Android-cuttlefish cvd tool
tpm_keymaster_enforcement.h
Go to the documentation of this file.
1//
2// Copyright (C) 2020 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15
16#pragma once
17
18#include <keymaster/keymaster_enforcement.h>
19
20#include "cuttlefish/host/commands/secure_env/tpm_gatekeeper.h"
21#include "cuttlefish/host/commands/secure_env/tpm_resource_manager.h"
22
23namespace cuttlefish {
24
30class TpmKeymasterEnforcement : public keymaster::KeymasterEnforcement {
31 public:
32 TpmKeymasterEnforcement(TpmResourceManager& resource_manager,
33 TpmGatekeeper& gatekeeper);
34 ~TpmKeymasterEnforcement();
35
36 bool activation_date_valid(uint64_t activation_date) const override;
37 bool expiration_date_passed(uint64_t expiration_date) const override;
38 bool auth_token_timed_out(const hw_auth_token_t& token,
39 uint32_t timeout) const override;
40 uint64_t get_current_time_ms() const override;
41
42 keymaster_security_level_t SecurityLevel() const override;
43 bool ValidateTokenSignature(const hw_auth_token_t& token) const override;
44
45 keymaster_error_t GetHmacSharingParameters(
46 keymaster::HmacSharingParameters* params) override;
47 keymaster_error_t ComputeSharedHmac(
48 const keymaster::HmacSharingParametersArray& params_array,
49 keymaster::KeymasterBlob* sharingCheck) override;
50
51 keymaster::VerifyAuthorizationResponse VerifyAuthorization(
52 const keymaster::VerifyAuthorizationRequest& request) override;
53
54 keymaster_error_t GenerateTimestampToken(
55 keymaster::TimestampToken* token) override;
56
57 keymaster::KmErrorOr<std::array<uint8_t, 32>> ComputeHmac(
58 const std::vector<uint8_t>& data_to_mac) const override;
59
60 bool CreateKeyId(const keymaster_key_blob_t& key_blob,
61 keymaster::km_id_t* keyid) const override;
62
63 private:
64 TpmResourceManager& resource_manager_;
65 TpmGatekeeper& gatekeeper_;
66 bool have_saved_params_ = false;
67 keymaster::HmacSharingParameters saved_params_;
68};
69
70} // namespace cuttlefish
cuttlefish::TpmGatekeeper
Definition: tpm_gatekeeper.h:31
cuttlefish::TpmKeymasterEnforcement
Definition: tpm_keymaster_enforcement.h:30
cuttlefish::TpmKeymasterEnforcement::VerifyAuthorization
keymaster::VerifyAuthorizationResponse VerifyAuthorization(const keymaster::VerifyAuthorizationRequest &request) override
Definition: tpm_keymaster_enforcement.cpp:239
cuttlefish::TpmKeymasterEnforcement::saved_params_
keymaster::HmacSharingParameters saved_params_
Definition: tpm_keymaster_enforcement.h:67
cuttlefish::TpmKeymasterEnforcement::activation_date_valid
bool activation_date_valid(uint64_t activation_date) const override
Definition: tpm_keymaster_enforcement.cpp:102
cuttlefish::TpmKeymasterEnforcement::TpmKeymasterEnforcement
TpmKeymasterEnforcement(TpmResourceManager &resource_manager, TpmGatekeeper &gatekeeper)
Definition: tpm_keymaster_enforcement.cpp:94
cuttlefish::TpmKeymasterEnforcement::auth_token_timed_out
bool auth_token_timed_out(const hw_auth_token_t &token, uint32_t timeout) const override
Definition: tpm_keymaster_enforcement.cpp:112
cuttlefish::TpmKeymasterEnforcement::SecurityLevel
keymaster_security_level_t SecurityLevel() const override
Definition: tpm_keymaster_enforcement.cpp:136
cuttlefish::TpmKeymasterEnforcement::~TpmKeymasterEnforcement
~TpmKeymasterEnforcement()
Definition: tpm_keymaster_enforcement.cpp:100
cuttlefish::TpmKeymasterEnforcement::GenerateTimestampToken
keymaster_error_t GenerateTimestampToken(keymaster::TimestampToken *token) override
Definition: tpm_keymaster_enforcement.cpp:274
cuttlefish::TpmKeymasterEnforcement::ComputeSharedHmac
keymaster_error_t ComputeSharedHmac(const keymaster::HmacSharingParametersArray &params_array, keymaster::KeymasterBlob *sharingCheck) override
Definition: tpm_keymaster_enforcement.cpp:193
cuttlefish::TpmKeymasterEnforcement::gatekeeper_
TpmGatekeeper & gatekeeper_
Definition: tpm_keymaster_enforcement.h:65
cuttlefish::TpmKeymasterEnforcement::CreateKeyId
bool CreateKeyId(const keymaster_key_blob_t &key_blob, keymaster::km_id_t *keyid) const override
Definition: tpm_keymaster_enforcement.cpp:317
cuttlefish::TpmKeymasterEnforcement::have_saved_params_
bool have_saved_params_
Definition: tpm_keymaster_enforcement.h:66
cuttlefish::TpmKeymasterEnforcement::GetHmacSharingParameters
keymaster_error_t GetHmacSharingParameters(keymaster::HmacSharingParameters *params) override
Definition: tpm_keymaster_enforcement.cpp:175
cuttlefish::TpmKeymasterEnforcement::resource_manager_
TpmResourceManager & resource_manager_
Definition: tpm_keymaster_enforcement.h:64
cuttlefish::TpmKeymasterEnforcement::ValidateTokenSignature
bool ValidateTokenSignature(const hw_auth_token_t &token) const override
Definition: tpm_keymaster_enforcement.cpp:140
cuttlefish::TpmKeymasterEnforcement::ComputeHmac
keymaster::KmErrorOr< std::array< uint8_t, 32 > > ComputeHmac(const std::vector< uint8_t > &data_to_mac) const override
Definition: tpm_keymaster_enforcement.cpp:300
cuttlefish::TpmKeymasterEnforcement::expiration_date_passed
bool expiration_date_passed(uint64_t expiration_date) const override
Definition: tpm_keymaster_enforcement.cpp:107
cuttlefish::TpmKeymasterEnforcement::get_current_time_ms
uint64_t get_current_time_ms() const override
Definition: tpm_keymaster_enforcement.cpp:119
cuttlefish::TpmResourceManager
Definition: tpm_resource_manager.h:50
cuttlefish
Definition: alloc_utils.cpp:23
gatekeeper
Definition: soft_gatekeeper.h:34
tpm_gatekeeper.h
tpm_resource_manager.h
Generated by doxygen 1.9.4