1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.security.keymaster; 18 19 import android.hardware.security.keymint.Algorithm; 20 import android.hardware.security.keymint.BlockMode; 21 import android.hardware.security.keymint.Digest; 22 import android.hardware.security.keymint.ErrorCode; 23 import android.hardware.security.keymint.HardwareAuthenticatorType; 24 import android.hardware.security.keymint.KeyFormat; 25 import android.hardware.security.keymint.KeyOrigin; 26 import android.hardware.security.keymint.KeyPurpose; 27 import android.hardware.security.keymint.PaddingMode; 28 import android.hardware.security.keymint.SecurityLevel; 29 import android.hardware.security.keymint.Tag; 30 import android.hardware.security.keymint.TagType; 31 32 import java.util.HashMap; 33 import java.util.Map; 34 35 /** 36 * Class tracking all the keymaster enum values needed for the binder API to keystore. 37 * This must be kept in sync with hardware/libhardware/include/hardware/keymaster_defs.h 38 * See keymaster_defs.h for detailed descriptions of each constant. 39 * @hide 40 */ 41 public final class KeymasterDefs { 42 KeymasterDefs()43 private KeymasterDefs() {} 44 45 // Tag types. 46 public static final int KM_INVALID = TagType.INVALID; 47 public static final int KM_ENUM = TagType.ENUM; 48 public static final int KM_ENUM_REP = TagType.ENUM_REP; 49 public static final int KM_UINT = TagType.UINT; 50 public static final int KM_UINT_REP = TagType.UINT_REP; 51 public static final int KM_ULONG = TagType.ULONG; 52 public static final int KM_DATE = TagType.DATE; 53 public static final int KM_BOOL = TagType.BOOL; 54 public static final int KM_BIGNUM = TagType.BIGNUM; 55 public static final int KM_BYTES = TagType.BYTES; 56 public static final int KM_ULONG_REP = TagType.ULONG_REP; 57 58 // Tag values. 59 public static final int KM_TAG_INVALID = Tag.INVALID; // KM_INVALID | 0; 60 public static final int KM_TAG_PURPOSE = Tag.PURPOSE; // KM_ENUM_REP | 1; 61 public static final int KM_TAG_ALGORITHM = Tag.ALGORITHM; // KM_ENUM | 2; 62 public static final int KM_TAG_KEY_SIZE = Tag.KEY_SIZE; // KM_UINT | 3; 63 public static final int KM_TAG_BLOCK_MODE = Tag.BLOCK_MODE; // KM_ENUM_REP | 4; 64 public static final int KM_TAG_DIGEST = Tag.DIGEST; // KM_ENUM_REP | 5; 65 public static final int KM_TAG_PADDING = Tag.PADDING; // KM_ENUM_REP | 6; 66 public static final int KM_TAG_CALLER_NONCE = Tag.CALLER_NONCE; // KM_BOOL | 7; 67 public static final int KM_TAG_MIN_MAC_LENGTH = Tag.MIN_MAC_LENGTH; // KM_UINT | 8; 68 69 public static final int KM_TAG_RSA_PUBLIC_EXPONENT = Tag.RSA_PUBLIC_EXPONENT; // KM_ULONG | 200; 70 public static final int KM_TAG_INCLUDE_UNIQUE_ID = Tag.INCLUDE_UNIQUE_ID; // KM_BOOL | 202; 71 72 public static final int KM_TAG_ACTIVE_DATETIME = Tag.ACTIVE_DATETIME; // KM_DATE | 400; 73 public static final int KM_TAG_ORIGINATION_EXPIRE_DATETIME = 74 Tag.ORIGINATION_EXPIRE_DATETIME; // KM_DATE | 401; 75 public static final int KM_TAG_USAGE_EXPIRE_DATETIME = 76 Tag.USAGE_EXPIRE_DATETIME; // KM_DATE | 402; 77 public static final