Merge "Update KeymasterDefs"

6 files changed, 49 insertions, 75 deletions

diff --git a/core/java/android/security/keymaster/KeymasterArgument.java b/core/java/android/security/keymaster/KeymasterArgument.java
index 9adde35045cb..2e9a68596cac 100644
--- a/core/java/android/security/keymaster/KeymasterArgument.java
+++ b/core/java/android/security/keymaster/KeymasterArgument.java
@@ -38,11 +38,11 @@ abstract class KeymasterArgument implements Parcelable {
                     switch (KeymasterDefs.getTagType(tag)) {
                         case KeymasterDefs.KM_ENUM:
                         case KeymasterDefs.KM_ENUM_REP:
-                        case KeymasterDefs.KM_INT:
-                        case KeymasterDefs.KM_INT_REP:
+                        case KeymasterDefs.KM_UINT:
+                        case KeymasterDefs.KM_UINT_REP:
                             return new KeymasterIntArgument(tag, in);
-                        case KeymasterDefs.KM_LONG:
-                        case KeymasterDefs.KM_LONG_REP:
+                        case KeymasterDefs.KM_ULONG:
+                        case KeymasterDefs.KM_ULONG_REP:
                             return new KeymasterLongArgument(tag, in);
                         case KeymasterDefs.KM_DATE:
                             return new KeymasterDateArgument(tag, in);
diff --git a/core/java/android/security/keymaster/KeymasterArguments.java b/core/java/android/security/keymaster/KeymasterArguments.java
index 82f65c72a6f0..084783baab22 100644
--- a/core/java/android/security/keymaster/KeymasterArguments.java
+++ b/core/java/android/security/keymaster/KeymasterArguments.java
@@ -1,11 +1,11 @@
-/**
- * Copyright (c) 2015, The Android Open Source Project
+/*
+ * Copyright (C) 2015 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -101,9 +101,9 @@ public class KeymasterArguments implements Parcelable {
     public int getInt(int tag, int defaultValue) {
         switch (KeymasterDefs.getTagType(tag)) {
             case KeymasterDefs.KM_ENUM:
-            case KeymasterDefs.KM_INT:
+            case KeymasterDefs.KM_UINT:
                 break; // Accepted types
-            case KeymasterDefs.KM_INT_REP:
+            case KeymasterDefs.KM_UINT_REP:
             case KeymasterDefs.KM_ENUM_REP:
                 throw new IllegalArgumentException("Repeatable tags must use getInts: " + tag);
             default:
@@ -118,9 +118,9 @@ public class KeymasterArguments implements Parcelable {
 
     public long getLong(int tag, long defaultValue) {
         switch (KeymasterDefs.getTagType(tag)) {
-            case KeymasterDefs.KM_LONG:
+            case KeymasterDefs.KM_ULONG:
                 break; // Accepted type
-            case KeymasterDefs.KM_LONG_REP:
+            case KeymasterDefs.KM_ULONG_REP:
                 throw new IllegalArgumentException("Repeatable tags must use getLongs: " + tag);
             default:
                 throw new IllegalArgumentException("Tag is not a long type: " + tag);
@@ -171,7 +171,7 @@ public class KeymasterArguments implements Parcelable {
 
     public List<Integer> getInts(int tag) {
         switch (KeymasterDefs.getTagType(tag)) {
-            case KeymasterDefs.KM_INT_REP:
+            case KeymasterDefs.KM_UINT_REP:
             case KeymasterDefs.KM_ENUM_REP:
                 break; // Allowed types.
             default:
@@ -187,7 +187,7 @@ public class KeymasterArguments implements Parcelable {
     }
 
