Loading security/keymint/aidl/android/hardware/security/keymint/Tag.aidl +59 −60 Original line number Diff line number Diff line Loading @@ -46,7 +46,7 @@ enum Tag { * * Must be hardware-enforced. */ PURPOSE = (2 << 28) | 1, /* TagType:ENUM_REP */ PURPOSE = (2 << 28) /* TagType:ENUM_REP */ | 1, /** * Tag::ALGORITHM specifies the cryptographic algorithm with which the key is used. This tag Loading @@ -55,7 +55,7 @@ enum Tag { * * Must be hardware-enforced. */ ALGORITHM = (1 << 28) | 2, /* TagType:ENUM */ ALGORITHM = (1 << 28) /* TagType:ENUM */ | 2, /** * Tag::KEY_SIZE pecifies the size, in bits, of the key, measuring in the normal way for the Loading @@ -67,7 +67,7 @@ enum Tag { * * Must be hardware-enforced. */ KEY_SIZE = (3 << 28) | 3, /* TagType:UINT */ KEY_SIZE = (3 << 28) /* TagType:UINT */ | 3, /** * Tag::BLOCK_MODE specifies the block cipher mode(s) with which the key may be used. This tag Loading @@ -80,8 +80,8 @@ enum Tag { * * Must be hardware-enforced. */ BLOCK_MODE = (2 << 28) | 4, /* BlockMode. */ /* TagType:ENUM_REP */ BLOCK_MODE = (2 << 28) /* TagType:ENUM_REP */ | 4, /** * Tag::DIGEST specifies the digest algorithms that may be used with the key to perform signing Loading @@ -95,7 +95,7 @@ enum Tag { * * Must be hardware-enforced. */ DIGEST = (2 << 28) | 5, /* TagType:ENUM_REP */ DIGEST = (2 << 28) /* TagType:ENUM_REP */ | 5, /** * Tag::PADDING specifies the padding modes that may be used with the key. This tag is relevant Loading Loading @@ -123,7 +123,7 @@ enum Tag { * * Must be hardware-enforced. */ PADDING = (2 << 28) | 6, /* TagType:ENUM_REP */ PADDING = (2 << 28) /* TagType:ENUM_REP */ | 6, /** * Tag::CALLER_NONCE specifies that the caller can provide a nonce for nonce-requiring Loading @@ -136,7 +136,7 @@ enum Tag { * * Must be hardware-enforced. */ CALLER_NONCE = (7 << 28) | 7, /* TagType:BOOL */ CALLER_NONCE = (7 << 28) /* TagType:BOOL */ | 7, /** * Tag::MIN_MAC_LENGTH specifies the minimum length of MAC that can be requested or verified Loading @@ -149,7 +149,7 @@ enum Tag { * * Must be hardware-enforced. */ MIN_MAC_LENGTH = (3 << 28) | 8, /* TagType:UINT */ MIN_MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 8, // Tag 9 reserved Loading @@ -160,7 +160,7 @@ enum Tag { * * Must be hardware-enforced. */ EC_CURVE = (1 << 28) | 10, /* TagType:ENUM */ EC_CURVE = (1 << 28) /* TagType:ENUM */ | 10, /** * Tag::RSA_PUBLIC_EXPONENT specifies the value of the public exponent for an RSA key pair. Loading @@ -174,7 +174,7 @@ enum Tag { * * Must be hardware-enforced. */ RSA_PUBLIC_EXPONENT = (5 << 28) | 200, /* TagType:ULONG */ RSA_PUBLIC_EXPONENT = (5 << 28) /* TagType:ULONG */ | 200, // Tag 201 reserved Loading @@ -185,7 +185,7 @@ enum Tag { * * Must be hardware-enforced. */ INCLUDE_UNIQUE_ID = (7 << 28) | 202, /* TagType:BOOL */ INCLUDE_UNIQUE_ID = (7 << 28) /* TagType:BOOL */ | 202, /** * TODO(seleneh) this tag needs to be deleted from all codes. Loading @@ -202,7 +202,7 @@ enum Tag { * * Must be hardware-enforced. */ BLOB_USAGE_REQUIREMENTS = (1 << 28) | 301, /* TagType:ENUM */ BLOB_USAGE_REQUIREMENTS = (1 << 28) /* TagType:ENUM */ | 301, /** * Tag::BOOTLOADER_ONLY specifies only the bootloader can use the key. Loading @@ -212,7 +212,7 @@ enum Tag { * * Must be hardware-enforced. */ BOOTLOADER_ONLY = (7 << 28) | 302, /* TagType:BOOL */ BOOTLOADER_ONLY = (7 << 28) /* TagType:BOOL */ | 302, /** * Tag::ROLLBACK_RESISTANCE specifies that the key has rollback resistance, meaning that when Loading @@ -227,16 +227,16 @@ enum Tag { * * Must be hardwared-enforced. */ ROLLBACK_RESISTANCE = (7 << 28) | 303, /* TagType:BOOL */ ROLLBACK_RESISTANCE = (7 << 28) /* TagType:BOOL */ | 303, // Reserved for future use. HARDWARE_TYPE = (1 << 28) | 304, /* TagType:ENUM */ HARDWARE_TYPE = (1 << 28) /* TagType:ENUM */ | 304, /** * Keys tagged with EARLY_BOOT_ONLY may only be used, or created, during early boot, until * IKeyMintDevice::earlyBootEnded() is called. */ EARLY_BOOT_ONLY = (7 << 28) | 305, /* TagType:BOOL */ EARLY_BOOT_ONLY = (7 << 28) /* TagType:BOOL */ | 305, /** * Tag::ACTIVE_DATETIME specifies the date and time at which the key