• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 // Copyright (C) 2015 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef TRUNKS_SESSION_MANAGER_IMPL_H_
18 #define TRUNKS_SESSION_MANAGER_IMPL_H_
19 
20 #include "trunks/session_manager.h"
21 
22 #include <string>
23 
24 #include <gtest/gtest_prod.h>
25 
26 #include "trunks/tpm_generated.h"
27 #include "trunks/trunks_factory.h"
28 
29 namespace trunks {
30 
31 // This class is used to keep track of a TPM session. Each instance of this
32 // class is used to account for one instance of a TPM session. Currently
33 // this class is used by AuthorizationSession instances to keep track of TPM
34 // sessions.
35 class TRUNKS_EXPORT SessionManagerImpl : public SessionManager {
36  public:
37   explicit SessionManagerImpl(const TrunksFactory& factory);
38   ~SessionManagerImpl() override;
39 
GetSessionHandle()40   TPM_HANDLE GetSessionHandle() const override { return session_handle_; }
41   void CloseSession() override;
42   TPM_RC StartSession(TPM_SE session_type,
43                       TPMI_DH_ENTITY bind_entity,
44                       const std::string& bind_authorization_value,
45                       bool enable_encryption,
46                       HmacAuthorizationDelegate* delegate) override;
47 
48  private:
49   // This function is used to encrypt a plaintext salt |salt|, using RSA
50   // public encrypt with the SaltingKey PKCS1_OAEP padding. It follows the
51   // specification defined in TPM2.0 Part 1 Architecture, Appendix B.10.2.
52   // The encrypted salt is stored in the out parameter |encrypted_salt|.
53   TPM_RC EncryptSalt(const std::string& salt, std::string* encrypted_salt);
54 
55   // This factory is only set in the constructor and is used to instantiate
56   // The TPM class to forward commands to the TPM chip.
57   const TrunksFactory& factory_;
58   // This handle keeps track of the TPM session. It is issued by the TPM,
59   // and is only modified when a new TPM session is started using
60   // StartBoundSession or StartUnboundSession. We use this to keep track of
61   // the session handle, so that we can clean it up when this class is
62   // destroyed.
63   TPM_HANDLE session_handle_;
64 
65   friend class SessionManagerTest;
66   DISALLOW_COPY_AND_ASSIGN(SessionManagerImpl);
67 };
68 
69 }  // namespace trunks
70 
71 
72 #endif  // TRUNKS_SESSION_MANAGER_IMPL_H_
73