trunks: Changes the GetKey* interface GetKeyName now internally calls GetKeyPublicArea and hashes the public struct GetKeyPublic area now returns TPMT_PUBLIC rather than TPM2B_PUBLIC BUG=chromium:415999 TEST=FEATURES=test emerge-rambi trunks TEST=manual test on tpm Change-Id: Ie0791c453a8dcf9e3f777ccb4c7f4afcadf3869d Reviewed-on: https://chromium-review.googlesource.com/259630 Reviewed-by: Utkarsh Sanghi <usanghi@chromium.org> Commit-Queue: Utkarsh Sanghi <usanghi@chromium.org> Tested-by: Utkarsh Sanghi <usanghi@chromium.org>

commit: 8b2bf63478b292937f85b3b0e215882af461a999 [log] [tgz]
author: Utkarsh Sanghi <usanghi@chromium.org> Tue Mar 10 17:34:24 2015
committer: ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> Tue Mar 17 22:32:06 2015
tree: 947983fe4f8da2aa04256da8d45d8ba8802fe738
parent: f67826cab05a3d09e3890559e0d5af117cdc5365 [diff]
diff --git a/mock_tpm_utility.h b/mock_tpm_utility.h
index 81f93a2..8287950 100644
--- a/mock_tpm_utility.h
+++ b/mock_tpm_utility.h

@@ -25,14 +25,18 @@
   MOCK_METHOD3(TakeOwnership, TPM_RC(const std::string& owner_password,
                                      const std::string& endorsement_password,
                                      const std::string& lockout_password));
-  MOCK_METHOD1(StirRandom, TPM_RC(const std::string&));
-  MOCK_METHOD2(GenerateRandom, TPM_RC(size_t, std::string*));
-  MOCK_METHOD2(ExtendPCR, TPM_RC(int, const std::string&));
+  MOCK_METHOD2(StirRandom, TPM_RC(const std::string&, AuthorizationSession*));
+  MOCK_METHOD3(GenerateRandom, TPM_RC(size_t,
+                                      AuthorizationSession*,
+                                      std::string*));
+  MOCK_METHOD3(ExtendPCR,
+               TPM_RC(int, const std::string&, AuthorizationSession*));
   MOCK_METHOD2(ReadPCR, TPM_RC(int, std::string*));
-  MOCK_METHOD5(AsymmetricEncrypt, TPM_RC(TPM_HANDLE,
+  MOCK_METHOD6(AsymmetricEncrypt, TPM_RC(TPM_HANDLE,
                                          TPM_ALG_ID,
                                          TPM_ALG_ID,
                                          const std::string&,
+                                         AuthorizationSession*,
                                          std::string*));
   MOCK_METHOD6(AsymmetricDecrypt, TPM_RC(TPM_HANDLE,
                                          TPM_ALG_ID,
@@ -77,7 +81,7 @@
                                AuthorizationSession*,
                                TPM_HANDLE*));
   MOCK_METHOD2(GetKeyName, TPM_RC(TPM_HANDLE, std::string*));
-  MOCK_METHOD2(GetKeyPublicArea, TPM_RC(TPM_HANDLE, TPM2B_PUBLIC*));
+  MOCK_METHOD2(GetKeyPublicArea, TPM_RC(TPM_HANDLE, TPMT_PUBLIC*));
   MOCK_METHOD3(DefineNVSpace, TPM_RC(uint32_t,
                                      size_t,
                                      AuthorizationSession*));

diff --git a/tpm_utility.h b/tpm_utility.h
index c6355a4..a87f965 100644
--- a/tpm_utility.h
+++ b/tpm_utility.h

@@ -58,15 +58,26 @@
                                const std::string& lockout_password) = 0;
 
   // Stir the tpm random generation module with some random entropy data.
-  virtual TPM_RC StirRandom(const std::string& entropy_data) = 0;
+  // |session| specifies an optional authorization session to be used. If
+  // |session| is NULL, authorization is not used for this command.
+  virtual TPM_RC StirRandom(const std::string& entropy_data,
+                            AuthorizationSession* session) = 0;
 
   // This method returns |num_bytes| of random data generated by the tpm.
-  virtual TPM_RC GenerateRandom(size_t num_bytes, std::string* random_data) = 0;
+  // |session| specifies an optional authorization session to be used. If
+  // |session| is NULL, authorization is not used for this command.
+  virtual TPM_RC GenerateRandom(size_t num_bytes,
+                                AuthorizationSession*,
+                                std::string* random_data) = 0;
 
