Move tag type comments where they belong.
Because AIDL doesn't allow tag values to be constructed the way we
did in HIDL (and before), each tag definition carries a comment
specifying what the "magic" tag type value used in its construction
means. This CL moves those comments so they're adjacent to the value
they're documenting.
Test: Build
Change-Id: I30b037f9ddf6bf2b07326a53959d490e045c891a
diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
index 532bc5d..3bc3f16 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -46,7 +46,7 @@
*
* Must be hardware-enforced.
*/
- PURPOSE = (2 << 28) | 1, /* TagType:ENUM_REP */
+ PURPOSE = (2 << 28) /* TagType:ENUM_REP */ | 1,
/**
* Tag::ALGORITHM specifies the cryptographic algorithm with which the key is used. This tag
@@ -55,7 +55,7 @@
*
* Must be hardware-enforced.
*/
- ALGORITHM = (1 << 28) | 2, /* TagType:ENUM */
+ ALGORITHM = (1 << 28) /* TagType:ENUM */ | 2,
/**
* Tag::KEY_SIZE pecifies the size, in bits, of the key, measuring in the normal way for the
@@ -67,7 +67,7 @@
*
* Must be hardware-enforced.
*/
- KEY_SIZE = (3 << 28) | 3, /* TagType:UINT */
+ KEY_SIZE = (3 << 28) /* TagType:UINT */ | 3,
/**
* Tag::BLOCK_MODE specifies the block cipher mode(s) with which the key may be used. This tag
@@ -80,8 +80,8 @@
*
* Must be hardware-enforced.
*/
- BLOCK_MODE = (2 << 28) | 4,
- /* BlockMode. */ /* TagType:ENUM_REP */
+ BLOCK_MODE = (2 << 28) /* TagType:ENUM_REP */ | 4,
+
/**
* Tag::DIGEST specifies the digest algorithms that may be used with the key to perform signing
@@ -95,7 +95,7 @@
*
* Must be hardware-enforced.
*/
- DIGEST = (2 << 28) | 5, /* TagType:ENUM_REP */
+ DIGEST = (2 << 28) /* TagType:ENUM_REP */ | 5,
/**
* Tag::PADDING specifies the padding modes that may be used with the key. This tag is relevant
@@ -123,7 +123,7 @@
*
* Must be hardware-enforced.
*/
- PADDING = (2 << 28) | 6, /* TagType:ENUM_REP */
+ PADDING = (2 << 28) /* TagType:ENUM_REP */ | 6,
/**
* Tag::CALLER_NONCE specifies that the caller can provide a nonce for nonce-requiring
@@ -136,7 +136,7 @@
*
* Must be hardware-enforced.
*/
- CALLER_NONCE = (7 << 28) | 7, /* TagType:BOOL */
+ CALLER_NONCE = (7 << 28) /* TagType:BOOL */ | 7,
/**
* Tag::MIN_MAC_LENGTH specifies the minimum length of MAC that can be requested or verified
@@ -149,7 +149,7 @@
*
* Must be hardware-enforced.
*/
- MIN_MAC_LENGTH = (3 << 28) | 8, /* TagType:UINT */
+ MIN_MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 8,
// Tag 9 reserved
@@ -160,7 +160,7 @@
*
* Must be hardware-enforced.
*/
- EC_CURVE = (1 << 28) | 10, /* TagType:ENUM */
+ EC_CURVE = (1 << 28) /* TagType:ENUM */ | 10,
/**
* Tag::RSA_PUBLIC_EXPONENT specifies the value of the public exponent for an RSA key pair.
@@ -174,7 +174,7 @@
*
* Must be hardware-enforced.
*/
- RSA_PUBLIC_EXPONENT = (5 << 28) | 200, /* TagType:ULONG */
+ RSA_PUBLIC_EXPONENT = (5 << 28) /* TagType:ULONG */ | 200,
// Tag 201 reserved
@@ -185,7 +185,7 @@
*
* Must be hardware-enforced.
*/
- INCLUDE_UNIQUE_ID = (7 << 28) | 202, /* TagType:BOOL */
+ INCLUDE_UNIQUE_ID = (7 << 28) /* TagType:BOOL */ | 202,
/**
* TODO(seleneh) this tag needs to be deleted from all codes.
