Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / acd3d989c8f5d56f3f727c44b2ec7c22a477e446 / . / keystore2 / test_utils / authorizations.rs
blob: d3d6fc4ae161c060ee15da461c2a4f2e9b79567d [file] [log] [blame]
Rajesh Nyamagoud901386c2022-03-21 20:35:18 +0000[diff] [blame]1// Copyright 2022, The Android Open Source Project
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7// http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15//! This module implements test utils to create Autherizations.
16
17use std::ops::Deref;
18
19use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
Rajesh Nyamagoud11912ea2021-12-20 20:37:20 +0000[diff] [blame]20 Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,
David Drysdale89e87d52024-10-04 13:07:43 +0100[diff] [blame]21 HardwareAuthenticatorType::HardwareAuthenticatorType, KeyParameter::KeyParameter,
22 KeyParameterValue::KeyParameterValue, KeyPurpose::KeyPurpose, PaddingMode::PaddingMode,
23 Tag::Tag,
Rajesh Nyamagoud901386c2022-03-21 20:35:18 +0000[diff] [blame]24};
25
26/// Helper struct to create set of Authorizations.
Rajesh Nyamagoudb881d512021-12-10 00:33:15 +0000[diff] [blame]27#[derive(Debug, Clone, Eq, Hash, Ord, PartialEq, PartialOrd)]
Rajesh Nyamagoud901386c2022-03-21 20:35:18 +0000[diff] [blame]28pub struct AuthSetBuilder(Vec<KeyParameter>);
29
30impl Default for AuthSetBuilder {
31 fn default() -> Self {
32 Self::new()
33 }
34}
35
36impl AuthSetBuilder {
37 /// Creates new Authorizations list.
38 pub fn new() -> Self {
39 Self(Vec::new())
40 }
41
42 /// Add Purpose.
43 pub fn purpose(mut self, p: KeyPurpose) -> Self {
44 self.0.push(KeyParameter { tag: Tag::PURPOSE, value: KeyParameterValue::KeyPurpose(p) });
45 self
46 }
47
48 /// Add Digest.
49 pub fn digest(mut self, d: Digest) -> Self {
50 self.0.push(KeyParameter { tag: Tag::DIGEST, value: KeyParameterValue::Digest(d) });
51 self
52 }
53
54 /// Add Algorithm.
55 pub fn algorithm(mut self, a: Algorithm) -> Self {
56 self.0.push(KeyParameter { tag: Tag::ALGORITHM, value: KeyParameterValue::Algorithm(a) });
57 self
58 }
59
60 /// Add EC-Curve.
61 pub fn ec_curve(mut self, e: EcCurve) -> Self {
62 self.0.push(KeyParameter { tag: Tag::EC_CURVE, value: KeyParameterValue::EcCurve(e) });
63 self
64 }
65
66 /// Add Attestation-Challenge.
67 pub fn attestation_challenge(mut self, b: Vec<u8>) -> Self {
68 self.0.push(KeyParameter {
69 tag: Tag::ATTESTATION_CHALLENGE,
70 value: KeyParameterValue::Blob(b),
71 });
72 self
73 }
74
Rajesh Nyamagoudb881d512021-12-10 00:33:15 +0000[diff] [blame]75 /// Add No_auth_required.
76 pub fn no_auth_required(mut self) -> Self {
77 self.0.push(KeyParameter {
78 tag: Tag::NO_AUTH_REQUIRED,
79 value: KeyParameterValue::BoolValue(true),
80 });
81 self
82 }
Rajesh Nyamagoud11912ea2021-12-20 20:37:20 +0000[diff] [blame]83
84 /// Add RSA_public_exponent.
85 pub fn rsa_public_exponent(mut self, e: i64) -> Self {
86 self.0.push(KeyParameter {
87 tag: Tag::RSA_PUBLIC_EXPONENT,
88 value: KeyParameterValue::LongInteger(e),
89 });
90 self
91 }
92
93 /// Add key size.
94 pub fn key_size(mut self, s: i32) -> Self {
95 self.0.push(KeyParameter { tag: Tag::KEY_SIZE, value: KeyParameterValue::Integer(s) });
96 self
97 }
98
99 /// Add block mode.
