android-cuttlefish/cvd/tpm__keymaster__context_8h_source.html

//

// Copyright (C) 2020 The Android Open Source Project

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//      http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.


#pragma once


#include <map>

#include <vector>


#include <keymaster/keymaster_context.h>

#include <keymaster/km_openssl/attestation_record.h>


#include "tpm_attestation_record.h"


namespace cuttlefish {


class TpmAttestationRecordContext;

class TpmResourceManager;

class TpmKeyBlobMaker;

class TpmRandomSource;

class TpmRemoteProvisioningContext;


class TpmKeymasterContext : public keymaster::KeymasterContext {

 private:

  TpmResourceManager& resource_manager_;

  keymaster::KeymasterEnforcement& enforcement_;

  std::unique_ptr<TpmKeyBlobMaker> key_blob_maker_;

  std::unique_ptr<TpmRandomSource> random_source_;

  std::unique_ptr<TpmAttestationRecordContext> attestation_context_;

  std::unique_ptr<TpmRemoteProvisioningContext> remote_provisioning_context_;

  std::map<keymaster_algorithm_t, std::unique_ptr<keymaster::KeyFactory>>

      key_factories_;

  std::vector<keymaster_algorithm_t> supported_algorithms_;

  uint32_t os_version_;

  uint32_t os_patchlevel_;

  std::optional<uint32_t> vendor_patchlevel_;

  std::optional<uint32_t> boot_patchlevel_;

  std::optional<std::string> bootloader_state_;

  std::optional<std::string> verified_boot_state_;

  std::optional<std::vector<uint8_t>> vbmeta_digest_;


 public:

  TpmKeymasterContext(TpmResourceManager&, keymaster::KeymasterEnforcement&);

  ~TpmKeymasterContext() = default;


  keymaster::KmVersion GetKmVersion() const override {

    return attestation_context_->GetKmVersion();

  }


  keymaster_error_t SetSystemVersion(uint32_t os_version,

                                     uint32_t os_patchlevel) override;

  void GetSystemVersion(uint32_t* os_version,

                        uint32_t* os_patchlevel) const override;


  const keymaster::KeyFactory* GetKeyFactory(

      keymaster_algorithm_t algorithm) const override;

  keymaster::OperationFactory* GetOperationFactory(

      keymaster_algorithm_t algorithm,

      keymaster_purpose_t purpose) const override;

  const keymaster_algorithm_t* GetSupportedAlgorithms(

      size_t* algorithms_count) const override;


  keymaster_error_t UpgradeKeyBlob(

      const keymaster::KeymasterKeyBlob& key_to_upgrade,

      const keymaster::AuthorizationSet& upgrade_params,

      keymaster::KeymasterKeyBlob* upgraded_key) const override;


  keymaster_error_t ParseKeyBlob(

      const keymaster::KeymasterKeyBlob& blob,

      const keymaster::AuthorizationSet& additional_params,

      keymaster::UniquePtr<keymaster::Key>* key) const override;


  keymaster_error_t AddRngEntropy(const uint8_t* buf,

                                  size_t length) const override;


  keymaster::KeymasterEnforcement* enforcement_policy() override;


  keymaster::AttestationContext* attestation_context() override {

    return attestation_context_.get();

  }


  keymaster::CertificateChain GenerateAttestation(

      const keymaster::Key& key,

      const keymaster::AuthorizationSet& attest_params,

      keymaster::UniquePtr<keymaster::Key> attest_key,

      const keymaster::KeymasterBlob& issuer_subject,

      keymaster_error_t* error) const override;


  keymaster::CertificateChain GenerateSelfSignedCertificate(

      const keymaster::Key& key, const keymaster::AuthorizationSet& cert_params,

      bool fake_signature, keymaster_error_t* error) const override;


  keymaster_error_t UnwrapKey(

      const keymaster::KeymasterKeyBlob& wrapped_key_blob,

      const keymaster::KeymasterKeyBlob& wrapping_key_blob,

      const keymaster::AuthorizationSet& wrapping_key_params,

      const keymaster::KeymasterKeyBlob& masking_key,

      keymaster::AuthorizationSet* wrapped_key_params,

      keymaster_key_format_t* wrapped_key_format,

      keymaster::KeymasterKeyBlob* wrapped_key_material) const override;


  keymaster_error_t CheckConfirmationToken(

      const std::uint8_t* input_data, size_t input_data_size,

      const uint8_t confirmation_token[keymaster::kConfirmationTokenSize])

      const;


  keymaster::RemoteProvisioningContext* GetRemoteProvisioningContext()

      const override;


  keymaster_error_t SetVerifiedBootInfo(

      std::string_view verified_boot_state, std::string_view bootloader_state,

      const std::vector<uint8_t>& vbmeta_digest) override;


  keymaster_error_t SetVendorPatchlevel(uint32_t vendor_patchlevel) override;

  keymaster_error_t SetBootPatchlevel(uint32_t boot_patchlevel) override;

  std::optional<uint32_t> GetVendorPatchlevel() const override;

  std::optional<uint32_t> GetBootPatchlevel() const override;


  keymaster_error_t SetAttestationIds(

      const keymaster::SetAttestationIdsRequest& request) override {

    return attestation_context_->SetAttestationIds(request);

