1 // 2 // Copyright (C) 2015 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 // THIS CODE IS GENERATED - DO NOT MODIFY! 18 19 #include "trunks/tpm_generated.h" 20 21 #include <string> 22 23 #include <base/bind.h> 24 #include <base/callback.h> 25 #include <base/logging.h> 26 #include <base/macros.h> 27 #include <base/stl_util.h> 28 #include <base/strings/string_number_conversions.h> 29 #include <base/sys_byteorder.h> 30 #include <crypto/secure_hash.h> 31 32 #include "trunks/authorization_delegate.h" 33 #include "trunks/command_transceiver.h" 34 #include "trunks/error_codes.h" 35 36 37 namespace trunks { 38 39 size_t GetNumberOfRequestHandles(TPM_CC command_code) { 40 switch (command_code) { 41 case TPM_CC_Startup: return 0; 42 case TPM_CC_Shutdown: return 0; 43 case TPM_CC_SelfTest: return 0; 44 case TPM_CC_IncrementalSelfTest: return 0; 45 case TPM_CC_GetTestResult: return 0; 46 case TPM_CC_StartAuthSession: return 2; 47 case TPM_CC_PolicyRestart: return 1; 48 case TPM_CC_Create: return 1; 49 case TPM_CC_Load: return 1; 50 case TPM_CC_LoadExternal: return 0; 51 case TPM_CC_ReadPublic: return 1; 52 case TPM_CC_ActivateCredential: return 2; 53 case TPM_CC_MakeCredential: return 1; 54 case TPM_CC_Unseal: return 1; 55 case TPM_CC_ObjectChangeAuth: return 2; 56 case TPM_CC_Duplicate: return 2; 57 case TPM_CC_Rewrap: return 2; 58 case TPM_CC_Import: return 1; 59 case TPM_CC_RSA_Encrypt: return 1; 60 case TPM_CC_RSA_Decrypt: return 1; 61 case TPM_CC_ECDH_KeyGen: return 1; 62 case TPM_CC_ECDH_ZGen: return 1; 63 case TPM_CC_ECC_Parameters: return 0; 64 case TPM_CC_ZGen_2Phase: return 1; 65 case TPM_CC_EncryptDecrypt: return 1; 66 case TPM_CC_Hash: return 0; 67 case TPM_CC_HMAC: return 1; 68 case TPM_CC_GetRandom: return 0; 69 case TPM_CC_StirRandom: return 0; 70 case TPM_CC_HMAC_Start: return 1; 71 case TPM_CC_HashSequenceStart: return 0; 72 case TPM_CC_SequenceUpdate: return 1; 73 case TPM_CC_SequenceComplete: return 1; 74 case TPM_CC_EventSequenceComplete: return 2; 75 case TPM_CC_Certify: return 2; 76 case TPM_CC_CertifyCreation: return 2; 77 case TPM_CC_Quote: return 1; 78 case TPM_CC_GetSessionAuditDigest: return 3; 79 case TPM_CC_GetCommandAuditDigest: return 2; 80 case TPM_CC_GetTime: return 2; 81 case TPM_CC_Commit: return 1; 82 case TPM_CC_EC_Ephemeral: return 0; 83 case TPM_CC_VerifySignature: return 1; 84 case TPM_CC_Sign: return 1; 85 case TPM_CC_SetCommandCodeAuditStatus: return 1; 86 case TPM_CC_PCR_Extend: return 1; 87 case TPM_CC_PCR_Event: return 1; 88 case TPM_CC_PCR_Read: return 0; 89 case TPM_CC_PCR_Allocate: return 1; 90 case TPM_CC_PCR_SetAuthPolicy: return 2; 91 case TPM_CC_PCR_SetAuthValue: return 1; 92 case TPM_CC_PCR_Reset: return 1; 93 case TPM_CC_PolicySigned: return 2; 94 case TPM_CC_PolicySecret: return 2; 95 case TPM_CC_PolicyTicket: return 1; 96 case TPM_CC_PolicyOR: return 1; 97 case TPM_CC_PolicyPCR: return 1; 98 case TPM_CC_PolicyLocality: return 1; 99 case TPM_CC_PolicyNV: return 3; 100 case TPM_CC_PolicyCounterTimer: return 1; 101 case TPM_CC_PolicyCommandCode: return 1; 102 case TPM_CC_PolicyPhysicalPresence: return 1; 103 case TPM_CC_PolicyCpHash: return 1; 104 case TPM_CC_PolicyNameHash: return 1; 105 case TPM_CC_PolicyDuplicationSelect: return 1; 106 case TPM_CC_PolicyAuthorize: return 1; 107 case TPM_CC_PolicyAuthValue: return 1; 108 case TPM_CC_PolicyPassword: return 1; 109 case TPM_CC_PolicyGetDigest: return 1; 110 case TPM_CC_PolicyNvWritten: return 1; 111 case TPM_CC_CreatePrimary: return 1; 112 case TPM_CC_HierarchyControl: return 1; 113 case TPM_CC_SetPrimaryPolicy: return 1; 114 case TPM_CC_ChangePPS: return 1; 115 case TPM_CC_ChangeEPS: return 1; 116 case TPM_CC_Clear: return 1; 117 case TPM_CC_ClearControl: return 1; 118 case TPM_CC_HierarchyChangeAuth: return 1; 119 case TPM_CC_DictionaryAttackLockReset: return 1; 120 case TPM_CC_DictionaryAttackParameters: return 1; 121 case TPM_CC_PP_Commands: return 1; 122 case TPM_CC_SetAlgorithmSet: return 1; 123 case TPM_CC_FieldUpgradeStart: return 2; 124 case TPM_CC_FieldUpgradeData: return 0; 125 case TPM_CC_FirmwareRead: return 0; 126 case TPM_CC_ContextSave: return 1; 127 case TPM_CC_ContextLoad: return 0; 128 case TPM_CC_FlushContext: return 0; 129 case TPM_CC_EvictControl: return 2; 130 case TPM_CC_ReadClock: return 0; 131 case TPM_CC_ClockSet: return 1; 132 case TPM_CC_ClockRateAdjust: return 1; 133 case TPM_CC_GetCapability: return 0; 134 case TPM_CC_TestParms: return 0; 135 case TPM_CC_NV_DefineSpace: return 1; 136 case TPM_CC_NV_UndefineSpace: return 2; 137 case TPM_CC_NV_UndefineSpaceSpecial: return 2; 138 case TPM_CC_NV_ReadPublic: return 1; 139 case TPM_CC_NV_Write: return 2; 140 case TPM_CC_NV_Increment: return 2; 141 case TPM_CC_NV_Extend: return 2; 142 case TPM_CC_NV_SetBits: return 2; 143 case TPM_CC_NV_WriteLock: return 2; 144 case TPM_CC_NV_GlobalWriteLock: return 1; 145 case TPM_CC_NV_Read: return 2; 146 case TPM_CC_NV_ReadLock: return 2; 147 case TPM_CC_NV_ChangeAuth: return 1; 148 case TPM_CC_NV_Certify: return 3; 149 default: LOG(WARNING) << "Unknown command code: " << command_code; 150 } 151 return 0; 152 } 153 154 size_t GetNumberOfResponseHandles(TPM_CC command_code) { 155 switch (command_code) { 156 case TPM_CC_Startup: return 0; 157 case TPM_CC_Shutdown: return 0; 158 case TPM_CC_SelfTest: return 0; 159 case TPM_CC_IncrementalSelfTest: return 0; 160 case TPM_CC_GetTestResult: return 0; 161 case TPM_CC_StartAuthSession: return 1; 162 case TPM_CC_PolicyRestart: return 0; 163 case TPM_CC_Create: return 0; 164 case TPM_CC_Load: return 1; 165 case TPM_CC_LoadExternal: return 1; 166 case TPM_CC_ReadPublic: return 0; 167 case TPM_CC_ActivateCredential: return 0; 168 case TPM_CC_MakeCredential: return 0; 169 case TPM_CC_Unseal: return 0; 170 case TPM_CC_ObjectChangeAuth: return 0; 171 case TPM_CC_Duplicate: return 0; 172 case TPM_CC_Rewrap: return 0; 173 case TPM_CC_Import: return 0; 174 case TPM_CC_RSA_Encrypt: return 0; 175 case TPM_CC_RSA_Decrypt: return 0; 176 case TPM_CC_ECDH_KeyGen: return 0; 177 case TPM_CC_ECDH_ZGen: return 0; 178 case TPM_CC_ECC_Parameters: return 0; 179 case TPM_CC_ZGen_2Phase: return 0; 180 case TPM_CC_EncryptDecrypt: return 0; 181 case TPM_CC_Hash: return 0; 182 case TPM_CC_HMAC: return 0; 183 case TPM_CC_GetRandom: return 0; 184 case TPM_CC_StirRandom: return 0; 185 case TPM_CC_HMAC_Start: return 1; 186 case TPM_CC_HashSequenceStart: return 1; 187 case TPM_CC_SequenceUpdate: return 0; 188 case TPM_CC_SequenceComplete: return 0; 189 case TPM_CC_EventSequenceComplete: return 0; 190 case TPM_CC_Certify: return 0; 191 case TPM_CC_CertifyCreation: return 0; 192 case TPM_CC_Quote: return 0; 193 case TPM_CC_GetSessionAuditDigest: return 0; 194 case TPM_CC_GetCommandAuditDigest: return 0; 195 case TPM_CC_GetTime: return 0; 196 case TPM_CC_Commit: return 0; 197 case TPM_CC_EC_Ephemeral: return 0; 198 case TPM_CC_VerifySignature: return 0; 199 case TPM_CC_Sign: return 0; 200 case TPM_CC_SetCommandCodeAuditStatus: return 0; 201 case TPM_CC_PCR_Extend: return 0; 202 case TPM_CC_PCR_Event: return 0; 203 case TPM_CC_PCR_Read: return 0; 204 case TPM_CC_PCR_Allocate: return 0; 205 case TPM_CC_PCR_SetAuthPolicy: return 0; 206 case TPM_CC_PCR_SetAuthValue: return 0; 207 case TPM_CC_PCR_Reset: return 0; 208 case TPM_CC_PolicySigned: return 0; 209 case TPM_CC_PolicySecret: return 0; 210 case TPM_CC_PolicyTicket: return 0; 211 case TPM_CC_PolicyOR: return 0; 212 case TPM_CC_PolicyPCR: return 0; 213 case TPM_CC_PolicyLocality: return 0; 214 case TPM_CC_PolicyNV: return 0; 215 case TPM_CC_PolicyCounterTimer: return 0; 216 case TPM_CC_PolicyCommandCode: return 0; 217 case TPM_CC_PolicyPhysicalPresence: return 0; 218 case TPM_CC_PolicyCpHash: return 0; 219 case TPM_CC_PolicyNameHash: return 0; 220 case TPM_CC_PolicyDuplicationSelect: return 0; 221 case TPM_CC_PolicyAuthorize: return 0; 222 case TPM_CC_PolicyAuthValue: return 0; 223 case TPM_CC_PolicyPassword: return 0; 224 case TPM_CC_PolicyGetDigest: return 0; 225 case TPM_CC_PolicyNvWritten: return 0; 226 case TPM_CC_CreatePrimary: return 1; 227 case TPM_CC_HierarchyControl: return 0; 228 case TPM_CC_SetPrimaryPolicy: return 0; 229 case TPM_CC_ChangePPS: return 0; 230 case TPM_CC_ChangeEPS: return 0; 231 case TPM_CC_Clear: return 0; 232 case TPM_CC_ClearControl: return 0; 233 case TPM_CC_HierarchyChangeAuth: return 0; 234 case TPM_CC_DictionaryAttackLockReset: return 0; 235 case TPM_CC_DictionaryAttackParameters: return 0; 236 case TPM_CC_PP_Commands: return 0; 237 case TPM_CC_SetAlgorithmSet: return 0; 238 case TPM_CC_FieldUpgradeStart: return 0; 239 case TPM_CC_FieldUpgradeData: return 0; 240 case TPM_CC_FirmwareRead: return 0; 241 case TPM_CC_ContextSave: return 0; 242 case TPM_CC_ContextLoad: return 1; 243 case TPM_CC_FlushContext: return 0; 244 case TPM_CC_EvictControl: return 0; 245 case TPM_CC_ReadClock: return 0; 246 case TPM_CC_ClockSet: return 0; 247 case TPM_CC_ClockRateAdjust: return 0; 248 case TPM_CC_GetCapability: return 0; 249 case TPM_CC_TestParms: return 0; 250 case TPM_CC_NV_DefineSpace: return 0; 251 case TPM_CC_NV_UndefineSpace: return 0; 252 case TPM_CC_NV_UndefineSpaceSpecial: return 0; 253 case TPM_CC_NV_ReadPublic: return 0; 254 case TPM_CC_NV_Write: return 0; 255 case TPM_CC_NV_Increment: return 0; 256 case TPM_CC_NV_Extend: return 0; 257 case TPM_CC_NV_SetBits: return 0; 258 case TPM_CC_NV_WriteLock: return 0; 259 case TPM_CC_NV_GlobalWriteLock: return 0; 260 case TPM_CC_NV_Read: return 0; 261 case TPM_CC_NV_ReadLock: return 0; 262 case TPM_CC_NV_ChangeAuth: return 0; 263 case TPM_CC_NV_Certify: return 0; 264 default: LOG(WARNING) << "Unknown command code: " << command_code; 265 } 266 return 0; 267 } 268 269 TPM_RC Serialize_uint8_t(const uint8_t& value, std::string* buffer) { 270 VLOG(3) << __func__; 271 uint8_t value_net = value; 272 switch (sizeof(uint8_t)) { 273 case 2: 274 value_net = base::HostToNet16(value); 275 break; 276 case 4: 277 value_net = base::HostToNet32(value); 278 break; 279 case 8: 280 value_net = base::HostToNet64(value); 281 break; 282 default: 283 break; 284 } 285 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 286 buffer->append(value_bytes, sizeof(uint8_t)); 287 return TPM_RC_SUCCESS; 288 } 289 290 TPM_RC Parse_uint8_t( 291 std::string* buffer, 292 uint8_t* value, 293 std::string* value_bytes) { 294 VLOG(3) << __func__; 295 if (buffer->size() < sizeof(uint8_t)) 296 return TPM_RC_INSUFFICIENT; 297 uint8_t value_net = 0; 298 memcpy(&value_net, buffer->data(), sizeof(uint8_t)); 299 switch (sizeof(uint8_t)) { 300 case 2: 301 *value = base::NetToHost16(value_net); 302 break; 303 case 4: 304 *value = base::NetToHost32(value_net); 305 break; 306 case 8: 307 *value = base::NetToHost64(value_net); 308 break; 309 default: 310 *value = value_net; 311 } 312 if (value_bytes) { 313 value_bytes->append(buffer->substr(0, sizeof(uint8_t))); 314 } 315 buffer->erase(0, sizeof(uint8_t)); 316 return TPM_RC_SUCCESS; 317 } 318 319 TPM_RC Serialize_int8_t(const int8_t& value, std::string* buffer) { 320 VLOG(3) << __func__; 321 int8_t value_net = value; 322 switch (sizeof(int8_t)) { 323 case 2: 324 value_net = base::HostToNet16(value); 325 break; 326 case 4: 327 value_net = base::HostToNet32(value); 328 break; 329 case 8: 330 value_net = base::HostToNet64(value); 331 break; 332 default: 333 break; 334 } 335 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 336 buffer->append(value_bytes, sizeof(int8_t)); 337 return TPM_RC_SUCCESS; 338 } 339 340 TPM_RC Parse_int8_t( 341 std::string* buffer, 342 int8_t* value, 343 std::string* value_bytes) { 344 VLOG(3) << __func__; 345 if (buffer->size() < sizeof(int8_t)) 346 return TPM_RC_INSUFFICIENT; 347 int8_t value_net = 0; 348 memcpy(&value_net, buffer->data(), sizeof(int8_t)); 349 switch (sizeof(int8_t)) { 350 case 2: 351 *value = base::NetToHost16(value_net); 352 break; 353 case 4: 354 *value = base::NetToHost32(value_net); 355 break; 356 case 8: 357 *value = base::NetToHost64(value_net); 358 break; 359 default: 360 *value = value_net; 361 } 362 if (value_bytes) { 363 value_bytes->append(buffer->substr(0, sizeof(int8_t))); 364 } 365 buffer->erase(0, sizeof(int8_t)); 366 return TPM_RC_SUCCESS; 367 } 368 369 TPM_RC Serialize_int(const int& value, std::string* buffer) { 370 VLOG(3) << __func__; 371 int value_net = value; 372 switch (sizeof(int)) { 373 case 2: 374 value_net = base::HostToNet16(value); 375 break; 376 case 4: 377 value_net = base::HostToNet32(value); 378 break; 379 case 8: 380 value_net = base::HostToNet64(value); 381 break; 382 default: 383 break; 384 } 385 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 386 buffer->append(value_bytes, sizeof(int)); 387 return TPM_RC_SUCCESS; 388 } 389 390 TPM_RC Parse_int( 391 std::string* buffer, 392 int* value, 393 std::string* value_bytes) { 394 VLOG(3) << __func__; 395 if (buffer->size() < sizeof(int)) 396 return TPM_RC_INSUFFICIENT; 397 int value_net = 0; 398 memcpy(&value_net, buffer->data(), sizeof(int)); 399 switch (sizeof(int)) { 400 case 2: 401 *value = base::NetToHost16(value_net); 402 break; 403 case 4: 404 *value = base::NetToHost32(value_net); 405 break; 406 case 8: 407 *value = base::NetToHost64(value_net); 408 break; 409 default: 410 *value = value_net; 411 } 412 if (value_bytes) { 413 value_bytes->append(buffer->substr(0, sizeof(int))); 414 } 415 buffer->erase(0, sizeof(int)); 416 return TPM_RC_SUCCESS; 417 } 418 419 TPM_RC Serialize_uint16_t(const uint16_t& value, std::string* buffer) { 420 VLOG(3) << __func__; 421 uint16_t value_net = value; 422 switch (sizeof(uint16_t)) { 423 case 2: 424 value_net = base::HostToNet16(value); 425 break; 426 case 4: 427 value_net = base::HostToNet32(value); 428 break; 429 case 8: 430 value_net = base::HostToNet64(value); 431 break; 432 default: 433 break; 434 } 435 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 436 buffer->append(value_bytes, sizeof(uint16_t)); 437 return TPM_RC_SUCCESS; 438 } 439 440 TPM_RC Parse_uint16_t( 441 std::string* buffer, 442 uint16_t* value, 443 std::string* value_bytes) { 444 VLOG(3) << __func__; 445 if (buffer->size() < sizeof(uint16_t)) 446 return TPM_RC_INSUFFICIENT; 447 uint16_t value_net = 0; 448 memcpy(&value_net, buffer->data(), sizeof(uint16_t)); 449 switch (sizeof(uint16_t)) { 450 case 2: 451 *value = base::NetToHost16(value_net); 452 break; 453 case 4: 454 *value = base::NetToHost32(value_net); 455 break; 456 case 8: 457 *value = base::NetToHost64(value_net); 458 break; 459 default: 460 *value = value_net; 461 } 462 if (value_bytes) { 463 value_bytes->append(buffer->substr(0, sizeof(uint16_t))); 464 } 465 buffer->erase(0, sizeof(uint16_t)); 466 return TPM_RC_SUCCESS; 467 } 468 469 TPM_RC Serialize_int16_t(const int16_t& value, std::string* buffer) { 470 VLOG(3) << __func__; 471 int16_t value_net = value; 472 switch (sizeof(int16_t)) { 473 case 2: 474 value_net = base::HostToNet16(value); 475 break; 476 case 4: 477 value_net = base::HostToNet32(value); 478 break; 479 case 8: 480 value_net = base::HostToNet64(value); 481 break; 482 default: 483 break; 484 } 485 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 486 buffer->append(value_bytes, sizeof(int16_t)); 487 return TPM_RC_SUCCESS; 488 } 489 490 TPM_RC Parse_int16_t( 491 std::string* buffer, 492 int16_t* value, 493 std::string* value_bytes) { 494 VLOG(3) << __func__; 495 if (buffer->size() < sizeof(int16_t)) 496 return TPM_RC_INSUFFICIENT; 497 int16_t value_net = 0; 498 memcpy(&value_net, buffer->data(), sizeof(int16_t)); 499 switch (sizeof(int16_t)) { 500 case 2: 501 *value = base::NetToHost16(value_net); 502 break; 503 case 4: 504 *value = base::NetToHost32(value_net); 505 break; 506 case 8: 507 *value = base::NetToHost64(value_net); 508 break; 509 default: 510 *value = value_net; 511 } 512 if (value_bytes) { 513 value_bytes->append(buffer->substr(0, sizeof(int16_t))); 514 } 515 buffer->erase(0, sizeof(int16_t)); 516 return TPM_RC_SUCCESS; 517 } 518 519 TPM_RC Serialize_uint32_t(const uint32_t& value, std::string* buffer) { 520 VLOG(3) << __func__; 521 uint32_t value_net = value; 522 switch (sizeof(uint32_t)) { 523 case 2: 524 value_net = base::HostToNet16(value); 525 break; 526 case 4: 527 value_net = base::HostToNet32(value); 528 break; 529 case 8: 530 value_net = base::HostToNet64(value); 531 break; 532 default: 533 break; 534 } 535 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 536 buffer->append(value_bytes, sizeof(uint32_t)); 537 return TPM_RC_SUCCESS; 538 } 539 540 TPM_RC Parse_uint32_t( 541 std::string* buffer, 542 uint32_t* value, 543 std::string* value_bytes) { 544 VLOG(3) << __func__; 545 if (buffer->size() < sizeof(uint32_t)) 546 return TPM_RC_INSUFFICIENT; 547 uint32_t value_net = 0; 548 memcpy(&value_net, buffer->data(), sizeof(uint32_t)); 549 switch (sizeof(uint32_t)) { 550 case 2: 551 *value = base::NetToHost16(value_net); 552 break; 553 case 4: 554 *value = base::NetToHost32(value_net); 555 break; 556 case 8: 557 *value = base::NetToHost64(value_net); 558 break; 559 default: 560 *value = value_net; 561 } 562 if (value_bytes) { 563 value_bytes->append(buffer->substr(0, sizeof(uint32_t))); 564 } 565 buffer->erase(0, sizeof(uint32_t)); 566 return TPM_RC_SUCCESS; 567 } 568 569 TPM_RC Serialize_int32_t(const int32_t& value, std::string* buffer) { 570 VLOG(3) << __func__; 571 int32_t value_net = value; 572 switch (sizeof(int32_t)) { 573 case 2: 574 value_net = base::HostToNet16(value); 575 break; 576 case 4: 577 value_net = base::HostToNet32(value); 578 break; 579 case 8: 580 value_net = base::HostToNet64(value); 581 break; 582 default: 583 break; 584 } 585 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 586 buffer->append(value_bytes, sizeof(int32_t)); 587 return TPM_RC_SUCCESS; 588 } 589 590 TPM_RC Parse_int32_t( 591 std::string* buffer, 592 int32_t* value, 593 std::string* value_bytes) { 594 VLOG(3) << __func__; 595 if (buffer->size() < sizeof(int32_t)) 596 return TPM_RC_INSUFFICIENT; 597 int32_t value_net = 0; 598 memcpy(&value_net, buffer->data(), sizeof(int32_t)); 599 switch (sizeof(int32_t)) { 600 case 2: 601 *value = base::NetToHost16(value_net); 602 break; 603 case 4: 604 *value = base::NetToHost32(value_net); 605 break; 606 case 8: 607 *value = base::NetToHost64(value_net); 608 break; 609 default: 610 *value = value_net; 611 } 612 if (value_bytes) { 613 value_bytes->append(buffer->substr(0, sizeof(int32_t))); 614 } 615 buffer->erase(0, sizeof(int32_t)); 616 return TPM_RC_SUCCESS; 617 } 618 619 TPM_RC Serialize_uint64_t(const uint64_t& value, std::string* buffer) { 620 VLOG(3) << __func__; 621 uint64_t value_net = value; 622 switch (sizeof(uint64_t)) { 623 case 2: 624 value_net = base::HostToNet16(value); 625 break; 626 case 4: 627 value_net = base::HostToNet32(value); 628 break; 629 case 8: 630 value_net = base::HostToNet64(value); 631 break; 632 default: 633 break; 634 } 635 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 636 buffer->append(value_bytes, sizeof(uint64_t)); 637 return TPM_RC_SUCCESS; 638 } 639 640 TPM_RC Parse_uint64_t( 641 std::string* buffer, 642 uint64_t* value, 643 std::string* value_bytes) { 644 VLOG(3) << __func__; 645 if (buffer->size() < sizeof(uint64_t)) 646 return TPM_RC_INSUFFICIENT; 647 uint64_t value_net = 0; 648 memcpy(&value_net, buffer->data(), sizeof(uint64_t)); 649 switch (sizeof(uint64_t)) { 650 case 2: 651 *value = base::NetToHost16(value_net); 652 break; 653 case 4: 654 *value = base::NetToHost32(value_net); 655 break; 656 case 8: 657 *value = base::NetToHost64(value_net); 658 break; 659 default: 660 *value = value_net; 661 } 662 if (value_bytes) { 663 value_bytes->append(buffer->substr(0, sizeof(uint64_t))); 664 } 665 buffer->erase(0, sizeof(uint64_t)); 666 return TPM_RC_SUCCESS; 667 } 668 669 TPM_RC Serialize_int64_t(const int64_t& value, std::string* buffer) { 670 VLOG(3) << __func__; 671 int64_t value_net = value; 672 switch (sizeof(int64_t)) { 673 case 2: 674 value_net = base::HostToNet16(value); 675 break; 676 case 4: 677 value_net = base::HostToNet32(value); 678 break; 679 case 8: 680 value_net = base::HostToNet64(value); 681 break; 682 default: 683 break; 684 } 685 const char* value_bytes = reinterpret_cast<const char*>(&value_net); 686 buffer->append(value_bytes, sizeof(int64_t)); 687 return TPM_RC_SUCCESS; 688 } 689 690 TPM_RC Parse_int64_t( 691 std::string* buffer, 692 int64_t* value, 693 std::string* value_bytes) { 694 VLOG(3) << __func__; 695 if (buffer->size() < sizeof(int64_t)) 696 return TPM_RC_INSUFFICIENT; 697 int64_t value_net = 0; 698 memcpy(&value_net, buffer->data(), sizeof(int64_t)); 699 switch (sizeof(int64_t)) { 700 case 2: 701 *value = base::NetToHost16(value_net); 702 break; 703 case 4: 704 *value = base::NetToHost32(value_net); 705 break; 706 case 8: 707 *value = base::NetToHost64(value_net); 708 break; 709 default: 710 *value = value_net; 711 } 712 if (value_bytes) { 713 value_bytes->append(buffer->substr(0, sizeof(int64_t))); 714 } 715 buffer->erase(0, sizeof(int64_t)); 716 return TPM_RC_SUCCESS; 717 } 718 719 TPM_RC Serialize_UINT8( 720 const UINT8& value, 721 std::string* buffer) { 722 VLOG(3) << __func__; 723 return Serialize_uint8_t(value, buffer); 724 } 725 726 TPM_RC Parse_UINT8( 727 std::string* buffer, 728 UINT8* value, 729 std::string* value_bytes) { 730 VLOG(3) << __func__; 731 return Parse_uint8_t(buffer, value, value_bytes); 732 } 733 734 TPM_RC Serialize_BYTE( 735 const BYTE& value, 736 std::string* buffer) { 737 VLOG(3) << __func__; 738 return Serialize_uint8_t(value, buffer); 739 } 740 741 TPM_RC Parse_BYTE( 742 std::string* buffer, 743 BYTE* value, 744 std::string* value_bytes) { 745 VLOG(3) << __func__; 746 return Parse_uint8_t(buffer, value, value_bytes); 747 } 748 749 TPM_RC Serialize_INT8( 750 const INT8& value, 751 std::string* buffer) { 752 VLOG(3) << __func__; 753 return Serialize_int8_t(value, buffer); 754 } 755 756 TPM_RC Parse_INT8( 757 std::string* buffer, 758 INT8* value, 759 std::string* value_bytes) { 760 VLOG(3) << __func__; 761 return Parse_int8_t(buffer, value, value_bytes); 762 } 763 764 TPM_RC Serialize_BOOL( 765 const BOOL& value, 766 std::string* buffer) { 767 VLOG(3) << __func__; 768 return Serialize_int(value, buffer); 769 } 770 771 TPM_RC Parse_BOOL( 772 std::string* buffer, 773 BOOL* value, 774 std::string* value_bytes) { 775 VLOG(3) << __func__; 776 return Parse_int(buffer, value, value_bytes); 777 } 778 779 TPM_RC Serialize_UINT16( 780 const UINT16& value, 781 std::string* buffer) { 782 VLOG(3) << __func__; 783 return Serialize_uint16_t(value, buffer); 784 } 785 786 TPM_RC Parse_UINT16( 787 std::string* buffer, 788 UINT16* value, 789 std::string* value_bytes) { 790 VLOG(3) << __func__; 791 return Parse_uint16_t(buffer, value, value_bytes); 792 } 793 794 TPM_RC Serialize_INT16( 795 const INT16& value, 796 std::string* buffer) { 797 VLOG(3) << __func__; 798 return Serialize_int16_t(value, buffer); 799 } 800 801 TPM_RC Parse_INT16( 802 std::string* buffer, 803 INT16* value, 804 std::string* value_bytes) { 805 VLOG(3) << __func__; 806 return Parse_int16_t(buffer, value, value_bytes); 807 } 808 809 TPM_RC Serialize_UINT32( 810 const UINT32& value, 811 std::string* buffer) { 812 VLOG(3) << __func__; 813 return Serialize_uint32_t(value, buffer); 814 } 815 816 TPM_RC Parse_UINT32( 817 std::string* buffer, 818 UINT32* value, 819 std::string* value_bytes) { 820 VLOG(3) << __func__; 821 return Parse_uint32_t(buffer, value, value_bytes); 822 } 823 824 TPM_RC Serialize_INT32( 825 const INT32& value, 826 std::string* buffer) { 827 VLOG(3) << __func__; 828 return Serialize_int32_t(value, buffer); 829 } 830 831 TPM_RC Parse_INT32( 832 std::string* buffer, 833 INT32* value, 834 std::string* value_bytes) { 835 VLOG(3) << __func__; 836 return Parse_int32_t(buffer, value, value_bytes); 837 } 838 839 TPM_RC Serialize_UINT64( 840 const UINT64& value, 841 std::string* buffer) { 842 VLOG(3) << __func__; 843 return Serialize_uint64_t(value, buffer); 844 } 845 846 TPM_RC Parse_UINT64( 847 std::string* buffer, 848 UINT64* value, 849 std::string* value_bytes) { 850 VLOG(3) << __func__; 851 return Parse_uint64_t(buffer, value, value_bytes); 852 } 853 854 TPM_RC Serialize_INT64( 855 const INT64& value, 856 std::string* buffer) { 857 VLOG(3) << __func__; 858 return Serialize_int64_t(value, buffer); 859 } 860 861 TPM_RC Parse_INT64( 862 std::string* buffer, 863 INT64* value, 864 std::string* value_bytes) { 865 VLOG(3) << __func__; 866 return Parse_int64_t(buffer, value, value_bytes); 867 } 868 869 TPM_RC Serialize_TPM_ALGORITHM_ID( 870 const TPM_ALGORITHM_ID& value, 871 std::string* buffer) { 872 VLOG(3) << __func__; 873 return Serialize_UINT32(value, buffer); 874 } 875 876 TPM_RC Parse_TPM_ALGORITHM_ID( 877 std::string* buffer, 878 TPM_ALGORITHM_ID* value, 879 std::string* value_bytes) { 880 VLOG(3) << __func__; 881 return Parse_UINT32(buffer, value, value_bytes); 882 } 883 884 TPM_RC Serialize_TPM_MODIFIER_INDICATOR( 885 const TPM_MODIFIER_INDICATOR& value, 886 std::string* buffer) { 887 VLOG(3) << __func__; 888 return Serialize_UINT32(value, buffer); 889 } 890 891 TPM_RC Parse_TPM_MODIFIER_INDICATOR( 892 std::string* buffer, 893 TPM_MODIFIER_INDICATOR* value, 894 std::string* value_bytes) { 895 VLOG(3) << __func__; 896 return Parse_UINT32(buffer, value, value_bytes); 897 } 898 899 TPM_RC Serialize_TPM_AUTHORIZATION_SIZE( 900 const TPM_AUTHORIZATION_SIZE& value, 901 std::string* buffer) { 902 VLOG(3) << __func__; 903 return Serialize_UINT32(value, buffer); 904 } 905 906 TPM_RC Parse_TPM_AUTHORIZATION_SIZE( 907 std::string* buffer, 908 TPM_AUTHORIZATION_SIZE* value, 909 std::string* value_bytes) { 910 VLOG(3) << __func__; 911 return Parse_UINT32(buffer, value, value_bytes); 912 } 913 914 TPM_RC Serialize_TPM_PARAMETER_SIZE( 915 const TPM_PARAMETER_SIZE& value, 916 std::string* buffer) { 917 VLOG(3) << __func__; 918 return Serialize_UINT32(value, buffer); 919 } 920 921 TPM_RC Parse_TPM_PARAMETER_SIZE( 922 std::string* buffer, 923 TPM_PARAMETER_SIZE* value, 924 std::string* value_bytes) { 925 VLOG(3) << __func__; 926 return Parse_UINT32(buffer, value, value_bytes); 927 } 928 929 TPM_RC Serialize_TPM_KEY_SIZE( 930 const TPM_KEY_SIZE& value, 931 std::string* buffer) { 932 VLOG(3) << __func__; 933 return Serialize_UINT16(value, buffer); 934 } 935 936 TPM_RC Parse_TPM_KEY_SIZE( 937 std::string* buffer, 938 TPM_KEY_SIZE* value, 939 std::string* value_bytes) { 940 VLOG(3) << __func__; 941 return Parse_UINT16(buffer, value, value_bytes); 942 } 943 944 TPM_RC Serialize_TPM_KEY_BITS( 945 const TPM_KEY_BITS& value, 946 std::string* buffer) { 947 VLOG(3) << __func__; 948 return Serialize_UINT16(value, buffer); 949 } 950 951 TPM_RC Parse_TPM_KEY_BITS( 952 std::string* buffer, 953 TPM_KEY_BITS* value, 954 std::string* value_bytes) { 955 VLOG(3) << __func__; 956 return Parse_UINT16(buffer, value, value_bytes); 957 } 958 959 TPM_RC Serialize_TPM_HANDLE( 960 const TPM_HANDLE& value, 961 std::string* buffer) { 962 VLOG(3) << __func__; 963 return Serialize_UINT32(value, buffer); 964 } 965 966 TPM_RC Parse_TPM_HANDLE( 967 std::string* buffer, 968 TPM_HANDLE* value, 969 std::string* value_bytes) { 970 VLOG(3) << __func__; 971 return Parse_UINT32(buffer, value, value_bytes); 972 } 973 974 TPM_RC Serialize_TPM2B_DIGEST( 975 const TPM2B_DIGEST& value, 976 std::string* buffer) { 977 TPM_RC result = TPM_RC_SUCCESS; 978 VLOG(3) << __func__; 979 980 result = Serialize_UINT16(value.size, buffer); 981 if (result) { 982 return result; 983 } 984 985 if (arraysize(value.buffer) < value.size) { 986 return TPM_RC_INSUFFICIENT; 987 } 988 for (uint32_t i = 0; i < value.size; ++i) { 989 result = Serialize_BYTE(value.buffer[i], buffer); 990 if (result) { 991 return result; 992 } 993 } 994 return result; 995 } 996 997 TPM_RC Parse_TPM2B_DIGEST( 998 std::string* buffer, 999 TPM2B_DIGEST* value, 1000 std::string* value_bytes) { 1001 TPM_RC result = TPM_RC_SUCCESS; 1002 VLOG(3) << __func__; 1003 1004 result = Parse_UINT16( 1005 buffer, 1006 &value->size, 1007 value_bytes); 1008 if (result) { 1009 return result; 1010 } 1011 1012 if (arraysize(value->buffer) < value->size) { 1013 return TPM_RC_INSUFFICIENT; 1014 } 1015 for (uint32_t i = 0; i < value->size; ++i) { 1016 result = Parse_BYTE( 1017 buffer, 1018 &value->buffer[i], 1019 value_bytes); 1020 if (result) { 1021 return result; 1022 } 1023 } 1024 return result; 1025 } 1026 1027 TPM2B_DIGEST Make_TPM2B_DIGEST( 1028 const std::string& bytes) { 1029 TPM2B_DIGEST tpm2b; 1030 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 1031 memset(&tpm2b, 0, sizeof(TPM2B_DIGEST)); 1032 tpm2b.size = bytes.size(); 1033 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 1034 return tpm2b; 1035 } 1036 1037 std::string StringFrom_TPM2B_DIGEST( 1038 const TPM2B_DIGEST& tpm2b) { 1039 const char* char_buffer = reinterpret_cast<const char*>( 1040 tpm2b.buffer); 1041 return std::string(char_buffer, tpm2b.size); 1042 } 1043 1044 TPM_RC Serialize_TPM2B_NONCE( 1045 const TPM2B_NONCE& value, 1046 std::string* buffer) { 1047 VLOG(3) << __func__; 1048 return Serialize_TPM2B_DIGEST(value, buffer); 1049 } 1050 1051 TPM_RC Parse_TPM2B_NONCE( 1052 std::string* buffer, 1053 TPM2B_NONCE* value, 1054 std::string* value_bytes) { 1055 VLOG(3) << __func__; 1056 return Parse_TPM2B_DIGEST(buffer, value, value_bytes); 1057 } 1058 1059 TPM_RC Serialize_TPM2B_AUTH( 1060 const TPM2B_AUTH& value, 1061 std::string* buffer) { 1062 VLOG(3) << __func__; 1063 return Serialize_TPM2B_DIGEST(value, buffer); 1064 } 1065 1066 TPM_RC Parse_TPM2B_AUTH( 1067 std::string* buffer, 1068 TPM2B_AUTH* value, 1069 std::string* value_bytes) { 1070 VLOG(3) << __func__; 1071 return Parse_TPM2B_DIGEST(buffer, value, value_bytes); 1072 } 1073 1074 TPM_RC Serialize_TPM2B_OPERAND( 1075 const TPM2B_OPERAND& value, 1076 std::string* buffer) { 1077 VLOG(3) << __func__; 1078 return Serialize_TPM2B_DIGEST(value, buffer); 1079 } 1080 1081 TPM_RC Parse_TPM2B_OPERAND( 1082 std::string* buffer, 1083 TPM2B_OPERAND* value, 1084 std::string* value_bytes) { 1085 VLOG(3) << __func__; 1086 return Parse_TPM2B_DIGEST(buffer, value, value_bytes); 1087 } 1088 1089 TPM_RC Serialize_TPM_ALG_ID( 1090 const TPM_ALG_ID& value, 1091 std::string* buffer) { 1092 VLOG(3) << __func__; 1093 return Serialize_UINT16(value, buffer); 1094 } 1095 1096 TPM_RC Parse_TPM_ALG_ID( 1097 std::string* buffer, 1098 TPM_ALG_ID* value, 1099 std::string* value_bytes) { 1100 VLOG(3) << __func__; 1101 return Parse_UINT16(buffer, value, value_bytes); 1102 } 1103 1104 TPM_RC Serialize_TPMI_ALG_HASH( 1105 const TPMI_ALG_HASH& value, 1106 std::string* buffer) { 1107 VLOG(3) << __func__; 1108 return Serialize_TPM_ALG_ID(value, buffer); 1109 } 1110 1111 TPM_RC Parse_TPMI_ALG_HASH( 1112 std::string* buffer, 1113 TPMI_ALG_HASH* value, 1114 std::string* value_bytes) { 1115 VLOG(3) << __func__; 1116 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1117 } 1118 1119 TPM_RC Serialize_TPMS_SCHEME_SIGHASH( 1120 const TPMS_SCHEME_SIGHASH& value, 1121 std::string* buffer) { 1122 TPM_RC result = TPM_RC_SUCCESS; 1123 VLOG(3) << __func__; 1124 1125 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 1126 if (result) { 1127 return result; 1128 } 1129 return result; 1130 } 1131 1132 TPM_RC Parse_TPMS_SCHEME_SIGHASH( 1133 std::string* buffer, 1134 TPMS_SCHEME_SIGHASH* value, 1135 std::string* value_bytes) { 1136 TPM_RC result = TPM_RC_SUCCESS; 1137 VLOG(3) << __func__; 1138 1139 result = Parse_TPMI_ALG_HASH( 1140 buffer, 1141 &value->hash_alg, 1142 value_bytes); 1143 if (result) { 1144 return result; 1145 } 1146 return result; 1147 } 1148 1149 TPM_RC Serialize_TPMS_SCHEME_HMAC( 1150 const TPMS_SCHEME_HMAC& value, 1151 std::string* buffer) { 1152 VLOG(3) << __func__; 1153 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1154 } 1155 1156 TPM_RC Parse_TPMS_SCHEME_HMAC( 1157 std::string* buffer, 1158 TPMS_SCHEME_HMAC* value, 1159 std::string* value_bytes) { 1160 VLOG(3) << __func__; 1161 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1162 } 1163 1164 TPM_RC Serialize_TPMS_SCHEME_RSASSA( 1165 const TPMS_SCHEME_RSASSA& value, 1166 std::string* buffer) { 1167 VLOG(3) << __func__; 1168 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1169 } 1170 1171 TPM_RC Parse_TPMS_SCHEME_RSASSA( 1172 std::string* buffer, 1173 TPMS_SCHEME_RSASSA* value, 1174 std::string* value_bytes) { 1175 VLOG(3) << __func__; 1176 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1177 } 1178 1179 TPM_RC Serialize_TPMS_SCHEME_RSAPSS( 1180 const TPMS_SCHEME_RSAPSS& value, 1181 std::string* buffer) { 1182 VLOG(3) << __func__; 1183 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1184 } 1185 1186 TPM_RC Parse_TPMS_SCHEME_RSAPSS( 1187 std::string* buffer, 1188 TPMS_SCHEME_RSAPSS* value, 1189 std::string* value_bytes) { 1190 VLOG(3) << __func__; 1191 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1192 } 1193 1194 TPM_RC Serialize_TPMS_SCHEME_ECDSA( 1195 const TPMS_SCHEME_ECDSA& value, 1196 std::string* buffer) { 1197 VLOG(3) << __func__; 1198 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1199 } 1200 1201 TPM_RC Parse_TPMS_SCHEME_ECDSA( 1202 std::string* buffer, 1203 TPMS_SCHEME_ECDSA* value, 1204 std::string* value_bytes) { 1205 VLOG(3) << __func__; 1206 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1207 } 1208 1209 TPM_RC Serialize_TPMS_SCHEME_SM2( 1210 const TPMS_SCHEME_SM2& value, 1211 std::string* buffer) { 1212 VLOG(3) << __func__; 1213 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1214 } 1215 1216 TPM_RC Parse_TPMS_SCHEME_SM2( 1217 std::string* buffer, 1218 TPMS_SCHEME_SM2* value, 1219 std::string* value_bytes) { 1220 VLOG(3) << __func__; 1221 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1222 } 1223 1224 TPM_RC Serialize_TPMS_SCHEME_ECSCHNORR( 1225 const TPMS_SCHEME_ECSCHNORR& value, 1226 std::string* buffer) { 1227 VLOG(3) << __func__; 1228 return Serialize_TPMS_SCHEME_SIGHASH(value, buffer); 1229 } 1230 1231 TPM_RC Parse_TPMS_SCHEME_ECSCHNORR( 1232 std::string* buffer, 1233 TPMS_SCHEME_ECSCHNORR* value, 1234 std::string* value_bytes) { 1235 VLOG(3) << __func__; 1236 return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes); 1237 } 1238 1239 TPM_RC Serialize_TPMI_YES_NO( 1240 const TPMI_YES_NO& value, 1241 std::string* buffer) { 1242 VLOG(3) << __func__; 1243 return Serialize_BYTE(value, buffer); 1244 } 1245 1246 TPM_RC Parse_TPMI_YES_NO( 1247 std::string* buffer, 1248 TPMI_YES_NO* value, 1249 std::string* value_bytes) { 1250 VLOG(3) << __func__; 1251 return Parse_BYTE(buffer, value, value_bytes); 1252 } 1253 1254 TPM_RC Serialize_TPMI_DH_OBJECT( 1255 const TPMI_DH_OBJECT& value, 1256 std::string* buffer) { 1257 VLOG(3) << __func__; 1258 return Serialize_TPM_HANDLE(value, buffer); 1259 } 1260 1261 TPM_RC Parse_TPMI_DH_OBJECT( 1262 std::string* buffer, 1263 TPMI_DH_OBJECT* value, 1264 std::string* value_bytes) { 1265 VLOG(3) << __func__; 1266 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1267 } 1268 1269 TPM_RC Serialize_TPMI_DH_PERSISTENT( 1270 const TPMI_DH_PERSISTENT& value, 1271 std::string* buffer) { 1272 VLOG(3) << __func__; 1273 return Serialize_TPM_HANDLE(value, buffer); 1274 } 1275 1276 TPM_RC Parse_TPMI_DH_PERSISTENT( 1277 std::string* buffer, 1278 TPMI_DH_PERSISTENT* value, 1279 std::string* value_bytes) { 1280 VLOG(3) << __func__; 1281 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1282 } 1283 1284 TPM_RC Serialize_TPMI_DH_ENTITY( 1285 const TPMI_DH_ENTITY& value, 1286 std::string* buffer) { 1287 VLOG(3) << __func__; 1288 return Serialize_TPM_HANDLE(value, buffer); 1289 } 1290 1291 TPM_RC Parse_TPMI_DH_ENTITY( 1292 std::string* buffer, 1293 TPMI_DH_ENTITY* value, 1294 std::string* value_bytes) { 1295 VLOG(3) << __func__; 1296 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1297 } 1298 1299 TPM_RC Serialize_TPMI_DH_PCR( 1300 const TPMI_DH_PCR& value, 1301 std::string* buffer) { 1302 VLOG(3) << __func__; 1303 return Serialize_TPM_HANDLE(value, buffer); 1304 } 1305 1306 TPM_RC Parse_TPMI_DH_PCR( 1307 std::string* buffer, 1308 TPMI_DH_PCR* value, 1309 std::string* value_bytes) { 1310 VLOG(3) << __func__; 1311 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1312 } 1313 1314 TPM_RC Serialize_TPMI_SH_AUTH_SESSION( 1315 const TPMI_SH_AUTH_SESSION& value, 1316 std::string* buffer) { 1317 VLOG(3) << __func__; 1318 return Serialize_TPM_HANDLE(value, buffer); 1319 } 1320 1321 TPM_RC Parse_TPMI_SH_AUTH_SESSION( 1322 std::string* buffer, 1323 TPMI_SH_AUTH_SESSION* value, 1324 std::string* value_bytes) { 1325 VLOG(3) << __func__; 1326 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1327 } 1328 1329 TPM_RC Serialize_TPMI_SH_HMAC( 1330 const TPMI_SH_HMAC& value, 1331 std::string* buffer) { 1332 VLOG(3) << __func__; 1333 return Serialize_TPM_HANDLE(value, buffer); 1334 } 1335 1336 TPM_RC Parse_TPMI_SH_HMAC( 1337 std::string* buffer, 1338 TPMI_SH_HMAC* value, 1339 std::string* value_bytes) { 1340 VLOG(3) << __func__; 1341 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1342 } 1343 1344 TPM_RC Serialize_TPMI_SH_POLICY( 1345 const TPMI_SH_POLICY& value, 1346 std::string* buffer) { 1347 VLOG(3) << __func__; 1348 return Serialize_TPM_HANDLE(value, buffer); 1349 } 1350 1351 TPM_RC Parse_TPMI_SH_POLICY( 1352 std::string* buffer, 1353 TPMI_SH_POLICY* value, 1354 std::string* value_bytes) { 1355 VLOG(3) << __func__; 1356 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1357 } 1358 1359 TPM_RC Serialize_TPMI_DH_CONTEXT( 1360 const TPMI_DH_CONTEXT& value, 1361 std::string* buffer) { 1362 VLOG(3) << __func__; 1363 return Serialize_TPM_HANDLE(value, buffer); 1364 } 1365 1366 TPM_RC Parse_TPMI_DH_CONTEXT( 1367 std::string* buffer, 1368 TPMI_DH_CONTEXT* value, 1369 std::string* value_bytes) { 1370 VLOG(3) << __func__; 1371 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1372 } 1373 1374 TPM_RC Serialize_TPMI_RH_HIERARCHY( 1375 const TPMI_RH_HIERARCHY& value, 1376 std::string* buffer) { 1377 VLOG(3) << __func__; 1378 return Serialize_TPM_HANDLE(value, buffer); 1379 } 1380 1381 TPM_RC Parse_TPMI_RH_HIERARCHY( 1382 std::string* buffer, 1383 TPMI_RH_HIERARCHY* value, 1384 std::string* value_bytes) { 1385 VLOG(3) << __func__; 1386 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1387 } 1388 1389 TPM_RC Serialize_TPMI_RH_ENABLES( 1390 const TPMI_RH_ENABLES& value, 1391 std::string* buffer) { 1392 VLOG(3) << __func__; 1393 return Serialize_TPM_HANDLE(value, buffer); 1394 } 1395 1396 TPM_RC Parse_TPMI_RH_ENABLES( 1397 std::string* buffer, 1398 TPMI_RH_ENABLES* value, 1399 std::string* value_bytes) { 1400 VLOG(3) << __func__; 1401 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1402 } 1403 1404 TPM_RC Serialize_TPMI_RH_HIERARCHY_AUTH( 1405 const TPMI_RH_HIERARCHY_AUTH& value, 1406 std::string* buffer) { 1407 VLOG(3) << __func__; 1408 return Serialize_TPM_HANDLE(value, buffer); 1409 } 1410 1411 TPM_RC Parse_TPMI_RH_HIERARCHY_AUTH( 1412 std::string* buffer, 1413 TPMI_RH_HIERARCHY_AUTH* value, 1414 std::string* value_bytes) { 1415 VLOG(3) << __func__; 1416 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1417 } 1418 1419 TPM_RC Serialize_TPMI_RH_PLATFORM( 1420 const TPMI_RH_PLATFORM& value, 1421 std::string* buffer) { 1422 VLOG(3) << __func__; 1423 return Serialize_TPM_HANDLE(value, buffer); 1424 } 1425 1426 TPM_RC Parse_TPMI_RH_PLATFORM( 1427 std::string* buffer, 1428 TPMI_RH_PLATFORM* value, 1429 std::string* value_bytes) { 1430 VLOG(3) << __func__; 1431 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1432 } 1433 1434 TPM_RC Serialize_TPMI_RH_OWNER( 1435 const TPMI_RH_OWNER& value, 1436 std::string* buffer) { 1437 VLOG(3) << __func__; 1438 return Serialize_TPM_HANDLE(value, buffer); 1439 } 1440 1441 TPM_RC Parse_TPMI_RH_OWNER( 1442 std::string* buffer, 1443 TPMI_RH_OWNER* value, 1444 std::string* value_bytes) { 1445 VLOG(3) << __func__; 1446 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1447 } 1448 1449 TPM_RC Serialize_TPMI_RH_ENDORSEMENT( 1450 const TPMI_RH_ENDORSEMENT& value, 1451 std::string* buffer) { 1452 VLOG(3) << __func__; 1453 return Serialize_TPM_HANDLE(value, buffer); 1454 } 1455 1456 TPM_RC Parse_TPMI_RH_ENDORSEMENT( 1457 std::string* buffer, 1458 TPMI_RH_ENDORSEMENT* value, 1459 std::string* value_bytes) { 1460 VLOG(3) << __func__; 1461 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1462 } 1463 1464 TPM_RC Serialize_TPMI_RH_PROVISION( 1465 const TPMI_RH_PROVISION& value, 1466 std::string* buffer) { 1467 VLOG(3) << __func__; 1468 return Serialize_TPM_HANDLE(value, buffer); 1469 } 1470 1471 TPM_RC Parse_TPMI_RH_PROVISION( 1472 std::string* buffer, 1473 TPMI_RH_PROVISION* value, 1474 std::string* value_bytes) { 1475 VLOG(3) << __func__; 1476 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1477 } 1478 1479 TPM_RC Serialize_TPMI_RH_CLEAR( 1480 const TPMI_RH_CLEAR& value, 1481 std::string* buffer) { 1482 VLOG(3) << __func__; 1483 return Serialize_TPM_HANDLE(value, buffer); 1484 } 1485 1486 TPM_RC Parse_TPMI_RH_CLEAR( 1487 std::string* buffer, 1488 TPMI_RH_CLEAR* value, 1489 std::string* value_bytes) { 1490 VLOG(3) << __func__; 1491 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1492 } 1493 1494 TPM_RC Serialize_TPMI_RH_NV_AUTH( 1495 const TPMI_RH_NV_AUTH& value, 1496 std::string* buffer) { 1497 VLOG(3) << __func__; 1498 return Serialize_TPM_HANDLE(value, buffer); 1499 } 1500 1501 TPM_RC Parse_TPMI_RH_NV_AUTH( 1502 std::string* buffer, 1503 TPMI_RH_NV_AUTH* value, 1504 std::string* value_bytes) { 1505 VLOG(3) << __func__; 1506 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1507 } 1508 1509 TPM_RC Serialize_TPMI_RH_LOCKOUT( 1510 const TPMI_RH_LOCKOUT& value, 1511 std::string* buffer) { 1512 VLOG(3) << __func__; 1513 return Serialize_TPM_HANDLE(value, buffer); 1514 } 1515 1516 TPM_RC Parse_TPMI_RH_LOCKOUT( 1517 std::string* buffer, 1518 TPMI_RH_LOCKOUT* value, 1519 std::string* value_bytes) { 1520 VLOG(3) << __func__; 1521 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1522 } 1523 1524 TPM_RC Serialize_TPMI_RH_NV_INDEX( 1525 const TPMI_RH_NV_INDEX& value, 1526 std::string* buffer) { 1527 VLOG(3) << __func__; 1528 return Serialize_TPM_HANDLE(value, buffer); 1529 } 1530 1531 TPM_RC Parse_TPMI_RH_NV_INDEX( 1532 std::string* buffer, 1533 TPMI_RH_NV_INDEX* value, 1534 std::string* value_bytes) { 1535 VLOG(3) << __func__; 1536 return Parse_TPM_HANDLE(buffer, value, value_bytes); 1537 } 1538 1539 TPM_RC Serialize_TPMI_ALG_ASYM( 1540 const TPMI_ALG_ASYM& value, 1541 std::string* buffer) { 1542 VLOG(3) << __func__; 1543 return Serialize_TPM_ALG_ID(value, buffer); 1544 } 1545 1546 TPM_RC Parse_TPMI_ALG_ASYM( 1547 std::string* buffer, 1548 TPMI_ALG_ASYM* value, 1549 std::string* value_bytes) { 1550 VLOG(3) << __func__; 1551 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1552 } 1553 1554 TPM_RC Serialize_TPMI_ALG_SYM( 1555 const TPMI_ALG_SYM& value, 1556 std::string* buffer) { 1557 VLOG(3) << __func__; 1558 return Serialize_TPM_ALG_ID(value, buffer); 1559 } 1560 1561 TPM_RC Parse_TPMI_ALG_SYM( 1562 std::string* buffer, 1563 TPMI_ALG_SYM* value, 1564 std::string* value_bytes) { 1565 VLOG(3) << __func__; 1566 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1567 } 1568 1569 TPM_RC Serialize_TPMI_ALG_SYM_OBJECT( 1570 const TPMI_ALG_SYM_OBJECT& value, 1571 std::string* buffer) { 1572 VLOG(3) << __func__; 1573 return Serialize_TPM_ALG_ID(value, buffer); 1574 } 1575 1576 TPM_RC Parse_TPMI_ALG_SYM_OBJECT( 1577 std::string* buffer, 1578 TPMI_ALG_SYM_OBJECT* value, 1579 std::string* value_bytes) { 1580 VLOG(3) << __func__; 1581 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1582 } 1583 1584 TPM_RC Serialize_TPMI_ALG_SYM_MODE( 1585 const TPMI_ALG_SYM_MODE& value, 1586 std::string* buffer) { 1587 VLOG(3) << __func__; 1588 return Serialize_TPM_ALG_ID(value, buffer); 1589 } 1590 1591 TPM_RC Parse_TPMI_ALG_SYM_MODE( 1592 std::string* buffer, 1593 TPMI_ALG_SYM_MODE* value, 1594 std::string* value_bytes) { 1595 VLOG(3) << __func__; 1596 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1597 } 1598 1599 TPM_RC Serialize_TPMI_ALG_KDF( 1600 const TPMI_ALG_KDF& value, 1601 std::string* buffer) { 1602 VLOG(3) << __func__; 1603 return Serialize_TPM_ALG_ID(value, buffer); 1604 } 1605 1606 TPM_RC Parse_TPMI_ALG_KDF( 1607 std::string* buffer, 1608 TPMI_ALG_KDF* value, 1609 std::string* value_bytes) { 1610 VLOG(3) << __func__; 1611 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1612 } 1613 1614 TPM_RC Serialize_TPMI_ALG_SIG_SCHEME( 1615 const TPMI_ALG_SIG_SCHEME& value, 1616 std::string* buffer) { 1617 VLOG(3) << __func__; 1618 return Serialize_TPM_ALG_ID(value, buffer); 1619 } 1620 1621 TPM_RC Parse_TPMI_ALG_SIG_SCHEME( 1622 std::string* buffer, 1623 TPMI_ALG_SIG_SCHEME* value, 1624 std::string* value_bytes) { 1625 VLOG(3) << __func__; 1626 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1627 } 1628 1629 TPM_RC Serialize_TPMI_ECC_KEY_EXCHANGE( 1630 const TPMI_ECC_KEY_EXCHANGE& value, 1631 std::string* buffer) { 1632 VLOG(3) << __func__; 1633 return Serialize_TPM_ALG_ID(value, buffer); 1634 } 1635 1636 TPM_RC Parse_TPMI_ECC_KEY_EXCHANGE( 1637 std::string* buffer, 1638 TPMI_ECC_KEY_EXCHANGE* value, 1639 std::string* value_bytes) { 1640 VLOG(3) << __func__; 1641 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1642 } 1643 1644 TPM_RC Serialize_TPM_ST( 1645 const TPM_ST& value, 1646 std::string* buffer) { 1647 VLOG(3) << __func__; 1648 return Serialize_UINT16(value, buffer); 1649 } 1650 1651 TPM_RC Parse_TPM_ST( 1652 std::string* buffer, 1653 TPM_ST* value, 1654 std::string* value_bytes) { 1655 VLOG(3) << __func__; 1656 return Parse_UINT16(buffer, value, value_bytes); 1657 } 1658 1659 TPM_RC Serialize_TPMI_ST_COMMAND_TAG( 1660 const TPMI_ST_COMMAND_TAG& value, 1661 std::string* buffer) { 1662 VLOG(3) << __func__; 1663 return Serialize_TPM_ST(value, buffer); 1664 } 1665 1666 TPM_RC Parse_TPMI_ST_COMMAND_TAG( 1667 std::string* buffer, 1668 TPMI_ST_COMMAND_TAG* value, 1669 std::string* value_bytes) { 1670 VLOG(3) << __func__; 1671 return Parse_TPM_ST(buffer, value, value_bytes); 1672 } 1673 1674 TPM_RC Serialize_TPMI_ST_ATTEST( 1675 const TPMI_ST_ATTEST& value, 1676 std::string* buffer) { 1677 VLOG(3) << __func__; 1678 return Serialize_TPM_ST(value, buffer); 1679 } 1680 1681 TPM_RC Parse_TPMI_ST_ATTEST( 1682 std::string* buffer, 1683 TPMI_ST_ATTEST* value, 1684 std::string* value_bytes) { 1685 VLOG(3) << __func__; 1686 return Parse_TPM_ST(buffer, value, value_bytes); 1687 } 1688 1689 TPM_RC Serialize_TPMI_AES_KEY_BITS( 1690 const TPMI_AES_KEY_BITS& value, 1691 std::string* buffer) { 1692 VLOG(3) << __func__; 1693 return Serialize_TPM_KEY_BITS(value, buffer); 1694 } 1695 1696 TPM_RC Parse_TPMI_AES_KEY_BITS( 1697 std::string* buffer, 1698 TPMI_AES_KEY_BITS* value, 1699 std::string* value_bytes) { 1700 VLOG(3) << __func__; 1701 return Parse_TPM_KEY_BITS(buffer, value, value_bytes); 1702 } 1703 1704 TPM_RC Serialize_TPMI_SM4_KEY_BITS( 1705 const TPMI_SM4_KEY_BITS& value, 1706 std::string* buffer) { 1707 VLOG(3) << __func__; 1708 return Serialize_TPM_KEY_BITS(value, buffer); 1709 } 1710 1711 TPM_RC Parse_TPMI_SM4_KEY_BITS( 1712 std::string* buffer, 1713 TPMI_SM4_KEY_BITS* value, 1714 std::string* value_bytes) { 1715 VLOG(3) << __func__; 1716 return Parse_TPM_KEY_BITS(buffer, value, value_bytes); 1717 } 1718 1719 TPM_RC Serialize_TPMI_ALG_KEYEDHASH_SCHEME( 1720 const TPMI_ALG_KEYEDHASH_SCHEME& value, 1721 std::string* buffer) { 1722 VLOG(3) << __func__; 1723 return Serialize_TPM_ALG_ID(value, buffer); 1724 } 1725 1726 TPM_RC Parse_TPMI_ALG_KEYEDHASH_SCHEME( 1727 std::string* buffer, 1728 TPMI_ALG_KEYEDHASH_SCHEME* value, 1729 std::string* value_bytes) { 1730 VLOG(3) << __func__; 1731 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1732 } 1733 1734 TPM_RC Serialize_TPMI_ALG_ASYM_SCHEME( 1735 const TPMI_ALG_ASYM_SCHEME& value, 1736 std::string* buffer) { 1737 VLOG(3) << __func__; 1738 return Serialize_TPM_ALG_ID(value, buffer); 1739 } 1740 1741 TPM_RC Parse_TPMI_ALG_ASYM_SCHEME( 1742 std::string* buffer, 1743 TPMI_ALG_ASYM_SCHEME* value, 1744 std::string* value_bytes) { 1745 VLOG(3) << __func__; 1746 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1747 } 1748 1749 TPM_RC Serialize_TPMI_ALG_RSA_SCHEME( 1750 const TPMI_ALG_RSA_SCHEME& value, 1751 std::string* buffer) { 1752 VLOG(3) << __func__; 1753 return Serialize_TPM_ALG_ID(value, buffer); 1754 } 1755 1756 TPM_RC Parse_TPMI_ALG_RSA_SCHEME( 1757 std::string* buffer, 1758 TPMI_ALG_RSA_SCHEME* value, 1759 std::string* value_bytes) { 1760 VLOG(3) << __func__; 1761 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1762 } 1763 1764 TPM_RC Serialize_TPMI_ALG_RSA_DECRYPT( 1765 const TPMI_ALG_RSA_DECRYPT& value, 1766 std::string* buffer) { 1767 VLOG(3) << __func__; 1768 return Serialize_TPM_ALG_ID(value, buffer); 1769 } 1770 1771 TPM_RC Parse_TPMI_ALG_RSA_DECRYPT( 1772 std::string* buffer, 1773 TPMI_ALG_RSA_DECRYPT* value, 1774 std::string* value_bytes) { 1775 VLOG(3) << __func__; 1776 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1777 } 1778 1779 TPM_RC Serialize_TPMI_RSA_KEY_BITS( 1780 const TPMI_RSA_KEY_BITS& value, 1781 std::string* buffer) { 1782 VLOG(3) << __func__; 1783 return Serialize_TPM_KEY_BITS(value, buffer); 1784 } 1785 1786 TPM_RC Parse_TPMI_RSA_KEY_BITS( 1787 std::string* buffer, 1788 TPMI_RSA_KEY_BITS* value, 1789 std::string* value_bytes) { 1790 VLOG(3) << __func__; 1791 return Parse_TPM_KEY_BITS(buffer, value, value_bytes); 1792 } 1793 1794 TPM_RC Serialize_TPMI_ALG_ECC_SCHEME( 1795 const TPMI_ALG_ECC_SCHEME& value, 1796 std::string* buffer) { 1797 VLOG(3) << __func__; 1798 return Serialize_TPM_ALG_ID(value, buffer); 1799 } 1800 1801 TPM_RC Parse_TPMI_ALG_ECC_SCHEME( 1802 std::string* buffer, 1803 TPMI_ALG_ECC_SCHEME* value, 1804 std::string* value_bytes) { 1805 VLOG(3) << __func__; 1806 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1807 } 1808 1809 TPM_RC Serialize_TPM_ECC_CURVE( 1810 const TPM_ECC_CURVE& value, 1811 std::string* buffer) { 1812 VLOG(3) << __func__; 1813 return Serialize_UINT16(value, buffer); 1814 } 1815 1816 TPM_RC Parse_TPM_ECC_CURVE( 1817 std::string* buffer, 1818 TPM_ECC_CURVE* value, 1819 std::string* value_bytes) { 1820 VLOG(3) << __func__; 1821 return Parse_UINT16(buffer, value, value_bytes); 1822 } 1823 1824 TPM_RC Serialize_TPMI_ECC_CURVE( 1825 const TPMI_ECC_CURVE& value, 1826 std::string* buffer) { 1827 VLOG(3) << __func__; 1828 return Serialize_TPM_ECC_CURVE(value, buffer); 1829 } 1830 1831 TPM_RC Parse_TPMI_ECC_CURVE( 1832 std::string* buffer, 1833 TPMI_ECC_CURVE* value, 1834 std::string* value_bytes) { 1835 VLOG(3) << __func__; 1836 return Parse_TPM_ECC_CURVE(buffer, value, value_bytes); 1837 } 1838 1839 TPM_RC Serialize_TPMI_ALG_PUBLIC( 1840 const TPMI_ALG_PUBLIC& value, 1841 std::string* buffer) { 1842 VLOG(3) << __func__; 1843 return Serialize_TPM_ALG_ID(value, buffer); 1844 } 1845 1846 TPM_RC Parse_TPMI_ALG_PUBLIC( 1847 std::string* buffer, 1848 TPMI_ALG_PUBLIC* value, 1849 std::string* value_bytes) { 1850 VLOG(3) << __func__; 1851 return Parse_TPM_ALG_ID(buffer, value, value_bytes); 1852 } 1853 1854 TPM_RC Serialize_TPMA_ALGORITHM( 1855 const TPMA_ALGORITHM& value, 1856 std::string* buffer) { 1857 VLOG(3) << __func__; 1858 return Serialize_UINT32(value, buffer); 1859 } 1860 1861 TPM_RC Parse_TPMA_ALGORITHM( 1862 std::string* buffer, 1863 TPMA_ALGORITHM* value, 1864 std::string* value_bytes) { 1865 VLOG(3) << __func__; 1866 return Parse_UINT32(buffer, value, value_bytes); 1867 } 1868 1869 TPM_RC Serialize_TPMA_OBJECT( 1870 const TPMA_OBJECT& value, 1871 std::string* buffer) { 1872 VLOG(3) << __func__; 1873 return Serialize_UINT32(value, buffer); 1874 } 1875 1876 TPM_RC Parse_TPMA_OBJECT( 1877 std::string* buffer, 1878 TPMA_OBJECT* value, 1879 std::string* value_bytes) { 1880 VLOG(3) << __func__; 1881 return Parse_UINT32(buffer, value, value_bytes); 1882 } 1883 1884 TPM_RC Serialize_TPMA_SESSION( 1885 const TPMA_SESSION& value, 1886 std::string* buffer) { 1887 VLOG(3) << __func__; 1888 return Serialize_UINT8(value, buffer); 1889 } 1890 1891 TPM_RC Parse_TPMA_SESSION( 1892 std::string* buffer, 1893 TPMA_SESSION* value, 1894 std::string* value_bytes) { 1895 VLOG(3) << __func__; 1896 return Parse_UINT8(buffer, value, value_bytes); 1897 } 1898 1899 TPM_RC Serialize_TPMA_LOCALITY( 1900 const TPMA_LOCALITY& value, 1901 std::string* buffer) { 1902 VLOG(3) << __func__; 1903 return Serialize_UINT8(value, buffer); 1904 } 1905 1906 TPM_RC Parse_TPMA_LOCALITY( 1907 std::string* buffer, 1908 TPMA_LOCALITY* value, 1909 std::string* value_bytes) { 1910 VLOG(3) << __func__; 1911 return Parse_UINT8(buffer, value, value_bytes); 1912 } 1913 1914 TPM_RC Serialize_TPMA_PERMANENT( 1915 const TPMA_PERMANENT& value, 1916 std::string* buffer) { 1917 VLOG(3) << __func__; 1918 return Serialize_UINT32(value, buffer); 1919 } 1920 1921 TPM_RC Parse_TPMA_PERMANENT( 1922 std::string* buffer, 1923 TPMA_PERMANENT* value, 1924 std::string* value_bytes) { 1925 VLOG(3) << __func__; 1926 return Parse_UINT32(buffer, value, value_bytes); 1927 } 1928 1929 TPM_RC Serialize_TPMA_STARTUP_CLEAR( 1930 const TPMA_STARTUP_CLEAR& value, 1931 std::string* buffer) { 1932 VLOG(3) << __func__; 1933 return Serialize_UINT32(value, buffer); 1934 } 1935 1936 TPM_RC Parse_TPMA_STARTUP_CLEAR( 1937 std::string* buffer, 1938 TPMA_STARTUP_CLEAR* value, 1939 std::string* value_bytes) { 1940 VLOG(3) << __func__; 1941 return Parse_UINT32(buffer, value, value_bytes); 1942 } 1943 1944 TPM_RC Serialize_TPMA_MEMORY( 1945 const TPMA_MEMORY& value, 1946 std::string* buffer) { 1947 VLOG(3) << __func__; 1948 return Serialize_UINT32(value, buffer); 1949 } 1950 1951 TPM_RC Parse_TPMA_MEMORY( 1952 std::string* buffer, 1953 TPMA_MEMORY* value, 1954 std::string* value_bytes) { 1955 VLOG(3) << __func__; 1956 return Parse_UINT32(buffer, value, value_bytes); 1957 } 1958 1959 TPM_RC Serialize_TPM_CC( 1960 const TPM_CC& value, 1961 std::string* buffer) { 1962 VLOG(3) << __func__; 1963 return Serialize_UINT32(value, buffer); 1964 } 1965 1966 TPM_RC Parse_TPM_CC( 1967 std::string* buffer, 1968 TPM_CC* value, 1969 std::string* value_bytes) { 1970 VLOG(3) << __func__; 1971 return Parse_UINT32(buffer, value, value_bytes); 1972 } 1973 1974 TPM_RC Serialize_TPMA_CC( 1975 const TPMA_CC& value, 1976 std::string* buffer) { 1977 VLOG(3) << __func__; 1978 return Serialize_TPM_CC(value, buffer); 1979 } 1980 1981 TPM_RC Parse_TPMA_CC( 1982 std::string* buffer, 1983 TPMA_CC* value, 1984 std::string* value_bytes) { 1985 VLOG(3) << __func__; 1986 return Parse_TPM_CC(buffer, value, value_bytes); 1987 } 1988 1989 TPM_RC Serialize_TPM_NV_INDEX( 1990 const TPM_NV_INDEX& value, 1991 std::string* buffer) { 1992 VLOG(3) << __func__; 1993 return Serialize_UINT32(value, buffer); 1994 } 1995 1996 TPM_RC Parse_TPM_NV_INDEX( 1997 std::string* buffer, 1998 TPM_NV_INDEX* value, 1999 std::string* value_bytes) { 2000 VLOG(3) << __func__; 2001 return Parse_UINT32(buffer, value, value_bytes); 2002 } 2003 2004 TPM_RC Serialize_TPMA_NV( 2005 const TPMA_NV& value, 2006 std::string* buffer) { 2007 VLOG(3) << __func__; 2008 return Serialize_UINT32(value, buffer); 2009 } 2010 2011 TPM_RC Parse_TPMA_NV( 2012 std::string* buffer, 2013 TPMA_NV* value, 2014 std::string* value_bytes) { 2015 VLOG(3) << __func__; 2016 return Parse_UINT32(buffer, value, value_bytes); 2017 } 2018 2019 TPM_RC Serialize_TPM_SPEC( 2020 const TPM_SPEC& value, 2021 std::string* buffer) { 2022 VLOG(3) << __func__; 2023 return Serialize_UINT32(value, buffer); 2024 } 2025 2026 TPM_RC Parse_TPM_SPEC( 2027 std::string* buffer, 2028 TPM_SPEC* value, 2029 std::string* value_bytes) { 2030 VLOG(3) << __func__; 2031 return Parse_UINT32(buffer, value, value_bytes); 2032 } 2033 2034 TPM_RC Serialize_TPM_GENERATED( 2035 const TPM_GENERATED& value, 2036 std::string* buffer) { 2037 VLOG(3) << __func__; 2038 return Serialize_UINT32(value, buffer); 2039 } 2040 2041 TPM_RC Parse_TPM_GENERATED( 2042 std::string* buffer, 2043 TPM_GENERATED* value, 2044 std::string* value_bytes) { 2045 VLOG(3) << __func__; 2046 return Parse_UINT32(buffer, value, value_bytes); 2047 } 2048 2049 TPM_RC Serialize_TPM_RC( 2050 const TPM_RC& value, 2051 std::string* buffer) { 2052 VLOG(3) << __func__; 2053 return Serialize_UINT32(value, buffer); 2054 } 2055 2056 TPM_RC Parse_TPM_RC( 2057 std::string* buffer, 2058 TPM_RC* value, 2059 std::string* value_bytes) { 2060 VLOG(3) << __func__; 2061 return Parse_UINT32(buffer, value, value_bytes); 2062 } 2063 2064 TPM_RC Serialize_TPM_CLOCK_ADJUST( 2065 const TPM_CLOCK_ADJUST& value, 2066 std::string* buffer) { 2067 VLOG(3) << __func__; 2068 return Serialize_INT8(value, buffer); 2069 } 2070 2071 TPM_RC Parse_TPM_CLOCK_ADJUST( 2072 std::string* buffer, 2073 TPM_CLOCK_ADJUST* value, 2074 std::string* value_bytes) { 2075 VLOG(3) << __func__; 2076 return Parse_INT8(buffer, value, value_bytes); 2077 } 2078 2079 TPM_RC Serialize_TPM_EO( 2080 const TPM_EO& value, 2081 std::string* buffer) { 2082 VLOG(3) << __func__; 2083 return Serialize_UINT16(value, buffer); 2084 } 2085 2086 TPM_RC Parse_TPM_EO( 2087 std::string* buffer, 2088 TPM_EO* value, 2089 std::string* value_bytes) { 2090 VLOG(3) << __func__; 2091 return Parse_UINT16(buffer, value, value_bytes); 2092 } 2093 2094 TPM_RC Serialize_TPM_SU( 2095 const TPM_SU& value, 2096 std::string* buffer) { 2097 VLOG(3) << __func__; 2098 return Serialize_UINT16(value, buffer); 2099 } 2100 2101 TPM_RC Parse_TPM_SU( 2102 std::string* buffer, 2103 TPM_SU* value, 2104 std::string* value_bytes) { 2105 VLOG(3) << __func__; 2106 return Parse_UINT16(buffer, value, value_bytes); 2107 } 2108 2109 TPM_RC Serialize_TPM_SE( 2110 const TPM_SE& value, 2111 std::string* buffer) { 2112 VLOG(3) << __func__; 2113 return Serialize_UINT8(value, buffer); 2114 } 2115 2116 TPM_RC Parse_TPM_SE( 2117 std::string* buffer, 2118 TPM_SE* value, 2119 std::string* value_bytes) { 2120 VLOG(3) << __func__; 2121 return Parse_UINT8(buffer, value, value_bytes); 2122 } 2123 2124 TPM_RC Serialize_TPM_CAP( 2125 const TPM_CAP& value, 2126 std::string* buffer) { 2127 VLOG(3) << __func__; 2128 return Serialize_UINT32(value, buffer); 2129 } 2130 2131 TPM_RC Parse_TPM_CAP( 2132 std::string* buffer, 2133 TPM_CAP* value, 2134 std::string* value_bytes) { 2135 VLOG(3) << __func__; 2136 return Parse_UINT32(buffer, value, value_bytes); 2137 } 2138 2139 TPM_RC Serialize_TPM_PT( 2140 const TPM_PT& value, 2141 std::string* buffer) { 2142 VLOG(3) << __func__; 2143 return Serialize_UINT32(value, buffer); 2144 } 2145 2146 TPM_RC Parse_TPM_PT( 2147 std::string* buffer, 2148 TPM_PT* value, 2149 std::string* value_bytes) { 2150 VLOG(3) << __func__; 2151 return Parse_UINT32(buffer, value, value_bytes); 2152 } 2153 2154 TPM_RC Serialize_TPM_PT_PCR( 2155 const TPM_PT_PCR& value, 2156 std::string* buffer) { 2157 VLOG(3) << __func__; 2158 return Serialize_UINT32(value, buffer); 2159 } 2160 2161 TPM_RC Parse_TPM_PT_PCR( 2162 std::string* buffer, 2163 TPM_PT_PCR* value, 2164 std::string* value_bytes) { 2165 VLOG(3) << __func__; 2166 return Parse_UINT32(buffer, value, value_bytes); 2167 } 2168 2169 TPM_RC Serialize_TPM_PS( 2170 const TPM_PS& value, 2171 std::string* buffer) { 2172 VLOG(3) << __func__; 2173 return Serialize_UINT32(value, buffer); 2174 } 2175 2176 TPM_RC Parse_TPM_PS( 2177 std::string* buffer, 2178 TPM_PS* value, 2179 std::string* value_bytes) { 2180 VLOG(3) << __func__; 2181 return Parse_UINT32(buffer, value, value_bytes); 2182 } 2183 2184 TPM_RC Serialize_TPM_HT( 2185 const TPM_HT& value, 2186 std::string* buffer) { 2187 VLOG(3) << __func__; 2188 return Serialize_UINT8(value, buffer); 2189 } 2190 2191 TPM_RC Parse_TPM_HT( 2192 std::string* buffer, 2193 TPM_HT* value, 2194 std::string* value_bytes) { 2195 VLOG(3) << __func__; 2196 return Parse_UINT8(buffer, value, value_bytes); 2197 } 2198 2199 TPM_RC Serialize_TPM_RH( 2200 const TPM_RH& value, 2201 std::string* buffer) { 2202 VLOG(3) << __func__; 2203 return Serialize_UINT32(value, buffer); 2204 } 2205 2206 TPM_RC Parse_TPM_RH( 2207 std::string* buffer, 2208 TPM_RH* value, 2209 std::string* value_bytes) { 2210 VLOG(3) << __func__; 2211 return Parse_UINT32(buffer, value, value_bytes); 2212 } 2213 2214 TPM_RC Serialize_TPM_HC( 2215 const TPM_HC& value, 2216 std::string* buffer) { 2217 VLOG(3) << __func__; 2218 return Serialize_TPM_HANDLE(value, buffer); 2219 } 2220 2221 TPM_RC Parse_TPM_HC( 2222 std::string* buffer, 2223 TPM_HC* value, 2224 std::string* value_bytes) { 2225 VLOG(3) << __func__; 2226 return Parse_TPM_HANDLE(buffer, value, value_bytes); 2227 } 2228 2229 TPM_RC Serialize_TPMS_ALGORITHM_DESCRIPTION( 2230 const TPMS_ALGORITHM_DESCRIPTION& value, 2231 std::string* buffer) { 2232 TPM_RC result = TPM_RC_SUCCESS; 2233 VLOG(3) << __func__; 2234 2235 result = Serialize_TPM_ALG_ID(value.alg, buffer); 2236 if (result) { 2237 return result; 2238 } 2239 2240 result = Serialize_TPMA_ALGORITHM(value.attributes, buffer); 2241 if (result) { 2242 return result; 2243 } 2244 return result; 2245 } 2246 2247 TPM_RC Parse_TPMS_ALGORITHM_DESCRIPTION( 2248 std::string* buffer, 2249 TPMS_ALGORITHM_DESCRIPTION* value, 2250 std::string* value_bytes) { 2251 TPM_RC result = TPM_RC_SUCCESS; 2252 VLOG(3) << __func__; 2253 2254 result = Parse_TPM_ALG_ID( 2255 buffer, 2256 &value->alg, 2257 value_bytes); 2258 if (result) { 2259 return result; 2260 } 2261 2262 result = Parse_TPMA_ALGORITHM( 2263 buffer, 2264 &value->attributes, 2265 value_bytes); 2266 if (result) { 2267 return result; 2268 } 2269 return result; 2270 } 2271 2272 TPM_RC Serialize_TPMU_HA( 2273 const TPMU_HA& value, 2274 TPMI_ALG_HASH selector, 2275 std::string* buffer) { 2276 TPM_RC result = TPM_RC_SUCCESS; 2277 VLOG(3) << __func__; 2278 2279 if (selector == TPM_ALG_SHA384) { 2280 if (arraysize(value.sha384) < SHA384_DIGEST_SIZE) { 2281 return TPM_RC_INSUFFICIENT; 2282 } 2283 for (uint32_t i = 0; i < SHA384_DIGEST_SIZE; ++i) { 2284 result = Serialize_BYTE(value.sha384[i], buffer); 2285 if (result) { 2286 return result; 2287 } 2288 } 2289 } 2290 2291 if (selector == TPM_ALG_SHA1) { 2292 if (arraysize(value.sha1) < SHA1_DIGEST_SIZE) { 2293 return TPM_RC_INSUFFICIENT; 2294 } 2295 for (uint32_t i = 0; i < SHA1_DIGEST_SIZE; ++i) { 2296 result = Serialize_BYTE(value.sha1[i], buffer); 2297 if (result) { 2298 return result; 2299 } 2300 } 2301 } 2302 2303 if (selector == TPM_ALG_SM3_256) { 2304 if (arraysize(value.sm3_256) < SM3_256_DIGEST_SIZE) { 2305 return TPM_RC_INSUFFICIENT; 2306 } 2307 for (uint32_t i = 0; i < SM3_256_DIGEST_SIZE; ++i) { 2308 result = Serialize_BYTE(value.sm3_256[i], buffer); 2309 if (result) { 2310 return result; 2311 } 2312 } 2313 } 2314 2315 if (selector == TPM_ALG_NULL) { 2316 // Do nothing. 2317 } 2318 2319 if (selector == TPM_ALG_SHA256) { 2320 if (arraysize(value.sha256) < SHA256_DIGEST_SIZE) { 2321 return TPM_RC_INSUFFICIENT; 2322 } 2323 for (uint32_t i = 0; i < SHA256_DIGEST_SIZE; ++i) { 2324 result = Serialize_BYTE(value.sha256[i], buffer); 2325 if (result) { 2326 return result; 2327 } 2328 } 2329 } 2330 2331 if (selector == TPM_ALG_SHA512) { 2332 if (arraysize(value.sha512) < SHA512_DIGEST_SIZE) { 2333 return TPM_RC_INSUFFICIENT; 2334 } 2335 for (uint32_t i = 0; i < SHA512_DIGEST_SIZE; ++i) { 2336 result = Serialize_BYTE(value.sha512[i], buffer); 2337 if (result) { 2338 return result; 2339 } 2340 } 2341 } 2342 return result; 2343 } 2344 2345 TPM_RC Parse_TPMU_HA( 2346 std::string* buffer, 2347 TPMI_ALG_HASH selector, 2348 TPMU_HA* value, 2349 std::string* value_bytes) { 2350 TPM_RC result = TPM_RC_SUCCESS; 2351 VLOG(3) << __func__; 2352 2353 if (selector == TPM_ALG_SHA384) { 2354 if (arraysize(value->sha384) < SHA384_DIGEST_SIZE) { 2355 return TPM_RC_INSUFFICIENT; 2356 } 2357 for (uint32_t i = 0; i < SHA384_DIGEST_SIZE; ++i) { 2358 result = Parse_BYTE( 2359 buffer, 2360 &value->sha384[i], 2361 value_bytes); 2362 if (result) { 2363 return result; 2364 } 2365 } 2366 } 2367 2368 if (selector == TPM_ALG_SHA1) { 2369 if (arraysize(value->sha1) < SHA1_DIGEST_SIZE) { 2370 return TPM_RC_INSUFFICIENT; 2371 } 2372 for (uint32_t i = 0; i < SHA1_DIGEST_SIZE; ++i) { 2373 result = Parse_BYTE( 2374 buffer, 2375 &value->sha1[i], 2376 value_bytes); 2377 if (result) { 2378 return result; 2379 } 2380 } 2381 } 2382 2383 if (selector == TPM_ALG_SM3_256) { 2384 if (arraysize(value->sm3_256) < SM3_256_DIGEST_SIZE) { 2385 return TPM_RC_INSUFFICIENT; 2386 } 2387 for (uint32_t i = 0; i < SM3_256_DIGEST_SIZE; ++i) { 2388 result = Parse_BYTE( 2389 buffer, 2390 &value->sm3_256[i], 2391 value_bytes); 2392 if (result) { 2393 return result; 2394 } 2395 } 2396 } 2397 2398 if (selector == TPM_ALG_NULL) { 2399 // Do nothing. 2400 } 2401 2402 if (selector == TPM_ALG_SHA256) { 2403 if (arraysize(value->sha256) < SHA256_DIGEST_SIZE) { 2404 return TPM_RC_INSUFFICIENT; 2405 } 2406 for (uint32_t i = 0; i < SHA256_DIGEST_SIZE; ++i) { 2407 result = Parse_BYTE( 2408 buffer, 2409 &value->sha256[i], 2410 value_bytes); 2411 if (result) { 2412 return result; 2413 } 2414 } 2415 } 2416 2417 if (selector == TPM_ALG_SHA512) { 2418 if (arraysize(value->sha512) < SHA512_DIGEST_SIZE) { 2419 return TPM_RC_INSUFFICIENT; 2420 } 2421 for (uint32_t i = 0; i < SHA512_DIGEST_SIZE; ++i) { 2422 result = Parse_BYTE( 2423 buffer, 2424 &value->sha512[i], 2425 value_bytes); 2426 if (result) { 2427 return result; 2428 } 2429 } 2430 } 2431 return result; 2432 } 2433 2434 TPM_RC Serialize_TPMT_HA( 2435 const TPMT_HA& value, 2436 std::string* buffer) { 2437 TPM_RC result = TPM_RC_SUCCESS; 2438 VLOG(3) << __func__; 2439 2440 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 2441 if (result) { 2442 return result; 2443 } 2444 2445 result = Serialize_TPMU_HA( 2446 value.digest, 2447 value.hash_alg, 2448 buffer); 2449 if (result) { 2450 return result; 2451 } 2452 return result; 2453 } 2454 2455 TPM_RC Parse_TPMT_HA( 2456 std::string* buffer, 2457 TPMT_HA* value, 2458 std::string* value_bytes) { 2459 TPM_RC result = TPM_RC_SUCCESS; 2460 VLOG(3) << __func__; 2461 2462 result = Parse_TPMI_ALG_HASH( 2463 buffer, 2464 &value->hash_alg, 2465 value_bytes); 2466 if (result) { 2467 return result; 2468 } 2469 2470 result = Parse_TPMU_HA( 2471 buffer, 2472 value->hash_alg, 2473 &value->digest, 2474 value_bytes); 2475 if (result) { 2476 return result; 2477 } 2478 return result; 2479 } 2480 2481 TPM_RC Serialize_TPM2B_DATA( 2482 const TPM2B_DATA& value, 2483 std::string* buffer) { 2484 TPM_RC result = TPM_RC_SUCCESS; 2485 VLOG(3) << __func__; 2486 2487 result = Serialize_UINT16(value.size, buffer); 2488 if (result) { 2489 return result; 2490 } 2491 2492 if (arraysize(value.buffer) < value.size) { 2493 return TPM_RC_INSUFFICIENT; 2494 } 2495 for (uint32_t i = 0; i < value.size; ++i) { 2496 result = Serialize_BYTE(value.buffer[i], buffer); 2497 if (result) { 2498 return result; 2499 } 2500 } 2501 return result; 2502 } 2503 2504 TPM_RC Parse_TPM2B_DATA( 2505 std::string* buffer, 2506 TPM2B_DATA* value, 2507 std::string* value_bytes) { 2508 TPM_RC result = TPM_RC_SUCCESS; 2509 VLOG(3) << __func__; 2510 2511 result = Parse_UINT16( 2512 buffer, 2513 &value->size, 2514 value_bytes); 2515 if (result) { 2516 return result; 2517 } 2518 2519 if (arraysize(value->buffer) < value->size) { 2520 return TPM_RC_INSUFFICIENT; 2521 } 2522 for (uint32_t i = 0; i < value->size; ++i) { 2523 result = Parse_BYTE( 2524 buffer, 2525 &value->buffer[i], 2526 value_bytes); 2527 if (result) { 2528 return result; 2529 } 2530 } 2531 return result; 2532 } 2533 2534 TPM2B_DATA Make_TPM2B_DATA( 2535 const std::string& bytes) { 2536 TPM2B_DATA tpm2b; 2537 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2538 memset(&tpm2b, 0, sizeof(TPM2B_DATA)); 2539 tpm2b.size = bytes.size(); 2540 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2541 return tpm2b; 2542 } 2543 2544 std::string StringFrom_TPM2B_DATA( 2545 const TPM2B_DATA& tpm2b) { 2546 const char* char_buffer = reinterpret_cast<const char*>( 2547 tpm2b.buffer); 2548 return std::string(char_buffer, tpm2b.size); 2549 } 2550 2551 TPM_RC Serialize_TPM2B_EVENT( 2552 const TPM2B_EVENT& value, 2553 std::string* buffer) { 2554 TPM_RC result = TPM_RC_SUCCESS; 2555 VLOG(3) << __func__; 2556 2557 result = Serialize_UINT16(value.size, buffer); 2558 if (result) { 2559 return result; 2560 } 2561 2562 if (arraysize(value.buffer) < value.size) { 2563 return TPM_RC_INSUFFICIENT; 2564 } 2565 for (uint32_t i = 0; i < value.size; ++i) { 2566 result = Serialize_BYTE(value.buffer[i], buffer); 2567 if (result) { 2568 return result; 2569 } 2570 } 2571 return result; 2572 } 2573 2574 TPM_RC Parse_TPM2B_EVENT( 2575 std::string* buffer, 2576 TPM2B_EVENT* value, 2577 std::string* value_bytes) { 2578 TPM_RC result = TPM_RC_SUCCESS; 2579 VLOG(3) << __func__; 2580 2581 result = Parse_UINT16( 2582 buffer, 2583 &value->size, 2584 value_bytes); 2585 if (result) { 2586 return result; 2587 } 2588 2589 if (arraysize(value->buffer) < value->size) { 2590 return TPM_RC_INSUFFICIENT; 2591 } 2592 for (uint32_t i = 0; i < value->size; ++i) { 2593 result = Parse_BYTE( 2594 buffer, 2595 &value->buffer[i], 2596 value_bytes); 2597 if (result) { 2598 return result; 2599 } 2600 } 2601 return result; 2602 } 2603 2604 TPM2B_EVENT Make_TPM2B_EVENT( 2605 const std::string& bytes) { 2606 TPM2B_EVENT tpm2b; 2607 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2608 memset(&tpm2b, 0, sizeof(TPM2B_EVENT)); 2609 tpm2b.size = bytes.size(); 2610 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2611 return tpm2b; 2612 } 2613 2614 std::string StringFrom_TPM2B_EVENT( 2615 const TPM2B_EVENT& tpm2b) { 2616 const char* char_buffer = reinterpret_cast<const char*>( 2617 tpm2b.buffer); 2618 return std::string(char_buffer, tpm2b.size); 2619 } 2620 2621 TPM_RC Serialize_TPM2B_MAX_BUFFER( 2622 const TPM2B_MAX_BUFFER& value, 2623 std::string* buffer) { 2624 TPM_RC result = TPM_RC_SUCCESS; 2625 VLOG(3) << __func__; 2626 2627 result = Serialize_UINT16(value.size, buffer); 2628 if (result) { 2629 return result; 2630 } 2631 2632 if (arraysize(value.buffer) < value.size) { 2633 return TPM_RC_INSUFFICIENT; 2634 } 2635 for (uint32_t i = 0; i < value.size; ++i) { 2636 result = Serialize_BYTE(value.buffer[i], buffer); 2637 if (result) { 2638 return result; 2639 } 2640 } 2641 return result; 2642 } 2643 2644 TPM_RC Parse_TPM2B_MAX_BUFFER( 2645 std::string* buffer, 2646 TPM2B_MAX_BUFFER* value, 2647 std::string* value_bytes) { 2648 TPM_RC result = TPM_RC_SUCCESS; 2649 VLOG(3) << __func__; 2650 2651 result = Parse_UINT16( 2652 buffer, 2653 &value->size, 2654 value_bytes); 2655 if (result) { 2656 return result; 2657 } 2658 2659 if (arraysize(value->buffer) < value->size) { 2660 return TPM_RC_INSUFFICIENT; 2661 } 2662 for (uint32_t i = 0; i < value->size; ++i) { 2663 result = Parse_BYTE( 2664 buffer, 2665 &value->buffer[i], 2666 value_bytes); 2667 if (result) { 2668 return result; 2669 } 2670 } 2671 return result; 2672 } 2673 2674 TPM2B_MAX_BUFFER Make_TPM2B_MAX_BUFFER( 2675 const std::string& bytes) { 2676 TPM2B_MAX_BUFFER tpm2b; 2677 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2678 memset(&tpm2b, 0, sizeof(TPM2B_MAX_BUFFER)); 2679 tpm2b.size = bytes.size(); 2680 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2681 return tpm2b; 2682 } 2683 2684 std::string StringFrom_TPM2B_MAX_BUFFER( 2685 const TPM2B_MAX_BUFFER& tpm2b) { 2686 const char* char_buffer = reinterpret_cast<const char*>( 2687 tpm2b.buffer); 2688 return std::string(char_buffer, tpm2b.size); 2689 } 2690 2691 TPM_RC Serialize_TPM2B_MAX_NV_BUFFER( 2692 const TPM2B_MAX_NV_BUFFER& value, 2693 std::string* buffer) { 2694 TPM_RC result = TPM_RC_SUCCESS; 2695 VLOG(3) << __func__; 2696 2697 result = Serialize_UINT16(value.size, buffer); 2698 if (result) { 2699 return result; 2700 } 2701 2702 if (arraysize(value.buffer) < value.size) { 2703 return TPM_RC_INSUFFICIENT; 2704 } 2705 for (uint32_t i = 0; i < value.size; ++i) { 2706 result = Serialize_BYTE(value.buffer[i], buffer); 2707 if (result) { 2708 return result; 2709 } 2710 } 2711 return result; 2712 } 2713 2714 TPM_RC Parse_TPM2B_MAX_NV_BUFFER( 2715 std::string* buffer, 2716 TPM2B_MAX_NV_BUFFER* value, 2717 std::string* value_bytes) { 2718 TPM_RC result = TPM_RC_SUCCESS; 2719 VLOG(3) << __func__; 2720 2721 result = Parse_UINT16( 2722 buffer, 2723 &value->size, 2724 value_bytes); 2725 if (result) { 2726 return result; 2727 } 2728 2729 if (arraysize(value->buffer) < value->size) { 2730 return TPM_RC_INSUFFICIENT; 2731 } 2732 for (uint32_t i = 0; i < value->size; ++i) { 2733 result = Parse_BYTE( 2734 buffer, 2735 &value->buffer[i], 2736 value_bytes); 2737 if (result) { 2738 return result; 2739 } 2740 } 2741 return result; 2742 } 2743 2744 TPM2B_MAX_NV_BUFFER Make_TPM2B_MAX_NV_BUFFER( 2745 const std::string& bytes) { 2746 TPM2B_MAX_NV_BUFFER tpm2b; 2747 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2748 memset(&tpm2b, 0, sizeof(TPM2B_MAX_NV_BUFFER)); 2749 tpm2b.size = bytes.size(); 2750 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2751 return tpm2b; 2752 } 2753 2754 std::string StringFrom_TPM2B_MAX_NV_BUFFER( 2755 const TPM2B_MAX_NV_BUFFER& tpm2b) { 2756 const char* char_buffer = reinterpret_cast<const char*>( 2757 tpm2b.buffer); 2758 return std::string(char_buffer, tpm2b.size); 2759 } 2760 2761 TPM_RC Serialize_TPM2B_TIMEOUT( 2762 const TPM2B_TIMEOUT& value, 2763 std::string* buffer) { 2764 TPM_RC result = TPM_RC_SUCCESS; 2765 VLOG(3) << __func__; 2766 2767 result = Serialize_UINT16(value.size, buffer); 2768 if (result) { 2769 return result; 2770 } 2771 2772 if (arraysize(value.buffer) < value.size) { 2773 return TPM_RC_INSUFFICIENT; 2774 } 2775 for (uint32_t i = 0; i < value.size; ++i) { 2776 result = Serialize_BYTE(value.buffer[i], buffer); 2777 if (result) { 2778 return result; 2779 } 2780 } 2781 return result; 2782 } 2783 2784 TPM_RC Parse_TPM2B_TIMEOUT( 2785 std::string* buffer, 2786 TPM2B_TIMEOUT* value, 2787 std::string* value_bytes) { 2788 TPM_RC result = TPM_RC_SUCCESS; 2789 VLOG(3) << __func__; 2790 2791 result = Parse_UINT16( 2792 buffer, 2793 &value->size, 2794 value_bytes); 2795 if (result) { 2796 return result; 2797 } 2798 2799 if (arraysize(value->buffer) < value->size) { 2800 return TPM_RC_INSUFFICIENT; 2801 } 2802 for (uint32_t i = 0; i < value->size; ++i) { 2803 result = Parse_BYTE( 2804 buffer, 2805 &value->buffer[i], 2806 value_bytes); 2807 if (result) { 2808 return result; 2809 } 2810 } 2811 return result; 2812 } 2813 2814 TPM2B_TIMEOUT Make_TPM2B_TIMEOUT( 2815 const std::string& bytes) { 2816 TPM2B_TIMEOUT tpm2b; 2817 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2818 memset(&tpm2b, 0, sizeof(TPM2B_TIMEOUT)); 2819 tpm2b.size = bytes.size(); 2820 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2821 return tpm2b; 2822 } 2823 2824 std::string StringFrom_TPM2B_TIMEOUT( 2825 const TPM2B_TIMEOUT& tpm2b) { 2826 const char* char_buffer = reinterpret_cast<const char*>( 2827 tpm2b.buffer); 2828 return std::string(char_buffer, tpm2b.size); 2829 } 2830 2831 TPM_RC Serialize_TPM2B_IV( 2832 const TPM2B_IV& value, 2833 std::string* buffer) { 2834 TPM_RC result = TPM_RC_SUCCESS; 2835 VLOG(3) << __func__; 2836 2837 result = Serialize_UINT16(value.size, buffer); 2838 if (result) { 2839 return result; 2840 } 2841 2842 if (arraysize(value.buffer) < value.size) { 2843 return TPM_RC_INSUFFICIENT; 2844 } 2845 for (uint32_t i = 0; i < value.size; ++i) { 2846 result = Serialize_BYTE(value.buffer[i], buffer); 2847 if (result) { 2848 return result; 2849 } 2850 } 2851 return result; 2852 } 2853 2854 TPM_RC Parse_TPM2B_IV( 2855 std::string* buffer, 2856 TPM2B_IV* value, 2857 std::string* value_bytes) { 2858 TPM_RC result = TPM_RC_SUCCESS; 2859 VLOG(3) << __func__; 2860 2861 result = Parse_UINT16( 2862 buffer, 2863 &value->size, 2864 value_bytes); 2865 if (result) { 2866 return result; 2867 } 2868 2869 if (arraysize(value->buffer) < value->size) { 2870 return TPM_RC_INSUFFICIENT; 2871 } 2872 for (uint32_t i = 0; i < value->size; ++i) { 2873 result = Parse_BYTE( 2874 buffer, 2875 &value->buffer[i], 2876 value_bytes); 2877 if (result) { 2878 return result; 2879 } 2880 } 2881 return result; 2882 } 2883 2884 TPM2B_IV Make_TPM2B_IV( 2885 const std::string& bytes) { 2886 TPM2B_IV tpm2b; 2887 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 2888 memset(&tpm2b, 0, sizeof(TPM2B_IV)); 2889 tpm2b.size = bytes.size(); 2890 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 2891 return tpm2b; 2892 } 2893 2894 std::string StringFrom_TPM2B_IV( 2895 const TPM2B_IV& tpm2b) { 2896 const char* char_buffer = reinterpret_cast<const char*>( 2897 tpm2b.buffer); 2898 return std::string(char_buffer, tpm2b.size); 2899 } 2900 2901 TPM_RC Serialize_TPM2B_NAME( 2902 const TPM2B_NAME& value, 2903 std::string* buffer) { 2904 TPM_RC result = TPM_RC_SUCCESS; 2905 VLOG(3) << __func__; 2906 2907 result = Serialize_UINT16(value.size, buffer); 2908 if (result) { 2909 return result; 2910 } 2911 2912 if (arraysize(value.name) < value.size) { 2913 return TPM_RC_INSUFFICIENT; 2914 } 2915 for (uint32_t i = 0; i < value.size; ++i) { 2916 result = Serialize_BYTE(value.name[i], buffer); 2917 if (result) { 2918 return result; 2919 } 2920 } 2921 return result; 2922 } 2923 2924 TPM_RC Parse_TPM2B_NAME( 2925 std::string* buffer, 2926 TPM2B_NAME* value, 2927 std::string* value_bytes) { 2928 TPM_RC result = TPM_RC_SUCCESS; 2929 VLOG(3) << __func__; 2930 2931 result = Parse_UINT16( 2932 buffer, 2933 &value->size, 2934 value_bytes); 2935 if (result) { 2936 return result; 2937 } 2938 2939 if (arraysize(value->name) < value->size) { 2940 return TPM_RC_INSUFFICIENT; 2941 } 2942 for (uint32_t i = 0; i < value->size; ++i) { 2943 result = Parse_BYTE( 2944 buffer, 2945 &value->name[i], 2946 value_bytes); 2947 if (result) { 2948 return result; 2949 } 2950 } 2951 return result; 2952 } 2953 2954 TPM2B_NAME Make_TPM2B_NAME( 2955 const std::string& bytes) { 2956 TPM2B_NAME tpm2b; 2957 CHECK(bytes.size() <= sizeof(tpm2b.name)); 2958 memset(&tpm2b, 0, sizeof(TPM2B_NAME)); 2959 tpm2b.size = bytes.size(); 2960 memcpy(tpm2b.name, bytes.data(), bytes.size()); 2961 return tpm2b; 2962 } 2963 2964 std::string StringFrom_TPM2B_NAME( 2965 const TPM2B_NAME& tpm2b) { 2966 const char* char_buffer = reinterpret_cast<const char*>( 2967 tpm2b.name); 2968 return std::string(char_buffer, tpm2b.size); 2969 } 2970 2971 TPM_RC Serialize_TPMS_PCR_SELECT( 2972 const TPMS_PCR_SELECT& value, 2973 std::string* buffer) { 2974 TPM_RC result = TPM_RC_SUCCESS; 2975 VLOG(3) << __func__; 2976 2977 result = Serialize_UINT8(value.sizeof_select, buffer); 2978 if (result) { 2979 return result; 2980 } 2981 2982 if (arraysize(value.pcr_select) < value.sizeof_select) { 2983 return TPM_RC_INSUFFICIENT; 2984 } 2985 for (uint32_t i = 0; i < value.sizeof_select; ++i) { 2986 result = Serialize_BYTE(value.pcr_select[i], buffer); 2987 if (result) { 2988 return result; 2989 } 2990 } 2991 return result; 2992 } 2993 2994 TPM_RC Parse_TPMS_PCR_SELECT( 2995 std::string* buffer, 2996 TPMS_PCR_SELECT* value, 2997 std::string* value_bytes) { 2998 TPM_RC result = TPM_RC_SUCCESS; 2999 VLOG(3) << __func__; 3000 3001 result = Parse_UINT8( 3002 buffer, 3003 &value->sizeof_select, 3004 value_bytes); 3005 if (result) { 3006 return result; 3007 } 3008 3009 if (arraysize(value->pcr_select) < value->sizeof_select) { 3010 return TPM_RC_INSUFFICIENT; 3011 } 3012 for (uint32_t i = 0; i < value->sizeof_select; ++i) { 3013 result = Parse_BYTE( 3014 buffer, 3015 &value->pcr_select[i], 3016 value_bytes); 3017 if (result) { 3018 return result; 3019 } 3020 } 3021 return result; 3022 } 3023 3024 TPM_RC Serialize_TPMS_PCR_SELECTION( 3025 const TPMS_PCR_SELECTION& value, 3026 std::string* buffer) { 3027 TPM_RC result = TPM_RC_SUCCESS; 3028 VLOG(3) << __func__; 3029 3030 result = Serialize_TPMI_ALG_HASH(value.hash, buffer); 3031 if (result) { 3032 return result; 3033 } 3034 3035 result = Serialize_UINT8(value.sizeof_select, buffer); 3036 if (result) { 3037 return result; 3038 } 3039 3040 if (arraysize(value.pcr_select) < value.sizeof_select) { 3041 return TPM_RC_INSUFFICIENT; 3042 } 3043 for (uint32_t i = 0; i < value.sizeof_select; ++i) { 3044 result = Serialize_BYTE(value.pcr_select[i], buffer); 3045 if (result) { 3046 return result; 3047 } 3048 } 3049 return result; 3050 } 3051 3052 TPM_RC Parse_TPMS_PCR_SELECTION( 3053 std::string* buffer, 3054 TPMS_PCR_SELECTION* value, 3055 std::string* value_bytes) { 3056 TPM_RC result = TPM_RC_SUCCESS; 3057 VLOG(3) << __func__; 3058 3059 result = Parse_TPMI_ALG_HASH( 3060 buffer, 3061 &value->hash, 3062 value_bytes); 3063 if (result) { 3064 return result; 3065 } 3066 3067 result = Parse_UINT8( 3068 buffer, 3069 &value->sizeof_select, 3070 value_bytes); 3071 if (result) { 3072 return result; 3073 } 3074 3075 if (arraysize(value->pcr_select) < value->sizeof_select) { 3076 return TPM_RC_INSUFFICIENT; 3077 } 3078 for (uint32_t i = 0; i < value->sizeof_select; ++i) { 3079 result = Parse_BYTE( 3080 buffer, 3081 &value->pcr_select[i], 3082 value_bytes); 3083 if (result) { 3084 return result; 3085 } 3086 } 3087 return result; 3088 } 3089 3090 TPM_RC Serialize_TPMT_TK_CREATION( 3091 const TPMT_TK_CREATION& value, 3092 std::string* buffer) { 3093 TPM_RC result = TPM_RC_SUCCESS; 3094 VLOG(3) << __func__; 3095 3096 result = Serialize_TPM_ST(value.tag, buffer); 3097 if (result) { 3098 return result; 3099 } 3100 3101 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 3102 if (result) { 3103 return result; 3104 } 3105 3106 result = Serialize_TPM2B_DIGEST(value.digest, buffer); 3107 if (result) { 3108 return result; 3109 } 3110 return result; 3111 } 3112 3113 TPM_RC Parse_TPMT_TK_CREATION( 3114 std::string* buffer, 3115 TPMT_TK_CREATION* value, 3116 std::string* value_bytes) { 3117 TPM_RC result = TPM_RC_SUCCESS; 3118 VLOG(3) << __func__; 3119 3120 result = Parse_TPM_ST( 3121 buffer, 3122 &value->tag, 3123 value_bytes); 3124 if (result) { 3125 return result; 3126 } 3127 3128 result = Parse_TPMI_RH_HIERARCHY( 3129 buffer, 3130 &value->hierarchy, 3131 value_bytes); 3132 if (result) { 3133 return result; 3134 } 3135 3136 result = Parse_TPM2B_DIGEST( 3137 buffer, 3138 &value->digest, 3139 value_bytes); 3140 if (result) { 3141 return result; 3142 } 3143 return result; 3144 } 3145 3146 TPM_RC Serialize_TPMT_TK_VERIFIED( 3147 const TPMT_TK_VERIFIED& value, 3148 std::string* buffer) { 3149 TPM_RC result = TPM_RC_SUCCESS; 3150 VLOG(3) << __func__; 3151 3152 result = Serialize_TPM_ST(value.tag, buffer); 3153 if (result) { 3154 return result; 3155 } 3156 3157 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 3158 if (result) { 3159 return result; 3160 } 3161 3162 result = Serialize_TPM2B_DIGEST(value.digest, buffer); 3163 if (result) { 3164 return result; 3165 } 3166 return result; 3167 } 3168 3169 TPM_RC Parse_TPMT_TK_VERIFIED( 3170 std::string* buffer, 3171 TPMT_TK_VERIFIED* value, 3172 std::string* value_bytes) { 3173 TPM_RC result = TPM_RC_SUCCESS; 3174 VLOG(3) << __func__; 3175 3176 result = Parse_TPM_ST( 3177 buffer, 3178 &value->tag, 3179 value_bytes); 3180 if (result) { 3181 return result; 3182 } 3183 3184 result = Parse_TPMI_RH_HIERARCHY( 3185 buffer, 3186 &value->hierarchy, 3187 value_bytes); 3188 if (result) { 3189 return result; 3190 } 3191 3192 result = Parse_TPM2B_DIGEST( 3193 buffer, 3194 &value->digest, 3195 value_bytes); 3196 if (result) { 3197 return result; 3198 } 3199 return result; 3200 } 3201 3202 TPM_RC Serialize_TPMT_TK_AUTH( 3203 const TPMT_TK_AUTH& value, 3204 std::string* buffer) { 3205 TPM_RC result = TPM_RC_SUCCESS; 3206 VLOG(3) << __func__; 3207 3208 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 3209 if (result) { 3210 return result; 3211 } 3212 3213 result = Serialize_TPM2B_DIGEST(value.digest, buffer); 3214 if (result) { 3215 return result; 3216 } 3217 return result; 3218 } 3219 3220 TPM_RC Parse_TPMT_TK_AUTH( 3221 std::string* buffer, 3222 TPMT_TK_AUTH* value, 3223 std::string* value_bytes) { 3224 TPM_RC result = TPM_RC_SUCCESS; 3225 VLOG(3) << __func__; 3226 3227 result = Parse_TPMI_RH_HIERARCHY( 3228 buffer, 3229 &value->hierarchy, 3230 value_bytes); 3231 if (result) { 3232 return result; 3233 } 3234 3235 result = Parse_TPM2B_DIGEST( 3236 buffer, 3237 &value->digest, 3238 value_bytes); 3239 if (result) { 3240 return result; 3241 } 3242 return result; 3243 } 3244 3245 TPM_RC Serialize_TPMT_TK_HASHCHECK( 3246 const TPMT_TK_HASHCHECK& value, 3247 std::string* buffer) { 3248 TPM_RC result = TPM_RC_SUCCESS; 3249 VLOG(3) << __func__; 3250 3251 result = Serialize_TPM_ST(value.tag, buffer); 3252 if (result) { 3253 return result; 3254 } 3255 3256 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 3257 if (result) { 3258 return result; 3259 } 3260 3261 result = Serialize_TPM2B_DIGEST(value.digest, buffer); 3262 if (result) { 3263 return result; 3264 } 3265 return result; 3266 } 3267 3268 TPM_RC Parse_TPMT_TK_HASHCHECK( 3269 std::string* buffer, 3270 TPMT_TK_HASHCHECK* value, 3271 std::string* value_bytes) { 3272 TPM_RC result = TPM_RC_SUCCESS; 3273 VLOG(3) << __func__; 3274 3275 result = Parse_TPM_ST( 3276 buffer, 3277 &value->tag, 3278 value_bytes); 3279 if (result) { 3280 return result; 3281 } 3282 3283 result = Parse_TPMI_RH_HIERARCHY( 3284 buffer, 3285 &value->hierarchy, 3286 value_bytes); 3287 if (result) { 3288 return result; 3289 } 3290 3291 result = Parse_TPM2B_DIGEST( 3292 buffer, 3293 &value->digest, 3294 value_bytes); 3295 if (result) { 3296 return result; 3297 } 3298 return result; 3299 } 3300 3301 TPM_RC Serialize_TPMS_ALG_PROPERTY( 3302 const TPMS_ALG_PROPERTY& value, 3303 std::string* buffer) { 3304 TPM_RC result = TPM_RC_SUCCESS; 3305 VLOG(3) << __func__; 3306 3307 result = Serialize_TPM_ALG_ID(value.alg, buffer); 3308 if (result) { 3309 return result; 3310 } 3311 3312 result = Serialize_TPMA_ALGORITHM(value.alg_properties, buffer); 3313 if (result) { 3314 return result; 3315 } 3316 return result; 3317 } 3318 3319 TPM_RC Parse_TPMS_ALG_PROPERTY( 3320 std::string* buffer, 3321 TPMS_ALG_PROPERTY* value, 3322 std::string* value_bytes) { 3323 TPM_RC result = TPM_RC_SUCCESS; 3324 VLOG(3) << __func__; 3325 3326 result = Parse_TPM_ALG_ID( 3327 buffer, 3328 &value->alg, 3329 value_bytes); 3330 if (result) { 3331 return result; 3332 } 3333 3334 result = Parse_TPMA_ALGORITHM( 3335 buffer, 3336 &value->alg_properties, 3337 value_bytes); 3338 if (result) { 3339 return result; 3340 } 3341 return result; 3342 } 3343 3344 TPM_RC Serialize_TPMS_TAGGED_PROPERTY( 3345 const TPMS_TAGGED_PROPERTY& value, 3346 std::string* buffer) { 3347 TPM_RC result = TPM_RC_SUCCESS; 3348 VLOG(3) << __func__; 3349 3350 result = Serialize_TPM_PT(value.property, buffer); 3351 if (result) { 3352 return result; 3353 } 3354 3355 result = Serialize_UINT32(value.value, buffer); 3356 if (result) { 3357 return result; 3358 } 3359 return result; 3360 } 3361 3362 TPM_RC Parse_TPMS_TAGGED_PROPERTY( 3363 std::string* buffer, 3364 TPMS_TAGGED_PROPERTY* value, 3365 std::string* value_bytes) { 3366 TPM_RC result = TPM_RC_SUCCESS; 3367 VLOG(3) << __func__; 3368 3369 result = Parse_TPM_PT( 3370 buffer, 3371 &value->property, 3372 value_bytes); 3373 if (result) { 3374 return result; 3375 } 3376 3377 result = Parse_UINT32( 3378 buffer, 3379 &value->value, 3380 value_bytes); 3381 if (result) { 3382 return result; 3383 } 3384 return result; 3385 } 3386 3387 TPM_RC Serialize_TPMS_TAGGED_PCR_SELECT( 3388 const TPMS_TAGGED_PCR_SELECT& value, 3389 std::string* buffer) { 3390 TPM_RC result = TPM_RC_SUCCESS; 3391 VLOG(3) << __func__; 3392 3393 result = Serialize_TPM_PT(value.tag, buffer); 3394 if (result) { 3395 return result; 3396 } 3397 3398 result = Serialize_UINT8(value.sizeof_select, buffer); 3399 if (result) { 3400 return result; 3401 } 3402 3403 if (arraysize(value.pcr_select) < value.sizeof_select) { 3404 return TPM_RC_INSUFFICIENT; 3405 } 3406 for (uint32_t i = 0; i < value.sizeof_select; ++i) { 3407 result = Serialize_BYTE(value.pcr_select[i], buffer); 3408 if (result) { 3409 return result; 3410 } 3411 } 3412 return result; 3413 } 3414 3415 TPM_RC Parse_TPMS_TAGGED_PCR_SELECT( 3416 std::string* buffer, 3417 TPMS_TAGGED_PCR_SELECT* value, 3418 std::string* value_bytes) { 3419 TPM_RC result = TPM_RC_SUCCESS; 3420 VLOG(3) << __func__; 3421 3422 result = Parse_TPM_PT( 3423 buffer, 3424 &value->tag, 3425 value_bytes); 3426 if (result) { 3427 return result; 3428 } 3429 3430 result = Parse_UINT8( 3431 buffer, 3432 &value->sizeof_select, 3433 value_bytes); 3434 if (result) { 3435 return result; 3436 } 3437 3438 if (arraysize(value->pcr_select) < value->sizeof_select) { 3439 return TPM_RC_INSUFFICIENT; 3440 } 3441 for (uint32_t i = 0; i < value->sizeof_select; ++i) { 3442 result = Parse_BYTE( 3443 buffer, 3444 &value->pcr_select[i], 3445 value_bytes); 3446 if (result) { 3447 return result; 3448 } 3449 } 3450 return result; 3451 } 3452 3453 TPM_RC Serialize_TPML_CC( 3454 const TPML_CC& value, 3455 std::string* buffer) { 3456 TPM_RC result = TPM_RC_SUCCESS; 3457 VLOG(3) << __func__; 3458 3459 result = Serialize_UINT32(value.count, buffer); 3460 if (result) { 3461 return result; 3462 } 3463 3464 if (arraysize(value.command_codes) < value.count) { 3465 return TPM_RC_INSUFFICIENT; 3466 } 3467 for (uint32_t i = 0; i < value.count; ++i) { 3468 result = Serialize_TPM_CC(value.command_codes[i], buffer); 3469 if (result) { 3470 return result; 3471 } 3472 } 3473 return result; 3474 } 3475 3476 TPM_RC Parse_TPML_CC( 3477 std::string* buffer, 3478 TPML_CC* value, 3479 std::string* value_bytes) { 3480 TPM_RC result = TPM_RC_SUCCESS; 3481 VLOG(3) << __func__; 3482 3483 result = Parse_UINT32( 3484 buffer, 3485 &value->count, 3486 value_bytes); 3487 if (result) { 3488 return result; 3489 } 3490 3491 if (arraysize(value->command_codes) < value->count) { 3492 return TPM_RC_INSUFFICIENT; 3493 } 3494 for (uint32_t i = 0; i < value->count; ++i) { 3495 result = Parse_TPM_CC( 3496 buffer, 3497 &value->command_codes[i], 3498 value_bytes); 3499 if (result) { 3500 return result; 3501 } 3502 } 3503 return result; 3504 } 3505 3506 TPM_RC Serialize_TPML_CCA( 3507 const TPML_CCA& value, 3508 std::string* buffer) { 3509 TPM_RC result = TPM_RC_SUCCESS; 3510 VLOG(3) << __func__; 3511 3512 result = Serialize_UINT32(value.count, buffer); 3513 if (result) { 3514 return result; 3515 } 3516 3517 if (arraysize(value.command_attributes) < value.count) { 3518 return TPM_RC_INSUFFICIENT; 3519 } 3520 for (uint32_t i = 0; i < value.count; ++i) { 3521 result = Serialize_TPMA_CC(value.command_attributes[i], buffer); 3522 if (result) { 3523 return result; 3524 } 3525 } 3526 return result; 3527 } 3528 3529 TPM_RC Parse_TPML_CCA( 3530 std::string* buffer, 3531 TPML_CCA* value, 3532 std::string* value_bytes) { 3533 TPM_RC result = TPM_RC_SUCCESS; 3534 VLOG(3) << __func__; 3535 3536 result = Parse_UINT32( 3537 buffer, 3538 &value->count, 3539 value_bytes); 3540 if (result) { 3541 return result; 3542 } 3543 3544 if (arraysize(value->command_attributes) < value->count) { 3545 return TPM_RC_INSUFFICIENT; 3546 } 3547 for (uint32_t i = 0; i < value->count; ++i) { 3548 result = Parse_TPMA_CC( 3549 buffer, 3550 &value->command_attributes[i], 3551 value_bytes); 3552 if (result) { 3553 return result; 3554 } 3555 } 3556 return result; 3557 } 3558 3559 TPM_RC Serialize_TPML_ALG( 3560 const TPML_ALG& value, 3561 std::string* buffer) { 3562 TPM_RC result = TPM_RC_SUCCESS; 3563 VLOG(3) << __func__; 3564 3565 result = Serialize_UINT32(value.count, buffer); 3566 if (result) { 3567 return result; 3568 } 3569 3570 if (arraysize(value.algorithms) < value.count) { 3571 return TPM_RC_INSUFFICIENT; 3572 } 3573 for (uint32_t i = 0; i < value.count; ++i) { 3574 result = Serialize_TPM_ALG_ID(value.algorithms[i], buffer); 3575 if (result) { 3576 return result; 3577 } 3578 } 3579 return result; 3580 } 3581 3582 TPM_RC Parse_TPML_ALG( 3583 std::string* buffer, 3584 TPML_ALG* value, 3585 std::string* value_bytes) { 3586 TPM_RC result = TPM_RC_SUCCESS; 3587 VLOG(3) << __func__; 3588 3589 result = Parse_UINT32( 3590 buffer, 3591 &value->count, 3592 value_bytes); 3593 if (result) { 3594 return result; 3595 } 3596 3597 if (arraysize(value->algorithms) < value->count) { 3598 return TPM_RC_INSUFFICIENT; 3599 } 3600 for (uint32_t i = 0; i < value->count; ++i) { 3601 result = Parse_TPM_ALG_ID( 3602 buffer, 3603 &value->algorithms[i], 3604 value_bytes); 3605 if (result) { 3606 return result; 3607 } 3608 } 3609 return result; 3610 } 3611 3612 TPM_RC Serialize_TPML_HANDLE( 3613 const TPML_HANDLE& value, 3614 std::string* buffer) { 3615 TPM_RC result = TPM_RC_SUCCESS; 3616 VLOG(3) << __func__; 3617 3618 result = Serialize_UINT32(value.count, buffer); 3619 if (result) { 3620 return result; 3621 } 3622 3623 if (arraysize(value.handle) < value.count) { 3624 return TPM_RC_INSUFFICIENT; 3625 } 3626 for (uint32_t i = 0; i < value.count; ++i) { 3627 result = Serialize_TPM_HANDLE(value.handle[i], buffer); 3628 if (result) { 3629 return result; 3630 } 3631 } 3632 return result; 3633 } 3634 3635 TPM_RC Parse_TPML_HANDLE( 3636 std::string* buffer, 3637 TPML_HANDLE* value, 3638 std::string* value_bytes) { 3639 TPM_RC result = TPM_RC_SUCCESS; 3640 VLOG(3) << __func__; 3641 3642 result = Parse_UINT32( 3643 buffer, 3644 &value->count, 3645 value_bytes); 3646 if (result) { 3647 return result; 3648 } 3649 3650 if (arraysize(value->handle) < value->count) { 3651 return TPM_RC_INSUFFICIENT; 3652 } 3653 for (uint32_t i = 0; i < value->count; ++i) { 3654 result = Parse_TPM_HANDLE( 3655 buffer, 3656 &value->handle[i], 3657 value_bytes); 3658 if (result) { 3659 return result; 3660 } 3661 } 3662 return result; 3663 } 3664 3665 TPM_RC Serialize_TPML_DIGEST( 3666 const TPML_DIGEST& value, 3667 std::string* buffer) { 3668 TPM_RC result = TPM_RC_SUCCESS; 3669 VLOG(3) << __func__; 3670 3671 result = Serialize_UINT32(value.count, buffer); 3672 if (result) { 3673 return result; 3674 } 3675 3676 if (arraysize(value.digests) < value.count) { 3677 return TPM_RC_INSUFFICIENT; 3678 } 3679 for (uint32_t i = 0; i < value.count; ++i) { 3680 result = Serialize_TPM2B_DIGEST(value.digests[i], buffer); 3681 if (result) { 3682 return result; 3683 } 3684 } 3685 return result; 3686 } 3687 3688 TPM_RC Parse_TPML_DIGEST( 3689 std::string* buffer, 3690 TPML_DIGEST* value, 3691 std::string* value_bytes) { 3692 TPM_RC result = TPM_RC_SUCCESS; 3693 VLOG(3) << __func__; 3694 3695 result = Parse_UINT32( 3696 buffer, 3697 &value->count, 3698 value_bytes); 3699 if (result) { 3700 return result; 3701 } 3702 3703 if (arraysize(value->digests) < value->count) { 3704 return TPM_RC_INSUFFICIENT; 3705 } 3706 for (uint32_t i = 0; i < value->count; ++i) { 3707 result = Parse_TPM2B_DIGEST( 3708 buffer, 3709 &value->digests[i], 3710 value_bytes); 3711 if (result) { 3712 return result; 3713 } 3714 } 3715 return result; 3716 } 3717 3718 TPM_RC Serialize_TPML_DIGEST_VALUES( 3719 const TPML_DIGEST_VALUES& value, 3720 std::string* buffer) { 3721 TPM_RC result = TPM_RC_SUCCESS; 3722 VLOG(3) << __func__; 3723 3724 result = Serialize_UINT32(value.count, buffer); 3725 if (result) { 3726 return result; 3727 } 3728 3729 if (arraysize(value.digests) < value.count) { 3730 return TPM_RC_INSUFFICIENT; 3731 } 3732 for (uint32_t i = 0; i < value.count; ++i) { 3733 result = Serialize_TPMT_HA(value.digests[i], buffer); 3734 if (result) { 3735 return result; 3736 } 3737 } 3738 return result; 3739 } 3740 3741 TPM_RC Parse_TPML_DIGEST_VALUES( 3742 std::string* buffer, 3743 TPML_DIGEST_VALUES* value, 3744 std::string* value_bytes) { 3745 TPM_RC result = TPM_RC_SUCCESS; 3746 VLOG(3) << __func__; 3747 3748 result = Parse_UINT32( 3749 buffer, 3750 &value->count, 3751 value_bytes); 3752 if (result) { 3753 return result; 3754 } 3755 3756 if (arraysize(value->digests) < value->count) { 3757 return TPM_RC_INSUFFICIENT; 3758 } 3759 for (uint32_t i = 0; i < value->count; ++i) { 3760 result = Parse_TPMT_HA( 3761 buffer, 3762 &value->digests[i], 3763 value_bytes); 3764 if (result) { 3765 return result; 3766 } 3767 } 3768 return result; 3769 } 3770 3771 TPM_RC Serialize_TPM2B_DIGEST_VALUES( 3772 const TPM2B_DIGEST_VALUES& value, 3773 std::string* buffer) { 3774 TPM_RC result = TPM_RC_SUCCESS; 3775 VLOG(3) << __func__; 3776 3777 result = Serialize_UINT16(value.size, buffer); 3778 if (result) { 3779 return result; 3780 } 3781 3782 if (arraysize(value.buffer) < value.size) { 3783 return TPM_RC_INSUFFICIENT; 3784 } 3785 for (uint32_t i = 0; i < value.size; ++i) { 3786 result = Serialize_BYTE(value.buffer[i], buffer); 3787 if (result) { 3788 return result; 3789 } 3790 } 3791 return result; 3792 } 3793 3794 TPM_RC Parse_TPM2B_DIGEST_VALUES( 3795 std::string* buffer, 3796 TPM2B_DIGEST_VALUES* value, 3797 std::string* value_bytes) { 3798 TPM_RC result = TPM_RC_SUCCESS; 3799 VLOG(3) << __func__; 3800 3801 result = Parse_UINT16( 3802 buffer, 3803 &value->size, 3804 value_bytes); 3805 if (result) { 3806 return result; 3807 } 3808 3809 if (arraysize(value->buffer) < value->size) { 3810 return TPM_RC_INSUFFICIENT; 3811 } 3812 for (uint32_t i = 0; i < value->size; ++i) { 3813 result = Parse_BYTE( 3814 buffer, 3815 &value->buffer[i], 3816 value_bytes); 3817 if (result) { 3818 return result; 3819 } 3820 } 3821 return result; 3822 } 3823 3824 TPM2B_DIGEST_VALUES Make_TPM2B_DIGEST_VALUES( 3825 const std::string& bytes) { 3826 TPM2B_DIGEST_VALUES tpm2b; 3827 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 3828 memset(&tpm2b, 0, sizeof(TPM2B_DIGEST_VALUES)); 3829 tpm2b.size = bytes.size(); 3830 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 3831 return tpm2b; 3832 } 3833 3834 std::string StringFrom_TPM2B_DIGEST_VALUES( 3835 const TPM2B_DIGEST_VALUES& tpm2b) { 3836 const char* char_buffer = reinterpret_cast<const char*>( 3837 tpm2b.buffer); 3838 return std::string(char_buffer, tpm2b.size); 3839 } 3840 3841 TPM_RC Serialize_TPML_PCR_SELECTION( 3842 const TPML_PCR_SELECTION& value, 3843 std::string* buffer) { 3844 TPM_RC result = TPM_RC_SUCCESS; 3845 VLOG(3) << __func__; 3846 3847 result = Serialize_UINT32(value.count, buffer); 3848 if (result) { 3849 return result; 3850 } 3851 3852 if (arraysize(value.pcr_selections) < value.count) { 3853 return TPM_RC_INSUFFICIENT; 3854 } 3855 for (uint32_t i = 0; i < value.count; ++i) { 3856 result = Serialize_TPMS_PCR_SELECTION(value.pcr_selections[i], buffer); 3857 if (result) { 3858 return result; 3859 } 3860 } 3861 return result; 3862 } 3863 3864 TPM_RC Parse_TPML_PCR_SELECTION( 3865 std::string* buffer, 3866 TPML_PCR_SELECTION* value, 3867 std::string* value_bytes) { 3868 TPM_RC result = TPM_RC_SUCCESS; 3869 VLOG(3) << __func__; 3870 3871 result = Parse_UINT32( 3872 buffer, 3873 &value->count, 3874 value_bytes); 3875 if (result) { 3876 return result; 3877 } 3878 3879 if (arraysize(value->pcr_selections) < value->count) { 3880 return TPM_RC_INSUFFICIENT; 3881 } 3882 for (uint32_t i = 0; i < value->count; ++i) { 3883 result = Parse_TPMS_PCR_SELECTION( 3884 buffer, 3885 &value->pcr_selections[i], 3886 value_bytes); 3887 if (result) { 3888 return result; 3889 } 3890 } 3891 return result; 3892 } 3893 3894 TPM_RC Serialize_TPML_ALG_PROPERTY( 3895 const TPML_ALG_PROPERTY& value, 3896 std::string* buffer) { 3897 TPM_RC result = TPM_RC_SUCCESS; 3898 VLOG(3) << __func__; 3899 3900 result = Serialize_UINT32(value.count, buffer); 3901 if (result) { 3902 return result; 3903 } 3904 3905 if (arraysize(value.alg_properties) < value.count) { 3906 return TPM_RC_INSUFFICIENT; 3907 } 3908 for (uint32_t i = 0; i < value.count; ++i) { 3909 result = Serialize_TPMS_ALG_PROPERTY(value.alg_properties[i], buffer); 3910 if (result) { 3911 return result; 3912 } 3913 } 3914 return result; 3915 } 3916 3917 TPM_RC Parse_TPML_ALG_PROPERTY( 3918 std::string* buffer, 3919 TPML_ALG_PROPERTY* value, 3920 std::string* value_bytes) { 3921 TPM_RC result = TPM_RC_SUCCESS; 3922 VLOG(3) << __func__; 3923 3924 result = Parse_UINT32( 3925 buffer, 3926 &value->count, 3927 value_bytes); 3928 if (result) { 3929 return result; 3930 } 3931 3932 if (arraysize(value->alg_properties) < value->count) { 3933 return TPM_RC_INSUFFICIENT; 3934 } 3935 for (uint32_t i = 0; i < value->count; ++i) { 3936 result = Parse_TPMS_ALG_PROPERTY( 3937 buffer, 3938 &value->alg_properties[i], 3939 value_bytes); 3940 if (result) { 3941 return result; 3942 } 3943 } 3944 return result; 3945 } 3946 3947 TPM_RC Serialize_TPML_TAGGED_TPM_PROPERTY( 3948 const TPML_TAGGED_TPM_PROPERTY& value, 3949 std::string* buffer) { 3950 TPM_RC result = TPM_RC_SUCCESS; 3951 VLOG(3) << __func__; 3952 3953 result = Serialize_UINT32(value.count, buffer); 3954 if (result) { 3955 return result; 3956 } 3957 3958 if (arraysize(value.tpm_property) < value.count) { 3959 return TPM_RC_INSUFFICIENT; 3960 } 3961 for (uint32_t i = 0; i < value.count; ++i) { 3962 result = Serialize_TPMS_TAGGED_PROPERTY(value.tpm_property[i], buffer); 3963 if (result) { 3964 return result; 3965 } 3966 } 3967 return result; 3968 } 3969 3970 TPM_RC Parse_TPML_TAGGED_TPM_PROPERTY( 3971 std::string* buffer, 3972 TPML_TAGGED_TPM_PROPERTY* value, 3973 std::string* value_bytes) { 3974 TPM_RC result = TPM_RC_SUCCESS; 3975 VLOG(3) << __func__; 3976 3977 result = Parse_UINT32( 3978 buffer, 3979 &value->count, 3980 value_bytes); 3981 if (result) { 3982 return result; 3983 } 3984 3985 if (arraysize(value->tpm_property) < value->count) { 3986 return TPM_RC_INSUFFICIENT; 3987 } 3988 for (uint32_t i = 0; i < value->count; ++i) { 3989 result = Parse_TPMS_TAGGED_PROPERTY( 3990 buffer, 3991 &value->tpm_property[i], 3992 value_bytes); 3993 if (result) { 3994 return result; 3995 } 3996 } 3997 return result; 3998 } 3999 4000 TPM_RC Serialize_TPML_TAGGED_PCR_PROPERTY( 4001 const TPML_TAGGED_PCR_PROPERTY& value, 4002 std::string* buffer) { 4003 TPM_RC result = TPM_RC_SUCCESS; 4004 VLOG(3) << __func__; 4005 4006 result = Serialize_UINT32(value.count, buffer); 4007 if (result) { 4008 return result; 4009 } 4010 4011 if (arraysize(value.pcr_property) < value.count) { 4012 return TPM_RC_INSUFFICIENT; 4013 } 4014 for (uint32_t i = 0; i < value.count; ++i) { 4015 result = Serialize_TPMS_TAGGED_PCR_SELECT(value.pcr_property[i], buffer); 4016 if (result) { 4017 return result; 4018 } 4019 } 4020 return result; 4021 } 4022 4023 TPM_RC Parse_TPML_TAGGED_PCR_PROPERTY( 4024 std::string* buffer, 4025 TPML_TAGGED_PCR_PROPERTY* value, 4026 std::string* value_bytes) { 4027 TPM_RC result = TPM_RC_SUCCESS; 4028 VLOG(3) << __func__; 4029 4030 result = Parse_UINT32( 4031 buffer, 4032 &value->count, 4033 value_bytes); 4034 if (result) { 4035 return result; 4036 } 4037 4038 if (arraysize(value->pcr_property) < value->count) { 4039 return TPM_RC_INSUFFICIENT; 4040 } 4041 for (uint32_t i = 0; i < value->count; ++i) { 4042 result = Parse_TPMS_TAGGED_PCR_SELECT( 4043 buffer, 4044 &value->pcr_property[i], 4045 value_bytes); 4046 if (result) { 4047 return result; 4048 } 4049 } 4050 return result; 4051 } 4052 4053 TPM_RC Serialize_TPML_ECC_CURVE( 4054 const TPML_ECC_CURVE& value, 4055 std::string* buffer) { 4056 TPM_RC result = TPM_RC_SUCCESS; 4057 VLOG(3) << __func__; 4058 4059 result = Serialize_UINT32(value.count, buffer); 4060 if (result) { 4061 return result; 4062 } 4063 4064 if (arraysize(value.ecc_curves) < value.count) { 4065 return TPM_RC_INSUFFICIENT; 4066 } 4067 for (uint32_t i = 0; i < value.count; ++i) { 4068 result = Serialize_TPM_ECC_CURVE(value.ecc_curves[i], buffer); 4069 if (result) { 4070 return result; 4071 } 4072 } 4073 return result; 4074 } 4075 4076 TPM_RC Parse_TPML_ECC_CURVE( 4077 std::string* buffer, 4078 TPML_ECC_CURVE* value, 4079 std::string* value_bytes) { 4080 TPM_RC result = TPM_RC_SUCCESS; 4081 VLOG(3) << __func__; 4082 4083 result = Parse_UINT32( 4084 buffer, 4085 &value->count, 4086 value_bytes); 4087 if (result) { 4088 return result; 4089 } 4090 4091 if (arraysize(value->ecc_curves) < value->count) { 4092 return TPM_RC_INSUFFICIENT; 4093 } 4094 for (uint32_t i = 0; i < value->count; ++i) { 4095 result = Parse_TPM_ECC_CURVE( 4096 buffer, 4097 &value->ecc_curves[i], 4098 value_bytes); 4099 if (result) { 4100 return result; 4101 } 4102 } 4103 return result; 4104 } 4105 4106 TPM_RC Serialize_TPMU_CAPABILITIES( 4107 const TPMU_CAPABILITIES& value, 4108 TPM_CAP selector, 4109 std::string* buffer) { 4110 TPM_RC result = TPM_RC_SUCCESS; 4111 VLOG(3) << __func__; 4112 4113 if (selector == TPM_CAP_PCRS) { 4114 result = Serialize_TPML_PCR_SELECTION(value.assigned_pcr, buffer); 4115 if (result) { 4116 return result; 4117 } 4118 } 4119 4120 if (selector == TPM_CAP_TPM_PROPERTIES) { 4121 result = Serialize_TPML_TAGGED_TPM_PROPERTY(value.tpm_properties, buffer); 4122 if (result) { 4123 return result; 4124 } 4125 } 4126 4127 if (selector == TPM_CAP_PP_COMMANDS) { 4128 result = Serialize_TPML_CC(value.pp_commands, buffer); 4129 if (result) { 4130 return result; 4131 } 4132 } 4133 4134 if (selector == TPM_CAP_AUDIT_COMMANDS) { 4135 result = Serialize_TPML_CC(value.audit_commands, buffer); 4136 if (result) { 4137 return result; 4138 } 4139 } 4140 4141 if (selector == TPM_CAP_COMMANDS) { 4142 result = Serialize_TPML_CCA(value.command, buffer); 4143 if (result) { 4144 return result; 4145 } 4146 } 4147 4148 if (selector == TPM_CAP_ECC_CURVES) { 4149 result = Serialize_TPML_ECC_CURVE(value.ecc_curves, buffer); 4150 if (result) { 4151 return result; 4152 } 4153 } 4154 4155 if (selector == TPM_CAP_PCR_PROPERTIES) { 4156 result = Serialize_TPML_TAGGED_PCR_PROPERTY(value.pcr_properties, buffer); 4157 if (result) { 4158 return result; 4159 } 4160 } 4161 4162 if (selector == TPM_CAP_HANDLES) { 4163 result = Serialize_TPML_HANDLE(value.handles, buffer); 4164 if (result) { 4165 return result; 4166 } 4167 } 4168 4169 if (selector == TPM_CAP_ALGS) { 4170 result = Serialize_TPML_ALG_PROPERTY(value.algorithms, buffer); 4171 if (result) { 4172 return result; 4173 } 4174 } 4175 return result; 4176 } 4177 4178 TPM_RC Parse_TPMU_CAPABILITIES( 4179 std::string* buffer, 4180 TPM_CAP selector, 4181 TPMU_CAPABILITIES* value, 4182 std::string* value_bytes) { 4183 TPM_RC result = TPM_RC_SUCCESS; 4184 VLOG(3) << __func__; 4185 4186 if (selector == TPM_CAP_PCRS) { 4187 result = Parse_TPML_PCR_SELECTION( 4188 buffer, 4189 &value->assigned_pcr, 4190 value_bytes); 4191 if (result) { 4192 return result; 4193 } 4194 } 4195 4196 if (selector == TPM_CAP_TPM_PROPERTIES) { 4197 result = Parse_TPML_TAGGED_TPM_PROPERTY( 4198 buffer, 4199 &value->tpm_properties, 4200 value_bytes); 4201 if (result) { 4202 return result; 4203 } 4204 } 4205 4206 if (selector == TPM_CAP_PP_COMMANDS) { 4207 result = Parse_TPML_CC( 4208 buffer, 4209 &value->pp_commands, 4210 value_bytes); 4211 if (result) { 4212 return result; 4213 } 4214 } 4215 4216 if (selector == TPM_CAP_AUDIT_COMMANDS) { 4217 result = Parse_TPML_CC( 4218 buffer, 4219 &value->audit_commands, 4220 value_bytes); 4221 if (result) { 4222 return result; 4223 } 4224 } 4225 4226 if (selector == TPM_CAP_COMMANDS) { 4227 result = Parse_TPML_CCA( 4228 buffer, 4229 &value->command, 4230 value_bytes); 4231 if (result) { 4232 return result; 4233 } 4234 } 4235 4236 if (selector == TPM_CAP_ECC_CURVES) { 4237 result = Parse_TPML_ECC_CURVE( 4238 buffer, 4239 &value->ecc_curves, 4240 value_bytes); 4241 if (result) { 4242 return result; 4243 } 4244 } 4245 4246 if (selector == TPM_CAP_PCR_PROPERTIES) { 4247 result = Parse_TPML_TAGGED_PCR_PROPERTY( 4248 buffer, 4249 &value->pcr_properties, 4250 value_bytes); 4251 if (result) { 4252 return result; 4253 } 4254 } 4255 4256 if (selector == TPM_CAP_HANDLES) { 4257 result = Parse_TPML_HANDLE( 4258 buffer, 4259 &value->handles, 4260 value_bytes); 4261 if (result) { 4262 return result; 4263 } 4264 } 4265 4266 if (selector == TPM_CAP_ALGS) { 4267 result = Parse_TPML_ALG_PROPERTY( 4268 buffer, 4269 &value->algorithms, 4270 value_bytes); 4271 if (result) { 4272 return result; 4273 } 4274 } 4275 return result; 4276 } 4277 4278 TPM_RC Serialize_TPMS_CAPABILITY_DATA( 4279 const TPMS_CAPABILITY_DATA& value, 4280 std::string* buffer) { 4281 TPM_RC result = TPM_RC_SUCCESS; 4282 VLOG(3) << __func__; 4283 4284 result = Serialize_TPM_CAP(value.capability, buffer); 4285 if (result) { 4286 return result; 4287 } 4288 4289 result = Serialize_TPMU_CAPABILITIES( 4290 value.data, 4291 value.capability, 4292 buffer); 4293 if (result) { 4294 return result; 4295 } 4296 return result; 4297 } 4298 4299 TPM_RC Parse_TPMS_CAPABILITY_DATA( 4300 std::string* buffer, 4301 TPMS_CAPABILITY_DATA* value, 4302 std::string* value_bytes) { 4303 TPM_RC result = TPM_RC_SUCCESS; 4304 VLOG(3) << __func__; 4305 4306 result = Parse_TPM_CAP( 4307 buffer, 4308 &value->capability, 4309 value_bytes); 4310 if (result) { 4311 return result; 4312 } 4313 4314 result = Parse_TPMU_CAPABILITIES( 4315 buffer, 4316 value->capability, 4317 &value->data, 4318 value_bytes); 4319 if (result) { 4320 return result; 4321 } 4322 return result; 4323 } 4324 4325 TPM_RC Serialize_TPMS_CLOCK_INFO( 4326 const TPMS_CLOCK_INFO& value, 4327 std::string* buffer) { 4328 TPM_RC result = TPM_RC_SUCCESS; 4329 VLOG(3) << __func__; 4330 4331 result = Serialize_UINT64(value.clock, buffer); 4332 if (result) { 4333 return result; 4334 } 4335 4336 result = Serialize_UINT32(value.reset_count, buffer); 4337 if (result) { 4338 return result; 4339 } 4340 4341 result = Serialize_UINT32(value.restart_count, buffer); 4342 if (result) { 4343 return result; 4344 } 4345 4346 result = Serialize_TPMI_YES_NO(value.safe, buffer); 4347 if (result) { 4348 return result; 4349 } 4350 return result; 4351 } 4352 4353 TPM_RC Parse_TPMS_CLOCK_INFO( 4354 std::string* buffer, 4355 TPMS_CLOCK_INFO* value, 4356 std::string* value_bytes) { 4357 TPM_RC result = TPM_RC_SUCCESS; 4358 VLOG(3) << __func__; 4359 4360 result = Parse_UINT64( 4361 buffer, 4362 &value->clock, 4363 value_bytes); 4364 if (result) { 4365 return result; 4366 } 4367 4368 result = Parse_UINT32( 4369 buffer, 4370 &value->reset_count, 4371 value_bytes); 4372 if (result) { 4373 return result; 4374 } 4375 4376 result = Parse_UINT32( 4377 buffer, 4378 &value->restart_count, 4379 value_bytes); 4380 if (result) { 4381 return result; 4382 } 4383 4384 result = Parse_TPMI_YES_NO( 4385 buffer, 4386 &value->safe, 4387 value_bytes); 4388 if (result) { 4389 return result; 4390 } 4391 return result; 4392 } 4393 4394 TPM_RC Serialize_TPMS_TIME_INFO( 4395 const TPMS_TIME_INFO& value, 4396 std::string* buffer) { 4397 TPM_RC result = TPM_RC_SUCCESS; 4398 VLOG(3) << __func__; 4399 4400 result = Serialize_UINT64(value.time, buffer); 4401 if (result) { 4402 return result; 4403 } 4404 4405 result = Serialize_TPMS_CLOCK_INFO(value.clock_info, buffer); 4406 if (result) { 4407 return result; 4408 } 4409 return result; 4410 } 4411 4412 TPM_RC Parse_TPMS_TIME_INFO( 4413 std::string* buffer, 4414 TPMS_TIME_INFO* value, 4415 std::string* value_bytes) { 4416 TPM_RC result = TPM_RC_SUCCESS; 4417 VLOG(3) << __func__; 4418 4419 result = Parse_UINT64( 4420 buffer, 4421 &value->time, 4422 value_bytes); 4423 if (result) { 4424 return result; 4425 } 4426 4427 result = Parse_TPMS_CLOCK_INFO( 4428 buffer, 4429 &value->clock_info, 4430 value_bytes); 4431 if (result) { 4432 return result; 4433 } 4434 return result; 4435 } 4436 4437 TPM_RC Serialize_TPMS_TIME_ATTEST_INFO( 4438 const TPMS_TIME_ATTEST_INFO& value, 4439 std::string* buffer) { 4440 TPM_RC result = TPM_RC_SUCCESS; 4441 VLOG(3) << __func__; 4442 4443 result = Serialize_TPMS_TIME_INFO(value.time, buffer); 4444 if (result) { 4445 return result; 4446 } 4447 4448 result = Serialize_UINT64(value.firmware_version, buffer); 4449 if (result) { 4450 return result; 4451 } 4452 return result; 4453 } 4454 4455 TPM_RC Parse_TPMS_TIME_ATTEST_INFO( 4456 std::string* buffer, 4457 TPMS_TIME_ATTEST_INFO* value, 4458 std::string* value_bytes) { 4459 TPM_RC result = TPM_RC_SUCCESS; 4460 VLOG(3) << __func__; 4461 4462 result = Parse_TPMS_TIME_INFO( 4463 buffer, 4464 &value->time, 4465 value_bytes); 4466 if (result) { 4467 return result; 4468 } 4469 4470 result = Parse_UINT64( 4471 buffer, 4472 &value->firmware_version, 4473 value_bytes); 4474 if (result) { 4475 return result; 4476 } 4477 return result; 4478 } 4479 4480 TPM_RC Serialize_TPMS_CERTIFY_INFO( 4481 const TPMS_CERTIFY_INFO& value, 4482 std::string* buffer) { 4483 TPM_RC result = TPM_RC_SUCCESS; 4484 VLOG(3) << __func__; 4485 4486 result = Serialize_TPM2B_NAME(value.name, buffer); 4487 if (result) { 4488 return result; 4489 } 4490 4491 result = Serialize_TPM2B_NAME(value.qualified_name, buffer); 4492 if (result) { 4493 return result; 4494 } 4495 return result; 4496 } 4497 4498 TPM_RC Parse_TPMS_CERTIFY_INFO( 4499 std::string* buffer, 4500 TPMS_CERTIFY_INFO* value, 4501 std::string* value_bytes) { 4502 TPM_RC result = TPM_RC_SUCCESS; 4503 VLOG(3) << __func__; 4504 4505 result = Parse_TPM2B_NAME( 4506 buffer, 4507 &value->name, 4508 value_bytes); 4509 if (result) { 4510 return result; 4511 } 4512 4513 result = Parse_TPM2B_NAME( 4514 buffer, 4515 &value->qualified_name, 4516 value_bytes); 4517 if (result) { 4518 return result; 4519 } 4520 return result; 4521 } 4522 4523 TPM_RC Serialize_TPMS_QUOTE_INFO( 4524 const TPMS_QUOTE_INFO& value, 4525 std::string* buffer) { 4526 TPM_RC result = TPM_RC_SUCCESS; 4527 VLOG(3) << __func__; 4528 4529 result = Serialize_TPML_PCR_SELECTION(value.pcr_select, buffer); 4530 if (result) { 4531 return result; 4532 } 4533 4534 result = Serialize_TPM2B_DIGEST(value.pcr_digest, buffer); 4535 if (result) { 4536 return result; 4537 } 4538 return result; 4539 } 4540 4541 TPM_RC Parse_TPMS_QUOTE_INFO( 4542 std::string* buffer, 4543 TPMS_QUOTE_INFO* value, 4544 std::string* value_bytes) { 4545 TPM_RC result = TPM_RC_SUCCESS; 4546 VLOG(3) << __func__; 4547 4548 result = Parse_TPML_PCR_SELECTION( 4549 buffer, 4550 &value->pcr_select, 4551 value_bytes); 4552 if (result) { 4553 return result; 4554 } 4555 4556 result = Parse_TPM2B_DIGEST( 4557 buffer, 4558 &value->pcr_digest, 4559 value_bytes); 4560 if (result) { 4561 return result; 4562 } 4563 return result; 4564 } 4565 4566 TPM_RC Serialize_TPMS_COMMAND_AUDIT_INFO( 4567 const TPMS_COMMAND_AUDIT_INFO& value, 4568 std::string* buffer) { 4569 TPM_RC result = TPM_RC_SUCCESS; 4570 VLOG(3) << __func__; 4571 4572 result = Serialize_UINT64(value.audit_counter, buffer); 4573 if (result) { 4574 return result; 4575 } 4576 4577 result = Serialize_TPM_ALG_ID(value.digest_alg, buffer); 4578 if (result) { 4579 return result; 4580 } 4581 4582 result = Serialize_TPM2B_DIGEST(value.audit_digest, buffer); 4583 if (result) { 4584 return result; 4585 } 4586 4587 result = Serialize_TPM2B_DIGEST(value.command_digest, buffer); 4588 if (result) { 4589 return result; 4590 } 4591 return result; 4592 } 4593 4594 TPM_RC Parse_TPMS_COMMAND_AUDIT_INFO( 4595 std::string* buffer, 4596 TPMS_COMMAND_AUDIT_INFO* value, 4597 std::string* value_bytes) { 4598 TPM_RC result = TPM_RC_SUCCESS; 4599 VLOG(3) << __func__; 4600 4601 result = Parse_UINT64( 4602 buffer, 4603 &value->audit_counter, 4604 value_bytes); 4605 if (result) { 4606 return result; 4607 } 4608 4609 result = Parse_TPM_ALG_ID( 4610 buffer, 4611 &value->digest_alg, 4612 value_bytes); 4613 if (result) { 4614 return result; 4615 } 4616 4617 result = Parse_TPM2B_DIGEST( 4618 buffer, 4619 &value->audit_digest, 4620 value_bytes); 4621 if (result) { 4622 return result; 4623 } 4624 4625 result = Parse_TPM2B_DIGEST( 4626 buffer, 4627 &value->command_digest, 4628 value_bytes); 4629 if (result) { 4630 return result; 4631 } 4632 return result; 4633 } 4634 4635 TPM_RC Serialize_TPMS_SESSION_AUDIT_INFO( 4636 const TPMS_SESSION_AUDIT_INFO& value, 4637 std::string* buffer) { 4638 TPM_RC result = TPM_RC_SUCCESS; 4639 VLOG(3) << __func__; 4640 4641 result = Serialize_TPMI_YES_NO(value.exclusive_session, buffer); 4642 if (result) { 4643 return result; 4644 } 4645 4646 result = Serialize_TPM2B_DIGEST(value.session_digest, buffer); 4647 if (result) { 4648 return result; 4649 } 4650 return result; 4651 } 4652 4653 TPM_RC Parse_TPMS_SESSION_AUDIT_INFO( 4654 std::string* buffer, 4655 TPMS_SESSION_AUDIT_INFO* value, 4656 std::string* value_bytes) { 4657 TPM_RC result = TPM_RC_SUCCESS; 4658 VLOG(3) << __func__; 4659 4660 result = Parse_TPMI_YES_NO( 4661 buffer, 4662 &value->exclusive_session, 4663 value_bytes); 4664 if (result) { 4665 return result; 4666 } 4667 4668 result = Parse_TPM2B_DIGEST( 4669 buffer, 4670 &value->session_digest, 4671 value_bytes); 4672 if (result) { 4673 return result; 4674 } 4675 return result; 4676 } 4677 4678 TPM_RC Serialize_TPMS_CREATION_INFO( 4679 const TPMS_CREATION_INFO& value, 4680 std::string* buffer) { 4681 TPM_RC result = TPM_RC_SUCCESS; 4682 VLOG(3) << __func__; 4683 4684 result = Serialize_TPM2B_NAME(value.object_name, buffer); 4685 if (result) { 4686 return result; 4687 } 4688 4689 result = Serialize_TPM2B_DIGEST(value.creation_hash, buffer); 4690 if (result) { 4691 return result; 4692 } 4693 return result; 4694 } 4695 4696 TPM_RC Parse_TPMS_CREATION_INFO( 4697 std::string* buffer, 4698 TPMS_CREATION_INFO* value, 4699 std::string* value_bytes) { 4700 TPM_RC result = TPM_RC_SUCCESS; 4701 VLOG(3) << __func__; 4702 4703 result = Parse_TPM2B_NAME( 4704 buffer, 4705 &value->object_name, 4706 value_bytes); 4707 if (result) { 4708 return result; 4709 } 4710 4711 result = Parse_TPM2B_DIGEST( 4712 buffer, 4713 &value->creation_hash, 4714 value_bytes); 4715 if (result) { 4716 return result; 4717 } 4718 return result; 4719 } 4720 4721 TPM_RC Serialize_TPMS_NV_CERTIFY_INFO( 4722 const TPMS_NV_CERTIFY_INFO& value, 4723 std::string* buffer) { 4724 TPM_RC result = TPM_RC_SUCCESS; 4725 VLOG(3) << __func__; 4726 4727 result = Serialize_TPM2B_NAME(value.index_name, buffer); 4728 if (result) { 4729 return result; 4730 } 4731 4732 result = Serialize_UINT16(value.offset, buffer); 4733 if (result) { 4734 return result; 4735 } 4736 4737 result = Serialize_TPM2B_MAX_NV_BUFFER(value.nv_contents, buffer); 4738 if (result) { 4739 return result; 4740 } 4741 return result; 4742 } 4743 4744 TPM_RC Parse_TPMS_NV_CERTIFY_INFO( 4745 std::string* buffer, 4746 TPMS_NV_CERTIFY_INFO* value, 4747 std::string* value_bytes) { 4748 TPM_RC result = TPM_RC_SUCCESS; 4749 VLOG(3) << __func__; 4750 4751 result = Parse_TPM2B_NAME( 4752 buffer, 4753 &value->index_name, 4754 value_bytes); 4755 if (result) { 4756 return result; 4757 } 4758 4759 result = Parse_UINT16( 4760 buffer, 4761 &value->offset, 4762 value_bytes); 4763 if (result) { 4764 return result; 4765 } 4766 4767 result = Parse_TPM2B_MAX_NV_BUFFER( 4768 buffer, 4769 &value->nv_contents, 4770 value_bytes); 4771 if (result) { 4772 return result; 4773 } 4774 return result; 4775 } 4776 4777 TPM_RC Serialize_TPMU_ATTEST( 4778 const TPMU_ATTEST& value, 4779 TPMI_ST_ATTEST selector, 4780 std::string* buffer) { 4781 TPM_RC result = TPM_RC_SUCCESS; 4782 VLOG(3) << __func__; 4783 4784 if (selector == TPM_ST_ATTEST_SESSION_AUDIT) { 4785 result = Serialize_TPMS_SESSION_AUDIT_INFO(value.session_audit, buffer); 4786 if (result) { 4787 return result; 4788 } 4789 } 4790 4791 if (selector == TPM_ST_ATTEST_QUOTE) { 4792 result = Serialize_TPMS_QUOTE_INFO(value.quote, buffer); 4793 if (result) { 4794 return result; 4795 } 4796 } 4797 4798 if (selector == TPM_ST_ATTEST_COMMAND_AUDIT) { 4799 result = Serialize_TPMS_COMMAND_AUDIT_INFO(value.command_audit, buffer); 4800 if (result) { 4801 return result; 4802 } 4803 } 4804 4805 if (selector == TPM_ST_ATTEST_CERTIFY) { 4806 result = Serialize_TPMS_CERTIFY_INFO(value.certify, buffer); 4807 if (result) { 4808 return result; 4809 } 4810 } 4811 4812 if (selector == TPM_ST_ATTEST_NV) { 4813 result = Serialize_TPMS_NV_CERTIFY_INFO(value.nv, buffer); 4814 if (result) { 4815 return result; 4816 } 4817 } 4818 4819 if (selector == TPM_ST_ATTEST_TIME) { 4820 result = Serialize_TPMS_TIME_ATTEST_INFO(value.time, buffer); 4821 if (result) { 4822 return result; 4823 } 4824 } 4825 4826 if (selector == TPM_ST_ATTEST_CREATION) { 4827 result = Serialize_TPMS_CREATION_INFO(value.creation, buffer); 4828 if (result) { 4829 return result; 4830 } 4831 } 4832 return result; 4833 } 4834 4835 TPM_RC Parse_TPMU_ATTEST( 4836 std::string* buffer, 4837 TPMI_ST_ATTEST selector, 4838 TPMU_ATTEST* value, 4839 std::string* value_bytes) { 4840 TPM_RC result = TPM_RC_SUCCESS; 4841 VLOG(3) << __func__; 4842 4843 if (selector == TPM_ST_ATTEST_SESSION_AUDIT) { 4844 result = Parse_TPMS_SESSION_AUDIT_INFO( 4845 buffer, 4846 &value->session_audit, 4847 value_bytes); 4848 if (result) { 4849 return result; 4850 } 4851 } 4852 4853 if (selector == TPM_ST_ATTEST_QUOTE) { 4854 result = Parse_TPMS_QUOTE_INFO( 4855 buffer, 4856 &value->quote, 4857 value_bytes); 4858 if (result) { 4859 return result; 4860 } 4861 } 4862 4863 if (selector == TPM_ST_ATTEST_COMMAND_AUDIT) { 4864 result = Parse_TPMS_COMMAND_AUDIT_INFO( 4865 buffer, 4866 &value->command_audit, 4867 value_bytes); 4868 if (result) { 4869 return result; 4870 } 4871 } 4872 4873 if (selector == TPM_ST_ATTEST_CERTIFY) { 4874 result = Parse_TPMS_CERTIFY_INFO( 4875 buffer, 4876 &value->certify, 4877 value_bytes); 4878 if (result) { 4879 return result; 4880 } 4881 } 4882 4883 if (selector == TPM_ST_ATTEST_NV) { 4884 result = Parse_TPMS_NV_CERTIFY_INFO( 4885 buffer, 4886 &value->nv, 4887 value_bytes); 4888 if (result) { 4889 return result; 4890 } 4891 } 4892 4893 if (selector == TPM_ST_ATTEST_TIME) { 4894 result = Parse_TPMS_TIME_ATTEST_INFO( 4895 buffer, 4896 &value->time, 4897 value_bytes); 4898 if (result) { 4899 return result; 4900 } 4901 } 4902 4903 if (selector == TPM_ST_ATTEST_CREATION) { 4904 result = Parse_TPMS_CREATION_INFO( 4905 buffer, 4906 &value->creation, 4907 value_bytes); 4908 if (result) { 4909 return result; 4910 } 4911 } 4912 return result; 4913 } 4914 4915 TPM_RC Serialize_TPMS_ATTEST( 4916 const TPMS_ATTEST& value, 4917 std::string* buffer) { 4918 TPM_RC result = TPM_RC_SUCCESS; 4919 VLOG(3) << __func__; 4920 4921 result = Serialize_TPM_GENERATED(value.magic, buffer); 4922 if (result) { 4923 return result; 4924 } 4925 4926 result = Serialize_TPMI_ST_ATTEST(value.type, buffer); 4927 if (result) { 4928 return result; 4929 } 4930 4931 result = Serialize_TPM2B_NAME(value.qualified_signer, buffer); 4932 if (result) { 4933 return result; 4934 } 4935 4936 result = Serialize_TPM2B_DATA(value.extra_data, buffer); 4937 if (result) { 4938 return result; 4939 } 4940 4941 result = Serialize_TPMS_CLOCK_INFO(value.clock_info, buffer); 4942 if (result) { 4943 return result; 4944 } 4945 4946 result = Serialize_UINT64(value.firmware_version, buffer); 4947 if (result) { 4948 return result; 4949 } 4950 4951 result = Serialize_TPMU_ATTEST( 4952 value.attested, 4953 value.type, 4954 buffer); 4955 if (result) { 4956 return result; 4957 } 4958 return result; 4959 } 4960 4961 TPM_RC Parse_TPMS_ATTEST( 4962 std::string* buffer, 4963 TPMS_ATTEST* value, 4964 std::string* value_bytes) { 4965 TPM_RC result = TPM_RC_SUCCESS; 4966 VLOG(3) << __func__; 4967 4968 result = Parse_TPM_GENERATED( 4969 buffer, 4970 &value->magic, 4971 value_bytes); 4972 if (result) { 4973 return result; 4974 } 4975 4976 result = Parse_TPMI_ST_ATTEST( 4977 buffer, 4978 &value->type, 4979 value_bytes); 4980 if (result) { 4981 return result; 4982 } 4983 4984 result = Parse_TPM2B_NAME( 4985 buffer, 4986 &value->qualified_signer, 4987 value_bytes); 4988 if (result) { 4989 return result; 4990 } 4991 4992 result = Parse_TPM2B_DATA( 4993 buffer, 4994 &value->extra_data, 4995 value_bytes); 4996 if (result) { 4997 return result; 4998 } 4999 5000 result = Parse_TPMS_CLOCK_INFO( 5001 buffer, 5002 &value->clock_info, 5003 value_bytes); 5004 if (result) { 5005 return result; 5006 } 5007 5008 result = Parse_UINT64( 5009 buffer, 5010 &value->firmware_version, 5011 value_bytes); 5012 if (result) { 5013 return result; 5014 } 5015 5016 result = Parse_TPMU_ATTEST( 5017 buffer, 5018 value->type, 5019 &value->attested, 5020 value_bytes); 5021 if (result) { 5022 return result; 5023 } 5024 return result; 5025 } 5026 5027 TPM_RC Serialize_TPM2B_ATTEST( 5028 const TPM2B_ATTEST& value, 5029 std::string* buffer) { 5030 TPM_RC result = TPM_RC_SUCCESS; 5031 VLOG(3) << __func__; 5032 5033 result = Serialize_UINT16(value.size, buffer); 5034 if (result) { 5035 return result; 5036 } 5037 5038 if (arraysize(value.attestation_data) < value.size) { 5039 return TPM_RC_INSUFFICIENT; 5040 } 5041 for (uint32_t i = 0; i < value.size; ++i) { 5042 result = Serialize_BYTE(value.attestation_data[i], buffer); 5043 if (result) { 5044 return result; 5045 } 5046 } 5047 return result; 5048 } 5049 5050 TPM_RC Parse_TPM2B_ATTEST( 5051 std::string* buffer, 5052 TPM2B_ATTEST* value, 5053 std::string* value_bytes) { 5054 TPM_RC result = TPM_RC_SUCCESS; 5055 VLOG(3) << __func__; 5056 5057 result = Parse_UINT16( 5058 buffer, 5059 &value->size, 5060 value_bytes); 5061 if (result) { 5062 return result; 5063 } 5064 5065 if (arraysize(value->attestation_data) < value->size) { 5066 return TPM_RC_INSUFFICIENT; 5067 } 5068 for (uint32_t i = 0; i < value->size; ++i) { 5069 result = Parse_BYTE( 5070 buffer, 5071 &value->attestation_data[i], 5072 value_bytes); 5073 if (result) { 5074 return result; 5075 } 5076 } 5077 return result; 5078 } 5079 5080 TPM2B_ATTEST Make_TPM2B_ATTEST( 5081 const std::string& bytes) { 5082 TPM2B_ATTEST tpm2b; 5083 CHECK(bytes.size() <= sizeof(tpm2b.attestation_data)); 5084 memset(&tpm2b, 0, sizeof(TPM2B_ATTEST)); 5085 tpm2b.size = bytes.size(); 5086 memcpy(tpm2b.attestation_data, bytes.data(), bytes.size()); 5087 return tpm2b; 5088 } 5089 5090 std::string StringFrom_TPM2B_ATTEST( 5091 const TPM2B_ATTEST& tpm2b) { 5092 const char* char_buffer = reinterpret_cast<const char*>( 5093 tpm2b.attestation_data); 5094 return std::string(char_buffer, tpm2b.size); 5095 } 5096 5097 TPM_RC Serialize_TPMS_AUTH_COMMAND( 5098 const TPMS_AUTH_COMMAND& value, 5099 std::string* buffer) { 5100 TPM_RC result = TPM_RC_SUCCESS; 5101 VLOG(3) << __func__; 5102 5103 result = Serialize_TPMI_SH_AUTH_SESSION(value.session_handle, buffer); 5104 if (result) { 5105 return result; 5106 } 5107 5108 result = Serialize_TPM2B_NONCE(value.nonce, buffer); 5109 if (result) { 5110 return result; 5111 } 5112 5113 result = Serialize_TPMA_SESSION(value.session_attributes, buffer); 5114 if (result) { 5115 return result; 5116 } 5117 5118 result = Serialize_TPM2B_AUTH(value.hmac, buffer); 5119 if (result) { 5120 return result; 5121 } 5122 return result; 5123 } 5124 5125 TPM_RC Parse_TPMS_AUTH_COMMAND( 5126 std::string* buffer, 5127 TPMS_AUTH_COMMAND* value, 5128 std::string* value_bytes) { 5129 TPM_RC result = TPM_RC_SUCCESS; 5130 VLOG(3) << __func__; 5131 5132 result = Parse_TPMI_SH_AUTH_SESSION( 5133 buffer, 5134 &value->session_handle, 5135 value_bytes); 5136 if (result) { 5137 return result; 5138 } 5139 5140 result = Parse_TPM2B_NONCE( 5141 buffer, 5142 &value->nonce, 5143 value_bytes); 5144 if (result) { 5145 return result; 5146 } 5147 5148 result = Parse_TPMA_SESSION( 5149 buffer, 5150 &value->session_attributes, 5151 value_bytes); 5152 if (result) { 5153 return result; 5154 } 5155 5156 result = Parse_TPM2B_AUTH( 5157 buffer, 5158 &value->hmac, 5159 value_bytes); 5160 if (result) { 5161 return result; 5162 } 5163 return result; 5164 } 5165 5166 TPM_RC Serialize_TPMS_AUTH_RESPONSE( 5167 const TPMS_AUTH_RESPONSE& value, 5168 std::string* buffer) { 5169 TPM_RC result = TPM_RC_SUCCESS; 5170 VLOG(3) << __func__; 5171 5172 result = Serialize_TPM2B_NONCE(value.nonce, buffer); 5173 if (result) { 5174 return result; 5175 } 5176 5177 result = Serialize_TPMA_SESSION(value.session_attributes, buffer); 5178 if (result) { 5179 return result; 5180 } 5181 5182 result = Serialize_TPM2B_AUTH(value.hmac, buffer); 5183 if (result) { 5184 return result; 5185 } 5186 return result; 5187 } 5188 5189 TPM_RC Parse_TPMS_AUTH_RESPONSE( 5190 std::string* buffer, 5191 TPMS_AUTH_RESPONSE* value, 5192 std::string* value_bytes) { 5193 TPM_RC result = TPM_RC_SUCCESS; 5194 VLOG(3) << __func__; 5195 5196 result = Parse_TPM2B_NONCE( 5197 buffer, 5198 &value->nonce, 5199 value_bytes); 5200 if (result) { 5201 return result; 5202 } 5203 5204 result = Parse_TPMA_SESSION( 5205 buffer, 5206 &value->session_attributes, 5207 value_bytes); 5208 if (result) { 5209 return result; 5210 } 5211 5212 result = Parse_TPM2B_AUTH( 5213 buffer, 5214 &value->hmac, 5215 value_bytes); 5216 if (result) { 5217 return result; 5218 } 5219 return result; 5220 } 5221 5222 TPM_RC Serialize_TPMU_SYM_KEY_BITS( 5223 const TPMU_SYM_KEY_BITS& value, 5224 TPMI_ALG_SYM selector, 5225 std::string* buffer) { 5226 TPM_RC result = TPM_RC_SUCCESS; 5227 VLOG(3) << __func__; 5228 5229 if (selector == TPM_ALG_NULL) { 5230 // Do nothing. 5231 } 5232 5233 if (selector == TPM_ALG_SM4) { 5234 result = Serialize_TPMI_SM4_KEY_BITS(value.sm4, buffer); 5235 if (result) { 5236 return result; 5237 } 5238 } 5239 5240 if (selector == TPM_ALG_AES) { 5241 result = Serialize_TPMI_AES_KEY_BITS(value.aes, buffer); 5242 if (result) { 5243 return result; 5244 } 5245 } 5246 5247 if (selector == TPM_ALG_XOR) { 5248 result = Serialize_TPMI_ALG_HASH(value.xor_, buffer); 5249 if (result) { 5250 return result; 5251 } 5252 } 5253 return result; 5254 } 5255 5256 TPM_RC Parse_TPMU_SYM_KEY_BITS( 5257 std::string* buffer, 5258 TPMI_ALG_SYM selector, 5259 TPMU_SYM_KEY_BITS* value, 5260 std::string* value_bytes) { 5261 TPM_RC result = TPM_RC_SUCCESS; 5262 VLOG(3) << __func__; 5263 5264 if (selector == TPM_ALG_NULL) { 5265 // Do nothing. 5266 } 5267 5268 if (selector == TPM_ALG_SM4) { 5269 result = Parse_TPMI_SM4_KEY_BITS( 5270 buffer, 5271 &value->sm4, 5272 value_bytes); 5273 if (result) { 5274 return result; 5275 } 5276 } 5277 5278 if (selector == TPM_ALG_AES) { 5279 result = Parse_TPMI_AES_KEY_BITS( 5280 buffer, 5281 &value->aes, 5282 value_bytes); 5283 if (result) { 5284 return result; 5285 } 5286 } 5287 5288 if (selector == TPM_ALG_XOR) { 5289 result = Parse_TPMI_ALG_HASH( 5290 buffer, 5291 &value->xor_, 5292 value_bytes); 5293 if (result) { 5294 return result; 5295 } 5296 } 5297 return result; 5298 } 5299 5300 TPM_RC Serialize_TPMU_SYM_MODE( 5301 const TPMU_SYM_MODE& value, 5302 TPMI_ALG_SYM selector, 5303 std::string* buffer) { 5304 TPM_RC result = TPM_RC_SUCCESS; 5305 VLOG(3) << __func__; 5306 5307 if (selector == TPM_ALG_NULL) { 5308 // Do nothing. 5309 } 5310 5311 if (selector == TPM_ALG_SM4) { 5312 result = Serialize_TPMI_ALG_SYM_MODE(value.sm4, buffer); 5313 if (result) { 5314 return result; 5315 } 5316 } 5317 5318 if (selector == TPM_ALG_AES) { 5319 result = Serialize_TPMI_ALG_SYM_MODE(value.aes, buffer); 5320 if (result) { 5321 return result; 5322 } 5323 } 5324 5325 if (selector == TPM_ALG_XOR) { 5326 // Do nothing. 5327 } 5328 return result; 5329 } 5330 5331 TPM_RC Parse_TPMU_SYM_MODE( 5332 std::string* buffer, 5333 TPMI_ALG_SYM selector, 5334 TPMU_SYM_MODE* value, 5335 std::string* value_bytes) { 5336 TPM_RC result = TPM_RC_SUCCESS; 5337 VLOG(3) << __func__; 5338 5339 if (selector == TPM_ALG_NULL) { 5340 // Do nothing. 5341 } 5342 5343 if (selector == TPM_ALG_SM4) { 5344 result = Parse_TPMI_ALG_SYM_MODE( 5345 buffer, 5346 &value->sm4, 5347 value_bytes); 5348 if (result) { 5349 return result; 5350 } 5351 } 5352 5353 if (selector == TPM_ALG_AES) { 5354 result = Parse_TPMI_ALG_SYM_MODE( 5355 buffer, 5356 &value->aes, 5357 value_bytes); 5358 if (result) { 5359 return result; 5360 } 5361 } 5362 5363 if (selector == TPM_ALG_XOR) { 5364 // Do nothing. 5365 } 5366 return result; 5367 } 5368 5369 TPM_RC Serialize_TPMU_SYM_DETAILS( 5370 const TPMU_SYM_DETAILS& value, 5371 TPMI_ALG_SYM selector, 5372 std::string* buffer) { 5373 TPM_RC result = TPM_RC_SUCCESS; 5374 VLOG(3) << __func__; 5375 return result; 5376 } 5377 5378 TPM_RC Parse_TPMU_SYM_DETAILS( 5379 std::string* buffer, 5380 TPMI_ALG_SYM selector, 5381 TPMU_SYM_DETAILS* value, 5382 std::string* value_bytes) { 5383 TPM_RC result = TPM_RC_SUCCESS; 5384 VLOG(3) << __func__; 5385 return result; 5386 } 5387 5388 TPM_RC Serialize_TPMT_SYM_DEF( 5389 const TPMT_SYM_DEF& value, 5390 std::string* buffer) { 5391 TPM_RC result = TPM_RC_SUCCESS; 5392 VLOG(3) << __func__; 5393 5394 result = Serialize_TPMI_ALG_SYM(value.algorithm, buffer); 5395 if (result) { 5396 return result; 5397 } 5398 5399 result = Serialize_TPMU_SYM_KEY_BITS( 5400 value.key_bits, 5401 value.algorithm, 5402 buffer); 5403 if (result) { 5404 return result; 5405 } 5406 5407 result = Serialize_TPMU_SYM_MODE( 5408 value.mode, 5409 value.algorithm, 5410 buffer); 5411 if (result) { 5412 return result; 5413 } 5414 5415 result = Serialize_TPMU_SYM_DETAILS( 5416 value.details, 5417 value.algorithm, 5418 buffer); 5419 if (result) { 5420 return result; 5421 } 5422 return result; 5423 } 5424 5425 TPM_RC Parse_TPMT_SYM_DEF( 5426 std::string* buffer, 5427 TPMT_SYM_DEF* value, 5428 std::string* value_bytes) { 5429 TPM_RC result = TPM_RC_SUCCESS; 5430 VLOG(3) << __func__; 5431 5432 result = Parse_TPMI_ALG_SYM( 5433 buffer, 5434 &value->algorithm, 5435 value_bytes); 5436 if (result) { 5437 return result; 5438 } 5439 5440 result = Parse_TPMU_SYM_KEY_BITS( 5441 buffer, 5442 value->algorithm, 5443 &value->key_bits, 5444 value_bytes); 5445 if (result) { 5446 return result; 5447 } 5448 5449 result = Parse_TPMU_SYM_MODE( 5450 buffer, 5451 value->algorithm, 5452 &value->mode, 5453 value_bytes); 5454 if (result) { 5455 return result; 5456 } 5457 5458 result = Parse_TPMU_SYM_DETAILS( 5459 buffer, 5460 value->algorithm, 5461 &value->details, 5462 value_bytes); 5463 if (result) { 5464 return result; 5465 } 5466 return result; 5467 } 5468 5469 TPM_RC Serialize_TPMT_SYM_DEF_OBJECT( 5470 const TPMT_SYM_DEF_OBJECT& value, 5471 std::string* buffer) { 5472 TPM_RC result = TPM_RC_SUCCESS; 5473 VLOG(3) << __func__; 5474 5475 result = Serialize_TPMI_ALG_SYM_OBJECT(value.algorithm, buffer); 5476 if (result) { 5477 return result; 5478 } 5479 5480 result = Serialize_TPMU_SYM_KEY_BITS( 5481 value.key_bits, 5482 value.algorithm, 5483 buffer); 5484 if (result) { 5485 return result; 5486 } 5487 5488 result = Serialize_TPMU_SYM_MODE( 5489 value.mode, 5490 value.algorithm, 5491 buffer); 5492 if (result) { 5493 return result; 5494 } 5495 5496 result = Serialize_TPMU_SYM_DETAILS( 5497 value.details, 5498 value.algorithm, 5499 buffer); 5500 if (result) { 5501 return result; 5502 } 5503 return result; 5504 } 5505 5506 TPM_RC Parse_TPMT_SYM_DEF_OBJECT( 5507 std::string* buffer, 5508 TPMT_SYM_DEF_OBJECT* value, 5509 std::string* value_bytes) { 5510 TPM_RC result = TPM_RC_SUCCESS; 5511 VLOG(3) << __func__; 5512 5513 result = Parse_TPMI_ALG_SYM_OBJECT( 5514 buffer, 5515 &value->algorithm, 5516 value_bytes); 5517 if (result) { 5518 return result; 5519 } 5520 5521 result = Parse_TPMU_SYM_KEY_BITS( 5522 buffer, 5523 value->algorithm, 5524 &value->key_bits, 5525 value_bytes); 5526 if (result) { 5527 return result; 5528 } 5529 5530 result = Parse_TPMU_SYM_MODE( 5531 buffer, 5532 value->algorithm, 5533 &value->mode, 5534 value_bytes); 5535 if (result) { 5536 return result; 5537 } 5538 5539 result = Parse_TPMU_SYM_DETAILS( 5540 buffer, 5541 value->algorithm, 5542 &value->details, 5543 value_bytes); 5544 if (result) { 5545 return result; 5546 } 5547 return result; 5548 } 5549 5550 TPM_RC Serialize_TPM2B_SYM_KEY( 5551 const TPM2B_SYM_KEY& value, 5552 std::string* buffer) { 5553 TPM_RC result = TPM_RC_SUCCESS; 5554 VLOG(3) << __func__; 5555 5556 result = Serialize_UINT16(value.size, buffer); 5557 if (result) { 5558 return result; 5559 } 5560 5561 if (arraysize(value.buffer) < value.size) { 5562 return TPM_RC_INSUFFICIENT; 5563 } 5564 for (uint32_t i = 0; i < value.size; ++i) { 5565 result = Serialize_BYTE(value.buffer[i], buffer); 5566 if (result) { 5567 return result; 5568 } 5569 } 5570 return result; 5571 } 5572 5573 TPM_RC Parse_TPM2B_SYM_KEY( 5574 std::string* buffer, 5575 TPM2B_SYM_KEY* value, 5576 std::string* value_bytes) { 5577 TPM_RC result = TPM_RC_SUCCESS; 5578 VLOG(3) << __func__; 5579 5580 result = Parse_UINT16( 5581 buffer, 5582 &value->size, 5583 value_bytes); 5584 if (result) { 5585 return result; 5586 } 5587 5588 if (arraysize(value->buffer) < value->size) { 5589 return TPM_RC_INSUFFICIENT; 5590 } 5591 for (uint32_t i = 0; i < value->size; ++i) { 5592 result = Parse_BYTE( 5593 buffer, 5594 &value->buffer[i], 5595 value_bytes); 5596 if (result) { 5597 return result; 5598 } 5599 } 5600 return result; 5601 } 5602 5603 TPM2B_SYM_KEY Make_TPM2B_SYM_KEY( 5604 const std::string& bytes) { 5605 TPM2B_SYM_KEY tpm2b; 5606 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 5607 memset(&tpm2b, 0, sizeof(TPM2B_SYM_KEY)); 5608 tpm2b.size = bytes.size(); 5609 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 5610 return tpm2b; 5611 } 5612 5613 std::string StringFrom_TPM2B_SYM_KEY( 5614 const TPM2B_SYM_KEY& tpm2b) { 5615 const char* char_buffer = reinterpret_cast<const char*>( 5616 tpm2b.buffer); 5617 return std::string(char_buffer, tpm2b.size); 5618 } 5619 5620 TPM_RC Serialize_TPMS_SYMCIPHER_PARMS( 5621 const TPMS_SYMCIPHER_PARMS& value, 5622 std::string* buffer) { 5623 TPM_RC result = TPM_RC_SUCCESS; 5624 VLOG(3) << __func__; 5625 5626 result = Serialize_TPMT_SYM_DEF_OBJECT(value.sym, buffer); 5627 if (result) { 5628 return result; 5629 } 5630 return result; 5631 } 5632 5633 TPM_RC Parse_TPMS_SYMCIPHER_PARMS( 5634 std::string* buffer, 5635 TPMS_SYMCIPHER_PARMS* value, 5636 std::string* value_bytes) { 5637 TPM_RC result = TPM_RC_SUCCESS; 5638 VLOG(3) << __func__; 5639 5640 result = Parse_TPMT_SYM_DEF_OBJECT( 5641 buffer, 5642 &value->sym, 5643 value_bytes); 5644 if (result) { 5645 return result; 5646 } 5647 return result; 5648 } 5649 5650 TPM_RC Serialize_TPM2B_SENSITIVE_DATA( 5651 const TPM2B_SENSITIVE_DATA& value, 5652 std::string* buffer) { 5653 TPM_RC result = TPM_RC_SUCCESS; 5654 VLOG(3) << __func__; 5655 5656 result = Serialize_UINT16(value.size, buffer); 5657 if (result) { 5658 return result; 5659 } 5660 5661 if (arraysize(value.buffer) < value.size) { 5662 return TPM_RC_INSUFFICIENT; 5663 } 5664 for (uint32_t i = 0; i < value.size; ++i) { 5665 result = Serialize_BYTE(value.buffer[i], buffer); 5666 if (result) { 5667 return result; 5668 } 5669 } 5670 return result; 5671 } 5672 5673 TPM_RC Parse_TPM2B_SENSITIVE_DATA( 5674 std::string* buffer, 5675 TPM2B_SENSITIVE_DATA* value, 5676 std::string* value_bytes) { 5677 TPM_RC result = TPM_RC_SUCCESS; 5678 VLOG(3) << __func__; 5679 5680 result = Parse_UINT16( 5681 buffer, 5682 &value->size, 5683 value_bytes); 5684 if (result) { 5685 return result; 5686 } 5687 5688 if (arraysize(value->buffer) < value->size) { 5689 return TPM_RC_INSUFFICIENT; 5690 } 5691 for (uint32_t i = 0; i < value->size; ++i) { 5692 result = Parse_BYTE( 5693 buffer, 5694 &value->buffer[i], 5695 value_bytes); 5696 if (result) { 5697 return result; 5698 } 5699 } 5700 return result; 5701 } 5702 5703 TPM2B_SENSITIVE_DATA Make_TPM2B_SENSITIVE_DATA( 5704 const std::string& bytes) { 5705 TPM2B_SENSITIVE_DATA tpm2b; 5706 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 5707 memset(&tpm2b, 0, sizeof(TPM2B_SENSITIVE_DATA)); 5708 tpm2b.size = bytes.size(); 5709 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 5710 return tpm2b; 5711 } 5712 5713 std::string StringFrom_TPM2B_SENSITIVE_DATA( 5714 const TPM2B_SENSITIVE_DATA& tpm2b) { 5715 const char* char_buffer = reinterpret_cast<const char*>( 5716 tpm2b.buffer); 5717 return std::string(char_buffer, tpm2b.size); 5718 } 5719 5720 TPM_RC Serialize_TPMS_SENSITIVE_CREATE( 5721 const TPMS_SENSITIVE_CREATE& value, 5722 std::string* buffer) { 5723 TPM_RC result = TPM_RC_SUCCESS; 5724 VLOG(3) << __func__; 5725 5726 result = Serialize_TPM2B_AUTH(value.user_auth, buffer); 5727 if (result) { 5728 return result; 5729 } 5730 5731 result = Serialize_TPM2B_SENSITIVE_DATA(value.data, buffer); 5732 if (result) { 5733 return result; 5734 } 5735 return result; 5736 } 5737 5738 TPM_RC Parse_TPMS_SENSITIVE_CREATE( 5739 std::string* buffer, 5740 TPMS_SENSITIVE_CREATE* value, 5741 std::string* value_bytes) { 5742 TPM_RC result = TPM_RC_SUCCESS; 5743 VLOG(3) << __func__; 5744 5745 result = Parse_TPM2B_AUTH( 5746 buffer, 5747 &value->user_auth, 5748 value_bytes); 5749 if (result) { 5750 return result; 5751 } 5752 5753 result = Parse_TPM2B_SENSITIVE_DATA( 5754 buffer, 5755 &value->data, 5756 value_bytes); 5757 if (result) { 5758 return result; 5759 } 5760 return result; 5761 } 5762 5763 TPM_RC Serialize_TPM2B_SENSITIVE_CREATE( 5764 const TPM2B_SENSITIVE_CREATE& value, 5765 std::string* buffer) { 5766 TPM_RC result = TPM_RC_SUCCESS; 5767 VLOG(3) << __func__; 5768 5769 std::string field_bytes; 5770 result = Serialize_TPMS_SENSITIVE_CREATE(value.sensitive, &field_bytes); 5771 if (result) { 5772 return result; 5773 } 5774 std::string size_bytes; 5775 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 5776 if (result) { 5777 return result; 5778 } 5779 buffer->append(size_bytes + field_bytes); 5780 return result; 5781 } 5782 5783 TPM_RC Parse_TPM2B_SENSITIVE_CREATE( 5784 std::string* buffer, 5785 TPM2B_SENSITIVE_CREATE* value, 5786 std::string* value_bytes) { 5787 TPM_RC result = TPM_RC_SUCCESS; 5788 VLOG(3) << __func__; 5789 5790 result = Parse_UINT16( 5791 buffer, 5792 &value->size, 5793 value_bytes); 5794 if (result) { 5795 return result; 5796 } 5797 5798 result = Parse_TPMS_SENSITIVE_CREATE( 5799 buffer, 5800 &value->sensitive, 5801 value_bytes); 5802 if (result) { 5803 return result; 5804 } 5805 return result; 5806 } 5807 5808 TPM2B_SENSITIVE_CREATE Make_TPM2B_SENSITIVE_CREATE( 5809 const TPMS_SENSITIVE_CREATE& inner) { 5810 TPM2B_SENSITIVE_CREATE tpm2b; 5811 tpm2b.size = sizeof(TPMS_SENSITIVE_CREATE); 5812 tpm2b.sensitive = inner; 5813 return tpm2b; 5814 } 5815 5816 TPM_RC Serialize_TPMS_SCHEME_XOR( 5817 const TPMS_SCHEME_XOR& value, 5818 std::string* buffer) { 5819 TPM_RC result = TPM_RC_SUCCESS; 5820 VLOG(3) << __func__; 5821 5822 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5823 if (result) { 5824 return result; 5825 } 5826 5827 result = Serialize_TPMI_ALG_KDF(value.kdf, buffer); 5828 if (result) { 5829 return result; 5830 } 5831 return result; 5832 } 5833 5834 TPM_RC Parse_TPMS_SCHEME_XOR( 5835 std::string* buffer, 5836 TPMS_SCHEME_XOR* value, 5837 std::string* value_bytes) { 5838 TPM_RC result = TPM_RC_SUCCESS; 5839 VLOG(3) << __func__; 5840 5841 result = Parse_TPMI_ALG_HASH( 5842 buffer, 5843 &value->hash_alg, 5844 value_bytes); 5845 if (result) { 5846 return result; 5847 } 5848 5849 result = Parse_TPMI_ALG_KDF( 5850 buffer, 5851 &value->kdf, 5852 value_bytes); 5853 if (result) { 5854 return result; 5855 } 5856 return result; 5857 } 5858 5859 TPM_RC Serialize_TPMU_SCHEME_KEYEDHASH( 5860 const TPMU_SCHEME_KEYEDHASH& value, 5861 TPMI_ALG_KEYEDHASH_SCHEME selector, 5862 std::string* buffer) { 5863 TPM_RC result = TPM_RC_SUCCESS; 5864 VLOG(3) << __func__; 5865 5866 if (selector == TPM_ALG_NULL) { 5867 // Do nothing. 5868 } 5869 5870 if (selector == TPM_ALG_HMAC) { 5871 result = Serialize_TPMS_SCHEME_HMAC(value.hmac, buffer); 5872 if (result) { 5873 return result; 5874 } 5875 } 5876 5877 if (selector == TPM_ALG_XOR) { 5878 result = Serialize_TPMS_SCHEME_XOR(value.xor_, buffer); 5879 if (result) { 5880 return result; 5881 } 5882 } 5883 return result; 5884 } 5885 5886 TPM_RC Parse_TPMU_SCHEME_KEYEDHASH( 5887 std::string* buffer, 5888 TPMI_ALG_KEYEDHASH_SCHEME selector, 5889 TPMU_SCHEME_KEYEDHASH* value, 5890 std::string* value_bytes) { 5891 TPM_RC result = TPM_RC_SUCCESS; 5892 VLOG(3) << __func__; 5893 5894 if (selector == TPM_ALG_NULL) { 5895 // Do nothing. 5896 } 5897 5898 if (selector == TPM_ALG_HMAC) { 5899 result = Parse_TPMS_SCHEME_HMAC( 5900 buffer, 5901 &value->hmac, 5902 value_bytes); 5903 if (result) { 5904 return result; 5905 } 5906 } 5907 5908 if (selector == TPM_ALG_XOR) { 5909 result = Parse_TPMS_SCHEME_XOR( 5910 buffer, 5911 &value->xor_, 5912 value_bytes); 5913 if (result) { 5914 return result; 5915 } 5916 } 5917 return result; 5918 } 5919 5920 TPM_RC Serialize_TPMT_KEYEDHASH_SCHEME( 5921 const TPMT_KEYEDHASH_SCHEME& value, 5922 std::string* buffer) { 5923 TPM_RC result = TPM_RC_SUCCESS; 5924 VLOG(3) << __func__; 5925 5926 result = Serialize_TPMI_ALG_KEYEDHASH_SCHEME(value.scheme, buffer); 5927 if (result) { 5928 return result; 5929 } 5930 5931 result = Serialize_TPMU_SCHEME_KEYEDHASH( 5932 value.details, 5933 value.scheme, 5934 buffer); 5935 if (result) { 5936 return result; 5937 } 5938 return result; 5939 } 5940 5941 TPM_RC Parse_TPMT_KEYEDHASH_SCHEME( 5942 std::string* buffer, 5943 TPMT_KEYEDHASH_SCHEME* value, 5944 std::string* value_bytes) { 5945 TPM_RC result = TPM_RC_SUCCESS; 5946 VLOG(3) << __func__; 5947 5948 result = Parse_TPMI_ALG_KEYEDHASH_SCHEME( 5949 buffer, 5950 &value->scheme, 5951 value_bytes); 5952 if (result) { 5953 return result; 5954 } 5955 5956 result = Parse_TPMU_SCHEME_KEYEDHASH( 5957 buffer, 5958 value->scheme, 5959 &value->details, 5960 value_bytes); 5961 if (result) { 5962 return result; 5963 } 5964 return result; 5965 } 5966 5967 TPM_RC Serialize_TPMS_SCHEME_ECDAA( 5968 const TPMS_SCHEME_ECDAA& value, 5969 std::string* buffer) { 5970 TPM_RC result = TPM_RC_SUCCESS; 5971 VLOG(3) << __func__; 5972 5973 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 5974 if (result) { 5975 return result; 5976 } 5977 5978 result = Serialize_UINT16(value.count, buffer); 5979 if (result) { 5980 return result; 5981 } 5982 return result; 5983 } 5984 5985 TPM_RC Parse_TPMS_SCHEME_ECDAA( 5986 std::string* buffer, 5987 TPMS_SCHEME_ECDAA* value, 5988 std::string* value_bytes) { 5989 TPM_RC result = TPM_RC_SUCCESS; 5990 VLOG(3) << __func__; 5991 5992 result = Parse_TPMI_ALG_HASH( 5993 buffer, 5994 &value->hash_alg, 5995 value_bytes); 5996 if (result) { 5997 return result; 5998 } 5999 6000 result = Parse_UINT16( 6001 buffer, 6002 &value->count, 6003 value_bytes); 6004 if (result) { 6005 return result; 6006 } 6007 return result; 6008 } 6009 6010 TPM_RC Serialize_TPMU_SIG_SCHEME( 6011 const TPMU_SIG_SCHEME& value, 6012 TPMI_ALG_SIG_SCHEME selector, 6013 std::string* buffer) { 6014 TPM_RC result = TPM_RC_SUCCESS; 6015 VLOG(3) << __func__; 6016 6017 if (selector == TPM_ALG_HMAC) { 6018 result = Serialize_TPMS_SCHEME_HMAC(value.hmac, buffer); 6019 if (result) { 6020 return result; 6021 } 6022 } 6023 6024 if (selector == TPM_ALG_ECSCHNORR) { 6025 result = Serialize_TPMS_SCHEME_ECSCHNORR(value.ec_schnorr, buffer); 6026 if (result) { 6027 return result; 6028 } 6029 } 6030 6031 if (selector == TPM_ALG_RSAPSS) { 6032 result = Serialize_TPMS_SCHEME_RSAPSS(value.rsapss, buffer); 6033 if (result) { 6034 return result; 6035 } 6036 } 6037 6038 if (selector == TPM_ALG_ECDAA) { 6039 result = Serialize_TPMS_SCHEME_ECDAA(value.ecdaa, buffer); 6040 if (result) { 6041 return result; 6042 } 6043 } 6044 6045 if (selector == TPM_ALG_RSASSA) { 6046 result = Serialize_TPMS_SCHEME_RSASSA(value.rsassa, buffer); 6047 if (result) { 6048 return result; 6049 } 6050 } 6051 6052 if (selector == TPM_ALG_SM2) { 6053 result = Serialize_TPMS_SCHEME_SM2(value.sm2, buffer); 6054 if (result) { 6055 return result; 6056 } 6057 } 6058 6059 if (selector == TPM_ALG_ECDSA) { 6060 result = Serialize_TPMS_SCHEME_ECDSA(value.ecdsa, buffer); 6061 if (result) { 6062 return result; 6063 } 6064 } 6065 6066 if (selector == TPM_ALG_NULL) { 6067 // Do nothing. 6068 } 6069 return result; 6070 } 6071 6072 TPM_RC Parse_TPMU_SIG_SCHEME( 6073 std::string* buffer, 6074 TPMI_ALG_SIG_SCHEME selector, 6075 TPMU_SIG_SCHEME* value, 6076 std::string* value_bytes) { 6077 TPM_RC result = TPM_RC_SUCCESS; 6078 VLOG(3) << __func__; 6079 6080 if (selector == TPM_ALG_HMAC) { 6081 result = Parse_TPMS_SCHEME_HMAC( 6082 buffer, 6083 &value->hmac, 6084 value_bytes); 6085 if (result) { 6086 return result; 6087 } 6088 } 6089 6090 if (selector == TPM_ALG_ECSCHNORR) { 6091 result = Parse_TPMS_SCHEME_ECSCHNORR( 6092 buffer, 6093 &value->ec_schnorr, 6094 value_bytes); 6095 if (result) { 6096 return result; 6097 } 6098 } 6099 6100 if (selector == TPM_ALG_RSAPSS) { 6101 result = Parse_TPMS_SCHEME_RSAPSS( 6102 buffer, 6103 &value->rsapss, 6104 value_bytes); 6105 if (result) { 6106 return result; 6107 } 6108 } 6109 6110 if (selector == TPM_ALG_ECDAA) { 6111 result = Parse_TPMS_SCHEME_ECDAA( 6112 buffer, 6113 &value->ecdaa, 6114 value_bytes); 6115 if (result) { 6116 return result; 6117 } 6118 } 6119 6120 if (selector == TPM_ALG_RSASSA) { 6121 result = Parse_TPMS_SCHEME_RSASSA( 6122 buffer, 6123 &value->rsassa, 6124 value_bytes); 6125 if (result) { 6126 return result; 6127 } 6128 } 6129 6130 if (selector == TPM_ALG_SM2) { 6131 result = Parse_TPMS_SCHEME_SM2( 6132 buffer, 6133 &value->sm2, 6134 value_bytes); 6135 if (result) { 6136 return result; 6137 } 6138 } 6139 6140 if (selector == TPM_ALG_ECDSA) { 6141 result = Parse_TPMS_SCHEME_ECDSA( 6142 buffer, 6143 &value->ecdsa, 6144 value_bytes); 6145 if (result) { 6146 return result; 6147 } 6148 } 6149 6150 if (selector == TPM_ALG_NULL) { 6151 // Do nothing. 6152 } 6153 return result; 6154 } 6155 6156 TPM_RC Serialize_TPMT_SIG_SCHEME( 6157 const TPMT_SIG_SCHEME& value, 6158 std::string* buffer) { 6159 TPM_RC result = TPM_RC_SUCCESS; 6160 VLOG(3) << __func__; 6161 6162 result = Serialize_TPMI_ALG_SIG_SCHEME(value.scheme, buffer); 6163 if (result) { 6164 return result; 6165 } 6166 6167 result = Serialize_TPMU_SIG_SCHEME( 6168 value.details, 6169 value.scheme, 6170 buffer); 6171 if (result) { 6172 return result; 6173 } 6174 return result; 6175 } 6176 6177 TPM_RC Parse_TPMT_SIG_SCHEME( 6178 std::string* buffer, 6179 TPMT_SIG_SCHEME* value, 6180 std::string* value_bytes) { 6181 TPM_RC result = TPM_RC_SUCCESS; 6182 VLOG(3) << __func__; 6183 6184 result = Parse_TPMI_ALG_SIG_SCHEME( 6185 buffer, 6186 &value->scheme, 6187 value_bytes); 6188 if (result) { 6189 return result; 6190 } 6191 6192 result = Parse_TPMU_SIG_SCHEME( 6193 buffer, 6194 value->scheme, 6195 &value->details, 6196 value_bytes); 6197 if (result) { 6198 return result; 6199 } 6200 return result; 6201 } 6202 6203 TPM_RC Serialize_TPMS_SCHEME_OAEP( 6204 const TPMS_SCHEME_OAEP& value, 6205 std::string* buffer) { 6206 TPM_RC result = TPM_RC_SUCCESS; 6207 VLOG(3) << __func__; 6208 6209 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 6210 if (result) { 6211 return result; 6212 } 6213 return result; 6214 } 6215 6216 TPM_RC Parse_TPMS_SCHEME_OAEP( 6217 std::string* buffer, 6218 TPMS_SCHEME_OAEP* value, 6219 std::string* value_bytes) { 6220 TPM_RC result = TPM_RC_SUCCESS; 6221 VLOG(3) << __func__; 6222 6223 result = Parse_TPMI_ALG_HASH( 6224 buffer, 6225 &value->hash_alg, 6226 value_bytes); 6227 if (result) { 6228 return result; 6229 } 6230 return result; 6231 } 6232 6233 TPM_RC Serialize_TPMS_SCHEME_ECDH( 6234 const TPMS_SCHEME_ECDH& value, 6235 std::string* buffer) { 6236 TPM_RC result = TPM_RC_SUCCESS; 6237 VLOG(3) << __func__; 6238 6239 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 6240 if (result) { 6241 return result; 6242 } 6243 return result; 6244 } 6245 6246 TPM_RC Parse_TPMS_SCHEME_ECDH( 6247 std::string* buffer, 6248 TPMS_SCHEME_ECDH* value, 6249 std::string* value_bytes) { 6250 TPM_RC result = TPM_RC_SUCCESS; 6251 VLOG(3) << __func__; 6252 6253 result = Parse_TPMI_ALG_HASH( 6254 buffer, 6255 &value->hash_alg, 6256 value_bytes); 6257 if (result) { 6258 return result; 6259 } 6260 return result; 6261 } 6262 6263 TPM_RC Serialize_TPMS_SCHEME_MGF1( 6264 const TPMS_SCHEME_MGF1& value, 6265 std::string* buffer) { 6266 TPM_RC result = TPM_RC_SUCCESS; 6267 VLOG(3) << __func__; 6268 6269 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 6270 if (result) { 6271 return result; 6272 } 6273 return result; 6274 } 6275 6276 TPM_RC Parse_TPMS_SCHEME_MGF1( 6277 std::string* buffer, 6278 TPMS_SCHEME_MGF1* value, 6279 std::string* value_bytes) { 6280 TPM_RC result = TPM_RC_SUCCESS; 6281 VLOG(3) << __func__; 6282 6283 result = Parse_TPMI_ALG_HASH( 6284 buffer, 6285 &value->hash_alg, 6286 value_bytes); 6287 if (result) { 6288 return result; 6289 } 6290 return result; 6291 } 6292 6293 TPM_RC Serialize_TPMS_SCHEME_KDF1_SP800_56a( 6294 const TPMS_SCHEME_KDF1_SP800_56a& value, 6295 std::string* buffer) { 6296 TPM_RC result = TPM_RC_SUCCESS; 6297 VLOG(3) << __func__; 6298 6299 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 6300 if (result) { 6301 return result; 6302 } 6303 return result; 6304 } 6305 6306 TPM_RC Parse_TPMS_SCHEME_KDF1_SP800_56a( 6307 std::string* buffer, 6308 TPMS_SCHEME_KDF1_SP800_56a* value, 6309 std::string* value_bytes) { 6310 TPM_RC result = TPM_RC_SUCCESS; 6311 VLOG(3) << __func__; 6312 6313 result = Parse_TPMI_ALG_HASH( 6314 buffer, 6315 &value->hash_alg, 6316 value_bytes); 6317 if (result) { 6318 return result; 6319 } 6320 return result; 6321 } 6322 6323 TPM_RC Serialize_TPMS_SCHEME_KDF2( 6324 const TPMS_SCHEME_KDF2& value, 6325 std::string* buffer) { 6326 TPM_RC result = TPM_RC_SUCCESS; 6327 VLOG(3) << __func__; 6328 6329 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 6330 if (result) { 6331 return result; 6332 } 6333 return result; 6334 } 6335 6336 TPM_RC Parse_TPMS_SCHEME_KDF2( 6337 std::string* buffer, 6338 TPMS_SCHEME_KDF2* value, 6339 std::string* value_bytes) { 6340 TPM_RC result = TPM_RC_SUCCESS; 6341 VLOG(3) << __func__; 6342 6343 result = Parse_TPMI_ALG_HASH( 6344 buffer, 6345 &value->hash_alg, 6346 value_bytes); 6347 if (result) { 6348 return result; 6349 } 6350 return result; 6351 } 6352 6353 TPM_RC Serialize_TPMS_SCHEME_KDF1_SP800_108( 6354 const TPMS_SCHEME_KDF1_SP800_108& value, 6355 std::string* buffer) { 6356 TPM_RC result = TPM_RC_SUCCESS; 6357 VLOG(3) << __func__; 6358 6359 result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer); 6360 if (result) { 6361 return result; 6362 } 6363 return result; 6364 } 6365 6366 TPM_RC Parse_TPMS_SCHEME_KDF1_SP800_108( 6367 std::string* buffer, 6368 TPMS_SCHEME_KDF1_SP800_108* value, 6369 std::string* value_bytes) { 6370 TPM_RC result = TPM_RC_SUCCESS; 6371 VLOG(3) << __func__; 6372 6373 result = Parse_TPMI_ALG_HASH( 6374 buffer, 6375 &value->hash_alg, 6376 value_bytes); 6377 if (result) { 6378 return result; 6379 } 6380 return result; 6381 } 6382 6383 TPM_RC Serialize_TPMU_KDF_SCHEME( 6384 const TPMU_KDF_SCHEME& value, 6385 TPMI_ALG_KDF selector, 6386 std::string* buffer) { 6387 TPM_RC result = TPM_RC_SUCCESS; 6388 VLOG(3) << __func__; 6389 6390 if (selector == TPM_ALG_KDF1_SP800_56a) { 6391 result = Serialize_TPMS_SCHEME_KDF1_SP800_56a(value.kdf1_sp800_56a, buffer); 6392 if (result) { 6393 return result; 6394 } 6395 } 6396 6397 if (selector == TPM_ALG_MGF1) { 6398 result = Serialize_TPMS_SCHEME_MGF1(value.mgf1, buffer); 6399 if (result) { 6400 return result; 6401 } 6402 } 6403 6404 if (selector == TPM_ALG_KDF1_SP800_108) { 6405 result = Serialize_TPMS_SCHEME_KDF1_SP800_108(value.kdf1_sp800_108, buffer); 6406 if (result) { 6407 return result; 6408 } 6409 } 6410 6411 if (selector == TPM_ALG_KDF2) { 6412 result = Serialize_TPMS_SCHEME_KDF2(value.kdf2, buffer); 6413 if (result) { 6414 return result; 6415 } 6416 } 6417 6418 if (selector == TPM_ALG_NULL) { 6419 // Do nothing. 