Various cleanups

 * limitations under the License.

 */

#ifndef VTS_KEYMINT_AIDL_TEST_UTILS_H

#define VTS_KEYMINT_AIDL_TEST_UTILS_H

#pragma once

#include <aidl/Gtest.h>

#include <aidl/Vintf.h>

#include <android/hardware/security/keymint/ErrorCode.h>

#include <android/hardware/security/keymint/IKeyMintDevice.h>

#include <binder/IServiceManager.h>

#include <binder/ProcessState.h>

#include <gtest/gtest.h>

#include <android/hardware/security/keymint/ErrorCode.h>

#include <android/hardware/security/keymint/IKeyMintDevice.h>

#include <keymint_support/authorization_set.h>

namespace android::hardware::security::keymint::test {

                             android::PrintInstanceNameToString)

}  // namespace android::hardware::security::keymint::test

#endif  // VTS_KEYMINT_AIDL_TEST_UTILS_H

#include <assert.h>

#include <android/hardware/security/keymint/Tag.h>

#include <android/hardware/security/keymint/TagType.h>

#include <android-base/logging.h>

#include <openssl/asn1t.h>

#include <openssl/evp.h>

#include <openssl/x509.h>

#include <android/hardware/security/keymint/Tag.h>

#include <android/hardware/security/keymint/TagType.h>

#include <keymint_support/authorization_set.h>

#include <keymint_support/openssl_utils.h>

}

ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,

                              vector<uint8_t>* verified_boot_key,

                              keymint_verified_boot_t* verified_boot_state, bool* device_locked,

                              vector<uint8_t>* verified_boot_hash) {

                              vector<uint8_t>* verified_boot_key, VerifiedBoot* verified_boot_state,

                              bool* device_locked, vector<uint8_t>* verified_boot_hash) {

    if (!verified_boot_key || !verified_boot_state || !device_locked || !verified_boot_hash) {

        LOG(ERROR) << AT << "null pointer input(s)";

        return ErrorCode::INVALID_ARGUMENT;

    verified_boot_key->resize(vb_key->length);

    memcpy(verified_boot_key->data(), vb_key->data, vb_key->length);

    *verified_boot_state = static_cast<keymint_verified_boot_t>(

            ASN1_ENUMERATED_get(root_of_trust->verified_boot_state));

    *verified_boot_state =

            static_cast<VerifiedBoot>(ASN1_ENUMERATED_get(root_of_trust->verified_boot_state));

    if (!verified_boot_state) {

        LOG(ERROR) << AT << " Failed verified boot state parsing";

        return ErrorCode::INVALID_ARGUMENT;

    }

}

void AuthorizationSet::Filter(std::function<bool(const KeyParameter&)> doKeep) {

    std::vector<KeyParameter> result;

    for (auto& param : data_) {

        if (doKeep(param)) {

            result.push_back(std::move(param));

        }

    }

    std::swap(data_, result);

}

KeyParameter& AuthorizationSet::operator[](int at) {

    return data_[at];

}

 */

static const char kAttestionRecordOid[] = "1.3.6.1.4.1.11129.2.1.17";

enum keymint_verified_boot_t {

    KM_VERIFIED_BOOT_VERIFIED = 0,

    KM_VERIFIED_BOOT_SELF_SIGNED = 1,

    KM_VERIFIED_BOOT_UNVERIFIED = 2,

    KM_VERIFIED_BOOT_FAILED = 3,

enum class VerifiedBoot : uint8_t {

    VERIFIED = 0,

    SELF_SIGNED = 1,

    UNVERIFIED = 2,

    FAILED = 3,

};

struct RootOfTrust {

    SecurityLevel security_level;

    vector<uint8_t> verified_boot_key;

    vector<uint8_t> verified_boot_hash;

    keymint_verified_boot_t verified_boot_state;

    VerifiedBoot verified_boot_state;

    bool device_locked;

};

ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,

                              std::vector<uint8_t>* verified_boot_key,

                              keymint_verified_boot_t* verified_boot_state, bool* device_locked,

                              VerifiedBoot* verified_boot_state, bool* device_locked,

                              std::vector<uint8_t>* verified_boot_hash);

}  // namespace android::hardware::security::keymint

 * limitations under the License.

 */

#ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_

#define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_

#pragma once

#include <vector>

    /**

     * Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration

     */

    std::vector<KeyParameter>::const_iterator begin() const { return data_.begin(); }

    auto begin() { return data_.begin(); }

    auto begin() const { return data_.begin(); }

    /**

     * Returns iterator (pointer) one past end of elems array, to enable STL-style iteration

     */

    std::vector<KeyParameter>::const_iterator end() const { return data_.end(); }

    auto end() { return data_.end(); }

    auto end() const { return data_.end(); }

    /**

     * Modifies this Authorization set such that it only keeps the entries for which doKeep

     * returns true.

     */

    void Filter(std::function<bool(const KeyParameter&)> doKeep);

    /**

     * Returns the nth element of the set.

     * Like for std::vector::operator[] there is no range check performed. Use of out of range

};

}  // namespace android::hardware::security::keymint

#endif  // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_