xref: /aosp_15_r20/system/security/keystore2/test_utils/authorizations.rs (revision e1997b9af69e3155ead6e072d106a0077849ffba) 
1 // Copyright 2022, The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 //! This module implements test utils to create Autherizations.
16 
17 use std::ops::Deref;
18 
19 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
20     Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,
21     HardwareAuthenticatorType::HardwareAuthenticatorType, KeyParameter::KeyParameter,
22     KeyParameterValue::KeyParameterValue, KeyPurpose::KeyPurpose, PaddingMode::PaddingMode,
23     Tag::Tag,
24 };
25 
26 /// Helper struct to create set of Authorizations.
27 #[derive(Debug, Clone, Eq, Hash, Ord, PartialEq, PartialOrd)]
28 pub struct AuthSetBuilder(Vec<KeyParameter>);
29 
30 impl Default for AuthSetBuilder {
default() -> Self31     fn default() -> Self {
32         Self::new()
33     }
34 }
35 
36 impl AuthSetBuilder {
37     /// Creates new Authorizations list.
new() -> Self38     pub fn new() -> Self {
39         Self(Vec::new())
40     }
41 
42     /// Add Purpose.
purpose(mut self, p: KeyPurpose) -> Self43     pub fn purpose(mut self, p: KeyPurpose) -> Self {
44         self.0.push(KeyParameter { tag: Tag::PURPOSE, value: KeyParameterValue::KeyPurpose(p) });
45         self
46     }
47 
48     /// Add Digest.
digest(mut self, d: Digest) -> Self49     pub fn digest(mut self, d: Digest) -> Self {
50         self.0.push(KeyParameter { tag: Tag::DIGEST, value: KeyParameterValue::Digest(d) });
51         self
52     }
53 
54     /// Add Algorithm.
algorithm(mut self, a: Algorithm) -> Self55     pub fn algorithm(mut self, a: Algorithm) -> Self {
56         self.0.push(KeyParameter { tag: Tag::ALGORITHM, value: KeyParameterValue::Algorithm(a) });
57         self
58     }
59 
60     /// Add EC-Curve.
ec_curve(mut self, e: EcCurve) -> Self61     pub fn ec_curve(mut self, e: EcCurve) -> Self {
62         self.0.push(KeyParameter { tag: Tag::EC_CURVE, value: KeyParameterValue::EcCurve(e) });
63         self
64     }
65 
66     /// Add Attestation-Challenge.
attestation_challenge(mut self, b: Vec<u8>) -> Self67     pub fn attestation_challenge(mut self, b: Vec<u8>) -> Self {
68         self.0.push(KeyParameter {
69             tag: Tag::ATTESTATION_CHALLENGE,
70             value: KeyParameterValue::Blob(b),
71         });
72         self
73     }
74 
75     /// Add No_auth_required.
no_auth_required(mut self) -> Self76     pub fn no_auth_required(mut self) -> Self {
77         self.0.push(KeyParameter {
78             tag: Tag::NO_AUTH_REQUIRED,
79             value: KeyParameterValue::BoolValue(true),
80         });
81         self
82     }
83 
84     /// Add RSA_public_exponent.
rsa_public_exponent(mut self, e: i64) -> Self85     pub fn rsa_public_exponent(mut self, e: i64) -> Self {
86         self.0.push(KeyParameter {
87             tag: Tag::RSA_PUBLIC_EXPONENT,
88             value: KeyParameterValue::LongInteger(e),
89         });
90         self
91     }
92 
93     /// Add key size.
key_size(mut self, s: i32) -> Self94     pub fn key_size(mut self, s: i32) -> Self {
95         self.0.push(KeyParameter { tag: Tag::KEY_SIZE, value: KeyParameterValue::Integer(s) });
96         self
97     }
98 
99     /// Add block mode.
block_mode(mut self, b: BlockMode) -> Self100     pub fn block_mode(mut self, b: BlockMode) -> Self {
101         self.0.push(KeyParameter { tag: Tag::BLOCK_MODE, value: KeyParameterValue::BlockMode(b) });
102         self
103     }
104 
105     /// Add certificate_not_before.
