tpm_utility_impl.h revision e7eb2bf306af6e8408cd77125861542d19e5ec6d 
1c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn// Copyright 2014 The Chromium OS Authors. All rights reserved.
2c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn// Use of this source code is governed by a BSD-style license that can be
3c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn// found in the LICENSE file.
4c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
5c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#ifndef TRUNKS_TPM_UTILITY_IMPL_H_
6c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#define TRUNKS_TPM_UTILITY_IMPL_H_
7c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
8c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#include "trunks/tpm_utility.h"
9c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
106537cf15412f04bda9fc1a80f7209d55c955c61fUtkarsh Sanghi#include <map>
11c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#include <string>
12c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
13c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#include <base/macros.h>
1452e2a45f585fbe34032eae5b094a092afdf217caDarren Krahn#include <base/memory/scoped_ptr.h>
152ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi#include <gtest/gtest_prod.h>
16c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
17ef87f3e63b93ff722a8cbcee9c54d55d085221a3Darren Krahn#include "trunks/trunks_export.h"
18ef87f3e63b93ff722a8cbcee9c54d55d085221a3Darren Krahn
19c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahnnamespace trunks {
20c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
21c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahnclass AuthorizationDelegate;
22c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahnclass TrunksFactory;
23c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
24c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn// A default implementation of TpmUtility.
25ef87f3e63b93ff722a8cbcee9c54d55d085221a3Darren Krahnclass TRUNKS_EXPORT TpmUtilityImpl : public TpmUtility {
26c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn public:
27c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn  explicit TpmUtilityImpl(const TrunksFactory& factory);
28295e851b66fb19c05a14401e834337962a58c493Darren Krahn  ~TpmUtilityImpl() override;
29c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
30c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn  // TpmUtility methods.
3103d54dfbcbdd04384e8c0419b7c45282664a2c1aDarren Krahn  TPM_RC Startup() override;
32d75dcae8a010d1ced7554dd25a440bee350a2d06Utkarsh Sanghi  TPM_RC Clear() override;
33e8b9a556d4561617747fed4ee5ced70fce9a4392Utkarsh Sanghi  void Shutdown() override;
34c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn  TPM_RC InitializeTpm() override;
35e7eb2bf306af6e8408cd77125861542d19e5ec6dUtkarsh Sanghi  TPM_RC AllocatePCR(const std::string& platform_password) override;
362ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi  TPM_RC TakeOwnership(const std::string& owner_password,
372ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi                       const std::string& endorsement_password,
382ee32a9d61896f544d87ecee24dc25cc33c9ebb3Utkarsh Sanghi                       const std::string& lockout_password) override;
398b2bf63478b292937f85b3b0e215882af461a999Utkarsh Sanghi  TPM_RC StirRandom(const std::string& entropy_data,
405d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                    AuthorizationDelegate* delegate) override;
4135af244e7cf856a02e46ec8f186f36c53582757dUtkarsh Sanghi  TPM_RC GenerateRandom(size_t num_bytes,
425d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                        AuthorizationDelegate* delegate,
43e31034f28641c9bc3e5576cab6d2c7d918bb427cUtkarsh Sanghi                        std::string* random_data) override;
448b2bf63478b292937f85b3b0e215882af461a999Utkarsh Sanghi  TPM_RC ExtendPCR(int pcr_index,
458b2bf63478b292937f85b3b0e215882af461a999Utkarsh Sanghi                   const std::string& extend_data,
465d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                   AuthorizationDelegate* delegate) override;
47579dd8a934c684f2e2a34d9aa2f67953320428acUtkarsh Sanghi  TPM_RC ReadPCR(int pcr_index, std::string* pcr_value) override;
48b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi  TPM_RC AsymmetricEncrypt(TPM_HANDLE key_handle,
49b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi                           TPM_ALG_ID scheme,
509dc77fecdb2446da134b9b2901173bb4dcf5e5e4Utkarsh Sanghi                           TPM_ALG_ID hash_alg,
51b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi                           const std::string& plaintext,
525d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                           AuthorizationDelegate* delegate,
53b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi                           std::string* ciphertext) override;
54b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi  TPM_RC AsymmetricDecrypt(TPM_HANDLE key_handle,
55b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi                           TPM_ALG_ID scheme,
569dc77fecdb2446da134b9b2901173bb4dcf5e5e4Utkarsh Sanghi                           TPM_ALG_ID hash_alg,
57b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi                           const std::string& ciphertext,
585d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                           AuthorizationDelegate* delegate,
59b3ba5e0b579a5462c7137cf49b49cc9a78d87944Utkarsh Sanghi                           std::string* plaintext) override;
60748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi  TPM_RC Sign(TPM_HANDLE key_handle,
61748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi              TPM_ALG_ID scheme,
62748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi              TPM_ALG_ID hash_alg,
63887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi              const std::string& plaintext,
645d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi              AuthorizationDelegate* delegate,
65748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi              std::string* signature) override;
66748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi  TPM_RC Verify(TPM_HANDLE key_handle,
