1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 syntax = "proto3"; 18 19 package nugget.app.keymaster; 20 21 /* 22 * Minimal type definitions required for building protos. Sourced from: 23 * ::android::hardware::keymaster::V3_0 24 */ 25 enum TagType { 26 TAG_TYPE_INVALID = 0x0; /* 0 << 16 */ 27 ENUM = 0x10000; /* 1 << 16 */ 28 ENUM_REP = 0x20000; /* 2 << 16 */ 29 UINT = 0x30000; /* 3 << 16 */ 30 UINT_REP = 0x40000; /* 4 << 16 */ 31 ULONG = 0x50000; /* 5 << 16 */ 32 DATE = 0x60000; /* 6 << 16 */ 33 BOOL = 0x70000; /* 7 << 16 */ 34 /* BIGNUM = 0x80000; 8 << 16 */ /* Unused. */ 35 BYTES = 0x90000; /* 9 << 16 */ 36 ULONG_REP = 0xA0000; /* 10 << 16 */ 37 }; 38 39 enum Tag { 40 TAG_INVALID = 0; // (TagType:INVALID | 0) 41 PURPOSE = 0x20001; // (TagType:ENUM_REP | 1) 42 ALGORITHM = 0x10002; // (TagType:ENUM | 2) 43 KEY_SIZE = 0x30003; // (TagType:UINT | 3) 44 BLOCK_MODE = 0x20004; // (TagType:ENUM_REP | 4) 45 DIGEST = 0x20005; // (TagType:ENUM_REP | 5) 46 PADDING = 0x20006; // (TagType:ENUM_REP | 6) 47 CALLER_NONCE = 0x70007; // (TagType:BOOL | 7) 48 MIN_MAC_LENGTH = 0x30008; // (TagType:UINT | 8) 49 /* RESERVED: KDF = 0x20009; // (TagType:ENUM_REP | 9) */ 50 EC_CURVE = 0x1000a; // (TagType:ENUM | 10) 51 RSA_PUBLIC_EXPONENT = 0x500c8; // (TagType:ULONG | 200) 52 /* RESERVED: ECIES_SINGLE_HASH_MODE = 0x700c9; // (TagType:BOOL | 201) */ 53 INCLUDE_UNIQUE_ID = 0x700ca; // (TagType:BOOL | 202) 54 BLOB_USAGE_REQUIREMENTS = 0x1012d; // (TagType:ENUM | 301) 55 BOOTLOADER_ONLY = 0x7012e; // (TagType:BOOL | 302) 56 ROLLBACK_RESISTANCE = 0x7012f; // (TagType:BOOL | 303) 57 HARDWARE_TYPE = 0x10130; // TagType:ENUM | 304, 58 ACTIVE_DATETIME = 0x60190; // (TagType:DATE | 400) 59 ORIGINATION_EXPIRE_DATETIME = 0x60191; // (TagType:DATE | 401) 60 USAGE_EXPIRE_DATETIME = 0x60192; // (TagType:DATE | 402) 61 MIN_SECONDS_BETWEEN_OPS = 0x30193; // (TagType:UINT | 403) 62 MAX_USES_PER_BOOT = 0x30194; // (TagType:UINT | 404) 63 /* RESERVED: ALL_USERS = 0x701f4; // (TagType:BOOL | 500) */ 64 /* RESERVED: USER_ID = 0x301f5; // (TagType:UINT | 501) */ 65 USER_SECURE_ID = 0xa01f6; // (TagType:ULONG_REP | 502) 66 NO_AUTH_REQUIRED = 0x701f7; // (TagType:BOOL | 503) 67 USER_AUTH_TYPE = 0x101f8; // (TagType:ENUM | 504) 68 AUTH_TIMEOUT = 0x301f9; // (TagType:UINT | 505) 69 ALLOW_WHILE_ON_BODY = 0x701fa; // (TagType:BOOL | 506) 70 TRUSTED_USER_PRESENCE_REQUIRED = 0x701fb; // (TagType:BOOL | 507) 71 /* RESERVED: ALL_APPLICATIONS = 0x70258; // (TagType:BOOL | 600) */ 72 APPLICATION_ID = 0x90259; // (TagType:BYTES | 601) 73 /* RESERVED: EXPORTABLE = 0x7025a; // (TagType:BOOL | 602) */ 74 APPLICATION_DATA = 0x902bc; // (TagType:BYTES | 700) 75 CREATION_DATETIME = 0x602bd; // (TagType:DATE | 701) 76 ORIGIN = 0x102be; // (TagType:ENUM | 702) 77 /* RESERVED: ROLLBACK_RESISTANT = 0x702bf; // (TagType:BOOL | 703) */ 78 ROOT_OF_TRUST = 0x902c0; // (TagType:BYTES | 704) 79 