blob: 71a17fec81da38aaf86540cac61c926ddea14063 [file] [log] [blame]
Hasini Gunasinghe12486362020-07-24 18:40:20 +00001// Copyright 2020, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
Janis Danisevskise6efb242020-12-19 13:58:01 -080015//! Key parameters are declared by KeyMint to describe properties of keys and operations.
16//! During key generation and import, key parameters are used to characterize a key, its usage
17//! restrictions, and additional parameters for attestation. During the lifetime of the key,
18//! the key characteristics are expressed as set of key parameters. During cryptographic
19//! operations, clients may specify additional operation specific parameters.
20//! This module provides a Keystore 2.0 internal representation for key parameters and
21//! implements traits to convert it from and into KeyMint KeyParameters and store it in
22//! the SQLite database.
23//!
24//! ## Synopsis
25//!
26//! enum KeyParameterValue {
27//! Invalid,
28//! Algorithm(Algorithm),
29//! ...
30//! }
31//!
32//! impl KeyParameterValue {
33//! pub fn get_tag(&self) -> Tag;
34//! pub fn new_from_sql(tag: Tag, data: &SqlField) -> Result<Self>;
Janis Danisevskis6b00e252020-12-22 11:36:45 -080035//! pub fn new_from_tag_primitive_pair<T: Into<Primitive>>(tag: Tag, v: T)
36//! -> Result<Self, PrimitiveError>;
Janis Danisevskise6efb242020-12-19 13:58:01 -080037//! fn to_sql(&self) -> SqlResult<ToSqlOutput>
38//! }
39//!
40//! use ...::keymint::KeyParameter as KmKeyParameter;
41//! impl Into<KmKeyParameter> for KeyParameterValue {}
42//! impl From<KmKeyParameter> for KeyParameterValue {}
43//!
44//! ## Implementation
Janis Danisevskis6b00e252020-12-22 11:36:45 -080045//! Each of the six functions is implemented as match statement over each key parameter variant.
Janis Danisevskise6efb242020-12-19 13:58:01 -080046//! We bootstrap these function as well as the KeyParameterValue enum itself from a single list
47//! of key parameters, that needs to be kept in sync with the KeyMint AIDL specification.
48//!
49//! The list resembles an enum declaration with a few extra fields.
50//! enum KeyParameterValue {
51//! Invalid with tag INVALID and field Invalid,
52//! Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
53//! ...
54//! }
55//! The tag corresponds to the variant of the keymint::Tag, and the field corresponds to the
56//! variant of the keymint::KeyParameterValue union. There is no one to one mapping between
57//! tags and union fields, e.g., the values of both tags BOOT_PATCHLEVEL and VENDOR_PATCHLEVEL
58//! are stored in the Integer field.
59//!
60//! The macros interpreting them all follow a similar pattern and follow the following fragment
61//! naming scheme:
62//!
63//! Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
64//! $vname $(($vtype ))? with tag $tag_name and field $field_name,
65//!
66//! Further, KeyParameterValue appears in the macro as $enum_name.
67//! Note that $vtype is optional to accommodate variants like Invalid which don't wrap a value.
68//!
69//! In some cases $vtype is not part of the expansion, but we still have to modify the expansion
70//! depending on the presence of $vtype. In these cases we recurse through the list following the
71//! following pattern:
72//!
73//! (@<marker> <non repeating args>, [<out list>], [<in list>])
74//!
75//! These macros usually have four rules:
76//! * Two main recursive rules, of the form:
77//! (
78//! @<marker>
79//! <non repeating args>,
80//! [<out list>],
81//! [<one element pattern> <in tail>]
82//! ) => {
83//! macro!{@<marker> <non repeating args>, [<out list>
84//! <one element expansion>
85//! ], [<in tail>]}
86//! };
87//! They pop one element off the <in list> and add one expansion to the out list.
88//! The element expansion is kept on a separate line (or lines) for better readability.
89//! The two variants differ in whether or not $vtype is expected.
90//! * The termination condition which has an empty in list.
91//! * The public interface, which does not have @marker and calls itself with an empty out list.
Hasini Gunasinghe12486362020-07-24 18:40:20 +000092
Janis Danisevskis6b00e252020-12-22 11:36:45 -080093use std::convert::TryInto;
94
Janis Danisevskis4522c2b2020-11-27 18:04:58 -080095use crate::db_utils::SqlField;
Hasini Gunasingheaf993662020-07-24 18:40:20 +000096use crate::error::Error as KeystoreError;
Janis Danisevskisc5b210b2020-09-11 13:27:37 -070097use crate::error::ResponseCode;
98
Shawn Willden708744a2020-12-11 13:05:27 +000099pub use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700100 Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,
101 HardwareAuthenticatorType::HardwareAuthenticatorType, KeyOrigin::KeyOrigin,
Janis Danisevskis398e6be2020-12-17 09:29:25 -0800102 KeyParameter::KeyParameter as KmKeyParameter,
103 KeyParameterValue::KeyParameterValue as KmKeyParameterValue, KeyPurpose::KeyPurpose,
104 PaddingMode::PaddingMode, SecurityLevel::SecurityLevel, Tag::Tag,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000105};
Janis Danisevskisa53c9cf2020-10-26 11:52:33 -0700106use android_system_keystore2::aidl::android::system::keystore2::Authorization::Authorization;
Hasini Gunasingheaf993662020-07-24 18:40:20 +0000107use anyhow::{Context, Result};
Janis Danisevskis4522c2b2020-11-27 18:04:58 -0800108use rusqlite::types::{Null, ToSql, ToSqlOutput};
109use rusqlite::Result as SqlResult;
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000110
Janis Danisevskise6efb242020-12-19 13:58:01 -0800111/// This trait is used to associate a primitive to any type that can be stored inside a
112/// KeyParameterValue, especially the AIDL enum types, e.g., keymint::{Algorithm, Digest, ...}.
113/// This allows for simplifying the macro rules, e.g., for reading from the SQL database.
114/// An expression like `KeyParameterValue::Algorithm(row.get(0))` would not work because
115/// a type of `Algorithm` is expected which does not implement `FromSql` and we cannot
116/// implement it because we own neither the type nor the trait.
117/// With AssociatePrimitive we can write an expression
118/// `KeyParameter::Algorithm(<Algorithm>::from_primitive(row.get(0)))` to inform `get`
119/// about the expected primitive type that it can convert into. By implementing this
120/// trait for all inner types we can write a single rule to cover all cases (except where
121/// there is no wrapped type):
122/// `KeyParameterValue::$vname(<$vtype>::from_primitive(row.get(0)))`
123trait AssociatePrimitive {
124 type Primitive;
125
126 fn from_primitive(v: Self::Primitive) -> Self;
127 fn to_primitive(&self) -> Self::Primitive;
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000128}
129
Janis Danisevskise6efb242020-12-19 13:58:01 -0800130/// Associates the given type with i32. The macro assumes that the given type is actually a
131/// tuple struct wrapping i32, such as AIDL enum types.
132macro_rules! implement_associate_primitive_for_aidl_enum {
133 ($t:ty) => {
134 impl AssociatePrimitive for $t {
135 type Primitive = i32;
136
137 fn from_primitive(v: Self::Primitive) -> Self {
138 Self(v)
139 }
140 fn to_primitive(&self) -> Self::Primitive {
141 self.0
142 }
143 }
144 };
145}
146
147/// Associates the given type with itself.
148macro_rules! implement_associate_primitive_identity {
149 ($t:ty) => {
150 impl AssociatePrimitive for $t {
151 type Primitive = $t;
152
153 fn from_primitive(v: Self::Primitive) -> Self {
154 v
155 }
156 fn to_primitive(&self) -> Self::Primitive {
157 self.clone()
158 }
159 }
160 };
161}
162
163implement_associate_primitive_for_aidl_enum! {Algorithm}
164implement_associate_primitive_for_aidl_enum! {BlockMode}
165implement_associate_primitive_for_aidl_enum! {Digest}
166implement_associate_primitive_for_aidl_enum! {EcCurve}
167implement_associate_primitive_for_aidl_enum! {HardwareAuthenticatorType}
168implement_associate_primitive_for_aidl_enum! {KeyOrigin}
169implement_associate_primitive_for_aidl_enum! {KeyPurpose}
170implement_associate_primitive_for_aidl_enum! {PaddingMode}
171implement_associate_primitive_for_aidl_enum! {SecurityLevel}
172
173implement_associate_primitive_identity! {Vec<u8>}
174implement_associate_primitive_identity! {i64}
175implement_associate_primitive_identity! {i32}
176
Janis Danisevskis6b00e252020-12-22 11:36:45 -0800177/// This enum allows passing a primitive value to `KeyParameterValue::new_from_tag_primitive_pair`
178/// Usually, it is not necessary to use this type directly because the function uses
179/// `Into<Primitive>` as a trait bound.
