1 /* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef HKS_ATTEST_H 17 #define HKS_ATTEST_H 18 19 #ifdef HKS_CONFIG_FILE 20 #include HKS_CONFIG_FILE 21 #else 22 #endif 23 24 #include <stdbool.h> 25 #include <stdint.h> 26 27 #include "dcm_asn1.h" 28 #include "hks_crypto_hal.h" 29 #include "hks_keyblob.h" 30 #include "hks_type.h" 31 32 #define HKS_SECURITY_LEVEL_LOW 0 33 #define HKS_SECURITY_LEVEL_MEDIUM 1 34 #define HKS_SECURITY_LEVEL_HIGH 2 35 #define HKS_SECURITY_LEVEL_SUPER 3 36 37 #define UTCTIME_LEN 13 38 #define MONS_PER_YEAR 12 39 #define ATTEST_CLAIM_BUF_LEN 10240 40 #define MAX_OID_LEN 20 41 #define ATT_CERT_HEADER_SIZE 5 42 #define HKS_HW_ATTESTATION_VERSION 0 43 #define EXT_MAX_SIZE 512 44 #define SIG_MAX_SIZE 512 45 #define VALIDITY_BUF_SIZE (ASN_1_MAX_HEADER_LEN + 2 * (UTCTIME_LEN + 2)) 46 #define PUBKEY_DER_LEN 1024 47 #define SECOND_TO_MILLI 1000 48 #define EPOCH_YEAR 1970 49 50 #define ATTESTATION_KEY_USAGE_OFFSET 14 51 #define HKS_APP_ID_SIZE 256 52 #define HKS_ATTEST_CERT_SIZE 3072 53 #define HKS_ATTEST_CERT_COUNT 4 54 #define HKS_ATTEST_CHALLENGE_MIN_SIZE 16 55 #define HKS_ATTEST_CHALLENGE_MAX_SIZE 128 56 #define HKS_DECIMAL_TEN 10 57 #define HKS_DECIMAL_HUNDRED 100 58 #define HKS_YEAR_DAYS 365 59 #define HKS_LEAP_YEAR_DAYS 366 60 #define HKS_SECOND_TO_MINUTE 60 61 #define HKS_SECOND_TO_HOUR (60 * 60) 62 #define HKS_SECOND_TO_DAY (60 * 60 * 24) 63 64 #define HKS_IMPORT_DEV_CERT_NAME "ecc_cert_0" 65 #define HKS_IMPORT_CA_CERT_NAME "ecc_cert_1" 66 #define HKS_IMPORT_ROOT_CERT_NAME "ecc_cert_2" 67 68 #define HKS_IMPORT_CERT_PER_BUF_MAX_SIZE 2048 69 70 struct DataTime { 71 uint32_t seconds; 72 uint32_t millis; 73 uint32_t min; 74 uint32_t hour; 75 uint32_t day; 76 uint32_t month; 77 uint32_t year; 78 }; 79 80 struct ValidPeriod { 81 uint8_t start[UTCTIME_LEN]; 82 uint8_t end[UTCTIME_LEN]; 83 }; 84 85 struct HksAttestTbsSpec { 86 struct HksAsn1Obj version; 87 struct HksAsn1Obj serial; 88 struct HksAsn1Obj signature; 89 struct HksAsn1Obj issuer; 90 struct HksAsn1Obj validity; 91 struct HksAsn1Obj subject; 92 struct HksAsn1Obj spki; 93 struct HksAsn1Obj extensions; 94 }; 95 96 struct HksAttestCert { 97 struct HksAttestTbsSpec tbs; 98 struct HksAsn1Obj signAlg; 99 struct HksAsn1Obj signature; 100 }; 101 102 struct HksAttestExt { 103 struct HksAsn1Obj seq; 104 struct HksAsn1Obj keyUsage; 105 struct HksAsn1Obj crl; 106 struct HksAsn1Obj claims; 107 }; 108 109 struct HksAttestSpec { 110 struct HksBlob claimsOid; 111 struct HksBlob claims; 112 struct HksBlob devCert; 113 struct HksBlob devKey; 114 struct HksBlob attestKey; 115 struct HksUsageSpec usageSpec; 116 struct ValidPeriod validity; 117 }; 118 119 #ifdef __cplusplus 120 extern "C" { 121 #endif 122 123 int32_t CreateAttestCertChain(const struct HksParamSet *keyNodeParamSet, const struct HksParamSet *paramSet, 124 struct HksBlob *certChain, struct HksBlob *rawKey); 125 126 #ifdef __cplusplus 127 } 128 #endif 129 130 #endif 131