tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Move tag type comments where they belong."

Browse source
This commit is contained in:
Treehugger Robot 2020-12-14 14:30:15 +00:00 committed by Gerrit Code Review
commit dd9d98c339
1 changed files with 59 additions and 60 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

119
security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
View file

@ -46,7 +46,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
PURPOSE = (2 << 28) | 1, /* TagType:ENUM_REP */
PURPOSE = (2 << 28) /* TagType:ENUM_REP */ | 1,
/**
* Tag::ALGORITHM specifies the cryptographic algorithm with which the key is used. This tag
@ -55,7 +55,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
ALGORITHM = (1 << 28) | 2, /* TagType:ENUM */
ALGORITHM = (1 << 28) /* TagType:ENUM */ | 2,
/**
* Tag::KEY_SIZE pecifies the size, in bits, of the key, measuring in the normal way for the
@ -67,7 +67,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
KEY_SIZE = (3 << 28) | 3, /* TagType:UINT */
KEY_SIZE = (3 << 28) /* TagType:UINT */ | 3,
/**
* Tag::BLOCK_MODE specifies the block cipher mode(s) with which the key may be used. This tag
@ -80,8 +80,8 @@ enum Tag {
*
* Must be hardware-enforced.
*/
BLOCK_MODE = (2 << 28) | 4,
/* BlockMode. */ /* TagType:ENUM_REP */
BLOCK_MODE = (2 << 28) /* TagType:ENUM_REP */ | 4,
/**
* Tag::DIGEST specifies the digest algorithms that may be used with the key to perform signing
@ -95,7 +95,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
DIGEST = (2 << 28) | 5, /* TagType:ENUM_REP */
DIGEST = (2 << 28) /* TagType:ENUM_REP */ | 5,
/**
* Tag::PADDING specifies the padding modes that may be used with the key. This tag is relevant
@ -123,7 +123,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
PADDING = (2 << 28) | 6, /* TagType:ENUM_REP */
PADDING = (2 << 28) /* TagType:ENUM_REP */ | 6,
/**
* Tag::CALLER_NONCE specifies that the caller can provide a nonce for nonce-requiring
@ -136,7 +136,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
CALLER_NONCE = (7 << 28) | 7, /* TagType:BOOL */
CALLER_NONCE = (7 << 28) /* TagType:BOOL */ | 7,
/**
* Tag::MIN_MAC_LENGTH specifies the minimum length of MAC that can be requested or verified
@ -149,7 +149,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
MIN_MAC_LENGTH = (3 << 28) | 8, /* TagType:UINT */
MIN_MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 8,
// Tag 9 reserved
@ -160,7 +160,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
EC_CURVE = (1 << 28) | 10, /* TagType:ENUM */
EC_CURVE = (1 << 28) /* TagType:ENUM */ | 10,
/**
* Tag::RSA_PUBLIC_EXPONENT specifies the value of the public exponent for an RSA key pair.
@ -174,7 +174,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
RSA_PUBLIC_EXPONENT = (5 << 28) | 200, /* TagType:ULONG */
RSA_PUBLIC_EXPONENT = (5 << 28) /* TagType:ULONG */ | 200,
// Tag 201 reserved
@ -185,7 +185,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
INCLUDE_UNIQUE_ID = (7 << 28) | 202, /* TagType:BOOL */
INCLUDE_UNIQUE_ID = (7 << 28) /* TagType:BOOL */ | 202,
/**
* TODO(seleneh) this tag needs to be deleted from all codes.
@ -202,7 +202,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
BLOB_USAGE_REQUIREMENTS = (1 << 28) | 301, /* TagType:ENUM */
BLOB_USAGE_REQUIREMENTS = (1 << 28) /* TagType:ENUM */ | 301,
/**
* Tag::BOOTLOADER_ONLY specifies only the bootloader can use the key.
@ -212,7 +212,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
BOOTLOADER_ONLY = (7 << 28) | 302, /* TagType:BOOL */
BOOTLOADER_ONLY = (7 << 28) /* TagType:BOOL */ | 302,
/**
* Tag::ROLLBACK_RESISTANCE specifies that the key has rollback resistance, meaning that when
@ -227,16 +227,16 @@ enum Tag {
*
* Must be hardwared-enforced.
*/
ROLLBACK_RESISTANCE = (7 << 28) | 303, /* TagType:BOOL */
ROLLBACK_RESISTANCE = (7 << 28) /* TagType:BOOL */ | 303,
// Reserved for future use.
HARDWARE_TYPE = (1 << 28) | 304, /* TagType:ENUM */
HARDWARE_TYPE = (1 << 28) /* TagType:ENUM */ | 304,
/**
* Keys tagged with EARLY_BOOT_ONLY may only be used, or created, during early boot, until
* IKeyMintDevice::earlyBootEnded() is called.
