1 /*
2  * Copyright (C) 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef ANDROID_HARDWARE_KEYMASTER_DEFS_H
18 #define ANDROID_HARDWARE_KEYMASTER_DEFS_H
19 
20 #include <stdint.h>
21 #include <stdlib.h>
22 #include <string.h>
23 
24 #ifdef __cplusplus
25 extern "C" {
26 #endif  // __cplusplus
27 
28 /**
29  * Authorization tags each have an associated type.  This enumeration facilitates tagging each with
30  * a type, by using the high four bits (of an implied 32-bit unsigned enum value) to specify up to
31  * 16 data types.  These values are ORed with tag IDs to generate the final tag ID values.
32  */
33 typedef enum {
34     KM_INVALID = 0 << 28, /* Invalid type, used to designate a tag as uninitialized */
35     KM_ENUM = 1 << 28,
36     KM_ENUM_REP = 2 << 28, /* Repeatable enumeration value. */
37     KM_UINT = 3 << 28,
38     KM_UINT_REP = 4 << 28, /* Repeatable integer value */
39     KM_ULONG = 5 << 28,
40     KM_DATE = 6 << 28,
41     KM_BOOL = 7 << 28,
42     KM_BIGNUM = 8 << 28,
43     KM_BYTES = 9 << 28,
44     KM_ULONG_REP = 10 << 28, /* Repeatable long value */
45 } keymaster_tag_type_t;
46 
47 typedef enum {
48     KM_TAG_INVALID = KM_INVALID | 0,
49 
50     /*
51      * Tags that must be semantically enforced by hardware and software implementations.
52      */
53 
54     /* Crypto parameters */
55     KM_TAG_PURPOSE = KM_ENUM_REP | 1,    /* keymaster_purpose_t. */
56     KM_TAG_ALGORITHM = KM_ENUM | 2,      /* keymaster_algorithm_t. */
57     KM_TAG_KEY_SIZE = KM_UINT | 3,       /* Key size in bits. */
58     KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4, /* keymaster_block_mode_t. */
59     KM_TAG_DIGEST = KM_ENUM_REP | 5,     /* keymaster_digest_t. */
60     KM_TAG_PADDING = KM_ENUM_REP | 6,    /* keymaster_padding_t. */
61     KM_TAG_CALLER_NONCE = KM_BOOL | 7,   /* Allow caller to specify nonce or IV. */
62     KM_TAG_MIN_MAC_LENGTH = KM_UINT | 8, /* Minimum length of MAC or AEAD authentication tag in
63                                           * bits. */
64     KM_TAG_KDF = KM_ENUM_REP | 9,        /* keymaster_kdf_t (keymaster2) */
65     KM_TAG_EC_CURVE = KM_ENUM | 10,      /* keymaster_ec_curve_t (keymaster2) */
66 
67     /* Algorithm-specific. */
68     KM_TAG_RSA_PUBLIC_EXPONENT = KM_ULONG | 200,
69     KM_TAG_ECIES_SINGLE_HASH_MODE = KM_BOOL | 201, /* Whether the ephemeral public key is fed into
70                                                     * the KDF */
71     KM_TAG_INCLUDE_UNIQUE_ID = KM_BOOL | 202,      /* If true, attestation certificates for this key
72                                                     * will contain an application-scoped and
73                                                     * time-bounded device-unique ID. (keymaster2) */
74     KM_TAG_RSA_OAEP_MGF_DIGEST = KM_ENUM_REP | 203, /* keymaster_digest_t. */
75 
76     /* Other hardware-enforced. */
77     KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 301, /* keymaster_key_blob_usage_requirements_t */
78     KM_TAG_BOOTLOADER_ONLY = KM_BOOL | 302,         /* Usable only by bootloader */
79     KM_TAG_ROLLBACK_RESISTANCE = KM_BOOL | 303,     /* Hardware enforced deletion with deleteKey
80                                                      * or deleteAllKeys is supported */
81     KM_TAG_EARLY_BOOT_ONLY = KM_BOOL | 305,         /* Key can only be used during early boot. */
82 
83     /*
84      * Tags that should be semantically enforced by hardware if possible and will otherwise be
85      * enforced by software (keystore).
