diff options
23 files changed, 285 insertions, 112 deletions
diff --git a/chrome/browser/chromeos/attestation/OWNERS b/chrome/browser/chromeos/attestation/OWNERS index cd1c574..a48744d 100644 --- a/chrome/browser/chromeos/attestation/OWNERS +++ b/chrome/browser/chromeos/attestation/OWNERS @@ -1,2 +1,3 @@ mnissler@chromium.org pastarmovj@chromium.org +bartfab@chromium.org diff --git a/chrome/browser/chromeos/attestation/attestation_policy_observer.cc b/chrome/browser/chromeos/attestation/attestation_policy_observer.cc index 96030f2..9aab264 100644 --- a/chrome/browser/chromeos/attestation/attestation_policy_observer.cc +++ b/chrome/browser/chromeos/attestation/attestation_policy_observer.cc @@ -170,6 +170,7 @@ void AttestationPolicyObserver::Start() { weak_factory_.GetWeakPtr()); cryptohome_client_->TpmAttestationDoesKeyExist( KEY_DEVICE, + std::string(), // Not used. kEnterpriseMachineKey, base::Bind(DBusBoolRedirectCallback, on_does_exist, @@ -198,6 +199,7 @@ void AttestationPolicyObserver::GetNewCertificate() { void AttestationPolicyObserver::GetExistingCertificate() { cryptohome_client_->TpmAttestationGetCertificate( KEY_DEVICE, + std::string(), // Not used. kEnterpriseMachineKey, base::Bind(DBusStringCallback, base::Bind(&AttestationPolicyObserver::CheckCertificateExpiry, @@ -255,6 +257,7 @@ void AttestationPolicyObserver::GetKeyPayload( base::Callback<void(const std::string&)> callback) { cryptohome_client_->TpmAttestationGetKeyPayload( KEY_DEVICE, + std::string(), // Not used. kEnterpriseMachineKey, base::Bind(DBusStringCallback, callback, @@ -283,6 +286,7 @@ void AttestationPolicyObserver::MarkAsUploaded(const std::string& key_payload) { } cryptohome_client_->TpmAttestationSetKeyPayload( KEY_DEVICE, + std::string(), // Not used. kEnterpriseMachineKey, new_payload, base::Bind(DBusBoolRedirectCallback, diff --git a/chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc b/chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc index 8e592dc..6338ca9 100644 --- a/chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc +++ b/chrome/browser/chromeos/attestation/attestation_policy_observer_unittest.cc @@ -148,20 +148,20 @@ class AttestationPolicyObserverTest : public ::testing::Test { bool key_exists = (mock_options & MOCK_KEY_EXISTS); // Setup expected key / cert queries. if (key_exists) { - EXPECT_CALL(cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _)) - .WillRepeatedly(WithArgs<2>(Invoke(DBusCallbackTrue))); - EXPECT_CALL(cryptohome_client_, TpmAttestationGetCertificate(_, _, _)) - .WillRepeatedly(WithArgs<2>(Invoke(FakeDBusData(certificate)))); + EXPECT_CALL(cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) + .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackTrue))); + EXPECT_CALL(cryptohome_client_, TpmAttestationGetCertificate(_, _, _, _)) + .WillRepeatedly(WithArgs<3>(Invoke(FakeDBusData(certificate)))); } else { - EXPECT_CALL(cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _)) - .WillRepeatedly(WithArgs<2>(Invoke(DBusCallbackFalse))); + EXPECT_CALL(cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) + .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackFalse))); } // Setup expected key payload queries. bool key_uploaded = (mock_options & MOCK_KEY_UPLOADED); std::string payload = CreatePayload(); - EXPECT_CALL(cryptohome_client_, TpmAttestationGetKeyPayload(_, _, _)) - .WillRepeatedly(WithArgs<2>(Invoke( + EXPECT_CALL(cryptohome_client_, TpmAttestationGetKeyPayload(_, _, _, _)) + .WillRepeatedly(WithArgs<3>(Invoke( FakeDBusData(key_uploaded ? payload : "")))); // Setup expected key uploads. Use WillOnce() so StrictMock will trigger an @@ -175,8 +175,8 @@ class AttestationPolicyObserverTest : public ::testing::Test { UploadCertificate(new_key ? "fake_cert" : certificate, _)) .WillOnce(WithArgs<1>(Invoke(StatusCallbackSuccess))); EXPECT_CALL(cryptohome_client_, - TpmAttestationSetKeyPayload(_, _, payload, _)) - .WillOnce(WithArgs<3>(Invoke(DBusCallbackTrue))); + TpmAttestationSetKeyPayload(_, _, _, payload, _)) + .WillOnce(WithArgs<4>(Invoke(DBusCallbackTrue))); } // Setup expected key generations. Again use WillOnce(). Key generation is @@ -297,9 +297,9 @@ TEST_F(AttestationPolicyObserverTest, IgnoreUnknownCertFormat) { TEST_F(AttestationPolicyObserverTest, DBusFailureRetry) { SetupMocks(MOCK_NEW_KEY, ""); // Simulate a DBus failure. - EXPECT_CALL(cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _)) - .WillOnce(WithArgs<2>(Invoke(DBusCallbackError))) - .WillRepeatedly(WithArgs<2>(Invoke(DBusCallbackFalse))); + EXPECT_CALL(cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) + .WillOnce(WithArgs<3>(Invoke(DBusCallbackError))) + .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackFalse))); Run(); } diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow.cc b/chrome/browser/chromeos/attestation/platform_verification_flow.cc index 0ffdf4a..fcceeee 100644 --- a/chrome/browser/chromeos/attestation/platform_verification_flow.cc +++ b/chrome/browser/chromeos/attestation/platform_verification_flow.cc @@ -10,9 +10,11 @@ #include "chrome/browser/chromeos/attestation/attestation_ca_client.h" #include "chrome/browser/chromeos/attestation/attestation_signed_data.pb.h" #include "chrome/browser/chromeos/attestation/platform_verification_dialog.h" +#include "chrome/browser/chromeos/login/user.h" #include "chrome/browser/chromeos/login/user_manager.h" #include "chrome/browser/chromeos/settings/cros_settings.h" #include "chrome/browser/prefs/scoped_user_pref_update.h" +#include "chrome/browser/profiles/profile.h" #include "chrome/common/pref_names.h" #include "chromeos/attestation/attestation_flow.h" #include "chromeos/cryptohome/async_method_caller.h" @@ -20,6 +22,7 @@ #include "chromeos/dbus/dbus_thread_manager.h" #include "components/user_prefs/pref_registry_syncable.h" #include "components/user_prefs/user_prefs.h" +#include "content/public/browser/browser_context.h" #include "content/public/browser/browser_thread.h" #include "content/public/browser/user_metrics.h" #include "content/public/browser/web_contents.h" @@ -212,21 +215,29 @@ void PlatformVerificationFlow::OnConsentResponse( // At this point all user interaction is complete and we can proceed with the // certificate request. + chromeos::User* user = GetUser(web_contents); + if (!user) { + ReportError(callback, INTERNAL_ERROR); + LOG(ERROR) << "Profile does not map to a valid user."; + return; + } AttestationFlow::CertificateCallback certificate_callback = base::Bind( &PlatformVerificationFlow::OnCertificateReady, weak_factory_.GetWeakPtr(), + user->email(), service_id, challenge, callback); attestation_flow_->GetCertificate( PROFILE_CONTENT_PROTECTION_CERTIFICATE, - user_manager_->GetActiveUser()->email(), + user->email(), service_id, false, // Don't force a new key. certificate_callback); } void PlatformVerificationFlow::OnCertificateReady( + const std::string& user_id, const std::string& service_id, const std::string& challenge, const ChallengeCallback& callback, @@ -246,6 +257,7 @@ void PlatformVerificationFlow::OnCertificateReady( std::string key_name = kContentProtectionKeyPrefix; key_name += service_id; async_caller_->TpmAttestationSignSimpleChallenge(KEY_USER, + user_id, key_name, challenge, cryptohome_callback); @@ -289,6 +301,13 @@ const GURL& PlatformVerificationFlow::GetURL( return web_contents->GetLastCommittedURL(); } +User* PlatformVerificationFlow::GetUser(content::WebContents* web_contents) { + if (!web_contents) + return user_manager_->GetActiveUser(); + return user_manager_->GetUserByProfile( + Profile::FromBrowserContext(web_contents->GetBrowserContext())); +} + bool PlatformVerificationFlow::IsAttestationEnabled( content::WebContents* web_contents) { // Check the device policy for the feature. diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow.h b/chrome/browser/chromeos/attestation/platform_verification_flow.h index b88d004..64f3627 100644 --- a/chrome/browser/chromeos/attestation/platform_verification_flow.h +++ b/chrome/browser/chromeos/attestation/platform_verification_flow.h @@ -31,6 +31,7 @@ namespace chromeos { class CryptohomeClient; class UserManager; +class User; namespace attestation { @@ -162,11 +163,13 @@ class PlatformVerificationFlow { // A callback called when an attestation certificate request operation // completes. |service_id|, |challenge|, and |callback| are the same as in - // ChallengePlatformKey. |operation_success| is true iff the certificate + // ChallengePlatformKey. |user_id| identifies the user for which the + // certificate was requested. |operation_success| is true iff the certificate // request operation succeeded. |certificate| holds the certificate for the // platform key on success. If the certificate request was successful, this // method invokes a request to sign the challenge. - void OnCertificateReady(const std::string& service_id, + void OnCertificateReady(const std::string& user_id, + const std::string& service_id, const std::string& challenge, const ChallengeCallback& callback, bool operation_success, @@ -193,6 +196,11 @@ class PlatformVerificationFlow { // set explicitly using set_testing_url(), then this value is always returned. const GURL& GetURL(content::WebContents* web_contents); + // Gets the user associated with the given |web_contents|. NULL may be + // returned. If |web_contents| is NULL (e.g. during testing), then the + // current active user will be returned. + User* GetUser(content::WebContents* web_contents); + // Checks whether policy or profile settings associated with |web_contents| // have attestation for content protection explicitly disabled. bool IsAttestationEnabled(content::WebContents* web_contents); diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc b/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc index 5fc312f..728b1e8 100644 --- a/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc +++ b/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc @@ -185,9 +185,10 @@ class PlatformVerificationFlowTest : public ::testing::Test { std::string expected_key_name = std::string(kContentProtectionKeyPrefix) + std::string(kTestID); EXPECT_CALL(mock_async_caller_, - TpmAttestationSignSimpleChallenge(KEY_USER, expected_key_name, + TpmAttestationSignSimpleChallenge(KEY_USER, kTestEmail, + expected_key_name, kTestChallenge, _)) - .WillRepeatedly(WithArgs<3>(Invoke( + .WillRepeatedly(WithArgs<4>(Invoke( this, &PlatformVerificationFlowTest::FakeSignChallenge))); } diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/OWNERS b/chrome/browser/extensions/api/enterprise_platform_keys_private/OWNERS index 14072cb..a48744d 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys_private/OWNERS +++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/OWNERS @@ -1,2 +1,3 @@ mnissler@chromium.org - +pastarmovj@chromium.org +bartfab@chromium.org diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc index a5a70a7..b1078c6 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc +++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.cc @@ -146,18 +146,20 @@ std::string EPKPChallengeKeyBase::GetDeviceId() const { void EPKPChallengeKeyBase::PrepareKey( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, chromeos::attestation::AttestationCertificateProfile certificate_profile, bool require_user_consent, const base::Callback<void(PrepareKeyResult)>& callback) { cryptohome_client_->TpmAttestationDoesKeyExist( - key_type, key_name, base::Bind( + key_type, user_id, key_name, base::Bind( &EPKPChallengeKeyBase::DoesKeyExistCallback, this, - certificate_profile, require_user_consent, callback)); + certificate_profile, user_id, require_user_consent, callback)); } void EPKPChallengeKeyBase::DoesKeyExistCallback( chromeos::attestation::AttestationCertificateProfile certificate_profile, + const std::string& user_id, bool require_user_consent, const base::Callback<void(PrepareKeyResult)>& callback, chromeos::DBusMethodCallStatus status, @@ -177,10 +179,11 @@ void EPKPChallengeKeyBase::DoesKeyExistCallback( // information to PCA. AskForUserConsent( base::Bind(&EPKPChallengeKeyBase::AskForUserConsentCallback, this, - certificate_profile, callback)); + certificate_profile, user_id, callback)); } else { // User consent is not required. Skip to the next step. - AskForUserConsentCallback(certificate_profile, callback, true); + AskForUserConsentCallback(certificate_profile, user_id, callback, + true); } } } @@ -194,6 +197,7 @@ void EPKPChallengeKeyBase::AskForUserConsent( void EPKPChallengeKeyBase::AskForUserConsentCallback( chromeos::attestation::AttestationCertificateProfile certificate_profile, + const std::string& user_id, const base::Callback<void(PrepareKeyResult)>& callback, bool result) { if (!result) { @@ -205,7 +209,7 @@ void EPKPChallengeKeyBase::AskForUserConsentCallback( // Generate a new key and have it signed by PCA. attestation_flow_->GetCertificate( certificate_profile, - std::string(), // Not used. + user_id, std::string(), // Not used. true, // Force a new key to be generated. base::Bind(&EPKPChallengeKeyBase::GetCertificateCallback, this, @@ -296,6 +300,7 @@ void EPKPChallengeMachineKey::GetDeviceAttestationEnabledCallback( } PrepareKey(chromeos::attestation::KEY_DEVICE, + std::string(), // Not used. kKeyName, chromeos::attestation::PROFILE_ENTERPRISE_MACHINE_CERTIFICATE, false, // user consent is not required. @@ -314,6 +319,7 @@ void EPKPChallengeMachineKey::PrepareKeyCallback( // Everything is checked. Sign the challenge. async_caller_->TpmAttestationSignEnterpriseChallenge( chromeos::attestation::KEY_DEVICE, + std::string(), // Not used. kKeyName, GetEnterpriseDomain(), GetDeviceId(), @@ -441,6 +447,7 @@ void EPKPChallengeUserKey::GetDeviceAttestationEnabledCallback( } PrepareKey(chromeos::attestation::KEY_USER, + GetUserEmail(), kKeyName, chromeos::attestation::PROFILE_ENTERPRISE_USER_CERTIFICATE, require_user_consent, @@ -460,6 +467,7 @@ void EPKPChallengeUserKey::PrepareKeyCallback(const std::string& challenge, // Everything is checked. Sign the challenge. async_caller_->TpmAttestationSignEnterpriseChallenge( chromeos::attestation::KEY_USER, + GetUserEmail(), kKeyName, GetUserEmail(), GetDeviceId(), @@ -483,6 +491,7 @@ void EPKPChallengeUserKey::SignChallengeCallback(bool register_key, if (register_key) { async_caller_->TpmAttestationRegisterKey( chromeos::attestation::KEY_USER, + GetUserEmail(), kKeyName, base::Bind(&EPKPChallengeUserKey::RegisterKeyCallback, this, response)); } else { diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h index 2619f60..80e6b9f 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h +++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api.h @@ -92,6 +92,7 @@ class EPKPChallengeKeyBase : public AsyncExtensionFunction { // user consent before calling GetCertificate(). void PrepareKey( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, chromeos::attestation::AttestationCertificateProfile certificate_profile, bool require_user_consent, @@ -105,6 +106,7 @@ class EPKPChallengeKeyBase : public AsyncExtensionFunction { private: void DoesKeyExistCallback( chromeos::attestation::AttestationCertificateProfile certificate_profile, + const std::string& user_id, bool require_user_consent, const base::Callback<void(PrepareKeyResult)>& callback, chromeos::DBusMethodCallStatus status, @@ -112,6 +114,7 @@ class EPKPChallengeKeyBase : public AsyncExtensionFunction { void AskForUserConsent(const base::Callback<void(bool)>& callback) const; void AskForUserConsentCallback( chromeos::attestation::AttestationCertificateProfile certificate_profile, + const std::string& user_id, const base::Callback<void(PrepareKeyResult)>& callback, bool result); void GetCertificateCallback( diff --git a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc index f592549d..c469874 100644 --- a/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc +++ b/chrome/browser/extensions/api/enterprise_platform_keys_private/enterprise_platform_keys_private_api_unittest.cc @@ -38,6 +38,7 @@ namespace { void DoesKeyExistCallbackTrue( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const chromeos::BoolDBusMethodCallback& callback) { callback.Run(chromeos::DBUS_METHOD_CALL_SUCCESS, true); @@ -45,6 +46,7 @@ void DoesKeyExistCallbackTrue( void DoesKeyExistCallbackFalse( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const chromeos::BoolDBusMethodCallback& callback) { callback.Run(chromeos::DBUS_METHOD_CALL_SUCCESS, false); @@ -52,6 +54,7 @@ void DoesKeyExistCallbackFalse( void DoesKeyExistCallbackFailed( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const chromeos::BoolDBusMethodCallback& callback) { callback.Run(chromeos::DBUS_METHOD_CALL_FAILURE, false); @@ -59,6 +62,7 @@ void DoesKeyExistCallbackFailed( void RegisterKeyCallbackTrue( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const cryptohome::AsyncMethodCaller::Callback& callback) { callback.Run(true, cryptohome::MOUNT_ERROR_NONE); @@ -66,6 +70,7 @@ void RegisterKeyCallbackTrue( void RegisterKeyCallbackFalse( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const cryptohome::AsyncMethodCaller::Callback& callback) { callback.Run(false, cryptohome::MOUNT_ERROR_NONE); @@ -73,6 +78,7 @@ void RegisterKeyCallbackFalse( void SignChallengeCallbackTrue( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -84,6 +90,7 @@ void SignChallengeCallbackTrue( void SignChallengeCallbackFalse( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -95,7 +102,7 @@ void SignChallengeCallbackFalse( void GetCertificateCallbackTrue( chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, bool force_new_key, const chromeos::attestation::AttestationFlow::CertificateCallback& @@ -105,7 +112,7 @@ void GetCertificateCallbackTrue( void GetCertificateCallbackFalse( chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, bool force_new_key, const chromeos::attestation::AttestationFlow::CertificateCallback& @@ -118,12 +125,12 @@ class EPKPChallengeKeyTestBase : public BrowserWithTestWindowTest { EPKPChallengeKeyTestBase() : extension_(utils::CreateEmptyExtension("")) { // Set up the default behavior of mocks. - ON_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _)) + ON_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) .WillByDefault(Invoke(DoesKeyExistCallbackFalse)); - ON_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _)) + ON_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _, _)) .WillByDefault(Invoke(RegisterKeyCallbackTrue)); ON_CALL(mock_async_method_caller_, - TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _)) + TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) .WillByDefault(Invoke(SignChallengeCallbackTrue)); ON_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) .WillByDefault(Invoke(GetCertificateCallbackTrue)); @@ -231,7 +238,7 @@ TEST_F(EPKPChallengeMachineKeyTest, DevicePolicyDisabled) { } TEST_F(EPKPChallengeMachineKeyTest, DoesKeyExistDbusFailed) { - EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _)) + EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) .WillRepeatedly(Invoke(DoesKeyExistCallbackFailed)); EXPECT_EQ(base::StringPrintf( @@ -250,7 +257,7 @@ TEST_F(EPKPChallengeMachineKeyTest, GetCertificateFailed) { TEST_F(EPKPChallengeMachineKeyTest, SignChallengeFailed) { EXPECT_CALL(mock_async_method_caller_, - TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _)) + TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) .WillRepeatedly(Invoke(SignChallengeCallbackFalse)); EXPECT_EQ(EPKPChallengeKeyBase::kSignChallengeFailedError, @@ -258,7 +265,7 @@ TEST_F(EPKPChallengeMachineKeyTest, SignChallengeFailed) { } TEST_F(EPKPChallengeMachineKeyTest, KeyExists) { - EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _)) + EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) .WillRepeatedly(Invoke(DoesKeyExistCallbackTrue)); // GetCertificate must not be called if the key exists. EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) @@ -277,7 +284,7 @@ TEST_F(EPKPChallengeMachineKeyTest, Success) { // SignEnterpriseChallenge must be called exactly once. EXPECT_CALL(mock_async_method_caller_, TpmAttestationSignEnterpriseChallenge( - chromeos::attestation::KEY_DEVICE, "attest-ent-machine", + chromeos::attestation::KEY_DEVICE, "", "attest-ent-machine", "google.com", "device_id", _, "challenge", _)) .Times(1); @@ -351,7 +358,7 @@ TEST_F(EPKPChallengeUserKeyTest, DevicePolicyDisabled) { } TEST_F(EPKPChallengeUserKeyTest, DoesKeyExistDbusFailed) { - EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _)) + EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) .WillRepeatedly(Invoke(DoesKeyExistCallbackFailed)); EXPECT_EQ(base::StringPrintf( @@ -370,7 +377,7 @@ TEST_F(EPKPChallengeUserKeyTest, GetCertificateFailed) { TEST_F(EPKPChallengeUserKeyTest, SignChallengeFailed) { EXPECT_CALL(mock_async_method_caller_, - TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _)) + TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) .WillRepeatedly(Invoke(SignChallengeCallbackFalse)); EXPECT_EQ(EPKPChallengeKeyBase::kSignChallengeFailedError, @@ -378,7 +385,7 @@ TEST_F(EPKPChallengeUserKeyTest, SignChallengeFailed) { } TEST_F(EPKPChallengeUserKeyTest, KeyRegistrationFailed) { - EXPECT_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _)) + EXPECT_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _, _)) .WillRepeatedly(Invoke(RegisterKeyCallbackFalse)); EXPECT_EQ(EPKPChallengeUserKey::kKeyRegistrationFailedError, @@ -386,7 +393,7 @@ TEST_F(EPKPChallengeUserKeyTest, KeyRegistrationFailed) { } TEST_F(EPKPChallengeUserKeyTest, KeyExists) { - EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _)) + EXPECT_CALL(mock_cryptohome_client_, TpmAttestationDoesKeyExist(_, _, _, _)) .WillRepeatedly(Invoke(DoesKeyExistCallbackTrue)); // GetCertificate