becomes active, in Loading @@ -245,8 +245,7 @@ enum Tag { * * Need not be hardware-enforced. */ ACTIVE_DATETIME = (6 << 28) | 400, /* Start of validity. */ /* TagType:DATE */ ACTIVE_DATETIME = (6 << 28) /* TagType:DATE */ | 400, /** * Tag::ORIGINATION_EXPIRE_DATETIME specifies the date and time at which the key expires for Loading @@ -258,7 +257,7 @@ enum Tag { * * Need not be hardware-enforced. */ ORIGINATION_EXPIRE_DATETIME = (6 << 28) | 401, /* TagType:DATE */ ORIGINATION_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 401, /** * Tag::USAGE_EXPIRE_DATETIME specifies the date and time at which the key expires for Loading @@ -270,7 +269,7 @@ enum Tag { * * Need not be hardware-enforced. */ USAGE_EXPIRE_DATETIME = (6 << 28) | 402, /* TagType:DATE */ USAGE_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 402, /** * TODO(seleneh) this tag need to be deleted. Loading @@ -295,7 +294,7 @@ enum Tag { * * Must be hardware-enforced. */ MIN_SECONDS_BETWEEN_OPS = (3 << 28) | 403, /* TagType:UINT */ MIN_SECONDS_BETWEEN_OPS = (3 << 28) /* TagType:UINT */ | 403, /** * Tag::MAX_USES_PER_BOOT specifies the maximum number of times that a key may be used between Loading @@ -315,14 +314,14 @@ enum Tag { * * Must be hardware-enforced. */ MAX_USES_PER_BOOT = (3 << 28) | 404, /* TagType:UINT */ MAX_USES_PER_BOOT = (3 << 28) /* TagType:UINT */ | 404, /** * Tag::USER_ID specifies the ID of the Android user that is permitted to use the key. * * Must not be hardware-enforced. */ USER_ID = (3 << 28) | 501, /* TagType:UINT */ USER_ID = (3 << 28) /* TagType:UINT */ | 501, /** * Tag::USER_SECURE_ID specifies that a key may only be used under a particular secure user Loading Loading @@ -355,7 +354,7 @@ enum Tag { * * Must be hardware-enforced. */ USER_SECURE_ID = (10 << 28) | 502, /* TagType:ULONG_REP */ USER_SECURE_ID = (10 << 28) /* TagType:ULONG_REP */ | 502, /** * Tag::NO_AUTH_REQUIRED specifies that no authentication is required to use this key. This tag Loading @@ -363,7 +362,7 @@ enum Tag { * * Must be hardware-enforced. */ NO_AUTH_REQUIRED = (7 << 28) | 503, /* TagType:BOOL */ NO_AUTH_REQUIRED = (7 << 28) /* TagType:BOOL */ | 503, /** * Tag::USER_AUTH_TYPE specifies the types of user authenticators that may be used to authorize Loading @@ -382,7 +381,7 @@ enum Tag { * * Must be hardware-enforced. */ USER_AUTH_TYPE = (1 << 28) | 504, /* TagType:ENUM */ USER_AUTH_TYPE = (1 << 28) /* TagType:ENUM */ | 504, /** * Tag::AUTH_TIMEOUT specifies the time in seconds for which the key is authorized for use, Loading @@ -396,7 +395,7 @@ enum Tag { * * Must be hardware-enforced. */ AUTH_TIMEOUT = (3 << 28) | 505, /* TagType:UINT */ AUTH_TIMEOUT = (3 << 28) /* TagType:UINT */ | 505, /** * Tag::ALLOW_WHILE_ON_BODY specifies that the key may be used after authentication timeout if Loading @@ -404,7 +403,7 @@ enum Tag { * * Cannot be hardware-enforced. */ ALLOW_WHILE_ON_BODY = (7 << 28) | 506, /* TagType:BOOL */ ALLOW_WHILE_ON_BODY = (7 << 28) /* TagType:BOOL */ | 506, /** * TRUSTED_USER_PRESENCE_REQUIRED is an optional feature that specifies that this key must be Loading Loading @@ -451,7 +450,7 @@ enum Tag { * * Must be hardware-enforced. */ TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) | 507, /* TagType:BOOL */ TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 507, /** Tag::TRUSTED_CONFIRMATION_REQUIRED is only applicable to keys with KeyPurpose SIGN, and * specifies that this key must not be usable unless the user provides confirmation of the data Loading @@ -464,7 +463,7 @@ enum Tag { * * Must be hardware-enforced. */ TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) | 508, /* TagType:BOOL */ TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) /* TagType:BOOL */ | 508, /** * Tag::UNLOCKED_DEVICE_REQUIRED specifies that the key may only be used when the device is Loading @@ -472,7 +471,7 @@ enum Tag { * * Must be software-enforced. */ UNLOCKED_DEVICE_REQUIRED = (7 << 28) | 509, /* TagType:BOOL */ UNLOCKED_DEVICE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 509, /** * Tag::APPLICATION_ID. When provided to generateKey or importKey, this