   // This method extends the pcr specified by |pcr_index| with the SHA256
   // hash of |extend_data|. The exact action performed is
   // TPM2_PCR_Extend(Sha256(extend_data));
-  virtual TPM_RC ExtendPCR(int pcr_index, const std::string& extend_data) = 0;
+  // |session| specifies an optional authorization session to be used. If
+  // |session| is NULL, authorization is not used for this command.
+  virtual TPM_RC ExtendPCR(int pcr_index,
+                           const std::string& extend_data,
+                           AuthorizationSession* session) = 0;
 
   // This method reads the pcr specified by |pcr_index| and returns its value
   // in |pcr_value|. NOTE: it assumes we are using SHA256 as our hash alg.
@@ -76,10 +87,13 @@
   // referrenced by its handle |key_handle|. The |plaintext| is then encrypted
   // to give us the |ciphertext|. |scheme| refers to the encryption scheme
   // to be used. By default keys use OAEP, but can also use TPM_ALG_RSAES.
+  // |session| specifies an optional authorization session to be used. If
+  // |session| is NULL, authorization is not used for this command.
   virtual TPM_RC AsymmetricEncrypt(TPM_HANDLE key_handle,
                                    TPM_ALG_ID scheme,
                                    TPM_ALG_ID hash_alg,
                                    const std::string& plaintext,
+                                   AuthorizationSession* session,
                                    std::string* ciphertext) = 0;
 
   // This method performs a decyption operating using a loaded RSA key
@@ -190,7 +204,7 @@
 
   // This function returns the public area of a handle in the tpm.
   virtual TPM_RC GetKeyPublicArea(TPM_HANDLE handle,
-                                  TPM2B_PUBLIC* public_data) = 0;
+                                  TPMT_PUBLIC* public_data) = 0;
 
   // This method defines a non-volatile storage area in the TPM, referenced
   // by |index| of size |num_bytes|. This command needs owner authorization.

diff --git a/tpm_utility_impl.cc b/tpm_utility_impl.cc
index 5687e47..52237fe 100644
--- a/tpm_utility_impl.cc
+++ b/tpm_utility_impl.cc

@@ -241,14 +241,29 @@
   return TPM_RC_SUCCESS;
 }
 
-TPM_RC TpmUtilityImpl::StirRandom(const std::string& entropy_data) {
+TPM_RC TpmUtilityImpl::StirRandom(const std::string& entropy_data,
+                                  AuthorizationSession* session) {
+  AuthorizationDelegate* delegate;
+  if (session) {
+    delegate = session->GetDelegate();
+  } else {
+    delegate = NULL;
+  }
   std::string digest = crypto::SHA256HashString(entropy_data);
   TPM2B_SENSITIVE_DATA random_bytes = Make_TPM2B_SENSITIVE_DATA(digest);
-  return factory_.GetTpm()->StirRandomSync(random_bytes, NULL);
+  return factory_.GetTpm()->StirRandomSync(random_bytes, delegate);
 }
 
 TPM_RC TpmUtilityImpl::GenerateRandom(size_t num_bytes,
+                                      AuthorizationSession* session,
                                       std::string* random_data) {
+  CHECK(random_data);
+  AuthorizationDelegate* delegate;
+  if (session) {
+    delegate = session->GetDelegate();
+  } else {
+    delegate = NULL;
+  }
   size_t bytes_left = num_bytes;
   random_data->clear();
   TPM_RC rc;
@@ -256,7 +271,7 @@
   while (bytes_left > 0) {
     rc = factory_.GetTpm()->GetRandomSync(bytes_left,
                                           &digest,
-                                          NULL);
+                                          delegate);
     if (rc) {
       LOG(ERROR) << "Error getting random data from tpm.";
       return rc;
@@ -269,11 +284,18 @@
 }
 
 TPM_RC TpmUtilityImpl::ExtendPCR(int pcr_index,
-                                 const std::string& extend_data) {
+                                 const std::string& extend_data,
+                                 AuthorizationSession* session) {
   if (pcr_index < 0 || pcr_index >= IMPLEMENTATION_PCR) {
     LOG(ERROR) << "Using a PCR index that isnt implemented.";
     return TPM_RC_FAILURE;
   }
+  AuthorizationDelegate* delegate;
+  if (session) {
+    delegate = session->GetDelegate();
+  } else {
+    delegate = NULL;
+  }
   TPM_HANDLE pcr_handle = HR_PCR + pcr_index;
   std::string pcr_name = NameFromHandle(pcr_handle);
   TPML_DIGEST_VALUES digests;
@@ -285,7 +307,7 @@
   return factory_.GetTpm()->PCR_ExtendSync(pcr_handle,
                                            pcr_name,
                                            digests,
-                                           NULL);
+                                           delegate);
 }
 
