Home | History | Annotate | Download | only in keystore 
      1 /*
      2  * Copyright (C) 2009 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #ifndef __KEYSTORE_H__
     18 #define __KEYSTORE_H__
     19 
     20 #include <stdint.h>
     21 
     22 // note state values overlap with ResponseCode for the purposes of the state() API
     23 enum State {
     24     STATE_NO_ERROR      = 1,
     25     STATE_LOCKED        = 2,
     26     STATE_UNINITIALIZED = 3,
     27 };
     28 
     29 enum class ResponseCode: int32_t {
     30     NO_ERROR          =  STATE_NO_ERROR, // 1
     31     LOCKED            =  STATE_LOCKED, // 2
     32     UNINITIALIZED     =  STATE_UNINITIALIZED, // 3
     33     SYSTEM_ERROR      =  4,
     34     PROTOCOL_ERROR    =  5,
     35     PERMISSION_DENIED =  6,
     36     KEY_NOT_FOUND     =  7,
     37     VALUE_CORRUPTED   =  8,
     38     UNDEFINED_ACTION  =  9,
     39     WRONG_PASSWORD_0  = 10,
     40     WRONG_PASSWORD_1  = 11,
     41     WRONG_PASSWORD_2  = 12,
     42     WRONG_PASSWORD_3  = 13, // MAX_RETRY = 4
     43     SIGNATURE_INVALID = 14,
     44     OP_AUTH_NEEDED    = 15, // Auth is needed for this operation before it can be used.
     45 };
     46 
     47 /*
     48  * All the flags for import and insert calls.
     49  */
     50 enum KeyStoreFlag : uint8_t {
     51     KEYSTORE_FLAG_NONE = 0,
     52     KEYSTORE_FLAG_ENCRYPTED = 1 << 0,
     53     KEYSTORE_FLAG_FALLBACK = 1 << 1,
     54     // KEYSTORE_FLAG_SUPER_ENCRYPTED is for blobs that are already encrypted by keymaster but have
     55     // an additional layer of password-based encryption applied.  The same encryption scheme is used
     56     // as KEYSTORE_FLAG_ENCRYPTED, but it's safe to remove super-encryption when the password is
     57     // cleared, rather than deleting blobs, and the error returned when attempting to use a
     58     // super-encrypted blob while keystore is locked is different.
     59     KEYSTORE_FLAG_SUPER_ENCRYPTED = 1 << 2,
     60     // KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION is for blobs that are part of device encryption
     61     // flow so it receives special treatment from keystore. For example this blob will not be super
     62     // encrypted, and it will be stored separately under an unique UID instead. This flag should
     63     // only be available to system uid.
     64     KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION = 1 << 3,
     65 };
     66 
     67 /**
     68  * Returns the size of the softkey magic header value for measuring
     69  * and allocating purposes.
     70  */
     71 size_t get_softkey_header_size();
     72 
     73 /**
     74  * Adds the magic softkey header to a key blob.
     75  *
     76  * Returns NULL if the destination array is too small. Otherwise it
     77  * returns the offset directly after the magic value.
     78  */
     79 uint8_t* add_softkey_header(uint8_t* key_blob, size_t key_blob_length);
     80 
     81 /**
     82  * Returns true if the key blob has a magic softkey header at the beginning.
     83  */
     84 bool is_softkey(const uint8_t* key_blob, const size_t key_blob_length);
     85 
     86 #endif
     87