trunks: Changes the GetKey* interface
GetKeyName now internally calls GetKeyPublicArea and
hashes the public struct
GetKeyPublic area now returns TPMT_PUBLIC rather than
TPM2B_PUBLIC
BUG=chromium:415999
TEST=FEATURES=test emerge-rambi trunks
TEST=manual test on tpm
Change-Id: Ie0791c453a8dcf9e3f777ccb4c7f4afcadf3869d
Reviewed-on: https://chromium-review.googlesource.com/259630
Reviewed-by: Utkarsh Sanghi <usanghi@chromium.org>
Commit-Queue: Utkarsh Sanghi <usanghi@chromium.org>
Tested-by: Utkarsh Sanghi <usanghi@chromium.org>
diff --git a/mock_tpm_utility.h b/mock_tpm_utility.h
index 81f93a2..8287950 100644
--- a/mock_tpm_utility.h
+++ b/mock_tpm_utility.h
@@ -25,14 +25,18 @@
MOCK_METHOD3(TakeOwnership, TPM_RC(const std::string& owner_password,
const std::string& endorsement_password,
const std::string& lockout_password));
- MOCK_METHOD1(StirRandom, TPM_RC(const std::string&));
- MOCK_METHOD2(GenerateRandom, TPM_RC(size_t, std::string*));
- MOCK_METHOD2(ExtendPCR, TPM_RC(int, const std::string&));
+ MOCK_METHOD2(StirRandom, TPM_RC(const std::string&, AuthorizationSession*));
+ MOCK_METHOD3(GenerateRandom, TPM_RC(size_t,
+ AuthorizationSession*,
+ std::string*));
+ MOCK_METHOD3(ExtendPCR,
+ TPM_RC(int, const std::string&, AuthorizationSession*));
MOCK_METHOD2(ReadPCR, TPM_RC(int, std::string*));
- MOCK_METHOD5(AsymmetricEncrypt, TPM_RC(TPM_HANDLE,
+ MOCK_METHOD6(AsymmetricEncrypt, TPM_RC(TPM_HANDLE,
TPM_ALG_ID,
TPM_ALG_ID,
const std::string&,
+ AuthorizationSession*,
std::string*));
MOCK_METHOD6(AsymmetricDecrypt, TPM_RC(TPM_HANDLE,
TPM_ALG_ID,
@@ -77,7 +81,7 @@
AuthorizationSession*,
TPM_HANDLE*));
MOCK_METHOD2(GetKeyName, TPM_RC(TPM_HANDLE, std::string*));
- MOCK_METHOD2(GetKeyPublicArea, TPM_RC(TPM_HANDLE, TPM2B_PUBLIC*));
+ MOCK_METHOD2(GetKeyPublicArea, TPM_RC(TPM_HANDLE, TPMT_PUBLIC*));
MOCK_METHOD3(DefineNVSpace, TPM_RC(uint32_t,
size_t,
AuthorizationSession*));
diff --git a/tpm_utility.h b/tpm_utility.h
index c6355a4..a87f965 100644
--- a/tpm_utility.h
+++ b/tpm_utility.h
@@ -58,15 +58,26 @@
const std::string& lockout_password) = 0;
// Stir the tpm random generation module with some random entropy data.
- virtual TPM_RC StirRandom(const std::string& entropy_data) = 0;
+ // |session| specifies an optional authorization session to be used. If
+ // |session| is NULL, authorization is not used for this command.
+ virtual TPM_RC StirRandom(const std::string& entropy_data,
+ AuthorizationSession* session) = 0;
// This method returns |num_bytes| of random data generated by the tpm.
- virtual TPM_RC GenerateRandom(size_t num_bytes, std::string* random_data) = 0;
+ // |session| specifies an optional authorization session to be used. If
+ // |session| is NULL, authorization is not used for this command.
+ virtual TPM_RC GenerateRandom(size_t num_bytes,
+ AuthorizationSession*,
+ std::string* random_data) = 0;
// This method extends the pcr specified by |pcr_index| with the SHA256
// hash of |extend_data|. The exact action performed is
// TPM2_PCR_Extend(Sha256(extend_data));
- virtual TPM_RC ExtendPCR(int pcr_index, const std::string& extend_data) = 0;
+ // |session| specifies an optional authorization session to be used. If
+ // |session| is NULL, authorization is not used for this command.
