nugget/proto/nugget/app/keymaster/keymaster_defs.proto - platform/external/nos/host/generic - Git at Google

 /*
  * Copyright (C) 2017 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 syntax = "proto3";

 package nugget.app.keymaster;

 /*
  * Minimal type definitions required for building protos.  Sourced from:
  *     ::android::hardware::keymaster::V3_0
  */
 enum TagType {
   TAG_TYPE_INVALID = 0x0;  /* 0 << 16 */
   ENUM = 0x10000;          /* 1 << 16 */
   ENUM_REP = 0x20000;      /* 2 << 16 */
   UINT = 0x30000;          /* 3 << 16 */
   UINT_REP = 0x40000;      /* 4 << 16 */
   ULONG = 0x50000;         /* 5 << 16 */
   DATE = 0x60000;          /* 6 << 16 */
   BOOL = 0x70000;          /* 7 << 16 */
   BIGNUM_ = 0x80000;       /* 8 << 16 */
   BYTES = 0x90000;         /* 9 << 16 */
   ULONG_REP = 0xA0000;     /* 10 << 16 */
 };

 enum Tag {
   TAG_INVALID = 0; // (TagType:INVALID | 0)
   PURPOSE = 0x20001; // (TagType:ENUM_REP | 1)
   ALGORITHM = 0x10002; // (TagType:ENUM | 2)
   KEY_SIZE = 0x30003; // (TagType:UINT | 3)
   BLOCK_MODE = 0x20004; // (TagType:ENUM_REP | 4)
   DIGEST = 0x20005; // (TagType:ENUM_REP | 5)
   PADDING = 0x20006; // (TagType:ENUM_REP | 6)
   CALLER_NONCE = 0x70007; // (TagType:BOOL | 7)
   MIN_MAC_LENGTH = 0x30008; // (TagType:UINT | 8)
   /* RESERVED: KDF = 0x20009; // (TagType:ENUM_REP | 9) */
   EC_CURVE = 0x1000a; // (TagType:ENUM | 10)
   RSA_PUBLIC_EXPONENT = 0x500c8; // (TagType:ULONG | 200)
   /* RESERVED: ECIES_SINGLE_HASH_MODE = 0x700c9; // (TagType:BOOL | 201) */
   INCLUDE_UNIQUE_ID = 0x700ca; // (TagType:BOOL | 202)
   RSA_OAEP_MGF_DIGEST = 0x200cb; // (TagType:ENUM_REP | 203)
   BLOB_USAGE_REQUIREMENTS = 0x1012d; // (TagType:ENUM | 301)
   BOOTLOADER_ONLY = 0x7012e; // (TagType:BOOL | 302)
   ROLLBACK_RESISTANCE = 0x7012f; // (TagType:BOOL | 303)
   HARDWARE_TYPE = 0x10130; // TagType:ENUM | 304,
   EARLY_BOOT_ONLY = 0x70131;  // TagType:BOOL | 305,
   ACTIVE_DATETIME = 0x60190; // (TagType:DATE | 400)
   ORIGINATION_EXPIRE_DATETIME = 0x60191; // (TagType:DATE | 401)
   USAGE_EXPIRE_DATETIME = 0x60192; // (TagType:DATE | 402)
   MIN_SECONDS_BETWEEN_OPS = 0x30193; // (TagType:UINT | 403)
   MAX_USES_PER_BOOT = 0x30194; // (TagType:UINT | 404)
   USAGE_COUNT_LIMIT = 0x30195; // (TagType:UINT | 405)
   /* RESERVED: ALL_USERS = 0x701f4; // (TagType:BOOL | 500) */
   USER_ID = 0x301f5; // (TagType:UINT | 501)
   USER_SECURE_ID = 0xa01f6; // (TagType:ULONG_REP | 502)
   NO_AUTH_REQUIRED = 0x701f7; // (TagType:BOOL | 503)
   USER_AUTH_TYPE = 0x101f8; // (TagType:ENUM | 504)
   AUTH_TIMEOUT = 0x301f9; // (TagType:UINT | 505)
   ALLOW_WHILE_ON_BODY = 0x701fa; // (TagType:BOOL | 506)
