Implement key_parameter in Rust.
This contains the basic functionality of key parameter. Bug: 157664923 Test: atest --host keystore2_tests Change-Id: I6eb325f6403c976c48c98394ad2aad625f59d2a1
This commit is contained in:
parent
ce8c6af02a
commit
1248636ea9
3 changed files with 432 additions and 0 deletions
251
keystore2/src/key_parameter.rs
Normal file
251
keystore2/src/key_parameter.rs
Normal file
|
@ -0,0 +1,251 @@
|
|||
// Copyright 2020, The Android Open Source Project
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
//! KeyParameter is used to express different characteristics of a key requested by the user
|
||||
//! and enforced by the OEMs. This module implements the internal representation of KeyParameter
|
||||
//! and the methods to work with KeyParameter.
|
||||
|
||||
use crate::keymint_definitions::{
|
||||
Algorithm, BlockMode, Digest, EcCurve, HardwareAuthenticatorType, KeyBlobUsageRequirements,
|
||||
KeyOrigin, KeyPurpose, PaddingMode, SecurityLevel, Tag,
|
||||
};
|
||||
|
||||
/// KeyParameter wraps the KeyParameterValue and the security level at which it is enforced.
|
||||
pub struct KeyParameter {
|
||||
key_parameter_value: KeyParameterValue,
|
||||
security_level: SecurityLevel,
|
||||
}
|
||||
|
||||
/// KeyParameterValue holds a value corresponding to one of the Tags defined in
|
||||
/// the AIDL spec at hardware/interfaces/keymint
|
||||
#[derive(PartialEq, Debug)]
|
||||
pub enum KeyParameterValue {
|
||||
/// Associated with Tag:INVALID
|
||||
Invalid,
|
||||
/// Set of purposes for which the key may be used
|
||||
KeyPurpose(KeyPurpose),
|
||||
/// Cryptographic algorithm with which the key is used
|
||||
Algorithm(Algorithm),
|
||||
/// Size of the key , in bits
|
||||
KeySize(u32),
|
||||
/// Block cipher mode(s) with which the key may be used
|
||||
BlockMode(BlockMode),
|
||||
/// Digest algorithms that may be used with the key to perform signing and verification
|
||||
Digest(Digest),
|
||||
/// Padding modes that may be used with the key. Relevant to RSA, AES and 3DES keys.
|
||||
PaddingMode(PaddingMode),
|
||||
/// Can the caller provide a nonce for nonce-requiring operations
|
||||
CallerNonce,
|
||||
/// Minimum length of MAC for HMAC keys and AES keys that support GCM mode
|
||||
MinMacLength(u32),
|
||||
/// The elliptic curve
|
||||
EcCurve(EcCurve),
|
||||
/// Value of the public exponent for an RSA key pair
|
||||
RSAPublicExponent(u64),
|
||||
/// An attestation certificate for the generated key should contain an application-scoped
|
||||
/// and time-bounded device-unique ID
|
||||
IncludeUniqueID,
|
||||
/// Necessary system environment conditions for the generated key to be used
|
||||
KeyBlobUsageRequirements(KeyBlobUsageRequirements),
|
||||
/// Only the boot loader can use the key
|
||||
BootLoaderOnly,
|
||||
/// When deleted, the key is guaranteed to be permanently deleted and unusable
|
||||
RollbackResistance,
|
||||
//TODO: HARDWARE_TYPE reserved for future use
|
||||
/// The date and time at which the key becomes active
|
||||
ActiveDateTime(u64),
|
||||
/// The date and time at which the key expires for signing and encryption
|
||||
OriginationExpireDateTime(u64),
|
||||
/// The date and time at which the key expires for verification and decryption
|
||||
UsageExpireDateTime(u64),
|
||||
/// Minimum amount of time that elapses between allowed operations
|
||||
MinSecondsBetweenOps(u32),
|
||||
/// Maximum number of times that a key may be used between system reboots
|
||||
MaxUsesPerBoot(u32),
|
||||
/// ID of the Android user that is permitted to use the key
|
||||
UserID(u32),
|
||||
/// A key may only be used under a particular secure user authentication state
|
||||
UserSecureID(u64),
|
||||
/// No authentication is required to use this key
|
||||
NoAuthRequired,
|
||||
