authorization_set.h revision c47c88f1a9ec3fce5e8116b9b5572b58783f56d0
15ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/* 25ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Copyright 2014 The Android Open Source Project 35ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * 45ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 55ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * you may not use this file except in compliance with the License. 65ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * You may obtain a copy of the License at 75ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * 85ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * http://www.apache.org/licenses/LICENSE-2.0 95ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * 105ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Unless required by applicable law or agreed to in writing, software 115ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 125ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 135ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * See the License for the specific language governing permissions and 145ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * limitations under the License. 155ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 165ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 17b10f3b26af1e3b382d9ef361b3eb5279d16a9c05Shawn Willden#ifndef SYSTEM_KEYMASTER_AUTHORIZATION_SET_H_ 18b10f3b26af1e3b382d9ef361b3eb5279d16a9c05Shawn Willden#define SYSTEM_KEYMASTER_AUTHORIZATION_SET_H_ 195ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 205ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden#include <UniquePtr.h> 215ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 22b9d584d3dacc8041e5502cd0d036e21895eb6dc6Shawn Willden#include <hardware/keymaster_defs.h> 2398d9b92547a9a7553b99e3e941a4175926f95b62Shawn Willden#include <keymaster/keymaster_tags.h> 2498d9b92547a9a7553b99e3e941a4175926f95b62Shawn Willden#include <keymaster/serializable.h> 255ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 265ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willdennamespace keymaster { 275ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 282c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdenclass AuthorizationSetBuilder; 292c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 305ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/** 315ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * A container that manages a set of keymaster_key_param_t objects, providing serialization, 325ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * de-serialization and accessors. 335ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 345ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willdenclass AuthorizationSet : public Serializable { 355ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden public: 365ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Construct an empty, dynamically-allocated, growable AuthorizationSet. Does not actually 385ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * allocate any storage until elements are added, so there is no cost to creating an 395ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * AuthorizationSet with this constructor and then reinitializing it to point at pre-allocated 405ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * buffers, with \p Reinitialize. 415ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 425ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden AuthorizationSet() 435ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden : elems_(NULL), elems_size_(0), elems_capacity_(0), indirect_data_(NULL), 44172f8c9be706e27f43022063bbc7f4b0177583acShawn Willden indirect_data_size_(0), indirect_data_capacity_(0), error_(OK) {} 455ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 465ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 475ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Construct an AuthorizationSet from the provided array. The AuthorizationSet copies the data 485ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * from the provided array (and the data referenced by its embedded pointers, if any) into 495ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * dynamically-allocated storage. If allocation of the needed storage fails, \p is_valid() will 505ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * return ALLOCATION_FAILURE. It is the responsibility of the caller to check before using the 515ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * set, if allocations might fail. 525ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 5358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden AuthorizationSet(const keymaster_key_param_t* elems, size_t count) 5458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden : elems_(NULL), indirect_data_(NULL) { 555ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden Reinitialize(elems, count); 565ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 575ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 58cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden AuthorizationSet(const keymaster_key_param_set_t& set) : elems_(NULL), indirect_data_(NULL) { 59cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden Reinitialize(set.params, set.length); 60cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden } 61cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden 6258e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden AuthorizationSet(const uint8_t* serialized_set, size_t serialized_size) 6358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden : elems_(NULL), indirect_data_(NULL) { 6458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden Deserialize(&serialized_set, serialized_set + serialized_size); 655ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 665ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 672c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden /** 682c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden * Construct an AuthorizationSet from the provided builder. This extracts the data from the 692c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden * builder, rather than copying it, so after this call the builder is empty. 702c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden */ 712c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSet(/* NOT const */ AuthorizationSetBuilder& builder); 722c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 7358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden // Copy constructor. 7458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden AuthorizationSet(const AuthorizationSet&); 7558e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 765ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 77941d1c4ad4422a796d90010191c11aef0580295eShawn Willden * Clear existing authorization set data 78941d1c4ad4422a796d90010191c11aef0580295eShawn Willden */ 79941d1c4ad4422a796d90010191c11aef0580295eShawn Willden void Clear(); 80941d1c4ad4422a796d90010191c11aef0580295eShawn Willden 81941d1c4ad4422a796d90010191c11aef0580295eShawn Willden /** 825ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Reinitialize an AuthorizationSet as a dynamically-allocated, growable copy of the data in the 835ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * provided array (and the data referenced by its embedded pointers, if any). If the allocation 845ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * of the needed storage fails this method will return false and \p is_valid() will return 855ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * ALLOCATION_FAILURE. 865ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 875ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool Reinitialize(const keymaster_key_param_t* elems, size_t count); 885ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 897636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden bool Reinitialize(const AuthorizationSet& set) { 907636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden return Reinitialize(set.elems_, set.elems_size_); 917636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden } 927636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden 9358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden ~AuthorizationSet(); 945ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 955ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden enum Error { 9658e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden OK, 975ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden ALLOCATION_FAILURE, 985ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden MALFORMED_DATA, 995ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden }; 1005ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 101172f8c9be706e27f43022063bbc7f4b0177583acShawn Willden Error is_valid() const { return error_; } 1025ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1035ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1045ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Returns the size of the set. 1055ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 106172f8c9be706e27f43022063bbc7f4b0177583acShawn Willden size_t size() const { return elems_size_; } 1077636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden 1087636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden /** 109370121346777e13437c275fbe7a975d899cc325cShawn Willden * Returns the total size of all indirect data referenced by set elements. 110370121346777e13437c275fbe7a975d899cc325cShawn Willden */ 111370121346777e13437c275fbe7a975d899cc325cShawn Willden size_t indirect_size() const { return indirect_data_size_; } 112370121346777e13437c275fbe7a975d899cc325cShawn Willden 113370121346777e13437c275fbe7a975d899cc325cShawn Willden /** 1147636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden * Returns the data in the set, directly. Be careful with this. 1157636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden */ 116be4a2a3e70ada1ee026eaffb7163211161396215Shawn Willden const keymaster_key_param_t* data() const { return elems_; } 117cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden 118cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 1192c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden * Sorts the set and removes duplicates (inadvertently duplicating tags is easy to do with the 1202c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden * AuthorizationSetBuilder). 1212c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden */ 1222c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden void Deduplicate(); 1232c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 1242c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden /** 125cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Returns the data in a keymaster_key_param_set_t, suitable for returning to C code. For C 126056ec1531752b6e8491269661581036a95c5d3e5Shawn Willden * compatibility, the contents are malloced, not new'ed, and so must be freed with free(), or 127056ec1531752b6e8491269661581036a95c5d3e5Shawn Willden * better yet with keymaster_free_param_set, not delete. The caller takes ownership. 128cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 129cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden void CopyToParamSet(keymaster_key_param_set_t* set) const; 1305ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1315ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1325ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Returns the offset of the next entry that matches \p tag, starting from the element after \p 1335ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * begin. If not found, returns -1. 1345ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1355ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden int find(keymaster_tag_t tag, int begin = -1) const; 1365ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1383e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration 1393e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden */ 1403e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden const keymaster_key_param_t* begin() const { return elems_; } 1413e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden 1423e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden /** 1433e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * Returns iterator (pointer) one past end of elems array, to enable STL-style iteration 1443e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden */ 1453e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden const keymaster_key_param_t* end() const { return elems_ + elems_size_; } 1463e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden 1473e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden /** 1485ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Returns the nth element of the set. 1495ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1505ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden keymaster_key_param_t operator[](int n) const; 1515ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1525ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1531fa5d591fe6807665092753a5628d8d470888da4Shawn Willden * Returns the number of \p tag entries. 1541fa5d591fe6807665092753a5628d8d470888da4Shawn Willden */ 1551fa5d591fe6807665092753a5628d8d470888da4Shawn Willden size_t GetTagCount(keymaster_tag_t tag) const; 1561fa5d591fe6807665092753a5628d8d470888da4Shawn Willden 1571fa5d591fe6807665092753a5628d8d470888da4Shawn Willden /** 1585ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified integer-typed \p tag exists, places its value in \p val and returns true. 1595ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If \p tag is not present, leaves \p val unmodified and returns false. 1605ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1615ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t T> 1625ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden inline bool GetTagValue(TypedTag<KM_INT, T> tag, uint32_t* val) const { 1635ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueInt(tag, val); 1645ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 1655ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1665ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1675ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified instance of the specified integer-typed \p tag exists, places its value 1685ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns 1695ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * false. 