1 //
2 // Copyright (C) 2020 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 
16 #pragma once
17 
18 #include <optional>
19 #include <vector>
20 
21 #include <keymaster/serializable.h>
22 
23 #include "host/commands/secure_env/tpm_resource_manager.h"
24 
25 namespace cuttlefish {
26 
27 /**
28  * A keymaster::Serializable that wraps another keymaster::Serializable,
29  * protecting it from tampering while it is stored elsewhere. This stores
30  * the serialized data of the other type together with a signature over that
31  * serialized data. When deserializing, it will attempt to make the same
32  * signature over the data. If the signature or data has been tampered with,
33  * the signatures won't match and it won't attempt to deserialize the wrapped
34  * type.
35  *
36  * The serialization format is:
37  * [uint32_t: wrapped_size] [wrapped_data]
38  * [uint32_t: signature_size] [signature_data]
39  *
40  * While this class currently assumes all signatures will use the same key
41  * and algorithm and therefore be the same size, the serialization format is
42  * future-proof to accommodate signature changes.
43  */
44 class HmacSerializable : public keymaster::Serializable {
45 public:
46  HmacSerializable(TpmResourceManager&,
47                   std::function<TpmObjectSlot(TpmResourceManager&)>,
48                   uint32_t digest_size, Serializable*, const Serializable* aad);
49 
50  size_t SerializedSize() const override;
51  uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override;
52  bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override;
53 
54 private:
55   TpmResourceManager& resource_manager_;
56   std::function<TpmObjectSlot(TpmResourceManager&)> signing_key_fn_;
57   uint32_t digest_size_;
58   Serializable* wrapped_;
59   const Serializable* aad_;
60 
61   std::optional<std::vector<uint8_t>> AppendAad(const uint8_t* sensitive,
62                                                 size_t sensitive_size) const;
63 };
64 
65 }  // namespace cuttlefish
66