Digital Authentication Framework 6.0.1.33

daf_auth_identify.h

Go to the documentation of this file.
00001 /*
00002  * (c) 2014 Good Technology Corporation. All rights reserved.
00003  */
00004 
00005 #ifndef DAF_AUTH_IDENTIFY_H
00006 #define DAF_AUTH_IDENTIFY_H
00007 
00008 #include "../daf/DigitalAuthenticationFramework.h"
00009 
00038 #define DA_AUTH_HAS_CRYPTO      0x01000000  ///< Device can do cryptographic ops
00039 #define DA_AUTH_NO_CRYPTO       0x00000000  ///< Device has no usable crypto
00040 #define DA_AUTH_CRYPTO_MASK     0xff000000  ///< Mask for testing crypto capability
00041 
00042 
00043 #define DA_AUTH_AUTHENTICATED   0x00010000  ///< Device has \ref DA_PROTECTED_PATH and \ref DA_AUTHENTIC_PATH set
00044 #define DA_AUTH_PUBLIC          0x00000000  ///< Non-secure path to device (needs user password)
00045 #define DA_AUTH_AUTH_MASK       0x00ff0000  ///< Mask for testing secure path capability
00046 
00047 
00048 #define DA_AUTH_CRYPT_SYMM      0x00002000  ///< Can do symmetric crypto (encrypt/decrypt or MAC)
00049 #define DA_AUTH_CRYPT_ASYMM     0x00001000  ///< Can do asymmetic crypto (encrypt/decrypt or signature)
00050 #define DA_AUTH_CRYPT_INVERT    0x00000200  ///< Can do invertible transformation (i.e. encryption/decryption)
00051 #define DA_AUTH_CRYPT_ONEWAY    0x00000100  ///< Can do one-way transformation (signature or HMAC)
00052 #define DA_AUTH_CRYPT_MASK      0x0000ff00  ///< Mask for all crypto type flags
00053 #define DA_AUTH_CRYPT_SYMM_MASK 0x0000f000  ///< Mask for testing symmetric/asymmetric
00054 #define DA_AUTH_CRYPT_INVT_MASK 0x00000f00  ///< Mask for testing invertible/oneway
00055 #define DA_AUTH_CRYPT_NONE      0x00000000  ///< No usable crypto functions
00056 
00057 
00058 #define DA_AUTH_HAS_STORAGE     0x00000010  ///< Device can store data
00059 
00060 #define DA_AUTH_VALID           0x00000001  ///< Device is usable for authentication
00061 
00070 #if !(DOXYGEN)
00071 #define DA_AUTH_CLASSES(f)                    \
00072   f(DA_AUTH_CLASS_UNKNOWN, 0)                 \
00073   /* Identification-only. */                  \
00074   f(DA_AUTH_CLASS0,                           \
00075     DA_AUTH_NO_CRYPTO |                       \
00076     DA_AUTH_PUBLIC |                          \
00077     DA_AUTH_VALID)                            \
00078   /* Persistent storage. */                   \
00079   f(DA_AUTH_CLASS1_AUTHENTICATED,             \
00080     DA_AUTH_NO_CRYPTO |                       \
00081     DA_AUTH_AUTHENTICATED |                   \
00082     DA_AUTH_HAS_STORAGE |                     \
00083     DA_AUTH_VALID)                            \
00084   f(DA_AUTH_CLASS1_PUBLIC,                    \
00085     DA_AUTH_NO_CRYPTO |                       \
00086     DA_AUTH_PUBLIC |                          \
00087     DA_AUTH_HAS_STORAGE |                     \
00088     DA_AUTH_VALID)                            \
00089   /* Basic symmetric crypto. */               \
00090   f(DA_AUTH_CLASS2_AUTHENTICATED_INVERTIBLE,  \
00091     DA_AUTH_HAS_CRYPTO |                      \
00092     DA_AUTH_AUTHENTICATED |                   \
00093     DA_AUTH_CRYPT_SYMM |                      \