1705ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1715ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> 1725ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<KM_INT_REP, Tag> tag, size_t instance, uint32_t* val) const { 1735ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueIntRep(tag, instance, val); 1745ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 1755ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1765ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1775ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified long-typed \p tag exists, places its value in \p val and returns true. 1785ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If \p tag is not present, leaves \p val unmodified and returns false. 1795ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1805ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t T> 1815ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden inline bool GetTagValue(TypedTag<KM_LONG, T> tag, uint64_t* val) const { 1825ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueLong(tag, val); 1835ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 1845ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1855ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 186eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden * If the specified instance of the specified integer-typed \p tag exists, places its value 187eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns 188eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden * false. 189eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden */ 190eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden template <keymaster_tag_t Tag> 191eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden bool GetTagValue(TypedTag<KM_LONG_REP, Tag> tag, size_t instance, uint64_t* val) const { 192eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden return GetTagValueLongRep(tag, instance, val); 193eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden } 194eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden 195eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden /** 1965ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified enumeration-typed \p tag exists, places its value in \p val and returns 1975ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * true. If \p tag is not present, leaves \p val unmodified and returns false. 1985ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1995ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, typename T> 2005ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedEnumTag<KM_ENUM, Tag, T> tag, T* val) const { 2015ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueEnum(tag, reinterpret_cast<uint32_t*>(val)); 2025ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2035ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2045ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 2055ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified instance of the specified enumeration-typed \p tag exists, places its value 2065ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns 2075ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * false. 2085ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2095ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, typename T> 2105ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedEnumTag<KM_ENUM_REP, Tag, T> tag, size_t instance, T* val) const { 2115ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueEnumRep(tag, instance, reinterpret_cast<uint32_t*>(val)); 2125ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2135ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2145ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 2155ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified date-typed \p tag exists, places its value in \p val and returns 2165ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * true. If \p tag is not present, leaves \p val unmodified and returns false. 2175ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2185ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> 2195ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<KM_INT_REP, Tag> tag, size_t instance, 2205ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden typename TypedTag<KM_INT_REP, Tag>::value_type* val) const { 2215ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueIntRep(tag, instance, val); 2225ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2235ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2245ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 2255ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified bytes-typed \p tag exists, places its value in \p val and returns 2265ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * true. If \p tag is not present, leaves \p val unmodified and returns false. 2275ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2285ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> 2295ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<KM_BYTES, Tag> tag, keymaster_blob_t* val) const { 2305ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueBlob(tag, val); 2315ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2325ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2335ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 2345ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified bignum-typed \p tag exists, places its value in \p val and returns 2355ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * true. If \p tag is not present, leaves \p val unmodified and returns false. 2365ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> 2385ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<KM_BIGNUM, Tag> tag, keymaster_blob_t* val) const { 23928e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden return GetTagValueBlob(tag, val); 2405ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2415ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2425ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 243dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden * Returns true if the specified tag is present, and therefore has the value 'true'. 244dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden */ 2452c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> bool GetTagValue(TypedTag<KM_BOOL, Tag> tag) const { 246dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden return GetTagValueBool(tag); 247dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden } 248dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden 249dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden /** 2505ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified \p tag exists, places its value in \p val and returns true. If \p tag is 2515ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * not present, leaves \p val unmodified and returns false. 