@@ -202,7 +202,7 @@
*
* Must be hardware-enforced.
*/
- BLOB_USAGE_REQUIREMENTS = (1 << 28) | 301, /* TagType:ENUM */
+ BLOB_USAGE_REQUIREMENTS = (1 << 28) /* TagType:ENUM */ | 301,
/**
* Tag::BOOTLOADER_ONLY specifies only the bootloader can use the key.
@@ -212,7 +212,7 @@
*
* Must be hardware-enforced.
*/
- BOOTLOADER_ONLY = (7 << 28) | 302, /* TagType:BOOL */
+ BOOTLOADER_ONLY = (7 << 28) /* TagType:BOOL */ | 302,
/**
* Tag::ROLLBACK_RESISTANCE specifies that the key has rollback resistance, meaning that when
@@ -227,16 +227,16 @@
*
* Must be hardwared-enforced.
*/
- ROLLBACK_RESISTANCE = (7 << 28) | 303, /* TagType:BOOL */
+ ROLLBACK_RESISTANCE = (7 << 28) /* TagType:BOOL */ | 303,
// Reserved for future use.
- HARDWARE_TYPE = (1 << 28) | 304, /* TagType:ENUM */
+ HARDWARE_TYPE = (1 << 28) /* TagType:ENUM */ | 304,
/**
* Keys tagged with EARLY_BOOT_ONLY may only be used, or created, during early boot, until
* IKeyMintDevice::earlyBootEnded() is called.
*/
- EARLY_BOOT_ONLY = (7 << 28) | 305, /* TagType:BOOL */
+ EARLY_BOOT_ONLY = (7 << 28) /* TagType:BOOL */ | 305,
/**
* Tag::ACTIVE_DATETIME specifies the date and time at which the key becomes active, in
@@ -245,8 +245,7 @@
*
* Need not be hardware-enforced.
*/
- ACTIVE_DATETIME = (6 << 28) | 400,
- /* Start of validity. */ /* TagType:DATE */
+ ACTIVE_DATETIME = (6 << 28) /* TagType:DATE */ | 400,
/**
* Tag::ORIGINATION_EXPIRE_DATETIME specifies the date and time at which the key expires for
@@ -258,7 +257,7 @@
*
* Need not be hardware-enforced.
*/
- ORIGINATION_EXPIRE_DATETIME = (6 << 28) | 401, /* TagType:DATE */
+ ORIGINATION_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 401,
/**
* Tag::USAGE_EXPIRE_DATETIME specifies the date and time at which the key expires for
@@ -270,7 +269,7 @@
*
* Need not be hardware-enforced.
*/
- USAGE_EXPIRE_DATETIME = (6 << 28) | 402, /* TagType:DATE */
+ USAGE_EXPIRE_DATETIME = (6 << 28) /* TagType:DATE */ | 402,
/**
* TODO(seleneh) this tag need to be deleted.
@@ -295,7 +294,7 @@
*
* Must be hardware-enforced.
*/
- MIN_SECONDS_BETWEEN_OPS = (3 << 28) | 403, /* TagType:UINT */
+ MIN_SECONDS_BETWEEN_OPS = (3 << 28) /* TagType:UINT */ | 403,
/**
* Tag::MAX_USES_PER_BOOT specifies the maximum number of times that a key may be used between
@@ -315,14 +314,14 @@
*
* Must be hardware-enforced.
*/
- MAX_USES_PER_BOOT = (3 << 28) | 404, /* TagType:UINT */
+ MAX_USES_PER_BOOT = (3 << 28) /* TagType:UINT */ | 404,
/**
* Tag::USER_ID specifies the ID of the Android user that is permitted to use the key.
*
* Must not be hardware-enforced.
*/
- USER_ID = (3 << 28) | 501, /* TagType:UINT */
+ USER_ID = (3 << 28) /* TagType:UINT */ | 501,
/**
* Tag::USER_SECURE_ID specifies that a key may only be used under a particular secure user
@@ -355,7 +354,7 @@
*
* Must be hardware-enforced.
*/
- USER_SECURE_ID = (10 << 28) | 502, /* TagType:ULONG_REP */
+ USER_SECURE_ID = (10 << 28) /* TagType:ULONG_REP */ | 502,
/**
* Tag::NO_AUTH_REQUIRED specifies that no authentication is required to use this key. This tag
@@ -363,7 +362,7 @@
*
* Must be hardware-enforced.