86      */
87 
88     /* Key validity period */
89     KM_TAG_ACTIVE_DATETIME = KM_DATE | 400,             /* Start of validity */
90     KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401, /* Date when new "messages" should no
91                                                            longer be created. */
92     KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402,       /* Date when existing "messages" should no
93                                                            longer be trusted. */
94     KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_UINT | 403,     /* Minimum elapsed time between
95                                                            cryptographic operations with the key. */
96     KM_TAG_MAX_USES_PER_BOOT = KM_UINT | 404,           /* Number of times the key can be used per
97                                                            boot. */
98     KM_TAG_USAGE_COUNT_LIMIT = KM_UINT | 405,           /* Number of cryptographic operations left
99                                                            with the key.*/
100 
101     /* User authentication */
102     KM_TAG_ALL_USERS = KM_BOOL | 500,           /* Reserved for future use -- ignore */
103     KM_TAG_USER_ID = KM_UINT | 501,             /* Reserved for future use -- ignore */
104     KM_TAG_USER_SECURE_ID = KM_ULONG_REP | 502, /* Secure ID of authorized user or authenticator(s).
105                                                    Disallowed if KM_TAG_ALL_USERS or
106                                                    KM_TAG_NO_AUTH_REQUIRED is present. */
107     KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503,    /* If key is usable without authentication. */
108     KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504,      /* Bitmask of authenticator types allowed when
109                                                  * KM_TAG_USER_SECURE_ID contains a secure user ID,
110                                                  * rather than a secure authenticator ID.  Defined in
111                                                  * hw_authenticator_type_t in hw_auth_token.h. */
112     KM_TAG_AUTH_TIMEOUT = KM_UINT | 505,        /* Required freshness of user authentication for
113                                                    private/secret key operations, in seconds.
114                                                    Public key operations require no authentication.
115                                                    If absent, authentication is required for every
116                                                    use.  Authentication state is lost when the
117                                                    device is powered off. */
118     KM_TAG_ALLOW_WHILE_ON_BODY = KM_BOOL | 506, /* Allow key to be used after authentication timeout
119                                                  * if device is still on-body (requires secure
120                                                  * on-body sensor. */
121     KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED = KM_BOOL | 507,/* Require test of user presence
122                                                            * to use this key. */
123     KM_TAG_TRUSTED_CONFIRMATION_REQUIRED = KM_BOOL | 508, /* Require user confirmation through a
124                                                            * trusted UI to use this key. */
125     KM_TAG_UNLOCKED_DEVICE_REQUIRED = KM_BOOL | 509, /* Require the device screen to be unlocked if the
126                                                       * key is used. */
127 
128     /* Application access control */
129     KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* Specified to indicate key is usable by all
130                                               * applications. */
131     KM_TAG_APPLICATION_ID = KM_BYTES | 601,  /* Byte string identifying the authorized
132                                               * application. */
133     KM_TAG_EXPORTABLE = KM_BOOL | 602,       /* If true, private/secret key can be exported, but
134                                               * only if all access control requirements for use are
135                                               * met. (keymaster2) */
136 
137     /*
138      * Semantically unenforceable tags, either because they have no specific meaning or because
139      * they're informational only.
140      */
141     KM_TAG_APPLICATION_DATA = KM_BYTES | 700,      /* Data provided by authorized application. */
142     KM_TAG_CREATION_DATETIME = KM_DATE | 701,      /* Key creation time */
143     KM_TAG_ORIGIN = KM_ENUM | 702,                 /* keymaster_key_origin_t. */
144     KM_TAG_ROLLBACK_RESISTANT = KM_BOOL | 703,     /* Whether key is rollback-resistant. */
145     KM_TAG_ROOT_OF_TRUST = KM_BYTES | 704,         /* Root of trust ID. */
146     KM_TAG_OS_VERSION = KM_UINT | 705,             /* Version of system (keymaster2) */
147     KM_TAG_OS_PATCHLEVEL = KM_UINT | 706,          /* Patch level of system (keymaster2) */
148     KM_TAG_UNIQUE_ID = KM_BYTES | 707,             /* Used to provide unique ID in attestation */
149     KM_TAG_ATTESTATION_CHALLENGE = KM_BYTES | 708, /* Used to provide challenge in attestation */
150     KM_TAG_ATTESTATION_APPLICATION_ID = KM_BYTES | 709, /* Used to identify the set of possible
151                                                          * applications of which one has initiated
152                                                          * a key attestation */
153     KM_TAG_ATTESTATION_ID_BRAND = KM_BYTES | 710,  /* Used to provide the device's brand name to be
154                                                       included in attestation */
155     KM_TAG_ATTESTATION_ID_DEVICE = KM_BYTES | 711, /* Used to provide the device's device name to be
