From 09b5826c68a6eb178892fafeb717a875f0c727a3 Mon Sep 17 00:00:00 2001 From: Shawn Willden Date: Sun, 6 Dec 2020 21:12:18 -0700 Subject: [PATCH] Move tag type comments where they belong. Because AIDL doesn't allow tag values to be constructed the way we did in HIDL (and before), each tag definition carries a comment specifying what the "magic" tag type value used in its construction means. This CL moves those comments so they're adjacent to the value they're documenting. Test: Build Change-Id: I30b037f9ddf6bf2b07326a53959d490e045c891a --- .../hardware/security/keymint/Tag.aidl | 119 +++++++++--------- 1 file changed, 59 insertions(+), 60 deletions(-) diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl index 532bc5de9b..3bc3f16d89 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl +++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl @@ -46,7 +46,7 @@ enum Tag { * * Must be hardware-enforced. */ - PURPOSE = (2 << 28) | 1, /* TagType:ENUM_REP */ + PURPOSE = (2 << 28) /* TagType:ENUM_REP */ | 1, /** * Tag::ALGORITHM specifies the cryptographic algorithm with which the key is used. This tag @@ -55,7 +55,7 @@ enum Tag { * * Must be hardware-enforced. */ - ALGORITHM = (1 << 28) | 2, /* TagType:ENUM */ + ALGORITHM = (1 << 28) /* TagType:ENUM */ | 2, /** * Tag::KEY_SIZE pecifies the size, in bits, of the key, measuring in the normal way for the @@ -67,7 +67,7 @@ enum Tag { * * Must be hardware-enforced. */ - KEY_SIZE = (3 << 28) | 3, /* TagType:UINT */ + KEY_SIZE = (3 << 28) /* TagType:UINT */ | 3, /** * Tag::BLOCK_MODE specifies the block cipher mode(s) with which the key may be used. This tag @@ -80,8 +80,8 @@ enum Tag { * * Must be hardware-enforced. */ - BLOCK_MODE = (2 << 28) | 4, - /* BlockMode. */ /* TagType:ENUM_REP */ + BLOCK_MODE = (2 << 28) /* TagType:ENUM_REP */ | 4, + /** * Tag::DIGEST specifies the digest algorithms that may be used with the key to perform signing @@ -95,7 +95,7 @@ enum Tag { * * Must be hardware-enforced. */ - DIGEST = (2 << 28) | 5, /* TagType:ENUM_REP */ + DIGEST = (2 << 28) /* TagType:ENUM_REP */ | 5, /** * Tag::PADDING specifies the padding modes that may be used with the key. This tag is relevant @@ -123,7 +123,7 @@ enum Tag { * * Must be hardware-enforced. */ - PADDING = (2 << 28) | 6, /* TagType:ENUM_REP */ + PADDING = (2 << 28) /* TagType:ENUM_REP */ | 6, /** * Tag::CALLER_NONCE specifies that the caller can provide a nonce for nonce-requiring @@ -136,7 +136,7 @@ enum Tag { * * Must be hardware-enforced. */ - CALLER_NONCE = (7 << 28) | 7, /* TagType:BOOL */ + CALLER_NONCE = (7 << 28) /* TagType:BOOL */ | 7, /** * Tag::MIN_MAC_LENGTH specifies the minimum length of MAC that can be requested or verified @@ -149,7 +149,7 @@ enum Tag { * * Must be hardware-enforced. */ - MIN_MAC_LENGTH = (3 << 28) | 8, /* TagType:UINT */ + MIN_MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 8, // Tag 9 reserved @@ -160,7 +160,7 @@ enum Tag { * * Must be hardware-enforced. */ - EC_CURVE = (1 << 28) | 10, /* TagType:ENUM */ + EC_CURVE = (1 << 28) /* TagType:ENUM */ | 10, /** * Tag::RSA_PUBLIC_EXPONENT specifies the value of the public exponent for an RSA key pair. @@ -174,7 +174,7 @@ enum Tag { * * Must be hardware-enforced. */ - RSA_PUBLIC_EXPONENT = (5 << 28) | 200, /* TagType:ULONG */ + RSA_PUBLIC_EXPONENT = (5 << 28) /* TagType:ULONG */ | 200, // Tag 201 reserved @@ -185,7 +185,7 @@ enum Tag { * * Must be hardware-enforced. */ - INCLUDE_UNIQUE_ID = (7 << 28) | 202, /* TagType:BOOL */ + INCLUDE_UNIQUE_ID = (7 << 28) /* TagType:BOOL */ | 202, /** * TODO(seleneh) this tag needs to be deleted from all codes. @@ -202,7 +202,7 @@ enum Tag { * * Must be hardware-enforced. */ - BLOB_USAGE_REQUIREMENTS = (1 << 28) | 301, /* TagType:ENUM */ + BLOB_USAGE_REQUIREMENTS = (1 << 28) /* TagType:ENUM */ | 301, /** * Tag::BOOTLOADER_ONLY specifies only the bootloader can use the key. @@ -212,7 +212,7 @@ enum Tag { * * Must be hardware-enforced. */ - BOOTLOADER_ONLY = (7 << 28) | 302, /* TagType:BOOL */ + BOOTLOADER_ONLY = (7 << 28) /* TagType:BOOL */ | 302, /** * Tag::ROLLBACK_RESISTANCE specifies that the key has rollback resistance, meaning that when @@ -227,16 +227,16 @@ enum Tag { * * Must be hardwared-enforced. */ - ROLLBACK_RESISTANCE = (7 << 28) | 303, /* TagType:BOOL */ + ROLLBACK_RESISTANCE = (7 << 28) /* TagType:BOOL */ | 303, // Reserved for future use. - HARDWARE_TYPE = (1 << 28) | 304, /* TagType:ENUM */ + HARDWARE_TYPE = (1 << 28) /* TagType:ENUM */ | 304, /** * Keys tagged with EARLY_BOOT_ONLY may only be used, or created, during early boot, until * IKeyMintDevice::earlyBootEnded() is called. */ - EARLY_BOOT_ONLY = (7 << 28) | 305, /* TagType:BOOL */ + EARLY_BOOT_ONLY = (7 << 28) /* TagType:BOOL */ | 305, /** * Tag::ACTIVE_DATETIME specifies the date and time at which the key becomes active, in @@ -245,8 +245,7 @@ enum Tag { * * Need not be hardware-enforced. */ - ACTIVE_DATETIME = (6 << 28) | 400, - /* Start of validity. */ /* TagType:DATE */ + ACTIVE_DATETIME = (6 << 28) /* TagType:DATE */ | 400, /** * Tag::ORIGINATION_EXPIRE_DATETIME specifies the date and time at which the key expires for @@ -258,7 +257,7 @@ enum Tag { * * Need not be hardware-enforced. */ - ORIGINATION_EXPIRE_DATETIME = (6 << 28) | 401, /* TagType:DATE */ + ORIGINATION_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 401, /** * Tag::USAGE_EXPIRE_DATETIME specifies the date and time at which the key expires for @@ -270,7 +269,7 @@ enum Tag { * * Need not be hardware-enforced. */ - USAGE_EXPIRE_DATETIME = (6 << 28) | 402, /* TagType:DATE */ + USAGE_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 402, /** * TODO(seleneh) this tag need to be deleted. @@ -295,7 +294,7 @@ enum Tag { * * Must be hardware-enforced. */ - MIN_SECONDS_BETWEEN_OPS = (3 << 28) | 403, /* TagType:UINT */ + MIN_SECONDS_BETWEEN_OPS = (3 << 28) /* TagType:UINT */ | 403, /** * Tag::MAX_USES_PER_BOOT specifies the maximum number of times that a key may be used between @@ -315,14 +314,14 @@ enum Tag { * * Must be hardware-enforced. */ - MAX_USES_PER_BOOT = (3 << 28) | 404, /* TagType:UINT */ + MAX_USES_PER_BOOT = (3 << 28) /* TagType:UINT */ | 404, /** * Tag::USER_ID specifies the ID of the Android user that is permitted to use the key. * * Must not be hardware-enforced. */ - USER_ID = (3 << 28) | 501, /* TagType:UINT */ + USER_ID = (3 << 28) /* TagType:UINT */ | 501, /** * Tag::USER_SECURE_ID specifies that a key may only be used under a particular secure user @@ -355,7 +354,7 @@ enum Tag { * * Must be hardware-enforced. */ - USER_SECURE_ID = (10 << 28) | 502, /* TagType:ULONG_REP */ + USER_SECURE_ID = (10 << 28) /* TagType:ULONG_REP */ | 502, /** * Tag::NO_AUTH_REQUIRED specifies that no authentication is required to use this key. This tag @@ -363,7 +362,7 @@ enum Tag { * * Must be hardware-enforced. */ - NO_AUTH_REQUIRED = (7 << 28) | 503, /* TagType:BOOL */ + NO_AUTH_REQUIRED = (7 << 28) /* TagType:BOOL */ | 503, /** * Tag::USER_AUTH_TYPE specifies the types of user authenticators that may be used to authorize @@ -382,7 +381,7 @@ enum Tag { * * Must be hardware-enforced. */ - USER_AUTH_TYPE = (1 << 28) | 504, /* TagType:ENUM */ + USER_AUTH_TYPE = (1 << 28) /* TagType:ENUM */ | 504, /** * Tag::AUTH_TIMEOUT specifies the time in seconds for which the key is authorized for use, @@ -396,7 +395,7 @@ enum Tag { * * Must be hardware-enforced. */ - AUTH_TIMEOUT = (3 << 28) | 505, /* TagType:UINT */ + AUTH_TIMEOUT = (3 << 28) /* TagType:UINT */ | 505, /** * Tag::ALLOW_WHILE_ON_BODY specifies that the key may be used after authentication timeout if @@ -404,7 +403,7 @@ enum Tag { * * Cannot be hardware-enforced. */ - ALLOW_WHILE_ON_BODY = (7 << 28) | 506, /* TagType:BOOL */ + ALLOW_WHILE_ON_BODY = (7 << 28) /* TagType:BOOL */ | 506, /** * TRUSTED_USER_PRESENCE_REQUIRED is an optional feature that specifies that this key must be @@ -451,7 +450,7 @@ enum Tag { * * Must be hardware-enforced. */ - TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) | 507, /* TagType:BOOL */ + TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 507, /** Tag::TRUSTED_CONFIRMATION_REQUIRED is only applicable to keys with KeyPurpose SIGN, and * specifies that this key must not be usable unless the user provides confirmation of the data @@ -464,7 +463,7 @@ enum Tag { * * Must be hardware-enforced. */ - TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) | 508, /* TagType:BOOL */ + TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) /* TagType:BOOL */ | 508, /** * Tag::UNLOCKED_DEVICE_REQUIRED specifies that the key may only be used when the device is @@ -472,7 +471,7 @@ enum Tag { * * Must be software-enforced. */ - UNLOCKED_DEVICE_REQUIRED = (7 << 28) | 509, /* TagType:BOOL */ + UNLOCKED_DEVICE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 509, /** * Tag::APPLICATION_ID. When provided to generateKey or importKey, this tag specifies data @@ -488,7 +487,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - APPLICATION_ID = (9 << 28) | 601, /* TagType:BYTES */ + APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 601, /* * Semantically unenforceable tags, either because they have no specific meaning or because @@ -509,7 +508,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - APPLICATION_DATA = (9 << 28) | 700, /* TagType:BYTES */ + APPLICATION_DATA = (9 << 28) /* TagType:BYTES */ | 700, /** * Tag::CREATION_DATETIME specifies the date and time the key was created, in milliseconds since @@ -518,7 +517,7 @@ enum Tag { * Tag::CREATED is informational only, and not enforced by anything. Must be in the * software-enforced list, if provided. */ - CREATION_DATETIME = (6 << 28) | 701, /* TagType:DATE */ + CREATION_DATETIME = (6 << 28) /* TagType:DATE */ | 701, /** * Tag::ORIGIN specifies where the key was created, if known. This tag must not be specified @@ -527,7 +526,7 @@ enum Tag { * * Must be hardware-enforced. */ - ORIGIN = (1 << 28) | 702, /* TagType:ENUM */ + ORIGIN = (1 << 28) /* TagType:ENUM */ | 702, // 703 is unused. @@ -539,7 +538,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ROOT_OF_TRUST = (9 << 28) | 704, /* TagType:BYTES */ + ROOT_OF_TRUST = (9 << 28) /* TagType:BYTES */ | 704, /** * Tag::OS_VERSION specifies the system OS version with which the key may be