/// The types of user authenticators that may be used to authorize this key
|
||||
HardwareAuthenticatorType(HardwareAuthenticatorType),
|
||||
/// The time in seconds for which the key is authorized for use, after user authentication
|
||||
AuthTimeout(u32),
|
||||
/// The key may be used after authentication timeout if device is still on-body
|
||||
AllowWhileOnBody,
|
||||
/// The key must be unusable except when the user has provided proof of physical presence
|
||||
TrustedUserPresenceRequired,
|
||||
/// Applicable to keys with KeyPurpose SIGN, and specifies that this key must not be usable
|
||||
/// unless the user provides confirmation of the data to be signed
|
||||
TrustedConfirmationRequired,
|
||||
/// The key may only be used when the device is unlocked
|
||||
UnlockedDeviceRequired,
|
||||
/// When provided to generateKey or importKey, this tag specifies data
|
||||
/// that is necessary during all uses of the key
|
||||
ApplicationID(Vec<u8>),
|
||||
/// When provided to generateKey or importKey, this tag specifies data
|
||||
/// that is necessary during all uses of the key
|
||||
ApplicationData(Vec<u8>),
|
||||
/// Specifies the date and time the key was created
|
||||
CreationDateTime(u64),
|
||||
/// Specifies where the key was created, if known
|
||||
KeyOrigin(KeyOrigin),
|
||||
/// The key used by verified boot to validate the operating system booted
|
||||
RootOfTrust(Vec<u8>),
|
||||
/// System OS version with which the key may be used
|
||||
OSVersion(u32),
|
||||
/// Specifies the system security patch level with which the key may be used
|
||||
OSPatchLevel(u32),
|
||||
/// Specifies a unique, time-based identifier
|
||||
UniqueID(Vec<u8>),
|
||||
/// Used to deliver a "challenge" value to the attestKey() method
|
||||
AttestationChallenge(Vec<u8>),
|
||||
/// The set of applications which may use a key, used only with attestKey()
|
||||
AttestationApplicationID(Vec<u8>),
|
||||
/// Provides the device's brand name, to attestKey()
|
||||
AttestationIdBrand(Vec<u8>),
|
||||
/// Provides the device's device name, to attestKey()
|
||||
AttestationIdDevice(Vec<u8>),
|
||||
/// Provides the device's product name, to attestKey()
|
||||
AttestationIdProduct(Vec<u8>),
|
||||
/// Provides the device's serial number, to attestKey()
|
||||
AttestationIdSerial(Vec<u8>),
|
||||
/// Provides the IMEIs for all radios on the device, to attestKey()
|
||||
AttestationIdIMEI(Vec<u8>),
|
||||
/// Provides the MEIDs for all radios on the device, to attestKey()
|
||||
AttestationIdMEID(Vec<u8>),
|
||||
/// Provides the device's manufacturer name, to attestKey()
|
||||
AttestationIdManufacturer(Vec<u8>),
|
||||
/// Provides the device's model name, to attestKey()
|
||||
AttestationIdModel(Vec<u8>),
|
||||
/// Specifies the vendor image security patch level with which the key may be used
|
||||
VendorPatchLevel(u32),
|
||||
/// Specifies the boot image (kernel) security patch level with which the key may be used
|
||||
BootPatchLevel(u32),
|
||||
/// Provides "associated data" for AES-GCM encryption or decryption
|
||||
AssociatedData(Vec<u8>),
|
||||
/// Provides or returns a nonce or Initialization Vector (IV) for AES-GCM,
|
||||
/// AES-CBC, AES-CTR, or 3DES-CBC encryption or decryption
|
||||
Nonce(Vec<u8>),
|
||||
/// Provides the requested length of a MAC or GCM authentication tag, in bits
|
||||
MacLength(u32),
|
||||
/// Specifies whether the device has been factory reset since the
|
||||
/// last unique ID rotation. Used for key attestation
|
||||
ResetSinceIdRotation,
|
||||
/// Used to deliver a cryptographic token proving that the user
|
||||
/// confirmed a signing request
|
||||
ConfirmationToken(Vec<u8>),
|
||||
}
|
||||
|
||||
impl KeyParameter {
|
||||
/// Create an instance of KeyParameter, given the value and the security level.
