1*e1997b9aSAndroid Build Coastguard Worker // Copyright 2020, The Android Open Source Project
2*e1997b9aSAndroid Build Coastguard Worker //
3*e1997b9aSAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License");
4*e1997b9aSAndroid Build Coastguard Worker // you may not use this file except in compliance with the License.
5*e1997b9aSAndroid Build Coastguard Worker // You may obtain a copy of the License at
6*e1997b9aSAndroid Build Coastguard Worker //
7*e1997b9aSAndroid Build Coastguard Worker // http://www.apache.org/licenses/LICENSE-2.0
8*e1997b9aSAndroid Build Coastguard Worker //
9*e1997b9aSAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software
10*e1997b9aSAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS,
11*e1997b9aSAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*e1997b9aSAndroid Build Coastguard Worker // See the License for the specific language governing permissions and
13*e1997b9aSAndroid Build Coastguard Worker // limitations under the License.
14*e1997b9aSAndroid Build Coastguard Worker
15*e1997b9aSAndroid Build Coastguard Worker //! Key parameters are declared by KeyMint to describe properties of keys and operations.
16*e1997b9aSAndroid Build Coastguard Worker //! During key generation and import, key parameters are used to characterize a key, its usage
17*e1997b9aSAndroid Build Coastguard Worker //! restrictions, and additional parameters for attestation. During the lifetime of the key,
18*e1997b9aSAndroid Build Coastguard Worker //! the key characteristics are expressed as set of key parameters. During cryptographic
19*e1997b9aSAndroid Build Coastguard Worker //! operations, clients may specify additional operation specific parameters.
20*e1997b9aSAndroid Build Coastguard Worker //! This module provides a Keystore 2.0 internal representation for key parameters and
21*e1997b9aSAndroid Build Coastguard Worker //! implements traits to convert it from and into KeyMint KeyParameters and store it in
22*e1997b9aSAndroid Build Coastguard Worker //! the SQLite database.
23*e1997b9aSAndroid Build Coastguard Worker //!
24*e1997b9aSAndroid Build Coastguard Worker //! ## Synopsis
25*e1997b9aSAndroid Build Coastguard Worker //!
26*e1997b9aSAndroid Build Coastguard Worker //! enum KeyParameterValue {
27*e1997b9aSAndroid Build Coastguard Worker //! Invalid,
28*e1997b9aSAndroid Build Coastguard Worker //! Algorithm(Algorithm),
29*e1997b9aSAndroid Build Coastguard Worker //! ...
30*e1997b9aSAndroid Build Coastguard Worker //! }
31*e1997b9aSAndroid Build Coastguard Worker //!
32*e1997b9aSAndroid Build Coastguard Worker //! impl KeyParameterValue {
33*e1997b9aSAndroid Build Coastguard Worker //! pub fn get_tag(&self) -> Tag;
34*e1997b9aSAndroid Build Coastguard Worker //! pub fn new_from_sql(tag: Tag, data: &SqlField) -> Result<Self>;
35*e1997b9aSAndroid Build Coastguard Worker //! pub fn new_from_tag_primitive_pair<T: Into<Primitive>>(tag: Tag, v: T)
36*e1997b9aSAndroid Build Coastguard Worker //! -> Result<Self, PrimitiveError>;
37*e1997b9aSAndroid Build Coastguard Worker //! fn to_sql(&self) -> SqlResult<ToSqlOutput>
38*e1997b9aSAndroid Build Coastguard Worker //! }
39*e1997b9aSAndroid Build Coastguard Worker //!
40*e1997b9aSAndroid Build Coastguard Worker //! use ...::keymint::KeyParameter as KmKeyParameter;
41*e1997b9aSAndroid Build Coastguard Worker //! impl Into<KmKeyParameter> for KeyParameterValue {}
42*e1997b9aSAndroid Build Coastguard Worker //! impl From<KmKeyParameter> for KeyParameterValue {}
43*e1997b9aSAndroid Build Coastguard Worker //!
44*e1997b9aSAndroid Build Coastguard Worker //! ## Implementation
45*e1997b9aSAndroid Build Coastguard Worker //! Each of the six functions is implemented as match statement over each key parameter variant.
46*e1997b9aSAndroid Build Coastguard Worker //! We bootstrap these function as well as the KeyParameterValue enum itself from a single list
47*e1997b9aSAndroid Build Coastguard Worker //! of key parameters, that needs to be kept in sync with the KeyMint AIDL specification.
48*e1997b9aSAndroid Build Coastguard Worker //!
49*e1997b9aSAndroid Build Coastguard Worker //! The list resembles an enum declaration with a few extra fields.
50*e1997b9aSAndroid Build Coastguard Worker //! enum KeyParameterValue {
51*e1997b9aSAndroid Build Coastguard Worker //! Invalid with tag INVALID and field Invalid,
52*e1997b9aSAndroid Build Coastguard Worker //! Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
53*e1997b9aSAndroid Build Coastguard Worker //! ...
54*e1997b9aSAndroid Build Coastguard Worker //! }
55*e1997b9aSAndroid Build Coastguard Worker //! The tag corresponds to the variant of the keymint::Tag, and the field corresponds to the
56*e1997b9aSAndroid Build Coastguard Worker //! variant of the keymint::KeyParameterValue union. There is no one to one mapping between
57*e1997b9aSAndroid Build Coastguard Worker //! tags and union fields, e.g., the values of both tags BOOT_PATCHLEVEL and VENDOR_PATCHLEVEL
58*e1997b9aSAndroid Build Coastguard Worker //! are stored in the Integer field.
59*e1997b9aSAndroid Build Coastguard Worker //!
60*e1997b9aSAndroid Build Coastguard Worker //! The macros interpreting them all follow a similar pattern and follow the following fragment
61*e1997b9aSAndroid Build Coastguard Worker //! naming scheme:
62*e1997b9aSAndroid Build Coastguard Worker //!
63*e1997b9aSAndroid Build Coastguard Worker //! Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
64*e1997b9aSAndroid Build Coastguard Worker //! $vname $(($vtype ))? with tag $tag_name and field $field_name,
65*e1997b9aSAndroid Build Coastguard Worker //!
66*e1997b9aSAndroid Build Coastguard Worker //! Further, KeyParameterValue appears in the macro as $enum_name.
67*e1997b9aSAndroid Build Coastguard Worker //! Note that $vtype is optional to accommodate variants like Invalid which don't wrap a value.
68*e1997b9aSAndroid Build Coastguard Worker //!
69*e1997b9aSAndroid Build Coastguard Worker //! In some cases $vtype is not part of the expansion, but we still have to modify the expansion
70*e1997b9aSAndroid Build Coastguard Worker //! depending on the presence of $vtype. In these cases we recurse through the list following the
71*e1997b9aSAndroid Build Coastguard Worker //! following pattern:
72*e1997b9aSAndroid Build Coastguard Worker //!
73*e1997b9aSAndroid Build Coastguard Worker //! (@<marker> <non repeating args>, [<out list>], [<in list>])
74*e1997b9aSAndroid Build Coastguard Worker //!
75*e1997b9aSAndroid Build Coastguard Worker //! These macros usually have four rules:
76*e1997b9aSAndroid Build Coastguard Worker //! * Two main recursive rules, of the form:
77*e1997b9aSAndroid Build Coastguard Worker //! (
78*e1997b9aSAndroid Build Coastguard Worker //! @<marker>
79*e1997b9aSAndroid Build Coastguard Worker //! <non repeating args>,
80*e1997b9aSAndroid Build Coastguard Worker //! [<out list>],
81*e1997b9aSAndroid Build Coastguard Worker //! [<one element pattern> <in tail>]
82*e1997b9aSAndroid Build Coastguard Worker //! ) => {
83*e1997b9aSAndroid Build Coastguard Worker //! macro!{@<marker> <non repeating args>, [<out list>
84*e1997b9aSAndroid Build Coastguard Worker //! <one element expansion>
85*e1997b9aSAndroid Build Coastguard Worker //! ], [<in tail>]}
86*e1997b9aSAndroid Build Coastguard Worker //! };
87*e1997b9aSAndroid Build Coastguard Worker //! They pop one element off the <in list> and add one expansion to the out list.
88*e1997b9aSAndroid Build Coastguard Worker //! The element expansion is kept on a separate line (or lines) for better readability.
89*e1997b9aSAndroid Build Coastguard Worker //! The two variants differ in whether or not $vtype is expected.
90*e1997b9aSAndroid Build Coastguard Worker //! * The termination condition which has an empty in list.
91*e1997b9aSAndroid Build Coastguard Worker //! * The public interface, which does not have @marker and calls itself with an empty out list.
92*e1997b9aSAndroid Build Coastguard Worker
93*e1997b9aSAndroid Build Coastguard Worker use std::convert::TryInto;
94*e1997b9aSAndroid Build Coastguard Worker
95*e1997b9aSAndroid Build Coastguard Worker use crate::database::utils::SqlField;
96*e1997b9aSAndroid Build Coastguard Worker use crate::error::Error as KeystoreError;
97*e1997b9aSAndroid Build Coastguard Worker use crate::error::ResponseCode;
98*e1997b9aSAndroid Build Coastguard Worker
99*e1997b9aSAndroid Build Coastguard Worker pub use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{
100*e1997b9aSAndroid Build Coastguard Worker Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve,
101*e1997b9aSAndroid Build Coastguard Worker HardwareAuthenticatorType::HardwareAuthenticatorType, KeyOrigin::KeyOrigin,
102*e1997b9aSAndroid Build Coastguard Worker KeyParameter::KeyParameter as KmKeyParameter,
103*e1997b9aSAndroid Build Coastguard Worker KeyParameterValue::KeyParameterValue as KmKeyParameterValue, KeyPurpose::KeyPurpose,
104*e1997b9aSAndroid Build Coastguard Worker PaddingMode::PaddingMode, SecurityLevel::SecurityLevel, Tag::Tag,
105*e1997b9aSAndroid Build Coastguard Worker };
106*e1997b9aSAndroid Build Coastguard Worker use android_system_keystore2::aidl::android::system::keystore2::Authorization::Authorization;
107*e1997b9aSAndroid Build Coastguard Worker use anyhow::{Context, Result};
108*e1997b9aSAndroid Build Coastguard Worker use rusqlite::types::{Null, ToSql, ToSqlOutput};
109*e1997b9aSAndroid Build Coastguard Worker use rusqlite::Result as SqlResult;
110*e1997b9aSAndroid Build Coastguard Worker use serde::de::Deserializer;
111*e1997b9aSAndroid Build Coastguard Worker use serde::ser::Serializer;
112*e1997b9aSAndroid Build Coastguard Worker use serde::{Deserialize, Serialize};
113*e1997b9aSAndroid Build Coastguard Worker
114*e1997b9aSAndroid Build Coastguard Worker #[cfg(test)]
115*e1997b9aSAndroid Build Coastguard Worker mod generated_key_parameter_tests;
116*e1997b9aSAndroid Build Coastguard Worker
117*e1997b9aSAndroid Build Coastguard Worker #[cfg(test)]
118*e1997b9aSAndroid Build Coastguard Worker mod basic_tests;
119*e1997b9aSAndroid Build Coastguard Worker
120*e1997b9aSAndroid Build Coastguard Worker #[cfg(test)]
121*e1997b9aSAndroid Build Coastguard Worker mod storage_tests;
122*e1997b9aSAndroid Build Coastguard Worker
123*e1997b9aSAndroid Build Coastguard Worker #[cfg(test)]
124*e1997b9aSAndroid Build Coastguard Worker mod wire_tests;
125*e1997b9aSAndroid Build Coastguard Worker
126*e1997b9aSAndroid Build Coastguard Worker /// This trait is used to associate a primitive to any type that can be stored inside a
127*e1997b9aSAndroid Build Coastguard Worker /// KeyParameterValue, especially the AIDL enum types, e.g., keymint::{Algorithm, Digest, ...}.
