at which a key should function.
@ -968,5 +964,5 @@ enum Tag {
*
* Cannot be hardware enforced in this version.
*/
MAX_BOOT_LEVEL = (3 << 28) /* TagType:UINT */ | 1010,
MAX_BOOT_LEVEL = TagType.UINT | 1010,
}