*/
- NO_AUTH_REQUIRED = (7 << 28) | 503, /* TagType:BOOL */
+ NO_AUTH_REQUIRED = (7 << 28) /* TagType:BOOL */ | 503,
/**
* Tag::USER_AUTH_TYPE specifies the types of user authenticators that may be used to authorize
@@ -382,7 +381,7 @@
*
* Must be hardware-enforced.
*/
- USER_AUTH_TYPE = (1 << 28) | 504, /* TagType:ENUM */
+ USER_AUTH_TYPE = (1 << 28) /* TagType:ENUM */ | 504,
/**
* Tag::AUTH_TIMEOUT specifies the time in seconds for which the key is authorized for use,
@@ -396,7 +395,7 @@
*
* Must be hardware-enforced.
*/
- AUTH_TIMEOUT = (3 << 28) | 505, /* TagType:UINT */
+ AUTH_TIMEOUT = (3 << 28) /* TagType:UINT */ | 505,
/**
* Tag::ALLOW_WHILE_ON_BODY specifies that the key may be used after authentication timeout if
@@ -404,7 +403,7 @@
*
* Cannot be hardware-enforced.
*/
- ALLOW_WHILE_ON_BODY = (7 << 28) | 506, /* TagType:BOOL */
+ ALLOW_WHILE_ON_BODY = (7 << 28) /* TagType:BOOL */ | 506,
/**
* TRUSTED_USER_PRESENCE_REQUIRED is an optional feature that specifies that this key must be
@@ -451,7 +450,7 @@
*
* Must be hardware-enforced.
*/
- TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) | 507, /* TagType:BOOL */
+ TRUSTED_USER_PRESENCE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 507,
/** Tag::TRUSTED_CONFIRMATION_REQUIRED is only applicable to keys with KeyPurpose SIGN, and
* specifies that this key must not be usable unless the user provides confirmation of the data
@@ -464,7 +463,7 @@
*
* Must be hardware-enforced.
*/
- TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) | 508, /* TagType:BOOL */
+ TRUSTED_CONFIRMATION_REQUIRED = (7 << 28) /* TagType:BOOL */ | 508,
/**
* Tag::UNLOCKED_DEVICE_REQUIRED specifies that the key may only be used when the device is
@@ -472,7 +471,7 @@
*
* Must be software-enforced.
*/
- UNLOCKED_DEVICE_REQUIRED = (7 << 28) | 509, /* TagType:BOOL */
+ UNLOCKED_DEVICE_REQUIRED = (7 << 28) /* TagType:BOOL */ | 509,
/**
* Tag::APPLICATION_ID. When provided to generateKey or importKey, this tag specifies data
@@ -488,7 +487,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- APPLICATION_ID = (9 << 28) | 601, /* TagType:BYTES */
+ APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 601,
/*
* Semantically unenforceable tags, either because they have no specific meaning or because
@@ -509,7 +508,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- APPLICATION_DATA = (9 << 28) | 700, /* TagType:BYTES */
+ APPLICATION_DATA = (9 << 28) /* TagType:BYTES */ | 700,
/**
* Tag::CREATION_DATETIME specifies the date and time the key was created, in milliseconds since
@@ -518,7 +517,7 @@
* Tag::CREATED is informational only, and not enforced by anything. Must be in the
* software-enforced list, if provided.
*/
- CREATION_DATETIME = (6 << 28) | 701, /* TagType:DATE */
+ CREATION_DATETIME = (6 << 28) /* TagType:DATE */ | 701,
/**
* Tag::ORIGIN specifies where the key was created, if known. This tag must not be specified
@@ -527,7 +526,7 @@
*
* Must be hardware-enforced.
*/
- ORIGIN = (1 << 28) | 702, /* TagType:ENUM */
+ ORIGIN = (1 << 28) /* TagType:ENUM */ | 702,
// 703 is unused.
@@ -539,7 +538,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ROOT_OF_TRUST = (9 << 28) | 704, /* TagType:BYTES */
+ ROOT_OF_TRUST = (9 << 28) /* TagType:BYTES */ | 704,
/**
* Tag::OS_VERSION specifies the system OS version with which the key may be used. This tag is
@@ -562,7 +561,7 @@
*
* Must be hardware-enforced.