     public List<Long> getLongs(int tag) {
-        if (KeymasterDefs.getTagType(tag) != KeymasterDefs.KM_LONG_REP) {
+        if (KeymasterDefs.getTagType(tag) != KeymasterDefs.KM_ULONG_REP) {
             throw new IllegalArgumentException("Tag is not a repeating long: " + tag);
         }
         List<Long> values = new ArrayList<Long>();
diff --git a/core/java/android/security/keymaster/KeymasterDefs.java b/core/java/android/security/keymaster/KeymasterDefs.java
index 574b2080d373..04d59522e40b 100644
--- a/core/java/android/security/keymaster/KeymasterDefs.java
+++ b/core/java/android/security/keymaster/KeymasterDefs.java
@@ -1,11 +1,11 @@
-/**
- * Copyright (c) 2015, The Android Open Source Project
+/*
+ * Copyright (C) 2015 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *     http://www.apache.org/licenses/LICENSE-2.0
+ *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -33,43 +33,43 @@ public final class KeymasterDefs {
     public static final int KM_INVALID = 0 << 28;
     public static final int KM_ENUM = 1 << 28;
     public static final int KM_ENUM_REP = 2 << 28;
-    public static final int KM_INT = 3 << 28;
-    public static final int KM_INT_REP = 4 << 28;
-    public static final int KM_LONG = 5 << 28;
+    public static final int KM_UINT = 3 << 28;
+    public static final int KM_UINT_REP = 4 << 28;
+    public static final int KM_ULONG = 5 << 28;
     public static final int KM_DATE = 6 << 28;
     public static final int KM_BOOL = 7 << 28;
     public static final int KM_BIGNUM = 8 << 28;
     public static final int KM_BYTES = 9 << 28;
-    public static final int KM_LONG_REP = 10 << 28;
+    public static final int KM_ULONG_REP = 10 << 28;
 
     // Tag values.
     public static final int KM_TAG_INVALID = KM_INVALID | 0;
     public static final int KM_TAG_PURPOSE = KM_ENUM_REP | 1;
     public static final int KM_TAG_ALGORITHM = KM_ENUM | 2;
-    public static final int KM_TAG_KEY_SIZE = KM_INT | 3;
+    public static final int KM_TAG_KEY_SIZE = KM_UINT | 3;
     public static final int KM_TAG_BLOCK_MODE = KM_ENUM_REP | 4;
     public static final int KM_TAG_DIGEST = KM_ENUM_REP | 5;
     public static final int KM_TAG_PADDING = KM_ENUM_REP | 6;
-    public static final int KM_TAG_RETURN_UNAUTHED = KM_BOOL | 7;
-    public static final int KM_TAG_CALLER_NONCE = KM_BOOL | 8;
+    public static final int KM_TAG_CALLER_NONCE = KM_BOOL | 7;
+    public static final int KM_TAG_MIN_MAC_LENGTH = KM_UINT | 8;
 
     public static final int KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101;
     public static final int KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102;
     public static final int KM_TAG_BLOB_USAGE_REQUIREMENTS = KM_ENUM | 705;
 
-    public static final int KM_TAG_RSA_PUBLIC_EXPONENT = KM_LONG | 200;
+    public static final int KM_TAG_RSA_PUBLIC_EXPONENT = KM_ULONG | 200;
     public static final int KM_TAG_ACTIVE_DATETIME = KM_DATE | 400;
     public static final int KM_TAG_ORIGINATION_EXPIRE_DATETIME = KM_DATE | 401;
     public static final int KM_TAG_USAGE_EXPIRE_DATETIME = KM_DATE | 402;
-    public static final int KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_INT | 403;
-    public static final int KM_TAG_MAX_USES_PER_BOOT = KM_INT | 404;
+    public static final int KM_TAG_MIN_SECONDS_BETWEEN_OPS = KM_UINT | 403;
+    public static final int KM_TAG_MAX_USES_PER_BOOT = KM_UINT | 404;
 
     public static final int KM_TAG_ALL_USERS = KM_BOOL | 500;
-    public static final int KM_TAG_USER_ID = KM_INT | 501;
-    public static final int KM_TAG_USER_SECURE_ID = KM_LONG_REP | 502;
+    public static final int KM_TAG_USER_ID = KM_UINT | 501;
+    public static final int KM_TAG_USER_SECURE_ID = KM_ULONG_REP | 502;
     public static final int KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503;
     public static final int KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504;
-    public static final int KM_TAG_AUTH_TIMEOUT = KM_INT | 505;
+    public static final int KM_TAG_AUTH_TIMEOUT = KM_UINT | 505;
 
