Lines Matching refs:keymint
45 namespace keymint = ::aidl::android::hardware::security::keymint;
56 keymint::AuthorizationSet parameters;
111 keymint::SecurityLevel securitylevel) { in GetSecurityLevelInterface()
120 return !(a.securityLevel == keymint::SecurityLevel::SOFTWARE || in isHardwareEnforced()
121 a.securityLevel == keymint::SecurityLevel::KEYSTORE); in isHardwareEnforced()
150 return a.keyParameter.tag == keymint::Tag::ALGORITHM && in verifyEncryptionKeyAttributes()
152 keymint::KeyParameterValue::make<keymint::KeyParameterValue::algorithm>( in verifyEncryptionKeyAttributes()
153 keymint::Algorithm::AES); in verifyEncryptionKeyAttributes()
159 return a.keyParameter.tag == keymint::Tag::KEY_SIZE && in verifyEncryptionKeyAttributes()
161 keymint::KeyParameterValue::make<keymint::KeyParameterValue::integer>( in verifyEncryptionKeyAttributes()
168 return a.keyParameter.tag == keymint::Tag::BLOCK_MODE && in verifyEncryptionKeyAttributes()
170 keymint::KeyParameterValue::make<keymint::KeyParameterValue::blockMode>( in verifyEncryptionKeyAttributes()
171 keymint::BlockMode::CBC); in verifyEncryptionKeyAttributes()
177 return a.keyParameter.tag == keymint::Tag::PADDING && in verifyEncryptionKeyAttributes()
179 keymint::KeyParameterValue::make<keymint::KeyParameterValue::paddingMode>( in verifyEncryptionKeyAttributes()
180 keymint::PaddingMode::PKCS7); in verifyEncryptionKeyAttributes()
191 return a.keyParameter.tag == keymint::Tag::ALGORITHM && in verifyAuthenticationKeyAttributes()
193 keymint::KeyParameterValue::make<keymint::KeyParameterValue::algorithm>( in verifyAuthenticationKeyAttributes()
194 keymint::Algorithm::HMAC); in verifyAuthenticationKeyAttributes()
200 return a.keyParameter.tag == keymint::Tag::KEY_SIZE && in verifyAuthenticationKeyAttributes()
202 keymint::KeyParameterValue::make<keymint::KeyParameterValue::integer>( in verifyAuthenticationKeyAttributes()
209 return a.keyParameter.tag == keymint::Tag::MIN_MAC_LENGTH && in verifyAuthenticationKeyAttributes()
211 keymint::KeyParameterValue::make<keymint::KeyParameterValue::integer>( in verifyAuthenticationKeyAttributes()
218 return a.keyParameter.tag == keymint::Tag::DIGEST && in verifyAuthenticationKeyAttributes()
220 keymint::KeyParameterValue::make<keymint::KeyParameterValue::digest>( in verifyAuthenticationKeyAttributes()
221 keymint::Digest::SHA_2_256); in verifyAuthenticationKeyAttributes()
227 loadOrCreateAndVerifyEncryptionKey(const std::string& name, keymint::SecurityLevel securityLevel, in loadOrCreateAndVerifyEncryptionKey()
247 auto params = keymint::AuthorizationSetBuilder() in loadOrCreateAndVerifyEncryptionKey()
249 .Padding(keymint::PaddingMode::PKCS7) in loadOrCreateAndVerifyEncryptionKey()
250 .Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CBC) in loadOrCreateAndVerifyEncryptionKey()
251 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in loadOrCreateAndVerifyEncryptionKey()
281 keymint::SecurityLevel securityLevel, bool create) { in loadOrCreateAndVerifyAuthenticationKey()
300 auto params = keymint::AuthorizationSetBuilder() in loadOrCreateAndVerifyAuthenticationKey()
302 .Digest(keymint::Digest::SHA_2_256) in loadOrCreateAndVerifyAuthenticationKey()
303 .Authorization(keymint::TAG_MIN_MAC_LENGTH, kHMACOutputSize) in loadOrCreateAndVerifyAuthenticationKey()
304 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in loadOrCreateAndVerifyAuthenticationKey()
334 keymint::SecurityLevel securityLevel) { in encryptWithAuthentication()
356 auto encrypt_params = keymint::AuthorizationSetBuilder() in encryptWithAuthentication()
