diff options
| author | Shawn Willden <swillden@google.com> | 2015-04-07 13:40:00 -0600 |
|---|---|---|
| committer | Shawn Willden <swillden@google.com> | 2015-04-09 12:31:18 -0600 |
| commit | c7deedad047c6e5833daeaa2a73f25b77ba0b9eb (patch) | |
| tree | 778730738c471006da555481b0fd312797fe4d06 | |
| parent | e9797a740c913cff9152f89d04fd6fb360dda048 (diff) | |
| download | libhardware-c7deedad047c6e5833daeaa2a73f25b77ba0b9eb.tar.gz | |
Reduce keymaster block modes to the required set.
Change-Id: I8f804978208e2c8701bd52dc79b5597a307b7e7a
| -rw-r--r-- | include/hardware/keymaster_defs.h | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h index a5b32ab7..97a3f09c 100644 --- a/include/hardware/keymaster_defs.h +++ b/include/hardware/keymaster_defs.h @@ -150,34 +150,23 @@ typedef enum { } keymaster_algorithm_t; /** - * Symmetric block cipher modes that may be provided by keymaster implementations. Those that must - * be provided by all implementations are tagged as "required". This type is new in 0_4. + * Symmetric block cipher modes provided by keymaster implementations. * - * KM_MODE_FIRST_UNAUTHENTICATED, KM_MODE_FIRST_AUTHENTICATED and KM_MODE_FIRST_MAC are not modes, - * but markers used to separate the available modes into classes. + * KM_MODE_FIRST_UNAUTHENTICATED and KM_MODE_FIRST_AUTHENTICATED are not modes but markers used to + * separate the available modes into classes. */ typedef enum { /* Unauthenticated modes, usable only for encryption/decryption and not generally recommended * except for compatibility with existing other protocols. */ KM_MODE_FIRST_UNAUTHENTICATED = 1, - KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, /* required */ - KM_MODE_CBC = 2, /* required */ - KM_MODE_CBC_CTS = 3, /* recommended */ - KM_MODE_CTR = 4, /* recommended */ - KM_MODE_OFB = 5, - KM_MODE_CFB = 6, - KM_MODE_XTS = 7, /* Note: requires double-length keys */ + KM_MODE_ECB = KM_MODE_FIRST_UNAUTHENTICATED, + KM_MODE_CBC = 2, + KM_MODE_CTR = 4, + /* Authenticated modes, usable for encryption/decryption and signing/verification. Recommended - * over unauthenticated modes for all purposes. One of KM_MODE_GCM and KM_MODE_OCB is - * required. */ + * over unauthenticated modes for all purposes. */ KM_MODE_FIRST_AUTHENTICATED = 32, KM_MODE_GCM = KM_MODE_FIRST_AUTHENTICATED, - KM_MODE_OCB = 33, - KM_MODE_CCM = 34, - /* MAC modes -- only for signing/verification */ - KM_MODE_FIRST_MAC = 128, - KM_MODE_CMAC = KM_MODE_FIRST_MAC, - KM_MODE_POLY1305 = 129, } keymaster_block_mode_t; /** |