1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.keymaster; 18 19 import android.hardware.security.keymint.Algorithm; 20 import android.hardware.security.keymint.BlockMode; 21 import android.hardware.security.keymint.Digest; 22 import android.hardware.security.keymint.ErrorCode; 23 import android.hardware.security.keymint.HardwareAuthenticatorType; 24 import android.hardware.security.keymint.KeyFormat; 25 import android.hardware.security.keymint.KeyOrigin; 26 import android.hardware.security.keymint.KeyPurpose; 27 import android.hardware.security.keymint.PaddingMode; 28 import android.hardware.security.keymint.SecurityLevel; 29 import android.hardware.security.keymint.Tag; 30 import android.hardware.security.keymint.TagType; 31 32 import java.util.HashMap; 33 import java.util.Map; 34 35 /** 36 * Class tracking all the keymaster enum values needed for the binder API to keystore. 37 * This must be kept in sync with hardware/libhardware/include/hardware/keymaster_defs.h 38 * See keymaster_defs.h for detailed descriptions of each constant. 39 * @hide 40 */ 41 public final class KeymasterDefs { 42 KeymasterDefs()43 private KeymasterDefs() {} 44 45 // Tag types. 46 public static final int KM_INVALID = TagType.INVALID; 47 public static final int KM_ENUM = TagType.ENUM; 48 public static final int KM_ENUM_REP = TagType.ENUM_REP; 49 public static final int KM_UINT = TagType.UINT; 50 public static final int KM_UINT_REP = TagType.UINT_REP; 51 public static final int KM_ULONG = TagType.ULONG; 52 public static final int KM_DATE = TagType.DATE; 53 public static final int KM_BOOL = TagType.BOOL; 54 public static final int KM_BIGNUM = TagType.BIGNUM; 55 public static final int KM_BYTES = TagType.BYTES; 56 public static final int KM_ULONG_REP = TagType.ULONG_REP; 57 58 // Tag values. 59 public static final int KM_TAG_INVALID = Tag.INVALID; // KM_INVALID | 0; 60 public static final int KM_TAG_PURPOSE = Tag.PURPOSE; // KM_ENUM_REP | 1; 61 public static final int KM_TAG_ALGORITHM = Tag.ALGORITHM; // KM_ENUM | 2; 62 public static final int KM_TAG_KEY_SIZE = Tag.KEY_SIZE; // KM_UINT | 3; 63 public static final int KM_TAG_BLOCK_MODE = Tag.BLOCK_MODE; // KM_ENUM_REP | 4; 64 public static final int KM_TAG_DIGEST = Tag.DIGEST; // KM_ENUM_REP | 5; 65 public static final int KM_TAG_PADDING = Tag.PADDING; // KM_ENUM_REP | 6; 66 public static final int KM_TAG_CALLER_NONCE = Tag.CALLER_NONCE; // KM_BOOL | 7; 67 public static final int KM_TAG_MIN_MAC_LENGTH = Tag.MIN_MAC_LENGTH; // KM_UINT | 8; 68 public static final int KM_TAG_EC_CURVE = Tag.EC_CURVE; // KM_ENUM | 10; 69 70 public static final int KM_TAG_RSA_PUBLIC_EXPONENT = Tag.RSA_PUBLIC_EXPONENT; // KM_ULONG | 200; 71 public static final int KM_TAG_INCLUDE_UNIQUE_ID = Tag.INCLUDE_UNIQUE_ID; // KM_BOOL | 202; 72 public static final int KM_TAG_RSA_OAEP_MGF_DIGEST = Tag.RSA_OAEP_MGF_DIGEST; 73 // KM_ENUM_REP | 203; 74 75 public static final int KM_TAG_ACTIVE_DATETIME = Tag.ACTIVE_DATETIME; // KM_DATE | 400; 76 public static final int KM_TAG_ORIGINATION_EXPIRE_DATETIME = 77 Tag.ORIGINATION_EXPIRE_DATETIME; // KM_DATE | 401; 78 public static final int KM_TAG_USAGE_EXPIRE_DATETIME = 79 Tag.USAGE_EXPIRE_DATETIME; // KM_DATE | 402; 80 public static final int KM_TAG_MIN_SECONDS_BETWEEN_OPS = 81 Tag.MIN_SECONDS_BETWEEN_OPS; // KM_UINT | 403; 82 public static final int KM_TAG_MAX_USES_PER_BOOT = Tag.MAX_USES_PER_BOOT; // KM_UINT | 404; 83 public static final int KM_TAG_USAGE_COUNT_LIMIT = Tag.USAGE_COUNT_LIMIT; // KM_UINT | 405; 84 85 public static final int KM_TAG_USER_ID = Tag.USER_ID; // KM_UINT | 501; 86 public static final int KM_TAG_USER_SECURE_ID = Tag.USER_SECURE_ID; // KM_ULONG_REP | 502; 87 public static final int KM_TAG_NO_AUTH_REQUIRED = Tag.NO_AUTH_REQUIRED; // KM_BOOL | 503; 88 public static final int KM_TAG_USER_AUTH_TYPE = Tag.USER_AUTH_TYPE; // KM_ENUM | 504; 89 public static final int KM_TAG_AUTH_TIMEOUT = Tag.AUTH_TIMEOUT; // KM_UINT | 505; 90 public static final int KM_TAG_ALLOW_WHILE_ON_BODY = Tag.ALLOW_WHILE_ON_BODY; // KM_BOOL | 506; 91 public static final int KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED = 92 Tag.TRUSTED_USER_PRESENCE_REQUIRED; // KM_BOOL | 507; 93 public static final int KM_TAG_TRUSTED_CONFIRMATION_REQUIRED = 94 Tag.TRUSTED_CONFIRMATION_REQUIRED; // KM_BOOL | 508; 95 public static final int KM_TAG_UNLOCKED_DEVICE_REQUIRED = 96 Tag.UNLOCKED_DEVICE_REQUIRED; // KM_BOOL | 509; 97 98 public static final int KM_TAG_APPLICATION_ID = Tag.APPLICATION_ID; // KM_BYTES | 601; 99 100 public static final int KM_TAG_CREATION_DATETIME = Tag.CREATION_DATETIME; // KM_DATE | 701; 101 public static final int KM_TAG_ORIGIN = Tag.ORIGIN; // KM_ENUM | 702; 102 public static final int KM_TAG_ROLLBACK_RESISTANT = Tag.ROLLBACK_RESISTANCE; // KM_BOOL | 703; 103 public static final int KM_TAG_ROOT_OF_TRUST = Tag.ROOT_OF_TRUST; // KM_BYTES | 704; 104 public static final int KM_TAG_UNIQUE_ID = Tag.UNIQUE_ID; // KM_BYTES | 707; 105 public static final int KM_TAG_ATTESTATION_CHALLENGE = 106 Tag.ATTESTATION_CHALLENGE; // KM_BYTES | 708; 107 public static final int KM_TAG_ATTESTATION_ID_BRAND = 108 Tag.ATTESTATION_ID_BRAND; // KM_BYTES | 710; 109 public static final int KM_TAG_ATTESTATION_ID_DEVICE = 110 Tag.ATTESTATION_ID_DEVICE; // KM_BYTES | 711; 111 public static final int KM_TAG_ATTESTATION_ID_PRODUCT = 112 Tag.ATTESTATION_ID_PRODUCT; // KM_BYTES | 712; 113 public static final int KM_TAG_ATTESTATION_ID_SERIAL = 114 Tag.ATTESTATION_ID_SERIAL; // KM_BYTES | 713; 115 public static final int KM_TAG_ATTESTATION_ID_IMEI = 116 Tag.ATTESTATION_ID_IMEI; // KM_BYTES | 714; 117 public static final int KM_TAG_ATTESTATION_ID_MEID = 118 Tag.ATTESTATION_ID_MEID; // KM_BYTES | 715; 119 public static final int KM_TAG_ATTESTATION_ID_MANUFACTURER = 120 Tag.ATTESTATION_ID_MANUFACTURER; // KM_BYTES | 716; 121 public static final int KM_TAG_ATTESTATION_ID_MODEL = 122 Tag.ATTESTATION_ID_MODEL; // KM_BYTES | 717; 123 public static final int KM_TAG_VENDOR_PATCHLEVEL = 124 Tag.VENDOR_PATCHLEVEL; // KM_UINT | 718; 125 public static final int KM_TAG_BOOT_PATCHLEVEL = 126 Tag.BOOT_PATCHLEVEL; // KM_UINT | 719; 127 public static final int KM_TAG_DEVICE_UNIQUE_ATTESTATION = 128 Tag.DEVICE_UNIQUE_ATTESTATION; // KM_BOOL | 720; 129 public static final int KM_TAG_ATTESTATION_ID_SECOND_IMEI = 130 Tag.ATTESTATION_ID_SECOND_IMEI; // KM_BYTES | 723; 131 132 public static final int KM_TAG_NONCE = Tag.NONCE; // KM_BYTES | 1001; 133 public static final int KM_TAG_MAC_LENGTH = Tag.MAC_LENGTH; // KM_UINT | 1003; 134 public static final int KM_TAG_RESET_SINCE_ID_ROTATION = 135 Tag.RESET_SINCE_ID_ROTATION; // KM_BOOL | 1004 136 public static final int KM_TAG_CONFIRMATION_TOKEN = Tag.CONFIRMATION_TOKEN; // KM_BYTES | 1005; 137 public static final int KM_TAG_CERTIFICATE_SERIAL = Tag.CERTIFICATE_SERIAL; // KM_UINT | 1006; 138 public static final int KM_TAG_CERTIFICATE_SUBJECT = Tag.CERTIFICATE_SUBJECT; // KM_UINT | 1007; 139 public static final int KM_TAG_CERTIFICATE_NOT_BEFORE = 140 Tag.CERTIFICATE_NOT_BEFORE; // KM_DATE | 1008; 141 public static final int KM_TAG_CERTIFICATE_NOT_AFTER = 142 Tag.CERTIFICATE_NOT_AFTER; // KM_DATE | 1009; 143 144 // Algorithm values. 