cryptohome/le_credential_manager.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2018 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CRYPTOHOME_LE_CREDENTIAL_MANAGER_H_
 #define CRYPTOHOME_LE_CREDENTIAL_MANAGER_H_

 #include <map>

 #include "cryptohome/le_credential_backend.h"

 namespace cryptohome {

 // List of all the errors returned by the LECredentialManager interface.
 enum LECredError {
   // Operation succeeded.
   LE_CRED_SUCCESS = 0,
   // Check failed due to incorrect Low Entropy(LE) secret.
   LE_CRED_ERROR_INVALID_LE_SECRET,
   // Check failed due to incorrect Reset secret.
   LE_CRED_ERROR_INVALID_RESET_SECRET,
   // Check failed due to too many attempts as per delay schedule.
   LE_CRED_ERROR_TOO_MANY_ATTEMPTS,
   // Error in hash tree synchronization.
   LE_CRED_ERROR_HASH_TREE,
   // Label provided isn't present in hash tree.
   LE_CRED_ERROR_INVALID_LABEL,
   // No free labels available.
   LE_CRED_ERROR_NO_FREE_LABEL,
   // Invalid metadata in label.
   LE_CRED_ERROR_INVALID_METADATA,
   // Unclassified error.
   LE_CRED_ERROR_UNCLASSIFIED,
   // Credential Manager Locked.
   LE_CRED_ERROR_LE_LOCKED,
   // Unexpected PCR state.
   LE_CRED_ERROR_PCR_NOT_MATCH,
   // Sentinel value.
   LE_CRED_ERROR_MAX,
 };

 // This is a pure virtual interface providing all the public methods necessary
 // to work with the low entropy credential functionality.
 class LECredentialManager {
  public:
   typedef std::map<uint32_t, uint32_t> DelaySchedule;

   virtual ~LECredentialManager() = default;

   // Inserts an LE credential into the system.
   //
   // The Low entropy credential is represented by |le_secret|, and the high
   // entropy and reset secrets by |he_secret| and |reset_secret| respectively.
   // The delay schedule which governs the rate at which CheckCredential()
   // attempts are allowed is provided in |delay_sched|. On success, returns
   // LE_CRED_SUCCESS and stores the newly provisioned label in |ret_label|. On
   // failure, returns:
   // - LE_CRED_ERROR_NO_FREE_LABEL if there is no free label.
   // - LE_CRED_ERROR_HASH_TREE if there was an error in the hash tree.
   //
   // The returned label should be placed into the metadata associated with the
   // Encrypted Vault Key (EVK). so that it can be used to look up the credential
   // later.

   virtual LECredError InsertCredential(
       const brillo::SecureBlob& le_secret,
       const brillo::SecureBlob& he_secret,
       const brillo::SecureBlob& reset_secret,
       const DelaySchedule& delay_sched,
       const ValidPcrCriteria& valid_pcr_criteria,
       uint64_t* ret_label) = 0;

   // Attempts authentication for a LE Credential.
   //
   // Checks whether the LE credential |le_secret| for a |label| is correct.
   // Returns LE_CRED_SUCCESS on success. Additionally, the released
   // high entropy credential is placed in |he_secret| and the reset secret is
   // placed in |reset_secret| if CR50 version with protocol > 0 is used.
   //
   // On failure, returns:
   // LE_CRED_ERROR_INVALID_LE_SECRET for incorrect authentication attempt.
   // LE_CRED_ERROR_TOO_MANY_ATTEMPTS for locked out credential (too many
   // incorrect attempts). LE_CRED_ERROR_HASH_TREE for error in hash tree.
   // LE_CRED_ERROR_INVALID_LABEL for invalid label.
   // LE_CRED_ERROR_INVALID_METADATA for invalid credential metadata.
   // LE_CRED_ERROR_PCR_NOT_MATCH if the PCR registers from TPM have unexpected
   // values, in which case only reboot will allow this user to authenticate.
   virtual LECredError CheckCredential(const uint64_t& label,
                                       const brillo::SecureBlob& le_secret,
                                       brillo::SecureBlob* he_secret,
                                       brillo::SecureBlob* reset_secret) = 0;

   // Attempts reset of a LE Credential.
   //
   // Returns LE_CRED_SUCCESS on success.
   //
   // On failure, returns:
   // - LE_CRED_ERROR_INVALID_RESET_SECRET for incorrect reset secret.
   // incorrect attempts).
   // - LE_CRED_ERROR_HASH_TREE for error in hash tree.
   // - LE_CRED_ERROR_INVALID_LABEL for invalid label.
   // - LE_CRED_ERROR_INVALID_METADATA for invalid credential metadata.
   virtual LECredError ResetCredential(
       const uint64_t& label, const brillo::SecureBlob& reset_secret) = 0;

   // Remove a credential at node with label |label|.
   //
   // Returns LE_CRED_SUCCESS on success.
   // On failure, returns:
   // - LE_CRED_ERROR_INVALID_LABEL for invalid label.
   // - LE_CRED_ERROR_HASH_TREE for hash tree error.
   virtual LECredError RemoveCredential(const uint64_t& label) = 0;

   // Returns whether the provided label needs valid PCR criteria attached.
   virtual bool NeedsPcrBinding(const uint64_t& label) = 0;

   // Returns the number of wrong authentication attempts done since the label
   // was reset or created. Returns -1 if |label| is not present in the tree or
   // the tree is corrupted.
   virtual int GetWrongAuthAttempts(const uint64_t& label) = 0;
 };

