Home | History | Annotate | Download | only in trunks
      1 //
      2 // Copyright (C) 2015 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 // THIS CODE IS GENERATED - DO NOT MODIFY!
     18 
     19 #include "trunks/tpm_generated.h"
     20 
     21 #include <string>
     22 
     23 #include <base/bind.h>
     24 #include <base/callback.h>
     25 #include <base/logging.h>
     26 #include <base/macros.h>
     27 #include <base/stl_util.h>
     28 #include <base/strings/string_number_conversions.h>
     29 #include <base/sys_byteorder.h>
     30 #include <crypto/secure_hash.h>
     31 
     32 #include "trunks/authorization_delegate.h"
     33 #include "trunks/command_transceiver.h"
     34 #include "trunks/error_codes.h"
     35 
     36 
     37 namespace trunks {
     38 
     39 size_t GetNumberOfRequestHandles(TPM_CC command_code) {
     40   switch (command_code) {
     41     case TPM_CC_Startup: return 0;
     42     case TPM_CC_Shutdown: return 0;
     43     case TPM_CC_SelfTest: return 0;
     44     case TPM_CC_IncrementalSelfTest: return 0;
     45     case TPM_CC_GetTestResult: return 0;
     46     case TPM_CC_StartAuthSession: return 2;
     47     case TPM_CC_PolicyRestart: return 1;
     48     case TPM_CC_Create: return 1;
     49     case TPM_CC_Load: return 1;
     50     case TPM_CC_LoadExternal: return 0;
     51     case TPM_CC_ReadPublic: return 1;
     52     case TPM_CC_ActivateCredential: return 2;
     53     case TPM_CC_MakeCredential: return 1;
     54     case TPM_CC_Unseal: return 1;
     55     case TPM_CC_ObjectChangeAuth: return 2;
     56     case TPM_CC_Duplicate: return 2;
     57     case TPM_CC_Rewrap: return 2;
     58     case TPM_CC_Import: return 1;
     59     case TPM_CC_RSA_Encrypt: return 1;
     60     case TPM_CC_RSA_Decrypt: return 1;
     61     case TPM_CC_ECDH_KeyGen: return 1;
     62     case TPM_CC_ECDH_ZGen: return 1;
     63     case TPM_CC_ECC_Parameters: return 0;
     64     case TPM_CC_ZGen_2Phase: return 1;
     65     case TPM_CC_EncryptDecrypt: return 1;
     66     case TPM_CC_Hash: return 0;
     67     case TPM_CC_HMAC: return 1;
     68     case TPM_CC_GetRandom: return 0;
     69     case TPM_CC_StirRandom: return 0;
     70     case TPM_CC_HMAC_Start: return 1;
     71     case TPM_CC_HashSequenceStart: return 0;
     72     case TPM_CC_SequenceUpdate: return 1;
     73     case TPM_CC_SequenceComplete: return 1;
     74     case TPM_CC_EventSequenceComplete: return 2;
     75     case TPM_CC_Certify: return 2;
     76     case TPM_CC_CertifyCreation: return 2;
     77     case TPM_CC_Quote: return 1;
     78     case TPM_CC_GetSessionAuditDigest: return 3;
     79     case TPM_CC_GetCommandAuditDigest: return 2;
     80     case TPM_CC_GetTime: return 2;
     81     case TPM_CC_Commit: return 1;
     82     case TPM_CC_EC_Ephemeral: return 0;
     83     case TPM_CC_VerifySignature: return 1;
     84     case TPM_CC_Sign: return 1;
     85     case TPM_CC_SetCommandCodeAuditStatus: return 1;
     86     case TPM_CC_PCR_Extend: return 1;
     87     case TPM_CC_PCR_Event: return 1;
     88     case TPM_CC_PCR_Read: return 0;
     89     case TPM_CC_PCR_Allocate: return 1;
     90     case TPM_CC_PCR_SetAuthPolicy: return 2;
     91     case TPM_CC_PCR_SetAuthValue: return 1;
     92     case TPM_CC_PCR_Reset: return 1;
     93     case TPM_CC_PolicySigned: return 2;
     94     case TPM_CC_PolicySecret: return 2;
     95     case TPM_CC_PolicyTicket: return 1;
     96     case TPM_CC_PolicyOR: return 1;
     97     case TPM_CC_PolicyPCR: return 1;
     98     case TPM_CC_PolicyLocality: return 1;
     99     case TPM_CC_PolicyNV: return 3;
    100     case TPM_CC_PolicyCounterTimer: return 1;
    101     case TPM_CC_PolicyCommandCode: return 1;
    102     case TPM_CC_PolicyPhysicalPresence: return 1;
    103     case TPM_CC_PolicyCpHash: return 1;
    104     case TPM_CC_PolicyNameHash: return 1;
    105     case TPM_CC_PolicyDuplicationSelect: return 1;
    106     case TPM_CC_PolicyAuthorize: return 1;
    107     case TPM_CC_PolicyAuthValue: return 1;
    108     case TPM_CC_PolicyPassword: return 1;
    109     case TPM_CC_PolicyGetDigest: return 1;
    110     case TPM_CC_PolicyNvWritten: return 1;
    111     case TPM_CC_CreatePrimary: return 1;
    112     case TPM_CC_HierarchyControl: return 1;
    113     case TPM_CC_SetPrimaryPolicy: return 1;
    114     case TPM_CC_ChangePPS: return 1;
    115     case TPM_CC_ChangeEPS: return 1;
    116     case TPM_CC_Clear: return 1;
    117     case TPM_CC_ClearControl: return 1;
    118     case TPM_CC_HierarchyChangeAuth: return 1;
    119     case TPM_CC_DictionaryAttackLockReset: return 1;
    120     case TPM_CC_DictionaryAttackParameters: return 1;
    121     case TPM_CC_PP_Commands: return 1;
    122     case TPM_CC_SetAlgorithmSet: return 1;
    123     case TPM_CC_FieldUpgradeStart: return 2;
    124     case TPM_CC_FieldUpgradeData: return 0;
    125     case TPM_CC_FirmwareRead: return 0;
    126     case TPM_CC_ContextSave: return 1;
    127     case TPM_CC_ContextLoad: return 0;
    128     case TPM_CC_FlushContext: return 0;
    129     case TPM_CC_EvictControl: return 2;
    130     case TPM_CC_ReadClock: return 0;
    131     case TPM_CC_ClockSet: return 1;
    132     case TPM_CC_ClockRateAdjust: return 1;
    133     case TPM_CC_GetCapability: return 0;
    134     case TPM_CC_TestParms: return 0;
    135     case TPM_CC_NV_DefineSpace: return 1;
    136     case TPM_CC_NV_UndefineSpace: return 2;
    137     case TPM_CC_NV_UndefineSpaceSpecial: return 2;
    138     case TPM_CC_NV_ReadPublic: return 1;
    139     case TPM_CC_NV_Write: return 2;
    140     case TPM_CC_NV_Increment: return 2;
    141     case TPM_CC_NV_Extend: return 2;
    142     case TPM_CC_NV_SetBits: return 2;
    143     case TPM_CC_NV_WriteLock: return 2;
    144     case TPM_CC_NV_GlobalWriteLock: return 1;
    145     case TPM_CC_NV_Read: return 2;
    146     case TPM_CC_NV_ReadLock: return 2;
    147     case TPM_CC_NV_ChangeAuth: return 1;
    148     case TPM_CC_NV_Certify: return 3;
    149     default: LOG(WARNING) << "Unknown command code: " << command_code;
    150   }
    151   return 0;
    152 }
    153 
    154 size_t GetNumberOfResponseHandles(TPM_CC command_code) {
    155   switch (command_code) {
    156     case TPM_CC_Startup: return 0;
    157     case TPM_CC_Shutdown: return 0;
    158     case TPM_CC_SelfTest: return 0;
    159     case TPM_CC_IncrementalSelfTest: return 0;
    160     case TPM_CC_GetTestResult: return 0;
    161     case TPM_CC_StartAuthSession: return 1;
    162     case TPM_CC_PolicyRestart: return 0;
    163     case TPM_CC_Create: return 0;
    164     case TPM_CC_Load: return 1;
    165     case TPM_CC_LoadExternal: return 1;
    166     case TPM_CC_ReadPublic: return 0;
    167     case TPM_CC_ActivateCredential: return 0;
    168     case TPM_CC_MakeCredential: return 0;
    169     case TPM_CC_Unseal: return 0;
    170     case TPM_CC_ObjectChangeAuth: return 0;
    171     case TPM_CC_Duplicate: return 0;
    172     case TPM_CC_Rewrap: return 0;
    173     case TPM_CC_Import: return 0;
    174     case TPM_CC_RSA_Encrypt: return 0;
    175     case TPM_CC_RSA_Decrypt: return 0;
    176     case TPM_CC_ECDH_KeyGen: return 0;
    177     case TPM_CC_ECDH_ZGen: return 0;
    178     case TPM_CC_ECC_Parameters: return 0;
    179     case TPM_CC_ZGen_2Phase: return 0;
    180     case TPM_CC_EncryptDecrypt: return 0;
    181     case TPM_CC_Hash: return 0;
    182     case TPM_CC_HMAC: return 0;
    183     case TPM_CC_GetRandom: return 0;
    184     case TPM_CC_StirRandom: return 0;
    185     case TPM_CC_HMAC_Start: return 1;
    186     case TPM_CC_HashSequenceStart: return 1;
    187     case TPM_CC_SequenceUpdate: return 0;
    188     case TPM_CC_SequenceComplete: return 0;
    189     case TPM_CC_EventSequenceComplete: return 0;
    190     case TPM_CC_Certify: return 0;
    191     case TPM_CC_CertifyCreation: return 0;
    192     case TPM_CC_Quote: return 0;
    193     case TPM_CC_GetSessionAuditDigest: return 0;
    194     case TPM_CC_GetCommandAuditDigest: return 0;
    195     case TPM_CC_GetTime: return 0;
    196     case TPM_CC_Commit: return 0;
    197     case TPM_CC_EC_Ephemeral: return 0;
    198     case TPM_CC_VerifySignature: return 0;
    199     case TPM_CC_Sign: return 0;
    200     case TPM_CC_SetCommandCodeAuditStatus: return 0;
    201     case TPM_CC_PCR_Extend: return 0;
    202     case TPM_CC_PCR_Event: return 0;
    203     case TPM_CC_PCR_Read: return 0;
    204     case TPM_CC_PCR_Allocate: return 0;
    205     case TPM_CC_PCR_SetAuthPolicy: return 0;
    206     case TPM_CC_PCR_SetAuthValue: return 0;
    207     case TPM_CC_PCR_Reset: return 0;
    208     case TPM_CC_PolicySigned: return 0;
    209     case TPM_CC_PolicySecret: return 0;
    210     case TPM_CC_PolicyTicket: return 0;
    211     case TPM_CC_PolicyOR: return 0;
    212     case TPM_CC_PolicyPCR: return 0;
    213     case TPM_CC_PolicyLocality: return 0;
    214     case TPM_CC_PolicyNV: return 0;
    215     case TPM_CC_PolicyCounterTimer: return 0;
    216     case TPM_CC_PolicyCommandCode: return 0;
    217     case TPM_CC_PolicyPhysicalPresence: return 0;
    218     case TPM_CC_PolicyCpHash: return 0;
    219     case TPM_CC_PolicyNameHash: return 0;
    220     case TPM_CC_PolicyDuplicationSelect: return 0;
    221     case TPM_CC_PolicyAuthorize: return 0;
    222     case TPM_CC_PolicyAuthValue: return 0;
    223     case TPM_CC_PolicyPassword: return 0;
    224     case TPM_CC_PolicyGetDigest: return 0;
    225     case TPM_CC_PolicyNvWritten: return 0;
    226     case TPM_CC_CreatePrimary: return 1;
    227     case TPM_CC_HierarchyControl: return 0;
    228     case TPM_CC_SetPrimaryPolicy: return 0;
    229     case TPM_CC_ChangePPS: return 0;
    230     case TPM_CC_ChangeEPS: return 0;
    231     case TPM_CC_Clear: return 0;
    232     case TPM_CC_ClearControl: return 0;
    233     case TPM_CC_HierarchyChangeAuth: return 0;
    234     case TPM_CC_DictionaryAttackLockReset: return 0;
    235     case TPM_CC_DictionaryAttackParameters: return 0;
    236     case TPM_CC_PP_Commands: return 0;
    237     case TPM_CC_SetAlgorithmSet: return 0;
    238     case TPM_CC_FieldUpgradeStart: return 0;
    239     case TPM_CC_FieldUpgradeData: return 0;
    240     case TPM_CC_FirmwareRead: return 0;
    241     case TPM_CC_ContextSave: return 0;
    242     case TPM_CC_ContextLoad: return 1;
    243     case TPM_CC_FlushContext: return 0;
    244     case TPM_CC_EvictControl: return 0;
    245     case TPM_CC_ReadClock: return 0;
    246     case TPM_CC_ClockSet: return 0;
    247     case TPM_CC_ClockRateAdjust: return 0;
    248     case TPM_CC_GetCapability: return 0;
    249     case TPM_CC_TestParms: return 0;
    250     case TPM_CC_NV_DefineSpace: return 0;
    251     case TPM_CC_NV_UndefineSpace: return 0;
    252     case TPM_CC_NV_UndefineSpaceSpecial: return 0;
    253     case TPM_CC_NV_ReadPublic: return 0;
    254     case TPM_CC_NV_Write: return 0;
    255     case TPM_CC_NV_Increment: return 0;
    256     case TPM_CC_NV_Extend: return 0;
    257     case TPM_CC_NV_SetBits: return 0;
    258     case TPM_CC_NV_WriteLock: return 0;
    259     case TPM_CC_NV_GlobalWriteLock: return 0;
    260     case TPM_CC_NV_Read: return 0;
    261     case TPM_CC_NV_ReadLock: return 0;
    262     case TPM_CC_NV_ChangeAuth: return 0;
    263     case TPM_CC_NV_Certify: return 0;
    264     default: LOG(WARNING) << "Unknown command code: " << command_code;
    265   }
    266   return 0;
    267 }
    268 
    269 TPM_RC Serialize_uint8_t(const uint8_t& value, std::string* buffer) {
    270   VLOG(3) << __func__;
    271   uint8_t value_net = value;
    272   switch (sizeof(uint8_t)) {
    273     case 2:
    274       value_net = base::HostToNet16(value);
    275       break;
    276     case 4:
    277       value_net = base::HostToNet32(value);
    278       break;
    279     case 8:
    280       value_net = base::HostToNet64(value);
    281       break;
    282     default:
    283       break;
    284   }
    285   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    286   buffer->append(value_bytes, sizeof(uint8_t));
    287   return TPM_RC_SUCCESS;
    288 }
    289 
    290 TPM_RC Parse_uint8_t(
    291     std::string* buffer,
    292     uint8_t* value,
    293     std::string* value_bytes) {
    294   VLOG(3) << __func__;
    295   if (buffer->size() < sizeof(uint8_t))
    296     return TPM_RC_INSUFFICIENT;
    297   uint8_t value_net = 0;
    298   memcpy(&value_net, buffer->data(), sizeof(uint8_t));
    299   switch (sizeof(uint8_t)) {
    300     case 2:
    301       *value = base::NetToHost16(value_net);
    302       break;
    303     case 4:
    304       *value = base::NetToHost32(value_net);
    305       break;
    306     case 8:
    307       *value = base::NetToHost64(value_net);
    308       break;
    309     default:
    310       *value = value_net;
    311   }
    312   if (value_bytes) {
    313     value_bytes->append(buffer->substr(0, sizeof(uint8_t)));
    314   }
    315   buffer->erase(0, sizeof(uint8_t));
    316   return TPM_RC_SUCCESS;
    317 }
    318 
    319 TPM_RC Serialize_int8_t(const int8_t& value, std::string* buffer) {
    320   VLOG(3) << __func__;
    321   int8_t value_net = value;
    322   switch (sizeof(int8_t)) {
    323     case 2:
    324       value_net = base::HostToNet16(value);
    325       break;
    326     case 4:
    327       value_net = base::HostToNet32(value);
    328       break;
    329     case 8:
    330       value_net = base::HostToNet64(value);
    331       break;
    332     default:
    333       break;
    334   }
    335   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    336   buffer->append(value_bytes, sizeof(int8_t));
    337   return TPM_RC_SUCCESS;
    338 }
    339 
    340 TPM_RC Parse_int8_t(
    341     std::string* buffer,
    342     int8_t* value,
    343     std::string* value_bytes) {
    344   VLOG(3) << __func__;
    345   if (buffer->size() < sizeof(int8_t))
    346     return TPM_RC_INSUFFICIENT;
    347   int8_t value_net = 0;
    348   memcpy(&value_net, buffer->data(), sizeof(int8_t));
    349   switch (sizeof(int8_t)) {
    350     case 2:
    351       *value = base::NetToHost16(value_net);
    352       break;
    353     case 4:
    354       *value = base::NetToHost32(value_net);
    355       break;
    356     case 8:
    357       *value = base::NetToHost64(value_net);
    358       break;
    359     default:
    360       *value = value_net;
    361   }
    362   if (value_bytes) {
    363     value_bytes->append(buffer->substr(0, sizeof(int8_t)));
    364   }
    365   buffer->erase(0, sizeof(int8_t));
    366   return TPM_RC_SUCCESS;
    367 }
    368 
    369 TPM_RC Serialize_int(const int& value, std::string* buffer) {
    370   VLOG(3) << __func__;
    371   int value_net = value;
    372   switch (sizeof(int)) {
    373     case 2:
    374       value_net = base::HostToNet16(value);
    375       break;
    376     case 4:
    377       value_net = base::HostToNet32(value);
    378       break;
    379     case 8:
    380       value_net = base::HostToNet64(value);
    381       break;
    382     default:
    383       break;
    384   }
    385   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    386   buffer->append(value_bytes, sizeof(int));
    387   return TPM_RC_SUCCESS;
    388 }
    389 
    390 TPM_RC Parse_int(
    391     std::string* buffer,
    392     int* value,
    393     std::string* value_bytes) {
    394   VLOG(3) << __func__;
    395   if (buffer->size() < sizeof(int))
    396     return TPM_RC_INSUFFICIENT;
    397   int value_net = 0;
    398   memcpy(&value_net, buffer->data(), sizeof(int));
    399   switch (sizeof(int)) {
    400     case 2:
    401       *value = base::NetToHost16(value_net);
    402       break;
    403     case 4:
    404       *value = base::NetToHost32(value_net);
    405       break;
    406     case 8:
    407       *value = base::NetToHost64(value_net);
    408       break;
    409     default:
    410       *value = value_net;
    411   }
    412   if (value_bytes) {
    413     value_bytes->append(buffer->substr(0, sizeof(int)));
    414   }
    415   buffer->erase(0, sizeof(int));
    416   return TPM_RC_SUCCESS;
    417 }
    418 
    419 TPM_RC Serialize_uint16_t(const uint16_t& value, std::string* buffer) {
    420   VLOG(3) << __func__;
    421   uint16_t value_net = value;
    422   switch (sizeof(uint16_t)) {
    423     case 2:
    424       value_net = base::HostToNet16(value);
    425       break;
    426     case 4:
    427       value_net = base::HostToNet32(value);
    428       break;
    429     case 8:
    430       value_net = base::HostToNet64(value);
    431       break;
    432     default:
    433       break;
    434   }
    435   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    436   buffer->append(value_bytes, sizeof(uint16_t));
    437   return TPM_RC_SUCCESS;
    438 }
    439 
    440 TPM_RC Parse_uint16_t(
    441     std::string* buffer,
    442     uint16_t* value,
    443     std::string* value_bytes) {
    444   VLOG(3) << __func__;
    445   if (buffer->size() < sizeof(uint16_t))
    446     return TPM_RC_INSUFFICIENT;
    447   uint16_t value_net = 0;
    448   memcpy(&value_net, buffer->data(), sizeof(uint16_t));
    449   switch (sizeof(uint16_t)) {
    450     case 2:
    451       *value = base::NetToHost16(value_net);
    452       break;
    453     case 4:
    454       *value = base::NetToHost32(value_net);
    455       break;
    456     case 8:
    457       *value = base::NetToHost64(value_net);
    458       break;
    459     default:
    460       *value = value_net;
    461   }
    462   if (value_bytes) {
    463     value_bytes->append(buffer->substr(0, sizeof(uint16_t)));
    464   }
    465   buffer->erase(0, sizeof(uint16_t));
    466   return TPM_RC_SUCCESS;
    467 }
    468 
    469 TPM_RC Serialize_int16_t(const int16_t& value, std::string* buffer) {
    470   VLOG(3) << __func__;
    471   int16_t value_net = value;
    472   switch (sizeof(int16_t)) {
    473     case 2:
    474       value_net = base::HostToNet16(value);
    475       break;
    476     case 4:
    477       value_net = base::HostToNet32(value);
    478       break;
    479     case 8:
    480       value_net = base::HostToNet64(value);
    481       break;
    482     default:
    483       break;
    484   }
    485   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    486   buffer->append(value_bytes, sizeof(int16_t));
    487   return TPM_RC_SUCCESS;
    488 }
    489 
    490 TPM_RC Parse_int16_t(
    491     std::string* buffer,
    492     int16_t* value,
    493     std::string* value_bytes) {
    494   VLOG(3) << __func__;
    495   if (buffer->size() < sizeof(int16_t))
    496     return TPM_RC_INSUFFICIENT;
    497   int16_t value_net = 0;
    498   memcpy(&value_net, buffer->data(), sizeof(int16_t));
    499   switch (sizeof(int16_t)) {
    500     case 2:
    501       *value = base::NetToHost16(value_net);
    502       break;
    503     case 4:
    504       *value = base::NetToHost32(value_net);
    505       break;
    506     case 8:
    507       *value = base::NetToHost64(value_net);
    508       break;
    509     default:
    510       *value = value_net;
    511   }
    512   if (value_bytes) {
    513     value_bytes->append(buffer->substr(0, sizeof(int16_t)));
    514   }
    515   buffer->erase(0, sizeof(int16_t));
    516   return TPM_RC_SUCCESS;
    517 }
    518 
    519 TPM_RC Serialize_uint32_t(const uint32_t& value, std::string* buffer) {
    520   VLOG(3) << __func__;
    521   uint32_t value_net = value;
    522   switch (sizeof(uint32_t)) {
    523     case 2:
    524       value_net = base::HostToNet16(value);
    525       break;
    526     case 4:
    527       value_net = base::HostToNet32(value);
    528       break;
    529     case 8:
    530       value_net = base::HostToNet64(value);
    531       break;
    532     default:
    533       break;
    534   }
    535   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    536   buffer->append(value_bytes, sizeof(uint32_t));
    537   return TPM_RC_SUCCESS;
    538 }
    539 
    540 TPM_RC Parse_uint32_t(
    541     std::string* buffer,
    542     uint32_t* value,
    543     std::string* value_bytes) {
    544   VLOG(3) << __func__;
    545   if (buffer->size() < sizeof(uint32_t))
    546     return TPM_RC_INSUFFICIENT;
    547   uint32_t value_net = 0;
    548   memcpy(&value_net, buffer->data(), sizeof(uint32_t));
    549   switch (sizeof(uint32_t)) {
    550     case 2:
    551       *value = base::NetToHost16(value_net);
    552       break;
    553     case 4:
    554       *value = base::NetToHost32(value_net);
    555       break;
    556     case 8:
    557       *value = base::NetToHost64(value_net);
    558       break;
    559     default:
    560       *value = value_net;
    561   }
    562   if (value_bytes) {
    563     value_bytes->append(buffer->substr(0, sizeof(uint32_t)));
    564   }
    565   buffer->erase(0, sizeof(uint32_t));
    566   return TPM_RC_SUCCESS;
    567 }
    568 
    569 TPM_RC Serialize_int32_t(const int32_t& value, std::string* buffer) {
    570   VLOG(3) << __func__;
    571   int32_t value_net = value;
    572   switch (sizeof(int32_t)) {
    573     case 2:
    574       value_net = base::HostToNet16(value);
    575       break;
    576     case 4:
    577       value_net = base::HostToNet32(value);
    578       break;
    579     case 8:
    580       value_net = base::HostToNet64(value);
    581       break;
    582     default:
    583       break;
    584   }
    585   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    586   buffer->append(value_bytes, sizeof(int32_t));
    587   return TPM_RC_SUCCESS;
    588 }
    589 
    590 TPM_RC Parse_int32_t(
    591     std::string* buffer,
    592     int32_t* value,
    593     std::string* value_bytes) {
    594   VLOG(3) << __func__;
    595   if (buffer->size() < sizeof(int32_t))
    596     return TPM_RC_INSUFFICIENT;
    597   int32_t value_net = 0;
    598   memcpy(&value_net, buffer->data(), sizeof(int32_t));
    599   switch (sizeof(int32_t)) {
    600     case 2:
    601       *value = base::NetToHost16(value_net);
    602       break;
    603     case 4:
    604       *value = base::NetToHost32(value_net);
    605       break;
    606     case 8:
    607       *value = base::NetToHost64(value_net);
    608       break;
    609     default:
    610       *value = value_net;
    611   }
    612   if (value_bytes) {
    613     value_bytes->append(buffer->substr(0, sizeof(int32_t)));
    614   }
    615   buffer->erase(0, sizeof(int32_t));
    616   return TPM_RC_SUCCESS;
    617 }
    618 
    619 TPM_RC Serialize_uint64_t(const uint64_t& value, std::string* buffer) {
    620   VLOG(3) << __func__;
    621   uint64_t value_net = value;
    622   switch (sizeof(uint64_t)) {
    623     case 2:
    624       value_net = base::HostToNet16(value);
    625       break;
    626     case 4:
    627       value_net = base::HostToNet32(value);
    628       break;
    629     case 8:
    630       value_net = base::HostToNet64(value);
    631       break;
    632     default:
    633       break;
    634   }
    635   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    636   buffer->append(value_bytes, sizeof(uint64_t));
    637   return TPM_RC_SUCCESS;
    638 }
    639 
    640 TPM_RC Parse_uint64_t(
    641     std::string* buffer,
    642     uint64_t* value,
    643     std::string* value_bytes) {
    644   VLOG(3) << __func__;
    645   if (buffer->size() < sizeof(uint64_t))
    646     return TPM_RC_INSUFFICIENT;
    647   uint64_t value_net = 0;
    648   memcpy(&value_net, buffer->data(), sizeof(uint64_t));
    649   switch (sizeof(uint64_t)) {
    650     case 2:
    651       *value = base::NetToHost16(value_net);
    652       break;
    653     case 4:
    654       *value = base::NetToHost32(value_net);
    655       break;
    656     case 8:
    657       *value = base::NetToHost64(value_net);
    658       break;
    659     default:
    660       *value = value_net;
    661   }
    662   if (value_bytes) {
    663     value_bytes->append(buffer->substr(0, sizeof(uint64_t)));
    664   }
    665   buffer->erase(0, sizeof(uint64_t));
    666   return TPM_RC_SUCCESS;
    667 }
    668 
    669 TPM_RC Serialize_int64_t(const int64_t& value, std::string* buffer) {
    670   VLOG(3) << __func__;
    671   int64_t value_net = value;
    672   switch (sizeof(int64_t)) {
    673     case 2:
    674       value_net = base::HostToNet16(value);
    675       break;
    676     case 4:
    677       value_net = base::HostToNet32(value);
    678       break;
    679     case 8:
    680       value_net = base::HostToNet64(value);
    681       break;
    682     default:
    683       break;
    684   }
    685   const char* value_bytes = reinterpret_cast<const char*>(&value_net);
    686   buffer->append(value_bytes, sizeof(int64_t));
    687   return TPM_RC_SUCCESS;
    688 }
    689 
    690 TPM_RC Parse_int64_t(
    691     std::string* buffer,
    692     int64_t* value,
    693     std::string* value_bytes) {
    694   VLOG(3) << __func__;
    695   if (buffer->size() < sizeof(int64_t))
    696     return TPM_RC_INSUFFICIENT;
    697   int64_t value_net = 0;
    698   memcpy(&value_net, buffer->data(), sizeof(int64_t));
    699   switch (sizeof(int64_t)) {
    700     case 2:
    701       *value = base::NetToHost16(value_net);
    702       break;
    703     case 4:
    704       *value = base::NetToHost32(value_net);
    705       break;
    706     case 8:
    707       *value = base::NetToHost64(value_net);
    708       break;
    709     default:
    710       *value = value_net;
    711   }
    712   if (value_bytes) {
    713     value_bytes->append(buffer->substr(0, sizeof(int64_t)));
    714   }
    715   buffer->erase(0, sizeof(int64_t));
    716   return TPM_RC_SUCCESS;
    717 }
    718 
    719 TPM_RC Serialize_UINT8(
    720     const UINT8& value,
    721     std::string* buffer) {
    722   VLOG(3) << __func__;
    723   return Serialize_uint8_t(value, buffer);
    724 }
    725 
    726 TPM_RC Parse_UINT8(
    727     std::string* buffer,
    728     UINT8* value,
    729     std::string* value_bytes) {
    730   VLOG(3) << __func__;
    731   return Parse_uint8_t(buffer, value, value_bytes);
    732 }
    733 
    734 TPM_RC Serialize_BYTE(
    735     const BYTE& value,
    736     std::string* buffer) {
    737   VLOG(3) << __func__;
    738   return Serialize_uint8_t(value, buffer);
    739 }
    740 
    741 TPM_RC Parse_BYTE(
    742     std::string* buffer,
    743     BYTE* value,
    744     std::string* value_bytes) {
    745   VLOG(3) << __func__;
    746   return Parse_uint8_t(buffer, value, value_bytes);
    747 }
    748 
    749 TPM_RC Serialize_INT8(
    750     const INT8& value,
    751     std::string* buffer) {
    752   VLOG(3) << __func__;
    753   return Serialize_int8_t(value, buffer);
    754 }
    755 
    756 TPM_RC Parse_INT8(
    757     std::string* buffer,
    758     INT8* value,
    759     std::string* value_bytes) {
    760   VLOG(3) << __func__;
    761   return Parse_int8_t(buffer, value, value_bytes);
    762 }
    763 
    764 TPM_RC Serialize_BOOL(
    765     const BOOL& value,
    766     std::string* buffer) {
    767   VLOG(3) << __func__;
    768   return Serialize_int(value, buffer);
    769 }
    770 
    771 TPM_RC Parse_BOOL(
    772     std::string* buffer,
    773     BOOL* value,
    774     std::string* value_bytes) {
    775   VLOG(3) << __func__;
    776   return Parse_int(buffer, value, value_bytes);
    777 }
    778 
    779 TPM_RC Serialize_UINT16(
    780     const UINT16& value,
    781     std::string* buffer) {
    782   VLOG(3) << __func__;
    783   return Serialize_uint16_t(value, buffer);
    784 }
    785 
    786 TPM_RC Parse_UINT16(
    787     std::string* buffer,
    788     UINT16* value,
    789     std::string* value_bytes) {
    790   VLOG(3) << __func__;
    791   return Parse_uint16_t(buffer, value, value_bytes);
    792 }
    793 
    794 TPM_RC Serialize_INT16(
    795     const INT16& value,
    796     std::string* buffer) {
    797   VLOG(3) << __func__;
    798   return Serialize_int16_t(value, buffer);
    799 }
    800 
    801 TPM_RC Parse_INT16(
    802     std::string* buffer,
    803     INT16* value,
    804     std::string* value_bytes) {
    805   VLOG(3) << __func__;
    806   return Parse_int16_t(buffer, value, value_bytes);
    807 }
    808 
    809 TPM_RC Serialize_UINT32(
    810     const UINT32& value,
    811     std::string* buffer) {
    812   VLOG(3) << __func__;
    813   return Serialize_uint32_t(value, buffer);
    814 }
    815 
    816 TPM_RC Parse_UINT32(
    817     std::string* buffer,
    818     UINT32* value,
    819     std::string* value_bytes) {
    820   VLOG(3) << __func__;
    821   return Parse_uint32_t(buffer, value, value_bytes);
    822 }
    823 
    824 TPM_RC Serialize_INT32(
    825     const INT32& value,
    826     std::string* buffer) {
    827   VLOG(3) << __func__;
    828   return Serialize_int32_t(value, buffer);
    829 }
    830 
    831 TPM_RC Parse_INT32(
    832     std::string* buffer,
    833     INT32* value,
    834     std::string* value_bytes) {
    835   VLOG(3) << __func__;
    836   return Parse_int32_t(buffer, value, value_bytes);
    837 }
    838 
    839 TPM_RC Serialize_UINT64(
    840     const UINT64& value,
    841     std::string* buffer) {
    842   VLOG(3) << __func__;
    843   return Serialize_uint64_t(value, buffer);
    844 }
    845 
    846 TPM_RC Parse_UINT64(
    847     std::string* buffer,
    848     UINT64* value,
    849     std::string* value_bytes) {
    850   VLOG(3) << __func__;
    851   return Parse_uint64_t(buffer, value, value_bytes);
    852 }
    853 
    854 TPM_RC Serialize_INT64(
    855     const INT64& value,
    856     std::string* buffer) {
    857   VLOG(3) << __func__;
    858   return Serialize_int64_t(value, buffer);
    859 }
    860 
    861 TPM_RC Parse_INT64(
    862     std::string* buffer,
    863     INT64* value,
    864     std::string* value_bytes) {
    865   VLOG(3) << __func__;
    866   return Parse_int64_t(buffer, value, value_bytes);
    867 }
    868 
    869 TPM_RC Serialize_TPM_ALGORITHM_ID(
    870     const TPM_ALGORITHM_ID& value,
    871     std::string* buffer) {
    872   VLOG(3) << __func__;
    873   return Serialize_UINT32(value, buffer);
    874 }
    875 
    876 TPM_RC Parse_TPM_ALGORITHM_ID(
    877     std::string* buffer,
    878     TPM_ALGORITHM_ID* value,
    879     std::string* value_bytes) {
    880   VLOG(3) << __func__;
    881   return Parse_UINT32(buffer, value, value_bytes);
    882 }
    883 
    884 TPM_RC Serialize_TPM_MODIFIER_INDICATOR(
    885     const TPM_MODIFIER_INDICATOR& value,
    886     std::string* buffer) {
    887   VLOG(3) << __func__;
    888   return Serialize_UINT32(value, buffer);
    889 }
    890 
    891 TPM_RC Parse_TPM_MODIFIER_INDICATOR(
    892     std::string* buffer,
    893     TPM_MODIFIER_INDICATOR* value,
    894     std::string* value_bytes) {
    895   VLOG(3) << __func__;
    896   return Parse_UINT32(buffer, value, value_bytes);
    897 }
    898 
    899 TPM_RC Serialize_TPM_AUTHORIZATION_SIZE(
    900     const TPM_AUTHORIZATION_SIZE& value,
    901     std::string* buffer) {
    902   VLOG(3) << __func__;
    903   return Serialize_UINT32(value, buffer);
    904 }
    905 
    906 TPM_RC Parse_TPM_AUTHORIZATION_SIZE(
    907     std::string* buffer,
    908     TPM_AUTHORIZATION_SIZE* value,
    909     std::string* value_bytes) {
    910   VLOG(3) << __func__;
    911   return Parse_UINT32(buffer, value, value_bytes);
    912 }
    913 
    914 TPM_RC Serialize_TPM_PARAMETER_SIZE(
    915     const TPM_PARAMETER_SIZE& value,
    916     std::string* buffer) {
    917   VLOG(3) << __func__;
    918   return Serialize_UINT32(value, buffer);
    919 }
    920 
    921 TPM_RC Parse_TPM_PARAMETER_SIZE(
    922     std::string* buffer,
    923     TPM_PARAMETER_SIZE* value,
    924     std::string* value_bytes) {
    925   VLOG(3) << __func__;
    926   return Parse_UINT32(buffer, value, value_bytes);
    927 }
    928 
    929 TPM_RC Serialize_TPM_KEY_SIZE(
    930     const TPM_KEY_SIZE& value,
    931     std::string* buffer) {
    932   VLOG(3) << __func__;
    933   return Serialize_UINT16(value, buffer);
    934 }
    935 
    936 TPM_RC Parse_TPM_KEY_SIZE(
    937     std::string* buffer,
    938     TPM_KEY_SIZE* value,
    939     std::string* value_bytes) {
    940   VLOG(3) << __func__;
    941   return Parse_UINT16(buffer, value, value_bytes);
    942 }
    943 
    944 TPM_RC Serialize_TPM_KEY_BITS(
    945     const TPM_KEY_BITS& value,
    946     std::string* buffer) {
    947   VLOG(3) << __func__;
    948   return Serialize_UINT16(value, buffer);
    949 }
    950 
    951 TPM_RC Parse_TPM_KEY_BITS(
    952     std::string* buffer,
    953     TPM_KEY_BITS* value,
    954     std::string* value_bytes) {
    955   VLOG(3) << __func__;
    956   return Parse_UINT16(buffer, value, value_bytes);
    957 }
    958 
    959 TPM_RC Serialize_TPM_HANDLE(
    960     const TPM_HANDLE& value,
    961     std::string* buffer) {
    962   VLOG(3) << __func__;
    963   return Serialize_UINT32(value, buffer);
    964 }
    965 
    966 TPM_RC Parse_TPM_HANDLE(
    967     std::string* buffer,
    968     TPM_HANDLE* value,
    969     std::string* value_bytes) {
    970   VLOG(3) << __func__;
    971   return Parse_UINT32(buffer, value, value_bytes);
    972 }
    973 
    974 TPM_RC Serialize_TPM2B_DIGEST(
    975     const TPM2B_DIGEST& value,
    976     std::string* buffer) {
    977   TPM_RC result = TPM_RC_SUCCESS;
    978   VLOG(3) << __func__;
    979 
    980   result = Serialize_UINT16(value.size, buffer);
    981   if (result) {
    982     return result;
    983   }
    984 
    985   if (arraysize(value.buffer) < value.size) {
    986     return TPM_RC_INSUFFICIENT;
    987   }
    988   for (uint32_t i = 0; i < value.size; ++i) {
    989     result = Serialize_BYTE(value.buffer[i], buffer);
    990     if (result) {
    991       return result;
    992     }
    993   }
    994   return result;
    995 }
    996 
    997 TPM_RC Parse_TPM2B_DIGEST(
    998     std::string* buffer,
    999     TPM2B_DIGEST* value,
   1000     std::string* value_bytes) {
   1001   TPM_RC result = TPM_RC_SUCCESS;
   1002   VLOG(3) << __func__;
   1003 
   1004   result = Parse_UINT16(
   1005       buffer,
   1006       &value->size,
   1007       value_bytes);
   1008   if (result) {
   1009     return result;
   1010   }
   1011 
   1012   if (arraysize(value->buffer) < value->size) {
   1013     return TPM_RC_INSUFFICIENT;
   1014   }
   1015   for (uint32_t i = 0; i < value->size; ++i) {
   1016     result = Parse_BYTE(
   1017         buffer,
   1018         &value->buffer[i],
   1019         value_bytes);
   1020     if (result) {
   1021       return result;
   1022     }
   1023   }
   1024   return result;
   1025 }
   1026 
   1027 TPM2B_DIGEST Make_TPM2B_DIGEST(
   1028     const std::string& bytes) {
   1029   TPM2B_DIGEST tpm2b;
   1030   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   1031   memset(&tpm2b, 0, sizeof(TPM2B_DIGEST));
   1032   tpm2b.size = bytes.size();
   1033   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   1034   return tpm2b;
   1035 }
   1036 
   1037 std::string StringFrom_TPM2B_DIGEST(
   1038     const TPM2B_DIGEST& tpm2b) {
   1039   const char* char_buffer = reinterpret_cast<const char*>(
   1040       tpm2b.buffer);
   1041   return std::string(char_buffer, tpm2b.size);
   1042 }
   1043 
   1044 TPM_RC Serialize_TPM2B_NONCE(
   1045     const TPM2B_NONCE& value,
   1046     std::string* buffer) {
   1047   VLOG(3) << __func__;
   1048   return Serialize_TPM2B_DIGEST(value, buffer);
   1049 }
   1050 
   1051 TPM_RC Parse_TPM2B_NONCE(
   1052     std::string* buffer,
   1053     TPM2B_NONCE* value,
   1054     std::string* value_bytes) {
   1055   VLOG(3) << __func__;
   1056   return Parse_TPM2B_DIGEST(buffer, value, value_bytes);
   1057 }
   1058 
   1059 TPM_RC Serialize_TPM2B_AUTH(
   1060     const TPM2B_AUTH& value,
   1061     std::string* buffer) {
   1062   VLOG(3) << __func__;
   1063   return Serialize_TPM2B_DIGEST(value, buffer);
   1064 }
   1065 
   1066 TPM_RC Parse_TPM2B_AUTH(
   1067     std::string* buffer,
   1068     TPM2B_AUTH* value,
   1069     std::string* value_bytes) {
   1070   VLOG(3) << __func__;
   1071   return Parse_TPM2B_DIGEST(buffer, value, value_bytes);
   1072 }
   1073 
   1074 TPM_RC Serialize_TPM2B_OPERAND(
   1075     const TPM2B_OPERAND& value,
   1076     std::string* buffer) {
   1077   VLOG(3) << __func__;
   1078   return Serialize_TPM2B_DIGEST(value, buffer);
   1079 }
   1080 
   1081 TPM_RC Parse_TPM2B_OPERAND(
   1082     std::string* buffer,
   1083     TPM2B_OPERAND* value,
   1084     std::string* value_bytes) {
   1085   VLOG(3) << __func__;
   1086   return Parse_TPM2B_DIGEST(buffer, value, value_bytes);
   1087 }
   1088 
   1089 TPM_RC Serialize_TPM_ALG_ID(
   1090     const TPM_ALG_ID& value,
   1091     std::string* buffer) {
   1092   VLOG(3) << __func__;
   1093   return Serialize_UINT16(value, buffer);
   1094 }
   1095 
   1096 TPM_RC Parse_TPM_ALG_ID(
   1097     std::string* buffer,
   1098     TPM_ALG_ID* value,
   1099     std::string* value_bytes) {
   1100   VLOG(3) << __func__;
   1101   return Parse_UINT16(buffer, value, value_bytes);
   1102 }
   1103 
   1104 TPM_RC Serialize_TPMI_ALG_HASH(
   1105     const TPMI_ALG_HASH& value,
   1106     std::string* buffer) {
   1107   VLOG(3) << __func__;
   1108   return Serialize_TPM_ALG_ID(value, buffer);
   1109 }
   1110 
   1111 TPM_RC Parse_TPMI_ALG_HASH(
   1112     std::string* buffer,
   1113     TPMI_ALG_HASH* value,
   1114     std::string* value_bytes) {
   1115   VLOG(3) << __func__;
   1116   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1117 }
   1118 
   1119 TPM_RC Serialize_TPMS_SCHEME_SIGHASH(
   1120     const TPMS_SCHEME_SIGHASH& value,
   1121     std::string* buffer) {
   1122   TPM_RC result = TPM_RC_SUCCESS;
   1123   VLOG(3) << __func__;
   1124 
   1125   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   1126   if (result) {
   1127     return result;
   1128   }
   1129   return result;
   1130 }
   1131 
   1132 TPM_RC Parse_TPMS_SCHEME_SIGHASH(
   1133     std::string* buffer,
   1134     TPMS_SCHEME_SIGHASH* value,
   1135     std::string* value_bytes) {
   1136   TPM_RC result = TPM_RC_SUCCESS;
   1137   VLOG(3) << __func__;
   1138 
   1139   result = Parse_TPMI_ALG_HASH(
   1140       buffer,
   1141       &value->hash_alg,
   1142       value_bytes);
   1143   if (result) {
   1144     return result;
   1145   }
   1146   return result;
   1147 }
   1148 
   1149 TPM_RC Serialize_TPMS_SCHEME_HMAC(