int KM_TAG_MIN_SECONDS_BETWEEN_OPS = 78 Tag.MIN_SECONDS_BETWEEN_OPS; // KM_UINT | 403; 79 public static final int KM_TAG_MAX_USES_PER_BOOT = Tag.MAX_USES_PER_BOOT; // KM_UINT | 404; 80 public static final int KM_TAG_USAGE_COUNT_LIMIT = Tag.USAGE_COUNT_LIMIT; // KM_UINT | 405; 81 82 public static final int KM_TAG_USER_ID = Tag.USER_ID; // KM_UINT | 501; 83 public static final int KM_TAG_USER_SECURE_ID = Tag.USER_SECURE_ID; // KM_ULONG_REP | 502; 84 public static final int KM_TAG_NO_AUTH_REQUIRED = Tag.NO_AUTH_REQUIRED; // KM_BOOL | 503; 85 public static final int KM_TAG_USER_AUTH_TYPE = Tag.USER_AUTH_TYPE; // KM_ENUM | 504; 86 public static final int KM_TAG_AUTH_TIMEOUT = Tag.AUTH_TIMEOUT; // KM_UINT | 505; 87 public static final int KM_TAG_ALLOW_WHILE_ON_BODY = Tag.ALLOW_WHILE_ON_BODY; // KM_BOOL | 506; 88 public static final int KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED = 89 Tag.TRUSTED_USER_PRESENCE_REQUIRED; // KM_BOOL | 507; 90 public static final int KM_TAG_TRUSTED_CONFIRMATION_REQUIRED = 91 Tag.TRUSTED_CONFIRMATION_REQUIRED; // KM_BOOL | 508; 92 public static final int KM_TAG_UNLOCKED_DEVICE_REQUIRED = 93 Tag.UNLOCKED_DEVICE_REQUIRED; // KM_BOOL | 509; 94 95 public static final int KM_TAG_APPLICATION_ID = Tag.APPLICATION_ID; // KM_BYTES | 601; 96 97 public static final int KM_TAG_CREATION_DATETIME = Tag.CREATION_DATETIME; // KM_DATE | 701; 98 public static final int KM_TAG_ORIGIN = Tag.ORIGIN; // KM_ENUM | 702; 99 public static final int KM_TAG_ROLLBACK_RESISTANT = Tag.ROLLBACK_RESISTANCE; // KM_BOOL | 703; 100 public static final int KM_TAG_ROOT_OF_TRUST = Tag.ROOT_OF_TRUST; // KM_BYTES | 704; 101 public static final int KM_TAG_UNIQUE_ID = Tag.UNIQUE_ID; // KM_BYTES | 707; 102 public static final int KM_TAG_ATTESTATION_CHALLENGE = 103 Tag.ATTESTATION_CHALLENGE; // KM_BYTES | 708; 104 public static final int KM_TAG_ATTESTATION_ID_BRAND = 105 Tag.ATTESTATION_ID_BRAND; // KM_BYTES | 710; 106 public static final int KM_TAG_ATTESTATION_ID_DEVICE = 107 Tag.ATTESTATION_ID_DEVICE; // KM_BYTES | 711; 108 public static final int KM_TAG_ATTESTATION_ID_PRODUCT = 109 Tag.ATTESTATION_ID_PRODUCT; // KM_BYTES | 712; 110 public static final int KM_TAG_ATTESTATION_ID_SERIAL = 111 Tag.ATTESTATION_ID_SERIAL; // KM_BYTES | 713; 112 public static final int KM_TAG_ATTESTATION_ID_IMEI = 113 Tag.ATTESTATION_ID_IMEI; // KM_BYTES | 714; 114 public static final int KM_TAG_ATTESTATION_ID_MEID = 115 Tag.ATTESTATION_ID_MEID; // KM_BYTES | 715; 116 public static final int KM_TAG_ATTESTATION_ID_MANUFACTURER = 117 Tag.ATTESTATION_ID_MANUFACTURER; // KM_BYTES | 716; 118 public static final int KM_TAG_ATTESTATION_ID_MODEL = 119 Tag.ATTESTATION_ID_MODEL; // KM_BYTES | 717; 120 public static final int KM_TAG_VENDOR_PATCHLEVEL = 121 Tag.VENDOR_PATCHLEVEL; // KM_UINT | 718; 122 public static final int KM_TAG_BOOT_PATCHLEVEL = 123 Tag.BOOT_PATCHLEVEL; // KM_UINT | 719; 124 public static final int KM_TAG_DEVICE_UNIQUE_ATTESTATION = 125 Tag.DEVICE_UNIQUE_ATTESTATION; // KM_BOOL | 720; 126 127 public static final int