1// 2// Copyright (C) 2015 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#ifndef TRUNKS_HMAC_SESSION_IMPL_H_ 18#define TRUNKS_HMAC_SESSION_IMPL_H_ 19 20#include "trunks/hmac_session.h" 21 22#include <string> 23 24#include <base/macros.h> 25 26#include "trunks/hmac_authorization_delegate.h" 27#include "trunks/session_manager.h" 28#include "trunks/trunks_export.h" 29#include "trunks/trunks_factory.h" 30 31namespace trunks { 32 33 34// This class implements the HmacSession interface. It is used for 35// keeping track of the HmacAuthorizationDelegate used for commands, and to 36// provide authorization for commands that need it. It is instantiated by 37// TpmUtilityImpl. If we need to use this class outside of TpmUtility, we 38// can use it as below: 39// TrunksFactoryImpl factory; 40// HmacSessionImpl session(factory); 41// session.StartBoundSession(bind_entity, bind_authorization, true); 42// session.SetEntityAuthorizationValue(entity_authorization); 43// factory.GetTpm()->RSA_EncrpytSync(_,_,_,_, session.GetDelegate()); 44// NOTE: StartBoundSession/StartUnboundSession should not be called before 45// TPM Ownership is taken. This is because starting a session uses the 46// SaltingKey, which is only created after ownership is taken. 47class TRUNKS_EXPORT HmacSessionImpl: public HmacSession { 48 public: 49 // The constructor for HmacAuthroizationSession needs a factory. In 50 // producation code, this factory is used to access the TPM class to forward 51 // commands to the TPM. In test code, this is used to mock out the TPM calls. 52 explicit HmacSessionImpl(const TrunksFactory& factory); 53 ~HmacSessionImpl() override; 54 55 // HmacSession methods. 56 AuthorizationDelegate* GetDelegate() override; 57 TPM_RC StartBoundSession(TPMI_DH_ENTITY bind_entity, 58 const std::string& bind_authorization_value, 59 bool enable_encryption) override; 60 TPM_RC StartUnboundSession(bool enable_encryption) override; 61 void SetEntityAuthorizationValue(const std::string& value) override; 62 void SetFutureAuthorizationValue(const std::string& value) override; 63 64 private: 65 // This factory is only set in the constructor and is used to instantiate 66 // The TPM class to forward commands to the TPM chip. 67 const TrunksFactory& factory_; 68 // This delegate is what provides authorization to commands. It is what is 69 // returned when the GetDelegate method is called. 70 HmacAuthorizationDelegate hmac_delegate_; 71 // This object is used to manage the TPM session associated with this 72 // HmacSession. 73 scoped_ptr<SessionManager> session_manager_; 74 75 friend class HmacSessionTest; 76 DISALLOW_COPY_AND_ASSIGN(HmacSessionImpl); 77}; 78 79} // namespace trunks 80 81#endif // TRUNKS_HMAC_SESSION_IMPL_H_ 82