156                                                       included in attestation */
157     KM_TAG_ATTESTATION_ID_PRODUCT = KM_BYTES | 712, /* Used to provide the device's product name to
158                                                        be included in attestation */
159     KM_TAG_ATTESTATION_ID_SERIAL = KM_BYTES | 713, /* Used to provide the device's serial number to
160                                                       be included in attestation */
161     KM_TAG_ATTESTATION_ID_IMEI = KM_BYTES | 714,   /* Used to provide the device's IMEI to be
162                                                       included in attestation */
163     KM_TAG_ATTESTATION_ID_MEID = KM_BYTES | 715,   /* Used to provide the device's MEID to be
164                                                       included in attestation */
165     KM_TAG_ATTESTATION_ID_MANUFACTURER = KM_BYTES | 716, /* Used to provide the device's
166                                                             manufacturer name to be included in
167                                                             attestation */
168     KM_TAG_ATTESTATION_ID_MODEL = KM_BYTES | 717,  /* Used to provide the device's model name to be
169                                                       included in attestation */
170     KM_TAG_VENDOR_PATCHLEVEL =  KM_UINT | 718,     /* specifies the vendor image security patch
171                                                       level with which the key may be used */
172     KM_TAG_BOOT_PATCHLEVEL =  KM_UINT | 719,       /* specifies the boot image (kernel) security
173                                                       patch level with which the key may be used */
174     KM_TAG_DEVICE_UNIQUE_ATTESTATION = KM_BOOL | 720,  /* Indicates StrongBox device-unique
175                                                           attestation is requested. */
176     KM_TAG_IDENTITY_CREDENTIAL_KEY = KM_BOOL | 721, /* This is an identity credential key */
177     KM_TAG_STORAGE_KEY = KM_BOOL | 722,             /* storage encryption key */
178 
179     /* Tags used only to provide data to or receive data from operations */
180     KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000, /* Used to provide associated data for AEAD modes. */
181     KM_TAG_NONCE = KM_BYTES | 1001,           /* Nonce or Initialization Vector */
182     KM_TAG_AUTH_TOKEN = KM_BYTES | 1002,      /* Authentication token that proves secure user
183                                                  authentication has been performed.  Structure
184                                                  defined in hw_auth_token_t in hw_auth_token.h. */
185     KM_TAG_MAC_LENGTH = KM_UINT | 1003,       /* MAC or AEAD authentication tag length in
186                                                * bits. */
187 
188     KM_TAG_RESET_SINCE_ID_ROTATION = KM_BOOL | 1004, /* Whether the device has beeen factory reset
189                                                         since the last unique ID rotation.  Used
190                                                         for key attestation. */
191 
192     KM_TAG_CONFIRMATION_TOKEN = KM_BYTES | 1005,     /* used to deliver a cryptographic token
193                                                         proving that the user confirmed a signing
194                                                         request. */
195 
196     KM_TAG_CERTIFICATE_SERIAL = KM_BIGNUM | 1006,      /* The serial number that should be
197                                                         set in the attestation certificate
198                                                         to be generated. */
199 
200     KM_TAG_CERTIFICATE_SUBJECT = KM_BYTES | 1007,    /* A DER-encoded X.500 subject that should be
201                                                         set in the attestation certificate
202                                                         to be generated. */
203 
204     KM_TAG_CERTIFICATE_NOT_BEFORE = KM_DATE | 1008,  /* Epoch time in milliseconds of the start of
205                                                         the to be generated certificate's validity.
206                                                         The value should interpreted as too's
207                                                         complement signed integer. Negative values
208                                                         indicate dates before Jan 1970 */
209 
210     KM_TAG_CERTIFICATE_NOT_AFTER = KM_DATE | 1009,  /*  Epoch time in milliseconds of the end of
211                                                         the to be generated certificate's validity.
212                                                         The value should interpreted as too's
213                                                         complement signed integer. Negative values
214                                                         indicate dates before Jan 1970 */
215     KM_TAG_MAX_BOOT_LEVEL = KM_UINT | 1010, /* Specifies a maximum boot level at which a key
216                                                should function. */
217 } keymaster_tag_t;
218 
219 /**
220  * Algorithms that may be provided by keymaster implementations.  Those that must be provided by all
221  * implementations are tagged as "required".
222  */
223 typedef enum {
224     /* Asymmetric algorithms. */
225     KM_ALGORITHM_RSA = 1,
226     // KM_ALGORITHM_DSA = 2, -- Removed, do not re-use value 2.
227     KM_ALGORITHM_EC = 3,
228 
229     /* Block ciphers algorithms */
230     KM_ALGORITHM_AES = 32,
231     KM_ALGORITHM_TRIPLE_DES = 33,
232 
233     /* MAC algorithms */
234     KM_ALGORITHM_HMAC = 128,
235 } keymaster_algorithm_t;
236 
237 /**
238  * Symmetric block cipher modes provided by keymaster implementations.
