authorization_set.h revision d9d7acff7c43f52ebd038eb77afd67d597844b35
15ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/* 25ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Copyright 2014 The Android Open Source Project 35ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * 45ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 55ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * you may not use this file except in compliance with the License. 65ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * You may obtain a copy of the License at 75ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * 85ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * http://www.apache.org/licenses/LICENSE-2.0 95ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * 105ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Unless required by applicable law or agreed to in writing, software 115ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 125ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 135ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * See the License for the specific language governing permissions and 145ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * limitations under the License. 155ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 165ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 17b10f3b26af1e3b382d9ef361b3eb5279d16a9c05Shawn Willden#ifndef SYSTEM_KEYMASTER_AUTHORIZATION_SET_H_ 18b10f3b26af1e3b382d9ef361b3eb5279d16a9c05Shawn Willden#define SYSTEM_KEYMASTER_AUTHORIZATION_SET_H_ 195ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 205ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden#include <UniquePtr.h> 215ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 22b9d584d3dacc8041e5502cd0d036e21895eb6dc6Shawn Willden#include <hardware/keymaster_defs.h> 2398d9b92547a9a7553b99e3e941a4175926f95b62Shawn Willden#include <keymaster/keymaster_tags.h> 2498d9b92547a9a7553b99e3e941a4175926f95b62Shawn Willden#include <keymaster/serializable.h> 255ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 265ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willdennamespace keymaster { 275ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 282c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdenclass AuthorizationSetBuilder; 292c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 305ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/** 315ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * A container that manages a set of keymaster_key_param_t objects, providing serialization, 325ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * de-serialization and accessors. 335ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 345ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willdenclass AuthorizationSet : public Serializable { 355ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden public: 365ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Construct an empty, dynamically-allocated, growable AuthorizationSet. Does not actually 385ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * allocate any storage until elements are added, so there is no cost to creating an 395ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * AuthorizationSet with this constructor and then reinitializing it to point at pre-allocated 405ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * buffers, with \p Reinitialize. 415ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 425ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden AuthorizationSet() 435ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden : elems_(NULL), elems_size_(0), elems_capacity_(0), indirect_data_(NULL), 44172f8c9be706e27f43022063bbc7f4b0177583acShawn Willden indirect_data_size_(0), indirect_data_capacity_(0), error_(OK) {} 455ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 465ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 475ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Construct an AuthorizationSet from the provided array. The AuthorizationSet copies the data 485ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * from the provided array (and the data referenced by its embedded pointers, if any) into 495ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * dynamically-allocated storage. If allocation of the needed storage fails, \p is_valid() will 505ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * return ALLOCATION_FAILURE. It is the responsibility of the caller to check before using the 515ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * set, if allocations might fail. 525ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 5358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden AuthorizationSet(const keymaster_key_param_t* elems, size_t count) 5458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden : elems_(NULL), indirect_data_(NULL) { 555ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden Reinitialize(elems, count); 565ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 575ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 58cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden AuthorizationSet(const keymaster_key_param_set_t& set) : elems_(NULL), indirect_data_(NULL) { 59cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden Reinitialize(set.params, set.length); 60cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden } 61cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden 6258e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden AuthorizationSet(const uint8_t* serialized_set, size_t serialized_size) 6358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden : elems_(NULL), indirect_data_(NULL) { 6458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden Deserialize(&serialized_set, serialized_set + serialized_size); 655ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 665ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 672c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden /** 682c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden * Construct an AuthorizationSet from the provided builder. This extracts the data from the 692c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden * builder, rather than copying it, so after this call the builder is empty. 702c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden */ 712c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSet(/* NOT const */ AuthorizationSetBuilder& builder); 722c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 7358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden // Copy constructor. 7458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden AuthorizationSet(const AuthorizationSet&); 7558e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 765ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 77941d1c4ad4422a796d90010191c11aef0580295eShawn Willden * Clear existing authorization set data 78941d1c4ad4422a796d90010191c11aef0580295eShawn Willden */ 79941d1c4ad4422a796d90010191c11aef0580295eShawn Willden void Clear(); 80941d1c4ad4422a796d90010191c11aef0580295eShawn Willden 81941d1c4ad4422a796d90010191c11aef0580295eShawn Willden /** 825ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Reinitialize an AuthorizationSet as a dynamically-allocated, growable copy of the data in the 835ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * provided array (and the data referenced by its embedded pointers, if any). If the allocation 845ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * of the needed storage fails this method will return false and \p is_valid() will return 855ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * ALLOCATION_FAILURE. 865ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 875ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool Reinitialize(const keymaster_key_param_t* elems, size_t count); 885ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 897636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden bool Reinitialize(const AuthorizationSet& set) { 907636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden return Reinitialize(set.elems_, set.elems_size_); 917636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden } 927636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden 9358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden ~AuthorizationSet(); 945ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 955ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden enum Error { 9658e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden OK, 975ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden ALLOCATION_FAILURE, 985ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden MALFORMED_DATA, 995ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden }; 1005ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 101172f8c9be706e27f43022063bbc7f4b0177583acShawn Willden Error is_valid() const { return error_; } 1025ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1035ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1045ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Returns the size of the set. 1055ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 106172f8c9be706e27f43022063bbc7f4b0177583acShawn Willden size_t size() const { return elems_size_; } 1077636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden 1087636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden /** 109370121346777e13437c275fbe7a975d899cc325cShawn Willden * Returns the total size of all indirect data referenced by set elements. 110370121346777e13437c275fbe7a975d899cc325cShawn Willden */ 111370121346777e13437c275fbe7a975d899cc325cShawn Willden size_t indirect_size() const { return indirect_data_size_; } 112370121346777e13437c275fbe7a975d899cc325cShawn Willden 113370121346777e13437c275fbe7a975d899cc325cShawn Willden /** 1147636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden * Returns the data in the set, directly. Be careful with this. 1157636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden */ 116be4a2a3e70ada1ee026eaffb7163211161396215Shawn Willden const keymaster_key_param_t* data() const { return elems_; } 117cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden 118cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 1192c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden * Sorts the set and removes duplicates (inadvertently duplicating tags is easy to do with the 1202c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden * AuthorizationSetBuilder). 1212c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden */ 1222c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden void Deduplicate(); 1232c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 1242c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden /** 125cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Returns the data in a keymaster_key_param_set_t, suitable for returning to C code. For C 126056ec1531752b6e8491269661581036a95c5d3e5Shawn Willden * compatibility, the contents are malloced, not new'ed, and so must be freed with free(), or 127056ec1531752b6e8491269661581036a95c5d3e5Shawn Willden * better yet with keymaster_free_param_set, not delete. The caller takes ownership. 128cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 129cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden void CopyToParamSet(keymaster_key_param_set_t* set) const; 1305ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1315ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1325ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Returns the offset of the next entry that matches \p tag, starting from the element after \p 1335ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * begin. If not found, returns -1. 1345ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1355ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden int find(keymaster_tag_t tag, int begin = -1) const; 1365ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1383e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration 1393e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden */ 1403e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden const keymaster_key_param_t* begin() const { return elems_; } 1413e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden 1423e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden /** 1433e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * Returns iterator (pointer) one past end of elems array, to enable STL-style iteration 1443e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden */ 1453e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden const keymaster_key_param_t* end() const { return elems_ + elems_size_; } 1463e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden 1473e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden /** 1485ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Returns the nth element of the set. 1495ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1505ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden keymaster_key_param_t operator[](int n) const; 1515ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1525ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1531fa5d591fe6807665092753a5628d8d470888da4Shawn Willden * Returns the number of \p tag entries. 1541fa5d591fe6807665092753a5628d8d470888da4Shawn Willden */ 1551fa5d591fe6807665092753a5628d8d470888da4Shawn Willden size_t GetTagCount(keymaster_tag_t tag) const; 1561fa5d591fe6807665092753a5628d8d470888da4Shawn Willden 1571fa5d591fe6807665092753a5628d8d470888da4Shawn Willden /** 1585ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified integer-typed \p tag exists, places its value in \p val and returns true. 1595ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If \p tag is not present, leaves \p val unmodified and returns false. 1605ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1615ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t T> 1625ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden inline bool GetTagValue(TypedTag<KM_INT, T> tag, uint32_t* val) const { 1635ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueInt(tag, val); 1645ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 1655ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1665ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1675ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified instance of the specified integer-typed \p tag exists, places its value 1685ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns 1695ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * false. 