6420 } 6421 return result; 6422 } 6423 6424 TPM_RC Parse_TPMU_KDF_SCHEME( 6425 std::string* buffer, 6426 TPMI_ALG_KDF selector, 6427 TPMU_KDF_SCHEME* value, 6428 std::string* value_bytes) { 6429 TPM_RC result = TPM_RC_SUCCESS; 6430 VLOG(3) << __func__; 6431 6432 if (selector == TPM_ALG_KDF1_SP800_56a) { 6433 result = Parse_TPMS_SCHEME_KDF1_SP800_56a( 6434 buffer, 6435 &value->kdf1_sp800_56a, 6436 value_bytes); 6437 if (result) { 6438 return result; 6439 } 6440 } 6441 6442 if (selector == TPM_ALG_MGF1) { 6443 result = Parse_TPMS_SCHEME_MGF1( 6444 buffer, 6445 &value->mgf1, 6446 value_bytes); 6447 if (result) { 6448 return result; 6449 } 6450 } 6451 6452 if (selector == TPM_ALG_KDF1_SP800_108) { 6453 result = Parse_TPMS_SCHEME_KDF1_SP800_108( 6454 buffer, 6455 &value->kdf1_sp800_108, 6456 value_bytes); 6457 if (result) { 6458 return result; 6459 } 6460 } 6461 6462 if (selector == TPM_ALG_KDF2) { 6463 result = Parse_TPMS_SCHEME_KDF2( 6464 buffer, 6465 &value->kdf2, 6466 value_bytes); 6467 if (result) { 6468 return result; 6469 } 6470 } 6471 6472 if (selector == TPM_ALG_NULL) { 6473 // Do nothing. 6474 } 6475 return result; 6476 } 6477 6478 TPM_RC Serialize_TPMT_KDF_SCHEME( 6479 const TPMT_KDF_SCHEME& value, 6480 std::string* buffer) { 6481 TPM_RC result = TPM_RC_SUCCESS; 6482 VLOG(3) << __func__; 6483 6484 result = Serialize_TPMI_ALG_KDF(value.scheme, buffer); 6485 if (result) { 6486 return result; 6487 } 6488 6489 result = Serialize_TPMU_KDF_SCHEME( 6490 value.details, 6491 value.scheme, 6492 buffer); 6493 if (result) { 6494 return result; 6495 } 6496 return result; 6497 } 6498 6499 TPM_RC Parse_TPMT_KDF_SCHEME( 6500 std::string* buffer, 6501 TPMT_KDF_SCHEME* value, 6502 std::string* value_bytes) { 6503 TPM_RC result = TPM_RC_SUCCESS; 6504 VLOG(3) << __func__; 6505 6506 result = Parse_TPMI_ALG_KDF( 6507 buffer, 6508 &value->scheme, 6509 value_bytes); 6510 if (result) { 6511 return result; 6512 } 6513 6514 result = Parse_TPMU_KDF_SCHEME( 6515 buffer, 6516 value->scheme, 6517 &value->details, 6518 value_bytes); 6519 if (result) { 6520 return result; 6521 } 6522 return result; 6523 } 6524 6525 TPM_RC Serialize_TPMU_ASYM_SCHEME( 6526 const TPMU_ASYM_SCHEME& value, 6527 TPMI_ALG_ASYM_SCHEME selector, 6528 std::string* buffer) { 6529 TPM_RC result = TPM_RC_SUCCESS; 6530 VLOG(3) << __func__; 6531 6532 if (selector == TPM_ALG_RSAES) { 6533 // Do nothing. 6534 } 6535 6536 if (selector == TPM_ALG_ECSCHNORR) { 6537 result = Serialize_TPMS_SCHEME_ECSCHNORR(value.ec_schnorr, buffer); 6538 if (result) { 6539 return result; 6540 } 6541 } 6542 6543 if (selector == TPM_ALG_NULL) { 6544 // Do nothing. 6545 } 6546 6547 if (selector == TPM_ALG_ECDH) { 6548 result = Serialize_TPMS_SCHEME_ECDH(value.ecdh, buffer); 6549 if (result) { 6550 return result; 6551 } 6552 } 6553 6554 if (selector == TPM_ALG_OAEP) { 6555 result = Serialize_TPMS_SCHEME_OAEP(value.oaep, buffer); 6556 if (result) { 6557 return result; 6558 } 6559 } 6560 6561 if (selector == TPM_ALG_RSAPSS) { 6562 result = Serialize_TPMS_SCHEME_RSAPSS(value.rsapss, buffer); 6563 if (result) { 6564 return result; 6565 } 6566 } 6567 6568 if (selector == TPM_ALG_ECDAA) { 6569 result = Serialize_TPMS_SCHEME_ECDAA(value.ecdaa, buffer); 6570 if (result) { 6571 return result; 6572 } 6573 } 6574 6575 if (selector == TPM_ALG_RSASSA) { 6576 result = Serialize_TPMS_SCHEME_RSASSA(value.rsassa, buffer); 6577 if (result) { 6578 return result; 6579 } 6580 } 6581 6582 if (selector == TPM_ALG_SM2) { 6583 result = Serialize_TPMS_SCHEME_SM2(value.sm2, buffer); 6584 if (result) { 6585 return result; 6586 } 6587 } 6588 6589 if (selector == TPM_ALG_ECDSA) { 6590 result = Serialize_TPMS_SCHEME_ECDSA(value.ecdsa, buffer); 6591 if (result) { 6592 return result; 6593 } 6594 } 6595 return result; 6596 } 6597 6598 TPM_RC Parse_TPMU_ASYM_SCHEME( 6599 std::string* buffer, 6600 TPMI_ALG_ASYM_SCHEME selector, 6601 TPMU_ASYM_SCHEME* value, 6602 std::string* value_bytes) { 6603 TPM_RC result = TPM_RC_SUCCESS; 6604 VLOG(3) << __func__; 6605 6606 if (selector == TPM_ALG_RSAES) { 6607 // Do nothing. 6608 } 6609 6610 if (selector == TPM_ALG_ECSCHNORR) { 6611 result = Parse_TPMS_SCHEME_ECSCHNORR( 6612 buffer, 6613 &value->ec_schnorr, 6614 value_bytes); 6615 if (result) { 6616 return result; 6617 } 6618 } 6619 6620 if (selector == TPM_ALG_NULL) { 6621 // Do nothing. 6622 } 6623 6624 if (selector == TPM_ALG_ECDH) { 6625 result = Parse_TPMS_SCHEME_ECDH( 6626 buffer, 6627 &value->ecdh, 6628 value_bytes); 6629 if (result) { 6630 return result; 6631 } 6632 } 6633 6634 if (selector == TPM_ALG_OAEP) { 6635 result = Parse_TPMS_SCHEME_OAEP( 6636 buffer, 6637 &value->oaep, 6638 value_bytes); 6639 if (result) { 6640 return result; 6641 } 6642 } 6643 6644 if (selector == TPM_ALG_RSAPSS) { 6645 result = Parse_TPMS_SCHEME_RSAPSS( 6646 buffer, 6647 &value->rsapss, 6648 value_bytes); 6649 if (result) { 6650 return result; 6651 } 6652 } 6653 6654 if (selector == TPM_ALG_ECDAA) { 6655 result = Parse_TPMS_SCHEME_ECDAA( 6656 buffer, 6657 &value->ecdaa, 6658 value_bytes); 6659 if (result) { 6660 return result; 6661 } 6662 } 6663 6664 if (selector == TPM_ALG_RSASSA) { 6665 result = Parse_TPMS_SCHEME_RSASSA( 6666 buffer, 6667 &value->rsassa, 6668 value_bytes); 6669 if (result) { 6670 return result; 6671 } 6672 } 6673 6674 if (selector == TPM_ALG_SM2) { 6675 result = Parse_TPMS_SCHEME_SM2( 6676 buffer, 6677 &value->sm2, 6678 value_bytes); 6679 if (result) { 6680 return result; 6681 } 6682 } 6683 6684 if (selector == TPM_ALG_ECDSA) { 6685 result = Parse_TPMS_SCHEME_ECDSA( 6686 buffer, 6687 &value->ecdsa, 6688 value_bytes); 6689 if (result) { 6690 return result; 6691 } 6692 } 6693 return result; 6694 } 6695 6696 TPM_RC Serialize_TPMT_ASYM_SCHEME( 6697 const TPMT_ASYM_SCHEME& value, 6698 std::string* buffer) { 6699 TPM_RC result = TPM_RC_SUCCESS; 6700 VLOG(3) << __func__; 6701 6702 result = Serialize_TPMI_ALG_ASYM_SCHEME(value.scheme, buffer); 6703 if (result) { 6704 return result; 6705 } 6706 6707 result = Serialize_TPMU_ASYM_SCHEME( 6708 value.details, 6709 value.scheme, 6710 buffer); 6711 if (result) { 6712 return result; 6713 } 6714 return result; 6715 } 6716 6717 TPM_RC Parse_TPMT_ASYM_SCHEME( 6718 std::string* buffer, 6719 TPMT_ASYM_SCHEME* value, 6720 std::string* value_bytes) { 6721 TPM_RC result = TPM_RC_SUCCESS; 6722 VLOG(3) << __func__; 6723 6724 result = Parse_TPMI_ALG_ASYM_SCHEME( 6725 buffer, 6726 &value->scheme, 6727 value_bytes); 6728 if (result) { 6729 return result; 6730 } 6731 6732 result = Parse_TPMU_ASYM_SCHEME( 6733 buffer, 6734 value->scheme, 6735 &value->details, 6736 value_bytes); 6737 if (result) { 6738 return result; 6739 } 6740 return result; 6741 } 6742 6743 TPM_RC Serialize_TPMT_RSA_SCHEME( 6744 const TPMT_RSA_SCHEME& value, 6745 std::string* buffer) { 6746 TPM_RC result = TPM_RC_SUCCESS; 6747 VLOG(3) << __func__; 6748 6749 result = Serialize_TPMI_ALG_RSA_SCHEME(value.scheme, buffer); 6750 if (result) { 6751 return result; 6752 } 6753 6754 result = Serialize_TPMU_ASYM_SCHEME( 6755 value.details, 6756 value.scheme, 6757 buffer); 6758 if (result) { 6759 return result; 6760 } 6761 return result; 6762 } 6763 6764 TPM_RC Parse_TPMT_RSA_SCHEME( 6765 std::string* buffer, 6766 TPMT_RSA_SCHEME* value, 6767 std::string* value_bytes) { 6768 TPM_RC result = TPM_RC_SUCCESS; 6769 VLOG(3) << __func__; 6770 6771 result = Parse_TPMI_ALG_RSA_SCHEME( 6772 buffer, 6773 &value->scheme, 6774 value_bytes); 6775 if (result) { 6776 return result; 6777 } 6778 6779 result = Parse_TPMU_ASYM_SCHEME( 6780 buffer, 6781 value->scheme, 6782 &value->details, 6783 value_bytes); 6784 if (result) { 6785 return result; 6786 } 6787 return result; 6788 } 6789 6790 TPM_RC Serialize_TPMT_RSA_DECRYPT( 6791 const TPMT_RSA_DECRYPT& value, 6792 std::string* buffer) { 6793 TPM_RC result = TPM_RC_SUCCESS; 6794 VLOG(3) << __func__; 6795 6796 result = Serialize_TPMI_ALG_RSA_DECRYPT(value.scheme, buffer); 6797 if (result) { 6798 return result; 6799 } 6800 6801 result = Serialize_TPMU_ASYM_SCHEME( 6802 value.details, 6803 value.scheme, 6804 buffer); 6805 if (result) { 6806 return result; 6807 } 6808 return result; 6809 } 6810 6811 TPM_RC Parse_TPMT_RSA_DECRYPT( 6812 std::string* buffer, 6813 TPMT_RSA_DECRYPT* value, 6814 std::string* value_bytes) { 6815 TPM_RC result = TPM_RC_SUCCESS; 6816 VLOG(3) << __func__; 6817 6818 result = Parse_TPMI_ALG_RSA_DECRYPT( 6819 buffer, 6820 &value->scheme, 6821 value_bytes); 6822 if (result) { 6823 return result; 6824 } 6825 6826 result = Parse_TPMU_ASYM_SCHEME( 6827 buffer, 6828 value->scheme, 6829 &value->details, 6830 value_bytes); 6831 if (result) { 6832 return result; 6833 } 6834 return result; 6835 } 6836 6837 TPM_RC Serialize_TPM2B_PUBLIC_KEY_RSA( 6838 const TPM2B_PUBLIC_KEY_RSA& value, 6839 std::string* buffer) { 6840 TPM_RC result = TPM_RC_SUCCESS; 6841 VLOG(3) << __func__; 6842 6843 result = Serialize_UINT16(value.size, buffer); 6844 if (result) { 6845 return result; 6846 } 6847 6848 if (arraysize(value.buffer) < value.size) { 6849 return TPM_RC_INSUFFICIENT; 6850 } 6851 for (uint32_t i = 0; i < value.size; ++i) { 6852 result = Serialize_BYTE(value.buffer[i], buffer); 6853 if (result) { 6854 return result; 6855 } 6856 } 6857 return result; 6858 } 6859 6860 TPM_RC Parse_TPM2B_PUBLIC_KEY_RSA( 6861 std::string* buffer, 6862 TPM2B_PUBLIC_KEY_RSA* value, 6863 std::string* value_bytes) { 6864 TPM_RC result = TPM_RC_SUCCESS; 6865 VLOG(3) << __func__; 6866 6867 result = Parse_UINT16( 6868 buffer, 6869 &value->size, 6870 value_bytes); 6871 if (result) { 6872 return result; 6873 } 6874 6875 if (arraysize(value->buffer) < value->size) { 6876 return TPM_RC_INSUFFICIENT; 6877 } 6878 for (uint32_t i = 0; i < value->size; ++i) { 6879 result = Parse_BYTE( 6880 buffer, 6881 &value->buffer[i], 6882 value_bytes); 6883 if (result) { 6884 return result; 6885 } 6886 } 6887 return result; 6888 } 6889 6890 TPM2B_PUBLIC_KEY_RSA Make_TPM2B_PUBLIC_KEY_RSA( 6891 const std::string& bytes) { 6892 TPM2B_PUBLIC_KEY_RSA tpm2b; 6893 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 6894 memset(&tpm2b, 0, sizeof(TPM2B_PUBLIC_KEY_RSA)); 6895 tpm2b.size = bytes.size(); 6896 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 6897 return tpm2b; 6898 } 6899 6900 std::string StringFrom_TPM2B_PUBLIC_KEY_RSA( 6901 const TPM2B_PUBLIC_KEY_RSA& tpm2b) { 6902 const char* char_buffer = reinterpret_cast<const char*>( 6903 tpm2b.buffer); 6904 return std::string(char_buffer, tpm2b.size); 6905 } 6906 6907 TPM_RC Serialize_TPM2B_PRIVATE_KEY_RSA( 6908 const TPM2B_PRIVATE_KEY_RSA& value, 6909 std::string* buffer) { 6910 TPM_RC result = TPM_RC_SUCCESS; 6911 VLOG(3) << __func__; 6912 6913 result = Serialize_UINT16(value.size, buffer); 6914 if (result) { 6915 return result; 6916 } 6917 6918 if (arraysize(value.buffer) < value.size) { 6919 return TPM_RC_INSUFFICIENT; 6920 } 6921 for (uint32_t i = 0; i < value.size; ++i) { 6922 result = Serialize_BYTE(value.buffer[i], buffer); 6923 if (result) { 6924 return result; 6925 } 6926 } 6927 return result; 6928 } 6929 6930 TPM_RC Parse_TPM2B_PRIVATE_KEY_RSA( 6931 std::string* buffer, 6932 TPM2B_PRIVATE_KEY_RSA* value, 6933 std::string* value_bytes) { 6934 TPM_RC result = TPM_RC_SUCCESS; 6935 VLOG(3) << __func__; 6936 6937 result = Parse_UINT16( 6938 buffer, 6939 &value->size, 6940 value_bytes); 6941 if (result) { 6942 return result; 6943 } 6944 6945 if (arraysize(value->buffer) < value->size) { 6946 return TPM_RC_INSUFFICIENT; 6947 } 6948 for (uint32_t i = 0; i < value->size; ++i) { 6949 result = Parse_BYTE( 6950 buffer, 6951 &value->buffer[i], 6952 value_bytes); 6953 if (result) { 6954 return result; 6955 } 6956 } 6957 return result; 6958 } 6959 6960 TPM2B_PRIVATE_KEY_RSA Make_TPM2B_PRIVATE_KEY_RSA( 6961 const std::string& bytes) { 6962 TPM2B_PRIVATE_KEY_RSA tpm2b; 6963 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 6964 memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE_KEY_RSA)); 6965 tpm2b.size = bytes.size(); 6966 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 6967 return tpm2b; 6968 } 6969 6970 std::string StringFrom_TPM2B_PRIVATE_KEY_RSA( 6971 const TPM2B_PRIVATE_KEY_RSA& tpm2b) { 6972 const char* char_buffer = reinterpret_cast<const char*>( 6973 tpm2b.buffer); 6974 return std::string(char_buffer, tpm2b.size); 6975 } 6976 6977 TPM_RC Serialize_TPM2B_ECC_PARAMETER( 6978 const TPM2B_ECC_PARAMETER& value, 6979 std::string* buffer) { 6980 TPM_RC result = TPM_RC_SUCCESS; 6981 VLOG(3) << __func__; 6982 6983 result = Serialize_UINT16(value.size, buffer); 6984 if (result) { 6985 return result; 6986 } 6987 6988 if (arraysize(value.buffer) < value.size) { 6989 return TPM_RC_INSUFFICIENT; 6990 } 6991 for (uint32_t i = 0; i < value.size; ++i) { 6992 result = Serialize_BYTE(value.buffer[i], buffer); 6993 if (result) { 6994 return result; 6995 } 6996 } 6997 return result; 6998 } 6999 7000 TPM_RC Parse_TPM2B_ECC_PARAMETER( 7001 std::string* buffer, 7002 TPM2B_ECC_PARAMETER* value, 7003 std::string* value_bytes) { 7004 TPM_RC result = TPM_RC_SUCCESS; 7005 VLOG(3) << __func__; 7006 7007 result = Parse_UINT16( 7008 buffer, 7009 &value->size, 7010 value_bytes); 7011 if (result) { 7012 return result; 7013 } 7014 7015 if (arraysize(value->buffer) < value->size) { 7016 return TPM_RC_INSUFFICIENT; 7017 } 7018 for (uint32_t i = 0; i < value->size; ++i) { 7019 result = Parse_BYTE( 7020 buffer, 7021 &value->buffer[i], 7022 value_bytes); 7023 if (result) { 7024 return result; 7025 } 7026 } 7027 return result; 7028 } 7029 7030 TPM2B_ECC_PARAMETER Make_TPM2B_ECC_PARAMETER( 7031 const std::string& bytes) { 7032 TPM2B_ECC_PARAMETER tpm2b; 7033 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 7034 memset(&tpm2b, 0, sizeof(TPM2B_ECC_PARAMETER)); 7035 tpm2b.size = bytes.size(); 7036 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 7037 return tpm2b; 7038 } 7039 7040 std::string StringFrom_TPM2B_ECC_PARAMETER( 7041 const TPM2B_ECC_PARAMETER& tpm2b) { 7042 const char* char_buffer = reinterpret_cast<const char*>( 7043 tpm2b.buffer); 7044 return std::string(char_buffer, tpm2b.size); 7045 } 7046 7047 TPM_RC Serialize_TPMS_ECC_POINT( 7048 const TPMS_ECC_POINT& value, 7049 std::string* buffer) { 7050 TPM_RC result = TPM_RC_SUCCESS; 7051 VLOG(3) << __func__; 7052 7053 result = Serialize_TPM2B_ECC_PARAMETER(value.x, buffer); 7054 if (result) { 7055 return result; 7056 } 7057 7058 result = Serialize_TPM2B_ECC_PARAMETER(value.y, buffer); 7059 if (result) { 7060 return result; 7061 } 7062 return result; 7063 } 7064 7065 TPM_RC Parse_TPMS_ECC_POINT( 7066 std::string* buffer, 7067 TPMS_ECC_POINT* value, 7068 std::string* value_bytes) { 7069 TPM_RC result = TPM_RC_SUCCESS; 7070 VLOG(3) << __func__; 7071 7072 result = Parse_TPM2B_ECC_PARAMETER( 7073 buffer, 7074 &value->x, 7075 value_bytes); 7076 if (result) { 7077 return result; 7078 } 7079 7080 result = Parse_TPM2B_ECC_PARAMETER( 7081 buffer, 7082 &value->y, 7083 value_bytes); 7084 if (result) { 7085 return result; 7086 } 7087 return result; 7088 } 7089 7090 TPM_RC Serialize_TPM2B_ECC_POINT( 7091 const TPM2B_ECC_POINT& value, 7092 std::string* buffer) { 7093 TPM_RC result = TPM_RC_SUCCESS; 7094 VLOG(3) << __func__; 7095 7096 std::string field_bytes; 7097 result = Serialize_TPMS_ECC_POINT(value.point, &field_bytes); 7098 if (result) { 7099 return result; 7100 } 7101 std::string size_bytes; 7102 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 7103 if (result) { 7104 return result; 7105 } 7106 buffer->append(size_bytes + field_bytes); 7107 return result; 7108 } 7109 7110 TPM_RC Parse_TPM2B_ECC_POINT( 7111 std::string* buffer, 7112 TPM2B_ECC_POINT* value, 7113 std::string* value_bytes) { 7114 TPM_RC result = TPM_RC_SUCCESS; 7115 VLOG(3) << __func__; 7116 7117 result = Parse_UINT16( 7118 buffer, 7119 &value->size, 7120 value_bytes); 7121 if (result) { 7122 return result; 7123 } 7124 7125 result = Parse_TPMS_ECC_POINT( 7126 buffer, 7127 &value->point, 7128 value_bytes); 7129 if (result) { 7130 return result; 7131 } 7132 return result; 7133 } 7134 7135 TPM2B_ECC_POINT Make_TPM2B_ECC_POINT( 7136 const TPMS_ECC_POINT& inner) { 7137 TPM2B_ECC_POINT tpm2b; 7138 tpm2b.size = sizeof(TPMS_ECC_POINT); 7139 tpm2b.point = inner; 7140 return tpm2b; 7141 } 7142 7143 TPM_RC Serialize_TPMT_ECC_SCHEME( 7144 const TPMT_ECC_SCHEME& value, 7145 std::string* buffer) { 7146 TPM_RC result = TPM_RC_SUCCESS; 7147 VLOG(3) << __func__; 7148 7149 result = Serialize_TPMI_ALG_ECC_SCHEME(value.scheme, buffer); 7150 if (result) { 7151 return result; 7152 } 7153 7154 result = Serialize_TPMU_SIG_SCHEME( 7155 value.details, 7156 value.scheme, 7157 buffer); 7158 if (result) { 7159 return result; 7160 } 7161 return result; 7162 } 7163 7164 TPM_RC Parse_TPMT_ECC_SCHEME( 7165 std::string* buffer, 7166 TPMT_ECC_SCHEME* value, 7167 std::string* value_bytes) { 7168 TPM_RC result = TPM_RC_SUCCESS; 7169 VLOG(3) << __func__; 7170 7171 result = Parse_TPMI_ALG_ECC_SCHEME( 7172 buffer, 7173 &value->scheme, 7174 value_bytes); 7175 if (result) { 7176 return result; 7177 } 7178 7179 result = Parse_TPMU_SIG_SCHEME( 7180 buffer, 7181 value->scheme, 7182 &value->details, 7183 value_bytes); 7184 if (result) { 7185 return result; 7186 } 7187 return result; 7188 } 7189 7190 TPM_RC Serialize_TPMS_ALGORITHM_DETAIL_ECC( 7191 const TPMS_ALGORITHM_DETAIL_ECC& value, 7192 std::string* buffer) { 7193 TPM_RC result = TPM_RC_SUCCESS; 7194 VLOG(3) << __func__; 7195 7196 result = Serialize_TPM_ECC_CURVE(value.curve_id, buffer); 7197 if (result) { 7198 return result; 7199 } 7200 7201 result = Serialize_UINT16(value.key_size, buffer); 7202 if (result) { 7203 return result; 7204 } 7205 7206 result = Serialize_TPMT_KDF_SCHEME(value.kdf, buffer); 7207 if (result) { 7208 return result; 7209 } 7210 7211 result = Serialize_TPMT_ECC_SCHEME(value.sign, buffer); 7212 if (result) { 7213 return result; 7214 } 7215 7216 result = Serialize_TPM2B_ECC_PARAMETER(value.p, buffer); 7217 if (result) { 7218 return result; 7219 } 7220 7221 result = Serialize_TPM2B_ECC_PARAMETER(value.a, buffer); 7222 if (result) { 7223 return result; 7224 } 7225 7226 result = Serialize_TPM2B_ECC_PARAMETER(value.b, buffer); 7227 if (result) { 7228 return result; 7229 } 7230 7231 result = Serialize_TPM2B_ECC_PARAMETER(value.g_x, buffer); 7232 if (result) { 7233 return result; 7234 } 7235 7236 result = Serialize_TPM2B_ECC_PARAMETER(value.g_y, buffer); 7237 if (result) { 7238 return result; 7239 } 7240 7241 result = Serialize_TPM2B_ECC_PARAMETER(value.n, buffer); 7242 if (result) { 7243 return result; 7244 } 7245 7246 result = Serialize_TPM2B_ECC_PARAMETER(value.h, buffer); 7247 if (result) { 7248 return result; 7249 } 7250 return result; 7251 } 7252 7253 TPM_RC Parse_TPMS_ALGORITHM_DETAIL_ECC( 7254 std::string* buffer, 7255 TPMS_ALGORITHM_DETAIL_ECC* value, 7256 std::string* value_bytes) { 7257 TPM_RC result = TPM_RC_SUCCESS; 7258 VLOG(3) << __func__; 7259 7260 result = Parse_TPM_ECC_CURVE( 7261 buffer, 7262 &value->curve_id, 7263 value_bytes); 7264 if (result) { 7265 return result; 7266 } 7267 7268 result = Parse_UINT16( 7269 buffer, 7270 &value->key_size, 7271 value_bytes); 7272 if (result) { 7273 return result; 7274 } 7275 7276 result = Parse_TPMT_KDF_SCHEME( 7277 buffer, 7278 &value->kdf, 7279 value_bytes); 7280 if (result) { 7281 return result; 7282 } 7283 7284 result = Parse_TPMT_ECC_SCHEME( 7285 buffer, 7286 &value->sign, 7287 value_bytes); 7288 if (result) { 7289 return result; 7290 } 7291 7292 result = Parse_TPM2B_ECC_PARAMETER( 7293 buffer, 7294 &value->p, 7295 value_bytes); 7296 if (result) { 7297 return result; 7298 } 7299 7300 result = Parse_TPM2B_ECC_PARAMETER( 7301 buffer, 7302 &value->a, 7303 value_bytes); 7304 if (result) { 7305 return result; 7306 } 7307 7308 result = Parse_TPM2B_ECC_PARAMETER( 7309 buffer, 7310 &value->b, 7311 value_bytes); 7312 if (result) { 7313 return result; 7314 } 7315 7316 result = Parse_TPM2B_ECC_PARAMETER( 7317 buffer, 7318 &value->g_x, 7319 value_bytes); 7320 if (result) { 7321 return result; 7322 } 7323 7324 result = Parse_TPM2B_ECC_PARAMETER( 7325 buffer, 7326 &value->g_y, 7327 value_bytes); 7328 if (result) { 7329 return result; 7330 } 7331 7332 result = Parse_TPM2B_ECC_PARAMETER( 7333 buffer, 7334 &value->n, 7335 value_bytes); 7336 if (result) { 7337 return result; 7338 } 7339 7340 result = Parse_TPM2B_ECC_PARAMETER( 7341 buffer, 7342 &value->h, 7343 value_bytes); 7344 if (result) { 7345 return result; 7346 } 7347 return result; 7348 } 7349 7350 TPM_RC Serialize_TPMS_SIGNATURE_RSASSA( 7351 const TPMS_SIGNATURE_RSASSA& value, 7352 std::string* buffer) { 7353 TPM_RC result = TPM_RC_SUCCESS; 7354 VLOG(3) << __func__; 7355 7356 result = Serialize_TPMI_ALG_HASH(value.hash, buffer); 7357 if (result) { 7358 return result; 7359 } 7360 7361 result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.sig, buffer); 7362 if (result) { 7363 return result; 7364 } 7365 return result; 7366 } 7367 7368 TPM_RC Parse_TPMS_SIGNATURE_RSASSA( 7369 std::string* buffer, 7370 TPMS_SIGNATURE_RSASSA* value, 7371 std::string* value_bytes) { 7372 TPM_RC result = TPM_RC_SUCCESS; 7373 VLOG(3) << __func__; 7374 7375 result = Parse_TPMI_ALG_HASH( 7376 buffer, 7377 &value->hash, 7378 value_bytes); 7379 if (result) { 7380 return result; 7381 } 7382 7383 result = Parse_TPM2B_PUBLIC_KEY_RSA( 7384 buffer, 7385 &value->sig, 7386 value_bytes); 7387 if (result) { 7388 return result; 7389 } 7390 return result; 7391 } 7392 7393 TPM_RC Serialize_TPMS_SIGNATURE_RSAPSS( 7394 const TPMS_SIGNATURE_RSAPSS& value, 7395 std::string* buffer) { 7396 TPM_RC result = TPM_RC_SUCCESS; 7397 VLOG(3) << __func__; 7398 7399 result = Serialize_TPMI_ALG_HASH(value.hash, buffer); 7400 if (result) { 7401 return result; 7402 } 7403 7404 result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.sig, buffer); 7405 if (result) { 7406 return result; 7407 } 7408 return result; 7409 } 7410 7411 TPM_RC Parse_TPMS_SIGNATURE_RSAPSS( 7412 std::string* buffer, 7413 TPMS_SIGNATURE_RSAPSS* value, 7414 std::string* value_bytes) { 7415 TPM_RC result = TPM_RC_SUCCESS; 7416 VLOG(3) << __func__; 7417 7418 result = Parse_TPMI_ALG_HASH( 7419 buffer, 7420 &value->hash, 7421 value_bytes); 7422 if (result) { 7423 return result; 7424 } 7425 7426 result = Parse_TPM2B_PUBLIC_KEY_RSA( 7427 buffer, 7428 &value->sig, 7429 value_bytes); 7430 if (result) { 7431 return result; 7432 } 7433 return result; 7434 } 7435 7436 TPM_RC Serialize_TPMS_SIGNATURE_ECDSA( 7437 const TPMS_SIGNATURE_ECDSA& value, 7438 std::string* buffer) { 7439 TPM_RC result = TPM_RC_SUCCESS; 7440 VLOG(3) << __func__; 7441 7442 result = Serialize_TPMI_ALG_HASH(value.hash, buffer); 7443 if (result) { 7444 return result; 7445 } 7446 7447 result = Serialize_TPM2B_ECC_PARAMETER(value.signature_r, buffer); 7448 if (result) { 7449 return result; 7450 } 7451 7452 result = Serialize_TPM2B_ECC_PARAMETER(value.signature_s, buffer); 7453 if (result) { 7454 return result; 7455 } 7456 return result; 7457 } 7458 7459 TPM_RC Parse_TPMS_SIGNATURE_ECDSA( 7460 std::string* buffer, 7461 TPMS_SIGNATURE_ECDSA* value, 7462 std::string* value_bytes) { 7463 TPM_RC result = TPM_RC_SUCCESS; 7464 VLOG(3) << __func__; 7465 7466 result = Parse_TPMI_ALG_HASH( 7467 buffer, 7468 &value->hash, 7469 value_bytes); 7470 if (result) { 7471 return result; 7472 } 7473 7474 result = Parse_TPM2B_ECC_PARAMETER( 7475 buffer, 7476 &value->signature_r, 7477 value_bytes); 7478 if (result) { 7479 return result; 7480 } 7481 7482 result = Parse_TPM2B_ECC_PARAMETER( 7483 buffer, 7484 &value->signature_s, 7485 value_bytes); 7486 if (result) { 7487 return result; 7488 } 7489 return result; 7490 } 7491 7492 TPM_RC Serialize_TPMU_SIGNATURE( 7493 const TPMU_SIGNATURE& value, 7494 TPMI_ALG_SIG_SCHEME selector, 7495 std::string* buffer) { 7496 TPM_RC result = TPM_RC_SUCCESS; 7497 VLOG(3) << __func__; 7498 7499 if (selector == TPM_ALG_HMAC) { 7500 result = Serialize_TPMT_HA(value.hmac, buffer); 7501 if (result) { 7502 return result; 7503 } 7504 } 7505 7506 if (selector == TPM_ALG_ECSCHNORR) { 7507 result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecschnorr, buffer); 7508 if (result) { 7509 return result; 7510 } 7511 } 7512 7513 if (selector == TPM_ALG_RSAPSS) { 7514 result = Serialize_TPMS_SIGNATURE_RSAPSS(value.rsapss, buffer); 7515 if (result) { 7516 return result; 7517 } 7518 } 7519 7520 if (selector == TPM_ALG_ECDAA) { 7521 result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecdaa, buffer); 7522 if (result) { 7523 return result; 7524 } 7525 } 7526 7527 if (selector == TPM_ALG_RSASSA) { 7528 result = Serialize_TPMS_SIGNATURE_RSASSA(value.rsassa, buffer); 7529 if (result) { 7530 return result; 7531 } 7532 } 7533 7534 if (selector == TPM_ALG_SM2) { 7535 result = Serialize_TPMS_SIGNATURE_ECDSA(value.sm2, buffer); 7536 if (result) { 7537 return result; 7538 } 7539 } 7540 7541 if (selector == TPM_ALG_ECDSA) { 7542 result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecdsa, buffer); 7543 if (result) { 7544 return result; 7545 } 7546 } 7547 7548 if (selector == TPM_ALG_NULL) { 7549 // Do nothing. 7550 } 7551 return result; 7552 } 7553 7554 TPM_RC Parse_TPMU_SIGNATURE( 7555 std::string* buffer, 7556 TPMI_ALG_SIG_SCHEME selector, 7557 TPMU_SIGNATURE* value, 7558 std::string* value_bytes) { 7559 TPM_RC result = TPM_RC_SUCCESS; 7560 VLOG(3) << __func__; 7561 7562 if (selector == TPM_ALG_HMAC) { 7563 result = Parse_TPMT_HA( 7564 buffer, 7565 &value->hmac, 7566 value_bytes); 7567 if (result) { 7568 return result; 7569 } 7570 } 7571 7572 if (selector == TPM_ALG_ECSCHNORR) { 7573 result = Parse_TPMS_SIGNATURE_ECDSA( 7574 buffer, 7575 &value->ecschnorr, 7576 value_bytes); 7577 if (result) { 7578 return result; 7579 } 7580 } 7581 7582 if (selector == TPM_ALG_RSAPSS) { 7583 result = Parse_TPMS_SIGNATURE_RSAPSS( 7584 buffer, 7585 &value->rsapss, 7586 value_bytes); 7587 if (result) { 7588 return result; 7589 } 7590 } 7591 7592 if (selector == TPM_ALG_ECDAA) { 7593 result = Parse_TPMS_SIGNATURE_ECDSA( 7594 buffer, 7595 &value->ecdaa, 7596 value_bytes); 7597 if (result) { 7598 return result; 7599 } 7600 } 7601 7602 if (selector == TPM_ALG_RSASSA) { 7603 result = Parse_TPMS_SIGNATURE_RSASSA( 7604 buffer, 7605 &value->rsassa, 7606 value_bytes); 7607 if (result) { 7608 return result; 7609 } 7610 } 7611 7612 if (selector == TPM_ALG_SM2) { 7613 result = Parse_TPMS_SIGNATURE_ECDSA( 7614 buffer, 7615 &value->sm2, 7616 value_bytes); 7617 if (result) { 7618 return result; 7619 } 7620 } 7621 7622 if (selector == TPM_ALG_ECDSA) { 7623 result = Parse_TPMS_SIGNATURE_ECDSA( 7624 buffer, 7625 &value->ecdsa, 7626 value_bytes); 7627 if (result) { 7628 return result; 7629 } 7630 } 7631 7632 if (selector == TPM_ALG_NULL) { 7633 // Do nothing. 7634 } 7635 return result; 7636 } 7637 7638 TPM_RC Serialize_TPMT_SIGNATURE( 7639 const TPMT_SIGNATURE& value, 7640 std::string* buffer) { 7641 TPM_RC result = TPM_RC_SUCCESS; 7642 VLOG(3) << __func__; 7643 7644 result = Serialize_TPMI_ALG_SIG_SCHEME(value.sig_alg, buffer); 7645 if (result) { 7646 return result; 7647 } 7648 7649 result = Serialize_TPMU_SIGNATURE( 7650 value.signature, 7651 value.sig_alg, 7652 buffer); 7653 if (result) { 7654 return result; 7655 } 7656 return result; 7657 } 7658 7659 TPM_RC Parse_TPMT_SIGNATURE( 7660 std::string* buffer, 7661 TPMT_SIGNATURE* value, 7662 std::string* value_bytes) { 7663 TPM_RC result = TPM_RC_SUCCESS; 7664 VLOG(3) << __func__; 7665 7666 result = Parse_TPMI_ALG_SIG_SCHEME( 7667 buffer, 7668 &value->sig_alg, 7669 value_bytes); 7670 if (result) { 7671 return result; 7672 } 7673 7674 result = Parse_TPMU_SIGNATURE( 7675 buffer, 7676 value->sig_alg, 7677 &value->signature, 7678 value_bytes); 7679 if (result) { 7680 return result; 7681 } 7682 return result; 7683 } 7684 7685 TPM_RC Serialize_TPM2B_ENCRYPTED_SECRET( 7686 const TPM2B_ENCRYPTED_SECRET& value, 7687 std::string* buffer) { 7688 TPM_RC result = TPM_RC_SUCCESS; 7689 VLOG(3) << __func__; 7690 7691 result = Serialize_UINT16(value.size, buffer); 7692 if (result) { 7693 return result; 7694 } 7695 7696 if (arraysize(value.secret) < value.size) { 7697 return TPM_RC_INSUFFICIENT; 7698 } 7699 for (uint32_t i = 0; i < value.size; ++i) { 7700 result = Serialize_BYTE(value.secret[i], buffer); 7701 if (result) { 7702 return result; 7703 } 7704 } 7705 return result; 7706 } 7707 7708 TPM_RC Parse_TPM2B_ENCRYPTED_SECRET( 7709 std::string* buffer, 7710 TPM2B_ENCRYPTED_SECRET* value, 7711 std::string* value_bytes) { 7712 TPM_RC result = TPM_RC_SUCCESS; 7713 VLOG(3) << __func__; 7714 7715 result = Parse_UINT16( 7716 buffer, 7717 &value->size, 7718 value_bytes); 7719 if (result) { 7720 return result; 7721 } 7722 7723 if (arraysize(value->secret) < value->size) { 7724 return TPM_RC_INSUFFICIENT; 7725 } 7726 for (uint32_t i = 0; i < value->size; ++i) { 7727 result = Parse_BYTE( 7728 buffer, 7729 &value->secret[i], 7730 value_bytes); 7731 if (result) { 7732 return result; 7733 } 7734 } 7735 return result; 7736 } 7737 7738 TPM2B_ENCRYPTED_SECRET Make_TPM2B_ENCRYPTED_SECRET( 7739 const std::string& bytes) { 7740 TPM2B_ENCRYPTED_SECRET tpm2b; 7741 CHECK(bytes.size() <= sizeof(tpm2b.secret)); 7742 memset(&tpm2b, 0, sizeof(TPM2B_ENCRYPTED_SECRET)); 7743 tpm2b.size = bytes.size(); 7744 memcpy(tpm2b.secret, bytes.data(), bytes.size()); 7745 return tpm2b; 7746 } 7747 7748 std::string StringFrom_TPM2B_ENCRYPTED_SECRET( 7749 const TPM2B_ENCRYPTED_SECRET& tpm2b) { 7750 const char* char_buffer = reinterpret_cast<const char*>( 7751 tpm2b.secret); 7752 return std::string(char_buffer, tpm2b.size); 7753 } 7754 7755 TPM_RC Serialize_TPMS_KEYEDHASH_PARMS( 7756 const TPMS_KEYEDHASH_PARMS& value, 7757 std::string* buffer) { 7758 TPM_RC result = TPM_RC_SUCCESS; 7759 VLOG(3) << __func__; 7760 7761 result = Serialize_TPMT_KEYEDHASH_SCHEME(value.scheme, buffer); 7762 if (result) { 7763 return result; 7764 } 7765 return result; 7766 } 7767 7768 TPM_RC Parse_TPMS_KEYEDHASH_PARMS( 7769 std::string* buffer, 7770 TPMS_KEYEDHASH_PARMS* value, 7771 std::string* value_bytes) { 7772 TPM_RC result = TPM_RC_SUCCESS; 7773 VLOG(3) << __func__; 7774 7775 result = Parse_TPMT_KEYEDHASH_SCHEME( 7776 buffer, 7777 &value->scheme, 7778 value_bytes); 7779 if (result) { 7780 return result; 7781 } 7782 return result; 7783 } 7784 7785 TPM_RC Serialize_TPMS_ASYM_PARMS( 7786 const TPMS_ASYM_PARMS& value, 7787 std::string* buffer) { 7788 TPM_RC result = TPM_RC_SUCCESS; 7789 VLOG(3) << __func__; 7790 7791 result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer); 7792 if (result) { 7793 return result; 7794 } 7795 7796 result = Serialize_TPMT_ASYM_SCHEME(value.scheme, buffer); 7797 if (result) { 7798 return result; 7799 } 7800 return result; 7801 } 7802 7803 TPM_RC Parse_TPMS_ASYM_PARMS( 7804 std::string* buffer, 7805 TPMS_ASYM_PARMS* value, 7806 std::string* value_bytes) { 7807 TPM_RC result = TPM_RC_SUCCESS; 7808 VLOG(3) << __func__; 7809 7810 result = Parse_TPMT_SYM_DEF_OBJECT( 7811 buffer, 7812 &value->symmetric, 7813 value_bytes); 7814 if (result) { 7815 return result; 7816 } 7817 7818 result = Parse_TPMT_ASYM_SCHEME( 7819 buffer, 7820 &value->scheme, 7821 value_bytes); 7822 if (result) { 7823 return result; 7824 } 7825 return result; 7826 } 7827 7828 TPM_RC Serialize_TPMS_RSA_PARMS( 7829 const TPMS_RSA_PARMS& value, 7830 std::string* buffer) { 7831 TPM_RC result = TPM_RC_SUCCESS; 7832 VLOG(3) << __func__; 7833 7834 result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer); 7835 if (result) { 7836 return result; 7837 } 7838 7839 result = Serialize_TPMT_RSA_SCHEME(value.scheme, buffer); 7840 if (result) { 7841 return result; 7842 } 7843 7844 result = Serialize_TPMI_RSA_KEY_BITS(value.key_bits, buffer); 7845 if (result) { 7846 return result; 7847 } 7848 7849 result = Serialize_UINT32(value.exponent, buffer); 7850 if (result) { 7851 return result; 7852 } 7853 return result; 7854 } 7855 7856 TPM_RC Parse_TPMS_RSA_PARMS( 7857 std::string* buffer, 7858 TPMS_RSA_PARMS* value, 7859 std::string* value_bytes) { 7860 TPM_RC result = TPM_RC_SUCCESS; 7861 VLOG(3) << __func__; 7862 7863 result = Parse_TPMT_SYM_DEF_OBJECT( 7864 buffer, 7865 &value->symmetric, 7866 value_bytes); 7867 if (result) { 7868 return result; 7869 } 7870 7871 result = Parse_TPMT_RSA_SCHEME( 7872 buffer, 7873 &value->scheme, 7874 value_bytes); 7875 if (result) { 7876 return result; 7877 } 7878 7879 result = Parse_TPMI_RSA_KEY_BITS( 7880 buffer, 7881 &value->key_bits, 7882 value_bytes); 7883 if (result) { 7884 return result; 7885 } 7886 7887 result = Parse_UINT32( 7888 buffer, 7889 &value->exponent, 7890 value_bytes); 7891 if (result) { 7892 return result; 7893 } 7894 return result; 7895 } 7896 7897 TPM_RC Serialize_TPMS_ECC_PARMS( 7898 const TPMS_ECC_PARMS& value, 7899 std::string* buffer) { 7900 TPM_RC result = TPM_RC_SUCCESS; 7901 VLOG(3) << __func__; 7902 7903 result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer); 7904 if (result) { 7905 return result; 7906 } 7907 7908 result = Serialize_TPMT_ECC_SCHEME(value.scheme, buffer); 7909 if (result) { 7910 return result; 7911 } 7912 7913 result = Serialize_TPMI_ECC_CURVE(value.curve_id, buffer); 7914 if (result) { 7915 return result; 7916 } 7917 7918 result = Serialize_TPMT_KDF_SCHEME(value.kdf, buffer); 7919 if (result) { 7920 return result; 7921 } 7922 return result; 7923 } 7924 7925 TPM_RC Parse_TPMS_ECC_PARMS( 7926 std::string* buffer, 7927 TPMS_ECC_PARMS* value, 7928 std::string* value_bytes) { 7929 TPM_RC result = TPM_RC_SUCCESS; 7930 VLOG(3) << __func__; 7931 7932 result = Parse_TPMT_SYM_DEF_OBJECT( 7933 buffer, 7934 &value->symmetric, 7935 value_bytes); 7936 if (result) { 7937 return result; 7938 } 7939 7940 result = Parse_TPMT_ECC_SCHEME( 7941 buffer, 7942 &value->scheme, 7943 value_bytes); 7944 if (result) { 7945 return result; 7946 } 7947 7948 result = Parse_TPMI_ECC_CURVE( 7949 buffer, 7950 &value->curve_id, 7951 value_bytes); 7952 if (result) { 7953 return result; 7954 } 7955 7956 result = Parse_TPMT_KDF_SCHEME( 7957 buffer, 7958 &value->kdf, 7959 value_bytes); 7960 if (result) { 7961 return result; 7962 } 7963 return result; 7964 } 7965 7966 TPM_RC Serialize_TPMU_PUBLIC_PARMS( 7967 const TPMU_PUBLIC_PARMS& value, 7968 TPMI_ALG_PUBLIC selector, 7969 std::string* buffer) { 7970 TPM_RC result = TPM_RC_SUCCESS; 7971 VLOG(3) << __func__; 7972 7973 if (selector == TPM_ALG_KEYEDHASH) { 7974 result = Serialize_TPMS_KEYEDHASH_PARMS(value.keyed_hash_detail, buffer); 7975 if (result) { 7976 return result; 7977 } 7978 } 7979 7980 if (selector == TPM_ALG_RSA) { 7981 result = Serialize_TPMS_RSA_PARMS(value.rsa_detail, buffer); 7982 if (result) { 7983 return result; 7984 } 7985 } 7986 7987 if (selector == TPM_ALG_SYMCIPHER) { 7988 result = Serialize_TPMS_SYMCIPHER_PARMS(value.sym_detail, buffer); 7989 if (result) { 7990 return result; 7991 } 7992 } 7993 7994 if (selector == TPM_ALG_ECC) { 7995 result = Serialize_TPMS_ECC_PARMS(value.ecc_detail, buffer); 7996 if (result) { 7997 return result; 7998 } 7999 } 8000 return result; 8001 } 8002 8003 TPM_RC Parse_TPMU_PUBLIC_PARMS( 8004 std::string* buffer, 8005 TPMI_ALG_PUBLIC selector, 8006 TPMU_PUBLIC_PARMS* value, 8007 std::string* value_bytes) { 8008 TPM_RC result = TPM_RC_SUCCESS; 8009 VLOG(3) << __func__; 8010 8011 if (selector == TPM_ALG_KEYEDHASH) { 8012 result = Parse_TPMS_KEYEDHASH_PARMS( 8013 buffer, 8014 &value->keyed_hash_detail, 8015 value_bytes); 8016 if (result) { 8017 return result; 8018 } 8019 } 8020 8021 if (selector == TPM_ALG_RSA) { 8022 result = Parse_TPMS_RSA_PARMS( 8023 buffer, 8024 &value->rsa_detail, 8025 value_bytes); 8026 if (result) { 8027 return result; 8028 } 8029 } 8030 8031 if (selector == TPM_ALG_SYMCIPHER) { 8032 result = Parse_TPMS_SYMCIPHER_PARMS( 8033 buffer, 8034 &value->sym_detail, 8035 value_bytes); 8036 if (result) { 8037 return result; 8038 } 8039 } 8040 8041 if (selector == TPM_ALG_ECC) { 8042 result = Parse_TPMS_ECC_PARMS( 8043 buffer, 8044 &value->ecc_detail, 8045 value_bytes); 8046 if (result) { 8047 return result; 8048 } 8049 } 8050 return result; 8051 } 8052 8053 TPM_RC Serialize_TPMT_PUBLIC_PARMS( 8054 const TPMT_PUBLIC_PARMS& value, 8055 std::string* buffer) { 8056 TPM_RC result = TPM_RC_SUCCESS; 8057 VLOG(3) << __func__; 8058 8059 result = Serialize_TPMI_ALG_PUBLIC(value.type, buffer); 8060 if (result) { 8061 return result; 8062 } 8063 8064 result = Serialize_TPMU_PUBLIC_PARMS( 8065 value.parameters, 8066 value.type, 8067 buffer); 8068 if (result) { 8069 return result; 8070 } 8071 return result; 8072 } 8073 8074 TPM_RC Parse_TPMT_PUBLIC_PARMS( 8075 std::string* buffer, 8076 TPMT_PUBLIC_PARMS* value, 8077 std::string* value_bytes) { 8078 TPM_RC result = TPM_RC_SUCCESS; 8079 VLOG(3) << __func__; 8080 8081 result = Parse_TPMI_ALG_PUBLIC( 8082 buffer, 8083 &value->type, 8084 value_bytes); 8085 if (result) { 8086 return result; 8087 } 8088 8089 result = Parse_TPMU_PUBLIC_PARMS( 8090 buffer, 8091 value->type, 8092 &value->parameters, 8093 value_bytes); 8094 if (result) { 8095 return result; 8096 } 8097 return result; 8098 } 8099 8100 TPM_RC Serialize_TPMU_PUBLIC_ID( 8101 const TPMU_PUBLIC_ID& value, 8102 TPMI_ALG_PUBLIC selector, 8103 std::string* buffer) { 8104 TPM_RC result = TPM_RC_SUCCESS; 8105 VLOG(3) << __func__; 8106 8107 if (selector == TPM_ALG_KEYEDHASH) { 8108 result = Serialize_TPM2B_DIGEST(value.keyed_hash, buffer); 8109 if (result) { 8110 return result; 8111 } 8112 } 8113 8114 if (selector == TPM_ALG_RSA) { 8115 result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.rsa, buffer); 8116 if (result) { 8117 return result; 8118 } 8119 } 8120 8121 if (selector == TPM_ALG_SYMCIPHER) { 8122 result = Serialize_TPM2B_DIGEST(value.sym, buffer); 8123 if (result) { 8124 return result; 8125 } 8126 } 8127 8128 if (selector == TPM_ALG_ECC) { 8129 result = Serialize_TPMS_ECC_POINT(value.ecc, buffer); 8130 if (result) { 8131 return result; 8132 } 8133 } 8134 return result; 8135 } 8136 8137 TPM_RC Parse_TPMU_PUBLIC_ID( 8138 std::string* buffer, 8139 TPMI_ALG_PUBLIC selector, 8140 TPMU_PUBLIC_ID* value, 8141 std::string* value_bytes) { 8142 TPM_RC result = TPM_RC_SUCCESS; 8143 VLOG(3) << __func__; 8144 8145 if (selector == TPM_ALG_KEYEDHASH) { 8146 result = Parse_TPM2B_DIGEST( 8147 buffer, 8148 &value->keyed_hash, 8149 value_bytes); 8150 if (result) { 8151 return result; 8152 } 8153 } 8154 8155 if (selector == TPM_ALG_RSA) { 8156 result = Parse_TPM2B_PUBLIC_KEY_RSA( 8157 buffer, 8158 &value->rsa, 8159 value_bytes); 8160 if (result) { 8161 return result; 8162 } 8163 } 8164 8165 if (selector == TPM_ALG_SYMCIPHER) { 8166 result = Parse_TPM2B_DIGEST( 8167 buffer, 8168 &value->sym, 8169 value_bytes); 8170 if (result) { 8171 return result; 8172 } 8173 } 8174 8175 if (selector == TPM_ALG_ECC) { 8176 result = Parse_TPMS_ECC_POINT( 8177 buffer, 8178 &value->ecc, 8179 value_bytes); 8180 if (result) { 8181 return result; 8182 } 8183 } 8184 return result; 8185 } 8186 8187 TPM_RC Serialize_TPMT_PUBLIC( 8188 const TPMT_PUBLIC& value, 8189 std::string* buffer) { 8190 TPM_RC result = TPM_RC_SUCCESS; 8191 VLOG(3) << __func__; 8192 8193 result = Serialize_TPMI_ALG_PUBLIC(value.type, buffer); 8194 if (result) { 8195 return result; 8196 } 8197 8198 result = Serialize_TPMI_ALG_HASH(value.name_alg, buffer); 8199 if (result) { 8200 return result; 8201 } 8202 8203 result = Serialize_TPMA_OBJECT(value.object_attributes, buffer); 8204 if (result) { 8205 return result; 8206 } 8207 8208 result = Serialize_TPM2B_DIGEST(value.auth_policy, buffer); 8209 if (result) { 8210 return result; 8211 } 8212 8213 result = Serialize_TPMU_PUBLIC_PARMS( 8214 value.parameters, 8215 value.type, 8216 buffer); 8217 if (result) { 8218 return result; 8219 } 8220 8221 result = Serialize_TPMU_PUBLIC_ID( 8222 value.unique, 8223 value.type, 8224 buffer); 8225 if (result) { 8226 return result; 8227 } 8228 return result; 8229 } 8230 8231 TPM_RC Parse_TPMT_PUBLIC( 8232 std::string* buffer, 8233 TPMT_PUBLIC* value, 8234 std::string* value_bytes) { 8235 TPM_RC result = TPM_RC_SUCCESS; 8236 VLOG(3) << __func__; 8237 8238 result = Parse_TPMI_ALG_PUBLIC( 8239 buffer, 8240 &value->type, 8241 value_bytes); 8242 if (result) { 8243 return result; 8244 } 8245 8246 result = Parse_TPMI_ALG_HASH( 8247 buffer, 8248 &value->name_alg, 8249 value_bytes); 8250 if (result) { 8251 return result; 8252 } 8253 8254 result = Parse_TPMA_OBJECT( 8255 buffer, 8256 &value->object_attributes, 8257 value_bytes); 8258 if (result) { 8259 return result; 8260 } 8261 8262 result = Parse_TPM2B_DIGEST( 8263 buffer, 8264 &value->auth_policy, 8265 value_bytes); 8266 if (result) { 8267 return result; 8268 } 8269 8270 result = Parse_TPMU_PUBLIC_PARMS( 8271 buffer, 8272 value->type, 8273 &value->parameters, 8274 value_bytes); 8275 if (result) { 8276 return result; 8277 } 8278 8279 result = Parse_TPMU_PUBLIC_ID( 8280 buffer, 8281 value->type, 8282 &value->unique, 8283 value_bytes); 8284 if (result) { 8285 return result; 8286 } 8287 return result; 8288 } 8289 8290 TPM_RC Serialize_TPM2B_PUBLIC( 8291 const TPM2B_PUBLIC& value, 8292 std::string* buffer) { 8293 TPM_RC result = TPM_RC_SUCCESS; 8294 VLOG(3) << __func__; 8295 8296 std::string field_bytes; 8297 result = Serialize_TPMT_PUBLIC(value.public_area, &field_bytes); 8298 if (result) { 8299 return result; 8300 } 8301 std::string size_bytes; 8302 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 8303 if (result) { 8304 return result; 8305 } 8306 buffer->append(size_bytes + field_bytes); 8307 return result; 8308 } 8309 8310 TPM_RC Parse_TPM2B_PUBLIC( 8311 std::string* buffer, 8312 TPM2B_PUBLIC* value, 8313 std::string* value_bytes) { 8314 TPM_RC result = TPM_RC_SUCCESS; 8315 VLOG(3) << __func__; 8316 8317 result = Parse_UINT16( 8318 buffer, 8319 &value->size, 8320 value_bytes); 8321 if (result) { 8322 return result; 8323 } 8324 8325 result = Parse_TPMT_PUBLIC( 8326 buffer, 8327 &value->public_area, 8328 value_bytes); 8329 if (result) { 8330 return result; 8331 } 8332 return result; 8333 } 8334 8335 TPM2B_PUBLIC Make_TPM2B_PUBLIC( 8336 const TPMT_PUBLIC& inner) { 8337 TPM2B_PUBLIC tpm2b; 8338 tpm2b.size = sizeof(TPMT_PUBLIC); 8339 tpm2b.public_area = inner; 8340 return tpm2b; 8341 } 8342 8343 TPM_RC Serialize_TPM2B_PRIVATE_VENDOR_SPECIFIC( 8344 const TPM2B_PRIVATE_VENDOR_SPECIFIC& value, 8345 std::string* buffer) { 8346 TPM_RC result = TPM_RC_SUCCESS; 8347 VLOG(3) << __func__; 8348 8349 result = Serialize_UINT16(value.size, buffer); 8350 if (result) { 8351 return result; 8352 } 8353 8354 if (arraysize(value.buffer) < value.size) { 8355 return TPM_RC_INSUFFICIENT; 8356 } 8357 for (uint32_t i = 0; i < value.size; ++i) { 8358 result = Serialize_BYTE(value.buffer[i], buffer); 8359 if (result) { 8360 return result; 8361 } 8362 } 8363 return result; 8364 } 8365 8366 TPM_RC Parse_TPM2B_PRIVATE_VENDOR_SPECIFIC( 8367 std::string* buffer, 8368 TPM2B_PRIVATE_VENDOR_SPECIFIC* value, 8369 std::string* value_bytes) { 8370 TPM_RC result = TPM_RC_SUCCESS; 8371 VLOG(3) << __func__; 8372 8373 result = Parse_UINT16( 8374 buffer, 8375 &value->size, 8376 value_bytes); 8377 if (result) { 8378 return result; 8379 } 8380 8381 if (arraysize(value->buffer) < value->size) { 8382 return TPM_RC_INSUFFICIENT; 8383 } 8384 for (uint32_t i = 0; i < value->size; ++i) { 8385 result = Parse_BYTE( 8386 buffer, 8387 &value->buffer[i], 8388 value_bytes); 8389 if (result) { 8390 return result; 8391 } 8392 } 8393 return result; 8394 } 8395 8396 TPM2B_PRIVATE_VENDOR_SPECIFIC Make_TPM2B_PRIVATE_VENDOR_SPECIFIC( 8397 const std::string& bytes) { 8398 TPM2B_PRIVATE_VENDOR_SPECIFIC tpm2b; 8399 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 8400 memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE_VENDOR_SPECIFIC)); 8401 tpm2b.size = bytes.size(); 8402 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 8403 return tpm2b; 8404 } 8405 8406 std::string StringFrom_TPM2B_PRIVATE_VENDOR_SPECIFIC( 8407 const TPM2B_PRIVATE_VENDOR_SPECIFIC& tpm2b) { 8408 const char* char_buffer = reinterpret_cast<const char*>( 8409 tpm2b.buffer); 8410 return std::string(char_buffer, tpm2b.size); 8411 } 8412 8413 TPM_RC Serialize_TPMU_SENSITIVE_COMPOSITE( 8414 const TPMU_SENSITIVE_COMPOSITE& value, 8415 TPMI_ALG_PUBLIC selector, 8416 std::string* buffer) { 8417 TPM_RC result = TPM_RC_SUCCESS; 8418 VLOG(3) << __func__; 8419 8420 if (selector == TPM_ALG_KEYEDHASH) { 8421 result = Serialize_TPM2B_SENSITIVE_DATA(value.bits, buffer); 8422 if (result) { 8423 return result; 8424 } 8425 } 8426 8427 if (selector == TPM_ALG_RSA) { 8428 result = Serialize_TPM2B_PRIVATE_KEY_RSA(value.rsa, buffer); 8429 if (result) { 8430 return result; 8431 } 8432 } 8433 8434 if (selector == TPM_ALG_SYMCIPHER) { 8435 result = Serialize_TPM2B_SYM_KEY(value.sym, buffer); 8436 if (result) { 8437 return result; 8438 } 8439 } 8440 8441 if (selector == TPM_ALG_ECC) { 8442 result = Serialize_TPM2B_ECC_PARAMETER(value.ecc, buffer); 8443 if (result) { 8444 return result; 8445 } 8446 } 8447 return result; 8448 } 8449 8450 TPM_RC Parse_TPMU_SENSITIVE_COMPOSITE( 8451 std::string* buffer, 8452 TPMI_ALG_PUBLIC selector, 8453 TPMU_SENSITIVE_COMPOSITE* value, 8454 std::string* value_bytes) { 8455 TPM_RC result = TPM_RC_SUCCESS; 8456 VLOG(3) << __func__; 8457 8458 if (selector == TPM_ALG_KEYEDHASH) { 8459 result = Parse_TPM2B_SENSITIVE_DATA( 8460 buffer, 8461 &value->bits, 8462 value_bytes); 8463 if (result) { 8464 return result; 8465 } 8466 } 8467 8468 if (selector == TPM_ALG_RSA) { 8469 result = Parse_TPM2B_PRIVATE_KEY_RSA( 8470 buffer, 8471 &value->rsa, 8472 value_bytes); 8473 if (result) { 8474 return result; 8475 } 8476 } 8477 8478 if (selector == TPM_ALG_SYMCIPHER) { 8479 result = Parse_TPM2B_SYM_KEY( 8480 buffer, 8481 &value->sym, 8482 value_bytes); 8483 if (result) { 8484 return result; 8485 } 8486 } 8487 8488 if (selector == TPM_ALG_ECC) { 8489 result = Parse_TPM2B_ECC_PARAMETER( 8490 buffer, 8491 &value->ecc, 8492 value_bytes); 8493 if (result) { 8494 return result; 8495 } 8496 } 8497 return result; 8498 } 8499 8500 TPM_RC Serialize_TPMT_SENSITIVE( 8501 const TPMT_SENSITIVE& value, 8502 std::string* buffer) { 8503 TPM_RC result = TPM_RC_SUCCESS; 8504 VLOG(3) << __func__; 8505 8506 result = Serialize_TPMI_ALG_PUBLIC(value.sensitive_type, buffer); 8507 if (result) { 8508 return result; 8509 } 8510 8511 result = Serialize_TPM2B_AUTH(value.auth_value, buffer); 8512 if (result) { 8513 return result; 8514 } 8515 8516 result = Serialize_TPM2B_DIGEST(value.seed_value, buffer); 8517 if (result) { 8518 return result; 8519 } 8520 8521 result = Serialize_TPMU_SENSITIVE_COMPOSITE( 8522 value.sensitive, 8523 value.sensitive_type, 8524 buffer); 8525 if (result) { 8526 return result; 8527 } 8528 return result; 8529 } 8530 8531 TPM_RC Parse_TPMT_SENSITIVE( 8532 std::string* buffer, 8533 TPMT_SENSITIVE* value, 8534 std::string* value_bytes) { 8535 TPM_RC result = TPM_RC_SUCCESS; 8536 VLOG(3) << __func__; 8537 8538 result = Parse_TPMI_ALG_PUBLIC( 8539 buffer, 8540 &value->sensitive_type, 8541 value_bytes); 8542 if (result) { 8543 return result; 8544 } 8545 8546 result = Parse_TPM2B_AUTH( 8547 buffer, 8548 &value->auth_value, 8549 value_bytes); 8550 if (result) { 8551 return result; 8552 } 8553 8554 result = Parse_TPM2B_DIGEST( 8555 buffer, 8556 &value->seed_value, 8557 value_bytes); 8558 if (result) { 8559 return result; 8560 } 8561 8562 result = Parse_TPMU_SENSITIVE_COMPOSITE( 8563 buffer, 8564 value->sensitive_type, 8565 &value->sensitive, 8566 value_bytes); 8567 if (result) { 8568 return result; 8569 } 8570 return result; 8571 } 8572 8573 TPM_RC Serialize_TPM2B_SENSITIVE( 8574 const TPM2B_SENSITIVE& value, 8575 std::string* buffer) { 8576 TPM_RC result = TPM_RC_SUCCESS; 8577 VLOG(3) << __func__; 8578 8579 std::string field_bytes; 8580 result = Serialize_TPMT_SENSITIVE(value.sensitive_area, &field_bytes); 8581 if (result) { 8582 return result; 8583 } 8584 std::string size_bytes; 8585 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 8586 if (result) { 8587 return result; 8588 } 8589 buffer->append(size_bytes + field_bytes); 8590 return result; 8591 } 8592 8593 TPM_RC Parse_TPM2B_SENSITIVE( 8594 std::string* buffer, 8595 TPM2B_SENSITIVE* value, 8596 std::string* value_bytes) { 8597 TPM_RC result = TPM_RC_SUCCESS; 8598 VLOG(3) << __func__; 8599 8600 result = Parse_UINT16( 8601 buffer, 8602 &value->size, 8603 value_bytes); 8604 if (result) { 8605 return result; 8606 } 8607 8608 result = Parse_TPMT_SENSITIVE( 8609 buffer, 8610 &value->sensitive_area, 8611 value_bytes); 8612 if (result) { 8613 return result; 8614 } 8615 return result; 8616 } 8617 8618 TPM2B_SENSITIVE Make_TPM2B_SENSITIVE( 8619 const TPMT_SENSITIVE& inner) { 8620 TPM2B_SENSITIVE tpm2b; 8621 tpm2b.size = sizeof(TPMT_SENSITIVE); 8622 tpm2b.sensitive_area = inner; 8623 return tpm2b; 8624 } 8625 8626 TPM_RC Serialize__PRIVATE( 8627 const _PRIVATE& value, 8628 std::string* buffer) { 8629 TPM_RC result = TPM_RC_SUCCESS; 8630 VLOG(3) << __func__; 8631 8632 result = Serialize_TPM2B_DIGEST(value.integrity_outer, buffer); 8633 if (result) { 8634 return result; 8635 } 8636 8637 result = Serialize_TPM2B_DIGEST(value.integrity_inner, buffer); 8638 if (result) { 8639 return result; 8640 } 8641 8642 result = Serialize_TPMT_SENSITIVE(value.sensitive, buffer); 8643 if (result) { 8644 return result; 8645 } 8646 return result; 8647 } 8648 8649 TPM_RC Parse__PRIVATE( 8650 std::string* buffer, 8651 _PRIVATE* value, 8652 std::string* value_bytes) { 8653 TPM_RC result = TPM_RC_SUCCESS; 8654 VLOG(3) << __func__; 8655 8656 result = Parse_TPM2B_DIGEST( 8657 buffer, 8658 &value->integrity_outer, 8659 value_bytes); 8660 if (result) { 8661 return result; 8662 } 8663 8664 result = Parse_TPM2B_DIGEST( 8665 buffer, 8666 &value->integrity_inner, 8667 value_bytes); 8668 if (result) { 8669 return result; 8670 } 8671 8672 result = Parse_TPMT_SENSITIVE( 8673 buffer, 8674 &value->sensitive, 8675 value_bytes); 8676 if (result) { 8677 return result; 8678 } 8679 return result; 8680 } 8681 8682 TPM_RC Serialize_TPM2B_PRIVATE( 8683 const TPM2B_PRIVATE& value, 8684 std::string* buffer) { 8685 TPM_RC result = TPM_RC_SUCCESS; 8686 VLOG(3) << __func__; 8687 8688 result = Serialize_UINT16(value.size, buffer); 8689 if (result) { 8690 return result; 8691 } 8692 8693 if (arraysize(value.buffer) < value.size) { 8694 return TPM_RC_INSUFFICIENT; 8695 } 8696 for (uint32_t i = 0; i < value.size; ++i) { 8697 result = Serialize_BYTE(value.buffer[i], buffer); 8698 if (result) { 8699 return result; 8700 } 8701 } 8702 return result; 8703 } 8704 8705 TPM_RC Parse_TPM2B_PRIVATE( 8706 std::string* buffer, 8707 TPM2B_PRIVATE* value, 8708 std::string* value_bytes) { 8709 TPM_RC result = TPM_RC_SUCCESS; 8710 VLOG(3) << __func__; 8711 8712 result = Parse_UINT16( 8713 buffer, 8714 &value->size, 8715 value_bytes); 8716 if (result) { 8717 return result; 8718 } 8719 8720 if (arraysize(value->buffer) < value->size) { 8721 return TPM_RC_INSUFFICIENT; 8722 } 8723 for (uint32_t i = 0; i < value->size; ++i) { 8724 result = Parse_BYTE( 8725 buffer, 8726 &value->buffer[i], 8727 value_bytes); 8728 if (result) { 8729 return result; 8730 } 8731 } 8732 return result; 8733 } 8734 8735 TPM2B_PRIVATE Make_TPM2B_PRIVATE( 8736 const std::string& bytes) { 8737 TPM2B_PRIVATE tpm2b; 8738 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 8739 memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE)); 8740 tpm2b.size = bytes.size(); 8741 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 8742 return tpm2b; 8743 } 8744 8745 std::string StringFrom_TPM2B_PRIVATE( 8746 const TPM2B_PRIVATE& tpm2b) { 8747 const char* char_buffer = reinterpret_cast<const char*>( 8748 tpm2b.buffer); 8749 return std::string(char_buffer, tpm2b.size); 8750 } 8751 8752 TPM_RC Serialize__ID_OBJECT( 8753 const _ID_OBJECT& value, 8754 std::string* buffer) { 8755 TPM_RC result = TPM_RC_SUCCESS; 8756 VLOG(3) << __func__; 8757 8758 result = Serialize_TPM2B_DIGEST(value.integrity_hmac, buffer); 8759 if (result) { 8760 return result; 8761 } 8762 8763 result = Serialize_TPM2B_DIGEST(value.enc_identity, buffer); 8764 if (result) { 8765 return result; 8766 } 8767 return result; 8768 } 8769 8770 TPM_RC Parse__ID_OBJECT( 8771 std::string* buffer, 8772 _ID_OBJECT* value, 8773 std::string* value_bytes) { 8774 TPM_RC result = TPM_RC_SUCCESS; 8775 VLOG(3) << __func__; 8776 8777 result = Parse_TPM2B_DIGEST( 8778 buffer, 8779 &value->integrity_hmac, 8780 value_bytes); 8781 if (result) { 8782 return result; 8783 } 8784 8785 result = Parse_TPM2B_DIGEST( 8786 buffer, 8787 &value->enc_identity, 8788 value_bytes); 8789 if (result) { 8790 return result; 8791 } 8792 return result; 8793 } 8794 8795 TPM_RC Serialize_TPM2B_ID_OBJECT( 8796 const TPM2B_ID_OBJECT& value, 8797 std::string* buffer) { 8798 TPM_RC result = TPM_RC_SUCCESS; 8799 VLOG(3) << __func__; 8800 8801 result = Serialize_UINT16(value.size, buffer); 8802 if (result) { 8803 return result; 8804 } 8805 8806 if (arraysize(value.credential) < value.size) { 8807 return TPM_RC_INSUFFICIENT; 8808 } 8809 for (uint32_t i = 0; i < value.size; ++i) { 8810 result = Serialize_BYTE(value.credential[i], buffer); 8811 if (result) { 8812 return result; 8813 } 8814 } 8815 return result; 8816 } 8817 8818 TPM_RC Parse_TPM2B_ID_OBJECT( 8819 std::string* buffer, 8820 TPM2B_ID_OBJECT* value, 8821 std::string* value_bytes) { 8822 TPM_RC result = TPM_RC_SUCCESS; 8823 VLOG(3) << __func__; 8824 8825 result = Parse_UINT16( 8826 buffer, 8827 &value->size, 8828 value_bytes); 8829 if (result) { 8830 return result; 8831 } 8832 8833 if (arraysize(value->credential) < value->size) { 8834 return TPM_RC_INSUFFICIENT; 8835 } 8836 for (uint32_t i = 0; i < value->size; ++i) { 8837 result = Parse_BYTE( 8838 buffer, 8839 &value->credential[i], 8840 value_bytes); 8841 if (result) { 8842 return result; 8843 } 8844 } 8845 return result; 8846 } 8847 8848 TPM2B_ID_OBJECT Make_TPM2B_ID_OBJECT( 8849 const std::string& bytes) { 8850 TPM2B_ID_OBJECT tpm2b; 8851 CHECK(bytes.size() <= sizeof(tpm2b.credential)); 8852 memset(&tpm2b, 0, sizeof(TPM2B_ID_OBJECT)); 8853 tpm2b.size = bytes.size(); 8854 memcpy(tpm2b.credential, bytes.data(), bytes.size()); 8855 return tpm2b; 8856 } 8857 8858 std::string StringFrom_TPM2B_ID_OBJECT( 8859 const TPM2B_ID_OBJECT& tpm2b) { 8860 const char* char_buffer = reinterpret_cast<const char*>( 8861 tpm2b.credential); 8862 return std::string(char_buffer, tpm2b.size); 8863 } 8864 8865 TPM_RC Serialize_TPMS_NV_PUBLIC( 8866 const TPMS_NV_PUBLIC& value, 8867 std::string* buffer) { 8868 TPM_RC result = TPM_RC_SUCCESS; 8869 VLOG(3) << __func__; 8870 8871 result = Serialize_TPMI_RH_NV_INDEX(value.nv_index, buffer); 8872 if (result) { 8873 return result; 8874 } 8875 8876 result = Serialize_TPMI_ALG_HASH(value.name_alg, buffer); 8877 if (result) { 8878 return result; 8879 } 8880 8881 result = Serialize_TPMA_NV(value.attributes, buffer); 8882 if (result) { 8883 return result; 8884 } 8885 8886 result = Serialize_TPM2B_DIGEST(value.auth_policy, buffer); 8887 if (result) { 8888 return result; 8889 } 8890 8891 result = Serialize_UINT16(value.data_size, buffer); 8892 if (result) { 8893 return result; 8894 } 8895 return result; 8896 } 8897 8898 TPM_RC Parse_TPMS_NV_PUBLIC( 8899 std::string* buffer, 8900 TPMS_NV_PUBLIC* value, 8901 std::string* value_bytes) { 8902 TPM_RC result = TPM_RC_SUCCESS; 8903 VLOG(3) << __func__; 8904 8905 result = Parse_TPMI_RH_NV_INDEX( 8906 buffer, 8907 &value->nv_index, 8908 value_bytes); 8909 if (result) { 8910 return result; 8911 } 8912 8913 result = Parse_TPMI_ALG_HASH( 8914 buffer, 8915 &value->name_alg, 8916 value_bytes); 8917 if (result) { 8918 return result; 8919 } 8920 8921 result = Parse_TPMA_NV( 8922 buffer, 8923 &value->attributes, 8924 value_bytes); 8925 if (result) { 8926 return result; 8927 } 8928 8929 result = Parse_TPM2B_DIGEST( 8930 buffer, 8931 &value->auth_policy, 8932 value_bytes); 8933 if (result) { 8934 return result; 8935 } 8936 8937 result = Parse_UINT16( 8938 buffer, 8939 &value->data_size, 8940 value_bytes); 8941 if (result) { 8942 return result; 8943 } 8944 return result; 8945 } 8946 8947 TPM_RC Serialize_TPM2B_NV_PUBLIC( 8948 const TPM2B_NV_PUBLIC& value, 8949 std::string* buffer) { 8950 TPM_RC result = TPM_RC_SUCCESS; 8951 VLOG(3) << __func__; 8952 8953 std::string field_bytes; 8954 result = Serialize_TPMS_NV_PUBLIC(value.nv_public, &field_bytes); 8955 if (result) { 8956 return result; 8957 } 8958 std::string size_bytes; 8959 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 8960 if (result) { 8961 return result; 8962 } 8963 buffer->append(size_bytes + field_bytes); 8964 return result; 8965 } 8966 8967 TPM_RC Parse_TPM2B_NV_PUBLIC( 8968 std::string* buffer, 8969 TPM2B_NV_PUBLIC* value, 8970 std::string* value_bytes) { 8971 TPM_RC result = TPM_RC_SUCCESS; 8972 VLOG(3) << __func__; 8973 8974 result = Parse_UINT16( 8975 buffer, 8976 &value->size, 8977 value_bytes); 8978 if (result) { 8979 return result; 8980 } 8981 8982 result = Parse_TPMS_NV_PUBLIC( 8983 buffer, 8984 &value->nv_public, 8985 value_bytes); 8986 if (result) { 8987 return result; 8988 } 8989 return result; 8990 } 8991 8992 TPM2B_NV_PUBLIC Make_TPM2B_NV_PUBLIC( 8993 const TPMS_NV_PUBLIC& inner) { 8994 TPM2B_NV_PUBLIC tpm2b; 8995 tpm2b.size = sizeof(TPMS_NV_PUBLIC); 8996 tpm2b.nv_public = inner; 8997 return tpm2b; 8998 } 8999 9000 TPM_RC Serialize_TPM2B_CONTEXT_SENSITIVE( 9001 const TPM2B_CONTEXT_SENSITIVE& value, 9002 std::string* buffer) { 9003 TPM_RC result = TPM_RC_SUCCESS; 9004 VLOG(3) << __func__; 9005 9006 result = Serialize_UINT16(value.size, buffer); 9007 if (result) { 9008 return result; 9009 } 9010 9011 if (arraysize(value.buffer) < value.size) { 9012 return TPM_RC_INSUFFICIENT; 9013 } 9014 for (uint32_t i = 0; i < value.size; ++i) { 9015 result = Serialize_BYTE(value.buffer[i], buffer); 9016 if (result) { 9017 return result; 9018 } 9019 } 9020 return result; 9021 } 9022 9023 TPM_RC Parse_TPM2B_CONTEXT_SENSITIVE( 9024 std::string* buffer, 9025 TPM2B_CONTEXT_SENSITIVE* value, 9026 std::string* value_bytes) { 9027 TPM_RC result = TPM_RC_SUCCESS; 9028 VLOG(3) << __func__; 9029 9030 result = Parse_UINT16( 9031 buffer, 9032 &value->size, 9033 value_bytes); 9034 if (result) { 9035 return result; 9036 } 9037 9038 if (arraysize(value->buffer) < value->size) { 9039 return TPM_RC_INSUFFICIENT; 9040 } 9041 for (uint32_t i = 0; i < value->size; ++i) { 9042 result = Parse_BYTE( 9043 buffer, 9044 &value->buffer[i], 9045 value_bytes); 9046 if (result) { 9047 return result; 9048 } 9049 } 9050 return result; 9051 } 9052 9053 TPM2B_CONTEXT_SENSITIVE Make_TPM2B_CONTEXT_SENSITIVE( 9054 const std::string& bytes) { 9055 TPM2B_CONTEXT_SENSITIVE tpm2b; 9056 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 9057 memset(&tpm2b, 0, sizeof(TPM2B_CONTEXT_SENSITIVE)); 9058 tpm2b.size = bytes.size(); 9059 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 9060 return tpm2b; 9061 } 9062 9063 std::string StringFrom_TPM2B_CONTEXT_SENSITIVE( 9064 const TPM2B_CONTEXT_SENSITIVE& tpm2b) { 9065 const char* char_buffer = reinterpret_cast<const char*>( 9066 tpm2b.buffer); 9067 return std::string(char_buffer, tpm2b.size); 9068 } 9069 9070 TPM_RC Serialize_TPMS_CONTEXT_DATA( 9071 const TPMS_CONTEXT_DATA& value, 9072 std::string* buffer) { 9073 TPM_RC result = TPM_RC_SUCCESS; 9074 VLOG(3) << __func__; 9075 9076 result = Serialize_TPM2B_DIGEST(value.integrity, buffer); 9077 if (result) { 9078 return result; 9079 } 9080 9081 result = Serialize_TPM2B_CONTEXT_SENSITIVE(value.encrypted, buffer); 9082 if (result) { 9083 return result; 9084 } 9085 return result; 9086 } 9087 9088 TPM_RC Parse_TPMS_CONTEXT_DATA( 9089 std::string* buffer, 9090 TPMS_CONTEXT_DATA* value, 9091 std::string* value_bytes) { 9092 TPM_RC result = TPM_RC_SUCCESS; 9093 VLOG(3) << __func__; 9094 9095 result = Parse_TPM2B_DIGEST( 9096 buffer, 9097 &value->integrity, 9098 value_bytes); 9099 if (result) { 9100 return result; 9101 } 9102 9103 result = Parse_TPM2B_CONTEXT_SENSITIVE( 9104 buffer, 9105 &value->encrypted, 9106 value_bytes); 9107 if (result) { 9108 return result; 9109 } 9110 return result; 9111 } 9112 9113 TPM_RC Serialize_TPM2B_CONTEXT_DATA( 9114 const TPM2B_CONTEXT_DATA& value, 9115 std::string* buffer) { 9116 TPM_RC result = TPM_RC_SUCCESS; 9117 VLOG(3) << __func__; 9118 9119 result = Serialize_UINT16(value.size, buffer); 9120 if (result) { 9121 return result; 9122 } 9123 9124 if (arraysize(value.buffer) < value.size) { 9125 return TPM_RC_INSUFFICIENT; 9126 } 9127 for (uint32_t i = 0; i < value.size; ++i) { 9128 result = Serialize_BYTE(value.buffer[i], buffer); 9129 if (result) { 9130 return result; 9131 } 9132 } 9133 return result; 9134 } 9135 9136 TPM_RC Parse_TPM2B_CONTEXT_DATA( 9137 std::string* buffer, 9138 TPM2B_CONTEXT_DATA* value, 9139 std::string* value_bytes) { 9140 TPM_RC result = TPM_RC_SUCCESS; 9141 VLOG(3) << __func__; 9142 9143 result = Parse_UINT16( 9144 buffer, 9145 &value->size, 9146 value_bytes); 9147 if (result) { 9148 return result; 9149 } 9150 9151 if (arraysize(value->buffer) < value->size) { 9152 return TPM_RC_INSUFFICIENT; 9153 } 9154 for (uint32_t i = 0; i < value->size; ++i) { 9155 result = Parse_BYTE( 9156 buffer, 9157 &value->buffer[i], 9158 value_bytes); 9159 if (result) { 9160 return result; 9161 } 9162 } 9163 return result; 9164 } 9165 9166 TPM2B_CONTEXT_DATA Make_TPM2B_CONTEXT_DATA( 9167 const std::string& bytes) { 9168 TPM2B_CONTEXT_DATA tpm2b; 9169 CHECK(bytes.size() <= sizeof(tpm2b.buffer)); 9170 memset(&tpm2b, 0, sizeof(TPM2B_CONTEXT_DATA)); 9171 tpm2b.size = bytes.size(); 9172 memcpy(tpm2b.buffer, bytes.data(), bytes.size()); 9173 return tpm2b; 9174 } 9175 9176 std::string StringFrom_TPM2B_CONTEXT_DATA( 9177 const TPM2B_CONTEXT_DATA& tpm2b) { 9178 const char* char_buffer = reinterpret_cast<const char*>( 9179 tpm2b.buffer); 9180 return std::string(char_buffer, tpm2b.size); 9181 } 9182 9183 TPM_RC Serialize_TPMS_CONTEXT( 9184 const TPMS_CONTEXT& value, 9185 std::string* buffer) { 9186 TPM_RC result = TPM_RC_SUCCESS; 9187 VLOG(3) << __func__; 9188 9189 result = Serialize_UINT64(value.sequence, buffer); 9190 if (result) { 9191 return result; 9192 } 9193 9194 result = Serialize_TPMI_DH_CONTEXT(value.saved_handle, buffer); 9195 if (result) { 9196 return result; 9197 } 9198 9199 result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer); 9200 if (result) { 9201 return result; 9202 } 9203 9204 result = Serialize_TPM2B_CONTEXT_DATA(value.context_blob, buffer); 9205 if (result) { 9206 return result; 9207 } 9208 return result; 9209 } 9210 9211 TPM_RC Parse_TPMS_CONTEXT( 9212 std::string* buffer, 9213 TPMS_CONTEXT* value, 9214 std::string* value_bytes) { 9215 TPM_RC result = TPM_RC_SUCCESS; 9216 VLOG(3) << __func__; 9217 9218 result = Parse_UINT64( 9219 buffer, 9220 &value->sequence, 9221 value_bytes); 9222 if (result) { 9223 return result; 9224 } 9225 9226 result = Parse_TPMI_DH_CONTEXT( 9227 buffer, 9228 &value->saved_handle, 9229 value_bytes); 9230 if (result) { 9231 return result; 9232 } 9233 9234 result = Parse_TPMI_RH_HIERARCHY( 9235 buffer, 9236 &value->hierarchy, 9237 value_bytes); 9238 if (result) { 9239 return result; 9240 } 9241 9242 result = Parse_TPM2B_CONTEXT_DATA( 9243 buffer, 9244 &value->context_blob, 9245 value_bytes); 9246 if (result) { 9247 return result; 9248 } 9249 return result; 9250 } 9251 9252 TPM_RC Serialize_TPMS_CREATION_DATA( 9253 const TPMS_CREATION_DATA& value, 9254 std::string* buffer) { 9255 TPM_RC result = TPM_RC_SUCCESS; 9256 VLOG(3) << __func__; 9257 9258 result = Serialize_TPML_PCR_SELECTION(value.pcr_select, buffer); 9259 if (result) { 9260 return result; 9261 } 9262 9263 result = Serialize_TPM2B_DIGEST(value.pcr_digest, buffer); 9264 if (result) { 9265 return result; 9266 } 9267 9268 result = Serialize_TPMA_LOCALITY(value.locality, buffer); 9269 if (result) { 9270 return result; 9271 } 9272 9273 result = Serialize_TPM_ALG_ID(value.parent_name_alg, buffer); 9274 if (result) { 9275 return result; 9276 } 9277 9278 result = Serialize_TPM2B_NAME(value.parent_name, buffer); 9279 if (result) { 9280 return result; 9281 } 9282 9283 result = Serialize_TPM2B_NAME(value.parent_qualified_name, buffer); 9284 if (result) { 9285 return result; 9286 } 9287 9288 result = Serialize_TPM2B_DATA(value.outside_info, buffer); 9289 if (result) { 9290 return result; 9291 } 9292 return result; 9293 } 9294 9295 TPM_RC Parse_TPMS_CREATION_DATA( 9296 std::string* buffer, 9297 TPMS_CREATION_DATA* value, 9298 std::string* value_bytes) { 9299 TPM_RC result = TPM_RC_SUCCESS; 9300 VLOG(3) << __func__; 9301 9302 result = Parse_TPML_PCR_SELECTION( 9303 buffer, 9304 &value->pcr_select, 9305 value_bytes); 9306 if (result) { 9307 return result; 9308 } 9309 9310 result = Parse_TPM2B_DIGEST( 9311 buffer, 9312 &value->pcr_digest, 9313 value_bytes); 9314 if (result) { 9315 return result; 9316 } 9317 9318 result = Parse_TPMA_LOCALITY( 9319 buffer, 9320 &value->locality, 9321 value_bytes); 9322 if (result) { 9323 return result; 9324 } 9325 9326 result = Parse_TPM_ALG_ID( 9327 buffer, 9328 &value->parent_name_alg, 9329 value_bytes); 9330 if (result) { 9331 return result; 9332 } 9333 9334 result = Parse_TPM2B_NAME( 9335 buffer, 9336 &value->parent_name, 9337 value_bytes); 9338 if (result) { 9339 return result; 9340 } 9341 9342 result = Parse_TPM2B_NAME( 9343 buffer, 9344 &value->parent_qualified_name, 9345 value_bytes); 9346 if (result) { 9347 return result; 9348 } 9349 9350 result = Parse_TPM2B_DATA( 9351 buffer, 9352 &value->outside_info, 9353 value_bytes); 9354 if (result) { 9355 return result; 9356 } 9357 return result; 9358 } 9359 9360 TPM_RC Serialize_TPM2B_CREATION_DATA( 9361 const TPM2B_CREATION_DATA& value, 9362 std::string* buffer) { 9363 TPM_RC result = TPM_RC_SUCCESS; 9364 VLOG(3) << __func__; 9365 9366 std::string field_bytes; 9367 result = Serialize_TPMS_CREATION_DATA(value.creation_data, &field_bytes); 9368 if (result) { 9369 return result; 9370 } 9371 std::string size_bytes; 9372 result = Serialize_UINT16(field_bytes.size(), &size_bytes); 9373 if (result) { 9374 return result; 9375 } 9376 buffer->append(size_bytes + field_bytes); 9377 return result; 9378 } 9379 9380 TPM_RC Parse_TPM2B_CREATION_DATA( 9381 std::string* buffer, 9382 TPM2B_CREATION_DATA* value, 9383 std::string* value_bytes) { 9384 TPM_RC result = TPM_RC_SUCCESS; 9385 VLOG(3) << __func__; 9386 9387 result = Parse_UINT16( 9388 buffer, 9389 &value->size, 9390 value_bytes); 9391 if (result) { 9392 return result; 9393 } 9394 9395 result = Parse_TPMS_CREATION_DATA( 9396 buffer, 9397 &value->creation_data, 9398 value_bytes); 9399 if (result) { 9400 return result; 9401 } 9402 return result; 9403 } 9404 9405 TPM2B_CREATION_DATA Make_TPM2B_CREATION_DATA( 9406 const TPMS_CREATION_DATA& inner) { 9407 TPM2B_CREATION_DATA tpm2b; 9408 tpm2b.size = sizeof(TPMS_CREATION_DATA); 9409 tpm2b.creation_data = inner; 9410 return tpm2b; 9411 } 9412 9413 TPM_RC Tpm::SerializeCommand_Startup( 9414 const TPM_SU& startup_type, 9415 std::string* serialized_command, 9416 AuthorizationDelegate* authorization_delegate) { 9417 VLOG(3) << __func__; 9418 TPM_RC rc = TPM_RC_SUCCESS; 9419 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 9420 UINT32 command_size = 10; // Header size. 9421 std::string handle_section_bytes; 9422 std::string parameter_section_bytes; 9423 TPM_CC command_code = TPM_CC_Startup; 9424 bool is_command_parameter_encryption_possible = false; 9425 bool is_response_parameter_encryption_possible = false; 9426 std::string command_code_bytes; 9427 rc = Serialize_TPM_CC( 9428 command_code, 9429 &command_code_bytes); 9430 if (rc != TPM_RC_SUCCESS) { 9431 return rc; 9432 } 9433 std::string startup_type_bytes; 9434 rc = Serialize_TPM_SU( 9435 startup_type, 9436 &startup_type_bytes); 9437 if (rc != TPM_RC_SUCCESS) { 9438 return rc; 9439 } 9440 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 9441 crypto::SecureHash::SHA256)); 9442 hash->Update(command_code_bytes.data(), 9443 command_code_bytes.size()); 9444 hash->Update(startup_type_bytes.data(), 9445 startup_type_bytes.size()); 9446 parameter_section_bytes += startup_type_bytes; 9447 command_size += startup_type_bytes.size(); 9448 std::string command_hash(32, 0); 9449 hash->Finish(string_as_array(&command_hash), command_hash.size()); 9450 std::string authorization_section_bytes; 9451 std::string authorization_size_bytes; 9452 if (authorization_delegate) { 9453 if (!authorization_delegate->GetCommandAuthorization( 9454 command_hash, 9455 is_command_parameter_encryption_possible, 9456 is_response_parameter_encryption_possible, 9457 &authorization_section_bytes)) { 9458 return TRUNKS_RC_AUTHORIZATION_FAILED; 9459 } 9460 if (!authorization_section_bytes.empty()) { 9461 tag = TPM_ST_SESSIONS; 9462 std::string tmp; 9463 rc = Serialize_UINT32(authorization_section_bytes.size(), 9464 &authorization_size_bytes); 9465 if (rc != TPM_RC_SUCCESS) { 9466 return rc; 9467 } 9468 command_size += authorization_size_bytes.size() + 9469 authorization_section_bytes.size(); 9470 } 9471 } 9472 std::string tag_bytes; 9473 rc = Serialize_TPMI_ST_COMMAND_TAG( 9474 tag, 9475 &tag_bytes); 9476 if (rc != TPM_RC_SUCCESS) { 9477 return rc; 9478 } 9479 std::string command_size_bytes; 9480 rc = Serialize_UINT32( 9481 command_size, 9482 &command_size_bytes); 9483 if (rc != TPM_RC_SUCCESS) { 9484 return rc; 9485 } 9486 *serialized_command = tag_bytes + 9487 command_size_bytes + 9488 command_code_bytes + 9489 handle_section_bytes + 9490 authorization_size_bytes + 9491 authorization_section_bytes + 9492 parameter_section_bytes; 9493 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 9494 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 9495 serialized_command->size()); 9496 return TPM_RC_SUCCESS; 9497 } 9498 9499 TPM_RC Tpm::ParseResponse_Startup( 9500 const std::string& response, 9501 AuthorizationDelegate* authorization_delegate) { 9502 VLOG(3) << __func__; 9503 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 9504 TPM_RC rc = TPM_RC_SUCCESS; 9505 std::string buffer(response); 9506 TPM_ST tag; 9507 std::string tag_bytes; 9508 rc = Parse_TPM_ST( 9509 &buffer, 9510 &tag, 9511 &tag_bytes); 9512 if (rc != TPM_RC_SUCCESS) { 9513 return rc; 9514 } 9515 UINT32 response_size; 9516 std::string response_size_bytes; 9517 rc = Parse_UINT32( 9518 &buffer, 9519 &response_size, 9520 &response_size_bytes); 9521 if (rc != TPM_RC_SUCCESS) { 9522 return rc; 9523 } 9524 TPM_RC response_code; 9525 std::string response_code_bytes; 9526 rc = Parse_TPM_RC( 9527 &buffer, 9528 &response_code, 9529 &response_code_bytes); 9530 if (rc != TPM_RC_SUCCESS) { 9531 return rc; 9532 } 9533 if (response_size != response.size()) { 9534 return TPM_RC_SIZE; 9535 } 9536 if (response_code != TPM_RC_SUCCESS) { 9537 return response_code; 9538 } 9539 TPM_CC command_code = TPM_CC_Startup; 9540 std::string command_code_bytes; 9541 rc = Serialize_TPM_CC( 9542 command_code, 9543 &command_code_bytes); 9544 if (rc != TPM_RC_SUCCESS) { 9545 return rc; 9546 } 9547 std::string authorization_section_bytes; 9548 if (tag == TPM_ST_SESSIONS) { 9549 UINT32 parameter_section_size = buffer.size(); 9550 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 9551 if (rc != TPM_RC_SUCCESS) { 9552 return rc; 9553 } 9554 if (parameter_section_size > buffer.size()) { 9555 return TPM_RC_INSUFFICIENT; 9556 } 9557 authorization_section_bytes = buffer.substr(parameter_section_size); 9558 // Keep the parameter section in |buffer|. 9559 buffer.erase(parameter_section_size); 9560 } 9561 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 9562 crypto::SecureHash::SHA256)); 9563 hash->Update(response_code_bytes.data(), 9564 response_code_bytes.size()); 9565 hash->Update(command_code_bytes.data(), 9566 command_code_bytes.size()); 9567 hash->Update(buffer.data(), 9568 buffer.size()); 9569 std::string response_hash(32, 0); 9570 hash->Finish(string_as_array(&response_hash), response_hash.size()); 9571 if (tag == TPM_ST_SESSIONS) { 9572 CHECK(authorization_delegate) << "Authorization delegate missing!"; 9573 if (!authorization_delegate->CheckResponseAuthorization( 9574 response_hash, 9575 authorization_section_bytes)) { 9576 return TRUNKS_RC_AUTHORIZATION_FAILED; 9577 } 9578 } 9579 return TPM_RC_SUCCESS; 9580 } 9581 9582 void StartupErrorCallback( 9583 const Tpm::StartupResponse& callback, 9584 TPM_RC response_code) { 9585 VLOG(1) << __func__; 9586 callback.Run(response_code); 9587 } 9588 9589 void StartupResponseParser( 9590 const Tpm::StartupResponse& callback, 9591 AuthorizationDelegate* authorization_delegate, 9592 const std::string& response) { 9593 VLOG(1) << __func__; 9594 base::Callback<void(TPM_RC)> error_reporter = 9595 base::Bind(StartupErrorCallback, callback); 9596 TPM_RC rc = Tpm::ParseResponse_Startup( 9597 response, 9598 authorization_delegate); 9599 if (rc != TPM_RC_SUCCESS) { 9600 error_reporter.Run(rc); 9601 return; 9602 } 9603 callback.Run( 9604 rc); 9605 } 9606 9607 void Tpm::Startup( 9608 const TPM_SU& startup_type, 9609 AuthorizationDelegate* authorization_delegate, 9610 const StartupResponse& callback) { 9611 VLOG(1) << __func__; 9612 base::Callback<void(TPM_RC)> error_reporter = 9613 base::Bind(StartupErrorCallback, callback); 9614 base::Callback<void(const std::string&)> parser = 9615 base::Bind(StartupResponseParser, 9616 callback, 9617 authorization_delegate); 9618 std::string command; 9619 TPM_RC rc = SerializeCommand_Startup( 9620 startup_type, 9621 &command, 9622 authorization_delegate); 9623 if (rc != TPM_RC_SUCCESS) { 9624 error_reporter.Run(rc); 9625 return; 9626 } 9627 transceiver_->SendCommand(command, parser); 9628 } 9629 9630 TPM_RC Tpm::StartupSync( 9631 const TPM_SU& startup_type, 9632 AuthorizationDelegate* authorization_delegate) { 9633 VLOG(1) << __func__; 9634 std::string command; 9635 TPM_RC rc = SerializeCommand_Startup( 9636 startup_type, 9637 &command, 9638 authorization_delegate); 9639 if (rc != TPM_RC_SUCCESS) { 9640 return rc; 9641 } 9642 std::string response = transceiver_->SendCommandAndWait(command); 9643 rc = ParseResponse_Startup( 9644 response, 9645 authorization_delegate); 9646 return rc; 9647 } 9648 9649 TPM_RC Tpm::SerializeCommand_Shutdown( 9650 const TPM_SU& shutdown_type, 9651 std::string* serialized_command, 9652 AuthorizationDelegate* authorization_delegate) { 9653 VLOG(3) << __func__; 9654 TPM_RC rc = TPM_RC_SUCCESS; 9655 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 9656 UINT32 command_size = 10; // Header size. 9657 std::string handle_section_bytes; 9658 std::string parameter_section_bytes; 9659 TPM_CC command_code = TPM_CC_Shutdown; 9660 bool is_command_parameter_encryption_possible = false; 9661 bool is_response_parameter_encryption_possible = false; 9662 std::string command_code_bytes; 9663 rc = Serialize_TPM_CC( 9664 command_code, 9665 &command_code_bytes); 9666 if (rc != TPM_RC_SUCCESS) { 9667 return rc; 9668 } 9669 std::string shutdown_type_bytes; 9670 rc = Serialize_TPM_SU( 9671 shutdown_type, 9672 &shutdown_type_bytes); 9673 if (rc != TPM_RC_SUCCESS) { 9674 return rc; 9675 } 9676 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 9677 crypto::SecureHash::SHA256)); 9678 hash->Update(command_code_bytes.data(), 9679 command_code_bytes.size()); 9680 hash->Update(shutdown_type_bytes.data(), 9681 shutdown_type_bytes.size()); 9682 parameter_section_bytes += shutdown_type_bytes; 9683 command_size += shutdown_type_bytes.size(); 9684 std::string command_hash(32, 0); 9685 hash->Finish(string_as_array(&command_hash), command_hash.size()); 9686 std::string authorization_section_bytes; 9687 std::string authorization_size_bytes; 9688 if (authorization_delegate) { 9689 if (!authorization_delegate->GetCommandAuthorization( 9690 command_hash, 9691 is_command_parameter_encryption_possible, 9692 is_response_parameter_encryption_possible, 9693 &authorization_section_bytes)) { 9694 return TRUNKS_RC_AUTHORIZATION_FAILED; 9695 } 9696 if (!authorization_section_bytes.empty()) { 9697 tag = TPM_ST_SESSIONS; 9698 std::string tmp; 9699 rc = Serialize_UINT32(authorization_section_bytes.size(), 9700 &authorization_size_bytes); 9701 if (rc != TPM_RC_SUCCESS) { 9702 return rc; 9703 } 9704 command_size += authorization_size_bytes.size() + 9705 authorization_section_bytes.size(); 9706 } 9707 } 9708 std::string tag_bytes; 9709 rc = Serialize_TPMI_ST_COMMAND_TAG( 9710 tag, 9711 &tag_bytes); 9712 if (rc != TPM_RC_SUCCESS) { 9713 return rc; 9714 } 9715 std::string command_size_bytes; 9716 rc = Serialize_UINT32( 9717 command_size, 9718 &command_size_bytes); 9719 if (rc != TPM_RC_SUCCESS) { 9720 return rc; 9721 } 9722 *serialized_command = tag_bytes + 9723 command_size_bytes + 9724 command_code_bytes + 9725 handle_section_bytes + 9726 authorization_size_bytes + 9727 authorization_section_bytes + 9728 parameter_section_bytes; 9729 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 9730 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 9731 serialized_command->size()); 9732 return TPM_RC_SUCCESS; 9733 } 9734 9735 TPM_RC Tpm::ParseResponse_Shutdown( 9736 const std::string& response, 9737 AuthorizationDelegate* authorization_delegate) { 9738 VLOG(3) << __func__; 9739 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 9740 TPM_RC rc = TPM_RC_SUCCESS; 9741 std::string buffer(response); 9742 TPM_ST tag; 9743 std::string tag_bytes; 9744 rc = Parse_TPM_ST( 9745 &buffer, 9746 &tag, 9747 &tag_bytes); 9748 if (rc != TPM_RC_SUCCESS) { 9749 return rc; 9750 } 9751 UINT32 response_size; 9752 std::string response_size_bytes; 9753 rc = Parse_UINT32( 9754 &buffer, 9755 &response_size, 9756 &response_size_bytes); 9757 if (rc != TPM_RC_SUCCESS) { 9758 return rc; 9759 } 9760 TPM_RC response_code; 9761 std::string response_code_bytes; 9762 rc = Parse_TPM_RC( 9763 &buffer, 9764 &response_code, 9765 &response_code_bytes); 9766 if (rc != TPM_RC_SUCCESS) { 9767 return rc; 9768 } 9769 if (response_size != response.size()) { 9770 return TPM_RC_SIZE; 9771 } 9772 if (response_code != TPM_RC_SUCCESS) { 9773 return response_code; 9774 } 9775 TPM_CC command_code = TPM_CC_Shutdown; 9776 std::string command_code_bytes; 9777 rc = Serialize_TPM_CC( 9778 command_code, 9779 &command_code_bytes); 9780 if (rc != TPM_RC_SUCCESS) { 9781 return rc; 9782 } 9783 std::string authorization_section_bytes; 9784 if (tag == TPM_ST_SESSIONS) { 9785 UINT32 parameter_section_size = buffer.size(); 9786 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 9787 if (rc != TPM_RC_SUCCESS) { 9788 return rc; 9789 } 9790 if (parameter_section_size > buffer.size()) { 9791 return TPM_RC_INSUFFICIENT; 9792 } 9793 authorization_section_bytes = buffer.substr(parameter_section_size); 9794 // Keep the parameter section in |buffer|. 9795 buffer.erase(parameter_section_size); 9796 } 9797 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 9798 crypto::SecureHash::SHA256)); 9799 hash->Update(response_code_bytes.data(), 9800 response_code_bytes.size()); 9801 hash->Update(command_code_bytes.data(), 9802 command_code_bytes.size()); 9803 hash->Update(buffer.data(), 9804 buffer.size()); 9805 std::string response_hash(32, 0); 9806 hash->Finish(string_as_array(&response_hash), response_hash.size()); 9807 if (tag == TPM_ST_SESSIONS) { 9808 CHECK(authorization_delegate) << "Authorization delegate missing!"; 9809 if (!authorization_delegate->CheckResponseAuthorization( 9810 response_hash, 9811 authorization_section_bytes)) { 9812 return TRUNKS_RC_AUTHORIZATION_FAILED; 9813 } 9814 } 9815 return TPM_RC_SUCCESS; 9816 } 9817 9818 void ShutdownErrorCallback( 9819 const Tpm::ShutdownResponse& callback, 9820 TPM_RC response_code) { 9821 VLOG(1) << __func__; 9822 callback.Run(response_code); 9823 } 9824 9825 void ShutdownResponseParser( 9826 const Tpm::ShutdownResponse& callback, 9827 AuthorizationDelegate* authorization_delegate, 9828 const std::string& response) { 9829 VLOG(1) << __func__; 9830 base::Callback<void(TPM_RC)> error_reporter = 9831 base::Bind(ShutdownErrorCallback, callback); 9832 TPM_RC rc = Tpm::ParseResponse_Shutdown( 9833 response, 9834 authorization_delegate); 9835 if (rc != TPM_RC_SUCCESS) { 9836 error_reporter.Run(rc); 9837 return; 9838 } 9839 callback.Run( 9840 rc); 9841 } 9842 9843 void Tpm::Shutdown( 9844 const TPM_SU& shutdown_type, 9845 AuthorizationDelegate* authorization_delegate, 9846 const ShutdownResponse& callback) { 9847 VLOG(1) << __func__; 9848 base::Callback<void(TPM_RC)> error_reporter = 9849 base::Bind(ShutdownErrorCallback, callback); 9850 base::Callback<void(const std::string&)> parser = 9851 base::Bind(ShutdownResponseParser, 9852 callback, 9853 authorization_delegate); 9854 std::string command; 9855 TPM_RC rc = SerializeCommand_Shutdown( 9856 shutdown_type, 9857 &command, 9858 authorization_delegate); 9859 if (rc != TPM_RC_SUCCESS) { 9860 error_reporter.Run(rc); 9861 return; 9862 } 9863 transceiver_->SendCommand(command, parser); 9864 } 9865 9866 TPM_RC Tpm::ShutdownSync( 9867 const TPM_SU& shutdown_type, 9868 AuthorizationDelegate* authorization_delegate) { 9869 VLOG(1) << __func__; 9870 std::string command; 9871 TPM_RC rc = SerializeCommand_Shutdown( 9872 shutdown_type, 9873 &command, 9874 authorization_delegate); 9875 if (rc != TPM_RC_SUCCESS) { 9876 return rc; 9877 } 9878 std::string response = transceiver_->SendCommandAndWait(command); 9879 rc = ParseResponse_Shutdown( 9880 response, 9881 authorization_delegate); 9882 return rc; 9883 } 9884 9885 TPM_RC Tpm::SerializeCommand_SelfTest( 9886 const TPMI_YES_NO& full_test, 9887 std::string* serialized_command, 9888 AuthorizationDelegate* authorization_delegate) { 9889 VLOG(3) << __func__; 9890 TPM_RC rc = TPM_RC_SUCCESS; 9891 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 9892 UINT32 command_size = 10; // Header size. 9893 std::string handle_section_bytes; 9894 std::string parameter_section_bytes; 9895 TPM_CC command_code = TPM_CC_SelfTest; 9896 bool is_command_parameter_encryption_possible = false; 9897 bool is_response_parameter_encryption_possible = false; 9898 std::string command_code_bytes; 9899 rc = Serialize_TPM_CC( 9900 command_code, 9901 &command_code_bytes); 9902 if (rc != TPM_RC_SUCCESS) { 9903 return rc; 9904 } 9905 std::string full_test_bytes; 9906 rc = Serialize_TPMI_YES_NO( 9907 full_test, 9908 &full_test_bytes); 9909 if (rc != TPM_RC_SUCCESS) { 9910 return rc; 9911 } 9912 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 9913 crypto::SecureHash::SHA256)); 9914 hash->Update(command_code_bytes.data(), 9915 command_code_bytes.size()); 9916 hash->Update(full_test_bytes.data(), 9917 full_test_bytes.size()); 9918 parameter_section_bytes += full_test_bytes; 9919 command_size += full_test_bytes.size(); 9920 std::string command_hash(32, 0); 9921 hash->Finish(string_as_array(&command_hash), command_hash.size()); 9922 std::string authorization_section_bytes; 9923 std::string authorization_size_bytes; 9924 if (authorization_delegate) { 9925 if (!authorization_delegate->GetCommandAuthorization( 9926 command_hash, 9927 is_command_parameter_encryption_possible, 9928 is_response_parameter_encryption_possible, 9929 &authorization_section_bytes)) { 9930 return TRUNKS_RC_AUTHORIZATION_FAILED; 9931 } 9932 if (!authorization_section_bytes.empty()) { 9933 tag = TPM_ST_SESSIONS; 9934 std::string tmp; 9935 rc = Serialize_UINT32(authorization_section_bytes.size(), 9936 &authorization_size_bytes); 9937 if (rc != TPM_RC_SUCCESS) { 9938 return rc; 9939 } 9940 command_size += authorization_size_bytes.size() + 9941 authorization_section_bytes.size(); 9942 } 9943 } 9944 std::string tag_bytes; 9945 rc = Serialize_TPMI_ST_COMMAND_TAG( 9946 tag, 9947 &tag_bytes); 9948 if (rc != TPM_RC_SUCCESS) { 9949 return rc; 9950 } 9951 std::string command_size_bytes; 9952 rc = Serialize_UINT32( 9953 command_size, 9954 &command_size_bytes); 9955 if (rc != TPM_RC_SUCCESS) { 9956 return rc; 9957 } 9958 *serialized_command = tag_bytes + 9959 command_size_bytes + 9960 command_code_bytes + 9961 handle_section_bytes + 9962 authorization_size_bytes + 9963 authorization_section_bytes + 9964 parameter_section_bytes; 9965 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 9966 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 9967 serialized_command->size()); 9968 return TPM_RC_SUCCESS; 9969 } 9970 9971 TPM_RC Tpm::ParseResponse_SelfTest( 9972 const std::string& response, 9973 AuthorizationDelegate* authorization_delegate) { 9974 VLOG(3) << __func__; 9975 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 9976 TPM_RC rc = TPM_RC_SUCCESS; 9977 std::string buffer(response); 9978 TPM_ST tag; 9979 std::string tag_bytes; 9980 rc = Parse_TPM_ST( 9981 &buffer, 9982 &tag, 9983 &tag_bytes); 9984 if (rc != TPM_RC_SUCCESS) { 9985 return rc; 9986 } 9987 UINT32 response_size; 9988 std::string response_size_bytes; 9989 rc = Parse_UINT32( 9990 &buffer, 9991 &response_size, 9992 &response_size_bytes); 9993 if (rc != TPM_RC_SUCCESS) { 9994 return rc; 9995 } 9996 TPM_RC response_code; 9997 std::string response_code_bytes; 9998 rc = Parse_TPM_RC( 9999 &buffer, 10000 &response_code, 10001 &response_code_bytes); 10002 if (rc != TPM_RC_SUCCESS) { 10003 return rc; 10004 } 10005 if (response_size != response.size()) { 10006 return TPM_RC_SIZE; 10007 } 10008 if (response_code != TPM_RC_SUCCESS) { 10009 return response_code; 10010 } 10011 TPM_CC command_code = TPM_CC_SelfTest; 10012 std::string command_code_bytes; 10013 rc = Serialize_TPM_CC( 10014 command_code, 10015 &command_code_bytes); 10016 if (rc != TPM_RC_SUCCESS) { 10017 return rc; 10018 } 10019 std::string authorization_section_bytes; 10020 if (tag == TPM_ST_SESSIONS) { 10021 UINT32 parameter_section_size = buffer.size(); 10022 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 10023 if (rc != TPM_RC_SUCCESS) { 10024 return rc; 10025 } 10026 if (parameter_section_size > buffer.size()) { 10027 return TPM_RC_INSUFFICIENT; 10028 } 10029 authorization_section_bytes = buffer.substr(parameter_section_size); 10030 // Keep the parameter section in |buffer|. 10031 buffer.erase(parameter_section_size); 10032 } 10033 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 10034 crypto::SecureHash::SHA256)); 10035 hash->Update(response_code_bytes.data(), 10036 response_code_bytes.size()); 10037 hash->Update(command_code_bytes.data(), 10038 command_code_bytes.size()); 10039 hash->Update(buffer.data(), 10040 buffer.size()); 10041 std::string response_hash(32, 0); 10042 hash->Finish(string_as_array(&response_hash), response_hash.size()); 10043 if (tag == TPM_ST_SESSIONS) { 10044 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10045 if (!authorization_delegate->CheckResponseAuthorization( 10046 response_hash, 10047 authorization_section_bytes)) { 10048 return TRUNKS_RC_AUTHORIZATION_FAILED; 10049 } 10050 } 10051 return TPM_RC_SUCCESS; 10052 } 10053 10054 void SelfTestErrorCallback( 10055 const Tpm::SelfTestResponse& callback, 10056 TPM_RC response_code) { 10057 VLOG(1) << __func__; 10058 callback.Run(response_code); 10059 } 10060 10061 void SelfTestResponseParser( 10062 const Tpm::SelfTestResponse& callback, 10063 AuthorizationDelegate* authorization_delegate, 10064 const std::string& response) { 10065 VLOG(1) << __func__; 10066 base::Callback<void(TPM_RC)> error_reporter = 10067 base::Bind(SelfTestErrorCallback, callback); 10068 TPM_RC rc = Tpm::ParseResponse_SelfTest( 10069 response, 10070 authorization_delegate); 10071 if (rc != TPM_RC_SUCCESS) { 10072 error_reporter.Run(rc); 10073 return; 10074 } 10075 callback.Run( 10076 rc); 10077 } 10078 10079 void Tpm::SelfTest( 10080 const TPMI_YES_NO& full_test, 10081 AuthorizationDelegate* authorization_delegate, 10082 const SelfTestResponse& callback) { 10083 VLOG(1) << __func__; 10084 base::Callback<void(TPM_RC)> error_reporter = 10085 base::Bind(SelfTestErrorCallback, callback); 10086 base::Callback<void(const std::string&)> parser = 10087 base::Bind(SelfTestResponseParser, 10088 callback, 10089 authorization_delegate); 10090 std::string command; 10091 TPM_RC rc = SerializeCommand_SelfTest( 10092 full_test, 10093 &command, 10094 authorization_delegate); 10095 if (rc != TPM_RC_SUCCESS) { 10096 error_reporter.Run(rc); 10097 return; 10098 } 10099 transceiver_->SendCommand(command, parser); 10100 } 10101 10102 TPM_RC Tpm::SelfTestSync( 10103 const TPMI_YES_NO& full_test, 10104 AuthorizationDelegate* authorization_delegate) { 10105 VLOG(1) << __func__; 10106 std::string command; 10107 TPM_RC rc = SerializeCommand_SelfTest( 10108 full_test, 10109 &command, 10110 authorization_delegate); 10111 if (rc != TPM_RC_SUCCESS) { 10112 return rc; 10113 } 10114 std::string response = transceiver_->SendCommandAndWait(command); 10115 rc = ParseResponse_SelfTest( 10116 response, 10117 authorization_delegate); 10118 return rc; 10119 } 10120 10121 TPM_RC Tpm::SerializeCommand_IncrementalSelfTest( 10122 const TPML_ALG& to_test, 10123 std::string* serialized_command, 10124 AuthorizationDelegate* authorization_delegate) { 10125 VLOG(3) << __func__; 10126 TPM_RC rc = TPM_RC_SUCCESS; 10127 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 10128 UINT32 command_size = 10; // Header size. 10129 std::string handle_section_bytes; 10130 std::string parameter_section_bytes; 10131 TPM_CC command_code = TPM_CC_IncrementalSelfTest; 10132 bool is_command_parameter_encryption_possible = false; 10133 bool is_response_parameter_encryption_possible = false; 10134 std::string command_code_bytes; 10135 rc = Serialize_TPM_CC( 10136 command_code, 10137 &command_code_bytes); 10138 if (rc != TPM_RC_SUCCESS) { 10139 return rc; 10140 } 10141 std::string to_test_bytes; 10142 rc = Serialize_TPML_ALG( 10143 to_test, 10144 &to_test_bytes); 10145 if (rc != TPM_RC_SUCCESS) { 10146 return rc; 10147 } 10148 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 10149 crypto::SecureHash::SHA256)); 10150 hash->Update(command_code_bytes.data(), 10151 command_code_bytes.size()); 10152 hash->Update(to_test_bytes.data(), 10153 to_test_bytes.size()); 10154 parameter_section_bytes += to_test_bytes; 10155 command_size += to_test_bytes.size(); 10156 std::string command_hash(32, 0); 10157 hash->Finish(string_as_array(&command_hash), command_hash.size()); 10158 std::string authorization_section_bytes; 10159 std::string authorization_size_bytes; 10160 if (authorization_delegate) { 10161 if (!authorization_delegate->GetCommandAuthorization( 10162 command_hash, 10163 is_command_parameter_encryption_possible, 10164 is_response_parameter_encryption_possible, 10165 &authorization_section_bytes)) { 10166 return TRUNKS_RC_AUTHORIZATION_FAILED; 10167 } 10168 if (!authorization_section_bytes.empty()) { 10169 tag = TPM_ST_SESSIONS; 10170 std::string tmp; 10171 rc = Serialize_UINT32(authorization_section_bytes.size(), 10172 &authorization_size_bytes); 10173 if (rc != TPM_RC_SUCCESS) { 10174 return rc; 10175 } 10176 command_size += authorization_size_bytes.size() + 10177 authorization_section_bytes.size(); 10178 } 10179 } 10180 std::string tag_bytes; 10181 rc = Serialize_TPMI_ST_COMMAND_TAG( 10182 tag, 10183 &tag_bytes); 10184 if (rc != TPM_RC_SUCCESS) { 10185 return rc; 10186 } 10187 std::string command_size_bytes; 10188 rc = Serialize_UINT32( 10189 command_size, 10190 &command_size_bytes); 10191 if (rc != TPM_RC_SUCCESS) { 10192 return rc; 10193 } 10194 *serialized_command = tag_bytes + 10195 command_size_bytes + 10196 command_code_bytes + 10197 handle_section_bytes + 10198 authorization_size_bytes + 10199 authorization_section_bytes + 10200 parameter_section_bytes; 10201 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 10202 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 10203 serialized_command->size()); 10204 return TPM_RC_SUCCESS; 10205 } 10206 10207 TPM_RC Tpm::ParseResponse_IncrementalSelfTest( 10208 const std::string& response, 10209 TPML_ALG* to_do_list, 10210 AuthorizationDelegate* authorization_delegate) { 10211 VLOG(3) << __func__; 10212 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 10213 TPM_RC rc = TPM_RC_SUCCESS; 10214 std::string buffer(response); 10215 TPM_ST tag; 10216 std::string tag_bytes; 10217 rc = Parse_TPM_ST( 10218 &buffer, 10219 &tag, 10220 &tag_bytes); 10221 if (rc != TPM_RC_SUCCESS) { 10222 return rc; 10223 } 10224 UINT32 response_size; 10225 std::string response_size_bytes; 10226 rc = Parse_UINT32( 10227 &buffer, 10228 &response_size, 10229 &response_size_bytes); 10230 if (rc != TPM_RC_SUCCESS) { 10231 return rc; 10232 } 10233 TPM_RC response_code; 10234 std::string response_code_bytes; 10235 rc = Parse_TPM_RC( 10236 &buffer, 10237 &response_code, 10238 &response_code_bytes); 10239 if (rc != TPM_RC_SUCCESS) { 10240 return rc; 10241 } 10242 if (response_size != response.size()) { 10243 return TPM_RC_SIZE; 10244 } 10245 if (response_code != TPM_RC_SUCCESS) { 10246 return response_code; 10247 } 10248 TPM_CC command_code = TPM_CC_IncrementalSelfTest; 10249 std::string command_code_bytes; 10250 rc = Serialize_TPM_CC( 10251 command_code, 10252 &command_code_bytes); 10253 if (rc != TPM_RC_SUCCESS) { 10254 return rc; 10255 } 10256 std::string authorization_section_bytes; 10257 if (tag == TPM_ST_SESSIONS) { 10258 UINT32 parameter_section_size = buffer.size(); 10259 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 10260 if (rc != TPM_RC_SUCCESS) { 10261 return rc; 10262 } 10263 if (parameter_section_size > buffer.size()) { 10264 return TPM_RC_INSUFFICIENT; 10265 } 10266 authorization_section_bytes = buffer.substr(parameter_section_size); 10267 // Keep the parameter section in |buffer|. 10268 buffer.erase(parameter_section_size); 10269 } 10270 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 10271 crypto::SecureHash::SHA256)); 10272 hash->Update(response_code_bytes.data(), 10273 response_code_bytes.size()); 10274 hash->Update(command_code_bytes.data(), 10275 command_code_bytes.size()); 10276 hash->Update(buffer.data(), 10277 buffer.size()); 10278 std::string response_hash(32, 0); 10279 hash->Finish(string_as_array(&response_hash), response_hash.size()); 10280 if (tag == TPM_ST_SESSIONS) { 10281 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10282 if (!authorization_delegate->CheckResponseAuthorization( 10283 response_hash, 10284 authorization_section_bytes)) { 10285 return TRUNKS_RC_AUTHORIZATION_FAILED; 10286 } 10287 } 10288 std::string to_do_list_bytes; 10289 rc = Parse_TPML_ALG( 10290 &buffer, 10291 to_do_list, 10292 &to_do_list_bytes); 10293 if (rc != TPM_RC_SUCCESS) { 10294 return rc; 10295 } 10296 return TPM_RC_SUCCESS; 10297 } 10298 10299 void IncrementalSelfTestErrorCallback( 10300 const Tpm::IncrementalSelfTestResponse& callback, 10301 TPM_RC response_code) { 10302 VLOG(1) << __func__; 10303 callback.Run(response_code, 10304 TPML_ALG()); 10305 } 10306 10307 void IncrementalSelfTestResponseParser( 10308 const Tpm::IncrementalSelfTestResponse& callback, 10309 AuthorizationDelegate* authorization_delegate, 10310 const std::string& response) { 10311 VLOG(1) << __func__; 10312 base::Callback<void(TPM_RC)> error_reporter = 10313 base::Bind(IncrementalSelfTestErrorCallback, callback); 10314 TPML_ALG to_do_list; 10315 TPM_RC rc = Tpm::ParseResponse_IncrementalSelfTest( 10316 response, 10317 &to_do_list, 10318 authorization_delegate); 10319 if (rc != TPM_RC_SUCCESS) { 10320 error_reporter.Run(rc); 10321 return; 10322 } 10323 callback.Run( 10324 rc, 10325 to_do_list); 10326 } 10327 10328 void Tpm::IncrementalSelfTest( 10329 const TPML_ALG& to_test, 10330 AuthorizationDelegate* authorization_delegate, 10331 const IncrementalSelfTestResponse& callback) { 10332 VLOG(1) << __func__; 10333 base::Callback<void(TPM_RC)> error_reporter = 10334 base::Bind(IncrementalSelfTestErrorCallback, callback); 10335 base::Callback<void(const std::string&)> parser = 10336 base::Bind(IncrementalSelfTestResponseParser, 10337 callback, 10338 authorization_delegate); 10339 std::string command; 10340 TPM_RC rc = SerializeCommand_IncrementalSelfTest( 10341 to_test, 10342 &command, 10343 authorization_delegate); 10344 if (rc != TPM_RC_SUCCESS) { 10345 error_reporter.Run(rc); 10346 return; 10347 } 10348 transceiver_->SendCommand(command, parser); 10349 } 10350 10351 TPM_RC Tpm::IncrementalSelfTestSync( 10352 const TPML_ALG& to_test, 10353 TPML_ALG* to_do_list, 10354 AuthorizationDelegate* authorization_delegate) { 10355 VLOG(1) << __func__; 10356 std::string command; 10357 TPM_RC rc = SerializeCommand_IncrementalSelfTest( 10358 to_test, 10359 &command, 10360 authorization_delegate); 10361 if (rc != TPM_RC_SUCCESS) { 10362 return rc; 10363 } 10364 std::string response = transceiver_->SendCommandAndWait(command); 10365 rc = ParseResponse_IncrementalSelfTest( 10366 response, 10367 to_do_list, 10368 authorization_delegate); 10369 return rc; 10370 } 10371 10372 TPM_RC Tpm::SerializeCommand_GetTestResult( 10373 std::string* serialized_command, 10374 AuthorizationDelegate* authorization_delegate) { 10375 VLOG(3) << __func__; 10376 TPM_RC rc = TPM_RC_SUCCESS; 10377 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 10378 UINT32 command_size = 10; // Header size. 10379 std::string handle_section_bytes; 10380 std::string parameter_section_bytes; 10381 TPM_CC command_code = TPM_CC_GetTestResult; 10382 bool is_command_parameter_encryption_possible = false; 10383 bool is_response_parameter_encryption_possible = true; 10384 std::string command_code_bytes; 10385 rc = Serialize_TPM_CC( 10386 command_code, 10387 &command_code_bytes); 10388 if (rc != TPM_RC_SUCCESS) { 10389 return rc; 10390 } 10391 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 10392 crypto::SecureHash::SHA256)); 10393 hash->Update(command_code_bytes.data(), 10394 command_code_bytes.size()); 10395 std::string command_hash(32, 0); 10396 hash->Finish(string_as_array(&command_hash), command_hash.size()); 10397 std::string authorization_section_bytes; 10398 std::string authorization_size_bytes; 10399 if (authorization_delegate) { 10400 if (!authorization_delegate->GetCommandAuthorization( 10401 command_hash, 10402 is_command_parameter_encryption_possible, 10403 is_response_parameter_encryption_possible, 10404 &authorization_section_bytes)) { 10405 return TRUNKS_RC_AUTHORIZATION_FAILED; 10406 } 10407 if (!authorization_section_bytes.empty()) { 10408 tag = TPM_ST_SESSIONS; 10409 std::string tmp; 10410 rc = Serialize_UINT32(authorization_section_bytes.size(), 10411 &authorization_size_bytes); 10412 if (rc != TPM_RC_SUCCESS) { 10413 return rc; 10414 } 10415 command_size += authorization_size_bytes.size() + 10416 authorization_section_bytes.size(); 10417 } 10418 } 10419 std::string tag_bytes; 10420 rc = Serialize_TPMI_ST_COMMAND_TAG( 10421 tag, 10422 &tag_bytes); 10423 if (rc != TPM_RC_SUCCESS) { 10424 return rc; 10425 } 10426 std::string command_size_bytes; 10427 rc = Serialize_UINT32( 10428 command_size, 10429 &command_size_bytes); 10430 if (rc != TPM_RC_SUCCESS) { 10431 return rc; 10432 } 10433 *serialized_command = tag_bytes + 10434 command_size_bytes + 10435 command_code_bytes + 10436 handle_section_bytes + 10437 authorization_size_bytes + 10438 authorization_section_bytes + 10439 parameter_section_bytes; 10440 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 10441 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 10442 serialized_command->size()); 10443 return TPM_RC_SUCCESS; 10444 } 10445 10446 TPM_RC Tpm::ParseResponse_GetTestResult( 10447 const std::string& response, 10448 TPM2B_MAX_BUFFER* out_data, 10449 TPM_RC* test_result, 10450 AuthorizationDelegate* authorization_delegate) { 10451 VLOG(3) << __func__; 10452 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 10453 TPM_RC rc = TPM_RC_SUCCESS; 10454 std::string buffer(response); 10455 TPM_ST tag; 10456 std::string tag_bytes; 10457 rc = Parse_TPM_ST( 10458 &buffer, 10459 &tag, 10460 &tag_bytes); 10461 if (rc != TPM_RC_SUCCESS) { 10462 return rc; 10463 } 10464 UINT32 response_size; 10465 std::string response_size_bytes; 10466 rc = Parse_UINT32( 10467 &buffer, 10468 &response_size, 10469 &response_size_bytes); 10470 if (rc != TPM_RC_SUCCESS) { 10471 return rc; 10472 } 10473 TPM_RC response_code; 10474 std::string response_code_bytes; 10475 rc = Parse_TPM_RC( 10476 &buffer, 10477 &response_code, 10478 &response_code_bytes); 10479 if (rc != TPM_RC_SUCCESS) { 10480 return rc; 10481 } 10482 if (response_size != response.size()) { 10483 return TPM_RC_SIZE; 10484 } 10485 if (response_code != TPM_RC_SUCCESS) { 10486 return response_code; 10487 } 10488 TPM_CC command_code = TPM_CC_GetTestResult; 10489 std::string command_code_bytes; 10490 rc = Serialize_TPM_CC( 10491 command_code, 10492 &command_code_bytes); 10493 if (rc != TPM_RC_SUCCESS) { 10494 return rc; 10495 } 10496 std::string authorization_section_bytes; 10497 if (tag == TPM_ST_SESSIONS) { 10498 UINT32 parameter_section_size = buffer.size(); 10499 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 10500 if (rc != TPM_RC_SUCCESS) { 10501 return rc; 10502 } 10503 if (parameter_section_size > buffer.size()) { 10504 return TPM_RC_INSUFFICIENT; 10505 } 10506 authorization_section_bytes = buffer.substr(parameter_section_size); 10507 // Keep the parameter section in |buffer|. 10508 buffer.erase(parameter_section_size); 10509 } 10510 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 10511 crypto::SecureHash::SHA256)); 10512 hash->Update(response_code_bytes.data(), 10513 response_code_bytes.size()); 10514 hash->Update(command_code_bytes.data(), 10515 command_code_bytes.size()); 10516 hash->Update(buffer.data(), 10517 buffer.size()); 10518 std::string response_hash(32, 0); 10519 hash->Finish(string_as_array(&response_hash), response_hash.size()); 10520 if (tag == TPM_ST_SESSIONS) { 10521 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10522 if (!authorization_delegate->CheckResponseAuthorization( 10523 response_hash, 10524 authorization_section_bytes)) { 10525 return TRUNKS_RC_AUTHORIZATION_FAILED; 10526 } 10527 } 10528 std::string out_data_bytes; 10529 rc = Parse_TPM2B_MAX_BUFFER( 10530 &buffer, 10531 out_data, 10532 &out_data_bytes); 10533 if (rc != TPM_RC_SUCCESS) { 10534 return rc; 10535 } 10536 std::string test_result_bytes; 10537 rc = Parse_TPM_RC( 10538 &buffer, 10539 test_result, 10540 &test_result_bytes); 10541 if (rc != TPM_RC_SUCCESS) { 10542 return rc; 10543 } 10544 if (tag == TPM_ST_SESSIONS) { 10545 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10546 // Decrypt just the parameter data, not the size. 10547 std::string tmp = out_data_bytes.substr(2); 10548 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 10549 return TRUNKS_RC_ENCRYPTION_FAILED; 10550 } 10551 out_data_bytes.replace(2, std::string::npos, tmp); 10552 rc = Parse_TPM2B_MAX_BUFFER( 10553 &out_data_bytes, 10554 out_data, 10555 nullptr); 10556 if (rc != TPM_RC_SUCCESS) { 10557 return rc; 10558 } 10559 } 10560 return TPM_RC_SUCCESS; 10561 } 10562 10563 void GetTestResultErrorCallback( 10564 const Tpm::GetTestResultResponse& callback, 10565 TPM_RC response_code) { 10566 VLOG(1) << __func__; 10567 callback.Run(response_code, 10568 TPM2B_MAX_BUFFER(), 10569 TPM_RC()); 10570 } 10571 10572 void GetTestResultResponseParser( 10573 const Tpm::GetTestResultResponse& callback, 10574 AuthorizationDelegate* authorization_delegate, 10575 const std::string& response) { 10576 VLOG(1) << __func__; 10577 base::Callback<void(TPM_RC)> error_reporter = 10578 base::Bind(GetTestResultErrorCallback, callback); 10579 TPM2B_MAX_BUFFER out_data; 10580 TPM_RC test_result; 10581 TPM_RC rc = Tpm::ParseResponse_GetTestResult( 10582 response, 10583 &out_data, 10584 &test_result, 10585 authorization_delegate); 10586 if (rc != TPM_RC_SUCCESS) { 10587 error_reporter.Run(rc); 10588 return; 10589 } 10590 callback.Run( 10591 rc, 10592 out_data, 10593 test_result); 10594 } 10595 10596 void Tpm::GetTestResult( 10597 AuthorizationDelegate* authorization_delegate, 10598 const GetTestResultResponse& callback) { 10599 VLOG(1) << __func__; 10600 base::Callback<void(TPM_RC)> error_reporter = 10601 base::Bind(GetTestResultErrorCallback, callback); 10602 base::Callback<void(const std::string&)> parser = 10603 base::Bind(GetTestResultResponseParser, 10604 callback, 10605 authorization_delegate); 10606 std::string command; 10607 TPM_RC rc = SerializeCommand_GetTestResult( 10608 &command, 10609 authorization_delegate); 10610 if (rc != TPM_RC_SUCCESS) { 10611 error_reporter.Run(rc); 10612 return; 10613 } 10614 transceiver_->SendCommand(command, parser); 10615 } 10616 10617 TPM_RC Tpm::GetTestResultSync( 10618 TPM2B_MAX_BUFFER* out_data, 10619 TPM_RC* test_result, 10620 AuthorizationDelegate* authorization_delegate) { 10621 VLOG(1) << __func__; 10622 std::string command; 10623 TPM_RC rc = SerializeCommand_GetTestResult( 10624 &command, 10625 authorization_delegate); 10626 if (rc != TPM_RC_SUCCESS) { 10627 return rc; 10628 } 10629 std::string response = transceiver_->SendCommandAndWait(command); 10630 rc = ParseResponse_GetTestResult( 10631 response, 10632 out_data, 10633 test_result, 10634 authorization_delegate); 10635 return rc; 10636 } 10637 10638 TPM_RC Tpm::SerializeCommand_StartAuthSession( 10639 const TPMI_DH_OBJECT& tpm_key, 10640 const std::string& tpm_key_name, 10641 const TPMI_DH_ENTITY& bind, 10642 const std::string& bind_name, 10643 const TPM2B_NONCE& nonce_caller, 10644 const TPM2B_ENCRYPTED_SECRET& encrypted_salt, 10645 const TPM_SE& session_type, 10646 const TPMT_SYM_DEF& symmetric, 10647 const TPMI_ALG_HASH& auth_hash, 10648 std::string* serialized_command, 10649 AuthorizationDelegate* authorization_delegate) { 10650 VLOG(3) << __func__; 10651 TPM_RC rc = TPM_RC_SUCCESS; 10652 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 10653 UINT32 command_size = 10; // Header size. 10654 std::string handle_section_bytes; 10655 std::string parameter_section_bytes; 10656 TPM_CC command_code = TPM_CC_StartAuthSession; 10657 bool is_command_parameter_encryption_possible = true; 10658 bool is_response_parameter_encryption_possible = true; 10659 std::string command_code_bytes; 10660 rc = Serialize_TPM_CC( 10661 command_code, 10662 &command_code_bytes); 10663 if (rc != TPM_RC_SUCCESS) { 10664 return rc; 10665 } 10666 std::string tpm_key_bytes; 10667 rc = Serialize_TPMI_DH_OBJECT( 10668 tpm_key, 10669 &tpm_key_bytes); 10670 if (rc != TPM_RC_SUCCESS) { 10671 return rc; 10672 } 10673 std::string bind_bytes; 10674 rc = Serialize_TPMI_DH_ENTITY( 10675 bind, 10676 &bind_bytes); 10677 if (rc != TPM_RC_SUCCESS) { 10678 return rc; 10679 } 10680 std::string nonce_caller_bytes; 10681 rc = Serialize_TPM2B_NONCE( 10682 nonce_caller, 10683 &nonce_caller_bytes); 10684 if (rc != TPM_RC_SUCCESS) { 10685 return rc; 10686 } 10687 std::string encrypted_salt_bytes; 10688 rc = Serialize_TPM2B_ENCRYPTED_SECRET( 10689 encrypted_salt, 10690 &encrypted_salt_bytes); 10691 if (rc != TPM_RC_SUCCESS) { 10692 return rc; 10693 } 10694 std::string session_type_bytes; 10695 rc = Serialize_TPM_SE( 10696 session_type, 10697 &session_type_bytes); 10698 if (rc != TPM_RC_SUCCESS) { 10699 return rc; 10700 } 10701 std::string symmetric_bytes; 10702 rc = Serialize_TPMT_SYM_DEF( 10703 symmetric, 10704 &symmetric_bytes); 10705 if (rc != TPM_RC_SUCCESS) { 10706 return rc; 10707 } 10708 std::string auth_hash_bytes; 10709 rc = Serialize_TPMI_ALG_HASH( 10710 auth_hash, 10711 &auth_hash_bytes); 10712 if (rc != TPM_RC_SUCCESS) { 10713 return rc; 10714 } 10715 if (authorization_delegate) { 10716 // Encrypt just the parameter data, not the size. 10717 std::string tmp = nonce_caller_bytes.substr(2); 10718 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 10719 return TRUNKS_RC_ENCRYPTION_FAILED; 10720 } 10721 nonce_caller_bytes.replace(2, std::string::npos, tmp); 10722 } 10723 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 10724 crypto::SecureHash::SHA256)); 10725 hash->Update(command_code_bytes.data(), 10726 command_code_bytes.size()); 10727 hash->Update(tpm_key_name.data(), 10728 tpm_key_name.size()); 10729 handle_section_bytes += tpm_key_bytes; 10730 command_size += tpm_key_bytes.size(); 10731 hash->Update(bind_name.data(), 10732 bind_name.size()); 10733 handle_section_bytes += bind_bytes; 10734 command_size += bind_bytes.size(); 10735 hash->Update(nonce_caller_bytes.data(), 10736 nonce_caller_bytes.size()); 10737 parameter_section_bytes += nonce_caller_bytes; 10738 command_size += nonce_caller_bytes.size(); 10739 hash->Update(encrypted_salt_bytes.data(), 10740 encrypted_salt_bytes.size()); 10741 parameter_section_bytes += encrypted_salt_bytes; 10742 command_size += encrypted_salt_bytes.size(); 10743 hash->Update(session_type_bytes.data(), 10744 session_type_bytes.size()); 10745 parameter_section_bytes += session_type_bytes; 10746 command_size += session_type_bytes.size(); 10747 hash->Update(symmetric_bytes.data(), 10748 symmetric_bytes.size()); 10749 parameter_section_bytes += symmetric_bytes; 10750 command_size += symmetric_bytes.size(); 10751 hash->Update(auth_hash_bytes.data(), 10752 auth_hash_bytes.size()); 10753 parameter_section_bytes += auth_hash_bytes; 10754 command_size += auth_hash_bytes.size(); 10755 std::string command_hash(32, 0); 10756 hash->Finish(string_as_array(&command_hash), command_hash.size()); 10757 std::string authorization_section_bytes; 10758 std::string authorization_size_bytes; 10759 if (authorization_delegate) { 10760 if (!authorization_delegate->GetCommandAuthorization( 10761 command_hash, 10762 is_command_parameter_encryption_possible, 10763 is_response_parameter_encryption_possible, 10764 &authorization_section_bytes)) { 10765 return TRUNKS_RC_AUTHORIZATION_FAILED; 10766 } 10767 if (!authorization_section_bytes.empty()) { 10768 tag = TPM_ST_SESSIONS; 10769 std::string tmp; 10770 rc = Serialize_UINT32(authorization_section_bytes.size(), 10771 &authorization_size_bytes); 10772 if (rc != TPM_RC_SUCCESS) { 10773 return rc; 10774 } 10775 command_size += authorization_size_bytes.size() + 10776 authorization_section_bytes.size(); 10777 } 10778 } 10779 std::string tag_bytes; 10780 rc = Serialize_TPMI_ST_COMMAND_TAG( 10781 tag, 10782 &tag_bytes); 10783 if (rc != TPM_RC_SUCCESS) { 10784 return rc; 10785 } 10786 std::string command_size_bytes; 10787 rc = Serialize_UINT32( 10788 command_size, 10789 &command_size_bytes); 10790 if (rc != TPM_RC_SUCCESS) { 10791 return rc; 10792 } 10793 *serialized_command = tag_bytes + 10794 command_size_bytes + 10795 command_code_bytes + 10796 handle_section_bytes + 10797 authorization_size_bytes + 10798 authorization_section_bytes + 10799 parameter_section_bytes; 10800 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 10801 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 10802 serialized_command->size()); 10803 return TPM_RC_SUCCESS; 10804 } 10805 10806 TPM_RC Tpm::ParseResponse_StartAuthSession( 10807 const std::string& response, 10808 TPMI_SH_AUTH_SESSION* session_handle, 10809 TPM2B_NONCE* nonce_tpm, 10810 AuthorizationDelegate* authorization_delegate) { 10811 VLOG(3) << __func__; 10812 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 10813 TPM_RC rc = TPM_RC_SUCCESS; 10814 std::string buffer(response); 10815 TPM_ST tag; 10816 std::string tag_bytes; 10817 rc = Parse_TPM_ST( 10818 &buffer, 10819 &tag, 10820 &tag_bytes); 10821 if (rc != TPM_RC_SUCCESS) { 10822 return rc; 10823 } 10824 UINT32 response_size; 10825 std::string response_size_bytes; 10826 rc = Parse_UINT32( 10827 &buffer, 10828 &response_size, 10829 &response_size_bytes); 10830 if (rc != TPM_RC_SUCCESS) { 10831 return rc; 10832 } 10833 TPM_RC response_code; 10834 std::string response_code_bytes; 10835 rc = Parse_TPM_RC( 10836 &buffer, 10837 &response_code, 10838 &response_code_bytes); 10839 if (rc != TPM_RC_SUCCESS) { 10840 return rc; 10841 } 10842 if (response_size != response.size()) { 10843 return TPM_RC_SIZE; 10844 } 10845 if (response_code != TPM_RC_SUCCESS) { 10846 return response_code; 10847 } 10848 std::string session_handle_bytes; 10849 rc = Parse_TPMI_SH_AUTH_SESSION( 10850 &buffer, 10851 session_handle, 10852 &session_handle_bytes); 10853 if (rc != TPM_RC_SUCCESS) { 10854 return rc; 10855 } 10856 TPM_CC command_code = TPM_CC_StartAuthSession; 10857 std::string command_code_bytes; 10858 rc = Serialize_TPM_CC( 10859 command_code, 10860 &command_code_bytes); 10861 if (rc != TPM_RC_SUCCESS) { 10862 return rc; 10863 } 10864 std::string authorization_section_bytes; 10865 if (tag == TPM_ST_SESSIONS) { 10866 UINT32 parameter_section_size = buffer.size(); 10867 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 10868 if (rc != TPM_RC_SUCCESS) { 10869 return rc; 10870 } 10871 if (parameter_section_size > buffer.size()) { 10872 return TPM_RC_INSUFFICIENT; 10873 } 10874 authorization_section_bytes = buffer.substr(parameter_section_size); 10875 // Keep the parameter section in |buffer|. 10876 buffer.erase(parameter_section_size); 10877 } 10878 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 10879 crypto::SecureHash::SHA256)); 10880 hash->Update(response_code_bytes.data(), 10881 response_code_bytes.size()); 10882 hash->Update(command_code_bytes.data(), 10883 command_code_bytes.size()); 10884 hash->Update(buffer.data(), 10885 buffer.size()); 10886 std::string response_hash(32, 0); 10887 hash->Finish(string_as_array(&response_hash), response_hash.size()); 10888 if (tag == TPM_ST_SESSIONS) { 10889 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10890 if (!authorization_delegate->CheckResponseAuthorization( 10891 response_hash, 10892 authorization_section_bytes)) { 10893 return TRUNKS_RC_AUTHORIZATION_FAILED; 10894 } 10895 } 10896 std::string nonce_tpm_bytes; 10897 rc = Parse_TPM2B_NONCE( 10898 &buffer, 10899 nonce_tpm, 10900 &nonce_tpm_bytes); 10901 if (rc != TPM_RC_SUCCESS) { 10902 return rc; 10903 } 10904 if (tag == TPM_ST_SESSIONS) { 10905 CHECK(authorization_delegate) << "Authorization delegate missing!"; 10906 // Decrypt just the parameter data, not the size. 10907 std::string tmp = nonce_tpm_bytes.substr(2); 10908 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 10909 return TRUNKS_RC_ENCRYPTION_FAILED; 10910 } 10911 nonce_tpm_bytes.replace(2, std::string::npos, tmp); 10912 rc = Parse_TPM2B_NONCE( 10913 &nonce_tpm_bytes, 10914 nonce_tpm, 10915 nullptr); 10916 if (rc != TPM_RC_SUCCESS) { 10917 return rc; 10918 } 10919 } 10920 return TPM_RC_SUCCESS; 10921 } 10922 10923 void StartAuthSessionErrorCallback( 10924 const Tpm::StartAuthSessionResponse& callback, 10925 TPM_RC response_code) { 10926 VLOG(1) << __func__; 10927 callback.Run(response_code, 10928 TPMI_SH_AUTH_SESSION(), 10929 TPM2B_NONCE()); 10930 } 10931 10932 void StartAuthSessionResponseParser( 10933 const Tpm::StartAuthSessionResponse& callback, 10934 AuthorizationDelegate* authorization_delegate, 10935 const std::string& response) { 10936 VLOG(1) << __func__; 10937 base::Callback<void(TPM_RC)> error_reporter = 10938 base::Bind(StartAuthSessionErrorCallback, callback); 10939 TPMI_SH_AUTH_SESSION session_handle; 10940 TPM2B_NONCE nonce_tpm; 10941 TPM_RC rc = Tpm::ParseResponse_StartAuthSession( 10942 response, 10943 &session_handle, 10944 &nonce_tpm, 10945 authorization_delegate); 10946 if (rc != TPM_RC_SUCCESS) { 10947 error_reporter.Run(rc); 10948 return; 10949 } 10950 callback.Run( 10951 rc, 10952 session_handle, 10953 nonce_tpm); 10954 } 10955 10956 void Tpm::StartAuthSession( 10957 const TPMI_DH_OBJECT& tpm_key, 10958 const std::string& tpm_key_name, 10959 const TPMI_DH_ENTITY& bind, 10960 const std::string& bind_name, 10961 const TPM2B_NONCE& nonce_caller, 10962 const TPM2B_ENCRYPTED_SECRET& encrypted_salt, 10963 const TPM_SE& session_type, 10964 const TPMT_SYM_DEF& symmetric, 10965 const TPMI_ALG_HASH& auth_hash, 10966 AuthorizationDelegate* authorization_delegate, 10967 const StartAuthSessionResponse& callback) { 10968 VLOG(1) << __func__; 10969 base::Callback<void(TPM_RC)> error_reporter = 10970 base::Bind(StartAuthSessionErrorCallback, callback); 10971 base::Callback<void(const std::string&)> parser = 10972 base::Bind(StartAuthSessionResponseParser, 10973 callback, 10974 authorization_delegate); 10975 std::string command; 10976 TPM_RC rc = SerializeCommand_StartAuthSession( 10977 tpm_key, 10978 tpm_key_name, 10979 bind, 10980 bind_name, 10981 nonce_caller, 10982 encrypted_salt, 10983 session_type, 10984 symmetric, 10985 auth_hash, 10986 &command, 10987 authorization_delegate); 10988 if (rc != TPM_RC_SUCCESS) { 10989 error_reporter.Run(rc); 10990 return; 10991 } 10992 transceiver_->SendCommand(command, parser); 10993 } 10994 10995 TPM_RC Tpm::StartAuthSessionSync( 10996 const TPMI_DH_OBJECT& tpm_key, 10997 const std::string& tpm_key_name, 10998 const TPMI_DH_ENTITY& bind, 10999 const std::string& bind_name, 11000 const TPM2B_NONCE& nonce_caller, 11001 const TPM2B_ENCRYPTED_SECRET& encrypted_salt, 11002 const TPM_SE& session_type, 11003 const TPMT_SYM_DEF& symmetric, 11004 const TPMI_ALG_HASH& auth_hash, 11005 TPMI_SH_AUTH_SESSION* session_handle, 11006 TPM2B_NONCE* nonce_tpm, 11007 AuthorizationDelegate* authorization_delegate) { 11008 VLOG(1) << __func__; 11009 std::string command; 11010 TPM_RC rc = SerializeCommand_StartAuthSession( 11011 tpm_key, 11012 tpm_key_name, 11013 bind, 11014 bind_name, 11015 nonce_caller, 11016 encrypted_salt, 11017 session_type, 11018 symmetric, 11019 auth_hash, 11020 &command, 11021 authorization_delegate); 11022 if (rc != TPM_RC_SUCCESS) { 11023 return rc; 11024 } 11025 std::string response = transceiver_->SendCommandAndWait(command); 11026 rc = ParseResponse_StartAuthSession( 11027 response, 11028 session_handle, 11029 nonce_tpm, 11030 authorization_delegate); 11031 return rc; 11032 } 11033 11034 TPM_RC Tpm::SerializeCommand_PolicyRestart( 11035 const TPMI_SH_POLICY& session_handle, 11036 const std::string& session_handle_name, 11037 std::string* serialized_command, 11038 AuthorizationDelegate* authorization_delegate) { 11039 VLOG(3) << __func__; 11040 TPM_RC rc = TPM_RC_SUCCESS; 11041 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 11042 UINT32 command_size = 10; // Header size. 11043 std::string handle_section_bytes; 11044 std::string parameter_section_bytes; 11045 TPM_CC command_code = TPM_CC_PolicyRestart; 11046 bool is_command_parameter_encryption_possible = false; 11047 bool is_response_parameter_encryption_possible = false; 11048 std::string command_code_bytes; 11049 rc = Serialize_TPM_CC( 11050 command_code, 11051 &command_code_bytes); 11052 if (rc != TPM_RC_SUCCESS) { 11053 return rc; 11054 } 11055 std::string session_handle_bytes; 11056 rc = Serialize_TPMI_SH_POLICY( 11057 session_handle, 11058 &session_handle_bytes); 11059 if (rc != TPM_RC_SUCCESS) { 11060 return rc; 11061 } 11062 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 11063 crypto::SecureHash::SHA256)); 11064 hash->Update(command_code_bytes.data(), 11065 command_code_bytes.size()); 11066 hash->Update(session_handle_name.data(), 11067 session_handle_name.size()); 11068 handle_section_bytes += session_handle_bytes; 11069 command_size += session_handle_bytes.size(); 11070 std::string command_hash(32, 0); 11071 hash->Finish(string_as_array(&command_hash), command_hash.size()); 11072 std::string authorization_section_bytes; 11073 std::string authorization_size_bytes; 11074 if (authorization_delegate) { 11075 if (!authorization_delegate->GetCommandAuthorization( 11076 command_hash, 11077 is_command_parameter_encryption_possible, 11078 is_response_parameter_encryption_possible, 11079 &authorization_section_bytes)) { 11080 return TRUNKS_RC_AUTHORIZATION_FAILED; 11081 } 11082 if (!authorization_section_bytes.empty()) { 11083 tag = TPM_ST_SESSIONS; 11084 std::string tmp; 11085 rc = Serialize_UINT32(authorization_section_bytes.size(), 11086 &authorization_size_bytes); 11087 if (rc != TPM_RC_SUCCESS) { 11088 return rc; 11089 } 11090 command_size += authorization_size_bytes.size() + 11091 authorization_section_bytes.size(); 11092 } 11093 } 11094 std::string tag_bytes; 11095 rc = Serialize_TPMI_ST_COMMAND_TAG( 11096 tag, 11097 &tag_bytes); 11098 if (rc != TPM_RC_SUCCESS) { 11099 return rc; 11100 } 11101 std::string command_size_bytes; 11102 rc = Serialize_UINT32( 11103 command_size, 11104 &command_size_bytes); 11105 if (rc != TPM_RC_SUCCESS) { 11106 return rc; 11107 } 11108 *serialized_command = tag_bytes + 11109 command_size_bytes + 11110 command_code_bytes + 11111 handle_section_bytes + 11112 authorization_size_bytes + 11113 authorization_section_bytes + 11114 parameter_section_bytes; 11115 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 11116 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 11117 serialized_command->size()); 11118 return TPM_RC_SUCCESS; 11119 } 11120 11121 TPM_RC Tpm::ParseResponse_PolicyRestart( 11122 const std::string& response, 11123 AuthorizationDelegate* authorization_delegate) { 11124 VLOG(3) << __func__; 11125 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 11126 TPM_RC rc = TPM_RC_SUCCESS; 11127 std::string buffer(response); 11128 TPM_ST tag; 11129 std::string tag_bytes; 11130 rc = Parse_TPM_ST( 11131 &buffer, 11132 &tag, 11133 &tag_bytes); 11134 if (rc != TPM_RC_SUCCESS) { 11135 return rc; 11136 } 11137 UINT32 response_size; 11138 std::string response_size_bytes; 11139 rc = Parse_UINT32( 11140 &buffer, 11141 &response_size, 11142 &response_size_bytes); 11143 if (rc != TPM_RC_SUCCESS) { 11144 return rc; 11145 } 11146 TPM_RC response_code; 11147 std::string response_code_bytes; 11148 rc = Parse_TPM_RC( 11149 &buffer, 11150 &response_code, 11151 &response_code_bytes); 11152 if (rc != TPM_RC_SUCCESS) { 11153 return rc; 11154 } 11155 if (response_size != response.size()) { 11156 return TPM_RC_SIZE; 11157 } 11158 if (response_code != TPM_RC_SUCCESS) { 11159 return response_code; 11160 } 11161 TPM_CC command_code = TPM_CC_PolicyRestart; 11162 std::string command_code_bytes; 11163 rc = Serialize_TPM_CC( 11164 command_code, 11165 &command_code_bytes); 11166 if (rc != TPM_RC_SUCCESS) { 11167 return rc; 11168 } 11169 std::string authorization_section_bytes; 11170 if (tag == TPM_ST_SESSIONS) { 11171 UINT32 parameter_section_size = buffer.size(); 11172 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 11173 if (rc != TPM_RC_SUCCESS) { 11174 return rc; 11175 } 11176 if (parameter_section_size > buffer.size()) { 11177 return TPM_RC_INSUFFICIENT; 11178 } 11179 authorization_section_bytes = buffer.substr(parameter_section_size); 11180 // Keep the parameter section in |buffer|. 11181 buffer.erase(parameter_section_size); 11182 } 11183 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 11184 crypto::SecureHash::SHA256)); 11185 hash->Update(response_code_bytes.data(), 11186 response_code_bytes.size()); 11187 hash->Update(command_code_bytes.data(), 11188 command_code_bytes.size()); 11189 hash->Update(buffer.data(), 11190 buffer.size()); 11191 std::string response_hash(32, 0); 11192 hash->Finish(string_as_array(&response_hash), response_hash.size()); 11193 if (tag == TPM_ST_SESSIONS) { 11194 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11195 if (!authorization_delegate->CheckResponseAuthorization( 11196 response_hash, 11197 authorization_section_bytes)) { 11198 return TRUNKS_RC_AUTHORIZATION_FAILED; 11199 } 11200 } 11201 return TPM_RC_SUCCESS; 11202 } 11203 11204 void PolicyRestartErrorCallback( 11205 const Tpm::PolicyRestartResponse& callback, 11206 TPM_RC response_code) { 11207 VLOG(1) << __func__; 11208 callback.Run(response_code); 11209 } 11210 11211 void PolicyRestartResponseParser( 11212 const Tpm::PolicyRestartResponse& callback, 11213 AuthorizationDelegate* authorization_delegate, 11214 const std::string& response) { 11215 VLOG(1) << __func__; 11216 base::Callback<void(TPM_RC)> error_reporter = 11217 base::Bind(PolicyRestartErrorCallback, callback); 11218 TPM_RC rc = Tpm::ParseResponse_PolicyRestart( 11219 response, 11220 authorization_delegate); 11221 if (rc != TPM_RC_SUCCESS) { 11222 error_reporter.Run(rc); 11223 return; 11224 } 11225 callback.Run( 11226 rc); 11227 } 11228 11229 void Tpm::PolicyRestart( 11230 const TPMI_SH_POLICY& session_handle, 11231 const std::string& session_handle_name, 11232 AuthorizationDelegate* authorization_delegate, 11233 const PolicyRestartResponse& callback) { 11234 VLOG(1) << __func__; 11235 base::Callback<void(TPM_RC)> error_reporter = 11236 base::Bind(PolicyRestartErrorCallback, callback); 11237 base::Callback<void(const std::string&)> parser = 11238 base::Bind(PolicyRestartResponseParser, 11239 callback, 11240 authorization_delegate); 11241 std::string command; 11242 TPM_RC rc = SerializeCommand_PolicyRestart( 11243 session_handle, 11244 session_handle_name, 11245 &command, 11246 authorization_delegate); 11247 if (rc != TPM_RC_SUCCESS) { 11248 error_reporter.Run(rc); 11249 return; 11250 } 11251 transceiver_->SendCommand(command, parser); 11252 } 11253 11254 TPM_RC Tpm::PolicyRestartSync( 11255 const TPMI_SH_POLICY& session_handle, 11256 const std::string& session_handle_name, 11257 AuthorizationDelegate* authorization_delegate) { 11258 VLOG(1) << __func__; 11259 std::string command; 11260 TPM_RC rc = SerializeCommand_PolicyRestart( 11261 session_handle, 11262 session_handle_name, 11263 &command, 11264 authorization_delegate); 11265 if (rc != TPM_RC_SUCCESS) { 11266 return rc; 11267 } 11268 std::string response = transceiver_->SendCommandAndWait(command); 11269 rc = ParseResponse_PolicyRestart( 11270 response, 11271 authorization_delegate); 11272 return rc; 11273 } 11274 11275 TPM_RC Tpm::SerializeCommand_Create( 11276 const TPMI_DH_OBJECT& parent_handle, 11277 const std::string& parent_handle_name, 11278 const TPM2B_SENSITIVE_CREATE& in_sensitive, 11279 const TPM2B_PUBLIC& in_public, 11280 const TPM2B_DATA& outside_info, 11281 const TPML_PCR_SELECTION& creation_pcr, 11282 std::string* serialized_command, 11283 AuthorizationDelegate* authorization_delegate) { 11284 VLOG(3) << __func__; 11285 TPM_RC rc = TPM_RC_SUCCESS; 11286 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 11287 UINT32 command_size = 10; // Header size. 11288 std::string handle_section_bytes; 11289 std::string parameter_section_bytes; 11290 TPM_CC command_code = TPM_CC_Create; 11291 bool is_command_parameter_encryption_possible = true; 11292 bool is_response_parameter_encryption_possible = true; 11293 std::string command_code_bytes; 11294 rc = Serialize_TPM_CC( 11295 command_code, 11296 &command_code_bytes); 11297 if (rc != TPM_RC_SUCCESS) { 11298 return rc; 11299 } 11300 std::string parent_handle_bytes; 11301 rc = Serialize_TPMI_DH_OBJECT( 11302 parent_handle, 11303 &parent_handle_bytes); 11304 if (rc != TPM_RC_SUCCESS) { 11305 return rc; 11306 } 11307 std::string in_sensitive_bytes; 11308 rc = Serialize_TPM2B_SENSITIVE_CREATE( 11309 in_sensitive, 11310 &in_sensitive_bytes); 11311 if (rc != TPM_RC_SUCCESS) { 11312 return rc; 11313 } 11314 std::string in_public_bytes; 11315 rc = Serialize_TPM2B_PUBLIC( 11316 in_public, 11317 &in_public_bytes); 11318 if (rc != TPM_RC_SUCCESS) { 11319 return rc; 11320 } 11321 std::string outside_info_bytes; 11322 rc = Serialize_TPM2B_DATA( 11323 outside_info, 11324 &outside_info_bytes); 11325 if (rc != TPM_RC_SUCCESS) { 11326 return rc; 11327 } 11328 std::string creation_pcr_bytes; 11329 rc = Serialize_TPML_PCR_SELECTION( 11330 creation_pcr, 11331 &creation_pcr_bytes); 11332 if (rc != TPM_RC_SUCCESS) { 11333 return rc; 11334 } 11335 if (authorization_delegate) { 11336 // Encrypt just the parameter data, not the size. 11337 std::string tmp = in_sensitive_bytes.substr(2); 11338 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 11339 return TRUNKS_RC_ENCRYPTION_FAILED; 11340 } 11341 in_sensitive_bytes.replace(2, std::string::npos, tmp); 11342 } 11343 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 11344 crypto::SecureHash::SHA256)); 11345 hash->Update(command_code_bytes.data(), 11346 command_code_bytes.size()); 11347 hash->Update(parent_handle_name.data(), 11348 parent_handle_name.size()); 11349 handle_section_bytes += parent_handle_bytes; 11350 command_size += parent_handle_bytes.size(); 11351 hash->Update(in_sensitive_bytes.data(), 11352 in_sensitive_bytes.size()); 11353 parameter_section_bytes += in_sensitive_bytes; 11354 command_size += in_sensitive_bytes.size(); 11355 hash->Update(in_public_bytes.data(), 11356 in_public_bytes.size()); 11357 parameter_section_bytes += in_public_bytes; 11358 command_size += in_public_bytes.size(); 11359 hash->Update(outside_info_bytes.data(), 11360 outside_info_bytes.size()); 11361 parameter_section_bytes += outside_info_bytes; 11362 command_size += outside_info_bytes.size(); 11363 hash->Update(creation_pcr_bytes.data(), 11364 creation_pcr_bytes.size()); 11365 parameter_section_bytes += creation_pcr_bytes; 11366 command_size += creation_pcr_bytes.size(); 11367 std::string command_hash(32, 0); 11368 hash->Finish(string_as_array(&command_hash), command_hash.size()); 11369 std::string authorization_section_bytes; 11370 std::string authorization_size_bytes; 11371 if (authorization_delegate) { 11372 if (!authorization_delegate->GetCommandAuthorization( 11373 command_hash, 11374 is_command_parameter_encryption_possible, 11375 is_response_parameter_encryption_possible, 11376 &authorization_section_bytes)) { 11377 return TRUNKS_RC_AUTHORIZATION_FAILED; 11378 } 11379 if (!authorization_section_bytes.empty()) { 11380 tag = TPM_ST_SESSIONS; 11381 std::string tmp; 11382 rc = Serialize_UINT32(authorization_section_bytes.size(), 11383 &authorization_size_bytes); 11384 if (rc != TPM_RC_SUCCESS) { 11385 return rc; 11386 } 11387 command_size += authorization_size_bytes.size() + 11388 authorization_section_bytes.size(); 11389 } 11390 } 11391 std::string tag_bytes; 11392 rc = Serialize_TPMI_ST_COMMAND_TAG( 11393 tag, 11394 &tag_bytes); 11395 if (rc != TPM_RC_SUCCESS) { 11396 return rc; 11397 } 11398 std::string command_size_bytes; 11399 rc = Serialize_UINT32( 11400 command_size, 11401 &command_size_bytes); 11402 if (rc != TPM_RC_SUCCESS) { 11403 return rc; 11404 } 11405 *serialized_command = tag_bytes + 11406 command_size_bytes + 11407 command_code_bytes + 11408 handle_section_bytes + 11409 authorization_size_bytes + 11410 authorization_section_bytes + 11411 parameter_section_bytes; 11412 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 11413 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 11414 serialized_command->size()); 11415 return TPM_RC_SUCCESS; 11416 } 11417 11418 TPM_RC Tpm::ParseResponse_Create( 11419 const std::string& response, 11420 TPM2B_PRIVATE* out_private, 11421 TPM2B_PUBLIC* out_public, 11422 TPM2B_CREATION_DATA* creation_data, 11423 TPM2B_DIGEST* creation_hash, 11424 TPMT_TK_CREATION* creation_ticket, 11425 AuthorizationDelegate* authorization_delegate) { 11426 VLOG(3) << __func__; 11427 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 11428 TPM_RC rc = TPM_RC_SUCCESS; 11429 std::string buffer(response); 11430 TPM_ST tag; 11431 std::string tag_bytes; 11432 rc = Parse_TPM_ST( 11433 &buffer, 11434 &tag, 11435 &tag_bytes); 11436 if (rc != TPM_RC_SUCCESS) { 11437 return rc; 11438 } 11439 UINT32 response_size; 11440 std::string response_size_bytes; 11441 rc = Parse_UINT32( 11442 &buffer, 11443 &response_size, 11444 &response_size_bytes); 11445 if (rc != TPM_RC_SUCCESS) { 11446 return rc; 11447 } 11448 TPM_RC response_code; 11449 std::string response_code_bytes; 11450 rc = Parse_TPM_RC( 11451 &buffer, 11452 &response_code, 11453 &response_code_bytes); 11454 if (rc != TPM_RC_SUCCESS) { 11455 return rc; 11456 } 11457 if (response_size != response.size()) { 11458 return TPM_RC_SIZE; 11459 } 11460 if (response_code != TPM_RC_SUCCESS) { 11461 return response_code; 11462 } 11463 TPM_CC command_code = TPM_CC_Create; 11464 std::string command_code_bytes; 11465 rc = Serialize_TPM_CC( 11466 command_code, 11467 &command_code_bytes); 11468 if (rc != TPM_RC_SUCCESS) { 11469 return rc; 11470 } 11471 std::string authorization_section_bytes; 11472 if (tag == TPM_ST_SESSIONS) { 11473 UINT32 parameter_section_size = buffer.size(); 11474 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 11475 if (rc != TPM_RC_SUCCESS) { 11476 return rc; 11477 } 11478 if (parameter_section_size > buffer.size()) { 11479 return TPM_RC_INSUFFICIENT; 11480 } 11481 authorization_section_bytes = buffer.substr(parameter_section_size); 11482 // Keep the parameter section in |buffer|. 11483 buffer.erase(parameter_section_size); 11484 } 11485 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 11486 crypto::SecureHash::SHA256)); 11487 hash->Update(response_code_bytes.data(), 11488 response_code_bytes.size()); 11489 hash->Update(command_code_bytes.data(), 11490 command_code_bytes.size()); 11491 hash->Update(buffer.data(), 11492 buffer.size()); 11493 std::string response_hash(32, 0); 11494 hash->Finish(string_as_array(&response_hash), response_hash.size()); 11495 if (tag == TPM_ST_SESSIONS) { 11496 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11497 if (!authorization_delegate->CheckResponseAuthorization( 11498 response_hash, 11499 authorization_section_bytes)) { 11500 return TRUNKS_RC_AUTHORIZATION_FAILED; 11501 } 11502 } 11503 std::string out_private_bytes; 11504 rc = Parse_TPM2B_PRIVATE( 11505 &buffer, 11506 out_private, 11507 &out_private_bytes); 11508 if (rc != TPM_RC_SUCCESS) { 11509 return rc; 11510 } 11511 std::string out_public_bytes; 11512 rc = Parse_TPM2B_PUBLIC( 11513 &buffer, 11514 out_public, 11515 &out_public_bytes); 11516 if (rc != TPM_RC_SUCCESS) { 11517 return rc; 11518 } 11519 std::string creation_data_bytes; 11520 rc = Parse_TPM2B_CREATION_DATA( 11521 &buffer, 11522 creation_data, 11523 &creation_data_bytes); 11524 if (rc != TPM_RC_SUCCESS) { 11525 return rc; 11526 } 11527 std::string creation_hash_bytes; 11528 rc = Parse_TPM2B_DIGEST( 11529 &buffer, 11530 creation_hash, 11531 &creation_hash_bytes); 11532 if (rc != TPM_RC_SUCCESS) { 11533 return rc; 11534 } 11535 std::string creation_ticket_bytes; 11536 rc = Parse_TPMT_TK_CREATION( 11537 &buffer, 11538 creation_ticket, 11539 &creation_ticket_bytes); 11540 if (rc != TPM_RC_SUCCESS) { 11541 return rc; 11542 } 11543 if (tag == TPM_ST_SESSIONS) { 11544 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11545 // Decrypt just the parameter data, not the size. 11546 std::string tmp = out_private_bytes.substr(2); 11547 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 11548 return TRUNKS_RC_ENCRYPTION_FAILED; 11549 } 11550 out_private_bytes.replace(2, std::string::npos, tmp); 11551 rc = Parse_TPM2B_PRIVATE( 11552 &out_private_bytes, 11553 out_private, 11554 nullptr); 11555 if (rc != TPM_RC_SUCCESS) { 11556 return rc; 11557 } 11558 } 11559 return TPM_RC_SUCCESS; 11560 } 11561 11562 void CreateErrorCallback( 11563 const Tpm::CreateResponse& callback, 11564 TPM_RC response_code) { 11565 VLOG(1) << __func__; 11566 callback.Run(response_code, 11567 TPM2B_PRIVATE(), 11568 TPM2B_PUBLIC(), 11569 TPM2B_CREATION_DATA(), 11570 TPM2B_DIGEST(), 11571 TPMT_TK_CREATION()); 11572 } 11573 11574 void CreateResponseParser( 11575 const Tpm::CreateResponse& callback, 11576 AuthorizationDelegate* authorization_delegate, 11577 const std::string& response) { 11578 VLOG(1) << __func__; 11579 base::Callback<void(TPM_RC)> error_reporter = 11580 base::Bind(CreateErrorCallback, callback); 11581 TPM2B_PRIVATE out_private; 11582 TPM2B_PUBLIC out_public; 11583 TPM2B_CREATION_DATA creation_data; 11584 TPM2B_DIGEST creation_hash; 11585 TPMT_TK_CREATION creation_ticket; 11586 TPM_RC rc = Tpm::ParseResponse_Create( 11587 response, 11588 &out_private, 11589 &out_public, 11590 &creation_data, 11591 &creation_hash, 11592 &creation_ticket, 11593 authorization_delegate); 11594 if (rc != TPM_RC_SUCCESS) { 11595 error_reporter.Run(rc); 11596 return; 11597 } 11598 callback.Run( 11599 rc, 11600 out_private, 11601 out_public, 11602 creation_data, 11603 creation_hash, 11604 creation_ticket); 11605 } 11606 11607 void Tpm::Create( 11608 const TPMI_DH_OBJECT& parent_handle, 11609 const std::string& parent_handle_name, 11610 const TPM2B_SENSITIVE_CREATE& in_sensitive, 11611 const TPM2B_PUBLIC& in_public, 11612 const TPM2B_DATA& outside_info, 11613 const TPML_PCR_SELECTION& creation_pcr, 11614 AuthorizationDelegate* authorization_delegate, 11615 const CreateResponse& callback) { 11616 VLOG(1) << __func__; 11617 base::Callback<void(TPM_RC)> error_reporter = 11618 base::Bind(CreateErrorCallback, callback); 11619 base::Callback<void(const std::string&)> parser = 11620 base::Bind(CreateResponseParser, 11621 callback, 11622 authorization_delegate); 11623 std::string command; 11624 TPM_RC rc = SerializeCommand_Create( 11625 parent_handle, 11626 parent_handle_name, 11627 in_sensitive, 11628 in_public, 11629 outside_info, 11630 creation_pcr, 11631 &command, 11632 authorization_delegate); 11633 if (rc != TPM_RC_SUCCESS) { 11634 error_reporter.Run(rc); 11635 return; 11636 } 11637 transceiver_->SendCommand(command, parser); 11638 } 11639 11640 TPM_RC Tpm::CreateSync( 11641 const TPMI_DH_OBJECT& parent_handle, 11642 const std::string& parent_handle_name, 11643 const TPM2B_SENSITIVE_CREATE& in_sensitive, 11644 const TPM2B_PUBLIC& in_public, 11645 const TPM2B_DATA& outside_info, 11646 const TPML_PCR_SELECTION& creation_pcr, 11647 TPM2B_PRIVATE* out_private, 11648 TPM2B_PUBLIC* out_public, 11649 TPM2B_CREATION_DATA* creation_data, 11650 TPM2B_DIGEST* creation_hash, 11651 TPMT_TK_CREATION* creation_ticket, 11652 AuthorizationDelegate* authorization_delegate) { 11653 VLOG(1) << __func__; 11654 std::string command; 11655 TPM_RC rc = SerializeCommand_Create( 11656 parent_handle, 11657 parent_handle_name, 11658 in_sensitive, 11659 in_public, 11660 outside_info, 11661 creation_pcr, 11662 &command, 11663 authorization_delegate); 11664 if (rc != TPM_RC_SUCCESS) { 11665 return rc; 11666 } 11667 std::string response = transceiver_->SendCommandAndWait(command); 11668 rc = ParseResponse_Create( 11669 response, 11670 out_private, 11671 out_public, 11672 creation_data, 11673 creation_hash, 11674 creation_ticket, 11675 authorization_delegate); 11676 return rc; 11677 } 11678 11679 TPM_RC Tpm::SerializeCommand_Load( 11680 const TPMI_DH_OBJECT& parent_handle, 11681 const std::string& parent_handle_name, 11682 const TPM2B_PRIVATE& in_private, 11683 const TPM2B_PUBLIC& in_public, 11684 std::string* serialized_command, 11685 AuthorizationDelegate* authorization_delegate) { 11686 VLOG(3) << __func__; 11687 TPM_RC rc = TPM_RC_SUCCESS; 11688 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 11689 UINT32 command_size = 10; // Header size. 11690 std::string handle_section_bytes; 11691 std::string parameter_section_bytes; 11692 TPM_CC command_code = TPM_CC_Load; 11693 bool is_command_parameter_encryption_possible = true; 11694 bool is_response_parameter_encryption_possible = true; 11695 std::string command_code_bytes; 11696 rc = Serialize_TPM_CC( 11697 command_code, 11698 &command_code_bytes); 11699 if (rc != TPM_RC_SUCCESS) { 11700 return rc; 11701 } 11702 std::string parent_handle_bytes; 11703 rc = Serialize_TPMI_DH_OBJECT( 11704 parent_handle, 11705 &parent_handle_bytes); 11706 if (rc != TPM_RC_SUCCESS) { 11707 return rc; 11708 } 11709 std::string in_private_bytes; 11710 rc = Serialize_TPM2B_PRIVATE( 11711 in_private, 11712 &in_private_bytes); 11713 if (rc != TPM_RC_SUCCESS) { 11714 return rc; 11715 } 11716 std::string in_public_bytes; 11717 rc = Serialize_TPM2B_PUBLIC( 11718 in_public, 11719 &in_public_bytes); 11720 if (rc != TPM_RC_SUCCESS) { 11721 return rc; 11722 } 11723 if (authorization_delegate) { 11724 // Encrypt just the parameter data, not the size. 11725 std::string tmp = in_private_bytes.substr(2); 11726 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 11727 return TRUNKS_RC_ENCRYPTION_FAILED; 11728 } 11729 in_private_bytes.replace(2, std::string::npos, tmp); 11730 } 11731 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 11732 crypto::SecureHash::SHA256)); 11733 hash->Update(command_code_bytes.data(), 11734 command_code_bytes.size()); 11735 hash->Update(parent_handle_name.data(), 11736 parent_handle_name.size()); 11737 handle_section_bytes += parent_handle_bytes; 11738 command_size += parent_handle_bytes.size(); 11739 hash->Update(in_private_bytes.data(), 11740 in_private_bytes.size()); 11741 parameter_section_bytes += in_private_bytes; 11742 command_size += in_private_bytes.size(); 11743 hash->Update(in_public_bytes.data(), 11744 in_public_bytes.size()); 11745 parameter_section_bytes += in_public_bytes; 11746 command_size += in_public_bytes.size(); 11747 std::string command_hash(32, 0); 11748 hash->Finish(string_as_array(&command_hash), command_hash.size()); 11749 std::string authorization_section_bytes; 11750 std::string authorization_size_bytes; 11751 if (authorization_delegate) { 11752 if (!authorization_delegate->GetCommandAuthorization( 11753 command_hash, 11754 is_command_parameter_encryption_possible, 11755 is_response_parameter_encryption_possible, 11756 &authorization_section_bytes)) { 11757 return TRUNKS_RC_AUTHORIZATION_FAILED; 11758 } 11759 if (!authorization_section_bytes.empty()) { 11760 tag = TPM_ST_SESSIONS; 11761 std::string tmp; 11762 rc = Serialize_UINT32(authorization_section_bytes.size(), 11763 &authorization_size_bytes); 11764 if (rc != TPM_RC_SUCCESS) { 11765 return rc; 11766 } 11767 command_size += authorization_size_bytes.size() + 11768 authorization_section_bytes.size(); 11769 } 11770 } 11771 std::string tag_bytes; 11772 rc = Serialize_TPMI_ST_COMMAND_TAG( 11773 tag, 11774 &tag_bytes); 11775 if (rc != TPM_RC_SUCCESS) { 11776 return rc; 11777 } 11778 std::string command_size_bytes; 11779 rc = Serialize_UINT32( 11780 command_size, 11781 &command_size_bytes); 11782 if (rc != TPM_RC_SUCCESS) { 11783 return rc; 11784 } 11785 *serialized_command = tag_bytes + 11786 command_size_bytes + 11787 command_code_bytes + 11788 handle_section_bytes + 11789 authorization_size_bytes + 11790 authorization_section_bytes + 11791 parameter_section_bytes; 11792 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 11793 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 11794 serialized_command->size()); 11795 return TPM_RC_SUCCESS; 11796 } 11797 11798 TPM_RC Tpm::ParseResponse_Load( 11799 const std::string& response, 11800 TPM_HANDLE* object_handle, 11801 TPM2B_NAME* name, 11802 AuthorizationDelegate* authorization_delegate) { 11803 VLOG(3) << __func__; 11804 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 11805 TPM_RC rc = TPM_RC_SUCCESS; 11806 std::string buffer(response); 11807 TPM_ST tag; 11808 std::string tag_bytes; 11809 rc = Parse_TPM_ST( 11810 &buffer, 11811 &tag, 11812 &tag_bytes); 11813 if (rc != TPM_RC_SUCCESS) { 11814 return rc; 11815 } 11816 UINT32 response_size; 11817 std::string response_size_bytes; 11818 rc = Parse_UINT32( 11819 &buffer, 11820 &response_size, 11821 &response_size_bytes); 11822 if (rc != TPM_RC_SUCCESS) { 11823 return rc; 11824 } 11825 TPM_RC response_code; 11826 std::string response_code_bytes; 11827 rc = Parse_TPM_RC( 11828 &buffer, 11829 &response_code, 11830 &response_code_bytes); 11831 if (rc != TPM_RC_SUCCESS) { 11832 return rc; 11833 } 11834 if (response_size != response.size()) { 11835 return TPM_RC_SIZE; 11836 } 11837 if (response_code != TPM_RC_SUCCESS) { 11838 return response_code; 11839 } 11840 std::string object_handle_bytes; 11841 rc = Parse_TPM_HANDLE( 11842 &buffer, 11843 object_handle, 11844 &object_handle_bytes); 11845 if (rc != TPM_RC_SUCCESS) { 11846 return rc; 11847 } 11848 TPM_CC command_code = TPM_CC_Load; 11849 std::string command_code_bytes; 11850 rc = Serialize_TPM_CC( 11851 command_code, 11852 &command_code_bytes); 11853 if (rc != TPM_RC_SUCCESS) { 11854 return rc; 11855 } 11856 std::string authorization_section_bytes; 11857 if (tag == TPM_ST_SESSIONS) { 11858 UINT32 parameter_section_size = buffer.size(); 11859 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 11860 if (rc != TPM_RC_SUCCESS) { 11861 return rc; 11862 } 11863 if (parameter_section_size > buffer.size()) { 11864 return TPM_RC_INSUFFICIENT; 11865 } 11866 authorization_section_bytes = buffer.substr(parameter_section_size); 11867 // Keep the parameter section in |buffer|. 11868 buffer.erase(parameter_section_size); 11869 } 11870 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 11871 crypto::SecureHash::SHA256)); 11872 hash->Update(response_code_bytes.data(), 11873 response_code_bytes.size()); 11874 hash->Update(command_code_bytes.data(), 11875 command_code_bytes.size()); 11876 hash->Update(buffer.data(), 11877 buffer.size()); 11878 std::string response_hash(32, 0); 11879 hash->Finish(string_as_array(&response_hash), response_hash.size()); 11880 if (tag == TPM_ST_SESSIONS) { 11881 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11882 if (!authorization_delegate->CheckResponseAuthorization( 11883 response_hash, 11884 authorization_section_bytes)) { 11885 return TRUNKS_RC_AUTHORIZATION_FAILED; 11886 } 11887 } 11888 std::string name_bytes; 11889 rc = Parse_TPM2B_NAME( 11890 &buffer, 11891 name, 11892 &name_bytes); 11893 if (rc != TPM_RC_SUCCESS) { 11894 return rc; 11895 } 11896 if (tag == TPM_ST_SESSIONS) { 11897 CHECK(authorization_delegate) << "Authorization delegate missing!"; 11898 // Decrypt just the parameter data, not the size. 11899 std::string tmp = name_bytes.substr(2); 11900 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 11901 return TRUNKS_RC_ENCRYPTION_FAILED; 11902 } 11903 name_bytes.replace(2, std::string::npos, tmp); 11904 rc = Parse_TPM2B_NAME( 11905 &name_bytes, 11906 name, 11907 nullptr); 11908 if (rc != TPM_RC_SUCCESS) { 11909 return rc; 11910 } 11911 } 11912 return TPM_RC_SUCCESS; 11913 } 11914 11915 void LoadErrorCallback( 11916 const Tpm::LoadResponse& callback, 11917 TPM_RC response_code) { 11918 VLOG(1) << __func__; 11919 callback.Run(response_code, 11920 TPM_HANDLE(), 11921 TPM2B_NAME()); 11922 } 11923 11924 void LoadResponseParser( 11925 const Tpm::LoadResponse& callback, 11926 AuthorizationDelegate* authorization_delegate, 11927 const std::string& response) { 11928 VLOG(1) << __func__; 11929 base::Callback<void(TPM_RC)> error_reporter = 11930 base::Bind(LoadErrorCallback, callback); 11931 TPM_HANDLE object_handle; 11932 TPM2B_NAME name; 11933 TPM_RC rc = Tpm::ParseResponse_Load( 11934 response, 11935 &object_handle, 11936 &name, 11937 authorization_delegate); 11938 if (rc != TPM_RC_SUCCESS) { 11939 error_reporter.Run(rc); 11940 return; 11941 } 11942 callback.Run( 11943 rc, 11944 object_handle, 11945 name); 11946 } 11947 11948 void Tpm::Load( 11949 const TPMI_DH_OBJECT& parent_handle, 11950 const std::string& parent_handle_name, 11951 const TPM2B_PRIVATE& in_private, 11952 const TPM2B_PUBLIC& in_public, 11953 AuthorizationDelegate* authorization_delegate, 11954 const LoadResponse& callback) { 11955 VLOG(1) << __func__; 11956 base::Callback<void(TPM_RC)> error_reporter = 11957 base::Bind(LoadErrorCallback, callback); 11958 base::Callback<void(const std::string&)> parser = 11959 base::Bind(LoadResponseParser, 11960 callback, 11961 authorization_delegate); 11962 std::string command; 11963 TPM_RC rc = SerializeCommand_Load( 11964 parent_handle, 11965 parent_handle_name, 11966 in_private, 11967 in_public, 11968 &command, 11969 authorization_delegate); 11970 if (rc != TPM_RC_SUCCESS) { 11971 error_reporter.Run(rc); 11972 return; 11973 } 11974 transceiver_->SendCommand(command, parser); 11975 } 11976 11977 TPM_RC Tpm::LoadSync( 11978 const TPMI_DH_OBJECT& parent_handle, 11979 const std::string& parent_handle_name, 11980 const TPM2B_PRIVATE& in_private, 11981 const TPM2B_PUBLIC& in_public, 11982 TPM_HANDLE* object_handle, 11983 TPM2B_NAME* name, 11984 AuthorizationDelegate* authorization_delegate) { 11985 VLOG(1) << __func__; 11986 std::string command; 11987 TPM_RC rc = SerializeCommand_Load( 11988 parent_handle, 11989 parent_handle_name, 11990 in_private, 11991 in_public, 11992 &command, 11993 authorization_delegate); 11994 if (rc != TPM_RC_SUCCESS) { 11995 return rc; 11996 } 11997 std::string response = transceiver_->SendCommandAndWait(command); 11998 rc = ParseResponse_Load( 11999 response, 12000 object_handle, 12001 name, 12002 authorization_delegate); 12003 return rc; 12004 } 12005 12006 TPM_RC Tpm::SerializeCommand_LoadExternal( 12007 const TPM2B_SENSITIVE& in_private, 12008 const TPM2B_PUBLIC& in_public, 12009 const TPMI_RH_HIERARCHY& hierarchy, 12010 std::string* serialized_command, 12011 AuthorizationDelegate* authorization_delegate) { 12012 VLOG(3) << __func__; 12013 TPM_RC rc = TPM_RC_SUCCESS; 12014 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 12015 UINT32 command_size = 10; // Header size. 12016 std::string handle_section_bytes; 12017 std::string parameter_section_bytes; 12018 TPM_CC command_code = TPM_CC_LoadExternal; 12019 bool is_command_parameter_encryption_possible = true; 12020 bool is_response_parameter_encryption_possible = true; 12021 std::string command_code_bytes; 12022 rc = Serialize_TPM_CC( 12023 command_code, 12024 &command_code_bytes); 12025 if (rc != TPM_RC_SUCCESS) { 12026 return rc; 12027 } 12028 std::string in_private_bytes; 12029 rc = Serialize_TPM2B_SENSITIVE( 12030 in_private, 12031 &in_private_bytes); 12032 if (rc != TPM_RC_SUCCESS) { 12033 return rc; 12034 } 12035 std::string in_public_bytes; 12036 rc = Serialize_TPM2B_PUBLIC( 12037 in_public, 12038 &in_public_bytes); 12039 if (rc != TPM_RC_SUCCESS) { 12040 return rc; 12041 } 12042 std::string hierarchy_bytes; 12043 rc = Serialize_TPMI_RH_HIERARCHY( 12044 hierarchy, 12045 &hierarchy_bytes); 12046 if (rc != TPM_RC_SUCCESS) { 12047 return rc; 12048 } 12049 if (authorization_delegate) { 12050 // Encrypt just the parameter data, not the size. 12051 std::string tmp = in_private_bytes.substr(2); 12052 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 12053 return TRUNKS_RC_ENCRYPTION_FAILED; 12054 } 12055 in_private_bytes.replace(2, std::string::npos, tmp); 12056 } 12057 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 12058 crypto::SecureHash::SHA256)); 12059 hash->Update(command_code_bytes.data(), 12060 command_code_bytes.size()); 12061 hash->Update(in_private_bytes.data(), 12062 in_private_bytes.size()); 12063 parameter_section_bytes += in_private_bytes; 12064 command_size += in_private_bytes.size(); 12065 hash->Update(in_public_bytes.data(), 12066 in_public_bytes.size()); 12067 parameter_section_bytes += in_public_bytes; 12068 command_size += in_public_bytes.size(); 12069 hash->Update(hierarchy_bytes.data(), 12070 hierarchy_bytes.size()); 12071 parameter_section_bytes += hierarchy_bytes; 12072 command_size += hierarchy_bytes.size(); 12073 std::string command_hash(32, 0); 12074 hash->Finish(string_as_array(&command_hash), command_hash.size()); 12075 std::string authorization_section_bytes; 12076 std::string authorization_size_bytes; 12077 if (authorization_delegate) { 12078 if (!authorization_delegate->GetCommandAuthorization( 12079 command_hash, 12080 is_command_parameter_encryption_possible, 12081 is_response_parameter_encryption_possible, 12082 &authorization_section_bytes)) { 12083 return TRUNKS_RC_AUTHORIZATION_FAILED; 12084 } 12085 if (!authorization_section_bytes.empty()) { 12086 tag = TPM_ST_SESSIONS; 12087 std::string tmp; 12088 rc = Serialize_UINT32(authorization_section_bytes.size(), 12089 &authorization_size_bytes); 12090 if (rc != TPM_RC_SUCCESS) { 12091 return rc; 12092 } 12093 command_size += authorization_size_bytes.size() + 12094 authorization_section_bytes.size(); 12095 } 12096 } 12097 std::string tag_bytes; 12098 rc = Serialize_TPMI_ST_COMMAND_TAG( 12099 tag, 12100 &tag_bytes); 12101 if (rc != TPM_RC_SUCCESS) { 12102 return rc; 12103 } 12104 std::string command_size_bytes; 12105 rc = Serialize_UINT32( 12106 command_size, 12107 &command_size_bytes); 12108 if (rc != TPM_RC_SUCCESS) { 12109 return rc; 12110 } 12111 *serialized_command = tag_bytes + 12112 command_size_bytes + 12113 command_code_bytes + 12114 handle_section_bytes + 12115 authorization_size_bytes + 12116 authorization_section_bytes + 12117 parameter_section_bytes; 12118 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 12119 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 12120 serialized_command->size()); 12121 return TPM_RC_SUCCESS; 12122 } 12123 12124 TPM_RC Tpm::ParseResponse_LoadExternal( 12125 const std::string& response, 12126 TPM_HANDLE* object_handle, 12127 TPM2B_NAME* name, 12128 AuthorizationDelegate* authorization_delegate) { 12129 VLOG(3) << __func__; 12130 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 12131 TPM_RC rc = TPM_RC_SUCCESS; 12132 std::string buffer(response); 12133 TPM_ST tag; 12134 std::string tag_bytes; 12135 rc = Parse_TPM_ST( 12136 &buffer, 12137 &tag, 12138 &tag_bytes); 12139 if (rc != TPM_RC_SUCCESS) { 12140 return rc; 12141 } 12142 UINT32 response_size; 12143 std::string response_size_bytes; 12144 rc = Parse_UINT32( 12145 &buffer, 12146 &response_size, 12147 &response_size_bytes); 12148 if (rc != TPM_RC_SUCCESS) { 12149 return rc; 12150 } 12151 TPM_RC response_code; 12152 std::string response_code_bytes; 12153 rc = Parse_TPM_RC( 12154 &buffer, 12155 &response_code, 12156 &response_code_bytes); 12157 if (rc != TPM_RC_SUCCESS) { 12158 return rc; 12159 } 12160 if (response_size != response.size()) { 12161 return TPM_RC_SIZE; 12162 } 12163 if (response_code != TPM_RC_SUCCESS) { 12164 return response_code; 12165 } 12166 std::string object_handle_bytes; 12167 rc = Parse_TPM_HANDLE( 12168 &buffer, 12169 object_handle, 12170 &object_handle_bytes); 12171 if (rc != TPM_RC_SUCCESS) { 12172 return rc; 12173 } 12174 TPM_CC command_code = TPM_CC_LoadExternal; 12175 std::string command_code_bytes; 12176 rc = Serialize_TPM_CC( 12177 command_code, 12178 &command_code_bytes); 12179 if (rc != TPM_RC_SUCCESS) { 12180 return rc; 12181 } 12182 std::string authorization_section_bytes; 12183 if (tag == TPM_ST_SESSIONS) { 12184 UINT32 parameter_section_size = buffer.size(); 12185 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 12186 if (rc != TPM_RC_SUCCESS) { 12187 return rc; 12188 } 12189 if (parameter_section_size > buffer.size()) { 12190 return TPM_RC_INSUFFICIENT; 12191 } 12192 authorization_section_bytes = buffer.substr(parameter_section_size); 12193 // Keep the parameter section in |buffer|. 