2525ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2535ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, keymaster_tag_type_t Type> 2545ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<Type, Tag> tag, typename TagValueType<Type>::value_type* val) const { 2555ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueLong(tag, val); 2565ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2575ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2585ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool push_back(keymaster_key_param_t elem); 2595ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 260370121346777e13437c275fbe7a975d899cc325cShawn Willden /** 261370121346777e13437c275fbe7a975d899cc325cShawn Willden * Grow the elements array to ensure it can contain \p count entries. Preserves any existing 262370121346777e13437c275fbe7a975d899cc325cShawn Willden * entries. 263370121346777e13437c275fbe7a975d899cc325cShawn Willden */ 264370121346777e13437c275fbe7a975d899cc325cShawn Willden bool reserve_elems(size_t count); 265370121346777e13437c275fbe7a975d899cc325cShawn Willden 266370121346777e13437c275fbe7a975d899cc325cShawn Willden /** 267370121346777e13437c275fbe7a975d899cc325cShawn Willden * Grow the indirect data array to ensure it can contain \p length bytes. Preserves any 268370121346777e13437c275fbe7a975d899cc325cShawn Willden * existing indirect data. 269370121346777e13437c275fbe7a975d899cc325cShawn Willden */ 270370121346777e13437c275fbe7a975d899cc325cShawn Willden bool reserve_indirect(size_t length); 271370121346777e13437c275fbe7a975d899cc325cShawn Willden 272370121346777e13437c275fbe7a975d899cc325cShawn Willden bool push_back(const AuthorizationSet& set); 273370121346777e13437c275fbe7a975d899cc325cShawn Willden 274cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 275cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the tag and enumerated value to the set. 276cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 2775ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, keymaster_tag_type_t Type, typename KeymasterEnum> 2785ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool push_back(TypedEnumTag<Type, Tag, KeymasterEnum> tag, KeymasterEnum val) { 2795ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return push_back(Authorization(tag, val)); 2805ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2815ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 282cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 283cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the boolean tag (value "true") to the set. 284cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 2855ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> bool push_back(TypedTag<KM_BOOL, Tag> tag) { 2865ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return push_back(Authorization(tag)); 2875ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2885ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 289cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 290cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the tag and byte array to the set. Copies the array into internal storage; does not 291cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * take ownership of the passed-in array. 292cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 2937636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden template <keymaster_tag_t Tag> 2947636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden bool push_back(TypedTag<KM_BYTES, Tag> tag, const void* bytes, size_t bytes_len) { 2957636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden return push_back(keymaster_param_blob(tag, static_cast<const uint8_t*>(bytes), bytes_len)); 2967636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden } 2977636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden 298cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 299cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the tag and blob to the set. Copies the blob contents into internal storage; does not 300cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * take ownership of the blob's data. 301cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 302cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden template <keymaster_tag_t Tag> 303cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden bool push_back(TypedTag<KM_BYTES, Tag> tag, const keymaster_blob_t& blob) { 304cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden return push_back(tag, blob.data, blob.data_length); 305cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden } 306cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden 307cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 308cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the tag and bignum array to the set. Copies the array into internal storage; does not 309cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * take ownership of the passed-in array. 310cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 3117636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden template <keymaster_tag_t Tag> 3127636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden bool push_back(TypedTag<KM_BIGNUM, Tag> tag, const void* bytes, size_t bytes_len) { 3137636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden return push_back(keymaster_param_blob(tag, static_cast<const uint8_t*>(bytes), bytes_len)); 3147636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden } 3157636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden 3165ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, keymaster_tag_type_t Type> 3175ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool push_back(TypedTag<Type, Tag> tag, typename TypedTag<Type, Tag>::value_type val) { 3185ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return push_back(Authorization(tag, val)); 3195ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 3205ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3215ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, keymaster_tag_type_t Type> 3225ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool push_back(TypedTag<Type, Tag> tag, const void* bytes, size_t bytes_len) { 3235ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return push_back(Authorization(tag, bytes, bytes_len)); 3245ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 3255ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 32658e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden /* Virtual methods from Serializable */ 32758e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden size_t SerializedSize() const; 32858e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden uint8_t* Serialize(uint8_t* serialized_set, const uint8_t* end) const; 329172f8c9be706e27f43022063bbc7f4b0177583acShawn Willden bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end); 3305ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3318d336ae10df66da4c0433f17c2d42e85baea32c5Shawn Willden size_t SerializedSizeOfElements() const; 3328d336ae10df66da4c0433f17c2d42e85baea32c5Shawn Willden 