1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_
18 #define TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_
19 
20 #include <string>
21 
22 #include <base/macros.h>
23 #include <trousers/tss.h>
24 #include <trousers/trousers.h>  // NOLINT(build/include_alpha)
25 
26 #include "tpm_manager/server/openssl_crypto_util_impl.h"
27 #include "tpm_manager/server/tpm_connection.h"
28 #include "tpm_manager/server/tpm_initializer.h"
29 
30 namespace tpm_manager {
31 
32 class LocalDataStore;
33 class TpmStatus;
34 
35 // This class initializes a Tpm1.2 chip by taking ownership. Example use of
36 // this class is:
37 // LocalDataStore data_store;
38 // TpmStatusImpl status;
39 // TpmInitializerImpl initializer(&data_store, &status);
40 // initializer.InitializeTpm();
41 // If the tpm is unowned, InitializeTpm injects a random owner password,
42 // initializes and unrestricts the SRK, and persists the owner password to disk
43 // until all the owner dependencies are satisfied.
44 class TpmInitializerImpl : public TpmInitializer {
45  public:
46   // Does not take ownership of |local_data_store| or |tpm_status|.
47   TpmInitializerImpl(LocalDataStore* local_data_store, TpmStatus* tpm_status);
48   ~TpmInitializerImpl() override = default;
49 
50   // TpmInitializer methods.
51   bool InitializeTpm() override;
52   void VerifiedBootHelper() override;
53   bool ResetDictionaryAttackLock() override;
54 
55  private:
56   // This method checks if an EndorsementKey exists on the Tpm and creates it
57   // if not. Returns true on success, else false. The |connection| already has
58   // the owner password injected.
59   bool InitializeEndorsementKey(TpmConnection* connection);
60 
61   // This method takes ownership of the Tpm with the default TSS password.
62   // Returns true on success, else false. The |connection| already has the
63   // default owner password injected.
64   bool TakeOwnership(TpmConnection* connection);
65 
66   // This method initializes the SRK if it does not exist, zero's the SRK
67   // password and unrestricts its usage. Returns true on success, else false.
68   // The |connection| already has the current owner password injected.
69   bool InitializeSrk(TpmConnection* connection);
70 
71   // This method changes the Tpm owner password from the default TSS password
72   // to the password provided in the |owner_password| argument.
73   // Returns true on success, else false. The |connection| already has the old
74   // owner password injected.
75   bool ChangeOwnerPassword(TpmConnection* connection,
76                            const std::string& owner_password);
77 
78   // This method return true iff the provided |owner_password| is the current
79   // owner password in the Tpm. This method can also return false if there was
80   // an error communicating with the Tpm.
81   bool TestTpmAuth(const std::string& owner_password);
82 
83   OpensslCryptoUtilImpl openssl_util_;
84   LocalDataStore* local_data_store_;
85   TpmStatus* tpm_status_;
86 
87   DISALLOW_COPY_AND_ASSIGN(TpmInitializerImpl);
88 };
89 
90 }  // namespace tpm_manager
91 
92 #endif  // TPM_MANAGER_SERVER_TPM_INITIALIZER_IMPL_H_
93