   1150     const TPMS_SCHEME_HMAC& value,
   1151     std::string* buffer) {
   1152   VLOG(3) << __func__;
   1153   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1154 }
   1155 
   1156 TPM_RC Parse_TPMS_SCHEME_HMAC(
   1157     std::string* buffer,
   1158     TPMS_SCHEME_HMAC* value,
   1159     std::string* value_bytes) {
   1160   VLOG(3) << __func__;
   1161   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1162 }
   1163 
   1164 TPM_RC Serialize_TPMS_SCHEME_RSASSA(
   1165     const TPMS_SCHEME_RSASSA& value,
   1166     std::string* buffer) {
   1167   VLOG(3) << __func__;
   1168   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1169 }
   1170 
   1171 TPM_RC Parse_TPMS_SCHEME_RSASSA(
   1172     std::string* buffer,
   1173     TPMS_SCHEME_RSASSA* value,
   1174     std::string* value_bytes) {
   1175   VLOG(3) << __func__;
   1176   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1177 }
   1178 
   1179 TPM_RC Serialize_TPMS_SCHEME_RSAPSS(
   1180     const TPMS_SCHEME_RSAPSS& value,
   1181     std::string* buffer) {
   1182   VLOG(3) << __func__;
   1183   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1184 }
   1185 
   1186 TPM_RC Parse_TPMS_SCHEME_RSAPSS(
   1187     std::string* buffer,
   1188     TPMS_SCHEME_RSAPSS* value,
   1189     std::string* value_bytes) {
   1190   VLOG(3) << __func__;
   1191   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1192 }
   1193 
   1194 TPM_RC Serialize_TPMS_SCHEME_ECDSA(
   1195     const TPMS_SCHEME_ECDSA& value,
   1196     std::string* buffer) {
   1197   VLOG(3) << __func__;
   1198   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1199 }
   1200 
   1201 TPM_RC Parse_TPMS_SCHEME_ECDSA(
   1202     std::string* buffer,
   1203     TPMS_SCHEME_ECDSA* value,
   1204     std::string* value_bytes) {
   1205   VLOG(3) << __func__;
   1206   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1207 }
   1208 
   1209 TPM_RC Serialize_TPMS_SCHEME_SM2(
   1210     const TPMS_SCHEME_SM2& value,
   1211     std::string* buffer) {
   1212   VLOG(3) << __func__;
   1213   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1214 }
   1215 
   1216 TPM_RC Parse_TPMS_SCHEME_SM2(
   1217     std::string* buffer,
   1218     TPMS_SCHEME_SM2* value,
   1219     std::string* value_bytes) {
   1220   VLOG(3) << __func__;
   1221   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1222 }
   1223 
   1224 TPM_RC Serialize_TPMS_SCHEME_ECSCHNORR(
   1225     const TPMS_SCHEME_ECSCHNORR& value,
   1226     std::string* buffer) {
   1227   VLOG(3) << __func__;
   1228   return Serialize_TPMS_SCHEME_SIGHASH(value, buffer);
   1229 }
   1230 
   1231 TPM_RC Parse_TPMS_SCHEME_ECSCHNORR(
   1232     std::string* buffer,
   1233     TPMS_SCHEME_ECSCHNORR* value,
   1234     std::string* value_bytes) {
   1235   VLOG(3) << __func__;
   1236   return Parse_TPMS_SCHEME_SIGHASH(buffer, value, value_bytes);
   1237 }
   1238 
   1239 TPM_RC Serialize_TPMI_YES_NO(
   1240     const TPMI_YES_NO& value,
   1241     std::string* buffer) {
   1242   VLOG(3) << __func__;
   1243   return Serialize_BYTE(value, buffer);
   1244 }
   1245 
   1246 TPM_RC Parse_TPMI_YES_NO(
   1247     std::string* buffer,
   1248     TPMI_YES_NO* value,
   1249     std::string* value_bytes) {
   1250   VLOG(3) << __func__;
   1251   return Parse_BYTE(buffer, value, value_bytes);
   1252 }
   1253 
   1254 TPM_RC Serialize_TPMI_DH_OBJECT(
   1255     const TPMI_DH_OBJECT& value,
   1256     std::string* buffer) {
   1257   VLOG(3) << __func__;
   1258   return Serialize_TPM_HANDLE(value, buffer);
   1259 }
   1260 
   1261 TPM_RC Parse_TPMI_DH_OBJECT(
   1262     std::string* buffer,
   1263     TPMI_DH_OBJECT* value,
   1264     std::string* value_bytes) {
   1265   VLOG(3) << __func__;
   1266   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1267 }
   1268 
   1269 TPM_RC Serialize_TPMI_DH_PERSISTENT(
   1270     const TPMI_DH_PERSISTENT& value,
   1271     std::string* buffer) {
   1272   VLOG(3) << __func__;
   1273   return Serialize_TPM_HANDLE(value, buffer);
   1274 }
   1275 
   1276 TPM_RC Parse_TPMI_DH_PERSISTENT(
   1277     std::string* buffer,
   1278     TPMI_DH_PERSISTENT* value,
   1279     std::string* value_bytes) {
   1280   VLOG(3) << __func__;
   1281   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1282 }
   1283 
   1284 TPM_RC Serialize_TPMI_DH_ENTITY(
   1285     const TPMI_DH_ENTITY& value,
   1286     std::string* buffer) {
   1287   VLOG(3) << __func__;
   1288   return Serialize_TPM_HANDLE(value, buffer);
   1289 }
   1290 
   1291 TPM_RC Parse_TPMI_DH_ENTITY(
   1292     std::string* buffer,
   1293     TPMI_DH_ENTITY* value,
   1294     std::string* value_bytes) {
   1295   VLOG(3) << __func__;
   1296   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1297 }
   1298 
   1299 TPM_RC Serialize_TPMI_DH_PCR(
   1300     const TPMI_DH_PCR& value,
   1301     std::string* buffer) {
   1302   VLOG(3) << __func__;
   1303   return Serialize_TPM_HANDLE(value, buffer);
   1304 }
   1305 
   1306 TPM_RC Parse_TPMI_DH_PCR(
   1307     std::string* buffer,
   1308     TPMI_DH_PCR* value,
   1309     std::string* value_bytes) {
   1310   VLOG(3) << __func__;
   1311   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1312 }
   1313 
   1314 TPM_RC Serialize_TPMI_SH_AUTH_SESSION(
   1315     const TPMI_SH_AUTH_SESSION& value,
   1316     std::string* buffer) {
   1317   VLOG(3) << __func__;
   1318   return Serialize_TPM_HANDLE(value, buffer);
   1319 }
   1320 
   1321 TPM_RC Parse_TPMI_SH_AUTH_SESSION(
   1322     std::string* buffer,
   1323     TPMI_SH_AUTH_SESSION* value,
   1324     std::string* value_bytes) {
   1325   VLOG(3) << __func__;
   1326   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1327 }
   1328 
   1329 TPM_RC Serialize_TPMI_SH_HMAC(
   1330     const TPMI_SH_HMAC& value,
   1331     std::string* buffer) {
   1332   VLOG(3) << __func__;
   1333   return Serialize_TPM_HANDLE(value, buffer);
   1334 }
   1335 
   1336 TPM_RC Parse_TPMI_SH_HMAC(
   1337     std::string* buffer,
   1338     TPMI_SH_HMAC* value,
   1339     std::string* value_bytes) {
   1340   VLOG(3) << __func__;
   1341   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1342 }
   1343 
   1344 TPM_RC Serialize_TPMI_SH_POLICY(
   1345     const TPMI_SH_POLICY& value,
   1346     std::string* buffer) {
   1347   VLOG(3) << __func__;
   1348   return Serialize_TPM_HANDLE(value, buffer);
   1349 }
   1350 
   1351 TPM_RC Parse_TPMI_SH_POLICY(
   1352     std::string* buffer,
   1353     TPMI_SH_POLICY* value,
   1354     std::string* value_bytes) {
   1355   VLOG(3) << __func__;
   1356   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1357 }
   1358 
   1359 TPM_RC Serialize_TPMI_DH_CONTEXT(
   1360     const TPMI_DH_CONTEXT& value,
   1361     std::string* buffer) {
   1362   VLOG(3) << __func__;
   1363   return Serialize_TPM_HANDLE(value, buffer);
   1364 }
   1365 
   1366 TPM_RC Parse_TPMI_DH_CONTEXT(
   1367     std::string* buffer,
   1368     TPMI_DH_CONTEXT* value,
   1369     std::string* value_bytes) {
   1370   VLOG(3) << __func__;
   1371   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1372 }
   1373 
   1374 TPM_RC Serialize_TPMI_RH_HIERARCHY(
   1375     const TPMI_RH_HIERARCHY& value,
   1376     std::string* buffer) {
   1377   VLOG(3) << __func__;
   1378   return Serialize_TPM_HANDLE(value, buffer);
   1379 }
   1380 
   1381 TPM_RC Parse_TPMI_RH_HIERARCHY(
   1382     std::string* buffer,
   1383     TPMI_RH_HIERARCHY* value,
   1384     std::string* value_bytes) {
   1385   VLOG(3) << __func__;
   1386   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1387 }
   1388 
   1389 TPM_RC Serialize_TPMI_RH_ENABLES(
   1390     const TPMI_RH_ENABLES& value,
   1391     std::string* buffer) {
   1392   VLOG(3) << __func__;
   1393   return Serialize_TPM_HANDLE(value, buffer);
   1394 }
   1395 
   1396 TPM_RC Parse_TPMI_RH_ENABLES(
   1397     std::string* buffer,
   1398     TPMI_RH_ENABLES* value,
   1399     std::string* value_bytes) {
   1400   VLOG(3) << __func__;
   1401   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1402 }
   1403 
   1404 TPM_RC Serialize_TPMI_RH_HIERARCHY_AUTH(
   1405     const TPMI_RH_HIERARCHY_AUTH& value,
   1406     std::string* buffer) {
   1407   VLOG(3) << __func__;
   1408   return Serialize_TPM_HANDLE(value, buffer);
   1409 }
   1410 
   1411 TPM_RC Parse_TPMI_RH_HIERARCHY_AUTH(
   1412     std::string* buffer,
   1413     TPMI_RH_HIERARCHY_AUTH* value,
   1414     std::string* value_bytes) {
   1415   VLOG(3) << __func__;
   1416   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1417 }
   1418 
   1419 TPM_RC Serialize_TPMI_RH_PLATFORM(
   1420     const TPMI_RH_PLATFORM& value,
   1421     std::string* buffer) {
   1422   VLOG(3) << __func__;
   1423   return Serialize_TPM_HANDLE(value, buffer);
   1424 }
   1425 
   1426 TPM_RC Parse_TPMI_RH_PLATFORM(
   1427     std::string* buffer,
   1428     TPMI_RH_PLATFORM* value,
   1429     std::string* value_bytes) {
   1430   VLOG(3) << __func__;
   1431   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1432 }
   1433 
   1434 TPM_RC Serialize_TPMI_RH_OWNER(
   1435     const TPMI_RH_OWNER& value,
   1436     std::string* buffer) {
   1437   VLOG(3) << __func__;
   1438   return Serialize_TPM_HANDLE(value, buffer);
   1439 }
   1440 
   1441 TPM_RC Parse_TPMI_RH_OWNER(
   1442     std::string* buffer,
   1443     TPMI_RH_OWNER* value,
   1444     std::string* value_bytes) {
   1445   VLOG(3) << __func__;
   1446   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1447 }
   1448 
   1449 TPM_RC Serialize_TPMI_RH_ENDORSEMENT(
   1450     const TPMI_RH_ENDORSEMENT& value,
   1451     std::string* buffer) {
   1452   VLOG(3) << __func__;
   1453   return Serialize_TPM_HANDLE(value, buffer);
   1454 }
   1455 
   1456 TPM_RC Parse_TPMI_RH_ENDORSEMENT(
   1457     std::string* buffer,
   1458     TPMI_RH_ENDORSEMENT* value,
   1459     std::string* value_bytes) {
   1460   VLOG(3) << __func__;
   1461   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1462 }
   1463 
   1464 TPM_RC Serialize_TPMI_RH_PROVISION(
   1465     const TPMI_RH_PROVISION& value,
   1466     std::string* buffer) {
   1467   VLOG(3) << __func__;
   1468   return Serialize_TPM_HANDLE(value, buffer);
   1469 }
   1470 
   1471 TPM_RC Parse_TPMI_RH_PROVISION(
   1472     std::string* buffer,
   1473     TPMI_RH_PROVISION* value,
   1474     std::string* value_bytes) {
   1475   VLOG(3) << __func__;
   1476   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1477 }
   1478 
   1479 TPM_RC Serialize_TPMI_RH_CLEAR(
   1480     const TPMI_RH_CLEAR& value,
   1481     std::string* buffer) {
   1482   VLOG(3) << __func__;
   1483   return Serialize_TPM_HANDLE(value, buffer);
   1484 }
   1485 
   1486 TPM_RC Parse_TPMI_RH_CLEAR(
   1487     std::string* buffer,
   1488     TPMI_RH_CLEAR* value,
   1489     std::string* value_bytes) {
   1490   VLOG(3) << __func__;
   1491   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1492 }
   1493 
   1494 TPM_RC Serialize_TPMI_RH_NV_AUTH(
   1495     const TPMI_RH_NV_AUTH& value,
   1496     std::string* buffer) {
   1497   VLOG(3) << __func__;
   1498   return Serialize_TPM_HANDLE(value, buffer);
   1499 }
   1500 
   1501 TPM_RC Parse_TPMI_RH_NV_AUTH(
   1502     std::string* buffer,
   1503     TPMI_RH_NV_AUTH* value,
   1504     std::string* value_bytes) {
   1505   VLOG(3) << __func__;
   1506   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1507 }
   1508 
   1509 TPM_RC Serialize_TPMI_RH_LOCKOUT(
   1510     const TPMI_RH_LOCKOUT& value,
   1511     std::string* buffer) {
   1512   VLOG(3) << __func__;
   1513   return Serialize_TPM_HANDLE(value, buffer);
   1514 }
   1515 
   1516 TPM_RC Parse_TPMI_RH_LOCKOUT(
   1517     std::string* buffer,
   1518     TPMI_RH_LOCKOUT* value,
   1519     std::string* value_bytes) {
   1520   VLOG(3) << __func__;
   1521   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1522 }
   1523 
   1524 TPM_RC Serialize_TPMI_RH_NV_INDEX(
   1525     const TPMI_RH_NV_INDEX& value,
   1526     std::string* buffer) {
   1527   VLOG(3) << __func__;
   1528   return Serialize_TPM_HANDLE(value, buffer);
   1529 }
   1530 
   1531 TPM_RC Parse_TPMI_RH_NV_INDEX(
   1532     std::string* buffer,
   1533     TPMI_RH_NV_INDEX* value,
   1534     std::string* value_bytes) {
   1535   VLOG(3) << __func__;
   1536   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   1537 }
   1538 
   1539 TPM_RC Serialize_TPMI_ALG_ASYM(
   1540     const TPMI_ALG_ASYM& value,
   1541     std::string* buffer) {
   1542   VLOG(3) << __func__;
   1543   return Serialize_TPM_ALG_ID(value, buffer);
   1544 }
   1545 
   1546 TPM_RC Parse_TPMI_ALG_ASYM(
   1547     std::string* buffer,
   1548     TPMI_ALG_ASYM* value,
   1549     std::string* value_bytes) {
   1550   VLOG(3) << __func__;
   1551   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1552 }
   1553 
   1554 TPM_RC Serialize_TPMI_ALG_SYM(
   1555     const TPMI_ALG_SYM& value,
   1556     std::string* buffer) {
   1557   VLOG(3) << __func__;
   1558   return Serialize_TPM_ALG_ID(value, buffer);
   1559 }
   1560 
   1561 TPM_RC Parse_TPMI_ALG_SYM(
   1562     std::string* buffer,
   1563     TPMI_ALG_SYM* value,
   1564     std::string* value_bytes) {
   1565   VLOG(3) << __func__;
   1566   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1567 }
   1568 
   1569 TPM_RC Serialize_TPMI_ALG_SYM_OBJECT(
   1570     const TPMI_ALG_SYM_OBJECT& value,
   1571     std::string* buffer) {
   1572   VLOG(3) << __func__;
   1573   return Serialize_TPM_ALG_ID(value, buffer);
   1574 }
   1575 
   1576 TPM_RC Parse_TPMI_ALG_SYM_OBJECT(
   1577     std::string* buffer,
   1578     TPMI_ALG_SYM_OBJECT* value,
   1579     std::string* value_bytes) {
   1580   VLOG(3) << __func__;
   1581   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1582 }
   1583 
   1584 TPM_RC Serialize_TPMI_ALG_SYM_MODE(
   1585     const TPMI_ALG_SYM_MODE& value,
   1586     std::string* buffer) {
   1587   VLOG(3) << __func__;
   1588   return Serialize_TPM_ALG_ID(value, buffer);
   1589 }
   1590 
   1591 TPM_RC Parse_TPMI_ALG_SYM_MODE(
   1592     std::string* buffer,
   1593     TPMI_ALG_SYM_MODE* value,
   1594     std::string* value_bytes) {
   1595   VLOG(3) << __func__;
   1596   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1597 }
   1598 
   1599 TPM_RC Serialize_TPMI_ALG_KDF(
   1600     const TPMI_ALG_KDF& value,
   1601     std::string* buffer) {
   1602   VLOG(3) << __func__;
   1603   return Serialize_TPM_ALG_ID(value, buffer);
   1604 }
   1605 
   1606 TPM_RC Parse_TPMI_ALG_KDF(
   1607     std::string* buffer,
   1608     TPMI_ALG_KDF* value,
   1609     std::string* value_bytes) {
   1610   VLOG(3) << __func__;
   1611   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1612 }
   1613 
   1614 TPM_RC Serialize_TPMI_ALG_SIG_SCHEME(
   1615     const TPMI_ALG_SIG_SCHEME& value,
   1616     std::string* buffer) {
   1617   VLOG(3) << __func__;
   1618   return Serialize_TPM_ALG_ID(value, buffer);
   1619 }
   1620 
   1621 TPM_RC Parse_TPMI_ALG_SIG_SCHEME(
   1622     std::string* buffer,
   1623     TPMI_ALG_SIG_SCHEME* value,
   1624     std::string* value_bytes) {
   1625   VLOG(3) << __func__;
   1626   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1627 }
   1628 
   1629 TPM_RC Serialize_TPMI_ECC_KEY_EXCHANGE(
   1630     const TPMI_ECC_KEY_EXCHANGE& value,
   1631     std::string* buffer) {
   1632   VLOG(3) << __func__;
   1633   return Serialize_TPM_ALG_ID(value, buffer);
   1634 }
   1635 
   1636 TPM_RC Parse_TPMI_ECC_KEY_EXCHANGE(
   1637     std::string* buffer,
   1638     TPMI_ECC_KEY_EXCHANGE* value,
   1639     std::string* value_bytes) {
   1640   VLOG(3) << __func__;
   1641   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1642 }
   1643 
   1644 TPM_RC Serialize_TPM_ST(
   1645     const TPM_ST& value,
   1646     std::string* buffer) {
   1647   VLOG(3) << __func__;
   1648   return Serialize_UINT16(value, buffer);
   1649 }
   1650 
   1651 TPM_RC Parse_TPM_ST(
   1652     std::string* buffer,
   1653     TPM_ST* value,
   1654     std::string* value_bytes) {
   1655   VLOG(3) << __func__;
   1656   return Parse_UINT16(buffer, value, value_bytes);
   1657 }
   1658 
   1659 TPM_RC Serialize_TPMI_ST_COMMAND_TAG(
   1660     const TPMI_ST_COMMAND_TAG& value,
   1661     std::string* buffer) {
   1662   VLOG(3) << __func__;
   1663   return Serialize_TPM_ST(value, buffer);
   1664 }
   1665 
   1666 TPM_RC Parse_TPMI_ST_COMMAND_TAG(
   1667     std::string* buffer,
   1668     TPMI_ST_COMMAND_TAG* value,
   1669     std::string* value_bytes) {
   1670   VLOG(3) << __func__;
   1671   return Parse_TPM_ST(buffer, value, value_bytes);
   1672 }
   1673 
   1674 TPM_RC Serialize_TPMI_ST_ATTEST(
   1675     const TPMI_ST_ATTEST& value,
   1676     std::string* buffer) {
   1677   VLOG(3) << __func__;
   1678   return Serialize_TPM_ST(value, buffer);
   1679 }
   1680 
   1681 TPM_RC Parse_TPMI_ST_ATTEST(
   1682     std::string* buffer,
   1683     TPMI_ST_ATTEST* value,
   1684     std::string* value_bytes) {
   1685   VLOG(3) << __func__;
   1686   return Parse_TPM_ST(buffer, value, value_bytes);
   1687 }
   1688 
   1689 TPM_RC Serialize_TPMI_AES_KEY_BITS(
   1690     const TPMI_AES_KEY_BITS& value,
   1691     std::string* buffer) {
   1692   VLOG(3) << __func__;
   1693   return Serialize_TPM_KEY_BITS(value, buffer);
   1694 }
   1695 
   1696 TPM_RC Parse_TPMI_AES_KEY_BITS(
   1697     std::string* buffer,
   1698     TPMI_AES_KEY_BITS* value,
   1699     std::string* value_bytes) {
   1700   VLOG(3) << __func__;
   1701   return Parse_TPM_KEY_BITS(buffer, value, value_bytes);
   1702 }
   1703 
   1704 TPM_RC Serialize_TPMI_SM4_KEY_BITS(
   1705     const TPMI_SM4_KEY_BITS& value,
   1706     std::string* buffer) {
   1707   VLOG(3) << __func__;
   1708   return Serialize_TPM_KEY_BITS(value, buffer);
   1709 }
   1710 
   1711 TPM_RC Parse_TPMI_SM4_KEY_BITS(
   1712     std::string* buffer,
   1713     TPMI_SM4_KEY_BITS* value,
   1714     std::string* value_bytes) {
   1715   VLOG(3) << __func__;
   1716   return Parse_TPM_KEY_BITS(buffer, value, value_bytes);
   1717 }
   1718 
   1719 TPM_RC Serialize_TPMI_ALG_KEYEDHASH_SCHEME(
   1720     const TPMI_ALG_KEYEDHASH_SCHEME& value,
   1721     std::string* buffer) {
   1722   VLOG(3) << __func__;
   1723   return Serialize_TPM_ALG_ID(value, buffer);
   1724 }
   1725 
   1726 TPM_RC Parse_TPMI_ALG_KEYEDHASH_SCHEME(
   1727     std::string* buffer,
   1728     TPMI_ALG_KEYEDHASH_SCHEME* value,
   1729     std::string* value_bytes) {
   1730   VLOG(3) << __func__;
   1731   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1732 }
   1733 
   1734 TPM_RC Serialize_TPMI_ALG_ASYM_SCHEME(
   1735     const TPMI_ALG_ASYM_SCHEME& value,
   1736     std::string* buffer) {
   1737   VLOG(3) << __func__;
   1738   return Serialize_TPM_ALG_ID(value, buffer);
   1739 }
   1740 
   1741 TPM_RC Parse_TPMI_ALG_ASYM_SCHEME(
   1742     std::string* buffer,
   1743     TPMI_ALG_ASYM_SCHEME* value,
   1744     std::string* value_bytes) {
   1745   VLOG(3) << __func__;
   1746   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1747 }
   1748 
   1749 TPM_RC Serialize_TPMI_ALG_RSA_SCHEME(
   1750     const TPMI_ALG_RSA_SCHEME& value,
   1751     std::string* buffer) {
   1752   VLOG(3) << __func__;
   1753   return Serialize_TPM_ALG_ID(value, buffer);
   1754 }
   1755 
   1756 TPM_RC Parse_TPMI_ALG_RSA_SCHEME(
   1757     std::string* buffer,
   1758     TPMI_ALG_RSA_SCHEME* value,
   1759     std::string* value_bytes) {
   1760   VLOG(3) << __func__;
   1761   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1762 }
   1763 
   1764 TPM_RC Serialize_TPMI_ALG_RSA_DECRYPT(
   1765     const TPMI_ALG_RSA_DECRYPT& value,
   1766     std::string* buffer) {
   1767   VLOG(3) << __func__;
   1768   return Serialize_TPM_ALG_ID(value, buffer);
   1769 }
   1770 
   1771 TPM_RC Parse_TPMI_ALG_RSA_DECRYPT(
   1772     std::string* buffer,
   1773     TPMI_ALG_RSA_DECRYPT* value,
   1774     std::string* value_bytes) {
   1775   VLOG(3) << __func__;
   1776   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1777 }
   1778 
   1779 TPM_RC Serialize_TPMI_RSA_KEY_BITS(
   1780     const TPMI_RSA_KEY_BITS& value,
   1781     std::string* buffer) {
   1782   VLOG(3) << __func__;
   1783   return Serialize_TPM_KEY_BITS(value, buffer);
   1784 }
   1785 
   1786 TPM_RC Parse_TPMI_RSA_KEY_BITS(
   1787     std::string* buffer,
   1788     TPMI_RSA_KEY_BITS* value,
   1789     std::string* value_bytes) {
   1790   VLOG(3) << __func__;
   1791   return Parse_TPM_KEY_BITS(buffer, value, value_bytes);
   1792 }
   1793 
   1794 TPM_RC Serialize_TPMI_ALG_ECC_SCHEME(
   1795     const TPMI_ALG_ECC_SCHEME& value,
   1796     std::string* buffer) {
   1797   VLOG(3) << __func__;
   1798   return Serialize_TPM_ALG_ID(value, buffer);
   1799 }
   1800 
   1801 TPM_RC Parse_TPMI_ALG_ECC_SCHEME(
   1802     std::string* buffer,
   1803     TPMI_ALG_ECC_SCHEME* value,
   1804     std::string* value_bytes) {
   1805   VLOG(3) << __func__;
   1806   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1807 }
   1808 
   1809 TPM_RC Serialize_TPM_ECC_CURVE(
   1810     const TPM_ECC_CURVE& value,
   1811     std::string* buffer) {
   1812   VLOG(3) << __func__;
   1813   return Serialize_UINT16(value, buffer);
   1814 }
   1815 
   1816 TPM_RC Parse_TPM_ECC_CURVE(
   1817     std::string* buffer,
   1818     TPM_ECC_CURVE* value,
   1819     std::string* value_bytes) {
   1820   VLOG(3) << __func__;
   1821   return Parse_UINT16(buffer, value, value_bytes);
   1822 }
   1823 
   1824 TPM_RC Serialize_TPMI_ECC_CURVE(
   1825     const TPMI_ECC_CURVE& value,
   1826     std::string* buffer) {
   1827   VLOG(3) << __func__;
   1828   return Serialize_TPM_ECC_CURVE(value, buffer);
   1829 }
   1830 
   1831 TPM_RC Parse_TPMI_ECC_CURVE(
   1832     std::string* buffer,
   1833     TPMI_ECC_CURVE* value,
   1834     std::string* value_bytes) {
   1835   VLOG(3) << __func__;
   1836   return Parse_TPM_ECC_CURVE(buffer, value, value_bytes);
   1837 }
   1838 
   1839 TPM_RC Serialize_TPMI_ALG_PUBLIC(
   1840     const TPMI_ALG_PUBLIC& value,
   1841     std::string* buffer) {
   1842   VLOG(3) << __func__;
   1843   return Serialize_TPM_ALG_ID(value, buffer);
   1844 }
   1845 
   1846 TPM_RC Parse_TPMI_ALG_PUBLIC(
   1847     std::string* buffer,
   1848     TPMI_ALG_PUBLIC* value,
   1849     std::string* value_bytes) {
   1850   VLOG(3) << __func__;
   1851   return Parse_TPM_ALG_ID(buffer, value, value_bytes);
   1852 }
   1853 
   1854 TPM_RC Serialize_TPMA_ALGORITHM(
   1855     const TPMA_ALGORITHM& value,
   1856     std::string* buffer) {
   1857   VLOG(3) << __func__;
   1858   return Serialize_UINT32(value, buffer);
   1859 }
   1860 
   1861 TPM_RC Parse_TPMA_ALGORITHM(
   1862     std::string* buffer,
   1863     TPMA_ALGORITHM* value,
   1864     std::string* value_bytes) {
   1865   VLOG(3) << __func__;
   1866   return Parse_UINT32(buffer, value, value_bytes);
   1867 }
   1868 
   1869 TPM_RC Serialize_TPMA_OBJECT(
   1870     const TPMA_OBJECT& value,
   1871     std::string* buffer) {
   1872   VLOG(3) << __func__;
   1873   return Serialize_UINT32(value, buffer);
   1874 }
   1875 
   1876 TPM_RC Parse_TPMA_OBJECT(
   1877     std::string* buffer,
   1878     TPMA_OBJECT* value,
   1879     std::string* value_bytes) {
   1880   VLOG(3) << __func__;
   1881   return Parse_UINT32(buffer, value, value_bytes);
   1882 }
   1883 
   1884 TPM_RC Serialize_TPMA_SESSION(
   1885     const TPMA_SESSION& value,
   1886     std::string* buffer) {
   1887   VLOG(3) << __func__;
   1888   return Serialize_UINT8(value, buffer);
   1889 }
   1890 
   1891 TPM_RC Parse_TPMA_SESSION(
   1892     std::string* buffer,
   1893     TPMA_SESSION* value,
   1894     std::string* value_bytes) {
   1895   VLOG(3) << __func__;
   1896   return Parse_UINT8(buffer, value, value_bytes);
   1897 }
   1898 
   1899 TPM_RC Serialize_TPMA_LOCALITY(
   1900     const TPMA_LOCALITY& value,
   1901     std::string* buffer) {
   1902   VLOG(3) << __func__;
   1903   return Serialize_UINT8(value, buffer);
   1904 }
   1905 
   1906 TPM_RC Parse_TPMA_LOCALITY(
   1907     std::string* buffer,
   1908     TPMA_LOCALITY* value,
   1909     std::string* value_bytes) {
   1910   VLOG(3) << __func__;
   1911   return Parse_UINT8(buffer, value, value_bytes);
   1912 }
   1913 
   1914 TPM_RC Serialize_TPMA_PERMANENT(
   1915     const TPMA_PERMANENT& value,
   1916     std::string* buffer) {
   1917   VLOG(3) << __func__;
   1918   return Serialize_UINT32(value, buffer);
   1919 }
   1920 
   1921 TPM_RC Parse_TPMA_PERMANENT(
   1922     std::string* buffer,
   1923     TPMA_PERMANENT* value,
   1924     std::string* value_bytes) {
   1925   VLOG(3) << __func__;
   1926   return Parse_UINT32(buffer, value, value_bytes);
   1927 }
   1928 
   1929 TPM_RC Serialize_TPMA_STARTUP_CLEAR(
   1930     const TPMA_STARTUP_CLEAR& value,
   1931     std::string* buffer) {
   1932   VLOG(3) << __func__;
   1933   return Serialize_UINT32(value, buffer);
   1934 }
   1935 
   1936 TPM_RC Parse_TPMA_STARTUP_CLEAR(
   1937     std::string* buffer,
   1938     TPMA_STARTUP_CLEAR* value,
   1939     std::string* value_bytes) {
   1940   VLOG(3) << __func__;
   1941   return Parse_UINT32(buffer, value, value_bytes);
   1942 }
   1943 
   1944 TPM_RC Serialize_TPMA_MEMORY(
   1945     const TPMA_MEMORY& value,
   1946     std::string* buffer) {
   1947   VLOG(3) << __func__;
   1948   return Serialize_UINT32(value, buffer);
   1949 }
   1950 
   1951 TPM_RC Parse_TPMA_MEMORY(
   1952     std::string* buffer,
   1953     TPMA_MEMORY* value,
   1954     std::string* value_bytes) {
   1955   VLOG(3) << __func__;
   1956   return Parse_UINT32(buffer, value, value_bytes);
   1957 }
   1958 
   1959 TPM_RC Serialize_TPM_CC(
   1960     const TPM_CC& value,
   1961     std::string* buffer) {
   1962   VLOG(3) << __func__;
   1963   return Serialize_UINT32(value, buffer);
   1964 }
   1965 
   1966 TPM_RC Parse_TPM_CC(
   1967     std::string* buffer,
   1968     TPM_CC* value,
   1969     std::string* value_bytes) {
   1970   VLOG(3) << __func__;
   1971   return Parse_UINT32(buffer, value, value_bytes);
   1972 }
   1973 
   1974 TPM_RC Serialize_TPMA_CC(
   1975     const TPMA_CC& value,
   1976     std::string* buffer) {
   1977   VLOG(3) << __func__;
   1978   return Serialize_TPM_CC(value, buffer);
   1979 }
   1980 
   1981 TPM_RC Parse_TPMA_CC(
   1982     std::string* buffer,
   1983     TPMA_CC* value,
   1984     std::string* value_bytes) {
   1985   VLOG(3) << __func__;
   1986   return Parse_TPM_CC(buffer, value, value_bytes);
   1987 }
   1988 
   1989 TPM_RC Serialize_TPM_NV_INDEX(
   1990     const TPM_NV_INDEX& value,
   1991     std::string* buffer) {
   1992   VLOG(3) << __func__;
   1993   return Serialize_UINT32(value, buffer);
   1994 }
   1995 
   1996 TPM_RC Parse_TPM_NV_INDEX(
   1997     std::string* buffer,
   1998     TPM_NV_INDEX* value,
   1999     std::string* value_bytes) {
   2000   VLOG(3) << __func__;
   2001   return Parse_UINT32(buffer, value, value_bytes);
   2002 }
   2003 
   2004 TPM_RC Serialize_TPMA_NV(
   2005     const TPMA_NV& value,
   2006     std::string* buffer) {
   2007   VLOG(3) << __func__;
   2008   return Serialize_UINT32(value, buffer);
   2009 }
   2010 
   2011 TPM_RC Parse_TPMA_NV(
   2012     std::string* buffer,
   2013     TPMA_NV* value,
   2014     std::string* value_bytes) {
   2015   VLOG(3) << __func__;
   2016   return Parse_UINT32(buffer, value, value_bytes);
   2017 }
   2018 
   2019 TPM_RC Serialize_TPM_SPEC(
   2020     const TPM_SPEC& value,
   2021     std::string* buffer) {
   2022   VLOG(3) << __func__;
   2023   return Serialize_UINT32(value, buffer);
   2024 }
   2025 
   2026 TPM_RC Parse_TPM_SPEC(
   2027     std::string* buffer,
   2028     TPM_SPEC* value,
   2029     std::string* value_bytes) {
   2030   VLOG(3) << __func__;
   2031   return Parse_UINT32(buffer, value, value_bytes);
   2032 }
   2033 
   2034 TPM_RC Serialize_TPM_GENERATED(
   2035     const TPM_GENERATED& value,
   2036     std::string* buffer) {
   2037   VLOG(3) << __func__;
   2038   return Serialize_UINT32(value, buffer);
   2039 }
   2040 
   2041 TPM_RC Parse_TPM_GENERATED(
   2042     std::string* buffer,
   2043     TPM_GENERATED* value,
   2044     std::string* value_bytes) {
   2045   VLOG(3) << __func__;
   2046   return Parse_UINT32(buffer, value, value_bytes);
   2047 }
   2048 
   2049 TPM_RC Serialize_TPM_RC(
   2050     const TPM_RC& value,
   2051     std::string* buffer) {
   2052   VLOG(3) << __func__;
   2053   return Serialize_UINT32(value, buffer);
   2054 }
   2055 
   2056 TPM_RC Parse_TPM_RC(
   2057     std::string* buffer,
   2058     TPM_RC* value,
   2059     std::string* value_bytes) {
   2060   VLOG(3) << __func__;
   2061   return Parse_UINT32(buffer, value, value_bytes);
   2062 }
   2063 
   2064 TPM_RC Serialize_TPM_CLOCK_ADJUST(
   2065     const TPM_CLOCK_ADJUST& value,
   2066     std::string* buffer) {
   2067   VLOG(3) << __func__;
   2068   return Serialize_INT8(value, buffer);
   2069 }
   2070 
   2071 TPM_RC Parse_TPM_CLOCK_ADJUST(
   2072     std::string* buffer,
   2073     TPM_CLOCK_ADJUST* value,
   2074     std::string* value_bytes) {
   2075   VLOG(3) << __func__;
   2076   return Parse_INT8(buffer, value, value_bytes);
   2077 }
   2078 
   2079 TPM_RC Serialize_TPM_EO(
   2080     const TPM_EO& value,
   2081     std::string* buffer) {
   2082   VLOG(3) << __func__;
   2083   return Serialize_UINT16(value, buffer);
   2084 }
   2085 
   2086 TPM_RC Parse_TPM_EO(
   2087     std::string* buffer,
   2088     TPM_EO* value,
   2089     std::string* value_bytes) {
   2090   VLOG(3) << __func__;
   2091   return Parse_UINT16(buffer, value, value_bytes);
   2092 }
   2093 
   2094 TPM_RC Serialize_TPM_SU(
   2095     const TPM_SU& value,
   2096     std::string* buffer) {
   2097   VLOG(3) << __func__;
   2098   return Serialize_UINT16(value, buffer);
   2099 }
   2100 
   2101 TPM_RC Parse_TPM_SU(
   2102     std::string* buffer,
   2103     TPM_SU* value,
   2104     std::string* value_bytes) {
   2105   VLOG(3) << __func__;
   2106   return Parse_UINT16(buffer, value, value_bytes);
   2107 }
   2108 
   2109 TPM_RC Serialize_TPM_SE(
   2110     const TPM_SE& value,
   2111     std::string* buffer) {
   2112   VLOG(3) << __func__;
   2113   return Serialize_UINT8(value, buffer);
   2114 }
   2115 
   2116 TPM_RC Parse_TPM_SE(
   2117     std::string* buffer,
   2118     TPM_SE* value,
   2119     std::string* value_bytes) {
   2120   VLOG(3) << __func__;
   2121   return Parse_UINT8(buffer, value, value_bytes);
   2122 }
   2123 
   2124 TPM_RC Serialize_TPM_CAP(
   2125     const TPM_CAP& value,
   2126     std::string* buffer) {
   2127   VLOG(3) << __func__;
   2128   return Serialize_UINT32(value, buffer);
   2129 }
   2130 
   2131 TPM_RC Parse_TPM_CAP(
   2132     std::string* buffer,
   2133     TPM_CAP* value,
   2134     std::string* value_bytes) {
   2135   VLOG(3) << __func__;
   2136   return Parse_UINT32(buffer, value, value_bytes);
   2137 }
   2138 
   2139 TPM_RC Serialize_TPM_PT(
   2140     const TPM_PT& value,
   2141     std::string* buffer) {
   2142   VLOG(3) << __func__;
   2143   return Serialize_UINT32(value, buffer);
   2144 }
   2145 
   2146 TPM_RC Parse_TPM_PT(
   2147     std::string* buffer,
   2148     TPM_PT* value,
   2149     std::string* value_bytes) {
   2150   VLOG(3) << __func__;
   2151   return Parse_UINT32(buffer, value, value_bytes);
   2152 }
   2153 
   2154 TPM_RC Serialize_TPM_PT_PCR(
   2155     const TPM_PT_PCR& value,
   2156     std::string* buffer) {
   2157   VLOG(3) << __func__;
   2158   return Serialize_UINT32(value, buffer);
   2159 }
   2160 
   2161 TPM_RC Parse_TPM_PT_PCR(
   2162     std::string* buffer,
   2163     TPM_PT_PCR* value,
   2164     std::string* value_bytes) {
   2165   VLOG(3) << __func__;
   2166   return Parse_UINT32(buffer, value, value_bytes);
   2167 }
   2168 
   2169 TPM_RC Serialize_TPM_PS(
   2170     const TPM_PS& value,
   2171     std::string* buffer) {
   2172   VLOG(3) << __func__;
   2173   return Serialize_UINT32(value, buffer);
   2174 }
   2175 
   2176 TPM_RC Parse_TPM_PS(
   2177     std::string* buffer,
   2178     TPM_PS* value,
   2179     std::string* value_bytes) {
   2180   VLOG(3) << __func__;
   2181   return Parse_UINT32(buffer, value, value_bytes);
   2182 }
   2183 
   2184 TPM_RC Serialize_TPM_HT(
   2185     const TPM_HT& value,
   2186     std::string* buffer) {
   2187   VLOG(3) << __func__;
   2188   return Serialize_UINT8(value, buffer);
   2189 }
   2190 
   2191 TPM_RC Parse_TPM_HT(
   2192     std::string* buffer,
   2193     TPM_HT* value,
   2194     std::string* value_bytes) {
   2195   VLOG(3) << __func__;
   2196   return Parse_UINT8(buffer, value, value_bytes);
   2197 }
   2198 
   2199 TPM_RC Serialize_TPM_RH(
   2200     const TPM_RH& value,
   2201     std::string* buffer) {
   2202   VLOG(3) << __func__;
   2203   return Serialize_UINT32(value, buffer);
   2204 }
   2205 
   2206 TPM_RC Parse_TPM_RH(
   2207     std::string* buffer,
   2208     TPM_RH* value,
   2209     std::string* value_bytes) {
   2210   VLOG(3) << __func__;
   2211   return Parse_UINT32(buffer, value, value_bytes);
   2212 }
   2213 
   2214 TPM_RC Serialize_TPM_HC(
   2215     const TPM_HC& value,
   2216     std::string* buffer) {
   2217   VLOG(3) << __func__;
   2218   return Serialize_TPM_HANDLE(value, buffer);
   2219 }
   2220 
   2221 TPM_RC Parse_TPM_HC(
   2222     std::string* buffer,
   2223     TPM_HC* value,
   2224     std::string* value_bytes) {
   2225   VLOG(3) << __func__;
   2226   return Parse_TPM_HANDLE(buffer, value, value_bytes);
   2227 }
   2228 
   2229 TPM_RC Serialize_TPMS_ALGORITHM_DESCRIPTION(
   2230     const TPMS_ALGORITHM_DESCRIPTION& value,
   2231     std::string* buffer) {
   2232   TPM_RC result = TPM_RC_SUCCESS;
   2233   VLOG(3) << __func__;
   2234 
   2235   result = Serialize_TPM_ALG_ID(value.alg, buffer);
   2236   if (result) {
   2237     return result;
   2238   }
   2239 
   2240   result = Serialize_TPMA_ALGORITHM(value.attributes, buffer);
   2241   if (result) {
   2242     return result;
   2243   }
   2244   return result;
   2245 }
   2246 
   2247 TPM_RC Parse_TPMS_ALGORITHM_DESCRIPTION(
   2248     std::string* buffer,
   2249     TPMS_ALGORITHM_DESCRIPTION* value,
   2250     std::string* value_bytes) {
   2251   TPM_RC result = TPM_RC_SUCCESS;
   2252   VLOG(3) << __func__;
   2253 
   2254   result = Parse_TPM_ALG_ID(
   2255       buffer,
   2256       &value->alg,
   2257       value_bytes);
   2258   if (result) {
   2259     return result;
   2260   }
   2261 
   2262   result = Parse_TPMA_ALGORITHM(
   2263       buffer,
   2264       &value->attributes,
   2265       value_bytes);
   2266   if (result) {
   2267     return result;
   2268   }
   2269   return result;
   2270 }
   2271 
   2272 TPM_RC Serialize_TPMU_HA(
   2273     const TPMU_HA& value,
   2274     TPMI_ALG_HASH selector,
   2275     std::string* buffer) {
   2276   TPM_RC result = TPM_RC_SUCCESS;
   2277   VLOG(3) << __func__;
   2278 
   2279   if (selector == TPM_ALG_SHA384) {
   2280     if (arraysize(value.sha384) < SHA384_DIGEST_SIZE) {
   2281       return TPM_RC_INSUFFICIENT;
   2282     }
   2283     for (uint32_t i = 0; i < SHA384_DIGEST_SIZE; ++i) {
   2284       result = Serialize_BYTE(value.sha384[i], buffer);
   2285       if (result) {
   2286         return result;
   2287       }
   2288     }
   2289   }
   2290 
   2291   if (selector == TPM_ALG_SHA1) {
   2292     if (arraysize(value.sha1) < SHA1_DIGEST_SIZE) {
   2293       return TPM_RC_INSUFFICIENT;
   2294     }
   2295     for (uint32_t i = 0; i < SHA1_DIGEST_SIZE; ++i) {
   2296       result = Serialize_BYTE(value.sha1[i], buffer);
   2297       if (result) {
   2298         return result;
   2299       }
   2300     }
   2301   }
   2302 
   2303   if (selector == TPM_ALG_SM3_256) {
   2304     if (arraysize(value.sm3_256) < SM3_256_DIGEST_SIZE) {
   2305       return TPM_RC_INSUFFICIENT;
   2306     }
   2307     for (uint32_t i = 0; i < SM3_256_DIGEST_SIZE; ++i) {
   2308       result = Serialize_BYTE(value.sm3_256[i], buffer);
   2309       if (result) {
   2310         return result;
   2311       }
   2312     }
   2313   }
   2314 
   2315   if (selector == TPM_ALG_NULL) {
   2316     // Do nothing.
   2317   }
   2318 
   2319   if (selector == TPM_ALG_SHA256) {
   2320     if (arraysize(value.sha256) < SHA256_DIGEST_SIZE) {
   2321       return TPM_RC_INSUFFICIENT;
   2322     }
   2323     for (uint32_t i = 0; i < SHA256_DIGEST_SIZE; ++i) {
   2324       result = Serialize_BYTE(value.sha256[i], buffer);
   2325       if (result) {
   2326         return result;
   2327       }
   2328     }
   2329   }
   2330 
   2331   if (selector == TPM_ALG_SHA512) {
   2332     if (arraysize(value.sha512) < SHA512_DIGEST_SIZE) {
   2333       return TPM_RC_INSUFFICIENT;
   2334     }
   2335     for (uint32_t i = 0; i < SHA512_DIGEST_SIZE; ++i) {
   2336       result = Serialize_BYTE(value.sha512[i], buffer);
   2337       if (result) {
   2338         return result;
   2339       }
   2340     }
   2341   }
   2342   return result;
   2343 }
   2344 
   2345 TPM_RC Parse_TPMU_HA(
   2346     std::string* buffer,
   2347     TPMI_ALG_HASH selector,
   2348     TPMU_HA* value,
   2349     std::string* value_bytes) {
   2350   TPM_RC result = TPM_RC_SUCCESS;
   2351   VLOG(3) << __func__;
   2352 
   2353   if (selector == TPM_ALG_SHA384) {
   2354     if (arraysize(value->sha384) < SHA384_DIGEST_SIZE) {
   2355       return TPM_RC_INSUFFICIENT;
   2356     }
   2357     for (uint32_t i = 0; i < SHA384_DIGEST_SIZE; ++i) {
   2358       result = Parse_BYTE(
   2359           buffer,
   2360           &value->sha384[i],
   2361           value_bytes);
   2362       if (result) {
   2363         return result;
   2364       }
   2365     }
   2366   }
   2367 
   2368   if (selector == TPM_ALG_SHA1) {
   2369     if (arraysize(value->sha1) < SHA1_DIGEST_SIZE) {
   2370       return TPM_RC_INSUFFICIENT;
   2371     }
   2372     for (uint32_t i = 0; i < SHA1_DIGEST_SIZE; ++i) {
   2373       result = Parse_BYTE(
   2374           buffer,
   2375           &value->sha1[i],
   2376           value_bytes);
   2377       if (result) {
   2378         return result;
   2379       }
   2380     }
   2381   }
   2382 
   2383   if (selector == TPM_ALG_SM3_256) {
   2384     if (arraysize(value->sm3_256) < SM3_256_DIGEST_SIZE) {
   2385       return TPM_RC_INSUFFICIENT;
   2386     }
   2387     for (uint32_t i = 0; i < SM3_256_DIGEST_SIZE; ++i) {
   2388       result = Parse_BYTE(
   2389           buffer,
   2390           &value->sm3_256[i],
   2391           value_bytes);
   2392       if (result) {
   2393         return result;
   2394       }
   2395     }
   2396   }
   2397 
   2398   if (selector == TPM_ALG_NULL) {
   2399     // Do nothing.