 TPM_RC TpmUtilityImpl::ReadPCR(int pcr_index, std::string* pcr_value) {
@@ -329,6 +351,7 @@
                                          TPM_ALG_ID scheme,
                                          TPM_ALG_ID hash_alg,
                                          const std::string& plaintext,
+                                         AuthorizationSession* session,
                                          std::string* ciphertext) {
   TPMT_RSA_DECRYPT in_scheme;
   if (hash_alg == TPM_ALG_NULL) {
@@ -344,44 +367,50 @@
     return SAPI_RC_BAD_PARAMETER;
   }
 
-  TPM2B_PUBLIC public_area;
-  TPM_RC return_code = GetKeyPublicArea(key_handle, &public_area);
-  if (return_code) {
+  TPMT_PUBLIC public_area;
+  TPM_RC result = GetKeyPublicArea(key_handle, &public_area);
+  if (result != TPM_RC_SUCCESS) {
     LOG(ERROR) << "Error finding public area for: " << key_handle;
-    return return_code;
-  } else if (public_area.public_area.type != TPM_ALG_RSA) {
+    return result;
+  } else if (public_area.type != TPM_ALG_RSA) {
     LOG(ERROR) << "Key handle given is not an RSA key";
     return SAPI_RC_BAD_PARAMETER;
-  } else if ((public_area.public_area.object_attributes & kDecrypt) == 0) {
+  } else if ((public_area.object_attributes & kDecrypt) == 0) {
     LOG(ERROR) << "Key handle given is not a decryption key";
     return SAPI_RC_BAD_PARAMETER;
   }
-  if ((public_area.public_area.object_attributes & kRestricted) != 0) {
+  if ((public_area.object_attributes & kRestricted) != 0) {
     LOG(ERROR) << "Cannot use RSAES for encryption with a restricted key";
     return SAPI_RC_BAD_PARAMETER;
   }
   std::string key_name;
-  return_code = GetKeyName(key_handle, &key_name);
-  if (return_code) {
-    LOG(ERROR) << "Error finding key name for: " << key_handle;
-    return return_code;
+  result = ComputeKeyName(public_area, &key_name);
+  if (result != TPM_RC_SUCCESS) {
+    LOG(ERROR) << "Error computing key name for: " << key_handle;
+    return result;
+  }
+  AuthorizationDelegate* delegate;
+  if (session) {
+    delegate = session->GetDelegate();
+  } else {
+    delegate = NULL;
   }
 
   TPM2B_DATA label;
   label.size = 0;
   TPM2B_PUBLIC_KEY_RSA in_message = Make_TPM2B_PUBLIC_KEY_RSA(plaintext);
   TPM2B_PUBLIC_KEY_RSA out_message;
-  return_code = factory_.GetTpm()->RSA_EncryptSync(key_handle,
-                                                   key_name,
-                                                   in_message,
-                                                   in_scheme,
-                                                   label,
-                                                   &out_message,
-                                                   NULL);
-  if (return_code) {
+  result = factory_.GetTpm()->RSA_EncryptSync(key_handle,
+                                              key_name,
+                                              in_message,
+                                              in_scheme,
+                                              label,
+                                              &out_message,
+                                              delegate);
+  if (result != TPM_RC_SUCCESS) {
     LOG(ERROR) << "Error performing RSA encrypt: "
-               << GetErrorString(return_code);
-    return return_code;
+               << GetErrorString(result);
+    return result;
   }
   ciphertext->assign(StringFrom_TPM2B_PUBLIC_KEY_RSA(out_message));
   return TPM_RC_SUCCESS;
@@ -413,26 +442,26 @@
                << GetErrorString(result);
     return result;
   }
-  TPM2B_PUBLIC public_area;
+  TPMT_PUBLIC public_area;
   result = GetKeyPublicArea(key_handle, &public_area);
   if (result) {
     LOG(ERROR) << "Error finding public area for: " << key_handle;
     return result;
-  } else if (public_area.public_area.type != TPM_ALG_RSA) {
+  } else if (public_area.type != TPM_ALG_RSA) {
     LOG(ERROR) << "Key handle given is not an RSA key";
     return SAPI_RC_BAD_PARAMETER;
-  } else if ((public_area.public_area.object_attributes & kDecrypt) == 0) {
+  } else if ((public_area.object_attributes & kDecrypt) == 0) {
     LOG(ERROR) << "Key handle given is not a decryption key";
     return SAPI_RC_BAD_PARAMETER;
   }
-  if ((public_area.public_area.object_attributes & kRestricted) != 0) {
+  if ((public_area.object_attributes & kRestricted) != 0) {
     LOG(ERROR) << "Cannot use RSAES for encryption with a restricted key";
     return SAPI_RC_BAD_PARAMETER;
   }
   std::string key_name;
-  result = GetKeyName(key_handle, &key_name);
+  result = ComputeKeyName(public_area, &key_name);
   if (result) {
-    LOG(ERROR) << "Error finding key name for: " << key_handle;
+    LOG(ERROR) << "Error computing key name for: " << key_handle;
     return result;
   }
 
