1 // Copyright 2014 The ChromiumOS Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef TRUNKS_AUTHORIZATION_DELEGATE_H_ 6 #define TRUNKS_AUTHORIZATION_DELEGATE_H_ 7 8 #include <string> 9 10 namespace trunks { 11 12 inline constexpr uint8_t kContinueSession = 1; 13 14 // AuthorizationDelegate is an interface passed to TPM commands. The delegate 15 // takes care of providing the authorization data for commands and verifying 16 // authorization data for responses. It also handles parameter encryption for 17 // commands and parameter decryption for responses. 18 class AuthorizationDelegate { 19 public: AuthorizationDelegate()20 AuthorizationDelegate() {} 21 AuthorizationDelegate(const AuthorizationDelegate&) = delete; 22 AuthorizationDelegate& operator=(const AuthorizationDelegate&) = delete; 23 ~AuthorizationDelegate()24 virtual ~AuthorizationDelegate() {} 25 26 // Provides authorization data for a command which has a cpHash value of 27 // |command_hash|. The availability of encryption for the command is indicated 28 // by |is_*_parameter_encryption_possible|. On success, |authorization| is 29 // populated with the exact octets for the Authorization Area of the command. 30 // Returns true on success. 31 virtual bool GetCommandAuthorization( 32 const std::string& command_hash, 33 bool is_command_parameter_encryption_possible, 34 bool is_response_parameter_encryption_possible, 35 std::string* authorization) = 0; 36 37 // Checks authorization data for a response which has a rpHash value of 38 // |response_hash|. The exact octets from the Authorization Area of the 39 // response are given in |authorization|. Returns true iff the authorization 40 // is valid. 41 virtual bool CheckResponseAuthorization(const std::string& response_hash, 42 const std::string& authorization) = 0; 43 44 // Encrypts |parameter| if encryption is enabled. Returns true on success. 45 virtual bool EncryptCommandParameter(std::string* parameter) = 0; 46 47 // Decrypts |parameter| if encryption is enabled. Returns true on success. 48 virtual bool DecryptResponseParameter(std::string* parameter) = 0; 49 50 // Returns the current TPM-generated nonce that is associated with the 51 // authorization session. Returns true on success. 52 virtual bool GetTpmNonce(std::string* nonce) = 0; 53 }; 54 55 } // namespace trunks 56 57 #endif // TRUNKS_AUTHORIZATION_DELEGATE_H_ 58