   2400   }
   2401 
   2402   if (selector == TPM_ALG_SHA256) {
   2403     if (arraysize(value->sha256) < SHA256_DIGEST_SIZE) {
   2404       return TPM_RC_INSUFFICIENT;
   2405     }
   2406     for (uint32_t i = 0; i < SHA256_DIGEST_SIZE; ++i) {
   2407       result = Parse_BYTE(
   2408           buffer,
   2409           &value->sha256[i],
   2410           value_bytes);
   2411       if (result) {
   2412         return result;
   2413       }
   2414     }
   2415   }
   2416 
   2417   if (selector == TPM_ALG_SHA512) {
   2418     if (arraysize(value->sha512) < SHA512_DIGEST_SIZE) {
   2419       return TPM_RC_INSUFFICIENT;
   2420     }
   2421     for (uint32_t i = 0; i < SHA512_DIGEST_SIZE; ++i) {
   2422       result = Parse_BYTE(
   2423           buffer,
   2424           &value->sha512[i],
   2425           value_bytes);
   2426       if (result) {
   2427         return result;
   2428       }
   2429     }
   2430   }
   2431   return result;
   2432 }
   2433 
   2434 TPM_RC Serialize_TPMT_HA(
   2435     const TPMT_HA& value,
   2436     std::string* buffer) {
   2437   TPM_RC result = TPM_RC_SUCCESS;
   2438   VLOG(3) << __func__;
   2439 
   2440   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   2441   if (result) {
   2442     return result;
   2443   }
   2444 
   2445   result = Serialize_TPMU_HA(
   2446       value.digest,
   2447       value.hash_alg,
   2448       buffer);
   2449   if (result) {
   2450     return result;
   2451   }
   2452   return result;
   2453 }
   2454 
   2455 TPM_RC Parse_TPMT_HA(
   2456     std::string* buffer,
   2457     TPMT_HA* value,
   2458     std::string* value_bytes) {
   2459   TPM_RC result = TPM_RC_SUCCESS;
   2460   VLOG(3) << __func__;
   2461 
   2462   result = Parse_TPMI_ALG_HASH(
   2463       buffer,
   2464       &value->hash_alg,
   2465       value_bytes);
   2466   if (result) {
   2467     return result;
   2468   }
   2469 
   2470   result = Parse_TPMU_HA(
   2471       buffer,
   2472       value->hash_alg,
   2473       &value->digest,
   2474       value_bytes);
   2475   if (result) {
   2476     return result;
   2477   }
   2478   return result;
   2479 }
   2480 
   2481 TPM_RC Serialize_TPM2B_DATA(
   2482     const TPM2B_DATA& value,
   2483     std::string* buffer) {
   2484   TPM_RC result = TPM_RC_SUCCESS;
   2485   VLOG(3) << __func__;
   2486 
   2487   result = Serialize_UINT16(value.size, buffer);
   2488   if (result) {
   2489     return result;
   2490   }
   2491 
   2492   if (arraysize(value.buffer) < value.size) {
   2493     return TPM_RC_INSUFFICIENT;
   2494   }
   2495   for (uint32_t i = 0; i < value.size; ++i) {
   2496     result = Serialize_BYTE(value.buffer[i], buffer);
   2497     if (result) {
   2498       return result;
   2499     }
   2500   }
   2501   return result;
   2502 }
   2503 
   2504 TPM_RC Parse_TPM2B_DATA(
   2505     std::string* buffer,
   2506     TPM2B_DATA* value,
   2507     std::string* value_bytes) {
   2508   TPM_RC result = TPM_RC_SUCCESS;
   2509   VLOG(3) << __func__;
   2510 
   2511   result = Parse_UINT16(
   2512       buffer,
   2513       &value->size,
   2514       value_bytes);
   2515   if (result) {
   2516     return result;
   2517   }
   2518 
   2519   if (arraysize(value->buffer) < value->size) {
   2520     return TPM_RC_INSUFFICIENT;
   2521   }
   2522   for (uint32_t i = 0; i < value->size; ++i) {
   2523     result = Parse_BYTE(
   2524         buffer,
   2525         &value->buffer[i],
   2526         value_bytes);
   2527     if (result) {
   2528       return result;
   2529     }
   2530   }
   2531   return result;
   2532 }
   2533 
   2534 TPM2B_DATA Make_TPM2B_DATA(
   2535     const std::string& bytes) {
   2536   TPM2B_DATA tpm2b;
   2537   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2538   memset(&tpm2b, 0, sizeof(TPM2B_DATA));
   2539   tpm2b.size = bytes.size();
   2540   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2541   return tpm2b;
   2542 }
   2543 
   2544 std::string StringFrom_TPM2B_DATA(
   2545     const TPM2B_DATA& tpm2b) {
   2546   const char* char_buffer = reinterpret_cast<const char*>(
   2547       tpm2b.buffer);
   2548   return std::string(char_buffer, tpm2b.size);
   2549 }
   2550 
   2551 TPM_RC Serialize_TPM2B_EVENT(
   2552     const TPM2B_EVENT& value,
   2553     std::string* buffer) {
   2554   TPM_RC result = TPM_RC_SUCCESS;
   2555   VLOG(3) << __func__;
   2556 
   2557   result = Serialize_UINT16(value.size, buffer);
   2558   if (result) {
   2559     return result;
   2560   }
   2561 
   2562   if (arraysize(value.buffer) < value.size) {
   2563     return TPM_RC_INSUFFICIENT;
   2564   }
   2565   for (uint32_t i = 0; i < value.size; ++i) {
   2566     result = Serialize_BYTE(value.buffer[i], buffer);
   2567     if (result) {
   2568       return result;
   2569     }
   2570   }
   2571   return result;
   2572 }
   2573 
   2574 TPM_RC Parse_TPM2B_EVENT(
   2575     std::string* buffer,
   2576     TPM2B_EVENT* value,
   2577     std::string* value_bytes) {
   2578   TPM_RC result = TPM_RC_SUCCESS;
   2579   VLOG(3) << __func__;
   2580 
   2581   result = Parse_UINT16(
   2582       buffer,
   2583       &value->size,
   2584       value_bytes);
   2585   if (result) {
   2586     return result;
   2587   }
   2588 
   2589   if (arraysize(value->buffer) < value->size) {
   2590     return TPM_RC_INSUFFICIENT;
   2591   }
   2592   for (uint32_t i = 0; i < value->size; ++i) {
   2593     result = Parse_BYTE(
   2594         buffer,
   2595         &value->buffer[i],
   2596         value_bytes);
   2597     if (result) {
   2598       return result;
   2599     }
   2600   }
   2601   return result;
   2602 }
   2603 
   2604 TPM2B_EVENT Make_TPM2B_EVENT(
   2605     const std::string& bytes) {
   2606   TPM2B_EVENT tpm2b;
   2607   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2608   memset(&tpm2b, 0, sizeof(TPM2B_EVENT));
   2609   tpm2b.size = bytes.size();
   2610   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2611   return tpm2b;
   2612 }
   2613 
   2614 std::string StringFrom_TPM2B_EVENT(
   2615     const TPM2B_EVENT& tpm2b) {
   2616   const char* char_buffer = reinterpret_cast<const char*>(
   2617       tpm2b.buffer);
   2618   return std::string(char_buffer, tpm2b.size);
   2619 }
   2620 
   2621 TPM_RC Serialize_TPM2B_MAX_BUFFER(
   2622     const TPM2B_MAX_BUFFER& value,
   2623     std::string* buffer) {
   2624   TPM_RC result = TPM_RC_SUCCESS;
   2625   VLOG(3) << __func__;
   2626 
   2627   result = Serialize_UINT16(value.size, buffer);
   2628   if (result) {
   2629     return result;
   2630   }
   2631 
   2632   if (arraysize(value.buffer) < value.size) {
   2633     return TPM_RC_INSUFFICIENT;
   2634   }
   2635   for (uint32_t i = 0; i < value.size; ++i) {
   2636     result = Serialize_BYTE(value.buffer[i], buffer);
   2637     if (result) {
   2638       return result;
   2639     }
   2640   }
   2641   return result;
   2642 }
   2643 
   2644 TPM_RC Parse_TPM2B_MAX_BUFFER(
   2645     std::string* buffer,
   2646     TPM2B_MAX_BUFFER* value,
   2647     std::string* value_bytes) {
   2648   TPM_RC result = TPM_RC_SUCCESS;
   2649   VLOG(3) << __func__;
   2650 
   2651   result = Parse_UINT16(
   2652       buffer,
   2653       &value->size,
   2654       value_bytes);
   2655   if (result) {
   2656     return result;
   2657   }
   2658 
   2659   if (arraysize(value->buffer) < value->size) {
   2660     return TPM_RC_INSUFFICIENT;
   2661   }
   2662   for (uint32_t i = 0; i < value->size; ++i) {
   2663     result = Parse_BYTE(
   2664         buffer,
   2665         &value->buffer[i],
   2666         value_bytes);
   2667     if (result) {
   2668       return result;
   2669     }
   2670   }
   2671   return result;
   2672 }
   2673 
   2674 TPM2B_MAX_BUFFER Make_TPM2B_MAX_BUFFER(
   2675     const std::string& bytes) {
   2676   TPM2B_MAX_BUFFER tpm2b;
   2677   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2678   memset(&tpm2b, 0, sizeof(TPM2B_MAX_BUFFER));
   2679   tpm2b.size = bytes.size();
   2680   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2681   return tpm2b;
   2682 }
   2683 
   2684 std::string StringFrom_TPM2B_MAX_BUFFER(
   2685     const TPM2B_MAX_BUFFER& tpm2b) {
   2686   const char* char_buffer = reinterpret_cast<const char*>(
   2687       tpm2b.buffer);
   2688   return std::string(char_buffer, tpm2b.size);
   2689 }
   2690 
   2691 TPM_RC Serialize_TPM2B_MAX_NV_BUFFER(
   2692     const TPM2B_MAX_NV_BUFFER& value,
   2693     std::string* buffer) {
   2694   TPM_RC result = TPM_RC_SUCCESS;
   2695   VLOG(3) << __func__;
   2696 
   2697   result = Serialize_UINT16(value.size, buffer);
   2698   if (result) {
   2699     return result;
   2700   }
   2701 
   2702   if (arraysize(value.buffer) < value.size) {
   2703     return TPM_RC_INSUFFICIENT;
   2704   }
   2705   for (uint32_t i = 0; i < value.size; ++i) {
   2706     result = Serialize_BYTE(value.buffer[i], buffer);
   2707     if (result) {
   2708       return result;
   2709     }
   2710   }
   2711   return result;
   2712 }
   2713 
   2714 TPM_RC Parse_TPM2B_MAX_NV_BUFFER(
   2715     std::string* buffer,
   2716     TPM2B_MAX_NV_BUFFER* value,
   2717     std::string* value_bytes) {
   2718   TPM_RC result = TPM_RC_SUCCESS;
   2719   VLOG(3) << __func__;
   2720 
   2721   result = Parse_UINT16(
   2722       buffer,
   2723       &value->size,
   2724       value_bytes);
   2725   if (result) {
   2726     return result;
   2727   }
   2728 
   2729   if (arraysize(value->buffer) < value->size) {
   2730     return TPM_RC_INSUFFICIENT;
   2731   }
   2732   for (uint32_t i = 0; i < value->size; ++i) {
   2733     result = Parse_BYTE(
   2734         buffer,
   2735         &value->buffer[i],
   2736         value_bytes);
   2737     if (result) {
   2738       return result;
   2739     }
   2740   }
   2741   return result;
   2742 }
   2743 
   2744 TPM2B_MAX_NV_BUFFER Make_TPM2B_MAX_NV_BUFFER(
   2745     const std::string& bytes) {
   2746   TPM2B_MAX_NV_BUFFER tpm2b;
   2747   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2748   memset(&tpm2b, 0, sizeof(TPM2B_MAX_NV_BUFFER));
   2749   tpm2b.size = bytes.size();
   2750   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2751   return tpm2b;
   2752 }
   2753 
   2754 std::string StringFrom_TPM2B_MAX_NV_BUFFER(
   2755     const TPM2B_MAX_NV_BUFFER& tpm2b) {
   2756   const char* char_buffer = reinterpret_cast<const char*>(
   2757       tpm2b.buffer);
   2758   return std::string(char_buffer, tpm2b.size);
   2759 }
   2760 
   2761 TPM_RC Serialize_TPM2B_TIMEOUT(
   2762     const TPM2B_TIMEOUT& value,
   2763     std::string* buffer) {
   2764   TPM_RC result = TPM_RC_SUCCESS;
   2765   VLOG(3) << __func__;
   2766 
   2767   result = Serialize_UINT16(value.size, buffer);
   2768   if (result) {
   2769     return result;
   2770   }
   2771 
   2772   if (arraysize(value.buffer) < value.size) {
   2773     return TPM_RC_INSUFFICIENT;
   2774   }
   2775   for (uint32_t i = 0; i < value.size; ++i) {
   2776     result = Serialize_BYTE(value.buffer[i], buffer);
   2777     if (result) {
   2778       return result;
   2779     }
   2780   }
   2781   return result;
   2782 }
   2783 
   2784 TPM_RC Parse_TPM2B_TIMEOUT(
   2785     std::string* buffer,
   2786     TPM2B_TIMEOUT* value,
   2787     std::string* value_bytes) {
   2788   TPM_RC result = TPM_RC_SUCCESS;
   2789   VLOG(3) << __func__;
   2790 
   2791   result = Parse_UINT16(
   2792       buffer,
   2793       &value->size,
   2794       value_bytes);
   2795   if (result) {
   2796     return result;
   2797   }
   2798 
   2799   if (arraysize(value->buffer) < value->size) {
   2800     return TPM_RC_INSUFFICIENT;
   2801   }
   2802   for (uint32_t i = 0; i < value->size; ++i) {
   2803     result = Parse_BYTE(
   2804         buffer,
   2805         &value->buffer[i],
   2806         value_bytes);
   2807     if (result) {
   2808       return result;
   2809     }
   2810   }
   2811   return result;
   2812 }
   2813 
   2814 TPM2B_TIMEOUT Make_TPM2B_TIMEOUT(
   2815     const std::string& bytes) {
   2816   TPM2B_TIMEOUT tpm2b;
   2817   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2818   memset(&tpm2b, 0, sizeof(TPM2B_TIMEOUT));
   2819   tpm2b.size = bytes.size();
   2820   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2821   return tpm2b;
   2822 }
   2823 
   2824 std::string StringFrom_TPM2B_TIMEOUT(
   2825     const TPM2B_TIMEOUT& tpm2b) {
   2826   const char* char_buffer = reinterpret_cast<const char*>(
   2827       tpm2b.buffer);
   2828   return std::string(char_buffer, tpm2b.size);
   2829 }
   2830 
   2831 TPM_RC Serialize_TPM2B_IV(
   2832     const TPM2B_IV& value,
   2833     std::string* buffer) {
   2834   TPM_RC result = TPM_RC_SUCCESS;
   2835   VLOG(3) << __func__;
   2836 
   2837   result = Serialize_UINT16(value.size, buffer);
   2838   if (result) {
   2839     return result;
   2840   }
   2841 
   2842   if (arraysize(value.buffer) < value.size) {
   2843     return TPM_RC_INSUFFICIENT;
   2844   }
   2845   for (uint32_t i = 0; i < value.size; ++i) {
   2846     result = Serialize_BYTE(value.buffer[i], buffer);
   2847     if (result) {
   2848       return result;
   2849     }
   2850   }
   2851   return result;
   2852 }
   2853 
   2854 TPM_RC Parse_TPM2B_IV(
   2855     std::string* buffer,
   2856     TPM2B_IV* value,
   2857     std::string* value_bytes) {
   2858   TPM_RC result = TPM_RC_SUCCESS;
   2859   VLOG(3) << __func__;
   2860 
   2861   result = Parse_UINT16(
   2862       buffer,
   2863       &value->size,
   2864       value_bytes);
   2865   if (result) {
   2866     return result;
   2867   }
   2868 
   2869   if (arraysize(value->buffer) < value->size) {
   2870     return TPM_RC_INSUFFICIENT;
   2871   }
   2872   for (uint32_t i = 0; i < value->size; ++i) {
   2873     result = Parse_BYTE(
   2874         buffer,
   2875         &value->buffer[i],
   2876         value_bytes);
   2877     if (result) {
   2878       return result;
   2879     }
   2880   }
   2881   return result;
   2882 }
   2883 
   2884 TPM2B_IV Make_TPM2B_IV(
   2885     const std::string& bytes) {
   2886   TPM2B_IV tpm2b;
   2887   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   2888   memset(&tpm2b, 0, sizeof(TPM2B_IV));
   2889   tpm2b.size = bytes.size();
   2890   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   2891   return tpm2b;
   2892 }
   2893 
   2894 std::string StringFrom_TPM2B_IV(
   2895     const TPM2B_IV& tpm2b) {
   2896   const char* char_buffer = reinterpret_cast<const char*>(
   2897       tpm2b.buffer);
   2898   return std::string(char_buffer, tpm2b.size);
   2899 }
   2900 
   2901 TPM_RC Serialize_TPM2B_NAME(
   2902     const TPM2B_NAME& value,
   2903     std::string* buffer) {
   2904   TPM_RC result = TPM_RC_SUCCESS;
   2905   VLOG(3) << __func__;
   2906 
   2907   result = Serialize_UINT16(value.size, buffer);
   2908   if (result) {
   2909     return result;
   2910   }
   2911 
   2912   if (arraysize(value.name) < value.size) {
   2913     return TPM_RC_INSUFFICIENT;
   2914   }
   2915   for (uint32_t i = 0; i < value.size; ++i) {
   2916     result = Serialize_BYTE(value.name[i], buffer);
   2917     if (result) {
   2918       return result;
   2919     }
   2920   }
   2921   return result;
   2922 }
   2923 
   2924 TPM_RC Parse_TPM2B_NAME(
   2925     std::string* buffer,
   2926     TPM2B_NAME* value,
   2927     std::string* value_bytes) {
   2928   TPM_RC result = TPM_RC_SUCCESS;
   2929   VLOG(3) << __func__;
   2930 
   2931   result = Parse_UINT16(
   2932       buffer,
   2933       &value->size,
   2934       value_bytes);
   2935   if (result) {
   2936     return result;
   2937   }
   2938 
   2939   if (arraysize(value->name) < value->size) {
   2940     return TPM_RC_INSUFFICIENT;
   2941   }
   2942   for (uint32_t i = 0; i < value->size; ++i) {
   2943     result = Parse_BYTE(
   2944         buffer,
   2945         &value->name[i],
   2946         value_bytes);
   2947     if (result) {
   2948       return result;
   2949     }
   2950   }
   2951   return result;
   2952 }
   2953 
   2954 TPM2B_NAME Make_TPM2B_NAME(
   2955     const std::string& bytes) {
   2956   TPM2B_NAME tpm2b;
   2957   CHECK(bytes.size() <= sizeof(tpm2b.name));
   2958   memset(&tpm2b, 0, sizeof(TPM2B_NAME));
   2959   tpm2b.size = bytes.size();
   2960   memcpy(tpm2b.name, bytes.data(), bytes.size());
   2961   return tpm2b;
   2962 }
   2963 
   2964 std::string StringFrom_TPM2B_NAME(
   2965     const TPM2B_NAME& tpm2b) {
   2966   const char* char_buffer = reinterpret_cast<const char*>(
   2967       tpm2b.name);
   2968   return std::string(char_buffer, tpm2b.size);
   2969 }
   2970 
   2971 TPM_RC Serialize_TPMS_PCR_SELECT(
   2972     const TPMS_PCR_SELECT& value,
   2973     std::string* buffer) {
   2974   TPM_RC result = TPM_RC_SUCCESS;
   2975   VLOG(3) << __func__;
   2976 
   2977   result = Serialize_UINT8(value.sizeof_select, buffer);
   2978   if (result) {
   2979     return result;
   2980   }
   2981 
   2982   if (arraysize(value.pcr_select) < value.sizeof_select) {
   2983     return TPM_RC_INSUFFICIENT;
   2984   }
   2985   for (uint32_t i = 0; i < value.sizeof_select; ++i) {
   2986     result = Serialize_BYTE(value.pcr_select[i], buffer);
   2987     if (result) {
   2988       return result;
   2989     }
   2990   }
   2991   return result;
   2992 }
   2993 
   2994 TPM_RC Parse_TPMS_PCR_SELECT(
   2995     std::string* buffer,
   2996     TPMS_PCR_SELECT* value,
   2997     std::string* value_bytes) {
   2998   TPM_RC result = TPM_RC_SUCCESS;
   2999   VLOG(3) << __func__;
   3000 
   3001   result = Parse_UINT8(
   3002       buffer,
   3003       &value->sizeof_select,
   3004       value_bytes);
   3005   if (result) {
   3006     return result;
   3007   }
   3008 
   3009   if (arraysize(value->pcr_select) < value->sizeof_select) {
   3010     return TPM_RC_INSUFFICIENT;
   3011   }
   3012   for (uint32_t i = 0; i < value->sizeof_select; ++i) {
   3013     result = Parse_BYTE(
   3014         buffer,
   3015         &value->pcr_select[i],
   3016         value_bytes);
   3017     if (result) {
   3018       return result;
   3019     }
   3020   }
   3021   return result;
   3022 }
   3023 
   3024 TPM_RC Serialize_TPMS_PCR_SELECTION(
   3025     const TPMS_PCR_SELECTION& value,
   3026     std::string* buffer) {
   3027   TPM_RC result = TPM_RC_SUCCESS;
   3028   VLOG(3) << __func__;
   3029 
   3030   result = Serialize_TPMI_ALG_HASH(value.hash, buffer);
   3031   if (result) {
   3032     return result;
   3033   }
   3034 
   3035   result = Serialize_UINT8(value.sizeof_select, buffer);
   3036   if (result) {
   3037     return result;
   3038   }
   3039 
   3040   if (arraysize(value.pcr_select) < value.sizeof_select) {
   3041     return TPM_RC_INSUFFICIENT;
   3042   }
   3043   for (uint32_t i = 0; i < value.sizeof_select; ++i) {
   3044     result = Serialize_BYTE(value.pcr_select[i], buffer);
   3045     if (result) {
   3046       return result;
   3047     }
   3048   }
   3049   return result;
   3050 }
   3051 
   3052 TPM_RC Parse_TPMS_PCR_SELECTION(
   3053     std::string* buffer,
   3054     TPMS_PCR_SELECTION* value,
   3055     std::string* value_bytes) {
   3056   TPM_RC result = TPM_RC_SUCCESS;
   3057   VLOG(3) << __func__;
   3058 
   3059   result = Parse_TPMI_ALG_HASH(
   3060       buffer,
   3061       &value->hash,
   3062       value_bytes);
   3063   if (result) {
   3064     return result;
   3065   }
   3066 
   3067   result = Parse_UINT8(
   3068       buffer,
   3069       &value->sizeof_select,
   3070       value_bytes);
   3071   if (result) {
   3072     return result;
   3073   }
   3074 
   3075   if (arraysize(value->pcr_select) < value->sizeof_select) {
   3076     return TPM_RC_INSUFFICIENT;
   3077   }
   3078   for (uint32_t i = 0; i < value->sizeof_select; ++i) {
   3079     result = Parse_BYTE(
   3080         buffer,
   3081         &value->pcr_select[i],
   3082         value_bytes);
   3083     if (result) {
   3084       return result;
   3085     }
   3086   }
   3087   return result;
   3088 }
   3089 
   3090 TPM_RC Serialize_TPMT_TK_CREATION(
   3091     const TPMT_TK_CREATION& value,
   3092     std::string* buffer) {
   3093   TPM_RC result = TPM_RC_SUCCESS;
   3094   VLOG(3) << __func__;
   3095 
   3096   result = Serialize_TPM_ST(value.tag, buffer);
   3097   if (result) {
   3098     return result;
   3099   }
   3100 
   3101   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   3102   if (result) {
   3103     return result;
   3104   }
   3105 
   3106   result = Serialize_TPM2B_DIGEST(value.digest, buffer);
   3107   if (result) {
   3108     return result;
   3109   }
   3110   return result;
   3111 }
   3112 
   3113 TPM_RC Parse_TPMT_TK_CREATION(
   3114     std::string* buffer,
   3115     TPMT_TK_CREATION* value,
   3116     std::string* value_bytes) {
   3117   TPM_RC result = TPM_RC_SUCCESS;
   3118   VLOG(3) << __func__;
   3119 
   3120   result = Parse_TPM_ST(
   3121       buffer,
   3122       &value->tag,
   3123       value_bytes);
   3124   if (result) {
   3125     return result;
   3126   }
   3127 
   3128   result = Parse_TPMI_RH_HIERARCHY(
   3129       buffer,
   3130       &value->hierarchy,
   3131       value_bytes);
   3132   if (result) {
   3133     return result;
   3134   }
   3135 
   3136   result = Parse_TPM2B_DIGEST(
   3137       buffer,
   3138       &value->digest,
   3139       value_bytes);
   3140   if (result) {
   3141     return result;
   3142   }
   3143   return result;
   3144 }
   3145 
   3146 TPM_RC Serialize_TPMT_TK_VERIFIED(
   3147     const TPMT_TK_VERIFIED& value,
   3148     std::string* buffer) {
   3149   TPM_RC result = TPM_RC_SUCCESS;
   3150   VLOG(3) << __func__;
   3151 
   3152   result = Serialize_TPM_ST(value.tag, buffer);
   3153   if (result) {
   3154     return result;
   3155   }
   3156 
   3157   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   3158   if (result) {
   3159     return result;
   3160   }
   3161 
   3162   result = Serialize_TPM2B_DIGEST(value.digest, buffer);
   3163   if (result) {
   3164     return result;
   3165   }
   3166   return result;
   3167 }
   3168 
   3169 TPM_RC Parse_TPMT_TK_VERIFIED(
   3170     std::string* buffer,
   3171     TPMT_TK_VERIFIED* value,
   3172     std::string* value_bytes) {
   3173   TPM_RC result = TPM_RC_SUCCESS;
   3174   VLOG(3) << __func__;
   3175 
   3176   result = Parse_TPM_ST(
   3177       buffer,
   3178       &value->tag,
   3179       value_bytes);
   3180   if (result) {
   3181     return result;
   3182   }
   3183 
   3184   result = Parse_TPMI_RH_HIERARCHY(
   3185       buffer,
   3186       &value->hierarchy,
   3187       value_bytes);
   3188   if (result) {
   3189     return result;
   3190   }
   3191 
   3192   result = Parse_TPM2B_DIGEST(
   3193       buffer,
   3194       &value->digest,
   3195       value_bytes);
   3196   if (result) {
   3197     return result;
   3198   }
   3199   return result;
   3200 }
   3201 
   3202 TPM_RC Serialize_TPMT_TK_AUTH(
   3203     const TPMT_TK_AUTH& value,
   3204     std::string* buffer) {
   3205   TPM_RC result = TPM_RC_SUCCESS;
   3206   VLOG(3) << __func__;
   3207 
   3208   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   3209   if (result) {
   3210     return result;
   3211   }
   3212 
   3213   result = Serialize_TPM2B_DIGEST(value.digest, buffer);
   3214   if (result) {
   3215     return result;
   3216   }
   3217   return result;
   3218 }
   3219 
   3220 TPM_RC Parse_TPMT_TK_AUTH(
   3221     std::string* buffer,
   3222     TPMT_TK_AUTH* value,
   3223     std::string* value_bytes) {
   3224   TPM_RC result = TPM_RC_SUCCESS;
   3225   VLOG(3) << __func__;
   3226 
   3227   result = Parse_TPMI_RH_HIERARCHY(
   3228       buffer,
   3229       &value->hierarchy,
   3230       value_bytes);
   3231   if (result) {
   3232     return result;
   3233   }
   3234 
   3235   result = Parse_TPM2B_DIGEST(
   3236       buffer,
   3237       &value->digest,
   3238       value_bytes);
   3239   if (result) {
   3240     return result;
   3241   }
   3242   return result;
   3243 }
   3244 
   3245 TPM_RC Serialize_TPMT_TK_HASHCHECK(
   3246     const TPMT_TK_HASHCHECK& value,
   3247     std::string* buffer) {
   3248   TPM_RC result = TPM_RC_SUCCESS;
   3249   VLOG(3) << __func__;
   3250 
   3251   result = Serialize_TPM_ST(value.tag, buffer);
   3252   if (result) {
   3253     return result;
   3254   }
   3255 
   3256   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   3257   if (result) {
   3258     return result;
   3259   }
   3260 
   3261   result = Serialize_TPM2B_DIGEST(value.digest, buffer);
   3262   if (result) {
   3263     return result;
   3264   }
   3265   return result;
   3266 }
   3267 
   3268 TPM_RC Parse_TPMT_TK_HASHCHECK(
   3269     std::string* buffer,
   3270     TPMT_TK_HASHCHECK* value,
   3271     std::string* value_bytes) {
   3272   TPM_RC result = TPM_RC_SUCCESS;
   3273   VLOG(3) << __func__;
   3274 
   3275   result = Parse_TPM_ST(
   3276       buffer,
   3277       &value->tag,
   3278       value_bytes);
   3279   if (result) {
   3280     return result;
   3281   }
   3282 
   3283   result = Parse_TPMI_RH_HIERARCHY(
   3284       buffer,
   3285       &value->hierarchy,
   3286       value_bytes);
   3287   if (result) {
   3288     return result;
   3289   }
   3290 
   3291   result = Parse_TPM2B_DIGEST(
   3292       buffer,
   3293       &value->digest,
   3294       value_bytes);
   3295   if (result) {
   3296     return result;
   3297   }
   3298   return result;
   3299 }
   3300 
   3301 TPM_RC Serialize_TPMS_ALG_PROPERTY(
   3302     const TPMS_ALG_PROPERTY& value,
   3303     std::string* buffer) {
   3304   TPM_RC result = TPM_RC_SUCCESS;
   3305   VLOG(3) << __func__;
   3306 
   3307   result = Serialize_TPM_ALG_ID(value.alg, buffer);
   3308   if (result) {
   3309     return result;
   3310   }
   3311 
   3312   result = Serialize_TPMA_ALGORITHM(value.alg_properties, buffer);
   3313   if (result) {
   3314     return result;
   3315   }
   3316   return result;
   3317 }
   3318 
   3319 TPM_RC Parse_TPMS_ALG_PROPERTY(
   3320     std::string* buffer,
   3321     TPMS_ALG_PROPERTY* value,
   3322     std::string* value_bytes) {
   3323   TPM_RC result = TPM_RC_SUCCESS;
   3324   VLOG(3) << __func__;
   3325 
   3326   result = Parse_TPM_ALG_ID(
   3327       buffer,
   3328       &value->alg,
   3329       value_bytes);
   3330   if (result) {
   3331     return result;
   3332   }
   3333 
   3334   result = Parse_TPMA_ALGORITHM(
   3335       buffer,
   3336       &value->alg_properties,
   3337       value_bytes);
   3338   if (result) {
   3339     return result;
   3340   }
   3341   return result;
   3342 }
   3343 
   3344 TPM_RC Serialize_TPMS_TAGGED_PROPERTY(
   3345     const TPMS_TAGGED_PROPERTY& value,
   3346     std::string* buffer) {
   3347   TPM_RC result = TPM_RC_SUCCESS;
   3348   VLOG(3) << __func__;
   3349 
   3350   result = Serialize_TPM_PT(value.property, buffer);
   3351   if (result) {
   3352     return result;
   3353   }
   3354 
   3355   result = Serialize_UINT32(value.value, buffer);
   3356   if (result) {
   3357     return result;
   3358   }
   3359   return result;
   3360 }
   3361 
   3362 TPM_RC Parse_TPMS_TAGGED_PROPERTY(
   3363     std::string* buffer,
   3364     TPMS_TAGGED_PROPERTY* value,
   3365     std::string* value_bytes) {
   3366   TPM_RC result = TPM_RC_SUCCESS;
   3367   VLOG(3) << __func__;
   3368 
   3369   result = Parse_TPM_PT(
   3370       buffer,
   3371       &value->property,
   3372       value_bytes);
   3373   if (result) {
   3374     return result;
   3375   }
   3376 
   3377   result = Parse_UINT32(
   3378       buffer,
   3379       &value->value,
   3380       value_bytes);
   3381   if (result) {
   3382     return result;
   3383   }
   3384   return result;
   3385 }
   3386 
   3387 TPM_RC Serialize_TPMS_TAGGED_PCR_SELECT(
   3388     const TPMS_TAGGED_PCR_SELECT& value,
   3389     std::string* buffer) {
   3390   TPM_RC result = TPM_RC_SUCCESS;
   3391   VLOG(3) << __func__;
   3392 
   3393   result = Serialize_TPM_PT(value.tag, buffer);
   3394   if (result) {
   3395     return result;
   3396   }
   3397 
   3398   result = Serialize_UINT8(value.sizeof_select, buffer);
   3399   if (result) {
   3400     return result;
   3401   }
   3402 
   3403   if (arraysize(value.pcr_select) < value.sizeof_select) {
   3404     return TPM_RC_INSUFFICIENT;
   3405   }
   3406   for (uint32_t i = 0; i < value.sizeof_select; ++i) {
   3407     result = Serialize_BYTE(value.pcr_select[i], buffer);
   3408     if (result) {
   3409       return result;
   3410     }
   3411   }
   3412   return result;
   3413 }
   3414 
   3415 TPM_RC Parse_TPMS_TAGGED_PCR_SELECT(
   3416     std::string* buffer,
   3417     TPMS_TAGGED_PCR_SELECT* value,
   3418     std::string* value_bytes) {
   3419   TPM_RC result = TPM_RC_SUCCESS;
   3420   VLOG(3) << __func__;
   3421 
   3422   result = Parse_TPM_PT(
   3423       buffer,
   3424       &value->tag,
   3425       value_bytes);
   3426   if (result) {
   3427     return result;
   3428   }
   3429 
   3430   result = Parse_UINT8(
   3431       buffer,
   3432       &value->sizeof_select,
   3433       value_bytes);
   3434   if (result) {
   3435     return result;
   3436   }
   3437 
   3438   if (arraysize(value->pcr_select) < value->sizeof_select) {
   3439     return TPM_RC_INSUFFICIENT;
   3440   }
   3441   for (uint32_t i = 0; i < value->sizeof_select; ++i) {
   3442     result = Parse_BYTE(
   3443         buffer,
   3444         &value->pcr_select[i],
   3445         value_bytes);
   3446     if (result) {
   3447       return result;
   3448     }
   3449   }
   3450   return result;
   3451 }
   3452 
   3453 TPM_RC Serialize_TPML_CC(
   3454     const TPML_CC& value,
   3455     std::string* buffer) {
   3456   TPM_RC result = TPM_RC_SUCCESS;
   3457   VLOG(3) << __func__;
   3458 
   3459   result = Serialize_UINT32(value.count, buffer);
   3460   if (result) {
   3461     return result;
   3462   }
   3463 
   3464   if (arraysize(value.command_codes) < value.count) {
   3465     return TPM_RC_INSUFFICIENT;
   3466   }
   3467   for (uint32_t i = 0; i < value.count; ++i) {
   3468     result = Serialize_TPM_CC(value.command_codes[i], buffer);
   3469     if (result) {
   3470       return result;
   3471     }
   3472   }
   3473   return result;
   3474 }
   3475 
   3476 TPM_RC Parse_TPML_CC(
   3477     std::string* buffer,
   3478     TPML_CC* value,
   3479     std::string* value_bytes) {
   3480   TPM_RC result = TPM_RC_SUCCESS;
   3481   VLOG(3) << __func__;
   3482 
   3483   result = Parse_UINT32(
   3484       buffer,
   3485       &value->count,
   3486       value_bytes);
   3487   if (result) {
   3488     return result;
   3489   }
   3490 
   3491   if (arraysize(value->command_codes) < value->count) {
   3492     return TPM_RC_INSUFFICIENT;
   3493   }
   3494   for (uint32_t i = 0; i < value->count; ++i) {
   3495     result = Parse_TPM_CC(
   3496         buffer,
   3497         &value->command_codes[i],
   3498         value_bytes);
   3499     if (result) {
   3500       return result;
   3501     }
   3502   }
   3503   return result;
   3504 }
   3505 
   3506 TPM_RC Serialize_TPML_CCA(
   3507     const TPML_CCA& value,
   3508     std::string* buffer) {
   3509   TPM_RC result = TPM_RC_SUCCESS;
   3510   VLOG(3) << __func__;
   3511 
   3512   result = Serialize_UINT32(value.count, buffer);
   3513   if (result) {
   3514     return result;
   3515   }
   3516 
   3517   if (arraysize(value.command_attributes) < value.count) {
   3518     return TPM_RC_INSUFFICIENT;
   3519   }
   3520   for (uint32_t i = 0; i < value.count; ++i) {
   3521     result = Serialize_TPMA_CC(value.command_attributes[i], buffer);
   3522     if (result) {
   3523       return result;
   3524     }
   3525   }
   3526   return result;
   3527 }
   3528 
   3529 TPM_RC Parse_TPML_CCA(
   3530     std::string* buffer,
   3531     TPML_CCA* value,
   3532     std::string* value_bytes) {
   3533   TPM_RC result = TPM_RC_SUCCESS;
   3534   VLOG(3) << __func__;
   3535 
   3536   result = Parse_UINT32(
   3537       buffer,
   3538       &value->count,
   3539       value_bytes);
   3540   if (result) {
   3541     return result;
   3542   }
   3543 
   3544   if (arraysize(value->command_attributes) < value->count) {
   3545     return TPM_RC_INSUFFICIENT;
   3546   }
   3547   for (uint32_t i = 0; i < value->count; ++i) {
   3548     result = Parse_TPMA_CC(
   3549         buffer,
   3550         &value->command_attributes[i],
   3551         value_bytes);
   3552     if (result) {
   3553       return result;
   3554     }
   3555   }
   3556   return result;
   3557 }
   3558 
   3559 TPM_RC Serialize_TPML_ALG(
   3560     const TPML_ALG& value,
   3561     std::string* buffer) {
   3562   TPM_RC result = TPM_RC_SUCCESS;
   3563   VLOG(3) << __func__;
   3564 
   3565   result = Serialize_UINT32(value.count, buffer);
   3566   if (result) {
   3567     return result;
   3568   }
   3569 
   3570   if (arraysize(value.algorithms) < value.count) {
   3571     return TPM_RC_INSUFFICIENT;
   3572   }
   3573   for (uint32_t i = 0; i < value.count; ++i) {
   3574     result = Serialize_TPM_ALG_ID(value.algorithms[i], buffer);
   3575     if (result) {
   3576       return result;
   3577     }
   3578   }
   3579   return result;
   3580 }
   3581 
   3582 TPM_RC Parse_TPML_ALG(
   3583     std::string* buffer,
   3584     TPML_ALG* value,
   3585     std::string* value_bytes) {
   3586   TPM_RC result = TPM_RC_SUCCESS;
   3587   VLOG(3) << __func__;
   3588 
   3589   result = Parse_UINT32(
   3590       buffer,
   3591       &value->count,
   3592       value_bytes);
   3593   if (result) {
   3594     return result;
   3595   }
   3596 
   3597   if (arraysize(value->algorithms) < value->count) {
   3598     return TPM_RC_INSUFFICIENT;
   3599   }
   3600   for (uint32_t i = 0; i < value->count; ++i) {
   3601     result = Parse_TPM_ALG_ID(
   3602         buffer,
   3603         &value->algorithms[i],
   3604         value_bytes);
   3605     if (result) {
   3606       return result;
   3607     }
   3608   }
   3609   return result;
   3610 }
   3611 
   3612 TPM_RC Serialize_TPML_HANDLE(
   3613     const TPML_HANDLE& value,
   3614     std::string* buffer) {
   3615   TPM_RC result = TPM_RC_SUCCESS;
   3616   VLOG(3) << __func__;
   3617 
   3618   result = Serialize_UINT32(value.count, buffer);
   3619   if (result) {
   3620     return result;
   3621   }
   3622 
   3623   if (arraysize(value.handle) < value.count) {
   3624     return TPM_RC_INSUFFICIENT;
   3625   }
   3626   for (uint32_t i = 0; i < value.count; ++i) {
   3627     result = Serialize_TPM_HANDLE(value.handle[i], buffer);
   3628     if (result) {
   3629       return result;
   3630     }
   3631   }
   3632   return result;
   3633 }
   3634 
   3635 TPM_RC Parse_TPML_HANDLE(
   3636     std::string* buffer,
   3637     TPML_HANDLE* value,
   3638     std::string* value_bytes) {
   3639   TPM_RC result = TPM_RC_SUCCESS;
   3640   VLOG(3) << __func__;
   3641 
   3642   result = Parse_UINT32(
   3643       buffer,
   3644       &value->count,
   3645       value_bytes);
   3646   if (result) {
   3647     return result;
   3648   }
   3649 
   3650   if (arraysize(value->handle) < value->count) {
   3651     return TPM_RC_INSUFFICIENT;
   3652   }
   3653   for (uint32_t i = 0; i < value->count; ++i) {
   3654     result = Parse_TPM_HANDLE(
   3655         buffer,
   3656         &value->handle[i],
   3657         value_bytes);
   3658     if (result) {
   3659       return result;
   3660     }
   3661   }
   3662   return result;
   3663 }
   3664 
   3665 TPM_RC Serialize_TPML_DIGEST(
   3666     const TPML_DIGEST& value,
   3667     std::string* buffer) {
   3668   TPM_RC result = TPM_RC_SUCCESS;
   3669   VLOG(3) << __func__;
   3670 
   3671   result = Serialize_UINT32(value.count, buffer);
   3672   if (result) {
   3673     return result;
   3674   }
   3675 
   3676   if (arraysize(value.digests) < value.count) {
   3677     return TPM_RC_INSUFFICIENT;
   3678   }
   3679   for (uint32_t i = 0; i < value.count; ++i) {
   3680     result = Serialize_TPM2B_DIGEST(value.digests[i], buffer);
   3681     if (result) {
   3682       return result;
   3683     }
   3684   }
   3685   return result;
   3686 }
   3687 
   3688 TPM_RC Parse_TPML_DIGEST(
   3689     std::string* buffer,
   3690     TPML_DIGEST* value,
   3691     std::string* value_bytes) {
   3692   TPM_RC result = TPM_RC_SUCCESS;
   3693   VLOG(3) << __func__;
   3694 
   3695   result = Parse_UINT32(
   3696       buffer,
   3697       &value->count,
   3698       value_bytes);
   3699   if (result) {
   3700     return result;
   3701   }
   3702 
   3703   if (arraysize(value->digests) < value->count) {
   3704     return TPM_RC_INSUFFICIENT;
   3705   }
   3706   for (uint32_t i = 0; i < value->count; ++i) {
   3707     result = Parse_TPM2B_DIGEST(
   3708         buffer,
   3709         &value->digests[i],
   3710         value_bytes);
   3711     if (result) {
   3712       return result;
   3713     }
   3714   }
   3715   return result;
   3716 }
   3717 
   3718 TPM_RC Serialize_TPML_DIGEST_VALUES(
   3719     const TPML_DIGEST_VALUES& value,
   3720     std::string* buffer) {
   3721   TPM_RC result = TPM_RC_SUCCESS;
   3722   VLOG(3) << __func__;
   3723 
   3724   result = Serialize_UINT32(value.count, buffer);
   3725   if (result) {
   3726     return result;
   3727   }
   3728 
   3729   if (arraysize(value.digests) < value.count) {
   3730     return TPM_RC_INSUFFICIENT;
   3731   }
   3732   for (uint32_t i = 0; i < value.count; ++i) {
   3733     result = Serialize_TPMT_HA(value.digests[i], buffer);
   3734     if (result) {
   3735       return result;
   3736     }
   3737   }
   3738   return result;
   3739 }
   3740 
   3741 TPM_RC Parse_TPML_DIGEST_VALUES(
   3742     std::string* buffer,
   3743     TPML_DIGEST_VALUES* value,
   3744     std::string* value_bytes) {
   3745   TPM_RC result = TPM_RC_SUCCESS;
   3746   VLOG(3) << __func__;
   3747 
   3748   result = Parse_UINT32(
   3749       buffer,
   3750       &value->count,
   3751       value_bytes);
   3752   if (result) {
   3753     return result;
   3754   }
   3755 
   3756   if (arraysize(value->digests) < value->count) {
   3757     return TPM_RC_INSUFFICIENT;
   3758   }
   3759   for (uint32_t i = 0; i < value->count; ++i) {
   3760     result = Parse_TPMT_HA(
   3761         buffer,
   3762         &value->digests[i],
   3763         value_bytes);
   3764     if (result) {
   3765       return result;
   3766     }
   3767   }
   3768   return result;
   3769 }
   3770 
   3771 TPM_RC Serialize_TPM2B_DIGEST_VALUES(
   3772     const TPM2B_DIGEST_VALUES& value,
   3773     std::string* buffer) {
   3774   TPM_RC result = TPM_RC_SUCCESS;
   3775   VLOG(3) << __func__;
   3776 
   3777   result = Serialize_UINT16(value.size, buffer);
   3778   if (result) {
   3779     return result;
   3780   }
   3781 
   3782   if (arraysize(value.buffer) < value.size) {
   3783     return TPM_RC_INSUFFICIENT;
   3784   }
   3785   for (uint32_t i = 0; i < value.size; ++i) {
   3786     result = Serialize_BYTE(value.buffer[i], buffer);
   3787     if (result) {
   3788       return result;
   3789     }
   3790   }
   3791   return result;
   3792 }
   3793 
   3794 TPM_RC Parse_TPM2B_DIGEST_VALUES(
   3795     std::string* buffer,
   3796     TPM2B_DIGEST_VALUES* value,
   3797     std::string* value_bytes) {
   3798   TPM_RC result = TPM_RC_SUCCESS;
   3799   VLOG(3) << __func__;
   3800 
   3801   result = Parse_UINT16(
   3802       buffer,
   3803       &value->size,
   3804       value_bytes);
   3805   if (result) {
   3806     return result;
   3807   }
   3808 
   3809   if (arraysize(value->buffer) < value->size) {
   3810     return TPM_RC_INSUFFICIENT;
   3811   }
   3812   for (uint32_t i = 0; i < value->size; ++i) {
   3813     result = Parse_BYTE(
   3814         buffer,
   3815         &value->buffer[i],
   3816         value_bytes);
   3817     if (result) {
   3818       return result;
   3819     }
   3820   }
   3821   return result;
   3822 }
   3823 
   3824 TPM2B_DIGEST_VALUES Make_TPM2B_DIGEST_VALUES(
   3825     const std::string& bytes) {
   3826   TPM2B_DIGEST_VALUES tpm2b;
   3827   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   3828   memset(&tpm2b, 0, sizeof(TPM2B_DIGEST_VALUES));
   3829   tpm2b.size = bytes.size();
   3830   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   3831   return tpm2b;
   3832 }
   3833 
   3834 std::string StringFrom_TPM2B_DIGEST_VALUES(
   3835     const TPM2B_DIGEST_VALUES& tpm2b) {
   3836   const char* char_buffer = reinterpret_cast<const char*>(
   3837       tpm2b.buffer);
   3838   return std::string(char_buffer, tpm2b.size);
   3839 }
   3840 
   3841 TPM_RC Serialize_TPML_PCR_SELECTION(
   3842     const TPML_PCR_SELECTION& value,
   3843     std::string* buffer) {
   3844   TPM_RC result = TPM_RC_SUCCESS;
   3845   VLOG(3) << __func__;
   3846 
   3847   result = Serialize_UINT32(value.count, buffer);
   3848   if (result) {
   3849     return result;
   3850   }
   3851 
   3852   if (arraysize(value.pcr_selections) < value.count) {
   3853     return TPM_RC_INSUFFICIENT;
   3854   }
   3855   for (uint32_t i = 0; i < value.count; ++i) {
   3856     result = Serialize_TPMS_PCR_SELECTION(value.pcr_selections[i], buffer);
   3857     if (result) {
   3858       return result;