must not be called if the key exists. EXPECT_CALL(mock_attestation_flow_, GetCertificate(_, _, _, _, _)) @@ -396,7 +403,7 @@ TEST_F(EPKPChallengeUserKeyTest, KeyExists) { } TEST_F(EPKPChallengeUserKeyTest, KeyNotRegistered) { - EXPECT_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _)) + EXPECT_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(_, _, _, _)) .Times(0); EXPECT_TRUE(utils::RunFunction( @@ -421,12 +428,14 @@ TEST_F(EPKPChallengeUserKeyTest, Success) { // SignEnterpriseChallenge must be called exactly once. EXPECT_CALL(mock_async_method_caller_, TpmAttestationSignEnterpriseChallenge( - chromeos::attestation::KEY_USER, "attest-ent-user", - "test@google.com", "device_id", _, "challenge", _)) + chromeos::attestation::KEY_USER, "test@google.com", + "attest-ent-user", "test@google.com", "device_id", _, + "challenge", _)) .Times(1); // RegisterKey must be called exactly once. EXPECT_CALL(mock_async_method_caller_, TpmAttestationRegisterKey(chromeos::attestation::KEY_USER, + "test@google.com", "attest-ent-user", _)) .Times(1); diff --git a/chromeos/attestation/OWNERS b/chromeos/attestation/OWNERS index cd1c574..a48744d 100644 --- a/chromeos/attestation/OWNERS +++ b/chromeos/attestation/OWNERS @@ -1,2 +1,3 @@ mnissler@chromium.org pastarmovj@chromium.org +bartfab@chromium.org diff --git a/chromeos/attestation/attestation_flow.cc b/chromeos/attestation/attestation_flow.cc index 9b22b65..5021ddf 100644 --- a/chromeos/attestation/attestation_flow.cc +++ b/chromeos/attestation/attestation_flow.cc @@ -96,7 +96,7 @@ AttestationFlow::~AttestationFlow() { void AttestationFlow::GetCertificate( AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, bool force_new_key, const CertificateCallback& callback) { @@ -106,7 +106,7 @@ void AttestationFlow::GetCertificate( &AttestationFlow::StartCertificateRequest, weak_factory_.GetWeakPtr(), certificate_profile, - user_email, + user_id, request_origin, force_new_key, callback); @@ -191,7 +191,7 @@ void AttestationFlow::OnEnrollComplete(const base::Closure& on_failure, void AttestationFlow::StartCertificateRequest( AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, bool generate_new_key, const CertificateCallback& callback) { @@ -202,11 +202,12 @@ void AttestationFlow::StartCertificateRequest( // Get the attestation service to create a Privacy CA certificate request. async_caller_->AsyncTpmAttestationCreateCertRequest( certificate_profile, - user_email, + user_id, request_origin, base::Bind(&AttestationFlow::SendCertificateRequestToPCA, weak_factory_.GetWeakPtr(), key_type, + user_id, key_name, callback)); } else { @@ -215,6 +216,7 @@ void AttestationFlow::StartCertificateRequest( &AttestationFlow::GetExistingCertificate, weak_factory_.GetWeakPtr(), key_type, + user_id, key_name, callback); // If the key does not exist, call this method back with |generate_new_key| @@ -223,12 +225,13 @@ void AttestationFlow::StartCertificateRequest( &AttestationFlow::StartCertificateRequest, weak_factory_.GetWeakPtr(), certificate_profile, - user_email, + user_id, request_origin, true, callback); cryptohome_client_->TpmAttestationDoesKeyExist( key_type, + user_id, key_name, base::Bind(&DBusBoolRedirectCallback, on_key_exists, @@ -239,6 +242,7 @@ void AttestationFlow::StartCertificateRequest( void AttestationFlow::SendCertificateRequestToPCA( AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -256,12 +260,14 @@ void AttestationFlow::SendCertificateRequestToPCA( base::Bind(&AttestationFlow::SendCertificateResponseToDaemon, weak_factory_.GetWeakPtr(), key_type, + user_id, key_name, callback)); } void AttestationFlow::SendCertificateResponseToDaemon( AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -276,16 +282,19 @@ void AttestationFlow::SendCertificateResponseToDaemon( // Forward the response to the attestation service to complete the operation. async_caller_->AsyncTpmAttestationFinishCertRequest(data, key_type, + user_id, key_name, base::Bind(callback)); } void AttestationFlow::GetExistingCertificate( AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const CertificateCallback& callback) { cryptohome_client_->TpmAttestationGetCertificate( key_type, + user_id, key_name, base::Bind(&DBusDataMethodCallback, callback)); } diff --git a/chromeos/attestation/attestation_flow.h b/chromeos/attestation/attestation_flow.h index bdbea1e..3c846db 100644 --- a/chromeos/attestation/attestation_flow.h +++ b/chromeos/attestation/attestation_flow.h @@ -68,9 +68,9 @@ class CHROMEOS_EXPORT AttestationFlow { // Parameters // certificate_profile - Specifies what kind of certificate should be // requested from the CA. - // user_email - The canonical email address of the currently active user. - // This is ignored when not using the content protection - // profile. + // user_id - Identifies the currently active user. For normal GAIA users + // this is a canonical email address. This is ignored when using + // the enterprise machine cert profile. // request_origin - For content protection profiles, certificate requests // are origin-specific. This string must uniquely identify // the origin of the request. @@ -81,7 +81,7 @@ class CHROMEOS_EXPORT AttestationFlow { // On success |result| will be true and |data| will contain the // PCA-issued certificate chain in PEM format. virtual void GetCertificate(AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, bool force_new_key, const CertificateCallback& callback); @@ -142,13 +142,13 @@ class CHROMEOS_EXPORT AttestationFlow { // Parameters // certificate_profile - Specifies what kind of certificate should be // requested from the CA. - // user_email - The active user's canonical email. + // user_id - Identifies the active user. // request_origin - An identifier for the origin of this request. // generate_new_key - If set to true a new key is generated. // callback - Called when the operation completes. void StartCertificateRequest( const AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, bool generate_new_key, const CertificateCallback& callback); @@ -159,11 +159,13 @@ class CHROMEOS_EXPORT AttestationFlow { // // Parameters // key_type - The type of the key for which a certificate is requested. + // user_id - Identifies the active user. // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. // success - The status of request creation. // data - The request data for the Privacy CA. void SendCertificateRequestToPCA(AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -175,11 +177,13 @@ class CHROMEOS_EXPORT AttestationFlow { // // Parameters // key_type - The type of the key for which a certificate is requested. + // user_id - Identifies the active user. // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. // success - The status of the Privacy CA operation. // data - The response data from the Privacy CA. void SendCertificateResponseToDaemon(AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const CertificateCallback& callback, bool success, @@ -189,9 +193,11 @@ class CHROMEOS_EXPORT AttestationFlow { // // Parameters // key_type - The type of the key for which a certificate is requested. + // user_id - Identifies