diff options
| author | dkrahn@google.com <dkrahn@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-04-27 02:32:45 +0000 |
|---|---|---|
| committer | dkrahn@google.com <dkrahn@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-04-27 02:32:45 +0000 |
| commit | cd88f791eacd3f59a83af0fe1713db55ed03a352 (patch) | |
| tree | ff230ec36e7090fbe3a17e0b544b24e51c295883 /chromeos | |
| parent | 901864c2613bf8dd4afb5c8ba0b231b47938741a (diff) | |
| download | chromium_src-cd88f791eacd3f59a83af0fe1713db55ed03a352.zip chromium_src-cd88f791eacd3f59a83af0fe1713db55ed03a352.tar.gz chromium_src-cd88f791eacd3f59a83af0fe1713db55ed03a352.tar.bz2 | |
Enhanced and refactored the AttestationFlow interface.
This change makes the AttestationFlow interface easier to work with.
Supported certificate profiles are explicitly defined and the clobbering
of existing keys is now optional.
All attestation constants have been consolidated in
attestation_constants.h.
BUG=chromium:219959
TEST=unit
Review URL: https://chromiumcodereview.appspot.com/14305009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@196926 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chromeos')
| -rw-r--r-- | chromeos/attestation/attestation_constants.cc | 14 | ||||
| -rw-r--r-- | chromeos/attestation/attestation_constants.h | 64 | ||||
| -rw-r--r-- | chromeos/attestation/attestation_flow.cc | 140 | ||||
| -rw-r--r-- | chromeos/attestation/attestation_flow.h | 71 | ||||
| -rw-r--r-- | chromeos/attestation/attestation_flow_unittest.cc | 135 | ||||
| -rw-r--r-- | chromeos/attestation/mock_attestation_flow.h | 3 | ||||
| -rw-r--r-- | chromeos/chromeos.gyp | 2 | ||||
| -rw-r--r-- | chromeos/cryptohome/async_method_caller.cc | 10 | ||||
| -rw-r--r-- | chromeos/cryptohome/async_method_caller.h | 14 | ||||
| -rw-r--r-- | chromeos/cryptohome/mock_async_method_caller.cc | 14 | ||||
| -rw-r--r-- | chromeos/cryptohome/mock_async_method_caller.h | 12 | ||||
| -rw-r--r-- | chromeos/dbus/cryptohome_client.cc | 67 | ||||
| -rw-r--r-- | chromeos/dbus/cryptohome_client.h | 40 | ||||
| -rw-r--r-- | chromeos/dbus/fake_cryptohome_client.cc | 20 | ||||
| -rw-r--r-- | chromeos/dbus/fake_cryptohome_client.h | 20 | ||||
| -rw-r--r-- | chromeos/dbus/mock_cryptohome_client.h | 20 |
16 files changed, 463 insertions, 183 deletions
diff --git a/chromeos/attestation/attestation_constants.cc b/chromeos/attestation/attestation_constants.cc new file mode 100644 index 0000000..9f3833b --- /dev/null +++ b/chromeos/attestation/attestation_constants.cc @@ -0,0 +1,14 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "chromeos/attestation/attestation_constants.h" + +namespace chromeos { +namespace attestation { + +const char kEnterpriseMachineKey[] = "attest-ent-machine"; +const char kEnterpriseUserKey[] = "attest-ent-user"; + +} // namespace attestation +} // namespace chromeos diff --git a/chromeos/attestation/attestation_constants.h b/chromeos/attestation/attestation_constants.h new file mode 100644 index 0000000..a704cfc --- /dev/null +++ b/chromeos/attestation/attestation_constants.h @@ -0,0 +1,64 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CHROMEOS_ATTESTATION_ATTESTATION_CONSTANTS_H_ +#define CHROMEOS_ATTESTATION_ATTESTATION_CONSTANTS_H_ + +#include "chromeos/chromeos_export.h" + +namespace chromeos { +namespace attestation { + +// Options available for customizing an attestation certificate. +enum AttestationCertificateOptions { + CERTIFICATE_OPTION_NONE = 0, + // A stable identifier is simply an identifier that is not affected by device + // state changes, including device recovery. + CERTIFICATE_INCLUDE_STABLE_ID = 1, + // Device state information contains a quoted assertion of whether the device + // is in verified mode. + CERTIFICATE_INCLUDE_DEVICE_STATE = 1 << 1, +}; + +// Key types supported by the Chrome OS attestation subsystem. +enum AttestationKeyType { + // The key will be associated with the device itself and will be available + // regardless of which user is signed-in. + KEY_DEVICE, + // The key will be associated with the current user and will only be available + // when that user is signed-in. + KEY_USER, +}; + +// Options available for customizing an attestation challenge response. +enum AttestationChallengeOptions { + CHALLENGE_OPTION_NONE = 0, + // Indicates that a SignedPublicKeyAndChallenge should be embedded in the + // challenge response. + CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY = 1, +}; + +// Available attestation certificate profiles. +enum AttestationCertificateProfile { + // Uses the following certificate options: + // CERTIFICATE_INCLUDE_STABLE_ID + // CERTIFICATE_INCLUDE_DEVICE_STATE + PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, + // Uses the following certificate options: + // CERTIFICATE_INCLUDE_DEVICE_STATE + PROFILE_ENTERPRISE_USER_CERTIFICATE, +}; + +// A key name for the Enterprise Machine Key. This key should always be stored +// as a DEVICE_KEY. +CHROMEOS_EXPORT extern const char kEnterpriseMachineKey[]; + +// A key name for the Enterprise User Key. This key should always be stored as +// a USER_KEY. +CHROMEOS_EXPORT extern const char kEnterpriseUserKey[]; + +} // namespace attestation +} // namespace chromeos + +#endif // CHROMEOS_ATTESTATION_ATTESTATION_CONSTANTS_H_ diff --git a/chromeos/attestation/attestation_flow.cc b/chromeos/attestation/attestation_flow.cc index 97842a3..2fba761 100644 --- a/chromeos/attestation/attestation_flow.cc +++ b/chromeos/attestation/attestation_flow.cc @@ -38,30 +38,82 @@ void DBusBoolRedirectCallback(const base::Closure& on_true, task.Run(); } -} // namespace +void DBusDataMethodCallback( + const AttestationFlow::CertificateCallback& callback, + DBusMethodCallStatus status, + bool result, + const std::string& data) { + if (status != DBUS_METHOD_CALL_SUCCESS) { + LOG(ERROR) << "Attestation: DBus data operation failed."; + if (!callback.is_null()) + callback.Run(false, ""); + return; + } + if (!callback.is_null()) + callback.Run(result, data); +} + +AttestationKeyType GetKeyTypeForProfile( + AttestationCertificateProfile profile) { + switch (profile) { + case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE: + return KEY_DEVICE; + case PROFILE_ENTERPRISE_USER_CERTIFICATE: + return KEY_USER; + } + NOTREACHED(); + return KEY_USER; +} -const char