Home | History | Annotate | Download | only in trunks 
      1 //
      2 // Copyright (C) 2014 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #ifndef TRUNKS_AUTHORIZATION_DELEGATE_H_
     18 #define TRUNKS_AUTHORIZATION_DELEGATE_H_
     19 
     20 #include <string>
     21 
     22 #include <base/macros.h>
     23 
     24 namespace trunks {
     25 
     26 // AuthorizationDelegate is an interface passed to TPM commands. The delegate
     27 // takes care of providing the authorization data for commands and verifying
     28 // authorization data for responses. It also handles parameter encryption for
     29 // commands and parameter decryption for responses.
     30 class AuthorizationDelegate {
     31  public:
     32   AuthorizationDelegate() {}
     33   virtual ~AuthorizationDelegate() {}
     34 
     35   // Provides authorization data for a command which has a cpHash value of
     36   // |command_hash|. The availability of encryption for the command is indicated
     37   // by |is_*_parameter_encryption_possible|. On success, |authorization| is
     38   // populated with the exact octets for the Authorization Area of the command.
     39   // Returns true on success.
     40   virtual bool GetCommandAuthorization(
     41       const std::string& command_hash,
     42       bool is_command_parameter_encryption_possible,
     43       bool is_response_parameter_encryption_possible,
     44       std::string* authorization) = 0;
     45 
     46   // Checks authorization data for a response which has a rpHash value of
     47   // |response_hash|. The exact octets from the Authorization Area of the
     48   // response are given in |authorization|. Returns true iff the authorization
     49   // is valid.
     50   virtual bool CheckResponseAuthorization(const std::string& response_hash,
     51                                           const std::string& authorization) = 0;
     52 
     53   // Encrypts |parameter| if encryption is enabled. Returns true on success.
     54   virtual bool EncryptCommandParameter(std::string* parameter) = 0;
     55 
     56   // Decrypts |parameter| if encryption is enabled. Returns true on success.
     57   virtual bool DecryptResponseParameter(std::string* parameter) = 0;
     58 
     59  private:
     60   DISALLOW_COPY_AND_ASSIGN(AuthorizationDelegate);
     61 };
     62 
     63 }  // namespace trunks
     64 
     65 #endif  // TRUNKS_AUTHORIZATION_DELEGATE_H_
     66