KM_TAG_NONCE = Tag.NONCE; // KM_BYTES | 1001; 128 public static final int KM_TAG_MAC_LENGTH = Tag.MAC_LENGTH; // KM_UINT | 1003; 129 public static final int KM_TAG_RESET_SINCE_ID_ROTATION = 130 Tag.RESET_SINCE_ID_ROTATION; // KM_BOOL | 1004 131 public static final int KM_TAG_CONFIRMATION_TOKEN = Tag.CONFIRMATION_TOKEN; // KM_BYTES | 1005; 132 public static final int KM_TAG_CERTIFICATE_SERIAL = Tag.CERTIFICATE_SERIAL; // KM_UINT | 1006; 133 public static final int KM_TAG_CERTIFICATE_SUBJECT = Tag.CERTIFICATE_SUBJECT; // KM_UINT | 1007; 134 public static final int KM_TAG_CERTIFICATE_NOT_BEFORE = 135 Tag.CERTIFICATE_NOT_BEFORE; // KM_DATE | 1008; 136 public static final int KM_TAG_CERTIFICATE_NOT_AFTER = 137 Tag.CERTIFICATE_NOT_AFTER; // KM_DATE | 1009; 138 139 // Algorithm values. 140 public static final int KM_ALGORITHM_RSA = Algorithm.RSA; 141 public static final int KM_ALGORITHM_EC = Algorithm.EC; 142 public static final int KM_ALGORITHM_AES = Algorithm.AES; 143 public static final int KM_ALGORITHM_3DES = Algorithm.TRIPLE_DES; 144 public static final int KM_ALGORITHM_HMAC = Algorithm.HMAC; 145 146 // Block modes. 147 public static final int KM_MODE_ECB = BlockMode.ECB; 148 public static final int KM_MODE_CBC = BlockMode.CBC; 149 public static final int KM_MODE_CTR = BlockMode.CTR; 150 public static final int KM_MODE_GCM = BlockMode.GCM; 151 152 // Padding modes. 153 public static final int KM_PAD_NONE = PaddingMode.NONE; 154 public static final int KM_PAD_RSA_OAEP = PaddingMode.RSA_OAEP; 155 public static final int KM_PAD_RSA_PSS = PaddingMode.RSA_PSS; 156 public static final int KM_PAD_RSA_PKCS1_1_5_ENCRYPT = PaddingMode.RSA_PKCS1_1_5_ENCRYPT; 157 public static final int KM_PAD_RSA_PKCS1_1_5_SIGN = PaddingMode.RSA_PKCS1_1_5_SIGN; 158 public static final int KM_PAD_PKCS7 = PaddingMode.PKCS7; 159 160 // Digest modes. 161 public static final int KM_DIGEST_NONE = Digest.NONE; 162 public static final int KM_DIGEST_MD5 = Digest.MD5; 163 public static final int KM_DIGEST_SHA1 = Digest.SHA1; 164 public static final int KM_DIGEST_SHA_2_224 = Digest.SHA_2_224; 165 public static final int KM_DIGEST_SHA_2_256 = Digest.SHA_2_256; 166 public static final int KM_DIGEST_SHA_2_384 = Digest.SHA_2_384; 167 public static final int KM_DIGEST_SHA_2_512 = Digest.SHA_2_512; 168 169 // Key origins. 170 public static final int KM_ORIGIN_GENERATED = KeyOrigin.GENERATED; 171 public static final int KM_ORIGIN_DERIVED = KeyOrigin.DERIVED; 172 public static final int KM_ORIGIN_IMPORTED = KeyOrigin.IMPORTED; 173 public static final int KM_ORIGIN_UNKNOWN = KeyOrigin.RESERVED; 174 public static final int KM_ORIGIN_SECURELY_IMPORTED = KeyOrigin.SECURELY_IMPORTED; 175 176 // Key usability requirements. 177 public static final int KM_BLOB_STANDALONE = 0; 178 public static final int KM_BLOB_REQUIRES_FILE_SYSTEM = 1; 179 180 // Operation Purposes. 