239  */
240 typedef enum {
241     /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended
242      * except for compatibility with existing other protocols. */
243     KM_MODE_ECB = 1,
244     KM_MODE_CBC = 2,
245     KM_MODE_CTR = 3,
246 
247     /* Authenticated modes, usable for encryption/decryption and signing/verification.  Recommended
248      * over unauthenticated modes for all purposes. */
249     KM_MODE_GCM = 32,
250 } keymaster_block_mode_t;
251 
252 /**
253  * Padding modes that may be applied to plaintext for encryption operations.  This list includes
254  * padding modes for both symmetric and asymmetric algorithms.  Note that implementations should not
255  * provide all possible combinations of algorithm and padding, only the
256  * cryptographically-appropriate pairs.
257  */
258 typedef enum {
259     KM_PAD_NONE = 1, /* deprecated */
260     KM_PAD_RSA_OAEP = 2,
261     KM_PAD_RSA_PSS = 3,
262     KM_PAD_RSA_PKCS1_1_5_ENCRYPT = 4,
263     KM_PAD_RSA_PKCS1_1_5_SIGN = 5,
264     KM_PAD_PKCS7 = 64,
265 } keymaster_padding_t;
266 
267 /**
268  * Digests provided by keymaster implementations.
269  */
270 typedef enum {
271     KM_DIGEST_NONE = 0,
272     KM_DIGEST_MD5 = 1, /* Optional, may not be implemented in hardware, will be handled in software
273                         * if needed. */
274     KM_DIGEST_SHA1 = 2,
275     KM_DIGEST_SHA_2_224 = 3,
276     KM_DIGEST_SHA_2_256 = 4,
277     KM_DIGEST_SHA_2_384 = 5,
278     KM_DIGEST_SHA_2_512 = 6,
279 } keymaster_digest_t;
280 
281 /*
282  * Key derivation functions, mostly used in ECIES.
283  */
284 typedef enum {
285     /* Do not apply a key derivation function; use the raw agreed key */
286     KM_KDF_NONE = 0,
287     /* HKDF defined in RFC 5869 with SHA256 */
288     KM_KDF_RFC5869_SHA256 = 1,
289     /* KDF1 defined in ISO 18033-2 with SHA1 */
290     KM_KDF_ISO18033_2_KDF1_SHA1 = 2,
291     /* KDF1 defined in ISO 18033-2 with SHA256 */
292     KM_KDF_ISO18033_2_KDF1_SHA256 = 3,
293     /* KDF2 defined in ISO 18033-2 with SHA1 */
294     KM_KDF_ISO18033_2_KDF2_SHA1 = 4,
295     /* KDF2 defined in ISO 18033-2 with SHA256 */
296     KM_KDF_ISO18033_2_KDF2_SHA256 = 5,
297 } keymaster_kdf_t;
298 
299 /**
300  * Supported EC curves, used in ECDSA/ECIES.
301  */
302 typedef enum {
303     KM_EC_CURVE_P_224 = 0,
304     KM_EC_CURVE_P_256 = 1,
305     KM_EC_CURVE_P_384 = 2,
306     KM_EC_CURVE_P_521 = 3,
307 } keymaster_ec_curve_t;
308 
309 /**
310  * The origin of a key (or pair), i.e. where it was generated.  Note that KM_TAG_ORIGIN can be found
311  * in either the hardware-enforced or software-enforced list for a key, indicating whether the key
312  * is hardware or software-based.  Specifically, a key with KM_ORIGIN_GENERATED in the
313  * hardware-enforced list is guaranteed never to have existed outide the secure hardware.
314  */
315 typedef enum {
316     KM_ORIGIN_GENERATED = 0, /* Generated in keymaster.  Should not exist outside the TEE. */
317     KM_ORIGIN_DERIVED = 1,   /* Derived inside keymaster.  Likely exists off-device. */
318     KM_ORIGIN_IMPORTED = 2,  /* Imported into keymaster.  Existed as cleartext in Android. */
319     KM_ORIGIN_UNKNOWN = 3,   /* Keymaster did not record origin.  This value can only be seen on
320                               * keys in a keymaster0 implementation.  The keymaster0 adapter uses
321                               * this value to document the fact that it is unkown whether the key
322                               * was generated inside or imported into keymaster. */
323 } keymaster_key_origin_t;
324 
325 /**
326  * Usability requirements of key blobs.  This defines what system functionality must be available
327  * for the key to function.  For example, key "blobs" which are actually handles referencing
328  * encrypted key material stored in the file system cannot be used until the file system is
329  * available, and should have BLOB_REQUIRES_FILE_SYSTEM.  Other requirements entries will be added
330  * as needed for implementations.
331  */
332 typedef enum {
333     KM_BLOB_STANDALONE = 0,
334     KM_BLOB_REQUIRES_FILE_SYSTEM = 1,
335 } keymaster_key_blob_usage_requirements_t;
336 
337 /**
338  * Possible purposes of a key (or pair).