cert_not_before(mut self, b: i64) -> Self106     pub fn cert_not_before(mut self, b: i64) -> Self {
107         self.0.push(KeyParameter {
108             tag: Tag::CERTIFICATE_NOT_BEFORE,
109             value: KeyParameterValue::DateTime(b),
110         });
111         self
112     }
113 
114     /// Add certificate_not_after.
cert_not_after(mut self, a: i64) -> Self115     pub fn cert_not_after(mut self, a: i64) -> Self {
116         self.0.push(KeyParameter {
117             tag: Tag::CERTIFICATE_NOT_AFTER,
118             value: KeyParameterValue::DateTime(a),
119         });
120         self
121     }
122 
123     /// Add padding mode.
padding_mode(mut self, p: PaddingMode) -> Self124     pub fn padding_mode(mut self, p: PaddingMode) -> Self {
125         self.0.push(KeyParameter { tag: Tag::PADDING, value: KeyParameterValue::PaddingMode(p) });
126         self
127     }
128 
129     /// Add mgf_digest.
mgf_digest(mut self, d: Digest) -> Self130     pub fn mgf_digest(mut self, d: Digest) -> Self {
131         self.0.push(KeyParameter {
132             tag: Tag::RSA_OAEP_MGF_DIGEST,
133             value: KeyParameterValue::Digest(d),
134         });
135         self
136     }
137 
138     /// Add nonce.
nonce(mut self, b: Vec<u8>) -> Self139     pub fn nonce(mut self, b: Vec<u8>) -> Self {
140         self.0.push(KeyParameter { tag: Tag::NONCE, value: KeyParameterValue::Blob(b) });
141         self
142     }
143 
144     /// Add CALLER_NONCE.
caller_nonce(mut self) -> Self145     pub fn caller_nonce(mut self) -> Self {
146         self.0.push(KeyParameter {
147             tag: Tag::CALLER_NONCE,
148             value: KeyParameterValue::BoolValue(true),
149         });
150         self
151     }
152 
153     /// Add MAC length.
mac_length(mut self, l: i32) -> Self154     pub fn mac_length(mut self, l: i32) -> Self {
155         self.0.push(KeyParameter { tag: Tag::MAC_LENGTH, value: KeyParameterValue::Integer(l) });
156         self
157     }
158 
159     /// Add min MAC length.
min_mac_length(mut self, l: i32) -> Self160     pub fn min_mac_length(mut self, l: i32) -> Self {
161         self.0
162             .push(KeyParameter { tag: Tag::MIN_MAC_LENGTH, value: KeyParameterValue::Integer(l) });
163         self
164     }
165 
166     /// Add Attestation-Device-Brand.
attestation_device_brand(mut self, b: Vec<u8>) -> Self167     pub fn attestation_device_brand(mut self, b: Vec<u8>) -> Self {
168         self.0.push(KeyParameter {
169             tag: Tag::ATTESTATION_ID_BRAND,
170             value: KeyParameterValue::Blob(b),
171         });
172         self
173     }
174 
175     /// Add Attestation-Device-name.
attestation_device_name(mut self, b: Vec<u8>) -> Self176     pub fn attestation_device_name(mut self, b: Vec<u8>) -> Self {
177         self.0.push(KeyParameter {
178             tag: Tag::ATTESTATION_ID_DEVICE,
179             value: KeyParameterValue::Blob(b),
180         });
181         self
182     }
183 
184     /// Add Attestation-Device-Product-Name.
attestation_device_product_name(mut self, b: Vec<u8>) -> Self185     pub fn attestation_device_product_name(mut self, b: Vec<u8>) -> Self {
186         self.0.push(KeyParameter {
187             tag: Tag::ATTESTATION_ID_PRODUCT,
188             value: KeyParameterValue::Blob(b),
189         });
190         self
191     }
192 
193     /// Add Attestation-Device-Serial.
attestation_device_serial(mut self, b: Vec<u8>) -> Self194     pub fn attestation_device_serial(mut self, b: Vec<u8>) -> Self {
195         self.0.push(KeyParameter {
196             tag: Tag::ATTESTATION_ID_SERIAL,
197             value: KeyParameterValue::Blob(b),
198         });
199         self
200     }
201 
202     /// Add Attestation-Device-IMEI.
