Lines Matching refs:keymint
46 namespace keymint = ::aidl::android::hardware::security::keymint;
57 keymint::AuthorizationSet parameters;
122 keymint::SecurityLevel securitylevel) { in GetSecurityLevelInterface()
131 return !(a.securityLevel == keymint::SecurityLevel::SOFTWARE || in isHardwareEnforced()
132 a.securityLevel == keymint::SecurityLevel::KEYSTORE); in isHardwareEnforced()
161 return a.keyParameter.tag == keymint::Tag::ALGORITHM && in verifyEncryptionKeyAttributes()
163 keymint::KeyParameterValue::make<keymint::KeyParameterValue::algorithm>( in verifyEncryptionKeyAttributes()
164 keymint::Algorithm::AES); in verifyEncryptionKeyAttributes()
170 return a.keyParameter.tag == keymint::Tag::KEY_SIZE && in verifyEncryptionKeyAttributes()
172 keymint::KeyParameterValue::make<keymint::KeyParameterValue::integer>( in verifyEncryptionKeyAttributes()
179 return a.keyParameter.tag == keymint::Tag::BLOCK_MODE && in verifyEncryptionKeyAttributes()
181 keymint::KeyParameterValue::make<keymint::KeyParameterValue::blockMode>( in verifyEncryptionKeyAttributes()
182 keymint::BlockMode::CBC); in verifyEncryptionKeyAttributes()
188 return a.keyParameter.tag == keymint::Tag::PADDING && in verifyEncryptionKeyAttributes()
190 keymint::KeyParameterValue::make<keymint::KeyParameterValue::paddingMode>( in verifyEncryptionKeyAttributes()
191 keymint::PaddingMode::PKCS7); in verifyEncryptionKeyAttributes()
202 return a.keyParameter.tag == keymint::Tag::ALGORITHM && in verifyAuthenticationKeyAttributes()
204 keymint::KeyParameterValue::make<keymint::KeyParameterValue::algorithm>( in verifyAuthenticationKeyAttributes()
205 keymint::Algorithm::HMAC); in verifyAuthenticationKeyAttributes()
211 return a.keyParameter.tag == keymint::Tag::KEY_SIZE && in verifyAuthenticationKeyAttributes()
213 keymint::KeyParameterValue::make<keymint::KeyParameterValue::integer>( in verifyAuthenticationKeyAttributes()
220 return a.keyParameter.tag == keymint::Tag::MIN_MAC_LENGTH && in verifyAuthenticationKeyAttributes()
222 keymint::KeyParameterValue::make<keymint::KeyParameterValue::integer>( in verifyAuthenticationKeyAttributes()
229 return a.keyParameter.tag == keymint::Tag::DIGEST && in verifyAuthenticationKeyAttributes()
231 keymint::KeyParameterValue::make<keymint::KeyParameterValue::digest>( in verifyAuthenticationKeyAttributes()
232 keymint::Digest::SHA_2_256); in verifyAuthenticationKeyAttributes()
238 loadOrCreateAndVerifyEncryptionKey(const std::string& name, keymint::SecurityLevel securityLevel, in loadOrCreateAndVerifyEncryptionKey()
258 auto params = keymint::AuthorizationSetBuilder() in loadOrCreateAndVerifyEncryptionKey()
260 .Padding(keymint::PaddingMode::PKCS7) in loadOrCreateAndVerifyEncryptionKey()
261 .Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CBC) in loadOrCreateAndVerifyEncryptionKey()
262 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in loadOrCreateAndVerifyEncryptionKey()
292 keymint::SecurityLevel securityLevel, bool create) { in loadOrCreateAndVerifyAuthenticationKey()
311 auto params = keymint::AuthorizationSetBuilder() in loadOrCreateAndVerifyAuthenticationKey()
313 .Digest(keymint::Digest::SHA_2_256) in loadOrCreateAndVerifyAuthenticationKey()
314 .Authorization(keymint::TAG_MIN_MAC_LENGTH, kHMACOutputSize) in loadOrCreateAndVerifyAuthenticationKey()
315 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in loadOrCreateAndVerifyAuthenticationKey()
345 keymint::SecurityLevel securityLevel) { in encryptWithAuthentication()
367 auto encrypt_params = keymint::AuthorizationSetBuilder() in encryptWithAuthentication()
368 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::ENCRYPT) in encryptWithAuthentication()
369 .Padding(keymint::PaddingMode::PKCS7) in encryptWithAuthentication()
