1 /*
2  * Copyright 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <keymaster/remote_provisioning_context.h>
20 
21 #include "host/commands/secure_env/tpm_resource_manager.h"
22 #include "keymaster/cppcose/cppcose.h"
23 
24 namespace cuttlefish {
25 
26 /**
27  * TPM-backed implementation of the provisioning context.
28  */
29 class TpmRemoteProvisioningContext
30     : public keymaster::RemoteProvisioningContext {
31  public:
32   TpmRemoteProvisioningContext(TpmResourceManager& resource_manager);
33   ~TpmRemoteProvisioningContext() override = default;
34   std::vector<uint8_t> DeriveBytesFromHbk(const std::string& context,
35                                           size_t numBytes) const override;
36   std::unique_ptr<cppbor::Map> CreateDeviceInfo(
37       uint32_t csrVersion) const override;
38   cppcose::ErrMsgOr<std::vector<uint8_t>> BuildProtectedDataPayload(
39       bool isTestMode,                     //
40       const std::vector<uint8_t>& macKey,  //
41       const std::vector<uint8_t>& aad) const override;
42   std::optional<cppcose::HmacSha256> GenerateHmacSha256(
43       const cppcose::bytevec& input) const override;
44   void GetHwInfo(keymaster::GetHwInfoResponse* hwInfo) const override;
45   cppcose::ErrMsgOr<cppbor::Array> BuildCsr(
46       const std::vector<uint8_t>& challenge,
47       cppbor::Array keysToSign) const override;
48 
49   std::pair<std::vector<uint8_t>, cppbor::Array> GenerateBcc(
50       bool testMode) const;
51   void SetSystemVersion(uint32_t os_version, uint32_t os_patchlevel);
52   void SetVendorPatchlevel(uint32_t vendor_patchlevel);
53   void SetBootPatchlevel(uint32_t boot_patchlevel);
54   void SetVerifiedBootInfo(std::string_view boot_state,
55                            std::string_view bootloader_state,
56                            const std::vector<uint8_t>& vbmeta_digest);
57 
58  private:
59   std::vector<uint8_t> devicePrivKey_;
60   cppbor::Array bcc_;
61   TpmResourceManager& resource_manager_;
62 
63   std::optional<uint32_t> os_version_;
64   std::optional<uint32_t> os_patchlevel_;
65   std::optional<uint32_t> vendor_patchlevel_;
66   std::optional<uint32_t> boot_patchlevel_;
67   std::optional<std::string> verified_boot_state_;
68   std::optional<std::string> bootloader_state_;
69   std::optional<std::vector<uint8_t>> vbmeta_digest_;
70 };
71 
72 }  // namespace cuttlefish
73