cryptohome/auth_blocks/auth_block_utility.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2022 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CRYPTOHOME_AUTH_BLOCKS_AUTH_BLOCK_UTILITY_H_
 #define CRYPTOHOME_AUTH_BLOCKS_AUTH_BLOCK_UTILITY_H_

 #include <memory>
 #include <optional>
 #include <string>

 #include <brillo/secure_blob.h>

 #include "cryptohome/auth_blocks/auth_block.h"
 #include "cryptohome/auth_blocks/auth_block_state.h"
 #include "cryptohome/auth_blocks/auth_block_type.h"
 #include "cryptohome/auth_factor/auth_factor_type.h"
 #include "cryptohome/challenge_credentials/challenge_credentials_helper.h"
 #include "cryptohome/credentials.h"
 #include "cryptohome/crypto_error.h"
 #include "cryptohome/key_challenge_service.h"
 #include "cryptohome/key_objects.h"

 namespace cryptohome {

 // This is a utility class to create KeyBlobs with AuthBlocks using user
 // credentials and derive KeyBlobs with AuthBlocks using credentials and stored
 // AuthBlock state.
 class AuthBlockUtility {
  public:
   AuthBlockUtility() = default;
   AuthBlockUtility(const AuthBlockUtility&) = delete;
   AuthBlockUtility& operator=(const AuthBlockUtility&) = delete;
   virtual ~AuthBlockUtility() = default;

   // Returns whether the system is locked to only allow authenticating a single
   // user.
   virtual bool GetLockedToSingleUser() const = 0;

   // Creates KeyBlobs and AuthBlockState with the given type of AuthBlock for
   // the given credentials. Creating KeyBlobs means generating the KeyBlobs from
   // user credentials when the credentials are entered first time. Thus,
   // CreateKeyBlobsWithAuthBlock() should be called to generate the KeyBlobs for
   // adding initial key, adding key and migrating a key.
   virtual CryptoStatus CreateKeyBlobsWithAuthBlock(
       AuthBlockType auth_block_type,
       const Credentials& credentials,
       const std::optional<brillo::SecureBlob>& reset_secret,
       AuthBlockState& out_state,
       KeyBlobs& out_key_blobs) const = 0;

   // Creates KeyBlobs and AuthBlockState for the given credentials and returns
   // through the asynchronous create_callback.
   virtual bool CreateKeyBlobsWithAuthBlockAsync(
       AuthBlockType auth_block_type,
       const AuthInput& auth_input,
       AuthBlock::CreateCallback create_callback) = 0;

   // Derives KeyBlobs with the given type of AuthBlock using the passed
   // credentials and the AuthBlockState. Deriving KeyBlobs means generating the
   // KeyBlobs from entered credentials and the stored metadata for an existing
   // key. Thus DeriveKeyBlobsWithAuthBlock() should be called to generate the
   // KeyBlob for loading an existing wrapped key from the disk for user
   // authentication.
   virtual CryptoStatus DeriveKeyBlobsWithAuthBlock(
       AuthBlockType auth_block_type,
       const Credentials& credentials,
       const AuthBlockState& state,
       KeyBlobs& out_key_blobs) const = 0;

   // Creates KeyBlobs and AuthBlockState for the given credentials and returns
   // through the asynchronous derive_callback.
   virtual bool DeriveKeyBlobsWithAuthBlockAsync(
       AuthBlockType auth_block_type,
       const AuthInput& auth_input,
       const AuthBlockState& auth_state,
       AuthBlock::DeriveCallback derive_callback) = 0;

   // This function returns the AuthBlock type for
   // AuthBlock::Create() based on the |credentials|, |tpm_| and |crypto_|
   // status.
   virtual AuthBlockType GetAuthBlockTypeForCreation(
       const bool is_le_credential,
       const bool is_challenge_credential) const = 0;

   // This function returns the AuthBlock type for
   // AuthBlock::Derive() based on AutBlockState.
   virtual AuthBlockType GetAuthBlockTypeForDerive(
       const AuthBlockState& state) const = 0;

   // This function returns the AuthBlock type for AuthBlock::Derive()
   // based on the vault keyset flags value.
   virtual AuthBlockType GetAuthBlockTypeForDerivation(
       const std::string& label,
       const std::string& obfuscated_username) const = 0;

   // This populates an AuthBlockState allocated by the caller.
   virtual bool GetAuthBlockStateFromVaultKeyset(
       const std::string& label,
       const std::string& obfuscated_username,
       AuthBlockState& out_state) const = 0;

   // Reads an auth block state and update the given VaultKeyset with what it
   // returns.
   virtual void AssignAuthBlockStateToVaultKeyset(
       const AuthBlockState& state, VaultKeyset& vault_keyset) const = 0;

   // Creates a new auth block state and key blobs using an auth block. On error,
   // returns the error code.
   [[nodiscard]] virtual CryptoStatus CreateKeyBlobsWithAuthFactorType(
       AuthFactorType auth_factor_type,
       const AuthInput& auth_input,
       AuthBlockState& out_auth_block_state,
       KeyBlobs& out_key_blobs) const = 0;

   // Derives key blobs using the given auth block state and input.
   [[nodiscard]] virtual CryptoStatus DeriveKeyBlobs(
       const AuthInput& auth_input,
       const AuthBlockState& auth_block_state,
       KeyBlobs& out_key_blobs) const = 0;
 };

