blob: a4169074f04bf347e241c4887ae67706fcf4220c [file] [log] [blame]
// Copyright 2018 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <map>
#include "cryptohome/le_credential_backend.h"
namespace cryptohome {
// List of all the errors returned by the LECredentialManager interface.
enum LECredError {
// Operation succeeded.
// Check failed due to incorrect Low Entropy(LE) secret.
// Check failed due to incorrect Reset secret.
// Check failed due to too many attempts as per delay schedule.
// Error in hash tree synchronization.
// Label provided isn't present in hash tree.
// No free labels available.
// Invalid metadata in label.
// Unclassified error.
// Credential Manager Locked.
// Unexpected PCR state.
// Sentinel value.
// This is a pure virtual interface providing all the public methods necessary
// to work with the low entropy credential functionality.
class LECredentialManager {
typedef std::map<uint32_t, uint32_t> DelaySchedule;
virtual ~LECredentialManager() = default;
// Inserts an LE credential into the system.
// The Low entropy credential is represented by |le_secret|, and the high
// entropy and reset secrets by |he_secret| and |reset_secret| respectively.
// The delay schedule which governs the rate at which CheckCredential()
// attempts are allowed is provided in |delay_sched|. On success, returns
// LE_CRED_SUCCESS and stores the newly provisioned label in |ret_label|. On
// failure, returns:
// - LE_CRED_ERROR_NO_FREE_LABEL if there is no free label.
// - LE_CRED_ERROR_HASH_TREE if there was an error in the hash tree.
// The returned label should be placed into the metadata associated with the
// Encrypted Vault Key (EVK). so that it can be used to look up the credential
// later.
virtual LECredError InsertCredential(
const brillo::SecureBlob& le_secret,
const brillo::SecureBlob& he_secret,
const brillo::SecureBlob& reset_secret,
const DelaySchedule& delay_sched,
const ValidPcrCriteria& valid_pcr_criteria,
uint64_t* ret_label) = 0;
// Attempts authentication for a LE Credential.
// Checks whether the LE credential |le_secret| for a |label| is correct.
// Returns LE_CRED_SUCCESS on success. Additionally, the released
// high entropy credential is placed in |he_secret| and the reset secret is
// placed in |reset_secret| if CR50 version with protocol > 0 is used.
// On failure, returns:
// LE_CRED_ERROR_INVALID_LE_SECRET for incorrect authentication attempt.
// LE_CRED_ERROR_TOO_MANY_ATTEMPTS for locked out credential (too many
// incorrect attempts). LE_CRED_ERROR_HASH_TREE for error in hash tree.
// LE_CRED_ERROR_INVALID_LABEL for invalid label.
// LE_CRED_ERROR_INVALID_METADATA for invalid credential metadata.
// LE_CRED_ERROR_PCR_NOT_MATCH if the PCR registers from TPM have unexpected
// values, in which case only reboot will allow this user to authenticate.
virtual LECredError CheckCredential(const uint64_t& label,
const brillo::SecureBlob& le_secret,
brillo::SecureBlob* he_secret,
brillo::SecureBlob* reset_secret) = 0;
// Attempts reset of a LE Credential.
// Returns LE_CRED_SUCCESS on success.
// On failure, returns:
// - LE_CRED_ERROR_INVALID_RESET_SECRET for incorrect reset secret.
// incorrect attempts).
// - LE_CRED_ERROR_HASH_TREE for error in hash tree.
// - LE_CRED_ERROR_INVALID_LABEL for invalid label.
// - LE_CRED_ERROR_INVALID_METADATA for invalid credential metadata.
virtual LECredError ResetCredential(
const uint64_t& label, const brillo::SecureBlob& reset_secret) = 0;
// Remove a credential at node with label |label|.
// Returns LE_CRED_SUCCESS on success.
// On failure, returns:
// - LE_CRED_ERROR_INVALID_LABEL for invalid label.
// - LE_CRED_ERROR_HASH_TREE for hash tree error.
virtual LECredError RemoveCredential(const uint64_t& label) = 0;
// Returns whether the provided label needs valid PCR criteria attached.
virtual bool NeedsPcrBinding(const uint64_t& label) = 0;
// Returns the number of wrong authentication attempts done since the label
// was reset or created. Returns -1 if |label| is not present in the tree or
// the tree is corrupted.
virtual int GetWrongAuthAttempts(const uint64_t& label) = 0;
}; // namespace cryptohome