67748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi                TPM_ALG_ID scheme,
68748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi                TPM_ALG_ID hash_alg,
69887ccbcc4db5fa0b5221018296aa49b86a5ac26fUtkarsh Sanghi                const std::string& plaintext,
70748f7d68284813a78b883f9c05988f6de535fc8aUtkarsh Sanghi                const std::string& signature) override;
7133ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi  TPM_RC ChangeKeyAuthorizationData(TPM_HANDLE key_handle,
7233ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                                    const std::string& new_password,
735d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                                    AuthorizationDelegate* delegate,
7433ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                                    std::string* key_blob) override;
7533ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi  TPM_RC ImportRSAKey(AsymmetricKeyUsage key_type,
7633ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                      const std::string& modulus,
7733ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                      uint32_t public_exponent,
7833ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                      const std::string& prime_factor,
7933ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                      const std::string& password,
805d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                      AuthorizationDelegate* delegate,
8133ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                      std::string* key_blob) override;
826465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  TPM_RC CreateAndLoadRSAKey(AsymmetricKeyUsage key_type,
836465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                             const std::string& password,
845d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                             AuthorizationDelegate* delegate,
856465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                             TPM_HANDLE* key_handle,
866465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                             std::string* key_blob) override;
876465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  TPM_RC CreateRSAKeyPair(AsymmetricKeyUsage key_type,
886465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                          int modulus_bits,
896465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                          uint32_t public_exponent,
906465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                          const std::string& password,
91fc942a5ffc967b7b2b206aee8b91b3bae1933382Utkarsh Sanghi                          const std::string& policy_digest,
925d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                          AuthorizationDelegate* delegate,
936465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                          std::string* key_blob) override;
946465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  TPM_RC LoadKey(const std::string& key_blob,
955d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                 AuthorizationDelegate* delegate,
966465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                 TPM_HANDLE* key_handle) override;
976465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  TPM_RC GetKeyName(TPM_HANDLE handle, std::string* name) override;
986465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  TPM_RC GetKeyPublicArea(TPM_HANDLE handle,
998b2bf63478b292937f85b3b0e215882af461a999Utkarsh Sanghi                          TPMT_PUBLIC* public_data) override;
10039dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi  TPM_RC DefineNVSpace(uint32_t index,
10139dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi                       size_t num_bytes,
1025d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                       AuthorizationDelegate* delegate) override;
1035d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi  TPM_RC DestroyNVSpace(uint32_t index,
1045d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                        AuthorizationDelegate* delegate) override;
1055d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi  TPM_RC LockNVSpace(uint32_t index, AuthorizationDelegate* delegate) override;
10639dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi  TPM_RC WriteNVSpace(uint32_t index,
10739dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi                      uint32_t offset,
10839dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi                      const std::string& nvram_data,
1095d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                      AuthorizationDelegate* delegate) override;
11039dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi  TPM_RC ReadNVSpace(uint32_t index,
11139dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi                     uint32_t offset,
11239dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi                     size_t num_bytes,
11339dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi                     std::string* nvram_data,
1145d3b9451ae2e912aefed0669dd50b2a777ea0ab2Utkarsh Sanghi                     AuthorizationDelegate* delegate) override;
11539dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi  TPM_RC GetNVSpaceName(uint32_t index, std::string* name) override;
11639dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi  TPM_RC GetNVSpacePublicArea(uint32_t index,
11739dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi                              TPMS_NV_PUBLIC* public_data) override;
1181c4ff198686b6330dd863f872f52e8efd1a94e3dUtkarsh Sanghi
119c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn private:
1206537cf15412f04bda9fc1a80f7209d55c955c61fUtkarsh Sanghi  friend class TpmUtilityTest;
1216537cf15412f04bda9fc1a80f7209d55c955c61fUtkarsh Sanghi
122c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn  const TrunksFactory& factory_;
1236537cf15412f04bda9fc1a80f7209d55c955c61fUtkarsh Sanghi  std::map<uint32_t, TPMS_NV_PUBLIC> nvram_public_area_map_;
124c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
12566d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  // This method sets a known owner password in the TPM_RH_OWNER hierarchy.