tag specifies data Loading @@ -488,7 +487,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ APPLICATION_ID = (9 << 28) | 601, /* TagType:BYTES */ APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 601, /* * Semantically unenforceable tags, either because they have no specific meaning or because Loading @@ -509,7 +508,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ APPLICATION_DATA = (9 << 28) | 700, /* TagType:BYTES */ APPLICATION_DATA = (9 << 28) /* TagType:BYTES */ | 700, /** * Tag::CREATION_DATETIME specifies the date and time the key was created, in milliseconds since Loading @@ -518,7 +517,7 @@ enum Tag { * Tag::CREATED is informational only, and not enforced by anything. Must be in the * software-enforced list, if provided. */ CREATION_DATETIME = (6 << 28) | 701, /* TagType:DATE */ CREATION_DATETIME = (6 << 28) /* TagType:DATE */ | 701, /** * Tag::ORIGIN specifies where the key was created, if known. This tag must not be specified Loading @@ -527,7 +526,7 @@ enum Tag { * * Must be hardware-enforced. */ ORIGIN = (1 << 28) | 702, /* TagType:ENUM */ ORIGIN = (1 << 28) /* TagType:ENUM */ | 702, // 703 is unused. Loading @@ -539,7 +538,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ROOT_OF_TRUST = (9 << 28) | 704, /* TagType:BYTES */ ROOT_OF_TRUST = (9 << 28) /* TagType:BYTES */ | 704, /** * Tag::OS_VERSION specifies the system OS version with which the key may be used. This tag is Loading @@ -562,7 +561,7 @@ enum Tag { * * Must be hardware-enforced. */ OS_VERSION = (3 << 28) | 705, /* TagType:UINT */ OS_VERSION = (3 << 28) /* TagType:UINT */ | 705, /** * Tag::OS_PATCHLEVEL specifies the system security patch level with which the key may be used. Loading @@ -583,7 +582,7 @@ enum Tag { * * Must be hardware-enforced. */ OS_PATCHLEVEL = (3 << 28) | 706, /* TagType:UINT */ OS_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 706, /** * Tag::UNIQUE_ID specifies a unique, time-based identifier. This tag is never provided to or Loading Loading @@ -617,7 +616,7 @@ enum Tag { * * Must be hardware-enforced. */ UNIQUE_ID = (9 << 28) | 707, /* TagType:BYTES */ UNIQUE_ID = (9 << 28) /* TagType:BYTES */ | 707, /** * Tag::ATTESTATION_CHALLENGE is used to deliver a "challenge" value to the attestKey() method, Loading @@ -626,7 +625,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_CHALLENGE = (9 << 28) | 708, /* TagType:BYTES */ ATTESTATION_CHALLENGE = (9 << 28) /* TagType:BYTES */ | 708, /** * Tag::ATTESTATION_APPLICATION_ID identifies the set of applications which may use a key, used Loading @@ -652,7 +651,7 @@ enum Tag { * * Cannot be hardware-enforced. */ ATTESTATION_APPLICATION_ID = (9 << 28) | 709, /* TagType:BYTES */ ATTESTATION_APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 709, /** * Tag::ATTESTATION_ID_BRAND provides the device's brand name, as returned by Build.BRAND in Loading @@ -665,7 +664,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_BRAND = (9 << 28) | 710, /* TagType:BYTES */ ATTESTATION_ID_BRAND = (9 << 28) /* TagType:BYTES */ | 710, /** * Tag::ATTESTATION_ID_DEVICE provides the device's device name, as returned by Build.DEVICE in Loading @@ -678,7 +677,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_DEVICE = (9 << 28) | 711, /* TagType:BYTES */ ATTESTATION_ID_DEVICE = (9 << 28) /* TagType:BYTES */ | 711, /** * Tag::ATTESTATION_ID_PRODUCT provides the device's product name, as returned by Build.PRODUCT Loading @@ -691,7 +690,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_PRODUCT = (9 << 28) | 712, /* TagType:BYTES */ ATTESTATION_ID_PRODUCT = (9 << 28) /* TagType:BYTES */ | 712, /** * Tag::ATTESTATION_ID_SERIAL the device's serial number. This field must be set only when Loading @@ -703,7 +702,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_SERIAL = (9 << 28) | 713, /* TagType:BYTES */ ATTESTATION_ID_SERIAL = (9 << 28) /* TagType:BYTES */ | 713, /** * Tag::ATTESTATION_ID_IMEI provides the IMEIs for all radios on the device to attestKey(). Loading @@ -715,7 +714,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_IMEI = (9 << 28) | 714, /* TagType:BYTES */ ATTESTATION_ID_IMEI = (9 << 28) /* TagType:BYTES */ | 714, /** * Tag::ATTESTATION_ID_MEID provides the MEIDs for all radios on the device to attestKey(). Loading @@ -727,7 +726,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_MEID = (9 << 28) | 715, /* TagType:BYTES */ ATTESTATION_ID_MEID = (9 << 28) /* TagType:BYTES */ | 715, /** * Tag::ATTESTATION_ID_MANUFACTURER provides the device's manufacturer name, as returned by Loading @@ -740,7 +739,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_MANUFACTURER = (9 << 28) | 716, /* TagType:BYTES */ ATTESTATION_ID_MANUFACTURER = (9 << 28) /* TagType:BYTES */ | 716, /** * Tag::ATTESTATION_ID_MODEL provides the device's model name, as returned by Build.MODEL in Loading @@ -753,7 +752,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_MODEL = (9 << 28) | 717, /* TagType:BYTES */ ATTESTATION_ID_MODEL = (9 << 28) /* TagType:BYTES */ | 717, /** * Tag::VENDOR_PATCHLEVEL specifies the vendor image security patch level with which the key may Loading @@ -775,7 +774,7 @@ enum Tag { * * Must be hardware-enforced. */ VENDOR_PATCHLEVEL = (3 << 28) | 718, /* TagType:UINT */ VENDOR_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 718, /** * Tag::BOOT_PATCHLEVEL specifies the boot image (kernel) security patch level with which the Loading @@ -795,7 +794,7 @@ enum Tag { * * Must be hardware-enforced. */ BOOT_PATCHLEVEL = (3 << 28) | 719, /* TagType:UINT */ BOOT_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 719, /** * DEVICE_UNIQUE_ATTESTATION is an argument to IKeyMintDevice::attestKey(). It indicates that Loading @@ -811,7 +810,7 @@ enum Tag { * IKeyMintDevice implementations that support device-unique attestation MUST add the * DEVICE_UNIQUE_ATTESTATION tag to device-unique attestations. */ DEVICE_UNIQUE_ATTESTATION = (7 << 28) | 720, /* TagType:BOOL */ DEVICE_UNIQUE_ATTESTATION = (7 << 28) /* TagType:BOOL */ | 720, /** * IDENTITY_CREDENTIAL_KEY is never used by IKeyMintDevice, is not a valid argument to key Loading @@ -819,7 +818,7 @@ enum Tag { * attestation. It is used in attestations produced by the IIdentityCredential HAL when that * HAL attests to Credential Keys. IIdentityCredential produces KeyMint-style attestations. */ IDENTITY_CREDENTIAL_KEY = (7 << 28) | 721, /* TagType:BOOL */ IDENTITY_CREDENTIAL_KEY = (7 << 28) /* TagType:BOOL */ | 721, /** * To prevent keys from being compromised if an attacker acquires read access to system / kernel Loading @@ -836,7 +835,7 @@ enum Tag { * ErrorCode::INVALID_OPERATION is returned when a key with Tag::STORAGE_KEY is provided to * begin(). */ STORAGE_KEY = (7 << 28) | 722, /* TagType:BOOL */ STORAGE_KEY = (7 << 28) /* TagType:BOOL */ | 722, /** * Tag::ASSOCIATED_DATA Provides "associated data" for AES-GCM encryption or decryption. This Loading @@ -845,7 +844,7 @@ enum Tag { * * Must never appear KeyCharacteristics. */ ASSOCIATED_DATA = (9 << 28) | 1000, /* TagType:BYTES */ ASSOCIATED_DATA = (9 << 28) /* TagType:BYTES */ | 1000, /** * Tag::NONCE is used to provide or return a nonce or Initialization Vector (IV) for AES-GCM, Loading @@ -860,7 +859,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ NONCE = (9 << 28) | 1001, /* TagType:BYTES */ NONCE = (9 << 28) /* TagType:BYTES */ | 1001, /** * Tag::MAC_LENGTH provides the requested length of a MAC or GCM authentication tag, in bits. Loading @@ -871,7 +870,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ MAC_LENGTH = (3 << 28) | 1003, /* TagType:UINT */ MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 1003, /** * Tag::RESET_SINCE_ID_ROTATION specifies whether the device has been factory reset since the Loading @@ -879,7 +878,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ RESET_SINCE_ID_ROTATION = (7 << 28) | 1004, /* TagType:BOOL */ RESET_SINCE_ID_ROTATION = (7 << 28) /* TagType:BOOL */ | 1004, /** * Tag::CONFIRMATION_TOKEN is used to deliver a cryptographic token proving that the user Loading @@ -888,5 +887,5 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ CONFIRMATION_TOKEN = (9 << 28) | 1005, /* TagType:BYTES */ CONFIRMATION_TOKEN = (9 << 28) /* TagType:BYTES */ | 1005, } Loading