12194 buffer.erase(parameter_section_size); 12195 } 12196 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 12197 crypto::SecureHash::SHA256)); 12198 hash->Update(response_code_bytes.data(), 12199 response_code_bytes.size()); 12200 hash->Update(command_code_bytes.data(), 12201 command_code_bytes.size()); 12202 hash->Update(buffer.data(), 12203 buffer.size()); 12204 std::string response_hash(32, 0); 12205 hash->Finish(string_as_array(&response_hash), response_hash.size()); 12206 if (tag == TPM_ST_SESSIONS) { 12207 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12208 if (!authorization_delegate->CheckResponseAuthorization( 12209 response_hash, 12210 authorization_section_bytes)) { 12211 return TRUNKS_RC_AUTHORIZATION_FAILED; 12212 } 12213 } 12214 std::string name_bytes; 12215 rc = Parse_TPM2B_NAME( 12216 &buffer, 12217 name, 12218 &name_bytes); 12219 if (rc != TPM_RC_SUCCESS) { 12220 return rc; 12221 } 12222 if (tag == TPM_ST_SESSIONS) { 12223 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12224 // Decrypt just the parameter data, not the size. 12225 std::string tmp = name_bytes.substr(2); 12226 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 12227 return TRUNKS_RC_ENCRYPTION_FAILED; 12228 } 12229 name_bytes.replace(2, std::string::npos, tmp); 12230 rc = Parse_TPM2B_NAME( 12231 &name_bytes, 12232 name, 12233 nullptr); 12234 if (rc != TPM_RC_SUCCESS) { 12235 return rc; 12236 } 12237 } 12238 return TPM_RC_SUCCESS; 12239 } 12240 12241 void LoadExternalErrorCallback( 12242 const Tpm::LoadExternalResponse& callback, 12243 TPM_RC response_code) { 12244 VLOG(1) << __func__; 12245 callback.Run(response_code, 12246 TPM_HANDLE(), 12247 TPM2B_NAME()); 12248 } 12249 12250 void LoadExternalResponseParser( 12251 const Tpm::LoadExternalResponse& callback, 12252 AuthorizationDelegate* authorization_delegate, 12253 const std::string& response) { 12254 VLOG(1) << __func__; 12255 base::Callback<void(TPM_RC)> error_reporter = 12256 base::Bind(LoadExternalErrorCallback, callback); 12257 TPM_HANDLE object_handle; 12258 TPM2B_NAME name; 12259 TPM_RC rc = Tpm::ParseResponse_LoadExternal( 12260 response, 12261 &object_handle, 12262 &name, 12263 authorization_delegate); 12264 if (rc != TPM_RC_SUCCESS) { 12265 error_reporter.Run(rc); 12266 return; 12267 } 12268 callback.Run( 12269 rc, 12270 object_handle, 12271 name); 12272 } 12273 12274 void Tpm::LoadExternal( 12275 const TPM2B_SENSITIVE& in_private, 12276 const TPM2B_PUBLIC& in_public, 12277 const TPMI_RH_HIERARCHY& hierarchy, 12278 AuthorizationDelegate* authorization_delegate, 12279 const LoadExternalResponse& callback) { 12280 VLOG(1) << __func__; 12281 base::Callback<void(TPM_RC)> error_reporter = 12282 base::Bind(LoadExternalErrorCallback, callback); 12283 base::Callback<void(const std::string&)> parser = 12284 base::Bind(LoadExternalResponseParser, 12285 callback, 12286 authorization_delegate); 12287 std::string command; 12288 TPM_RC rc = SerializeCommand_LoadExternal( 12289 in_private, 12290 in_public, 12291 hierarchy, 12292 &command, 12293 authorization_delegate); 12294 if (rc != TPM_RC_SUCCESS) { 12295 error_reporter.Run(rc); 12296 return; 12297 } 12298 transceiver_->SendCommand(command, parser); 12299 } 12300 12301 TPM_RC Tpm::LoadExternalSync( 12302 const TPM2B_SENSITIVE& in_private, 12303 const TPM2B_PUBLIC& in_public, 12304 const TPMI_RH_HIERARCHY& hierarchy, 12305 TPM_HANDLE* object_handle, 12306 TPM2B_NAME* name, 12307 AuthorizationDelegate* authorization_delegate) { 12308 VLOG(1) << __func__; 12309 std::string command; 12310 TPM_RC rc = SerializeCommand_LoadExternal( 12311 in_private, 12312 in_public, 12313 hierarchy, 12314 &command, 12315 authorization_delegate); 12316 if (rc != TPM_RC_SUCCESS) { 12317 return rc; 12318 } 12319 std::string response = transceiver_->SendCommandAndWait(command); 12320 rc = ParseResponse_LoadExternal( 12321 response, 12322 object_handle, 12323 name, 12324 authorization_delegate); 12325 return rc; 12326 } 12327 12328 TPM_RC Tpm::SerializeCommand_ReadPublic( 12329 const TPMI_DH_OBJECT& object_handle, 12330 const std::string& object_handle_name, 12331 std::string* serialized_command, 12332 AuthorizationDelegate* authorization_delegate) { 12333 VLOG(3) << __func__; 12334 TPM_RC rc = TPM_RC_SUCCESS; 12335 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 12336 UINT32 command_size = 10; // Header size. 12337 std::string handle_section_bytes; 12338 std::string parameter_section_bytes; 12339 TPM_CC command_code = TPM_CC_ReadPublic; 12340 bool is_command_parameter_encryption_possible = false; 12341 bool is_response_parameter_encryption_possible = true; 12342 std::string command_code_bytes; 12343 rc = Serialize_TPM_CC( 12344 command_code, 12345 &command_code_bytes); 12346 if (rc != TPM_RC_SUCCESS) { 12347 return rc; 12348 } 12349 std::string object_handle_bytes; 12350 rc = Serialize_TPMI_DH_OBJECT( 12351 object_handle, 12352 &object_handle_bytes); 12353 if (rc != TPM_RC_SUCCESS) { 12354 return rc; 12355 } 12356 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 12357 crypto::SecureHash::SHA256)); 12358 hash->Update(command_code_bytes.data(), 12359 command_code_bytes.size()); 12360 hash->Update(object_handle_name.data(), 12361 object_handle_name.size()); 12362 handle_section_bytes += object_handle_bytes; 12363 command_size += object_handle_bytes.size(); 12364 std::string command_hash(32, 0); 12365 hash->Finish(string_as_array(&command_hash), command_hash.size()); 12366 std::string authorization_section_bytes; 12367 std::string authorization_size_bytes; 12368 if (authorization_delegate) { 12369 if (!authorization_delegate->GetCommandAuthorization( 12370 command_hash, 12371 is_command_parameter_encryption_possible, 12372 is_response_parameter_encryption_possible, 12373 &authorization_section_bytes)) { 12374 return TRUNKS_RC_AUTHORIZATION_FAILED; 12375 } 12376 if (!authorization_section_bytes.empty()) { 12377 tag = TPM_ST_SESSIONS; 12378 std::string tmp; 12379 rc = Serialize_UINT32(authorization_section_bytes.size(), 12380 &authorization_size_bytes); 12381 if (rc != TPM_RC_SUCCESS) { 12382 return rc; 12383 } 12384 command_size += authorization_size_bytes.size() + 12385 authorization_section_bytes.size(); 12386 } 12387 } 12388 std::string tag_bytes; 12389 rc = Serialize_TPMI_ST_COMMAND_TAG( 12390 tag, 12391 &tag_bytes); 12392 if (rc != TPM_RC_SUCCESS) { 12393 return rc; 12394 } 12395 std::string command_size_bytes; 12396 rc = Serialize_UINT32( 12397 command_size, 12398 &command_size_bytes); 12399 if (rc != TPM_RC_SUCCESS) { 12400 return rc; 12401 } 12402 *serialized_command = tag_bytes + 12403 command_size_bytes + 12404 command_code_bytes + 12405 handle_section_bytes + 12406 authorization_size_bytes + 12407 authorization_section_bytes + 12408 parameter_section_bytes; 12409 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 12410 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 12411 serialized_command->size()); 12412 return TPM_RC_SUCCESS; 12413 } 12414 12415 TPM_RC Tpm::ParseResponse_ReadPublic( 12416 const std::string& response, 12417 TPM2B_PUBLIC* out_public, 12418 TPM2B_NAME* name, 12419 TPM2B_NAME* qualified_name, 12420 AuthorizationDelegate* authorization_delegate) { 12421 VLOG(3) << __func__; 12422 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 12423 TPM_RC rc = TPM_RC_SUCCESS; 12424 std::string buffer(response); 12425 TPM_ST tag; 12426 std::string tag_bytes; 12427 rc = Parse_TPM_ST( 12428 &buffer, 12429 &tag, 12430 &tag_bytes); 12431 if (rc != TPM_RC_SUCCESS) { 12432 return rc; 12433 } 12434 UINT32 response_size; 12435 std::string response_size_bytes; 12436 rc = Parse_UINT32( 12437 &buffer, 12438 &response_size, 12439 &response_size_bytes); 12440 if (rc != TPM_RC_SUCCESS) { 12441 return rc; 12442 } 12443 TPM_RC response_code; 12444 std::string response_code_bytes; 12445 rc = Parse_TPM_RC( 12446 &buffer, 12447 &response_code, 12448 &response_code_bytes); 12449 if (rc != TPM_RC_SUCCESS) { 12450 return rc; 12451 } 12452 if (response_size != response.size()) { 12453 return TPM_RC_SIZE; 12454 } 12455 if (response_code != TPM_RC_SUCCESS) { 12456 return response_code; 12457 } 12458 TPM_CC command_code = TPM_CC_ReadPublic; 12459 std::string command_code_bytes; 12460 rc = Serialize_TPM_CC( 12461 command_code, 12462 &command_code_bytes); 12463 if (rc != TPM_RC_SUCCESS) { 12464 return rc; 12465 } 12466 std::string authorization_section_bytes; 12467 if (tag == TPM_ST_SESSIONS) { 12468 UINT32 parameter_section_size = buffer.size(); 12469 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 12470 if (rc != TPM_RC_SUCCESS) { 12471 return rc; 12472 } 12473 if (parameter_section_size > buffer.size()) { 12474 return TPM_RC_INSUFFICIENT; 12475 } 12476 authorization_section_bytes = buffer.substr(parameter_section_size); 12477 // Keep the parameter section in |buffer|. 12478 buffer.erase(parameter_section_size); 12479 } 12480 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 12481 crypto::SecureHash::SHA256)); 12482 hash->Update(response_code_bytes.data(), 12483 response_code_bytes.size()); 12484 hash->Update(command_code_bytes.data(), 12485 command_code_bytes.size()); 12486 hash->Update(buffer.data(), 12487 buffer.size()); 12488 std::string response_hash(32, 0); 12489 hash->Finish(string_as_array(&response_hash), response_hash.size()); 12490 if (tag == TPM_ST_SESSIONS) { 12491 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12492 if (!authorization_delegate->CheckResponseAuthorization( 12493 response_hash, 12494 authorization_section_bytes)) { 12495 return TRUNKS_RC_AUTHORIZATION_FAILED; 12496 } 12497 } 12498 std::string out_public_bytes; 12499 rc = Parse_TPM2B_PUBLIC( 12500 &buffer, 12501 out_public, 12502 &out_public_bytes); 12503 if (rc != TPM_RC_SUCCESS) { 12504 return rc; 12505 } 12506 std::string name_bytes; 12507 rc = Parse_TPM2B_NAME( 12508 &buffer, 12509 name, 12510 &name_bytes); 12511 if (rc != TPM_RC_SUCCESS) { 12512 return rc; 12513 } 12514 std::string qualified_name_bytes; 12515 rc = Parse_TPM2B_NAME( 12516 &buffer, 12517 qualified_name, 12518 &qualified_name_bytes); 12519 if (rc != TPM_RC_SUCCESS) { 12520 return rc; 12521 } 12522 if (tag == TPM_ST_SESSIONS) { 12523 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12524 // Decrypt just the parameter data, not the size. 12525 std::string tmp = out_public_bytes.substr(2); 12526 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 12527 return TRUNKS_RC_ENCRYPTION_FAILED; 12528 } 12529 out_public_bytes.replace(2, std::string::npos, tmp); 12530 rc = Parse_TPM2B_PUBLIC( 12531 &out_public_bytes, 12532 out_public, 12533 nullptr); 12534 if (rc != TPM_RC_SUCCESS) { 12535 return rc; 12536 } 12537 } 12538 return TPM_RC_SUCCESS; 12539 } 12540 12541 void ReadPublicErrorCallback( 12542 const Tpm::ReadPublicResponse& callback, 12543 TPM_RC response_code) { 12544 VLOG(1) << __func__; 12545 callback.Run(response_code, 12546 TPM2B_PUBLIC(), 12547 TPM2B_NAME(), 12548 TPM2B_NAME()); 12549 } 12550 12551 void ReadPublicResponseParser( 12552 const Tpm::ReadPublicResponse& callback, 12553 AuthorizationDelegate* authorization_delegate, 12554 const std::string& response) { 12555 VLOG(1) << __func__; 12556 base::Callback<void(TPM_RC)> error_reporter = 12557 base::Bind(ReadPublicErrorCallback, callback); 12558 TPM2B_PUBLIC out_public; 12559 TPM2B_NAME name; 12560 TPM2B_NAME qualified_name; 12561 TPM_RC rc = Tpm::ParseResponse_ReadPublic( 12562 response, 12563 &out_public, 12564 &name, 12565 &qualified_name, 12566 authorization_delegate); 12567 if (rc != TPM_RC_SUCCESS) { 12568 error_reporter.Run(rc); 12569 return; 12570 } 12571 callback.Run( 12572 rc, 12573 out_public, 12574 name, 12575 qualified_name); 12576 } 12577 12578 void Tpm::ReadPublic( 12579 const TPMI_DH_OBJECT& object_handle, 12580 const std::string& object_handle_name, 12581 AuthorizationDelegate* authorization_delegate, 12582 const ReadPublicResponse& callback) { 12583 VLOG(1) << __func__; 12584 base::Callback<void(TPM_RC)> error_reporter = 12585 base::Bind(ReadPublicErrorCallback, callback); 12586 base::Callback<void(const std::string&)> parser = 12587 base::Bind(ReadPublicResponseParser, 12588 callback, 12589 authorization_delegate); 12590 std::string command; 12591 TPM_RC rc = SerializeCommand_ReadPublic( 12592 object_handle, 12593 object_handle_name, 12594 &command, 12595 authorization_delegate); 12596 if (rc != TPM_RC_SUCCESS) { 12597 error_reporter.Run(rc); 12598 return; 12599 } 12600 transceiver_->SendCommand(command, parser); 12601 } 12602 12603 TPM_RC Tpm::ReadPublicSync( 12604 const TPMI_DH_OBJECT& object_handle, 12605 const std::string& object_handle_name, 12606 TPM2B_PUBLIC* out_public, 12607 TPM2B_NAME* name, 12608 TPM2B_NAME* qualified_name, 12609 AuthorizationDelegate* authorization_delegate) { 12610 VLOG(1) << __func__; 12611 std::string command; 12612 TPM_RC rc = SerializeCommand_ReadPublic( 12613 object_handle, 12614 object_handle_name, 12615 &command, 12616 authorization_delegate); 12617 if (rc != TPM_RC_SUCCESS) { 12618 return rc; 12619 } 12620 std::string response = transceiver_->SendCommandAndWait(command); 12621 rc = ParseResponse_ReadPublic( 12622 response, 12623 out_public, 12624 name, 12625 qualified_name, 12626 authorization_delegate); 12627 return rc; 12628 } 12629 12630 TPM_RC Tpm::SerializeCommand_ActivateCredential( 12631 const TPMI_DH_OBJECT& activate_handle, 12632 const std::string& activate_handle_name, 12633 const TPMI_DH_OBJECT& key_handle, 12634 const std::string& key_handle_name, 12635 const TPM2B_ID_OBJECT& credential_blob, 12636 const TPM2B_ENCRYPTED_SECRET& secret, 12637 std::string* serialized_command, 12638 AuthorizationDelegate* authorization_delegate) { 12639 VLOG(3) << __func__; 12640 TPM_RC rc = TPM_RC_SUCCESS; 12641 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 12642 UINT32 command_size = 10; // Header size. 12643 std::string handle_section_bytes; 12644 std::string parameter_section_bytes; 12645 TPM_CC command_code = TPM_CC_ActivateCredential; 12646 bool is_command_parameter_encryption_possible = true; 12647 bool is_response_parameter_encryption_possible = true; 12648 std::string command_code_bytes; 12649 rc = Serialize_TPM_CC( 12650 command_code, 12651 &command_code_bytes); 12652 if (rc != TPM_RC_SUCCESS) { 12653 return rc; 12654 } 12655 std::string activate_handle_bytes; 12656 rc = Serialize_TPMI_DH_OBJECT( 12657 activate_handle, 12658 &activate_handle_bytes); 12659 if (rc != TPM_RC_SUCCESS) { 12660 return rc; 12661 } 12662 std::string key_handle_bytes; 12663 rc = Serialize_TPMI_DH_OBJECT( 12664 key_handle, 12665 &key_handle_bytes); 12666 if (rc != TPM_RC_SUCCESS) { 12667 return rc; 12668 } 12669 std::string credential_blob_bytes; 12670 rc = Serialize_TPM2B_ID_OBJECT( 12671 credential_blob, 12672 &credential_blob_bytes); 12673 if (rc != TPM_RC_SUCCESS) { 12674 return rc; 12675 } 12676 std::string secret_bytes; 12677 rc = Serialize_TPM2B_ENCRYPTED_SECRET( 12678 secret, 12679 &secret_bytes); 12680 if (rc != TPM_RC_SUCCESS) { 12681 return rc; 12682 } 12683 if (authorization_delegate) { 12684 // Encrypt just the parameter data, not the size. 12685 std::string tmp = credential_blob_bytes.substr(2); 12686 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 12687 return TRUNKS_RC_ENCRYPTION_FAILED; 12688 } 12689 credential_blob_bytes.replace(2, std::string::npos, tmp); 12690 } 12691 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 12692 crypto::SecureHash::SHA256)); 12693 hash->Update(command_code_bytes.data(), 12694 command_code_bytes.size()); 12695 hash->Update(activate_handle_name.data(), 12696 activate_handle_name.size()); 12697 handle_section_bytes += activate_handle_bytes; 12698 command_size += activate_handle_bytes.size(); 12699 hash->Update(key_handle_name.data(), 12700 key_handle_name.size()); 12701 handle_section_bytes += key_handle_bytes; 12702 command_size += key_handle_bytes.size(); 12703 hash->Update(credential_blob_bytes.data(), 12704 credential_blob_bytes.size()); 12705 parameter_section_bytes += credential_blob_bytes; 12706 command_size += credential_blob_bytes.size(); 12707 hash->Update(secret_bytes.data(), 12708 secret_bytes.size()); 12709 parameter_section_bytes += secret_bytes; 12710 command_size += secret_bytes.size(); 12711 std::string command_hash(32, 0); 12712 hash->Finish(string_as_array(&command_hash), command_hash.size()); 12713 std::string authorization_section_bytes; 12714 std::string authorization_size_bytes; 12715 if (authorization_delegate) { 12716 if (!authorization_delegate->GetCommandAuthorization( 12717 command_hash, 12718 is_command_parameter_encryption_possible, 12719 is_response_parameter_encryption_possible, 12720 &authorization_section_bytes)) { 12721 return TRUNKS_RC_AUTHORIZATION_FAILED; 12722 } 12723 if (!authorization_section_bytes.empty()) { 12724 tag = TPM_ST_SESSIONS; 12725 std::string tmp; 12726 rc = Serialize_UINT32(authorization_section_bytes.size(), 12727 &authorization_size_bytes); 12728 if (rc != TPM_RC_SUCCESS) { 12729 return rc; 12730 } 12731 command_size += authorization_size_bytes.size() + 12732 authorization_section_bytes.size(); 12733 } 12734 } 12735 std::string tag_bytes; 12736 rc = Serialize_TPMI_ST_COMMAND_TAG( 12737 tag, 12738 &tag_bytes); 12739 if (rc != TPM_RC_SUCCESS) { 12740 return rc; 12741 } 12742 std::string command_size_bytes; 12743 rc = Serialize_UINT32( 12744 command_size, 12745 &command_size_bytes); 12746 if (rc != TPM_RC_SUCCESS) { 12747 return rc; 12748 } 12749 *serialized_command = tag_bytes + 12750 command_size_bytes + 12751 command_code_bytes + 12752 handle_section_bytes + 12753 authorization_size_bytes + 12754 authorization_section_bytes + 12755 parameter_section_bytes; 12756 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 12757 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 12758 serialized_command->size()); 12759 return TPM_RC_SUCCESS; 12760 } 12761 12762 TPM_RC Tpm::ParseResponse_ActivateCredential( 12763 const std::string& response, 12764 TPM2B_DIGEST* cert_info, 12765 AuthorizationDelegate* authorization_delegate) { 12766 VLOG(3) << __func__; 12767 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 12768 TPM_RC rc = TPM_RC_SUCCESS; 12769 std::string buffer(response); 12770 TPM_ST tag; 12771 std::string tag_bytes; 12772 rc = Parse_TPM_ST( 12773 &buffer, 12774 &tag, 12775 &tag_bytes); 12776 if (rc != TPM_RC_SUCCESS) { 12777 return rc; 12778 } 12779 UINT32 response_size; 12780 std::string response_size_bytes; 12781 rc = Parse_UINT32( 12782 &buffer, 12783 &response_size, 12784 &response_size_bytes); 12785 if (rc != TPM_RC_SUCCESS) { 12786 return rc; 12787 } 12788 TPM_RC response_code; 12789 std::string response_code_bytes; 12790 rc = Parse_TPM_RC( 12791 &buffer, 12792 &response_code, 12793 &response_code_bytes); 12794 if (rc != TPM_RC_SUCCESS) { 12795 return rc; 12796 } 12797 if (response_size != response.size()) { 12798 return TPM_RC_SIZE; 12799 } 12800 if (response_code != TPM_RC_SUCCESS) { 12801 return response_code; 12802 } 12803 TPM_CC command_code = TPM_CC_ActivateCredential; 12804 std::string command_code_bytes; 12805 rc = Serialize_TPM_CC( 12806 command_code, 12807 &command_code_bytes); 12808 if (rc != TPM_RC_SUCCESS) { 12809 return rc; 12810 } 12811 std::string authorization_section_bytes; 12812 if (tag == TPM_ST_SESSIONS) { 12813 UINT32 parameter_section_size = buffer.size(); 12814 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 12815 if (rc != TPM_RC_SUCCESS) { 12816 return rc; 12817 } 12818 if (parameter_section_size > buffer.size()) { 12819 return TPM_RC_INSUFFICIENT; 12820 } 12821 authorization_section_bytes = buffer.substr(parameter_section_size); 12822 // Keep the parameter section in |buffer|. 12823 buffer.erase(parameter_section_size); 12824 } 12825 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 12826 crypto::SecureHash::SHA256)); 12827 hash->Update(response_code_bytes.data(), 12828 response_code_bytes.size()); 12829 hash->Update(command_code_bytes.data(), 12830 command_code_bytes.size()); 12831 hash->Update(buffer.data(), 12832 buffer.size()); 12833 std::string response_hash(32, 0); 12834 hash->Finish(string_as_array(&response_hash), response_hash.size()); 12835 if (tag == TPM_ST_SESSIONS) { 12836 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12837 if (!authorization_delegate->CheckResponseAuthorization( 12838 response_hash, 12839 authorization_section_bytes)) { 12840 return TRUNKS_RC_AUTHORIZATION_FAILED; 12841 } 12842 } 12843 std::string cert_info_bytes; 12844 rc = Parse_TPM2B_DIGEST( 12845 &buffer, 12846 cert_info, 12847 &cert_info_bytes); 12848 if (rc != TPM_RC_SUCCESS) { 12849 return rc; 12850 } 12851 if (tag == TPM_ST_SESSIONS) { 12852 CHECK(authorization_delegate) << "Authorization delegate missing!"; 12853 // Decrypt just the parameter data, not the size. 12854 std::string tmp = cert_info_bytes.substr(2); 12855 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 12856 return TRUNKS_RC_ENCRYPTION_FAILED; 12857 } 12858 cert_info_bytes.replace(2, std::string::npos, tmp); 12859 rc = Parse_TPM2B_DIGEST( 12860 &cert_info_bytes, 12861 cert_info, 12862 nullptr); 12863 if (rc != TPM_RC_SUCCESS) { 12864 return rc; 12865 } 12866 } 12867 return TPM_RC_SUCCESS; 12868 } 12869 12870 void ActivateCredentialErrorCallback( 12871 const Tpm::ActivateCredentialResponse& callback, 12872 TPM_RC response_code) { 12873 VLOG(1) << __func__; 12874 callback.Run(response_code, 12875 TPM2B_DIGEST()); 12876 } 12877 12878 void ActivateCredentialResponseParser( 12879 const Tpm::ActivateCredentialResponse& callback, 12880 AuthorizationDelegate* authorization_delegate, 12881 const std::string& response) { 12882 VLOG(1) << __func__; 12883 base::Callback<void(TPM_RC)> error_reporter = 12884 base::Bind(ActivateCredentialErrorCallback, callback); 12885 TPM2B_DIGEST cert_info; 12886 TPM_RC rc = Tpm::ParseResponse_ActivateCredential( 12887 response, 12888 &cert_info, 12889 authorization_delegate); 12890 if (rc != TPM_RC_SUCCESS) { 12891 error_reporter.Run(rc); 12892 return; 12893 } 12894 callback.Run( 12895 rc, 12896 cert_info); 12897 } 12898 12899 void Tpm::ActivateCredential( 12900 const TPMI_DH_OBJECT& activate_handle, 12901 const std::string& activate_handle_name, 12902 const TPMI_DH_OBJECT& key_handle, 12903 const std::string& key_handle_name, 12904 const TPM2B_ID_OBJECT& credential_blob, 12905 const TPM2B_ENCRYPTED_SECRET& secret, 12906 AuthorizationDelegate* authorization_delegate, 12907 const ActivateCredentialResponse& callback) { 12908 VLOG(1) << __func__; 12909 base::Callback<void(TPM_RC)> error_reporter = 12910 base::Bind(ActivateCredentialErrorCallback, callback); 12911 base::Callback<void(const std::string&)> parser = 12912 base::Bind(ActivateCredentialResponseParser, 12913 callback, 12914 authorization_delegate); 12915 std::string command; 12916 TPM_RC rc = SerializeCommand_ActivateCredential( 12917 activate_handle, 12918 activate_handle_name, 12919 key_handle, 12920 key_handle_name, 12921 credential_blob, 12922 secret, 12923 &command, 12924 authorization_delegate); 12925 if (rc != TPM_RC_SUCCESS) { 12926 error_reporter.Run(rc); 12927 return; 12928 } 12929 transceiver_->SendCommand(command, parser); 12930 } 12931 12932 TPM_RC Tpm::ActivateCredentialSync( 12933 const TPMI_DH_OBJECT& activate_handle, 12934 const std::string& activate_handle_name, 12935 const TPMI_DH_OBJECT& key_handle, 12936 const std::string& key_handle_name, 12937 const TPM2B_ID_OBJECT& credential_blob, 12938 const TPM2B_ENCRYPTED_SECRET& secret, 12939 TPM2B_DIGEST* cert_info, 12940 AuthorizationDelegate* authorization_delegate) { 12941 VLOG(1) << __func__; 12942 std::string command; 12943 TPM_RC rc = SerializeCommand_ActivateCredential( 12944 activate_handle, 12945 activate_handle_name, 12946 key_handle, 12947 key_handle_name, 12948 credential_blob, 12949 secret, 12950 &command, 12951 authorization_delegate); 12952 if (rc != TPM_RC_SUCCESS) { 12953 return rc; 12954 } 12955 std::string response = transceiver_->SendCommandAndWait(command); 12956 rc = ParseResponse_ActivateCredential( 12957 response, 12958 cert_info, 12959 authorization_delegate); 12960 return rc; 12961 } 12962 12963 TPM_RC Tpm::SerializeCommand_MakeCredential( 12964 const TPMI_DH_OBJECT& handle, 12965 const std::string& handle_name, 12966 const TPM2B_DIGEST& credential, 12967 const TPM2B_NAME& object_name, 12968 std::string* serialized_command, 12969 AuthorizationDelegate* authorization_delegate) { 12970 VLOG(3) << __func__; 12971 TPM_RC rc = TPM_RC_SUCCESS; 12972 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 12973 UINT32 command_size = 10; // Header size. 12974 std::string handle_section_bytes; 12975 std::string parameter_section_bytes; 12976 TPM_CC command_code = TPM_CC_MakeCredential; 12977 bool is_command_parameter_encryption_possible = true; 12978 bool is_response_parameter_encryption_possible = true; 12979 std::string command_code_bytes; 12980 rc = Serialize_TPM_CC( 12981 command_code, 12982 &command_code_bytes); 12983 if (rc != TPM_RC_SUCCESS) { 12984 return rc; 12985 } 12986 std::string handle_bytes; 12987 rc = Serialize_TPMI_DH_OBJECT( 12988 handle, 12989 &handle_bytes); 12990 if (rc != TPM_RC_SUCCESS) { 12991 return rc; 12992 } 12993 std::string credential_bytes; 12994 rc = Serialize_TPM2B_DIGEST( 12995 credential, 12996 &credential_bytes); 12997 if (rc != TPM_RC_SUCCESS) { 12998 return rc; 12999 } 13000 std::string object_name_bytes; 13001 rc = Serialize_TPM2B_NAME( 13002 object_name, 13003 &object_name_bytes); 13004 if (rc != TPM_RC_SUCCESS) { 13005 return rc; 13006 } 13007 if (authorization_delegate) { 13008 // Encrypt just the parameter data, not the size. 13009 std::string tmp = credential_bytes.substr(2); 13010 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 13011 return TRUNKS_RC_ENCRYPTION_FAILED; 13012 } 13013 credential_bytes.replace(2, std::string::npos, tmp); 13014 } 13015 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 13016 crypto::SecureHash::SHA256)); 13017 hash->Update(command_code_bytes.data(), 13018 command_code_bytes.size()); 13019 hash->Update(handle_name.data(), 13020 handle_name.size()); 13021 handle_section_bytes += handle_bytes; 13022 command_size += handle_bytes.size(); 13023 hash->Update(credential_bytes.data(), 13024 credential_bytes.size()); 13025 parameter_section_bytes += credential_bytes; 13026 command_size += credential_bytes.size(); 13027 hash->Update(object_name_bytes.data(), 13028 object_name_bytes.size()); 13029 parameter_section_bytes += object_name_bytes; 13030 command_size += object_name_bytes.size(); 13031 std::string command_hash(32, 0); 13032 hash->Finish(string_as_array(&command_hash), command_hash.size()); 13033 std::string authorization_section_bytes; 13034 std::string authorization_size_bytes; 13035 if (authorization_delegate) { 13036 if (!authorization_delegate->GetCommandAuthorization( 13037 command_hash, 13038 is_command_parameter_encryption_possible, 13039 is_response_parameter_encryption_possible, 13040 &authorization_section_bytes)) { 13041 return TRUNKS_RC_AUTHORIZATION_FAILED; 13042 } 13043 if (!authorization_section_bytes.empty()) { 13044 tag = TPM_ST_SESSIONS; 13045 std::string tmp; 13046 rc = Serialize_UINT32(authorization_section_bytes.size(), 13047 &authorization_size_bytes); 13048 if (rc != TPM_RC_SUCCESS) { 13049 return rc; 13050 } 13051 command_size += authorization_size_bytes.size() + 13052 authorization_section_bytes.size(); 13053 } 13054 } 13055 std::string tag_bytes; 13056 rc = Serialize_TPMI_ST_COMMAND_TAG( 13057 tag, 13058 &tag_bytes); 13059 if (rc != TPM_RC_SUCCESS) { 13060 return rc; 13061 } 13062 std::string command_size_bytes; 13063 rc = Serialize_UINT32( 13064 command_size, 13065 &command_size_bytes); 13066 if (rc != TPM_RC_SUCCESS) { 13067 return rc; 13068 } 13069 *serialized_command = tag_bytes + 13070 command_size_bytes + 13071 command_code_bytes + 13072 handle_section_bytes + 13073 authorization_size_bytes + 13074 authorization_section_bytes + 13075 parameter_section_bytes; 13076 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 13077 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 13078 serialized_command->size()); 13079 return TPM_RC_SUCCESS; 13080 } 13081 13082 TPM_RC Tpm::ParseResponse_MakeCredential( 13083 const std::string& response, 13084 TPM2B_ID_OBJECT* credential_blob, 13085 TPM2B_ENCRYPTED_SECRET* secret, 13086 AuthorizationDelegate* authorization_delegate) { 13087 VLOG(3) << __func__; 13088 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 13089 TPM_RC rc = TPM_RC_SUCCESS; 13090 std::string buffer(response); 13091 TPM_ST tag; 13092 std::string tag_bytes; 13093 rc = Parse_TPM_ST( 13094 &buffer, 13095 &tag, 13096 &tag_bytes); 13097 if (rc != TPM_RC_SUCCESS) { 13098 return rc; 13099 } 13100 UINT32 response_size; 13101 std::string response_size_bytes; 13102 rc = Parse_UINT32( 13103 &buffer, 13104 &response_size, 13105 &response_size_bytes); 13106 if (rc != TPM_RC_SUCCESS) { 13107 return rc; 13108 } 13109 TPM_RC response_code; 13110 std::string response_code_bytes; 13111 rc = Parse_TPM_RC( 13112 &buffer, 13113 &response_code, 13114 &response_code_bytes); 13115 if (rc != TPM_RC_SUCCESS) { 13116 return rc; 13117 } 13118 if (response_size != response.size()) { 13119 return TPM_RC_SIZE; 13120 } 13121 if (response_code != TPM_RC_SUCCESS) { 13122 return response_code; 13123 } 13124 TPM_CC command_code = TPM_CC_MakeCredential; 13125 std::string command_code_bytes; 13126 rc = Serialize_TPM_CC( 13127 command_code, 13128 &command_code_bytes); 13129 if (rc != TPM_RC_SUCCESS) { 13130 return rc; 13131 } 13132 std::string authorization_section_bytes; 13133 if (tag == TPM_ST_SESSIONS) { 13134 UINT32 parameter_section_size = buffer.size(); 13135 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 13136 if (rc != TPM_RC_SUCCESS) { 13137 return rc; 13138 } 13139 if (parameter_section_size > buffer.size()) { 13140 return TPM_RC_INSUFFICIENT; 13141 } 13142 authorization_section_bytes = buffer.substr(parameter_section_size); 13143 // Keep the parameter section in |buffer|. 13144 buffer.erase(parameter_section_size); 13145 } 13146 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 13147 crypto::SecureHash::SHA256)); 13148 hash->Update(response_code_bytes.data(), 13149 response_code_bytes.size()); 13150 hash->Update(command_code_bytes.data(), 13151 command_code_bytes.size()); 13152 hash->Update(buffer.data(), 13153 buffer.size()); 13154 std::string response_hash(32, 0); 13155 hash->Finish(string_as_array(&response_hash), response_hash.size()); 13156 if (tag == TPM_ST_SESSIONS) { 13157 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13158 if (!authorization_delegate->CheckResponseAuthorization( 13159 response_hash, 13160 authorization_section_bytes)) { 13161 return TRUNKS_RC_AUTHORIZATION_FAILED; 13162 } 13163 } 13164 std::string credential_blob_bytes; 13165 rc = Parse_TPM2B_ID_OBJECT( 13166 &buffer, 13167 credential_blob, 13168 &credential_blob_bytes); 13169 if (rc != TPM_RC_SUCCESS) { 13170 return rc; 13171 } 13172 std::string secret_bytes; 13173 rc = Parse_TPM2B_ENCRYPTED_SECRET( 13174 &buffer, 13175 secret, 13176 &secret_bytes); 13177 if (rc != TPM_RC_SUCCESS) { 13178 return rc; 13179 } 13180 if (tag == TPM_ST_SESSIONS) { 13181 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13182 // Decrypt just the parameter data, not the size. 13183 std::string tmp = credential_blob_bytes.substr(2); 13184 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 13185 return TRUNKS_RC_ENCRYPTION_FAILED; 13186 } 13187 credential_blob_bytes.replace(2, std::string::npos, tmp); 13188 rc = Parse_TPM2B_ID_OBJECT( 13189 &credential_blob_bytes, 13190 credential_blob, 13191 nullptr); 13192 if (rc != TPM_RC_SUCCESS) { 13193 return rc; 13194 } 13195 } 13196 return TPM_RC_SUCCESS; 13197 } 13198 13199 void MakeCredentialErrorCallback( 13200 const Tpm::MakeCredentialResponse& callback, 13201 TPM_RC response_code) { 13202 VLOG(1) << __func__; 13203 callback.Run(response_code, 13204 TPM2B_ID_OBJECT(), 13205 TPM2B_ENCRYPTED_SECRET()); 13206 } 13207 13208 void MakeCredentialResponseParser( 13209 const Tpm::MakeCredentialResponse& callback, 13210 AuthorizationDelegate* authorization_delegate, 13211 const std::string& response) { 13212 VLOG(1) << __func__; 13213 base::Callback<void(TPM_RC)> error_reporter = 13214 base::Bind(MakeCredentialErrorCallback, callback); 13215 TPM2B_ID_OBJECT credential_blob; 13216 TPM2B_ENCRYPTED_SECRET secret; 13217 TPM_RC rc = Tpm::ParseResponse_MakeCredential( 13218 response, 13219 &credential_blob, 13220 &secret, 13221 authorization_delegate); 13222 if (rc != TPM_RC_SUCCESS) { 13223 error_reporter.Run(rc); 13224 return; 13225 } 13226 callback.Run( 13227 rc, 13228 credential_blob, 13229 secret); 13230 } 13231 13232 void Tpm::MakeCredential( 13233 const TPMI_DH_OBJECT& handle, 13234 const std::string& handle_name, 13235 const TPM2B_DIGEST& credential, 13236 const TPM2B_NAME& object_name, 13237 AuthorizationDelegate* authorization_delegate, 13238 const MakeCredentialResponse& callback) { 13239 VLOG(1) << __func__; 13240 base::Callback<void(TPM_RC)> error_reporter = 13241 base::Bind(MakeCredentialErrorCallback, callback); 13242 base::Callback<void(const std::string&)> parser = 13243 base::Bind(MakeCredentialResponseParser, 13244 callback, 13245 authorization_delegate); 13246 std::string command; 13247 TPM_RC rc = SerializeCommand_MakeCredential( 13248 handle, 13249 handle_name, 13250 credential, 13251 object_name, 13252 &command, 13253 authorization_delegate); 13254 if (rc != TPM_RC_SUCCESS) { 13255 error_reporter.Run(rc); 13256 return; 13257 } 13258 transceiver_->SendCommand(command, parser); 13259 } 13260 13261 TPM_RC Tpm::MakeCredentialSync( 13262 const TPMI_DH_OBJECT& handle, 13263 const std::string& handle_name, 13264 const TPM2B_DIGEST& credential, 13265 const TPM2B_NAME& object_name, 13266 TPM2B_ID_OBJECT* credential_blob, 13267 TPM2B_ENCRYPTED_SECRET* secret, 13268 AuthorizationDelegate* authorization_delegate) { 13269 VLOG(1) << __func__; 13270 std::string command; 13271 TPM_RC rc = SerializeCommand_MakeCredential( 13272 handle, 13273 handle_name, 13274 credential, 13275 object_name, 13276 &command, 13277 authorization_delegate); 13278 if (rc != TPM_RC_SUCCESS) { 13279 return rc; 13280 } 13281 std::string response = transceiver_->SendCommandAndWait(command); 13282 rc = ParseResponse_MakeCredential( 13283 response, 13284 credential_blob, 13285 secret, 13286 authorization_delegate); 13287 return rc; 13288 } 13289 13290 TPM_RC Tpm::SerializeCommand_Unseal( 13291 const TPMI_DH_OBJECT& item_handle, 13292 const std::string& item_handle_name, 13293 std::string* serialized_command, 13294 AuthorizationDelegate* authorization_delegate) { 13295 VLOG(3) << __func__; 13296 TPM_RC rc = TPM_RC_SUCCESS; 13297 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 13298 UINT32 command_size = 10; // Header size. 13299 std::string handle_section_bytes; 13300 std::string parameter_section_bytes; 13301 TPM_CC command_code = TPM_CC_Unseal; 13302 bool is_command_parameter_encryption_possible = false; 13303 bool is_response_parameter_encryption_possible = true; 13304 std::string command_code_bytes; 13305 rc = Serialize_TPM_CC( 13306 command_code, 13307 &command_code_bytes); 13308 if (rc != TPM_RC_SUCCESS) { 13309 return rc; 13310 } 13311 std::string item_handle_bytes; 13312 rc = Serialize_TPMI_DH_OBJECT( 13313 item_handle, 13314 &item_handle_bytes); 13315 if (rc != TPM_RC_SUCCESS) { 13316 return rc; 13317 } 13318 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 13319 crypto::SecureHash::SHA256)); 13320 hash->Update(command_code_bytes.data(), 13321 command_code_bytes.size()); 13322 hash->Update(item_handle_name.data(), 13323 item_handle_name.size()); 13324 handle_section_bytes += item_handle_bytes; 13325 command_size += item_handle_bytes.size(); 13326 std::string command_hash(32, 0); 13327 hash->Finish(string_as_array(&command_hash), command_hash.size()); 13328 std::string authorization_section_bytes; 13329 std::string authorization_size_bytes; 13330 if (authorization_delegate) { 13331 if (!authorization_delegate->GetCommandAuthorization( 13332 command_hash, 13333 is_command_parameter_encryption_possible, 13334 is_response_parameter_encryption_possible, 13335 &authorization_section_bytes)) { 13336 return TRUNKS_RC_AUTHORIZATION_FAILED; 13337 } 13338 if (!authorization_section_bytes.empty()) { 13339 tag = TPM_ST_SESSIONS; 13340 std::string tmp; 13341 rc = Serialize_UINT32(authorization_section_bytes.size(), 13342 &authorization_size_bytes); 13343 if (rc != TPM_RC_SUCCESS) { 13344 return rc; 13345 } 13346 command_size += authorization_size_bytes.size() + 13347 authorization_section_bytes.size(); 13348 } 13349 } 13350 std::string tag_bytes; 13351 rc = Serialize_TPMI_ST_COMMAND_TAG( 13352 tag, 13353 &tag_bytes); 13354 if (rc != TPM_RC_SUCCESS) { 13355 return rc; 13356 } 13357 std::string command_size_bytes; 13358 rc = Serialize_UINT32( 13359 command_size, 13360 &command_size_bytes); 13361 if (rc != TPM_RC_SUCCESS) { 13362 return rc; 13363 } 13364 *serialized_command = tag_bytes + 13365 command_size_bytes + 13366 command_code_bytes + 13367 handle_section_bytes + 13368 authorization_size_bytes + 13369 authorization_section_bytes + 13370 parameter_section_bytes; 13371 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 13372 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 13373 serialized_command->size()); 13374 return TPM_RC_SUCCESS; 13375 } 13376 13377 TPM_RC Tpm::ParseResponse_Unseal( 13378 const std::string& response, 13379 TPM2B_SENSITIVE_DATA* out_data, 13380 AuthorizationDelegate* authorization_delegate) { 13381 VLOG(3) << __func__; 13382 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 13383 TPM_RC rc = TPM_RC_SUCCESS; 13384 std::string buffer(response); 13385 TPM_ST tag; 13386 std::string tag_bytes; 13387 rc = Parse_TPM_ST( 13388 &buffer, 13389 &tag, 13390 &tag_bytes); 13391 if (rc != TPM_RC_SUCCESS) { 13392 return rc; 13393 } 13394 UINT32 response_size; 13395 std::string response_size_bytes; 13396 rc = Parse_UINT32( 13397 &buffer, 13398 &response_size, 13399 &response_size_bytes); 13400 if (rc != TPM_RC_SUCCESS) { 13401 return rc; 13402 } 13403 TPM_RC response_code; 13404 std::string response_code_bytes; 13405 rc = Parse_TPM_RC( 13406 &buffer, 13407 &response_code, 13408 &response_code_bytes); 13409 if (rc != TPM_RC_SUCCESS) { 13410 return rc; 13411 } 13412 if (response_size != response.size()) { 13413 return TPM_RC_SIZE; 13414 } 13415 if (response_code != TPM_RC_SUCCESS) { 13416 return response_code; 13417 } 13418 TPM_CC command_code = TPM_CC_Unseal; 13419 std::string command_code_bytes; 13420 rc = Serialize_TPM_CC( 13421 command_code, 13422 &command_code_bytes); 13423 if (rc != TPM_RC_SUCCESS) { 13424 return rc; 13425 } 13426 std::string authorization_section_bytes; 13427 if (tag == TPM_ST_SESSIONS) { 13428 UINT32 parameter_section_size = buffer.size(); 13429 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 13430 if (rc != TPM_RC_SUCCESS) { 13431 return rc; 13432 } 13433 if (parameter_section_size > buffer.size()) { 13434 return TPM_RC_INSUFFICIENT; 13435 } 13436 authorization_section_bytes = buffer.substr(parameter_section_size); 13437 // Keep the parameter section in |buffer|. 13438 buffer.erase(parameter_section_size); 13439 } 13440 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 13441 crypto::SecureHash::SHA256)); 13442 hash->Update(response_code_bytes.data(), 13443 response_code_bytes.size()); 13444 hash->Update(command_code_bytes.data(), 13445 command_code_bytes.size()); 13446 hash->Update(buffer.data(), 13447 buffer.size()); 13448 std::string response_hash(32, 0); 13449 hash->Finish(string_as_array(&response_hash), response_hash.size()); 13450 if (tag == TPM_ST_SESSIONS) { 13451 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13452 if (!authorization_delegate->CheckResponseAuthorization( 13453 response_hash, 13454 authorization_section_bytes)) { 13455 return TRUNKS_RC_AUTHORIZATION_FAILED; 13456 } 13457 } 13458 std::string out_data_bytes; 13459 rc = Parse_TPM2B_SENSITIVE_DATA( 13460 &buffer, 13461 out_data, 13462 &out_data_bytes); 13463 if (rc != TPM_RC_SUCCESS) { 13464 return rc; 13465 } 13466 if (tag == TPM_ST_SESSIONS) { 13467 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13468 // Decrypt just the parameter data, not the size. 13469 std::string tmp = out_data_bytes.substr(2); 13470 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 13471 return TRUNKS_RC_ENCRYPTION_FAILED; 13472 } 13473 out_data_bytes.replace(2, std::string::npos, tmp); 13474 rc = Parse_TPM2B_SENSITIVE_DATA( 13475 &out_data_bytes, 13476 out_data, 13477 nullptr); 13478 if (rc != TPM_RC_SUCCESS) { 13479 return rc; 13480 } 13481 } 13482 return TPM_RC_SUCCESS; 13483 } 13484 13485 void UnsealErrorCallback( 13486 const Tpm::UnsealResponse& callback, 13487 TPM_RC response_code) { 13488 VLOG(1) << __func__; 13489 callback.Run(response_code, 13490 TPM2B_SENSITIVE_DATA()); 13491 } 13492 13493 void UnsealResponseParser( 13494 const Tpm::UnsealResponse& callback, 13495 AuthorizationDelegate* authorization_delegate, 13496 const std::string& response) { 13497 VLOG(1) << __func__; 13498 base::Callback<void(TPM_RC)> error_reporter = 13499 base::Bind(UnsealErrorCallback, callback); 13500 TPM2B_SENSITIVE_DATA out_data; 13501 TPM_RC rc = Tpm::ParseResponse_Unseal( 13502 response, 13503 &out_data, 13504 authorization_delegate); 13505 if (rc != TPM_RC_SUCCESS) { 13506 error_reporter.Run(rc); 13507 return; 13508 } 13509 callback.Run( 13510 rc, 13511 out_data); 13512 } 13513 13514 void Tpm::Unseal( 13515 const TPMI_DH_OBJECT& item_handle, 13516 const std::string& item_handle_name, 13517 AuthorizationDelegate* authorization_delegate, 13518 const UnsealResponse& callback) { 13519 VLOG(1) << __func__; 13520 base::Callback<void(TPM_RC)> error_reporter = 13521 base::Bind(UnsealErrorCallback, callback); 13522 base::Callback<void(const std::string&)> parser = 13523 base::Bind(UnsealResponseParser, 13524 callback, 13525 authorization_delegate); 13526 std::string command; 13527 TPM_RC rc = SerializeCommand_Unseal( 13528 item_handle, 13529 item_handle_name, 13530 &command, 13531 authorization_delegate); 13532 if (rc != TPM_RC_SUCCESS) { 13533 error_reporter.Run(rc); 13534 return; 13535 } 13536 transceiver_->SendCommand(command, parser); 13537 } 13538 13539 TPM_RC Tpm::UnsealSync( 13540 const TPMI_DH_OBJECT& item_handle, 13541 const std::string& item_handle_name, 13542 TPM2B_SENSITIVE_DATA* out_data, 13543 AuthorizationDelegate* authorization_delegate) { 13544 VLOG(1) << __func__; 13545 std::string command; 13546 TPM_RC rc = SerializeCommand_Unseal( 13547 item_handle, 13548 item_handle_name, 13549 &command, 13550 authorization_delegate); 13551 if (rc != TPM_RC_SUCCESS) { 13552 return rc; 13553 } 13554 std::string response = transceiver_->SendCommandAndWait(command); 13555 rc = ParseResponse_Unseal( 13556 response, 13557 out_data, 13558 authorization_delegate); 13559 return rc; 13560 } 13561 13562 TPM_RC Tpm::SerializeCommand_ObjectChangeAuth( 13563 const TPMI_DH_OBJECT& object_handle, 13564 const std::string& object_handle_name, 13565 const TPMI_DH_OBJECT& parent_handle, 13566 const std::string& parent_handle_name, 13567 const TPM2B_AUTH& new_auth, 13568 std::string* serialized_command, 13569 AuthorizationDelegate* authorization_delegate) { 13570 VLOG(3) << __func__; 13571 TPM_RC rc = TPM_RC_SUCCESS; 13572 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 13573 UINT32 command_size = 10; // Header size. 13574 std::string handle_section_bytes; 13575 std::string parameter_section_bytes; 13576 TPM_CC command_code = TPM_CC_ObjectChangeAuth; 13577 bool is_command_parameter_encryption_possible = true; 13578 bool is_response_parameter_encryption_possible = true; 13579 std::string command_code_bytes; 13580 rc = Serialize_TPM_CC( 13581 command_code, 13582 &command_code_bytes); 13583 if (rc != TPM_RC_SUCCESS) { 13584 return rc; 13585 } 13586 std::string object_handle_bytes; 13587 rc = Serialize_TPMI_DH_OBJECT( 13588 object_handle, 13589 &object_handle_bytes); 13590 if (rc != TPM_RC_SUCCESS) { 13591 return rc; 13592 } 13593 std::string parent_handle_bytes; 13594 rc = Serialize_TPMI_DH_OBJECT( 13595 parent_handle, 13596 &parent_handle_bytes); 13597 if (rc != TPM_RC_SUCCESS) { 13598 return rc; 13599 } 13600 std::string new_auth_bytes; 13601 rc = Serialize_TPM2B_AUTH( 13602 new_auth, 13603 &new_auth_bytes); 13604 if (rc != TPM_RC_SUCCESS) { 13605 return rc; 13606 } 13607 if (authorization_delegate) { 13608 // Encrypt just the parameter data, not the size. 13609 std::string tmp = new_auth_bytes.substr(2); 13610 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 13611 return TRUNKS_RC_ENCRYPTION_FAILED; 13612 } 13613 new_auth_bytes.replace(2, std::string::npos, tmp); 13614 } 13615 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 13616 crypto::SecureHash::SHA256)); 13617 hash->Update(command_code_bytes.data(), 13618 command_code_bytes.size()); 13619 hash->Update(object_handle_name.data(), 13620 object_handle_name.size()); 13621 handle_section_bytes += object_handle_bytes; 13622 command_size += object_handle_bytes.size(); 13623 hash->Update(parent_handle_name.data(), 13624 parent_handle_name.size()); 13625 handle_section_bytes += parent_handle_bytes; 13626 command_size += parent_handle_bytes.size(); 13627 hash->Update(new_auth_bytes.data(), 13628 new_auth_bytes.size()); 13629 parameter_section_bytes += new_auth_bytes; 13630 command_size += new_auth_bytes.size(); 13631 std::string command_hash(32, 0); 13632 hash->Finish(string_as_array(&command_hash), command_hash.size()); 13633 std::string authorization_section_bytes; 13634 std::string authorization_size_bytes; 13635 if (authorization_delegate) { 13636 if (!authorization_delegate->GetCommandAuthorization( 13637 command_hash, 13638 is_command_parameter_encryption_possible, 13639 is_response_parameter_encryption_possible, 13640 &authorization_section_bytes)) { 13641 return TRUNKS_RC_AUTHORIZATION_FAILED; 13642 } 13643 if (!authorization_section_bytes.empty()) { 13644 tag = TPM_ST_SESSIONS; 13645 std::string tmp; 13646 rc = Serialize_UINT32(authorization_section_bytes.size(), 13647 &authorization_size_bytes); 13648 if (rc != TPM_RC_SUCCESS) { 13649 return rc; 13650 } 13651 command_size += authorization_size_bytes.size() + 13652 authorization_section_bytes.size(); 13653 } 13654 } 13655 std::string tag_bytes; 13656 rc = Serialize_TPMI_ST_COMMAND_TAG( 13657 tag, 13658 &tag_bytes); 13659 if (rc != TPM_RC_SUCCESS) { 13660 return rc; 13661 } 13662 std::string command_size_bytes; 13663 rc = Serialize_UINT32( 13664 command_size, 13665 &command_size_bytes); 13666 if (rc != TPM_RC_SUCCESS) { 13667 return rc; 13668 } 13669 *serialized_command = tag_bytes + 13670 command_size_bytes + 13671 command_code_bytes + 13672 handle_section_bytes + 13673 authorization_size_bytes + 13674 authorization_section_bytes + 13675 parameter_section_bytes; 13676 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 13677 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 13678 serialized_command->size()); 13679 return TPM_RC_SUCCESS; 13680 } 13681 13682 TPM_RC Tpm::ParseResponse_ObjectChangeAuth( 13683 const std::string& response, 13684 TPM2B_PRIVATE* out_private, 13685 AuthorizationDelegate* authorization_delegate) { 13686 VLOG(3) << __func__; 13687 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 13688 TPM_RC rc = TPM_RC_SUCCESS; 13689 std::string buffer(response); 13690 TPM_ST tag; 13691 std::string tag_bytes; 13692 rc = Parse_TPM_ST( 13693 &buffer, 13694 &tag, 13695 &tag_bytes); 13696 if (rc != TPM_RC_SUCCESS) { 13697 return rc; 13698 } 13699 UINT32 response_size; 13700 std::string response_size_bytes; 13701 rc = Parse_UINT32( 13702 &buffer, 13703 &response_size, 13704 &response_size_bytes); 13705 if (rc != TPM_RC_SUCCESS) { 13706 return rc; 13707 } 13708 TPM_RC response_code; 13709 std::string response_code_bytes; 13710 rc = Parse_TPM_RC( 13711 &buffer, 13712 &response_code, 13713 &response_code_bytes); 13714 if (rc != TPM_RC_SUCCESS) { 13715 return rc; 13716 } 13717 if (response_size != response.size()) { 13718 return TPM_RC_SIZE; 13719 } 13720 if (response_code != TPM_RC_SUCCESS) { 13721 return response_code; 13722 } 13723 TPM_CC command_code = TPM_CC_ObjectChangeAuth; 13724 std::string command_code_bytes; 13725 rc = Serialize_TPM_CC( 13726 command_code, 13727 &command_code_bytes); 13728 if (rc != TPM_RC_SUCCESS) { 13729 return rc; 13730 } 13731 std::string authorization_section_bytes; 13732 if (tag == TPM_ST_SESSIONS) { 13733 UINT32 parameter_section_size = buffer.size(); 13734 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 13735 if (rc != TPM_RC_SUCCESS) { 13736 return rc; 13737 } 13738 if (parameter_section_size > buffer.size()) { 13739 return TPM_RC_INSUFFICIENT; 13740 } 13741 authorization_section_bytes = buffer.substr(parameter_section_size); 13742 // Keep the parameter section in |buffer|. 13743 buffer.erase(parameter_section_size); 13744 } 13745 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 13746 crypto::SecureHash::SHA256)); 13747 hash->Update(response_code_bytes.data(), 13748 response_code_bytes.size()); 13749 hash->Update(command_code_bytes.data(), 13750 command_code_bytes.size()); 13751 hash->Update(buffer.data(), 13752 buffer.size()); 13753 std::string response_hash(32, 0); 13754 hash->Finish(string_as_array(&response_hash), response_hash.size()); 13755 if (tag == TPM_ST_SESSIONS) { 13756 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13757 if (!authorization_delegate->CheckResponseAuthorization( 13758 response_hash, 13759 authorization_section_bytes)) { 13760 return TRUNKS_RC_AUTHORIZATION_FAILED; 13761 } 13762 } 13763 std::string out_private_bytes; 13764 rc = Parse_TPM2B_PRIVATE( 13765 &buffer, 13766 out_private, 13767 &out_private_bytes); 13768 if (rc != TPM_RC_SUCCESS) { 13769 return rc; 13770 } 13771 if (tag == TPM_ST_SESSIONS) { 13772 CHECK(authorization_delegate) << "Authorization delegate missing!"; 13773 // Decrypt just the parameter data, not the size. 13774 std::string tmp = out_private_bytes.substr(2); 13775 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 13776 return TRUNKS_RC_ENCRYPTION_FAILED; 13777 } 13778 out_private_bytes.replace(2, std::string::npos, tmp); 13779 rc = Parse_TPM2B_PRIVATE( 13780 &out_private_bytes, 13781 out_private, 13782 nullptr); 13783 if (rc != TPM_RC_SUCCESS) { 13784 return rc; 13785 } 13786 } 13787 return TPM_RC_SUCCESS; 13788 } 13789 13790 void ObjectChangeAuthErrorCallback( 13791 const Tpm::ObjectChangeAuthResponse& callback, 13792 TPM_RC response_code) { 13793 VLOG(1) << __func__; 13794 callback.Run(response_code, 13795 TPM2B_PRIVATE()); 13796 } 13797 13798 void ObjectChangeAuthResponseParser( 13799 const Tpm::ObjectChangeAuthResponse& callback, 13800 AuthorizationDelegate* authorization_delegate, 13801 const std::string& response) { 13802 VLOG(1) << __func__; 13803 base::Callback<void(TPM_RC)> error_reporter = 13804 base::Bind(ObjectChangeAuthErrorCallback, callback); 13805 TPM2B_PRIVATE out_private; 13806 TPM_RC rc = Tpm::ParseResponse_ObjectChangeAuth( 13807 response, 13808 &out_private, 13809 authorization_delegate); 13810 if (rc != TPM_RC_SUCCESS) { 13811 error_reporter.Run(rc); 13812 return; 13813 } 13814 callback.Run( 13815 rc, 13816 out_private); 13817 } 13818 13819 void Tpm::ObjectChangeAuth( 13820 const TPMI_DH_OBJECT& object_handle, 13821 const std::string& object_handle_name, 13822 const TPMI_DH_OBJECT& parent_handle, 13823 const std::string& parent_handle_name, 13824 const TPM2B_AUTH& new_auth, 13825 AuthorizationDelegate* authorization_delegate, 13826 const ObjectChangeAuthResponse& callback) { 13827 VLOG(1) << __func__; 13828 base::Callback<void(TPM_RC)> error_reporter = 13829 base::Bind(ObjectChangeAuthErrorCallback, callback); 13830 base::Callback<void(const std::string&)> parser = 13831 base::Bind(ObjectChangeAuthResponseParser, 13832 callback, 13833 authorization_delegate); 13834 std::string command; 13835 TPM_RC rc = SerializeCommand_ObjectChangeAuth( 13836 object_handle, 13837 object_handle_name, 13838 parent_handle, 13839 parent_handle_name, 13840 new_auth, 13841 &command, 13842 authorization_delegate); 13843 if (rc != TPM_RC_SUCCESS) { 13844 error_reporter.Run(rc); 13845 return; 13846 } 13847 transceiver_->SendCommand(command, parser); 13848 } 13849 13850 TPM_RC Tpm::ObjectChangeAuthSync( 13851 const TPMI_DH_OBJECT& object_handle, 13852 const std::string& object_handle_name, 13853 const TPMI_DH_OBJECT& parent_handle, 13854 const std::string& parent_handle_name, 13855 const TPM2B_AUTH& new_auth, 13856 TPM2B_PRIVATE* out_private, 13857 AuthorizationDelegate* authorization_delegate) { 13858 VLOG(1) << __func__; 13859 std::string command; 13860 TPM_RC rc = SerializeCommand_ObjectChangeAuth( 13861 object_handle, 13862 object_handle_name, 13863 parent_handle, 13864 parent_handle_name, 13865 new_auth, 13866 &command, 13867 authorization_delegate); 13868 if (rc != TPM_RC_SUCCESS) { 13869 return rc; 13870 } 13871 std::string response = transceiver_->SendCommandAndWait(command); 13872 rc = ParseResponse_ObjectChangeAuth( 13873 response, 13874 out_private, 13875 authorization_delegate); 13876 return rc; 13877 } 13878 13879 TPM_RC Tpm::SerializeCommand_Duplicate( 13880 const TPMI_DH_OBJECT& object_handle, 13881 const std::string& object_handle_name, 13882 const TPMI_DH_OBJECT& new_parent_handle, 13883 const std::string& new_parent_handle_name, 13884 const TPM2B_DATA& encryption_key_in, 13885 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 13886 std::string* serialized_command, 13887 AuthorizationDelegate* authorization_delegate) { 13888 VLOG(3) << __func__; 13889 TPM_RC rc = TPM_RC_SUCCESS; 13890 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 13891 UINT32 command_size = 10; // Header size. 13892 std::string handle_section_bytes; 13893 std::string parameter_section_bytes; 13894 TPM_CC command_code = TPM_CC_Duplicate; 13895 bool is_command_parameter_encryption_possible = true; 13896 bool is_response_parameter_encryption_possible = true; 13897 std::string command_code_bytes; 13898 rc = Serialize_TPM_CC( 13899 command_code, 13900 &command_code_bytes); 13901 if (rc != TPM_RC_SUCCESS) { 13902 return rc; 13903 } 13904 std::string object_handle_bytes; 13905 rc = Serialize_TPMI_DH_OBJECT( 13906 object_handle, 13907 &object_handle_bytes); 13908 if (rc != TPM_RC_SUCCESS) { 13909 return rc; 13910 } 13911 std::string new_parent_handle_bytes; 13912 rc = Serialize_TPMI_DH_OBJECT( 13913 new_parent_handle, 13914 &new_parent_handle_bytes); 13915 if (rc != TPM_RC_SUCCESS) { 13916 return rc; 13917 } 13918 std::string encryption_key_in_bytes; 13919 rc = Serialize_TPM2B_DATA( 13920 encryption_key_in, 13921 &encryption_key_in_bytes); 13922 if (rc != TPM_RC_SUCCESS) { 13923 return rc; 13924 } 13925 std::string symmetric_alg_bytes; 13926 rc = Serialize_TPMT_SYM_DEF_OBJECT( 13927 symmetric_alg, 13928 &symmetric_alg_bytes); 13929 if (rc != TPM_RC_SUCCESS) { 13930 return rc; 13931 } 13932 if (authorization_delegate) { 13933 // Encrypt just the parameter data, not the size. 13934 std::string tmp = encryption_key_in_bytes.substr(2); 13935 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 13936 return TRUNKS_RC_ENCRYPTION_FAILED; 13937 } 13938 encryption_key_in_bytes.replace(2, std::string::npos, tmp); 13939 } 13940 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 13941 crypto::SecureHash::SHA256)); 13942 hash->Update(command_code_bytes.data(), 13943 command_code_bytes.size()); 13944 hash->Update(object_handle_name.data(), 13945 object_handle_name.size()); 13946 handle_section_bytes += object_handle_bytes; 13947 command_size += object_handle_bytes.size(); 13948 hash->Update(new_parent_handle_name.data(), 13949 new_parent_handle_name.size()); 13950 handle_section_bytes += new_parent_handle_bytes; 13951 command_size += new_parent_handle_bytes.size(); 13952 hash->Update(encryption_key_in_bytes.data(), 13953 encryption_key_in_bytes.size()); 13954 parameter_section_bytes += encryption_key_in_bytes; 13955 command_size += encryption_key_in_bytes.size(); 13956 hash->Update(symmetric_alg_bytes.data(), 13957 symmetric_alg_bytes.size()); 13958 parameter_section_bytes += symmetric_alg_bytes; 13959 command_size += symmetric_alg_bytes.size(); 13960 std::string command_hash(32, 0); 13961 hash->Finish(string_as_array(&command_hash), command_hash.size()); 13962 std::string authorization_section_bytes; 13963 std::string authorization_size_bytes; 13964 if (authorization_delegate) { 13965 if (!authorization_delegate->GetCommandAuthorization( 13966 command_hash, 13967 is_command_parameter_encryption_possible, 13968 is_response_parameter_encryption_possible, 13969 &authorization_section_bytes)) { 13970 return TRUNKS_RC_AUTHORIZATION_FAILED; 13971 } 13972 if (!authorization_section_bytes.empty()) { 13973 tag = TPM_ST_SESSIONS; 13974 std::string tmp; 13975 rc = Serialize_UINT32(authorization_section_bytes.size(), 13976 &authorization_size_bytes); 13977 if (rc != TPM_RC_SUCCESS) { 13978 return rc; 13979 } 13980 command_size += authorization_size_bytes.size() + 13981 authorization_section_bytes.size(); 13982 } 13983 } 13984 std::string tag_bytes; 13985 rc = Serialize_TPMI_ST_COMMAND_TAG( 13986 tag, 13987 &tag_bytes); 13988 if (rc != TPM_RC_SUCCESS) { 13989 return rc; 13990 } 13991 std::string command_size_bytes; 13992 rc = Serialize_UINT32( 13993 command_size, 13994 &command_size_bytes); 13995 if (rc != TPM_RC_SUCCESS) { 13996 return rc; 13997 } 13998 *serialized_command = tag_bytes + 13999 command_size_bytes + 14000 command_code_bytes + 14001 handle_section_bytes + 14002 authorization_size_bytes + 14003 authorization_section_bytes + 14004 parameter_section_bytes; 14005 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 14006 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 14007 serialized_command->size()); 14008 return TPM_RC_SUCCESS; 14009 } 14010 14011 TPM_RC Tpm::ParseResponse_Duplicate( 14012 const std::string& response, 14013 TPM2B_DATA* encryption_key_out, 14014 TPM2B_PRIVATE* duplicate, 14015 TPM2B_ENCRYPTED_SECRET* out_sym_seed, 14016 AuthorizationDelegate* authorization_delegate) { 14017 VLOG(3) << __func__; 14018 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 14019 TPM_RC rc = TPM_RC_SUCCESS; 14020 std::string buffer(response); 14021 TPM_ST tag; 14022 std::string tag_bytes; 14023 rc = Parse_TPM_ST( 14024 &buffer, 14025 &tag, 14026 &tag_bytes); 14027 if (rc != TPM_RC_SUCCESS) { 14028 return rc; 14029 } 14030 UINT32 response_size; 14031 std::string response_size_bytes; 14032 rc = Parse_UINT32( 14033 &buffer, 14034 &response_size, 14035 &response_size_bytes); 14036 if (rc != TPM_RC_SUCCESS) { 14037 return rc; 14038 } 14039 TPM_RC response_code; 14040 std::string response_code_bytes; 14041 rc = Parse_TPM_RC( 14042 &buffer, 14043 &response_code, 14044 &response_code_bytes); 14045 if (rc != TPM_RC_SUCCESS) { 14046 return rc; 14047 } 14048 if (response_size != response.size()) { 14049 return TPM_RC_SIZE; 14050 } 14051 if (response_code != TPM_RC_SUCCESS) { 14052 return response_code; 14053 } 14054 TPM_CC command_code = TPM_CC_Duplicate; 14055 std::string command_code_bytes; 14056 rc = Serialize_TPM_CC( 14057 command_code, 14058 &command_code_bytes); 14059 if (rc != TPM_RC_SUCCESS) { 14060 return rc; 14061 } 14062 std::string authorization_section_bytes; 14063 if (tag == TPM_ST_SESSIONS) { 14064 UINT32 parameter_section_size = buffer.size(); 14065 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 14066 if (rc != TPM_RC_SUCCESS) { 14067 return rc; 14068 } 14069 if (parameter_section_size > buffer.size()) { 14070 return TPM_RC_INSUFFICIENT; 14071 } 14072 authorization_section_bytes = buffer.substr(parameter_section_size); 14073 // Keep the parameter section in |buffer|. 14074 buffer.erase(parameter_section_size); 14075 } 14076 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 14077 crypto::SecureHash::SHA256)); 14078 hash->Update(response_code_bytes.data(), 14079 response_code_bytes.size()); 14080 hash->Update(command_code_bytes.data(), 14081 command_code_bytes.size()); 14082 hash->Update(buffer.data(), 14083 buffer.size()); 14084 std::string response_hash(32, 0); 14085 hash->Finish(string_as_array(&response_hash), response_hash.size()); 14086 if (tag == TPM_ST_SESSIONS) { 14087 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14088 if (!authorization_delegate->CheckResponseAuthorization( 14089 response_hash, 14090 authorization_section_bytes)) { 14091 return TRUNKS_RC_AUTHORIZATION_FAILED; 14092 } 14093 } 14094 std::string encryption_key_out_bytes; 14095 rc = Parse_TPM2B_DATA( 14096 &buffer, 14097 encryption_key_out, 14098 &encryption_key_out_bytes); 14099 if (rc != TPM_RC_SUCCESS) { 14100 return rc; 14101 } 14102 std::string duplicate_bytes; 14103 rc = Parse_TPM2B_PRIVATE( 14104 &buffer, 14105 duplicate, 14106 &duplicate_bytes); 14107 if (rc != TPM_RC_SUCCESS) { 14108 return rc; 14109 } 14110 std::string out_sym_seed_bytes; 14111 rc = Parse_TPM2B_ENCRYPTED_SECRET( 14112 &buffer, 14113 out_sym_seed, 14114 &out_sym_seed_bytes); 14115 if (rc != TPM_RC_SUCCESS) { 14116 return rc; 14117 } 14118 if (tag == TPM_ST_SESSIONS) { 14119 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14120 // Decrypt just the parameter data, not the size. 14121 std::string tmp = encryption_key_out_bytes.substr(2); 14122 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 14123 return TRUNKS_RC_ENCRYPTION_FAILED; 14124 } 14125 encryption_key_out_bytes.replace(2, std::string::npos, tmp); 14126 rc = Parse_TPM2B_DATA( 14127 &encryption_key_out_bytes, 14128 encryption_key_out, 14129 nullptr); 14130 if (rc != TPM_RC_SUCCESS) { 14131 return rc; 14132 } 14133 } 14134 return TPM_RC_SUCCESS; 14135 } 14136 14137 void DuplicateErrorCallback( 14138 const Tpm::DuplicateResponse& callback, 14139 TPM_RC response_code) { 14140 VLOG(1) << __func__; 14141 callback.Run(response_code, 14142 TPM2B_DATA(), 14143 TPM2B_PRIVATE(), 14144 TPM2B_ENCRYPTED_SECRET()); 14145 } 14146 14147 void DuplicateResponseParser( 14148 const Tpm::DuplicateResponse& callback, 14149 AuthorizationDelegate* authorization_delegate, 14150 const std::string& response) { 14151 VLOG(1) << __func__; 14152 base::Callback<void(TPM_RC)> error_reporter = 14153 base::Bind(DuplicateErrorCallback, callback); 14154 TPM2B_DATA encryption_key_out; 14155 TPM2B_PRIVATE duplicate; 14156 TPM2B_ENCRYPTED_SECRET out_sym_seed; 14157 TPM_RC rc = Tpm::ParseResponse_Duplicate( 14158 response, 14159 &encryption_key_out, 14160 &duplicate, 14161 &out_sym_seed, 14162 authorization_delegate); 14163 if (rc != TPM_RC_SUCCESS) { 14164 error_reporter.Run(rc); 14165 return; 14166 } 14167 callback.Run( 14168 rc, 14169 encryption_key_out, 14170 duplicate, 14171 out_sym_seed); 14172 } 14173 14174 void Tpm::Duplicate( 14175 const TPMI_DH_OBJECT& object_handle, 14176 const std::string& object_handle_name, 14177 const TPMI_DH_OBJECT& new_parent_handle, 14178 const std::string& new_parent_handle_name, 14179 const TPM2B_DATA& encryption_key_in, 14180 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 14181 AuthorizationDelegate* authorization_delegate, 14182 const DuplicateResponse& callback) { 14183 VLOG(1) << __func__; 14184 base::Callback<void(TPM_RC)> error_reporter = 14185 base::Bind(DuplicateErrorCallback, callback); 14186 base::Callback<void(const std::string&)> parser = 14187 base::Bind(DuplicateResponseParser, 14188 callback, 14189 authorization_delegate); 14190 std::string command; 14191 TPM_RC rc = SerializeCommand_Duplicate( 14192 object_handle, 14193 object_handle_name, 14194 new_parent_handle, 14195 new_parent_handle_name, 14196 encryption_key_in, 14197 symmetric_alg, 14198 &command, 14199 authorization_delegate); 14200 if (rc != TPM_RC_SUCCESS) { 14201 error_reporter.Run(rc); 14202 return; 14203 } 14204 transceiver_->SendCommand(command, parser); 14205 } 14206 14207 TPM_RC Tpm::DuplicateSync( 14208 const TPMI_DH_OBJECT& object_handle, 14209 const std::string& object_handle_name, 14210 const TPMI_DH_OBJECT& new_parent_handle, 14211 const std::string& new_parent_handle_name, 14212 const TPM2B_DATA& encryption_key_in, 14213 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 14214 TPM2B_DATA* encryption_key_out, 14215 TPM2B_PRIVATE* duplicate, 14216 TPM2B_ENCRYPTED_SECRET* out_sym_seed, 14217 AuthorizationDelegate* authorization_delegate) { 14218 VLOG(1) << __func__; 14219 std::string command; 14220 TPM_RC rc = SerializeCommand_Duplicate( 14221 object_handle, 14222 object_handle_name, 14223 new_parent_handle, 14224 new_parent_handle_name, 14225 encryption_key_in, 14226 symmetric_alg, 14227 &command, 14228 authorization_delegate); 14229 if (rc != TPM_RC_SUCCESS) { 14230 return rc; 14231 } 14232 std::string response = transceiver_->SendCommandAndWait(command); 14233 rc = ParseResponse_Duplicate( 14234 response, 14235 encryption_key_out, 14236 duplicate, 14237 out_sym_seed, 14238 authorization_delegate); 14239 return rc; 14240 } 14241 14242 TPM_RC Tpm::SerializeCommand_Rewrap( 14243 const TPMI_DH_OBJECT& old_parent, 14244 const std::string& old_parent_name, 14245 const TPMI_DH_OBJECT& new_parent, 14246 const std::string& new_parent_name, 14247 const TPM2B_PRIVATE& in_duplicate, 14248 const TPM2B_NAME& name, 14249 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 14250 std::string* serialized_command, 14251 AuthorizationDelegate* authorization_delegate) { 14252 VLOG(3) << __func__; 14253 TPM_RC rc = TPM_RC_SUCCESS; 14254 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 14255 UINT32 command_size = 10; // Header size. 14256 std::string handle_section_bytes; 14257 std::string parameter_section_bytes; 14258 TPM_CC command_code = TPM_CC_Rewrap; 14259 bool is_command_parameter_encryption_possible = true; 14260 bool is_response_parameter_encryption_possible = true; 14261 std::string command_code_bytes; 14262 rc = Serialize_TPM_CC( 14263 command_code, 14264 &command_code_bytes); 14265 if (rc != TPM_RC_SUCCESS) { 14266 return rc; 14267 } 14268 std::string old_parent_bytes; 14269 rc = Serialize_TPMI_DH_OBJECT( 14270 old_parent, 14271 &old_parent_bytes); 14272 if (rc != TPM_RC_SUCCESS) { 14273 return rc; 14274 } 14275 std::string new_parent_bytes; 14276 rc = Serialize_TPMI_DH_OBJECT( 14277 new_parent, 14278 &new_parent_bytes); 14279 if (rc != TPM_RC_SUCCESS) { 14280 return rc; 14281 } 14282 std::string in_duplicate_bytes; 14283 rc = Serialize_TPM2B_PRIVATE( 14284 in_duplicate, 14285 &in_duplicate_bytes); 14286 if (rc != TPM_RC_SUCCESS) { 14287 return rc; 14288 } 14289 std::string name_bytes; 14290 rc = Serialize_TPM2B_NAME( 14291 name, 14292 &name_bytes); 14293 if (rc != TPM_RC_SUCCESS) { 14294 return rc; 14295 } 14296 std::string in_sym_seed_bytes; 14297 rc = Serialize_TPM2B_ENCRYPTED_SECRET( 14298 in_sym_seed, 14299 &in_sym_seed_bytes); 14300 if (rc != TPM_RC_SUCCESS) { 14301 return rc; 14302 } 14303 if (authorization_delegate) { 14304 // Encrypt just the parameter data, not the size. 14305 std::string tmp = in_duplicate_bytes.substr(2); 14306 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 14307 return TRUNKS_RC_ENCRYPTION_FAILED; 14308 } 14309 in_duplicate_bytes.replace(2, std::string::npos, tmp); 14310 } 14311 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 14312 crypto::SecureHash::SHA256)); 14313 hash->Update(command_code_bytes.data(), 14314 command_code_bytes.size()); 14315 hash->Update(old_parent_name.data(), 14316 old_parent_name.size()); 14317 handle_section_bytes += old_parent_bytes; 14318 command_size += old_parent_bytes.size(); 14319 hash->Update(new_parent_name.data(), 14320 new_parent_name.size()); 14321 handle_section_bytes += new_parent_bytes; 14322 command_size += new_parent_bytes.size(); 14323 hash->Update(in_duplicate_bytes.data(), 14324 in_duplicate_bytes.size()); 14325 parameter_section_bytes += in_duplicate_bytes; 14326 command_size += in_duplicate_bytes.size(); 14327 hash->Update(name_bytes.data(), 14328 name_bytes.size()); 14329 parameter_section_bytes += name_bytes; 14330 command_size += name_bytes.size(); 14331 hash->Update(in_sym_seed_bytes.data(), 14332 in_sym_seed_bytes.size()); 14333 parameter_section_bytes += in_sym_seed_bytes; 14334 command_size += in_sym_seed_bytes.size(); 14335 std::string command_hash(32, 0); 14336 hash->Finish(string_as_array(&command_hash), command_hash.size()); 14337 std::string authorization_section_bytes; 14338 std::string authorization_size_bytes; 14339 if (authorization_delegate) { 14340 if (!authorization_delegate->GetCommandAuthorization( 14341 command_hash, 14342 is_command_parameter_encryption_possible, 14343 is_response_parameter_encryption_possible, 14344 &authorization_section_bytes)) { 14345 return TRUNKS_RC_AUTHORIZATION_FAILED; 14346 } 14347 if (!authorization_section_bytes.empty()) { 14348 tag = TPM_ST_SESSIONS; 14349 std::string tmp; 14350 rc = Serialize_UINT32(authorization_section_bytes.size(), 14351 &authorization_size_bytes); 14352 if (rc != TPM_RC_SUCCESS) { 14353 return rc; 14354 } 14355 command_size += authorization_size_bytes.size() + 14356 authorization_section_bytes.size(); 14357 } 14358 } 14359 std::string tag_bytes; 14360 rc = Serialize_TPMI_ST_COMMAND_TAG( 14361 tag, 14362 &tag_bytes); 14363 if (rc != TPM_RC_SUCCESS) { 14364 return rc; 14365 } 14366 std::string command_size_bytes; 14367 rc = Serialize_UINT32( 14368 command_size, 14369 &command_size_bytes); 14370 if (rc != TPM_RC_SUCCESS) { 14371 return rc; 14372 } 14373 *serialized_command = tag_bytes + 14374 command_size_bytes + 14375 command_code_bytes + 14376 handle_section_bytes + 14377 authorization_size_bytes + 14378 authorization_section_bytes + 14379 parameter_section_bytes; 14380 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 14381 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 14382 serialized_command->size()); 14383 return TPM_RC_SUCCESS; 14384 } 14385 14386 TPM_RC Tpm::ParseResponse_Rewrap( 14387 const std::string& response, 14388 TPM2B_PRIVATE* out_duplicate, 14389 TPM2B_ENCRYPTED_SECRET* out_sym_seed, 14390 AuthorizationDelegate* authorization_delegate) { 14391 VLOG(3) << __func__; 14392 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 14393 TPM_RC rc = TPM_RC_SUCCESS; 14394 std::string buffer(response); 14395 TPM_ST tag; 14396 std::string tag_bytes; 14397 rc = Parse_TPM_ST( 14398 &buffer, 14399 &tag, 14400 &tag_bytes); 14401 if (rc != TPM_RC_SUCCESS) { 14402 return rc; 14403 } 14404 UINT32 response_size; 14405 std::string response_size_bytes; 14406 rc = Parse_UINT32( 14407 &buffer, 14408 &response_size, 14409 &response_size_bytes); 14410 if (rc != TPM_RC_SUCCESS) { 14411 return rc; 14412 } 14413 TPM_RC response_code; 14414 std::string response_code_bytes; 14415 rc = Parse_TPM_RC( 14416 &buffer, 14417 &response_code, 14418 &response_code_bytes); 14419 if (rc != TPM_RC_SUCCESS) { 14420 return rc; 14421 } 14422 if (response_size != response.size()) { 14423 return TPM_RC_SIZE; 14424 } 14425 if (response_code != TPM_RC_SUCCESS) { 14426 return response_code; 14427 } 14428 TPM_CC command_code = TPM_CC_Rewrap; 14429 std::string command_code_bytes; 14430 rc = Serialize_TPM_CC( 14431 command_code, 14432 &command_code_bytes); 14433 if (rc != TPM_RC_SUCCESS) { 14434 return rc; 14435 } 14436 std::string authorization_section_bytes; 14437 if (tag == TPM_ST_SESSIONS) { 14438 UINT32 parameter_section_size = buffer.size(); 14439 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 14440 if (rc != TPM_RC_SUCCESS) { 14441 return rc; 14442 } 14443 if (parameter_section_size > buffer.size()) { 14444 return TPM_RC_INSUFFICIENT; 14445 } 14446 authorization_section_bytes = buffer.substr(parameter_section_size); 14447 // Keep the parameter section in |buffer|. 14448 buffer.erase(parameter_section_size); 14449 } 14450 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 14451 crypto::SecureHash::SHA256)); 14452 hash->Update(response_code_bytes.data(), 14453 response_code_bytes.size()); 14454 hash->Update(command_code_bytes.data(), 14455 command_code_bytes.size()); 14456 hash->Update(buffer.data(), 14457 buffer.size()); 14458 std::string response_hash(32, 0); 14459 hash->Finish(string_as_array(&response_hash), response_hash.size()); 14460 if (tag == TPM_ST_SESSIONS) { 14461 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14462 if (!authorization_delegate->CheckResponseAuthorization( 14463 response_hash, 14464 authorization_section_bytes)) { 14465 return TRUNKS_RC_AUTHORIZATION_FAILED; 14466 } 14467 } 14468 std::string out_duplicate_bytes; 14469 rc = Parse_TPM2B_PRIVATE( 14470 &buffer, 14471 out_duplicate, 14472 &out_duplicate_bytes); 14473 if (rc != TPM_RC_SUCCESS) { 14474 return rc; 14475 } 14476 std::string out_sym_seed_bytes; 14477 rc = Parse_TPM2B_ENCRYPTED_SECRET( 14478 &buffer, 14479 out_sym_seed, 14480 &out_sym_seed_bytes); 14481 if (rc != TPM_RC_SUCCESS) { 14482 return rc; 14483 } 14484 if (tag == TPM_ST_SESSIONS) { 14485 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14486 // Decrypt just the parameter data, not the size. 14487 std::string tmp = out_duplicate_bytes.substr(2); 14488 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 14489 return TRUNKS_RC_ENCRYPTION_FAILED; 14490 } 14491 out_duplicate_bytes.replace(2, std::string::npos, tmp); 14492 rc = Parse_TPM2B_PRIVATE( 14493 &out_duplicate_bytes, 14494 out_duplicate, 14495 nullptr); 14496 if (rc != TPM_RC_SUCCESS) { 14497 return rc; 14498 } 14499 } 14500 return TPM_RC_SUCCESS; 14501 } 14502 14503 void RewrapErrorCallback( 14504 const Tpm::RewrapResponse& callback, 14505 TPM_RC response_code) { 14506 VLOG(1) << __func__; 14507 callback.Run(response_code, 14508 TPM2B_PRIVATE(), 14509 TPM2B_ENCRYPTED_SECRET()); 14510 } 14511 14512 void RewrapResponseParser( 14513 const Tpm::RewrapResponse& callback, 14514 AuthorizationDelegate* authorization_delegate, 14515 const std::string& response) { 14516 VLOG(1) << __func__; 14517 base::Callback<void(TPM_RC)> error_reporter = 14518 base::Bind(RewrapErrorCallback, callback); 14519 TPM2B_PRIVATE out_duplicate; 14520 TPM2B_ENCRYPTED_SECRET out_sym_seed; 14521 TPM_RC rc = Tpm::ParseResponse_Rewrap( 14522 response, 14523 &out_duplicate, 14524 &out_sym_seed, 14525 authorization_delegate); 14526 if (rc != TPM_RC_SUCCESS) { 14527 error_reporter.Run(rc); 14528 return; 14529 } 14530 callback.Run( 14531 rc, 14532 out_duplicate, 14533 out_sym_seed); 14534 } 14535 14536 void Tpm::Rewrap( 14537 const TPMI_DH_OBJECT& old_parent, 14538 const std::string& old_parent_name, 14539 const TPMI_DH_OBJECT& new_parent, 14540 const std::string& new_parent_name, 14541 const TPM2B_PRIVATE& in_duplicate, 14542 const TPM2B_NAME& name, 14543 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 14544 AuthorizationDelegate* authorization_delegate, 14545 const RewrapResponse& callback) { 14546 VLOG(1) << __func__; 14547 base::Callback<void(TPM_RC)> error_reporter = 14548 base::Bind(RewrapErrorCallback, callback); 14549 base::Callback<void(const std::string&)> parser = 14550 base::Bind(RewrapResponseParser, 14551 callback, 14552 authorization_delegate); 14553 std::string command; 14554 TPM_RC rc = SerializeCommand_Rewrap( 14555 old_parent, 14556 old_parent_name, 14557 new_parent, 14558 new_parent_name, 14559 in_duplicate, 14560 name, 14561 in_sym_seed, 14562 &command, 14563 authorization_delegate); 14564 if (rc != TPM_RC_SUCCESS) { 14565 error_reporter.Run(rc); 14566 return; 14567 } 14568 transceiver_->SendCommand(command, parser); 14569 } 14570 14571 TPM_RC Tpm::RewrapSync( 14572 const TPMI_DH_OBJECT& old_parent, 14573 const std::string& old_parent_name, 14574 const TPMI_DH_OBJECT& new_parent, 14575 const std::string& new_parent_name, 14576 const TPM2B_PRIVATE& in_duplicate, 14577 const TPM2B_NAME& name, 14578 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 14579 TPM2B_PRIVATE* out_duplicate, 14580 TPM2B_ENCRYPTED_SECRET* out_sym_seed, 14581 AuthorizationDelegate* authorization_delegate) { 14582 VLOG(1) << __func__; 14583 std::string command; 14584 TPM_RC rc = SerializeCommand_Rewrap( 14585 old_parent, 14586 old_parent_name, 14587 new_parent, 14588 new_parent_name, 14589 in_duplicate, 14590 name, 14591 in_sym_seed, 14592 &command, 14593 authorization_delegate); 14594 if (rc != TPM_RC_SUCCESS) { 14595 return rc; 14596 } 14597 std::string response = transceiver_->SendCommandAndWait(command); 14598 rc = ParseResponse_Rewrap( 14599 response, 14600 out_duplicate, 14601 out_sym_seed, 14602 authorization_delegate); 14603 return rc; 14604 } 14605 14606 TPM_RC Tpm::SerializeCommand_Import( 14607 const TPMI_DH_OBJECT& parent_handle, 14608 const std::string& parent_handle_name, 14609 const TPM2B_DATA& encryption_key, 14610 const TPM2B_PUBLIC& object_public, 14611 const TPM2B_PRIVATE& duplicate, 14612 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 14613 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 14614 std::string* serialized_command, 14615 AuthorizationDelegate* authorization_delegate) { 14616 VLOG(3) << __func__; 14617 TPM_RC rc = TPM_RC_SUCCESS; 14618 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 14619 UINT32 command_size = 10; // Header size. 14620 std::string handle_section_bytes; 14621 std::string parameter_section_bytes; 14622 TPM_CC command_code = TPM_CC_Import; 14623 bool is_command_parameter_encryption_possible = true; 14624 bool is_response_parameter_encryption_possible = true; 14625 std::string command_code_bytes; 14626 rc = Serialize_TPM_CC( 14627 command_code, 14628 &command_code_bytes); 14629 if (rc != TPM_RC_SUCCESS) { 14630 return rc; 14631 } 14632 std::string parent_handle_bytes; 14633 rc = Serialize_TPMI_DH_OBJECT( 14634 parent_handle, 14635 &parent_handle_bytes); 14636 if (rc != TPM_RC_SUCCESS) { 14637 return rc; 14638 } 14639 std::string encryption_key_bytes; 14640 rc = Serialize_TPM2B_DATA( 14641 encryption_key, 14642 &encryption_key_bytes); 14643 if (rc != TPM_RC_SUCCESS) { 14644 return rc; 14645 } 14646 std::string object_public_bytes; 14647 rc = Serialize_TPM2B_PUBLIC( 14648 object_public, 14649 &object_public_bytes); 14650 if (rc != TPM_RC_SUCCESS) { 14651 return rc; 14652 } 14653 std::string duplicate_bytes; 14654 rc = Serialize_TPM2B_PRIVATE( 14655 duplicate, 14656 &duplicate_bytes); 14657 if (rc != TPM_RC_SUCCESS) { 14658 return rc; 14659 } 14660 std::string in_sym_seed_bytes; 14661 rc = Serialize_TPM2B_ENCRYPTED_SECRET( 14662 in_sym_seed, 14663 &in_sym_seed_bytes); 14664 if (rc != TPM_RC_SUCCESS) { 14665 return rc; 14666 } 14667 std::string symmetric_alg_bytes; 14668 rc = Serialize_TPMT_SYM_DEF_OBJECT( 14669 symmetric_alg, 14670 &symmetric_alg_bytes); 14671 if (rc != TPM_RC_SUCCESS) { 14672 return rc; 14673 } 14674 if (authorization_delegate) { 14675 // Encrypt just the parameter data, not the size. 14676 std::string tmp = encryption_key_bytes.substr(2); 14677 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 14678 return TRUNKS_RC_ENCRYPTION_FAILED; 14679 } 14680 encryption_key_bytes.replace(2, std::string::npos, tmp); 14681 } 14682 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 14683 crypto::SecureHash::SHA256)); 14684 hash->Update(command_code_bytes.data(), 14685 command_code_bytes.size()); 14686 hash->Update(parent_handle_name.data(), 14687 parent_handle_name.size()); 14688 handle_section_bytes += parent_handle_bytes; 14689 command_size += parent_handle_bytes.size(); 14690 hash->Update(encryption_key_bytes.data(), 14691 encryption_key_bytes.size()); 14692 parameter_section_bytes += encryption_key_bytes; 14693 command_size += encryption_key_bytes.size(); 14694 hash->Update(object_public_bytes.data(), 14695 object_public_bytes.size()); 14696 parameter_section_bytes += object_public_bytes; 14697 command_size += object_public_bytes.size(); 14698 hash->Update(duplicate_bytes.data(), 14699 duplicate_bytes.size()); 14700 parameter_section_bytes += duplicate_bytes; 14701 command_size += duplicate_bytes.size(); 14702 hash->Update(in_sym_seed_bytes.data(), 14703 in_sym_seed_bytes.size()); 14704 parameter_section_bytes += in_sym_seed_bytes; 14705 command_size += in_sym_seed_bytes.size(); 14706 hash->Update(symmetric_alg_bytes.data(), 14707 symmetric_alg_bytes.size()); 14708 parameter_section_bytes += symmetric_alg_bytes; 14709 command_size += symmetric_alg_bytes.size(); 14710 std::string command_hash(32, 0); 14711 hash->Finish(string_as_array(&command_hash), command_hash.size()); 14712 std::string authorization_section_bytes; 14713 std::string authorization_size_bytes; 14714 if (authorization_delegate) { 14715 if (!authorization_delegate->GetCommandAuthorization( 14716 command_hash, 14717 is_command_parameter_encryption_possible, 14718 is_response_parameter_encryption_possible, 14719 &authorization_section_bytes)) { 14720 return TRUNKS_RC_AUTHORIZATION_FAILED; 14721 } 14722 if (!authorization_section_bytes.empty()) { 14723 tag = TPM_ST_SESSIONS; 14724 std::string tmp; 14725 rc = Serialize_UINT32(authorization_section_bytes.size(), 14726 &authorization_size_bytes); 14727 if (rc != TPM_RC_SUCCESS) { 14728 return rc; 14729 } 14730 command_size += authorization_size_bytes.size() + 14731 authorization_section_bytes.size(); 14732 } 14733 } 14734 std::string tag_bytes; 14735 rc = Serialize_TPMI_ST_COMMAND_TAG( 14736 tag, 14737 &tag_bytes); 14738 if (rc != TPM_RC_SUCCESS) { 14739 return rc; 14740 } 14741 std::string command_size_bytes; 14742 rc = Serialize_UINT32( 14743 command_size, 14744 &command_size_bytes); 14745 if (rc != TPM_RC_SUCCESS) { 14746 return rc; 14747 } 14748 *serialized_command = tag_bytes + 14749 command_size_bytes + 14750 command_code_bytes + 14751 handle_section_bytes + 14752 authorization_size_bytes + 14753 authorization_section_bytes + 14754 parameter_section_bytes; 14755 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 14756 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 14757 serialized_command->size()); 14758 return TPM_RC_SUCCESS; 14759 } 14760 14761 TPM_RC Tpm::ParseResponse_Import( 14762 const std::string& response, 14763 TPM2B_PRIVATE* out_private, 14764 AuthorizationDelegate* authorization_delegate) { 14765 VLOG(3) << __func__; 14766 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 14767 TPM_RC rc = TPM_RC_SUCCESS; 14768 std::string buffer(response); 14769 TPM_ST tag; 14770 std::string tag_bytes; 14771 rc = Parse_TPM_ST( 14772 &buffer, 14773 &tag, 14774 &tag_bytes); 14775 if (rc != TPM_RC_SUCCESS) { 14776 return rc; 14777 } 14778 UINT32 response_size; 14779 std::string response_size_bytes; 14780 rc = Parse_UINT32( 14781 &buffer, 14782 &response_size, 14783 &response_size_bytes); 14784 if (rc != TPM_RC_SUCCESS) { 14785 return rc; 14786 } 14787 TPM_RC response_code; 14788 std::string response_code_bytes; 14789 rc = Parse_TPM_RC( 14790 &buffer, 14791 &response_code, 14792 &response_code_bytes); 14793 if (rc != TPM_RC_SUCCESS) { 14794 return rc; 14795 } 14796 if (response_size != response.size()) { 14797 return TPM_RC_SIZE; 14798 } 14799 if (response_code != TPM_RC_SUCCESS) { 14800 return response_code; 14801 } 14802 TPM_CC command_code = TPM_CC_Import; 14803 std::string command_code_bytes; 14804 rc = Serialize_TPM_CC( 14805 command_code, 14806 &command_code_bytes); 14807 if (rc != TPM_RC_SUCCESS) { 14808 return rc; 14809 } 14810 std::string authorization_section_bytes; 14811 if (tag == TPM_ST_SESSIONS) { 14812 UINT32 parameter_section_size = buffer.size(); 14813 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 14814 if (rc != TPM_RC_SUCCESS) { 14815 return rc; 14816 } 14817 if (parameter_section_size > buffer.size()) { 14818 return TPM_RC_INSUFFICIENT; 14819 } 14820 authorization_section_bytes = buffer.substr(parameter_section_size); 14821 // Keep the parameter section in |buffer|. 14822 buffer.erase(parameter_section_size); 14823 } 14824 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 14825 crypto::SecureHash::SHA256)); 14826 hash->Update(response_code_bytes.data(), 14827 response_code_bytes.size()); 14828 hash->Update(command_code_bytes.data(), 14829 command_code_bytes.size()); 14830 hash->Update(buffer.data(), 14831 buffer.size()); 14832 std::string response_hash(32, 0); 14833 hash->Finish(string_as_array(&response_hash), response_hash.size()); 14834 if (tag == TPM_ST_SESSIONS) { 14835 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14836 if (!authorization_delegate->CheckResponseAuthorization( 14837 response_hash, 14838 authorization_section_bytes)) { 14839 return TRUNKS_RC_AUTHORIZATION_FAILED; 14840 } 14841 } 14842 std::string out_private_bytes; 14843 rc = Parse_TPM2B_PRIVATE( 14844 &buffer, 14845 out_private, 14846 &out_private_bytes); 14847 if (rc != TPM_RC_SUCCESS) { 14848 return rc; 14849 } 14850 if (tag == TPM_ST_SESSIONS) { 14851 CHECK(authorization_delegate) << "Authorization delegate missing!"; 14852 // Decrypt just the parameter data, not the size. 14853 std::string tmp = out_private_bytes.substr(2); 14854 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 14855 return TRUNKS_RC_ENCRYPTION_FAILED; 14856 } 14857 out_private_bytes.replace(2, std::string::npos, tmp); 14858 rc = Parse_TPM2B_PRIVATE( 14859 &out_private_bytes, 14860 out_private, 14861 nullptr); 14862 if (rc != TPM_RC_SUCCESS) { 14863 return rc; 14864 } 14865 } 14866 return TPM_RC_SUCCESS; 14867 } 14868 14869 void ImportErrorCallback( 14870 const Tpm::ImportResponse& callback, 14871 TPM_RC response_code) { 14872 VLOG(1) << __func__; 14873 callback.Run(response_code, 14874 TPM2B_PRIVATE()); 14875 } 14876 14877 void ImportResponseParser( 14878 const Tpm::ImportResponse& callback, 14879 AuthorizationDelegate* authorization_delegate, 14880 const std::string& response) { 14881 VLOG(1) << __func__; 14882 base::Callback<void(TPM_RC)> error_reporter = 14883 base::Bind(ImportErrorCallback, callback); 14884 TPM2B_PRIVATE out_private; 14885 TPM_RC rc = Tpm::ParseResponse_Import( 14886 response, 14887 &out_private, 14888 authorization_delegate); 14889 if (rc != TPM_RC_SUCCESS) { 14890 error_reporter.Run(rc); 14891 return; 14892 } 14893 callback.Run( 14894 rc, 14895 out_private); 14896 } 14897 14898 void Tpm::Import( 14899 const TPMI_DH_OBJECT& parent_handle, 14900 const std::string& parent_handle_name, 14901 const TPM2B_DATA& encryption_key, 14902 const TPM2B_PUBLIC& object_public, 14903 const TPM2B_PRIVATE& duplicate, 14904 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 14905 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 14906 AuthorizationDelegate* authorization_delegate, 14907 const ImportResponse& callback) { 14908 VLOG(1) << __func__; 14909 base::Callback<void(TPM_RC)> error_reporter = 14910 base::Bind(ImportErrorCallback, callback); 14911 base::Callback<void(const std::string&)> parser = 14912 base::Bind(ImportResponseParser, 14913 callback, 14914 authorization_delegate); 14915 std::string command; 14916 TPM_RC rc = SerializeCommand_Import( 14917 parent_handle, 14918 parent_handle_name, 14919 encryption_key, 14920 object_public, 14921 duplicate, 14922 in_sym_seed, 14923 symmetric_alg, 14924 &command, 14925 authorization_delegate); 14926 if (rc != TPM_RC_SUCCESS) { 14927 error_reporter.Run(rc); 14928 return; 14929 } 14930 transceiver_->SendCommand(command, parser); 14931 } 14932 14933 TPM_RC Tpm::ImportSync( 14934 const TPMI_DH_OBJECT& parent_handle, 14935 const std::string& parent_handle_name, 14936 const TPM2B_DATA& encryption_key, 14937 const TPM2B_PUBLIC& object_public, 14938 const TPM2B_PRIVATE& duplicate, 14939 const TPM2B_ENCRYPTED_SECRET& in_sym_seed, 14940 const TPMT_SYM_DEF_OBJECT& symmetric_alg, 14941 TPM2B_PRIVATE* out_private, 14942 AuthorizationDelegate* authorization_delegate) { 14943 VLOG(1) << __func__; 14944 std::string command; 14945 TPM_RC rc = SerializeCommand_Import( 14946 parent_handle, 14947 parent_handle_name, 14948 encryption_key, 14949 object_public, 14950 duplicate, 14951 in_sym_seed, 14952 symmetric_alg, 14953 &command, 14954 authorization_delegate); 14955 if (rc != TPM_RC_SUCCESS) { 14956 return rc; 14957 } 14958 std::string response = transceiver_->SendCommandAndWait(command); 14959 rc = ParseResponse_Import( 14960 response, 14961 out_private, 14962 authorization_delegate); 14963 return rc; 14964 } 14965 14966 TPM_RC Tpm::SerializeCommand_RSA_Encrypt( 14967 const TPMI_DH_OBJECT& key_handle, 14968 const std::string& key_handle_name, 14969 const TPM2B_PUBLIC_KEY_RSA& message, 14970 const TPMT_RSA_DECRYPT& in_scheme, 14971 const TPM2B_DATA& label, 14972 std::string* serialized_command, 14973 AuthorizationDelegate* authorization_delegate) { 14974 VLOG(3) << __func__; 14975 TPM_RC rc = TPM_RC_SUCCESS; 14976 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 14977 UINT32 command_size = 10; // Header size. 14978 std::string handle_section_bytes; 14979 std::string parameter_section_bytes; 14980 TPM_CC command_code = TPM_CC_RSA_Encrypt; 14981 bool is_command_parameter_encryption_possible = true; 14982 bool is_response_parameter_encryption_possible = true; 14983 std::string command_code_bytes; 14984 rc = Serialize_TPM_CC( 14985 command_code, 14986 &command_code_bytes); 14987 if (rc != TPM_RC_SUCCESS) { 14988 return rc; 14989 } 14990 std::string key_handle_bytes; 14991 rc = Serialize_TPMI_DH_OBJECT( 14992 key_handle, 14993 &key_handle_bytes); 14994 if (rc != TPM_RC_SUCCESS) { 14995 return rc; 14996 } 14997 std::string message_bytes; 14998 rc = Serialize_TPM2B_PUBLIC_KEY_RSA( 14999 message, 15000 &message_bytes); 15001 if (rc != TPM_RC_SUCCESS) { 15002 return rc; 15003 } 15004 std::string in_scheme_bytes; 15005 rc = Serialize_TPMT_RSA_DECRYPT( 15006 in_scheme, 15007 &in_scheme_bytes); 15008 if (rc != TPM_RC_SUCCESS) { 15009 return rc; 15010 } 15011 std::string label_bytes; 15012 rc = Serialize_TPM2B_DATA( 15013 label, 15014 &label_bytes); 15015 if (rc != TPM_RC_SUCCESS) { 15016 return rc; 15017 } 15018 if (authorization_delegate) { 15019 // Encrypt just the parameter data, not the size. 15020 std::string tmp = message_bytes.substr(2); 15021 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 15022 return TRUNKS_RC_ENCRYPTION_FAILED; 15023 } 15024 message_bytes.replace(2, std::string::npos, tmp); 15025 } 15026 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 15027 crypto::SecureHash::SHA256)); 15028 hash->Update(command_code_bytes.data(), 15029 command_code_bytes.size()); 15030 hash->Update(key_handle_name.data(), 15031 key_handle_name.size()); 15032 handle_section_bytes += key_handle_bytes; 15033 command_size += key_handle_bytes.size(); 15034 hash->Update(message_bytes.data(), 15035 message_bytes.size()); 15036 parameter_section_bytes += message_bytes; 15037 command_size += message_bytes.size(); 15038 hash->Update(in_scheme_bytes.data(), 15039 in_scheme_bytes.size()); 15040 parameter_section_bytes += in_scheme_bytes; 15041 command_size += in_scheme_bytes.size(); 15042 hash->Update(label_bytes.data(), 15043 label_bytes.size()); 15044 parameter_section_bytes += label_bytes; 15045 command_size += label_bytes.size(); 15046 std::string command_hash(32, 0); 15047 hash->Finish(string_as_array(&command_hash), command_hash.size()); 15048 std::string authorization_section_bytes; 15049 std::string authorization_size_bytes; 15050 if (authorization_delegate) { 15051 if (!authorization_delegate->GetCommandAuthorization( 15052 command_hash, 15053 is_command_parameter_encryption_possible, 15054 is_response_parameter_encryption_possible, 15055 &authorization_section_bytes)) { 15056 return TRUNKS_RC_AUTHORIZATION_FAILED; 15057 } 15058 if (!authorization_section_bytes.empty()) { 15059 tag = TPM_ST_SESSIONS; 15060 std::string tmp; 15061 rc = Serialize_UINT32(authorization_section_bytes.size(), 15062 &authorization_size_bytes); 15063 if (rc != TPM_RC_SUCCESS) { 15064 return rc; 15065 } 15066 command_size += authorization_size_bytes.size() + 15067 authorization_section_bytes.size(); 15068 } 15069 } 15070 std::string tag_bytes; 15071 rc = Serialize_TPMI_ST_COMMAND_TAG( 15072 tag, 15073 &tag_bytes); 15074 if (rc != TPM_RC_SUCCESS) { 15075 return rc; 15076 } 15077 std::string command_size_bytes; 15078 rc = Serialize_UINT32( 15079 command_size, 15080 &command_size_bytes); 15081 if (rc != TPM_RC_SUCCESS) { 15082 return rc; 15083 } 15084 *serialized_command = tag_bytes + 15085 command_size_bytes + 15086 command_code_bytes + 15087 handle_section_bytes + 15088 authorization_size_bytes + 15089 authorization_section_bytes + 15090 parameter_section_bytes; 15091 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 15092 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 15093 serialized_command->size()); 15094 return TPM_RC_SUCCESS; 15095 } 15096 15097 TPM_RC Tpm::ParseResponse_RSA_Encrypt( 15098 const std::string& response, 15099 TPM2B_PUBLIC_KEY_RSA* out_data, 15100 AuthorizationDelegate* authorization_delegate) { 15101 VLOG(3) << __func__; 15102 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 15103 TPM_RC rc = TPM_RC_SUCCESS; 15104 std::string buffer(response); 15105 TPM_ST tag; 15106 std::string tag_bytes; 15107 rc = Parse_TPM_ST( 15108 &buffer, 15109 &tag, 15110 &tag_bytes); 15111 if (rc != TPM_RC_SUCCESS) { 15112 return rc; 15113 } 15114 UINT32 response_size; 15115 std::string response_size_bytes; 15116 rc = Parse_UINT32( 15117 &buffer, 15118 &response_size, 15119 &response_size_bytes); 15120 if (rc != TPM_RC_SUCCESS) { 15121 return rc; 15122 } 15123 TPM_RC response_code; 15124 std::string response_code_bytes; 15125 rc = Parse_TPM_RC( 15126 &buffer, 15127 &response_code, 15128 &response_code_bytes); 15129 if (rc != TPM_RC_SUCCESS) { 15130 return rc; 15131 } 15132 if (response_size != response.size()) { 15133 return TPM_RC_SIZE; 15134 } 15135 if (response_code != TPM_RC_SUCCESS) { 15136 return response_code; 15137 } 15138 TPM_CC command_code = TPM_CC_RSA_Encrypt; 15139 std::string command_code_bytes; 15140 rc = Serialize_TPM_CC( 15141 command_code, 15142 &command_code_bytes); 15143 if (rc != TPM_RC_SUCCESS) { 15144 return rc; 15145 } 15146 std::string authorization_section_bytes; 15147 if (tag == TPM_ST_SESSIONS) { 15148 UINT32 parameter_section_size = buffer.size(); 15149 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 15150 if (rc != TPM_RC_SUCCESS) { 15151 return rc; 15152 } 15153 if (parameter_section_size > buffer.size()) { 15154 return TPM_RC_INSUFFICIENT; 15155 } 15156 authorization_section_bytes = buffer.substr(parameter_section_size); 15157 // Keep the parameter section in |buffer|. 15158 buffer.erase(parameter_section_size); 15159 } 15160 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 15161 crypto::SecureHash::SHA256)); 15162 hash->Update(response_code_bytes.data(), 15163 response_code_bytes.size()); 15164 hash->Update(command_code_bytes.data(), 15165 command_code_bytes.size()); 15166 hash->Update(buffer.data(), 15167 buffer.size()); 15168 std::string response_hash(32, 0); 15169 hash->Finish(string_as_array(&response_hash), response_hash.size()); 15170 if (tag == TPM_ST_SESSIONS) { 15171 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15172 if (!authorization_delegate->CheckResponseAuthorization( 15173 response_hash, 15174 authorization_section_bytes)) { 15175 return TRUNKS_RC_AUTHORIZATION_FAILED; 15176 } 15177 } 15178 std::string out_data_bytes; 15179 rc = Parse_TPM2B_PUBLIC_KEY_RSA( 15180 &buffer, 15181 out_data, 15182 &out_data_bytes); 15183 if (rc != TPM_RC_SUCCESS) { 15184 return rc; 15185 } 15186 if (tag == TPM_ST_SESSIONS) { 15187 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15188 // Decrypt just the parameter data, not the size. 15189 std::string tmp = out_data_bytes.substr(2); 15190 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 15191 return TRUNKS_RC_ENCRYPTION_FAILED; 15192 } 15193 out_data_bytes.replace(2, std::string::npos, tmp); 15194 rc = Parse_TPM2B_PUBLIC_KEY_RSA( 15195 &out_data_bytes, 15196 out_data, 15197 nullptr); 15198 if (rc != TPM_RC_SUCCESS) { 15199 return rc; 15200 } 15201 } 15202 return TPM_RC_SUCCESS; 15203 } 15204 15205 void RSA_EncryptErrorCallback( 15206 const Tpm::RSA_EncryptResponse& callback, 15207 TPM_RC response_code) { 15208 VLOG(1) << __func__; 15209 callback.Run(response_code, 15210 TPM2B_PUBLIC_KEY_RSA()); 15211 } 15212 15213 void RSA_EncryptResponseParser( 15214 const Tpm::RSA_EncryptResponse& callback, 15215 AuthorizationDelegate* authorization_delegate, 15216 const std::string& response) { 15217 VLOG(1) << __func__; 15218 base::Callback<void(TPM_RC)> error_reporter = 15219 base::Bind(RSA_EncryptErrorCallback, callback); 15220 TPM2B_PUBLIC_KEY_RSA out_data; 15221 TPM_RC rc = Tpm::ParseResponse_RSA_Encrypt( 15222 response, 15223 &out_data, 15224 authorization_delegate); 15225 if (rc != TPM_RC_SUCCESS) { 15226 error_reporter.Run(rc); 15227 return; 15228 } 15229 callback.Run( 15230 rc, 15231 out_data); 15232 } 15233 15234 void Tpm::RSA_Encrypt( 15235 const TPMI_DH_OBJECT& key_handle, 15236 const std::string& key_handle_name, 15237 const TPM2B_PUBLIC_KEY_RSA& message, 15238 const TPMT_RSA_DECRYPT& in_scheme, 15239 const TPM2B_DATA& label, 15240 AuthorizationDelegate* authorization_delegate, 15241 const RSA_EncryptResponse& callback) { 15242 VLOG(1) << __func__; 15243 base::Callback<void(TPM_RC)> error_reporter = 15244 base::Bind(RSA_EncryptErrorCallback, callback); 15245 base::Callback<void(const std::string&)> parser = 15246 base::Bind(RSA_EncryptResponseParser, 15247 callback, 15248 authorization_delegate); 15249 std::string command; 15250 TPM_RC rc = SerializeCommand_RSA_Encrypt( 15251 key_handle, 15252 key_handle_name, 15253 message, 15254 in_scheme, 15255 label, 15256 &command, 15257 authorization_delegate); 15258 if (rc != TPM_RC_SUCCESS) { 15259 error_reporter.Run(rc); 15260 return; 15261 } 15262 transceiver_->SendCommand(command, parser); 15263 } 15264 15265 TPM_RC Tpm::RSA_EncryptSync( 15266 const TPMI_DH_OBJECT& key_handle, 15267 const std::string& key_handle_name, 15268 const TPM2B_PUBLIC_KEY_RSA& message, 15269 const TPMT_RSA_DECRYPT& in_scheme, 15270 const TPM2B_DATA& label, 15271 TPM2B_PUBLIC_KEY_RSA* out_data, 15272 AuthorizationDelegate* authorization_delegate) { 15273 VLOG(1) << __func__; 15274 std::string command; 15275 TPM_RC rc = SerializeCommand_RSA_Encrypt( 15276 key_handle, 15277 key_handle_name, 15278 message, 15279 in_scheme, 15280 label, 15281 &command, 15282 authorization_delegate); 15283 if (rc != TPM_RC_SUCCESS) { 15284 return rc; 15285 } 15286 std::string response = transceiver_->SendCommandAndWait(command); 15287 rc = ParseResponse_RSA_Encrypt( 15288 response, 15289 out_data, 15290 authorization_delegate); 15291 return rc; 15292 } 15293 15294 TPM_RC Tpm::SerializeCommand_RSA_Decrypt( 15295 const TPMI_DH_OBJECT& key_handle, 15296 const std::string& key_handle_name, 15297 const TPM2B_PUBLIC_KEY_RSA& cipher_text, 15298 const TPMT_RSA_DECRYPT& in_scheme, 15299 const TPM2B_DATA& label, 15300 std::string* serialized_command, 15301 AuthorizationDelegate* authorization_delegate) { 15302 VLOG(3) << __func__; 15303 TPM_RC rc = TPM_RC_SUCCESS; 15304 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 15305 UINT32 command_size = 10; // Header size. 15306 std::string handle_section_bytes; 15307 std::string parameter_section_bytes; 15308 TPM_CC command_code = TPM_CC_RSA_Decrypt; 15309 bool is_command_parameter_encryption_possible = true; 15310 bool is_response_parameter_encryption_possible = true; 15311 std::string command_code_bytes; 15312 rc = Serialize_TPM_CC( 15313 command_code, 15314 &command_code_bytes); 15315 if (rc != TPM_RC_SUCCESS) { 15316 return rc; 15317 } 15318 std::string key_handle_bytes; 15319 rc = Serialize_TPMI_DH_OBJECT( 15320 key_handle, 15321 &key_handle_bytes); 15322 if (rc != TPM_RC_SUCCESS) { 15323 return rc; 15324 } 15325 std::string cipher_text_bytes; 15326 rc = Serialize_TPM2B_PUBLIC_KEY_RSA( 15327 cipher_text, 15328 &cipher_text_bytes); 15329 if (rc != TPM_RC_SUCCESS) { 15330 return rc; 15331 } 15332 std::string in_scheme_bytes; 15333 rc = Serialize_TPMT_RSA_DECRYPT( 15334 in_scheme, 15335 &in_scheme_bytes); 15336 if (rc != TPM_RC_SUCCESS) { 15337 return rc; 15338 } 15339 std::string label_bytes; 15340 rc = Serialize_TPM2B_DATA( 15341 label, 15342 &label_bytes); 15343 if (rc != TPM_RC_SUCCESS) { 15344 return rc; 15345 } 15346 if (authorization_delegate) { 15347 // Encrypt just the parameter data, not the size. 15348 std::string tmp = cipher_text_bytes.substr(2); 15349 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 15350 return TRUNKS_RC_ENCRYPTION_FAILED; 15351 } 15352 cipher_text_bytes.replace(2, std::string::npos, tmp); 15353 } 15354 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 15355 crypto::SecureHash::SHA256)); 15356 hash->Update(command_code_bytes.data(), 15357 command_code_bytes.size()); 15358 hash->Update(key_handle_name.data(), 15359 key_handle_name.size()); 15360 handle_section_bytes += key_handle_bytes; 15361 command_size += key_handle_bytes.size(); 15362 hash->Update(cipher_text_bytes.data(), 15363 cipher_text_bytes.size()); 15364 parameter_section_bytes += cipher_text_bytes; 15365 command_size += cipher_text_bytes.size(); 15366 hash->Update(in_scheme_bytes.data(), 15367 in_scheme_bytes.size()); 15368 parameter_section_bytes += in_scheme_bytes; 15369 command_size += in_scheme_bytes.size(); 15370 hash->Update(label_bytes.data(), 15371 label_bytes.size()); 15372 parameter_section_bytes += label_bytes; 15373 command_size += label_bytes.size(); 15374 std::string command_hash(32, 0); 15375 hash->Finish(string_as_array(&command_hash), command_hash.size()); 15376 std::string authorization_section_bytes; 15377 std::string authorization_size_bytes; 15378 if (authorization_delegate) { 15379 if (!authorization_delegate->GetCommandAuthorization( 15380 command_hash, 15381 is_command_parameter_encryption_possible, 15382 is_response_parameter_encryption_possible, 15383 &authorization_section_bytes)) { 15384 return TRUNKS_RC_AUTHORIZATION_FAILED; 15385 } 15386 if (!authorization_section_bytes.empty()) { 15387 tag = TPM_ST_SESSIONS; 15388 std::string tmp; 15389 rc = Serialize_UINT32(authorization_section_bytes.size(), 15390 &authorization_size_bytes); 15391 if (rc != TPM_RC_SUCCESS) { 15392 return rc; 15393 } 15394 command_size += authorization_size_bytes.size() + 15395 authorization_section_bytes.size(); 15396 } 15397 } 15398 std::string tag_bytes; 15399 rc = Serialize_TPMI_ST_COMMAND_TAG( 15400 tag, 15401 &tag_bytes); 15402 if (rc != TPM_RC_SUCCESS) { 15403 return rc; 15404 } 15405 std::string command_size_bytes; 15406 rc = Serialize_UINT32( 15407 command_size, 15408 &command_size_bytes); 15409 if (rc != TPM_RC_SUCCESS) { 15410 return rc; 15411 } 15412 *serialized_command = tag_bytes + 15413 command_size_bytes + 15414 command_code_bytes + 15415 handle_section_bytes + 15416 authorization_size_bytes + 15417 authorization_section_bytes + 15418 parameter_section_bytes; 15419 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 15420 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 15421 serialized_command->size()); 15422 return TPM_RC_SUCCESS; 15423 } 15424 15425 TPM_RC Tpm::ParseResponse_RSA_Decrypt( 15426 const std::string& response, 15427 TPM2B_PUBLIC_KEY_RSA* message, 15428 AuthorizationDelegate* authorization_delegate) { 15429 VLOG(3) << __func__; 15430 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 15431 TPM_RC rc = TPM_RC_SUCCESS; 15432 std::string buffer(response); 15433 TPM_ST tag; 15434 std::string tag_bytes; 15435 rc = Parse_TPM_ST( 15436 &buffer, 15437 &tag, 15438 &tag_bytes); 15439 if (rc != TPM_RC_SUCCESS) { 15440 return rc; 15441 } 15442 UINT32 response_size; 15443 std::string response_size_bytes; 15444 rc = Parse_UINT32( 15445 &buffer, 15446 &response_size, 15447 &response_size_bytes); 15448 if (rc != TPM_RC_SUCCESS) { 15449 return rc; 15450 } 15451 TPM_RC response_code; 15452 std::string response_code_bytes; 15453 rc = Parse_TPM_RC( 15454 &buffer, 15455 &response_code, 15456 &response_code_bytes); 15457 if (rc != TPM_RC_SUCCESS) { 15458 return rc; 15459 } 15460 if (response_size != response.size()) { 15461 return TPM_RC_SIZE; 15462 } 15463 if (response_code != TPM_RC_SUCCESS) { 15464 return response_code; 15465 } 15466 TPM_CC command_code = TPM_CC_RSA_Decrypt; 15467 std::string command_code_bytes; 15468 rc = Serialize_TPM_CC( 15469 command_code, 15470 &command_code_bytes); 15471 if (rc != TPM_RC_SUCCESS) { 15472 return rc; 15473 } 15474 std::string authorization_section_bytes; 15475 if (tag == TPM_ST_SESSIONS) { 15476 UINT32 parameter_section_size = buffer.size(); 15477 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 15478 if (rc != TPM_RC_SUCCESS) { 15479 return rc; 15480 } 15481 if (parameter_section_size > buffer.size()) { 15482 return TPM_RC_INSUFFICIENT; 15483 } 15484 authorization_section_bytes = buffer.substr(parameter_section_size); 15485 // Keep the parameter section in |buffer|. 15486 buffer.erase(parameter_section_size); 15487 } 15488 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 15489 crypto::SecureHash::SHA256)); 15490 hash->Update(response_code_bytes.data(), 15491 response_code_bytes.size()); 15492 hash->Update(command_code_bytes.data(), 15493 command_code_bytes.size()); 15494 hash->Update(buffer.data(), 15495 buffer.size()); 15496 std::string response_hash(32, 0); 15497 hash->Finish(string_as_array(&response_hash), response_hash.size()); 15498 if (tag == TPM_ST_SESSIONS) { 15499 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15500 if (!authorization_delegate->CheckResponseAuthorization( 15501 response_hash, 15502 authorization_section_bytes)) { 15503 return TRUNKS_RC_AUTHORIZATION_FAILED; 15504 } 15505 } 15506 std::string message_bytes; 15507 rc = Parse_TPM2B_PUBLIC_KEY_RSA( 15508 &buffer, 15509 message, 15510 &message_bytes); 15511 if (rc != TPM_RC_SUCCESS) { 15512 return rc; 15513 } 15514 if (tag == TPM_ST_SESSIONS) { 15515 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15516 // Decrypt just the parameter data, not the size. 15517 std::string tmp = message_bytes.substr(2); 15518 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 15519 return TRUNKS_RC_ENCRYPTION_FAILED; 15520 } 15521 message_bytes.replace(2, std::string::npos, tmp); 15522 rc = Parse_TPM2B_PUBLIC_KEY_RSA( 15523 &message_bytes, 15524 message, 15525 nullptr); 15526 if (rc != TPM_RC_SUCCESS) { 15527 return rc; 15528 } 15529 } 15530 return TPM_RC_SUCCESS; 15531 } 15532 15533 void RSA_DecryptErrorCallback( 15534 const Tpm::RSA_DecryptResponse& callback, 15535 TPM_RC response_code) { 15536 VLOG(1) << __func__; 15537 callback.Run(response_code, 15538 TPM2B_PUBLIC_KEY_RSA()); 15539 } 15540 15541 void RSA_DecryptResponseParser( 15542 const Tpm::RSA_DecryptResponse& callback, 15543 AuthorizationDelegate* authorization_delegate, 15544 const std::string& response) { 15545 VLOG(1) << __func__; 15546 base::Callback<void(TPM_RC)> error_reporter = 15547 base::Bind(RSA_DecryptErrorCallback, callback); 15548 TPM2B_PUBLIC_KEY_RSA message; 15549 TPM_RC rc = Tpm::ParseResponse_RSA_Decrypt( 15550 response, 15551 &message, 15552 authorization_delegate); 15553 if (rc != TPM_RC_SUCCESS) { 15554 error_reporter.Run(rc); 15555 return; 15556 } 15557 callback.Run( 15558 rc, 15559 message); 15560 } 15561 15562 void Tpm::RSA_Decrypt( 15563 const TPMI_DH_OBJECT& key_handle, 15564 const std::string& key_handle_name, 15565 const TPM2B_PUBLIC_KEY_RSA& cipher_text, 15566 const TPMT_RSA_DECRYPT& in_scheme, 15567 const TPM2B_DATA& label, 15568 AuthorizationDelegate* authorization_delegate, 15569 const RSA_DecryptResponse& callback) { 15570 VLOG(1) << __func__; 15571 base::Callback<void(TPM_RC)> error_reporter = 15572 base::Bind(RSA_DecryptErrorCallback, callback); 15573 base::Callback<void(const std::string&)> parser = 15574 base::Bind(RSA_DecryptResponseParser, 15575 callback, 15576 authorization_delegate); 15577 std::string command; 15578 TPM_RC rc = SerializeCommand_RSA_Decrypt( 15579 key_handle, 15580 key_handle_name, 15581 cipher_text, 15582 in_scheme, 15583 label, 15584 &command, 15585 authorization_delegate); 15586 if (rc != TPM_RC_SUCCESS) { 15587 error_reporter.Run(rc); 15588 return; 15589 } 15590 transceiver_->SendCommand(command, parser); 15591 } 15592 15593 TPM_RC Tpm::RSA_DecryptSync( 15594 const TPMI_DH_OBJECT& key_handle, 15595 const std::string& key_handle_name, 15596 const TPM2B_PUBLIC_KEY_RSA& cipher_text, 15597 const TPMT_RSA_DECRYPT& in_scheme, 15598 const TPM2B_DATA& label, 15599 TPM2B_PUBLIC_KEY_RSA* message, 15600 AuthorizationDelegate* authorization_delegate) { 15601 VLOG(1) << __func__; 15602 std::string command; 15603 TPM_RC rc = SerializeCommand_RSA_Decrypt( 15604 key_handle, 15605 key_handle_name, 15606 cipher_text, 15607 in_scheme, 15608 label, 15609 &command, 15610 authorization_delegate); 15611 if (rc != TPM_RC_SUCCESS) { 15612 return rc; 15613 } 15614 std::string response = transceiver_->SendCommandAndWait(command); 15615 rc = ParseResponse_RSA_Decrypt( 15616 response, 15617 message, 15618 authorization_delegate); 15619 return rc; 15620 } 15621 15622 TPM_RC Tpm::SerializeCommand_ECDH_KeyGen( 15623 const TPMI_DH_OBJECT& key_handle, 15624 const std::string& key_handle_name, 15625 std::string* serialized_command, 15626 AuthorizationDelegate* authorization_delegate) { 15627 VLOG(3) << __func__; 15628 TPM_RC rc = TPM_RC_SUCCESS; 15629 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 15630 UINT32 command_size = 10; // Header size. 15631 std::string handle_section_bytes; 15632 std::string parameter_section_bytes; 15633 TPM_CC command_code = TPM_CC_ECDH_KeyGen; 15634 bool is_command_parameter_encryption_possible = false; 15635 bool is_response_parameter_encryption_possible = true; 15636 std::string command_code_bytes; 15637 rc = Serialize_TPM_CC( 15638 command_code, 15639 &command_code_bytes); 15640 if (rc != TPM_RC_SUCCESS) { 15641 return rc; 15642 } 15643 std::string key_handle_bytes; 15644 rc = Serialize_TPMI_DH_OBJECT( 15645 key_handle, 15646 &key_handle_bytes); 15647 if (rc != TPM_RC_SUCCESS) { 15648 return rc; 15649 } 15650 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 15651 crypto::SecureHash::SHA256)); 15652 hash->Update(command_code_bytes.data(), 15653 command_code_bytes.size()); 15654 hash->Update(key_handle_name.data(), 15655 key_handle_name.size()); 15656 handle_section_bytes += key_handle_bytes; 15657 command_size += key_handle_bytes.size(); 15658 std::string command_hash(32, 0); 15659 hash->Finish(string_as_array(&command_hash), command_hash.size()); 15660 std::string authorization_section_bytes; 15661 std::string authorization_size_bytes; 15662 if (authorization_delegate) { 15663 if (!authorization_delegate->GetCommandAuthorization( 15664 command_hash, 15665 is_command_parameter_encryption_possible, 15666 is_response_parameter_encryption_possible, 15667 &authorization_section_bytes)) { 15668 return TRUNKS_RC_AUTHORIZATION_FAILED; 15669 } 15670 if (!authorization_section_bytes.empty()) { 15671 tag = TPM_ST_SESSIONS; 15672 std::string tmp; 15673 rc = Serialize_UINT32(authorization_section_bytes.size(), 15674 &authorization_size_bytes); 15675 if (rc != TPM_RC_SUCCESS) { 15676 return rc; 15677 } 15678 command_size += authorization_size_bytes.size() + 15679 authorization_section_bytes.size(); 15680 } 15681 } 15682 std::string tag_bytes; 15683 rc = Serialize_TPMI_ST_COMMAND_TAG( 15684 tag, 15685 &tag_bytes); 15686 if (rc != TPM_RC_SUCCESS) { 15687 return rc; 15688 } 15689 std::string command_size_bytes; 15690 rc = Serialize_UINT32( 15691 command_size, 15692 &command_size_bytes); 15693 if (rc != TPM_RC_SUCCESS) { 15694 return rc; 15695 } 15696 *serialized_command = tag_bytes + 15697 command_size_bytes + 15698 command_code_bytes + 15699 handle_section_bytes + 15700 authorization_size_bytes + 15701 authorization_section_bytes + 15702 parameter_section_bytes; 15703 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 15704 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 15705 serialized_command->size()); 15706 return TPM_RC_SUCCESS; 15707 } 15708 15709 TPM_RC Tpm::ParseResponse_ECDH_KeyGen( 15710 const std::string& response, 15711 TPM2B_ECC_POINT* z_point, 15712 TPM2B_ECC_POINT* pub_point, 15713 AuthorizationDelegate* authorization_delegate) { 15714 VLOG(3) << __func__; 15715 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 15716 TPM_RC rc = TPM_RC_SUCCESS; 15717 std::string buffer(response); 15718 TPM_ST tag; 15719 std::string tag_bytes; 15720 rc = Parse_TPM_ST( 15721 &buffer, 15722 &tag, 15723 &tag_bytes); 15724 if (rc != TPM_RC_SUCCESS) { 15725 return rc; 15726 } 15727 UINT32 response_size; 15728 std::string response_size_bytes; 15729 rc = Parse_UINT32( 15730 &buffer, 15731 &response_size, 15732 &response_size_bytes); 15733 if (rc != TPM_RC_SUCCESS) { 15734 return rc; 15735 } 15736 TPM_RC response_code; 15737 std::string response_code_bytes; 15738 rc = Parse_TPM_RC( 15739 &buffer, 15740 &response_code, 15741 &response_code_bytes); 15742 if (rc != TPM_RC_SUCCESS) { 15743 return rc; 15744 } 15745 if (response_size != response.size()) { 15746 return TPM_RC_SIZE; 15747 } 15748 if (response_code != TPM_RC_SUCCESS) { 15749 return response_code; 15750 } 15751 TPM_CC command_code = TPM_CC_ECDH_KeyGen; 15752 std::string command_code_bytes; 15753 rc = Serialize_TPM_CC( 15754 command_code, 15755 &command_code_bytes); 15756 if (rc != TPM_RC_SUCCESS) { 15757 return rc; 15758 } 15759 std::string authorization_section_bytes; 15760 if (tag == TPM_ST_SESSIONS) { 15761 UINT32 parameter_section_size = buffer.size(); 15762 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 15763 if (rc != TPM_RC_SUCCESS) { 15764 return rc; 15765 } 15766 if (parameter_section_size > buffer.size()) { 15767 return TPM_RC_INSUFFICIENT; 15768 } 15769 authorization_section_bytes = buffer.substr(parameter_section_size); 15770 // Keep the parameter section in |buffer|. 15771 buffer.erase(parameter_section_size); 15772 } 15773 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 15774 crypto::SecureHash::SHA256)); 15775 hash->Update(response_code_bytes.data(), 15776 response_code_bytes.size()); 15777 hash->Update(command_code_bytes.data(), 15778 command_code_bytes.size()); 15779 hash->Update(buffer.data(), 15780 buffer.size()); 15781 std::string response_hash(32, 0); 15782 hash->Finish(string_as_array(&response_hash), response_hash.size()); 15783 if (tag == TPM_ST_SESSIONS) { 15784 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15785 if (!authorization_delegate->CheckResponseAuthorization( 15786 response_hash, 15787 authorization_section_bytes)) { 15788 return TRUNKS_RC_AUTHORIZATION_FAILED; 15789 } 15790 } 15791 std::string z_point_bytes; 15792 rc = Parse_TPM2B_ECC_POINT( 15793 &buffer, 15794 z_point, 15795 &z_point_bytes); 15796 if (rc != TPM_RC_SUCCESS) { 15797 return rc; 15798 } 15799 std::string pub_point_bytes; 15800 rc = Parse_TPM2B_ECC_POINT( 15801 &buffer, 15802 pub_point, 15803 &pub_point_bytes); 15804 if (rc != TPM_RC_SUCCESS) { 15805 return rc; 15806 } 15807 if (tag == TPM_ST_SESSIONS) { 15808 CHECK(authorization_delegate) << "Authorization delegate missing!"; 15809 // Decrypt just the parameter data, not the size. 15810 std::string tmp = z_point_bytes.substr(2); 15811 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 15812 return TRUNKS_RC_ENCRYPTION_FAILED; 15813 } 15814 z_point_bytes.replace(2, std::string::npos, tmp); 15815 rc = Parse_TPM2B_ECC_POINT( 15816 &z_point_bytes, 15817 z_point, 15818 nullptr); 15819 if (rc != TPM_RC_SUCCESS) { 15820 return rc; 15821 } 15822 } 15823 return TPM_RC_SUCCESS; 15824 } 15825 15826 void ECDH_KeyGenErrorCallback( 15827 const Tpm::ECDH_KeyGenResponse& callback, 15828 TPM_RC response_code) { 15829 VLOG(1) << __func__; 15830 callback.Run(response_code, 15831 TPM2B_ECC_POINT(), 15832 TPM2B_ECC_POINT()); 15833 } 15834 15835 void ECDH_KeyGenResponseParser( 15836 const Tpm::ECDH_KeyGenResponse& callback, 15837 AuthorizationDelegate* authorization_delegate, 15838 const std::string& response) { 15839 VLOG(1) << __func__; 15840 base::Callback<void(TPM_RC)> error_reporter = 15841 base::Bind(ECDH_KeyGenErrorCallback, callback); 15842 TPM2B_ECC_POINT z_point; 15843 TPM2B_ECC_POINT pub_point; 15844 TPM_RC rc = Tpm::ParseResponse_ECDH_KeyGen( 15845 response, 15846 &z_point, 15847 &pub_point, 15848 authorization_delegate); 15849 if (rc != TPM_RC_SUCCESS) { 15850 error_reporter.Run(rc); 15851 return; 15852 } 15853 callback.Run( 15854 rc, 15855 z_point, 15856 pub_point); 15857 } 15858 15859 void Tpm::ECDH_KeyGen( 15860 const TPMI_DH_OBJECT& key_handle, 15861 const std::string& key_handle_name, 15862 AuthorizationDelegate* authorization_delegate, 15863 const ECDH_KeyGenResponse& callback) { 15864 VLOG(1) << __func__; 15865 base::Callback<void(TPM_RC)> error_reporter = 15866 base::Bind(ECDH_KeyGenErrorCallback, callback); 15867 base::Callback<void(const std::string&)> parser = 15868 base::Bind(ECDH_KeyGenResponseParser, 15869 callback, 15870 authorization_delegate); 15871 std::string command; 15872 TPM_RC rc = SerializeCommand_ECDH_KeyGen( 15873 key_handle, 15874 key_handle_name, 15875 &command, 15876 authorization_delegate); 15877 if (rc != TPM_RC_SUCCESS) { 15878 error_reporter.Run(rc); 15879 return; 15880 } 15881 transceiver_->SendCommand(command, parser); 15882 } 15883 15884 TPM_RC Tpm::ECDH_KeyGenSync( 15885 const TPMI_DH_OBJECT& key_handle, 15886 const std::string& key_handle_name, 15887 TPM2B_ECC_POINT* z_point, 15888 TPM2B_ECC_POINT* pub_point, 15889 AuthorizationDelegate* authorization_delegate) { 15890 VLOG(1) << __func__; 15891 std::string command; 15892 TPM_RC rc = SerializeCommand_ECDH_KeyGen( 15893 key_handle, 15894 key_handle_name, 15895 &command, 15896 authorization_delegate); 15897 if (rc != TPM_RC_SUCCESS) { 15898 return rc; 15899 } 15900 std::string response = transceiver_->SendCommandAndWait(command); 15901 rc = ParseResponse_ECDH_KeyGen( 15902 response, 15903 z_point, 15904 pub_point, 15905 authorization_delegate); 15906 return rc; 15907 } 15908 15909 TPM_RC Tpm::SerializeCommand_ECDH_ZGen( 15910 const TPMI_DH_OBJECT& key_handle, 15911 const std::string& key_handle_name, 15912 const TPM2B_ECC_POINT& in_point, 15913 std::string* serialized_command, 15914 AuthorizationDelegate* authorization_delegate) { 15915 VLOG(3) << __func__; 15916 TPM_RC rc = TPM_RC_SUCCESS; 15917 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 15918 UINT32 command_size = 10; // Header size. 15919 std::string handle_section_bytes; 15920 std::string parameter_section_bytes; 15921 TPM_CC command_code = TPM_CC_ECDH_ZGen; 15922 bool is_command_parameter_encryption_possible = true; 15923 bool is_response_parameter_encryption_possible = true; 15924 std::string command_code_bytes; 15925 rc = Serialize_TPM_CC( 15926 command_code, 15927 &command_code_bytes); 15928 if (rc != TPM_RC_SUCCESS) { 15929 return rc; 15930 } 15931 std::string key_handle_bytes; 15932 rc = Serialize_TPMI_DH_OBJECT( 15933 key_handle, 15934 &key_handle_bytes); 15935 if (rc != TPM_RC_SUCCESS) { 15936 return rc; 15937 } 15938 std::string in_point_bytes; 15939 rc = Serialize_TPM2B_ECC_POINT( 15940 in_point, 15941 &in_point_bytes); 15942 if (rc != TPM_RC_SUCCESS) { 15943 return rc; 15944 } 15945 if (authorization_delegate) { 15946 // Encrypt just the parameter data, not the size. 15947 std::string tmp = in_point_bytes.substr(2); 15948 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 15949 return TRUNKS_RC_ENCRYPTION_FAILED; 15950 } 15951 in_point_bytes.replace(2, std::string::npos, tmp); 15952 } 15953 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 15954 crypto::SecureHash::SHA256)); 15955 hash->Update(command_code_bytes.data(), 15956 command_code_bytes.size()); 15957 hash->Update(key_handle_name.data(), 15958 key_handle_name.size()); 15959 handle_section_bytes += key_handle_bytes; 15960 command_size += key_handle_bytes.size(); 15961 hash->Update(in_point_bytes.data(), 15962 in_point_bytes.size()); 15963 parameter_section_bytes += in_point_bytes; 15964 command_size += in_point_bytes.size(); 15965 std::string command_hash(32, 0); 15966 hash->Finish(string_as_array(&command_hash), command_hash.size()); 15967 std::string authorization_section_bytes; 15968 std::string authorization_size_bytes; 15969 if (authorization_delegate) { 15970 if (!authorization_delegate->GetCommandAuthorization( 15971 command_hash, 15972 is_command_parameter_encryption_possible, 15973 is_response_parameter_encryption_possible, 15974 &authorization_section_bytes)) { 15975 return TRUNKS_RC_AUTHORIZATION_FAILED; 15976 } 15977 if (!authorization_section_bytes.empty()) { 15978 tag = TPM_ST_SESSIONS; 15979 std::string tmp; 15980 rc = Serialize_UINT32(authorization_section_bytes.size(), 15981 &authorization_size_bytes); 15982 if (rc != TPM_RC_SUCCESS) { 15983 return rc; 15984 } 15985 command_size += authorization_size_bytes.size() + 15986 authorization_section_bytes.size(); 15987 } 15988 } 15989 std::string tag_bytes; 15990 rc = Serialize_TPMI_ST_COMMAND_TAG( 15991 tag, 15992 &tag_bytes); 15993 if (rc != TPM_RC_SUCCESS) { 15994 return rc; 15995 } 15996 std::string command_size_bytes; 15997 rc = Serialize_UINT32( 15998 command_size, 15999 &command_size_bytes); 16000 if (rc != TPM_RC_SUCCESS) { 16001 return rc; 16002 } 16003 *serialized_command = tag_bytes + 16004 command_size_bytes + 16005 command_code_bytes + 16006 handle_section_bytes + 16007 authorization_size_bytes + 16008 authorization_section_bytes + 16009 parameter_section_bytes; 16010 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 16011 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 16012 serialized_command->size()); 16013 return TPM_RC_SUCCESS; 16014 } 16015 16016 TPM_RC Tpm::ParseResponse_ECDH_ZGen( 16017 const std::string& response, 16018 TPM2B_ECC_POINT* out_point, 16019 AuthorizationDelegate* authorization_delegate) { 16020 VLOG(3) << __func__; 16021 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 16022 TPM_RC rc = TPM_RC_SUCCESS; 16023 std::string buffer(response); 16024 TPM_ST tag; 16025 std::string tag_bytes; 16026 rc = Parse_TPM_ST( 16027 &buffer, 16028 &tag, 16029 &tag_bytes); 16030 if (rc != TPM_RC_SUCCESS) { 16031 return rc; 16032 } 16033 UINT32 response_size; 16034 std::string response_size_bytes; 16035 rc = Parse_UINT32( 16036 &buffer, 16037 &response_size, 16038 &response_size_bytes); 16039 if (rc != TPM_RC_SUCCESS) { 16040 return rc; 16041 } 16042 TPM_RC response_code; 16043 std::string response_code_bytes; 16044 rc = Parse_TPM_RC( 16045 &buffer, 16046 &response_code, 16047 &response_code_bytes); 16048 if (rc != TPM_RC_SUCCESS) { 16049 return rc; 16050 } 16051 if (response_size != response.size()) { 16052 return TPM_RC_SIZE; 16053 } 16054 if (response_code != TPM_RC_SUCCESS) { 16055 return response_code; 16056 } 16057 TPM_CC command_code = TPM_CC_ECDH_ZGen; 16058 std::string command_code_bytes; 16059 rc = Serialize_TPM_CC( 16060 command_code, 16061 &command_code_bytes); 16062 if (rc != TPM_RC_SUCCESS) { 16063 return rc; 16064 } 16065 std::string authorization_section_bytes; 16066 if (tag == TPM_ST_SESSIONS) { 16067 UINT32 parameter_section_size = buffer.size(); 16068 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 16069 if (rc != TPM_RC_SUCCESS) { 16070 return rc; 16071 } 16072 if (parameter_section_size > buffer.size()) { 16073 return TPM_RC_INSUFFICIENT; 16074 } 16075 authorization_section_bytes = buffer.substr(parameter_section_size); 16076 // Keep the parameter section in |buffer|. 16077 buffer.erase(parameter_section_size); 16078 } 16079 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 16080 crypto::SecureHash::SHA256)); 16081 hash->Update(response_code_bytes.data(), 16082 response_code_bytes.size()); 16083 hash->Update(command_code_bytes.data(), 16084 command_code_bytes.size()); 16085 hash->Update(buffer.data(), 16086 buffer.size()); 16087 std::string response_hash(32, 0); 16088 hash->Finish(string_as_array(&response_hash), response_hash.size()); 16089 if (tag == TPM_ST_SESSIONS) { 16090 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16091 if (!authorization_delegate->CheckResponseAuthorization( 16092 response_hash, 16093 authorization_section_bytes)) { 16094 return TRUNKS_RC_AUTHORIZATION_FAILED; 16095 } 16096 } 16097 std::string out_point_bytes; 16098 rc = Parse_TPM2B_ECC_POINT( 16099 &buffer, 16100 out_point, 16101 &out_point_bytes); 16102 if (rc != TPM_RC_SUCCESS) { 16103 return rc; 16104 } 16105 if (tag == TPM_ST_SESSIONS) { 16106 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16107 // Decrypt just the parameter data, not the size. 16108 std::string tmp = out_point_bytes.substr(2); 16109 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 16110 return TRUNKS_RC_ENCRYPTION_FAILED; 16111 } 16112 out_point_bytes.replace(2, std::string::npos, tmp); 16113 rc = Parse_TPM2B_ECC_POINT( 16114 &out_point_bytes, 16115 out_point, 16116 nullptr); 16117 if (rc != TPM_RC_SUCCESS) { 16118 return rc; 16119 } 16120 } 16121 return TPM_RC_SUCCESS; 16122 } 16123 16124 void ECDH_ZGenErrorCallback( 16125 const Tpm::ECDH_ZGenResponse& callback, 16126 TPM_RC response_code) { 16127 VLOG(1) << __func__; 16128 callback.Run(response_code, 16129 TPM2B_ECC_POINT()); 16130 } 16131 16132 void ECDH_ZGenResponseParser( 16133 const Tpm::ECDH_ZGenResponse& callback, 16134 AuthorizationDelegate* authorization_delegate, 16135 const std::string& response) { 16136 VLOG(1) << __func__; 16137 base::Callback<void(TPM_RC)> error_reporter = 16138 base::Bind(ECDH_ZGenErrorCallback, callback); 16139 TPM2B_ECC_POINT out_point; 16140 TPM_RC rc = Tpm::ParseResponse_ECDH_ZGen( 16141 response, 16142 &out_point, 16143 authorization_delegate); 16144 if (rc != TPM_RC_SUCCESS) { 16145 error_reporter.Run(rc); 16146 return; 16147 } 16148 callback.Run( 16149 rc, 16150 out_point); 16151 } 16152 16153 void Tpm::ECDH_ZGen( 16154 const TPMI_DH_OBJECT& key_handle, 16155 const std::string& key_handle_name, 16156 const TPM2B_ECC_POINT& in_point, 16157 AuthorizationDelegate* authorization_delegate, 16158 const ECDH_ZGenResponse& callback) { 16159 VLOG(1) << __func__; 16160 base::Callback<void(TPM_RC)> error_reporter = 16161 base::Bind(ECDH_ZGenErrorCallback, callback); 16162 base::Callback<void(const std::string&)> parser = 16163 base::Bind(ECDH_ZGenResponseParser, 16164 callback, 16165 authorization_delegate); 16166 std::string command; 16167 TPM_RC rc = SerializeCommand_ECDH_ZGen( 16168 key_handle, 16169 key_handle_name, 16170 in_point, 16171 &command, 16172 authorization_delegate); 16173 if (rc != TPM_RC_SUCCESS) { 16174 error_reporter.Run(rc); 16175 return; 16176 } 16177 transceiver_->SendCommand(command, parser); 16178 } 16179 16180 TPM_RC Tpm::ECDH_ZGenSync( 16181 const TPMI_DH_OBJECT& key_handle, 16182 const std::string& key_handle_name, 16183 const TPM2B_ECC_POINT& in_point, 16184 TPM2B_ECC_POINT* out_point, 16185 AuthorizationDelegate* authorization_delegate) { 16186 VLOG(1) << __func__; 16187 std::string command; 16188 TPM_RC rc = SerializeCommand_ECDH_ZGen( 16189 key_handle, 16190 key_handle_name, 16191 in_point, 16192 &command, 16193 authorization_delegate); 16194 if (rc != TPM_RC_SUCCESS) { 16195 return rc; 16196 } 16197 std::string response = transceiver_->SendCommandAndWait(command); 16198 rc = ParseResponse_ECDH_ZGen( 16199 response, 16200 out_point, 16201 authorization_delegate); 16202 return rc; 16203 } 16204 16205 TPM_RC Tpm::SerializeCommand_ECC_Parameters( 16206 const TPMI_ECC_CURVE& curve_id, 16207 std::string* serialized_command, 16208 AuthorizationDelegate* authorization_delegate) { 16209 VLOG(3) << __func__; 16210 TPM_RC rc = TPM_RC_SUCCESS; 16211 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 16212 UINT32 command_size = 10; // Header size. 16213 std::string handle_section_bytes; 16214 std::string parameter_section_bytes; 16215 TPM_CC command_code = TPM_CC_ECC_Parameters; 16216 bool is_command_parameter_encryption_possible = false; 16217 bool is_response_parameter_encryption_possible = false; 16218 std::string command_code_bytes; 16219 rc = Serialize_TPM_CC( 16220 command_code, 16221 &command_code_bytes); 16222 if (rc != TPM_RC_SUCCESS) { 16223 return rc; 16224 } 16225 std::string curve_id_bytes; 16226 rc = Serialize_TPMI_ECC_CURVE( 16227 curve_id, 16228 &curve_id_bytes); 16229 if (rc != TPM_RC_SUCCESS) { 16230 return rc; 16231 } 16232 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 16233 crypto::SecureHash::SHA256)); 16234 hash->Update(command_code_bytes.data(), 16235 command_code_bytes.size()); 16236 hash->Update(curve_id_bytes.data(), 16237 curve_id_bytes.size()); 16238 parameter_section_bytes += curve_id_bytes; 16239 command_size += curve_id_bytes.size(); 16240 std::string command_hash(32, 0); 16241 hash->Finish(string_as_array(&command_hash), command_hash.size()); 16242 std::string authorization_section_bytes; 16243 std::string authorization_size_bytes; 16244 if (authorization_delegate) { 16245 if (!authorization_delegate->GetCommandAuthorization( 16246 command_hash, 16247 is_command_parameter_encryption_possible, 16248 is_response_parameter_encryption_possible, 16249 &authorization_section_bytes)) { 16250 return TRUNKS_RC_AUTHORIZATION_FAILED; 16251 } 16252 if (!authorization_section_bytes.empty()) { 16253 tag = TPM_ST_SESSIONS; 16254 std::string tmp; 16255 rc = Serialize_UINT32(authorization_section_bytes.size(), 16256 &authorization_size_bytes); 16257 if (rc != TPM_RC_SUCCESS) { 16258 return rc; 16259 } 16260 command_size += authorization_size_bytes.size() + 16261 authorization_section_bytes.size(); 16262 } 16263 } 16264 std::string tag_bytes; 16265 rc = Serialize_TPMI_ST_COMMAND_TAG( 16266 tag, 16267 &tag_bytes); 16268 if (rc != TPM_RC_SUCCESS) { 16269 return rc; 16270 } 16271 std::string command_size_bytes; 16272 rc = Serialize_UINT32( 16273 command_size, 16274 &command_size_bytes); 16275 if (rc != TPM_RC_SUCCESS) { 16276 return rc; 16277 } 16278 *serialized_command = tag_bytes + 16279 command_size_bytes + 16280 command_code_bytes + 16281 handle_section_bytes + 16282 authorization_size_bytes + 16283 authorization_section_bytes + 16284 parameter_section_bytes; 16285 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 16286 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 16287 serialized_command->size()); 16288 return TPM_RC_SUCCESS; 16289 } 16290 16291 TPM_RC Tpm::ParseResponse_ECC_Parameters( 16292 const std::string& response, 16293 TPMS_ALGORITHM_DETAIL_ECC* parameters, 16294 AuthorizationDelegate* authorization_delegate) { 16295 VLOG(3) << __func__; 16296 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 16297 TPM_RC rc = TPM_RC_SUCCESS; 16298 std::string buffer(response); 16299 TPM_ST tag; 16300 std::string tag_bytes; 16301 rc = Parse_TPM_ST( 16302 &buffer, 16303 &tag, 16304 &tag_bytes); 16305 if (rc != TPM_RC_SUCCESS) { 16306 return rc; 16307 } 16308 UINT32 response_size; 16309 std::string response_size_bytes; 16310 rc = Parse_UINT32( 16311 &buffer, 16312 &response_size, 16313 &response_size_bytes); 16314 if (rc != TPM_RC_SUCCESS) { 16315 return rc; 16316 } 16317 TPM_RC response_code; 16318 std::string response_code_bytes; 16319 rc = Parse_TPM_RC( 16320 &buffer, 16321 &response_code, 16322 &response_code_bytes); 16323 if (rc != TPM_RC_SUCCESS) { 16324 return rc; 16325 } 16326 if (response_size != response.size()) { 16327 return TPM_RC_SIZE; 16328 } 16329 if (response_code != TPM_RC_SUCCESS) { 16330 return response_code; 16331 } 16332 TPM_CC command_code = TPM_CC_ECC_Parameters; 16333 std::string command_code_bytes; 16334 rc = Serialize_TPM_CC( 16335 command_code, 16336 &command_code_bytes); 16337 if (rc != TPM_RC_SUCCESS) { 16338 return rc; 16339 } 16340 std::string authorization_section_bytes; 16341 if (tag == TPM_ST_SESSIONS) { 16342 UINT32 parameter_section_size = buffer.size(); 16343 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 16344 if (rc != TPM_RC_SUCCESS) { 16345 return rc; 16346 } 16347 if (parameter_section_size > buffer.size()) { 16348 return TPM_RC_INSUFFICIENT; 16349 } 16350 authorization_section_bytes = buffer.substr(parameter_section_size); 16351 // Keep the parameter section in |buffer|. 16352 buffer.erase(parameter_section_size); 16353 } 16354 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 16355 crypto::SecureHash::SHA256)); 16356 hash->Update(response_code_bytes.data(), 16357 response_code_bytes.size()); 16358 hash->Update(command_code_bytes.data(), 16359 command_code_bytes.size()); 16360 hash->Update(buffer.data(), 16361 buffer.size()); 16362 std::string response_hash(32, 0); 16363 hash->Finish(string_as_array(&response_hash), response_hash.size()); 16364 if (tag == TPM_ST_SESSIONS) { 16365 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16366 if (!authorization_delegate->CheckResponseAuthorization( 16367 response_hash, 16368 authorization_section_bytes)) { 16369 return TRUNKS_RC_AUTHORIZATION_FAILED; 16370 } 16371 } 16372 std::string parameters_bytes; 16373 rc = Parse_TPMS_ALGORITHM_DETAIL_ECC( 16374 &buffer, 16375 parameters, 16376 ¶meters_bytes); 16377 if (rc != TPM_RC_SUCCESS) { 16378 return rc; 16379 } 16380 return TPM_RC_SUCCESS; 16381 } 16382 16383 void ECC_ParametersErrorCallback( 16384 const Tpm::ECC_ParametersResponse& callback, 16385 TPM_RC response_code) { 16386 VLOG(1) << __func__; 16387 callback.Run(response_code, 16388 TPMS_ALGORITHM_DETAIL_ECC()); 16389 } 16390 16391 void ECC_ParametersResponseParser( 16392 const Tpm::ECC_ParametersResponse& callback, 16393 AuthorizationDelegate* authorization_delegate, 16394 const std::string& response) { 16395 VLOG(1) << __func__; 16396 base::Callback<void(TPM_RC)> error_reporter = 16397 base::Bind(ECC_ParametersErrorCallback, callback); 16398 TPMS_ALGORITHM_DETAIL_ECC parameters; 16399 TPM_RC rc = Tpm::ParseResponse_ECC_Parameters( 16400 response, 16401 ¶meters, 16402 authorization_delegate); 16403 if (rc != TPM_RC_SUCCESS) { 16404 error_reporter.Run(rc); 16405 return; 16406 } 16407 callback.Run( 16408 rc, 16409 parameters); 16410 } 16411 16412 void Tpm::ECC_Parameters( 16413 const TPMI_ECC_CURVE& curve_id, 16414 AuthorizationDelegate* authorization_delegate, 16415 const ECC_ParametersResponse& callback) { 16416 VLOG(1) << __func__; 16417 base::Callback<void(TPM_RC)> error_reporter = 16418 base::Bind(ECC_ParametersErrorCallback, callback); 16419 base::Callback<void(const std::string&)> parser = 16420 base::Bind(ECC_ParametersResponseParser, 16421 callback, 16422 authorization_delegate); 16423 std::string command; 16424 TPM_RC rc = SerializeCommand_ECC_Parameters( 16425 curve_id, 16426 &command, 16427 authorization_delegate); 16428 if (rc != TPM_RC_SUCCESS) { 16429 error_reporter.Run(rc); 16430 return; 16431 } 16432 transceiver_->SendCommand(command, parser); 16433 } 16434 16435 TPM_RC Tpm::ECC_ParametersSync( 16436 const TPMI_ECC_CURVE& curve_id, 16437 TPMS_ALGORITHM_DETAIL_ECC* parameters, 16438 AuthorizationDelegate* authorization_delegate) { 16439 VLOG(1) << __func__; 16440 std::string command; 16441 TPM_RC rc = SerializeCommand_ECC_Parameters( 16442 curve_id, 16443 &command, 16444 authorization_delegate); 16445 if (rc != TPM_RC_SUCCESS) { 16446 return rc; 16447 } 16448 std::string response = transceiver_->SendCommandAndWait(command); 16449 rc = ParseResponse_ECC_Parameters( 16450 response, 16451 parameters, 16452 authorization_delegate); 16453 return rc; 16454 } 16455 16456 TPM_RC Tpm::SerializeCommand_ZGen_2Phase( 16457 const TPMI_DH_OBJECT& key_a, 16458 const std::string& key_a_name, 16459 const TPM2B_ECC_POINT& in_qs_b, 16460 const TPM2B_ECC_POINT& in_qe_b, 16461 const TPMI_ECC_KEY_EXCHANGE& in_scheme, 16462 const UINT16& counter, 16463 std::string* serialized_command, 16464 AuthorizationDelegate* authorization_delegate) { 16465 VLOG(3) << __func__; 16466 TPM_RC rc = TPM_RC_SUCCESS; 16467 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 16468 UINT32 command_size = 10; // Header size. 16469 std::string handle_section_bytes; 16470 std::string parameter_section_bytes; 16471 TPM_CC command_code = TPM_CC_ZGen_2Phase; 16472 bool is_command_parameter_encryption_possible = true; 16473 bool is_response_parameter_encryption_possible = true; 16474 std::string command_code_bytes; 16475 rc = Serialize_TPM_CC( 16476 command_code, 16477 &command_code_bytes); 16478 if (rc != TPM_RC_SUCCESS) { 16479 return rc; 16480 } 16481 std::string key_a_bytes; 16482 rc = Serialize_TPMI_DH_OBJECT( 16483 key_a, 16484 &key_a_bytes); 16485 if (rc != TPM_RC_SUCCESS) { 16486 return rc; 16487 } 16488 std::string in_qs_b_bytes; 16489 rc = Serialize_TPM2B_ECC_POINT( 16490 in_qs_b, 16491 &in_qs_b_bytes); 16492 if (rc != TPM_RC_SUCCESS) { 16493 return rc; 16494 } 16495 std::string in_qe_b_bytes; 16496 rc = Serialize_TPM2B_ECC_POINT( 16497 in_qe_b, 16498 &in_qe_b_bytes); 16499 if (rc != TPM_RC_SUCCESS) { 16500 return rc; 16501 } 16502 std::string in_scheme_bytes; 16503 rc = Serialize_TPMI_ECC_KEY_EXCHANGE( 16504 in_scheme, 16505 &in_scheme_bytes); 16506 if (rc != TPM_RC_SUCCESS) { 16507 return rc; 16508 } 16509 std::string counter_bytes; 16510 rc = Serialize_UINT16( 16511 counter, 16512 &counter_bytes); 16513 if (rc != TPM_RC_SUCCESS) { 16514 return rc; 16515 } 16516 if (authorization_delegate) { 16517 // Encrypt just the parameter data, not the size. 16518 std::string tmp = in_qs_b_bytes.substr(2); 16519 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 16520 return TRUNKS_RC_ENCRYPTION_FAILED; 16521 } 16522 in_qs_b_bytes.replace(2, std::string::npos, tmp); 16523 } 16524 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 16525 crypto::SecureHash::SHA256)); 16526 hash->Update(command_code_bytes.data(), 16527 command_code_bytes.size()); 16528 hash->Update(key_a_name.data(), 16529 key_a_name.size()); 16530 handle_section_bytes += key_a_bytes; 16531 command_size += key_a_bytes.size(); 16532 hash->Update(in_qs_b_bytes.data(), 16533 in_qs_b_bytes.size()); 16534 parameter_section_bytes += in_qs_b_bytes; 16535 command_size += in_qs_b_bytes.size(); 16536 hash->Update(in_qe_b_bytes.data(), 16537 in_qe_b_bytes.size()); 16538 parameter_section_bytes += in_qe_b_bytes; 16539 command_size += in_qe_b_bytes.size(); 16540 hash->Update(in_scheme_bytes.data(), 16541 in_scheme_bytes.size()); 16542 parameter_section_bytes += in_scheme_bytes; 16543 command_size += in_scheme_bytes.size(); 16544 hash->Update(counter_bytes.data(), 16545 counter_bytes.size()); 16546 parameter_section_bytes += counter_bytes; 16547 command_size += counter_bytes.size(); 16548 std::string command_hash(32, 0); 16549 hash->Finish(string_as_array(&command_hash), command_hash.size()); 16550 std::string authorization_section_bytes; 16551 std::string authorization_size_bytes; 16552 if (authorization_delegate) { 16553 if (!authorization_delegate->GetCommandAuthorization( 16554 command_hash, 16555 is_command_parameter_encryption_possible, 16556 is_response_parameter_encryption_possible, 16557 &authorization_section_bytes)) { 16558 return TRUNKS_RC_AUTHORIZATION_FAILED; 16559 } 16560 if (!authorization_section_bytes.empty()) { 16561 tag = TPM_ST_SESSIONS; 16562 std::string tmp; 16563 rc = Serialize_UINT32(authorization_section_bytes.size(), 16564 &authorization_size_bytes); 16565 if (rc != TPM_RC_SUCCESS) { 16566 return rc; 16567 } 16568 command_size += authorization_size_bytes.size() + 16569 authorization_section_bytes.size(); 16570 } 16571 } 16572 std::string tag_bytes; 16573 rc = Serialize_TPMI_ST_COMMAND_TAG( 16574 tag, 16575 &tag_bytes); 16576 if (rc != TPM_RC_SUCCESS) { 16577 return rc; 16578 } 16579 std::string command_size_bytes; 16580 rc = Serialize_UINT32( 16581 command_size, 16582 &command_size_bytes); 16583 if (rc != TPM_RC_SUCCESS) { 16584 return rc; 16585 } 16586 *serialized_command = tag_bytes + 16587 command_size_bytes + 16588 command_code_bytes + 16589 handle_section_bytes + 16590 authorization_size_bytes + 16591 authorization_section_bytes + 16592 parameter_section_bytes; 16593 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 16594 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 16595 serialized_command->size()); 16596 return TPM_RC_SUCCESS; 16597 } 16598 16599 TPM_RC Tpm::ParseResponse_ZGen_2Phase( 16600 const std::string& response, 16601 TPM2B_ECC_POINT* out_z1, 16602 TPM2B_ECC_POINT* out_z2, 16603 AuthorizationDelegate* authorization_delegate) { 16604 VLOG(3) << __func__; 16605 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 16606 TPM_RC rc = TPM_RC_SUCCESS; 16607 std::string buffer(response); 16608 TPM_ST tag; 16609 std::string tag_bytes; 16610 rc = Parse_TPM_ST( 16611 &buffer, 16612 &tag, 16613 &tag_bytes); 16614 if (rc != TPM_RC_SUCCESS) { 16615 return rc; 16616 } 16617 UINT32 response_size; 16618 std::string response_size_bytes; 16619 rc = Parse_UINT32( 16620 &buffer, 16621 &response_size, 16622 &response_size_bytes); 16623 if (rc != TPM_RC_SUCCESS) { 16624 return rc; 16625 } 16626 TPM_RC response_code; 16627 std::string response_code_bytes; 16628 rc = Parse_TPM_RC( 16629 &buffer, 16630 &response_code, 16631 &response_code_bytes); 16632 if (rc != TPM_RC_SUCCESS) { 16633 return rc; 16634 } 16635 if (response_size != response.size()) { 16636 return TPM_RC_SIZE; 16637 } 16638 if (response_code != TPM_RC_SUCCESS) { 16639 return response_code; 16640 } 16641 TPM_CC command_code = TPM_CC_ZGen_2Phase; 16642 std::string command_code_bytes; 16643 rc = Serialize_TPM_CC( 16644 command_code, 16645 &command_code_bytes); 16646 if (rc != TPM_RC_SUCCESS) { 16647 return rc; 16648 } 16649 std::string authorization_section_bytes; 16650 if (tag == TPM_ST_SESSIONS) { 16651 UINT32 parameter_section_size = buffer.size(); 16652 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 16653 if (rc != TPM_RC_SUCCESS) { 16654 return rc; 16655 } 16656 if (parameter_section_size > buffer.size()) { 16657 return TPM_RC_INSUFFICIENT; 16658 } 16659 authorization_section_bytes = buffer.substr(parameter_section_size); 16660 // Keep the parameter section in |buffer|. 16661 buffer.erase(parameter_section_size); 16662 } 16663 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 16664 crypto::SecureHash::SHA256)); 16665 hash->Update(response_code_bytes.data(), 16666 response_code_bytes.size()); 16667 hash->Update(command_code_bytes.data(), 16668 command_code_bytes.size()); 16669 hash->Update(buffer.data(), 16670 buffer.size()); 16671 std::string response_hash(32, 0); 16672 hash->Finish(string_as_array(&response_hash), response_hash.size()); 16673 if (tag == TPM_ST_SESSIONS) { 16674 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16675 if (!authorization_delegate->CheckResponseAuthorization( 16676 response_hash, 16677 authorization_section_bytes)) { 16678 return TRUNKS_RC_AUTHORIZATION_FAILED; 16679 } 16680 } 16681 std::string out_z1_bytes; 16682 rc = Parse_TPM2B_ECC_POINT( 16683 &buffer, 16684 out_z1, 16685 &out_z1_bytes); 16686 if (rc != TPM_RC_SUCCESS) { 16687 return rc; 16688 } 16689 std::string out_z2_bytes; 16690 rc = Parse_TPM2B_ECC_POINT( 16691 &buffer, 16692 out_z2, 16693 &out_z2_bytes); 16694 if (rc != TPM_RC_SUCCESS) { 16695 return rc; 16696 } 16697 if (tag == TPM_ST_SESSIONS) { 16698 CHECK(authorization_delegate) << "Authorization delegate missing!"; 16699 // Decrypt just the parameter data, not the size. 16700 std::string tmp = out_z1_bytes.substr(2); 16701 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 16702 return TRUNKS_RC_ENCRYPTION_FAILED; 16703 } 16704 out_z1_bytes.replace(2, std::string::npos, tmp); 16705 rc = Parse_TPM2B_ECC_POINT( 16706 &out_z1_bytes, 16707 out_z1, 16708 nullptr); 16709 if (rc != TPM_RC_SUCCESS) { 16710 return rc; 16711 } 16712 } 16713 return TPM_RC_SUCCESS; 16714 } 16715 16716 void ZGen_2PhaseErrorCallback( 16717 const Tpm::ZGen_2PhaseResponse& callback, 16718 TPM_RC response_code) { 16719 VLOG(1) << __func__; 16720 callback.Run(response_code, 16721 TPM2B_ECC_POINT(), 16722 TPM2B_ECC_POINT()); 16723 } 16724 16725 void ZGen_2PhaseResponseParser( 16726 const Tpm::ZGen_2PhaseResponse& callback, 16727 AuthorizationDelegate* authorization_delegate, 16728 const std::string& response) { 16729 VLOG(1) << __func__; 16730 base::Callback<void(TPM_RC)> error_reporter = 16731 base::Bind(ZGen_2PhaseErrorCallback, callback); 16732 TPM2B_ECC_POINT out_z1; 16733 TPM2B_ECC_POINT out_z2; 16734 TPM_RC rc = Tpm::ParseResponse_ZGen_2Phase( 16735 response, 16736 &out_z1, 16737 &out_z2, 16738 authorization_delegate); 16739 if (rc != TPM_RC_SUCCESS) { 16740 error_reporter.Run(rc); 16741 return; 16742 } 16743 callback.Run( 16744 rc, 16745 out_z1, 16746 out_z2); 16747 } 16748 16749 void Tpm::ZGen_2Phase( 16750 const TPMI_DH_OBJECT& key_a, 16751 const std::string& key_a_name, 16752 const TPM2B_ECC_POINT& in_qs_b, 16753 const TPM2B_ECC_POINT& in_qe_b, 16754 const TPMI_ECC_KEY_EXCHANGE& in_scheme, 16755 const UINT16& counter, 16756 AuthorizationDelegate* authorization_delegate, 16757 const ZGen_2PhaseResponse& callback) { 16758 VLOG(1) << __func__; 16759 base::Callback<void(TPM_RC)> error_reporter = 16760 base::Bind(ZGen_2PhaseErrorCallback, callback); 16761 base::Callback<void(const std::string&)> parser = 16762 base::Bind(ZGen_2PhaseResponseParser, 16763 callback, 16764 authorization_delegate); 16765 std::string command; 16766 TPM_RC rc = SerializeCommand_ZGen_2Phase( 16767 key_a, 16768 key_a_name, 16769 in_qs_b, 16770 in_qe_b, 16771 in_scheme, 16772 counter, 16773 &command, 16774 authorization_delegate); 16775 if (rc != TPM_RC_SUCCESS) { 16776 error_reporter.Run(rc); 16777 return; 16778 } 16779 transceiver_->SendCommand(command, parser); 16780 } 16781 16782 TPM_RC Tpm::ZGen_2PhaseSync( 16783 const TPMI_DH_OBJECT& key_a, 16784 const std::string& key_a_name, 16785 const TPM2B_ECC_POINT& in_qs_b, 16786 const TPM2B_ECC_POINT& in_qe_b, 16787 const TPMI_ECC_KEY_EXCHANGE& in_scheme, 16788 const UINT16& counter, 16789 TPM2B_ECC_POINT* out_z1, 16790 TPM2B_ECC_POINT* out_z2, 16791 AuthorizationDelegate* authorization_delegate) { 16792 VLOG(1) << __func__; 16793 std::string command; 16794 TPM_RC rc = SerializeCommand_ZGen_2Phase( 16795 key_a, 16796 key_a_name, 16797 in_qs_b, 16798 in_qe_b, 16799 in_scheme, 16800 counter, 16801 &command, 16802 authorization_delegate); 16803 if (rc != TPM_RC_SUCCESS) { 16804 return rc; 16805 } 16806 std::string response = transceiver_->SendCommandAndWait(command); 16807 rc = ParseResponse_ZGen_2Phase( 16808 response, 16809 out_z1, 16810 out_z2, 16811 authorization_delegate); 16812 return rc; 16813 } 16814 16815 TPM_RC Tpm::SerializeCommand_EncryptDecrypt( 16816 const TPMI_DH_OBJECT& key_handle, 16817 const std::string& key_handle_name, 16818 const TPMI_YES_NO& decrypt, 16819 const TPMI_ALG_SYM_MODE& mode, 16820 const TPM2B_IV& iv_in, 16821 const TPM2B_MAX_BUFFER& in_data, 16822 std::string* serialized_command, 16823 AuthorizationDelegate* authorization_delegate) { 16824 VLOG(3) << __func__; 16825 TPM_RC rc = TPM_RC_SUCCESS; 16826 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 16827 UINT32 command_size = 10; // Header size. 16828 std::string handle_section_bytes; 16829 std::string parameter_section_bytes; 16830 TPM_CC command_code = TPM_CC_EncryptDecrypt; 16831 bool is_command_parameter_encryption_possible = false; 16832 bool is_response_parameter_encryption_possible = true; 16833 std::string command_code_bytes; 16834 rc = Serialize_TPM_CC( 16835 command_code, 16836 &command_code_bytes); 16837 if (rc != TPM_RC_SUCCESS) { 16838 return rc; 16839 } 16840 std::string key_handle_bytes; 16841 rc = Serialize_TPMI_DH_OBJECT( 16842 key_handle, 16843 &key_handle_bytes); 16844 if (rc != TPM_RC_SUCCESS) { 16845 return rc; 16846 } 16847 std::string decrypt_bytes; 16848 rc = Serialize_TPMI_YES_NO( 16849 decrypt, 16850 &decrypt_bytes); 16851 if (rc != TPM_RC_SUCCESS) { 16852 return rc; 16853 } 16854 std::string mode_bytes; 16855 rc = Serialize_TPMI_ALG_SYM_MODE( 16856 mode, 16857 &mode_bytes); 16858 if (rc != TPM_RC_SUCCESS) { 16859 return rc; 16860 } 16861 std::string iv_in_bytes; 16862 rc = Serialize_TPM2B_IV( 16863 iv_in, 16864 &iv_in_bytes); 16865 if (rc != TPM_RC_SUCCESS) { 16866 return rc; 16867 } 16868 std::string in_data_bytes; 16869 rc = Serialize_TPM2B_MAX_BUFFER( 16870 in_data, 16871 &in_data_bytes); 16872 if (rc != TPM_RC_SUCCESS) { 16873 return rc; 16874 } 16875 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 16876 crypto::SecureHash::SHA256)); 16877 hash->Update(command_code_bytes.data(), 16878 command_code_bytes.size()); 16879 hash->Update(key_handle_name.data(), 16880 key_handle_name.size()); 16881 handle_section_bytes += key_handle_bytes; 16882 command_size += key_handle_bytes.size(); 16883 hash->Update(decrypt_bytes.data(), 16884 decrypt_bytes.size()); 16885 parameter_section_bytes += decrypt_bytes; 16886 command_size += decrypt_bytes.size(); 16887 hash->Update(mode_bytes.data(), 16888 mode_bytes.size()); 16889 parameter_section_bytes += mode_bytes; 16890 command_size += mode_bytes.size(); 16891 hash->Update(iv_in_bytes.data(), 16892 iv_in_bytes.size()); 16893 parameter_section_bytes += iv_in_bytes; 16894 command_size += iv_in_bytes.size(); 16895 hash->Update(in_data_bytes.data(), 16896 in_data_bytes.size()); 16897 parameter_section_bytes += in_data_bytes; 16898 command_size += in_data_bytes.size(); 16899 std::string command_hash(32, 0); 16900 hash->Finish(string_as_array(&command_hash), command_hash.size()); 16901 std::string authorization_section_bytes; 16902 std::string authorization_size_bytes; 16903 if (authorization_delegate) { 16904 if (!authorization_delegate->GetCommandAuthorization( 16905 command_hash, 16906 is_command_parameter_encryption_possible, 16907 is_response_parameter_encryption_possible, 16908 &authorization_section_bytes)) { 16909 return TRUNKS_RC_AUTHORIZATION_FAILED; 16910 } 16911 if (!authorization_section_bytes.empty()) { 16912 tag = TPM_ST_SESSIONS; 16913 std::string tmp; 16914 rc = Serialize_UINT32(authorization_section_bytes.size(), 16915 &authorization_size_bytes); 16916 if (rc != TPM_RC_SUCCESS) { 16917 return rc; 16918 } 16919 command_size += authorization_size_bytes.size() + 16920 authorization_section_bytes.size(); 16921 } 16922 } 16923 std::string tag_bytes; 16924 rc = Serialize_TPMI_ST_COMMAND_TAG( 16925 tag, 16926 &tag_bytes); 16927 if (rc != TPM_RC_SUCCESS) { 16928 return rc; 16929 } 16930 std::string command_size_bytes; 16931 rc = Serialize_UINT32( 16932 command_size, 16933 &command_size_bytes); 16934 if (rc != TPM_RC_SUCCESS) { 16935 return rc; 16936 } 16937 *serialized_command = tag_bytes + 16938 command_size_bytes + 16939 command_code_bytes + 16940 handle_section_bytes + 16941 authorization_size_bytes + 16942 authorization_section_bytes + 16943 parameter_section_bytes; 16944 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 16945 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 16946 serialized_command->size()); 16947 return TPM_RC_SUCCESS; 16948 } 16949 16950 TPM_RC Tpm::ParseResponse_EncryptDecrypt( 16951 const std::string& response, 16952 TPM2B_MAX_BUFFER* out_data, 16953 TPM2B_IV* iv_out, 16954 AuthorizationDelegate* authorization_delegate) { 16955 VLOG(3) << __func__; 16956 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 16957 TPM_RC rc = TPM_RC_SUCCESS; 16958 std::string buffer(response); 16959 TPM_ST tag; 16960 std::string tag_bytes; 16961 rc = Parse_TPM_ST( 16962 &buffer, 16963 &tag, 16964 &tag_bytes); 16965 if (rc != TPM_RC_SUCCESS) { 16966 return rc; 16967 } 16968 UINT32 response_size; 16969 std::string response_size_bytes; 16970 rc = Parse_UINT32( 16971 &buffer, 16972 &response_size, 16973 &response_size_bytes); 16974 if (rc != TPM_RC_SUCCESS) { 16975 return rc; 16976 } 16977 TPM_RC response_code; 16978 std::string response_code_bytes; 16979 rc = Parse_TPM_RC( 16980 &buffer, 16981 &response_code, 16982 &response_code_bytes); 16983 if (rc != TPM_RC_SUCCESS) { 16984 return rc; 16985 } 16986 if (response_size != response.size()) { 16987 return TPM_RC_SIZE; 16988 } 16989 if (response_code != TPM_RC_SUCCESS) { 16990 return response_code; 16991 } 16992 TPM_CC command_code = TPM_CC_EncryptDecrypt; 16993 std::string command_code_bytes; 16994 rc = Serialize_TPM_CC( 16995 command_code, 16996 &command_code_bytes); 16997 if (rc != TPM_RC_SUCCESS) { 16998 return rc; 16999 } 17000 std::string authorization_section_bytes; 17001 if (tag == TPM_ST_SESSIONS) { 17002 UINT32 parameter_section_size = buffer.size(); 17003 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 17004 if (rc != TPM_RC_SUCCESS) { 17005 return rc; 17006 } 17007 if (parameter_section_size > buffer.size()) { 17008 return TPM_RC_INSUFFICIENT; 17009 } 17010 authorization_section_bytes = buffer.substr(parameter_section_size); 17011 // Keep the parameter section in |buffer|. 