|
||||
pub fn new(key_parameter_value: KeyParameterValue, security_level: SecurityLevel) -> Self {
|
||||
KeyParameter { key_parameter_value, security_level }
|
||||
}
|
||||
|
||||
/// Returns the tag given the KeyParameter instance.
|
||||
pub fn get_tag(&self) -> Tag {
|
||||
match self.key_parameter_value {
|
||||
KeyParameterValue::Invalid => Tag::INVALID,
|
||||
KeyParameterValue::KeyPurpose(_) => Tag::PURPOSE,
|
||||
KeyParameterValue::Algorithm(_) => Tag::ALGORITHM,
|
||||
KeyParameterValue::KeySize(_) => Tag::KEY_SIZE,
|
||||
KeyParameterValue::BlockMode(_) => Tag::BLOCK_MODE,
|
||||
KeyParameterValue::Digest(_) => Tag::DIGEST,
|
||||
KeyParameterValue::PaddingMode(_) => Tag::PADDING,
|
||||
KeyParameterValue::CallerNonce => Tag::CALLER_NONCE,
|
||||
KeyParameterValue::MinMacLength(_) => Tag::MIN_MAC_LENGTH,
|
||||
KeyParameterValue::EcCurve(_) => Tag::EC_CURVE,
|
||||
KeyParameterValue::RSAPublicExponent(_) => Tag::RSA_PUBLIC_EXPONENT,
|
||||
KeyParameterValue::IncludeUniqueID => Tag::INCLUDE_UNIQUE_ID,
|
||||
KeyParameterValue::KeyBlobUsageRequirements(_) => Tag::BLOB_USAGE_REQUIREMENTS,
|
||||
KeyParameterValue::BootLoaderOnly => Tag::BOOTLOADER_ONLY,
|
||||
KeyParameterValue::RollbackResistance => Tag::ROLLBACK_RESISTANCE,
|
||||
KeyParameterValue::ActiveDateTime(_) => Tag::ACTIVE_DATETIME,
|
||||
KeyParameterValue::OriginationExpireDateTime(_) => Tag::ORIGINATION_EXPIRE_DATETIME,
|
||||
KeyParameterValue::UsageExpireDateTime(_) => Tag::USAGE_EXPIRE_DATETIME,
|
||||
KeyParameterValue::MinSecondsBetweenOps(_) => Tag::MIN_SECONDS_BETWEEN_OPS,
|
||||
KeyParameterValue::MaxUsesPerBoot(_) => Tag::MAX_USES_PER_BOOT,
|
||||
KeyParameterValue::UserID(_) => Tag::USER_ID,
|
||||
KeyParameterValue::UserSecureID(_) => Tag::USER_SECURE_ID,
|
||||
KeyParameterValue::NoAuthRequired => Tag::NO_AUTH_REQUIRED,
|
||||
KeyParameterValue::HardwareAuthenticatorType(_) => Tag::USER_AUTH_TYPE,
|
||||
KeyParameterValue::AuthTimeout(_) => Tag::AUTH_TIMEOUT,
|
||||
KeyParameterValue::AllowWhileOnBody => Tag::ALLOW_WHILE_ON_BODY,
|
||||
KeyParameterValue::TrustedUserPresenceRequired => Tag::TRUSTED_USER_PRESENCE_REQUIRED,
|
||||
KeyParameterValue::TrustedConfirmationRequired => Tag::TRUSTED_CONFIRMATION_REQUIRED,
|
||||
KeyParameterValue::UnlockedDeviceRequired => Tag::UNLOCKED_DEVICE_REQUIRED,
|
||||
KeyParameterValue::ApplicationID(_) => Tag::APPLICATION_ID,
|
||||
KeyParameterValue::ApplicationData(_) => Tag::APPLICATION_DATA,
|
||||
KeyParameterValue::CreationDateTime(_) => Tag::CREATION_DATETIME,
|
||||
KeyParameterValue::KeyOrigin(_) => Tag::ORIGIN,
|
||||
KeyParameterValue::RootOfTrust(_) => Tag::ROOT_OF_TRUST,
|
||||
KeyParameterValue::OSVersion(_) => Tag::OS_VERSION,
|
||||
KeyParameterValue::OSPatchLevel(_) => Tag::OS_PATCHLEVEL,
|