+ virtual TPM_RC ExtendPCR(int pcr_index,
+ const std::string& extend_data,
+ AuthorizationSession* session) = 0;
// This method reads the pcr specified by |pcr_index| and returns its value
// in |pcr_value|. NOTE: it assumes we are using SHA256 as our hash alg.
@@ -76,10 +87,13 @@
// referrenced by its handle |key_handle|. The |plaintext| is then encrypted
// to give us the |ciphertext|. |scheme| refers to the encryption scheme
// to be used. By default keys use OAEP, but can also use TPM_ALG_RSAES.
+ // |session| specifies an optional authorization session to be used. If
+ // |session| is NULL, authorization is not used for this command.
virtual TPM_RC AsymmetricEncrypt(TPM_HANDLE key_handle,
TPM_ALG_ID scheme,
TPM_ALG_ID hash_alg,
const std::string& plaintext,
+ AuthorizationSession* session,
std::string* ciphertext) = 0;
// This method performs a decyption operating using a loaded RSA key
@@ -190,7 +204,7 @@
// This function returns the public area of a handle in the tpm.
virtual TPM_RC GetKeyPublicArea(TPM_HANDLE handle,
- TPM2B_PUBLIC* public_data) = 0;
+ TPMT_PUBLIC* public_data) = 0;
// This method defines a non-volatile storage area in the TPM, referenced
// by |index| of size |num_bytes|. This command needs owner authorization.
diff --git a/tpm_utility_impl.cc b/tpm_utility_impl.cc
index 5687e47..52237fe 100644
--- a/tpm_utility_impl.cc
+++ b/tpm_utility_impl.cc
@@ -241,14 +241,29 @@
return TPM_RC_SUCCESS;
}
-TPM_RC TpmUtilityImpl::StirRandom(const std::string& entropy_data) {
+TPM_RC TpmUtilityImpl::StirRandom(const std::string& entropy_data,
+ AuthorizationSession* session) {
+ AuthorizationDelegate* delegate;
+ if (session) {
+ delegate = session->GetDelegate();
+ } else {
+ delegate = NULL;
+ }
std::string digest = crypto::SHA256HashString(entropy_data);
TPM2B_SENSITIVE_DATA random_bytes = Make_TPM2B_SENSITIVE_DATA(digest);
- return factory_.GetTpm()->StirRandomSync(random_bytes, NULL);
+ return factory_.GetTpm()->StirRandomSync(random_bytes, delegate);
}
TPM_RC TpmUtilityImpl::GenerateRandom(size_t num_bytes,
+ AuthorizationSession* session,
std::string* random_data) {
+ CHECK(random_data);
+ AuthorizationDelegate* delegate;
+ if (session) {
+ delegate = session->GetDelegate();
+ } else {
+ delegate = NULL;
+ }
size_t bytes_left = num_bytes;
random_data->clear();
TPM_RC rc;
@@ -256,7 +271,7 @@
while (bytes_left > 0) {
rc = factory_.GetTpm()->GetRandomSync(bytes_left,
&digest,
- NULL);
+ delegate);
if (rc) {
LOG(ERROR) << "Error getting random data from tpm.";
return rc;
@@ -269,11 +284,18 @@
}
TPM_RC TpmUtilityImpl::ExtendPCR(int pcr_index,
- const std::string& extend_data) {
+ const std::string& extend_data,
+ AuthorizationSession* session) {
if (pcr_index < 0 || pcr_index >= IMPLEMENTATION_PCR) {
LOG(ERROR) << "Using a PCR index that isnt implemented.";
return TPM_RC_FAILURE;
}
+ AuthorizationDelegate* delegate;
+ if (session) {
+ delegate = session->GetDelegate();
+ } else {
+ delegate = NULL;
+ }
TPM_HANDLE pcr_handle = HR_PCR + pcr_index;
std::string pcr_name = NameFromHandle(pcr_handle);
TPML_DIGEST_VALUES digests;
@@ -285,7 +307,7 @@
return factory_.GetTpm()->PCR_ExtendSync(pcr_handle,
pcr_name,
digests,
- NULL);
+ delegate);
}
TPM_RC TpmUtilityImpl::ReadPCR(int pcr_index, std::string* pcr_value) {
@@ -329,6 +351,7 @@
TPM_ALG_ID scheme,
TPM_ALG_ID hash_alg,
const std::string& plaintext,
