1 /* 2 * Copyright 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_WRAPPED_KEY_H_ 18 #define SYSTEM_KEYMASTER_WRAPPED_KEY_H_ 19 20 #include <hardware/keymaster_defs.h> 21 22 #include <keymaster/authorization_set.h> 23 #include <keymaster/km_openssl/attestation_record.h> 24 25 namespace keymaster { 26 27 typedef struct km_wrapped_key_description { 28 ASN1_INTEGER* key_format; 29 KM_AUTH_LIST* auth_list; 30 } KM_WRAPPED_KEY_DESCRIPTION; 31 32 ASN1_SEQUENCE(KM_WRAPPED_KEY_DESCRIPTION) = { 33 ASN1_SIMPLE(KM_WRAPPED_KEY_DESCRIPTION, key_format, ASN1_INTEGER), 34 ASN1_SIMPLE(KM_WRAPPED_KEY_DESCRIPTION, auth_list, KM_AUTH_LIST), 35 } ASN1_SEQUENCE_END(KM_WRAPPED_KEY_DESCRIPTION); 36 DECLARE_ASN1_FUNCTIONS(KM_WRAPPED_KEY_DESCRIPTION); 37 38 typedef struct km_wrapped_key { 39 ASN1_INTEGER* version; 40 ASN1_OCTET_STRING* transit_key; 41 ASN1_OCTET_STRING* iv; 42 KM_WRAPPED_KEY_DESCRIPTION* wrapped_key_description; 43 ASN1_OCTET_STRING* secure_key; 44 ASN1_OCTET_STRING* tag; 45 } KM_WRAPPED_KEY; 46 47 ASN1_SEQUENCE(KM_WRAPPED_KEY) = { 48 ASN1_SIMPLE(KM_WRAPPED_KEY, version, ASN1_INTEGER), 49 ASN1_SIMPLE(KM_WRAPPED_KEY, transit_key, ASN1_OCTET_STRING), 50 ASN1_SIMPLE(KM_WRAPPED_KEY, iv, ASN1_OCTET_STRING), 51 ASN1_SIMPLE(KM_WRAPPED_KEY, wrapped_key_description, KM_WRAPPED_KEY_DESCRIPTION), 52 ASN1_SIMPLE(KM_WRAPPED_KEY, secure_key, ASN1_OCTET_STRING), 53 ASN1_SIMPLE(KM_WRAPPED_KEY, tag, ASN1_OCTET_STRING), 54 } ASN1_SEQUENCE_END(KM_WRAPPED_KEY); 55 DECLARE_ASN1_FUNCTIONS(KM_WRAPPED_KEY); 56 57 keymaster_error_t build_wrapped_key(const KeymasterKeyBlob& encrypted_ephemeral_key, 58 const KeymasterBlob& iv, keymaster_key_format_t key_format, 59 const KeymasterKeyBlob& secure_key, const KeymasterBlob& tag, 60 const AuthorizationSet& authorization_list, 61 KeymasterKeyBlob* der_wrapped_key); 62 63 keymaster_error_t parse_wrapped_key(const KeymasterKeyBlob& wrapped_key, KeymasterBlob* iv, 64 KeymasterKeyBlob* transit_key, KeymasterKeyBlob* secure_key, 65 KeymasterBlob* tag, AuthorizationSet* auth_list, 66 keymaster_key_format_t* key_format, 67 KeymasterBlob* wrapped_key_description); 68 69 } // namespace keymaster 70 71 #endif // SYSTEM_KEYMASTER_WRAPPED_KEY_H_ 72