17012 buffer.erase(parameter_section_size); 17013 } 17014 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 17015 crypto::SecureHash::SHA256)); 17016 hash->Update(response_code_bytes.data(), 17017 response_code_bytes.size()); 17018 hash->Update(command_code_bytes.data(), 17019 command_code_bytes.size()); 17020 hash->Update(buffer.data(), 17021 buffer.size()); 17022 std::string response_hash(32, 0); 17023 hash->Finish(string_as_array(&response_hash), response_hash.size()); 17024 if (tag == TPM_ST_SESSIONS) { 17025 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17026 if (!authorization_delegate->CheckResponseAuthorization( 17027 response_hash, 17028 authorization_section_bytes)) { 17029 return TRUNKS_RC_AUTHORIZATION_FAILED; 17030 } 17031 } 17032 std::string out_data_bytes; 17033 rc = Parse_TPM2B_MAX_BUFFER( 17034 &buffer, 17035 out_data, 17036 &out_data_bytes); 17037 if (rc != TPM_RC_SUCCESS) { 17038 return rc; 17039 } 17040 std::string iv_out_bytes; 17041 rc = Parse_TPM2B_IV( 17042 &buffer, 17043 iv_out, 17044 &iv_out_bytes); 17045 if (rc != TPM_RC_SUCCESS) { 17046 return rc; 17047 } 17048 if (tag == TPM_ST_SESSIONS) { 17049 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17050 // Decrypt just the parameter data, not the size. 17051 std::string tmp = out_data_bytes.substr(2); 17052 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 17053 return TRUNKS_RC_ENCRYPTION_FAILED; 17054 } 17055 out_data_bytes.replace(2, std::string::npos, tmp); 17056 rc = Parse_TPM2B_MAX_BUFFER( 17057 &out_data_bytes, 17058 out_data, 17059 nullptr); 17060 if (rc != TPM_RC_SUCCESS) { 17061 return rc; 17062 } 17063 } 17064 return TPM_RC_SUCCESS; 17065 } 17066 17067 void EncryptDecryptErrorCallback( 17068 const Tpm::EncryptDecryptResponse& callback, 17069 TPM_RC response_code) { 17070 VLOG(1) << __func__; 17071 callback.Run(response_code, 17072 TPM2B_MAX_BUFFER(), 17073 TPM2B_IV()); 17074 } 17075 17076 void EncryptDecryptResponseParser( 17077 const Tpm::EncryptDecryptResponse& callback, 17078 AuthorizationDelegate* authorization_delegate, 17079 const std::string& response) { 17080 VLOG(1) << __func__; 17081 base::Callback<void(TPM_RC)> error_reporter = 17082 base::Bind(EncryptDecryptErrorCallback, callback); 17083 TPM2B_MAX_BUFFER out_data; 17084 TPM2B_IV iv_out; 17085 TPM_RC rc = Tpm::ParseResponse_EncryptDecrypt( 17086 response, 17087 &out_data, 17088 &iv_out, 17089 authorization_delegate); 17090 if (rc != TPM_RC_SUCCESS) { 17091 error_reporter.Run(rc); 17092 return; 17093 } 17094 callback.Run( 17095 rc, 17096 out_data, 17097 iv_out); 17098 } 17099 17100 void Tpm::EncryptDecrypt( 17101 const TPMI_DH_OBJECT& key_handle, 17102 const std::string& key_handle_name, 17103 const TPMI_YES_NO& decrypt, 17104 const TPMI_ALG_SYM_MODE& mode, 17105 const TPM2B_IV& iv_in, 17106 const TPM2B_MAX_BUFFER& in_data, 17107 AuthorizationDelegate* authorization_delegate, 17108 const EncryptDecryptResponse& callback) { 17109 VLOG(1) << __func__; 17110 base::Callback<void(TPM_RC)> error_reporter = 17111 base::Bind(EncryptDecryptErrorCallback, callback); 17112 base::Callback<void(const std::string&)> parser = 17113 base::Bind(EncryptDecryptResponseParser, 17114 callback, 17115 authorization_delegate); 17116 std::string command; 17117 TPM_RC rc = SerializeCommand_EncryptDecrypt( 17118 key_handle, 17119 key_handle_name, 17120 decrypt, 17121 mode, 17122 iv_in, 17123 in_data, 17124 &command, 17125 authorization_delegate); 17126 if (rc != TPM_RC_SUCCESS) { 17127 error_reporter.Run(rc); 17128 return; 17129 } 17130 transceiver_->SendCommand(command, parser); 17131 } 17132 17133 TPM_RC Tpm::EncryptDecryptSync( 17134 const TPMI_DH_OBJECT& key_handle, 17135 const std::string& key_handle_name, 17136 const TPMI_YES_NO& decrypt, 17137 const TPMI_ALG_SYM_MODE& mode, 17138 const TPM2B_IV& iv_in, 17139 const TPM2B_MAX_BUFFER& in_data, 17140 TPM2B_MAX_BUFFER* out_data, 17141 TPM2B_IV* iv_out, 17142 AuthorizationDelegate* authorization_delegate) { 17143 VLOG(1) << __func__; 17144 std::string command; 17145 TPM_RC rc = SerializeCommand_EncryptDecrypt( 17146 key_handle, 17147 key_handle_name, 17148 decrypt, 17149 mode, 17150 iv_in, 17151 in_data, 17152 &command, 17153 authorization_delegate); 17154 if (rc != TPM_RC_SUCCESS) { 17155 return rc; 17156 } 17157 std::string response = transceiver_->SendCommandAndWait(command); 17158 rc = ParseResponse_EncryptDecrypt( 17159 response, 17160 out_data, 17161 iv_out, 17162 authorization_delegate); 17163 return rc; 17164 } 17165 17166 TPM_RC Tpm::SerializeCommand_Hash( 17167 const TPM2B_MAX_BUFFER& data, 17168 const TPMI_ALG_HASH& hash_alg, 17169 const TPMI_RH_HIERARCHY& hierarchy, 17170 std::string* serialized_command, 17171 AuthorizationDelegate* authorization_delegate) { 17172 VLOG(3) << __func__; 17173 TPM_RC rc = TPM_RC_SUCCESS; 17174 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 17175 UINT32 command_size = 10; // Header size. 17176 std::string handle_section_bytes; 17177 std::string parameter_section_bytes; 17178 TPM_CC command_code = TPM_CC_Hash; 17179 bool is_command_parameter_encryption_possible = true; 17180 bool is_response_parameter_encryption_possible = true; 17181 std::string command_code_bytes; 17182 rc = Serialize_TPM_CC( 17183 command_code, 17184 &command_code_bytes); 17185 if (rc != TPM_RC_SUCCESS) { 17186 return rc; 17187 } 17188 std::string data_bytes; 17189 rc = Serialize_TPM2B_MAX_BUFFER( 17190 data, 17191 &data_bytes); 17192 if (rc != TPM_RC_SUCCESS) { 17193 return rc; 17194 } 17195 std::string hash_alg_bytes; 17196 rc = Serialize_TPMI_ALG_HASH( 17197 hash_alg, 17198 &hash_alg_bytes); 17199 if (rc != TPM_RC_SUCCESS) { 17200 return rc; 17201 } 17202 std::string hierarchy_bytes; 17203 rc = Serialize_TPMI_RH_HIERARCHY( 17204 hierarchy, 17205 &hierarchy_bytes); 17206 if (rc != TPM_RC_SUCCESS) { 17207 return rc; 17208 } 17209 if (authorization_delegate) { 17210 // Encrypt just the parameter data, not the size. 17211 std::string tmp = data_bytes.substr(2); 17212 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 17213 return TRUNKS_RC_ENCRYPTION_FAILED; 17214 } 17215 data_bytes.replace(2, std::string::npos, tmp); 17216 } 17217 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 17218 crypto::SecureHash::SHA256)); 17219 hash->Update(command_code_bytes.data(), 17220 command_code_bytes.size()); 17221 hash->Update(data_bytes.data(), 17222 data_bytes.size()); 17223 parameter_section_bytes += data_bytes; 17224 command_size += data_bytes.size(); 17225 hash->Update(hash_alg_bytes.data(), 17226 hash_alg_bytes.size()); 17227 parameter_section_bytes += hash_alg_bytes; 17228 command_size += hash_alg_bytes.size(); 17229 hash->Update(hierarchy_bytes.data(), 17230 hierarchy_bytes.size()); 17231 parameter_section_bytes += hierarchy_bytes; 17232 command_size += hierarchy_bytes.size(); 17233 std::string command_hash(32, 0); 17234 hash->Finish(string_as_array(&command_hash), command_hash.size()); 17235 std::string authorization_section_bytes; 17236 std::string authorization_size_bytes; 17237 if (authorization_delegate) { 17238 if (!authorization_delegate->GetCommandAuthorization( 17239 command_hash, 17240 is_command_parameter_encryption_possible, 17241 is_response_parameter_encryption_possible, 17242 &authorization_section_bytes)) { 17243 return TRUNKS_RC_AUTHORIZATION_FAILED; 17244 } 17245 if (!authorization_section_bytes.empty()) { 17246 tag = TPM_ST_SESSIONS; 17247 std::string tmp; 17248 rc = Serialize_UINT32(authorization_section_bytes.size(), 17249 &authorization_size_bytes); 17250 if (rc != TPM_RC_SUCCESS) { 17251 return rc; 17252 } 17253 command_size += authorization_size_bytes.size() + 17254 authorization_section_bytes.size(); 17255 } 17256 } 17257 std::string tag_bytes; 17258 rc = Serialize_TPMI_ST_COMMAND_TAG( 17259 tag, 17260 &tag_bytes); 17261 if (rc != TPM_RC_SUCCESS) { 17262 return rc; 17263 } 17264 std::string command_size_bytes; 17265 rc = Serialize_UINT32( 17266 command_size, 17267 &command_size_bytes); 17268 if (rc != TPM_RC_SUCCESS) { 17269 return rc; 17270 } 17271 *serialized_command = tag_bytes + 17272 command_size_bytes + 17273 command_code_bytes + 17274 handle_section_bytes + 17275 authorization_size_bytes + 17276 authorization_section_bytes + 17277 parameter_section_bytes; 17278 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 17279 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 17280 serialized_command->size()); 17281 return TPM_RC_SUCCESS; 17282 } 17283 17284 TPM_RC Tpm::ParseResponse_Hash( 17285 const std::string& response, 17286 TPM2B_DIGEST* out_hash, 17287 TPMT_TK_HASHCHECK* validation, 17288 AuthorizationDelegate* authorization_delegate) { 17289 VLOG(3) << __func__; 17290 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 17291 TPM_RC rc = TPM_RC_SUCCESS; 17292 std::string buffer(response); 17293 TPM_ST tag; 17294 std::string tag_bytes; 17295 rc = Parse_TPM_ST( 17296 &buffer, 17297 &tag, 17298 &tag_bytes); 17299 if (rc != TPM_RC_SUCCESS) { 17300 return rc; 17301 } 17302 UINT32 response_size; 17303 std::string response_size_bytes; 17304 rc = Parse_UINT32( 17305 &buffer, 17306 &response_size, 17307 &response_size_bytes); 17308 if (rc != TPM_RC_SUCCESS) { 17309 return rc; 17310 } 17311 TPM_RC response_code; 17312 std::string response_code_bytes; 17313 rc = Parse_TPM_RC( 17314 &buffer, 17315 &response_code, 17316 &response_code_bytes); 17317 if (rc != TPM_RC_SUCCESS) { 17318 return rc; 17319 } 17320 if (response_size != response.size()) { 17321 return TPM_RC_SIZE; 17322 } 17323 if (response_code != TPM_RC_SUCCESS) { 17324 return response_code; 17325 } 17326 TPM_CC command_code = TPM_CC_Hash; 17327 std::string command_code_bytes; 17328 rc = Serialize_TPM_CC( 17329 command_code, 17330 &command_code_bytes); 17331 if (rc != TPM_RC_SUCCESS) { 17332 return rc; 17333 } 17334 std::string authorization_section_bytes; 17335 if (tag == TPM_ST_SESSIONS) { 17336 UINT32 parameter_section_size = buffer.size(); 17337 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 17338 if (rc != TPM_RC_SUCCESS) { 17339 return rc; 17340 } 17341 if (parameter_section_size > buffer.size()) { 17342 return TPM_RC_INSUFFICIENT; 17343 } 17344 authorization_section_bytes = buffer.substr(parameter_section_size); 17345 // Keep the parameter section in |buffer|. 17346 buffer.erase(parameter_section_size); 17347 } 17348 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 17349 crypto::SecureHash::SHA256)); 17350 hash->Update(response_code_bytes.data(), 17351 response_code_bytes.size()); 17352 hash->Update(command_code_bytes.data(), 17353 command_code_bytes.size()); 17354 hash->Update(buffer.data(), 17355 buffer.size()); 17356 std::string response_hash(32, 0); 17357 hash->Finish(string_as_array(&response_hash), response_hash.size()); 17358 if (tag == TPM_ST_SESSIONS) { 17359 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17360 if (!authorization_delegate->CheckResponseAuthorization( 17361 response_hash, 17362 authorization_section_bytes)) { 17363 return TRUNKS_RC_AUTHORIZATION_FAILED; 17364 } 17365 } 17366 std::string out_hash_bytes; 17367 rc = Parse_TPM2B_DIGEST( 17368 &buffer, 17369 out_hash, 17370 &out_hash_bytes); 17371 if (rc != TPM_RC_SUCCESS) { 17372 return rc; 17373 } 17374 std::string validation_bytes; 17375 rc = Parse_TPMT_TK_HASHCHECK( 17376 &buffer, 17377 validation, 17378 &validation_bytes); 17379 if (rc != TPM_RC_SUCCESS) { 17380 return rc; 17381 } 17382 if (tag == TPM_ST_SESSIONS) { 17383 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17384 // Decrypt just the parameter data, not the size. 17385 std::string tmp = out_hash_bytes.substr(2); 17386 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 17387 return TRUNKS_RC_ENCRYPTION_FAILED; 17388 } 17389 out_hash_bytes.replace(2, std::string::npos, tmp); 17390 rc = Parse_TPM2B_DIGEST( 17391 &out_hash_bytes, 17392 out_hash, 17393 nullptr); 17394 if (rc != TPM_RC_SUCCESS) { 17395 return rc; 17396 } 17397 } 17398 return TPM_RC_SUCCESS; 17399 } 17400 17401 void HashErrorCallback( 17402 const Tpm::HashResponse& callback, 17403 TPM_RC response_code) { 17404 VLOG(1) << __func__; 17405 callback.Run(response_code, 17406 TPM2B_DIGEST(), 17407 TPMT_TK_HASHCHECK()); 17408 } 17409 17410 void HashResponseParser( 17411 const Tpm::HashResponse& callback, 17412 AuthorizationDelegate* authorization_delegate, 17413 const std::string& response) { 17414 VLOG(1) << __func__; 17415 base::Callback<void(TPM_RC)> error_reporter = 17416 base::Bind(HashErrorCallback, callback); 17417 TPM2B_DIGEST out_hash; 17418 TPMT_TK_HASHCHECK validation; 17419 TPM_RC rc = Tpm::ParseResponse_Hash( 17420 response, 17421 &out_hash, 17422 &validation, 17423 authorization_delegate); 17424 if (rc != TPM_RC_SUCCESS) { 17425 error_reporter.Run(rc); 17426 return; 17427 } 17428 callback.Run( 17429 rc, 17430 out_hash, 17431 validation); 17432 } 17433 17434 void Tpm::Hash( 17435 const TPM2B_MAX_BUFFER& data, 17436 const TPMI_ALG_HASH& hash_alg, 17437 const TPMI_RH_HIERARCHY& hierarchy, 17438 AuthorizationDelegate* authorization_delegate, 17439 const HashResponse& callback) { 17440 VLOG(1) << __func__; 17441 base::Callback<void(TPM_RC)> error_reporter = 17442 base::Bind(HashErrorCallback, callback); 17443 base::Callback<void(const std::string&)> parser = 17444 base::Bind(HashResponseParser, 17445 callback, 17446 authorization_delegate); 17447 std::string command; 17448 TPM_RC rc = SerializeCommand_Hash( 17449 data, 17450 hash_alg, 17451 hierarchy, 17452 &command, 17453 authorization_delegate); 17454 if (rc != TPM_RC_SUCCESS) { 17455 error_reporter.Run(rc); 17456 return; 17457 } 17458 transceiver_->SendCommand(command, parser); 17459 } 17460 17461 TPM_RC Tpm::HashSync( 17462 const TPM2B_MAX_BUFFER& data, 17463 const TPMI_ALG_HASH& hash_alg, 17464 const TPMI_RH_HIERARCHY& hierarchy, 17465 TPM2B_DIGEST* out_hash, 17466 TPMT_TK_HASHCHECK* validation, 17467 AuthorizationDelegate* authorization_delegate) { 17468 VLOG(1) << __func__; 17469 std::string command; 17470 TPM_RC rc = SerializeCommand_Hash( 17471 data, 17472 hash_alg, 17473 hierarchy, 17474 &command, 17475 authorization_delegate); 17476 if (rc != TPM_RC_SUCCESS) { 17477 return rc; 17478 } 17479 std::string response = transceiver_->SendCommandAndWait(command); 17480 rc = ParseResponse_Hash( 17481 response, 17482 out_hash, 17483 validation, 17484 authorization_delegate); 17485 return rc; 17486 } 17487 17488 TPM_RC Tpm::SerializeCommand_HMAC( 17489 const TPMI_DH_OBJECT& handle, 17490 const std::string& handle_name, 17491 const TPM2B_MAX_BUFFER& buffer, 17492 const TPMI_ALG_HASH& hash_alg, 17493 std::string* serialized_command, 17494 AuthorizationDelegate* authorization_delegate) { 17495 VLOG(3) << __func__; 17496 TPM_RC rc = TPM_RC_SUCCESS; 17497 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 17498 UINT32 command_size = 10; // Header size. 17499 std::string handle_section_bytes; 17500 std::string parameter_section_bytes; 17501 TPM_CC command_code = TPM_CC_HMAC; 17502 bool is_command_parameter_encryption_possible = true; 17503 bool is_response_parameter_encryption_possible = true; 17504 std::string command_code_bytes; 17505 rc = Serialize_TPM_CC( 17506 command_code, 17507 &command_code_bytes); 17508 if (rc != TPM_RC_SUCCESS) { 17509 return rc; 17510 } 17511 std::string handle_bytes; 17512 rc = Serialize_TPMI_DH_OBJECT( 17513 handle, 17514 &handle_bytes); 17515 if (rc != TPM_RC_SUCCESS) { 17516 return rc; 17517 } 17518 std::string buffer_bytes; 17519 rc = Serialize_TPM2B_MAX_BUFFER( 17520 buffer, 17521 &buffer_bytes); 17522 if (rc != TPM_RC_SUCCESS) { 17523 return rc; 17524 } 17525 std::string hash_alg_bytes; 17526 rc = Serialize_TPMI_ALG_HASH( 17527 hash_alg, 17528 &hash_alg_bytes); 17529 if (rc != TPM_RC_SUCCESS) { 17530 return rc; 17531 } 17532 if (authorization_delegate) { 17533 // Encrypt just the parameter data, not the size. 17534 std::string tmp = buffer_bytes.substr(2); 17535 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 17536 return TRUNKS_RC_ENCRYPTION_FAILED; 17537 } 17538 buffer_bytes.replace(2, std::string::npos, tmp); 17539 } 17540 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 17541 crypto::SecureHash::SHA256)); 17542 hash->Update(command_code_bytes.data(), 17543 command_code_bytes.size()); 17544 hash->Update(handle_name.data(), 17545 handle_name.size()); 17546 handle_section_bytes += handle_bytes; 17547 command_size += handle_bytes.size(); 17548 hash->Update(buffer_bytes.data(), 17549 buffer_bytes.size()); 17550 parameter_section_bytes += buffer_bytes; 17551 command_size += buffer_bytes.size(); 17552 hash->Update(hash_alg_bytes.data(), 17553 hash_alg_bytes.size()); 17554 parameter_section_bytes += hash_alg_bytes; 17555 command_size += hash_alg_bytes.size(); 17556 std::string command_hash(32, 0); 17557 hash->Finish(string_as_array(&command_hash), command_hash.size()); 17558 std::string authorization_section_bytes; 17559 std::string authorization_size_bytes; 17560 if (authorization_delegate) { 17561 if (!authorization_delegate->GetCommandAuthorization( 17562 command_hash, 17563 is_command_parameter_encryption_possible, 17564 is_response_parameter_encryption_possible, 17565 &authorization_section_bytes)) { 17566 return TRUNKS_RC_AUTHORIZATION_FAILED; 17567 } 17568 if (!authorization_section_bytes.empty()) { 17569 tag = TPM_ST_SESSIONS; 17570 std::string tmp; 17571 rc = Serialize_UINT32(authorization_section_bytes.size(), 17572 &authorization_size_bytes); 17573 if (rc != TPM_RC_SUCCESS) { 17574 return rc; 17575 } 17576 command_size += authorization_size_bytes.size() + 17577 authorization_section_bytes.size(); 17578 } 17579 } 17580 std::string tag_bytes; 17581 rc = Serialize_TPMI_ST_COMMAND_TAG( 17582 tag, 17583 &tag_bytes); 17584 if (rc != TPM_RC_SUCCESS) { 17585 return rc; 17586 } 17587 std::string command_size_bytes; 17588 rc = Serialize_UINT32( 17589 command_size, 17590 &command_size_bytes); 17591 if (rc != TPM_RC_SUCCESS) { 17592 return rc; 17593 } 17594 *serialized_command = tag_bytes + 17595 command_size_bytes + 17596 command_code_bytes + 17597 handle_section_bytes + 17598 authorization_size_bytes + 17599 authorization_section_bytes + 17600 parameter_section_bytes; 17601 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 17602 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 17603 serialized_command->size()); 17604 return TPM_RC_SUCCESS; 17605 } 17606 17607 TPM_RC Tpm::ParseResponse_HMAC( 17608 const std::string& response, 17609 TPM2B_DIGEST* out_hmac, 17610 AuthorizationDelegate* authorization_delegate) { 17611 VLOG(3) << __func__; 17612 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 17613 TPM_RC rc = TPM_RC_SUCCESS; 17614 std::string buffer(response); 17615 TPM_ST tag; 17616 std::string tag_bytes; 17617 rc = Parse_TPM_ST( 17618 &buffer, 17619 &tag, 17620 &tag_bytes); 17621 if (rc != TPM_RC_SUCCESS) { 17622 return rc; 17623 } 17624 UINT32 response_size; 17625 std::string response_size_bytes; 17626 rc = Parse_UINT32( 17627 &buffer, 17628 &response_size, 17629 &response_size_bytes); 17630 if (rc != TPM_RC_SUCCESS) { 17631 return rc; 17632 } 17633 TPM_RC response_code; 17634 std::string response_code_bytes; 17635 rc = Parse_TPM_RC( 17636 &buffer, 17637 &response_code, 17638 &response_code_bytes); 17639 if (rc != TPM_RC_SUCCESS) { 17640 return rc; 17641 } 17642 if (response_size != response.size()) { 17643 return TPM_RC_SIZE; 17644 } 17645 if (response_code != TPM_RC_SUCCESS) { 17646 return response_code; 17647 } 17648 TPM_CC command_code = TPM_CC_HMAC; 17649 std::string command_code_bytes; 17650 rc = Serialize_TPM_CC( 17651 command_code, 17652 &command_code_bytes); 17653 if (rc != TPM_RC_SUCCESS) { 17654 return rc; 17655 } 17656 std::string authorization_section_bytes; 17657 if (tag == TPM_ST_SESSIONS) { 17658 UINT32 parameter_section_size = buffer.size(); 17659 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 17660 if (rc != TPM_RC_SUCCESS) { 17661 return rc; 17662 } 17663 if (parameter_section_size > buffer.size()) { 17664 return TPM_RC_INSUFFICIENT; 17665 } 17666 authorization_section_bytes = buffer.substr(parameter_section_size); 17667 // Keep the parameter section in |buffer|. 17668 buffer.erase(parameter_section_size); 17669 } 17670 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 17671 crypto::SecureHash::SHA256)); 17672 hash->Update(response_code_bytes.data(), 17673 response_code_bytes.size()); 17674 hash->Update(command_code_bytes.data(), 17675 command_code_bytes.size()); 17676 hash->Update(buffer.data(), 17677 buffer.size()); 17678 std::string response_hash(32, 0); 17679 hash->Finish(string_as_array(&response_hash), response_hash.size()); 17680 if (tag == TPM_ST_SESSIONS) { 17681 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17682 if (!authorization_delegate->CheckResponseAuthorization( 17683 response_hash, 17684 authorization_section_bytes)) { 17685 return TRUNKS_RC_AUTHORIZATION_FAILED; 17686 } 17687 } 17688 std::string out_hmac_bytes; 17689 rc = Parse_TPM2B_DIGEST( 17690 &buffer, 17691 out_hmac, 17692 &out_hmac_bytes); 17693 if (rc != TPM_RC_SUCCESS) { 17694 return rc; 17695 } 17696 if (tag == TPM_ST_SESSIONS) { 17697 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17698 // Decrypt just the parameter data, not the size. 17699 std::string tmp = out_hmac_bytes.substr(2); 17700 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 17701 return TRUNKS_RC_ENCRYPTION_FAILED; 17702 } 17703 out_hmac_bytes.replace(2, std::string::npos, tmp); 17704 rc = Parse_TPM2B_DIGEST( 17705 &out_hmac_bytes, 17706 out_hmac, 17707 nullptr); 17708 if (rc != TPM_RC_SUCCESS) { 17709 return rc; 17710 } 17711 } 17712 return TPM_RC_SUCCESS; 17713 } 17714 17715 void HMACErrorCallback( 17716 const Tpm::HMACResponse& callback, 17717 TPM_RC response_code) { 17718 VLOG(1) << __func__; 17719 callback.Run(response_code, 17720 TPM2B_DIGEST()); 17721 } 17722 17723 void HMACResponseParser( 17724 const Tpm::HMACResponse& callback, 17725 AuthorizationDelegate* authorization_delegate, 17726 const std::string& response) { 17727 VLOG(1) << __func__; 17728 base::Callback<void(TPM_RC)> error_reporter = 17729 base::Bind(HMACErrorCallback, callback); 17730 TPM2B_DIGEST out_hmac; 17731 TPM_RC rc = Tpm::ParseResponse_HMAC( 17732 response, 17733 &out_hmac, 17734 authorization_delegate); 17735 if (rc != TPM_RC_SUCCESS) { 17736 error_reporter.Run(rc); 17737 return; 17738 } 17739 callback.Run( 17740 rc, 17741 out_hmac); 17742 } 17743 17744 void Tpm::HMAC( 17745 const TPMI_DH_OBJECT& handle, 17746 const std::string& handle_name, 17747 const TPM2B_MAX_BUFFER& buffer, 17748 const TPMI_ALG_HASH& hash_alg, 17749 AuthorizationDelegate* authorization_delegate, 17750 const HMACResponse& callback) { 17751 VLOG(1) << __func__; 17752 base::Callback<void(TPM_RC)> error_reporter = 17753 base::Bind(HMACErrorCallback, callback); 17754 base::Callback<void(const std::string&)> parser = 17755 base::Bind(HMACResponseParser, 17756 callback, 17757 authorization_delegate); 17758 std::string command; 17759 TPM_RC rc = SerializeCommand_HMAC( 17760 handle, 17761 handle_name, 17762 buffer, 17763 hash_alg, 17764 &command, 17765 authorization_delegate); 17766 if (rc != TPM_RC_SUCCESS) { 17767 error_reporter.Run(rc); 17768 return; 17769 } 17770 transceiver_->SendCommand(command, parser); 17771 } 17772 17773 TPM_RC Tpm::HMACSync( 17774 const TPMI_DH_OBJECT& handle, 17775 const std::string& handle_name, 17776 const TPM2B_MAX_BUFFER& buffer, 17777 const TPMI_ALG_HASH& hash_alg, 17778 TPM2B_DIGEST* out_hmac, 17779 AuthorizationDelegate* authorization_delegate) { 17780 VLOG(1) << __func__; 17781 std::string command; 17782 TPM_RC rc = SerializeCommand_HMAC( 17783 handle, 17784 handle_name, 17785 buffer, 17786 hash_alg, 17787 &command, 17788 authorization_delegate); 17789 if (rc != TPM_RC_SUCCESS) { 17790 return rc; 17791 } 17792 std::string response = transceiver_->SendCommandAndWait(command); 17793 rc = ParseResponse_HMAC( 17794 response, 17795 out_hmac, 17796 authorization_delegate); 17797 return rc; 17798 } 17799 17800 TPM_RC Tpm::SerializeCommand_GetRandom( 17801 const UINT16& bytes_requested, 17802 std::string* serialized_command, 17803 AuthorizationDelegate* authorization_delegate) { 17804 VLOG(3) << __func__; 17805 TPM_RC rc = TPM_RC_SUCCESS; 17806 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 17807 UINT32 command_size = 10; // Header size. 17808 std::string handle_section_bytes; 17809 std::string parameter_section_bytes; 17810 TPM_CC command_code = TPM_CC_GetRandom; 17811 bool is_command_parameter_encryption_possible = false; 17812 bool is_response_parameter_encryption_possible = true; 17813 std::string command_code_bytes; 17814 rc = Serialize_TPM_CC( 17815 command_code, 17816 &command_code_bytes); 17817 if (rc != TPM_RC_SUCCESS) { 17818 return rc; 17819 } 17820 std::string bytes_requested_bytes; 17821 rc = Serialize_UINT16( 17822 bytes_requested, 17823 &bytes_requested_bytes); 17824 if (rc != TPM_RC_SUCCESS) { 17825 return rc; 17826 } 17827 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 17828 crypto::SecureHash::SHA256)); 17829 hash->Update(command_code_bytes.data(), 17830 command_code_bytes.size()); 17831 hash->Update(bytes_requested_bytes.data(), 17832 bytes_requested_bytes.size()); 17833 parameter_section_bytes += bytes_requested_bytes; 17834 command_size += bytes_requested_bytes.size(); 17835 std::string command_hash(32, 0); 17836 hash->Finish(string_as_array(&command_hash), command_hash.size()); 17837 std::string authorization_section_bytes; 17838 std::string authorization_size_bytes; 17839 if (authorization_delegate) { 17840 if (!authorization_delegate->GetCommandAuthorization( 17841 command_hash, 17842 is_command_parameter_encryption_possible, 17843 is_response_parameter_encryption_possible, 17844 &authorization_section_bytes)) { 17845 return TRUNKS_RC_AUTHORIZATION_FAILED; 17846 } 17847 if (!authorization_section_bytes.empty()) { 17848 tag = TPM_ST_SESSIONS; 17849 std::string tmp; 17850 rc = Serialize_UINT32(authorization_section_bytes.size(), 17851 &authorization_size_bytes); 17852 if (rc != TPM_RC_SUCCESS) { 17853 return rc; 17854 } 17855 command_size += authorization_size_bytes.size() + 17856 authorization_section_bytes.size(); 17857 } 17858 } 17859 std::string tag_bytes; 17860 rc = Serialize_TPMI_ST_COMMAND_TAG( 17861 tag, 17862 &tag_bytes); 17863 if (rc != TPM_RC_SUCCESS) { 17864 return rc; 17865 } 17866 std::string command_size_bytes; 17867 rc = Serialize_UINT32( 17868 command_size, 17869 &command_size_bytes); 17870 if (rc != TPM_RC_SUCCESS) { 17871 return rc; 17872 } 17873 *serialized_command = tag_bytes + 17874 command_size_bytes + 17875 command_code_bytes + 17876 handle_section_bytes + 17877 authorization_size_bytes + 17878 authorization_section_bytes + 17879 parameter_section_bytes; 17880 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 17881 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 17882 serialized_command->size()); 17883 return TPM_RC_SUCCESS; 17884 } 17885 17886 TPM_RC Tpm::ParseResponse_GetRandom( 17887 const std::string& response, 17888 TPM2B_DIGEST* random_bytes, 17889 AuthorizationDelegate* authorization_delegate) { 17890 VLOG(3) << __func__; 17891 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 17892 TPM_RC rc = TPM_RC_SUCCESS; 17893 std::string buffer(response); 17894 TPM_ST tag; 17895 std::string tag_bytes; 17896 rc = Parse_TPM_ST( 17897 &buffer, 17898 &tag, 17899 &tag_bytes); 17900 if (rc != TPM_RC_SUCCESS) { 17901 return rc; 17902 } 17903 UINT32 response_size; 17904 std::string response_size_bytes; 17905 rc = Parse_UINT32( 17906 &buffer, 17907 &response_size, 17908 &response_size_bytes); 17909 if (rc != TPM_RC_SUCCESS) { 17910 return rc; 17911 } 17912 TPM_RC response_code; 17913 std::string response_code_bytes; 17914 rc = Parse_TPM_RC( 17915 &buffer, 17916 &response_code, 17917 &response_code_bytes); 17918 if (rc != TPM_RC_SUCCESS) { 17919 return rc; 17920 } 17921 if (response_size != response.size()) { 17922 return TPM_RC_SIZE; 17923 } 17924 if (response_code != TPM_RC_SUCCESS) { 17925 return response_code; 17926 } 17927 TPM_CC command_code = TPM_CC_GetRandom; 17928 std::string command_code_bytes; 17929 rc = Serialize_TPM_CC( 17930 command_code, 17931 &command_code_bytes); 17932 if (rc != TPM_RC_SUCCESS) { 17933 return rc; 17934 } 17935 std::string authorization_section_bytes; 17936 if (tag == TPM_ST_SESSIONS) { 17937 UINT32 parameter_section_size = buffer.size(); 17938 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 17939 if (rc != TPM_RC_SUCCESS) { 17940 return rc; 17941 } 17942 if (parameter_section_size > buffer.size()) { 17943 return TPM_RC_INSUFFICIENT; 17944 } 17945 authorization_section_bytes = buffer.substr(parameter_section_size); 17946 // Keep the parameter section in |buffer|. 17947 buffer.erase(parameter_section_size); 17948 } 17949 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 17950 crypto::SecureHash::SHA256)); 17951 hash->Update(response_code_bytes.data(), 17952 response_code_bytes.size()); 17953 hash->Update(command_code_bytes.data(), 17954 command_code_bytes.size()); 17955 hash->Update(buffer.data(), 17956 buffer.size()); 17957 std::string response_hash(32, 0); 17958 hash->Finish(string_as_array(&response_hash), response_hash.size()); 17959 if (tag == TPM_ST_SESSIONS) { 17960 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17961 if (!authorization_delegate->CheckResponseAuthorization( 17962 response_hash, 17963 authorization_section_bytes)) { 17964 return TRUNKS_RC_AUTHORIZATION_FAILED; 17965 } 17966 } 17967 std::string random_bytes_bytes; 17968 rc = Parse_TPM2B_DIGEST( 17969 &buffer, 17970 random_bytes, 17971 &random_bytes_bytes); 17972 if (rc != TPM_RC_SUCCESS) { 17973 return rc; 17974 } 17975 if (tag == TPM_ST_SESSIONS) { 17976 CHECK(authorization_delegate) << "Authorization delegate missing!"; 17977 // Decrypt just the parameter data, not the size. 17978 std::string tmp = random_bytes_bytes.substr(2); 17979 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 17980 return TRUNKS_RC_ENCRYPTION_FAILED; 17981 } 17982 random_bytes_bytes.replace(2, std::string::npos, tmp); 17983 rc = Parse_TPM2B_DIGEST( 17984 &random_bytes_bytes, 17985 random_bytes, 17986 nullptr); 17987 if (rc != TPM_RC_SUCCESS) { 17988 return rc; 17989 } 17990 } 17991 return TPM_RC_SUCCESS; 17992 } 17993 17994 void GetRandomErrorCallback( 17995 const Tpm::GetRandomResponse& callback, 17996 TPM_RC response_code) { 17997 VLOG(1) << __func__; 17998 callback.Run(response_code, 17999 TPM2B_DIGEST()); 18000 } 18001 18002 void GetRandomResponseParser( 18003 const Tpm::GetRandomResponse& callback, 18004 AuthorizationDelegate* authorization_delegate, 18005 const std::string& response) { 18006 VLOG(1) << __func__; 18007 base::Callback<void(TPM_RC)> error_reporter = 18008 base::Bind(GetRandomErrorCallback, callback); 18009 TPM2B_DIGEST random_bytes; 18010 TPM_RC rc = Tpm::ParseResponse_GetRandom( 18011 response, 18012 &random_bytes, 18013 authorization_delegate); 18014 if (rc != TPM_RC_SUCCESS) { 18015 error_reporter.Run(rc); 18016 return; 18017 } 18018 callback.Run( 18019 rc, 18020 random_bytes); 18021 } 18022 18023 void Tpm::GetRandom( 18024 const UINT16& bytes_requested, 18025 AuthorizationDelegate* authorization_delegate, 18026 const GetRandomResponse& callback) { 18027 VLOG(1) << __func__; 18028 base::Callback<void(TPM_RC)> error_reporter = 18029 base::Bind(GetRandomErrorCallback, callback); 18030 base::Callback<void(const std::string&)> parser = 18031 base::Bind(GetRandomResponseParser, 18032 callback, 18033 authorization_delegate); 18034 std::string command; 18035 TPM_RC rc = SerializeCommand_GetRandom( 18036 bytes_requested, 18037 &command, 18038 authorization_delegate); 18039 if (rc != TPM_RC_SUCCESS) { 18040 error_reporter.Run(rc); 18041 return; 18042 } 18043 transceiver_->SendCommand(command, parser); 18044 } 18045 18046 TPM_RC Tpm::GetRandomSync( 18047 const UINT16& bytes_requested, 18048 TPM2B_DIGEST* random_bytes, 18049 AuthorizationDelegate* authorization_delegate) { 18050 VLOG(1) << __func__; 18051 std::string command; 18052 TPM_RC rc = SerializeCommand_GetRandom( 18053 bytes_requested, 18054 &command, 18055 authorization_delegate); 18056 if (rc != TPM_RC_SUCCESS) { 18057 return rc; 18058 } 18059 std::string response = transceiver_->SendCommandAndWait(command); 18060 rc = ParseResponse_GetRandom( 18061 response, 18062 random_bytes, 18063 authorization_delegate); 18064 return rc; 18065 } 18066 18067 TPM_RC Tpm::SerializeCommand_StirRandom( 18068 const TPM2B_SENSITIVE_DATA& in_data, 18069 std::string* serialized_command, 18070 AuthorizationDelegate* authorization_delegate) { 18071 VLOG(3) << __func__; 18072 TPM_RC rc = TPM_RC_SUCCESS; 18073 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 18074 UINT32 command_size = 10; // Header size. 18075 std::string handle_section_bytes; 18076 std::string parameter_section_bytes; 18077 TPM_CC command_code = TPM_CC_StirRandom; 18078 bool is_command_parameter_encryption_possible = true; 18079 bool is_response_parameter_encryption_possible = false; 18080 std::string command_code_bytes; 18081 rc = Serialize_TPM_CC( 18082 command_code, 18083 &command_code_bytes); 18084 if (rc != TPM_RC_SUCCESS) { 18085 return rc; 18086 } 18087 std::string in_data_bytes; 18088 rc = Serialize_TPM2B_SENSITIVE_DATA( 18089 in_data, 18090 &in_data_bytes); 18091 if (rc != TPM_RC_SUCCESS) { 18092 return rc; 18093 } 18094 if (authorization_delegate) { 18095 // Encrypt just the parameter data, not the size. 18096 std::string tmp = in_data_bytes.substr(2); 18097 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 18098 return TRUNKS_RC_ENCRYPTION_FAILED; 18099 } 18100 in_data_bytes.replace(2, std::string::npos, tmp); 18101 } 18102 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 18103 crypto::SecureHash::SHA256)); 18104 hash->Update(command_code_bytes.data(), 18105 command_code_bytes.size()); 18106 hash->Update(in_data_bytes.data(), 18107 in_data_bytes.size()); 18108 parameter_section_bytes += in_data_bytes; 18109 command_size += in_data_bytes.size(); 18110 std::string command_hash(32, 0); 18111 hash->Finish(string_as_array(&command_hash), command_hash.size()); 18112 std::string authorization_section_bytes; 18113 std::string authorization_size_bytes; 18114 if (authorization_delegate) { 18115 if (!authorization_delegate->GetCommandAuthorization( 18116 command_hash, 18117 is_command_parameter_encryption_possible, 18118 is_response_parameter_encryption_possible, 18119 &authorization_section_bytes)) { 18120 return TRUNKS_RC_AUTHORIZATION_FAILED; 18121 } 18122 if (!authorization_section_bytes.empty()) { 18123 tag = TPM_ST_SESSIONS; 18124 std::string tmp; 18125 rc = Serialize_UINT32(authorization_section_bytes.size(), 18126 &authorization_size_bytes); 18127 if (rc != TPM_RC_SUCCESS) { 18128 return rc; 18129 } 18130 command_size += authorization_size_bytes.size() + 18131 authorization_section_bytes.size(); 18132 } 18133 } 18134 std::string tag_bytes; 18135 rc = Serialize_TPMI_ST_COMMAND_TAG( 18136 tag, 18137 &tag_bytes); 18138 if (rc != TPM_RC_SUCCESS) { 18139 return rc; 18140 } 18141 std::string command_size_bytes; 18142 rc = Serialize_UINT32( 18143 command_size, 18144 &command_size_bytes); 18145 if (rc != TPM_RC_SUCCESS) { 18146 return rc; 18147 } 18148 *serialized_command = tag_bytes + 18149 command_size_bytes + 18150 command_code_bytes + 18151 handle_section_bytes + 18152 authorization_size_bytes + 18153 authorization_section_bytes + 18154 parameter_section_bytes; 18155 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 18156 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 18157 serialized_command->size()); 18158 return TPM_RC_SUCCESS; 18159 } 18160 18161 TPM_RC Tpm::ParseResponse_StirRandom( 18162 const std::string& response, 18163 AuthorizationDelegate* authorization_delegate) { 18164 VLOG(3) << __func__; 18165 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 18166 TPM_RC rc = TPM_RC_SUCCESS; 18167 std::string buffer(response); 18168 TPM_ST tag; 18169 std::string tag_bytes; 18170 rc = Parse_TPM_ST( 18171 &buffer, 18172 &tag, 18173 &tag_bytes); 18174 if (rc != TPM_RC_SUCCESS) { 18175 return rc; 18176 } 18177 UINT32 response_size; 18178 std::string response_size_bytes; 18179 rc = Parse_UINT32( 18180 &buffer, 18181 &response_size, 18182 &response_size_bytes); 18183 if (rc != TPM_RC_SUCCESS) { 18184 return rc; 18185 } 18186 TPM_RC response_code; 18187 std::string response_code_bytes; 18188 rc = Parse_TPM_RC( 18189 &buffer, 18190 &response_code, 18191 &response_code_bytes); 18192 if (rc != TPM_RC_SUCCESS) { 18193 return rc; 18194 } 18195 if (response_size != response.size()) { 18196 return TPM_RC_SIZE; 18197 } 18198 if (response_code != TPM_RC_SUCCESS) { 18199 return response_code; 18200 } 18201 TPM_CC command_code = TPM_CC_StirRandom; 18202 std::string command_code_bytes; 18203 rc = Serialize_TPM_CC( 18204 command_code, 18205 &command_code_bytes); 18206 if (rc != TPM_RC_SUCCESS) { 18207 return rc; 18208 } 18209 std::string authorization_section_bytes; 18210 if (tag == TPM_ST_SESSIONS) { 18211 UINT32 parameter_section_size = buffer.size(); 18212 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 18213 if (rc != TPM_RC_SUCCESS) { 18214 return rc; 18215 } 18216 if (parameter_section_size > buffer.size()) { 18217 return TPM_RC_INSUFFICIENT; 18218 } 18219 authorization_section_bytes = buffer.substr(parameter_section_size); 18220 // Keep the parameter section in |buffer|. 18221 buffer.erase(parameter_section_size); 18222 } 18223 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 18224 crypto::SecureHash::SHA256)); 18225 hash->Update(response_code_bytes.data(), 18226 response_code_bytes.size()); 18227 hash->Update(command_code_bytes.data(), 18228 command_code_bytes.size()); 18229 hash->Update(buffer.data(), 18230 buffer.size()); 18231 std::string response_hash(32, 0); 18232 hash->Finish(string_as_array(&response_hash), response_hash.size()); 18233 if (tag == TPM_ST_SESSIONS) { 18234 CHECK(authorization_delegate) << "Authorization delegate missing!"; 18235 if (!authorization_delegate->CheckResponseAuthorization( 18236 response_hash, 18237 authorization_section_bytes)) { 18238 return TRUNKS_RC_AUTHORIZATION_FAILED; 18239 } 18240 } 18241 return TPM_RC_SUCCESS; 18242 } 18243 18244 void StirRandomErrorCallback( 18245 const Tpm::StirRandomResponse& callback, 18246 TPM_RC response_code) { 18247 VLOG(1) << __func__; 18248 callback.Run(response_code); 18249 } 18250 18251 void StirRandomResponseParser( 18252 const Tpm::StirRandomResponse& callback, 18253 AuthorizationDelegate* authorization_delegate, 18254 const std::string& response) { 18255 VLOG(1) << __func__; 18256 base::Callback<void(TPM_RC)> error_reporter = 18257 base::Bind(StirRandomErrorCallback, callback); 18258 TPM_RC rc = Tpm::ParseResponse_StirRandom( 18259 response, 18260 authorization_delegate); 18261 if (rc != TPM_RC_SUCCESS) { 18262 error_reporter.Run(rc); 18263 return; 18264 } 18265 callback.Run( 18266 rc); 18267 } 18268 18269 void Tpm::StirRandom( 18270 const TPM2B_SENSITIVE_DATA& in_data, 18271 AuthorizationDelegate* authorization_delegate, 18272 const StirRandomResponse& callback) { 18273 VLOG(1) << __func__; 18274 base::Callback<void(TPM_RC)> error_reporter = 18275 base::Bind(StirRandomErrorCallback, callback); 18276 base::Callback<void(const std::string&)> parser = 18277 base::Bind(StirRandomResponseParser, 18278 callback, 18279 authorization_delegate); 18280 std::string command; 18281 TPM_RC rc = SerializeCommand_StirRandom( 18282 in_data, 18283 &command, 18284 authorization_delegate); 18285 if (rc != TPM_RC_SUCCESS) { 18286 error_reporter.Run(rc); 18287 return; 18288 } 18289 transceiver_->SendCommand(command, parser); 18290 } 18291 18292 TPM_RC Tpm::StirRandomSync( 18293 const TPM2B_SENSITIVE_DATA& in_data, 18294 AuthorizationDelegate* authorization_delegate) { 18295 VLOG(1) << __func__; 18296 std::string command; 18297 TPM_RC rc = SerializeCommand_StirRandom( 18298 in_data, 18299 &command, 18300 authorization_delegate); 18301 if (rc != TPM_RC_SUCCESS) { 18302 return rc; 18303 } 18304 std::string response = transceiver_->SendCommandAndWait(command); 18305 rc = ParseResponse_StirRandom( 18306 response, 18307 authorization_delegate); 18308 return rc; 18309 } 18310 18311 TPM_RC Tpm::SerializeCommand_HMAC_Start( 18312 const TPMI_DH_OBJECT& handle, 18313 const std::string& handle_name, 18314 const TPM2B_AUTH& auth, 18315 const TPMI_ALG_HASH& hash_alg, 18316 std::string* serialized_command, 18317 AuthorizationDelegate* authorization_delegate) { 18318 VLOG(3) << __func__; 18319 TPM_RC rc = TPM_RC_SUCCESS; 18320 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 18321 UINT32 command_size = 10; // Header size. 18322 std::string handle_section_bytes; 18323 std::string parameter_section_bytes; 18324 TPM_CC command_code = TPM_CC_HMAC_Start; 18325 bool is_command_parameter_encryption_possible = true; 18326 bool is_response_parameter_encryption_possible = false; 18327 std::string command_code_bytes; 18328 rc = Serialize_TPM_CC( 18329 command_code, 18330 &command_code_bytes); 18331 if (rc != TPM_RC_SUCCESS) { 18332 return rc; 18333 } 18334 std::string handle_bytes; 18335 rc = Serialize_TPMI_DH_OBJECT( 18336 handle, 18337 &handle_bytes); 18338 if (rc != TPM_RC_SUCCESS) { 18339 return rc; 18340 } 18341 std::string auth_bytes; 18342 rc = Serialize_TPM2B_AUTH( 18343 auth, 18344 &auth_bytes); 18345 if (rc != TPM_RC_SUCCESS) { 18346 return rc; 18347 } 18348 std::string hash_alg_bytes; 18349 rc = Serialize_TPMI_ALG_HASH( 18350 hash_alg, 18351 &hash_alg_bytes); 18352 if (rc != TPM_RC_SUCCESS) { 18353 return rc; 18354 } 18355 if (authorization_delegate) { 18356 // Encrypt just the parameter data, not the size. 18357 std::string tmp = auth_bytes.substr(2); 18358 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 18359 return TRUNKS_RC_ENCRYPTION_FAILED; 18360 } 18361 auth_bytes.replace(2, std::string::npos, tmp); 18362 } 18363 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 18364 crypto::SecureHash::SHA256)); 18365 hash->Update(command_code_bytes.data(), 18366 command_code_bytes.size()); 18367 hash->Update(handle_name.data(), 18368 handle_name.size()); 18369 handle_section_bytes += handle_bytes; 18370 command_size += handle_bytes.size(); 18371 hash->Update(auth_bytes.data(), 18372 auth_bytes.size()); 18373 parameter_section_bytes += auth_bytes; 18374 command_size += auth_bytes.size(); 18375 hash->Update(hash_alg_bytes.data(), 18376 hash_alg_bytes.size()); 18377 parameter_section_bytes += hash_alg_bytes; 18378 command_size += hash_alg_bytes.size(); 18379 std::string command_hash(32, 0); 18380 hash->Finish(string_as_array(&command_hash), command_hash.size()); 18381 std::string authorization_section_bytes; 18382 std::string authorization_size_bytes; 18383 if (authorization_delegate) { 18384 if (!authorization_delegate->GetCommandAuthorization( 18385 command_hash, 18386 is_command_parameter_encryption_possible, 18387 is_response_parameter_encryption_possible, 18388 &authorization_section_bytes)) { 18389 return TRUNKS_RC_AUTHORIZATION_FAILED; 18390 } 18391 if (!authorization_section_bytes.empty()) { 18392 tag = TPM_ST_SESSIONS; 18393 std::string tmp; 18394 rc = Serialize_UINT32(authorization_section_bytes.size(), 18395 &authorization_size_bytes); 18396 if (rc != TPM_RC_SUCCESS) { 18397 return rc; 18398 } 18399 command_size += authorization_size_bytes.size() + 18400 authorization_section_bytes.size(); 18401 } 18402 } 18403 std::string tag_bytes; 18404 rc = Serialize_TPMI_ST_COMMAND_TAG( 18405 tag, 18406 &tag_bytes); 18407 if (rc != TPM_RC_SUCCESS) { 18408 return rc; 18409 } 18410 std::string command_size_bytes; 18411 rc = Serialize_UINT32( 18412 command_size, 18413 &command_size_bytes); 18414 if (rc != TPM_RC_SUCCESS) { 18415 return rc; 18416 } 18417 *serialized_command = tag_bytes + 18418 command_size_bytes + 18419 command_code_bytes + 18420 handle_section_bytes + 18421 authorization_size_bytes + 18422 authorization_section_bytes + 18423 parameter_section_bytes; 18424 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 18425 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 18426 serialized_command->size()); 18427 return TPM_RC_SUCCESS; 18428 } 18429 18430 TPM_RC Tpm::ParseResponse_HMAC_Start( 18431 const std::string& response, 18432 TPMI_DH_OBJECT* sequence_handle, 18433 AuthorizationDelegate* authorization_delegate) { 18434 VLOG(3) << __func__; 18435 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 18436 TPM_RC rc = TPM_RC_SUCCESS; 18437 std::string buffer(response); 18438 TPM_ST tag; 18439 std::string tag_bytes; 18440 rc = Parse_TPM_ST( 18441 &buffer, 18442 &tag, 18443 &tag_bytes); 18444 if (rc != TPM_RC_SUCCESS) { 18445 return rc; 18446 } 18447 UINT32 response_size; 18448 std::string response_size_bytes; 18449 rc = Parse_UINT32( 18450 &buffer, 18451 &response_size, 18452 &response_size_bytes); 18453 if (rc != TPM_RC_SUCCESS) { 18454 return rc; 18455 } 18456 TPM_RC response_code; 18457 std::string response_code_bytes; 18458 rc = Parse_TPM_RC( 18459 &buffer, 18460 &response_code, 18461 &response_code_bytes); 18462 if (rc != TPM_RC_SUCCESS) { 18463 return rc; 18464 } 18465 if (response_size != response.size()) { 18466 return TPM_RC_SIZE; 18467 } 18468 if (response_code != TPM_RC_SUCCESS) { 18469 return response_code; 18470 } 18471 std::string sequence_handle_bytes; 18472 rc = Parse_TPMI_DH_OBJECT( 18473 &buffer, 18474 sequence_handle, 18475 &sequence_handle_bytes); 18476 if (rc != TPM_RC_SUCCESS) { 18477 return rc; 18478 } 18479 TPM_CC command_code = TPM_CC_HMAC_Start; 18480 std::string command_code_bytes; 18481 rc = Serialize_TPM_CC( 18482 command_code, 18483 &command_code_bytes); 18484 if (rc != TPM_RC_SUCCESS) { 18485 return rc; 18486 } 18487 std::string authorization_section_bytes; 18488 if (tag == TPM_ST_SESSIONS) { 18489 UINT32 parameter_section_size = buffer.size(); 18490 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 18491 if (rc != TPM_RC_SUCCESS) { 18492 return rc; 18493 } 18494 if (parameter_section_size > buffer.size()) { 18495 return TPM_RC_INSUFFICIENT; 18496 } 18497 authorization_section_bytes = buffer.substr(parameter_section_size); 18498 // Keep the parameter section in |buffer|. 18499 buffer.erase(parameter_section_size); 18500 } 18501 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 18502 crypto::SecureHash::SHA256)); 18503 hash->Update(response_code_bytes.data(), 18504 response_code_bytes.size()); 18505 hash->Update(command_code_bytes.data(), 18506 command_code_bytes.size()); 18507 hash->Update(buffer.data(), 18508 buffer.size()); 18509 std::string response_hash(32, 0); 18510 hash->Finish(string_as_array(&response_hash), response_hash.size()); 18511 if (tag == TPM_ST_SESSIONS) { 18512 CHECK(authorization_delegate) << "Authorization delegate missing!"; 18513 if (!authorization_delegate->CheckResponseAuthorization( 18514 response_hash, 18515 authorization_section_bytes)) { 18516 return TRUNKS_RC_AUTHORIZATION_FAILED; 18517 } 18518 } 18519 return TPM_RC_SUCCESS; 18520 } 18521 18522 void HMAC_StartErrorCallback( 18523 const Tpm::HMAC_StartResponse& callback, 18524 TPM_RC response_code) { 18525 VLOG(1) << __func__; 18526 callback.Run(response_code, 18527 TPMI_DH_OBJECT()); 18528 } 18529 18530 void HMAC_StartResponseParser( 18531 const Tpm::HMAC_StartResponse& callback, 18532 AuthorizationDelegate* authorization_delegate, 18533 const std::string& response) { 18534 VLOG(1) << __func__; 18535 base::Callback<void(TPM_RC)> error_reporter = 18536 base::Bind(HMAC_StartErrorCallback, callback); 18537 TPMI_DH_OBJECT sequence_handle; 18538 TPM_RC rc = Tpm::ParseResponse_HMAC_Start( 18539 response, 18540 &sequence_handle, 18541 authorization_delegate); 18542 if (rc != TPM_RC_SUCCESS) { 18543 error_reporter.Run(rc); 18544 return; 18545 } 18546 callback.Run( 18547 rc, 18548 sequence_handle); 18549 } 18550 18551 void Tpm::HMAC_Start( 18552 const TPMI_DH_OBJECT& handle, 18553 const std::string& handle_name, 18554 const TPM2B_AUTH& auth, 18555 const TPMI_ALG_HASH& hash_alg, 18556 AuthorizationDelegate* authorization_delegate, 18557 const HMAC_StartResponse& callback) { 18558 VLOG(1) << __func__; 18559 base::Callback<void(TPM_RC)> error_reporter = 18560 base::Bind(HMAC_StartErrorCallback, callback); 18561 base::Callback<void(const std::string&)> parser = 18562 base::Bind(HMAC_StartResponseParser, 18563 callback, 18564 authorization_delegate); 18565 std::string command; 18566 TPM_RC rc = SerializeCommand_HMAC_Start( 18567 handle, 18568 handle_name, 18569 auth, 18570 hash_alg, 18571 &command, 18572 authorization_delegate); 18573 if (rc != TPM_RC_SUCCESS) { 18574 error_reporter.Run(rc); 18575 return; 18576 } 18577 transceiver_->SendCommand(command, parser); 18578 } 18579 18580 TPM_RC Tpm::HMAC_StartSync( 18581 const TPMI_DH_OBJECT& handle, 18582 const std::string& handle_name, 18583 const TPM2B_AUTH& auth, 18584 const TPMI_ALG_HASH& hash_alg, 18585 TPMI_DH_OBJECT* sequence_handle, 18586 AuthorizationDelegate* authorization_delegate) { 18587 VLOG(1) << __func__; 18588 std::string command; 18589 TPM_RC rc = SerializeCommand_HMAC_Start( 18590 handle, 18591 handle_name, 18592 auth, 18593 hash_alg, 18594 &command, 18595 authorization_delegate); 18596 if (rc != TPM_RC_SUCCESS) { 18597 return rc; 18598 } 18599 std::string response = transceiver_->SendCommandAndWait(command); 18600 rc = ParseResponse_HMAC_Start( 18601 response, 18602 sequence_handle, 18603 authorization_delegate); 18604 return rc; 18605 } 18606 18607 TPM_RC Tpm::SerializeCommand_HashSequenceStart( 18608 const TPM2B_AUTH& auth, 18609 const TPMI_ALG_HASH& hash_alg, 18610 std::string* serialized_command, 18611 AuthorizationDelegate* authorization_delegate) { 18612 VLOG(3) << __func__; 18613 TPM_RC rc = TPM_RC_SUCCESS; 18614 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 18615 UINT32 command_size = 10; // Header size. 18616 std::string handle_section_bytes; 18617 std::string parameter_section_bytes; 18618 TPM_CC command_code = TPM_CC_HashSequenceStart; 18619 bool is_command_parameter_encryption_possible = true; 18620 bool is_response_parameter_encryption_possible = false; 18621 std::string command_code_bytes; 18622 rc = Serialize_TPM_CC( 18623 command_code, 18624 &command_code_bytes); 18625 if (rc != TPM_RC_SUCCESS) { 18626 return rc; 18627 } 18628 std::string auth_bytes; 18629 rc = Serialize_TPM2B_AUTH( 18630 auth, 18631 &auth_bytes); 18632 if (rc != TPM_RC_SUCCESS) { 18633 return rc; 18634 } 18635 std::string hash_alg_bytes; 18636 rc = Serialize_TPMI_ALG_HASH( 18637 hash_alg, 18638 &hash_alg_bytes); 18639 if (rc != TPM_RC_SUCCESS) { 18640 return rc; 18641 } 18642 if (authorization_delegate) { 18643 // Encrypt just the parameter data, not the size. 18644 std::string tmp = auth_bytes.substr(2); 18645 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 18646 return TRUNKS_RC_ENCRYPTION_FAILED; 18647 } 18648 auth_bytes.replace(2, std::string::npos, tmp); 18649 } 18650 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 18651 crypto::SecureHash::SHA256)); 18652 hash->Update(command_code_bytes.data(), 18653 command_code_bytes.size()); 18654 hash->Update(auth_bytes.data(), 18655 auth_bytes.size()); 18656 parameter_section_bytes += auth_bytes; 18657 command_size += auth_bytes.size(); 18658 hash->Update(hash_alg_bytes.data(), 18659 hash_alg_bytes.size()); 18660 parameter_section_bytes += hash_alg_bytes; 18661 command_size += hash_alg_bytes.size(); 18662 std::string command_hash(32, 0); 18663 hash->Finish(string_as_array(&command_hash), command_hash.size()); 18664 std::string authorization_section_bytes; 18665 std::string authorization_size_bytes; 18666 if (authorization_delegate) { 18667 if (!authorization_delegate->GetCommandAuthorization( 18668 command_hash, 18669 is_command_parameter_encryption_possible, 18670 is_response_parameter_encryption_possible, 18671 &authorization_section_bytes)) { 18672 return TRUNKS_RC_AUTHORIZATION_FAILED; 18673 } 18674 if (!authorization_section_bytes.empty()) { 18675 tag = TPM_ST_SESSIONS; 18676 std::string tmp; 18677 rc = Serialize_UINT32(authorization_section_bytes.size(), 18678 &authorization_size_bytes); 18679 if (rc != TPM_RC_SUCCESS) { 18680 return rc; 18681 } 18682 command_size += authorization_size_bytes.size() + 18683 authorization_section_bytes.size(); 18684 } 18685 } 18686 std::string tag_bytes; 18687 rc = Serialize_TPMI_ST_COMMAND_TAG( 18688 tag, 18689 &tag_bytes); 18690 if (rc != TPM_RC_SUCCESS) { 18691 return rc; 18692 } 18693 std::string command_size_bytes; 18694 rc = Serialize_UINT32( 18695 command_size, 18696 &command_size_bytes); 18697 if (rc != TPM_RC_SUCCESS) { 18698 return rc; 18699 } 18700 *serialized_command = tag_bytes + 18701 command_size_bytes + 18702 command_code_bytes + 18703 handle_section_bytes + 18704 authorization_size_bytes + 18705 authorization_section_bytes + 18706 parameter_section_bytes; 18707 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 18708 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 18709 serialized_command->size()); 18710 return TPM_RC_SUCCESS; 18711 } 18712 18713 TPM_RC Tpm::ParseResponse_HashSequenceStart( 18714 const std::string& response, 18715 TPMI_DH_OBJECT* sequence_handle, 18716 AuthorizationDelegate* authorization_delegate) { 18717 VLOG(3) << __func__; 18718 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 18719 TPM_RC rc = TPM_RC_SUCCESS; 18720 std::string buffer(response); 18721 TPM_ST tag; 18722 std::string tag_bytes; 18723 rc = Parse_TPM_ST( 18724 &buffer, 18725 &tag, 18726 &tag_bytes); 18727 if (rc != TPM_RC_SUCCESS) { 18728 return rc; 18729 } 18730 UINT32 response_size; 18731 std::string response_size_bytes; 18732 rc = Parse_UINT32( 18733 &buffer, 18734 &response_size, 18735 &response_size_bytes); 18736 if (rc != TPM_RC_SUCCESS) { 18737 return rc; 18738 } 18739 TPM_RC response_code; 18740 std::string response_code_bytes; 18741 rc = Parse_TPM_RC( 18742 &buffer, 18743 &response_code, 18744 &response_code_bytes); 18745 if (rc != TPM_RC_SUCCESS) { 18746 return rc; 18747 } 18748 if (response_size != response.size()) { 18749 return TPM_RC_SIZE; 18750 } 18751 if (response_code != TPM_RC_SUCCESS) { 18752 return response_code; 18753 } 18754 std::string sequence_handle_bytes; 18755 rc = Parse_TPMI_DH_OBJECT( 18756 &buffer, 18757 sequence_handle, 18758 &sequence_handle_bytes); 18759 if (rc != TPM_RC_SUCCESS) { 18760 return rc; 18761 } 18762 TPM_CC command_code = TPM_CC_HashSequenceStart; 18763 std::string command_code_bytes; 18764 rc = Serialize_TPM_CC( 18765 command_code, 18766 &command_code_bytes); 18767 if (rc != TPM_RC_SUCCESS) { 18768 return rc; 18769 } 18770 std::string authorization_section_bytes; 18771 if (tag == TPM_ST_SESSIONS) { 18772 UINT32 parameter_section_size = buffer.size(); 18773 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 18774 if (rc != TPM_RC_SUCCESS) { 18775 return rc; 18776 } 18777 if (parameter_section_size > buffer.size()) { 18778 return TPM_RC_INSUFFICIENT; 18779 } 18780 authorization_section_bytes = buffer.substr(parameter_section_size); 18781 // Keep the parameter section in |buffer|. 18782 buffer.erase(parameter_section_size); 18783 } 18784 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 18785 crypto::SecureHash::SHA256)); 18786 hash->Update(response_code_bytes.data(), 18787 response_code_bytes.size()); 18788 hash->Update(command_code_bytes.data(), 18789 command_code_bytes.size()); 18790 hash->Update(buffer.data(), 18791 buffer.size()); 18792 std::string response_hash(32, 0); 18793 hash->Finish(string_as_array(&response_hash), response_hash.size()); 18794 if (tag == TPM_ST_SESSIONS) { 18795 CHECK(authorization_delegate) << "Authorization delegate missing!"; 18796 if (!authorization_delegate->CheckResponseAuthorization( 18797 response_hash, 18798 authorization_section_bytes)) { 18799 return TRUNKS_RC_AUTHORIZATION_FAILED; 18800 } 18801 } 18802 return TPM_RC_SUCCESS; 18803 } 18804 18805 void HashSequenceStartErrorCallback( 18806 const Tpm::HashSequenceStartResponse& callback, 18807 TPM_RC response_code) { 18808 VLOG(1) << __func__; 18809 callback.Run(response_code, 18810 TPMI_DH_OBJECT()); 18811 } 18812 18813 void HashSequenceStartResponseParser( 18814 const Tpm::HashSequenceStartResponse& callback, 18815 AuthorizationDelegate* authorization_delegate, 18816 const std::string& response) { 18817 VLOG(1) << __func__; 18818 base::Callback<void(TPM_RC)> error_reporter = 18819 base::Bind(HashSequenceStartErrorCallback, callback); 18820 TPMI_DH_OBJECT sequence_handle; 18821 TPM_RC rc = Tpm::ParseResponse_HashSequenceStart( 18822 response, 18823 &sequence_handle, 18824 authorization_delegate); 18825 if (rc != TPM_RC_SUCCESS) { 18826 error_reporter.Run(rc); 18827 return; 18828 } 18829 callback.Run( 18830 rc, 18831 sequence_handle); 18832 } 18833 18834 void Tpm::HashSequenceStart( 18835 const TPM2B_AUTH& auth, 18836 const TPMI_ALG_HASH& hash_alg, 18837 AuthorizationDelegate* authorization_delegate, 18838 const HashSequenceStartResponse& callback) { 18839 VLOG(1) << __func__; 18840 base::Callback<void(TPM_RC)> error_reporter = 18841 base::Bind(HashSequenceStartErrorCallback, callback); 18842 base::Callback<void(const std::string&)> parser = 18843 base::Bind(HashSequenceStartResponseParser, 18844 callback, 18845 authorization_delegate); 18846 std::string command; 18847 TPM_RC rc = SerializeCommand_HashSequenceStart( 18848 auth, 18849 hash_alg, 18850 &command, 18851 authorization_delegate); 18852 if (rc != TPM_RC_SUCCESS) { 18853 error_reporter.Run(rc); 18854 return; 18855 } 18856 transceiver_->SendCommand(command, parser); 18857 } 18858 18859 TPM_RC Tpm::HashSequenceStartSync( 18860 const TPM2B_AUTH& auth, 18861 const TPMI_ALG_HASH& hash_alg, 18862 TPMI_DH_OBJECT* sequence_handle, 18863 AuthorizationDelegate* authorization_delegate) { 18864 VLOG(1) << __func__; 18865 std::string command; 18866 TPM_RC rc = SerializeCommand_HashSequenceStart( 18867 auth, 18868 hash_alg, 18869 &command, 18870 authorization_delegate); 18871 if (rc != TPM_RC_SUCCESS) { 18872 return rc; 18873 } 18874 std::string response = transceiver_->SendCommandAndWait(command); 18875 rc = ParseResponse_HashSequenceStart( 18876 response, 18877 sequence_handle, 18878 authorization_delegate); 18879 return rc; 18880 } 18881 18882 TPM_RC Tpm::SerializeCommand_SequenceUpdate( 18883 const TPMI_DH_OBJECT& sequence_handle, 18884 const std::string& sequence_handle_name, 18885 const TPM2B_MAX_BUFFER& buffer, 18886 std::string* serialized_command, 18887 AuthorizationDelegate* authorization_delegate) { 18888 VLOG(3) << __func__; 18889 TPM_RC rc = TPM_RC_SUCCESS; 18890 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 18891 UINT32 command_size = 10; // Header size. 18892 std::string handle_section_bytes; 18893 std::string parameter_section_bytes; 18894 TPM_CC command_code = TPM_CC_SequenceUpdate; 18895 bool is_command_parameter_encryption_possible = true; 18896 bool is_response_parameter_encryption_possible = false; 18897 std::string command_code_bytes; 18898 rc = Serialize_TPM_CC( 18899 command_code, 18900 &command_code_bytes); 18901 if (rc != TPM_RC_SUCCESS) { 18902 return rc; 18903 } 18904 std::string sequence_handle_bytes; 18905 rc = Serialize_TPMI_DH_OBJECT( 18906 sequence_handle, 18907 &sequence_handle_bytes); 18908 if (rc != TPM_RC_SUCCESS) { 18909 return rc; 18910 } 18911 std::string buffer_bytes; 18912 rc = Serialize_TPM2B_MAX_BUFFER( 18913 buffer, 18914 &buffer_bytes); 18915 if (rc != TPM_RC_SUCCESS) { 18916 return rc; 18917 } 18918 if (authorization_delegate) { 18919 // Encrypt just the parameter data, not the size. 18920 std::string tmp = buffer_bytes.substr(2); 18921 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 18922 return TRUNKS_RC_ENCRYPTION_FAILED; 18923 } 18924 buffer_bytes.replace(2, std::string::npos, tmp); 18925 } 18926 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 18927 crypto::SecureHash::SHA256)); 18928 hash->Update(command_code_bytes.data(), 18929 command_code_bytes.size()); 18930 hash->Update(sequence_handle_name.data(), 18931 sequence_handle_name.size()); 18932 handle_section_bytes += sequence_handle_bytes; 18933 command_size += sequence_handle_bytes.size(); 18934 hash->Update(buffer_bytes.data(), 18935 buffer_bytes.size()); 18936 parameter_section_bytes += buffer_bytes; 18937 command_size += buffer_bytes.size(); 18938 std::string command_hash(32, 0); 18939 hash->Finish(string_as_array(&command_hash), command_hash.size()); 18940 std::string authorization_section_bytes; 18941 std::string authorization_size_bytes; 18942 if (authorization_delegate) { 18943 if (!authorization_delegate->GetCommandAuthorization( 18944 command_hash, 18945 is_command_parameter_encryption_possible, 18946 is_response_parameter_encryption_possible, 18947 &authorization_section_bytes)) { 18948 return TRUNKS_RC_AUTHORIZATION_FAILED; 18949 } 18950 if (!authorization_section_bytes.empty()) { 18951 tag = TPM_ST_SESSIONS; 18952 std::string tmp; 18953 rc = Serialize_UINT32(authorization_section_bytes.size(), 18954 &authorization_size_bytes); 18955 if (rc != TPM_RC_SUCCESS) { 18956 return rc; 18957 } 18958 command_size += authorization_size_bytes.size() + 18959 authorization_section_bytes.size(); 18960 } 18961 } 18962 std::string tag_bytes; 18963 rc = Serialize_TPMI_ST_COMMAND_TAG( 18964 tag, 18965 &tag_bytes); 18966 if (rc != TPM_RC_SUCCESS) { 18967 return rc; 18968 } 18969 std::string command_size_bytes; 18970 rc = Serialize_UINT32( 18971 command_size, 18972 &command_size_bytes); 18973 if (rc != TPM_RC_SUCCESS) { 18974 return rc; 18975 } 18976 *serialized_command = tag_bytes + 18977 command_size_bytes + 18978 command_code_bytes + 18979 handle_section_bytes + 18980 authorization_size_bytes + 18981 authorization_section_bytes + 18982 parameter_section_bytes; 18983 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 18984 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 18985 serialized_command->size()); 18986 return TPM_RC_SUCCESS; 18987 } 18988 18989 TPM_RC Tpm::ParseResponse_SequenceUpdate( 18990 const std::string& response, 18991 AuthorizationDelegate* authorization_delegate) { 18992 VLOG(3) << __func__; 18993 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 18994 TPM_RC rc = TPM_RC_SUCCESS; 18995 std::string buffer(response); 18996 TPM_ST tag; 18997 std::string tag_bytes; 18998 rc = Parse_TPM_ST( 18999 &buffer, 19000 &tag, 19001 &tag_bytes); 19002 if (rc != TPM_RC_SUCCESS) { 19003 return rc; 19004 } 19005 UINT32 response_size; 19006 std::string response_size_bytes; 19007 rc = Parse_UINT32( 19008 &buffer, 19009 &response_size, 19010 &response_size_bytes); 19011 if (rc != TPM_RC_SUCCESS) { 19012 return rc; 19013 } 19014 TPM_RC response_code; 19015 std::string response_code_bytes; 19016 rc = Parse_TPM_RC( 19017 &buffer, 19018 &response_code, 19019 &response_code_bytes); 19020 if (rc != TPM_RC_SUCCESS) { 19021 return rc; 19022 } 19023 if (response_size != response.size()) { 19024 return TPM_RC_SIZE; 19025 } 19026 if (response_code != TPM_RC_SUCCESS) { 19027 return response_code; 19028 } 19029 TPM_CC command_code = TPM_CC_SequenceUpdate; 19030 std::string command_code_bytes; 19031 rc = Serialize_TPM_CC( 19032 command_code, 19033 &command_code_bytes); 19034 if (rc != TPM_RC_SUCCESS) { 19035 return rc; 19036 } 19037 std::string authorization_section_bytes; 19038 if (tag == TPM_ST_SESSIONS) { 19039 UINT32 parameter_section_size = buffer.size(); 19040 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 19041 if (rc != TPM_RC_SUCCESS) { 19042 return rc; 19043 } 19044 if (parameter_section_size > buffer.size()) { 19045 return TPM_RC_INSUFFICIENT; 19046 } 19047 authorization_section_bytes = buffer.substr(parameter_section_size); 19048 // Keep the parameter section in |buffer|. 19049 buffer.erase(parameter_section_size); 19050 } 19051 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 19052 crypto::SecureHash::SHA256)); 19053 hash->Update(response_code_bytes.data(), 19054 response_code_bytes.size()); 19055 hash->Update(command_code_bytes.data(), 19056 command_code_bytes.size()); 19057 hash->Update(buffer.data(), 19058 buffer.size()); 19059 std::string response_hash(32, 0); 19060 hash->Finish(string_as_array(&response_hash), response_hash.size()); 19061 if (tag == TPM_ST_SESSIONS) { 19062 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19063 if (!authorization_delegate->CheckResponseAuthorization( 19064 response_hash, 19065 authorization_section_bytes)) { 19066 return TRUNKS_RC_AUTHORIZATION_FAILED; 19067 } 19068 } 19069 return TPM_RC_SUCCESS; 19070 } 19071 19072 void SequenceUpdateErrorCallback( 19073 const Tpm::SequenceUpdateResponse& callback, 19074 TPM_RC response_code) { 19075 VLOG(1) << __func__; 19076 callback.Run(response_code); 19077 } 19078 19079 void SequenceUpdateResponseParser( 19080 const Tpm::SequenceUpdateResponse& callback, 19081 AuthorizationDelegate* authorization_delegate, 19082 const std::string& response) { 19083 VLOG(1) << __func__; 19084 base::Callback<void(TPM_RC)> error_reporter = 19085 base::Bind(SequenceUpdateErrorCallback, callback); 19086 TPM_RC rc = Tpm::ParseResponse_SequenceUpdate( 19087 response, 19088 authorization_delegate); 19089 if (rc != TPM_RC_SUCCESS) { 19090 error_reporter.Run(rc); 19091 return; 19092 } 19093 callback.Run( 19094 rc); 19095 } 19096 19097 void Tpm::SequenceUpdate( 19098 const TPMI_DH_OBJECT& sequence_handle, 19099 const std::string& sequence_handle_name, 19100 const TPM2B_MAX_BUFFER& buffer, 19101 AuthorizationDelegate* authorization_delegate, 19102 const SequenceUpdateResponse& callback) { 19103 VLOG(1) << __func__; 19104 base::Callback<void(TPM_RC)> error_reporter = 19105 base::Bind(SequenceUpdateErrorCallback, callback); 19106 base::Callback<void(const std::string&)> parser = 19107 base::Bind(SequenceUpdateResponseParser, 19108 callback, 19109 authorization_delegate); 19110 std::string command; 19111 TPM_RC rc = SerializeCommand_SequenceUpdate( 19112 sequence_handle, 19113 sequence_handle_name, 19114 buffer, 19115 &command, 19116 authorization_delegate); 19117 if (rc != TPM_RC_SUCCESS) { 19118 error_reporter.Run(rc); 19119 return; 19120 } 19121 transceiver_->SendCommand(command, parser); 19122 } 19123 19124 TPM_RC Tpm::SequenceUpdateSync( 19125 const TPMI_DH_OBJECT& sequence_handle, 19126 const std::string& sequence_handle_name, 19127 const TPM2B_MAX_BUFFER& buffer, 19128 AuthorizationDelegate* authorization_delegate) { 19129 VLOG(1) << __func__; 19130 std::string command; 19131 TPM_RC rc = SerializeCommand_SequenceUpdate( 19132 sequence_handle, 19133 sequence_handle_name, 19134 buffer, 19135 &command, 19136 authorization_delegate); 19137 if (rc != TPM_RC_SUCCESS) { 19138 return rc; 19139 } 19140 std::string response = transceiver_->SendCommandAndWait(command); 19141 rc = ParseResponse_SequenceUpdate( 19142 response, 19143 authorization_delegate); 19144 return rc; 19145 } 19146 19147 TPM_RC Tpm::SerializeCommand_SequenceComplete( 19148 const TPMI_DH_OBJECT& sequence_handle, 19149 const std::string& sequence_handle_name, 19150 const TPM2B_MAX_BUFFER& buffer, 19151 const TPMI_RH_HIERARCHY& hierarchy, 19152 std::string* serialized_command, 19153 AuthorizationDelegate* authorization_delegate) { 19154 VLOG(3) << __func__; 19155 TPM_RC rc = TPM_RC_SUCCESS; 19156 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 19157 UINT32 command_size = 10; // Header size. 19158 std::string handle_section_bytes; 19159 std::string parameter_section_bytes; 19160 TPM_CC command_code = TPM_CC_SequenceComplete; 19161 bool is_command_parameter_encryption_possible = true; 19162 bool is_response_parameter_encryption_possible = true; 19163 std::string command_code_bytes; 19164 rc = Serialize_TPM_CC( 19165 command_code, 19166 &command_code_bytes); 19167 if (rc != TPM_RC_SUCCESS) { 19168 return rc; 19169 } 19170 std::string sequence_handle_bytes; 19171 rc = Serialize_TPMI_DH_OBJECT( 19172 sequence_handle, 19173 &sequence_handle_bytes); 19174 if (rc != TPM_RC_SUCCESS) { 19175 return rc; 19176 } 19177 std::string buffer_bytes; 19178 rc = Serialize_TPM2B_MAX_BUFFER( 19179 buffer, 19180 &buffer_bytes); 19181 if (rc != TPM_RC_SUCCESS) { 19182 return rc; 19183 } 19184 std::string hierarchy_bytes; 19185 rc = Serialize_TPMI_RH_HIERARCHY( 19186 hierarchy, 19187 &hierarchy_bytes); 19188 if (rc != TPM_RC_SUCCESS) { 19189 return rc; 19190 } 19191 if (authorization_delegate) { 19192 // Encrypt just the parameter data, not the size. 19193 std::string tmp = buffer_bytes.substr(2); 19194 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 19195 return TRUNKS_RC_ENCRYPTION_FAILED; 19196 } 19197 buffer_bytes.replace(2, std::string::npos, tmp); 19198 } 19199 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 19200 crypto::SecureHash::SHA256)); 19201 hash->Update(command_code_bytes.data(), 19202 command_code_bytes.size()); 19203 hash->Update(sequence_handle_name.data(), 19204 sequence_handle_name.size()); 19205 handle_section_bytes += sequence_handle_bytes; 19206 command_size += sequence_handle_bytes.size(); 19207 hash->Update(buffer_bytes.data(), 19208 buffer_bytes.size()); 19209 parameter_section_bytes += buffer_bytes; 19210 command_size += buffer_bytes.size(); 19211 hash->Update(hierarchy_bytes.data(), 19212 hierarchy_bytes.size()); 19213 parameter_section_bytes += hierarchy_bytes; 19214 command_size += hierarchy_bytes.size(); 19215 std::string command_hash(32, 0); 19216 hash->Finish(string_as_array(&command_hash), command_hash.size()); 19217 std::string authorization_section_bytes; 19218 std::string authorization_size_bytes; 19219 if (authorization_delegate) { 19220 if (!authorization_delegate->GetCommandAuthorization( 19221 command_hash, 19222 is_command_parameter_encryption_possible, 19223 is_response_parameter_encryption_possible, 19224 &authorization_section_bytes)) { 19225 return TRUNKS_RC_AUTHORIZATION_FAILED; 19226 } 19227 if (!authorization_section_bytes.empty()) { 19228 tag = TPM_ST_SESSIONS; 19229 std::string tmp; 19230 rc = Serialize_UINT32(authorization_section_bytes.size(), 19231 &authorization_size_bytes); 19232 if (rc != TPM_RC_SUCCESS) { 19233 return rc; 19234 } 19235 command_size += authorization_size_bytes.size() + 19236 authorization_section_bytes.size(); 19237 } 19238 } 19239 std::string tag_bytes; 19240 rc = Serialize_TPMI_ST_COMMAND_TAG( 19241 tag, 19242 &tag_bytes); 19243 if (rc != TPM_RC_SUCCESS) { 19244 return rc; 19245 } 19246 std::string command_size_bytes; 19247 rc = Serialize_UINT32( 19248 command_size, 19249 &command_size_bytes); 19250 if (rc != TPM_RC_SUCCESS) { 19251 return rc; 19252 } 19253 *serialized_command = tag_bytes + 19254 command_size_bytes + 19255 command_code_bytes + 19256 handle_section_bytes + 19257 authorization_size_bytes + 19258 authorization_section_bytes + 19259 parameter_section_bytes; 19260 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 19261 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 19262 serialized_command->size()); 19263 return TPM_RC_SUCCESS; 19264 } 19265 19266 TPM_RC Tpm::ParseResponse_SequenceComplete( 19267 const std::string& response, 19268 TPM2B_DIGEST* result, 19269 TPMT_TK_HASHCHECK* validation, 19270 AuthorizationDelegate* authorization_delegate) { 19271 VLOG(3) << __func__; 19272 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 19273 TPM_RC rc = TPM_RC_SUCCESS; 19274 std::string buffer(response); 19275 TPM_ST tag; 19276 std::string tag_bytes; 19277 rc = Parse_TPM_ST( 19278 &buffer, 19279 &tag, 19280 &tag_bytes); 19281 if (rc != TPM_RC_SUCCESS) { 19282 return rc; 19283 } 19284 UINT32 response_size; 19285 std::string response_size_bytes; 19286 rc = Parse_UINT32( 19287 &buffer, 19288 &response_size, 19289 &response_size_bytes); 19290 if (rc != TPM_RC_SUCCESS) { 19291 return rc; 19292 } 19293 TPM_RC response_code; 19294 std::string response_code_bytes; 19295 rc = Parse_TPM_RC( 19296 &buffer, 19297 &response_code, 19298 &response_code_bytes); 19299 if (rc != TPM_RC_SUCCESS) { 19300 return rc; 19301 } 19302 if (response_size != response.size()) { 19303 return TPM_RC_SIZE; 19304 } 19305 if (response_code != TPM_RC_SUCCESS) { 19306 return response_code; 19307 } 19308 TPM_CC command_code = TPM_CC_SequenceComplete; 19309 std::string command_code_bytes; 19310 rc = Serialize_TPM_CC( 19311 command_code, 19312 &command_code_bytes); 19313 if (rc != TPM_RC_SUCCESS) { 19314 return rc; 19315 } 19316 std::string authorization_section_bytes; 19317 if (tag == TPM_ST_SESSIONS) { 19318 UINT32 parameter_section_size = buffer.size(); 19319 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 19320 if (rc != TPM_RC_SUCCESS) { 19321 return rc; 19322 } 19323 if (parameter_section_size > buffer.size()) { 19324 return TPM_RC_INSUFFICIENT; 19325 } 19326 authorization_section_bytes = buffer.substr(parameter_section_size); 19327 // Keep the parameter section in |buffer|. 19328 buffer.erase(parameter_section_size); 19329 } 19330 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 19331 crypto::SecureHash::SHA256)); 19332 hash->Update(response_code_bytes.data(), 19333 response_code_bytes.size()); 19334 hash->Update(command_code_bytes.data(), 19335 command_code_bytes.size()); 19336 hash->Update(buffer.data(), 19337 buffer.size()); 19338 std::string response_hash(32, 0); 19339 hash->Finish(string_as_array(&response_hash), response_hash.size()); 19340 if (tag == TPM_ST_SESSIONS) { 19341 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19342 if (!authorization_delegate->CheckResponseAuthorization( 19343 response_hash, 19344 authorization_section_bytes)) { 19345 return TRUNKS_RC_AUTHORIZATION_FAILED; 19346 } 19347 } 19348 std::string result_bytes; 19349 rc = Parse_TPM2B_DIGEST( 19350 &buffer, 19351 result, 19352 &result_bytes); 19353 if (rc != TPM_RC_SUCCESS) { 19354 return rc; 19355 } 19356 std::string validation_bytes; 19357 rc = Parse_TPMT_TK_HASHCHECK( 19358 &buffer, 19359 validation, 19360 &validation_bytes); 19361 if (rc != TPM_RC_SUCCESS) { 19362 return rc; 19363 } 19364 if (tag == TPM_ST_SESSIONS) { 19365 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19366 // Decrypt just the parameter data, not the size. 19367 std::string tmp = result_bytes.substr(2); 19368 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 19369 return TRUNKS_RC_ENCRYPTION_FAILED; 19370 } 19371 result_bytes.replace(2, std::string::npos, tmp); 19372 rc = Parse_TPM2B_DIGEST( 19373 &result_bytes, 19374 result, 19375 nullptr); 19376 if (rc != TPM_RC_SUCCESS) { 19377 return rc; 19378 } 19379 } 19380 return TPM_RC_SUCCESS; 19381 } 19382 19383 void SequenceCompleteErrorCallback( 19384 const Tpm::SequenceCompleteResponse& callback, 19385 TPM_RC response_code) { 19386 VLOG(1) << __func__; 19387 callback.Run(response_code, 19388 TPM2B_DIGEST(), 19389 TPMT_TK_HASHCHECK()); 19390 } 19391 19392 void SequenceCompleteResponseParser( 19393 const Tpm::SequenceCompleteResponse& callback, 19394 AuthorizationDelegate* authorization_delegate, 19395 const std::string& response) { 19396 VLOG(1) << __func__; 19397 base::Callback<void(TPM_RC)> error_reporter = 19398 base::Bind(SequenceCompleteErrorCallback, callback); 19399 TPM2B_DIGEST result; 19400 TPMT_TK_HASHCHECK validation; 19401 TPM_RC rc = Tpm::ParseResponse_SequenceComplete( 19402 response, 19403 &result, 19404 &validation, 19405 authorization_delegate); 19406 if (rc != TPM_RC_SUCCESS) { 19407 error_reporter.Run(rc); 19408 return; 19409 } 19410 callback.Run( 19411 rc, 19412 result, 19413 validation); 19414 } 19415 19416 void Tpm::SequenceComplete( 19417 const TPMI_DH_OBJECT& sequence_handle, 19418 const std::string& sequence_handle_name, 19419 const TPM2B_MAX_BUFFER& buffer, 19420 const TPMI_RH_HIERARCHY& hierarchy, 19421 AuthorizationDelegate* authorization_delegate, 19422 const SequenceCompleteResponse& callback) { 19423 VLOG(1) << __func__; 19424 base::Callback<void(TPM_RC)> error_reporter = 19425 base::Bind(SequenceCompleteErrorCallback, callback); 19426 base::Callback<void(const std::string&)> parser = 19427 base::Bind(SequenceCompleteResponseParser, 19428 callback, 19429 authorization_delegate); 19430 std::string command; 19431 TPM_RC rc = SerializeCommand_SequenceComplete( 19432 sequence_handle, 19433 sequence_handle_name, 19434 buffer, 19435 hierarchy, 19436 &command, 19437 authorization_delegate); 19438 if (rc != TPM_RC_SUCCESS) { 19439 error_reporter.Run(rc); 19440 return; 19441 } 19442 transceiver_->SendCommand(command, parser); 19443 } 19444 19445 TPM_RC Tpm::SequenceCompleteSync( 19446 const TPMI_DH_OBJECT& sequence_handle, 19447 const std::string& sequence_handle_name, 19448 const TPM2B_MAX_BUFFER& buffer, 19449 const TPMI_RH_HIERARCHY& hierarchy, 19450 TPM2B_DIGEST* result, 19451 TPMT_TK_HASHCHECK* validation, 19452 AuthorizationDelegate* authorization_delegate) { 19453 VLOG(1) << __func__; 19454 std::string command; 19455 TPM_RC rc = SerializeCommand_SequenceComplete( 19456 sequence_handle, 19457 sequence_handle_name, 19458 buffer, 19459 hierarchy, 19460 &command, 19461 authorization_delegate); 19462 if (rc != TPM_RC_SUCCESS) { 19463 return rc; 19464 } 19465 std::string response = transceiver_->SendCommandAndWait(command); 19466 rc = ParseResponse_SequenceComplete( 19467 response, 19468 result, 19469 validation, 19470 authorization_delegate); 19471 return rc; 19472 } 19473 19474 TPM_RC Tpm::SerializeCommand_EventSequenceComplete( 19475 const TPMI_DH_PCR& pcr_handle, 19476 const std::string& pcr_handle_name, 19477 const TPMI_DH_OBJECT& sequence_handle, 19478 const std::string& sequence_handle_name, 19479 const TPM2B_MAX_BUFFER& buffer, 19480 std::string* serialized_command, 19481 AuthorizationDelegate* authorization_delegate) { 19482 VLOG(3) << __func__; 19483 TPM_RC rc = TPM_RC_SUCCESS; 19484 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 19485 UINT32 command_size = 10; // Header size. 19486 std::string handle_section_bytes; 19487 std::string parameter_section_bytes; 19488 TPM_CC command_code = TPM_CC_EventSequenceComplete; 19489 bool is_command_parameter_encryption_possible = true; 19490 bool is_response_parameter_encryption_possible = false; 19491 std::string command_code_bytes; 19492 rc = Serialize_TPM_CC( 19493 command_code, 19494 &command_code_bytes); 19495 if (rc != TPM_RC_SUCCESS) { 19496 return rc; 19497 } 19498 std::string pcr_handle_bytes; 19499 rc = Serialize_TPMI_DH_PCR( 19500 pcr_handle, 19501 &pcr_handle_bytes); 19502 if (rc != TPM_RC_SUCCESS) { 19503 return rc; 19504 } 19505 std::string sequence_handle_bytes; 19506 rc = Serialize_TPMI_DH_OBJECT( 19507 sequence_handle, 19508 &sequence_handle_bytes); 19509 if (rc != TPM_RC_SUCCESS) { 19510 return rc; 19511 } 19512 std::string buffer_bytes; 19513 rc = Serialize_TPM2B_MAX_BUFFER( 19514 buffer, 19515 &buffer_bytes); 19516 if (rc != TPM_RC_SUCCESS) { 19517 return rc; 19518 } 19519 if (authorization_delegate) { 19520 // Encrypt just the parameter data, not the size. 19521 std::string tmp = buffer_bytes.substr(2); 19522 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 19523 return TRUNKS_RC_ENCRYPTION_FAILED; 19524 } 19525 buffer_bytes.replace(2, std::string::npos, tmp); 19526 } 19527 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 19528 crypto::SecureHash::SHA256)); 19529 hash->Update(command_code_bytes.data(), 19530 command_code_bytes.size()); 19531 hash->Update(pcr_handle_name.data(), 19532 pcr_handle_name.size()); 19533 handle_section_bytes += pcr_handle_bytes; 19534 command_size += pcr_handle_bytes.size(); 19535 hash->Update(sequence_handle_name.data(), 19536 sequence_handle_name.size()); 19537 handle_section_bytes += sequence_handle_bytes; 19538 command_size += sequence_handle_bytes.size(); 19539 hash->Update(buffer_bytes.data(), 19540 buffer_bytes.size()); 19541 parameter_section_bytes += buffer_bytes; 19542 command_size += buffer_bytes.size(); 19543 std::string command_hash(32, 0); 19544 hash->Finish(string_as_array(&command_hash), command_hash.size()); 19545 std::string authorization_section_bytes; 19546 std::string authorization_size_bytes; 19547 if (authorization_delegate) { 19548 if (!authorization_delegate->GetCommandAuthorization( 19549 command_hash, 19550 is_command_parameter_encryption_possible, 19551 is_response_parameter_encryption_possible, 19552 &authorization_section_bytes)) { 19553 return TRUNKS_RC_AUTHORIZATION_FAILED; 19554 } 19555 if (!authorization_section_bytes.empty()) { 19556 tag = TPM_ST_SESSIONS; 19557 std::string tmp; 19558 rc = Serialize_UINT32(authorization_section_bytes.size(), 19559 &authorization_size_bytes); 19560 if (rc != TPM_RC_SUCCESS) { 19561 return rc; 19562 } 19563 command_size += authorization_size_bytes.size() + 19564 authorization_section_bytes.size(); 19565 } 19566 } 19567 std::string tag_bytes; 19568 rc = Serialize_TPMI_ST_COMMAND_TAG( 19569 tag, 19570 &tag_bytes); 19571 if (rc != TPM_RC_SUCCESS) { 19572 return rc; 19573 } 19574 std::string command_size_bytes; 19575 rc = Serialize_UINT32( 19576 command_size, 19577 &command_size_bytes); 19578 if (rc != TPM_RC_SUCCESS) { 19579 return rc; 19580 } 19581 *serialized_command = tag_bytes + 19582 command_size_bytes + 19583 command_code_bytes + 19584 handle_section_bytes + 19585 authorization_size_bytes + 19586 authorization_section_bytes + 19587 parameter_section_bytes; 19588 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 19589 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 19590 serialized_command->size()); 19591 return TPM_RC_SUCCESS; 19592 } 19593 19594 TPM_RC Tpm::ParseResponse_EventSequenceComplete( 19595 const std::string& response, 19596 TPML_DIGEST_VALUES* results, 19597 AuthorizationDelegate* authorization_delegate) { 19598 VLOG(3) << __func__; 19599 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 19600 TPM_RC rc = TPM_RC_SUCCESS; 19601 std::string buffer(response); 19602 TPM_ST tag; 19603 std::string tag_bytes; 19604 rc = Parse_TPM_ST( 19605 &buffer, 19606 &tag, 19607 &tag_bytes); 19608 if (rc != TPM_RC_SUCCESS) { 19609 return rc; 19610 } 19611 UINT32 response_size; 19612 std::string response_size_bytes; 19613 rc = Parse_UINT32( 19614 &buffer, 19615 &response_size, 19616 &response_size_bytes); 19617 if (rc != TPM_RC_SUCCESS) { 19618 return rc; 19619 } 19620 TPM_RC response_code; 19621 std::string response_code_bytes; 19622 rc = Parse_TPM_RC( 19623 &buffer, 19624 &response_code, 19625 &response_code_bytes); 19626 if (rc != TPM_RC_SUCCESS) { 19627 return rc; 19628 } 19629 if (response_size != response.size()) { 19630 return TPM_RC_SIZE; 19631 } 19632 if (response_code != TPM_RC_SUCCESS) { 19633 return response_code; 19634 } 19635 TPM_CC command_code = TPM_CC_EventSequenceComplete; 19636 std::string command_code_bytes; 19637 rc = Serialize_TPM_CC( 19638 command_code, 19639 &command_code_bytes); 19640 if (rc != TPM_RC_SUCCESS) { 19641 return rc; 19642 } 19643 std::string authorization_section_bytes; 19644 if (tag == TPM_ST_SESSIONS) { 19645 UINT32 parameter_section_size = buffer.size(); 19646 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 19647 if (rc != TPM_RC_SUCCESS) { 19648 return rc; 19649 } 19650 if (parameter_section_size > buffer.size()) { 19651 return TPM_RC_INSUFFICIENT; 19652 } 19653 authorization_section_bytes = buffer.substr(parameter_section_size); 19654 // Keep the parameter section in |buffer|. 19655 buffer.erase(parameter_section_size); 19656 } 19657 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 19658 crypto::SecureHash::SHA256)); 19659 hash->Update(response_code_bytes.data(), 19660 response_code_bytes.size()); 19661 hash->Update(command_code_bytes.data(), 19662 command_code_bytes.size()); 19663 hash->Update(buffer.data(), 19664 buffer.size()); 19665 std::string response_hash(32, 0); 19666 hash->Finish(string_as_array(&response_hash), response_hash.size()); 19667 if (tag == TPM_ST_SESSIONS) { 19668 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19669 if (!authorization_delegate->CheckResponseAuthorization( 19670 response_hash, 19671 authorization_section_bytes)) { 19672 return TRUNKS_RC_AUTHORIZATION_FAILED; 19673 } 19674 } 19675 std::string results_bytes; 19676 rc = Parse_TPML_DIGEST_VALUES( 19677 &buffer, 19678 results, 19679 &results_bytes); 19680 if (rc != TPM_RC_SUCCESS) { 19681 return rc; 19682 } 19683 return TPM_RC_SUCCESS; 19684 } 19685 19686 void EventSequenceCompleteErrorCallback( 19687 const Tpm::EventSequenceCompleteResponse& callback, 19688 TPM_RC response_code) { 19689 VLOG(1) << __func__; 19690 callback.Run(response_code, 19691 TPML_DIGEST_VALUES()); 19692 } 19693 19694 void EventSequenceCompleteResponseParser( 19695 const Tpm::EventSequenceCompleteResponse& callback, 19696 AuthorizationDelegate* authorization_delegate, 19697 const std::string& response) { 19698 VLOG(1) << __func__; 19699 base::Callback<void(TPM_RC)> error_reporter = 19700 base::Bind(EventSequenceCompleteErrorCallback, callback); 19701 TPML_DIGEST_VALUES results; 19702 TPM_RC rc = Tpm::ParseResponse_EventSequenceComplete( 19703 response, 19704 &results, 19705 authorization_delegate); 19706 if (rc != TPM_RC_SUCCESS) { 19707 error_reporter.Run(rc); 19708 return; 19709 } 19710 callback.Run( 19711 rc, 19712 results); 19713 } 19714 19715 void Tpm::EventSequenceComplete( 19716 const TPMI_DH_PCR& pcr_handle, 19717 const std::string& pcr_handle_name, 19718 const TPMI_DH_OBJECT& sequence_handle, 19719 const std::string& sequence_handle_name, 19720 const TPM2B_MAX_BUFFER& buffer, 19721 AuthorizationDelegate* authorization_delegate, 19722 const EventSequenceCompleteResponse& callback) { 19723 VLOG(1) << __func__; 19724 base::Callback<void(TPM_RC)> error_reporter = 19725 base::Bind(EventSequenceCompleteErrorCallback, callback); 19726 base::Callback<void(const std::string&)> parser = 19727 base::Bind(EventSequenceCompleteResponseParser, 19728 callback, 19729 authorization_delegate); 19730 std::string command; 19731 TPM_RC rc = SerializeCommand_EventSequenceComplete( 19732 pcr_handle, 19733 pcr_handle_name, 19734 sequence_handle, 19735 sequence_handle_name, 19736 buffer, 19737 &command, 19738 authorization_delegate); 19739 if (rc != TPM_RC_SUCCESS) { 19740 error_reporter.Run(rc); 19741 return; 19742 } 19743 transceiver_->SendCommand(command, parser); 19744 } 19745 19746 TPM_RC Tpm::EventSequenceCompleteSync( 19747 const TPMI_DH_PCR& pcr_handle, 19748 const std::string& pcr_handle_name, 19749 const TPMI_DH_OBJECT& sequence_handle, 19750 const std::string& sequence_handle_name, 19751 const TPM2B_MAX_BUFFER& buffer, 19752 TPML_DIGEST_VALUES* results, 19753 AuthorizationDelegate* authorization_delegate) { 19754 VLOG(1) << __func__; 19755 std::string command; 19756 TPM_RC rc = SerializeCommand_EventSequenceComplete( 19757 pcr_handle, 19758 pcr_handle_name, 19759 sequence_handle, 19760 sequence_handle_name, 19761 buffer, 19762 &command, 19763 authorization_delegate); 19764 if (rc != TPM_RC_SUCCESS) { 19765 return rc; 19766 } 19767 std::string response = transceiver_->SendCommandAndWait(command); 19768 rc = ParseResponse_EventSequenceComplete( 19769 response, 19770 results, 19771 authorization_delegate); 19772 return rc; 19773 } 19774 19775 TPM_RC Tpm::SerializeCommand_Certify( 19776 const TPMI_DH_OBJECT& object_handle, 19777 const std::string& object_handle_name, 19778 const TPMI_DH_OBJECT& sign_handle, 19779 const std::string& sign_handle_name, 19780 const TPM2B_DATA& qualifying_data, 19781 const TPMT_SIG_SCHEME& in_scheme, 19782 std::string* serialized_command, 19783 AuthorizationDelegate* authorization_delegate) { 19784 VLOG(3) << __func__; 19785 TPM_RC rc = TPM_RC_SUCCESS; 19786 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 19787 UINT32 command_size = 10; // Header size. 19788 std::string handle_section_bytes; 19789 std::string parameter_section_bytes; 19790 TPM_CC command_code = TPM_CC_Certify; 19791 bool is_command_parameter_encryption_possible = true; 19792 bool is_response_parameter_encryption_possible = true; 19793 std::string command_code_bytes; 19794 rc = Serialize_TPM_CC( 19795 command_code, 19796 &command_code_bytes); 19797 if (rc != TPM_RC_SUCCESS) { 19798 return rc; 19799 } 19800 std::string object_handle_bytes; 19801 rc = Serialize_TPMI_DH_OBJECT( 19802 object_handle, 19803 &object_handle_bytes); 19804 if (rc != TPM_RC_SUCCESS) { 19805 return rc; 19806 } 19807 std::string sign_handle_bytes; 19808 rc = Serialize_TPMI_DH_OBJECT( 19809 sign_handle, 19810 &sign_handle_bytes); 19811 if (rc != TPM_RC_SUCCESS) { 19812 return rc; 19813 } 19814 std::string qualifying_data_bytes; 19815 rc = Serialize_TPM2B_DATA( 19816 qualifying_data, 19817 &qualifying_data_bytes); 19818 if (rc != TPM_RC_SUCCESS) { 19819 return rc; 19820 } 19821 std::string in_scheme_bytes; 19822 rc = Serialize_TPMT_SIG_SCHEME( 19823 in_scheme, 19824 &in_scheme_bytes); 19825 if (rc != TPM_RC_SUCCESS) { 19826 return rc; 19827 } 19828 if (authorization_delegate) { 19829 // Encrypt just the parameter data, not the size. 19830 std::string tmp = qualifying_data_bytes.substr(2); 19831 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 19832 return TRUNKS_RC_ENCRYPTION_FAILED; 19833 } 19834 qualifying_data_bytes.replace(2, std::string::npos, tmp); 19835 } 19836 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 19837 crypto::SecureHash::SHA256)); 19838 hash->Update(command_code_bytes.data(), 19839 command_code_bytes.size()); 19840 hash->Update(object_handle_name.data(), 19841 object_handle_name.size()); 19842 handle_section_bytes += object_handle_bytes; 19843 command_size += object_handle_bytes.size(); 19844 hash->Update(sign_handle_name.data(), 19845 sign_handle_name.size()); 19846 handle_section_bytes += sign_handle_bytes; 19847 command_size += sign_handle_bytes.size(); 19848 hash->Update(qualifying_data_bytes.data(), 19849 qualifying_data_bytes.size()); 19850 parameter_section_bytes += qualifying_data_bytes; 19851 command_size += qualifying_data_bytes.size(); 19852 hash->Update(in_scheme_bytes.data(), 19853 in_scheme_bytes.size()); 19854 parameter_section_bytes += in_scheme_bytes; 19855 command_size += in_scheme_bytes.size(); 19856 std::string command_hash(32, 0); 19857 hash->Finish(string_as_array(&command_hash), command_hash.size()); 19858 std::string authorization_section_bytes; 19859 std::string authorization_size_bytes; 19860 if (authorization_delegate) { 19861 if (!authorization_delegate->GetCommandAuthorization( 19862 command_hash, 19863 is_command_parameter_encryption_possible, 19864 is_response_parameter_encryption_possible, 19865 &authorization_section_bytes)) { 19866 return TRUNKS_RC_AUTHORIZATION_FAILED; 19867 } 19868 if (!authorization_section_bytes.empty()) { 19869 tag = TPM_ST_SESSIONS; 19870 std::string tmp; 19871 rc = Serialize_UINT32(authorization_section_bytes.size(), 19872 &authorization_size_bytes); 19873 if (rc != TPM_RC_SUCCESS) { 19874 return rc; 19875 } 19876 command_size += authorization_size_bytes.size() + 19877 authorization_section_bytes.size(); 19878 } 19879 } 19880 std::string tag_bytes; 19881 rc = Serialize_TPMI_ST_COMMAND_TAG( 19882 tag, 19883 &tag_bytes); 19884 if (rc != TPM_RC_SUCCESS) { 19885 return rc; 19886 } 19887 std::string command_size_bytes; 19888 rc = Serialize_UINT32( 19889 command_size, 19890 &command_size_bytes); 19891 if (rc != TPM_RC_SUCCESS) { 19892 return rc; 19893 } 19894 *serialized_command = tag_bytes + 19895 command_size_bytes + 19896 command_code_bytes + 19897 handle_section_bytes + 19898 authorization_size_bytes + 19899 authorization_section_bytes + 19900 parameter_section_bytes; 19901 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 19902 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 19903 serialized_command->size()); 19904 return TPM_RC_SUCCESS; 19905 } 19906 19907 TPM_RC Tpm::ParseResponse_Certify( 19908 const std::string& response, 19909 TPM2B_ATTEST* certify_info, 19910 TPMT_SIGNATURE* signature, 19911 AuthorizationDelegate* authorization_delegate) { 19912 VLOG(3) << __func__; 19913 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 19914 TPM_RC rc = TPM_RC_SUCCESS; 19915 std::string buffer(response); 19916 TPM_ST tag; 19917 std::string tag_bytes; 19918 rc = Parse_TPM_ST( 19919 &buffer, 19920 &tag, 19921 &tag_bytes); 19922 if (rc != TPM_RC_SUCCESS) { 19923 return rc; 19924 } 19925 UINT32 response_size; 19926 std::string response_size_bytes; 19927 rc = Parse_UINT32( 19928 &buffer, 19929 &response_size, 19930 &response_size_bytes); 19931 if (rc != TPM_RC_SUCCESS) { 19932 return rc; 19933 } 19934 TPM_RC response_code; 19935 std::string response_code_bytes; 19936 rc = Parse_TPM_RC( 19937 &buffer, 19938 &response_code, 19939 &response_code_bytes); 19940 if (rc != TPM_RC_SUCCESS) { 19941 return rc; 19942 } 19943 if (response_size != response.size()) { 19944 return TPM_RC_SIZE; 19945 } 19946 if (response_code != TPM_RC_SUCCESS) { 19947 return response_code; 19948 } 19949 TPM_CC command_code = TPM_CC_Certify; 19950 std::string command_code_bytes; 19951 rc = Serialize_TPM_CC( 19952 command_code, 19953 &command_code_bytes); 19954 if (rc != TPM_RC_SUCCESS) { 19955 return rc; 19956 } 19957 std::string authorization_section_bytes; 19958 if (tag == TPM_ST_SESSIONS) { 19959 UINT32 parameter_section_size = buffer.size(); 19960 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 19961 if (rc != TPM_RC_SUCCESS) { 19962 return rc; 19963 } 19964 if (parameter_section_size > buffer.size()) { 19965 return TPM_RC_INSUFFICIENT; 19966 } 19967 authorization_section_bytes = buffer.substr(parameter_section_size); 19968 // Keep the parameter section in |buffer|. 19969 buffer.erase(parameter_section_size); 19970 } 19971 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 19972 crypto::SecureHash::SHA256)); 19973 hash->Update(response_code_bytes.data(), 19974 response_code_bytes.size()); 19975 hash->Update(command_code_bytes.data(), 19976 command_code_bytes.size()); 19977 hash->Update(buffer.data(), 19978 buffer.size()); 19979 std::string response_hash(32, 0); 19980 hash->Finish(string_as_array(&response_hash), response_hash.size()); 19981 if (tag == TPM_ST_SESSIONS) { 19982 CHECK(authorization_delegate) << "Authorization delegate missing!"; 19983 if (!authorization_delegate->CheckResponseAuthorization( 19984 response_hash, 19985 authorization_section_bytes)) { 19986 return TRUNKS_RC_AUTHORIZATION_FAILED; 19987 } 19988 } 19989 std::string certify_info_bytes; 19990 rc = Parse_TPM2B_ATTEST( 19991 &buffer, 19992 certify_info, 19993 &certify_info_bytes); 19994 if (rc != TPM_RC_SUCCESS) { 19995 return rc; 19996 } 19997 std::string signature_bytes; 19998 rc = Parse_TPMT_SIGNATURE( 19999 &buffer, 20000 signature, 20001 &signature_bytes); 20002 if (rc != TPM_RC_SUCCESS) { 20003 return rc; 20004 } 20005 if (tag == TPM_ST_SESSIONS) { 20006 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20007 // Decrypt just the parameter data, not the size. 20008 std::string tmp = certify_info_bytes.substr(2); 20009 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 20010 return TRUNKS_RC_ENCRYPTION_FAILED; 20011 } 20012 certify_info_bytes.replace(2, std::string::npos, tmp); 20013 rc = Parse_TPM2B_ATTEST( 20014 &certify_info_bytes, 20015 certify_info, 20016 nullptr); 20017 if (rc != TPM_RC_SUCCESS) { 20018 return rc; 20019 } 20020 } 20021 return TPM_RC_SUCCESS; 20022 } 20023 20024 void CertifyErrorCallback( 20025 const Tpm::CertifyResponse& callback, 20026 TPM_RC response_code) { 20027 VLOG(1) << __func__; 20028 callback.Run(response_code, 20029 TPM2B_ATTEST(), 20030 TPMT_SIGNATURE()); 20031 } 20032 20033 void CertifyResponseParser( 20034 const Tpm::CertifyResponse& callback, 20035 AuthorizationDelegate* authorization_delegate, 20036 const std::string& response) { 20037 VLOG(1) << __func__; 20038 base::Callback<void(TPM_RC)> error_reporter = 20039 base::Bind(CertifyErrorCallback, callback); 20040 TPM2B_ATTEST certify_info; 20041 TPMT_SIGNATURE signature; 20042 TPM_RC rc = Tpm::ParseResponse_Certify( 20043 response, 20044 &certify_info, 20045 &signature, 20046 authorization_delegate); 20047 if (rc != TPM_RC_SUCCESS) { 20048 error_reporter.Run(rc); 20049 return; 20050 } 20051 callback.Run( 20052 rc, 20053 certify_info, 20054 signature); 20055 } 20056 20057 void Tpm::Certify( 20058 const TPMI_DH_OBJECT& object_handle, 20059 const std::string& object_handle_name, 20060 const TPMI_DH_OBJECT& sign_handle, 20061 const std::string& sign_handle_name, 20062 const TPM2B_DATA& qualifying_data, 20063 const TPMT_SIG_SCHEME& in_scheme, 20064 AuthorizationDelegate* authorization_delegate, 20065 const CertifyResponse& callback) { 20066 VLOG(1) << __func__; 20067 base::Callback<void(TPM_RC)> error_reporter = 20068 base::Bind(CertifyErrorCallback, callback); 20069 base::Callback<void(const std::string&)> parser = 20070 base::Bind(CertifyResponseParser, 20071 callback, 20072 authorization_delegate); 20073 std::string command; 20074 TPM_RC rc = SerializeCommand_Certify( 20075 object_handle, 20076 object_handle_name, 20077 sign_handle, 20078 sign_handle_name, 20079 qualifying_data, 20080 in_scheme, 20081 &command, 20082 authorization_delegate); 20083 if (rc != TPM_RC_SUCCESS) { 20084 error_reporter.Run(rc); 20085 return; 20086 } 20087 transceiver_->SendCommand(command, parser); 20088 } 20089 20090 TPM_RC Tpm::CertifySync( 20091 const TPMI_DH_OBJECT& object_handle, 20092 const std::string& object_handle_name, 20093 const TPMI_DH_OBJECT& sign_handle, 20094 const std::string& sign_handle_name, 20095 const TPM2B_DATA& qualifying_data, 20096 const TPMT_SIG_SCHEME& in_scheme, 20097 TPM2B_ATTEST* certify_info, 20098 TPMT_SIGNATURE* signature, 20099 AuthorizationDelegate* authorization_delegate) { 20100 VLOG(1) << __func__; 20101 std::string command; 20102 TPM_RC rc = SerializeCommand_Certify( 20103 object_handle, 20104 object_handle_name, 20105 sign_handle, 20106 sign_handle_name, 20107 qualifying_data, 20108 in_scheme, 20109 &command, 20110 authorization_delegate); 20111 if (rc != TPM_RC_SUCCESS) { 20112 return rc; 20113 } 20114 std::string response = transceiver_->SendCommandAndWait(command); 20115 rc = ParseResponse_Certify( 20116 response, 20117 certify_info, 20118 signature, 20119 authorization_delegate); 20120 return rc; 20121 } 20122 20123 TPM_RC Tpm::SerializeCommand_CertifyCreation( 20124 const TPMI_DH_OBJECT& sign_handle, 20125 const std::string& sign_handle_name, 20126 const TPMI_DH_OBJECT& object_handle, 20127 const std::string& object_handle_name, 20128 const TPM2B_DATA& qualifying_data, 20129 const TPM2B_DIGEST& creation_hash, 20130 const TPMT_SIG_SCHEME& in_scheme, 20131 const TPMT_TK_CREATION& creation_ticket, 20132 std::string* serialized_command, 20133 AuthorizationDelegate* authorization_delegate) { 20134 VLOG(3) << __func__; 20135 TPM_RC rc = TPM_RC_SUCCESS; 20136 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 20137 UINT32 command_size = 10; // Header size. 20138 std::string handle_section_bytes; 20139 std::string parameter_section_bytes; 20140 TPM_CC command_code = TPM_CC_CertifyCreation; 20141 bool is_command_parameter_encryption_possible = true; 20142 bool is_response_parameter_encryption_possible = true; 20143 std::string command_code_bytes; 20144 rc = Serialize_TPM_CC( 20145 command_code, 20146 &command_code_bytes); 20147 if (rc != TPM_RC_SUCCESS) { 20148 return rc; 20149 } 20150 std::string sign_handle_bytes; 20151 rc = Serialize_TPMI_DH_OBJECT( 20152 sign_handle, 20153 &sign_handle_bytes); 20154 if (rc != TPM_RC_SUCCESS) { 20155 return rc; 20156 } 20157 std::string object_handle_bytes; 20158 rc = Serialize_TPMI_DH_OBJECT( 20159 object_handle, 20160 &object_handle_bytes); 20161 if (rc != TPM_RC_SUCCESS) { 20162 return rc; 20163 } 20164 std::string qualifying_data_bytes; 20165 rc = Serialize_TPM2B_DATA( 20166 qualifying_data, 20167 &qualifying_data_bytes); 20168 if (rc != TPM_RC_SUCCESS) { 20169 return rc; 20170 } 20171 std::string creation_hash_bytes; 20172 rc = Serialize_TPM2B_DIGEST( 20173 creation_hash, 20174 &creation_hash_bytes); 20175 if (rc != TPM_RC_SUCCESS) { 20176 return rc; 20177 } 20178 std::string in_scheme_bytes; 20179 rc = Serialize_TPMT_SIG_SCHEME( 20180 in_scheme, 20181 &in_scheme_bytes); 20182 if (rc != TPM_RC_SUCCESS) { 20183 return rc; 20184 } 20185 std::string creation_ticket_bytes; 20186 rc = Serialize_TPMT_TK_CREATION( 20187 creation_ticket, 20188 &creation_ticket_bytes); 20189 if (rc != TPM_RC_SUCCESS) { 20190 return rc; 20191 } 20192 if (authorization_delegate) { 20193 // Encrypt just the parameter data, not the size. 20194 std::string tmp = qualifying_data_bytes.substr(2); 20195 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 20196 return TRUNKS_RC_ENCRYPTION_FAILED; 20197 } 20198 qualifying_data_bytes.replace(2, std::string::npos, tmp); 20199 } 20200 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 20201 crypto::SecureHash::SHA256)); 20202 hash->Update(command_code_bytes.data(), 20203 command_code_bytes.size()); 20204 hash->Update(sign_handle_name.data(), 20205 sign_handle_name.size()); 20206 handle_section_bytes += sign_handle_bytes; 20207 command_size += sign_handle_bytes.size(); 20208 hash->Update(object_handle_name.data(), 20209 object_handle_name.size()); 20210 handle_section_bytes += object_handle_bytes; 20211 command_size += object_handle_bytes.size(); 20212 hash->Update(qualifying_data_bytes.data(), 20213 qualifying_data_bytes.size()); 20214 parameter_section_bytes += qualifying_data_bytes; 20215 command_size += qualifying_data_bytes.size(); 20216 hash->Update(creation_hash_bytes.data(), 20217 creation_hash_bytes.size()); 20218 parameter_section_bytes += creation_hash_bytes; 20219 command_size += creation_hash_bytes.size(); 20220 hash->Update(in_scheme_bytes.data(), 20221 in_scheme_bytes.size()); 20222 parameter_section_bytes += in_scheme_bytes; 20223 command_size += in_scheme_bytes.size(); 20224 hash->Update(creation_ticket_bytes.data(), 20225 creation_ticket_bytes.size()); 20226 parameter_section_bytes += creation_ticket_bytes; 20227 command_size += creation_ticket_bytes.size(); 20228 std::string command_hash(32, 0); 20229 hash->Finish(string_as_array(&command_hash), command_hash.size()); 20230 std::string authorization_section_bytes; 20231 std::string authorization_size_bytes; 20232 if (authorization_delegate) { 20233 if (!authorization_delegate->GetCommandAuthorization( 20234 command_hash, 20235 is_command_parameter_encryption_possible, 20236 is_response_parameter_encryption_possible, 20237 &authorization_section_bytes)) { 20238 return TRUNKS_RC_AUTHORIZATION_FAILED; 20239 } 20240 if (!authorization_section_bytes.empty()) { 20241 tag = TPM_ST_SESSIONS; 20242 std::string tmp; 20243 rc = Serialize_UINT32(authorization_section_bytes.size(), 20244 &authorization_size_bytes); 20245 if (rc != TPM_RC_SUCCESS) { 20246 return rc; 20247 } 20248 command_size += authorization_size_bytes.size() + 20249 authorization_section_bytes.size(); 20250 } 20251 } 20252 std::string tag_bytes; 20253 rc = Serialize_TPMI_ST_COMMAND_TAG( 20254 tag, 20255 &tag_bytes); 20256 if (rc != TPM_RC_SUCCESS) { 20257 return rc; 20258 } 20259 std::string command_size_bytes; 20260 rc = Serialize_UINT32( 20261 command_size, 20262 &command_size_bytes); 20263 if (rc != TPM_RC_SUCCESS) { 20264 return rc; 20265 } 20266 *serialized_command = tag_bytes + 20267 command_size_bytes + 20268 command_code_bytes + 20269 handle_section_bytes + 20270 authorization_size_bytes + 20271 authorization_section_bytes + 20272 parameter_section_bytes; 20273 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 20274 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 20275 serialized_command->size()); 20276 return TPM_RC_SUCCESS; 20277 } 20278 20279 TPM_RC Tpm::ParseResponse_CertifyCreation( 20280 const std::string& response, 20281 TPM2B_ATTEST* certify_info, 20282 TPMT_SIGNATURE* signature, 20283 AuthorizationDelegate* authorization_delegate) { 20284 VLOG(3) << __func__; 20285 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 20286 TPM_RC rc = TPM_RC_SUCCESS; 20287 std::string buffer(response); 20288 TPM_ST tag; 20289 std::string tag_bytes; 20290 rc = Parse_TPM_ST( 20291 &buffer, 20292 &tag, 20293 &tag_bytes); 20294 if (rc != TPM_RC_SUCCESS) { 20295 return rc; 20296 } 20297 UINT32 response_size; 20298 std::string response_size_bytes; 20299 rc = Parse_UINT32( 20300 &buffer, 20301 &response_size, 20302 &response_size_bytes); 20303 if (rc != TPM_RC_SUCCESS) { 20304 return rc; 20305 } 20306 TPM_RC response_code; 20307 std::string response_code_bytes; 20308 rc = Parse_TPM_RC( 20309 &buffer, 20310 &response_code, 20311 &response_code_bytes); 20312 if (rc != TPM_RC_SUCCESS) { 20313 return rc; 20314 } 20315 if (response_size != response.size()) { 20316 return TPM_RC_SIZE; 20317 } 20318 if (response_code != TPM_RC_SUCCESS) { 20319 return response_code; 20320 } 20321 TPM_CC command_code = TPM_CC_CertifyCreation; 20322 std::string command_code_bytes; 20323 rc = Serialize_TPM_CC( 20324 command_code, 20325 &command_code_bytes); 20326 if (rc != TPM_RC_SUCCESS) { 20327 return rc; 20328 } 20329 std::string authorization_section_bytes; 20330 if (tag == TPM_ST_SESSIONS) { 20331 UINT32 parameter_section_size = buffer.size(); 20332 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 20333 if (rc != TPM_RC_SUCCESS) { 20334 return rc; 20335 } 20336 if (parameter_section_size > buffer.size()) { 20337 return TPM_RC_INSUFFICIENT; 20338 } 20339 authorization_section_bytes = buffer.substr(parameter_section_size); 20340 // Keep the parameter section in |buffer|. 20341 buffer.erase(parameter_section_size); 20342 } 20343 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 20344 crypto::SecureHash::SHA256)); 20345 hash->Update(response_code_bytes.data(), 20346 response_code_bytes.size()); 20347 hash->Update(command_code_bytes.data(), 20348 command_code_bytes.size()); 20349 hash->Update(buffer.data(), 20350 buffer.size()); 20351 std::string response_hash(32, 0); 20352 hash->Finish(string_as_array(&response_hash), response_hash.size()); 20353 if (tag == TPM_ST_SESSIONS) { 20354 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20355 if (!authorization_delegate->CheckResponseAuthorization( 20356 response_hash, 20357 authorization_section_bytes)) { 20358 return TRUNKS_RC_AUTHORIZATION_FAILED; 20359 } 20360 } 20361 std::string certify_info_bytes; 20362 rc = Parse_TPM2B_ATTEST( 20363 &buffer, 20364 certify_info, 20365 &certify_info_bytes); 20366 if (rc != TPM_RC_SUCCESS) { 20367 return rc; 20368 } 20369 std::string signature_bytes; 20370 rc = Parse_TPMT_SIGNATURE( 20371 &buffer, 20372 signature, 20373 &signature_bytes); 20374 if (rc != TPM_RC_SUCCESS) { 20375 return rc; 20376 } 20377 if (tag == TPM_ST_SESSIONS) { 20378 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20379 // Decrypt just the parameter data, not the size. 20380 std::string tmp = certify_info_bytes.substr(2); 20381 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 20382 return TRUNKS_RC_ENCRYPTION_FAILED; 20383 } 20384 certify_info_bytes.replace(2, std::string::npos, tmp); 20385 rc = Parse_TPM2B_ATTEST( 20386 &certify_info_bytes, 20387 certify_info, 20388 nullptr); 20389 if (rc != TPM_RC_SUCCESS) { 20390 return rc; 20391 } 20392 } 20393 return TPM_RC_SUCCESS; 20394 } 20395 20396 void CertifyCreationErrorCallback( 20397 const Tpm::CertifyCreationResponse& callback, 20398 TPM_RC response_code) { 20399 VLOG(1) << __func__; 20400 callback.Run(response_code, 20401 TPM2B_ATTEST(), 20402 TPMT_SIGNATURE()); 20403 } 20404 20405 void CertifyCreationResponseParser( 20406 const Tpm::CertifyCreationResponse& callback, 20407 AuthorizationDelegate* authorization_delegate, 20408 const std::string& response) { 20409 VLOG(1) << __func__; 20410 base::Callback<void(TPM_RC)> error_reporter = 20411 base::Bind(CertifyCreationErrorCallback, callback); 20412 TPM2B_ATTEST certify_info; 20413 TPMT_SIGNATURE signature; 20414 TPM_RC rc = Tpm::ParseResponse_CertifyCreation( 20415 response, 20416 &certify_info, 20417 &signature, 20418 authorization_delegate); 20419 if (rc != TPM_RC_SUCCESS) { 20420 error_reporter.Run(rc); 20421 return; 20422 } 20423 callback.Run( 20424 rc, 20425 certify_info, 20426 signature); 20427 } 20428 20429 void Tpm::CertifyCreation( 20430 const TPMI_DH_OBJECT& sign_handle, 20431 const std::string& sign_handle_name, 20432 const TPMI_DH_OBJECT& object_handle, 20433 const std::string& object_handle_name, 20434 const TPM2B_DATA& qualifying_data, 20435 const TPM2B_DIGEST& creation_hash, 20436 const TPMT_SIG_SCHEME& in_scheme, 20437 const TPMT_TK_CREATION& creation_ticket, 20438 AuthorizationDelegate* authorization_delegate, 20439 const CertifyCreationResponse& callback) { 20440 VLOG(1) << __func__; 20441 base::Callback<void(TPM_RC)> error_reporter = 20442 base::Bind(CertifyCreationErrorCallback, callback); 20443 base::Callback<void(const std::string&)> parser = 20444 base::Bind(CertifyCreationResponseParser, 20445 callback, 20446 authorization_delegate); 20447 std::string command; 20448 TPM_RC rc = SerializeCommand_CertifyCreation( 20449 sign_handle, 20450 sign_handle_name, 20451 object_handle, 20452 object_handle_name, 20453 qualifying_data, 20454 creation_hash, 20455 in_scheme, 20456 creation_ticket, 20457 &command, 20458 authorization_delegate); 20459 if (rc != TPM_RC_SUCCESS) { 20460 error_reporter.Run(rc); 20461 return; 20462 } 20463 transceiver_->SendCommand(command, parser); 20464 } 20465 20466 TPM_RC Tpm::CertifyCreationSync( 20467 const TPMI_DH_OBJECT& sign_handle, 20468 const std::string& sign_handle_name, 20469 const TPMI_DH_OBJECT& object_handle, 20470 const std::string& object_handle_name, 20471 const TPM2B_DATA& qualifying_data, 20472 const TPM2B_DIGEST& creation_hash, 20473 const TPMT_SIG_SCHEME& in_scheme, 20474 const TPMT_TK_CREATION& creation_ticket, 20475 TPM2B_ATTEST* certify_info, 20476 TPMT_SIGNATURE* signature, 20477 AuthorizationDelegate* authorization_delegate) { 20478 VLOG(1) << __func__; 20479 std::string command; 20480 TPM_RC rc = SerializeCommand_CertifyCreation( 20481 sign_handle, 20482 sign_handle_name, 20483 object_handle, 20484 object_handle_name, 20485 qualifying_data, 20486 creation_hash, 20487 in_scheme, 20488 creation_ticket, 20489 &command, 20490 authorization_delegate); 20491 if (rc != TPM_RC_SUCCESS) { 20492 return rc; 20493 } 20494 std::string response = transceiver_->SendCommandAndWait(command); 20495 rc = ParseResponse_CertifyCreation( 20496 response, 20497 certify_info, 20498 signature, 20499 authorization_delegate); 20500 return rc; 20501 } 20502 20503 TPM_RC Tpm::SerializeCommand_Quote( 20504 const TPMI_DH_OBJECT& sign_handle, 20505 const std::string& sign_handle_name, 20506 const TPM2B_DATA& qualifying_data, 20507 const TPMT_SIG_SCHEME& in_scheme, 20508 const TPML_PCR_SELECTION& pcrselect, 20509 std::string* serialized_command, 20510 AuthorizationDelegate* authorization_delegate) { 20511 VLOG(3) << __func__; 20512 TPM_RC rc = TPM_RC_SUCCESS; 20513 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 20514 UINT32 command_size = 10; // Header size. 20515 std::string handle_section_bytes; 20516 std::string parameter_section_bytes; 20517 TPM_CC command_code = TPM_CC_Quote; 20518 bool is_command_parameter_encryption_possible = true; 20519 bool is_response_parameter_encryption_possible = true; 20520 std::string command_code_bytes; 20521 rc = Serialize_TPM_CC( 20522 command_code, 20523 &command_code_bytes); 20524 if (rc != TPM_RC_SUCCESS) { 20525 return rc; 20526 } 20527 std::string sign_handle_bytes; 20528 rc = Serialize_TPMI_DH_OBJECT( 20529 sign_handle, 20530 &sign_handle_bytes); 20531 if (rc != TPM_RC_SUCCESS) { 20532 return rc; 20533 } 20534 std::string qualifying_data_bytes; 20535 rc = Serialize_TPM2B_DATA( 20536 qualifying_data, 20537 &qualifying_data_bytes); 20538 if (rc != TPM_RC_SUCCESS) { 20539 return rc; 20540 } 20541 std::string in_scheme_bytes; 20542 rc = Serialize_TPMT_SIG_SCHEME( 20543 in_scheme, 20544 &in_scheme_bytes); 20545 if (rc != TPM_RC_SUCCESS) { 20546 return rc; 20547 } 20548 std::string pcrselect_bytes; 20549 rc = Serialize_TPML_PCR_SELECTION( 20550 pcrselect, 20551 &pcrselect_bytes); 20552 if (rc != TPM_RC_SUCCESS) { 20553 return rc; 20554 } 20555 if (authorization_delegate) { 20556 // Encrypt just the parameter data, not the size. 20557 std::string tmp = qualifying_data_bytes.substr(2); 20558 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 20559 return TRUNKS_RC_ENCRYPTION_FAILED; 20560 } 20561 qualifying_data_bytes.replace(2, std::string::npos, tmp); 20562 } 20563 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 20564 crypto::SecureHash::SHA256)); 20565 hash->Update(command_code_bytes.data(), 20566 command_code_bytes.size()); 20567 hash->Update(sign_handle_name.data(), 20568 sign_handle_name.size()); 20569 handle_section_bytes += sign_handle_bytes; 20570 command_size += sign_handle_bytes.size(); 20571 hash->Update(qualifying_data_bytes.data(), 20572 qualifying_data_bytes.size()); 20573 parameter_section_bytes += qualifying_data_bytes; 20574 command_size += qualifying_data_bytes.size(); 20575 hash->Update(in_scheme_bytes.data(), 20576 in_scheme_bytes.size()); 20577 parameter_section_bytes += in_scheme_bytes; 20578 command_size += in_scheme_bytes.size(); 20579 hash->Update(pcrselect_bytes.data(), 20580 pcrselect_bytes.size()); 20581 parameter_section_bytes += pcrselect_bytes; 20582 command_size += pcrselect_bytes.size(); 20583 std::string command_hash(32, 0); 20584 hash->Finish(string_as_array(&command_hash), command_hash.size()); 20585 std::string authorization_section_bytes; 20586 std::string authorization_size_bytes; 20587 if (authorization_delegate) { 20588 if (!authorization_delegate->GetCommandAuthorization( 20589 command_hash, 20590 is_command_parameter_encryption_possible, 20591 is_response_parameter_encryption_possible, 20592 &authorization_section_bytes)) { 20593 return TRUNKS_RC_AUTHORIZATION_FAILED; 20594 } 20595 if (!authorization_section_bytes.empty()) { 20596 tag = TPM_ST_SESSIONS; 20597 std::string tmp; 20598 rc = Serialize_UINT32(authorization_section_bytes.size(), 20599 &authorization_size_bytes); 20600 if (rc != TPM_RC_SUCCESS) { 20601 return rc; 20602 } 20603 command_size += authorization_size_bytes.size() + 20604 authorization_section_bytes.size(); 20605 } 20606 } 20607 std::string tag_bytes; 20608 rc = Serialize_TPMI_ST_COMMAND_TAG( 20609 tag, 20610 &tag_bytes); 20611 if (rc != TPM_RC_SUCCESS) { 20612 return rc; 20613 } 20614 std::string command_size_bytes; 20615 rc = Serialize_UINT32( 20616 command_size, 20617 &command_size_bytes); 20618 if (rc != TPM_RC_SUCCESS) { 20619 return rc; 20620 } 20621 *serialized_command = tag_bytes + 20622 command_size_bytes + 20623 command_code_bytes + 20624 handle_section_bytes + 20625 authorization_size_bytes + 20626 authorization_section_bytes + 20627 parameter_section_bytes; 20628 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 20629 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 20630 serialized_command->size()); 20631 return TPM_RC_SUCCESS; 20632 } 20633 20634 TPM_RC Tpm::ParseResponse_Quote( 20635 const std::string& response, 20636 TPM2B_ATTEST* quoted, 20637 TPMT_SIGNATURE* signature, 20638 AuthorizationDelegate* authorization_delegate) { 20639 VLOG(3) << __func__; 20640 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 20641 TPM_RC rc = TPM_RC_SUCCESS; 20642 std::string buffer(response); 20643 TPM_ST tag; 20644 std::string tag_bytes; 20645 rc = Parse_TPM_ST( 20646 &buffer, 20647 &tag, 20648 &tag_bytes); 20649 if (rc != TPM_RC_SUCCESS) { 20650 return rc; 20651 } 20652 UINT32 response_size; 20653 std::string response_size_bytes; 20654 rc = Parse_UINT32( 20655 &buffer, 20656 &response_size, 20657 &response_size_bytes); 20658 if (rc != TPM_RC_SUCCESS) { 20659 return rc; 20660 } 20661 TPM_RC response_code; 20662 std::string response_code_bytes; 20663 rc = Parse_TPM_RC( 20664 &buffer, 20665 &response_code, 20666 &response_code_bytes); 20667 if (rc != TPM_RC_SUCCESS) { 20668 return rc; 20669 } 20670 if (response_size != response.size()) { 20671 return TPM_RC_SIZE; 20672 } 20673 if (response_code != TPM_RC_SUCCESS) { 20674 return response_code; 20675 } 20676 TPM_CC command_code = TPM_CC_Quote; 20677 std::string command_code_bytes; 20678 rc = Serialize_TPM_CC( 20679 command_code, 20680 &command_code_bytes); 20681 if (rc != TPM_RC_SUCCESS) { 20682 return rc; 20683 } 20684 std::string authorization_section_bytes; 20685 if (tag == TPM_ST_SESSIONS) { 20686 UINT32 parameter_section_size = buffer.size(); 20687 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 20688 if (rc != TPM_RC_SUCCESS) { 20689 return rc; 20690 } 20691 if (parameter_section_size > buffer.size()) { 20692 return TPM_RC_INSUFFICIENT; 20693 } 20694 authorization_section_bytes = buffer.substr(parameter_section_size); 20695 // Keep the parameter section in |buffer|. 20696 buffer.erase(parameter_section_size); 20697 } 20698 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 20699 crypto::SecureHash::SHA256)); 20700 hash->Update(response_code_bytes.data(), 20701 response_code_bytes.size()); 20702 hash->Update(command_code_bytes.data(), 20703 command_code_bytes.size()); 20704 hash->Update(buffer.data(), 20705 buffer.size()); 20706 std::string response_hash(32, 0); 20707 hash->Finish(string_as_array(&response_hash), response_hash.size()); 20708 if (tag == TPM_ST_SESSIONS) { 20709 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20710 if (!authorization_delegate->CheckResponseAuthorization( 20711 response_hash, 20712 authorization_section_bytes)) { 20713 return TRUNKS_RC_AUTHORIZATION_FAILED; 20714 } 20715 } 20716 std::string quoted_bytes; 20717 rc = Parse_TPM2B_ATTEST( 20718 &buffer, 20719 quoted, 20720 "ed_bytes); 20721 if (rc != TPM_RC_SUCCESS) { 20722 return rc; 20723 } 20724 std::string signature_bytes; 20725 rc = Parse_TPMT_SIGNATURE( 20726 &buffer, 20727 signature, 20728 &signature_bytes); 20729 if (rc != TPM_RC_SUCCESS) { 20730 return rc; 20731 } 20732 if (tag == TPM_ST_SESSIONS) { 20733 CHECK(authorization_delegate) << "Authorization delegate missing!"; 20734 // Decrypt just the parameter data, not the size. 20735 std::string tmp = quoted_bytes.substr(2); 20736 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 20737 return TRUNKS_RC_ENCRYPTION_FAILED; 20738 } 20739 quoted_bytes.replace(2, std::string::npos, tmp); 20740 rc = Parse_TPM2B_ATTEST( 20741 "ed_bytes, 20742 quoted, 20743 nullptr); 20744 if (rc != TPM_RC_SUCCESS) { 20745 return rc; 20746 } 20747 } 20748 return TPM_RC_SUCCESS; 20749 } 20750 20751 void QuoteErrorCallback( 20752 const Tpm::QuoteResponse& callback, 20753 TPM_RC response_code) { 20754 VLOG(1) << __func__; 20755 callback.Run(response_code, 20756 TPM2B_ATTEST(), 20757 TPMT_SIGNATURE()); 20758 } 20759 20760 void QuoteResponseParser( 20761 const Tpm::QuoteResponse& callback, 20762 AuthorizationDelegate* authorization_delegate, 20763 const std::string& response) { 20764 VLOG(1) << __func__; 20765 base::Callback<void(TPM_RC)> error_reporter = 20766 base::Bind(QuoteErrorCallback, callback); 20767 TPM2B_ATTEST quoted; 20768 TPMT_SIGNATURE signature; 20769 TPM_RC rc = Tpm::ParseResponse_Quote( 20770 response, 20771 "ed, 20772 &signature, 20773 authorization_delegate); 20774 if (rc != TPM_RC_SUCCESS) { 20775 error_reporter.Run(rc); 20776 return; 20777 } 20778 callback.Run( 20779 rc, 20780 quoted, 20781 signature); 20782 } 20783 20784 void Tpm::Quote( 20785 const TPMI_DH_OBJECT& sign_handle, 20786 const std::string& sign_handle_name, 20787 const TPM2B_DATA& qualifying_data, 20788 const TPMT_SIG_SCHEME& in_scheme, 20789 const TPML_PCR_SELECTION& pcrselect, 20790 AuthorizationDelegate* authorization_delegate, 20791 const QuoteResponse& callback) { 20792 VLOG(1) << __func__; 20793 base::Callback<void(TPM_RC)> error_reporter = 20794 base::Bind(QuoteErrorCallback, callback); 20795 base::Callback<void(const std::string&)> parser = 20796 base::Bind(QuoteResponseParser, 20797 callback, 20798 authorization_delegate); 20799 std::string command; 20800 TPM_RC rc = SerializeCommand_Quote( 20801 sign_handle, 20802 sign_handle_name, 20803 qualifying_data, 20804 in_scheme, 20805 pcrselect, 20806 &command, 20807 authorization_delegate); 20808 if (rc != TPM_RC_SUCCESS) { 20809 error_reporter.Run(rc); 20810 return; 20811 } 20812 transceiver_->SendCommand(command, parser); 20813 } 20814 20815 TPM_RC Tpm::QuoteSync( 20816 const TPMI_DH_OBJECT& sign_handle, 20817 const std::string& sign_handle_name, 20818 const TPM2B_DATA& qualifying_data, 20819 const TPMT_SIG_SCHEME& in_scheme, 20820 const TPML_PCR_SELECTION& pcrselect, 20821 TPM2B_ATTEST* quoted, 20822 TPMT_SIGNATURE* signature, 20823 AuthorizationDelegate* authorization_delegate) { 20824 VLOG(1) << __func__; 20825 std::string command; 20826 TPM_RC rc = SerializeCommand_Quote( 20827 sign_handle, 20828 sign_handle_name, 20829 qualifying_data, 20830 in_scheme, 20831 pcrselect, 20832 &command, 20833 authorization_delegate); 20834 if (rc != TPM_RC_SUCCESS) { 20835 return rc; 20836 } 20837 std::string response = transceiver_->SendCommandAndWait(command); 20838 rc = ParseResponse_Quote( 20839 response, 20840 quoted, 20841 signature, 20842 authorization_delegate); 20843 return rc; 20844 } 20845 20846 TPM_RC Tpm::SerializeCommand_GetSessionAuditDigest( 20847 const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 20848 const std::string& privacy_admin_handle_name, 20849 const TPMI_DH_OBJECT& sign_handle, 20850 const std::string& sign_handle_name, 20851 const TPMI_SH_HMAC& session_handle, 20852 const std::string& session_handle_name, 20853 const TPM2B_DATA& qualifying_data, 20854 const TPMT_SIG_SCHEME& in_scheme, 20855 std::string* serialized_command, 20856 AuthorizationDelegate* authorization_delegate) { 20857 VLOG(3) << __func__; 20858 TPM_RC rc = TPM_RC_SUCCESS; 20859 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 20860 UINT32 command_size = 10; // Header size. 20861 std::string handle_section_bytes; 20862 std::string parameter_section_bytes; 20863 TPM_CC command_code = TPM_CC_GetSessionAuditDigest; 20864 bool is_command_parameter_encryption_possible = true; 20865 bool is_response_parameter_encryption_possible = true; 20866 std::string command_code_bytes; 20867 rc = Serialize_TPM_CC( 20868 command_code, 20869 &command_code_bytes); 20870 if (rc != TPM_RC_SUCCESS) { 20871 return rc; 20872 } 20873 std::string privacy_admin_handle_bytes; 20874 rc = Serialize_TPMI_RH_ENDORSEMENT( 20875 privacy_admin_handle, 20876 &privacy_admin_handle_bytes); 20877 if (rc != TPM_RC_SUCCESS) { 20878 return rc; 20879 } 20880 std::string sign_handle_bytes; 20881 rc = Serialize_TPMI_DH_OBJECT( 20882 sign_handle, 20883 &sign_handle_bytes); 20884 if (rc != TPM_RC_SUCCESS) { 20885 return rc; 20886 } 20887 std::string session_handle_bytes; 20888 rc = Serialize_TPMI_SH_HMAC( 20889 session_handle, 20890 &session_handle_bytes); 20891 if (rc != TPM_RC_SUCCESS) { 20892 return rc; 20893 } 20894 std::string qualifying_data_bytes; 20895 rc = Serialize_TPM2B_DATA( 20896 qualifying_data, 20897 &qualifying_data_bytes); 20898 if (rc != TPM_RC_SUCCESS) { 20899 return rc; 20900 } 20901 std::string in_scheme_bytes; 20902 rc = Serialize_TPMT_SIG_SCHEME( 20903 in_scheme, 20904 &in_scheme_bytes); 20905 if (rc != TPM_RC_SUCCESS) { 20906 return rc; 20907 } 20908 if (authorization_delegate) { 20909 // Encrypt just the parameter data, not the size. 20910 std::string tmp = qualifying_data_bytes.substr(2); 20911 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 20912 return TRUNKS_RC_ENCRYPTION_FAILED; 20913 } 20914 qualifying_data_bytes.replace(2, std::string::npos, tmp); 20915 } 20916 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 20917 crypto::SecureHash::SHA256)); 20918 hash->Update(command_code_bytes.data(), 20919 command_code_bytes.size()); 20920 hash->Update(privacy_admin_handle_name.data(), 20921 privacy_admin_handle_name.size()); 20922 handle_section_bytes += privacy_admin_handle_bytes; 20923 command_size += privacy_admin_handle_bytes.size(); 20924 hash->Update(sign_handle_name.data(), 20925 sign_handle_name.size()); 20926 handle_section_bytes += sign_handle_bytes; 20927 command_size += sign_handle_bytes.size(); 20928 hash->Update(session_handle_name.data(), 20929 session_handle_name.size()); 20930 handle_section_bytes += session_handle_bytes; 20931 command_size += session_handle_bytes.size(); 20932 hash->Update(qualifying_data_bytes.data(), 20933 qualifying_data_bytes.size()); 20934 parameter_section_bytes += qualifying_data_bytes; 20935 command_size += qualifying_data_bytes.size(); 20936 hash->Update(in_scheme_bytes.data(), 20937 in_scheme_bytes.size()); 20938 parameter_section_bytes += in_scheme_bytes; 20939 command_size += in_scheme_bytes.size(); 20940 std::string command_hash(32, 0); 20941 hash->Finish(string_as_array(&command_hash), command_hash.size()); 20942 std::string authorization_section_bytes; 20943 std::string authorization_size_bytes; 20944 if (authorization_delegate) { 20945 if (!authorization_delegate->GetCommandAuthorization( 20946 command_hash, 20947 is_command_parameter_encryption_possible, 20948 is_response_parameter_encryption_possible, 20949 &authorization_section_bytes)) { 20950 return TRUNKS_RC_AUTHORIZATION_FAILED; 20951 } 20952 if (!authorization_section_bytes.empty()) { 20953 tag = TPM_ST_SESSIONS; 20954 std::string tmp; 20955 rc = Serialize_UINT32(authorization_section_bytes.size(), 20956 &authorization_size_bytes); 20957 if (rc != TPM_RC_SUCCESS) { 20958 return rc; 20959 } 20960 command_size += authorization_size_bytes.size() + 20961 authorization_section_bytes.size(); 20962 } 20963 } 20964 std::string tag_bytes; 20965 rc = Serialize_TPMI_ST_COMMAND_TAG( 20966 tag, 20967 &tag_bytes); 20968 if (rc != TPM_RC_SUCCESS) { 20969 return rc; 20970 } 20971 std::string command_size_bytes; 20972 rc = Serialize_UINT32( 20973 command_size, 20974 &command_size_bytes); 20975 if (rc != TPM_RC_SUCCESS) { 20976 return rc; 20977 } 20978 *serialized_command = tag_bytes + 20979 command_size_bytes + 20980 command_code_bytes + 20981 handle_section_bytes + 20982 authorization_size_bytes + 20983 authorization_section_bytes + 20984 parameter_section_bytes; 20985 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 20986 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 20987 serialized_command->size()); 20988 return TPM_RC_SUCCESS; 20989 } 20990 20991 TPM_RC Tpm::ParseResponse_GetSessionAuditDigest( 20992 const std::string& response, 20993 TPM2B_ATTEST* audit_info, 20994 TPMT_SIGNATURE* signature, 20995 AuthorizationDelegate* authorization_delegate) { 20996 VLOG(3) << __func__; 20997 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 20998 TPM_RC rc = TPM_RC_SUCCESS; 20999 std::string buffer(response); 21000 TPM_ST tag; 21001 std::string tag_bytes; 21002 rc = Parse_TPM_ST( 21003 &buffer, 21004 &tag, 21005 &tag_bytes); 21006 if (rc != TPM_RC_SUCCESS) { 21007 return rc; 21008 } 21009 UINT32 response_size; 21010 std::string response_size_bytes; 21011 rc = Parse_UINT32( 21012 &buffer, 21013 &response_size, 21014 &response_size_bytes); 21015 if (rc != TPM_RC_SUCCESS) { 21016 return rc; 21017 } 21018 TPM_RC response_code; 21019 std::string response_code_bytes; 21020 rc = Parse_TPM_RC( 21021 &buffer, 21022 &response_code, 21023 &response_code_bytes); 21024 if (rc != TPM_RC_SUCCESS) { 21025 return rc; 21026 } 21027 if (response_size != response.size()) { 21028 return TPM_RC_SIZE; 21029 } 21030 if (response_code != TPM_RC_SUCCESS) { 21031 return response_code; 21032 } 21033 TPM_CC command_code = TPM_CC_GetSessionAuditDigest; 21034 std::string command_code_bytes; 21035 rc = Serialize_TPM_CC( 21036 command_code, 21037 &command_code_bytes); 21038 if (rc != TPM_RC_SUCCESS) { 21039 return rc; 21040 } 21041 std::string authorization_section_bytes; 21042 if (tag == TPM_ST_SESSIONS) { 21043 UINT32 parameter_section_size = buffer.size(); 21044 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 21045 if (rc != TPM_RC_SUCCESS) { 21046 return rc; 21047 } 21048 if (parameter_section_size > buffer.size()) { 21049 return TPM_RC_INSUFFICIENT; 21050 } 21051 authorization_section_bytes = buffer.substr(parameter_section_size); 21052 // Keep the parameter section in |buffer|. 21053 buffer.erase(parameter_section_size); 21054 } 21055 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 21056 crypto::SecureHash::SHA256)); 21057 hash->Update(response_code_bytes.data(), 21058 response_code_bytes.size()); 21059 hash->Update(command_code_bytes.data(), 21060 command_code_bytes.size()); 21061 hash->Update(buffer.data(), 21062 buffer.size()); 21063 std::string response_hash(32, 0); 21064 hash->Finish(string_as_array(&response_hash), response_hash.size()); 21065 if (tag == TPM_ST_SESSIONS) { 21066 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21067 if (!authorization_delegate->CheckResponseAuthorization( 21068 response_hash, 21069 authorization_section_bytes)) { 21070 return TRUNKS_RC_AUTHORIZATION_FAILED; 21071 } 21072 } 21073 std::string audit_info_bytes; 21074 rc = Parse_TPM2B_ATTEST( 21075 &buffer, 21076 audit_info, 21077 &audit_info_bytes); 21078 if (rc != TPM_RC_SUCCESS) { 21079 return rc; 21080 } 21081 std::string signature_bytes; 21082 rc = Parse_TPMT_SIGNATURE( 21083 &buffer, 21084 signature, 21085 &signature_bytes); 21086 if (rc != TPM_RC_SUCCESS) { 21087 return rc; 21088 } 21089 if (tag == TPM_ST_SESSIONS) { 21090 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21091 // Decrypt just the parameter data, not the size. 21092 std::string tmp = audit_info_bytes.substr(2); 21093 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 21094 return TRUNKS_RC_ENCRYPTION_FAILED; 21095 } 21096 audit_info_bytes.replace(2, std::string::npos, tmp); 21097 rc = Parse_TPM2B_ATTEST( 21098 &audit_info_bytes, 21099 audit_info, 21100 nullptr); 21101 if (rc != TPM_RC_SUCCESS) { 21102 return rc; 21103 } 21104 } 21105 return TPM_RC_SUCCESS; 21106 } 21107 21108 void GetSessionAuditDigestErrorCallback( 21109 const Tpm::GetSessionAuditDigestResponse& callback, 21110 TPM_RC response_code) { 21111 VLOG(1) << __func__; 21112 callback.Run(response_code, 21113 TPM2B_ATTEST(), 21114 TPMT_SIGNATURE()); 21115 } 21116 21117 void GetSessionAuditDigestResponseParser( 21118 const Tpm::GetSessionAuditDigestResponse& callback, 21119 AuthorizationDelegate* authorization_delegate, 21120 const std::string& response) { 21121 VLOG(1) << __func__; 21122 base::Callback<void(TPM_RC)> error_reporter = 21123 base::Bind(GetSessionAuditDigestErrorCallback, callback); 21124 TPM2B_ATTEST audit_info; 21125 TPMT_SIGNATURE signature; 21126 TPM_RC rc = Tpm::ParseResponse_GetSessionAuditDigest( 21127 response, 21128 &audit_info, 21129 &signature, 21130 authorization_delegate); 21131 if (rc != TPM_RC_SUCCESS) { 21132 error_reporter.Run(rc); 21133 return; 21134 } 21135 callback.Run( 21136 rc, 21137 audit_info, 21138 signature); 21139 } 21140 21141 void Tpm::GetSessionAuditDigest( 21142 const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 21143 const std::string& privacy_admin_handle_name, 21144 const TPMI_DH_OBJECT& sign_handle, 21145 const std::string& sign_handle_name, 21146 const TPMI_SH_HMAC& session_handle, 21147 const std::string& session_handle_name, 21148 const TPM2B_DATA& qualifying_data, 21149 const TPMT_SIG_SCHEME& in_scheme, 21150 AuthorizationDelegate* authorization_delegate, 21151 const GetSessionAuditDigestResponse& callback) { 21152 VLOG(1) << __func__; 21153 base::Callback<void(TPM_RC)> error_reporter = 21154 base::Bind(GetSessionAuditDigestErrorCallback, callback); 21155 base::Callback<void(const std::string&)> parser = 21156 base::Bind(GetSessionAuditDigestResponseParser, 21157 callback, 21158 authorization_delegate); 21159 std::string command; 21160 TPM_RC rc = SerializeCommand_GetSessionAuditDigest( 21161 privacy_admin_handle, 21162 privacy_admin_handle_name, 21163 sign_handle, 21164 sign_handle_name, 21165 session_handle, 21166 session_handle_name, 21167 qualifying_data, 21168 in_scheme, 21169 &command, 21170 authorization_delegate); 21171 if (rc != TPM_RC_SUCCESS) { 21172 error_reporter.Run(rc); 21173 return; 21174 } 21175 transceiver_->SendCommand(command, parser); 21176 } 21177 21178 TPM_RC Tpm::GetSessionAuditDigestSync( 21179 const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 21180 const std::string& privacy_admin_handle_name, 21181 const TPMI_DH_OBJECT& sign_handle, 21182 const std::string& sign_handle_name, 21183 const TPMI_SH_HMAC& session_handle, 21184 const std::string& session_handle_name, 21185 const TPM2B_DATA& qualifying_data, 21186 const TPMT_SIG_SCHEME& in_scheme, 21187 TPM2B_ATTEST* audit_info, 21188 TPMT_SIGNATURE* signature, 21189 AuthorizationDelegate* authorization_delegate) { 21190 VLOG(1) << __func__; 21191 std::string command; 21192 TPM_RC rc = SerializeCommand_GetSessionAuditDigest( 21193 privacy_admin_handle, 21194 privacy_admin_handle_name, 21195 sign_handle, 21196 sign_handle_name, 21197 session_handle, 21198 session_handle_name, 21199 qualifying_data, 21200 in_scheme, 21201 &command, 21202 authorization_delegate); 21203 if (rc != TPM_RC_SUCCESS) { 21204 return rc; 21205 } 21206 std::string response = transceiver_->SendCommandAndWait(command); 21207 rc = ParseResponse_GetSessionAuditDigest( 21208 response, 21209 audit_info, 21210 signature, 21211 authorization_delegate); 21212 return rc; 21213 } 21214 21215 TPM_RC Tpm::SerializeCommand_GetCommandAuditDigest( 21216 const TPMI_RH_ENDORSEMENT& privacy_handle, 21217 const std::string& privacy_handle_name, 21218 const TPMI_DH_OBJECT& sign_handle, 21219 const std::string& sign_handle_name, 21220 const TPM2B_DATA& qualifying_data, 21221 const TPMT_SIG_SCHEME& in_scheme, 21222 std::string* serialized_command, 21223 AuthorizationDelegate* authorization_delegate) { 21224 VLOG(3) << __func__; 21225 TPM_RC rc = TPM_RC_SUCCESS; 21226 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 21227 UINT32 command_size = 10; // Header size. 21228 std::string handle_section_bytes; 21229 std::string parameter_section_bytes; 21230 TPM_CC command_code = TPM_CC_GetCommandAuditDigest; 21231 bool is_command_parameter_encryption_possible = true; 21232 bool is_response_parameter_encryption_possible = true; 21233 std::string command_code_bytes; 21234 rc = Serialize_TPM_CC( 21235 command_code, 21236 &command_code_bytes); 21237 if (rc != TPM_RC_SUCCESS) { 21238 return rc; 21239 } 21240 std::string privacy_handle_bytes; 21241 rc = Serialize_TPMI_RH_ENDORSEMENT( 21242 privacy_handle, 21243 &privacy_handle_bytes); 21244 if (rc != TPM_RC_SUCCESS) { 21245 return rc; 21246 } 21247 std::string sign_handle_bytes; 21248 rc = Serialize_TPMI_DH_OBJECT( 21249 sign_handle, 21250 &sign_handle_bytes); 21251 if (rc != TPM_RC_SUCCESS) { 21252 return rc; 21253 } 21254 std::string qualifying_data_bytes; 21255 rc = Serialize_TPM2B_DATA( 21256 qualifying_data, 21257 &qualifying_data_bytes); 21258 if (rc != TPM_RC_SUCCESS) { 21259 return rc; 21260 } 21261 std::string in_scheme_bytes; 21262 rc = Serialize_TPMT_SIG_SCHEME( 21263 in_scheme, 21264 &in_scheme_bytes); 21265 if (rc != TPM_RC_SUCCESS) { 21266 return rc; 21267 } 21268 if (authorization_delegate) { 21269 // Encrypt just the parameter data, not the size. 21270 std::string tmp = qualifying_data_bytes.substr(2); 21271 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 21272 return TRUNKS_RC_ENCRYPTION_FAILED; 21273 } 21274 qualifying_data_bytes.replace(2, std::string::npos, tmp); 21275 } 21276 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 21277 crypto::SecureHash::SHA256)); 21278 hash->Update(command_code_bytes.data(), 21279 command_code_bytes.size()); 21280 hash->Update(privacy_handle_name.data(), 21281 privacy_handle_name.size()); 21282 handle_section_bytes += privacy_handle_bytes; 21283 command_size += privacy_handle_bytes.size(); 21284 hash->Update(sign_handle_name.data(), 21285 sign_handle_name.size()); 21286 handle_section_bytes += sign_handle_bytes; 21287 command_size += sign_handle_bytes.size(); 21288 hash->Update(qualifying_data_bytes.data(), 21289 qualifying_data_bytes.size()); 21290 parameter_section_bytes += qualifying_data_bytes; 21291 command_size += qualifying_data_bytes.size(); 21292 hash->Update(in_scheme_bytes.data(), 21293 in_scheme_bytes.size()); 21294 parameter_section_bytes += in_scheme_bytes; 21295 command_size += in_scheme_bytes.size(); 21296 std::string command_hash(32, 0); 21297 hash->Finish(string_as_array(&command_hash), command_hash.size()); 21298 std::string authorization_section_bytes; 21299 std::string authorization_size_bytes; 21300 if (authorization_delegate) { 21301 if (!authorization_delegate->GetCommandAuthorization( 21302 command_hash, 21303 is_command_parameter_encryption_possible, 21304 is_response_parameter_encryption_possible, 21305 &authorization_section_bytes)) { 21306 return TRUNKS_RC_AUTHORIZATION_FAILED; 21307 } 21308 if (!authorization_section_bytes.empty()) { 21309 tag = TPM_ST_SESSIONS; 21310 std::string tmp; 21311 rc = Serialize_UINT32(authorization_section_bytes.size(), 21312 &authorization_size_bytes); 21313 if (rc != TPM_RC_SUCCESS) { 21314 return rc; 21315 } 21316 command_size += authorization_size_bytes.size() + 21317 authorization_section_bytes.size(); 21318 } 21319 } 21320 std::string tag_bytes; 21321 rc = Serialize_TPMI_ST_COMMAND_TAG( 21322 tag, 21323 &tag_bytes); 21324 if (rc != TPM_RC_SUCCESS) { 21325 return rc; 21326 } 21327 std::string command_size_bytes; 21328 rc = Serialize_UINT32( 21329 command_size, 21330 &command_size_bytes); 21331 if (rc != TPM_RC_SUCCESS) { 21332 return rc; 21333 } 21334 *serialized_command = tag_bytes + 21335 command_size_bytes + 21336 command_code_bytes + 21337 handle_section_bytes + 21338 authorization_size_bytes + 21339 authorization_section_bytes + 21340 parameter_section_bytes; 21341 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 21342 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 21343 serialized_command->size()); 21344 return TPM_RC_SUCCESS; 21345 } 21346 21347 TPM_RC Tpm::ParseResponse_GetCommandAuditDigest( 21348 const std::string& response, 21349 TPM2B_ATTEST* audit_info, 21350 TPMT_SIGNATURE* signature, 21351 AuthorizationDelegate* authorization_delegate) { 21352 VLOG(3) << __func__; 21353 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 21354 TPM_RC rc = TPM_RC_SUCCESS; 21355 std::string buffer(response); 21356 TPM_ST tag; 21357 std::string tag_bytes; 21358 rc = Parse_TPM_ST( 21359 &buffer, 21360 &tag, 21361 &tag_bytes); 21362 if (rc != TPM_RC_SUCCESS) { 21363 return rc; 21364 } 21365 UINT32 response_size; 21366 std::string response_size_bytes; 21367 rc = Parse_UINT32( 21368 &buffer, 21369 &response_size, 21370 &response_size_bytes); 21371 if (rc != TPM_RC_SUCCESS) { 21372 return rc; 21373 } 21374 TPM_RC response_code; 21375 std::string response_code_bytes; 21376 rc = Parse_TPM_RC( 21377 &buffer, 21378 &response_code, 21379 &response_code_bytes); 21380 if (rc != TPM_RC_SUCCESS) { 21381 return rc; 21382 } 21383 if (response_size != response.size()) { 21384 return TPM_RC_SIZE; 21385 } 21386 if (response_code != TPM_RC_SUCCESS) { 21387 return response_code; 21388 } 21389 TPM_CC command_code = TPM_CC_GetCommandAuditDigest; 21390 std::string command_code_bytes; 21391 rc = Serialize_TPM_CC( 21392 command_code, 21393 &command_code_bytes); 21394 if (rc != TPM_RC_SUCCESS) { 21395 return rc; 21396 } 21397 std::string authorization_section_bytes; 21398 if (tag == TPM_ST_SESSIONS) { 21399 UINT32 parameter_section_size = buffer.size(); 21400 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 21401 if (rc != TPM_RC_SUCCESS) { 21402 return rc; 21403 } 21404 if (parameter_section_size > buffer.size()) { 21405 return TPM_RC_INSUFFICIENT; 21406 } 21407 authorization_section_bytes = buffer.substr(parameter_section_size); 21408 // Keep the parameter section in |buffer|. 21409 buffer.erase(parameter_section_size); 21410 } 21411 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 21412 crypto::SecureHash::SHA256)); 21413 hash->Update(response_code_bytes.data(), 21414 response_code_bytes.size()); 21415 hash->Update(command_code_bytes.data(), 21416 command_code_bytes.size()); 21417 hash->Update(buffer.data(), 21418 buffer.size()); 21419 std::string response_hash(32, 0); 21420 hash->Finish(string_as_array(&response_hash), response_hash.size()); 21421 if (tag == TPM_ST_SESSIONS) { 21422 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21423 if (!authorization_delegate->CheckResponseAuthorization( 21424 response_hash, 21425 authorization_section_bytes)) { 21426 return TRUNKS_RC_AUTHORIZATION_FAILED; 21427 } 21428 } 21429 std::string audit_info_bytes; 21430 rc = Parse_TPM2B_ATTEST( 21431 &buffer, 21432 audit_info, 21433 &audit_info_bytes); 21434 if (rc != TPM_RC_SUCCESS) { 21435 return rc; 21436 } 21437 std::string signature_bytes; 21438 rc = Parse_TPMT_SIGNATURE( 21439 &buffer, 21440 signature, 21441 &signature_bytes); 21442 if (rc != TPM_RC_SUCCESS) { 21443 return rc; 21444 } 21445 if (tag == TPM_ST_SESSIONS) { 21446 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21447 // Decrypt just the parameter data, not the size. 21448 std::string tmp = audit_info_bytes.substr(2); 21449 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 21450 return TRUNKS_RC_ENCRYPTION_FAILED; 21451 } 21452 audit_info_bytes.replace(2, std::string::npos, tmp); 21453 rc = Parse_TPM2B_ATTEST( 21454 &audit_info_bytes, 21455 audit_info, 21456 nullptr); 21457 if (rc != TPM_RC_SUCCESS) { 21458 return rc; 21459 } 21460 } 21461 return TPM_RC_SUCCESS; 21462 } 21463 21464 void GetCommandAuditDigestErrorCallback( 21465 const Tpm::GetCommandAuditDigestResponse& callback, 21466 TPM_RC response_code) { 21467 VLOG(1) << __func__; 21468 callback.Run(response_code, 21469 TPM2B_ATTEST(), 21470 TPMT_SIGNATURE()); 21471 } 21472 21473 void GetCommandAuditDigestResponseParser( 21474 const Tpm::GetCommandAuditDigestResponse& callback, 21475 AuthorizationDelegate* authorization_delegate, 21476 const std::string& response) { 21477 VLOG(1) << __func__; 21478 base::Callback<void(TPM_RC)> error_reporter = 21479 base::Bind(GetCommandAuditDigestErrorCallback, callback); 21480 TPM2B_ATTEST audit_info; 21481 TPMT_SIGNATURE signature; 21482 TPM_RC rc = Tpm::ParseResponse_GetCommandAuditDigest( 21483 response, 21484 &audit_info, 21485 &signature, 21486 authorization_delegate); 21487 if (rc != TPM_RC_SUCCESS) { 21488 error_reporter.Run(rc); 21489 return; 21490 } 21491 callback.Run( 21492 rc, 21493 audit_info, 21494 signature); 21495 } 21496 21497 void Tpm::GetCommandAuditDigest( 21498 const TPMI_RH_ENDORSEMENT& privacy_handle, 21499 const std::string& privacy_handle_name, 21500 const TPMI_DH_OBJECT& sign_handle, 21501 const std::string& sign_handle_name, 21502 const TPM2B_DATA& qualifying_data, 21503 const TPMT_SIG_SCHEME& in_scheme, 21504 AuthorizationDelegate* authorization_delegate, 21505 const GetCommandAuditDigestResponse& callback) { 21506 VLOG(1) << __func__; 21507 base::Callback<void(TPM_RC)> error_reporter = 21508 base::Bind(GetCommandAuditDigestErrorCallback, callback); 21509 base::Callback<void(const std::string&)> parser = 21510 base::Bind(GetCommandAuditDigestResponseParser, 21511 callback, 21512 authorization_delegate); 21513 std::string command; 21514 TPM_RC rc = SerializeCommand_GetCommandAuditDigest( 21515 privacy_handle, 21516 privacy_handle_name, 21517 sign_handle, 21518 sign_handle_name, 21519 qualifying_data, 21520 in_scheme, 21521 &command, 21522 authorization_delegate); 21523 if (rc != TPM_RC_SUCCESS) { 21524 error_reporter.Run(rc); 21525 return; 21526 } 21527 transceiver_->SendCommand(command, parser); 21528 } 21529 21530 TPM_RC Tpm::GetCommandAuditDigestSync( 21531 const TPMI_RH_ENDORSEMENT& privacy_handle, 21532 const std::string& privacy_handle_name, 21533 const TPMI_DH_OBJECT& sign_handle, 21534 const std::string& sign_handle_name, 21535 const TPM2B_DATA& qualifying_data, 21536 const TPMT_SIG_SCHEME& in_scheme, 21537 TPM2B_ATTEST* audit_info, 21538 TPMT_SIGNATURE* signature, 21539 AuthorizationDelegate* authorization_delegate) { 21540 VLOG(1) << __func__; 21541 std::string command; 21542 TPM_RC rc = SerializeCommand_GetCommandAuditDigest( 21543 privacy_handle, 21544 privacy_handle_name, 21545 sign_handle, 21546 sign_handle_name, 21547 qualifying_data, 21548 in_scheme, 21549 &command, 21550 authorization_delegate); 21551 if (rc != TPM_RC_SUCCESS) { 21552 return rc; 21553 } 21554 std::string response = transceiver_->SendCommandAndWait(command); 21555 rc = ParseResponse_GetCommandAuditDigest( 21556 response, 21557 audit_info, 21558 signature, 21559 authorization_delegate); 21560 return rc; 21561 } 21562 21563 TPM_RC Tpm::SerializeCommand_GetTime( 21564 const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 21565 const std::string& privacy_admin_handle_name, 21566 const TPMI_DH_OBJECT& sign_handle, 21567 const std::string& sign_handle_name, 21568 const TPM2B_DATA& qualifying_data, 21569 const TPMT_SIG_SCHEME& in_scheme, 21570 std::string* serialized_command, 21571 AuthorizationDelegate* authorization_delegate) { 21572 VLOG(3) << __func__; 21573 TPM_RC rc = TPM_RC_SUCCESS; 21574 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 21575 UINT32 command_size = 10; // Header size. 21576 std::string handle_section_bytes; 21577 std::string parameter_section_bytes; 21578 TPM_CC command_code = TPM_CC_GetTime; 21579 bool is_command_parameter_encryption_possible = true; 21580 bool is_response_parameter_encryption_possible = true; 21581 std::string command_code_bytes; 21582 rc = Serialize_TPM_CC( 21583 command_code, 21584 &command_code_bytes); 21585 if (rc != TPM_RC_SUCCESS) { 21586 return rc; 21587 } 21588 std::string privacy_admin_handle_bytes; 21589 rc = Serialize_TPMI_RH_ENDORSEMENT( 21590 privacy_admin_handle, 21591 &privacy_admin_handle_bytes); 21592 if (rc != TPM_RC_SUCCESS) { 21593 return rc; 21594 } 21595 std::string sign_handle_bytes; 21596 rc = Serialize_TPMI_DH_OBJECT( 21597 sign_handle, 21598 &sign_handle_bytes); 21599 if (rc != TPM_RC_SUCCESS) { 21600 return rc; 21601 } 21602 std::string qualifying_data_bytes; 21603 rc = Serialize_TPM2B_DATA( 21604 qualifying_data, 21605 &qualifying_data_bytes); 21606 if (rc != TPM_RC_SUCCESS) { 21607 return rc; 21608 } 21609 std::string in_scheme_bytes; 21610 rc = Serialize_TPMT_SIG_SCHEME( 21611 in_scheme, 21612 &in_scheme_bytes); 21613 if (rc != TPM_RC_SUCCESS) { 21614 return rc; 21615 } 21616 if (authorization_delegate) { 21617 // Encrypt just the parameter data, not the size. 21618 std::string tmp = qualifying_data_bytes.substr(2); 21619 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 21620 return TRUNKS_RC_ENCRYPTION_FAILED; 21621 } 21622 qualifying_data_bytes.replace(2, std::string::npos, tmp); 21623 } 21624 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 21625 crypto::SecureHash::SHA256)); 21626 hash->Update(command_code_bytes.data(), 21627 command_code_bytes.size()); 21628 hash->Update(privacy_admin_handle_name.data(), 21629 privacy_admin_handle_name.size()); 21630 handle_section_bytes += privacy_admin_handle_bytes; 21631 command_size += privacy_admin_handle_bytes.size(); 21632 hash->Update(sign_handle_name.data(), 21633 sign_handle_name.size()); 21634 handle_section_bytes += sign_handle_bytes; 21635 command_size += sign_handle_bytes.size(); 21636 hash->Update(qualifying_data_bytes.data(), 21637 qualifying_data_bytes.size()); 21638 parameter_section_bytes += qualifying_data_bytes; 21639 command_size += qualifying_data_bytes.size(); 21640 hash->Update(in_scheme_bytes.data(), 21641 in_scheme_bytes.size()); 21642 parameter_section_bytes += in_scheme_bytes; 21643 command_size += in_scheme_bytes.size(); 21644 std::string command_hash(32, 0); 21645 hash->Finish(string_as_array(&command_hash), command_hash.size()); 21646 std::string authorization_section_bytes; 21647 std::string authorization_size_bytes; 21648 if (authorization_delegate) { 21649 if (!authorization_delegate->GetCommandAuthorization( 21650 command_hash, 21651 is_command_parameter_encryption_possible, 21652 is_response_parameter_encryption_possible, 21653 &authorization_section_bytes)) { 21654 return TRUNKS_RC_AUTHORIZATION_FAILED; 21655 } 21656 if (!authorization_section_bytes.empty()) { 21657 tag = TPM_ST_SESSIONS; 21658 std::string tmp; 21659 rc = Serialize_UINT32(authorization_section_bytes.size(), 21660 &authorization_size_bytes); 21661 if (rc != TPM_RC_SUCCESS) { 21662 return rc; 21663 } 21664 command_size += authorization_size_bytes.size() + 21665 authorization_section_bytes.size(); 21666 } 21667 } 21668 std::string tag_bytes; 21669 rc = Serialize_TPMI_ST_COMMAND_TAG( 21670 tag, 21671 &tag_bytes); 21672 if (rc != TPM_RC_SUCCESS) { 21673 return rc; 21674 } 21675 std::string command_size_bytes; 21676 rc = Serialize_UINT32( 21677 command_size, 21678 &command_size_bytes); 21679 if (rc != TPM_RC_SUCCESS) { 21680 return rc; 21681 } 21682 *serialized_command = tag_bytes + 21683 command_size_bytes + 21684 command_code_bytes + 21685 handle_section_bytes + 21686 authorization_size_bytes + 21687 authorization_section_bytes + 21688 parameter_section_bytes; 21689 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 21690 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 21691 serialized_command->size()); 21692 return TPM_RC_SUCCESS; 21693 } 21694 21695 TPM_RC Tpm::ParseResponse_GetTime( 21696 const std::string& response, 21697 TPM2B_ATTEST* time_info, 21698 TPMT_SIGNATURE* signature, 21699 AuthorizationDelegate* authorization_delegate) { 21700 VLOG(3) << __func__; 21701 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 21702 TPM_RC rc = TPM_RC_SUCCESS; 21703 std::string buffer(response); 21704 TPM_ST tag; 21705 std::string tag_bytes; 21706 rc = Parse_TPM_ST( 21707 &buffer, 21708 &tag, 21709 &tag_bytes); 21710 if (rc != TPM_RC_SUCCESS) { 21711 return rc; 21712 } 21713 UINT32 response_size; 21714 std::string response_size_bytes; 21715 rc = Parse_UINT32( 21716 &buffer, 21717 &response_size, 21718 &response_size_bytes); 21719 if (rc != TPM_RC_SUCCESS) { 21720 return rc; 21721 } 21722 TPM_RC response_code; 21723 std::string response_code_bytes; 21724 rc = Parse_TPM_RC( 21725 &buffer, 21726 &response_code, 21727 &response_code_bytes); 21728 if (rc != TPM_RC_SUCCESS) { 21729 return rc; 21730 } 21731 if (response_size != response.size()) { 21732 return TPM_RC_SIZE; 21733 } 21734 if (response_code != TPM_RC_SUCCESS) { 21735 return response_code; 21736 } 21737 TPM_CC command_code = TPM_CC_GetTime; 21738 std::string command_code_bytes; 21739 rc = Serialize_TPM_CC( 21740 command_code, 21741 &command_code_bytes); 21742 if (rc != TPM_RC_SUCCESS) { 21743 return rc; 21744 } 21745 std::string authorization_section_bytes; 21746 if (tag == TPM_ST_SESSIONS) { 21747 UINT32 parameter_section_size = buffer.size(); 21748 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 21749 if (rc != TPM_RC_SUCCESS) { 21750 return rc; 21751 } 21752 if (parameter_section_size > buffer.size()) { 21753 return TPM_RC_INSUFFICIENT; 21754 } 21755 authorization_section_bytes = buffer.substr(parameter_section_size); 21756 // Keep the parameter section in |buffer|. 