12666d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  TPM_RC SetKnownOwnerPassword(const std::string& known_owner_password);
12766d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi
12866d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  // Synchronously derives storage root keys for RSA and ECC and persists the
12966d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  // keys in the TPM. This operation must be authorized by the |owner_password|
13066d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  // and, on success, KRSAStorageRootKey and kECCStorageRootKey can be used
13166d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  // with an empty authorization value until the TPM is cleared.
13266d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  TPM_RC CreateStorageRootKeys(const std::string& owner_password);
13366d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi
13466d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  // This method creates an RSA decryption key to be used for salting sessions.
13566d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  // This method also makes the salting key permanent under the storage
13666d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  // hierarchy.
13766d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi  TPM_RC CreateSaltingKey(const std::string& owner_password);
13866d0d268e571647ca99a2bdf4835d967449d7ddeUtkarsh Sanghi
1396465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  // This method returns a partially filled TPMT_PUBLIC strucutre,
1406465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  // which can then be modified by other methods to create the public
1416465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  // template for a key. It takes a valid |key_type| tp construct the
1426465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  // parameters.
1436465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  TPMT_PUBLIC CreateDefaultPublicArea(TPM_ALG_ID key_alg);
1446465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi
14552e2a45f585fbe34032eae5b094a092afdf217caDarren Krahn  // Sets TPM |hierarchy| authorization to |password| using |authorization|.
14652e2a45f585fbe34032eae5b094a092afdf217caDarren Krahn  TPM_RC SetHierarchyAuthorization(TPMI_RH_HIERARCHY_AUTH hierarchy,
14752e2a45f585fbe34032eae5b094a092afdf217caDarren Krahn                                   const std::string& password,
14852e2a45f585fbe34032eae5b094a092afdf217caDarren Krahn                                   AuthorizationDelegate* authorization);
149c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
150c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn  // Disables the TPM platform hierarchy until the next startup. This requires
151c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn  // platform |authorization|.
152c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn  TPM_RC DisablePlatformHierarchy(AuthorizationDelegate* authorization);
153c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
1546465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  TPM_RC StringToKeyData(const std::string& key_blob,
1556465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                         TPM2B_PUBLIC* public_info,
1566465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                         TPM2B_PRIVATE* private_info);
1576465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi
1586465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi  TPM_RC KeyDataToString(const TPM2B_PUBLIC& public_info,
1596465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                         const TPM2B_PRIVATE& private_info,
1606465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi                         std::string* key_blob);
1616465502c740d2599d95e09232c744f6d2ed54505Utkarsh Sanghi
16233ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi  // Given a public area, this method computes the object name. Following
16333ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi  // TPM2.0 Specification Part 1 section 16,
16433ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi  // object_name = HashAlg || Hash(public_area);
16533ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi  TPM_RC ComputeKeyName(const TPMT_PUBLIC& public_area,
16633ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                        std::string* object_name);
16733ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi
16839dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi  // Given a public area, this method computers the NVSpace's name.
16939dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi  // It follows TPM2.0 Specification Part 1 section 16,
17039dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi  // nv_name = HashAlg || Hash(nv_public_area);
17139dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi  TPM_RC ComputeNVSpaceName(const TPMS_NV_PUBLIC& nv_public_area,
17239dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi                            std::string* nv_name);
17339dd58452d7fe3ebe93490a6239a76b385bd676dUtkarsh Sanghi
17433ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi  // This encrypts the |sensitive_data| struct according to the specification
17533ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi  // defined in TPM2.0 spec Part 1: Figure 19.
17633ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi  TPM_RC EncryptPrivateData(const TPMT_SENSITIVE& sensitive_area,
17733ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                            const TPMT_PUBLIC& public_area,
17833ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                            TPM2B_PRIVATE* encrypted_private_data,
17933ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi                            TPM2B_DATA* encryption_key);
18033ca033c9665b8496f3491037403ae1574a54227Utkarsh Sanghi
181c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn  DISALLOW_COPY_AND_ASSIGN(TpmUtilityImpl);
182c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn};
183c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
184c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn}  // namespace trunks
185c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn
186c364caa9d091baae8eeb9144a6abf69e1fcabb39Darren Krahn#endif  // TRUNKS_TPM_UTILITY_IMPL_H_
187