blob: 8426272f7c63271636fb71033d793a9216053150 [file] [log] [blame]
// Copyright (C) 2015 The Android Open Source Project
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// See the License for the specific language governing permissions and
// limitations under the License.
#include "attestation/common/attestation_interface.h"
#include <memory>
#include <string>
#include <base/callback.h>
#include <base/macros.h>
#include <base/memory/weak_ptr.h>
#include <base/threading/thread.h>
#include <brillo/bind_lambda.h>
#include <brillo/http/http_transport.h>
#include "attestation/common/crypto_utility.h"
#include "attestation/common/crypto_utility_impl.h"
#include "attestation/common/tpm_utility.h"
#include "attestation/common/tpm_utility_v1.h"
#include "attestation/server/database.h"
#include "attestation/server/database_impl.h"
#include "attestation/server/key_store.h"
#include "attestation/server/pkcs11_key_store.h"
namespace attestation {
// An implementation of AttestationInterface for the core attestation service.
// Access to TPM, network and local file-system resources occurs asynchronously
// with the exception of Initialize(). All methods must be called on the same
// thread that originally called Initialize().
// Usage:
// std::unique_ptr<AttestationInterface> attestation =
// new AttestationService();
// CHECK(attestation->Initialize());
// attestation->CreateGoogleAttestedKey(...);
// This class runs a worker thread and delegates all calls to it. This keeps the
// public methods non-blocking while allowing complex implementation details
// with dependencies on the TPM, network, and filesystem to be coded in a more
// readable way. It also serves to serialize method execution which reduces
// complexity with TPM state.
// Tasks that run on the worker thread are bound with base::Unretained which is
// safe because the thread is owned by this class (so it is guaranteed not to
// process a task after destruction). Weak pointers are used to post replies
// back to the main thread.
class AttestationService : public AttestationInterface {
~AttestationService() override = default;
// AttestationInterface methods.
bool Initialize() override;
void CreateGoogleAttestedKey(
const CreateGoogleAttestedKeyRequest& request,
const CreateGoogleAttestedKeyCallback& callback) override;
void GetKeyInfo(const GetKeyInfoRequest& request,
const GetKeyInfoCallback& callback) override;
void GetEndorsementInfo(const GetEndorsementInfoRequest& request,
const GetEndorsementInfoCallback& callback) override;
void GetAttestationKeyInfo(
const GetAttestationKeyInfoRequest& request,
const GetAttestationKeyInfoCallback& callback) override;
void ActivateAttestationKey(
const ActivateAttestationKeyRequest& request,
const ActivateAttestationKeyCallback& callback) override;
void CreateCertifiableKey(
const CreateCertifiableKeyRequest& request,
const CreateCertifiableKeyCallback& callback) override;
void Decrypt(const DecryptRequest& request,
const DecryptCallback& callback) override;
void Sign(const SignRequest& request, const SignCallback& callback) override;
void RegisterKeyWithChapsToken(
const RegisterKeyWithChapsTokenRequest& request,
const RegisterKeyWithChapsTokenCallback& callback) override;
// Mutators useful for testing.
void set_crypto_utility(CryptoUtility* crypto_utility) {
crypto_utility_ = crypto_utility;
void set_database(Database* database) {
database_ = database;
void set_http_transport(
const std::shared_ptr<brillo::http::Transport>& transport) {
http_transport_ = transport;
void set_key_store(KeyStore* key_store) {
key_store_ = key_store;
void set_tpm_utility(TpmUtility* tpm_utility) {
tpm_utility_ = tpm_utility;
// So tests don't need to duplicate URL decisions.
const std::string& attestation_ca_origin() {
return attestation_ca_origin_;
enum ACARequestType {
kEnroll, // Enrolls a device, certifying an identity key.
kGetCertificate, // Issues a certificate for a TPM-backed key.
// A relay callback which allows the use of weak pointer semantics for a reply
// to TaskRunner::PostTaskAndReply.
template<typename ReplyProtobufType>
void TaskRelayCallback(
const base::Callback<void(const ReplyProtobufType&)> callback,
const std::shared_ptr<ReplyProtobufType>& reply) {
// A blocking implementation of CreateGoogleAttestedKey appropriate to run on
// the worker thread.
void CreateGoogleAttestedKeyTask(
const CreateGoogleAttestedKeyRequest& request,
const std::shared_ptr<CreateGoogleAttestedKeyReply>& result);
// A blocking implementation of GetKeyInfo.
void GetKeyInfoTask(
const GetKeyInfoRequest& request,
const std::shared_ptr<GetKeyInfoReply>& result);
// A blocking implementation of GetEndorsementInfo.
void GetEndorsementInfoTask(
const GetEndorsementInfoRequest& request,
const std::shared_ptr<GetEndorsementInfoReply>& result);
// A blocking implementation of GetAttestationKeyInfo.
void GetAttestationKeyInfoTask(
const GetAttestationKeyInfoRequest& request,
const std::shared_ptr<GetAttestationKeyInfoReply>& result);
// A blocking implementation of ActivateAttestationKey.
void ActivateAttestationKeyTask(
const ActivateAttestationKeyRequest& request,
const std::shared_ptr<ActivateAttestationKeyReply>& result);
// A blocking implementation of CreateCertifiableKey.