21757 buffer.erase(parameter_section_size); 21758 } 21759 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 21760 crypto::SecureHash::SHA256)); 21761 hash->Update(response_code_bytes.data(), 21762 response_code_bytes.size()); 21763 hash->Update(command_code_bytes.data(), 21764 command_code_bytes.size()); 21765 hash->Update(buffer.data(), 21766 buffer.size()); 21767 std::string response_hash(32, 0); 21768 hash->Finish(string_as_array(&response_hash), response_hash.size()); 21769 if (tag == TPM_ST_SESSIONS) { 21770 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21771 if (!authorization_delegate->CheckResponseAuthorization( 21772 response_hash, 21773 authorization_section_bytes)) { 21774 return TRUNKS_RC_AUTHORIZATION_FAILED; 21775 } 21776 } 21777 std::string time_info_bytes; 21778 rc = Parse_TPM2B_ATTEST( 21779 &buffer, 21780 time_info, 21781 &time_info_bytes); 21782 if (rc != TPM_RC_SUCCESS) { 21783 return rc; 21784 } 21785 std::string signature_bytes; 21786 rc = Parse_TPMT_SIGNATURE( 21787 &buffer, 21788 signature, 21789 &signature_bytes); 21790 if (rc != TPM_RC_SUCCESS) { 21791 return rc; 21792 } 21793 if (tag == TPM_ST_SESSIONS) { 21794 CHECK(authorization_delegate) << "Authorization delegate missing!"; 21795 // Decrypt just the parameter data, not the size. 21796 std::string tmp = time_info_bytes.substr(2); 21797 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 21798 return TRUNKS_RC_ENCRYPTION_FAILED; 21799 } 21800 time_info_bytes.replace(2, std::string::npos, tmp); 21801 rc = Parse_TPM2B_ATTEST( 21802 &time_info_bytes, 21803 time_info, 21804 nullptr); 21805 if (rc != TPM_RC_SUCCESS) { 21806 return rc; 21807 } 21808 } 21809 return TPM_RC_SUCCESS; 21810 } 21811 21812 void GetTimeErrorCallback( 21813 const Tpm::GetTimeResponse& callback, 21814 TPM_RC response_code) { 21815 VLOG(1) << __func__; 21816 callback.Run(response_code, 21817 TPM2B_ATTEST(), 21818 TPMT_SIGNATURE()); 21819 } 21820 21821 void GetTimeResponseParser( 21822 const Tpm::GetTimeResponse& callback, 21823 AuthorizationDelegate* authorization_delegate, 21824 const std::string& response) { 21825 VLOG(1) << __func__; 21826 base::Callback<void(TPM_RC)> error_reporter = 21827 base::Bind(GetTimeErrorCallback, callback); 21828 TPM2B_ATTEST time_info; 21829 TPMT_SIGNATURE signature; 21830 TPM_RC rc = Tpm::ParseResponse_GetTime( 21831 response, 21832 &time_info, 21833 &signature, 21834 authorization_delegate); 21835 if (rc != TPM_RC_SUCCESS) { 21836 error_reporter.Run(rc); 21837 return; 21838 } 21839 callback.Run( 21840 rc, 21841 time_info, 21842 signature); 21843 } 21844 21845 void Tpm::GetTime( 21846 const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 21847 const std::string& privacy_admin_handle_name, 21848 const TPMI_DH_OBJECT& sign_handle, 21849 const std::string& sign_handle_name, 21850 const TPM2B_DATA& qualifying_data, 21851 const TPMT_SIG_SCHEME& in_scheme, 21852 AuthorizationDelegate* authorization_delegate, 21853 const GetTimeResponse& callback) { 21854 VLOG(1) << __func__; 21855 base::Callback<void(TPM_RC)> error_reporter = 21856 base::Bind(GetTimeErrorCallback, callback); 21857 base::Callback<void(const std::string&)> parser = 21858 base::Bind(GetTimeResponseParser, 21859 callback, 21860 authorization_delegate); 21861 std::string command; 21862 TPM_RC rc = SerializeCommand_GetTime( 21863 privacy_admin_handle, 21864 privacy_admin_handle_name, 21865 sign_handle, 21866 sign_handle_name, 21867 qualifying_data, 21868 in_scheme, 21869 &command, 21870 authorization_delegate); 21871 if (rc != TPM_RC_SUCCESS) { 21872 error_reporter.Run(rc); 21873 return; 21874 } 21875 transceiver_->SendCommand(command, parser); 21876 } 21877 21878 TPM_RC Tpm::GetTimeSync( 21879 const TPMI_RH_ENDORSEMENT& privacy_admin_handle, 21880 const std::string& privacy_admin_handle_name, 21881 const TPMI_DH_OBJECT& sign_handle, 21882 const std::string& sign_handle_name, 21883 const TPM2B_DATA& qualifying_data, 21884 const TPMT_SIG_SCHEME& in_scheme, 21885 TPM2B_ATTEST* time_info, 21886 TPMT_SIGNATURE* signature, 21887 AuthorizationDelegate* authorization_delegate) { 21888 VLOG(1) << __func__; 21889 std::string command; 21890 TPM_RC rc = SerializeCommand_GetTime( 21891 privacy_admin_handle, 21892 privacy_admin_handle_name, 21893 sign_handle, 21894 sign_handle_name, 21895 qualifying_data, 21896 in_scheme, 21897 &command, 21898 authorization_delegate); 21899 if (rc != TPM_RC_SUCCESS) { 21900 return rc; 21901 } 21902 std::string response = transceiver_->SendCommandAndWait(command); 21903 rc = ParseResponse_GetTime( 21904 response, 21905 time_info, 21906 signature, 21907 authorization_delegate); 21908 return rc; 21909 } 21910 21911 TPM_RC Tpm::SerializeCommand_Commit( 21912 const TPMI_DH_OBJECT& sign_handle, 21913 const std::string& sign_handle_name, 21914 const UINT32& param_size, 21915 const TPM2B_ECC_POINT& p1, 21916 const TPM2B_SENSITIVE_DATA& s2, 21917 const TPM2B_ECC_PARAMETER& y2, 21918 std::string* serialized_command, 21919 AuthorizationDelegate* authorization_delegate) { 21920 VLOG(3) << __func__; 21921 TPM_RC rc = TPM_RC_SUCCESS; 21922 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 21923 UINT32 command_size = 10; // Header size. 21924 std::string handle_section_bytes; 21925 std::string parameter_section_bytes; 21926 TPM_CC command_code = TPM_CC_Commit; 21927 bool is_command_parameter_encryption_possible = false; 21928 bool is_response_parameter_encryption_possible = false; 21929 std::string command_code_bytes; 21930 rc = Serialize_TPM_CC( 21931 command_code, 21932 &command_code_bytes); 21933 if (rc != TPM_RC_SUCCESS) { 21934 return rc; 21935 } 21936 std::string param_size_bytes; 21937 rc = Serialize_UINT32( 21938 param_size, 21939 ¶m_size_bytes); 21940 if (rc != TPM_RC_SUCCESS) { 21941 return rc; 21942 } 21943 std::string sign_handle_bytes; 21944 rc = Serialize_TPMI_DH_OBJECT( 21945 sign_handle, 21946 &sign_handle_bytes); 21947 if (rc != TPM_RC_SUCCESS) { 21948 return rc; 21949 } 21950 std::string p1_bytes; 21951 rc = Serialize_TPM2B_ECC_POINT( 21952 p1, 21953 &p1_bytes); 21954 if (rc != TPM_RC_SUCCESS) { 21955 return rc; 21956 } 21957 std::string s2_bytes; 21958 rc = Serialize_TPM2B_SENSITIVE_DATA( 21959 s2, 21960 &s2_bytes); 21961 if (rc != TPM_RC_SUCCESS) { 21962 return rc; 21963 } 21964 std::string y2_bytes; 21965 rc = Serialize_TPM2B_ECC_PARAMETER( 21966 y2, 21967 &y2_bytes); 21968 if (rc != TPM_RC_SUCCESS) { 21969 return rc; 21970 } 21971 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 21972 crypto::SecureHash::SHA256)); 21973 hash->Update(command_code_bytes.data(), 21974 command_code_bytes.size()); 21975 hash->Update(sign_handle_name.data(), 21976 sign_handle_name.size()); 21977 handle_section_bytes += sign_handle_bytes; 21978 command_size += sign_handle_bytes.size(); 21979 hash->Update(param_size_bytes.data(), 21980 param_size_bytes.size()); 21981 parameter_section_bytes += param_size_bytes; 21982 command_size += param_size_bytes.size(); 21983 hash->Update(p1_bytes.data(), 21984 p1_bytes.size()); 21985 parameter_section_bytes += p1_bytes; 21986 command_size += p1_bytes.size(); 21987 hash->Update(s2_bytes.data(), 21988 s2_bytes.size()); 21989 parameter_section_bytes += s2_bytes; 21990 command_size += s2_bytes.size(); 21991 hash->Update(y2_bytes.data(), 21992 y2_bytes.size()); 21993 parameter_section_bytes += y2_bytes; 21994 command_size += y2_bytes.size(); 21995 std::string command_hash(32, 0); 21996 hash->Finish(string_as_array(&command_hash), command_hash.size()); 21997 std::string authorization_section_bytes; 21998 std::string authorization_size_bytes; 21999 if (authorization_delegate) { 22000 if (!authorization_delegate->GetCommandAuthorization( 22001 command_hash, 22002 is_command_parameter_encryption_possible, 22003 is_response_parameter_encryption_possible, 22004 &authorization_section_bytes)) { 22005 return TRUNKS_RC_AUTHORIZATION_FAILED; 22006 } 22007 if (!authorization_section_bytes.empty()) { 22008 tag = TPM_ST_SESSIONS; 22009 std::string tmp; 22010 rc = Serialize_UINT32(authorization_section_bytes.size(), 22011 &authorization_size_bytes); 22012 if (rc != TPM_RC_SUCCESS) { 22013 return rc; 22014 } 22015 command_size += authorization_size_bytes.size() + 22016 authorization_section_bytes.size(); 22017 } 22018 } 22019 std::string tag_bytes; 22020 rc = Serialize_TPMI_ST_COMMAND_TAG( 22021 tag, 22022 &tag_bytes); 22023 if (rc != TPM_RC_SUCCESS) { 22024 return rc; 22025 } 22026 std::string command_size_bytes; 22027 rc = Serialize_UINT32( 22028 command_size, 22029 &command_size_bytes); 22030 if (rc != TPM_RC_SUCCESS) { 22031 return rc; 22032 } 22033 *serialized_command = tag_bytes + 22034 command_size_bytes + 22035 command_code_bytes + 22036 handle_section_bytes + 22037 authorization_size_bytes + 22038 authorization_section_bytes + 22039 parameter_section_bytes; 22040 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 22041 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 22042 serialized_command->size()); 22043 return TPM_RC_SUCCESS; 22044 } 22045 22046 TPM_RC Tpm::ParseResponse_Commit( 22047 const std::string& response, 22048 UINT32* param_size_out, 22049 TPM2B_ECC_POINT* k, 22050 TPM2B_ECC_POINT* l, 22051 TPM2B_ECC_POINT* e, 22052 UINT16* counter, 22053 AuthorizationDelegate* authorization_delegate) { 22054 VLOG(3) << __func__; 22055 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 22056 TPM_RC rc = TPM_RC_SUCCESS; 22057 std::string buffer(response); 22058 TPM_ST tag; 22059 std::string tag_bytes; 22060 rc = Parse_TPM_ST( 22061 &buffer, 22062 &tag, 22063 &tag_bytes); 22064 if (rc != TPM_RC_SUCCESS) { 22065 return rc; 22066 } 22067 UINT32 response_size; 22068 std::string response_size_bytes; 22069 rc = Parse_UINT32( 22070 &buffer, 22071 &response_size, 22072 &response_size_bytes); 22073 if (rc != TPM_RC_SUCCESS) { 22074 return rc; 22075 } 22076 TPM_RC response_code; 22077 std::string response_code_bytes; 22078 rc = Parse_TPM_RC( 22079 &buffer, 22080 &response_code, 22081 &response_code_bytes); 22082 if (rc != TPM_RC_SUCCESS) { 22083 return rc; 22084 } 22085 if (response_size != response.size()) { 22086 return TPM_RC_SIZE; 22087 } 22088 if (response_code != TPM_RC_SUCCESS) { 22089 return response_code; 22090 } 22091 TPM_CC command_code = TPM_CC_Commit; 22092 std::string command_code_bytes; 22093 rc = Serialize_TPM_CC( 22094 command_code, 22095 &command_code_bytes); 22096 if (rc != TPM_RC_SUCCESS) { 22097 return rc; 22098 } 22099 std::string authorization_section_bytes; 22100 if (tag == TPM_ST_SESSIONS) { 22101 UINT32 parameter_section_size = buffer.size(); 22102 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 22103 if (rc != TPM_RC_SUCCESS) { 22104 return rc; 22105 } 22106 if (parameter_section_size > buffer.size()) { 22107 return TPM_RC_INSUFFICIENT; 22108 } 22109 authorization_section_bytes = buffer.substr(parameter_section_size); 22110 // Keep the parameter section in |buffer|. 22111 buffer.erase(parameter_section_size); 22112 } 22113 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 22114 crypto::SecureHash::SHA256)); 22115 hash->Update(response_code_bytes.data(), 22116 response_code_bytes.size()); 22117 hash->Update(command_code_bytes.data(), 22118 command_code_bytes.size()); 22119 hash->Update(buffer.data(), 22120 buffer.size()); 22121 std::string response_hash(32, 0); 22122 hash->Finish(string_as_array(&response_hash), response_hash.size()); 22123 if (tag == TPM_ST_SESSIONS) { 22124 CHECK(authorization_delegate) << "Authorization delegate missing!"; 22125 if (!authorization_delegate->CheckResponseAuthorization( 22126 response_hash, 22127 authorization_section_bytes)) { 22128 return TRUNKS_RC_AUTHORIZATION_FAILED; 22129 } 22130 } 22131 std::string param_size_out_bytes; 22132 rc = Parse_UINT32( 22133 &buffer, 22134 param_size_out, 22135 ¶m_size_out_bytes); 22136 if (rc != TPM_RC_SUCCESS) { 22137 return rc; 22138 } 22139 std::string k_bytes; 22140 rc = Parse_TPM2B_ECC_POINT( 22141 &buffer, 22142 k, 22143 &k_bytes); 22144 if (rc != TPM_RC_SUCCESS) { 22145 return rc; 22146 } 22147 std::string l_bytes; 22148 rc = Parse_TPM2B_ECC_POINT( 22149 &buffer, 22150 l, 22151 &l_bytes); 22152 if (rc != TPM_RC_SUCCESS) { 22153 return rc; 22154 } 22155 std::string e_bytes; 22156 rc = Parse_TPM2B_ECC_POINT( 22157 &buffer, 22158 e, 22159 &e_bytes); 22160 if (rc != TPM_RC_SUCCESS) { 22161 return rc; 22162 } 22163 std::string counter_bytes; 22164 rc = Parse_UINT16( 22165 &buffer, 22166 counter, 22167 &counter_bytes); 22168 if (rc != TPM_RC_SUCCESS) { 22169 return rc; 22170 } 22171 return TPM_RC_SUCCESS; 22172 } 22173 22174 void CommitErrorCallback( 22175 const Tpm::CommitResponse& callback, 22176 TPM_RC response_code) { 22177 VLOG(1) << __func__; 22178 callback.Run(response_code, 22179 UINT32(), 22180 TPM2B_ECC_POINT(), 22181 TPM2B_ECC_POINT(), 22182 TPM2B_ECC_POINT(), 22183 UINT16()); 22184 } 22185 22186 void CommitResponseParser( 22187 const Tpm::CommitResponse& callback, 22188 AuthorizationDelegate* authorization_delegate, 22189 const std::string& response) { 22190 VLOG(1) << __func__; 22191 base::Callback<void(TPM_RC)> error_reporter = 22192 base::Bind(CommitErrorCallback, callback); 22193 UINT32 param_size_out; 22194 TPM2B_ECC_POINT k; 22195 TPM2B_ECC_POINT l; 22196 TPM2B_ECC_POINT e; 22197 UINT16 counter; 22198 TPM_RC rc = Tpm::ParseResponse_Commit( 22199 response, 22200 ¶m_size_out, 22201 &k, 22202 &l, 22203 &e, 22204 &counter, 22205 authorization_delegate); 22206 if (rc != TPM_RC_SUCCESS) { 22207 error_reporter.Run(rc); 22208 return; 22209 } 22210 callback.Run( 22211 rc, 22212 param_size_out, 22213 k, 22214 l, 22215 e, 22216 counter); 22217 } 22218 22219 void Tpm::Commit( 22220 const TPMI_DH_OBJECT& sign_handle, 22221 const std::string& sign_handle_name, 22222 const UINT32& param_size, 22223 const TPM2B_ECC_POINT& p1, 22224 const TPM2B_SENSITIVE_DATA& s2, 22225 const TPM2B_ECC_PARAMETER& y2, 22226 AuthorizationDelegate* authorization_delegate, 22227 const CommitResponse& callback) { 22228 VLOG(1) << __func__; 22229 base::Callback<void(TPM_RC)> error_reporter = 22230 base::Bind(CommitErrorCallback, callback); 22231 base::Callback<void(const std::string&)> parser = 22232 base::Bind(CommitResponseParser, 22233 callback, 22234 authorization_delegate); 22235 std::string command; 22236 TPM_RC rc = SerializeCommand_Commit( 22237 sign_handle, 22238 sign_handle_name, 22239 param_size, 22240 p1, 22241 s2, 22242 y2, 22243 &command, 22244 authorization_delegate); 22245 if (rc != TPM_RC_SUCCESS) { 22246 error_reporter.Run(rc); 22247 return; 22248 } 22249 transceiver_->SendCommand(command, parser); 22250 } 22251 22252 TPM_RC Tpm::CommitSync( 22253 const TPMI_DH_OBJECT& sign_handle, 22254 const std::string& sign_handle_name, 22255 const UINT32& param_size, 22256 const TPM2B_ECC_POINT& p1, 22257 const TPM2B_SENSITIVE_DATA& s2, 22258 const TPM2B_ECC_PARAMETER& y2, 22259 UINT32* param_size_out, 22260 TPM2B_ECC_POINT* k, 22261 TPM2B_ECC_POINT* l, 22262 TPM2B_ECC_POINT* e, 22263 UINT16* counter, 22264 AuthorizationDelegate* authorization_delegate) { 22265 VLOG(1) << __func__; 22266 std::string command; 22267 TPM_RC rc = SerializeCommand_Commit( 22268 sign_handle, 22269 sign_handle_name, 22270 param_size, 22271 p1, 22272 s2, 22273 y2, 22274 &command, 22275 authorization_delegate); 22276 if (rc != TPM_RC_SUCCESS) { 22277 return rc; 22278 } 22279 std::string response = transceiver_->SendCommandAndWait(command); 22280 rc = ParseResponse_Commit( 22281 response, 22282 param_size_out, 22283 k, 22284 l, 22285 e, 22286 counter, 22287 authorization_delegate); 22288 return rc; 22289 } 22290 22291 TPM_RC Tpm::SerializeCommand_EC_Ephemeral( 22292 const UINT32& param_size, 22293 const TPMI_ECC_CURVE& curve_id, 22294 std::string* serialized_command, 22295 AuthorizationDelegate* authorization_delegate) { 22296 VLOG(3) << __func__; 22297 TPM_RC rc = TPM_RC_SUCCESS; 22298 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 22299 UINT32 command_size = 10; // Header size. 22300 std::string handle_section_bytes; 22301 std::string parameter_section_bytes; 22302 TPM_CC command_code = TPM_CC_EC_Ephemeral; 22303 bool is_command_parameter_encryption_possible = false; 22304 bool is_response_parameter_encryption_possible = false; 22305 std::string command_code_bytes; 22306 rc = Serialize_TPM_CC( 22307 command_code, 22308 &command_code_bytes); 22309 if (rc != TPM_RC_SUCCESS) { 22310 return rc; 22311 } 22312 std::string param_size_bytes; 22313 rc = Serialize_UINT32( 22314 param_size, 22315 ¶m_size_bytes); 22316 if (rc != TPM_RC_SUCCESS) { 22317 return rc; 22318 } 22319 std::string curve_id_bytes; 22320 rc = Serialize_TPMI_ECC_CURVE( 22321 curve_id, 22322 &curve_id_bytes); 22323 if (rc != TPM_RC_SUCCESS) { 22324 return rc; 22325 } 22326 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 22327 crypto::SecureHash::SHA256)); 22328 hash->Update(command_code_bytes.data(), 22329 command_code_bytes.size()); 22330 hash->Update(param_size_bytes.data(), 22331 param_size_bytes.size()); 22332 parameter_section_bytes += param_size_bytes; 22333 command_size += param_size_bytes.size(); 22334 hash->Update(curve_id_bytes.data(), 22335 curve_id_bytes.size()); 22336 parameter_section_bytes += curve_id_bytes; 22337 command_size += curve_id_bytes.size(); 22338 std::string command_hash(32, 0); 22339 hash->Finish(string_as_array(&command_hash), command_hash.size()); 22340 std::string authorization_section_bytes; 22341 std::string authorization_size_bytes; 22342 if (authorization_delegate) { 22343 if (!authorization_delegate->GetCommandAuthorization( 22344 command_hash, 22345 is_command_parameter_encryption_possible, 22346 is_response_parameter_encryption_possible, 22347 &authorization_section_bytes)) { 22348 return TRUNKS_RC_AUTHORIZATION_FAILED; 22349 } 22350 if (!authorization_section_bytes.empty()) { 22351 tag = TPM_ST_SESSIONS; 22352 std::string tmp; 22353 rc = Serialize_UINT32(authorization_section_bytes.size(), 22354 &authorization_size_bytes); 22355 if (rc != TPM_RC_SUCCESS) { 22356 return rc; 22357 } 22358 command_size += authorization_size_bytes.size() + 22359 authorization_section_bytes.size(); 22360 } 22361 } 22362 std::string tag_bytes; 22363 rc = Serialize_TPMI_ST_COMMAND_TAG( 22364 tag, 22365 &tag_bytes); 22366 if (rc != TPM_RC_SUCCESS) { 22367 return rc; 22368 } 22369 std::string command_size_bytes; 22370 rc = Serialize_UINT32( 22371 command_size, 22372 &command_size_bytes); 22373 if (rc != TPM_RC_SUCCESS) { 22374 return rc; 22375 } 22376 *serialized_command = tag_bytes + 22377 command_size_bytes + 22378 command_code_bytes + 22379 handle_section_bytes + 22380 authorization_size_bytes + 22381 authorization_section_bytes + 22382 parameter_section_bytes; 22383 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 22384 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 22385 serialized_command->size()); 22386 return TPM_RC_SUCCESS; 22387 } 22388 22389 TPM_RC Tpm::ParseResponse_EC_Ephemeral( 22390 const std::string& response, 22391 UINT32* param_size_out, 22392 TPM2B_ECC_POINT* q, 22393 UINT16* counter, 22394 AuthorizationDelegate* authorization_delegate) { 22395 VLOG(3) << __func__; 22396 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 22397 TPM_RC rc = TPM_RC_SUCCESS; 22398 std::string buffer(response); 22399 TPM_ST tag; 22400 std::string tag_bytes; 22401 rc = Parse_TPM_ST( 22402 &buffer, 22403 &tag, 22404 &tag_bytes); 22405 if (rc != TPM_RC_SUCCESS) { 22406 return rc; 22407 } 22408 UINT32 response_size; 22409 std::string response_size_bytes; 22410 rc = Parse_UINT32( 22411 &buffer, 22412 &response_size, 22413 &response_size_bytes); 22414 if (rc != TPM_RC_SUCCESS) { 22415 return rc; 22416 } 22417 TPM_RC response_code; 22418 std::string response_code_bytes; 22419 rc = Parse_TPM_RC( 22420 &buffer, 22421 &response_code, 22422 &response_code_bytes); 22423 if (rc != TPM_RC_SUCCESS) { 22424 return rc; 22425 } 22426 if (response_size != response.size()) { 22427 return TPM_RC_SIZE; 22428 } 22429 if (response_code != TPM_RC_SUCCESS) { 22430 return response_code; 22431 } 22432 TPM_CC command_code = TPM_CC_EC_Ephemeral; 22433 std::string command_code_bytes; 22434 rc = Serialize_TPM_CC( 22435 command_code, 22436 &command_code_bytes); 22437 if (rc != TPM_RC_SUCCESS) { 22438 return rc; 22439 } 22440 std::string authorization_section_bytes; 22441 if (tag == TPM_ST_SESSIONS) { 22442 UINT32 parameter_section_size = buffer.size(); 22443 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 22444 if (rc != TPM_RC_SUCCESS) { 22445 return rc; 22446 } 22447 if (parameter_section_size > buffer.size()) { 22448 return TPM_RC_INSUFFICIENT; 22449 } 22450 authorization_section_bytes = buffer.substr(parameter_section_size); 22451 // Keep the parameter section in |buffer|. 22452 buffer.erase(parameter_section_size); 22453 } 22454 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 22455 crypto::SecureHash::SHA256)); 22456 hash->Update(response_code_bytes.data(), 22457 response_code_bytes.size()); 22458 hash->Update(command_code_bytes.data(), 22459 command_code_bytes.size()); 22460 hash->Update(buffer.data(), 22461 buffer.size()); 22462 std::string response_hash(32, 0); 22463 hash->Finish(string_as_array(&response_hash), response_hash.size()); 22464 if (tag == TPM_ST_SESSIONS) { 22465 CHECK(authorization_delegate) << "Authorization delegate missing!"; 22466 if (!authorization_delegate->CheckResponseAuthorization( 22467 response_hash, 22468 authorization_section_bytes)) { 22469 return TRUNKS_RC_AUTHORIZATION_FAILED; 22470 } 22471 } 22472 std::string param_size_out_bytes; 22473 rc = Parse_UINT32( 22474 &buffer, 22475 param_size_out, 22476 ¶m_size_out_bytes); 22477 if (rc != TPM_RC_SUCCESS) { 22478 return rc; 22479 } 22480 std::string q_bytes; 22481 rc = Parse_TPM2B_ECC_POINT( 22482 &buffer, 22483 q, 22484 &q_bytes); 22485 if (rc != TPM_RC_SUCCESS) { 22486 return rc; 22487 } 22488 std::string counter_bytes; 22489 rc = Parse_UINT16( 22490 &buffer, 22491 counter, 22492 &counter_bytes); 22493 if (rc != TPM_RC_SUCCESS) { 22494 return rc; 22495 } 22496 return TPM_RC_SUCCESS; 22497 } 22498 22499 void EC_EphemeralErrorCallback( 22500 const Tpm::EC_EphemeralResponse& callback, 22501 TPM_RC response_code) { 22502 VLOG(1) << __func__; 22503 callback.Run(response_code, 22504 UINT32(), 22505 TPM2B_ECC_POINT(), 22506 UINT16()); 22507 } 22508 22509 void EC_EphemeralResponseParser( 22510 const Tpm::EC_EphemeralResponse& callback, 22511 AuthorizationDelegate* authorization_delegate, 22512 const std::string& response) { 22513 VLOG(1) << __func__; 22514 base::Callback<void(TPM_RC)> error_reporter = 22515 base::Bind(EC_EphemeralErrorCallback, callback); 22516 UINT32 param_size_out; 22517 TPM2B_ECC_POINT q; 22518 UINT16 counter; 22519 TPM_RC rc = Tpm::ParseResponse_EC_Ephemeral( 22520 response, 22521 ¶m_size_out, 22522 &q, 22523 &counter, 22524 authorization_delegate); 22525 if (rc != TPM_RC_SUCCESS) { 22526 error_reporter.Run(rc); 22527 return; 22528 } 22529 callback.Run( 22530 rc, 22531 param_size_out, 22532 q, 22533 counter); 22534 } 22535 22536 void Tpm::EC_Ephemeral( 22537 const UINT32& param_size, 22538 const TPMI_ECC_CURVE& curve_id, 22539 AuthorizationDelegate* authorization_delegate, 22540 const EC_EphemeralResponse& callback) { 22541 VLOG(1) << __func__; 22542 base::Callback<void(TPM_RC)> error_reporter = 22543 base::Bind(EC_EphemeralErrorCallback, callback); 22544 base::Callback<void(const std::string&)> parser = 22545 base::Bind(EC_EphemeralResponseParser, 22546 callback, 22547 authorization_delegate); 22548 std::string command; 22549 TPM_RC rc = SerializeCommand_EC_Ephemeral( 22550 param_size, 22551 curve_id, 22552 &command, 22553 authorization_delegate); 22554 if (rc != TPM_RC_SUCCESS) { 22555 error_reporter.Run(rc); 22556 return; 22557 } 22558 transceiver_->SendCommand(command, parser); 22559 } 22560 22561 TPM_RC Tpm::EC_EphemeralSync( 22562 const UINT32& param_size, 22563 const TPMI_ECC_CURVE& curve_id, 22564 UINT32* param_size_out, 22565 TPM2B_ECC_POINT* q, 22566 UINT16* counter, 22567 AuthorizationDelegate* authorization_delegate) { 22568 VLOG(1) << __func__; 22569 std::string command; 22570 TPM_RC rc = SerializeCommand_EC_Ephemeral( 22571 param_size, 22572 curve_id, 22573 &command, 22574 authorization_delegate); 22575 if (rc != TPM_RC_SUCCESS) { 22576 return rc; 22577 } 22578 std::string response = transceiver_->SendCommandAndWait(command); 22579 rc = ParseResponse_EC_Ephemeral( 22580 response, 22581 param_size_out, 22582 q, 22583 counter, 22584 authorization_delegate); 22585 return rc; 22586 } 22587 22588 TPM_RC Tpm::SerializeCommand_VerifySignature( 22589 const TPMI_DH_OBJECT& key_handle, 22590 const std::string& key_handle_name, 22591 const TPM2B_DIGEST& digest, 22592 const TPMT_SIGNATURE& signature, 22593 std::string* serialized_command, 22594 AuthorizationDelegate* authorization_delegate) { 22595 VLOG(3) << __func__; 22596 TPM_RC rc = TPM_RC_SUCCESS; 22597 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 22598 UINT32 command_size = 10; // Header size. 22599 std::string handle_section_bytes; 22600 std::string parameter_section_bytes; 22601 TPM_CC command_code = TPM_CC_VerifySignature; 22602 bool is_command_parameter_encryption_possible = true; 22603 bool is_response_parameter_encryption_possible = false; 22604 std::string command_code_bytes; 22605 rc = Serialize_TPM_CC( 22606 command_code, 22607 &command_code_bytes); 22608 if (rc != TPM_RC_SUCCESS) { 22609 return rc; 22610 } 22611 std::string key_handle_bytes; 22612 rc = Serialize_TPMI_DH_OBJECT( 22613 key_handle, 22614 &key_handle_bytes); 22615 if (rc != TPM_RC_SUCCESS) { 22616 return rc; 22617 } 22618 std::string digest_bytes; 22619 rc = Serialize_TPM2B_DIGEST( 22620 digest, 22621 &digest_bytes); 22622 if (rc != TPM_RC_SUCCESS) { 22623 return rc; 22624 } 22625 std::string signature_bytes; 22626 rc = Serialize_TPMT_SIGNATURE( 22627 signature, 22628 &signature_bytes); 22629 if (rc != TPM_RC_SUCCESS) { 22630 return rc; 22631 } 22632 if (authorization_delegate) { 22633 // Encrypt just the parameter data, not the size. 22634 std::string tmp = digest_bytes.substr(2); 22635 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 22636 return TRUNKS_RC_ENCRYPTION_FAILED; 22637 } 22638 digest_bytes.replace(2, std::string::npos, tmp); 22639 } 22640 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 22641 crypto::SecureHash::SHA256)); 22642 hash->Update(command_code_bytes.data(), 22643 command_code_bytes.size()); 22644 hash->Update(key_handle_name.data(), 22645 key_handle_name.size()); 22646 handle_section_bytes += key_handle_bytes; 22647 command_size += key_handle_bytes.size(); 22648 hash->Update(digest_bytes.data(), 22649 digest_bytes.size()); 22650 parameter_section_bytes += digest_bytes; 22651 command_size += digest_bytes.size(); 22652 hash->Update(signature_bytes.data(), 22653 signature_bytes.size()); 22654 parameter_section_bytes += signature_bytes; 22655 command_size += signature_bytes.size(); 22656 std::string command_hash(32, 0); 22657 hash->Finish(string_as_array(&command_hash), command_hash.size()); 22658 std::string authorization_section_bytes; 22659 std::string authorization_size_bytes; 22660 if (authorization_delegate) { 22661 if (!authorization_delegate->GetCommandAuthorization( 22662 command_hash, 22663 is_command_parameter_encryption_possible, 22664 is_response_parameter_encryption_possible, 22665 &authorization_section_bytes)) { 22666 return TRUNKS_RC_AUTHORIZATION_FAILED; 22667 } 22668 if (!authorization_section_bytes.empty()) { 22669 tag = TPM_ST_SESSIONS; 22670 std::string tmp; 22671 rc = Serialize_UINT32(authorization_section_bytes.size(), 22672 &authorization_size_bytes); 22673 if (rc != TPM_RC_SUCCESS) { 22674 return rc; 22675 } 22676 command_size += authorization_size_bytes.size() + 22677 authorization_section_bytes.size(); 22678 } 22679 } 22680 std::string tag_bytes; 22681 rc = Serialize_TPMI_ST_COMMAND_TAG( 22682 tag, 22683 &tag_bytes); 22684 if (rc != TPM_RC_SUCCESS) { 22685 return rc; 22686 } 22687 std::string command_size_bytes; 22688 rc = Serialize_UINT32( 22689 command_size, 22690 &command_size_bytes); 22691 if (rc != TPM_RC_SUCCESS) { 22692 return rc; 22693 } 22694 *serialized_command = tag_bytes + 22695 command_size_bytes + 22696 command_code_bytes + 22697 handle_section_bytes + 22698 authorization_size_bytes + 22699 authorization_section_bytes + 22700 parameter_section_bytes; 22701 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 22702 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 22703 serialized_command->size()); 22704 return TPM_RC_SUCCESS; 22705 } 22706 22707 TPM_RC Tpm::ParseResponse_VerifySignature( 22708 const std::string& response, 22709 TPMT_TK_VERIFIED* validation, 22710 AuthorizationDelegate* authorization_delegate) { 22711 VLOG(3) << __func__; 22712 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 22713 TPM_RC rc = TPM_RC_SUCCESS; 22714 std::string buffer(response); 22715 TPM_ST tag; 22716 std::string tag_bytes; 22717 rc = Parse_TPM_ST( 22718 &buffer, 22719 &tag, 22720 &tag_bytes); 22721 if (rc != TPM_RC_SUCCESS) { 22722 return rc; 22723 } 22724 UINT32 response_size; 22725 std::string response_size_bytes; 22726 rc = Parse_UINT32( 22727 &buffer, 22728 &response_size, 22729 &response_size_bytes); 22730 if (rc != TPM_RC_SUCCESS) { 22731 return rc; 22732 } 22733 TPM_RC response_code; 22734 std::string response_code_bytes; 22735 rc = Parse_TPM_RC( 22736 &buffer, 22737 &response_code, 22738 &response_code_bytes); 22739 if (rc != TPM_RC_SUCCESS) { 22740 return rc; 22741 } 22742 if (response_size != response.size()) { 22743 return TPM_RC_SIZE; 22744 } 22745 if (response_code != TPM_RC_SUCCESS) { 22746 return response_code; 22747 } 22748 TPM_CC command_code = TPM_CC_VerifySignature; 22749 std::string command_code_bytes; 22750 rc = Serialize_TPM_CC( 22751 command_code, 22752 &command_code_bytes); 22753 if (rc != TPM_RC_SUCCESS) { 22754 return rc; 22755 } 22756 std::string authorization_section_bytes; 22757 if (tag == TPM_ST_SESSIONS) { 22758 UINT32 parameter_section_size = buffer.size(); 22759 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 22760 if (rc != TPM_RC_SUCCESS) { 22761 return rc; 22762 } 22763 if (parameter_section_size > buffer.size()) { 22764 return TPM_RC_INSUFFICIENT; 22765 } 22766 authorization_section_bytes = buffer.substr(parameter_section_size); 22767 // Keep the parameter section in |buffer|. 22768 buffer.erase(parameter_section_size); 22769 } 22770 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 22771 crypto::SecureHash::SHA256)); 22772 hash->Update(response_code_bytes.data(), 22773 response_code_bytes.size()); 22774 hash->Update(command_code_bytes.data(), 22775 command_code_bytes.size()); 22776 hash->Update(buffer.data(), 22777 buffer.size()); 22778 std::string response_hash(32, 0); 22779 hash->Finish(string_as_array(&response_hash), response_hash.size()); 22780 if (tag == TPM_ST_SESSIONS) { 22781 CHECK(authorization_delegate) << "Authorization delegate missing!"; 22782 if (!authorization_delegate->CheckResponseAuthorization( 22783 response_hash, 22784 authorization_section_bytes)) { 22785 return TRUNKS_RC_AUTHORIZATION_FAILED; 22786 } 22787 } 22788 std::string validation_bytes; 22789 rc = Parse_TPMT_TK_VERIFIED( 22790 &buffer, 22791 validation, 22792 &validation_bytes); 22793 if (rc != TPM_RC_SUCCESS) { 22794 return rc; 22795 } 22796 return TPM_RC_SUCCESS; 22797 } 22798 22799 void VerifySignatureErrorCallback( 22800 const Tpm::VerifySignatureResponse& callback, 22801 TPM_RC response_code) { 22802 VLOG(1) << __func__; 22803 callback.Run(response_code, 22804 TPMT_TK_VERIFIED()); 22805 } 22806 22807 void VerifySignatureResponseParser( 22808 const Tpm::VerifySignatureResponse& callback, 22809 AuthorizationDelegate* authorization_delegate, 22810 const std::string& response) { 22811 VLOG(1) << __func__; 22812 base::Callback<void(TPM_RC)> error_reporter = 22813 base::Bind(VerifySignatureErrorCallback, callback); 22814 TPMT_TK_VERIFIED validation; 22815 TPM_RC rc = Tpm::ParseResponse_VerifySignature( 22816 response, 22817 &validation, 22818 authorization_delegate); 22819 if (rc != TPM_RC_SUCCESS) { 22820 error_reporter.Run(rc); 22821 return; 22822 } 22823 callback.Run( 22824 rc, 22825 validation); 22826 } 22827 22828 void Tpm::VerifySignature( 22829 const TPMI_DH_OBJECT& key_handle, 22830 const std::string& key_handle_name, 22831 const TPM2B_DIGEST& digest, 22832 const TPMT_SIGNATURE& signature, 22833 AuthorizationDelegate* authorization_delegate, 22834 const VerifySignatureResponse& callback) { 22835 VLOG(1) << __func__; 22836 base::Callback<void(TPM_RC)> error_reporter = 22837 base::Bind(VerifySignatureErrorCallback, callback); 22838 base::Callback<void(const std::string&)> parser = 22839 base::Bind(VerifySignatureResponseParser, 22840 callback, 22841 authorization_delegate); 22842 std::string command; 22843 TPM_RC rc = SerializeCommand_VerifySignature( 22844 key_handle, 22845 key_handle_name, 22846 digest, 22847 signature, 22848 &command, 22849 authorization_delegate); 22850 if (rc != TPM_RC_SUCCESS) { 22851 error_reporter.Run(rc); 22852 return; 22853 } 22854 transceiver_->SendCommand(command, parser); 22855 } 22856 22857 TPM_RC Tpm::VerifySignatureSync( 22858 const TPMI_DH_OBJECT& key_handle, 22859 const std::string& key_handle_name, 22860 const TPM2B_DIGEST& digest, 22861 const TPMT_SIGNATURE& signature, 22862 TPMT_TK_VERIFIED* validation, 22863 AuthorizationDelegate* authorization_delegate) { 22864 VLOG(1) << __func__; 22865 std::string command; 22866 TPM_RC rc = SerializeCommand_VerifySignature( 22867 key_handle, 22868 key_handle_name, 22869 digest, 22870 signature, 22871 &command, 22872 authorization_delegate); 22873 if (rc != TPM_RC_SUCCESS) { 22874 return rc; 22875 } 22876 std::string response = transceiver_->SendCommandAndWait(command); 22877 rc = ParseResponse_VerifySignature( 22878 response, 22879 validation, 22880 authorization_delegate); 22881 return rc; 22882 } 22883 22884 TPM_RC Tpm::SerializeCommand_Sign( 22885 const TPMI_DH_OBJECT& key_handle, 22886 const std::string& key_handle_name, 22887 const TPM2B_DIGEST& digest, 22888 const TPMT_SIG_SCHEME& in_scheme, 22889 const TPMT_TK_HASHCHECK& validation, 22890 std::string* serialized_command, 22891 AuthorizationDelegate* authorization_delegate) { 22892 VLOG(3) << __func__; 22893 TPM_RC rc = TPM_RC_SUCCESS; 22894 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 22895 UINT32 command_size = 10; // Header size. 22896 std::string handle_section_bytes; 22897 std::string parameter_section_bytes; 22898 TPM_CC command_code = TPM_CC_Sign; 22899 bool is_command_parameter_encryption_possible = true; 22900 bool is_response_parameter_encryption_possible = false; 22901 std::string command_code_bytes; 22902 rc = Serialize_TPM_CC( 22903 command_code, 22904 &command_code_bytes); 22905 if (rc != TPM_RC_SUCCESS) { 22906 return rc; 22907 } 22908 std::string key_handle_bytes; 22909 rc = Serialize_TPMI_DH_OBJECT( 22910 key_handle, 22911 &key_handle_bytes); 22912 if (rc != TPM_RC_SUCCESS) { 22913 return rc; 22914 } 22915 std::string digest_bytes; 22916 rc = Serialize_TPM2B_DIGEST( 22917 digest, 22918 &digest_bytes); 22919 if (rc != TPM_RC_SUCCESS) { 22920 return rc; 22921 } 22922 std::string in_scheme_bytes; 22923 rc = Serialize_TPMT_SIG_SCHEME( 22924 in_scheme, 22925 &in_scheme_bytes); 22926 if (rc != TPM_RC_SUCCESS) { 22927 return rc; 22928 } 22929 std::string validation_bytes; 22930 rc = Serialize_TPMT_TK_HASHCHECK( 22931 validation, 22932 &validation_bytes); 22933 if (rc != TPM_RC_SUCCESS) { 22934 return rc; 22935 } 22936 if (authorization_delegate) { 22937 // Encrypt just the parameter data, not the size. 22938 std::string tmp = digest_bytes.substr(2); 22939 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 22940 return TRUNKS_RC_ENCRYPTION_FAILED; 22941 } 22942 digest_bytes.replace(2, std::string::npos, tmp); 22943 } 22944 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 22945 crypto::SecureHash::SHA256)); 22946 hash->Update(command_code_bytes.data(), 22947 command_code_bytes.size()); 22948 hash->Update(key_handle_name.data(), 22949 key_handle_name.size()); 22950 handle_section_bytes += key_handle_bytes; 22951 command_size += key_handle_bytes.size(); 22952 hash->Update(digest_bytes.data(), 22953 digest_bytes.size()); 22954 parameter_section_bytes += digest_bytes; 22955 command_size += digest_bytes.size(); 22956 hash->Update(in_scheme_bytes.data(), 22957 in_scheme_bytes.size()); 22958 parameter_section_bytes += in_scheme_bytes; 22959 command_size += in_scheme_bytes.size(); 22960 hash->Update(validation_bytes.data(), 22961 validation_bytes.size()); 22962 parameter_section_bytes += validation_bytes; 22963 command_size += validation_bytes.size(); 22964 std::string command_hash(32, 0); 22965 hash->Finish(string_as_array(&command_hash), command_hash.size()); 22966 std::string authorization_section_bytes; 22967 std::string authorization_size_bytes; 22968 if (authorization_delegate) { 22969 if (!authorization_delegate->GetCommandAuthorization( 22970 command_hash, 22971 is_command_parameter_encryption_possible, 22972 is_response_parameter_encryption_possible, 22973 &authorization_section_bytes)) { 22974 return TRUNKS_RC_AUTHORIZATION_FAILED; 22975 } 22976 if (!authorization_section_bytes.empty()) { 22977 tag = TPM_ST_SESSIONS; 22978 std::string tmp; 22979 rc = Serialize_UINT32(authorization_section_bytes.size(), 22980 &authorization_size_bytes); 22981 if (rc != TPM_RC_SUCCESS) { 22982 return rc; 22983 } 22984 command_size += authorization_size_bytes.size() + 22985 authorization_section_bytes.size(); 22986 } 22987 } 22988 std::string tag_bytes; 22989 rc = Serialize_TPMI_ST_COMMAND_TAG( 22990 tag, 22991 &tag_bytes); 22992 if (rc != TPM_RC_SUCCESS) { 22993 return rc; 22994 } 22995 std::string command_size_bytes; 22996 rc = Serialize_UINT32( 22997 command_size, 22998 &command_size_bytes); 22999 if (rc != TPM_RC_SUCCESS) { 23000 return rc; 23001 } 23002 *serialized_command = tag_bytes + 23003 command_size_bytes + 23004 command_code_bytes + 23005 handle_section_bytes + 23006 authorization_size_bytes + 23007 authorization_section_bytes + 23008 parameter_section_bytes; 23009 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 23010 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 23011 serialized_command->size()); 23012 return TPM_RC_SUCCESS; 23013 } 23014 23015 TPM_RC Tpm::ParseResponse_Sign( 23016 const std::string& response, 23017 TPMT_SIGNATURE* signature, 23018 AuthorizationDelegate* authorization_delegate) { 23019 VLOG(3) << __func__; 23020 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 23021 TPM_RC rc = TPM_RC_SUCCESS; 23022 std::string buffer(response); 23023 TPM_ST tag; 23024 std::string tag_bytes; 23025 rc = Parse_TPM_ST( 23026 &buffer, 23027 &tag, 23028 &tag_bytes); 23029 if (rc != TPM_RC_SUCCESS) { 23030 return rc; 23031 } 23032 UINT32 response_size; 23033 std::string response_size_bytes; 23034 rc = Parse_UINT32( 23035 &buffer, 23036 &response_size, 23037 &response_size_bytes); 23038 if (rc != TPM_RC_SUCCESS) { 23039 return rc; 23040 } 23041 TPM_RC response_code; 23042 std::string response_code_bytes; 23043 rc = Parse_TPM_RC( 23044 &buffer, 23045 &response_code, 23046 &response_code_bytes); 23047 if (rc != TPM_RC_SUCCESS) { 23048 return rc; 23049 } 23050 if (response_size != response.size()) { 23051 return TPM_RC_SIZE; 23052 } 23053 if (response_code != TPM_RC_SUCCESS) { 23054 return response_code; 23055 } 23056 TPM_CC command_code = TPM_CC_Sign; 23057 std::string command_code_bytes; 23058 rc = Serialize_TPM_CC( 23059 command_code, 23060 &command_code_bytes); 23061 if (rc != TPM_RC_SUCCESS) { 23062 return rc; 23063 } 23064 std::string authorization_section_bytes; 23065 if (tag == TPM_ST_SESSIONS) { 23066 UINT32 parameter_section_size = buffer.size(); 23067 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 23068 if (rc != TPM_RC_SUCCESS) { 23069 return rc; 23070 } 23071 if (parameter_section_size > buffer.size()) { 23072 return TPM_RC_INSUFFICIENT; 23073 } 23074 authorization_section_bytes = buffer.substr(parameter_section_size); 23075 // Keep the parameter section in |buffer|. 23076 buffer.erase(parameter_section_size); 23077 } 23078 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 23079 crypto::SecureHash::SHA256)); 23080 hash->Update(response_code_bytes.data(), 23081 response_code_bytes.size()); 23082 hash->Update(command_code_bytes.data(), 23083 command_code_bytes.size()); 23084 hash->Update(buffer.data(), 23085 buffer.size()); 23086 std::string response_hash(32, 0); 23087 hash->Finish(string_as_array(&response_hash), response_hash.size()); 23088 if (tag == TPM_ST_SESSIONS) { 23089 CHECK(authorization_delegate) << "Authorization delegate missing!"; 23090 if (!authorization_delegate->CheckResponseAuthorization( 23091 response_hash, 23092 authorization_section_bytes)) { 23093 return TRUNKS_RC_AUTHORIZATION_FAILED; 23094 } 23095 } 23096 std::string signature_bytes; 23097 rc = Parse_TPMT_SIGNATURE( 23098 &buffer, 23099 signature, 23100 &signature_bytes); 23101 if (rc != TPM_RC_SUCCESS) { 23102 return rc; 23103 } 23104 return TPM_RC_SUCCESS; 23105 } 23106 23107 void SignErrorCallback( 23108 const Tpm::SignResponse& callback, 23109 TPM_RC response_code) { 23110 VLOG(1) << __func__; 23111 callback.Run(response_code, 23112 TPMT_SIGNATURE()); 23113 } 23114 23115 void SignResponseParser( 23116 const Tpm::SignResponse& callback, 23117 AuthorizationDelegate* authorization_delegate, 23118 const std::string& response) { 23119 VLOG(1) << __func__; 23120 base::Callback<void(TPM_RC)> error_reporter = 23121 base::Bind(SignErrorCallback, callback); 23122 TPMT_SIGNATURE signature; 23123 TPM_RC rc = Tpm::ParseResponse_Sign( 23124 response, 23125 &signature, 23126 authorization_delegate); 23127 if (rc != TPM_RC_SUCCESS) { 23128 error_reporter.Run(rc); 23129 return; 23130 } 23131 callback.Run( 23132 rc, 23133 signature); 23134 } 23135 23136 void Tpm::Sign( 23137 const TPMI_DH_OBJECT& key_handle, 23138 const std::string& key_handle_name, 23139 const TPM2B_DIGEST& digest, 23140 const TPMT_SIG_SCHEME& in_scheme, 23141 const TPMT_TK_HASHCHECK& validation, 23142 AuthorizationDelegate* authorization_delegate, 23143 const SignResponse& callback) { 23144 VLOG(1) << __func__; 23145 base::Callback<void(TPM_RC)> error_reporter = 23146 base::Bind(SignErrorCallback, callback); 23147 base::Callback<void(const std::string&)> parser = 23148 base::Bind(SignResponseParser, 23149 callback, 23150 authorization_delegate); 23151 std::string command; 23152 TPM_RC rc = SerializeCommand_Sign( 23153 key_handle, 23154 key_handle_name, 23155 digest, 23156 in_scheme, 23157 validation, 23158 &command, 23159 authorization_delegate); 23160 if (rc != TPM_RC_SUCCESS) { 23161 error_reporter.Run(rc); 23162 return; 23163 } 23164 transceiver_->SendCommand(command, parser); 23165 } 23166 23167 TPM_RC Tpm::SignSync( 23168 const TPMI_DH_OBJECT& key_handle, 23169 const std::string& key_handle_name, 23170 const TPM2B_DIGEST& digest, 23171 const TPMT_SIG_SCHEME& in_scheme, 23172 const TPMT_TK_HASHCHECK& validation, 23173 TPMT_SIGNATURE* signature, 23174 AuthorizationDelegate* authorization_delegate) { 23175 VLOG(1) << __func__; 23176 std::string command; 23177 TPM_RC rc = SerializeCommand_Sign( 23178 key_handle, 23179 key_handle_name, 23180 digest, 23181 in_scheme, 23182 validation, 23183 &command, 23184 authorization_delegate); 23185 if (rc != TPM_RC_SUCCESS) { 23186 return rc; 23187 } 23188 std::string response = transceiver_->SendCommandAndWait(command); 23189 rc = ParseResponse_Sign( 23190 response, 23191 signature, 23192 authorization_delegate); 23193 return rc; 23194 } 23195 23196 TPM_RC Tpm::SerializeCommand_SetCommandCodeAuditStatus( 23197 const TPMI_RH_PROVISION& auth, 23198 const std::string& auth_name, 23199 const TPMI_ALG_HASH& audit_alg, 23200 const TPML_CC& set_list, 23201 const TPML_CC& clear_list, 23202 std::string* serialized_command, 23203 AuthorizationDelegate* authorization_delegate) { 23204 VLOG(3) << __func__; 23205 TPM_RC rc = TPM_RC_SUCCESS; 23206 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 23207 UINT32 command_size = 10; // Header size. 23208 std::string handle_section_bytes; 23209 std::string parameter_section_bytes; 23210 TPM_CC command_code = TPM_CC_SetCommandCodeAuditStatus; 23211 bool is_command_parameter_encryption_possible = false; 23212 bool is_response_parameter_encryption_possible = false; 23213 std::string command_code_bytes; 23214 rc = Serialize_TPM_CC( 23215 command_code, 23216 &command_code_bytes); 23217 if (rc != TPM_RC_SUCCESS) { 23218 return rc; 23219 } 23220 std::string auth_bytes; 23221 rc = Serialize_TPMI_RH_PROVISION( 23222 auth, 23223 &auth_bytes); 23224 if (rc != TPM_RC_SUCCESS) { 23225 return rc; 23226 } 23227 std::string audit_alg_bytes; 23228 rc = Serialize_TPMI_ALG_HASH( 23229 audit_alg, 23230 &audit_alg_bytes); 23231 if (rc != TPM_RC_SUCCESS) { 23232 return rc; 23233 } 23234 std::string set_list_bytes; 23235 rc = Serialize_TPML_CC( 23236 set_list, 23237 &set_list_bytes); 23238 if (rc != TPM_RC_SUCCESS) { 23239 return rc; 23240 } 23241 std::string clear_list_bytes; 23242 rc = Serialize_TPML_CC( 23243 clear_list, 23244 &clear_list_bytes); 23245 if (rc != TPM_RC_SUCCESS) { 23246 return rc; 23247 } 23248 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 23249 crypto::SecureHash::SHA256)); 23250 hash->Update(command_code_bytes.data(), 23251 command_code_bytes.size()); 23252 hash->Update(auth_name.data(), 23253 auth_name.size()); 23254 handle_section_bytes += auth_bytes; 23255 command_size += auth_bytes.size(); 23256 hash->Update(audit_alg_bytes.data(), 23257 audit_alg_bytes.size()); 23258 parameter_section_bytes += audit_alg_bytes; 23259 command_size += audit_alg_bytes.size(); 23260 hash->Update(set_list_bytes.data(), 23261 set_list_bytes.size()); 23262 parameter_section_bytes += set_list_bytes; 23263 command_size += set_list_bytes.size(); 23264 hash->Update(clear_list_bytes.data(), 23265 clear_list_bytes.size()); 23266 parameter_section_bytes += clear_list_bytes; 23267 command_size += clear_list_bytes.size(); 23268 std::string command_hash(32, 0); 23269 hash->Finish(string_as_array(&command_hash), command_hash.size()); 23270 std::string authorization_section_bytes; 23271 std::string authorization_size_bytes; 23272 if (authorization_delegate) { 23273 if (!authorization_delegate->GetCommandAuthorization( 23274 command_hash, 23275 is_command_parameter_encryption_possible, 23276 is_response_parameter_encryption_possible, 23277 &authorization_section_bytes)) { 23278 return TRUNKS_RC_AUTHORIZATION_FAILED; 23279 } 23280 if (!authorization_section_bytes.empty()) { 23281 tag = TPM_ST_SESSIONS; 23282 std::string tmp; 23283 rc = Serialize_UINT32(authorization_section_bytes.size(), 23284 &authorization_size_bytes); 23285 if (rc != TPM_RC_SUCCESS) { 23286 return rc; 23287 } 23288 command_size += authorization_size_bytes.size() + 23289 authorization_section_bytes.size(); 23290 } 23291 } 23292 std::string tag_bytes; 23293 rc = Serialize_TPMI_ST_COMMAND_TAG( 23294 tag, 23295 &tag_bytes); 23296 if (rc != TPM_RC_SUCCESS) { 23297 return rc; 23298 } 23299 std::string command_size_bytes; 23300 rc = Serialize_UINT32( 23301 command_size, 23302 &command_size_bytes); 23303 if (rc != TPM_RC_SUCCESS) { 23304 return rc; 23305 } 23306 *serialized_command = tag_bytes + 23307 command_size_bytes + 23308 command_code_bytes + 23309 handle_section_bytes + 23310 authorization_size_bytes + 23311 authorization_section_bytes + 23312 parameter_section_bytes; 23313 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 23314 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 23315 serialized_command->size()); 23316 return TPM_RC_SUCCESS; 23317 } 23318 23319 TPM_RC Tpm::ParseResponse_SetCommandCodeAuditStatus( 23320 const std::string& response, 23321 AuthorizationDelegate* authorization_delegate) { 23322 VLOG(3) << __func__; 23323 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 23324 TPM_RC rc = TPM_RC_SUCCESS; 23325 std::string buffer(response); 23326 TPM_ST tag; 23327 std::string tag_bytes; 23328 rc = Parse_TPM_ST( 23329 &buffer, 23330 &tag, 23331 &tag_bytes); 23332 if (rc != TPM_RC_SUCCESS) { 23333 return rc; 23334 } 23335 UINT32 response_size; 23336 std::string response_size_bytes; 23337 rc = Parse_UINT32( 23338 &buffer, 23339 &response_size, 23340 &response_size_bytes); 23341 if (rc != TPM_RC_SUCCESS) { 23342 return rc; 23343 } 23344 TPM_RC response_code; 23345 std::string response_code_bytes; 23346 rc = Parse_TPM_RC( 23347 &buffer, 23348 &response_code, 23349 &response_code_bytes); 23350 if (rc != TPM_RC_SUCCESS) { 23351 return rc; 23352 } 23353 if (response_size != response.size()) { 23354 return TPM_RC_SIZE; 23355 } 23356 if (response_code != TPM_RC_SUCCESS) { 23357 return response_code; 23358 } 23359 TPM_CC command_code = TPM_CC_SetCommandCodeAuditStatus; 23360 std::string command_code_bytes; 23361 rc = Serialize_TPM_CC( 23362 command_code, 23363 &command_code_bytes); 23364 if (rc != TPM_RC_SUCCESS) { 23365 return rc; 23366 } 23367 std::string authorization_section_bytes; 23368 if (tag == TPM_ST_SESSIONS) { 23369 UINT32 parameter_section_size = buffer.size(); 23370 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 23371 if (rc != TPM_RC_SUCCESS) { 23372 return rc; 23373 } 23374 if (parameter_section_size > buffer.size()) { 23375 return TPM_RC_INSUFFICIENT; 23376 } 23377 authorization_section_bytes = buffer.substr(parameter_section_size); 23378 // Keep the parameter section in |buffer|. 23379 buffer.erase(parameter_section_size); 23380 } 23381 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 23382 crypto::SecureHash::SHA256)); 23383 hash->Update(response_code_bytes.data(), 23384 response_code_bytes.size()); 23385 hash->Update(command_code_bytes.data(), 23386 command_code_bytes.size()); 23387 hash->Update(buffer.data(), 23388 buffer.size()); 23389 std::string response_hash(32, 0); 23390 hash->Finish(string_as_array(&response_hash), response_hash.size()); 23391 if (tag == TPM_ST_SESSIONS) { 23392 CHECK(authorization_delegate) << "Authorization delegate missing!"; 23393 if (!authorization_delegate->CheckResponseAuthorization( 23394 response_hash, 23395 authorization_section_bytes)) { 23396 return TRUNKS_RC_AUTHORIZATION_FAILED; 23397 } 23398 } 23399 return TPM_RC_SUCCESS; 23400 } 23401 23402 void SetCommandCodeAuditStatusErrorCallback( 23403 const Tpm::SetCommandCodeAuditStatusResponse& callback, 23404 TPM_RC response_code) { 23405 VLOG(1) << __func__; 23406 callback.Run(response_code); 23407 } 23408 23409 void SetCommandCodeAuditStatusResponseParser( 23410 const Tpm::SetCommandCodeAuditStatusResponse& callback, 23411 AuthorizationDelegate* authorization_delegate, 23412 const std::string& response) { 23413 VLOG(1) << __func__; 23414 base::Callback<void(TPM_RC)> error_reporter = 23415 base::Bind(SetCommandCodeAuditStatusErrorCallback, callback); 23416 TPM_RC rc = Tpm::ParseResponse_SetCommandCodeAuditStatus( 23417 response, 23418 authorization_delegate); 23419 if (rc != TPM_RC_SUCCESS) { 23420 error_reporter.Run(rc); 23421 return; 23422 } 23423 callback.Run( 23424 rc); 23425 } 23426 23427 void Tpm::SetCommandCodeAuditStatus( 23428 const TPMI_RH_PROVISION& auth, 23429 const std::string& auth_name, 23430 const TPMI_ALG_HASH& audit_alg, 23431 const TPML_CC& set_list, 23432 const TPML_CC& clear_list, 23433 AuthorizationDelegate* authorization_delegate, 23434 const SetCommandCodeAuditStatusResponse& callback) { 23435 VLOG(1) << __func__; 23436 base::Callback<void(TPM_RC)> error_reporter = 23437 base::Bind(SetCommandCodeAuditStatusErrorCallback, callback); 23438 base::Callback<void(const std::string&)> parser = 23439 base::Bind(SetCommandCodeAuditStatusResponseParser, 23440 callback, 23441 authorization_delegate); 23442 std::string command; 23443 TPM_RC rc = SerializeCommand_SetCommandCodeAuditStatus( 23444 auth, 23445 auth_name, 23446 audit_alg, 23447 set_list, 23448 clear_list, 23449 &command, 23450 authorization_delegate); 23451 if (rc != TPM_RC_SUCCESS) { 23452 error_reporter.Run(rc); 23453 return; 23454 } 23455 transceiver_->SendCommand(command, parser); 23456 } 23457 23458 TPM_RC Tpm::SetCommandCodeAuditStatusSync( 23459 const TPMI_RH_PROVISION& auth, 23460 const std::string& auth_name, 23461 const TPMI_ALG_HASH& audit_alg, 23462 const TPML_CC& set_list, 23463 const TPML_CC& clear_list, 23464 AuthorizationDelegate* authorization_delegate) { 23465 VLOG(1) << __func__; 23466 std::string command; 23467 TPM_RC rc = SerializeCommand_SetCommandCodeAuditStatus( 23468 auth, 23469 auth_name, 23470 audit_alg, 23471 set_list, 23472 clear_list, 23473 &command, 23474 authorization_delegate); 23475 if (rc != TPM_RC_SUCCESS) { 23476 return rc; 23477 } 23478 std::string response = transceiver_->SendCommandAndWait(command); 23479 rc = ParseResponse_SetCommandCodeAuditStatus( 23480 response, 23481 authorization_delegate); 23482 return rc; 23483 } 23484 23485 TPM_RC Tpm::SerializeCommand_PCR_Extend( 23486 const TPMI_DH_PCR& pcr_handle, 23487 const std::string& pcr_handle_name, 23488 const TPML_DIGEST_VALUES& digests, 23489 std::string* serialized_command, 23490 AuthorizationDelegate* authorization_delegate) { 23491 VLOG(3) << __func__; 23492 TPM_RC rc = TPM_RC_SUCCESS; 23493 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 23494 UINT32 command_size = 10; // Header size. 23495 std::string handle_section_bytes; 23496 std::string parameter_section_bytes; 23497 TPM_CC command_code = TPM_CC_PCR_Extend; 23498 bool is_command_parameter_encryption_possible = false; 23499 bool is_response_parameter_encryption_possible = false; 23500 std::string command_code_bytes; 23501 rc = Serialize_TPM_CC( 23502 command_code, 23503 &command_code_bytes); 23504 if (rc != TPM_RC_SUCCESS) { 23505 return rc; 23506 } 23507 std::string pcr_handle_bytes; 23508 rc = Serialize_TPMI_DH_PCR( 23509 pcr_handle, 23510 &pcr_handle_bytes); 23511 if (rc != TPM_RC_SUCCESS) { 23512 return rc; 23513 } 23514 std::string digests_bytes; 23515 rc = Serialize_TPML_DIGEST_VALUES( 23516 digests, 23517 &digests_bytes); 23518 if (rc != TPM_RC_SUCCESS) { 23519 return rc; 23520 } 23521 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 23522 crypto::SecureHash::SHA256)); 23523 hash->Update(command_code_bytes.data(), 23524 command_code_bytes.size()); 23525 hash->Update(pcr_handle_name.data(), 23526 pcr_handle_name.size()); 23527 handle_section_bytes += pcr_handle_bytes; 23528 command_size += pcr_handle_bytes.size(); 23529 hash->Update(digests_bytes.data(), 23530 digests_bytes.size()); 23531 parameter_section_bytes += digests_bytes; 23532 command_size += digests_bytes.size(); 23533 std::string command_hash(32, 0); 23534 hash->Finish(string_as_array(&command_hash), command_hash.size()); 23535 std::string authorization_section_bytes; 23536 std::string authorization_size_bytes; 23537 if (authorization_delegate) { 23538 if (!authorization_delegate->GetCommandAuthorization( 23539 command_hash, 23540 is_command_parameter_encryption_possible, 23541 is_response_parameter_encryption_possible, 23542 &authorization_section_bytes)) { 23543 return TRUNKS_RC_AUTHORIZATION_FAILED; 23544 } 23545 if (!authorization_section_bytes.empty()) { 23546 tag = TPM_ST_SESSIONS; 23547 std::string tmp; 23548 rc = Serialize_UINT32(authorization_section_bytes.size(), 23549 &authorization_size_bytes); 23550 if (rc != TPM_RC_SUCCESS) { 23551 return rc; 23552 } 23553 command_size += authorization_size_bytes.size() + 23554 authorization_section_bytes.size(); 23555 } 23556 } 23557 std::string tag_bytes; 23558 rc = Serialize_TPMI_ST_COMMAND_TAG( 23559 tag, 23560 &tag_bytes); 23561 if (rc != TPM_RC_SUCCESS) { 23562 return rc; 23563 } 23564 std::string command_size_bytes; 23565 rc = Serialize_UINT32( 23566 command_size, 23567 &command_size_bytes); 23568 if (rc != TPM_RC_SUCCESS) { 23569 return rc; 23570 } 23571 *serialized_command = tag_bytes + 23572 command_size_bytes + 23573 command_code_bytes + 23574 handle_section_bytes + 23575 authorization_size_bytes + 23576 authorization_section_bytes + 23577 parameter_section_bytes; 23578 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 23579 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 23580 serialized_command->size()); 23581 return TPM_RC_SUCCESS; 23582 } 23583 23584 TPM_RC Tpm::ParseResponse_PCR_Extend( 23585 const std::string& response, 23586 AuthorizationDelegate* authorization_delegate) { 23587 VLOG(3) << __func__; 23588 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 23589 TPM_RC rc = TPM_RC_SUCCESS; 23590 std::string buffer(response); 23591 TPM_ST tag; 23592 std::string tag_bytes; 23593 rc = Parse_TPM_ST( 23594 &buffer, 23595 &tag, 23596 &tag_bytes); 23597 if (rc != TPM_RC_SUCCESS) { 23598 return rc; 23599 } 23600 UINT32 response_size; 23601 std::string response_size_bytes; 23602 rc = Parse_UINT32( 23603 &buffer, 23604 &response_size, 23605 &response_size_bytes); 23606 if (rc != TPM_RC_SUCCESS) { 23607 return rc; 23608 } 23609 TPM_RC response_code; 23610 std::string response_code_bytes; 23611 rc = Parse_TPM_RC( 23612 &buffer, 23613 &response_code, 23614 &response_code_bytes); 23615 if (rc != TPM_RC_SUCCESS) { 23616 return rc; 23617 } 23618 if (response_size != response.size()) { 23619 return TPM_RC_SIZE; 23620 } 23621 if (response_code != TPM_RC_SUCCESS) { 23622 return response_code; 23623 } 23624 TPM_CC command_code = TPM_CC_PCR_Extend; 23625 std::string command_code_bytes; 23626 rc = Serialize_TPM_CC( 23627 command_code, 23628 &command_code_bytes); 23629 if (rc != TPM_RC_SUCCESS) { 23630 return rc; 23631 } 23632 std::string authorization_section_bytes; 23633 if (tag == TPM_ST_SESSIONS) { 23634 UINT32 parameter_section_size = buffer.size(); 23635 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 23636 if (rc != TPM_RC_SUCCESS) { 23637 return rc; 23638 } 23639 if (parameter_section_size > buffer.size()) { 23640 return TPM_RC_INSUFFICIENT; 23641 } 23642 authorization_section_bytes = buffer.substr(parameter_section_size); 23643 // Keep the parameter section in |buffer|. 23644 buffer.erase(parameter_section_size); 23645 } 23646 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 23647 crypto::SecureHash::SHA256)); 23648 hash->Update(response_code_bytes.data(), 23649 response_code_bytes.size()); 23650 hash->Update(command_code_bytes.data(), 23651 command_code_bytes.size()); 23652 hash->Update(buffer.data(), 23653 buffer.size()); 23654 std::string response_hash(32, 0); 23655 hash->Finish(string_as_array(&response_hash), response_hash.size()); 23656 if (tag == TPM_ST_SESSIONS) { 23657 CHECK(authorization_delegate) << "Authorization delegate missing!"; 23658 if (!authorization_delegate->CheckResponseAuthorization( 23659 response_hash, 23660 authorization_section_bytes)) { 23661 return TRUNKS_RC_AUTHORIZATION_FAILED; 23662 } 23663 } 23664 return TPM_RC_SUCCESS; 23665 } 23666 23667 void PCR_ExtendErrorCallback( 23668 const Tpm::PCR_ExtendResponse& callback, 23669 TPM_RC response_code) { 23670 VLOG(1) << __func__; 23671 callback.Run(response_code); 23672 } 23673 23674 void PCR_ExtendResponseParser( 23675 const Tpm::PCR_ExtendResponse& callback, 23676 AuthorizationDelegate* authorization_delegate, 23677 const std::string& response) { 23678 VLOG(1) << __func__; 23679 base::Callback<void(TPM_RC)> error_reporter = 23680 base::Bind(PCR_ExtendErrorCallback, callback); 23681 TPM_RC rc = Tpm::ParseResponse_PCR_Extend( 23682 response, 23683 authorization_delegate); 23684 if (rc != TPM_RC_SUCCESS) { 23685 error_reporter.Run(rc); 23686 return; 23687 } 23688 callback.Run( 23689 rc); 23690 } 23691 23692 void Tpm::PCR_Extend( 23693 const TPMI_DH_PCR& pcr_handle, 23694 const std::string& pcr_handle_name, 23695 const TPML_DIGEST_VALUES& digests, 23696 AuthorizationDelegate* authorization_delegate, 23697 const PCR_ExtendResponse& callback) { 23698 VLOG(1) << __func__; 23699 base::Callback<void(TPM_RC)> error_reporter = 23700 base::Bind(PCR_ExtendErrorCallback, callback); 23701 base::Callback<void(const std::string&)> parser = 23702 base::Bind(PCR_ExtendResponseParser, 23703 callback, 23704 authorization_delegate); 23705 std::string command; 23706 TPM_RC rc = SerializeCommand_PCR_Extend( 23707 pcr_handle, 23708 pcr_handle_name, 23709 digests, 23710 &command, 23711 authorization_delegate); 23712 if (rc != TPM_RC_SUCCESS) { 23713 error_reporter.Run(rc); 23714 return; 23715 } 23716 transceiver_->SendCommand(command, parser); 23717 } 23718 23719 TPM_RC Tpm::PCR_ExtendSync( 23720 const TPMI_DH_PCR& pcr_handle, 23721 const std::string& pcr_handle_name, 23722 const TPML_DIGEST_VALUES& digests, 23723 AuthorizationDelegate* authorization_delegate) { 23724 VLOG(1) << __func__; 23725 std::string command; 23726 TPM_RC rc = SerializeCommand_PCR_Extend( 23727 pcr_handle, 23728 pcr_handle_name, 23729 digests, 23730 &command, 23731 authorization_delegate); 23732 if (rc != TPM_RC_SUCCESS) { 23733 return rc; 23734 } 23735 std::string response = transceiver_->SendCommandAndWait(command); 23736 rc = ParseResponse_PCR_Extend( 23737 response, 23738 authorization_delegate); 23739 return rc; 23740 } 23741 23742 TPM_RC Tpm::SerializeCommand_PCR_Event( 23743 const TPMI_DH_PCR& pcr_handle, 23744 const std::string& pcr_handle_name, 23745 const TPM2B_EVENT& event_data, 23746 std::string* serialized_command, 23747 AuthorizationDelegate* authorization_delegate) { 23748 VLOG(3) << __func__; 23749 TPM_RC rc = TPM_RC_SUCCESS; 23750 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 23751 UINT32 command_size = 10; // Header size. 23752 std::string handle_section_bytes; 23753 std::string parameter_section_bytes; 23754 TPM_CC command_code = TPM_CC_PCR_Event; 23755 bool is_command_parameter_encryption_possible = true; 23756 bool is_response_parameter_encryption_possible = false; 23757 std::string command_code_bytes; 23758 rc = Serialize_TPM_CC( 23759 command_code, 23760 &command_code_bytes); 23761 if (rc != TPM_RC_SUCCESS) { 23762 return rc; 23763 } 23764 std::string pcr_handle_bytes; 23765 rc = Serialize_TPMI_DH_PCR( 23766 pcr_handle, 23767 &pcr_handle_bytes); 23768 if (rc != TPM_RC_SUCCESS) { 23769 return rc; 23770 } 23771 std::string event_data_bytes; 23772 rc = Serialize_TPM2B_EVENT( 23773 event_data, 23774 &event_data_bytes); 23775 if (rc != TPM_RC_SUCCESS) { 23776 return rc; 23777 } 23778 if (authorization_delegate) { 23779 // Encrypt just the parameter data, not the size. 23780 std::string tmp = event_data_bytes.substr(2); 23781 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 23782 return TRUNKS_RC_ENCRYPTION_FAILED; 23783 } 23784 event_data_bytes.replace(2, std::string::npos, tmp); 23785 } 23786 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 23787 crypto::SecureHash::SHA256)); 23788 hash->Update(command_code_bytes.data(), 23789 command_code_bytes.size()); 23790 hash->Update(pcr_handle_name.data(), 23791 pcr_handle_name.size()); 23792 handle_section_bytes += pcr_handle_bytes; 23793 command_size += pcr_handle_bytes.size(); 23794 hash->Update(event_data_bytes.data(), 23795 event_data_bytes.size()); 23796 parameter_section_bytes += event_data_bytes; 23797 command_size += event_data_bytes.size(); 23798 std::string command_hash(32, 0); 23799 hash->Finish(string_as_array(&command_hash), command_hash.size()); 23800 std::string authorization_section_bytes; 23801 std::string authorization_size_bytes; 23802 if (authorization_delegate) { 23803 if (!authorization_delegate->GetCommandAuthorization( 23804 command_hash, 23805 is_command_parameter_encryption_possible, 23806 is_response_parameter_encryption_possible, 23807 &authorization_section_bytes)) { 23808 return TRUNKS_RC_AUTHORIZATION_FAILED; 23809 } 23810 if (!authorization_section_bytes.empty()) { 23811 tag = TPM_ST_SESSIONS; 23812 std::string tmp; 23813 rc = Serialize_UINT32(authorization_section_bytes.size(), 23814 &authorization_size_bytes); 23815 if (rc != TPM_RC_SUCCESS) { 23816 return rc; 23817 } 23818 command_size += authorization_size_bytes.size() + 23819 authorization_section_bytes.size(); 23820 } 23821 } 23822 std::string tag_bytes; 23823 rc = Serialize_TPMI_ST_COMMAND_TAG( 23824 tag, 23825 &tag_bytes); 23826 if (rc != TPM_RC_SUCCESS) { 23827 return rc; 23828 } 23829 std::string command_size_bytes; 23830 rc = Serialize_UINT32( 23831 command_size, 23832 &command_size_bytes); 23833 if (rc != TPM_RC_SUCCESS) { 23834 return rc; 23835 } 23836 *serialized_command = tag_bytes + 23837 command_size_bytes + 23838 command_code_bytes + 23839 handle_section_bytes + 23840 authorization_size_bytes + 23841 authorization_section_bytes + 23842 parameter_section_bytes; 23843 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 23844 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 23845 serialized_command->size()); 23846 return TPM_RC_SUCCESS; 23847 } 23848 23849 TPM_RC Tpm::ParseResponse_PCR_Event( 23850 const std::string& response, 23851 TPML_DIGEST_VALUES* digests, 23852 AuthorizationDelegate* authorization_delegate) { 23853 VLOG(3) << __func__; 23854 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 23855 TPM_RC rc = TPM_RC_SUCCESS; 23856 std::string buffer(response); 23857 TPM_ST tag; 23858 std::string tag_bytes; 23859 rc = Parse_TPM_ST( 23860 &buffer, 23861 &tag, 23862 &tag_bytes); 23863 if (rc != TPM_RC_SUCCESS) { 23864 return rc; 23865 } 23866 UINT32 response_size; 23867 std::string response_size_bytes; 23868 rc = Parse_UINT32( 23869 &buffer, 23870 &response_size, 23871 &response_size_bytes); 23872 if (rc != TPM_RC_SUCCESS) { 23873 return rc; 23874 } 23875 TPM_RC response_code; 23876 std::string response_code_bytes; 23877 rc = Parse_TPM_RC( 23878 &buffer, 23879 &response_code, 23880 &response_code_bytes); 23881 if (rc != TPM_RC_SUCCESS) { 23882 return rc; 23883 } 23884 if (response_size != response.size()) { 23885 return TPM_RC_SIZE; 23886 } 23887 if (response_code != TPM_RC_SUCCESS) { 23888 return response_code; 23889 } 23890 TPM_CC command_code = TPM_CC_PCR_Event; 23891 std::string command_code_bytes; 23892 rc = Serialize_TPM_CC( 23893 command_code, 23894 &command_code_bytes); 23895 if (rc != TPM_RC_SUCCESS) { 23896 return rc; 23897 } 23898 std::string authorization_section_bytes; 23899 if (tag == TPM_ST_SESSIONS) { 23900 UINT32 parameter_section_size = buffer.size(); 23901 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 23902 if (rc != TPM_RC_SUCCESS) { 23903 return rc; 23904 } 23905 if (parameter_section_size > buffer.size()) { 23906 return TPM_RC_INSUFFICIENT; 23907 } 23908 authorization_section_bytes = buffer.substr(parameter_section_size); 23909 // Keep the parameter section in |buffer|. 23910 buffer.erase(parameter_section_size); 23911 } 23912 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 23913 crypto::SecureHash::SHA256)); 23914 hash->Update(response_code_bytes.data(), 23915 response_code_bytes.size()); 23916 hash->Update(command_code_bytes.data(), 23917 command_code_bytes.size()); 23918 hash->Update(buffer.data(), 23919 buffer.size()); 23920 std::string response_hash(32, 0); 23921 hash->Finish(string_as_array(&response_hash), response_hash.size()); 23922 if (tag == TPM_ST_SESSIONS) { 23923 CHECK(authorization_delegate) << "Authorization delegate missing!"; 23924 if (!authorization_delegate->CheckResponseAuthorization( 23925 response_hash, 23926 authorization_section_bytes)) { 23927 return TRUNKS_RC_AUTHORIZATION_FAILED; 23928 } 23929 } 23930 std::string digests_bytes; 23931 rc = Parse_TPML_DIGEST_VALUES( 23932 &buffer, 23933 digests, 23934 &digests_bytes); 23935 if (rc != TPM_RC_SUCCESS) { 23936 return rc; 23937 } 23938 return TPM_RC_SUCCESS; 23939 } 23940 23941 void PCR_EventErrorCallback( 23942 const Tpm::PCR_EventResponse& callback, 23943 TPM_RC response_code) { 23944 VLOG(1) << __func__; 23945 callback.Run(response_code, 23946 TPML_DIGEST_VALUES()); 23947 } 23948 23949 void PCR_EventResponseParser( 23950 const Tpm::PCR_EventResponse& callback, 23951 AuthorizationDelegate* authorization_delegate, 23952 const std::string& response) { 23953 VLOG(1) << __func__; 23954 base::Callback<void(TPM_RC)> error_reporter = 23955 base::Bind(PCR_EventErrorCallback, callback); 23956 TPML_DIGEST_VALUES digests; 23957 TPM_RC rc = Tpm::ParseResponse_PCR_Event( 23958 response, 23959 &digests, 23960 authorization_delegate); 23961 if (rc != TPM_RC_SUCCESS) { 23962 error_reporter.Run(rc); 23963 return; 23964 } 23965 callback.Run( 23966 rc, 23967 digests); 23968 } 23969 23970 void Tpm::PCR_Event( 23971 const TPMI_DH_PCR& pcr_handle, 23972 const std::string& pcr_handle_name, 23973 const TPM2B_EVENT& event_data, 23974 AuthorizationDelegate* authorization_delegate, 23975 const PCR_EventResponse& callback) { 23976 VLOG(1) << __func__; 23977 base::Callback<void(TPM_RC)> error_reporter = 23978 base::Bind(PCR_EventErrorCallback, callback); 23979 base::Callback<void(const std::string&)> parser = 23980 base::Bind(PCR_EventResponseParser, 23981 callback, 23982 authorization_delegate); 23983 std::string command; 23984 TPM_RC rc = SerializeCommand_PCR_Event( 23985 pcr_handle, 23986 pcr_handle_name, 23987 event_data, 23988 &command, 23989 authorization_delegate); 23990 if (rc != TPM_RC_SUCCESS) { 23991 error_reporter.Run(rc); 23992 return; 23993 } 23994 transceiver_->SendCommand(command, parser); 23995 } 23996 23997 TPM_RC Tpm::PCR_EventSync( 23998 const TPMI_DH_PCR& pcr_handle, 23999 const std::string& pcr_handle_name, 24000 const TPM2B_EVENT& event_data, 24001 TPML_DIGEST_VALUES* digests, 24002 AuthorizationDelegate* authorization_delegate) { 24003 VLOG(1) << __func__; 24004 std::string command; 24005 TPM_RC rc = SerializeCommand_PCR_Event( 24006 pcr_handle, 24007 pcr_handle_name, 24008 event_data, 24009 &command, 24010 authorization_delegate); 24011 if (rc != TPM_RC_SUCCESS) { 24012 return rc; 24013 } 24014 std::string response = transceiver_->SendCommandAndWait(command); 24015 rc = ParseResponse_PCR_Event( 24016 response, 24017 digests, 24018 authorization_delegate); 24019 return rc; 24020 } 24021 24022 TPM_RC Tpm::SerializeCommand_PCR_Read( 24023 const TPML_PCR_SELECTION& pcr_selection_in, 24024 std::string* serialized_command, 24025 AuthorizationDelegate* authorization_delegate) { 24026 VLOG(3) << __func__; 24027 TPM_RC rc = TPM_RC_SUCCESS; 24028 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 24029 UINT32 command_size = 10; // Header size. 24030 std::string handle_section_bytes; 24031 std::string parameter_section_bytes; 24032 TPM_CC command_code = TPM_CC_PCR_Read; 24033 bool is_command_parameter_encryption_possible = false; 24034 bool is_response_parameter_encryption_possible = false; 24035 std::string command_code_bytes; 24036 rc = Serialize_TPM_CC( 24037 command_code, 24038 &command_code_bytes); 24039 if (rc != TPM_RC_SUCCESS) { 24040 return rc; 24041 } 24042 std::string pcr_selection_in_bytes; 24043 rc = Serialize_TPML_PCR_SELECTION( 24044 pcr_selection_in, 24045 &pcr_selection_in_bytes); 24046 if (rc != TPM_RC_SUCCESS) { 24047 return rc; 24048 } 24049 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 24050 crypto::SecureHash::SHA256)); 24051 hash->Update(command_code_bytes.data(), 24052 command_code_bytes.size()); 24053 hash->Update(pcr_selection_in_bytes.data(), 24054 pcr_selection_in_bytes.size()); 24055 parameter_section_bytes += pcr_selection_in_bytes; 24056 command_size += pcr_selection_in_bytes.size(); 24057 std::string command_hash(32, 0); 24058 hash->Finish(string_as_array(&command_hash), command_hash.size()); 24059 std::string authorization_section_bytes; 24060 std::string authorization_size_bytes; 24061 if (authorization_delegate) { 24062 if (!authorization_delegate->GetCommandAuthorization( 24063 command_hash, 24064 is_command_parameter_encryption_possible, 24065 is_response_parameter_encryption_possible, 24066 &authorization_section_bytes)) { 24067 return TRUNKS_RC_AUTHORIZATION_FAILED; 24068 } 24069 if (!authorization_section_bytes.empty()) { 24070 tag = TPM_ST_SESSIONS; 24071 std::string tmp; 24072 rc = Serialize_UINT32(authorization_section_bytes.size(), 24073 &authorization_size_bytes); 24074 if (rc != TPM_RC_SUCCESS) { 24075 return rc; 24076 } 24077 command_size += authorization_size_bytes.size() + 24078 authorization_section_bytes.size(); 24079 } 24080 } 24081 std::string tag_bytes; 24082 rc = Serialize_TPMI_ST_COMMAND_TAG( 24083 tag, 24084 &tag_bytes); 24085 if (rc != TPM_RC_SUCCESS) { 24086 return rc; 24087 } 24088 std::string command_size_bytes; 24089 rc = Serialize_UINT32( 24090 command_size, 24091 &command_size_bytes); 24092 if (rc != TPM_RC_SUCCESS) { 24093 return rc; 24094 } 24095 *serialized_command = tag_bytes + 24096 command_size_bytes + 24097 command_code_bytes + 24098 handle_section_bytes + 24099 authorization_size_bytes + 24100 authorization_section_bytes + 24101 parameter_section_bytes; 24102 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 24103 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 24104 serialized_command->size()); 24105 return TPM_RC_SUCCESS; 24106 } 24107 24108 TPM_RC Tpm::ParseResponse_PCR_Read( 24109 const std::string& response, 24110 UINT32* pcr_update_counter, 24111 TPML_PCR_SELECTION* pcr_selection_out, 24112 TPML_DIGEST* pcr_values, 24113 AuthorizationDelegate* authorization_delegate) { 24114 VLOG(3) << __func__; 24115 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 24116 TPM_RC rc = TPM_RC_SUCCESS; 24117 std::string buffer(response); 24118 TPM_ST tag; 24119 std::string tag_bytes; 24120 rc = Parse_TPM_ST( 24121 &buffer, 24122 &tag, 24123 &tag_bytes); 24124 if (rc != TPM_RC_SUCCESS) { 24125 return rc; 24126 } 24127 UINT32 response_size; 24128 std::string response_size_bytes; 24129 rc = Parse_UINT32( 24130 &buffer, 24131 &response_size, 24132 &response_size_bytes); 24133 if (rc != TPM_RC_SUCCESS) { 24134 return rc; 24135 } 24136 TPM_RC response_code; 24137 std::string response_code_bytes; 24138 rc = Parse_TPM_RC( 24139 &buffer, 24140 &response_code, 24141 &response_code_bytes); 24142 if (rc != TPM_RC_SUCCESS) { 24143 return rc; 24144 } 24145 if (response_size != response.size()) { 24146 return TPM_RC_SIZE; 24147 } 24148 if (response_code != TPM_RC_SUCCESS) { 24149 return response_code; 24150 } 24151 TPM_CC command_code = TPM_CC_PCR_Read; 24152 std::string command_code_bytes; 24153 rc = Serialize_TPM_CC( 24154 command_code, 24155 &command_code_bytes); 24156 if (rc != TPM_RC_SUCCESS) { 24157 return rc; 24158 } 24159 std::string authorization_section_bytes; 24160 if (tag == TPM_ST_SESSIONS) { 24161 UINT32 parameter_section_size = buffer.size(); 24162 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 24163 if (rc != TPM_RC_SUCCESS) { 24164 return rc; 24165 } 24166 if (parameter_section_size > buffer.size()) { 24167 return TPM_RC_INSUFFICIENT; 24168 } 24169 authorization_section_bytes = buffer.substr(parameter_section_size); 24170 // Keep the parameter section in |buffer|. 24171 buffer.erase(parameter_section_size); 24172 } 24173 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 24174 crypto::SecureHash::SHA256)); 24175 hash->Update(response_code_bytes.data(), 24176 response_code_bytes.size()); 24177 hash->Update(command_code_bytes.data(), 24178 command_code_bytes.size()); 24179 hash->Update(buffer.data(), 24180 buffer.size()); 24181 std::string response_hash(32, 0); 24182 hash->Finish(string_as_array(&response_hash), response_hash.size()); 24183 if (tag == TPM_ST_SESSIONS) { 24184 CHECK(authorization_delegate) << "Authorization delegate missing!"; 24185 if (!authorization_delegate->CheckResponseAuthorization( 24186 response_hash, 24187 authorization_section_bytes)) { 24188 return TRUNKS_RC_AUTHORIZATION_FAILED; 24189 } 24190 } 24191 std::string pcr_update_counter_bytes; 24192 rc = Parse_UINT32( 24193 &buffer, 24194 pcr_update_counter, 24195 &pcr_update_counter_bytes); 24196 if (rc != TPM_RC_SUCCESS) { 24197 return rc; 24198 } 24199 std::string pcr_selection_out_bytes; 24200 rc = Parse_TPML_PCR_SELECTION( 24201 &buffer, 24202 pcr_selection_out, 24203 &pcr_selection_out_bytes); 24204 if (rc != TPM_RC_SUCCESS) { 24205 return rc; 24206 } 24207 std::string pcr_values_bytes; 24208 rc = Parse_TPML_DIGEST( 24209 &buffer, 24210 pcr_values, 24211 &pcr_values_bytes); 24212 if (rc != TPM_RC_SUCCESS) { 24213 return rc; 24214 } 24215 return TPM_RC_SUCCESS; 24216 } 24217 24218 void PCR_ReadErrorCallback( 24219 const Tpm::PCR_ReadResponse& callback, 24220 TPM_RC response_code) { 24221 VLOG(1) << __func__; 24222 callback.Run(response_code, 24223 UINT32(), 24224 TPML_PCR_SELECTION(), 24225 TPML_DIGEST()); 24226 } 24227 24228 void PCR_ReadResponseParser( 24229 const Tpm::PCR_ReadResponse& callback, 24230 AuthorizationDelegate* authorization_delegate, 24231 const std::string& response) { 24232 VLOG(1) << __func__; 24233 base::Callback<void(TPM_RC)> error_reporter = 24234 base::Bind(PCR_ReadErrorCallback, callback); 24235 UINT32 pcr_update_counter; 24236 TPML_PCR_SELECTION pcr_selection_out; 24237 TPML_DIGEST pcr_values; 24238 TPM_RC rc = Tpm::ParseResponse_PCR_Read( 24239 response, 24240 &pcr_update_counter, 24241 &pcr_selection_out, 24242 &pcr_values, 24243 authorization_delegate); 24244 if (rc != TPM_RC_SUCCESS) { 24245 error_reporter.Run(rc); 24246 return; 24247 } 24248 callback.Run( 24249 rc, 24250 pcr_update_counter, 24251 pcr_selection_out, 24252 pcr_values); 24253 } 24254 24255 void Tpm::PCR_Read( 24256 const TPML_PCR_SELECTION& pcr_selection_in, 24257 AuthorizationDelegate* authorization_delegate, 24258 const PCR_ReadResponse& callback) { 24259 VLOG(1) << __func__; 24260 base::Callback<void(TPM_RC)> error_reporter = 24261 base::Bind(PCR_ReadErrorCallback, callback); 24262 base::Callback<void(const std::string&)> parser = 24263 base::Bind(PCR_ReadResponseParser, 24264 callback, 24265 authorization_delegate); 24266 std::string command; 24267 TPM_RC rc = SerializeCommand_PCR_Read( 24268 pcr_selection_in, 24269 &command, 24270 authorization_delegate); 24271 if (rc != TPM_RC_SUCCESS) { 24272 error_reporter.Run(rc); 24273 return; 24274 } 24275 transceiver_->SendCommand(command, parser); 24276 } 24277 24278 TPM_RC Tpm::PCR_ReadSync( 24279 const TPML_PCR_SELECTION& pcr_selection_in, 24280 UINT32* pcr_update_counter, 24281 TPML_PCR_SELECTION* pcr_selection_out, 24282 TPML_DIGEST* pcr_values, 24283 AuthorizationDelegate* authorization_delegate) { 24284 VLOG(1) << __func__; 24285 std::string command; 24286 TPM_RC rc = SerializeCommand_PCR_Read( 24287 pcr_selection_in, 24288 &command, 24289 authorization_delegate); 24290 if (rc != TPM_RC_SUCCESS) { 24291 return rc; 24292 } 24293 std::string response = transceiver_->SendCommandAndWait(command); 24294 rc = ParseResponse_PCR_Read( 24295 response, 24296 pcr_update_counter, 24297 pcr_selection_out, 24298 pcr_values, 24299 authorization_delegate); 24300 return rc; 24301 } 24302 24303 TPM_RC Tpm::SerializeCommand_PCR_Allocate( 24304 const TPMI_RH_PLATFORM& auth_handle, 24305 const std::string& auth_handle_name, 24306 const TPML_PCR_SELECTION& pcr_allocation, 24307 std::string* serialized_command, 24308 AuthorizationDelegate* authorization_delegate) { 24309 VLOG(3) << __func__; 24310 TPM_RC rc = TPM_RC_SUCCESS; 24311 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 24312 UINT32 command_size = 10; // Header size. 24313 std::string handle_section_bytes; 24314 std::string parameter_section_bytes; 24315 TPM_CC command_code = TPM_CC_PCR_Allocate; 24316 bool is_command_parameter_encryption_possible = false; 24317 bool is_response_parameter_encryption_possible = false; 24318 std::string command_code_bytes; 24319 rc = Serialize_TPM_CC( 24320 command_code, 24321 &command_code_bytes); 24322 if (rc != TPM_RC_SUCCESS) { 24323 return rc; 24324 } 24325 std::string auth_handle_bytes; 24326 rc = Serialize_TPMI_RH_PLATFORM( 24327 auth_handle, 24328 &auth_handle_bytes); 24329 if (rc != TPM_RC_SUCCESS) { 24330 return rc; 24331 } 24332 std::string pcr_allocation_bytes; 24333 rc = Serialize_TPML_PCR_SELECTION( 24334 pcr_allocation, 24335 &pcr_allocation_bytes); 24336 if (rc != TPM_RC_SUCCESS) { 24337 return rc; 24338 } 24339 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 24340 crypto::SecureHash::SHA256)); 24341 hash->Update(command_code_bytes.data(), 24342 command_code_bytes.size()); 24343 hash->Update(auth_handle_name.data(), 24344 auth_handle_name.size()); 24345 handle_section_bytes += auth_handle_bytes; 24346 command_size += auth_handle_bytes.size(); 24347 hash->Update(pcr_allocation_bytes.data(), 24348 pcr_allocation_bytes.size()); 24349 parameter_section_bytes += pcr_allocation_bytes; 24350 command_size += pcr_allocation_bytes.size(); 24351 std::string command_hash(32, 0); 24352 hash->Finish(string_as_array(&command_hash), command_hash.size()); 24353 std::string authorization_section_bytes; 24354 std::string authorization_size_bytes; 24355 if (authorization_delegate) { 24356 if (!authorization_delegate->GetCommandAuthorization( 24357 command_hash, 24358 is_command_parameter_encryption_possible, 24359 is_response_parameter_encryption_possible, 24360 &authorization_section_bytes)) { 24361 return TRUNKS_RC_AUTHORIZATION_FAILED; 24362 } 24363 if (!authorization_section_bytes.empty()) { 24364 tag = TPM_ST_SESSIONS; 24365 std::string tmp; 24366 rc = Serialize_UINT32(authorization_section_bytes.size(), 24367 &authorization_size_bytes); 24368 if (rc != TPM_RC_SUCCESS) { 24369 return rc; 24370 } 24371 command_size += authorization_size_bytes.size() + 24372 authorization_section_bytes.size(); 24373 } 24374 } 24375 std::string tag_bytes; 24376 rc = Serialize_TPMI_ST_COMMAND_TAG( 24377 tag, 24378 &tag_bytes); 24379 if (rc != TPM_RC_SUCCESS) { 24380 return rc; 24381 } 24382 std::string command_size_bytes; 24383 rc = Serialize_UINT32( 24384 command_size, 24385 &command_size_bytes); 24386 if (rc != TPM_RC_SUCCESS) { 24387 return rc; 24388 } 24389 *serialized_command = tag_bytes + 24390 command_size_bytes + 24391 command_code_bytes + 24392 handle_section_bytes + 24393 authorization_size_bytes + 24394 authorization_section_bytes + 24395 parameter_section_bytes; 24396 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 24397 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 24398 serialized_command->size()); 24399 return TPM_RC_SUCCESS; 24400 } 24401 24402 TPM_RC Tpm::ParseResponse_PCR_Allocate( 24403 const std::string& response, 24404 TPMI_YES_NO* allocation_success, 24405 UINT32* max_pcr, 24406 UINT32* size_needed, 24407 UINT32* size_available, 24408 AuthorizationDelegate* authorization_delegate) { 24409 VLOG(3) << __func__; 24410 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 24411 TPM_RC rc = TPM_RC_SUCCESS; 24412 std::string buffer(response); 24413 TPM_ST tag; 24414 std::string tag_bytes; 24415 rc = Parse_TPM_ST( 24416 &buffer, 24417 &tag, 24418 &tag_bytes); 24419 if (rc != TPM_RC_SUCCESS) { 24420 return rc; 24421 } 24422 UINT32 response_size; 24423 std::string response_size_bytes; 24424 rc = Parse_UINT32( 24425 &buffer, 24426 &response_size, 24427 &response_size_bytes); 24428 if (rc != TPM_RC_SUCCESS) { 24429 return rc; 24430 } 24431 TPM_RC response_code; 24432 std::string response_code_bytes; 24433 rc = Parse_TPM_RC( 24434 &buffer, 24435 &response_code, 24436 &response_code_bytes); 24437 if (rc != TPM_RC_SUCCESS) { 24438 return rc; 24439 } 24440 if (response_size != response.size()) { 24441 return TPM_RC_SIZE; 24442 } 24443 if (response_code != TPM_RC_SUCCESS) { 24444 return response_code; 24445 } 24446 TPM_CC command_code = TPM_CC_PCR_Allocate; 24447 std::string command_code_bytes; 24448 rc = Serialize_TPM_CC( 24449 command_code, 24450 &command_code_bytes); 24451 if (rc != TPM_RC_SUCCESS) { 24452 return rc; 24453 } 24454 std::string authorization_section_bytes; 24455 if (tag == TPM_ST_SESSIONS) { 24456 UINT32 parameter_section_size = buffer.size(); 24457 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 24458 if (rc != TPM_RC_SUCCESS) { 24459 return rc; 24460 } 24461 if (parameter_section_size > buffer.size()) { 24462 return TPM_RC_INSUFFICIENT; 24463 } 24464 authorization_section_bytes = buffer.substr(parameter_section_size); 24465 // Keep the parameter section in |buffer|. 24466 buffer.erase(parameter_section_size); 24467 } 24468 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 24469 crypto::SecureHash::SHA256)); 24470 hash->Update(response_code_bytes.data(), 24471 response_code_bytes.size()); 24472 hash->Update(command_code_bytes.data(), 24473 command_code_bytes.size()); 24474 hash->Update(buffer.data(), 24475 buffer.size()); 24476 std::string response_hash(32, 0); 24477 hash->Finish(string_as_array(&response_hash), response_hash.size()); 24478 if (tag == TPM_ST_SESSIONS) { 24479 CHECK(authorization_delegate) << "Authorization delegate missing!"; 24480 if (!authorization_delegate->CheckResponseAuthorization( 24481 response_hash, 24482 authorization_section_bytes)) { 24483 return TRUNKS_RC_AUTHORIZATION_FAILED; 24484 } 24485 } 24486 std::string allocation_success_bytes; 24487 rc = Parse_TPMI_YES_NO( 24488 &buffer, 24489 allocation_success, 24490 &allocation_success_bytes); 24491 if (rc != TPM_RC_SUCCESS) { 24492 return rc; 24493 } 24494 std::string max_pcr_bytes; 24495 rc = Parse_UINT32( 24496 &buffer, 24497 max_pcr, 24498 &max_pcr_bytes); 24499 if (rc != TPM_RC_SUCCESS) { 24500 return rc; 24501 } 24502 std::string size_needed_bytes; 24503 rc = Parse_UINT32( 24504 &buffer, 24505 size_needed, 24506 &size_needed_bytes); 24507 if (rc != TPM_RC_SUCCESS) { 24508 return rc; 24509 } 24510 std::string size_available_bytes; 24511 rc = Parse_UINT32( 24512 &buffer, 24513 size_available, 24514 &size_available_bytes); 24515 if (rc != TPM_RC_SUCCESS) { 24516 return rc; 24517 } 24518 return TPM_RC_SUCCESS; 24519 } 24520 24521 void PCR_AllocateErrorCallback( 24522 const Tpm::PCR_AllocateResponse& callback, 24523 TPM_RC response_code) { 24524 VLOG(1) << __func__; 24525 callback.Run(response_code, 24526 TPMI_YES_NO(), 24527 UINT32(), 24528 UINT32(), 24529 UINT32()); 24530 } 24531 24532 void PCR_AllocateResponseParser( 24533 const Tpm::PCR_AllocateResponse& callback, 24534 AuthorizationDelegate* authorization_delegate, 24535 const std::string& response) { 24536 VLOG(1) << __func__; 24537 base::Callback<void(TPM_RC)> error_reporter = 24538 base::Bind(PCR_AllocateErrorCallback, callback); 24539 TPMI_YES_NO allocation_success; 24540 UINT32 max_pcr; 24541 UINT32 size_needed; 24542 UINT32 size_available; 24543 TPM_RC rc = Tpm::ParseResponse_PCR_Allocate( 24544 response, 24545 &allocation_success, 24546 &max_pcr, 24547 &size_needed, 24548 &size_available, 24549 authorization_delegate); 24550 if (rc != TPM_RC_SUCCESS) { 24551 error_reporter.Run(rc); 24552 return; 24553 } 24554 callback.Run( 24555 rc, 24556 allocation_success, 24557 max_pcr, 24558 size_needed, 24559 size_available); 24560 } 24561 24562 void Tpm::PCR_Allocate( 24563 const TPMI_RH_PLATFORM& auth_handle, 24564 const std::string& auth_handle_name, 24565 const TPML_PCR_SELECTION& pcr_allocation, 24566 AuthorizationDelegate* authorization_delegate, 24567 const PCR_AllocateResponse& callback) { 24568 VLOG(1) << __func__; 24569 base::Callback<void(TPM_RC)> error_reporter = 24570 base::Bind(PCR_AllocateErrorCallback, callback); 24571 base::Callback<void(const std::string&)> parser = 24572 base::Bind(PCR_AllocateResponseParser, 24573 callback, 24574 authorization_delegate); 24575 std::string command; 24576 TPM_RC rc = SerializeCommand_PCR_Allocate( 24577 auth_handle, 24578 auth_handle_name, 24579 pcr_allocation, 24580 &command, 24581 authorization_delegate); 24582 if (rc != TPM_RC_SUCCESS) { 24583 error_reporter.Run(rc); 24584 return; 24585 } 24586 transceiver_->SendCommand(command, parser); 24587 } 24588 24589 TPM_RC Tpm::PCR_AllocateSync( 24590 const TPMI_RH_PLATFORM& auth_handle, 24591 const std::string& auth_handle_name, 24592 const TPML_PCR_SELECTION& pcr_allocation, 24593 TPMI_YES_NO* allocation_success, 24594 UINT32* max_pcr, 24595 UINT32* size_needed, 24596 UINT32* size_available, 24597 AuthorizationDelegate* authorization_delegate) { 24598 VLOG(1) << __func__; 24599 std::string command; 24600 TPM_RC rc = SerializeCommand_PCR_Allocate( 24601 auth_handle, 24602 auth_handle_name, 24603 pcr_allocation, 24604 &command, 24605 authorization_delegate); 24606 if (rc != TPM_RC_SUCCESS) { 24607 return rc; 24608 } 24609 std::string response = transceiver_->SendCommandAndWait(command); 24610 rc = ParseResponse_PCR_Allocate( 24611 response, 24612 allocation_success, 24613 max_pcr, 24614 size_needed, 24615 size_available, 24616 authorization_delegate); 24617 return rc; 24618 } 24619 24620 TPM_RC Tpm::SerializeCommand_PCR_SetAuthPolicy( 24621 const TPMI_RH_PLATFORM& auth_handle, 24622 const std::string& auth_handle_name, 24623 const TPMI_DH_PCR& pcr_num, 24624 const std::string& pcr_num_name, 24625 const TPM2B_DIGEST& auth_policy, 24626 const TPMI_ALG_HASH& policy_digest, 24627 std::string* serialized_command, 24628 AuthorizationDelegate* authorization_delegate) { 24629 VLOG(3) << __func__; 24630 TPM_RC rc = TPM_RC_SUCCESS; 24631 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 24632 UINT32 command_size = 10; // Header size. 24633 std::string handle_section_bytes; 24634 std::string parameter_section_bytes; 24635 TPM_CC command_code = TPM_CC_PCR_SetAuthPolicy; 24636 bool is_command_parameter_encryption_possible = true; 24637 bool is_response_parameter_encryption_possible = false; 24638 std::string command_code_bytes; 24639 rc = Serialize_TPM_CC( 24640 command_code, 24641 &command_code_bytes); 24642 if (rc != TPM_RC_SUCCESS) { 24643 return rc; 24644 } 24645 std::string auth_handle_bytes; 24646 rc = Serialize_TPMI_RH_PLATFORM( 24647 auth_handle, 24648 &auth_handle_bytes); 24649 if (rc != TPM_RC_SUCCESS) { 24650 return rc; 24651 } 24652 std::string auth_policy_bytes; 24653 rc = Serialize_TPM2B_DIGEST( 24654 auth_policy, 24655 &auth_policy_bytes); 24656 if (rc != TPM_RC_SUCCESS) { 24657 return rc; 24658 } 24659 std::string policy_digest_bytes; 24660 rc = Serialize_TPMI_ALG_HASH( 24661 policy_digest, 24662 &policy_digest_bytes); 24663 if (rc != TPM_RC_SUCCESS) { 24664 return rc; 24665 } 24666 std::string pcr_num_bytes; 24667 rc = Serialize_TPMI_DH_PCR( 24668 pcr_num, 24669 &pcr_num_bytes); 24670 if (rc != TPM_RC_SUCCESS) { 24671 return rc; 24672 } 24673 if (authorization_delegate) { 24674 // Encrypt just the parameter data, not the size. 24675 std::string tmp = auth_policy_bytes.substr(2); 24676 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 24677 return TRUNKS_RC_ENCRYPTION_FAILED; 24678 } 24679 auth_policy_bytes.replace(2, std::string::npos, tmp); 24680 } 24681 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 24682 crypto::SecureHash::SHA256)); 24683 hash->Update(command_code_bytes.data(), 24684 command_code_bytes.size()); 24685 hash->Update(auth_handle_name.data(), 24686 auth_handle_name.size()); 24687 handle_section_bytes += auth_handle_bytes; 24688 command_size += auth_handle_bytes.size(); 24689 hash->Update(pcr_num_name.data(), 24690 pcr_num_name.size()); 24691 handle_section_bytes += pcr_num_bytes; 24692 command_size += pcr_num_bytes.size(); 24693 hash->Update(auth_policy_bytes.data(), 24694 auth_policy_bytes.size()); 24695 parameter_section_bytes += auth_policy_bytes; 24696 command_size += auth_policy_bytes.size(); 24697 hash->Update(policy_digest_bytes.data(), 24698 policy_digest_bytes.size()); 24699 parameter_section_bytes += policy_digest_bytes; 24700 command_size += policy_digest_bytes.size(); 24701 std::string command_hash(32, 0); 24702 hash->Finish(string_as_array(&command_hash), command_hash.size()); 24703 std::string authorization_section_bytes; 24704 std::string authorization_size_bytes; 24705 if (authorization_delegate) { 24706 if (!authorization_delegate->GetCommandAuthorization( 24707 command_hash, 24708 is_command_parameter_encryption_possible, 24709 is_response_parameter_encryption_possible, 24710 &authorization_section_bytes)) { 24711 return TRUNKS_RC_AUTHORIZATION_FAILED; 24712 } 24713 if (!authorization_section_bytes.empty()) { 24714 tag = TPM_ST_SESSIONS; 24715 std::string tmp; 24716 rc = Serialize_UINT32(authorization_section_bytes.size(), 24717 &authorization_size_bytes); 24718 if (rc != TPM_RC_SUCCESS) { 24719 return rc; 24720 } 24721 command_size += authorization_size_bytes.size() + 24722 authorization_section_bytes.size(); 24723 } 24724 } 24725 std::string tag_bytes; 24726 rc = Serialize_TPMI_ST_COMMAND_TAG( 24727 tag, 24728 &tag_bytes); 24729 if (rc != TPM_RC_SUCCESS) { 24730 return rc; 24731 } 24732 std::string command_size_bytes; 24733 rc = Serialize_UINT32( 24734 command_size, 24735 &command_size_bytes); 24736 if (rc != TPM_RC_SUCCESS) { 24737 return rc; 24738 } 24739 *serialized_command = tag_bytes + 24740 command_size_bytes + 24741 command_code_bytes + 24742 handle_section_bytes + 24743 authorization_size_bytes + 24744 authorization_section_bytes + 24745 parameter_section_bytes; 24746 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 24747 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 24748 serialized_command->size()); 24749 return TPM_RC_SUCCESS; 24750 } 24751 24752 TPM_RC Tpm::ParseResponse_PCR_SetAuthPolicy( 24753 const std::string& response, 24754 AuthorizationDelegate* authorization_delegate) { 24755 VLOG(3) << __func__; 24756 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 24757 TPM_RC rc = TPM_RC_SUCCESS; 24758 std::string buffer(response); 24759 TPM_ST tag; 24760 std::string tag_bytes; 24761 rc = Parse_TPM_ST( 24762 &buffer, 24763 &tag, 24764 &tag_bytes); 24765 if (rc != TPM_RC_SUCCESS) { 24766 return rc; 24767 } 24768 UINT32 response_size; 24769 std::string response_size_bytes; 24770 rc = Parse_UINT32( 24771 &buffer, 24772 &response_size, 24773 &response_size_bytes); 24774 if (rc != TPM_RC_SUCCESS) { 24775 return rc; 24776 } 24777 TPM_RC response_code; 24778 std::string response_code_bytes; 24779 rc = Parse_TPM_RC( 24780 &buffer, 24781 &response_code, 24782 &response_code_bytes); 24783 if (rc != TPM_RC_SUCCESS) { 24784 return rc; 24785 } 24786 if (response_size != response.size()) { 24787 return TPM_RC_SIZE; 24788 } 24789 if (response_code != TPM_RC_SUCCESS) { 24790 return response_code; 24791 } 24792 TPM_CC command_code = TPM_CC_PCR_SetAuthPolicy; 24793 std::string command_code_bytes; 24794 rc = Serialize_TPM_CC( 24795 command_code, 24796 &command_code_bytes); 24797 if (rc != TPM_RC_SUCCESS) { 24798 return rc; 24799 } 24800 std::string authorization_section_bytes; 24801 if (tag == TPM_ST_SESSIONS) { 24802 UINT32 parameter_section_size = buffer.size(); 24803 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 24804 if (rc != TPM_RC_SUCCESS) { 24805 return rc; 24806 } 24807 if (parameter_section_size > buffer.size()) { 24808 return TPM_RC_INSUFFICIENT; 24809 } 24810 authorization_section_bytes = buffer.substr(parameter_section_size); 24811 // Keep the parameter section in |buffer|. 24812 buffer.erase(parameter_section_size); 24813 } 24814 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 24815 crypto::SecureHash::SHA256)); 24816 hash->Update(response_code_bytes.data(), 24817 response_code_bytes.size()); 24818 hash->Update(command_code_bytes.data(), 24819 command_code_bytes.size()); 24820 hash->Update(buffer.data(), 24821 buffer.size()); 24822 std::string response_hash(32, 0); 24823 hash->Finish(string_as_array(&response_hash), response_hash.size()); 24824 if (tag == TPM_ST_SESSIONS) { 24825 CHECK(authorization_delegate) << "Authorization delegate missing!"; 24826 if (!authorization_delegate->CheckResponseAuthorization( 24827 response_hash, 24828 authorization_section_bytes)) { 24829 return TRUNKS_RC_AUTHORIZATION_FAILED; 24830 } 24831 } 24832 return TPM_RC_SUCCESS; 24833 } 24834 24835 void PCR_SetAuthPolicyErrorCallback( 24836 const Tpm::PCR_SetAuthPolicyResponse& callback, 24837 TPM_RC response_code) { 24838 VLOG(1) << __func__; 24839 callback.Run(response_code); 24840 } 24841 24842 void PCR_SetAuthPolicyResponseParser( 24843 const Tpm::PCR_SetAuthPolicyResponse& callback, 24844 AuthorizationDelegate* authorization_delegate, 24845 const std::string& response) { 24846 VLOG(1) << __func__; 24847 base::Callback<void(TPM_RC)> error_reporter = 24848 base::Bind(PCR_SetAuthPolicyErrorCallback, callback); 24849 TPM_RC rc = Tpm::ParseResponse_PCR_SetAuthPolicy( 24850 response, 24851 authorization_delegate); 24852 if (rc != TPM_RC_SUCCESS) { 24853 error_reporter.Run(rc); 24854 return; 24855 } 24856 callback.Run( 24857 rc); 24858 } 24859 24860 void Tpm::PCR_SetAuthPolicy( 24861 const TPMI_RH_PLATFORM& auth_handle, 24862 const std::string& auth_handle_name, 24863 const TPMI_DH_PCR& pcr_num, 24864 const std::string& pcr_num_name, 24865 const TPM2B_DIGEST& auth_policy, 24866 const TPMI_ALG_HASH& policy_digest, 24867 AuthorizationDelegate* authorization_delegate, 24868 const PCR_SetAuthPolicyResponse& callback) { 24869 VLOG(1) << __func__; 24870 base::Callback<void(TPM_RC)> error_reporter = 24871 base::Bind(PCR_SetAuthPolicyErrorCallback, callback); 24872 base::Callback<void(const std::string&)> parser = 24873 base::Bind(PCR_SetAuthPolicyResponseParser, 24874 callback, 24875 authorization_delegate); 24876 std::string command; 24877 TPM_RC rc = SerializeCommand_PCR_SetAuthPolicy( 24878 auth_handle, 24879 auth_handle_name, 24880 pcr_num, 24881 pcr_num_name, 24882 auth_policy, 24883 policy_digest, 24884 &command, 24885 authorization_delegate); 24886 if (rc != TPM_RC_SUCCESS) { 24887 error_reporter.Run(rc); 24888 return; 24889 } 24890 transceiver_->SendCommand(command, parser); 24891 } 24892 24893 TPM_RC Tpm::PCR_SetAuthPolicySync( 24894 const TPMI_RH_PLATFORM& auth_handle, 24895 const std::string& auth_handle_name, 24896 const TPMI_DH_PCR& pcr_num, 24897 const std::string& pcr_num_name, 24898 const TPM2B_DIGEST& auth_policy, 24899 const TPMI_ALG_HASH& policy_digest, 24900 AuthorizationDelegate* authorization_delegate) { 24901 VLOG(1) << __func__; 24902 std::string command; 24903 TPM_RC rc = SerializeCommand_PCR_SetAuthPolicy( 24904 auth_handle, 24905 auth_handle_name, 24906 pcr_num, 24907 pcr_num_name, 24908 auth_policy, 24909 policy_digest, 24910 &command, 24911 authorization_delegate); 24912 if (rc != TPM_RC_SUCCESS) { 24913 return rc; 24914 } 24915 std::string response = transceiver_->SendCommandAndWait(command); 24916 rc = ParseResponse_PCR_SetAuthPolicy( 24917 response, 24918 authorization_delegate); 24919 return rc; 24920 } 24921 24922 TPM_RC Tpm::SerializeCommand_PCR_SetAuthValue( 24923 const TPMI_DH_PCR& pcr_handle, 24924 const std::string& pcr_handle_name, 24925 const TPM2B_DIGEST& auth, 24926 std::string* serialized_command, 24927 AuthorizationDelegate* authorization_delegate) { 24928 VLOG(3) << __func__; 24929 TPM_RC rc = TPM_RC_SUCCESS; 24930 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 24931 UINT32 command_size = 10; // Header size. 24932 std::string handle_section_bytes; 24933 std::string parameter_section_bytes; 24934 TPM_CC command_code = TPM_CC_PCR_SetAuthValue; 24935 bool is_command_parameter_encryption_possible = true; 24936 bool is_response_parameter_encryption_possible = false; 24937 std::string command_code_bytes; 24938 rc = Serialize_TPM_CC( 24939 command_code, 24940 &command_code_bytes); 24941 if (rc != TPM_RC_SUCCESS) { 24942 return rc; 24943 } 24944 std::string pcr_handle_bytes; 24945 rc = Serialize_TPMI_DH_PCR( 24946 pcr_handle, 24947 &pcr_handle_bytes); 24948 if (rc != TPM_RC_SUCCESS) { 24949 return rc; 24950 } 24951 std::string auth_bytes; 24952 rc = Serialize_TPM2B_DIGEST( 24953 auth, 24954 &auth_bytes); 24955 if (rc != TPM_RC_SUCCESS) { 24956 return rc; 24957 } 24958 if (authorization_delegate) { 24959 // Encrypt just the parameter data, not the size. 24960 std::string tmp = auth_bytes.substr(2); 24961 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 24962 return TRUNKS_RC_ENCRYPTION_FAILED; 24963 } 24964 auth_bytes.replace(2, std::string::npos, tmp); 24965 } 24966 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 24967 crypto::SecureHash::SHA256)); 24968 hash->Update(command_code_bytes.data(), 24969 command_code_bytes.size()); 24970 hash->Update(pcr_handle_name.data(), 24971 pcr_handle_name.size()); 24972 handle_section_bytes += pcr_handle_bytes; 24973 command_size += pcr_handle_bytes.size(); 24974 hash->Update(auth_bytes.data(), 24975 auth_bytes.size()); 24976 parameter_section_bytes += auth_bytes; 24977 command_size += auth_bytes.size(); 24978 std::string command_hash(32, 0); 24979 hash->Finish(string_as_array(&command_hash), command_hash.size()); 24980 std::string authorization_section_bytes; 24981 std::string authorization_size_bytes; 24982 if (authorization_delegate) { 24983 if (!authorization_delegate->GetCommandAuthorization( 24984 command_hash, 24985 is_command_parameter_encryption_possible, 24986 is_response_parameter_encryption_possible, 24987 &authorization_section_bytes)) { 24988 return TRUNKS_RC_AUTHORIZATION_FAILED; 24989 } 24990 if (!authorization_section_bytes.empty()) { 24991 tag = TPM_ST_SESSIONS; 24992 std::string tmp; 24993 rc = Serialize_UINT32(authorization_section_bytes.size(), 24994 &authorization_size_bytes); 24995 if (rc != TPM_RC_SUCCESS) { 24996 return rc; 24997 } 24998 command_size += authorization_size_bytes.size() + 24999 authorization_section_bytes.size(); 25000 } 25001 } 25002 std::string tag_bytes; 25003 rc = Serialize_TPMI_ST_COMMAND_TAG( 25004 tag, 25005 &tag_bytes); 25006 if (rc != TPM_RC_SUCCESS) { 25007 return rc; 25008 } 25009 std::string command_size_bytes; 25010 rc = Serialize_UINT32( 25011 command_size, 25012 &command_size_bytes); 25013 if (rc != TPM_RC_SUCCESS) { 25014 return rc; 25015 } 25016 *serialized_command = tag_bytes + 25017 command_size_bytes + 25018 command_code_bytes + 25019 handle_section_bytes + 25020 authorization_size_bytes + 25021 authorization_section_bytes + 25022 parameter_section_bytes; 25023 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 25024 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 25025 serialized_command->size()); 25026 return TPM_RC_SUCCESS; 25027 } 25028 25029 TPM_RC Tpm::ParseResponse_PCR_SetAuthValue( 25030 const std::string& response, 25031 AuthorizationDelegate* authorization_delegate) { 25032 VLOG(3) << __func__; 25033 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 25034 TPM_RC rc = TPM_RC_SUCCESS; 25035 std::string buffer(response); 25036 TPM_ST tag; 25037 std::string tag_bytes; 25038 rc = Parse_TPM_ST( 25039 &buffer, 25040 &tag, 25041 &tag_bytes); 25042 if (rc != TPM_RC_SUCCESS) { 25043 return rc; 25044 } 25045 UINT32 response_size; 25046 std::string response_size_bytes; 25047 rc = Parse_UINT32( 25048 &buffer, 25049 &response_size, 25050 &response_size_bytes); 25051 if (rc != TPM_RC_SUCCESS) { 25052 return rc; 25053 } 25054 TPM_RC response_code; 25055 std::string response_code_bytes; 25056 rc = Parse_TPM_RC( 25057 &buffer, 25058 &response_code, 25059 &response_code_bytes); 25060 if (rc != TPM_RC_SUCCESS) { 25061 return rc; 25062 } 25063 if (response_size != response.size()) { 25064 return TPM_RC_SIZE; 25065 } 25066 if (response_code != TPM_RC_SUCCESS) { 25067 return response_code; 25068 } 25069 TPM_CC command_code = TPM_CC_PCR_SetAuthValue; 25070 std::string command_code_bytes; 25071 rc = Serialize_TPM_CC( 25072 command_code, 25073 &command_code_bytes); 25074 if (rc != TPM_RC_SUCCESS) { 25075 return rc; 25076 } 25077 std::string authorization_section_bytes; 25078 if (tag == TPM_ST_SESSIONS) { 25079 UINT32 parameter_section_size = buffer.size(); 25080 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 25081 if (rc != TPM_RC_SUCCESS) { 25082 return rc; 25083 } 25084 if (parameter_section_size > buffer.size()) { 25085 return TPM_RC_INSUFFICIENT; 25086 } 25087 authorization_section_bytes = buffer.substr(parameter_section_size); 25088 // Keep the parameter section in |buffer|. 25089 buffer.erase(parameter_section_size); 25090 } 25091 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 25092 crypto::SecureHash::SHA256)); 25093 hash->Update(response_code_bytes.data(), 25094 response_code_bytes.size()); 25095 hash->Update(command_code_bytes.data(), 25096 command_code_bytes.size()); 25097 hash->Update(buffer.data(), 25098 buffer.size()); 25099 std::string response_hash(32, 0); 25100 hash->Finish(string_as_array(&response_hash), response_hash.size()); 25101 if (tag == TPM_ST_SESSIONS) { 25102 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25103 if (!authorization_delegate->CheckResponseAuthorization( 25104 response_hash, 25105 authorization_section_bytes)) { 25106 return TRUNKS_RC_AUTHORIZATION_FAILED; 25107 } 25108 } 25109 return TPM_RC_SUCCESS; 25110 } 25111 25112 void PCR_SetAuthValueErrorCallback( 25113 const Tpm::PCR_SetAuthValueResponse& callback, 25114 TPM_RC response_code) { 25115 VLOG(1) << __func__; 25116 callback.Run(response_code); 25117 } 25118 25119 void PCR_SetAuthValueResponseParser( 25120 const Tpm::PCR_SetAuthValueResponse& callback, 25121 AuthorizationDelegate* authorization_delegate, 25122 const std::string& response) { 25123 VLOG(1) << __func__; 25124 base::Callback<void(TPM_RC)> error_reporter = 25125 base::Bind(PCR_SetAuthValueErrorCallback, callback); 25126 TPM_RC rc = Tpm::ParseResponse_PCR_SetAuthValue( 25127 response, 25128 authorization_delegate); 25129 if (rc != TPM_RC_SUCCESS) { 25130 error_reporter.Run(rc); 25131 return; 25132 } 25133 callback.Run( 25134 rc); 25135 } 25136 25137 void Tpm::PCR_SetAuthValue( 25138 const TPMI_DH_PCR& pcr_handle, 25139 const std::string& pcr_handle_name, 25140 const TPM2B_DIGEST& auth, 25141 AuthorizationDelegate* authorization_delegate, 25142 const PCR_SetAuthValueResponse& callback) { 25143 VLOG(1) << __func__; 25144 base::Callback<void(TPM_RC)> error_reporter = 25145 base::Bind(PCR_SetAuthValueErrorCallback, callback); 25146 base::Callback<void(const std::string&)> parser = 25147 base::Bind(PCR_SetAuthValueResponseParser, 25148 callback, 25149 authorization_delegate); 25150 std::string command; 25151 TPM_RC rc = SerializeCommand_PCR_SetAuthValue( 25152 pcr_handle, 25153 pcr_handle_name, 25154 auth, 25155 &command, 25156 authorization_delegate); 25157 if (rc != TPM_RC_SUCCESS) { 25158 error_reporter.Run(rc); 25159 return; 25160 } 25161 transceiver_->SendCommand(command, parser); 25162 } 25163 25164 TPM_RC Tpm::PCR_SetAuthValueSync( 25165 const TPMI_DH_PCR& pcr_handle, 25166 const std::string& pcr_handle_name, 25167 const TPM2B_DIGEST& auth, 25168 AuthorizationDelegate* authorization_delegate) { 25169 VLOG(1) << __func__; 25170 std::string command; 25171 TPM_RC rc = SerializeCommand_PCR_SetAuthValue( 25172 pcr_handle, 25173 pcr_handle_name, 25174 auth, 25175 &command, 25176 authorization_delegate); 25177 if (rc != TPM_RC_SUCCESS) { 25178 return rc; 25179 } 25180 std::string response = transceiver_->SendCommandAndWait(command); 25181 rc = ParseResponse_PCR_SetAuthValue( 25182 response, 25183 authorization_delegate); 25184 return rc; 25185 } 25186 25187 TPM_RC Tpm::SerializeCommand_PCR_Reset( 25188 const TPMI_DH_PCR& pcr_handle, 25189 const std::string& pcr_handle_name, 25190 std::string* serialized_command, 25191 AuthorizationDelegate* authorization_delegate) { 25192 VLOG(3) << __func__; 25193 TPM_RC rc = TPM_RC_SUCCESS; 25194 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 25195 UINT32 command_size = 10; // Header size. 25196 std::string handle_section_bytes; 25197 std::string parameter_section_bytes; 25198 TPM_CC command_code = TPM_CC_PCR_Reset; 25199 bool is_command_parameter_encryption_possible = false; 25200 bool is_response_parameter_encryption_possible = false; 25201 std::string command_code_bytes; 25202 rc = Serialize_TPM_CC( 25203 command_code, 25204 &command_code_bytes); 25205 if (rc != TPM_RC_SUCCESS) { 25206 return rc; 25207 } 25208 std::string pcr_handle_bytes; 25209 rc = Serialize_TPMI_DH_PCR( 25210 pcr_handle, 25211 &pcr_handle_bytes); 25212 if (rc != TPM_RC_SUCCESS) { 25213 return rc; 25214 } 25215 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 25216 crypto::SecureHash::SHA256)); 25217 hash->Update(command_code_bytes.data(), 25218 command_code_bytes.size()); 25219 hash->Update(pcr_handle_name.data(), 25220 pcr_handle_name.size()); 25221 handle_section_bytes += pcr_handle_bytes; 25222 command_size += pcr_handle_bytes.size(); 25223 std::string command_hash(32, 0); 25224 hash->Finish(string_as_array(&command_hash), command_hash.size()); 25225 std::string authorization_section_bytes; 25226 std::string authorization_size_bytes; 25227 if (authorization_delegate) { 25228 if (!authorization_delegate->GetCommandAuthorization( 25229 command_hash, 25230 is_command_parameter_encryption_possible, 25231 is_response_parameter_encryption_possible, 25232 &authorization_section_bytes)) { 25233 return TRUNKS_RC_AUTHORIZATION_FAILED; 25234 } 25235 if (!authorization_section_bytes.empty()) { 25236 tag = TPM_ST_SESSIONS; 25237 std::string tmp; 25238 rc = Serialize_UINT32(authorization_section_bytes.size(), 25239 &authorization_size_bytes); 25240 if (rc != TPM_RC_SUCCESS) { 25241 return rc; 25242 } 25243 command_size += authorization_size_bytes.size() + 25244 authorization_section_bytes.size(); 25245 } 25246 } 25247 std::string tag_bytes; 25248 rc = Serialize_TPMI_ST_COMMAND_TAG( 25249 tag, 25250 &tag_bytes); 25251 if (rc != TPM_RC_SUCCESS) { 25252 return rc; 25253 } 25254 std::string command_size_bytes; 25255 rc = Serialize_UINT32( 25256 command_size, 25257 &command_size_bytes); 25258 if (rc != TPM_RC_SUCCESS) { 25259 return rc; 25260 } 25261 *serialized_command = tag_bytes + 25262 command_size_bytes + 25263 command_code_bytes + 25264 handle_section_bytes + 25265 authorization_size_bytes + 25266 authorization_section_bytes + 25267 parameter_section_bytes; 25268 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 25269 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 25270 serialized_command->size()); 25271 return TPM_RC_SUCCESS; 25272 } 25273 25274 TPM_RC Tpm::ParseResponse_PCR_Reset( 25275 const std::string& response, 25276 AuthorizationDelegate* authorization_delegate) { 25277 VLOG(3) << __func__; 25278 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 25279 TPM_RC rc = TPM_RC_SUCCESS; 25280 std::string buffer(response); 25281 TPM_ST tag; 25282 std::string tag_bytes; 25283 rc = Parse_TPM_ST( 25284 &buffer, 25285 &tag, 25286 &tag_bytes); 25287 if (rc != TPM_RC_SUCCESS) { 25288 return rc; 25289 } 25290 UINT32 response_size; 25291 std::string response_size_bytes; 25292 rc = Parse_UINT32( 25293 &buffer, 25294 &response_size, 25295 &response_size_bytes); 25296 if (rc != TPM_RC_SUCCESS) { 25297 return rc; 25298 } 25299 TPM_RC response_code; 25300 std::string response_code_bytes; 25301 rc = Parse_TPM_RC( 25302 &buffer, 25303 &response_code, 25304 &response_code_bytes); 25305 if (rc != TPM_RC_SUCCESS) { 25306 return rc; 25307 } 25308 if (response_size != response.size()) { 25309 return TPM_RC_SIZE; 25310 } 25311 if (response_code != TPM_RC_SUCCESS) { 25312 return response_code; 25313 } 25314 TPM_CC command_code = TPM_CC_PCR_Reset; 25315 std::string command_code_bytes; 25316 rc = Serialize_TPM_CC( 25317 command_code, 25318 &command_code_bytes); 25319 if (rc != TPM_RC_SUCCESS) { 25320 return rc; 25321 } 25322 std::string authorization_section_bytes; 25323 if (tag == TPM_ST_SESSIONS) { 25324 UINT32 parameter_section_size = buffer.size(); 25325 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 25326 if (rc != TPM_RC_SUCCESS) { 25327 return rc; 25328 } 25329 if (parameter_section_size > buffer.size()) { 25330 return TPM_RC_INSUFFICIENT; 25331 } 25332 authorization_section_bytes = buffer.substr(parameter_section_size); 25333 // Keep the parameter section in |buffer|. 25334 buffer.erase(parameter_section_size); 25335 } 25336 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 25337 crypto::SecureHash::SHA256)); 25338 hash->Update(response_code_bytes.data(), 25339 response_code_bytes.size()); 25340 hash->Update(command_code_bytes.data(), 25341 command_code_bytes.size()); 25342 hash->Update(buffer.data(), 25343 buffer.size()); 25344 std::string response_hash(32, 0); 25345 hash->Finish(string_as_array(&response_hash), response_hash.size()); 25346 if (tag == TPM_ST_SESSIONS) { 25347 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25348 if (!authorization_delegate->CheckResponseAuthorization( 25349 response_hash, 25350 authorization_section_bytes)) { 25351 return TRUNKS_RC_AUTHORIZATION_FAILED; 25352 } 25353 } 25354 return TPM_RC_SUCCESS; 25355 } 25356 25357 void PCR_ResetErrorCallback( 25358 const Tpm::PCR_ResetResponse& callback, 25359 TPM_RC response_code) { 25360 VLOG(1) << __func__; 25361 callback.Run(response_code); 25362 } 25363 25364 void PCR_ResetResponseParser( 25365 const Tpm::PCR_ResetResponse& callback, 25366 AuthorizationDelegate* authorization_delegate, 25367 const std::string& response) { 25368 VLOG(1) << __func__; 25369 base::Callback<void(TPM_RC)> error_reporter = 25370 base::Bind(PCR_ResetErrorCallback, callback); 25371 TPM_RC rc = Tpm::ParseResponse_PCR_Reset( 25372 response, 25373 authorization_delegate); 25374 if (rc != TPM_RC_SUCCESS) { 25375 error_reporter.Run(rc); 25376 return; 25377 } 25378 callback.Run( 25379 rc); 25380 } 25381 25382 void Tpm::PCR_Reset( 25383 const TPMI_DH_PCR& pcr_handle, 25384 const std::string& pcr_handle_name, 25385 AuthorizationDelegate* authorization_delegate, 25386 const PCR_ResetResponse& callback) { 25387 VLOG(1) << __func__; 25388 base::Callback<void(TPM_RC)> error_reporter = 25389 base::Bind(PCR_ResetErrorCallback, callback); 25390 base::Callback<void(const std::string&)> parser = 25391 base::Bind(PCR_ResetResponseParser, 25392 callback, 25393 authorization_delegate); 25394 std::string command; 25395 TPM_RC rc = SerializeCommand_PCR_Reset( 25396 pcr_handle, 25397 pcr_handle_name, 25398 &command, 25399 authorization_delegate); 25400 if (rc != TPM_RC_SUCCESS) { 25401 error_reporter.Run(rc); 25402 return; 25403 } 25404 transceiver_->SendCommand(command, parser); 25405 } 25406 25407 TPM_RC Tpm::PCR_ResetSync( 25408 const TPMI_DH_PCR& pcr_handle, 25409 const std::string& pcr_handle_name, 25410 AuthorizationDelegate* authorization_delegate) { 25411 VLOG(1) << __func__; 25412 std::string command; 25413 TPM_RC rc = SerializeCommand_PCR_Reset( 25414 pcr_handle, 25415 pcr_handle_name, 25416 &command, 25417 authorization_delegate); 25418 if (rc != TPM_RC_SUCCESS) { 25419 return rc; 25420 } 25421 std::string response = transceiver_->SendCommandAndWait(command); 25422 rc = ParseResponse_PCR_Reset( 25423 response, 25424 authorization_delegate); 25425 return rc; 25426 } 25427 25428 TPM_RC Tpm::SerializeCommand_PolicySigned( 25429 const TPMI_DH_OBJECT& auth_object, 25430 const std::string& auth_object_name, 25431 const TPMI_SH_POLICY& policy_session, 25432 const std::string& policy_session_name, 25433 const TPM2B_NONCE& nonce_tpm, 25434 const TPM2B_DIGEST& cp_hash_a, 25435 const TPM2B_NONCE& policy_ref, 25436 const INT32& expiration, 25437 const TPMT_SIGNATURE& auth, 25438 std::string* serialized_command, 25439 AuthorizationDelegate* authorization_delegate) { 25440 VLOG(3) << __func__; 25441 TPM_RC rc = TPM_RC_SUCCESS; 25442 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 25443 UINT32 command_size = 10; // Header size. 25444 std::string handle_section_bytes; 25445 std::string parameter_section_bytes; 25446 TPM_CC command_code = TPM_CC_PolicySigned; 25447 bool is_command_parameter_encryption_possible = true; 25448 bool is_response_parameter_encryption_possible = true; 25449 std::string command_code_bytes; 25450 rc = Serialize_TPM_CC( 25451 command_code, 25452 &command_code_bytes); 25453 if (rc != TPM_RC_SUCCESS) { 25454 return rc; 25455 } 25456 std::string auth_object_bytes; 25457 rc = Serialize_TPMI_DH_OBJECT( 25458 auth_object, 25459 &auth_object_bytes); 25460 if (rc != TPM_RC_SUCCESS) { 25461 return rc; 25462 } 25463 std::string policy_session_bytes; 25464 rc = Serialize_TPMI_SH_POLICY( 25465 policy_session, 25466 &policy_session_bytes); 25467 if (rc != TPM_RC_SUCCESS) { 25468 return rc; 25469 } 25470 std::string nonce_tpm_bytes; 25471 rc = Serialize_TPM2B_NONCE( 25472 nonce_tpm, 25473 &nonce_tpm_bytes); 25474 if (rc != TPM_RC_SUCCESS) { 25475 return rc; 25476 } 25477 std::string cp_hash_a_bytes; 25478 rc = Serialize_TPM2B_DIGEST( 25479 cp_hash_a, 25480 &cp_hash_a_bytes); 25481 if (rc != TPM_RC_SUCCESS) { 25482 return rc; 25483 } 25484 std::string policy_ref_bytes; 25485 rc = Serialize_TPM2B_NONCE( 25486 policy_ref, 25487 &policy_ref_bytes); 25488 if (rc != TPM_RC_SUCCESS) { 25489 return rc; 25490 } 25491 std::string expiration_bytes; 25492 rc = Serialize_INT32( 25493 expiration, 25494 &expiration_bytes); 25495 if (rc != TPM_RC_SUCCESS) { 25496 return rc; 25497 } 25498 std::string auth_bytes; 25499 rc = Serialize_TPMT_SIGNATURE( 25500 auth, 25501 &auth_bytes); 25502 if (rc != TPM_RC_SUCCESS) { 25503 return rc; 25504 } 25505 if (authorization_delegate) { 25506 // Encrypt just the parameter data, not the size. 25507 std::string tmp = nonce_tpm_bytes.substr(2); 25508 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 25509 return TRUNKS_RC_ENCRYPTION_FAILED; 25510 } 25511 nonce_tpm_bytes.replace(2, std::string::npos, tmp); 25512 } 25513 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 25514 crypto::SecureHash::SHA256)); 25515 hash->Update(command_code_bytes.data(), 25516 command_code_bytes.size()); 25517 hash->Update(auth_object_name.data(), 25518 auth_object_name.size()); 25519 handle_section_bytes += auth_object_bytes; 25520 command_size += auth_object_bytes.size(); 25521 hash->Update(policy_session_name.data(), 25522 policy_session_name.size()); 25523 handle_section_bytes += policy_session_bytes; 25524 command_size += policy_session_bytes.size(); 25525 hash->Update(nonce_tpm_bytes.data(), 25526 nonce_tpm_bytes.size()); 25527 parameter_section_bytes += nonce_tpm_bytes; 25528 command_size += nonce_tpm_bytes.size(); 25529 hash->Update(cp_hash_a_bytes.data(), 25530 cp_hash_a_bytes.size()); 25531 parameter_section_bytes += cp_hash_a_bytes; 25532 command_size += cp_hash_a_bytes.size(); 25533 hash->Update(policy_ref_bytes.data(), 25534 policy_ref_bytes.size()); 25535 parameter_section_bytes += policy_ref_bytes; 25536 command_size += policy_ref_bytes.size(); 25537 hash->Update(expiration_bytes.data(), 25538 expiration_bytes.size()); 25539 parameter_section_bytes += expiration_bytes; 25540 command_size += expiration_bytes.size(); 25541 hash->Update(auth_bytes.data(), 25542 auth_bytes.size()); 25543 parameter_section_bytes += auth_bytes; 25544 command_size += auth_bytes.size(); 25545 std::string command_hash(32, 0); 25546 hash->Finish(string_as_array(&command_hash), command_hash.size()); 25547 std::string authorization_section_bytes; 25548 std::string authorization_size_bytes; 25549 if (authorization_delegate) { 25550 if (!authorization_delegate->GetCommandAuthorization( 25551 command_hash, 25552 is_command_parameter_encryption_possible, 25553 is_response_parameter_encryption_possible, 25554 &authorization_section_bytes)) { 25555 return TRUNKS_RC_AUTHORIZATION_FAILED; 25556 } 25557 if (!authorization_section_bytes.empty()) { 25558 tag = TPM_ST_SESSIONS; 25559 std::string tmp; 25560 rc = Serialize_UINT32(authorization_section_bytes.size(), 25561 &authorization_size_bytes); 25562 if (rc != TPM_RC_SUCCESS) { 25563 return rc; 25564 } 25565 command_size += authorization_size_bytes.size() + 25566 authorization_section_bytes.size(); 25567 } 25568 } 25569 std::string tag_bytes; 25570 rc = Serialize_TPMI_ST_COMMAND_TAG( 25571 tag, 25572 &tag_bytes); 25573 if (rc != TPM_RC_SUCCESS) { 25574 return rc; 25575 } 25576 std::string command_size_bytes; 25577 rc = Serialize_UINT32( 25578 command_size, 25579 &command_size_bytes); 25580 if (rc != TPM_RC_SUCCESS) { 25581 return rc; 25582 } 25583 *serialized_command = tag_bytes + 25584 command_size_bytes + 25585 command_code_bytes + 25586 handle_section_bytes + 25587 authorization_size_bytes + 25588 authorization_section_bytes + 25589 parameter_section_bytes; 25590 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 25591 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 25592 serialized_command->size()); 25593 return TPM_RC_SUCCESS; 25594 } 25595 25596 TPM_RC Tpm::ParseResponse_PolicySigned( 25597 const std::string& response, 25598 TPM2B_TIMEOUT* timeout, 25599 TPMT_TK_AUTH* policy_ticket, 25600 AuthorizationDelegate* authorization_delegate) { 25601 VLOG(3) << __func__; 25602 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 25603 TPM_RC rc = TPM_RC_SUCCESS; 25604 std::string buffer(response); 25605 TPM_ST tag; 25606 std::string tag_bytes; 25607 rc = Parse_TPM_ST( 25608 &buffer, 25609 &tag, 25610 &tag_bytes); 25611 if (rc != TPM_RC_SUCCESS) { 25612 return rc; 25613 } 25614 UINT32 response_size; 25615 std::string response_size_bytes; 25616 rc = Parse_UINT32( 25617 &buffer, 25618 &response_size, 25619 &response_size_bytes); 25620 if (rc != TPM_RC_SUCCESS) { 25621 return rc; 25622 } 25623 TPM_RC response_code; 25624 std::string response_code_bytes; 25625 rc = Parse_TPM_RC( 25626 &buffer, 25627 &response_code, 25628 &response_code_bytes); 25629 if (rc != TPM_RC_SUCCESS) { 25630 return rc; 25631 } 25632 if (response_size != response.size()) { 25633 return TPM_RC_SIZE; 25634 } 25635 if (response_code != TPM_RC_SUCCESS) { 25636 return response_code; 25637 } 25638 TPM_CC command_code = TPM_CC_PolicySigned; 25639 std::string command_code_bytes; 25640 rc = Serialize_TPM_CC( 25641 command_code, 25642 &command_code_bytes); 25643 if (rc != TPM_RC_SUCCESS) { 25644 return rc; 25645 } 25646 std::string authorization_section_bytes; 25647 if (tag == TPM_ST_SESSIONS) { 25648 UINT32 parameter_section_size = buffer.size(); 25649 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 25650 if (rc != TPM_RC_SUCCESS) { 25651 return rc; 25652 } 25653 if (parameter_section_size > buffer.size()) { 25654 return TPM_RC_INSUFFICIENT; 25655 } 25656 authorization_section_bytes = buffer.substr(parameter_section_size); 25657 // Keep the parameter section in |buffer|. 25658 buffer.erase(parameter_section_size); 25659 } 25660 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 25661 crypto::SecureHash::SHA256)); 25662 hash->Update(response_code_bytes.data(), 25663 response_code_bytes.size()); 25664 hash->Update(command_code_bytes.data(), 25665 command_code_bytes.size()); 25666 hash->Update(buffer.data(), 25667 buffer.size()); 25668 std::string response_hash(32, 0); 25669 hash->Finish(string_as_array(&response_hash), response_hash.size()); 25670 if (tag == TPM_ST_SESSIONS) { 25671 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25672 if (!authorization_delegate->CheckResponseAuthorization( 25673 response_hash, 25674 authorization_section_bytes)) { 25675 return TRUNKS_RC_AUTHORIZATION_FAILED; 25676 } 25677 } 25678 std::string timeout_bytes; 25679 rc = Parse_TPM2B_TIMEOUT( 25680 &buffer, 25681 timeout, 25682 &timeout_bytes); 25683 if (rc != TPM_RC_SUCCESS) { 25684 return rc; 25685 } 25686 std::string policy_ticket_bytes; 25687 rc = Parse_TPMT_TK_AUTH( 25688 &buffer, 25689 policy_ticket, 25690 &policy_ticket_bytes); 25691 if (rc != TPM_RC_SUCCESS) { 25692 return rc; 25693 } 25694 if (tag == TPM_ST_SESSIONS) { 25695 CHECK(authorization_delegate) << "Authorization delegate missing!"; 25696 // Decrypt just the parameter data, not the size. 25697 std::string tmp = timeout_bytes.substr(2); 25698 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 25699 return TRUNKS_RC_ENCRYPTION_FAILED; 25700 } 25701 timeout_bytes.replace(2, std::string::npos, tmp); 25702 rc = Parse_TPM2B_TIMEOUT( 25703 &timeout_bytes, 25704 timeout, 25705 nullptr); 25706 if (rc != TPM_RC_SUCCESS) { 25707 return rc; 25708 } 25709 } 25710 return TPM_RC_SUCCESS; 25711 } 25712 25713 void PolicySignedErrorCallback( 25714 const Tpm::PolicySignedResponse& callback, 25715 TPM_RC response_code) { 25716 VLOG(1) << __func__; 25717 callback.Run(response_code, 25718 TPM2B_TIMEOUT(), 25719 TPMT_TK_AUTH()); 25720 } 25721 25722 void PolicySignedResponseParser( 25723 const Tpm::PolicySignedResponse& callback, 25724 AuthorizationDelegate* authorization_delegate, 25725 const std::string& response) { 25726 VLOG(1) << __func__; 25727 base::Callback<void(TPM_RC)> error_reporter = 25728 base::Bind(PolicySignedErrorCallback, callback); 25729 TPM2B_TIMEOUT timeout; 25730 TPMT_TK_AUTH policy_ticket; 25731 TPM_RC rc = Tpm::ParseResponse_PolicySigned( 25732 response, 25733 &timeout, 25734 &policy_ticket, 25735 authorization_delegate); 25736 if (rc != TPM_RC_SUCCESS) { 25737 error_reporter.Run(rc); 25738 return; 25739 } 25740 callback.Run( 25741 rc, 25742 timeout, 25743 policy_ticket); 25744 } 25745 25746 void Tpm::PolicySigned( 25747 const TPMI_DH_OBJECT& auth_object, 25748 const std::string& auth_object_name, 25749 const TPMI_SH_POLICY& policy_session, 25750 const std::string& policy_session_name, 25751 const TPM2B_NONCE& nonce_tpm, 25752 const TPM2B_DIGEST& cp_hash_a, 25753 const TPM2B_NONCE& policy_ref, 25754 const INT32& expiration, 25755 const TPMT_SIGNATURE& auth, 25756 AuthorizationDelegate* authorization_delegate, 25757 const PolicySignedResponse& callback) { 25758 VLOG(1) << __func__; 25759 base::Callback<void(TPM_RC)> error_reporter = 25760 base::Bind(PolicySignedErrorCallback, callback); 25761 base::Callback<void(const std::string&)> parser = 25762 base::Bind(PolicySignedResponseParser, 25763 callback, 25764 authorization_delegate); 25765 std::string command; 25766 TPM_RC rc = SerializeCommand_PolicySigned( 25767 auth_object, 25768 auth_object_name, 25769 policy_session, 25770 policy_session_name, 25771 nonce_tpm, 25772 cp_hash_a, 25773 policy_ref, 25774 expiration, 25775 auth, 25776 &command, 25777 authorization_delegate); 25778 if (rc != TPM_RC_SUCCESS) { 25779 error_reporter.Run(rc); 25780 return; 25781 } 25782 transceiver_->SendCommand(command, parser); 25783 } 25784 25785 TPM_RC Tpm::PolicySignedSync( 25786 const TPMI_DH_OBJECT& auth_object, 25787 const std::string& auth_object_name, 25788 const TPMI_SH_POLICY& policy_session, 25789 const std::string& policy_session_name, 25790 const TPM2B_NONCE& nonce_tpm, 25791 const TPM2B_DIGEST& cp_hash_a, 25792 const TPM2B_NONCE& policy_ref, 25793 const INT32& expiration, 25794 const TPMT_SIGNATURE& auth, 25795 TPM2B_TIMEOUT* timeout, 25796 TPMT_TK_AUTH* policy_ticket, 25797 AuthorizationDelegate* authorization_delegate) { 25798 VLOG(1) << __func__; 25799 std::string command; 25800 TPM_RC rc = SerializeCommand_PolicySigned( 25801 auth_object, 25802 auth_object_name, 25803 policy_session, 25804 policy_session_name, 25805 nonce_tpm, 25806 cp_hash_a, 25807 policy_ref, 25808 expiration, 25809 auth, 25810 &command, 25811 authorization_delegate); 25812 if (rc != TPM_RC_SUCCESS) { 25813 return rc; 25814 } 25815 std::string response = transceiver_->SendCommandAndWait(command); 25816 rc = ParseResponse_PolicySigned( 25817 response, 25818 timeout, 25819 policy_ticket, 25820 authorization_delegate); 25821 return rc; 25822 } 25823 25824 TPM_RC Tpm::SerializeCommand_PolicySecret( 25825 const TPMI_DH_ENTITY& auth_handle, 25826 const std::string& auth_handle_name, 25827 const TPMI_SH_POLICY& policy_session, 25828 const std::string& policy_session_name, 25829 const TPM2B_NONCE& nonce_tpm, 25830 const TPM2B_DIGEST& cp_hash_a, 25831 const TPM2B_NONCE& policy_ref, 25832 const INT32& expiration, 25833 std::string* serialized_command, 25834 AuthorizationDelegate* authorization_delegate) { 25835 VLOG(3) << __func__; 25836 TPM_RC rc = TPM_RC_SUCCESS; 25837 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 25838 UINT32 command_size = 10; // Header size. 25839 std::string handle_section_bytes; 25840 std::string parameter_section_bytes; 25841 TPM_CC command_code = TPM_CC_PolicySecret; 25842 bool is_command_parameter_encryption_possible = true; 25843 bool is_response_parameter_encryption_possible = true; 25844 std::string command_code_bytes; 25845 rc = Serialize_TPM_CC( 25846 command_code, 25847 &command_code_bytes); 25848 if (rc != TPM_RC_SUCCESS) { 25849 return rc; 25850 } 25851 std::string auth_handle_bytes; 25852 rc = Serialize_TPMI_DH_ENTITY( 25853 auth_handle, 25854 &auth_handle_bytes); 25855 if (rc != TPM_RC_SUCCESS) { 25856 return rc; 25857 } 25858 std::string policy_session_bytes; 25859 rc = Serialize_TPMI_SH_POLICY( 25860 policy_session, 25861 &policy_session_bytes); 25862 if (rc != TPM_RC_SUCCESS) { 25863 return rc; 25864 } 25865 std::string nonce_tpm_bytes; 25866 rc = Serialize_TPM2B_NONCE( 25867 nonce_tpm, 25868 &nonce_tpm_bytes); 25869 if (rc != TPM_RC_SUCCESS) { 25870 return rc; 25871 } 25872 std::string cp_hash_a_bytes; 25873 rc = Serialize_TPM2B_DIGEST( 25874 cp_hash_a, 25875 &cp_hash_a_bytes); 25876 if (rc != TPM_RC_SUCCESS) { 25877 return rc; 25878 } 25879 std::string policy_ref_bytes; 25880 rc = Serialize_TPM2B_NONCE( 25881 policy_ref, 25882 &policy_ref_bytes); 25883 if (rc != TPM_RC_SUCCESS) { 25884 return rc; 25885 } 25886 std::string expiration_bytes; 25887 rc = Serialize_INT32( 25888 expiration, 25889 &expiration_bytes); 25890 if (rc != TPM_RC_SUCCESS) { 25891 return rc; 25892 } 25893 if (authorization_delegate) { 25894 // Encrypt just the parameter data, not the size. 25895 std::string tmp = nonce_tpm_bytes.substr(2); 25896 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 25897 return TRUNKS_RC_ENCRYPTION_FAILED; 25898 } 25899 nonce_tpm_bytes.replace(2, std::string::npos, tmp); 25900 } 25901 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 25902 crypto::SecureHash::SHA256)); 25903 hash->Update(command_code_bytes.data(), 25904 command_code_bytes.size()); 25905 hash->Update(auth_handle_name.data(), 25906 auth_handle_name.size()); 25907 handle_section_bytes += auth_handle_bytes; 25908 command_size += auth_handle_bytes.size(); 25909 hash->Update(policy_session_name.data(), 25910 policy_session_name.size()); 25911 handle_section_bytes += policy_session_bytes; 25912 command_size += policy_session_bytes.size(); 25913 hash->Update(nonce_tpm_bytes.data(), 25914 nonce_tpm_bytes.size()); 25915 parameter_section_bytes += nonce_tpm_bytes; 25916 command_size += nonce_tpm_bytes.size(); 25917 hash->Update(cp_hash_a_bytes.data(), 25918 cp_hash_a_bytes.size()); 25919 parameter_section_bytes += cp_hash_a_bytes; 25920 command_size += cp_hash_a_bytes.size(); 25921 hash->Update(policy_ref_bytes.data(), 25922 policy_ref_bytes.size()); 25923 parameter_section_bytes += policy_ref_bytes; 25924 command_size += policy_ref_bytes.size(); 25925 hash->Update(expiration_bytes.data(), 25926 expiration_bytes.size()); 25927 parameter_section_bytes += expiration_bytes; 25928 command_size += expiration_bytes.size(); 25929 std::string command_hash(32, 0); 25930 hash->Finish(string_as_array(&command_hash), command_hash.size()); 25931 std::string authorization_section_bytes; 25932 std::string authorization_size_bytes; 25933 if (authorization_delegate) { 25934 if (!authorization_delegate->GetCommandAuthorization( 25935 command_hash, 25936 is_command_parameter_encryption_possible, 25937 is_response_parameter_encryption_possible, 25938 &authorization_section_bytes)) { 25939 return TRUNKS_RC_AUTHORIZATION_FAILED; 25940 } 25941 if (!authorization_section_bytes.empty()) { 25942 tag = TPM_ST_SESSIONS; 25943 std::string tmp; 25944 rc = Serialize_UINT32(authorization_section_bytes.size(), 25945 &authorization_size_bytes); 25946 if (rc != TPM_RC_SUCCESS) { 25947 return rc; 25948 } 25949 command_size += authorization_size_bytes.size() + 25950 authorization_section_bytes.size(); 25951 } 25952 } 25953 std::string tag_bytes; 25954 rc = Serialize_TPMI_ST_COMMAND_TAG( 25955 tag, 25956 &tag_bytes); 25957 if (rc != TPM_RC_SUCCESS) { 25958 return rc; 25959 } 25960 std::string command_size_bytes; 25961 rc = Serialize_UINT32( 25962 command_size, 25963 &command_size_bytes); 25964 if (rc != TPM_RC_SUCCESS) { 25965 return rc; 25966 } 25967 *serialized_command = tag_bytes + 25968 command_size_bytes + 25969 command_code_bytes + 25970 handle_section_bytes + 25971 authorization_size_bytes + 25972 authorization_section_bytes + 25973 parameter_section_bytes; 25974 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 25975 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 25976 serialized_command->size()); 25977 return TPM_RC_SUCCESS; 25978 } 25979 25980 TPM_RC Tpm::ParseResponse_PolicySecret( 25981 const std::string& response, 25982 TPM2B_TIMEOUT* timeout, 25983 TPMT_TK_AUTH* policy_ticket, 25984 AuthorizationDelegate* authorization_delegate) { 25985 VLOG(3) << __func__; 25986 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 25987 TPM_RC rc = TPM_RC_SUCCESS; 25988 std::string buffer(response); 25989 TPM_ST tag; 25990 std::string tag_bytes; 25991 rc = Parse_TPM_ST( 25992 &buffer, 25993 &tag, 25994 &tag_bytes); 25995 if (rc != TPM_RC_SUCCESS) { 25996 return rc; 25997 } 25998 UINT32 response_size; 25999 std::string response_size_bytes; 26000 rc = Parse_UINT32( 26001 &buffer, 26002 &response_size, 26003 &response_size_bytes); 26004 if (rc != TPM_RC_SUCCESS) { 26005 return rc; 26006 } 26007 TPM_RC response_code; 26008 std::string response_code_bytes; 26009 rc = Parse_TPM_RC( 26010 &buffer, 26011 &response_code, 26012 &response_code_bytes); 26013 if (rc != TPM_RC_SUCCESS) { 26014 return rc; 26015 } 26016 if (response_size != response.size()) { 26017 return TPM_RC_SIZE; 26018 } 26019 if (response_code != TPM_RC_SUCCESS) { 26020 return response_code; 26021 } 26022 TPM_CC command_code = TPM_CC_PolicySecret; 26023 std::string command_code_bytes; 26024 rc = Serialize_TPM_CC( 26025 command_code, 26026 &command_code_bytes); 26027 if (rc != TPM_RC_SUCCESS) { 26028 return rc; 26029 } 26030 std::string authorization_section_bytes; 26031 if (tag == TPM_ST_SESSIONS) { 26032 UINT32 parameter_section_size = buffer.size(); 26033 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 26034 if (rc != TPM_RC_SUCCESS) { 26035 return rc; 26036 } 26037 if (parameter_section_size > buffer.size()) { 26038 return TPM_RC_INSUFFICIENT; 26039 } 26040 authorization_section_bytes = buffer.substr(parameter_section_size); 26041 // Keep the parameter section in |buffer|. 26042 buffer.erase(parameter_section_size); 26043 } 26044 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 26045 crypto::SecureHash::SHA256)); 26046 hash->Update(response_code_bytes.data(), 26047 response_code_bytes.size()); 26048 hash->Update(command_code_bytes.data(), 26049 command_code_bytes.size()); 26050 hash->Update(buffer.data(), 26051 buffer.size()); 26052 std::string response_hash(32, 0); 26053 hash->Finish(string_as_array(&response_hash), response_hash.size()); 26054 if (tag == TPM_ST_SESSIONS) { 26055 CHECK(authorization_delegate) << "Authorization delegate missing!"; 26056 if (!authorization_delegate->CheckResponseAuthorization( 26057 response_hash, 26058 authorization_section_bytes)) { 26059 return TRUNKS_RC_AUTHORIZATION_FAILED; 26060 } 26061 } 26062 std::string timeout_bytes; 26063 rc = Parse_TPM2B_TIMEOUT( 26064 &buffer, 26065 timeout, 26066 &timeout_bytes); 26067 if (rc != TPM_RC_SUCCESS) { 26068 return rc; 26069 } 26070 std::string policy_ticket_bytes; 26071 rc = Parse_TPMT_TK_AUTH( 26072 &buffer, 26073 policy_ticket, 26074 &policy_ticket_bytes); 26075 if (rc != TPM_RC_SUCCESS) { 26076 return rc; 26077 } 26078 if (tag == TPM_ST_SESSIONS) { 26079 CHECK(authorization_delegate) << "Authorization delegate missing!"; 26080 // Decrypt just the parameter data, not the size. 26081 std::string tmp = timeout_bytes.substr(2); 26082 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 26083 return TRUNKS_RC_ENCRYPTION_FAILED; 26084 } 26085 timeout_bytes.replace(2, std::string::npos, tmp); 26086 rc = Parse_TPM2B_TIMEOUT( 26087 &timeout_bytes, 26088 timeout, 26089 nullptr); 26090 if (rc != TPM_RC_SUCCESS) { 26091 return rc; 26092 } 26093 } 26094 return TPM_RC_SUCCESS; 26095 } 26096 26097 void PolicySecretErrorCallback( 26098 const Tpm::PolicySecretResponse& callback, 26099 TPM_RC response_code) { 26100 VLOG(1) << __func__; 26101 callback.Run(response_code, 26102 TPM2B_TIMEOUT(), 26103 TPMT_TK_AUTH()); 26104 } 26105 26106 void PolicySecretResponseParser( 26107 const Tpm::PolicySecretResponse& callback, 26108 AuthorizationDelegate* authorization_delegate, 26109 const std::string& response) { 26110 VLOG(1) << __func__; 26111 base::Callback<void(TPM_RC)> error_reporter = 26112 base::Bind(PolicySecretErrorCallback, callback); 26113 TPM2B_TIMEOUT timeout; 26114 TPMT_TK_AUTH policy_ticket; 26115 TPM_RC rc = Tpm::ParseResponse_PolicySecret( 26116 response, 26117 &timeout, 26118 &policy_ticket, 26119 authorization_delegate); 26120 if (rc != TPM_RC_SUCCESS) { 26121 error_reporter.Run(rc); 26122 return; 26123 } 26124 callback.Run( 26125 rc, 26126 timeout, 26127 policy_ticket); 26128 } 26129 26130 void Tpm::PolicySecret( 26131 const TPMI_DH_ENTITY& auth_handle, 26132 const std::string& auth_handle_name, 26133 const TPMI_SH_POLICY& policy_session, 26134 const std::string& policy_session_name, 26135 const TPM2B_NONCE& nonce_tpm, 26136 const TPM2B_DIGEST& cp_hash_a, 26137 const TPM2B_NONCE& policy_ref, 26138 const INT32& expiration, 26139 AuthorizationDelegate* authorization_delegate, 26140 const PolicySecretResponse& callback) { 26141 VLOG(1) << __func__; 26142 base::Callback<void(TPM_RC)> error_reporter = 26143 base::Bind(PolicySecretErrorCallback, callback); 26144 base::Callback<void(const std::string&)> parser = 26145 base::Bind(PolicySecretResponseParser, 26146 callback, 26147 authorization_delegate); 26148 std::string command; 26149 TPM_RC rc = SerializeCommand_PolicySecret( 26150 auth_handle, 26151 auth_handle_name, 26152 policy_session, 26153 policy_session_name, 26154 nonce_tpm, 26155 cp_hash_a, 26156 policy_ref, 26157 expiration, 26158 &command, 26159 authorization_delegate); 26160 if (rc != TPM_RC_SUCCESS) { 26161 error_reporter.Run(rc); 26162 return; 26163 } 26164 transceiver_->SendCommand(command, parser); 26165 } 26166 26167 TPM_RC Tpm::PolicySecretSync( 26168 const TPMI_DH_ENTITY& auth_handle, 26169 const std::string& auth_handle_name, 26170 const TPMI_SH_POLICY& policy_session, 26171 const std::string& policy_session_name, 26172 const TPM2B_NONCE& nonce_tpm, 26173 const TPM2B_DIGEST& cp_hash_a, 26174 const TPM2B_NONCE& policy_ref, 26175 const INT32& expiration, 26176 TPM2B_TIMEOUT* timeout, 26177 TPMT_TK_AUTH* policy_ticket, 26178 AuthorizationDelegate* authorization_delegate) { 26179 VLOG(1) << __func__; 26180 std::string command; 26181 TPM_RC rc = SerializeCommand_PolicySecret( 26182 auth_handle, 26183 auth_handle_name, 26184 policy_session, 26185 policy_session_name, 26186 nonce_tpm, 26187 cp_hash_a, 26188 policy_ref, 26189 expiration, 26190 &command, 26191 authorization_delegate); 26192 if (rc != TPM_RC_SUCCESS) { 26193 return rc; 26194 } 26195 std::string response = transceiver_->SendCommandAndWait(command); 26196 rc = ParseResponse_PolicySecret( 26197 response, 26198 timeout, 26199 policy_ticket, 26200 authorization_delegate); 26201 return rc; 26202 } 26203 26204 TPM_RC Tpm::SerializeCommand_PolicyTicket( 26205 const TPMI_SH_POLICY& policy_session, 26206 const std::string& policy_session_name, 26207 const TPM2B_TIMEOUT& timeout, 26208 const TPM2B_DIGEST& cp_hash_a, 26209 const TPM2B_NONCE& policy_ref, 26210 const TPM2B_NAME& auth_name, 26211 const TPMT_TK_AUTH& ticket, 26212 std::string* serialized_command, 26213 AuthorizationDelegate* authorization_delegate) { 26214 VLOG(3) << __func__; 26215 TPM_RC rc = TPM_RC_SUCCESS; 26216 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 26217 UINT32 command_size = 10; // Header size. 26218 std::string handle_section_bytes; 26219 std::string parameter_section_bytes; 26220 TPM_CC command_code = TPM_CC_PolicyTicket; 26221 bool is_command_parameter_encryption_possible = true; 26222 bool is_response_parameter_encryption_possible = false; 26223 std::string command_code_bytes; 26224 rc = Serialize_TPM_CC( 26225 command_code, 26226 &command_code_bytes); 26227 if (rc != TPM_RC_SUCCESS) { 26228 return rc; 26229 } 26230 std::string policy_session_bytes; 26231 rc = Serialize_TPMI_SH_POLICY( 26232 policy_session, 26233 &policy_session_bytes); 26234 if (rc != TPM_RC_SUCCESS) { 26235 return rc; 26236 } 26237 std::string timeout_bytes; 26238 rc = Serialize_TPM2B_TIMEOUT( 26239 timeout, 26240 &timeout_bytes); 26241 if (rc != TPM_RC_SUCCESS) { 26242 return rc; 26243 } 26244 std::string cp_hash_a_bytes; 26245 rc = Serialize_TPM2B_DIGEST( 26246 cp_hash_a, 26247 &cp_hash_a_bytes); 26248 if (rc != TPM_RC_SUCCESS) { 26249 return rc; 26250 } 26251 std::string policy_ref_bytes; 26252 rc = Serialize_TPM2B_NONCE( 26253 policy_ref, 26254 &policy_ref_bytes); 26255 if (rc != TPM_RC_SUCCESS) { 26256 return rc; 26257 } 26258 std::string auth_name_bytes; 26259 rc = Serialize_TPM2B_NAME( 26260 auth_name, 26261 &auth_name_bytes); 26262 if (rc != TPM_RC_SUCCESS) { 26263 return rc; 26264 } 26265 std::string ticket_bytes; 26266 rc = Serialize_TPMT_TK_AUTH( 26267 ticket, 26268 &ticket_bytes); 26269 if (rc != TPM_RC_SUCCESS) { 26270 return rc; 26271 } 26272 if (authorization_delegate) { 26273 // Encrypt just the parameter data, not the size. 26274 std::string tmp = timeout_bytes.substr(2); 26275 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 26276 return TRUNKS_RC_ENCRYPTION_FAILED; 26277 } 26278 timeout_bytes.replace(2, std::string::npos, tmp); 26279 } 26280 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 26281 crypto::SecureHash::SHA256)); 26282 hash->Update(command_code_bytes.data(), 26283 command_code_bytes.size()); 26284 hash->Update(policy_session_name.data(), 26285 policy_session_name.size()); 26286 handle_section_bytes += policy_session_bytes; 26287 command_size += policy_session_bytes.size(); 26288 hash->Update(timeout_bytes.data(), 26289 timeout_bytes.size()); 26290 parameter_section_bytes += timeout_bytes; 26291 command_size += timeout_bytes.size(); 26292 hash->Update(cp_hash_a_bytes.data(), 26293 cp_hash_a_bytes.size()); 26294 parameter_section_bytes += cp_hash_a_bytes; 26295 command_size += cp_hash_a_bytes.size(); 26296 hash->Update(policy_ref_bytes.data(), 26297 policy_ref_bytes.size()); 26298 parameter_section_bytes += policy_ref_bytes; 26299 command_size += policy_ref_bytes.size(); 26300 hash->Update(auth_name_bytes.data(), 26301 auth_name_bytes.size()); 26302 parameter_section_bytes += auth_name_bytes; 26303 command_size += auth_name_bytes.size(); 26304 hash->Update(ticket_bytes.data(), 26305 ticket_bytes.size()); 26306 parameter_section_bytes += ticket_bytes; 26307 command_size += ticket_bytes.size(); 26308 std::string command_hash(32, 0); 26309 hash->Finish(string_as_array(&command_hash), command_hash.size()); 26310 std::string authorization_section_bytes; 26311 std::string authorization_size_bytes; 26312 if (authorization_delegate) { 26313 if (!authorization_delegate->GetCommandAuthorization( 26314 command_hash, 26315 is_command_parameter_encryption_possible, 26316 is_response_parameter_encryption_possible, 26317 &authorization_section_bytes)) { 26318 return TRUNKS_RC_AUTHORIZATION_FAILED; 26319 } 26320 if (!authorization_section_bytes.empty()) { 26321 tag = TPM_ST_SESSIONS; 26322 std::string tmp; 26323 rc = Serialize_UINT32(authorization_section_bytes.size(), 26324 &authorization_size_bytes); 26325 if (rc != TPM_RC_SUCCESS) { 26326 return rc; 26327 } 26328 command_size += authorization_size_bytes.size() + 26329 authorization_section_bytes.size(); 26330 } 26331 } 26332 std::string tag_bytes; 26333 rc = Serialize_TPMI_ST_COMMAND_TAG( 26334 tag, 26335 &tag_bytes); 26336 if (rc != TPM_RC_SUCCESS) { 26337 return rc; 26338 } 26339 std::string command_size_bytes; 26340 rc = Serialize_UINT32( 26341 command_size, 26342 &command_size_bytes); 26343 if (rc != TPM_RC_SUCCESS) { 26344 return rc; 26345 } 26346 *serialized_command = tag_bytes + 26347 command_size_bytes + 26348 command_code_bytes + 26349 handle_section_bytes + 26350 authorization_size_bytes + 26351 authorization_section_bytes + 26352 parameter_section_bytes; 26353 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 26354 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 26355 serialized_command->size()); 26356 return TPM_RC_SUCCESS; 26357 } 26358 26359 TPM_RC Tpm::ParseResponse_PolicyTicket( 26360 const std::string& response, 26361 AuthorizationDelegate* authorization_delegate) { 26362 VLOG(3) << __func__; 26363 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 26364 TPM_RC rc = TPM_RC_SUCCESS; 26365 std::string buffer(response); 26366 TPM_ST tag; 26367 std::string tag_bytes; 26368 rc = Parse_TPM_ST( 26369 &buffer, 26370 &tag, 26371 &tag_bytes); 26372 if (rc != TPM_RC_SUCCESS) { 26373 return rc; 26374 } 26375 UINT32 response_size; 26376 std::string response_size_bytes; 26377 rc = Parse_UINT32( 26378 &buffer, 26379 &response_size, 26380 &response_size_bytes); 26381 if (rc != TPM_RC_SUCCESS) { 26382 return rc; 26383 } 26384 TPM_RC response_code; 26385 std::string response_code_bytes; 26386 rc = Parse_TPM_RC( 26387 &buffer, 26388 &response_code, 26389 &response_code_bytes); 26390 if (rc != TPM_RC_SUCCESS) { 26391 return rc; 26392 } 26393 if (response_size != response.size()) { 26394 return TPM_RC_SIZE; 26395 } 26396 if (response_code != TPM_RC_SUCCESS) { 26397 return response_code; 26398 } 26399 TPM_CC command_code = TPM_CC_PolicyTicket; 26400 std::string command_code_bytes; 26401 rc = Serialize_TPM_CC( 26402 command_code, 26403 &command_code_bytes); 26404 if (rc != TPM_RC_SUCCESS) { 26405 return rc; 26406 } 26407 std::string authorization_section_bytes; 26408 if (tag == TPM_ST_SESSIONS) { 26409 UINT32 parameter_section_size = buffer.size(); 26410 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 26411 if (rc != TPM_RC_SUCCESS) { 26412 return rc; 26413 } 26414 if (parameter_section_size > buffer.size()) { 26415 return TPM_RC_INSUFFICIENT; 26416 } 26417 authorization_section_bytes = buffer.substr(parameter_section_size); 26418 // Keep the parameter section in |buffer|. 26419 buffer.erase(parameter_section_size); 26420 } 26421 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 26422 crypto::SecureHash::SHA256)); 26423 hash->Update(response_code_bytes.data(), 26424 response_code_bytes.size()); 26425 hash->Update(command_code_bytes.data(), 26426 command_code_bytes.size()); 26427 hash->Update(buffer.data(), 26428 buffer.size()); 26429 std::string response_hash(32, 0); 26430 hash->Finish(string_as_array(&response_hash), response_hash.size()); 26431 if (tag == TPM_ST_SESSIONS) { 26432 CHECK(authorization_delegate) << "Authorization delegate missing!"; 26433 if (!authorization_delegate->CheckResponseAuthorization( 26434 response_hash, 26435 authorization_section_bytes)) { 26436 return TRUNKS_RC_AUTHORIZATION_FAILED; 26437 } 26438 } 26439 return TPM_RC_SUCCESS; 26440 } 26441 26442 void PolicyTicketErrorCallback( 26443 const Tpm::PolicyTicketResponse& callback, 26444 TPM_RC response_code) { 26445 VLOG(1) << __func__; 26446 callback.Run(response_code); 26447 } 26448 26449 void PolicyTicketResponseParser( 26450 const Tpm::PolicyTicketResponse& callback, 26451 AuthorizationDelegate* authorization_delegate, 26452 const std::string& response) { 26453 VLOG(1) << __func__; 26454 base::Callback<void(TPM_RC)> error_reporter = 26455 base::Bind(PolicyTicketErrorCallback, callback); 26456 TPM_RC rc = Tpm::ParseResponse_PolicyTicket( 26457 response, 26458 authorization_delegate); 26459 if (rc != TPM_RC_SUCCESS) { 26460 error_reporter.Run(rc); 26461 return; 26462 } 26463 callback.Run( 26464 rc); 26465 } 26466 26467 void Tpm::PolicyTicket( 26468 const TPMI_SH_POLICY& policy_session, 26469 const std::string& policy_session_name, 26470 const TPM2B_TIMEOUT& timeout, 26471 const TPM2B_DIGEST& cp_hash_a, 26472 const TPM2B_NONCE& policy_ref, 26473 const TPM2B_NAME& auth_name, 26474 const TPMT_TK_AUTH& ticket, 26475 AuthorizationDelegate* authorization_delegate, 26476 const PolicyTicketResponse& callback) { 26477 VLOG(1) << __func__; 26478 base::Callback<void(TPM_RC)> error_reporter = 26479 base::Bind(PolicyTicketErrorCallback, callback); 26480 base::Callback<void(const std::string&)> parser = 26481 base::Bind(PolicyTicketResponseParser, 26482 callback, 26483 authorization_delegate); 26484 std::string command; 26485 TPM_RC rc = SerializeCommand_PolicyTicket( 26486 policy_session, 26487 policy_session_name, 26488 timeout, 26489 cp_hash_a, 26490 policy_ref, 26491 auth_name, 26492 ticket, 26493 &command, 26494 authorization_delegate); 26495 if (rc != TPM_RC_SUCCESS) { 26496 error_reporter.Run(rc); 26497 return; 26498 } 26499 transceiver_->SendCommand(command, parser); 26500 } 26501 26502 TPM_RC Tpm::PolicyTicketSync( 26503 const TPMI_SH_POLICY& policy_session, 26504 const std::string& policy_session_name, 26505 const TPM2B_TIMEOUT& timeout, 26506 const TPM2B_DIGEST& cp_hash_a, 26507 const TPM2B_NONCE& policy_ref, 26508 const TPM2B_NAME& auth_name, 26509 const TPMT_TK_AUTH& ticket, 26510 AuthorizationDelegate* authorization_delegate) { 26511 VLOG(1) << __func__; 26512 std::string command; 26513 TPM_RC rc = SerializeCommand_PolicyTicket( 26514 policy_session, 26515 policy_session_name, 26516 timeout, 26517 cp_hash_a, 26518 policy_ref, 26519 auth_name, 26520 ticket, 26521 &command, 26522 authorization_delegate); 26523 if (rc != TPM_RC_SUCCESS) { 26524 return rc; 26525 } 26526 std::string response = transceiver_->SendCommandAndWait(command); 26527 rc = ParseResponse_PolicyTicket( 26528 response, 26529 authorization_delegate); 26530 return rc; 26531 } 26532 26533 TPM_RC Tpm::SerializeCommand_PolicyOR( 26534 const TPMI_SH_POLICY& policy_session, 26535 const std::string& policy_session_name, 26536 const TPML_DIGEST& p_hash_list, 26537 std::string* serialized_command, 26538 AuthorizationDelegate* authorization_delegate) { 26539 VLOG(3) << __func__; 26540 TPM_RC rc = TPM_RC_SUCCESS; 26541 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 26542 UINT32 command_size = 10; // Header size. 26543 std::string handle_section_bytes; 26544 std::string parameter_section_bytes; 26545 TPM_CC command_code = TPM_CC_PolicyOR; 26546 bool is_command_parameter_encryption_possible = false; 26547 bool is_response_parameter_encryption_possible = false; 26548 std::string command_code_bytes; 26549 rc = Serialize_TPM_CC( 26550 command_code, 26551 &command_code_bytes); 26552 if (rc != TPM_RC_SUCCESS) { 26553 return rc; 26554 } 26555 std::string policy_session_bytes; 26556 rc = Serialize_TPMI_SH_POLICY( 26557 policy_session, 26558 &policy_session_bytes); 26559 if (rc != TPM_RC_SUCCESS) { 26560 return rc; 26561 } 26562 std::string p_hash_list_bytes; 26563 rc = Serialize_TPML_DIGEST( 26564 p_hash_list, 26565 &p_hash_list_bytes); 26566 if (rc != TPM_RC_SUCCESS) { 26567 return rc; 26568 } 26569 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 26570 crypto::SecureHash::SHA256)); 26571 hash->Update(command_code_bytes.data(), 26572 command_code_bytes.size()); 26573 hash->Update(policy_session_name.data(), 26574 policy_session_name.size()); 26575 handle_section_bytes += policy_session_bytes; 26576 command_size += policy_session_bytes.size(); 26577 hash->Update(p_hash_list_bytes.data(), 26578 p_hash_list_bytes.size()); 26579 parameter_section_bytes += p_hash_list_bytes; 26580 command_size += p_hash_list_bytes.size(); 26581 std::string command_hash(32, 0); 26582 hash->Finish(string_as_array(&command_hash), command_hash.size()); 26583 std::string authorization_section_bytes; 26584 std::string authorization_size_bytes; 26585 if (authorization_delegate) { 26586 if (!authorization_delegate->GetCommandAuthorization( 26587 command_hash, 26588 is_command_parameter_encryption_possible, 26589 is_response_parameter_encryption_possible, 26590 &authorization_section_bytes)) { 26591 return TRUNKS_RC_AUTHORIZATION_FAILED; 26592 } 26593 if (!authorization_section_bytes.empty()) { 26594 tag = TPM_ST_SESSIONS; 26595 std::string tmp; 26596 rc = Serialize_UINT32(authorization_section_bytes.size(), 26597 &authorization_size_bytes); 26598 if (rc != TPM_RC_SUCCESS) { 26599 return rc; 26600 } 26601 command_size += authorization_size_bytes.size() + 26602 authorization_section_bytes.size(); 26603 } 26604 } 26605 std::string tag_bytes; 26606 rc = Serialize_TPMI_ST_COMMAND_TAG( 26607 tag, 26608 &tag_bytes); 26609 if (rc != TPM_RC_SUCCESS) { 26610 return rc; 26611 } 26612 std::string command_size_bytes; 26613 rc = Serialize_UINT32( 26614 command_size, 26615 &command_size_bytes); 26616 if (rc != TPM_RC_SUCCESS) { 26617 return rc; 26618 } 26619 *serialized_command = tag_bytes + 26620 command_size_bytes + 26621 command_code_bytes + 26622 handle_section_bytes + 26623 authorization_size_bytes + 26624 authorization_section_bytes + 26625 parameter_section_bytes; 26626 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 26627 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 26628 serialized_command->size()); 26629 return TPM_RC_SUCCESS; 26630 } 26631 26632 TPM_RC Tpm::ParseResponse_PolicyOR( 26633 const std::string& response, 26634 AuthorizationDelegate* authorization_delegate) { 26635 VLOG(3) << __func__; 26636 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 26637 TPM_RC rc = TPM_RC_SUCCESS; 26638 std::string buffer(response); 26639 TPM_ST tag; 26640 std::string tag_bytes; 26641 rc = Parse_TPM_ST( 26642 &buffer, 26643 &tag, 26644 &tag_bytes); 26645 if (rc != TPM_RC_SUCCESS) { 26646 return rc; 26647 } 26648 UINT32 response_size; 26649 std::string response_size_bytes; 26650 rc = Parse_UINT32( 26651 &buffer, 26652 &response_size, 26653 &response_size_bytes); 26654 if (rc != TPM_RC_SUCCESS) { 26655 return rc; 26656 } 26657 TPM_RC response_code; 26658 std::string response_code_bytes; 26659 rc = Parse_TPM_RC( 26660 &buffer, 26661 &response_code, 26662 &response_code_bytes); 26663 if (rc != TPM_RC_SUCCESS) { 26664 return rc; 26665 } 26666 if (response_size != response.size()) { 26667 return TPM_RC_SIZE; 26668 } 26669 if (response_code != TPM_RC_SUCCESS) { 26670 return response_code; 26671 } 26672 TPM_CC command_code = TPM_CC_PolicyOR; 26673 std::string command_code_bytes; 26674 rc = Serialize_TPM_CC( 26675 command_code, 26676 &command_code_bytes); 26677 if (rc != TPM_RC_SUCCESS) { 26678 return rc; 26679 } 26680 std::string authorization_section_bytes; 26681 if (tag == TPM_ST_SESSIONS) { 26682 UINT32 parameter_section_size = buffer.size(); 26683 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 26684 if (rc != TPM_RC_SUCCESS) { 26685 return rc; 26686 } 26687 if (parameter_section_size > buffer.size()) { 26688 return TPM_RC_INSUFFICIENT; 26689 } 26690 authorization_section_bytes = buffer.substr(parameter_section_size); 26691 // Keep the parameter section in |buffer|. 