1 /*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #ifndef SYSTEM_KEYMASTER_AUTHORIZATION_SET_H_
18 #define SYSTEM_KEYMASTER_AUTHORIZATION_SET_H_
19
20 #include <UniquePtr.h>
21
22 #include <hardware/keymaster_defs.h>
23 #include <keymaster/keymaster_tags.h>
24 #include <keymaster/serializable.h>
25
26 namespace keymaster {
27
28 class AuthorizationSetBuilder;
29
30 /**
31 * An extension of the keymaster_key_param_set_t struct, which provides serialization memory
32 * management and methods for easy manipulation and construction.
33 */
34 class AuthorizationSet : public Serializable, public keymaster_key_param_set_t {
35 public:
36 /**
37 * Construct an empty, dynamically-allocated, growable AuthorizationSet. Does not actually
38 * allocate any storage until elements are added, so there is no cost to creating an
39 * AuthorizationSet with this constructor and then reinitializing it to point at pre-allocated
40 * buffers, with \p Reinitialize.
41 */
AuthorizationSet()42 AuthorizationSet()
43 : elems_capacity_(0), indirect_data_(NULL), indirect_data_size_(0),
44 indirect_data_capacity_(0), error_(OK) {
45 elems_ = nullptr;
46 elems_size_ = 0;
47 }
48
49 /**
50 * Construct an AuthorizationSet from the provided array. The AuthorizationSet copies the data
51 * from the provided array (and the data referenced by its embedded pointers, if any) into
52 * dynamically-allocated storage. If allocation of the needed storage fails, \p is_valid() will
53 * return ALLOCATION_FAILURE. It is the responsibility of the caller to check before using the
54 * set, if allocations might fail.
55 */
AuthorizationSet(const keymaster_key_param_t * elems,size_t count)56 AuthorizationSet(const keymaster_key_param_t* elems, size_t count) : indirect_data_(nullptr) {
57 elems_ = nullptr;
58 Reinitialize(elems, count);
59 }
60
AuthorizationSet(const keymaster_key_param_set_t & set)61 explicit AuthorizationSet(const keymaster_key_param_set_t& set) : indirect_data_(nullptr) {
62 elems_ = nullptr;
63 Reinitialize(set.params, set.length);
64 }
65
AuthorizationSet(const uint8_t * serialized_set,size_t serialized_size)66 explicit AuthorizationSet(const uint8_t* serialized_set, size_t serialized_size)
67 : indirect_data_(nullptr) {
68 elems_ = nullptr;
69 Deserialize(&serialized_set, serialized_set + serialized_size);
70 }
71
72 /**
73 * Construct an AuthorizationSet from the provided builder. This extracts the data from the
74 * builder, rather than copying it, so after this call the builder is empty.
75 */
76 explicit AuthorizationSet(/* NOT const */ AuthorizationSetBuilder& builder);
77
78 // Copy constructor.
AuthorizationSet(const AuthorizationSet & set)79 AuthorizationSet(const AuthorizationSet& set) : Serializable(), indirect_data_(nullptr) {
80 elems_ = nullptr;
81 Reinitialize(set.elems_, set.elems_size_);
82 error_ = set.error_;
83 }
84
85 // Move constructor.
AuthorizationSet(AuthorizationSet && set)86 AuthorizationSet(AuthorizationSet&& set) : Serializable() {
87 MoveFrom(set);
88 }
89
90 // Copy assignment.
91 AuthorizationSet& operator=(const AuthorizationSet& set) {
92 Reinitialize(set.elems_, set.elems_size_);
93 error_ = set.error_;
94 return *this;
95 }
96
97 // Move assignment.
98 AuthorizationSet& operator=(AuthorizationSet&& set) {
99 FreeData();
100 MoveFrom(set);
101 return *this;
102 }
103
104 /**
105 * Clear existing authorization set data
106 */
107 void Clear();
108
109 /**
110 * Reinitialize an AuthorizationSet as a dynamically-allocated, growable copy of the data in the
111 * provided array (and the data referenced by its embedded pointers, if any). If the allocation
112 * of the needed storage fails this method will return false and \p is_valid() will return
113 * ALLOCATION_FAILURE.