145 public static final int KM_ALGORITHM_RSA = Algorithm.RSA; 146 public static final int KM_ALGORITHM_EC = Algorithm.EC; 147 public static final int KM_ALGORITHM_AES = Algorithm.AES; 148 public static final int KM_ALGORITHM_3DES = Algorithm.TRIPLE_DES; 149 public static final int KM_ALGORITHM_HMAC = Algorithm.HMAC; 150 151 // Block modes. 152 public static final int KM_MODE_ECB = BlockMode.ECB; 153 public static final int KM_MODE_CBC = BlockMode.CBC; 154 public static final int KM_MODE_CTR = BlockMode.CTR; 155 public static final int KM_MODE_GCM = BlockMode.GCM; 156 157 // Padding modes. 158 public static final int KM_PAD_NONE = PaddingMode.NONE; 159 public static final int KM_PAD_RSA_OAEP = PaddingMode.RSA_OAEP; 160 public static final int KM_PAD_RSA_PSS = PaddingMode.RSA_PSS; 161 public static final int KM_PAD_RSA_PKCS1_1_5_ENCRYPT = PaddingMode.RSA_PKCS1_1_5_ENCRYPT; 162 public static final int KM_PAD_RSA_PKCS1_1_5_SIGN = PaddingMode.RSA_PKCS1_1_5_SIGN; 163 public static final int KM_PAD_PKCS7 = PaddingMode.PKCS7; 164 165 // Digest modes. 166 public static final int KM_DIGEST_NONE = Digest.NONE; 167 public static final int KM_DIGEST_MD5 = Digest.MD5; 168 public static final int KM_DIGEST_SHA1 = Digest.SHA1; 169 public static final int KM_DIGEST_SHA_2_224 = Digest.SHA_2_224; 170 public static final int KM_DIGEST_SHA_2_256 = Digest.SHA_2_256; 171 public static final int KM_DIGEST_SHA_2_384 = Digest.SHA_2_384; 172 public static final int KM_DIGEST_SHA_2_512 = Digest.SHA_2_512; 173 174 // Key origins. 175 public static final int KM_ORIGIN_GENERATED = KeyOrigin.GENERATED; 176 public static final int KM_ORIGIN_DERIVED = KeyOrigin.DERIVED; 177 public static final int KM_ORIGIN_IMPORTED = KeyOrigin.IMPORTED; 178 public static final int KM_ORIGIN_UNKNOWN = KeyOrigin.RESERVED; 179 public static final int KM_ORIGIN_SECURELY_IMPORTED = KeyOrigin.SECURELY_IMPORTED; 180 181 // Key usability requirements. 182 public static final int KM_BLOB_STANDALONE = 0; 183 public static final int KM_BLOB_REQUIRES_FILE_SYSTEM = 1; 184 185 // Operation Purposes. 186 public static final int KM_PURPOSE_ENCRYPT = KeyPurpose.ENCRYPT; 187 public static final int KM_PURPOSE_DECRYPT = KeyPurpose.DECRYPT; 188 public static final int KM_PURPOSE_SIGN = KeyPurpose.SIGN; 189 public static final int KM_PURPOSE_VERIFY = KeyPurpose.VERIFY; 190 public static final int KM_PURPOSE_WRAP = KeyPurpose.WRAP_KEY; 191 public static final int KM_PURPOSE_AGREE_KEY = KeyPurpose.AGREE_KEY; 192 public static final int KM_PURPOSE_ATTEST_KEY = KeyPurpose.ATTEST_KEY; 193 194 // Key formats. 195 public static final int KM_KEY_FORMAT_X509 = KeyFormat.X509; 196 public static final int KM_KEY_FORMAT_PKCS8 = KeyFormat.PKCS8; 197 public static final int KM_KEY_FORMAT_RAW = KeyFormat.RAW; 198 199 // User authenticators. 200 public static final int HW_AUTH_PASSWORD = HardwareAuthenticatorType.PASSWORD; 201 public static final int HW_AUTH_BIOMETRIC = HardwareAuthenticatorType.FINGERPRINT; 202 203 // Security Levels. 