1 /*
2  * Copyright 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <cppbor.h>
20 #include <cppbor_parse.h>
21 
22 #include <keymaster/android_keymaster_utils.h>
23 #include <keymaster/cppcose/cppcose.h>
24 
25 namespace keymaster {
26 
27 // These are the negations of the actual error codes
28 constexpr keymaster_error_t kStatusFailed = static_cast<keymaster_error_t>(-1);
29 constexpr keymaster_error_t kStatusInvalidMac = static_cast<keymaster_error_t>(-2);
30 constexpr keymaster_error_t kStatusProductionKeyInTestRequest = static_cast<keymaster_error_t>(-3);
31 constexpr keymaster_error_t kStatusTestKeyInProductionRequest = static_cast<keymaster_error_t>(-4);
32 constexpr keymaster_error_t kStatusInvalidEek = static_cast<keymaster_error_t>(-5);
33 constexpr keymaster_error_t kStatusRemoved = static_cast<keymaster_error_t>(-6);
34 
35 template <typename T> class StatusOr {
36   public:
StatusOr(int32_t status_code)37     StatusOr(int32_t status_code)  // NOLINT(google-explicit-constructor)
38         : status_code_(status_code) {}
StatusOr(T val)39     StatusOr(T val)  // NOLINT(google-explicit-constructor)
40         : status_code_(0), value_(std::move(val)) {}
41 
isOk()42     bool isOk() { return status_code_ == 0; }
43 
44     T* operator->() & {
45         assert(isOk());
46         return &value_.value();
47     }
48     T& operator*() & {
49         assert(isOk());
50         return value_.value();
51     }
52     T&& operator*() && {
53         assert(isOk());
54         return std::move(value_).value();
55     }
56 
moveError()57     int32_t moveError() {
58         assert(!isOk());
59         return status_code_;
60     }
61 
moveValue()62     T moveValue() { return std::move(value_).value(); }
63 
64   private:
65     int32_t status_code_;
66     std::optional<T> value_;
67 };
68 
69 StatusOr<std::pair<std::vector<uint8_t> /* EEK pub */, std::vector<uint8_t> /* EEK ID */>>
70 validateAndExtractEekPubAndId(bool testMode, const KeymasterBlob& endpointEncryptionCertChain);
71 
72 StatusOr<cppbor::Array /* pubkeys */>
73 validateAndExtractPubkeys(bool testMode, uint32_t numKeys, KeymasterBlob* keysToSign,
74                           const cppcose::HmacSha256Function& macFunction);
75 
76 cppbor::Array buildCertReqRecipients(const std::vector<uint8_t>& pubkey,
77                                      const std::vector<uint8_t>& kid);
78 
79 }  // namespace keymaster
80