1 /*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #ifndef SYSTEM_KEYMASTER_AUTHORIZATION_SET_H_
18 #define SYSTEM_KEYMASTER_AUTHORIZATION_SET_H_
19
20 #include <UniquePtr.h>
21
22 #include <hardware/keymaster_defs.h>
23 #include <keymaster/keymaster_tags.h>
24 #include <keymaster/serializable.h>
25
26 namespace keymaster {
27
28 class AuthorizationSetBuilder;
29
30 /**
31 * An extension of the keymaster_key_param_set_t struct, which provides serialization memory
32 * management and methods for easy manipulation and construction.
33 */
34 class AuthorizationSet : public Serializable, public keymaster_key_param_set_t {
35 public:
36 /**
37 * Construct an empty, dynamically-allocated, growable AuthorizationSet. Does not actually
38 * allocate any storage until elements are added, so there is no cost to creating an
39 * AuthorizationSet with this constructor and then reinitializing it to point at pre-allocated
40 * buffers, with \p Reinitialize.
41 */
AuthorizationSet()42 AuthorizationSet()
43 : elems_capacity_(0), indirect_data_(NULL), indirect_data_size_(0),
44 indirect_data_capacity_(0), error_(OK) {
45 elems_ = nullptr;
46 elems_size_ = 0;
47 }
48
49 /**
50 * Construct an AuthorizationSet from the provided array. The AuthorizationSet copies the data
51 * from the provided array (and the data referenced by its embedded pointers, if any) into
52 * dynamically-allocated storage. If allocation of the needed storage fails, \p is_valid() will
53 * return ALLOCATION_FAILURE. It is the responsibility of the caller to check before using the
54 * set, if allocations might fail.
55 */
AuthorizationSet(const keymaster_key_param_t * elems,size_t count)56 AuthorizationSet(const keymaster_key_param_t* elems, size_t count) : indirect_data_(nullptr) {
57 elems_ = nullptr;
58 Reinitialize(elems, count);
59 }
60
AuthorizationSet(const keymaster_key_param_set_t & set)61 explicit AuthorizationSet(const keymaster_key_param_set_t& set) : indirect_data_(nullptr) {
62 elems_ = nullptr;
63 Reinitialize(set.params, set.length);
64 }
65
AuthorizationSet(const uint8_t * serialized_set,size_t serialized_size)66 explicit AuthorizationSet(const uint8_t* serialized_set, size_t serialized_size)
67 : indirect_data_(nullptr) {
68 elems_ = nullptr;
69 Deserialize(&serialized_set, serialized_set + serialized_size);
70 }
71
72 /**
73 * Construct an AuthorizationSet from the provided builder. This extracts the data from the
74 * builder, rather than copying it, so after this call the builder is empty.
75 */
76 explicit AuthorizationSet(/* NOT const */ AuthorizationSetBuilder& builder);
77
78 // Copy constructor.
AuthorizationSet(const AuthorizationSet & set)79 AuthorizationSet(const AuthorizationSet& set) : Serializable(), indirect_data_(nullptr) {
80 elems_ = nullptr;
81 Reinitialize(set.elems_, set.elems_size_);
82 }
83
84 /**
85 * Clear existing authorization set data
86 */
87 void Clear();
88
89 /**
90 * Reinitialize an AuthorizationSet as a dynamically-allocated, growable copy of the data in the
91 * provided array (and the data referenced by its embedded pointers, if any). If the allocation
92 * of the needed storage fails this method will return false and \p is_valid() will return
93 * ALLOCATION_FAILURE.
94 */
95 bool Reinitialize(const keymaster_key_param_t* elems, size_t count);
96
Reinitialize(const AuthorizationSet & set)97 bool Reinitialize(const AuthorizationSet& set) {
98 return Reinitialize(set.elems_, set.elems_size_);
99 }
100
Reinitialize(const keymaster_key_param_set_t & set)101 bool Reinitialize(const keymaster_key_param_set_t& set) {
102 return Reinitialize(set.params, set.length);
103 }
104
105 ~AuthorizationSet();
106
107 enum Error {
108 OK,
109 ALLOCATION_FAILURE,
110 MALFORMED_DATA,
111 };
112
is_valid()113 Error is_valid() const { return error_; }
114
115 /**
116 * Returns the size of the set.