3335ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden private: 33458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden // Disallow assignment 33558e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden void operator=(const AuthorizationSet&); 33658e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 3375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden void FreeData(); 3385ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden void set_invalid(Error err); 3395ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3405ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden static size_t ComputeIndirectDataSize(const keymaster_key_param_t* elems, size_t count); 3415ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden void CopyIndirectData(); 3428d336ae10df66da4c0433f17c2d42e85baea32c5Shawn Willden bool CheckIndirectData(); 3435ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 344370121346777e13437c275fbe7a975d899cc325cShawn Willden bool DeserializeIndirectData(const uint8_t** buf_ptr, const uint8_t* end); 345370121346777e13437c275fbe7a975d899cc325cShawn Willden bool DeserializeElementsData(const uint8_t** buf_ptr, const uint8_t* end); 346370121346777e13437c275fbe7a975d899cc325cShawn Willden 3475ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueEnum(keymaster_tag_t tag, uint32_t* val) const; 3485ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueEnumRep(keymaster_tag_t tag, size_t instance, uint32_t* val) const; 3495ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueInt(keymaster_tag_t tag, uint32_t* val) const; 3505ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueIntRep(keymaster_tag_t tag, size_t instance, uint32_t* val) const; 3515ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueLong(keymaster_tag_t tag, uint64_t* val) const; 352eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden bool GetTagValueLongRep(keymaster_tag_t tag, size_t instance, uint64_t* val) const; 3535ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueDate(keymaster_tag_t tag, uint64_t* val) const; 3545ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueBlob(keymaster_tag_t tag, keymaster_blob_t* val) const; 355dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden bool GetTagValueBool(keymaster_tag_t tag) const; 3565ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3575ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden keymaster_key_param_t* elems_; 3585ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden size_t elems_size_; 3595ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden size_t elems_capacity_; 3605ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden uint8_t* indirect_data_; 3615ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden size_t indirect_data_size_; 3625ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden size_t indirect_data_capacity_; 3635ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden Error error_; 3645ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden}; 3655ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3662c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdenclass AuthorizationSetBuilder { 3672c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden public: 3682c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <typename TagType, typename ValueType> 3692c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TagType tag, ValueType value) { 3702c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.push_back(tag, value); 3712c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 3722c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 3732c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 3742c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> 3752c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TypedTag<KM_BOOL, Tag> tag) { 3762c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.push_back(tag); 3772c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 3782c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 3792c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 3802c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> 3812c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TypedTag<KM_INVALID, Tag> tag) { 3822c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_key_param_t param; 3832c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden param.tag = tag; 3842c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.push_back(param); 3852c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 3862c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 3872c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 3882c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> 3892c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TypedTag<KM_BYTES, Tag> tag, const uint8_t* data, 3902c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden size_t data_length) { 3912c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.push_back(tag, data, data_length); 3922c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 3932c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 3942c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 3952c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> 3962c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TypedTag<KM_BYTES, Tag> tag, const char* data, 3972c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden size_t data_length) { 3982c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(tag, reinterpret_cast<const uint8_t*>(data), data_length); 3992c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 4002c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4012c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& RsaKey(uint32_t key_size, uint64_t public_exponent); 4022c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& EcdsaKey(uint32_t key_size); 4032c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& AesKey(uint32_t key_size); 4042c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& HmacKey(uint32_t key_size, keymaster_digest_t digest, 4052c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden uint32_t mac_length); 4062c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4072c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& RsaSigningKey(uint32_t key_size, uint64_t public_exponent, 4082c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_digest_t digest, keymaster_padding_t padding); 4092c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4102c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& RsaEncryptionKey(uint32_t key_size, uint64_t public_exponent, 4112c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_padding_t padding); 4122c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 41384b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn Willden AuthorizationSetBuilder& EcdsaSigningKey(uint32_t key_size, keymaster_digest_t digest); 4142c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& AesEncryptionKey(uint32_t key_size); 4152c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& SigningKey(); 4162c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& EncryptionKey(); 4172c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& NoDigestOrPadding(); 