void CreateCertifiableKeyTask(
const CreateCertifiableKeyRequest& request,
const std::shared_ptr<CreateCertifiableKeyReply>& result);
// A blocking implementation of Decrypt.
void DecryptTask(const DecryptRequest& request,
const std::shared_ptr<DecryptReply>& result);
// A blocking implementation of Sign.
void SignTask(const SignRequest& request,
const std::shared_ptr<SignReply>& result);
// A synchronous implementation of RegisterKeyWithChapsToken.
void RegisterKeyWithChapsTokenTask(
const RegisterKeyWithChapsTokenRequest& request,
const std::shared_ptr<RegisterKeyWithChapsTokenReply>& result);
// Returns true iff all information required for enrollment with the Google
// Attestation CA is available.
bool IsPreparedForEnrollment();
// Returns true iff enrollment with the Google Attestation CA has been
// completed.
bool IsEnrolled();
// Creates an enrollment request compatible with the Google Attestation CA.
// Returns true on success.
bool CreateEnrollRequest(std::string* enroll_request);
// Finishes enrollment given an |enroll_response| from the Google Attestation
// CA. Returns true on success. On failure, returns false and sets
// |server_error| to the error string from the CA.
bool FinishEnroll(const std::string& enroll_response,
std::string* server_error);
// Creates a |certificate_request| compatible with the Google Attestation CA
// for the given |key|, according to the given |profile|, |username| and
// |origin|.
bool CreateCertificateRequest(const std::string& username,
const CertifiedKey& key,
CertificateProfile profile,
const std::string& origin,
std::string* certificate_request,
std::string* message_id);
// Finishes a certificate request by decoding the |certificate_response| to
// recover the |certificate_chain| and storing it in association with the
// |key| identified by |username| and |key_label|. Returns true on success. On
// failure, returns false and sets |server_error| to the error string from the
// CA.
bool FinishCertificateRequest(const std::string& certificate_response,
const std::string& username,
const std::string& key_label,
const std::string& message_id,
CertifiedKey* key,
std::string* certificate_chain,
std::string* server_error);
// Sends a |request_type| |request| to the Google Attestation CA and waits for
// the |reply|. Returns true on success.
bool SendACARequestAndBlock(ACARequestType request_type,
const std::string& request,
std::string* reply);
// Creates, certifies, and saves a new |key| for |username| with the given
// |key_label|, |key_type|, and |key_usage|. Returns true on success.
bool CreateKey(const std::string& username,
const std::string& key_label,
KeyType key_type,
KeyUsage key_usage,
CertifiedKey* key);
// Finds the |key| associated with |username| and |key_label|. Returns false
// if such a key does not exist.
bool FindKeyByLabel(const std::string& username,
const std::string& key_label,
CertifiedKey* key);
// Saves the |key| associated with |username| and |key_label|. Returns true on
// success.
bool SaveKey(const std::string& username,
const std::string& key_label,
const CertifiedKey& key);
// Deletes the key associated with |username| and |key_label|.
void DeleteKey(const std::string& username,
const std::string& key_label);
// Adds named device-wide key to the attestation database.
bool AddDeviceKey(const std::string& key_label, const CertifiedKey& key);
// Removes a device-wide key from the attestation database.
void RemoveDeviceKey(const std::string& key_label);
// Creates a PEM certificate chain from the credential fields of a |key|.
std::string CreatePEMCertificateChain(const CertifiedKey& key);
// Creates a certificate in PEM format from a DER encoded X.509 certificate.
std::string CreatePEMCertificate(const std::string& certificate);
// Chooses a temporal index which will be used by the ACA to create a
// certificate. This decision factors in the currently signed-in |user| and
// the |origin| of the certificate request. The strategy is to find an index
// which has not already been used by another user for the same origin.
int ChooseTemporalIndex(const std::string& user, const std::string& origin);
// Creates a Google Attestation CA URL for the given |request_type|.
std::string GetACAURL(ACARequestType request_type) const;
// Creates a X.509/DER SubjectPublicKeyInfo for the given |key_type| and
// |public_key|. On success returns true and provides |public_key_info|.
bool GetSubjectPublicKeyInfo(KeyType key_type,
const std::string& public_key,
std::string* public_key_info) const;
base::WeakPtr<AttestationService> GetWeakPtr();
const std::string attestation_ca_origin_;
// Other than initialization and destruction, these are used only by the
// worker thread.
CryptoUtility* crypto_utility_{nullptr};
Database* database_{nullptr};
std::shared_ptr<brillo::http::Transport> http_transport_;
KeyStore* key_store_{nullptr};
TpmUtility* tpm_utility_{nullptr};
// Default implementations for the above interfaces. These will be setup
// during Initialize() if the corresponding interface has not been set with a
// mutator.
std::unique_ptr<CryptoUtilityImpl> default_crypto_utility_;
std::unique_ptr<DatabaseImpl> default_database_;
std::unique_ptr<Pkcs11KeyStore> default_key_store_;
std::unique_ptr<chaps::TokenManagerClient> pkcs11_token_manager_;
std::unique_ptr<TpmUtilityV1> default_tpm_utility_;
// All work is done in the background. This serves to serialize requests and
// allow synchronous implementation of complex methods. This is intentionally
// declared after the thread-owned members.
std::unique_ptr<base::Thread> worker_thread_;
// Declared last so any weak pointers are destroyed first.
base::WeakPtrFactory<AttestationService> weak_factory_;
} // namespace attestation