xref: /aosp_15_r20/external/gsc-utils/tpm_generated/authorization_delegate.h (revision 4f2df630800bdcf1d4f0decf95d8a1cb87344f5f)
1 // Copyright 2014 The ChromiumOS Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef TRUNKS_AUTHORIZATION_DELEGATE_H_
6 #define TRUNKS_AUTHORIZATION_DELEGATE_H_
7 
8 #include <string>
9 
10 namespace trunks {
11 
12 inline constexpr uint8_t kContinueSession = 1;
13 
14 // AuthorizationDelegate is an interface passed to TPM commands. The delegate
15 // takes care of providing the authorization data for commands and verifying
16 // authorization data for responses. It also handles parameter encryption for
17 // commands and parameter decryption for responses.
18 class AuthorizationDelegate {
19  public:
AuthorizationDelegate()20   AuthorizationDelegate() {}
21   AuthorizationDelegate(const AuthorizationDelegate&) = delete;
22   AuthorizationDelegate& operator=(const AuthorizationDelegate&) = delete;
23 
~AuthorizationDelegate()24   virtual ~AuthorizationDelegate() {}
25 
26   // Provides authorization data for a command which has a cpHash value of
27   // |command_hash|. The availability of encryption for the command is indicated
28   // by |is_*_parameter_encryption_possible|. On success, |authorization| is
29   // populated with the exact octets for the Authorization Area of the command.
30   // Returns true on success.
31   virtual bool GetCommandAuthorization(
32       const std::string& command_hash,
33       bool is_command_parameter_encryption_possible,
34       bool is_response_parameter_encryption_possible,
35       std::string* authorization) = 0;
36 
37   // Checks authorization data for a response which has a rpHash value of
38   // |response_hash|. The exact octets from the Authorization Area of the
39   // response are given in |authorization|. Returns true iff the authorization
40   // is valid.
41   virtual bool CheckResponseAuthorization(const std::string& response_hash,
42                                           const std::string& authorization) = 0;
43 
44   // Encrypts |parameter| if encryption is enabled. Returns true on success.
45   virtual bool EncryptCommandParameter(std::string* parameter) = 0;
46 
47   // Decrypts |parameter| if encryption is enabled. Returns true on success.
48   virtual bool DecryptResponseParameter(std::string* parameter) = 0;
49 
50   // Returns the current TPM-generated nonce that is associated with the
51   // authorization session. Returns true on success.
52   virtual bool GetTpmNonce(std::string* nonce) = 0;
53 };
54 
55 }  // namespace trunks
56 
57 #endif  // TRUNKS_AUTHORIZATION_DELEGATE_H_
58