AttestationFlow::kEnterpriseMachineKey[] = "attest-ent-machine"; +std::string GetKeyNameForProfile( + AttestationCertificateProfile profile) { + switch (profile) { + case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE: + return kEnterpriseMachineKey; + case PROFILE_ENTERPRISE_USER_CERTIFICATE: + return kEnterpriseUserKey; + } + NOTREACHED(); + return ""; +} + +int GetCertificateOptionsForProfile( + AttestationCertificateProfile profile) { + switch (profile) { + case PROFILE_ENTERPRISE_MACHINE_CERTIFICATE: + return CERTIFICATE_INCLUDE_STABLE_ID | CERTIFICATE_INCLUDE_DEVICE_STATE; + case PROFILE_ENTERPRISE_USER_CERTIFICATE: + return CERTIFICATE_INCLUDE_DEVICE_STATE; + } + NOTREACHED(); + return CERTIFICATE_OPTION_NONE; +} + +} // namespace AttestationFlow::AttestationFlow(cryptohome::AsyncMethodCaller* async_caller, CryptohomeClient* cryptohome_client, scoped_ptr<ServerProxy> server_proxy) - : weak_factory_(this), - async_caller_(async_caller), + : async_caller_(async_caller), cryptohome_client_(cryptohome_client), - server_proxy_(server_proxy.Pass()) { + server_proxy_(server_proxy.Pass()), + weak_factory_(this) { } AttestationFlow::~AttestationFlow() { } -void AttestationFlow::GetCertificate(const std::string& name, - const CertificateCallback& callback) { +void AttestationFlow::GetCertificate( + AttestationCertificateProfile certificate_profile, + bool force_new_key, + const CertificateCallback& callback) { // If this device has not enrolled with the Privacy CA, we need to do that // first. Once enrolled we can proceed with the certificate request. base::Closure do_cert_request = base::Bind( &AttestationFlow::StartCertificateRequest, weak_factory_.GetWeakPtr(), - name, + certificate_profile, + force_new_key, callback); base::Closure on_enroll_failure = base::Bind(callback, false, ""); base::Closure do_enroll = base::Bind(&AttestationFlow::StartEnroll, @@ -143,22 +195,49 @@ void AttestationFlow::OnEnrollComplete(const base::Closure& on_failure, } void AttestationFlow::StartCertificateRequest( - const std::string& name, + AttestationCertificateProfile certificate_profile, + bool generate_new_key, const CertificateCallback& callback) { - // Get the attestation service to create a Privacy CA certificate request. - int options = CryptohomeClient::INCLUDE_DEVICE_STATE; - if (name == kEnterpriseMachineKey) - options |= CryptohomeClient::INCLUDE_STABLE_ID; - async_caller_->AsyncTpmAttestationCreateCertRequest( - options, - base::Bind(&AttestationFlow::SendCertificateRequestToPCA, - weak_factory_.GetWeakPtr(), - name, - callback)); + AttestationKeyType key_type = GetKeyTypeForProfile(certificate_profile); + std::string key_name = GetKeyNameForProfile(certificate_profile); + if (generate_new_key) { + // Get the attestation service to create a Privacy CA certificate request. + async_caller_->AsyncTpmAttestationCreateCertRequest( + GetCertificateOptionsForProfile(certificate_profile), + base::Bind(&AttestationFlow::SendCertificateRequestToPCA, + weak_factory_.GetWeakPtr(), + key_type, + key_name, + callback)); + } else { + // If the key already exists, query the existing certificate. + base::Closure on_key_exists = base::Bind( + &AttestationFlow::GetExistingCertificate, + weak_factory_.GetWeakPtr(), + key_type, + key_name, + callback); + // If the key does not exist, call this method back with |generate_new_key| + // set to true. + base::Closure on_key_not_exists = base::Bind( + &AttestationFlow::StartCertificateRequest, + weak_factory_.GetWeakPtr(), + certificate_profile, + true, + callback); + cryptohome_client_->TpmAttestationDoesKeyExist( + key_type, + key_name, + base::Bind(&DBusBoolRedirectCallback, + on_key_exists, + on_key_not_exists, + base::Bind(callback, false, ""))); + } } void AttestationFlow::SendCertificateRequestToPCA( - const std::string& name, + AttestationKeyType key_type, + const std::string& key_name, const CertificateCallback& callback, bool success, const std::string& data) { @@ -174,12 +253,14 @@ void AttestationFlow::SendCertificateRequestToPCA( data, base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, weak_factory_.GetWeakPtr(), - name, + key_type, + key_name, callback)); } void AttestationFlow::SendCertificateResponseToDaemon( - const std::string& name, + AttestationKeyType key_type, + const std::string& key_name, const CertificateCallback& callback, bool success, const std::string& data) { @@ -191,14 +272,21 @@ void AttestationFlow::SendCertificateResponseToDaemon( } // Forward the response to the attestation service to complete the operation. - CryptohomeClient::AttestationKeyType key_type = CryptohomeClient::USER_KEY; - if (name == kEnterpriseMachineKey) - key_type = CryptohomeClient::DEVICE_KEY; async_caller_->AsyncTpmAttestationFinishCertRequest(data, key_type, - name, + key_name, base::Bind(callback)); } +void AttestationFlow::GetExistingCertificate( + AttestationKeyType key_type, + const std::string& key_name, + const CertificateCallback& callback) { + cryptohome_client_->TpmAttestationGetCertificate( + key_type, + key_name, + base::Bind(&DBusDataMethodCallback, callback)); +} + } // namespace attestation } // namespace chromeos diff --git a/chromeos/attestation/attestation_flow.h b/chromeos/attestation/attestation_flow.h index 76049d7..2c59f3b 100644 --- a/chromeos/attestation/attestation_flow.h +++ b/chromeos/attestation/attestation_flow.h @@ -11,6 +11,7 @@ #include "base/callback_forward.h" #include "base/memory/scoped_ptr.h" #include "base/memory/weak_ptr.h" +#include "chromeos/attestation/attestation_constants.h" #include "chromeos/chromeos_export.h" #include "chromeos/dbus/dbus_method_call_status.h" #include "third_party/cros_system_api/dbus/service_constants.h" @@ -41,12 +42,12 @@ class CHROMEOS_EXPORT ServerProxy { // Implements the message flow for Chrome OS attestation tasks. Generally this // consists of coordinating messages between the Chrome OS attestation service -// and the Privacy CA server. Sample usage: +// and the Chrome OS Privacy CA server. Sample usage: // AttestationFlow flow(AsyncMethodCaller::GetInstance(), // DBusThreadManager::Get().GetCryptohomeClient(), -// my_server_proxy); -// CertificateCallback callback = base::Bind(&MyCallback); -// flow.GetCertificate("attest-ent-machine", callback); +// my_server_proxy.Pass()); +// AttestationFlow::CertificateCallback callback = base::Bind(&MyCallback); +// flow.GetCertificate(ENTERPRISE_USER_CERTIFICATE, false, callback); class CHROMEOS_EXPORT AttestationFlow { public: typedef base::Callback<void(bool success, @@ -58,25 +59,26 @@ class CHROMEOS_EXPORT AttestationFlow { scoped_ptr<ServerProxy> server_proxy); virtual ~AttestationFlow(); - // Asynchronously gets an attestation certificate bound to the given name. - // If no certificate has been associated with the name, a new certificate is - // issued. + // Gets an attestation certificate for a hardware-protected key. If a key for + // the given profile does not exist, it will be generated and a certificate + // request will be made to the Chrome OS Privacy CA to issue a certificate for + // the key. If the key already exists and |force_new_key| is false, the + // existing certificate is returned. // // Parameters - // name - The name of the key for which to retrieve a certificate. The - // following key names are available: - // "attest-ent-machine" - The enterprise machine key. - // "attest-ent-user" - An enterprise user key for the current user. - // "content-[origin]" - A content protection key bound to a - // specific origin for the current user. + // certificate_profile - Specifies what kind of certificate should be + // requested from the CA. + // force_new_key - If set to true, a new key will be generated even if a key + // already exists for the profile. The new key will replace + // the existing key on success. // callback - A callback which will be called when the operation completes. - virtual void GetCertificate(const std::string& name, + // On success |result| will be true and |data| will contain the + // PCA-issued certificate chain in PEM format. + virtual void GetCertificate(AttestationCertificateProfile certificate_profile, + bool force_new_key, const CertificateCallback& callback); private: - // The key name defined for the special-purpose Enterprise Machine Key. - static const char kEnterpriseMachineKey[]; - // Asynchronously initiates the attestation enrollment flow. // // Parameters @@ -130,21 +132,27 @@ class CHROMEOS_EXPORT AttestationFlow { // enrollment must complete successfully before this operation can succeed. // // Parameters - // name - The name of the key for which a certificate is requested. + // certificate_profile - Specifies what kind of certificate should be + // requested from the CA. + // generate_new_key - If set to true a new key is generated. // callback - Called when the operation completes. - void StartCertificateRequest(const std::string& name, - const CertificateCallback& callback); + void StartCertificateRequest( + const AttestationCertificateProfile certificate_profile, + bool generate_new_key, + const CertificateCallback& callback); // Called when the attestation daemon has finished creating a certificate // request for the Privacy CA. The request is asynchronously forwarded as-is // to the PCA. // // Parameters - // name - The name of the key for which a certificate is requested. + // key_type - The type of the key for which a certificate is requested. + // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. // success - The status of request creation. // data - The request data for the Privacy CA. - void SendCertificateRequestToPCA(const std::string& name, + void SendCertificateRequestToPCA(AttestationKeyType key_type, + const std::string& key_name, const CertificateCallback& callback, bool success, const std::string& data); @@ -154,20 +162,33 @@ class CHROMEOS_EXPORT AttestationFlow { // complete the operation. // // Parameters - // name - The name of the key for which a certificate is requested. + // key_type - The type of the key for which a certificate is requested. + // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. // success - The status of the Privacy CA operation. // data - The response data from the Privacy CA. - void SendCertificateResponseToDaemon(const std::string& name, + void SendCertificateResponseToDaemon(AttestationKeyType key_type, + const std::string& key_name, const CertificateCallback& callback, bool success, const std::string& data); - base::WeakPtrFactory<AttestationFlow> weak_factory_; + // Gets an existing certificate from the attestation daemon. + // + // Parameters + // key_type - The type of the key for which a certificate is requested. + // key_name - The name of the key for which a certificate is requested. + // callback - Called when the operation completes. + void GetExistingCertificate(AttestationKeyType key_type, + const std::string& key_name, + const CertificateCallback& callback); + cryptohome::AsyncMethodCaller* async_caller_; CryptohomeClient* cryptohome_client_; scoped_ptr<ServerProxy> server_proxy_; + base::WeakPtrFactory<AttestationFlow> weak_factory_; + DISALLOW_COPY_AND_ASSIGN(AttestationFlow); }; diff --git a/chromeos/attestation/attestation_flow_unittest.cc b/chromeos/attestation/attestation_flow_unittest.cc index 30ea3cc..9f70434 100644 --- a/chromeos/attestation/attestation_flow_unittest.cc +++ b/chromeos/attestation/attestation_flow_unittest.cc @@ -41,6 +41,20 @@ void AsyncCallbackFalse(cryptohome::AsyncMethodCaller::Callback callback) { callback.Run(false, cryptohome::MOUNT_ERROR_NONE); } +class FakeDBusData { + public: + explicit FakeDBusData(const std::string& data) : data_(data) {} + + void operator() (const CryptohomeClient::DataMethodCallback& callback) { + MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, true, data_)); + } + + private: + std::string data_; +}; + } // namespace class AttestationFlowTest : public testing::Test { @@ -83,11 +97,11 @@ TEST_F(AttestationFlowTest, GetCertificate) { .Times(1) .InSequence(flow_order); - int options = CryptohomeClient::INCLUDE_DEVICE_STATE; - EXPECT_CALL(async_caller, - AsyncTpmAttestationCreateCertRequest(options, _)) - .Times(1) - .InSequence(flow_order); + EXPECT_CALL( + async_caller, + AsyncTpmAttestationCreateCertRequest(CERTIFICATE_INCLUDE_DEVICE_STATE, _)) + .Times(1) + .InSequence(flow_order); EXPECT_CALL(*proxy, SendCertificateRequest( cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest, @@ -99,8 +113,8 @@ TEST_F(AttestationFlowTest, GetCertificate) { fake_cert_response += "_response"; EXPECT_CALL(async_caller, AsyncTpmAttestationFinishCertRequest(fake_cert_response, - CryptohomeClient::USER_KEY, - "test", + KEY_USER, + kEnterpriseUserKey, _)) .Times(1) .InSequence(flow_order); @@ -117,7 +131,7 @@ TEST_F(AttestationFlowTest, GetCertificate) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); - flow.GetCertificate("test", mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback); Run(); } @@ -143,7 +157,7 @@ TEST_F(AttestationFlowTest, GetCertificate_NoEK) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); - flow.GetCertificate("test", mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback); Run(); } @@ -172,7 +186,7 @@ TEST_F(AttestationFlowTest, GetCertificate_EKRejected) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); - flow.GetCertificate("test", mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback); Run(); } @@ -205,15 +219,15 @@ TEST_F(AttestationFlowTest, GetCertificate_FailEnroll) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); - flow.GetCertificate("test", mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback); Run(); } -TEST_F(AttestationFlowTest, GetOwnerCertificateAlreadyEnrolled) { +TEST_F(AttestationFlowTest, GetMachineCertificateAlreadyEnrolled) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE); - int options = CryptohomeClient::INCLUDE_DEVICE_STATE | - CryptohomeClient::INCLUDE_STABLE_ID; + int options = CERTIFICATE_INCLUDE_DEVICE_STATE | + CERTIFICATE_INCLUDE_STABLE_ID; EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest(options, _)) .Times(1); std::string fake_cert_response = @@ -221,8 +235,8 @@ TEST_F(AttestationFlowTest, GetOwnerCertificateAlreadyEnrolled) { fake_cert_response += "_response"; EXPECT_CALL(async_caller, AsyncTpmAttestationFinishCertRequest(fake_cert_response, - CryptohomeClient::DEVICE_KEY, - "attest-ent-machine", + KEY_DEVICE, + kEnterpriseMachineKey, _)) .Times(1); @@ -246,14 +260,15 @@ TEST_F(AttestationFlowTest, GetOwnerCertificateAlreadyEnrolled) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); - flow.GetCertificate("attest-ent-machine", mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, + true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetCertificate_FailCreateCertRequest) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(false, cryptohome::MOUNT_ERROR_NONE); - int options = CryptohomeClient::INCLUDE_DEVICE_STATE; + int options = CERTIFICATE_INCLUDE_DEVICE_STATE; EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest(options, _)) .Times(1); @@ -273,14 +288,14 @@ TEST_F(AttestationFlowTest, GetCertificate_FailCreateCertRequest) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); - flow.GetCertificate("test", mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetCertificate_CertRequestRejected) { StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE); - int options = CryptohomeClient::INCLUDE_DEVICE_STATE; + int options = CERTIFICATE_INCLUDE_DEVICE_STATE; EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest(options, _)) .Times(1); @@ -303,12 +318,12 @@ TEST_F(AttestationFlowTest, GetCertificate_CertRequestRejected) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); - flow.GetCertificate("test", mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback); Run(); } TEST_F(AttestationFlowTest, GetCertificate_FailIsEnrolled) { - // We're not expecting any server calls in this case; StrictMock will verify. + // We're not expecting any async calls in this case; StrictMock will verify. StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; chromeos::MockCryptohomeClient client; @@ -326,7 +341,81 @@ TEST_F(AttestationFlowTest, GetCertificate_FailIsEnrolled) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); - flow.GetCertificate("test", mock_callback); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, true, mock_callback); + Run(); +} + +TEST_F(AttestationFlowTest, GetCertificate_CheckExisting) { + StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; + async_caller.SetUp(true, cryptohome::MOUNT_ERROR_NONE); + int options = CERTIFICATE_INCLUDE_DEVICE_STATE; + EXPECT_CALL(async_caller, AsyncTpmAttestationCreateCertRequest(options, _)) + .Times(1); + std::string fake_cert_response = + cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest; + fake_cert_response += "_response"; + EXPECT_CALL(async_caller, + AsyncTpmAttestationFinishCertRequest(fake_cert_response, + KEY_USER, + kEnterpriseUserKey, + _)) + .Times(1); + + chromeos::MockCryptohomeClient client; + EXPECT_CALL(client, TpmAttestationIsEnrolled(_)) + .WillRepeatedly(Invoke(DBusCallbackTrue)); + EXPECT_CALL(client, + TpmAttestationDoesKeyExist(KEY_USER, kEnterpriseUserKey, _)) + .WillRepeatedly(WithArgs<2>(Invoke(DBusCallbackFalse))); + + scoped_ptr<MockServerProxy> proxy(new StrictMock<MockServerProxy>()); + proxy->DeferToFake(true); + EXPECT_CALL(*proxy, SendCertificateRequest( + cryptohome::MockAsyncMethodCaller::kFakeAttestationCertRequest, + _)).Times(1); + + StrictMock<MockObserver> observer; + EXPECT_CALL(observer, MockCertificateCallback( + true, + cryptohome::MockAsyncMethodCaller::kFakeAttestationCert)).Times(1); + AttestationFlow::CertificateCallback mock_callback = base::Bind( + &MockObserver::MockCertificateCallback, + base::Unretained(&observer)); + + scoped_ptr<ServerProxy> proxy_interface(proxy.release()); + AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, + false, mock_callback); + Run(); +} + +TEST_F(AttestationFlowTest, GetCertificate_AlreadyExists) { + // We're not expecting any async calls in this case; StrictMock will verify. + StrictMock<cryptohome::MockAsyncMethodCaller> async_caller; + + chromeos::MockCryptohomeClient client; + EXPECT_CALL(client, TpmAttestationIsEnrolled(_)) + .WillRepeatedly(Invoke(DBusCallbackTrue)); + EXPECT_CALL(client, + TpmAttestationDoesKeyExist(KEY_USER, kEnterpriseUserKey, _)) + .WillRepeatedly(WithArgs<2>(Invoke(DBusCallbackTrue))); + EXPECT_CALL(client, + TpmAttestationGetCertificate(KEY_USER, kEnterpriseUserKey, _)) + .WillRepeatedly(WithArgs<2>(Invoke(FakeDBusData("fake_cert")))); + + // We're not expecting any server calls in this case; StrictMock will verify. + scoped_ptr<MockServerProxy> proxy(new StrictMock<MockServerProxy>()); + + StrictMock<MockObserver> observer; + EXPECT_CALL(observer, MockCertificateCallback(true, "fake_cert")).Times(1); + AttestationFlow::CertificateCallback mock_callback = base::Bind( + &MockObserver::MockCertificateCallback, + base::Unretained(&observer)); + + scoped_ptr<ServerProxy> proxy_interface(proxy.release()); + AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, + false, mock_callback); Run(); } diff --git a/chromeos/attestation/mock_attestation_flow.h b/chromeos/attestation/mock_attestation_flow.h index 59462c54..bda8a72 100644 --- a/chromeos/attestation/mock_attestation_flow.h +++ b/chromeos/attestation/mock_attestation_flow.h @@ -65,7 +65,8 @@ class MockAttestationFlow : public AttestationFlow { MockAttestationFlow(); virtual ~MockAttestationFlow(); - MOCK_METHOD2(GetCertificate, void(const std::string&, + MOCK_METHOD3(GetCertificate, void(AttestationCertificateProfile, + bool, const CertificateCallback&)); }; diff --git a/chromeos/chromeos.gyp b/chromeos/chromeos.gyp index 4b6a7bb..57e36b5 100644 --- a/chromeos/chromeos.gyp +++ b/chromeos/chromeos.gyp @@ -36,6 +36,8 @@ 'audio/audio_pref_handler.h', 'audio/cras_audio_handler.cc', 'audio/cras_audio_handler.h', + 'attestation/attestation_constants.cc', + 'attestation/attestation_constants.h', 'attestation/attestation_flow.cc', 'attestation/attestation_flow.h', 'chromeos_export.h', diff --git a/chromeos/cryptohome/async_method_caller.cc b/chromeos/cryptohome/async_method_caller.cc index 2478182..97c64e2 100644 --- a/chromeos/cryptohome/async_method_caller.cc +++ b/chromeos/cryptohome/async_method_caller.cc @@ -123,7 +123,7 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, - chromeos::CryptohomeClient::AttestationKeyType key_type, + chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const DataCallback& callback) OVERRIDE { DBusThreadManager::Get()->GetCryptohomeClient()-> @@ -139,7 +139,7 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { } virtual void TpmAttestationRegisterKey( - chromeos::CryptohomeClient::AttestationKeyType key_type, + chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const Callback& callback) OVERRIDE { DBusThreadManager::Get()->GetCryptohomeClient()-> @@ -154,11 +154,11 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { } virtual void TpmAttestationSignEnterpriseChallenge( - chromeos::CryptohomeClient::AttestationKeyType key_type, + chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& domain, const std::string& device_id, - chromeos::CryptohomeClient::AttestationChallengeOptions options, + chromeos::attestation::AttestationChallengeOptions options, const std::string& challenge, const DataCallback& callback) OVERRIDE { DBusThreadManager::Get()->GetCryptohomeClient()-> @@ -177,7 +177,7 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { } virtual void TpmAttestationSignSimpleChallenge( - chromeos::CryptohomeClient::AttestationKeyType key_type, + chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& challenge, const DataCallback& callback) OVERRIDE { diff --git a/chromeos/cryptohome/async_method_caller.h b/chromeos/cryptohome/async_method_caller.h index 0957397..11499c9 100644 --- a/chromeos/cryptohome/async_method_caller.h +++ b/chromeos/cryptohome/async_method_caller.h @@ -98,8 +98,8 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // Asks cryptohomed to asynchronously create an attestation certificate // request according to |options|, which is a combination of - // CryptohomeClient::AttestationCertificateOptions. On success the data sent - // to |callback| is a request to be sent to the Privacy CA. + // attestation::AttestationCertificateOptions. On success the data sent to + // |callback| is a request to be sent to the Privacy CA. virtual void AsyncTpmAttestationCreateCertRequest( int options, const DataCallback& callback) = 0; @@ -112,14 +112,14 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // key. virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, - chromeos::CryptohomeClient::AttestationKeyType key_type, + chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const DataCallback& callback) = 0; // Asks cryptohomed to asynchronously register the attestation key specified // by |key_type| and |key_name|. virtual void TpmAttestationRegisterKey( - chromeos::CryptohomeClient::AttestationKeyType key_type, + chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const Callback& callback) = 0; @@ -129,11 +129,11 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // a valid enterprise challenge. On success, the data sent to |callback| is // the challenge response. virtual void TpmAttestationSignEnterpriseChallenge( - chromeos::CryptohomeClient::AttestationKeyType key_type, + chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& domain, const std::string& device_id, - chromeos::CryptohomeClient::AttestationChallengeOptions options, + chromeos::attestation::AttestationChallengeOptions options, const std::string& challenge, const DataCallback& callback) = 0; @@ -142,7 +142,7 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // set of bytes. On success, the data sent to |callback| is the challenge // response. virtual void TpmAttestationSignSimpleChallenge( - chromeos::CryptohomeClient::AttestationKeyType key_type, + chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& challenge, const DataCallback& callback) = 0; diff --git a/chromeos/cryptohome/mock_async_method_caller.cc b/chromeos/cryptohome/mock_async_method_caller.cc index bf65376..b22f780 100644 --- a/chromeos/cryptohome/mock_async_method_caller.cc +++ b/chromeos/cryptohome/mock_async_method_caller.cc @@ -14,6 +14,8 @@ const char MockAsyncMethodCaller::kFakeAttestationEnrollRequest[] = "enrollreq"; const char MockAsyncMethodCaller::kFakeAttestationCertRequest[] = "certreq"; const char MockAsyncMethodCaller::kFakeAttestationCert[] = "cert"; const char MockAsyncMethodCaller::kFakeSanitizedUsername[] = "01234567890ABC"; +const char MockAsyncMethodCaller::kFakeChallengeResponse[] = + "challenge_response"; MockAsyncMethodCaller::MockAsyncMethodCaller() : success_(false), return_code_(cryptohome::MOUNT_ERROR_NONE) { @@ -59,6 +61,13 @@ void MockAsyncMethodCaller::SetUp(bool success, MountError return_code) { WithArgs<1>(Invoke(this, &MockAsyncMethodCaller:: FakeGetSanitizedUsername))); + ON_CALL(*this, TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _)) + .WillByDefault( + WithArgs<6>(Invoke(this, + &MockAsyncMethodCaller::FakeEnterpriseChallenge))); + ON_CALL(*this, TpmAttestationRegisterKey(_, _, _)) + .WillByDefault( + WithArgs<2>(Invoke(this, &MockAsyncMethodCaller::DoCallback))); } void