the active user. // key_name - The name of the key for which a certificate is requested. // callback - Called when the operation completes. void GetExistingCertificate(AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const CertificateCallback& callback); diff --git a/chromeos/attestation/attestation_flow_unittest.cc b/chromeos/attestation/attestation_flow_unittest.cc index 9622230..3597517 100644 --- a/chromeos/attestation/attestation_flow_unittest.cc +++ b/chromeos/attestation/attestation_flow_unittest.cc @@ -100,7 +100,7 @@ TEST_F(AttestationFlowTest, GetCertificate) { EXPECT_CALL( async_caller, AsyncTpmAttestationCreateCertRequest(PROFILE_ENTERPRISE_USER_CERTIFICATE, - "fake_email", "fake_origin", _)) + "fake@test.com", "fake_origin", _)) .Times(1) .InSequence(flow_order); @@ -115,6 +115,7 @@ TEST_F(AttestationFlowTest, GetCertificate) { EXPECT_CALL(async_caller, AsyncTpmAttestationFinishCertRequest(fake_cert_response, KEY_USER, + "fake@test.com", kEnterpriseUserKey, _)) .Times(1) @@ -132,7 +133,7 @@ TEST_F(AttestationFlowTest, GetCertificate) { scoped_ptr<ServerProxy> proxy_interface(proxy.release()); AttestationFlow flow(&async_caller, &client, proxy_interface.Pass()); - flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "fake_email", + flow.GetCertificate(PROFILE_ENTERPRISE_USER_CERTIFICATE, "fake@test.com", "fake_origin", true, mock_callback); Run(); } @@ -241,6 +242,7 @@ TEST_F(AttestationFlowTest, GetMachineCertificateAlreadyEnrolled) { EXPECT_CALL(async_caller, AsyncTpmAttestationFinishCertRequest(fake_cert_response, KEY_DEVICE, + "", kEnterpriseMachineKey, _)) .Times(1); @@ -366,6 +368,7 @@ TEST_F(AttestationFlowTest, GetCertificate_CheckExisting) { EXPECT_CALL(async_caller, AsyncTpmAttestationFinishCertRequest(fake_cert_response, KEY_USER, + "", kEnterpriseUserKey, _)) .Times(1); @@ -374,8 +377,8 @@ TEST_F(AttestationFlowTest, GetCertificate_CheckExisting) { EXPECT_CALL(client, TpmAttestationIsEnrolled(_)) .WillRepeatedly(Invoke(DBusCallbackTrue)); EXPECT_CALL(client, - TpmAttestationDoesKeyExist(KEY_USER, kEnterpriseUserKey, _)) - .WillRepeatedly(WithArgs<2>(Invoke(DBusCallbackFalse))); + TpmAttestationDoesKeyExist(KEY_USER, "", kEnterpriseUserKey, _)) + .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackFalse))); scoped_ptr<MockServerProxy> proxy(new StrictMock<MockServerProxy>()); proxy->DeferToFake(true); @@ -406,11 +409,11 @@ TEST_F(AttestationFlowTest, GetCertificate_AlreadyExists) { EXPECT_CALL(client, TpmAttestationIsEnrolled(_)) .WillRepeatedly(Invoke(DBusCallbackTrue)); EXPECT_CALL(client, - TpmAttestationDoesKeyExist(KEY_USER, kEnterpriseUserKey, _)) - .WillRepeatedly(WithArgs<2>(Invoke(DBusCallbackTrue))); + TpmAttestationDoesKeyExist(KEY_USER, "", kEnterpriseUserKey, _)) + .WillRepeatedly(WithArgs<3>(Invoke(DBusCallbackTrue))); EXPECT_CALL(client, - TpmAttestationGetCertificate(KEY_USER, kEnterpriseUserKey, _)) - .WillRepeatedly(WithArgs<2>(Invoke(FakeDBusData("fake_cert")))); + TpmAttestationGetCertificate(KEY_USER, "", kEnterpriseUserKey, _)) + .WillRepeatedly(WithArgs<3>(Invoke(FakeDBusData("fake_cert")))); // We're not expecting any server calls in this case; StrictMock will verify. scoped_ptr<MockServerProxy> proxy(new StrictMock<MockServerProxy>()); diff --git a/chromeos/cryptohome/async_method_caller.cc b/chromeos/cryptohome/async_method_caller.cc index c9af98a..8e89309 100644 --- a/chromeos/cryptohome/async_method_caller.cc +++ b/chromeos/cryptohome/async_method_caller.cc @@ -134,13 +134,13 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { virtual void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& username, + const std::string& user_id, const std::string& request_origin, const DataCallback& callback) OVERRIDE { DBusThreadManager::Get()->GetCryptohomeClient()-> AsyncTpmAttestationCreateCertRequest( certificate_profile, - username, + user_id, request_origin, base::Bind(&AsyncMethodCallerImpl::RegisterAsyncDataCallback, weak_ptr_factory_.GetWeakPtr(), @@ -151,12 +151,14 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataCallback& callback) OVERRIDE { DBusThreadManager::Get()->GetCryptohomeClient()-> AsyncTpmAttestationFinishCertRequest( pca_response, key_type, + user_id, key_name, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncDataCallback, @@ -167,11 +169,13 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { virtual void TpmAttestationRegisterKey( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const Callback& callback) OVERRIDE { DBusThreadManager::Get()->GetCryptohomeClient()-> TpmAttestationRegisterKey( key_type, + user_id, key_name, base::Bind( &AsyncMethodCallerImpl::RegisterAsyncCallback, @@ -182,6 +186,7 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { virtual void TpmAttestationSignEnterpriseChallenge( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -191,6 +196,7 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { DBusThreadManager::Get()->GetCryptohomeClient()-> TpmAttestationSignEnterpriseChallenge( key_type, + user_id, key_name, domain, device_id, @@ -205,12 +211,14 @@ class AsyncMethodCallerImpl : public AsyncMethodCaller { virtual void TpmAttestationSignSimpleChallenge( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback) OVERRIDE { DBusThreadManager::Get()->GetCryptohomeClient()-> TpmAttestationSignSimpleChallenge( key_type, + user_id, key_name, challenge, base::Bind( diff --git a/chromeos/cryptohome/async_method_caller.h b/chromeos/cryptohome/async_method_caller.h index e5ca604..be1b0a8 100644 --- a/chromeos/cryptohome/async_method_caller.h +++ b/chromeos/cryptohome/async_method_caller.h @@ -115,13 +115,13 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // Asks cryptohomed to asynchronously create an attestation certificate // request according to |certificate_profile|. Some profiles require that the - // |user_email| of the currently active user and an identifier of the + // |user_id| of the currently active user and an identifier of the // |request_origin| be provided. On success the data sent to |callback| is a // request to be sent to the Privacy CA. The |request_origin| may be sent to - // the Privacy CA but the |user_email| will never be sent. + // the Privacy CA but the |user_id| will never be sent. virtual void AsyncTpmAttestationCreateCertRequest( chromeos::attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, const DataCallback& callback) = 0; @@ -130,17 +130,23 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // in PEM format. |pca_response| is the response to the certificate request // emitted by the Privacy CA. |key_type| determines whether the certified key // is to be associated with the current user. |key_name| is a name for the - // key. + // key. If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise + // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical + // email address. virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataCallback& callback) = 0; // Asks cryptohomed to asynchronously register the attestation key specified - // by |key_type| and |key_name|. + // by |key_type| and |key_name|. If |key_type| is KEY_USER, a |user_id| must + // be provided. Otherwise |user_id| is ignored. For normal GAIA users the + // |user_id| is