117 */
size()118 size_t size() const { return elems_size_; }
119
120 /**
121 * Returns the total size of all indirect data referenced by set elements.
122 */
indirect_size()123 size_t indirect_size() const { return indirect_data_size_; }
124
125 /**
126 * Returns the data in the set, directly. Be careful with this.
127 */
data()128 const keymaster_key_param_t* data() const { return elems_; }
129
130 /**
131 * Sorts the set and removes duplicates (inadvertently duplicating tags is easy to do with the
132 * AuthorizationSetBuilder).
133 */
134 void Deduplicate();
135
136 /**
137 * Returns the data in a keymaster_key_param_set_t, suitable for returning to C code. For C
138 * compatibility, the contents are malloced, not new'ed, and so must be freed with free(), or
139 * better yet with keymaster_free_param_set, not delete. The caller takes ownership.
140 */
141 void CopyToParamSet(keymaster_key_param_set_t* set) const;
142
143 /**
144 * Returns the offset of the next entry that matches \p tag, starting from the element after \p
145 * begin. If not found, returns -1.
146 */
147 int find(keymaster_tag_t tag, int begin = -1) const;
148
149 /**
150 * Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration
151 */
begin()152 const keymaster_key_param_t* begin() const { return elems_; }
153
154 /**
155 * Returns iterator (pointer) one past end of elems array, to enable STL-style iteration
156 */
end()157 const keymaster_key_param_t* end() const { return elems_ + elems_size_; }
158
159 /**
160 * Returns the nth element of the set.
161 */
162 keymaster_key_param_t& operator[](int n);
163
164 /**
165 * Returns the nth element of the set.
166 */
167 keymaster_key_param_t operator[](int n) const;
168
169 /**
170 * Returns the number of \p tag entries.
171 */
172 size_t GetTagCount(keymaster_tag_t tag) const;
173
174 /**
175 * Returns true if the set contains the specified tag and value.
176 */
177 template <keymaster_tag_t Tag, typename T>
Contains(TypedEnumTag<KM_ENUM_REP,Tag,T> tag,T val)178 bool Contains(TypedEnumTag<KM_ENUM_REP, Tag, T> tag, T val) const {
179 return ContainsEnumValue(tag, val);
180 }
181
182 /**
183 * Returns true if the set contains the specified tag and value.
184 */
185 template <keymaster_tag_t Tag, typename T>
Contains(TypedEnumTag<KM_ENUM,Tag,T> tag,T val)186 bool Contains(TypedEnumTag<KM_ENUM, Tag, T> tag, T val) const {
187 return ContainsEnumValue(tag, val);
188 }
189
190 /**
191 * If the specified integer-typed \p tag exists, places its value in \p val and returns true.
192 * If \p tag is not present, leaves \p val unmodified and returns false.
193 */
194 template <keymaster_tag_t T>
GetTagValue(TypedTag<KM_UINT,T> tag,uint32_t * val)195 inline bool GetTagValue(TypedTag<KM_UINT, T> tag, uint32_t* val) const {
196 return GetTagValueInt(tag, val);
197 }
198
199 /**
200 * If the specified instance of the specified integer-typed \p tag exists, places its value
201 * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns
202 * false.
203 */
204 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_UINT_REP,Tag> tag,size_t instance,uint32_t * val)205 bool GetTagValue(TypedTag<KM_UINT_REP, Tag> tag, size_t instance, uint32_t* val) const {
206 return GetTagValueIntRep(tag, instance, val);
207 }
208
209 /**
210 * If the specified long-typed \p tag exists, places its value in \p val and returns true.
211 * If \p tag is not present, leaves \p val unmodified and returns false.
212 */
213 template <keymaster_tag_t T>
GetTagValue(TypedTag<KM_ULONG,T> tag,uint64_t * val)214 inline bool GetTagValue(TypedTag<KM_ULONG, T> tag, uint64_t* val) const {
215 return GetTagValueLong(tag, val);
216 }
217
218 /**
219 * If the specified instance of the specified integer-typed \p tag exists, places its value
220 * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns
221 * false.
