1 /*
2  * Copyright 2017 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_KEYMASTER_WRAPPED_KEY_H_
18 #define SYSTEM_KEYMASTER_WRAPPED_KEY_H_
19 
20 #include <hardware/keymaster_defs.h>
21 
22 #include <keymaster/authorization_set.h>
23 #include <keymaster/km_openssl/attestation_record.h>
24 
25 namespace keymaster {
26 
27 typedef struct km_wrapped_key_description {
28     ASN1_INTEGER* key_format;
29     KM_AUTH_LIST* auth_list;
30 } KM_WRAPPED_KEY_DESCRIPTION;
31 
32 ASN1_SEQUENCE(KM_WRAPPED_KEY_DESCRIPTION) = {
33     ASN1_SIMPLE(KM_WRAPPED_KEY_DESCRIPTION, key_format, ASN1_INTEGER),
34     ASN1_SIMPLE(KM_WRAPPED_KEY_DESCRIPTION, auth_list, KM_AUTH_LIST),
35 } ASN1_SEQUENCE_END(KM_WRAPPED_KEY_DESCRIPTION);
36 DECLARE_ASN1_FUNCTIONS(KM_WRAPPED_KEY_DESCRIPTION);
37 
38 typedef struct km_wrapped_key {
39     ASN1_INTEGER* version;
40     ASN1_OCTET_STRING* transit_key;
41     ASN1_OCTET_STRING* iv;
42     KM_WRAPPED_KEY_DESCRIPTION* wrapped_key_description;
43     ASN1_OCTET_STRING* secure_key;
44     ASN1_OCTET_STRING* tag;
45 } KM_WRAPPED_KEY;
46 
47 ASN1_SEQUENCE(KM_WRAPPED_KEY) = {
48     ASN1_SIMPLE(KM_WRAPPED_KEY, version, ASN1_INTEGER),
49     ASN1_SIMPLE(KM_WRAPPED_KEY, transit_key, ASN1_OCTET_STRING),
50     ASN1_SIMPLE(KM_WRAPPED_KEY, iv, ASN1_OCTET_STRING),
51     ASN1_SIMPLE(KM_WRAPPED_KEY, wrapped_key_description, KM_WRAPPED_KEY_DESCRIPTION),
52     ASN1_SIMPLE(KM_WRAPPED_KEY, secure_key, ASN1_OCTET_STRING),
53     ASN1_SIMPLE(KM_WRAPPED_KEY, tag, ASN1_OCTET_STRING),
54 } ASN1_SEQUENCE_END(KM_WRAPPED_KEY);
55 DECLARE_ASN1_FUNCTIONS(KM_WRAPPED_KEY);
56 
57 keymaster_error_t build_wrapped_key(const KeymasterKeyBlob& encrypted_ephemeral_key,
58                                     const KeymasterBlob& iv, keymaster_key_format_t key_format,
59                                     const KeymasterKeyBlob& secure_key, const KeymasterBlob& tag,
60                                     const AuthorizationSet& authorization_list,
61                                     KeymasterKeyBlob* der_wrapped_key);
62 
63 keymaster_error_t parse_wrapped_key(const KeymasterKeyBlob& wrapped_key, KeymasterBlob* iv,
64                                     KeymasterKeyBlob* transit_key, KeymasterKeyBlob* secure_key,
65                                     KeymasterBlob* tag, AuthorizationSet* auth_list,
66                                     keymaster_key_format_t* key_format,
67                                     KeymasterBlob* wrapped_key_description);
68 
69 }  // namespace keymaster
70 
71 #endif  // SYSTEM_KEYMASTER_WRAPPED_KEY_H_
72