diff options
-rw-r--r-- | include/hardware/keymaster_defs.h | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/include/hardware/keymaster_defs.h b/include/hardware/keymaster_defs.h index 664d3a7d..dd2c764d 100644 --- a/include/hardware/keymaster_defs.h +++ b/include/hardware/keymaster_defs.h @@ -41,6 +41,7 @@ typedef enum { KM_BOOL = 7 << 28, KM_BIGNUM = 8 << 28, KM_BYTES = 9 << 28, + KM_LONG_REP = 10 << 28, /* Repeatable long value */ } keymaster_tag_type_t; typedef enum { @@ -92,20 +93,23 @@ typedef enum { boot. */ /* User authentication */ - KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */ - KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if - KM_TAG_ALL_USERS is present. */ - KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 502, /* If key is usable without authentication. */ - KM_TAG_USER_AUTH_ID = KM_INT_REP | 503, /* ID of the authenticator to use (e.g. password, - fingerprint, etc.). Repeatable to support - multi-factor auth. Disallowed if - KM_TAG_NO_AUTH_REQUIRED is present. */ - KM_TAG_AUTH_TIMEOUT = KM_INT | 504, /* Required freshness of user authentication for - private/secret key operations, in seconds. - Public key operations require no authentication. - If absent, authentication is required for every - use. Authentication state is lost when the - device is powered off. */ + KM_TAG_ALL_USERS = KM_BOOL | 500, /* If key is usable by all users. */ + KM_TAG_USER_ID = KM_INT | 501, /* ID of authorized user. Disallowed if + KM_TAG_ALL_USERS is present. */ + KM_TAG_USER_SECURE_ID = KM_LONG_REP | 502, /* Secure ID of authorized user or authenticator(s). + Disallowed if KM_TAG_ALL_USERS or + KM_TAG_NO_AUTH_REQUIRED is present. */ + KM_TAG_NO_AUTH_REQUIRED = KM_BOOL | 503, /* If key is usable without authentication. */ + KM_TAG_USER_AUTH_TYPE = KM_ENUM | 504, /* Bitmask of authenticator types allowed when + * KM_TAG_USER_SECURE_ID contains a secure user ID, + * rather than a secure authenticator ID. Defined in + * hw_authenticator_type_t in hw_auth_token.h. */ + KM_TAG_AUTH_TIMEOUT = KM_INT | 505, /* Required freshness of user authentication for + private/secret key operations, in seconds. + Public key operations require no authentication. + If absent, authentication is required for every + use. Authentication state is lost when the + device is powered off. */ /* Application access control */ KM_TAG_ALL_APPLICATIONS = KM_BOOL | 600, /* If key is usable by all applications. */ @@ -486,6 +490,7 @@ inline int keymaster_param_compare(const keymaster_key_param_t* a, const keymast case KM_INT_REP: return KEYMASTER_SIMPLE_COMPARE(a->integer, b->integer); case KM_LONG: + case KM_LONG_REP: return KEYMASTER_SIMPLE_COMPARE(a->long_integer, b->long_integer); case KM_DATE: return KEYMASTER_SIMPLE_COMPARE(a->date_time, b->date_time); |