114 */
115 bool Reinitialize(const keymaster_key_param_t* elems, size_t count);
116
Reinitialize(const AuthorizationSet & set)117 bool Reinitialize(const AuthorizationSet& set) {
118 return Reinitialize(set.elems_, set.elems_size_);
119 }
120
Reinitialize(const keymaster_key_param_set_t & set)121 bool Reinitialize(const keymaster_key_param_set_t& set) {
122 return Reinitialize(set.params, set.length);
123 }
124
125 ~AuthorizationSet();
126
127 enum Error {
128 OK,
129 ALLOCATION_FAILURE,
130 MALFORMED_DATA,
131 };
132
is_valid()133 Error is_valid() const { return error_; }
134
135 /**
136 * Returns the size of the set.
137 */
size()138 size_t size() const { return elems_size_; }
139
140 /**
141 * Returns true if the set is empty.
142 */
empty()143 bool empty() const { return size() == 0; }
144
145 /**
146 * Returns the total size of all indirect data referenced by set elements.
147 */
indirect_size()148 size_t indirect_size() const { return indirect_data_size_; }
149
150 /**
151 * Returns the data in the set, directly. Be careful with this.
152 */
data()153 const keymaster_key_param_t* data() const { return elems_; }
154
155 /**
156 * Sorts the set
157 */
158 void Sort();
159
160 /**
161 * Sorts the set and removes duplicates (inadvertently duplicating tags is easy to do with the
162 * AuthorizationSetBuilder).
163 */
164 void Deduplicate();
165
166 /**
167 * Returns the data in a keymaster_key_param_set_t, suitable for returning to C code. For C
168 * compatibility, the contents are malloced, not new'ed, and so must be freed with free(), or
169 * better yet with keymaster_free_param_set, not delete. The caller takes ownership.
170 */
171 void CopyToParamSet(keymaster_key_param_set_t* set) const;
172
173 /**
174 * Returns the offset of the next entry that matches \p tag, starting from the element after \p
175 * begin. If not found, returns -1.
176 */
177 int find(keymaster_tag_t tag, int begin = -1) const;
178
179 /**
180 * Removes the entry at the specified index. Returns true if successful, false if the index was
181 * out of bounds.
182 */
183 bool erase(int index);
184
185 /**
186 * Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration
187 */
begin()188 const keymaster_key_param_t* begin() const { return elems_; }
189
190 /**
191 * Returns iterator (pointer) one past end of elems array, to enable STL-style iteration
192 */
end()193 const keymaster_key_param_t* end() const { return elems_ + elems_size_; }
194
195 /**
196 * Returns the nth element of the set.
197 */
198 keymaster_key_param_t& operator[](int n);
199
200 /**
201 * Returns the nth element of the set.
202 */
203 keymaster_key_param_t operator[](int n) const;
204
205 /**
206 * Returns true if the set contains at least one instance of \p tag
207 */
Contains(keymaster_tag_t tag)208 bool Contains(keymaster_tag_t tag) const {
209 return find(tag) != -1;
210 }
211
212 /**
213 * Returns the number of \p tag entries.
214 */
215 size_t GetTagCount(keymaster_tag_t tag) const;
216
217 /**
218 * Returns true if the set contains the specified tag and value.
219 */
220 template <keymaster_tag_t Tag, typename T>
Contains(TypedEnumTag<KM_ENUM_REP,Tag,T> tag,T val)221 bool Contains(TypedEnumTag<KM_ENUM_REP, Tag, T> tag, T val) const {
222 return ContainsEnumValue(tag, val);
223 }
224
225 /**
226 * Returns true if the set contains the specified tag and value.
227 */
228 template <keymaster_tag_t Tag, typename T>
Contains(TypedEnumTag<KM_ENUM,Tag,T> tag,T val)229 bool Contains(TypedEnumTag<KM_ENUM, Tag, T> tag, T val) const {
230 return ContainsEnumValue(tag, val);
231 }
232
233 /**
234 * Returns true if the set contains the specified tag and value.
235 */
236 template <keymaster_tag_t Tag>
Contains(TypedTag<KM_UINT,Tag> tag,uint32_t val)237 bool Contains(TypedTag<KM_UINT, Tag> tag, uint32_t val) const {
238 return ContainsIntValue(tag, val);
239 }
240
241 /**
242 * If the specified integer-typed \p tag exists, places its value in \p val and returns true.
243 * If \p tag is not present, leaves \p val unmodified and returns false.
244 */
245 template <keymaster_tag_t T>
GetTagValue(TypedTag<KM_UINT,T> tag,uint32_t * val)246 inline bool GetTagValue(TypedTag<KM_UINT, T> tag, uint32_t* val) const {
247 return GetTagValueInt(tag, val);
248 }
249
250 /**
251 * If the specified instance of the specified integer-typed \p tag exists, places its value
252 * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns
253 * false.