   3859     }
   3860   }
   3861   return result;
   3862 }
   3863 
   3864 TPM_RC Parse_TPML_PCR_SELECTION(
   3865     std::string* buffer,
   3866     TPML_PCR_SELECTION* value,
   3867     std::string* value_bytes) {
   3868   TPM_RC result = TPM_RC_SUCCESS;
   3869   VLOG(3) << __func__;
   3870 
   3871   result = Parse_UINT32(
   3872       buffer,
   3873       &value->count,
   3874       value_bytes);
   3875   if (result) {
   3876     return result;
   3877   }
   3878 
   3879   if (arraysize(value->pcr_selections) < value->count) {
   3880     return TPM_RC_INSUFFICIENT;
   3881   }
   3882   for (uint32_t i = 0; i < value->count; ++i) {
   3883     result = Parse_TPMS_PCR_SELECTION(
   3884         buffer,
   3885         &value->pcr_selections[i],
   3886         value_bytes);
   3887     if (result) {
   3888       return result;
   3889     }
   3890   }
   3891   return result;
   3892 }
   3893 
   3894 TPM_RC Serialize_TPML_ALG_PROPERTY(
   3895     const TPML_ALG_PROPERTY& value,
   3896     std::string* buffer) {
   3897   TPM_RC result = TPM_RC_SUCCESS;
   3898   VLOG(3) << __func__;
   3899 
   3900   result = Serialize_UINT32(value.count, buffer);
   3901   if (result) {
   3902     return result;
   3903   }
   3904 
   3905   if (arraysize(value.alg_properties) < value.count) {
   3906     return TPM_RC_INSUFFICIENT;
   3907   }
   3908   for (uint32_t i = 0; i < value.count; ++i) {
   3909     result = Serialize_TPMS_ALG_PROPERTY(value.alg_properties[i], buffer);
   3910     if (result) {
   3911       return result;
   3912     }
   3913   }
   3914   return result;
   3915 }
   3916 
   3917 TPM_RC Parse_TPML_ALG_PROPERTY(
   3918     std::string* buffer,
   3919     TPML_ALG_PROPERTY* value,
   3920     std::string* value_bytes) {
   3921   TPM_RC result = TPM_RC_SUCCESS;
   3922   VLOG(3) << __func__;
   3923 
   3924   result = Parse_UINT32(
   3925       buffer,
   3926       &value->count,
   3927       value_bytes);
   3928   if (result) {
   3929     return result;
   3930   }
   3931 
   3932   if (arraysize(value->alg_properties) < value->count) {
   3933     return TPM_RC_INSUFFICIENT;
   3934   }
   3935   for (uint32_t i = 0; i < value->count; ++i) {
   3936     result = Parse_TPMS_ALG_PROPERTY(
   3937         buffer,
   3938         &value->alg_properties[i],
   3939         value_bytes);
   3940     if (result) {
   3941       return result;
   3942     }
   3943   }
   3944   return result;
   3945 }
   3946 
   3947 TPM_RC Serialize_TPML_TAGGED_TPM_PROPERTY(
   3948     const TPML_TAGGED_TPM_PROPERTY& value,
   3949     std::string* buffer) {
   3950   TPM_RC result = TPM_RC_SUCCESS;
   3951   VLOG(3) << __func__;
   3952 
   3953   result = Serialize_UINT32(value.count, buffer);
   3954   if (result) {
   3955     return result;
   3956   }
   3957 
   3958   if (arraysize(value.tpm_property) < value.count) {
   3959     return TPM_RC_INSUFFICIENT;
   3960   }
   3961   for (uint32_t i = 0; i < value.count; ++i) {
   3962     result = Serialize_TPMS_TAGGED_PROPERTY(value.tpm_property[i], buffer);
   3963     if (result) {
   3964       return result;
   3965     }
   3966   }
   3967   return result;
   3968 }
   3969 
   3970 TPM_RC Parse_TPML_TAGGED_TPM_PROPERTY(
   3971     std::string* buffer,
   3972     TPML_TAGGED_TPM_PROPERTY* value,
   3973     std::string* value_bytes) {
   3974   TPM_RC result = TPM_RC_SUCCESS;
   3975   VLOG(3) << __func__;
   3976 
   3977   result = Parse_UINT32(
   3978       buffer,
   3979       &value->count,
   3980       value_bytes);
   3981   if (result) {
   3982     return result;
   3983   }
   3984 
   3985   if (arraysize(value->tpm_property) < value->count) {
   3986     return TPM_RC_INSUFFICIENT;
   3987   }
   3988   for (uint32_t i = 0; i < value->count; ++i) {
   3989     result = Parse_TPMS_TAGGED_PROPERTY(
   3990         buffer,
   3991         &value->tpm_property[i],
   3992         value_bytes);
   3993     if (result) {
   3994       return result;
   3995     }
   3996   }
   3997   return result;
   3998 }
   3999 
   4000 TPM_RC Serialize_TPML_TAGGED_PCR_PROPERTY(
   4001     const TPML_TAGGED_PCR_PROPERTY& value,
   4002     std::string* buffer) {
   4003   TPM_RC result = TPM_RC_SUCCESS;
   4004   VLOG(3) << __func__;
   4005 
   4006   result = Serialize_UINT32(value.count, buffer);
   4007   if (result) {
   4008     return result;
   4009   }
   4010 
   4011   if (arraysize(value.pcr_property) < value.count) {
   4012     return TPM_RC_INSUFFICIENT;
   4013   }
   4014   for (uint32_t i = 0; i < value.count; ++i) {
   4015     result = Serialize_TPMS_TAGGED_PCR_SELECT(value.pcr_property[i], buffer);
   4016     if (result) {
   4017       return result;
   4018     }
   4019   }
   4020   return result;
   4021 }
   4022 
   4023 TPM_RC Parse_TPML_TAGGED_PCR_PROPERTY(
   4024     std::string* buffer,
   4025     TPML_TAGGED_PCR_PROPERTY* value,
   4026     std::string* value_bytes) {
   4027   TPM_RC result = TPM_RC_SUCCESS;
   4028   VLOG(3) << __func__;
   4029 
   4030   result = Parse_UINT32(
   4031       buffer,
   4032       &value->count,
   4033       value_bytes);
   4034   if (result) {
   4035     return result;
   4036   }
   4037 
   4038   if (arraysize(value->pcr_property) < value->count) {
   4039     return TPM_RC_INSUFFICIENT;
   4040   }
   4041   for (uint32_t i = 0; i < value->count; ++i) {
   4042     result = Parse_TPMS_TAGGED_PCR_SELECT(
   4043         buffer,
   4044         &value->pcr_property[i],
   4045         value_bytes);
   4046     if (result) {
   4047       return result;
   4048     }
   4049   }
   4050   return result;
   4051 }
   4052 
   4053 TPM_RC Serialize_TPML_ECC_CURVE(
   4054     const TPML_ECC_CURVE& value,
   4055     std::string* buffer) {
   4056   TPM_RC result = TPM_RC_SUCCESS;
   4057   VLOG(3) << __func__;
   4058 
   4059   result = Serialize_UINT32(value.count, buffer);
   4060   if (result) {
   4061     return result;
   4062   }
   4063 
   4064   if (arraysize(value.ecc_curves) < value.count) {
   4065     return TPM_RC_INSUFFICIENT;
   4066   }
   4067   for (uint32_t i = 0; i < value.count; ++i) {
   4068     result = Serialize_TPM_ECC_CURVE(value.ecc_curves[i], buffer);
   4069     if (result) {
   4070       return result;
   4071     }
   4072   }
   4073   return result;
   4074 }
   4075 
   4076 TPM_RC Parse_TPML_ECC_CURVE(
   4077     std::string* buffer,
   4078     TPML_ECC_CURVE* value,
   4079     std::string* value_bytes) {
   4080   TPM_RC result = TPM_RC_SUCCESS;
   4081   VLOG(3) << __func__;
   4082 
   4083   result = Parse_UINT32(
   4084       buffer,
   4085       &value->count,
   4086       value_bytes);
   4087   if (result) {
   4088     return result;
   4089   }
   4090 
   4091   if (arraysize(value->ecc_curves) < value->count) {
   4092     return TPM_RC_INSUFFICIENT;
   4093   }
   4094   for (uint32_t i = 0; i < value->count; ++i) {
   4095     result = Parse_TPM_ECC_CURVE(
   4096         buffer,
   4097         &value->ecc_curves[i],
   4098         value_bytes);
   4099     if (result) {
   4100       return result;
   4101     }
   4102   }
   4103   return result;
   4104 }
   4105 
   4106 TPM_RC Serialize_TPMU_CAPABILITIES(
   4107     const TPMU_CAPABILITIES& value,
   4108     TPM_CAP selector,
   4109     std::string* buffer) {
   4110   TPM_RC result = TPM_RC_SUCCESS;
   4111   VLOG(3) << __func__;
   4112 
   4113   if (selector == TPM_CAP_PCRS) {
   4114     result = Serialize_TPML_PCR_SELECTION(value.assigned_pcr, buffer);
   4115     if (result) {
   4116       return result;
   4117     }
   4118   }
   4119 
   4120   if (selector == TPM_CAP_TPM_PROPERTIES) {
   4121     result = Serialize_TPML_TAGGED_TPM_PROPERTY(value.tpm_properties, buffer);
   4122     if (result) {
   4123       return result;
   4124     }
   4125   }
   4126 
   4127   if (selector == TPM_CAP_PP_COMMANDS) {
   4128     result = Serialize_TPML_CC(value.pp_commands, buffer);
   4129     if (result) {
   4130       return result;
   4131     }
   4132   }
   4133 
   4134   if (selector == TPM_CAP_AUDIT_COMMANDS) {
   4135     result = Serialize_TPML_CC(value.audit_commands, buffer);
   4136     if (result) {
   4137       return result;
   4138     }
   4139   }
   4140 
   4141   if (selector == TPM_CAP_COMMANDS) {
   4142     result = Serialize_TPML_CCA(value.command, buffer);
   4143     if (result) {
   4144       return result;
   4145     }
   4146   }
   4147 
   4148   if (selector == TPM_CAP_ECC_CURVES) {
   4149     result = Serialize_TPML_ECC_CURVE(value.ecc_curves, buffer);
   4150     if (result) {
   4151       return result;
   4152     }
   4153   }
   4154 
   4155   if (selector == TPM_CAP_PCR_PROPERTIES) {
   4156     result = Serialize_TPML_TAGGED_PCR_PROPERTY(value.pcr_properties, buffer);
   4157     if (result) {
   4158       return result;
   4159     }
   4160   }
   4161 
   4162   if (selector == TPM_CAP_HANDLES) {
   4163     result = Serialize_TPML_HANDLE(value.handles, buffer);
   4164     if (result) {
   4165       return result;
   4166     }
   4167   }
   4168 
   4169   if (selector == TPM_CAP_ALGS) {
   4170     result = Serialize_TPML_ALG_PROPERTY(value.algorithms, buffer);
   4171     if (result) {
   4172       return result;
   4173     }
   4174   }
   4175   return result;
   4176 }
   4177 
   4178 TPM_RC Parse_TPMU_CAPABILITIES(
   4179     std::string* buffer,
   4180     TPM_CAP selector,
   4181     TPMU_CAPABILITIES* value,
   4182     std::string* value_bytes) {
   4183   TPM_RC result = TPM_RC_SUCCESS;
   4184   VLOG(3) << __func__;
   4185 
   4186   if (selector == TPM_CAP_PCRS) {
   4187     result = Parse_TPML_PCR_SELECTION(
   4188         buffer,
   4189         &value->assigned_pcr,
   4190         value_bytes);
   4191     if (result) {
   4192       return result;
   4193     }
   4194   }
   4195 
   4196   if (selector == TPM_CAP_TPM_PROPERTIES) {
   4197     result = Parse_TPML_TAGGED_TPM_PROPERTY(
   4198         buffer,
   4199         &value->tpm_properties,
   4200         value_bytes);
   4201     if (result) {
   4202       return result;
   4203     }
   4204   }
   4205 
   4206   if (selector == TPM_CAP_PP_COMMANDS) {
   4207     result = Parse_TPML_CC(
   4208         buffer,
   4209         &value->pp_commands,
   4210         value_bytes);
   4211     if (result) {
   4212       return result;
   4213     }
   4214   }
   4215 
   4216   if (selector == TPM_CAP_AUDIT_COMMANDS) {
   4217     result = Parse_TPML_CC(
   4218         buffer,
   4219         &value->audit_commands,
   4220         value_bytes);
   4221     if (result) {
   4222       return result;
   4223     }
   4224   }
   4225 
   4226   if (selector == TPM_CAP_COMMANDS) {
   4227     result = Parse_TPML_CCA(
   4228         buffer,
   4229         &value->command,
   4230         value_bytes);
   4231     if (result) {
   4232       return result;
   4233     }
   4234   }
   4235 
   4236   if (selector == TPM_CAP_ECC_CURVES) {
   4237     result = Parse_TPML_ECC_CURVE(
   4238         buffer,
   4239         &value->ecc_curves,
   4240         value_bytes);
   4241     if (result) {
   4242       return result;
   4243     }
   4244   }
   4245 
   4246   if (selector == TPM_CAP_PCR_PROPERTIES) {
   4247     result = Parse_TPML_TAGGED_PCR_PROPERTY(
   4248         buffer,
   4249         &value->pcr_properties,
   4250         value_bytes);
   4251     if (result) {
   4252       return result;
   4253     }
   4254   }
   4255 
   4256   if (selector == TPM_CAP_HANDLES) {
   4257     result = Parse_TPML_HANDLE(
   4258         buffer,
   4259         &value->handles,
   4260         value_bytes);
   4261     if (result) {
   4262       return result;
   4263     }
   4264   }
   4265 
   4266   if (selector == TPM_CAP_ALGS) {
   4267     result = Parse_TPML_ALG_PROPERTY(
   4268         buffer,
   4269         &value->algorithms,
   4270         value_bytes);
   4271     if (result) {
   4272       return result;
   4273     }
   4274   }
   4275   return result;
   4276 }
   4277 
   4278 TPM_RC Serialize_TPMS_CAPABILITY_DATA(
   4279     const TPMS_CAPABILITY_DATA& value,
   4280     std::string* buffer) {
   4281   TPM_RC result = TPM_RC_SUCCESS;
   4282   VLOG(3) << __func__;
   4283 
   4284   result = Serialize_TPM_CAP(value.capability, buffer);
   4285   if (result) {
   4286     return result;
   4287   }
   4288 
   4289   result = Serialize_TPMU_CAPABILITIES(
   4290       value.data,
   4291       value.capability,
   4292       buffer);
   4293   if (result) {
   4294     return result;
   4295   }
   4296   return result;
   4297 }
   4298 
   4299 TPM_RC Parse_TPMS_CAPABILITY_DATA(
   4300     std::string* buffer,
   4301     TPMS_CAPABILITY_DATA* value,
   4302     std::string* value_bytes) {
   4303   TPM_RC result = TPM_RC_SUCCESS;
   4304   VLOG(3) << __func__;
   4305 
   4306   result = Parse_TPM_CAP(
   4307       buffer,
   4308       &value->capability,
   4309       value_bytes);
   4310   if (result) {
   4311     return result;
   4312   }
   4313 
   4314   result = Parse_TPMU_CAPABILITIES(
   4315       buffer,
   4316       value->capability,
   4317       &value->data,
   4318       value_bytes);
   4319   if (result) {
   4320     return result;
   4321   }
   4322   return result;
   4323 }
   4324 
   4325 TPM_RC Serialize_TPMS_CLOCK_INFO(
   4326     const TPMS_CLOCK_INFO& value,
   4327     std::string* buffer) {
   4328   TPM_RC result = TPM_RC_SUCCESS;
   4329   VLOG(3) << __func__;
   4330 
   4331   result = Serialize_UINT64(value.clock, buffer);
   4332   if (result) {
   4333     return result;
   4334   }
   4335 
   4336   result = Serialize_UINT32(value.reset_count, buffer);
   4337   if (result) {
   4338     return result;
   4339   }
   4340 
   4341   result = Serialize_UINT32(value.restart_count, buffer);
   4342   if (result) {
   4343     return result;
   4344   }
   4345 
   4346   result = Serialize_TPMI_YES_NO(value.safe, buffer);
   4347   if (result) {
   4348     return result;
   4349   }
   4350   return result;
   4351 }
   4352 
   4353 TPM_RC Parse_TPMS_CLOCK_INFO(
   4354     std::string* buffer,
   4355     TPMS_CLOCK_INFO* value,
   4356     std::string* value_bytes) {
   4357   TPM_RC result = TPM_RC_SUCCESS;
   4358   VLOG(3) << __func__;
   4359 
   4360   result = Parse_UINT64(
   4361       buffer,
   4362       &value->clock,
   4363       value_bytes);
   4364   if (result) {
   4365     return result;
   4366   }
   4367 
   4368   result = Parse_UINT32(
   4369       buffer,
   4370       &value->reset_count,
   4371       value_bytes);
   4372   if (result) {
   4373     return result;
   4374   }
   4375 
   4376   result = Parse_UINT32(
   4377       buffer,
   4378       &value->restart_count,
   4379       value_bytes);
   4380   if (result) {
   4381     return result;
   4382   }
   4383 
   4384   result = Parse_TPMI_YES_NO(
   4385       buffer,
   4386       &value->safe,
   4387       value_bytes);
   4388   if (result) {
   4389     return result;
   4390   }
   4391   return result;
   4392 }
   4393 
   4394 TPM_RC Serialize_TPMS_TIME_INFO(
   4395     const TPMS_TIME_INFO& value,
   4396     std::string* buffer) {
   4397   TPM_RC result = TPM_RC_SUCCESS;
   4398   VLOG(3) << __func__;
   4399 
   4400   result = Serialize_UINT64(value.time, buffer);
   4401   if (result) {
   4402     return result;
   4403   }
   4404 
   4405   result = Serialize_TPMS_CLOCK_INFO(value.clock_info, buffer);
   4406   if (result) {
   4407     return result;
   4408   }
   4409   return result;
   4410 }
   4411 
   4412 TPM_RC Parse_TPMS_TIME_INFO(
   4413     std::string* buffer,
   4414     TPMS_TIME_INFO* value,
   4415     std::string* value_bytes) {
   4416   TPM_RC result = TPM_RC_SUCCESS;
   4417   VLOG(3) << __func__;
   4418 
   4419   result = Parse_UINT64(
   4420       buffer,
   4421       &value->time,
   4422       value_bytes);
   4423   if (result) {
   4424     return result;
   4425   }
   4426 
   4427   result = Parse_TPMS_CLOCK_INFO(
   4428       buffer,
   4429       &value->clock_info,
   4430       value_bytes);
   4431   if (result) {
   4432     return result;
   4433   }
   4434   return result;
   4435 }
   4436 
   4437 TPM_RC Serialize_TPMS_TIME_ATTEST_INFO(
   4438     const TPMS_TIME_ATTEST_INFO& value,
   4439     std::string* buffer) {
   4440   TPM_RC result = TPM_RC_SUCCESS;
   4441   VLOG(3) << __func__;
   4442 
   4443   result = Serialize_TPMS_TIME_INFO(value.time, buffer);
   4444   if (result) {
   4445     return result;
   4446   }
   4447 
   4448   result = Serialize_UINT64(value.firmware_version, buffer);
   4449   if (result) {
   4450     return result;
   4451   }
   4452   return result;
   4453 }
   4454 
   4455 TPM_RC Parse_TPMS_TIME_ATTEST_INFO(
   4456     std::string* buffer,
   4457     TPMS_TIME_ATTEST_INFO* value,
   4458     std::string* value_bytes) {
   4459   TPM_RC result = TPM_RC_SUCCESS;
   4460   VLOG(3) << __func__;
   4461 
   4462   result = Parse_TPMS_TIME_INFO(
   4463       buffer,
   4464       &value->time,
   4465       value_bytes);
   4466   if (result) {
   4467     return result;
   4468   }
   4469 
   4470   result = Parse_UINT64(
   4471       buffer,
   4472       &value->firmware_version,
   4473       value_bytes);
   4474   if (result) {
   4475     return result;
   4476   }
   4477   return result;
   4478 }
   4479 
   4480 TPM_RC Serialize_TPMS_CERTIFY_INFO(
   4481     const TPMS_CERTIFY_INFO& value,
   4482     std::string* buffer) {
   4483   TPM_RC result = TPM_RC_SUCCESS;
   4484   VLOG(3) << __func__;
   4485 
   4486   result = Serialize_TPM2B_NAME(value.name, buffer);
   4487   if (result) {
   4488     return result;
   4489   }
   4490 
   4491   result = Serialize_TPM2B_NAME(value.qualified_name, buffer);
   4492   if (result) {
   4493     return result;
   4494   }
   4495   return result;
   4496 }
   4497 
   4498 TPM_RC Parse_TPMS_CERTIFY_INFO(
   4499     std::string* buffer,
   4500     TPMS_CERTIFY_INFO* value,
   4501     std::string* value_bytes) {
   4502   TPM_RC result = TPM_RC_SUCCESS;
   4503   VLOG(3) << __func__;
   4504 
   4505   result = Parse_TPM2B_NAME(
   4506       buffer,
   4507       &value->name,
   4508       value_bytes);
   4509   if (result) {
   4510     return result;
   4511   }
   4512 
   4513   result = Parse_TPM2B_NAME(
   4514       buffer,
   4515       &value->qualified_name,
   4516       value_bytes);
   4517   if (result) {
   4518     return result;
   4519   }
   4520   return result;
   4521 }
   4522 
   4523 TPM_RC Serialize_TPMS_QUOTE_INFO(
   4524     const TPMS_QUOTE_INFO& value,
   4525     std::string* buffer) {
   4526   TPM_RC result = TPM_RC_SUCCESS;
   4527   VLOG(3) << __func__;
   4528 
   4529   result = Serialize_TPML_PCR_SELECTION(value.pcr_select, buffer);
   4530   if (result) {
   4531     return result;
   4532   }
   4533 
   4534   result = Serialize_TPM2B_DIGEST(value.pcr_digest, buffer);
   4535   if (result) {
   4536     return result;
   4537   }
   4538   return result;
   4539 }
   4540 
   4541 TPM_RC Parse_TPMS_QUOTE_INFO(
   4542     std::string* buffer,
   4543     TPMS_QUOTE_INFO* value,
   4544     std::string* value_bytes) {
   4545   TPM_RC result = TPM_RC_SUCCESS;
   4546   VLOG(3) << __func__;
   4547 
   4548   result = Parse_TPML_PCR_SELECTION(
   4549       buffer,
   4550       &value->pcr_select,
   4551       value_bytes);
   4552   if (result) {
   4553     return result;
   4554   }
   4555 
   4556   result = Parse_TPM2B_DIGEST(
   4557       buffer,
   4558       &value->pcr_digest,
   4559       value_bytes);
   4560   if (result) {
   4561     return result;
   4562   }
   4563   return result;
   4564 }
   4565 
   4566 TPM_RC Serialize_TPMS_COMMAND_AUDIT_INFO(
   4567     const TPMS_COMMAND_AUDIT_INFO& value,
   4568     std::string* buffer) {
   4569   TPM_RC result = TPM_RC_SUCCESS;
   4570   VLOG(3) << __func__;
   4571 
   4572   result = Serialize_UINT64(value.audit_counter, buffer);
   4573   if (result) {
   4574     return result;
   4575   }
   4576 
   4577   result = Serialize_TPM_ALG_ID(value.digest_alg, buffer);
   4578   if (result) {
   4579     return result;
   4580   }
   4581 
   4582   result = Serialize_TPM2B_DIGEST(value.audit_digest, buffer);
   4583   if (result) {
   4584     return result;
   4585   }
   4586 
   4587   result = Serialize_TPM2B_DIGEST(value.command_digest, buffer);
   4588   if (result) {
   4589     return result;
   4590   }
   4591   return result;
   4592 }
   4593 
   4594 TPM_RC Parse_TPMS_COMMAND_AUDIT_INFO(
   4595     std::string* buffer,
   4596     TPMS_COMMAND_AUDIT_INFO* value,
   4597     std::string* value_bytes) {
   4598   TPM_RC result = TPM_RC_SUCCESS;
   4599   VLOG(3) << __func__;
   4600 
   4601   result = Parse_UINT64(
   4602       buffer,
   4603       &value->audit_counter,
   4604       value_bytes);
   4605   if (result) {
   4606     return result;
   4607   }
   4608 
   4609   result = Parse_TPM_ALG_ID(
   4610       buffer,
   4611       &value->digest_alg,
   4612       value_bytes);
   4613   if (result) {
   4614     return result;
   4615   }
   4616 
   4617   result = Parse_TPM2B_DIGEST(
   4618       buffer,
   4619       &value->audit_digest,
   4620       value_bytes);
   4621   if (result) {
   4622     return result;
   4623   }
   4624 
   4625   result = Parse_TPM2B_DIGEST(
   4626       buffer,
   4627       &value->command_digest,
   4628       value_bytes);
   4629   if (result) {
   4630     return result;
   4631   }
   4632   return result;
   4633 }
   4634 
   4635 TPM_RC Serialize_TPMS_SESSION_AUDIT_INFO(
   4636     const TPMS_SESSION_AUDIT_INFO& value,
   4637     std::string* buffer) {
   4638   TPM_RC result = TPM_RC_SUCCESS;
   4639   VLOG(3) << __func__;
   4640 
   4641   result = Serialize_TPMI_YES_NO(value.exclusive_session, buffer);
   4642   if (result) {
   4643     return result;
   4644   }
   4645 
   4646   result = Serialize_TPM2B_DIGEST(value.session_digest, buffer);
   4647   if (result) {
   4648     return result;
   4649   }
   4650   return result;
   4651 }
   4652 
   4653 TPM_RC Parse_TPMS_SESSION_AUDIT_INFO(
   4654     std::string* buffer,
   4655     TPMS_SESSION_AUDIT_INFO* value,
   4656     std::string* value_bytes) {
   4657   TPM_RC result = TPM_RC_SUCCESS;
   4658   VLOG(3) << __func__;
   4659 
   4660   result = Parse_TPMI_YES_NO(
   4661       buffer,
   4662       &value->exclusive_session,
   4663       value_bytes);
   4664   if (result) {
   4665     return result;
   4666   }
   4667 
   4668   result = Parse_TPM2B_DIGEST(
   4669       buffer,
   4670       &value->session_digest,
   4671       value_bytes);
   4672   if (result) {
   4673     return result;
   4674   }
   4675   return result;
   4676 }
   4677 
   4678 TPM_RC Serialize_TPMS_CREATION_INFO(
   4679     const TPMS_CREATION_INFO& value,
   4680     std::string* buffer) {
   4681   TPM_RC result = TPM_RC_SUCCESS;
   4682   VLOG(3) << __func__;
   4683 
   4684   result = Serialize_TPM2B_NAME(value.object_name, buffer);
   4685   if (result) {
   4686     return result;
   4687   }
   4688 
   4689   result = Serialize_TPM2B_DIGEST(value.creation_hash, buffer);
   4690   if (result) {
   4691     return result;
   4692   }
   4693   return result;
   4694 }
   4695 
   4696 TPM_RC Parse_TPMS_CREATION_INFO(
   4697     std::string* buffer,
   4698     TPMS_CREATION_INFO* value,
   4699     std::string* value_bytes) {
   4700   TPM_RC result = TPM_RC_SUCCESS;
   4701   VLOG(3) << __func__;
   4702 
   4703   result = Parse_TPM2B_NAME(
   4704       buffer,
   4705       &value->object_name,
   4706       value_bytes);
   4707   if (result) {
   4708     return result;
   4709   }
   4710 
   4711   result = Parse_TPM2B_DIGEST(
   4712       buffer,
   4713       &value->creation_hash,
   4714       value_bytes);
   4715   if (result) {
   4716     return result;
   4717   }
   4718   return result;
   4719 }
   4720 
   4721 TPM_RC Serialize_TPMS_NV_CERTIFY_INFO(
   4722     const TPMS_NV_CERTIFY_INFO& value,
   4723     std::string* buffer) {
   4724   TPM_RC result = TPM_RC_SUCCESS;
   4725   VLOG(3) << __func__;
   4726 
   4727   result = Serialize_TPM2B_NAME(value.index_name, buffer);
   4728   if (result) {
   4729     return result;
   4730   }
   4731 
   4732   result = Serialize_UINT16(value.offset, buffer);
   4733   if (result) {
   4734     return result;
   4735   }
   4736 
   4737   result = Serialize_TPM2B_MAX_NV_BUFFER(value.nv_contents, buffer);
   4738   if (result) {
   4739     return result;
   4740   }
   4741   return result;
   4742 }
   4743 
   4744 TPM_RC Parse_TPMS_NV_CERTIFY_INFO(
   4745     std::string* buffer,
   4746     TPMS_NV_CERTIFY_INFO* value,
   4747     std::string* value_bytes) {
   4748   TPM_RC result = TPM_RC_SUCCESS;
   4749   VLOG(3) << __func__;
   4750 
   4751   result = Parse_TPM2B_NAME(
   4752       buffer,
   4753       &value->index_name,
   4754       value_bytes);
   4755   if (result) {
   4756     return result;
   4757   }
   4758 
   4759   result = Parse_UINT16(
   4760       buffer,
   4761       &value->offset,
   4762       value_bytes);
   4763   if (result) {
   4764     return result;
   4765   }
   4766 
   4767   result = Parse_TPM2B_MAX_NV_BUFFER(
   4768       buffer,
   4769       &value->nv_contents,
   4770       value_bytes);
   4771   if (result) {
   4772     return result;
   4773   }
   4774   return result;
   4775 }
   4776 
   4777 TPM_RC Serialize_TPMU_ATTEST(
   4778     const TPMU_ATTEST& value,
   4779     TPMI_ST_ATTEST selector,
   4780     std::string* buffer) {
   4781   TPM_RC result = TPM_RC_SUCCESS;
   4782   VLOG(3) << __func__;
   4783 
   4784   if (selector == TPM_ST_ATTEST_SESSION_AUDIT) {
   4785     result = Serialize_TPMS_SESSION_AUDIT_INFO(value.session_audit, buffer);
   4786     if (result) {
   4787       return result;
   4788     }
   4789   }
   4790 
   4791   if (selector == TPM_ST_ATTEST_QUOTE) {
   4792     result = Serialize_TPMS_QUOTE_INFO(value.quote, buffer);
   4793     if (result) {
   4794       return result;
   4795     }
   4796   }
   4797 
   4798   if (selector == TPM_ST_ATTEST_COMMAND_AUDIT) {
   4799     result = Serialize_TPMS_COMMAND_AUDIT_INFO(value.command_audit, buffer);
   4800     if (result) {
   4801       return result;
   4802     }
   4803   }
   4804 
   4805   if (selector == TPM_ST_ATTEST_CERTIFY) {
   4806     result = Serialize_TPMS_CERTIFY_INFO(value.certify, buffer);
   4807     if (result) {
   4808       return result;
   4809     }
   4810   }
   4811 
   4812   if (selector == TPM_ST_ATTEST_NV) {
   4813     result = Serialize_TPMS_NV_CERTIFY_INFO(value.nv, buffer);
   4814     if (result) {
   4815       return result;
   4816     }
   4817   }
   4818 
   4819   if (selector == TPM_ST_ATTEST_TIME) {
   4820     result = Serialize_TPMS_TIME_ATTEST_INFO(value.time, buffer);
   4821     if (result) {
   4822       return result;
   4823     }
   4824   }
   4825 
   4826   if (selector == TPM_ST_ATTEST_CREATION) {
   4827     result = Serialize_TPMS_CREATION_INFO(value.creation, buffer);
   4828     if (result) {
   4829       return result;
   4830     }
   4831   }
   4832   return result;
   4833 }
   4834 
   4835 TPM_RC Parse_TPMU_ATTEST(
   4836     std::string* buffer,
   4837     TPMI_ST_ATTEST selector,
   4838     TPMU_ATTEST* value,
   4839     std::string* value_bytes) {
   4840   TPM_RC result = TPM_RC_SUCCESS;
   4841   VLOG(3) << __func__;
   4842 
   4843   if (selector == TPM_ST_ATTEST_SESSION_AUDIT) {
   4844     result = Parse_TPMS_SESSION_AUDIT_INFO(
   4845         buffer,
   4846         &value->session_audit,
   4847         value_bytes);
   4848     if (result) {
   4849       return result;
   4850     }
   4851   }
   4852 
   4853   if (selector == TPM_ST_ATTEST_QUOTE) {
   4854     result = Parse_TPMS_QUOTE_INFO(
   4855         buffer,
   4856         &value->quote,
   4857         value_bytes);
   4858     if (result) {
   4859       return result;
   4860     }
   4861   }
   4862 
   4863   if (selector == TPM_ST_ATTEST_COMMAND_AUDIT) {
   4864     result = Parse_TPMS_COMMAND_AUDIT_INFO(
   4865         buffer,
   4866         &value->command_audit,
   4867         value_bytes);
   4868     if (result) {
   4869       return result;
   4870     }
   4871   }
   4872 
   4873   if (selector == TPM_ST_ATTEST_CERTIFY) {
   4874     result = Parse_TPMS_CERTIFY_INFO(
   4875         buffer,
   4876         &value->certify,
   4877         value_bytes);
   4878     if (result) {
   4879       return result;
   4880     }
   4881   }
   4882 
   4883   if (selector == TPM_ST_ATTEST_NV) {
   4884     result = Parse_TPMS_NV_CERTIFY_INFO(
   4885         buffer,
   4886         &value->nv,
   4887         value_bytes);
   4888     if (result) {
   4889       return result;
   4890     }
   4891   }
   4892 
   4893   if (selector == TPM_ST_ATTEST_TIME) {
   4894     result = Parse_TPMS_TIME_ATTEST_INFO(
   4895         buffer,
   4896         &value->time,
   4897         value_bytes);
   4898     if (result) {
   4899       return result;
   4900     }
   4901   }
   4902 
   4903   if (selector == TPM_ST_ATTEST_CREATION) {
   4904     result = Parse_TPMS_CREATION_INFO(
   4905         buffer,
   4906         &value->creation,
   4907         value_bytes);
   4908     if (result) {
   4909       return result;
   4910     }
   4911   }
   4912   return result;
   4913 }
   4914 
   4915 TPM_RC Serialize_TPMS_ATTEST(
   4916     const TPMS_ATTEST& value,
   4917     std::string* buffer) {
   4918   TPM_RC result = TPM_RC_SUCCESS;
   4919   VLOG(3) << __func__;
   4920 
   4921   result = Serialize_TPM_GENERATED(value.magic, buffer);
   4922   if (result) {
   4923     return result;
   4924   }
   4925 
   4926   result = Serialize_TPMI_ST_ATTEST(value.type, buffer);
   4927   if (result) {
   4928     return result;
   4929   }
   4930 
   4931   result = Serialize_TPM2B_NAME(value.qualified_signer, buffer);
   4932   if (result) {
   4933     return result;
   4934   }
   4935 
   4936   result = Serialize_TPM2B_DATA(value.extra_data, buffer);
   4937   if (result) {
   4938     return result;
   4939   }
   4940 
   4941   result = Serialize_TPMS_CLOCK_INFO(value.clock_info, buffer);
   4942   if (result) {
   4943     return result;
   4944   }
   4945 
   4946   result = Serialize_UINT64(value.firmware_version, buffer);
   4947   if (result) {
   4948     return result;
   4949   }
   4950 
   4951   result = Serialize_TPMU_ATTEST(
   4952       value.attested,
   4953       value.type,
   4954       buffer);
   4955   if (result) {
   4956     return result;
   4957   }
   4958   return result;
   4959 }
   4960 
   4961 TPM_RC Parse_TPMS_ATTEST(
   4962     std::string* buffer,
   4963     TPMS_ATTEST* value,
   4964     std::string* value_bytes) {
   4965   TPM_RC result = TPM_RC_SUCCESS;
   4966   VLOG(3) << __func__;
   4967 
   4968   result = Parse_TPM_GENERATED(
   4969       buffer,
   4970       &value->magic,
   4971       value_bytes);
   4972   if (result) {
   4973     return result;
   4974   }
   4975 
   4976   result = Parse_TPMI_ST_ATTEST(
   4977       buffer,
   4978       &value->type,
   4979       value_bytes);
   4980   if (result) {
   4981     return result;
   4982   }
   4983 
   4984   result = Parse_TPM2B_NAME(
   4985       buffer,
   4986       &value->qualified_signer,
   4987       value_bytes);
   4988   if (result) {
   4989     return result;
   4990   }
   4991 
   4992   result = Parse_TPM2B_DATA(
   4993       buffer,
   4994       &value->extra_data,
   4995       value_bytes);
   4996   if (result) {
   4997     return result;
   4998   }
   4999 
   5000   result = Parse_TPMS_CLOCK_INFO(
   5001       buffer,
   5002       &value->clock_info,
   5003       value_bytes);
   5004   if (result) {
   5005     return result;
   5006   }
   5007 
   5008   result = Parse_UINT64(
   5009       buffer,
   5010       &value->firmware_version,
   5011       value_bytes);
   5012   if (result) {
   5013     return result;
   5014   }
   5015 
   5016   result = Parse_TPMU_ATTEST(
   5017       buffer,
   5018       value->type,
   5019       &value->attested,
   5020       value_bytes);
   5021   if (result) {
   5022     return result;
   5023   }
   5024   return result;
   5025 }
   5026 
   5027 TPM_RC Serialize_TPM2B_ATTEST(
   5028     const TPM2B_ATTEST& value,
   5029     std::string* buffer) {
   5030   TPM_RC result = TPM_RC_SUCCESS;
   5031   VLOG(3) << __func__;
   5032 
   5033   result = Serialize_UINT16(value.size, buffer);
   5034   if (result) {
   5035     return result;
   5036   }
   5037 
   5038   if (arraysize(value.attestation_data) < value.size) {
   5039     return TPM_RC_INSUFFICIENT;
   5040   }
   5041   for (uint32_t i = 0; i < value.size; ++i) {
   5042     result = Serialize_BYTE(value.attestation_data[i], buffer);
   5043     if (result) {
   5044       return result;
   5045     }
   5046   }
   5047   return result;
   5048 }
   5049 
   5050 TPM_RC Parse_TPM2B_ATTEST(
   5051     std::string* buffer,
   5052     TPM2B_ATTEST* value,
   5053     std::string* value_bytes) {
   5054   TPM_RC result = TPM_RC_SUCCESS;
   5055   VLOG(3) << __func__;
   5056 
   5057   result = Parse_UINT16(
   5058       buffer,
   5059       &value->size,
   5060       value_bytes);
   5061   if (result) {
   5062     return result;
   5063   }
   5064 
   5065   if (arraysize(value->attestation_data) < value->size) {
   5066     return TPM_RC_INSUFFICIENT;
   5067   }
   5068   for (uint32_t i = 0; i < value->size; ++i) {
   5069     result = Parse_BYTE(
   5070         buffer,
   5071         &value->attestation_data[i],
   5072         value_bytes);
   5073     if (result) {
   5074       return result;
   5075     }
   5076   }
   5077   return result;
   5078 }
   5079 
   5080 TPM2B_ATTEST Make_TPM2B_ATTEST(
   5081     const std::string& bytes) {
   5082   TPM2B_ATTEST tpm2b;
   5083   CHECK(bytes.size() <= sizeof(tpm2b.attestation_data));
   5084   memset(&tpm2b, 0, sizeof(TPM2B_ATTEST));
   5085   tpm2b.size = bytes.size();
   5086   memcpy(tpm2b.attestation_data, bytes.data(), bytes.size());
   5087   return tpm2b;
   5088 }
   5089 
   5090 std::string StringFrom_TPM2B_ATTEST(
   5091     const TPM2B_ATTEST& tpm2b) {
   5092   const char* char_buffer = reinterpret_cast<const char*>(
   5093       tpm2b.attestation_data);
   5094   return std::string(char_buffer, tpm2b.size);
   5095 }
   5096 
   5097 TPM_RC Serialize_TPMS_AUTH_COMMAND(
   5098     const TPMS_AUTH_COMMAND& value,
   5099     std::string* buffer) {
   5100   TPM_RC result = TPM_RC_SUCCESS;
   5101   VLOG(3) << __func__;
   5102 
   5103   result = Serialize_TPMI_SH_AUTH_SESSION(value.session_handle, buffer);
   5104   if (result) {
   5105     return result;
   5106   }
   5107 
   5108   result = Serialize_TPM2B_NONCE(value.nonce, buffer);
   5109   if (result) {
   5110     return result;
   5111   }
   5112 
   5113   result = Serialize_TPMA_SESSION(value.session_attributes, buffer);
   5114   if (result) {
   5115     return result;
   5116   }
   5117 
   5118   result = Serialize_TPM2B_AUTH(value.hmac, buffer);
   5119   if (result) {
   5120     return result;
   5121   }
   5122   return result;
   5123 }
   5124 
   5125 TPM_RC Parse_TPMS_AUTH_COMMAND(
   5126     std::string* buffer,
   5127     TPMS_AUTH_COMMAND* value,
   5128     std::string* value_bytes) {
   5129   TPM_RC result = TPM_RC_SUCCESS;
   5130   VLOG(3) << __func__;
   5131 
   5132   result = Parse_TPMI_SH_AUTH_SESSION(
   5133       buffer,
   5134       &value->session_handle,
   5135       value_bytes);
   5136   if (result) {
   5137     return result;
   5138   }
   5139 
   5140   result = Parse_TPM2B_NONCE(
   5141       buffer,
   5142       &value->nonce,
   5143       value_bytes);
   5144   if (result) {
   5145     return result;
   5146   }
   5147 
   5148   result = Parse_TPMA_SESSION(
   5149       buffer,
   5150       &value->session_attributes,
   5151       value_bytes);
   5152   if (result) {
   5153     return result;
   5154   }
   5155 
   5156   result = Parse_TPM2B_AUTH(
   5157       buffer,
   5158       &value->hmac,
   5159       value_bytes);
   5160   if (result) {
   5161     return result;
   5162   }
   5163   return result;
   5164 }
   5165 
   5166 TPM_RC Serialize_TPMS_AUTH_RESPONSE(
   5167     const TPMS_AUTH_RESPONSE& value,
   5168     std::string* buffer) {
   5169   TPM_RC result = TPM_RC_SUCCESS;
   5170   VLOG(3) << __func__;
   5171 
   5172   result = Serialize_TPM2B_NONCE(value.nonce, buffer);
   5173   if (result) {
   5174     return result;
   5175   }
   5176 
   5177   result = Serialize_TPMA_SESSION(value.session_attributes, buffer);
   5178   if (result) {
   5179     return result;
   5180   }
   5181 
   5182   result = Serialize_TPM2B_AUTH(value.hmac, buffer);
   5183   if (result) {
   5184     return result;
   5185   }
   5186   return result;
   5187 }
   5188 
   5189 TPM_RC Parse_TPMS_AUTH_RESPONSE(
   5190     std::string* buffer,
   5191     TPMS_AUTH_RESPONSE* value,
   5192     std::string* value_bytes) {
   5193   TPM_RC result = TPM_RC_SUCCESS;
   5194   VLOG(3) << __func__;
   5195 
   5196   result = Parse_TPM2B_NONCE(
   5197       buffer,
   5198       &value->nonce,
   5199       value_bytes);
   5200   if (result) {
   5201     return result;
   5202   }
   5203 
   5204   result = Parse_TPMA_SESSION(
   5205       buffer,
   5206       &value->session_attributes,
   5207       value_bytes);
   5208   if (result) {
   5209     return result;
   5210   }
   5211 
   5212   result = Parse_TPM2B_AUTH(
   5213       buffer,
   5214       &value->hmac,
   5215       value_bytes);
   5216   if (result) {
   5217     return result;
   5218   }
   5219   return result;
   5220 }
   5221 
   5222 TPM_RC Serialize_TPMU_SYM_KEY_BITS(
   5223     const TPMU_SYM_KEY_BITS& value,
   5224     TPMI_ALG_SYM selector,
   5225     std::string* buffer) {
   5226   TPM_RC result = TPM_RC_SUCCESS;
   5227   VLOG(3) << __func__;
   5228 
   5229   if (selector == TPM_ALG_NULL) {
   5230     // Do nothing.
   5231   }
   5232 
   5233   if (selector == TPM_ALG_SM4) {
   5234     result = Serialize_TPMI_SM4_KEY_BITS(value.sm4, buffer);
   5235     if (result) {
   5236       return result;
   5237     }
   5238   }
   5239 
   5240   if (selector == TPM_ALG_AES) {
   5241     result = Serialize_TPMI_AES_KEY_BITS(value.aes, buffer);
   5242     if (result) {
   5243       return result;
   5244     }
   5245   }
   5246 
   5247   if (selector == TPM_ALG_XOR) {
   5248     result = Serialize_TPMI_ALG_HASH(value.xor_, buffer);
   5249     if (result) {
   5250       return result;
   5251     }
   5252   }
   5253   return result;
   5254 }
   5255 
   5256 TPM_RC Parse_TPMU_SYM_KEY_BITS(
   5257     std::string* buffer,
   5258     TPMI_ALG_SYM selector,
   5259     TPMU_SYM_KEY_BITS* value,
   5260     std::string* value_bytes) {
   5261   TPM_RC result = TPM_RC_SUCCESS;
   5262   VLOG(3) << __func__;
   5263 
   5264   if (selector == TPM_ALG_NULL) {
   5265     // Do nothing.
   5266   }
   5267 
   5268   if (selector == TPM_ALG_SM4) {
   5269     result = Parse_TPMI_SM4_KEY_BITS(
   5270         buffer,
   5271         &value->sm4,
   5272         value_bytes);
   5273     if (result) {
   5274       return result;
   5275     }
   5276   }
   5277 
   5278   if (selector == TPM_ALG_AES) {
   5279     result = Parse_TPMI_AES_KEY_BITS(
   5280         buffer,
   5281         &value->aes,
   5282         value_bytes);
   5283     if (result) {
   5284       return result;
   5285     }
   5286   }
   5287 
   5288   if (selector == TPM_ALG_XOR) {
   5289     result = Parse_TPMI_ALG_HASH(
   5290         buffer,
   5291         &value->xor_,
   5292         value_bytes);
   5293     if (result) {
   5294       return result;
   5295     }
   5296   }
   5297   return result;
   5298 }
   5299 
   5300 TPM_RC Serialize_TPMU_SYM_MODE(
   5301     const TPMU_SYM_MODE& value,
   5302     TPMI_ALG_SYM selector,
   5303     std::string* buffer) {
   5304   TPM_RC result = TPM_RC_SUCCESS;
   5305   VLOG(3) << __func__;
   5306 
   5307   if (selector == TPM_ALG_NULL) {
   5308     // Do nothing.
   5309   }
   5310 
   5311   if (selector == TPM_ALG_SM4) {
   5312     result = Serialize_TPMI_ALG_SYM_MODE(value.sm4, buffer);
   5313     if (result) {
   5314       return result;
   5315     }
   5316   }
   5317 
   5318   if (selector == TPM_ALG_AES) {
   5319     result = Serialize_TPMI_ALG_SYM_MODE(value.aes, buffer);
   5320     if (result) {
   5321       return result;
   5322     }
   5323   }
   5324 
   5325   if (selector == TPM_ALG_XOR) {
   5326     // Do nothing.
   5327   }
   5328   return result;
   5329 }
   5330 
   5331 TPM_RC Parse_TPMU_SYM_MODE(
   5332     std::string* buffer,
   5333     TPMI_ALG_SYM selector,
   5334     TPMU_SYM_MODE* value,
   5335     std::string* value_bytes) {
   5336   TPM_RC result = TPM_RC_SUCCESS;
   5337   VLOG(3) << __func__;
   5338 
   5339   if (selector == TPM_ALG_NULL) {
   5340     // Do nothing.
   5341   }
   5342 
   5343   if (selector == TPM_ALG_SM4) {
   5344     result = Parse_TPMI_ALG_SYM_MODE(
   5345         buffer,
   5346         &value->sm4,
   5347         value_bytes);
   5348     if (result) {
   5349       return result;
   5350     }
   5351   }
   5352 
   5353   if (selector == TPM_ALG_AES) {
   5354     result = Parse_TPMI_ALG_SYM_MODE(
   5355         buffer,
   5356         &value->aes,
   5357         value_bytes);
   5358     if (result) {
   5359       return result;
   5360     }
   5361   }
   5362 
   5363   if (selector == TPM_ALG_XOR) {
   5364     // Do nothing.