*/
EARLY_BOOT_ONLY = (7 << 28) | 305, /* TagType:BOOL */
EARLY_BOOT_ONLY = (7 << 28) /* TagType:BOOL */ | 305,
/**
* Tag::ACTIVE_DATETIME specifies the date and time at which the key becomes active, in
@ -245,8 +245,7 @@ enum Tag {
*
* Need not be hardware-enforced.
*/
ACTIVE_DATETIME = (6 << 28) | 400,
/* Start of validity. */ /* TagType:DATE */
ACTIVE_DATETIME = (6 << 28) /* TagType:DATE */ | 400,
/**
* Tag::ORIGINATION_EXPIRE_DATETIME specifies the date and time at which the key expires for
@ -258,7 +257,7 @@ enum Tag {
*
* Need not be hardware-enforced.
*/
ORIGINATION_EXPIRE_DATETIME = (6 << 28) | 401, /* TagType:DATE */
ORIGINATION_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 401,
/**
* Tag::USAGE_EXPIRE_DATETIME specifies the date and time at which the key expires for
@ -270,7 +269,7 @@ enum Tag {
*
* Need not be hardware-enforced.
*/
USAGE_EXPIRE_DATETIME = (6 << 28) | 402, /* TagType:DATE */
USAGE_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 402,
/**
* TODO(seleneh) this tag need to be deleted.
@ -295,7 +294,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
MIN_SECONDS_BETWEEN_OPS = (3 << 28) | 403, /* TagType:UINT */
MIN_SECONDS_BETWEEN_OPS = (3 << 28) /* TagType:UINT */ | 403,
/**
* Tag::MAX_USES_PER_BOOT specifies the maximum number of times that a key may be used between
@ -315,14 +314,14 @@ enum Tag {
*
* Must be hardware-enforced.
*/
MAX_USES_PER_BOOT = (3 << 28) | 404, /* TagType:UINT */
MAX_USES_PER_BOOT = (3 << 28) /* TagType:UINT */ | 404,
/**
* Tag::USER_ID specifies the ID of the Android user that is permitted to use the key.
*
* Must not be hardware-enforced.
*/
USER_ID = (3 << 28) | 501, /* TagType:UINT */
USER_ID = (3 << 28) /* TagType:UINT */ | 501,
/**
* Tag::USER_SECURE_ID specifies that a key may only be used under a particular secure user
@ -355,7 +354,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
USER_SECURE_ID = (10 << 28) | 502, /* TagType:ULONG_REP */
USER_SECURE_ID = (10 << 28) /* TagType:ULONG_REP */ | 502,
/**
* Tag::NO_AUTH_REQUIRED specifies that no authentication is required to use this key. This tag
@ -363,7 +362,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
NO_AUTH_REQUIRED = (7 << 28) | 503, /* TagType:BOOL */
NO_AUTH_REQUIRED = (7 << 28) /* TagType:BOOL */ | 503,
/**
* Tag::USER_AUTH_TYPE specifies the types of user authenticators that may be used to authorize
@ -382,7 +381,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
USER_AUTH_TYPE = (1 << 28) | 504, /* TagType:ENUM */
USER_AUTH_TYPE = (1 << 28) /* TagType:ENUM */ | 504,
/**
* Tag::AUTH_TIMEOUT specifies the time in seconds for which the key is authorized for use,
@ -396,7 +395,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
AUTH_TIMEOUT = (3 << 28) | 505, /* TagType:UINT */
AUTH_TIMEOUT = (3 << 28) /* TagType:UINT */ | 505,
/**
* Tag::ALLOW_WHILE_ON_BODY specifies that the key may be used after authentication timeout if
@ -404,7 +403,7 @@ enum Tag {
*
* Cannot be hardware-enforced.
*/
ALLOW_WHILE_ON_BODY = (7 << 28) | 506, /* TagType:BOOL */
ALLOW_WHILE_ON_BODY = (7 << 28) /* TagType:BOOL */ | 506,
/**
* TRUSTED_USER_PRESENCE_REQUIRED is an optional feature that specifies that this key must be
@ -451,7 +450,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) | 507, /* TagType:BOOL */
TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 507,
/** Tag::TRUSTED_CONFIRMATION_REQUIRED is only applicable to keys with KeyPurpose SIGN, and
* specifies that this key must not be usable unless the user provides confirmation of the data
@ -464,7 +463,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) | 508, /* TagType:BOOL */
TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) /* TagType:BOOL */ | 508,
/**
* Tag::UNLOCKED_DEVICE_REQUIRED specifies that the key may only be used when the device is
@ -472,7 +471,7 @@ enum Tag {
*
* Must be software-enforced.
