1 //
2 // Copyright (C) 2014 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "trunks/password_authorization_delegate.h"
18
19 #include <base/logging.h>
20
21 #include "trunks/tpm_generated.h"
22
23 namespace trunks {
24
25 const uint8_t kContinueSession = 1;
26
PasswordAuthorizationDelegate(const std::string & password)27 PasswordAuthorizationDelegate::PasswordAuthorizationDelegate(
28 const std::string& password) {
29 password_ = Make_TPM2B_DIGEST(password);
30 }
31
~PasswordAuthorizationDelegate()32 PasswordAuthorizationDelegate::~PasswordAuthorizationDelegate() {}
33
GetCommandAuthorization(const std::string & command_hash,bool is_command_parameter_encryption_possible,bool is_response_parameter_encryption_possible,std::string * authorization)34 bool PasswordAuthorizationDelegate::GetCommandAuthorization(
35 const std::string& command_hash,
36 bool is_command_parameter_encryption_possible,
37 bool is_response_parameter_encryption_possible,
38 std::string* authorization) {
39 TPMS_AUTH_COMMAND auth;
40 auth.session_handle = TPM_RS_PW;
41 auth.nonce.size = 0;
42 auth.session_attributes = kContinueSession;
43 auth.hmac = password_;
44
45 TPM_RC serialize_error = Serialize_TPMS_AUTH_COMMAND(auth, authorization);
46 if (serialize_error != TPM_RC_SUCCESS) {
47 LOG(ERROR) << __func__ << ": could not serialize command auth.";
48 return false;
49 }
50 return true;
51 }
52
CheckResponseAuthorization(const std::string & response_hash,const std::string & authorization)53 bool PasswordAuthorizationDelegate::CheckResponseAuthorization(
54 const std::string& response_hash,
55 const std::string& authorization) {
56 TPMS_AUTH_RESPONSE auth_response;
57 std::string mutable_auth_string(authorization);
58 std::string auth_bytes;
59 TPM_RC parse_error;
60 parse_error = Parse_TPMS_AUTH_RESPONSE(&mutable_auth_string, &auth_response,
61 &auth_bytes);
62 if (authorization.size() != auth_bytes.size()) {
63 LOG(ERROR) << __func__ << ": Authorization string was of wrong length.";
64 return false;
65 }
66 if (parse_error != TPM_RC_SUCCESS) {
67 LOG(ERROR) << __func__ << ": could not parse authorization response.";
68 return false;
69 }
70 if (auth_response.nonce.size != 0) {
71 LOG(ERROR) << __func__ << ": received a non zero length nonce.";
72 return false;
73 }
74 if (auth_response.hmac.size != 0) {
75 LOG(ERROR) << __func__ << ": received a non zero length hmac.";
76 return false;
77 }
78 if (auth_response.session_attributes != kContinueSession) {
79 LOG(ERROR) << __func__ << ": received wrong session attributes.";
80 return false;
81 }
82 return true;
83 }
84
EncryptCommandParameter(std::string * parameter)85 bool PasswordAuthorizationDelegate::EncryptCommandParameter(
86 std::string* parameter) {
87 return true;
88 }
89
DecryptResponseParameter(std::string * parameter)90 bool PasswordAuthorizationDelegate::DecryptResponseParameter(
91 std::string* parameter) {
92 return true;
93 }
94
95 } // namespace trunks
96