@@ -483,26 +512,26 @@
                << GetErrorString(result);
     return result;
   }
-  TPM2B_PUBLIC public_area;
+  TPMT_PUBLIC public_area;
   result = GetKeyPublicArea(key_handle, &public_area);
   if (result) {
     LOG(ERROR) << "Error finding public area for: " << key_handle;
     return result;
-  } else if (public_area.public_area.type != TPM_ALG_RSA) {
+  } else if (public_area.type != TPM_ALG_RSA) {
     LOG(ERROR) << "Key handle given is not an RSA key";
     return SAPI_RC_BAD_PARAMETER;
-  } else if ((public_area.public_area.object_attributes & kSign) == 0) {
+  } else if ((public_area.object_attributes & kSign) == 0) {
     LOG(ERROR) << "Key handle given is not a signging key";
     return SAPI_RC_BAD_PARAMETER;
-  } else if ((public_area.public_area.object_attributes & kRestricted) != 0) {
+  } else if ((public_area.object_attributes & kRestricted) != 0) {
     LOG(ERROR) << "Key handle references a restricted key";
     return SAPI_RC_BAD_PARAMETER;
   }
 
   std::string key_name;
-  result = GetKeyName(key_handle, &key_name);
+  result = ComputeKeyName(public_area, &key_name);
   if (result) {
-    LOG(ERROR) << "Error finding key name for: " << key_handle;
+    LOG(ERROR) << "Error computing key name for: " << key_handle;
     return result;
   }
   std::string digest = HashString(plaintext, hash_alg);
@@ -540,18 +569,18 @@
                               TPM_ALG_ID hash_alg,
                               const std::string& plaintext,
                               const std::string& signature) {
-  TPM2B_PUBLIC public_area;
+  TPMT_PUBLIC public_area;
   TPM_RC return_code = GetKeyPublicArea(key_handle, &public_area);
   if (return_code) {
     LOG(ERROR) << "Error finding public area for: " << key_handle;
     return return_code;
-  } else if (public_area.public_area.type != TPM_ALG_RSA) {
+  } else if (public_area.type != TPM_ALG_RSA) {
     LOG(ERROR) << "Key handle given is not an RSA key";
     return SAPI_RC_BAD_PARAMETER;
-  } else if ((public_area.public_area.object_attributes & kSign) == 0) {
+  } else if ((public_area.object_attributes & kSign) == 0) {
     LOG(ERROR) << "Key handle given is not a signing key";
     return SAPI_RC_BAD_PARAMETER;
-  } else if ((public_area.public_area.object_attributes & kRestricted) != 0) {
+  } else if ((public_area.object_attributes & kRestricted) != 0) {
     LOG(ERROR) << "Cannot use RSAPSS for signing with a restricted key";
     return SAPI_RC_BAD_PARAMETER;
   }
@@ -634,13 +663,14 @@
     return result;
   }
   if (key_blob) {
-    TPM2B_PUBLIC public_data;
-    public_data.size = 0;
+    TPMT_PUBLIC public_data;
     result = GetKeyPublicArea(key_handle, &public_data);
     if (result != TPM_RC_SUCCESS) {
       return result;
     }
-    result = KeyDataToString(public_data, new_private_data, key_blob);
+    result = KeyDataToString(Make_TPM2B_PUBLIC(public_data),
+                             new_private_data,
+                             key_blob);
     if (result != TPM_RC_SUCCESS) {
       return result;
     }
@@ -870,35 +900,32 @@
 }
 