180pub enum Primitive {
181 /// Wraps an i64.
182 I64(i64),
183 /// Wraps an i32.
184 I32(i32),
185 /// Wraps a Vec<u8>.
186 Vec(Vec<u8>),
187}
188
189impl From<i64> for Primitive {
190 fn from(v: i64) -> Self {
191 Self::I64(v)
192 }
193}
194impl From<i32> for Primitive {
195 fn from(v: i32) -> Self {
196 Self::I32(v)
197 }
198}
199impl From<Vec<u8>> for Primitive {
200 fn from(v: Vec<u8>) -> Self {
201 Self::Vec(v)
202 }
203}
204
205/// This error is returned by `KeyParameterValue::new_from_tag_primitive_pair`.
206#[derive(thiserror::Error, Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
207pub enum PrimitiveError {
208 /// Returned if this primitive is unsuitable for the given tag type.
209 #[error("Primitive does not match the expected tag type.")]
210 TypeMismatch,
211 /// Return if the tag type is unknown.
212 #[error("Unknown tag.")]
213 UnknownTag,
214}
215
216impl TryInto<i64> for Primitive {
217 type Error = PrimitiveError;
218
219 fn try_into(self) -> Result<i64, Self::Error> {
220 match self {
221 Self::I64(v) => Ok(v),
222 _ => Err(Self::Error::TypeMismatch),
223 }
224 }
225}
226impl TryInto<i32> for Primitive {
227 type Error = PrimitiveError;
228
229 fn try_into(self) -> Result<i32, Self::Error> {
230 match self {
231 Self::I32(v) => Ok(v),
232 _ => Err(Self::Error::TypeMismatch),
233 }
234 }
235}
236impl TryInto<Vec<u8>> for Primitive {
237 type Error = PrimitiveError;
238
239 fn try_into(self) -> Result<Vec<u8>, Self::Error> {
240 match self {
241 Self::Vec(v) => Ok(v),
242 _ => Err(Self::Error::TypeMismatch),
243 }
244 }
245}
246
247/// Expands the list of KeyParameterValue variants as follows:
248///
249/// Input:
250/// Invalid with tag INVALID and field Invalid,
251/// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
252///
253/// Output:
254/// ```
255/// pub fn new_from_tag_primitive_pair<T: Into<Primitive>>(
256/// tag: Tag,
257/// v: T
258/// ) -> Result<KeyParameterValue, PrimitiveError> {
259/// let p: Primitive = v.into();
260/// Ok(match tag {
261/// Tag::INVALID => KeyParameterValue::Invalid,
262/// Tag::ALGORITHM => KeyParameterValue::Algorithm(
263/// <Algorithm>::from_primitive(p.try_into()?)
264/// ),
265/// _ => return Err(PrimitiveError::UnknownTag),
266/// })
267/// }
268/// ```
269macro_rules! implement_from_tag_primitive_pair {
270 ($enum_name:ident; $($vname:ident$(($vtype:ty))? $tag_name:ident),*) => {
271 /// Returns the an instance of $enum_name or an error if the given primitive does not match
272 /// the tag type or the tag is unknown.
273 pub fn new_from_tag_primitive_pair<T: Into<Primitive>>(
274 tag: Tag,
275 v: T
276 ) -> Result<$enum_name, PrimitiveError> {
277 let p: Primitive = v.into();
278 Ok(match tag {
279 $(Tag::$tag_name => $enum_name::$vname$((
280 <$vtype>::from_primitive(p.try_into()?)
281 ))?,)*
282 _ => return Err(PrimitiveError::UnknownTag),
283 })
284 }
285 };
286}
287
Janis Danisevskise6efb242020-12-19 13:58:01 -0800288/// Expands the list of KeyParameterValue variants as follows:
289///
290/// Input:
291/// pub enum KeyParameterValue {
292/// Invalid with tag INVALID and field Invalid,
293/// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
294/// }
295///
296/// Output:
297/// ```
298/// pub enum KeyParameterValue {
299/// Invalid,
300/// Algorithm(Algorithm),
301/// }
302/// ```
303macro_rules! implement_enum {
304 (
305 $(#[$enum_meta:meta])*
306 $enum_vis:vis enum $enum_name:ident {
307 $($(#[$emeta:meta])* $vname:ident$(($vtype:ty))?),* $(,)?
308 }
309 ) => {
310 $(#[$enum_meta])*
311 $enum_vis enum $enum_name {
312 $(
313 $(#[$emeta])*
314 $vname$(($vtype))?
315 ),*
316 }
317 };
318}
319
320/// Expands the list of KeyParameterValue variants as follows:
321///
322/// Input:
323/// Invalid with tag INVALID and field Invalid,
324/// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
325///
326/// Output:
327/// ```
328/// pub fn get_tag(&self) -> Tag {
329/// match self {
330/// KeyParameterValue::Invalid => Tag::INVALID,
331/// KeyParameterValue::Algorithm(_) => Tag::ALGORITHM,
332/// }
333/// }
334/// ```
335macro_rules! implement_get_tag {
336 (
337 @replace_type_spec
338 $enum_name:ident,
339 [$($out:tt)*],
340 [$vname:ident($vtype:ty) $tag_name:ident, $($in:tt)*]
341 ) => {
342 implement_get_tag!{@replace_type_spec $enum_name, [$($out)*
343 $enum_name::$vname(_) => Tag::$tag_name,
344 ], [$($in)*]}
345 };
346 (
347 @replace_type_spec
348 $enum_name:ident,
349 [$($out:tt)*],
350 [$vname:ident $tag_name:ident, $($in:tt)*]
351 ) => {
352 implement_get_tag!{@replace_type_spec $enum_name, [$($out)*
353 $enum_name::$vname => Tag::$tag_name,
354 ], [$($in)*]}
355 };
356 (@replace_type_spec $enum_name:ident, [$($out:tt)*], []) => {
357 /// Returns the tag of the given instance.
358 pub fn get_tag(&self) -> Tag {
359 match self {
360 $($out)*
361 }
362 }
363 };
364
365 ($enum_name:ident; $($vname:ident$(($vtype:ty))? $tag_name:ident),*) => {
366 implement_get_tag!{@replace_type_spec $enum_name, [], [$($vname$(($vtype))? $tag_name,)*]}
367 };
368}
369
370/// Expands the list of KeyParameterValue variants as follows:
371///
372/// Input:
373/// Invalid with tag INVALID and field Invalid,
374/// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
375///
376/// Output:
377/// ```
378/// fn to_sql(&self) -> SqlResult<ToSqlOutput> {
379/// match self {
380/// KeyParameterValue::Invalid => Ok(ToSqlOutput::from(Null)),
381/// KeyParameterValue::Algorithm(v) => Ok(ToSqlOutput::from(v.to_primitive())),
382/// }
383/// }
384/// ```
385macro_rules! implement_to_sql {
386 (
387 @replace_type_spec
388 $enum_name:ident,
389 [$($out:tt)*],
390 [$vname:ident($vtype:ty), $($in:tt)*]
391 ) => {
392 implement_to_sql!{@replace_type_spec $enum_name, [ $($out)*
393 $enum_name::$vname(v) => Ok(ToSqlOutput::from(v.to_primitive())),
394 ], [$($in)*]}
395 };
396 (
397 @replace_type_spec
398 $enum_name:ident,
399 [$($out:tt)*],
400 [$vname:ident, $($in:tt)*]
401 ) => {
402 implement_to_sql!{@replace_type_spec $enum_name, [ $($out)*
403 $enum_name::$vname => Ok(ToSqlOutput::from(Null)),
404 ], [$($in)*]}
405 };
406 (@replace_type_spec $enum_name:ident, [$($out:tt)*], []) => {
407 /// Converts $enum_name to be stored in a rusqlite database.