  }


  keymaster_error_t SetAttestationIdsKM3(

      const keymaster::SetAttestationIdsKM3Request& request) override {

    return attestation_context_->SetAttestationIdsKM3(request);

  }

};


}  // namespace cuttlefish

cuttlefish::TpmKeymasterContext
Definition: tpm_keymaster_context.h:40

cuttlefish::TpmKeymasterContext::vbmeta_digest_
std::optional< std::vector< uint8_t > > vbmeta_digest_
Definition: tpm_keymaster_context.h:57

cuttlefish::TpmKeymasterContext::random_source_
std::unique_ptr< TpmRandomSource > random_source_
Definition: tpm_keymaster_context.h:45

cuttlefish::TpmKeymasterContext::CheckConfirmationToken
keymaster_error_t CheckConfirmationToken(const std::uint8_t *input_data, size_t input_data_size, const uint8_t confirmation_token[keymaster::kConfirmationTokenSize]) const
Definition: tpm_keymaster_context.cpp:576

cuttlefish::TpmKeymasterContext::os_patchlevel_
uint32_t os_patchlevel_
Definition: tpm_keymaster_context.h:52

cuttlefish::TpmKeymasterContext::SetVendorPatchlevel
keymaster_error_t SetVendorPatchlevel(uint32_t vendor_patchlevel) override
Definition: tpm_keymaster_context.cpp:648

cuttlefish::TpmKeymasterContext::key_factories_
std::map< keymaster_algorithm_t, std::unique_ptr< keymaster::KeyFactory > > key_factories_
Definition: tpm_keymaster_context.h:49

cuttlefish::TpmKeymasterContext::GetVendorPatchlevel
std::optional< uint32_t > GetVendorPatchlevel() const override
Definition: tpm_keymaster_context.cpp:678

cuttlefish::TpmKeymasterContext::os_version_
uint32_t os_version_
Definition: tpm_keymaster_context.h:51

cuttlefish::TpmKeymasterContext::GetSystemVersion
void GetSystemVersion(uint32_t *os_version, uint32_t *os_patchlevel) const override
Definition: tpm_keymaster_context.cpp:115

cuttlefish::TpmKeymasterContext::boot_patchlevel_
std::optional< uint32_t > boot_patchlevel_
Definition: tpm_keymaster_context.h:54

cuttlefish::TpmKeymasterContext::bootloader_state_
std::optional< std::string > bootloader_state_
Definition: tpm_keymaster_context.h:55

cuttlefish::TpmKeymasterContext::SetVerifiedBootInfo
keymaster_error_t SetVerifiedBootInfo(std::string_view verified_boot_state, std::string_view bootloader_state, const std::vector< uint8_t > &vbmeta_digest) override
Definition: tpm_keymaster_context.cpp:614

cuttlefish::TpmKeymasterContext::SetBootPatchlevel
keymaster_error_t SetBootPatchlevel(uint32_t boot_patchlevel) override
Definition: tpm_keymaster_context.cpp:663

cuttlefish::TpmKeymasterContext::supported_algorithms_
std::vector< keymaster_algorithm_t > supported_algorithms_
Definition: tpm_keymaster_context.h:50

cuttlefish::TpmKeymasterContext::GetOperationFactory
keymaster::OperationFactory * GetOperationFactory(keymaster_algorithm_t algorithm, keymaster_purpose_t purpose) const override
Definition: tpm_keymaster_context.cpp:131

cuttlefish::TpmKeymasterContext::SetAttestationIds
keymaster_error_t SetAttestationIds(const keymaster::SetAttestationIdsRequest &request) override
Definition: tpm_keymaster_context.h:136

cuttlefish::TpmKeymasterContext::GenerateAttestation
keymaster::CertificateChain GenerateAttestation(const keymaster::Key &key, const keymaster::AuthorizationSet &attest_params, keymaster::UniquePtr< keymaster::Key > attest_key, const keymaster::KeymasterBlob &issuer_subject, keymaster_error_t *error) const override
Definition: tpm_keymaster_context.cpp:281

cuttlefish::TpmKeymasterContext::GetSupportedAlgorithms
const keymaster_algorithm_t * GetSupportedAlgorithms(size_t *algorithms_count) const override
Definition: tpm_keymaster_context.cpp:147

cuttlefish::TpmKeymasterContext::ParseKeyBlob
keymaster_error_t ParseKeyBlob(const keymaster::KeymasterKeyBlob &blob, const keymaster::AuthorizationSet &additional_params, keymaster::UniquePtr< keymaster::Key > *key) const override
Definition: tpm_keymaster_context.cpp:233

