1bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 2bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// Copyright (C) 2015 The Android Open Source Project 3bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 4bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// Licensed under the Apache License, Version 2.0 (the "License"); 5bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// you may not use this file except in compliance with the License. 6bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// You may obtain a copy of the License at 7bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 8bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// http://www.apache.org/licenses/LICENSE-2.0 9bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 10bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// Unless required by applicable law or agreed to in writing, software 11bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// distributed under the License is distributed on an "AS IS" BASIS, 12bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// See the License for the specific language governing permissions and 14bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// limitations under the License. 15bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// 16ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 17ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#ifndef TRUNKS_HMAC_SESSION_IMPL_H_ 18ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#define TRUNKS_HMAC_SESSION_IMPL_H_ 19ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 20ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include "trunks/hmac_session.h" 21ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 2230c921db09d27768acc1ea0d8b6a9c8e814f931aLuis Hector Chavez#include <memory> 23ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include <string> 24ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 25ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include <base/macros.h> 26ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 27ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include "trunks/hmac_authorization_delegate.h" 28ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include "trunks/session_manager.h" 29ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include "trunks/trunks_export.h" 30ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include "trunks/trunks_factory.h" 31ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 32ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghinamespace trunks { 33ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 34ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// This class implements the HmacSession interface. It is used for 35ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// keeping track of the HmacAuthorizationDelegate used for commands, and to 36ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// provide authorization for commands that need it. It is instantiated by 37ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// TpmUtilityImpl. If we need to use this class outside of TpmUtility, we 38ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// can use it as below: 39ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// TrunksFactoryImpl factory; 40ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// HmacSessionImpl session(factory); 41ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// session.StartBoundSession(bind_entity, bind_authorization, true); 42ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// session.SetEntityAuthorizationValue(entity_authorization); 43ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// factory.GetTpm()->RSA_EncrpytSync(_,_,_,_, session.GetDelegate()); 44ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// NOTE: StartBoundSession/StartUnboundSession should not be called before 45ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// TPM Ownership is taken. This is because starting a session uses the 46ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// SaltingKey, which is only created after ownership is taken. 474dc4629c415e7ca90ff146d7bb75b5646ecd8b17Darren Krahnclass TRUNKS_EXPORT HmacSessionImpl : public HmacSession { 48ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi public: 49ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // The constructor for HmacAuthroizationSession needs a factory. In 50ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // producation code, this factory is used to access the TPM class to forward 51ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // commands to the TPM. In test code, this is used to mock out the TPM calls. 52ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi explicit HmacSessionImpl(const TrunksFactory& factory); 53ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi ~HmacSessionImpl() override; 54ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 55ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // HmacSession methods. 56ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi AuthorizationDelegate* GetDelegate() override; 57ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi TPM_RC StartBoundSession(TPMI_DH_ENTITY bind_entity, 58ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi const std::string& bind_authorization_value, 59ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi bool enable_encryption) override; 60ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi TPM_RC StartUnboundSession(bool enable_encryption) override; 61ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi void SetEntityAuthorizationValue(const std::string& value) override; 62ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi void SetFutureAuthorizationValue(const std::string& value) override; 63ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 64ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi private: 65ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // This factory is only set in the constructor and is used to instantiate 66ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // The TPM class to forward commands to the TPM chip. 67ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi const TrunksFactory& factory_; 68ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // This delegate is what provides authorization to commands. It is what is 69ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // returned when the GetDelegate method is called. 70ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi HmacAuthorizationDelegate hmac_delegate_; 71ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // This object is used to manage the TPM session associated with this 72ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi // HmacSession. 7330c921db09d27768acc1ea0d8b6a9c8e814f931aLuis Hector Chavez std::unique_ptr<SessionManager> session_manager_; 74ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 75ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi friend class HmacSessionTest; 76ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi DISALLOW_COPY_AND_ASSIGN(HmacSessionImpl); 77ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi}; 78ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 79ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi} // namespace trunks 80ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi 81ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#endif // TRUNKS_HMAC_SESSION_IMPL_H_ 82