408 fn to_sql(&self) -> SqlResult<ToSqlOutput> {
409 match self {
410 $($out)*
411 }
412 }
413 };
414
415
416 ($enum_name:ident; $($vname:ident$(($vtype:ty))?),*) => {
417 impl ToSql for $enum_name {
418 implement_to_sql!{@replace_type_spec $enum_name, [], [$($vname$(($vtype))?,)*]}
419 }
420
421 }
422}
423
424/// Expands the list of KeyParameterValue variants as follows:
425///
426/// Input:
427/// Invalid with tag INVALID and field Invalid,
428/// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
429///
430/// Output:
431/// ```
432/// pub fn new_from_sql(
433/// tag: Tag,
434/// data: &SqlField,
435/// ) -> Result<Self> {
436/// Ok(match self {
437/// Tag::Invalid => KeyParameterValue::Invalid,
438/// Tag::ALGORITHM => {
439/// KeyParameterValue::Algorithm(<Algorithm>::from_primitive(data
440/// .get()
441/// .map_err(|_| KeystoreError::Rc(ResponseCode::VALUE_CORRUPTED))
442/// .context(concat!("Failed to read sql data for tag: ", "ALGORITHM", "."))?
443/// ))
444/// },
445/// })
446/// }
447/// ```
448macro_rules! implement_new_from_sql {
449 ($enum_name:ident; $($vname:ident$(($vtype:ty))? $tag_name:ident),*) => {
450 /// Takes a tag and an SqlField and attempts to construct a KeyParameter value.
451 /// This function may fail if the parameter value cannot be extracted from the
452 /// database cell.
453 pub fn new_from_sql(
454 tag: Tag,
455 data: &SqlField,
456 ) -> Result<Self> {
457 Ok(match tag {
458 $(
459 Tag::$tag_name => {
460 $enum_name::$vname$((<$vtype>::from_primitive(data
461 .get()
462 .map_err(|_| KeystoreError::Rc(ResponseCode::VALUE_CORRUPTED))
463 .context(concat!(
464 "Failed to read sql data for tag: ",
465 stringify!($tag_name),
466 "."
467 ))?
468 )))?
469 },
470 )*
471 _ => $enum_name::Invalid,
472 })
473 }
474 };
475}
476
477/// This key parameter default is used during the conversion from KeyParameterValue
478/// to keymint::KeyParameterValue. Keystore's version does not have wrapped types
479/// for boolean tags and the tag Invalid. The AIDL version uses bool and integer
480/// variants respectively. This default function is invoked in these cases to
481/// homogenize the rules for boolean and invalid tags.
482/// The bool variant returns true because boolean parameters are implicitly true
483/// if present.
484trait KpDefault {
485 fn default() -> Self;
486}
487
488impl KpDefault for i32 {
489 fn default() -> Self {
490 0
491 }
492}
493
494impl KpDefault for bool {
495 fn default() -> Self {
496 true
497 }
498}
499
500/// Expands the list of KeyParameterValue variants as follows:
501///
502/// Input:
503/// Invalid with tag INVALID and field Invalid,
504/// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
505///
506/// Output:
507/// ```
508/// impl From<KmKeyParameter> for KeyParameterValue {
509/// fn from(kp: KmKeyParameter) -> Self {
510/// match kp {
511/// KmKeyParameter { tag: Tag::INVALID, value: KmKeyParameterValue::Invalid(_) }
512/// => $enum_name::$vname,
513/// KmKeyParameter { tag: Tag::Algorithm, value: KmKeyParameterValue::Algorithm(v) }
514/// => $enum_name::Algorithm(v),
515/// _ => $enum_name::Invalid,
516/// }
517/// }
518/// }
519///
520/// impl Into<KmKeyParameter> for KeyParameterValue {
521/// fn into(self) -> KmKeyParameter {
522/// match self {
523/// KeyParameterValue::Invalid => KmKeyParameter {
524/// tag: Tag::INVALID,
525/// value: KmKeyParameterValue::Invalid(KpDefault::default())
526/// },
527/// KeyParameterValue::Algorithm(v) => KmKeyParameter {
528/// tag: Tag::ALGORITHM,
529/// value: KmKeyParameterValue::Algorithm(v)
530/// },
531/// }
532/// }
533/// }
534/// ```
535macro_rules! implement_try_from_to_km_parameter {
536 // The first three rules expand From<KmKeyParameter>.
537 (
538 @from
539 $enum_name:ident,
540 [$($out:tt)*],
541 [$vname:ident($vtype:ty) $tag_name:ident $field_name:ident, $($in:tt)*]
542 ) => {
543 implement_try_from_to_km_parameter!{@from $enum_name, [$($out)*
544 KmKeyParameter {
545 tag: Tag::$tag_name,
546 value: KmKeyParameterValue::$field_name(v)
547 } => $enum_name::$vname(v),
548 ], [$($in)*]
549 }};
550 (
551 @from
552 $enum_name:ident,
553 [$($out:tt)*],
554 [$vname:ident $tag_name:ident $field_name:ident, $($in:tt)*]
555 ) => {
556 implement_try_from_to_km_parameter!{@from $enum_name, [$($out)*
557 KmKeyParameter {
558 tag: Tag::$tag_name,
559 value: KmKeyParameterValue::$field_name(_)
560 } => $enum_name::$vname,
561 ], [$($in)*]
562 }};
563 (@from $enum_name:ident, [$($out:tt)*], []) => {
564 impl From<KmKeyParameter> for $enum_name {
565 fn from(kp: KmKeyParameter) -> Self {
566 match kp {
567 $($out)*
568 _ => $enum_name::Invalid,
569 }
570 }
571 }
572 };
573
574 // The next three rules expand Into<KmKeyParameter>.
575 (
576 @into
577 $enum_name:ident,
578 [$($out:tt)*],
579 [$vname:ident($vtype:ty) $tag_name:ident $field_name:ident, $($in:tt)*]
580 ) => {
581 implement_try_from_to_km_parameter!{@into $enum_name, [$($out)*
582 $enum_name::$vname(v) => KmKeyParameter {
583 tag: Tag::$tag_name,
584 value: KmKeyParameterValue::$field_name(v)
585 },
586 ], [$($in)*]
587 }};
588 (
589 @into
590 $enum_name:ident,
591 [$($out:tt)*],
592 [$vname:ident $tag_name:ident $field_name:ident, $($in:tt)*]
593 ) => {
594 implement_try_from_to_km_parameter!{@into $enum_name, [$($out)*
595 $enum_name::$vname => KmKeyParameter {
596 tag: Tag::$tag_name,
597 value: KmKeyParameterValue::$field_name(KpDefault::default())
598 },
599 ], [$($in)*]
600 }};
601 (@into $enum_name:ident, [$($out:tt)*], []) => {
602 impl Into<KmKeyParameter> for $enum_name {
603 fn into(self) -> KmKeyParameter {
604 match self {
605 $($out)*
606 }
607 }
608 }
609 };
610
611
612 ($enum_name:ident; $($vname:ident$(($vtype:ty))? $tag_name:ident $field_name:ident),*) => {
613 implement_try_from_to_km_parameter!(
614 @from $enum_name,
615 [],
616 [$($vname$(($vtype))? $tag_name $field_name,)*]
617 );
618 implement_try_from_to_km_parameter!(
619 @into $enum_name,
620 [],
621 [$($vname$(($vtype))? $tag_name $field_name,)*]
622 );
623 };
624}
625
626/// This is the top level macro. While the other macros do most of the heavy lifting, this takes
627/// the key parameter list and passes it on to the other macros to generate all of the conversion
628/// functions. In addition, it generates an important test vector for verifying that tag type of the
629/// keymint tag matches the associated keymint KeyParameterValue field.
630macro_rules! implement_key_parameter_value {
631 (
632 $(#[$enum_meta:meta])*
633 $enum_vis:vis enum $enum_name:ident {
634 $(
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800635 $(#[$($emeta:tt)+])*
636 $vname:ident$(($vtype:ty))?
Janis Danisevskise6efb242020-12-19 13:58:01 -0800637 ),* $(,)?
