hmac_session.h revision 4dc4629c415e7ca90ff146d7bb75b5646ecd8b17 
1//
2// Copyright (C) 2015 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8//      http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
16
17#ifndef TRUNKS_HMAC_SESSION_H_
18#define TRUNKS_HMAC_SESSION_H_
19
20#include <string>
21
22#include <base/macros.h>
23
24#include "trunks/tpm_generated.h"
25
26namespace trunks {
27
28class AuthorizationDelegate;
29
30// HmacSession is an interface for managing hmac backed sessions for
31// authorization and parameter encryption.
32class HmacSession {
33 public:
34  HmacSession() {}
35  virtual ~HmacSession() {}
36
37  // Returns an authorization delegate for this session. Ownership of the
38  // delegate pointer is retained by the session.
39  virtual AuthorizationDelegate* GetDelegate() = 0;
40
41  // Starts a salted session which is bound to |bind_entity| with
42  // |bind_authorization_value|. Encryption is enabled if |enable_encryption| is
43  // true. The session remains active until this object is destroyed or another
44  // session is started with a call to Start*Session.
45  virtual TPM_RC StartBoundSession(TPMI_DH_ENTITY bind_entity,
46                                   const std::string& bind_authorization_value,
47                                   bool enable_encryption) = 0;
48
49  // Starts a salted, unbound session. Encryption is enabled if
50  // |enable_encryption| is true. The session remains active until this object
51  // is destroyed or another session is started with a call to Start*Session.
52  virtual TPM_RC StartUnboundSession(bool enable_encryption) = 0;
53
54  // Sets the current entity authorization value. This can be safely called
55  // while the session is active and subsequent commands will use the value.
56  virtual void SetEntityAuthorizationValue(const std::string& value) = 0;
57
58  // Sets the future_authorization_value field in the HmacDelegate. This
59  // is used in response validation for the TPM2_HierarchyChangeAuth command.
60  // We need to perform this because the HMAC value returned from
61  // HierarchyChangeAuth uses the new auth_value.
62  virtual void SetFutureAuthorizationValue(const std::string& value) = 0;
63
64 private:
65  DISALLOW_COPY_AND_ASSIGN(HmacSession);
66};
67
68}  // namespace trunks
69
70#endif  // TRUNKS_HMAC_SESSION_H_
71