Home | History | Annotate | Download | only in keystore
      1 /*
      2  * Copyright (C) 2009 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #ifndef __KEYSTORE_H__
     18 #define __KEYSTORE_H__
     19 
     20 #include <stdint.h>
     21 
     22 // note state values overlap with ResponseCode for the purposes of the state() API
     23 enum State {
     24     STATE_NO_ERROR      = 1,
     25     STATE_LOCKED        = 2,
     26     STATE_UNINITIALIZED = 3,
     27 };
     28 
     29 // must be in sync with KeyStore.java,
     30 enum class ResponseCode: int32_t {
     31     NO_ERROR          =  STATE_NO_ERROR, // 1
     32     LOCKED            =  STATE_LOCKED, // 2
     33     UNINITIALIZED     =  STATE_UNINITIALIZED, // 3
     34     SYSTEM_ERROR      =  4,
     35     PROTOCOL_ERROR    =  5,
     36     PERMISSION_DENIED =  6,
     37     KEY_NOT_FOUND     =  7,
     38     VALUE_CORRUPTED   =  8,
     39     UNDEFINED_ACTION  =  9,
     40     WRONG_PASSWORD_0  = 10,
     41     WRONG_PASSWORD_1  = 11,
     42     WRONG_PASSWORD_2  = 12,
     43     WRONG_PASSWORD_3  = 13, // MAX_RETRY = 4
     44     SIGNATURE_INVALID = 14,
     45     OP_AUTH_NEEDED    = 15, // Auth is needed for this operation before it can be used.
     46 };
     47 
     48 /*
     49  * All the flags for import and insert calls.
     50  */
     51 enum KeyStoreFlag : uint8_t {
     52     KEYSTORE_FLAG_NONE = 0,
     53     KEYSTORE_FLAG_ENCRYPTED = 1 << 0,
     54     KEYSTORE_FLAG_FALLBACK = 1 << 1,
     55     // KEYSTORE_FLAG_SUPER_ENCRYPTED is for blobs that are already encrypted by keymaster but have
     56     // an additional layer of password-based encryption applied.  The same encryption scheme is used
     57     // as KEYSTORE_FLAG_ENCRYPTED, but it's safe to remove super-encryption when the password is
     58     // cleared, rather than deleting blobs, and the error returned when attempting to use a
     59     // super-encrypted blob while keystore is locked is different.
     60     KEYSTORE_FLAG_SUPER_ENCRYPTED = 1 << 2,
     61     // KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION is for blobs that are part of device encryption
     62     // flow so it receives special treatment from keystore. For example this blob will not be super
     63     // encrypted, and it will be stored separately under an unique UID instead. This flag should
     64     // only be available to system uid.
     65     KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION = 1 << 3,
     66     KEYSTORE_FLAG_STRONGBOX = 1 << 4,
     67 };
     68 
     69 #endif
     70