   5365   }
   5366   return result;
   5367 }
   5368 
   5369 TPM_RC Serialize_TPMU_SYM_DETAILS(
   5370     const TPMU_SYM_DETAILS& value,
   5371     TPMI_ALG_SYM selector,
   5372     std::string* buffer) {
   5373   TPM_RC result = TPM_RC_SUCCESS;
   5374   VLOG(3) << __func__;
   5375   return result;
   5376 }
   5377 
   5378 TPM_RC Parse_TPMU_SYM_DETAILS(
   5379     std::string* buffer,
   5380     TPMI_ALG_SYM selector,
   5381     TPMU_SYM_DETAILS* value,
   5382     std::string* value_bytes) {
   5383   TPM_RC result = TPM_RC_SUCCESS;
   5384   VLOG(3) << __func__;
   5385   return result;
   5386 }
   5387 
   5388 TPM_RC Serialize_TPMT_SYM_DEF(
   5389     const TPMT_SYM_DEF& value,
   5390     std::string* buffer) {
   5391   TPM_RC result = TPM_RC_SUCCESS;
   5392   VLOG(3) << __func__;
   5393 
   5394   result = Serialize_TPMI_ALG_SYM(value.algorithm, buffer);
   5395   if (result) {
   5396     return result;
   5397   }
   5398 
   5399   result = Serialize_TPMU_SYM_KEY_BITS(
   5400       value.key_bits,
   5401       value.algorithm,
   5402       buffer);
   5403   if (result) {
   5404     return result;
   5405   }
   5406 
   5407   result = Serialize_TPMU_SYM_MODE(
   5408       value.mode,
   5409       value.algorithm,
   5410       buffer);
   5411   if (result) {
   5412     return result;
   5413   }
   5414 
   5415   result = Serialize_TPMU_SYM_DETAILS(
   5416       value.details,
   5417       value.algorithm,
   5418       buffer);
   5419   if (result) {
   5420     return result;
   5421   }
   5422   return result;
   5423 }
   5424 
   5425 TPM_RC Parse_TPMT_SYM_DEF(
   5426     std::string* buffer,
   5427     TPMT_SYM_DEF* value,
   5428     std::string* value_bytes) {
   5429   TPM_RC result = TPM_RC_SUCCESS;
   5430   VLOG(3) << __func__;
   5431 
   5432   result = Parse_TPMI_ALG_SYM(
   5433       buffer,
   5434       &value->algorithm,
   5435       value_bytes);
   5436   if (result) {
   5437     return result;
   5438   }
   5439 
   5440   result = Parse_TPMU_SYM_KEY_BITS(
   5441       buffer,
   5442       value->algorithm,
   5443       &value->key_bits,
   5444       value_bytes);
   5445   if (result) {
   5446     return result;
   5447   }
   5448 
   5449   result = Parse_TPMU_SYM_MODE(
   5450       buffer,
   5451       value->algorithm,
   5452       &value->mode,
   5453       value_bytes);
   5454   if (result) {
   5455     return result;
   5456   }
   5457 
   5458   result = Parse_TPMU_SYM_DETAILS(
   5459       buffer,
   5460       value->algorithm,
   5461       &value->details,
   5462       value_bytes);
   5463   if (result) {
   5464     return result;
   5465   }
   5466   return result;
   5467 }
   5468 
   5469 TPM_RC Serialize_TPMT_SYM_DEF_OBJECT(
   5470     const TPMT_SYM_DEF_OBJECT& value,
   5471     std::string* buffer) {
   5472   TPM_RC result = TPM_RC_SUCCESS;
   5473   VLOG(3) << __func__;
   5474 
   5475   result = Serialize_TPMI_ALG_SYM_OBJECT(value.algorithm, buffer);
   5476   if (result) {
   5477     return result;
   5478   }
   5479 
   5480   result = Serialize_TPMU_SYM_KEY_BITS(
   5481       value.key_bits,
   5482       value.algorithm,
   5483       buffer);
   5484   if (result) {
   5485     return result;
   5486   }
   5487 
   5488   result = Serialize_TPMU_SYM_MODE(
   5489       value.mode,
   5490       value.algorithm,
   5491       buffer);
   5492   if (result) {
   5493     return result;
   5494   }
   5495 
   5496   result = Serialize_TPMU_SYM_DETAILS(
   5497       value.details,
   5498       value.algorithm,
   5499       buffer);
   5500   if (result) {
   5501     return result;
   5502   }
   5503   return result;
   5504 }
   5505 
   5506 TPM_RC Parse_TPMT_SYM_DEF_OBJECT(
   5507     std::string* buffer,
   5508     TPMT_SYM_DEF_OBJECT* value,
   5509     std::string* value_bytes) {
   5510   TPM_RC result = TPM_RC_SUCCESS;
   5511   VLOG(3) << __func__;
   5512 
   5513   result = Parse_TPMI_ALG_SYM_OBJECT(
   5514       buffer,
   5515       &value->algorithm,
   5516       value_bytes);
   5517   if (result) {
   5518     return result;
   5519   }
   5520 
   5521   result = Parse_TPMU_SYM_KEY_BITS(
   5522       buffer,
   5523       value->algorithm,
   5524       &value->key_bits,
   5525       value_bytes);
   5526   if (result) {
   5527     return result;
   5528   }
   5529 
   5530   result = Parse_TPMU_SYM_MODE(
   5531       buffer,
   5532       value->algorithm,
   5533       &value->mode,
   5534       value_bytes);
   5535   if (result) {
   5536     return result;
   5537   }
   5538 
   5539   result = Parse_TPMU_SYM_DETAILS(
   5540       buffer,
   5541       value->algorithm,
   5542       &value->details,
   5543       value_bytes);
   5544   if (result) {
   5545     return result;
   5546   }
   5547   return result;
   5548 }
   5549 
   5550 TPM_RC Serialize_TPM2B_SYM_KEY(
   5551     const TPM2B_SYM_KEY& value,
   5552     std::string* buffer) {
   5553   TPM_RC result = TPM_RC_SUCCESS;
   5554   VLOG(3) << __func__;
   5555 
   5556   result = Serialize_UINT16(value.size, buffer);
   5557   if (result) {
   5558     return result;
   5559   }
   5560 
   5561   if (arraysize(value.buffer) < value.size) {
   5562     return TPM_RC_INSUFFICIENT;
   5563   }
   5564   for (uint32_t i = 0; i < value.size; ++i) {
   5565     result = Serialize_BYTE(value.buffer[i], buffer);
   5566     if (result) {
   5567       return result;
   5568     }
   5569   }
   5570   return result;
   5571 }
   5572 
   5573 TPM_RC Parse_TPM2B_SYM_KEY(
   5574     std::string* buffer,
   5575     TPM2B_SYM_KEY* value,
   5576     std::string* value_bytes) {
   5577   TPM_RC result = TPM_RC_SUCCESS;
   5578   VLOG(3) << __func__;
   5579 
   5580   result = Parse_UINT16(
   5581       buffer,
   5582       &value->size,
   5583       value_bytes);
   5584   if (result) {
   5585     return result;
   5586   }
   5587 
   5588   if (arraysize(value->buffer) < value->size) {
   5589     return TPM_RC_INSUFFICIENT;
   5590   }
   5591   for (uint32_t i = 0; i < value->size; ++i) {
   5592     result = Parse_BYTE(
   5593         buffer,
   5594         &value->buffer[i],
   5595         value_bytes);
   5596     if (result) {
   5597       return result;
   5598     }
   5599   }
   5600   return result;
   5601 }
   5602 
   5603 TPM2B_SYM_KEY Make_TPM2B_SYM_KEY(
   5604     const std::string& bytes) {
   5605   TPM2B_SYM_KEY tpm2b;
   5606   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   5607   memset(&tpm2b, 0, sizeof(TPM2B_SYM_KEY));
   5608   tpm2b.size = bytes.size();
   5609   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   5610   return tpm2b;
   5611 }
   5612 
   5613 std::string StringFrom_TPM2B_SYM_KEY(
   5614     const TPM2B_SYM_KEY& tpm2b) {
   5615   const char* char_buffer = reinterpret_cast<const char*>(
   5616       tpm2b.buffer);
   5617   return std::string(char_buffer, tpm2b.size);
   5618 }
   5619 
   5620 TPM_RC Serialize_TPMS_SYMCIPHER_PARMS(
   5621     const TPMS_SYMCIPHER_PARMS& value,
   5622     std::string* buffer) {
   5623   TPM_RC result = TPM_RC_SUCCESS;
   5624   VLOG(3) << __func__;
   5625 
   5626   result = Serialize_TPMT_SYM_DEF_OBJECT(value.sym, buffer);
   5627   if (result) {
   5628     return result;
   5629   }
   5630   return result;
   5631 }
   5632 
   5633 TPM_RC Parse_TPMS_SYMCIPHER_PARMS(
   5634     std::string* buffer,
   5635     TPMS_SYMCIPHER_PARMS* value,
   5636     std::string* value_bytes) {
   5637   TPM_RC result = TPM_RC_SUCCESS;
   5638   VLOG(3) << __func__;
   5639 
   5640   result = Parse_TPMT_SYM_DEF_OBJECT(
   5641       buffer,
   5642       &value->sym,
   5643       value_bytes);
   5644   if (result) {
   5645     return result;
   5646   }
   5647   return result;
   5648 }
   5649 
   5650 TPM_RC Serialize_TPM2B_SENSITIVE_DATA(
   5651     const TPM2B_SENSITIVE_DATA& value,
   5652     std::string* buffer) {
   5653   TPM_RC result = TPM_RC_SUCCESS;
   5654   VLOG(3) << __func__;
   5655 
   5656   result = Serialize_UINT16(value.size, buffer);
   5657   if (result) {
   5658     return result;
   5659   }
   5660 
   5661   if (arraysize(value.buffer) < value.size) {
   5662     return TPM_RC_INSUFFICIENT;
   5663   }
   5664   for (uint32_t i = 0; i < value.size; ++i) {
   5665     result = Serialize_BYTE(value.buffer[i], buffer);
   5666     if (result) {
   5667       return result;
   5668     }
   5669   }
   5670   return result;
   5671 }
   5672 
   5673 TPM_RC Parse_TPM2B_SENSITIVE_DATA(
   5674     std::string* buffer,
   5675     TPM2B_SENSITIVE_DATA* value,
   5676     std::string* value_bytes) {
   5677   TPM_RC result = TPM_RC_SUCCESS;
   5678   VLOG(3) << __func__;
   5679 
   5680   result = Parse_UINT16(
   5681       buffer,
   5682       &value->size,
   5683       value_bytes);
   5684   if (result) {
   5685     return result;
   5686   }
   5687 
   5688   if (arraysize(value->buffer) < value->size) {
   5689     return TPM_RC_INSUFFICIENT;
   5690   }
   5691   for (uint32_t i = 0; i < value->size; ++i) {
   5692     result = Parse_BYTE(
   5693         buffer,
   5694         &value->buffer[i],
   5695         value_bytes);
   5696     if (result) {
   5697       return result;
   5698     }
   5699   }
   5700   return result;
   5701 }
   5702 
   5703 TPM2B_SENSITIVE_DATA Make_TPM2B_SENSITIVE_DATA(
   5704     const std::string& bytes) {
   5705   TPM2B_SENSITIVE_DATA tpm2b;
   5706   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   5707   memset(&tpm2b, 0, sizeof(TPM2B_SENSITIVE_DATA));
   5708   tpm2b.size = bytes.size();
   5709   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   5710   return tpm2b;
   5711 }
   5712 
   5713 std::string StringFrom_TPM2B_SENSITIVE_DATA(
   5714     const TPM2B_SENSITIVE_DATA& tpm2b) {
   5715   const char* char_buffer = reinterpret_cast<const char*>(
   5716       tpm2b.buffer);
   5717   return std::string(char_buffer, tpm2b.size);
   5718 }
   5719 
   5720 TPM_RC Serialize_TPMS_SENSITIVE_CREATE(
   5721     const TPMS_SENSITIVE_CREATE& value,
   5722     std::string* buffer) {
   5723   TPM_RC result = TPM_RC_SUCCESS;
   5724   VLOG(3) << __func__;
   5725 
   5726   result = Serialize_TPM2B_AUTH(value.user_auth, buffer);
   5727   if (result) {
   5728     return result;
   5729   }
   5730 
   5731   result = Serialize_TPM2B_SENSITIVE_DATA(value.data, buffer);
   5732   if (result) {
   5733     return result;
   5734   }
   5735   return result;
   5736 }
   5737 
   5738 TPM_RC Parse_TPMS_SENSITIVE_CREATE(
   5739     std::string* buffer,
   5740     TPMS_SENSITIVE_CREATE* value,
   5741     std::string* value_bytes) {
   5742   TPM_RC result = TPM_RC_SUCCESS;
   5743   VLOG(3) << __func__;
   5744 
   5745   result = Parse_TPM2B_AUTH(
   5746       buffer,
   5747       &value->user_auth,
   5748       value_bytes);
   5749   if (result) {
   5750     return result;
   5751   }
   5752 
   5753   result = Parse_TPM2B_SENSITIVE_DATA(
   5754       buffer,
   5755       &value->data,
   5756       value_bytes);
   5757   if (result) {
   5758     return result;
   5759   }
   5760   return result;
   5761 }
   5762 
   5763 TPM_RC Serialize_TPM2B_SENSITIVE_CREATE(
   5764     const TPM2B_SENSITIVE_CREATE& value,
   5765     std::string* buffer) {
   5766   TPM_RC result = TPM_RC_SUCCESS;
   5767   VLOG(3) << __func__;
   5768 
   5769   std::string field_bytes;
   5770   result = Serialize_TPMS_SENSITIVE_CREATE(value.sensitive, &field_bytes);
   5771   if (result) {
   5772     return result;
   5773   }
   5774   std::string size_bytes;
   5775   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   5776   if (result) {
   5777     return result;
   5778   }
   5779   buffer->append(size_bytes + field_bytes);
   5780   return result;
   5781 }
   5782 
   5783 TPM_RC Parse_TPM2B_SENSITIVE_CREATE(
   5784     std::string* buffer,
   5785     TPM2B_SENSITIVE_CREATE* value,
   5786     std::string* value_bytes) {
   5787   TPM_RC result = TPM_RC_SUCCESS;
   5788   VLOG(3) << __func__;
   5789 
   5790   result = Parse_UINT16(
   5791       buffer,
   5792       &value->size,
   5793       value_bytes);
   5794   if (result) {
   5795     return result;
   5796   }
   5797 
   5798   result = Parse_TPMS_SENSITIVE_CREATE(
   5799       buffer,
   5800       &value->sensitive,
   5801       value_bytes);
   5802   if (result) {
   5803     return result;
   5804   }
   5805   return result;
   5806 }
   5807 
   5808 TPM2B_SENSITIVE_CREATE Make_TPM2B_SENSITIVE_CREATE(
   5809     const TPMS_SENSITIVE_CREATE& inner) {
   5810   TPM2B_SENSITIVE_CREATE tpm2b;
   5811   tpm2b.size = sizeof(TPMS_SENSITIVE_CREATE);
   5812   tpm2b.sensitive = inner;
   5813   return tpm2b;
   5814 }
   5815 
   5816 TPM_RC Serialize_TPMS_SCHEME_XOR(
   5817     const TPMS_SCHEME_XOR& value,
   5818     std::string* buffer) {
   5819   TPM_RC result = TPM_RC_SUCCESS;
   5820   VLOG(3) << __func__;
   5821 
   5822   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5823   if (result) {
   5824     return result;
   5825   }
   5826 
   5827   result = Serialize_TPMI_ALG_KDF(value.kdf, buffer);
   5828   if (result) {
   5829     return result;
   5830   }
   5831   return result;
   5832 }
   5833 
   5834 TPM_RC Parse_TPMS_SCHEME_XOR(
   5835     std::string* buffer,
   5836     TPMS_SCHEME_XOR* value,
   5837     std::string* value_bytes) {
   5838   TPM_RC result = TPM_RC_SUCCESS;
   5839   VLOG(3) << __func__;
   5840 
   5841   result = Parse_TPMI_ALG_HASH(
   5842       buffer,
   5843       &value->hash_alg,
   5844       value_bytes);
   5845   if (result) {
   5846     return result;
   5847   }
   5848 
   5849   result = Parse_TPMI_ALG_KDF(
   5850       buffer,
   5851       &value->kdf,
   5852       value_bytes);
   5853   if (result) {
   5854     return result;
   5855   }
   5856   return result;
   5857 }
   5858 
   5859 TPM_RC Serialize_TPMU_SCHEME_KEYEDHASH(
   5860     const TPMU_SCHEME_KEYEDHASH& value,
   5861     TPMI_ALG_KEYEDHASH_SCHEME selector,
   5862     std::string* buffer) {
   5863   TPM_RC result = TPM_RC_SUCCESS;
   5864   VLOG(3) << __func__;
   5865 
   5866   if (selector == TPM_ALG_NULL) {
   5867     // Do nothing.
   5868   }
   5869 
   5870   if (selector == TPM_ALG_HMAC) {
   5871     result = Serialize_TPMS_SCHEME_HMAC(value.hmac, buffer);
   5872     if (result) {
   5873       return result;
   5874     }
   5875   }
   5876 
   5877   if (selector == TPM_ALG_XOR) {
   5878     result = Serialize_TPMS_SCHEME_XOR(value.xor_, buffer);
   5879     if (result) {
   5880       return result;
   5881     }
   5882   }
   5883   return result;
   5884 }
   5885 
   5886 TPM_RC Parse_TPMU_SCHEME_KEYEDHASH(
   5887     std::string* buffer,
   5888     TPMI_ALG_KEYEDHASH_SCHEME selector,
   5889     TPMU_SCHEME_KEYEDHASH* value,
   5890     std::string* value_bytes) {
   5891   TPM_RC result = TPM_RC_SUCCESS;
   5892   VLOG(3) << __func__;
   5893 
   5894   if (selector == TPM_ALG_NULL) {
   5895     // Do nothing.
   5896   }
   5897 
   5898   if (selector == TPM_ALG_HMAC) {
   5899     result = Parse_TPMS_SCHEME_HMAC(
   5900         buffer,
   5901         &value->hmac,
   5902         value_bytes);
   5903     if (result) {
   5904       return result;
   5905     }
   5906   }
   5907 
   5908   if (selector == TPM_ALG_XOR) {
   5909     result = Parse_TPMS_SCHEME_XOR(
   5910         buffer,
   5911         &value->xor_,
   5912         value_bytes);
   5913     if (result) {
   5914       return result;
   5915     }
   5916   }
   5917   return result;
   5918 }
   5919 
   5920 TPM_RC Serialize_TPMT_KEYEDHASH_SCHEME(
   5921     const TPMT_KEYEDHASH_SCHEME& value,
   5922     std::string* buffer) {
   5923   TPM_RC result = TPM_RC_SUCCESS;
   5924   VLOG(3) << __func__;
   5925 
   5926   result = Serialize_TPMI_ALG_KEYEDHASH_SCHEME(value.scheme, buffer);
   5927   if (result) {
   5928     return result;
   5929   }
   5930 
   5931   result = Serialize_TPMU_SCHEME_KEYEDHASH(
   5932       value.details,
   5933       value.scheme,
   5934       buffer);
   5935   if (result) {
   5936     return result;
   5937   }
   5938   return result;
   5939 }
   5940 
   5941 TPM_RC Parse_TPMT_KEYEDHASH_SCHEME(
   5942     std::string* buffer,
   5943     TPMT_KEYEDHASH_SCHEME* value,
   5944     std::string* value_bytes) {
   5945   TPM_RC result = TPM_RC_SUCCESS;
   5946   VLOG(3) << __func__;
   5947 
   5948   result = Parse_TPMI_ALG_KEYEDHASH_SCHEME(
   5949       buffer,
   5950       &value->scheme,
   5951       value_bytes);
   5952   if (result) {
   5953     return result;
   5954   }
   5955 
   5956   result = Parse_TPMU_SCHEME_KEYEDHASH(
   5957       buffer,
   5958       value->scheme,
   5959       &value->details,
   5960       value_bytes);
   5961   if (result) {
   5962     return result;
   5963   }
   5964   return result;
   5965 }
   5966 
   5967 TPM_RC Serialize_TPMS_SCHEME_ECDAA(
   5968     const TPMS_SCHEME_ECDAA& value,
   5969     std::string* buffer) {
   5970   TPM_RC result = TPM_RC_SUCCESS;
   5971   VLOG(3) << __func__;
   5972 
   5973   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   5974   if (result) {
   5975     return result;
   5976   }
   5977 
   5978   result = Serialize_UINT16(value.count, buffer);
   5979   if (result) {
   5980     return result;
   5981   }
   5982   return result;
   5983 }
   5984 
   5985 TPM_RC Parse_TPMS_SCHEME_ECDAA(
   5986     std::string* buffer,
   5987     TPMS_SCHEME_ECDAA* value,
   5988     std::string* value_bytes) {
   5989   TPM_RC result = TPM_RC_SUCCESS;
   5990   VLOG(3) << __func__;
   5991 
   5992   result = Parse_TPMI_ALG_HASH(
   5993       buffer,
   5994       &value->hash_alg,
   5995       value_bytes);
   5996   if (result) {
   5997     return result;
   5998   }
   5999 
   6000   result = Parse_UINT16(
   6001       buffer,
   6002       &value->count,
   6003       value_bytes);
   6004   if (result) {
   6005     return result;
   6006   }
   6007   return result;
   6008 }
   6009 
   6010 TPM_RC Serialize_TPMU_SIG_SCHEME(
   6011     const TPMU_SIG_SCHEME& value,
   6012     TPMI_ALG_SIG_SCHEME selector,
   6013     std::string* buffer) {
   6014   TPM_RC result = TPM_RC_SUCCESS;
   6015   VLOG(3) << __func__;
   6016 
   6017   if (selector == TPM_ALG_HMAC) {
   6018     result = Serialize_TPMS_SCHEME_HMAC(value.hmac, buffer);
   6019     if (result) {
   6020       return result;
   6021     }
   6022   }
   6023 
   6024   if (selector == TPM_ALG_ECSCHNORR) {
   6025     result = Serialize_TPMS_SCHEME_ECSCHNORR(value.ec_schnorr, buffer);
   6026     if (result) {
   6027       return result;
   6028     }
   6029   }
   6030 
   6031   if (selector == TPM_ALG_RSAPSS) {
   6032     result = Serialize_TPMS_SCHEME_RSAPSS(value.rsapss, buffer);
   6033     if (result) {
   6034       return result;
   6035     }
   6036   }
   6037 
   6038   if (selector == TPM_ALG_ECDAA) {
   6039     result = Serialize_TPMS_SCHEME_ECDAA(value.ecdaa, buffer);
   6040     if (result) {
   6041       return result;
   6042     }
   6043   }
   6044 
   6045   if (selector == TPM_ALG_RSASSA) {
   6046     result = Serialize_TPMS_SCHEME_RSASSA(value.rsassa, buffer);
   6047     if (result) {
   6048       return result;
   6049     }
   6050   }
   6051 
   6052   if (selector == TPM_ALG_SM2) {
   6053     result = Serialize_TPMS_SCHEME_SM2(value.sm2, buffer);
   6054     if (result) {
   6055       return result;
   6056     }
   6057   }
   6058 
   6059   if (selector == TPM_ALG_ECDSA) {
   6060     result = Serialize_TPMS_SCHEME_ECDSA(value.ecdsa, buffer);
   6061     if (result) {
   6062       return result;
   6063     }
   6064   }
   6065 
   6066   if (selector == TPM_ALG_NULL) {
   6067     // Do nothing.
   6068   }
   6069   return result;
   6070 }
   6071 
   6072 TPM_RC Parse_TPMU_SIG_SCHEME(
   6073     std::string* buffer,
   6074     TPMI_ALG_SIG_SCHEME selector,
   6075     TPMU_SIG_SCHEME* value,
   6076     std::string* value_bytes) {
   6077   TPM_RC result = TPM_RC_SUCCESS;
   6078   VLOG(3) << __func__;
   6079 
   6080   if (selector == TPM_ALG_HMAC) {
   6081     result = Parse_TPMS_SCHEME_HMAC(
   6082         buffer,
   6083         &value->hmac,
   6084         value_bytes);
   6085     if (result) {
   6086       return result;
   6087     }
   6088   }
   6089 
   6090   if (selector == TPM_ALG_ECSCHNORR) {
   6091     result = Parse_TPMS_SCHEME_ECSCHNORR(
   6092         buffer,
   6093         &value->ec_schnorr,
   6094         value_bytes);
   6095     if (result) {
   6096       return result;
   6097     }
   6098   }
   6099 
   6100   if (selector == TPM_ALG_RSAPSS) {
   6101     result = Parse_TPMS_SCHEME_RSAPSS(
   6102         buffer,
   6103         &value->rsapss,
   6104         value_bytes);
   6105     if (result) {
   6106       return result;
   6107     }
   6108   }
   6109 
   6110   if (selector == TPM_ALG_ECDAA) {
   6111     result = Parse_TPMS_SCHEME_ECDAA(
   6112         buffer,
   6113         &value->ecdaa,
   6114         value_bytes);
   6115     if (result) {
   6116       return result;
   6117     }
   6118   }
   6119 
   6120   if (selector == TPM_ALG_RSASSA) {
   6121     result = Parse_TPMS_SCHEME_RSASSA(
   6122         buffer,
   6123         &value->rsassa,
   6124         value_bytes);
   6125     if (result) {
   6126       return result;
   6127     }
   6128   }
   6129 
   6130   if (selector == TPM_ALG_SM2) {
   6131     result = Parse_TPMS_SCHEME_SM2(
   6132         buffer,
   6133         &value->sm2,
   6134         value_bytes);
   6135     if (result) {
   6136       return result;
   6137     }
   6138   }
   6139 
   6140   if (selector == TPM_ALG_ECDSA) {
   6141     result = Parse_TPMS_SCHEME_ECDSA(
   6142         buffer,
   6143         &value->ecdsa,
   6144         value_bytes);
   6145     if (result) {
   6146       return result;
   6147     }
   6148   }
   6149 
   6150   if (selector == TPM_ALG_NULL) {
   6151     // Do nothing.
   6152   }
   6153   return result;
   6154 }
   6155 
   6156 TPM_RC Serialize_TPMT_SIG_SCHEME(
   6157     const TPMT_SIG_SCHEME& value,
   6158     std::string* buffer) {
   6159   TPM_RC result = TPM_RC_SUCCESS;
   6160   VLOG(3) << __func__;
   6161 
   6162   result = Serialize_TPMI_ALG_SIG_SCHEME(value.scheme, buffer);
   6163   if (result) {
   6164     return result;
   6165   }
   6166 
   6167   result = Serialize_TPMU_SIG_SCHEME(
   6168       value.details,
   6169       value.scheme,
   6170       buffer);
   6171   if (result) {
   6172     return result;
   6173   }
   6174   return result;
   6175 }
   6176 
   6177 TPM_RC Parse_TPMT_SIG_SCHEME(
   6178     std::string* buffer,
   6179     TPMT_SIG_SCHEME* value,
   6180     std::string* value_bytes) {
   6181   TPM_RC result = TPM_RC_SUCCESS;
   6182   VLOG(3) << __func__;
   6183 
   6184   result = Parse_TPMI_ALG_SIG_SCHEME(
   6185       buffer,
   6186       &value->scheme,
   6187       value_bytes);
   6188   if (result) {
   6189     return result;
   6190   }
   6191 
   6192   result = Parse_TPMU_SIG_SCHEME(
   6193       buffer,
   6194       value->scheme,
   6195       &value->details,
   6196       value_bytes);
   6197   if (result) {
   6198     return result;
   6199   }
   6200   return result;
   6201 }
   6202 
   6203 TPM_RC Serialize_TPMS_SCHEME_OAEP(
   6204     const TPMS_SCHEME_OAEP& value,
   6205     std::string* buffer) {
   6206   TPM_RC result = TPM_RC_SUCCESS;
   6207   VLOG(3) << __func__;
   6208 
   6209   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   6210   if (result) {
   6211     return result;
   6212   }
   6213   return result;
   6214 }
   6215 
   6216 TPM_RC Parse_TPMS_SCHEME_OAEP(
   6217     std::string* buffer,
   6218     TPMS_SCHEME_OAEP* value,
   6219     std::string* value_bytes) {
   6220   TPM_RC result = TPM_RC_SUCCESS;
   6221   VLOG(3) << __func__;
   6222 
   6223   result = Parse_TPMI_ALG_HASH(
   6224       buffer,
   6225       &value->hash_alg,
   6226       value_bytes);
   6227   if (result) {
   6228     return result;
   6229   }
   6230   return result;
   6231 }
   6232 
   6233 TPM_RC Serialize_TPMS_SCHEME_ECDH(
   6234     const TPMS_SCHEME_ECDH& value,
   6235     std::string* buffer) {
   6236   TPM_RC result = TPM_RC_SUCCESS;
   6237   VLOG(3) << __func__;
   6238 
   6239   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   6240   if (result) {
   6241     return result;
   6242   }
   6243   return result;
   6244 }
   6245 
   6246 TPM_RC Parse_TPMS_SCHEME_ECDH(
   6247     std::string* buffer,
   6248     TPMS_SCHEME_ECDH* value,
   6249     std::string* value_bytes) {
   6250   TPM_RC result = TPM_RC_SUCCESS;
   6251   VLOG(3) << __func__;
   6252 
   6253   result = Parse_TPMI_ALG_HASH(
   6254       buffer,
   6255       &value->hash_alg,
   6256       value_bytes);
   6257   if (result) {
   6258     return result;
   6259   }
   6260   return result;
   6261 }
   6262 
   6263 TPM_RC Serialize_TPMS_SCHEME_MGF1(
   6264     const TPMS_SCHEME_MGF1& value,
   6265     std::string* buffer) {
   6266   TPM_RC result = TPM_RC_SUCCESS;
   6267   VLOG(3) << __func__;
   6268 
   6269   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   6270   if (result) {
   6271     return result;
   6272   }
   6273   return result;
   6274 }
   6275 
   6276 TPM_RC Parse_TPMS_SCHEME_MGF1(
   6277     std::string* buffer,
   6278     TPMS_SCHEME_MGF1* value,
   6279     std::string* value_bytes) {
   6280   TPM_RC result = TPM_RC_SUCCESS;
   6281   VLOG(3) << __func__;
   6282 
   6283   result = Parse_TPMI_ALG_HASH(
   6284       buffer,
   6285       &value->hash_alg,
   6286       value_bytes);
   6287   if (result) {
   6288     return result;
   6289   }
   6290   return result;
   6291 }
   6292 
   6293 TPM_RC Serialize_TPMS_SCHEME_KDF1_SP800_56a(
   6294     const TPMS_SCHEME_KDF1_SP800_56a& value,
   6295     std::string* buffer) {
   6296   TPM_RC result = TPM_RC_SUCCESS;
   6297   VLOG(3) << __func__;
   6298 
   6299   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   6300   if (result) {
   6301     return result;
   6302   }
   6303   return result;
   6304 }
   6305 
   6306 TPM_RC Parse_TPMS_SCHEME_KDF1_SP800_56a(
   6307     std::string* buffer,
   6308     TPMS_SCHEME_KDF1_SP800_56a* value,
   6309     std::string* value_bytes) {
   6310   TPM_RC result = TPM_RC_SUCCESS;
   6311   VLOG(3) << __func__;
   6312 
   6313   result = Parse_TPMI_ALG_HASH(
   6314       buffer,
   6315       &value->hash_alg,
   6316       value_bytes);
   6317   if (result) {
   6318     return result;
   6319   }
   6320   return result;
   6321 }
   6322 
   6323 TPM_RC Serialize_TPMS_SCHEME_KDF2(
   6324     const TPMS_SCHEME_KDF2& value,
   6325     std::string* buffer) {
   6326   TPM_RC result = TPM_RC_SUCCESS;
   6327   VLOG(3) << __func__;
   6328 
   6329   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   6330   if (result) {
   6331     return result;
   6332   }
   6333   return result;
   6334 }
   6335 
   6336 TPM_RC Parse_TPMS_SCHEME_KDF2(
   6337     std::string* buffer,
   6338     TPMS_SCHEME_KDF2* value,
   6339     std::string* value_bytes) {
   6340   TPM_RC result = TPM_RC_SUCCESS;
   6341   VLOG(3) << __func__;
   6342 
   6343   result = Parse_TPMI_ALG_HASH(
   6344       buffer,
   6345       &value->hash_alg,
   6346       value_bytes);
   6347   if (result) {
   6348     return result;
   6349   }
   6350   return result;
   6351 }
   6352 
   6353 TPM_RC Serialize_TPMS_SCHEME_KDF1_SP800_108(
   6354     const TPMS_SCHEME_KDF1_SP800_108& value,
   6355     std::string* buffer) {
   6356   TPM_RC result = TPM_RC_SUCCESS;
   6357   VLOG(3) << __func__;
   6358 
   6359   result = Serialize_TPMI_ALG_HASH(value.hash_alg, buffer);
   6360   if (result) {
   6361     return result;
   6362   }
   6363   return result;
   6364 }
   6365 
   6366 TPM_RC Parse_TPMS_SCHEME_KDF1_SP800_108(
   6367     std::string* buffer,
   6368     TPMS_SCHEME_KDF1_SP800_108* value,
   6369     std::string* value_bytes) {
   6370   TPM_RC result = TPM_RC_SUCCESS;
   6371   VLOG(3) << __func__;
   6372 
   6373   result = Parse_TPMI_ALG_HASH(
   6374       buffer,
   6375       &value->hash_alg,
   6376       value_bytes);
   6377   if (result) {
   6378     return result;
   6379   }
   6380   return result;
   6381 }
   6382 
   6383 TPM_RC Serialize_TPMU_KDF_SCHEME(
   6384     const TPMU_KDF_SCHEME& value,
   6385     TPMI_ALG_KDF selector,
   6386     std::string* buffer) {
   6387   TPM_RC result = TPM_RC_SUCCESS;
   6388   VLOG(3) << __func__;
   6389 
   6390   if (selector == TPM_ALG_KDF1_SP800_56a) {
   6391     result = Serialize_TPMS_SCHEME_KDF1_SP800_56a(value.kdf1_sp800_56a, buffer);
   6392     if (result) {
   6393       return result;
   6394     }
   6395   }
   6396 
   6397   if (selector == TPM_ALG_MGF1) {
   6398     result = Serialize_TPMS_SCHEME_MGF1(value.mgf1, buffer);
   6399     if (result) {
   6400       return result;
   6401     }
   6402   }
   6403 
   6404   if (selector == TPM_ALG_KDF1_SP800_108) {
   6405     result = Serialize_TPMS_SCHEME_KDF1_SP800_108(value.kdf1_sp800_108, buffer);
   6406     if (result) {
   6407       return result;
   6408     }
   6409   }
   6410 
   6411   if (selector == TPM_ALG_KDF2) {
   6412     result = Serialize_TPMS_SCHEME_KDF2(value.kdf2, buffer);
   6413     if (result) {
   6414       return result;
   6415     }
   6416   }
   6417 
   6418   if (selector == TPM_ALG_NULL) {
   6419     // Do nothing.
   6420   }
   6421   return result;
   6422 }
   6423 
   6424 TPM_RC Parse_TPMU_KDF_SCHEME(
   6425     std::string* buffer,
   6426     TPMI_ALG_KDF selector,
   6427     TPMU_KDF_SCHEME* value,
   6428     std::string* value_bytes) {
   6429   TPM_RC result = TPM_RC_SUCCESS;
   6430   VLOG(3) << __func__;
   6431 
   6432   if (selector == TPM_ALG_KDF1_SP800_56a) {
   6433     result = Parse_TPMS_SCHEME_KDF1_SP800_56a(
   6434         buffer,
   6435         &value->kdf1_sp800_56a,
   6436         value_bytes);
   6437     if (result) {
   6438       return result;
   6439     }
   6440   }
   6441 
   6442   if (selector == TPM_ALG_MGF1) {
   6443     result = Parse_TPMS_SCHEME_MGF1(
   6444         buffer,
   6445         &value->mgf1,
   6446         value_bytes);
   6447     if (result) {
   6448       return result;
   6449     }
   6450   }
   6451 
   6452   if (selector == TPM_ALG_KDF1_SP800_108) {
   6453     result = Parse_TPMS_SCHEME_KDF1_SP800_108(
   6454         buffer,
   6455         &value->kdf1_sp800_108,
   6456         value_bytes);
   6457     if (result) {
   6458       return result;
   6459     }
   6460   }
   6461 
   6462   if (selector == TPM_ALG_KDF2) {
   6463     result = Parse_TPMS_SCHEME_KDF2(
   6464         buffer,
   6465         &value->kdf2,
   6466         value_bytes);
   6467     if (result) {
   6468       return result;
   6469     }
   6470   }
   6471 
   6472   if (selector == TPM_ALG_NULL) {
   6473     // Do nothing.
   6474   }
   6475   return result;
   6476 }
   6477 
   6478 TPM_RC Serialize_TPMT_KDF_SCHEME(
   6479     const TPMT_KDF_SCHEME& value,
   6480     std::string* buffer) {
   6481   TPM_RC result = TPM_RC_SUCCESS;
   6482   VLOG(3) << __func__;
   6483 
   6484   result = Serialize_TPMI_ALG_KDF(value.scheme, buffer);
   6485   if (result) {
   6486     return result;
   6487   }
   6488 
   6489   result = Serialize_TPMU_KDF_SCHEME(
   6490       value.details,
   6491       value.scheme,
   6492       buffer);
   6493   if (result) {
   6494     return result;
   6495   }
   6496   return result;
   6497 }
   6498 
   6499 TPM_RC Parse_TPMT_KDF_SCHEME(
   6500     std::string* buffer,
   6501     TPMT_KDF_SCHEME* value,
   6502     std::string* value_bytes) {
   6503   TPM_RC result = TPM_RC_SUCCESS;
   6504   VLOG(3) << __func__;
   6505 
   6506   result = Parse_TPMI_ALG_KDF(
   6507       buffer,
   6508       &value->scheme,
   6509       value_bytes);
   6510   if (result) {
   6511     return result;
   6512   }
   6513 
   6514   result = Parse_TPMU_KDF_SCHEME(
   6515       buffer,
   6516       value->scheme,
   6517       &value->details,
   6518       value_bytes);
   6519   if (result) {
   6520     return result;
   6521   }
   6522   return result;
   6523 }
   6524 
   6525 TPM_RC Serialize_TPMU_ASYM_SCHEME(
   6526     const TPMU_ASYM_SCHEME& value,
   6527     TPMI_ALG_ASYM_SCHEME selector,
   6528     std::string* buffer) {
   6529   TPM_RC result = TPM_RC_SUCCESS;
   6530   VLOG(3) << __func__;
   6531 
   6532   if (selector == TPM_ALG_RSAES) {
   6533     // Do nothing.
   6534   }
   6535 
   6536   if (selector == TPM_ALG_ECSCHNORR) {
   6537     result = Serialize_TPMS_SCHEME_ECSCHNORR(value.ec_schnorr, buffer);
   6538     if (result) {
   6539       return result;
   6540     }
   6541   }
   6542 
   6543   if (selector == TPM_ALG_NULL) {
   6544     // Do nothing.
   6545   }
   6546 
   6547   if (selector == TPM_ALG_ECDH) {
   6548     result = Serialize_TPMS_SCHEME_ECDH(value.ecdh, buffer);
   6549     if (result) {
   6550       return result;
   6551     }
   6552   }
   6553 
   6554   if (selector == TPM_ALG_OAEP) {
   6555     result = Serialize_TPMS_SCHEME_OAEP(value.oaep, buffer);
   6556     if (result) {
   6557       return result;
   6558     }
   6559   }
   6560 
   6561   if (selector == TPM_ALG_RSAPSS) {
   6562     result = Serialize_TPMS_SCHEME_RSAPSS(value.rsapss, buffer);
   6563     if (result) {
   6564       return result;
   6565     }
   6566   }
   6567 
   6568   if (selector == TPM_ALG_ECDAA) {
   6569     result = Serialize_TPMS_SCHEME_ECDAA(value.ecdaa, buffer);
   6570     if (result) {
   6571       return result;
   6572     }
   6573   }
   6574 
   6575   if (selector == TPM_ALG_RSASSA) {
   6576     result = Serialize_TPMS_SCHEME_RSASSA(value.rsassa, buffer);
   6577     if (result) {
   6578       return result;
   6579     }
   6580   }
   6581 
   6582   if (selector == TPM_ALG_SM2) {
   6583     result = Serialize_TPMS_SCHEME_SM2(value.sm2, buffer);
   6584     if (result) {
   6585       return result;
   6586     }
   6587   }
   6588 
   6589   if (selector == TPM_ALG_ECDSA) {
   6590     result = Serialize_TPMS_SCHEME_ECDSA(value.ecdsa, buffer);
   6591     if (result) {
   6592       return result;
   6593     }
   6594   }
   6595   return result;
   6596 }
   6597 
   6598 TPM_RC Parse_TPMU_ASYM_SCHEME(
   6599     std::string* buffer,
   6600     TPMI_ALG_ASYM_SCHEME selector,
   6601     TPMU_ASYM_SCHEME* value,
   6602     std::string* value_bytes) {
   6603   TPM_RC result = TPM_RC_SUCCESS;
   6604   VLOG(3) << __func__;
   6605 
   6606   if (selector == TPM_ALG_RSAES) {
   6607     // Do nothing.
   6608   }
   6609 
   6610   if (selector == TPM_ALG_ECSCHNORR) {
   6611     result = Parse_TPMS_SCHEME_ECSCHNORR(
   6612         buffer,
   6613         &value->ec_schnorr,
   6614         value_bytes);
   6615     if (result) {
   6616       return result;
   6617     }
   6618   }
   6619 
   6620   if (selector == TPM_ALG_NULL) {
   6621     // Do nothing.