attestation_device_imei(mut self, b: Vec<u8>) -> Self203     pub fn attestation_device_imei(mut self, b: Vec<u8>) -> Self {
204         self.0.push(KeyParameter {
205             tag: Tag::ATTESTATION_ID_IMEI,
206             value: KeyParameterValue::Blob(b),
207         });
208         self
209     }
210 
211     /// Add Attestation-Device-IMEI.
attestation_device_second_imei(mut self, b: Vec<u8>) -> Self212     pub fn attestation_device_second_imei(mut self, b: Vec<u8>) -> Self {
213         self.0.push(KeyParameter {
214             tag: Tag::ATTESTATION_ID_SECOND_IMEI,
215             value: KeyParameterValue::Blob(b),
216         });
217         self
218     }
219 
220     /// Add Attestation-Device-MEID.
attestation_device_meid(mut self, b: Vec<u8>) -> Self221     pub fn attestation_device_meid(mut self, b: Vec<u8>) -> Self {
222         self.0.push(KeyParameter {
223             tag: Tag::ATTESTATION_ID_MEID,
224             value: KeyParameterValue::Blob(b),
225         });
226         self
227     }
228 
229     /// Add Attestation-Device-Manufacturer.
attestation_device_manufacturer(mut self, b: Vec<u8>) -> Self230     pub fn attestation_device_manufacturer(mut self, b: Vec<u8>) -> Self {
231         self.0.push(KeyParameter {
232             tag: Tag::ATTESTATION_ID_MANUFACTURER,
233             value: KeyParameterValue::Blob(b),
234         });
235         self
236     }
237 
238     /// Add Attestation-Device-Model.
attestation_device_model(mut self, b: Vec<u8>) -> Self239     pub fn attestation_device_model(mut self, b: Vec<u8>) -> Self {
240         self.0.push(KeyParameter {
241             tag: Tag::ATTESTATION_ID_MODEL,
242             value: KeyParameterValue::Blob(b),
243         });
244         self
245     }
246 
247     /// Set active date-time.
active_date_time(mut self, date: i64) -> Self248     pub fn active_date_time(mut self, date: i64) -> Self {
249         self.0.push(KeyParameter {
250             tag: Tag::ACTIVE_DATETIME,
251             value: KeyParameterValue::DateTime(date),
252         });
253         self
254     }
255 
256     /// Set origination expire date-time.
origination_expire_date_time(mut self, date: i64) -> Self257     pub fn origination_expire_date_time(mut self, date: i64) -> Self {
258         self.0.push(KeyParameter {
259             tag: Tag::ORIGINATION_EXPIRE_DATETIME,
260             value: KeyParameterValue::DateTime(date),
261         });
262         self
263     }
264 
265     /// Set usage expire date-time.
usage_expire_date_time(mut self, date: i64) -> Self266     pub fn usage_expire_date_time(mut self, date: i64) -> Self {
267         self.0.push(KeyParameter {
268             tag: Tag::USAGE_EXPIRE_DATETIME,
269             value: KeyParameterValue::DateTime(date),
270         });
271         self
272     }
273 
274     /// Set boot loader only.
boot_loader_only(mut self) -> Self275     pub fn boot_loader_only(mut self) -> Self {
276         self.0.push(KeyParameter {
277             tag: Tag::BOOTLOADER_ONLY,
278             value: KeyParameterValue::BoolValue(true),
279         });
280         self
281     }
282 
283     /// Set early boot only.
early_boot_only(mut self) -> Self284     pub fn early_boot_only(mut self) -> Self {
285         self.0.push(KeyParameter {
286             tag: Tag::EARLY_BOOT_ONLY,
287             value: KeyParameterValue::BoolValue(true),
288         });
289         self
290     }
291 
292     /// Set max uses per boot.
max_uses_per_boot(mut self, max_uses: i32) -> Self293     pub fn max_uses_per_boot(mut self, max_uses: i32) -> Self {
294         self.0.push(KeyParameter {
295             tag: Tag::MAX_USES_PER_BOOT,
296             value: KeyParameterValue::Integer(max_uses),
297         });
298         self
299     }
300 
301     /// Set max usage count.
usage_count_limit(mut self, usage_count: i32) -> Self302     pub fn usage_count_limit(mut self, usage_count: i32) -> Self {
303         self.0.push(KeyParameter {
304             tag: Tag::USAGE_COUNT_LIMIT,
305             value: KeyParameterValue::Integer(usage_count),
306         });
307         self
308     }
309 
310     /// Set creation date-time.
