xref: /aosp_15_r20/external/open-dice/include/dice/android.h (revision 60b67249c2e226f42f35cc6cfe66c6048e0bae6b) 
1 // Copyright 2021 Google LLC
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License"); you may not
4 // use this file except in compliance with the License. You may obtain a copy of
5 // the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11 // WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12 // License for the specific language governing permissions and limitations under
13 // the License.
14 
15 #ifndef DICE_ANDROID_H_
16 #define DICE_ANDROID_H_
17 
18 #include <stdbool.h>
19 
20 #include "dice/dice.h"
21 
22 #ifdef __cplusplus
23 extern "C" {
24 #endif
25 
26 #define DICE_ANDROID_CONFIG_COMPONENT_NAME (1 << 0)
27 #define DICE_ANDROID_CONFIG_COMPONENT_VERSION (1 << 1)
28 #define DICE_ANDROID_CONFIG_RESETTABLE (1 << 2)
29 #define DICE_ANDROID_CONFIG_SECURITY_VERSION (1 << 3)
30 #define DICE_ANDROID_CONFIG_RKP_VM_MARKER (1 << 4)
31 
32 // Contains the input values used to construct the Android Profile for DICE
33 // configuration descriptor. The fields to include in the configuration
34 // descriptor are selected in the |configs| bitfield.
35 //
36 // Fields:
37 //    configs: A bitfield selecting the config fields to include.
38 //    component_name: Name of the component.
39 //    component_version: Version of the component.
40 //    security_version: Monotonically increasing version of the component.
41 typedef struct DiceAndroidConfigValues_ {
42   uint32_t configs;
43   const char* component_name;
44   uint64_t component_version;
45   uint64_t security_version;
46 } DiceAndroidConfigValues;
47 
48 // Formats a configuration descriptor following the Android Profile for DICE
49 // specification. On success, |actual_size| is set to the number of bytes used.
50 // If kDiceResultBufferTooSmall is returned |actual_size| will be set to the
51 // required size of the buffer.
52 DiceResult DiceAndroidFormatConfigDescriptor(
53     const DiceAndroidConfigValues* config_values, size_t buffer_size,
54     uint8_t* buffer, size_t* actual_size);
55 
56 // Executes the main Android DICE flow.
57 //
58 // Call this instead of DiceMainFlow when the next certificate should be
59 // appended to an existing Android DICE chain. However, when using
60 // the Android DICE handover format, use DiceAndroidHandoverMainFlow instead.
61 //
62 // Given the current CDIs, a full set of input values, and the current Android
63 // DICE chain, computes the next CDIs and the extended DICE chain. On success,
64 // |actual_size| is set to the number of bytes used. If
65 // kDiceResultBufferTooSmall is returned |actual_size| will be set to the
66 // required size of the buffer.
67 DiceResult DiceAndroidMainFlow(void* context,
68                                const uint8_t current_cdi_attest[DICE_CDI_SIZE],
69                                const uint8_t current_cdi_seal[DICE_CDI_SIZE],
70                                const uint8_t* chain, size_t chain_size,
71                                const DiceInputValues* input_values,
72                                size_t buffer_size, uint8_t* buffer,
73                                size_t* actual_size,
74                                uint8_t next_cdi_attest[DICE_CDI_SIZE],
75                                uint8_t next_cdi_seal[DICE_CDI_SIZE]);
76 
77 // Executes the main Android DICE handover flow.
78 //
79 // Call this instead of DiceAndroidMainFlow when using the Android DICE handover
80 // format to combine the Android DICE chain and CDIs in a single CBOR object.
81 //
82 // Given a full set of input values and the current Android DICE handover
83 // object, computes the handover data for the next stage. On success,
84 // |actual_size| is set to the number of bytes used. If
85 // kDiceResultBufferTooSmall is returned |actual_size| will be set to the
86 // required size of the buffer.
87 //
88 // Using the Android DICE handover object is one option for passing the values
89 // between boot stages. Passing the bytes between stages is a problem left to
90 // the caller.
91 DiceResult DiceAndroidHandoverMainFlow(void* context, const uint8_t* handover,
92                                        size_t handover_size,
93                                        const DiceInputValues* input_values,
94                                        size_t buffer_size, uint8_t* buffer,
95                                        size_t* actual_size);
96 
97 // Parses an Android DICE handover object to extract the fields.
98 //
99 // Given a pointer to an Android DICE handover object, returns pointers to the
100 // CDIs and DICE chain. If the DICE chain is not included in the handover
101 // object, the pointer is NULL and the size is 0.
102 DiceResult DiceAndroidHandoverParse(const uint8_t* handover,
103                                     size_t handover_size,
104                                     const uint8_t** cdi_attest,
105                                     const uint8_t** cdi_seal,
106                                     const uint8_t** chain, size_t* chain_size);
107 
108 #ifdef __cplusplus
109 }  // extern "C"
110 #endif
111 
112 #endif  // DICE_ANDROID_H_
113