 }  // namespace cryptohome

 #endif  // CRYPTOHOME_AUTH_BLOCKS_AUTH_BLOCK_UTILITY_H_
	// Copyright 2022 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CRYPTOHOME_AUTH_BLOCKS_AUTH_BLOCK_UTILITY_H_
	#define CRYPTOHOME_AUTH_BLOCKS_AUTH_BLOCK_UTILITY_H_

	#include <memory>
	#include <optional>
	#include <string>

	#include <brillo/secure_blob.h>

	#include "cryptohome/auth_blocks/auth_block.h"
	#include "cryptohome/auth_blocks/auth_block_state.h"
	#include "cryptohome/auth_blocks/auth_block_type.h"
	#include "cryptohome/auth_factor/auth_factor_type.h"
	#include "cryptohome/challenge_credentials/challenge_credentials_helper.h"
	#include "cryptohome/credentials.h"
	#include "cryptohome/crypto_error.h"
	#include "cryptohome/key_challenge_service.h"
	#include "cryptohome/key_objects.h"

	namespace cryptohome {

	// This is a utility class to create KeyBlobs with AuthBlocks using user
	// credentials and derive KeyBlobs with AuthBlocks using credentials and stored
	// AuthBlock state.
	class AuthBlockUtility {
	public:
	AuthBlockUtility() = default;
	AuthBlockUtility(const AuthBlockUtility&) = delete;
	AuthBlockUtility& operator=(const AuthBlockUtility&) = delete;
	virtual ~AuthBlockUtility() = default;

	// Returns whether the system is locked to only allow authenticating a single
	// user.
	virtual bool GetLockedToSingleUser() const = 0;

	// Creates KeyBlobs and AuthBlockState with the given type of AuthBlock for
	// the given credentials. Creating KeyBlobs means generating the KeyBlobs from
	// user credentials when the credentials are entered first time. Thus,
	// CreateKeyBlobsWithAuthBlock() should be called to generate the KeyBlobs for
	// adding initial key, adding key and migrating a key.
	virtual CryptoStatus CreateKeyBlobsWithAuthBlock(
	AuthBlockType auth_block_type,
	const Credentials& credentials,
	const std::optional<brillo::SecureBlob>& reset_secret,
	AuthBlockState& out_state,
	KeyBlobs& out_key_blobs) const = 0;

	// Creates KeyBlobs and AuthBlockState for the given credentials and returns
	// through the asynchronous create_callback.
	virtual bool CreateKeyBlobsWithAuthBlockAsync(
	AuthBlockType auth_block_type,
	const AuthInput& auth_input,
	AuthBlock::CreateCallback create_callback) = 0;

	// Derives KeyBlobs with the given type of AuthBlock using the passed
	// credentials and the AuthBlockState. Deriving KeyBlobs means generating the
	// KeyBlobs from entered credentials and the stored metadata for an existing
	// key. Thus DeriveKeyBlobsWithAuthBlock() should be called to generate the
	// KeyBlob for loading an existing wrapped key from the disk for user
	// authentication.
	virtual CryptoStatus DeriveKeyBlobsWithAuthBlock(
	AuthBlockType auth_block_type,
	const Credentials& credentials,
	const AuthBlockState& state,
	KeyBlobs& out_key_blobs) const = 0;

	// Creates KeyBlobs and AuthBlockState for the given credentials and returns
	// through the asynchronous derive_callback.
	virtual bool DeriveKeyBlobsWithAuthBlockAsync(
	AuthBlockType auth_block_type,
	const AuthInput& auth_input,
	const AuthBlockState& auth_state,
	AuthBlock::DeriveCallback derive_callback) = 0;

	// This function returns the AuthBlock type for
	// AuthBlock::Create() based on the \|credentials\|, \|tpm_\| and \|crypto_\|
	// status.
	virtual AuthBlockType GetAuthBlockTypeForCreation(
	const bool is_le_credential,
	const bool is_challenge_credential) const = 0;

	// This function returns the AuthBlock type for
	// AuthBlock::Derive() based on AutBlockState.
	virtual AuthBlockType GetAuthBlockTypeForDerive(
	const AuthBlockState& state) const = 0;

	// This function returns the AuthBlock type for AuthBlock::Derive()
	// based on the vault keyset flags value.
	virtual AuthBlockType GetAuthBlockTypeForDerivation(
	const std::string& label,
	const std::string& obfuscated_username) const = 0;

	// This populates an AuthBlockState allocated by the caller.
	virtual bool GetAuthBlockStateFromVaultKeyset(
	const std::string& label,
	const std::string& obfuscated_username,
	AuthBlockState& out_state) const = 0;

	// Reads an auth block state and update the given VaultKeyset with what it
	// returns.
	virtual void AssignAuthBlockStateToVaultKeyset(
	const AuthBlockState& state, VaultKeyset& vault_keyset) const = 0;

	// Creates a new auth block state and key blobs using an auth block. On error,
	// returns the error code.
	[[nodiscard]] virtual CryptoStatus CreateKeyBlobsWithAuthFactorType(
	AuthFactorType auth_factor_type,
	const AuthInput& auth_input,
	AuthBlockState& out_auth_block_state,
	KeyBlobs& out_key_blobs) const = 0;

	// Derives key blobs using the given auth block state and input.
	[[nodiscard]] virtual CryptoStatus DeriveKeyBlobs(
	const AuthInput& auth_input,
	const AuthBlockState& auth_block_state,
	KeyBlobs& out_key_blobs) const = 0;
	};

	} // namespace cryptohome

	#endif // CRYPTOHOME_AUTH_BLOCKS_AUTH_BLOCK_UTILITY_H_