128*e1997b9aSAndroid Build Coastguard Worker /// This allows for simplifying the macro rules, e.g., for reading from the SQL database.
129*e1997b9aSAndroid Build Coastguard Worker /// An expression like `KeyParameterValue::Algorithm(row.get(0))` would not work because
130*e1997b9aSAndroid Build Coastguard Worker /// a type of `Algorithm` is expected which does not implement `FromSql` and we cannot
131*e1997b9aSAndroid Build Coastguard Worker /// implement it because we own neither the type nor the trait.
132*e1997b9aSAndroid Build Coastguard Worker /// With AssociatePrimitive we can write an expression
133*e1997b9aSAndroid Build Coastguard Worker /// `KeyParameter::Algorithm(<Algorithm>::from_primitive(row.get(0)))` to inform `get`
134*e1997b9aSAndroid Build Coastguard Worker /// about the expected primitive type that it can convert into. By implementing this
135*e1997b9aSAndroid Build Coastguard Worker /// trait for all inner types we can write a single rule to cover all cases (except where
136*e1997b9aSAndroid Build Coastguard Worker /// there is no wrapped type):
137*e1997b9aSAndroid Build Coastguard Worker /// `KeyParameterValue::$vname(<$vtype>::from_primitive(row.get(0)))`
138*e1997b9aSAndroid Build Coastguard Worker trait AssociatePrimitive {
139*e1997b9aSAndroid Build Coastguard Worker type Primitive: Into<Primitive> + TryFrom<Primitive>;
140*e1997b9aSAndroid Build Coastguard Worker
from_primitive(v: Self::Primitive) -> Self141*e1997b9aSAndroid Build Coastguard Worker fn from_primitive(v: Self::Primitive) -> Self;
to_primitive(&self) -> Self::Primitive142*e1997b9aSAndroid Build Coastguard Worker fn to_primitive(&self) -> Self::Primitive;
143*e1997b9aSAndroid Build Coastguard Worker }
144*e1997b9aSAndroid Build Coastguard Worker
145*e1997b9aSAndroid Build Coastguard Worker /// Associates the given type with i32. The macro assumes that the given type is actually a
146*e1997b9aSAndroid Build Coastguard Worker /// tuple struct wrapping i32, such as AIDL enum types.
147*e1997b9aSAndroid Build Coastguard Worker macro_rules! implement_associate_primitive_for_aidl_enum {
148*e1997b9aSAndroid Build Coastguard Worker ($t:ty) => {
149*e1997b9aSAndroid Build Coastguard Worker impl AssociatePrimitive for $t {
150*e1997b9aSAndroid Build Coastguard Worker type Primitive = i32;
151*e1997b9aSAndroid Build Coastguard Worker
152*e1997b9aSAndroid Build Coastguard Worker fn from_primitive(v: Self::Primitive) -> Self {
153*e1997b9aSAndroid Build Coastguard Worker Self(v)
154*e1997b9aSAndroid Build Coastguard Worker }
155*e1997b9aSAndroid Build Coastguard Worker fn to_primitive(&self) -> Self::Primitive {
156*e1997b9aSAndroid Build Coastguard Worker self.0
157*e1997b9aSAndroid Build Coastguard Worker }
158*e1997b9aSAndroid Build Coastguard Worker }
159*e1997b9aSAndroid Build Coastguard Worker };
160*e1997b9aSAndroid Build Coastguard Worker }
161*e1997b9aSAndroid Build Coastguard Worker
162*e1997b9aSAndroid Build Coastguard Worker /// Associates the given type with itself.
163*e1997b9aSAndroid Build Coastguard Worker macro_rules! implement_associate_primitive_identity {
164*e1997b9aSAndroid Build Coastguard Worker ($t:ty) => {
165*e1997b9aSAndroid Build Coastguard Worker impl AssociatePrimitive for $t {
166*e1997b9aSAndroid Build Coastguard Worker type Primitive = $t;
167*e1997b9aSAndroid Build Coastguard Worker
168*e1997b9aSAndroid Build Coastguard Worker fn from_primitive(v: Self::Primitive) -> Self {
169*e1997b9aSAndroid Build Coastguard Worker v
170*e1997b9aSAndroid Build Coastguard Worker }
171*e1997b9aSAndroid Build Coastguard Worker fn to_primitive(&self) -> Self::Primitive {
172*e1997b9aSAndroid Build Coastguard Worker self.clone()
173*e1997b9aSAndroid Build Coastguard Worker }
174*e1997b9aSAndroid Build Coastguard Worker }
175*e1997b9aSAndroid Build Coastguard Worker };
176*e1997b9aSAndroid Build Coastguard Worker }
177*e1997b9aSAndroid Build Coastguard Worker
178*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_for_aidl_enum! {Algorithm}
179*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_for_aidl_enum! {BlockMode}
180*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_for_aidl_enum! {Digest}
181*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_for_aidl_enum! {EcCurve}
182*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_for_aidl_enum! {HardwareAuthenticatorType}
183*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_for_aidl_enum! {KeyOrigin}
184*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_for_aidl_enum! {KeyPurpose}
185*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_for_aidl_enum! {PaddingMode}
186*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_for_aidl_enum! {SecurityLevel}
187*e1997b9aSAndroid Build Coastguard Worker
188*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_identity! {Vec<u8>}
189*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_identity! {i64}
190*e1997b9aSAndroid Build Coastguard Worker implement_associate_primitive_identity! {i32}
191*e1997b9aSAndroid Build Coastguard Worker
192*e1997b9aSAndroid Build Coastguard Worker /// This enum allows passing a primitive value to `KeyParameterValue::new_from_tag_primitive_pair`
193*e1997b9aSAndroid Build Coastguard Worker /// Usually, it is not necessary to use this type directly because the function uses
194*e1997b9aSAndroid Build Coastguard Worker /// `Into<Primitive>` as a trait bound.
195*e1997b9aSAndroid Build Coastguard Worker #[derive(Deserialize, Serialize)]
196*e1997b9aSAndroid Build Coastguard Worker pub enum Primitive {
197*e1997b9aSAndroid Build Coastguard Worker /// Wraps an i64.
198*e1997b9aSAndroid Build Coastguard Worker I64(i64),
199*e1997b9aSAndroid Build Coastguard Worker /// Wraps an i32.
200*e1997b9aSAndroid Build Coastguard Worker I32(i32),
201*e1997b9aSAndroid Build Coastguard Worker /// Wraps a Vec<u8>.
202*e1997b9aSAndroid Build Coastguard Worker Vec(Vec<u8>),
203*e1997b9aSAndroid Build Coastguard Worker }
204*e1997b9aSAndroid Build Coastguard Worker
205*e1997b9aSAndroid Build Coastguard Worker impl From<i64> for Primitive {
from(v: i64) -> Self206*e1997b9aSAndroid Build Coastguard Worker fn from(v: i64) -> Self {
207*e1997b9aSAndroid Build Coastguard Worker Self::I64(v)
208*e1997b9aSAndroid Build Coastguard Worker }
209*e1997b9aSAndroid Build Coastguard Worker }
210*e1997b9aSAndroid Build Coastguard Worker impl From<i32> for Primitive {
from(v: i32) -> Self211*e1997b9aSAndroid Build Coastguard Worker fn from(v: i32) -> Self {
212*e1997b9aSAndroid Build Coastguard Worker Self::I32(v)
213*e1997b9aSAndroid Build Coastguard Worker }
214*e1997b9aSAndroid Build Coastguard Worker }
215*e1997b9aSAndroid Build Coastguard Worker impl From<Vec<u8>> for Primitive {
from(v: Vec<u8>) -> Self216*e1997b9aSAndroid Build Coastguard Worker fn from(v: Vec<u8>) -> Self {
217*e1997b9aSAndroid Build Coastguard Worker Self::Vec(v)
218*e1997b9aSAndroid Build Coastguard Worker }
219*e1997b9aSAndroid Build Coastguard Worker }
220*e1997b9aSAndroid Build Coastguard Worker
221*e1997b9aSAndroid Build Coastguard Worker /// This error is returned by `KeyParameterValue::new_from_tag_primitive_pair`.
222*e1997b9aSAndroid Build Coastguard Worker #[derive(thiserror::Error, Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
223*e1997b9aSAndroid Build Coastguard Worker pub enum PrimitiveError {
224*e1997b9aSAndroid Build Coastguard Worker /// Returned if this primitive is unsuitable for the given tag type.
225*e1997b9aSAndroid Build Coastguard Worker #[error("Primitive does not match the expected tag type.")]
226*e1997b9aSAndroid Build Coastguard Worker TypeMismatch,
227*e1997b9aSAndroid Build Coastguard Worker /// Return if the tag type is unknown.
228*e1997b9aSAndroid Build Coastguard Worker #[error("Unknown tag.")]