00094     DA_AUTH_CRYPT_INVERT |                    \
00095     DA_AUTH_VALID)                            \
00096   f(DA_AUTH_CLASS2_PUBLIC_INVERTIBLE,         \
00097     DA_AUTH_HAS_CRYPTO |                      \
00098     DA_AUTH_PUBLIC |                          \
00099     DA_AUTH_CRYPT_SYMM |                      \
00100     DA_AUTH_CRYPT_INVERT)                     \
00101   f(DA_AUTH_CLASS2_AUTHENTICATED_ONEWAY,      \
00102     DA_AUTH_HAS_CRYPTO |                      \
00103     DA_AUTH_AUTHENTICATED |                   \
00104     DA_AUTH_CRYPT_SYMM |                      \
00105     DA_AUTH_CRYPT_ONEWAY)                     \
00106   f(DA_AUTH_CLASS2_PUBLIC_ONEWAY,             \
00107     DA_AUTH_HAS_CRYPTO |                      \
00108     DA_AUTH_PUBLIC |                          \
00109     DA_AUTH_CRYPT_SYMM |                      \
00110     DA_AUTH_CRYPT_ONEWAY)                     \
00111   /* Public key crypto. */                    \
00112   f(DA_AUTH_CLASS3_AUTHENTICATED_INVERTIBLE,  \
00113     DA_AUTH_HAS_CRYPTO |                      \
00114     DA_AUTH_AUTHENTICATED |                   \
00115     DA_AUTH_CRYPT_ASYMM |                     \
00116     DA_AUTH_CRYPT_INVERT)                     \
00117   f(DA_AUTH_CLASS3_PUBLIC_INVERTIBLE,         \
00118     DA_AUTH_HAS_CRYPTO |                      \
00119     DA_AUTH_PUBLIC |                          \
00120     DA_AUTH_CRYPT_ASYMM |                     \
00121     DA_AUTH_CRYPT_INVERT)                     \
00122   f(DA_AUTH_CLASS3_AUTHENTICATED_ONEWAY,      \
00123     DA_AUTH_HAS_CRYPTO |                      \
00124     DA_AUTH_AUTHENTICATED |                   \
00125     DA_AUTH_CRYPT_ASYMM |                     \
00126     DA_AUTH_CRYPT_ONEWAY)                     \
00127   f(DA_AUTH_CLASS3_PUBLIC_ONEWAY,             \
00128     DA_AUTH_HAS_CRYPTO |                      \
00129     DA_AUTH_PUBLIC |                          \
00130     DA_AUTH_CRYPT_ASYMM |                     \
00131     DA_AUTH_CRYPT_ONEWAY)
00132 #endif
00133 
00134 /* Class 4 devices get identified as one of the above for the
00135  * purposes of authentication. */
00136 
00139 enum DAAuthClass
00140 {
00141 #if DOXYGEN
00142 #error "This section purely for documentation, do not compile"
00143   DA_AUTH_CLASS_UNKNOWN,
00146   DA_AUTH_CLASS0,
00152   DA_AUTH_CLASS1_PUBLIC,
00158   DA_AUTH_CLASS1_AUTHENTICATED,
00161   DA_AUTH_CLASS2_AUTHENTICATED_INVERTIBLE,
00168   DA_AUTH_CLASS2_AUTHENTICATED_ONEWAY,
00175   DA_AUTH_CLASS2_PUBLIC_INVERTIBLE,
00182   DA_AUTH_CLASS2_PUBLIC_ONEWAY,
00185   DA_AUTH_CLASS3_AUTHENTICATED_INVERTIBLE,
00190   DA_AUTH_CLASS3_AUTHENTICATED_ONEWAY,
00195   DA_AUTH_CLASS3_PUBLIC_INVERTIBLE,
00198   DA_AUTH_CLASS3_PUBLIC_ONEWAY,
00201 #else
00202 #define C(tag,val) tag = val,
00203   DA_AUTH_CLASSES(C)
00204 #undef C
00205 #endif
00206 };
00207 
00213 bool DAIdentifyAuthKey(DADevice &dev, DAKey &key, DAAuthClass &class_out);
00214 
00220 bool DAIdentifyAuthDevice(DADevice &dev, DASession &sess, DAAuthClass &class_out);
00221 
00223 const char * DAAuthClassToString(DAAuthClass cls);
00224 
00226 DAAuthClass DAStringToAuthClass(const char *str);
00227 
00228 #endif
00229