+ AuthorizationSession* session,
std::string* ciphertext) {
TPMT_RSA_DECRYPT in_scheme;
if (hash_alg == TPM_ALG_NULL) {
@@ -344,44 +367,50 @@
return SAPI_RC_BAD_PARAMETER;
}
- TPM2B_PUBLIC public_area;
- TPM_RC return_code = GetKeyPublicArea(key_handle, &public_area);
- if (return_code) {
+ TPMT_PUBLIC public_area;
+ TPM_RC result = GetKeyPublicArea(key_handle, &public_area);
+ if (result != TPM_RC_SUCCESS) {
LOG(ERROR) << "Error finding public area for: " << key_handle;
- return return_code;
- } else if (public_area.public_area.type != TPM_ALG_RSA) {
+ return result;
+ } else if (public_area.type != TPM_ALG_RSA) {
LOG(ERROR) << "Key handle given is not an RSA key";
return SAPI_RC_BAD_PARAMETER;
- } else if ((public_area.public_area.object_attributes & kDecrypt) == 0) {
+ } else if ((public_area.object_attributes & kDecrypt) == 0) {
LOG(ERROR) << "Key handle given is not a decryption key";
return SAPI_RC_BAD_PARAMETER;
}
- if ((public_area.public_area.object_attributes & kRestricted) != 0) {
+ if ((public_area.object_attributes & kRestricted) != 0) {
LOG(ERROR) << "Cannot use RSAES for encryption with a restricted key";
return SAPI_RC_BAD_PARAMETER;
}
std::string key_name;
- return_code = GetKeyName(key_handle, &key_name);
- if (return_code) {
- LOG(ERROR) << "Error finding key name for: " << key_handle;
- return return_code;
+ result = ComputeKeyName(public_area, &key_name);
+ if (result != TPM_RC_SUCCESS) {
+ LOG(ERROR) << "Error computing key name for: " << key_handle;
+ return result;
+ }
+ AuthorizationDelegate* delegate;
+ if (session) {
+ delegate = session->GetDelegate();
+ } else {
+ delegate = NULL;
}
TPM2B_DATA label;
label.size = 0;
TPM2B_PUBLIC_KEY_RSA in_message = Make_TPM2B_PUBLIC_KEY_RSA(plaintext);
TPM2B_PUBLIC_KEY_RSA out_message;
- return_code = factory_.GetTpm()->RSA_EncryptSync(key_handle,
- key_name,
- in_message,
- in_scheme,
- label,
- &out_message,
- NULL);
- if (return_code) {
+ result = factory_.GetTpm()->RSA_EncryptSync(key_handle,
+ key_name,
+ in_message,
+ in_scheme,
+ label,
+ &out_message,
+ delegate);
+ if (result != TPM_RC_SUCCESS) {
LOG(ERROR) << "Error performing RSA encrypt: "
- << GetErrorString(return_code);
- return return_code;
+ << GetErrorString(result);
+ return result;
}
ciphertext->assign(StringFrom_TPM2B_PUBLIC_KEY_RSA(out_message));
return TPM_RC_SUCCESS;
@@ -413,26 +442,26 @@
<< GetErrorString(result);
return result;
}
- TPM2B_PUBLIC public_area;
+ TPMT_PUBLIC public_area;
result = GetKeyPublicArea(key_handle, &public_area);
if (result) {
LOG(ERROR) << "Error finding public area for: " << key_handle;
return result;
- } else if (public_area.public_area.type != TPM_ALG_RSA) {
+ } else if (public_area.type != TPM_ALG_RSA) {
LOG(ERROR) << "Key handle given is not an RSA key";
return SAPI_RC_BAD_PARAMETER;
- } else if ((public_area.public_area.object_attributes & kDecrypt) == 0) {
+ } else if ((public_area.object_attributes & kDecrypt) == 0) {
LOG(ERROR) << "Key handle given is not a decryption key";
return SAPI_RC_BAD_PARAMETER;
}
- if ((public_area.public_area.object_attributes & kRestricted) != 0) {
+ if ((public_area.object_attributes & kRestricted) != 0) {
LOG(ERROR) << "Cannot use RSAES for encryption with a restricted key";
return SAPI_RC_BAD_PARAMETER;
}
std::string key_name;
- result = GetKeyName(key_handle, &key_name);
+ result = ComputeKeyName(public_area, &key_name);
if (result) {
