Home | History | Annotate | Download | only in server 
      1 //
      2 // Copyright (C) 2015 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #ifndef TPM_MANAGER_SERVER_TPM2_NVRAM_IMPL_H_
     18 #define TPM_MANAGER_SERVER_TPM2_NVRAM_IMPL_H_
     19 
     20 #include "tpm_manager/server/tpm_nvram.h"
     21 
     22 #include <memory>
     23 #include <string>
     24 
     25 #include <base/macros.h>
     26 #include <trunks/trunks_factory.h>
     27 
     28 #include "tpm_manager/common/tpm_manager.pb.h"
     29 #include "tpm_manager/server/local_data_store.h"
     30 
     31 namespace tpm_manager {
     32 
     33 // A TpmNvram implementation backed by a TPM 2.0 device. All index values are
     34 // the 'index' portion of an NV handle and must fit in 24 bits.
     35 class Tpm2NvramImpl : public TpmNvram {
     36  public:
     37   // Does not take ownership of arguments.
     38   Tpm2NvramImpl(const trunks::TrunksFactory& factory,
     39                 LocalDataStore* local_data_store);
     40   ~Tpm2NvramImpl() override = default;
     41 
     42   // TpmNvram methods.
     43   NvramResult DefineSpace(uint32_t index,
     44                           size_t size,
     45                           const std::vector<NvramSpaceAttribute>& attributes,
     46                           const std::string& authorization_value,
     47                           NvramSpacePolicy policy) override;
     48   NvramResult DestroySpace(uint32_t index) override;
     49   NvramResult WriteSpace(uint32_t index,
     50                          const std::string& data,
     51                          const std::string& authorization_value) override;
     52   NvramResult ReadSpace(uint32_t index,
     53                         std::string* data,
     54                         const std::string& authorization_value) override;
     55   NvramResult LockSpace(uint32_t index,
     56                         bool lock_read,
     57                         bool lock_write,
     58                         const std::string& authorization_value) override;
     59   NvramResult ListSpaces(std::vector<uint32_t>* index_list) override;
     60   NvramResult GetSpaceInfo(
     61       uint32_t index,
     62       size_t* size,
     63       bool* is_read_locked,
     64       bool* is_write_locked,
     65       std::vector<NvramSpaceAttribute>* attributes,
     66       NvramSpacePolicy* policy) override;
     67 
     68  private:
     69   // Must be called before using any data members. This may be called multiple
     70   // times and will be very fast if already initialized.
     71   bool Initialize();
     72 
     73   // Gets the TPM owner password. Returns an empty string if not available.
     74   std::string GetOwnerPassword();
     75 
     76   // Configures |trunks_session_| with owner authorization. Returns true on
     77   // success.
     78   bool SetupOwnerSession();
     79 
     80   // Configures a new policy |session| for a given |policy_record|,
     81   // |authorization_value|, and |command_code|. Returns true on success.
     82   bool SetupPolicySession(const NvramPolicyRecord& policy_record,
     83                           const std::string& authorization_value,
     84                           trunks::TPM_CC command_code,
     85                           trunks::PolicySession* session);
     86 
     87   // A helper to add policies to a |session| for a particular |command_code| and
     88   // |policy_record|. Returns true on success.
     89   bool AddPoliciesForCommand(const NvramPolicyRecord& policy_record,
     90                              trunks::TPM_CC command_code,
     91                              trunks::PolicySession* session);
     92 
     93   // A helper to add an OR policy to |session| based on |policy_record|. Returns
     94   // true on success.
     95   bool AddPolicyOR(const NvramPolicyRecord& policy_record,
     96                    trunks::PolicySession* session);
     97 
     98   // Computes the policy |digest| for a given |policy_record| and fills the
     99   // policy_digests field in the |policy_record|.
    100   bool ComputePolicyDigest(NvramPolicyRecord* policy_record,
    101                            std::string* digest);
    102 
    103   // Gets the policy |record| for the given |index|. Returns true on success.
    104   bool GetPolicyRecord(uint32_t index, NvramPolicyRecord* record);
    105 
    106   // Saves a policy |record| in the local_data_store_.
    107   bool SavePolicyRecord(const NvramPolicyRecord& record);
    108 
    109   // Best effort delete of the policy |record| for |index|.
    110   void DeletePolicyRecord(uint32_t index);
    111 
    112   const trunks::TrunksFactory& trunks_factory_;
    113   LocalDataStore* local_data_store_;
    114   bool initialized_;
    115   std::unique_ptr<trunks::HmacSession> trunks_session_;
    116   std::unique_ptr<trunks::TpmUtility> trunks_utility_;
    117 
    118   friend class Tpm2NvramTest;
    119   DISALLOW_COPY_AND_ASSIGN(Tpm2NvramImpl);
    120 };
    121 
    122 }  // namespace tpm_manager
    123 
    124 #endif  // TPM_MANAGER_SERVER_TPM2_NVRAM_IMPL_H_
    125