*/
UNLOCKED_DEVICE_REQUIRED = (7 << 28) | 509, /* TagType:BOOL */
UNLOCKED_DEVICE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 509,
/**
* Tag::APPLICATION_ID. When provided to generateKey or importKey, this tag specifies data
@ -488,7 +487,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
APPLICATION_ID = (9 << 28) | 601, /* TagType:BYTES */
APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 601,
/*
* Semantically unenforceable tags, either because they have no specific meaning or because
@ -509,7 +508,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
APPLICATION_DATA = (9 << 28) | 700, /* TagType:BYTES */
APPLICATION_DATA = (9 << 28) /* TagType:BYTES */ | 700,
/**
* Tag::CREATION_DATETIME specifies the date and time the key was created, in milliseconds since
@ -518,7 +517,7 @@ enum Tag {
* Tag::CREATED is informational only, and not enforced by anything. Must be in the
* software-enforced list, if provided.
*/
CREATION_DATETIME = (6 << 28) | 701, /* TagType:DATE */
CREATION_DATETIME = (6 << 28) /* TagType:DATE */ | 701,
/**
* Tag::ORIGIN specifies where the key was created, if known. This tag must not be specified
@ -527,7 +526,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
ORIGIN = (1 << 28) | 702, /* TagType:ENUM */
ORIGIN = (1 << 28) /* TagType:ENUM */ | 702,
// 703 is unused.
@ -539,7 +538,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ROOT_OF_TRUST = (9 << 28) | 704, /* TagType:BYTES */
ROOT_OF_TRUST = (9 << 28) /* TagType:BYTES */ | 704,
/**
* Tag::OS_VERSION specifies the system OS version with which the key may be used. This tag is
@ -562,7 +561,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
OS_VERSION = (3 << 28) | 705, /* TagType:UINT */
OS_VERSION = (3 << 28) /* TagType:UINT */ | 705,
/**
* Tag::OS_PATCHLEVEL specifies the system security patch level with which the key may be used.
@ -583,7 +582,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
OS_PATCHLEVEL = (3 << 28) | 706, /* TagType:UINT */
OS_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 706,
/**
* Tag::UNIQUE_ID specifies a unique, time-based identifier. This tag is never provided to or
@ -617,7 +616,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
UNIQUE_ID = (9 << 28) | 707, /* TagType:BYTES */
UNIQUE_ID = (9 << 28) /* TagType:BYTES */ | 707,
/**
* Tag::ATTESTATION_CHALLENGE is used to deliver a "challenge" value to the attestKey() method,
@ -626,7 +625,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_CHALLENGE = (9 << 28) | 708, /* TagType:BYTES */
ATTESTATION_CHALLENGE = (9 << 28) /* TagType:BYTES */ | 708,
/**
* Tag::ATTESTATION_APPLICATION_ID identifies the set of applications which may use a key, used
@ -652,7 +651,7 @@ enum Tag {
*
* Cannot be hardware-enforced.
*/
ATTESTATION_APPLICATION_ID = (9 << 28) | 709, /* TagType:BYTES */
ATTESTATION_APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 709,
/**
* Tag::ATTESTATION_ID_BRAND provides the device's brand name, as returned by Build.BRAND in
@ -665,7 +664,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_BRAND = (9 << 28) | 710, /* TagType:BYTES */
ATTESTATION_ID_BRAND = (9 << 28) /* TagType:BYTES */ | 710,
/**
* Tag::ATTESTATION_ID_DEVICE provides the device's device name, as returned by Build.DEVICE in
@ -678,7 +677,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_DEVICE = (9 << 28) | 711, /* TagType:BYTES */
ATTESTATION_ID_DEVICE = (9 << 28) /* TagType:BYTES */ | 711,
/**
* Tag::ATTESTATION_ID_PRODUCT provides the device's product name, as returned by Build.PRODUCT
@ -691,7 +690,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_PRODUCT = (9 << 28) | 712, /* TagType:BYTES */
ATTESTATION_ID_PRODUCT = (9 << 28) /* TagType:BYTES */ | 712,
/**
* Tag::ATTESTATION_ID_SERIAL the device's serial number. This field must be set only when
@ -703,7 +702,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_SERIAL = (9 << 28) | 713, /* TagType:BYTES */
ATTESTATION_ID_SERIAL = (9 << 28) /* TagType:BYTES */ | 713,
/**
* Tag::ATTESTATION_ID_IMEI provides the IMEIs for all radios on the device to attestKey().
@ -715,7 +714,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_IMEI = (9 << 28) | 714, /* TagType:BYTES */
ATTESTATION_ID_IMEI = (9 << 28) /* TagType:BYTES */ | 714,
/**
* Tag::ATTESTATION_ID_MEID provides the MEIDs for all radios on the device to attestKey().