     public static final int KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600;
     public static final int KM_TAG_APPLICATION_ID = KM_BYTES | 601;
@@ -82,9 +82,8 @@ public final class KeymasterDefs {
 
     public static final int KM_TAG_ASSOCIATED_DATA = KM_BYTES | 1000;
     public static final int KM_TAG_NONCE = KM_BYTES | 1001;
-    public static final int KM_TAG_CHUNK_LENGTH = KM_INT | 1002;
-    public static final int KM_TAG_AUTH_TOKEN = KM_BYTES | 1003;
-    public static final int KM_TAG_MAC_LENGTH = KM_INT | 1004;
+    public static final int KM_TAG_AUTH_TOKEN = KM_BYTES | 1002;
+    public static final int KM_TAG_MAC_LENGTH = KM_UINT | 1003;
 
     // Algorithm values.
     public static final int KM_ALGORITHM_RSA = 1;
@@ -93,12 +92,10 @@ public final class KeymasterDefs {
     public static final int KM_ALGORITHM_HMAC = 128;
 
     // Block modes.
-    public static final int KM_MODE_FIRST_UNAUTHENTICATED = 1;
-    public static final int KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED;
+    public static final int KM_MODE_ECB = 1;
     public static final int KM_MODE_CBC = 2;
-    public static final int KM_MODE_CTR = 4;
-    public static final int KM_MODE_FIRST_AUTHENTICATED = 32;
-    public static final int KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED;
+    public static final int KM_MODE_CTR = 3;
+    public static final int KM_MODE_GCM = 32;
 
     // Padding modes.
     public static final int KM_PAD_NONE = 1;
@@ -139,6 +136,7 @@ public final class KeymasterDefs {
 
     // User authenticators.
     public static final int HW_AUTH_PASSWORD = 1 << 0;
+    public static final int HW_AUTH_FINGERPRINT = 1 << 1;
 
     // Error codes.
     public static final int KM_ERROR_OK = 0;
@@ -193,9 +191,13 @@ public final class KeymasterDefs {
     public static final int KM_ERROR_UNSUPPORTED_EC_FIELD = -50;
     public static final int KM_ERROR_MISSING_NONCE = -51;
     public static final int KM_ERROR_INVALID_NONCE = -52;
-    public static final int KM_ERROR_UNSUPPORTED_CHUNK_LENGTH = -53;
-    public static final int KM_ERROR_RESCOPABLE_KEY_NOT_USABLE = -54;
+    public static final int KM_ERROR_MISSING_MAC_LENGTH = -53;
+    public static final int KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = -54;
     public static final int KM_ERROR_CALLER_NONCE_PROHIBITED = -55;
+    public static final int KM_ERROR_KEY_MAX_OPS_EXCEEDED = -56;
+    public static final int KM_ERROR_INVALID_MAC_LENGTH = -57;
+    public static final int KM_ERROR_MISSING_MIN_MAC_LENGTH = -58;
+    public static final int KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59;
     public static final int KM_ERROR_UNIMPLEMENTED = -100;
     public static final int KM_ERROR_VERSION_MISMATCH = -101;
     public static final int KM_ERROR_UNKNOWN_ERROR = -1000;
@@ -237,6 +239,10 @@ public final class KeymasterDefs {
         sErrorCodeToString.put(KM_ERROR_UNSUPPORTED_EC_FIELD, "Unsupported EC field");
         sErrorCodeToString.put(KM_ERROR_MISSING_NONCE, "Required IV missing");
         sErrorCodeToString.put(KM_ERROR_INVALID_NONCE, "Invalid IV");
+        sErrorCodeToString.put(KM_ERROR_CALLER_NONCE_PROHIBITED,
+                "Caller-provided IV not permitted");
+        sErrorCodeToString.put(KM_ERROR_INVALID_MAC_LENGTH,
+                "Invalid MAC or authentication tag length");
         sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented");
         sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error");
     }
diff --git a/core/java/android/security/keymaster/KeymasterIntArgument.java b/core/java/android/security/keymaster/KeymasterIntArgument.java
index 94ff87e892d2..1d4c7b7be2ce 100644
--- a/core/java/android/security/keymaster/KeymasterIntArgument.java
+++ b/core/java/android/security/keymaster/KeymasterIntArgument.java
@@ -28,8 +28,8 @@ class KeymasterIntArgument extends KeymasterArgument {
     public KeymasterIntArgument(int tag, int value) {
         super(tag);
         switch (KeymasterDefs.getTagType(tag)) {
-            case KeymasterDefs.KM_INT:
-            case KeymasterDefs.KM_INT_REP:
+            case KeymasterDefs.KM_UINT:
+            case KeymasterDefs.KM_UINT_REP:
             case KeymasterDefs.KM_ENUM:
             case KeymasterDefs.KM_ENUM_REP:
                 break; // OK.
diff --git a/core/java/android/security/keymaster/KeymasterLongArgument.java b/core/java/android/security/keymaster/KeymasterLongArgument.java
index e04ce5d9ac71..af0fb035010f 100644
--- a/core/java/android/security/keymaster/KeymasterLongArgument.java
+++ b/core/java/android/security/keymaster/KeymasterLongArgument.java
@@ -28,8 +28,8 @@ class KeymasterLongArgument extends KeymasterArgument {
     public KeymasterLongArgument(int tag, long value) {
         super(tag);
         switch (KeymasterDefs.getTagType(tag)) {
-            case KeymasterDefs.KM_LONG:
-            case KeymasterDefs.KM_LONG_REP:
+            case KeymasterDefs.KM_ULONG:
+            case KeymasterDefs.KM_ULONG_REP:
                 break; // OK.
             default:
                 throw new IllegalArgumentException("Bad long tag " + tag);
diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java
index 836b51402181..8476794f56d2 100644
--- a/keystore/tests/src/android/security/KeyStoreTest.java
+++ b/keystore/tests/src/android/security/KeyStoreTest.java
@@ -798,38 +798,6 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> {
         // TODO: Verify we have an RSA public key that's well formed.
     }
 