 TPM_RC TpmUtilityImpl::GetKeyName(TPM_HANDLE handle, std::string* name) {
-  TPM2B_PUBLIC public_data;
-  TPM2B_NAME out_name;
-  out_name.size = 0;
-  TPM2B_NAME qualified_name;
-  std::string handle_name;  // Unused
-  TPM_RC return_code = factory_.GetTpm()->ReadPublicSync(handle,
-                                                         handle_name,
-                                                         &public_data,
-                                                         &out_name,
-                                                         &qualified_name,
-                                                         NULL);
-  if (return_code) {
-    LOG(ERROR) << "Error generating name for object: " << handle;
-    return return_code;
+  CHECK(name);
+  TPM_RC result;
+  TPMT_PUBLIC public_data;
+  result = GetKeyPublicArea(handle, &public_data);
+  if (result != TPM_RC_SUCCESS) {
+    LOG(ERROR) << "Error fetching public info: " << GetErrorString(result);
+    return result;
   }
-  name->resize(out_name.size);
-  name->assign(StringFrom_TPM2B_NAME(out_name));
+  result = ComputeKeyName(public_data, name);
+  if (result != TPM_RC_SUCCESS) {
+    LOG(ERROR) << "Error computing key name: " << GetErrorString(result);
+    return TPM_RC_SUCCESS;
+  }
   return TPM_RC_SUCCESS;
 }
 
 TPM_RC TpmUtilityImpl::GetKeyPublicArea(TPM_HANDLE handle,
-                                        TPM2B_PUBLIC* public_data) {
+                                        TPMT_PUBLIC* public_data) {
   CHECK(public_data);
   TPM2B_NAME out_name;
+  TPM2B_PUBLIC public_area;
   TPM2B_NAME qualified_name;
   std::string handle_name;  // Unused
   TPM_RC return_code = factory_.GetTpm()->ReadPublicSync(handle,
                                                          handle_name,
-                                                         public_data,
+                                                         &public_area,
                                                          &out_name,
                                                          &qualified_name,
                                                          NULL);
@@ -906,6 +933,7 @@
     LOG(ERROR) << "Error generating name for object: " << handle;
     return return_code;
   }
+  *public_data = public_area.public_area;
   return TPM_RC_SUCCESS;
 }
 
@@ -1489,6 +1517,12 @@
 
 TPM_RC TpmUtilityImpl::ComputeKeyName(const TPMT_PUBLIC& public_area,
                                       std::string* object_name) {
+  CHECK(object_name);
+  if (public_area.type == TPM_ALG_ERROR) {
+    // We do not compute a name for empty public area.
+    object_name->clear();
+    return TPM_RC_SUCCESS;
+  }
   std::string serialized_public_area;
   TPM_RC result = Serialize_TPMT_PUBLIC(public_area, &serialized_public_area);
   if (result != TPM_RC_SUCCESS) {

diff --git a/tpm_utility_impl.h b/tpm_utility_impl.h
index e67b95c..818b2d2 100644
--- a/tpm_utility_impl.h
+++ b/tpm_utility_impl.h

@@ -35,15 +35,20 @@
   TPM_RC TakeOwnership(const std::string& owner_password,
                        const std::string& endorsement_password,
                        const std::string& lockout_password) override;
-  TPM_RC StirRandom(const std::string& entropy_data) override;
+  TPM_RC StirRandom(const std::string& entropy_data,
+                    AuthorizationSession* session) override;
   TPM_RC GenerateRandom(size_t num_bytes,
+                        AuthorizationSession* session,
                         std::string* random_data) override;
-  TPM_RC ExtendPCR(int pcr_index, const std::string& extend_data) override;
+  TPM_RC ExtendPCR(int pcr_index,
+                   const std::string& extend_data,
+                   AuthorizationSession* session) override;
   TPM_RC ReadPCR(int pcr_index, std::string* pcr_value) override;
   TPM_RC AsymmetricEncrypt(TPM_HANDLE key_handle,
                            TPM_ALG_ID scheme,
                            TPM_ALG_ID hash_alg,
                            const std::string& plaintext,
+                           AuthorizationSession* session,
                            std::string* ciphertext) override;
   TPM_RC AsymmetricDecrypt(TPM_HANDLE key_handle,
                            TPM_ALG_ID scheme,
@@ -89,7 +94,7 @@
                  TPM_HANDLE* key_handle) override;
   TPM_RC GetKeyName(TPM_HANDLE handle, std::string* name) override;
   TPM_RC GetKeyPublicArea(TPM_HANDLE handle,
-                          TPM2B_PUBLIC* public_data) override;
+                          TPMT_PUBLIC* public_data) override;
   TPM_RC DefineNVSpace(uint32_t index,
                        size_t num_bytes,
                        AuthorizationSession* session) override;

diff --git a/tpm_utility_test.cc b/tpm_utility_test.cc
index ade99f4..624361f 100644
--- a/tpm_utility_test.cc
+++ b/tpm_utility_test.cc

