diff options
Diffstat (limited to 'include/dice/android.h')
-rw-r--r-- | include/dice/android.h | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/include/dice/android.h b/include/dice/android.h new file mode 100644 index 0000000..5ca1f8b --- /dev/null +++ b/include/dice/android.h @@ -0,0 +1,111 @@ +// Copyright 2021 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may not +// use this file except in compliance with the License. You may obtain a copy of +// the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations under +// the License. + +#ifndef DICE_ANDROID_H_ +#define DICE_ANDROID_H_ + +#include <stdbool.h> + +#include "dice/dice.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define DICE_ANDROID_CONFIG_COMPONENT_NAME (1 << 0) +#define DICE_ANDROID_CONFIG_COMPONENT_VERSION (1 << 1) +#define DICE_ANDROID_CONFIG_RESETTABLE (1 << 2) +#define DICE_ANDROID_CONFIG_SECURITY_VERSION (1 << 3) + +// Contains the input values used to construct the Android Profile for DICE +// configuration descriptor. Optional fields are selected in the |inputs| +// bitfield. +// +// Fields: +// configs: A bitfield selecting the config fields to include. +// component_name: Name of the component. +// component_version: Version of the component. +// security_version: Monotonically increasing version of the component. +typedef struct DiceAndroidConfigValues_ { + uint32_t configs; + const char* component_name; + uint64_t component_version; + uint64_t security_version; +} DiceAndroidConfigValues; + +// Formats a configuration descriptor following the Android Profile for DICE +// specification. On success, |actual_size| is set to the number of bytes used. +// If kDiceResultBufferTooSmall is returned |actual_size| will be set to the +// required size of the buffer. +DiceResult DiceAndroidFormatConfigDescriptor( + const DiceAndroidConfigValues* config_values, size_t buffer_size, + uint8_t* buffer, size_t* actual_size); + +// Executes the main Android DICE flow. +// +// Call this instead of DiceMainFlow when the next certificate should be +// appended to an existing Android DICE chain. However, when using +// the Android DICE handover format, use DiceAndroidHandoverMainFlow instead. +// +// Given the current CDIs, a full set of input values, and the current Android +// DICE chain, computes the next CDIs and the extended DICE chain. On success, +// |actual_size| is set to the number of bytes used. If +// kDiceResultBufferTooSmall is returned |actual_size| will be set to the +// required size of the buffer. +DiceResult DiceAndroidMainFlow(void* context, + const uint8_t current_cdi_attest[DICE_CDI_SIZE], + const uint8_t current_cdi_seal[DICE_CDI_SIZE], + const uint8_t* chain, size_t chain_size, + const DiceInputValues* input_values, + size_t buffer_size, uint8_t* buffer, + size_t* actual_size, + uint8_t next_cdi_attest[DICE_CDI_SIZE], + uint8_t next_cdi_seal[DICE_CDI_SIZE]); + +// Executes the main Android DICE handover flow. +// +// Call this instead of DiceAndroidMainFlow when using the Android DICE handover +// format to combine the Android DICE chain and CDIs in a single CBOR object. +// +// Given a full set of input values and the current Android DICE handover +// object, computes the handover data for the next stage. On success, +// |actual_size| is set to the number of bytes used. If +// kDiceResultBufferTooSmall is returned |actual_size| will be set to the +// required size of the buffer. +// +// Using the Android DICE handover object is one option for passing the values +// between boot stages. Passing the bytes between stages is a problem left to +// the caller. +DiceResult DiceAndroidHandoverMainFlow(void* context, const uint8_t* handover, + size_t handover_size, + const DiceInputValues* input_values, + size_t buffer_size, uint8_t* buffer, + size_t* actual_size); + +// Parses an Android DICE handover object to extract the fields. +// +// Given a pointer to an Android DICE handover object, returns pointers to the +// CDIs and DICE chain. If the DICE chain is not included in the handover +// object, the pointer is NULL and the size is 0. +DiceResult DiceAndroidHandoverParse(const uint8_t* handover, + size_t handover_size, + const uint8_t** cdi_attest, + const uint8_t** cdi_seal, + const uint8_t** chain, size_t* chain_size); + +#ifdef __cplusplus +} // extern "C" +#endif + +#endif // DICE_ANDROID_H_ |