1// 2// Copyright (C) 2014 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#include "trunks/password_authorization_delegate.h" 18 19#include <base/logging.h> 20 21#include "trunks/tpm_generated.h" 22 23namespace trunks { 24 25const uint8_t kContinueSession = 1; 26 27PasswordAuthorizationDelegate::PasswordAuthorizationDelegate( 28 const std::string& password) { 29 password_ = Make_TPM2B_DIGEST(password); 30} 31 32PasswordAuthorizationDelegate::~PasswordAuthorizationDelegate() {} 33 34bool PasswordAuthorizationDelegate::GetCommandAuthorization( 35 const std::string& command_hash, 36 bool is_command_parameter_encryption_possible, 37 bool is_response_parameter_encryption_possible, 38 std::string* authorization) { 39 TPMS_AUTH_COMMAND auth; 40 auth.session_handle = TPM_RS_PW; 41 auth.nonce.size = 0; 42 auth.session_attributes = kContinueSession; 43 auth.hmac = password_; 44 45 TPM_RC serialize_error = Serialize_TPMS_AUTH_COMMAND(auth, authorization); 46 if (serialize_error != TPM_RC_SUCCESS) { 47 LOG(ERROR) << __func__ << ": could not serialize command auth."; 48 return false; 49 } 50 return true; 51} 52 53bool PasswordAuthorizationDelegate::CheckResponseAuthorization( 54 const std::string& response_hash, 55 const std::string& authorization) { 56 TPMS_AUTH_RESPONSE auth_response; 57 std::string mutable_auth_string(authorization); 58 std::string auth_bytes; 59 TPM_RC parse_error; 60 parse_error = Parse_TPMS_AUTH_RESPONSE(&mutable_auth_string, &auth_response, 61 &auth_bytes); 62 if (authorization.size() != auth_bytes.size()) { 63 LOG(ERROR) << __func__ << ": Authorization string was of wrong length."; 64 return false; 65 } 66 if (parse_error != TPM_RC_SUCCESS) { 67 LOG(ERROR) << __func__ << ": could not parse authorization response."; 68 return false; 69 } 70 if (auth_response.nonce.size != 0) { 71 LOG(ERROR) << __func__ << ": received a non zero length nonce."; 72 return false; 73 } 74 if (auth_response.hmac.size != 0) { 75 LOG(ERROR) << __func__ << ": received a non zero length hmac."; 76 return false; 77 } 78 if (auth_response.session_attributes != kContinueSession) { 79 LOG(ERROR) << __func__ << ": received wrong session attributes."; 80 return false; 81 } 82 return true; 83} 84 85bool PasswordAuthorizationDelegate::EncryptCommandParameter( 86 std::string* parameter) { 87 return true; 88} 89 90bool PasswordAuthorizationDelegate::DecryptResponseParameter( 91 std::string* parameter) { 92 return true; 93} 94 95} // namespace trunks 96