||||
KeyParameterValue::UniqueID(_) => Tag::UNIQUE_ID,
|
||||
KeyParameterValue::AttestationChallenge(_) => Tag::ATTESTATION_CHALLENGE,
|
||||
KeyParameterValue::AttestationApplicationID(_) => Tag::ATTESTATION_APPLICATION_ID,
|
||||
KeyParameterValue::AttestationIdBrand(_) => Tag::ATTESTATION_ID_BRAND,
|
||||
KeyParameterValue::AttestationIdDevice(_) => Tag::ATTESTATION_ID_DEVICE,
|
||||
KeyParameterValue::AttestationIdProduct(_) => Tag::ATTESTATION_ID_PRODUCT,
|
||||
KeyParameterValue::AttestationIdSerial(_) => Tag::ATTESTATION_ID_SERIAL,
|
||||
KeyParameterValue::AttestationIdIMEI(_) => Tag::ATTESTATION_ID_IMEI,
|
||||
KeyParameterValue::AttestationIdMEID(_) => Tag::ATTESTATION_ID_MEID,
|
||||
KeyParameterValue::AttestationIdManufacturer(_) => Tag::ATTESTATION_ID_MANUFACTURER,
|
||||
KeyParameterValue::AttestationIdModel(_) => Tag::ATTESTATION_ID_MODEL,
|
||||
KeyParameterValue::VendorPatchLevel(_) => Tag::VENDOR_PATCHLEVEL,
|
||||
KeyParameterValue::BootPatchLevel(_) => Tag::BOOT_PATCHLEVEL,
|
||||
KeyParameterValue::AssociatedData(_) => Tag::ASSOCIATED_DATA,
|
||||
KeyParameterValue::Nonce(_) => Tag::NONCE,
|
||||
KeyParameterValue::MacLength(_) => Tag::MAC_LENGTH,
|
||||
KeyParameterValue::ResetSinceIdRotation => Tag::RESET_SINCE_ID_ROTATION,
|
||||
KeyParameterValue::ConfirmationToken(_) => Tag::CONFIRMATION_TOKEN,
|
||||
}
|
||||
}
|
||||
|
||||
/// Returns key parameter value.
|
||||
pub fn key_parameter_value(&self) -> &KeyParameterValue {
|
||||
&self.key_parameter_value
|
||||
}
|
||||
|
||||
/// Returns the security level of a KeyParameter.
|
||||
pub fn security_level(&self) -> &SecurityLevel {
|
||||
&self.security_level
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod basic_tests {
|
||||
use crate::key_parameter::*;
|
||||
use crate::keymint_definitions::{SecurityLevel, Tag};
|
||||
|
||||
// Test basic functionality of KeyParameter.
|
||||
#[test]
|
||||
fn test_key_parameter() {
|
||||
let key_parameter = KeyParameter::new(
|
||||
KeyParameterValue::Algorithm(Algorithm::RSA),
|
||||
SecurityLevel::STRONGBOX,
|
||||
);
|
||||
|
||||
assert_eq!(key_parameter.get_tag(), Tag::ALGORITHM);
|
||||
|
||||
assert_eq!(
|
||||
*key_parameter.key_parameter_value(),
|
||||
KeyParameterValue::Algorithm(Algorithm::RSA)
|
||||
);
|
||||
|
||||
assert_eq!(*key_parameter.security_level(), SecurityLevel::STRONGBOX);
|
||||
}
|
||||
}
|
177
keystore2/src/keymint_definitions.rs
Normal file
177
keystore2/src/keymint_definitions.rs
Normal file
|
@ -0,0 +1,177 @@
|
|||
// Copyright 2020, The Android Open Source Project
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#![allow(non_camel_case_types)]
|
||||
#![allow(missing_docs)]
|
||||
|
||||
/// This is the current interface for the code to-be-generated from the keymint AIDL.