@ -727,7 +726,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_MEID = (9 << 28) | 715, /* TagType:BYTES */
ATTESTATION_ID_MEID = (9 << 28) /* TagType:BYTES */ | 715,
/**
* Tag::ATTESTATION_ID_MANUFACTURER provides the device's manufacturer name, as returned by
@ -740,7 +739,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_MANUFACTURER = (9 << 28) | 716, /* TagType:BYTES */
ATTESTATION_ID_MANUFACTURER = (9 << 28) /* TagType:BYTES */ | 716,
/**
* Tag::ATTESTATION_ID_MODEL provides the device's model name, as returned by Build.MODEL in
@ -753,7 +752,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
ATTESTATION_ID_MODEL = (9 << 28) | 717, /* TagType:BYTES */
ATTESTATION_ID_MODEL = (9 << 28) /* TagType:BYTES */ | 717,
/**
* Tag::VENDOR_PATCHLEVEL specifies the vendor image security patch level with which the key may
@ -775,7 +774,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
VENDOR_PATCHLEVEL = (3 << 28) | 718, /* TagType:UINT */
VENDOR_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 718,
/**
* Tag::BOOT_PATCHLEVEL specifies the boot image (kernel) security patch level with which the
@ -795,7 +794,7 @@ enum Tag {
*
* Must be hardware-enforced.
*/
BOOT_PATCHLEVEL = (3 << 28) | 719, /* TagType:UINT */
BOOT_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 719,
/**
* DEVICE_UNIQUE_ATTESTATION is an argument to IKeyMintDevice::attestKey(). It indicates that
@ -811,7 +810,7 @@ enum Tag {
* IKeyMintDevice implementations that support device-unique attestation MUST add the
* DEVICE_UNIQUE_ATTESTATION tag to device-unique attestations.
*/
DEVICE_UNIQUE_ATTESTATION = (7 << 28) | 720, /* TagType:BOOL */
DEVICE_UNIQUE_ATTESTATION = (7 << 28) /* TagType:BOOL */ | 720,
/**
* IDENTITY_CREDENTIAL_KEY is never used by IKeyMintDevice, is not a valid argument to key
@ -819,7 +818,7 @@ enum Tag {
* attestation. It is used in attestations produced by the IIdentityCredential HAL when that
* HAL attests to Credential Keys. IIdentityCredential produces KeyMint-style attestations.
*/
IDENTITY_CREDENTIAL_KEY = (7 << 28) | 721, /* TagType:BOOL */
IDENTITY_CREDENTIAL_KEY = (7 << 28) /* TagType:BOOL */ | 721,
/**
* To prevent keys from being compromised if an attacker acquires read access to system / kernel
@ -836,7 +835,7 @@ enum Tag {
* ErrorCode::INVALID_OPERATION is returned when a key with Tag::STORAGE_KEY is provided to
* begin().
*/
STORAGE_KEY = (7 << 28) | 722, /* TagType:BOOL */
STORAGE_KEY = (7 << 28) /* TagType:BOOL */ | 722,
/**
* Tag::ASSOCIATED_DATA Provides "associated data" for AES-GCM encryption or decryption. This
@ -845,7 +844,7 @@ enum Tag {
*
* Must never appear KeyCharacteristics.
*/
ASSOCIATED_DATA = (9 << 28) | 1000, /* TagType:BYTES */
ASSOCIATED_DATA = (9 << 28) /* TagType:BYTES */ | 1000,
/**
* Tag::NONCE is used to provide or return a nonce or Initialization Vector (IV) for AES-GCM,
@ -860,7 +859,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
NONCE = (9 << 28) | 1001, /* TagType:BYTES */
NONCE = (9 << 28) /* TagType:BYTES */ | 1001,
/**
* Tag::MAC_LENGTH provides the requested length of a MAC or GCM authentication tag, in bits.
@ -871,7 +870,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
MAC_LENGTH = (3 << 28) | 1003, /* TagType:UINT */
MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 1003,
/**
* Tag::RESET_SINCE_ID_ROTATION specifies whether the device has been factory reset since the
@ -879,7 +878,7 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
RESET_SINCE_ID_ROTATION = (7 << 28) | 1004, /* TagType:BOOL */
RESET_SINCE_ID_ROTATION = (7 << 28) /* TagType:BOOL */ | 1004,
/**
* Tag::CONFIRMATION_TOKEN is used to deliver a cryptographic token proving that the user
@ -888,5 +887,5 @@ enum Tag {
*
* Must never appear in KeyCharacteristics.
*/
CONFIRMATION_TOKEN = (9 << 28) | 1005, /* TagType:BYTES */
CONFIRMATION_TOKEN = (9 << 28) /* TagType:BYTES */ | 1005,
}