cuttlefish::TpmKeymasterContext::GetRemoteProvisioningContext
keymaster::RemoteProvisioningContext * GetRemoteProvisioningContext() const override
Definition: tpm_keymaster_context.cpp:599

cuttlefish::TpmKeymasterContext::attestation_context
keymaster::AttestationContext * attestation_context() override
Definition: tpm_keymaster_context.h:95

cuttlefish::TpmKeymasterContext::attestation_context_
std::unique_ptr< TpmAttestationRecordContext > attestation_context_
Definition: tpm_keymaster_context.h:46

cuttlefish::TpmKeymasterContext::SetSystemVersion
keymaster_error_t SetSystemVersion(uint32_t os_version, uint32_t os_patchlevel) override
Definition: tpm_keymaster_context.cpp:105

cuttlefish::TpmKeymasterContext::~TpmKeymasterContext
~TpmKeymasterContext()=default

cuttlefish::TpmKeymasterContext::SetAttestationIdsKM3
keymaster_error_t SetAttestationIdsKM3(const keymaster::SetAttestationIdsKM3Request &request) override
Definition: tpm_keymaster_context.h:141

cuttlefish::TpmKeymasterContext::key_blob_maker_
std::unique_ptr< TpmKeyBlobMaker > key_blob_maker_
Definition: tpm_keymaster_context.h:44

cuttlefish::TpmKeymasterContext::GetKeyFactory
const keymaster::KeyFactory * GetKeyFactory(keymaster_algorithm_t algorithm) const override
Definition: tpm_keymaster_context.cpp:121

cuttlefish::TpmKeymasterContext::remote_provisioning_context_
std::unique_ptr< TpmRemoteProvisioningContext > remote_provisioning_context_
Definition: tpm_keymaster_context.h:47

cuttlefish::TpmKeymasterContext::enforcement_
keymaster::KeymasterEnforcement & enforcement_
Definition: tpm_keymaster_context.h:43

cuttlefish::TpmKeymasterContext::resource_manager_
TpmResourceManager & resource_manager_
Definition: tpm_keymaster_context.h:42

cuttlefish::TpmKeymasterContext::UnwrapKey
keymaster_error_t UnwrapKey(const keymaster::KeymasterKeyBlob &wrapped_key_blob, const keymaster::KeymasterKeyBlob &wrapping_key_blob, const keymaster::AuthorizationSet &wrapping_key_params, const keymaster::KeymasterKeyBlob &masking_key, keymaster::AuthorizationSet *wrapped_key_params, keymaster_key_format_t *wrapped_key_format, keymaster::KeymasterKeyBlob *wrapped_key_material) const override
Definition: tpm_keymaster_context.cpp:357

cuttlefish::TpmKeymasterContext::GetKmVersion
keymaster::KmVersion GetKmVersion() const override
Definition: tpm_keymaster_context.h:63

cuttlefish::TpmKeymasterContext::UpgradeKeyBlob
keymaster_error_t UpgradeKeyBlob(const keymaster::KeymasterKeyBlob &key_to_upgrade, const keymaster::AuthorizationSet &upgrade_params, keymaster::KeymasterKeyBlob *upgraded_key) const override
Definition: tpm_keymaster_context.cpp:182

cuttlefish::TpmKeymasterContext::GenerateSelfSignedCertificate
keymaster::CertificateChain GenerateSelfSignedCertificate(const keymaster::Key &key, const keymaster::AuthorizationSet &cert_params, bool fake_signature, keymaster_error_t *error) const override
Definition: tpm_keymaster_context.cpp:332

cuttlefish::TpmKeymasterContext::TpmKeymasterContext
TpmKeymasterContext(TpmResourceManager &, keymaster::KeymasterEnforcement &)
Definition: tpm_keymaster_context.cpp:77

cuttlefish::TpmKeymasterContext::vendor_patchlevel_
std::optional< uint32_t > vendor_patchlevel_
Definition: tpm_keymaster_context.h:53

cuttlefish::TpmKeymasterContext::enforcement_policy
keymaster::KeymasterEnforcement * enforcement_policy() override
Definition: tpm_keymaster_context.cpp:274

cuttlefish::TpmKeymasterContext::verified_boot_state_
std::optional< std::string > verified_boot_state_
Definition: tpm_keymaster_context.h:56

cuttlefish::TpmKeymasterContext::GetBootPatchlevel
std::optional< uint32_t > GetBootPatchlevel() const override
Definition: tpm_keymaster_context.cpp:682

cuttlefish::TpmKeymasterContext::AddRngEntropy
keymaster_error_t AddRngEntropy(const uint8_t *buf, size_t length) const override
Definition: tpm_keymaster_context.cpp:269

cuttlefish::TpmResourceManager
Definition: tpm_resource_manager.h:50

error
#define error(format, args...)
Definition: fec_private.h:201

cuttlefish
Definition: alloc_utils.cpp:23

tpm_attestation_record.h