- LOG(ERROR) << "Error finding key name for: " << key_handle;
+ LOG(ERROR) << "Error computing key name for: " << key_handle;
return result;
}
@@ -483,26 +512,26 @@
<< GetErrorString(result);
return result;
}
- TPM2B_PUBLIC public_area;
+ TPMT_PUBLIC public_area;
result = GetKeyPublicArea(key_handle, &public_area);
if (result) {
LOG(ERROR) << "Error finding public area for: " << key_handle;
return result;
- } else if (public_area.public_area.type != TPM_ALG_RSA) {
+ } else if (public_area.type != TPM_ALG_RSA) {
LOG(ERROR) << "Key handle given is not an RSA key";
return SAPI_RC_BAD_PARAMETER;
- } else if ((public_area.public_area.object_attributes & kSign) == 0) {
+ } else if ((public_area.object_attributes & kSign) == 0) {
LOG(ERROR) << "Key handle given is not a signging key";
return SAPI_RC_BAD_PARAMETER;
- } else if ((public_area.public_area.object_attributes & kRestricted) != 0) {
+ } else if ((public_area.object_attributes & kRestricted) != 0) {
LOG(ERROR) << "Key handle references a restricted key";
return SAPI_RC_BAD_PARAMETER;
}
std::string key_name;
- result = GetKeyName(key_handle, &key_name);
+ result = ComputeKeyName(public_area, &key_name);
if (result) {
- LOG(ERROR) << "Error finding key name for: " << key_handle;
+ LOG(ERROR) << "Error computing key name for: " << key_handle;
return result;
}
std::string digest = HashString(plaintext, hash_alg);
@@ -540,18 +569,18 @@
TPM_ALG_ID hash_alg,
const std::string& plaintext,
const std::string& signature) {
- TPM2B_PUBLIC public_area;
+ TPMT_PUBLIC public_area;
TPM_RC return_code = GetKeyPublicArea(key_handle, &public_area);
if (return_code) {
LOG(ERROR) << "Error finding public area for: " << key_handle;
return return_code;
- } else if (public_area.public_area.type != TPM_ALG_RSA) {
+ } else if (public_area.type != TPM_ALG_RSA) {
LOG(ERROR) << "Key handle given is not an RSA key";
return SAPI_RC_BAD_PARAMETER;
- } else if ((public_area.public_area.object_attributes & kSign) == 0) {
+ } else if ((public_area.object_attributes & kSign) == 0) {
LOG(ERROR) << "Key handle given is not a signing key";
return SAPI_RC_BAD_PARAMETER;
- } else if ((public_area.public_area.object_attributes & kRestricted) != 0) {
+ } else if ((public_area.object_attributes & kRestricted) != 0) {
LOG(ERROR) << "Cannot use RSAPSS for signing with a restricted key";
return SAPI_RC_BAD_PARAMETER;
}
@@ -634,13 +663,14 @@
return result;
}
if (key_blob) {
- TPM2B_PUBLIC public_data;
- public_data.size = 0;
+ TPMT_PUBLIC public_data;
result = GetKeyPublicArea(key_handle, &public_data);
if (result != TPM_RC_SUCCESS) {
return result;
}
- result = KeyDataToString(public_data, new_private_data, key_blob);
+ result = KeyDataToString(Make_TPM2B_PUBLIC(public_data),
+ new_private_data,
+ key_blob);
if (result != TPM_RC_SUCCESS) {
return result;
}
@@ -870,35 +900,32 @@
}
TPM_RC TpmUtilityImpl::GetKeyName(TPM_HANDLE handle, std::string* name) {
- TPM2B_PUBLIC public_data;
- TPM2B_NAME out_name;
- out_name.size = 0;
- TPM2B_NAME qualified_name;
- std::string handle_name; // Unused
- TPM_RC return_code = factory_.GetTpm()->ReadPublicSync(handle,
- handle_name,
- &public_data,
- &out_name,
- &qualified_name,
- NULL);
- if (return_code) {
- LOG(ERROR) << "Error generating name for object: " << handle;
- return return_code;
+ CHECK(name);
+ TPM_RC result;
+ TPMT_PUBLIC public_data;