222 */
223 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_ULONG_REP,Tag> tag,size_t instance,uint64_t * val)224 bool GetTagValue(TypedTag<KM_ULONG_REP, Tag> tag, size_t instance, uint64_t* val) const {
225 return GetTagValueLongRep(tag, instance, val);
226 }
227
228 /**
229 * If the specified enumeration-typed \p tag exists, places its value in \p val and returns
230 * true. If \p tag is not present, leaves \p val unmodified and returns false.
231 */
232 template <keymaster_tag_t Tag, typename T>
GetTagValue(TypedEnumTag<KM_ENUM,Tag,T> tag,T * val)233 bool GetTagValue(TypedEnumTag<KM_ENUM, Tag, T> tag, T* val) const {
234 return GetTagValueEnum(tag, reinterpret_cast<uint32_t*>(val));
235 }
236
237 /**
238 * If the specified instance of the specified enumeration-typed \p tag exists, places its value
239 * in \p val and returns true. If \p tag is not present, leaves \p val unmodified and returns
240 * false.
241 */
242 template <keymaster_tag_t Tag, typename T>
GetTagValue(TypedEnumTag<KM_ENUM_REP,Tag,T> tag,size_t instance,T * val)243 bool GetTagValue(TypedEnumTag<KM_ENUM_REP, Tag, T> tag, size_t instance, T* val) const {
244 return GetTagValueEnumRep(tag, instance, reinterpret_cast<uint32_t*>(val));
245 }
246
247 /**
248 * If exactly one instance of the specified enumeration-typed \p tag exists, places its value in
249 * \p val and returns true. If \p tag is not present or if multiple copies are present, leaves
250 * \p val unmodified and returns false.
251 */
252 template <keymaster_tag_t Tag, typename T>
GetTagValue(TypedEnumTag<KM_ENUM_REP,Tag,T> tag,T * val)253 bool GetTagValue(TypedEnumTag<KM_ENUM_REP, Tag, T> tag, T* val) const {
254 if (GetTagCount(tag) != 1)
255 return false;
256 return GetTagValueEnumRep(tag, 0, reinterpret_cast<uint32_t*>(val));
257 }
258
259 /**
260 * If the specified date-typed \p tag exists, places its value in \p val and returns
261 * true. If \p tag is not present, leaves \p val unmodified and returns false.
262 */
263 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_UINT_REP,Tag> tag,size_t instance,typename TypedTag<KM_UINT_REP,Tag>::value_type * val)264 bool GetTagValue(TypedTag<KM_UINT_REP, Tag> tag, size_t instance,
265 typename TypedTag<KM_UINT_REP, Tag>::value_type* val) const {
266 return GetTagValueIntRep(tag, instance, val);
267 }
268
269 /**
270 * If the specified bytes-typed \p tag exists, places its value in \p val and returns
271 * true. If \p tag is not present, leaves \p val unmodified and returns false.
272 */
273 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_BYTES,Tag> tag,keymaster_blob_t * val)274 bool GetTagValue(TypedTag<KM_BYTES, Tag> tag, keymaster_blob_t* val) const {
275 return GetTagValueBlob(tag, val);
276 }
277
278 /**
279 * If the specified bignum-typed \p tag exists, places its value in \p val and returns
280 * true. If \p tag is not present, leaves \p val unmodified and returns false.
281 */
282 template <keymaster_tag_t Tag>
GetTagValue(TypedTag<KM_BIGNUM,Tag> tag,keymaster_blob_t * val)283 bool GetTagValue(TypedTag<KM_BIGNUM, Tag> tag, keymaster_blob_t* val) const {
284 return GetTagValueBlob(tag, val);
285 }
286
287 /**
288 * Returns true if the specified tag is present, and therefore has the value 'true'.
289 */
GetTagValue(TypedTag<KM_BOOL,Tag> tag)290 template <keymaster_tag_t Tag> bool GetTagValue(TypedTag<KM_BOOL, Tag> tag) const {
291 return GetTagValueBool(tag);
292 }
293
294 /**
295 * If the specified \p tag exists, places its value in \p val and returns true. If \p tag is
296 * not present, leaves \p val unmodified and returns false.
