keymaster.h 4.94 KB
edit raw blame history



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130


/*
 * Copyright (C) 2017 The Android Open Source Project
 *
 * Permission is hereby granted, free of charge, to any person
 * obtaining a copy of this software and associated documentation
 * files (the "Software"), to deal in the Software without
 * restriction, including without limitation the rights to use, copy,
 * modify, merge, publish, distribute, sublicense, and/or sell copies
 * of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be
 * included in all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 * SOFTWARE.
 */

#ifndef TRUSTY_KEYMASTER_H_
#define TRUSTY_KEYMASTER_H_

#include <trusty/sysdeps.h>
#include <trusty/trusty_ipc.h>
#include <interface/keymaster/keymaster.h>

/*
 * Initialize Keymaster TIPC client. Returns one of trusty_err.
 *
 * @dev: initialized with trusty_ipc_dev_create
 */
int km_tipc_init(struct trusty_ipc_dev *dev);

/*
 * Shutdown Keymaster TIPC client.
 *
 * @dev: initialized with trusty_ipc_dev_create
 */
void km_tipc_shutdown(struct trusty_ipc_dev *dev);

/*
 * Set Keymaster boot parameters. Returns one of trusty_err.
 *
 * @os_version: OS version from Android image header
 * @os_patchlevel: OS patch level from Android image header
 * @verified_boot_state: one of keymaster_verified_boot_t
 * @device_locked: nonzero if device is locked
 * @verified_boot_key_hash: hash of key used to verify Android image
 * @verified_boot_key_hash_size: size of verified_boot_key_hash
 * @verified_boot_hash: cumulative hash of all images verified thus far.
 *                      May be NULL if not computed.
 * @verified_boot_hash_size: size of verified_boot_hash
 */
int trusty_set_boot_params(uint32_t os_version, uint32_t os_patchlevel,
                           keymaster_verified_boot_t verified_boot_state,
                           bool device_locked,
                           const uint8_t *verified_boot_key_hash,
                           uint32_t verified_boot_key_hash_size,
                           const uint8_t *verified_boot_hash,
                           uint32_t verified_boot_hash_size);

/*
 * Set Keymaster attestation key. Returns one of trusty_err.
 *
 * @key: buffer containing key
 * @key_size: size of key in bytes
 * @algorithm: one of KM_ALGORITHM_RSA or KM_ALGORITHM_EC
 */
int trusty_set_attestation_key(const uint8_t *key, uint32_t key_size,
                               keymaster_algorithm_t algorithm);

/*
 * Append certificate to Keymaster attestation certificate chain. Returns
 * one of trusty_err.
 *
 * @cert: buffer containing certificate
 * @cert_size: size of certificate in bytes
 * @algorithm: one of KM_ALGORITHM_RSA or KM_ALGORITHM_EC
 */
int trusty_append_attestation_cert_chain(const uint8_t *cert,
                                         uint32_t cert_size,
                                         keymaster_algorithm_t algorithm);
/*
 * Reads a CA Request from Keymaster. On success allocates a new CA Request
 * message at |*ca_request_p|, and the caller takes ownership. Returns one
 * of trusty_err.
 *
 * @operation_start: Operation Start message
 * @operation_start_size: size of operation_start
 * @ca_request_p: location of newly allocated CA Request message
 * @ca_request_size_p: location of size of the CA Request message
 */
int trusty_atap_get_ca_request(const uint8_t *operation_start,
                               uint32_t operation_start_size,
                               uint8_t** ca_request_p,
                               uint32_t* ca_request_size_p);
/*
 * Sends the CA Response to Keymaster. Returns one of trusty_err.
 *
 * @ca_response: CA Response message
 * @ca_response_size: size of ca_response
 */
int trusty_atap_set_ca_response(const uint8_t *ca_response,
                                uint32_t ca_response_size);

/*
* Reads the UUID from the certificate of the last provisioned attestation
* credentials as a c-string into |*uuid_p|. Caller takes ownership of
* |*uuid_p|. Returns one of trusty_err.
*
* @uuid_p: location of newly allocated UUID c-string
*/
int trusty_atap_read_uuid_str(char **uuid_p);

/*
 * SetProductId is only called once to set the secure product id. Caller should
 * read the product id from permanent attributes structure and set the product
 * id while fusing the permanent attributes.
 *
 * @product_id: The product id to be set.
 * @size: The size of the product id.
 */
int trusty_set_product_id(const uint8_t *product_id, uint32_t size);

#endif /* TRUSTY_KEYMASTER_H_ */