357 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::ENCRYPT) in encryptWithAuthentication()
358 .Padding(keymint::PaddingMode::PKCS7) in encryptWithAuthentication()
359 .Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CBC); in encryptWithAuthentication()
380 if (auto iv = keymint::authorizationValue(keymint::TAG_NONCE, p)) { in encryptWithAuthentication()
401 auto sign_params = keymint::AuthorizationSetBuilder() in encryptWithAuthentication()
402 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::SIGN) in encryptWithAuthentication()
403 .Digest(keymint::Digest::SHA_2_256) in encryptWithAuthentication()
404 .Authorization(keymint::TAG_MAC_LENGTH, kHMACOutputSize); in encryptWithAuthentication()
458 encryption_key_name, keymint::SecurityLevel::KEYSTORE /* ignored */, false /* create */); in decryptWithAuthentication()
466 authentication_key_name, keymint::SecurityLevel::KEYSTORE /* ignored */, in decryptWithAuthentication()
475 auto sign_params = keymint::AuthorizationSetBuilder() in decryptWithAuthentication()
476 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::VERIFY) in decryptWithAuthentication()
477 .Digest(keymint::Digest::SHA_2_256) in decryptWithAuthentication()
478 .Authorization(keymint::TAG_MAC_LENGTH, kHMACOutputSize); in decryptWithAuthentication()
506 auto encrypt_params = keymint::AuthorizationSetBuilder() in decryptWithAuthentication()
507 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::DECRYPT) in decryptWithAuthentication()
508 .Authorization(keymint::TAG_NONCE, protobuf.init_vector().data(), in decryptWithAuthentication()
510 .Padding(keymint::PaddingMode::PKCS7) in decryptWithAuthentication()
511 .Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CBC); in decryptWithAuthentication()
541 const std::vector<keymint::KeyParameter>& parameters) { in TestKey()
544 GetSecurityLevelInterface(keystore, keymint::SecurityLevel::TRUSTED_ENVIRONMENT); in TestKey()
578 (a.keyParameter.tag == keymint::Tag::ALGORITHM || in TestKey()
579 a.keyParameter.tag == keymint::Tag::KEY_SIZE || in TestKey()
580 a.keyParameter.tag == keymint::Tag::RSA_PUBLIC_EXPONENT); in TestKey()
595 keymint::AuthorizationSet GetRSASignParameters(uint32_t key_size, bool sha256_only) { in GetRSASignParameters()
596 keymint::AuthorizationSetBuilder parameters; in GetRSASignParameters()
598 .Digest(keymint::Digest::SHA_2_256) in GetRSASignParameters()
599 .Padding(keymint::PaddingMode::RSA_PKCS1_1_5_SIGN) in GetRSASignParameters()
600 .Padding(keymint::PaddingMode::RSA_PSS) in GetRSASignParameters()
601 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetRSASignParameters()
603 parameters.Digest(keymint::Digest::SHA_2_224) in GetRSASignParameters()
604 .Digest(keymint::Digest::SHA_2_384) in GetRSASignParameters()
605 .Digest(keymint::Digest::SHA_2_512); in GetRSASignParameters()
610 keymint::AuthorizationSet GetRSAEncryptParameters(uint32_t key_size) { in GetRSAEncryptParameters()
611 keymint::AuthorizationSetBuilder parameters; in GetRSAEncryptParameters()
613 .Padding(keymint::PaddingMode::RSA_PKCS1_1_5_ENCRYPT) in GetRSAEncryptParameters()
614 .Padding(keymint::PaddingMode::RSA_OAEP) in GetRSAEncryptParameters()
615 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetRSAEncryptParameters()
619 keymint::AuthorizationSet GetECDSAParameters(uint32_t key_size, bool sha256_only) { in GetECDSAParameters()
620 keymint::AuthorizationSetBuilder parameters; in GetECDSAParameters()
622 .Digest(keymint::Digest::SHA_2_256) in GetECDSAParameters()
623 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetECDSAParameters()