   6622   }
   6623 
   6624   if (selector == TPM_ALG_ECDH) {
   6625     result = Parse_TPMS_SCHEME_ECDH(
   6626         buffer,
   6627         &value->ecdh,
   6628         value_bytes);
   6629     if (result) {
   6630       return result;
   6631     }
   6632   }
   6633 
   6634   if (selector == TPM_ALG_OAEP) {
   6635     result = Parse_TPMS_SCHEME_OAEP(
   6636         buffer,
   6637         &value->oaep,
   6638         value_bytes);
   6639     if (result) {
   6640       return result;
   6641     }
   6642   }
   6643 
   6644   if (selector == TPM_ALG_RSAPSS) {
   6645     result = Parse_TPMS_SCHEME_RSAPSS(
   6646         buffer,
   6647         &value->rsapss,
   6648         value_bytes);
   6649     if (result) {
   6650       return result;
   6651     }
   6652   }
   6653 
   6654   if (selector == TPM_ALG_ECDAA) {
   6655     result = Parse_TPMS_SCHEME_ECDAA(
   6656         buffer,
   6657         &value->ecdaa,
   6658         value_bytes);
   6659     if (result) {
   6660       return result;
   6661     }
   6662   }
   6663 
   6664   if (selector == TPM_ALG_RSASSA) {
   6665     result = Parse_TPMS_SCHEME_RSASSA(
   6666         buffer,
   6667         &value->rsassa,
   6668         value_bytes);
   6669     if (result) {
   6670       return result;
   6671     }
   6672   }
   6673 
   6674   if (selector == TPM_ALG_SM2) {
   6675     result = Parse_TPMS_SCHEME_SM2(
   6676         buffer,
   6677         &value->sm2,
   6678         value_bytes);
   6679     if (result) {
   6680       return result;
   6681     }
   6682   }
   6683 
   6684   if (selector == TPM_ALG_ECDSA) {
   6685     result = Parse_TPMS_SCHEME_ECDSA(
   6686         buffer,
   6687         &value->ecdsa,
   6688         value_bytes);
   6689     if (result) {
   6690       return result;
   6691     }
   6692   }
   6693   return result;
   6694 }
   6695 
   6696 TPM_RC Serialize_TPMT_ASYM_SCHEME(
   6697     const TPMT_ASYM_SCHEME& value,
   6698     std::string* buffer) {
   6699   TPM_RC result = TPM_RC_SUCCESS;
   6700   VLOG(3) << __func__;
   6701 
   6702   result = Serialize_TPMI_ALG_ASYM_SCHEME(value.scheme, buffer);
   6703   if (result) {
   6704     return result;
   6705   }
   6706 
   6707   result = Serialize_TPMU_ASYM_SCHEME(
   6708       value.details,
   6709       value.scheme,
   6710       buffer);
   6711   if (result) {
   6712     return result;
   6713   }
   6714   return result;
   6715 }
   6716 
   6717 TPM_RC Parse_TPMT_ASYM_SCHEME(
   6718     std::string* buffer,
   6719     TPMT_ASYM_SCHEME* value,
   6720     std::string* value_bytes) {
   6721   TPM_RC result = TPM_RC_SUCCESS;
   6722   VLOG(3) << __func__;
   6723 
   6724   result = Parse_TPMI_ALG_ASYM_SCHEME(
   6725       buffer,
   6726       &value->scheme,
   6727       value_bytes);
   6728   if (result) {
   6729     return result;
   6730   }
   6731 
   6732   result = Parse_TPMU_ASYM_SCHEME(
   6733       buffer,
   6734       value->scheme,
   6735       &value->details,
   6736       value_bytes);
   6737   if (result) {
   6738     return result;
   6739   }
   6740   return result;
   6741 }
   6742 
   6743 TPM_RC Serialize_TPMT_RSA_SCHEME(
   6744     const TPMT_RSA_SCHEME& value,
   6745     std::string* buffer) {
   6746   TPM_RC result = TPM_RC_SUCCESS;
   6747   VLOG(3) << __func__;
   6748 
   6749   result = Serialize_TPMI_ALG_RSA_SCHEME(value.scheme, buffer);
   6750   if (result) {
   6751     return result;
   6752   }
   6753 
   6754   result = Serialize_TPMU_ASYM_SCHEME(
   6755       value.details,
   6756       value.scheme,
   6757       buffer);
   6758   if (result) {
   6759     return result;
   6760   }
   6761   return result;
   6762 }
   6763 
   6764 TPM_RC Parse_TPMT_RSA_SCHEME(
   6765     std::string* buffer,
   6766     TPMT_RSA_SCHEME* value,
   6767     std::string* value_bytes) {
   6768   TPM_RC result = TPM_RC_SUCCESS;
   6769   VLOG(3) << __func__;
   6770 
   6771   result = Parse_TPMI_ALG_RSA_SCHEME(
   6772       buffer,
   6773       &value->scheme,
   6774       value_bytes);
   6775   if (result) {
   6776     return result;
   6777   }
   6778 
   6779   result = Parse_TPMU_ASYM_SCHEME(
   6780       buffer,
   6781       value->scheme,
   6782       &value->details,
   6783       value_bytes);
   6784   if (result) {
   6785     return result;
   6786   }
   6787   return result;
   6788 }
   6789 
   6790 TPM_RC Serialize_TPMT_RSA_DECRYPT(
   6791     const TPMT_RSA_DECRYPT& value,
   6792     std::string* buffer) {
   6793   TPM_RC result = TPM_RC_SUCCESS;
   6794   VLOG(3) << __func__;
   6795 
   6796   result = Serialize_TPMI_ALG_RSA_DECRYPT(value.scheme, buffer);
   6797   if (result) {
   6798     return result;
   6799   }
   6800 
   6801   result = Serialize_TPMU_ASYM_SCHEME(
   6802       value.details,
   6803       value.scheme,
   6804       buffer);
   6805   if (result) {
   6806     return result;
   6807   }
   6808   return result;
   6809 }
   6810 
   6811 TPM_RC Parse_TPMT_RSA_DECRYPT(
   6812     std::string* buffer,
   6813     TPMT_RSA_DECRYPT* value,
   6814     std::string* value_bytes) {
   6815   TPM_RC result = TPM_RC_SUCCESS;
   6816   VLOG(3) << __func__;
   6817 
   6818   result = Parse_TPMI_ALG_RSA_DECRYPT(
   6819       buffer,
   6820       &value->scheme,
   6821       value_bytes);
   6822   if (result) {
   6823     return result;
   6824   }
   6825 
   6826   result = Parse_TPMU_ASYM_SCHEME(
   6827       buffer,
   6828       value->scheme,
   6829       &value->details,
   6830       value_bytes);
   6831   if (result) {
   6832     return result;
   6833   }
   6834   return result;
   6835 }
   6836 
   6837 TPM_RC Serialize_TPM2B_PUBLIC_KEY_RSA(
   6838     const TPM2B_PUBLIC_KEY_RSA& value,
   6839     std::string* buffer) {
   6840   TPM_RC result = TPM_RC_SUCCESS;
   6841   VLOG(3) << __func__;
   6842 
   6843   result = Serialize_UINT16(value.size, buffer);
   6844   if (result) {
   6845     return result;
   6846   }
   6847 
   6848   if (arraysize(value.buffer) < value.size) {
   6849     return TPM_RC_INSUFFICIENT;
   6850   }
   6851   for (uint32_t i = 0; i < value.size; ++i) {
   6852     result = Serialize_BYTE(value.buffer[i], buffer);
   6853     if (result) {
   6854       return result;
   6855     }
   6856   }
   6857   return result;
   6858 }
   6859 
   6860 TPM_RC Parse_TPM2B_PUBLIC_KEY_RSA(
   6861     std::string* buffer,
   6862     TPM2B_PUBLIC_KEY_RSA* value,
   6863     std::string* value_bytes) {
   6864   TPM_RC result = TPM_RC_SUCCESS;
   6865   VLOG(3) << __func__;
   6866 
   6867   result = Parse_UINT16(
   6868       buffer,
   6869       &value->size,
   6870       value_bytes);
   6871   if (result) {
   6872     return result;
   6873   }
   6874 
   6875   if (arraysize(value->buffer) < value->size) {
   6876     return TPM_RC_INSUFFICIENT;
   6877   }
   6878   for (uint32_t i = 0; i < value->size; ++i) {
   6879     result = Parse_BYTE(
   6880         buffer,
   6881         &value->buffer[i],
   6882         value_bytes);
   6883     if (result) {
   6884       return result;
   6885     }
   6886   }
   6887   return result;
   6888 }
   6889 
   6890 TPM2B_PUBLIC_KEY_RSA Make_TPM2B_PUBLIC_KEY_RSA(
   6891     const std::string& bytes) {
   6892   TPM2B_PUBLIC_KEY_RSA tpm2b;
   6893   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   6894   memset(&tpm2b, 0, sizeof(TPM2B_PUBLIC_KEY_RSA));
   6895   tpm2b.size = bytes.size();
   6896   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   6897   return tpm2b;
   6898 }
   6899 
   6900 std::string StringFrom_TPM2B_PUBLIC_KEY_RSA(
   6901     const TPM2B_PUBLIC_KEY_RSA& tpm2b) {
   6902   const char* char_buffer = reinterpret_cast<const char*>(
   6903       tpm2b.buffer);
   6904   return std::string(char_buffer, tpm2b.size);
   6905 }
   6906 
   6907 TPM_RC Serialize_TPM2B_PRIVATE_KEY_RSA(
   6908     const TPM2B_PRIVATE_KEY_RSA& value,
   6909     std::string* buffer) {
   6910   TPM_RC result = TPM_RC_SUCCESS;
   6911   VLOG(3) << __func__;
   6912 
   6913   result = Serialize_UINT16(value.size, buffer);
   6914   if (result) {
   6915     return result;
   6916   }
   6917 
   6918   if (arraysize(value.buffer) < value.size) {
   6919     return TPM_RC_INSUFFICIENT;
   6920   }
   6921   for (uint32_t i = 0; i < value.size; ++i) {
   6922     result = Serialize_BYTE(value.buffer[i], buffer);
   6923     if (result) {
   6924       return result;
   6925     }
   6926   }
   6927   return result;
   6928 }
   6929 
   6930 TPM_RC Parse_TPM2B_PRIVATE_KEY_RSA(
   6931     std::string* buffer,
   6932     TPM2B_PRIVATE_KEY_RSA* value,
   6933     std::string* value_bytes) {
   6934   TPM_RC result = TPM_RC_SUCCESS;
   6935   VLOG(3) << __func__;
   6936 
   6937   result = Parse_UINT16(
   6938       buffer,
   6939       &value->size,
   6940       value_bytes);
   6941   if (result) {
   6942     return result;
   6943   }
   6944 
   6945   if (arraysize(value->buffer) < value->size) {
   6946     return TPM_RC_INSUFFICIENT;
   6947   }
   6948   for (uint32_t i = 0; i < value->size; ++i) {
   6949     result = Parse_BYTE(
   6950         buffer,
   6951         &value->buffer[i],
   6952         value_bytes);
   6953     if (result) {
   6954       return result;
   6955     }
   6956   }
   6957   return result;
   6958 }
   6959 
   6960 TPM2B_PRIVATE_KEY_RSA Make_TPM2B_PRIVATE_KEY_RSA(
   6961     const std::string& bytes) {
   6962   TPM2B_PRIVATE_KEY_RSA tpm2b;
   6963   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   6964   memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE_KEY_RSA));
   6965   tpm2b.size = bytes.size();
   6966   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   6967   return tpm2b;
   6968 }
   6969 
   6970 std::string StringFrom_TPM2B_PRIVATE_KEY_RSA(
   6971     const TPM2B_PRIVATE_KEY_RSA& tpm2b) {
   6972   const char* char_buffer = reinterpret_cast<const char*>(
   6973       tpm2b.buffer);
   6974   return std::string(char_buffer, tpm2b.size);
   6975 }
   6976 
   6977 TPM_RC Serialize_TPM2B_ECC_PARAMETER(
   6978     const TPM2B_ECC_PARAMETER& value,
   6979     std::string* buffer) {
   6980   TPM_RC result = TPM_RC_SUCCESS;
   6981   VLOG(3) << __func__;
   6982 
   6983   result = Serialize_UINT16(value.size, buffer);
   6984   if (result) {
   6985     return result;
   6986   }
   6987 
   6988   if (arraysize(value.buffer) < value.size) {
   6989     return TPM_RC_INSUFFICIENT;
   6990   }
   6991   for (uint32_t i = 0; i < value.size; ++i) {
   6992     result = Serialize_BYTE(value.buffer[i], buffer);
   6993     if (result) {
   6994       return result;
   6995     }
   6996   }
   6997   return result;
   6998 }
   6999 
   7000 TPM_RC Parse_TPM2B_ECC_PARAMETER(
   7001     std::string* buffer,
   7002     TPM2B_ECC_PARAMETER* value,
   7003     std::string* value_bytes) {
   7004   TPM_RC result = TPM_RC_SUCCESS;
   7005   VLOG(3) << __func__;
   7006 
   7007   result = Parse_UINT16(
   7008       buffer,
   7009       &value->size,
   7010       value_bytes);
   7011   if (result) {
   7012     return result;
   7013   }
   7014 
   7015   if (arraysize(value->buffer) < value->size) {
   7016     return TPM_RC_INSUFFICIENT;
   7017   }
   7018   for (uint32_t i = 0; i < value->size; ++i) {
   7019     result = Parse_BYTE(
   7020         buffer,
   7021         &value->buffer[i],
   7022         value_bytes);
   7023     if (result) {
   7024       return result;
   7025     }
   7026   }
   7027   return result;
   7028 }
   7029 
   7030 TPM2B_ECC_PARAMETER Make_TPM2B_ECC_PARAMETER(
   7031     const std::string& bytes) {
   7032   TPM2B_ECC_PARAMETER tpm2b;
   7033   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   7034   memset(&tpm2b, 0, sizeof(TPM2B_ECC_PARAMETER));
   7035   tpm2b.size = bytes.size();
   7036   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   7037   return tpm2b;
   7038 }
   7039 
   7040 std::string StringFrom_TPM2B_ECC_PARAMETER(
   7041     const TPM2B_ECC_PARAMETER& tpm2b) {
   7042   const char* char_buffer = reinterpret_cast<const char*>(
   7043       tpm2b.buffer);
   7044   return std::string(char_buffer, tpm2b.size);
   7045 }
   7046 
   7047 TPM_RC Serialize_TPMS_ECC_POINT(
   7048     const TPMS_ECC_POINT& value,
   7049     std::string* buffer) {
   7050   TPM_RC result = TPM_RC_SUCCESS;
   7051   VLOG(3) << __func__;
   7052 
   7053   result = Serialize_TPM2B_ECC_PARAMETER(value.x, buffer);
   7054   if (result) {
   7055     return result;
   7056   }
   7057 
   7058   result = Serialize_TPM2B_ECC_PARAMETER(value.y, buffer);
   7059   if (result) {
   7060     return result;
   7061   }
   7062   return result;
   7063 }
   7064 
   7065 TPM_RC Parse_TPMS_ECC_POINT(
   7066     std::string* buffer,
   7067     TPMS_ECC_POINT* value,
   7068     std::string* value_bytes) {
   7069   TPM_RC result = TPM_RC_SUCCESS;
   7070   VLOG(3) << __func__;
   7071 
   7072   result = Parse_TPM2B_ECC_PARAMETER(
   7073       buffer,
   7074       &value->x,
   7075       value_bytes);
   7076   if (result) {
   7077     return result;
   7078   }
   7079 
   7080   result = Parse_TPM2B_ECC_PARAMETER(
   7081       buffer,
   7082       &value->y,
   7083       value_bytes);
   7084   if (result) {
   7085     return result;
   7086   }
   7087   return result;
   7088 }
   7089 
   7090 TPM_RC Serialize_TPM2B_ECC_POINT(
   7091     const TPM2B_ECC_POINT& value,
   7092     std::string* buffer) {
   7093   TPM_RC result = TPM_RC_SUCCESS;
   7094   VLOG(3) << __func__;
   7095 
   7096   std::string field_bytes;
   7097   result = Serialize_TPMS_ECC_POINT(value.point, &field_bytes);
   7098   if (result) {
   7099     return result;
   7100   }
   7101   std::string size_bytes;
   7102   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   7103   if (result) {
   7104     return result;
   7105   }
   7106   buffer->append(size_bytes + field_bytes);
   7107   return result;
   7108 }
   7109 
   7110 TPM_RC Parse_TPM2B_ECC_POINT(
   7111     std::string* buffer,
   7112     TPM2B_ECC_POINT* value,
   7113     std::string* value_bytes) {
   7114   TPM_RC result = TPM_RC_SUCCESS;
   7115   VLOG(3) << __func__;
   7116 
   7117   result = Parse_UINT16(
   7118       buffer,
   7119       &value->size,
   7120       value_bytes);
   7121   if (result) {
   7122     return result;
   7123   }
   7124 
   7125   result = Parse_TPMS_ECC_POINT(
   7126       buffer,
   7127       &value->point,
   7128       value_bytes);
   7129   if (result) {
   7130     return result;
   7131   }
   7132   return result;
   7133 }
   7134 
   7135 TPM2B_ECC_POINT Make_TPM2B_ECC_POINT(
   7136     const TPMS_ECC_POINT& inner) {
   7137   TPM2B_ECC_POINT tpm2b;
   7138   tpm2b.size = sizeof(TPMS_ECC_POINT);
   7139   tpm2b.point = inner;
   7140   return tpm2b;
   7141 }
   7142 
   7143 TPM_RC Serialize_TPMT_ECC_SCHEME(
   7144     const TPMT_ECC_SCHEME& value,
   7145     std::string* buffer) {
   7146   TPM_RC result = TPM_RC_SUCCESS;
   7147   VLOG(3) << __func__;
   7148 
   7149   result = Serialize_TPMI_ALG_ECC_SCHEME(value.scheme, buffer);
   7150   if (result) {
   7151     return result;
   7152   }
   7153 
   7154   result = Serialize_TPMU_SIG_SCHEME(
   7155       value.details,
   7156       value.scheme,
   7157       buffer);
   7158   if (result) {
   7159     return result;
   7160   }
   7161   return result;
   7162 }
   7163 
   7164 TPM_RC Parse_TPMT_ECC_SCHEME(
   7165     std::string* buffer,
   7166     TPMT_ECC_SCHEME* value,
   7167     std::string* value_bytes) {
   7168   TPM_RC result = TPM_RC_SUCCESS;
   7169   VLOG(3) << __func__;
   7170 
   7171   result = Parse_TPMI_ALG_ECC_SCHEME(
   7172       buffer,
   7173       &value->scheme,
   7174       value_bytes);
   7175   if (result) {
   7176     return result;
   7177   }
   7178 
   7179   result = Parse_TPMU_SIG_SCHEME(
   7180       buffer,
   7181       value->scheme,
   7182       &value->details,
   7183       value_bytes);
   7184   if (result) {
   7185     return result;
   7186   }
   7187   return result;
   7188 }
   7189 
   7190 TPM_RC Serialize_TPMS_ALGORITHM_DETAIL_ECC(
   7191     const TPMS_ALGORITHM_DETAIL_ECC& value,
   7192     std::string* buffer) {
   7193   TPM_RC result = TPM_RC_SUCCESS;
   7194   VLOG(3) << __func__;
   7195 
   7196   result = Serialize_TPM_ECC_CURVE(value.curve_id, buffer);
   7197   if (result) {
   7198     return result;
   7199   }
   7200 
   7201   result = Serialize_UINT16(value.key_size, buffer);
   7202   if (result) {
   7203     return result;
   7204   }
   7205 
   7206   result = Serialize_TPMT_KDF_SCHEME(value.kdf, buffer);
   7207   if (result) {
   7208     return result;
   7209   }
   7210 
   7211   result = Serialize_TPMT_ECC_SCHEME(value.sign, buffer);
   7212   if (result) {
   7213     return result;
   7214   }
   7215 
   7216   result = Serialize_TPM2B_ECC_PARAMETER(value.p, buffer);
   7217   if (result) {
   7218     return result;
   7219   }
   7220 
   7221   result = Serialize_TPM2B_ECC_PARAMETER(value.a, buffer);
   7222   if (result) {
   7223     return result;
   7224   }
   7225 
   7226   result = Serialize_TPM2B_ECC_PARAMETER(value.b, buffer);
   7227   if (result) {
   7228     return result;
   7229   }
   7230 
   7231   result = Serialize_TPM2B_ECC_PARAMETER(value.g_x, buffer);
   7232   if (result) {
   7233     return result;
   7234   }
   7235 
   7236   result = Serialize_TPM2B_ECC_PARAMETER(value.g_y, buffer);
   7237   if (result) {
   7238     return result;
   7239   }
   7240 
   7241   result = Serialize_TPM2B_ECC_PARAMETER(value.n, buffer);
   7242   if (result) {
   7243     return result;
   7244   }
   7245 
   7246   result = Serialize_TPM2B_ECC_PARAMETER(value.h, buffer);
   7247   if (result) {
   7248     return result;
   7249   }
   7250   return result;
   7251 }
   7252 
   7253 TPM_RC Parse_TPMS_ALGORITHM_DETAIL_ECC(
   7254     std::string* buffer,
   7255     TPMS_ALGORITHM_DETAIL_ECC* value,
   7256     std::string* value_bytes) {
   7257   TPM_RC result = TPM_RC_SUCCESS;
   7258   VLOG(3) << __func__;
   7259 
   7260   result = Parse_TPM_ECC_CURVE(
   7261       buffer,
   7262       &value->curve_id,
   7263       value_bytes);
   7264   if (result) {
   7265     return result;
   7266   }
   7267 
   7268   result = Parse_UINT16(
   7269       buffer,
   7270       &value->key_size,
   7271       value_bytes);
   7272   if (result) {
   7273     return result;
   7274   }
   7275 
   7276   result = Parse_TPMT_KDF_SCHEME(
   7277       buffer,
   7278       &value->kdf,
   7279       value_bytes);
   7280   if (result) {
   7281     return result;
   7282   }
   7283 
   7284   result = Parse_TPMT_ECC_SCHEME(
   7285       buffer,
   7286       &value->sign,
   7287       value_bytes);
   7288   if (result) {
   7289     return result;
   7290   }
   7291 
   7292   result = Parse_TPM2B_ECC_PARAMETER(
   7293       buffer,
   7294       &value->p,
   7295       value_bytes);
   7296   if (result) {
   7297     return result;
   7298   }
   7299 
   7300   result = Parse_TPM2B_ECC_PARAMETER(
   7301       buffer,
   7302       &value->a,
   7303       value_bytes);
   7304   if (result) {
   7305     return result;
   7306   }
   7307 
   7308   result = Parse_TPM2B_ECC_PARAMETER(
   7309       buffer,
   7310       &value->b,
   7311       value_bytes);
   7312   if (result) {
   7313     return result;
   7314   }
   7315 
   7316   result = Parse_TPM2B_ECC_PARAMETER(
   7317       buffer,
   7318       &value->g_x,
   7319       value_bytes);
   7320   if (result) {
   7321     return result;
   7322   }
   7323 
   7324   result = Parse_TPM2B_ECC_PARAMETER(
   7325       buffer,
   7326       &value->g_y,
   7327       value_bytes);
   7328   if (result) {
   7329     return result;
   7330   }
   7331 
   7332   result = Parse_TPM2B_ECC_PARAMETER(
   7333       buffer,
   7334       &value->n,
   7335       value_bytes);
   7336   if (result) {
   7337     return result;
   7338   }
   7339 
   7340   result = Parse_TPM2B_ECC_PARAMETER(
   7341       buffer,
   7342       &value->h,
   7343       value_bytes);
   7344   if (result) {
   7345     return result;
   7346   }
   7347   return result;
   7348 }
   7349 
   7350 TPM_RC Serialize_TPMS_SIGNATURE_RSASSA(
   7351     const TPMS_SIGNATURE_RSASSA& value,
   7352     std::string* buffer) {
   7353   TPM_RC result = TPM_RC_SUCCESS;
   7354   VLOG(3) << __func__;
   7355 
   7356   result = Serialize_TPMI_ALG_HASH(value.hash, buffer);
   7357   if (result) {
   7358     return result;
   7359   }
   7360 
   7361   result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.sig, buffer);
   7362   if (result) {
   7363     return result;
   7364   }
   7365   return result;
   7366 }
   7367 
   7368 TPM_RC Parse_TPMS_SIGNATURE_RSASSA(
   7369     std::string* buffer,
   7370     TPMS_SIGNATURE_RSASSA* value,
   7371     std::string* value_bytes) {
   7372   TPM_RC result = TPM_RC_SUCCESS;
   7373   VLOG(3) << __func__;
   7374 
   7375   result = Parse_TPMI_ALG_HASH(
   7376       buffer,
   7377       &value->hash,
   7378       value_bytes);
   7379   if (result) {
   7380     return result;
   7381   }
   7382 
   7383   result = Parse_TPM2B_PUBLIC_KEY_RSA(
   7384       buffer,
   7385       &value->sig,
   7386       value_bytes);
   7387   if (result) {
   7388     return result;
   7389   }
   7390   return result;
   7391 }
   7392 
   7393 TPM_RC Serialize_TPMS_SIGNATURE_RSAPSS(
   7394     const TPMS_SIGNATURE_RSAPSS& value,
   7395     std::string* buffer) {
   7396   TPM_RC result = TPM_RC_SUCCESS;
   7397   VLOG(3) << __func__;
   7398 
   7399   result = Serialize_TPMI_ALG_HASH(value.hash, buffer);
   7400   if (result) {
   7401     return result;
   7402   }
   7403 
   7404   result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.sig, buffer);
   7405   if (result) {
   7406     return result;
   7407   }
   7408   return result;
   7409 }
   7410 
   7411 TPM_RC Parse_TPMS_SIGNATURE_RSAPSS(
   7412     std::string* buffer,
   7413     TPMS_SIGNATURE_RSAPSS* value,
   7414     std::string* value_bytes) {
   7415   TPM_RC result = TPM_RC_SUCCESS;
   7416   VLOG(3) << __func__;
   7417 
   7418   result = Parse_TPMI_ALG_HASH(
   7419       buffer,
   7420       &value->hash,
   7421       value_bytes);
   7422   if (result) {
   7423     return result;
   7424   }
   7425 
   7426   result = Parse_TPM2B_PUBLIC_KEY_RSA(
   7427       buffer,
   7428       &value->sig,
   7429       value_bytes);
   7430   if (result) {
   7431     return result;
   7432   }
   7433   return result;
   7434 }
   7435 
   7436 TPM_RC Serialize_TPMS_SIGNATURE_ECDSA(
   7437     const TPMS_SIGNATURE_ECDSA& value,
   7438     std::string* buffer) {
   7439   TPM_RC result = TPM_RC_SUCCESS;
   7440   VLOG(3) << __func__;
   7441 
   7442   result = Serialize_TPMI_ALG_HASH(value.hash, buffer);
   7443   if (result) {
   7444     return result;
   7445   }
   7446 
   7447   result = Serialize_TPM2B_ECC_PARAMETER(value.signature_r, buffer);
   7448   if (result) {
   7449     return result;
   7450   }
   7451 
   7452   result = Serialize_TPM2B_ECC_PARAMETER(value.signature_s, buffer);
   7453   if (result) {
   7454     return result;
   7455   }
   7456   return result;
   7457 }
   7458 
   7459 TPM_RC Parse_TPMS_SIGNATURE_ECDSA(
   7460     std::string* buffer,
   7461     TPMS_SIGNATURE_ECDSA* value,
   7462     std::string* value_bytes) {
   7463   TPM_RC result = TPM_RC_SUCCESS;
   7464   VLOG(3) << __func__;
   7465 
   7466   result = Parse_TPMI_ALG_HASH(
   7467       buffer,
   7468       &value->hash,
   7469       value_bytes);
   7470   if (result) {
   7471     return result;
   7472   }
   7473 
   7474   result = Parse_TPM2B_ECC_PARAMETER(
   7475       buffer,
   7476       &value->signature_r,
   7477       value_bytes);
   7478   if (result) {
   7479     return result;
   7480   }
   7481 
   7482   result = Parse_TPM2B_ECC_PARAMETER(
   7483       buffer,
   7484       &value->signature_s,
   7485       value_bytes);
   7486   if (result) {
   7487     return result;
   7488   }
   7489   return result;
   7490 }
   7491 
   7492 TPM_RC Serialize_TPMU_SIGNATURE(
   7493     const TPMU_SIGNATURE& value,
   7494     TPMI_ALG_SIG_SCHEME selector,
   7495     std::string* buffer) {
   7496   TPM_RC result = TPM_RC_SUCCESS;
   7497   VLOG(3) << __func__;
   7498 
   7499   if (selector == TPM_ALG_HMAC) {
   7500     result = Serialize_TPMT_HA(value.hmac, buffer);
   7501     if (result) {
   7502       return result;
   7503     }
   7504   }
   7505 
   7506   if (selector == TPM_ALG_ECSCHNORR) {
   7507     result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecschnorr, buffer);
   7508     if (result) {
   7509       return result;
   7510     }
   7511   }
   7512 
   7513   if (selector == TPM_ALG_RSAPSS) {
   7514     result = Serialize_TPMS_SIGNATURE_RSAPSS(value.rsapss, buffer);
   7515     if (result) {
   7516       return result;
   7517     }
   7518   }
   7519 
   7520   if (selector == TPM_ALG_ECDAA) {
   7521     result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecdaa, buffer);
   7522     if (result) {
   7523       return result;
   7524     }
   7525   }
   7526 
   7527   if (selector == TPM_ALG_RSASSA) {
   7528     result = Serialize_TPMS_SIGNATURE_RSASSA(value.rsassa, buffer);
   7529     if (result) {
   7530       return result;
   7531     }
   7532   }
   7533 
   7534   if (selector == TPM_ALG_SM2) {
   7535     result = Serialize_TPMS_SIGNATURE_ECDSA(value.sm2, buffer);
   7536     if (result) {
   7537       return result;
   7538     }
   7539   }
   7540 
   7541   if (selector == TPM_ALG_ECDSA) {
   7542     result = Serialize_TPMS_SIGNATURE_ECDSA(value.ecdsa, buffer);
   7543     if (result) {
   7544       return result;
   7545     }
   7546   }
   7547 
   7548   if (selector == TPM_ALG_NULL) {
   7549     // Do nothing.
   7550   }
   7551   return result;
   7552 }
   7553 
   7554 TPM_RC Parse_TPMU_SIGNATURE(
   7555     std::string* buffer,
   7556     TPMI_ALG_SIG_SCHEME selector,
   7557     TPMU_SIGNATURE* value,
   7558     std::string* value_bytes) {
   7559   TPM_RC result = TPM_RC_SUCCESS;
   7560   VLOG(3) << __func__;
   7561 
   7562   if (selector == TPM_ALG_HMAC) {
   7563     result = Parse_TPMT_HA(
   7564         buffer,
   7565         &value->hmac,
   7566         value_bytes);
   7567     if (result) {
   7568       return result;
   7569     }
   7570   }
   7571 
   7572   if (selector == TPM_ALG_ECSCHNORR) {
   7573     result = Parse_TPMS_SIGNATURE_ECDSA(
   7574         buffer,
   7575         &value->ecschnorr,
   7576         value_bytes);
   7577     if (result) {
   7578       return result;
   7579     }
   7580   }
   7581 
   7582   if (selector == TPM_ALG_RSAPSS) {
   7583     result = Parse_TPMS_SIGNATURE_RSAPSS(
   7584         buffer,
   7585         &value->rsapss,
   7586         value_bytes);
   7587     if (result) {
   7588       return result;
   7589     }
   7590   }
   7591 
   7592   if (selector == TPM_ALG_ECDAA) {
   7593     result = Parse_TPMS_SIGNATURE_ECDSA(
   7594         buffer,
   7595         &value->ecdaa,
   7596         value_bytes);
   7597     if (result) {
   7598       return result;
   7599     }
   7600   }
   7601 
   7602   if (selector == TPM_ALG_RSASSA) {
   7603     result = Parse_TPMS_SIGNATURE_RSASSA(
   7604         buffer,
   7605         &value->rsassa,
   7606         value_bytes);
   7607     if (result) {
   7608       return result;
   7609     }
   7610   }
   7611 
   7612   if (selector == TPM_ALG_SM2) {
   7613     result = Parse_TPMS_SIGNATURE_ECDSA(
   7614         buffer,
   7615         &value->sm2,
   7616         value_bytes);
   7617     if (result) {
   7618       return result;
   7619     }
   7620   }
   7621 
   7622   if (selector == TPM_ALG_ECDSA) {
   7623     result = Parse_TPMS_SIGNATURE_ECDSA(
   7624         buffer,
   7625         &value->ecdsa,
   7626         value_bytes);
   7627     if (result) {
   7628       return result;
   7629     }
   7630   }
   7631 
   7632   if (selector == TPM_ALG_NULL) {
   7633     // Do nothing.
   7634   }
   7635   return result;
   7636 }
   7637 
   7638 TPM_RC Serialize_TPMT_SIGNATURE(
   7639     const TPMT_SIGNATURE& value,
   7640     std::string* buffer) {
   7641   TPM_RC result = TPM_RC_SUCCESS;
   7642   VLOG(3) << __func__;
   7643 
   7644   result = Serialize_TPMI_ALG_SIG_SCHEME(value.sig_alg, buffer);
   7645   if (result) {
   7646     return result;
   7647   }
   7648 
   7649   result = Serialize_TPMU_SIGNATURE(
   7650       value.signature,
   7651       value.sig_alg,
   7652       buffer);
   7653   if (result) {
   7654     return result;
   7655   }
   7656   return result;
   7657 }
   7658 
   7659 TPM_RC Parse_TPMT_SIGNATURE(
   7660     std::string* buffer,
   7661     TPMT_SIGNATURE* value,
   7662     std::string* value_bytes) {
   7663   TPM_RC result = TPM_RC_SUCCESS;
   7664   VLOG(3) << __func__;
   7665 
   7666   result = Parse_TPMI_ALG_SIG_SCHEME(
   7667       buffer,
   7668       &value->sig_alg,
   7669       value_bytes);
   7670   if (result) {
   7671     return result;
   7672   }
   7673 
   7674   result = Parse_TPMU_SIGNATURE(
   7675       buffer,
   7676       value->sig_alg,
   7677       &value->signature,
   7678       value_bytes);
   7679   if (result) {
   7680     return result;
   7681   }
   7682   return result;
   7683 }
   7684 
   7685 TPM_RC Serialize_TPM2B_ENCRYPTED_SECRET(
   7686     const TPM2B_ENCRYPTED_SECRET& value,
   7687     std::string* buffer) {
   7688   TPM_RC result = TPM_RC_SUCCESS;
   7689   VLOG(3) << __func__;
   7690 
   7691   result = Serialize_UINT16(value.size, buffer);
   7692   if (result) {
   7693     return result;
   7694   }
   7695 
   7696   if (arraysize(value.secret) < value.size) {
   7697     return TPM_RC_INSUFFICIENT;
   7698   }
   7699   for (uint32_t i = 0; i < value.size; ++i) {
   7700     result = Serialize_BYTE(value.secret[i], buffer);
   7701     if (result) {
   7702       return result;
   7703     }
   7704   }
   7705   return result;
   7706 }
   7707 
   7708 TPM_RC Parse_TPM2B_ENCRYPTED_SECRET(
   7709     std::string* buffer,
   7710     TPM2B_ENCRYPTED_SECRET* value,
   7711     std::string* value_bytes) {
   7712   TPM_RC result = TPM_RC_SUCCESS;
   7713   VLOG(3) << __func__;
   7714 
   7715   result = Parse_UINT16(
   7716       buffer,
   7717       &value->size,
   7718       value_bytes);
   7719   if (result) {
   7720     return result;
   7721   }
   7722 
   7723   if (arraysize(value->secret) < value->size) {
   7724     return TPM_RC_INSUFFICIENT;
   7725   }
   7726   for (uint32_t i = 0; i < value->size; ++i) {
   7727     result = Parse_BYTE(
   7728         buffer,
   7729         &value->secret[i],
   7730         value_bytes);
   7731     if (result) {
   7732       return result;
   7733     }
   7734   }
   7735   return result;
   7736 }
   7737 
   7738 TPM2B_ENCRYPTED_SECRET Make_TPM2B_ENCRYPTED_SECRET(
   7739     const std::string& bytes) {
   7740   TPM2B_ENCRYPTED_SECRET tpm2b;
   7741   CHECK(bytes.size() <= sizeof(tpm2b.secret));
   7742   memset(&tpm2b, 0, sizeof(TPM2B_ENCRYPTED_SECRET));
   7743   tpm2b.size = bytes.size();
   7744   memcpy(tpm2b.secret, bytes.data(), bytes.size());
   7745   return tpm2b;
   7746 }
   7747 
   7748 std::string StringFrom_TPM2B_ENCRYPTED_SECRET(
   7749     const TPM2B_ENCRYPTED_SECRET& tpm2b) {
   7750   const char* char_buffer = reinterpret_cast<const char*>(
   7751       tpm2b.secret);
   7752   return std::string(char_buffer, tpm2b.size);
   7753 }
   7754 
   7755 TPM_RC Serialize_TPMS_KEYEDHASH_PARMS(
   7756     const TPMS_KEYEDHASH_PARMS& value,
   7757     std::string* buffer) {
   7758   TPM_RC result = TPM_RC_SUCCESS;
   7759   VLOG(3) << __func__;
   7760 
   7761   result = Serialize_TPMT_KEYEDHASH_SCHEME(value.scheme, buffer);
   7762   if (result) {
   7763     return result;
   7764   }
   7765   return result;
   7766 }
   7767 
   7768 TPM_RC Parse_TPMS_KEYEDHASH_PARMS(
   7769     std::string* buffer,
   7770     TPMS_KEYEDHASH_PARMS* value,
   7771     std::string* value_bytes) {
   7772   TPM_RC result = TPM_RC_SUCCESS;
   7773   VLOG(3) << __func__;
   7774 
   7775   result = Parse_TPMT_KEYEDHASH_SCHEME(
   7776       buffer,
   7777       &value->scheme,
   7778       value_bytes);
   7779   if (result) {
   7780     return result;
   7781   }
   7782   return result;
   7783 }
   7784 
   7785 TPM_RC Serialize_TPMS_ASYM_PARMS(
   7786     const TPMS_ASYM_PARMS& value,
   7787     std::string* buffer) {
   7788   TPM_RC result = TPM_RC_SUCCESS;
   7789   VLOG(3) << __func__;
   7790 
   7791   result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer);
   7792   if (result) {
   7793     return result;
   7794   }
   7795 
   7796   result = Serialize_TPMT_ASYM_SCHEME(value.scheme, buffer);
   7797   if (result) {
   7798     return result;
   7799   }
   7800   return result;
   7801 }
   7802 
   7803 TPM_RC Parse_TPMS_ASYM_PARMS(
   7804     std::string* buffer,
   7805     TPMS_ASYM_PARMS* value,
   7806     std::string* value_bytes) {
   7807   TPM_RC result = TPM_RC_SUCCESS;
   7808   VLOG(3) << __func__;
   7809 
   7810   result = Parse_TPMT_SYM_DEF_OBJECT(
   7811       buffer,
   7812       &value->symmetric,
   7813       value_bytes);
   7814   if (result) {
   7815     return result;
   7816   }
   7817 
   7818   result = Parse_TPMT_ASYM_SCHEME(
   7819       buffer,
   7820       &value->scheme,
   7821       value_bytes);
   7822   if (result) {
   7823     return result;
   7824   }
   7825   return result;
   7826 }
   7827 
   7828 TPM_RC Serialize_TPMS_RSA_PARMS(
   7829     const TPMS_RSA_PARMS& value,
   7830     std::string* buffer) {
   7831   TPM_RC result = TPM_RC_SUCCESS;
   7832   VLOG(3) << __func__;
   7833 
   7834   result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer);
   7835   if (result) {
   7836     return result;
   7837   }
   7838 
   7839   result = Serialize_TPMT_RSA_SCHEME(value.scheme, buffer);
   7840   if (result) {
   7841     return result;
   7842   }
   7843 
   7844   result = Serialize_TPMI_RSA_KEY_BITS(value.key_bits, buffer);
   7845   if (result) {
   7846     return result;
   7847   }
   7848 
   7849   result = Serialize_UINT32(value.exponent, buffer);
   7850   if (result) {
   7851     return result;
   7852   }
   7853   return result;
   7854 }
   7855 
   7856 TPM_RC Parse_TPMS_RSA_PARMS(
   7857     std::string* buffer,
   7858     TPMS_RSA_PARMS* value,
   7859     std::string* value_bytes) {
   7860   TPM_RC result = TPM_RC_SUCCESS;
   7861   VLOG(3) << __func__;
   7862 
   7863   result = Parse_TPMT_SYM_DEF_OBJECT(
   7864       buffer,
   7865       &value->symmetric,
   7866       value_bytes);
   7867   if (result) {
   7868     return result;
   7869   }
   7870 
   7871   result = Parse_TPMT_RSA_SCHEME(
   7872       buffer,
   7873       &value->scheme,
   7874       value_bytes);
   7875   if (result) {
   7876     return result;
   7877   }
   7878 
   7879   result = Parse_TPMI_RSA_KEY_BITS(
   7880       buffer,
   7881       &value->key_bits,
   7882       value_bytes);
   7883   if (result) {
   7884     return result;
   7885   }
   7886 
   7887   result = Parse_UINT32(
   7888       buffer,
   7889       &value->exponent,
   7890       value_bytes);
   7891   if (result) {
   7892     return result;
   7893   }
   7894   return result;
   7895 }
   7896 
   7897 TPM_RC Serialize_TPMS_ECC_PARMS(
   7898     const TPMS_ECC_PARMS& value,
   7899     std::string* buffer) {
   7900   TPM_RC result = TPM_RC_SUCCESS;
   7901   VLOG(3) << __func__;
   7902 
   7903   result = Serialize_TPMT_SYM_DEF_OBJECT(value.symmetric, buffer);
   7904   if (result) {
   7905     return result;
   7906   }
   7907 
   7908   result = Serialize_TPMT_ECC_SCHEME(value.scheme, buffer);
   7909   if (result) {
   7910     return result;
   7911   }
   7912 
   7913   result = Serialize_TPMI_ECC_CURVE(value.curve_id, buffer);
   7914   if (result) {
   7915     return result;
   7916   }
   7917 
   7918   result = Serialize_TPMT_KDF_SCHEME(value.kdf, buffer);
   7919   if (result) {
   7920     return result;
   7921   }
   7922   return result;
   7923 }
   7924 
   7925 TPM_RC Parse_TPMS_ECC_PARMS(
   7926     std::string* buffer,
   7927     TPMS_ECC_PARMS* value,
   7928     std::string* value_bytes) {
   7929   TPM_RC result = TPM_RC_SUCCESS;
   7930   VLOG(3) << __func__;
   7931 
   7932   result = Parse_TPMT_SYM_DEF_OBJECT(
   7933       buffer,
   7934       &value->symmetric,
   7935       value_bytes);
   7936   if (result) {
   7937     return result;
   7938   }
   7939 
   7940   result = Parse_TPMT_ECC_SCHEME(
   7941       buffer,
   7942       &value->scheme,
   7943       value_bytes);
   7944   if (result) {
   7945     return result;
   7946   }
   7947 
   7948   result = Parse_TPMI_ECC_CURVE(
   7949       buffer,
   7950       &value->curve_id,
   7951       value_bytes);
   7952   if (result) {
   7953     return result;
   7954   }
   7955 
   7956   result = Parse_TPMT_KDF_SCHEME(
   7957       buffer,
   7958       &value->kdf,
   7959       value_bytes);
   7960   if (result) {
   7961     return result;
   7962   }
   7963   return result;
   7964 }
   7965 
   7966 TPM_RC Serialize_TPMU_PUBLIC_PARMS(
   7967     const TPMU_PUBLIC_PARMS& value,
   7968     TPMI_ALG_PUBLIC selector,
   7969     std::string* buffer) {
   7970   TPM_RC result = TPM_RC_SUCCESS;
   7971   VLOG(3) << __func__;
   7972 
   7973   if (selector == TPM_ALG_KEYEDHASH) {
   7974     result = Serialize_TPMS_KEYEDHASH_PARMS(value.keyed_hash_detail, buffer);
   7975     if (result) {
   7976       return result;
   7977     }
   7978   }
   7979 
   7980   if (selector == TPM_ALG_RSA) {
   7981     result = Serialize_TPMS_RSA_PARMS(value.rsa_detail, buffer);
   7982     if (result) {
   7983       return result;
   7984     }
   7985   }
   7986 
   7987   if (selector == TPM_ALG_SYMCIPHER) {
   7988     result = Serialize_TPMS_SYMCIPHER_PARMS(value.sym_detail, buffer);
   7989     if (result) {
   7990       return result;
   7991     }
   7992   }
   7993 
   7994   if (selector == TPM_ALG_ECC) {
   7995     result = Serialize_TPMS_ECC_PARMS(value.ecc_detail, buffer);
   7996     if (result) {
   7997       return result;
   7998     }
   7999   }
   8000   return result;
   8001 }
   8002 
   8003 TPM_RC Parse_TPMU_PUBLIC_PARMS(
   8004     std::string* buffer,
   8005     TPMI_ALG_PUBLIC selector,
   8006     TPMU_PUBLIC_PARMS* value,
   8007     std::string* value_bytes) {
   8008   TPM_RC result = TPM_RC_SUCCESS;
   8009   VLOG(3) << __func__;
   8010 
   8011   if (selector == TPM_ALG_KEYEDHASH) {
   8012     result = Parse_TPMS_KEYEDHASH_PARMS(
   8013         buffer,
   8014         &value->keyed_hash_detail,
   8015         value_bytes);
   8016     if (result) {
   8017       return result;
   8018     }
   8019   }
   8020 
   8021   if (selector == TPM_ALG_RSA) {
   8022     result = Parse_TPMS_RSA_PARMS(
   8023         buffer,
   8024         &value->rsa_detail,
   8025         value_bytes);
   8026     if (result) {
   8027       return result;
   8028     }
   8029   }
   8030 
   8031   if (selector == TPM_ALG_SYMCIPHER) {
   8032     result = Parse_TPMS_SYMCIPHER_PARMS(
   8033         buffer,
   8034         &value->sym_detail,
   8035         value_bytes);
   8036     if (result) {
   8037       return result;
   8038     }
   8039   }
   8040 
   8041   if (selector == TPM_ALG_ECC) {
   8042     result = Parse_TPMS_ECC_PARMS(
   8043         buffer,
   8044         &value->ecc_detail,
   8045         value_bytes);
   8046     if (result) {
   8047       return result;
   8048     }
   8049   }
   8050   return result;
   8051 }
   8052 
   8053 TPM_RC Serialize_TPMT_PUBLIC_PARMS(
   8054     const TPMT_PUBLIC_PARMS& value,
   8055     std::string* buffer) {
   8056   TPM_RC result = TPM_RC_SUCCESS;
   8057   VLOG(3) << __func__;
   8058 
   8059   result = Serialize_TPMI_ALG_PUBLIC(value.type, buffer);
   8060   if (result) {
   8061     return result;
   8062   }
   8063 
   8064   result = Serialize_TPMU_PUBLIC_PARMS(
   8065       value.parameters,
   8066       value.type,
   8067       buffer);
   8068   if (result) {
   8069     return result;
   8070   }
   8071   return result;
   8072 }
   8073 
   8074 TPM_RC Parse_TPMT_PUBLIC_PARMS(
   8075     std::string* buffer,
   8076     TPMT_PUBLIC_PARMS* value,
   8077     std::string* value_bytes) {
   8078   TPM_RC result = TPM_RC_SUCCESS;
   8079   VLOG(3) << __func__;
   8080 
   8081   result = Parse_TPMI_ALG_PUBLIC(
   8082       buffer,
   8083       &value->type,
   8084       value_bytes);
   8085   if (result) {
   8086     return result;
   8087   }
   8088 
   8089   result = Parse_TPMU_PUBLIC_PARMS(
   8090       buffer,
   8091       value->type,
   8092       &value->parameters,
   8093       value_bytes);
   8094   if (result) {
   8095     return result;
   8096   }
   8097   return result;
   8098 }
   8099 
   8100 TPM_RC Serialize_TPMU_PUBLIC_ID(
   8101     const TPMU_PUBLIC_ID& value,
   8102     TPMI_ALG_PUBLIC selector,
   8103     std::string* buffer) {
   8104   TPM_RC result = TPM_RC_SUCCESS;
   8105   VLOG(3) << __func__;
   8106 
   8107   if (selector == TPM_ALG_KEYEDHASH) {
   8108     result = Serialize_TPM2B_DIGEST(value.keyed_hash, buffer);
   8109     if (result) {
   8110       return result;
   8111     }
   8112   }
   8113 
   8114   if (selector == TPM_ALG_RSA) {
   8115     result = Serialize_TPM2B_PUBLIC_KEY_RSA(value.rsa, buffer);
   8116     if (result) {
   8117       return result;
   8118     }
   8119   }
   8120 
   8121   if (selector == TPM_ALG_SYMCIPHER) {
   8122     result = Serialize_TPM2B_DIGEST(value.sym, buffer);
   8123     if (result) {
   8124       return result;
   8125     }
   8126   }
   8127 
   8128   if (selector == TPM_ALG_ECC) {
   8129     result = Serialize_TPMS_ECC_POINT(value.ecc, buffer);
   8130     if (result) {
   8131       return result;
   8132     }
   8133   }
   8134   return result;
   8135 }
   8136 
   8137 TPM_RC Parse_TPMU_PUBLIC_ID(
   8138     std::string* buffer,
   8139     TPMI_ALG_PUBLIC selector,
   8140     TPMU_PUBLIC_ID* value,
   8141     std::string* value_bytes) {
   8142   TPM_RC result = TPM_RC_SUCCESS;
   8143   VLOG(3) << __func__;
   8144 
   8145   if (selector == TPM_ALG_KEYEDHASH) {
   8146     result = Parse_TPM2B_DIGEST(
   8147         buffer,
   8148         &value->keyed_hash,
   8149         value_bytes);
   8150     if (result) {
   8151       return result;
   8152     }
   8153   }
   8154 
   8155   if (selector == TPM_ALG_RSA) {
   8156     result = Parse_TPM2B_PUBLIC_KEY_RSA(
   8157         buffer,
   8158         &value->rsa,
   8159         value_bytes);
   8160     if (result) {
   8161       return result;
   8162     }
   8163   }
   8164 
   8165   if (selector == TPM_ALG_SYMCIPHER) {
   8166     result = Parse_TPM2B_DIGEST(
   8167         buffer,
   8168         &value->sym,
   8169         value_bytes);
   8170     if (result) {
   8171       return result;
   8172     }
   8173   }
   8174 
   8175   if (selector == TPM_ALG_ECC) {
   8176     result = Parse_TPMS_ECC_POINT(
   8177         buffer,
   8178         &value->ecc,
   8179         value_bytes);
   8180     if (result) {
   8181       return result;
   8182     }
   8183   }
   8184   return result;
   8185 }
   8186 
   8187 TPM_RC Serialize_TPMT_PUBLIC(
   8188     const TPMT_PUBLIC& value,
   8189     std::string* buffer) {
   8190   TPM_RC result = TPM_RC_SUCCESS;
   8191   VLOG(3) << __func__;
   8192 
   8193   result = Serialize_TPMI_ALG_PUBLIC(value.type, buffer);
   8194   if (result) {
   8195     return result;
   8196   }
   8197 
   8198   result = Serialize_TPMI_ALG_HASH(value.name_alg, buffer);
   8199   if (result) {
   8200     return result;
   8201   }
   8202 
   8203   result = Serialize_TPMA_OBJECT(value.object_attributes, buffer);
   8204   if (result) {
   8205     return result;
   8206   }
   8207 
   8208   result = Serialize_TPM2B_DIGEST(value.auth_policy, buffer);
   8209   if (result) {
   8210     return result;
   8211   }
   8212 
   8213   result = Serialize_TPMU_PUBLIC_PARMS(
   8214       value.parameters,
   8215       value.type,
   8216       buffer);
   8217   if (result) {
   8218     return result;
   8219   }
   8220 
   8221   result = Serialize_TPMU_PUBLIC_ID(
   8222       value.unique,
   8223       value.type,
   8224       buffer);
   8225   if (result) {
   8226     return result;
   8227   }
   8228   return result;
   8229 }
   8230 
   8231 TPM_RC Parse_TPMT_PUBLIC(
   8232     std::string* buffer,
   8233     TPMT_PUBLIC* value,
   8234     std::string* value_bytes) {
   8235   TPM_RC result = TPM_RC_SUCCESS;
   8236   VLOG(3) << __func__;
   8237 
   8238   result = Parse_TPMI_ALG_PUBLIC(
   8239       buffer,
   8240       &value->type,
   8241       value_bytes);
   8242   if (result) {
   8243     return result;
   8244   }
   8245 
   8246   result = Parse_TPMI_ALG_HASH(
   8247       buffer,
   8248       &value->name_alg,
   8249       value_bytes);
   8250   if (result) {
   8251     return result;
   8252   }
   8253 
   8254   result = Parse_TPMA_OBJECT(
   8255       buffer,
   8256       &value->object_attributes,
   8257       value_bytes);
   8258   if (result) {
   8259     return result;
   8260   }
   8261 
   8262   result = Parse_TPM2B_DIGEST(
   8263       buffer,
   8264       &value->auth_policy,
   8265       value_bytes);
   8266   if (result) {
   8267     return result;
   8268   }
   8269 
   8270   result = Parse_TPMU_PUBLIC_PARMS(
   8271       buffer,
   8272       value->type,
   8273       &value->parameters,
   8274       value_bytes);
   8275   if (result) {
   8276     return result;
   8277   }
   8278 
   8279   result = Parse_TPMU_PUBLIC_ID(
   8280       buffer,
   8281       value->type,
   8282       &value->unique,
   8283       value_bytes);
   8284   if (result) {
   8285     return result;
   8286   }
   8287   return result;
   8288 }
   8289 
   8290 TPM_RC Serialize_TPM2B_PUBLIC(
   8291     const TPM2B_PUBLIC& value,
   8292     std::string* buffer) {
   8293   TPM_RC result = TPM_RC_SUCCESS;
   8294   VLOG(3) << __func__;
   8295 
   8296   std::string field_bytes;
   8297   result = Serialize_TPMT_PUBLIC(value.public_area, &field_bytes);
   8298   if (result) {
   8299     return result;
   8300   }
   8301   std::string size_bytes;
   8302   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   8303   if (result) {
   8304     return result;
   8305   }
   8306   buffer->append(size_bytes + field_bytes);
   8307   return result;
   8308 }
   8309 
   8310 TPM_RC Parse_TPM2B_PUBLIC(
   8311     std::string* buffer,
   8312     TPM2B_PUBLIC* value,
   8313     std::string* value_bytes) {
   8314   TPM_RC result = TPM_RC_SUCCESS;
   8315   VLOG(3) << __func__;
   8316 
   8317   result = Parse_UINT16(
   8318       buffer,
   8319       &value->size,
   8320       value_bytes);
   8321   if (result) {
   8322     return result;
   8323   }
   8324 
   8325   result = Parse_TPMT_PUBLIC(
   8326       buffer,
   8327       &value->public_area,
   8328       value_bytes);
   8329   if (result) {
   8330     return result;
   8331   }
   8332   return result;
   8333 }
   8334 
   8335 TPM2B_PUBLIC Make_TPM2B_PUBLIC(
   8336     const TPMT_PUBLIC& inner) {
   8337   TPM2B_PUBLIC tpm2b;
   8338   tpm2b.size = sizeof(TPMT_PUBLIC);
   8339   tpm2b.public_area = inner;
   8340   return tpm2b;
   8341 }
   8342 
   8343 TPM_RC Serialize_TPM2B_PRIVATE_VENDOR_SPECIFIC(
   8344     const TPM2B_PRIVATE_VENDOR_SPECIFIC& value,
   8345     std::string* buffer) {
   8346   TPM_RC result = TPM_RC_SUCCESS;
   8347   VLOG(3) << __func__;
   8348 
   8349   result = Serialize_UINT16(value.size, buffer);
   8350   if (result) {
   8351     return result;
   8352   }
   8353 
   8354   if (arraysize(value.buffer) < value.size) {
   8355     return TPM_RC_INSUFFICIENT;
   8356   }
   8357   for (uint32_t i = 0; i < value.size; ++i) {
   8358     result = Serialize_BYTE(value.buffer[i], buffer);
   8359     if (result) {
   8360       return result;
