android13/external/open-dice/include/dice/android/bcc.h

// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License"); you may not
// use this file except in compliance with the License. You may obtain a copy of
// the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// License for the specific language governing permissions and limitations under
// the License.

#ifndef DICE_ANDROID_BCC_H_
#define DICE_ANDROID_BCC_H_

#include <stdbool.h>

#include "dice/dice.h"

#ifdef __cplusplus
extern "C" {
#endif

#define BCC_INPUT_COMPONENT_NAME (1 << 0)
#define BCC_INPUT_COMPONENT_VERSION (1 << 1)
#define BCC_INPUT_RESETTABLE (1 << 2)

// Contains the input values used to construct the BCC configuration
// descriptor. Optional fields are selected in the |inputs| bitfield.
//
// Fields:
//    inputs: A bitfield selecting which BCC inputs to include.
//    component_name: Optional. Name of firmware component / boot stage.
//    component_version: Optional. Version of firmware component / boot stage.
typedef struct BccConfigValues_ {
  uint32_t inputs;
  const char* component_name;
  uint64_t component_version;
} BccConfigValues;

// Formats a configuration descriptor following the BCC's specification.
DiceResult BccFormatConfigDescriptor(const BccConfigValues* input_values,
                                     size_t buffer_size, uint8_t* buffer,
                                     size_t* actual_size);

// Executes the main BCC flow.
//
// Call this instead of DiceMainFlow when the next certificate should be
// appended to an existing boot certificate chain (BCC). However, when using
// the BCC handover format, use BccHandoverMainFlow instead.
//
// Given a full set of input values along with the current BCC and CDI values,
// computes the next CDI values and matching updated BCC.
DiceResult BccMainFlow(void* context,
                       const uint8_t current_cdi_attest[DICE_CDI_SIZE],
                       const uint8_t current_cdi_seal[DICE_CDI_SIZE],
                       const uint8_t* bcc, size_t bcc_size,
                       const DiceInputValues* input_values, size_t buffer_size,
                       uint8_t* buffer, size_t* actual_size,
                       uint8_t next_cdi_attest[DICE_CDI_SIZE],
                       uint8_t next_cdi_seal[DICE_CDI_SIZE]);

// Executes the main BCC handover flow.
//
// Call this instead of BccMainFlow when using the BCC handover format to
// combine the BCC and CDIs in a single CBOR object.
//
// Given a full set of input values and the current BCC handover data, computes
// the next BCC handover data.
//
// Using a CBOR object to bundle is one option for passing the values passed
// between boot stages. This function can take the current boot stage's bundle
// and produce a bundle for the next stage. Passing the bundle between stages
// is a problem left to the caller.
DiceResult BccHandoverMainFlow(void* context, const uint8_t* bcc_handover,
                               size_t bcc_handover_size,
                               const DiceInputValues* input_values,
                               size_t buffer_size, uint8_t* buffer,
                               size_t* actual_size);

#ifdef __cplusplus
}  // extern "C"
#endif

#endif  // DICE_ANDROID_BCC_H_