|
||||
/// The AIDL spec is at" hardware/interfaces/keymint
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug)]
|
||||
pub enum TagType {
|
||||
INVALID = 0 << 28,
|
||||
ENUM = 1 << 28,
|
||||
ENUM_REP = 2 << 28,
|
||||
UINT = 3 << 28,
|
||||
UINT_REP = 4 << 28,
|
||||
ULONG = 5 << 28,
|
||||
DATE = 6 << 28,
|
||||
BOOL = 7 << 28,
|
||||
BIGNUM = 8 << 28,
|
||||
BYTES = 9 << 28,
|
||||
ULONG_REP = 10 << 28,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum Tag {
|
||||
INVALID = TagType::INVALID as u32,
|
||||
PURPOSE = TagType::ENUM_REP as u32 | 1,
|
||||
ALGORITHM = TagType::ENUM as u32 | 2,
|
||||
KEY_SIZE = TagType::UINT as u32 | 3,
|
||||
BLOCK_MODE = TagType::ENUM_REP as u32 | 4,
|
||||
DIGEST = TagType::ENUM_REP as u32 | 5,
|
||||
PADDING = TagType::ENUM_REP as u32 | 6,
|
||||
CALLER_NONCE = TagType::BOOL as u32 | 7,
|
||||
MIN_MAC_LENGTH = TagType::UINT as u32 | 8,
|
||||
EC_CURVE = TagType::ENUM as u32 | 10,
|
||||
RSA_PUBLIC_EXPONENT = TagType::ULONG as u32 | 200,
|
||||
INCLUDE_UNIQUE_ID = TagType::BOOL as u32 | 202,
|
||||
BLOB_USAGE_REQUIREMENTS = TagType::ENUM as u32 | 301,
|
||||
BOOTLOADER_ONLY = TagType::BOOL as u32 | 302,
|
||||
ROLLBACK_RESISTANCE = TagType::BOOL as u32 | 303,
|
||||
ACTIVE_DATETIME = TagType::DATE as u32 | 400,
|
||||
ORIGINATION_EXPIRE_DATETIME = TagType::DATE as u32 | 401,
|
||||
USAGE_EXPIRE_DATETIME = TagType::DATE as u32 | 402,
|
||||
MIN_SECONDS_BETWEEN_OPS = TagType::UINT as u32 | 403,
|
||||
MAX_USES_PER_BOOT = TagType::UINT as u32 | 404,
|
||||
USER_ID = TagType::UINT as u32 | 501,
|
||||
USER_SECURE_ID = TagType::ULONG_REP as u32 | 502,
|
||||
NO_AUTH_REQUIRED = TagType::BOOL as u32 | 503,
|
||||
USER_AUTH_TYPE = TagType::ENUM as u32 | 504,
|
||||
AUTH_TIMEOUT = TagType::UINT as u32 | 505,
|
||||
ALLOW_WHILE_ON_BODY = TagType::BOOL as u32 | 506,
|
||||
TRUSTED_USER_PRESENCE_REQUIRED = TagType::BOOL as u32 | 507,
|
||||
TRUSTED_CONFIRMATION_REQUIRED = TagType::BOOL as u32 | 508,
|
||||
UNLOCKED_DEVICE_REQUIRED = TagType::BOOL as u32 | 509,
|
||||
APPLICATION_ID = TagType::BYTES as u32 | 601,
|
||||
APPLICATION_DATA = TagType::BYTES as u32 | 700,
|
||||
CREATION_DATETIME = TagType::DATE as u32 | 701,
|
||||
ORIGIN = TagType::ENUM as u32 | 702,
|
||||
ROOT_OF_TRUST = TagType::BYTES as u32 | 704,
|
||||
OS_VERSION = TagType::UINT as u32 | 705,
|
||||
OS_PATCHLEVEL = TagType::UINT as u32 | 706,
|
||||
UNIQUE_ID = TagType::BYTES as u32 | 707,
|
||||
ATTESTATION_CHALLENGE = TagType::BYTES as u32 | 708,
|
||||
ATTESTATION_APPLICATION_ID = TagType::BYTES as u32 | 709,
|
||||
ATTESTATION_ID_BRAND = TagType::BYTES as u32 | 710,
|
||||
ATTESTATION_ID_DEVICE = TagType::BYTES as u32 | 711,
|
||||
ATTESTATION_ID_PRODUCT = TagType::BYTES as u32 | 712,
|
||||
