blob: c092c3f1b2b534e4e6f302863b3f64bc0efbcada [file] [log] [blame]
// Copyright 2016 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef ATTESTATION_COMMON_TPM_UTILITY_V2_H_
#define ATTESTATION_COMMON_TPM_UTILITY_V2_H_
#include <stdint.h>
#include "attestation/common/tpm_utility_common.h"
#include <map>
#include <memory>
#include <string>
#include <base/macros.h>
#include <base/threading/thread.h>
#include "tpm_manager/client/tpm_nvram_dbus_proxy.h"
#include "tpm_manager/client/tpm_ownership_dbus_proxy.h"
#include "trunks/trunks_factory_impl.h"
namespace attestation {
// A TpmUtility implementation for TPM v2.0 modules.
class TpmUtilityV2 : public TpmUtilityCommon {
public:
TpmUtilityV2() = default;
TpmUtilityV2(tpm_manager::TpmManagerUtility* tpm_manager_utility,
trunks::TrunksFactory* trunks_factory);
TpmUtilityV2(const TpmUtilityV2&) = delete;
TpmUtilityV2& operator=(const TpmUtilityV2&) = delete;
~TpmUtilityV2() override;
// TpmUtility methods.
bool Initialize() override;
TpmVersion GetVersion() override { return TPM_2_0; }
bool ActivateIdentity(const std::string& identity_key_blob,
const std::string& asym_ca_contents,
const std::string& sym_ca_attestation,
std::string* credential) override;
bool ActivateIdentityForTpm2(KeyType key_type,
const std::string& identity_key_blob,
const std::string& encrypted_seed,
const std::string& credential_mac,
const std::string& wrapped_credential,
std::string* credential) override;
bool CreateCertifiedKey(KeyType key_type,
KeyUsage key_usage,
const std::string& identity_key_blob,
const std::string& external_data,
std::string* key_blob,
std::string* public_key_der,
std::string* public_key_tpm_format,
std::string* key_info,
std::string* proof) override;
bool SealToPCR0(const std::string& data, std::string* sealed_data) override;
bool Unseal(const std::string& sealed_data, std::string* data) override;
bool GetEndorsementPublicKey(KeyType key_type,
std::string* public_key_der) override;
bool GetEndorsementCertificate(KeyType key_type,
std::string* certificate) override;
bool Unbind(const std::string& key_blob,
const std::string& bound_data,
std::string* data) override;
bool Sign(const std::string& key_blob,
const std::string& data_to_sign,
std::string* signature) override;
bool QuotePCR(uint32_t pcr_index,
const std::string& key_blob,
std::string* quoted_pcr_value,
std::string* quoted_data,
std::string* quote) override;
bool IsQuoteForPCR(const std::string& quoted_pcr_value,
const std::string& quoted_data,
const std::string& quote,
uint32_t pcr_index) const override;
bool ReadPCR(uint32_t pcr_index, std::string* pcr_value) override;
bool GetNVDataSize(uint32_t nv_index, uint16_t* nv_size) const override;
bool CertifyNV(uint32_t nv_index,
int nv_size,
const std::string& key_blob,
std::string* quoted_data,
std::string* quote) override;
bool GetEndorsementPublicKeyModulus(KeyType key_type,
std::string* ekm) override;
bool CreateIdentity(KeyType key_type,
AttestationDatabase::Identity* identity) override;
bool GetRsuDeviceId(std::string* device_id) override;
// Creates a restricted key of |key_type| for |key_usage|.
// |public_key_der| is DER encoded which is converted from TPM public key
// object. |public_key_tpm_format| is a serialized TPMT_PUBLIC.
// |private_key_blob| is an opaque blob which only the TPM is able to unwrap.
// Note: Currently the function is still in the public field because of the
// legacy unittest code.
// TODO(cylai): redesign the interface of this class or move out to a common
// TPM2.0 utility.
bool CreateRestrictedKey(KeyType key_type,
KeyUsage key_usage,
std::string* public_key_der,
std::string* public_key_tpm_format,
std::string* private_key_blob);
protected:
std::string GetPCRValueForMode(const std::string& mode) override;
private:
// Gets the specified endorsement key. Returns true on success and provides
// the |key_handle|.
bool GetEndorsementKey(KeyType key_type, trunks::TPM_HANDLE* key_handle);
std::map<KeyType, trunks::TPM_HANDLE> endorsement_keys_;
trunks::TrunksFactory* trunks_factory_{nullptr};
std::unique_ptr<trunks::TrunksFactoryImpl> default_trunks_factory_;
std::unique_ptr<trunks::TpmUtility> trunks_utility_;
};
} // namespace attestation
#endif // ATTESTATION_COMMON_TPM_UTILITY_V2_H_