297 */
298 template <keymaster_tag_t Tag, keymaster_tag_type_t Type>
GetTagValue(TypedTag<Type,Tag> tag,typename TagValueType<Type>::value_type * val)299 bool GetTagValue(TypedTag<Type, Tag> tag, typename TagValueType<Type>::value_type* val) const {
300 return GetTagValueLong(tag, val);
301 }
302
303 bool push_back(keymaster_key_param_t elem);
304
305 /**
306 * Grow the elements array to ensure it can contain \p count entries. Preserves any existing
307 * entries.
308 */
309 bool reserve_elems(size_t count);
310
311 /**
312 * Grow the indirect data array to ensure it can contain \p length bytes. Preserves any
313 * existing indirect data.
314 */
315 bool reserve_indirect(size_t length);
316
317 bool push_back(const keymaster_key_param_set_t& set);
318
319 /**
320 * Append the tag and enumerated value to the set.
321 */
322 template <keymaster_tag_t Tag, keymaster_tag_type_t Type, typename KeymasterEnum>
push_back(TypedEnumTag<Type,Tag,KeymasterEnum> tag,KeymasterEnum val)323 bool push_back(TypedEnumTag<Type, Tag, KeymasterEnum> tag, KeymasterEnum val) {
324 return push_back(Authorization(tag, val));
325 }
326
327 /**
328 * Append the boolean tag (value "true") to the set.
329 */
push_back(TypedTag<KM_BOOL,Tag> tag)330 template <keymaster_tag_t Tag> bool push_back(TypedTag<KM_BOOL, Tag> tag) {
331 return push_back(Authorization(tag));
332 }
333
334 /**
335 * Append the tag and byte array to the set. Copies the array into internal storage; does not
336 * take ownership of the passed-in array.
337 */
338 template <keymaster_tag_t Tag>
push_back(TypedTag<KM_BYTES,Tag> tag,const void * bytes,size_t bytes_len)339 bool push_back(TypedTag<KM_BYTES, Tag> tag, const void* bytes, size_t bytes_len) {
340 return push_back(keymaster_param_blob(tag, static_cast<const uint8_t*>(bytes), bytes_len));
341 }
342
343 /**
344 * Append the tag and blob to the set. Copies the blob contents into internal storage; does not
345 * take ownership of the blob's data.
346 */
347 template <keymaster_tag_t Tag>
push_back(TypedTag<KM_BYTES,Tag> tag,const keymaster_blob_t & blob)348 bool push_back(TypedTag<KM_BYTES, Tag> tag, const keymaster_blob_t& blob) {
349 return push_back(tag, blob.data, blob.data_length);
350 }
351
352 /**
353 * Append the tag and bignum array to the set. Copies the array into internal storage; does not
354 * take ownership of the passed-in array.
355 */
356 template <keymaster_tag_t Tag>
push_back(TypedTag<KM_BIGNUM,Tag> tag,const void * bytes,size_t bytes_len)357 bool push_back(TypedTag<KM_BIGNUM, Tag> tag, const void* bytes, size_t bytes_len) {
358 return push_back(keymaster_param_blob(tag, static_cast<const uint8_t*>(bytes), bytes_len));
359 }
360
361 template <keymaster_tag_t Tag, keymaster_tag_type_t Type>
push_back(TypedTag<Type,Tag> tag,typename TypedTag<Type,Tag>::value_type val)362 bool push_back(TypedTag<Type, Tag> tag, typename TypedTag<Type, Tag>::value_type val) {
363 return push_back(Authorization(tag, val));
364 }
365
366 template <keymaster_tag_t Tag, keymaster_tag_type_t Type>
push_back(TypedTag<Type,Tag> tag,const void * bytes,size_t bytes_len)367 bool push_back(TypedTag<Type, Tag> tag, const void* bytes, size_t bytes_len) {
368 return push_back(Authorization(tag, bytes, bytes_len));
369 }
370
371 /* Virtual methods from Serializable */
372 size_t SerializedSize() const;
373 uint8_t* Serialize(uint8_t* serialized_set, const uint8_t* end) const;
374 bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end);
375
376 size_t SerializedSizeOfElements() const;
377
378 private:
379 // Disallow assignment
380 void operator=(const AuthorizationSet&);