638 }
639 ) => {
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800640 implement_key_parameter_value!{
641 @extract_attr
642 $(#[$enum_meta])*
643 $enum_vis enum $enum_name {
644 []
645 [$(
646 [] [$(#[$($emeta)+])*]
647 $vname$(($vtype))?,
648 )*]
649 }
650 }
651 };
652
653 (
654 @extract_attr
655 $(#[$enum_meta:meta])*
656 $enum_vis:vis enum $enum_name:ident {
657 [$($out:tt)*]
658 [
659 [$(#[$mout:meta])*]
660 [
661 #[key_param(tag = $tag_name:ident, field = $field_name:ident)]
662 $(#[$($mtail:tt)+])*
663 ]
664 $vname:ident$(($vtype:ty))?,
665 $($tail:tt)*
666 ]
667 }
668 ) => {
669 implement_key_parameter_value!{
670 @extract_attr
671 $(#[$enum_meta])*
672 $enum_vis enum $enum_name {
673 [
674 $($out)*
675 $(#[$mout])*
676 $(#[$($mtail)+])*
677 $tag_name $field_name $vname$(($vtype))?,
678 ]
679 [$($tail)*]
680 }
681 }
682 };
683
684 (
685 @extract_attr
686 $(#[$enum_meta:meta])*
687 $enum_vis:vis enum $enum_name:ident {
688 [$($out:tt)*]
689 [
690 [$(#[$mout:meta])*]
691 [
692 #[$front:meta]
693 $(#[$($mtail:tt)+])*
694 ]
695 $vname:ident$(($vtype:ty))?,
696 $($tail:tt)*
697 ]
698 }
699 ) => {
700 implement_key_parameter_value!{
701 @extract_attr
702 $(#[$enum_meta])*
703 $enum_vis enum $enum_name {
704 [$($out)*]
705 [
706 [
707 $(#[$mout])*
708 #[$front]
709 ]
710 [$(#[$($mtail)+])*]
711 $vname$(($vtype))?,
712 $($tail)*
713 ]
714 }
715 }
716 };
717
718 (
719 @extract_attr
720 $(#[$enum_meta:meta])*
721 $enum_vis:vis enum $enum_name:ident {
722 [$($out:tt)*]
723 []
724 }
725 ) => {
726 implement_key_parameter_value!{
727 @spill
728 $(#[$enum_meta])*
729 $enum_vis enum $enum_name {
730 $($out)*
731 }
732 }
733 };
734
735 (
736 @spill
737 $(#[$enum_meta:meta])*
738 $enum_vis:vis enum $enum_name:ident {
739 $(
740 $(#[$emeta:meta])*
741 $tag_name:ident $field_name:ident $vname:ident$(($vtype:ty))?,
742 )*
743 }
744 ) => {
Janis Danisevskise6efb242020-12-19 13:58:01 -0800745 implement_enum!(
746 $(#[$enum_meta])*
747 $enum_vis enum $enum_name {
748 $(
749 $(#[$emeta])*
750 $vname$(($vtype))?
751 ),*
752 });
753
754 impl $enum_name {
755 implement_new_from_sql!($enum_name; $($vname$(($vtype))? $tag_name),*);
756 implement_get_tag!($enum_name; $($vname$(($vtype))? $tag_name),*);
Janis Danisevskis6b00e252020-12-22 11:36:45 -0800757 implement_from_tag_primitive_pair!($enum_name; $($vname$(($vtype))? $tag_name),*);
Janis Danisevskise6efb242020-12-19 13:58:01 -0800758
759 #[cfg(test)]
760 fn make_field_matches_tag_type_test_vector() -> Vec<KmKeyParameter> {
761 vec![$(KmKeyParameter{
762 tag: Tag::$tag_name,
763 value: KmKeyParameterValue::$field_name(Default::default())}
764 ),*]
765 }
766 }
767
768 implement_try_from_to_km_parameter!(
769 $enum_name;
770 $($vname$(($vtype))? $tag_name $field_name),*
771 );
772
773 implement_to_sql!($enum_name; $($vname$(($vtype))?),*);
774 };
775}
776
777implement_key_parameter_value! {
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000778/// KeyParameterValue holds a value corresponding to one of the Tags defined in
779/// the AIDL spec at hardware/interfaces/keymint
Janis Danisevskis3f322cb2020-09-03 14:46:22 -0700780#[derive(Debug, Clone, Eq, PartialEq, Ord, PartialOrd)]
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000781pub enum KeyParameterValue {
782 /// Associated with Tag:INVALID
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800783 #[key_param(tag = INVALID, field = Invalid)]
784 Invalid,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000785 /// Set of purposes for which the key may be used
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800786 #[key_param(tag = PURPOSE, field = KeyPurpose)]
787 KeyPurpose(KeyPurpose),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000788 /// Cryptographic algorithm with which the key is used
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800789 #[key_param(tag = ALGORITHM, field = Algorithm)]
790 Algorithm(Algorithm),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000791 /// Size of the key , in bits
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800792 #[key_param(tag = KEY_SIZE, field = Integer)]
793 KeySize(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000794 /// Block cipher mode(s) with which the key may be used
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800795 #[key_param(tag = BLOCK_MODE, field = BlockMode)]
796 BlockMode(BlockMode),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000797 /// Digest algorithms that may be used with the key to perform signing and verification
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800798 #[key_param(tag = DIGEST, field = Digest)]
799 Digest(Digest),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000800 /// Padding modes that may be used with the key. Relevant to RSA, AES and 3DES keys.
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800801 #[key_param(tag = PADDING, field = PaddingMode)]
802 PaddingMode(PaddingMode),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000803 /// Can the caller provide a nonce for nonce-requiring operations
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800804 #[key_param(tag = CALLER_NONCE, field = BoolValue)]
805 CallerNonce,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000806 /// Minimum length of MAC for HMAC keys and AES keys that support GCM mode
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800807 #[key_param(tag = MIN_MAC_LENGTH, field = Integer)]
808 MinMacLength(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000809 /// The elliptic curve
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800810 #[key_param(tag = EC_CURVE, field = EcCurve)]
811 EcCurve(EcCurve),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000812 /// Value of the public exponent for an RSA key pair
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800813 #[key_param(tag = RSA_PUBLIC_EXPONENT, field = LongInteger)]
814 RSAPublicExponent(i64),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000815 /// An attestation certificate for the generated key should contain an application-scoped
816 /// and time-bounded device-unique ID
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800817 #[key_param(tag = INCLUDE_UNIQUE_ID, field = BoolValue)]
818 IncludeUniqueID,
Hasini Gunasingheaf993662020-07-24 18:40:20 +0000819 //TODO: find out about this
820 // /// Necessary system environment conditions for the generated key to be used
821 // KeyBlobUsageRequirements(KeyBlobUsageRequirements),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000822 /// Only the boot loader can use the key
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800823 #[key_param(tag = BOOTLOADER_ONLY, field = BoolValue)]
824 BootLoaderOnly,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000825 /// When deleted, the key is guaranteed to be permanently deleted and unusable
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800826 #[key_param(tag = ROLLBACK_RESISTANCE, field = BoolValue)]
827 RollbackResistance,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000828 /// The date and time at which the key becomes active
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800829 #[key_param(tag = ACTIVE_DATETIME, field = DateTime)]
830 ActiveDateTime(i64),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000831 /// The date and time at which the key expires for signing and encryption
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800832 #[key_param(tag = ORIGINATION_EXPIRE_DATETIME, field = DateTime)]
833 OriginationExpireDateTime(i64),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000834 /// The date and time at which the key expires for verification and decryption
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800835 #[key_param(tag = USAGE_EXPIRE_DATETIME, field = DateTime)]
836 UsageExpireDateTime(i64),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000837 /// Minimum amount of time that elapses between allowed operations
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800838 #[key_param(tag = MIN_SECONDS_BETWEEN_OPS, field = Integer)]
839 MinSecondsBetweenOps(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000840 /// Maximum number of times that a key may be used between system reboots
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800841 #[key_param(tag = MAX_USES_PER_BOOT, field = Integer)]
842 MaxUsesPerBoot(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000843 /// ID of the Android user that is permitted to use the key
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800844 #[key_param(tag = USER_ID, field = Integer)]
845 UserID(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000846 /// A key may only be used under a particular secure user authentication state
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800847 #[key_param(tag = USER_SECURE_ID, field = LongInteger)]
848 UserSecureID(i64),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000849 /// No authentication is required to use this key
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800850 #[key_param(tag = NO_AUTH_REQUIRED, field = BoolValue)]
851 NoAuthRequired,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000852 /// The types of user authenticators that may be used to authorize this key
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800853 #[key_param(tag = USER_AUTH_TYPE, field = HardwareAuthenticatorType)]
854 HardwareAuthenticatorType(HardwareAuthenticatorType),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000855 /// The time in seconds for which the key is authorized for use, after user authentication
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800856 #[key_param(tag = AUTH_TIMEOUT, field = Integer)]
857 AuthTimeout(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000858 /// The key may be used after authentication timeout if device is still on-body