+ result = GetKeyPublicArea(handle, &public_data);
+ if (result != TPM_RC_SUCCESS) {
+ LOG(ERROR) << "Error fetching public info: " << GetErrorString(result);
+ return result;
}
- name->resize(out_name.size);
- name->assign(StringFrom_TPM2B_NAME(out_name));
+ result = ComputeKeyName(public_data, name);
+ if (result != TPM_RC_SUCCESS) {
+ LOG(ERROR) << "Error computing key name: " << GetErrorString(result);
+ return TPM_RC_SUCCESS;
+ }
return TPM_RC_SUCCESS;
}
TPM_RC TpmUtilityImpl::GetKeyPublicArea(TPM_HANDLE handle,
- TPM2B_PUBLIC* public_data) {
+ TPMT_PUBLIC* public_data) {
CHECK(public_data);
TPM2B_NAME out_name;
+ TPM2B_PUBLIC public_area;
TPM2B_NAME qualified_name;
std::string handle_name; // Unused
TPM_RC return_code = factory_.GetTpm()->ReadPublicSync(handle,
handle_name,
- public_data,
+ &public_area,
&out_name,
&qualified_name,
NULL);
@@ -906,6 +933,7 @@
LOG(ERROR) << "Error generating name for object: " << handle;
return return_code;
}
+ *public_data = public_area.public_area;
return TPM_RC_SUCCESS;
}
@@ -1489,6 +1517,12 @@
TPM_RC TpmUtilityImpl::ComputeKeyName(const TPMT_PUBLIC& public_area,
std::string* object_name) {
+ CHECK(object_name);
+ if (public_area.type == TPM_ALG_ERROR) {
+ // We do not compute a name for empty public area.
+ object_name->clear();
+ return TPM_RC_SUCCESS;
+ }
std::string serialized_public_area;
TPM_RC result = Serialize_TPMT_PUBLIC(public_area, &serialized_public_area);
if (result != TPM_RC_SUCCESS) {
diff --git a/tpm_utility_impl.h b/tpm_utility_impl.h
index e67b95c..818b2d2 100644
--- a/tpm_utility_impl.h
+++ b/tpm_utility_impl.h
@@ -35,15 +35,20 @@
TPM_RC TakeOwnership(const std::string& owner_password,
const std::string& endorsement_password,
const std::string& lockout_password) override;
- TPM_RC StirRandom(const std::string& entropy_data) override;
+ TPM_RC StirRandom(const std::string& entropy_data,
+ AuthorizationSession* session) override;
TPM_RC GenerateRandom(size_t num_bytes,
+ AuthorizationSession* session,
std::string* random_data) override;
- TPM_RC ExtendPCR(int pcr_index, const std::string& extend_data) override;
+ TPM_RC ExtendPCR(int pcr_index,
+ const std::string& extend_data,
+ AuthorizationSession* session) override;
TPM_RC ReadPCR(int pcr_index, std::string* pcr_value) override;
TPM_RC AsymmetricEncrypt(TPM_HANDLE key_handle,
TPM_ALG_ID scheme,
TPM_ALG_ID hash_alg,
const std::string& plaintext,
+ AuthorizationSession* session,
std::string* ciphertext) override;
TPM_RC AsymmetricDecrypt(TPM_HANDLE key_handle,
TPM_ALG_ID scheme,
@@ -89,7 +94,7 @@
TPM_HANDLE* key_handle) override;
TPM_RC GetKeyName(TPM_HANDLE handle, std::string* name) override;
TPM_RC GetKeyPublicArea(TPM_HANDLE handle,
- TPM2B_PUBLIC* public_data) override;
+ TPMT_PUBLIC* public_data) override;
TPM_RC DefineNVSpace(uint32_t index,
size_t num_bytes,
AuthorizationSession* session) override;
diff --git a/tpm_utility_test.cc b/tpm_utility_test.cc
index ade99f4..624361f 100644
--- a/tpm_utility_test.cc
+++ b/tpm_utility_test.cc
@@ -237,17 +237,21 @@
TEST_F(TpmUtilityTest, StirRandomSuccess) {
TpmUtilityImpl utility(factory_);
std::string entropy_data("large test data", 100);
- EXPECT_CALL(mock_tpm_, StirRandomSync(_, _))
+ NiceMock<MockAuthorizationDelegate> delegate;
+ EXPECT_CALL(mock_authorization_session_, GetDelegate())
+ .WillOnce(Return(&delegate));
+ EXPECT_CALL(mock_tpm_, StirRandomSync(_, &delegate))
