• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2009 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef __KEYSTORE_H__
18 #define __KEYSTORE_H__
19 
20 #include <stdint.h>
21 
22 // note state values overlap with ResponseCode for the purposes of the state() API
23 enum State {
24     STATE_NO_ERROR      = 1,
25     STATE_LOCKED        = 2,
26     STATE_UNINITIALIZED = 3,
27 };
28 
29 // must be in sync with KeyStore.java,
30 enum class ResponseCode: int32_t {
31     NO_ERROR          =  STATE_NO_ERROR, // 1
32     LOCKED            =  STATE_LOCKED, // 2
33     UNINITIALIZED     =  STATE_UNINITIALIZED, // 3
34     SYSTEM_ERROR      =  4,
35     PROTOCOL_ERROR    =  5,
36     PERMISSION_DENIED =  6,
37     KEY_NOT_FOUND     =  7,
38     VALUE_CORRUPTED   =  8,
39     UNDEFINED_ACTION  =  9,
40     WRONG_PASSWORD_0  = 10,
41     WRONG_PASSWORD_1  = 11,
42     WRONG_PASSWORD_2  = 12,
43     WRONG_PASSWORD_3  = 13, // MAX_RETRY = 4
44     SIGNATURE_INVALID = 14,
45     OP_AUTH_NEEDED    = 15, // Auth is needed for this operation before it can be used.
46 };
47 
48 /*
49  * All the flags for import and insert calls.
50  */
51 enum KeyStoreFlag : uint8_t {
52     KEYSTORE_FLAG_NONE = 0,
53     KEYSTORE_FLAG_ENCRYPTED = 1 << 0,
54     KEYSTORE_FLAG_FALLBACK = 1 << 1,
55     // KEYSTORE_FLAG_SUPER_ENCRYPTED is for blobs that are already encrypted by keymaster but have
56     // an additional layer of password-based encryption applied.  The same encryption scheme is used
57     // as KEYSTORE_FLAG_ENCRYPTED, but it's safe to remove super-encryption when the password is
58     // cleared, rather than deleting blobs, and the error returned when attempting to use a
59     // super-encrypted blob while keystore is locked is different.
60     KEYSTORE_FLAG_SUPER_ENCRYPTED = 1 << 2,
61     // KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION is for blobs that are part of device encryption
62     // flow so it receives special treatment from keystore. For example this blob will not be super
63     // encrypted, and it will be stored separately under an unique UID instead. This flag should
64     // only be available to system uid.
65     KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION = 1 << 3,
66     KEYSTORE_FLAG_STRONGBOX = 1 << 4,
67 };
68 
69 #endif
70