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800859 #[key_param(tag = ALLOW_WHILE_ON_BODY, field = BoolValue)]
860 AllowWhileOnBody,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000861 /// The key must be unusable except when the user has provided proof of physical presence
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800862 #[key_param(tag = TRUSTED_USER_PRESENCE_REQUIRED, field = BoolValue)]
863 TrustedUserPresenceRequired,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000864 /// Applicable to keys with KeyPurpose SIGN, and specifies that this key must not be usable
865 /// unless the user provides confirmation of the data to be signed
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800866 #[key_param(tag = TRUSTED_CONFIRMATION_REQUIRED, field = BoolValue)]
867 TrustedConfirmationRequired,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000868 /// The key may only be used when the device is unlocked
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800869 #[key_param(tag = UNLOCKED_DEVICE_REQUIRED, field = BoolValue)]
870 UnlockedDeviceRequired,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000871 /// When provided to generateKey or importKey, this tag specifies data
872 /// that is necessary during all uses of the key
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800873 #[key_param(tag = APPLICATION_ID, field = Blob)]
874 ApplicationID(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000875 /// When provided to generateKey or importKey, this tag specifies data
876 /// that is necessary during all uses of the key
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800877 #[key_param(tag = APPLICATION_DATA, field = Blob)]
878 ApplicationData(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000879 /// Specifies the date and time the key was created
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800880 #[key_param(tag = CREATION_DATETIME, field = DateTime)]
881 CreationDateTime(i64),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000882 /// Specifies where the key was created, if known
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800883 #[key_param(tag = ORIGIN, field = Origin)]
884 KeyOrigin(KeyOrigin),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000885 /// The key used by verified boot to validate the operating system booted
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800886 #[key_param(tag = ROOT_OF_TRUST, field = Blob)]
887 RootOfTrust(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000888 /// System OS version with which the key may be used
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800889 #[key_param(tag = OS_VERSION, field = Integer)]
890 OSVersion(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000891 /// Specifies the system security patch level with which the key may be used
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800892 #[key_param(tag = OS_PATCHLEVEL, field = Integer)]
893 OSPatchLevel(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000894 /// Specifies a unique, time-based identifier
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800895 #[key_param(tag = UNIQUE_ID, field = Blob)]
896 UniqueID(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000897 /// Used to deliver a "challenge" value to the attestKey() method
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800898 #[key_param(tag = ATTESTATION_CHALLENGE, field = Blob)]
899 AttestationChallenge(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000900 /// The set of applications which may use a key, used only with attestKey()
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800901 #[key_param(tag = ATTESTATION_APPLICATION_ID, field = Blob)]
902 AttestationApplicationID(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000903 /// Provides the device's brand name, to attestKey()
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800904 #[key_param(tag = ATTESTATION_ID_BRAND, field = Blob)]
905 AttestationIdBrand(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000906 /// Provides the device's device name, to attestKey()
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800907 #[key_param(tag = ATTESTATION_ID_DEVICE, field = Blob)]
908 AttestationIdDevice(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000909 /// Provides the device's product name, to attestKey()
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800910 #[key_param(tag = ATTESTATION_ID_PRODUCT, field = Blob)]
911 AttestationIdProduct(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000912 /// Provides the device's serial number, to attestKey()
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800913 #[key_param(tag = ATTESTATION_ID_SERIAL, field = Blob)]
914 AttestationIdSerial(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000915 /// Provides the IMEIs for all radios on the device, to attestKey()
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800916 #[key_param(tag = ATTESTATION_ID_IMEI, field = Blob)]
917 AttestationIdIMEI(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000918 /// Provides the MEIDs for all radios on the device, to attestKey()
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800919 #[key_param(tag = ATTESTATION_ID_MEID, field = Blob)]
920 AttestationIdMEID(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000921 /// Provides the device's manufacturer name, to attestKey()
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800922 #[key_param(tag = ATTESTATION_ID_MANUFACTURER, field = Blob)]
923 AttestationIdManufacturer(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000924 /// Provides the device's model name, to attestKey()
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800925 #[key_param(tag = ATTESTATION_ID_MODEL, field = Blob)]
926 AttestationIdModel(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000927 /// Specifies the vendor image security patch level with which the key may be used
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800928 #[key_param(tag = VENDOR_PATCHLEVEL, field = Integer)]
929 VendorPatchLevel(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000930 /// Specifies the boot image (kernel) security patch level with which the key may be used
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800931 #[key_param(tag = BOOT_PATCHLEVEL, field = Integer)]
932 BootPatchLevel(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000933 /// Provides "associated data" for AES-GCM encryption or decryption
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800934 #[key_param(tag = ASSOCIATED_DATA, field = Blob)]
935 AssociatedData(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000936 /// Provides or returns a nonce or Initialization Vector (IV) for AES-GCM,
937 /// AES-CBC, AES-CTR, or 3DES-CBC encryption or decryption
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800938 #[key_param(tag = NONCE, field = Blob)]
939 Nonce(Vec<u8>),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000940 /// Provides the requested length of a MAC or GCM authentication tag, in bits
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800941 #[key_param(tag = MAC_LENGTH, field = Integer)]
942 MacLength(i32),
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000943 /// Specifies whether the device has been factory reset since the
944 /// last unique ID rotation. Used for key attestation
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800945 #[key_param(tag = RESET_SINCE_ID_ROTATION, field = BoolValue)]
946 ResetSinceIdRotation,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000947 /// Used to deliver a cryptographic token proving that the user
948 /// confirmed a signing request
Janis Danisevskis6f1bb562020-12-28 15:52:41 -0800949 #[key_param(tag = CONFIRMATION_TOKEN, field = Blob)]
950 ConfirmationToken(Vec<u8>),
Janis Danisevskise6efb242020-12-19 13:58:01 -0800951}
952}
953
954impl From<&KmKeyParameter> for KeyParameterValue {
955 fn from(kp: &KmKeyParameter) -> Self {
956 kp.clone().into()
957 }
958}
959
960/// KeyParameter wraps the KeyParameterValue and the security level at which it is enforced.
961#[derive(Debug, Clone, Eq, PartialEq, Ord, PartialOrd)]
962pub struct KeyParameter {
963 value: KeyParameterValue,
964 security_level: SecurityLevel,
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000965}
966
967impl KeyParameter {
968 /// Create an instance of KeyParameter, given the value and the security level.
Janis Danisevskise6efb242020-12-19 13:58:01 -0800969 pub fn new(value: KeyParameterValue, security_level: SecurityLevel) -> Self {
970 KeyParameter { value, security_level }
Hasini Gunasinghe12486362020-07-24 18:40:20 +0000971 }
972
Hasini Gunasingheaf993662020-07-24 18:40:20 +0000973 /// Construct a KeyParameter from the data from a rusqlite row.
974 /// Note that following variants of KeyParameterValue should not be stored:
975 /// IncludeUniqueID, ApplicationID, ApplicationData, RootOfTrust, UniqueID,
976 /// Attestation*, AssociatedData, Nonce, MacLength, ResetSinceIdRotation, ConfirmationToken.
977 /// This filtering is enforced at a higher level and here we support conversion for all the
978 /// variants.
979 pub fn new_from_sql(
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700980 tag_val: Tag,
Hasini Gunasingheaf993662020-07-24 18:40:20 +0000981 data: &SqlField,
Janis Danisevskisc5b210b2020-09-11 13:27:37 -0700982 security_level_val: SecurityLevel,
Hasini Gunasingheaf993662020-07-24 18:40:20 +0000983 ) -> Result<Self> {
Janis Danisevskise6efb242020-12-19 13:58:01 -0800984 Ok(Self {
985 value: KeyParameterValue::new_from_sql(tag_val, data)?,
986 security_level: security_level_val,
987 })
988 }
Hasini Gunasingheaf993662020-07-24 18:40:20 +0000989
Janis Danisevskise6efb242020-12-19 13:58:01 -0800990 /// Get the KeyMint Tag of this this key parameter.