229*e1997b9aSAndroid Build Coastguard Worker UnknownTag,
230*e1997b9aSAndroid Build Coastguard Worker }
231*e1997b9aSAndroid Build Coastguard Worker
232*e1997b9aSAndroid Build Coastguard Worker impl TryFrom<Primitive> for i64 {
233*e1997b9aSAndroid Build Coastguard Worker type Error = PrimitiveError;
234*e1997b9aSAndroid Build Coastguard Worker
try_from(p: Primitive) -> Result<i64, Self::Error>235*e1997b9aSAndroid Build Coastguard Worker fn try_from(p: Primitive) -> Result<i64, Self::Error> {
236*e1997b9aSAndroid Build Coastguard Worker match p {
237*e1997b9aSAndroid Build Coastguard Worker Primitive::I64(v) => Ok(v),
238*e1997b9aSAndroid Build Coastguard Worker _ => Err(Self::Error::TypeMismatch),
239*e1997b9aSAndroid Build Coastguard Worker }
240*e1997b9aSAndroid Build Coastguard Worker }
241*e1997b9aSAndroid Build Coastguard Worker }
242*e1997b9aSAndroid Build Coastguard Worker impl TryFrom<Primitive> for i32 {
243*e1997b9aSAndroid Build Coastguard Worker type Error = PrimitiveError;
244*e1997b9aSAndroid Build Coastguard Worker
try_from(p: Primitive) -> Result<i32, Self::Error>245*e1997b9aSAndroid Build Coastguard Worker fn try_from(p: Primitive) -> Result<i32, Self::Error> {
246*e1997b9aSAndroid Build Coastguard Worker match p {
247*e1997b9aSAndroid Build Coastguard Worker Primitive::I32(v) => Ok(v),
248*e1997b9aSAndroid Build Coastguard Worker _ => Err(Self::Error::TypeMismatch),
249*e1997b9aSAndroid Build Coastguard Worker }
250*e1997b9aSAndroid Build Coastguard Worker }
251*e1997b9aSAndroid Build Coastguard Worker }
252*e1997b9aSAndroid Build Coastguard Worker impl TryFrom<Primitive> for Vec<u8> {
253*e1997b9aSAndroid Build Coastguard Worker type Error = PrimitiveError;
254*e1997b9aSAndroid Build Coastguard Worker
try_from(p: Primitive) -> Result<Vec<u8>, Self::Error>255*e1997b9aSAndroid Build Coastguard Worker fn try_from(p: Primitive) -> Result<Vec<u8>, Self::Error> {
256*e1997b9aSAndroid Build Coastguard Worker match p {
257*e1997b9aSAndroid Build Coastguard Worker Primitive::Vec(v) => Ok(v),
258*e1997b9aSAndroid Build Coastguard Worker _ => Err(Self::Error::TypeMismatch),
259*e1997b9aSAndroid Build Coastguard Worker }
260*e1997b9aSAndroid Build Coastguard Worker }
261*e1997b9aSAndroid Build Coastguard Worker }
262*e1997b9aSAndroid Build Coastguard Worker
serialize_primitive<S, P>(v: &P, serializer: S) -> Result<S::Ok, S::Error> where S: Serializer, P: AssociatePrimitive,263*e1997b9aSAndroid Build Coastguard Worker fn serialize_primitive<S, P>(v: &P, serializer: S) -> Result<S::Ok, S::Error>
264*e1997b9aSAndroid Build Coastguard Worker where
265*e1997b9aSAndroid Build Coastguard Worker S: Serializer,
266*e1997b9aSAndroid Build Coastguard Worker P: AssociatePrimitive,
267*e1997b9aSAndroid Build Coastguard Worker {
268*e1997b9aSAndroid Build Coastguard Worker let primitive: Primitive = v.to_primitive().into();
269*e1997b9aSAndroid Build Coastguard Worker primitive.serialize(serializer)
270*e1997b9aSAndroid Build Coastguard Worker }
271*e1997b9aSAndroid Build Coastguard Worker
deserialize_primitive<'de, D, T>(deserializer: D) -> Result<T, D::Error> where D: Deserializer<'de>, T: AssociatePrimitive,272*e1997b9aSAndroid Build Coastguard Worker fn deserialize_primitive<'de, D, T>(deserializer: D) -> Result<T, D::Error>
273*e1997b9aSAndroid Build Coastguard Worker where
274*e1997b9aSAndroid Build Coastguard Worker D: Deserializer<'de>,
275*e1997b9aSAndroid Build Coastguard Worker T: AssociatePrimitive,
276*e1997b9aSAndroid Build Coastguard Worker {
277*e1997b9aSAndroid Build Coastguard Worker let primitive: Primitive = serde::de::Deserialize::deserialize(deserializer)?;
278*e1997b9aSAndroid Build Coastguard Worker Ok(T::from_primitive(
279*e1997b9aSAndroid Build Coastguard Worker primitive.try_into().map_err(|_| serde::de::Error::custom("Type Mismatch"))?,
280*e1997b9aSAndroid Build Coastguard Worker ))
281*e1997b9aSAndroid Build Coastguard Worker }
282*e1997b9aSAndroid Build Coastguard Worker
283*e1997b9aSAndroid Build Coastguard Worker /// Expands the list of KeyParameterValue variants as follows:
284*e1997b9aSAndroid Build Coastguard Worker ///
285*e1997b9aSAndroid Build Coastguard Worker /// Input:
286*e1997b9aSAndroid Build Coastguard Worker /// Invalid with tag INVALID and field Invalid,
287*e1997b9aSAndroid Build Coastguard Worker /// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
288*e1997b9aSAndroid Build Coastguard Worker ///
289*e1997b9aSAndroid Build Coastguard Worker /// Output:
290*e1997b9aSAndroid Build Coastguard Worker /// ```
291*e1997b9aSAndroid Build Coastguard Worker /// pub fn new_from_tag_primitive_pair<T: Into<Primitive>>(
292*e1997b9aSAndroid Build Coastguard Worker /// tag: Tag,
293*e1997b9aSAndroid Build Coastguard Worker /// v: T
294*e1997b9aSAndroid Build Coastguard Worker /// ) -> Result<KeyParameterValue, PrimitiveError> {
295*e1997b9aSAndroid Build Coastguard Worker /// let p: Primitive = v.into();
296*e1997b9aSAndroid Build Coastguard Worker /// Ok(match tag {
297*e1997b9aSAndroid Build Coastguard Worker /// Tag::INVALID => KeyParameterValue::Invalid,
298*e1997b9aSAndroid Build Coastguard Worker /// Tag::ALGORITHM => KeyParameterValue::Algorithm(
299*e1997b9aSAndroid Build Coastguard Worker /// <Algorithm>::from_primitive(p.try_into()?)
300*e1997b9aSAndroid Build Coastguard Worker /// ),
301*e1997b9aSAndroid Build Coastguard Worker /// _ => return Err(PrimitiveError::UnknownTag),
302*e1997b9aSAndroid Build Coastguard Worker /// })
303*e1997b9aSAndroid Build Coastguard Worker /// }
304*e1997b9aSAndroid Build Coastguard Worker /// ```
305*e1997b9aSAndroid Build Coastguard Worker macro_rules! implement_from_tag_primitive_pair {
306*e1997b9aSAndroid Build Coastguard Worker ($enum_name:ident; $($vname:ident$(($vtype:ty))? $tag_name:ident),*) => {
307*e1997b9aSAndroid Build Coastguard Worker /// Returns the an instance of $enum_name or an error if the given primitive does not match
308*e1997b9aSAndroid Build Coastguard Worker /// the tag type or the tag is unknown.
309*e1997b9aSAndroid Build Coastguard Worker pub fn new_from_tag_primitive_pair<T: Into<Primitive>>(
310*e1997b9aSAndroid Build Coastguard Worker tag: Tag,
311*e1997b9aSAndroid Build Coastguard Worker v: T
312*e1997b9aSAndroid Build Coastguard Worker ) -> Result<$enum_name, PrimitiveError> {
313*e1997b9aSAndroid Build Coastguard Worker let p: Primitive = v.into();
314*e1997b9aSAndroid Build Coastguard Worker Ok(match tag {
315*e1997b9aSAndroid Build Coastguard Worker $(Tag::$tag_name => $enum_name::$vname$((
316*e1997b9aSAndroid Build Coastguard Worker <$vtype>::from_primitive(p.try_into()?)
317*e1997b9aSAndroid Build Coastguard Worker ))?,)*
318*e1997b9aSAndroid Build Coastguard Worker _ => return Err(PrimitiveError::UnknownTag),
319*e1997b9aSAndroid Build Coastguard Worker })
320*e1997b9aSAndroid Build Coastguard Worker }
321*e1997b9aSAndroid Build Coastguard Worker };
322*e1997b9aSAndroid Build Coastguard Worker }
323*e1997b9aSAndroid Build Coastguard Worker
324*e1997b9aSAndroid Build Coastguard Worker /// Expands the list of KeyParameterValue variants as follows:
325*e1997b9aSAndroid Build Coastguard Worker ///
326*e1997b9aSAndroid Build Coastguard Worker /// Input:
327*e1997b9aSAndroid Build Coastguard Worker /// pub enum KeyParameterValue {
328*e1997b9aSAndroid Build Coastguard Worker /// Invalid with tag INVALID and field Invalid,
329*e1997b9aSAndroid Build Coastguard Worker /// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
330*e1997b9aSAndroid Build Coastguard Worker /// }
331*e1997b9aSAndroid Build Coastguard Worker ///
332*e1997b9aSAndroid Build Coastguard Worker /// Output:
333*e1997b9aSAndroid Build Coastguard Worker /// ```
334*e1997b9aSAndroid Build Coastguard Worker /// pub enum KeyParameterValue {
335*e1997b9aSAndroid Build Coastguard Worker /// Invalid,
336*e1997b9aSAndroid Build Coastguard Worker /// Algorithm(Algorithm),
337*e1997b9aSAndroid Build Coastguard Worker /// }
338*e1997b9aSAndroid Build Coastguard Worker /// ```
339*e1997b9aSAndroid Build Coastguard Worker macro_rules! implement_enum {
340*e1997b9aSAndroid Build Coastguard Worker (
341*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta:meta])*
342*e1997b9aSAndroid Build Coastguard Worker $enum_vis:vis enum $enum_name:ident {
343*e1997b9aSAndroid Build Coastguard Worker $($(#[$emeta:meta])* $vname:ident$(($vtype:ty))?),* $(,)?
344*e1997b9aSAndroid Build Coastguard Worker }
345*e1997b9aSAndroid Build Coastguard Worker ) => {
346*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta])*
347*e1997b9aSAndroid Build Coastguard Worker $enum_vis enum $enum_name {
348*e1997b9aSAndroid Build Coastguard Worker $(
349*e1997b9aSAndroid Build Coastguard Worker $(#[$emeta])*
350*e1997b9aSAndroid Build Coastguard Worker $vname$(($vtype))?
351*e1997b9aSAndroid Build Coastguard Worker ),*
352*e1997b9aSAndroid Build Coastguard Worker }
353*e1997b9aSAndroid Build Coastguard Worker };
354*e1997b9aSAndroid Build Coastguard Worker }
355*e1997b9aSAndroid Build Coastguard Worker
356*e1997b9aSAndroid Build Coastguard Worker /// Expands the list of KeyParameterValue variants as follows:
357*e1997b9aSAndroid Build Coastguard Worker ///
358*e1997b9aSAndroid Build Coastguard Worker /// Input:
359*e1997b9aSAndroid Build Coastguard Worker /// Invalid with tag INVALID and field Invalid,
360*e1997b9aSAndroid Build Coastguard Worker /// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
361*e1997b9aSAndroid Build Coastguard Worker ///
362*e1997b9aSAndroid Build Coastguard Worker /// Output:
363*e1997b9aSAndroid Build Coastguard Worker /// ```
364*e1997b9aSAndroid Build Coastguard Worker /// pub fn get_tag(&self) -> Tag {
365*e1997b9aSAndroid Build Coastguard Worker /// match self {
366*e1997b9aSAndroid Build Coastguard Worker /// KeyParameterValue::Invalid => Tag::INVALID,
367*e1997b9aSAndroid Build Coastguard Worker /// KeyParameterValue::Algorithm(_) => Tag::ALGORITHM,
368*e1997b9aSAndroid Build Coastguard Worker /// }
369*e1997b9aSAndroid Build Coastguard Worker /// }
370*e1997b9aSAndroid Build Coastguard Worker /// ```
371*e1997b9aSAndroid Build Coastguard Worker macro_rules! implement_get_tag {
372*e1997b9aSAndroid Build Coastguard Worker (
373*e1997b9aSAndroid Build Coastguard Worker @replace_type_spec
374*e1997b9aSAndroid Build Coastguard Worker $enum_name:ident,
375*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*],
376*e1997b9aSAndroid Build Coastguard Worker [$vname:ident($vtype:ty) $tag_name:ident, $($in:tt)*]
377*e1997b9aSAndroid Build Coastguard Worker ) => {
378*e1997b9aSAndroid Build Coastguard Worker implement_get_tag!{@replace_type_spec $enum_name, [$($out)*
379*e1997b9aSAndroid Build Coastguard Worker $enum_name::$vname(_) => Tag::$tag_name,
380*e1997b9aSAndroid Build Coastguard Worker ], [$($in)*]}
381*e1997b9aSAndroid Build Coastguard Worker };
382*e1997b9aSAndroid Build Coastguard Worker (
383*e1997b9aSAndroid Build Coastguard Worker @replace_type_spec
384*e1997b9aSAndroid Build Coastguard Worker $enum_name:ident,
385*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*],
386*e1997b9aSAndroid Build Coastguard Worker [$vname:ident $tag_name:ident, $($in:tt)*]
387*e1997b9aSAndroid Build Coastguard Worker ) => {
388*e1997b9aSAndroid Build Coastguard Worker implement_get_tag!{@replace_type_spec $enum_name, [$($out)*
389*e1997b9aSAndroid Build Coastguard Worker $enum_name::$vname => Tag::$tag_name,
390*e1997b9aSAndroid Build Coastguard Worker ], [$($in)*]}
391*e1997b9aSAndroid Build Coastguard Worker };
392*e1997b9aSAndroid Build Coastguard Worker (@replace_type_spec $enum_name:ident, [$($out:tt)*], []) => {
393*e1997b9aSAndroid Build Coastguard Worker /// Returns the tag of the given instance.