   TRUSTED_USER_PRESENCE_REQUIRED = 0x701fb; // (TagType:BOOL | 507)
   TRUSTED_CONFIRMATION_REQUIRED = 0x701fc;  // (TagType:BOOL | 508)
   UNLOCKED_DEVICE_REQUIRED = 0x701fd;  //  (TagType:BOOL | 509)
   /* RESERVED: ALL_APPLICATIONS = 0x70258; // (TagType:BOOL | 600) */
   APPLICATION_ID = 0x90259; // (TagType:BYTES | 601)
   /* RESERVED: EXPORTABLE = 0x7025a; // (TagType:BOOL | 602) */
   APPLICATION_DATA = 0x902bc; // (TagType:BYTES | 700)
   CREATION_DATETIME = 0x602bd; // (TagType:DATE | 701)
   ORIGIN = 0x102be; // (TagType:ENUM | 702)
   /* RESERVED: ROLLBACK_RESISTANT = 0x702bf; // (TagType:BOOL | 703) */
   ROOT_OF_TRUST = 0x902c0; // (TagType:BYTES | 704)
   OS_VERSION = 0x302c1; // (TagType:UINT | 705)
   OS_PATCHLEVEL = 0x302c2; // (TagType:UINT | 706)
   UNIQUE_ID = 0x902c3; // (TagType:BYTES | 707)
   ATTESTATION_CHALLENGE = 0x902c4; // (TagType:BYTES | 708)
   ATTESTATION_APPLICATION_ID = 0x902c5; // (TagType:BYTES | 709)
   ATTESTATION_ID_BRAND = 0x902c6; // (TagType:BYTES | 710)
   ATTESTATION_ID_DEVICE = 0x902c7; // (TagType:BYTES | 711)
   ATTESTATION_ID_PRODUCT = 0x902c8; // (TagType:BYTES | 712)
   ATTESTATION_ID_SERIAL = 0x902c9; // (TagType:BYTES | 713)
   ATTESTATION_ID_IMEI = 0x902ca; // (TagType:BYTES | 714)
   ATTESTATION_ID_MEID = 0x902cb; // (TagType:BYTES | 715)
   ATTESTATION_ID_MANUFACTURER = 0x902cc; // (TagType:BYTES | 716)
   ATTESTATION_ID_MODEL = 0x902cd; // (TagType:BYTES | 717)
   VENDOR_PATCHLEVEL = 0x302ce; // (TagType:UINT | 718)
   BOOT_PATCHLEVEL = 0x302cf; // (TagType:UINT | 719)
   DEVICE_UNIQUE_ATTESTATION = 0x702d0;  // (TagType:BOOL | 720)
   IDENTITY_CREDENTIAL_KEY = 0x702d1;    // (TagType:BOOL | 721)
   STORAGE_KEY = 0x702d2;                // (TagType:BOOL | 722)
   ASSOCIATED_DATA = 0x903e8; // (TagType:BYTES | 1000)
   NONCE = 0x903e9; // (TagType:BYTES | 1001)
   /* RESERVED: AUTH_TOKEN = 0x903ea; // (TagType:BYTES | 1002) */
   MAC_LENGTH = 0x303eb; // (TagType:UINT | 1003)
   RESET_SINCE_ID_ROTATION = 0x703ec; // (TagType:BOOL | 1004)
   CONFIRMATION_TOKEN = 0x903ed; // (TagType:BYTES | 1005)
   CERTIFICATE_SERIAL = 0x803ee; // (TagType:BIGNUM | 1006)
   CERTIFICATE_SUBJECT = 0x903ef; // (TagType:BYTES | 1007)
 };

 enum Algorithm {
   RSA = 0;
   EC = 1;
   AES = 2;
   DES = 3;
   HMAC = 4;
   ALGORITHM_MAX = 5;
 };

 enum BlockMode {
   ECB = 0;
   CBC = 1;
   CTR = 2;
   GCM = 3;
   BLOCK_MODE_MAX = 4;
 };

 enum PaddingMode {
   PADDING_NONE = 0;
   PADDING_RSA_OAEP = 1;
   PADDING_RSA_PSS = 2;
   PADDING_RSA_PKCS1_1_5_ENCRYPT = 3;
   PADDING_RSA_PKCS1_1_5_SIGN = 4;
   PADDING_PKCS7 = 5;
   PADDING_MODE_MAX = 6;
 };