991 pub fn get_tag(&self) -> Tag {
992 self.value.get_tag()
993 }
994
995 /// Returns key parameter value.
996 pub fn key_parameter_value(&self) -> &KeyParameterValue {
997 &self.value
998 }
999
1000 /// Returns the security level of this key parameter.
1001 pub fn security_level(&self) -> &SecurityLevel {
1002 &self.security_level
1003 }
1004
1005 /// An authorization is a KeyParameter with an associated security level that is used
1006 /// to convey the key characteristics to keystore clients. This function consumes
1007 /// an internal KeyParameter representation to produce the Authorization wire type.
1008 pub fn into_authorization(self) -> Authorization {
1009 Authorization { securityLevel: self.security_level, keyParameter: self.value.into() }
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001010 }
1011}
1012
Janis Danisevskise6efb242020-12-19 13:58:01 -08001013#[cfg(test)]
1014mod generated_key_parameter_tests {
1015 use super::*;
1016 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::TagType::TagType;
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001017
Janis Danisevskise6efb242020-12-19 13:58:01 -08001018 fn get_field_by_tag_type(tag: Tag) -> KmKeyParameterValue {
1019 let tag_type = TagType((tag.0 as u32 & 0xF0000000) as i32);
1020 match tag {
1021 Tag::ALGORITHM => return KmKeyParameterValue::Algorithm(Default::default()),
1022 Tag::BLOCK_MODE => return KmKeyParameterValue::BlockMode(Default::default()),
1023 Tag::PADDING => return KmKeyParameterValue::PaddingMode(Default::default()),
1024 Tag::DIGEST => return KmKeyParameterValue::Digest(Default::default()),
1025 Tag::EC_CURVE => return KmKeyParameterValue::EcCurve(Default::default()),
1026 Tag::ORIGIN => return KmKeyParameterValue::Origin(Default::default()),
1027 Tag::PURPOSE => return KmKeyParameterValue::KeyPurpose(Default::default()),
1028 Tag::USER_AUTH_TYPE => {
1029 return KmKeyParameterValue::HardwareAuthenticatorType(Default::default())
1030 }
1031 Tag::HARDWARE_TYPE => return KmKeyParameterValue::SecurityLevel(Default::default()),
1032 _ => {}
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001033 }
Janis Danisevskise6efb242020-12-19 13:58:01 -08001034 match tag_type {
1035 TagType::INVALID => return KmKeyParameterValue::Invalid(Default::default()),
1036 TagType::ENUM | TagType::ENUM_REP => {}
1037 TagType::UINT | TagType::UINT_REP => {
1038 return KmKeyParameterValue::Integer(Default::default())
1039 }
1040 TagType::ULONG | TagType::ULONG_REP => {
1041 return KmKeyParameterValue::LongInteger(Default::default())
1042 }
1043 TagType::DATE => return KmKeyParameterValue::DateTime(Default::default()),
1044 TagType::BOOL => return KmKeyParameterValue::BoolValue(Default::default()),
1045 TagType::BIGNUM | TagType::BYTES => {
1046 return KmKeyParameterValue::Blob(Default::default())
1047 }
1048 _ => {}
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001049 }
Janis Danisevskise6efb242020-12-19 13:58:01 -08001050 panic!("Unknown tag/tag_type: {:?} {:?}", tag, tag_type);
1051 }
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001052
Janis Danisevskise6efb242020-12-19 13:58:01 -08001053 fn check_field_matches_tag_type(list_o_parameters: &[KmKeyParameter]) {
1054 for kp in list_o_parameters.iter() {
1055 match (&kp.value, get_field_by_tag_type(kp.tag)) {
1056 (&KmKeyParameterValue::Algorithm(_), KmKeyParameterValue::Algorithm(_))
1057 | (&KmKeyParameterValue::BlockMode(_), KmKeyParameterValue::BlockMode(_))
1058 | (&KmKeyParameterValue::PaddingMode(_), KmKeyParameterValue::PaddingMode(_))
1059 | (&KmKeyParameterValue::Digest(_), KmKeyParameterValue::Digest(_))
1060 | (&KmKeyParameterValue::EcCurve(_), KmKeyParameterValue::EcCurve(_))
1061 | (&KmKeyParameterValue::Origin(_), KmKeyParameterValue::Origin(_))
1062 | (&KmKeyParameterValue::KeyPurpose(_), KmKeyParameterValue::KeyPurpose(_))
1063 | (
1064 &KmKeyParameterValue::HardwareAuthenticatorType(_),
1065 KmKeyParameterValue::HardwareAuthenticatorType(_),
1066 )
1067 | (&KmKeyParameterValue::SecurityLevel(_), KmKeyParameterValue::SecurityLevel(_))
1068 | (&KmKeyParameterValue::Invalid(_), KmKeyParameterValue::Invalid(_))
1069 | (&KmKeyParameterValue::Integer(_), KmKeyParameterValue::Integer(_))
1070 | (&KmKeyParameterValue::LongInteger(_), KmKeyParameterValue::LongInteger(_))
1071 | (&KmKeyParameterValue::DateTime(_), KmKeyParameterValue::DateTime(_))
1072 | (&KmKeyParameterValue::BoolValue(_), KmKeyParameterValue::BoolValue(_))
1073 | (&KmKeyParameterValue::Blob(_), KmKeyParameterValue::Blob(_)) => {}
1074 (actual, expected) => panic!(
1075 "Tag {:?} associated with variant {:?} expected {:?}",
1076 kp.tag, actual, expected
1077 ),
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001078 }
1079 }
Janis Danisevskise6efb242020-12-19 13:58:01 -08001080 }
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001081
Janis Danisevskise6efb242020-12-19 13:58:01 -08001082 #[test]
1083 fn key_parameter_value_field_matches_tag_type() {
1084 check_field_matches_tag_type(&KeyParameterValue::make_field_matches_tag_type_test_vector());
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001085 }
1086}
1087
1088#[cfg(test)]
1089mod basic_tests {
1090 use crate::key_parameter::*;
1091
1092 // Test basic functionality of KeyParameter.
1093 #[test]
1094 fn test_key_parameter() {
1095 let key_parameter = KeyParameter::new(
1096 KeyParameterValue::Algorithm(Algorithm::RSA),
1097 SecurityLevel::STRONGBOX,
1098 );
1099
1100 assert_eq!(key_parameter.get_tag(), Tag::ALGORITHM);
1101
1102 assert_eq!(
1103 *key_parameter.key_parameter_value(),
1104 KeyParameterValue::Algorithm(Algorithm::RSA)
1105 );
1106
1107 assert_eq!(*key_parameter.security_level(), SecurityLevel::STRONGBOX);
1108 }
1109}
1110
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001111/// The storage_tests module first tests the 'new_from_sql' method for KeyParameters of different
1112/// data types and then tests 'to_sql' method for KeyParameters of those
1113/// different data types. The five different data types for KeyParameter values are:
1114/// i) enums of u32
1115/// ii) u32
1116/// iii) u64
1117/// iv) Vec<u8>
1118/// v) bool
1119#[cfg(test)]
1120mod storage_tests {
1121 use crate::error::*;
1122 use crate::key_parameter::*;
1123 use anyhow::Result;
1124 use rusqlite::types::ToSql;
1125 use rusqlite::{params, Connection, NO_PARAMS};
1126
1127 /// Test initializing a KeyParameter (with key parameter value corresponding to an enum of i32)
1128 /// from a database table row.
1129 #[test]
1130 fn test_new_from_sql_enum_i32() -> Result<()> {
1131 let db = init_db()?;
1132 insert_into_keyparameter(
1133 &db,
1134 1,
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001135 Tag::ALGORITHM.0,
1136 &Algorithm::RSA.0,
1137 SecurityLevel::STRONGBOX.0,
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001138 )?;
1139 let key_param = query_from_keyparameter(&db)?;
1140 assert_eq!(Tag::ALGORITHM, key_param.get_tag());
1141 assert_eq!(*key_param.key_parameter_value(), KeyParameterValue::Algorithm(Algorithm::RSA));
1142 assert_eq!(*key_param.security_level(), SecurityLevel::STRONGBOX);
1143 Ok(())
1144 }
1145
1146 /// Test initializing a KeyParameter (with key parameter value which is of i32)
1147 /// from a database table row.