26692 buffer.erase(parameter_section_size); 26693 } 26694 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 26695 crypto::SecureHash::SHA256)); 26696 hash->Update(response_code_bytes.data(), 26697 response_code_bytes.size()); 26698 hash->Update(command_code_bytes.data(), 26699 command_code_bytes.size()); 26700 hash->Update(buffer.data(), 26701 buffer.size()); 26702 std::string response_hash(32, 0); 26703 hash->Finish(string_as_array(&response_hash), response_hash.size()); 26704 if (tag == TPM_ST_SESSIONS) { 26705 CHECK(authorization_delegate) << "Authorization delegate missing!"; 26706 if (!authorization_delegate->CheckResponseAuthorization( 26707 response_hash, 26708 authorization_section_bytes)) { 26709 return TRUNKS_RC_AUTHORIZATION_FAILED; 26710 } 26711 } 26712 return TPM_RC_SUCCESS; 26713 } 26714 26715 void PolicyORErrorCallback( 26716 const Tpm::PolicyORResponse& callback, 26717 TPM_RC response_code) { 26718 VLOG(1) << __func__; 26719 callback.Run(response_code); 26720 } 26721 26722 void PolicyORResponseParser( 26723 const Tpm::PolicyORResponse& callback, 26724 AuthorizationDelegate* authorization_delegate, 26725 const std::string& response) { 26726 VLOG(1) << __func__; 26727 base::Callback<void(TPM_RC)> error_reporter = 26728 base::Bind(PolicyORErrorCallback, callback); 26729 TPM_RC rc = Tpm::ParseResponse_PolicyOR( 26730 response, 26731 authorization_delegate); 26732 if (rc != TPM_RC_SUCCESS) { 26733 error_reporter.Run(rc); 26734 return; 26735 } 26736 callback.Run( 26737 rc); 26738 } 26739 26740 void Tpm::PolicyOR( 26741 const TPMI_SH_POLICY& policy_session, 26742 const std::string& policy_session_name, 26743 const TPML_DIGEST& p_hash_list, 26744 AuthorizationDelegate* authorization_delegate, 26745 const PolicyORResponse& callback) { 26746 VLOG(1) << __func__; 26747 base::Callback<void(TPM_RC)> error_reporter = 26748 base::Bind(PolicyORErrorCallback, callback); 26749 base::Callback<void(const std::string&)> parser = 26750 base::Bind(PolicyORResponseParser, 26751 callback, 26752 authorization_delegate); 26753 std::string command; 26754 TPM_RC rc = SerializeCommand_PolicyOR( 26755 policy_session, 26756 policy_session_name, 26757 p_hash_list, 26758 &command, 26759 authorization_delegate); 26760 if (rc != TPM_RC_SUCCESS) { 26761 error_reporter.Run(rc); 26762 return; 26763 } 26764 transceiver_->SendCommand(command, parser); 26765 } 26766 26767 TPM_RC Tpm::PolicyORSync( 26768 const TPMI_SH_POLICY& policy_session, 26769 const std::string& policy_session_name, 26770 const TPML_DIGEST& p_hash_list, 26771 AuthorizationDelegate* authorization_delegate) { 26772 VLOG(1) << __func__; 26773 std::string command; 26774 TPM_RC rc = SerializeCommand_PolicyOR( 26775 policy_session, 26776 policy_session_name, 26777 p_hash_list, 26778 &command, 26779 authorization_delegate); 26780 if (rc != TPM_RC_SUCCESS) { 26781 return rc; 26782 } 26783 std::string response = transceiver_->SendCommandAndWait(command); 26784 rc = ParseResponse_PolicyOR( 26785 response, 26786 authorization_delegate); 26787 return rc; 26788 } 26789 26790 TPM_RC Tpm::SerializeCommand_PolicyPCR( 26791 const TPMI_SH_POLICY& policy_session, 26792 const std::string& policy_session_name, 26793 const TPM2B_DIGEST& pcr_digest, 26794 const TPML_PCR_SELECTION& pcrs, 26795 std::string* serialized_command, 26796 AuthorizationDelegate* authorization_delegate) { 26797 VLOG(3) << __func__; 26798 TPM_RC rc = TPM_RC_SUCCESS; 26799 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 26800 UINT32 command_size = 10; // Header size. 26801 std::string handle_section_bytes; 26802 std::string parameter_section_bytes; 26803 TPM_CC command_code = TPM_CC_PolicyPCR; 26804 bool is_command_parameter_encryption_possible = true; 26805 bool is_response_parameter_encryption_possible = false; 26806 std::string command_code_bytes; 26807 rc = Serialize_TPM_CC( 26808 command_code, 26809 &command_code_bytes); 26810 if (rc != TPM_RC_SUCCESS) { 26811 return rc; 26812 } 26813 std::string policy_session_bytes; 26814 rc = Serialize_TPMI_SH_POLICY( 26815 policy_session, 26816 &policy_session_bytes); 26817 if (rc != TPM_RC_SUCCESS) { 26818 return rc; 26819 } 26820 std::string pcr_digest_bytes; 26821 rc = Serialize_TPM2B_DIGEST( 26822 pcr_digest, 26823 &pcr_digest_bytes); 26824 if (rc != TPM_RC_SUCCESS) { 26825 return rc; 26826 } 26827 std::string pcrs_bytes; 26828 rc = Serialize_TPML_PCR_SELECTION( 26829 pcrs, 26830 &pcrs_bytes); 26831 if (rc != TPM_RC_SUCCESS) { 26832 return rc; 26833 } 26834 if (authorization_delegate) { 26835 // Encrypt just the parameter data, not the size. 26836 std::string tmp = pcr_digest_bytes.substr(2); 26837 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 26838 return TRUNKS_RC_ENCRYPTION_FAILED; 26839 } 26840 pcr_digest_bytes.replace(2, std::string::npos, tmp); 26841 } 26842 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 26843 crypto::SecureHash::SHA256)); 26844 hash->Update(command_code_bytes.data(), 26845 command_code_bytes.size()); 26846 hash->Update(policy_session_name.data(), 26847 policy_session_name.size()); 26848 handle_section_bytes += policy_session_bytes; 26849 command_size += policy_session_bytes.size(); 26850 hash->Update(pcr_digest_bytes.data(), 26851 pcr_digest_bytes.size()); 26852 parameter_section_bytes += pcr_digest_bytes; 26853 command_size += pcr_digest_bytes.size(); 26854 hash->Update(pcrs_bytes.data(), 26855 pcrs_bytes.size()); 26856 parameter_section_bytes += pcrs_bytes; 26857 command_size += pcrs_bytes.size(); 26858 std::string command_hash(32, 0); 26859 hash->Finish(string_as_array(&command_hash), command_hash.size()); 26860 std::string authorization_section_bytes; 26861 std::string authorization_size_bytes; 26862 if (authorization_delegate) { 26863 if (!authorization_delegate->GetCommandAuthorization( 26864 command_hash, 26865 is_command_parameter_encryption_possible, 26866 is_response_parameter_encryption_possible, 26867 &authorization_section_bytes)) { 26868 return TRUNKS_RC_AUTHORIZATION_FAILED; 26869 } 26870 if (!authorization_section_bytes.empty()) { 26871 tag = TPM_ST_SESSIONS; 26872 std::string tmp; 26873 rc = Serialize_UINT32(authorization_section_bytes.size(), 26874 &authorization_size_bytes); 26875 if (rc != TPM_RC_SUCCESS) { 26876 return rc; 26877 } 26878 command_size += authorization_size_bytes.size() + 26879 authorization_section_bytes.size(); 26880 } 26881 } 26882 std::string tag_bytes; 26883 rc = Serialize_TPMI_ST_COMMAND_TAG( 26884 tag, 26885 &tag_bytes); 26886 if (rc != TPM_RC_SUCCESS) { 26887 return rc; 26888 } 26889 std::string command_size_bytes; 26890 rc = Serialize_UINT32( 26891 command_size, 26892 &command_size_bytes); 26893 if (rc != TPM_RC_SUCCESS) { 26894 return rc; 26895 } 26896 *serialized_command = tag_bytes + 26897 command_size_bytes + 26898 command_code_bytes + 26899 handle_section_bytes + 26900 authorization_size_bytes + 26901 authorization_section_bytes + 26902 parameter_section_bytes; 26903 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 26904 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 26905 serialized_command->size()); 26906 return TPM_RC_SUCCESS; 26907 } 26908 26909 TPM_RC Tpm::ParseResponse_PolicyPCR( 26910 const std::string& response, 26911 AuthorizationDelegate* authorization_delegate) { 26912 VLOG(3) << __func__; 26913 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 26914 TPM_RC rc = TPM_RC_SUCCESS; 26915 std::string buffer(response); 26916 TPM_ST tag; 26917 std::string tag_bytes; 26918 rc = Parse_TPM_ST( 26919 &buffer, 26920 &tag, 26921 &tag_bytes); 26922 if (rc != TPM_RC_SUCCESS) { 26923 return rc; 26924 } 26925 UINT32 response_size; 26926 std::string response_size_bytes; 26927 rc = Parse_UINT32( 26928 &buffer, 26929 &response_size, 26930 &response_size_bytes); 26931 if (rc != TPM_RC_SUCCESS) { 26932 return rc; 26933 } 26934 TPM_RC response_code; 26935 std::string response_code_bytes; 26936 rc = Parse_TPM_RC( 26937 &buffer, 26938 &response_code, 26939 &response_code_bytes); 26940 if (rc != TPM_RC_SUCCESS) { 26941 return rc; 26942 } 26943 if (response_size != response.size()) { 26944 return TPM_RC_SIZE; 26945 } 26946 if (response_code != TPM_RC_SUCCESS) { 26947 return response_code; 26948 } 26949 TPM_CC command_code = TPM_CC_PolicyPCR; 26950 std::string command_code_bytes; 26951 rc = Serialize_TPM_CC( 26952 command_code, 26953 &command_code_bytes); 26954 if (rc != TPM_RC_SUCCESS) { 26955 return rc; 26956 } 26957 std::string authorization_section_bytes; 26958 if (tag == TPM_ST_SESSIONS) { 26959 UINT32 parameter_section_size = buffer.size(); 26960 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 26961 if (rc != TPM_RC_SUCCESS) { 26962 return rc; 26963 } 26964 if (parameter_section_size > buffer.size()) { 26965 return TPM_RC_INSUFFICIENT; 26966 } 26967 authorization_section_bytes = buffer.substr(parameter_section_size); 26968 // Keep the parameter section in |buffer|. 26969 buffer.erase(parameter_section_size); 26970 } 26971 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 26972 crypto::SecureHash::SHA256)); 26973 hash->Update(response_code_bytes.data(), 26974 response_code_bytes.size()); 26975 hash->Update(command_code_bytes.data(), 26976 command_code_bytes.size()); 26977 hash->Update(buffer.data(), 26978 buffer.size()); 26979 std::string response_hash(32, 0); 26980 hash->Finish(string_as_array(&response_hash), response_hash.size()); 26981 if (tag == TPM_ST_SESSIONS) { 26982 CHECK(authorization_delegate) << "Authorization delegate missing!"; 26983 if (!authorization_delegate->CheckResponseAuthorization( 26984 response_hash, 26985 authorization_section_bytes)) { 26986 return TRUNKS_RC_AUTHORIZATION_FAILED; 26987 } 26988 } 26989 return TPM_RC_SUCCESS; 26990 } 26991 26992 void PolicyPCRErrorCallback( 26993 const Tpm::PolicyPCRResponse& callback, 26994 TPM_RC response_code) { 26995 VLOG(1) << __func__; 26996 callback.Run(response_code); 26997 } 26998 26999 void PolicyPCRResponseParser( 27000 const Tpm::PolicyPCRResponse& callback, 27001 AuthorizationDelegate* authorization_delegate, 27002 const std::string& response) { 27003 VLOG(1) << __func__; 27004 base::Callback<void(TPM_RC)> error_reporter = 27005 base::Bind(PolicyPCRErrorCallback, callback); 27006 TPM_RC rc = Tpm::ParseResponse_PolicyPCR( 27007 response, 27008 authorization_delegate); 27009 if (rc != TPM_RC_SUCCESS) { 27010 error_reporter.Run(rc); 27011 return; 27012 } 27013 callback.Run( 27014 rc); 27015 } 27016 27017 void Tpm::PolicyPCR( 27018 const TPMI_SH_POLICY& policy_session, 27019 const std::string& policy_session_name, 27020 const TPM2B_DIGEST& pcr_digest, 27021 const TPML_PCR_SELECTION& pcrs, 27022 AuthorizationDelegate* authorization_delegate, 27023 const PolicyPCRResponse& callback) { 27024 VLOG(1) << __func__; 27025 base::Callback<void(TPM_RC)> error_reporter = 27026 base::Bind(PolicyPCRErrorCallback, callback); 27027 base::Callback<void(const std::string&)> parser = 27028 base::Bind(PolicyPCRResponseParser, 27029 callback, 27030 authorization_delegate); 27031 std::string command; 27032 TPM_RC rc = SerializeCommand_PolicyPCR( 27033 policy_session, 27034 policy_session_name, 27035 pcr_digest, 27036 pcrs, 27037 &command, 27038 authorization_delegate); 27039 if (rc != TPM_RC_SUCCESS) { 27040 error_reporter.Run(rc); 27041 return; 27042 } 27043 transceiver_->SendCommand(command, parser); 27044 } 27045 27046 TPM_RC Tpm::PolicyPCRSync( 27047 const TPMI_SH_POLICY& policy_session, 27048 const std::string& policy_session_name, 27049 const TPM2B_DIGEST& pcr_digest, 27050 const TPML_PCR_SELECTION& pcrs, 27051 AuthorizationDelegate* authorization_delegate) { 27052 VLOG(1) << __func__; 27053 std::string command; 27054 TPM_RC rc = SerializeCommand_PolicyPCR( 27055 policy_session, 27056 policy_session_name, 27057 pcr_digest, 27058 pcrs, 27059 &command, 27060 authorization_delegate); 27061 if (rc != TPM_RC_SUCCESS) { 27062 return rc; 27063 } 27064 std::string response = transceiver_->SendCommandAndWait(command); 27065 rc = ParseResponse_PolicyPCR( 27066 response, 27067 authorization_delegate); 27068 return rc; 27069 } 27070 27071 TPM_RC Tpm::SerializeCommand_PolicyLocality( 27072 const TPMI_SH_POLICY& policy_session, 27073 const std::string& policy_session_name, 27074 const TPMA_LOCALITY& locality, 27075 std::string* serialized_command, 27076 AuthorizationDelegate* authorization_delegate) { 27077 VLOG(3) << __func__; 27078 TPM_RC rc = TPM_RC_SUCCESS; 27079 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 27080 UINT32 command_size = 10; // Header size. 27081 std::string handle_section_bytes; 27082 std::string parameter_section_bytes; 27083 TPM_CC command_code = TPM_CC_PolicyLocality; 27084 bool is_command_parameter_encryption_possible = false; 27085 bool is_response_parameter_encryption_possible = false; 27086 std::string command_code_bytes; 27087 rc = Serialize_TPM_CC( 27088 command_code, 27089 &command_code_bytes); 27090 if (rc != TPM_RC_SUCCESS) { 27091 return rc; 27092 } 27093 std::string policy_session_bytes; 27094 rc = Serialize_TPMI_SH_POLICY( 27095 policy_session, 27096 &policy_session_bytes); 27097 if (rc != TPM_RC_SUCCESS) { 27098 return rc; 27099 } 27100 std::string locality_bytes; 27101 rc = Serialize_TPMA_LOCALITY( 27102 locality, 27103 &locality_bytes); 27104 if (rc != TPM_RC_SUCCESS) { 27105 return rc; 27106 } 27107 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 27108 crypto::SecureHash::SHA256)); 27109 hash->Update(command_code_bytes.data(), 27110 command_code_bytes.size()); 27111 hash->Update(policy_session_name.data(), 27112 policy_session_name.size()); 27113 handle_section_bytes += policy_session_bytes; 27114 command_size += policy_session_bytes.size(); 27115 hash->Update(locality_bytes.data(), 27116 locality_bytes.size()); 27117 parameter_section_bytes += locality_bytes; 27118 command_size += locality_bytes.size(); 27119 std::string command_hash(32, 0); 27120 hash->Finish(string_as_array(&command_hash), command_hash.size()); 27121 std::string authorization_section_bytes; 27122 std::string authorization_size_bytes; 27123 if (authorization_delegate) { 27124 if (!authorization_delegate->GetCommandAuthorization( 27125 command_hash, 27126 is_command_parameter_encryption_possible, 27127 is_response_parameter_encryption_possible, 27128 &authorization_section_bytes)) { 27129 return TRUNKS_RC_AUTHORIZATION_FAILED; 27130 } 27131 if (!authorization_section_bytes.empty()) { 27132 tag = TPM_ST_SESSIONS; 27133 std::string tmp; 27134 rc = Serialize_UINT32(authorization_section_bytes.size(), 27135 &authorization_size_bytes); 27136 if (rc != TPM_RC_SUCCESS) { 27137 return rc; 27138 } 27139 command_size += authorization_size_bytes.size() + 27140 authorization_section_bytes.size(); 27141 } 27142 } 27143 std::string tag_bytes; 27144 rc = Serialize_TPMI_ST_COMMAND_TAG( 27145 tag, 27146 &tag_bytes); 27147 if (rc != TPM_RC_SUCCESS) { 27148 return rc; 27149 } 27150 std::string command_size_bytes; 27151 rc = Serialize_UINT32( 27152 command_size, 27153 &command_size_bytes); 27154 if (rc != TPM_RC_SUCCESS) { 27155 return rc; 27156 } 27157 *serialized_command = tag_bytes + 27158 command_size_bytes + 27159 command_code_bytes + 27160 handle_section_bytes + 27161 authorization_size_bytes + 27162 authorization_section_bytes + 27163 parameter_section_bytes; 27164 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 27165 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 27166 serialized_command->size()); 27167 return TPM_RC_SUCCESS; 27168 } 27169 27170 TPM_RC Tpm::ParseResponse_PolicyLocality( 27171 const std::string& response, 27172 AuthorizationDelegate* authorization_delegate) { 27173 VLOG(3) << __func__; 27174 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 27175 TPM_RC rc = TPM_RC_SUCCESS; 27176 std::string buffer(response); 27177 TPM_ST tag; 27178 std::string tag_bytes; 27179 rc = Parse_TPM_ST( 27180 &buffer, 27181 &tag, 27182 &tag_bytes); 27183 if (rc != TPM_RC_SUCCESS) { 27184 return rc; 27185 } 27186 UINT32 response_size; 27187 std::string response_size_bytes; 27188 rc = Parse_UINT32( 27189 &buffer, 27190 &response_size, 27191 &response_size_bytes); 27192 if (rc != TPM_RC_SUCCESS) { 27193 return rc; 27194 } 27195 TPM_RC response_code; 27196 std::string response_code_bytes; 27197 rc = Parse_TPM_RC( 27198 &buffer, 27199 &response_code, 27200 &response_code_bytes); 27201 if (rc != TPM_RC_SUCCESS) { 27202 return rc; 27203 } 27204 if (response_size != response.size()) { 27205 return TPM_RC_SIZE; 27206 } 27207 if (response_code != TPM_RC_SUCCESS) { 27208 return response_code; 27209 } 27210 TPM_CC command_code = TPM_CC_PolicyLocality; 27211 std::string command_code_bytes; 27212 rc = Serialize_TPM_CC( 27213 command_code, 27214 &command_code_bytes); 27215 if (rc != TPM_RC_SUCCESS) { 27216 return rc; 27217 } 27218 std::string authorization_section_bytes; 27219 if (tag == TPM_ST_SESSIONS) { 27220 UINT32 parameter_section_size = buffer.size(); 27221 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 27222 if (rc != TPM_RC_SUCCESS) { 27223 return rc; 27224 } 27225 if (parameter_section_size > buffer.size()) { 27226 return TPM_RC_INSUFFICIENT; 27227 } 27228 authorization_section_bytes = buffer.substr(parameter_section_size); 27229 // Keep the parameter section in |buffer|. 27230 buffer.erase(parameter_section_size); 27231 } 27232 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 27233 crypto::SecureHash::SHA256)); 27234 hash->Update(response_code_bytes.data(), 27235 response_code_bytes.size()); 27236 hash->Update(command_code_bytes.data(), 27237 command_code_bytes.size()); 27238 hash->Update(buffer.data(), 27239 buffer.size()); 27240 std::string response_hash(32, 0); 27241 hash->Finish(string_as_array(&response_hash), response_hash.size()); 27242 if (tag == TPM_ST_SESSIONS) { 27243 CHECK(authorization_delegate) << "Authorization delegate missing!"; 27244 if (!authorization_delegate->CheckResponseAuthorization( 27245 response_hash, 27246 authorization_section_bytes)) { 27247 return TRUNKS_RC_AUTHORIZATION_FAILED; 27248 } 27249 } 27250 return TPM_RC_SUCCESS; 27251 } 27252 27253 void PolicyLocalityErrorCallback( 27254 const Tpm::PolicyLocalityResponse& callback, 27255 TPM_RC response_code) { 27256 VLOG(1) << __func__; 27257 callback.Run(response_code); 27258 } 27259 27260 void PolicyLocalityResponseParser( 27261 const Tpm::PolicyLocalityResponse& callback, 27262 AuthorizationDelegate* authorization_delegate, 27263 const std::string& response) { 27264 VLOG(1) << __func__; 27265 base::Callback<void(TPM_RC)> error_reporter = 27266 base::Bind(PolicyLocalityErrorCallback, callback); 27267 TPM_RC rc = Tpm::ParseResponse_PolicyLocality( 27268 response, 27269 authorization_delegate); 27270 if (rc != TPM_RC_SUCCESS) { 27271 error_reporter.Run(rc); 27272 return; 27273 } 27274 callback.Run( 27275 rc); 27276 } 27277 27278 void Tpm::PolicyLocality( 27279 const TPMI_SH_POLICY& policy_session, 27280 const std::string& policy_session_name, 27281 const TPMA_LOCALITY& locality, 27282 AuthorizationDelegate* authorization_delegate, 27283 const PolicyLocalityResponse& callback) { 27284 VLOG(1) << __func__; 27285 base::Callback<void(TPM_RC)> error_reporter = 27286 base::Bind(PolicyLocalityErrorCallback, callback); 27287 base::Callback<void(const std::string&)> parser = 27288 base::Bind(PolicyLocalityResponseParser, 27289 callback, 27290 authorization_delegate); 27291 std::string command; 27292 TPM_RC rc = SerializeCommand_PolicyLocality( 27293 policy_session, 27294 policy_session_name, 27295 locality, 27296 &command, 27297 authorization_delegate); 27298 if (rc != TPM_RC_SUCCESS) { 27299 error_reporter.Run(rc); 27300 return; 27301 } 27302 transceiver_->SendCommand(command, parser); 27303 } 27304 27305 TPM_RC Tpm::PolicyLocalitySync( 27306 const TPMI_SH_POLICY& policy_session, 27307 const std::string& policy_session_name, 27308 const TPMA_LOCALITY& locality, 27309 AuthorizationDelegate* authorization_delegate) { 27310 VLOG(1) << __func__; 27311 std::string command; 27312 TPM_RC rc = SerializeCommand_PolicyLocality( 27313 policy_session, 27314 policy_session_name, 27315 locality, 27316 &command, 27317 authorization_delegate); 27318 if (rc != TPM_RC_SUCCESS) { 27319 return rc; 27320 } 27321 std::string response = transceiver_->SendCommandAndWait(command); 27322 rc = ParseResponse_PolicyLocality( 27323 response, 27324 authorization_delegate); 27325 return rc; 27326 } 27327 27328 TPM_RC Tpm::SerializeCommand_PolicyNV( 27329 const TPMI_RH_NV_AUTH& auth_handle, 27330 const std::string& auth_handle_name, 27331 const TPMI_RH_NV_INDEX& nv_index, 27332 const std::string& nv_index_name, 27333 const TPMI_SH_POLICY& policy_session, 27334 const std::string& policy_session_name, 27335 const TPM2B_OPERAND& operand_b, 27336 const UINT16& offset, 27337 const TPM_EO& operation, 27338 std::string* serialized_command, 27339 AuthorizationDelegate* authorization_delegate) { 27340 VLOG(3) << __func__; 27341 TPM_RC rc = TPM_RC_SUCCESS; 27342 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 27343 UINT32 command_size = 10; // Header size. 27344 std::string handle_section_bytes; 27345 std::string parameter_section_bytes; 27346 TPM_CC command_code = TPM_CC_PolicyNV; 27347 bool is_command_parameter_encryption_possible = true; 27348 bool is_response_parameter_encryption_possible = false; 27349 std::string command_code_bytes; 27350 rc = Serialize_TPM_CC( 27351 command_code, 27352 &command_code_bytes); 27353 if (rc != TPM_RC_SUCCESS) { 27354 return rc; 27355 } 27356 std::string auth_handle_bytes; 27357 rc = Serialize_TPMI_RH_NV_AUTH( 27358 auth_handle, 27359 &auth_handle_bytes); 27360 if (rc != TPM_RC_SUCCESS) { 27361 return rc; 27362 } 27363 std::string nv_index_bytes; 27364 rc = Serialize_TPMI_RH_NV_INDEX( 27365 nv_index, 27366 &nv_index_bytes); 27367 if (rc != TPM_RC_SUCCESS) { 27368 return rc; 27369 } 27370 std::string policy_session_bytes; 27371 rc = Serialize_TPMI_SH_POLICY( 27372 policy_session, 27373 &policy_session_bytes); 27374 if (rc != TPM_RC_SUCCESS) { 27375 return rc; 27376 } 27377 std::string operand_b_bytes; 27378 rc = Serialize_TPM2B_OPERAND( 27379 operand_b, 27380 &operand_b_bytes); 27381 if (rc != TPM_RC_SUCCESS) { 27382 return rc; 27383 } 27384 std::string offset_bytes; 27385 rc = Serialize_UINT16( 27386 offset, 27387 &offset_bytes); 27388 if (rc != TPM_RC_SUCCESS) { 27389 return rc; 27390 } 27391 std::string operation_bytes; 27392 rc = Serialize_TPM_EO( 27393 operation, 27394 &operation_bytes); 27395 if (rc != TPM_RC_SUCCESS) { 27396 return rc; 27397 } 27398 if (authorization_delegate) { 27399 // Encrypt just the parameter data, not the size. 27400 std::string tmp = operand_b_bytes.substr(2); 27401 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 27402 return TRUNKS_RC_ENCRYPTION_FAILED; 27403 } 27404 operand_b_bytes.replace(2, std::string::npos, tmp); 27405 } 27406 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 27407 crypto::SecureHash::SHA256)); 27408 hash->Update(command_code_bytes.data(), 27409 command_code_bytes.size()); 27410 hash->Update(auth_handle_name.data(), 27411 auth_handle_name.size()); 27412 handle_section_bytes += auth_handle_bytes; 27413 command_size += auth_handle_bytes.size(); 27414 hash->Update(nv_index_name.data(), 27415 nv_index_name.size()); 27416 handle_section_bytes += nv_index_bytes; 27417 command_size += nv_index_bytes.size(); 27418 hash->Update(policy_session_name.data(), 27419 policy_session_name.size()); 27420 handle_section_bytes += policy_session_bytes; 27421 command_size += policy_session_bytes.size(); 27422 hash->Update(operand_b_bytes.data(), 27423 operand_b_bytes.size()); 27424 parameter_section_bytes += operand_b_bytes; 27425 command_size += operand_b_bytes.size(); 27426 hash->Update(offset_bytes.data(), 27427 offset_bytes.size()); 27428 parameter_section_bytes += offset_bytes; 27429 command_size += offset_bytes.size(); 27430 hash->Update(operation_bytes.data(), 27431 operation_bytes.size()); 27432 parameter_section_bytes += operation_bytes; 27433 command_size += operation_bytes.size(); 27434 std::string command_hash(32, 0); 27435 hash->Finish(string_as_array(&command_hash), command_hash.size()); 27436 std::string authorization_section_bytes; 27437 std::string authorization_size_bytes; 27438 if (authorization_delegate) { 27439 if (!authorization_delegate->GetCommandAuthorization( 27440 command_hash, 27441 is_command_parameter_encryption_possible, 27442 is_response_parameter_encryption_possible, 27443 &authorization_section_bytes)) { 27444 return TRUNKS_RC_AUTHORIZATION_FAILED; 27445 } 27446 if (!authorization_section_bytes.empty()) { 27447 tag = TPM_ST_SESSIONS; 27448 std::string tmp; 27449 rc = Serialize_UINT32(authorization_section_bytes.size(), 27450 &authorization_size_bytes); 27451 if (rc != TPM_RC_SUCCESS) { 27452 return rc; 27453 } 27454 command_size += authorization_size_bytes.size() + 27455 authorization_section_bytes.size(); 27456 } 27457 } 27458 std::string tag_bytes; 27459 rc = Serialize_TPMI_ST_COMMAND_TAG( 27460 tag, 27461 &tag_bytes); 27462 if (rc != TPM_RC_SUCCESS) { 27463 return rc; 27464 } 27465 std::string command_size_bytes; 27466 rc = Serialize_UINT32( 27467 command_size, 27468 &command_size_bytes); 27469 if (rc != TPM_RC_SUCCESS) { 27470 return rc; 27471 } 27472 *serialized_command = tag_bytes + 27473 command_size_bytes + 27474 command_code_bytes + 27475 handle_section_bytes + 27476 authorization_size_bytes + 27477 authorization_section_bytes + 27478 parameter_section_bytes; 27479 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 27480 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 27481 serialized_command->size()); 27482 return TPM_RC_SUCCESS; 27483 } 27484 27485 TPM_RC Tpm::ParseResponse_PolicyNV( 27486 const std::string& response, 27487 AuthorizationDelegate* authorization_delegate) { 27488 VLOG(3) << __func__; 27489 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 27490 TPM_RC rc = TPM_RC_SUCCESS; 27491 std::string buffer(response); 27492 TPM_ST tag; 27493 std::string tag_bytes; 27494 rc = Parse_TPM_ST( 27495 &buffer, 27496 &tag, 27497 &tag_bytes); 27498 if (rc != TPM_RC_SUCCESS) { 27499 return rc; 27500 } 27501 UINT32 response_size; 27502 std::string response_size_bytes; 27503 rc = Parse_UINT32( 27504 &buffer, 27505 &response_size, 27506 &response_size_bytes); 27507 if (rc != TPM_RC_SUCCESS) { 27508 return rc; 27509 } 27510 TPM_RC response_code; 27511 std::string response_code_bytes; 27512 rc = Parse_TPM_RC( 27513 &buffer, 27514 &response_code, 27515 &response_code_bytes); 27516 if (rc != TPM_RC_SUCCESS) { 27517 return rc; 27518 } 27519 if (response_size != response.size()) { 27520 return TPM_RC_SIZE; 27521 } 27522 if (response_code != TPM_RC_SUCCESS) { 27523 return response_code; 27524 } 27525 TPM_CC command_code = TPM_CC_PolicyNV; 27526 std::string command_code_bytes; 27527 rc = Serialize_TPM_CC( 27528 command_code, 27529 &command_code_bytes); 27530 if (rc != TPM_RC_SUCCESS) { 27531 return rc; 27532 } 27533 std::string authorization_section_bytes; 27534 if (tag == TPM_ST_SESSIONS) { 27535 UINT32 parameter_section_size = buffer.size(); 27536 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 27537 if (rc != TPM_RC_SUCCESS) { 27538 return rc; 27539 } 27540 if (parameter_section_size > buffer.size()) { 27541 return TPM_RC_INSUFFICIENT; 27542 } 27543 authorization_section_bytes = buffer.substr(parameter_section_size); 27544 // Keep the parameter section in |buffer|. 27545 buffer.erase(parameter_section_size); 27546 } 27547 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 27548 crypto::SecureHash::SHA256)); 27549 hash->Update(response_code_bytes.data(), 27550 response_code_bytes.size()); 27551 hash->Update(command_code_bytes.data(), 27552 command_code_bytes.size()); 27553 hash->Update(buffer.data(), 27554 buffer.size()); 27555 std::string response_hash(32, 0); 27556 hash->Finish(string_as_array(&response_hash), response_hash.size()); 27557 if (tag == TPM_ST_SESSIONS) { 27558 CHECK(authorization_delegate) << "Authorization delegate missing!"; 27559 if (!authorization_delegate->CheckResponseAuthorization( 27560 response_hash, 27561 authorization_section_bytes)) { 27562 return TRUNKS_RC_AUTHORIZATION_FAILED; 27563 } 27564 } 27565 return TPM_RC_SUCCESS; 27566 } 27567 27568 void PolicyNVErrorCallback( 27569 const Tpm::PolicyNVResponse& callback, 27570 TPM_RC response_code) { 27571 VLOG(1) << __func__; 27572 callback.Run(response_code); 27573 } 27574 27575 void PolicyNVResponseParser( 27576 const Tpm::PolicyNVResponse& callback, 27577 AuthorizationDelegate* authorization_delegate, 27578 const std::string& response) { 27579 VLOG(1) << __func__; 27580 base::Callback<void(TPM_RC)> error_reporter = 27581 base::Bind(PolicyNVErrorCallback, callback); 27582 TPM_RC rc = Tpm::ParseResponse_PolicyNV( 27583 response, 27584 authorization_delegate); 27585 if (rc != TPM_RC_SUCCESS) { 27586 error_reporter.Run(rc); 27587 return; 27588 } 27589 callback.Run( 27590 rc); 27591 } 27592 27593 void Tpm::PolicyNV( 27594 const TPMI_RH_NV_AUTH& auth_handle, 27595 const std::string& auth_handle_name, 27596 const TPMI_RH_NV_INDEX& nv_index, 27597 const std::string& nv_index_name, 27598 const TPMI_SH_POLICY& policy_session, 27599 const std::string& policy_session_name, 27600 const TPM2B_OPERAND& operand_b, 27601 const UINT16& offset, 27602 const TPM_EO& operation, 27603 AuthorizationDelegate* authorization_delegate, 27604 const PolicyNVResponse& callback) { 27605 VLOG(1) << __func__; 27606 base::Callback<void(TPM_RC)> error_reporter = 27607 base::Bind(PolicyNVErrorCallback, callback); 27608 base::Callback<void(const std::string&)> parser = 27609 base::Bind(PolicyNVResponseParser, 27610 callback, 27611 authorization_delegate); 27612 std::string command; 27613 TPM_RC rc = SerializeCommand_PolicyNV( 27614 auth_handle, 27615 auth_handle_name, 27616 nv_index, 27617 nv_index_name, 27618 policy_session, 27619 policy_session_name, 27620 operand_b, 27621 offset, 27622 operation, 27623 &command, 27624 authorization_delegate); 27625 if (rc != TPM_RC_SUCCESS) { 27626 error_reporter.Run(rc); 27627 return; 27628 } 27629 transceiver_->SendCommand(command, parser); 27630 } 27631 27632 TPM_RC Tpm::PolicyNVSync( 27633 const TPMI_RH_NV_AUTH& auth_handle, 27634 const std::string& auth_handle_name, 27635 const TPMI_RH_NV_INDEX& nv_index, 27636 const std::string& nv_index_name, 27637 const TPMI_SH_POLICY& policy_session, 27638 const std::string& policy_session_name, 27639 const TPM2B_OPERAND& operand_b, 27640 const UINT16& offset, 27641 const TPM_EO& operation, 27642 AuthorizationDelegate* authorization_delegate) { 27643 VLOG(1) << __func__; 27644 std::string command; 27645 TPM_RC rc = SerializeCommand_PolicyNV( 27646 auth_handle, 27647 auth_handle_name, 27648 nv_index, 27649 nv_index_name, 27650 policy_session, 27651 policy_session_name, 27652 operand_b, 27653 offset, 27654 operation, 27655 &command, 27656 authorization_delegate); 27657 if (rc != TPM_RC_SUCCESS) { 27658 return rc; 27659 } 27660 std::string response = transceiver_->SendCommandAndWait(command); 27661 rc = ParseResponse_PolicyNV( 27662 response, 27663 authorization_delegate); 27664 return rc; 27665 } 27666 27667 TPM_RC Tpm::SerializeCommand_PolicyCounterTimer( 27668 const TPMI_SH_POLICY& policy_session, 27669 const std::string& policy_session_name, 27670 const TPM2B_OPERAND& operand_b, 27671 const UINT16& offset, 27672 const TPM_EO& operation, 27673 std::string* serialized_command, 27674 AuthorizationDelegate* authorization_delegate) { 27675 VLOG(3) << __func__; 27676 TPM_RC rc = TPM_RC_SUCCESS; 27677 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 27678 UINT32 command_size = 10; // Header size. 27679 std::string handle_section_bytes; 27680 std::string parameter_section_bytes; 27681 TPM_CC command_code = TPM_CC_PolicyCounterTimer; 27682 bool is_command_parameter_encryption_possible = true; 27683 bool is_response_parameter_encryption_possible = false; 27684 std::string command_code_bytes; 27685 rc = Serialize_TPM_CC( 27686 command_code, 27687 &command_code_bytes); 27688 if (rc != TPM_RC_SUCCESS) { 27689 return rc; 27690 } 27691 std::string policy_session_bytes; 27692 rc = Serialize_TPMI_SH_POLICY( 27693 policy_session, 27694 &policy_session_bytes); 27695 if (rc != TPM_RC_SUCCESS) { 27696 return rc; 27697 } 27698 std::string operand_b_bytes; 27699 rc = Serialize_TPM2B_OPERAND( 27700 operand_b, 27701 &operand_b_bytes); 27702 if (rc != TPM_RC_SUCCESS) { 27703 return rc; 27704 } 27705 std::string offset_bytes; 27706 rc = Serialize_UINT16( 27707 offset, 27708 &offset_bytes); 27709 if (rc != TPM_RC_SUCCESS) { 27710 return rc; 27711 } 27712 std::string operation_bytes; 27713 rc = Serialize_TPM_EO( 27714 operation, 27715 &operation_bytes); 27716 if (rc != TPM_RC_SUCCESS) { 27717 return rc; 27718 } 27719 if (authorization_delegate) { 27720 // Encrypt just the parameter data, not the size. 27721 std::string tmp = operand_b_bytes.substr(2); 27722 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 27723 return TRUNKS_RC_ENCRYPTION_FAILED; 27724 } 27725 operand_b_bytes.replace(2, std::string::npos, tmp); 27726 } 27727 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 27728 crypto::SecureHash::SHA256)); 27729 hash->Update(command_code_bytes.data(), 27730 command_code_bytes.size()); 27731 hash->Update(policy_session_name.data(), 27732 policy_session_name.size()); 27733 handle_section_bytes += policy_session_bytes; 27734 command_size += policy_session_bytes.size(); 27735 hash->Update(operand_b_bytes.data(), 27736 operand_b_bytes.size()); 27737 parameter_section_bytes += operand_b_bytes; 27738 command_size += operand_b_bytes.size(); 27739 hash->Update(offset_bytes.data(), 27740 offset_bytes.size()); 27741 parameter_section_bytes += offset_bytes; 27742 command_size += offset_bytes.size(); 27743 hash->Update(operation_bytes.data(), 27744 operation_bytes.size()); 27745 parameter_section_bytes += operation_bytes; 27746 command_size += operation_bytes.size(); 27747 std::string command_hash(32, 0); 27748 hash->Finish(string_as_array(&command_hash), command_hash.size()); 27749 std::string authorization_section_bytes; 27750 std::string authorization_size_bytes; 27751 if (authorization_delegate) { 27752 if (!authorization_delegate->GetCommandAuthorization( 27753 command_hash, 27754 is_command_parameter_encryption_possible, 27755 is_response_parameter_encryption_possible, 27756 &authorization_section_bytes)) { 27757 return TRUNKS_RC_AUTHORIZATION_FAILED; 27758 } 27759 if (!authorization_section_bytes.empty()) { 27760 tag = TPM_ST_SESSIONS; 27761 std::string tmp; 27762 rc = Serialize_UINT32(authorization_section_bytes.size(), 27763 &authorization_size_bytes); 27764 if (rc != TPM_RC_SUCCESS) { 27765 return rc; 27766 } 27767 command_size += authorization_size_bytes.size() + 27768 authorization_section_bytes.size(); 27769 } 27770 } 27771 std::string tag_bytes; 27772 rc = Serialize_TPMI_ST_COMMAND_TAG( 27773 tag, 27774 &tag_bytes); 27775 if (rc != TPM_RC_SUCCESS) { 27776 return rc; 27777 } 27778 std::string command_size_bytes; 27779 rc = Serialize_UINT32( 27780 command_size, 27781 &command_size_bytes); 27782 if (rc != TPM_RC_SUCCESS) { 27783 return rc; 27784 } 27785 *serialized_command = tag_bytes + 27786 command_size_bytes + 27787 command_code_bytes + 27788 handle_section_bytes + 27789 authorization_size_bytes + 27790 authorization_section_bytes + 27791 parameter_section_bytes; 27792 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 27793 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 27794 serialized_command->size()); 27795 return TPM_RC_SUCCESS; 27796 } 27797 27798 TPM_RC Tpm::ParseResponse_PolicyCounterTimer( 27799 const std::string& response, 27800 AuthorizationDelegate* authorization_delegate) { 27801 VLOG(3) << __func__; 27802 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 27803 TPM_RC rc = TPM_RC_SUCCESS; 27804 std::string buffer(response); 27805 TPM_ST tag; 27806 std::string tag_bytes; 27807 rc = Parse_TPM_ST( 27808 &buffer, 27809 &tag, 27810 &tag_bytes); 27811 if (rc != TPM_RC_SUCCESS) { 27812 return rc; 27813 } 27814 UINT32 response_size; 27815 std::string response_size_bytes; 27816 rc = Parse_UINT32( 27817 &buffer, 27818 &response_size, 27819 &response_size_bytes); 27820 if (rc != TPM_RC_SUCCESS) { 27821 return rc; 27822 } 27823 TPM_RC response_code; 27824 std::string response_code_bytes; 27825 rc = Parse_TPM_RC( 27826 &buffer, 27827 &response_code, 27828 &response_code_bytes); 27829 if (rc != TPM_RC_SUCCESS) { 27830 return rc; 27831 } 27832 if (response_size != response.size()) { 27833 return TPM_RC_SIZE; 27834 } 27835 if (response_code != TPM_RC_SUCCESS) { 27836 return response_code; 27837 } 27838 TPM_CC command_code = TPM_CC_PolicyCounterTimer; 27839 std::string command_code_bytes; 27840 rc = Serialize_TPM_CC( 27841 command_code, 27842 &command_code_bytes); 27843 if (rc != TPM_RC_SUCCESS) { 27844 return rc; 27845 } 27846 std::string authorization_section_bytes; 27847 if (tag == TPM_ST_SESSIONS) { 27848 UINT32 parameter_section_size = buffer.size(); 27849 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 27850 if (rc != TPM_RC_SUCCESS) { 27851 return rc; 27852 } 27853 if (parameter_section_size > buffer.size()) { 27854 return TPM_RC_INSUFFICIENT; 27855 } 27856 authorization_section_bytes = buffer.substr(parameter_section_size); 27857 // Keep the parameter section in |buffer|. 27858 buffer.erase(parameter_section_size); 27859 } 27860 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 27861 crypto::SecureHash::SHA256)); 27862 hash->Update(response_code_bytes.data(), 27863 response_code_bytes.size()); 27864 hash->Update(command_code_bytes.data(), 27865 command_code_bytes.size()); 27866 hash->Update(buffer.data(), 27867 buffer.size()); 27868 std::string response_hash(32, 0); 27869 hash->Finish(string_as_array(&response_hash), response_hash.size()); 27870 if (tag == TPM_ST_SESSIONS) { 27871 CHECK(authorization_delegate) << "Authorization delegate missing!"; 27872 if (!authorization_delegate->CheckResponseAuthorization( 27873 response_hash, 27874 authorization_section_bytes)) { 27875 return TRUNKS_RC_AUTHORIZATION_FAILED; 27876 } 27877 } 27878 return TPM_RC_SUCCESS; 27879 } 27880 27881 void PolicyCounterTimerErrorCallback( 27882 const Tpm::PolicyCounterTimerResponse& callback, 27883 TPM_RC response_code) { 27884 VLOG(1) << __func__; 27885 callback.Run(response_code); 27886 } 27887 27888 void PolicyCounterTimerResponseParser( 27889 const Tpm::PolicyCounterTimerResponse& callback, 27890 AuthorizationDelegate* authorization_delegate, 27891 const std::string& response) { 27892 VLOG(1) << __func__; 27893 base::Callback<void(TPM_RC)> error_reporter = 27894 base::Bind(PolicyCounterTimerErrorCallback, callback); 27895 TPM_RC rc = Tpm::ParseResponse_PolicyCounterTimer( 27896 response, 27897 authorization_delegate); 27898 if (rc != TPM_RC_SUCCESS) { 27899 error_reporter.Run(rc); 27900 return; 27901 } 27902 callback.Run( 27903 rc); 27904 } 27905 27906 void Tpm::PolicyCounterTimer( 27907 const TPMI_SH_POLICY& policy_session, 27908 const std::string& policy_session_name, 27909 const TPM2B_OPERAND& operand_b, 27910 const UINT16& offset, 27911 const TPM_EO& operation, 27912 AuthorizationDelegate* authorization_delegate, 27913 const PolicyCounterTimerResponse& callback) { 27914 VLOG(1) << __func__; 27915 base::Callback<void(TPM_RC)> error_reporter = 27916 base::Bind(PolicyCounterTimerErrorCallback, callback); 27917 base::Callback<void(const std::string&)> parser = 27918 base::Bind(PolicyCounterTimerResponseParser, 27919 callback, 27920 authorization_delegate); 27921 std::string command; 27922 TPM_RC rc = SerializeCommand_PolicyCounterTimer( 27923 policy_session, 27924 policy_session_name, 27925 operand_b, 27926 offset, 27927 operation, 27928 &command, 27929 authorization_delegate); 27930 if (rc != TPM_RC_SUCCESS) { 27931 error_reporter.Run(rc); 27932 return; 27933 } 27934 transceiver_->SendCommand(command, parser); 27935 } 27936 27937 TPM_RC Tpm::PolicyCounterTimerSync( 27938 const TPMI_SH_POLICY& policy_session, 27939 const std::string& policy_session_name, 27940 const TPM2B_OPERAND& operand_b, 27941 const UINT16& offset, 27942 const TPM_EO& operation, 27943 AuthorizationDelegate* authorization_delegate) { 27944 VLOG(1) << __func__; 27945 std::string command; 27946 TPM_RC rc = SerializeCommand_PolicyCounterTimer( 27947 policy_session, 27948 policy_session_name, 27949 operand_b, 27950 offset, 27951 operation, 27952 &command, 27953 authorization_delegate); 27954 if (rc != TPM_RC_SUCCESS) { 27955 return rc; 27956 } 27957 std::string response = transceiver_->SendCommandAndWait(command); 27958 rc = ParseResponse_PolicyCounterTimer( 27959 response, 27960 authorization_delegate); 27961 return rc; 27962 } 27963 27964 TPM_RC Tpm::SerializeCommand_PolicyCommandCode( 27965 const TPMI_SH_POLICY& policy_session, 27966 const std::string& policy_session_name, 27967 const TPM_CC& code, 27968 std::string* serialized_command, 27969 AuthorizationDelegate* authorization_delegate) { 27970 VLOG(3) << __func__; 27971 TPM_RC rc = TPM_RC_SUCCESS; 27972 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 27973 UINT32 command_size = 10; // Header size. 27974 std::string handle_section_bytes; 27975 std::string parameter_section_bytes; 27976 TPM_CC command_code = TPM_CC_PolicyCommandCode; 27977 bool is_command_parameter_encryption_possible = false; 27978 bool is_response_parameter_encryption_possible = false; 27979 std::string command_code_bytes; 27980 rc = Serialize_TPM_CC( 27981 command_code, 27982 &command_code_bytes); 27983 if (rc != TPM_RC_SUCCESS) { 27984 return rc; 27985 } 27986 std::string policy_session_bytes; 27987 rc = Serialize_TPMI_SH_POLICY( 27988 policy_session, 27989 &policy_session_bytes); 27990 if (rc != TPM_RC_SUCCESS) { 27991 return rc; 27992 } 27993 std::string code_bytes; 27994 rc = Serialize_TPM_CC( 27995 code, 27996 &code_bytes); 27997 if (rc != TPM_RC_SUCCESS) { 27998 return rc; 27999 } 28000 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 28001 crypto::SecureHash::SHA256)); 28002 hash->Update(command_code_bytes.data(), 28003 command_code_bytes.size()); 28004 hash->Update(policy_session_name.data(), 28005 policy_session_name.size()); 28006 handle_section_bytes += policy_session_bytes; 28007 command_size += policy_session_bytes.size(); 28008 hash->Update(code_bytes.data(), 28009 code_bytes.size()); 28010 parameter_section_bytes += code_bytes; 28011 command_size += code_bytes.size(); 28012 std::string command_hash(32, 0); 28013 hash->Finish(string_as_array(&command_hash), command_hash.size()); 28014 std::string authorization_section_bytes; 28015 std::string authorization_size_bytes; 28016 if (authorization_delegate) { 28017 if (!authorization_delegate->GetCommandAuthorization( 28018 command_hash, 28019 is_command_parameter_encryption_possible, 28020 is_response_parameter_encryption_possible, 28021 &authorization_section_bytes)) { 28022 return TRUNKS_RC_AUTHORIZATION_FAILED; 28023 } 28024 if (!authorization_section_bytes.empty()) { 28025 tag = TPM_ST_SESSIONS; 28026 std::string tmp; 28027 rc = Serialize_UINT32(authorization_section_bytes.size(), 28028 &authorization_size_bytes); 28029 if (rc != TPM_RC_SUCCESS) { 28030 return rc; 28031 } 28032 command_size += authorization_size_bytes.size() + 28033 authorization_section_bytes.size(); 28034 } 28035 } 28036 std::string tag_bytes; 28037 rc = Serialize_TPMI_ST_COMMAND_TAG( 28038 tag, 28039 &tag_bytes); 28040 if (rc != TPM_RC_SUCCESS) { 28041 return rc; 28042 } 28043 std::string command_size_bytes; 28044 rc = Serialize_UINT32( 28045 command_size, 28046 &command_size_bytes); 28047 if (rc != TPM_RC_SUCCESS) { 28048 return rc; 28049 } 28050 *serialized_command = tag_bytes + 28051 command_size_bytes + 28052 command_code_bytes + 28053 handle_section_bytes + 28054 authorization_size_bytes + 28055 authorization_section_bytes + 28056 parameter_section_bytes; 28057 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 28058 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 28059 serialized_command->size()); 28060 return TPM_RC_SUCCESS; 28061 } 28062 28063 TPM_RC Tpm::ParseResponse_PolicyCommandCode( 28064 const std::string& response, 28065 AuthorizationDelegate* authorization_delegate) { 28066 VLOG(3) << __func__; 28067 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 28068 TPM_RC rc = TPM_RC_SUCCESS; 28069 std::string buffer(response); 28070 TPM_ST tag; 28071 std::string tag_bytes; 28072 rc = Parse_TPM_ST( 28073 &buffer, 28074 &tag, 28075 &tag_bytes); 28076 if (rc != TPM_RC_SUCCESS) { 28077 return rc; 28078 } 28079 UINT32 response_size; 28080 std::string response_size_bytes; 28081 rc = Parse_UINT32( 28082 &buffer, 28083 &response_size, 28084 &response_size_bytes); 28085 if (rc != TPM_RC_SUCCESS) { 28086 return rc; 28087 } 28088 TPM_RC response_code; 28089 std::string response_code_bytes; 28090 rc = Parse_TPM_RC( 28091 &buffer, 28092 &response_code, 28093 &response_code_bytes); 28094 if (rc != TPM_RC_SUCCESS) { 28095 return rc; 28096 } 28097 if (response_size != response.size()) { 28098 return TPM_RC_SIZE; 28099 } 28100 if (response_code != TPM_RC_SUCCESS) { 28101 return response_code; 28102 } 28103 TPM_CC command_code = TPM_CC_PolicyCommandCode; 28104 std::string command_code_bytes; 28105 rc = Serialize_TPM_CC( 28106 command_code, 28107 &command_code_bytes); 28108 if (rc != TPM_RC_SUCCESS) { 28109 return rc; 28110 } 28111 std::string authorization_section_bytes; 28112 if (tag == TPM_ST_SESSIONS) { 28113 UINT32 parameter_section_size = buffer.size(); 28114 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 28115 if (rc != TPM_RC_SUCCESS) { 28116 return rc; 28117 } 28118 if (parameter_section_size > buffer.size()) { 28119 return TPM_RC_INSUFFICIENT; 28120 } 28121 authorization_section_bytes = buffer.substr(parameter_section_size); 28122 // Keep the parameter section in |buffer|. 28123 buffer.erase(parameter_section_size); 28124 } 28125 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 28126 crypto::SecureHash::SHA256)); 28127 hash->Update(response_code_bytes.data(), 28128 response_code_bytes.size()); 28129 hash->Update(command_code_bytes.data(), 28130 command_code_bytes.size()); 28131 hash->Update(buffer.data(), 28132 buffer.size()); 28133 std::string response_hash(32, 0); 28134 hash->Finish(string_as_array(&response_hash), response_hash.size()); 28135 if (tag == TPM_ST_SESSIONS) { 28136 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28137 if (!authorization_delegate->CheckResponseAuthorization( 28138 response_hash, 28139 authorization_section_bytes)) { 28140 return TRUNKS_RC_AUTHORIZATION_FAILED; 28141 } 28142 } 28143 return TPM_RC_SUCCESS; 28144 } 28145 28146 void PolicyCommandCodeErrorCallback( 28147 const Tpm::PolicyCommandCodeResponse& callback, 28148 TPM_RC response_code) { 28149 VLOG(1) << __func__; 28150 callback.Run(response_code); 28151 } 28152 28153 void PolicyCommandCodeResponseParser( 28154 const Tpm::PolicyCommandCodeResponse& callback, 28155 AuthorizationDelegate* authorization_delegate, 28156 const std::string& response) { 28157 VLOG(1) << __func__; 28158 base::Callback<void(TPM_RC)> error_reporter = 28159 base::Bind(PolicyCommandCodeErrorCallback, callback); 28160 TPM_RC rc = Tpm::ParseResponse_PolicyCommandCode( 28161 response, 28162 authorization_delegate); 28163 if (rc != TPM_RC_SUCCESS) { 28164 error_reporter.Run(rc); 28165 return; 28166 } 28167 callback.Run( 28168 rc); 28169 } 28170 28171 void Tpm::PolicyCommandCode( 28172 const TPMI_SH_POLICY& policy_session, 28173 const std::string& policy_session_name, 28174 const TPM_CC& code, 28175 AuthorizationDelegate* authorization_delegate, 28176 const PolicyCommandCodeResponse& callback) { 28177 VLOG(1) << __func__; 28178 base::Callback<void(TPM_RC)> error_reporter = 28179 base::Bind(PolicyCommandCodeErrorCallback, callback); 28180 base::Callback<void(const std::string&)> parser = 28181 base::Bind(PolicyCommandCodeResponseParser, 28182 callback, 28183 authorization_delegate); 28184 std::string command; 28185 TPM_RC rc = SerializeCommand_PolicyCommandCode( 28186 policy_session, 28187 policy_session_name, 28188 code, 28189 &command, 28190 authorization_delegate); 28191 if (rc != TPM_RC_SUCCESS) { 28192 error_reporter.Run(rc); 28193 return; 28194 } 28195 transceiver_->SendCommand(command, parser); 28196 } 28197 28198 TPM_RC Tpm::PolicyCommandCodeSync( 28199 const TPMI_SH_POLICY& policy_session, 28200 const std::string& policy_session_name, 28201 const TPM_CC& code, 28202 AuthorizationDelegate* authorization_delegate) { 28203 VLOG(1) << __func__; 28204 std::string command; 28205 TPM_RC rc = SerializeCommand_PolicyCommandCode( 28206 policy_session, 28207 policy_session_name, 28208 code, 28209 &command, 28210 authorization_delegate); 28211 if (rc != TPM_RC_SUCCESS) { 28212 return rc; 28213 } 28214 std::string response = transceiver_->SendCommandAndWait(command); 28215 rc = ParseResponse_PolicyCommandCode( 28216 response, 28217 authorization_delegate); 28218 return rc; 28219 } 28220 28221 TPM_RC Tpm::SerializeCommand_PolicyPhysicalPresence( 28222 const TPMI_SH_POLICY& policy_session, 28223 const std::string& policy_session_name, 28224 std::string* serialized_command, 28225 AuthorizationDelegate* authorization_delegate) { 28226 VLOG(3) << __func__; 28227 TPM_RC rc = TPM_RC_SUCCESS; 28228 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 28229 UINT32 command_size = 10; // Header size. 28230 std::string handle_section_bytes; 28231 std::string parameter_section_bytes; 28232 TPM_CC command_code = TPM_CC_PolicyPhysicalPresence; 28233 bool is_command_parameter_encryption_possible = false; 28234 bool is_response_parameter_encryption_possible = false; 28235 std::string command_code_bytes; 28236 rc = Serialize_TPM_CC( 28237 command_code, 28238 &command_code_bytes); 28239 if (rc != TPM_RC_SUCCESS) { 28240 return rc; 28241 } 28242 std::string policy_session_bytes; 28243 rc = Serialize_TPMI_SH_POLICY( 28244 policy_session, 28245 &policy_session_bytes); 28246 if (rc != TPM_RC_SUCCESS) { 28247 return rc; 28248 } 28249 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 28250 crypto::SecureHash::SHA256)); 28251 hash->Update(command_code_bytes.data(), 28252 command_code_bytes.size()); 28253 hash->Update(policy_session_name.data(), 28254 policy_session_name.size()); 28255 handle_section_bytes += policy_session_bytes; 28256 command_size += policy_session_bytes.size(); 28257 std::string command_hash(32, 0); 28258 hash->Finish(string_as_array(&command_hash), command_hash.size()); 28259 std::string authorization_section_bytes; 28260 std::string authorization_size_bytes; 28261 if (authorization_delegate) { 28262 if (!authorization_delegate->GetCommandAuthorization( 28263 command_hash, 28264 is_command_parameter_encryption_possible, 28265 is_response_parameter_encryption_possible, 28266 &authorization_section_bytes)) { 28267 return TRUNKS_RC_AUTHORIZATION_FAILED; 28268 } 28269 if (!authorization_section_bytes.empty()) { 28270 tag = TPM_ST_SESSIONS; 28271 std::string tmp; 28272 rc = Serialize_UINT32(authorization_section_bytes.size(), 28273 &authorization_size_bytes); 28274 if (rc != TPM_RC_SUCCESS) { 28275 return rc; 28276 } 28277 command_size += authorization_size_bytes.size() + 28278 authorization_section_bytes.size(); 28279 } 28280 } 28281 std::string tag_bytes; 28282 rc = Serialize_TPMI_ST_COMMAND_TAG( 28283 tag, 28284 &tag_bytes); 28285 if (rc != TPM_RC_SUCCESS) { 28286 return rc; 28287 } 28288 std::string command_size_bytes; 28289 rc = Serialize_UINT32( 28290 command_size, 28291 &command_size_bytes); 28292 if (rc != TPM_RC_SUCCESS) { 28293 return rc; 28294 } 28295 *serialized_command = tag_bytes + 28296 command_size_bytes + 28297 command_code_bytes + 28298 handle_section_bytes + 28299 authorization_size_bytes + 28300 authorization_section_bytes + 28301 parameter_section_bytes; 28302 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 28303 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 28304 serialized_command->size()); 28305 return TPM_RC_SUCCESS; 28306 } 28307 28308 TPM_RC Tpm::ParseResponse_PolicyPhysicalPresence( 28309 const std::string& response, 28310 AuthorizationDelegate* authorization_delegate) { 28311 VLOG(3) << __func__; 28312 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 28313 TPM_RC rc = TPM_RC_SUCCESS; 28314 std::string buffer(response); 28315 TPM_ST tag; 28316 std::string tag_bytes; 28317 rc = Parse_TPM_ST( 28318 &buffer, 28319 &tag, 28320 &tag_bytes); 28321 if (rc != TPM_RC_SUCCESS) { 28322 return rc; 28323 } 28324 UINT32 response_size; 28325 std::string response_size_bytes; 28326 rc = Parse_UINT32( 28327 &buffer, 28328 &response_size, 28329 &response_size_bytes); 28330 if (rc != TPM_RC_SUCCESS) { 28331 return rc; 28332 } 28333 TPM_RC response_code; 28334 std::string response_code_bytes; 28335 rc = Parse_TPM_RC( 28336 &buffer, 28337 &response_code, 28338 &response_code_bytes); 28339 if (rc != TPM_RC_SUCCESS) { 28340 return rc; 28341 } 28342 if (response_size != response.size()) { 28343 return TPM_RC_SIZE; 28344 } 28345 if (response_code != TPM_RC_SUCCESS) { 28346 return response_code; 28347 } 28348 TPM_CC command_code = TPM_CC_PolicyPhysicalPresence; 28349 std::string command_code_bytes; 28350 rc = Serialize_TPM_CC( 28351 command_code, 28352 &command_code_bytes); 28353 if (rc != TPM_RC_SUCCESS) { 28354 return rc; 28355 } 28356 std::string authorization_section_bytes; 28357 if (tag == TPM_ST_SESSIONS) { 28358 UINT32 parameter_section_size = buffer.size(); 28359 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 28360 if (rc != TPM_RC_SUCCESS) { 28361 return rc; 28362 } 28363 if (parameter_section_size > buffer.size()) { 28364 return TPM_RC_INSUFFICIENT; 28365 } 28366 authorization_section_bytes = buffer.substr(parameter_section_size); 28367 // Keep the parameter section in |buffer|. 28368 buffer.erase(parameter_section_size); 28369 } 28370 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 28371 crypto::SecureHash::SHA256)); 28372 hash->Update(response_code_bytes.data(), 28373 response_code_bytes.size()); 28374 hash->Update(command_code_bytes.data(), 28375 command_code_bytes.size()); 28376 hash->Update(buffer.data(), 28377 buffer.size()); 28378 std::string response_hash(32, 0); 28379 hash->Finish(string_as_array(&response_hash), response_hash.size()); 28380 if (tag == TPM_ST_SESSIONS) { 28381 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28382 if (!authorization_delegate->CheckResponseAuthorization( 28383 response_hash, 28384 authorization_section_bytes)) { 28385 return TRUNKS_RC_AUTHORIZATION_FAILED; 28386 } 28387 } 28388 return TPM_RC_SUCCESS; 28389 } 28390 28391 void PolicyPhysicalPresenceErrorCallback( 28392 const Tpm::PolicyPhysicalPresenceResponse& callback, 28393 TPM_RC response_code) { 28394 VLOG(1) << __func__; 28395 callback.Run(response_code); 28396 } 28397 28398 void PolicyPhysicalPresenceResponseParser( 28399 const Tpm::PolicyPhysicalPresenceResponse& callback, 28400 AuthorizationDelegate* authorization_delegate, 28401 const std::string& response) { 28402 VLOG(1) << __func__; 28403 base::Callback<void(TPM_RC)> error_reporter = 28404 base::Bind(PolicyPhysicalPresenceErrorCallback, callback); 28405 TPM_RC rc = Tpm::ParseResponse_PolicyPhysicalPresence( 28406 response, 28407 authorization_delegate); 28408 if (rc != TPM_RC_SUCCESS) { 28409 error_reporter.Run(rc); 28410 return; 28411 } 28412 callback.Run( 28413 rc); 28414 } 28415 28416 void Tpm::PolicyPhysicalPresence( 28417 const TPMI_SH_POLICY& policy_session, 28418 const std::string& policy_session_name, 28419 AuthorizationDelegate* authorization_delegate, 28420 const PolicyPhysicalPresenceResponse& callback) { 28421 VLOG(1) << __func__; 28422 base::Callback<void(TPM_RC)> error_reporter = 28423 base::Bind(PolicyPhysicalPresenceErrorCallback, callback); 28424 base::Callback<void(const std::string&)> parser = 28425 base::Bind(PolicyPhysicalPresenceResponseParser, 28426 callback, 28427 authorization_delegate); 28428 std::string command; 28429 TPM_RC rc = SerializeCommand_PolicyPhysicalPresence( 28430 policy_session, 28431 policy_session_name, 28432 &command, 28433 authorization_delegate); 28434 if (rc != TPM_RC_SUCCESS) { 28435 error_reporter.Run(rc); 28436 return; 28437 } 28438 transceiver_->SendCommand(command, parser); 28439 } 28440 28441 TPM_RC Tpm::PolicyPhysicalPresenceSync( 28442 const TPMI_SH_POLICY& policy_session, 28443 const std::string& policy_session_name, 28444 AuthorizationDelegate* authorization_delegate) { 28445 VLOG(1) << __func__; 28446 std::string command; 28447 TPM_RC rc = SerializeCommand_PolicyPhysicalPresence( 28448 policy_session, 28449 policy_session_name, 28450 &command, 28451 authorization_delegate); 28452 if (rc != TPM_RC_SUCCESS) { 28453 return rc; 28454 } 28455 std::string response = transceiver_->SendCommandAndWait(command); 28456 rc = ParseResponse_PolicyPhysicalPresence( 28457 response, 28458 authorization_delegate); 28459 return rc; 28460 } 28461 28462 TPM_RC Tpm::SerializeCommand_PolicyCpHash( 28463 const TPMI_SH_POLICY& policy_session, 28464 const std::string& policy_session_name, 28465 const TPM2B_DIGEST& cp_hash_a, 28466 std::string* serialized_command, 28467 AuthorizationDelegate* authorization_delegate) { 28468 VLOG(3) << __func__; 28469 TPM_RC rc = TPM_RC_SUCCESS; 28470 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 28471 UINT32 command_size = 10; // Header size. 28472 std::string handle_section_bytes; 28473 std::string parameter_section_bytes; 28474 TPM_CC command_code = TPM_CC_PolicyCpHash; 28475 bool is_command_parameter_encryption_possible = true; 28476 bool is_response_parameter_encryption_possible = false; 28477 std::string command_code_bytes; 28478 rc = Serialize_TPM_CC( 28479 command_code, 28480 &command_code_bytes); 28481 if (rc != TPM_RC_SUCCESS) { 28482 return rc; 28483 } 28484 std::string policy_session_bytes; 28485 rc = Serialize_TPMI_SH_POLICY( 28486 policy_session, 28487 &policy_session_bytes); 28488 if (rc != TPM_RC_SUCCESS) { 28489 return rc; 28490 } 28491 std::string cp_hash_a_bytes; 28492 rc = Serialize_TPM2B_DIGEST( 28493 cp_hash_a, 28494 &cp_hash_a_bytes); 28495 if (rc != TPM_RC_SUCCESS) { 28496 return rc; 28497 } 28498 if (authorization_delegate) { 28499 // Encrypt just the parameter data, not the size. 28500 std::string tmp = cp_hash_a_bytes.substr(2); 28501 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 28502 return TRUNKS_RC_ENCRYPTION_FAILED; 28503 } 28504 cp_hash_a_bytes.replace(2, std::string::npos, tmp); 28505 } 28506 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 28507 crypto::SecureHash::SHA256)); 28508 hash->Update(command_code_bytes.data(), 28509 command_code_bytes.size()); 28510 hash->Update(policy_session_name.data(), 28511 policy_session_name.size()); 28512 handle_section_bytes += policy_session_bytes; 28513 command_size += policy_session_bytes.size(); 28514 hash->Update(cp_hash_a_bytes.data(), 28515 cp_hash_a_bytes.size()); 28516 parameter_section_bytes += cp_hash_a_bytes; 28517 command_size += cp_hash_a_bytes.size(); 28518 std::string command_hash(32, 0); 28519 hash->Finish(string_as_array(&command_hash), command_hash.size()); 28520 std::string authorization_section_bytes; 28521 std::string authorization_size_bytes; 28522 if (authorization_delegate) { 28523 if (!authorization_delegate->GetCommandAuthorization( 28524 command_hash, 28525 is_command_parameter_encryption_possible, 28526 is_response_parameter_encryption_possible, 28527 &authorization_section_bytes)) { 28528 return TRUNKS_RC_AUTHORIZATION_FAILED; 28529 } 28530 if (!authorization_section_bytes.empty()) { 28531 tag = TPM_ST_SESSIONS; 28532 std::string tmp; 28533 rc = Serialize_UINT32(authorization_section_bytes.size(), 28534 &authorization_size_bytes); 28535 if (rc != TPM_RC_SUCCESS) { 28536 return rc; 28537 } 28538 command_size += authorization_size_bytes.size() + 28539 authorization_section_bytes.size(); 28540 } 28541 } 28542 std::string tag_bytes; 28543 rc = Serialize_TPMI_ST_COMMAND_TAG( 28544 tag, 28545 &tag_bytes); 28546 if (rc != TPM_RC_SUCCESS) { 28547 return rc; 28548 } 28549 std::string command_size_bytes; 28550 rc = Serialize_UINT32( 28551 command_size, 28552 &command_size_bytes); 28553 if (rc != TPM_RC_SUCCESS) { 28554 return rc; 28555 } 28556 *serialized_command = tag_bytes + 28557 command_size_bytes + 28558 command_code_bytes + 28559 handle_section_bytes + 28560 authorization_size_bytes + 28561 authorization_section_bytes + 28562 parameter_section_bytes; 28563 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 28564 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 28565 serialized_command->size()); 28566 return TPM_RC_SUCCESS; 28567 } 28568 28569 TPM_RC Tpm::ParseResponse_PolicyCpHash( 28570 const std::string& response, 28571 AuthorizationDelegate* authorization_delegate) { 28572 VLOG(3) << __func__; 28573 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 28574 TPM_RC rc = TPM_RC_SUCCESS; 28575 std::string buffer(response); 28576 TPM_ST tag; 28577 std::string tag_bytes; 28578 rc = Parse_TPM_ST( 28579 &buffer, 28580 &tag, 28581 &tag_bytes); 28582 if (rc != TPM_RC_SUCCESS) { 28583 return rc; 28584 } 28585 UINT32 response_size; 28586 std::string response_size_bytes; 28587 rc = Parse_UINT32( 28588 &buffer, 28589 &response_size, 28590 &response_size_bytes); 28591 if (rc != TPM_RC_SUCCESS) { 28592 return rc; 28593 } 28594 TPM_RC response_code; 28595 std::string response_code_bytes; 28596 rc = Parse_TPM_RC( 28597 &buffer, 28598 &response_code, 28599 &response_code_bytes); 28600 if (rc != TPM_RC_SUCCESS) { 28601 return rc; 28602 } 28603 if (response_size != response.size()) { 28604 return TPM_RC_SIZE; 28605 } 28606 if (response_code != TPM_RC_SUCCESS) { 28607 return response_code; 28608 } 28609 TPM_CC command_code = TPM_CC_PolicyCpHash; 28610 std::string command_code_bytes; 28611 rc = Serialize_TPM_CC( 28612 command_code, 28613 &command_code_bytes); 28614 if (rc != TPM_RC_SUCCESS) { 28615 return rc; 28616 } 28617 std::string authorization_section_bytes; 28618 if (tag == TPM_ST_SESSIONS) { 28619 UINT32 parameter_section_size = buffer.size(); 28620 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 28621 if (rc != TPM_RC_SUCCESS) { 28622 return rc; 28623 } 28624 if (parameter_section_size > buffer.size()) { 28625 return TPM_RC_INSUFFICIENT; 28626 } 28627 authorization_section_bytes = buffer.substr(parameter_section_size); 28628 // Keep the parameter section in |buffer|. 28629 buffer.erase(parameter_section_size); 28630 } 28631 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 28632 crypto::SecureHash::SHA256)); 28633 hash->Update(response_code_bytes.data(), 28634 response_code_bytes.size()); 28635 hash->Update(command_code_bytes.data(), 28636 command_code_bytes.size()); 28637 hash->Update(buffer.data(), 28638 buffer.size()); 28639 std::string response_hash(32, 0); 28640 hash->Finish(string_as_array(&response_hash), response_hash.size()); 28641 if (tag == TPM_ST_SESSIONS) { 28642 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28643 if (!authorization_delegate->CheckResponseAuthorization( 28644 response_hash, 28645 authorization_section_bytes)) { 28646 return TRUNKS_RC_AUTHORIZATION_FAILED; 28647 } 28648 } 28649 return TPM_RC_SUCCESS; 28650 } 28651 28652 void PolicyCpHashErrorCallback( 28653 const Tpm::PolicyCpHashResponse& callback, 28654 TPM_RC response_code) { 28655 VLOG(1) << __func__; 28656 callback.Run(response_code); 28657 } 28658 28659 void PolicyCpHashResponseParser( 28660 const Tpm::PolicyCpHashResponse& callback, 28661 AuthorizationDelegate* authorization_delegate, 28662 const std::string& response) { 28663 VLOG(1) << __func__; 28664 base::Callback<void(TPM_RC)> error_reporter = 28665 base::Bind(PolicyCpHashErrorCallback, callback); 28666 TPM_RC rc = Tpm::ParseResponse_PolicyCpHash( 28667 response, 28668 authorization_delegate); 28669 if (rc != TPM_RC_SUCCESS) { 28670 error_reporter.Run(rc); 28671 return; 28672 } 28673 callback.Run( 28674 rc); 28675 } 28676 28677 void Tpm::PolicyCpHash( 28678 const TPMI_SH_POLICY& policy_session, 28679 const std::string& policy_session_name, 28680 const TPM2B_DIGEST& cp_hash_a, 28681 AuthorizationDelegate* authorization_delegate, 28682 const PolicyCpHashResponse& callback) { 28683 VLOG(1) << __func__; 28684 base::Callback<void(TPM_RC)> error_reporter = 28685 base::Bind(PolicyCpHashErrorCallback, callback); 28686 base::Callback<void(const std::string&)> parser = 28687 base::Bind(PolicyCpHashResponseParser, 28688 callback, 28689 authorization_delegate); 28690 std::string command; 28691 TPM_RC rc = SerializeCommand_PolicyCpHash( 28692 policy_session, 28693 policy_session_name, 28694 cp_hash_a, 28695 &command, 28696 authorization_delegate); 28697 if (rc != TPM_RC_SUCCESS) { 28698 error_reporter.Run(rc); 28699 return; 28700 } 28701 transceiver_->SendCommand(command, parser); 28702 } 28703 28704 TPM_RC Tpm::PolicyCpHashSync( 28705 const TPMI_SH_POLICY& policy_session, 28706 const std::string& policy_session_name, 28707 const TPM2B_DIGEST& cp_hash_a, 28708 AuthorizationDelegate* authorization_delegate) { 28709 VLOG(1) << __func__; 28710 std::string command; 28711 TPM_RC rc = SerializeCommand_PolicyCpHash( 28712 policy_session, 28713 policy_session_name, 28714 cp_hash_a, 28715 &command, 28716 authorization_delegate); 28717 if (rc != TPM_RC_SUCCESS) { 28718 return rc; 28719 } 28720 std::string response = transceiver_->SendCommandAndWait(command); 28721 rc = ParseResponse_PolicyCpHash( 28722 response, 28723 authorization_delegate); 28724 return rc; 28725 } 28726 28727 TPM_RC Tpm::SerializeCommand_PolicyNameHash( 28728 const TPMI_SH_POLICY& policy_session, 28729 const std::string& policy_session_name, 28730 const TPM2B_DIGEST& name_hash, 28731 std::string* serialized_command, 28732 AuthorizationDelegate* authorization_delegate) { 28733 VLOG(3) << __func__; 28734 TPM_RC rc = TPM_RC_SUCCESS; 28735 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 28736 UINT32 command_size = 10; // Header size. 28737 std::string handle_section_bytes; 28738 std::string parameter_section_bytes; 28739 TPM_CC command_code = TPM_CC_PolicyNameHash; 28740 bool is_command_parameter_encryption_possible = true; 28741 bool is_response_parameter_encryption_possible = false; 28742 std::string command_code_bytes; 28743 rc = Serialize_TPM_CC( 28744 command_code, 28745 &command_code_bytes); 28746 if (rc != TPM_RC_SUCCESS) { 28747 return rc; 28748 } 28749 std::string policy_session_bytes; 28750 rc = Serialize_TPMI_SH_POLICY( 28751 policy_session, 28752 &policy_session_bytes); 28753 if (rc != TPM_RC_SUCCESS) { 28754 return rc; 28755 } 28756 std::string name_hash_bytes; 28757 rc = Serialize_TPM2B_DIGEST( 28758 name_hash, 28759 &name_hash_bytes); 28760 if (rc != TPM_RC_SUCCESS) { 28761 return rc; 28762 } 28763 if (authorization_delegate) { 28764 // Encrypt just the parameter data, not the size. 28765 std::string tmp = name_hash_bytes.substr(2); 28766 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 28767 return TRUNKS_RC_ENCRYPTION_FAILED; 28768 } 28769 name_hash_bytes.replace(2, std::string::npos, tmp); 28770 } 28771 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 28772 crypto::SecureHash::SHA256)); 28773 hash->Update(command_code_bytes.data(), 28774 command_code_bytes.size()); 28775 hash->Update(policy_session_name.data(), 28776 policy_session_name.size()); 28777 handle_section_bytes += policy_session_bytes; 28778 command_size += policy_session_bytes.size(); 28779 hash->Update(name_hash_bytes.data(), 28780 name_hash_bytes.size()); 28781 parameter_section_bytes += name_hash_bytes; 28782 command_size += name_hash_bytes.size(); 28783 std::string command_hash(32, 0); 28784 hash->Finish(string_as_array(&command_hash), command_hash.size()); 28785 std::string authorization_section_bytes; 28786 std::string authorization_size_bytes; 28787 if (authorization_delegate) { 28788 if (!authorization_delegate->GetCommandAuthorization( 28789 command_hash, 28790 is_command_parameter_encryption_possible, 28791 is_response_parameter_encryption_possible, 28792 &authorization_section_bytes)) { 28793 return TRUNKS_RC_AUTHORIZATION_FAILED; 28794 } 28795 if (!authorization_section_bytes.empty()) { 28796 tag = TPM_ST_SESSIONS; 28797 std::string tmp; 28798 rc = Serialize_UINT32(authorization_section_bytes.size(), 28799 &authorization_size_bytes); 28800 if (rc != TPM_RC_SUCCESS) { 28801 return rc; 28802 } 28803 command_size += authorization_size_bytes.size() + 28804 authorization_section_bytes.size(); 28805 } 28806 } 28807 std::string tag_bytes; 28808 rc = Serialize_TPMI_ST_COMMAND_TAG( 28809 tag, 28810 &tag_bytes); 28811 if (rc != TPM_RC_SUCCESS) { 28812 return rc; 28813 } 28814 std::string command_size_bytes; 28815 rc = Serialize_UINT32( 28816 command_size, 28817 &command_size_bytes); 28818 if (rc != TPM_RC_SUCCESS) { 28819 return rc; 28820 } 28821 *serialized_command = tag_bytes + 28822 command_size_bytes + 28823 command_code_bytes + 28824 handle_section_bytes + 28825 authorization_size_bytes + 28826 authorization_section_bytes + 28827 parameter_section_bytes; 28828 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 28829 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 28830 serialized_command->size()); 28831 return TPM_RC_SUCCESS; 28832 } 28833 28834 TPM_RC Tpm::ParseResponse_PolicyNameHash( 28835 const std::string& response, 28836 AuthorizationDelegate* authorization_delegate) { 28837 VLOG(3) << __func__; 28838 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 28839 TPM_RC rc = TPM_RC_SUCCESS; 28840 std::string buffer(response); 28841 TPM_ST tag; 28842 std::string tag_bytes; 28843 rc = Parse_TPM_ST( 28844 &buffer, 28845 &tag, 28846 &tag_bytes); 28847 if (rc != TPM_RC_SUCCESS) { 28848 return rc; 28849 } 28850 UINT32 response_size; 28851 std::string response_size_bytes; 28852 rc = Parse_UINT32( 28853 &buffer, 28854 &response_size, 28855 &response_size_bytes); 28856 if (rc != TPM_RC_SUCCESS) { 28857 return rc; 28858 } 28859 TPM_RC response_code; 28860 std::string response_code_bytes; 28861 rc = Parse_TPM_RC( 28862 &buffer, 28863 &response_code, 28864 &response_code_bytes); 28865 if (rc != TPM_RC_SUCCESS) { 28866 return rc; 28867 } 28868 if (response_size != response.size()) { 28869 return TPM_RC_SIZE; 28870 } 28871 if (response_code != TPM_RC_SUCCESS) { 28872 return response_code; 28873 } 28874 TPM_CC command_code = TPM_CC_PolicyNameHash; 28875 std::string command_code_bytes; 28876 rc = Serialize_TPM_CC( 28877 command_code, 28878 &command_code_bytes); 28879 if (rc != TPM_RC_SUCCESS) { 28880 return rc; 28881 } 28882 std::string authorization_section_bytes; 28883 if (tag == TPM_ST_SESSIONS) { 28884 UINT32 parameter_section_size = buffer.size(); 28885 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 28886 if (rc != TPM_RC_SUCCESS) { 28887 return rc; 28888 } 28889 if (parameter_section_size > buffer.size()) { 28890 return TPM_RC_INSUFFICIENT; 28891 } 28892 authorization_section_bytes = buffer.substr(parameter_section_size); 28893 // Keep the parameter section in |buffer|. 28894 buffer.erase(parameter_section_size); 28895 } 28896 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 28897 crypto::SecureHash::SHA256)); 28898 hash->Update(response_code_bytes.data(), 28899 response_code_bytes.size()); 28900 hash->Update(command_code_bytes.data(), 28901 command_code_bytes.size()); 28902 hash->Update(buffer.data(), 28903 buffer.size()); 28904 std::string response_hash(32, 0); 28905 hash->Finish(string_as_array(&response_hash), response_hash.size()); 28906 if (tag == TPM_ST_SESSIONS) { 28907 CHECK(authorization_delegate) << "Authorization delegate missing!"; 28908 if (!authorization_delegate->CheckResponseAuthorization( 28909 response_hash, 28910 authorization_section_bytes)) { 28911 return TRUNKS_RC_AUTHORIZATION_FAILED; 28912 } 28913 } 28914 return TPM_RC_SUCCESS; 28915 } 28916 28917 void PolicyNameHashErrorCallback( 28918 const Tpm::PolicyNameHashResponse& callback, 28919 TPM_RC response_code) { 28920 VLOG(1) << __func__; 28921 callback.Run(response_code); 28922 } 28923 28924 void PolicyNameHashResponseParser( 28925 const Tpm::PolicyNameHashResponse& callback, 28926 AuthorizationDelegate* authorization_delegate, 28927 const std::string& response) { 28928 VLOG(1) << __func__; 28929 base::Callback<void(TPM_RC)> error_reporter = 28930 base::Bind(PolicyNameHashErrorCallback, callback); 28931 TPM_RC rc = Tpm::ParseResponse_PolicyNameHash( 28932 response, 28933 authorization_delegate); 28934 if (rc != TPM_RC_SUCCESS) { 28935 error_reporter.Run(rc); 28936 return; 28937 } 28938 callback.Run( 28939 rc); 28940 } 28941 28942 void Tpm::PolicyNameHash( 28943 const TPMI_SH_POLICY& policy_session, 28944 const std::string& policy_session_name, 28945 const TPM2B_DIGEST& name_hash, 28946 AuthorizationDelegate* authorization_delegate, 28947 const PolicyNameHashResponse& callback) { 28948 VLOG(1) << __func__; 28949 base::Callback<void(TPM_RC)> error_reporter = 28950 base::Bind(PolicyNameHashErrorCallback, callback); 28951 base::Callback<void(const std::string&)> parser = 28952 base::Bind(PolicyNameHashResponseParser, 28953 callback, 28954 authorization_delegate); 28955 std::string command; 28956 TPM_RC rc = SerializeCommand_PolicyNameHash( 28957 policy_session, 28958 policy_session_name, 28959 name_hash, 28960 &command, 28961 authorization_delegate); 28962 if (rc != TPM_RC_SUCCESS) { 28963 error_reporter.Run(rc); 28964 return; 28965 } 28966 transceiver_->SendCommand(command, parser); 28967 } 28968 28969 TPM_RC Tpm::PolicyNameHashSync( 28970 const TPMI_SH_POLICY& policy_session, 28971 const std::string& policy_session_name, 28972 const TPM2B_DIGEST& name_hash, 28973 AuthorizationDelegate* authorization_delegate) { 28974 VLOG(1) << __func__; 28975 std::string command; 28976 TPM_RC rc = SerializeCommand_PolicyNameHash( 28977 policy_session, 28978 policy_session_name, 28979 name_hash, 28980 &command, 28981 authorization_delegate); 28982 if (rc != TPM_RC_SUCCESS) { 28983 return rc; 28984 } 28985 std::string response = transceiver_->SendCommandAndWait(command); 28986 rc = ParseResponse_PolicyNameHash( 28987 response, 28988 authorization_delegate); 28989 return rc; 28990 } 28991 28992 TPM_RC Tpm::SerializeCommand_PolicyDuplicationSelect( 28993 const TPMI_SH_POLICY& policy_session, 28994 const std::string& policy_session_name, 28995 const TPM2B_NAME& object_name, 28996 const TPM2B_NAME& new_parent_name, 28997 const TPMI_YES_NO& include_object, 28998 std::string* serialized_command, 28999 AuthorizationDelegate* authorization_delegate) { 29000 VLOG(3) << __func__; 29001 TPM_RC rc = TPM_RC_SUCCESS; 29002 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 29003 UINT32 command_size = 10; // Header size. 29004 std::string handle_section_bytes; 29005 std::string parameter_section_bytes; 29006 TPM_CC command_code = TPM_CC_PolicyDuplicationSelect; 29007 bool is_command_parameter_encryption_possible = true; 29008 bool is_response_parameter_encryption_possible = false; 29009 std::string command_code_bytes; 29010 rc = Serialize_TPM_CC( 29011 command_code, 29012 &command_code_bytes); 29013 if (rc != TPM_RC_SUCCESS) { 29014 return rc; 29015 } 29016 std::string policy_session_bytes; 29017 rc = Serialize_TPMI_SH_POLICY( 29018 policy_session, 29019 &policy_session_bytes); 29020 if (rc != TPM_RC_SUCCESS) { 29021 return rc; 29022 } 29023 std::string object_name_bytes; 29024 rc = Serialize_TPM2B_NAME( 29025 object_name, 29026 &object_name_bytes); 29027 if (rc != TPM_RC_SUCCESS) { 29028 return rc; 29029 } 29030 std::string new_parent_name_bytes; 29031 rc = Serialize_TPM2B_NAME( 29032 new_parent_name, 29033 &new_parent_name_bytes); 29034 if (rc != TPM_RC_SUCCESS) { 29035 return rc; 29036 } 29037 std::string include_object_bytes; 29038 rc = Serialize_TPMI_YES_NO( 29039 include_object, 29040 &include_object_bytes); 29041 if (rc != TPM_RC_SUCCESS) { 29042 return rc; 29043 } 29044 if (authorization_delegate) { 29045 // Encrypt just the parameter data, not the size. 29046 std::string tmp = object_name_bytes.substr(2); 29047 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 29048 return TRUNKS_RC_ENCRYPTION_FAILED; 29049 } 29050 object_name_bytes.replace(2, std::string::npos, tmp); 29051 } 29052 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 29053 crypto::SecureHash::SHA256)); 29054 hash->Update(command_code_bytes.data(), 29055 command_code_bytes.size()); 29056 hash->Update(policy_session_name.data(), 29057 policy_session_name.size()); 29058 handle_section_bytes += policy_session_bytes; 29059 command_size += policy_session_bytes.size(); 29060 hash->Update(object_name_bytes.data(), 29061 object_name_bytes.size()); 29062 parameter_section_bytes += object_name_bytes; 29063 command_size += object_name_bytes.size(); 29064 hash->Update(new_parent_name_bytes.data(), 29065 new_parent_name_bytes.size()); 29066 parameter_section_bytes += new_parent_name_bytes; 29067 command_size += new_parent_name_bytes.size(); 29068 hash->Update(include_object_bytes.data(), 29069 include_object_bytes.size()); 29070 parameter_section_bytes += include_object_bytes; 29071 command_size += include_object_bytes.size(); 29072 std::string command_hash(32, 0); 29073 hash->Finish(string_as_array(&command_hash), command_hash.size()); 29074 std::string authorization_section_bytes; 29075 std::string authorization_size_bytes; 29076 if (authorization_delegate) { 29077 if (!authorization_delegate->GetCommandAuthorization( 29078 command_hash, 29079 is_command_parameter_encryption_possible, 29080 is_response_parameter_encryption_possible, 29081 &authorization_section_bytes)) { 29082 return TRUNKS_RC_AUTHORIZATION_FAILED; 29083 } 29084 if (!authorization_section_bytes.empty()) { 29085 tag = TPM_ST_SESSIONS; 29086 std::string tmp; 29087 rc = Serialize_UINT32(authorization_section_bytes.size(), 29088 &authorization_size_bytes); 29089 if (rc != TPM_RC_SUCCESS) { 29090 return rc; 29091 } 29092 command_size += authorization_size_bytes.size() + 29093 authorization_section_bytes.size(); 29094 } 29095 } 29096 std::string tag_bytes; 29097 rc = Serialize_TPMI_ST_COMMAND_TAG( 29098 tag, 29099 &tag_bytes); 29100 if (rc != TPM_RC_SUCCESS) { 29101 return rc; 29102 } 29103 std::string command_size_bytes; 29104 rc = Serialize_UINT32( 29105 command_size, 29106 &command_size_bytes); 29107 if (rc != TPM_RC_SUCCESS) { 29108 return rc; 29109 } 29110 *serialized_command = tag_bytes + 29111 command_size_bytes + 29112 command_code_bytes + 29113 handle_section_bytes + 29114 authorization_size_bytes + 29115 authorization_section_bytes + 29116 parameter_section_bytes; 29117 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 29118 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 29119 serialized_command->size()); 29120 return TPM_RC_SUCCESS; 29121 } 29122 29123 TPM_RC Tpm::ParseResponse_PolicyDuplicationSelect( 29124 const std::string& response, 29125 AuthorizationDelegate* authorization_delegate) { 29126 VLOG(3) << __func__; 29127 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 29128 TPM_RC rc = TPM_RC_SUCCESS; 29129 std::string buffer(response); 29130 TPM_ST tag; 29131 std::string tag_bytes; 29132 rc = Parse_TPM_ST( 29133 &buffer, 29134 &tag, 29135 &tag_bytes); 29136 if (rc != TPM_RC_SUCCESS) { 29137 return rc; 29138 } 29139 UINT32 response_size; 29140 std::string response_size_bytes; 29141 rc = Parse_UINT32( 29142 &buffer, 29143 &response_size, 29144 &response_size_bytes); 29145 if (rc != TPM_RC_SUCCESS) { 29146 return rc; 29147 } 29148 TPM_RC response_code; 29149 std::string response_code_bytes; 29150 rc = Parse_TPM_RC( 29151 &buffer, 29152 &response_code, 29153 &response_code_bytes); 29154 if (rc != TPM_RC_SUCCESS) { 29155 return rc; 29156 } 29157 if (response_size != response.size()) { 29158 return TPM_RC_SIZE; 29159 } 29160 if (response_code != TPM_RC_SUCCESS) { 29161 return response_code; 29162 } 29163 TPM_CC command_code = TPM_CC_PolicyDuplicationSelect; 29164 std::string command_code_bytes; 29165 rc = Serialize_TPM_CC( 29166 command_code, 29167 &command_code_bytes); 29168 if (rc != TPM_RC_SUCCESS) { 29169 return rc; 29170 } 29171 std::string authorization_section_bytes; 29172 if (tag == TPM_ST_SESSIONS) { 29173 UINT32 parameter_section_size = buffer.size(); 29174 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 29175 if (rc != TPM_RC_SUCCESS) { 29176 return rc; 29177 } 29178 if (parameter_section_size > buffer.size()) { 29179 return TPM_RC_INSUFFICIENT; 29180 } 29181 authorization_section_bytes = buffer.substr(parameter_section_size); 29182 // Keep the parameter section in |buffer|. 29183 buffer.erase(parameter_section_size); 29184 } 29185 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 29186 crypto::SecureHash::SHA256)); 29187 hash->Update(response_code_bytes.data(), 29188 response_code_bytes.size()); 29189 hash->Update(command_code_bytes.data(), 29190 command_code_bytes.size()); 29191 hash->Update(buffer.data(), 29192 buffer.size()); 29193 std::string response_hash(32, 0); 29194 hash->Finish(string_as_array(&response_hash), response_hash.size()); 29195 if (tag == TPM_ST_SESSIONS) { 29196 CHECK(authorization_delegate) << "Authorization delegate missing!"; 29197 if (!authorization_delegate->CheckResponseAuthorization( 29198 response_hash, 29199 authorization_section_bytes)) { 29200 return TRUNKS_RC_AUTHORIZATION_FAILED; 29201 } 29202 } 29203 return TPM_RC_SUCCESS; 29204 } 29205 29206 void PolicyDuplicationSelectErrorCallback( 29207 const Tpm::PolicyDuplicationSelectResponse& callback, 29208 TPM_RC response_code) { 29209 VLOG(1) << __func__; 29210 callback.Run(response_code); 29211 } 29212 29213 void PolicyDuplicationSelectResponseParser( 29214 const Tpm::PolicyDuplicationSelectResponse& callback, 29215 AuthorizationDelegate* authorization_delegate, 29216 const std::string& response) { 29217 VLOG(1) << __func__; 29218 base::Callback<void(TPM_RC)> error_reporter = 29219 base::Bind(PolicyDuplicationSelectErrorCallback, callback); 29220 TPM_RC rc = Tpm::ParseResponse_PolicyDuplicationSelect( 29221 response, 29222 authorization_delegate); 29223 if (rc != TPM_RC_SUCCESS) { 29224 error_reporter.Run(rc); 29225 return; 29226 } 29227 callback.Run( 29228 rc); 29229 } 29230 29231 void Tpm::PolicyDuplicationSelect( 29232 const TPMI_SH_POLICY& policy_session, 29233 const std::string& policy_session_name, 29234 const TPM2B_NAME& object_name, 29235 const TPM2B_NAME& new_parent_name, 29236 const TPMI_YES_NO& include_object, 29237 AuthorizationDelegate* authorization_delegate, 29238 const PolicyDuplicationSelectResponse& callback) { 29239 VLOG(1) << __func__; 29240 base::Callback<void(TPM_RC)> error_reporter = 29241 base::Bind(PolicyDuplicationSelectErrorCallback, callback); 29242 base::Callback<void(const std::string&)> parser = 29243 base::Bind(PolicyDuplicationSelectResponseParser, 29244 callback, 29245 authorization_delegate); 29246 std::string command; 29247 TPM_RC rc = SerializeCommand_PolicyDuplicationSelect( 29248 policy_session, 29249 policy_session_name, 29250 object_name, 29251 new_parent_name, 29252 include_object, 29253 &command, 29254 authorization_delegate); 29255 if (rc != TPM_RC_SUCCESS) { 29256 error_reporter.Run(rc); 29257 return; 29258 } 29259 transceiver_->SendCommand(command, parser); 29260 } 29261 29262 TPM_RC Tpm::PolicyDuplicationSelectSync( 29263 const TPMI_SH_POLICY& policy_session, 29264 const std::string& policy_session_name, 29265 const TPM2B_NAME& object_name, 29266 const TPM2B_NAME& new_parent_name, 29267 const TPMI_YES_NO& include_object, 29268 AuthorizationDelegate* authorization_delegate) { 29269 VLOG(1) << __func__; 29270 std::string command; 29271 TPM_RC rc = SerializeCommand_PolicyDuplicationSelect( 29272 policy_session, 29273 policy_session_name, 29274 object_name, 29275 new_parent_name, 29276 include_object, 29277 &command, 29278 authorization_delegate); 29279 if (rc != TPM_RC_SUCCESS) { 29280 return rc; 29281 } 29282 std::string response = transceiver_->SendCommandAndWait(command); 29283 rc = ParseResponse_PolicyDuplicationSelect( 29284 response, 29285 authorization_delegate); 29286 return rc; 29287 } 29288 29289 TPM_RC Tpm::SerializeCommand_PolicyAuthorize( 29290 const TPMI_SH_POLICY& policy_session, 29291 const std::string& policy_session_name, 29292 const TPM2B_DIGEST& approved_policy, 29293 const TPM2B_NONCE& policy_ref, 29294 const TPM2B_NAME& key_sign, 29295 const TPMT_TK_VERIFIED& check_ticket, 29296 std::string* serialized_command, 29297 AuthorizationDelegate* authorization_delegate) { 29298 VLOG(3) << __func__; 29299 TPM_RC rc = TPM_RC_SUCCESS; 29300 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 29301 UINT32 command_size = 10; // Header size. 29302 std::string handle_section_bytes; 29303 std::string parameter_section_bytes; 29304 TPM_CC command_code = TPM_CC_PolicyAuthorize; 29305 bool is_command_parameter_encryption_possible = true; 29306 bool is_response_parameter_encryption_possible = false; 29307 std::string command_code_bytes; 29308 rc = Serialize_TPM_CC( 29309 command_code, 29310 &command_code_bytes); 29311 if (rc != TPM_RC_SUCCESS) { 29312 return rc; 29313 } 29314 std::string policy_session_bytes; 29315 rc = Serialize_TPMI_SH_POLICY( 29316 policy_session, 29317 &policy_session_bytes); 29318 if (rc != TPM_RC_SUCCESS) { 29319 return rc; 29320 } 29321 std::string approved_policy_bytes; 29322 rc = Serialize_TPM2B_DIGEST( 29323 approved_policy, 29324 &approved_policy_bytes); 29325 if (rc != TPM_RC_SUCCESS) { 29326 return rc; 29327 } 29328 std::string policy_ref_bytes; 29329 rc = Serialize_TPM2B_NONCE( 29330 policy_ref, 29331 &policy_ref_bytes); 29332 if (rc != TPM_RC_SUCCESS) { 29333 return rc; 29334 } 29335 std::string key_sign_bytes; 29336 rc = Serialize_TPM2B_NAME( 29337 key_sign, 29338 &key_sign_bytes); 29339 if (rc != TPM_RC_SUCCESS) { 29340 return rc; 29341 } 29342 std::string check_ticket_bytes; 29343 rc = Serialize_TPMT_TK_VERIFIED( 29344 check_ticket, 29345 &check_ticket_bytes); 29346 if (rc != TPM_RC_SUCCESS) { 29347 return rc; 29348 } 29349 if (authorization_delegate) { 29350 // Encrypt just the parameter data, not the size. 29351 std::string tmp = approved_policy_bytes.substr(2); 29352 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 29353 return TRUNKS_RC_ENCRYPTION_FAILED; 29354 } 29355 approved_policy_bytes.replace(2, std::string::npos, tmp); 29356 } 29357 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 29358 crypto::SecureHash::SHA256)); 29359 hash->Update(command_code_bytes.data(), 29360 command_code_bytes.size()); 29361 hash->Update(policy_session_name.data(), 29362 policy_session_name.size()); 29363 handle_section_bytes += policy_session_bytes; 29364 command_size += policy_session_bytes.size(); 29365 hash->Update(approved_policy_bytes.data(), 29366 approved_policy_bytes.size()); 29367 parameter_section_bytes += approved_policy_bytes; 29368 command_size += approved_policy_bytes.size(); 29369 hash->Update(policy_ref_bytes.data(), 29370 policy_ref_bytes.size()); 29371 parameter_section_bytes += policy_ref_bytes; 29372 command_size += policy_ref_bytes.size(); 29373 hash->Update(key_sign_bytes.data(), 29374 key_sign_bytes.size()); 29375 parameter_section_bytes += key_sign_bytes; 29376 command_size += key_sign_bytes.size(); 29377 hash->Update(check_ticket_bytes.data(), 29378 check_ticket_bytes.size()); 29379 parameter_section_bytes += check_ticket_bytes; 29380 command_size += check_ticket_bytes.size(); 29381 std::string command_hash(32, 0); 29382 hash->Finish(string_as_array(&command_hash), command_hash.size()); 29383 std::string authorization_section_bytes; 29384 std::string authorization_size_bytes; 29385 if (authorization_delegate) { 29386 if (!authorization_delegate->GetCommandAuthorization( 29387 command_hash, 29388 is_command_parameter_encryption_possible, 29389 is_response_parameter_encryption_possible, 29390 &authorization_section_bytes)) { 29391 return TRUNKS_RC_AUTHORIZATION_FAILED; 29392 } 29393 if (!authorization_section_bytes.empty()) { 29394 tag = TPM_ST_SESSIONS; 29395 std::string tmp; 29396 rc = Serialize_UINT32(authorization_section_bytes.size(), 29397 &authorization_size_bytes); 29398 if (rc != TPM_RC_SUCCESS) { 29399 return rc; 29400 } 29401 command_size += authorization_size_bytes.size() + 29402 authorization_section_bytes.size(); 29403 } 29404 } 29405 std::string tag_bytes; 29406 rc = Serialize_TPMI_ST_COMMAND_TAG( 29407 tag, 29408 &tag_bytes); 29409 if (rc != TPM_RC_SUCCESS) { 29410 return rc; 29411 } 29412 std::string command_size_bytes; 29413 rc = Serialize_UINT32( 29414 command_size, 29415 &command_size_bytes); 29416 if (rc != TPM_RC_SUCCESS) { 29417 return rc; 29418 } 29419 *serialized_command = tag_bytes + 29420 command_size_bytes + 29421 command_code_bytes + 29422 handle_section_bytes + 29423 authorization_size_bytes + 29424 authorization_section_bytes + 29425 parameter_section_bytes; 29426 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 29427 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 29428 serialized_command->size()); 29429 return TPM_RC_SUCCESS; 29430 } 29431 29432 TPM_RC Tpm::ParseResponse_PolicyAuthorize( 29433 const std::string& response, 29434 AuthorizationDelegate* authorization_delegate) { 29435 VLOG(3) << __func__; 29436 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 29437 TPM_RC rc = TPM_RC_SUCCESS; 29438 std::string buffer(response); 29439 TPM_ST tag; 29440 std::string tag_bytes; 29441 rc = Parse_TPM_ST( 29442 &buffer, 29443 &tag, 29444 &tag_bytes); 29445 if (rc != TPM_RC_SUCCESS) { 29446 return rc; 29447 } 29448 UINT32 response_size; 29449 std::string response_size_bytes; 29450 rc = Parse_UINT32( 29451 &buffer, 29452 &response_size, 29453 &response_size_bytes); 29454 if (rc != TPM_RC_SUCCESS) { 29455 return rc; 29456 } 29457 TPM_RC response_code; 29458 std::string response_code_bytes; 29459 rc = Parse_TPM_RC( 29460 &buffer, 29461 &response_code, 29462 &response_code_bytes); 29463 if (rc != TPM_RC_SUCCESS) { 29464 return rc; 29465 } 29466 if (response_size != response.size()) { 29467 return TPM_RC_SIZE; 29468 } 29469 if (response_code != TPM_RC_SUCCESS) { 29470 return response_code; 29471 } 29472 TPM_CC command_code = TPM_CC_PolicyAuthorize; 29473 std::string command_code_bytes; 29474 rc = Serialize_TPM_CC( 29475 command_code, 29476 &command_code_bytes); 29477 if (rc != TPM_RC_SUCCESS) { 29478 return rc; 29479 } 29480 std::string authorization_section_bytes; 29481 if (tag == TPM_ST_SESSIONS) { 29482 UINT32 parameter_section_size = buffer.size(); 29483 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 29484 if (rc != TPM_RC_SUCCESS) { 29485 return rc; 29486 } 29487 if (parameter_section_size > buffer.size()) { 29488 return TPM_RC_INSUFFICIENT; 29489 } 29490 authorization_section_bytes = buffer.substr(parameter_section_size); 29491 // Keep the parameter section in |buffer|. 29492 buffer.erase(parameter_section_size); 29493 } 29494 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 29495 crypto::SecureHash::SHA256)); 29496 hash->Update(response_code_bytes.data(), 29497 response_code_bytes.size()); 29498 hash->Update(command_code_bytes.data(), 29499 command_code_bytes.size()); 29500 hash->Update(buffer.data(), 29501 buffer.size()); 29502 std::string response_hash(32, 0); 29503 hash->Finish(string_as_array(&response_hash), response_hash.size()); 29504 if (tag == TPM_ST_SESSIONS) { 29505 CHECK(authorization_delegate) << "Authorization delegate missing!"; 29506 if (!authorization_delegate->CheckResponseAuthorization( 29507 response_hash, 29508 authorization_section_bytes)) { 29509 return TRUNKS_RC_AUTHORIZATION_FAILED; 29510 } 29511 } 29512 return TPM_RC_SUCCESS; 29513 } 29514 29515 void PolicyAuthorizeErrorCallback( 29516 const Tpm::PolicyAuthorizeResponse& callback, 29517 TPM_RC response_code) { 29518 VLOG(1) << __func__; 29519 callback.Run(response_code); 29520 } 29521 29522 void PolicyAuthorizeResponseParser( 29523 const Tpm::PolicyAuthorizeResponse& callback, 29524 AuthorizationDelegate* authorization_delegate, 29525 const std::string& response) { 29526 VLOG(1) << __func__; 29527 base::Callback<void(TPM_RC)> error_reporter = 29528 base::Bind(PolicyAuthorizeErrorCallback, callback); 29529 TPM_RC rc = Tpm::ParseResponse_PolicyAuthorize( 29530 response, 29531 authorization_delegate); 29532 if (rc != TPM_RC_SUCCESS) { 29533 error_reporter.Run(rc); 29534 return; 29535 } 29536 callback.Run( 29537 rc); 29538 } 29539 29540 void Tpm::PolicyAuthorize( 29541 const TPMI_SH_POLICY& policy_session, 29542 const std::string& policy_session_name, 29543 const TPM2B_DIGEST& approved_policy, 29544 const TPM2B_NONCE& policy_ref, 29545 const TPM2B_NAME& key_sign, 29546 const TPMT_TK_VERIFIED& check_ticket, 29547 AuthorizationDelegate* authorization_delegate, 29548 const PolicyAuthorizeResponse& callback) { 29549 VLOG(1) << __func__; 29550 base::Callback<void(TPM_RC)> error_reporter = 29551 base::Bind(PolicyAuthorizeErrorCallback, callback); 29552 base::Callback<void(const std::string&)> parser = 29553 base::Bind(PolicyAuthorizeResponseParser, 29554 callback, 29555 authorization_delegate); 29556 std::string command; 29557 TPM_RC rc = SerializeCommand_PolicyAuthorize( 29558 policy_session, 29559 policy_session_name, 29560 approved_policy, 29561 policy_ref, 29562 key_sign, 29563 check_ticket, 29564 &command, 29565 authorization_delegate); 29566 if (rc != TPM_RC_SUCCESS) { 29567 error_reporter.Run(rc); 29568 return; 29569 } 29570 transceiver_->SendCommand(command, parser); 29571 } 29572 29573 TPM_RC Tpm::PolicyAuthorizeSync( 29574 const TPMI_SH_POLICY& policy_session, 29575 const std::string& policy_session_name, 29576 const TPM2B_DIGEST& approved_policy, 29577 const TPM2B_NONCE& policy_ref, 29578 const TPM2B_NAME& key_sign, 29579 const TPMT_TK_VERIFIED& check_ticket, 29580 AuthorizationDelegate* authorization_delegate) { 29581 VLOG(1) << __func__; 29582 std::string command; 29583 TPM_RC rc = SerializeCommand_PolicyAuthorize( 29584 policy_session, 29585 policy_session_name, 29586 approved_policy, 29587 policy_ref, 29588 key_sign, 29589 check_ticket, 29590 &command, 29591 authorization_delegate); 29592 if (rc != TPM_RC_SUCCESS) { 29593 return rc; 29594 } 29595 std::string response = transceiver_->SendCommandAndWait(command); 29596 rc = ParseResponse_PolicyAuthorize( 29597 response, 29598 authorization_delegate); 29599 return rc; 29600 } 29601 29602 TPM_RC Tpm::SerializeCommand_PolicyAuthValue( 29603 const TPMI_SH_POLICY& policy_session, 29604 const std::string& policy_session_name, 29605 std::string* serialized_command, 29606 AuthorizationDelegate* authorization_delegate) { 29607 VLOG(3) << __func__; 29608 TPM_RC rc = TPM_RC_SUCCESS; 29609 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 29610 UINT32 command_size = 10; // Header size. 29611 std::string handle_section_bytes; 29612 std::string parameter_section_bytes; 29613 TPM_CC command_code = TPM_CC_PolicyAuthValue; 29614 bool is_command_parameter_encryption_possible = false; 29615 bool is_response_parameter_encryption_possible = false; 29616 std::string command_code_bytes; 29617 rc = Serialize_TPM_CC( 29618 command_code, 29619 &command_code_bytes); 29620 if (rc != TPM_RC_SUCCESS) { 29621 return rc; 29622 } 29623 std::string policy_session_bytes; 29624 rc = Serialize_TPMI_SH_POLICY( 29625 policy_session, 29626 &policy_session_bytes); 29627 if (rc != TPM_RC_SUCCESS) { 29628 return rc; 29629 } 29630 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 29631 crypto::SecureHash::SHA256)); 29632 hash->Update(command_code_bytes.data(), 29633 command_code_bytes.size()); 29634 hash->Update(policy_session_name.data(), 29635 policy_session_name.size()); 29636 handle_section_bytes += policy_session_bytes; 29637 command_size += policy_session_bytes.size(); 29638 std::string command_hash(32, 0); 29639 hash->Finish(string_as_array(&command_hash), command_hash.size()); 29640 std::string authorization_section_bytes; 29641 std::string authorization_size_bytes; 29642 if (authorization_delegate) { 29643 if (!authorization_delegate->GetCommandAuthorization( 29644 command_hash, 29645 is_command_parameter_encryption_possible, 29646 is_response_parameter_encryption_possible, 29647 &authorization_section_bytes)) { 29648 return TRUNKS_RC_AUTHORIZATION_FAILED; 29649 } 29650 if (!authorization_section_bytes.empty()) { 29651 tag = TPM_ST_SESSIONS; 29652 std::string tmp; 29653 rc = Serialize_UINT32(authorization_section_bytes.size(), 29654 &authorization_size_bytes); 29655 if (rc != TPM_RC_SUCCESS) { 29656 return rc; 29657 } 29658 command_size += authorization_size_bytes.size() + 29659 authorization_section_bytes.size(); 29660 } 29661 } 29662 std::string tag_bytes; 29663 rc = Serialize_TPMI_ST_COMMAND_TAG( 29664 tag, 29665 &tag_bytes); 29666 if (rc != TPM_RC_SUCCESS) { 29667 return rc; 29668 } 29669 std::string command_size_bytes; 29670 rc = Serialize_UINT32( 29671 command_size, 29672 &command_size_bytes); 29673 if (rc != TPM_RC_SUCCESS) { 29674 return rc; 29675 } 29676 *serialized_command = tag_bytes + 29677 command_size_bytes + 29678 command_code_bytes + 29679 handle_section_bytes + 29680 authorization_size_bytes + 29681 authorization_section_bytes + 29682 parameter_section_bytes; 29683 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 29684 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 29685 serialized_command->size()); 29686 return TPM_RC_SUCCESS; 29687 } 29688 29689 TPM_RC Tpm::ParseResponse_PolicyAuthValue( 29690 const std::string& response, 29691 AuthorizationDelegate* authorization_delegate) { 29692 VLOG(3) << __func__; 29693 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 29694 TPM_RC rc = TPM_RC_SUCCESS; 29695 std::string buffer(response); 29696 TPM_ST tag; 29697 std::string tag_bytes; 29698 rc = Parse_TPM_ST( 29699 &buffer, 29700 &tag, 29701 &tag_bytes); 29702 if (rc != TPM_RC_SUCCESS) { 29703 return rc; 29704 } 29705 UINT32 response_size; 29706 std::string response_size_bytes; 29707 rc = Parse_UINT32( 29708 &buffer, 29709 &response_size, 29710 &response_size_bytes); 29711 if (rc != TPM_RC_SUCCESS) { 29712 return rc; 29713 } 29714 TPM_RC response_code; 29715 std::string response_code_bytes; 29716 rc = Parse_TPM_RC( 29717 &buffer, 29718 &response_code, 29719 &response_code_bytes); 29720 if (rc != TPM_RC_SUCCESS) { 29721 return rc; 29722 } 29723 if (response_size != response.size()) { 29724 return TPM_RC_SIZE; 29725 } 29726 if (response_code != TPM_RC_SUCCESS) { 29727 return response_code; 29728 } 29729 TPM_CC command_code = TPM_CC_PolicyAuthValue; 29730 std::string command_code_bytes; 29731 rc = Serialize_TPM_CC( 29732 command_code, 29733 &command_code_bytes); 29734 if (rc != TPM_RC_SUCCESS) { 29735 return rc; 29736 } 29737 std::string authorization_section_bytes; 29738 if (tag == TPM_ST_SESSIONS) { 29739 UINT32 parameter_section_size = buffer.size(); 29740 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 29741 if (rc != TPM_RC_SUCCESS) { 29742 return rc; 29743 } 29744 if (parameter_section_size > buffer.size()) { 29745 return TPM_RC_INSUFFICIENT; 29746 } 29747 authorization_section_bytes = buffer.substr(parameter_section_size); 29748 // Keep the parameter section in |buffer|. 29749 buffer.erase(parameter_section_size); 29750 } 29751 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 29752 crypto::SecureHash::SHA256)); 29753 hash->Update(response_code_bytes.data(), 29754 response_code_bytes.size()); 29755 hash->Update(command_code_bytes.data(), 29756 command_code_bytes.size()); 29757 hash->Update(buffer.data(), 29758 buffer.size()); 29759 std::string response_hash(32, 0); 29760 hash->Finish(string_as_array(&response_hash), response_hash.size()); 29761 if (tag == TPM_ST_SESSIONS) { 29762 CHECK(authorization_delegate) << "Authorization delegate missing!"; 29763 if (!authorization_delegate->CheckResponseAuthorization( 29764 response_hash, 29765 authorization_section_bytes)) { 29766 return TRUNKS_RC_AUTHORIZATION_FAILED; 29767 } 29768 } 29769 return TPM_RC_SUCCESS; 29770 } 29771 29772 void PolicyAuthValueErrorCallback( 29773 const Tpm::PolicyAuthValueResponse& callback, 29774 TPM_RC response_code) { 29775 VLOG(1) << __func__; 29776 callback.Run(response_code); 29777 } 29778 29779 void PolicyAuthValueResponseParser( 29780 const Tpm::PolicyAuthValueResponse& callback, 29781 AuthorizationDelegate* authorization_delegate, 29782 const std::string& response) { 29783 VLOG(1) << __func__; 29784 base::Callback<void(TPM_RC)> error_reporter = 29785 base::Bind(PolicyAuthValueErrorCallback, callback); 29786 TPM_RC rc = Tpm::ParseResponse_PolicyAuthValue( 29787 response, 29788 authorization_delegate); 29789 if (rc != TPM_RC_SUCCESS) { 29790 error_reporter.Run(rc); 29791 return; 29792 } 29793 callback.Run( 29794 rc); 29795 } 29796 29797 void Tpm::PolicyAuthValue( 29798 const TPMI_SH_POLICY& policy_session, 29799 const std::string& policy_session_name, 29800 AuthorizationDelegate* authorization_delegate, 29801 const PolicyAuthValueResponse& callback) { 29802 VLOG(1) << __func__; 29803 base::Callback<void(TPM_RC)> error_reporter = 29804 base::Bind(PolicyAuthValueErrorCallback, callback); 29805 base::Callback<void(const std::string&)> parser = 29806 base::Bind(PolicyAuthValueResponseParser, 29807 callback, 29808 authorization_delegate); 29809 std::string command; 29810 TPM_RC rc = SerializeCommand_PolicyAuthValue( 29811 policy_session, 29812 policy_session_name, 29813 &command, 29814 authorization_delegate); 29815 if (rc != TPM_RC_SUCCESS) { 29816 error_reporter.Run(rc); 29817 return; 29818 } 29819 transceiver_->SendCommand(command, parser); 29820 } 29821 29822 TPM_RC Tpm::PolicyAuthValueSync( 29823 const TPMI_SH_POLICY& policy_session, 29824 const std::string& policy_session_name, 29825 AuthorizationDelegate* authorization_delegate) { 29826 VLOG(1) << __func__; 29827 std::string command; 29828 TPM_RC rc = SerializeCommand_PolicyAuthValue( 29829 policy_session, 29830 policy_session_name, 29831 &command, 29832 authorization_delegate); 29833 if (rc != TPM_RC_SUCCESS) { 29834 return rc; 29835 } 29836 std::string response = transceiver_->SendCommandAndWait(command); 29837 rc = ParseResponse_PolicyAuthValue( 29838 response, 29839 authorization_delegate); 29840 return rc; 29841 } 29842 29843 TPM_RC Tpm::SerializeCommand_PolicyPassword( 29844 const TPMI_SH_POLICY& policy_session, 29845 const std::string& policy_session_name, 29846 std::string* serialized_command, 29847 AuthorizationDelegate* authorization_delegate) { 29848 VLOG(3) << __func__; 29849 TPM_RC rc = TPM_RC_SUCCESS; 29850 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 29851 UINT32 command_size = 10; // Header size. 29852 std::string handle_section_bytes; 29853 std::string parameter_section_bytes; 29854 TPM_CC command_code = TPM_CC_PolicyPassword; 29855 bool is_command_parameter_encryption_possible = false; 29856 bool is_response_parameter_encryption_possible = false; 29857 std::string command_code_bytes; 29858 rc = Serialize_TPM_CC( 29859 command_code, 29860 &command_code_bytes); 29861 if (rc != TPM_RC_SUCCESS) { 29862 return rc; 29863 } 29864 std::string policy_session_bytes; 29865 rc = Serialize_TPMI_SH_POLICY( 29866 policy_session, 29867 &policy_session_bytes); 29868 if (rc != TPM_RC_SUCCESS) { 29869 return rc; 29870 } 29871 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 29872 crypto::SecureHash::SHA256)); 29873 hash->Update(command_code_bytes.data(), 29874 command_code_bytes.size()); 29875 hash->Update(policy_session_name.data(), 29876 policy_session_name.size()); 29877 handle_section_bytes += policy_session_bytes; 29878 command_size += policy_session_bytes.size(); 29879 std::string command_hash(32, 0); 29880 hash->Finish(string_as_array(&command_hash), command_hash.size()); 29881 std::string authorization_section_bytes; 29882 std::string authorization_size_bytes; 29883 if (authorization_delegate) { 29884 if (!authorization_delegate->GetCommandAuthorization( 29885 command_hash, 29886 is_command_parameter_encryption_possible, 29887 is_response_parameter_encryption_possible, 29888 &authorization_section_bytes)) { 29889 return TRUNKS_RC_AUTHORIZATION_FAILED; 29890 } 29891 if (!authorization_section_bytes.empty()) { 29892 tag = TPM_ST_SESSIONS; 29893 std::string tmp; 29894 rc = Serialize_UINT32(authorization_section_bytes.size(), 29895 &authorization_size_bytes); 29896 if (rc != TPM_RC_SUCCESS) { 29897 return rc; 29898 } 29899 command_size += authorization_size_bytes.size() + 29900 authorization_section_bytes.size(); 29901 } 29902 } 29903 std::string tag_bytes; 29904 rc = Serialize_TPMI_ST_COMMAND_TAG( 29905 tag, 29906 &tag_bytes); 29907 if (rc != TPM_RC_SUCCESS) { 29908 return rc; 29909 } 29910 std::string command_size_bytes; 29911 rc = Serialize_UINT32( 29912 command_size, 29913 &command_size_bytes); 29914 if (rc != TPM_RC_SUCCESS) { 29915 return rc; 29916 } 29917 *serialized_command = tag_bytes + 29918 command_size_bytes + 29919 command_code_bytes + 29920 handle_section_bytes + 29921 authorization_size_bytes + 29922 authorization_section_bytes + 29923 parameter_section_bytes; 29924 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 29925 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 29926 serialized_command->size()); 29927 return TPM_RC_SUCCESS; 29928 } 29929 29930 TPM_RC Tpm::ParseResponse_PolicyPassword( 29931 const std::string& response, 29932 AuthorizationDelegate* authorization_delegate) { 29933 VLOG(3) << __func__; 29934 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 29935 TPM_RC rc = TPM_RC_SUCCESS; 29936 std::string buffer(response); 29937 TPM_ST tag; 29938 std::string tag_bytes; 29939 rc = Parse_TPM_ST( 29940 &buffer, 29941 &tag, 29942 &tag_bytes); 29943 if (rc != TPM_RC_SUCCESS) { 29944 return rc; 29945 } 29946 UINT32 response_size; 29947 std::string response_size_bytes; 29948 rc = Parse_UINT32( 29949 &buffer, 29950 &response_size, 29951 &response_size_bytes); 29952 if (rc != TPM_RC_SUCCESS) { 29953 return rc; 29954 } 29955 TPM_RC response_code; 29956 std::string response_code_bytes; 29957 rc = Parse_TPM_RC( 29958 &buffer, 29959 &response_code, 29960 &response_code_bytes); 29961 if (rc != TPM_RC_SUCCESS) { 29962 return rc; 29963 } 29964 if (response_size != response.size()) { 29965 return TPM_RC_SIZE; 29966 } 29967 if (response_code != TPM_RC_SUCCESS) { 29968 return response_code; 29969 } 29970 TPM_CC command_code = TPM_CC_PolicyPassword; 29971 std::string command_code_bytes; 29972 rc = Serialize_TPM_CC( 29973 command_code, 29974 &command_code_bytes); 29975 if (rc != TPM_RC_SUCCESS) { 29976 return rc; 29977 } 29978 std::string authorization_section_bytes; 29979 if (tag == TPM_ST_SESSIONS) { 29980 UINT32 parameter_section_size = buffer.size(); 29981 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 29982 if (rc != TPM_RC_SUCCESS) { 29983 return rc; 29984 } 29985 if (parameter_section_size > buffer.size()) { 29986 return TPM_RC_INSUFFICIENT; 29987 } 29988 authorization_section_bytes = buffer.substr(parameter_section_size); 29989 // Keep the parameter section in |buffer|. 29990 buffer.erase(parameter_section_size); 29991 } 29992 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 29993 crypto::SecureHash::SHA256)); 29994 hash->Update(response_code_bytes.data(), 29995 response_code_bytes.size()); 29996 hash->Update(command_code_bytes.data(), 29997 command_code_bytes.size()); 29998 hash->Update(buffer.data(), 29999 buffer.size()); 30000 std::string response_hash(32, 0); 30001 hash->Finish(string_as_array(&response_hash), response_hash.size()); 30002 if (tag == TPM_ST_SESSIONS) { 30003 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30004 if (!authorization_delegate->CheckResponseAuthorization( 30005 response_hash, 30006 authorization_section_bytes)) { 30007 return TRUNKS_RC_AUTHORIZATION_FAILED; 30008 } 30009 } 30010 return TPM_RC_SUCCESS; 30011 } 30012 30013 void PolicyPasswordErrorCallback( 30014 const Tpm::PolicyPasswordResponse& callback, 30015 TPM_RC response_code) { 30016 VLOG(1) << __func__; 30017 callback.Run(response_code); 30018 } 30019 30020 void PolicyPasswordResponseParser( 30021 const Tpm::PolicyPasswordResponse& callback, 30022 AuthorizationDelegate* authorization_delegate, 30023 const std::string& response) { 30024 VLOG(1) << __func__; 30025 base::Callback<void(TPM_RC)> error_reporter = 30026 base::Bind(PolicyPasswordErrorCallback, callback); 30027 TPM_RC rc = Tpm::ParseResponse_PolicyPassword( 30028 response, 30029 authorization_delegate); 30030 if (rc != TPM_RC_SUCCESS) { 30031 error_reporter.Run(rc); 30032 return; 30033 } 30034 callback.Run( 30035 rc); 30036 } 30037 30038 void Tpm::PolicyPassword( 30039 const TPMI_SH_POLICY& policy_session, 30040 const std::string& policy_session_name, 30041 AuthorizationDelegate* authorization_delegate, 30042 const PolicyPasswordResponse& callback) { 30043 VLOG(1) << __func__; 30044 base::Callback<void(TPM_RC)> error_reporter = 30045 base::Bind(PolicyPasswordErrorCallback, callback); 30046 base::Callback<void(const std::string&)> parser = 30047 base::Bind(PolicyPasswordResponseParser, 30048 callback, 30049 authorization_delegate); 30050 std::string command; 30051 TPM_RC rc = SerializeCommand_PolicyPassword( 30052 policy_session, 30053 policy_session_name, 30054 &command, 30055 authorization_delegate); 30056 if (rc != TPM_RC_SUCCESS) { 30057 error_reporter.Run(rc); 30058 return; 30059 } 30060 transceiver_->SendCommand(command, parser); 30061 } 30062 30063 TPM_RC Tpm::PolicyPasswordSync( 30064 const TPMI_SH_POLICY& policy_session, 30065 const std::string& policy_session_name, 30066 AuthorizationDelegate* authorization_delegate) { 30067 VLOG(1) << __func__; 30068 std::string command; 30069 TPM_RC rc = SerializeCommand_PolicyPassword( 30070 policy_session, 30071 policy_session_name, 30072 &command, 30073 authorization_delegate); 30074 if (rc != TPM_RC_SUCCESS) { 30075 return rc; 30076 } 30077 std::string response = transceiver_->SendCommandAndWait(command); 30078 rc = ParseResponse_PolicyPassword( 30079 response, 30080 authorization_delegate); 30081 return rc; 30082 } 30083 30084 TPM_RC Tpm::SerializeCommand_PolicyGetDigest( 30085 const TPMI_SH_POLICY& policy_session, 30086 const std::string& policy_session_name, 30087 std::string* serialized_command, 30088 AuthorizationDelegate* authorization_delegate) { 30089 VLOG(3) << __func__; 30090 TPM_RC rc = TPM_RC_SUCCESS; 30091 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 30092 UINT32 command_size = 10; // Header size. 30093 std::string handle_section_bytes; 30094 std::string parameter_section_bytes; 30095 TPM_CC command_code = TPM_CC_PolicyGetDigest; 30096 bool is_command_parameter_encryption_possible = false; 30097 bool is_response_parameter_encryption_possible = true; 30098 std::string command_code_bytes; 30099 rc = Serialize_TPM_CC( 30100 command_code, 30101 &command_code_bytes); 30102 if (rc != TPM_RC_SUCCESS) { 30103 return rc; 30104 } 30105 std::string policy_session_bytes; 30106 rc = Serialize_TPMI_SH_POLICY( 30107 policy_session, 30108 &policy_session_bytes); 30109 if (rc != TPM_RC_SUCCESS) { 30110 return rc; 30111 } 30112 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 30113 crypto::SecureHash::SHA256)); 30114 hash->Update(command_code_bytes.data(), 30115 command_code_bytes.size()); 30116 hash->Update(policy_session_name.data(), 30117 policy_session_name.size()); 30118 handle_section_bytes += policy_session_bytes; 30119 command_size += policy_session_bytes.size(); 30120 std::string command_hash(32, 0); 30121 hash->Finish(string_as_array(&command_hash), command_hash.size()); 30122 std::string authorization_section_bytes; 30123 std::string authorization_size_bytes; 30124 if (authorization_delegate) { 30125 if (!authorization_delegate->GetCommandAuthorization( 30126 command_hash, 30127 is_command_parameter_encryption_possible, 30128 is_response_parameter_encryption_possible, 30129 &authorization_section_bytes)) { 30130 return TRUNKS_RC_AUTHORIZATION_FAILED; 30131 } 30132 if (!authorization_section_bytes.empty()) { 30133 tag = TPM_ST_SESSIONS; 30134 std::string tmp; 30135 rc = Serialize_UINT32(authorization_section_bytes.size(), 30136 &authorization_size_bytes); 30137 if (rc != TPM_RC_SUCCESS) { 30138 return rc; 30139 } 30140 command_size += authorization_size_bytes.size() + 30141 authorization_section_bytes.size(); 30142 } 30143 } 30144 std::string tag_bytes; 30145 rc = Serialize_TPMI_ST_COMMAND_TAG( 30146 tag, 30147 &tag_bytes); 30148 if (rc != TPM_RC_SUCCESS) { 30149 return rc; 30150 } 30151 std::string command_size_bytes; 30152 rc = Serialize_UINT32( 30153 command_size, 30154 &command_size_bytes); 30155 if (rc != TPM_RC_SUCCESS) { 30156 return rc; 30157 } 30158 *serialized_command = tag_bytes + 30159 command_size_bytes + 30160 command_code_bytes + 30161 handle_section_bytes + 30162 authorization_size_bytes + 30163 authorization_section_bytes + 30164 parameter_section_bytes; 30165 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 30166 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 30167 serialized_command->size()); 30168 return TPM_RC_SUCCESS; 30169 } 30170 30171 TPM_RC Tpm::ParseResponse_PolicyGetDigest( 30172 const std::string& response, 30173 TPM2B_DIGEST* policy_digest, 30174 AuthorizationDelegate* authorization_delegate) { 30175 VLOG(3) << __func__; 30176 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 30177 TPM_RC rc = TPM_RC_SUCCESS; 30178 std::string buffer(response); 30179 TPM_ST tag; 30180 std::string tag_bytes; 30181 rc = Parse_TPM_ST( 30182 &buffer, 30183 &tag, 30184 &tag_bytes); 30185 if (rc != TPM_RC_SUCCESS) { 30186 return rc; 30187 } 30188 UINT32 response_size; 30189 std::string response_size_bytes; 30190 rc = Parse_UINT32( 30191 &buffer, 30192 &response_size, 30193 &response_size_bytes); 30194 if (rc != TPM_RC_SUCCESS) { 30195 return rc; 30196 } 30197 TPM_RC response_code; 30198 std::string response_code_bytes; 30199 rc = Parse_TPM_RC( 30200 &buffer, 30201 &response_code, 30202 &response_code_bytes); 30203 if (rc != TPM_RC_SUCCESS) { 30204 return rc; 30205 } 30206 if (response_size != response.size()) { 30207 return TPM_RC_SIZE; 30208 } 30209 if (response_code != TPM_RC_SUCCESS) { 30210 return response_code; 30211 } 30212 TPM_CC command_code = TPM_CC_PolicyGetDigest; 30213 std::string command_code_bytes; 30214 rc = Serialize_TPM_CC( 30215 command_code, 30216 &command_code_bytes); 30217 if (rc != TPM_RC_SUCCESS) { 30218 return rc; 30219 } 30220 std::string authorization_section_bytes; 30221 if (tag == TPM_ST_SESSIONS) { 30222 UINT32 parameter_section_size = buffer.size(); 30223 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 30224 if (rc != TPM_RC_SUCCESS) { 30225 return rc; 30226 } 30227 if (parameter_section_size > buffer.size()) { 30228 return TPM_RC_INSUFFICIENT; 30229 } 30230 authorization_section_bytes = buffer.substr(parameter_section_size); 30231 // Keep the parameter section in |buffer|. 30232 buffer.erase(parameter_section_size); 30233 } 30234 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 30235 crypto::SecureHash::SHA256)); 30236 hash->Update(response_code_bytes.data(), 30237 response_code_bytes.size()); 30238 hash->Update(command_code_bytes.data(), 30239 command_code_bytes.size()); 30240 hash->Update(buffer.data(), 30241 buffer.size()); 30242 std::string response_hash(32, 0); 30243 hash->Finish(string_as_array(&response_hash), response_hash.size()); 30244 if (tag == TPM_ST_SESSIONS) { 30245 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30246 if (!authorization_delegate->CheckResponseAuthorization( 30247 response_hash, 30248 authorization_section_bytes)) { 30249 return TRUNKS_RC_AUTHORIZATION_FAILED; 30250 } 30251 } 30252 std::string policy_digest_bytes; 30253 rc = Parse_TPM2B_DIGEST( 30254 &buffer, 30255 policy_digest, 30256 &policy_digest_bytes); 30257 if (rc != TPM_RC_SUCCESS) { 30258 return rc; 30259 } 30260 if (tag == TPM_ST_SESSIONS) { 30261 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30262 // Decrypt just the parameter data, not the size. 30263 std::string tmp = policy_digest_bytes.substr(2); 30264 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 30265 return TRUNKS_RC_ENCRYPTION_FAILED; 30266 } 30267 policy_digest_bytes.replace(2, std::string::npos, tmp); 30268 rc = Parse_TPM2B_DIGEST( 30269 &policy_digest_bytes, 30270 policy_digest, 30271 nullptr); 30272 if (rc != TPM_RC_SUCCESS) { 30273 return rc; 30274 } 30275 } 30276 return TPM_RC_SUCCESS; 30277 } 30278 30279 void PolicyGetDigestErrorCallback( 30280 const Tpm::PolicyGetDigestResponse& callback, 30281 TPM_RC response_code) { 30282 VLOG(1) << __func__; 30283 callback.Run(response_code, 30284 TPM2B_DIGEST()); 30285 } 30286 30287 void PolicyGetDigestResponseParser( 30288 const Tpm::PolicyGetDigestResponse& callback, 30289 AuthorizationDelegate* authorization_delegate, 30290 const std::string& response) { 30291 VLOG(1) << __func__; 30292 base::Callback<void(TPM_RC)> error_reporter = 30293 base::Bind(PolicyGetDigestErrorCallback, callback); 30294 TPM2B_DIGEST policy_digest; 30295 TPM_RC rc = Tpm::ParseResponse_PolicyGetDigest( 30296 response, 30297 &policy_digest, 30298 authorization_delegate); 30299 if (rc != TPM_RC_SUCCESS) { 30300 error_reporter.Run(rc); 30301 return; 30302 } 30303 callback.Run( 30304 rc, 30305 policy_digest); 30306 } 30307 30308 void Tpm::PolicyGetDigest( 30309 const TPMI_SH_POLICY& policy_session, 30310 const std::string& policy_session_name, 30311 AuthorizationDelegate* authorization_delegate, 30312 const PolicyGetDigestResponse& callback) { 30313 VLOG(1) << __func__; 30314 base::Callback<void(TPM_RC)> error_reporter = 30315 base::Bind(PolicyGetDigestErrorCallback, callback); 30316 base::Callback<void(const std::string&)> parser = 30317 base::Bind(PolicyGetDigestResponseParser, 30318 callback, 30319 authorization_delegate); 30320 std::string command; 30321 TPM_RC rc = SerializeCommand_PolicyGetDigest( 30322 policy_session, 30323 policy_session_name, 30324 &command, 30325 authorization_delegate); 30326 if (rc != TPM_RC_SUCCESS) { 30327 error_reporter.Run(rc); 30328 return; 30329 } 30330 transceiver_->SendCommand(command, parser); 30331 } 30332 30333 TPM_RC Tpm::PolicyGetDigestSync( 30334 const TPMI_SH_POLICY& policy_session, 30335 const std::string& policy_session_name, 30336 TPM2B_DIGEST* policy_digest, 30337 AuthorizationDelegate* authorization_delegate) { 30338 VLOG(1) << __func__; 30339 std::string command; 30340 TPM_RC rc = SerializeCommand_PolicyGetDigest( 30341 policy_session, 30342 policy_session_name, 30343 &command, 30344 authorization_delegate); 30345 if (rc != TPM_RC_SUCCESS) { 30346 return rc; 30347 } 30348 std::string response = transceiver_->SendCommandAndWait(command); 30349 rc = ParseResponse_PolicyGetDigest( 30350 response, 30351 policy_digest, 30352 authorization_delegate); 30353 return rc; 30354 } 30355 30356 TPM_RC Tpm::SerializeCommand_PolicyNvWritten( 30357 const TPMI_SH_POLICY& policy_session, 30358 const std::string& policy_session_name, 30359 const TPMI_YES_NO& written_set, 30360 std::string* serialized_command, 30361 AuthorizationDelegate* authorization_delegate) { 30362 VLOG(3) << __func__; 30363 TPM_RC rc = TPM_RC_SUCCESS; 30364 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 30365 UINT32 command_size = 10; // Header size. 30366 std::string handle_section_bytes; 30367 std::string parameter_section_bytes; 30368 TPM_CC command_code = TPM_CC_PolicyNvWritten; 30369 bool is_command_parameter_encryption_possible = false; 30370 bool is_response_parameter_encryption_possible = false; 30371 std::string command_code_bytes; 30372 rc = Serialize_TPM_CC( 30373 command_code, 30374 &command_code_bytes); 30375 if (rc != TPM_RC_SUCCESS) { 30376 return rc; 30377 } 30378 std::string policy_session_bytes; 30379 rc = Serialize_TPMI_SH_POLICY( 30380 policy_session, 30381 &policy_session_bytes); 30382 if (rc != TPM_RC_SUCCESS) { 30383 return rc; 30384 } 30385 std::string written_set_bytes; 30386 rc = Serialize_TPMI_YES_NO( 30387 written_set, 30388 &written_set_bytes); 30389 if (rc != TPM_RC_SUCCESS) { 30390 return rc; 30391 } 30392 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 30393 crypto::SecureHash::SHA256)); 30394 hash->Update(command_code_bytes.data(), 30395 command_code_bytes.size()); 30396 hash->Update(policy_session_name.data(), 30397 policy_session_name.size()); 30398 handle_section_bytes += policy_session_bytes; 30399 command_size += policy_session_bytes.size(); 30400 hash->Update(written_set_bytes.data(), 30401 written_set_bytes.size()); 30402 parameter_section_bytes += written_set_bytes; 30403 command_size += written_set_bytes.size(); 30404 std::string command_hash(32, 0); 30405 hash->Finish(string_as_array(&command_hash), command_hash.size()); 30406 std::string authorization_section_bytes; 30407 std::string authorization_size_bytes; 30408 if (authorization_delegate) { 30409 if (!authorization_delegate->GetCommandAuthorization( 30410 command_hash, 30411 is_command_parameter_encryption_possible, 30412 is_response_parameter_encryption_possible, 30413 &authorization_section_bytes)) { 30414 return TRUNKS_RC_AUTHORIZATION_FAILED; 30415 } 30416 if (!authorization_section_bytes.empty()) { 30417 tag = TPM_ST_SESSIONS; 30418 std::string tmp; 30419 rc = Serialize_UINT32(authorization_section_bytes.size(), 30420 &authorization_size_bytes); 30421 if (rc != TPM_RC_SUCCESS) { 30422 return rc; 30423 } 30424 command_size += authorization_size_bytes.size() + 30425 authorization_section_bytes.size(); 30426 } 30427 } 30428 std::string tag_bytes; 30429 rc = Serialize_TPMI_ST_COMMAND_TAG( 30430 tag, 30431 &tag_bytes); 30432 if (rc != TPM_RC_SUCCESS) { 30433 return rc; 30434 } 30435 std::string command_size_bytes; 30436 rc = Serialize_UINT32( 30437 command_size, 30438 &command_size_bytes); 30439 if (rc != TPM_RC_SUCCESS) { 30440 return rc; 30441 } 30442 *serialized_command = tag_bytes + 30443 command_size_bytes + 30444 command_code_bytes + 30445 handle_section_bytes + 30446 authorization_size_bytes + 30447 authorization_section_bytes + 30448 parameter_section_bytes; 30449 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 30450 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 30451 serialized_command->size()); 30452 return TPM_RC_SUCCESS; 30453 } 30454 30455 TPM_RC Tpm::ParseResponse_PolicyNvWritten( 30456 const std::string& response, 30457 AuthorizationDelegate* authorization_delegate) { 30458 VLOG(3) << __func__; 30459 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 30460 TPM_RC rc = TPM_RC_SUCCESS; 30461 std::string buffer(response); 30462 TPM_ST tag; 30463 std::string tag_bytes; 30464 rc = Parse_TPM_ST( 30465 &buffer, 30466 &tag, 30467 &tag_bytes); 30468 if (rc != TPM_RC_SUCCESS) { 30469 return rc; 30470 } 30471 UINT32 response_size; 30472 std::string response_size_bytes; 30473 rc = Parse_UINT32( 30474 &buffer, 30475 &response_size, 30476 &response_size_bytes); 30477 if (rc != TPM_RC_SUCCESS) { 30478 return rc; 30479 } 30480 TPM_RC response_code; 30481 std::string response_code_bytes; 30482 rc = Parse_TPM_RC( 30483 &buffer, 30484 &response_code, 30485 &response_code_bytes); 30486 if (rc != TPM_RC_SUCCESS) { 30487 return rc; 30488 } 30489 if (response_size != response.size()) { 30490 return TPM_RC_SIZE; 30491 } 30492 if (response_code != TPM_RC_SUCCESS) { 30493 return response_code; 30494 } 30495 TPM_CC command_code = TPM_CC_PolicyNvWritten; 30496 std::string command_code_bytes; 30497 rc = Serialize_TPM_CC( 30498 command_code, 30499 &command_code_bytes); 30500 if (rc != TPM_RC_SUCCESS) { 30501 return rc; 30502 } 30503 std::string authorization_section_bytes; 30504 if (tag == TPM_ST_SESSIONS) { 30505 UINT32 parameter_section_size = buffer.size(); 30506 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 30507 if (rc != TPM_RC_SUCCESS) { 30508 return rc; 30509 } 30510 if (parameter_section_size > buffer.size()) { 30511 return TPM_RC_INSUFFICIENT; 30512 } 30513 authorization_section_bytes = buffer.substr(parameter_section_size); 30514 // Keep the parameter section in |buffer|. 30515 buffer.erase(parameter_section_size); 30516 } 30517 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 30518 crypto::SecureHash::SHA256)); 30519 hash->Update(response_code_bytes.data(), 30520 response_code_bytes.size()); 30521 hash->Update(command_code_bytes.data(), 30522 command_code_bytes.size()); 30523 hash->Update(buffer.data(), 30524 buffer.size()); 30525 std::string response_hash(32, 0); 30526 hash->Finish(string_as_array(&response_hash), response_hash.size()); 30527 if (tag == TPM_ST_SESSIONS) { 30528 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30529 if (!authorization_delegate->CheckResponseAuthorization( 30530 response_hash, 30531 authorization_section_bytes)) { 30532 return TRUNKS_RC_AUTHORIZATION_FAILED; 30533 } 30534 } 30535 return TPM_RC_SUCCESS; 30536 } 30537 30538 void PolicyNvWrittenErrorCallback( 30539 const Tpm::PolicyNvWrittenResponse& callback, 30540 TPM_RC response_code) { 30541 VLOG(1) << __func__; 30542 callback.Run(response_code); 30543 } 30544 30545 void PolicyNvWrittenResponseParser( 30546 const Tpm::PolicyNvWrittenResponse& callback, 30547 AuthorizationDelegate* authorization_delegate, 30548 const std::string& response) { 30549 VLOG(1) << __func__; 30550 base::Callback<void(TPM_RC)> error_reporter = 30551 base::Bind(PolicyNvWrittenErrorCallback, callback); 30552 TPM_RC rc = Tpm::ParseResponse_PolicyNvWritten( 30553 response, 30554 authorization_delegate); 30555 if (rc != TPM_RC_SUCCESS) { 30556 error_reporter.Run(rc); 30557 return; 30558 } 30559 callback.Run( 30560 rc); 30561 } 30562 30563 void Tpm::PolicyNvWritten( 30564 const TPMI_SH_POLICY& policy_session, 30565 const std::string& policy_session_name, 30566 const TPMI_YES_NO& written_set, 30567 AuthorizationDelegate* authorization_delegate, 30568 const PolicyNvWrittenResponse& callback) { 30569 VLOG(1) << __func__; 30570 base::Callback<void(TPM_RC)> error_reporter = 30571 base::Bind(PolicyNvWrittenErrorCallback, callback); 30572 base::Callback<void(const std::string&)> parser = 30573 base::Bind(PolicyNvWrittenResponseParser, 30574 callback, 30575 authorization_delegate); 30576 std::string command; 30577 TPM_RC rc = SerializeCommand_PolicyNvWritten( 30578 policy_session, 30579 policy_session_name, 30580 written_set, 30581 &command, 30582 authorization_delegate); 30583 if (rc != TPM_RC_SUCCESS) { 30584 error_reporter.Run(rc); 30585 return; 30586 } 30587 transceiver_->SendCommand(command, parser); 30588 } 30589 30590 TPM_RC Tpm::PolicyNvWrittenSync( 30591 const TPMI_SH_POLICY& policy_session, 30592 const std::string& policy_session_name, 30593 const TPMI_YES_NO& written_set, 30594 AuthorizationDelegate* authorization_delegate) { 30595 VLOG(1) << __func__; 30596 std::string command; 30597 TPM_RC rc = SerializeCommand_PolicyNvWritten( 30598 policy_session, 30599 policy_session_name, 30600 written_set, 30601 &command, 30602 authorization_delegate); 30603 if (rc != TPM_RC_SUCCESS) { 30604 return rc; 30605 } 30606 std::string response = transceiver_->SendCommandAndWait(command); 30607 rc = ParseResponse_PolicyNvWritten( 30608 response, 30609 authorization_delegate); 30610 return rc; 30611 } 30612 30613 TPM_RC Tpm::SerializeCommand_CreatePrimary( 30614 const TPMI_RH_HIERARCHY& primary_handle, 30615 const std::string& primary_handle_name, 30616 const TPM2B_SENSITIVE_CREATE& in_sensitive, 30617 const TPM2B_PUBLIC& in_public, 30618 const TPM2B_DATA& outside_info, 30619 const TPML_PCR_SELECTION& creation_pcr, 30620 std::string* serialized_command, 30621 AuthorizationDelegate* authorization_delegate) { 30622 VLOG(3) << __func__; 30623 TPM_RC rc = TPM_RC_SUCCESS; 30624 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 30625 UINT32 command_size = 10; // Header size. 30626 std::string handle_section_bytes; 30627 std::string parameter_section_bytes; 30628 TPM_CC command_code = TPM_CC_CreatePrimary; 30629 bool is_command_parameter_encryption_possible = true; 30630 bool is_response_parameter_encryption_possible = true; 30631 std::string command_code_bytes; 30632 rc = Serialize_TPM_CC( 30633 command_code, 30634 &command_code_bytes); 30635 if (rc != TPM_RC_SUCCESS) { 30636 return rc; 30637 } 30638 std::string primary_handle_bytes; 30639 rc = Serialize_TPMI_RH_HIERARCHY( 30640 primary_handle, 30641 &primary_handle_bytes); 30642 if (rc != TPM_RC_SUCCESS) { 30643 return rc; 30644 } 30645 std::string in_sensitive_bytes; 30646 rc = Serialize_TPM2B_SENSITIVE_CREATE( 30647 in_sensitive, 30648 &in_sensitive_bytes); 30649 if (rc != TPM_RC_SUCCESS) { 30650 return rc; 30651 } 30652 std::string in_public_bytes; 30653 rc = Serialize_TPM2B_PUBLIC( 30654 in_public, 30655 &in_public_bytes); 30656 if (rc != TPM_RC_SUCCESS) { 30657 return rc; 30658 } 30659 std::string outside_info_bytes; 30660 rc = Serialize_TPM2B_DATA( 30661 outside_info, 30662 &outside_info_bytes); 30663 if (rc != TPM_RC_SUCCESS) { 30664 return rc; 30665 } 30666 std::string creation_pcr_bytes; 30667 rc = Serialize_TPML_PCR_SELECTION( 30668 creation_pcr, 30669 &creation_pcr_bytes); 30670 if (rc != TPM_RC_SUCCESS) { 30671 return rc; 30672 } 30673 if (authorization_delegate) { 30674 // Encrypt just the parameter data, not the size. 30675 std::string tmp = in_sensitive_bytes.substr(2); 30676 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 30677 return TRUNKS_RC_ENCRYPTION_FAILED; 30678 } 30679 in_sensitive_bytes.replace(2, std::string::npos, tmp); 30680 } 30681 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 30682 crypto::SecureHash::SHA256)); 30683 hash->Update(command_code_bytes.data(), 30684 command_code_bytes.size()); 30685 hash->Update(primary_handle_name.data(), 30686 primary_handle_name.size()); 30687 handle_section_bytes += primary_handle_bytes; 30688 command_size += primary_handle_bytes.size(); 30689 hash->Update(in_sensitive_bytes.data(), 30690 in_sensitive_bytes.size()); 30691 parameter_section_bytes += in_sensitive_bytes; 30692 command_size += in_sensitive_bytes.size(); 30693 hash->Update(in_public_bytes.data(), 30694 in_public_bytes.size()); 30695 parameter_section_bytes += in_public_bytes; 30696 command_size += in_public_bytes.size(); 30697 hash->Update(outside_info_bytes.data(), 30698 outside_info_bytes.size()); 30699 parameter_section_bytes += outside_info_bytes; 30700 command_size += outside_info_bytes.size(); 30701 hash->Update(creation_pcr_bytes.data(), 30702 creation_pcr_bytes.size()); 30703 parameter_section_bytes += creation_pcr_bytes; 30704 command_size += creation_pcr_bytes.size(); 30705 std::string command_hash(32, 0); 30706 hash->Finish(string_as_array(&command_hash), command_hash.size()); 30707 std::string authorization_section_bytes; 30708 std::string authorization_size_bytes; 30709 if (authorization_delegate) { 30710 if (!authorization_delegate->GetCommandAuthorization( 30711 command_hash, 30712 is_command_parameter_encryption_possible, 30713 is_response_parameter_encryption_possible, 30714 &authorization_section_bytes)) { 30715 return TRUNKS_RC_AUTHORIZATION_FAILED; 30716 } 30717 if (!authorization_section_bytes.empty()) { 30718 tag = TPM_ST_SESSIONS; 30719 std::string tmp; 30720 rc = Serialize_UINT32(authorization_section_bytes.size(), 30721 &authorization_size_bytes); 30722 if (rc != TPM_RC_SUCCESS) { 30723 return rc; 30724 } 30725 command_size += authorization_size_bytes.size() + 30726 authorization_section_bytes.size(); 30727 } 30728 } 30729 std::string tag_bytes; 30730 rc = Serialize_TPMI_ST_COMMAND_TAG( 30731 tag, 30732 &tag_bytes); 30733 if (rc != TPM_RC_SUCCESS) { 30734 return rc; 30735 } 30736 std::string command_size_bytes; 30737 rc = Serialize_UINT32( 30738 command_size, 30739 &command_size_bytes); 30740 if (rc != TPM_RC_SUCCESS) { 30741 return rc; 30742 } 30743 *serialized_command = tag_bytes + 30744 command_size_bytes + 30745 command_code_bytes + 30746 handle_section_bytes + 30747 authorization_size_bytes + 30748 authorization_section_bytes + 30749 parameter_section_bytes; 30750 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 30751 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 30752 serialized_command->size()); 30753 return TPM_RC_SUCCESS; 30754 } 30755 30756 TPM_RC Tpm::ParseResponse_CreatePrimary( 30757 const std::string& response, 30758 TPM_HANDLE* object_handle, 30759 TPM2B_PUBLIC* out_public, 30760 TPM2B_CREATION_DATA* creation_data, 30761 TPM2B_DIGEST* creation_hash, 30762 TPMT_TK_CREATION* creation_ticket, 30763 TPM2B_NAME* name, 30764 AuthorizationDelegate* authorization_delegate) { 30765 VLOG(3) << __func__; 30766 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 30767 TPM_RC rc = TPM_RC_SUCCESS; 30768 std::string buffer(response); 30769 TPM_ST tag; 30770 std::string tag_bytes; 30771 rc = Parse_TPM_ST( 30772 &buffer, 30773 &tag, 30774 &tag_bytes); 30775 if (rc != TPM_RC_SUCCESS) { 30776 return rc; 30777 } 30778 UINT32 response_size; 30779 std::string response_size_bytes; 30780 rc = Parse_UINT32( 30781 &buffer, 30782 &response_size, 30783 &response_size_bytes); 30784 if (rc != TPM_RC_SUCCESS) { 30785 return rc; 30786 } 30787 TPM_RC response_code; 30788 std::string response_code_bytes; 30789 rc = Parse_TPM_RC( 30790 &buffer, 30791 &response_code, 30792 &response_code_bytes); 30793 if (rc != TPM_RC_SUCCESS) { 30794 return rc; 30795 } 30796 if (response_size != response.size()) { 30797 return TPM_RC_SIZE; 30798 } 30799 if (response_code != TPM_RC_SUCCESS) { 30800 return response_code; 30801 } 30802 std::string object_handle_bytes; 30803 rc = Parse_TPM_HANDLE( 30804 &buffer, 30805 object_handle, 30806 &object_handle_bytes); 30807 if (rc != TPM_RC_SUCCESS) { 30808 return rc; 30809 } 30810 TPM_CC command_code = TPM_CC_CreatePrimary; 30811 std::string command_code_bytes; 30812 rc = Serialize_TPM_CC( 30813 command_code, 30814 &command_code_bytes); 30815 if (rc != TPM_RC_SUCCESS) { 30816 return rc; 30817 } 30818 std::string authorization_section_bytes; 30819 if (tag == TPM_ST_SESSIONS) { 30820 UINT32 parameter_section_size = buffer.size(); 30821 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 30822 if (rc != TPM_RC_SUCCESS) { 30823 return rc; 30824 } 30825 if (parameter_section_size > buffer.size()) { 30826 return TPM_RC_INSUFFICIENT; 30827 } 30828 authorization_section_bytes = buffer.substr(parameter_section_size); 30829 // Keep the parameter section in |buffer|. 30830 buffer.erase(parameter_section_size); 30831 } 30832 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 30833 crypto::SecureHash::SHA256)); 30834 hash->Update(response_code_bytes.data(), 30835 response_code_bytes.size()); 30836 hash->Update(command_code_bytes.data(), 30837 command_code_bytes.size()); 30838 hash->Update(buffer.data(), 30839 buffer.size()); 30840 std::string response_hash(32, 0); 30841 hash->Finish(string_as_array(&response_hash), response_hash.size()); 30842 if (tag == TPM_ST_SESSIONS) { 30843 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30844 if (!authorization_delegate->CheckResponseAuthorization( 30845 response_hash, 30846 authorization_section_bytes)) { 30847 return TRUNKS_RC_AUTHORIZATION_FAILED; 30848 } 30849 } 30850 std::string out_public_bytes; 30851 rc = Parse_TPM2B_PUBLIC( 30852 &buffer, 30853 out_public, 30854 &out_public_bytes); 30855 if (rc != TPM_RC_SUCCESS) { 30856 return rc; 30857 } 30858 std::string creation_data_bytes; 30859 rc = Parse_TPM2B_CREATION_DATA( 30860 &buffer, 30861 creation_data, 30862 &creation_data_bytes); 30863 if (rc != TPM_RC_SUCCESS) { 30864 return rc; 30865 } 30866 std::string creation_hash_bytes; 30867 rc = Parse_TPM2B_DIGEST( 30868 &buffer, 30869 creation_hash, 30870 &creation_hash_bytes); 30871 if (rc != TPM_RC_SUCCESS) { 30872 return rc; 30873 } 30874 std::string creation_ticket_bytes; 30875 rc = Parse_TPMT_TK_CREATION( 30876 &buffer, 30877 creation_ticket, 30878 &creation_ticket_bytes); 30879 if (rc != TPM_RC_SUCCESS) { 30880 return rc; 30881 } 30882 std::string name_bytes; 30883 rc = Parse_TPM2B_NAME( 30884 &buffer, 30885 name, 30886 &name_bytes); 30887 if (rc != TPM_RC_SUCCESS) { 30888 return rc; 30889 } 30890 if (tag == TPM_ST_SESSIONS) { 30891 CHECK(authorization_delegate) << "Authorization delegate missing!"; 30892 // Decrypt just the parameter data, not the size. 30893 std::string tmp = out_public_bytes.substr(2); 30894 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 30895 return TRUNKS_RC_ENCRYPTION_FAILED; 30896 } 30897 out_public_bytes.replace(2, std::string::npos, tmp); 30898 rc = Parse_TPM2B_PUBLIC( 30899 &out_public_bytes, 30900 out_public, 30901 nullptr); 30902 if (rc != TPM_RC_SUCCESS) { 30903 return rc; 30904 } 30905 } 30906 return TPM_RC_SUCCESS; 30907 } 30908 30909 void CreatePrimaryErrorCallback( 30910 const Tpm::CreatePrimaryResponse& callback, 30911 TPM_RC response_code) { 30912 VLOG(1) << __func__; 30913 callback.Run(response_code, 30914 TPM_HANDLE(), 30915 TPM2B_PUBLIC(), 30916 TPM2B_CREATION_DATA(), 30917 TPM2B_DIGEST(), 30918 TPMT_TK_CREATION(), 30919 TPM2B_NAME()); 30920 } 30921 30922 void CreatePrimaryResponseParser( 30923 const Tpm::CreatePrimaryResponse& callback, 30924 AuthorizationDelegate* authorization_delegate, 30925 const std::string& response) { 30926 VLOG(1) << __func__; 30927 base::Callback<void(TPM_RC)> error_reporter = 30928 base::Bind(CreatePrimaryErrorCallback, callback); 30929 TPM_HANDLE object_handle; 30930 TPM2B_PUBLIC out_public; 30931 TPM2B_CREATION_DATA creation_data; 30932 TPM2B_DIGEST creation_hash; 30933 TPMT_TK_CREATION creation_ticket; 30934 TPM2B_NAME name; 30935 TPM_RC rc = Tpm::ParseResponse_CreatePrimary( 30936 response, 30937 &object_handle, 30938 &out_public, 30939 &creation_data, 30940 &creation_hash, 30941 &creation_ticket, 30942 &name, 30943 authorization_delegate); 30944 if (rc != TPM_RC_SUCCESS) { 30945 error_reporter.Run(rc); 30946 return; 30947 } 30948 callback.Run( 30949 rc, 30950 object_handle, 30951 out_public, 30952 creation_data, 30953 creation_hash, 30954 creation_ticket, 30955 name); 30956 } 30957 30958 void Tpm::CreatePrimary( 30959 const TPMI_RH_HIERARCHY& primary_handle, 30960 const std::string& primary_handle_name, 30961 const TPM2B_SENSITIVE_CREATE& in_sensitive, 30962 const TPM2B_PUBLIC& in_public, 30963 const TPM2B_DATA& outside_info, 30964 const TPML_PCR_SELECTION& creation_pcr, 30965 AuthorizationDelegate* authorization_delegate, 30966 const CreatePrimaryResponse& callback) { 30967 VLOG(1) << __func__; 30968 base::Callback<void(TPM_RC)> error_reporter = 30969 base::Bind(CreatePrimaryErrorCallback, callback); 30970 base::Callback<void(const std::string&)> parser = 30971 base::Bind(CreatePrimaryResponseParser, 30972 callback, 30973 authorization_delegate); 30974 std::string command; 30975 TPM_RC rc = SerializeCommand_CreatePrimary( 30976 primary_handle, 30977 primary_handle_name, 30978 in_sensitive, 30979 in_public, 30980 outside_info, 30981 creation_pcr, 30982 &command, 30983 authorization_delegate); 30984 if (rc != TPM_RC_SUCCESS) { 30985 error_reporter.Run(rc); 30986 return; 30987 } 30988 transceiver_->SendCommand(command, parser); 30989 } 30990 30991 TPM_RC Tpm::CreatePrimarySync( 30992 const TPMI_RH_HIERARCHY& primary_handle, 30993 const std::string& primary_handle_name, 30994 const TPM2B_SENSITIVE_CREATE& in_sensitive, 30995 const TPM2B_PUBLIC& in_public, 30996 const TPM2B_DATA& outside_info, 30997 const TPML_PCR_SELECTION& creation_pcr, 30998 TPM_HANDLE* object_handle, 30999 TPM2B_PUBLIC* out_public, 31000 TPM2B_CREATION_DATA* creation_data, 31001 TPM2B_DIGEST* creation_hash, 31002 TPMT_TK_CREATION* creation_ticket, 31003 TPM2B_NAME* name, 31004 AuthorizationDelegate* authorization_delegate) { 31005 VLOG(1) << __func__; 31006 std::string command; 31007 TPM_RC rc = SerializeCommand_CreatePrimary( 31008 primary_handle, 31009 primary_handle_name, 31010 in_sensitive, 31011 in_public, 31012 outside_info, 31013 creation_pcr, 31014 &command, 31015 authorization_delegate); 31016 if (rc != TPM_RC_SUCCESS) { 31017 return rc; 31018 } 31019 std::string response = transceiver_->SendCommandAndWait(command); 31020 rc = ParseResponse_CreatePrimary( 31021 response, 31022 object_handle, 31023 out_public, 31024 creation_data, 31025 creation_hash, 31026 creation_ticket, 31027 name, 31028 authorization_delegate); 31029 return rc; 31030 } 31031 31032 TPM_RC Tpm::SerializeCommand_HierarchyControl( 31033 const TPMI_RH_HIERARCHY& auth_handle, 31034 const std::string& auth_handle_name, 31035 const TPMI_RH_ENABLES& enable, 31036 const TPMI_YES_NO& state, 31037 std::string* serialized_command, 31038 AuthorizationDelegate* authorization_delegate) { 31039 VLOG(3) << __func__; 31040 TPM_RC rc = TPM_RC_SUCCESS; 31041 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 31042 UINT32 command_size = 10; // Header size. 31043 std::string handle_section_bytes; 31044 std::string parameter_section_bytes; 31045 TPM_CC command_code = TPM_CC_HierarchyControl; 31046 bool is_command_parameter_encryption_possible = false; 31047 bool is_response_parameter_encryption_possible = false; 31048 std::string command_code_bytes; 31049 rc = Serialize_TPM_CC( 31050 command_code, 31051 &command_code_bytes); 31052 if (rc != TPM_RC_SUCCESS) { 31053 return rc; 31054 } 31055 std::string auth_handle_bytes; 31056 rc = Serialize_TPMI_RH_HIERARCHY( 31057 auth_handle, 31058 &auth_handle_bytes); 31059 if (rc != TPM_RC_SUCCESS) { 31060 return rc; 31061 } 31062 std::string enable_bytes; 31063 rc = Serialize_TPMI_RH_ENABLES( 31064 enable, 31065 &enable_bytes); 31066 if (rc != TPM_RC_SUCCESS) { 31067 return rc; 31068 } 31069 std::string state_bytes; 31070 rc = Serialize_TPMI_YES_NO( 31071 state, 31072 &state_bytes); 31073 if (rc != TPM_RC_SUCCESS) { 31074 return rc; 31075 } 31076 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 31077 crypto::SecureHash::SHA256)); 31078 hash->Update(command_code_bytes.data(), 31079 command_code_bytes.size()); 31080 hash->Update(auth_handle_name.data(), 31081 auth_handle_name.size()); 31082 handle_section_bytes += auth_handle_bytes; 31083 command_size += auth_handle_bytes.size(); 31084 hash->Update(enable_bytes.data(), 31085 enable_bytes.size()); 31086 parameter_section_bytes += enable_bytes; 31087 command_size += enable_bytes.size(); 31088 hash->Update(state_bytes.data(), 31089 state_bytes.size()); 31090 parameter_section_bytes += state_bytes; 31091 command_size += state_bytes.size(); 31092 std::string command_hash(32, 0); 31093 hash->Finish(string_as_array(&command_hash), command_hash.size()); 31094 std::string authorization_section_bytes; 31095 std::string authorization_size_bytes; 31096 if (authorization_delegate) { 31097 if (!authorization_delegate->GetCommandAuthorization( 31098 command_hash, 31099 is_command_parameter_encryption_possible, 31100 is_response_parameter_encryption_possible, 31101 &authorization_section_bytes)) { 31102 return TRUNKS_RC_AUTHORIZATION_FAILED; 31103 } 31104 if (!authorization_section_bytes.empty()) { 31105 tag = TPM_ST_SESSIONS; 31106 std::string tmp; 31107 rc = Serialize_UINT32(authorization_section_bytes.size(), 31108 &authorization_size_bytes); 31109 if (rc != TPM_RC_SUCCESS) { 31110 return rc; 31111 } 31112 command_size += authorization_size_bytes.size() + 31113 authorization_section_bytes.size(); 31114 } 31115 } 31116 std::string tag_bytes; 31117 rc = Serialize_TPMI_ST_COMMAND_TAG( 31118 tag, 31119 &tag_bytes); 31120 if (rc != TPM_RC_SUCCESS) { 31121 return rc; 31122 } 31123 std::string command_size_bytes; 31124 rc = Serialize_UINT32( 31125 command_size, 31126 &command_size_bytes); 31127 if (rc != TPM_RC_SUCCESS) { 31128 return rc; 31129 } 31130 *serialized_command = tag_bytes + 31131 command_size_bytes + 31132 command_code_bytes + 31133 handle_section_bytes + 31134 authorization_size_bytes + 31135 authorization_section_bytes + 31136 parameter_section_bytes; 31137 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 31138 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 31139 serialized_command->size()); 31140 return TPM_RC_SUCCESS; 31141 } 31142 31143 TPM_RC Tpm::ParseResponse_HierarchyControl( 31144 const std::string& response, 31145 AuthorizationDelegate* authorization_delegate) { 31146 VLOG(3) << __func__; 31147 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 31148 TPM_RC rc = TPM_RC_SUCCESS; 31149 std::string buffer(response); 31150 TPM_ST tag; 31151 std::string tag_bytes; 31152 rc = Parse_TPM_ST( 31153 &buffer, 31154 &tag, 31155 &tag_bytes); 31156 if (rc != TPM_RC_SUCCESS) { 31157 return rc; 31158 } 31159 UINT32 response_size; 31160 std::string response_size_bytes; 31161 rc = Parse_UINT32( 31162 &buffer, 31163 &response_size, 31164 &response_size_bytes); 31165 if (rc != TPM_RC_SUCCESS) { 31166 return rc; 31167 } 31168 TPM_RC response_code; 31169 std::string response_code_bytes; 31170 rc = Parse_TPM_RC( 31171 &buffer, 31172 &response_code, 31173 &response_code_bytes); 31174 if (rc != TPM_RC_SUCCESS) { 31175 return rc; 31176 } 31177 if (response_size != response.size()) { 31178 return TPM_RC_SIZE; 31179 } 31180 if (response_code != TPM_RC_SUCCESS) { 31181 return response_code; 31182 } 31183 TPM_CC command_code = TPM_CC_HierarchyControl; 31184 std::string command_code_bytes; 31185 rc = Serialize_TPM_CC( 31186 command_code, 31187 &command_code_bytes); 31188 if (rc != TPM_RC_SUCCESS) { 31189 return rc; 31190 } 31191 std::string authorization_section_bytes; 31192 if (tag == TPM_ST_SESSIONS) { 31193 UINT32 parameter_section_size = buffer.size(); 31194 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 31195 if (rc != TPM_RC_SUCCESS) { 31196 return rc; 31197 } 31198 if (parameter_section_size > buffer.size()) { 31199 return TPM_RC_INSUFFICIENT; 31200 } 31201 authorization_section_bytes = buffer.substr(parameter_section_size); 31202 // Keep the parameter section in |buffer|. 31203 buffer.erase(parameter_section_size); 31204 } 31205 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 31206 crypto::SecureHash::SHA256)); 31207 hash->Update(response_code_bytes.data(), 31208 response_code_bytes.size()); 31209 hash->Update(command_code_bytes.data(), 31210 command_code_bytes.size()); 31211 hash->Update(buffer.data(), 31212 buffer.size()); 31213 std::string response_hash(32, 0); 31214 hash->Finish(string_as_array(&response_hash), response_hash.size()); 31215 if (tag == TPM_ST_SESSIONS) { 31216 CHECK(authorization_delegate) << "Authorization delegate missing!"; 31217 if (!authorization_delegate->CheckResponseAuthorization( 31218 response_hash, 31219 authorization_section_bytes)) { 31220 return TRUNKS_RC_AUTHORIZATION_FAILED; 31221 } 31222 } 31223 return TPM_RC_SUCCESS; 31224 } 31225 31226 void HierarchyControlErrorCallback( 31227 const Tpm::HierarchyControlResponse& callback, 31228 TPM_RC response_code) { 31229 VLOG(1) << __func__; 31230 callback.Run(response_code); 31231 } 31232 31233 void HierarchyControlResponseParser( 31234 const Tpm::HierarchyControlResponse& callback, 31235 AuthorizationDelegate* authorization_delegate, 31236 const std::string& response) { 31237 VLOG(1) << __func__; 31238 base::Callback<void(TPM_RC)> error_reporter = 31239 base::Bind(HierarchyControlErrorCallback, callback); 31240 TPM_RC rc = Tpm::ParseResponse_HierarchyControl( 31241 response, 31242 authorization_delegate); 31243 if (rc != TPM_RC_SUCCESS) { 31244 error_reporter.Run(rc); 31245 return; 31246 } 31247 callback.Run( 31248 rc); 31249 } 31250 31251 void Tpm::HierarchyControl( 31252 const TPMI_RH_HIERARCHY& auth_handle, 31253 const std::string& auth_handle_name, 31254 const TPMI_RH_ENABLES& enable, 31255 const TPMI_YES_NO& state, 31256 AuthorizationDelegate* authorization_delegate, 31257 const HierarchyControlResponse& callback) { 31258 VLOG(1) << __func__; 31259 base::Callback<void(TPM_RC)> error_reporter = 31260 base::Bind(HierarchyControlErrorCallback, callback); 31261 base::Callback<void(const std::string&)> parser = 31262 base::Bind(HierarchyControlResponseParser, 31263 callback, 31264 authorization_delegate); 31265 std::string command; 31266 TPM_RC rc = SerializeCommand_HierarchyControl( 31267 auth_handle, 31268 auth_handle_name, 31269 enable, 31270 state, 31271 &command, 31272 authorization_delegate); 31273 if (rc != TPM_RC_SUCCESS) { 31274 error_reporter.Run(rc); 31275 return; 31276 } 31277 transceiver_->SendCommand(command, parser); 31278 } 31279 31280 TPM_RC Tpm::HierarchyControlSync( 31281 const TPMI_RH_HIERARCHY& auth_handle, 31282 const std::string& auth_handle_name, 31283 const TPMI_RH_ENABLES& enable, 31284 const TPMI_YES_NO& state, 31285 AuthorizationDelegate* authorization_delegate) { 31286 VLOG(1) << __func__; 31287 std::string command; 31288 TPM_RC rc = SerializeCommand_HierarchyControl( 31289 auth_handle, 31290 auth_handle_name, 31291 enable, 31292 state, 31293 &command, 31294 authorization_delegate); 31295 if (rc != TPM_RC_SUCCESS) { 31296 return rc; 31297 } 31298 std::string response = transceiver_->SendCommandAndWait(command); 31299 rc = ParseResponse_HierarchyControl( 31300 response, 31301 authorization_delegate); 31302 return rc; 31303 } 31304 31305 TPM_RC Tpm::SerializeCommand_SetPrimaryPolicy( 31306 const TPMI_RH_HIERARCHY& auth_handle, 31307 const std::string& auth_handle_name, 31308 const TPM2B_DIGEST& auth_policy, 31309 const TPMI_ALG_HASH& hash_alg, 31310 std::string* serialized_command, 31311 AuthorizationDelegate* authorization_delegate) { 31312 VLOG(3) << __func__; 31313 TPM_RC rc = TPM_RC_SUCCESS; 31314 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 31315 UINT32 command_size = 10; // Header size. 31316 std::string handle_section_bytes; 31317 std::string parameter_section_bytes; 31318 TPM_CC command_code = TPM_CC_SetPrimaryPolicy; 31319 bool is_command_parameter_encryption_possible = true; 31320 bool is_response_parameter_encryption_possible = false; 31321 std::string command_code_bytes; 31322 rc = Serialize_TPM_CC( 31323 command_code, 31324 &command_code_bytes); 31325 if (rc != TPM_RC_SUCCESS) { 31326 return rc; 31327 } 31328 std::string auth_handle_bytes; 31329 rc = Serialize_TPMI_RH_HIERARCHY( 31330 auth_handle, 31331 &auth_handle_bytes); 31332 if (rc != TPM_RC_SUCCESS) { 31333 return rc; 31334 } 31335 std::string auth_policy_bytes; 31336 rc = Serialize_TPM2B_DIGEST( 31337 auth_policy, 31338 &auth_policy_bytes); 31339 if (rc != TPM_RC_SUCCESS) { 31340 return rc; 31341 } 31342 std::string hash_alg_bytes; 31343 rc = Serialize_TPMI_ALG_HASH( 31344 hash_alg, 31345 &hash_alg_bytes); 31346 if (rc != TPM_RC_SUCCESS) { 31347 return rc; 31348 } 31349 if (authorization_delegate) { 31350 // Encrypt just the parameter data, not the size. 31351 std::string tmp = auth_policy_bytes.substr(2); 31352 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 31353 return TRUNKS_RC_ENCRYPTION_FAILED; 31354 } 31355 auth_policy_bytes.replace(2, std::string::npos, tmp); 31356 } 31357 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 31358 crypto::SecureHash::SHA256)); 31359 hash->Update(command_code_bytes.data(), 31360 command_code_bytes.size()); 31361 hash->Update(auth_handle_name.data(), 31362 auth_handle_name.size()); 31363 handle_section_bytes += auth_handle_bytes; 31364 command_size += auth_handle_bytes.size(); 31365 hash->Update(auth_policy_bytes.data(), 31366 auth_policy_bytes.size()); 31367 parameter_section_bytes += auth_policy_bytes; 31368 command_size += auth_policy_bytes.size(); 31369 hash->Update(hash_alg_bytes.data(), 31370 hash_alg_bytes.size()); 31371 parameter_section_bytes += hash_alg_bytes; 31372 command_size += hash_alg_bytes.size(); 31373 std::string command_hash(32, 0); 31374 hash->Finish(string_as_array(&command_hash), command_hash.size()); 31375 std::string authorization_section_bytes; 31376 std::string authorization_size_bytes; 31377 if (authorization_delegate) { 31378 if (!authorization_delegate->GetCommandAuthorization( 31379 command_hash, 31380 is_command_parameter_encryption_possible, 31381 is_response_parameter_encryption_possible, 31382 &authorization_section_bytes)) { 31383 return TRUNKS_RC_AUTHORIZATION_FAILED; 31384 } 31385 if (!authorization_section_bytes.empty()) { 31386 tag = TPM_ST_SESSIONS; 31387 std::string tmp; 31388 rc = Serialize_UINT32(authorization_section_bytes.size(), 31389 &authorization_size_bytes); 31390 if (rc != TPM_RC_SUCCESS) { 31391 return rc; 31392 } 31393 command_size += authorization_size_bytes.size() + 31394 authorization_section_bytes.size(); 31395 } 31396 } 31397 std::string tag_bytes; 31398 rc = Serialize_TPMI_ST_COMMAND_TAG( 31399 tag, 31400 &tag_bytes); 31401 if (rc != TPM_RC_SUCCESS) { 31402 return rc; 31403 } 31404 std::string command_size_bytes; 31405 rc = Serialize_UINT32( 31406 command_size, 31407 &command_size_bytes); 31408 if (rc != TPM_RC_SUCCESS) { 31409 return rc; 31410 } 31411 *serialized_command = tag_bytes + 31412 command_size_bytes + 31413 command_code_bytes + 31414 handle_section_bytes + 31415 authorization_size_bytes + 31416 authorization_section_bytes + 31417 parameter_section_bytes; 31418 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 31419 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 31420 serialized_command->size()); 31421 return TPM_RC_SUCCESS; 31422 } 31423 31424 TPM_RC Tpm::ParseResponse_SetPrimaryPolicy( 31425 const std::string& response, 31426 AuthorizationDelegate* authorization_delegate) { 31427 VLOG(3) << __func__; 31428 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 31429 TPM_RC rc = TPM_RC_SUCCESS; 31430 std::string buffer(response); 31431 TPM_ST tag; 31432 std::string tag_bytes; 31433 rc = Parse_TPM_ST( 31434 &buffer, 31435 &tag, 31436 &tag_bytes); 31437 if (rc != TPM_RC_SUCCESS) { 31438 return rc; 31439 } 31440 UINT32 response_size; 31441 std::string response_size_bytes; 31442 rc = Parse_UINT32( 31443 &buffer, 31444 &response_size, 31445 &response_size_bytes); 31446 if (rc != TPM_RC_SUCCESS) { 31447 return rc; 31448 } 31449 TPM_RC response_code; 31450 std::string response_code_bytes; 31451 rc = Parse_TPM_RC( 31452 &buffer, 31453 &response_code, 31454 &response_code_bytes); 31455 if (rc != TPM_RC_SUCCESS) { 31456 return rc; 31457 } 31458 if (response_size != response.size()) { 31459 return TPM_RC_SIZE; 31460 } 31461 if (response_code != TPM_RC_SUCCESS) { 31462 return response_code; 31463 } 31464 TPM_CC command_code = TPM_CC_SetPrimaryPolicy; 31465 std::string command_code_bytes; 31466 rc = Serialize_TPM_CC( 31467 command_code, 31468 &command_code_bytes); 31469 if (rc != TPM_RC_SUCCESS) { 31470 return rc; 31471 } 31472 std::string authorization_section_bytes; 31473 if (tag == TPM_ST_SESSIONS) { 31474 UINT32 parameter_section_size = buffer.size(); 31475 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 31476 if (rc != TPM_RC_SUCCESS) { 31477 return rc; 31478 } 31479 if (parameter_section_size > buffer.size()) { 31480 return TPM_RC_INSUFFICIENT; 31481 } 31482 authorization_section_bytes = buffer.substr(parameter_section_size); 31483 // Keep the parameter section in |buffer|. 