ATTESTATION_ID_SERIAL = TagType::BYTES as u32 | 713,
|
||||
ATTESTATION_ID_IMEI = TagType::BYTES as u32 | 714,
|
||||
ATTESTATION_ID_MEID = TagType::BYTES as u32 | 715,
|
||||
ATTESTATION_ID_MANUFACTURER = TagType::BYTES as u32 | 716,
|
||||
ATTESTATION_ID_MODEL = TagType::BYTES as u32 | 717,
|
||||
VENDOR_PATCHLEVEL = TagType::UINT as u32 | 718,
|
||||
BOOT_PATCHLEVEL = TagType::UINT as u32 | 719,
|
||||
ASSOCIATED_DATA = TagType::BYTES as u32 | 1000,
|
||||
NONCE = TagType::BYTES as u32 | 1001,
|
||||
MAC_LENGTH = TagType::UINT as u32 | 1003,
|
||||
RESET_SINCE_ID_ROTATION = TagType::BOOL as u32 | 1004,
|
||||
CONFIRMATION_TOKEN = TagType::BYTES as u32 | 1005,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum Algorithm {
|
||||
RSA = 1,
|
||||
EC = 3,
|
||||
AES = 32,
|
||||
TRIPLE_DES = 33,
|
||||
HMAC = 128,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum BlockMode {
|
||||
ECB = 1,
|
||||
CBC = 2,
|
||||
CTR = 3,
|
||||
GCM = 32,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum PaddingMode {
|
||||
NONE = 1,
|
||||
RSA_OAEP = 2,
|
||||
RSA_PSS = 3,
|
||||
RSA_PKCS1_1_5_ENCRYPT = 4,
|
||||
RSA_PKCS1_1_5_SIGN = 5,
|
||||
PKCS7 = 64,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum Digest {
|
||||
NONE = 0,
|
||||
MD5 = 1,
|
||||
SHA1 = 2,
|
||||
SHA_2_224 = 3,
|
||||
SHA_2_256 = 4,
|
||||
SHA_2_384 = 5,
|
||||
SHA_2_512 = 6,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum EcCurve {
|
||||
P_224 = 0,
|
||||
P_256 = 1,
|
||||
P_384 = 2,
|
||||
P_521 = 3,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum KeyOrigin {
|
||||
GENERATED = 0,
|
||||
DERIVED = 1,
|
||||
IMPORTED = 2,
|
||||
UNKNOWN = 3,
|
||||
SECURELY_IMPORTED = 4,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum KeyBlobUsageRequirements {
|
||||
STANDALONE = 0,
|
||||
REQUIRES_FILE_SYSTEM = 1,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum KeyPurpose {
|
||||
ENCRYPT = 0,
|
||||
DECRYPT = 1,
|
||||
SIGN = 2,
|
||||
VERIFY = 3,
|
||||
WRAP_KEY = 5,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum HardwareAuthenticatorType {
|
||||
NONE = 0,
|
||||
PASSWORD = 1,
|
||||
FINGERPRINT = 1 << 1,
|
||||
ANY = (0xFFFFFFFF as u32) as u32,
|
||||
}
|
||||
#[repr(u32)]
|
||||
#[derive(PartialEq, Debug, Copy, Clone)]
|
||||
pub enum SecurityLevel {
|
||||
SOFTWARE = 0,
|
||||
TRUSTED_ENVIRONMENT = 1,
|
||||
STRONGBOX = 2,
|
||||
}
|
|
@ -16,4 +16,8 @@
|
|||
|
||||
pub mod database;
|
||||
pub mod error;
|
||||
/// Internal Representation of Key Parameter and convenience functions.
|
||||
pub mod key_parameter;
|
||||
/// Internal interface for the code to-be-generated from the keymint AIDL
|
||||
pub mod keymint_definitions;
|
||||
pub mod permission;
|
||||
|
|
Loading…
Reference in a new issue