394*e1997b9aSAndroid Build Coastguard Worker pub fn get_tag(&self) -> Tag {
395*e1997b9aSAndroid Build Coastguard Worker match self {
396*e1997b9aSAndroid Build Coastguard Worker $($out)*
397*e1997b9aSAndroid Build Coastguard Worker }
398*e1997b9aSAndroid Build Coastguard Worker }
399*e1997b9aSAndroid Build Coastguard Worker };
400*e1997b9aSAndroid Build Coastguard Worker
401*e1997b9aSAndroid Build Coastguard Worker ($enum_name:ident; $($vname:ident$(($vtype:ty))? $tag_name:ident),*) => {
402*e1997b9aSAndroid Build Coastguard Worker implement_get_tag!{@replace_type_spec $enum_name, [], [$($vname$(($vtype))? $tag_name,)*]}
403*e1997b9aSAndroid Build Coastguard Worker };
404*e1997b9aSAndroid Build Coastguard Worker }
405*e1997b9aSAndroid Build Coastguard Worker
406*e1997b9aSAndroid Build Coastguard Worker /// Expands the list of KeyParameterValue variants as follows:
407*e1997b9aSAndroid Build Coastguard Worker ///
408*e1997b9aSAndroid Build Coastguard Worker /// Input:
409*e1997b9aSAndroid Build Coastguard Worker /// Invalid with tag INVALID and field Invalid,
410*e1997b9aSAndroid Build Coastguard Worker /// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
411*e1997b9aSAndroid Build Coastguard Worker ///
412*e1997b9aSAndroid Build Coastguard Worker /// Output:
413*e1997b9aSAndroid Build Coastguard Worker /// ```
414*e1997b9aSAndroid Build Coastguard Worker /// fn to_sql(&self) -> SqlResult<ToSqlOutput> {
415*e1997b9aSAndroid Build Coastguard Worker /// match self {
416*e1997b9aSAndroid Build Coastguard Worker /// KeyParameterValue::Invalid => Ok(ToSqlOutput::from(Null)),
417*e1997b9aSAndroid Build Coastguard Worker /// KeyParameterValue::Algorithm(v) => Ok(ToSqlOutput::from(v.to_primitive())),
418*e1997b9aSAndroid Build Coastguard Worker /// }
419*e1997b9aSAndroid Build Coastguard Worker /// }
420*e1997b9aSAndroid Build Coastguard Worker /// ```
421*e1997b9aSAndroid Build Coastguard Worker macro_rules! implement_to_sql {
422*e1997b9aSAndroid Build Coastguard Worker (
423*e1997b9aSAndroid Build Coastguard Worker @replace_type_spec
424*e1997b9aSAndroid Build Coastguard Worker $enum_name:ident,
425*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*],
426*e1997b9aSAndroid Build Coastguard Worker [$vname:ident($vtype:ty), $($in:tt)*]
427*e1997b9aSAndroid Build Coastguard Worker ) => {
428*e1997b9aSAndroid Build Coastguard Worker implement_to_sql!{@replace_type_spec $enum_name, [ $($out)*
429*e1997b9aSAndroid Build Coastguard Worker $enum_name::$vname(v) => Ok(ToSqlOutput::from(v.to_primitive())),
430*e1997b9aSAndroid Build Coastguard Worker ], [$($in)*]}
431*e1997b9aSAndroid Build Coastguard Worker };
432*e1997b9aSAndroid Build Coastguard Worker (
433*e1997b9aSAndroid Build Coastguard Worker @replace_type_spec
434*e1997b9aSAndroid Build Coastguard Worker $enum_name:ident,
435*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*],
436*e1997b9aSAndroid Build Coastguard Worker [$vname:ident, $($in:tt)*]
437*e1997b9aSAndroid Build Coastguard Worker ) => {
438*e1997b9aSAndroid Build Coastguard Worker implement_to_sql!{@replace_type_spec $enum_name, [ $($out)*
439*e1997b9aSAndroid Build Coastguard Worker $enum_name::$vname => Ok(ToSqlOutput::from(Null)),
440*e1997b9aSAndroid Build Coastguard Worker ], [$($in)*]}
441*e1997b9aSAndroid Build Coastguard Worker };
442*e1997b9aSAndroid Build Coastguard Worker (@replace_type_spec $enum_name:ident, [$($out:tt)*], []) => {
443*e1997b9aSAndroid Build Coastguard Worker /// Converts $enum_name to be stored in a rusqlite database.
444*e1997b9aSAndroid Build Coastguard Worker fn to_sql(&self) -> SqlResult<ToSqlOutput> {
445*e1997b9aSAndroid Build Coastguard Worker match self {
446*e1997b9aSAndroid Build Coastguard Worker $($out)*
447*e1997b9aSAndroid Build Coastguard Worker }
448*e1997b9aSAndroid Build Coastguard Worker }
449*e1997b9aSAndroid Build Coastguard Worker };
450*e1997b9aSAndroid Build Coastguard Worker
451*e1997b9aSAndroid Build Coastguard Worker
452*e1997b9aSAndroid Build Coastguard Worker ($enum_name:ident; $($vname:ident$(($vtype:ty))?),*) => {
453*e1997b9aSAndroid Build Coastguard Worker impl ToSql for $enum_name {
454*e1997b9aSAndroid Build Coastguard Worker implement_to_sql!{@replace_type_spec $enum_name, [], [$($vname$(($vtype))?,)*]}
455*e1997b9aSAndroid Build Coastguard Worker }
456*e1997b9aSAndroid Build Coastguard Worker
457*e1997b9aSAndroid Build Coastguard Worker }
458*e1997b9aSAndroid Build Coastguard Worker }
459*e1997b9aSAndroid Build Coastguard Worker
460*e1997b9aSAndroid Build Coastguard Worker /// Expands the list of KeyParameterValue variants as follows:
461*e1997b9aSAndroid Build Coastguard Worker ///
462*e1997b9aSAndroid Build Coastguard Worker /// Input:
463*e1997b9aSAndroid Build Coastguard Worker /// Invalid with tag INVALID and field Invalid,
464*e1997b9aSAndroid Build Coastguard Worker /// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
465*e1997b9aSAndroid Build Coastguard Worker ///
466*e1997b9aSAndroid Build Coastguard Worker /// Output:
467*e1997b9aSAndroid Build Coastguard Worker /// ```
468*e1997b9aSAndroid Build Coastguard Worker /// pub fn new_from_sql(
469*e1997b9aSAndroid Build Coastguard Worker /// tag: Tag,
470*e1997b9aSAndroid Build Coastguard Worker /// data: &SqlField,
471*e1997b9aSAndroid Build Coastguard Worker /// ) -> Result<Self> {
472*e1997b9aSAndroid Build Coastguard Worker /// Ok(match self {
473*e1997b9aSAndroid Build Coastguard Worker /// Tag::Invalid => KeyParameterValue::Invalid,
474*e1997b9aSAndroid Build Coastguard Worker /// Tag::ALGORITHM => {
475*e1997b9aSAndroid Build Coastguard Worker /// KeyParameterValue::Algorithm(<Algorithm>::from_primitive(data
476*e1997b9aSAndroid Build Coastguard Worker /// .get()
477*e1997b9aSAndroid Build Coastguard Worker /// .map_err(|_| KeystoreError::Rc(ResponseCode::VALUE_CORRUPTED))
478*e1997b9aSAndroid Build Coastguard Worker /// .context(concat!("Failed to read sql data for tag: ", "ALGORITHM", "."))?
479*e1997b9aSAndroid Build Coastguard Worker /// ))
480*e1997b9aSAndroid Build Coastguard Worker /// },
481*e1997b9aSAndroid Build Coastguard Worker /// })
482*e1997b9aSAndroid Build Coastguard Worker /// }
483*e1997b9aSAndroid Build Coastguard Worker /// ```
484*e1997b9aSAndroid Build Coastguard Worker macro_rules! implement_new_from_sql {
485*e1997b9aSAndroid Build Coastguard Worker ($enum_name:ident; $($vname:ident$(($vtype:ty))? $tag_name:ident),*) => {
486*e1997b9aSAndroid Build Coastguard Worker /// Takes a tag and an SqlField and attempts to construct a KeyParameter value.
487*e1997b9aSAndroid Build Coastguard Worker /// This function may fail if the parameter value cannot be extracted from the
488*e1997b9aSAndroid Build Coastguard Worker /// database cell.
489*e1997b9aSAndroid Build Coastguard Worker pub fn new_from_sql(
490*e1997b9aSAndroid Build Coastguard Worker tag: Tag,
491*e1997b9aSAndroid Build Coastguard Worker data: &SqlField,
492*e1997b9aSAndroid Build Coastguard Worker ) -> Result<Self> {
493*e1997b9aSAndroid Build Coastguard Worker Ok(match tag {
494*e1997b9aSAndroid Build Coastguard Worker $(
495*e1997b9aSAndroid Build Coastguard Worker Tag::$tag_name => {
496*e1997b9aSAndroid Build Coastguard Worker $enum_name::$vname$((<$vtype>::from_primitive(data
497*e1997b9aSAndroid Build Coastguard Worker .get()
498*e1997b9aSAndroid Build Coastguard Worker .map_err(|_| KeystoreError::Rc(ResponseCode::VALUE_CORRUPTED))
499*e1997b9aSAndroid Build Coastguard Worker .context(concat!(
500*e1997b9aSAndroid Build Coastguard Worker "Failed to read sql data for tag: ",
501*e1997b9aSAndroid Build Coastguard Worker stringify!($tag_name),
502*e1997b9aSAndroid Build Coastguard Worker "."
503*e1997b9aSAndroid Build Coastguard Worker ))?
504*e1997b9aSAndroid Build Coastguard Worker )))?
505*e1997b9aSAndroid Build Coastguard Worker },
506*e1997b9aSAndroid Build Coastguard Worker )*
507*e1997b9aSAndroid Build Coastguard Worker _ => $enum_name::Invalid,
508*e1997b9aSAndroid Build Coastguard Worker })
509*e1997b9aSAndroid Build Coastguard Worker }
510*e1997b9aSAndroid Build Coastguard Worker };
511*e1997b9aSAndroid Build Coastguard Worker }
512*e1997b9aSAndroid Build Coastguard Worker
513*e1997b9aSAndroid Build Coastguard Worker /// This key parameter default is used during the conversion from KeyParameterValue
514*e1997b9aSAndroid Build Coastguard Worker /// to keymint::KeyParameterValue. Keystore's version does not have wrapped types
515*e1997b9aSAndroid Build Coastguard Worker /// for boolean tags and the tag Invalid. The AIDL version uses bool and integer
516*e1997b9aSAndroid Build Coastguard Worker /// variants respectively. This default function is invoked in these cases to
517*e1997b9aSAndroid Build Coastguard Worker /// homogenize the rules for boolean and invalid tags.
518*e1997b9aSAndroid Build Coastguard Worker /// The bool variant returns true because boolean parameters are implicitly true
519*e1997b9aSAndroid Build Coastguard Worker /// if present.