625 parameters.Digest(keymint::Digest::SHA_2_224) in GetECDSAParameters()
626 .Digest(keymint::Digest::SHA_2_384) in GetECDSAParameters()
627 .Digest(keymint::Digest::SHA_2_512); in GetECDSAParameters()
632 keymint::AuthorizationSet GetAESParameters(uint32_t key_size, bool with_gcm_mode) { in GetAESParameters()
633 keymint::AuthorizationSetBuilder parameters; in GetAESParameters()
634 parameters.AesEncryptionKey(key_size).Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetAESParameters()
636 parameters.Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::GCM) in GetAESParameters()
637 .Authorization(keymint::TAG_MIN_MAC_LENGTH, 128); in GetAESParameters()
639 parameters.Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::ECB); in GetAESParameters()
640 parameters.Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CBC); in GetAESParameters()
641 parameters.Authorization(keymint::TAG_BLOCK_MODE, keymint::BlockMode::CTR); in GetAESParameters()
642 parameters.Padding(keymint::PaddingMode::NONE); in GetAESParameters()
647 keymint::AuthorizationSet GetHMACParameters(uint32_t key_size, keymint::Digest digest) { in GetHMACParameters()
648 keymint::AuthorizationSetBuilder parameters; in GetHMACParameters()
651 .Authorization(keymint::TAG_MIN_MAC_LENGTH, 224) in GetHMACParameters()
652 .Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GetHMACParameters()
674 {"HMAC-SHA256-16", true, GetHMACParameters(16, keymint::Digest::SHA_2_256)}, in GetTestCases()
675 {"HMAC-SHA256-32", true, GetHMACParameters(32, keymint::Digest::SHA_2_256)}, in GetTestCases()
676 {"HMAC-SHA256-64", false, GetHMACParameters(64, keymint::Digest::SHA_2_256)}, in GetTestCases()
677 {"HMAC-SHA224-32", false, GetHMACParameters(32, keymint::Digest::SHA_2_224)}, in GetTestCases()
678 {"HMAC-SHA384-32", false, GetHMACParameters(32, keymint::Digest::SHA_2_384)}, in GetTestCases()
679 {"HMAC-SHA512-32", false, GetHMACParameters(32, keymint::Digest::SHA_2_512)}, in GetTestCases()
747 int GenerateKey(const std::string& name, keymint::SecurityLevel securityLevel, bool auth_bound) { in GenerateKey()
750 keymint::AuthorizationSetBuilder params; in GenerateKey()
752 .Digest(keymint::Digest::SHA_2_224) in GenerateKey()
753 .Digest(keymint::Digest::SHA_2_256) in GenerateKey()
754 .Digest(keymint::Digest::SHA_2_384) in GenerateKey()
755 .Digest(keymint::Digest::SHA_2_512) in GenerateKey()
756 .Padding(keymint::PaddingMode::RSA_PKCS1_1_5_SIGN) in GenerateKey()
757 .Padding(keymint::PaddingMode::RSA_PSS); in GenerateKey()
761 params.Authorization(keymint::TAG_USER_SECURE_ID, 0); in GenerateKey()
763 params.Authorization(keymint::TAG_NO_AUTH_REQUIRED); in GenerateKey()
867 auto sign_params = keymint::AuthorizationSetBuilder() in SignAndVerify()
868 .Authorization(keymint::TAG_PURPOSE, keymint::KeyPurpose::SIGN) in SignAndVerify()
869 .Padding(keymint::PaddingMode::RSA_PKCS1_1_5_SIGN) in SignAndVerify()
870 .Digest(keymint::Digest::SHA_2_256); in SignAndVerify()
872 keymint::AuthorizationSet output_params; in SignAndVerify()
935 const std::string& output_filename, keymint::SecurityLevel securityLevel) { in Encrypt()
958 keymint::SecurityLevel securityLevelOption2SecurlityLevel(const CommandLine& cmd) { in securityLevelOption2SecurlityLevel()
962 return keymint::SecurityLevel::STRONGBOX; in securityLevelOption2SecurlityLevel()
964 return keymint::SecurityLevel::TRUSTED_ENVIRONMENT; in securityLevelOption2SecurlityLevel()
969 return keymint::SecurityLevel::TRUSTED_ENVIRONMENT; in securityLevelOption2SecurlityLevel()