181 public static final int KM_PURPOSE_ENCRYPT = KeyPurpose.ENCRYPT; 182 public static final int KM_PURPOSE_DECRYPT = KeyPurpose.DECRYPT; 183 public static final int KM_PURPOSE_SIGN = KeyPurpose.SIGN; 184 public static final int KM_PURPOSE_VERIFY = KeyPurpose.VERIFY; 185 public static final int KM_PURPOSE_WRAP = KeyPurpose.WRAP_KEY; 186 public static final int KM_PURPOSE_AGREE_KEY = KeyPurpose.AGREE_KEY; 187 public static final int KM_PURPOSE_ATTEST_KEY = KeyPurpose.ATTEST_KEY; 188 189 // Key formats. 190 public static final int KM_KEY_FORMAT_X509 = KeyFormat.X509; 191 public static final int KM_KEY_FORMAT_PKCS8 = KeyFormat.PKCS8; 192 public static final int KM_KEY_FORMAT_RAW = KeyFormat.RAW; 193 194 // User authenticators. 195 public static final int HW_AUTH_PASSWORD = HardwareAuthenticatorType.PASSWORD; 196 public static final int HW_AUTH_BIOMETRIC = HardwareAuthenticatorType.FINGERPRINT; 197 198 // Security Levels. 199 public static final int KM_SECURITY_LEVEL_SOFTWARE = SecurityLevel.SOFTWARE; 200 public static final int KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT = 201 SecurityLevel.TRUSTED_ENVIRONMENT; 202 public static final int KM_SECURITY_LEVEL_STRONGBOX = SecurityLevel.STRONGBOX; 203 204 // Error codes. 205 public static final int KM_ERROR_OK = ErrorCode.OK; 206 public static final int KM_ERROR_ROOT_OF_TRUST_ALREADY_SET = 207 ErrorCode.ROOT_OF_TRUST_ALREADY_SET; // -1; 208 public static final int KM_ERROR_UNSUPPORTED_PURPOSE = 209 ErrorCode.UNSUPPORTED_PURPOSE; // -2; 210 public static final int KM_ERROR_INCOMPATIBLE_PURPOSE = 211 ErrorCode.INCOMPATIBLE_PURPOSE; // -3; 212 public static final int KM_ERROR_UNSUPPORTED_ALGORITHM = 213 ErrorCode.UNSUPPORTED_ALGORITHM; // -4; 214 public static final int KM_ERROR_INCOMPATIBLE_ALGORITHM = 215 ErrorCode.INCOMPATIBLE_ALGORITHM; // -5; 216 public static final int KM_ERROR_UNSUPPORTED_KEY_SIZE = 217 ErrorCode.UNSUPPORTED_KEY_SIZE; // -6; 218 public static final int KM_ERROR_UNSUPPORTED_BLOCK_MODE = 219 ErrorCode.UNSUPPORTED_BLOCK_MODE; // -7; 220 public static final int KM_ERROR_INCOMPATIBLE_BLOCK_MODE = 221 ErrorCode.INCOMPATIBLE_BLOCK_MODE; // -8; 222 public static final int KM_ERROR_UNSUPPORTED_MAC_LENGTH = 223 ErrorCode.UNSUPPORTED_MAC_LENGTH; // -9; 224 public static final int KM_ERROR_UNSUPPORTED_PADDING_MODE = 225 ErrorCode.UNSUPPORTED_PADDING_MODE; // -10; 226 public static final int KM_ERROR_INCOMPATIBLE_PADDING_MODE = 227 ErrorCode.INCOMPATIBLE_PADDING_MODE; // -11; 228 public static final int KM_ERROR_UNSUPPORTED_DIGEST = 229 ErrorCode.UNSUPPORTED_DIGEST; // -12; 230 public static final int KM_ERROR_INCOMPATIBLE_DIGEST = 231 ErrorCode.INCOMPATIBLE_DIGEST; // -13; 232 public static final int KM_ERROR_INVALID_EXPIRATION_TIME = 233 ErrorCode.INVALID_EXPIRATION_TIME; // -14; 234 public static final int KM_ERROR_INVALID_USER_ID = 235 ErrorCode.INVALID_USER_ID; // -15; 236 public static final int KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT = 237 ErrorCode.INVALID_AUTHORIZATION_TIMEOUT; // -16; 238 public static final int KM_ERROR_UNSUPPORTED_KEY_FORMAT = 239 ErrorCode.UNSUPPORTED_KEY_FORMAT; // -17; 240 public static final int KM_ERROR_INCOMPATIBLE_KEY_FORMAT = 241 ErrorCode.INCOMPATIBLE_KEY_FORMAT; // -18; 242 public static