520*e1997b9aSAndroid Build Coastguard Worker trait KpDefault {
default() -> Self521*e1997b9aSAndroid Build Coastguard Worker fn default() -> Self;
522*e1997b9aSAndroid Build Coastguard Worker }
523*e1997b9aSAndroid Build Coastguard Worker
524*e1997b9aSAndroid Build Coastguard Worker impl KpDefault for i32 {
default() -> Self525*e1997b9aSAndroid Build Coastguard Worker fn default() -> Self {
526*e1997b9aSAndroid Build Coastguard Worker 0
527*e1997b9aSAndroid Build Coastguard Worker }
528*e1997b9aSAndroid Build Coastguard Worker }
529*e1997b9aSAndroid Build Coastguard Worker
530*e1997b9aSAndroid Build Coastguard Worker impl KpDefault for bool {
default() -> Self531*e1997b9aSAndroid Build Coastguard Worker fn default() -> Self {
532*e1997b9aSAndroid Build Coastguard Worker true
533*e1997b9aSAndroid Build Coastguard Worker }
534*e1997b9aSAndroid Build Coastguard Worker }
535*e1997b9aSAndroid Build Coastguard Worker
536*e1997b9aSAndroid Build Coastguard Worker /// Expands the list of KeyParameterValue variants as follows:
537*e1997b9aSAndroid Build Coastguard Worker ///
538*e1997b9aSAndroid Build Coastguard Worker /// Input:
539*e1997b9aSAndroid Build Coastguard Worker /// Invalid with tag INVALID and field Invalid,
540*e1997b9aSAndroid Build Coastguard Worker /// Algorithm(Algorithm) with tag ALGORITHM and field Algorithm,
541*e1997b9aSAndroid Build Coastguard Worker ///
542*e1997b9aSAndroid Build Coastguard Worker /// Output:
543*e1997b9aSAndroid Build Coastguard Worker /// ```
544*e1997b9aSAndroid Build Coastguard Worker /// impl From<KmKeyParameter> for KeyParameterValue {
545*e1997b9aSAndroid Build Coastguard Worker /// fn from(kp: KmKeyParameter) -> Self {
546*e1997b9aSAndroid Build Coastguard Worker /// match kp {
547*e1997b9aSAndroid Build Coastguard Worker /// KmKeyParameter { tag: Tag::INVALID, value: KmKeyParameterValue::Invalid(_) }
548*e1997b9aSAndroid Build Coastguard Worker /// => $enum_name::$vname,
549*e1997b9aSAndroid Build Coastguard Worker /// KmKeyParameter { tag: Tag::Algorithm, value: KmKeyParameterValue::Algorithm(v) }
550*e1997b9aSAndroid Build Coastguard Worker /// => $enum_name::Algorithm(v),
551*e1997b9aSAndroid Build Coastguard Worker /// _ => $enum_name::Invalid,
552*e1997b9aSAndroid Build Coastguard Worker /// }
553*e1997b9aSAndroid Build Coastguard Worker /// }
554*e1997b9aSAndroid Build Coastguard Worker /// }
555*e1997b9aSAndroid Build Coastguard Worker ///
556*e1997b9aSAndroid Build Coastguard Worker /// impl Into<KmKeyParameter> for KeyParameterValue {
557*e1997b9aSAndroid Build Coastguard Worker /// fn into(self) -> KmKeyParameter {
558*e1997b9aSAndroid Build Coastguard Worker /// match self {
559*e1997b9aSAndroid Build Coastguard Worker /// KeyParameterValue::Invalid => KmKeyParameter {
560*e1997b9aSAndroid Build Coastguard Worker /// tag: Tag::INVALID,
561*e1997b9aSAndroid Build Coastguard Worker /// value: KmKeyParameterValue::Invalid(KpDefault::default())
562*e1997b9aSAndroid Build Coastguard Worker /// },
563*e1997b9aSAndroid Build Coastguard Worker /// KeyParameterValue::Algorithm(v) => KmKeyParameter {
564*e1997b9aSAndroid Build Coastguard Worker /// tag: Tag::ALGORITHM,
565*e1997b9aSAndroid Build Coastguard Worker /// value: KmKeyParameterValue::Algorithm(v)
566*e1997b9aSAndroid Build Coastguard Worker /// },
567*e1997b9aSAndroid Build Coastguard Worker /// }
568*e1997b9aSAndroid Build Coastguard Worker /// }
569*e1997b9aSAndroid Build Coastguard Worker /// }
570*e1997b9aSAndroid Build Coastguard Worker /// ```
571*e1997b9aSAndroid Build Coastguard Worker macro_rules! implement_try_from_to_km_parameter {
572*e1997b9aSAndroid Build Coastguard Worker // The first three rules expand From<KmKeyParameter>.
573*e1997b9aSAndroid Build Coastguard Worker (
574*e1997b9aSAndroid Build Coastguard Worker @from
575*e1997b9aSAndroid Build Coastguard Worker $enum_name:ident,
576*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*],
577*e1997b9aSAndroid Build Coastguard Worker [$vname:ident($vtype:ty) $tag_name:ident $field_name:ident, $($in:tt)*]
578*e1997b9aSAndroid Build Coastguard Worker ) => {
579*e1997b9aSAndroid Build Coastguard Worker implement_try_from_to_km_parameter!{@from $enum_name, [$($out)*
580*e1997b9aSAndroid Build Coastguard Worker KmKeyParameter {
581*e1997b9aSAndroid Build Coastguard Worker tag: Tag::$tag_name,
582*e1997b9aSAndroid Build Coastguard Worker value: KmKeyParameterValue::$field_name(v)
583*e1997b9aSAndroid Build Coastguard Worker } => $enum_name::$vname(v),
584*e1997b9aSAndroid Build Coastguard Worker ], [$($in)*]
585*e1997b9aSAndroid Build Coastguard Worker }};
586*e1997b9aSAndroid Build Coastguard Worker (
587*e1997b9aSAndroid Build Coastguard Worker @from
588*e1997b9aSAndroid Build Coastguard Worker $enum_name:ident,
589*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*],
590*e1997b9aSAndroid Build Coastguard Worker [$vname:ident $tag_name:ident $field_name:ident, $($in:tt)*]
591*e1997b9aSAndroid Build Coastguard Worker ) => {
592*e1997b9aSAndroid Build Coastguard Worker implement_try_from_to_km_parameter!{@from $enum_name, [$($out)*
593*e1997b9aSAndroid Build Coastguard Worker KmKeyParameter {
594*e1997b9aSAndroid Build Coastguard Worker tag: Tag::$tag_name,
595*e1997b9aSAndroid Build Coastguard Worker value: KmKeyParameterValue::$field_name(_)
596*e1997b9aSAndroid Build Coastguard Worker } => $enum_name::$vname,
597*e1997b9aSAndroid Build Coastguard Worker ], [$($in)*]
598*e1997b9aSAndroid Build Coastguard Worker }};
599*e1997b9aSAndroid Build Coastguard Worker (@from $enum_name:ident, [$($out:tt)*], []) => {
600*e1997b9aSAndroid Build Coastguard Worker impl From<KmKeyParameter> for $enum_name {
601*e1997b9aSAndroid Build Coastguard Worker fn from(kp: KmKeyParameter) -> Self {
602*e1997b9aSAndroid Build Coastguard Worker match kp {
603*e1997b9aSAndroid Build Coastguard Worker $($out)*
604*e1997b9aSAndroid Build Coastguard Worker _ => $enum_name::Invalid,
605*e1997b9aSAndroid Build Coastguard Worker }
606*e1997b9aSAndroid Build Coastguard Worker }
607*e1997b9aSAndroid Build Coastguard Worker }
608*e1997b9aSAndroid Build Coastguard Worker };
609*e1997b9aSAndroid Build Coastguard Worker
610*e1997b9aSAndroid Build Coastguard Worker // The next three rules expand Into<KmKeyParameter>.
611*e1997b9aSAndroid Build Coastguard Worker (
612*e1997b9aSAndroid Build Coastguard Worker @into
613*e1997b9aSAndroid Build Coastguard Worker $enum_name:ident,
614*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*],
615*e1997b9aSAndroid Build Coastguard Worker [$vname:ident($vtype:ty) $tag_name:ident $field_name:ident, $($in:tt)*]
616*e1997b9aSAndroid Build Coastguard Worker ) => {
617*e1997b9aSAndroid Build Coastguard Worker implement_try_from_to_km_parameter!{@into $enum_name, [$($out)*
618*e1997b9aSAndroid Build Coastguard Worker $enum_name::$vname(v) => KmKeyParameter {
619*e1997b9aSAndroid Build Coastguard Worker tag: Tag::$tag_name,
620*e1997b9aSAndroid Build Coastguard Worker value: KmKeyParameterValue::$field_name(v)
621*e1997b9aSAndroid Build Coastguard Worker },
622*e1997b9aSAndroid Build Coastguard Worker ], [$($in)*]
623*e1997b9aSAndroid Build Coastguard Worker }};
624*e1997b9aSAndroid Build Coastguard Worker (
625*e1997b9aSAndroid Build Coastguard Worker @into
626*e1997b9aSAndroid Build Coastguard Worker $enum_name:ident,
627*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*],
628*e1997b9aSAndroid Build Coastguard Worker [$vname:ident $tag_name:ident $field_name:ident, $($in:tt)*]
629*e1997b9aSAndroid Build Coastguard Worker ) => {
630*e1997b9aSAndroid Build Coastguard Worker implement_try_from_to_km_parameter!{@into $enum_name, [$($out)*
631*e1997b9aSAndroid Build Coastguard Worker $enum_name::$vname => KmKeyParameter {
632*e1997b9aSAndroid Build Coastguard Worker tag: Tag::$tag_name,
633*e1997b9aSAndroid Build Coastguard Worker value: KmKeyParameterValue::$field_name(KpDefault::default())
634*e1997b9aSAndroid Build Coastguard Worker },
635*e1997b9aSAndroid Build Coastguard Worker ], [$($in)*]
636*e1997b9aSAndroid Build Coastguard Worker }};
637*e1997b9aSAndroid Build Coastguard Worker (@into $enum_name:ident, [$($out:tt)*], []) => {
638*e1997b9aSAndroid Build Coastguard Worker impl From<$enum_name> for KmKeyParameter {
639*e1997b9aSAndroid Build Coastguard Worker fn from(x: $enum_name) -> Self {
640*e1997b9aSAndroid Build Coastguard Worker match x {
641*e1997b9aSAndroid Build Coastguard Worker $($out)*
642*e1997b9aSAndroid Build Coastguard Worker }
643*e1997b9aSAndroid Build Coastguard Worker }
644*e1997b9aSAndroid Build Coastguard Worker }
645*e1997b9aSAndroid Build Coastguard Worker };
646*e1997b9aSAndroid Build Coastguard Worker
647*e1997b9aSAndroid Build Coastguard Worker
648*e1997b9aSAndroid Build Coastguard Worker ($enum_name:ident; $($vname:ident$(($vtype:ty))? $tag_name:ident $field_name:ident),*) => {
649*e1997b9aSAndroid Build Coastguard Worker implement_try_from_to_km_parameter!(
650*e1997b9aSAndroid Build Coastguard Worker @from $enum_name,
651*e1997b9aSAndroid Build Coastguard Worker [],
652*e1997b9aSAndroid Build Coastguard Worker [$($vname$(($vtype))? $tag_name $field_name,)*]
653*e1997b9aSAndroid Build Coastguard Worker );
654*e1997b9aSAndroid Build Coastguard Worker implement_try_from_to_km_parameter!(
655*e1997b9aSAndroid Build Coastguard Worker @into $enum_name,
656*e1997b9aSAndroid Build Coastguard Worker [],
657*e1997b9aSAndroid Build Coastguard Worker [$($vname$(($vtype))? $tag_name $field_name,)*]
658*e1997b9aSAndroid Build Coastguard Worker );
659*e1997b9aSAndroid Build Coastguard Worker };
660*e1997b9aSAndroid Build Coastguard Worker }
661*e1997b9aSAndroid Build Coastguard Worker
662*e1997b9aSAndroid Build Coastguard Worker /// This is the top level macro. While the other macros do most of the heavy lifting, this takes
663*e1997b9aSAndroid Build Coastguard Worker /// the key parameter list and passes it on to the other macros to generate all of the conversion
664*e1997b9aSAndroid Build Coastguard Worker /// functions. In addition, it generates an important test vector for verifying that tag type of the
665*e1997b9aSAndroid Build Coastguard Worker /// keymint tag matches the associated keymint KeyParameterValue field.
666*e1997b9aSAndroid Build Coastguard Worker macro_rules! implement_key_parameter_value {
667*e1997b9aSAndroid Build Coastguard Worker (
668*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta:meta])*
669*e1997b9aSAndroid Build Coastguard Worker $enum_vis:vis enum $enum_name:ident {
670*e1997b9aSAndroid Build Coastguard Worker $(
671*e1997b9aSAndroid Build Coastguard Worker $(#[$($emeta:tt)+])*
672*e1997b9aSAndroid Build Coastguard Worker $vname:ident$(($vtype:ty))?
673*e1997b9aSAndroid Build Coastguard Worker ),* $(,)?
