Home | History | Annotate | Download | only in common 
      1 //
      2 // Copyright (C) 2015 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #ifndef ATTESTATION_COMMON_TPM_UTILITY_V1_H_
     18 #define ATTESTATION_COMMON_TPM_UTILITY_V1_H_
     19 
     20 #include "attestation/common/tpm_utility.h"
     21 
     22 #include <string>
     23 
     24 #include <base/macros.h>
     25 #include <trousers/scoped_tss_type.h>
     26 #include <trousers/tss.h>
     27 
     28 namespace attestation {
     29 
     30 // A TpmUtility implementation for TPM v1.2 modules.
     31 class TpmUtilityV1 : public TpmUtility {
     32  public:
     33   TpmUtilityV1() = default;
     34   ~TpmUtilityV1() override;
     35 
     36   // Initializes a TpmUtilityV1 instance. This method must be called
     37   // successfully before calling any other methods.
     38   bool Initialize();
     39 
     40   // TpmUtility methods.
     41   bool IsTpmReady() override;
     42   bool ActivateIdentity(const std::string& delegate_blob,
     43                         const std::string& delegate_secret,
     44                         const std::string& identity_key_blob,
     45                         const std::string& asym_ca_contents,
     46                         const std::string& sym_ca_attestation,
     47                         std::string* credential) override;
     48   bool CreateCertifiedKey(KeyType key_type,
     49                           KeyUsage key_usage,
     50                           const std::string& identity_key_blob,
     51                           const std::string& external_data,
     52                           std::string* key_blob,
     53                           std::string* public_key,
     54                           std::string* public_key_tpm_format,
     55                           std::string* key_info,
     56                           std::string* proof) override;
     57   bool SealToPCR0(const std::string& data, std::string* sealed_data) override;
     58   bool Unseal(const std::string& sealed_data, std::string* data) override;
     59   bool GetEndorsementPublicKey(std::string* public_key) override;
     60   bool Unbind(const std::string& key_blob,
     61               const std::string& bound_data,
     62               std::string* data) override;
     63   bool Sign(const std::string& key_blob,
     64             const std::string& data_to_sign,
     65             std::string* signature) override;
     66 
     67  private:
     68   // Populates |context_handle| with a valid TSS_HCONTEXT and |tpm_handle| with
     69   // its matching TPM object iff the context can be created and a TPM object
     70   // exists in the TSS. Returns true on success.
     71   bool ConnectContext(trousers::ScopedTssContext* context_handle,
     72                       TSS_HTPM* tpm_handle);
     73 
     74   // Populates |context_handle| with a valid TSS_HCONTEXT and |tpm_handle| with
     75   // its matching TPM object authorized by the given |delegate_blob| and
     76   // |delegate_secret|. Returns true on success.
     77   bool ConnectContextAsDelegate(const std::string& delegate_blob,
     78                                 const std::string& delegate_secret,
     79                                 trousers::ScopedTssContext* context,
     80                                 TSS_HTPM* tpm);
     81 
     82   // Sets up srk_handle_ if necessary. Returns true iff the SRK is ready.
     83   bool SetupSrk();
     84 
     85   // Loads the storage root key (SRK) and populates |srk_handle|. The
     86   // |context_handle| must be connected and valid. Returns true on success.
     87   bool LoadSrk(TSS_HCONTEXT context_handle, trousers::ScopedTssKey* srk_handle);
     88 
     89   // Loads a key in the TPM given a |key_blob| and a |parent_key_handle|. The
     90   // |context_handle| must be connected and valid. Returns true and populates
     91   // |key_handle| on success.
     92   bool LoadKeyFromBlob(const std::string& key_blob,
     93                        TSS_HCONTEXT context_handle,
     94                        TSS_HKEY parent_key_handle,
     95                        trousers::ScopedTssKey* key_handle);
     96 
     97   // Retrieves a |data| attribute defined by |flag| and |sub_flag| from a TSS
     98   // |object_handle|. The |context_handle| is only used for TSS memory
     99   // management.
    100   bool GetDataAttribute(TSS_HCONTEXT context_handle,
    101                         TSS_HOBJECT object_handle,
    102                         TSS_FLAG flag,
    103                         TSS_FLAG sub_flag,
    104                         std::string* data);
    105 
    106   // Converts a public in TPM_PUBKEY format to a DER-encoded RSAPublicKey.
    107   bool ConvertPublicKeyToDER(const std::string& public_key,
    108                              std::string* public_key_der);
    109 
    110   bool is_ready_{false};
    111   trousers::ScopedTssContext context_handle_;
    112   TSS_HTPM tpm_handle_{0};
    113   trousers::ScopedTssKey srk_handle_{0};
    114 
    115   DISALLOW_COPY_AND_ASSIGN(TpmUtilityV1);
    116 };
    117 
    118 }  // namespace attestation
    119 
    120 #endif  // ATTESTATION_COMMON_TPM_UTILITY_V1_H_
    121