1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <lk/compiler.h> 20 #include <trusty_ipc.h> 21 22 #include <hardware/hw_auth_token.h> 23 __BEGIN_CDECLS 24 25 typedef handle_t keymaster_session_t; 26 27 /** 28 * keymaster_open() - Opens a Keymaster session 29 * 30 * Return: a keymaster_session_t >= 0 on success, or an error code < 0 31 * on failure. 32 */ 33 int keymaster_open(void); 34 35 /** 36 * keymaster_close() - Opens a Keymaster session 37 * @session: the keymaster_session_t to close. 38 * 39 */ 40 void keymaster_close(keymaster_session_t session); 41 42 /** 43 * Deprecated; use the appropriate token specific functions below if possible. 44 * 45 * keymaster_get_auth_token_key() - Retrieves the auth token signature key 46 * @session: the keymaster_session_t to close. 47 * @key_buf_p: pointer to buffer pointer to be allocated and filled with auth 48 * token key. Ownership of this pointer is transferred to the caller 49 * and must be deallocated with a call to free(). 50 * @size_p: set to the allocated size of key_buf 51 * 52 */ 53 int keymaster_get_auth_token_key(keymaster_session_t session, 54 uint8_t** key_buf_p, 55 uint32_t* size_p); 56 57 /** 58 * keymaster_sign_auth_token() - Sign the 'token' by populating the HMAC field 59 * using the keymaster auth token. 60 * @session: An open keymaster_session_t. 61 * @token: The token for signing 62 * 63 * @return: NO_ERROR if token was signed successfully 64 */ 65 int keymaster_sign_auth_token(keymaster_session_t session, 66 hw_auth_token_t* token); 67 68 /** 69 * keymaster_validate_auth_token() - Validate the incoming token against the 70 * keymaster auth token. 71 * @session: An open keymaster_session_t. 72 * @token: The token to validate 73 * 74 * @return: NO_ERROR if the token is trusted, otherwise rejection reason. 75 */ 76 int keymaster_validate_auth_token(keymaster_session_t session, 77 hw_auth_token_t* token); 78 79 /** 80 * keymaster_get_device_ids() - Return non-unique device IDs (product, 81 * manufacturer, etc). 82 * @session: An open keymaster_session_t. 83 * @info_buffer_p: A CBOR map to be populated with the canonicalized device 84 * info that a caller needs in order to be spec compliant with 85 * the IRemotelyProvisionedComponent HAL. Ownership of this 86 * pointer is transferred to the caller and must be 87 * deallocated with a call to free(). 88 * @size_p: Set to the allocated size of info_buffer_p. 89 * @return: NO_ERROR on success. 90 */ 91 int keymaster_get_device_info(keymaster_session_t session, 92 uint8_t** info_buffer_p, 93 uint32_t* size_p); 94 95 /** 96 * keymaster_get_uds_certs() - Return UDS certificates. 97 * @session: An open keymaster_session_t. 98 * @cert_buffer_p: A buffer to be populated with the UDS certs. 99 * Ownership of this pointer is transferred to the caller and 100 * must be deallocated with a call to free(). 101 * @size_p: Set to the allocated size of info_buffer_p. 102 * @return: NO_ERROR on success. 103 */ 104 int keymaster_get_uds_certs(keymaster_session_t session, 105 uint8_t** cert_buffer_p, 106 uint32_t* size_p); 107 __END_CDECLS 108