339  */
340 typedef enum {
341     KM_PURPOSE_ENCRYPT = 0,    /* Usable with RSA, EC and AES keys. */
342     KM_PURPOSE_DECRYPT = 1,    /* Usable with RSA, EC and AES keys. */
343     KM_PURPOSE_SIGN = 2,       /* Usable with RSA, EC and HMAC keys. */
344     KM_PURPOSE_VERIFY = 3,     /* Usable with RSA, EC and HMAC keys. */
345     KM_PURPOSE_DERIVE_KEY = 4, /* Usable with EC keys. */
346     KM_PURPOSE_WRAP = 5,       /* Usable with wrapped keys. */
347     KM_PURPOSE_AGREE_KEY = 6,  /* Usable with EC keys. */
348     KM_PURPOSE_ATTEST_KEY = 7  /* Usabe with RSA and EC keys */
349 } keymaster_purpose_t;
350 
351 typedef struct {
352     const uint8_t* data;
353     size_t data_length;
354 } keymaster_blob_t;
355 
356 typedef struct {
357     keymaster_tag_t tag;
358     union {
359         uint32_t enumerated;   /* KM_ENUM and KM_ENUM_REP */
360         bool boolean;          /* KM_BOOL */
361         uint32_t integer;      /* KM_INT and KM_INT_REP */
362         uint64_t long_integer; /* KM_LONG */
363         uint64_t date_time;    /* KM_DATE */
364         keymaster_blob_t blob; /* KM_BIGNUM and KM_BYTES*/
365     };
366 } keymaster_key_param_t;
367 
368 typedef struct {
369     keymaster_key_param_t* params; /* may be NULL if length == 0 */
370     size_t length;
371 } keymaster_key_param_set_t;
372 
373 /**
374  * Parameters that define a key's characteristics, including authorized modes of usage and access
375  * control restrictions.  The parameters are divided into two categories, those that are enforced by
376  * secure hardware, and those that are not.  For a software-only keymaster implementation the
377  * enforced array must NULL.  Hardware implementations must enforce everything in the enforced
378  * array.
379  */
380 typedef struct {
381     keymaster_key_param_set_t hw_enforced;
382     keymaster_key_param_set_t sw_enforced;
383 } keymaster_key_characteristics_t;
384 
385 typedef struct {
386     const uint8_t* key_material;
387     size_t key_material_size;
388 } keymaster_key_blob_t;
389 
390 typedef struct {
391     keymaster_blob_t* entries;
392     size_t entry_count;
393 } keymaster_cert_chain_t;
394 
395 typedef enum {
396     KM_VERIFIED_BOOT_VERIFIED = 0,    /* Full chain of trust extending from the bootloader to
397                                        * verified partitions, including the bootloader, boot
398                                        * partition, and all verified partitions*/
399     KM_VERIFIED_BOOT_SELF_SIGNED = 1, /* The boot partition has been verified using the embedded
400                                        * certificate, and the signature is valid. The bootloader
401                                        * displays a warning and the fingerprint of the public
402                                        * key before allowing the boot process to continue.*/
403     KM_VERIFIED_BOOT_UNVERIFIED = 2,  /* The device may be freely modified. Device integrity is left
404                                        * to the user to verify out-of-band. The bootloader
405                                        * displays a warning to the user before allowing the boot
406                                        * process to continue */
407     KM_VERIFIED_BOOT_FAILED = 3,      /* The device failed verification. The bootloader displays a
408                                        * warning and stops the boot process, so no keymaster
409                                        * implementation should ever actually return this value,
410                                        * since it should not run.  Included here only for
411                                        * completeness. */
412 } keymaster_verified_boot_t;
413 
414 typedef enum {
415     KM_SECURITY_LEVEL_SOFTWARE = 0,
416     KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 1,
417     KM_SECURITY_LEVEL_STRONGBOX = 2,
418 } keymaster_security_level_t;
419 
420 /**
421  * Formats for key import and export.
422  */
423 typedef enum {
424     KM_KEY_FORMAT_X509 = 0,  /* for public key export */
425     KM_KEY_FORMAT_PKCS8 = 1, /* for asymmetric key pair import */
426     KM_KEY_FORMAT_RAW = 3,   /* for symmetric key import and export*/
427 } keymaster_key_format_t;
428 
429 /**
430  * The keymaster operation API consists of begin, update, finish and abort. This is the type of the
431  * handle used to tie the sequence of calls together.  A 64-bit value is used because it's important
432  * that handles not be predictable.  Implementations must use strong random numbers for handle
433  * values.