MockAsyncMethodCaller::DoCallback(Callback callback) { @@ -85,4 +94,9 @@ void MockAsyncMethodCaller::FakeGetSanitizedUsername( callback.Run(success_, kFakeSanitizedUsername); } +void MockAsyncMethodCaller::FakeEnterpriseChallenge( + const DataCallback& callback) { + callback.Run(success_, kFakeChallengeResponse); +} + } // namespace cryptohome diff --git a/chromeos/cryptohome/mock_async_method_caller.h b/chromeos/cryptohome/mock_async_method_caller.h index 8fc2b8b..0bb0b29 100644 --- a/chromeos/cryptohome/mock_async_method_caller.h +++ b/chromeos/cryptohome/mock_async_method_caller.h @@ -20,6 +20,7 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { static const char kFakeAttestationCertRequest[]; static const char kFakeAttestationCert[]; static const char kFakeSanitizedUsername[]; + static const char kFakeChallengeResponse[]; MockAsyncMethodCaller(); virtual ~MockAsyncMethodCaller(); @@ -49,24 +50,24 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { const DataCallback& callback)); MOCK_METHOD4(AsyncTpmAttestationFinishCertRequest, void(const std::string& pca_response, - chromeos::CryptohomeClient::AttestationKeyType key_type, + chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const DataCallback& callback)); MOCK_METHOD3(TpmAttestationRegisterKey, - void(chromeos::CryptohomeClient::AttestationKeyType key_type, + void(chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const Callback& callback)); MOCK_METHOD7( TpmAttestationSignEnterpriseChallenge, - void(chromeos::CryptohomeClient::AttestationKeyType key_type, + void(chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& domain, const std::string& device_id, - chromeos::CryptohomeClient::AttestationChallengeOptions options, + chromeos::attestation::AttestationChallengeOptions options, const std::string& challenge, const DataCallback& callback)); MOCK_METHOD4(TpmAttestationSignSimpleChallenge, - void(chromeos::CryptohomeClient::AttestationKeyType key_type, + void(chromeos::attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& challenge, const DataCallback& callback)); @@ -84,6 +85,7 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { void FakeCreateCertRequest(const DataCallback& callback); void FakeFinishCertRequest(const DataCallback& callback); void FakeGetSanitizedUsername(const DataCallback& callback); + void FakeEnterpriseChallenge(const DataCallback& callback); DISALLOW_COPY_AND_ASSIGN(MockAsyncMethodCaller); }; diff --git a/chromeos/dbus/cryptohome_client.cc b/chromeos/dbus/cryptohome_client.cc index 7bcbc4a..286533d 100644 --- a/chromeos/dbus/cryptohome_client.cc +++ b/chromeos/dbus/cryptohome_client.cc @@ -412,9 +412,11 @@ class CryptohomeClientImpl : public CryptohomeClient { cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeAsyncTpmAttestationCreateCertRequest); dbus::MessageWriter writer(&method_call); - bool include_stable_id = (options & INCLUDE_STABLE_ID); + bool include_stable_id = + (options & attestation::CERTIFICATE_INCLUDE_STABLE_ID); writer.AppendBool(include_stable_id); - bool include_device_state = (options & INCLUDE_DEVICE_STATE); + bool include_device_state = + (options & attestation::CERTIFICATE_INCLUDE_DEVICE_STATE); writer.AppendBool(include_device_state); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -425,7 +427,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( @@ -435,7 +437,7 @@ class CryptohomeClientImpl : public CryptohomeClient { writer.AppendArrayOfBytes( reinterpret_cast<const uint8*>(pca_response.data()), pca_response.size()); - bool is_user_specific = (key_type == USER_KEY); + bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, @@ -446,14 +448,14 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationDoesKeyExist( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const BoolDBusMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationDoesKeyExist); dbus::MessageWriter writer(&method_call); - bool is_user_specific = (key_type == USER_KEY); + bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); writer.AppendString(key_name); CallBoolMethod(&method_call, callback); @@ -461,14 +463,14 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationGetCertificate( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationGetCertificate); dbus::MessageWriter writer(&method_call); - bool is_user_specific = (key_type == USER_KEY); + bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, @@ -479,14 +481,14 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationGetPublicKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationGetPublicKey); dbus::MessageWriter writer(&method_call); - bool is_user_specific = (key_type == USER_KEY); + bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, @@ -497,14 +499,14 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationRegisterKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationRegisterKey); dbus::MessageWriter writer(&method_call); - bool is_user_specific = (key_type == USER_KEY); + bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, @@ -515,24 +517,25 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationSignEnterpriseChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& domain, const std::string& device_id, - AttestationChallengeOptions options, + attestation::AttestationChallengeOptions options, const std::string& challenge, const AsyncMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationSignEnterpriseChallenge); dbus::MessageWriter writer(&method_call); - bool is_user_specific = (key_type == USER_KEY); + bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); writer.AppendString(key_name); writer.AppendString(domain); writer.AppendArrayOfBytes(reinterpret_cast<const uint8*>(device_id.data()), device_id.size()); - bool include_signed_public_key = (options & INCLUDE_SIGNED_PUBLIC_KEY); + bool include_signed_public_key = + (options & attestation::CHALLENGE_INCLUDE_SIGNED_PUBLIC_KEY); writer.AppendBool(include_signed_public_key); writer.AppendArrayOfBytes(reinterpret_cast<const uint8*>(challenge.data()), challenge.size()); @@ -544,7 +547,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationSignSimpleChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) OVERRIDE { @@ -552,7 +555,7 @@ class CryptohomeClientImpl : public CryptohomeClient { cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationSignEnterpriseChallenge); dbus::MessageWriter writer(&method_call); - bool is_user_specific = (key_type == USER_KEY); + bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); writer.AppendString(key_name); writer.AppendArrayOfBytes(reinterpret_cast<const uint8*>(challenge.data()), @@ -565,14 +568,14 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationGetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationGetKeyPayload); dbus::MessageWriter writer(&method_call); - bool is_user_specific = (key_type == USER_KEY); + bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, @@ -583,7 +586,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationSetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) OVERRIDE { @@ -591,7 +594,7 @@ class CryptohomeClientImpl : public CryptohomeClient { cryptohome::kCryptohomeInterface, cryptohome::kCryptohomeTpmAttestationSetKeyPayload); dbus::MessageWriter writer(&method_call); - bool is_user_specific = (key_type == USER_KEY); + bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); writer.AppendString(key_name); writer.AppendArrayOfBytes(reinterpret_cast<const uint8*>(payload.data()), @@ -1043,7 +1046,7 @@ class CryptohomeClientStubImpl : public CryptohomeClient { // CryptohomeClient override. virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE { ReturnAsyncMethodResult(callback, true); @@ -1051,7 +1054,7 @@ class CryptohomeClientStubImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationDoesKeyExist( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const BoolDBusMethodCallback& callback) OVERRIDE { MessageLoop::current()->PostTask( @@ -1061,7 +1064,7 @@ class CryptohomeClientStubImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationGetCertificate( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE { MessageLoop::current()->PostTask( @@ -1071,7 +1074,7 @@ class CryptohomeClientStubImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationGetPublicKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE { MessageLoop::current()->PostTask( @@ -1081,7 +1084,7 @@ class CryptohomeClientStubImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationRegisterKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE { ReturnAsyncMethodResult(callback, true); @@ -1089,11 +1092,11 @@ class CryptohomeClientStubImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationSignEnterpriseChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& domain, const std::string& device_id, - AttestationChallengeOptions options, + attestation::AttestationChallengeOptions options, const std::string& challenge, const AsyncMethodCallback& callback) OVERRIDE { ReturnAsyncMethodResult(callback, true); @@ -1101,7 +1104,7 @@ class CryptohomeClientStubImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationSignSimpleChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) OVERRIDE { @@ -1109,7 +1112,7 @@ class CryptohomeClientStubImpl : public CryptohomeClient { } virtual void TpmAttestationGetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE { MessageLoop::current()->PostTask( @@ -1118,7 +1121,7 @@ class CryptohomeClientStubImpl : public CryptohomeClient { } virtual void TpmAttestationSetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) OVERRIDE { diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h index d9ddf1b..69eb86f 100644 --- a/chromeos/dbus/cryptohome_client.h +++ b/chromeos/dbus/cryptohome_client.h @@ -10,6 +10,7 @@ #include "base/basictypes.h" #include "base/callback.h" +#include "chromeos/attestation/attestation_constants.h" #include "chromeos/chromeos_export.h" #include "chromeos/dbus/dbus_client_implementation_type.h" #include "chromeos/dbus/dbus_method_call_status.h" @@ -47,25 +48,6 @@ class CHROMEOS_EXPORT CryptohomeClient { bool result, const std::string& data)> DataMethodCallback; - // Options available for customizing an attestation certificate. - enum AttestationCertificateOptions { - CERTIFICATE_OPTION_NONE = 0, - INCLUDE_STABLE_ID = 1, - INCLUDE_DEVICE_STATE = 1 << 1 - }; - - // Key types supported by the Chrome OS attestation subsystem. - enum AttestationKeyType { - DEVICE_KEY, - USER_KEY - }; - - // Options available for customizing an attestation challenge response. - enum AttestationChallengeOptions { - CHALLENGE_RESPONSE_OPTION_NONE = 0, - INCLUDE_SIGNED_PUBLIC_KEY = 1 - }; - virtual ~CryptohomeClient(); // Factory function, creates a new instance and returns ownership. @@ -259,7 +241,7 @@ class CHROMEOS_EXPORT CryptohomeClient { // the current user. |key_name| is a name for the key. virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) = 0; @@ -267,7 +249,7 @@ class CHROMEOS_EXPORT CryptohomeClient { // |key_type| and |key_name| exists, then the result sent to the callback will // be true. virtual void TpmAttestationDoesKeyExist( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const BoolDBusMethodCallback& callback) = 0; @@ -275,7 +257,7 @@ class CHROMEOS_EXPORT CryptohomeClient { // |key_name|. |callback| will be called when the operation completes. If // the key does not exist the callback |result| parameter will be false. virtual void TpmAttestationGetCertificate( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) = 0; @@ -283,7 +265,7 @@ class CHROMEOS_EXPORT CryptohomeClient { // |callback| will be called when the operation completes. If the key does // not exist the callback |result| parameter will be false. virtual void TpmAttestationGetPublicKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) = 0; @@ -292,7 +274,7 @@ class CHROMEOS_EXPORT CryptohomeClient { // completes. When the operation completes, the AsyncCallStatusHandler signal // handler is called. |key_type| and |key_name| specify the key to register. virtual void TpmAttestationRegisterKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) = 0; @@ -304,11 +286,11 @@ class CHROMEOS_EXPORT CryptohomeClient { // operation completes, the AsyncCallStatusWithDataHandler signal handler is // called. virtual void TpmAttestationSignEnterpriseChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& domain, const std::string& device_id, - AttestationChallengeOptions options, + attestation::AttestationChallengeOptions options, const std::string& challenge, const AsyncMethodCallback& callback) = 0; @@ -319,7 +301,7 @@ class CHROMEOS_EXPORT