OS_VERSION = 0x302c1; // (TagType:UINT | 705) 80 OS_PATCHLEVEL = 0x302c2; // (TagType:UINT | 706) 81 UNIQUE_ID = 0x902c3; // (TagType:BYTES | 707) 82 ATTESTATION_CHALLENGE = 0x902c4; // (TagType:BYTES | 708) 83 ATTESTATION_APPLICATION_ID = 0x902c5; // (TagType:BYTES | 709) 84 ATTESTATION_ID_BRAND = 0x902c6; // (TagType:BYTES | 710) 85 ATTESTATION_ID_DEVICE = 0x902c7; // (TagType:BYTES | 711) 86 ATTESTATION_ID_PRODUCT = 0x902c8; // (TagType:BYTES | 712) 87 ATTESTATION_ID_SERIAL = 0x902c9; // (TagType:BYTES | 713) 88 ATTESTATION_ID_IMEI = 0x902ca; // (TagType:BYTES | 714) 89 ATTESTATION_ID_MEID = 0x902cb; // (TagType:BYTES | 715) 90 ATTESTATION_ID_MANUFACTURER = 0x902cc; // (TagType:BYTES | 716) 91 ATTESTATION_ID_MODEL = 0x902cd; // (TagType:BYTES | 717) 92 VENDOR_PATCHLEVEL = 0x302ce; // (TagType:UINT | 718) 93 BOOT_PATCHLEVEL = 0x302cf; // (TagType:UINT | 719) 94 ASSOCIATED_DATA = 0x903e8; // (TagType:BYTES | 1000) 95 NONCE = 0x903e9; // (TagType:BYTES | 1001) 96 /* RESERVED: AUTH_TOKEN = 0x903ea; // (TagType:BYTES | 1002) */ 97 MAC_LENGTH = 0x303eb; // (TagType:UINT | 1003) 98 RESET_SINCE_ID_ROTATION = 0x703ec; // (TagType:BOOL | 1004) 99 }; 100 101 enum Algorithm { 102 RSA = 0; 103 EC = 1; 104 AES = 2; 105 DES = 3; 106 HMAC = 4; 107 ALGORITHM_MAX = 5; 108 }; 109 110 enum BlockMode { 111 ECB = 0; 112 CBC = 1; 113 CTR = 2; 114 GCM = 3; 115 BLOCK_MODE_MAX = 4; 116 }; 117 118 enum PaddingMode { 119 PADDING_NONE = 0; 120 PADDING_RSA_OAEP = 1; 121 PADDING_RSA_PSS = 2; 122 PADDING_RSA_PKCS1_1_5_ENCRYPT = 3; 123 PADDING_RSA_PKCS1_1_5_SIGN = 4; 124 PADDING_PKCS7 = 5; 125 PADDING_MODE_MAX = 6; 126 }; 127 128 enum Digest { 129 DIGEST_NONE = 0; 130 DIGEST_MD5 = 1; 131 DIGEST_SHA1 = 2; 132 DIGEST_SHA_2_224 = 3; 133 DIGEST_SHA_2_256 = 4; 134 DIGEST_SHA_2_384 = 5; 135 DIGEST_SHA_2_512 = 6; 136 DIGEST_MAX = 7; 137 }; 138 139 enum EcCurve { 140 P_224 = 0; 141 P_256 = 1; 142 P_384 = 2; 143 P_521 = 3; 144 EC_CURVE_MAX = 4; 145 }; 146 147 enum KeyOrigin { 148 GENERATED = 0; 149 DERIVED = 1; 150 IMPORTED = 2; 151 UNKNOWN = 3; 152 SECURELY_IMPORTED = 4; 153 KEY_ORIGIN_MAX = 5; 154 }; 155 156 enum KeyBlobUsageRequirements { 157 STANDALONE = 0; 158 REQUIRES_FILE_SYSTEM = 1; 159 KEY_USAGE_MAX = 2; 160 }; 161 162 enum KeyPurpose { 163 ENCRYPT = 0; 164 DECRYPT = 1; 165 SIGN = 2; 166 VERIFY = 3; 167 /* RESERVED: DERIVE_KEY = 4; */ 168 WRAP_KEY = 5; 169 PURPOSE_MAX = 6; 170 }; 171 172 enum ErrorCode { 173 OK = 0; 174 ROOT_OF_TRUST_ALREADY_SET = 1; 175 UNSUPPORTED_PURPOSE = 2; 176 INCOMPATIBLE_PURPOSE = 3; 177 UNSUPPORTED_ALGORITHM = 4; 178 INCOMPATIBLE_ALGORITHM = 5; 179 UNSUPPORTED_KEY_SIZE = 6; 180 UNSUPPORTED_BLOCK_MODE = 7; 181 INCOMPATIBLE_BLOCK_MODE = 8; 182 UNSUPPORTED_MAC_LENGTH = 9; 183 UNSUPPORTED_PADDING_MODE = 10; 184 INCOMPATIBLE_PADDING_MODE = 11; 185 UNSUPPORTED_DIGEST = 12; 186 INCOMPATIBLE_DIGEST = 13; 187 INVALID_EXPIRATION_TIME = 14; 188 