1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef HKS_ATTEST_H 17 #define HKS_ATTEST_H 18 19 #ifdef HKS_CONFIG_FILE 20 #include HKS_CONFIG_FILE 21 #else 22 #endif 23 24 #include <stdbool.h> 25 #include <stdint.h> 26 27 #include "dcm_asn1.h" 28 #include "hks_crypto_hal.h" 29 #include "hks_keyblob.h" 30 #include "hks_type.h" 31 32 #define HKS_SECURITY_LEVEL_LOW 0 33 #define HKS_SECURITY_LEVEL_MEDIUM 1 34 #define HKS_SECURITY_LEVEL_HIGH 2 35 #define HKS_SECURITY_LEVEL_SUPER 3 36 37 #define UTCTIME_LEN 13 38 #define MONS_PER_YEAR 12 39 #define ATTEST_CLAIM_BUF_LEN 10240 40 #define MAX_OID_LEN 20 41 #define ATT_CERT_HEADER_SIZE 5 42 #define HKS_HW_ATTESTATION_VERSION 0 43 #define EXT_MAX_SIZE 512 44 #define SIG_MAX_SIZE 512 45 #define VALIDITY_BUF_SIZE (ASN_1_MAX_HEADER_LEN + 2 * (UTCTIME_LEN + 2)) 46 #define PUBKEY_DER_LEN 1024 47 #define SECOND_TO_MILLI 1000 48 #define EPOCH_YEAR 1970 49 50 #define ATTESTATION_KEY_USAGE_OFFSET 14 51 #define HKS_APP_ID_SIZE 1024 52 #define HKS_ATTEST_CERT_SIZE 3072 53 #define HKS_ATTEST_CERT_COUNT 4 54 #define HKS_ATTEST_CHALLENGE_MIN_SIZE 16 55 #define HKS_ATTEST_CHALLENGE_MAX_SIZE 128 56 #define HKS_DECIMAL_TEN 10 57 #define HKS_DECIMAL_HUNDRED 100 58 #define HKS_YEAR_DAYS 365 59 #define HKS_LEAP_YEAR_DAYS 366 60 #define HKS_SECOND_TO_MINUTE 60 61 #define HKS_SECOND_TO_HOUR (60 * 60) 62 #define HKS_SECOND_TO_DAY (60 * 60 * 24) 63 64 #define HKS_IMPORT_DEV_CERT_NAME "ecc_cert_0" 65 #define HKS_IMPORT_CA_CERT_NAME "ecc_cert_1" 66 #define HKS_IMPORT_ROOT_CERT_NAME "ecc_cert_2" 67 68 #define HKS_IMPORT_CERT_PER_BUF_MAX_SIZE 2048 69 70 struct AppIdTypeToOid { 71 enum HksCallerType type; 72 const struct HksBlob *oid; 73 }; 74 75 struct DataTime { 76 uint32_t seconds; 77 uint32_t millis; 78 uint32_t min; 79 uint32_t hour; 80 uint32_t day; 81 uint32_t month; 82 uint32_t year; 83 }; 84 85 struct ValidPeriod { 86 uint8_t start[UTCTIME_LEN]; 87 uint8_t end[UTCTIME_LEN]; 88 }; 89 90 struct HksAttestTbsSpec { 91 struct HksAsn1Obj version; 92 struct HksAsn1Obj serial; 93 struct HksAsn1Obj signature; 94 struct HksAsn1Obj issuer; 95 struct HksAsn1Obj validity; 96 struct HksAsn1Obj subject; 97 struct HksAsn1Obj spki; 98 struct HksAsn1Obj extensions; 99 }; 100 101 struct HksAttestCert { 102 struct HksAttestTbsSpec tbs; 103 struct HksAsn1Obj signAlg; 104 struct HksAsn1Obj signature; 105 }; 106 107 struct HksAttestExt { 108 struct HksAsn1Obj seq; 109 struct HksAsn1Obj keyUsage; 110 struct HksAsn1Obj crl; 111 struct HksAsn1Obj claims; 112 }; 113 114 struct HksAttestSpec { 115 struct HksBlob claimsOid; 116 struct HksBlob claims; 117 struct HksBlob devCert; 118 struct HksBlob devKey; 119 struct HksBlob attestKey; 120 struct HksUsageSpec usageSpec; 121 struct ValidPeriod validity; 122 bool isAnonAttest; 123 }; 124 125 #ifdef __cplusplus 126 extern "C" { 127 #endif 128 129 int32_t CreateAttestCertChain(bool isAnonAttest, const struct HksParamSet *keyNodeParamSet, 130 const struct HksParamSet *paramSet, struct HksBlob *certChain, struct HksBlob *rawKey); 131 132 #ifdef __cplusplus 133 } 134 #endif 135 136 #endif 137