| /* |
| * Copyright (C) 2017 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| syntax = "proto3"; |
| |
| package nugget.app.keymaster; |
| |
| /* |
| * Minimal type definitions required for building protos. Sourced from: |
| * ::android::hardware::keymaster::V3_0 |
| */ |
| enum TagType { |
| TAG_TYPE_INVALID = 0x0; /* 0 << 16 */ |
| ENUM = 0x10000; /* 1 << 16 */ |
| ENUM_REP = 0x20000; /* 2 << 16 */ |
| UINT = 0x30000; /* 3 << 16 */ |
| UINT_REP = 0x40000; /* 4 << 16 */ |
| ULONG = 0x50000; /* 5 << 16 */ |
| DATE = 0x60000; /* 6 << 16 */ |
| BOOL = 0x70000; /* 7 << 16 */ |
| BIGNUM_ = 0x80000; /* 8 << 16 */ |
| BYTES = 0x90000; /* 9 << 16 */ |
| ULONG_REP = 0xA0000; /* 10 << 16 */ |
| }; |
| |
| enum Tag { |
| TAG_INVALID = 0; // (TagType:INVALID | 0) |
| PURPOSE = 0x20001; // (TagType:ENUM_REP | 1) |
| ALGORITHM = 0x10002; // (TagType:ENUM | 2) |
| KEY_SIZE = 0x30003; // (TagType:UINT | 3) |
| BLOCK_MODE = 0x20004; // (TagType:ENUM_REP | 4) |
| DIGEST = 0x20005; // (TagType:ENUM_REP | 5) |
| PADDING = 0x20006; // (TagType:ENUM_REP | 6) |
| CALLER_NONCE = 0x70007; // (TagType:BOOL | 7) |
| MIN_MAC_LENGTH = 0x30008; // (TagType:UINT | 8) |
| /* RESERVED: KDF = 0x20009; // (TagType:ENUM_REP | 9) */ |
| EC_CURVE = 0x1000a; // (TagType:ENUM | 10) |
| RSA_PUBLIC_EXPONENT = 0x500c8; // (TagType:ULONG | 200) |
| /* RESERVED: ECIES_SINGLE_HASH_MODE = 0x700c9; // (TagType:BOOL | 201) */ |
| INCLUDE_UNIQUE_ID = 0x700ca; // (TagType:BOOL | 202) |
| RSA_OAEP_MGF_DIGEST = 0x200cb; // (TagType:ENUM_REP | 203) |
| BLOB_USAGE_REQUIREMENTS = 0x1012d; // (TagType:ENUM | 301) |
| BOOTLOADER_ONLY = 0x7012e; // (TagType:BOOL | 302) |
| ROLLBACK_RESISTANCE = 0x7012f; // (TagType:BOOL | 303) |
| HARDWARE_TYPE = 0x10130; // TagType:ENUM | 304, |
| EARLY_BOOT_ONLY = 0x70131; // TagType:BOOL | 305, |
| ACTIVE_DATETIME = 0x60190; // (TagType:DATE | 400) |
| ORIGINATION_EXPIRE_DATETIME = 0x60191; // (TagType:DATE | 401) |
| USAGE_EXPIRE_DATETIME = 0x60192; // (TagType:DATE | 402) |
| MIN_SECONDS_BETWEEN_OPS = 0x30193; // (TagType:UINT | 403) |
| MAX_USES_PER_BOOT = 0x30194; // (TagType:UINT | 404) |
| USAGE_COUNT_LIMIT = 0x30195; // (TagType:UINT | 405) |
| /* RESERVED: ALL_USERS = 0x701f4; // (TagType:BOOL | 500) */ |
| USER_ID = 0x301f5; // (TagType:UINT | 501) |
| USER_SECURE_ID = 0xa01f6; // (TagType:ULONG_REP | 502) |
| NO_AUTH_REQUIRED = 0x701f7; // (TagType:BOOL | 503) |
| USER_AUTH_TYPE = 0x101f8; // (TagType:ENUM | 504) |
| AUTH_TIMEOUT = 0x301f9; // (TagType:UINT | 505) |
| ALLOW_WHILE_ON_BODY = 0x701fa; // (TagType:BOOL | 506) |
