diff options
4 files changed, 74 insertions, 1 deletions
diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow.cc b/chrome/browser/chromeos/attestation/platform_verification_flow.cc index 95cbdc8..cc49b8e 100644 --- a/chrome/browser/chromeos/attestation/platform_verification_flow.cc +++ b/chrome/browser/chromeos/attestation/platform_verification_flow.cc @@ -7,6 +7,7 @@ #include "base/command_line.h" #include "base/logging.h" #include "base/message_loop/message_loop.h" +#include "base/metrics/histogram.h" #include "base/prefs/pref_service.h" #include "base/time/time.h" #include "base/timer/timer.h" @@ -37,6 +38,11 @@ namespace { const char kDefaultHttpsPort[] = "443"; const int kTimeoutInSeconds = 8; +const char kAttestationResultHistogram[] = + "ChromeOS.PlatformVerification.Result"; +const char kAttestationAvailableHistogram[] = + "ChromeOS.PlatformVerification.Available"; +const int kAttestationResultHistogramMax = 10; // A callback method to handle DBus errors. void DBusCallback(const base::Callback<void(bool)>& on_success, @@ -56,6 +62,8 @@ void ReportError( const chromeos::attestation::PlatformVerificationFlow::ChallengeCallback& callback, chromeos::attestation::PlatformVerificationFlow::Result error) { + UMA_HISTOGRAM_ENUMERATION(kAttestationResultHistogram, error, + kAttestationResultHistogramMax); callback.Run(error, std::string(), std::string(), std::string()); } } // namespace @@ -182,10 +190,26 @@ void PlatformVerificationFlow::ChallengePlatformKey( return; } ChallengeContext context(web_contents, service_id, challenge, callback); + // Check if the device has been prepared to use attestation. BoolDBusMethodCallback dbus_callback = base::Bind( &DBusCallback, - base::Bind(&PlatformVerificationFlow::CheckConsent, this, context), + base::Bind(&PlatformVerificationFlow::CheckEnrollment, this, context), base::Bind(&ReportError, callback, INTERNAL_ERROR)); + cryptohome_client_->TpmAttestationIsPrepared(dbus_callback); +} + +void PlatformVerificationFlow::CheckEnrollment(const ChallengeContext& context, + bool attestation_prepared) { + UMA_HISTOGRAM_BOOLEAN(kAttestationAvailableHistogram, attestation_prepared); + if (!attestation_prepared) { + // This device is not currently able to use attestation features. + ReportError(context.callback, PLATFORM_NOT_VERIFIED); + return; + } + BoolDBusMethodCallback dbus_callback = base::Bind( + &DBusCallback, + base::Bind(&PlatformVerificationFlow::CheckConsent, this, context), + base::Bind(&ReportError, context.callback, INTERNAL_ERROR)); cryptohome_client_->TpmAttestationIsEnrolled(dbus_callback); } @@ -352,6 +376,8 @@ void PlatformVerificationFlow::OnChallengeReady( return; } VLOG(1) << "Platform verification successful."; + UMA_HISTOGRAM_ENUMERATION(kAttestationResultHistogram, SUCCESS, + kAttestationResultHistogramMax); context.callback.Run(SUCCESS, signed_data_pb.data(), signed_data_pb.signature(), diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow.h b/chrome/browser/chromeos/attestation/platform_verification_flow.h index b6571a4..a48b11c 100644 --- a/chrome/browser/chromeos/attestation/platform_verification_flow.h +++ b/chrome/browser/chromeos/attestation/platform_verification_flow.h @@ -183,6 +183,13 @@ class PlatformVerificationFlow ~PlatformVerificationFlow(); + // Checks whether the device has already been enrolled for attestation. The + // arguments to ChallengePlatformKey are in |context| and + // |attestation_prepared| specifies whether attestation has been prepared on + // this device. + void CheckEnrollment(const ChallengeContext& context, + bool attestation_prepared); + // Checks whether we need to prompt the user for consent before proceeding and // invokes the consent UI if so. The arguments to ChallengePlatformKey are // in |context| and |attestation_enrolled| specifies whether attestation has diff --git a/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc b/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc index 609d0b1..ad591c0 100644 --- a/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc +++ b/chrome/browser/chromeos/attestation/platform_verification_flow_unittest.cc @@ -477,5 +477,14 @@ TEST_F(PlatformVerificationFlowTest, IncognitoMode) { EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_); } +TEST_F(PlatformVerificationFlowTest, AttestationNotPrepared) { + fake_delegate_.set_response(PlatformVerificationFlow::CONSENT_RESPONSE_DENY); + fake_cryptohome_client_.set_attestation_enrolled(false); + fake_cryptohome_client_.set_attestation_prepared(false); + verifier_->ChallengePlatformKey(NULL, kTestID, kTestChallenge, callback_); + base::RunLoop().RunUntilIdle(); + EXPECT_EQ(PlatformVerificationFlow::PLATFORM_NOT_VERIFIED, result_); +} + } // namespace attestation } // namespace chromeos diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml index 07d1f90..f2740b9 100644 --- a/tools/metrics/histograms/histograms.xml +++ b/tools/metrics/histograms/histograms.xml @@ -2628,6 +2628,24 @@ Therefore, the affected-histogram name has to have at least one dot in it. </summary> </histogram> +<histogram name="ChromeOS.PlatformVerification.Available" + enum="BooleanAvailable"> + <owner>dkrahn@chromium.org</owner> + <summary> + Whether platform verification subsystem features are available at the time a + platform verification request is made for content protection on Chrome OS. + </summary> +</histogram> + +<histogram name="ChromeOS.PlatformVerification.Result" + enum="ChromeOSPlatformVerificationResult"> + <owner>dkrahn@chromium.org</owner> + <summary> + The result of a platform verification attempt for content protection on + Chrome OS. + </summary> +</histogram> + <histogram name="ChromeOS.SAML.APIUsed" enum="BooleanUsage"> <owner>bartfab@chromium.org</owner> <summary> @@ -39489,6 +39507,19 @@ Therefore, the affected-histogram name has to have at least one dot in it. <int value="3" label="Reading"/> </enum> +<enum name="ChromeOSPlatformVerificationResult" type="int"> + <summary> + Possible results of a platform verification attempt. See + chrome/browser/chromeos/attestation/platform_verification.h. + </summary> + <int value="0" label="Success"/> + <int value="1" label="Internal Error"/> + <int value="2" label="Platform Not Verified"/> + <int value="3" label="Rejected by User"/> + <int value="4" label="Rejected by Policy"/> + <int value="5" label="Timeout"/> +</enum> + <enum name="ChromeOSUserImageId" type="int"> <summary> Indices of the default images as defined in |