1705ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1715ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> 1725ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<KM_INT_REP, Tag> tag, size_t instance, uint32_t* val) const { 1735ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueIntRep(tag, instance, val); 1745ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 1755ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1765ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 1775ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified long-typed \p tag exists, places its value in \p val and returns true. 1785ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If \p tag is not present, leaves \p val unmodified and returns false. 1795ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1805ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t T> 1815ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden inline bool GetTagValue(TypedTag<KM_LONG, T> tag, uint64_t* val) const { 1825ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueLong(tag, val); 1835ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 1845ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 1855ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 186eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden * If the specified instance of the specified integer-typed \p tag exists, places its value 187eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns 188eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden * false. 189eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden */ 190eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden template <keymaster_tag_t Tag> 191eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden bool GetTagValue(TypedTag<KM_LONG_REP, Tag> tag, size_t instance, uint64_t* val) const { 192eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden return GetTagValueLongRep(tag, instance, val); 193eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden } 194eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden 195eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden /** 1965ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified enumeration-typed \p tag exists, places its value in \p val and returns 1975ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * true. If \p tag is not present, leaves \p val unmodified and returns false. 1985ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 1995ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, typename T> 2005ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedEnumTag<KM_ENUM, Tag, T> tag, T* val) const { 2015ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueEnum(tag, reinterpret_cast<uint32_t*>(val)); 2025ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2035ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2045ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 2055ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified instance of the specified enumeration-typed \p tag exists, places its value 2065ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns 2075ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * false. 2085ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2095ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, typename T> 2105ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedEnumTag<KM_ENUM_REP, Tag, T> tag, size_t instance, T* val) const { 2115ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueEnumRep(tag, instance, reinterpret_cast<uint32_t*>(val)); 2125ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2135ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2145ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 215d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden * If exactly one instance of the specified enumeration-typed \p tag exists, places its value in 216d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden * \p val and returns true. If \p tag is not present or if multiple copies are present, leaves 217d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden * \p val unmodified and returns false. 218d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden */ 219d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden template <keymaster_tag_t Tag, typename T> 220d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden bool GetTagValue(TypedEnumTag<KM_ENUM_REP, Tag, T> tag, T* val) const { 221d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden if (GetTagCount(tag) != 1) 222d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden return false; 223d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden return GetTagValueEnumRep(tag, 0, reinterpret_cast<uint32_t*>(val)); 224d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden } 225d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden 226d9d7acff7c43f52ebd038eb77afd67d597844b35Shawn Willden /** 2275ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified date-typed \p tag exists, places its value in \p val and returns 2285ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * true. If \p tag is not present, leaves \p val unmodified and returns false. 2295ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2305ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> 2315ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<KM_INT_REP, Tag> tag, size_t instance, 2325ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden typename TypedTag<KM_INT_REP, Tag>::value_type* val) const { 2335ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueIntRep(tag, instance, val); 2345ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2355ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2365ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 2375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified bytes-typed \p tag exists, places its value in \p val and returns 2385ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * true. If \p tag is not present, leaves \p val unmodified and returns false. 2395ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2405ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> 2415ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<KM_BYTES, Tag> tag, keymaster_blob_t* val) const { 2425ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueBlob(tag, val); 2435ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2445ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2455ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 2465ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified bignum-typed \p tag exists, places its value in \p val and returns 2475ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * true. If \p tag is not present, leaves \p val unmodified and returns false. 2485ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2495ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> 2505ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<KM_BIGNUM, Tag> tag, keymaster_blob_t* val) const { 25128e41475a2559824a0f3f2c850ed92a65c586f95Shawn Willden return GetTagValueBlob(tag, val); 2525ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2535ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2545ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden /** 255dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden * Returns true if the specified tag is present, and therefore has the value 'true'. 256dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden */ 2572c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> bool GetTagValue(TypedTag<KM_BOOL, Tag> tag) const { 258dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden return GetTagValueBool(tag); 259dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden } 260dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden 261dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden /** 2625ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * If the specified \p tag exists, places its value in \p val and returns true. If \p tag is 2635ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * not present, leaves \p val unmodified and returns false. 2645ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 2655ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, keymaster_tag_type_t Type> 2665ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValue(TypedTag<Type, Tag> tag, typename TagValueType<Type>::value_type* val) const { 2675ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return GetTagValueLong(tag, val); 2685ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2695ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 2705ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool push_back(keymaster_key_param_t elem); 2715ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 272370121346777e13437c275fbe7a975d899cc325cShawn Willden /** 273370121346777e13437c275fbe7a975d899cc325cShawn Willden * Grow the elements array to ensure it can contain \p count entries. Preserves any existing 274370121346777e13437c275fbe7a975d899cc325cShawn Willden * entries. 275370121346777e13437c275fbe7a975d899cc325cShawn Willden */ 276370121346777e13437c275fbe7a975d899cc325cShawn Willden bool reserve_elems(size_t count); 277370121346777e13437c275fbe7a975d899cc325cShawn Willden 278370121346777e13437c275fbe7a975d899cc325cShawn Willden /** 279370121346777e13437c275fbe7a975d899cc325cShawn Willden * Grow the indirect data array to ensure it can contain \p length bytes. Preserves any 280370121346777e13437c275fbe7a975d899cc325cShawn Willden * existing indirect data. 281370121346777e13437c275fbe7a975d899cc325cShawn Willden */ 282370121346777e13437c275fbe7a975d899cc325cShawn Willden bool reserve_indirect(size_t length); 283370121346777e13437c275fbe7a975d899cc325cShawn Willden 284370121346777e13437c275fbe7a975d899cc325cShawn Willden bool push_back(const AuthorizationSet& set); 285370121346777e13437c275fbe7a975d899cc325cShawn Willden 286cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 287cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the tag and enumerated value to the set. 288cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 2895ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, keymaster_tag_type_t Type, typename KeymasterEnum> 2905ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool push_back(TypedEnumTag<Type, Tag, KeymasterEnum> tag, KeymasterEnum val) { 2915ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return push_back(Authorization(tag, val)); 2925ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 2935ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 294cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 295cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the boolean tag (value "true") to the set. 296cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 2975ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag> bool push_back(TypedTag<KM_BOOL, Tag> tag) { 2985ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return push_back(Authorization(tag)); 2995ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 3005ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 301cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 302cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the tag and byte array to the set. Copies the array into internal storage; does not 303cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * take ownership of the passed-in array. 304cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 3057636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden template <keymaster_tag_t Tag> 3067636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden bool push_back(TypedTag<KM_BYTES, Tag> tag, const void* bytes, size_t bytes_len) { 3077636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden return push_back(keymaster_param_blob(tag, static_cast<const uint8_t*>(bytes), bytes_len)); 3087636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden } 3097636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden 310cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 311cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the tag and blob to the set. Copies the blob contents into internal storage; does not 312cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * take ownership of the blob's data. 313cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 314cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden template <keymaster_tag_t Tag> 315cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden bool push_back(TypedTag<KM_BYTES, Tag> tag, const keymaster_blob_t& blob) { 316cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden return push_back(tag, blob.data, blob.data_length); 317cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden } 318cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden 319cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden /** 320cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * Append the tag and bignum array to the set. Copies the array into internal storage; does not 321cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden * take ownership of the passed-in array. 322cb0d64b02d0df2b9eb692c5b0ea5c36db1000e9aShawn Willden */ 3237636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden template <keymaster_tag_t Tag> 3247636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden bool push_back(TypedTag<KM_BIGNUM, Tag> tag, const void* bytes, size_t bytes_len) { 3257636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden return push_back(keymaster_param_blob(tag, static_cast<const uint8_t*>(bytes), bytes_len)); 3267636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden } 3277636471bd1c553ac179f0dddc17133491d0e1fafShawn Willden 3285ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, keymaster_tag_type_t Type> 3295ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool push_back(TypedTag<Type, Tag> tag, typename TypedTag<Type, Tag>::value_type val) { 3305ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return push_back(Authorization(tag, val)); 3315ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 3325ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3335ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden template <keymaster_tag_t Tag, keymaster_tag_type_t Type> 3345ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool push_back(TypedTag<Type, Tag> tag, const void* bytes, size_t bytes_len) { 3355ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return push_back(Authorization(tag, bytes, bytes_len)); 3365ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 3375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 33858e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden /* Virtual methods from Serializable */ 33958e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden size_t SerializedSize() const; 34058e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden uint8_t* Serialize(uint8_t* serialized_set, const uint8_t* end) const; 341172f8c9be706e27f43022063bbc7f4b0177583acShawn