final int KM_ERROR_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 243 ErrorCode.UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM; // -19; 244 public static final int KM_ERROR_UNSUPPORTED_KEY_VERIFICATION_ALGORITHM = 245 ErrorCode.UNSUPPORTED_KEY_VERIFICATION_ALGORITHM; // -20; 246 public static final int KM_ERROR_INVALID_INPUT_LENGTH = 247 ErrorCode.INVALID_INPUT_LENGTH; // -21; 248 public static final int KM_ERROR_KEY_EXPORT_OPTIONS_INVALID = 249 ErrorCode.KEY_EXPORT_OPTIONS_INVALID; // -22; 250 public static final int KM_ERROR_DELEGATION_NOT_ALLOWED = 251 ErrorCode.DELEGATION_NOT_ALLOWED; // -23; 252 public static final int KM_ERROR_KEY_NOT_YET_VALID = 253 ErrorCode.KEY_NOT_YET_VALID; // -24; 254 public static final int KM_ERROR_KEY_EXPIRED = 255 ErrorCode.KEY_EXPIRED; // -25; 256 public static final int KM_ERROR_KEY_USER_NOT_AUTHENTICATED = 257 ErrorCode.KEY_USER_NOT_AUTHENTICATED; // -26; 258 public static final int KM_ERROR_OUTPUT_PARAMETER_NULL = 259 ErrorCode.OUTPUT_PARAMETER_NULL; // -27; 260 public static final int KM_ERROR_INVALID_OPERATION_HANDLE = 261 ErrorCode.INVALID_OPERATION_HANDLE; // -28; 262 public static final int KM_ERROR_INSUFFICIENT_BUFFER_SPACE = 263 ErrorCode.INSUFFICIENT_BUFFER_SPACE; // -29; 264 public static final int KM_ERROR_VERIFICATION_FAILED = 265 ErrorCode.VERIFICATION_FAILED; // -30; 266 public static final int KM_ERROR_TOO_MANY_OPERATIONS = 267 ErrorCode.TOO_MANY_OPERATIONS; // -31; 268 public static final int KM_ERROR_UNEXPECTED_NULL_POINTER = 269 ErrorCode.UNEXPECTED_NULL_POINTER; // -32; 270 public static final int KM_ERROR_INVALID_KEY_BLOB = 271 ErrorCode.INVALID_KEY_BLOB; // -33; 272 public static final int KM_ERROR_IMPORTED_KEY_NOT_ENCRYPTED = 273 ErrorCode.IMPORTED_KEY_NOT_ENCRYPTED; // -34; 274 public static final int KM_ERROR_IMPORTED_KEY_DECRYPTION_FAILED = 275 ErrorCode.IMPORTED_KEY_DECRYPTION_FAILED; // -35; 276 public static final int KM_ERROR_IMPORTED_KEY_NOT_SIGNED = 277 ErrorCode.IMPORTED_KEY_NOT_SIGNED; // -36; 278 public static final int KM_ERROR_IMPORTED_KEY_VERIFICATION_FAILED = 279 ErrorCode.IMPORTED_KEY_VERIFICATION_FAILED; // -37; 280 public static final int KM_ERROR_INVALID_ARGUMENT = 281 ErrorCode.INVALID_ARGUMENT; // -38; 282 public static final int KM_ERROR_UNSUPPORTED_TAG = 283 ErrorCode.UNSUPPORTED_TAG; // -39; 284 public static final int KM_ERROR_INVALID_TAG = 285 ErrorCode.INVALID_TAG; // -40; 286 public static final int KM_ERROR_MEMORY_ALLOCATION_FAILED = 287 ErrorCode.MEMORY_ALLOCATION_FAILED; // -41; 288 public static final int KM_ERROR_IMPORT_PARAMETER_MISMATCH = 289 ErrorCode.IMPORT_PARAMETER_MISMATCH; // -44; 290 public static final int KM_ERROR_SECURE_HW_ACCESS_DENIED = 291 ErrorCode.SECURE_HW_ACCESS_DENIED; // -45; 292 public static final int KM_ERROR_OPERATION_CANCELLED = 293 ErrorCode.OPERATION_CANCELLED; // -46; 294 public static final int KM_ERROR_CONCURRENT_ACCESS_CONFLICT = 295 ErrorCode.CONCURRENT_ACCESS_CONFLICT; // -47; 296 public static final int KM_ERROR_SECURE_HW_BUSY = 297 ErrorCode.SECURE_HW_BUSY; // -48; 