370 .Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CBC); in encryptWithAuthentication()
391 if (auto iv = keymint::authorizationValue(keymint::TAG_NONCE, p)) { in encryptWithAuthentication()
412 auto sign_params = keymint::AuthorizationSetBuilder() in encryptWithAuthentication()
413 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::SIGN) in encryptWithAuthentication()
414 .Digest(keymint::Digest::SHA_2_256) in encryptWithAuthentication()
415 .Authorization(keymint::TAG_MAC_LENGTH, kHMACOutputSize); in encryptWithAuthentication()
469 encryption_key_name, keymint::SecurityLevel::KEYSTORE /* ignored */, false /* create */); in decryptWithAuthentication()
477 authentication_key_name, keymint::SecurityLevel::KEYSTORE /* ignored */, in decryptWithAuthentication()
486 auto sign_params = keymint::AuthorizationSetBuilder() in decryptWithAuthentication()
487 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::VERIFY) in decryptWithAuthentication()
488 .Digest(keymint::Digest::SHA_2_256) in decryptWithAuthentication()
489 .Authorization(keymint::TAG_MAC_LENGTH, kHMACOutputSize); in decryptWithAuthentication()
517 auto encrypt_params = keymint::AuthorizationSetBuilder() in decryptWithAuthentication()
518 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::DECRYPT) in decryptWithAuthentication()
519 .Authorization(keymint::TAG_NONCE, protobuf.init_vector().data(), in decryptWithAuthentication()
521 .Padding(keymint::PaddingMode::PKCS7) in decryptWithAuthentication()
522 .Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CBC); in decryptWithAuthentication()
552 const std::vector<keymint::KeyParameter>& parameters) { in TestKey()
555 GetSecurityLevelInterface(keystore, keymint::SecurityLevel::TRUSTED_ENVIRONMENT); in TestKey()
589 (a.keyParameter.tag == keymint::Tag::ALGORITHM || in TestKey()
590 a.keyParameter.tag == keymint::Tag::KEY_SIZE || in TestKey()
591 a.keyParameter.tag == keymint::Tag::RSA_PUBLIC_EXPONENT); in TestKey()
606 keymint::AuthorizationSet GetRSASignParameters(uint32_t key_size, bool sha256_only) { in GetRSASignParameters()
607 keymint::AuthorizationSetBuilder parameters; in GetRSASignParameters()
609 .Digest(keymint::Digest::SHA_2_256) in GetRSASignParameters()
610 .Padding(keymint::PaddingMode::RSA_PKCS1_1_5_SIGN) in GetRSASignParameters()
611 .Padding(keymint::PaddingMode::RSA_PSS) in GetRSASignParameters()
612 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetRSASignParameters()
614 parameters.Digest(keymint::Digest::SHA_2_224) in GetRSASignParameters()
615 .Digest(keymint::Digest::SHA_2_384) in GetRSASignParameters()
616 .Digest(keymint::Digest::SHA_2_512); in GetRSASignParameters()
621 keymint::AuthorizationSet GetRSAEncryptParameters(uint32_t key_size) { in GetRSAEncryptParameters()
622 keymint::AuthorizationSetBuilder parameters; in GetRSAEncryptParameters()
624 .Padding(keymint::PaddingMode::RSA_PKCS1_1_5_ENCRYPT) in GetRSAEncryptParameters()
625 .Padding(keymint::PaddingMode::RSA_OAEP) in GetRSAEncryptParameters()
626 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetRSAEncryptParameters()
630 keymint::AuthorizationSet GetECDSAParameters(keymint::EcCurve curve, bool sha256_only) { in GetECDSAParameters()
631 keymint::AuthorizationSetBuilder parameters; in GetECDSAParameters()
633 .Digest(keymint::Digest::SHA_2_256) in GetECDSAParameters()
634 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetECDSAParameters()
636 parameters.Digest(keymint::Digest::SHA_2_224) in GetECDSAParameters()
637 .Digest(keymint::Digest::SHA_2_384) in GetECDSAParameters()
638 .Digest(keymint::Digest::SHA_2_512); in GetECDSAParameters()
643 keymint::AuthorizationSet GetAESParameters(uint32_t key_size, bool with_gcm_mode) { in GetAESParameters()