.WillOnce(Return(TPM_RC_SUCCESS));
- EXPECT_EQ(TPM_RC_SUCCESS, utility.StirRandom(entropy_data));
+ EXPECT_EQ(TPM_RC_SUCCESS,
+ utility.StirRandom(entropy_data, &mock_authorization_session_));
}
TEST_F(TpmUtilityTest, StirRandomFails) {
TpmUtilityImpl utility(factory_);
std::string entropy_data("test data");
- EXPECT_CALL(mock_tpm_, StirRandomSync(_, _))
+ EXPECT_CALL(mock_tpm_, StirRandomSync(_, NULL))
.WillOnce(Return(TPM_RC_FAILURE));
- EXPECT_EQ(TPM_RC_FAILURE, utility.StirRandom(entropy_data));
+ EXPECT_EQ(TPM_RC_FAILURE, utility.StirRandom(entropy_data, NULL));
}
TEST_F(TpmUtilityTest, GenerateRandomSuccess) {
@@ -261,15 +265,19 @@
large_random.size = 32;
TPM2B_DIGEST small_random;
small_random.size = 8;
-
- EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, _))
+ NiceMock<MockAuthorizationDelegate> delegate;
+ EXPECT_CALL(mock_authorization_session_, GetDelegate())
+ .WillOnce(Return(&delegate));
+ EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, &delegate))
.Times(2)
.WillRepeatedly(DoAll(SetArgPointee<1>(large_random),
Return(TPM_RC_SUCCESS)));
- EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, _))
+ EXPECT_CALL(mock_tpm_, GetRandomSync(8, _, &delegate))
.WillOnce(DoAll(SetArgPointee<1>(small_random),
Return(TPM_RC_SUCCESS)));
- EXPECT_EQ(TPM_RC_SUCCESS, utility.GenerateRandom(num_bytes, &random_data));
+ EXPECT_EQ(TPM_RC_SUCCESS, utility.GenerateRandom(num_bytes,
+ &mock_authorization_session_,
+ &random_data));
EXPECT_EQ(num_bytes, random_data.size());
}
@@ -277,14 +285,22 @@
TpmUtilityImpl utility(factory_);
int num_bytes = 5;
std::string random_data;
- EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, _))
+ EXPECT_CALL(mock_tpm_, GetRandomSync(_, _, NULL))
.WillOnce(Return(TPM_RC_FAILURE));
- EXPECT_EQ(TPM_RC_FAILURE, utility.GenerateRandom(num_bytes, &random_data));
+ EXPECT_EQ(TPM_RC_FAILURE,
+ utility.GenerateRandom(num_bytes, NULL, &random_data));
}
TEST_F(TpmUtilityTest, ExtendPCRSuccess) {
TpmUtilityImpl utility(factory_);
- EXPECT_EQ(TPM_RC_SUCCESS, utility.ExtendPCR(1, "test digest"));
+ TPM_HANDLE pcr_handle = HR_PCR + 1;
+ NiceMock<MockAuthorizationDelegate> delegate;
+ EXPECT_CALL(mock_authorization_session_, GetDelegate())
+ .WillOnce(Return(&delegate));
+ EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, &delegate))
+ .WillOnce(Return(TPM_RC_SUCCESS));
+ EXPECT_EQ(TPM_RC_SUCCESS,
+ utility.ExtendPCR(1, "test digest", &mock_authorization_session_));
}
TEST_F(TpmUtilityTest, ExtendPCRFail) {
@@ -293,12 +309,12 @@
TPM_HANDLE pcr_handle = HR_PCR + pcr_index;
EXPECT_CALL(mock_tpm_, PCR_ExtendSync(pcr_handle, _, _, _))
.WillOnce(Return(TPM_RC_FAILURE));
- EXPECT_EQ(TPM_RC_FAILURE, utility.ExtendPCR(pcr_index, "test digest"));
+ EXPECT_EQ(TPM_RC_FAILURE, utility.ExtendPCR(pcr_index, "test digest", NULL));
}
TEST_F(TpmUtilityTest, ExtendPCRBadParam) {
TpmUtilityImpl utility(factory_);
- EXPECT_EQ(TPM_RC_FAILURE, utility.ExtendPCR(-1, "test digest"));
+ EXPECT_EQ(TPM_RC_FAILURE, utility.ExtendPCR(-1, "test digest", NULL));
}
TEST_F(TpmUtilityTest, ReadPCRSuccess) {
@@ -349,17 +365,24 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
- EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, _))
+ NiceMock<MockAuthorizationDelegate> delegate;
+ EXPECT_CALL(mock_authorization_session_, GetDelegate())
+ .WillOnce(Return(&delegate));
+ EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, &delegate))