434  */
435 typedef uint64_t keymaster_operation_handle_t;
436 
437 typedef enum {
438     KM_ERROR_OK = 0,
439     KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = -1,
440     KM_ERROR_UNSUPPORTED_PURPOSE = -2,
441     KM_ERROR_INCOMPATIBLE_PURPOSE = -3,
442     KM_ERROR_UNSUPPORTED_ALGORITHM = -4,
443     KM_ERROR_INCOMPATIBLE_ALGORITHM = -5,
444     KM_ERROR_UNSUPPORTED_KEY_SIZE = -6,
445     KM_ERROR_UNSUPPORTED_BLOCK_MODE = -7,
446     KM_ERROR_INCOMPATIBLE_BLOCK_MODE = -8,
447     KM_ERROR_UNSUPPORTED_MAC_LENGTH = -9,
448     KM_ERROR_UNSUPPORTED_PADDING_MODE = -10,
449     KM_ERROR_INCOMPATIBLE_PADDING_MODE = -11,
450     KM_ERROR_UNSUPPORTED_DIGEST = -12,
451     KM_ERROR_INCOMPATIBLE_DIGEST = -13,
452     KM_ERROR_INVALID_EXPIRATION_TIME = -14,
453     KM_ERROR_INVALID_USER_ID = -15,
454     KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = -16,
455     KM_ERROR_UNSUPPORTED_KEY_FORMAT = -17,
456     KM_ERROR_INCOMPATIBLE_KEY_FORMAT = -18,
457     KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = -19,   /* For PKCS8 & PKCS12 */
458     KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = -20, /* For PKCS8 & PKCS12 */
459     KM_ERROR_INVALID_INPUT_LENGTH = -21,
460     KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = -22,
461     KM_ERROR_DELEGATION_NOT_ALLOWED = -23,
462     KM_ERROR_KEY_NOT_YET_VALID = -24,
463     KM_ERROR_KEY_EXPIRED = -25,
464     KM_ERROR_KEY_USER_NOT_AUTHENTICATED = -26,
465     KM_ERROR_OUTPUT_PARAMETER_NULL = -27,
466     KM_ERROR_INVALID_OPERATION_HANDLE = -28,
467     KM_ERROR_INSUFFICIENT_BUFFER_SPACE = -29,
468     KM_ERROR_VERIFICATION_FAILED = -30,
469     KM_ERROR_TOO_MANY_OPERATIONS = -31,
470     KM_ERROR_UNEXPECTED_NULL_POINTER = -32,
471     KM_ERROR_INVALID_KEY_BLOB = -33,
472     KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = -34,
473     KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = -35,
474     KM_ERROR_IMPORTED_KEY_NOT_SIGNED = -36,
475     KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = -37,
476     KM_ERROR_INVALID_ARGUMENT = -38,
477     KM_ERROR_UNSUPPORTED_TAG = -39,
478     KM_ERROR_INVALID_TAG = -40,
479     KM_ERROR_MEMORY_ALLOCATION_FAILED = -41,
480     KM_ERROR_IMPORT_PARAMETER_MISMATCH = -44,
481     KM_ERROR_SECURE_HW_ACCESS_DENIED = -45,
482     KM_ERROR_OPERATION_CANCELLED = -46,
483     KM_ERROR_CONCURRENT_ACCESS_CONFLICT = -47,
484     KM_ERROR_SECURE_HW_BUSY = -48,
485     KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = -49,
486     KM_ERROR_UNSUPPORTED_EC_FIELD = -50,
487     KM_ERROR_MISSING_NONCE = -51,
488     KM_ERROR_INVALID_NONCE = -52,
489     KM_ERROR_MISSING_MAC_LENGTH = -53,
490     KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = -54,
491     KM_ERROR_CALLER_NONCE_PROHIBITED = -55,
492     KM_ERROR_KEY_MAX_OPS_EXCEEDED = -56,
493     KM_ERROR_INVALID_MAC_LENGTH = -57,
494     KM_ERROR_MISSING_MIN_MAC_LENGTH = -58,
495     KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59,
496     KM_ERROR_UNSUPPORTED_KDF = -60,
497     KM_ERROR_UNSUPPORTED_EC_CURVE = -61,
498     KM_ERROR_KEY_REQUIRES_UPGRADE = -62,
499     KM_ERROR_ATTESTATION_CHALLENGE_MISSING = -63,
500     KM_ERROR_KEYMASTER_NOT_CONFIGURED = -64,
501     KM_ERROR_ATTESTATION_APPLICATION_ID_MISSING = -65,
502     KM_ERROR_CANNOT_ATTEST_IDS = -66,
503     KM_ERROR_ROLLBACK_RESISTANCE_UNAVAILABLE = -67,
504     KM_ERROR_NO_USER_CONFIRMATION = -71,
505     KM_ERROR_DEVICE_LOCKED = -72,
506     KM_ERROR_EARLY_BOOT_ENDED = -73,
507     KM_ERROR_ATTESTATION_KEYS_NOT_PROVISIONED = -74,
508     KM_ERROR_ATTESTATION_IDS_NOT_PROVISIONED = -75,
509     KM_ERROR_INCOMPATIBLE_MGF_DIGEST = -78,
510     KM_ERROR_UNSUPPORTED_MGF_DIGEST = -79,
511     KM_ERROR_MISSING_NOT_BEFORE = -80,
512     KM_ERROR_MISSING_NOT_AFTER = -81,
513     KM_ERROR_MISSING_ISSUER_SUBJECT = -82,
514     KM_ERROR_INVALID_ISSUER_SUBJECT = -83,
