Lines Matching refs:authorization

119  * Access controls are defined as an "authorization list" of tag/value pairs.  Authorization tags
123  * or imported, the caller specifies an authorization list.  The IKeymasterDevice must divide the
140  * All authorization tags and their values, both hardwareEnforced and softwareEnforced, including
142  * modification of the portion of the key blob that contains the authorization list makes it
144  * approach to meet this requirement is to use the full set of authorization tags associated with a
194  * hardwareEnforced authorization list.  Tag::OS_VERSION, Tag::OS_PATCHLEVEL,
340      * passing in the StrongBox key's hardwareEnforced authorization list and the operation handle
573      *        installed.  If the authorization list in wrappedKeyData contains a Tag::USER_SECURE_ID
579      *        being installed.  If the authorization list in wrappedKeyData contains a
841      * with Tag::ROLLBACK_RESISTANCE in its hardware-enforced authorization list must render the key
852      * authorization lists must be rendered permanently unusable.  Keys without
892      * The following key authorization parameters must be enforced by the IKeymasterDevice secure
895      * KeyPurpose::VERIFY must be allowed to succeed even if authorization requirements are not met.
966      * Private key operations (KeyPurpose::DECRYPT and KeyPurpose::SIGN) need authorization of
1010      * operations, (KeyPurpose::SIGN), if the specified digest is not in the key's authorization
1105      * Key authorization enforcement is performed primarily in begin().  The one exception is the
1112      * In this case, the key requires an authorization per operation, and the update method must
1213      * Key authorization enforcement is performed primarily in begin().  The exceptions are
1214      * authorization per operation keys and confirmation-required keys.
1218      * an authorization per operation, and the finish method must receive a non-empty and valid