418c47c88f1a9ec3fce5e8116b9b5572b58783f56d0Shawn Willden AuthorizationSetBuilder& EcbMode(); 4192c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4202c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Deduplicate() { 4212c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.Deduplicate(); 4222c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 4232c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 4242c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4252c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSet build() const { return set; } 4262c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4272c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden private: 4282c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden friend AuthorizationSet; 4292c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSet set; 4302c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden}; 4312c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4322c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::RsaKey(uint32_t key_size, 4332c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden uint64_t public_exponent) { 4342c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA); 4352c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_KEY_SIZE, key_size); 4362c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent); 4372c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 4382c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4392c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4402c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::EcdsaKey(uint32_t key_size) { 4419c65b2bd1978a918b52a459596dafc7dde992416Shawn Willden Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC); 4422c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_KEY_SIZE, key_size); 4432c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 4442c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4452c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4462c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::AesKey(uint32_t key_size) { 4472c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES); 4482c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_KEY_SIZE, key_size); 4492c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4502c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4512c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::HmacKey(uint32_t key_size, 4522c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_digest_t digest, 4532c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden uint32_t mac_length) { 4542c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_ALGORITHM, KM_ALGORITHM_HMAC); 4552c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_KEY_SIZE, key_size); 4562c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden SigningKey(); 4572c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_DIGEST, digest); 4582c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_MAC_LENGTH, mac_length); 4592c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4602c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4612c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& 4622c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn WilldenAuthorizationSetBuilder::RsaSigningKey(uint32_t key_size, uint64_t public_exponent, 4632c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_digest_t digest, keymaster_padding_t padding) { 4642c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden RsaKey(key_size, public_exponent); 4652c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden SigningKey(); 4662c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_DIGEST, digest); 4672c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PADDING, padding); 4682c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4692c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4702c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& 4712c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn WilldenAuthorizationSetBuilder::RsaEncryptionKey(uint32_t key_size, uint64_t public_exponent, 4722c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_padding_t padding) { 4732c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden RsaKey(key_size, public_exponent); 4742c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden EncryptionKey(); 4752c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PADDING, padding); 4762c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4772c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 47884b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn Willdeninline AuthorizationSetBuilder& 47984b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn WilldenAuthorizationSetBuilder::EcdsaSigningKey(uint32_t key_size, keymaster_digest_t digest) { 4802c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden EcdsaKey(key_size); 48184b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn Willden SigningKey(); 48284b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn Willden return Authorization(TAG_DIGEST, digest); 4832c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4842c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4852c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::AesEncryptionKey(uint32_t key_size) { 4862c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AesKey(key_size); 4872c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return EncryptionKey(); 4882c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4892c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4902c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::SigningKey() { 4912c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN); 4922c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY); 4932c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4942c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4952c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::EncryptionKey() { 4962c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT); 4972c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT); 4982c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4992c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 5002c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::NoDigestOrPadding() { 5012c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_DIGEST, KM_DIGEST_NONE); 5022c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PADDING, KM_PAD_NONE); 5032c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 5042c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 505c47c88f1a9ec3fce5e8116b9b5572b58783f56d0Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::EcbMode() { 506c47c88f1a9ec3fce5e8116b9b5572b58783f56d0Shawn Willden return Authorization(TAG_BLOCK_MODE, KM_MODE_ECB); 5072c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 5082c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 5095ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden} // namespace keymaster 5105ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 511b10f3b26af1e3b382d9ef361b3eb5279d16a9c05Shawn Willden#endif // SYSTEM_KEYMASTER_KEY_AUTHORIZATION_SET_H_ 512