   8361     }
   8362   }
   8363   return result;
   8364 }
   8365 
   8366 TPM_RC Parse_TPM2B_PRIVATE_VENDOR_SPECIFIC(
   8367     std::string* buffer,
   8368     TPM2B_PRIVATE_VENDOR_SPECIFIC* value,
   8369     std::string* value_bytes) {
   8370   TPM_RC result = TPM_RC_SUCCESS;
   8371   VLOG(3) << __func__;
   8372 
   8373   result = Parse_UINT16(
   8374       buffer,
   8375       &value->size,
   8376       value_bytes);
   8377   if (result) {
   8378     return result;
   8379   }
   8380 
   8381   if (arraysize(value->buffer) < value->size) {
   8382     return TPM_RC_INSUFFICIENT;
   8383   }
   8384   for (uint32_t i = 0; i < value->size; ++i) {
   8385     result = Parse_BYTE(
   8386         buffer,
   8387         &value->buffer[i],
   8388         value_bytes);
   8389     if (result) {
   8390       return result;
   8391     }
   8392   }
   8393   return result;
   8394 }
   8395 
   8396 TPM2B_PRIVATE_VENDOR_SPECIFIC Make_TPM2B_PRIVATE_VENDOR_SPECIFIC(
   8397     const std::string& bytes) {
   8398   TPM2B_PRIVATE_VENDOR_SPECIFIC tpm2b;
   8399   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   8400   memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE_VENDOR_SPECIFIC));
   8401   tpm2b.size = bytes.size();
   8402   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   8403   return tpm2b;
   8404 }
   8405 
   8406 std::string StringFrom_TPM2B_PRIVATE_VENDOR_SPECIFIC(
   8407     const TPM2B_PRIVATE_VENDOR_SPECIFIC& tpm2b) {
   8408   const char* char_buffer = reinterpret_cast<const char*>(
   8409       tpm2b.buffer);
   8410   return std::string(char_buffer, tpm2b.size);
   8411 }
   8412 
   8413 TPM_RC Serialize_TPMU_SENSITIVE_COMPOSITE(
   8414     const TPMU_SENSITIVE_COMPOSITE& value,
   8415     TPMI_ALG_PUBLIC selector,
   8416     std::string* buffer) {
   8417   TPM_RC result = TPM_RC_SUCCESS;
   8418   VLOG(3) << __func__;
   8419 
   8420   if (selector == TPM_ALG_KEYEDHASH) {
   8421     result = Serialize_TPM2B_SENSITIVE_DATA(value.bits, buffer);
   8422     if (result) {
   8423       return result;
   8424     }
   8425   }
   8426 
   8427   if (selector == TPM_ALG_RSA) {
   8428     result = Serialize_TPM2B_PRIVATE_KEY_RSA(value.rsa, buffer);
   8429     if (result) {
   8430       return result;
   8431     }
   8432   }
   8433 
   8434   if (selector == TPM_ALG_SYMCIPHER) {
   8435     result = Serialize_TPM2B_SYM_KEY(value.sym, buffer);
   8436     if (result) {
   8437       return result;
   8438     }
   8439   }
   8440 
   8441   if (selector == TPM_ALG_ECC) {
   8442     result = Serialize_TPM2B_ECC_PARAMETER(value.ecc, buffer);
   8443     if (result) {
   8444       return result;
   8445     }
   8446   }
   8447   return result;
   8448 }
   8449 
   8450 TPM_RC Parse_TPMU_SENSITIVE_COMPOSITE(
   8451     std::string* buffer,
   8452     TPMI_ALG_PUBLIC selector,
   8453     TPMU_SENSITIVE_COMPOSITE* value,
   8454     std::string* value_bytes) {
   8455   TPM_RC result = TPM_RC_SUCCESS;
   8456   VLOG(3) << __func__;
   8457 
   8458   if (selector == TPM_ALG_KEYEDHASH) {
   8459     result = Parse_TPM2B_SENSITIVE_DATA(
   8460         buffer,
   8461         &value->bits,
   8462         value_bytes);
   8463     if (result) {
   8464       return result;
   8465     }
   8466   }
   8467 
   8468   if (selector == TPM_ALG_RSA) {
   8469     result = Parse_TPM2B_PRIVATE_KEY_RSA(
   8470         buffer,
   8471         &value->rsa,
   8472         value_bytes);
   8473     if (result) {
   8474       return result;
   8475     }
   8476   }
   8477 
   8478   if (selector == TPM_ALG_SYMCIPHER) {
   8479     result = Parse_TPM2B_SYM_KEY(
   8480         buffer,
   8481         &value->sym,
   8482         value_bytes);
   8483     if (result) {
   8484       return result;
   8485     }
   8486   }
   8487 
   8488   if (selector == TPM_ALG_ECC) {
   8489     result = Parse_TPM2B_ECC_PARAMETER(
   8490         buffer,
   8491         &value->ecc,
   8492         value_bytes);
   8493     if (result) {
   8494       return result;
   8495     }
   8496   }
   8497   return result;
   8498 }
   8499 
   8500 TPM_RC Serialize_TPMT_SENSITIVE(
   8501     const TPMT_SENSITIVE& value,
   8502     std::string* buffer) {
   8503   TPM_RC result = TPM_RC_SUCCESS;
   8504   VLOG(3) << __func__;
   8505 
   8506   result = Serialize_TPMI_ALG_PUBLIC(value.sensitive_type, buffer);
   8507   if (result) {
   8508     return result;
   8509   }
   8510 
   8511   result = Serialize_TPM2B_AUTH(value.auth_value, buffer);
   8512   if (result) {
   8513     return result;
   8514   }
   8515 
   8516   result = Serialize_TPM2B_DIGEST(value.seed_value, buffer);
   8517   if (result) {
   8518     return result;
   8519   }
   8520 
   8521   result = Serialize_TPMU_SENSITIVE_COMPOSITE(
   8522       value.sensitive,
   8523       value.sensitive_type,
   8524       buffer);
   8525   if (result) {
   8526     return result;
   8527   }
   8528   return result;
   8529 }
   8530 
   8531 TPM_RC Parse_TPMT_SENSITIVE(
   8532     std::string* buffer,
   8533     TPMT_SENSITIVE* value,
   8534     std::string* value_bytes) {
   8535   TPM_RC result = TPM_RC_SUCCESS;
   8536   VLOG(3) << __func__;
   8537 
   8538   result = Parse_TPMI_ALG_PUBLIC(
   8539       buffer,
   8540       &value->sensitive_type,
   8541       value_bytes);
   8542   if (result) {
   8543     return result;
   8544   }
   8545 
   8546   result = Parse_TPM2B_AUTH(
   8547       buffer,
   8548       &value->auth_value,
   8549       value_bytes);
   8550   if (result) {
   8551     return result;
   8552   }
   8553 
   8554   result = Parse_TPM2B_DIGEST(
   8555       buffer,
   8556       &value->seed_value,
   8557       value_bytes);
   8558   if (result) {
   8559     return result;
   8560   }
   8561 
   8562   result = Parse_TPMU_SENSITIVE_COMPOSITE(
   8563       buffer,
   8564       value->sensitive_type,
   8565       &value->sensitive,
   8566       value_bytes);
   8567   if (result) {
   8568     return result;
   8569   }
   8570   return result;
   8571 }
   8572 
   8573 TPM_RC Serialize_TPM2B_SENSITIVE(
   8574     const TPM2B_SENSITIVE& value,
   8575     std::string* buffer) {
   8576   TPM_RC result = TPM_RC_SUCCESS;
   8577   VLOG(3) << __func__;
   8578 
   8579   std::string field_bytes;
   8580   result = Serialize_TPMT_SENSITIVE(value.sensitive_area, &field_bytes);
   8581   if (result) {
   8582     return result;
   8583   }
   8584   std::string size_bytes;
   8585   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   8586   if (result) {
   8587     return result;
   8588   }
   8589   buffer->append(size_bytes + field_bytes);
   8590   return result;
   8591 }
   8592 
   8593 TPM_RC Parse_TPM2B_SENSITIVE(
   8594     std::string* buffer,
   8595     TPM2B_SENSITIVE* value,
   8596     std::string* value_bytes) {
   8597   TPM_RC result = TPM_RC_SUCCESS;
   8598   VLOG(3) << __func__;
   8599 
   8600   result = Parse_UINT16(
   8601       buffer,
   8602       &value->size,
   8603       value_bytes);
   8604   if (result) {
   8605     return result;
   8606   }
   8607 
   8608   result = Parse_TPMT_SENSITIVE(
   8609       buffer,
   8610       &value->sensitive_area,
   8611       value_bytes);
   8612   if (result) {
   8613     return result;
   8614   }
   8615   return result;
   8616 }
   8617 
   8618 TPM2B_SENSITIVE Make_TPM2B_SENSITIVE(
   8619     const TPMT_SENSITIVE& inner) {
   8620   TPM2B_SENSITIVE tpm2b;
   8621   tpm2b.size = sizeof(TPMT_SENSITIVE);
   8622   tpm2b.sensitive_area = inner;
   8623   return tpm2b;
   8624 }
   8625 
   8626 TPM_RC Serialize__PRIVATE(
   8627     const _PRIVATE& value,
   8628     std::string* buffer) {
   8629   TPM_RC result = TPM_RC_SUCCESS;
   8630   VLOG(3) << __func__;
   8631 
   8632   result = Serialize_TPM2B_DIGEST(value.integrity_outer, buffer);
   8633   if (result) {
   8634     return result;
   8635   }
   8636 
   8637   result = Serialize_TPM2B_DIGEST(value.integrity_inner, buffer);
   8638   if (result) {
   8639     return result;
   8640   }
   8641 
   8642   result = Serialize_TPMT_SENSITIVE(value.sensitive, buffer);
   8643   if (result) {
   8644     return result;
   8645   }
   8646   return result;
   8647 }
   8648 
   8649 TPM_RC Parse__PRIVATE(
   8650     std::string* buffer,
   8651     _PRIVATE* value,
   8652     std::string* value_bytes) {
   8653   TPM_RC result = TPM_RC_SUCCESS;
   8654   VLOG(3) << __func__;
   8655 
   8656   result = Parse_TPM2B_DIGEST(
   8657       buffer,
   8658       &value->integrity_outer,
   8659       value_bytes);
   8660   if (result) {
   8661     return result;
   8662   }
   8663 
   8664   result = Parse_TPM2B_DIGEST(
   8665       buffer,
   8666       &value->integrity_inner,
   8667       value_bytes);
   8668   if (result) {
   8669     return result;
   8670   }
   8671 
   8672   result = Parse_TPMT_SENSITIVE(
   8673       buffer,
   8674       &value->sensitive,
   8675       value_bytes);
   8676   if (result) {
   8677     return result;
   8678   }
   8679   return result;
   8680 }
   8681 
   8682 TPM_RC Serialize_TPM2B_PRIVATE(
   8683     const TPM2B_PRIVATE& value,
   8684     std::string* buffer) {
   8685   TPM_RC result = TPM_RC_SUCCESS;
   8686   VLOG(3) << __func__;
   8687 
   8688   result = Serialize_UINT16(value.size, buffer);
   8689   if (result) {
   8690     return result;
   8691   }
   8692 
   8693   if (arraysize(value.buffer) < value.size) {
   8694     return TPM_RC_INSUFFICIENT;
   8695   }
   8696   for (uint32_t i = 0; i < value.size; ++i) {
   8697     result = Serialize_BYTE(value.buffer[i], buffer);
   8698     if (result) {
   8699       return result;
   8700     }
   8701   }
   8702   return result;
   8703 }
   8704 
   8705 TPM_RC Parse_TPM2B_PRIVATE(
   8706     std::string* buffer,
   8707     TPM2B_PRIVATE* value,
   8708     std::string* value_bytes) {
   8709   TPM_RC result = TPM_RC_SUCCESS;
   8710   VLOG(3) << __func__;
   8711 
   8712   result = Parse_UINT16(
   8713       buffer,
   8714       &value->size,
   8715       value_bytes);
   8716   if (result) {
   8717     return result;
   8718   }
   8719 
   8720   if (arraysize(value->buffer) < value->size) {
   8721     return TPM_RC_INSUFFICIENT;
   8722   }
   8723   for (uint32_t i = 0; i < value->size; ++i) {
   8724     result = Parse_BYTE(
   8725         buffer,
   8726         &value->buffer[i],
   8727         value_bytes);
   8728     if (result) {
   8729       return result;
   8730     }
   8731   }
   8732   return result;
   8733 }
   8734 
   8735 TPM2B_PRIVATE Make_TPM2B_PRIVATE(
   8736     const std::string& bytes) {
   8737   TPM2B_PRIVATE tpm2b;
   8738   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   8739   memset(&tpm2b, 0, sizeof(TPM2B_PRIVATE));
   8740   tpm2b.size = bytes.size();
   8741   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   8742   return tpm2b;
   8743 }
   8744 
   8745 std::string StringFrom_TPM2B_PRIVATE(
   8746     const TPM2B_PRIVATE& tpm2b) {
   8747   const char* char_buffer = reinterpret_cast<const char*>(
   8748       tpm2b.buffer);
   8749   return std::string(char_buffer, tpm2b.size);
   8750 }
   8751 
   8752 TPM_RC Serialize__ID_OBJECT(
   8753     const _ID_OBJECT& value,
   8754     std::string* buffer) {
   8755   TPM_RC result = TPM_RC_SUCCESS;
   8756   VLOG(3) << __func__;
   8757 
   8758   result = Serialize_TPM2B_DIGEST(value.integrity_hmac, buffer);
   8759   if (result) {
   8760     return result;
   8761   }
   8762 
   8763   result = Serialize_TPM2B_DIGEST(value.enc_identity, buffer);
   8764   if (result) {
   8765     return result;
   8766   }
   8767   return result;
   8768 }
   8769 
   8770 TPM_RC Parse__ID_OBJECT(
   8771     std::string* buffer,
   8772     _ID_OBJECT* value,
   8773     std::string* value_bytes) {
   8774   TPM_RC result = TPM_RC_SUCCESS;
   8775   VLOG(3) << __func__;
   8776 
   8777   result = Parse_TPM2B_DIGEST(
   8778       buffer,
   8779       &value->integrity_hmac,
   8780       value_bytes);
   8781   if (result) {
   8782     return result;
   8783   }
   8784 
   8785   result = Parse_TPM2B_DIGEST(
   8786       buffer,
   8787       &value->enc_identity,
   8788       value_bytes);
   8789   if (result) {
   8790     return result;
   8791   }
   8792   return result;
   8793 }
   8794 
   8795 TPM_RC Serialize_TPM2B_ID_OBJECT(
   8796     const TPM2B_ID_OBJECT& value,
   8797     std::string* buffer) {
   8798   TPM_RC result = TPM_RC_SUCCESS;
   8799   VLOG(3) << __func__;
   8800 
   8801   result = Serialize_UINT16(value.size, buffer);
   8802   if (result) {
   8803     return result;
   8804   }
   8805 
   8806   if (arraysize(value.credential) < value.size) {
   8807     return TPM_RC_INSUFFICIENT;
   8808   }
   8809   for (uint32_t i = 0; i < value.size; ++i) {
   8810     result = Serialize_BYTE(value.credential[i], buffer);
   8811     if (result) {
   8812       return result;
   8813     }
   8814   }
   8815   return result;
   8816 }
   8817 
   8818 TPM_RC Parse_TPM2B_ID_OBJECT(
   8819     std::string* buffer,
   8820     TPM2B_ID_OBJECT* value,
   8821     std::string* value_bytes) {
   8822   TPM_RC result = TPM_RC_SUCCESS;
   8823   VLOG(3) << __func__;
   8824 
   8825   result = Parse_UINT16(
   8826       buffer,
   8827       &value->size,
   8828       value_bytes);
   8829   if (result) {
   8830     return result;
   8831   }
   8832 
   8833   if (arraysize(value->credential) < value->size) {
   8834     return TPM_RC_INSUFFICIENT;
   8835   }
   8836   for (uint32_t i = 0; i < value->size; ++i) {
   8837     result = Parse_BYTE(
   8838         buffer,
   8839         &value->credential[i],
   8840         value_bytes);
   8841     if (result) {
   8842       return result;
   8843     }
   8844   }
   8845   return result;
   8846 }
   8847 
   8848 TPM2B_ID_OBJECT Make_TPM2B_ID_OBJECT(
   8849     const std::string& bytes) {
   8850   TPM2B_ID_OBJECT tpm2b;
   8851   CHECK(bytes.size() <= sizeof(tpm2b.credential));
   8852   memset(&tpm2b, 0, sizeof(TPM2B_ID_OBJECT));
   8853   tpm2b.size = bytes.size();
   8854   memcpy(tpm2b.credential, bytes.data(), bytes.size());
   8855   return tpm2b;
   8856 }
   8857 
   8858 std::string StringFrom_TPM2B_ID_OBJECT(
   8859     const TPM2B_ID_OBJECT& tpm2b) {
   8860   const char* char_buffer = reinterpret_cast<const char*>(
   8861       tpm2b.credential);
   8862   return std::string(char_buffer, tpm2b.size);
   8863 }
   8864 
   8865 TPM_RC Serialize_TPMS_NV_PUBLIC(
   8866     const TPMS_NV_PUBLIC& value,
   8867     std::string* buffer) {
   8868   TPM_RC result = TPM_RC_SUCCESS;
   8869   VLOG(3) << __func__;
   8870 
   8871   result = Serialize_TPMI_RH_NV_INDEX(value.nv_index, buffer);
   8872   if (result) {
   8873     return result;
   8874   }
   8875 
   8876   result = Serialize_TPMI_ALG_HASH(value.name_alg, buffer);
   8877   if (result) {
   8878     return result;
   8879   }
   8880 
   8881   result = Serialize_TPMA_NV(value.attributes, buffer);
   8882   if (result) {
   8883     return result;
   8884   }
   8885 
   8886   result = Serialize_TPM2B_DIGEST(value.auth_policy, buffer);
   8887   if (result) {
   8888     return result;
   8889   }
   8890 
   8891   result = Serialize_UINT16(value.data_size, buffer);
   8892   if (result) {
   8893     return result;
   8894   }
   8895   return result;
   8896 }
   8897 
   8898 TPM_RC Parse_TPMS_NV_PUBLIC(
   8899     std::string* buffer,
   8900     TPMS_NV_PUBLIC* value,
   8901     std::string* value_bytes) {
   8902   TPM_RC result = TPM_RC_SUCCESS;
   8903   VLOG(3) << __func__;
   8904 
   8905   result = Parse_TPMI_RH_NV_INDEX(
   8906       buffer,
   8907       &value->nv_index,
   8908       value_bytes);
   8909   if (result) {
   8910     return result;
   8911   }
   8912 
   8913   result = Parse_TPMI_ALG_HASH(
   8914       buffer,
   8915       &value->name_alg,
   8916       value_bytes);
   8917   if (result) {
   8918     return result;
   8919   }
   8920 
   8921   result = Parse_TPMA_NV(
   8922       buffer,
   8923       &value->attributes,
   8924       value_bytes);
   8925   if (result) {
   8926     return result;
   8927   }
   8928 
   8929   result = Parse_TPM2B_DIGEST(
   8930       buffer,
   8931       &value->auth_policy,
   8932       value_bytes);
   8933   if (result) {
   8934     return result;
   8935   }
   8936 
   8937   result = Parse_UINT16(
   8938       buffer,
   8939       &value->data_size,
   8940       value_bytes);
   8941   if (result) {
   8942     return result;
   8943   }
   8944   return result;
   8945 }
   8946 
   8947 TPM_RC Serialize_TPM2B_NV_PUBLIC(
   8948     const TPM2B_NV_PUBLIC& value,
   8949     std::string* buffer) {
   8950   TPM_RC result = TPM_RC_SUCCESS;
   8951   VLOG(3) << __func__;
   8952 
   8953   std::string field_bytes;
   8954   result = Serialize_TPMS_NV_PUBLIC(value.nv_public, &field_bytes);
   8955   if (result) {
   8956     return result;
   8957   }
   8958   std::string size_bytes;
   8959   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   8960   if (result) {
   8961     return result;
   8962   }
   8963   buffer->append(size_bytes + field_bytes);
   8964   return result;
   8965 }
   8966 
   8967 TPM_RC Parse_TPM2B_NV_PUBLIC(
   8968     std::string* buffer,
   8969     TPM2B_NV_PUBLIC* value,
   8970     std::string* value_bytes) {
   8971   TPM_RC result = TPM_RC_SUCCESS;
   8972   VLOG(3) << __func__;
   8973 
   8974   result = Parse_UINT16(
   8975       buffer,
   8976       &value->size,
   8977       value_bytes);
   8978   if (result) {
   8979     return result;
   8980   }
   8981 
   8982   result = Parse_TPMS_NV_PUBLIC(
   8983       buffer,
   8984       &value->nv_public,
   8985       value_bytes);
   8986   if (result) {
   8987     return result;
   8988   }
   8989   return result;
   8990 }
   8991 
   8992 TPM2B_NV_PUBLIC Make_TPM2B_NV_PUBLIC(
   8993     const TPMS_NV_PUBLIC& inner) {
   8994   TPM2B_NV_PUBLIC tpm2b;
   8995   tpm2b.size = sizeof(TPMS_NV_PUBLIC);
   8996   tpm2b.nv_public = inner;
   8997   return tpm2b;
   8998 }
   8999 
   9000 TPM_RC Serialize_TPM2B_CONTEXT_SENSITIVE(
   9001     const TPM2B_CONTEXT_SENSITIVE& value,
   9002     std::string* buffer) {
   9003   TPM_RC result = TPM_RC_SUCCESS;
   9004   VLOG(3) << __func__;
   9005 
   9006   result = Serialize_UINT16(value.size, buffer);
   9007   if (result) {
   9008     return result;
   9009   }
   9010 
   9011   if (arraysize(value.buffer) < value.size) {
   9012     return TPM_RC_INSUFFICIENT;
   9013   }
   9014   for (uint32_t i = 0; i < value.size; ++i) {
   9015     result = Serialize_BYTE(value.buffer[i], buffer);
   9016     if (result) {
   9017       return result;
   9018     }
   9019   }
   9020   return result;
   9021 }
   9022 
   9023 TPM_RC Parse_TPM2B_CONTEXT_SENSITIVE(
   9024     std::string* buffer,
   9025     TPM2B_CONTEXT_SENSITIVE* value,
   9026     std::string* value_bytes) {
   9027   TPM_RC result = TPM_RC_SUCCESS;
   9028   VLOG(3) << __func__;
   9029 
   9030   result = Parse_UINT16(
   9031       buffer,
   9032       &value->size,
   9033       value_bytes);
   9034   if (result) {
   9035     return result;
   9036   }
   9037 
   9038   if (arraysize(value->buffer) < value->size) {
   9039     return TPM_RC_INSUFFICIENT;
   9040   }
   9041   for (uint32_t i = 0; i < value->size; ++i) {
   9042     result = Parse_BYTE(
   9043         buffer,
   9044         &value->buffer[i],
   9045         value_bytes);
   9046     if (result) {
   9047       return result;
   9048     }
   9049   }
   9050   return result;
   9051 }
   9052 
   9053 TPM2B_CONTEXT_SENSITIVE Make_TPM2B_CONTEXT_SENSITIVE(
   9054     const std::string& bytes) {
   9055   TPM2B_CONTEXT_SENSITIVE tpm2b;
   9056   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   9057   memset(&tpm2b, 0, sizeof(TPM2B_CONTEXT_SENSITIVE));
   9058   tpm2b.size = bytes.size();
   9059   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   9060   return tpm2b;
   9061 }
   9062 
   9063 std::string StringFrom_TPM2B_CONTEXT_SENSITIVE(
   9064     const TPM2B_CONTEXT_SENSITIVE& tpm2b) {
   9065   const char* char_buffer = reinterpret_cast<const char*>(
   9066       tpm2b.buffer);
   9067   return std::string(char_buffer, tpm2b.size);
   9068 }
   9069 
   9070 TPM_RC Serialize_TPMS_CONTEXT_DATA(
   9071     const TPMS_CONTEXT_DATA& value,
   9072     std::string* buffer) {
   9073   TPM_RC result = TPM_RC_SUCCESS;
   9074   VLOG(3) << __func__;
   9075 
   9076   result = Serialize_TPM2B_DIGEST(value.integrity, buffer);
   9077   if (result) {
   9078     return result;
   9079   }
   9080 
   9081   result = Serialize_TPM2B_CONTEXT_SENSITIVE(value.encrypted, buffer);
   9082   if (result) {
   9083     return result;
   9084   }
   9085   return result;
   9086 }
   9087 
   9088 TPM_RC Parse_TPMS_CONTEXT_DATA(
   9089     std::string* buffer,
   9090     TPMS_CONTEXT_DATA* value,
   9091     std::string* value_bytes) {
   9092   TPM_RC result = TPM_RC_SUCCESS;
   9093   VLOG(3) << __func__;
   9094 
   9095   result = Parse_TPM2B_DIGEST(
   9096       buffer,
   9097       &value->integrity,
   9098       value_bytes);
   9099   if (result) {
   9100     return result;
   9101   }
   9102 
   9103   result = Parse_TPM2B_CONTEXT_SENSITIVE(
   9104       buffer,
   9105       &value->encrypted,
   9106       value_bytes);
   9107   if (result) {
   9108     return result;
   9109   }
   9110   return result;
   9111 }
   9112 
   9113 TPM_RC Serialize_TPM2B_CONTEXT_DATA(
   9114     const TPM2B_CONTEXT_DATA& value,
   9115     std::string* buffer) {
   9116   TPM_RC result = TPM_RC_SUCCESS;
   9117   VLOG(3) << __func__;
   9118 
   9119   result = Serialize_UINT16(value.size, buffer);
   9120   if (result) {
   9121     return result;
   9122   }
   9123 
   9124   if (arraysize(value.buffer) < value.size) {
   9125     return TPM_RC_INSUFFICIENT;
   9126   }
   9127   for (uint32_t i = 0; i < value.size; ++i) {
   9128     result = Serialize_BYTE(value.buffer[i], buffer);
   9129     if (result) {
   9130       return result;
   9131     }
   9132   }
   9133   return result;
   9134 }
   9135 
   9136 TPM_RC Parse_TPM2B_CONTEXT_DATA(
   9137     std::string* buffer,
   9138     TPM2B_CONTEXT_DATA* value,
   9139     std::string* value_bytes) {
   9140   TPM_RC result = TPM_RC_SUCCESS;
   9141   VLOG(3) << __func__;
   9142 
   9143   result = Parse_UINT16(
   9144       buffer,
   9145       &value->size,
   9146       value_bytes);
   9147   if (result) {
   9148     return result;
   9149   }
   9150 
   9151   if (arraysize(value->buffer) < value->size) {
   9152     return TPM_RC_INSUFFICIENT;
   9153   }
   9154   for (uint32_t i = 0; i < value->size; ++i) {
   9155     result = Parse_BYTE(
   9156         buffer,
   9157         &value->buffer[i],
   9158         value_bytes);
   9159     if (result) {
   9160       return result;
   9161     }
   9162   }
   9163   return result;
   9164 }
   9165 
   9166 TPM2B_CONTEXT_DATA Make_TPM2B_CONTEXT_DATA(
   9167     const std::string& bytes) {
   9168   TPM2B_CONTEXT_DATA tpm2b;
   9169   CHECK(bytes.size() <= sizeof(tpm2b.buffer));
   9170   memset(&tpm2b, 0, sizeof(TPM2B_CONTEXT_DATA));
   9171   tpm2b.size = bytes.size();
   9172   memcpy(tpm2b.buffer, bytes.data(), bytes.size());
   9173   return tpm2b;
   9174 }
   9175 
   9176 std::string StringFrom_TPM2B_CONTEXT_DATA(
   9177     const TPM2B_CONTEXT_DATA& tpm2b) {
   9178   const char* char_buffer = reinterpret_cast<const char*>(
   9179       tpm2b.buffer);
   9180   return std::string(char_buffer, tpm2b.size);
   9181 }
   9182 
   9183 TPM_RC Serialize_TPMS_CONTEXT(
   9184     const TPMS_CONTEXT& value,
   9185     std::string* buffer) {
   9186   TPM_RC result = TPM_RC_SUCCESS;
   9187   VLOG(3) << __func__;
   9188 
   9189   result = Serialize_UINT64(value.sequence, buffer);
   9190   if (result) {
   9191     return result;
   9192   }
   9193 
   9194   result = Serialize_TPMI_DH_CONTEXT(value.saved_handle, buffer);
   9195   if (result) {
   9196     return result;
   9197   }
   9198 
   9199   result = Serialize_TPMI_RH_HIERARCHY(value.hierarchy, buffer);
   9200   if (result) {
   9201     return result;
   9202   }
   9203 
   9204   result = Serialize_TPM2B_CONTEXT_DATA(value.context_blob, buffer);
   9205   if (result) {
   9206     return result;
   9207   }
   9208   return result;
   9209 }
   9210 
   9211 TPM_RC Parse_TPMS_CONTEXT(
   9212     std::string* buffer,
   9213     TPMS_CONTEXT* value,
   9214     std::string* value_bytes) {
   9215   TPM_RC result = TPM_RC_SUCCESS;
   9216   VLOG(3) << __func__;
   9217 
   9218   result = Parse_UINT64(
   9219       buffer,
   9220       &value->sequence,
   9221       value_bytes);
   9222   if (result) {
   9223     return result;
   9224   }
   9225 
   9226   result = Parse_TPMI_DH_CONTEXT(
   9227       buffer,
   9228       &value->saved_handle,
   9229       value_bytes);
   9230   if (result) {
   9231     return result;
   9232   }
   9233 
   9234   result = Parse_TPMI_RH_HIERARCHY(
   9235       buffer,
   9236       &value->hierarchy,
   9237       value_bytes);
   9238   if (result) {
   9239     return result;
   9240   }
   9241 
   9242   result = Parse_TPM2B_CONTEXT_DATA(
   9243       buffer,
   9244       &value->context_blob,
   9245       value_bytes);
   9246   if (result) {
   9247     return result;
   9248   }
   9249   return result;
   9250 }
   9251 
   9252 TPM_RC Serialize_TPMS_CREATION_DATA(
   9253     const TPMS_CREATION_DATA& value,
   9254     std::string* buffer) {
   9255   TPM_RC result = TPM_RC_SUCCESS;
   9256   VLOG(3) << __func__;
   9257 
   9258   result = Serialize_TPML_PCR_SELECTION(value.pcr_select, buffer);
   9259   if (result) {
   9260     return result;
   9261   }
   9262 
   9263   result = Serialize_TPM2B_DIGEST(value.pcr_digest, buffer);
   9264   if (result) {
   9265     return result;
   9266   }
   9267 
   9268   result = Serialize_TPMA_LOCALITY(value.locality, buffer);
   9269   if (result) {
   9270     return result;
   9271   }
   9272 
   9273   result = Serialize_TPM_ALG_ID(value.parent_name_alg, buffer);
   9274   if (result) {
   9275     return result;
   9276   }
   9277 
   9278   result = Serialize_TPM2B_NAME(value.parent_name, buffer);
   9279   if (result) {
   9280     return result;
   9281   }
   9282 
   9283   result = Serialize_TPM2B_NAME(value.parent_qualified_name, buffer);
   9284   if (result) {
   9285     return result;
   9286   }
   9287 
   9288   result = Serialize_TPM2B_DATA(value.outside_info, buffer);
   9289   if (result) {
   9290     return result;
   9291   }
   9292   return result;
   9293 }
   9294 
   9295 TPM_RC Parse_TPMS_CREATION_DATA(
   9296     std::string* buffer,
   9297     TPMS_CREATION_DATA* value,
   9298     std::string* value_bytes) {
   9299   TPM_RC result = TPM_RC_SUCCESS;
   9300   VLOG(3) << __func__;
   9301 
   9302   result = Parse_TPML_PCR_SELECTION(
   9303       buffer,
   9304       &value->pcr_select,
   9305       value_bytes);
   9306   if (result) {
   9307     return result;
   9308   }
   9309 
   9310   result = Parse_TPM2B_DIGEST(
   9311       buffer,
   9312       &value->pcr_digest,
   9313       value_bytes);
   9314   if (result) {
   9315     return result;
   9316   }
   9317 
   9318   result = Parse_TPMA_LOCALITY(
   9319       buffer,
   9320       &value->locality,
   9321       value_bytes);
   9322   if (result) {
   9323     return result;
   9324   }
   9325 
   9326   result = Parse_TPM_ALG_ID(
   9327       buffer,
   9328       &value->parent_name_alg,
   9329       value_bytes);
   9330   if (result) {
   9331     return result;
   9332   }
   9333 
   9334   result = Parse_TPM2B_NAME(
   9335       buffer,
   9336       &value->parent_name,
   9337       value_bytes);
   9338   if (result) {
   9339     return result;
   9340   }
   9341 
   9342   result = Parse_TPM2B_NAME(
   9343       buffer,
   9344       &value->parent_qualified_name,
   9345       value_bytes);
   9346   if (result) {
   9347     return result;
   9348   }
   9349 
   9350   result = Parse_TPM2B_DATA(
   9351       buffer,
   9352       &value->outside_info,
   9353       value_bytes);
   9354   if (result) {
   9355     return result;
   9356   }
   9357   return result;
   9358 }
   9359 
   9360 TPM_RC Serialize_TPM2B_CREATION_DATA(
   9361     const TPM2B_CREATION_DATA& value,
   9362     std::string* buffer) {
   9363   TPM_RC result = TPM_RC_SUCCESS;
   9364   VLOG(3) << __func__;
   9365 
   9366   std::string field_bytes;
   9367   result = Serialize_TPMS_CREATION_DATA(value.creation_data, &field_bytes);
   9368   if (result) {
   9369     return result;
   9370   }
   9371   std::string size_bytes;
   9372   result = Serialize_UINT16(field_bytes.size(), &size_bytes);
   9373   if (result) {
   9374     return result;
   9375   }
   9376   buffer->append(size_bytes + field_bytes);
   9377   return result;
   9378 }
   9379 
   9380 TPM_RC Parse_TPM2B_CREATION_DATA(
   9381     std::string* buffer,
   9382     TPM2B_CREATION_DATA* value,
   9383     std::string* value_bytes) {
   9384   TPM_RC result = TPM_RC_SUCCESS;
   9385   VLOG(3) << __func__;
   9386 
   9387   result = Parse_UINT16(
   9388       buffer,
   9389       &value->size,
   9390       value_bytes);
   9391   if (result) {
   9392     return result;
   9393   }
   9394 
   9395   result = Parse_TPMS_CREATION_DATA(
   9396       buffer,
   9397       &value->creation_data,
   9398       value_bytes);
   9399   if (result) {
   9400     return result;
   9401   }
   9402   return result;
   9403 }
   9404 
   9405 TPM2B_CREATION_DATA Make_TPM2B_CREATION_DATA(
   9406     const TPMS_CREATION_DATA& inner) {
   9407   TPM2B_CREATION_DATA tpm2b;
   9408   tpm2b.size = sizeof(TPMS_CREATION_DATA);
   9409   tpm2b.creation_data = inner;
   9410   return tpm2b;
   9411 }
   9412 
   9413 TPM_RC Tpm::SerializeCommand_Startup(
   9414       const TPM_SU& startup_type,
   9415       std::string* serialized_command,
   9416       AuthorizationDelegate* authorization_delegate) {
   9417   VLOG(3) << __func__;
   9418   TPM_RC rc = TPM_RC_SUCCESS;
   9419   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   9420   UINT32 command_size = 10;  // Header size.
   9421   std::string handle_section_bytes;
   9422   std::string parameter_section_bytes;
   9423   TPM_CC command_code = TPM_CC_Startup;
   9424   bool is_command_parameter_encryption_possible = false;
   9425   bool is_response_parameter_encryption_possible = false;
   9426   std::string command_code_bytes;
   9427   rc = Serialize_TPM_CC(
   9428       command_code,
   9429       &command_code_bytes);
   9430   if (rc != TPM_RC_SUCCESS) {
   9431     return rc;
   9432   }
   9433   std::string startup_type_bytes;
   9434   rc = Serialize_TPM_SU(
   9435       startup_type,
   9436       &startup_type_bytes);
   9437   if (rc != TPM_RC_SUCCESS) {
   9438     return rc;
   9439   }
   9440   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   9441       crypto::SecureHash::SHA256));
   9442   hash->Update(command_code_bytes.data(),
   9443                command_code_bytes.size());
   9444   hash->Update(startup_type_bytes.data(),
   9445                startup_type_bytes.size());
   9446   parameter_section_bytes += startup_type_bytes;
   9447   command_size += startup_type_bytes.size();
   9448   std::string command_hash(32, 0);
   9449   hash->Finish(string_as_array(&command_hash), command_hash.size());
   9450   std::string authorization_section_bytes;
   9451   std::string authorization_size_bytes;
   9452   if (authorization_delegate) {
   9453     if (!authorization_delegate->GetCommandAuthorization(
   9454         command_hash,
   9455         is_command_parameter_encryption_possible,
   9456         is_response_parameter_encryption_possible,
   9457         &authorization_section_bytes)) {
   9458       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9459     }
   9460     if (!authorization_section_bytes.empty()) {
   9461       tag = TPM_ST_SESSIONS;
   9462       std::string tmp;
   9463       rc = Serialize_UINT32(authorization_section_bytes.size(),
   9464                             &authorization_size_bytes);
   9465       if (rc != TPM_RC_SUCCESS) {
   9466         return rc;
   9467       }
   9468       command_size += authorization_size_bytes.size() +
   9469                       authorization_section_bytes.size();
   9470     }
   9471   }
   9472   std::string tag_bytes;
   9473   rc = Serialize_TPMI_ST_COMMAND_TAG(
   9474       tag,
   9475       &tag_bytes);
   9476   if (rc != TPM_RC_SUCCESS) {
   9477     return rc;
   9478   }
   9479   std::string command_size_bytes;
   9480   rc = Serialize_UINT32(
   9481       command_size,
   9482       &command_size_bytes);
   9483   if (rc != TPM_RC_SUCCESS) {
   9484     return rc;
   9485   }
   9486   *serialized_command = tag_bytes +
   9487                         command_size_bytes +
   9488                         command_code_bytes +
   9489                         handle_section_bytes +
   9490                         authorization_size_bytes +
   9491                         authorization_section_bytes +
   9492                         parameter_section_bytes;
   9493   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   9494   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   9495                                             serialized_command->size());
   9496   return TPM_RC_SUCCESS;
   9497 }
   9498 
   9499 TPM_RC Tpm::ParseResponse_Startup(
   9500       const std::string& response,
   9501       AuthorizationDelegate* authorization_delegate) {
   9502   VLOG(3) << __func__;
   9503   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   9504   TPM_RC rc = TPM_RC_SUCCESS;
   9505   std::string buffer(response);
   9506   TPM_ST tag;
   9507   std::string tag_bytes;
   9508   rc = Parse_TPM_ST(
   9509       &buffer,
   9510       &tag,
   9511       &tag_bytes);
   9512   if (rc != TPM_RC_SUCCESS) {
   9513     return rc;
   9514   }
   9515   UINT32 response_size;
   9516   std::string response_size_bytes;
   9517   rc = Parse_UINT32(
   9518       &buffer,
   9519       &response_size,
   9520       &response_size_bytes);
   9521   if (rc != TPM_RC_SUCCESS) {
   9522     return rc;
   9523   }
   9524   TPM_RC response_code;
   9525   std::string response_code_bytes;
   9526   rc = Parse_TPM_RC(
   9527       &buffer,
   9528       &response_code,
   9529       &response_code_bytes);
   9530   if (rc != TPM_RC_SUCCESS) {
   9531     return rc;
   9532   }
   9533   if (response_size != response.size()) {
   9534     return TPM_RC_SIZE;
   9535   }
   9536   if (response_code != TPM_RC_SUCCESS) {
   9537     return response_code;
   9538   }
   9539   TPM_CC command_code = TPM_CC_Startup;
   9540   std::string command_code_bytes;
   9541   rc = Serialize_TPM_CC(
   9542       command_code,
   9543       &command_code_bytes);
   9544   if (rc != TPM_RC_SUCCESS) {
   9545     return rc;
   9546   }
   9547   std::string authorization_section_bytes;
   9548   if (tag == TPM_ST_SESSIONS) {
   9549     UINT32 parameter_section_size = buffer.size();
   9550     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   9551     if (rc != TPM_RC_SUCCESS) {
   9552       return rc;
   9553     }
   9554     if (parameter_section_size > buffer.size()) {
   9555       return TPM_RC_INSUFFICIENT;
   9556     }
   9557     authorization_section_bytes = buffer.substr(parameter_section_size);
   9558     // Keep the parameter section in |buffer|.
   9559     buffer.erase(parameter_section_size);
   9560   }
   9561   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   9562       crypto::SecureHash::SHA256));
   9563   hash->Update(response_code_bytes.data(),
   9564                response_code_bytes.size());
   9565   hash->Update(command_code_bytes.data(),
   9566                command_code_bytes.size());
   9567   hash->Update(buffer.data(),
   9568                buffer.size());
   9569   std::string response_hash(32, 0);
   9570   hash->Finish(string_as_array(&response_hash), response_hash.size());
   9571   if (tag == TPM_ST_SESSIONS) {
   9572     CHECK(authorization_delegate) << "Authorization delegate missing!";
   9573     if (!authorization_delegate->CheckResponseAuthorization(
   9574         response_hash,
   9575         authorization_section_bytes)) {
   9576       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9577     }
   9578   }
   9579   return TPM_RC_SUCCESS;
   9580 }
   9581 
   9582 void StartupErrorCallback(
   9583     const Tpm::StartupResponse& callback,
   9584     TPM_RC response_code) {
   9585   VLOG(1) << __func__;
   9586   callback.Run(response_code);
   9587 }
   9588 
   9589 void StartupResponseParser(
   9590     const Tpm::StartupResponse& callback,
   9591     AuthorizationDelegate* authorization_delegate,
   9592     const std::string& response) {
   9593   VLOG(1) << __func__;
   9594   base::Callback<void(TPM_RC)> error_reporter =
   9595       base::Bind(StartupErrorCallback, callback);
   9596   TPM_RC rc = Tpm::ParseResponse_Startup(
   9597       response,
   9598       authorization_delegate);
   9599   if (rc != TPM_RC_SUCCESS) {
   9600     error_reporter.Run(rc);
   9601     return;
   9602   }
   9603   callback.Run(
   9604       rc);
   9605 }
   9606 
   9607 void Tpm::Startup(
   9608       const TPM_SU& startup_type,
   9609       AuthorizationDelegate* authorization_delegate,
   9610       const StartupResponse& callback) {
   9611   VLOG(1) << __func__;
   9612   base::Callback<void(TPM_RC)> error_reporter =
   9613       base::Bind(StartupErrorCallback, callback);
   9614   base::Callback<void(const std::string&)> parser =
   9615       base::Bind(StartupResponseParser,
   9616                  callback,
   9617                  authorization_delegate);
   9618   std::string command;
   9619   TPM_RC rc = SerializeCommand_Startup(
   9620       startup_type,
   9621       &command,
   9622       authorization_delegate);
   9623   if (rc != TPM_RC_SUCCESS) {
   9624     error_reporter.Run(rc);
   9625     return;
   9626   }
   9627   transceiver_->SendCommand(command, parser);
   9628 }
   9629 
   9630 TPM_RC Tpm::StartupSync(
   9631       const TPM_SU& startup_type,
   9632       AuthorizationDelegate* authorization_delegate) {
   9633   VLOG(1) << __func__;
   9634   std::string command;
   9635   TPM_RC rc = SerializeCommand_Startup(
   9636       startup_type,
   9637       &command,
   9638       authorization_delegate);
   9639   if (rc != TPM_RC_SUCCESS) {
   9640     return rc;
   9641   }
   9642   std::string response = transceiver_->SendCommandAndWait(command);
   9643   rc = ParseResponse_Startup(
   9644       response,
   9645       authorization_delegate);
   9646   return rc;
   9647 }
   9648 
   9649 TPM_RC Tpm::SerializeCommand_Shutdown(
   9650       const TPM_SU& shutdown_type,
   9651       std::string* serialized_command,
   9652       AuthorizationDelegate* authorization_delegate) {
   9653   VLOG(3) << __func__;
   9654   TPM_RC rc = TPM_RC_SUCCESS;
   9655   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   9656   UINT32 command_size = 10;  // Header size.
   9657   std::string handle_section_bytes;
   9658   std::string parameter_section_bytes;
   9659   TPM_CC command_code = TPM_CC_Shutdown;
   9660   bool is_command_parameter_encryption_possible = false;
   9661   bool is_response_parameter_encryption_possible = false;
   9662   std::string command_code_bytes;
   9663   rc = Serialize_TPM_CC(
   9664       command_code,
   9665       &command_code_bytes);
   9666   if (rc != TPM_RC_SUCCESS) {
   9667     return rc;
   9668   }
   9669   std::string shutdown_type_bytes;
   9670   rc = Serialize_TPM_SU(
   9671       shutdown_type,
   9672       &shutdown_type_bytes);
   9673   if (rc != TPM_RC_SUCCESS) {
   9674     return rc;
   9675   }
   9676   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   9677       crypto::SecureHash::SHA256));
   9678   hash->Update(command_code_bytes.data(),
   9679                command_code_bytes.size());
   9680   hash->Update(shutdown_type_bytes.data(),
   9681                shutdown_type_bytes.size());
   9682   parameter_section_bytes += shutdown_type_bytes;
   9683   command_size += shutdown_type_bytes.size();
   9684   std::string command_hash(32, 0);
   9685   hash->Finish(string_as_array(&command_hash), command_hash.size());
   9686   std::string authorization_section_bytes;
   9687   std::string authorization_size_bytes;
   9688   if (authorization_delegate) {
   9689     if (!authorization_delegate->GetCommandAuthorization(
   9690         command_hash,
   9691         is_command_parameter_encryption_possible,
   9692         is_response_parameter_encryption_possible,
   9693         &authorization_section_bytes)) {
   9694       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9695     }
   9696     if (!authorization_section_bytes.empty()) {
   9697       tag = TPM_ST_SESSIONS;
   9698       std::string tmp;
   9699       rc = Serialize_UINT32(authorization_section_bytes.size(),
   9700                             &authorization_size_bytes);
   9701       if (rc != TPM_RC_SUCCESS) {
   9702         return rc;
   9703       }
   9704       command_size += authorization_size_bytes.size() +
   9705                       authorization_section_bytes.size();
   9706     }
   9707   }
   9708   std::string tag_bytes;
   9709   rc = Serialize_TPMI_ST_COMMAND_TAG(
   9710       tag,
   9711       &tag_bytes);
   9712   if (rc != TPM_RC_SUCCESS) {
   9713     return rc;
   9714   }
   9715   std::string command_size_bytes;
   9716   rc = Serialize_UINT32(
   9717       command_size,
   9718       &command_size_bytes);
   9719   if (rc != TPM_RC_SUCCESS) {
   9720     return rc;
   9721   }
   9722   *serialized_command = tag_bytes +
   9723                         command_size_bytes +
   9724                         command_code_bytes +
   9725                         handle_section_bytes +
   9726                         authorization_size_bytes +
   9727                         authorization_section_bytes +
   9728                         parameter_section_bytes;
   9729   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   9730   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   9731                                             serialized_command->size());
   9732   return TPM_RC_SUCCESS;
   9733 }
   9734 
   9735 TPM_RC Tpm::ParseResponse_Shutdown(
   9736       const std::string& response,
   9737       AuthorizationDelegate* authorization_delegate) {
   9738   VLOG(3) << __func__;
   9739   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   9740   TPM_RC rc = TPM_RC_SUCCESS;
   9741   std::string buffer(response);
   9742   TPM_ST tag;
   9743   std::string tag_bytes;
   9744   rc = Parse_TPM_ST(
   9745       &buffer,
   9746       &tag,
   9747       &tag_bytes);
   9748   if (rc != TPM_RC_SUCCESS) {
   9749     return rc;
   9750   }
   9751   UINT32 response_size;
   9752   std::string response_size_bytes;
   9753   rc = Parse_UINT32(
   9754       &buffer,
   9755       &response_size,
   9756       &response_size_bytes);
   9757   if (rc != TPM_RC_SUCCESS) {
   9758     return rc;
   9759   }
   9760   TPM_RC response_code;
   9761   std::string response_code_bytes;
   9762   rc = Parse_TPM_RC(
   9763       &buffer,
   9764       &response_code,
   9765       &response_code_bytes);
   9766   if (rc != TPM_RC_SUCCESS) {
   9767     return rc;
   9768   }
   9769   if (response_size != response.size()) {
   9770     return TPM_RC_SIZE;
   9771   }
   9772   if (response_code != TPM_RC_SUCCESS) {
   9773     return response_code;
   9774   }
   9775   TPM_CC command_code = TPM_CC_Shutdown;
   9776   std::string command_code_bytes;
   9777   rc = Serialize_TPM_CC(
   9778       command_code,
   9779       &command_code_bytes);
   9780   if (rc != TPM_RC_SUCCESS) {
   9781     return rc;
   9782   }
   9783   std::string authorization_section_bytes;
   9784   if (tag == TPM_ST_SESSIONS) {
   9785     UINT32 parameter_section_size = buffer.size();
   9786     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   9787     if (rc != TPM_RC_SUCCESS) {
   9788       return rc;
   9789     }
   9790     if (parameter_section_size > buffer.size()) {
   9791       return TPM_RC_INSUFFICIENT;
   9792     }
   9793     authorization_section_bytes = buffer.substr(parameter_section_size);
   9794     // Keep the parameter section in |buffer|.
   9795     buffer.erase(parameter_section_size);
   9796   }
   9797   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   9798       crypto::SecureHash::SHA256));
   9799   hash->Update(response_code_bytes.data(),
   9800                response_code_bytes.size());
   9801   hash->Update(command_code_bytes.data(),
   9802                command_code_bytes.size());
   9803   hash->Update(buffer.data(),
   9804                buffer.size());
   9805   std::string response_hash(32, 0);
   9806   hash->Finish(string_as_array(&response_hash), response_hash.size());
   9807   if (tag == TPM_ST_SESSIONS) {
   9808     CHECK(authorization_delegate) << "Authorization delegate missing!";
   9809     if (!authorization_delegate->CheckResponseAuthorization(
   9810         response_hash,
   9811         authorization_section_bytes)) {
   9812       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9813     }
   9814   }
   9815   return TPM_RC_SUCCESS;
   9816 }
   9817 
   9818 void ShutdownErrorCallback(
   9819     const Tpm::ShutdownResponse& callback,
   9820     TPM_RC response_code) {
   9821   VLOG(1) << __func__;
   9822   callback.Run(response_code);
   9823 }
   9824 
   9825 void ShutdownResponseParser(
   9826     const Tpm::ShutdownResponse& callback,
   9827     AuthorizationDelegate* authorization_delegate,
   9828     const std::string& response) {
   9829   VLOG(1) << __func__;
   9830   base::Callback<void(TPM_RC)> error_reporter =
   9831       base::Bind(ShutdownErrorCallback, callback);
   9832   TPM_RC rc = Tpm::ParseResponse_Shutdown(
   9833       response,
   9834       authorization_delegate);
   9835   if (rc != TPM_RC_SUCCESS) {
   9836     error_reporter.Run(rc);
   9837     return;
   9838   }
   9839   callback.Run(
   9840       rc);
   9841 }
   9842 
   9843 void Tpm::Shutdown(
   9844       const TPM_SU& shutdown_type,
   9845       AuthorizationDelegate* authorization_delegate,
   9846       const ShutdownResponse& callback) {
   9847   VLOG(1) << __func__;
   9848   base::Callback<void(TPM_RC)> error_reporter =
   9849       base::Bind(ShutdownErrorCallback, callback);
   9850   base::Callback<void(const std::string&)> parser =
   9851       base::Bind(ShutdownResponseParser,
   9852                  callback,
   9853                  authorization_delegate);
   9854   std::string command;
   9855   TPM_RC rc = SerializeCommand_Shutdown(
   9856       shutdown_type,
   9857       &command,
   9858       authorization_delegate);
   9859   if (rc != TPM_RC_SUCCESS) {
   9860     error_reporter.Run(rc);
   9861     return;
   9862   }
   9863   transceiver_->SendCommand(command, parser);
   9864 }
   9865 
   9866 TPM_RC Tpm::ShutdownSync(
   9867       const TPM_SU& shutdown_type,
   9868       AuthorizationDelegate* authorization_delegate) {
   9869   VLOG(1) << __func__;
   9870   std::string command;
   9871   TPM_RC rc = SerializeCommand_Shutdown(
   9872       shutdown_type,
   9873       &command,
   9874       authorization_delegate);
   9875   if (rc != TPM_RC_SUCCESS) {
   9876     return rc;
   9877   }
   9878   std::string response = transceiver_->SendCommandAndWait(command);
   9879   rc = ParseResponse_Shutdown(
   9880       response,
   9881       authorization_delegate);
   9882   return rc;
   9883 }
   9884 
   9885 TPM_RC Tpm::SerializeCommand_SelfTest(
   9886       const TPMI_YES_NO& full_test,
   9887       std::string* serialized_command,
   9888       AuthorizationDelegate* authorization_delegate) {
   9889   VLOG(3) << __func__;
   9890   TPM_RC rc = TPM_RC_SUCCESS;
   9891   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   9892   UINT32 command_size = 10;  // Header size.
