70 lines
2.6 KiB
C++
70 lines
2.6 KiB
C++
//
|
|
// Copyright (C) 2015 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
|
|
#ifndef TRUNKS_HMAC_SESSION_H_
|
|
#define TRUNKS_HMAC_SESSION_H_
|
|
|
|
#include <string>
|
|
|
|
#include <base/macros.h>
|
|
|
|
#include "trunks/tpm_generated.h"
|
|
|
|
namespace trunks {
|
|
|
|
class AuthorizationDelegate;
|
|
|
|
// HmacSession is an interface for managing hmac backed sessions for
|
|
// authorization and parameter encryption.
|
|
class HmacSession {
|
|
public:
|
|
HmacSession() {}
|
|
virtual ~HmacSession() {}
|
|
|
|
// Returns an authorization delegate for this session. Ownership of the
|
|
// delegate pointer is retained by the session.
|
|
virtual AuthorizationDelegate* GetDelegate() = 0;
|
|
|
|
// Starts a salted session which is bound to |bind_entity| with
|
|
// |bind_authorization_value|. Encryption is enabled if |enable_encryption| is
|
|
// true. The session remains active until this object is destroyed or another
|
|
// session is started with a call to Start*Session.
|
|
virtual TPM_RC StartBoundSession(TPMI_DH_ENTITY bind_entity,
|
|
const std::string& bind_authorization_value,
|
|
bool enable_encryption) = 0;
|
|
|
|
// Starts a salted, unbound session. Encryption is enabled if
|
|
// |enable_encryption| is true. The session remains active until this object
|
|
// is destroyed or another session is started with a call to Start*Session.
|
|
virtual TPM_RC StartUnboundSession(bool enable_encryption) = 0;
|
|
|
|
// Sets the current entity authorization value. This can be safely called
|
|
// while the session is active and subsequent commands will use the value.
|
|
virtual void SetEntityAuthorizationValue(const std::string& value) = 0;
|
|
|
|
// Sets the future_authorization_value field in the HmacDelegate. This
|
|
// is used in response validation for the TPM2_HierarchyChangeAuth command.
|
|
// We need to perform this because the HMAC value returned from
|
|
// HierarchyChangeAuth uses the new auth_value.
|
|
virtual void SetFutureAuthorizationValue(const std::string& value) = 0;
|
|
|
|
private:
|
|
DISALLOW_COPY_AND_ASSIGN(HmacSession);
|
|
};
|
|
|
|
} // namespace trunks
|
|
|
|
#endif // TRUNKS_HMAC_SESSION_H_
|