100 pub fn block_mode(mut self, b: BlockMode) -> Self {
101 self.0.push(KeyParameter { tag: Tag::BLOCK_MODE, value: KeyParameterValue::BlockMode(b) });
102 self
103 }
104
105 /// Add certificate_not_before.
106 pub fn cert_not_before(mut self, b: i64) -> Self {
107 self.0.push(KeyParameter {
108 tag: Tag::CERTIFICATE_NOT_BEFORE,
109 value: KeyParameterValue::DateTime(b),
110 });
111 self
112 }
113
114 /// Add certificate_not_after.
115 pub fn cert_not_after(mut self, a: i64) -> Self {
116 self.0.push(KeyParameter {
117 tag: Tag::CERTIFICATE_NOT_AFTER,
118 value: KeyParameterValue::DateTime(a),
119 });
120 self
121 }
122
123 /// Add padding mode.
124 pub fn padding_mode(mut self, p: PaddingMode) -> Self {
125 self.0.push(KeyParameter { tag: Tag::PADDING, value: KeyParameterValue::PaddingMode(p) });
126 self
127 }
128
129 /// Add mgf_digest.
130 pub fn mgf_digest(mut self, d: Digest) -> Self {
131 self.0.push(KeyParameter {
132 tag: Tag::RSA_OAEP_MGF_DIGEST,
133 value: KeyParameterValue::Digest(d),
134 });
135 self
136 }
Rajesh Nyamagoud47409932022-01-08 00:37:13 +0000[diff] [blame]137
138 /// Add nonce.
139 pub fn nonce(mut self, b: Vec<u8>) -> Self {
140 self.0.push(KeyParameter { tag: Tag::NONCE, value: KeyParameterValue::Blob(b) });
141 self
142 }
143
Rajesh Nyamagoudc946cc42022-04-12 22:49:11 +0000[diff] [blame]144 /// Add CALLER_NONCE.
145 pub fn caller_nonce(mut self) -> Self {
146 self.0.push(KeyParameter {
147 tag: Tag::CALLER_NONCE,
148 value: KeyParameterValue::BoolValue(true),
149 });
150 self
151 }
152
Rajesh Nyamagoud47409932022-01-08 00:37:13 +0000[diff] [blame]153 /// Add MAC length.
154 pub fn mac_length(mut self, l: i32) -> Self {
155 self.0.push(KeyParameter { tag: Tag::MAC_LENGTH, value: KeyParameterValue::Integer(l) });
156 self
157 }
158
159 /// Add min MAC length.
160 pub fn min_mac_length(mut self, l: i32) -> Self {
161 self.0
162 .push(KeyParameter { tag: Tag::MIN_MAC_LENGTH, value: KeyParameterValue::Integer(l) });
163 self
164 }
Rajesh Nyamagouda42dee62022-04-22 21:15:55 +0000[diff] [blame]165
166 /// Add Attestation-Device-Brand.
167 pub fn attestation_device_brand(mut self, b: Vec<u8>) -> Self {
168 self.0.push(KeyParameter {
169 tag: Tag::ATTESTATION_ID_BRAND,
170 value: KeyParameterValue::Blob(b),
171 });
172 self
173 }
174
175 /// Add Attestation-Device-name.
176 pub fn attestation_device_name(mut self, b: Vec<u8>) -> Self {
177 self.0.push(KeyParameter {
178 tag: Tag::ATTESTATION_ID_DEVICE,
179 value: KeyParameterValue::Blob(b),
180 });
181 self
182 }
183
184 /// Add Attestation-Device-Product-Name.
185 pub fn attestation_device_product_name(mut self, b: Vec<u8>) -> Self {
186 self.0.push(KeyParameter {
187 tag: Tag::ATTESTATION_ID_PRODUCT,
188 value: KeyParameterValue::Blob(b),
189 });
190 self
191 }
192
193 /// Add Attestation-Device-Serial.
194 pub fn attestation_device_serial(mut self, b: Vec<u8>) -> Self {
195 self.0.push(KeyParameter {
196 tag: Tag::ATTESTATION_ID_SERIAL,
197 value: KeyParameterValue::Blob(b),
198 });
199 self
200 }
201
202 /// Add Attestation-Device-IMEI.
