cryptohome/challenge_credentials/challenge_credentials_decrypt_operation.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2018 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CRYPTOHOME_CHALLENGE_CREDENTIALS_CHALLENGE_CREDENTIALS_DECRYPT_OPERATION_H_
 #define CRYPTOHOME_CHALLENGE_CREDENTIALS_CHALLENGE_CREDENTIALS_DECRYPT_OPERATION_H_

 #include <cstdint>
 #include <map>
 #include <memory>
 #include <string>

 #include <base/callback.h>
 #include <base/memory/weak_ptr.h>
 #include <brillo/secure_blob.h>
 #include <libhwsec/error/tpm_error.h>
 #include <libhwsec/status.h>

 #include "cryptohome/challenge_credentials/challenge_credentials_operation.h"
 #include "cryptohome/error/cryptohome_tpm_error.h"
 #include "cryptohome/signature_sealing/structures.h"
 #include "cryptohome/signature_sealing_backend.h"
 #include "cryptohome/tpm.h"

 namespace cryptohome {

 class Credentials;
 class KeyChallengeService;

 // This operation decrypts the credentials for the given user and the referenced
 // cryptographic key. This operation involves making challenge request(s)
 // against the specified key.
 //
 // This class is not expected to be used directly by client code; instead,
 // methods of ChallengeCredentialsHelper should be called.
 class ChallengeCredentialsDecryptOperation final
     : public ChallengeCredentialsOperation {
  public:
   // If the operation succeeds, |passkey| can be used for decryption of the
   // user's vault keyset.
   using CompletionCallback =
       base::OnceCallback<void(hwsec_foundation::status::StatusChain<
                                   cryptohome::error::CryptohomeTPMError> error,
                               std::unique_ptr<brillo::SecureBlob> passkey)>;

   // |key_challenge_service| is a non-owned pointer which must outlive the
   // created instance.
   // |public_key_info| describes the challenge-response public key information.
   // |keyset_challenge_info| contains the encrypted representation of secrets.
   // The result is reported via |completion_callback|.
   ChallengeCredentialsDecryptOperation(
       KeyChallengeService* key_challenge_service,
       Tpm* tpm,
       const brillo::Blob& delegate_blob,
       const brillo::Blob& delegate_secret,
       const std::string& account_id,
       const structure::ChallengePublicKeyInfo& public_key_info,
       const structure::SignatureChallengeInfo& keyset_challenge_info,
       bool locked_to_single_user,
       CompletionCallback completion_callback);

   ~ChallengeCredentialsDecryptOperation() override;

   // ChallengeCredentialsOperation:
   void Start() override;
   void Abort() override;

  private:
   // Starts the processing.
   hwsec_foundation::status::StatusChain<cryptohome::error::CryptohomeTPMError>
   StartProcessing();

   // Makes a challenge request with the salt.
   hwsec_foundation::status::StatusChain<cryptohome::error::CryptohomeTPMError>
   StartProcessingSalt();

   // Begins unsealing the secret, and makes a challenge request for unsealing
   // it.
   hwsec_foundation::status::StatusChain<cryptohome::error::CryptohomeTPMError>
   StartProcessingSealedSecret();

   // Called when signature for the salt is received.
   void OnSaltChallengeResponse(std::unique_ptr<brillo::Blob> salt_signature);

   // Called when signature for the unsealing challenge is received.
   void OnUnsealingChallengeResponse(
       std::unique_ptr<brillo::Blob> challenge_signature);

   // Generates the result if all necessary challenges are completed.
   void ProceedIfChallengesDone();

   // Completes with returning the specified results.
   void Resolve(hwsec_foundation::status::StatusChain<
                    cryptohome::error::CryptohomeTPMError> error,
                std::unique_ptr<brillo::SecureBlob> passkey);

   Tpm* const tpm_;
   const brillo::Blob delegate_blob_;
   const brillo::Blob delegate_secret_;
   const std::string account_id_;
   const structure::ChallengePublicKeyInfo public_key_info_;
   const structure::SignatureChallengeInfo keyset_challenge_info_;
   const bool locked_to_single_user_;
   std::unique_ptr<brillo::Blob> salt_signature_;
   CompletionCallback completion_callback_;
   SignatureSealingBackend* const signature_sealing_backend_;
   std::unique_ptr<SignatureSealingBackend::UnsealingSession> unsealing_session_;
   std::unique_ptr<brillo::SecureBlob> unsealed_secret_;
   base::WeakPtrFactory<ChallengeCredentialsDecryptOperation> weak_ptr_factory_{
       this};
 };