254 */
255 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_UINT_REP,Tag> tag,size_t instance,uint32_t * val)256 bool GetTagValue(TypedTag<KM_UINT_REP, Tag> tag, size_t instance, uint32_t* val) const {
257 return GetTagValueIntRep(tag, instance, val);
258 }
259
260 /**
261 * If the specified long-typed \p tag exists, places its value in \p val and returns true.
262 * If \p tag is not present, leaves \p val unmodified and returns false.
263 */
264 template <keymaster_tag_t T>
GetTagValue(TypedTag<KM_ULONG,T> tag,uint64_t * val)265 inline bool GetTagValue(TypedTag<KM_ULONG, T> tag, uint64_t* val) const {
266 return GetTagValueLong(tag, val);
267 }
268
269 /**
270 * If the specified instance of the specified integer-typed \p tag exists, places its value
271 * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns
272 * false.
273 */
274 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_ULONG_REP,Tag> tag,size_t instance,uint64_t * val)275 bool GetTagValue(TypedTag<KM_ULONG_REP, Tag> tag, size_t instance, uint64_t* val) const {
276 return GetTagValueLongRep(tag, instance, val);
277 }
278
279 /**
280 * If the specified enumeration-typed \p tag exists, places its value in \p val and returns
281 * true. If \p tag is not present, leaves \p val unmodified and returns false.
282 */
283 template <keymaster_tag_t Tag, typename T>
GetTagValue(TypedEnumTag<KM_ENUM,Tag,T> tag,T * val)284 bool GetTagValue(TypedEnumTag<KM_ENUM, Tag, T> tag, T* val) const {
285 return GetTagValueEnum(tag, reinterpret_cast<uint32_t*>(val));
286 }
287
288 /**
289 * If the specified instance of the specified enumeration-typed \p tag exists, places its value
290 * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns
291 * false.
292 */
293 template <keymaster_tag_t Tag, typename T>
GetTagValue(TypedEnumTag<KM_ENUM_REP,Tag,T> tag,size_t instance,T * val)294 bool GetTagValue(TypedEnumTag<KM_ENUM_REP, Tag, T> tag, size_t instance, T* val) const {
295 return GetTagValueEnumRep(tag, instance, reinterpret_cast<uint32_t*>(val));
296 }
297
298 /**
299 * If exactly one instance of the specified enumeration-typed \p tag exists, places its value in
300 * \p val and returns true. If \p tag is not present or if multiple copies are present, leaves
301 * \p val unmodified and returns false.
302 */
303 template <keymaster_tag_t Tag, typename T>
GetTagValue(TypedEnumTag<KM_ENUM_REP,Tag,T> tag,T * val)304 bool GetTagValue(TypedEnumTag<KM_ENUM_REP, Tag, T> tag, T* val) const {
305 if (GetTagCount(tag) != 1)
306 return false;
307 return GetTagValueEnumRep(tag, 0, reinterpret_cast<uint32_t*>(val));
308 }
309
310 /**
311 * If the specified date-typed \p tag exists, places its value in \p val and returns
312 * true. If \p tag is not present, leaves \p val unmodified and returns false.
313 */
314 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_UINT_REP,Tag> tag,size_t instance,typename TypedTag<KM_UINT_REP,Tag>::value_type * val)315 bool GetTagValue(TypedTag<KM_UINT_REP, Tag> tag, size_t instance,
316 typename TypedTag<KM_UINT_REP, Tag>::value_type* val) const {
317 return GetTagValueIntRep(tag, instance, val);
318 }
319
320 /**
321 * If the specified bytes-typed \p tag exists, places its value in \p val and returns
322 * true. If \p tag is not present, leaves \p val unmodified and returns false.
323 */
324 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_BYTES,Tag> tag,keymaster_blob_t * val)325 bool GetTagValue(TypedTag<KM_BYTES, Tag> tag, keymaster_blob_t* val) const {
326 return GetTagValueBlob(tag, val);
327 }
328
329 /**
330 * If the specified bignum-typed \p tag exists, places its value in \p val and returns
331 * true. If \p tag is not present, leaves \p val unmodified and returns false.
332 */
333 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_BIGNUM,Tag> tag,keymaster_blob_t * val)334 bool GetTagValue(TypedTag<KM_BIGNUM, Tag> tag, keymaster_blob_t* val) const {
335 return GetTagValueBlob(tag, val);
336 }
337
338 /**
339 * Returns true if the specified tag is present, and therefore has the value 'true'.
