1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_
18 #define TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_
19 
20 #include <string>
21 
22 #include <base/macros.h>
23 #include <trousers/tss.h>
24 #include <trousers/trousers.h>  // NOLINT(build/include_alpha)
25 
26 #include "tpm_manager/server/openssl_crypto_util_impl.h"
27 #include "tpm_manager/server/tpm_connection.h"
28 #include "tpm_manager/server/tpm_initializer.h"
29 
30 namespace tpm_manager {
31 
32 class LocalDataStore;
33 class TpmStatus;
34 
35 // This class initializes a Tpm1.2 chip by taking ownership. Example use of
36 // this class is:
37 // LocalDataStore data_store;
38 // TpmStatusImpl status;
39 // TpmInitializerImpl initializer(&data_store, &status);
40 // initializer.InitializeTpm();
41 // If the tpm is unowned, InitializeTpm injects a random owner password,
42 // initializes and unrestricts the SRK, and persists the owner password to disk
43 // until all the owner dependencies are satisfied.
44 class TpmInitializerImpl : public TpmInitializer {
45  public:
46   // Does not take ownership of |local_data_store| or |tpm_status|.
47   TpmInitializerImpl(LocalDataStore* local_data_store,
48                      TpmStatus* tpm_status);
49   ~TpmInitializerImpl() override = default;
50 
51   // TpmInitializer methods.
52   bool InitializeTpm() override;
53 
54  private:
55   // This method checks if an EndorsementKey exists on the Tpm and creates it
56   // if not. Returns true on success, else false. |tpm_handle| is a handle to
57   // the Tpm with the owner_password injected.
58   bool InitializeEndorsementKey(TSS_HTPM tpm_handle);
59 
60   // This method takes ownership of the Tpm with the default TSS password.
61   // Returns true on success, else false. |tpm_handle| is a handle to the Tpm
62   // with the owner_password injected.
63   bool TakeOwnership(TSS_HTPM tpm_handle);
64 
65   // This method initializes the SRK if it does not exist, zero's the SRK
66   // password and unrestricts its usage. Returns true on success, else false.
67   // |tpm_handle| is a handle to the Tpm with the owner_password injected.
68   bool InitializeSrk(TSS_HTPM tpm_handle);
69 
70   // This method changes the Tpm owner password from the default TSS password
71   // to the password provided in the |owner_password| argument.
72   // Returns true on success, else false. |tpm_handle| is a handle to the Tpm
73   // with the old owner_password injected.
74   bool ChangeOwnerPassword(TSS_HTPM tpm_handle,
75                            const std::string& owner_password);
76 
77   // This method return true iff the provided |owner_password| is the current
78   // owner password in the Tpm. This method can also return false if there was
79   // an error communicating with the Tpm.
80   bool TestTpmAuth(const std::string& owner_password);
81 
82   OpensslCryptoUtilImpl openssl_util_;
83   TpmConnection tpm_connection_;
84   LocalDataStore* local_data_store_;
85   TpmStatus* tpm_status_;
86 
87   DISALLOW_COPY_AND_ASSIGN(TpmInitializerImpl);
88 };
89 
90 }  // namespace tpm_manager
91 
92 #endif  // TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_
93