674*e1997b9aSAndroid Build Coastguard Worker }
675*e1997b9aSAndroid Build Coastguard Worker ) => {
676*e1997b9aSAndroid Build Coastguard Worker implement_key_parameter_value!{
677*e1997b9aSAndroid Build Coastguard Worker @extract_attr
678*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta])*
679*e1997b9aSAndroid Build Coastguard Worker $enum_vis enum $enum_name {
680*e1997b9aSAndroid Build Coastguard Worker []
681*e1997b9aSAndroid Build Coastguard Worker [$(
682*e1997b9aSAndroid Build Coastguard Worker [] [$(#[$($emeta)+])*]
683*e1997b9aSAndroid Build Coastguard Worker $vname$(($vtype))?,
684*e1997b9aSAndroid Build Coastguard Worker )*]
685*e1997b9aSAndroid Build Coastguard Worker }
686*e1997b9aSAndroid Build Coastguard Worker }
687*e1997b9aSAndroid Build Coastguard Worker };
688*e1997b9aSAndroid Build Coastguard Worker
689*e1997b9aSAndroid Build Coastguard Worker (
690*e1997b9aSAndroid Build Coastguard Worker @extract_attr
691*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta:meta])*
692*e1997b9aSAndroid Build Coastguard Worker $enum_vis:vis enum $enum_name:ident {
693*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*]
694*e1997b9aSAndroid Build Coastguard Worker [
695*e1997b9aSAndroid Build Coastguard Worker [$(#[$mout:meta])*]
696*e1997b9aSAndroid Build Coastguard Worker [
697*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = $tag_name:ident, field = $field_name:ident)]
698*e1997b9aSAndroid Build Coastguard Worker $(#[$($mtail:tt)+])*
699*e1997b9aSAndroid Build Coastguard Worker ]
700*e1997b9aSAndroid Build Coastguard Worker $vname:ident$(($vtype:ty))?,
701*e1997b9aSAndroid Build Coastguard Worker $($tail:tt)*
702*e1997b9aSAndroid Build Coastguard Worker ]
703*e1997b9aSAndroid Build Coastguard Worker }
704*e1997b9aSAndroid Build Coastguard Worker ) => {
705*e1997b9aSAndroid Build Coastguard Worker implement_key_parameter_value!{
706*e1997b9aSAndroid Build Coastguard Worker @extract_attr
707*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta])*
708*e1997b9aSAndroid Build Coastguard Worker $enum_vis enum $enum_name {
709*e1997b9aSAndroid Build Coastguard Worker [
710*e1997b9aSAndroid Build Coastguard Worker $($out)*
711*e1997b9aSAndroid Build Coastguard Worker $(#[$mout])*
712*e1997b9aSAndroid Build Coastguard Worker $(#[$($mtail)+])*
713*e1997b9aSAndroid Build Coastguard Worker $tag_name $field_name $vname$(($vtype))?,
714*e1997b9aSAndroid Build Coastguard Worker ]
715*e1997b9aSAndroid Build Coastguard Worker [$($tail)*]
716*e1997b9aSAndroid Build Coastguard Worker }
717*e1997b9aSAndroid Build Coastguard Worker }
718*e1997b9aSAndroid Build Coastguard Worker };
719*e1997b9aSAndroid Build Coastguard Worker
720*e1997b9aSAndroid Build Coastguard Worker (
721*e1997b9aSAndroid Build Coastguard Worker @extract_attr
722*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta:meta])*
723*e1997b9aSAndroid Build Coastguard Worker $enum_vis:vis enum $enum_name:ident {
724*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*]
725*e1997b9aSAndroid Build Coastguard Worker [
726*e1997b9aSAndroid Build Coastguard Worker [$(#[$mout:meta])*]
727*e1997b9aSAndroid Build Coastguard Worker [
728*e1997b9aSAndroid Build Coastguard Worker #[$front:meta]
729*e1997b9aSAndroid Build Coastguard Worker $(#[$($mtail:tt)+])*
730*e1997b9aSAndroid Build Coastguard Worker ]
731*e1997b9aSAndroid Build Coastguard Worker $vname:ident$(($vtype:ty))?,
732*e1997b9aSAndroid Build Coastguard Worker $($tail:tt)*
733*e1997b9aSAndroid Build Coastguard Worker ]
734*e1997b9aSAndroid Build Coastguard Worker }
735*e1997b9aSAndroid Build Coastguard Worker ) => {
736*e1997b9aSAndroid Build Coastguard Worker implement_key_parameter_value!{
737*e1997b9aSAndroid Build Coastguard Worker @extract_attr
738*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta])*
739*e1997b9aSAndroid Build Coastguard Worker $enum_vis enum $enum_name {
740*e1997b9aSAndroid Build Coastguard Worker [$($out)*]
741*e1997b9aSAndroid Build Coastguard Worker [
742*e1997b9aSAndroid Build Coastguard Worker [
743*e1997b9aSAndroid Build Coastguard Worker $(#[$mout])*
744*e1997b9aSAndroid Build Coastguard Worker #[$front]
745*e1997b9aSAndroid Build Coastguard Worker ]
746*e1997b9aSAndroid Build Coastguard Worker [$(#[$($mtail)+])*]
747*e1997b9aSAndroid Build Coastguard Worker $vname$(($vtype))?,
748*e1997b9aSAndroid Build Coastguard Worker $($tail)*
749*e1997b9aSAndroid Build Coastguard Worker ]
750*e1997b9aSAndroid Build Coastguard Worker }
751*e1997b9aSAndroid Build Coastguard Worker }
752*e1997b9aSAndroid Build Coastguard Worker };
753*e1997b9aSAndroid Build Coastguard Worker
754*e1997b9aSAndroid Build Coastguard Worker (
755*e1997b9aSAndroid Build Coastguard Worker @extract_attr
756*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta:meta])*
757*e1997b9aSAndroid Build Coastguard Worker $enum_vis:vis enum $enum_name:ident {
758*e1997b9aSAndroid Build Coastguard Worker [$($out:tt)*]
759*e1997b9aSAndroid Build Coastguard Worker []
760*e1997b9aSAndroid Build Coastguard Worker }
761*e1997b9aSAndroid Build Coastguard Worker ) => {
762*e1997b9aSAndroid Build Coastguard Worker implement_key_parameter_value!{
763*e1997b9aSAndroid Build Coastguard Worker @spill
764*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta])*
765*e1997b9aSAndroid Build Coastguard Worker $enum_vis enum $enum_name {
766*e1997b9aSAndroid Build Coastguard Worker $($out)*
767*e1997b9aSAndroid Build Coastguard Worker }
768*e1997b9aSAndroid Build Coastguard Worker }
769*e1997b9aSAndroid Build Coastguard Worker };
770*e1997b9aSAndroid Build Coastguard Worker
771*e1997b9aSAndroid Build Coastguard Worker (
772*e1997b9aSAndroid Build Coastguard Worker @spill
773*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta:meta])*
774*e1997b9aSAndroid Build Coastguard Worker $enum_vis:vis enum $enum_name:ident {
775*e1997b9aSAndroid Build Coastguard Worker $(
776*e1997b9aSAndroid Build Coastguard Worker $(#[$emeta:meta])*
777*e1997b9aSAndroid Build Coastguard Worker $tag_name:ident $field_name:ident $vname:ident$(($vtype:ty))?,
778*e1997b9aSAndroid Build Coastguard Worker )*
779*e1997b9aSAndroid Build Coastguard Worker }
780*e1997b9aSAndroid Build Coastguard Worker ) => {
781*e1997b9aSAndroid Build Coastguard Worker implement_enum!(
782*e1997b9aSAndroid Build Coastguard Worker $(#[$enum_meta])*
783*e1997b9aSAndroid Build Coastguard Worker $enum_vis enum $enum_name {
784*e1997b9aSAndroid Build Coastguard Worker $(
785*e1997b9aSAndroid Build Coastguard Worker $(#[$emeta])*
786*e1997b9aSAndroid Build Coastguard Worker $vname$(($vtype))?
787*e1997b9aSAndroid Build Coastguard Worker ),*
788*e1997b9aSAndroid Build Coastguard Worker });
789*e1997b9aSAndroid Build Coastguard Worker
790*e1997b9aSAndroid Build Coastguard Worker impl $enum_name {
791*e1997b9aSAndroid Build Coastguard Worker implement_new_from_sql!($enum_name; $($vname$(($vtype))? $tag_name),*);
792*e1997b9aSAndroid Build Coastguard Worker implement_get_tag!($enum_name; $($vname$(($vtype))? $tag_name),*);
793*e1997b9aSAndroid Build Coastguard Worker implement_from_tag_primitive_pair!($enum_name; $($vname$(($vtype))? $tag_name),*);
794*e1997b9aSAndroid Build Coastguard Worker
795*e1997b9aSAndroid Build Coastguard Worker #[cfg(test)]
796*e1997b9aSAndroid Build Coastguard Worker fn make_field_matches_tag_type_test_vector() -> Vec<KmKeyParameter> {
797*e1997b9aSAndroid Build Coastguard Worker vec![$(KmKeyParameter{
798*e1997b9aSAndroid Build Coastguard Worker tag: Tag::$tag_name,
799*e1997b9aSAndroid Build Coastguard Worker value: KmKeyParameterValue::$field_name(Default::default())}
800*e1997b9aSAndroid Build Coastguard Worker ),*]
801*e1997b9aSAndroid Build Coastguard Worker }
802*e1997b9aSAndroid Build Coastguard Worker
803*e1997b9aSAndroid Build Coastguard Worker #[cfg(test)]
804*e1997b9aSAndroid Build Coastguard Worker fn make_key_parameter_defaults_vector() -> Vec<KeyParameter> {
805*e1997b9aSAndroid Build Coastguard Worker vec![$(KeyParameter{
806*e1997b9aSAndroid Build Coastguard Worker value: KeyParameterValue::$vname$((<$vtype as Default>::default()))?,
807*e1997b9aSAndroid Build Coastguard Worker security_level: SecurityLevel(100),
808*e1997b9aSAndroid Build Coastguard Worker }),*]
809*e1997b9aSAndroid Build Coastguard Worker }
810*e1997b9aSAndroid Build Coastguard Worker }
811*e1997b9aSAndroid Build Coastguard Worker
812*e1997b9aSAndroid Build Coastguard Worker implement_try_from_to_km_parameter!(
813*e1997b9aSAndroid Build Coastguard Worker $enum_name;
814*e1997b9aSAndroid Build Coastguard Worker $($vname$(($vtype))? $tag_name $field_name),*
815*e1997b9aSAndroid Build Coastguard Worker );
816*e1997b9aSAndroid Build Coastguard Worker
817*e1997b9aSAndroid Build Coastguard Worker implement_to_sql!($enum_name; $($vname$(($vtype))?),*);
818*e1997b9aSAndroid Build Coastguard Worker };
819*e1997b9aSAndroid Build Coastguard Worker }
820*e1997b9aSAndroid Build Coastguard Worker
821*e1997b9aSAndroid Build Coastguard Worker implement_key_parameter_value! {
822*e1997b9aSAndroid Build Coastguard Worker /// KeyParameterValue holds a value corresponding to one of the Tags defined in
823*e1997b9aSAndroid Build Coastguard Worker /// the AIDL spec at hardware/interfaces/security/keymint
824*e1997b9aSAndroid Build Coastguard Worker #[derive(Debug, Clone, Eq, PartialEq, Ord, PartialOrd, Deserialize, Serialize)]
825*e1997b9aSAndroid Build Coastguard Worker pub enum KeyParameterValue {
826*e1997b9aSAndroid Build Coastguard Worker /// Associated with Tag:INVALID
827*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = INVALID, field = Invalid)]
828*e1997b9aSAndroid Build Coastguard Worker Invalid,
829*e1997b9aSAndroid Build Coastguard Worker /// Set of purposes for which the key may be used
830*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
831*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
832*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = PURPOSE, field = KeyPurpose)]
833*e1997b9aSAndroid Build Coastguard Worker KeyPurpose(KeyPurpose),
834*e1997b9aSAndroid Build Coastguard Worker /// Cryptographic algorithm with which the key is used
835*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
836*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
837*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ALGORITHM, field = Algorithm)]
838*e1997b9aSAndroid Build Coastguard Worker Algorithm(Algorithm),
839*e1997b9aSAndroid Build Coastguard Worker /// Size of the key , in bits
840*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = KEY_SIZE, field = Integer)]
841*e1997b9aSAndroid Build Coastguard Worker KeySize(i32),
842*e1997b9aSAndroid Build Coastguard Worker /// Block cipher mode(s) with which the key may be used
843*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
844*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
845*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = BLOCK_MODE, field = BlockMode)]
846*e1997b9aSAndroid Build Coastguard Worker BlockMode(BlockMode),
847*e1997b9aSAndroid Build Coastguard Worker /// Digest algorithms that may be used with the key to perform signing and verification
848*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
849*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
850*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = DIGEST, field = Digest)]
851*e1997b9aSAndroid Build Coastguard Worker Digest(Digest),
852*e1997b9aSAndroid Build Coastguard Worker /// Digest algorithms that can be used for MGF in RSA-OAEP.