used. This tag is @@ -562,7 +561,7 @@ enum Tag { * * Must be hardware-enforced. */ - OS_VERSION = (3 << 28) | 705, /* TagType:UINT */ + OS_VERSION = (3 << 28) /* TagType:UINT */ | 705, /** * Tag::OS_PATCHLEVEL specifies the system security patch level with which the key may be used. @@ -583,7 +582,7 @@ enum Tag { * * Must be hardware-enforced. */ - OS_PATCHLEVEL = (3 << 28) | 706, /* TagType:UINT */ + OS_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 706, /** * Tag::UNIQUE_ID specifies a unique, time-based identifier. This tag is never provided to or @@ -617,7 +616,7 @@ enum Tag { * * Must be hardware-enforced. */ - UNIQUE_ID = (9 << 28) | 707, /* TagType:BYTES */ + UNIQUE_ID = (9 << 28) /* TagType:BYTES */ | 707, /** * Tag::ATTESTATION_CHALLENGE is used to deliver a "challenge" value to the attestKey() method, @@ -626,7 +625,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ATTESTATION_CHALLENGE = (9 << 28) | 708, /* TagType:BYTES */ + ATTESTATION_CHALLENGE = (9 << 28) /* TagType:BYTES */ | 708, /** * Tag::ATTESTATION_APPLICATION_ID identifies the set of applications which may use a key, used @@ -652,7 +651,7 @@ enum Tag { * * Cannot be hardware-enforced. */ - ATTESTATION_APPLICATION_ID = (9 << 28) | 709, /* TagType:BYTES */ + ATTESTATION_APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 709, /** * Tag::ATTESTATION_ID_BRAND provides the device's brand name, as returned by Build.BRAND in @@ -665,7 +664,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ATTESTATION_ID_BRAND = (9 << 28) | 710, /* TagType:BYTES */ + ATTESTATION_ID_BRAND = (9 << 28) /* TagType:BYTES */ | 710, /** * Tag::ATTESTATION_ID_DEVICE provides the device's device name, as returned by Build.DEVICE in @@ -678,7 +677,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ATTESTATION_ID_DEVICE = (9 << 28) | 711, /* TagType:BYTES */ + ATTESTATION_ID_DEVICE = (9 << 28) /* TagType:BYTES */ | 711, /** * Tag::ATTESTATION_ID_PRODUCT provides the device's product name, as returned by Build.PRODUCT @@ -691,7 +690,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ATTESTATION_ID_PRODUCT = (9 << 28) | 712, /* TagType:BYTES */ + ATTESTATION_ID_PRODUCT = (9 << 28) /* TagType:BYTES */ | 712, /** * Tag::ATTESTATION_ID_SERIAL the device's serial number. This field must be set only when @@ -703,7 +702,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ATTESTATION_ID_SERIAL = (9 << 28) | 713, /* TagType:BYTES */ + ATTESTATION_ID_SERIAL = (9 << 28) /* TagType:BYTES */ | 713, /** * Tag::ATTESTATION_ID_IMEI provides the IMEIs for all radios on the device to attestKey(). @@ -715,7 +714,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ATTESTATION_ID_IMEI = (9 << 28) | 714, /* TagType:BYTES */ + ATTESTATION_ID_IMEI = (9 << 28) /* TagType:BYTES */ | 714, /** * Tag::ATTESTATION_ID_MEID provides the MEIDs for all radios on the device to attestKey(). @@ -727,7 +726,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ATTESTATION_ID_MEID = (9 << 28) | 715, /* TagType:BYTES */ + ATTESTATION_ID_MEID = (9 << 28) /* TagType:BYTES */ | 715, /** * Tag::ATTESTATION_ID_MANUFACTURER provides the device's manufacturer name, as returned by @@ -740,7 +739,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ATTESTATION_ID_MANUFACTURER = (9 << 28) | 716, /* TagType:BYTES */ + ATTESTATION_ID_MANUFACTURER = (9 << 28) /* TagType:BYTES */ | 716, /** * Tag::ATTESTATION_ID_MODEL provides the device's model