common/tpm_utility_v1.h - platform/system/attestation - Git at Google

 //
 // Copyright (C) 2015 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //

 #ifndef ATTESTATION_COMMON_TPM_UTILITY_V1_H_
 #define ATTESTATION_COMMON_TPM_UTILITY_V1_H_

 #include "attestation/common/tpm_utility.h"

 #include <string>

 #include <base/macros.h>
 #include <trousers/scoped_tss_type.h>
 #include <trousers/tss.h>

 namespace attestation {

 // A TpmUtility implementation for TPM v1.2 modules.
 class TpmUtilityV1 : public TpmUtility {
  public:
   TpmUtilityV1() = default;
   ~TpmUtilityV1() override;

   // Initializes a TpmUtilityV1 instance. This method must be called
   // successfully before calling any other methods.
   bool Initialize();

   // TpmUtility methods.
   bool IsTpmReady() override;
   bool ActivateIdentity(const std::string& delegate_blob,
                         const std::string& delegate_secret,
                         const std::string& identity_key_blob,
                         const std::string& asym_ca_contents,
                         const std::string& sym_ca_attestation,
                         std::string* credential) override;
   bool CreateCertifiedKey(KeyType key_type,
                           KeyUsage key_usage,
                           const std::string& identity_key_blob,
                           const std::string& external_data,
                           std::string* key_blob,
                           std::string* public_key,
                           std::string* public_key_tpm_format,
                           std::string* key_info,
                           std::string* proof) override;
   bool SealToPCR0(const std::string& data, std::string* sealed_data) override;
   bool Unseal(const std::string& sealed_data, std::string* data) override;
   bool GetEndorsementPublicKey(std::string* public_key) override;
   bool Unbind(const std::string& key_blob,
               const std::string& bound_data,
               std::string* data) override;
   bool Sign(const std::string& key_blob,
             const std::string& data_to_sign,
             std::string* signature) override;

  private:
   // Populates |context_handle| with a valid TSS_HCONTEXT and |tpm_handle| with
   // its matching TPM object iff the context can be created and a TPM object
   // exists in the TSS. Returns true on success.
   bool ConnectContext(trousers::ScopedTssContext* context_handle,
                       TSS_HTPM* tpm_handle);

   // Populates |context_handle| with a valid TSS_HCONTEXT and |tpm_handle| with
   // its matching TPM object authorized by the given |delegate_blob| and
   // |delegate_secret|. Returns true on success.
   bool ConnectContextAsDelegate(const std::string& delegate_blob,
                                 const std::string& delegate_secret,
                                 trousers::ScopedTssContext* context,
                                 TSS_HTPM* tpm);

   // Sets up srk_handle_ if necessary. Returns true iff the SRK is ready.
   bool SetupSrk();

   // Loads the storage root key (SRK) and populates |srk_handle|. The
   // |context_handle| must be connected and valid. Returns true on success.
   bool LoadSrk(TSS_HCONTEXT context_handle, trousers::ScopedTssKey* srk_handle);

   // Loads a key in the TPM given a |key_blob| and a |parent_key_handle|. The
   // |context_handle| must be connected and valid. Returns true and populates
   // |key_handle| on success.
   bool LoadKeyFromBlob(const std::string& key_blob,
                        TSS_HCONTEXT context_handle,
                        TSS_HKEY parent_key_handle,
                        trousers::ScopedTssKey* key_handle);

   // Retrieves a |data| attribute defined by |flag| and |sub_flag| from a TSS
   // |object_handle|. The |context_handle| is only used for TSS memory
   // management.
   bool GetDataAttribute(TSS_HCONTEXT context_handle,
                         TSS_HOBJECT object_handle,
                         TSS_FLAG flag,
                         TSS_FLAG sub_flag,
                         std::string* data);

   // Converts a public in TPM_PUBKEY format to a DER-encoded RSAPublicKey.
   bool ConvertPublicKeyToDER(const std::string& public_key,
                              std::string* public_key_der);

   bool is_ready_{false};
   trousers::ScopedTssContext context_handle_;
   TSS_HTPM tpm_handle_{0};
   trousers::ScopedTssKey srk_handle_{0};

   DISALLOW_COPY_AND_ASSIGN(TpmUtilityV1);
 };

