Google Git
Sign in
cos / mirrors / cros / chromiumos / platform2 / refs/heads/stabilize-14816.82.B / . / cryptohome / auth_blocks / auth_block_utility_impl.h
blob: bb95414e916c504f847de0f7af8da0e148b9784e [file] [log] [blame]
// Copyright 2022 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CRYPTOHOME_AUTH_BLOCKS_AUTH_BLOCK_UTILITY_IMPL_H_
#define CRYPTOHOME_AUTH_BLOCKS_AUTH_BLOCK_UTILITY_IMPL_H_
#include <memory>
#include <optional>
#include <string>
#include <brillo/secure_blob.h>
#include <libhwsec-foundation/status/status_chain_or.h>
#include "cryptohome/auth_blocks/auth_block.h"
#include "cryptohome/auth_blocks/auth_block_state.h"
#include "cryptohome/auth_blocks/auth_block_type.h"
#include "cryptohome/auth_blocks/auth_block_utility.h"
#include "cryptohome/auth_factor/auth_factor_type.h"
#include "cryptohome/challenge_credentials/challenge_credentials_helper.h"
#include "cryptohome/credentials.h"
#include "cryptohome/crypto.h"
#include "cryptohome/crypto_error.h"
#include "cryptohome/key_challenge_service.h"
#include "cryptohome/key_objects.h"
#include "cryptohome/keyset_management.h"
#include "cryptohome/platform.h"
#include "cryptohome/tpm.h"
namespace cryptohome {
// Implementation of the AuthBlockUtility interface to create KeyBlobs with
// AuthBlocks using user credentials and derive KeyBlobs with AuthBlocks using
// credentials and stored AuthBlock state.
class AuthBlockUtilityImpl final : public AuthBlockUtility {
public:
// |keyset_management|, |crypto| and |platform| are non-owned objects. Caller
// must ensure that these objects are valid for the lifetime of
// AuthBlockUtilityImpl.
AuthBlockUtilityImpl(KeysetManagement* keyset_management,
Crypto* crypto,
Platform* platform);
AuthBlockUtilityImpl(
KeysetManagement* keyset_management,
Crypto* crypto,
Platform* platform,
ChallengeCredentialsHelper* credentials_helper,
std::unique_ptr<KeyChallengeService> key_challenge_service,
const std::string& account_id);
AuthBlockUtilityImpl(const AuthBlockUtilityImpl&) = delete;
AuthBlockUtilityImpl& operator=(const AuthBlockUtilityImpl&) = delete;
~AuthBlockUtilityImpl() override;
bool GetLockedToSingleUser() const override;
CryptoStatus CreateKeyBlobsWithAuthBlock(
AuthBlockType auth_block_type,
const Credentials& credentials,
const std::optional<brillo::SecureBlob>& reset_secret,
AuthBlockState& out_state,
KeyBlobs& out_key_blobs) const override;
// Creates KeyBlobs and AuthBlockState for the given credentials and returns
// through the asynchronous create_callback.
bool CreateKeyBlobsWithAuthBlockAsync(
AuthBlockType auth_block_type,
const AuthInput& auth_input,
AuthBlock::CreateCallback create_callback) override;
CryptoStatus DeriveKeyBlobsWithAuthBlock(
AuthBlockType auth_block_type,
const Credentials& credentials,
const AuthBlockState& state,
KeyBlobs& out_key_blobs) const override;
// Creates KeyBlobs and AuthBlockState for the given credentials and returns
// through the asynchronous derive_callback.
bool DeriveKeyBlobsWithAuthBlockAsync(
AuthBlockType auth_block_type,
const AuthInput& auth_input,
const AuthBlockState& auth_state,
AuthBlock::DeriveCallback derive_callback) override;
AuthBlockType GetAuthBlockTypeForCreation(
const bool is_le_credential,
const bool is_challenge_credential) const override;
// This function returns the AuthBlock type for
// AuthBlock::Derive() based on AutBlockState.
AuthBlockType GetAuthBlockTypeForDerive(
const AuthBlockState& state) const override;
AuthBlockType GetAuthBlockTypeForDerivation(
const std::string& label,
const std::string& obfuscated_username) const override;
bool GetAuthBlockStateFromVaultKeyset(
const std::string& label,
const std::string& obfuscated_username,
AuthBlockState& out_state) const override;
void AssignAuthBlockStateToVaultKeyset(
const AuthBlockState& state, VaultKeyset& vault_keyset) const override;
CryptoStatus CreateKeyBlobsWithAuthFactorType(
AuthFactorType auth_factor_type,
const AuthInput& auth_input,
AuthBlockState& out_auth_block_state,
KeyBlobs& out_key_blobs) const override;
CryptoStatus DeriveKeyBlobs(const AuthInput& auth_input,
const AuthBlockState& auth_block_state,
KeyBlobs& out_key_blobs) const override;
CryptoStatus GenerateRecoveryRequest(
const cryptorecovery::RequestMetadata& request_metadata,
const brillo::Blob& epoch_response,
const CryptohomeRecoveryAuthBlockState& state,
Tpm* tpm,
brillo::SecureBlob* out_recovery_request,
brillo::SecureBlob* out_ephemeral_pub_key) const override;
private:
// This helper function serves as a factory method to return the authblock
// used in authentication.
CryptoStatusOr<std::unique_ptr<SyncAuthBlock>> GetAuthBlockWithType(
const AuthBlockType& auth_block_type) const;
// This helper function returns an authblock with asynchronous create and
// derive.
CryptoStatusOr<std::unique_ptr<AuthBlock>> GetAsyncAuthBlockWithType(
const AuthBlockType& auth_block_type);
// Non-owned object used for the keyset management operations. Must be alive
// for the entire lifecycle of the class.
KeysetManagement* const keyset_management_;
// Non-owned crypto object for performing cryptographic operations. Must be
// alive for the entire lifecycle of the class.
Crypto* const crypto_;
// Non-owned platform object used in this class. Must be alive for the entire
// lifecycle of the class.
Platform* const platform_;
// Challenge credential helper utility object. This object is required
// for using a challenge response authblock.
ChallengeCredentialsHelper* const challenge_credentials_helper_;
// KeyChallengeService is tasked with contacting the challenge response D-Bus
// service that'll provide the response once we send the challenge.
std::unique_ptr<KeyChallengeService> key_challenge_service_;
// Account ID for AsyncChallengeCredentialAuthBlock.
std::optional<std::string> account_id_;
friend class AuthBlockUtilityImplTest;
FRIEND_TEST(AuthBlockUtilityImplTest, GetAsyncAuthBlockWithType);
FRIEND_TEST(AuthBlockUtilityImplTest, GetAsyncAuthBlockWithTypeFail);
};
} // namespace cryptohome
#endif // CRYPTOHOME_AUTH_BLOCKS_AUTH_BLOCK_UTILITY_IMPL_H_