204 public static final int KM_SECURITY_LEVEL_SOFTWARE = SecurityLevel.SOFTWARE; 205 public static final int KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 206 SecurityLevel.TRUSTED_ENVIRONMENT; 207 public static final int KM_SECURITY_LEVEL_STRONGBOX = SecurityLevel.STRONGBOX; 208 209 // Error codes. 210 public static final int KM_ERROR_OK = ErrorCode.OK; 211 public static final int KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = 212 ErrorCode.ROOT_OF_TRUST_ALREADY_SET; // -1; 213 public static final int KM_ERROR_UNSUPPORTED_PURPOSE = 214 ErrorCode.UNSUPPORTED_PURPOSE; // -2; 215 public static final int KM_ERROR_INCOMPATIBLE_PURPOSE = 216 ErrorCode.INCOMPATIBLE_PURPOSE; // -3; 217 public static final int KM_ERROR_UNSUPPORTED_ALGORITHM = 218 ErrorCode.UNSUPPORTED_ALGORITHM; // -4; 219 public static final int KM_ERROR_INCOMPATIBLE_ALGORITHM = 220 ErrorCode.INCOMPATIBLE_ALGORITHM; // -5; 221 public static final int KM_ERROR_UNSUPPORTED_KEY_SIZE = 222 ErrorCode.UNSUPPORTED_KEY_SIZE; // -6; 223 public static final int KM_ERROR_UNSUPPORTED_BLOCK_MODE = 224 ErrorCode.UNSUPPORTED_BLOCK_MODE; // -7; 225 public static final int KM_ERROR_INCOMPATIBLE_BLOCK_MODE = 226 ErrorCode.INCOMPATIBLE_BLOCK_MODE; // -8; 227 public static final int KM_ERROR_UNSUPPORTED_MAC_LENGTH = 228 ErrorCode.UNSUPPORTED_MAC_LENGTH; // -9; 229 public static final int KM_ERROR_UNSUPPORTED_PADDING_MODE = 230 ErrorCode.UNSUPPORTED_PADDING_MODE; // -10; 231 public static final int KM_ERROR_INCOMPATIBLE_PADDING_MODE = 232 ErrorCode.INCOMPATIBLE_PADDING_MODE; // -11; 233 public static final int KM_ERROR_UNSUPPORTED_DIGEST = 234 ErrorCode.UNSUPPORTED_DIGEST; // -12; 235 public static final int KM_ERROR_INCOMPATIBLE_DIGEST = 236 ErrorCode.INCOMPATIBLE_DIGEST; // -13; 237 public static final int KM_ERROR_INVALID_EXPIRATION_TIME = 238 ErrorCode.INVALID_EXPIRATION_TIME; // -14; 239 public static final int KM_ERROR_INVALID_USER_ID = 240 ErrorCode.INVALID_USER_ID; // -15; 241 public static final int KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = 242 ErrorCode.INVALID_AUTHORIZATION_TIMEOUT; // -16; 243 public static final int KM_ERROR_UNSUPPORTED_KEY_FORMAT = 244 ErrorCode.UNSUPPORTED_KEY_FORMAT; // -17; 245 public static final int KM_ERROR_INCOMPATIBLE_KEY_FORMAT = 246 ErrorCode.INCOMPATIBLE_KEY_FORMAT; // -18; 247 public static final int KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 248 ErrorCode.UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM; // -19; 249 public static final int KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 250 ErrorCode.UNSUPPORTED_KEY_VERIFICATION_ALGORITHM; // -20; 251 public static final int KM_ERROR_INVALID_INPUT_LENGTH = 252 ErrorCode.INVALID_INPUT_LENGTH; // -21; 253 public static final int KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = 254 ErrorCode.KEY_EXPORT_OPTIONS_INVALID; // -22; 255 public static final int KM_ERROR_DELEGATION_NOT_ALLOWED = 256 ErrorCode.DELEGATION_NOT_ALLOWED; // -23; 257 public static final int KM_ERROR_KEY_NOT_YET_VALID = 258 ErrorCode.KEY_NOT_YET_VALID; // -24; 259 public static final int KM_ERROR_KEY_EXPIRED = 260 ErrorCode.KEY_EXPIRED; // -25; 261 public static final int KM_ERROR_KEY_USER_NOT_AUTHENTICATED = 262 ErrorCode.KEY_USER_NOT_AUTHENTICATED; // -26; 263 public static final int KM_ERROR_OUTPUT_PARAMETER_NULL = 264 ErrorCode.OUTPUT_PARAMETER_NULL; // -27; 265 