| TRUSTED_USER_PRESENCE_REQUIRED = 0x701fb; // (TagType:BOOL | 507) |
| TRUSTED_CONFIRMATION_REQUIRED = 0x701fc; // (TagType:BOOL | 508) |
| UNLOCKED_DEVICE_REQUIRED = 0x701fd; // (TagType:BOOL | 509) |
| /* RESERVED: ALL_APPLICATIONS = 0x70258; // (TagType:BOOL | 600) */ |
| APPLICATION_ID = 0x90259; // (TagType:BYTES | 601) |
| /* RESERVED: EXPORTABLE = 0x7025a; // (TagType:BOOL | 602) */ |
| APPLICATION_DATA = 0x902bc; // (TagType:BYTES | 700) |
| CREATION_DATETIME = 0x602bd; // (TagType:DATE | 701) |
| ORIGIN = 0x102be; // (TagType:ENUM | 702) |
| /* RESERVED: ROLLBACK_RESISTANT = 0x702bf; // (TagType:BOOL | 703) */ |
| ROOT_OF_TRUST = 0x902c0; // (TagType:BYTES | 704) |
| OS_VERSION = 0x302c1; // (TagType:UINT | 705) |
| OS_PATCHLEVEL = 0x302c2; // (TagType:UINT | 706) |
| UNIQUE_ID = 0x902c3; // (TagType:BYTES | 707) |
| ATTESTATION_CHALLENGE = 0x902c4; // (TagType:BYTES | 708) |
| ATTESTATION_APPLICATION_ID = 0x902c5; // (TagType:BYTES | 709) |
| ATTESTATION_ID_BRAND = 0x902c6; // (TagType:BYTES | 710) |
| ATTESTATION_ID_DEVICE = 0x902c7; // (TagType:BYTES | 711) |
| ATTESTATION_ID_PRODUCT = 0x902c8; // (TagType:BYTES | 712) |
| ATTESTATION_ID_SERIAL = 0x902c9; // (TagType:BYTES | 713) |
| ATTESTATION_ID_IMEI = 0x902ca; // (TagType:BYTES | 714) |
| ATTESTATION_ID_MEID = 0x902cb; // (TagType:BYTES | 715) |
| ATTESTATION_ID_MANUFACTURER = 0x902cc; // (TagType:BYTES | 716) |
| ATTESTATION_ID_MODEL = 0x902cd; // (TagType:BYTES | 717) |
| VENDOR_PATCHLEVEL = 0x302ce; // (TagType:UINT | 718) |
| BOOT_PATCHLEVEL = 0x302cf; // (TagType:UINT | 719) |
| DEVICE_UNIQUE_ATTESTATION = 0x702d0; // (TagType:BOOL | 720) |
| IDENTITY_CREDENTIAL_KEY = 0x702d1; // (TagType:BOOL | 721) |
| STORAGE_KEY = 0x702d2; // (TagType:BOOL | 722) |
| ASSOCIATED_DATA = 0x903e8; // (TagType:BYTES | 1000) |
| NONCE = 0x903e9; // (TagType:BYTES | 1001) |
| /* RESERVED: AUTH_TOKEN = 0x903ea; // (TagType:BYTES | 1002) */ |
| MAC_LENGTH = 0x303eb; // (TagType:UINT | 1003) |
| RESET_SINCE_ID_ROTATION = 0x703ec; // (TagType:BOOL | 1004) |
| CONFIRMATION_TOKEN = 0x903ed; // (TagType:BYTES | 1005) |
| CERTIFICATE_SERIAL = 0x803ee; // (TagType:BIGNUM | 1006) |
| CERTIFICATE_SUBJECT = 0x903ef; // (TagType:BYTES | 1007) |
| }; |
| |
| enum Algorithm { |
| RSA = 0; |
| EC = 1; |
| AES = 2; |
| DES = 3; |
| HMAC = 4; |
| ALGORITHM_MAX = 5; |
| }; |
| |
| enum BlockMode { |
| ECB = 0; |
| CBC = 1; |
| CTR = 2; |
| GCM = 3; |
| BLOCK_MODE_MAX = 4; |
| }; |
| |
| enum PaddingMode { |
| PADDING_NONE = 0; |
| PADDING_RSA_OAEP = 1; |
| PADDING_RSA_PSS = 2; |
| PADDING_RSA_PKCS1_1_5_ENCRYPT = 3; |