 enum Digest {
   DIGEST_NONE = 0;
   DIGEST_MD5 = 1;
   DIGEST_SHA1 = 2;
   DIGEST_SHA_2_224 = 3;
   DIGEST_SHA_2_256 = 4;
   DIGEST_SHA_2_384 = 5;
   DIGEST_SHA_2_512 = 6;
   DIGEST_MAX = 7;
 };

 enum EcCurve {
   P_224 = 0;
   P_256 = 1;
   P_384 = 2;
   P_521 = 3;
   EC_CURVE_MAX = 4;
 };

 enum KeyOrigin {
   GENERATED = 0;
   DERIVED = 1;
   IMPORTED = 2;
   UNKNOWN = 3;
   SECURELY_IMPORTED = 4;
   KEY_ORIGIN_MAX = 5;
 };

 enum KeyBlobUsageRequirements {
   STANDALONE = 0;
   REQUIRES_FILE_SYSTEM = 1;
   KEY_USAGE_MAX = 2;
 };

 enum KeyPurpose {
   ENCRYPT = 0;
   DECRYPT = 1;
   SIGN = 2;
   VERIFY = 3;
   /* RESERVED: DERIVE_KEY = 4; */
   WRAP_KEY = 5;
   AGREE_KEY = 6;
   ATTEST_KEY = 7;
   PURPOSE_MAX = 8;
 };

 enum ErrorCode {
   OK = 0;
   ROOT_OF_TRUST_ALREADY_SET = 1;
   UNSUPPORTED_PURPOSE = 2;
   INCOMPATIBLE_PURPOSE = 3;
   UNSUPPORTED_ALGORITHM = 4;
   INCOMPATIBLE_ALGORITHM = 5;
   UNSUPPORTED_KEY_SIZE = 6;
   UNSUPPORTED_BLOCK_MODE = 7;
   INCOMPATIBLE_BLOCK_MODE = 8;
   UNSUPPORTED_MAC_LENGTH = 9;
   UNSUPPORTED_PADDING_MODE = 10;
   INCOMPATIBLE_PADDING_MODE = 11;
   UNSUPPORTED_DIGEST = 12;
   INCOMPATIBLE_DIGEST = 13;
   INVALID_EXPIRATION_TIME = 14;
   INVALID_USER_ID = 15;
   INVALID_AUTHORIZATION_TIMEOUT = 16;
   UNSUPPORTED_KEY_FORMAT = 17;
   INCOMPATIBLE_KEY_FORMAT = 18;
   UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19;
   UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20;
   INVALID_INPUT_LENGTH = 21;
   KEY_EXPORT_OPTIONS_INVALID = 22;
   DELEGATION_NOT_ALLOWED = 23;
   KEY_NOT_YET_VALID = 24;
   KEY_EXPIRED = 25;
   KEY_USER_NOT_AUTHENTICATED = 26;
   OUTPUT_PARAMETER_NULL = 27;
   INVALID_OPERATION_HANDLE = 28;
   INSUFFICIENT_BUFFER_SPACE = 29;
   VERIFICATION_FAILED = 30;
   TOO_MANY_OPERATIONS = 31;
   UNEXPECTED_NULL_POINTER = 32;
   INVALID_KEY_BLOB = 33;
   IMPORTED_KEY_NOT_ENCRYPTED = 34;
   IMPORTED_KEY_DECRYPTION_FAILED = 35;
   IMPORTED_KEY_NOT_SIGNED = 36;
   IMPORTED_KEY_VERIFICATION_FAILED = 37;
   INVALID_ARGUMENT = 38;
   UNSUPPORTED_TAG = 39;
   INVALID_TAG = 40;
   MEMORY_ALLOCATION_FAILED = 41;
   IMPORT_PARAMETER_MISMATCH = 42;
   SECURE_HW_ACCESS_DENIED = 43;
   OPERATION_CANCELLED = 44;
   CONCURRENT_ACCESS_CONFLICT = 45;
   SECURE_HW_BUSY = 46;
   SECURE_HW_COMMUNICATION_FAILED = 47;
   UNSUPPORTED_EC_FIELD = 48;
   MISSING_NONCE = 49;
   INVALID_NONCE = 50;
   MISSING_MAC_LENGTH = 51;
   KEY_RATE_LIMIT_EXCEEDED = 52;
   CALLER_NONCE_PROHIBITED = 53;
   KEY_MAX_OPS_EXCEEDED = 54;
   INVALID_MAC_LENGTH = 55;
   MISSING_MIN_MAC_LENGTH = 56;
   UNSUPPORTED_MIN_MAC_LENGTH = 57;
   UNSUPPORTED_KDF = 58;
   UNSUPPORTED_EC_CURVE = 59;
   KEY_REQUIRES_UPGRADE = 60;
   ATTESTATION_CHALLENGE_MISSING = 61;
   KEYMASTER_NOT_CONFIGURED = 62;
   ATTESTATION_APPLICATION_ID_MISSING = 63;
   CANNOT_ATTEST_IDS = 64;
   UNIMPLEMENTED = 65;
   VERSION_MISMATCH = 66;
   ROLLBACK_RESISTANCE_UNAVAILABLE = 67;
   HARDWARE_TYPE_UNAVAILABLE = 68;
   PROOF_OF_PRESENCE_REQUIRED = 69;
   CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70;
   UNKNOWN_ERROR = 71;
   INVALID_DEVICE_IDS = 72;                // Vendor specific.
   PRODUCTION_MODE_PROVISIONING = 73;      // Vendor specific.
   NO_USER_CONFIRMATION = 74;
   KEY_UPGRADE_NOT_REQUIRED = 75;          // Vendor specific.
   DEVICE_LOCKED = 76;
   EARLY_BOOT_ENDED = 77;
   ATTESTATION_KEYS_NOT_PROVISIONED = 78;
   ATTESTATION_IDS_NOT_PROVISIONED = 79;
   INVALID_OPERATION = 80;
   STORAGE_KEY_UNSUPPORTED = 81;
   INCOMPATIBLE_MGF_DIGEST = 82;
   UNSUPPORTED_MGF_DIGEST = 83;
   INVALID_MAC = 84;                       // RKP specific.
   PRODUCTION_KEY_IN_TEST_REQUEST = 85;    // RKP specific.
   TEST_KEY_IN_PRODUCTION_REQUEST = 86;    // RKP specific.
   INVALID_EEK = 87;                       // RKP specific.
 };