public static final int KM_ERROR_INVALID_OPERATION_HANDLE = 266 ErrorCode.INVALID_OPERATION_HANDLE; // -28; 267 public static final int KM_ERROR_INSUFFICIENT_BUFFER_SPACE = 268 ErrorCode.INSUFFICIENT_BUFFER_SPACE; // -29; 269 public static final int KM_ERROR_VERIFICATION_FAILED = 270 ErrorCode.VERIFICATION_FAILED; // -30; 271 public static final int KM_ERROR_TOO_MANY_OPERATIONS = 272 ErrorCode.TOO_MANY_OPERATIONS; // -31; 273 public static final int KM_ERROR_UNEXPECTED_NULL_POINTER = 274 ErrorCode.UNEXPECTED_NULL_POINTER; // -32; 275 public static final int KM_ERROR_INVALID_KEY_BLOB = 276 ErrorCode.INVALID_KEY_BLOB; // -33; 277 public static final int KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = 278 ErrorCode.IMPORTED_KEY_NOT_ENCRYPTED; // -34; 279 public static final int KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = 280 ErrorCode.IMPORTED_KEY_DECRYPTION_FAILED; // -35; 281 public static final int KM_ERROR_IMPORTED_KEY_NOT_SIGNED = 282 ErrorCode.IMPORTED_KEY_NOT_SIGNED; // -36; 283 public static final int KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = 284 ErrorCode.IMPORTED_KEY_VERIFICATION_FAILED; // -37; 285 public static final int KM_ERROR_INVALID_ARGUMENT = 286 ErrorCode.INVALID_ARGUMENT; // -38; 287 public static final int KM_ERROR_UNSUPPORTED_TAG = 288 ErrorCode.UNSUPPORTED_TAG; // -39; 289 public static final int KM_ERROR_INVALID_TAG = 290 ErrorCode.INVALID_TAG; // -40; 291 public static final int KM_ERROR_MEMORY_ALLOCATION_FAILED = 292 ErrorCode.MEMORY_ALLOCATION_FAILED; // -41; 293 public static final int KM_ERROR_IMPORT_PARAMETER_MISMATCH = 294 ErrorCode.IMPORT_PARAMETER_MISMATCH; // -44; 295 public static final int KM_ERROR_SECURE_HW_ACCESS_DENIED = 296 ErrorCode.SECURE_HW_ACCESS_DENIED; // -45; 297 public static final int KM_ERROR_OPERATION_CANCELLED = 298 ErrorCode.OPERATION_CANCELLED; // -46; 299 public static final int KM_ERROR_CONCURRENT_ACCESS_CONFLICT = 300 ErrorCode.CONCURRENT_ACCESS_CONFLICT; // -47; 301 public static final int KM_ERROR_SECURE_HW_BUSY = 302 ErrorCode.SECURE_HW_BUSY; // -48; 303 public static final int KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = 304 ErrorCode.SECURE_HW_COMMUNICATION_FAILED; // -49; 305 public static final int KM_ERROR_UNSUPPORTED_EC_FIELD = 306 ErrorCode.UNSUPPORTED_EC_FIELD; // -50; 307 public static final int KM_ERROR_MISSING_NONCE = 308 ErrorCode.MISSING_NONCE; // -51; 309 public static final int KM_ERROR_INVALID_NONCE = 310 ErrorCode.INVALID_NONCE; // -52; 311 public static final int KM_ERROR_MISSING_MAC_LENGTH = 312 ErrorCode.MISSING_MAC_LENGTH; // -53; 313 public static final int KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = 314 ErrorCode.KEY_RATE_LIMIT_EXCEEDED; // -54; 315 public static final int KM_ERROR_CALLER_NONCE_PROHIBITED = 316 ErrorCode.CALLER_NONCE_PROHIBITED; // -55; 317 public static final int KM_ERROR_KEY_MAX_OPS_EXCEEDED = 318 ErrorCode.KEY_MAX_OPS_EXCEEDED; // -56; 319 public static final int KM_ERROR_INVALID_MAC_LENGTH = 320 ErrorCode.INVALID_MAC_LENGTH; // -57; 321 public static final int KM_ERROR_MISSING_MIN_MAC_LENGTH = 322 ErrorCode.MISSING_MIN_MAC_LENGTH; // -58; 323 public static final int KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = 324 ErrorCode.UNSUPPORTED_MIN_MAC_LENGTH; // -59; 325 public static final int KM_ERROR_UNSUPPORTED_KDF = ErrorCode.UNSUPPORTED_KDF; // -60 326 public static final int KM_ERROR_UNSUPPORTED_EC_CURVE = ErrorCode.UNSUPPORTED_EC_CURVE; // -61 327 // -62 is KEY_REQUIRES_UPGRADE and is handled by Keystore. 