1 //
2 // Copyright (C) 2020 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 
16 #pragma once
17 
18 #include <cstdint>
19 #include <memory>
20 #include <optional>
21 #include <string>
22 #include <string_view>
23 #include <vector>
24 
25 #include <keymaster/android_keymaster_messages.h>
26 #include <keymaster/attestation_context.h>
27 
28 namespace cuttlefish {
29 
30 struct AttestationIds {
31   std::vector<uint8_t> brand;
32   std::vector<uint8_t> device;
33   std::vector<uint8_t> product;
34   std::vector<uint8_t> serial;
35   std::vector<uint8_t> imei;
36   std::vector<uint8_t> meid;
37   std::vector<uint8_t> manufacturer;
38   std::vector<uint8_t> model;
39   std::vector<uint8_t> second_imei;
40 };
41 
42 class TpmAttestationRecordContext : public keymaster::AttestationContext {
43 public:
44  TpmAttestationRecordContext();
45  ~TpmAttestationRecordContext() = default;
46 
47  keymaster_security_level_t GetSecurityLevel() const override;
48  keymaster_error_t VerifyAndCopyDeviceIds(
49      const keymaster::AuthorizationSet&,
50      keymaster::AuthorizationSet*) const override;
51  keymaster::Buffer GenerateUniqueId(uint64_t, const keymaster_blob_t&, bool,
52                                     keymaster_error_t*) const override;
53  const VerifiedBootParams* GetVerifiedBootParams(
54      keymaster_error_t* error) const override;
55  keymaster::KeymasterKeyBlob GetAttestationKey(
56      keymaster_algorithm_t algorithm, keymaster_error_t* error) const override;
57  keymaster::CertificateChain GetAttestationChain(
58      keymaster_algorithm_t algorithm, keymaster_error_t* error) const override;
59  void SetVerifiedBootInfo(std::string_view verified_boot_state,
60                           std::string_view bootloader_state,
61                           const std::vector<uint8_t>& vbmeta_digest);
62  keymaster_error_t SetAttestationIds(
63      const keymaster::SetAttestationIdsRequest& request);
64  keymaster_error_t SetAttestationIdsKM3(
65      const keymaster::SetAttestationIdsKM3Request& request);
66 
67 private:
68  std::vector<uint8_t> vbmeta_digest_;
69  VerifiedBootParams vb_params_;
70  std::vector<uint8_t> unique_id_hbk_;
71  AttestationIds attestation_ids_;
72 };
73 
74 }  // namespace cuttlefish
75