1 //
2 // Copyright (C) 2014 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef TRUNKS_AUTHORIZATION_DELEGATE_H_
18 #define TRUNKS_AUTHORIZATION_DELEGATE_H_
19 
20 #include <string>
21 
22 #include <base/macros.h>
23 
24 namespace trunks {
25 
26 // AuthorizationDelegate is an interface passed to TPM commands. The delegate
27 // takes care of providing the authorization data for commands and verifying
28 // authorization data for responses. It also handles parameter encryption for
29 // commands and parameter decryption for responses.
30 class AuthorizationDelegate {
31  public:
AuthorizationDelegate()32   AuthorizationDelegate() {}
~AuthorizationDelegate()33   virtual ~AuthorizationDelegate() {}
34 
35   // Provides authorization data for a command which has a cpHash value of
36   // |command_hash|. The availability of encryption for the command is indicated
37   // by |is_*_parameter_encryption_possible|. On success, |authorization| is
38   // populated with the exact octets for the Authorization Area of the command.
39   // Returns true on success.
40   virtual bool GetCommandAuthorization(
41       const std::string& command_hash,
42       bool is_command_parameter_encryption_possible,
43       bool is_response_parameter_encryption_possible,
44       std::string* authorization) = 0;
45 
46   // Checks authorization data for a response which has a rpHash value of
47   // |response_hash|. The exact octets from the Authorization Area of the
48   // response are given in |authorization|. Returns true iff the authorization
49   // is valid.
50   virtual bool CheckResponseAuthorization(const std::string& response_hash,
51                                           const std::string& authorization) = 0;
52 
53   // Encrypts |parameter| if encryption is enabled. Returns true on success.
54   virtual bool EncryptCommandParameter(std::string* parameter) = 0;
55 
56   // Decrypts |parameter| if encryption is enabled. Returns true on success.
57   virtual bool DecryptResponseParameter(std::string* parameter) = 0;
58 
59  private:
60   DISALLOW_COPY_AND_ASSIGN(AuthorizationDelegate);
61 };
62 
63 }  // namespace trunks
64 
65 #endif  // TRUNKS_AUTHORIZATION_DELEGATE_H_
66