1//
2// Copyright (C) 2015 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8//      http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
16
17#ifndef TRUNKS_SESSION_MANAGER_IMPL_H_
18#define TRUNKS_SESSION_MANAGER_IMPL_H_
19
20#include "trunks/session_manager.h"
21
22#include <string>
23
24#include <gtest/gtest_prod.h>
25
26#include "trunks/tpm_generated.h"
27#include "trunks/trunks_factory.h"
28
29namespace trunks {
30
31// This class is used to keep track of a TPM session. Each instance of this
32// class is used to account for one instance of a TPM session. Currently
33// this class is used by AuthorizationSession instances to keep track of TPM
34// sessions.
35class TRUNKS_EXPORT SessionManagerImpl : public SessionManager {
36 public:
37  explicit SessionManagerImpl(const TrunksFactory& factory);
38  ~SessionManagerImpl() override;
39
40  TPM_HANDLE GetSessionHandle() const override { return session_handle_; }
41  void CloseSession() override;
42  TPM_RC StartSession(TPM_SE session_type,
43                      TPMI_DH_ENTITY bind_entity,
44                      const std::string& bind_authorization_value,
45                      bool enable_encryption,
46                      HmacAuthorizationDelegate* delegate) override;
47
48 private:
49  // This function is used to encrypt a plaintext salt |salt|, using RSA
50  // public encrypt with the SaltingKey PKCS1_OAEP padding. It follows the
51  // specification defined in TPM2.0 Part 1 Architecture, Appendix B.10.2.
52  // The encrypted salt is stored in the out parameter |encrypted_salt|.
53  TPM_RC EncryptSalt(const std::string& salt, std::string* encrypted_salt);
54
55  // This factory is only set in the constructor and is used to instantiate
56  // The TPM class to forward commands to the TPM chip.
57  const TrunksFactory& factory_;
58  // This handle keeps track of the TPM session. It is issued by the TPM,
59  // and is only modified when a new TPM session is started using
60  // StartBoundSession or StartUnboundSession. We use this to keep track of
61  // the session handle, so that we can clean it up when this class is
62  // destroyed.
63  TPM_HANDLE session_handle_;
64
65  friend class SessionManagerTest;
66  DISALLOW_COPY_AND_ASSIGN(SessionManagerImpl);
67};
68
69}  // namespace trunks
70
71#endif  // TRUNKS_SESSION_MANAGER_IMPL_H_
72