From 027188c58c7a605ed9ed995e03e2c4deb2e3e0fe Mon Sep 17 00:00:00 2001
From: "dkrahn@chromium.org"
 <dkrahn@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 1 Nov 2013 22:51:45 +0000
Subject: Clear content protection platform keys on Chrome OS.

When a user chooses to deauthorize content licenses we also want to
remove keys and certificates that may have been used in platform
verification for content protection.

BUG=chromium:280016
TEST=unit, manual

Review URL: https://codereview.chromium.org/50143007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@232496 0039d316-1c4b-4281-b951-d872f2087c98
---
 chromeos/dbus/cryptohome_client.cc      | 17 +++++++++++++++++
 chromeos/dbus/cryptohome_client.h       | 14 ++++++++++++++
 chromeos/dbus/fake_cryptohome_client.cc |  9 +++++++++
 chromeos/dbus/fake_cryptohome_client.h  |  5 +++++
 chromeos/dbus/mock_cryptohome_client.h  |  5 +++++
 5 files changed, 50 insertions(+)

(limited to 'chromeos')

diff --git a/chromeos/dbus/cryptohome_client.cc b/chromeos/dbus/cryptohome_client.cc
index 77848d3..7165aa7 100644
--- a/chromeos/dbus/cryptohome_client.cc
+++ b/chromeos/dbus/cryptohome_client.cc
@@ -675,6 +675,23 @@ class CryptohomeClientImpl : public CryptohomeClient {
     CallBoolMethod(&method_call, callback);
   }
 
+  // CryptohomeClient override.
+  virtual void TpmAttestationDeleteKeys(
+      attestation::AttestationKeyType key_type,
+      const std::string& user_id,
+      const std::string& key_prefix,
+      const BoolDBusMethodCallback& callback) OVERRIDE {
+    dbus::MethodCall method_call(
+        cryptohome::kCryptohomeInterface,
+        cryptohome::kCryptohomeTpmAttestationDeleteKeys);
+    dbus::MessageWriter writer(&method_call);
+    bool is_user_specific = (key_type == attestation::KEY_USER);
+    writer.AppendBool(is_user_specific);
+    writer.AppendString(user_id);
+    writer.AppendString(key_prefix);
+    CallBoolMethod(&method_call, callback);
+  }
+
  protected:
   virtual void Init(dbus::Bus* bus) OVERRIDE {
     proxy_ = bus->GetObjectProxy(
diff --git a/chromeos/dbus/cryptohome_client.h b/chromeos/dbus/cryptohome_client.h
index 87457a7..2fcb975 100644
--- a/chromeos/dbus/cryptohome_client.h
+++ b/chromeos/dbus/cryptohome_client.h
@@ -413,6 +413,20 @@ class CHROMEOS_EXPORT CryptohomeClient : public DBusClient {
       const std::string& payload,
       const BoolDBusMethodCallback& callback) = 0;
 
+  // Deletes certified keys as specified by |key_type| and |key_prefix|.  The
+  // |callback| will be called when the operation completes.  If the operation
+  // succeeds, the callback |result| parameter will be true.  If |key_type| is
+  // KEY_USER, a |user_id| must be provided.  Otherwise |user_id| is ignored.
+  // For normal GAIA users the |user_id| is a canonical email address.  All keys
+  // where the key name has a prefix matching |key_prefix| will be deleted.  All
+  // meta-data associated with the key, including certificates, will also be
+  // deleted.
+  virtual void TpmAttestationDeleteKeys(
+      attestation::AttestationKeyType key_type,
+      const std::string& user_id,
+      const std::string& key_prefix,
+      const BoolDBusMethodCallback& callback) = 0;
+
  protected:
   // Create() should be used instead.
   CryptohomeClient();
diff --git a/chromeos/dbus/fake_cryptohome_client.cc b/chromeos/dbus/fake_cryptohome_client.cc
index 50ae793..c1baba0 100644
--- a/chromeos/dbus/fake_cryptohome_client.cc
+++ b/chromeos/dbus/fake_cryptohome_client.cc
@@ -382,6 +382,15 @@ void FakeCryptohomeClient::TpmAttestationSetKeyPayload(
       FROM_HERE, base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, false));
 }
 
+void FakeCryptohomeClient::TpmAttestationDeleteKeys(
+    attestation::AttestationKeyType key_type,
+    const std::string& user_id,
+    const std::string& key_prefix,
+    const BoolDBusMethodCallback& callback) {
+  base::MessageLoop::current()->PostTask(
+      FROM_HERE, base::Bind(callback, DBUS_METHOD_CALL_SUCCESS, false));
+}
+
 void FakeCryptohomeClient::SetServiceIsAvailable(bool is_available) {
   service_is_available_ = is_available;
   if (is_available) {
diff --git a/chromeos/dbus/fake_cryptohome_client.h b/chromeos/dbus/fake_cryptohome_client.h
index fd482b9..41b129d 100644
--- a/chromeos/dbus/fake_cryptohome_client.h
+++ b/chromeos/dbus/fake_cryptohome_client.h
@@ -152,6 +152,11 @@ class CHROMEOS_EXPORT FakeCryptohomeClient : public CryptohomeClient {
       const std::string& key_name,
       const std::string& payload,
       const BoolDBusMethodCallback& callback) OVERRIDE;
+  virtual void TpmAttestationDeleteKeys(
+      attestation::AttestationKeyType key_type,
+      const std::string& user_id,
+      const std::string& key_prefix,
+      const BoolDBusMethodCallback& callback) OVERRIDE;
 
   // Changes the behavior of WaitForServiceToBeAvailable(). This method runs
   // pending callbacks if is_available is true.
diff --git a/chromeos/dbus/mock_cryptohome_client.h b/chromeos/dbus/mock_cryptohome_client.h
index c8232da..6767923 100644
--- a/chromeos/dbus/mock_cryptohome_client.h
+++ b/chromeos/dbus/mock_cryptohome_client.h
@@ -156,6 +156,11 @@ class MockCryptohomeClient : public CryptohomeClient {
                     const std::string& key_name,
                     const std::string& payload,
                     const BoolDBusMethodCallback& callback));
+  MOCK_METHOD4(TpmAttestationDeleteKeys,
+               void(attestation::AttestationKeyType key_type,
+                    const std::string& user_id,
+                    const std::string& key_prefix,
+                    const BoolDBusMethodCallback& callback));
 };
 
 }  // namespace chromeos
-- 
cgit v1.1