853*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
854*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
855*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = RSA_OAEP_MGF_DIGEST, field = Digest)]
856*e1997b9aSAndroid Build Coastguard Worker RsaOaepMgfDigest(Digest),
857*e1997b9aSAndroid Build Coastguard Worker /// Padding modes that may be used with the key. Relevant to RSA, AES and 3DES keys.
858*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
859*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
860*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = PADDING, field = PaddingMode)]
861*e1997b9aSAndroid Build Coastguard Worker PaddingMode(PaddingMode),
862*e1997b9aSAndroid Build Coastguard Worker /// Can the caller provide a nonce for nonce-requiring operations
863*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = CALLER_NONCE, field = BoolValue)]
864*e1997b9aSAndroid Build Coastguard Worker CallerNonce,
865*e1997b9aSAndroid Build Coastguard Worker /// Minimum length of MAC for HMAC keys and AES keys that support GCM mode
866*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = MIN_MAC_LENGTH, field = Integer)]
867*e1997b9aSAndroid Build Coastguard Worker MinMacLength(i32),
868*e1997b9aSAndroid Build Coastguard Worker /// The elliptic curve
869*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
870*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
871*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = EC_CURVE, field = EcCurve)]
872*e1997b9aSAndroid Build Coastguard Worker EcCurve(EcCurve),
873*e1997b9aSAndroid Build Coastguard Worker /// Value of the public exponent for an RSA key pair
874*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = RSA_PUBLIC_EXPONENT, field = LongInteger)]
875*e1997b9aSAndroid Build Coastguard Worker RSAPublicExponent(i64),
876*e1997b9aSAndroid Build Coastguard Worker /// An attestation certificate for the generated key should contain an application-scoped
877*e1997b9aSAndroid Build Coastguard Worker /// and time-bounded device-unique ID
878*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = INCLUDE_UNIQUE_ID, field = BoolValue)]
879*e1997b9aSAndroid Build Coastguard Worker IncludeUniqueID,
880*e1997b9aSAndroid Build Coastguard Worker //TODO: find out about this
881*e1997b9aSAndroid Build Coastguard Worker // /// Necessary system environment conditions for the generated key to be used
882*e1997b9aSAndroid Build Coastguard Worker // KeyBlobUsageRequirements(KeyBlobUsageRequirements),
883*e1997b9aSAndroid Build Coastguard Worker /// Only the boot loader can use the key
884*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = BOOTLOADER_ONLY, field = BoolValue)]
885*e1997b9aSAndroid Build Coastguard Worker BootLoaderOnly,
886*e1997b9aSAndroid Build Coastguard Worker /// When deleted, the key is guaranteed to be permanently deleted and unusable
887*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ROLLBACK_RESISTANCE, field = BoolValue)]
888*e1997b9aSAndroid Build Coastguard Worker RollbackResistance,
889*e1997b9aSAndroid Build Coastguard Worker /// The Key shall only be used during the early boot stage
890*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = EARLY_BOOT_ONLY, field = BoolValue)]
891*e1997b9aSAndroid Build Coastguard Worker EarlyBootOnly,
892*e1997b9aSAndroid Build Coastguard Worker /// The date and time at which the key becomes active
893*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ACTIVE_DATETIME, field = DateTime)]
894*e1997b9aSAndroid Build Coastguard Worker ActiveDateTime(i64),
895*e1997b9aSAndroid Build Coastguard Worker /// The date and time at which the key expires for signing and encryption
896*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ORIGINATION_EXPIRE_DATETIME, field = DateTime)]
897*e1997b9aSAndroid Build Coastguard Worker OriginationExpireDateTime(i64),
898*e1997b9aSAndroid Build Coastguard Worker /// The date and time at which the key expires for verification and decryption
899*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = USAGE_EXPIRE_DATETIME, field = DateTime)]
900*e1997b9aSAndroid Build Coastguard Worker UsageExpireDateTime(i64),
901*e1997b9aSAndroid Build Coastguard Worker /// Minimum amount of time that elapses between allowed operations
902*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = MIN_SECONDS_BETWEEN_OPS, field = Integer)]
903*e1997b9aSAndroid Build Coastguard Worker MinSecondsBetweenOps(i32),
904*e1997b9aSAndroid Build Coastguard Worker /// Maximum number of times that a key may be used between system reboots
905*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = MAX_USES_PER_BOOT, field = Integer)]
906*e1997b9aSAndroid Build Coastguard Worker MaxUsesPerBoot(i32),
907*e1997b9aSAndroid Build Coastguard Worker /// The number of times that a limited use key can be used
908*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = USAGE_COUNT_LIMIT, field = Integer)]
909*e1997b9aSAndroid Build Coastguard Worker UsageCountLimit(i32),
910*e1997b9aSAndroid Build Coastguard Worker /// ID of the Android user that is permitted to use the key
911*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = USER_ID, field = Integer)]
912*e1997b9aSAndroid Build Coastguard Worker UserID(i32),
913*e1997b9aSAndroid Build Coastguard Worker /// A key may only be used under a particular secure user authentication state
914*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = USER_SECURE_ID, field = LongInteger)]
915*e1997b9aSAndroid Build Coastguard Worker UserSecureID(i64),
916*e1997b9aSAndroid Build Coastguard Worker /// No authentication is required to use this key
917*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = NO_AUTH_REQUIRED, field = BoolValue)]
918*e1997b9aSAndroid Build Coastguard Worker NoAuthRequired,
919*e1997b9aSAndroid Build Coastguard Worker /// The types of user authenticators that may be used to authorize this key
920*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
921*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
922*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = USER_AUTH_TYPE, field = HardwareAuthenticatorType)]
923*e1997b9aSAndroid Build Coastguard Worker HardwareAuthenticatorType(HardwareAuthenticatorType),
924*e1997b9aSAndroid Build Coastguard Worker /// The time in seconds for which the key is authorized for use, after user authentication
925*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = AUTH_TIMEOUT, field = Integer)]
926*e1997b9aSAndroid Build Coastguard Worker AuthTimeout(i32),
927*e1997b9aSAndroid Build Coastguard Worker /// The key's authentication timeout, if it has one, is automatically expired when the device is
928*e1997b9aSAndroid Build Coastguard Worker /// removed from the user's body. No longer implemented; this tag is no longer enforced.
929*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ALLOW_WHILE_ON_BODY, field = BoolValue)]
930*e1997b9aSAndroid Build Coastguard Worker AllowWhileOnBody,
931*e1997b9aSAndroid Build Coastguard Worker /// The key must be unusable except when the user has provided proof of physical presence
932*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = TRUSTED_USER_PRESENCE_REQUIRED, field = BoolValue)]
933*e1997b9aSAndroid Build Coastguard Worker TrustedUserPresenceRequired,
934*e1997b9aSAndroid Build Coastguard Worker /// Applicable to keys with KeyPurpose SIGN, and specifies that this key must not be usable
935*e1997b9aSAndroid Build Coastguard Worker /// unless the user provides confirmation of the data to be signed
936*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = TRUSTED_CONFIRMATION_REQUIRED, field = BoolValue)]
937*e1997b9aSAndroid Build Coastguard Worker TrustedConfirmationRequired,
938*e1997b9aSAndroid Build Coastguard Worker /// The key may only be used when the device is unlocked
939*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = UNLOCKED_DEVICE_REQUIRED, field = BoolValue)]
940*e1997b9aSAndroid Build Coastguard Worker UnlockedDeviceRequired,
941*e1997b9aSAndroid Build Coastguard Worker /// When provided to generateKey or importKey, this tag specifies data
942*e1997b9aSAndroid Build Coastguard Worker /// that is necessary during all uses of the key
943*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = APPLICATION_ID, field = Blob)]
944*e1997b9aSAndroid Build Coastguard Worker ApplicationID(Vec<u8>),
945*e1997b9aSAndroid Build Coastguard Worker /// When provided to generateKey or importKey, this tag specifies data
946*e1997b9aSAndroid Build Coastguard Worker /// that is necessary during all uses of the key
947*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = APPLICATION_DATA, field = Blob)]
948*e1997b9aSAndroid Build Coastguard Worker ApplicationData(Vec<u8>),
949*e1997b9aSAndroid Build Coastguard Worker /// Specifies the date and time the key was created
950*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = CREATION_DATETIME, field = DateTime)]
951*e1997b9aSAndroid Build Coastguard Worker CreationDateTime(i64),
952*e1997b9aSAndroid Build Coastguard Worker /// Specifies where the key was created, if known
953*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
954*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
955*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ORIGIN, field = Origin)]
956*e1997b9aSAndroid Build Coastguard Worker KeyOrigin(KeyOrigin),
957*e1997b9aSAndroid Build Coastguard Worker /// The key used by verified boot to validate the operating system booted
958*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ROOT_OF_TRUST, field = Blob)]
959*e1997b9aSAndroid Build Coastguard Worker RootOfTrust(Vec<u8>),
960*e1997b9aSAndroid Build Coastguard Worker /// System OS version with which the key may be used
961*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = OS_VERSION, field = Integer)]
962*e1997b9aSAndroid Build Coastguard Worker OSVersion(i32),
963*e1997b9aSAndroid Build Coastguard Worker /// Specifies the system security patch level with which the key may be used
964*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = OS_PATCHLEVEL, field = Integer)]
965*e1997b9aSAndroid Build Coastguard Worker OSPatchLevel(i32),
966*e1997b9aSAndroid Build Coastguard Worker /// Specifies a unique, time-based identifier
967*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = UNIQUE_ID, field = Blob)]
968*e1997b9aSAndroid Build Coastguard Worker UniqueID(Vec<u8>),
969*e1997b9aSAndroid Build Coastguard Worker /// Used to deliver a "challenge" value to the attestKey() method
970*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_CHALLENGE, field = Blob)]
971*e1997b9aSAndroid Build Coastguard Worker AttestationChallenge(Vec<u8>),
972*e1997b9aSAndroid Build Coastguard Worker /// The set of applications which may use a key, used only with attestKey()
973*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_APPLICATION_ID, field = Blob)]
974*e1997b9aSAndroid Build Coastguard Worker AttestationApplicationID(Vec<u8>),
975*e1997b9aSAndroid Build Coastguard Worker /// Provides the device's brand name, to attestKey()
976*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_ID_BRAND, field = Blob)]
977*e1997b9aSAndroid Build Coastguard Worker AttestationIdBrand(Vec<u8>),
978*e1997b9aSAndroid Build Coastguard Worker /// Provides the device's device name, to attestKey()