creation_date_time(mut self, date: i64) -> Self311     pub fn creation_date_time(mut self, date: i64) -> Self {
312         self.0.push(KeyParameter {
313             tag: Tag::CREATION_DATETIME,
314             value: KeyParameterValue::DateTime(date),
315         });
316         self
317     }
318 
319     /// Set include unique id.
include_unique_id(mut self) -> Self320     pub fn include_unique_id(mut self) -> Self {
321         self.0.push(KeyParameter {
322             tag: Tag::INCLUDE_UNIQUE_ID,
323             value: KeyParameterValue::BoolValue(true),
324         });
325         self
326     }
327 
328     /// Add app-data.
app_data(mut self, b: Vec<u8>) -> Self329     pub fn app_data(mut self, b: Vec<u8>) -> Self {
330         self.0.push(KeyParameter { tag: Tag::APPLICATION_DATA, value: KeyParameterValue::Blob(b) });
331         self
332     }
333 
334     /// Add app-id.
app_id(mut self, b: Vec<u8>) -> Self335     pub fn app_id(mut self, b: Vec<u8>) -> Self {
336         self.0.push(KeyParameter { tag: Tag::APPLICATION_ID, value: KeyParameterValue::Blob(b) });
337         self
338     }
339 
340     /// Set device-unique-attestation.
device_unique_attestation(mut self) -> Self341     pub fn device_unique_attestation(mut self) -> Self {
342         self.0.push(KeyParameter {
343             tag: Tag::DEVICE_UNIQUE_ATTESTATION,
344             value: KeyParameterValue::BoolValue(true),
345         });
346         self
347     }
348 
349     /// Add certificate serial number.
cert_serial(mut self, b: Vec<u8>) -> Self350     pub fn cert_serial(mut self, b: Vec<u8>) -> Self {
351         self.0
352             .push(KeyParameter { tag: Tag::CERTIFICATE_SERIAL, value: KeyParameterValue::Blob(b) });
353         self
354     }
355 
356     /// Add certificate subject name.
cert_subject_name(mut self, b: Vec<u8>) -> Self357     pub fn cert_subject_name(mut self, b: Vec<u8>) -> Self {
358         self.0.push(KeyParameter {
359             tag: Tag::CERTIFICATE_SUBJECT,
360             value: KeyParameterValue::Blob(b),
361         });
362         self
363     }
364 
365     /// Set unlocked-device-required
unlocked_device_required(mut self) -> Self366     pub fn unlocked_device_required(mut self) -> Self {
367         self.0.push(KeyParameter {
368             tag: Tag::UNLOCKED_DEVICE_REQUIRED,
369             value: KeyParameterValue::BoolValue(true),
370         });
371         self
372     }
373 
374     /// Set user secure ID.
user_secure_id(mut self, sid: i64) -> Self375     pub fn user_secure_id(mut self, sid: i64) -> Self {
376         self.0.push(KeyParameter {
377             tag: Tag::USER_SECURE_ID,
378             value: KeyParameterValue::LongInteger(sid),
379         });
380         self
381     }
382 
383     /// Set user auth type.
user_auth_type(mut self, auth_type: HardwareAuthenticatorType) -> Self384     pub fn user_auth_type(mut self, auth_type: HardwareAuthenticatorType) -> Self {
385         self.0.push(KeyParameter {
386             tag: Tag::USER_AUTH_TYPE,
387             value: KeyParameterValue::HardwareAuthenticatorType(auth_type),
388         });
389         self
390     }
391 
392     /// Set auth timeout.
auth_timeout(mut self, timeout_secs: i32) -> Self393     pub fn auth_timeout(mut self, timeout_secs: i32) -> Self {
394         self.0.push(KeyParameter {
395             tag: Tag::AUTH_TIMEOUT,
396             value: KeyParameterValue::Integer(timeout_secs),
397         });
398         self
399     }
400 }
401 
402 impl Deref for AuthSetBuilder {
403     type Target = Vec<KeyParameter>;
404 
deref(&self) -> &Self::Target405     fn deref(&self) -> &Self::Target {
406         &self.0
407     }
408 }
409