@@ -237,17 +237,21 @@
 TEST_F(TpmUtilityTest, StirRandomSuccess) {
   TpmUtilityImpl utility(factory_);
   std::string entropy_data("large test data", 100);
-  EXPECT_CALL(mock_tpm_, StirRandomSync(_, _))
+  NiceMock<MockAuthorizationDelegate> delegate;
+  EXPECT_CALL(mock_authorization_session_, GetDelegate())
+      .WillOnce(Return(&delegate));
+  EXPECT_CALL(mock_tpm_, StirRandomSync(_, &delegate))
       .WillOnce(Return(TPM_RC_SUCCESS));
-  EXPECT_EQ(TPM_RC_SUCCESS, utility.StirRandom(entropy_data));
+  EXPECT_EQ(TPM_RC_SUCCESS,
+            utility.StirRandom(entropy_data, &mock_authorization_session_));
 }
 
 TEST_F(TpmUtilityTest, StirRandomFails) {
   TpmUtilityImpl utility(factory_);
   std::string entropy_data("test data");
-  EXPECT_CALL(mock_tpm_, StirRandomSync(_, _))
+  EXPECT_CALL(mock_tpm_, StirRandomSync(_, NULL))
       .WillOnce(Return(TPM_RC_FAILURE));
-  EXPECT_EQ(TPM_RC_FAILURE, utility.StirRandom(entropy_data));
+  EXPECT_EQ(TPM_RC_FAILURE, utility.StirRandom(entropy_data, NULL));
 }
 
 TEST_F(TpmUtilityTest, GenerateRandomSuccess) {
@@ -261,15 +265,19 @@
   large_random.size = 32;
   TPM2B_DIGEST small_random;
   small_random.size = 8;
-
-  EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, _))
+  NiceMock<MockAuthorizationDelegate> delegate;
+  EXPECT_CALL(mock_authorization_session_, GetDelegate())
+      .WillOnce(Return(&delegate));
+  EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, &delegate))
       .Times(2)
       .WillRepeatedly(DoAll(SetArgPointee<1>(large_random),
                             Return(TPM_RC_SUCCESS)));
-  EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, _))
+  EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, &delegate))
       .WillOnce(DoAll(SetArgPointee<1>(small_random),
                       Return(TPM_RC_SUCCESS)));
-  EXPECT_EQ(TPM_RC_SUCCESS, utility.GenerateRandom(num_bytes, &random_data));
+  EXPECT_EQ(TPM_RC_SUCCESS, utility.GenerateRandom(num_bytes,
+                                                   &mock_authorization_session_,
+                                                   &random_data));
   EXPECT_EQ(num_bytes, random_data.size());
 }
 
@@ -277,14 +285,22 @@
   TpmUtilityImpl utility(factory_);
   int num_bytes = 5;
   std::string random_data;
-  EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, _))
+  EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, NULL))
       .WillOnce(Return(TPM_RC_FAILURE));
-  EXPECT_EQ(TPM_RC_FAILURE, utility.GenerateRandom(num_bytes, &random_data));
+  EXPECT_EQ(TPM_RC_FAILURE,
+            utility.GenerateRandom(num_bytes, NULL, &random_data));
 }
 
 TEST_F(TpmUtilityTest, ExtendPCRSuccess) {
   TpmUtilityImpl utility(factory_);
-  EXPECT_EQ(TPM_RC_SUCCESS, utility.ExtendPCR(1, "test digest"));
+  TPM_HANDLE pcr_handle = HR_PCR + 1;
+  NiceMock<MockAuthorizationDelegate> delegate;
+  EXPECT_CALL(mock_authorization_session_, GetDelegate())
+      .WillOnce(Return(&delegate));
+  EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, &delegate))
+      .WillOnce(Return(TPM_RC_SUCCESS));
+  EXPECT_EQ(TPM_RC_SUCCESS,
+            utility.ExtendPCR(1, "test digest", &mock_authorization_session_));
 }
 
 TEST_F(TpmUtilityTest, ExtendPCRFail) {
@@ -293,12 +309,12 @@
   TPM_HANDLE pcr_handle = HR_PCR + pcr_index;
   EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, _))
       .WillOnce(Return(TPM_RC_FAILURE));
-  EXPECT_EQ(TPM_RC_FAILURE, utility.ExtendPCR(pcr_index, "test digest"));
+  EXPECT_EQ(TPM_RC_FAILURE, utility.ExtendPCR(pcr_index, "test digest", NULL));
 }
 
 TEST_F(TpmUtilityTest, ExtendPCRBadParam) {
   TpmUtilityImpl utility(factory_);
-  EXPECT_EQ(TPM_RC_FAILURE, utility.ExtendPCR(-1, "test digest"));
+  EXPECT_EQ(TPM_RC_FAILURE, utility.ExtendPCR(-1, "test digest", NULL));
 }
 