328 public static final int KM_ERROR_ATTESTATION_CHALLENGE_MISSING = 329 ErrorCode.ATTESTATION_CHALLENGE_MISSING; // -63 330 public static final int KM_ERROR_KEYMINT_NOT_CONFIGURED = 331 ErrorCode.KEYMINT_NOT_CONFIGURED; // -64 332 public static final int KM_ERROR_ATTESTATION_APPLICATION_ID_MISSING = 333 ErrorCode.ATTESTATION_APPLICATION_ID_MISSING; // -65; 334 public static final int KM_ERROR_CANNOT_ATTEST_IDS = 335 ErrorCode.CANNOT_ATTEST_IDS; // -66; 336 public static final int KM_ERROR_ROLLBACK_RESISTANCE_UNAVAILABLE = 337 ErrorCode.ROLLBACK_RESISTANCE_UNAVAILABLE; // -67; 338 public static final int KM_ERROR_HARDWARE_TYPE_UNAVAILABLE = 339 ErrorCode.HARDWARE_TYPE_UNAVAILABLE; // -68; 340 public static final int KM_ERROR_PROOF_OF_PRESENCE_REQUIRED = 341 ErrorCode.PROOF_OF_PRESENCE_REQUIRED; // -69; 342 public static final int KM_ERROR_CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 343 ErrorCode.CONCURRENT_PROOF_OF_PRESENCE_REQUESTED; // -70; 344 public static final int KM_ERROR_NO_USER_CONFIRMATION = 345 ErrorCode.NO_USER_CONFIRMATION; // -71; 346 public static final int KM_ERROR_DEVICE_LOCKED = 347 ErrorCode.DEVICE_LOCKED; // -72; 348 public static final int KM_ERROR_EARLY_BOOT_ENDED = 349 ErrorCode.EARLY_BOOT_ENDED; // -73; 350 public static final int KM_ERROR_ATTESTATION_KEYS_NOT_PROVISIONED = 351 ErrorCode.ATTESTATION_KEYS_NOT_PROVISIONED; // -74; 352 public static final int KM_ERROR_ATTESTATION_IDS_NOT_PROVISIONED = 353 ErrorCode.ATTESTATION_IDS_NOT_PROVISIONED; // -75; 354 public static final int KM_ERROR_INVALID_OPERATION = 355 ErrorCode.INVALID_OPERATION; // -76; 356 public static final int KM_ERROR_STORAGE_KEY_UNSUPPORTED = 357 ErrorCode.STORAGE_KEY_UNSUPPORTED; // -77, 358 public static final int KM_ERROR_INCOMPATIBLE_MGF_DIGEST = 359 ErrorCode.INCOMPATIBLE_MGF_DIGEST; // -78, 360 public static final int KM_ERROR_UNSUPPORTED_MGF_DIGEST = 361 ErrorCode.UNSUPPORTED_MGF_DIGEST; // -79, 362 public static final int KM_ERROR_MISSING_NOT_BEFORE = 363 ErrorCode.MISSING_NOT_BEFORE; // -80; 364 public static final int KM_ERROR_MISSING_NOT_AFTER = 365 ErrorCode.MISSING_NOT_AFTER; // -81; 366 public static final int KM_ERROR_MISSING_ISSUER_SUBJECT = 367 ErrorCode.MISSING_ISSUER_SUBJECT; // -82; 368 public static final int KM_ERROR_INVALID_ISSUER_SUBJECT = 369 ErrorCode.INVALID_ISSUER_SUBJECT; // -83; 370 public static final int KM_ERROR_BOOT_LEVEL_EXCEEDED = 371 ErrorCode.BOOT_LEVEL_EXCEEDED; // -84; 372 public static final int KM_ERROR_HARDWARE_NOT_YET_AVAILABLE = 373 ErrorCode.HARDWARE_NOT_YET_AVAILABLE; // -85 374 public static final int KM_ERROR_UNIMPLEMENTED = 375 ErrorCode.UNIMPLEMENTED; // -100; 376 public static final int KM_ERROR_VERSION_MISMATCH = 377 ErrorCode.VERSION_MISMATCH; // -101; 378 public static final int KM_ERROR_UNKNOWN_ERROR = 379 ErrorCode.UNKNOWN_ERROR; // -1000; 380 381 public static final Map<Integer, String> sErrorCodeToString = new HashMap<Integer, String>(); 382 static { sErrorCodeToString.put(KM_ERROR_OK, "OK")383 sErrorCodeToString.put(KM_ERROR_OK, "OK"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PURPOSE, "Unsupported purpose")384 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PURPOSE, "Unsupported purpose"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PURPOSE, "Incompatible