xref: /aosp_15_r20/system/keymaster/include/keymaster/key_blob_utils/software_keyblobs.h (revision 789431f29546679ab5188a97751fb38e3018d44d) 
1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #pragma once
19 
20 #include <optional>
21 
22 #include <hardware/keymaster_defs.h>
23 #include <keymaster/android_keymaster_utils.h>
24 #include <keymaster/km_version.h>
25 #include <openssl/base.h>
26 
27 namespace keymaster {
28 
29 template <typename> struct TKeymasterBlob;
30 typedef TKeymasterBlob<keymaster_key_blob_t> KeymasterKeyBlob;
31 class AuthorizationSet;
32 class Key;
33 
34 extern KeymasterBlob softwareRootOfTrust;
35 
36 keymaster_error_t BuildHiddenAuthorizations(const AuthorizationSet& input_set,
37                                             AuthorizationSet* hidden,
38                                             const KeymasterBlob& root_of_trust);
39 
40 keymaster_error_t FakeKeyAuthorizations(EVP_PKEY* pubkey, AuthorizationSet* hw_enforced,
41                                         AuthorizationSet* sw_enforced);
42 
43 keymaster_error_t ParseOldSoftkeymasterBlob(const KeymasterKeyBlob& blob,
44                                             KeymasterKeyBlob* key_material,
45                                             AuthorizationSet* hw_enforced,
46                                             AuthorizationSet* sw_enforced);
47 
48 keymaster_error_t ParseAuthEncryptedBlob(const KeymasterKeyBlob& blob,
49                                          const AuthorizationSet& hidden,
50                                          KeymasterKeyBlob* key_material,
51                                          AuthorizationSet* hw_enforced,
52                                          AuthorizationSet* sw_enforced);
53 
54 keymaster_error_t SetKeyBlobAuthorizations(const AuthorizationSet& key_description,
55                                            keymaster_key_origin_t origin, uint32_t os_version,
56                                            uint32_t os_patchlevel, AuthorizationSet* hw_enforced,
57                                            AuthorizationSet* sw_enforced,
58                                            KmVersion version = KmVersion::KEYMINT_1);
59 
60 keymaster_error_t ExtendKeyBlobAuthorizations(AuthorizationSet* hw_enforced,
61                                               AuthorizationSet* sw_enforced,
62                                               std::optional<uint32_t> vendor_patchlevel,
63                                               std::optional<uint32_t> boot_patchlevel);
64 
65 keymaster_error_t UpgradeSoftKeyBlob(const UniquePtr<Key>& key, const uint32_t os_version,
66                                      const uint32_t os_patchlevel,
67                                      const AuthorizationSet& upgrade_params,
68                                      KeymasterKeyBlob* upgraded_key);
69 
70 keymaster_error_t FullUpgradeSoftKeyBlob(const UniquePtr<Key>& key, const uint32_t os_version,
71                                          uint32_t os_patchlevel,
72                                          std::optional<uint32_t> vendor_patchlevel,
73                                          std::optional<uint32_t> boot_patchlevel,
74                                          const AuthorizationSet& upgrade_params,
75                                          KeymasterKeyBlob* upgraded_key);
76 }  // namespace keymaster
77