cuttlefish::secure_env::TpmStorage Class Reference

#include <tpm_storage.h>

Inheritance diagram for cuttlefish::secure_env::TpmStorage:

Collaboration diagram for cuttlefish::secure_env::TpmStorage:

Public Member Functions
	TpmStorage (TpmResourceManager &resource_manager, const std::string &index_file)
Result< bool >	HasKey (const std::string &key) const override
Result< ManagedStorageData >	Read (const std::string &key) const override
Result< void >	Write (const std::string &key, const StorageData &data) override
bool	Exists () const override
Public Member Functions inherited from cuttlefish::secure_env::Storage
virtual Result< bool >	HasKey (const std::string &key) const =0
virtual Result< ManagedStorageData >	Read (const std::string &key) const =0
virtual Result< void >	Write (const std::string &key, const StorageData &data)=0
virtual bool	Exists () const =0
virtual	~Storage ()=default

Private Member Functions
Result< std::optional< TPM2_HANDLE > >	GetHandle (const std::string &key) const
TPM2_HANDLE	GenerateRandomHandle ()
Result< void >	Allocate (const std::string &key, uint16_t size)

Private Attributes
TpmResourceManager &	resource_manager_
std::string	index_file_
Json::Value	index_
std::string	path_

Detailed Description

Manager for data stored inside the TPM with an index outside of the TPM. The contents of the data cannot be corrupted or decrypted by accessing the index, but the index can be corrupted by an attacker.

As the actual data is stored inside the TPM, a replay attack can be used to restore deleted index entries or hide revert to before an index entry was added, but not change the contents that an index points to if it still exists.

This class is not thread-safe, and should be synchronized externally if it is going to be used from multiple threads.

Constructor & Destructor Documentation

TpmStorage()

cuttlefish::secure_env::TpmStorage::TpmStorage	(	TpmResourceManager &	resource_manager,
		const std::string &	index_file
	)

Member Function Documentation

Allocate()

Result< void > cuttlefish::secure_env::TpmStorage::Allocate ( const std::string &  key, uint16_t  size  )

private

Exists()

bool cuttlefish::secure_env::TpmStorage::Exists ( ) const

overridevirtual

Implements cuttlefish::secure_env::Storage.

GenerateRandomHandle()

TPM2_HANDLE cuttlefish::secure_env::TpmStorage::GenerateRandomHandle ( )

private

GetHandle()

Result< std::optional< TPM2_HANDLE > > cuttlefish::secure_env::TpmStorage::GetHandle ( const std::string &  key ) const

private

HasKey()

Result< bool > cuttlefish::secure_env::TpmStorage::HasKey ( const std::string &  key ) const

overridevirtual

Implements cuttlefish::secure_env::Storage.

Read()

Result< ManagedStorageData > cuttlefish::secure_env::TpmStorage::Read ( const std::string &  key ) const

overridevirtual

Implements cuttlefish::secure_env::Storage.

Write()

Result< void > cuttlefish::secure_env::TpmStorage::Write ( const std::string &  key, const StorageData &  data  )

overridevirtual

Implements cuttlefish::secure_env::Storage.

Member Data Documentation

index_

Json::Value cuttlefish::secure_env::TpmStorage::index_

private

index_file_

std::string cuttlefish::secure_env::TpmStorage::index_file_

private

path_

std::string cuttlefish::secure_env::TpmStorage::path_

private

resource_manager_

TpmResourceManager& cuttlefish::secure_env::TpmStorage::resource_manager_

private

---

The documentation for this class was generated from the following files:

• cuttlefish/host/commands/secure_env/storage/tpm_storage.h
• cuttlefish/host/commands/secure_env/storage/tpm_storage.cpp