515     KM_ERROR_BOOT_LEVEL_EXCEEDED = -84,
516 
517     KM_ERROR_UNIMPLEMENTED = -100,
518     KM_ERROR_VERSION_MISMATCH = -101,
519 
520     KM_ERROR_UNKNOWN_ERROR = -1000,
521 } keymaster_error_t;
522 
523 /* Convenience functions for manipulating keymaster tag types */
524 
keymaster_tag_get_type(keymaster_tag_t tag)525 static inline keymaster_tag_type_t keymaster_tag_get_type(keymaster_tag_t tag) {
526     return (keymaster_tag_type_t)(tag & (0xF << 28));
527 }
528 
keymaster_tag_mask_type(keymaster_tag_t tag)529 static inline uint32_t keymaster_tag_mask_type(keymaster_tag_t tag) {
530     return tag & 0x0FFFFFFF;
531 }
532 
keymaster_tag_type_repeatable(keymaster_tag_type_t type)533 static inline bool keymaster_tag_type_repeatable(keymaster_tag_type_t type) {
534     switch (type) {
535     case KM_UINT_REP:
536     case KM_ENUM_REP:
537         return true;
538     default:
539         return false;
540     }
541 }
542 
keymaster_tag_repeatable(keymaster_tag_t tag)543 static inline bool keymaster_tag_repeatable(keymaster_tag_t tag) {
544     return keymaster_tag_type_repeatable(keymaster_tag_get_type(tag));
545 }
546 
547 /* Convenience functions for manipulating keymaster_key_param_t structs */
548 
keymaster_param_enum(keymaster_tag_t tag,uint32_t value)549 inline keymaster_key_param_t keymaster_param_enum(keymaster_tag_t tag, uint32_t value) {
550     // assert(keymaster_tag_get_type(tag) == KM_ENUM || keymaster_tag_get_type(tag) == KM_ENUM_REP);
551     keymaster_key_param_t param;
552     memset(&param, 0, sizeof(param));
553     param.tag = tag;
554     param.enumerated = value;
555     return param;
556 }
557 
keymaster_param_int(keymaster_tag_t tag,uint32_t value)558 inline keymaster_key_param_t keymaster_param_int(keymaster_tag_t tag, uint32_t value) {
559     // assert(keymaster_tag_get_type(tag) == KM_INT || keymaster_tag_get_type(tag) == KM_INT_REP);
560     keymaster_key_param_t param;
561     memset(&param, 0, sizeof(param));
562     param.tag = tag;
563     param.integer = value;
564     return param;
565 }
566 
keymaster_param_long(keymaster_tag_t tag,uint64_t value)567 inline keymaster_key_param_t keymaster_param_long(keymaster_tag_t tag, uint64_t value) {
568     // assert(keymaster_tag_get_type(tag) == KM_LONG);
569     keymaster_key_param_t param;
570     memset(&param, 0, sizeof(param));
571     param.tag = tag;
572     param.long_integer = value;
573     return param;
574 }
575 
keymaster_param_blob(keymaster_tag_t tag,const uint8_t * bytes,size_t bytes_len)576 inline keymaster_key_param_t keymaster_param_blob(keymaster_tag_t tag, const uint8_t* bytes,
577                                                   size_t bytes_len) {
578     // assert(keymaster_tag_get_type(tag) == KM_BYTES || keymaster_tag_get_type(tag) == KM_BIGNUM);
579     keymaster_key_param_t param;
580     memset(&param, 0, sizeof(param));
581     param.tag = tag;
582     param.blob.data = (uint8_t*)bytes;
583     param.blob.data_length = bytes_len;
584     return param;
585 }
586 
keymaster_param_bool(keymaster_tag_t tag)587 inline keymaster_key_param_t keymaster_param_bool(keymaster_tag_t tag) {
588     // assert(keymaster_tag_get_type(tag) == KM_BOOL);
589     keymaster_key_param_t param;
590     memset(&param, 0, sizeof(param));
591     param.tag = tag;
592     param.boolean = true;
593     return param;
594 }
595 
keymaster_param_date(keymaster_tag_t tag,uint64_t value)596 inline keymaster_key_param_t keymaster_param_date(keymaster_tag_t tag, uint64_t value) {
597     // assert(keymaster_tag_get_type(tag) == KM_DATE);
598     keymaster_key_param_t param;
599     memset(&param, 0, sizeof(param));
600     param.tag = tag;
601     param.date_time = value;
602     return param;
603 }
604 
605 #define KEYMASTER_SIMPLE_COMPARE(a, b) (a < b) ? -1 : ((a > b) ? 1 : 0)