 enum SecurityLevel {
   SOFTWARE = 0;
   TRUSTED_ENVIRONMENT = 1;
   STRONGBOX = 2;
 };

 // NOTE: these enum values must be kept in sync with the HAL,
 // as they are used in an HMAC calculation.
 enum HardwareAuthenticatorType {
   HW_AUTH_NONE = 0;
   HW_AUTH_PASSWORD = 1;
   HW_AUTH_FINGERPRINT = 2;
   // Additional entries must be powers of 2.
 };

 enum KeyFormat {
   X509 = 0;   /* for public key export */
   PKCS8 = 1;  /* for asymmetric key pair import */
   RAW = 3;    /* for symmetric key import and export*/
 }

 enum DTupError {
   DTUP_OK = 0;
   DTUP_NO_EVENT = 1;
 }

 /* matches Linux event device codes */
 enum DTupKeyEvent {
     DTUP_RESERVED = 0;
     DTUP_VOL_DOWN = 114;
     DTUP_VOL_UP = 115;
     DTUP_PWR = 116;
 }

 enum BootColor {
     BOOT_VERIFIED_GREEN = 0;
     BOOT_SELFSIGNED_YELLOW = 1;
     BOOT_UNVERIFIED_ORANGE = 2;
     BOOT_VERIFY_FAILED_RED = 3;
 }

 enum ChipFusing {
     FUSING_PROTO = 0;
     FUSING_DVT = 1;
     FUSING_PVT = 2;     // Strongbox gen v0 certs.
     FUSING_PVT_1 = 3;   // Strongbox gen v1 certs.
     FUSING_D_PVT = 4;   // Dauntless gen v0 certs.
     FUSING_D_PVT_1 = 5; // Dauntless gen v1 certs.
 }

 enum CertificateStatus {
   CERT_PREVIOUSLY_PROVISIONED = 0;
   CERT_MISSING = 1;
   CERT_CHECKSUM = 2;
   CERT_UNKNOWN_ERROR = 3;
   CERT_WRONG_PACKET = 4;
 }
	/*
	* Copyright (C) 2017 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	syntax = "proto3";

	package nugget.app.keymaster;