381
382 void FreeData();
383 void set_invalid(Error err);
384
385 static size_t ComputeIndirectDataSize(const keymaster_key_param_t* elems, size_t count);
386 void CopyIndirectData();
387 bool CheckIndirectData();
388
389 bool DeserializeIndirectData(const uint8_t** buf_ptr, const uint8_t* end);
390 bool DeserializeElementsData(const uint8_t** buf_ptr, const uint8_t* end);
391
392 bool GetTagValueEnum(keymaster_tag_t tag, uint32_t* val) const;
393 bool GetTagValueEnumRep(keymaster_tag_t tag, size_t instance, uint32_t* val) const;
394 bool GetTagValueInt(keymaster_tag_t tag, uint32_t* val) const;
395 bool GetTagValueIntRep(keymaster_tag_t tag, size_t instance, uint32_t* val) const;
396 bool GetTagValueLong(keymaster_tag_t tag, uint64_t* val) const;
397 bool GetTagValueLongRep(keymaster_tag_t tag, size_t instance, uint64_t* val) const;
398 bool GetTagValueDate(keymaster_tag_t tag, uint64_t* val) const;
399 bool GetTagValueBlob(keymaster_tag_t tag, keymaster_blob_t* val) const;
400 bool GetTagValueBool(keymaster_tag_t tag) const;
401
402 bool ContainsEnumValue(keymaster_tag_t tag, uint32_t val) const;
403
404 // Define elems_ and elems_size_ as aliases to params and length, respectivley. This is to
405 // avoid using the variables without the trailing underscore in the implementation.
406 keymaster_key_param_t*& elems_ = keymaster_key_param_set_t::params;
407 size_t& elems_size_ = keymaster_key_param_set_t::length;
408
409 size_t elems_capacity_;
410 uint8_t* indirect_data_;
411 size_t indirect_data_size_;
412 size_t indirect_data_capacity_;
413 Error error_;
414 };
415
416 class AuthorizationSetBuilder {
417 public:
418 template <typename TagType, typename ValueType>
Authorization(TagType tag,ValueType value)419 AuthorizationSetBuilder& Authorization(TagType tag, ValueType value) {
420 set.push_back(tag, value);
421 return *this;
422 }
423
424 template <keymaster_tag_t Tag>
Authorization(TypedTag<KM_BOOL,Tag> tag)425 AuthorizationSetBuilder& Authorization(TypedTag<KM_BOOL, Tag> tag) {
426 set.push_back(tag);
427 return *this;
428 }
429
430 template <keymaster_tag_t Tag>
Authorization(TypedTag<KM_INVALID,Tag> tag)431 AuthorizationSetBuilder& Authorization(TypedTag<KM_INVALID, Tag> tag) {
432 keymaster_key_param_t param;
433 param.tag = tag;
434 set.push_back(param);
435 return *this;
436 }
437
438 template <keymaster_tag_t Tag>
Authorization(TypedTag<KM_BYTES,Tag> tag,const uint8_t * data,size_t data_length)439 AuthorizationSetBuilder& Authorization(TypedTag<KM_BYTES, Tag> tag, const uint8_t* data,
440 size_t data_length) {
441 set.push_back(tag, data, data_length);
442 return *this;
443 }
444
445 template <keymaster_tag_t Tag>
Authorization(TypedTag<KM_BYTES,Tag> tag,const char * data,size_t data_length)446 AuthorizationSetBuilder& Authorization(TypedTag<KM_BYTES, Tag> tag, const char* data,
447 size_t data_length) {
448 return Authorization(tag, reinterpret_cast<const uint8_t*>(data), data_length);
449 }
450
451 AuthorizationSetBuilder& RsaKey(uint32_t key_size, uint64_t public_exponent);
452 AuthorizationSetBuilder& EcdsaKey(uint32_t key_size);
453 AuthorizationSetBuilder& AesKey(uint32_t key_size);
454 AuthorizationSetBuilder& HmacKey(uint32_t key_size);
455
456 AuthorizationSetBuilder& RsaSigningKey(uint32_t key_size, uint64_t public_exponent);
457 AuthorizationSetBuilder& RsaEncryptionKey(uint32_t key_size, uint64_t public_exponent);
458 AuthorizationSetBuilder& EcdsaSigningKey(uint32_t key_size);
459 AuthorizationSetBuilder& AesEncryptionKey(uint32_t key_size);
460
461 AuthorizationSetBuilder& SigningKey();