name, as returned by Build.MODEL in @@ -753,7 +752,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - ATTESTATION_ID_MODEL = (9 << 28) | 717, /* TagType:BYTES */ + ATTESTATION_ID_MODEL = (9 << 28) /* TagType:BYTES */ | 717, /** * Tag::VENDOR_PATCHLEVEL specifies the vendor image security patch level with which the key may @@ -775,7 +774,7 @@ enum Tag { * * Must be hardware-enforced. */ - VENDOR_PATCHLEVEL = (3 << 28) | 718, /* TagType:UINT */ + VENDOR_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 718, /** * Tag::BOOT_PATCHLEVEL specifies the boot image (kernel) security patch level with which the @@ -795,7 +794,7 @@ enum Tag { * * Must be hardware-enforced. */ - BOOT_PATCHLEVEL = (3 << 28) | 719, /* TagType:UINT */ + BOOT_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 719, /** * DEVICE_UNIQUE_ATTESTATION is an argument to IKeyMintDevice::attestKey(). It indicates that @@ -811,7 +810,7 @@ enum Tag { * IKeyMintDevice implementations that support device-unique attestation MUST add the * DEVICE_UNIQUE_ATTESTATION tag to device-unique attestations. */ - DEVICE_UNIQUE_ATTESTATION = (7 << 28) | 720, /* TagType:BOOL */ + DEVICE_UNIQUE_ATTESTATION = (7 << 28) /* TagType:BOOL */ | 720, /** * IDENTITY_CREDENTIAL_KEY is never used by IKeyMintDevice, is not a valid argument to key @@ -819,7 +818,7 @@ enum Tag { * attestation. It is used in attestations produced by the IIdentityCredential HAL when that * HAL attests to Credential Keys. IIdentityCredential produces KeyMint-style attestations. */ - IDENTITY_CREDENTIAL_KEY = (7 << 28) | 721, /* TagType:BOOL */ + IDENTITY_CREDENTIAL_KEY = (7 << 28) /* TagType:BOOL */ | 721, /** * To prevent keys from being compromised if an attacker acquires read access to system / kernel @@ -836,7 +835,7 @@ enum Tag { * ErrorCode::INVALID_OPERATION is returned when a key with Tag::STORAGE_KEY is provided to * begin(). */ - STORAGE_KEY = (7 << 28) | 722, /* TagType:BOOL */ + STORAGE_KEY = (7 << 28) /* TagType:BOOL */ | 722, /** * Tag::ASSOCIATED_DATA Provides "associated data" for AES-GCM encryption or decryption. This @@ -845,7 +844,7 @@ enum Tag { * * Must never appear KeyCharacteristics. */ - ASSOCIATED_DATA = (9 << 28) | 1000, /* TagType:BYTES */ + ASSOCIATED_DATA = (9 << 28) /* TagType:BYTES */ | 1000, /** * Tag::NONCE is used to provide or return a nonce or Initialization Vector (IV) for AES-GCM, @@ -860,7 +859,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - NONCE = (9 << 28) | 1001, /* TagType:BYTES */ + NONCE = (9 << 28) /* TagType:BYTES */ | 1001, /** * Tag::MAC_LENGTH provides the requested length of a MAC or GCM authentication tag, in bits. @@ -871,7 +870,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - MAC_LENGTH = (3 << 28) | 1003, /* TagType:UINT */ + MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 1003, /** * Tag::RESET_SINCE_ID_ROTATION specifies whether the device has been factory reset since the @@ -879,7 +878,7 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - RESET_SINCE_ID_ROTATION = (7 << 28) | 1004, /* TagType:BOOL */ + RESET_SINCE_ID_ROTATION = (7 << 28) /* TagType:BOOL */ | 1004, /** * Tag::CONFIRMATION_TOKEN is used to deliver a cryptographic token proving that the user @@ -888,5 +887,5 @@ enum Tag { * * Must never appear in KeyCharacteristics. */ - CONFIRMATION_TOKEN = (9 << 28) | 1005, /* TagType:BYTES */ + CONFIRMATION_TOKEN = (9 << 28) /* TagType:BYTES */ | 1005, }