security/keymint/aidl/android/hardware/security/keymint/Tag.aidl +59 −60 Original line number Diff line number Diff line Loading @@ -46,7 +46,7 @@ enum Tag { * * Must be hardware-enforced. */ PURPOSE = (2 << 28) | 1, /* TagType:ENUM_REP */ PURPOSE = (2 << 28) /* TagType:ENUM_REP */ | 1, /** * Tag::ALGORITHM specifies the cryptographic algorithm with which the key is used. This tag Loading @@ -55,7 +55,7 @@ enum Tag { * * Must be hardware-enforced. */ ALGORITHM = (1 << 28) | 2, /* TagType:ENUM */ ALGORITHM = (1 << 28) /* TagType:ENUM */ | 2, /** * Tag::KEY_SIZE pecifies the size, in bits, of the key, measuring in the normal way for the Loading @@ -67,7 +67,7 @@ enum Tag { * * Must be hardware-enforced. */ KEY_SIZE = (3 << 28) | 3, /* TagType:UINT */ KEY_SIZE = (3 << 28) /* TagType:UINT */ | 3, /** * Tag::BLOCK_MODE specifies the block cipher mode(s) with which the key may be used. This tag Loading @@ -80,8 +80,8 @@ enum Tag { * * Must be hardware-enforced. */ BLOCK_MODE = (2 << 28) | 4, /* BlockMode. */ /* TagType:ENUM_REP */ BLOCK_MODE = (2 << 28) /* TagType:ENUM_REP */ | 4, /** * Tag::DIGEST specifies the digest algorithms that may be used with the key to perform signing Loading @@ -95,7 +95,7 @@ enum Tag { * * Must be hardware-enforced. */ DIGEST = (2 << 28) | 5, /* TagType:ENUM_REP */ DIGEST = (2 << 28) /* TagType:ENUM_REP */ | 5, /** * Tag::PADDING specifies the padding modes that may be used with the key. This tag is relevant Loading Loading @@ -123,7 +123,7 @@ enum Tag { * * Must be hardware-enforced. */ PADDING = (2 << 28) | 6, /* TagType:ENUM_REP */ PADDING = (2 << 28) /* TagType:ENUM_REP */ | 6, /** * Tag::CALLER_NONCE specifies that the caller can provide a nonce for nonce-requiring Loading @@ -136,7 +136,7 @@ enum Tag { * * Must be hardware-enforced. */ CALLER_NONCE = (7 << 28) | 7, /* TagType:BOOL */ CALLER_NONCE = (7 << 28) /* TagType:BOOL */ | 7, /** * Tag::MIN_MAC_LENGTH specifies the minimum length of MAC that can be requested or verified Loading @@ -149,7 +149,7 @@ enum Tag { * * Must be hardware-enforced. */ MIN_MAC_LENGTH = (3 << 28) | 8, /* TagType:UINT */ MIN_MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 8, // Tag 9 reserved Loading @@ -160,7 +160,7 @@ enum Tag { * * Must be hardware-enforced. */ EC_CURVE = (1 << 28) | 10, /* TagType:ENUM */ EC_CURVE = (1 << 28) /* TagType:ENUM */ | 10, /** * Tag::RSA_PUBLIC_EXPONENT specifies the value of the public exponent for an RSA key pair. Loading @@ -174,7 +174,7 @@ enum Tag { * * Must be hardware-enforced. */ RSA_PUBLIC_EXPONENT = (5 << 28) | 200, /* TagType:ULONG */ RSA_PUBLIC_EXPONENT = (5 << 28) /* TagType:ULONG */ | 200, // Tag 201 reserved Loading @@ -185,7 +185,7 @@ enum Tag { * * Must be hardware-enforced. */ INCLUDE_UNIQUE_ID = (7 << 28) | 202, /* TagType:BOOL */ INCLUDE_UNIQUE_ID = (7 << 28) /* TagType:BOOL */ | 202, /** * TODO(seleneh) this tag needs to be deleted from all codes. Loading @@ -202,7 +202,7 @@ enum Tag { * * Must be hardware-enforced. */ BLOB_USAGE_REQUIREMENTS = (1 << 28) | 301, /* TagType:ENUM */ BLOB_USAGE_REQUIREMENTS = (1 << 28) /* TagType:ENUM */ | 301, /** * Tag::BOOTLOADER_ONLY specifies only the bootloader can use the key. Loading @@ -212,7 +212,7 @@ enum Tag { * * Must be hardware-enforced. */ BOOTLOADER_ONLY = (7 << 28) | 302, /* TagType:BOOL */ BOOTLOADER_ONLY = (7 << 28) /* TagType:BOOL */ | 302, /** * Tag::ROLLBACK_RESISTANCE specifies that the key has rollback resistance, meaning that when Loading @@ -227,16 +227,16 @@ enum Tag { * * Must be hardwared-enforced. */ ROLLBACK_RESISTANCE = (7 << 28) | 303, /* TagType:BOOL */ ROLLBACK_RESISTANCE = (7 << 28) /* TagType:BOOL */ | 303, // Reserved for future use. HARDWARE_TYPE = (1 << 28) | 304, /* TagType:ENUM */ HARDWARE_TYPE = (1 << 28) /* TagType:ENUM */ | 304, /** * Keys tagged with EARLY_BOOT_ONLY may only be used, or created, during early boot, until * IKeyMintDevice::earlyBootEnded() is called. */ EARLY_BOOT_ONLY = (7 << 28) | 305, /* TagType:BOOL */ EARLY_BOOT_ONLY = (7 << 28) /* TagType:BOOL */ | 305, /** * Tag::ACTIVE_DATETIME specifies the date and time at which the key becomes