 TEST_F(TpmUtilityTest, ReadPCRSuccess) {
@@ -349,17 +365,24 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kDecrypt;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
-  EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, _))
+  NiceMock<MockAuthorizationDelegate> delegate;
+  EXPECT_CALL(mock_authorization_session_, GetDelegate())
+      .WillOnce(Return(&delegate));
+  EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, &delegate))
       .WillOnce(DoAll(SetArgPointee<5>(out_message),
                       Return(TPM_RC_SUCCESS)));
-  EXPECT_EQ(TPM_RC_SUCCESS, utility.AsymmetricEncrypt(key_handle,
-                                                      TPM_ALG_NULL,
-                                                      TPM_ALG_NULL,
-                                                      plaintext,
-                                                      &ciphertext));
+  EXPECT_EQ(TPM_RC_SUCCESS, utility.AsymmetricEncrypt(
+      key_handle,
+      TPM_ALG_NULL,
+      TPM_ALG_NULL,
+      plaintext,
+      &mock_authorization_session_,
+      &ciphertext));
   EXPECT_EQ(0, ciphertext.compare(output_ciphertext));
 }
 
@@ -371,15 +394,18 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kDecrypt;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
-  EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, _))
+  EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, NULL))
       .WillOnce(Return(TPM_RC_FAILURE));
   EXPECT_EQ(TPM_RC_FAILURE, utility.AsymmetricEncrypt(key_handle,
                                                       TPM_ALG_NULL,
                                                       TPM_ALG_NULL,
                                                       plaintext,
+                                                      NULL,
                                                       &ciphertext));
 }
 
@@ -391,13 +417,14 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kDecrypt | kRestricted;
-  EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
+  EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, NULL))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
   EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility.AsymmetricEncrypt(key_handle,
                                                              TPM_ALG_RSAES,
                                                              TPM_ALG_NULL,
                                                              plaintext,
+                                                             NULL,
                                                              &ciphertext));
 }
 
@@ -412,11 +439,13 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kDecrypt;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   TPMT_RSA_DECRYPT scheme;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
-  EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, _))
+  EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, NULL))
       .WillOnce(DoAll(SetArgPointee<5>(out_message),
                       SaveArg<3>(&scheme),
                       Return(TPM_RC_SUCCESS)));
@@ -424,6 +453,7 @@
                                                       TPM_ALG_NULL,
                                                       TPM_ALG_NULL,
                                                       plaintext,
+                                                      NULL,
                                                       &ciphertext));
   EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP);
   EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256);
@@ -440,11 +470,13 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kDecrypt;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   TPMT_RSA_DECRYPT scheme;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
-  EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, _))
+  EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, NULL))
       .WillOnce(DoAll(SetArgPointee<5>(out_message),
                       SaveArg<3>(&scheme),
                       Return(TPM_RC_SUCCESS)));
@@ -452,6 +484,7 @@
                                                       TPM_ALG_RSAES,
                                                       TPM_ALG_NULL,
                                                       plaintext,
+                                                      NULL,
                                                       &ciphertext));
   EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES);
 }
@@ -469,6 +502,8 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kDecrypt;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
@@ -494,6 +529,8 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kDecrypt;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
@@ -553,6 +590,8 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kDecrypt;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   TPMT_RSA_DECRYPT scheme;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
@@ -584,6 +623,8 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kDecrypt;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   TPMT_RSA_DECRYPT scheme;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
@@ -616,6 +657,8 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kSign;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
@@ -640,6 +683,8 @@
   TPM2B_PUBLIC public_area;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kSign;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
@@ -774,6 +819,8 @@
   TPMT_SIG_SCHEME scheme;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kSign;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
@@ -803,6 +850,8 @@
   TPMT_SIG_SCHEME scheme;
   public_area.public_area.type = TPM_ALG_RSA;
   public_area.public_area.object_attributes = kSign;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
   EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
       .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
                             Return(TPM_RC_SUCCESS)));
@@ -1032,6 +1081,13 @@
   TPM_HANDLE key_handle = 1;
   std::string new_password;
   std::string key_blob;
+  TPM2B_PUBLIC public_area;
+  public_area.public_area.type = TPM_ALG_RSA;
+  public_area.public_area.auth_policy.size = 0;
+  public_area.public_area.unique.rsa.size = 0;
+  EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
+      .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
+                            Return(TPM_RC_SUCCESS)));
   EXPECT_EQ(TPM_RC_SUCCESS, utility.ChangeKeyAuthorizationData(
     key_handle, new_password, &mock_authorization_session_, &key_blob));
 }

diff --git a/trunks_client.cc b/trunks_client.cc
index 7366d2d..ab1647c 100644
--- a/trunks_client.cc
+++ b/trunks_client.cc