203 pub fn attestation_device_imei(mut self, b: Vec<u8>) -> Self {
204 self.0.push(KeyParameter {
205 tag: Tag::ATTESTATION_ID_IMEI,
206 value: KeyParameterValue::Blob(b),
207 });
208 self
209 }
210
211 /// Add Attestation-Device-IMEI.
212 pub fn attestation_device_second_imei(mut self, b: Vec<u8>) -> Self {
213 self.0.push(KeyParameter {
214 tag: Tag::ATTESTATION_ID_SECOND_IMEI,
215 value: KeyParameterValue::Blob(b),
216 });
217 self
218 }
219
220 /// Add Attestation-Device-MEID.
221 pub fn attestation_device_meid(mut self, b: Vec<u8>) -> Self {
222 self.0.push(KeyParameter {
223 tag: Tag::ATTESTATION_ID_MEID,
224 value: KeyParameterValue::Blob(b),
225 });
226 self
227 }
228
229 /// Add Attestation-Device-Manufacturer.
230 pub fn attestation_device_manufacturer(mut self, b: Vec<u8>) -> Self {
231 self.0.push(KeyParameter {
232 tag: Tag::ATTESTATION_ID_MANUFACTURER,
233 value: KeyParameterValue::Blob(b),
234 });
235 self
236 }
237
238 /// Add Attestation-Device-Model.
239 pub fn attestation_device_model(mut self, b: Vec<u8>) -> Self {
240 self.0.push(KeyParameter {
241 tag: Tag::ATTESTATION_ID_MODEL,
242 value: KeyParameterValue::Blob(b),
243 });
244 self
245 }
Rajesh Nyamagoud75dfa0c2023-05-11 00:31:40 +0000[diff] [blame]246
247 /// Set active date-time.
248 pub fn active_date_time(mut self, date: i64) -> Self {
249 self.0.push(KeyParameter {
250 tag: Tag::ACTIVE_DATETIME,
251 value: KeyParameterValue::DateTime(date),
252 });
253 self
254 }
255
256 /// Set origination expire date-time.
257 pub fn origination_expire_date_time(mut self, date: i64) -> Self {
258 self.0.push(KeyParameter {
259 tag: Tag::ORIGINATION_EXPIRE_DATETIME,
260 value: KeyParameterValue::DateTime(date),
261 });
262 self
263 }
264
265 /// Set usage expire date-time.
266 pub fn usage_expire_date_time(mut self, date: i64) -> Self {
267 self.0.push(KeyParameter {
268 tag: Tag::USAGE_EXPIRE_DATETIME,
269 value: KeyParameterValue::DateTime(date),
270 });
271 self
272 }
Rajesh Nyamagoudf436a932023-05-12 01:16:07 +0000[diff] [blame]273
274 /// Set boot loader only.
275 pub fn boot_loader_only(mut self) -> Self {
276 self.0.push(KeyParameter {
277 tag: Tag::BOOTLOADER_ONLY,
278 value: KeyParameterValue::BoolValue(true),
279 });
280 self
281 }
282
283 /// Set early boot only.
284 pub fn early_boot_only(mut self) -> Self {
285 self.0.push(KeyParameter {
286 tag: Tag::EARLY_BOOT_ONLY,
287 value: KeyParameterValue::BoolValue(true),
288 });
289 self
290 }
291
292 /// Set max uses per boot.
293 pub fn max_uses_per_boot(mut self, max_uses: i32) -> Self {
294 self.0.push(KeyParameter {
295 tag: Tag::MAX_USES_PER_BOOT,
296 value: KeyParameterValue::Integer(max_uses),
297 });
298 self
299 }
300
301 /// Set max usage count.
302 pub fn usage_count_limit(mut self, usage_count: i32) -> Self {
303 self.0.push(KeyParameter {
304 tag: Tag::USAGE_COUNT_LIMIT,
305 value: KeyParameterValue::Integer(usage_count),
306 });
307 self
308 }
Rajesh Nyamagoud5f6db2f2023-06-01 17:22:32 +0000[diff] [blame]309
310 /// Set creation date-time.
