ECIES: adding ECIES-KEM
Change-Id: Iea5877eba0a9b13610d3d1b33d04b5657edc3550
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index 5be956d..bf09e23 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -52,18 +52,22 @@
*/
/* Crypto parameters */
- KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */
- KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */
- KM_TAG_KEY_SIZE = KM_UINT | 3, /* Key size in bits. */
- KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4, /* keymaster_block_mode_t. */
- KM_TAG_DIGEST = KM_ENUM_REP | 5, /* keymaster_digest_t. */
- KM_TAG_PADDING = KM_ENUM_REP | 6, /* keymaster_padding_t. */
- KM_TAG_CALLER_NONCE = KM_BOOL | 7, /* Allow caller to specify nonce or IV. */
- KM_TAG_MIN_MAC_LENGTH = KM_UINT | 8, /* Minimum length of MAC or AEAD authentication tag in
- * bits. */
+ KM_TAG_PURPOSE = KM_ENUM_REP | 1, /* keymaster_purpose_t. */
+ KM_TAG_ALGORITHM = KM_ENUM | 2, /* keymaster_algorithm_t. */
+ KM_TAG_KEY_SIZE = KM_UINT | 3, /* Key size in bits. */
+ KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4, /* keymaster_block_mode_t. */
+ KM_TAG_DIGEST = KM_ENUM_REP | 5, /* keymaster_digest_t. */
+ KM_TAG_PADDING = KM_ENUM_REP | 6, /* keymaster_padding_t. */
+ KM_TAG_CALLER_NONCE = KM_BOOL | 7, /* Allow caller to specify nonce or IV. */
+ KM_TAG_MIN_MAC_LENGTH = KM_UINT | 8, /* Minimum length of MAC or AEAD authentication tag in
+ * bits. */
+ KM_TAG_KDF = KM_ENUM | 9, /* keymaster_kdf_t */
+ KM_TAG_EC_CURVE = KM_ENUM | 10, /* keymaster_ec_curve_t */
/* Algorithm-specific. */
KM_TAG_RSA_PUBLIC_EXPONENT = KM_ULONG | 200,
+ KM_TAG_ECIES_SINGLE_HASH_MODE = KM_BOOL | 201, /* Whether the ephemeral public key is fed into
+ * the KDF, see 10.2 in http://goo.gl/WbmSSO */
/* Other hardware-enforced. */
KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 301, /* keymaster_key_blob_usage_requirements_t */
@@ -187,6 +191,32 @@
KM_DIGEST_SHA_2_512 = 6,
} keymaster_digest_t;
+/*
+ * Key derivation functions, mostly used in ECIES.
+ */
+typedef enum {
+ /* HKDF defined in RFC 5869 with SHA256 */
+ KM_KDF_RFC5869_SHA256 = 0,
+ /* KDF1 defined in ISO 18033-2 with SHA1 */
+ KM_KDF_ISO18033_1_KDF2_SHA1 = 1,
+ /* KDF1 defined in ISO 18033-2 with SHA256 */
+ KM_KDF_ISO18033_1_KDF1_SHA256 = 2,
+ /* KDF2 defined in ISO 18033-2 with SHA1 */
+ KM_KDF_ISO18033_2_KDF2_SHA1 = 3,
+ /* KDF2 defined in ISO 18033-2 with SHA256 */
+ KM_KDF_ISO18033_2_KDF2_SHA256 = 4,
+} keymaster_kdf_t;
+
+/**
+ * Supported EC curves, used in ECDSA/ECIES.
+ */
+typedef enum {
+ KM_EC_CURVE_P_224 = 0,
+ KM_EC_CURVE_P_256 = 1,
+ KM_EC_CURVE_P_384 = 2,
+ KM_EC_CURVE_P_521 = 3,
+} keymaster_ec_curve_t;
+
/**
* The origin of a key (or pair), i.e. where it was generated. Note that KM_TAG_ORIGIN can be found
* in either the hardware-enforced or software-enforced list for a key, indicating whether the key
@@ -340,12 +370,12 @@
KM_ERROR_INVALID_MAC_LENGTH = -57,
KM_ERROR_MISSING_MIN_MAC_LENGTH = -58,
KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59,
+ KM_ERROR_UNSUPPORTED_KDF = -60,
+ KM_ERROR_UNSUPPORTED_EC_CURVE = -61,
KM_ERROR_UNIMPLEMENTED = -100,
KM_ERROR_VERSION_MISMATCH = -101,
- /* Additional error codes may be added by implementations, but implementers should coordinate
- * with Google to avoid code collision. */
KM_ERROR_UNKNOWN_ERROR = -1000,
} keymaster_error_t;