1eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr/*
2eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * Copyright 2017 The Android Open Source Project
3eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
4eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * Licensed under the Apache License, Version 2.0 (the "License");
5eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * you may not use this file except in compliance with the License.
6eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * You may obtain a copy of the License at
7eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
8eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *      http://www.apache.org/licenses/LICENSE-2.0
9eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
10eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * Unless required by applicable law or agreed to in writing, software
11eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * distributed under the License is distributed on an "AS IS" BASIS,
12eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * See the License for the specific language governing permissions and
14eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * limitations under the License.
15eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr */
16eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
17eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#ifndef ATAP_TYPES_H_
18eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_TYPES_H_
19eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
20eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#ifdef __cplusplus
21eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrextern "C" {
22eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#endif
23eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
24eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#include "atap_sysdeps.h"
25eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
26eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrstruct AtapOps;
27eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef struct AtapOps AtapOps;
28eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
29eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr/* Return codes used for all operations.
30eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
31eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * ATAP_RESULT_OK is returned if the requested operation was
32eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * successful.
33eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
34eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * ATAP_RESULT_ERROR_IO is returned if the underlying hardware (disk
35eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * or other subsystem) encountered an I/O error.
36eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
37eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * ATAP_RESULT_ERROR_OOM is returned if unable to allocate memory.
38eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
39eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * ATAP_RESULT_ERROR_INVALID_INPUT is returned if inputs are invalid.
40eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
41eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * ATAP_RESULT_ERROR_UNSUPPORTED_ALGORITHM is returned if the device does
42eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * not support the requested algorithm.
43eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
44eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * ATAP_RESULT_ERROR_UNSUPPORTED_OPERATION is returned if the device does
45eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * not support the requested operation.
46eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr *
47eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr * ATAP_RESULT_ERROR_CRYPTO is returned if a crypto operation failed.
48eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr */
49eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef enum {
50eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_RESULT_OK,
51eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_RESULT_ERROR_IO,
52eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_RESULT_ERROR_OOM,
53eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_RESULT_ERROR_INVALID_INPUT,
54eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_RESULT_ERROR_UNSUPPORTED_ALGORITHM,
55eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_RESULT_ERROR_UNSUPPORTED_OPERATION,
56617bbcc8ecc68a000ce3f715f4441d1d8506c7b3Darren Krahn  ATAP_RESULT_ERROR_CRYPTO,
57617bbcc8ecc68a000ce3f715f4441d1d8506c7b3Darren Krahn  ATAP_RESULT_ERROR_STORAGE,
58eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr} AtapResult;
59eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
60eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef enum {
61eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_KEY_TYPE_NONE = 0,
62eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_KEY_TYPE_RSA = 1,
63eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_KEY_TYPE_ECDSA = 2,
64eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_KEY_TYPE_edDSA = 3,
65eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_KEY_TYPE_EPID = 4,
66eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_KEY_TYPE_SPECIAL = 5 /* in protocol v1, this is always the "cast" key
67eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr                             * persisted by the TEE */
68eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr} AtapKeyType;
69eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
70eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef enum {
71eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_CURVE_TYPE_NONE = 0,
72eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_CURVE_TYPE_P256 = 1,
73eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_CURVE_TYPE_X25519 = 2,
74eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr} AtapCurveType;
75eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
76eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef enum {
77eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_OPERATION_NONE = 0,
78eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_OPERATION_CERTIFY = 1,
79eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_OPERATION_ISSUE = 2,
80eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  ATAP_OPERATION_ISSUE_ENCRYPTED = 3
81eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr} AtapOperation;
82eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
83eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_PROTOCOL_VERSION 1
84eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_HEADER_LEN 8
85eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_ECDH_KEY_LEN 33
86eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_ECDH_SHARED_SECRET_LEN 32
87eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_OPERATION_START_LEN (ATAP_HEADER_LEN + 2 + ATAP_ECDH_KEY_LEN)
88eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_AES_128_KEY_LEN 16
89eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_GCM_IV_LEN 12
90eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_GCM_TAG_LEN 16
91eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_SHA256_DIGEST_LEN 32
92eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_PRODUCT_ID_LEN 16
93eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_NONCE_LEN 16
94eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_KEY_LEN_MAX 2048
95eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_CERT_LEN_MAX 2048
96eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_CERT_CHAIN_LEN_MAX 8192
97eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_CERT_CHAIN_ENTRIES_MAX 8
98eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_BLOB_LEN_MAX ATAP_CERT_CHAIN_LEN_MAX
99eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_SIGNATURE_LEN_MAX 512
100eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_HEX_UUID_LEN 32
101eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#define ATAP_INNER_CA_RESPONSE_FIELDS 10
102eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
103eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef struct {
104eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t* data;
105eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint32_t data_length;
106eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr} AtapBlob;
107eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
108eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef struct {
109eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  AtapBlob entries[ATAP_CERT_CHAIN_ENTRIES_MAX];
110eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint32_t entry_count;
111eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr} AtapCertChain;
112eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
113eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef struct {
114eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t header[ATAP_HEADER_LEN];
115eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  AtapCertChain auth_key_cert_chain;
116eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  AtapBlob signature;
117eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t product_id_hash[ATAP_SHA256_DIGEST_LEN];
118eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  AtapBlob RSA_pubkey;
119eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  AtapBlob ECDSA_pubkey;
120eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  AtapBlob edDSA_pubkey;
121eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr} AtapInnerCaRequest;
122eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
123eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef struct {
124eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t header[ATAP_HEADER_LEN];
125eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t device_pubkey[ATAP_ECDH_KEY_LEN];
126eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t iv[ATAP_GCM_IV_LEN];
127eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  AtapBlob encrypted_inner_ca_request;
128eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t tag[ATAP_GCM_TAG_LEN];
129eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr} AtapCaRequest;
130eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
131eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohrtypedef struct {
132eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t header[ATAP_HEADER_LEN];
133eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t iv[ATAP_GCM_IV_LEN];
134eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  AtapBlob encrypted;
135eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr  uint8_t tag[ATAP_GCM_TAG_LEN];
136eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr} AtapEncryptedMessage;
137eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
138eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#ifdef __cplusplus
139eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr}
140eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#endif
141eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr
142eb3a3e3eafd643fb61456dfda4eca3c61d50ff14Jocelyn Bohr#endif /* ATAP_TYPES_H_ */
143