keymaster_param_compare(const keymaster_key_param_t * a,const keymaster_key_param_t * b)606 inline int keymaster_param_compare(const keymaster_key_param_t* a, const keymaster_key_param_t* b) {
607     int retval = KEYMASTER_SIMPLE_COMPARE((uint32_t)a->tag, (uint32_t)b->tag);
608     if (retval != 0)
609         return retval;
610 
611     switch (keymaster_tag_get_type(a->tag)) {
612     case KM_INVALID:
613     case KM_BOOL:
614         return 0;
615     case KM_ENUM:
616     case KM_ENUM_REP:
617         return KEYMASTER_SIMPLE_COMPARE(a->enumerated, b->enumerated);
618     case KM_UINT:
619     case KM_UINT_REP:
620         return KEYMASTER_SIMPLE_COMPARE(a->integer, b->integer);
621     case KM_ULONG:
622     case KM_ULONG_REP:
623         return KEYMASTER_SIMPLE_COMPARE(a->long_integer, b->long_integer);
624     case KM_DATE:
625         return KEYMASTER_SIMPLE_COMPARE(a->date_time, b->date_time);
626     case KM_BIGNUM:
627     case KM_BYTES:
628         // Handle the empty cases.
629         if (a->blob.data_length != 0 && b->blob.data_length == 0)
630             return -1;
631         if (a->blob.data_length == 0 && b->blob.data_length == 0)
632             return 0;
633         if (a->blob.data_length == 0 && b->blob.data_length > 0)
634             return 1;
635 
636         retval = memcmp(a->blob.data, b->blob.data, a->blob.data_length < b->blob.data_length
637                                                         ? a->blob.data_length
638                                                         : b->blob.data_length);
639         if (retval != 0)
640             return retval;
641         else if (a->blob.data_length != b->blob.data_length) {
642             // Equal up to the common length; longer one is larger.
643             if (a->blob.data_length < b->blob.data_length)
644                 return -1;
645             if (a->blob.data_length > b->blob.data_length)
646                 return 1;
647         }
648     }
649 
650     return 0;
651 }
652 #undef KEYMASTER_SIMPLE_COMPARE
653 
keymaster_free_param_values(keymaster_key_param_t * param,size_t param_count)654 inline void keymaster_free_param_values(keymaster_key_param_t* param, size_t param_count) {
655     while (param_count > 0) {
656         param_count--;
657         switch (keymaster_tag_get_type(param->tag)) {
658         case KM_BIGNUM:
659         case KM_BYTES:
660             free((void*)param->blob.data);
661             param->blob.data = NULL;
662             break;
663         default:
664             // NOP
665             break;
666         }
667         ++param;
668     }
669 }
670 
keymaster_free_param_set(keymaster_key_param_set_t * set)671 inline void keymaster_free_param_set(keymaster_key_param_set_t* set) {
672     if (set) {
673         keymaster_free_param_values(set->params, set->length);
674         free(set->params);
675         set->params = NULL;
676         set->length = 0;
677     }
678 }
679 
keymaster_free_characteristics(keymaster_key_characteristics_t * characteristics)680 inline void keymaster_free_characteristics(keymaster_key_characteristics_t* characteristics) {
681     if (characteristics) {
682         keymaster_free_param_set(&characteristics->hw_enforced);
683         keymaster_free_param_set(&characteristics->sw_enforced);
684     }
685 }
686 
keymaster_free_cert_chain(keymaster_cert_chain_t * chain)687 inline void keymaster_free_cert_chain(keymaster_cert_chain_t* chain) {
688     if (chain) {
689         for (size_t i = 0; i < chain->entry_count; ++i) {
690             free((uint8_t*)chain->entries[i].data);
691             chain->entries[i].data = NULL;
692             chain->entries[i].data_length = 0;
693         }
694         free(chain->entries);
695         chain->entries = NULL;
696         chain->entry_count = 0;
697     }
698 }
699 
700 #ifdef __cplusplus
701 }  // extern "C"
702 #endif  // __cplusplus
703 
704 #endif  // ANDROID_HARDWARE_KEYMASTER_DEFS_H
705