31484 buffer.erase(parameter_section_size); 31485 } 31486 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 31487 crypto::SecureHash::SHA256)); 31488 hash->Update(response_code_bytes.data(), 31489 response_code_bytes.size()); 31490 hash->Update(command_code_bytes.data(), 31491 command_code_bytes.size()); 31492 hash->Update(buffer.data(), 31493 buffer.size()); 31494 std::string response_hash(32, 0); 31495 hash->Finish(string_as_array(&response_hash), response_hash.size()); 31496 if (tag == TPM_ST_SESSIONS) { 31497 CHECK(authorization_delegate) << "Authorization delegate missing!"; 31498 if (!authorization_delegate->CheckResponseAuthorization( 31499 response_hash, 31500 authorization_section_bytes)) { 31501 return TRUNKS_RC_AUTHORIZATION_FAILED; 31502 } 31503 } 31504 return TPM_RC_SUCCESS; 31505 } 31506 31507 void SetPrimaryPolicyErrorCallback( 31508 const Tpm::SetPrimaryPolicyResponse& callback, 31509 TPM_RC response_code) { 31510 VLOG(1) << __func__; 31511 callback.Run(response_code); 31512 } 31513 31514 void SetPrimaryPolicyResponseParser( 31515 const Tpm::SetPrimaryPolicyResponse& callback, 31516 AuthorizationDelegate* authorization_delegate, 31517 const std::string& response) { 31518 VLOG(1) << __func__; 31519 base::Callback<void(TPM_RC)> error_reporter = 31520 base::Bind(SetPrimaryPolicyErrorCallback, callback); 31521 TPM_RC rc = Tpm::ParseResponse_SetPrimaryPolicy( 31522 response, 31523 authorization_delegate); 31524 if (rc != TPM_RC_SUCCESS) { 31525 error_reporter.Run(rc); 31526 return; 31527 } 31528 callback.Run( 31529 rc); 31530 } 31531 31532 void Tpm::SetPrimaryPolicy( 31533 const TPMI_RH_HIERARCHY& auth_handle, 31534 const std::string& auth_handle_name, 31535 const TPM2B_DIGEST& auth_policy, 31536 const TPMI_ALG_HASH& hash_alg, 31537 AuthorizationDelegate* authorization_delegate, 31538 const SetPrimaryPolicyResponse& callback) { 31539 VLOG(1) << __func__; 31540 base::Callback<void(TPM_RC)> error_reporter = 31541 base::Bind(SetPrimaryPolicyErrorCallback, callback); 31542 base::Callback<void(const std::string&)> parser = 31543 base::Bind(SetPrimaryPolicyResponseParser, 31544 callback, 31545 authorization_delegate); 31546 std::string command; 31547 TPM_RC rc = SerializeCommand_SetPrimaryPolicy( 31548 auth_handle, 31549 auth_handle_name, 31550 auth_policy, 31551 hash_alg, 31552 &command, 31553 authorization_delegate); 31554 if (rc != TPM_RC_SUCCESS) { 31555 error_reporter.Run(rc); 31556 return; 31557 } 31558 transceiver_->SendCommand(command, parser); 31559 } 31560 31561 TPM_RC Tpm::SetPrimaryPolicySync( 31562 const TPMI_RH_HIERARCHY& auth_handle, 31563 const std::string& auth_handle_name, 31564 const TPM2B_DIGEST& auth_policy, 31565 const TPMI_ALG_HASH& hash_alg, 31566 AuthorizationDelegate* authorization_delegate) { 31567 VLOG(1) << __func__; 31568 std::string command; 31569 TPM_RC rc = SerializeCommand_SetPrimaryPolicy( 31570 auth_handle, 31571 auth_handle_name, 31572 auth_policy, 31573 hash_alg, 31574 &command, 31575 authorization_delegate); 31576 if (rc != TPM_RC_SUCCESS) { 31577 return rc; 31578 } 31579 std::string response = transceiver_->SendCommandAndWait(command); 31580 rc = ParseResponse_SetPrimaryPolicy( 31581 response, 31582 authorization_delegate); 31583 return rc; 31584 } 31585 31586 TPM_RC Tpm::SerializeCommand_ChangePPS( 31587 const TPMI_RH_PLATFORM& auth_handle, 31588 const std::string& auth_handle_name, 31589 std::string* serialized_command, 31590 AuthorizationDelegate* authorization_delegate) { 31591 VLOG(3) << __func__; 31592 TPM_RC rc = TPM_RC_SUCCESS; 31593 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 31594 UINT32 command_size = 10; // Header size. 31595 std::string handle_section_bytes; 31596 std::string parameter_section_bytes; 31597 TPM_CC command_code = TPM_CC_ChangePPS; 31598 bool is_command_parameter_encryption_possible = false; 31599 bool is_response_parameter_encryption_possible = false; 31600 std::string command_code_bytes; 31601 rc = Serialize_TPM_CC( 31602 command_code, 31603 &command_code_bytes); 31604 if (rc != TPM_RC_SUCCESS) { 31605 return rc; 31606 } 31607 std::string auth_handle_bytes; 31608 rc = Serialize_TPMI_RH_PLATFORM( 31609 auth_handle, 31610 &auth_handle_bytes); 31611 if (rc != TPM_RC_SUCCESS) { 31612 return rc; 31613 } 31614 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 31615 crypto::SecureHash::SHA256)); 31616 hash->Update(command_code_bytes.data(), 31617 command_code_bytes.size()); 31618 hash->Update(auth_handle_name.data(), 31619 auth_handle_name.size()); 31620 handle_section_bytes += auth_handle_bytes; 31621 command_size += auth_handle_bytes.size(); 31622 std::string command_hash(32, 0); 31623 hash->Finish(string_as_array(&command_hash), command_hash.size()); 31624 std::string authorization_section_bytes; 31625 std::string authorization_size_bytes; 31626 if (authorization_delegate) { 31627 if (!authorization_delegate->GetCommandAuthorization( 31628 command_hash, 31629 is_command_parameter_encryption_possible, 31630 is_response_parameter_encryption_possible, 31631 &authorization_section_bytes)) { 31632 return TRUNKS_RC_AUTHORIZATION_FAILED; 31633 } 31634 if (!authorization_section_bytes.empty()) { 31635 tag = TPM_ST_SESSIONS; 31636 std::string tmp; 31637 rc = Serialize_UINT32(authorization_section_bytes.size(), 31638 &authorization_size_bytes); 31639 if (rc != TPM_RC_SUCCESS) { 31640 return rc; 31641 } 31642 command_size += authorization_size_bytes.size() + 31643 authorization_section_bytes.size(); 31644 } 31645 } 31646 std::string tag_bytes; 31647 rc = Serialize_TPMI_ST_COMMAND_TAG( 31648 tag, 31649 &tag_bytes); 31650 if (rc != TPM_RC_SUCCESS) { 31651 return rc; 31652 } 31653 std::string command_size_bytes; 31654 rc = Serialize_UINT32( 31655 command_size, 31656 &command_size_bytes); 31657 if (rc != TPM_RC_SUCCESS) { 31658 return rc; 31659 } 31660 *serialized_command = tag_bytes + 31661 command_size_bytes + 31662 command_code_bytes + 31663 handle_section_bytes + 31664 authorization_size_bytes + 31665 authorization_section_bytes + 31666 parameter_section_bytes; 31667 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 31668 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 31669 serialized_command->size()); 31670 return TPM_RC_SUCCESS; 31671 } 31672 31673 TPM_RC Tpm::ParseResponse_ChangePPS( 31674 const std::string& response, 31675 AuthorizationDelegate* authorization_delegate) { 31676 VLOG(3) << __func__; 31677 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 31678 TPM_RC rc = TPM_RC_SUCCESS; 31679 std::string buffer(response); 31680 TPM_ST tag; 31681 std::string tag_bytes; 31682 rc = Parse_TPM_ST( 31683 &buffer, 31684 &tag, 31685 &tag_bytes); 31686 if (rc != TPM_RC_SUCCESS) { 31687 return rc; 31688 } 31689 UINT32 response_size; 31690 std::string response_size_bytes; 31691 rc = Parse_UINT32( 31692 &buffer, 31693 &response_size, 31694 &response_size_bytes); 31695 if (rc != TPM_RC_SUCCESS) { 31696 return rc; 31697 } 31698 TPM_RC response_code; 31699 std::string response_code_bytes; 31700 rc = Parse_TPM_RC( 31701 &buffer, 31702 &response_code, 31703 &response_code_bytes); 31704 if (rc != TPM_RC_SUCCESS) { 31705 return rc; 31706 } 31707 if (response_size != response.size()) { 31708 return TPM_RC_SIZE; 31709 } 31710 if (response_code != TPM_RC_SUCCESS) { 31711 return response_code; 31712 } 31713 TPM_CC command_code = TPM_CC_ChangePPS; 31714 std::string command_code_bytes; 31715 rc = Serialize_TPM_CC( 31716 command_code, 31717 &command_code_bytes); 31718 if (rc != TPM_RC_SUCCESS) { 31719 return rc; 31720 } 31721 std::string authorization_section_bytes; 31722 if (tag == TPM_ST_SESSIONS) { 31723 UINT32 parameter_section_size = buffer.size(); 31724 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 31725 if (rc != TPM_RC_SUCCESS) { 31726 return rc; 31727 } 31728 if (parameter_section_size > buffer.size()) { 31729 return TPM_RC_INSUFFICIENT; 31730 } 31731 authorization_section_bytes = buffer.substr(parameter_section_size); 31732 // Keep the parameter section in |buffer|. 31733 buffer.erase(parameter_section_size); 31734 } 31735 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 31736 crypto::SecureHash::SHA256)); 31737 hash->Update(response_code_bytes.data(), 31738 response_code_bytes.size()); 31739 hash->Update(command_code_bytes.data(), 31740 command_code_bytes.size()); 31741 hash->Update(buffer.data(), 31742 buffer.size()); 31743 std::string response_hash(32, 0); 31744 hash->Finish(string_as_array(&response_hash), response_hash.size()); 31745 if (tag == TPM_ST_SESSIONS) { 31746 CHECK(authorization_delegate) << "Authorization delegate missing!"; 31747 if (!authorization_delegate->CheckResponseAuthorization( 31748 response_hash, 31749 authorization_section_bytes)) { 31750 return TRUNKS_RC_AUTHORIZATION_FAILED; 31751 } 31752 } 31753 return TPM_RC_SUCCESS; 31754 } 31755 31756 void ChangePPSErrorCallback( 31757 const Tpm::ChangePPSResponse& callback, 31758 TPM_RC response_code) { 31759 VLOG(1) << __func__; 31760 callback.Run(response_code); 31761 } 31762 31763 void ChangePPSResponseParser( 31764 const Tpm::ChangePPSResponse& callback, 31765 AuthorizationDelegate* authorization_delegate, 31766 const std::string& response) { 31767 VLOG(1) << __func__; 31768 base::Callback<void(TPM_RC)> error_reporter = 31769 base::Bind(ChangePPSErrorCallback, callback); 31770 TPM_RC rc = Tpm::ParseResponse_ChangePPS( 31771 response, 31772 authorization_delegate); 31773 if (rc != TPM_RC_SUCCESS) { 31774 error_reporter.Run(rc); 31775 return; 31776 } 31777 callback.Run( 31778 rc); 31779 } 31780 31781 void Tpm::ChangePPS( 31782 const TPMI_RH_PLATFORM& auth_handle, 31783 const std::string& auth_handle_name, 31784 AuthorizationDelegate* authorization_delegate, 31785 const ChangePPSResponse& callback) { 31786 VLOG(1) << __func__; 31787 base::Callback<void(TPM_RC)> error_reporter = 31788 base::Bind(ChangePPSErrorCallback, callback); 31789 base::Callback<void(const std::string&)> parser = 31790 base::Bind(ChangePPSResponseParser, 31791 callback, 31792 authorization_delegate); 31793 std::string command; 31794 TPM_RC rc = SerializeCommand_ChangePPS( 31795 auth_handle, 31796 auth_handle_name, 31797 &command, 31798 authorization_delegate); 31799 if (rc != TPM_RC_SUCCESS) { 31800 error_reporter.Run(rc); 31801 return; 31802 } 31803 transceiver_->SendCommand(command, parser); 31804 } 31805 31806 TPM_RC Tpm::ChangePPSSync( 31807 const TPMI_RH_PLATFORM& auth_handle, 31808 const std::string& auth_handle_name, 31809 AuthorizationDelegate* authorization_delegate) { 31810 VLOG(1) << __func__; 31811 std::string command; 31812 TPM_RC rc = SerializeCommand_ChangePPS( 31813 auth_handle, 31814 auth_handle_name, 31815 &command, 31816 authorization_delegate); 31817 if (rc != TPM_RC_SUCCESS) { 31818 return rc; 31819 } 31820 std::string response = transceiver_->SendCommandAndWait(command); 31821 rc = ParseResponse_ChangePPS( 31822 response, 31823 authorization_delegate); 31824 return rc; 31825 } 31826 31827 TPM_RC Tpm::SerializeCommand_ChangeEPS( 31828 const TPMI_RH_PLATFORM& auth_handle, 31829 const std::string& auth_handle_name, 31830 std::string* serialized_command, 31831 AuthorizationDelegate* authorization_delegate) { 31832 VLOG(3) << __func__; 31833 TPM_RC rc = TPM_RC_SUCCESS; 31834 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 31835 UINT32 command_size = 10; // Header size. 31836 std::string handle_section_bytes; 31837 std::string parameter_section_bytes; 31838 TPM_CC command_code = TPM_CC_ChangeEPS; 31839 bool is_command_parameter_encryption_possible = false; 31840 bool is_response_parameter_encryption_possible = false; 31841 std::string command_code_bytes; 31842 rc = Serialize_TPM_CC( 31843 command_code, 31844 &command_code_bytes); 31845 if (rc != TPM_RC_SUCCESS) { 31846 return rc; 31847 } 31848 std::string auth_handle_bytes; 31849 rc = Serialize_TPMI_RH_PLATFORM( 31850 auth_handle, 31851 &auth_handle_bytes); 31852 if (rc != TPM_RC_SUCCESS) { 31853 return rc; 31854 } 31855 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 31856 crypto::SecureHash::SHA256)); 31857 hash->Update(command_code_bytes.data(), 31858 command_code_bytes.size()); 31859 hash->Update(auth_handle_name.data(), 31860 auth_handle_name.size()); 31861 handle_section_bytes += auth_handle_bytes; 31862 command_size += auth_handle_bytes.size(); 31863 std::string command_hash(32, 0); 31864 hash->Finish(string_as_array(&command_hash), command_hash.size()); 31865 std::string authorization_section_bytes; 31866 std::string authorization_size_bytes; 31867 if (authorization_delegate) { 31868 if (!authorization_delegate->GetCommandAuthorization( 31869 command_hash, 31870 is_command_parameter_encryption_possible, 31871 is_response_parameter_encryption_possible, 31872 &authorization_section_bytes)) { 31873 return TRUNKS_RC_AUTHORIZATION_FAILED; 31874 } 31875 if (!authorization_section_bytes.empty()) { 31876 tag = TPM_ST_SESSIONS; 31877 std::string tmp; 31878 rc = Serialize_UINT32(authorization_section_bytes.size(), 31879 &authorization_size_bytes); 31880 if (rc != TPM_RC_SUCCESS) { 31881 return rc; 31882 } 31883 command_size += authorization_size_bytes.size() + 31884 authorization_section_bytes.size(); 31885 } 31886 } 31887 std::string tag_bytes; 31888 rc = Serialize_TPMI_ST_COMMAND_TAG( 31889 tag, 31890 &tag_bytes); 31891 if (rc != TPM_RC_SUCCESS) { 31892 return rc; 31893 } 31894 std::string command_size_bytes; 31895 rc = Serialize_UINT32( 31896 command_size, 31897 &command_size_bytes); 31898 if (rc != TPM_RC_SUCCESS) { 31899 return rc; 31900 } 31901 *serialized_command = tag_bytes + 31902 command_size_bytes + 31903 command_code_bytes + 31904 handle_section_bytes + 31905 authorization_size_bytes + 31906 authorization_section_bytes + 31907 parameter_section_bytes; 31908 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 31909 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 31910 serialized_command->size()); 31911 return TPM_RC_SUCCESS; 31912 } 31913 31914 TPM_RC Tpm::ParseResponse_ChangeEPS( 31915 const std::string& response, 31916 AuthorizationDelegate* authorization_delegate) { 31917 VLOG(3) << __func__; 31918 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 31919 TPM_RC rc = TPM_RC_SUCCESS; 31920 std::string buffer(response); 31921 TPM_ST tag; 31922 std::string tag_bytes; 31923 rc = Parse_TPM_ST( 31924 &buffer, 31925 &tag, 31926 &tag_bytes); 31927 if (rc != TPM_RC_SUCCESS) { 31928 return rc; 31929 } 31930 UINT32 response_size; 31931 std::string response_size_bytes; 31932 rc = Parse_UINT32( 31933 &buffer, 31934 &response_size, 31935 &response_size_bytes); 31936 if (rc != TPM_RC_SUCCESS) { 31937 return rc; 31938 } 31939 TPM_RC response_code; 31940 std::string response_code_bytes; 31941 rc = Parse_TPM_RC( 31942 &buffer, 31943 &response_code, 31944 &response_code_bytes); 31945 if (rc != TPM_RC_SUCCESS) { 31946 return rc; 31947 } 31948 if (response_size != response.size()) { 31949 return TPM_RC_SIZE; 31950 } 31951 if (response_code != TPM_RC_SUCCESS) { 31952 return response_code; 31953 } 31954 TPM_CC command_code = TPM_CC_ChangeEPS; 31955 std::string command_code_bytes; 31956 rc = Serialize_TPM_CC( 31957 command_code, 31958 &command_code_bytes); 31959 if (rc != TPM_RC_SUCCESS) { 31960 return rc; 31961 } 31962 std::string authorization_section_bytes; 31963 if (tag == TPM_ST_SESSIONS) { 31964 UINT32 parameter_section_size = buffer.size(); 31965 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 31966 if (rc != TPM_RC_SUCCESS) { 31967 return rc; 31968 } 31969 if (parameter_section_size > buffer.size()) { 31970 return TPM_RC_INSUFFICIENT; 31971 } 31972 authorization_section_bytes = buffer.substr(parameter_section_size); 31973 // Keep the parameter section in |buffer|. 31974 buffer.erase(parameter_section_size); 31975 } 31976 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 31977 crypto::SecureHash::SHA256)); 31978 hash->Update(response_code_bytes.data(), 31979 response_code_bytes.size()); 31980 hash->Update(command_code_bytes.data(), 31981 command_code_bytes.size()); 31982 hash->Update(buffer.data(), 31983 buffer.size()); 31984 std::string response_hash(32, 0); 31985 hash->Finish(string_as_array(&response_hash), response_hash.size()); 31986 if (tag == TPM_ST_SESSIONS) { 31987 CHECK(authorization_delegate) << "Authorization delegate missing!"; 31988 if (!authorization_delegate->CheckResponseAuthorization( 31989 response_hash, 31990 authorization_section_bytes)) { 31991 return TRUNKS_RC_AUTHORIZATION_FAILED; 31992 } 31993 } 31994 return TPM_RC_SUCCESS; 31995 } 31996 31997 void ChangeEPSErrorCallback( 31998 const Tpm::ChangeEPSResponse& callback, 31999 TPM_RC response_code) { 32000 VLOG(1) << __func__; 32001 callback.Run(response_code); 32002 } 32003 32004 void ChangeEPSResponseParser( 32005 const Tpm::ChangeEPSResponse& callback, 32006 AuthorizationDelegate* authorization_delegate, 32007 const std::string& response) { 32008 VLOG(1) << __func__; 32009 base::Callback<void(TPM_RC)> error_reporter = 32010 base::Bind(ChangeEPSErrorCallback, callback); 32011 TPM_RC rc = Tpm::ParseResponse_ChangeEPS( 32012 response, 32013 authorization_delegate); 32014 if (rc != TPM_RC_SUCCESS) { 32015 error_reporter.Run(rc); 32016 return; 32017 } 32018 callback.Run( 32019 rc); 32020 } 32021 32022 void Tpm::ChangeEPS( 32023 const TPMI_RH_PLATFORM& auth_handle, 32024 const std::string& auth_handle_name, 32025 AuthorizationDelegate* authorization_delegate, 32026 const ChangeEPSResponse& callback) { 32027 VLOG(1) << __func__; 32028 base::Callback<void(TPM_RC)> error_reporter = 32029 base::Bind(ChangeEPSErrorCallback, callback); 32030 base::Callback<void(const std::string&)> parser = 32031 base::Bind(ChangeEPSResponseParser, 32032 callback, 32033 authorization_delegate); 32034 std::string command; 32035 TPM_RC rc = SerializeCommand_ChangeEPS( 32036 auth_handle, 32037 auth_handle_name, 32038 &command, 32039 authorization_delegate); 32040 if (rc != TPM_RC_SUCCESS) { 32041 error_reporter.Run(rc); 32042 return; 32043 } 32044 transceiver_->SendCommand(command, parser); 32045 } 32046 32047 TPM_RC Tpm::ChangeEPSSync( 32048 const TPMI_RH_PLATFORM& auth_handle, 32049 const std::string& auth_handle_name, 32050 AuthorizationDelegate* authorization_delegate) { 32051 VLOG(1) << __func__; 32052 std::string command; 32053 TPM_RC rc = SerializeCommand_ChangeEPS( 32054 auth_handle, 32055 auth_handle_name, 32056 &command, 32057 authorization_delegate); 32058 if (rc != TPM_RC_SUCCESS) { 32059 return rc; 32060 } 32061 std::string response = transceiver_->SendCommandAndWait(command); 32062 rc = ParseResponse_ChangeEPS( 32063 response, 32064 authorization_delegate); 32065 return rc; 32066 } 32067 32068 TPM_RC Tpm::SerializeCommand_Clear( 32069 const TPMI_RH_CLEAR& auth_handle, 32070 const std::string& auth_handle_name, 32071 std::string* serialized_command, 32072 AuthorizationDelegate* authorization_delegate) { 32073 VLOG(3) << __func__; 32074 TPM_RC rc = TPM_RC_SUCCESS; 32075 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 32076 UINT32 command_size = 10; // Header size. 32077 std::string handle_section_bytes; 32078 std::string parameter_section_bytes; 32079 TPM_CC command_code = TPM_CC_Clear; 32080 bool is_command_parameter_encryption_possible = false; 32081 bool is_response_parameter_encryption_possible = false; 32082 std::string command_code_bytes; 32083 rc = Serialize_TPM_CC( 32084 command_code, 32085 &command_code_bytes); 32086 if (rc != TPM_RC_SUCCESS) { 32087 return rc; 32088 } 32089 std::string auth_handle_bytes; 32090 rc = Serialize_TPMI_RH_CLEAR( 32091 auth_handle, 32092 &auth_handle_bytes); 32093 if (rc != TPM_RC_SUCCESS) { 32094 return rc; 32095 } 32096 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 32097 crypto::SecureHash::SHA256)); 32098 hash->Update(command_code_bytes.data(), 32099 command_code_bytes.size()); 32100 hash->Update(auth_handle_name.data(), 32101 auth_handle_name.size()); 32102 handle_section_bytes += auth_handle_bytes; 32103 command_size += auth_handle_bytes.size(); 32104 std::string command_hash(32, 0); 32105 hash->Finish(string_as_array(&command_hash), command_hash.size()); 32106 std::string authorization_section_bytes; 32107 std::string authorization_size_bytes; 32108 if (authorization_delegate) { 32109 if (!authorization_delegate->GetCommandAuthorization( 32110 command_hash, 32111 is_command_parameter_encryption_possible, 32112 is_response_parameter_encryption_possible, 32113 &authorization_section_bytes)) { 32114 return TRUNKS_RC_AUTHORIZATION_FAILED; 32115 } 32116 if (!authorization_section_bytes.empty()) { 32117 tag = TPM_ST_SESSIONS; 32118 std::string tmp; 32119 rc = Serialize_UINT32(authorization_section_bytes.size(), 32120 &authorization_size_bytes); 32121 if (rc != TPM_RC_SUCCESS) { 32122 return rc; 32123 } 32124 command_size += authorization_size_bytes.size() + 32125 authorization_section_bytes.size(); 32126 } 32127 } 32128 std::string tag_bytes; 32129 rc = Serialize_TPMI_ST_COMMAND_TAG( 32130 tag, 32131 &tag_bytes); 32132 if (rc != TPM_RC_SUCCESS) { 32133 return rc; 32134 } 32135 std::string command_size_bytes; 32136 rc = Serialize_UINT32( 32137 command_size, 32138 &command_size_bytes); 32139 if (rc != TPM_RC_SUCCESS) { 32140 return rc; 32141 } 32142 *serialized_command = tag_bytes + 32143 command_size_bytes + 32144 command_code_bytes + 32145 handle_section_bytes + 32146 authorization_size_bytes + 32147 authorization_section_bytes + 32148 parameter_section_bytes; 32149 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 32150 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 32151 serialized_command->size()); 32152 return TPM_RC_SUCCESS; 32153 } 32154 32155 TPM_RC Tpm::ParseResponse_Clear( 32156 const std::string& response, 32157 AuthorizationDelegate* authorization_delegate) { 32158 VLOG(3) << __func__; 32159 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 32160 TPM_RC rc = TPM_RC_SUCCESS; 32161 std::string buffer(response); 32162 TPM_ST tag; 32163 std::string tag_bytes; 32164 rc = Parse_TPM_ST( 32165 &buffer, 32166 &tag, 32167 &tag_bytes); 32168 if (rc != TPM_RC_SUCCESS) { 32169 return rc; 32170 } 32171 UINT32 response_size; 32172 std::string response_size_bytes; 32173 rc = Parse_UINT32( 32174 &buffer, 32175 &response_size, 32176 &response_size_bytes); 32177 if (rc != TPM_RC_SUCCESS) { 32178 return rc; 32179 } 32180 TPM_RC response_code; 32181 std::string response_code_bytes; 32182 rc = Parse_TPM_RC( 32183 &buffer, 32184 &response_code, 32185 &response_code_bytes); 32186 if (rc != TPM_RC_SUCCESS) { 32187 return rc; 32188 } 32189 if (response_size != response.size()) { 32190 return TPM_RC_SIZE; 32191 } 32192 if (response_code != TPM_RC_SUCCESS) { 32193 return response_code; 32194 } 32195 TPM_CC command_code = TPM_CC_Clear; 32196 std::string command_code_bytes; 32197 rc = Serialize_TPM_CC( 32198 command_code, 32199 &command_code_bytes); 32200 if (rc != TPM_RC_SUCCESS) { 32201 return rc; 32202 } 32203 std::string authorization_section_bytes; 32204 if (tag == TPM_ST_SESSIONS) { 32205 UINT32 parameter_section_size = buffer.size(); 32206 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 32207 if (rc != TPM_RC_SUCCESS) { 32208 return rc; 32209 } 32210 if (parameter_section_size > buffer.size()) { 32211 return TPM_RC_INSUFFICIENT; 32212 } 32213 authorization_section_bytes = buffer.substr(parameter_section_size); 32214 // Keep the parameter section in |buffer|. 32215 buffer.erase(parameter_section_size); 32216 } 32217 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 32218 crypto::SecureHash::SHA256)); 32219 hash->Update(response_code_bytes.data(), 32220 response_code_bytes.size()); 32221 hash->Update(command_code_bytes.data(), 32222 command_code_bytes.size()); 32223 hash->Update(buffer.data(), 32224 buffer.size()); 32225 std::string response_hash(32, 0); 32226 hash->Finish(string_as_array(&response_hash), response_hash.size()); 32227 if (tag == TPM_ST_SESSIONS) { 32228 CHECK(authorization_delegate) << "Authorization delegate missing!"; 32229 if (!authorization_delegate->CheckResponseAuthorization( 32230 response_hash, 32231 authorization_section_bytes)) { 32232 return TRUNKS_RC_AUTHORIZATION_FAILED; 32233 } 32234 } 32235 return TPM_RC_SUCCESS; 32236 } 32237 32238 void ClearErrorCallback( 32239 const Tpm::ClearResponse& callback, 32240 TPM_RC response_code) { 32241 VLOG(1) << __func__; 32242 callback.Run(response_code); 32243 } 32244 32245 void ClearResponseParser( 32246 const Tpm::ClearResponse& callback, 32247 AuthorizationDelegate* authorization_delegate, 32248 const std::string& response) { 32249 VLOG(1) << __func__; 32250 base::Callback<void(TPM_RC)> error_reporter = 32251 base::Bind(ClearErrorCallback, callback); 32252 TPM_RC rc = Tpm::ParseResponse_Clear( 32253 response, 32254 authorization_delegate); 32255 if (rc != TPM_RC_SUCCESS) { 32256 error_reporter.Run(rc); 32257 return; 32258 } 32259 callback.Run( 32260 rc); 32261 } 32262 32263 void Tpm::Clear( 32264 const TPMI_RH_CLEAR& auth_handle, 32265 const std::string& auth_handle_name, 32266 AuthorizationDelegate* authorization_delegate, 32267 const ClearResponse& callback) { 32268 VLOG(1) << __func__; 32269 base::Callback<void(TPM_RC)> error_reporter = 32270 base::Bind(ClearErrorCallback, callback); 32271 base::Callback<void(const std::string&)> parser = 32272 base::Bind(ClearResponseParser, 32273 callback, 32274 authorization_delegate); 32275 std::string command; 32276 TPM_RC rc = SerializeCommand_Clear( 32277 auth_handle, 32278 auth_handle_name, 32279 &command, 32280 authorization_delegate); 32281 if (rc != TPM_RC_SUCCESS) { 32282 error_reporter.Run(rc); 32283 return; 32284 } 32285 transceiver_->SendCommand(command, parser); 32286 } 32287 32288 TPM_RC Tpm::ClearSync( 32289 const TPMI_RH_CLEAR& auth_handle, 32290 const std::string& auth_handle_name, 32291 AuthorizationDelegate* authorization_delegate) { 32292 VLOG(1) << __func__; 32293 std::string command; 32294 TPM_RC rc = SerializeCommand_Clear( 32295 auth_handle, 32296 auth_handle_name, 32297 &command, 32298 authorization_delegate); 32299 if (rc != TPM_RC_SUCCESS) { 32300 return rc; 32301 } 32302 std::string response = transceiver_->SendCommandAndWait(command); 32303 rc = ParseResponse_Clear( 32304 response, 32305 authorization_delegate); 32306 return rc; 32307 } 32308 32309 TPM_RC Tpm::SerializeCommand_ClearControl( 32310 const TPMI_RH_CLEAR& auth, 32311 const std::string& auth_name, 32312 const TPMI_YES_NO& disable, 32313 std::string* serialized_command, 32314 AuthorizationDelegate* authorization_delegate) { 32315 VLOG(3) << __func__; 32316 TPM_RC rc = TPM_RC_SUCCESS; 32317 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 32318 UINT32 command_size = 10; // Header size. 32319 std::string handle_section_bytes; 32320 std::string parameter_section_bytes; 32321 TPM_CC command_code = TPM_CC_ClearControl; 32322 bool is_command_parameter_encryption_possible = false; 32323 bool is_response_parameter_encryption_possible = false; 32324 std::string command_code_bytes; 32325 rc = Serialize_TPM_CC( 32326 command_code, 32327 &command_code_bytes); 32328 if (rc != TPM_RC_SUCCESS) { 32329 return rc; 32330 } 32331 std::string auth_bytes; 32332 rc = Serialize_TPMI_RH_CLEAR( 32333 auth, 32334 &auth_bytes); 32335 if (rc != TPM_RC_SUCCESS) { 32336 return rc; 32337 } 32338 std::string disable_bytes; 32339 rc = Serialize_TPMI_YES_NO( 32340 disable, 32341 &disable_bytes); 32342 if (rc != TPM_RC_SUCCESS) { 32343 return rc; 32344 } 32345 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 32346 crypto::SecureHash::SHA256)); 32347 hash->Update(command_code_bytes.data(), 32348 command_code_bytes.size()); 32349 hash->Update(auth_name.data(), 32350 auth_name.size()); 32351 handle_section_bytes += auth_bytes; 32352 command_size += auth_bytes.size(); 32353 hash->Update(disable_bytes.data(), 32354 disable_bytes.size()); 32355 parameter_section_bytes += disable_bytes; 32356 command_size += disable_bytes.size(); 32357 std::string command_hash(32, 0); 32358 hash->Finish(string_as_array(&command_hash), command_hash.size()); 32359 std::string authorization_section_bytes; 32360 std::string authorization_size_bytes; 32361 if (authorization_delegate) { 32362 if (!authorization_delegate->GetCommandAuthorization( 32363 command_hash, 32364 is_command_parameter_encryption_possible, 32365 is_response_parameter_encryption_possible, 32366 &authorization_section_bytes)) { 32367 return TRUNKS_RC_AUTHORIZATION_FAILED; 32368 } 32369 if (!authorization_section_bytes.empty()) { 32370 tag = TPM_ST_SESSIONS; 32371 std::string tmp; 32372 rc = Serialize_UINT32(authorization_section_bytes.size(), 32373 &authorization_size_bytes); 32374 if (rc != TPM_RC_SUCCESS) { 32375 return rc; 32376 } 32377 command_size += authorization_size_bytes.size() + 32378 authorization_section_bytes.size(); 32379 } 32380 } 32381 std::string tag_bytes; 32382 rc = Serialize_TPMI_ST_COMMAND_TAG( 32383 tag, 32384 &tag_bytes); 32385 if (rc != TPM_RC_SUCCESS) { 32386 return rc; 32387 } 32388 std::string command_size_bytes; 32389 rc = Serialize_UINT32( 32390 command_size, 32391 &command_size_bytes); 32392 if (rc != TPM_RC_SUCCESS) { 32393 return rc; 32394 } 32395 *serialized_command = tag_bytes + 32396 command_size_bytes + 32397 command_code_bytes + 32398 handle_section_bytes + 32399 authorization_size_bytes + 32400 authorization_section_bytes + 32401 parameter_section_bytes; 32402 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 32403 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 32404 serialized_command->size()); 32405 return TPM_RC_SUCCESS; 32406 } 32407 32408 TPM_RC Tpm::ParseResponse_ClearControl( 32409 const std::string& response, 32410 AuthorizationDelegate* authorization_delegate) { 32411 VLOG(3) << __func__; 32412 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 32413 TPM_RC rc = TPM_RC_SUCCESS; 32414 std::string buffer(response); 32415 TPM_ST tag; 32416 std::string tag_bytes; 32417 rc = Parse_TPM_ST( 32418 &buffer, 32419 &tag, 32420 &tag_bytes); 32421 if (rc != TPM_RC_SUCCESS) { 32422 return rc; 32423 } 32424 UINT32 response_size; 32425 std::string response_size_bytes; 32426 rc = Parse_UINT32( 32427 &buffer, 32428 &response_size, 32429 &response_size_bytes); 32430 if (rc != TPM_RC_SUCCESS) { 32431 return rc; 32432 } 32433 TPM_RC response_code; 32434 std::string response_code_bytes; 32435 rc = Parse_TPM_RC( 32436 &buffer, 32437 &response_code, 32438 &response_code_bytes); 32439 if (rc != TPM_RC_SUCCESS) { 32440 return rc; 32441 } 32442 if (response_size != response.size()) { 32443 return TPM_RC_SIZE; 32444 } 32445 if (response_code != TPM_RC_SUCCESS) { 32446 return response_code; 32447 } 32448 TPM_CC command_code = TPM_CC_ClearControl; 32449 std::string command_code_bytes; 32450 rc = Serialize_TPM_CC( 32451 command_code, 32452 &command_code_bytes); 32453 if (rc != TPM_RC_SUCCESS) { 32454 return rc; 32455 } 32456 std::string authorization_section_bytes; 32457 if (tag == TPM_ST_SESSIONS) { 32458 UINT32 parameter_section_size = buffer.size(); 32459 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 32460 if (rc != TPM_RC_SUCCESS) { 32461 return rc; 32462 } 32463 if (parameter_section_size > buffer.size()) { 32464 return TPM_RC_INSUFFICIENT; 32465 } 32466 authorization_section_bytes = buffer.substr(parameter_section_size); 32467 // Keep the parameter section in |buffer|. 32468 buffer.erase(parameter_section_size); 32469 } 32470 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 32471 crypto::SecureHash::SHA256)); 32472 hash->Update(response_code_bytes.data(), 32473 response_code_bytes.size()); 32474 hash->Update(command_code_bytes.data(), 32475 command_code_bytes.size()); 32476 hash->Update(buffer.data(), 32477 buffer.size()); 32478 std::string response_hash(32, 0); 32479 hash->Finish(string_as_array(&response_hash), response_hash.size()); 32480 if (tag == TPM_ST_SESSIONS) { 32481 CHECK(authorization_delegate) << "Authorization delegate missing!"; 32482 if (!authorization_delegate->CheckResponseAuthorization( 32483 response_hash, 32484 authorization_section_bytes)) { 32485 return TRUNKS_RC_AUTHORIZATION_FAILED; 32486 } 32487 } 32488 return TPM_RC_SUCCESS; 32489 } 32490 32491 void ClearControlErrorCallback( 32492 const Tpm::ClearControlResponse& callback, 32493 TPM_RC response_code) { 32494 VLOG(1) << __func__; 32495 callback.Run(response_code); 32496 } 32497 32498 void ClearControlResponseParser( 32499 const Tpm::ClearControlResponse& callback, 32500 AuthorizationDelegate* authorization_delegate, 32501 const std::string& response) { 32502 VLOG(1) << __func__; 32503 base::Callback<void(TPM_RC)> error_reporter = 32504 base::Bind(ClearControlErrorCallback, callback); 32505 TPM_RC rc = Tpm::ParseResponse_ClearControl( 32506 response, 32507 authorization_delegate); 32508 if (rc != TPM_RC_SUCCESS) { 32509 error_reporter.Run(rc); 32510 return; 32511 } 32512 callback.Run( 32513 rc); 32514 } 32515 32516 void Tpm::ClearControl( 32517 const TPMI_RH_CLEAR& auth, 32518 const std::string& auth_name, 32519 const TPMI_YES_NO& disable, 32520 AuthorizationDelegate* authorization_delegate, 32521 const ClearControlResponse& callback) { 32522 VLOG(1) << __func__; 32523 base::Callback<void(TPM_RC)> error_reporter = 32524 base::Bind(ClearControlErrorCallback, callback); 32525 base::Callback<void(const std::string&)> parser = 32526 base::Bind(ClearControlResponseParser, 32527 callback, 32528 authorization_delegate); 32529 std::string command; 32530 TPM_RC rc = SerializeCommand_ClearControl( 32531 auth, 32532 auth_name, 32533 disable, 32534 &command, 32535 authorization_delegate); 32536 if (rc != TPM_RC_SUCCESS) { 32537 error_reporter.Run(rc); 32538 return; 32539 } 32540 transceiver_->SendCommand(command, parser); 32541 } 32542 32543 TPM_RC Tpm::ClearControlSync( 32544 const TPMI_RH_CLEAR& auth, 32545 const std::string& auth_name, 32546 const TPMI_YES_NO& disable, 32547 AuthorizationDelegate* authorization_delegate) { 32548 VLOG(1) << __func__; 32549 std::string command; 32550 TPM_RC rc = SerializeCommand_ClearControl( 32551 auth, 32552 auth_name, 32553 disable, 32554 &command, 32555 authorization_delegate); 32556 if (rc != TPM_RC_SUCCESS) { 32557 return rc; 32558 } 32559 std::string response = transceiver_->SendCommandAndWait(command); 32560 rc = ParseResponse_ClearControl( 32561 response, 32562 authorization_delegate); 32563 return rc; 32564 } 32565 32566 TPM_RC Tpm::SerializeCommand_HierarchyChangeAuth( 32567 const TPMI_RH_HIERARCHY_AUTH& auth_handle, 32568 const std::string& auth_handle_name, 32569 const TPM2B_AUTH& new_auth, 32570 std::string* serialized_command, 32571 AuthorizationDelegate* authorization_delegate) { 32572 VLOG(3) << __func__; 32573 TPM_RC rc = TPM_RC_SUCCESS; 32574 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 32575 UINT32 command_size = 10; // Header size. 32576 std::string handle_section_bytes; 32577 std::string parameter_section_bytes; 32578 TPM_CC command_code = TPM_CC_HierarchyChangeAuth; 32579 bool is_command_parameter_encryption_possible = true; 32580 bool is_response_parameter_encryption_possible = false; 32581 std::string command_code_bytes; 32582 rc = Serialize_TPM_CC( 32583 command_code, 32584 &command_code_bytes); 32585 if (rc != TPM_RC_SUCCESS) { 32586 return rc; 32587 } 32588 std::string auth_handle_bytes; 32589 rc = Serialize_TPMI_RH_HIERARCHY_AUTH( 32590 auth_handle, 32591 &auth_handle_bytes); 32592 if (rc != TPM_RC_SUCCESS) { 32593 return rc; 32594 } 32595 std::string new_auth_bytes; 32596 rc = Serialize_TPM2B_AUTH( 32597 new_auth, 32598 &new_auth_bytes); 32599 if (rc != TPM_RC_SUCCESS) { 32600 return rc; 32601 } 32602 if (authorization_delegate) { 32603 // Encrypt just the parameter data, not the size. 32604 std::string tmp = new_auth_bytes.substr(2); 32605 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 32606 return TRUNKS_RC_ENCRYPTION_FAILED; 32607 } 32608 new_auth_bytes.replace(2, std::string::npos, tmp); 32609 } 32610 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 32611 crypto::SecureHash::SHA256)); 32612 hash->Update(command_code_bytes.data(), 32613 command_code_bytes.size()); 32614 hash->Update(auth_handle_name.data(), 32615 auth_handle_name.size()); 32616 handle_section_bytes += auth_handle_bytes; 32617 command_size += auth_handle_bytes.size(); 32618 hash->Update(new_auth_bytes.data(), 32619 new_auth_bytes.size()); 32620 parameter_section_bytes += new_auth_bytes; 32621 command_size += new_auth_bytes.size(); 32622 std::string command_hash(32, 0); 32623 hash->Finish(string_as_array(&command_hash), command_hash.size()); 32624 std::string authorization_section_bytes; 32625 std::string authorization_size_bytes; 32626 if (authorization_delegate) { 32627 if (!authorization_delegate->GetCommandAuthorization( 32628 command_hash, 32629 is_command_parameter_encryption_possible, 32630 is_response_parameter_encryption_possible, 32631 &authorization_section_bytes)) { 32632 return TRUNKS_RC_AUTHORIZATION_FAILED; 32633 } 32634 if (!authorization_section_bytes.empty()) { 32635 tag = TPM_ST_SESSIONS; 32636 std::string tmp; 32637 rc = Serialize_UINT32(authorization_section_bytes.size(), 32638 &authorization_size_bytes); 32639 if (rc != TPM_RC_SUCCESS) { 32640 return rc; 32641 } 32642 command_size += authorization_size_bytes.size() + 32643 authorization_section_bytes.size(); 32644 } 32645 } 32646 std::string tag_bytes; 32647 rc = Serialize_TPMI_ST_COMMAND_TAG( 32648 tag, 32649 &tag_bytes); 32650 if (rc != TPM_RC_SUCCESS) { 32651 return rc; 32652 } 32653 std::string command_size_bytes; 32654 rc = Serialize_UINT32( 32655 command_size, 32656 &command_size_bytes); 32657 if (rc != TPM_RC_SUCCESS) { 32658 return rc; 32659 } 32660 *serialized_command = tag_bytes + 32661 command_size_bytes + 32662 command_code_bytes + 32663 handle_section_bytes + 32664 authorization_size_bytes + 32665 authorization_section_bytes + 32666 parameter_section_bytes; 32667 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 32668 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 32669 serialized_command->size()); 32670 return TPM_RC_SUCCESS; 32671 } 32672 32673 TPM_RC Tpm::ParseResponse_HierarchyChangeAuth( 32674 const std::string& response, 32675 AuthorizationDelegate* authorization_delegate) { 32676 VLOG(3) << __func__; 32677 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 32678 TPM_RC rc = TPM_RC_SUCCESS; 32679 std::string buffer(response); 32680 TPM_ST tag; 32681 std::string tag_bytes; 32682 rc = Parse_TPM_ST( 32683 &buffer, 32684 &tag, 32685 &tag_bytes); 32686 if (rc != TPM_RC_SUCCESS) { 32687 return rc; 32688 } 32689 UINT32 response_size; 32690 std::string response_size_bytes; 32691 rc = Parse_UINT32( 32692 &buffer, 32693 &response_size, 32694 &response_size_bytes); 32695 if (rc != TPM_RC_SUCCESS) { 32696 return rc; 32697 } 32698 TPM_RC response_code; 32699 std::string response_code_bytes; 32700 rc = Parse_TPM_RC( 32701 &buffer, 32702 &response_code, 32703 &response_code_bytes); 32704 if (rc != TPM_RC_SUCCESS) { 32705 return rc; 32706 } 32707 if (response_size != response.size()) { 32708 return TPM_RC_SIZE; 32709 } 32710 if (response_code != TPM_RC_SUCCESS) { 32711 return response_code; 32712 } 32713 TPM_CC command_code = TPM_CC_HierarchyChangeAuth; 32714 std::string command_code_bytes; 32715 rc = Serialize_TPM_CC( 32716 command_code, 32717 &command_code_bytes); 32718 if (rc != TPM_RC_SUCCESS) { 32719 return rc; 32720 } 32721 std::string authorization_section_bytes; 32722 if (tag == TPM_ST_SESSIONS) { 32723 UINT32 parameter_section_size = buffer.size(); 32724 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 32725 if (rc != TPM_RC_SUCCESS) { 32726 return rc; 32727 } 32728 if (parameter_section_size > buffer.size()) { 32729 return TPM_RC_INSUFFICIENT; 32730 } 32731 authorization_section_bytes = buffer.substr(parameter_section_size); 32732 // Keep the parameter section in |buffer|. 32733 buffer.erase(parameter_section_size); 32734 } 32735 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 32736 crypto::SecureHash::SHA256)); 32737 hash->Update(response_code_bytes.data(), 32738 response_code_bytes.size()); 32739 hash->Update(command_code_bytes.data(), 32740 command_code_bytes.size()); 32741 hash->Update(buffer.data(), 32742 buffer.size()); 32743 std::string response_hash(32, 0); 32744 hash->Finish(string_as_array(&response_hash), response_hash.size()); 32745 if (tag == TPM_ST_SESSIONS) { 32746 CHECK(authorization_delegate) << "Authorization delegate missing!"; 32747 if (!authorization_delegate->CheckResponseAuthorization( 32748 response_hash, 32749 authorization_section_bytes)) { 32750 return TRUNKS_RC_AUTHORIZATION_FAILED; 32751 } 32752 } 32753 return TPM_RC_SUCCESS; 32754 } 32755 32756 void HierarchyChangeAuthErrorCallback( 32757 const Tpm::HierarchyChangeAuthResponse& callback, 32758 TPM_RC response_code) { 32759 VLOG(1) << __func__; 32760 callback.Run(response_code); 32761 } 32762 32763 void HierarchyChangeAuthResponseParser( 32764 const Tpm::HierarchyChangeAuthResponse& callback, 32765 AuthorizationDelegate* authorization_delegate, 32766 const std::string& response) { 32767 VLOG(1) << __func__; 32768 base::Callback<void(TPM_RC)> error_reporter = 32769 base::Bind(HierarchyChangeAuthErrorCallback, callback); 32770 TPM_RC rc = Tpm::ParseResponse_HierarchyChangeAuth( 32771 response, 32772 authorization_delegate); 32773 if (rc != TPM_RC_SUCCESS) { 32774 error_reporter.Run(rc); 32775 return; 32776 } 32777 callback.Run( 32778 rc); 32779 } 32780 32781 void Tpm::HierarchyChangeAuth( 32782 const TPMI_RH_HIERARCHY_AUTH& auth_handle, 32783 const std::string& auth_handle_name, 32784 const TPM2B_AUTH& new_auth, 32785 AuthorizationDelegate* authorization_delegate, 32786 const HierarchyChangeAuthResponse& callback) { 32787 VLOG(1) << __func__; 32788 base::Callback<void(TPM_RC)> error_reporter = 32789 base::Bind(HierarchyChangeAuthErrorCallback, callback); 32790 base::Callback<void(const std::string&)> parser = 32791 base::Bind(HierarchyChangeAuthResponseParser, 32792 callback, 32793 authorization_delegate); 32794 std::string command; 32795 TPM_RC rc = SerializeCommand_HierarchyChangeAuth( 32796 auth_handle, 32797 auth_handle_name, 32798 new_auth, 32799 &command, 32800 authorization_delegate); 32801 if (rc != TPM_RC_SUCCESS) { 32802 error_reporter.Run(rc); 32803 return; 32804 } 32805 transceiver_->SendCommand(command, parser); 32806 } 32807 32808 TPM_RC Tpm::HierarchyChangeAuthSync( 32809 const TPMI_RH_HIERARCHY_AUTH& auth_handle, 32810 const std::string& auth_handle_name, 32811 const TPM2B_AUTH& new_auth, 32812 AuthorizationDelegate* authorization_delegate) { 32813 VLOG(1) << __func__; 32814 std::string command; 32815 TPM_RC rc = SerializeCommand_HierarchyChangeAuth( 32816 auth_handle, 32817 auth_handle_name, 32818 new_auth, 32819 &command, 32820 authorization_delegate); 32821 if (rc != TPM_RC_SUCCESS) { 32822 return rc; 32823 } 32824 std::string response = transceiver_->SendCommandAndWait(command); 32825 rc = ParseResponse_HierarchyChangeAuth( 32826 response, 32827 authorization_delegate); 32828 return rc; 32829 } 32830 32831 TPM_RC Tpm::SerializeCommand_DictionaryAttackLockReset( 32832 const TPMI_RH_LOCKOUT& lock_handle, 32833 const std::string& lock_handle_name, 32834 std::string* serialized_command, 32835 AuthorizationDelegate* authorization_delegate) { 32836 VLOG(3) << __func__; 32837 TPM_RC rc = TPM_RC_SUCCESS; 32838 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 32839 UINT32 command_size = 10; // Header size. 32840 std::string handle_section_bytes; 32841 std::string parameter_section_bytes; 32842 TPM_CC command_code = TPM_CC_DictionaryAttackLockReset; 32843 bool is_command_parameter_encryption_possible = false; 32844 bool is_response_parameter_encryption_possible = false; 32845 std::string command_code_bytes; 32846 rc = Serialize_TPM_CC( 32847 command_code, 32848 &command_code_bytes); 32849 if (rc != TPM_RC_SUCCESS) { 32850 return rc; 32851 } 32852 std::string lock_handle_bytes; 32853 rc = Serialize_TPMI_RH_LOCKOUT( 32854 lock_handle, 32855 &lock_handle_bytes); 32856 if (rc != TPM_RC_SUCCESS) { 32857 return rc; 32858 } 32859 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 32860 crypto::SecureHash::SHA256)); 32861 hash->Update(command_code_bytes.data(), 32862 command_code_bytes.size()); 32863 hash->Update(lock_handle_name.data(), 32864 lock_handle_name.size()); 32865 handle_section_bytes += lock_handle_bytes; 32866 command_size += lock_handle_bytes.size(); 32867 std::string command_hash(32, 0); 32868 hash->Finish(string_as_array(&command_hash), command_hash.size()); 32869 std::string authorization_section_bytes; 32870 std::string authorization_size_bytes; 32871 if (authorization_delegate) { 32872 if (!authorization_delegate->GetCommandAuthorization( 32873 command_hash, 32874 is_command_parameter_encryption_possible, 32875 is_response_parameter_encryption_possible, 32876 &authorization_section_bytes)) { 32877 return TRUNKS_RC_AUTHORIZATION_FAILED; 32878 } 32879 if (!authorization_section_bytes.empty()) { 32880 tag = TPM_ST_SESSIONS; 32881 std::string tmp; 32882 rc = Serialize_UINT32(authorization_section_bytes.size(), 32883 &authorization_size_bytes); 32884 if (rc != TPM_RC_SUCCESS) { 32885 return rc; 32886 } 32887 command_size += authorization_size_bytes.size() + 32888 authorization_section_bytes.size(); 32889 } 32890 } 32891 std::string tag_bytes; 32892 rc = Serialize_TPMI_ST_COMMAND_TAG( 32893 tag, 32894 &tag_bytes); 32895 if (rc != TPM_RC_SUCCESS) { 32896 return rc; 32897 } 32898 std::string command_size_bytes; 32899 rc = Serialize_UINT32( 32900 command_size, 32901 &command_size_bytes); 32902 if (rc != TPM_RC_SUCCESS) { 32903 return rc; 32904 } 32905 *serialized_command = tag_bytes + 32906 command_size_bytes + 32907 command_code_bytes + 32908 handle_section_bytes + 32909 authorization_size_bytes + 32910 authorization_section_bytes + 32911 parameter_section_bytes; 32912 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 32913 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 32914 serialized_command->size()); 32915 return TPM_RC_SUCCESS; 32916 } 32917 32918 TPM_RC Tpm::ParseResponse_DictionaryAttackLockReset( 32919 const std::string& response, 32920 AuthorizationDelegate* authorization_delegate) { 32921 VLOG(3) << __func__; 32922 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 32923 TPM_RC rc = TPM_RC_SUCCESS; 32924 std::string buffer(response); 32925 TPM_ST tag; 32926 std::string tag_bytes; 32927 rc = Parse_TPM_ST( 32928 &buffer, 32929 &tag, 32930 &tag_bytes); 32931 if (rc != TPM_RC_SUCCESS) { 32932 return rc; 32933 } 32934 UINT32 response_size; 32935 std::string response_size_bytes; 32936 rc = Parse_UINT32( 32937 &buffer, 32938 &response_size, 32939 &response_size_bytes); 32940 if (rc != TPM_RC_SUCCESS) { 32941 return rc; 32942 } 32943 TPM_RC response_code; 32944 std::string response_code_bytes; 32945 rc = Parse_TPM_RC( 32946 &buffer, 32947 &response_code, 32948 &response_code_bytes); 32949 if (rc != TPM_RC_SUCCESS) { 32950 return rc; 32951 } 32952 if (response_size != response.size()) { 32953 return TPM_RC_SIZE; 32954 } 32955 if (response_code != TPM_RC_SUCCESS) { 32956 return response_code; 32957 } 32958 TPM_CC command_code = TPM_CC_DictionaryAttackLockReset; 32959 std::string command_code_bytes; 32960 rc = Serialize_TPM_CC( 32961 command_code, 32962 &command_code_bytes); 32963 if (rc != TPM_RC_SUCCESS) { 32964 return rc; 32965 } 32966 std::string authorization_section_bytes; 32967 if (tag == TPM_ST_SESSIONS) { 32968 UINT32 parameter_section_size = buffer.size(); 32969 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 32970 if (rc != TPM_RC_SUCCESS) { 32971 return rc; 32972 } 32973 if (parameter_section_size > buffer.size()) { 32974 return TPM_RC_INSUFFICIENT; 32975 } 32976 authorization_section_bytes = buffer.substr(parameter_section_size); 32977 // Keep the parameter section in |buffer|. 32978 buffer.erase(parameter_section_size); 32979 } 32980 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 32981 crypto::SecureHash::SHA256)); 32982 hash->Update(response_code_bytes.data(), 32983 response_code_bytes.size()); 32984 hash->Update(command_code_bytes.data(), 32985 command_code_bytes.size()); 32986 hash->Update(buffer.data(), 32987 buffer.size()); 32988 std::string response_hash(32, 0); 32989 hash->Finish(string_as_array(&response_hash), response_hash.size()); 32990 if (tag == TPM_ST_SESSIONS) { 32991 CHECK(authorization_delegate) << "Authorization delegate missing!"; 32992 if (!authorization_delegate->CheckResponseAuthorization( 32993 response_hash, 32994 authorization_section_bytes)) { 32995 return TRUNKS_RC_AUTHORIZATION_FAILED; 32996 } 32997 } 32998 return TPM_RC_SUCCESS; 32999 } 33000 33001 void DictionaryAttackLockResetErrorCallback( 33002 const Tpm::DictionaryAttackLockResetResponse& callback, 33003 TPM_RC response_code) { 33004 VLOG(1) << __func__; 33005 callback.Run(response_code); 33006 } 33007 33008 void DictionaryAttackLockResetResponseParser( 33009 const Tpm::DictionaryAttackLockResetResponse& callback, 33010 AuthorizationDelegate* authorization_delegate, 33011 const std::string& response) { 33012 VLOG(1) << __func__; 33013 base::Callback<void(TPM_RC)> error_reporter = 33014 base::Bind(DictionaryAttackLockResetErrorCallback, callback); 33015 TPM_RC rc = Tpm::ParseResponse_DictionaryAttackLockReset( 33016 response, 33017 authorization_delegate); 33018 if (rc != TPM_RC_SUCCESS) { 33019 error_reporter.Run(rc); 33020 return; 33021 } 33022 callback.Run( 33023 rc); 33024 } 33025 33026 void Tpm::DictionaryAttackLockReset( 33027 const TPMI_RH_LOCKOUT& lock_handle, 33028 const std::string& lock_handle_name, 33029 AuthorizationDelegate* authorization_delegate, 33030 const DictionaryAttackLockResetResponse& callback) { 33031 VLOG(1) << __func__; 33032 base::Callback<void(TPM_RC)> error_reporter = 33033 base::Bind(DictionaryAttackLockResetErrorCallback, callback); 33034 base::Callback<void(const std::string&)> parser = 33035 base::Bind(DictionaryAttackLockResetResponseParser, 33036 callback, 33037 authorization_delegate); 33038 std::string command; 33039 TPM_RC rc = SerializeCommand_DictionaryAttackLockReset( 33040 lock_handle, 33041 lock_handle_name, 33042 &command, 33043 authorization_delegate); 33044 if (rc != TPM_RC_SUCCESS) { 33045 error_reporter.Run(rc); 33046 return; 33047 } 33048 transceiver_->SendCommand(command, parser); 33049 } 33050 33051 TPM_RC Tpm::DictionaryAttackLockResetSync( 33052 const TPMI_RH_LOCKOUT& lock_handle, 33053 const std::string& lock_handle_name, 33054 AuthorizationDelegate* authorization_delegate) { 33055 VLOG(1) << __func__; 33056 std::string command; 33057 TPM_RC rc = SerializeCommand_DictionaryAttackLockReset( 33058 lock_handle, 33059 lock_handle_name, 33060 &command, 33061 authorization_delegate); 33062 if (rc != TPM_RC_SUCCESS) { 33063 return rc; 33064 } 33065 std::string response = transceiver_->SendCommandAndWait(command); 33066 rc = ParseResponse_DictionaryAttackLockReset( 33067 response, 33068 authorization_delegate); 33069 return rc; 33070 } 33071 33072 TPM_RC Tpm::SerializeCommand_DictionaryAttackParameters( 33073 const TPMI_RH_LOCKOUT& lock_handle, 33074 const std::string& lock_handle_name, 33075 const UINT32& new_max_tries, 33076 const UINT32& new_recovery_time, 33077 const UINT32& lockout_recovery, 33078 std::string* serialized_command, 33079 AuthorizationDelegate* authorization_delegate) { 33080 VLOG(3) << __func__; 33081 TPM_RC rc = TPM_RC_SUCCESS; 33082 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 33083 UINT32 command_size = 10; // Header size. 33084 std::string handle_section_bytes; 33085 std::string parameter_section_bytes; 33086 TPM_CC command_code = TPM_CC_DictionaryAttackParameters; 33087 bool is_command_parameter_encryption_possible = false; 33088 bool is_response_parameter_encryption_possible = false; 33089 std::string command_code_bytes; 33090 rc = Serialize_TPM_CC( 33091 command_code, 33092 &command_code_bytes); 33093 if (rc != TPM_RC_SUCCESS) { 33094 return rc; 33095 } 33096 std::string lock_handle_bytes; 33097 rc = Serialize_TPMI_RH_LOCKOUT( 33098 lock_handle, 33099 &lock_handle_bytes); 33100 if (rc != TPM_RC_SUCCESS) { 33101 return rc; 33102 } 33103 std::string new_max_tries_bytes; 33104 rc = Serialize_UINT32( 33105 new_max_tries, 33106 &new_max_tries_bytes); 33107 if (rc != TPM_RC_SUCCESS) { 33108 return rc; 33109 } 33110 std::string new_recovery_time_bytes; 33111 rc = Serialize_UINT32( 33112 new_recovery_time, 33113 &new_recovery_time_bytes); 33114 if (rc != TPM_RC_SUCCESS) { 33115 return rc; 33116 } 33117 std::string lockout_recovery_bytes; 33118 rc = Serialize_UINT32( 33119 lockout_recovery, 33120 &lockout_recovery_bytes); 33121 if (rc != TPM_RC_SUCCESS) { 33122 return rc; 33123 } 33124 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 33125 crypto::SecureHash::SHA256)); 33126 hash->Update(command_code_bytes.data(), 33127 command_code_bytes.size()); 33128 hash->Update(lock_handle_name.data(), 33129 lock_handle_name.size()); 33130 handle_section_bytes += lock_handle_bytes; 33131 command_size += lock_handle_bytes.size(); 33132 hash->Update(new_max_tries_bytes.data(), 33133 new_max_tries_bytes.size()); 33134 parameter_section_bytes += new_max_tries_bytes; 33135 command_size += new_max_tries_bytes.size(); 33136 hash->Update(new_recovery_time_bytes.data(), 33137 new_recovery_time_bytes.size()); 33138 parameter_section_bytes += new_recovery_time_bytes; 33139 command_size += new_recovery_time_bytes.size(); 33140 hash->Update(lockout_recovery_bytes.data(), 33141 lockout_recovery_bytes.size()); 33142 parameter_section_bytes += lockout_recovery_bytes; 33143 command_size += lockout_recovery_bytes.size(); 33144 std::string command_hash(32, 0); 33145 hash->Finish(string_as_array(&command_hash), command_hash.size()); 33146 std::string authorization_section_bytes; 33147 std::string authorization_size_bytes; 33148 if (authorization_delegate) { 33149 if (!authorization_delegate->GetCommandAuthorization( 33150 command_hash, 33151 is_command_parameter_encryption_possible, 33152 is_response_parameter_encryption_possible, 33153 &authorization_section_bytes)) { 33154 return TRUNKS_RC_AUTHORIZATION_FAILED; 33155 } 33156 if (!authorization_section_bytes.empty()) { 33157 tag = TPM_ST_SESSIONS; 33158 std::string tmp; 33159 rc = Serialize_UINT32(authorization_section_bytes.size(), 33160 &authorization_size_bytes); 33161 if (rc != TPM_RC_SUCCESS) { 33162 return rc; 33163 } 33164 command_size += authorization_size_bytes.size() + 33165 authorization_section_bytes.size(); 33166 } 33167 } 33168 std::string tag_bytes; 33169 rc = Serialize_TPMI_ST_COMMAND_TAG( 33170 tag, 33171 &tag_bytes); 33172 if (rc != TPM_RC_SUCCESS) { 33173 return rc; 33174 } 33175 std::string command_size_bytes; 33176 rc = Serialize_UINT32( 33177 command_size, 33178 &command_size_bytes); 33179 if (rc != TPM_RC_SUCCESS) { 33180 return rc; 33181 } 33182 *serialized_command = tag_bytes + 33183 command_size_bytes + 33184 command_code_bytes + 33185 handle_section_bytes + 33186 authorization_size_bytes + 33187 authorization_section_bytes + 33188 parameter_section_bytes; 33189 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 33190 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 33191 serialized_command->size()); 33192 return TPM_RC_SUCCESS; 33193 } 33194 33195 TPM_RC Tpm::ParseResponse_DictionaryAttackParameters( 33196 const std::string& response, 33197 AuthorizationDelegate* authorization_delegate) { 33198 VLOG(3) << __func__; 33199 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 33200 TPM_RC rc = TPM_RC_SUCCESS; 33201 std::string buffer(response); 33202 TPM_ST tag; 33203 std::string tag_bytes; 33204 rc = Parse_TPM_ST( 33205 &buffer, 33206 &tag, 33207 &tag_bytes); 33208 if (rc != TPM_RC_SUCCESS) { 33209 return rc; 33210 } 33211 UINT32 response_size; 33212 std::string response_size_bytes; 33213 rc = Parse_UINT32( 33214 &buffer, 33215 &response_size, 33216 &response_size_bytes); 33217 if (rc != TPM_RC_SUCCESS) { 33218 return rc; 33219 } 33220 TPM_RC response_code; 33221 std::string response_code_bytes; 33222 rc = Parse_TPM_RC( 33223 &buffer, 33224 &response_code, 33225 &response_code_bytes); 33226 if (rc != TPM_RC_SUCCESS) { 33227 return rc; 33228 } 33229 if (response_size != response.size()) { 33230 return TPM_RC_SIZE; 33231 } 33232 if (response_code != TPM_RC_SUCCESS) { 33233 return response_code; 33234 } 33235 TPM_CC command_code = TPM_CC_DictionaryAttackParameters; 33236 std::string command_code_bytes; 33237 rc = Serialize_TPM_CC( 33238 command_code, 33239 &command_code_bytes); 33240 if (rc != TPM_RC_SUCCESS) { 33241 return rc; 33242 } 33243 std::string authorization_section_bytes; 33244 if (tag == TPM_ST_SESSIONS) { 33245 UINT32 parameter_section_size = buffer.size(); 33246 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 33247 if (rc != TPM_RC_SUCCESS) { 33248 return rc; 33249 } 33250 if (parameter_section_size > buffer.size()) { 33251 return TPM_RC_INSUFFICIENT; 33252 } 33253 authorization_section_bytes = buffer.substr(parameter_section_size); 33254 // Keep the parameter section in |buffer|. 33255 buffer.erase(parameter_section_size); 33256 } 33257 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 33258 crypto::SecureHash::SHA256)); 33259 hash->Update(response_code_bytes.data(), 33260 response_code_bytes.size()); 33261 hash->Update(command_code_bytes.data(), 33262 command_code_bytes.size()); 33263 hash->Update(buffer.data(), 33264 buffer.size()); 33265 std::string response_hash(32, 0); 33266 hash->Finish(string_as_array(&response_hash), response_hash.size()); 33267 if (tag == TPM_ST_SESSIONS) { 33268 CHECK(authorization_delegate) << "Authorization delegate missing!"; 33269 if (!authorization_delegate->CheckResponseAuthorization( 33270 response_hash, 33271 authorization_section_bytes)) { 33272 return TRUNKS_RC_AUTHORIZATION_FAILED; 33273 } 33274 } 33275 return TPM_RC_SUCCESS; 33276 } 33277 33278 void DictionaryAttackParametersErrorCallback( 33279 const Tpm::DictionaryAttackParametersResponse& callback, 33280 TPM_RC response_code) { 33281 VLOG(1) << __func__; 33282 callback.Run(response_code); 33283 } 33284 33285 void DictionaryAttackParametersResponseParser( 33286 const Tpm::DictionaryAttackParametersResponse& callback, 33287 AuthorizationDelegate* authorization_delegate, 33288 const std::string& response) { 33289 VLOG(1) << __func__; 33290 base::Callback<void(TPM_RC)> error_reporter = 33291 base::Bind(DictionaryAttackParametersErrorCallback, callback); 33292 TPM_RC rc = Tpm::ParseResponse_DictionaryAttackParameters( 33293 response, 33294 authorization_delegate); 33295 if (rc != TPM_RC_SUCCESS) { 33296 error_reporter.Run(rc); 33297 return; 33298 } 33299 callback.Run( 33300 rc); 33301 } 33302 33303 void Tpm::DictionaryAttackParameters( 33304 const TPMI_RH_LOCKOUT& lock_handle, 33305 const std::string& lock_handle_name, 33306 const UINT32& new_max_tries, 33307 const UINT32& new_recovery_time, 33308 const UINT32& lockout_recovery, 33309 AuthorizationDelegate* authorization_delegate, 33310 const DictionaryAttackParametersResponse& callback) { 33311 VLOG(1) << __func__; 33312 base::Callback<void(TPM_RC)> error_reporter = 33313 base::Bind(DictionaryAttackParametersErrorCallback, callback); 33314 base::Callback<void(const std::string&)> parser = 33315 base::Bind(DictionaryAttackParametersResponseParser, 33316 callback, 33317 authorization_delegate); 33318 std::string command; 33319 TPM_RC rc = SerializeCommand_DictionaryAttackParameters( 33320 lock_handle, 33321 lock_handle_name, 33322 new_max_tries, 33323 new_recovery_time, 33324 lockout_recovery, 33325 &command, 33326 authorization_delegate); 33327 if (rc != TPM_RC_SUCCESS) { 33328 error_reporter.Run(rc); 33329 return; 33330 } 33331 transceiver_->SendCommand(command, parser); 33332 } 33333 33334 TPM_RC Tpm::DictionaryAttackParametersSync( 33335 const TPMI_RH_LOCKOUT& lock_handle, 33336 const std::string& lock_handle_name, 33337 const UINT32& new_max_tries, 33338 const UINT32& new_recovery_time, 33339 const UINT32& lockout_recovery, 33340 AuthorizationDelegate* authorization_delegate) { 33341 VLOG(1) << __func__; 33342 std::string command; 33343 TPM_RC rc = SerializeCommand_DictionaryAttackParameters( 33344 lock_handle, 33345 lock_handle_name, 33346 new_max_tries, 33347 new_recovery_time, 33348 lockout_recovery, 33349 &command, 33350 authorization_delegate); 33351 if (rc != TPM_RC_SUCCESS) { 33352 return rc; 33353 } 33354 std::string response = transceiver_->SendCommandAndWait(command); 33355 rc = ParseResponse_DictionaryAttackParameters( 33356 response, 33357 authorization_delegate); 33358 return rc; 33359 } 33360 33361 TPM_RC Tpm::SerializeCommand_PP_Commands( 33362 const TPMI_RH_PLATFORM& auth, 33363 const std::string& auth_name, 33364 const TPML_CC& set_list, 33365 const TPML_CC& clear_list, 33366 std::string* serialized_command, 33367 AuthorizationDelegate* authorization_delegate) { 33368 VLOG(3) << __func__; 33369 TPM_RC rc = TPM_RC_SUCCESS; 33370 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 33371 UINT32 command_size = 10; // Header size. 33372 std::string handle_section_bytes; 33373 std::string parameter_section_bytes; 33374 TPM_CC command_code = TPM_CC_PP_Commands; 33375 bool is_command_parameter_encryption_possible = false; 33376 bool is_response_parameter_encryption_possible = false; 33377 std::string command_code_bytes; 33378 rc = Serialize_TPM_CC( 33379 command_code, 33380 &command_code_bytes); 33381 if (rc != TPM_RC_SUCCESS) { 33382 return rc; 33383 } 33384 std::string auth_bytes; 33385 rc = Serialize_TPMI_RH_PLATFORM( 33386 auth, 33387 &auth_bytes); 33388 if (rc != TPM_RC_SUCCESS) { 33389 return rc; 33390 } 33391 std::string set_list_bytes; 33392 rc = Serialize_TPML_CC( 33393 set_list, 33394 &set_list_bytes); 33395 if (rc != TPM_RC_SUCCESS) { 33396 return rc; 33397 } 33398 std::string clear_list_bytes; 33399 rc = Serialize_TPML_CC( 33400 clear_list, 33401 &clear_list_bytes); 33402 if (rc != TPM_RC_SUCCESS) { 33403 return rc; 33404 } 33405 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 33406 crypto::SecureHash::SHA256)); 33407 hash->Update(command_code_bytes.data(), 33408 command_code_bytes.size()); 33409 hash->Update(auth_name.data(), 33410 auth_name.size()); 33411 handle_section_bytes += auth_bytes; 33412 command_size += auth_bytes.size(); 33413 hash->Update(set_list_bytes.data(), 33414 set_list_bytes.size()); 33415 parameter_section_bytes += set_list_bytes; 33416 command_size += set_list_bytes.size(); 33417 hash->Update(clear_list_bytes.data(), 33418 clear_list_bytes.size()); 33419 parameter_section_bytes += clear_list_bytes; 33420 command_size += clear_list_bytes.size(); 33421 std::string command_hash(32, 0); 33422 hash->Finish(string_as_array(&command_hash), command_hash.size()); 33423 std::string authorization_section_bytes; 33424 std::string authorization_size_bytes; 33425 if (authorization_delegate) { 33426 if (!authorization_delegate->GetCommandAuthorization( 33427 command_hash, 33428 is_command_parameter_encryption_possible, 33429 is_response_parameter_encryption_possible, 33430 &authorization_section_bytes)) { 33431 return TRUNKS_RC_AUTHORIZATION_FAILED; 33432 } 33433 if (!authorization_section_bytes.empty()) { 33434 tag = TPM_ST_SESSIONS; 33435 std::string tmp; 33436 rc = Serialize_UINT32(authorization_section_bytes.size(), 33437 &authorization_size_bytes); 33438 if (rc != TPM_RC_SUCCESS) { 33439 return rc; 33440 } 33441 command_size += authorization_size_bytes.size() + 33442 authorization_section_bytes.size(); 33443 } 33444 } 33445 std::string tag_bytes; 33446 rc = Serialize_TPMI_ST_COMMAND_TAG( 33447 tag, 33448 &tag_bytes); 33449 if (rc != TPM_RC_SUCCESS) { 33450 return rc; 33451 } 33452 std::string command_size_bytes; 33453 rc = Serialize_UINT32( 33454 command_size, 33455 &command_size_bytes); 33456 if (rc != TPM_RC_SUCCESS) { 33457 return rc; 33458 } 33459 *serialized_command = tag_bytes + 33460 command_size_bytes + 33461 command_code_bytes + 33462 handle_section_bytes + 33463 authorization_size_bytes + 33464 authorization_section_bytes + 33465 parameter_section_bytes; 33466 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 33467 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 33468 serialized_command->size()); 33469 return TPM_RC_SUCCESS; 33470 } 33471 33472 TPM_RC Tpm::ParseResponse_PP_Commands( 33473 const std::string& response, 33474 AuthorizationDelegate* authorization_delegate) { 33475 VLOG(3) << __func__; 33476 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 33477 TPM_RC rc = TPM_RC_SUCCESS; 33478 std::string buffer(response); 33479 TPM_ST tag; 33480 std::string tag_bytes; 33481 rc = Parse_TPM_ST( 33482 &buffer, 33483 &tag, 33484 &tag_bytes); 33485 if (rc != TPM_RC_SUCCESS) { 33486 return rc; 33487 } 33488 UINT32 response_size; 33489 std::string response_size_bytes; 33490 rc = Parse_UINT32( 33491 &buffer, 33492 &response_size, 33493 &response_size_bytes); 33494 if (rc != TPM_RC_SUCCESS) { 33495 return rc; 33496 } 33497 TPM_RC response_code; 33498 std::string response_code_bytes; 33499 rc = Parse_TPM_RC( 33500 &buffer, 33501 &response_code, 33502 &response_code_bytes); 33503 if (rc != TPM_RC_SUCCESS) { 33504 return rc; 33505 } 33506 if (response_size != response.size()) { 33507 return TPM_RC_SIZE; 33508 } 33509 if (response_code != TPM_RC_SUCCESS) { 33510 return response_code; 33511 } 33512 TPM_CC command_code = TPM_CC_PP_Commands; 33513 std::string command_code_bytes; 33514 rc = Serialize_TPM_CC( 33515 command_code, 33516 &command_code_bytes); 33517 if (rc != TPM_RC_SUCCESS) { 33518 return rc; 33519 } 33520 std::string authorization_section_bytes; 33521 if (tag == TPM_ST_SESSIONS) { 33522 UINT32 parameter_section_size = buffer.size(); 33523 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 33524 if (rc != TPM_RC_SUCCESS) { 33525 return rc; 33526 } 33527 if (parameter_section_size > buffer.size()) { 33528 return TPM_RC_INSUFFICIENT; 33529 } 33530 authorization_section_bytes = buffer.substr(parameter_section_size); 33531 // Keep the parameter section in |buffer|. 33532 buffer.erase(parameter_section_size); 33533 } 33534 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 33535 crypto::SecureHash::SHA256)); 33536 hash->Update(response_code_bytes.data(), 33537 response_code_bytes.size()); 33538 hash->Update(command_code_bytes.data(), 33539 command_code_bytes.size()); 33540 hash->Update(buffer.data(), 33541 buffer.size()); 33542 std::string response_hash(32, 0); 33543 hash->Finish(string_as_array(&response_hash), response_hash.size()); 33544 if (tag == TPM_ST_SESSIONS) { 33545 CHECK(authorization_delegate) << "Authorization delegate missing!"; 33546 if (!authorization_delegate->CheckResponseAuthorization( 33547 response_hash, 33548 authorization_section_bytes)) { 33549 return TRUNKS_RC_AUTHORIZATION_FAILED; 33550 } 33551 } 33552 return TPM_RC_SUCCESS; 33553 } 33554 33555 void PP_CommandsErrorCallback( 33556 const Tpm::PP_CommandsResponse& callback, 33557 TPM_RC response_code) { 33558 VLOG(1) << __func__; 33559 callback.Run(response_code); 33560 } 33561 33562 void PP_CommandsResponseParser( 33563 const Tpm::PP_CommandsResponse& callback, 33564 AuthorizationDelegate* authorization_delegate, 33565 const std::string& response) { 33566 VLOG(1) << __func__; 33567 base::Callback<void(TPM_RC)> error_reporter = 33568 base::Bind(PP_CommandsErrorCallback, callback); 33569 TPM_RC rc = Tpm::ParseResponse_PP_Commands( 33570 response, 33571 authorization_delegate); 33572 if (rc != TPM_RC_SUCCESS) { 33573 error_reporter.Run(rc); 33574 return; 33575 } 33576 callback.Run( 33577 rc); 33578 } 33579 33580 void Tpm::PP_Commands( 33581 const TPMI_RH_PLATFORM& auth, 33582 const std::string& auth_name, 33583 const TPML_CC& set_list, 33584 const TPML_CC& clear_list, 33585 AuthorizationDelegate* authorization_delegate, 33586 const PP_CommandsResponse& callback) { 33587 VLOG(1) << __func__; 33588 base::Callback<void(TPM_RC)> error_reporter = 33589 base::Bind(PP_CommandsErrorCallback, callback); 33590 base::Callback<void(const std::string&)> parser = 33591 base::Bind(PP_CommandsResponseParser, 33592 callback, 33593 authorization_delegate); 33594 std::string command; 33595 TPM_RC rc = SerializeCommand_PP_Commands( 33596 auth, 33597 auth_name, 33598 set_list, 33599 clear_list, 33600 &command, 33601 authorization_delegate); 33602 if (rc != TPM_RC_SUCCESS) { 33603 error_reporter.Run(rc); 33604 return; 33605 } 33606 transceiver_->SendCommand(command, parser); 33607 } 33608 33609 TPM_RC Tpm::PP_CommandsSync( 33610 const TPMI_RH_PLATFORM& auth, 33611 const std::string& auth_name, 33612 const TPML_CC& set_list, 33613 const TPML_CC& clear_list, 33614 AuthorizationDelegate* authorization_delegate) { 33615 VLOG(1) << __func__; 33616 std::string command; 33617 TPM_RC rc = SerializeCommand_PP_Commands( 33618 auth, 33619 auth_name, 33620 set_list, 33621 clear_list, 33622 &command, 33623 authorization_delegate); 33624 if (rc != TPM_RC_SUCCESS) { 33625 return rc; 33626 } 33627 std::string response = transceiver_->SendCommandAndWait(command); 33628 rc = ParseResponse_PP_Commands( 33629 response, 33630 authorization_delegate); 33631 return rc; 33632 } 33633 33634 TPM_RC Tpm::SerializeCommand_SetAlgorithmSet( 33635 const TPMI_RH_PLATFORM& auth_handle, 33636 const std::string& auth_handle_name, 33637 const UINT32& algorithm_set, 33638 std::string* serialized_command, 33639 AuthorizationDelegate* authorization_delegate) { 33640 VLOG(3) << __func__; 33641 TPM_RC rc = TPM_RC_SUCCESS; 33642 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 33643 UINT32 command_size = 10; // Header size. 33644 std::string handle_section_bytes; 33645 std::string parameter_section_bytes; 33646 TPM_CC command_code = TPM_CC_SetAlgorithmSet; 33647 bool is_command_parameter_encryption_possible = false; 33648 bool is_response_parameter_encryption_possible = false; 33649 std::string command_code_bytes; 33650 rc = Serialize_TPM_CC( 33651 command_code, 33652 &command_code_bytes); 33653 if (rc != TPM_RC_SUCCESS) { 33654 return rc; 33655 } 33656 std::string auth_handle_bytes; 33657 rc = Serialize_TPMI_RH_PLATFORM( 33658 auth_handle, 33659 &auth_handle_bytes); 33660 if (rc != TPM_RC_SUCCESS) { 33661 return rc; 33662 } 33663 std::string algorithm_set_bytes; 33664 rc = Serialize_UINT32( 33665 algorithm_set, 33666 &algorithm_set_bytes); 33667 if (rc != TPM_RC_SUCCESS) { 33668 return rc; 33669 } 33670 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 33671 crypto::SecureHash::SHA256)); 33672 hash->Update(command_code_bytes.data(), 33673 command_code_bytes.size()); 33674 hash->Update(auth_handle_name.data(), 33675 auth_handle_name.size()); 33676 handle_section_bytes += auth_handle_bytes; 33677 command_size += auth_handle_bytes.size(); 33678 hash->Update(algorithm_set_bytes.data(), 33679 algorithm_set_bytes.size()); 33680 parameter_section_bytes += algorithm_set_bytes; 33681 command_size += algorithm_set_bytes.size(); 33682 std::string command_hash(32, 0); 33683 hash->Finish(string_as_array(&command_hash), command_hash.size()); 33684 std::string authorization_section_bytes; 33685 std::string authorization_size_bytes; 33686 if (authorization_delegate) { 33687 if (!authorization_delegate->GetCommandAuthorization( 33688 command_hash, 33689 is_command_parameter_encryption_possible, 33690 is_response_parameter_encryption_possible, 33691 &authorization_section_bytes)) { 33692 return TRUNKS_RC_AUTHORIZATION_FAILED; 33693 } 33694 if (!authorization_section_bytes.empty()) { 33695 tag = TPM_ST_SESSIONS; 33696 std::string tmp; 33697 rc = Serialize_UINT32(authorization_section_bytes.size(), 33698 &authorization_size_bytes); 33699 if (rc != TPM_RC_SUCCESS) { 33700 return rc; 33701 } 33702 command_size += authorization_size_bytes.size() + 33703 authorization_section_bytes.size(); 33704 } 33705 } 33706 std::string tag_bytes; 33707 rc = Serialize_TPMI_ST_COMMAND_TAG( 33708 tag, 33709 &tag_bytes); 33710 if (rc != TPM_RC_SUCCESS) { 33711 return rc; 33712 } 33713 std::string command_size_bytes; 33714 rc = Serialize_UINT32( 33715 command_size, 33716 &command_size_bytes); 33717 if (rc != TPM_RC_SUCCESS) { 33718 return rc; 33719 } 33720 *serialized_command = tag_bytes + 33721 command_size_bytes + 33722 command_code_bytes + 33723 handle_section_bytes + 33724 authorization_size_bytes + 33725 authorization_section_bytes + 33726 parameter_section_bytes; 33727 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 33728 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 33729 serialized_command->size()); 33730 return TPM_RC_SUCCESS; 33731 } 33732 33733 TPM_RC Tpm::ParseResponse_SetAlgorithmSet( 33734 const std::string& response, 33735 AuthorizationDelegate* authorization_delegate) { 33736 VLOG(3) << __func__; 33737 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 33738 TPM_RC rc = TPM_RC_SUCCESS; 33739 std::string buffer(response); 33740 TPM_ST tag; 33741 std::string tag_bytes; 33742 rc = Parse_TPM_ST( 33743 &buffer, 33744 &tag, 33745 &tag_bytes); 33746 if (rc != TPM_RC_SUCCESS) { 33747 return rc; 33748 } 33749 UINT32 response_size; 33750 std::string response_size_bytes; 33751 rc = Parse_UINT32( 33752 &buffer, 33753 &response_size, 33754 &response_size_bytes); 33755 if (rc != TPM_RC_SUCCESS) { 33756 return rc; 33757 } 33758 TPM_RC response_code; 33759 std::string response_code_bytes; 33760 rc = Parse_TPM_RC( 33761 &buffer, 33762 &response_code, 33763 &response_code_bytes); 33764 if (rc != TPM_RC_SUCCESS) { 33765 return rc; 33766 } 33767 if (response_size != response.size()) { 33768 return TPM_RC_SIZE; 33769 } 33770 if (response_code != TPM_RC_SUCCESS) { 33771 return response_code; 33772 } 33773 TPM_CC command_code = TPM_CC_SetAlgorithmSet; 33774 std::string command_code_bytes; 33775 rc = Serialize_TPM_CC( 33776 command_code, 33777 &command_code_bytes); 33778 if (rc != TPM_RC_SUCCESS) { 33779 return rc; 33780 } 33781 std::string authorization_section_bytes; 33782 if (tag == TPM_ST_SESSIONS) { 33783 UINT32 parameter_section_size = buffer.size(); 33784 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 33785 if (rc != TPM_RC_SUCCESS) { 33786 return rc; 33787 } 33788 if (parameter_section_size > buffer.size()) { 33789 return TPM_RC_INSUFFICIENT; 33790 } 33791 authorization_section_bytes = buffer.substr(parameter_section_size); 33792 // Keep the parameter section in |buffer|. 33793 buffer.erase(parameter_section_size); 33794 } 33795 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 33796 crypto::SecureHash::SHA256)); 33797 hash->Update(response_code_bytes.data(), 33798 response_code_bytes.size()); 33799 hash->Update(command_code_bytes.data(), 33800 command_code_bytes.size()); 33801 hash->Update(buffer.data(), 33802 buffer.size()); 33803 std::string response_hash(32, 0); 33804 hash->Finish(string_as_array(&response_hash), response_hash.size()); 33805 if (tag == TPM_ST_SESSIONS) { 33806 CHECK(authorization_delegate) << "Authorization delegate missing!"; 33807 if (!authorization_delegate->CheckResponseAuthorization( 33808 response_hash, 33809 authorization_section_bytes)) { 33810 return TRUNKS_RC_AUTHORIZATION_FAILED; 33811 } 33812 } 33813 return TPM_RC_SUCCESS; 33814 } 33815 33816 void SetAlgorithmSetErrorCallback( 33817 const Tpm::SetAlgorithmSetResponse& callback, 33818 TPM_RC response_code) { 33819 VLOG(1) << __func__; 33820 callback.Run(response_code); 33821 } 33822 33823 void SetAlgorithmSetResponseParser( 33824 const Tpm::SetAlgorithmSetResponse& callback, 33825 AuthorizationDelegate* authorization_delegate, 33826 const std::string& response) { 33827 VLOG(1) << __func__; 33828 base::Callback<void(TPM_RC)> error_reporter = 33829 base::Bind(SetAlgorithmSetErrorCallback, callback); 33830 TPM_RC rc = Tpm::ParseResponse_SetAlgorithmSet( 33831 response, 33832 authorization_delegate); 33833 if (rc != TPM_RC_SUCCESS) { 33834 error_reporter.Run(rc); 33835 return; 33836 } 33837 callback.Run( 33838 rc); 33839 } 33840 33841 void Tpm::SetAlgorithmSet( 33842 const TPMI_RH_PLATFORM& auth_handle, 33843 const std::string& auth_handle_name, 33844 const UINT32& algorithm_set, 33845 AuthorizationDelegate* authorization_delegate, 33846 const SetAlgorithmSetResponse& callback) { 33847 VLOG(1) << __func__; 33848 base::Callback<void(TPM_RC)> error_reporter = 33849 base::Bind(SetAlgorithmSetErrorCallback, callback); 33850 base::Callback<void(const std::string&)> parser = 33851 base::Bind(SetAlgorithmSetResponseParser, 33852 callback, 33853 authorization_delegate); 33854 std::string command; 33855 TPM_RC rc = SerializeCommand_SetAlgorithmSet( 33856 auth_handle, 33857 auth_handle_name, 33858 algorithm_set, 33859 &command, 33860 authorization_delegate); 33861 if (rc != TPM_RC_SUCCESS) { 33862 error_reporter.Run(rc); 33863 return; 33864 } 33865 transceiver_->SendCommand(command, parser); 33866 } 33867 33868 TPM_RC Tpm::SetAlgorithmSetSync( 33869 const TPMI_RH_PLATFORM& auth_handle, 33870 const std::string& auth_handle_name, 33871 const UINT32& algorithm_set, 33872 AuthorizationDelegate* authorization_delegate) { 33873 VLOG(1) << __func__; 33874 std::string command; 33875 TPM_RC rc = SerializeCommand_SetAlgorithmSet( 33876 auth_handle, 33877 auth_handle_name, 33878 algorithm_set, 33879 &command, 33880 authorization_delegate); 33881 if (rc != TPM_RC_SUCCESS) { 33882 return rc; 33883 } 33884 std::string response = transceiver_->SendCommandAndWait(command); 33885 rc = ParseResponse_SetAlgorithmSet( 33886 response, 33887 authorization_delegate); 33888 return rc; 33889 } 33890 33891 TPM_RC Tpm::SerializeCommand_FieldUpgradeStart( 33892 const TPMI_RH_PLATFORM& authorization, 33893 const std::string& authorization_name, 33894 const TPMI_DH_OBJECT& key_handle, 33895 const std::string& key_handle_name, 33896 const TPM2B_DIGEST& fu_digest, 33897 const TPMT_SIGNATURE& manifest_signature, 33898 std::string* serialized_command, 33899 AuthorizationDelegate* authorization_delegate) { 33900 VLOG(3) << __func__; 33901 TPM_RC rc = TPM_RC_SUCCESS; 33902 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 33903 UINT32 command_size = 10; // Header size. 33904 std::string handle_section_bytes; 33905 std::string parameter_section_bytes; 33906 TPM_CC command_code = TPM_CC_FieldUpgradeStart; 33907 bool is_command_parameter_encryption_possible = true; 33908 bool is_response_parameter_encryption_possible = false; 33909 std::string command_code_bytes; 33910 rc = Serialize_TPM_CC( 33911 command_code, 33912 &command_code_bytes); 33913 if (rc != TPM_RC_SUCCESS) { 33914 return rc; 33915 } 33916 std::string authorization_bytes; 33917 rc = Serialize_TPMI_RH_PLATFORM( 33918 authorization, 33919 &authorization_bytes); 33920 if (rc != TPM_RC_SUCCESS) { 33921 return rc; 33922 } 33923 std::string key_handle_bytes; 33924 rc = Serialize_TPMI_DH_OBJECT( 33925 key_handle, 33926 &key_handle_bytes); 33927 if (rc != TPM_RC_SUCCESS) { 33928 return rc; 33929 } 33930 std::string fu_digest_bytes; 33931 rc = Serialize_TPM2B_DIGEST( 33932 fu_digest, 33933 &fu_digest_bytes); 33934 if (rc != TPM_RC_SUCCESS) { 33935 return rc; 33936 } 33937 std::string manifest_signature_bytes; 33938 rc = Serialize_TPMT_SIGNATURE( 33939 manifest_signature, 33940 &manifest_signature_bytes); 33941 if (rc != TPM_RC_SUCCESS) { 33942 return rc; 33943 } 33944 if (authorization_delegate) { 33945 // Encrypt just the parameter data, not the size. 33946 std::string tmp = fu_digest_bytes.substr(2); 33947 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 33948 return TRUNKS_RC_ENCRYPTION_FAILED; 33949 } 33950 fu_digest_bytes.replace(2, std::string::npos, tmp); 33951 } 33952 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 33953 crypto::SecureHash::SHA256)); 33954 hash->Update(command_code_bytes.data(), 33955 command_code_bytes.size()); 33956 hash->Update(authorization_name.data(), 33957 authorization_name.size()); 33958 handle_section_bytes += authorization_bytes; 33959 command_size += authorization_bytes.size(); 33960 hash->Update(key_handle_name.data(), 33961 key_handle_name.size()); 33962 handle_section_bytes += key_handle_bytes; 33963 command_size += key_handle_bytes.size(); 33964 hash->Update(fu_digest_bytes.data(), 33965 fu_digest_bytes.size()); 33966 parameter_section_bytes += fu_digest_bytes; 33967 command_size += fu_digest_bytes.size(); 33968 hash->Update(manifest_signature_bytes.data(), 33969 manifest_signature_bytes.size()); 33970 parameter_section_bytes += manifest_signature_bytes; 33971 command_size += manifest_signature_bytes.size(); 33972 std::string command_hash(32, 0); 33973 hash->Finish(string_as_array(&command_hash), command_hash.size()); 33974 std::string authorization_section_bytes; 33975 std::string authorization_size_bytes; 33976 if (authorization_delegate) { 33977 if (!authorization_delegate->GetCommandAuthorization( 33978 command_hash, 33979 is_command_parameter_encryption_possible, 33980 is_response_parameter_encryption_possible, 33981 &authorization_section_bytes)) { 33982 return TRUNKS_RC_AUTHORIZATION_FAILED; 33983 } 33984 if (!authorization_section_bytes.empty()) { 33985 tag = TPM_ST_SESSIONS; 33986 std::string tmp; 33987 rc = Serialize_UINT32(authorization_section_bytes.size(), 33988 &authorization_size_bytes); 33989 if (rc != TPM_RC_SUCCESS) { 33990 return rc; 33991 } 33992 command_size += authorization_size_bytes.size() + 33993 authorization_section_bytes.size(); 33994 } 33995 } 33996 std::string tag_bytes; 33997 rc = Serialize_TPMI_ST_COMMAND_TAG( 33998 tag, 33999 &tag_bytes); 34000 if (rc != TPM_RC_SUCCESS) { 34001 return rc; 34002 } 34003 std::string command_size_bytes; 34004 rc = Serialize_UINT32( 34005 command_size, 34006 &command_size_bytes); 34007 if (rc != TPM_RC_SUCCESS) { 34008 return rc; 34009 } 34010 *serialized_command = tag_bytes + 34011 command_size_bytes + 34012 command_code_bytes + 34013 handle_section_bytes + 34014 authorization_size_bytes + 34015 authorization_section_bytes + 34016 parameter_section_bytes; 34017 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 34018 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 34019 serialized_command->size()); 34020 return TPM_RC_SUCCESS; 34021 } 34022 34023 TPM_RC Tpm::ParseResponse_FieldUpgradeStart( 34024 const std::string& response, 34025 AuthorizationDelegate* authorization_delegate) { 34026 VLOG(3) << __func__; 34027 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 34028 TPM_RC rc = TPM_RC_SUCCESS; 34029 std::string buffer(response); 34030 TPM_ST tag; 34031 std::string tag_bytes; 34032 rc = Parse_TPM_ST( 34033 &buffer, 34034 &tag, 34035 &tag_bytes); 34036 if (rc != TPM_RC_SUCCESS) { 34037 return rc; 34038 } 34039 UINT32 response_size; 34040 std::string response_size_bytes; 34041 rc = Parse_UINT32( 34042 &buffer, 34043 &response_size, 34044 &response_size_bytes); 34045 if (rc != TPM_RC_SUCCESS) { 34046 return rc; 34047 } 34048 TPM_RC response_code; 34049 std::string response_code_bytes; 34050 rc = Parse_TPM_RC( 34051 &buffer, 34052 &response_code, 34053 &response_code_bytes); 34054 if (rc != TPM_RC_SUCCESS) { 34055 return rc; 34056 } 34057 if (response_size != response.size()) { 34058 return TPM_RC_SIZE; 34059 } 34060 if (response_code != TPM_RC_SUCCESS) { 34061 return response_code; 34062 } 34063 TPM_CC command_code = TPM_CC_FieldUpgradeStart; 34064 std::string command_code_bytes; 34065 rc = Serialize_TPM_CC( 34066 command_code, 34067 &command_code_bytes); 34068 if (rc != TPM_RC_SUCCESS) { 34069 return rc; 34070 } 34071 std::string authorization_section_bytes; 34072 if (tag == TPM_ST_SESSIONS) { 34073 UINT32 parameter_section_size = buffer.size(); 34074 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 34075 if (rc != TPM_RC_SUCCESS) { 34076 return rc; 34077 } 34078 if (parameter_section_size > buffer.size()) { 34079 return TPM_RC_INSUFFICIENT; 34080 } 34081 authorization_section_bytes = buffer.substr(parameter_section_size); 34082 // Keep the parameter section in |buffer|. 34083 buffer.erase(parameter_section_size); 34084 } 34085 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 34086 crypto::SecureHash::SHA256)); 34087 hash->Update(response_code_bytes.data(), 34088 response_code_bytes.size()); 34089 hash->Update(command_code_bytes.data(), 34090 command_code_bytes.size()); 34091 hash->Update(buffer.data(), 34092 buffer.size()); 34093 std::string response_hash(32, 0); 34094 hash->Finish(string_as_array(&response_hash), response_hash.size()); 34095 if (tag == TPM_ST_SESSIONS) { 34096 CHECK(authorization_delegate) << "Authorization delegate missing!"; 34097 if (!authorization_delegate->CheckResponseAuthorization( 34098 response_hash, 34099 authorization_section_bytes)) { 34100 return TRUNKS_RC_AUTHORIZATION_FAILED; 34101 } 34102 } 34103 return TPM_RC_SUCCESS; 34104 } 34105 34106 void FieldUpgradeStartErrorCallback( 34107 const Tpm::FieldUpgradeStartResponse& callback, 34108 TPM_RC response_code) { 34109 VLOG(1) << __func__; 34110 callback.Run(response_code); 34111 } 34112 34113 void FieldUpgradeStartResponseParser( 34114 const Tpm::FieldUpgradeStartResponse& callback, 34115 AuthorizationDelegate* authorization_delegate, 34116 const std::string& response) { 34117 VLOG(1) << __func__; 34118 base::Callback<void(TPM_RC)> error_reporter = 34119 base::Bind(FieldUpgradeStartErrorCallback, callback); 34120 TPM_RC rc = Tpm::ParseResponse_FieldUpgradeStart( 34121 response, 34122 authorization_delegate); 34123 if (rc != TPM_RC_SUCCESS) { 34124 error_reporter.Run(rc); 34125 return; 34126 } 34127 callback.Run( 34128 rc); 34129 } 34130 34131 void Tpm::FieldUpgradeStart( 34132 const TPMI_RH_PLATFORM& authorization, 34133 const std::string& authorization_name, 34134 const TPMI_DH_OBJECT& key_handle, 34135 const std::string& key_handle_name, 34136 const TPM2B_DIGEST& fu_digest, 34137 const TPMT_SIGNATURE& manifest_signature, 34138 AuthorizationDelegate* authorization_delegate, 34139 const FieldUpgradeStartResponse& callback) { 34140 VLOG(1) << __func__; 34141 base::Callback<void(TPM_RC)> error_reporter = 34142 base::Bind(FieldUpgradeStartErrorCallback, callback); 34143 base::Callback<void(const std::string&)> parser = 34144 base::Bind(FieldUpgradeStartResponseParser, 34145 callback, 34146 authorization_delegate); 34147 std::string command; 34148 TPM_RC rc = SerializeCommand_FieldUpgradeStart( 34149 authorization, 34150 authorization_name, 34151 key_handle, 34152 key_handle_name, 34153 fu_digest, 34154 manifest_signature, 34155 &command, 34156 authorization_delegate); 34157 if (rc != TPM_RC_SUCCESS) { 34158 error_reporter.Run(rc); 34159 return; 34160 } 34161 transceiver_->SendCommand(command, parser); 34162 } 34163 34164 TPM_RC Tpm::FieldUpgradeStartSync( 34165 const TPMI_RH_PLATFORM& authorization, 34166 const std::string& authorization_name, 34167 const TPMI_DH_OBJECT& key_handle, 34168 const std::string& key_handle_name, 34169 const TPM2B_DIGEST& fu_digest, 34170 const TPMT_SIGNATURE& manifest_signature, 34171 AuthorizationDelegate* authorization_delegate) { 34172 VLOG(1) << __func__; 34173 std::string command; 34174 TPM_RC rc = SerializeCommand_FieldUpgradeStart( 34175 authorization, 34176 authorization_name, 34177 key_handle, 34178 key_handle_name, 34179 fu_digest, 34180 manifest_signature, 34181 &command, 34182 authorization_delegate); 34183 if (rc != TPM_RC_SUCCESS) { 34184 return rc; 34185 } 34186 std::string response = transceiver_->SendCommandAndWait(command); 34187 rc = ParseResponse_FieldUpgradeStart( 34188 response, 34189 authorization_delegate); 34190 return rc; 34191 } 34192 34193 TPM_RC Tpm::SerializeCommand_FieldUpgradeData( 34194 const TPM2B_MAX_BUFFER& fu_data, 34195 std::string* serialized_command, 34196 AuthorizationDelegate* authorization_delegate) { 34197 VLOG(3) << __func__; 34198 TPM_RC rc = TPM_RC_SUCCESS; 34199 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 34200 UINT32 command_size = 10; // Header size. 34201 std::string handle_section_bytes; 34202 std::string parameter_section_bytes; 34203 TPM_CC command_code = TPM_CC_FieldUpgradeData; 34204 bool is_command_parameter_encryption_possible = true; 34205 bool is_response_parameter_encryption_possible = false; 34206 std::string command_code_bytes; 34207 rc = Serialize_TPM_CC( 34208 command_code, 34209 &command_code_bytes); 34210 if (rc != TPM_RC_SUCCESS) { 34211 return rc; 34212 } 34213 std::string fu_data_bytes; 34214 rc = Serialize_TPM2B_MAX_BUFFER( 34215 fu_data, 34216 &fu_data_bytes); 34217 if (rc != TPM_RC_SUCCESS) { 34218 return rc; 34219 } 34220 if (authorization_delegate) { 34221 // Encrypt just the parameter data, not the size. 34222 std::string tmp = fu_data_bytes.substr(2); 34223 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 34224 return TRUNKS_RC_ENCRYPTION_FAILED; 34225 } 34226 fu_data_bytes.replace(2, std::string::npos, tmp); 34227 } 34228 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 34229 crypto::SecureHash::SHA256)); 34230 hash->Update(command_code_bytes.data(), 34231 command_code_bytes.size()); 34232 hash->Update(fu_data_bytes.data(), 34233 fu_data_bytes.size()); 34234 parameter_section_bytes += fu_data_bytes; 34235 command_size += fu_data_bytes.size(); 34236 std::string command_hash(32, 0); 34237 hash->Finish(string_as_array(&command_hash), command_hash.size()); 34238 std::string authorization_section_bytes; 34239 std::string authorization_size_bytes; 34240 if (authorization_delegate) { 34241 if (!authorization_delegate->GetCommandAuthorization( 34242 command_hash, 34243 is_command_parameter_encryption_possible, 34244 is_response_parameter_encryption_possible, 34245 &authorization_section_bytes)) { 34246 return TRUNKS_RC_AUTHORIZATION_FAILED; 34247 } 34248 if (!authorization_section_bytes.empty()) { 34249 tag = TPM_ST_SESSIONS; 34250 std::string tmp; 34251 rc = Serialize_UINT32(authorization_section_bytes.size(), 34252 &authorization_size_bytes); 34253 if (rc != TPM_RC_SUCCESS) { 34254 return rc; 34255 } 34256 command_size += authorization_size_bytes.size() + 34257 authorization_section_bytes.size(); 34258 } 34259 } 34260 std::string tag_bytes; 34261 rc = Serialize_TPMI_ST_COMMAND_TAG( 34262 tag, 34263 &tag_bytes); 34264 if (rc != TPM_RC_SUCCESS) { 34265 return rc; 34266 } 34267 std::string command_size_bytes; 34268 rc = Serialize_UINT32( 34269 command_size, 34270 &command_size_bytes); 34271 if (rc != TPM_RC_SUCCESS) { 34272 return rc; 34273 } 34274 *serialized_command = tag_bytes + 34275 command_size_bytes + 34276 command_code_bytes + 34277 handle_section_bytes + 34278 authorization_size_bytes + 34279 authorization_section_bytes + 34280 parameter_section_bytes; 34281 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 34282 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 34283 serialized_command->size()); 34284 return TPM_RC_SUCCESS; 34285 } 34286 34287 TPM_RC Tpm::ParseResponse_FieldUpgradeData( 34288 const std::string& response, 34289 TPMT_HA* next_digest, 34290 TPMT_HA* first_digest, 34291 AuthorizationDelegate* authorization_delegate) { 34292 VLOG(3) << __func__; 34293 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 34294 TPM_RC rc = TPM_RC_SUCCESS; 34295 std::string buffer(response); 34296 TPM_ST tag; 34297 std::string tag_bytes; 34298 rc = Parse_TPM_ST( 34299 &buffer, 34300 &tag, 34301 &tag_bytes); 34302 if (rc != TPM_RC_SUCCESS) { 34303 return rc; 34304 } 34305 UINT32 response_size; 34306 std::string response_size_bytes; 34307 rc = Parse_UINT32( 34308 &buffer, 34309 &response_size, 34310 &response_size_bytes); 34311 if (rc != TPM_RC_SUCCESS) { 34312 return rc; 34313 } 34314 TPM_RC response_code; 34315 std::string response_code_bytes; 34316 rc = Parse_TPM_RC( 34317 &buffer, 34318 &response_code, 34319 &response_code_bytes); 34320 if (rc != TPM_RC_SUCCESS) { 34321 return rc; 34322 } 34323 if (response_size != response.size()) { 34324 return TPM_RC_SIZE; 34325 } 34326 if (response_code != TPM_RC_SUCCESS) { 34327 return response_code; 34328 } 34329 TPM_CC command_code = TPM_CC_FieldUpgradeData; 34330 std::string command_code_bytes; 34331 rc = Serialize_TPM_CC( 34332 command_code, 34333 &command_code_bytes); 34334 if (rc != TPM_RC_SUCCESS) { 34335 return rc; 34336 } 34337 std::string authorization_section_bytes; 34338 if (tag == TPM_ST_SESSIONS) { 34339 UINT32 parameter_section_size = buffer.size(); 34340 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 34341 if (rc != TPM_RC_SUCCESS) { 34342 return rc; 34343 } 34344 if (parameter_section_size > buffer.size()) { 34345 return TPM_RC_INSUFFICIENT; 34346 } 34347 authorization_section_bytes = buffer.substr(parameter_section_size); 34348 // Keep the parameter section in |buffer|. 34349 buffer.erase(parameter_section_size); 34350 } 34351 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 34352 crypto::SecureHash::SHA256)); 34353 hash->Update(response_code_bytes.data(), 34354 response_code_bytes.size()); 34355 hash->Update(command_code_bytes.data(), 34356 command_code_bytes.size()); 34357 hash->Update(buffer.data(), 34358 buffer.size()); 34359 std::string response_hash(32, 0); 34360 hash->Finish(string_as_array(&response_hash), response_hash.size()); 34361 if (tag == TPM_ST_SESSIONS) { 34362 CHECK(authorization_delegate) << "Authorization delegate missing!"; 34363 if (!authorization_delegate->CheckResponseAuthorization( 34364 response_hash, 34365 authorization_section_bytes)) { 34366 return TRUNKS_RC_AUTHORIZATION_FAILED; 34367 } 34368 } 34369 std::string next_digest_bytes; 34370 rc = Parse_TPMT_HA( 34371 &buffer, 34372 next_digest, 34373 &next_digest_bytes); 34374 if (rc != TPM_RC_SUCCESS) { 34375 return rc; 34376 } 34377 std::string first_digest_bytes; 34378 rc = Parse_TPMT_HA( 34379 &buffer, 34380 first_digest, 34381 &first_digest_bytes); 34382 if (rc != TPM_RC_SUCCESS) { 34383 return rc; 34384 } 34385 return TPM_RC_SUCCESS; 34386 } 34387 34388 void FieldUpgradeDataErrorCallback( 34389 const Tpm::FieldUpgradeDataResponse& callback, 34390 TPM_RC response_code) { 34391 VLOG(1) << __func__; 34392 callback.Run(response_code, 34393 TPMT_HA(), 34394 TPMT_HA()); 34395 } 34396 34397 void FieldUpgradeDataResponseParser( 34398 const Tpm::FieldUpgradeDataResponse& callback, 34399 AuthorizationDelegate* authorization_delegate, 34400 const std::string& response) { 34401 VLOG(1) << __func__; 34402 base::Callback<void(TPM_RC)> error_reporter = 34403 base::Bind(FieldUpgradeDataErrorCallback, callback); 34404 TPMT_HA next_digest; 34405 TPMT_HA first_digest; 34406 TPM_RC rc = Tpm::ParseResponse_FieldUpgradeData( 34407 response, 34408 &next_digest, 34409 &first_digest, 34410 authorization_delegate); 34411 if (rc != TPM_RC_SUCCESS) { 34412 error_reporter.Run(rc); 34413 return; 34414 } 34415 callback.Run( 34416 rc, 34417 next_digest, 34418 first_digest); 34419 } 34420 34421 void Tpm::FieldUpgradeData( 34422 const TPM2B_MAX_BUFFER& fu_data, 34423 AuthorizationDelegate* authorization_delegate, 34424 const FieldUpgradeDataResponse& callback) { 34425 VLOG(1) << __func__; 34426 base::Callback<void(TPM_RC)> error_reporter = 34427 base::Bind(FieldUpgradeDataErrorCallback, callback); 34428 base::Callback<void(const std::string&)> parser = 34429 base::Bind(FieldUpgradeDataResponseParser, 34430 callback, 34431 authorization_delegate); 34432 std::string command; 34433 TPM_RC rc = SerializeCommand_FieldUpgradeData( 34434 fu_data, 34435 &command, 34436 authorization_delegate); 34437 if (rc != TPM_RC_SUCCESS) { 34438 error_reporter.Run(rc); 34439 return; 34440 } 34441 transceiver_->SendCommand(command, parser); 34442 } 34443 34444 TPM_RC Tpm::FieldUpgradeDataSync( 34445 const TPM2B_MAX_BUFFER& fu_data, 34446 TPMT_HA* next_digest, 34447 TPMT_HA* first_digest, 34448 AuthorizationDelegate* authorization_delegate) { 34449 VLOG(1) << __func__; 34450 std::string command; 34451 TPM_RC rc = SerializeCommand_FieldUpgradeData( 34452 fu_data, 34453 &command, 34454 authorization_delegate); 34455 if (rc != TPM_RC_SUCCESS) { 34456 return rc; 34457 } 34458 std::string response = transceiver_->SendCommandAndWait(command); 34459 rc = ParseResponse_FieldUpgradeData( 34460 response, 34461 next_digest, 34462 first_digest, 34463 authorization_delegate); 34464 return rc; 34465 } 34466 34467 TPM_RC Tpm::SerializeCommand_FirmwareRead( 34468 const UINT32& sequence_number, 34469 std::string* serialized_command, 34470 AuthorizationDelegate* authorization_delegate) { 34471 VLOG(3) << __func__; 34472 TPM_RC rc = TPM_RC_SUCCESS; 34473 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 34474 UINT32 command_size = 10; // Header size. 34475 std::string handle_section_bytes; 34476 std::string parameter_section_bytes; 34477 TPM_CC command_code = TPM_CC_FirmwareRead; 34478 bool is_command_parameter_encryption_possible = false; 34479 bool is_response_parameter_encryption_possible = true; 34480 std::string command_code_bytes; 34481 rc = Serialize_TPM_CC( 34482 command_code, 34483 &command_code_bytes); 34484 if (rc != TPM_RC_SUCCESS) { 34485 return rc; 34486 } 34487 std::string sequence_number_bytes; 34488 rc = Serialize_UINT32( 34489 sequence_number, 34490 &sequence_number_bytes); 34491 if (rc != TPM_RC_SUCCESS) { 34492 return rc; 34493 } 34494 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 34495 crypto::SecureHash::SHA256)); 34496 hash->Update(command_code_bytes.data(), 34497 command_code_bytes.size()); 34498 hash->Update(sequence_number_bytes.data(), 34499 sequence_number_bytes.size()); 34500 parameter_section_bytes += sequence_number_bytes; 34501 command_size += sequence_number_bytes.size(); 34502 std::string command_hash(32, 0); 34503 hash->Finish(string_as_array(&command_hash), command_hash.size()); 34504 std::string authorization_section_bytes; 34505 std::string authorization_size_bytes; 34506 if (authorization_delegate) { 34507 if (!authorization_delegate->GetCommandAuthorization( 34508 command_hash, 34509 is_command_parameter_encryption_possible, 34510 is_response_parameter_encryption_possible, 34511 &authorization_section_bytes)) { 34512 return TRUNKS_RC_AUTHORIZATION_FAILED; 34513 } 34514 if (!authorization_section_bytes.empty()) { 34515 tag = TPM_ST_SESSIONS; 34516 std::string tmp; 34517 rc = Serialize_UINT32(authorization_section_bytes.size(), 34518 &authorization_size_bytes); 34519 if (rc != TPM_RC_SUCCESS) { 34520 return rc; 34521 } 34522 command_size += authorization_size_bytes.size() + 34523 authorization_section_bytes.size(); 34524 } 34525 } 34526 std::string tag_bytes; 34527 rc = Serialize_TPMI_ST_COMMAND_TAG( 34528 tag, 34529 &tag_bytes); 34530 if (rc != TPM_RC_SUCCESS) { 34531 return rc; 34532 } 34533 std::string command_size_bytes; 34534 rc = Serialize_UINT32( 34535 command_size, 34536 &command_size_bytes); 34537 if (rc != TPM_RC_SUCCESS) { 34538 return rc; 34539 } 34540 *serialized_command = tag_bytes + 34541 command_size_bytes + 34542 command_code_bytes + 34543 handle_section_bytes + 34544 authorization_size_bytes + 34545 authorization_section_bytes + 34546 parameter_section_bytes; 34547 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 34548 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 34549 serialized_command->size()); 34550 return TPM_RC_SUCCESS; 34551 } 34552 34553 TPM_RC Tpm::ParseResponse_FirmwareRead( 34554 const std::string& response, 34555 TPM2B_MAX_BUFFER* fu_data, 34556 AuthorizationDelegate* authorization_delegate) { 34557 VLOG(3) << __func__; 34558 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 34559 TPM_RC rc = TPM_RC_SUCCESS; 34560 std::string buffer(response); 34561 TPM_ST tag; 34562 std::string tag_bytes; 34563 rc = Parse_TPM_ST( 34564 &buffer, 34565 &tag, 34566 &tag_bytes); 34567 if (rc != TPM_RC_SUCCESS) { 34568 return rc; 34569 } 34570 UINT32 response_size; 34571 std::string response_size_bytes; 34572 rc = Parse_UINT32( 34573 &buffer, 34574 &response_size, 34575 &response_size_bytes); 34576 if (rc != TPM_RC_SUCCESS) { 34577 return rc; 34578 } 34579 TPM_RC response_code; 34580 std::string response_code_bytes; 34581 rc = Parse_TPM_RC( 34582 &buffer, 34583 &response_code, 34584 &response_code_bytes); 34585 if (rc != TPM_RC_SUCCESS) { 34586 return rc; 34587 } 34588 if (response_size != response.size()) { 34589 return TPM_RC_SIZE; 34590 } 34591 if (response_code != TPM_RC_SUCCESS) { 34592 return response_code; 34593 } 34594 TPM_CC command_code = TPM_CC_FirmwareRead; 34595 std::string command_code_bytes; 34596 rc = Serialize_TPM_CC( 34597 command_code, 34598 &command_code_bytes); 34599 if (rc != TPM_RC_SUCCESS) { 34600 return rc; 34601 } 34602 std::string authorization_section_bytes; 34603 if (tag == TPM_ST_SESSIONS) { 34604 UINT32 parameter_section_size = buffer.size(); 34605 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 34606 if (rc != TPM_RC_SUCCESS) { 34607 return rc; 34608 } 34609 if (parameter_section_size > buffer.size()) { 34610 return TPM_RC_INSUFFICIENT; 34611 } 34612 authorization_section_bytes = buffer.substr(parameter_section_size); 34613 // Keep the parameter section in |buffer|. 34614 buffer.erase(parameter_section_size); 34615 } 34616 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 34617 crypto::SecureHash::SHA256)); 34618 hash->Update(response_code_bytes.data(), 34619 response_code_bytes.size()); 34620 hash->Update(command_code_bytes.data(), 34621 command_code_bytes.size()); 34622 hash->Update(buffer.data(), 34623 buffer.size()); 34624 std::string response_hash(32, 0); 34625 hash->Finish(string_as_array(&response_hash), response_hash.size()); 34626 if (tag == TPM_ST_SESSIONS) { 34627 CHECK(authorization_delegate) << "Authorization delegate missing!"; 34628 if (!authorization_delegate->CheckResponseAuthorization( 34629 response_hash, 34630 authorization_section_bytes)) { 34631 return TRUNKS_RC_AUTHORIZATION_FAILED; 34632 } 34633 } 34634 std::string fu_data_bytes; 34635 rc = Parse_TPM2B_MAX_BUFFER( 34636 &buffer, 34637 fu_data, 34638 &fu_data_bytes); 34639 if (rc != TPM_RC_SUCCESS) { 34640 return rc; 34641 } 34642 if (tag == TPM_ST_SESSIONS) { 34643 CHECK(authorization_delegate) << "Authorization delegate missing!"; 34644 // Decrypt just the parameter data, not the size. 34645 std::string tmp = fu_data_bytes.substr(2); 34646 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 34647 return TRUNKS_RC_ENCRYPTION_FAILED; 34648 } 34649 fu_data_bytes.replace(2, std::string::npos, tmp); 34650 rc = Parse_TPM2B_MAX_BUFFER( 34651 &fu_data_bytes, 34652 fu_data, 34653 nullptr); 34654 if (rc != TPM_RC_SUCCESS) { 34655 return rc; 34656 } 34657 } 34658 return TPM_RC_SUCCESS; 34659 } 34660 34661 void FirmwareReadErrorCallback( 34662 const Tpm::FirmwareReadResponse& callback, 34663 TPM_RC response_code) { 34664 VLOG(1) << __func__; 34665 callback.Run(response_code, 34666 TPM2B_MAX_BUFFER()); 34667 } 34668 34669 void FirmwareReadResponseParser( 34670 const Tpm::FirmwareReadResponse& callback, 34671 AuthorizationDelegate* authorization_delegate, 34672 const std::string& response) { 34673 VLOG(1) << __func__; 34674 base::Callback<void(TPM_RC)> error_reporter = 34675 base::Bind(FirmwareReadErrorCallback, callback); 34676 TPM2B_MAX_BUFFER fu_data; 34677 TPM_RC rc = Tpm::ParseResponse_FirmwareRead( 34678 response, 34679 &fu_data, 34680 authorization_delegate); 34681 if (rc != TPM_RC_SUCCESS) { 34682 error_reporter.Run(rc); 34683 return; 34684 } 34685 callback.Run( 34686 rc, 34687 fu_data); 34688 } 34689 34690 void Tpm::FirmwareRead( 34691 const UINT32& sequence_number, 34692 AuthorizationDelegate* authorization_delegate, 34693 const FirmwareReadResponse& callback) { 34694 VLOG(1) << __func__; 34695 base::Callback<void(TPM_RC)> error_reporter = 34696 base::Bind(FirmwareReadErrorCallback, callback); 34697 base::Callback<void(const std::string&)> parser = 34698 base::Bind(FirmwareReadResponseParser, 34699 callback, 34700 authorization_delegate); 34701 std::string command; 34702 TPM_RC rc = SerializeCommand_FirmwareRead( 34703 sequence_number, 34704 &command, 34705 authorization_delegate); 34706 if (rc != TPM_RC_SUCCESS) { 34707 error_reporter.Run(rc); 34708 return; 34709 } 34710 transceiver_->SendCommand(command, parser); 34711 } 34712 34713 TPM_RC Tpm::FirmwareReadSync( 34714 const UINT32& sequence_number, 34715 TPM2B_MAX_BUFFER* fu_data, 34716 AuthorizationDelegate* authorization_delegate) { 34717 VLOG(1) << __func__; 34718 std::string command; 34719 TPM_RC rc = SerializeCommand_FirmwareRead( 34720 sequence_number, 34721 &command, 34722 authorization_delegate); 34723 if (rc != TPM_RC_SUCCESS) { 34724 return rc; 34725 } 34726 std::string response = transceiver_->SendCommandAndWait(command); 34727 rc = ParseResponse_FirmwareRead( 34728 response, 34729 fu_data, 34730 authorization_delegate); 34731 return rc; 34732 } 34733 34734 TPM_RC Tpm::SerializeCommand_ContextSave( 34735 const TPMI_DH_CONTEXT& save_handle, 34736 const std::string& save_handle_name, 34737 std::string* serialized_command, 34738 AuthorizationDelegate* authorization_delegate) { 34739 VLOG(3) << __func__; 34740 TPM_RC rc = TPM_RC_SUCCESS; 34741 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 34742 UINT32 command_size = 10; // Header size. 34743 std::string handle_section_bytes; 34744 std::string parameter_section_bytes; 34745 TPM_CC command_code = TPM_CC_ContextSave; 34746 bool is_command_parameter_encryption_possible = false; 34747 bool is_response_parameter_encryption_possible = false; 34748 std::string command_code_bytes; 34749 rc = Serialize_TPM_CC( 34750 command_code, 34751 &command_code_bytes); 34752 if (rc != TPM_RC_SUCCESS) { 34753 return rc; 34754 } 34755 std::string save_handle_bytes; 34756 rc = Serialize_TPMI_DH_CONTEXT( 34757 save_handle, 34758 &save_handle_bytes); 34759 if (rc != TPM_RC_SUCCESS) { 34760 return rc; 34761 } 34762 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 34763 crypto::SecureHash::SHA256)); 34764 hash->Update(command_code_bytes.data(), 34765 command_code_bytes.size()); 34766 hash->Update(save_handle_name.data(), 34767 save_handle_name.size()); 34768 handle_section_bytes += save_handle_bytes; 34769 command_size += save_handle_bytes.size(); 34770 std::string command_hash(32, 0); 34771 hash->Finish(string_as_array(&command_hash), command_hash.size()); 34772 std::string authorization_section_bytes; 34773 std::string authorization_size_bytes; 34774 if (authorization_delegate) { 34775 if (!authorization_delegate->GetCommandAuthorization( 34776 command_hash, 34777 is_command_parameter_encryption_possible, 34778 is_response_parameter_encryption_possible, 34779 &authorization_section_bytes)) { 34780 return TRUNKS_RC_AUTHORIZATION_FAILED; 34781 } 34782 if (!authorization_section_bytes.empty()) { 34783 tag = TPM_ST_SESSIONS; 34784 std::string tmp; 34785 rc = Serialize_UINT32(authorization_section_bytes.size(), 34786 &authorization_size_bytes); 34787 if (rc != TPM_RC_SUCCESS) { 34788 return rc; 34789 } 34790 command_size += authorization_size_bytes.size() + 34791 authorization_section_bytes.size(); 34792 } 34793 } 34794 std::string tag_bytes; 34795 rc = Serialize_TPMI_ST_COMMAND_TAG( 34796 tag, 34797 &tag_bytes); 34798 if (rc != TPM_RC_SUCCESS) { 34799 return rc; 34800 } 34801 std::string command_size_bytes; 34802 rc = Serialize_UINT32( 34803 command_size, 34804 &command_size_bytes); 34805 if (rc != TPM_RC_SUCCESS) { 34806 return rc; 34807 } 34808 *serialized_command = tag_bytes + 34809 command_size_bytes + 34810 command_code_bytes + 34811 handle_section_bytes + 34812 authorization_size_bytes + 34813 authorization_section_bytes + 34814 parameter_section_bytes; 34815 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 34816 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 34817 serialized_command->size()); 34818 return TPM_RC_SUCCESS; 34819 } 34820 34821 TPM_RC Tpm::ParseResponse_ContextSave( 34822 const std::string& response, 34823 TPMS_CONTEXT* context, 34824 AuthorizationDelegate* authorization_delegate) { 34825 VLOG(3) << __func__; 34826 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 34827 TPM_RC rc = TPM_RC_SUCCESS; 34828 std::string buffer(response); 34829 TPM_ST tag; 34830 std::string tag_bytes; 34831 rc = Parse_TPM_ST( 34832 &buffer, 34833 &tag, 34834 &tag_bytes); 34835 if (rc != TPM_RC_SUCCESS) { 34836 return rc; 34837 } 34838 UINT32 response_size; 34839 std::string response_size_bytes; 34840 rc = Parse_UINT32( 34841 &buffer, 34842 &response_size, 34843 &response_size_bytes); 34844 if (rc != TPM_RC_SUCCESS) { 34845 return rc; 34846 } 34847 TPM_RC response_code; 34848 std::string response_code_bytes; 34849 rc = Parse_TPM_RC( 34850 &buffer, 34851 &response_code, 34852 &response_code_bytes); 34853 if (rc != TPM_RC_SUCCESS) { 34854 return rc; 34855 } 34856 if (response_size != response.size()) { 34857 return TPM_RC_SIZE; 34858 } 34859 if (response_code != TPM_RC_SUCCESS) { 34860 return response_code; 34861 } 34862 TPM_CC command_code = TPM_CC_ContextSave; 34863 std::string command_code_bytes; 34864 rc = Serialize_TPM_CC( 34865 command_code, 34866 &command_code_bytes); 34867 if (rc != TPM_RC_SUCCESS) { 34868 return rc; 34869 } 34870 std::string authorization_section_bytes; 34871 if (tag == TPM_ST_SESSIONS) { 34872 UINT32 parameter_section_size = buffer.size(); 34873 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 34874 if (rc != TPM_RC_SUCCESS) { 34875 return rc; 34876 } 34877 if (parameter_section_size > buffer.size()) { 34878 return TPM_RC_INSUFFICIENT; 34879 } 34880 authorization_section_bytes = buffer.substr(parameter_section_size); 34881 // Keep the parameter section in |buffer|. 34882 buffer.erase(parameter_section_size); 34883 } 34884 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 34885 crypto::SecureHash::SHA256)); 34886 hash->Update(response_code_bytes.data(), 34887 response_code_bytes.size()); 34888 hash->Update(command_code_bytes.data(), 34889 command_code_bytes.size()); 34890 hash->Update(buffer.data(), 34891 buffer.size()); 34892 std::string response_hash(32, 0); 34893 hash->Finish(string_as_array(&response_hash), response_hash.size()); 34894 if (tag == TPM_ST_SESSIONS) { 34895 CHECK(authorization_delegate) << "Authorization delegate missing!"; 34896 if (!authorization_delegate->CheckResponseAuthorization( 34897 response_hash, 34898 authorization_section_bytes)) { 34899 return TRUNKS_RC_AUTHORIZATION_FAILED; 34900 } 34901 } 34902 std::string context_bytes; 34903 rc = Parse_TPMS_CONTEXT( 34904 &buffer, 34905 context, 34906 &context_bytes); 34907 if (rc != TPM_RC_SUCCESS) { 34908 return rc; 34909 } 34910 return TPM_RC_SUCCESS; 34911 } 34912 34913 void ContextSaveErrorCallback( 34914 const Tpm::ContextSaveResponse& callback, 34915 TPM_RC response_code) { 34916 VLOG(1) << __func__; 34917 callback.Run(response_code, 34918 TPMS_CONTEXT()); 34919 } 34920 34921 void ContextSaveResponseParser( 34922 const Tpm::ContextSaveResponse& callback, 34923 AuthorizationDelegate* authorization_delegate, 34924 const std::string& response) { 34925 VLOG(1) << __func__; 34926 base::Callback<void(TPM_RC)> error_reporter = 34927 base::Bind(ContextSaveErrorCallback, callback); 34928 TPMS_CONTEXT context; 34929 TPM_RC rc = Tpm::ParseResponse_ContextSave( 34930 response, 34931 &context, 34932 authorization_delegate); 34933 if (rc != TPM_RC_SUCCESS) { 34934 error_reporter.Run(rc); 34935 return; 34936 } 34937 callback.Run( 34938 rc, 34939 context); 34940 } 34941 34942 void Tpm::ContextSave( 34943 const TPMI_DH_CONTEXT& save_handle, 34944 const std::string& save_handle_name, 34945 AuthorizationDelegate* authorization_delegate, 34946 const ContextSaveResponse& callback) { 34947 VLOG(1) << __func__; 34948 base::Callback<void(TPM_RC)> error_reporter = 34949 base::Bind(ContextSaveErrorCallback, callback); 34950 base::Callback<void(const std::string&)> parser = 34951 base::Bind(ContextSaveResponseParser, 34952 callback, 34953 authorization_delegate); 34954 std::string command; 34955 TPM_RC rc = SerializeCommand_ContextSave( 34956 save_handle, 34957 save_handle_name, 34958 &command, 34959 authorization_delegate); 34960 if (rc != TPM_RC_SUCCESS) { 34961 error_reporter.Run(rc); 34962 return; 34963 } 34964 transceiver_->SendCommand(command, parser); 34965 } 34966 34967 TPM_RC Tpm::ContextSaveSync( 34968 const TPMI_DH_CONTEXT& save_handle, 34969 const std::string& save_handle_name, 34970 TPMS_CONTEXT* context, 34971 AuthorizationDelegate* authorization_delegate) { 34972 VLOG(1) << __func__; 34973 std::string command; 34974 TPM_RC rc = SerializeCommand_ContextSave( 34975 save_handle, 34976 save_handle_name, 34977 &command, 34978 authorization_delegate); 34979 if (rc != TPM_RC_SUCCESS) { 34980 return rc; 34981 } 34982 std::string response = transceiver_->SendCommandAndWait(command); 34983 rc = ParseResponse_ContextSave( 34984 response, 34985 context, 34986 authorization_delegate); 34987 return rc; 34988 } 34989 34990 TPM_RC Tpm::SerializeCommand_ContextLoad( 34991 const TPMS_CONTEXT& context, 34992 std::string* serialized_command, 34993 AuthorizationDelegate* authorization_delegate) { 34994 VLOG(3) << __func__; 34995 TPM_RC rc = TPM_RC_SUCCESS; 34996 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 34997 UINT32 command_size = 10; // Header size. 34998 std::string handle_section_bytes; 34999 std::string parameter_section_bytes; 35000 TPM_CC command_code = TPM_CC_ContextLoad; 35001 bool is_command_parameter_encryption_possible = false; 35002 bool is_response_parameter_encryption_possible = false; 35003 std::string command_code_bytes; 35004 rc = Serialize_TPM_CC( 35005 command_code, 35006 &command_code_bytes); 35007 if (rc != TPM_RC_SUCCESS) { 35008 return rc; 35009 } 35010 std::string context_bytes; 35011 rc = Serialize_TPMS_CONTEXT( 35012 context, 35013 &context_bytes); 35014 if (rc != TPM_RC_SUCCESS) { 35015 return rc; 35016 } 35017 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 35018 crypto::SecureHash::SHA256)); 35019 hash->Update(command_code_bytes.data(), 35020 command_code_bytes.size()); 35021 hash->Update(context_bytes.data(), 35022 context_bytes.size()); 35023 parameter_section_bytes += context_bytes; 35024 command_size += context_bytes.size(); 35025 std::string command_hash(32, 0); 35026 hash->Finish(string_as_array(&command_hash), command_hash.size()); 35027 std::string authorization_section_bytes; 35028 std::string authorization_size_bytes; 35029 if (authorization_delegate) { 35030 if (!authorization_delegate->GetCommandAuthorization( 35031 command_hash, 35032 is_command_parameter_encryption_possible, 35033 is_response_parameter_encryption_possible, 35034 &authorization_section_bytes)) { 35035 return TRUNKS_RC_AUTHORIZATION_FAILED; 35036 } 35037 if (!authorization_section_bytes.empty()) { 35038 tag = TPM_ST_SESSIONS; 35039 std::string tmp; 35040 rc = Serialize_UINT32(authorization_section_bytes.size(), 35041 &authorization_size_bytes); 35042 if (rc != TPM_RC_SUCCESS) { 35043 return rc; 35044 } 35045 command_size += authorization_size_bytes.size() + 35046 authorization_section_bytes.size(); 35047 } 35048 } 35049 std::string tag_bytes; 35050 rc = Serialize_TPMI_ST_COMMAND_TAG( 35051 tag, 35052 &tag_bytes); 35053 if (rc != TPM_RC_SUCCESS) { 35054 return rc; 35055 } 35056 std::string command_size_bytes; 35057 rc = Serialize_UINT32( 35058 command_size, 35059 &command_size_bytes); 35060 if (rc != TPM_RC_SUCCESS) { 35061 return rc; 35062 } 35063 *serialized_command = tag_bytes + 35064 command_size_bytes + 35065 command_code_bytes + 35066 handle_section_bytes + 35067 authorization_size_bytes + 35068 authorization_section_bytes + 35069 parameter_section_bytes; 35070 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 35071 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 35072 serialized_command->size()); 35073 return TPM_RC_SUCCESS; 35074 } 35075 35076 TPM_RC Tpm::ParseResponse_ContextLoad( 35077 const std::string& response, 35078 TPMI_DH_CONTEXT* loaded_handle, 35079 AuthorizationDelegate* authorization_delegate) { 35080 VLOG(3) << __func__; 35081 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 35082 TPM_RC rc = TPM_RC_SUCCESS; 35083 std::string buffer(response); 35084 TPM_ST tag; 35085 std::string tag_bytes; 35086 rc = Parse_TPM_ST( 35087 &buffer, 35088 &tag, 35089 &tag_bytes); 35090 if (rc != TPM_RC_SUCCESS) { 35091 return rc; 35092 } 35093 UINT32 response_size; 35094 std::string response_size_bytes; 35095 rc = Parse_UINT32( 35096 &buffer, 35097 &response_size, 35098 &response_size_bytes); 35099 if (rc != TPM_RC_SUCCESS) { 35100 return rc; 35101 } 35102 TPM_RC response_code; 35103 std::string response_code_bytes; 35104 rc = Parse_TPM_RC( 35105 &buffer, 35106 &response_code, 35107 &response_code_bytes); 35108 if (rc != TPM_RC_SUCCESS) { 35109 return rc; 35110 } 35111 if (response_size != response.size()) { 35112 return TPM_RC_SIZE; 35113 } 35114 if (response_code != TPM_RC_SUCCESS) { 35115 return response_code; 35116 } 35117 std::string loaded_handle_bytes; 35118 rc = Parse_TPMI_DH_CONTEXT( 35119 &buffer, 35120 loaded_handle, 35121 &loaded_handle_bytes); 35122 if (rc != TPM_RC_SUCCESS) { 35123 return rc; 35124 } 35125 TPM_CC command_code = TPM_CC_ContextLoad; 35126 std::string command_code_bytes; 35127 rc = Serialize_TPM_CC( 35128 command_code, 35129 &command_code_bytes); 35130 if (rc != TPM_RC_SUCCESS) { 35131 return rc; 35132 } 35133 std::string authorization_section_bytes; 35134 if (tag == TPM_ST_SESSIONS) { 35135 UINT32 parameter_section_size = buffer.size(); 35136 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 35137 if (rc != TPM_RC_SUCCESS) { 35138 return rc; 35139 } 35140 if (parameter_section_size > buffer.size()) { 35141 return TPM_RC_INSUFFICIENT; 35142 } 35143 authorization_section_bytes = buffer.substr(parameter_section_size); 35144 // Keep the parameter section in |buffer|. 35145 buffer.erase(parameter_section_size); 35146 } 35147 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 35148 crypto::SecureHash::SHA256)); 35149 hash->Update(response_code_bytes.data(), 35150 response_code_bytes.size()); 35151 hash->Update(command_code_bytes.data(), 35152 command_code_bytes.size()); 35153 hash->Update(buffer.data(), 35154 buffer.size()); 35155 std::string response_hash(32, 0); 35156 hash->Finish(string_as_array(&response_hash), response_hash.size()); 35157 if (tag == TPM_ST_SESSIONS) { 35158 CHECK(authorization_delegate) << "Authorization delegate missing!"; 35159 if (!authorization_delegate->CheckResponseAuthorization( 35160 response_hash, 35161 authorization_section_bytes)) { 35162 return TRUNKS_RC_AUTHORIZATION_FAILED; 35163 } 35164 } 35165 return TPM_RC_SUCCESS; 35166 } 35167 35168 void ContextLoadErrorCallback( 35169 const Tpm::ContextLoadResponse& callback, 35170 TPM_RC response_code) { 35171 VLOG(1) << __func__; 35172 callback.Run(response_code, 35173 TPMI_DH_CONTEXT()); 35174 } 35175 35176 void ContextLoadResponseParser( 35177 const Tpm::ContextLoadResponse& callback, 35178 AuthorizationDelegate* authorization_delegate, 35179 const std::string& response) { 35180 VLOG(1) << __func__; 35181 base::Callback<void(TPM_RC)> error_reporter = 35182 base::Bind(ContextLoadErrorCallback, callback); 35183 TPMI_DH_CONTEXT loaded_handle; 35184 TPM_RC rc = Tpm::ParseResponse_ContextLoad( 35185 response, 35186 &loaded_handle, 35187 authorization_delegate); 35188 if (rc != TPM_RC_SUCCESS) { 35189 error_reporter.Run(rc); 35190 return; 35191 } 35192 callback.Run( 35193 rc, 35194 loaded_handle); 35195 } 35196 35197 void Tpm::ContextLoad( 35198 const TPMS_CONTEXT& context, 35199 AuthorizationDelegate* authorization_delegate, 35200 const ContextLoadResponse& callback) { 35201 VLOG(1) << __func__; 35202 base::Callback<void(TPM_RC)> error_reporter = 35203 base::Bind(ContextLoadErrorCallback, callback); 35204 base::Callback<void(const std::string&)> parser = 35205 base::Bind(ContextLoadResponseParser, 35206 callback, 35207 authorization_delegate); 35208 std::string command; 35209 TPM_RC rc = SerializeCommand_ContextLoad( 35210 context, 35211 &command, 35212 authorization_delegate); 35213 if (rc != TPM_RC_SUCCESS) { 35214 error_reporter.Run(rc); 35215 return; 35216 } 35217 transceiver_->SendCommand(command, parser); 35218 } 35219 35220 TPM_RC Tpm::ContextLoadSync( 35221 const TPMS_CONTEXT& context, 35222 TPMI_DH_CONTEXT* loaded_handle, 35223 AuthorizationDelegate* authorization_delegate) { 35224 VLOG(1) << __func__; 35225 std::string command; 35226 TPM_RC rc = SerializeCommand_ContextLoad( 35227 context, 35228 &command, 35229 authorization_delegate); 35230 if (rc != TPM_RC_SUCCESS) { 35231 return rc; 35232 } 35233 std::string response = transceiver_->SendCommandAndWait(command); 35234 rc = ParseResponse_ContextLoad( 35235 response, 35236 loaded_handle, 35237 authorization_delegate); 35238 return rc; 35239 } 35240 35241 TPM_RC Tpm::SerializeCommand_FlushContext( 35242 const TPMI_DH_CONTEXT& flush_handle, 35243 std::string* serialized_command, 35244 AuthorizationDelegate* authorization_delegate) { 35245 VLOG(3) << __func__; 35246 TPM_RC rc = TPM_RC_SUCCESS; 35247 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 35248 UINT32 command_size = 10; // Header size. 35249 std::string handle_section_bytes; 35250 std::string parameter_section_bytes; 35251 TPM_CC command_code = TPM_CC_FlushContext; 35252 bool is_command_parameter_encryption_possible = false; 35253 bool is_response_parameter_encryption_possible = false; 35254 std::string command_code_bytes; 35255 rc = Serialize_TPM_CC( 35256 command_code, 35257 &command_code_bytes); 35258 if (rc != TPM_RC_SUCCESS) { 35259 return rc; 35260 } 35261 std::string flush_handle_bytes; 35262 rc = Serialize_TPMI_DH_CONTEXT( 35263 flush_handle, 35264 &flush_handle_bytes); 35265 if (rc != TPM_RC_SUCCESS) { 35266 return rc; 35267 } 35268 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 35269 crypto::SecureHash::SHA256)); 35270 hash->Update(command_code_bytes.data(), 35271 command_code_bytes.size()); 35272 hash->Update(flush_handle_bytes.data(), 35273 flush_handle_bytes.size()); 35274 parameter_section_bytes += flush_handle_bytes; 35275 command_size += flush_handle_bytes.size(); 35276 std::string command_hash(32, 0); 35277 hash->Finish(string_as_array(&command_hash), command_hash.size()); 35278 std::string authorization_section_bytes; 35279 std::string authorization_size_bytes; 35280 if (authorization_delegate) { 35281 if (!authorization_delegate->GetCommandAuthorization( 35282 command_hash, 35283 is_command_parameter_encryption_possible, 35284 is_response_parameter_encryption_possible, 35285 &authorization_section_bytes)) { 35286 return TRUNKS_RC_AUTHORIZATION_FAILED; 35287 } 35288 if (!authorization_section_bytes.empty()) { 35289 tag = TPM_ST_SESSIONS; 35290 std::string tmp; 35291 rc = Serialize_UINT32(authorization_section_bytes.size(), 35292 &authorization_size_bytes); 35293 if (rc != TPM_RC_SUCCESS) { 35294 return rc; 35295 } 35296 command_size += authorization_size_bytes.size() + 35297 authorization_section_bytes.size(); 35298 } 35299 } 35300 std::string tag_bytes; 35301 rc = Serialize_TPMI_ST_COMMAND_TAG( 35302 tag, 35303 &tag_bytes); 35304 if (rc != TPM_RC_SUCCESS) { 35305 return rc; 35306 } 35307 std::string command_size_bytes; 35308 rc = Serialize_UINT32( 35309 command_size, 35310 &command_size_bytes); 35311 if (rc != TPM_RC_SUCCESS) { 35312 return rc; 35313 } 35314 *serialized_command = tag_bytes + 35315 command_size_bytes + 35316 command_code_bytes + 35317 handle_section_bytes + 35318 authorization_size_bytes + 35319 authorization_section_bytes + 35320 parameter_section_bytes; 35321 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 35322 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 35323 serialized_command->size()); 35324 return TPM_RC_SUCCESS; 35325 } 35326 35327 TPM_RC Tpm::ParseResponse_FlushContext( 35328 const std::string& response, 35329 AuthorizationDelegate* authorization_delegate) { 35330 VLOG(3) << __func__; 35331 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 35332 TPM_RC rc = TPM_RC_SUCCESS; 35333 std::string buffer(response); 35334 TPM_ST tag; 35335 std::string tag_bytes; 35336 rc = Parse_TPM_ST( 35337 &buffer, 35338 &tag, 35339 &tag_bytes); 35340 if (rc != TPM_RC_SUCCESS) { 35341 return rc; 35342 } 35343 UINT32 response_size; 35344 std::string response_size_bytes; 35345 rc = Parse_UINT32( 35346 &buffer, 35347 &response_size, 35348 &response_size_bytes); 35349 if (rc != TPM_RC_SUCCESS) { 35350 return rc; 35351 } 35352 TPM_RC response_code; 35353 std::string response_code_bytes; 35354 rc = Parse_TPM_RC( 35355 &buffer, 35356 &response_code, 35357 &response_code_bytes); 35358 if (rc != TPM_RC_SUCCESS) { 35359 return rc; 35360 } 35361 if (response_size != response.size()) { 35362 return TPM_RC_SIZE; 35363 } 35364 if (response_code != TPM_RC_SUCCESS) { 35365 return response_code; 35366 } 35367 TPM_CC command_code = TPM_CC_FlushContext; 35368 std::string command_code_bytes; 35369 rc = Serialize_TPM_CC( 35370 command_code, 35371 &command_code_bytes); 35372 if (rc != TPM_RC_SUCCESS) { 35373 return rc; 35374 } 35375 std::string authorization_section_bytes; 35376 if (tag == TPM_ST_SESSIONS) { 35377 UINT32 parameter_section_size = buffer.size(); 35378 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 35379 if (rc != TPM_RC_SUCCESS) { 35380 return rc; 35381 } 35382 if (parameter_section_size > buffer.size()) { 35383 return TPM_RC_INSUFFICIENT; 35384 } 35385 authorization_section_bytes = buffer.substr(parameter_section_size); 35386 // Keep the parameter section in |buffer|. 35387 buffer.erase(parameter_section_size); 35388 } 35389 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 35390 crypto::SecureHash::SHA256)); 35391 hash->Update(response_code_bytes.data(), 35392 response_code_bytes.size()); 35393 hash->Update(command_code_bytes.data(), 35394 command_code_bytes.size()); 35395 hash->Update(buffer.data(), 35396 buffer.size()); 35397 std::string response_hash(32, 0); 35398 hash->Finish(string_as_array(&response_hash), response_hash.size()); 35399 if (tag == TPM_ST_SESSIONS) { 35400 CHECK(authorization_delegate) << "Authorization delegate missing!"; 35401 if (!authorization_delegate->CheckResponseAuthorization( 35402 response_hash, 35403 authorization_section_bytes)) { 35404 return TRUNKS_RC_AUTHORIZATION_FAILED; 35405 } 35406 } 35407 return TPM_RC_SUCCESS; 35408 } 35409 35410 void FlushContextErrorCallback( 35411 const Tpm::FlushContextResponse& callback, 35412 TPM_RC response_code) { 35413 VLOG(1) << __func__; 35414 callback.Run(response_code); 35415 } 35416 35417 void FlushContextResponseParser( 35418 const Tpm::FlushContextResponse& callback, 35419 AuthorizationDelegate* authorization_delegate, 35420 const std::string& response) { 35421 VLOG(1) << __func__; 35422 base::Callback<void(TPM_RC)> error_reporter = 35423 base::Bind(FlushContextErrorCallback, callback); 35424 TPM_RC rc = Tpm::ParseResponse_FlushContext( 35425 response, 35426 authorization_delegate); 35427 if (rc != TPM_RC_SUCCESS) { 35428 error_reporter.Run(rc); 35429 return; 35430 } 35431 callback.Run( 35432 rc); 35433 } 35434 35435 void Tpm::FlushContext( 35436 const TPMI_DH_CONTEXT& flush_handle, 35437 AuthorizationDelegate* authorization_delegate, 35438 const FlushContextResponse& callback) { 35439 VLOG(1) << __func__; 35440 base::Callback<void(TPM_RC)> error_reporter = 35441 base::Bind(FlushContextErrorCallback, callback); 35442 base::Callback<void(const std::string&)> parser = 35443 base::Bind(FlushContextResponseParser, 35444 callback, 35445 authorization_delegate); 35446 std::string command; 35447 TPM_RC rc = SerializeCommand_FlushContext( 35448 flush_handle, 35449 &command, 35450 authorization_delegate); 35451 if (rc != TPM_RC_SUCCESS) { 35452 error_reporter.Run(rc); 35453 return; 35454 } 35455 transceiver_->SendCommand(command, parser); 35456 } 35457 35458 TPM_RC Tpm::FlushContextSync( 35459 const TPMI_DH_CONTEXT& flush_handle, 35460 AuthorizationDelegate* authorization_delegate) { 35461 VLOG(1) << __func__; 35462 std::string command; 35463 TPM_RC rc = SerializeCommand_FlushContext( 35464 flush_handle, 35465 &command, 35466 authorization_delegate); 35467 if (rc != TPM_RC_SUCCESS) { 35468 return rc; 35469 } 35470 std::string response = transceiver_->SendCommandAndWait(command); 35471 rc = ParseResponse_FlushContext( 35472 response, 35473 authorization_delegate); 35474 return rc; 35475 } 35476 35477 TPM_RC Tpm::SerializeCommand_EvictControl( 35478 const TPMI_RH_PROVISION& auth, 35479 const std::string& auth_name, 35480 const TPMI_DH_OBJECT& object_handle, 35481 const std::string& object_handle_name, 35482 const TPMI_DH_PERSISTENT& persistent_handle, 35483 std::string* serialized_command, 35484 AuthorizationDelegate* authorization_delegate) { 35485 VLOG(3) << __func__; 35486 TPM_RC rc = TPM_RC_SUCCESS; 35487 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 35488 UINT32 command_size = 10; // Header size. 35489 std::string handle_section_bytes; 35490 std::string parameter_section_bytes; 35491 TPM_CC command_code = TPM_CC_EvictControl; 35492 bool is_command_parameter_encryption_possible = false; 35493 bool is_response_parameter_encryption_possible = false; 35494 std::string command_code_bytes; 35495 rc = Serialize_TPM_CC( 35496 command_code, 35497 &command_code_bytes); 35498 if (rc != TPM_RC_SUCCESS) { 35499 return rc; 35500 } 35501 std::string auth_bytes; 35502 rc = Serialize_TPMI_RH_PROVISION( 35503 auth, 35504 &auth_bytes); 35505 if (rc != TPM_RC_SUCCESS) { 35506 return rc; 35507 } 35508 std::string object_handle_bytes; 35509 rc = Serialize_TPMI_DH_OBJECT( 35510 object_handle, 35511 &object_handle_bytes); 35512 if (rc != TPM_RC_SUCCESS) { 35513 return rc; 35514 } 35515 std::string persistent_handle_bytes; 35516 rc = Serialize_TPMI_DH_PERSISTENT( 35517 persistent_handle, 35518 &persistent_handle_bytes); 35519 if (rc != TPM_RC_SUCCESS) { 35520 return rc; 35521 } 35522 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 35523 crypto::SecureHash::SHA256)); 35524 hash->Update(command_code_bytes.data(), 35525 command_code_bytes.size()); 35526 hash->Update(auth_name.data(), 35527 auth_name.size()); 35528 handle_section_bytes += auth_bytes; 35529 command_size += auth_bytes.size(); 35530 hash->Update(object_handle_name.data(), 35531 object_handle_name.size()); 35532 handle_section_bytes += object_handle_bytes; 35533 command_size += object_handle_bytes.size(); 35534 hash->Update(persistent_handle_bytes.data(), 35535 persistent_handle_bytes.size()); 35536 parameter_section_bytes += persistent_handle_bytes; 35537 command_size += persistent_handle_bytes.size(); 35538 std::string command_hash(32, 0); 35539 hash->Finish(string_as_array(&command_hash), command_hash.size()); 35540 std::string authorization_section_bytes; 35541 std::string authorization_size_bytes; 35542 if (authorization_delegate) { 35543 if (!authorization_delegate->GetCommandAuthorization( 35544 command_hash, 35545 is_command_parameter_encryption_possible, 35546 is_response_parameter_encryption_possible, 35547 &authorization_section_bytes)) { 35548 return TRUNKS_RC_AUTHORIZATION_FAILED; 35549 } 35550 if (!authorization_section_bytes.empty()) { 35551 tag = TPM_ST_SESSIONS; 35552 std::string tmp; 35553 rc = Serialize_UINT32(authorization_section_bytes.size(), 35554 &authorization_size_bytes); 35555 if (rc != TPM_RC_SUCCESS) { 35556 return rc; 35557 } 35558 command_size += authorization_size_bytes.size() + 35559 authorization_section_bytes.size(); 35560 } 35561 } 35562 std::string tag_bytes; 35563 rc = Serialize_TPMI_ST_COMMAND_TAG( 35564 tag, 35565 &tag_bytes); 35566 if (rc != TPM_RC_SUCCESS) { 35567 return rc; 35568 } 35569 std::string command_size_bytes; 35570 rc = Serialize_UINT32( 35571 command_size, 35572 &command_size_bytes); 35573 if (rc != TPM_RC_SUCCESS) { 35574 return rc; 35575 } 35576 *serialized_command = tag_bytes + 35577 command_size_bytes + 35578 command_code_bytes + 35579 handle_section_bytes + 35580 authorization_size_bytes + 35581 authorization_section_bytes + 35582 parameter_section_bytes; 35583 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 35584 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 35585 serialized_command->size()); 35586 return TPM_RC_SUCCESS; 35587 } 35588 35589 TPM_RC Tpm::ParseResponse_EvictControl( 35590 const std::string& response, 35591 AuthorizationDelegate* authorization_delegate) { 35592 VLOG(3) << __func__; 35593 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 35594 TPM_RC rc = TPM_RC_SUCCESS; 35595 std::string buffer(response); 35596 TPM_ST tag; 35597 std::string tag_bytes; 35598 rc = Parse_TPM_ST( 35599 &buffer, 35600 &tag, 35601 &tag_bytes); 35602 if (rc != TPM_RC_SUCCESS) { 35603 return rc; 35604 } 35605 UINT32 response_size; 35606 std::string response_size_bytes; 35607 rc = Parse_UINT32( 35608 &buffer, 35609 &response_size, 35610 &response_size_bytes); 35611 if (rc != TPM_RC_SUCCESS) { 35612 return rc; 35613 } 35614 TPM_RC response_code; 35615 std::string response_code_bytes; 35616 rc = Parse_TPM_RC( 35617 &buffer, 35618 &response_code, 35619 &response_code_bytes); 35620 if (rc != TPM_RC_SUCCESS) { 35621 return rc; 35622 } 35623 if (response_size != response.size()) { 35624 return TPM_RC_SIZE; 35625 } 35626 if (response_code != TPM_RC_SUCCESS) { 35627 return response_code; 35628 } 35629 TPM_CC command_code = TPM_CC_EvictControl; 35630 std::string command_code_bytes; 35631 rc = Serialize_TPM_CC( 35632 command_code, 35633 &command_code_bytes); 35634 if (rc != TPM_RC_SUCCESS) { 35635 return rc; 35636 } 35637 std::string authorization_section_bytes; 35638 if (tag == TPM_ST_SESSIONS) { 35639 UINT32 parameter_section_size = buffer.size(); 35640 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 35641 if (rc != TPM_RC_SUCCESS) { 35642 return rc; 35643 } 35644 if (parameter_section_size > buffer.size()) { 35645 return TPM_RC_INSUFFICIENT; 35646 } 35647 authorization_section_bytes = buffer.substr(parameter_section_size); 35648 // Keep the parameter section in |buffer|. 35649 buffer.erase(parameter_section_size); 35650 } 35651 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 35652 crypto::SecureHash::SHA256)); 35653 hash->Update(response_code_bytes.data(), 35654 response_code_bytes.size()); 35655 hash->Update(command_code_bytes.data(), 35656 command_code_bytes.size()); 35657 hash->Update(buffer.data(), 35658 buffer.size()); 35659 std::string response_hash(32, 0); 35660 hash->Finish(string_as_array(&response_hash), response_hash.size()); 35661 if (tag == TPM_ST_SESSIONS) { 35662 CHECK(authorization_delegate) << "Authorization delegate missing!"; 35663 if (!authorization_delegate->CheckResponseAuthorization( 35664 response_hash, 35665 authorization_section_bytes)) { 35666 return TRUNKS_RC_AUTHORIZATION_FAILED; 35667 } 35668 } 35669 return TPM_RC_SUCCESS; 35670 } 35671 35672 void EvictControlErrorCallback( 35673 const Tpm::EvictControlResponse& callback, 35674 TPM_RC response_code) { 35675 VLOG(1) << __func__; 35676 callback.Run(response_code); 35677 } 35678 35679 void EvictControlResponseParser( 35680 const Tpm::EvictControlResponse& callback, 35681 AuthorizationDelegate* authorization_delegate, 35682 const std::string& response) { 35683 VLOG(1) << __func__; 35684 base::Callback<void(TPM_RC)> error_reporter = 35685 base::Bind(EvictControlErrorCallback, callback); 35686 TPM_RC rc = Tpm::ParseResponse_EvictControl( 35687 response, 35688 authorization_delegate); 35689 if (rc != TPM_RC_SUCCESS) { 35690 error_reporter.Run(rc); 35691 return; 35692 } 35693 callback.Run( 35694 rc); 35695 } 35696 35697 void Tpm::EvictControl( 35698 const TPMI_RH_PROVISION& auth, 35699 const std::string& auth_name, 35700 const TPMI_DH_OBJECT& object_handle, 35701 const std::string& object_handle_name, 35702 const TPMI_DH_PERSISTENT& persistent_handle, 35703 AuthorizationDelegate* authorization_delegate, 35704 const EvictControlResponse& callback) { 35705 VLOG(1) << __func__; 35706 base::Callback<void(TPM_RC)> error_reporter = 35707 base::Bind(EvictControlErrorCallback, callback); 35708 base::Callback<void(const std::string&)> parser = 35709 base::Bind(EvictControlResponseParser, 35710 callback, 35711 authorization_delegate); 35712 std::string command; 35713 TPM_RC rc = SerializeCommand_EvictControl( 35714 auth, 35715 auth_name, 35716 object_handle, 35717 object_handle_name, 35718 persistent_handle, 35719 &command, 35720 authorization_delegate); 35721 if (rc != TPM_RC_SUCCESS) { 35722 error_reporter.Run(rc); 35723 return; 35724 } 35725 transceiver_->SendCommand(command, parser); 35726 } 35727 35728 TPM_RC Tpm::EvictControlSync( 35729 const TPMI_RH_PROVISION& auth, 35730 const std::string& auth_name, 35731 const TPMI_DH_OBJECT& object_handle, 35732 const std::string& object_handle_name, 35733 const TPMI_DH_PERSISTENT& persistent_handle, 35734 AuthorizationDelegate* authorization_delegate) { 35735 VLOG(1) << __func__; 35736 std::string command; 35737 TPM_RC rc = SerializeCommand_EvictControl( 35738 auth, 35739 auth_name, 35740 object_handle, 35741 object_handle_name, 35742 persistent_handle, 35743 &command, 35744 authorization_delegate); 35745 if (rc != TPM_RC_SUCCESS) { 35746 return rc; 35747 } 35748 std::string response = transceiver_->SendCommandAndWait(command); 35749 rc = ParseResponse_EvictControl( 35750 response, 35751 authorization_delegate); 35752 return rc; 35753 } 35754 35755 TPM_RC Tpm::SerializeCommand_ReadClock( 35756 std::string* serialized_command, 35757 AuthorizationDelegate* authorization_delegate) { 35758 VLOG(3) << __func__; 35759 TPM_RC rc = TPM_RC_SUCCESS; 35760 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 35761 UINT32 command_size = 10; // Header size. 35762 std::string handle_section_bytes; 35763 std::string parameter_section_bytes; 35764 TPM_CC command_code = TPM_CC_ReadClock; 35765 bool is_command_parameter_encryption_possible = false; 35766 bool is_response_parameter_encryption_possible = false; 35767 std::string command_code_bytes; 35768 rc = Serialize_TPM_CC( 35769 command_code, 35770 &command_code_bytes); 35771 if (rc != TPM_RC_SUCCESS) { 35772 return rc; 35773 } 35774 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 35775 crypto::SecureHash::SHA256)); 35776 hash->Update(command_code_bytes.data(), 35777 command_code_bytes.size()); 35778 std::string command_hash(32, 0); 35779 hash->Finish(string_as_array(&command_hash), command_hash.size()); 35780 std::string authorization_section_bytes; 35781 std::string authorization_size_bytes; 35782 if (authorization_delegate) { 35783 if (!authorization_delegate->GetCommandAuthorization( 35784 command_hash, 35785 is_command_parameter_encryption_possible, 35786 is_response_parameter_encryption_possible, 35787 &authorization_section_bytes)) { 35788 return TRUNKS_RC_AUTHORIZATION_FAILED; 35789 } 35790 if (!authorization_section_bytes.empty()) { 35791 tag = TPM_ST_SESSIONS; 35792 std::string tmp; 35793 rc = Serialize_UINT32(authorization_section_bytes.size(), 35794 &authorization_size_bytes); 35795 if (rc != TPM_RC_SUCCESS) { 35796 return rc; 35797 } 35798 command_size += authorization_size_bytes.size() + 35799 authorization_section_bytes.size(); 35800 } 35801 } 35802 std::string tag_bytes; 35803 rc = Serialize_TPMI_ST_COMMAND_TAG( 35804 tag, 35805 &tag_bytes); 35806 if (rc != TPM_RC_SUCCESS) { 35807 return rc; 35808 } 35809 std::string command_size_bytes; 35810 rc = Serialize_UINT32( 35811 command_size, 35812 &command_size_bytes); 35813 if (rc != TPM_RC_SUCCESS) { 35814 return rc; 35815 } 35816 *serialized_command = tag_bytes + 35817 command_size_bytes + 35818 command_code_bytes + 35819 handle_section_bytes + 35820 authorization_size_bytes + 35821 authorization_section_bytes + 35822 parameter_section_bytes; 35823 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 35824 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 35825 serialized_command->size()); 35826 return TPM_RC_SUCCESS; 35827 } 35828 35829 TPM_RC Tpm::ParseResponse_ReadClock( 35830 const std::string& response, 35831 TPMS_TIME_INFO* current_time, 35832 AuthorizationDelegate* authorization_delegate) { 35833 VLOG(3) << __func__; 35834 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 35835 TPM_RC rc = TPM_RC_SUCCESS; 35836 std::string buffer(response); 35837 TPM_ST tag; 35838 std::string tag_bytes; 35839 rc = Parse_TPM_ST( 35840 &buffer, 35841 &tag, 35842 &tag_bytes); 35843 if (rc != TPM_RC_SUCCESS) { 35844 return rc; 35845 } 35846 UINT32 response_size; 35847 std::string response_size_bytes; 35848 rc = Parse_UINT32( 35849 &buffer, 35850 &response_size, 35851 &response_size_bytes); 35852 if (rc != TPM_RC_SUCCESS) { 35853 return rc; 35854 } 35855 TPM_RC response_code; 35856 std::string response_code_bytes; 35857 rc = Parse_TPM_RC( 35858 &buffer, 35859 &response_code, 35860 &response_code_bytes); 35861 if (rc != TPM_RC_SUCCESS) { 35862 return rc; 35863 } 35864 if (response_size != response.size()) { 35865 return TPM_RC_SIZE; 35866 } 35867 if (response_code != TPM_RC_SUCCESS) { 35868 return response_code; 35869 } 35870 TPM_CC command_code = TPM_CC_ReadClock; 35871 std::string command_code_bytes; 35872 rc = Serialize_TPM_CC( 35873 command_code, 35874 &command_code_bytes); 35875 if (rc != TPM_RC_SUCCESS) { 35876 return rc; 35877 } 35878 std::string authorization_section_bytes; 35879 if (tag == TPM_ST_SESSIONS) { 35880 UINT32 parameter_section_size = buffer.size(); 35881 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 35882 if (rc != TPM_RC_SUCCESS) { 35883 return rc; 35884 } 35885 if (parameter_section_size > buffer.size()) { 35886 return TPM_RC_INSUFFICIENT; 35887 } 35888 authorization_section_bytes = buffer.substr(parameter_section_size); 35889 // Keep the parameter section in |buffer|. 35890 buffer.erase(parameter_section_size); 35891 } 35892 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 35893 crypto::SecureHash::SHA256)); 35894 hash->Update(response_code_bytes.data(), 35895 response_code_bytes.size()); 35896 hash->Update(command_code_bytes.data(), 35897 command_code_bytes.size()); 35898 hash->Update(buffer.data(), 35899 buffer.size()); 35900 std::string response_hash(32, 0); 35901 hash->Finish(string_as_array(&response_hash), response_hash.size()); 35902 if (tag == TPM_ST_SESSIONS) { 35903 CHECK(authorization_delegate) << "Authorization delegate missing!"; 35904 if (!authorization_delegate->CheckResponseAuthorization( 35905 response_hash, 35906 authorization_section_bytes)) { 35907 return TRUNKS_RC_AUTHORIZATION_FAILED; 35908 } 35909 } 35910 std::string current_time_bytes; 35911 rc = Parse_TPMS_TIME_INFO( 35912 &buffer, 35913 current_time, 35914 ¤t_time_bytes); 35915 if (rc != TPM_RC_SUCCESS) { 35916 return rc; 35917 } 35918 return TPM_RC_SUCCESS; 35919 } 35920 35921 void ReadClockErrorCallback( 35922 const Tpm::ReadClockResponse& callback, 35923 TPM_RC response_code) { 35924 VLOG(1) << __func__; 35925 callback.Run(response_code, 35926 TPMS_TIME_INFO()); 35927 } 35928 35929 void ReadClockResponseParser( 35930 const Tpm::ReadClockResponse& callback, 35931 AuthorizationDelegate* authorization_delegate, 35932 const std::string& response) { 35933 VLOG(1) << __func__; 35934 base::Callback<void(TPM_RC)> error_reporter = 35935 base::Bind(ReadClockErrorCallback, callback); 35936 TPMS_TIME_INFO current_time; 35937 TPM_RC rc = Tpm::ParseResponse_ReadClock( 35938 response, 35939 ¤t_time, 35940 authorization_delegate); 35941 if (rc != TPM_RC_SUCCESS) { 35942 error_reporter.Run(rc); 35943 return; 35944 } 35945 callback.Run( 35946 rc, 35947 current_time); 35948 } 35949 35950 void Tpm::ReadClock( 35951 AuthorizationDelegate* authorization_delegate, 35952 const ReadClockResponse& callback) { 35953 VLOG(1) << __func__; 35954 base::Callback<void(TPM_RC)> error_reporter = 35955 base::Bind(ReadClockErrorCallback, callback); 35956 base::Callback<void(const std::string&)> parser = 35957 base::Bind(ReadClockResponseParser, 35958 callback, 35959 authorization_delegate); 35960 std::string command; 35961 TPM_RC rc = SerializeCommand_ReadClock( 35962 &command, 35963 authorization_delegate); 35964 if (rc != TPM_RC_SUCCESS) { 35965 error_reporter.Run(rc); 35966 return; 35967 } 35968 transceiver_->SendCommand(command, parser); 35969 } 35970 35971 TPM_RC Tpm::ReadClockSync( 35972 TPMS_TIME_INFO* current_time, 35973 AuthorizationDelegate* authorization_delegate) { 35974 VLOG(1) << __func__; 35975 std::string command; 35976 TPM_RC rc = SerializeCommand_ReadClock( 35977 &command, 35978 authorization_delegate); 35979 if (rc != TPM_RC_SUCCESS) { 35980 return rc; 35981 } 35982 std::string response = transceiver_->SendCommandAndWait(command); 35983 rc = ParseResponse_ReadClock( 35984 response, 35985 current_time, 35986 authorization_delegate); 35987 return rc; 35988 } 35989 35990 TPM_RC Tpm::SerializeCommand_ClockSet( 35991 const TPMI_RH_PROVISION& auth, 35992 const std::string& auth_name, 35993 const UINT64& new_time, 35994 std::string* serialized_command, 35995 AuthorizationDelegate* authorization_delegate) { 35996 VLOG(3) << __func__; 35997 TPM_RC rc = TPM_RC_SUCCESS; 35998 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 35999 UINT32 command_size = 10; // Header size. 36000 std::string handle_section_bytes; 36001 std::string parameter_section_bytes; 36002 TPM_CC command_code = TPM_CC_ClockSet; 36003 bool is_command_parameter_encryption_possible = false; 36004 bool is_response_parameter_encryption_possible = false; 36005 std::string command_code_bytes; 36006 rc = Serialize_TPM_CC( 36007 command_code, 36008 &command_code_bytes); 36009 if (rc != TPM_RC_SUCCESS) { 36010 return rc; 36011 } 36012 std::string auth_bytes; 36013 rc = Serialize_TPMI_RH_PROVISION( 36014 auth, 36015 &auth_bytes); 36016 if (rc != TPM_RC_SUCCESS) { 36017 return rc; 36018 } 36019 std::string new_time_bytes; 36020 rc = Serialize_UINT64( 36021 new_time, 36022 &new_time_bytes); 36023 if (rc != TPM_RC_SUCCESS) { 36024 return rc; 36025 } 36026 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 36027 crypto::SecureHash::SHA256)); 36028 hash->Update(command_code_bytes.data(), 36029 command_code_bytes.size()); 36030 hash->Update(auth_name.data(), 36031 auth_name.size()); 36032 handle_section_bytes += auth_bytes; 36033 command_size += auth_bytes.size(); 36034 hash->Update(new_time_bytes.data(), 36035 new_time_bytes.size()); 36036 parameter_section_bytes += new_time_bytes; 36037 command_size += new_time_bytes.size(); 36038 std::string command_hash(32, 0); 36039 hash->Finish(string_as_array(&command_hash), command_hash.size()); 36040 std::string authorization_section_bytes; 36041 std::string authorization_size_bytes; 36042 if (authorization_delegate) { 36043 if (!authorization_delegate->GetCommandAuthorization( 36044 command_hash, 36045 is_command_parameter_encryption_possible, 36046 is_response_parameter_encryption_possible, 36047 &authorization_section_bytes)) { 36048 return TRUNKS_RC_AUTHORIZATION_FAILED; 36049 } 36050 if (!authorization_section_bytes.empty()) { 36051 tag = TPM_ST_SESSIONS; 36052 std::string tmp; 36053 rc = Serialize_UINT32(authorization_section_bytes.size(), 36054 &authorization_size_bytes); 36055 if (rc != TPM_RC_SUCCESS) { 36056 return rc; 36057 } 36058 command_size += authorization_size_bytes.size() + 36059 authorization_section_bytes.size(); 36060 } 36061 } 36062 std::string tag_bytes; 36063 rc = Serialize_TPMI_ST_COMMAND_TAG( 36064 tag, 36065 &tag_bytes); 36066 if (rc != TPM_RC_SUCCESS) { 36067 return rc; 36068 } 36069 std::string command_size_bytes; 36070 rc = Serialize_UINT32( 36071 command_size, 36072 &command_size_bytes); 36073 if (rc != TPM_RC_SUCCESS) { 36074 return rc; 36075 } 36076 *serialized_command = tag_bytes + 36077 command_size_bytes + 36078 command_code_bytes + 36079 handle_section_bytes + 36080 authorization_size_bytes + 36081 authorization_section_bytes + 36082 parameter_section_bytes; 36083 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 36084 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 36085 serialized_command->size()); 36086 return TPM_RC_SUCCESS; 36087 } 36088 36089 TPM_RC Tpm::ParseResponse_ClockSet( 36090 const std::string& response, 36091 AuthorizationDelegate* authorization_delegate) { 36092 VLOG(3) << __func__; 36093 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 36094 TPM_RC rc = TPM_RC_SUCCESS; 36095 std::string buffer(response); 36096 TPM_ST tag; 36097 std::string tag_bytes; 36098 rc = Parse_TPM_ST( 36099 &buffer, 36100 &tag, 36101 &tag_bytes); 36102 if (rc != TPM_RC_SUCCESS) { 36103 return rc; 36104 } 36105 UINT32 response_size; 36106 std::string response_size_bytes; 36107 rc = Parse_UINT32( 36108 &buffer, 36109 &response_size, 36110 &response_size_bytes); 36111 if (rc != TPM_RC_SUCCESS) { 36112 return rc; 36113 } 36114 TPM_RC response_code; 36115 std::string response_code_bytes; 36116 rc = Parse_TPM_RC( 36117 &buffer, 36118 &response_code, 36119 &response_code_bytes); 36120 if (rc != TPM_RC_SUCCESS) { 36121 return rc; 36122 } 36123 if (response_size != response.size()) { 36124 return TPM_RC_SIZE; 36125 } 36126 if (response_code != TPM_RC_SUCCESS) { 36127 return response_code; 36128 } 36129 TPM_CC command_code = TPM_CC_ClockSet; 36130 std::string command_code_bytes; 36131 rc = Serialize_TPM_CC( 36132 command_code, 36133 &command_code_bytes); 36134 if (rc != TPM_RC_SUCCESS) { 36135 return rc; 36136 } 36137 std::string authorization_section_bytes; 36138 if (tag == TPM_ST_SESSIONS) { 36139 UINT32 parameter_section_size = buffer.size(); 36140 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 36141 if (rc != TPM_RC_SUCCESS) { 36142 return rc; 36143 } 36144 if (parameter_section_size > buffer.size()) { 36145 return TPM_RC_INSUFFICIENT; 36146 } 36147 authorization_section_bytes = buffer.substr(parameter_section_size); 36148 // Keep the parameter section in |buffer|. 