cryptohome/cert/cert_provision_cryptohome.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2017 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
 // Cryptohome interface classes for cert_provision library.

 #ifndef CRYPTOHOME_CERT_CERT_PROVISION_CRYPTOHOME_H_
 #define CRYPTOHOME_CERT_CERT_PROVISION_CRYPTOHOME_H_

 #include <memory>
 #include <string>

 #include <brillo/glib/dbus.h>
 #include <brillo/secure_blob.h>

 #include "cryptohome/cert/cert_provision_util.h"
 #include "cryptohome/cert_provision.h"

 namespace cert_provision {

 // Proxy object for exchanging messages with cryptohomed over dbus.
 class CryptohomeProxy {
  public:
   CryptohomeProxy() = default;

   virtual ~CryptohomeProxy() {}

   // Initializes the proxy.
   // Returns operation result.
   virtual OpResult Init() = 0;

   // Sends TpmIsAttestationPrepared to check if the tpm is owned and
   // enrollment is prepared.
   // Returns operation result. If successful, sets |is_prepared|.
   virtual OpResult CheckIfPrepared(bool* is_prepared) = 0;

   // Sends TpmIsAttestationEnrolled to check if the device is enrolled.
   // Returns operation result. If successful, sets |is_enrolled|.
   virtual OpResult CheckIfEnrolled(bool* is_enrolled) = 0;

   // Sends TpmAttestationCreateEnrollRequest to creates Enroll |request| for
   // the PCA of type |pca_type|.
   // Returns operation result.
   virtual OpResult CreateEnrollRequest(PCAType pca_type,
                                        brillo::SecureBlob* request) = 0;

   // Sends TpmAttestationEnroll to process Enroll |response| received from
   // the PCA of type |pca_type|.
   // Returns operation result.
   virtual OpResult ProcessEnrollResponse(
       PCAType pca_type, const brillo::SecureBlob& response) = 0;

   // Sends TpmAttestationCreateCertRequest to creates Sign |request| for the
   // PCA of type |pca_type| and the certificate of profile |cert_profile|.
   // Returns operation result.
   virtual OpResult CreateCertRequest(PCAType pca_type,
                                      CertificateProfile cert_profile,
                                      brillo::SecureBlob* request) = 0;

   // Sends TpmAttestationFinishCertRequest to process Sign |response| received
   // from the PCA and uses |label| to store the received data.
   // Returns operation result.
   virtual OpResult ProcessCertResponse(const std::string& label,
                                        const brillo::SecureBlob& response,
                                        brillo::SecureBlob* cert) = 0;

   // Sends TpmAttestationGetPublicKey to get the |public_key| for |label|.
   // Returns operation result.
   virtual OpResult GetPublicKey(const std::string& label,
                                 brillo::SecureBlob* public_key) = 0;

   // Sends TpmAttestationRegisterKey to register the keypair from |label| in
   // the keystore.
   // Returns operation result.
   virtual OpResult Register(const std::string& label) = 0;

   // Returns a new scoped default CryptohomeProxy implementation unless
   // subst_obj is set. In that case, returns subst_obj.
   static Scoped<CryptohomeProxy> Create();
   static CryptohomeProxy* subst_obj;

  private:
   static std::unique_ptr<CryptohomeProxy> GetDefault();
 };

 class CryptohomeProxyImpl : public CryptohomeProxy {
  public:
   CryptohomeProxyImpl();
   CryptohomeProxyImpl(const CryptohomeProxyImpl&) = delete;
   CryptohomeProxyImpl& operator=(const CryptohomeProxyImpl&) = delete;

   OpResult Init() override;
   OpResult CheckIfPrepared(bool* is_prepared) override;
   OpResult CheckIfEnrolled(bool* is_enrolled) override;
   OpResult CreateEnrollRequest(PCAType pca_type,
                                brillo::SecureBlob* request) override;
   OpResult ProcessEnrollResponse(PCAType pca_type,
                                  const brillo::SecureBlob& response) override;
   OpResult CreateCertRequest(PCAType pca_type,
                              CertificateProfile cert_profile,
                              brillo::SecureBlob* request) override;
   OpResult ProcessCertResponse(const std::string& label,
                                const brillo::SecureBlob& response,
                                brillo::SecureBlob* cert) override;
   OpResult GetPublicKey(const std::string& label,
                         brillo::SecureBlob* public_key) override;
   OpResult Register(const std::string& label) override;

  private:
   // Default D-Bus timeout. Wait for up to 5 minutes - some operations are
   // slow or can be stuck in the cryptohomed queue behind slow operations.
   const int kDefaultTimeoutMs = 300000;

   OpResult DBusError(std::string request, ::GError* error) {
     return OpResult{Status::DBusError, request + " failed: " + error->message};
   }

   brillo::dbus::BusConnection bus_;
   brillo::dbus::Proxy proxy_;
   ::DBusGProxy* gproxy_;
 };

 }  // namespace cert_provision

 #endif  // CRYPTOHOME_CERT_CERT_PROVISION_CRYPTOHOME_H_
	// Copyright 2017 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.
	//
	// Cryptohome interface classes for cert_provision library.