 }  // namespace cryptohome

 #endif  // CRYPTOHOME_CHALLENGE_CREDENTIALS_CHALLENGE_CREDENTIALS_DECRYPT_OPERATION_H_
	// Copyright 2018 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CRYPTOHOME_CHALLENGE_CREDENTIALS_CHALLENGE_CREDENTIALS_DECRYPT_OPERATION_H_
	#define CRYPTOHOME_CHALLENGE_CREDENTIALS_CHALLENGE_CREDENTIALS_DECRYPT_OPERATION_H_

	#include <cstdint>
	#include <map>
	#include <memory>
	#include <string>

	#include <base/callback.h>
	#include <base/memory/weak_ptr.h>
	#include <brillo/secure_blob.h>
	#include <libhwsec/error/tpm_error.h>
	#include <libhwsec/status.h>

	#include "cryptohome/challenge_credentials/challenge_credentials_operation.h"
	#include "cryptohome/error/cryptohome_tpm_error.h"
	#include "cryptohome/signature_sealing/structures.h"
	#include "cryptohome/signature_sealing_backend.h"
	#include "cryptohome/tpm.h"

	namespace cryptohome {

	class Credentials;
	class KeyChallengeService;

	// This operation decrypts the credentials for the given user and the referenced
	// cryptographic key. This operation involves making challenge request(s)
	// against the specified key.
	//
	// This class is not expected to be used directly by client code; instead,
	// methods of ChallengeCredentialsHelper should be called.
	class ChallengeCredentialsDecryptOperation final
	: public ChallengeCredentialsOperation {
	public:
	// If the operation succeeds, \|passkey\| can be used for decryption of the
	// user's vault keyset.
	using CompletionCallback =
	base::OnceCallback<void(hwsec_foundation::status::StatusChain<
	cryptohome::error::CryptohomeTPMError> error,
	std::unique_ptr<brillo::SecureBlob> passkey)>;

	// \|key_challenge_service\| is a non-owned pointer which must outlive the
	// created instance.
	// \|public_key_info\| describes the challenge-response public key information.
	// \|keyset_challenge_info\| contains the encrypted representation of secrets.
	// The result is reported via \|completion_callback\|.
	ChallengeCredentialsDecryptOperation(
	KeyChallengeService* key_challenge_service,
	Tpm* tpm,
	const brillo::Blob& delegate_blob,
	const brillo::Blob& delegate_secret,
	const std::string& account_id,
	const structure::ChallengePublicKeyInfo& public_key_info,
	const structure::SignatureChallengeInfo& keyset_challenge_info,
	bool locked_to_single_user,
	CompletionCallback completion_callback);

	~ChallengeCredentialsDecryptOperation() override;

	// ChallengeCredentialsOperation:
	void Start() override;
	void Abort() override;

	private:
	// Starts the processing.
	hwsec_foundation::status::StatusChain<cryptohome::error::CryptohomeTPMError>
	StartProcessing();

	// Makes a challenge request with the salt.
	hwsec_foundation::status::StatusChain<cryptohome::error::CryptohomeTPMError>
	StartProcessingSalt();

	// Begins unsealing the secret, and makes a challenge request for unsealing
	// it.
	hwsec_foundation::status::StatusChain<cryptohome::error::CryptohomeTPMError>
	StartProcessingSealedSecret();

	// Called when signature for the salt is received.
	void OnSaltChallengeResponse(std::unique_ptr<brillo::Blob> salt_signature);

	// Called when signature for the unsealing challenge is received.
	void OnUnsealingChallengeResponse(
	std::unique_ptr<brillo::Blob> challenge_signature);

	// Generates the result if all necessary challenges are completed.
	void ProceedIfChallengesDone();

	// Completes with returning the specified results.
	void Resolve(hwsec_foundation::status::StatusChain<
	cryptohome::error::CryptohomeTPMError> error,
	std::unique_ptr<brillo::SecureBlob> passkey);

	Tpm* const tpm_;
	const brillo::Blob delegate_blob_;
	const brillo::Blob delegate_secret_;
	const std::string account_id_;
	const structure::ChallengePublicKeyInfo public_key_info_;
	const structure::SignatureChallengeInfo keyset_challenge_info_;
	const bool locked_to_single_user_;
	std::unique_ptr<brillo::Blob> salt_signature_;
	CompletionCallback completion_callback_;
	SignatureSealingBackend* const signature_sealing_backend_;
	std::unique_ptr<SignatureSealingBackend::UnsealingSession> unsealing_session_;
	std::unique_ptr<brillo::SecureBlob> unsealed_secret_;
	base::WeakPtrFactory<ChallengeCredentialsDecryptOperation> weak_ptr_factory_{
	this};
	};

	} // namespace cryptohome

	#endif // CRYPTOHOME_CHALLENGE_CREDENTIALS_CHALLENGE_CREDENTIALS_DECRYPT_OPERATION_H_