	/*
	* Minimal type definitions required for building protos. Sourced from:
	* ::android::hardware::keymaster::V3_0
	*/
	enum TagType {
	TAG_TYPE_INVALID = 0x0; /* 0 << 16 */
	ENUM = 0x10000; /* 1 << 16 */
	ENUM_REP = 0x20000; /* 2 << 16 */
	UINT = 0x30000; /* 3 << 16 */
	UINT_REP = 0x40000; /* 4 << 16 */
	ULONG = 0x50000; /* 5 << 16 */
	DATE = 0x60000; /* 6 << 16 */
	BOOL = 0x70000; /* 7 << 16 */
	BIGNUM_ = 0x80000; /* 8 << 16 */
	BYTES = 0x90000; /* 9 << 16 */
	ULONG_REP = 0xA0000; /* 10 << 16 */
	};

	enum Tag {
	TAG_INVALID = 0; // (TagType:INVALID \| 0)
	PURPOSE = 0x20001; // (TagType:ENUM_REP \| 1)
	ALGORITHM = 0x10002; // (TagType:ENUM \| 2)
	KEY_SIZE = 0x30003; // (TagType:UINT \| 3)
	BLOCK_MODE = 0x20004; // (TagType:ENUM_REP \| 4)
	DIGEST = 0x20005; // (TagType:ENUM_REP \| 5)
	PADDING = 0x20006; // (TagType:ENUM_REP \| 6)
	CALLER_NONCE = 0x70007; // (TagType:BOOL \| 7)
	MIN_MAC_LENGTH = 0x30008; // (TagType:UINT \| 8)
	/* RESERVED: KDF = 0x20009; // (TagType:ENUM_REP \| 9) */
	EC_CURVE = 0x1000a; // (TagType:ENUM \| 10)
	RSA_PUBLIC_EXPONENT = 0x500c8; // (TagType:ULONG \| 200)
	/* RESERVED: ECIES_SINGLE_HASH_MODE = 0x700c9; // (TagType:BOOL \| 201) */
	INCLUDE_UNIQUE_ID = 0x700ca; // (TagType:BOOL \| 202)
	RSA_OAEP_MGF_DIGEST = 0x200cb; // (TagType:ENUM_REP \| 203)
	BLOB_USAGE_REQUIREMENTS = 0x1012d; // (TagType:ENUM \| 301)
	BOOTLOADER_ONLY = 0x7012e; // (TagType:BOOL \| 302)
	ROLLBACK_RESISTANCE = 0x7012f; // (TagType:BOOL \| 303)
	HARDWARE_TYPE = 0x10130; // TagType:ENUM \| 304,
	EARLY_BOOT_ONLY = 0x70131; // TagType:BOOL \| 305,
	ACTIVE_DATETIME = 0x60190; // (TagType:DATE \| 400)
	ORIGINATION_EXPIRE_DATETIME = 0x60191; // (TagType:DATE \| 401)
	USAGE_EXPIRE_DATETIME = 0x60192; // (TagType:DATE \| 402)
	MIN_SECONDS_BETWEEN_OPS = 0x30193; // (TagType:UINT \| 403)
	MAX_USES_PER_BOOT = 0x30194; // (TagType:UINT \| 404)
	USAGE_COUNT_LIMIT = 0x30195; // (TagType:UINT \| 405)
	/* RESERVED: ALL_USERS = 0x701f4; // (TagType:BOOL \| 500) */
	USER_ID = 0x301f5; // (TagType:UINT \| 501)
	USER_SECURE_ID = 0xa01f6; // (TagType:ULONG_REP \| 502)
	NO_AUTH_REQUIRED = 0x701f7; // (TagType:BOOL \| 503)
	USER_AUTH_TYPE = 0x101f8; // (TagType:ENUM \| 504)
	AUTH_TIMEOUT = 0x301f9; // (TagType:UINT \| 505)
	ALLOW_WHILE_ON_BODY = 0x701fa; // (TagType:BOOL \| 506)
	TRUSTED_USER_PRESENCE_REQUIRED = 0x701fb; // (TagType:BOOL \| 507)
	TRUSTED_CONFIRMATION_REQUIRED = 0x701fc; // (TagType:BOOL \| 508)