INVALID_USER_ID = 15; 189 INVALID_AUTHORIZATION_TIMEOUT = 16; 190 UNSUPPORTED_KEY_FORMAT = 17; 191 INCOMPATIBLE_KEY_FORMAT = 18; 192 UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; 193 UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 20; 194 INVALID_INPUT_LENGTH = 21; 195 KEY_EXPORT_OPTIONS_INVALID = 22; 196 DELEGATION_NOT_ALLOWED = 23; 197 KEY_NOT_YET_VALID = 24; 198 KEY_EXPIRED = 25; 199 KEY_USER_NOT_AUTHENTICATED = 26; 200 OUTPUT_PARAMETER_NULL = 27; 201 INVALID_OPERATION_HANDLE = 28; 202 INSUFFICIENT_BUFFER_SPACE = 29; 203 VERIFICATION_FAILED = 30; 204 TOO_MANY_OPERATIONS = 31; 205 UNEXPECTED_NULL_POINTER = 32; 206 INVALID_KEY_BLOB = 33; 207 IMPORTED_KEY_NOT_ENCRYPTED = 34; 208 IMPORTED_KEY_DECRYPTION_FAILED = 35; 209 IMPORTED_KEY_NOT_SIGNED = 36; 210 IMPORTED_KEY_VERIFICATION_FAILED = 37; 211 INVALID_ARGUMENT = 38; 212 UNSUPPORTED_TAG = 39; 213 INVALID_TAG = 40; 214 MEMORY_ALLOCATION_FAILED = 41; 215 IMPORT_PARAMETER_MISMATCH = 42; 216 SECURE_HW_ACCESS_DENIED = 43; 217 OPERATION_CANCELLED = 44; 218 CONCURRENT_ACCESS_CONFLICT = 45; 219 SECURE_HW_BUSY = 46; 220 SECURE_HW_COMMUNICATION_FAILED = 47; 221 UNSUPPORTED_EC_FIELD = 48; 222 MISSING_NONCE = 49; 223 INVALID_NONCE = 50; 224 MISSING_MAC_LENGTH = 51; 225 KEY_RATE_LIMIT_EXCEEDED = 52; 226 CALLER_NONCE_PROHIBITED = 53; 227 KEY_MAX_OPS_EXCEEDED = 54; 228 INVALID_MAC_LENGTH = 55; 229 MISSING_MIN_MAC_LENGTH = 56; 230 UNSUPPORTED_MIN_MAC_LENGTH = 57; 231 UNSUPPORTED_KDF = 58; 232 UNSUPPORTED_EC_CURVE = 59; 233 KEY_REQUIRES_UPGRADE = 60; 234 ATTESTATION_CHALLENGE_MISSING = 61; 235 KEYMASTER_NOT_CONFIGURED = 62; 236 ATTESTATION_APPLICATION_ID_MISSING = 63; 237 CANNOT_ATTEST_IDS = 64; 238 UNIMPLEMENTED = 65; 239 VERSION_MISMATCH = 66; 240 ROLLBACK_RESISTANCE_UNAVAILABLE = 67; 241 HARDWARE_TYPE_UNAVAILABLE = 68; 242 PROOF_OF_PRESENCE_REQUIRED = 69; 243 CONCURRENT_PROOF_OF_PRESENCE_REQUESTED = 70; 244 UNKNOWN_ERROR = 71; 245 INVALID_DEVICE_IDS = 72; // Vendor specific. 246 PRODUCTION_MODE_PROVISIONING = 73; // Vendor specific. 247 }; 248 249 enum HardwareAuthenticatorType { 250 AUTH_NONE = 0; 251 AUTH_PASSWORD = 1; // (1 << 0) 252 AUTH_FINGERPRINT = 2; // (1 << 1) 253 AUTH_ANY = 3; 254 AUTH_MAX = 4; 255 }; 256 257 enum SecurityLevel { 258 SOFTWARE = 0; 259 TRUSTED_ENVIRONMENT = 1; 260 STRONGBOX = 2; 261 }; 262 263 enum KeyFormat { 264 X509 = 0; /* for public key export */ 265 PKCS8 = 1; /* for asymmetric key pair import */ 266 RAW = 3; /* for symmetric key import and export*/ 267 } 268 269 enum DTupError { 270 DTUP_OK = 0; 271 DTUP_NO_EVENT = 1; 272 } 273 274 /* matches Linux event device codes */ 275 enum DTupKeyEvent { 276 DTUP_RESERVED = 0; 277 DTUP_VOL_DOWN = 114; 278 DTUP_VOL_UP = 115; 279 DTUP_PWR = 116; 280 } 281 282 enum BootColor { 283 BOOT_VERIFIED_GREEN = 0; 284 BOOT_SELFSIGNED_YELLOW = 1; 285 BOOT_UNVERIFIED_ORANGE = 2; 286 BOOT_VERIFY_FAILED_RED = 3; 287 }
