1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #pragma once
19 
20 #include <optional>
21 
22 #include <hardware/keymaster_defs.h>
23 #include <keymaster/android_keymaster_utils.h>
24 #include <openssl/base.h>
25 
26 namespace keymaster {
27 
28 template <typename> struct TKeymasterBlob;
29 typedef TKeymasterBlob<keymaster_key_blob_t> KeymasterKeyBlob;
30 class AuthorizationSet;
31 class Key;
32 
33 extern KeymasterBlob softwareRootOfTrust;
34 
35 keymaster_error_t BuildHiddenAuthorizations(const AuthorizationSet& input_set,
36                                             AuthorizationSet* hidden,
37                                             const KeymasterBlob& root_of_trust);
38 
39 keymaster_error_t FakeKeyAuthorizations(EVP_PKEY* pubkey, AuthorizationSet* hw_enforced,
40                                         AuthorizationSet* sw_enforced);
41 
42 keymaster_error_t ParseOldSoftkeymasterBlob(const KeymasterKeyBlob& blob,
43                                             KeymasterKeyBlob* key_material,
44                                             AuthorizationSet* hw_enforced,
45                                             AuthorizationSet* sw_enforced);
46 
47 keymaster_error_t ParseAuthEncryptedBlob(const KeymasterKeyBlob& blob,
48                                          const AuthorizationSet& hidden,
49                                          KeymasterKeyBlob* key_material,
50                                          AuthorizationSet* hw_enforced,
51                                          AuthorizationSet* sw_enforced);
52 
53 keymaster_error_t SetKeyBlobAuthorizations(const AuthorizationSet& key_description,
54                                            keymaster_key_origin_t origin, uint32_t os_version,
55                                            uint32_t os_patchlevel, AuthorizationSet* hw_enforced,
56                                            AuthorizationSet* sw_enforced);
57 
58 keymaster_error_t ExtendKeyBlobAuthorizations(AuthorizationSet* hw_enforced,
59                                               AuthorizationSet* sw_enforced,
60                                               std::optional<uint32_t> vendor_patchlevel,
61                                               std::optional<uint32_t> boot_patchlevel);
62 
63 keymaster_error_t UpgradeSoftKeyBlob(const UniquePtr<Key>& key, const uint32_t os_version,
64                                      const uint32_t os_patchlevel,
65                                      const AuthorizationSet& upgrade_params,
66                                      KeymasterKeyBlob* upgraded_key);
67 
68 keymaster_error_t FullUpgradeSoftKeyBlob(const UniquePtr<Key>& key, const uint32_t os_version,
69                                          uint32_t os_patchlevel,
70                                          std::optional<uint32_t> vendor_patchlevel,
71                                          std::optional<uint32_t> boot_patchlevel,
72                                          const AuthorizationSet& upgrade_params,
73                                          KeymasterKeyBlob* upgraded_key);
74 }  // namespace keymaster
75