| PADDING_RSA_PKCS1_1_5_SIGN = 4; |
| PADDING_PKCS7 = 5; |
| PADDING_MODE_MAX = 6; |
| }; |
| |
| enum Digest { |
| DIGEST_NONE = 0; |
| DIGEST_MD5 = 1; |
| DIGEST_SHA1 = 2; |
| DIGEST_SHA_2_224 = 3; |
| DIGEST_SHA_2_256 = 4; |
| DIGEST_SHA_2_384 = 5; |
| DIGEST_SHA_2_512 = 6; |
| DIGEST_MAX = 7; |
| }; |
| |
| enum EcCurve { |
| P_224 = 0; |
| P_256 = 1; |
| P_384 = 2; |
| P_521 = 3; |
| EC_CURVE_MAX = 4; |
| }; |
| |
| enum KeyOrigin { |
| GENERATED = 0; |
| DERIVED = 1; |
| IMPORTED = 2; |
| UNKNOWN = 3; |
| SECURELY_IMPORTED = 4; |
| KEY_ORIGIN_MAX = 5; |
| }; |
| |
| enum KeyBlobUsageRequirements { |
| STANDALONE = 0; |
| REQUIRES_FILE_SYSTEM = 1; |
| KEY_USAGE_MAX = 2; |
| }; |
| |
| enum KeyPurpose { |
| ENCRYPT = 0; |
| DECRYPT = 1; |
| SIGN = 2; |
| VERIFY = 3; |
| /* RESERVED: DERIVE_KEY = 4; */ |
| WRAP_KEY = 5; |
| AGREE_KEY = 6; |
| ATTEST_KEY = 7; |
| PURPOSE_MAX = 8; |
| }; |
| |
| enum ErrorCode { |
| OK = 0; |
| ROOT_OF_TRUST_ALREADY_SET = 1; |
| UNSUPPORTED_PURPOSE = 2; |
| INCOMPATIBLE_PURPOSE = 3; |
| UNSUPPORTED_ALGORITHM = 4; |
| INCOMPATIBLE_ALGORITHM = 5; |
| UNSUPPORTED_KEY_SIZE = 6; |
| UNSUPPORTED_BLOCK_MODE = 7; |
| INCOMPATIBLE_BLOCK_MODE = 8; |
| UNSUPPORTED_MAC_LENGTH = 9; |
| UNSUPPORTED_PADDING_MODE = 10; |
| INCOMPATIBLE_PADDING_MODE = 11; |
| UNSUPPORTED_DIGEST = 12; |
| INCOMPATIBLE_DIGEST = 13; |
| INVALID_EXPIRATION_TIME = 14; |
| INVALID_USER_ID = 15; |
| INVALID_AUTHORIZATION_TIMEOUT = 16; |
| UNSUPPORTED_KEY_FORMAT = 17; |
| INCOMPATIBLE_KEY_FORMAT = 18; |
| UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; |
| UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20; |
| INVALID_INPUT_LENGTH = 21; |
| KEY_EXPORT_OPTIONS_INVALID = 22; |
| DELEGATION_NOT_ALLOWED = 23; |
| KEY_NOT_YET_VALID = 24; |
| KEY_EXPIRED = 25; |
| KEY_USER_NOT_AUTHENTICATED = 26; |
| OUTPUT_PARAMETER_NULL = 27; |
| INVALID_OPERATION_HANDLE = 28; |
| INSUFFICIENT_BUFFER_SPACE = 29; |
| VERIFICATION_FAILED = 30; |
| TOO_MANY_OPERATIONS = 31; |
| UNEXPECTED_NULL_POINTER = 32; |
| INVALID_KEY_BLOB = 33; |
| IMPORTED_KEY_NOT_ENCRYPTED = 34; |
| IMPORTED_KEY_DECRYPTION_FAILED = 35; |
| IMPORTED_KEY_NOT_SIGNED = 36; |
| IMPORTED_KEY_VERIFICATION_FAILED = 37; |
| INVALID_ARGUMENT = 38; |
| UNSUPPORTED_TAG = 39; |
| INVALID_TAG = 40; |
| MEMORY_ALLOCATION_FAILED = 41; |
| IMPORT_PARAMETER_MISMATCH = 42; |
| SECURE_HW_ACCESS_DENIED = 43; |
| OPERATION_CANCELLED = 44; |
| CONCURRENT_ACCESS_CONFLICT = 45; |
| SECURE_HW_BUSY = 46; |
| SECURE_HW_COMMUNICATION_FAILED = 47; |
| UNSUPPORTED_EC_FIELD = 48; |
| MISSING_NONCE = 49; |
| INVALID_NONCE = 50; |