298 public static final int KM_ERROR_SECURE_HW_COMMUNICATION_FAILED = 299 ErrorCode.SECURE_HW_COMMUNICATION_FAILED; // -49; 300 public static final int KM_ERROR_UNSUPPORTED_EC_FIELD = 301 ErrorCode.UNSUPPORTED_EC_FIELD; // -50; 302 public static final int KM_ERROR_MISSING_NONCE = 303 ErrorCode.MISSING_NONCE; // -51; 304 public static final int KM_ERROR_INVALID_NONCE = 305 ErrorCode.INVALID_NONCE; // -52; 306 public static final int KM_ERROR_MISSING_MAC_LENGTH = 307 ErrorCode.MISSING_MAC_LENGTH; // -53; 308 public static final int KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = 309 ErrorCode.KEY_RATE_LIMIT_EXCEEDED; // -54; 310 public static final int KM_ERROR_CALLER_NONCE_PROHIBITED = 311 ErrorCode.CALLER_NONCE_PROHIBITED; // -55; 312 public static final int KM_ERROR_KEY_MAX_OPS_EXCEEDED = 313 ErrorCode.KEY_MAX_OPS_EXCEEDED; // -56; 314 public static final int KM_ERROR_INVALID_MAC_LENGTH = 315 ErrorCode.INVALID_MAC_LENGTH; // -57; 316 public static final int KM_ERROR_MISSING_MIN_MAC_LENGTH = 317 ErrorCode.MISSING_MIN_MAC_LENGTH; // -58; 318 public static final int KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = 319 ErrorCode.UNSUPPORTED_MIN_MAC_LENGTH; // -59; 320 public static final int KM_ERROR_CANNOT_ATTEST_IDS = 321 ErrorCode.CANNOT_ATTEST_IDS; // -66; 322 public static final int KM_ERROR_HARDWARE_TYPE_UNAVAILABLE = 323 ErrorCode.HARDWARE_TYPE_UNAVAILABLE; // -68; 324 public static final int KM_ERROR_DEVICE_LOCKED = 325 ErrorCode.DEVICE_LOCKED; // -72; 326 public static final int KM_ERROR_MISSING_NOT_BEFORE = 327 ErrorCode.MISSING_NOT_BEFORE; // -80; 328 public static final int KM_ERROR_MISSING_NOT_AFTER = 329 ErrorCode.MISSING_NOT_AFTER; // -80; 330 public static final int KM_ERROR_UNIMPLEMENTED = 331 ErrorCode.UNIMPLEMENTED; // -100; 332 public static final int KM_ERROR_VERSION_MISMATCH = 333 ErrorCode.VERSION_MISMATCH; // -101; 334 public static final int KM_ERROR_UNKNOWN_ERROR = 335 ErrorCode.UNKNOWN_ERROR; // -1000; 336 337 public static final Map<Integer, String> sErrorCodeToString = new HashMap<Integer, String>(); 338 static { sErrorCodeToString.put(KM_ERROR_OK, "OK")339 sErrorCodeToString.put(KM_ERROR_OK, "OK"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PURPOSE, "Unsupported purpose")340 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PURPOSE, "Unsupported purpose"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PURPOSE, "Incompatible purpose")341 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PURPOSE, "Incompatible purpose"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_ALGORITHM, "Unsupported algorithm")342 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_ALGORITHM, "Unsupported algorithm"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_ALGORITHM, "Incompatible algorithm")343 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_ALGORITHM, "Incompatible algorithm"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_SIZE, "Unsupported key size")344 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_SIZE, "Unsupported key