Home | History | Annotate | Download | only in trunks 
      1 //
      2 // Copyright (C) 2014 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #include "trunks/password_authorization_delegate.h"
     18 
     19 #include <base/logging.h>
     20 
     21 #include "trunks/tpm_generated.h"
     22 
     23 namespace trunks {
     24 
     25 const uint8_t kContinueSession = 1;
     26 
     27 PasswordAuthorizationDelegate::PasswordAuthorizationDelegate(
     28     const std::string& password) {
     29   password_ = Make_TPM2B_DIGEST(password);
     30 }
     31 
     32 PasswordAuthorizationDelegate::~PasswordAuthorizationDelegate() {}
     33 
     34 bool PasswordAuthorizationDelegate::GetCommandAuthorization(
     35     const std::string& command_hash,
     36     bool is_command_parameter_encryption_possible,
     37     bool is_response_parameter_encryption_possible,
     38     std::string* authorization) {
     39   TPMS_AUTH_COMMAND auth;
     40   auth.session_handle = TPM_RS_PW;
     41   auth.nonce.size = 0;
     42   auth.session_attributes = kContinueSession;
     43   auth.hmac = password_;
     44 
     45   TPM_RC serialize_error = Serialize_TPMS_AUTH_COMMAND(auth, authorization);
     46   if (serialize_error != TPM_RC_SUCCESS) {
     47     LOG(ERROR) << __func__ << ": could not serialize command auth.";
     48     return false;
     49   }
     50   return true;
     51 }
     52 
     53 bool PasswordAuthorizationDelegate::CheckResponseAuthorization(
     54     const std::string& response_hash,
     55     const std::string& authorization) {
     56   TPMS_AUTH_RESPONSE auth_response;
     57   std::string mutable_auth_string(authorization);
     58   std::string auth_bytes;
     59   TPM_RC parse_error;
     60   parse_error = Parse_TPMS_AUTH_RESPONSE(&mutable_auth_string, &auth_response,
     61                                          &auth_bytes);
     62   if (authorization.size() != auth_bytes.size()) {
     63     LOG(ERROR) << __func__ << ": Authorization string was of wrong length.";
     64     return false;
     65   }
     66   if (parse_error != TPM_RC_SUCCESS) {
     67     LOG(ERROR) << __func__ << ": could not parse authorization response.";
     68     return false;
     69   }
     70   if (auth_response.nonce.size != 0) {
     71     LOG(ERROR) << __func__ << ": received a non zero length nonce.";
     72     return false;
     73   }
     74   if (auth_response.hmac.size != 0) {
     75     LOG(ERROR) << __func__ << ": received a non zero length hmac.";
     76     return false;
     77   }
     78   if (auth_response.session_attributes != kContinueSession) {
     79     LOG(ERROR) << __func__ << ": received wrong session attributes.";
     80     return false;
     81   }
     82   return true;
     83 }
     84 
     85 bool PasswordAuthorizationDelegate::EncryptCommandParameter(
     86     std::string* parameter) {
     87   return true;
     88 }
     89 
     90 bool PasswordAuthorizationDelegate::DecryptResponseParameter(
     91     std::string* parameter) {
     92   return true;
     93 }
     94 
     95 }  // namespace trunks
     96