purpose")385 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PURPOSE, "Incompatible purpose"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_ALGORITHM, "Unsupported algorithm")386 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_ALGORITHM, "Unsupported algorithm"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_ALGORITHM, "Incompatible algorithm")387 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_ALGORITHM, "Incompatible algorithm"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_SIZE, "Unsupported key size")388 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_SIZE, "Unsupported key size"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_BLOCK_MODE, "Unsupported block mode")389 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_BLOCK_MODE, "Unsupported block mode"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, "Incompatible block mode")390 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, "Incompatible block mode"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_MAC_LENGTH, "Unsupported MAC or authentication tag length")391 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_MAC_LENGTH, 392 "Unsupported MAC or authentication tag length"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PADDING_MODE, "Unsupported padding mode")393 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PADDING_MODE, "Unsupported padding mode"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PADDING_MODE, "Incompatible padding mode")394 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PADDING_MODE, "Incompatible padding mode"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_DIGEST, "Unsupported digest")395 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_DIGEST, "Unsupported digest"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_DIGEST, "Incompatible digest")396 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_DIGEST, "Incompatible digest"); sErrorCodeToString.put(KM_ERROR_INVALID_EXPIRATION_TIME, "Invalid expiration time")397 sErrorCodeToString.put(KM_ERROR_INVALID_EXPIRATION_TIME, "Invalid expiration time"); sErrorCodeToString.put(KM_ERROR_INVALID_USER_ID, "Invalid user ID")398 sErrorCodeToString.put(KM_ERROR_INVALID_USER_ID, "Invalid user ID"); sErrorCodeToString.put(KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT, "Invalid user authorization timeout")399 sErrorCodeToString.put(KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT, 400 "Invalid user authorization timeout"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_FORMAT, "Unsupported key format")401 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_FORMAT, "Unsupported key format"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_KEY_FORMAT, "Incompatible key format")402 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_KEY_FORMAT, "Incompatible key format"); sErrorCodeToString.put(KM_ERROR_INVALID_INPUT_LENGTH, "Invalid input length")403 sErrorCodeToString.put(KM_ERROR_INVALID_INPUT_LENGTH, "Invalid input length"); sErrorCodeToString.put(KM_ERROR_KEY_NOT_YET_VALID, "Key not yet valid")404 sErrorCodeToString.put(KM_ERROR_KEY_NOT_YET_VALID, "Key not yet valid"); sErrorCodeToString.put(KM_ERROR_KEY_EXPIRED, "Key expired")405 sErrorCodeToString.put(KM_ERROR_KEY_EXPIRED, "Key expired"); sErrorCodeToString.put(KM_ERROR_KEY_USER_NOT_AUTHENTICATED, "Key user