1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef TRUNKS_HMAC_SESSION_H_
18 #define TRUNKS_HMAC_SESSION_H_
19 
20 #include <string>
21 
22 #include <base/macros.h>
23 
24 #include "trunks/tpm_generated.h"
25 
26 namespace trunks {
27 
28 class AuthorizationDelegate;
29 
30 // HmacSession is an interface for managing hmac backed sessions for
31 // authorization and parameter encryption.
32 class HmacSession {
33  public:
HmacSession()34   HmacSession() {}
~HmacSession()35   virtual ~HmacSession() {}
36 
37   // Returns an authorization delegate for this session. Ownership of the
38   // delegate pointer is retained by the session.
39   virtual AuthorizationDelegate* GetDelegate() = 0;
40 
41   // Starts a salted session which is bound to |bind_entity| with
42   // |bind_authorization_value|. Encryption is enabled if |enable_encryption| is
43   // true. The session remains active until this object is destroyed or another
44   // session is started with a call to Start*Session.
45   virtual TPM_RC StartBoundSession(TPMI_DH_ENTITY bind_entity,
46                                    const std::string& bind_authorization_value,
47                                    bool enable_encryption) = 0;
48 
49   // Starts a salted, unbound session. Encryption is enabled if
50   // |enable_encryption| is true. The session remains active until this object
51   // is destroyed or another session is started with a call to Start*Session.
52   virtual TPM_RC StartUnboundSession(bool enable_encryption) = 0;
53 
54   // Sets the current entity authorization value. This can be safely called
55   // while the session is active and subsequent commands will use the value.
56   virtual void SetEntityAuthorizationValue(const std::string& value) = 0;
57 
58   // Sets the future_authorization_value field in the HmacDelegate. This
59   // is used in response validation for the TPM2_HierarchyChangeAuth command.
60   // We need to perform this because the HMAC value returned from
61   // HierarchyChangeAuth uses the new auth_value.
62   virtual void SetFutureAuthorizationValue(const std::string& value) = 0;
63 
64  private:
65   DISALLOW_COPY_AND_ASSIGN(HmacSession);
66 };
67 
68 }  // namespace trunks
69 
70 #endif  // TRUNKS_HMAC_SESSION_H_
71