• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <keymaster/remote_provisioning_context.h>
20 
21 #include "host/commands/secure_env/tpm_resource_manager.h"
22 #include "keymaster/cppcose/cppcose.h"
23 
24 namespace cuttlefish {
25 
26 /**
27  * TPM-backed implementation of the provisioning context.
28  */
29 class TpmRemoteProvisioningContext
30     : public keymaster::RemoteProvisioningContext {
31  public:
32   TpmRemoteProvisioningContext(TpmResourceManager& resource_manager);
33   ~TpmRemoteProvisioningContext() override = default;
34   std::vector<uint8_t> DeriveBytesFromHbk(const std::string& context,
35                                           size_t numBytes) const override;
36   std::unique_ptr<cppbor::Map> CreateDeviceInfo() const override;
37   cppcose::ErrMsgOr<std::vector<uint8_t>> BuildProtectedDataPayload(
38       bool isTestMode,                     //
39       const std::vector<uint8_t>& macKey,  //
40       const std::vector<uint8_t>& aad) const override;
41   std::optional<cppcose::HmacSha256> GenerateHmacSha256(
42       const cppcose::bytevec& input) const override;
43   std::pair<std::vector<uint8_t>, cppbor::Array> GenerateBcc(
44       bool testMode) const;
45   void SetSystemVersion(uint32_t os_version, uint32_t os_patchlevel);
46   void SetVendorPatchlevel(uint32_t vendor_patchlevel);
47   void SetBootPatchlevel(uint32_t boot_patchlevel);
48   void SetVerifiedBootInfo(std::string_view boot_state,
49                            std::string_view bootloader_state,
50                            const std::vector<uint8_t>& vbmeta_digest);
51 
52  private:
53   std::vector<uint8_t> devicePrivKey_;
54   cppbor::Array bcc_;
55   TpmResourceManager& resource_manager_;
56 
57   std::optional<uint32_t> os_version_;
58   std::optional<uint32_t> os_patchlevel_;
59   std::optional<uint32_t> vendor_patchlevel_;
60   std::optional<uint32_t> boot_patchlevel_;
61   std::optional<std::string> verified_boot_state_;
62   std::optional<std::string> bootloader_state_;
63   std::optional<std::vector<uint8_t>> vbmeta_digest_;
64 };
65 
66 }  // namespace cuttlefish
67