 };  // namespace cryptohome

 #endif  // CRYPTOHOME_LE_CREDENTIAL_MANAGER_H_
	// Copyright 2018 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CRYPTOHOME_LE_CREDENTIAL_MANAGER_H_
	#define CRYPTOHOME_LE_CREDENTIAL_MANAGER_H_

	#include <map>

	#include "cryptohome/le_credential_backend.h"

	namespace cryptohome {

	// List of all the errors returned by the LECredentialManager interface.
	enum LECredError {
	// Operation succeeded.
	LE_CRED_SUCCESS = 0,
	// Check failed due to incorrect Low Entropy(LE) secret.
	LE_CRED_ERROR_INVALID_LE_SECRET,
	// Check failed due to incorrect Reset secret.
	LE_CRED_ERROR_INVALID_RESET_SECRET,
	// Check failed due to too many attempts as per delay schedule.
	LE_CRED_ERROR_TOO_MANY_ATTEMPTS,
	// Error in hash tree synchronization.
	LE_CRED_ERROR_HASH_TREE,
	// Label provided isn't present in hash tree.
	LE_CRED_ERROR_INVALID_LABEL,
	// No free labels available.
	LE_CRED_ERROR_NO_FREE_LABEL,
	// Invalid metadata in label.
	LE_CRED_ERROR_INVALID_METADATA,
	// Unclassified error.
	LE_CRED_ERROR_UNCLASSIFIED,
	// Credential Manager Locked.
	LE_CRED_ERROR_LE_LOCKED,
	// Unexpected PCR state.
	LE_CRED_ERROR_PCR_NOT_MATCH,
	// Sentinel value.
	LE_CRED_ERROR_MAX,
	};

	// This is a pure virtual interface providing all the public methods necessary
	// to work with the low entropy credential functionality.
	class LECredentialManager {
	public:
	typedef std::map<uint32_t, uint32_t> DelaySchedule;

	virtual ~LECredentialManager() = default;

	// Inserts an LE credential into the system.
	//
	// The Low entropy credential is represented by \|le_secret\|, and the high
	// entropy and reset secrets by \|he_secret\| and \|reset_secret\| respectively.
	// The delay schedule which governs the rate at which CheckCredential()
	// attempts are allowed is provided in \|delay_sched\|. On success, returns
	// LE_CRED_SUCCESS and stores the newly provisioned label in \|ret_label\|. On
	// failure, returns:
	// - LE_CRED_ERROR_NO_FREE_LABEL if there is no free label.
	// - LE_CRED_ERROR_HASH_TREE if there was an error in the hash tree.
	//
	// The returned label should be placed into the metadata associated with the
	// Encrypted Vault Key (EVK). so that it can be used to look up the credential
	// later.

	virtual LECredError InsertCredential(
	const brillo::SecureBlob& le_secret,
	const brillo::SecureBlob& he_secret,
	const brillo::SecureBlob& reset_secret,
	const DelaySchedule& delay_sched,
	const ValidPcrCriteria& valid_pcr_criteria,
	uint64_t* ret_label) = 0;

	// Attempts authentication for a LE Credential.
	//
	// Checks whether the LE credential \|le_secret\| for a \|label\| is correct.
	// Returns LE_CRED_SUCCESS on success. Additionally, the released
	// high entropy credential is placed in \|he_secret\| and the reset secret is
	// placed in \|reset_secret\| if CR50 version with protocol > 0 is used.
	//
	// On failure, returns:
	// LE_CRED_ERROR_INVALID_LE_SECRET for incorrect authentication attempt.
	// LE_CRED_ERROR_TOO_MANY_ATTEMPTS for locked out credential (too many
	// incorrect attempts). LE_CRED_ERROR_HASH_TREE for error in hash tree.
	// LE_CRED_ERROR_INVALID_LABEL for invalid label.
	// LE_CRED_ERROR_INVALID_METADATA for invalid credential metadata.
	// LE_CRED_ERROR_PCR_NOT_MATCH if the PCR registers from TPM have unexpected
	// values, in which case only reboot will allow this user to authenticate.
	virtual LECredError CheckCredential(const uint64_t& label,
	const brillo::SecureBlob& le_secret,
	brillo::SecureBlob* he_secret,
	brillo::SecureBlob* reset_secret) = 0;

	// Attempts reset of a LE Credential.
	//
	// Returns LE_CRED_SUCCESS on success.
	//
	// On failure, returns:
	// - LE_CRED_ERROR_INVALID_RESET_SECRET for incorrect reset secret.
	// incorrect attempts).
	// - LE_CRED_ERROR_HASH_TREE for error in hash tree.
	// - LE_CRED_ERROR_INVALID_LABEL for invalid label.
	// - LE_CRED_ERROR_INVALID_METADATA for invalid credential metadata.
	virtual LECredError ResetCredential(
	const uint64_t& label, const brillo::SecureBlob& reset_secret) = 0;

	// Remove a credential at node with label \|label\|.
	//
	// Returns LE_CRED_SUCCESS on success.
	// On failure, returns:
	// - LE_CRED_ERROR_INVALID_LABEL for invalid label.
	// - LE_CRED_ERROR_HASH_TREE for hash tree error.
	virtual LECredError RemoveCredential(const uint64_t& label) = 0;

	// Returns whether the provided label needs valid PCR criteria attached.
	virtual bool NeedsPcrBinding(const uint64_t& label) = 0;

	// Returns the number of wrong authentication attempts done since the label
	// was reset or created. Returns -1 if \|label\| is not present in the tree or
	// the tree is corrupted.
	virtual int GetWrongAuthAttempts(const uint64_t& label) = 0;
	};

	}; // namespace cryptohome

	#endif // CRYPTOHOME_LE_CREDENTIAL_MANAGER_H_