1 /*
2  * Copyright 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #pragma once
17 
18 #include <keymaster/attestation_context.h>
19 #include <keymaster/remote_provisioning_context.h>
20 #include <keymaster/serializable.h>
21 
22 #include <cppbor.h>
23 
24 namespace keymaster {
25 
26 struct BootParams {
27     uint32_t boot_os_version = 0;
28     uint32_t boot_os_patchlevel = 0;
29     Buffer verified_boot_key;
30     keymaster_verified_boot_t verified_boot_state = KM_VERIFIED_BOOT_UNVERIFIED;
31     bool device_locked = false;
32     Buffer verified_boot_hash;
33 };
34 
35 /**
36  * TrustyKeymasterContext provides the context for a secure implementation of
37  * RemoteProvisioningContext.
38  */
39 class TrustyRemoteProvisioningContext : public RemoteProvisioningContext {
40 public:
TrustyRemoteProvisioningContext()41     TrustyRemoteProvisioningContext(){};
~TrustyRemoteProvisioningContext()42     ~TrustyRemoteProvisioningContext() override{};
43     std::vector<uint8_t> DeriveBytesFromHbk(const std::string& context,
44                                             size_t numBytes) const override;
45     std::unique_ptr<cppbor::Map> CreateDeviceInfo(
46             uint32_t csrVersion) const override;
47     cppcose::ErrMsgOr<std::vector<uint8_t>> BuildProtectedDataPayload(
48             bool testMode,
49             const std::vector<uint8_t>& macKey,
50             const std::vector<uint8_t>& aad) const override;
51     std::optional<cppcose::HmacSha256> GenerateHmacSha256(
52             const cppcose::bytevec& input) const override;
53     void GetHwInfo(GetHwInfoResponse* hwInfo) const override;
54     cppcose::ErrMsgOr<cppbor::Array> BuildCsr(
55             const std::vector<uint8_t>& challenge,
56             cppbor::Array keysToSign) const override;
57 
58     void SetBootParams(const BootParams* bootParams);
SetVendorPatchlevel(uint32_t vendor_patchlevel)59     void SetVendorPatchlevel(uint32_t vendor_patchlevel) {
60         vendor_patchlevel_ = vendor_patchlevel;
61     }
62 
SetBootPatchlevel(uint32_t boot_patchlevel)63     void SetBootPatchlevel(uint32_t boot_patchlevel) {
64         boot_patchlevel_ = boot_patchlevel;
65     }
66 
67 private:
68     bool bootParamsSet_ = false;
69     const BootParams* bootParams_ = nullptr;
70     uint32_t vendor_patchlevel_ = 0;
71     uint32_t boot_patchlevel_ = 0;
72 };
73 
74 }  // namespace keymaster
75