	UNLOCKED_DEVICE_REQUIRED = 0x701fd; // (TagType:BOOL \| 509)
	/* RESERVED: ALL_APPLICATIONS = 0x70258; // (TagType:BOOL \| 600) */
	APPLICATION_ID = 0x90259; // (TagType:BYTES \| 601)
	/* RESERVED: EXPORTABLE = 0x7025a; // (TagType:BOOL \| 602) */
	APPLICATION_DATA = 0x902bc; // (TagType:BYTES \| 700)
	CREATION_DATETIME = 0x602bd; // (TagType:DATE \| 701)
	ORIGIN = 0x102be; // (TagType:ENUM \| 702)
	/* RESERVED: ROLLBACK_RESISTANT = 0x702bf; // (TagType:BOOL \| 703) */
	ROOT_OF_TRUST = 0x902c0; // (TagType:BYTES \| 704)
	OS_VERSION = 0x302c1; // (TagType:UINT \| 705)
	OS_PATCHLEVEL = 0x302c2; // (TagType:UINT \| 706)
	UNIQUE_ID = 0x902c3; // (TagType:BYTES \| 707)
	ATTESTATION_CHALLENGE = 0x902c4; // (TagType:BYTES \| 708)
	ATTESTATION_APPLICATION_ID = 0x902c5; // (TagType:BYTES \| 709)
	ATTESTATION_ID_BRAND = 0x902c6; // (TagType:BYTES \| 710)
	ATTESTATION_ID_DEVICE = 0x902c7; // (TagType:BYTES \| 711)
	ATTESTATION_ID_PRODUCT = 0x902c8; // (TagType:BYTES \| 712)
	ATTESTATION_ID_SERIAL = 0x902c9; // (TagType:BYTES \| 713)
	ATTESTATION_ID_IMEI = 0x902ca; // (TagType:BYTES \| 714)
	ATTESTATION_ID_MEID = 0x902cb; // (TagType:BYTES \| 715)
	ATTESTATION_ID_MANUFACTURER = 0x902cc; // (TagType:BYTES \| 716)
	ATTESTATION_ID_MODEL = 0x902cd; // (TagType:BYTES \| 717)
	VENDOR_PATCHLEVEL = 0x302ce; // (TagType:UINT \| 718)
	BOOT_PATCHLEVEL = 0x302cf; // (TagType:UINT \| 719)
	DEVICE_UNIQUE_ATTESTATION = 0x702d0; // (TagType:BOOL \| 720)
	IDENTITY_CREDENTIAL_KEY = 0x702d1; // (TagType:BOOL \| 721)
	STORAGE_KEY = 0x702d2; // (TagType:BOOL \| 722)
	ASSOCIATED_DATA = 0x903e8; // (TagType:BYTES \| 1000)
	NONCE = 0x903e9; // (TagType:BYTES \| 1001)
	/* RESERVED: AUTH_TOKEN = 0x903ea; // (TagType:BYTES \| 1002) */
	MAC_LENGTH = 0x303eb; // (TagType:UINT \| 1003)
	RESET_SINCE_ID_ROTATION = 0x703ec; // (TagType:BOOL \| 1004)
	CONFIRMATION_TOKEN = 0x903ed; // (TagType:BYTES \| 1005)
	CERTIFICATE_SERIAL = 0x803ee; // (TagType:BIGNUM \| 1006)
	CERTIFICATE_SUBJECT = 0x903ef; // (TagType:BYTES \| 1007)
	};

	enum Algorithm {
	RSA = 0;
	EC = 1;
	AES = 2;
	DES = 3;
	HMAC = 4;
	ALGORITHM_MAX = 5;
	};

	enum BlockMode {
	ECB = 0;
	CBC = 1;
	CTR = 2;
	GCM = 3;
	BLOCK_MODE_MAX = 4;
	};

	enum PaddingMode {
	PADDING_NONE = 0;
	PADDING_RSA_OAEP = 1;
	PADDING_RSA_PSS = 2;
	PADDING_RSA_PKCS1_1_5_ENCRYPT = 3;
	PADDING_RSA_PKCS1_1_5_SIGN = 4;
	PADDING_PKCS7 = 5;
	PADDING_MODE_MAX = 6;
	};