size"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_BLOCK_MODE, "Unsupported block mode")345 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_BLOCK_MODE, "Unsupported block mode"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, "Incompatible block mode")346 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, "Incompatible block mode"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_MAC_LENGTH, "Unsupported MAC or authentication tag length")347 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_MAC_LENGTH, 348 "Unsupported MAC or authentication tag length"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PADDING_MODE, "Unsupported padding mode")349 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_PADDING_MODE, "Unsupported padding mode"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PADDING_MODE, "Incompatible padding mode")350 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_PADDING_MODE, "Incompatible padding mode"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_DIGEST, "Unsupported digest")351 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_DIGEST, "Unsupported digest"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_DIGEST, "Incompatible digest")352 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_DIGEST, "Incompatible digest"); sErrorCodeToString.put(KM_ERROR_INVALID_EXPIRATION_TIME, "Invalid expiration time")353 sErrorCodeToString.put(KM_ERROR_INVALID_EXPIRATION_TIME, "Invalid expiration time"); sErrorCodeToString.put(KM_ERROR_INVALID_USER_ID, "Invalid user ID")354 sErrorCodeToString.put(KM_ERROR_INVALID_USER_ID, "Invalid user ID"); sErrorCodeToString.put(KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT, "Invalid user authorization timeout")355 sErrorCodeToString.put(KM_ERROR_INVALID_AUTHORIZATION_TIMEOUT, 356 "Invalid user authorization timeout"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_FORMAT, "Unsupported key format")357 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_KEY_FORMAT, "Unsupported key format"); sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_KEY_FORMAT, "Incompatible key format")358 sErrorCodeToString.put(KM_ERROR_INCOMPATIBLE_KEY_FORMAT, "Incompatible key format"); sErrorCodeToString.put(KM_ERROR_INVALID_INPUT_LENGTH, "Invalid input length")359 sErrorCodeToString.put(KM_ERROR_INVALID_INPUT_LENGTH, "Invalid input length"); sErrorCodeToString.put(KM_ERROR_KEY_NOT_YET_VALID, "Key not yet valid")360 sErrorCodeToString.put(KM_ERROR_KEY_NOT_YET_VALID, "Key not yet valid"); sErrorCodeToString.put(KM_ERROR_KEY_EXPIRED, "Key expired")361 sErrorCodeToString.put(KM_ERROR_KEY_EXPIRED, "Key expired"); sErrorCodeToString.put(KM_ERROR_KEY_USER_NOT_AUTHENTICATED, "Key user not authenticated")362 sErrorCodeToString.put(KM_ERROR_KEY_USER_NOT_AUTHENTICATED, "Key user not authenticated"); sErrorCodeToString.put(KM_ERROR_INVALID_OPERATION_HANDLE, "Invalid operation handle")363 sErrorCodeToString.put(KM_ERROR_INVALID_OPERATION_HANDLE, "Invalid operation handle"); sErrorCodeToString.put(KM_ERROR_VERIFICATION_FAILED, "Signature/MAC