340 */
GetTagValue(TypedTag<KM_BOOL,Tag> tag)341 template <keymaster_tag_t Tag> bool GetTagValue(TypedTag<KM_BOOL, Tag> tag) const {
342 return GetTagValueBool(tag);
343 }
344
345 /**
346 * If the specified \p tag exists, places its value in \p val and returns true. If \p tag is
347 * not present, leaves \p val unmodified and returns false.
348 */
349 template <keymaster_tag_t Tag, keymaster_tag_type_t Type>
GetTagValue(TypedTag<Type,Tag> tag,typename TagValueType<Type>::value_type * val)350 bool GetTagValue(TypedTag<Type, Tag> tag, typename TagValueType<Type>::value_type* val) const {
351 return GetTagValueLong(tag, val);
352 }
353
354 bool push_back(keymaster_key_param_t elem);
355
356 /**
357 * Grow the elements array to ensure it can contain \p count entries. Preserves any existing
358 * entries.
359 */
360 bool reserve_elems(size_t count);
361
362 /**
363 * Grow the indirect data array to ensure it can contain \p length bytes. Preserves any
364 * existing indirect data.
365 */
366 bool reserve_indirect(size_t length);
367
368 bool push_back(const keymaster_key_param_set_t& set);
369
370 /**
371 * Append the tag and enumerated value to the set.
372 */
373 template <keymaster_tag_t Tag, keymaster_tag_type_t Type, typename KeymasterEnum>
push_back(TypedEnumTag<Type,Tag,KeymasterEnum> tag,KeymasterEnum val)374 bool push_back(TypedEnumTag<Type, Tag, KeymasterEnum> tag, KeymasterEnum val) {
375 return push_back(Authorization(tag, val));
376 }
377
378 /**
379 * Append the boolean tag (value "true") to the set.
380 */
push_back(TypedTag<KM_BOOL,Tag> tag)381 template <keymaster_tag_t Tag> bool push_back(TypedTag<KM_BOOL, Tag> tag) {
382 return push_back(Authorization(tag));
383 }
384
385 /**
386 * Append the tag and byte array to the set. Copies the array into internal storage; does not
387 * take ownership of the passed-in array.
388 */
389 template <keymaster_tag_t Tag>
push_back(TypedTag<KM_BYTES,Tag> tag,const void * bytes,size_t bytes_len)390 bool push_back(TypedTag<KM_BYTES, Tag> tag, const void* bytes, size_t bytes_len) {
391 return push_back(keymaster_param_blob(tag, static_cast<const uint8_t*>(bytes), bytes_len));
392 }
393
394 /**
395 * Append the tag and blob to the set. Copies the blob contents into internal storage; does not
396 * take ownership of the blob's data.
397 */
398 template <keymaster_tag_t Tag>
push_back(TypedTag<KM_BYTES,Tag> tag,const keymaster_blob_t & blob)399 bool push_back(TypedTag<KM_BYTES, Tag> tag, const keymaster_blob_t& blob) {
400 return push_back(tag, blob.data, blob.data_length);
401 }
402
403 /**
404 * Append the tag and bignum array to the set. Copies the array into internal storage; does not
405 * take ownership of the passed-in array.