644 keymint::AuthorizationSetBuilder parameters; in GetAESParameters()
645 parameters.AesEncryptionKey(key_size).Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetAESParameters()
647 parameters.Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::GCM) in GetAESParameters()
648 .Authorization(keymint::TAG_MIN_MAC_LENGTH, 128); in GetAESParameters()
650 parameters.Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::ECB); in GetAESParameters()
651 parameters.Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CBC); in GetAESParameters()
652 parameters.Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CTR); in GetAESParameters()
653 parameters.Padding(keymint::PaddingMode::NONE); in GetAESParameters()
658 keymint::AuthorizationSet GetHMACParameters(uint32_t key_size, keymint::Digest digest) { in GetHMACParameters()
659 keymint::AuthorizationSetBuilder parameters; in GetHMACParameters()
662 .Authorization(keymint::TAG_MIN_MAC_LENGTH, 224) in GetHMACParameters()
663 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetHMACParameters()
676 {"ECDSA-P256 Sign", true, GetECDSAParameters(keymint::EcCurve::P_256, true)}, in GetTestCases()
678 GetECDSAParameters(keymint::EcCurve::P_256, false)}, in GetTestCases()
679 {"ECDSA-P224 Sign", false, GetECDSAParameters(keymint::EcCurve::P_224, false)}, in GetTestCases()
680 {"ECDSA-P384 Sign", false, GetECDSAParameters(keymint::EcCurve::P_384, false)}, in GetTestCases()
681 {"ECDSA-P521 Sign", false, GetECDSAParameters(keymint::EcCurve::P_521, false)}, in GetTestCases()
686 {"HMAC-SHA256-16", true, GetHMACParameters(16, keymint::Digest::SHA_2_256)}, in GetTestCases()
687 {"HMAC-SHA256-32", true, GetHMACParameters(32, keymint::Digest::SHA_2_256)}, in GetTestCases()
688 {"HMAC-SHA256-64", false, GetHMACParameters(64, keymint::Digest::SHA_2_256)}, in GetTestCases()
689 {"HMAC-SHA224-32", false, GetHMACParameters(32, keymint::Digest::SHA_2_224)}, in GetTestCases()
690 {"HMAC-SHA384-32", false, GetHMACParameters(32, keymint::Digest::SHA_2_384)}, in GetTestCases()
691 {"HMAC-SHA512-32", false, GetHMACParameters(32, keymint::Digest::SHA_2_512)}, in GetTestCases()
759 int GenerateKey(const std::string& name, keymint::SecurityLevel securityLevel, bool auth_bound) { in GenerateKey()
762 keymint::AuthorizationSetBuilder params; in GenerateKey()
764 .Digest(keymint::Digest::SHA_2_224) in GenerateKey()
765 .Digest(keymint::Digest::SHA_2_256) in GenerateKey()
766 .Digest(keymint::Digest::SHA_2_384) in GenerateKey()
767 .Digest(keymint::Digest::SHA_2_512) in GenerateKey()
768 .Padding(keymint::PaddingMode::RSA_PKCS1_1_5_SIGN) in GenerateKey()
769 .Padding(keymint::PaddingMode::RSA_PSS); in GenerateKey()
773 params.Authorization(keymint::TAG_USER_SECURE_ID, 0); in GenerateKey()
775 params.Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GenerateKey()
879 auto sign_params = keymint::AuthorizationSetBuilder() in SignAndVerify()
880 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::SIGN) in SignAndVerify()
881 .Padding(keymint::PaddingMode::RSA_PKCS1_1_5_SIGN) in SignAndVerify()
882 .Digest(keymint::Digest::SHA_2_256); in SignAndVerify()
884 keymint::AuthorizationSet output_params; in SignAndVerify()
947 const std::string& output_filename, keymint::SecurityLevel securityLevel) { in Encrypt()
970 keymint::SecurityLevel securityLevelOption2SecurlityLevel(const CommandLine& cmd) { in securityLevelOption2SecurlityLevel()
974 return keymint::SecurityLevel::STRONGBOX; in securityLevelOption2SecurlityLevel()
976 return keymint::SecurityLevel::TRUSTED_ENVIRONMENT; in securityLevelOption2SecurlityLevel()
981 return keymint::SecurityLevel::TRUSTED_ENVIRONMENT; in securityLevelOption2SecurlityLevel()