@@ -141,10 +141,12 @@
   }
   trunks::ScopedKeyHandle scoped_key(factory, decrypt_key);
   std::string ciphertext;
+  session->SetEntityAuthorizationValue("decrypt");
   rc = utility->AsymmetricEncrypt(scoped_key.get(),
                                   trunks::TPM_ALG_NULL,
                                   trunks::TPM_ALG_NULL,
                                   "plaintext",
+                                  session.get(),
                                   &ciphertext);
   if (rc) {
     LOG(ERROR) << "Error encrypting: " << trunks::GetErrorString(rc);
@@ -209,10 +211,12 @@
   }
   trunks::ScopedKeyHandle scoped_key(factory, key_handle);
   std::string ciphertext;
+  session->SetEntityAuthorizationValue("import");
   rc = utility->AsymmetricEncrypt(scoped_key.get(),
                                   trunks::TPM_ALG_NULL,
                                   trunks::TPM_ALG_NULL,
                                   "plaintext",
+                                  session.get(),
                                   &ciphertext);
   if (rc) {
     LOG(ERROR) << "Error encrypting: " << trunks::GetErrorString(rc);
@@ -285,10 +289,12 @@
 
   trunks::ScopedKeyHandle scoped_key(factory, key_handle);
   std::string ciphertext;
+  session->SetEntityAuthorizationValue("new_pass");
   rc = utility->AsymmetricEncrypt(scoped_key.get(),
                                   trunks::TPM_ALG_NULL,
                                   trunks::TPM_ALG_NULL,
                                   "plaintext",
+                                  session.get(),
                                   &ciphertext);
   if (rc) {
     LOG(ERROR) << "Error encrypting: " << trunks::GetErrorString(rc);

diff --git a/trunks_factory_for_test.cc b/trunks_factory_for_test.cc
index ef489f6..8fedeaf 100644
--- a/trunks_factory_for_test.cc
+++ b/trunks_factory_for_test.cc

@@ -88,16 +88,21 @@
                                   lockout_password);
   }
 
-  TPM_RC StirRandom(const std::string& entropy_data) override {
-    return target_->StirRandom(entropy_data);
+  TPM_RC StirRandom(const std::string& entropy_data,
+                    AuthorizationSession* session) override {
+    return target_->StirRandom(entropy_data, session);
   }
 
-  TPM_RC GenerateRandom(size_t num_bytes, std::string* random_data) override {
-    return target_->GenerateRandom(num_bytes, random_data);
+  TPM_RC GenerateRandom(size_t num_bytes,
+                        AuthorizationSession* session,
+                        std::string* random_data) override {
+    return target_->GenerateRandom(num_bytes, session, random_data);
   }
 
-  TPM_RC ExtendPCR(int pcr_index, const std::string& extend_data) override {
-    return target_->ExtendPCR(pcr_index, extend_data);
+  TPM_RC ExtendPCR(int pcr_index,
+                   const std::string& extend_data,
+                   AuthorizationSession* session) override {
+    return target_->ExtendPCR(pcr_index, extend_data, session);
   }
 
   TPM_RC ReadPCR(int pcr_index, std::string* pcr_value) override {
@@ -108,11 +113,13 @@
                            TPM_ALG_ID scheme,
                            TPM_ALG_ID hash_alg,
                            const std::string& plaintext,
+                           AuthorizationSession* session,
                            std::string* ciphertext) override {
     return target_->AsymmetricEncrypt(key_handle,
                                       scheme,
                                       hash_alg,
                                       plaintext,
+                                      session,
                                       ciphertext);
   }
 
@@ -203,7 +210,7 @@
   }
 
   TPM_RC GetKeyPublicArea(TPM_HANDLE handle,
-                          TPM2B_PUBLIC* public_data) override {
+                          TPMT_PUBLIC* public_data) override {
     return target_->GetKeyPublicArea(handle, public_data);
   }
commit	8b2bf63478b292937f85b3b0e215882af461a999	[log] [tgz]
author	Utkarsh Sanghi <usanghi@chromium.org>	Tue Mar 10 17:34:24 2015
committer	ChromeOS Commit Bot <chromeos-commit-bot@chromium.org>	Tue Mar 17 22:32:06 2015
tree	947983fe4f8da2aa04256da8d45d8ba8802fe738
parent	f67826cab05a3d09e3890559e0d5af117cdc5365 [diff]