.WillOnce(DoAll(SetArgPointee<5>(out_message),
Return(TPM_RC_SUCCESS)));
- EXPECT_EQ(TPM_RC_SUCCESS, utility.AsymmetricEncrypt(key_handle,
- TPM_ALG_NULL,
- TPM_ALG_NULL,
- plaintext,
- &ciphertext));
+ EXPECT_EQ(TPM_RC_SUCCESS, utility.AsymmetricEncrypt(
+ key_handle,
+ TPM_ALG_NULL,
+ TPM_ALG_NULL,
+ plaintext,
+ &mock_authorization_session_,
+ &ciphertext));
EXPECT_EQ(0, ciphertext.compare(output_ciphertext));
}
@@ -371,15 +394,18 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
- EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, _))
+ EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, NULL))
.WillOnce(Return(TPM_RC_FAILURE));
EXPECT_EQ(TPM_RC_FAILURE, utility.AsymmetricEncrypt(key_handle,
TPM_ALG_NULL,
TPM_ALG_NULL,
plaintext,
+ NULL,
&ciphertext));
}
@@ -391,13 +417,14 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt | kRestricted;
- EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
+ EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, NULL))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
EXPECT_EQ(SAPI_RC_BAD_PARAMETER, utility.AsymmetricEncrypt(key_handle,
TPM_ALG_RSAES,
TPM_ALG_NULL,
plaintext,
+ NULL,
&ciphertext));
}
@@ -412,11 +439,13 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
TPMT_RSA_DECRYPT scheme;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
- EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, _))
+ EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, NULL))
.WillOnce(DoAll(SetArgPointee<5>(out_message),
SaveArg<3>(&scheme),
Return(TPM_RC_SUCCESS)));
@@ -424,6 +453,7 @@
TPM_ALG_NULL,
TPM_ALG_NULL,
plaintext,
+ NULL,
&ciphertext));
EXPECT_EQ(scheme.scheme, TPM_ALG_OAEP);
EXPECT_EQ(scheme.details.oaep.hash_alg, TPM_ALG_SHA256);
@@ -440,11 +470,13 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
TPMT_RSA_DECRYPT scheme;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
- EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, _))
+ EXPECT_CALL(mock_tpm_, RSA_EncryptSync(key_handle, _, _, _, _, _, NULL))
.WillOnce(DoAll(SetArgPointee<5>(out_message),
SaveArg<3>(&scheme),
Return(TPM_RC_SUCCESS)));
@@ -452,6 +484,7 @@
TPM_ALG_RSAES,
TPM_ALG_NULL,
plaintext,
+ NULL,
&ciphertext));
EXPECT_EQ(scheme.scheme, TPM_ALG_RSAES);
}
@@ -469,6 +502,8 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
@@ -494,6 +529,8 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
@@ -553,6 +590,8 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
TPMT_RSA_DECRYPT scheme;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
@@ -584,6 +623,8 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kDecrypt;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
TPMT_RSA_DECRYPT scheme;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
@@ -616,6 +657,8 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
@@ -640,6 +683,8 @@
TPM2B_PUBLIC public_area;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
@@ -774,6 +819,8 @@
TPMT_SIG_SCHEME scheme;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
@@ -803,6 +850,8 @@
TPMT_SIG_SCHEME scheme;
public_area.public_area.type = TPM_ALG_RSA;
public_area.public_area.object_attributes = kSign;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
EXPECT_CALL(mock_tpm_, ReadPublicSync(key_handle, _, _, _, _, _))
.WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
Return(TPM_RC_SUCCESS)));
@@ -1032,6 +1081,13 @@