Willden bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end); 3425ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3438d336ae10df66da4c0433f17c2d42e85baea32c5Shawn Willden size_t SerializedSizeOfElements() const; 3448d336ae10df66da4c0433f17c2d42e85baea32c5Shawn Willden 3455ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden private: 34658e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden // Disallow assignment 34758e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden void operator=(const AuthorizationSet&); 34858e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 3495ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden void FreeData(); 3505ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden void set_invalid(Error err); 3515ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3525ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden static size_t ComputeIndirectDataSize(const keymaster_key_param_t* elems, size_t count); 3535ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden void CopyIndirectData(); 3548d336ae10df66da4c0433f17c2d42e85baea32c5Shawn Willden bool CheckIndirectData(); 3555ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 356370121346777e13437c275fbe7a975d899cc325cShawn Willden bool DeserializeIndirectData(const uint8_t** buf_ptr, const uint8_t* end); 357370121346777e13437c275fbe7a975d899cc325cShawn Willden bool DeserializeElementsData(const uint8_t** buf_ptr, const uint8_t* end); 358370121346777e13437c275fbe7a975d899cc325cShawn Willden 3595ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueEnum(keymaster_tag_t tag, uint32_t* val) const; 3605ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueEnumRep(keymaster_tag_t tag, size_t instance, uint32_t* val) const; 3615ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueInt(keymaster_tag_t tag, uint32_t* val) const; 3625ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueIntRep(keymaster_tag_t tag, size_t instance, uint32_t* val) const; 3635ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueLong(keymaster_tag_t tag, uint64_t* val) const; 364eb63b9799eadcaa6ef206f8b804d7432e0dab14aShawn Willden bool GetTagValueLongRep(keymaster_tag_t tag, size_t instance, uint64_t* val) const; 3655ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueDate(keymaster_tag_t tag, uint64_t* val) const; 3665ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden bool GetTagValueBlob(keymaster_tag_t tag, keymaster_blob_t* val) const; 367dfa1c030e941cba4e66b362854d84b19298353c9Shawn Willden bool GetTagValueBool(keymaster_tag_t tag) const; 3685ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3695ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden keymaster_key_param_t* elems_; 3705ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden size_t elems_size_; 3715ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden size_t elems_capacity_; 3725ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden uint8_t* indirect_data_; 3735ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden size_t indirect_data_size_; 3745ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden size_t indirect_data_capacity_; 3755ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden Error error_; 3765ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden}; 3775ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 3782c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdenclass AuthorizationSetBuilder { 3792c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden public: 3802c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <typename TagType, typename ValueType> 3812c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TagType tag, ValueType value) { 3822c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.push_back(tag, value); 3832c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 3842c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 3852c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 3862c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> 3872c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TypedTag<KM_BOOL, Tag> tag) { 3882c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.push_back(tag); 3892c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 3902c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 3912c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 3922c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> 3932c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TypedTag<KM_INVALID, Tag> tag) { 3942c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_key_param_t param; 3952c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden param.tag = tag; 3962c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.push_back(param); 3972c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 3982c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 3992c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4002c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> 4012c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TypedTag<KM_BYTES, Tag> tag, const uint8_t* data, 4022c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden size_t data_length) { 4032c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.push_back(tag, data, data_length); 4042c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 4052c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 4062c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4072c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden template <keymaster_tag_t Tag> 4082c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Authorization(TypedTag<KM_BYTES, Tag> tag, const char* data, 4092c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden size_t data_length) { 4102c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(tag, reinterpret_cast<const uint8_t*>(data), data_length); 4112c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 4122c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4132c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& RsaKey(uint32_t key_size, uint64_t public_exponent); 4142c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& EcdsaKey(uint32_t key_size); 4152c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& AesKey(uint32_t key_size); 4162c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& HmacKey(uint32_t key_size, keymaster_digest_t digest, 4172c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden uint32_t mac_length); 4182c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4192c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& RsaSigningKey(uint32_t key_size, uint64_t public_exponent, 4202c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_digest_t digest, keymaster_padding_t padding); 4212c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4222c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& RsaEncryptionKey(uint32_t key_size, uint64_t public_exponent, 4232c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_padding_t padding); 4242c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 42584b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn Willden AuthorizationSetBuilder& EcdsaSigningKey(uint32_t key_size, keymaster_digest_t digest); 4262c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& AesEncryptionKey(uint32_t key_size); 4272c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& SigningKey(); 