406 */
407 template <keymaster_tag_t Tag>
push_back(TypedTag<KM_BIGNUM,Tag> tag,const void * bytes,size_t bytes_len)408 bool push_back(TypedTag<KM_BIGNUM, Tag> tag, const void* bytes, size_t bytes_len) {
409 return push_back(keymaster_param_blob(tag, static_cast<const uint8_t*>(bytes), bytes_len));
410 }
411
412 template <keymaster_tag_t Tag, keymaster_tag_type_t Type>
push_back(TypedTag<Type,Tag> tag,typename TypedTag<Type,Tag>::value_type val)413 bool push_back(TypedTag<Type, Tag> tag, typename TypedTag<Type, Tag>::value_type val) {
414 return push_back(Authorization(tag, val));
415 }
416
417 template <keymaster_tag_t Tag, keymaster_tag_type_t Type>
push_back(TypedTag<Type,Tag> tag,const void * bytes,size_t bytes_len)418 bool push_back(TypedTag<Type, Tag> tag, const void* bytes, size_t bytes_len) {
419 return push_back(Authorization(tag, bytes, bytes_len));
420 }
421
422 /* Virtual methods from Serializable */
423 size_t SerializedSize() const;
424 uint8_t* Serialize(uint8_t* serialized_set, const uint8_t* end) const;
425 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end);
426
427 size_t SerializedSizeOfElements() const;
428
429 private:
430 void FreeData();
431 void MoveFrom(AuthorizationSet& set);
432
433 void set_invalid(Error err);
434
435 static size_t ComputeIndirectDataSize(const keymaster_key_param_t* elems, size_t count);
436 void CopyIndirectData();
437 bool CheckIndirectData();
438
439 bool DeserializeIndirectData(const uint8_t** buf_ptr, const uint8_t* end);
440 bool DeserializeElementsData(const uint8_t** buf_ptr, const uint8_t* end);
441
442 bool GetTagValueEnum(keymaster_tag_t tag, uint32_t* val) const;
443 bool GetTagValueEnumRep(keymaster_tag_t tag, size_t instance, uint32_t* val) const;
444 bool GetTagValueInt(keymaster_tag_t tag, uint32_t* val) const;
445 bool GetTagValueIntRep(keymaster_tag_t tag, size_t instance, uint32_t* val) const;
446 bool GetTagValueLong(keymaster_tag_t tag, uint64_t* val) const;
447 bool GetTagValueLongRep(keymaster_tag_t tag, size_t instance, uint64_t* val) const;
448 bool GetTagValueDate(keymaster_tag_t tag, uint64_t* val) const;
449 bool GetTagValueBlob(keymaster_tag_t tag, keymaster_blob_t* val) const;
450 bool GetTagValueBool(keymaster_tag_t tag) const;
451
452 bool ContainsEnumValue(keymaster_tag_t tag, uint32_t val) const;
453 bool ContainsIntValue(keymaster_tag_t tag, uint32_t val) const;
454
455 // Define elems_ and elems_size_ as aliases to params and length, respectively. This is to
456 // avoid using the variables without the trailing underscore in the implementation.
457 keymaster_key_param_t*& elems_ = keymaster_key_param_set_t::params;
458 size_t& elems_size_ = keymaster_key_param_set_t::length;
459
460 size_t elems_capacity_;
461 uint8_t* indirect_data_;
462 size_t indirect_data_size_;
463 size_t indirect_data_capacity_;
464 Error error_;
465 };
466
467 class AuthorizationSetBuilder {
468 public:
469 template <typename TagType, typename ValueType>
Authorization(TagType tag,ValueType value)470 AuthorizationSetBuilder& Authorization(TagType tag, ValueType value) {
471 set.push_back(tag, value);
472 return *this;
473 }
474
475 template <keymaster_tag_t Tag>
Authorization(TypedTag<KM_BOOL,Tag> tag)476 AuthorizationSetBuilder& Authorization(TypedTag<KM_BOOL, Tag> tag) {
477 set.push_back(tag);
478 return *this;
479 }
480
481 template <keymaster_tag_t Tag>
Authorization(TypedTag<KM_INVALID,Tag> tag)482 AuthorizationSetBuilder& Authorization(TypedTag<KM_INVALID, Tag> tag) {
483 keymaster_key_param_t param;
484 param.tag = tag;
485 set.push_back(param);
486 return *this;
487 }
488
489 template <keymaster_tag_t Tag>
Authorization(TypedTag<KM_BYTES,Tag> tag,const uint8_t * data,size_t data_length)490 AuthorizationSetBuilder& Authorization(TypedTag<KM_BYTES, Tag> tag, const uint8_t* data,
491 size_t data_length) {
492 set.push_back(tag, data, data_length);
493 return *this;
494 }
495
496 template <keymaster_tag_t Tag>
Authorization(TypedTag<KM_BYTES,Tag> tag,const char * data,size_t data_length)497 AuthorizationSetBuilder& Authorization(TypedTag<KM_BYTES, Tag> tag, const char* data,
498 size_t data_length) {
499 return Authorization(tag, reinterpret_cast<const uint8_t*>(data), data_length);
500 }