CryptohomeClient { // the dbus call completes. When the operation completes, the // AsyncCallStatusWithDataHandler signal handler is called. virtual void TpmAttestationSignSimpleChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) = 0; @@ -330,7 +312,7 @@ class CHROMEOS_EXPORT CryptohomeClient { // If no payload has been set for the key the callback |result| parameter will // be true and the |data| parameter will be empty. virtual void TpmAttestationGetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) = 0; @@ -338,7 +320,7 @@ class CHROMEOS_EXPORT CryptohomeClient { // |key_name|. The |callback| will be called when the operation completes. // If the operation succeeds, the callback |result| parameter will be true. virtual void TpmAttestationSetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) = 0; diff --git a/chromeos/dbus/fake_cryptohome_client.cc b/chromeos/dbus/fake_cryptohome_client.cc index 227ac99..fb54054 100644 --- a/chromeos/dbus/fake_cryptohome_client.cc +++ b/chromeos/dbus/fake_cryptohome_client.cc @@ -40,14 +40,14 @@ bool FakeCryptohomeClient::InstallAttributesIsInvalid(bool* is_invalid) { } void FakeCryptohomeClient::TpmAttestationGetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) { } void FakeCryptohomeClient::AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) { } @@ -141,7 +141,7 @@ bool FakeCryptohomeClient::InstallAttributesIsFirstInstall( } void FakeCryptohomeClient::TpmAttestationGetCertificate( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) { } @@ -154,13 +154,13 @@ void FakeCryptohomeClient::InstallAttributesIsReady( } void FakeCryptohomeClient::TpmAttestationGetPublicKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) { } void FakeCryptohomeClient::TpmAttestationSignSimpleChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) { @@ -188,7 +188,7 @@ void FakeCryptohomeClient::ResetAsyncCallStatusHandlers() { } void FakeCryptohomeClient::TpmAttestationDoesKeyExist( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const BoolDBusMethodCallback& callback) { } @@ -202,7 +202,7 @@ void FakeCryptohomeClient::AsyncRemove(const std::string& username, } void FakeCryptohomeClient::TpmAttestationSetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) { @@ -214,11 +214,11 @@ void FakeCryptohomeClient::GetSanitizedUsername( } void FakeCryptohomeClient::TpmAttestationSignEnterpriseChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& domain, const std::string& device_id, - AttestationChallengeOptions options, + attestation::AttestationChallengeOptions options, const std::string& challenge, const AsyncMethodCallback& callback) { } @@ -228,7 +228,7 @@ void FakeCryptohomeClient::TpmAttestationIsEnrolled( } void FakeCryptohomeClient::TpmAttestationRegisterKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) { } diff --git a/chromeos/dbus/fake_cryptohome_client.h b/chromeos/dbus/fake_cryptohome_client.h index fbdce7a..fd05882 100644 --- a/chromeos/dbus/fake_cryptohome_client.h +++ b/chromeos/dbus/fake_cryptohome_client.h @@ -86,44 +86,44 @@ class FakeCryptohomeClient : public CryptohomeClient { const AsyncMethodCallback& callback) OVERRIDE; virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE; virtual void TpmAttestationDoesKeyExist( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const BoolDBusMethodCallback& callback) OVERRIDE; virtual void TpmAttestationGetCertificate( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE; virtual void TpmAttestationGetPublicKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE; virtual void TpmAttestationRegisterKey( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE; virtual void TpmAttestationSignEnterpriseChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& domain, const std::string& device_id, - AttestationChallengeOptions options, + attestation::AttestationChallengeOptions options, const std::string& challenge, const AsyncMethodCallback& callback) OVERRIDE; virtual void TpmAttestationSignSimpleChallenge( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) OVERRIDE; virtual void TpmAttestationGetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE; virtual void TpmAttestationSetKeyPayload( - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) OVERRIDE; diff --git a/chromeos/dbus/mock_cryptohome_client.h b/chromeos/dbus/mock_cryptohome_client.h index 2563aac..b3e9b06 100644 --- a/chromeos/dbus/mock_cryptohome_client.h +++ b/chromeos/dbus/mock_cryptohome_client.h @@ -88,44 +88,44 @@ class MockCryptohomeClient : public CryptohomeClient { const AsyncMethodCallback& callback)); MOCK_METHOD4(AsyncTpmAttestationFinishCertRequest, void(const std::string& pca_response, - AttestationKeyType key_type, + attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback)); MOCK_METHOD3(TpmAttestationDoesKeyExist, - void(AttestationKeyType key_type, + void(attestation::AttestationKeyType key_type, const std::string& key_name, const BoolDBusMethodCallback& callback)); MOCK_METHOD3(TpmAttestationGetCertificate, - void(AttestationKeyType key_type, + void(attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback)); MOCK_METHOD3(TpmAttestationGetPublicKey, - void(AttestationKeyType key_type, + void(attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback)); MOCK_METHOD3(TpmAttestationRegisterKey, - void(AttestationKeyType key_type, + void(attestation::AttestationKeyType key_type, const std::string& key_name, const AsyncMethodCallback& callback)); MOCK_METHOD7(TpmAttestationSignEnterpriseChallenge, - void(AttestationKeyType key_type, + void(attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& domain, const std::string& device_id, - AttestationChallengeOptions options, + attestation::AttestationChallengeOptions options, const std::string& challenge, const AsyncMethodCallback& callback)); MOCK_METHOD4(TpmAttestationSignSimpleChallenge, - void(AttestationKeyType key_type, + void(attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback)); MOCK_METHOD3(TpmAttestationGetKeyPayload, - void(AttestationKeyType key_type, + void(attestation::AttestationKeyType key_type, const std::string& key_name, const DataMethodCallback& callback)); MOCK_METHOD4(TpmAttestationSetKeyPayload, - void(AttestationKeyType key_type, + void(attestation::AttestationKeyType key_type, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback)); |