1//
2// Copyright (C) 2015 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8//      http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
16
17#ifndef ATTESTATION_COMMON_TPM_UTILITY_V1_H_
18#define ATTESTATION_COMMON_TPM_UTILITY_V1_H_
19
20#include "attestation/common/tpm_utility.h"
21
22#include <string>
23
24#include <base/macros.h>
25#include <trousers/scoped_tss_type.h>
26#include <trousers/tss.h>
27
28namespace attestation {
29
30// A TpmUtility implementation for TPM v1.2 modules.
31class TpmUtilityV1 : public TpmUtility {
32 public:
33  TpmUtilityV1() = default;
34  ~TpmUtilityV1() override;
35
36  // Initializes a TpmUtilityV1 instance. This method must be called
37  // successfully before calling any other methods.
38  bool Initialize();
39
40  // TpmUtility methods.
41  bool IsTpmReady() override;
42  bool ActivateIdentity(const std::string& delegate_blob,
43                        const std::string& delegate_secret,
44                        const std::string& identity_key_blob,
45                        const std::string& asym_ca_contents,
46                        const std::string& sym_ca_attestation,
47                        std::string* credential) override;
48  bool CreateCertifiedKey(KeyType key_type,
49                          KeyUsage key_usage,
50                          const std::string& identity_key_blob,
51                          const std::string& external_data,
52                          std::string* key_blob,
53                          std::string* public_key,
54                          std::string* public_key_tpm_format,
55                          std::string* key_info,
56                          std::string* proof) override;
57  bool SealToPCR0(const std::string& data, std::string* sealed_data) override;
58  bool Unseal(const std::string& sealed_data, std::string* data) override;
59  bool GetEndorsementPublicKey(std::string* public_key) override;
60  bool Unbind(const std::string& key_blob,
61              const std::string& bound_data,
62              std::string* data) override;
63  bool Sign(const std::string& key_blob,
64            const std::string& data_to_sign,
65            std::string* signature) override;
66
67 private:
68  // Populates |context_handle| with a valid TSS_HCONTEXT and |tpm_handle| with
69  // its matching TPM object iff the context can be created and a TPM object
70  // exists in the TSS. Returns true on success.
71  bool ConnectContext(trousers::ScopedTssContext* context_handle,
72                      TSS_HTPM* tpm_handle);
73
74  // Populates |context_handle| with a valid TSS_HCONTEXT and |tpm_handle| with
75  // its matching TPM object authorized by the given |delegate_blob| and
76  // |delegate_secret|. Returns true on success.
77  bool ConnectContextAsDelegate(const std::string& delegate_blob,
78                                const std::string& delegate_secret,
79                                trousers::ScopedTssContext* context,
80                                TSS_HTPM* tpm);
81
82  // Sets up srk_handle_ if necessary. Returns true iff the SRK is ready.
83  bool SetupSrk();
84
85  // Loads the storage root key (SRK) and populates |srk_handle|. The
86  // |context_handle| must be connected and valid. Returns true on success.
87  bool LoadSrk(TSS_HCONTEXT context_handle, trousers::ScopedTssKey* srk_handle);
88
89  // Loads a key in the TPM given a |key_blob| and a |parent_key_handle|. The
90  // |context_handle| must be connected and valid. Returns true and populates
91  // |key_handle| on success.
92  bool LoadKeyFromBlob(const std::string& key_blob,
93                       TSS_HCONTEXT context_handle,
94                       TSS_HKEY parent_key_handle,
95                       trousers::ScopedTssKey* key_handle);
96
97  // Retrieves a |data| attribute defined by |flag| and |sub_flag| from a TSS
98  // |object_handle|. The |context_handle| is only used for TSS memory
99  // management.
100  bool GetDataAttribute(TSS_HCONTEXT context_handle,
101                        TSS_HOBJECT object_handle,
102                        TSS_FLAG flag,
103                        TSS_FLAG sub_flag,
104                        std::string* data);
105
106  // Converts a public in TPM_PUBKEY format to a DER-encoded RSAPublicKey.
107  bool ConvertPublicKeyToDER(const std::string& public_key,
108                             std::string* public_key_der);
109
110  bool is_ready_{false};
111  trousers::ScopedTssContext context_handle_;
112  TSS_HTPM tpm_handle_{0};
113  trousers::ScopedTssKey srk_handle_{0};
114
115  DISALLOW_COPY_AND_ASSIGN(TpmUtilityV1);
116};
117
118}  // namespace attestation
119
120#endif  // ATTESTATION_COMMON_TPM_UTILITY_V1_H_
121