501
502 AuthorizationSetBuilder& RsaKey(uint32_t key_size, uint64_t public_exponent);
503 AuthorizationSetBuilder& EcdsaKey(uint32_t key_size);
504 AuthorizationSetBuilder& AesKey(uint32_t key_size);
505 AuthorizationSetBuilder& HmacKey(uint32_t key_size);
506
507 AuthorizationSetBuilder& RsaSigningKey(uint32_t key_size, uint64_t public_exponent);
508 AuthorizationSetBuilder& RsaEncryptionKey(uint32_t key_size, uint64_t public_exponent);
509 AuthorizationSetBuilder& EcdsaSigningKey(uint32_t key_size);
510 AuthorizationSetBuilder& AesEncryptionKey(uint32_t key_size);
511
512 AuthorizationSetBuilder& SigningKey();
513 AuthorizationSetBuilder& EncryptionKey();
514 AuthorizationSetBuilder& NoDigestOrPadding();
515 AuthorizationSetBuilder& EcbMode();
516
Digest(keymaster_digest_t digest)517 AuthorizationSetBuilder& Digest(keymaster_digest_t digest) {
518 return Authorization(TAG_DIGEST, digest);
519 }
520
Padding(keymaster_padding_t padding)521 AuthorizationSetBuilder& Padding(keymaster_padding_t padding) {
522 return Authorization(TAG_PADDING, padding);
523 }
524
Deduplicate()525 AuthorizationSetBuilder& Deduplicate() {
526 set.Deduplicate();
527 return *this;
528 }
529
build()530 AuthorizationSet build() const { return set; }
531
532 private:
533 friend AuthorizationSet;
534 AuthorizationSet set;
535 };
536
RsaKey(uint32_t key_size,uint64_t public_exponent)537 inline AuthorizationSetBuilder& AuthorizationSetBuilder::RsaKey(uint32_t key_size,
538 uint64_t public_exponent) {
539 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA);
540 Authorization(TAG_KEY_SIZE, key_size);
541 Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
542 return *this;
543 }
544
EcdsaKey(uint32_t key_size)545 inline AuthorizationSetBuilder& AuthorizationSetBuilder::EcdsaKey(uint32_t key_size) {
546 Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC);
547 Authorization(TAG_KEY_SIZE, key_size);
548 return *this;
549 }
550
AesKey(uint32_t key_size)551 inline AuthorizationSetBuilder& AuthorizationSetBuilder::AesKey(uint32_t key_size) {
552 Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES);
553 return Authorization(TAG_KEY_SIZE, key_size);
554 }
555
HmacKey(uint32_t key_size)556 inline AuthorizationSetBuilder& AuthorizationSetBuilder::HmacKey(uint32_t key_size) {
557 Authorization(TAG_ALGORITHM, KM_ALGORITHM_HMAC);
558 Authorization(TAG_KEY_SIZE, key_size);
559 return SigningKey();
560 }
561
RsaSigningKey(uint32_t key_size,uint64_t public_exponent)562 inline AuthorizationSetBuilder& AuthorizationSetBuilder::RsaSigningKey(uint32_t key_size,
563 uint64_t public_exponent) {
564 RsaKey(key_size, public_exponent);
565 return SigningKey();
566 }
567
568 inline AuthorizationSetBuilder&
RsaEncryptionKey(uint32_t key_size,uint64_t public_exponent)569 AuthorizationSetBuilder::RsaEncryptionKey(uint32_t key_size, uint64_t public_exponent) {
570 RsaKey(key_size, public_exponent);
571 return EncryptionKey();
572 }
573
EcdsaSigningKey(uint32_t key_size)574 inline AuthorizationSetBuilder& AuthorizationSetBuilder::EcdsaSigningKey(uint32_t key_size) {
575 EcdsaKey(key_size);
576 return SigningKey();
577 }
578
AesEncryptionKey(uint32_t key_size)579 inline AuthorizationSetBuilder& AuthorizationSetBuilder::AesEncryptionKey(uint32_t key_size) {
580 AesKey(key_size);
581 return EncryptionKey();
582 }
583
SigningKey()584 inline AuthorizationSetBuilder& AuthorizationSetBuilder::SigningKey() {
585 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN);
586 return Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY);
587 }
588
EncryptionKey()589 inline AuthorizationSetBuilder& AuthorizationSetBuilder::EncryptionKey() {
590 Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT);
591 return Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT);
592 }
593
NoDigestOrPadding()594 inline AuthorizationSetBuilder& AuthorizationSetBuilder::NoDigestOrPadding() {
595 Authorization(TAG_DIGEST, KM_DIGEST_NONE);
596 return Authorization(TAG_PADDING, KM_PAD_NONE);
597 }
598
EcbMode()599 inline AuthorizationSetBuilder& AuthorizationSetBuilder::EcbMode() {
600 return Authorization(TAG_BLOCK_MODE, KM_MODE_ECB);
601 }
602
603 } // namespace keymaster
604
605 #endif // SYSTEM_KEYMASTER_KEY_AUTHORIZATION_SET_H_
606