active, in Loading @@ -245,8 +245,7 @@ enum Tag { * * Need not be hardware-enforced. */ ACTIVE_DATETIME = (6 << 28) | 400, /* Start of validity. */ /* TagType:DATE */ ACTIVE_DATETIME = (6 << 28) /* TagType:DATE */ | 400, /** * Tag::ORIGINATION_EXPIRE_DATETIME specifies the date and time at which the key expires for Loading @@ -258,7 +257,7 @@ enum Tag { * * Need not be hardware-enforced. */ ORIGINATION_EXPIRE_DATETIME = (6 << 28) | 401, /* TagType:DATE */ ORIGINATION_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 401, /** * Tag::USAGE_EXPIRE_DATETIME specifies the date and time at which the key expires for Loading @@ -270,7 +269,7 @@ enum Tag { * * Need not be hardware-enforced. */ USAGE_EXPIRE_DATETIME = (6 << 28) | 402, /* TagType:DATE */ USAGE_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 402, /** * TODO(seleneh) this tag need to be deleted. Loading @@ -295,7 +294,7 @@ enum Tag { * * Must be hardware-enforced. */ MIN_SECONDS_BETWEEN_OPS = (3 << 28) | 403, /* TagType:UINT */ MIN_SECONDS_BETWEEN_OPS = (3 << 28) /* TagType:UINT */ | 403, /** * Tag::MAX_USES_PER_BOOT specifies the maximum number of times that a key may be used between Loading @@ -315,14 +314,14 @@ enum Tag { * * Must be hardware-enforced. */ MAX_USES_PER_BOOT = (3 << 28) | 404, /* TagType:UINT */ MAX_USES_PER_BOOT = (3 << 28) /* TagType:UINT */ | 404, /** * Tag::USER_ID specifies the ID of the Android user that is permitted to use the key. * * Must not be hardware-enforced. */ USER_ID = (3 << 28) | 501, /* TagType:UINT */ USER_ID = (3 << 28) /* TagType:UINT */ | 501, /** * Tag::USER_SECURE_ID specifies that a key may only be used under a particular secure user Loading Loading @@ -355,7 +354,7 @@ enum Tag { * * Must be hardware-enforced. */ USER_SECURE_ID = (10 << 28) | 502, /* TagType:ULONG_REP */ USER_SECURE_ID = (10 << 28) /* TagType:ULONG_REP */ | 502, /** * Tag::NO_AUTH_REQUIRED specifies that no authentication is required to use this key. This tag Loading @@ -363,7 +362,7 @@ enum Tag { * * Must be hardware-enforced. */ NO_AUTH_REQUIRED = (7 << 28) | 503, /* TagType:BOOL */ NO_AUTH_REQUIRED = (7 << 28) /* TagType:BOOL */ | 503, /** * Tag::USER_AUTH_TYPE specifies the types of user authenticators that may be used to authorize Loading @@ -382,7 +381,7 @@ enum Tag { * * Must be hardware-enforced. */ USER_AUTH_TYPE = (1 << 28) | 504, /* TagType:ENUM */ USER_AUTH_TYPE = (1 << 28) /* TagType:ENUM */ | 504, /** * Tag::AUTH_TIMEOUT specifies the time in seconds for which the key is authorized for use, Loading @@ -396,7 +395,7 @@ enum Tag { * * Must be hardware-enforced. */ AUTH_TIMEOUT = (3 << 28) | 505, /* TagType:UINT */ AUTH_TIMEOUT = (3 << 28) /* TagType:UINT */ | 505, /** * Tag::ALLOW_WHILE_ON_BODY specifies that the key may be used after authentication timeout if Loading @@ -404,7 +403,7 @@ enum Tag { * * Cannot be hardware-enforced. */ ALLOW_WHILE_ON_BODY = (7 << 28) | 506, /* TagType:BOOL */ ALLOW_WHILE_ON_BODY = (7 << 28) /* TagType:BOOL */ | 506, /** * TRUSTED_USER_PRESENCE_REQUIRED is an optional feature that specifies that this key must be Loading Loading @@ -451,7 +450,7 @@ enum Tag { * * Must be hardware-enforced. */ TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) | 507, /* TagType:BOOL */ TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 507, /** Tag::TRUSTED_CONFIRMATION_REQUIRED is only applicable to keys with KeyPurpose SIGN, and * specifies that this key must not be usable unless the user provides confirmation of the data Loading @@ -464,7 +463,7 @@ enum Tag { * * Must be hardware-enforced. */ TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) | 508, /* TagType:BOOL */ TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) /* TagType:BOOL */ | 508, /** * Tag::UNLOCKED_DEVICE_REQUIRED specifies that the key may only be used when the device is Loading @@ -472,7 +471,7 @@ enum Tag { * * Must be software-enforced. */ UNLOCKED_DEVICE_REQUIRED = (7 << 28) | 509, /* TagType:BOOL */ UNLOCKED_DEVICE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 509, /** * Tag::APPLICATION_ID. When provided to generateKey or importKey, this tag