311 pub fn creation_date_time(mut self, date: i64) -> Self {
312 self.0.push(KeyParameter {
313 tag: Tag::CREATION_DATETIME,
314 value: KeyParameterValue::DateTime(date),
315 });
316 self
317 }
Rajesh Nyamagoudf408c282023-06-02 02:46:38 +0000[diff] [blame]318
319 /// Set include unique id.
320 pub fn include_unique_id(mut self) -> Self {
321 self.0.push(KeyParameter {
322 tag: Tag::INCLUDE_UNIQUE_ID,
323 value: KeyParameterValue::BoolValue(true),
324 });
325 self
326 }
Rajesh Nyamagoud290dd732023-06-05 17:31:20 +0000[diff] [blame]327
328 /// Add app-data.
329 pub fn app_data(mut self, b: Vec<u8>) -> Self {
330 self.0.push(KeyParameter { tag: Tag::APPLICATION_DATA, value: KeyParameterValue::Blob(b) });
331 self
332 }
333
334 /// Add app-id.
335 pub fn app_id(mut self, b: Vec<u8>) -> Self {
336 self.0.push(KeyParameter { tag: Tag::APPLICATION_ID, value: KeyParameterValue::Blob(b) });
337 self
338 }
Rajesh Nyamagoudb1c8e832023-06-06 01:39:44 +0000[diff] [blame]339
340 /// Set device-unique-attestation.
341 pub fn device_unique_attestation(mut self) -> Self {
342 self.0.push(KeyParameter {
343 tag: Tag::DEVICE_UNIQUE_ATTESTATION,
344 value: KeyParameterValue::BoolValue(true),
345 });
346 self
347 }
Rajesh Nyamagoude5557ff2023-06-08 20:31:38 +0000[diff] [blame]348
349 /// Add certificate serial number.
350 pub fn cert_serial(mut self, b: Vec<u8>) -> Self {
351 self.0
352 .push(KeyParameter { tag: Tag::CERTIFICATE_SERIAL, value: KeyParameterValue::Blob(b) });
353 self
354 }
355
356 /// Add certificate subject name.
357 pub fn cert_subject_name(mut self, b: Vec<u8>) -> Self {
358 self.0.push(KeyParameter {
359 tag: Tag::CERTIFICATE_SUBJECT,
360 value: KeyParameterValue::Blob(b),
361 });
362 self
363 }
David Drysdalef7ed95a2024-05-08 13:51:45 +0100[diff] [blame]364
365 /// Set unlocked-device-required
366 pub fn unlocked_device_required(mut self) -> Self {
367 self.0.push(KeyParameter {
368 tag: Tag::UNLOCKED_DEVICE_REQUIRED,
369 value: KeyParameterValue::BoolValue(true),
370 });
371 self
372 }
David Drysdale89e87d52024-10-04 13:07:43 +0100[diff] [blame]373
374 /// Set user secure ID.
375 pub fn user_secure_id(mut self, sid: i64) -> Self {
376 self.0.push(KeyParameter {
377 tag: Tag::USER_SECURE_ID,
378 value: KeyParameterValue::LongInteger(sid),
379 });
380 self
381 }
382
383 /// Set user auth type.
384 pub fn user_auth_type(mut self, auth_type: HardwareAuthenticatorType) -> Self {
385 self.0.push(KeyParameter {
386 tag: Tag::USER_AUTH_TYPE,
387 value: KeyParameterValue::HardwareAuthenticatorType(auth_type),
388 });
389 self
390 }
391
392 /// Set auth timeout.
393 pub fn auth_timeout(mut self, timeout_secs: i32) -> Self {
394 self.0.push(KeyParameter {
395 tag: Tag::AUTH_TIMEOUT,
396 value: KeyParameterValue::Integer(timeout_secs),
397 });
398 self
399 }
Rajesh Nyamagoud901386c2022-03-21 20:35:18 +0000[diff] [blame]400}
401
402impl Deref for AuthSetBuilder {
403 type Target = Vec<KeyParameter>;
404
405 fn deref(&self) -> &Self::Target {
406 &self.0
407 }
408}