 }  // namespace attestation

 #endif  // ATTESTATION_COMMON_TPM_UTILITY_V1_H_
	//
	// Copyright (C) 2015 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//

	#ifndef ATTESTATION_COMMON_TPM_UTILITY_V1_H_
	#define ATTESTATION_COMMON_TPM_UTILITY_V1_H_

	#include "attestation/common/tpm_utility.h"

	#include <string>

	#include <base/macros.h>
	#include <trousers/scoped_tss_type.h>
	#include <trousers/tss.h>

	namespace attestation {

	// A TpmUtility implementation for TPM v1.2 modules.
	class TpmUtilityV1 : public TpmUtility {
	public:
	TpmUtilityV1() = default;
	~TpmUtilityV1() override;

	// Initializes a TpmUtilityV1 instance. This method must be called
	// successfully before calling any other methods.
	bool Initialize();

	// TpmUtility methods.
	bool IsTpmReady() override;
	bool ActivateIdentity(const std::string& delegate_blob,
	const std::string& delegate_secret,
	const std::string& identity_key_blob,
	const std::string& asym_ca_contents,
	const std::string& sym_ca_attestation,
	std::string* credential) override;
	bool CreateCertifiedKey(KeyType key_type,
	KeyUsage key_usage,
	const std::string& identity_key_blob,
	const std::string& external_data,
	std::string* key_blob,
	std::string* public_key,
	std::string* public_key_tpm_format,
	std::string* key_info,
	std::string* proof) override;
	bool SealToPCR0(const std::string& data, std::string* sealed_data) override;
	bool Unseal(const std::string& sealed_data, std::string* data) override;
	bool GetEndorsementPublicKey(std::string* public_key) override;
	bool Unbind(const std::string& key_blob,
	const std::string& bound_data,
	std::string* data) override;
	bool Sign(const std::string& key_blob,
	const std::string& data_to_sign,
	std::string* signature) override;

	private:
	// Populates \|context_handle\| with a valid TSS_HCONTEXT and \|tpm_handle\| with
	// its matching TPM object iff the context can be created and a TPM object
	// exists in the TSS. Returns true on success.
	bool ConnectContext(trousers::ScopedTssContext* context_handle,
	TSS_HTPM* tpm_handle);

	// Populates \|context_handle\| with a valid TSS_HCONTEXT and \|tpm_handle\| with
	// its matching TPM object authorized by the given \|delegate_blob\| and
	// \|delegate_secret\|. Returns true on success.
	bool ConnectContextAsDelegate(const std::string& delegate_blob,
	const std::string& delegate_secret,
	trousers::ScopedTssContext* context,
	TSS_HTPM* tpm);

	// Sets up srk_handle_ if necessary. Returns true iff the SRK is ready.
	bool SetupSrk();

	// Loads the storage root key (SRK) and populates \|srk_handle\|. The
	// \|context_handle\| must be connected and valid. Returns true on success.
	bool LoadSrk(TSS_HCONTEXT context_handle, trousers::ScopedTssKey* srk_handle);

	// Loads a key in the TPM given a \|key_blob\| and a \|parent_key_handle\|. The
	// \|context_handle\| must be connected and valid. Returns true and populates
	// \|key_handle\| on success.
	bool LoadKeyFromBlob(const std::string& key_blob,
	TSS_HCONTEXT context_handle,
	TSS_HKEY parent_key_handle,
	trousers::ScopedTssKey* key_handle);

	// Retrieves a \|data\| attribute defined by \|flag\| and \|sub_flag\| from a TSS
	// \|object_handle\|. The \|context_handle\| is only used for TSS memory
	// management.
	bool GetDataAttribute(TSS_HCONTEXT context_handle,
	TSS_HOBJECT object_handle,
	TSS_FLAG flag,
	TSS_FLAG sub_flag,
	std::string* data);

	// Converts a public in TPM_PUBKEY format to a DER-encoded RSAPublicKey.
	bool ConvertPublicKeyToDER(const std::string& public_key,
	std::string* public_key_der);

	bool is_ready_{false};
	trousers::ScopedTssContext context_handle_;
	TSS_HTPM tpm_handle_{0};
	trousers::ScopedTssKey srk_handle_{0};

	DISALLOW_COPY_AND_ASSIGN(TpmUtilityV1);
	};

	} // namespace attestation

	#endif // ATTESTATION_COMMON_TPM_UTILITY_V1_H_