	#ifndef CRYPTOHOME_CERT_CERT_PROVISION_CRYPTOHOME_H_
	#define CRYPTOHOME_CERT_CERT_PROVISION_CRYPTOHOME_H_

	#include <memory>
	#include <string>

	#include <brillo/glib/dbus.h>
	#include <brillo/secure_blob.h>

	#include "cryptohome/cert/cert_provision_util.h"
	#include "cryptohome/cert_provision.h"

	namespace cert_provision {

	// Proxy object for exchanging messages with cryptohomed over dbus.
	class CryptohomeProxy {
	public:
	CryptohomeProxy() = default;

	virtual ~CryptohomeProxy() {}

	// Initializes the proxy.
	// Returns operation result.
	virtual OpResult Init() = 0;

	// Sends TpmIsAttestationPrepared to check if the tpm is owned and
	// enrollment is prepared.
	// Returns operation result. If successful, sets \|is_prepared\|.
	virtual OpResult CheckIfPrepared(bool* is_prepared) = 0;

	// Sends TpmIsAttestationEnrolled to check if the device is enrolled.
	// Returns operation result. If successful, sets \|is_enrolled\|.
	virtual OpResult CheckIfEnrolled(bool* is_enrolled) = 0;

	// Sends TpmAttestationCreateEnrollRequest to creates Enroll \|request\| for
	// the PCA of type \|pca_type\|.
	// Returns operation result.
	virtual OpResult CreateEnrollRequest(PCAType pca_type,
	brillo::SecureBlob* request) = 0;

	// Sends TpmAttestationEnroll to process Enroll \|response\| received from
	// the PCA of type \|pca_type\|.
	// Returns operation result.
	virtual OpResult ProcessEnrollResponse(
	PCAType pca_type, const brillo::SecureBlob& response) = 0;

	// Sends TpmAttestationCreateCertRequest to creates Sign \|request\| for the
	// PCA of type \|pca_type\| and the certificate of profile \|cert_profile\|.
	// Returns operation result.
	virtual OpResult CreateCertRequest(PCAType pca_type,
	CertificateProfile cert_profile,
	brillo::SecureBlob* request) = 0;

	// Sends TpmAttestationFinishCertRequest to process Sign \|response\| received
	// from the PCA and uses \|label\| to store the received data.
	// Returns operation result.
	virtual OpResult ProcessCertResponse(const std::string& label,
	const brillo::SecureBlob& response,
	brillo::SecureBlob* cert) = 0;

	// Sends TpmAttestationGetPublicKey to get the \|public_key\| for \|label\|.
	// Returns operation result.
	virtual OpResult GetPublicKey(const std::string& label,
	brillo::SecureBlob* public_key) = 0;

	// Sends TpmAttestationRegisterKey to register the keypair from \|label\| in
	// the keystore.
	// Returns operation result.
	virtual OpResult Register(const std::string& label) = 0;

	// Returns a new scoped default CryptohomeProxy implementation unless
	// subst_obj is set. In that case, returns subst_obj.
	static Scoped<CryptohomeProxy> Create();
	static CryptohomeProxy* subst_obj;

	private:
	static std::unique_ptr<CryptohomeProxy> GetDefault();
	};

	class CryptohomeProxyImpl : public CryptohomeProxy {
	public:
	CryptohomeProxyImpl();
	CryptohomeProxyImpl(const CryptohomeProxyImpl&) = delete;
	CryptohomeProxyImpl& operator=(const CryptohomeProxyImpl&) = delete;

	OpResult Init() override;
	OpResult CheckIfPrepared(bool* is_prepared) override;
	OpResult CheckIfEnrolled(bool* is_enrolled) override;
	OpResult CreateEnrollRequest(PCAType pca_type,
	brillo::SecureBlob* request) override;
	OpResult ProcessEnrollResponse(PCAType pca_type,
	const brillo::SecureBlob& response) override;
	OpResult CreateCertRequest(PCAType pca_type,
	CertificateProfile cert_profile,
	brillo::SecureBlob* request) override;
	OpResult ProcessCertResponse(const std::string& label,
	const brillo::SecureBlob& response,
	brillo::SecureBlob* cert) override;
	OpResult GetPublicKey(const std::string& label,
	brillo::SecureBlob* public_key) override;
	OpResult Register(const std::string& label) override;

	private:
	// Default D-Bus timeout. Wait for up to 5 minutes - some operations are
	// slow or can be stuck in the cryptohomed queue behind slow operations.
	const int kDefaultTimeoutMs = 300000;

	OpResult DBusError(std::string request, ::GError* error) {
	return OpResult{Status::DBusError, request + " failed: " + error->message};
	}

	brillo::dbus::BusConnection bus_;
	brillo::dbus::Proxy proxy_;
	::DBusGProxy* gproxy_;
	};

	} // namespace cert_provision

	#endif // CRYPTOHOME_CERT_CERT_PROVISION_CRYPTOHOME_H_