Blame view
include/trusty/keymaster.h
4.94 KB
0ccdd527a MLK-18591-4 andro... |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
/* * Copyright (C) 2017 The Android Open Source Project * * Permission is hereby granted, free of charge, to any person * obtaining a copy of this software and associated documentation * files (the "Software"), to deal in the Software without * restriction, including without limitation the rights to use, copy, * modify, merge, publish, distribute, sublicense, and/or sell copies * of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE * SOFTWARE. */ #ifndef TRUSTY_KEYMASTER_H_ #define TRUSTY_KEYMASTER_H_ #include <trusty/sysdeps.h> #include <trusty/trusty_ipc.h> #include <interface/keymaster/keymaster.h> /* * Initialize Keymaster TIPC client. Returns one of trusty_err. * * @dev: initialized with trusty_ipc_dev_create */ int km_tipc_init(struct trusty_ipc_dev *dev); /* * Shutdown Keymaster TIPC client. * * @dev: initialized with trusty_ipc_dev_create */ void km_tipc_shutdown(struct trusty_ipc_dev *dev); /* * Set Keymaster boot parameters. Returns one of trusty_err. * * @os_version: OS version from Android image header * @os_patchlevel: OS patch level from Android image header * @verified_boot_state: one of keymaster_verified_boot_t * @device_locked: nonzero if device is locked * @verified_boot_key_hash: hash of key used to verify Android image * @verified_boot_key_hash_size: size of verified_boot_key_hash * @verified_boot_hash: cumulative hash of all images verified thus far. * May be NULL if not computed. * @verified_boot_hash_size: size of verified_boot_hash */ int trusty_set_boot_params(uint32_t os_version, uint32_t os_patchlevel, keymaster_verified_boot_t verified_boot_state, bool device_locked, const uint8_t *verified_boot_key_hash, uint32_t verified_boot_key_hash_size, const uint8_t *verified_boot_hash, uint32_t verified_boot_hash_size); /* * Set Keymaster attestation key. Returns one of trusty_err. * * @key: buffer containing key * @key_size: size of key in bytes * @algorithm: one of KM_ALGORITHM_RSA or KM_ALGORITHM_EC */ int trusty_set_attestation_key(const uint8_t *key, uint32_t key_size, keymaster_algorithm_t algorithm); /* * Append certificate to Keymaster attestation certificate chain. Returns * one of trusty_err. * * @cert: buffer containing certificate * @cert_size: size of certificate in bytes * @algorithm: one of KM_ALGORITHM_RSA or KM_ALGORITHM_EC */ int trusty_append_attestation_cert_chain(const uint8_t *cert, uint32_t cert_size, keymaster_algorithm_t algorithm); |
fe28fb648 [iot] Update Trus... |
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
/* * Reads a CA Request from Keymaster. On success allocates a new CA Request * message at |*ca_request_p|, and the caller takes ownership. Returns one * of trusty_err. * * @operation_start: Operation Start message * @operation_start_size: size of operation_start * @ca_request_p: location of newly allocated CA Request message * @ca_request_size_p: location of size of the CA Request message */ int trusty_atap_get_ca_request(const uint8_t *operation_start, uint32_t operation_start_size, uint8_t** ca_request_p, uint32_t* ca_request_size_p); /* * Sends the CA Response to Keymaster. Returns one of trusty_err. * * @ca_response: CA Response message * @ca_response_size: size of ca_response */ int trusty_atap_set_ca_response(const uint8_t *ca_response, uint32_t ca_response_size); |
0ccdd527a MLK-18591-4 andro... |
110 |
|
65955f553 [iot] Support rea... |
111 112 113 114 115 116 117 118 |
/* * Reads the UUID from the certificate of the last provisioned attestation * credentials as a c-string into |*uuid_p|. Caller takes ownership of * |*uuid_p|. Returns one of trusty_err. * * @uuid_p: location of newly allocated UUID c-string */ int trusty_atap_read_uuid_str(char **uuid_p); |
9e3b88f8c Add trusty call t... |
119 120 121 122 123 124 125 126 127 |
/* * SetProductId is only called once to set the secure product id. Caller should * read the product id from permanent attributes structure and set the product * id while fusing the permanent attributes. * * @product_id: The product id to be set. * @size: The size of the product id. */ int trusty_set_product_id(const uint8_t *product_id, uint32_t size); |
0ccdd527a MLK-18591-4 andro... |
128 |
#endif /* TRUSTY_KEYMASTER_H_ */ |