1148 #[test]
1149 fn test_new_from_sql_i32() -> Result<()> {
1150 let db = init_db()?;
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001151 insert_into_keyparameter(&db, 1, Tag::KEY_SIZE.0, &1024, SecurityLevel::STRONGBOX.0)?;
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001152 let key_param = query_from_keyparameter(&db)?;
1153 assert_eq!(Tag::KEY_SIZE, key_param.get_tag());
1154 assert_eq!(*key_param.key_parameter_value(), KeyParameterValue::KeySize(1024));
1155 Ok(())
1156 }
1157
1158 /// Test initializing a KeyParameter (with key parameter value which is of i64)
1159 /// from a database table row.
1160 #[test]
1161 fn test_new_from_sql_i64() -> Result<()> {
1162 let db = init_db()?;
1163 // max value for i64, just to test corner cases
1164 insert_into_keyparameter(
1165 &db,
1166 1,
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001167 Tag::RSA_PUBLIC_EXPONENT.0,
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001168 &(i64::MAX),
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001169 SecurityLevel::STRONGBOX.0,
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001170 )?;
1171 let key_param = query_from_keyparameter(&db)?;
1172 assert_eq!(Tag::RSA_PUBLIC_EXPONENT, key_param.get_tag());
1173 assert_eq!(
1174 *key_param.key_parameter_value(),
1175 KeyParameterValue::RSAPublicExponent(i64::MAX)
1176 );
1177 Ok(())
1178 }
1179
1180 /// Test initializing a KeyParameter (with key parameter value which is of bool)
1181 /// from a database table row.
1182 #[test]
1183 fn test_new_from_sql_bool() -> Result<()> {
1184 let db = init_db()?;
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001185 insert_into_keyparameter(&db, 1, Tag::CALLER_NONCE.0, &Null, SecurityLevel::STRONGBOX.0)?;
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001186 let key_param = query_from_keyparameter(&db)?;
1187 assert_eq!(Tag::CALLER_NONCE, key_param.get_tag());
1188 assert_eq!(*key_param.key_parameter_value(), KeyParameterValue::CallerNonce);
1189 Ok(())
1190 }
1191
1192 /// Test initializing a KeyParameter (with key parameter value which is of Vec<u8>)
1193 /// from a database table row.
1194 #[test]
1195 fn test_new_from_sql_vec_u8() -> Result<()> {
1196 let db = init_db()?;
1197 let app_id = String::from("MyAppID");
1198 let app_id_bytes = app_id.into_bytes();
1199 insert_into_keyparameter(
1200 &db,
1201 1,
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001202 Tag::APPLICATION_ID.0,
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001203 &app_id_bytes,
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001204 SecurityLevel::STRONGBOX.0,
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001205 )?;
1206 let key_param = query_from_keyparameter(&db)?;
1207 assert_eq!(Tag::APPLICATION_ID, key_param.get_tag());
1208 assert_eq!(
1209 *key_param.key_parameter_value(),
1210 KeyParameterValue::ApplicationID(app_id_bytes)
1211 );
1212 Ok(())
1213 }
1214
1215 /// Test storing a KeyParameter (with key parameter value which corresponds to an enum of i32)
1216 /// in the database
1217 #[test]
1218 fn test_to_sql_enum_i32() -> Result<()> {
1219 let db = init_db()?;
1220 let kp = KeyParameter::new(
1221 KeyParameterValue::Algorithm(Algorithm::RSA),
1222 SecurityLevel::STRONGBOX,
1223 );
1224 store_keyparameter(&db, 1, &kp)?;
1225 let key_param = query_from_keyparameter(&db)?;
1226 assert_eq!(kp.get_tag(), key_param.get_tag());
1227 assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
1228 assert_eq!(kp.security_level(), key_param.security_level());
1229 Ok(())
1230 }
1231
1232 /// Test storing a KeyParameter (with key parameter value which is of i32) in the database
1233 #[test]
1234 fn test_to_sql_i32() -> Result<()> {
1235 let db = init_db()?;
1236 let kp = KeyParameter::new(KeyParameterValue::KeySize(1024), SecurityLevel::STRONGBOX);
1237 store_keyparameter(&db, 1, &kp)?;
1238 let key_param = query_from_keyparameter(&db)?;
1239 assert_eq!(kp.get_tag(), key_param.get_tag());
1240 assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
1241 assert_eq!(kp.security_level(), key_param.security_level());
1242 Ok(())
1243 }
1244
1245 /// Test storing a KeyParameter (with key parameter value which is of i64) in the database
1246 #[test]
1247 fn test_to_sql_i64() -> Result<()> {
1248 let db = init_db()?;
1249 // max value for i64, just to test corner cases
1250 let kp = KeyParameter::new(
1251 KeyParameterValue::RSAPublicExponent(i64::MAX),
1252 SecurityLevel::STRONGBOX,
1253 );
1254 store_keyparameter(&db, 1, &kp)?;
1255 let key_param = query_from_keyparameter(&db)?;
1256 assert_eq!(kp.get_tag(), key_param.get_tag());
1257 assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
1258 assert_eq!(kp.security_level(), key_param.security_level());
1259 Ok(())
1260 }
1261
1262 /// Test storing a KeyParameter (with key parameter value which is of Vec<u8>) in the database
1263 #[test]
1264 fn test_to_sql_vec_u8() -> Result<()> {
1265 let db = init_db()?;
1266 let kp = KeyParameter::new(
1267 KeyParameterValue::ApplicationID(String::from("MyAppID").into_bytes()),
1268 SecurityLevel::STRONGBOX,
1269 );
1270 store_keyparameter(&db, 1, &kp)?;
1271 let key_param = query_from_keyparameter(&db)?;
1272 assert_eq!(kp.get_tag(), key_param.get_tag());
1273 assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
1274 assert_eq!(kp.security_level(), key_param.security_level());
1275 Ok(())
1276 }
1277
1278 /// Test storing a KeyParameter (with key parameter value which is of i32) in the database
1279 #[test]
1280 fn test_to_sql_bool() -> Result<()> {
1281 let db = init_db()?;
1282 let kp = KeyParameter::new(KeyParameterValue::CallerNonce, SecurityLevel::STRONGBOX);
1283 store_keyparameter(&db, 1, &kp)?;
1284 let key_param = query_from_keyparameter(&db)?;
1285 assert_eq!(kp.get_tag(), key_param.get_tag());
1286 assert_eq!(kp.key_parameter_value(), key_param.key_parameter_value());
1287 assert_eq!(kp.security_level(), key_param.security_level());
1288 Ok(())
1289 }
1290
1291 #[test]
1292 /// Test Tag::Invalid
1293 fn test_invalid_tag() -> Result<()> {
1294 let db = init_db()?;
1295 insert_into_keyparameter(&db, 1, 0, &123, 1)?;
1296 let key_param = query_from_keyparameter(&db)?;
1297 assert_eq!(Tag::INVALID, key_param.get_tag());
1298 Ok(())
1299 }
1300
1301 #[test]
1302 fn test_non_existing_enum_variant() -> Result<()> {
1303 let db = init_db()?;
1304 insert_into_keyparameter(&db, 1, 100, &123, 1)?;
Janis Danisevskise6efb242020-12-19 13:58:01 -08001305 let key_param = query_from_keyparameter(&db)?;
1306 assert_eq!(Tag::INVALID, key_param.get_tag());
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001307 Ok(())
1308 }
1309
1310 #[test]
1311 fn test_invalid_conversion_from_sql() -> Result<()> {
1312 let db = init_db()?;
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001313 insert_into_keyparameter(&db, 1, Tag::ALGORITHM.0, &Null, 1)?;
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001314 tests::check_result_contains_error_string(
1315 query_from_keyparameter(&db),
1316 "Failed to read sql data for tag: ALGORITHM.",
1317 );
1318 Ok(())
1319 }
1320
1321 /// Helper method to init database table for key parameter
1322 fn init_db() -> Result<Connection> {
1323 let db = Connection::open_in_memory().context("Failed to initialize sqlite connection.")?;
1324 db.execute("ATTACH DATABASE ? as 'persistent';", params![""])
1325 .context("Failed to attach databases.")?;
1326 db.execute(
1327 "CREATE TABLE IF NOT EXISTS persistent.keyparameter (
1328 keyentryid INTEGER,
1329 tag INTEGER,
1330 data ANY,
1331 security_level INTEGER);",
1332 NO_PARAMS,
1333 )
1334 .context("Failed to initialize \"keyparameter\" table.")?;
1335 Ok(db)
1336 }
1337
1338 /// Helper method to insert an entry into key parameter table, with individual parameters
1339 fn insert_into_keyparameter<T: ToSql>(
1340 db: &Connection,
1341 key_id: i64,
1342 tag: i32,
1343 value: &T,
1344 security_level: i32,
1345 ) -> Result<()> {
1346 db.execute(
1347 "INSERT into persistent.keyparameter (keyentryid, tag, data, security_level)
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001348 VALUES(?, ?, ?, ?);",
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001349 params![key_id, tag, *value, security_level],
1350 )?;
1351 Ok(())
1352 }
1353
1354 /// Helper method to store a key parameter instance.