	enum Digest {
	DIGEST_NONE = 0;
	DIGEST_MD5 = 1;
	DIGEST_SHA1 = 2;
	DIGEST_SHA_2_224 = 3;
	DIGEST_SHA_2_256 = 4;
	DIGEST_SHA_2_384 = 5;
	DIGEST_SHA_2_512 = 6;
	DIGEST_MAX = 7;
	};

	enum EcCurve {
	P_224 = 0;
	P_256 = 1;
	P_384 = 2;
	P_521 = 3;
	EC_CURVE_MAX = 4;
	};

	enum KeyOrigin {
	GENERATED = 0;
	DERIVED = 1;
	IMPORTED = 2;
	UNKNOWN = 3;
	SECURELY_IMPORTED = 4;
	KEY_ORIGIN_MAX = 5;
	};

	enum KeyBlobUsageRequirements {
	STANDALONE = 0;
	REQUIRES_FILE_SYSTEM = 1;
	KEY_USAGE_MAX = 2;
	};

	enum KeyPurpose {
	ENCRYPT = 0;
	DECRYPT = 1;
	SIGN = 2;
	VERIFY = 3;
	/* RESERVED: DERIVE_KEY = 4; */
	WRAP_KEY = 5;
	AGREE_KEY = 6;
	ATTEST_KEY = 7;
	PURPOSE_MAX = 8;
	};

	enum ErrorCode {
	OK = 0;
	ROOT_OF_TRUST_ALREADY_SET = 1;
	UNSUPPORTED_PURPOSE = 2;
	INCOMPATIBLE_PURPOSE = 3;
	UNSUPPORTED_ALGORITHM = 4;
	INCOMPATIBLE_ALGORITHM = 5;
	UNSUPPORTED_KEY_SIZE = 6;
	UNSUPPORTED_BLOCK_MODE = 7;
	INCOMPATIBLE_BLOCK_MODE = 8;
	UNSUPPORTED_MAC_LENGTH = 9;
	UNSUPPORTED_PADDING_MODE = 10;
	INCOMPATIBLE_PADDING_MODE = 11;
	UNSUPPORTED_DIGEST = 12;
	INCOMPATIBLE_DIGEST = 13;
	INVALID_EXPIRATION_TIME = 14;
	INVALID_USER_ID = 15;
	INVALID_AUTHORIZATION_TIMEOUT = 16;
	UNSUPPORTED_KEY_FORMAT = 17;
	INCOMPATIBLE_KEY_FORMAT = 18;
	UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19;
	UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20;
	INVALID_INPUT_LENGTH = 21;
	KEY_EXPORT_OPTIONS_INVALID = 22;
	DELEGATION_NOT_ALLOWED = 23;
	KEY_NOT_YET_VALID = 24;
	KEY_EXPIRED = 25;
	KEY_USER_NOT_AUTHENTICATED = 26;
	OUTPUT_PARAMETER_NULL = 27;
	INVALID_OPERATION_HANDLE = 28;
	INSUFFICIENT_BUFFER_SPACE = 29;
	VERIFICATION_FAILED = 30;
	TOO_MANY_OPERATIONS = 31;
	UNEXPECTED_NULL_POINTER = 32;
	INVALID_KEY_BLOB = 33;
	IMPORTED_KEY_NOT_ENCRYPTED = 34;
	IMPORTED_KEY_DECRYPTION_FAILED = 35;
	IMPORTED_KEY_NOT_SIGNED = 36;
	IMPORTED_KEY_VERIFICATION_FAILED = 37;
	INVALID_ARGUMENT = 38;
	UNSUPPORTED_TAG = 39;
	INVALID_TAG = 40;
	MEMORY_ALLOCATION_FAILED = 41;
	IMPORT_PARAMETER_MISMATCH = 42;
	SECURE_HW_ACCESS_DENIED = 43;
	OPERATION_CANCELLED = 44;
	CONCURRENT_ACCESS_CONFLICT = 45;
	SECURE_HW_BUSY = 46;
	SECURE_HW_COMMUNICATION_FAILED = 47;
	UNSUPPORTED_EC_FIELD = 48;
	MISSING_NONCE = 49;
	INVALID_NONCE = 50;
	MISSING_MAC_LENGTH = 51;
	KEY_RATE_LIMIT_EXCEEDED = 52;
	CALLER_NONCE_PROHIBITED = 53;
	KEY_MAX_OPS_EXCEEDED = 54;
	INVALID_MAC_LENGTH = 55;
	MISSING_MIN_MAC_LENGTH = 56;
	UNSUPPORTED_MIN_MAC_LENGTH = 57;
	UNSUPPORTED_KDF = 58;
	UNSUPPORTED_EC_CURVE = 59;
	KEY_REQUIRES_UPGRADE = 60;
	ATTESTATION_CHALLENGE_MISSING = 61;
	KEYMASTER_NOT_CONFIGURED = 62;
	ATTESTATION_APPLICATION_ID_MISSING = 63;
	CANNOT_ATTEST_IDS = 64;
	UNIMPLEMENTED = 65;
	VERSION_MISMATCH = 66;
	ROLLBACK_RESISTANCE_UNAVAILABLE = 67;
	HARDWARE_TYPE_UNAVAILABLE = 68;
	PROOF_OF_PRESENCE_REQUIRED = 69;
	CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70;
	UNKNOWN_ERROR = 71;
	INVALID_DEVICE_IDS = 72; // Vendor specific.
	PRODUCTION_MODE_PROVISIONING = 73; // Vendor specific.
	NO_USER_CONFIRMATION = 74;
	KEY_UPGRADE_NOT_REQUIRED = 75; // Vendor specific.
	DEVICE_LOCKED = 76;
	EARLY_BOOT_ENDED = 77;
	ATTESTATION_KEYS_NOT_PROVISIONED = 78;
	ATTESTATION_IDS_NOT_PROVISIONED = 79;
	INVALID_OPERATION = 80;
	STORAGE_KEY_UNSUPPORTED = 81;
	INCOMPATIBLE_MGF_DIGEST = 82;
	UNSUPPORTED_MGF_DIGEST = 83;
	INVALID_MAC = 84; // RKP specific.
	PRODUCTION_KEY_IN_TEST_REQUEST = 85; // RKP specific.
	TEST_KEY_IN_PRODUCTION_REQUEST = 86; // RKP specific.
	INVALID_EEK = 87; // RKP specific.
	};