TPM_HANDLE key_handle = 1;
std::string new_password;
std::string key_blob;
+ TPM2B_PUBLIC public_area;
+ public_area.public_area.type = TPM_ALG_RSA;
+ public_area.public_area.auth_policy.size = 0;
+ public_area.public_area.unique.rsa.size = 0;
+ EXPECT_CALL(mock_tpm_, ReadPublicSync(_, _, _, _, _, _))
+ .WillRepeatedly(DoAll(SetArgPointee<2>(public_area),
+ Return(TPM_RC_SUCCESS)));
EXPECT_EQ(TPM_RC_SUCCESS, utility.ChangeKeyAuthorizationData(
key_handle, new_password, &mock_authorization_session_, &key_blob));
}
diff --git a/trunks_client.cc b/trunks_client.cc
index 7366d2d..ab1647c 100644
--- a/trunks_client.cc
+++ b/trunks_client.cc
@@ -141,10 +141,12 @@
}
trunks::ScopedKeyHandle scoped_key(factory, decrypt_key);
std::string ciphertext;
+ session->SetEntityAuthorizationValue("decrypt");
rc = utility->AsymmetricEncrypt(scoped_key.get(),
trunks::TPM_ALG_NULL,
trunks::TPM_ALG_NULL,
"plaintext",
+ session.get(),
&ciphertext);
if (rc) {
LOG(ERROR) << "Error encrypting: " << trunks::GetErrorString(rc);
@@ -209,10 +211,12 @@
}
trunks::ScopedKeyHandle scoped_key(factory, key_handle);
std::string ciphertext;
+ session->SetEntityAuthorizationValue("import");
rc = utility->AsymmetricEncrypt(scoped_key.get(),
trunks::TPM_ALG_NULL,
trunks::TPM_ALG_NULL,
"plaintext",
+ session.get(),
&ciphertext);
if (rc) {
LOG(ERROR) << "Error encrypting: " << trunks::GetErrorString(rc);
@@ -285,10 +289,12 @@
trunks::ScopedKeyHandle scoped_key(factory, key_handle);
std::string ciphertext;
+ session->SetEntityAuthorizationValue("new_pass");
rc = utility->AsymmetricEncrypt(scoped_key.get(),
trunks::TPM_ALG_NULL,
trunks::TPM_ALG_NULL,
"plaintext",
+ session.get(),
&ciphertext);
if (rc) {
LOG(ERROR) << "Error encrypting: " << trunks::GetErrorString(rc);
diff --git a/trunks_factory_for_test.cc b/trunks_factory_for_test.cc
index ef489f6..8fedeaf 100644
--- a/trunks_factory_for_test.cc
+++ b/trunks_factory_for_test.cc
@@ -88,16 +88,21 @@
lockout_password);
}
- TPM_RC StirRandom(const std::string& entropy_data) override {
- return target_->StirRandom(entropy_data);
+ TPM_RC StirRandom(const std::string& entropy_data,
+ AuthorizationSession* session) override {
+ return target_->StirRandom(entropy_data, session);
}
- TPM_RC GenerateRandom(size_t num_bytes, std::string* random_data) override {
- return target_->GenerateRandom(num_bytes, random_data);
+ TPM_RC GenerateRandom(size_t num_bytes,
+ AuthorizationSession* session,
+ std::string* random_data) override {
+ return target_->GenerateRandom(num_bytes, session, random_data);
}
- TPM_RC ExtendPCR(int pcr_index, const std::string& extend_data) override {
- return target_->ExtendPCR(pcr_index, extend_data);
+ TPM_RC ExtendPCR(int pcr_index,
+ const std::string& extend_data,
+ AuthorizationSession* session) override {
+ return target_->ExtendPCR(pcr_index, extend_data, session);
}
TPM_RC ReadPCR(int pcr_index, std::string* pcr_value) override {
@@ -108,11 +113,13 @@
TPM_ALG_ID scheme,
TPM_ALG_ID hash_alg,
const std::string& plaintext,
+ AuthorizationSession* session,
std::string* ciphertext) override {
return target_->AsymmetricEncrypt(key_handle,
scheme,
hash_alg,
plaintext,
+ session,
ciphertext);
}
@@ -203,7 +210,7 @@
}
TPM_RC GetKeyPublicArea(TPM_HANDLE handle,
- TPM2B_PUBLIC* public_data) override {
+ TPMT_PUBLIC* public_data) override {
return target_->GetKeyPublicArea(handle, public_data);
}