4282c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& EncryptionKey(); 4292c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& NoDigestOrPadding(); 430c47c88f1a9ec3fce5e8116b9b5572b58783f56d0Shawn Willden AuthorizationSetBuilder& EcbMode(); 4312c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4322c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSetBuilder& Deduplicate() { 4332c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden set.Deduplicate(); 4342c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 4352c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden } 4362c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4372c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSet build() const { return set; } 4382c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4392c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden private: 4402c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden friend AuthorizationSet; 4412c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AuthorizationSet set; 4422c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden}; 4432c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4442c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::RsaKey(uint32_t key_size, 4452c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden uint64_t public_exponent) { 4462c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA); 4472c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_KEY_SIZE, key_size); 4482c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent); 4492c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 4502c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4512c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4522c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::EcdsaKey(uint32_t key_size) { 4539c65b2bd1978a918b52a459596dafc7dde992416Shawn Willden Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC); 4542c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_KEY_SIZE, key_size); 4552c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return *this; 4562c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4572c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4582c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::AesKey(uint32_t key_size) { 4592c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES); 4602c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_KEY_SIZE, key_size); 4612c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4622c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4632c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::HmacKey(uint32_t key_size, 4642c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_digest_t digest, 4652c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden uint32_t mac_length) { 4662c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_ALGORITHM, KM_ALGORITHM_HMAC); 4672c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_KEY_SIZE, key_size); 4682c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden SigningKey(); 4692c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_DIGEST, digest); 4702c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_MAC_LENGTH, mac_length); 4712c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4722c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4732c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& 4742c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn WilldenAuthorizationSetBuilder::RsaSigningKey(uint32_t key_size, uint64_t public_exponent, 4752c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_digest_t digest, keymaster_padding_t padding) { 4762c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden RsaKey(key_size, public_exponent); 4772c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden SigningKey(); 4782c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_DIGEST, digest); 4792c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PADDING, padding); 4802c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4812c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4822c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& 4832c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn WilldenAuthorizationSetBuilder::RsaEncryptionKey(uint32_t key_size, uint64_t public_exponent, 4842c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden keymaster_padding_t padding) { 4852c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden RsaKey(key_size, public_exponent); 4862c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden EncryptionKey(); 4872c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PADDING, padding); 4882c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4892c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 49084b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn Willdeninline AuthorizationSetBuilder& 49184b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn WilldenAuthorizationSetBuilder::EcdsaSigningKey(uint32_t key_size, keymaster_digest_t digest) { 4922c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden EcdsaKey(key_size); 49384b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn Willden SigningKey(); 49484b8da52a242c42d9a6a8cc8f128fb4c8baa6f8fShawn Willden return Authorization(TAG_DIGEST, digest); 4952c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 4962c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 4972c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::AesEncryptionKey(uint32_t key_size) { 4982c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden AesKey(key_size); 4992c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return EncryptionKey(); 5002c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 5012c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 5022c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::SigningKey() { 5032c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN); 5042c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY); 5052c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 5062c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 5072c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::EncryptionKey() { 5082c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT); 5092c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT); 5102c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 5112c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 5122c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::NoDigestOrPadding() { 5132c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden Authorization(TAG_DIGEST, KM_DIGEST_NONE); 5142c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden return Authorization(TAG_PADDING, KM_PAD_NONE); 5152c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 5162c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 517c47c88f1a9ec3fce5e8116b9b5572b58783f56d0Shawn Willdeninline AuthorizationSetBuilder& AuthorizationSetBuilder::EcbMode() { 518c47c88f1a9ec3fce5e8116b9b5572b58783f56d0Shawn Willden return Authorization(TAG_BLOCK_MODE, KM_MODE_ECB); 5192c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden} 5202c242009007a38b5c8003137fb8ba5a1fdb73b70Shawn Willden 5215ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden} // namespace keymaster 5225ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 523b10f3b26af1e3b382d9ef361b3eb5279d16a9c05Shawn Willden#endif // SYSTEM_KEYMASTER_KEY_AUTHORIZATION_SET_H_ 524