-    public void testAesGcmEncryptSuccess() throws Exception {
-        String name = "test";
-        KeymasterArguments args = new KeymasterArguments();
-        args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_ENCRYPT);
-        args.addInt(KeymasterDefs.KM_TAG_PURPOSE, KeymasterDefs.KM_PURPOSE_DECRYPT);
-        args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
-        args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
-        args.addInt(KeymasterDefs.KM_TAG_KEY_SIZE, 256);
-        args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM);
-        args.addInt(KeymasterDefs.KM_TAG_CHUNK_LENGTH, 4096);
-        args.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, 16);
-        args.addBoolean(KeymasterDefs.KM_TAG_NO_AUTH_REQUIRED);
-
-        KeyCharacteristics outCharacteristics = new KeyCharacteristics();
-        int rc = mKeyStore.generateKey(name, args, null, 0, outCharacteristics);
-        assertEquals("Generate should succeed", KeyStore.NO_ERROR, rc);
-
-        KeymasterArguments out = new KeymasterArguments();
-        args = new KeymasterArguments();
-        args.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_AES);
-        args.addInt(KeymasterDefs.KM_TAG_BLOCK_MODE, KeymasterDefs.KM_MODE_GCM);
-        args.addInt(KeymasterDefs.KM_TAG_PADDING, KeymasterDefs.KM_PAD_NONE);
-        OperationResult result = mKeyStore.begin(name, KeymasterDefs.KM_PURPOSE_ENCRYPT,
-                true, args, null, out);
-        IBinder token = result.token;
-        assertEquals("Begin should succeed", KeyStore.NO_ERROR, result.resultCode);
-        result = mKeyStore.update(token, null, new byte[] {0x01, 0x02, 0x03, 0x04});
-        assertEquals("Update should succeed", KeyStore.NO_ERROR, result.resultCode);
-        assertEquals("Finish should succeed", KeyStore.NO_ERROR,
-                mKeyStore.finish(token, null, null).resultCode);
-    }
-
     public void testBadToken() throws Exception {
         IBinder token = new Binder();
         OperationResult result = mKeyStore.update(token, null, new byte[] {0x01});