specifies data Loading @@ -488,7 +487,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ APPLICATION_ID = (9 << 28) | 601, /* TagType:BYTES */ APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 601, /* * Semantically unenforceable tags, either because they have no specific meaning or because Loading @@ -509,7 +508,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ APPLICATION_DATA = (9 << 28) | 700, /* TagType:BYTES */ APPLICATION_DATA = (9 << 28) /* TagType:BYTES */ | 700, /** * Tag::CREATION_DATETIME specifies the date and time the key was created, in milliseconds since Loading @@ -518,7 +517,7 @@ enum Tag { * Tag::CREATED is informational only, and not enforced by anything. Must be in the * software-enforced list, if provided. */ CREATION_DATETIME = (6 << 28) | 701, /* TagType:DATE */ CREATION_DATETIME = (6 << 28) /* TagType:DATE */ | 701, /** * Tag::ORIGIN specifies where the key was created, if known. This tag must not be specified Loading @@ -527,7 +526,7 @@ enum Tag { * * Must be hardware-enforced. */ ORIGIN = (1 << 28) | 702, /* TagType:ENUM */ ORIGIN = (1 << 28) /* TagType:ENUM */ | 702, // 703 is unused. Loading @@ -539,7 +538,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ROOT_OF_TRUST = (9 << 28) | 704, /* TagType:BYTES */ ROOT_OF_TRUST = (9 << 28) /* TagType:BYTES */ | 704, /** * Tag::OS_VERSION specifies the system OS version with which the key may be used. This tag is Loading @@ -562,7 +561,7 @@ enum Tag { * * Must be hardware-enforced. */ OS_VERSION = (3 << 28) | 705, /* TagType:UINT */ OS_VERSION = (3 << 28) /* TagType:UINT */ | 705, /** * Tag::OS_PATCHLEVEL specifies the system security patch level with which the key may be used. Loading @@ -583,7 +582,7 @@ enum Tag { * * Must be hardware-enforced. */ OS_PATCHLEVEL = (3 << 28) | 706, /* TagType:UINT */ OS_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 706, /** * Tag::UNIQUE_ID specifies a unique, time-based identifier. This tag is never provided to or Loading Loading @@ -617,7 +616,7 @@ enum Tag { * * Must be hardware-enforced. */ UNIQUE_ID = (9 << 28) | 707, /* TagType:BYTES */ UNIQUE_ID = (9 << 28) /* TagType:BYTES */ | 707, /** * Tag::ATTESTATION_CHALLENGE is used to deliver a "challenge" value to the attestKey() method, Loading @@ -626,7 +625,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_CHALLENGE = (9 << 28) | 708, /* TagType:BYTES */ ATTESTATION_CHALLENGE = (9 << 28) /* TagType:BYTES */ | 708, /** * Tag::ATTESTATION_APPLICATION_ID identifies the set of applications which may use a key, used Loading @@ -652,7 +651,7 @@ enum Tag { * * Cannot be hardware-enforced. */ ATTESTATION_APPLICATION_ID = (9 << 28) | 709, /* TagType:BYTES */ ATTESTATION_APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 709, /** * Tag::ATTESTATION_ID_BRAND provides the device's brand name, as returned by Build.BRAND in Loading @@ -665,7 +664,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_BRAND = (9 << 28) | 710, /* TagType:BYTES */ ATTESTATION_ID_BRAND = (9 << 28) /* TagType:BYTES */ | 710, /** * Tag::ATTESTATION_ID_DEVICE provides the device's device name, as returned by Build.DEVICE in Loading @@ -678,7 +677,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_DEVICE = (9 << 28) | 711, /* TagType:BYTES */ ATTESTATION_ID_DEVICE = (9 << 28) /* TagType:BYTES */ | 711, /** * Tag::ATTESTATION_ID_PRODUCT provides the device's product name, as returned by Build.PRODUCT Loading @@ -691,7 +690,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_PRODUCT = (9 << 28) | 712, /* TagType:BYTES */ ATTESTATION_ID_PRODUCT = (9 << 28) /* TagType:BYTES */ | 712, /** * Tag::ATTESTATION_ID_SERIAL the device's serial number. This field must be set only when Loading @@ -703,7 +702,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_SERIAL = (9 << 28) | 713, /* TagType:BYTES */ ATTESTATION_ID_SERIAL = (9 << 28) /* TagType:BYTES */ | 713, /** * Tag::ATTESTATION_ID_IMEI provides the IMEIs for all radios on the device to attestKey(). Loading @@ -715,7 +714,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_IMEI = (9 << 28) | 714, /* TagType:BYTES */ ATTESTATION_ID_IMEI = (9 << 28) /* TagType:BYTES */ | 714, /** * Tag::ATTESTATION_ID_MEID provides the MEIDs for all radios on the device to attestKey(). Loading @@ -727,7 +726,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_MEID = (9 << 28) | 715, /* TagType:BYTES */ ATTESTATION_ID_MEID = (9 << 28) /* TagType:BYTES */ | 715, /** * Tag::ATTESTATION_ID_MANUFACTURER provides the device's manufacturer name, as returned by Loading @@ -740,7 +739,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_MANUFACTURER = (9 << 28) | 716, /* TagType:BYTES */ ATTESTATION_ID_MANUFACTURER = (9 << 28) /* TagType:BYTES */ | 716, /** * Tag::ATTESTATION_ID_MODEL provides the device's model name, as returned by Build.MODEL in Loading @@ -753,7 +752,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ ATTESTATION_ID_MODEL = (9 << 28) | 717, /* TagType:BYTES */ ATTESTATION_ID_MODEL = (9 << 28) /* TagType:BYTES */ | 717, /** * Tag::VENDOR_PATCHLEVEL specifies the vendor image security patch level with which the key may Loading @@ -775,7 +774,7 @@ enum Tag { * * Must be hardware-enforced. */ VENDOR_PATCHLEVEL = (3 << 28) | 718, /* TagType:UINT */ VENDOR_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 718, /** * Tag::BOOT_PATCHLEVEL specifies the boot image (kernel) security patch level with which the Loading @@ -795,7 +794,7 @@ enum Tag { * * Must be hardware-enforced. */ BOOT_PATCHLEVEL = (3 << 28) | 719, /* TagType:UINT */ BOOT_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 719, /** * DEVICE_UNIQUE_ATTESTATION is an argument to IKeyMintDevice::attestKey(). It indicates that Loading @@ -811,7 +810,7 @@ enum Tag { * IKeyMintDevice implementations that support device-unique attestation MUST add the * DEVICE_UNIQUE_ATTESTATION tag to device-unique attestations. */ DEVICE_UNIQUE_ATTESTATION = (7 << 28) | 720, /* TagType:BOOL */ DEVICE_UNIQUE_ATTESTATION = (7 << 28) /* TagType:BOOL */ | 720, /** * IDENTITY_CREDENTIAL_KEY is never used by IKeyMintDevice, is not a valid argument to key Loading @@ -819,7 +818,7 @@ enum Tag { * attestation. It is used in attestations produced by the IIdentityCredential HAL when that * HAL attests to Credential Keys. IIdentityCredential produces KeyMint-style attestations. */ IDENTITY_CREDENTIAL_KEY = (7 << 28) | 721, /* TagType:BOOL */ IDENTITY_CREDENTIAL_KEY = (7 << 28) /* TagType:BOOL */ | 721, /** * To prevent keys from being compromised if an attacker acquires read access to system / kernel Loading @@ -836,7 +835,7 @@ enum Tag { * ErrorCode::INVALID_OPERATION is returned when a key with Tag::STORAGE_KEY is provided to * begin(). */ STORAGE_KEY = (7 << 28) | 722, /* TagType:BOOL */ STORAGE_KEY = (7 << 28) /* TagType:BOOL */ | 722, /** * Tag::ASSOCIATED_DATA Provides "associated data" for AES-GCM encryption or decryption. This Loading @@ -845,7 +844,7 @@ enum Tag { * * Must never appear KeyCharacteristics. */ ASSOCIATED_DATA = (9 << 28) | 1000, /* TagType:BYTES */ ASSOCIATED_DATA = (9 << 28) /* TagType:BYTES */ | 1000, /** * Tag::NONCE is used to provide or return a nonce or Initialization Vector (IV) for AES-GCM, Loading @@ -860,7 +859,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ NONCE = (9 << 28) | 1001, /* TagType:BYTES */ NONCE = (9 << 28) /* TagType:BYTES */ | 1001, /** * Tag::MAC_LENGTH provides the requested length of a MAC or GCM authentication tag, in bits. Loading @@ -871,7 +870,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ MAC_LENGTH = (3 << 28) | 1003, /* TagType:UINT */ MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 1003, /** * Tag::RESET_SINCE_ID_ROTATION specifies whether the device has been factory reset since the Loading @@ -879,7 +878,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ RESET_SINCE_ID_ROTATION = (7 << 28) | 1004, /* TagType:BOOL */ RESET_SINCE_ID_ROTATION = (7 << 28) /* TagType:BOOL */ | 1004, /** * Tag::CONFIRMATION_TOKEN is used to deliver a cryptographic token proving that the user Loading @@ -888,5 +887,5 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ CONFIRMATION_TOKEN = (9 << 28) | 1005, /* TagType:BYTES */ CONFIRMATION_TOKEN = (9 << 28) /* TagType:BYTES */ | 1005, }
