1bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi//
2bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// Copyright (C) 2015 The Android Open Source Project
3bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi//
4bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// Licensed under the Apache License, Version 2.0 (the "License");
5bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// you may not use this file except in compliance with the License.
6bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// You may obtain a copy of the License at
7bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi//
8bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi//      http://www.apache.org/licenses/LICENSE-2.0
9bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi//
10bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// Unless required by applicable law or agreed to in writing, software
11bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// distributed under the License is distributed on an "AS IS" BASIS,
12bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// See the License for the specific language governing permissions and
14bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi// limitations under the License.
15bbef5dff2b94fef72012e721cd6124cd87621af4Utkarsh Sanghi//
16ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
17ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#ifndef TRUNKS_SESSION_MANAGER_IMPL_H_
18ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#define TRUNKS_SESSION_MANAGER_IMPL_H_
19ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
20ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include "trunks/session_manager.h"
21ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
22ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include <string>
23ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
24ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include <gtest/gtest_prod.h>
25ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
26ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include "trunks/tpm_generated.h"
27ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#include "trunks/trunks_factory.h"
28ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
29ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghinamespace trunks {
30ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
31ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// This class is used to keep track of a TPM session. Each instance of this
32ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// class is used to account for one instance of a TPM session. Currently
33ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// this class is used by AuthorizationSession instances to keep track of TPM
34ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi// sessions.
35ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghiclass TRUNKS_EXPORT SessionManagerImpl : public SessionManager {
36ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi public:
37ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  explicit SessionManagerImpl(const TrunksFactory& factory);
38ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  ~SessionManagerImpl() override;
39ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
40ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  TPM_HANDLE GetSessionHandle() const override { return session_handle_; }
41ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  void CloseSession() override;
42ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  TPM_RC StartSession(TPM_SE session_type,
43ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi                      TPMI_DH_ENTITY bind_entity,
44ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi                      const std::string& bind_authorization_value,
45ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi                      bool enable_encryption,
46ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi                      HmacAuthorizationDelegate* delegate) override;
47ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
48ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi private:
49ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // This function is used to encrypt a plaintext salt |salt|, using RSA
50ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // public encrypt with the SaltingKey PKCS1_OAEP padding. It follows the
51ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // specification defined in TPM2.0 Part 1 Architecture, Appendix B.10.2.
52ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // The encrypted salt is stored in the out parameter |encrypted_salt|.
53ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  TPM_RC EncryptSalt(const std::string& salt, std::string* encrypted_salt);
54ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
55ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // This factory is only set in the constructor and is used to instantiate
56ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // The TPM class to forward commands to the TPM chip.
57ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  const TrunksFactory& factory_;
58ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // This handle keeps track of the TPM session. It is issued by the TPM,
59ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // and is only modified when a new TPM session is started using
60ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // StartBoundSession or StartUnboundSession. We use this to keep track of
61ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // the session handle, so that we can clean it up when this class is
62ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  // destroyed.
63ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  TPM_HANDLE session_handle_;
64ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
65ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  friend class SessionManagerTest;
66ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi  DISALLOW_COPY_AND_ASSIGN(SessionManagerImpl);
67ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi};
68ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
69ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi}  // namespace trunks
70ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi
71ff7f2da556b21253a52abbc82e7cf7bee54a850eUtkarsh Sanghi#endif  // TRUNKS_SESSION_MANAGER_IMPL_H_
72