trunks/password_authorization_delegate.cc - platform/system/tpm - Git at Google

 //
 // Copyright (C) 2014 The Android Open Source Project
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //

 #include "trunks/password_authorization_delegate.h"

 #include <base/logging.h>

 #include "trunks/tpm_generated.h"

 namespace trunks {

 const uint8_t kContinueSession = 1;

 PasswordAuthorizationDelegate::PasswordAuthorizationDelegate(
     const std::string& password) {
   password_ = Make_TPM2B_DIGEST(password);
 }

 PasswordAuthorizationDelegate::~PasswordAuthorizationDelegate() {}

 bool PasswordAuthorizationDelegate::GetCommandAuthorization(
     const std::string& command_hash,
     bool is_command_parameter_encryption_possible,
     bool is_response_parameter_encryption_possible,
     std::string* authorization) {
   TPMS_AUTH_COMMAND auth;
   auth.session_handle = TPM_RS_PW;
   auth.nonce.size = 0;
   auth.session_attributes = kContinueSession;
   auth.hmac = password_;

   TPM_RC serialize_error = Serialize_TPMS_AUTH_COMMAND(auth, authorization);
   if (serialize_error != TPM_RC_SUCCESS) {
     LOG(ERROR) << __func__ << ": could not serialize command auth.";
     return false;
   }
   return true;
 }

 bool PasswordAuthorizationDelegate::CheckResponseAuthorization(
     const std::string& response_hash,
     const std::string& authorization) {
   TPMS_AUTH_RESPONSE auth_response;
   std::string mutable_auth_string(authorization);
   std::string auth_bytes;
   TPM_RC parse_error;
   parse_error = Parse_TPMS_AUTH_RESPONSE(&mutable_auth_string, &auth_response,
                                          &auth_bytes);
   if (authorization.size() != auth_bytes.size()) {
     LOG(ERROR) << __func__ << ": Authorization string was of wrong length.";
     return false;
   }
   if (parse_error != TPM_RC_SUCCESS) {
     LOG(ERROR) << __func__ << ": could not parse authorization response.";
     return false;
   }
   if (auth_response.nonce.size != 0) {
     LOG(ERROR) << __func__ << ": received a non zero length nonce.";
     return false;
   }
   if (auth_response.hmac.size != 0) {
     LOG(ERROR) << __func__ << ": received a non zero length hmac.";
     return false;
   }
   if (auth_response.session_attributes != kContinueSession) {
     LOG(ERROR) << __func__ << ": received wrong session attributes.";
     return false;
   }
   return true;
 }

 bool PasswordAuthorizationDelegate::EncryptCommandParameter(
     std::string* parameter) {
   return true;
 }

 bool PasswordAuthorizationDelegate::DecryptResponseParameter(
     std::string* parameter) {
   return true;
 }

 }  // namespace trunks
	//
	// Copyright (C) 2014 The Android Open Source Project
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//

	#include "trunks/password_authorization_delegate.h"

	#include <base/logging.h>

	#include "trunks/tpm_generated.h"

	namespace trunks {

	const uint8_t kContinueSession = 1;

	PasswordAuthorizationDelegate::PasswordAuthorizationDelegate(
	const std::string& password) {
	password_ = Make_TPM2B_DIGEST(password);
	}

	PasswordAuthorizationDelegate::~PasswordAuthorizationDelegate() {}

	bool PasswordAuthorizationDelegate::GetCommandAuthorization(
	const std::string& command_hash,
	bool is_command_parameter_encryption_possible,
	bool is_response_parameter_encryption_possible,
	std::string* authorization) {
	TPMS_AUTH_COMMAND auth;
	auth.session_handle = TPM_RS_PW;
	auth.nonce.size = 0;
	auth.session_attributes = kContinueSession;
	auth.hmac = password_;

	TPM_RC serialize_error = Serialize_TPMS_AUTH_COMMAND(auth, authorization);
	if (serialize_error != TPM_RC_SUCCESS) {
	LOG(ERROR) << __func__ << ": could not serialize command auth.";
	return false;
	}
	return true;
	}

	bool PasswordAuthorizationDelegate::CheckResponseAuthorization(
	const std::string& response_hash,
	const std::string& authorization) {
	TPMS_AUTH_RESPONSE auth_response;
	std::string mutable_auth_string(authorization);
	std::string auth_bytes;
	TPM_RC parse_error;
	parse_error = Parse_TPMS_AUTH_RESPONSE(&mutable_auth_string, &auth_response,
	&auth_bytes);
	if (authorization.size() != auth_bytes.size()) {
	LOG(ERROR) << __func__ << ": Authorization string was of wrong length.";
	return false;
	}
	if (parse_error != TPM_RC_SUCCESS) {
	LOG(ERROR) << __func__ << ": could not parse authorization response.";
	return false;
	}
	if (auth_response.nonce.size != 0) {
	LOG(ERROR) << __func__ << ": received a non zero length nonce.";
	return false;
	}
	if (auth_response.hmac.size != 0) {
	LOG(ERROR) << __func__ << ": received a non zero length hmac.";
	return false;
	}
	if (auth_response.session_attributes != kContinueSession) {
	LOG(ERROR) << __func__ << ": received wrong session attributes.";
	return false;
	}
	return true;
	}

	bool PasswordAuthorizationDelegate::EncryptCommandParameter(
	std::string* parameter) {
	return true;
	}

	bool PasswordAuthorizationDelegate::DecryptResponseParameter(
	std::string* parameter) {
	return true;
	}

	} // namespace trunks