arc/setup/boot_lockbox_client.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2017 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef ARC_SETUP_BOOT_LOCKBOX_CLIENT_H_
 #define ARC_SETUP_BOOT_LOCKBOX_CLIENT_H_

 #include <memory>
 #include <string>

 #include <base/macros.h>
 #include <base/memory/ref_counted.h>
 #include <dbus/bus.h>

 namespace base {
 class FilePath;
 }  // namespace base

 namespace org {
 namespace chromium {
 class CryptohomeInterfaceProxyInterface;
 }  // namespace chromium
 }  // namespace org

 namespace arc {

 // TODO(xzhou): This class is NOT production-ready yet. arc-setup.cc does not
 // call into this at all. Talk to xzhou/yusukes before using it.

 // A class that that manages the communication with TPM.
 class BootLockboxClient {
  public:
   // Creates BootLockboxClient. The factory should be called on the same thread
   // that will call ~BootLockboxClient();
   static std::unique_ptr<BootLockboxClient> CreateBootLockboxClient();

   ~BootLockboxClient();

   // Verifies the code integrity in |dalvik_cache_dir| using BootLockbox.
   bool CheckCodeIntegrity(const base::FilePath& dalvik_cache_dir);

   // Checks if cryptohomed is ready.
   bool IsServiceReady();

   // Checks if TPM is ready, meaning it is enabled, owned and not being owned.
   bool IsTpmReady();

   // Signs |digest| using BootLockbox key. The signature is stored in
   // |signature|.
   bool Sign(const std::string& digest, std::string* signature);

   // Verifies |digest| against |signature|. Returns true if signature
   // verification successed. Returns false if signature is invalid or the
   // operation failed.
   bool Verify(const std::string& digest, const std::string& signature);

   // Locks BootLockboxClient key. After calling this function, any access to
   // BootLockbox fails.
   bool Finalize();

  private:
   BootLockboxClient(
       std::unique_ptr<org::chromium::CryptohomeInterfaceProxyInterface>
           cryotohome,
       scoped_refptr<dbus::Bus> bus);

   std::unique_ptr<org::chromium::CryptohomeInterfaceProxyInterface> cryptohome_;
   scoped_refptr<dbus::Bus> bus_;

   DISALLOW_COPY_AND_ASSIGN(BootLockboxClient);
 };

 }  // namespace arc

 #endif  // ARC_SETUP_BOOT_LOCKBOX_CLIENT_H_
	// Copyright 2017 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef ARC_SETUP_BOOT_LOCKBOX_CLIENT_H_
	#define ARC_SETUP_BOOT_LOCKBOX_CLIENT_H_

	#include <memory>
	#include <string>

	#include <base/macros.h>
	#include <base/memory/ref_counted.h>
	#include <dbus/bus.h>

	namespace base {
	class FilePath;
	} // namespace base

	namespace org {
	namespace chromium {
	class CryptohomeInterfaceProxyInterface;
	} // namespace chromium
	} // namespace org

	namespace arc {

	// TODO(xzhou): This class is NOT production-ready yet. arc-setup.cc does not
	// call into this at all. Talk to xzhou/yusukes before using it.

	// A class that that manages the communication with TPM.
	class BootLockboxClient {
	public:
	// Creates BootLockboxClient. The factory should be called on the same thread
	// that will call ~BootLockboxClient();
	static std::unique_ptr<BootLockboxClient> CreateBootLockboxClient();

	~BootLockboxClient();

	// Verifies the code integrity in \|dalvik_cache_dir\| using BootLockbox.
	bool CheckCodeIntegrity(const base::FilePath& dalvik_cache_dir);

	// Checks if cryptohomed is ready.
	bool IsServiceReady();

	// Checks if TPM is ready, meaning it is enabled, owned and not being owned.
	bool IsTpmReady();

	// Signs \|digest\| using BootLockbox key. The signature is stored in
	// \|signature\|.
	bool Sign(const std::string& digest, std::string* signature);

	// Verifies \|digest\| against \|signature\|. Returns true if signature
	// verification successed. Returns false if signature is invalid or the
	// operation failed.
	bool Verify(const std::string& digest, const std::string& signature);

	// Locks BootLockboxClient key. After calling this function, any access to
	// BootLockbox fails.
	bool Finalize();

	private:
	BootLockboxClient(
	std::unique_ptr<org::chromium::CryptohomeInterfaceProxyInterface>
	cryotohome,
	scoped_refptr<dbus::Bus> bus);

	std::unique_ptr<org::chromium::CryptohomeInterfaceProxyInterface> cryptohome_;
	scoped_refptr<dbus::Bus> bus_;

	DISALLOW_COPY_AND_ASSIGN(BootLockboxClient);
	};

	} // namespace arc

	#endif // ARC_SETUP_BOOT_LOCKBOX_CLIENT_H_