	enum SecurityLevel {
	SOFTWARE = 0;
	TRUSTED_ENVIRONMENT = 1;
	STRONGBOX = 2;
	};

	// NOTE: these enum values must be kept in sync with the HAL,
	// as they are used in an HMAC calculation.
	enum HardwareAuthenticatorType {
	HW_AUTH_NONE = 0;
	HW_AUTH_PASSWORD = 1;
	HW_AUTH_FINGERPRINT = 2;
	// Additional entries must be powers of 2.
	};

	enum KeyFormat {
	X509 = 0; /* for public key export */
	PKCS8 = 1; /* for asymmetric key pair import */
	RAW = 3; /* for symmetric key import and export*/
	}

	enum DTupError {
	DTUP_OK = 0;
	DTUP_NO_EVENT = 1;
	}

	/* matches Linux event device codes */
	enum DTupKeyEvent {
	DTUP_RESERVED = 0;
	DTUP_VOL_DOWN = 114;
	DTUP_VOL_UP = 115;
	DTUP_PWR = 116;
	}

	enum BootColor {
	BOOT_VERIFIED_GREEN = 0;
	BOOT_SELFSIGNED_YELLOW = 1;
	BOOT_UNVERIFIED_ORANGE = 2;
	BOOT_VERIFY_FAILED_RED = 3;
	}

	enum ChipFusing {
	FUSING_PROTO = 0;
	FUSING_DVT = 1;
	FUSING_PVT = 2; // Strongbox gen v0 certs.
	FUSING_PVT_1 = 3; // Strongbox gen v1 certs.
	FUSING_D_PVT = 4; // Dauntless gen v0 certs.
	FUSING_D_PVT_1 = 5; // Dauntless gen v1 certs.
	}

	enum CertificateStatus {
	CERT_PREVIOUSLY_PROVISIONED = 0;
	CERT_MISSING = 1;
	CERT_CHECKSUM = 2;
	CERT_UNKNOWN_ERROR = 3;
	CERT_WRONG_PACKET = 4;
	}