a canonical email address. virtual void TpmAttestationRegisterKey( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const Callback& callback) = 0; @@ -148,9 +154,12 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // key specified by |key_type| and |key_name|. The |domain| and |device_id| // parameters will be included in the challenge response. |challenge| must be // a valid enterprise challenge. On success, the data sent to |callback| is - // the challenge response. + // the challenge response. If |key_type| is KEY_USER, a |user_id| must be + // provided. Otherwise |user_id| is ignored. For normal GAIA users the + // |user_id| is a canonical email address. virtual void TpmAttestationSignEnterpriseChallenge( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -161,9 +170,12 @@ class CHROMEOS_EXPORT AsyncMethodCaller { // Asks cryptohomed to asynchronously sign a simple challenge with the key // specified by |key_type| and |key_name|. |challenge| can be any arbitrary // set of bytes. On success, the data sent to |callback| is the challenge - // response. + // response. If |key_type| is KEY_USER, a |user_id| must be provided. + // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a + // canonical email address. virtual void TpmAttestationSignSimpleChallenge( chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback) = 0; diff --git a/chromeos/cryptohome/mock_async_method_caller.cc b/chromeos/cryptohome/mock_async_method_caller.cc index dcd59a0..7f54164 100644 --- a/chromeos/cryptohome/mock_async_method_caller.cc +++ b/chromeos/cryptohome/mock_async_method_caller.cc @@ -55,22 +55,22 @@ void MockAsyncMethodCaller::SetUp(bool success, MountError return_code) { .WillByDefault( WithArgs<3>(Invoke(this, &MockAsyncMethodCaller::FakeCreateCertRequest))); - ON_CALL(*this, AsyncTpmAttestationFinishCertRequest(_, _, _, _)) + ON_CALL(*this, AsyncTpmAttestationFinishCertRequest(_, _, _, _, _)) .WillByDefault( - WithArgs<3>(Invoke(this, + WithArgs<4>(Invoke(this, &MockAsyncMethodCaller::FakeFinishCertRequest))); ON_CALL(*this, AsyncGetSanitizedUsername(_, _)) .WillByDefault( WithArgs<1>(Invoke(this, &MockAsyncMethodCaller:: FakeGetSanitizedUsername))); - ON_CALL(*this, TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _)) + ON_CALL(*this, TpmAttestationSignEnterpriseChallenge(_, _, _, _, _, _, _, _)) .WillByDefault( - WithArgs<6>(Invoke(this, + WithArgs<7>(Invoke(this, &MockAsyncMethodCaller::FakeEnterpriseChallenge))); - ON_CALL(*this, TpmAttestationRegisterKey(_, _, _)) + ON_CALL(*this, TpmAttestationRegisterKey(_, _, _, _)) .WillByDefault( - WithArgs<2>(Invoke(this, &MockAsyncMethodCaller::DoCallback))); + WithArgs<3>(Invoke(this, &MockAsyncMethodCaller::DoCallback))); } void MockAsyncMethodCaller::DoCallback(Callback callback) { diff --git a/chromeos/cryptohome/mock_async_method_caller.h b/chromeos/cryptohome/mock_async_method_caller.h index 8f3796b..e41457a 100644 --- a/chromeos/cryptohome/mock_async_method_caller.h +++ b/chromeos/cryptohome/mock_async_method_caller.h @@ -55,29 +55,33 @@ class MockAsyncMethodCaller : public AsyncMethodCaller { MOCK_METHOD4( AsyncTpmAttestationCreateCertRequest, void(chromeos::attestation::AttestationCertificateProfile profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, const DataCallback& callback)); - MOCK_METHOD4(AsyncTpmAttestationFinishCertRequest, + MOCK_METHOD5(AsyncTpmAttestationFinishCertRequest, void(const std::string& pca_response, chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataCallback& callback)); - MOCK_METHOD3(TpmAttestationRegisterKey, + MOCK_METHOD4(TpmAttestationRegisterKey, void(chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const Callback& callback)); - MOCK_METHOD7( + MOCK_METHOD8( TpmAttestationSignEnterpriseChallenge, void(chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, chromeos::attestation::AttestationChallengeOptions options, const std::string& challenge, const DataCallback& callback)); - MOCK_METHOD4(TpmAttestationSignSimpleChallenge, + MOCK_METHOD5(TpmAttestationSignSimpleChallenge, void(chromeos::attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& challenge, const DataCallback& callback)); diff --git a/chromeos/dbus/cryptohome_client.cc b/chromeos/dbus/cryptohome_client.cc index e862ffb..79a6561 100644 --- a/chromeos/dbus/cryptohome_client.cc +++ b/chromeos/dbus/cryptohome_client.cc @@ -464,7 +464,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void AsyncTpmAttestationCreateCertRequest( attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, const AsyncMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( @@ -472,7 +472,7 @@ class CryptohomeClientImpl : public CryptohomeClient { cryptohome::kCryptohomeAsyncTpmAttestationCreateCertRequestByProfile); dbus::MessageWriter writer(&method_call); writer.AppendInt32(certificate_profile); - writer.AppendString(user_email); + writer.AppendString(user_id); writer.AppendString(request_origin); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -484,17 +484,19 @@ class CryptohomeClientImpl : public CryptohomeClient { virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, - cryptohome::kCryptohomeAsyncTpmAttestationFinishCertRequestOld); + cryptohome::kCryptohomeAsyncTpmAttestationFinishCertRequest); dbus::MessageWriter writer(&method_call); writer.AppendArrayOfBytes( reinterpret_cast<const uint8*>(pca_response.data()), pca_response.size()); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); + writer.AppendString(user_id); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -505,14 +507,16 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const BoolDBusMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, - cryptohome::kCryptohomeTpmAttestationDoesKeyExistOld); + cryptohome::kCryptohomeTpmAttestationDoesKeyExist); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); + writer.AppendString(user_id); writer.AppendString(key_name); CallBoolMethod(&method_call, callback); } @@ -520,14 +524,16 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, - cryptohome::kCryptohomeTpmAttestationGetCertificateOld); + cryptohome::kCryptohomeTpmAttestationGetCertificate); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); + writer.AppendString(user_id); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, base::Bind(&CryptohomeClientImpl::OnDataMethod, @@ -538,14 +544,16 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationGetPublicKey( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, - cryptohome::kCryptohomeTpmAttestationGetPublicKeyOld); + cryptohome::kCryptohomeTpmAttestationGetPublicKey); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); + writer.AppendString(user_id); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, base::Bind(&CryptohomeClientImpl::OnDataMethod, @@ -556,14 +564,16 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationRegisterKey( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, - cryptohome::kCryptohomeTpmAttestationRegisterKeyOld); + cryptohome::kCryptohomeTpmAttestationRegisterKey); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); + writer.AppendString(user_id); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, base::Bind(&CryptohomeClientImpl::OnAsyncMethodCall, @@ -574,6 +584,7 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -582,10 +593,11 @@ class CryptohomeClientImpl : public CryptohomeClient { const AsyncMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, - cryptohome::kCryptohomeTpmAttestationSignEnterpriseChallengeOld); + cryptohome::kCryptohomeTpmAttestationSignEnterpriseChallenge); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); + writer.AppendString(user_id); writer.AppendString(key_name); writer.AppendString(domain); writer.AppendArrayOfBytes(reinterpret_cast<const uint8*>(device_id.data()), @@ -604,15 +616,17 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, - cryptohome::kCryptohomeTpmAttestationSignSimpleChallengeOld); + cryptohome::kCryptohomeTpmAttestationSignSimpleChallenge); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); + writer.AppendString(user_id); writer.AppendString(key_name); writer.AppendArrayOfBytes(reinterpret_cast<const uint8*>(challenge.data()), challenge.size()); @@ -625,14 +639,16 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, - cryptohome::kCryptohomeTpmAttestationGetKeyPayloadOld); + cryptohome::kCryptohomeTpmAttestationGetKeyPayload); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); + writer.AppendString(user_id); writer.AppendString(key_name); proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT, base::Bind(&CryptohomeClientImpl::OnDataMethod, @@ -643,15 +659,17 @@ class CryptohomeClientImpl : public CryptohomeClient { // CryptohomeClient override. virtual void TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) OVERRIDE { dbus::MethodCall method_call( cryptohome::kCryptohomeInterface, - cryptohome::kCryptohomeTpmAttestationSetKeyPayloadOld); + cryptohome::kCryptohomeTpmAttestationSetKeyPayload); dbus::MessageWriter writer(&method_call); bool is_user_specific = (key_type == attestation::KEY_USER); writer.AppendBool(is_user_specific); + writer.AppendString(user_id); writer.AppendString(key_name); writer.AppendArrayOfBytes(reinterpret_cast<const uint8*>(payload.data()), payload.size()); diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h index f230d03..cc4b9d7 100644 --- a/chromeos/dbus/cryptohome_client.h +++ b/chromeos/dbus/cryptohome_client.h @@ -265,17 +265,17 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { const AsyncMethodCallback& callback) = 0; // Asynchronously creates an attestation certificate request according to - // |certificate_profile|. Some profiles require that the |user_email| of the + // |certificate_profile|. Some profiles require that the |user_id| of the // currently active user and an identifier of the |request_origin| be // provided. |callback| will be called when the dbus call completes. When // the operation completes, the AsyncCallStatusWithDataHandler signal handler // is called. The data that is sent with the signal is a certificate request // to be sent to the Privacy CA. The certificate request is completed by - // calling AsyncTpmAttestationFinishCertRequest. The |user_email| will not + // calling AsyncTpmAttestationFinishCertRequest. The |user_id| will not // be included in the certificate request for the Privacy CA. virtual void AsyncTpmAttestationCreateCertRequest( attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, const AsyncMethodCallback& callback) = 0; @@ -285,34 +285,47 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // sent with the signal is a certificate chain in PEM format. |pca_response| // is the response to the certificate request emitted by the Privacy CA. // |key_type| determines whether the certified key is to be associated with - // the current user. |key_name| is a name for the key. + // the current user. |key_name| is a name for the key. If |key_type| is + // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. + // For normal GAIA users the |user_id| is a canonical email address. virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback) = 0; // Checks if an attestation key already exists. If the key specified by // |key_type| and |key_name| exists, then the result sent to the callback will - // be true. + // be true. If |key_type| is KEY_USER, a |user_id| must be provided. + // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a + // canonical email address. virtual void TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const BoolDBusMethodCallback& callback) = 0; // Gets the attestation certificate for the key specified by |key_type| and // |key_name|. |callback| will be called when the operation completes. If - // the key does not exist the callback |result| parameter will be false. + // the key does not exist the callback |result| parameter will be false. If + // |key_type| is KEY_USER, a |user_id| must be provided. Otherwise |user_id| + // is ignored. For normal GAIA users the |user_id| is a canonical email + // address. virtual void TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) = 0; // Gets the public key for the key specified by |key_type| and |key_name|. // |callback| will be called when the operation completes. If the key does - // not exist the callback |result| parameter will be false. + // not exist the callback |result| parameter will be false. If |key_type| is + // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. + // For normal GAIA users the |user_id| is a canonical email address. virtual void TpmAttestationGetPublicKey( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) = 0; @@ -320,8 +333,12 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // PKCS #11 token. The |callback| will be called when the dbus call // completes. When the operation completes, the AsyncCallStatusHandler signal // handler is called. |key_type| and |key_name| specify the key to register. + // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise + // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical + // email address. virtual void TpmAttestationRegisterKey( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback) = 0; @@ -331,9 +348,12 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // generated. |challenge| must be a valid enterprise attestation challenge. // The |callback| will be called when the dbus call completes. When the // operation completes, the AsyncCallStatusWithDataHandler signal handler is - // called. + // called. If |key_type| is KEY_USER, a |user_id| must be provided. + // Otherwise |user_id| is ignored. For normal GAIA users the |user_id| is a + // canonical email address. virtual void TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -346,9 +366,12 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // A nonce will be appended to the challenge before signing; this method // cannot be used to sign arbitrary data. The |callback| will be called when // the dbus call completes. When the operation completes, the - // AsyncCallStatusWithDataHandler signal handler is called. + // AsyncCallStatusWithDataHandler signal handler is called. If |key_type| is + // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. + // For normal GAIA users the |user_id| is a canonical email address. virtual void TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) = 0; @@ -357,17 +380,24 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient { // |key_name|. The |callback| will be called when the operation completes. // If the key does not exist the callback |result| parameter will be false. // If no payload has been set for the key the callback |result| parameter will - // be true and the |data| parameter will be empty. + // be true and the |data| parameter will be empty. If |key_type| is + // KEY_USER, a |user_id| must be provided. Otherwise |user_id| is ignored. + // For normal GAIA users the |user_id| is a canonical email address. virtual void TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) = 0; // Sets the |payload| associated with the key specified by |key_type| and // |key_name|. The |callback| will be called when the operation completes. // If the operation succeeds, the callback |result| parameter will be true. + // If |key_type| is KEY_USER, a |user_id| must be provided. Otherwise + // |user_id| is ignored. For normal GAIA users the |user_id| is a canonical + // email address. virtual void TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) = 0; diff --git a/chromeos/dbus/fake_cryptohome_client.cc b/chromeos/dbus/fake_cryptohome_client.cc index aa067a1..7b40854 100644 --- a/chromeos/dbus/fake_cryptohome_client.cc +++ b/chromeos/dbus/fake_cryptohome_client.cc @@ -275,7 +275,7 @@ void FakeCryptohomeClient::AsyncTpmAttestationEnroll( void FakeCryptohomeClient::AsyncTpmAttestationCreateCertRequest( attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, true); @@ -284,6 +284,7 @@ void FakeCryptohomeClient::AsyncTpmAttestationCreateCertRequest( void FakeCryptohomeClient::AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, true); @@ -291,6 +292,7 @@ void FakeCryptohomeClient::AsyncTpmAttestationFinishCertRequest( void FakeCryptohomeClient::TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const BoolDBusMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -299,6 +301,7 @@ void FakeCryptohomeClient::TpmAttestationDoesKeyExist( void FakeCryptohomeClient::TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -308,6 +311,7 @@ void FakeCryptohomeClient::TpmAttestationGetCertificate( void FakeCryptohomeClient::TpmAttestationGetPublicKey( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -317,6 +321,7 @@ void FakeCryptohomeClient::TpmAttestationGetPublicKey( void FakeCryptohomeClient::TpmAttestationRegisterKey( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback) { ReturnAsyncMethodResult(callback, true); @@ -324,6 +329,7 @@ void FakeCryptohomeClient::TpmAttestationRegisterKey( void FakeCryptohomeClient::TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -335,6 +341,7 @@ void FakeCryptohomeClient::TpmAttestationSignEnterpriseChallenge( void FakeCryptohomeClient::TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) { @@ -343,6 +350,7 @@ void FakeCryptohomeClient::TpmAttestationSignSimpleChallenge( void FakeCryptohomeClient::TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) { base::MessageLoop::current()->PostTask( @@ -352,6 +360,7 @@ void FakeCryptohomeClient::TpmAttestationGetKeyPayload( void FakeCryptohomeClient::TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) { diff --git a/chromeos/dbus/fake_cryptohome_client.h b/chromeos/dbus/fake_cryptohome_client.h index d18b6e8..4f045ec 100644 --- a/chromeos/dbus/fake_cryptohome_client.h +++ b/chromeos/dbus/fake_cryptohome_client.h @@ -95,32 +95,38 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { const AsyncMethodCallback& callback) OVERRIDE; virtual void AsyncTpmAttestationCreateCertRequest( attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, const AsyncMethodCallback& callback) OVERRIDE; virtual void AsyncTpmAttestationFinishCertRequest( const std::string& pca_response, attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE; virtual void TpmAttestationDoesKeyExist( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const BoolDBusMethodCallback& callback) OVERRIDE; virtual void TpmAttestationGetCertificate( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE; virtual void TpmAttestationGetPublicKey( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE; virtual void TpmAttestationRegisterKey( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback) OVERRIDE; virtual void TpmAttestationSignEnterpriseChallenge( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, @@ -129,15 +135,18 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient { const AsyncMethodCallback& callback) OVERRIDE; virtual void TpmAttestationSignSimpleChallenge( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback) OVERRIDE; virtual void TpmAttestationGetKeyPayload( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback) OVERRIDE; virtual void TpmAttestationSetKeyPayload( attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback) OVERRIDE; diff --git a/chromeos/dbus/mock_cryptohome_client.h b/chromeos/dbus/mock_cryptohome_client.h index 76f3069..8cb4c6b 100644 --- a/chromeos/dbus/mock_cryptohome_client.h +++ b/chromeos/dbus/mock_cryptohome_client.h @@ -99,49 +99,58 @@ class MockCryptohomeClient : public CryptohomeClient { MOCK_METHOD4( AsyncTpmAttestationCreateCertRequest, void(attestation::AttestationCertificateProfile certificate_profile, - const std::string& user_email, + const std::string& user_id, const std::string& request_origin, const AsyncMethodCallback& callback)); - MOCK_METHOD4(AsyncTpmAttestationFinishCertRequest, + MOCK_METHOD5(AsyncTpmAttestationFinishCertRequest, void(const std::string& pca_response, attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback)); - MOCK_METHOD3(TpmAttestationDoesKeyExist, + MOCK_METHOD4(TpmAttestationDoesKeyExist, void(attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const BoolDBusMethodCallback& callback)); - MOCK_METHOD3(TpmAttestationGetCertificate, + MOCK_METHOD4(TpmAttestationGetCertificate, void(attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback)); - MOCK_METHOD3(TpmAttestationGetPublicKey, + MOCK_METHOD4(TpmAttestationGetPublicKey, void(attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback)); - MOCK_METHOD3(TpmAttestationRegisterKey, + MOCK_METHOD4(TpmAttestationRegisterKey, void(attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const AsyncMethodCallback& callback)); - MOCK_METHOD7(TpmAttestationSignEnterpriseChallenge, + MOCK_METHOD8(TpmAttestationSignEnterpriseChallenge, void(attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& domain, const std::string& device_id, attestation::AttestationChallengeOptions options, const std::string& challenge, const AsyncMethodCallback& callback)); - MOCK_METHOD4(TpmAttestationSignSimpleChallenge, + MOCK_METHOD5(TpmAttestationSignSimpleChallenge, void(attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& challenge, const AsyncMethodCallback& callback)); - MOCK_METHOD3(TpmAttestationGetKeyPayload, + MOCK_METHOD4(TpmAttestationGetKeyPayload, void(attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const DataMethodCallback& callback)); - MOCK_METHOD4(TpmAttestationSetKeyPayload, + MOCK_METHOD5(TpmAttestationSetKeyPayload, void(attestation::AttestationKeyType key_type, + const std::string& user_id, const std::string& key_name, const std::string& payload, const BoolDBusMethodCallback& callback)); |