1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #ifndef KEY_BLOB_UTILS_SOFTWARE_KEYBLOBS_H_
19 #define KEY_BLOB_UTILS_SOFTWARE_KEYBLOBS_H_
20 
21 #include <hardware/keymaster_defs.h>
22 #include <openssl/base.h>
23 #include <keymaster/android_keymaster_utils.h>
24 
25 namespace keymaster {
26 
27 template <typename> struct TKeymasterBlob;
28 typedef TKeymasterBlob<keymaster_key_blob_t> KeymasterKeyBlob;
29 class AuthorizationSet;
30 class Key;
31 
32 extern KeymasterBlob softwareRootOfTrust;
33 
34 keymaster_error_t BuildHiddenAuthorizations(const AuthorizationSet& input_set,
35                                             AuthorizationSet* hidden,
36                                             const KeymasterBlob& root_of_trust);
37 
38 keymaster_error_t FakeKeyAuthorizations(EVP_PKEY* pubkey,
39                                         AuthorizationSet* hw_enforced,
40                                         AuthorizationSet* sw_enforced);
41 
42 keymaster_error_t ParseOldSoftkeymasterBlob(const KeymasterKeyBlob& blob,
43                                             KeymasterKeyBlob* key_material,
44                                             AuthorizationSet* hw_enforced,
45                                             AuthorizationSet* sw_enforced);
46 
47 keymaster_error_t ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob& blob,
48                                             const AuthorizationSet& hidden,
49                                             KeymasterKeyBlob* key_material,
50                                             AuthorizationSet* hw_enforced,
51                                             AuthorizationSet* sw_enforced);
52 
53 keymaster_error_t SetKeyBlobAuthorizations(const AuthorizationSet& key_description,
54                                            keymaster_key_origin_t origin, uint32_t os_version,
55                                            uint32_t os_patchlevel, AuthorizationSet* hw_enforced,
56                                            AuthorizationSet* sw_enforced);
57 keymaster_error_t UpgradeSoftKeyBlob(const UniquePtr<Key>& key,
58                                      const uint32_t os_version, const uint32_t os_patchlevel,
59                                      const AuthorizationSet& upgrade_params,
60                                      KeymasterKeyBlob* upgraded_key);
61 } // namespace keymaster
62 
63 #endif  // KEY_BLOB_UTILS_SOFTWARE_KEYBLOBS_H_
64