36149 buffer.erase(parameter_section_size); 36150 } 36151 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 36152 crypto::SecureHash::SHA256)); 36153 hash->Update(response_code_bytes.data(), 36154 response_code_bytes.size()); 36155 hash->Update(command_code_bytes.data(), 36156 command_code_bytes.size()); 36157 hash->Update(buffer.data(), 36158 buffer.size()); 36159 std::string response_hash(32, 0); 36160 hash->Finish(string_as_array(&response_hash), response_hash.size()); 36161 if (tag == TPM_ST_SESSIONS) { 36162 CHECK(authorization_delegate) << "Authorization delegate missing!"; 36163 if (!authorization_delegate->CheckResponseAuthorization( 36164 response_hash, 36165 authorization_section_bytes)) { 36166 return TRUNKS_RC_AUTHORIZATION_FAILED; 36167 } 36168 } 36169 return TPM_RC_SUCCESS; 36170 } 36171 36172 void ClockSetErrorCallback( 36173 const Tpm::ClockSetResponse& callback, 36174 TPM_RC response_code) { 36175 VLOG(1) << __func__; 36176 callback.Run(response_code); 36177 } 36178 36179 void ClockSetResponseParser( 36180 const Tpm::ClockSetResponse& callback, 36181 AuthorizationDelegate* authorization_delegate, 36182 const std::string& response) { 36183 VLOG(1) << __func__; 36184 base::Callback<void(TPM_RC)> error_reporter = 36185 base::Bind(ClockSetErrorCallback, callback); 36186 TPM_RC rc = Tpm::ParseResponse_ClockSet( 36187 response, 36188 authorization_delegate); 36189 if (rc != TPM_RC_SUCCESS) { 36190 error_reporter.Run(rc); 36191 return; 36192 } 36193 callback.Run( 36194 rc); 36195 } 36196 36197 void Tpm::ClockSet( 36198 const TPMI_RH_PROVISION& auth, 36199 const std::string& auth_name, 36200 const UINT64& new_time, 36201 AuthorizationDelegate* authorization_delegate, 36202 const ClockSetResponse& callback) { 36203 VLOG(1) << __func__; 36204 base::Callback<void(TPM_RC)> error_reporter = 36205 base::Bind(ClockSetErrorCallback, callback); 36206 base::Callback<void(const std::string&)> parser = 36207 base::Bind(ClockSetResponseParser, 36208 callback, 36209 authorization_delegate); 36210 std::string command; 36211 TPM_RC rc = SerializeCommand_ClockSet( 36212 auth, 36213 auth_name, 36214 new_time, 36215 &command, 36216 authorization_delegate); 36217 if (rc != TPM_RC_SUCCESS) { 36218 error_reporter.Run(rc); 36219 return; 36220 } 36221 transceiver_->SendCommand(command, parser); 36222 } 36223 36224 TPM_RC Tpm::ClockSetSync( 36225 const TPMI_RH_PROVISION& auth, 36226 const std::string& auth_name, 36227 const UINT64& new_time, 36228 AuthorizationDelegate* authorization_delegate) { 36229 VLOG(1) << __func__; 36230 std::string command; 36231 TPM_RC rc = SerializeCommand_ClockSet( 36232 auth, 36233 auth_name, 36234 new_time, 36235 &command, 36236 authorization_delegate); 36237 if (rc != TPM_RC_SUCCESS) { 36238 return rc; 36239 } 36240 std::string response = transceiver_->SendCommandAndWait(command); 36241 rc = ParseResponse_ClockSet( 36242 response, 36243 authorization_delegate); 36244 return rc; 36245 } 36246 36247 TPM_RC Tpm::SerializeCommand_ClockRateAdjust( 36248 const TPMI_RH_PROVISION& auth, 36249 const std::string& auth_name, 36250 const TPM_CLOCK_ADJUST& rate_adjust, 36251 std::string* serialized_command, 36252 AuthorizationDelegate* authorization_delegate) { 36253 VLOG(3) << __func__; 36254 TPM_RC rc = TPM_RC_SUCCESS; 36255 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 36256 UINT32 command_size = 10; // Header size. 36257 std::string handle_section_bytes; 36258 std::string parameter_section_bytes; 36259 TPM_CC command_code = TPM_CC_ClockRateAdjust; 36260 bool is_command_parameter_encryption_possible = false; 36261 bool is_response_parameter_encryption_possible = false; 36262 std::string command_code_bytes; 36263 rc = Serialize_TPM_CC( 36264 command_code, 36265 &command_code_bytes); 36266 if (rc != TPM_RC_SUCCESS) { 36267 return rc; 36268 } 36269 std::string auth_bytes; 36270 rc = Serialize_TPMI_RH_PROVISION( 36271 auth, 36272 &auth_bytes); 36273 if (rc != TPM_RC_SUCCESS) { 36274 return rc; 36275 } 36276 std::string rate_adjust_bytes; 36277 rc = Serialize_TPM_CLOCK_ADJUST( 36278 rate_adjust, 36279 &rate_adjust_bytes); 36280 if (rc != TPM_RC_SUCCESS) { 36281 return rc; 36282 } 36283 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 36284 crypto::SecureHash::SHA256)); 36285 hash->Update(command_code_bytes.data(), 36286 command_code_bytes.size()); 36287 hash->Update(auth_name.data(), 36288 auth_name.size()); 36289 handle_section_bytes += auth_bytes; 36290 command_size += auth_bytes.size(); 36291 hash->Update(rate_adjust_bytes.data(), 36292 rate_adjust_bytes.size()); 36293 parameter_section_bytes += rate_adjust_bytes; 36294 command_size += rate_adjust_bytes.size(); 36295 std::string command_hash(32, 0); 36296 hash->Finish(string_as_array(&command_hash), command_hash.size()); 36297 std::string authorization_section_bytes; 36298 std::string authorization_size_bytes; 36299 if (authorization_delegate) { 36300 if (!authorization_delegate->GetCommandAuthorization( 36301 command_hash, 36302 is_command_parameter_encryption_possible, 36303 is_response_parameter_encryption_possible, 36304 &authorization_section_bytes)) { 36305 return TRUNKS_RC_AUTHORIZATION_FAILED; 36306 } 36307 if (!authorization_section_bytes.empty()) { 36308 tag = TPM_ST_SESSIONS; 36309 std::string tmp; 36310 rc = Serialize_UINT32(authorization_section_bytes.size(), 36311 &authorization_size_bytes); 36312 if (rc != TPM_RC_SUCCESS) { 36313 return rc; 36314 } 36315 command_size += authorization_size_bytes.size() + 36316 authorization_section_bytes.size(); 36317 } 36318 } 36319 std::string tag_bytes; 36320 rc = Serialize_TPMI_ST_COMMAND_TAG( 36321 tag, 36322 &tag_bytes); 36323 if (rc != TPM_RC_SUCCESS) { 36324 return rc; 36325 } 36326 std::string command_size_bytes; 36327 rc = Serialize_UINT32( 36328 command_size, 36329 &command_size_bytes); 36330 if (rc != TPM_RC_SUCCESS) { 36331 return rc; 36332 } 36333 *serialized_command = tag_bytes + 36334 command_size_bytes + 36335 command_code_bytes + 36336 handle_section_bytes + 36337 authorization_size_bytes + 36338 authorization_section_bytes + 36339 parameter_section_bytes; 36340 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 36341 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 36342 serialized_command->size()); 36343 return TPM_RC_SUCCESS; 36344 } 36345 36346 TPM_RC Tpm::ParseResponse_ClockRateAdjust( 36347 const std::string& response, 36348 AuthorizationDelegate* authorization_delegate) { 36349 VLOG(3) << __func__; 36350 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 36351 TPM_RC rc = TPM_RC_SUCCESS; 36352 std::string buffer(response); 36353 TPM_ST tag; 36354 std::string tag_bytes; 36355 rc = Parse_TPM_ST( 36356 &buffer, 36357 &tag, 36358 &tag_bytes); 36359 if (rc != TPM_RC_SUCCESS) { 36360 return rc; 36361 } 36362 UINT32 response_size; 36363 std::string response_size_bytes; 36364 rc = Parse_UINT32( 36365 &buffer, 36366 &response_size, 36367 &response_size_bytes); 36368 if (rc != TPM_RC_SUCCESS) { 36369 return rc; 36370 } 36371 TPM_RC response_code; 36372 std::string response_code_bytes; 36373 rc = Parse_TPM_RC( 36374 &buffer, 36375 &response_code, 36376 &response_code_bytes); 36377 if (rc != TPM_RC_SUCCESS) { 36378 return rc; 36379 } 36380 if (response_size != response.size()) { 36381 return TPM_RC_SIZE; 36382 } 36383 if (response_code != TPM_RC_SUCCESS) { 36384 return response_code; 36385 } 36386 TPM_CC command_code = TPM_CC_ClockRateAdjust; 36387 std::string command_code_bytes; 36388 rc = Serialize_TPM_CC( 36389 command_code, 36390 &command_code_bytes); 36391 if (rc != TPM_RC_SUCCESS) { 36392 return rc; 36393 } 36394 std::string authorization_section_bytes; 36395 if (tag == TPM_ST_SESSIONS) { 36396 UINT32 parameter_section_size = buffer.size(); 36397 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 36398 if (rc != TPM_RC_SUCCESS) { 36399 return rc; 36400 } 36401 if (parameter_section_size > buffer.size()) { 36402 return TPM_RC_INSUFFICIENT; 36403 } 36404 authorization_section_bytes = buffer.substr(parameter_section_size); 36405 // Keep the parameter section in |buffer|. 36406 buffer.erase(parameter_section_size); 36407 } 36408 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 36409 crypto::SecureHash::SHA256)); 36410 hash->Update(response_code_bytes.data(), 36411 response_code_bytes.size()); 36412 hash->Update(command_code_bytes.data(), 36413 command_code_bytes.size()); 36414 hash->Update(buffer.data(), 36415 buffer.size()); 36416 std::string response_hash(32, 0); 36417 hash->Finish(string_as_array(&response_hash), response_hash.size()); 36418 if (tag == TPM_ST_SESSIONS) { 36419 CHECK(authorization_delegate) << "Authorization delegate missing!"; 36420 if (!authorization_delegate->CheckResponseAuthorization( 36421 response_hash, 36422 authorization_section_bytes)) { 36423 return TRUNKS_RC_AUTHORIZATION_FAILED; 36424 } 36425 } 36426 return TPM_RC_SUCCESS; 36427 } 36428 36429 void ClockRateAdjustErrorCallback( 36430 const Tpm::ClockRateAdjustResponse& callback, 36431 TPM_RC response_code) { 36432 VLOG(1) << __func__; 36433 callback.Run(response_code); 36434 } 36435 36436 void ClockRateAdjustResponseParser( 36437 const Tpm::ClockRateAdjustResponse& callback, 36438 AuthorizationDelegate* authorization_delegate, 36439 const std::string& response) { 36440 VLOG(1) << __func__; 36441 base::Callback<void(TPM_RC)> error_reporter = 36442 base::Bind(ClockRateAdjustErrorCallback, callback); 36443 TPM_RC rc = Tpm::ParseResponse_ClockRateAdjust( 36444 response, 36445 authorization_delegate); 36446 if (rc != TPM_RC_SUCCESS) { 36447 error_reporter.Run(rc); 36448 return; 36449 } 36450 callback.Run( 36451 rc); 36452 } 36453 36454 void Tpm::ClockRateAdjust( 36455 const TPMI_RH_PROVISION& auth, 36456 const std::string& auth_name, 36457 const TPM_CLOCK_ADJUST& rate_adjust, 36458 AuthorizationDelegate* authorization_delegate, 36459 const ClockRateAdjustResponse& callback) { 36460 VLOG(1) << __func__; 36461 base::Callback<void(TPM_RC)> error_reporter = 36462 base::Bind(ClockRateAdjustErrorCallback, callback); 36463 base::Callback<void(const std::string&)> parser = 36464 base::Bind(ClockRateAdjustResponseParser, 36465 callback, 36466 authorization_delegate); 36467 std::string command; 36468 TPM_RC rc = SerializeCommand_ClockRateAdjust( 36469 auth, 36470 auth_name, 36471 rate_adjust, 36472 &command, 36473 authorization_delegate); 36474 if (rc != TPM_RC_SUCCESS) { 36475 error_reporter.Run(rc); 36476 return; 36477 } 36478 transceiver_->SendCommand(command, parser); 36479 } 36480 36481 TPM_RC Tpm::ClockRateAdjustSync( 36482 const TPMI_RH_PROVISION& auth, 36483 const std::string& auth_name, 36484 const TPM_CLOCK_ADJUST& rate_adjust, 36485 AuthorizationDelegate* authorization_delegate) { 36486 VLOG(1) << __func__; 36487 std::string command; 36488 TPM_RC rc = SerializeCommand_ClockRateAdjust( 36489 auth, 36490 auth_name, 36491 rate_adjust, 36492 &command, 36493 authorization_delegate); 36494 if (rc != TPM_RC_SUCCESS) { 36495 return rc; 36496 } 36497 std::string response = transceiver_->SendCommandAndWait(command); 36498 rc = ParseResponse_ClockRateAdjust( 36499 response, 36500 authorization_delegate); 36501 return rc; 36502 } 36503 36504 TPM_RC Tpm::SerializeCommand_GetCapability( 36505 const TPM_CAP& capability, 36506 const UINT32& property, 36507 const UINT32& property_count, 36508 std::string* serialized_command, 36509 AuthorizationDelegate* authorization_delegate) { 36510 VLOG(3) << __func__; 36511 TPM_RC rc = TPM_RC_SUCCESS; 36512 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 36513 UINT32 command_size = 10; // Header size. 36514 std::string handle_section_bytes; 36515 std::string parameter_section_bytes; 36516 TPM_CC command_code = TPM_CC_GetCapability; 36517 bool is_command_parameter_encryption_possible = false; 36518 bool is_response_parameter_encryption_possible = false; 36519 std::string command_code_bytes; 36520 rc = Serialize_TPM_CC( 36521 command_code, 36522 &command_code_bytes); 36523 if (rc != TPM_RC_SUCCESS) { 36524 return rc; 36525 } 36526 std::string capability_bytes; 36527 rc = Serialize_TPM_CAP( 36528 capability, 36529 &capability_bytes); 36530 if (rc != TPM_RC_SUCCESS) { 36531 return rc; 36532 } 36533 std::string property_bytes; 36534 rc = Serialize_UINT32( 36535 property, 36536 &property_bytes); 36537 if (rc != TPM_RC_SUCCESS) { 36538 return rc; 36539 } 36540 std::string property_count_bytes; 36541 rc = Serialize_UINT32( 36542 property_count, 36543 &property_count_bytes); 36544 if (rc != TPM_RC_SUCCESS) { 36545 return rc; 36546 } 36547 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 36548 crypto::SecureHash::SHA256)); 36549 hash->Update(command_code_bytes.data(), 36550 command_code_bytes.size()); 36551 hash->Update(capability_bytes.data(), 36552 capability_bytes.size()); 36553 parameter_section_bytes += capability_bytes; 36554 command_size += capability_bytes.size(); 36555 hash->Update(property_bytes.data(), 36556 property_bytes.size()); 36557 parameter_section_bytes += property_bytes; 36558 command_size += property_bytes.size(); 36559 hash->Update(property_count_bytes.data(), 36560 property_count_bytes.size()); 36561 parameter_section_bytes += property_count_bytes; 36562 command_size += property_count_bytes.size(); 36563 std::string command_hash(32, 0); 36564 hash->Finish(string_as_array(&command_hash), command_hash.size()); 36565 std::string authorization_section_bytes; 36566 std::string authorization_size_bytes; 36567 if (authorization_delegate) { 36568 if (!authorization_delegate->GetCommandAuthorization( 36569 command_hash, 36570 is_command_parameter_encryption_possible, 36571 is_response_parameter_encryption_possible, 36572 &authorization_section_bytes)) { 36573 return TRUNKS_RC_AUTHORIZATION_FAILED; 36574 } 36575 if (!authorization_section_bytes.empty()) { 36576 tag = TPM_ST_SESSIONS; 36577 std::string tmp; 36578 rc = Serialize_UINT32(authorization_section_bytes.size(), 36579 &authorization_size_bytes); 36580 if (rc != TPM_RC_SUCCESS) { 36581 return rc; 36582 } 36583 command_size += authorization_size_bytes.size() + 36584 authorization_section_bytes.size(); 36585 } 36586 } 36587 std::string tag_bytes; 36588 rc = Serialize_TPMI_ST_COMMAND_TAG( 36589 tag, 36590 &tag_bytes); 36591 if (rc != TPM_RC_SUCCESS) { 36592 return rc; 36593 } 36594 std::string command_size_bytes; 36595 rc = Serialize_UINT32( 36596 command_size, 36597 &command_size_bytes); 36598 if (rc != TPM_RC_SUCCESS) { 36599 return rc; 36600 } 36601 *serialized_command = tag_bytes + 36602 command_size_bytes + 36603 command_code_bytes + 36604 handle_section_bytes + 36605 authorization_size_bytes + 36606 authorization_section_bytes + 36607 parameter_section_bytes; 36608 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 36609 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 36610 serialized_command->size()); 36611 return TPM_RC_SUCCESS; 36612 } 36613 36614 TPM_RC Tpm::ParseResponse_GetCapability( 36615 const std::string& response, 36616 TPMI_YES_NO* more_data, 36617 TPMS_CAPABILITY_DATA* capability_data, 36618 AuthorizationDelegate* authorization_delegate) { 36619 VLOG(3) << __func__; 36620 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 36621 TPM_RC rc = TPM_RC_SUCCESS; 36622 std::string buffer(response); 36623 TPM_ST tag; 36624 std::string tag_bytes; 36625 rc = Parse_TPM_ST( 36626 &buffer, 36627 &tag, 36628 &tag_bytes); 36629 if (rc != TPM_RC_SUCCESS) { 36630 return rc; 36631 } 36632 UINT32 response_size; 36633 std::string response_size_bytes; 36634 rc = Parse_UINT32( 36635 &buffer, 36636 &response_size, 36637 &response_size_bytes); 36638 if (rc != TPM_RC_SUCCESS) { 36639 return rc; 36640 } 36641 TPM_RC response_code; 36642 std::string response_code_bytes; 36643 rc = Parse_TPM_RC( 36644 &buffer, 36645 &response_code, 36646 &response_code_bytes); 36647 if (rc != TPM_RC_SUCCESS) { 36648 return rc; 36649 } 36650 if (response_size != response.size()) { 36651 return TPM_RC_SIZE; 36652 } 36653 if (response_code != TPM_RC_SUCCESS) { 36654 return response_code; 36655 } 36656 TPM_CC command_code = TPM_CC_GetCapability; 36657 std::string command_code_bytes; 36658 rc = Serialize_TPM_CC( 36659 command_code, 36660 &command_code_bytes); 36661 if (rc != TPM_RC_SUCCESS) { 36662 return rc; 36663 } 36664 std::string authorization_section_bytes; 36665 if (tag == TPM_ST_SESSIONS) { 36666 UINT32 parameter_section_size = buffer.size(); 36667 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 36668 if (rc != TPM_RC_SUCCESS) { 36669 return rc; 36670 } 36671 if (parameter_section_size > buffer.size()) { 36672 return TPM_RC_INSUFFICIENT; 36673 } 36674 authorization_section_bytes = buffer.substr(parameter_section_size); 36675 // Keep the parameter section in |buffer|. 36676 buffer.erase(parameter_section_size); 36677 } 36678 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 36679 crypto::SecureHash::SHA256)); 36680 hash->Update(response_code_bytes.data(), 36681 response_code_bytes.size()); 36682 hash->Update(command_code_bytes.data(), 36683 command_code_bytes.size()); 36684 hash->Update(buffer.data(), 36685 buffer.size()); 36686 std::string response_hash(32, 0); 36687 hash->Finish(string_as_array(&response_hash), response_hash.size()); 36688 if (tag == TPM_ST_SESSIONS) { 36689 CHECK(authorization_delegate) << "Authorization delegate missing!"; 36690 if (!authorization_delegate->CheckResponseAuthorization( 36691 response_hash, 36692 authorization_section_bytes)) { 36693 return TRUNKS_RC_AUTHORIZATION_FAILED; 36694 } 36695 } 36696 std::string more_data_bytes; 36697 rc = Parse_TPMI_YES_NO( 36698 &buffer, 36699 more_data, 36700 &more_data_bytes); 36701 if (rc != TPM_RC_SUCCESS) { 36702 return rc; 36703 } 36704 std::string capability_data_bytes; 36705 rc = Parse_TPMS_CAPABILITY_DATA( 36706 &buffer, 36707 capability_data, 36708 &capability_data_bytes); 36709 if (rc != TPM_RC_SUCCESS) { 36710 return rc; 36711 } 36712 return TPM_RC_SUCCESS; 36713 } 36714 36715 void GetCapabilityErrorCallback( 36716 const Tpm::GetCapabilityResponse& callback, 36717 TPM_RC response_code) { 36718 VLOG(1) << __func__; 36719 callback.Run(response_code, 36720 TPMI_YES_NO(), 36721 TPMS_CAPABILITY_DATA()); 36722 } 36723 36724 void GetCapabilityResponseParser( 36725 const Tpm::GetCapabilityResponse& callback, 36726 AuthorizationDelegate* authorization_delegate, 36727 const std::string& response) { 36728 VLOG(1) << __func__; 36729 base::Callback<void(TPM_RC)> error_reporter = 36730 base::Bind(GetCapabilityErrorCallback, callback); 36731 TPMI_YES_NO more_data; 36732 TPMS_CAPABILITY_DATA capability_data; 36733 TPM_RC rc = Tpm::ParseResponse_GetCapability( 36734 response, 36735 &more_data, 36736 &capability_data, 36737 authorization_delegate); 36738 if (rc != TPM_RC_SUCCESS) { 36739 error_reporter.Run(rc); 36740 return; 36741 } 36742 callback.Run( 36743 rc, 36744 more_data, 36745 capability_data); 36746 } 36747 36748 void Tpm::GetCapability( 36749 const TPM_CAP& capability, 36750 const UINT32& property, 36751 const UINT32& property_count, 36752 AuthorizationDelegate* authorization_delegate, 36753 const GetCapabilityResponse& callback) { 36754 VLOG(1) << __func__; 36755 base::Callback<void(TPM_RC)> error_reporter = 36756 base::Bind(GetCapabilityErrorCallback, callback); 36757 base::Callback<void(const std::string&)> parser = 36758 base::Bind(GetCapabilityResponseParser, 36759 callback, 36760 authorization_delegate); 36761 std::string command; 36762 TPM_RC rc = SerializeCommand_GetCapability( 36763 capability, 36764 property, 36765 property_count, 36766 &command, 36767 authorization_delegate); 36768 if (rc != TPM_RC_SUCCESS) { 36769 error_reporter.Run(rc); 36770 return; 36771 } 36772 transceiver_->SendCommand(command, parser); 36773 } 36774 36775 TPM_RC Tpm::GetCapabilitySync( 36776 const TPM_CAP& capability, 36777 const UINT32& property, 36778 const UINT32& property_count, 36779 TPMI_YES_NO* more_data, 36780 TPMS_CAPABILITY_DATA* capability_data, 36781 AuthorizationDelegate* authorization_delegate) { 36782 VLOG(1) << __func__; 36783 std::string command; 36784 TPM_RC rc = SerializeCommand_GetCapability( 36785 capability, 36786 property, 36787 property_count, 36788 &command, 36789 authorization_delegate); 36790 if (rc != TPM_RC_SUCCESS) { 36791 return rc; 36792 } 36793 std::string response = transceiver_->SendCommandAndWait(command); 36794 rc = ParseResponse_GetCapability( 36795 response, 36796 more_data, 36797 capability_data, 36798 authorization_delegate); 36799 return rc; 36800 } 36801 36802 TPM_RC Tpm::SerializeCommand_TestParms( 36803 const TPMT_PUBLIC_PARMS& parameters, 36804 std::string* serialized_command, 36805 AuthorizationDelegate* authorization_delegate) { 36806 VLOG(3) << __func__; 36807 TPM_RC rc = TPM_RC_SUCCESS; 36808 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 36809 UINT32 command_size = 10; // Header size. 36810 std::string handle_section_bytes; 36811 std::string parameter_section_bytes; 36812 TPM_CC command_code = TPM_CC_TestParms; 36813 bool is_command_parameter_encryption_possible = false; 36814 bool is_response_parameter_encryption_possible = false; 36815 std::string command_code_bytes; 36816 rc = Serialize_TPM_CC( 36817 command_code, 36818 &command_code_bytes); 36819 if (rc != TPM_RC_SUCCESS) { 36820 return rc; 36821 } 36822 std::string parameters_bytes; 36823 rc = Serialize_TPMT_PUBLIC_PARMS( 36824 parameters, 36825 ¶meters_bytes); 36826 if (rc != TPM_RC_SUCCESS) { 36827 return rc; 36828 } 36829 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 36830 crypto::SecureHash::SHA256)); 36831 hash->Update(command_code_bytes.data(), 36832 command_code_bytes.size()); 36833 hash->Update(parameters_bytes.data(), 36834 parameters_bytes.size()); 36835 parameter_section_bytes += parameters_bytes; 36836 command_size += parameters_bytes.size(); 36837 std::string command_hash(32, 0); 36838 hash->Finish(string_as_array(&command_hash), command_hash.size()); 36839 std::string authorization_section_bytes; 36840 std::string authorization_size_bytes; 36841 if (authorization_delegate) { 36842 if (!authorization_delegate->GetCommandAuthorization( 36843 command_hash, 36844 is_command_parameter_encryption_possible, 36845 is_response_parameter_encryption_possible, 36846 &authorization_section_bytes)) { 36847 return TRUNKS_RC_AUTHORIZATION_FAILED; 36848 } 36849 if (!authorization_section_bytes.empty()) { 36850 tag = TPM_ST_SESSIONS; 36851 std::string tmp; 36852 rc = Serialize_UINT32(authorization_section_bytes.size(), 36853 &authorization_size_bytes); 36854 if (rc != TPM_RC_SUCCESS) { 36855 return rc; 36856 } 36857 command_size += authorization_size_bytes.size() + 36858 authorization_section_bytes.size(); 36859 } 36860 } 36861 std::string tag_bytes; 36862 rc = Serialize_TPMI_ST_COMMAND_TAG( 36863 tag, 36864 &tag_bytes); 36865 if (rc != TPM_RC_SUCCESS) { 36866 return rc; 36867 } 36868 std::string command_size_bytes; 36869 rc = Serialize_UINT32( 36870 command_size, 36871 &command_size_bytes); 36872 if (rc != TPM_RC_SUCCESS) { 36873 return rc; 36874 } 36875 *serialized_command = tag_bytes + 36876 command_size_bytes + 36877 command_code_bytes + 36878 handle_section_bytes + 36879 authorization_size_bytes + 36880 authorization_section_bytes + 36881 parameter_section_bytes; 36882 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 36883 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 36884 serialized_command->size()); 36885 return TPM_RC_SUCCESS; 36886 } 36887 36888 TPM_RC Tpm::ParseResponse_TestParms( 36889 const std::string& response, 36890 AuthorizationDelegate* authorization_delegate) { 36891 VLOG(3) << __func__; 36892 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 36893 TPM_RC rc = TPM_RC_SUCCESS; 36894 std::string buffer(response); 36895 TPM_ST tag; 36896 std::string tag_bytes; 36897 rc = Parse_TPM_ST( 36898 &buffer, 36899 &tag, 36900 &tag_bytes); 36901 if (rc != TPM_RC_SUCCESS) { 36902 return rc; 36903 } 36904 UINT32 response_size; 36905 std::string response_size_bytes; 36906 rc = Parse_UINT32( 36907 &buffer, 36908 &response_size, 36909 &response_size_bytes); 36910 if (rc != TPM_RC_SUCCESS) { 36911 return rc; 36912 } 36913 TPM_RC response_code; 36914 std::string response_code_bytes; 36915 rc = Parse_TPM_RC( 36916 &buffer, 36917 &response_code, 36918 &response_code_bytes); 36919 if (rc != TPM_RC_SUCCESS) { 36920 return rc; 36921 } 36922 if (response_size != response.size()) { 36923 return TPM_RC_SIZE; 36924 } 36925 if (response_code != TPM_RC_SUCCESS) { 36926 return response_code; 36927 } 36928 TPM_CC command_code = TPM_CC_TestParms; 36929 std::string command_code_bytes; 36930 rc = Serialize_TPM_CC( 36931 command_code, 36932 &command_code_bytes); 36933 if (rc != TPM_RC_SUCCESS) { 36934 return rc; 36935 } 36936 std::string authorization_section_bytes; 36937 if (tag == TPM_ST_SESSIONS) { 36938 UINT32 parameter_section_size = buffer.size(); 36939 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 36940 if (rc != TPM_RC_SUCCESS) { 36941 return rc; 36942 } 36943 if (parameter_section_size > buffer.size()) { 36944 return TPM_RC_INSUFFICIENT; 36945 } 36946 authorization_section_bytes = buffer.substr(parameter_section_size); 36947 // Keep the parameter section in |buffer|. 36948 buffer.erase(parameter_section_size); 36949 } 36950 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 36951 crypto::SecureHash::SHA256)); 36952 hash->Update(response_code_bytes.data(), 36953 response_code_bytes.size()); 36954 hash->Update(command_code_bytes.data(), 36955 command_code_bytes.size()); 36956 hash->Update(buffer.data(), 36957 buffer.size()); 36958 std::string response_hash(32, 0); 36959 hash->Finish(string_as_array(&response_hash), response_hash.size()); 36960 if (tag == TPM_ST_SESSIONS) { 36961 CHECK(authorization_delegate) << "Authorization delegate missing!"; 36962 if (!authorization_delegate->CheckResponseAuthorization( 36963 response_hash, 36964 authorization_section_bytes)) { 36965 return TRUNKS_RC_AUTHORIZATION_FAILED; 36966 } 36967 } 36968 return TPM_RC_SUCCESS; 36969 } 36970 36971 void TestParmsErrorCallback( 36972 const Tpm::TestParmsResponse& callback, 36973 TPM_RC response_code) { 36974 VLOG(1) << __func__; 36975 callback.Run(response_code); 36976 } 36977 36978 void TestParmsResponseParser( 36979 const Tpm::TestParmsResponse& callback, 36980 AuthorizationDelegate* authorization_delegate, 36981 const std::string& response) { 36982 VLOG(1) << __func__; 36983 base::Callback<void(TPM_RC)> error_reporter = 36984 base::Bind(TestParmsErrorCallback, callback); 36985 TPM_RC rc = Tpm::ParseResponse_TestParms( 36986 response, 36987 authorization_delegate); 36988 if (rc != TPM_RC_SUCCESS) { 36989 error_reporter.Run(rc); 36990 return; 36991 } 36992 callback.Run( 36993 rc); 36994 } 36995 36996 void Tpm::TestParms( 36997 const TPMT_PUBLIC_PARMS& parameters, 36998 AuthorizationDelegate* authorization_delegate, 36999 const TestParmsResponse& callback) { 37000 VLOG(1) << __func__; 37001 base::Callback<void(TPM_RC)> error_reporter = 37002 base::Bind(TestParmsErrorCallback, callback); 37003 base::Callback<void(const std::string&)> parser = 37004 base::Bind(TestParmsResponseParser, 37005 callback, 37006 authorization_delegate); 37007 std::string command; 37008 TPM_RC rc = SerializeCommand_TestParms( 37009 parameters, 37010 &command, 37011 authorization_delegate); 37012 if (rc != TPM_RC_SUCCESS) { 37013 error_reporter.Run(rc); 37014 return; 37015 } 37016 transceiver_->SendCommand(command, parser); 37017 } 37018 37019 TPM_RC Tpm::TestParmsSync( 37020 const TPMT_PUBLIC_PARMS& parameters, 37021 AuthorizationDelegate* authorization_delegate) { 37022 VLOG(1) << __func__; 37023 std::string command; 37024 TPM_RC rc = SerializeCommand_TestParms( 37025 parameters, 37026 &command, 37027 authorization_delegate); 37028 if (rc != TPM_RC_SUCCESS) { 37029 return rc; 37030 } 37031 std::string response = transceiver_->SendCommandAndWait(command); 37032 rc = ParseResponse_TestParms( 37033 response, 37034 authorization_delegate); 37035 return rc; 37036 } 37037 37038 TPM_RC Tpm::SerializeCommand_NV_DefineSpace( 37039 const TPMI_RH_PROVISION& auth_handle, 37040 const std::string& auth_handle_name, 37041 const TPM2B_AUTH& auth, 37042 const TPM2B_NV_PUBLIC& public_info, 37043 std::string* serialized_command, 37044 AuthorizationDelegate* authorization_delegate) { 37045 VLOG(3) << __func__; 37046 TPM_RC rc = TPM_RC_SUCCESS; 37047 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 37048 UINT32 command_size = 10; // Header size. 37049 std::string handle_section_bytes; 37050 std::string parameter_section_bytes; 37051 TPM_CC command_code = TPM_CC_NV_DefineSpace; 37052 bool is_command_parameter_encryption_possible = true; 37053 bool is_response_parameter_encryption_possible = false; 37054 std::string command_code_bytes; 37055 rc = Serialize_TPM_CC( 37056 command_code, 37057 &command_code_bytes); 37058 if (rc != TPM_RC_SUCCESS) { 37059 return rc; 37060 } 37061 std::string auth_handle_bytes; 37062 rc = Serialize_TPMI_RH_PROVISION( 37063 auth_handle, 37064 &auth_handle_bytes); 37065 if (rc != TPM_RC_SUCCESS) { 37066 return rc; 37067 } 37068 std::string auth_bytes; 37069 rc = Serialize_TPM2B_AUTH( 37070 auth, 37071 &auth_bytes); 37072 if (rc != TPM_RC_SUCCESS) { 37073 return rc; 37074 } 37075 std::string public_info_bytes; 37076 rc = Serialize_TPM2B_NV_PUBLIC( 37077 public_info, 37078 &public_info_bytes); 37079 if (rc != TPM_RC_SUCCESS) { 37080 return rc; 37081 } 37082 if (authorization_delegate) { 37083 // Encrypt just the parameter data, not the size. 37084 std::string tmp = auth_bytes.substr(2); 37085 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 37086 return TRUNKS_RC_ENCRYPTION_FAILED; 37087 } 37088 auth_bytes.replace(2, std::string::npos, tmp); 37089 } 37090 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 37091 crypto::SecureHash::SHA256)); 37092 hash->Update(command_code_bytes.data(), 37093 command_code_bytes.size()); 37094 hash->Update(auth_handle_name.data(), 37095 auth_handle_name.size()); 37096 handle_section_bytes += auth_handle_bytes; 37097 command_size += auth_handle_bytes.size(); 37098 hash->Update(auth_bytes.data(), 37099 auth_bytes.size()); 37100 parameter_section_bytes += auth_bytes; 37101 command_size += auth_bytes.size(); 37102 hash->Update(public_info_bytes.data(), 37103 public_info_bytes.size()); 37104 parameter_section_bytes += public_info_bytes; 37105 command_size += public_info_bytes.size(); 37106 std::string command_hash(32, 0); 37107 hash->Finish(string_as_array(&command_hash), command_hash.size()); 37108 std::string authorization_section_bytes; 37109 std::string authorization_size_bytes; 37110 if (authorization_delegate) { 37111 if (!authorization_delegate->GetCommandAuthorization( 37112 command_hash, 37113 is_command_parameter_encryption_possible, 37114 is_response_parameter_encryption_possible, 37115 &authorization_section_bytes)) { 37116 return TRUNKS_RC_AUTHORIZATION_FAILED; 37117 } 37118 if (!authorization_section_bytes.empty()) { 37119 tag = TPM_ST_SESSIONS; 37120 std::string tmp; 37121 rc = Serialize_UINT32(authorization_section_bytes.size(), 37122 &authorization_size_bytes); 37123 if (rc != TPM_RC_SUCCESS) { 37124 return rc; 37125 } 37126 command_size += authorization_size_bytes.size() + 37127 authorization_section_bytes.size(); 37128 } 37129 } 37130 std::string tag_bytes; 37131 rc = Serialize_TPMI_ST_COMMAND_TAG( 37132 tag, 37133 &tag_bytes); 37134 if (rc != TPM_RC_SUCCESS) { 37135 return rc; 37136 } 37137 std::string command_size_bytes; 37138 rc = Serialize_UINT32( 37139 command_size, 37140 &command_size_bytes); 37141 if (rc != TPM_RC_SUCCESS) { 37142 return rc; 37143 } 37144 *serialized_command = tag_bytes + 37145 command_size_bytes + 37146 command_code_bytes + 37147 handle_section_bytes + 37148 authorization_size_bytes + 37149 authorization_section_bytes + 37150 parameter_section_bytes; 37151 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 37152 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 37153 serialized_command->size()); 37154 return TPM_RC_SUCCESS; 37155 } 37156 37157 TPM_RC Tpm::ParseResponse_NV_DefineSpace( 37158 const std::string& response, 37159 AuthorizationDelegate* authorization_delegate) { 37160 VLOG(3) << __func__; 37161 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 37162 TPM_RC rc = TPM_RC_SUCCESS; 37163 std::string buffer(response); 37164 TPM_ST tag; 37165 std::string tag_bytes; 37166 rc = Parse_TPM_ST( 37167 &buffer, 37168 &tag, 37169 &tag_bytes); 37170 if (rc != TPM_RC_SUCCESS) { 37171 return rc; 37172 } 37173 UINT32 response_size; 37174 std::string response_size_bytes; 37175 rc = Parse_UINT32( 37176 &buffer, 37177 &response_size, 37178 &response_size_bytes); 37179 if (rc != TPM_RC_SUCCESS) { 37180 return rc; 37181 } 37182 TPM_RC response_code; 37183 std::string response_code_bytes; 37184 rc = Parse_TPM_RC( 37185 &buffer, 37186 &response_code, 37187 &response_code_bytes); 37188 if (rc != TPM_RC_SUCCESS) { 37189 return rc; 37190 } 37191 if (response_size != response.size()) { 37192 return TPM_RC_SIZE; 37193 } 37194 if (response_code != TPM_RC_SUCCESS) { 37195 return response_code; 37196 } 37197 TPM_CC command_code = TPM_CC_NV_DefineSpace; 37198 std::string command_code_bytes; 37199 rc = Serialize_TPM_CC( 37200 command_code, 37201 &command_code_bytes); 37202 if (rc != TPM_RC_SUCCESS) { 37203 return rc; 37204 } 37205 std::string authorization_section_bytes; 37206 if (tag == TPM_ST_SESSIONS) { 37207 UINT32 parameter_section_size = buffer.size(); 37208 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 37209 if (rc != TPM_RC_SUCCESS) { 37210 return rc; 37211 } 37212 if (parameter_section_size > buffer.size()) { 37213 return TPM_RC_INSUFFICIENT; 37214 } 37215 authorization_section_bytes = buffer.substr(parameter_section_size); 37216 // Keep the parameter section in |buffer|. 37217 buffer.erase(parameter_section_size); 37218 } 37219 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 37220 crypto::SecureHash::SHA256)); 37221 hash->Update(response_code_bytes.data(), 37222 response_code_bytes.size()); 37223 hash->Update(command_code_bytes.data(), 37224 command_code_bytes.size()); 37225 hash->Update(buffer.data(), 37226 buffer.size()); 37227 std::string response_hash(32, 0); 37228 hash->Finish(string_as_array(&response_hash), response_hash.size()); 37229 if (tag == TPM_ST_SESSIONS) { 37230 CHECK(authorization_delegate) << "Authorization delegate missing!"; 37231 if (!authorization_delegate->CheckResponseAuthorization( 37232 response_hash, 37233 authorization_section_bytes)) { 37234 return TRUNKS_RC_AUTHORIZATION_FAILED; 37235 } 37236 } 37237 return TPM_RC_SUCCESS; 37238 } 37239 37240 void NV_DefineSpaceErrorCallback( 37241 const Tpm::NV_DefineSpaceResponse& callback, 37242 TPM_RC response_code) { 37243 VLOG(1) << __func__; 37244 callback.Run(response_code); 37245 } 37246 37247 void NV_DefineSpaceResponseParser( 37248 const Tpm::NV_DefineSpaceResponse& callback, 37249 AuthorizationDelegate* authorization_delegate, 37250 const std::string& response) { 37251 VLOG(1) << __func__; 37252 base::Callback<void(TPM_RC)> error_reporter = 37253 base::Bind(NV_DefineSpaceErrorCallback, callback); 37254 TPM_RC rc = Tpm::ParseResponse_NV_DefineSpace( 37255 response, 37256 authorization_delegate); 37257 if (rc != TPM_RC_SUCCESS) { 37258 error_reporter.Run(rc); 37259 return; 37260 } 37261 callback.Run( 37262 rc); 37263 } 37264 37265 void Tpm::NV_DefineSpace( 37266 const TPMI_RH_PROVISION& auth_handle, 37267 const std::string& auth_handle_name, 37268 const TPM2B_AUTH& auth, 37269 const TPM2B_NV_PUBLIC& public_info, 37270 AuthorizationDelegate* authorization_delegate, 37271 const NV_DefineSpaceResponse& callback) { 37272 VLOG(1) << __func__; 37273 base::Callback<void(TPM_RC)> error_reporter = 37274 base::Bind(NV_DefineSpaceErrorCallback, callback); 37275 base::Callback<void(const std::string&)> parser = 37276 base::Bind(NV_DefineSpaceResponseParser, 37277 callback, 37278 authorization_delegate); 37279 std::string command; 37280 TPM_RC rc = SerializeCommand_NV_DefineSpace( 37281 auth_handle, 37282 auth_handle_name, 37283 auth, 37284 public_info, 37285 &command, 37286 authorization_delegate); 37287 if (rc != TPM_RC_SUCCESS) { 37288 error_reporter.Run(rc); 37289 return; 37290 } 37291 transceiver_->SendCommand(command, parser); 37292 } 37293 37294 TPM_RC Tpm::NV_DefineSpaceSync( 37295 const TPMI_RH_PROVISION& auth_handle, 37296 const std::string& auth_handle_name, 37297 const TPM2B_AUTH& auth, 37298 const TPM2B_NV_PUBLIC& public_info, 37299 AuthorizationDelegate* authorization_delegate) { 37300 VLOG(1) << __func__; 37301 std::string command; 37302 TPM_RC rc = SerializeCommand_NV_DefineSpace( 37303 auth_handle, 37304 auth_handle_name, 37305 auth, 37306 public_info, 37307 &command, 37308 authorization_delegate); 37309 if (rc != TPM_RC_SUCCESS) { 37310 return rc; 37311 } 37312 std::string response = transceiver_->SendCommandAndWait(command); 37313 rc = ParseResponse_NV_DefineSpace( 37314 response, 37315 authorization_delegate); 37316 return rc; 37317 } 37318 37319 TPM_RC Tpm::SerializeCommand_NV_UndefineSpace( 37320 const TPMI_RH_PROVISION& auth_handle, 37321 const std::string& auth_handle_name, 37322 const TPMI_RH_NV_INDEX& nv_index, 37323 const std::string& nv_index_name, 37324 std::string* serialized_command, 37325 AuthorizationDelegate* authorization_delegate) { 37326 VLOG(3) << __func__; 37327 TPM_RC rc = TPM_RC_SUCCESS; 37328 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 37329 UINT32 command_size = 10; // Header size. 37330 std::string handle_section_bytes; 37331 std::string parameter_section_bytes; 37332 TPM_CC command_code = TPM_CC_NV_UndefineSpace; 37333 bool is_command_parameter_encryption_possible = false; 37334 bool is_response_parameter_encryption_possible = false; 37335 std::string command_code_bytes; 37336 rc = Serialize_TPM_CC( 37337 command_code, 37338 &command_code_bytes); 37339 if (rc != TPM_RC_SUCCESS) { 37340 return rc; 37341 } 37342 std::string auth_handle_bytes; 37343 rc = Serialize_TPMI_RH_PROVISION( 37344 auth_handle, 37345 &auth_handle_bytes); 37346 if (rc != TPM_RC_SUCCESS) { 37347 return rc; 37348 } 37349 std::string nv_index_bytes; 37350 rc = Serialize_TPMI_RH_NV_INDEX( 37351 nv_index, 37352 &nv_index_bytes); 37353 if (rc != TPM_RC_SUCCESS) { 37354 return rc; 37355 } 37356 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 37357 crypto::SecureHash::SHA256)); 37358 hash->Update(command_code_bytes.data(), 37359 command_code_bytes.size()); 37360 hash->Update(auth_handle_name.data(), 37361 auth_handle_name.size()); 37362 handle_section_bytes += auth_handle_bytes; 37363 command_size += auth_handle_bytes.size(); 37364 hash->Update(nv_index_name.data(), 37365 nv_index_name.size()); 37366 handle_section_bytes += nv_index_bytes; 37367 command_size += nv_index_bytes.size(); 37368 std::string command_hash(32, 0); 37369 hash->Finish(string_as_array(&command_hash), command_hash.size()); 37370 std::string authorization_section_bytes; 37371 std::string authorization_size_bytes; 37372 if (authorization_delegate) { 37373 if (!authorization_delegate->GetCommandAuthorization( 37374 command_hash, 37375 is_command_parameter_encryption_possible, 37376 is_response_parameter_encryption_possible, 37377 &authorization_section_bytes)) { 37378 return TRUNKS_RC_AUTHORIZATION_FAILED; 37379 } 37380 if (!authorization_section_bytes.empty()) { 37381 tag = TPM_ST_SESSIONS; 37382 std::string tmp; 37383 rc = Serialize_UINT32(authorization_section_bytes.size(), 37384 &authorization_size_bytes); 37385 if (rc != TPM_RC_SUCCESS) { 37386 return rc; 37387 } 37388 command_size += authorization_size_bytes.size() + 37389 authorization_section_bytes.size(); 37390 } 37391 } 37392 std::string tag_bytes; 37393 rc = Serialize_TPMI_ST_COMMAND_TAG( 37394 tag, 37395 &tag_bytes); 37396 if (rc != TPM_RC_SUCCESS) { 37397 return rc; 37398 } 37399 std::string command_size_bytes; 37400 rc = Serialize_UINT32( 37401 command_size, 37402 &command_size_bytes); 37403 if (rc != TPM_RC_SUCCESS) { 37404 return rc; 37405 } 37406 *serialized_command = tag_bytes + 37407 command_size_bytes + 37408 command_code_bytes + 37409 handle_section_bytes + 37410 authorization_size_bytes + 37411 authorization_section_bytes + 37412 parameter_section_bytes; 37413 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 37414 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 37415 serialized_command->size()); 37416 return TPM_RC_SUCCESS; 37417 } 37418 37419 TPM_RC Tpm::ParseResponse_NV_UndefineSpace( 37420 const std::string& response, 37421 AuthorizationDelegate* authorization_delegate) { 37422 VLOG(3) << __func__; 37423 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 37424 TPM_RC rc = TPM_RC_SUCCESS; 37425 std::string buffer(response); 37426 TPM_ST tag; 37427 std::string tag_bytes; 37428 rc = Parse_TPM_ST( 37429 &buffer, 37430 &tag, 37431 &tag_bytes); 37432 if (rc != TPM_RC_SUCCESS) { 37433 return rc; 37434 } 37435 UINT32 response_size; 37436 std::string response_size_bytes; 37437 rc = Parse_UINT32( 37438 &buffer, 37439 &response_size, 37440 &response_size_bytes); 37441 if (rc != TPM_RC_SUCCESS) { 37442 return rc; 37443 } 37444 TPM_RC response_code; 37445 std::string response_code_bytes; 37446 rc = Parse_TPM_RC( 37447 &buffer, 37448 &response_code, 37449 &response_code_bytes); 37450 if (rc != TPM_RC_SUCCESS) { 37451 return rc; 37452 } 37453 if (response_size != response.size()) { 37454 return TPM_RC_SIZE; 37455 } 37456 if (response_code != TPM_RC_SUCCESS) { 37457 return response_code; 37458 } 37459 TPM_CC command_code = TPM_CC_NV_UndefineSpace; 37460 std::string command_code_bytes; 37461 rc = Serialize_TPM_CC( 37462 command_code, 37463 &command_code_bytes); 37464 if (rc != TPM_RC_SUCCESS) { 37465 return rc; 37466 } 37467 std::string authorization_section_bytes; 37468 if (tag == TPM_ST_SESSIONS) { 37469 UINT32 parameter_section_size = buffer.size(); 37470 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 37471 if (rc != TPM_RC_SUCCESS) { 37472 return rc; 37473 } 37474 if (parameter_section_size > buffer.size()) { 37475 return TPM_RC_INSUFFICIENT; 37476 } 37477 authorization_section_bytes = buffer.substr(parameter_section_size); 37478 // Keep the parameter section in |buffer|. 37479 buffer.erase(parameter_section_size); 37480 } 37481 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 37482 crypto::SecureHash::SHA256)); 37483 hash->Update(response_code_bytes.data(), 37484 response_code_bytes.size()); 37485 hash->Update(command_code_bytes.data(), 37486 command_code_bytes.size()); 37487 hash->Update(buffer.data(), 37488 buffer.size()); 37489 std::string response_hash(32, 0); 37490 hash->Finish(string_as_array(&response_hash), response_hash.size()); 37491 if (tag == TPM_ST_SESSIONS) { 37492 CHECK(authorization_delegate) << "Authorization delegate missing!"; 37493 if (!authorization_delegate->CheckResponseAuthorization( 37494 response_hash, 37495 authorization_section_bytes)) { 37496 return TRUNKS_RC_AUTHORIZATION_FAILED; 37497 } 37498 } 37499 return TPM_RC_SUCCESS; 37500 } 37501 37502 void NV_UndefineSpaceErrorCallback( 37503 const Tpm::NV_UndefineSpaceResponse& callback, 37504 TPM_RC response_code) { 37505 VLOG(1) << __func__; 37506 callback.Run(response_code); 37507 } 37508 37509 void NV_UndefineSpaceResponseParser( 37510 const Tpm::NV_UndefineSpaceResponse& callback, 37511 AuthorizationDelegate* authorization_delegate, 37512 const std::string& response) { 37513 VLOG(1) << __func__; 37514 base::Callback<void(TPM_RC)> error_reporter = 37515 base::Bind(NV_UndefineSpaceErrorCallback, callback); 37516 TPM_RC rc = Tpm::ParseResponse_NV_UndefineSpace( 37517 response, 37518 authorization_delegate); 37519 if (rc != TPM_RC_SUCCESS) { 37520 error_reporter.Run(rc); 37521 return; 37522 } 37523 callback.Run( 37524 rc); 37525 } 37526 37527 void Tpm::NV_UndefineSpace( 37528 const TPMI_RH_PROVISION& auth_handle, 37529 const std::string& auth_handle_name, 37530 const TPMI_RH_NV_INDEX& nv_index, 37531 const std::string& nv_index_name, 37532 AuthorizationDelegate* authorization_delegate, 37533 const NV_UndefineSpaceResponse& callback) { 37534 VLOG(1) << __func__; 37535 base::Callback<void(TPM_RC)> error_reporter = 37536 base::Bind(NV_UndefineSpaceErrorCallback, callback); 37537 base::Callback<void(const std::string&)> parser = 37538 base::Bind(NV_UndefineSpaceResponseParser, 37539 callback, 37540 authorization_delegate); 37541 std::string command; 37542 TPM_RC rc = SerializeCommand_NV_UndefineSpace( 37543 auth_handle, 37544 auth_handle_name, 37545 nv_index, 37546 nv_index_name, 37547 &command, 37548 authorization_delegate); 37549 if (rc != TPM_RC_SUCCESS) { 37550 error_reporter.Run(rc); 37551 return; 37552 } 37553 transceiver_->SendCommand(command, parser); 37554 } 37555 37556 TPM_RC Tpm::NV_UndefineSpaceSync( 37557 const TPMI_RH_PROVISION& auth_handle, 37558 const std::string& auth_handle_name, 37559 const TPMI_RH_NV_INDEX& nv_index, 37560 const std::string& nv_index_name, 37561 AuthorizationDelegate* authorization_delegate) { 37562 VLOG(1) << __func__; 37563 std::string command; 37564 TPM_RC rc = SerializeCommand_NV_UndefineSpace( 37565 auth_handle, 37566 auth_handle_name, 37567 nv_index, 37568 nv_index_name, 37569 &command, 37570 authorization_delegate); 37571 if (rc != TPM_RC_SUCCESS) { 37572 return rc; 37573 } 37574 std::string response = transceiver_->SendCommandAndWait(command); 37575 rc = ParseResponse_NV_UndefineSpace( 37576 response, 37577 authorization_delegate); 37578 return rc; 37579 } 37580 37581 TPM_RC Tpm::SerializeCommand_NV_UndefineSpaceSpecial( 37582 const TPMI_RH_NV_INDEX& nv_index, 37583 const std::string& nv_index_name, 37584 const TPMI_RH_PLATFORM& platform, 37585 const std::string& platform_name, 37586 std::string* serialized_command, 37587 AuthorizationDelegate* authorization_delegate) { 37588 VLOG(3) << __func__; 37589 TPM_RC rc = TPM_RC_SUCCESS; 37590 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 37591 UINT32 command_size = 10; // Header size. 37592 std::string handle_section_bytes; 37593 std::string parameter_section_bytes; 37594 TPM_CC command_code = TPM_CC_NV_UndefineSpaceSpecial; 37595 bool is_command_parameter_encryption_possible = false; 37596 bool is_response_parameter_encryption_possible = false; 37597 std::string command_code_bytes; 37598 rc = Serialize_TPM_CC( 37599 command_code, 37600 &command_code_bytes); 37601 if (rc != TPM_RC_SUCCESS) { 37602 return rc; 37603 } 37604 std::string nv_index_bytes; 37605 rc = Serialize_TPMI_RH_NV_INDEX( 37606 nv_index, 37607 &nv_index_bytes); 37608 if (rc != TPM_RC_SUCCESS) { 37609 return rc; 37610 } 37611 std::string platform_bytes; 37612 rc = Serialize_TPMI_RH_PLATFORM( 37613 platform, 37614 &platform_bytes); 37615 if (rc != TPM_RC_SUCCESS) { 37616 return rc; 37617 } 37618 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 37619 crypto::SecureHash::SHA256)); 37620 hash->Update(command_code_bytes.data(), 37621 command_code_bytes.size()); 37622 hash->Update(nv_index_name.data(), 37623 nv_index_name.size()); 37624 handle_section_bytes += nv_index_bytes; 37625 command_size += nv_index_bytes.size(); 37626 hash->Update(platform_name.data(), 37627 platform_name.size()); 37628 handle_section_bytes += platform_bytes; 37629 command_size += platform_bytes.size(); 37630 std::string command_hash(32, 0); 37631 hash->Finish(string_as_array(&command_hash), command_hash.size()); 37632 std::string authorization_section_bytes; 37633 std::string authorization_size_bytes; 37634 if (authorization_delegate) { 37635 if (!authorization_delegate->GetCommandAuthorization( 37636 command_hash, 37637 is_command_parameter_encryption_possible, 37638 is_response_parameter_encryption_possible, 37639 &authorization_section_bytes)) { 37640 return TRUNKS_RC_AUTHORIZATION_FAILED; 37641 } 37642 if (!authorization_section_bytes.empty()) { 37643 tag = TPM_ST_SESSIONS; 37644 std::string tmp; 37645 rc = Serialize_UINT32(authorization_section_bytes.size(), 37646 &authorization_size_bytes); 37647 if (rc != TPM_RC_SUCCESS) { 37648 return rc; 37649 } 37650 command_size += authorization_size_bytes.size() + 37651 authorization_section_bytes.size(); 37652 } 37653 } 37654 std::string tag_bytes; 37655 rc = Serialize_TPMI_ST_COMMAND_TAG( 37656 tag, 37657 &tag_bytes); 37658 if (rc != TPM_RC_SUCCESS) { 37659 return rc; 37660 } 37661 std::string command_size_bytes; 37662 rc = Serialize_UINT32( 37663 command_size, 37664 &command_size_bytes); 37665 if (rc != TPM_RC_SUCCESS) { 37666 return rc; 37667 } 37668 *serialized_command = tag_bytes + 37669 command_size_bytes + 37670 command_code_bytes + 37671 handle_section_bytes + 37672 authorization_size_bytes + 37673 authorization_section_bytes + 37674 parameter_section_bytes; 37675 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 37676 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 37677 serialized_command->size()); 37678 return TPM_RC_SUCCESS; 37679 } 37680 37681 TPM_RC Tpm::ParseResponse_NV_UndefineSpaceSpecial( 37682 const std::string& response, 37683 AuthorizationDelegate* authorization_delegate) { 37684 VLOG(3) << __func__; 37685 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 37686 TPM_RC rc = TPM_RC_SUCCESS; 37687 std::string buffer(response); 37688 TPM_ST tag; 37689 std::string tag_bytes; 37690 rc = Parse_TPM_ST( 37691 &buffer, 37692 &tag, 37693 &tag_bytes); 37694 if (rc != TPM_RC_SUCCESS) { 37695 return rc; 37696 } 37697 UINT32 response_size; 37698 std::string response_size_bytes; 37699 rc = Parse_UINT32( 37700 &buffer, 37701 &response_size, 37702 &response_size_bytes); 37703 if (rc != TPM_RC_SUCCESS) { 37704 return rc; 37705 } 37706 TPM_RC response_code; 37707 std::string response_code_bytes; 37708 rc = Parse_TPM_RC( 37709 &buffer, 37710 &response_code, 37711 &response_code_bytes); 37712 if (rc != TPM_RC_SUCCESS) { 37713 return rc; 37714 } 37715 if (response_size != response.size()) { 37716 return TPM_RC_SIZE; 37717 } 37718 if (response_code != TPM_RC_SUCCESS) { 37719 return response_code; 37720 } 37721 TPM_CC command_code = TPM_CC_NV_UndefineSpaceSpecial; 37722 std::string command_code_bytes; 37723 rc = Serialize_TPM_CC( 37724 command_code, 37725 &command_code_bytes); 37726 if (rc != TPM_RC_SUCCESS) { 37727 return rc; 37728 } 37729 std::string authorization_section_bytes; 37730 if (tag == TPM_ST_SESSIONS) { 37731 UINT32 parameter_section_size = buffer.size(); 37732 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 37733 if (rc != TPM_RC_SUCCESS) { 37734 return rc; 37735 } 37736 if (parameter_section_size > buffer.size()) { 37737 return TPM_RC_INSUFFICIENT; 37738 } 37739 authorization_section_bytes = buffer.substr(parameter_section_size); 37740 // Keep the parameter section in |buffer|. 37741 buffer.erase(parameter_section_size); 37742 } 37743 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 37744 crypto::SecureHash::SHA256)); 37745 hash->Update(response_code_bytes.data(), 37746 response_code_bytes.size()); 37747 hash->Update(command_code_bytes.data(), 37748 command_code_bytes.size()); 37749 hash->Update(buffer.data(), 37750 buffer.size()); 37751 std::string response_hash(32, 0); 37752 hash->Finish(string_as_array(&response_hash), response_hash.size()); 37753 if (tag == TPM_ST_SESSIONS) { 37754 CHECK(authorization_delegate) << "Authorization delegate missing!"; 37755 if (!authorization_delegate->CheckResponseAuthorization( 37756 response_hash, 37757 authorization_section_bytes)) { 37758 return TRUNKS_RC_AUTHORIZATION_FAILED; 37759 } 37760 } 37761 return TPM_RC_SUCCESS; 37762 } 37763 37764 void NV_UndefineSpaceSpecialErrorCallback( 37765 const Tpm::NV_UndefineSpaceSpecialResponse& callback, 37766 TPM_RC response_code) { 37767 VLOG(1) << __func__; 37768 callback.Run(response_code); 37769 } 37770 37771 void NV_UndefineSpaceSpecialResponseParser( 37772 const Tpm::NV_UndefineSpaceSpecialResponse& callback, 37773 AuthorizationDelegate* authorization_delegate, 37774 const std::string& response) { 37775 VLOG(1) << __func__; 37776 base::Callback<void(TPM_RC)> error_reporter = 37777 base::Bind(NV_UndefineSpaceSpecialErrorCallback, callback); 37778 TPM_RC rc = Tpm::ParseResponse_NV_UndefineSpaceSpecial( 37779 response, 37780 authorization_delegate); 37781 if (rc != TPM_RC_SUCCESS) { 37782 error_reporter.Run(rc); 37783 return; 37784 } 37785 callback.Run( 37786 rc); 37787 } 37788 37789 void Tpm::NV_UndefineSpaceSpecial( 37790 const TPMI_RH_NV_INDEX& nv_index, 37791 const std::string& nv_index_name, 37792 const TPMI_RH_PLATFORM& platform, 37793 const std::string& platform_name, 37794 AuthorizationDelegate* authorization_delegate, 37795 const NV_UndefineSpaceSpecialResponse& callback) { 37796 VLOG(1) << __func__; 37797 base::Callback<void(TPM_RC)> error_reporter = 37798 base::Bind(NV_UndefineSpaceSpecialErrorCallback, callback); 37799 base::Callback<void(const std::string&)> parser = 37800 base::Bind(NV_UndefineSpaceSpecialResponseParser, 37801 callback, 37802 authorization_delegate); 37803 std::string command; 37804 TPM_RC rc = SerializeCommand_NV_UndefineSpaceSpecial( 37805 nv_index, 37806 nv_index_name, 37807 platform, 37808 platform_name, 37809 &command, 37810 authorization_delegate); 37811 if (rc != TPM_RC_SUCCESS) { 37812 error_reporter.Run(rc); 37813 return; 37814 } 37815 transceiver_->SendCommand(command, parser); 37816 } 37817 37818 TPM_RC Tpm::NV_UndefineSpaceSpecialSync( 37819 const TPMI_RH_NV_INDEX& nv_index, 37820 const std::string& nv_index_name, 37821 const TPMI_RH_PLATFORM& platform, 37822 const std::string& platform_name, 37823 AuthorizationDelegate* authorization_delegate) { 37824 VLOG(1) << __func__; 37825 std::string command; 37826 TPM_RC rc = SerializeCommand_NV_UndefineSpaceSpecial( 37827 nv_index, 37828 nv_index_name, 37829 platform, 37830 platform_name, 37831 &command, 37832 authorization_delegate); 37833 if (rc != TPM_RC_SUCCESS) { 37834 return rc; 37835 } 37836 std::string response = transceiver_->SendCommandAndWait(command); 37837 rc = ParseResponse_NV_UndefineSpaceSpecial( 37838 response, 37839 authorization_delegate); 37840 return rc; 37841 } 37842 37843 TPM_RC Tpm::SerializeCommand_NV_ReadPublic( 37844 const TPMI_RH_NV_INDEX& nv_index, 37845 const std::string& nv_index_name, 37846 std::string* serialized_command, 37847 AuthorizationDelegate* authorization_delegate) { 37848 VLOG(3) << __func__; 37849 TPM_RC rc = TPM_RC_SUCCESS; 37850 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 37851 UINT32 command_size = 10; // Header size. 37852 std::string handle_section_bytes; 37853 std::string parameter_section_bytes; 37854 TPM_CC command_code = TPM_CC_NV_ReadPublic; 37855 bool is_command_parameter_encryption_possible = false; 37856 bool is_response_parameter_encryption_possible = true; 37857 std::string command_code_bytes; 37858 rc = Serialize_TPM_CC( 37859 command_code, 37860 &command_code_bytes); 37861 if (rc != TPM_RC_SUCCESS) { 37862 return rc; 37863 } 37864 std::string nv_index_bytes; 37865 rc = Serialize_TPMI_RH_NV_INDEX( 37866 nv_index, 37867 &nv_index_bytes); 37868 if (rc != TPM_RC_SUCCESS) { 37869 return rc; 37870 } 37871 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 37872 crypto::SecureHash::SHA256)); 37873 hash->Update(command_code_bytes.data(), 37874 command_code_bytes.size()); 37875 hash->Update(nv_index_name.data(), 37876 nv_index_name.size()); 37877 handle_section_bytes += nv_index_bytes; 37878 command_size += nv_index_bytes.size(); 37879 std::string command_hash(32, 0); 37880 hash->Finish(string_as_array(&command_hash), command_hash.size()); 37881 std::string authorization_section_bytes; 37882 std::string authorization_size_bytes; 37883 if (authorization_delegate) { 37884 if (!authorization_delegate->GetCommandAuthorization( 37885 command_hash, 37886 is_command_parameter_encryption_possible, 37887 is_response_parameter_encryption_possible, 37888 &authorization_section_bytes)) { 37889 return TRUNKS_RC_AUTHORIZATION_FAILED; 37890 } 37891 if (!authorization_section_bytes.empty()) { 37892 tag = TPM_ST_SESSIONS; 37893 std::string tmp; 37894 rc = Serialize_UINT32(authorization_section_bytes.size(), 37895 &authorization_size_bytes); 37896 if (rc != TPM_RC_SUCCESS) { 37897 return rc; 37898 } 37899 command_size += authorization_size_bytes.size() + 37900 authorization_section_bytes.size(); 37901 } 37902 } 37903 std::string tag_bytes; 37904 rc = Serialize_TPMI_ST_COMMAND_TAG( 37905 tag, 37906 &tag_bytes); 37907 if (rc != TPM_RC_SUCCESS) { 37908 return rc; 37909 } 37910 std::string command_size_bytes; 37911 rc = Serialize_UINT32( 37912 command_size, 37913 &command_size_bytes); 37914 if (rc != TPM_RC_SUCCESS) { 37915 return rc; 37916 } 37917 *serialized_command = tag_bytes + 37918 command_size_bytes + 37919 command_code_bytes + 37920 handle_section_bytes + 37921 authorization_size_bytes + 37922 authorization_section_bytes + 37923 parameter_section_bytes; 37924 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 37925 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 37926 serialized_command->size()); 37927 return TPM_RC_SUCCESS; 37928 } 37929 37930 TPM_RC Tpm::ParseResponse_NV_ReadPublic( 37931 const std::string& response, 37932 TPM2B_NV_PUBLIC* nv_public, 37933 TPM2B_NAME* nv_name, 37934 AuthorizationDelegate* authorization_delegate) { 37935 VLOG(3) << __func__; 37936 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 37937 TPM_RC rc = TPM_RC_SUCCESS; 37938 std::string buffer(response); 37939 TPM_ST tag; 37940 std::string tag_bytes; 37941 rc = Parse_TPM_ST( 37942 &buffer, 37943 &tag, 37944 &tag_bytes); 37945 if (rc != TPM_RC_SUCCESS) { 37946 return rc; 37947 } 37948 UINT32 response_size; 37949 std::string response_size_bytes; 37950 rc = Parse_UINT32( 37951 &buffer, 37952 &response_size, 37953 &response_size_bytes); 37954 if (rc != TPM_RC_SUCCESS) { 37955 return rc; 37956 } 37957 TPM_RC response_code; 37958 std::string response_code_bytes; 37959 rc = Parse_TPM_RC( 37960 &buffer, 37961 &response_code, 37962 &response_code_bytes); 37963 if (rc != TPM_RC_SUCCESS) { 37964 return rc; 37965 } 37966 if (response_size != response.size()) { 37967 return TPM_RC_SIZE; 37968 } 37969 if (response_code != TPM_RC_SUCCESS) { 37970 return response_code; 37971 } 37972 TPM_CC command_code = TPM_CC_NV_ReadPublic; 37973 std::string command_code_bytes; 37974 rc = Serialize_TPM_CC( 37975 command_code, 37976 &command_code_bytes); 37977 if (rc != TPM_RC_SUCCESS) { 37978 return rc; 37979 } 37980 std::string authorization_section_bytes; 37981 if (tag == TPM_ST_SESSIONS) { 37982 UINT32 parameter_section_size = buffer.size(); 37983 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 37984 if (rc != TPM_RC_SUCCESS) { 37985 return rc; 37986 } 37987 if (parameter_section_size > buffer.size()) { 37988 return TPM_RC_INSUFFICIENT; 37989 } 37990 authorization_section_bytes = buffer.substr(parameter_section_size); 37991 // Keep the parameter section in |buffer|. 37992 buffer.erase(parameter_section_size); 37993 } 37994 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 37995 crypto::SecureHash::SHA256)); 37996 hash->Update(response_code_bytes.data(), 37997 response_code_bytes.size()); 37998 hash->Update(command_code_bytes.data(), 37999 command_code_bytes.size()); 38000 hash->Update(buffer.data(), 38001 buffer.size()); 38002 std::string response_hash(32, 0); 38003 hash->Finish(string_as_array(&response_hash), response_hash.size()); 38004 if (tag == TPM_ST_SESSIONS) { 38005 CHECK(authorization_delegate) << "Authorization delegate missing!"; 38006 if (!authorization_delegate->CheckResponseAuthorization( 38007 response_hash, 38008 authorization_section_bytes)) { 38009 return TRUNKS_RC_AUTHORIZATION_FAILED; 38010 } 38011 } 38012 std::string nv_public_bytes; 38013 rc = Parse_TPM2B_NV_PUBLIC( 38014 &buffer, 38015 nv_public, 38016 &nv_public_bytes); 38017 if (rc != TPM_RC_SUCCESS) { 38018 return rc; 38019 } 38020 std::string nv_name_bytes; 38021 rc = Parse_TPM2B_NAME( 38022 &buffer, 38023 nv_name, 38024 &nv_name_bytes); 38025 if (rc != TPM_RC_SUCCESS) { 38026 return rc; 38027 } 38028 if (tag == TPM_ST_SESSIONS) { 38029 CHECK(authorization_delegate) << "Authorization delegate missing!"; 38030 // Decrypt just the parameter data, not the size. 38031 std::string tmp = nv_public_bytes.substr(2); 38032 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 38033 return TRUNKS_RC_ENCRYPTION_FAILED; 38034 } 38035 nv_public_bytes.replace(2, std::string::npos, tmp); 38036 rc = Parse_TPM2B_NV_PUBLIC( 38037 &nv_public_bytes, 38038 nv_public, 38039 nullptr); 38040 if (rc != TPM_RC_SUCCESS) { 38041 return rc; 38042 } 38043 } 38044 return TPM_RC_SUCCESS; 38045 } 38046 38047 void NV_ReadPublicErrorCallback( 38048 const Tpm::NV_ReadPublicResponse& callback, 38049 TPM_RC response_code) { 38050 VLOG(1) << __func__; 38051 callback.Run(response_code, 38052 TPM2B_NV_PUBLIC(), 38053 TPM2B_NAME()); 38054 } 38055 38056 void NV_ReadPublicResponseParser( 38057 const Tpm::NV_ReadPublicResponse& callback, 38058 AuthorizationDelegate* authorization_delegate, 38059 const std::string& response) { 38060 VLOG(1) << __func__; 38061 base::Callback<void(TPM_RC)> error_reporter = 38062 base::Bind(NV_ReadPublicErrorCallback, callback); 38063 TPM2B_NV_PUBLIC nv_public; 38064 TPM2B_NAME nv_name; 38065 TPM_RC rc = Tpm::ParseResponse_NV_ReadPublic( 38066 response, 38067 &nv_public, 38068 &nv_name, 38069 authorization_delegate); 38070 if (rc != TPM_RC_SUCCESS) { 38071 error_reporter.Run(rc); 38072 return; 38073 } 38074 callback.Run( 38075 rc, 38076 nv_public, 38077 nv_name); 38078 } 38079 38080 void Tpm::NV_ReadPublic( 38081 const TPMI_RH_NV_INDEX& nv_index, 38082 const std::string& nv_index_name, 38083 AuthorizationDelegate* authorization_delegate, 38084 const NV_ReadPublicResponse& callback) { 38085 VLOG(1) << __func__; 38086 base::Callback<void(TPM_RC)> error_reporter = 38087 base::Bind(NV_ReadPublicErrorCallback, callback); 38088 base::Callback<void(const std::string&)> parser = 38089 base::Bind(NV_ReadPublicResponseParser, 38090 callback, 38091 authorization_delegate); 38092 std::string command; 38093 TPM_RC rc = SerializeCommand_NV_ReadPublic( 38094 nv_index, 38095 nv_index_name, 38096 &command, 38097 authorization_delegate); 38098 if (rc != TPM_RC_SUCCESS) { 38099 error_reporter.Run(rc); 38100 return; 38101 } 38102 transceiver_->SendCommand(command, parser); 38103 } 38104 38105 TPM_RC Tpm::NV_ReadPublicSync( 38106 const TPMI_RH_NV_INDEX& nv_index, 38107 const std::string& nv_index_name, 38108 TPM2B_NV_PUBLIC* nv_public, 38109 TPM2B_NAME* nv_name, 38110 AuthorizationDelegate* authorization_delegate) { 38111 VLOG(1) << __func__; 38112 std::string command; 38113 TPM_RC rc = SerializeCommand_NV_ReadPublic( 38114 nv_index, 38115 nv_index_name, 38116 &command, 38117 authorization_delegate); 38118 if (rc != TPM_RC_SUCCESS) { 38119 return rc; 38120 } 38121 std::string response = transceiver_->SendCommandAndWait(command); 38122 rc = ParseResponse_NV_ReadPublic( 38123 response, 38124 nv_public, 38125 nv_name, 38126 authorization_delegate); 38127 return rc; 38128 } 38129 38130 TPM_RC Tpm::SerializeCommand_NV_Write( 38131 const TPMI_RH_NV_AUTH& auth_handle, 38132 const std::string& auth_handle_name, 38133 const TPMI_RH_NV_INDEX& nv_index, 38134 const std::string& nv_index_name, 38135 const TPM2B_MAX_NV_BUFFER& data, 38136 const UINT16& offset, 38137 std::string* serialized_command, 38138 AuthorizationDelegate* authorization_delegate) { 38139 VLOG(3) << __func__; 38140 TPM_RC rc = TPM_RC_SUCCESS; 38141 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 38142 UINT32 command_size = 10; // Header size. 38143 std::string handle_section_bytes; 38144 std::string parameter_section_bytes; 38145 TPM_CC command_code = TPM_CC_NV_Write; 38146 bool is_command_parameter_encryption_possible = true; 38147 bool is_response_parameter_encryption_possible = false; 38148 std::string command_code_bytes; 38149 rc = Serialize_TPM_CC( 38150 command_code, 38151 &command_code_bytes); 38152 if (rc != TPM_RC_SUCCESS) { 38153 return rc; 38154 } 38155 std::string auth_handle_bytes; 38156 rc = Serialize_TPMI_RH_NV_AUTH( 38157 auth_handle, 38158 &auth_handle_bytes); 38159 if (rc != TPM_RC_SUCCESS) { 38160 return rc; 38161 } 38162 std::string nv_index_bytes; 38163 rc = Serialize_TPMI_RH_NV_INDEX( 38164 nv_index, 38165 &nv_index_bytes); 38166 if (rc != TPM_RC_SUCCESS) { 38167 return rc; 38168 } 38169 std::string data_bytes; 38170 rc = Serialize_TPM2B_MAX_NV_BUFFER( 38171 data, 38172 &data_bytes); 38173 if (rc != TPM_RC_SUCCESS) { 38174 return rc; 38175 } 38176 std::string offset_bytes; 38177 rc = Serialize_UINT16( 38178 offset, 38179 &offset_bytes); 38180 if (rc != TPM_RC_SUCCESS) { 38181 return rc; 38182 } 38183 if (authorization_delegate) { 38184 // Encrypt just the parameter data, not the size. 38185 std::string tmp = data_bytes.substr(2); 38186 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 38187 return TRUNKS_RC_ENCRYPTION_FAILED; 38188 } 38189 data_bytes.replace(2, std::string::npos, tmp); 38190 } 38191 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 38192 crypto::SecureHash::SHA256)); 38193 hash->Update(command_code_bytes.data(), 38194 command_code_bytes.size()); 38195 hash->Update(auth_handle_name.data(), 38196 auth_handle_name.size()); 38197 handle_section_bytes += auth_handle_bytes; 38198 command_size += auth_handle_bytes.size(); 38199 hash->Update(nv_index_name.data(), 38200 nv_index_name.size()); 38201 handle_section_bytes += nv_index_bytes; 38202 command_size += nv_index_bytes.size(); 38203 hash->Update(data_bytes.data(), 38204 data_bytes.size()); 38205 parameter_section_bytes += data_bytes; 38206 command_size += data_bytes.size(); 38207 hash->Update(offset_bytes.data(), 38208 offset_bytes.size()); 38209 parameter_section_bytes += offset_bytes; 38210 command_size += offset_bytes.size(); 38211 std::string command_hash(32, 0); 38212 hash->Finish(string_as_array(&command_hash), command_hash.size()); 38213 std::string authorization_section_bytes; 38214 std::string authorization_size_bytes; 38215 if (authorization_delegate) { 38216 if (!authorization_delegate->GetCommandAuthorization( 38217 command_hash, 38218 is_command_parameter_encryption_possible, 38219 is_response_parameter_encryption_possible, 38220 &authorization_section_bytes)) { 38221 return TRUNKS_RC_AUTHORIZATION_FAILED; 38222 } 38223 if (!authorization_section_bytes.empty()) { 38224 tag = TPM_ST_SESSIONS; 38225 std::string tmp; 38226 rc = Serialize_UINT32(authorization_section_bytes.size(), 38227 &authorization_size_bytes); 38228 if (rc != TPM_RC_SUCCESS) { 38229 return rc; 38230 } 38231 command_size += authorization_size_bytes.size() + 38232 authorization_section_bytes.size(); 38233 } 38234 } 38235 std::string tag_bytes; 38236 rc = Serialize_TPMI_ST_COMMAND_TAG( 38237 tag, 38238 &tag_bytes); 38239 if (rc != TPM_RC_SUCCESS) { 38240 return rc; 38241 } 38242 std::string command_size_bytes; 38243 rc = Serialize_UINT32( 38244 command_size, 38245 &command_size_bytes); 38246 if (rc != TPM_RC_SUCCESS) { 38247 return rc; 38248 } 38249 *serialized_command = tag_bytes + 38250 command_size_bytes + 38251 command_code_bytes + 38252 handle_section_bytes + 38253 authorization_size_bytes + 38254 authorization_section_bytes + 38255 parameter_section_bytes; 38256 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 38257 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 38258 serialized_command->size()); 38259 return TPM_RC_SUCCESS; 38260 } 38261 38262 TPM_RC Tpm::ParseResponse_NV_Write( 38263 const std::string& response, 38264 AuthorizationDelegate* authorization_delegate) { 38265 VLOG(3) << __func__; 38266 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 38267 TPM_RC rc = TPM_RC_SUCCESS; 38268 std::string buffer(response); 38269 TPM_ST tag; 38270 std::string tag_bytes; 38271 rc = Parse_TPM_ST( 38272 &buffer, 38273 &tag, 38274 &tag_bytes); 38275 if (rc != TPM_RC_SUCCESS) { 38276 return rc; 38277 } 38278 UINT32 response_size; 38279 std::string response_size_bytes; 38280 rc = Parse_UINT32( 38281 &buffer, 38282 &response_size, 38283 &response_size_bytes); 38284 if (rc != TPM_RC_SUCCESS) { 38285 return rc; 38286 } 38287 TPM_RC response_code; 38288 std::string response_code_bytes; 38289 rc = Parse_TPM_RC( 38290 &buffer, 38291 &response_code, 38292 &response_code_bytes); 38293 if (rc != TPM_RC_SUCCESS) { 38294 return rc; 38295 } 38296 if (response_size != response.size()) { 38297 return TPM_RC_SIZE; 38298 } 38299 if (response_code != TPM_RC_SUCCESS) { 38300 return response_code; 38301 } 38302 TPM_CC command_code = TPM_CC_NV_Write; 38303 std::string command_code_bytes; 38304 rc = Serialize_TPM_CC( 38305 command_code, 38306 &command_code_bytes); 38307 if (rc != TPM_RC_SUCCESS) { 38308 return rc; 38309 } 38310 std::string authorization_section_bytes; 38311 if (tag == TPM_ST_SESSIONS) { 38312 UINT32 parameter_section_size = buffer.size(); 38313 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 38314 if (rc != TPM_RC_SUCCESS) { 38315 return rc; 38316 } 38317 if (parameter_section_size > buffer.size()) { 38318 return TPM_RC_INSUFFICIENT; 38319 } 38320 authorization_section_bytes = buffer.substr(parameter_section_size); 38321 // Keep the parameter section in |buffer|. 38322 buffer.erase(parameter_section_size); 38323 } 38324 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 38325 crypto::SecureHash::SHA256)); 38326 hash->Update(response_code_bytes.data(), 38327 response_code_bytes.size()); 38328 hash->Update(command_code_bytes.data(), 38329 command_code_bytes.size()); 38330 hash->Update(buffer.data(), 38331 buffer.size()); 38332 std::string response_hash(32, 0); 38333 hash->Finish(string_as_array(&response_hash), response_hash.size()); 38334 if (tag == TPM_ST_SESSIONS) { 38335 CHECK(authorization_delegate) << "Authorization delegate missing!"; 38336 if (!authorization_delegate->CheckResponseAuthorization( 38337 response_hash, 38338 authorization_section_bytes)) { 38339 return TRUNKS_RC_AUTHORIZATION_FAILED; 38340 } 38341 } 38342 return TPM_RC_SUCCESS; 38343 } 38344 38345 void NV_WriteErrorCallback( 38346 const Tpm::NV_WriteResponse& callback, 38347 TPM_RC response_code) { 38348 VLOG(1) << __func__; 38349 callback.Run(response_code); 38350 } 38351 38352 void NV_WriteResponseParser( 38353 const Tpm::NV_WriteResponse& callback, 38354 AuthorizationDelegate* authorization_delegate, 38355 const std::string& response) { 38356 VLOG(1) << __func__; 38357 base::Callback<void(TPM_RC)> error_reporter = 38358 base::Bind(NV_WriteErrorCallback, callback); 38359 TPM_RC rc = Tpm::ParseResponse_NV_Write( 38360 response, 38361 authorization_delegate); 38362 if (rc != TPM_RC_SUCCESS) { 38363 error_reporter.Run(rc); 38364 return; 38365 } 38366 callback.Run( 38367 rc); 38368 } 38369 38370 void Tpm::NV_Write( 38371 const TPMI_RH_NV_AUTH& auth_handle, 38372 const std::string& auth_handle_name, 38373 const TPMI_RH_NV_INDEX& nv_index, 38374 const std::string& nv_index_name, 38375 const TPM2B_MAX_NV_BUFFER& data, 38376 const UINT16& offset, 38377 AuthorizationDelegate* authorization_delegate, 38378 const NV_WriteResponse& callback) { 38379 VLOG(1) << __func__; 38380 base::Callback<void(TPM_RC)> error_reporter = 38381 base::Bind(NV_WriteErrorCallback, callback); 38382 base::Callback<void(const std::string&)> parser = 38383 base::Bind(NV_WriteResponseParser, 38384 callback, 38385 authorization_delegate); 38386 std::string command; 38387 TPM_RC rc = SerializeCommand_NV_Write( 38388 auth_handle, 38389 auth_handle_name, 38390 nv_index, 38391 nv_index_name, 38392 data, 38393 offset, 38394 &command, 38395 authorization_delegate); 38396 if (rc != TPM_RC_SUCCESS) { 38397 error_reporter.Run(rc); 38398 return; 38399 } 38400 transceiver_->SendCommand(command, parser); 38401 } 38402 38403 TPM_RC Tpm::NV_WriteSync( 38404 const TPMI_RH_NV_AUTH& auth_handle, 38405 const std::string& auth_handle_name, 38406 const TPMI_RH_NV_INDEX& nv_index, 38407 const std::string& nv_index_name, 38408 const TPM2B_MAX_NV_BUFFER& data, 38409 const UINT16& offset, 38410 AuthorizationDelegate* authorization_delegate) { 38411 VLOG(1) << __func__; 38412 std::string command; 38413 TPM_RC rc = SerializeCommand_NV_Write( 38414 auth_handle, 38415 auth_handle_name, 38416 nv_index, 38417 nv_index_name, 38418 data, 38419 offset, 38420 &command, 38421 authorization_delegate); 38422 if (rc != TPM_RC_SUCCESS) { 38423 return rc; 38424 } 38425 std::string response = transceiver_->SendCommandAndWait(command); 38426 rc = ParseResponse_NV_Write( 38427 response, 38428 authorization_delegate); 38429 return rc; 38430 } 38431 38432 TPM_RC Tpm::SerializeCommand_NV_Increment( 38433 const TPMI_RH_NV_AUTH& auth_handle, 38434 const std::string& auth_handle_name, 38435 const TPMI_RH_NV_INDEX& nv_index, 38436 const std::string& nv_index_name, 38437 std::string* serialized_command, 38438 AuthorizationDelegate* authorization_delegate) { 38439 VLOG(3) << __func__; 38440 TPM_RC rc = TPM_RC_SUCCESS; 38441 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 38442 UINT32 command_size = 10; // Header size. 38443 std::string handle_section_bytes; 38444 std::string parameter_section_bytes; 38445 TPM_CC command_code = TPM_CC_NV_Increment; 38446 bool is_command_parameter_encryption_possible = false; 38447 bool is_response_parameter_encryption_possible = false; 38448 std::string command_code_bytes; 38449 rc = Serialize_TPM_CC( 38450 command_code, 38451 &command_code_bytes); 38452 if (rc != TPM_RC_SUCCESS) { 38453 return rc; 38454 } 38455 std::string auth_handle_bytes; 38456 rc = Serialize_TPMI_RH_NV_AUTH( 38457 auth_handle, 38458 &auth_handle_bytes); 38459 if (rc != TPM_RC_SUCCESS) { 38460 return rc; 38461 } 38462 std::string nv_index_bytes; 38463 rc = Serialize_TPMI_RH_NV_INDEX( 38464 nv_index, 38465 &nv_index_bytes); 38466 if (rc != TPM_RC_SUCCESS) { 38467 return rc; 38468 } 38469 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 38470 crypto::SecureHash::SHA256)); 38471 hash->Update(command_code_bytes.data(), 38472 command_code_bytes.size()); 38473 hash->Update(auth_handle_name.data(), 38474 auth_handle_name.size()); 38475 handle_section_bytes += auth_handle_bytes; 38476 command_size += auth_handle_bytes.size(); 38477 hash->Update(nv_index_name.data(), 38478 nv_index_name.size()); 38479 handle_section_bytes += nv_index_bytes; 38480 command_size += nv_index_bytes.size(); 38481 std::string command_hash(32, 0); 38482 hash->Finish(string_as_array(&command_hash), command_hash.size()); 38483 std::string authorization_section_bytes; 38484 std::string authorization_size_bytes; 38485 if (authorization_delegate) { 38486 if (!authorization_delegate->GetCommandAuthorization( 38487 command_hash, 38488 is_command_parameter_encryption_possible, 38489 is_response_parameter_encryption_possible, 38490 &authorization_section_bytes)) { 38491 return TRUNKS_RC_AUTHORIZATION_FAILED; 38492 } 38493 if (!authorization_section_bytes.empty()) { 38494 tag = TPM_ST_SESSIONS; 38495 std::string tmp; 38496 rc = Serialize_UINT32(authorization_section_bytes.size(), 38497 &authorization_size_bytes); 38498 if (rc != TPM_RC_SUCCESS) { 38499 return rc; 38500 } 38501 command_size += authorization_size_bytes.size() + 38502 authorization_section_bytes.size(); 38503 } 38504 } 38505 std::string tag_bytes; 38506 rc = Serialize_TPMI_ST_COMMAND_TAG( 38507 tag, 38508 &tag_bytes); 38509 if (rc != TPM_RC_SUCCESS) { 38510 return rc; 38511 } 38512 std::string command_size_bytes; 38513 rc = Serialize_UINT32( 38514 command_size, 38515 &command_size_bytes); 38516 if (rc != TPM_RC_SUCCESS) { 38517 return rc; 38518 } 38519 *serialized_command = tag_bytes + 38520 command_size_bytes + 38521 command_code_bytes + 38522 handle_section_bytes + 38523 authorization_size_bytes + 38524 authorization_section_bytes + 38525 parameter_section_bytes; 38526 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 38527 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 38528 serialized_command->size()); 38529 return TPM_RC_SUCCESS; 38530 } 38531 38532 TPM_RC Tpm::ParseResponse_NV_Increment( 38533 const std::string& response, 38534 AuthorizationDelegate* authorization_delegate) { 38535 VLOG(3) << __func__; 38536 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 38537 TPM_RC rc = TPM_RC_SUCCESS; 38538 std::string buffer(response); 38539 TPM_ST tag; 38540 std::string tag_bytes; 38541 rc = Parse_TPM_ST( 38542 &buffer, 38543 &tag, 38544 &tag_bytes); 38545 if (rc != TPM_RC_SUCCESS) { 38546 return rc; 38547 } 38548 UINT32 response_size; 38549 std::string response_size_bytes; 38550 rc = Parse_UINT32( 38551 &buffer, 38552 &response_size, 38553 &response_size_bytes); 38554 if (rc != TPM_RC_SUCCESS) { 38555 return rc; 38556 } 38557 TPM_RC response_code; 38558 std::string response_code_bytes; 38559 rc = Parse_TPM_RC( 38560 &buffer, 38561 &response_code, 38562 &response_code_bytes); 38563 if (rc != TPM_RC_SUCCESS) { 38564 return rc; 38565 } 38566 if (response_size != response.size()) { 38567 return TPM_RC_SIZE; 38568 } 38569 if (response_code != TPM_RC_SUCCESS) { 38570 return response_code; 38571 } 38572 TPM_CC command_code = TPM_CC_NV_Increment; 38573 std::string command_code_bytes; 38574 rc = Serialize_TPM_CC( 38575 command_code, 38576 &command_code_bytes); 38577 if (rc != TPM_RC_SUCCESS) { 38578 return rc; 38579 } 38580 std::string authorization_section_bytes; 38581 if (tag == TPM_ST_SESSIONS) { 38582 UINT32 parameter_section_size = buffer.size(); 38583 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 38584 if (rc != TPM_RC_SUCCESS) { 38585 return rc; 38586 } 38587 if (parameter_section_size > buffer.size()) { 38588 return TPM_RC_INSUFFICIENT; 38589 } 38590 authorization_section_bytes = buffer.substr(parameter_section_size); 38591 // Keep the parameter section in |buffer|. 38592 buffer.erase(parameter_section_size); 38593 } 38594 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 38595 crypto::SecureHash::SHA256)); 38596 hash->Update(response_code_bytes.data(), 38597 response_code_bytes.size()); 38598 hash->Update(command_code_bytes.data(), 38599 command_code_bytes.size()); 38600 hash->Update(buffer.data(), 38601 buffer.size()); 38602 std::string response_hash(32, 0); 38603 hash->Finish(string_as_array(&response_hash), response_hash.size()); 38604 if (tag == TPM_ST_SESSIONS) { 38605 CHECK(authorization_delegate) << "Authorization delegate missing!"; 38606 if (!authorization_delegate->CheckResponseAuthorization( 38607 response_hash, 38608 authorization_section_bytes)) { 38609 return TRUNKS_RC_AUTHORIZATION_FAILED; 38610 } 38611 } 38612 return TPM_RC_SUCCESS; 38613 } 38614 38615 void NV_IncrementErrorCallback( 38616 const Tpm::NV_IncrementResponse& callback, 38617 TPM_RC response_code) { 38618 VLOG(1) << __func__; 38619 callback.Run(response_code); 38620 } 38621 38622 void NV_IncrementResponseParser( 38623 const Tpm::NV_IncrementResponse& callback, 38624 AuthorizationDelegate* authorization_delegate, 38625 const std::string& response) { 38626 VLOG(1) << __func__; 38627 base::Callback<void(TPM_RC)> error_reporter = 38628 base::Bind(NV_IncrementErrorCallback, callback); 38629 TPM_RC rc = Tpm::ParseResponse_NV_Increment( 38630 response, 38631 authorization_delegate); 38632 if (rc != TPM_RC_SUCCESS) { 38633 error_reporter.Run(rc); 38634 return; 38635 } 38636 callback.Run( 38637 rc); 38638 } 38639 38640 void Tpm::NV_Increment( 38641 const TPMI_RH_NV_AUTH& auth_handle, 38642 const std::string& auth_handle_name, 38643 const TPMI_RH_NV_INDEX& nv_index, 38644 const std::string& nv_index_name, 38645 AuthorizationDelegate* authorization_delegate, 38646 const NV_IncrementResponse& callback) { 38647 VLOG(1) << __func__; 38648 base::Callback<void(TPM_RC)> error_reporter = 38649 base::Bind(NV_IncrementErrorCallback, callback); 38650 base::Callback<void(const std::string&)> parser = 38651 base::Bind(NV_IncrementResponseParser, 38652 callback, 38653 authorization_delegate); 38654 std::string command; 38655 TPM_RC rc = SerializeCommand_NV_Increment( 38656 auth_handle, 38657 auth_handle_name, 38658 nv_index, 38659 nv_index_name, 38660 &command, 38661 authorization_delegate); 38662 if (rc != TPM_RC_SUCCESS) { 38663 error_reporter.Run(rc); 38664 return; 38665 } 38666 transceiver_->SendCommand(command, parser); 38667 } 38668 38669 TPM_RC Tpm::NV_IncrementSync( 38670 const TPMI_RH_NV_AUTH& auth_handle, 38671 const std::string& auth_handle_name, 38672 const TPMI_RH_NV_INDEX& nv_index, 38673 const std::string& nv_index_name, 38674 AuthorizationDelegate* authorization_delegate) { 38675 VLOG(1) << __func__; 38676 std::string command; 38677 TPM_RC rc = SerializeCommand_NV_Increment( 38678 auth_handle, 38679 auth_handle_name, 38680 nv_index, 38681 nv_index_name, 38682 &command, 38683 authorization_delegate); 38684 if (rc != TPM_RC_SUCCESS) { 38685 return rc; 38686 } 38687 std::string response = transceiver_->SendCommandAndWait(command); 38688 rc = ParseResponse_NV_Increment( 38689 response, 38690 authorization_delegate); 38691 return rc; 38692 } 38693 38694 TPM_RC Tpm::SerializeCommand_NV_Extend( 38695 const TPMI_RH_NV_AUTH& auth_handle, 38696 const std::string& auth_handle_name, 38697 const TPMI_RH_NV_INDEX& nv_index, 38698 const std::string& nv_index_name, 38699 const TPM2B_MAX_NV_BUFFER& data, 38700 std::string* serialized_command, 38701 AuthorizationDelegate* authorization_delegate) { 38702 VLOG(3) << __func__; 38703 TPM_RC rc = TPM_RC_SUCCESS; 38704 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 38705 UINT32 command_size = 10; // Header size. 38706 std::string handle_section_bytes; 38707 std::string parameter_section_bytes; 38708 TPM_CC command_code = TPM_CC_NV_Extend; 38709 bool is_command_parameter_encryption_possible = true; 38710 bool is_response_parameter_encryption_possible = false; 38711 std::string command_code_bytes; 38712 rc = Serialize_TPM_CC( 38713 command_code, 38714 &command_code_bytes); 38715 if (rc != TPM_RC_SUCCESS) { 38716 return rc; 38717 } 38718 std::string auth_handle_bytes; 38719 rc = Serialize_TPMI_RH_NV_AUTH( 38720 auth_handle, 38721 &auth_handle_bytes); 38722 if (rc != TPM_RC_SUCCESS) { 38723 return rc; 38724 } 38725 std::string nv_index_bytes; 38726 rc = Serialize_TPMI_RH_NV_INDEX( 38727 nv_index, 38728 &nv_index_bytes); 38729 if (rc != TPM_RC_SUCCESS) { 38730 return rc; 38731 } 38732 std::string data_bytes; 38733 rc = Serialize_TPM2B_MAX_NV_BUFFER( 38734 data, 38735 &data_bytes); 38736 if (rc != TPM_RC_SUCCESS) { 38737 return rc; 38738 } 38739 if (authorization_delegate) { 38740 // Encrypt just the parameter data, not the size. 38741 std::string tmp = data_bytes.substr(2); 38742 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 38743 return TRUNKS_RC_ENCRYPTION_FAILED; 38744 } 38745 data_bytes.replace(2, std::string::npos, tmp); 38746 } 38747 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 38748 crypto::SecureHash::SHA256)); 38749 hash->Update(command_code_bytes.data(), 38750 command_code_bytes.size()); 38751 hash->Update(auth_handle_name.data(), 38752 auth_handle_name.size()); 38753 handle_section_bytes += auth_handle_bytes; 38754 command_size += auth_handle_bytes.size(); 38755 hash->Update(nv_index_name.data(), 38756 nv_index_name.size()); 38757 handle_section_bytes += nv_index_bytes; 38758 command_size += nv_index_bytes.size(); 38759 hash->Update(data_bytes.data(), 38760 data_bytes.size()); 38761 parameter_section_bytes += data_bytes; 38762 command_size += data_bytes.size(); 38763 std::string command_hash(32, 0); 38764 hash->Finish(string_as_array(&command_hash), command_hash.size()); 38765 std::string authorization_section_bytes; 38766 std::string authorization_size_bytes; 38767 if (authorization_delegate) { 38768 if (!authorization_delegate->GetCommandAuthorization( 38769 command_hash, 38770 is_command_parameter_encryption_possible, 38771 is_response_parameter_encryption_possible, 38772 &authorization_section_bytes)) { 38773 return TRUNKS_RC_AUTHORIZATION_FAILED; 38774 } 38775 if (!authorization_section_bytes.empty()) { 38776 tag = TPM_ST_SESSIONS; 38777 std::string tmp; 38778 rc = Serialize_UINT32(authorization_section_bytes.size(), 38779 &authorization_size_bytes); 38780 if (rc != TPM_RC_SUCCESS) { 38781 return rc; 38782 } 38783 command_size += authorization_size_bytes.size() + 38784 authorization_section_bytes.size(); 38785 } 38786 } 38787 std::string tag_bytes; 38788 rc = Serialize_TPMI_ST_COMMAND_TAG( 38789 tag, 38790 &tag_bytes); 38791 if (rc != TPM_RC_SUCCESS) { 38792 return rc; 38793 } 38794 std::string command_size_bytes; 38795 rc = Serialize_UINT32( 38796 command_size, 38797 &command_size_bytes); 38798 if (rc != TPM_RC_SUCCESS) { 38799 return rc; 38800 } 38801 *serialized_command = tag_bytes + 38802 command_size_bytes + 38803 command_code_bytes + 38804 handle_section_bytes + 38805 authorization_size_bytes + 38806 authorization_section_bytes + 38807 parameter_section_bytes; 38808 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 38809 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 38810 serialized_command->size()); 38811 return TPM_RC_SUCCESS; 38812 } 38813 38814 TPM_RC Tpm::ParseResponse_NV_Extend( 38815 const std::string& response, 38816 AuthorizationDelegate* authorization_delegate) { 38817 VLOG(3) << __func__; 38818 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 38819 TPM_RC rc = TPM_RC_SUCCESS; 38820 std::string buffer(response); 38821 TPM_ST tag; 38822 std::string tag_bytes; 38823 rc = Parse_TPM_ST( 38824 &buffer, 38825 &tag, 38826 &tag_bytes); 38827 if (rc != TPM_RC_SUCCESS) { 38828 return rc; 38829 } 38830 UINT32 response_size; 38831 std::string response_size_bytes; 38832 rc = Parse_UINT32( 38833 &buffer, 38834 &response_size, 38835 &response_size_bytes); 38836 if (rc != TPM_RC_SUCCESS) { 38837 return rc; 38838 } 38839 TPM_RC response_code; 38840 std::string response_code_bytes; 38841 rc = Parse_TPM_RC( 38842 &buffer, 38843 &response_code, 38844 &response_code_bytes); 38845 if (rc != TPM_RC_SUCCESS) { 38846 return rc; 38847 } 38848 if (response_size != response.size()) { 38849 return TPM_RC_SIZE; 38850 } 38851 if (response_code != TPM_RC_SUCCESS) { 38852 return response_code; 38853 } 38854 TPM_CC command_code = TPM_CC_NV_Extend; 38855 std::string command_code_bytes; 38856 rc = Serialize_TPM_CC( 38857 command_code, 38858 &command_code_bytes); 38859 if (rc != TPM_RC_SUCCESS) { 38860 return rc; 38861 } 38862 std::string authorization_section_bytes; 38863 if (tag == TPM_ST_SESSIONS) { 38864 UINT32 parameter_section_size = buffer.size(); 38865 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 38866 if (rc != TPM_RC_SUCCESS) { 38867 return rc; 38868 } 38869 if (parameter_section_size > buffer.size()) { 38870 return TPM_RC_INSUFFICIENT; 38871 } 38872 authorization_section_bytes = buffer.substr(parameter_section_size); 38873 // Keep the parameter section in |buffer|. 38874 buffer.erase(parameter_section_size); 38875 } 38876 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 38877 crypto::SecureHash::SHA256)); 38878 hash->Update(response_code_bytes.data(), 38879 response_code_bytes.size()); 38880 hash->Update(command_code_bytes.data(), 38881 command_code_bytes.size()); 38882 hash->Update(buffer.data(), 38883 buffer.size()); 38884 std::string response_hash(32, 0); 38885 hash->Finish(string_as_array(&response_hash), response_hash.size()); 38886 if (tag == TPM_ST_SESSIONS) { 38887 CHECK(authorization_delegate) << "Authorization delegate missing!"; 38888 if (!authorization_delegate->CheckResponseAuthorization( 38889 response_hash, 38890 authorization_section_bytes)) { 38891 return TRUNKS_RC_AUTHORIZATION_FAILED; 38892 } 38893 } 38894 return TPM_RC_SUCCESS; 38895 } 38896 38897 void NV_ExtendErrorCallback( 38898 const Tpm::NV_ExtendResponse& callback, 38899 TPM_RC response_code) { 38900 VLOG(1) << __func__; 38901 callback.Run(response_code); 38902 } 38903 38904 void NV_ExtendResponseParser( 38905 const Tpm::NV_ExtendResponse& callback, 38906 AuthorizationDelegate* authorization_delegate, 38907 const std::string& response) { 38908 VLOG(1) << __func__; 38909 base::Callback<void(TPM_RC)> error_reporter = 38910 base::Bind(NV_ExtendErrorCallback, callback); 38911 TPM_RC rc = Tpm::ParseResponse_NV_Extend( 38912 response, 38913 authorization_delegate); 38914 if (rc != TPM_RC_SUCCESS) { 38915 error_reporter.Run(rc); 38916 return; 38917 } 38918 callback.Run( 38919 rc); 38920 } 38921 38922 void Tpm::NV_Extend( 38923 const TPMI_RH_NV_AUTH& auth_handle, 38924 const std::string& auth_handle_name, 38925 const TPMI_RH_NV_INDEX& nv_index, 38926 const std::string& nv_index_name, 38927 const TPM2B_MAX_NV_BUFFER& data, 38928 AuthorizationDelegate* authorization_delegate, 38929 const NV_ExtendResponse& callback) { 38930 VLOG(1) << __func__; 38931 base::Callback<void(TPM_RC)> error_reporter = 38932 base::Bind(NV_ExtendErrorCallback, callback); 38933 base::Callback<void(const std::string&)> parser = 38934 base::Bind(NV_ExtendResponseParser, 38935 callback, 38936 authorization_delegate); 38937 std::string command; 38938 TPM_RC rc = SerializeCommand_NV_Extend( 38939 auth_handle, 38940 auth_handle_name, 38941 nv_index, 38942 nv_index_name, 38943 data, 38944 &command, 38945 authorization_delegate); 38946 if (rc != TPM_RC_SUCCESS) { 38947 error_reporter.Run(rc); 38948 return; 38949 } 38950 transceiver_->SendCommand(command, parser); 38951 } 38952 38953 TPM_RC Tpm::NV_ExtendSync( 38954 const TPMI_RH_NV_AUTH& auth_handle, 38955 const std::string& auth_handle_name, 38956 const TPMI_RH_NV_INDEX& nv_index, 38957 const std::string& nv_index_name, 38958 const TPM2B_MAX_NV_BUFFER& data, 38959 AuthorizationDelegate* authorization_delegate) { 38960 VLOG(1) << __func__; 38961 std::string command; 38962 TPM_RC rc = SerializeCommand_NV_Extend( 38963 auth_handle, 38964 auth_handle_name, 38965 nv_index, 38966 nv_index_name, 38967 data, 38968 &command, 38969 authorization_delegate); 38970 if (rc != TPM_RC_SUCCESS) { 38971 return rc; 38972 } 38973 std::string response = transceiver_->SendCommandAndWait(command); 38974 rc = ParseResponse_NV_Extend( 38975 response, 38976 authorization_delegate); 38977 return rc; 38978 } 38979 38980 TPM_RC Tpm::SerializeCommand_NV_SetBits( 38981 const TPMI_RH_NV_AUTH& auth_handle, 38982 const std::string& auth_handle_name, 38983 const TPMI_RH_NV_INDEX& nv_index, 38984 const std::string& nv_index_name, 38985 const UINT64& bits, 38986 std::string* serialized_command, 38987 AuthorizationDelegate* authorization_delegate) { 38988 VLOG(3) << __func__; 38989 TPM_RC rc = TPM_RC_SUCCESS; 38990 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 38991 UINT32 command_size = 10; // Header size. 38992 std::string handle_section_bytes; 38993 std::string parameter_section_bytes; 38994 TPM_CC command_code = TPM_CC_NV_SetBits; 38995 bool is_command_parameter_encryption_possible = false; 38996 bool is_response_parameter_encryption_possible = false; 38997 std::string command_code_bytes; 38998 rc = Serialize_TPM_CC( 38999 command_code, 39000 &command_code_bytes); 39001 if (rc != TPM_RC_SUCCESS) { 39002 return rc; 39003 } 39004 std::string auth_handle_bytes; 39005 rc = Serialize_TPMI_RH_NV_AUTH( 39006 auth_handle, 39007 &auth_handle_bytes); 39008 if (rc != TPM_RC_SUCCESS) { 39009 return rc; 39010 } 39011 std::string nv_index_bytes; 39012 rc = Serialize_TPMI_RH_NV_INDEX( 39013 nv_index, 39014 &nv_index_bytes); 39015 if (rc != TPM_RC_SUCCESS) { 39016 return rc; 39017 } 39018 std::string bits_bytes; 39019 rc = Serialize_UINT64( 39020 bits, 39021 &bits_bytes); 39022 if (rc != TPM_RC_SUCCESS) { 39023 return rc; 39024 } 39025 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 39026 crypto::SecureHash::SHA256)); 39027 hash->Update(command_code_bytes.data(), 39028 command_code_bytes.size()); 39029 hash->Update(auth_handle_name.data(), 39030 auth_handle_name.size()); 39031 handle_section_bytes += auth_handle_bytes; 39032 command_size += auth_handle_bytes.size(); 39033 hash->Update(nv_index_name.data(), 39034 nv_index_name.size()); 39035 handle_section_bytes += nv_index_bytes; 39036 command_size += nv_index_bytes.size(); 39037 hash->Update(bits_bytes.data(), 39038 bits_bytes.size()); 39039 parameter_section_bytes += bits_bytes; 39040 command_size += bits_bytes.size(); 39041 std::string command_hash(32, 0); 39042 hash->Finish(string_as_array(&command_hash), command_hash.size()); 39043 std::string authorization_section_bytes; 39044 std::string authorization_size_bytes; 39045 if (authorization_delegate) { 39046 if (!authorization_delegate->GetCommandAuthorization( 39047 command_hash, 39048 is_command_parameter_encryption_possible, 39049 is_response_parameter_encryption_possible, 39050 &authorization_section_bytes)) { 39051 return TRUNKS_RC_AUTHORIZATION_FAILED; 39052 } 39053 if (!authorization_section_bytes.empty()) { 39054 tag = TPM_ST_SESSIONS; 39055 std::string tmp; 39056 rc = Serialize_UINT32(authorization_section_bytes.size(), 39057 &authorization_size_bytes); 39058 if (rc != TPM_RC_SUCCESS) { 39059 return rc; 39060 } 39061 command_size += authorization_size_bytes.size() + 39062 authorization_section_bytes.size(); 39063 } 39064 } 39065 std::string tag_bytes; 39066 rc = Serialize_TPMI_ST_COMMAND_TAG( 39067 tag, 39068 &tag_bytes); 39069 if (rc != TPM_RC_SUCCESS) { 39070 return rc; 39071 } 39072 std::string command_size_bytes; 39073 rc = Serialize_UINT32( 39074 command_size, 39075 &command_size_bytes); 39076 if (rc != TPM_RC_SUCCESS) { 39077 return rc; 39078 } 39079 *serialized_command = tag_bytes + 39080 command_size_bytes + 39081 command_code_bytes + 39082 handle_section_bytes + 39083 authorization_size_bytes + 39084 authorization_section_bytes + 39085 parameter_section_bytes; 39086 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 39087 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 39088 serialized_command->size()); 39089 return TPM_RC_SUCCESS; 39090 } 39091 39092 TPM_RC Tpm::ParseResponse_NV_SetBits( 39093 const std::string& response, 39094 AuthorizationDelegate* authorization_delegate) { 39095 VLOG(3) << __func__; 39096 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 39097 TPM_RC rc = TPM_RC_SUCCESS; 39098 std::string buffer(response); 39099 TPM_ST tag; 39100 std::string tag_bytes; 39101 rc = Parse_TPM_ST( 39102 &buffer, 39103 &tag, 39104 &tag_bytes); 39105 if (rc != TPM_RC_SUCCESS) { 39106 return rc; 39107 } 39108 UINT32 response_size; 39109 std::string response_size_bytes; 39110 rc = Parse_UINT32( 39111 &buffer, 39112 &response_size, 39113 &response_size_bytes); 39114 if (rc != TPM_RC_SUCCESS) { 39115 return rc; 39116 } 39117 TPM_RC response_code; 39118 std::string response_code_bytes; 39119 rc = Parse_TPM_RC( 39120 &buffer, 39121 &response_code, 39122 &response_code_bytes); 39123 if (rc != TPM_RC_SUCCESS) { 39124 return rc; 39125 } 39126 if (response_size != response.size()) { 39127 return TPM_RC_SIZE; 39128 } 39129 if (response_code != TPM_RC_SUCCESS) { 39130 return response_code; 39131 } 39132 TPM_CC command_code = TPM_CC_NV_SetBits; 39133 std::string command_code_bytes; 39134 rc = Serialize_TPM_CC( 39135 command_code, 39136 &command_code_bytes); 39137 if (rc != TPM_RC_SUCCESS) { 39138 return rc; 39139 } 39140 std::string authorization_section_bytes; 39141 if (tag == TPM_ST_SESSIONS) { 39142 UINT32 parameter_section_size = buffer.size(); 39143 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 39144 if (rc != TPM_RC_SUCCESS) { 39145 return rc; 39146 } 39147 if (parameter_section_size > buffer.size()) { 39148 return TPM_RC_INSUFFICIENT; 39149 } 39150 authorization_section_bytes = buffer.substr(parameter_section_size); 39151 // Keep the parameter section in |buffer|. 39152 buffer.erase(parameter_section_size); 39153 } 39154 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 39155 crypto::SecureHash::SHA256)); 39156 hash->Update(response_code_bytes.data(), 39157 response_code_bytes.size()); 39158 hash->Update(command_code_bytes.data(), 39159 command_code_bytes.size()); 39160 hash->Update(buffer.data(), 39161 buffer.size()); 39162 std::string response_hash(32, 0); 39163 hash->Finish(string_as_array(&response_hash), response_hash.size()); 39164 if (tag == TPM_ST_SESSIONS) { 39165 CHECK(authorization_delegate) << "Authorization delegate missing!"; 39166 if (!authorization_delegate->CheckResponseAuthorization( 39167 response_hash, 39168 authorization_section_bytes)) { 39169 return TRUNKS_RC_AUTHORIZATION_FAILED; 39170 } 39171 } 39172 return TPM_RC_SUCCESS; 39173 } 39174 39175 void NV_SetBitsErrorCallback( 39176 const Tpm::NV_SetBitsResponse& callback, 39177 TPM_RC response_code) { 39178 VLOG(1) << __func__; 39179 callback.Run(response_code); 39180 } 39181 39182 void NV_SetBitsResponseParser( 39183 const Tpm::NV_SetBitsResponse& callback, 39184 AuthorizationDelegate* authorization_delegate, 39185 const std::string& response) { 39186 VLOG(1) << __func__; 39187 base::Callback<void(TPM_RC)> error_reporter = 39188 base::Bind(NV_SetBitsErrorCallback, callback); 39189 TPM_RC rc = Tpm::ParseResponse_NV_SetBits( 39190 response, 39191 authorization_delegate); 39192 if (rc != TPM_RC_SUCCESS) { 39193 error_reporter.Run(rc); 39194 return; 39195 } 39196 callback.Run( 39197 rc); 39198 } 39199 39200 void Tpm::NV_SetBits( 39201 const TPMI_RH_NV_AUTH& auth_handle, 39202 const std::string& auth_handle_name, 39203 const TPMI_RH_NV_INDEX& nv_index, 39204 const std::string& nv_index_name, 39205 const UINT64& bits, 39206 AuthorizationDelegate* authorization_delegate, 39207 const NV_SetBitsResponse& callback) { 39208 VLOG(1) << __func__; 39209 base::Callback<void(TPM_RC)> error_reporter = 39210 base::Bind(NV_SetBitsErrorCallback, callback); 39211 base::Callback<void(const std::string&)> parser = 39212 base::Bind(NV_SetBitsResponseParser, 39213 callback, 39214 authorization_delegate); 39215 std::string command; 39216 TPM_RC rc = SerializeCommand_NV_SetBits( 39217 auth_handle, 39218 auth_handle_name, 39219 nv_index, 39220 nv_index_name, 39221 bits, 39222 &command, 39223 authorization_delegate); 39224 if (rc != TPM_RC_SUCCESS) { 39225 error_reporter.Run(rc); 39226 return; 39227 } 39228 transceiver_->SendCommand(command, parser); 39229 } 39230 39231 TPM_RC Tpm::NV_SetBitsSync( 39232 const TPMI_RH_NV_AUTH& auth_handle, 39233 const std::string& auth_handle_name, 39234 const TPMI_RH_NV_INDEX& nv_index, 39235 const std::string& nv_index_name, 39236 const UINT64& bits, 39237 AuthorizationDelegate* authorization_delegate) { 39238 VLOG(1) << __func__; 39239 std::string command; 39240 TPM_RC rc = SerializeCommand_NV_SetBits( 39241 auth_handle, 39242 auth_handle_name, 39243 nv_index, 39244 nv_index_name, 39245 bits, 39246 &command, 39247 authorization_delegate); 39248 if (rc != TPM_RC_SUCCESS) { 39249 return rc; 39250 } 39251 std::string response = transceiver_->SendCommandAndWait(command); 39252 rc = ParseResponse_NV_SetBits( 39253 response, 39254 authorization_delegate); 39255 return rc; 39256 } 39257 39258 TPM_RC Tpm::SerializeCommand_NV_WriteLock( 39259 const TPMI_RH_NV_AUTH& auth_handle, 39260 const std::string& auth_handle_name, 39261 const TPMI_RH_NV_INDEX& nv_index, 39262 const std::string& nv_index_name, 39263 std::string* serialized_command, 39264 AuthorizationDelegate* authorization_delegate) { 39265 VLOG(3) << __func__; 39266 TPM_RC rc = TPM_RC_SUCCESS; 39267 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 39268 UINT32 command_size = 10; // Header size. 39269 std::string handle_section_bytes; 39270 std::string parameter_section_bytes; 39271 TPM_CC command_code = TPM_CC_NV_WriteLock; 39272 bool is_command_parameter_encryption_possible = false; 39273 bool is_response_parameter_encryption_possible = false; 39274 std::string command_code_bytes; 39275 rc = Serialize_TPM_CC( 39276 command_code, 39277 &command_code_bytes); 39278 if (rc != TPM_RC_SUCCESS) { 39279 return rc; 39280 } 39281 std::string auth_handle_bytes; 39282 rc = Serialize_TPMI_RH_NV_AUTH( 39283 auth_handle, 39284 &auth_handle_bytes); 39285 if (rc != TPM_RC_SUCCESS) { 39286 return rc; 39287 } 39288 std::string nv_index_bytes; 39289 rc = Serialize_TPMI_RH_NV_INDEX( 39290 nv_index, 39291 &nv_index_bytes); 39292 if (rc != TPM_RC_SUCCESS) { 39293 return rc; 39294 } 39295 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 39296 crypto::SecureHash::SHA256)); 39297 hash->Update(command_code_bytes.data(), 39298 command_code_bytes.size()); 39299 hash->Update(auth_handle_name.data(), 39300 auth_handle_name.size()); 39301 handle_section_bytes += auth_handle_bytes; 39302 command_size += auth_handle_bytes.size(); 39303 hash->Update(nv_index_name.data(), 39304 nv_index_name.size()); 39305 handle_section_bytes += nv_index_bytes; 39306 command_size += nv_index_bytes.size(); 39307 std::string command_hash(32, 0); 39308 hash->Finish(string_as_array(&command_hash), command_hash.size()); 39309 std::string authorization_section_bytes; 39310 std::string authorization_size_bytes; 39311 if (authorization_delegate) { 39312 if (!authorization_delegate->GetCommandAuthorization( 39313 command_hash, 39314 is_command_parameter_encryption_possible, 39315 is_response_parameter_encryption_possible, 39316 &authorization_section_bytes)) { 39317 return TRUNKS_RC_AUTHORIZATION_FAILED; 39318 } 39319 if (!authorization_section_bytes.empty()) { 39320 tag = TPM_ST_SESSIONS; 39321 std::string tmp; 39322 rc = Serialize_UINT32(authorization_section_bytes.size(), 39323 &authorization_size_bytes); 39324 if (rc != TPM_RC_SUCCESS) { 39325 return rc; 39326 } 39327 command_size += authorization_size_bytes.size() + 39328 authorization_section_bytes.size(); 39329 } 39330 } 39331 std::string tag_bytes; 39332 rc = Serialize_TPMI_ST_COMMAND_TAG( 39333 tag, 39334 &tag_bytes); 39335 if (rc != TPM_RC_SUCCESS) { 39336 return rc; 39337 } 39338 std::string command_size_bytes; 39339 rc = Serialize_UINT32( 39340 command_size, 39341 &command_size_bytes); 39342 if (rc != TPM_RC_SUCCESS) { 39343 return rc; 39344 } 39345 *serialized_command = tag_bytes + 39346 command_size_bytes + 39347 command_code_bytes + 39348 handle_section_bytes + 39349 authorization_size_bytes + 39350 authorization_section_bytes + 39351 parameter_section_bytes; 39352 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 39353 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 39354 serialized_command->size()); 39355 return TPM_RC_SUCCESS; 39356 } 39357 39358 TPM_RC Tpm::ParseResponse_NV_WriteLock( 39359 const std::string& response, 39360 AuthorizationDelegate* authorization_delegate) { 39361 VLOG(3) << __func__; 39362 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 39363 TPM_RC rc = TPM_RC_SUCCESS; 39364 std::string buffer(response); 39365 TPM_ST tag; 39366 std::string tag_bytes; 39367 rc = Parse_TPM_ST( 39368 &buffer, 39369 &tag, 39370 &tag_bytes); 39371 if (rc != TPM_RC_SUCCESS) { 39372 return rc; 39373 } 39374 UINT32 response_size; 39375 std::string response_size_bytes; 39376 rc = Parse_UINT32( 39377 &buffer, 39378 &response_size, 39379 &response_size_bytes); 39380 if (rc != TPM_RC_SUCCESS) { 39381 return rc; 39382 } 39383 TPM_RC response_code; 39384 std::string response_code_bytes; 39385 rc = Parse_TPM_RC( 39386 &buffer, 39387 &response_code, 39388 &response_code_bytes); 39389 if (rc != TPM_RC_SUCCESS) { 39390 return rc; 39391 } 39392 if (response_size != response.size()) { 39393 return TPM_RC_SIZE; 39394 } 39395 if (response_code != TPM_RC_SUCCESS) { 39396 return response_code; 39397 } 39398 TPM_CC command_code = TPM_CC_NV_WriteLock; 39399 std::string command_code_bytes; 39400 rc = Serialize_TPM_CC( 39401 command_code, 39402 &command_code_bytes); 39403 if (rc != TPM_RC_SUCCESS) { 39404 return rc; 39405 } 39406 std::string authorization_section_bytes; 39407 if (tag == TPM_ST_SESSIONS) { 39408 UINT32 parameter_section_size = buffer.size(); 39409 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 39410 if (rc != TPM_RC_SUCCESS) { 39411 return rc; 39412 } 39413 if (parameter_section_size > buffer.size()) { 39414 return TPM_RC_INSUFFICIENT; 39415 } 39416 authorization_section_bytes = buffer.substr(parameter_section_size); 39417 // Keep the parameter section in |buffer|. 39418 buffer.erase(parameter_section_size); 39419 } 39420 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 39421 crypto::SecureHash::SHA256)); 39422 hash->Update(response_code_bytes.data(), 39423 response_code_bytes.size()); 39424 hash->Update(command_code_bytes.data(), 39425 command_code_bytes.size()); 39426 hash->Update(buffer.data(), 39427 buffer.size()); 39428 std::string response_hash(32, 0); 39429 hash->Finish(string_as_array(&response_hash), response_hash.size()); 39430 if (tag == TPM_ST_SESSIONS) { 39431 CHECK(authorization_delegate) << "Authorization delegate missing!"; 39432 if (!authorization_delegate->CheckResponseAuthorization( 39433 response_hash, 39434 authorization_section_bytes)) { 39435 return TRUNKS_RC_AUTHORIZATION_FAILED; 39436 } 39437 } 39438 return TPM_RC_SUCCESS; 39439 } 39440 39441 void NV_WriteLockErrorCallback( 39442 const Tpm::NV_WriteLockResponse& callback, 39443 TPM_RC response_code) { 39444 VLOG(1) << __func__; 39445 callback.Run(response_code); 39446 } 39447 39448 void NV_WriteLockResponseParser( 39449 const Tpm::NV_WriteLockResponse& callback, 39450 AuthorizationDelegate* authorization_delegate, 39451 const std::string& response) { 39452 VLOG(1) << __func__; 39453 base::Callback<void(TPM_RC)> error_reporter = 39454 base::Bind(NV_WriteLockErrorCallback, callback); 39455 TPM_RC rc = Tpm::ParseResponse_NV_WriteLock( 39456 response, 39457 authorization_delegate); 39458 if (rc != TPM_RC_SUCCESS) { 39459 error_reporter.Run(rc); 39460 return; 39461 } 39462 callback.Run( 39463 rc); 39464 } 39465 39466 void Tpm::NV_WriteLock( 39467 const TPMI_RH_NV_AUTH& auth_handle, 39468 const std::string& auth_handle_name, 39469 const TPMI_RH_NV_INDEX& nv_index, 39470 const std::string& nv_index_name, 39471 AuthorizationDelegate* authorization_delegate, 39472 const NV_WriteLockResponse& callback) { 39473 VLOG(1) << __func__; 39474 base::Callback<void(TPM_RC)> error_reporter = 39475 base::Bind(NV_WriteLockErrorCallback, callback); 39476 base::Callback<void(const std::string&)> parser = 39477 base::Bind(NV_WriteLockResponseParser, 39478 callback, 39479 authorization_delegate); 39480 std::string command; 39481 TPM_RC rc = SerializeCommand_NV_WriteLock( 39482 auth_handle, 39483 auth_handle_name, 39484 nv_index, 39485 nv_index_name, 39486 &command, 39487 authorization_delegate); 39488 if (rc != TPM_RC_SUCCESS) { 39489 error_reporter.Run(rc); 39490 return; 39491 } 39492 transceiver_->SendCommand(command, parser); 39493 } 39494 39495 TPM_RC Tpm::NV_WriteLockSync( 39496 const TPMI_RH_NV_AUTH& auth_handle, 39497 const std::string& auth_handle_name, 39498 const TPMI_RH_NV_INDEX& nv_index, 39499 const std::string& nv_index_name, 39500 AuthorizationDelegate* authorization_delegate) { 39501 VLOG(1) << __func__; 39502 std::string command; 39503 TPM_RC rc = SerializeCommand_NV_WriteLock( 39504 auth_handle, 39505 auth_handle_name, 39506 nv_index, 39507 nv_index_name, 39508 &command, 39509 authorization_delegate); 39510 if (rc != TPM_RC_SUCCESS) { 39511 return rc; 39512 } 39513 std::string response = transceiver_->SendCommandAndWait(command); 39514 rc = ParseResponse_NV_WriteLock( 39515 response, 39516 authorization_delegate); 39517 return rc; 39518 } 39519 39520 TPM_RC Tpm::SerializeCommand_NV_GlobalWriteLock( 39521 const TPMI_RH_PROVISION& auth_handle, 39522 const std::string& auth_handle_name, 39523 std::string* serialized_command, 39524 AuthorizationDelegate* authorization_delegate) { 39525 VLOG(3) << __func__; 39526 TPM_RC rc = TPM_RC_SUCCESS; 39527 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 39528 UINT32 command_size = 10; // Header size. 39529 std::string handle_section_bytes; 39530 std::string parameter_section_bytes; 39531 TPM_CC command_code = TPM_CC_NV_GlobalWriteLock; 39532 bool is_command_parameter_encryption_possible = false; 39533 bool is_response_parameter_encryption_possible = false; 39534 std::string command_code_bytes; 39535 rc = Serialize_TPM_CC( 39536 command_code, 39537 &command_code_bytes); 39538 if (rc != TPM_RC_SUCCESS) { 39539 return rc; 39540 } 39541 std::string auth_handle_bytes; 39542 rc = Serialize_TPMI_RH_PROVISION( 39543 auth_handle, 39544 &auth_handle_bytes); 39545 if (rc != TPM_RC_SUCCESS) { 39546 return rc; 39547 } 39548 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 39549 crypto::SecureHash::SHA256)); 39550 hash->Update(command_code_bytes.data(), 39551 command_code_bytes.size()); 39552 hash->Update(auth_handle_name.data(), 39553 auth_handle_name.size()); 39554 handle_section_bytes += auth_handle_bytes; 39555 command_size += auth_handle_bytes.size(); 39556 std::string command_hash(32, 0); 39557 hash->Finish(string_as_array(&command_hash), command_hash.size()); 39558 std::string authorization_section_bytes; 39559 std::string authorization_size_bytes; 39560 if (authorization_delegate) { 39561 if (!authorization_delegate->GetCommandAuthorization( 39562 command_hash, 39563 is_command_parameter_encryption_possible, 39564 is_response_parameter_encryption_possible, 39565 &authorization_section_bytes)) { 39566 return TRUNKS_RC_AUTHORIZATION_FAILED; 39567 } 39568 if (!authorization_section_bytes.empty()) { 39569 tag = TPM_ST_SESSIONS; 39570 std::string tmp; 39571 rc = Serialize_UINT32(authorization_section_bytes.size(), 39572 &authorization_size_bytes); 39573 if (rc != TPM_RC_SUCCESS) { 39574 return rc; 39575 } 39576 command_size += authorization_size_bytes.size() + 39577 authorization_section_bytes.size(); 39578 } 39579 } 39580 std::string tag_bytes; 39581 rc = Serialize_TPMI_ST_COMMAND_TAG( 39582 tag, 39583 &tag_bytes); 39584 if (rc != TPM_RC_SUCCESS) { 39585 return rc; 39586 } 39587 std::string command_size_bytes; 39588 rc = Serialize_UINT32( 39589 command_size, 39590 &command_size_bytes); 39591 if (rc != TPM_RC_SUCCESS) { 39592 return rc; 39593 } 39594 *serialized_command = tag_bytes + 39595 command_size_bytes + 39596 command_code_bytes + 39597 handle_section_bytes + 39598 authorization_size_bytes + 39599 authorization_section_bytes + 39600 parameter_section_bytes; 39601 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 39602 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 39603 serialized_command->size()); 39604 return TPM_RC_SUCCESS; 39605 } 39606 39607 TPM_RC Tpm::ParseResponse_NV_GlobalWriteLock( 39608 const std::string& response, 39609 AuthorizationDelegate* authorization_delegate) { 39610 VLOG(3) << __func__; 39611 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 39612 TPM_RC rc = TPM_RC_SUCCESS; 39613 std::string buffer(response); 39614 TPM_ST tag; 39615 std::string tag_bytes; 39616 rc = Parse_TPM_ST( 39617 &buffer, 39618 &tag, 39619 &tag_bytes); 39620 if (rc != TPM_RC_SUCCESS) { 39621 return rc; 39622 } 39623 UINT32 response_size; 39624 std::string response_size_bytes; 39625 rc = Parse_UINT32( 39626 &buffer, 39627 &response_size, 39628 &response_size_bytes); 39629 if (rc != TPM_RC_SUCCESS) { 39630 return rc; 39631 } 39632 TPM_RC response_code; 39633 std::string response_code_bytes; 39634 rc = Parse_TPM_RC( 39635 &buffer, 39636 &response_code, 39637 &response_code_bytes); 39638 if (rc != TPM_RC_SUCCESS) { 39639 return rc; 39640 } 39641 if (response_size != response.size()) { 39642 return TPM_RC_SIZE; 39643 } 39644 if (response_code != TPM_RC_SUCCESS) { 39645 return response_code; 39646 } 39647 TPM_CC command_code = TPM_CC_NV_GlobalWriteLock; 39648 std::string command_code_bytes; 39649 rc = Serialize_TPM_CC( 39650 command_code, 39651 &command_code_bytes); 39652 if (rc != TPM_RC_SUCCESS) { 39653 return rc; 39654 } 39655 std::string authorization_section_bytes; 39656 if (tag == TPM_ST_SESSIONS) { 39657 UINT32 parameter_section_size = buffer.size(); 39658 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 39659 if (rc != TPM_RC_SUCCESS) { 39660 return rc; 39661 } 39662 if (parameter_section_size > buffer.size()) { 39663 return TPM_RC_INSUFFICIENT; 39664 } 39665 authorization_section_bytes = buffer.substr(parameter_section_size); 39666 // Keep the parameter section in |buffer|. 39667 buffer.erase(parameter_section_size); 39668 } 39669 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 39670 crypto::SecureHash::SHA256)); 39671 hash->Update(response_code_bytes.data(), 39672 response_code_bytes.size()); 39673 hash->Update(command_code_bytes.data(), 39674 command_code_bytes.size()); 39675 hash->Update(buffer.data(), 39676 buffer.size()); 39677 std::string response_hash(32, 0); 39678 hash->Finish(string_as_array(&response_hash), response_hash.size()); 39679 if (tag == TPM_ST_SESSIONS) { 39680 CHECK(authorization_delegate) << "Authorization delegate missing!"; 39681 if (!authorization_delegate->CheckResponseAuthorization( 39682 response_hash, 39683 authorization_section_bytes)) { 39684 return TRUNKS_RC_AUTHORIZATION_FAILED; 39685 } 39686 } 39687 return TPM_RC_SUCCESS; 39688 } 39689 39690 void NV_GlobalWriteLockErrorCallback( 39691 const Tpm::NV_GlobalWriteLockResponse& callback, 39692 TPM_RC response_code) { 39693 VLOG(1) << __func__; 39694 callback.Run(response_code); 39695 } 39696 39697 void NV_GlobalWriteLockResponseParser( 39698 const Tpm::NV_GlobalWriteLockResponse& callback, 39699 AuthorizationDelegate* authorization_delegate, 39700 const std::string& response) { 39701 VLOG(1) << __func__; 39702 base::Callback<void(TPM_RC)> error_reporter = 39703 base::Bind(NV_GlobalWriteLockErrorCallback, callback); 39704 TPM_RC rc = Tpm::ParseResponse_NV_GlobalWriteLock( 39705 response, 39706 authorization_delegate); 39707 if (rc != TPM_RC_SUCCESS) { 39708 error_reporter.Run(rc); 39709 return; 39710 } 39711 callback.Run( 39712 rc); 39713 } 39714 39715 void Tpm::NV_GlobalWriteLock( 39716 const TPMI_RH_PROVISION& auth_handle, 39717 const std::string& auth_handle_name, 39718 AuthorizationDelegate* authorization_delegate, 39719 const NV_GlobalWriteLockResponse& callback) { 39720 VLOG(1) << __func__; 39721 base::Callback<void(TPM_RC)> error_reporter = 39722 base::Bind(NV_GlobalWriteLockErrorCallback, callback); 39723 base::Callback<void(const std::string&)> parser = 39724 base::Bind(NV_GlobalWriteLockResponseParser, 39725 callback, 39726 authorization_delegate); 39727 std::string command; 39728 TPM_RC rc = SerializeCommand_NV_GlobalWriteLock( 39729 auth_handle, 39730 auth_handle_name, 39731 &command, 39732 authorization_delegate); 39733 if (rc != TPM_RC_SUCCESS) { 39734 error_reporter.Run(rc); 39735 return; 39736 } 39737 transceiver_->SendCommand(command, parser); 39738 } 39739 39740 TPM_RC Tpm::NV_GlobalWriteLockSync( 39741 const TPMI_RH_PROVISION& auth_handle, 39742 const std::string& auth_handle_name, 39743 AuthorizationDelegate* authorization_delegate) { 39744 VLOG(1) << __func__; 39745 std::string command; 39746 TPM_RC rc = SerializeCommand_NV_GlobalWriteLock( 39747 auth_handle, 39748 auth_handle_name, 39749 &command, 39750 authorization_delegate); 39751 if (rc != TPM_RC_SUCCESS) { 39752 return rc; 39753 } 39754 std::string response = transceiver_->SendCommandAndWait(command); 39755 rc = ParseResponse_NV_GlobalWriteLock( 39756 response, 39757 authorization_delegate); 39758 return rc; 39759 } 39760 39761 TPM_RC Tpm::SerializeCommand_NV_Read( 39762 const TPMI_RH_NV_AUTH& auth_handle, 39763 const std::string& auth_handle_name, 39764 const TPMI_RH_NV_INDEX& nv_index, 39765 const std::string& nv_index_name, 39766 const UINT16& size, 39767 const UINT16& offset, 39768 std::string* serialized_command, 39769 AuthorizationDelegate* authorization_delegate) { 39770 VLOG(3) << __func__; 39771 TPM_RC rc = TPM_RC_SUCCESS; 39772 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 39773 UINT32 command_size = 10; // Header size. 39774 std::string handle_section_bytes; 39775 std::string parameter_section_bytes; 39776 TPM_CC command_code = TPM_CC_NV_Read; 39777 bool is_command_parameter_encryption_possible = false; 39778 bool is_response_parameter_encryption_possible = true; 39779 std::string command_code_bytes; 39780 rc = Serialize_TPM_CC( 39781 command_code, 39782 &command_code_bytes); 39783 if (rc != TPM_RC_SUCCESS) { 39784 return rc; 39785 } 39786 std::string auth_handle_bytes; 39787 rc = Serialize_TPMI_RH_NV_AUTH( 39788 auth_handle, 39789 &auth_handle_bytes); 39790 if (rc != TPM_RC_SUCCESS) { 39791 return rc; 39792 } 39793 std::string nv_index_bytes; 39794 rc = Serialize_TPMI_RH_NV_INDEX( 39795 nv_index, 39796 &nv_index_bytes); 39797 if (rc != TPM_RC_SUCCESS) { 39798 return rc; 39799 } 39800 std::string size_bytes; 39801 rc = Serialize_UINT16( 39802 size, 39803 &size_bytes); 39804 if (rc != TPM_RC_SUCCESS) { 39805 return rc; 39806 } 39807 std::string offset_bytes; 39808 rc = Serialize_UINT16( 39809 offset, 39810 &offset_bytes); 39811 if (rc != TPM_RC_SUCCESS) { 39812 return rc; 39813 } 39814 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 39815 crypto::SecureHash::SHA256)); 39816 hash->Update(command_code_bytes.data(), 39817 command_code_bytes.size()); 39818 hash->Update(auth_handle_name.data(), 39819 auth_handle_name.size()); 39820 handle_section_bytes += auth_handle_bytes; 39821 command_size += auth_handle_bytes.size(); 39822 hash->Update(nv_index_name.data(), 39823 nv_index_name.size()); 39824 handle_section_bytes += nv_index_bytes; 39825 command_size += nv_index_bytes.size(); 39826 hash->Update(size_bytes.data(), 39827 size_bytes.size()); 39828 parameter_section_bytes += size_bytes; 39829 command_size += size_bytes.size(); 39830 hash->Update(offset_bytes.data(), 39831 offset_bytes.size()); 39832 parameter_section_bytes += offset_bytes; 39833 command_size += offset_bytes.size(); 39834 std::string command_hash(32, 0); 39835 hash->Finish(string_as_array(&command_hash), command_hash.size()); 39836 std::string authorization_section_bytes; 39837 std::string authorization_size_bytes; 39838 if (authorization_delegate) { 39839 if (!authorization_delegate->GetCommandAuthorization( 39840 command_hash, 39841 is_command_parameter_encryption_possible, 39842 is_response_parameter_encryption_possible, 39843 &authorization_section_bytes)) { 39844 return TRUNKS_RC_AUTHORIZATION_FAILED; 39845 } 39846 if (!authorization_section_bytes.empty()) { 39847 tag = TPM_ST_SESSIONS; 39848 std::string tmp; 39849 rc = Serialize_UINT32(authorization_section_bytes.size(), 39850 &authorization_size_bytes); 39851 if (rc != TPM_RC_SUCCESS) { 39852 return rc; 39853 } 39854 command_size += authorization_size_bytes.size() + 39855 authorization_section_bytes.size(); 39856 } 39857 } 39858 std::string tag_bytes; 39859 rc = Serialize_TPMI_ST_COMMAND_TAG( 39860 tag, 39861 &tag_bytes); 39862 if (rc != TPM_RC_SUCCESS) { 39863 return rc; 39864 } 39865 std::string command_size_bytes; 39866 rc = Serialize_UINT32( 39867 command_size, 39868 &command_size_bytes); 39869 if (rc != TPM_RC_SUCCESS) { 39870 return rc; 39871 } 39872 *serialized_command = tag_bytes + 39873 command_size_bytes + 39874 command_code_bytes + 39875 handle_section_bytes + 39876 authorization_size_bytes + 39877 authorization_section_bytes + 39878 parameter_section_bytes; 39879 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 39880 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 39881 serialized_command->size()); 39882 return TPM_RC_SUCCESS; 39883 } 39884 39885 TPM_RC Tpm::ParseResponse_NV_Read( 39886 const std::string& response, 39887 TPM2B_MAX_NV_BUFFER* data, 39888 AuthorizationDelegate* authorization_delegate) { 39889 VLOG(3) << __func__; 39890 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 39891 TPM_RC rc = TPM_RC_SUCCESS; 39892 std::string buffer(response); 39893 TPM_ST tag; 39894 std::string tag_bytes; 39895 rc = Parse_TPM_ST( 39896 &buffer, 39897 &tag, 39898 &tag_bytes); 39899 if (rc != TPM_RC_SUCCESS) { 39900 return rc; 39901 } 39902 UINT32 response_size; 39903 std::string response_size_bytes; 39904 rc = Parse_UINT32( 39905 &buffer, 39906 &response_size, 39907 &response_size_bytes); 39908 if (rc != TPM_RC_SUCCESS) { 39909 return rc; 39910 } 39911 TPM_RC response_code; 39912 std::string response_code_bytes; 39913 rc = Parse_TPM_RC( 39914 &buffer, 39915 &response_code, 39916 &response_code_bytes); 39917 if (rc != TPM_RC_SUCCESS) { 39918 return rc; 39919 } 39920 if (response_size != response.size()) { 39921 return TPM_RC_SIZE; 39922 } 39923 if (response_code != TPM_RC_SUCCESS) { 39924 return response_code; 39925 } 39926 TPM_CC command_code = TPM_CC_NV_Read; 39927 std::string command_code_bytes; 39928 rc = Serialize_TPM_CC( 39929 command_code, 39930 &command_code_bytes); 39931 if (rc != TPM_RC_SUCCESS) { 39932 return rc; 39933 } 39934 std::string authorization_section_bytes; 39935 if (tag == TPM_ST_SESSIONS) { 39936 UINT32 parameter_section_size = buffer.size(); 39937 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 39938 if (rc != TPM_RC_SUCCESS) { 39939 return rc; 39940 } 39941 if (parameter_section_size > buffer.size()) { 39942 return TPM_RC_INSUFFICIENT; 39943 } 39944 authorization_section_bytes = buffer.substr(parameter_section_size); 39945 // Keep the parameter section in |buffer|. 39946 buffer.erase(parameter_section_size); 39947 } 39948 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 39949 crypto::SecureHash::SHA256)); 39950 hash->Update(response_code_bytes.data(), 39951 response_code_bytes.size()); 39952 hash->Update(command_code_bytes.data(), 39953 command_code_bytes.size()); 39954 hash->Update(buffer.data(), 39955 buffer.size()); 39956 std::string response_hash(32, 0); 39957 hash->Finish(string_as_array(&response_hash), response_hash.size()); 39958 if (tag == TPM_ST_SESSIONS) { 39959 CHECK(authorization_delegate) << "Authorization delegate missing!"; 39960 if (!authorization_delegate->CheckResponseAuthorization( 39961 response_hash, 39962 authorization_section_bytes)) { 39963 return TRUNKS_RC_AUTHORIZATION_FAILED; 39964 } 39965 } 39966 std::string data_bytes; 39967 rc = Parse_TPM2B_MAX_NV_BUFFER( 39968 &buffer, 39969 data, 39970 &data_bytes); 39971 if (rc != TPM_RC_SUCCESS) { 39972 return rc; 39973 } 39974 if (tag == TPM_ST_SESSIONS) { 39975 CHECK(authorization_delegate) << "Authorization delegate missing!"; 39976 // Decrypt just the parameter data, not the size. 39977 std::string tmp = data_bytes.substr(2); 39978 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 39979 return TRUNKS_RC_ENCRYPTION_FAILED; 39980 } 39981 data_bytes.replace(2, std::string::npos, tmp); 39982 rc = Parse_TPM2B_MAX_NV_BUFFER( 39983 &data_bytes, 39984 data, 39985 nullptr); 39986 if (rc != TPM_RC_SUCCESS) { 39987 return rc; 39988 } 39989 } 39990 return TPM_RC_SUCCESS; 39991 } 39992 39993 void NV_ReadErrorCallback( 39994 const Tpm::NV_ReadResponse& callback, 39995 TPM_RC response_code) { 39996 VLOG(1) << __func__; 39997 callback.Run(response_code, 39998 TPM2B_MAX_NV_BUFFER()); 39999 } 40000 40001 void NV_ReadResponseParser( 40002 const Tpm::NV_ReadResponse& callback, 40003 AuthorizationDelegate* authorization_delegate, 40004 const std::string& response) { 40005 VLOG(1) << __func__; 40006 base::Callback<void(TPM_RC)> error_reporter = 40007 base::Bind(NV_ReadErrorCallback, callback); 40008 TPM2B_MAX_NV_BUFFER data; 40009 TPM_RC rc = Tpm::ParseResponse_NV_Read( 40010 response, 40011 &data, 40012 authorization_delegate); 40013 if (rc != TPM_RC_SUCCESS) { 40014 error_reporter.Run(rc); 40015 return; 40016 } 40017 callback.Run( 40018 rc, 40019 data); 40020 } 40021 40022 void Tpm::NV_Read( 40023 const TPMI_RH_NV_AUTH& auth_handle, 40024 const std::string& auth_handle_name, 40025 const TPMI_RH_NV_INDEX& nv_index, 40026 const std::string& nv_index_name, 40027 const UINT16& size, 40028 const UINT16& offset, 40029 AuthorizationDelegate* authorization_delegate, 40030 const NV_ReadResponse& callback) { 40031 VLOG(1) << __func__; 40032 base::Callback<void(TPM_RC)> error_reporter = 40033 base::Bind(NV_ReadErrorCallback, callback); 40034 base::Callback<void(const std::string&)> parser = 40035 base::Bind(NV_ReadResponseParser, 40036 callback, 40037 authorization_delegate); 40038 std::string command; 40039 TPM_RC rc = SerializeCommand_NV_Read( 40040 auth_handle, 40041 auth_handle_name, 40042 nv_index, 40043 nv_index_name, 40044 size, 40045 offset, 40046 &command, 40047 authorization_delegate); 40048 if (rc != TPM_RC_SUCCESS) { 40049 error_reporter.Run(rc); 40050 return; 40051 } 40052 transceiver_->SendCommand(command, parser); 40053 } 40054 40055 TPM_RC Tpm::NV_ReadSync( 40056 const TPMI_RH_NV_AUTH& auth_handle, 40057 const std::string& auth_handle_name, 40058 const TPMI_RH_NV_INDEX& nv_index, 40059 const std::string& nv_index_name, 40060 const UINT16& size, 40061 const UINT16& offset, 40062 TPM2B_MAX_NV_BUFFER* data, 40063 AuthorizationDelegate* authorization_delegate) { 40064 VLOG(1) << __func__; 40065 std::string command; 40066 TPM_RC rc = SerializeCommand_NV_Read( 40067 auth_handle, 40068 auth_handle_name, 40069 nv_index, 40070 nv_index_name, 40071 size, 40072 offset, 40073 &command, 40074 authorization_delegate); 40075 if (rc != TPM_RC_SUCCESS) { 40076 return rc; 40077 } 40078 std::string response = transceiver_->SendCommandAndWait(command); 40079 rc = ParseResponse_NV_Read( 40080 response, 40081 data, 40082 authorization_delegate); 40083 return rc; 40084 } 40085 40086 TPM_RC Tpm::SerializeCommand_NV_ReadLock( 40087 const TPMI_RH_NV_AUTH& auth_handle, 40088 const std::string& auth_handle_name, 40089 const TPMI_RH_NV_INDEX& nv_index, 40090 const std::string& nv_index_name, 40091 std::string* serialized_command, 40092 AuthorizationDelegate* authorization_delegate) { 40093 VLOG(3) << __func__; 40094 TPM_RC rc = TPM_RC_SUCCESS; 40095 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 40096 UINT32 command_size = 10; // Header size. 40097 std::string handle_section_bytes; 40098 std::string parameter_section_bytes; 40099 TPM_CC command_code = TPM_CC_NV_ReadLock; 40100 bool is_command_parameter_encryption_possible = false; 40101 bool is_response_parameter_encryption_possible = false; 40102 std::string command_code_bytes; 40103 rc = Serialize_TPM_CC( 40104 command_code, 40105 &command_code_bytes); 40106 if (rc != TPM_RC_SUCCESS) { 40107 return rc; 40108 } 40109 std::string auth_handle_bytes; 40110 rc = Serialize_TPMI_RH_NV_AUTH( 40111 auth_handle, 40112 &auth_handle_bytes); 40113 if (rc != TPM_RC_SUCCESS) { 40114 return rc; 40115 } 40116 std::string nv_index_bytes; 40117 rc = Serialize_TPMI_RH_NV_INDEX( 40118 nv_index, 40119 &nv_index_bytes); 40120 if (rc != TPM_RC_SUCCESS) { 40121 return rc; 40122 } 40123 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 40124 crypto::SecureHash::SHA256)); 40125 hash->Update(command_code_bytes.data(), 40126 command_code_bytes.size()); 40127 hash->Update(auth_handle_name.data(), 40128 auth_handle_name.size()); 40129 handle_section_bytes += auth_handle_bytes; 40130 command_size += auth_handle_bytes.size(); 40131 hash->Update(nv_index_name.data(), 40132 nv_index_name.size()); 40133 handle_section_bytes += nv_index_bytes; 40134 command_size += nv_index_bytes.size(); 40135 std::string command_hash(32, 0); 40136 hash->Finish(string_as_array(&command_hash), command_hash.size()); 40137 std::string authorization_section_bytes; 40138 std::string authorization_size_bytes; 40139 if (authorization_delegate) { 40140 if (!authorization_delegate->GetCommandAuthorization( 40141 command_hash, 40142 is_command_parameter_encryption_possible, 40143 is_response_parameter_encryption_possible, 40144 &authorization_section_bytes)) { 40145 return TRUNKS_RC_AUTHORIZATION_FAILED; 40146 } 40147 if (!authorization_section_bytes.empty()) { 40148 tag = TPM_ST_SESSIONS; 40149 std::string tmp; 40150 rc = Serialize_UINT32(authorization_section_bytes.size(), 40151 &authorization_size_bytes); 40152 if (rc != TPM_RC_SUCCESS) { 40153 return rc; 40154 } 40155 command_size += authorization_size_bytes.size() + 40156 authorization_section_bytes.size(); 40157 } 40158 } 40159 std::string tag_bytes; 40160 rc = Serialize_TPMI_ST_COMMAND_TAG( 40161 tag, 40162 &tag_bytes); 40163 if (rc != TPM_RC_SUCCESS) { 40164 return rc; 40165 } 40166 std::string command_size_bytes; 40167 rc = Serialize_UINT32( 40168 command_size, 40169 &command_size_bytes); 40170 if (rc != TPM_RC_SUCCESS) { 40171 return rc; 40172 } 40173 *serialized_command = tag_bytes + 40174 command_size_bytes + 40175 command_code_bytes + 40176 handle_section_bytes + 40177 authorization_size_bytes + 40178 authorization_section_bytes + 40179 parameter_section_bytes; 40180 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 40181 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 40182 serialized_command->size()); 40183 return TPM_RC_SUCCESS; 40184 } 40185 40186 TPM_RC Tpm::ParseResponse_NV_ReadLock( 40187 const std::string& response, 40188 AuthorizationDelegate* authorization_delegate) { 40189 VLOG(3) << __func__; 40190 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 40191 TPM_RC rc = TPM_RC_SUCCESS; 40192 std::string buffer(response); 40193 TPM_ST tag; 40194 std::string tag_bytes; 40195 rc = Parse_TPM_ST( 40196 &buffer, 40197 &tag, 40198 &tag_bytes); 40199 if (rc != TPM_RC_SUCCESS) { 40200 return rc; 40201 } 40202 UINT32 response_size; 40203 std::string response_size_bytes; 40204 rc = Parse_UINT32( 40205 &buffer, 40206 &response_size, 40207 &response_size_bytes); 40208 if (rc != TPM_RC_SUCCESS) { 40209 return rc; 40210 } 40211 TPM_RC response_code; 40212 std::string response_code_bytes; 40213 rc = Parse_TPM_RC( 40214 &buffer, 40215 &response_code, 40216 &response_code_bytes); 40217 if (rc != TPM_RC_SUCCESS) { 40218 return rc; 40219 } 40220 if (response_size != response.size()) { 40221 return TPM_RC_SIZE; 40222 } 40223 if (response_code != TPM_RC_SUCCESS) { 40224 return response_code; 40225 } 40226 TPM_CC command_code = TPM_CC_NV_ReadLock; 40227 std::string command_code_bytes; 40228 rc = Serialize_TPM_CC( 40229 command_code, 40230 &command_code_bytes); 40231 if (rc != TPM_RC_SUCCESS) { 40232 return rc; 40233 } 40234 std::string authorization_section_bytes; 40235 if (tag == TPM_ST_SESSIONS) { 40236 UINT32 parameter_section_size = buffer.size(); 40237 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 40238 if (rc != TPM_RC_SUCCESS) { 40239 return rc; 40240 } 40241 if (parameter_section_size > buffer.size()) { 40242 return TPM_RC_INSUFFICIENT; 40243 } 40244 authorization_section_bytes = buffer.substr(parameter_section_size); 40245 // Keep the parameter section in |buffer|. 40246 buffer.erase(parameter_section_size); 40247 } 40248 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 40249 crypto::SecureHash::SHA256)); 40250 hash->Update(response_code_bytes.data(), 40251 response_code_bytes.size()); 40252 hash->Update(command_code_bytes.data(), 40253 command_code_bytes.size()); 40254 hash->Update(buffer.data(), 40255 buffer.size()); 40256 std::string response_hash(32, 0); 40257 hash->Finish(string_as_array(&response_hash), response_hash.size()); 40258 if (tag == TPM_ST_SESSIONS) { 40259 CHECK(authorization_delegate) << "Authorization delegate missing!"; 40260 if (!authorization_delegate->CheckResponseAuthorization( 40261 response_hash, 40262 authorization_section_bytes)) { 40263 return TRUNKS_RC_AUTHORIZATION_FAILED; 40264 } 40265 } 40266 return TPM_RC_SUCCESS; 40267 } 40268 40269 void NV_ReadLockErrorCallback( 40270 const Tpm::NV_ReadLockResponse& callback, 40271 TPM_RC response_code) { 40272 VLOG(1) << __func__; 40273 callback.Run(response_code); 40274 } 40275 40276 void NV_ReadLockResponseParser( 40277 const Tpm::NV_ReadLockResponse& callback, 40278 AuthorizationDelegate* authorization_delegate, 40279 const std::string& response) { 40280 VLOG(1) << __func__; 40281 base::Callback<void(TPM_RC)> error_reporter = 40282 base::Bind(NV_ReadLockErrorCallback, callback); 40283 TPM_RC rc = Tpm::ParseResponse_NV_ReadLock( 40284 response, 40285 authorization_delegate); 40286 if (rc != TPM_RC_SUCCESS) { 40287 error_reporter.Run(rc); 40288 return; 40289 } 40290 callback.Run( 40291 rc); 40292 } 40293 40294 void Tpm::NV_ReadLock( 40295 const TPMI_RH_NV_AUTH& auth_handle, 40296 const std::string& auth_handle_name, 40297 const TPMI_RH_NV_INDEX& nv_index, 40298 const std::string& nv_index_name, 40299 AuthorizationDelegate* authorization_delegate, 40300 const NV_ReadLockResponse& callback) { 40301 VLOG(1) << __func__; 40302 base::Callback<void(TPM_RC)> error_reporter = 40303 base::Bind(NV_ReadLockErrorCallback, callback); 40304 base::Callback<void(const std::string&)> parser = 40305 base::Bind(NV_ReadLockResponseParser, 40306 callback, 40307 authorization_delegate); 40308 std::string command; 40309 TPM_RC rc = SerializeCommand_NV_ReadLock( 40310 auth_handle, 40311 auth_handle_name, 40312 nv_index, 40313 nv_index_name, 40314 &command, 40315 authorization_delegate); 40316 if (rc != TPM_RC_SUCCESS) { 40317 error_reporter.Run(rc); 40318 return; 40319 } 40320 transceiver_->SendCommand(command, parser); 40321 } 40322 40323 TPM_RC Tpm::NV_ReadLockSync( 40324 const TPMI_RH_NV_AUTH& auth_handle, 40325 const std::string& auth_handle_name, 40326 const TPMI_RH_NV_INDEX& nv_index, 40327 const std::string& nv_index_name, 40328 AuthorizationDelegate* authorization_delegate) { 40329 VLOG(1) << __func__; 40330 std::string command; 40331 TPM_RC rc = SerializeCommand_NV_ReadLock( 40332 auth_handle, 40333 auth_handle_name, 40334 nv_index, 40335 nv_index_name, 40336 &command, 40337 authorization_delegate); 40338 if (rc != TPM_RC_SUCCESS) { 40339 return rc; 40340 } 40341 std::string response = transceiver_->SendCommandAndWait(command); 40342 rc = ParseResponse_NV_ReadLock( 40343 response, 40344 authorization_delegate); 40345 return rc; 40346 } 40347 40348 TPM_RC Tpm::SerializeCommand_NV_ChangeAuth( 40349 const TPMI_RH_NV_INDEX& nv_index, 40350 const std::string& nv_index_name, 40351 const TPM2B_AUTH& new_auth, 40352 std::string* serialized_command, 40353 AuthorizationDelegate* authorization_delegate) { 40354 VLOG(3) << __func__; 40355 TPM_RC rc = TPM_RC_SUCCESS; 40356 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 40357 UINT32 command_size = 10; // Header size. 40358 std::string handle_section_bytes; 40359 std::string parameter_section_bytes; 40360 TPM_CC command_code = TPM_CC_NV_ChangeAuth; 40361 bool is_command_parameter_encryption_possible = true; 40362 bool is_response_parameter_encryption_possible = false; 40363 std::string command_code_bytes; 40364 rc = Serialize_TPM_CC( 40365 command_code, 40366 &command_code_bytes); 40367 if (rc != TPM_RC_SUCCESS) { 40368 return rc; 40369 } 40370 std::string nv_index_bytes; 40371 rc = Serialize_TPMI_RH_NV_INDEX( 40372 nv_index, 40373 &nv_index_bytes); 40374 if (rc != TPM_RC_SUCCESS) { 40375 return rc; 40376 } 40377 std::string new_auth_bytes; 40378 rc = Serialize_TPM2B_AUTH( 40379 new_auth, 40380 &new_auth_bytes); 40381 if (rc != TPM_RC_SUCCESS) { 40382 return rc; 40383 } 40384 if (authorization_delegate) { 40385 // Encrypt just the parameter data, not the size. 40386 std::string tmp = new_auth_bytes.substr(2); 40387 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 40388 return TRUNKS_RC_ENCRYPTION_FAILED; 40389 } 40390 new_auth_bytes.replace(2, std::string::npos, tmp); 40391 } 40392 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 40393 crypto::SecureHash::SHA256)); 40394 hash->Update(command_code_bytes.data(), 40395 command_code_bytes.size()); 40396 hash->Update(nv_index_name.data(), 40397 nv_index_name.size()); 40398 handle_section_bytes += nv_index_bytes; 40399 command_size += nv_index_bytes.size(); 40400 hash->Update(new_auth_bytes.data(), 40401 new_auth_bytes.size()); 40402 parameter_section_bytes += new_auth_bytes; 40403 command_size += new_auth_bytes.size(); 40404 std::string command_hash(32, 0); 40405 hash->Finish(string_as_array(&command_hash), command_hash.size()); 40406 std::string authorization_section_bytes; 40407 std::string authorization_size_bytes; 40408 if (authorization_delegate) { 40409 if (!authorization_delegate->GetCommandAuthorization( 40410 command_hash, 40411 is_command_parameter_encryption_possible, 40412 is_response_parameter_encryption_possible, 40413 &authorization_section_bytes)) { 40414 return TRUNKS_RC_AUTHORIZATION_FAILED; 40415 } 40416 if (!authorization_section_bytes.empty()) { 40417 tag = TPM_ST_SESSIONS; 40418 std::string tmp; 40419 rc = Serialize_UINT32(authorization_section_bytes.size(), 40420 &authorization_size_bytes); 40421 if (rc != TPM_RC_SUCCESS) { 40422 return rc; 40423 } 40424 command_size += authorization_size_bytes.size() + 40425 authorization_section_bytes.size(); 40426 } 40427 } 40428 std::string tag_bytes; 40429 rc = Serialize_TPMI_ST_COMMAND_TAG( 40430 tag, 40431 &tag_bytes); 40432 if (rc != TPM_RC_SUCCESS) { 40433 return rc; 40434 } 40435 std::string command_size_bytes; 40436 rc = Serialize_UINT32( 40437 command_size, 40438 &command_size_bytes); 40439 if (rc != TPM_RC_SUCCESS) { 40440 return rc; 40441 } 40442 *serialized_command = tag_bytes + 40443 command_size_bytes + 40444 command_code_bytes + 40445 handle_section_bytes + 40446 authorization_size_bytes + 40447 authorization_section_bytes + 40448 parameter_section_bytes; 40449 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 40450 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 40451 serialized_command->size()); 40452 return TPM_RC_SUCCESS; 40453 } 40454 40455 TPM_RC Tpm::ParseResponse_NV_ChangeAuth( 40456 const std::string& response, 40457 AuthorizationDelegate* authorization_delegate) { 40458 VLOG(3) << __func__; 40459 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 40460 TPM_RC rc = TPM_RC_SUCCESS; 40461 std::string buffer(response); 40462 TPM_ST tag; 40463 std::string tag_bytes; 40464 rc = Parse_TPM_ST( 40465 &buffer, 40466 &tag, 40467 &tag_bytes); 40468 if (rc != TPM_RC_SUCCESS) { 40469 return rc; 40470 } 40471 UINT32 response_size; 40472 std::string response_size_bytes; 40473 rc = Parse_UINT32( 40474 &buffer, 40475 &response_size, 40476 &response_size_bytes); 40477 if (rc != TPM_RC_SUCCESS) { 40478 return rc; 40479 } 40480 TPM_RC response_code; 40481 std::string response_code_bytes; 40482 rc = Parse_TPM_RC( 40483 &buffer, 40484 &response_code, 40485 &response_code_bytes); 40486 if (rc != TPM_RC_SUCCESS) { 40487 return rc; 40488 } 40489 if (response_size != response.size()) { 40490 return TPM_RC_SIZE; 40491 } 40492 if (response_code != TPM_RC_SUCCESS) { 40493 return response_code; 40494 } 40495 TPM_CC command_code = TPM_CC_NV_ChangeAuth; 40496 std::string command_code_bytes; 40497 rc = Serialize_TPM_CC( 40498 command_code, 40499 &command_code_bytes); 40500 if (rc != TPM_RC_SUCCESS) { 40501 return rc; 40502 } 40503 std::string authorization_section_bytes; 40504 if (tag == TPM_ST_SESSIONS) { 40505 UINT32 parameter_section_size = buffer.size(); 40506 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 40507 if (rc != TPM_RC_SUCCESS) { 40508 return rc; 40509 } 40510 if (parameter_section_size > buffer.size()) { 40511 return TPM_RC_INSUFFICIENT; 40512 } 40513 authorization_section_bytes = buffer.substr(parameter_section_size); 40514 // Keep the parameter section in |buffer|. 40515 buffer.erase(parameter_section_size); 40516 } 40517 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 40518 crypto::SecureHash::SHA256)); 40519 hash->Update(response_code_bytes.data(), 40520 response_code_bytes.size()); 40521 hash->Update(command_code_bytes.data(), 40522 command_code_bytes.size()); 40523 hash->Update(buffer.data(), 40524 buffer.size()); 40525 std::string response_hash(32, 0); 40526 hash->Finish(string_as_array(&response_hash), response_hash.size()); 40527 if (tag == TPM_ST_SESSIONS) { 40528 CHECK(authorization_delegate) << "Authorization delegate missing!"; 40529 if (!authorization_delegate->CheckResponseAuthorization( 40530 response_hash, 40531 authorization_section_bytes)) { 40532 return TRUNKS_RC_AUTHORIZATION_FAILED; 40533 } 40534 } 40535 return TPM_RC_SUCCESS; 40536 } 40537 40538 void NV_ChangeAuthErrorCallback( 40539 const Tpm::NV_ChangeAuthResponse& callback, 40540 TPM_RC response_code) { 40541 VLOG(1) << __func__; 40542 callback.Run(response_code); 40543 } 40544 40545 void NV_ChangeAuthResponseParser( 40546 const Tpm::NV_ChangeAuthResponse& callback, 40547 AuthorizationDelegate* authorization_delegate, 40548 const std::string& response) { 40549 VLOG(1) << __func__; 40550 base::Callback<void(TPM_RC)> error_reporter = 40551 base::Bind(NV_ChangeAuthErrorCallback, callback); 40552 TPM_RC rc = Tpm::ParseResponse_NV_ChangeAuth( 40553 response, 40554 authorization_delegate); 40555 if (rc != TPM_RC_SUCCESS) { 40556 error_reporter.Run(rc); 40557 return; 40558 } 40559 callback.Run( 40560 rc); 40561 } 40562 40563 void Tpm::NV_ChangeAuth( 40564 const TPMI_RH_NV_INDEX& nv_index, 40565 const std::string& nv_index_name, 40566 const TPM2B_AUTH& new_auth, 40567 AuthorizationDelegate* authorization_delegate, 40568 const NV_ChangeAuthResponse& callback) { 40569 VLOG(1) << __func__; 40570 base::Callback<void(TPM_RC)> error_reporter = 40571 base::Bind(NV_ChangeAuthErrorCallback, callback); 40572 base::Callback<void(const std::string&)> parser = 40573 base::Bind(NV_ChangeAuthResponseParser, 40574 callback, 40575 authorization_delegate); 40576 std::string command; 40577 TPM_RC rc = SerializeCommand_NV_ChangeAuth( 40578 nv_index, 40579 nv_index_name, 40580 new_auth, 40581 &command, 40582 authorization_delegate); 40583 if (rc != TPM_RC_SUCCESS) { 40584 error_reporter.Run(rc); 40585 return; 40586 } 40587 transceiver_->SendCommand(command, parser); 40588 } 40589 40590 TPM_RC Tpm::NV_ChangeAuthSync( 40591 const TPMI_RH_NV_INDEX& nv_index, 40592 const std::string& nv_index_name, 40593 const TPM2B_AUTH& new_auth, 40594 AuthorizationDelegate* authorization_delegate) { 40595 VLOG(1) << __func__; 40596 std::string command; 40597 TPM_RC rc = SerializeCommand_NV_ChangeAuth( 40598 nv_index, 40599 nv_index_name, 40600 new_auth, 40601 &command, 40602 authorization_delegate); 40603 if (rc != TPM_RC_SUCCESS) { 40604 return rc; 40605 } 40606 std::string response = transceiver_->SendCommandAndWait(command); 40607 rc = ParseResponse_NV_ChangeAuth( 40608 response, 40609 authorization_delegate); 40610 return rc; 40611 } 40612 40613 TPM_RC Tpm::SerializeCommand_NV_Certify( 40614 const TPMI_DH_OBJECT& sign_handle, 40615 const std::string& sign_handle_name, 40616 const TPMI_RH_NV_AUTH& auth_handle, 40617 const std::string& auth_handle_name, 40618 const TPMI_RH_NV_INDEX& nv_index, 40619 const std::string& nv_index_name, 40620 const TPM2B_DATA& qualifying_data, 40621 const TPMT_SIG_SCHEME& in_scheme, 40622 const UINT16& size, 40623 const UINT16& offset, 40624 std::string* serialized_command, 40625 AuthorizationDelegate* authorization_delegate) { 40626 VLOG(3) << __func__; 40627 TPM_RC rc = TPM_RC_SUCCESS; 40628 TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; 40629 UINT32 command_size = 10; // Header size. 40630 std::string handle_section_bytes; 40631 std::string parameter_section_bytes; 40632 TPM_CC command_code = TPM_CC_NV_Certify; 40633 bool is_command_parameter_encryption_possible = true; 40634 bool is_response_parameter_encryption_possible = true; 40635 std::string command_code_bytes; 40636 rc = Serialize_TPM_CC( 40637 command_code, 40638 &command_code_bytes); 40639 if (rc != TPM_RC_SUCCESS) { 40640 return rc; 40641 } 40642 std::string sign_handle_bytes; 40643 rc = Serialize_TPMI_DH_OBJECT( 40644 sign_handle, 40645 &sign_handle_bytes); 40646 if (rc != TPM_RC_SUCCESS) { 40647 return rc; 40648 } 40649 std::string auth_handle_bytes; 40650 rc = Serialize_TPMI_RH_NV_AUTH( 40651 auth_handle, 40652 &auth_handle_bytes); 40653 if (rc != TPM_RC_SUCCESS) { 40654 return rc; 40655 } 40656 std::string nv_index_bytes; 40657 rc = Serialize_TPMI_RH_NV_INDEX( 40658 nv_index, 40659 &nv_index_bytes); 40660 if (rc != TPM_RC_SUCCESS) { 40661 return rc; 40662 } 40663 std::string qualifying_data_bytes; 40664 rc = Serialize_TPM2B_DATA( 40665 qualifying_data, 40666 &qualifying_data_bytes); 40667 if (rc != TPM_RC_SUCCESS) { 40668 return rc; 40669 } 40670 std::string in_scheme_bytes; 40671 rc = Serialize_TPMT_SIG_SCHEME( 40672 in_scheme, 40673 &in_scheme_bytes); 40674 if (rc != TPM_RC_SUCCESS) { 40675 return rc; 40676 } 40677 std::string size_bytes; 40678 rc = Serialize_UINT16( 40679 size, 40680 &size_bytes); 40681 if (rc != TPM_RC_SUCCESS) { 40682 return rc; 40683 } 40684 std::string offset_bytes; 40685 rc = Serialize_UINT16( 40686 offset, 40687 &offset_bytes); 40688 if (rc != TPM_RC_SUCCESS) { 40689 return rc; 40690 } 40691 if (authorization_delegate) { 40692 // Encrypt just the parameter data, not the size. 40693 std::string tmp = qualifying_data_bytes.substr(2); 40694 if (!authorization_delegate->EncryptCommandParameter(&tmp)) { 40695 return TRUNKS_RC_ENCRYPTION_FAILED; 40696 } 40697 qualifying_data_bytes.replace(2, std::string::npos, tmp); 40698 } 40699 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 40700 crypto::SecureHash::SHA256)); 40701 hash->Update(command_code_bytes.data(), 40702 command_code_bytes.size()); 40703 hash->Update(sign_handle_name.data(), 40704 sign_handle_name.size()); 40705 handle_section_bytes += sign_handle_bytes; 40706 command_size += sign_handle_bytes.size(); 40707 hash->Update(auth_handle_name.data(), 40708 auth_handle_name.size()); 40709 handle_section_bytes += auth_handle_bytes; 40710 command_size += auth_handle_bytes.size(); 40711 hash->Update(nv_index_name.data(), 40712 nv_index_name.size()); 40713 handle_section_bytes += nv_index_bytes; 40714 command_size += nv_index_bytes.size(); 40715 hash->Update(qualifying_data_bytes.data(), 40716 qualifying_data_bytes.size()); 40717 parameter_section_bytes += qualifying_data_bytes; 40718 command_size += qualifying_data_bytes.size(); 40719 hash->Update(in_scheme_bytes.data(), 40720 in_scheme_bytes.size()); 40721 parameter_section_bytes += in_scheme_bytes; 40722 command_size += in_scheme_bytes.size(); 40723 hash->Update(size_bytes.data(), 40724 size_bytes.size()); 40725 parameter_section_bytes += size_bytes; 40726 command_size += size_bytes.size(); 40727 hash->Update(offset_bytes.data(), 40728 offset_bytes.size()); 40729 parameter_section_bytes += offset_bytes; 40730 command_size += offset_bytes.size(); 40731 std::string command_hash(32, 0); 40732 hash->Finish(string_as_array(&command_hash), command_hash.size()); 40733 std::string authorization_section_bytes; 40734 std::string authorization_size_bytes; 40735 if (authorization_delegate) { 40736 if (!authorization_delegate->GetCommandAuthorization( 40737 command_hash, 40738 is_command_parameter_encryption_possible, 40739 is_response_parameter_encryption_possible, 40740 &authorization_section_bytes)) { 40741 return TRUNKS_RC_AUTHORIZATION_FAILED; 40742 } 40743 if (!authorization_section_bytes.empty()) { 40744 tag = TPM_ST_SESSIONS; 40745 std::string tmp; 40746 rc = Serialize_UINT32(authorization_section_bytes.size(), 40747 &authorization_size_bytes); 40748 if (rc != TPM_RC_SUCCESS) { 40749 return rc; 40750 } 40751 command_size += authorization_size_bytes.size() + 40752 authorization_section_bytes.size(); 40753 } 40754 } 40755 std::string tag_bytes; 40756 rc = Serialize_TPMI_ST_COMMAND_TAG( 40757 tag, 40758 &tag_bytes); 40759 if (rc != TPM_RC_SUCCESS) { 40760 return rc; 40761 } 40762 std::string command_size_bytes; 40763 rc = Serialize_UINT32( 40764 command_size, 40765 &command_size_bytes); 40766 if (rc != TPM_RC_SUCCESS) { 40767 return rc; 40768 } 40769 *serialized_command = tag_bytes + 40770 command_size_bytes + 40771 command_code_bytes + 40772 handle_section_bytes + 40773 authorization_size_bytes + 40774 authorization_section_bytes + 40775 parameter_section_bytes; 40776 CHECK(serialized_command->size() == command_size) << "Command size mismatch!"; 40777 VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(), 40778 serialized_command->size()); 40779 return TPM_RC_SUCCESS; 40780 } 40781 40782 TPM_RC Tpm::ParseResponse_NV_Certify( 40783 const std::string& response, 40784 TPM2B_ATTEST* certify_info, 40785 TPMT_SIGNATURE* signature, 40786 AuthorizationDelegate* authorization_delegate) { 40787 VLOG(3) << __func__; 40788 VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size()); 40789 TPM_RC rc = TPM_RC_SUCCESS; 40790 std::string buffer(response); 40791 TPM_ST tag; 40792 std::string tag_bytes; 40793 rc = Parse_TPM_ST( 40794 &buffer, 40795 &tag, 40796 &tag_bytes); 40797 if (rc != TPM_RC_SUCCESS) { 40798 return rc; 40799 } 40800 UINT32 response_size; 40801 std::string response_size_bytes; 40802 rc = Parse_UINT32( 40803 &buffer, 40804 &response_size, 40805 &response_size_bytes); 40806 if (rc != TPM_RC_SUCCESS) { 40807 return rc; 40808 } 40809 TPM_RC response_code; 40810 std::string response_code_bytes; 40811 rc = Parse_TPM_RC( 40812 &buffer, 40813 &response_code, 40814 &response_code_bytes); 40815 if (rc != TPM_RC_SUCCESS) { 40816 return rc; 40817 } 40818 if (response_size != response.size()) { 40819 return TPM_RC_SIZE; 40820 } 40821 if (response_code != TPM_RC_SUCCESS) { 40822 return response_code; 40823 } 40824 TPM_CC command_code = TPM_CC_NV_Certify; 40825 std::string command_code_bytes; 40826 rc = Serialize_TPM_CC( 40827 command_code, 40828 &command_code_bytes); 40829 if (rc != TPM_RC_SUCCESS) { 40830 return rc; 40831 } 40832 std::string authorization_section_bytes; 40833 if (tag == TPM_ST_SESSIONS) { 40834 UINT32 parameter_section_size = buffer.size(); 40835 rc = Parse_UINT32(&buffer, ¶meter_section_size, nullptr); 40836 if (rc != TPM_RC_SUCCESS) { 40837 return rc; 40838 } 40839 if (parameter_section_size > buffer.size()) { 40840 return TPM_RC_INSUFFICIENT; 40841 } 40842 authorization_section_bytes = buffer.substr(parameter_section_size); 40843 // Keep the parameter section in |buffer|. 40844 buffer.erase(parameter_section_size); 40845 } 40846 scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create( 40847 crypto::SecureHash::SHA256)); 40848 hash->Update(response_code_bytes.data(), 40849 response_code_bytes.size()); 40850 hash->Update(command_code_bytes.data(), 40851 command_code_bytes.size()); 40852 hash->Update(buffer.data(), 40853 buffer.size()); 40854 std::string response_hash(32, 0); 40855 hash->Finish(string_as_array(&response_hash), response_hash.size()); 40856 if (tag == TPM_ST_SESSIONS) { 40857 CHECK(authorization_delegate) << "Authorization delegate missing!"; 40858 if (!authorization_delegate->CheckResponseAuthorization( 40859 response_hash, 40860 authorization_section_bytes)) { 40861 return TRUNKS_RC_AUTHORIZATION_FAILED; 40862 } 40863 } 40864 std::string certify_info_bytes; 40865 rc = Parse_TPM2B_ATTEST( 40866 &buffer, 40867 certify_info, 40868 &certify_info_bytes); 40869 if (rc != TPM_RC_SUCCESS) { 40870 return rc; 40871 } 40872 std::string signature_bytes; 40873 rc = Parse_TPMT_SIGNATURE( 40874 &buffer, 40875 signature, 40876 &signature_bytes); 40877 if (rc != TPM_RC_SUCCESS) { 40878 return rc; 40879 } 40880 if (tag == TPM_ST_SESSIONS) { 40881 CHECK(authorization_delegate) << "Authorization delegate missing!"; 40882 // Decrypt just the parameter data, not the size. 40883 std::string tmp = certify_info_bytes.substr(2); 40884 if (!authorization_delegate->DecryptResponseParameter(&tmp)) { 40885 return TRUNKS_RC_ENCRYPTION_FAILED; 40886 } 40887 certify_info_bytes.replace(2, std::string::npos, tmp); 40888 rc = Parse_TPM2B_ATTEST( 40889 &certify_info_bytes, 40890 certify_info, 40891 nullptr); 40892 if (rc != TPM_RC_SUCCESS) { 40893 return rc; 40894 } 40895 } 40896 return TPM_RC_SUCCESS; 40897 } 40898 40899 void NV_CertifyErrorCallback( 40900 const Tpm::NV_CertifyResponse& callback, 40901 TPM_RC response_code) { 40902 VLOG(1) << __func__; 40903 callback.Run(response_code, 40904 TPM2B_ATTEST(), 40905 TPMT_SIGNATURE()); 40906 } 40907 40908 void NV_CertifyResponseParser( 40909 const Tpm::NV_CertifyResponse& callback, 40910 AuthorizationDelegate* authorization_delegate, 40911 const std::string& response) { 40912 VLOG(1) << __func__; 40913 base::Callback<void(TPM_RC)> error_reporter = 40914 base::Bind(NV_CertifyErrorCallback, callback); 40915 TPM2B_ATTEST certify_info; 40916 TPMT_SIGNATURE signature; 40917 TPM_RC rc = Tpm::ParseResponse_NV_Certify( 40918 response, 40919 &certify_info, 40920 &signature, 40921 authorization_delegate); 40922 if (rc != TPM_RC_SUCCESS) { 40923 error_reporter.Run(rc); 40924 return; 40925 } 40926 callback.Run( 40927 rc, 40928 certify_info, 40929 signature); 40930 } 40931 40932 void Tpm::NV_Certify( 40933 const TPMI_DH_OBJECT& sign_handle, 40934 const std::string& sign_handle_name, 40935 const TPMI_RH_NV_AUTH& auth_handle, 40936 const std::string& auth_handle_name, 40937 const TPMI_RH_NV_INDEX& nv_index, 40938 const std::string& nv_index_name, 40939 const TPM2B_DATA& qualifying_data, 40940 const TPMT_SIG_SCHEME& in_scheme, 40941 const UINT16& size, 40942 const UINT16& offset, 40943 AuthorizationDelegate* authorization_delegate, 40944 const NV_CertifyResponse& callback) { 40945 VLOG(1) << __func__; 40946 base::Callback<void(TPM_RC)> error_reporter = 40947 base::Bind(NV_CertifyErrorCallback, callback); 40948 base::Callback<void(const std::string&)> parser = 40949 base::Bind(NV_CertifyResponseParser, 40950 callback, 40951 authorization_delegate); 40952 std::string command; 40953 TPM_RC rc = SerializeCommand_NV_Certify( 40954 sign_handle, 40955 sign_handle_name, 40956 auth_handle, 40957 auth_handle_name, 40958 nv_index, 40959 nv_index_name, 40960 qualifying_data, 40961 in_scheme, 40962 size, 40963 offset, 40964 &command, 40965 authorization_delegate); 40966 if (rc != TPM_RC_SUCCESS) { 40967 error_reporter.Run(rc); 40968 return; 40969 } 40970 transceiver_->SendCommand(command, parser); 40971 } 40972 40973 TPM_RC Tpm::NV_CertifySync( 40974 const TPMI_DH_OBJECT& sign_handle, 40975 const std::string& sign_handle_name, 40976 const TPMI_RH_NV_AUTH& auth_handle, 40977 const std::string& auth_handle_name, 40978 const TPMI_RH_NV_INDEX& nv_index, 40979 const std::string& nv_index_name, 40980 const TPM2B_DATA& qualifying_data, 40981 const TPMT_SIG_SCHEME& in_scheme, 40982 const UINT16& size, 40983 const UINT16& offset, 40984 TPM2B_ATTEST* certify_info, 40985 TPMT_SIGNATURE* signature, 40986 AuthorizationDelegate* authorization_delegate) { 40987 VLOG(1) << __func__; 40988 std::string command; 40989 TPM_RC rc = SerializeCommand_NV_Certify( 40990 sign_handle, 40991 sign_handle_name, 40992 auth_handle, 40993 auth_handle_name, 40994 nv_index, 40995 nv_index_name, 40996 qualifying_data, 40997 in_scheme, 40998 size, 40999 offset, 41000 &command, 41001 authorization_delegate); 41002 if (rc != TPM_RC_SUCCESS) { 41003 return rc; 41004 } 41005 std::string response = transceiver_->SendCommandAndWait(command); 41006 rc = ParseResponse_NV_Certify( 41007 response, 41008 certify_info, 41009 signature, 41010 authorization_delegate); 41011 return rc; 41012 } 41013 41014 } // namespace trunks 41015