*/
- OS_VERSION = (3 << 28) | 705, /* TagType:UINT */
+ OS_VERSION = (3 << 28) /* TagType:UINT */ | 705,
/**
* Tag::OS_PATCHLEVEL specifies the system security patch level with which the key may be used.
@@ -583,7 +582,7 @@
*
* Must be hardware-enforced.
*/
- OS_PATCHLEVEL = (3 << 28) | 706, /* TagType:UINT */
+ OS_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 706,
/**
* Tag::UNIQUE_ID specifies a unique, time-based identifier. This tag is never provided to or
@@ -617,7 +616,7 @@
*
* Must be hardware-enforced.
*/
- UNIQUE_ID = (9 << 28) | 707, /* TagType:BYTES */
+ UNIQUE_ID = (9 << 28) /* TagType:BYTES */ | 707,
/**
* Tag::ATTESTATION_CHALLENGE is used to deliver a "challenge" value to the attestKey() method,
@@ -626,7 +625,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ATTESTATION_CHALLENGE = (9 << 28) | 708, /* TagType:BYTES */
+ ATTESTATION_CHALLENGE = (9 << 28) /* TagType:BYTES */ | 708,
/**
* Tag::ATTESTATION_APPLICATION_ID identifies the set of applications which may use a key, used
@@ -652,7 +651,7 @@
*
* Cannot be hardware-enforced.
*/
- ATTESTATION_APPLICATION_ID = (9 << 28) | 709, /* TagType:BYTES */
+ ATTESTATION_APPLICATION_ID = (9 << 28) /* TagType:BYTES */ | 709,
/**
* Tag::ATTESTATION_ID_BRAND provides the device's brand name, as returned by Build.BRAND in
@@ -665,7 +664,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ATTESTATION_ID_BRAND = (9 << 28) | 710, /* TagType:BYTES */
+ ATTESTATION_ID_BRAND = (9 << 28) /* TagType:BYTES */ | 710,
/**
* Tag::ATTESTATION_ID_DEVICE provides the device's device name, as returned by Build.DEVICE in
@@ -678,7 +677,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ATTESTATION_ID_DEVICE = (9 << 28) | 711, /* TagType:BYTES */
+ ATTESTATION_ID_DEVICE = (9 << 28) /* TagType:BYTES */ | 711,
/**
* Tag::ATTESTATION_ID_PRODUCT provides the device's product name, as returned by Build.PRODUCT
@@ -691,7 +690,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ATTESTATION_ID_PRODUCT = (9 << 28) | 712, /* TagType:BYTES */
+ ATTESTATION_ID_PRODUCT = (9 << 28) /* TagType:BYTES */ | 712,
/**
* Tag::ATTESTATION_ID_SERIAL the device's serial number. This field must be set only when
@@ -703,7 +702,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ATTESTATION_ID_SERIAL = (9 << 28) | 713, /* TagType:BYTES */
+ ATTESTATION_ID_SERIAL = (9 << 28) /* TagType:BYTES */ | 713,
/**
* Tag::ATTESTATION_ID_IMEI provides the IMEIs for all radios on the device to attestKey().
@@ -715,7 +714,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ATTESTATION_ID_IMEI = (9 << 28) | 714, /* TagType:BYTES */
+ ATTESTATION_ID_IMEI = (9 << 28) /* TagType:BYTES */ | 714,
/**
* Tag::ATTESTATION_ID_MEID provides the MEIDs for all radios on the device to attestKey().
@@ -727,7 +726,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ATTESTATION_ID_MEID = (9 << 28) | 715, /* TagType:BYTES */
+ ATTESTATION_ID_MEID = (9 << 28) /* TagType:BYTES */ | 715,
/**
* Tag::ATTESTATION_ID_MANUFACTURER provides the device's manufacturer name, as returned by
@@ -740,7 +739,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ATTESTATION_ID_MANUFACTURER = (9 << 28) | 716, /* TagType:BYTES */
+ ATTESTATION_ID_MANUFACTURER = (9 << 28) /* TagType:BYTES */ | 716,
/**
* Tag::ATTESTATION_ID_MODEL provides the device's model name, as returned by Build.MODEL in
@@ -753,7 +752,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- ATTESTATION_ID_MODEL = (9 << 28) | 717, /* TagType:BYTES */
+ ATTESTATION_ID_MODEL = (9 << 28) /* TagType:BYTES */ | 717,
/**
* Tag::VENDOR_PATCHLEVEL specifies the vendor image security patch level with which the key may
@@ -775,7 +774,7 @@
*
* Must be hardware-enforced.