| MISSING_MAC_LENGTH = 51; |
| KEY_RATE_LIMIT_EXCEEDED = 52; |
| CALLER_NONCE_PROHIBITED = 53; |
| KEY_MAX_OPS_EXCEEDED = 54; |
| INVALID_MAC_LENGTH = 55; |
| MISSING_MIN_MAC_LENGTH = 56; |
| UNSUPPORTED_MIN_MAC_LENGTH = 57; |
| UNSUPPORTED_KDF = 58; |
| UNSUPPORTED_EC_CURVE = 59; |
| KEY_REQUIRES_UPGRADE = 60; |
| ATTESTATION_CHALLENGE_MISSING = 61; |
| KEYMASTER_NOT_CONFIGURED = 62; |
| ATTESTATION_APPLICATION_ID_MISSING = 63; |
| CANNOT_ATTEST_IDS = 64; |
| UNIMPLEMENTED = 65; |
| VERSION_MISMATCH = 66; |
| ROLLBACK_RESISTANCE_UNAVAILABLE = 67; |
| HARDWARE_TYPE_UNAVAILABLE = 68; |
| PROOF_OF_PRESENCE_REQUIRED = 69; |
| CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70; |
| UNKNOWN_ERROR = 71; |
| INVALID_DEVICE_IDS = 72; // Vendor specific. |
| PRODUCTION_MODE_PROVISIONING = 73; // Vendor specific. |
| NO_USER_CONFIRMATION = 74; |
| KEY_UPGRADE_NOT_REQUIRED = 75; // Vendor specific. |
| DEVICE_LOCKED = 76; |
| EARLY_BOOT_ENDED = 77; |
| ATTESTATION_KEYS_NOT_PROVISIONED = 78; |
| ATTESTATION_IDS_NOT_PROVISIONED = 79; |
| INVALID_OPERATION = 80; |
| STORAGE_KEY_UNSUPPORTED = 81; |
| INCOMPATIBLE_MGF_DIGEST = 82; |
| UNSUPPORTED_MGF_DIGEST = 83; |
| }; |
| |
| enum SecurityLevel { |
| SOFTWARE = 0; |
| TRUSTED_ENVIRONMENT = 1; |
| STRONGBOX = 2; |
| }; |
| |
| // NOTE: these enum values must be kept in sync with the HAL, |
| // as they are used in an HMAC calculation. |
| enum HardwareAuthenticatorType { |
| HW_AUTH_NONE = 0; |
| HW_AUTH_PASSWORD = 1; |
| HW_AUTH_FINGERPRINT = 2; |
| // Additional entries must be powers of 2. |
| }; |
| |
| enum KeyFormat { |
| X509 = 0; /* for public key export */ |
| PKCS8 = 1; /* for asymmetric key pair import */ |
| RAW = 3; /* for symmetric key import and export*/ |
| } |
| |
| enum DTupError { |
| DTUP_OK = 0; |
| DTUP_NO_EVENT = 1; |
| } |
| |
| /* matches Linux event device codes */ |
| enum DTupKeyEvent { |
| DTUP_RESERVED = 0; |
| DTUP_VOL_DOWN = 114; |
| DTUP_VOL_UP = 115; |
| DTUP_PWR = 116; |
| } |
| |
| enum BootColor { |
| BOOT_VERIFIED_GREEN = 0; |
| BOOT_SELFSIGNED_YELLOW = 1; |
| BOOT_UNVERIFIED_ORANGE = 2; |
| BOOT_VERIFY_FAILED_RED = 3; |
| } |
| |
| enum ChipFusing { |
| FUSING_PROTO = 0; |
| FUSING_DVT = 1; |
| FUSING_PVT = 2; // Strongbox gen v0 certs. |
| FUSING_PVT_1 = 3; // Strongbox gen v1 certs. |
| FUSING_D_PVT = 4; // Dauntless gen v0 certs. |
| FUSING_D_PVT_1 = 5; // Dauntless gen v1 certs. |
| } |
| |
| enum CertificateStatus { |
| CERT_PREVIOUSLY_PROVISIONED = 0; |
| CERT_MISSING = 1; |
| CERT_CHECKSUM = 2; |
| CERT_UNKNOWN_ERROR = 3; |
| CERT_WRONG_PACKET = 4; |
| } |