verification failed")364 sErrorCodeToString.put(KM_ERROR_VERIFICATION_FAILED, "Signature/MAC verification failed"); sErrorCodeToString.put(KM_ERROR_TOO_MANY_OPERATIONS, "Too many operations")365 sErrorCodeToString.put(KM_ERROR_TOO_MANY_OPERATIONS, "Too many operations"); sErrorCodeToString.put(KM_ERROR_INVALID_KEY_BLOB, "Invalid key blob")366 sErrorCodeToString.put(KM_ERROR_INVALID_KEY_BLOB, "Invalid key blob"); sErrorCodeToString.put(KM_ERROR_INVALID_ARGUMENT, "Invalid argument")367 sErrorCodeToString.put(KM_ERROR_INVALID_ARGUMENT, "Invalid argument"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_TAG, "Unsupported tag")368 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_TAG, "Unsupported tag"); sErrorCodeToString.put(KM_ERROR_INVALID_TAG, "Invalid tag")369 sErrorCodeToString.put(KM_ERROR_INVALID_TAG, "Invalid tag"); sErrorCodeToString.put(KM_ERROR_MEMORY_ALLOCATION_FAILED, "Memory allocation failed")370 sErrorCodeToString.put(KM_ERROR_MEMORY_ALLOCATION_FAILED, "Memory allocation failed"); sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_EC_FIELD, "Unsupported EC field")371 sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_EC_FIELD, "Unsupported EC field"); sErrorCodeToString.put(KM_ERROR_MISSING_NONCE, "Required IV missing")372 sErrorCodeToString.put(KM_ERROR_MISSING_NONCE, "Required IV missing"); sErrorCodeToString.put(KM_ERROR_INVALID_NONCE, "Invalid IV")373 sErrorCodeToString.put(KM_ERROR_INVALID_NONCE, "Invalid IV"); sErrorCodeToString.put(KM_ERROR_CALLER_NONCE_PROHIBITED, "Caller-provided IV not permitted")374 sErrorCodeToString.put(KM_ERROR_CALLER_NONCE_PROHIBITED, 375 "Caller-provided IV not permitted"); sErrorCodeToString.put(KM_ERROR_INVALID_MAC_LENGTH, "Invalid MAC or authentication tag length")376 sErrorCodeToString.put(KM_ERROR_INVALID_MAC_LENGTH, 377 "Invalid MAC or authentication tag length"); sErrorCodeToString.put(KM_ERROR_CANNOT_ATTEST_IDS, "Unable to attest device ids")378 sErrorCodeToString.put(KM_ERROR_CANNOT_ATTEST_IDS, "Unable to attest device ids"); sErrorCodeToString.put(KM_ERROR_HARDWARE_TYPE_UNAVAILABLE, "Requested security level " + "(likely Strongbox) is not available.")379 sErrorCodeToString.put(KM_ERROR_HARDWARE_TYPE_UNAVAILABLE, "Requested security level " 380 + "(likely Strongbox) is not available."); sErrorCodeToString.put(KM_ERROR_DEVICE_LOCKED, "Device locked")381 sErrorCodeToString.put(KM_ERROR_DEVICE_LOCKED, "Device locked"); sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented")382 sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented"); sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error")383 sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error"); 384 } 385 getTagType(int tag)386 public static int getTagType(int tag) { 387 return tag & (0xF << 28); 388 } 389 getErrorMessage(int errorCode)390 public static String getErrorMessage(int errorCode) { 391 String result = sErrorCodeToString.get(errorCode); 392 if (result != null) { 393 return result; 394 } 395 return String.valueOf(errorCode); 396 } 397 } 398