-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathpassword_authorization_delegate.cc
87 lines (73 loc) · 2.57 KB
/
password_authorization_delegate.cc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
// Copyright 2014 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "trunks/password_authorization_delegate.h"
#include <base/logging.h>
#include "trunks/tpm_generated.h"
namespace trunks {
const uint8_t kContinueSession = 1;
PasswordAuthorizationDelegate::PasswordAuthorizationDelegate(
const std::string& password) {
password_ = Make_TPM2B_DIGEST(password);
}
PasswordAuthorizationDelegate::~PasswordAuthorizationDelegate() {}
bool PasswordAuthorizationDelegate::GetCommandAuthorization(
const std::string& command_hash,
bool is_command_parameter_encryption_possible,
bool is_response_parameter_encryption_possible,
std::string* authorization) {
TPMS_AUTH_COMMAND auth;
auth.session_handle = TPM_RS_PW;
auth.nonce.size = 0;
auth.session_attributes = kContinueSession;
auth.hmac = password_;
TPM_RC serialize_error = Serialize_TPMS_AUTH_COMMAND(auth, authorization);
if (serialize_error != TPM_RC_SUCCESS) {
LOG(ERROR) << __func__ << ": could not serialize command auth.";
return false;
}
return true;
}
bool PasswordAuthorizationDelegate::CheckResponseAuthorization(
const std::string& response_hash,
const std::string& authorization) {
TPMS_AUTH_RESPONSE auth_response;
std::string mutable_auth_string(authorization);
std::string auth_bytes;
TPM_RC parse_error;
parse_error = Parse_TPMS_AUTH_RESPONSE(&mutable_auth_string, &auth_response,
&auth_bytes);
if (authorization.size() != auth_bytes.size()) {
LOG(ERROR) << __func__ << ": Authorization string was of wrong length.";
return false;
}
if (parse_error != TPM_RC_SUCCESS) {
LOG(ERROR) << __func__ << ": could not parse authorization response.";
return false;
}
if (auth_response.nonce.size != 0) {
LOG(ERROR) << __func__ << ": received a non zero length nonce.";
return false;
}
if (auth_response.hmac.size != 0) {
LOG(ERROR) << __func__ << ": received a non zero length hmac.";
return false;
}
if (auth_response.session_attributes != kContinueSession) {
LOG(ERROR) << __func__ << ": received wrong session attributes.";
return false;
}
return true;
}
bool PasswordAuthorizationDelegate::EncryptCommandParameter(
std::string* parameter) {
return true;
}
bool PasswordAuthorizationDelegate::DecryptResponseParameter(
std::string* parameter) {
return true;
}
bool PasswordAuthorizationDelegate::GetTpmNonce(std::string* nonce) {
return false;
}
} // namespace trunks