not authenticated")406 sErrorCodeToString.put(KM_ERROR_KEY_USER_NOT_AUTHENTICATED, "Key user not authenticated"); sErrorCodeToString.put(KM_ERROR_INVALID_OPERATION_HANDLE, "Invalid operation handle")407 sErrorCodeToString.put(KM_ERROR_INVALID_OPERATION_HANDLE, "Invalid operation handle"); sErrorCodeToString.put(KM_ERROR_VERIFICATION_FAILED, "Signature/MAC verification failed")408 sErrorCodeToString.put(KM_ERROR_VERIFICATION_FAILED, "Signature/MAC verification failed"); sErrorCodeToString.put(KM_ERROR_TOO_MANY_OPERATIONS, "Too many operations")409 sErrorCodeToString.put(KM_ERROR_TOO_MANY_OPERATIONS, "Too many operations"); sErrorCodeToString.put(KM_ERROR_INVALID_KEY_BLOB, "Invalid key blob")410 sErrorCodeToString.put(KM_ERROR_INVALID_KEY_BLOB, "Invalid key blob"); sErrorCodeToString.put(KM_ERROR_INVALID_ARGUMENT, "Invalid argument")411 sErrorCodeToString.put(KM_ERROR_INVALID_ARGUMENT, "Invalid argument"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_TAG, "Unsupported tag")412 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_TAG, "Unsupported tag"); sErrorCodeToString.put(KM_ERROR_INVALID_TAG, "Invalid tag")413 sErrorCodeToString.put(KM_ERROR_INVALID_TAG, "Invalid tag"); sErrorCodeToString.put(KM_ERROR_MEMORY_ALLOCATION_FAILED, "Memory allocation failed")414 sErrorCodeToString.put(KM_ERROR_MEMORY_ALLOCATION_FAILED, "Memory allocation failed"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_EC_FIELD, "Unsupported EC field")415 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_EC_FIELD, "Unsupported EC field"); sErrorCodeToString.put(KM_ERROR_MISSING_NONCE, "Required IV missing")416 sErrorCodeToString.put(KM_ERROR_MISSING_NONCE, "Required IV missing"); sErrorCodeToString.put(KM_ERROR_INVALID_NONCE, "Invalid IV")417 sErrorCodeToString.put(KM_ERROR_INVALID_NONCE, "Invalid IV"); sErrorCodeToString.put(KM_ERROR_CALLER_NONCE_PROHIBITED, "Caller-provided IV not permitted")418 sErrorCodeToString.put(KM_ERROR_CALLER_NONCE_PROHIBITED, 419 "Caller-provided IV not permitted"); sErrorCodeToString.put(KM_ERROR_INVALID_MAC_LENGTH, "Invalid MAC or authentication tag length")420 sErrorCodeToString.put(KM_ERROR_INVALID_MAC_LENGTH, 421 "Invalid MAC or authentication tag length"); sErrorCodeToString.put(KM_ERROR_CANNOT_ATTEST_IDS, "Unable to attest device ids")422 sErrorCodeToString.put(KM_ERROR_CANNOT_ATTEST_IDS, "Unable to attest device ids"); sErrorCodeToString.put(KM_ERROR_HARDWARE_TYPE_UNAVAILABLE, "Requested security level " + "(likely Strongbox) is not available.")423 sErrorCodeToString.put(KM_ERROR_HARDWARE_TYPE_UNAVAILABLE, "Requested security level " 424 + "(likely Strongbox) is not available."); sErrorCodeToString.put(KM_ERROR_DEVICE_LOCKED, "Device locked")425 sErrorCodeToString.put(KM_ERROR_DEVICE_LOCKED, "Device locked"); sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented")426 sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented"); sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error")427 sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error"); 428 } 429 getTagType(int tag)430 public static int getTagType(int tag) { 431 return tag & (0xF << 28); 432 } 433 getErrorMessage(int errorCode)434 public static String getErrorMessage(int errorCode) { 435 String result = sErrorCodeToString.get(errorCode); 436 if (result != null) { 437 return result; 438 } 439 return String.valueOf(errorCode); 440 } 441 } 442