1 /* 2 * Copyright 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <android/hardware/keymaster/4.1/IKeymasterDevice.h> 20 #include <keymasterV4_0/attestation_record.h> 21 #include <keymasterV4_0/openssl_utils.h> 22 #include <keymasterV4_1/authorization_set.h> 23 24 namespace android { 25 namespace hardware { 26 namespace keymaster { 27 namespace V4_1 { 28 29 using V4_0::kAttestionRecordOid; 30 using V4_0::keymaster_verified_boot_t; 31 32 struct RootOfTrust { 33 SecurityLevel security_level; 34 hidl_vec<uint8_t> verified_boot_key; 35 hidl_vec<uint8_t> verified_boot_hash; 36 keymaster_verified_boot_t verified_boot_state; 37 bool device_locked; 38 }; 39 40 struct AttestationRecord { 41 RootOfTrust root_of_trust; 42 uint32_t attestation_version; 43 SecurityLevel attestation_security_level; 44 uint32_t keymaster_version; 45 SecurityLevel keymaster_security_level; 46 hidl_vec<uint8_t> attestation_challenge; 47 AuthorizationSet software_enforced; 48 AuthorizationSet hardware_enforced; 49 hidl_vec<uint8_t> unique_id; 50 }; 51 52 std::tuple<ErrorCode, AttestationRecord> parse_attestation_record(const hidl_vec<uint8_t>& cert); 53 54 } // namespace V4_1 55 } // namespace keymaster 56 } // namespace hardware 57 } // namespace android 58