#include <tpm_key_blob_maker.h>

Inheritance diagram for cuttlefish::TpmKeyBlobMaker:

Collaboration diagram for cuttlefish::TpmKeyBlobMaker:

Public Member Functions
	TpmKeyBlobMaker (TpmResourceManager &resource_manager)

keymaster_error_t	CreateKeyBlob (const keymaster::AuthorizationSet &key_description, keymaster_key_origin_t origin, const keymaster::KeymasterKeyBlob &key_material, keymaster::KeymasterKeyBlob blob, keymaster::AuthorizationSet hw_enforced, keymaster::AuthorizationSet *sw_enforced) const override

keymaster_error_t	UnvalidatedCreateKeyBlob (const keymaster::KeymasterKeyBlob &key_material, const keymaster::AuthorizationSet &hw_enforced, const keymaster::AuthorizationSet &sw_enforced, const keymaster::AuthorizationSet &hidden, keymaster::KeymasterKeyBlob *blob) const

keymaster_error_t	UnwrapKeyBlob (const keymaster_key_blob_t &blob, keymaster::AuthorizationSet hw_enforced, keymaster::AuthorizationSet sw_enforced, const keymaster::AuthorizationSet &hidden, keymaster::KeymasterKeyBlob *key_material) const

keymaster_error_t	SetSystemVersion (uint32_t os_version, uint32_t os_patchlevel)

keymaster_error_t	SetVendorPatchlevel (uint32_t vendor_patchlevel)

keymaster_error_t	SetBootPatchlevel (uint32_t boot_patchlevel)

Private Attributes
TpmResourceManager &	resource_manager_

uint32_t	os_version_

uint32_t	os_patchlevel_

std::optional< uint32_t >	vendor_patchlevel_

std::optional< uint32_t >	boot_patchlevel_

Detailed Description

Encrypts key data using a TPM-resident key and signs it with a TPM-resident key for privacy and integrity.

This class is used to encrypt KeyMint data when it leaves the secure_env process, and is sent for storage to Android. When the data comes back, this class decrypts it again for use in Keymaster and other HAL API calls.

Constructor & Destructor Documentation

◆ TpmKeyBlobMaker()

cuttlefish::TpmKeyBlobMaker::TpmKeyBlobMaker ( TpmResourceManager & resource_manager )

Member Function Documentation

◆ CreateKeyBlob()

keymaster_error_t cuttlefish::TpmKeyBlobMaker::CreateKeyBlob	(	const keymaster::AuthorizationSet &	key_description,
		keymaster_key_origin_t	origin,
		const keymaster::KeymasterKeyBlob &	key_material,
		keymaster::KeymasterKeyBlob *	blob,
		keymaster::AuthorizationSet *	hw_enforced,
		keymaster::AuthorizationSet *	sw_enforced
	)		const

override

◆ SetBootPatchlevel()

keymaster_error_t cuttlefish::TpmKeyBlobMaker::SetBootPatchlevel ( uint32_t boot_patchlevel )

◆ SetSystemVersion()

keymaster_error_t cuttlefish::TpmKeyBlobMaker::SetSystemVersion	(	uint32_t	os_version,
		uint32_t	os_patchlevel
	)

◆ SetVendorPatchlevel()

keymaster_error_t cuttlefish::TpmKeyBlobMaker::SetVendorPatchlevel ( uint32_t vendor_patchlevel )

◆ UnvalidatedCreateKeyBlob()

keymaster_error_t cuttlefish::TpmKeyBlobMaker::UnvalidatedCreateKeyBlob	(	const keymaster::KeymasterKeyBlob &	key_material,
		const keymaster::AuthorizationSet &	hw_enforced,
		const keymaster::AuthorizationSet &	sw_enforced,
		const keymaster::AuthorizationSet &	hidden,
		keymaster::KeymasterKeyBlob *	blob
	)		const

◆ UnwrapKeyBlob()

keymaster_error_t cuttlefish::TpmKeyBlobMaker::UnwrapKeyBlob	(	const keymaster_key_blob_t &	blob,
		keymaster::AuthorizationSet *	hw_enforced,
		keymaster::AuthorizationSet *	sw_enforced,
		const keymaster::AuthorizationSet &	hidden,
		keymaster::KeymasterKeyBlob *	key_material
	)		const

Intermediate function between KeymasterContext::ParseKeyBlob and KeyFactory::LoadKey, The inputs of this function match the outputs of KeymasterContext::ParseKeyBlob and the outputs of this function match the inputs of KeyFactory::LoadKey.

KeymasterContext::ParseKeyBlob is the common entry point for decoding all keys, and is expected to delegate to a KeyFactory depending on the type of the serialized key. This method performs decryption operations shared between all TPM-Keymaster keys.

Member Data Documentation

◆ boot_patchlevel_

std::optional<uint32_t> cuttlefish::TpmKeyBlobMaker::boot_patchlevel_

private

◆ os_patchlevel_

uint32_t cuttlefish::TpmKeyBlobMaker::os_patchlevel_

private

◆ os_version_

uint32_t cuttlefish::TpmKeyBlobMaker::os_version_

private

◆ resource_manager_

TpmResourceManager& cuttlefish::TpmKeyBlobMaker::resource_manager_

private

◆ vendor_patchlevel_

std::optional<uint32_t> cuttlefish::TpmKeyBlobMaker::vendor_patchlevel_

private

The documentation for this class was generated from the following files:

cuttlefish/host/commands/secure_env/tpm_key_blob_maker.h
cuttlefish/host/commands/secure_env/tpm_key_blob_maker.cpp

Public Member Functions

Private Attributes

Detailed Description

Constructor & Destructor Documentation

◆ TpmKeyBlobMaker()

Member Function Documentation

◆ CreateKeyBlob()

◆ SetBootPatchlevel()

◆ SetSystemVersion()

◆ SetVendorPatchlevel()

◆ UnvalidatedCreateKeyBlob()

◆ UnwrapKeyBlob()

Member Data Documentation

◆ boot_patchlevel_

◆ os_patchlevel_

◆ os_version_

◆ resource_manager_

◆ vendor_patchlevel_