| // |
| // Copyright (C) 2015 The Android Open Source Project |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| |
| #include "tpm_manager/server/tpm_connection.h" |
| |
| #include <base/logging.h> |
| #include <base/stl_util.h> |
| #include <base/threading/platform_thread.h> |
| #include <base/time/time.h> |
| #include <trousers/tss.h> |
| #include <trousers/trousers.h> // NOLINT(build/include_alpha) |
| |
| #include "tpm_manager/server/tpm_util.h" |
| |
| namespace { |
| |
| const int kTpmConnectRetries = 10; |
| const int kTpmConnectIntervalMs = 100; |
| |
| } // namespace |
| |
| namespace tpm_manager { |
| |
| TpmConnection::TpmConnection(const std::string& authorization_value) |
| : authorization_value_(authorization_value) {} |
| |
| TSS_HCONTEXT TpmConnection::GetContext() { |
| if (!ConnectContextIfNeeded()) { |
| return 0; |
| } |
| return context_.value(); |
| } |
| |
| TSS_HTPM TpmConnection::GetTpm() { |
| if (!ConnectContextIfNeeded()) { |
| return 0; |
| } |
| TSS_RESULT result; |
| TSS_HTPM tpm_handle; |
| if (TPM_ERROR(result = |
| Tspi_Context_GetTpmObject(context_.value(), &tpm_handle))) { |
| TPM_LOG(ERROR, result) << "Error getting a handle to the TPM."; |
| return 0; |
| } |
| return tpm_handle; |
| } |
| |
| bool TpmConnection::ConnectContextIfNeeded() { |
| if (context_.value() != 0) { |
| return true; |
| } |
| TSS_RESULT result; |
| if (TPM_ERROR(result = Tspi_Context_Create(context_.ptr()))) { |
| TPM_LOG(ERROR, result) << "Error connecting to TPM."; |
| return false; |
| } |
| // We retry on failure. It might be that tcsd is starting up. |
| for (int i = 0; i < kTpmConnectRetries; i++) { |
| if (TPM_ERROR(result = Tspi_Context_Connect(context_, nullptr))) { |
| if (ERROR_CODE(result) == TSS_E_COMM_FAILURE) { |
| base::PlatformThread::Sleep( |
| base::TimeDelta::FromMilliseconds(kTpmConnectIntervalMs)); |
| } else { |
| TPM_LOG(ERROR, result) << "Error connecting to TPM."; |
| return false; |
| } |
| } else { |
| break; |
| } |
| } |
| if (context_.value() == 0) { |
| LOG(ERROR) << "Unexpected NULL context."; |
| return false; |
| } |
| // If we don't need to set an authorization value, we're done. |
| if (authorization_value_.empty()) { |
| return true; |
| } |
| |
| TSS_HTPM tpm_handle; |
| if (TPM_ERROR(result = |
| Tspi_Context_GetTpmObject(context_.value(), &tpm_handle))) { |
| TPM_LOG(ERROR, result) << "Error getting a handle to the TPM."; |
| context_.reset(); |
| return false; |
| } |
| TSS_HPOLICY tpm_usage_policy; |
| if (TPM_ERROR(result = Tspi_GetPolicyObject(tpm_handle, TSS_POLICY_USAGE, |
| &tpm_usage_policy))) { |
| TPM_LOG(ERROR, result) << "Error calling Tspi_GetPolicyObject"; |
| context_.reset(); |
| return false; |
| } |
| if (TPM_ERROR(result = Tspi_Policy_SetSecret( |
| tpm_usage_policy, TSS_SECRET_MODE_PLAIN, |
| authorization_value_.size(), |
| reinterpret_cast<BYTE*>( |
| const_cast<char*>(authorization_value_.data()))))) { |
| TPM_LOG(ERROR, result) << "Error calling Tspi_Policy_SetSecret"; |
| context_.reset(); |
| return false; |
| } |
| return true; |
| } |
| |
| } // namespace tpm_manager |