979*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_ID_DEVICE, field = Blob)]
980*e1997b9aSAndroid Build Coastguard Worker AttestationIdDevice(Vec<u8>),
981*e1997b9aSAndroid Build Coastguard Worker /// Provides the device's product name, to attestKey()
982*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_ID_PRODUCT, field = Blob)]
983*e1997b9aSAndroid Build Coastguard Worker AttestationIdProduct(Vec<u8>),
984*e1997b9aSAndroid Build Coastguard Worker /// Provides the device's serial number, to attestKey()
985*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_ID_SERIAL, field = Blob)]
986*e1997b9aSAndroid Build Coastguard Worker AttestationIdSerial(Vec<u8>),
987*e1997b9aSAndroid Build Coastguard Worker /// Provides the primary IMEI for the device, to attestKey()
988*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_ID_IMEI, field = Blob)]
989*e1997b9aSAndroid Build Coastguard Worker AttestationIdIMEI(Vec<u8>),
990*e1997b9aSAndroid Build Coastguard Worker /// Provides a second IMEI for the device, to attestKey()
991*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_ID_SECOND_IMEI, field = Blob)]
992*e1997b9aSAndroid Build Coastguard Worker AttestationIdSecondIMEI(Vec<u8>),
993*e1997b9aSAndroid Build Coastguard Worker /// Provides the MEIDs for all radios on the device, to attestKey()
994*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_ID_MEID, field = Blob)]
995*e1997b9aSAndroid Build Coastguard Worker AttestationIdMEID(Vec<u8>),
996*e1997b9aSAndroid Build Coastguard Worker /// Provides the device's manufacturer name, to attestKey()
997*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_ID_MANUFACTURER, field = Blob)]
998*e1997b9aSAndroid Build Coastguard Worker AttestationIdManufacturer(Vec<u8>),
999*e1997b9aSAndroid Build Coastguard Worker /// Provides the device's model name, to attestKey()
1000*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ATTESTATION_ID_MODEL, field = Blob)]
1001*e1997b9aSAndroid Build Coastguard Worker AttestationIdModel(Vec<u8>),
1002*e1997b9aSAndroid Build Coastguard Worker /// Specifies the vendor image security patch level with which the key may be used
1003*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = VENDOR_PATCHLEVEL, field = Integer)]
1004*e1997b9aSAndroid Build Coastguard Worker VendorPatchLevel(i32),
1005*e1997b9aSAndroid Build Coastguard Worker /// Specifies the boot image (kernel) security patch level with which the key may be used
1006*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = BOOT_PATCHLEVEL, field = Integer)]
1007*e1997b9aSAndroid Build Coastguard Worker BootPatchLevel(i32),
1008*e1997b9aSAndroid Build Coastguard Worker /// Provides "associated data" for AES-GCM encryption or decryption
1009*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = ASSOCIATED_DATA, field = Blob)]
1010*e1997b9aSAndroid Build Coastguard Worker AssociatedData(Vec<u8>),
1011*e1997b9aSAndroid Build Coastguard Worker /// Provides or returns a nonce or Initialization Vector (IV) for AES-GCM,
1012*e1997b9aSAndroid Build Coastguard Worker /// AES-CBC, AES-CTR, or 3DES-CBC encryption or decryption
1013*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = NONCE, field = Blob)]
1014*e1997b9aSAndroid Build Coastguard Worker Nonce(Vec<u8>),
1015*e1997b9aSAndroid Build Coastguard Worker /// Provides the requested length of a MAC or GCM authentication tag, in bits
1016*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = MAC_LENGTH, field = Integer)]
1017*e1997b9aSAndroid Build Coastguard Worker MacLength(i32),
1018*e1997b9aSAndroid Build Coastguard Worker /// Specifies whether the device has been factory reset since the
1019*e1997b9aSAndroid Build Coastguard Worker /// last unique ID rotation. Used for key attestation
1020*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = RESET_SINCE_ID_ROTATION, field = BoolValue)]
1021*e1997b9aSAndroid Build Coastguard Worker ResetSinceIdRotation,
1022*e1997b9aSAndroid Build Coastguard Worker /// Used to deliver a cryptographic token proving that the user
1023*e1997b9aSAndroid Build Coastguard Worker /// confirmed a signing request
1024*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = CONFIRMATION_TOKEN, field = Blob)]
1025*e1997b9aSAndroid Build Coastguard Worker ConfirmationToken(Vec<u8>),
1026*e1997b9aSAndroid Build Coastguard Worker /// Used to deliver the certificate serial number to the KeyMint instance
1027*e1997b9aSAndroid Build Coastguard Worker /// certificate generation.
1028*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = CERTIFICATE_SERIAL, field = Blob)]
1029*e1997b9aSAndroid Build Coastguard Worker CertificateSerial(Vec<u8>),
1030*e1997b9aSAndroid Build Coastguard Worker /// Used to deliver the certificate subject to the KeyMint instance
1031*e1997b9aSAndroid Build Coastguard Worker /// certificate generation. This must be DER encoded X509 name.
1032*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = CERTIFICATE_SUBJECT, field = Blob)]
1033*e1997b9aSAndroid Build Coastguard Worker CertificateSubject(Vec<u8>),
1034*e1997b9aSAndroid Build Coastguard Worker /// Used to deliver the not before date in milliseconds to KeyMint during key generation/import.
1035*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = CERTIFICATE_NOT_BEFORE, field = DateTime)]
1036*e1997b9aSAndroid Build Coastguard Worker CertificateNotBefore(i64),
1037*e1997b9aSAndroid Build Coastguard Worker /// Used to deliver the not after date in milliseconds to KeyMint during key generation/import.
1038*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = CERTIFICATE_NOT_AFTER, field = DateTime)]
1039*e1997b9aSAndroid Build Coastguard Worker CertificateNotAfter(i64),
1040*e1997b9aSAndroid Build Coastguard Worker /// Specifies a maximum boot level at which a key should function
1041*e1997b9aSAndroid Build Coastguard Worker #[key_param(tag = MAX_BOOT_LEVEL, field = Integer)]
1042*e1997b9aSAndroid Build Coastguard Worker MaxBootLevel(i32),
1043*e1997b9aSAndroid Build Coastguard Worker }
1044*e1997b9aSAndroid Build Coastguard Worker }
1045*e1997b9aSAndroid Build Coastguard Worker
1046*e1997b9aSAndroid Build Coastguard Worker impl From<&KmKeyParameter> for KeyParameterValue {
from(kp: &KmKeyParameter) -> Self1047*e1997b9aSAndroid Build Coastguard Worker fn from(kp: &KmKeyParameter) -> Self {
1048*e1997b9aSAndroid Build Coastguard Worker kp.clone().into()
1049*e1997b9aSAndroid Build Coastguard Worker }
1050*e1997b9aSAndroid Build Coastguard Worker }
1051*e1997b9aSAndroid Build Coastguard Worker
1052*e1997b9aSAndroid Build Coastguard Worker /// KeyParameter wraps the KeyParameterValue and the security level at which it is enforced.
1053*e1997b9aSAndroid Build Coastguard Worker #[derive(Debug, Clone, Eq, PartialEq, Ord, PartialOrd, Serialize, Deserialize)]
1054*e1997b9aSAndroid Build Coastguard Worker pub struct KeyParameter {
1055*e1997b9aSAndroid Build Coastguard Worker value: KeyParameterValue,
1056*e1997b9aSAndroid Build Coastguard Worker #[serde(deserialize_with = "deserialize_primitive")]
1057*e1997b9aSAndroid Build Coastguard Worker #[serde(serialize_with = "serialize_primitive")]
1058*e1997b9aSAndroid Build Coastguard Worker security_level: SecurityLevel,
1059*e1997b9aSAndroid Build Coastguard Worker }
1060*e1997b9aSAndroid Build Coastguard Worker
1061*e1997b9aSAndroid Build Coastguard Worker impl KeyParameter {
1062*e1997b9aSAndroid Build Coastguard Worker /// Create an instance of KeyParameter, given the value and the security level.
new(value: KeyParameterValue, security_level: SecurityLevel) -> Self1063*e1997b9aSAndroid Build Coastguard Worker pub fn new(value: KeyParameterValue, security_level: SecurityLevel) -> Self {
1064*e1997b9aSAndroid Build Coastguard Worker KeyParameter { value, security_level }
1065*e1997b9aSAndroid Build Coastguard Worker }
1066*e1997b9aSAndroid Build Coastguard Worker
1067*e1997b9aSAndroid Build Coastguard Worker /// Construct a KeyParameter from the data from a rusqlite row.
1068*e1997b9aSAndroid Build Coastguard Worker /// Note that following variants of KeyParameterValue should not be stored:
1069*e1997b9aSAndroid Build Coastguard Worker /// IncludeUniqueID, ApplicationID, ApplicationData, RootOfTrust, UniqueID,
1070*e1997b9aSAndroid Build Coastguard Worker /// Attestation*, AssociatedData, Nonce, MacLength, ResetSinceIdRotation, ConfirmationToken.
1071*e1997b9aSAndroid Build Coastguard Worker /// This filtering is enforced at a higher level and here we support conversion for all the
1072*e1997b9aSAndroid Build Coastguard Worker /// variants.
new_from_sql( tag_val: Tag, data: &SqlField, security_level_val: SecurityLevel, ) -> Result<Self>1073*e1997b9aSAndroid Build Coastguard Worker pub fn new_from_sql(
1074*e1997b9aSAndroid Build Coastguard Worker tag_val: Tag,
1075*e1997b9aSAndroid Build Coastguard Worker data: &SqlField,
1076*e1997b9aSAndroid Build Coastguard Worker security_level_val: SecurityLevel,
1077*e1997b9aSAndroid Build Coastguard Worker ) -> Result<Self> {
1078*e1997b9aSAndroid Build Coastguard Worker Ok(Self {
1079*e1997b9aSAndroid Build Coastguard Worker value: KeyParameterValue::new_from_sql(tag_val, data)?,
1080*e1997b9aSAndroid Build Coastguard Worker security_level: security_level_val,
1081*e1997b9aSAndroid Build Coastguard Worker })
1082*e1997b9aSAndroid Build Coastguard Worker }
1083*e1997b9aSAndroid Build Coastguard Worker
1084*e1997b9aSAndroid Build Coastguard Worker /// Get the KeyMint Tag of this this key parameter.
get_tag(&self) -> Tag1085*e1997b9aSAndroid Build Coastguard Worker pub fn get_tag(&self) -> Tag {
1086*e1997b9aSAndroid Build Coastguard Worker self.value.get_tag()
1087*e1997b9aSAndroid Build Coastguard Worker }
1088*e1997b9aSAndroid Build Coastguard Worker
1089*e1997b9aSAndroid Build Coastguard Worker /// Returns key parameter value.
key_parameter_value(&self) -> &KeyParameterValue1090*e1997b9aSAndroid Build Coastguard Worker pub fn key_parameter_value(&self) -> &KeyParameterValue {
1091*e1997b9aSAndroid Build Coastguard Worker &self.value
1092*e1997b9aSAndroid Build Coastguard Worker }
1093*e1997b9aSAndroid Build Coastguard Worker
1094*e1997b9aSAndroid Build Coastguard Worker /// Returns the security level of this key parameter.
security_level(&self) -> &SecurityLevel1095*e1997b9aSAndroid Build Coastguard Worker pub fn security_level(&self) -> &SecurityLevel {
1096*e1997b9aSAndroid Build Coastguard Worker &self.security_level
1097*e1997b9aSAndroid Build Coastguard Worker }
1098*e1997b9aSAndroid Build Coastguard Worker
1099*e1997b9aSAndroid Build Coastguard Worker /// An authorization is a KeyParameter with an associated security level that is used
1100*e1997b9aSAndroid Build Coastguard Worker /// to convey the key characteristics to keystore clients. This function consumes
1101*e1997b9aSAndroid Build Coastguard Worker /// an internal KeyParameter representation to produce the Authorization wire type.
into_authorization(self) -> Authorization1102*e1997b9aSAndroid Build Coastguard Worker pub fn into_authorization(self) -> Authorization {
1103*e1997b9aSAndroid Build Coastguard Worker Authorization { securityLevel: self.security_level, keyParameter: self.value.into() }
1104*e1997b9aSAndroid Build Coastguard Worker }
1105*e1997b9aSAndroid Build Coastguard Worker }
1106