462 AuthorizationSetBuilder& EncryptionKey();
463 AuthorizationSetBuilder& NoDigestOrPadding();
464 AuthorizationSetBuilder& EcbMode();
465
Digest(keymaster_digest_t digest)466 AuthorizationSetBuilder& Digest(keymaster_digest_t digest) {
467 return Authorization(TAG_DIGEST, digest);
468 }
469
Padding(keymaster_padding_t padding)470 AuthorizationSetBuilder& Padding(keymaster_padding_t padding) {
471 return Authorization(TAG_PADDING, padding);
472 }
473
Deduplicate()474 AuthorizationSetBuilder& Deduplicate() {
475 set.Deduplicate();
476 return *this;
477 }
478
build()479 AuthorizationSet build() const { return set; }
480
481 private:
482 friend AuthorizationSet;
483 AuthorizationSet set;
484 };
485
RsaKey(uint32_t key_size,uint64_t public_exponent)486 inline AuthorizationSetBuilder& AuthorizationSetBuilder::RsaKey(uint32_t key_size,
487 uint64_t public_exponent) {
488 Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA);
489 Authorization(TAG_KEY_SIZE, key_size);
490 Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
491 return *this;
492 }
493
EcdsaKey(uint32_t key_size)494 inline AuthorizationSetBuilder& AuthorizationSetBuilder::EcdsaKey(uint32_t key_size) {
495 Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC);
496 Authorization(TAG_KEY_SIZE, key_size);
497 return *this;
498 }
499
AesKey(uint32_t key_size)500 inline AuthorizationSetBuilder& AuthorizationSetBuilder::AesKey(uint32_t key_size) {
501 Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES);
502 return Authorization(TAG_KEY_SIZE, key_size);
503 }
504
HmacKey(uint32_t key_size)505 inline AuthorizationSetBuilder& AuthorizationSetBuilder::HmacKey(uint32_t key_size) {
506 Authorization(TAG_ALGORITHM, KM_ALGORITHM_HMAC);
507 Authorization(TAG_KEY_SIZE, key_size);
508 return SigningKey();
509 }
510
RsaSigningKey(uint32_t key_size,uint64_t public_exponent)511 inline AuthorizationSetBuilder& AuthorizationSetBuilder::RsaSigningKey(uint32_t key_size,
512 uint64_t public_exponent) {
513 RsaKey(key_size, public_exponent);
514 return SigningKey();
515 }
516
517 inline AuthorizationSetBuilder&
RsaEncryptionKey(uint32_t key_size,uint64_t public_exponent)518 AuthorizationSetBuilder::RsaEncryptionKey(uint32_t key_size, uint64_t public_exponent) {
519 RsaKey(key_size, public_exponent);
520 return EncryptionKey();
521 }
522
EcdsaSigningKey(uint32_t key_size)523 inline AuthorizationSetBuilder& AuthorizationSetBuilder::EcdsaSigningKey(uint32_t key_size) {
524 EcdsaKey(key_size);
525 return SigningKey();
526 }
527
AesEncryptionKey(uint32_t key_size)528 inline AuthorizationSetBuilder& AuthorizationSetBuilder::AesEncryptionKey(uint32_t key_size) {
529 AesKey(key_size);
530 return EncryptionKey();
531 }
532
SigningKey()533 inline AuthorizationSetBuilder& AuthorizationSetBuilder::SigningKey() {
534 Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN);
535 return Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY);
536 }
537
EncryptionKey()538 inline AuthorizationSetBuilder& AuthorizationSetBuilder::EncryptionKey() {
539 Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT);
540 return Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT);
541 }
542
NoDigestOrPadding()543 inline AuthorizationSetBuilder& AuthorizationSetBuilder::NoDigestOrPadding() {
544 Authorization(TAG_DIGEST, KM_DIGEST_NONE);
545 return Authorization(TAG_PADDING, KM_PAD_NONE);
546 }
547
EcbMode()548 inline AuthorizationSetBuilder& AuthorizationSetBuilder::EcbMode() {
549 return Authorization(TAG_BLOCK_MODE, KM_MODE_ECB);
550 }
551
552 } // namespace keymaster
553
554 #endif // SYSTEM_KEYMASTER_KEY_AUTHORIZATION_SET_H_
555