1355 fn store_keyparameter(db: &Connection, key_id: i64, kp: &KeyParameter) -> Result<()> {
1356 db.execute(
1357 "INSERT into persistent.keyparameter (keyentryid, tag, data, security_level)
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001358 VALUES(?, ?, ?, ?);",
1359 params![key_id, kp.get_tag().0, kp.key_parameter_value(), kp.security_level().0],
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001360 )?;
1361 Ok(())
1362 }
1363
1364 /// Helper method to query a row from keyparameter table
1365 fn query_from_keyparameter(db: &Connection) -> Result<KeyParameter> {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001366 let mut stmt =
1367 db.prepare("SELECT tag, data, security_level FROM persistent.keyparameter")?;
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001368 let mut rows = stmt.query(NO_PARAMS)?;
1369 let row = rows.next()?.unwrap();
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001370 Ok(KeyParameter::new_from_sql(
1371 Tag(row.get(0)?),
Janis Danisevskis4522c2b2020-11-27 18:04:58 -08001372 &SqlField::new(1, row),
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001373 SecurityLevel(row.get(2)?),
1374 )?)
Hasini Gunasingheaf993662020-07-24 18:40:20 +00001375 }
1376}
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001377
1378/// The wire_tests module tests the 'convert_to_wire' and 'convert_from_wire' methods for
Janis Danisevskis85d47932020-10-23 16:12:59 -07001379/// KeyParameter, for the four different types used in KmKeyParameter, in addition to Invalid
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001380/// key parameter.
1381/// i) bool
1382/// ii) integer
1383/// iii) longInteger
Janis Danisevskis85d47932020-10-23 16:12:59 -07001384/// iv) blob
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001385#[cfg(test)]
1386mod wire_tests {
1387 use crate::key_parameter::*;
1388 /// unit tests for to conversions
1389 #[test]
1390 fn test_convert_to_wire_invalid() {
1391 let kp = KeyParameter::new(KeyParameterValue::Invalid, SecurityLevel::STRONGBOX);
Janis Danisevskise6efb242020-12-19 13:58:01 -08001392 assert_eq!(
1393 KmKeyParameter { tag: Tag::INVALID, value: KmKeyParameterValue::Invalid(0) },
1394 kp.value.into()
1395 );
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001396 }
1397 #[test]
1398 fn test_convert_to_wire_bool() {
1399 let kp = KeyParameter::new(KeyParameterValue::CallerNonce, SecurityLevel::STRONGBOX);
Janis Danisevskise6efb242020-12-19 13:58:01 -08001400 assert_eq!(
1401 KmKeyParameter { tag: Tag::CALLER_NONCE, value: KmKeyParameterValue::BoolValue(true) },
1402 kp.value.into()
1403 );
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001404 }
1405 #[test]
1406 fn test_convert_to_wire_integer() {
1407 let kp = KeyParameter::new(
1408 KeyParameterValue::KeyPurpose(KeyPurpose::ENCRYPT),
1409 SecurityLevel::STRONGBOX,
1410 );
Janis Danisevskise6efb242020-12-19 13:58:01 -08001411 assert_eq!(
1412 KmKeyParameter {
1413 tag: Tag::PURPOSE,
1414 value: KmKeyParameterValue::KeyPurpose(KeyPurpose::ENCRYPT)
1415 },
1416 kp.value.into()
1417 );
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001418 }
1419 #[test]
1420 fn test_convert_to_wire_long_integer() {
1421 let kp =
1422 KeyParameter::new(KeyParameterValue::UserSecureID(i64::MAX), SecurityLevel::STRONGBOX);
Janis Danisevskise6efb242020-12-19 13:58:01 -08001423 assert_eq!(
1424 KmKeyParameter {
1425 tag: Tag::USER_SECURE_ID,
1426 value: KmKeyParameterValue::LongInteger(i64::MAX)
1427 },
1428 kp.value.into()
1429 );
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001430 }
1431 #[test]
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001432 fn test_convert_to_wire_blob() {
1433 let kp = KeyParameter::new(
1434 KeyParameterValue::ConfirmationToken(String::from("ConfirmationToken").into_bytes()),
1435 SecurityLevel::STRONGBOX,
1436 );
Janis Danisevskis398e6be2020-12-17 09:29:25 -08001437 assert_eq!(
Janis Danisevskise6efb242020-12-19 13:58:01 -08001438 KmKeyParameter {
1439 tag: Tag::CONFIRMATION_TOKEN,
1440 value: KmKeyParameterValue::Blob(String::from("ConfirmationToken").into_bytes())
1441 },
1442 kp.value.into()
Janis Danisevskis398e6be2020-12-17 09:29:25 -08001443 );
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001444 }
1445
1446 /// unit tests for from conversion
1447 #[test]
1448 fn test_convert_from_wire_invalid() {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001449 let aidl_kp = KmKeyParameter { tag: Tag::INVALID, ..Default::default() };
Janis Danisevskise6efb242020-12-19 13:58:01 -08001450 assert_eq!(KeyParameterValue::Invalid, aidl_kp.into());
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001451 }
1452 #[test]
1453 fn test_convert_from_wire_bool() {
1454 let aidl_kp =
Janis Danisevskis398e6be2020-12-17 09:29:25 -08001455 KmKeyParameter { tag: Tag::CALLER_NONCE, value: KmKeyParameterValue::BoolValue(true) };
Janis Danisevskise6efb242020-12-19 13:58:01 -08001456 assert_eq!(KeyParameterValue::CallerNonce, aidl_kp.into());
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001457 }
1458 #[test]
1459 fn test_convert_from_wire_integer() {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001460 let aidl_kp = KmKeyParameter {
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001461 tag: Tag::PURPOSE,
Janis Danisevskis398e6be2020-12-17 09:29:25 -08001462 value: KmKeyParameterValue::KeyPurpose(KeyPurpose::ENCRYPT),
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001463 };
Janis Danisevskise6efb242020-12-19 13:58:01 -08001464 assert_eq!(KeyParameterValue::KeyPurpose(KeyPurpose::ENCRYPT), aidl_kp.into());
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001465 }
1466 #[test]
1467 fn test_convert_from_wire_long_integer() {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001468 let aidl_kp = KmKeyParameter {
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001469 tag: Tag::USER_SECURE_ID,
Janis Danisevskis398e6be2020-12-17 09:29:25 -08001470 value: KmKeyParameterValue::LongInteger(i64::MAX),
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001471 };
Janis Danisevskise6efb242020-12-19 13:58:01 -08001472 assert_eq!(KeyParameterValue::UserSecureID(i64::MAX), aidl_kp.into());
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001473 }
1474 #[test]
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001475 fn test_convert_from_wire_blob() {
Janis Danisevskisc5b210b2020-09-11 13:27:37 -07001476 let aidl_kp = KmKeyParameter {
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001477 tag: Tag::CONFIRMATION_TOKEN,
Janis Danisevskis398e6be2020-12-17 09:29:25 -08001478 value: KmKeyParameterValue::Blob(String::from("ConfirmationToken").into_bytes()),
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001479 };
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001480 assert_eq!(
1481 KeyParameterValue::ConfirmationToken(String::from("ConfirmationToken").into_bytes()),
Janis Danisevskise6efb242020-12-19 13:58:01 -08001482 aidl_kp.into()
Hasini Gunasinghe3eb77c22020-08-28 15:45:06 +00001483 );
1484 }
1485}