*/
- VENDOR_PATCHLEVEL = (3 << 28) | 718, /* TagType:UINT */
+ VENDOR_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 718,
/**
* Tag::BOOT_PATCHLEVEL specifies the boot image (kernel) security patch level with which the
@@ -795,7 +794,7 @@
*
* Must be hardware-enforced.
*/
- BOOT_PATCHLEVEL = (3 << 28) | 719, /* TagType:UINT */
+ BOOT_PATCHLEVEL = (3 << 28) /* TagType:UINT */ | 719,
/**
* DEVICE_UNIQUE_ATTESTATION is an argument to IKeyMintDevice::attestKey(). It indicates that
@@ -811,7 +810,7 @@
* IKeyMintDevice implementations that support device-unique attestation MUST add the
* DEVICE_UNIQUE_ATTESTATION tag to device-unique attestations.
*/
- DEVICE_UNIQUE_ATTESTATION = (7 << 28) | 720, /* TagType:BOOL */
+ DEVICE_UNIQUE_ATTESTATION = (7 << 28) /* TagType:BOOL */ | 720,
/**
* IDENTITY_CREDENTIAL_KEY is never used by IKeyMintDevice, is not a valid argument to key
@@ -819,7 +818,7 @@
* attestation. It is used in attestations produced by the IIdentityCredential HAL when that
* HAL attests to Credential Keys. IIdentityCredential produces KeyMint-style attestations.
*/
- IDENTITY_CREDENTIAL_KEY = (7 << 28) | 721, /* TagType:BOOL */
+ IDENTITY_CREDENTIAL_KEY = (7 << 28) /* TagType:BOOL */ | 721,
/**
* To prevent keys from being compromised if an attacker acquires read access to system / kernel
@@ -836,7 +835,7 @@
* ErrorCode::INVALID_OPERATION is returned when a key with Tag::STORAGE_KEY is provided to
* begin().
*/
- STORAGE_KEY = (7 << 28) | 722, /* TagType:BOOL */
+ STORAGE_KEY = (7 << 28) /* TagType:BOOL */ | 722,
/**
* Tag::ASSOCIATED_DATA Provides "associated data" for AES-GCM encryption or decryption. This
@@ -845,7 +844,7 @@
*
* Must never appear KeyCharacteristics.
*/
- ASSOCIATED_DATA = (9 << 28) | 1000, /* TagType:BYTES */
+ ASSOCIATED_DATA = (9 << 28) /* TagType:BYTES */ | 1000,
/**
* Tag::NONCE is used to provide or return a nonce or Initialization Vector (IV) for AES-GCM,
@@ -860,7 +859,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- NONCE = (9 << 28) | 1001, /* TagType:BYTES */
+ NONCE = (9 << 28) /* TagType:BYTES */ | 1001,
/**
* Tag::MAC_LENGTH provides the requested length of a MAC or GCM authentication tag, in bits.
@@ -871,7 +870,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- MAC_LENGTH = (3 << 28) | 1003, /* TagType:UINT */
+ MAC_LENGTH = (3 << 28) /* TagType:UINT */ | 1003,
/**
* Tag::RESET_SINCE_ID_ROTATION specifies whether the device has been factory reset since the
@@ -879,7 +878,7 @@
*
* Must never appear in KeyCharacteristics.
*/
- RESET_SINCE_ID_ROTATION = (7 << 28) | 1004, /* TagType:BOOL */
+ RESET_SINCE_ID_ROTATION = (7 << 28) /* TagType:BOOL */ | 1004,
/**
* Tag::CONFIRMATION_TOKEN is used to deliver a cryptographic token proving that the user
@@ -888,5 +887,5 @@
*
* Must never appear in KeyCharacteristics.
*/
- CONFIRMATION_TOKEN = (9 << 28) | 1005, /* TagType:BYTES */
+ CONFIRMATION_TOKEN = (9 << 28) /* TagType:BYTES */ | 1005,
}