Merge "ECIES: adding ECIES-KEM"
am: 3aa7935ef2

* commit '3aa7935ef24946c1aa6db6c04fea10f39453c450':
  ECIES: adding ECIES-KEM
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h
index 5be956d..bf09e23 100644
--- a/include/hardware/keymaster_defs.h
+++ b/include/hardware/keymaster_defs.h
@@ -52,18 +52,22 @@
      */
 
     /* Crypto parameters */
-    KM_TAG_PURPOSE = KM_ENUM_REP | 1,     /* keymaster_purpose_t. */
-    KM_TAG_ALGORITHM = KM_ENUM | 2,       /* keymaster_algorithm_t. */
-    KM_TAG_KEY_SIZE = KM_UINT | 3,        /* Key size in bits. */
-    KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4,  /* keymaster_block_mode_t. */
-    KM_TAG_DIGEST = KM_ENUM_REP | 5,      /* keymaster_digest_t. */
-    KM_TAG_PADDING = KM_ENUM_REP | 6,     /* keymaster_padding_t. */
-    KM_TAG_CALLER_NONCE = KM_BOOL | 7,    /* Allow caller to specify nonce or IV. */
-    KM_TAG_MIN_MAC_LENGTH = KM_UINT | 8,  /* Minimum length of MAC or AEAD authentication tag in
-                                           * bits. */
+    KM_TAG_PURPOSE = KM_ENUM_REP | 1,      /* keymaster_purpose_t. */
+    KM_TAG_ALGORITHM = KM_ENUM | 2,        /* keymaster_algorithm_t. */
+    KM_TAG_KEY_SIZE = KM_UINT | 3,         /* Key size in bits. */
+    KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4,   /* keymaster_block_mode_t. */
+    KM_TAG_DIGEST = KM_ENUM_REP | 5,       /* keymaster_digest_t. */
+    KM_TAG_PADDING = KM_ENUM_REP | 6,      /* keymaster_padding_t. */
+    KM_TAG_CALLER_NONCE = KM_BOOL | 7,     /* Allow caller to specify nonce or IV. */
+    KM_TAG_MIN_MAC_LENGTH = KM_UINT | 8,   /* Minimum length of MAC or AEAD authentication tag in
+                                            * bits. */
+    KM_TAG_KDF = KM_ENUM | 9,              /* keymaster_kdf_t */
+    KM_TAG_EC_CURVE = KM_ENUM | 10,        /* keymaster_ec_curve_t */
 
     /* Algorithm-specific. */
     KM_TAG_RSA_PUBLIC_EXPONENT = KM_ULONG | 200,
+    KM_TAG_ECIES_SINGLE_HASH_MODE = KM_BOOL | 201, /* Whether the ephemeral public key is fed into
+                                                    *  the KDF, see 10.2 in http://goo.gl/WbmSSO */
 
     /* Other hardware-enforced. */
     KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 301, /* keymaster_key_blob_usage_requirements_t */
@@ -187,6 +191,32 @@
     KM_DIGEST_SHA_2_512 = 6,
 } keymaster_digest_t;
 
+/*
+ * Key derivation functions, mostly used in ECIES.
+ */
+typedef enum {
+    /* HKDF defined in RFC 5869 with SHA256 */
+    KM_KDF_RFC5869_SHA256 = 0,
+    /* KDF1 defined in ISO 18033-2 with SHA1 */
+    KM_KDF_ISO18033_1_KDF2_SHA1 = 1,
+    /* KDF1 defined in ISO 18033-2 with SHA256 */
+    KM_KDF_ISO18033_1_KDF1_SHA256 = 2,
+    /* KDF2 defined in ISO 18033-2 with SHA1 */
+    KM_KDF_ISO18033_2_KDF2_SHA1 = 3,
+    /* KDF2 defined in ISO 18033-2 with SHA256 */
+    KM_KDF_ISO18033_2_KDF2_SHA256 = 4,
+} keymaster_kdf_t;
+
+/**
+ * Supported EC curves, used in ECDSA/ECIES.
+ */
+typedef enum {
+    KM_EC_CURVE_P_224 = 0,
+    KM_EC_CURVE_P_256 = 1,
+    KM_EC_CURVE_P_384 = 2,
+    KM_EC_CURVE_P_521 = 3,
+} keymaster_ec_curve_t;
+
 /**
  * The origin of a key (or pair), i.e. where it was generated.  Note that KM_TAG_ORIGIN can be found
  * in either the hardware-enforced or software-enforced list for a key, indicating whether the key
@@ -340,12 +370,12 @@
     KM_ERROR_INVALID_MAC_LENGTH = -57,
     KM_ERROR_MISSING_MIN_MAC_LENGTH = -58,
     KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59,
+    KM_ERROR_UNSUPPORTED_KDF = -60,
+    KM_ERROR_UNSUPPORTED_EC_CURVE = -61,
 
     KM_ERROR_UNIMPLEMENTED = -100,
     KM_ERROR_VERSION_MISMATCH = -101,
 
-    /* Additional error codes may be added by implementations, but implementers should coordinate
-     * with Google to avoid code collision. */
     KM_ERROR_UNKNOWN_ERROR = -1000,
 } keymaster_error_t;