   9893   std::string handle_section_bytes;
   9894   std::string parameter_section_bytes;
   9895   TPM_CC command_code = TPM_CC_SelfTest;
   9896   bool is_command_parameter_encryption_possible = false;
   9897   bool is_response_parameter_encryption_possible = false;
   9898   std::string command_code_bytes;
   9899   rc = Serialize_TPM_CC(
   9900       command_code,
   9901       &command_code_bytes);
   9902   if (rc != TPM_RC_SUCCESS) {
   9903     return rc;
   9904   }
   9905   std::string full_test_bytes;
   9906   rc = Serialize_TPMI_YES_NO(
   9907       full_test,
   9908       &full_test_bytes);
   9909   if (rc != TPM_RC_SUCCESS) {
   9910     return rc;
   9911   }
   9912   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   9913       crypto::SecureHash::SHA256));
   9914   hash->Update(command_code_bytes.data(),
   9915                command_code_bytes.size());
   9916   hash->Update(full_test_bytes.data(),
   9917                full_test_bytes.size());
   9918   parameter_section_bytes += full_test_bytes;
   9919   command_size += full_test_bytes.size();
   9920   std::string command_hash(32, 0);
   9921   hash->Finish(string_as_array(&command_hash), command_hash.size());
   9922   std::string authorization_section_bytes;
   9923   std::string authorization_size_bytes;
   9924   if (authorization_delegate) {
   9925     if (!authorization_delegate->GetCommandAuthorization(
   9926         command_hash,
   9927         is_command_parameter_encryption_possible,
   9928         is_response_parameter_encryption_possible,
   9929         &authorization_section_bytes)) {
   9930       return TRUNKS_RC_AUTHORIZATION_FAILED;
   9931     }
   9932     if (!authorization_section_bytes.empty()) {
   9933       tag = TPM_ST_SESSIONS;
   9934       std::string tmp;
   9935       rc = Serialize_UINT32(authorization_section_bytes.size(),
   9936                             &authorization_size_bytes);
   9937       if (rc != TPM_RC_SUCCESS) {
   9938         return rc;
   9939       }
   9940       command_size += authorization_size_bytes.size() +
   9941                       authorization_section_bytes.size();
   9942     }
   9943   }
   9944   std::string tag_bytes;
   9945   rc = Serialize_TPMI_ST_COMMAND_TAG(
   9946       tag,
   9947       &tag_bytes);
   9948   if (rc != TPM_RC_SUCCESS) {
   9949     return rc;
   9950   }
   9951   std::string command_size_bytes;
   9952   rc = Serialize_UINT32(
   9953       command_size,
   9954       &command_size_bytes);
   9955   if (rc != TPM_RC_SUCCESS) {
   9956     return rc;
   9957   }
   9958   *serialized_command = tag_bytes +
   9959                         command_size_bytes +
   9960                         command_code_bytes +
   9961                         handle_section_bytes +
   9962                         authorization_size_bytes +
   9963                         authorization_section_bytes +
   9964                         parameter_section_bytes;
   9965   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   9966   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   9967                                             serialized_command->size());
   9968   return TPM_RC_SUCCESS;
   9969 }
   9970 
   9971 TPM_RC Tpm::ParseResponse_SelfTest(
   9972       const std::string& response,
   9973       AuthorizationDelegate* authorization_delegate) {
   9974   VLOG(3) << __func__;
   9975   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   9976   TPM_RC rc = TPM_RC_SUCCESS;
   9977   std::string buffer(response);
   9978   TPM_ST tag;
   9979   std::string tag_bytes;
   9980   rc = Parse_TPM_ST(
   9981       &buffer,
   9982       &tag,
   9983       &tag_bytes);
   9984   if (rc != TPM_RC_SUCCESS) {
   9985     return rc;
   9986   }
   9987   UINT32 response_size;
   9988   std::string response_size_bytes;
   9989   rc = Parse_UINT32(
   9990       &buffer,
   9991       &response_size,
   9992       &response_size_bytes);
   9993   if (rc != TPM_RC_SUCCESS) {
   9994     return rc;
   9995   }
   9996   TPM_RC response_code;
   9997   std::string response_code_bytes;
   9998   rc = Parse_TPM_RC(
   9999       &buffer,
   10000       &response_code,
   10001       &response_code_bytes);
   10002   if (rc != TPM_RC_SUCCESS) {
   10003     return rc;
   10004   }
   10005   if (response_size != response.size()) {
   10006     return TPM_RC_SIZE;
   10007   }
   10008   if (response_code != TPM_RC_SUCCESS) {
   10009     return response_code;
   10010   }
   10011   TPM_CC command_code = TPM_CC_SelfTest;
   10012   std::string command_code_bytes;
   10013   rc = Serialize_TPM_CC(
   10014       command_code,
   10015       &command_code_bytes);
   10016   if (rc != TPM_RC_SUCCESS) {
   10017     return rc;
   10018   }
   10019   std::string authorization_section_bytes;
   10020   if (tag == TPM_ST_SESSIONS) {
   10021     UINT32 parameter_section_size = buffer.size();
   10022     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   10023     if (rc != TPM_RC_SUCCESS) {
   10024       return rc;
   10025     }
   10026     if (parameter_section_size > buffer.size()) {
   10027       return TPM_RC_INSUFFICIENT;
   10028     }
   10029     authorization_section_bytes = buffer.substr(parameter_section_size);
   10030     // Keep the parameter section in |buffer|.
   10031     buffer.erase(parameter_section_size);
   10032   }
   10033   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   10034       crypto::SecureHash::SHA256));
   10035   hash->Update(response_code_bytes.data(),
   10036                response_code_bytes.size());
   10037   hash->Update(command_code_bytes.data(),
   10038                command_code_bytes.size());
   10039   hash->Update(buffer.data(),
   10040                buffer.size());
   10041   std::string response_hash(32, 0);
   10042   hash->Finish(string_as_array(&response_hash), response_hash.size());
   10043   if (tag == TPM_ST_SESSIONS) {
   10044     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10045     if (!authorization_delegate->CheckResponseAuthorization(
   10046         response_hash,
   10047         authorization_section_bytes)) {
   10048       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10049     }
   10050   }
   10051   return TPM_RC_SUCCESS;
   10052 }
   10053 
   10054 void SelfTestErrorCallback(
   10055     const Tpm::SelfTestResponse& callback,
   10056     TPM_RC response_code) {
   10057   VLOG(1) << __func__;
   10058   callback.Run(response_code);
   10059 }
   10060 
   10061 void SelfTestResponseParser(
   10062     const Tpm::SelfTestResponse& callback,
   10063     AuthorizationDelegate* authorization_delegate,
   10064     const std::string& response) {
   10065   VLOG(1) << __func__;
   10066   base::Callback<void(TPM_RC)> error_reporter =
   10067       base::Bind(SelfTestErrorCallback, callback);
   10068   TPM_RC rc = Tpm::ParseResponse_SelfTest(
   10069       response,
   10070       authorization_delegate);
   10071   if (rc != TPM_RC_SUCCESS) {
   10072     error_reporter.Run(rc);
   10073     return;
   10074   }
   10075   callback.Run(
   10076       rc);
   10077 }
   10078 
   10079 void Tpm::SelfTest(
   10080       const TPMI_YES_NO& full_test,
   10081       AuthorizationDelegate* authorization_delegate,
   10082       const SelfTestResponse& callback) {
   10083   VLOG(1) << __func__;
   10084   base::Callback<void(TPM_RC)> error_reporter =
   10085       base::Bind(SelfTestErrorCallback, callback);
   10086   base::Callback<void(const std::string&)> parser =
   10087       base::Bind(SelfTestResponseParser,
   10088                  callback,
   10089                  authorization_delegate);
   10090   std::string command;
   10091   TPM_RC rc = SerializeCommand_SelfTest(
   10092       full_test,
   10093       &command,
   10094       authorization_delegate);
   10095   if (rc != TPM_RC_SUCCESS) {
   10096     error_reporter.Run(rc);
   10097     return;
   10098   }
   10099   transceiver_->SendCommand(command, parser);
   10100 }
   10101 
   10102 TPM_RC Tpm::SelfTestSync(
   10103       const TPMI_YES_NO& full_test,
   10104       AuthorizationDelegate* authorization_delegate) {
   10105   VLOG(1) << __func__;
   10106   std::string command;
   10107   TPM_RC rc = SerializeCommand_SelfTest(
   10108       full_test,
   10109       &command,
   10110       authorization_delegate);
   10111   if (rc != TPM_RC_SUCCESS) {
   10112     return rc;
   10113   }
   10114   std::string response = transceiver_->SendCommandAndWait(command);
   10115   rc = ParseResponse_SelfTest(
   10116       response,
   10117       authorization_delegate);
   10118   return rc;
   10119 }
   10120 
   10121 TPM_RC Tpm::SerializeCommand_IncrementalSelfTest(
   10122       const TPML_ALG& to_test,
   10123       std::string* serialized_command,
   10124       AuthorizationDelegate* authorization_delegate) {
   10125   VLOG(3) << __func__;
   10126   TPM_RC rc = TPM_RC_SUCCESS;
   10127   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   10128   UINT32 command_size = 10;  // Header size.
   10129   std::string handle_section_bytes;
   10130   std::string parameter_section_bytes;
   10131   TPM_CC command_code = TPM_CC_IncrementalSelfTest;
   10132   bool is_command_parameter_encryption_possible = false;
   10133   bool is_response_parameter_encryption_possible = false;
   10134   std::string command_code_bytes;
   10135   rc = Serialize_TPM_CC(
   10136       command_code,
   10137       &command_code_bytes);
   10138   if (rc != TPM_RC_SUCCESS) {
   10139     return rc;
   10140   }
   10141   std::string to_test_bytes;
   10142   rc = Serialize_TPML_ALG(
   10143       to_test,
   10144       &to_test_bytes);
   10145   if (rc != TPM_RC_SUCCESS) {
   10146     return rc;
   10147   }
   10148   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   10149       crypto::SecureHash::SHA256));
   10150   hash->Update(command_code_bytes.data(),
   10151                command_code_bytes.size());
   10152   hash->Update(to_test_bytes.data(),
   10153                to_test_bytes.size());
   10154   parameter_section_bytes += to_test_bytes;
   10155   command_size += to_test_bytes.size();
   10156   std::string command_hash(32, 0);
   10157   hash->Finish(string_as_array(&command_hash), command_hash.size());
   10158   std::string authorization_section_bytes;
   10159   std::string authorization_size_bytes;
   10160   if (authorization_delegate) {
   10161     if (!authorization_delegate->GetCommandAuthorization(
   10162         command_hash,
   10163         is_command_parameter_encryption_possible,
   10164         is_response_parameter_encryption_possible,
   10165         &authorization_section_bytes)) {
   10166       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10167     }
   10168     if (!authorization_section_bytes.empty()) {
   10169       tag = TPM_ST_SESSIONS;
   10170       std::string tmp;
   10171       rc = Serialize_UINT32(authorization_section_bytes.size(),
   10172                             &authorization_size_bytes);
   10173       if (rc != TPM_RC_SUCCESS) {
   10174         return rc;
   10175       }
   10176       command_size += authorization_size_bytes.size() +
   10177                       authorization_section_bytes.size();
   10178     }
   10179   }
   10180   std::string tag_bytes;
   10181   rc = Serialize_TPMI_ST_COMMAND_TAG(
   10182       tag,
   10183       &tag_bytes);
   10184   if (rc != TPM_RC_SUCCESS) {
   10185     return rc;
   10186   }
   10187   std::string command_size_bytes;
   10188   rc = Serialize_UINT32(
   10189       command_size,
   10190       &command_size_bytes);
   10191   if (rc != TPM_RC_SUCCESS) {
   10192     return rc;
   10193   }
   10194   *serialized_command = tag_bytes +
   10195                         command_size_bytes +
   10196                         command_code_bytes +
   10197                         handle_section_bytes +
   10198                         authorization_size_bytes +
   10199                         authorization_section_bytes +
   10200                         parameter_section_bytes;
   10201   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   10202   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   10203                                             serialized_command->size());
   10204   return TPM_RC_SUCCESS;
   10205 }
   10206 
   10207 TPM_RC Tpm::ParseResponse_IncrementalSelfTest(
   10208       const std::string& response,
   10209       TPML_ALG* to_do_list,
   10210       AuthorizationDelegate* authorization_delegate) {
   10211   VLOG(3) << __func__;
   10212   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   10213   TPM_RC rc = TPM_RC_SUCCESS;
   10214   std::string buffer(response);
   10215   TPM_ST tag;
   10216   std::string tag_bytes;
   10217   rc = Parse_TPM_ST(
   10218       &buffer,
   10219       &tag,
   10220       &tag_bytes);
   10221   if (rc != TPM_RC_SUCCESS) {
   10222     return rc;
   10223   }
   10224   UINT32 response_size;
   10225   std::string response_size_bytes;
   10226   rc = Parse_UINT32(
   10227       &buffer,
   10228       &response_size,
   10229       &response_size_bytes);
   10230   if (rc != TPM_RC_SUCCESS) {
   10231     return rc;
   10232   }
   10233   TPM_RC response_code;
   10234   std::string response_code_bytes;
   10235   rc = Parse_TPM_RC(
   10236       &buffer,
   10237       &response_code,
   10238       &response_code_bytes);
   10239   if (rc != TPM_RC_SUCCESS) {
   10240     return rc;
   10241   }
   10242   if (response_size != response.size()) {
   10243     return TPM_RC_SIZE;
   10244   }
   10245   if (response_code != TPM_RC_SUCCESS) {
   10246     return response_code;
   10247   }
   10248   TPM_CC command_code = TPM_CC_IncrementalSelfTest;
   10249   std::string command_code_bytes;
   10250   rc = Serialize_TPM_CC(
   10251       command_code,
   10252       &command_code_bytes);
   10253   if (rc != TPM_RC_SUCCESS) {
   10254     return rc;
   10255   }
   10256   std::string authorization_section_bytes;
   10257   if (tag == TPM_ST_SESSIONS) {
   10258     UINT32 parameter_section_size = buffer.size();
   10259     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   10260     if (rc != TPM_RC_SUCCESS) {
   10261       return rc;
   10262     }
   10263     if (parameter_section_size > buffer.size()) {
   10264       return TPM_RC_INSUFFICIENT;
   10265     }
   10266     authorization_section_bytes = buffer.substr(parameter_section_size);
   10267     // Keep the parameter section in |buffer|.
   10268     buffer.erase(parameter_section_size);
   10269   }
   10270   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   10271       crypto::SecureHash::SHA256));
   10272   hash->Update(response_code_bytes.data(),
   10273                response_code_bytes.size());
   10274   hash->Update(command_code_bytes.data(),
   10275                command_code_bytes.size());
   10276   hash->Update(buffer.data(),
   10277                buffer.size());
   10278   std::string response_hash(32, 0);
   10279   hash->Finish(string_as_array(&response_hash), response_hash.size());
   10280   if (tag == TPM_ST_SESSIONS) {
   10281     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10282     if (!authorization_delegate->CheckResponseAuthorization(
   10283         response_hash,
   10284         authorization_section_bytes)) {
   10285       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10286     }
   10287   }
   10288   std::string to_do_list_bytes;
   10289   rc = Parse_TPML_ALG(
   10290       &buffer,
   10291       to_do_list,
   10292       &to_do_list_bytes);
   10293   if (rc != TPM_RC_SUCCESS) {
   10294     return rc;
   10295   }
   10296   return TPM_RC_SUCCESS;
   10297 }
   10298 
   10299 void IncrementalSelfTestErrorCallback(
   10300     const Tpm::IncrementalSelfTestResponse& callback,
   10301     TPM_RC response_code) {
   10302   VLOG(1) << __func__;
   10303   callback.Run(response_code,
   10304                TPML_ALG());
   10305 }
   10306 
   10307 void IncrementalSelfTestResponseParser(
   10308     const Tpm::IncrementalSelfTestResponse& callback,
   10309     AuthorizationDelegate* authorization_delegate,
   10310     const std::string& response) {
   10311   VLOG(1) << __func__;
   10312   base::Callback<void(TPM_RC)> error_reporter =
   10313       base::Bind(IncrementalSelfTestErrorCallback, callback);
   10314   TPML_ALG to_do_list;
   10315   TPM_RC rc = Tpm::ParseResponse_IncrementalSelfTest(
   10316       response,
   10317       &to_do_list,
   10318       authorization_delegate);
   10319   if (rc != TPM_RC_SUCCESS) {
   10320     error_reporter.Run(rc);
   10321     return;
   10322   }
   10323   callback.Run(
   10324       rc,
   10325       to_do_list);
   10326 }
   10327 
   10328 void Tpm::IncrementalSelfTest(
   10329       const TPML_ALG& to_test,
   10330       AuthorizationDelegate* authorization_delegate,
   10331       const IncrementalSelfTestResponse& callback) {
   10332   VLOG(1) << __func__;
   10333   base::Callback<void(TPM_RC)> error_reporter =
   10334       base::Bind(IncrementalSelfTestErrorCallback, callback);
   10335   base::Callback<void(const std::string&)> parser =
   10336       base::Bind(IncrementalSelfTestResponseParser,
   10337                  callback,
   10338                  authorization_delegate);
   10339   std::string command;
   10340   TPM_RC rc = SerializeCommand_IncrementalSelfTest(
   10341       to_test,
   10342       &command,
   10343       authorization_delegate);
   10344   if (rc != TPM_RC_SUCCESS) {
   10345     error_reporter.Run(rc);
   10346     return;
   10347   }
   10348   transceiver_->SendCommand(command, parser);
   10349 }
   10350 
   10351 TPM_RC Tpm::IncrementalSelfTestSync(
   10352       const TPML_ALG& to_test,
   10353       TPML_ALG* to_do_list,
   10354       AuthorizationDelegate* authorization_delegate) {
   10355   VLOG(1) << __func__;
   10356   std::string command;
   10357   TPM_RC rc = SerializeCommand_IncrementalSelfTest(
   10358       to_test,
   10359       &command,
   10360       authorization_delegate);
   10361   if (rc != TPM_RC_SUCCESS) {
   10362     return rc;
   10363   }
   10364   std::string response = transceiver_->SendCommandAndWait(command);
   10365   rc = ParseResponse_IncrementalSelfTest(
   10366       response,
   10367       to_do_list,
   10368       authorization_delegate);
   10369   return rc;
   10370 }
   10371 
   10372 TPM_RC Tpm::SerializeCommand_GetTestResult(
   10373       std::string* serialized_command,
   10374       AuthorizationDelegate* authorization_delegate) {
   10375   VLOG(3) << __func__;
   10376   TPM_RC rc = TPM_RC_SUCCESS;
   10377   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   10378   UINT32 command_size = 10;  // Header size.
   10379   std::string handle_section_bytes;
   10380   std::string parameter_section_bytes;
   10381   TPM_CC command_code = TPM_CC_GetTestResult;
   10382   bool is_command_parameter_encryption_possible = false;
   10383   bool is_response_parameter_encryption_possible = true;
   10384   std::string command_code_bytes;
   10385   rc = Serialize_TPM_CC(
   10386       command_code,
   10387       &command_code_bytes);
   10388   if (rc != TPM_RC_SUCCESS) {
   10389     return rc;
   10390   }
   10391   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   10392       crypto::SecureHash::SHA256));
   10393   hash->Update(command_code_bytes.data(),
   10394                command_code_bytes.size());
   10395   std::string command_hash(32, 0);
   10396   hash->Finish(string_as_array(&command_hash), command_hash.size());
   10397   std::string authorization_section_bytes;
   10398   std::string authorization_size_bytes;
   10399   if (authorization_delegate) {
   10400     if (!authorization_delegate->GetCommandAuthorization(
   10401         command_hash,
   10402         is_command_parameter_encryption_possible,
   10403         is_response_parameter_encryption_possible,
   10404         &authorization_section_bytes)) {
   10405       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10406     }
   10407     if (!authorization_section_bytes.empty()) {
   10408       tag = TPM_ST_SESSIONS;
   10409       std::string tmp;
   10410       rc = Serialize_UINT32(authorization_section_bytes.size(),
   10411                             &authorization_size_bytes);
   10412       if (rc != TPM_RC_SUCCESS) {
   10413         return rc;
   10414       }
   10415       command_size += authorization_size_bytes.size() +
   10416                       authorization_section_bytes.size();
   10417     }
   10418   }
   10419   std::string tag_bytes;
   10420   rc = Serialize_TPMI_ST_COMMAND_TAG(
   10421       tag,
   10422       &tag_bytes);
   10423   if (rc != TPM_RC_SUCCESS) {
   10424     return rc;
   10425   }
   10426   std::string command_size_bytes;
   10427   rc = Serialize_UINT32(
   10428       command_size,
   10429       &command_size_bytes);
   10430   if (rc != TPM_RC_SUCCESS) {
   10431     return rc;
   10432   }
   10433   *serialized_command = tag_bytes +
   10434                         command_size_bytes +
   10435                         command_code_bytes +
   10436                         handle_section_bytes +
   10437                         authorization_size_bytes +
   10438                         authorization_section_bytes +
   10439                         parameter_section_bytes;
   10440   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   10441   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   10442                                             serialized_command->size());
   10443   return TPM_RC_SUCCESS;
   10444 }
   10445 
   10446 TPM_RC Tpm::ParseResponse_GetTestResult(
   10447       const std::string& response,
   10448       TPM2B_MAX_BUFFER* out_data,
   10449       TPM_RC* test_result,
   10450       AuthorizationDelegate* authorization_delegate) {
   10451   VLOG(3) << __func__;
   10452   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   10453   TPM_RC rc = TPM_RC_SUCCESS;
   10454   std::string buffer(response);
   10455   TPM_ST tag;
   10456   std::string tag_bytes;
   10457   rc = Parse_TPM_ST(
   10458       &buffer,
   10459       &tag,
   10460       &tag_bytes);
   10461   if (rc != TPM_RC_SUCCESS) {
   10462     return rc;
   10463   }
   10464   UINT32 response_size;
   10465   std::string response_size_bytes;
   10466   rc = Parse_UINT32(
   10467       &buffer,
   10468       &response_size,
   10469       &response_size_bytes);
   10470   if (rc != TPM_RC_SUCCESS) {
   10471     return rc;
   10472   }
   10473   TPM_RC response_code;
   10474   std::string response_code_bytes;
   10475   rc = Parse_TPM_RC(
   10476       &buffer,
   10477       &response_code,
   10478       &response_code_bytes);
   10479   if (rc != TPM_RC_SUCCESS) {
   10480     return rc;
   10481   }
   10482   if (response_size != response.size()) {
   10483     return TPM_RC_SIZE;
   10484   }
   10485   if (response_code != TPM_RC_SUCCESS) {
   10486     return response_code;
   10487   }
   10488   TPM_CC command_code = TPM_CC_GetTestResult;
   10489   std::string command_code_bytes;
   10490   rc = Serialize_TPM_CC(
   10491       command_code,
   10492       &command_code_bytes);
   10493   if (rc != TPM_RC_SUCCESS) {
   10494     return rc;
   10495   }
   10496   std::string authorization_section_bytes;
   10497   if (tag == TPM_ST_SESSIONS) {
   10498     UINT32 parameter_section_size = buffer.size();
   10499     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   10500     if (rc != TPM_RC_SUCCESS) {
   10501       return rc;
   10502     }
   10503     if (parameter_section_size > buffer.size()) {
   10504       return TPM_RC_INSUFFICIENT;
   10505     }
   10506     authorization_section_bytes = buffer.substr(parameter_section_size);
   10507     // Keep the parameter section in |buffer|.
   10508     buffer.erase(parameter_section_size);
   10509   }
   10510   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   10511       crypto::SecureHash::SHA256));
   10512   hash->Update(response_code_bytes.data(),
   10513                response_code_bytes.size());
   10514   hash->Update(command_code_bytes.data(),
   10515                command_code_bytes.size());
   10516   hash->Update(buffer.data(),
   10517                buffer.size());
   10518   std::string response_hash(32, 0);
   10519   hash->Finish(string_as_array(&response_hash), response_hash.size());
   10520   if (tag == TPM_ST_SESSIONS) {
   10521     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10522     if (!authorization_delegate->CheckResponseAuthorization(
   10523         response_hash,
   10524         authorization_section_bytes)) {
   10525       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10526     }
   10527   }
   10528   std::string out_data_bytes;
   10529   rc = Parse_TPM2B_MAX_BUFFER(
   10530       &buffer,
   10531       out_data,
   10532       &out_data_bytes);
   10533   if (rc != TPM_RC_SUCCESS) {
   10534     return rc;
   10535   }
   10536   std::string test_result_bytes;
   10537   rc = Parse_TPM_RC(
   10538       &buffer,
   10539       test_result,
   10540       &test_result_bytes);
   10541   if (rc != TPM_RC_SUCCESS) {
   10542     return rc;
   10543   }
   10544   if (tag == TPM_ST_SESSIONS) {
   10545     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10546     // Decrypt just the parameter data, not the size.
   10547     std::string tmp = out_data_bytes.substr(2);
   10548     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   10549       return TRUNKS_RC_ENCRYPTION_FAILED;
   10550     }
   10551     out_data_bytes.replace(2, std::string::npos, tmp);
   10552     rc = Parse_TPM2B_MAX_BUFFER(
   10553         &out_data_bytes,
   10554         out_data,
   10555         nullptr);
   10556     if (rc != TPM_RC_SUCCESS) {
   10557       return rc;
   10558     }
   10559   }
   10560   return TPM_RC_SUCCESS;
   10561 }
   10562 
   10563 void GetTestResultErrorCallback(
   10564     const Tpm::GetTestResultResponse& callback,
   10565     TPM_RC response_code) {
   10566   VLOG(1) << __func__;
   10567   callback.Run(response_code,
   10568                TPM2B_MAX_BUFFER(),
   10569                TPM_RC());
   10570 }
   10571 
   10572 void GetTestResultResponseParser(
   10573     const Tpm::GetTestResultResponse& callback,
   10574     AuthorizationDelegate* authorization_delegate,
   10575     const std::string& response) {
   10576   VLOG(1) << __func__;
   10577   base::Callback<void(TPM_RC)> error_reporter =
   10578       base::Bind(GetTestResultErrorCallback, callback);
   10579   TPM2B_MAX_BUFFER out_data;
   10580   TPM_RC test_result;
   10581   TPM_RC rc = Tpm::ParseResponse_GetTestResult(
   10582       response,
   10583       &out_data,
   10584       &test_result,
   10585       authorization_delegate);
   10586   if (rc != TPM_RC_SUCCESS) {
   10587     error_reporter.Run(rc);
   10588     return;
   10589   }
   10590   callback.Run(
   10591       rc,
   10592       out_data,
   10593       test_result);
   10594 }
   10595 
   10596 void Tpm::GetTestResult(
   10597       AuthorizationDelegate* authorization_delegate,
   10598       const GetTestResultResponse& callback) {
   10599   VLOG(1) << __func__;
   10600   base::Callback<void(TPM_RC)> error_reporter =
   10601       base::Bind(GetTestResultErrorCallback, callback);
   10602   base::Callback<void(const std::string&)> parser =
   10603       base::Bind(GetTestResultResponseParser,
   10604                  callback,
   10605                  authorization_delegate);
   10606   std::string command;
   10607   TPM_RC rc = SerializeCommand_GetTestResult(
   10608       &command,
   10609       authorization_delegate);
   10610   if (rc != TPM_RC_SUCCESS) {
   10611     error_reporter.Run(rc);
   10612     return;
   10613   }
   10614   transceiver_->SendCommand(command, parser);
   10615 }
   10616 
   10617 TPM_RC Tpm::GetTestResultSync(
   10618       TPM2B_MAX_BUFFER* out_data,
   10619       TPM_RC* test_result,
   10620       AuthorizationDelegate* authorization_delegate) {
   10621   VLOG(1) << __func__;
   10622   std::string command;
   10623   TPM_RC rc = SerializeCommand_GetTestResult(
   10624       &command,
   10625       authorization_delegate);
   10626   if (rc != TPM_RC_SUCCESS) {
   10627     return rc;
   10628   }
   10629   std::string response = transceiver_->SendCommandAndWait(command);
   10630   rc = ParseResponse_GetTestResult(
   10631       response,
   10632       out_data,
   10633       test_result,
   10634       authorization_delegate);
   10635   return rc;
   10636 }
   10637 
   10638 TPM_RC Tpm::SerializeCommand_StartAuthSession(
   10639       const TPMI_DH_OBJECT& tpm_key,
   10640       const std::string& tpm_key_name,
   10641       const TPMI_DH_ENTITY& bind,
   10642       const std::string& bind_name,
   10643       const TPM2B_NONCE& nonce_caller,
   10644       const TPM2B_ENCRYPTED_SECRET& encrypted_salt,
   10645       const TPM_SE& session_type,
   10646       const TPMT_SYM_DEF& symmetric,
   10647       const TPMI_ALG_HASH& auth_hash,
   10648       std::string* serialized_command,
   10649       AuthorizationDelegate* authorization_delegate) {
   10650   VLOG(3) << __func__;
   10651   TPM_RC rc = TPM_RC_SUCCESS;
   10652   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   10653   UINT32 command_size = 10;  // Header size.
   10654   std::string handle_section_bytes;
   10655   std::string parameter_section_bytes;
   10656   TPM_CC command_code = TPM_CC_StartAuthSession;
   10657   bool is_command_parameter_encryption_possible = true;
   10658   bool is_response_parameter_encryption_possible = true;
   10659   std::string command_code_bytes;
   10660   rc = Serialize_TPM_CC(
   10661       command_code,
   10662       &command_code_bytes);
   10663   if (rc != TPM_RC_SUCCESS) {
   10664     return rc;
   10665   }
   10666   std::string tpm_key_bytes;
   10667   rc = Serialize_TPMI_DH_OBJECT(
   10668       tpm_key,
   10669       &tpm_key_bytes);
   10670   if (rc != TPM_RC_SUCCESS) {
   10671     return rc;
   10672   }
   10673   std::string bind_bytes;
   10674   rc = Serialize_TPMI_DH_ENTITY(
   10675       bind,
   10676       &bind_bytes);
   10677   if (rc != TPM_RC_SUCCESS) {
   10678     return rc;
   10679   }
   10680   std::string nonce_caller_bytes;
   10681   rc = Serialize_TPM2B_NONCE(
   10682       nonce_caller,
   10683       &nonce_caller_bytes);
   10684   if (rc != TPM_RC_SUCCESS) {
   10685     return rc;
   10686   }
   10687   std::string encrypted_salt_bytes;
   10688   rc = Serialize_TPM2B_ENCRYPTED_SECRET(
   10689       encrypted_salt,
   10690       &encrypted_salt_bytes);
   10691   if (rc != TPM_RC_SUCCESS) {
   10692     return rc;
   10693   }
   10694   std::string session_type_bytes;
   10695   rc = Serialize_TPM_SE(
   10696       session_type,
   10697       &session_type_bytes);
   10698   if (rc != TPM_RC_SUCCESS) {
   10699     return rc;
   10700   }
   10701   std::string symmetric_bytes;
   10702   rc = Serialize_TPMT_SYM_DEF(
   10703       symmetric,
   10704       &symmetric_bytes);
   10705   if (rc != TPM_RC_SUCCESS) {
   10706     return rc;
   10707   }
   10708   std::string auth_hash_bytes;
   10709   rc = Serialize_TPMI_ALG_HASH(
   10710       auth_hash,
   10711       &auth_hash_bytes);
   10712   if (rc != TPM_RC_SUCCESS) {
   10713     return rc;
   10714   }
   10715   if (authorization_delegate) {
   10716     // Encrypt just the parameter data, not the size.
   10717     std::string tmp = nonce_caller_bytes.substr(2);
   10718     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   10719       return TRUNKS_RC_ENCRYPTION_FAILED;
   10720     }
   10721     nonce_caller_bytes.replace(2, std::string::npos, tmp);
   10722   }
   10723   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   10724       crypto::SecureHash::SHA256));
   10725   hash->Update(command_code_bytes.data(),
   10726                command_code_bytes.size());
   10727   hash->Update(tpm_key_name.data(),
   10728                tpm_key_name.size());
   10729   handle_section_bytes += tpm_key_bytes;
   10730   command_size += tpm_key_bytes.size();
   10731   hash->Update(bind_name.data(),
   10732                bind_name.size());
   10733   handle_section_bytes += bind_bytes;
   10734   command_size += bind_bytes.size();
   10735   hash->Update(nonce_caller_bytes.data(),
   10736                nonce_caller_bytes.size());
   10737   parameter_section_bytes += nonce_caller_bytes;
   10738   command_size += nonce_caller_bytes.size();
   10739   hash->Update(encrypted_salt_bytes.data(),
   10740                encrypted_salt_bytes.size());
   10741   parameter_section_bytes += encrypted_salt_bytes;
   10742   command_size += encrypted_salt_bytes.size();
   10743   hash->Update(session_type_bytes.data(),
   10744                session_type_bytes.size());
   10745   parameter_section_bytes += session_type_bytes;
   10746   command_size += session_type_bytes.size();
   10747   hash->Update(symmetric_bytes.data(),
   10748                symmetric_bytes.size());
   10749   parameter_section_bytes += symmetric_bytes;
   10750   command_size += symmetric_bytes.size();
   10751   hash->Update(auth_hash_bytes.data(),
   10752                auth_hash_bytes.size());
   10753   parameter_section_bytes += auth_hash_bytes;
   10754   command_size += auth_hash_bytes.size();
   10755   std::string command_hash(32, 0);
   10756   hash->Finish(string_as_array(&command_hash), command_hash.size());
   10757   std::string authorization_section_bytes;
   10758   std::string authorization_size_bytes;
   10759   if (authorization_delegate) {
   10760     if (!authorization_delegate->GetCommandAuthorization(
   10761         command_hash,
   10762         is_command_parameter_encryption_possible,
   10763         is_response_parameter_encryption_possible,
   10764         &authorization_section_bytes)) {
   10765       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10766     }
   10767     if (!authorization_section_bytes.empty()) {
   10768       tag = TPM_ST_SESSIONS;
   10769       std::string tmp;
   10770       rc = Serialize_UINT32(authorization_section_bytes.size(),
   10771                             &authorization_size_bytes);
   10772       if (rc != TPM_RC_SUCCESS) {
   10773         return rc;
   10774       }
   10775       command_size += authorization_size_bytes.size() +
   10776                       authorization_section_bytes.size();
   10777     }
   10778   }
   10779   std::string tag_bytes;
   10780   rc = Serialize_TPMI_ST_COMMAND_TAG(
   10781       tag,
   10782       &tag_bytes);
   10783   if (rc != TPM_RC_SUCCESS) {
   10784     return rc;
   10785   }
   10786   std::string command_size_bytes;
   10787   rc = Serialize_UINT32(
   10788       command_size,
   10789       &command_size_bytes);
   10790   if (rc != TPM_RC_SUCCESS) {
   10791     return rc;
   10792   }
   10793   *serialized_command = tag_bytes +
   10794                         command_size_bytes +
   10795                         command_code_bytes +
   10796                         handle_section_bytes +
   10797                         authorization_size_bytes +
   10798                         authorization_section_bytes +
   10799                         parameter_section_bytes;
   10800   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   10801   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   10802                                             serialized_command->size());
   10803   return TPM_RC_SUCCESS;
   10804 }
   10805 
   10806 TPM_RC Tpm::ParseResponse_StartAuthSession(
   10807       const std::string& response,
   10808       TPMI_SH_AUTH_SESSION* session_handle,
   10809       TPM2B_NONCE* nonce_tpm,
   10810       AuthorizationDelegate* authorization_delegate) {
   10811   VLOG(3) << __func__;
   10812   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   10813   TPM_RC rc = TPM_RC_SUCCESS;
   10814   std::string buffer(response);
   10815   TPM_ST tag;
   10816   std::string tag_bytes;
   10817   rc = Parse_TPM_ST(
   10818       &buffer,
   10819       &tag,
   10820       &tag_bytes);
   10821   if (rc != TPM_RC_SUCCESS) {
   10822     return rc;
   10823   }
   10824   UINT32 response_size;
   10825   std::string response_size_bytes;
   10826   rc = Parse_UINT32(
   10827       &buffer,
   10828       &response_size,
   10829       &response_size_bytes);
   10830   if (rc != TPM_RC_SUCCESS) {
   10831     return rc;
   10832   }
   10833   TPM_RC response_code;
   10834   std::string response_code_bytes;
   10835   rc = Parse_TPM_RC(
   10836       &buffer,
   10837       &response_code,
   10838       &response_code_bytes);
   10839   if (rc != TPM_RC_SUCCESS) {
   10840     return rc;
   10841   }
   10842   if (response_size != response.size()) {
   10843     return TPM_RC_SIZE;
   10844   }
   10845   if (response_code != TPM_RC_SUCCESS) {
   10846     return response_code;
   10847   }
   10848   std::string session_handle_bytes;
   10849   rc = Parse_TPMI_SH_AUTH_SESSION(
   10850       &buffer,
   10851       session_handle,
   10852       &session_handle_bytes);
   10853   if (rc != TPM_RC_SUCCESS) {
   10854     return rc;
   10855   }
   10856   TPM_CC command_code = TPM_CC_StartAuthSession;
   10857   std::string command_code_bytes;
   10858   rc = Serialize_TPM_CC(
   10859       command_code,
   10860       &command_code_bytes);
   10861   if (rc != TPM_RC_SUCCESS) {
   10862     return rc;
   10863   }
   10864   std::string authorization_section_bytes;
   10865   if (tag == TPM_ST_SESSIONS) {
   10866     UINT32 parameter_section_size = buffer.size();
   10867     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   10868     if (rc != TPM_RC_SUCCESS) {
   10869       return rc;
   10870     }
   10871     if (parameter_section_size > buffer.size()) {
   10872       return TPM_RC_INSUFFICIENT;
   10873     }
   10874     authorization_section_bytes = buffer.substr(parameter_section_size);
   10875     // Keep the parameter section in |buffer|.
   10876     buffer.erase(parameter_section_size);
   10877   }
   10878   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   10879       crypto::SecureHash::SHA256));
   10880   hash->Update(response_code_bytes.data(),
   10881                response_code_bytes.size());
   10882   hash->Update(command_code_bytes.data(),
   10883                command_code_bytes.size());
   10884   hash->Update(buffer.data(),
   10885                buffer.size());
   10886   std::string response_hash(32, 0);
   10887   hash->Finish(string_as_array(&response_hash), response_hash.size());
   10888   if (tag == TPM_ST_SESSIONS) {
   10889     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10890     if (!authorization_delegate->CheckResponseAuthorization(
   10891         response_hash,
   10892         authorization_section_bytes)) {
   10893       return TRUNKS_RC_AUTHORIZATION_FAILED;
   10894     }
   10895   }
   10896   std::string nonce_tpm_bytes;
   10897   rc = Parse_TPM2B_NONCE(
   10898       &buffer,
   10899       nonce_tpm,
   10900       &nonce_tpm_bytes);
   10901   if (rc != TPM_RC_SUCCESS) {
   10902     return rc;
   10903   }
   10904   if (tag == TPM_ST_SESSIONS) {
   10905     CHECK(authorization_delegate) << "Authorization delegate missing!";
   10906     // Decrypt just the parameter data, not the size.
   10907     std::string tmp = nonce_tpm_bytes.substr(2);
   10908     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   10909       return TRUNKS_RC_ENCRYPTION_FAILED;
   10910     }
   10911     nonce_tpm_bytes.replace(2, std::string::npos, tmp);
   10912     rc = Parse_TPM2B_NONCE(
   10913         &nonce_tpm_bytes,
   10914         nonce_tpm,
   10915         nullptr);
   10916     if (rc != TPM_RC_SUCCESS) {
   10917       return rc;
   10918     }
   10919   }
   10920   return TPM_RC_SUCCESS;
   10921 }
   10922 
   10923 void StartAuthSessionErrorCallback(
   10924     const Tpm::StartAuthSessionResponse& callback,
   10925     TPM_RC response_code) {
   10926   VLOG(1) << __func__;
   10927   callback.Run(response_code,
   10928                TPMI_SH_AUTH_SESSION(),
   10929                TPM2B_NONCE());
   10930 }
   10931 
   10932 void StartAuthSessionResponseParser(
   10933     const Tpm::StartAuthSessionResponse& callback,
   10934     AuthorizationDelegate* authorization_delegate,
   10935     const std::string& response) {
   10936   VLOG(1) << __func__;
   10937   base::Callback<void(TPM_RC)> error_reporter =
   10938       base::Bind(StartAuthSessionErrorCallback, callback);
   10939   TPMI_SH_AUTH_SESSION session_handle;
   10940   TPM2B_NONCE nonce_tpm;
   10941   TPM_RC rc = Tpm::ParseResponse_StartAuthSession(
   10942       response,
   10943       &session_handle,
   10944       &nonce_tpm,
   10945       authorization_delegate);
   10946   if (rc != TPM_RC_SUCCESS) {
   10947     error_reporter.Run(rc);
   10948     return;
   10949   }
   10950   callback.Run(
   10951       rc,
   10952       session_handle,
   10953       nonce_tpm);
   10954 }
   10955 
   10956 void Tpm::StartAuthSession(
   10957       const TPMI_DH_OBJECT& tpm_key,
   10958       const std::string& tpm_key_name,
   10959       const TPMI_DH_ENTITY& bind,
   10960       const std::string& bind_name,
   10961       const TPM2B_NONCE& nonce_caller,
   10962       const TPM2B_ENCRYPTED_SECRET& encrypted_salt,
   10963       const TPM_SE& session_type,
   10964       const TPMT_SYM_DEF& symmetric,
   10965       const TPMI_ALG_HASH& auth_hash,
   10966       AuthorizationDelegate* authorization_delegate,
   10967       const StartAuthSessionResponse& callback) {
   10968   VLOG(1) << __func__;
   10969   base::Callback<void(TPM_RC)> error_reporter =
   10970       base::Bind(StartAuthSessionErrorCallback, callback);
   10971   base::Callback<void(const std::string&)> parser =
   10972       base::Bind(StartAuthSessionResponseParser,
   10973                  callback,
   10974                  authorization_delegate);
   10975   std::string command;
   10976   TPM_RC rc = SerializeCommand_StartAuthSession(
   10977       tpm_key,
   10978       tpm_key_name,
   10979       bind,
   10980       bind_name,
   10981       nonce_caller,
   10982       encrypted_salt,
   10983       session_type,
   10984       symmetric,
   10985       auth_hash,
   10986       &command,
   10987       authorization_delegate);
   10988   if (rc != TPM_RC_SUCCESS) {
   10989     error_reporter.Run(rc);
   10990     return;
   10991   }
   10992   transceiver_->SendCommand(command, parser);
   10993 }
   10994 
   10995 TPM_RC Tpm::StartAuthSessionSync(
   10996       const TPMI_DH_OBJECT& tpm_key,
   10997       const std::string& tpm_key_name,
   10998       const TPMI_DH_ENTITY& bind,
   10999       const std::string& bind_name,
   11000       const TPM2B_NONCE& nonce_caller,
   11001       const TPM2B_ENCRYPTED_SECRET& encrypted_salt,
   11002       const TPM_SE& session_type,
   11003       const TPMT_SYM_DEF& symmetric,
   11004       const TPMI_ALG_HASH& auth_hash,
   11005       TPMI_SH_AUTH_SESSION* session_handle,
   11006       TPM2B_NONCE* nonce_tpm,
   11007       AuthorizationDelegate* authorization_delegate) {
   11008   VLOG(1) << __func__;
   11009   std::string command;
   11010   TPM_RC rc = SerializeCommand_StartAuthSession(
   11011       tpm_key,
   11012       tpm_key_name,
   11013       bind,
   11014       bind_name,
   11015       nonce_caller,
   11016       encrypted_salt,
   11017       session_type,
   11018       symmetric,
   11019       auth_hash,
   11020       &command,
   11021       authorization_delegate);
   11022   if (rc != TPM_RC_SUCCESS) {
   11023     return rc;
   11024   }
   11025   std::string response = transceiver_->SendCommandAndWait(command);
   11026   rc = ParseResponse_StartAuthSession(
   11027       response,
   11028       session_handle,
   11029       nonce_tpm,
   11030       authorization_delegate);
   11031   return rc;
   11032 }
   11033 
   11034 TPM_RC Tpm::SerializeCommand_PolicyRestart(
   11035       const TPMI_SH_POLICY& session_handle,
   11036       const std::string& session_handle_name,
   11037       std::string* serialized_command,
   11038       AuthorizationDelegate* authorization_delegate) {
   11039   VLOG(3) << __func__;
   11040   TPM_RC rc = TPM_RC_SUCCESS;
   11041   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   11042   UINT32 command_size = 10;  // Header size.
   11043   std::string handle_section_bytes;
   11044   std::string parameter_section_bytes;
   11045   TPM_CC command_code = TPM_CC_PolicyRestart;
   11046   bool is_command_parameter_encryption_possible = false;
   11047   bool is_response_parameter_encryption_possible = false;
   11048   std::string command_code_bytes;
   11049   rc = Serialize_TPM_CC(
   11050       command_code,
   11051       &command_code_bytes);
   11052   if (rc != TPM_RC_SUCCESS) {
   11053     return rc;
   11054   }
   11055   std::string session_handle_bytes;
   11056   rc = Serialize_TPMI_SH_POLICY(
   11057       session_handle,
   11058       &session_handle_bytes);
   11059   if (rc != TPM_RC_SUCCESS) {
   11060     return rc;
   11061   }
   11062   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   11063       crypto::SecureHash::SHA256));
   11064   hash->Update(command_code_bytes.data(),
   11065                command_code_bytes.size());
   11066   hash->Update(session_handle_name.data(),
   11067                session_handle_name.size());
   11068   handle_section_bytes += session_handle_bytes;
   11069   command_size += session_handle_bytes.size();
   11070   std::string command_hash(32, 0);
   11071   hash->Finish(string_as_array(&command_hash), command_hash.size());
   11072   std::string authorization_section_bytes;
   11073   std::string authorization_size_bytes;
   11074   if (authorization_delegate) {
   11075     if (!authorization_delegate->GetCommandAuthorization(
   11076         command_hash,
   11077         is_command_parameter_encryption_possible,
   11078         is_response_parameter_encryption_possible,
   11079         &authorization_section_bytes)) {
   11080       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11081     }
   11082     if (!authorization_section_bytes.empty()) {
   11083       tag = TPM_ST_SESSIONS;
   11084       std::string tmp;
   11085       rc = Serialize_UINT32(authorization_section_bytes.size(),
   11086                             &authorization_size_bytes);
   11087       if (rc != TPM_RC_SUCCESS) {
   11088         return rc;
   11089       }
   11090       command_size += authorization_size_bytes.size() +
   11091                       authorization_section_bytes.size();
   11092     }
   11093   }
   11094   std::string tag_bytes;
   11095   rc = Serialize_TPMI_ST_COMMAND_TAG(
   11096       tag,
   11097       &tag_bytes);
   11098   if (rc != TPM_RC_SUCCESS) {
   11099     return rc;
   11100   }
   11101   std::string command_size_bytes;
   11102   rc = Serialize_UINT32(
   11103       command_size,
   11104       &command_size_bytes);
   11105   if (rc != TPM_RC_SUCCESS) {
   11106     return rc;
   11107   }
   11108   *serialized_command = tag_bytes +
   11109                         command_size_bytes +
   11110                         command_code_bytes +
   11111                         handle_section_bytes +
   11112                         authorization_size_bytes +
   11113                         authorization_section_bytes +
   11114                         parameter_section_bytes;
   11115   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   11116   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   11117                                             serialized_command->size());
   11118   return TPM_RC_SUCCESS;
   11119 }
   11120 
   11121 TPM_RC Tpm::ParseResponse_PolicyRestart(
   11122       const std::string& response,
   11123       AuthorizationDelegate* authorization_delegate) {
   11124   VLOG(3) << __func__;
   11125   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   11126   TPM_RC rc = TPM_RC_SUCCESS;
   11127   std::string buffer(response);
   11128   TPM_ST tag;
   11129   std::string tag_bytes;
   11130   rc = Parse_TPM_ST(
   11131       &buffer,
   11132       &tag,
   11133       &tag_bytes);
   11134   if (rc != TPM_RC_SUCCESS) {
   11135     return rc;
   11136   }
   11137   UINT32 response_size;
   11138   std::string response_size_bytes;
   11139   rc = Parse_UINT32(
   11140       &buffer,
   11141       &response_size,
   11142       &response_size_bytes);
   11143   if (rc != TPM_RC_SUCCESS) {
   11144     return rc;
   11145   }
   11146   TPM_RC response_code;
   11147   std::string response_code_bytes;
   11148   rc = Parse_TPM_RC(
   11149       &buffer,
   11150       &response_code,
   11151       &response_code_bytes);
   11152   if (rc != TPM_RC_SUCCESS) {
   11153     return rc;
   11154   }
   11155   if (response_size != response.size()) {
   11156     return TPM_RC_SIZE;
   11157   }
   11158   if (response_code != TPM_RC_SUCCESS) {
   11159     return response_code;
   11160   }
   11161   TPM_CC command_code = TPM_CC_PolicyRestart;
   11162   std::string command_code_bytes;
   11163   rc = Serialize_TPM_CC(
   11164       command_code,
   11165       &command_code_bytes);
   11166   if (rc != TPM_RC_SUCCESS) {
   11167     return rc;
   11168   }
   11169   std::string authorization_section_bytes;
   11170   if (tag == TPM_ST_SESSIONS) {
   11171     UINT32 parameter_section_size = buffer.size();
   11172     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   11173     if (rc != TPM_RC_SUCCESS) {
   11174       return rc;
   11175     }
   11176     if (parameter_section_size > buffer.size()) {
   11177       return TPM_RC_INSUFFICIENT;
   11178     }
   11179     authorization_section_bytes = buffer.substr(parameter_section_size);
   11180     // Keep the parameter section in |buffer|.
   11181     buffer.erase(parameter_section_size);
   11182   }
   11183   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   11184       crypto::SecureHash::SHA256));
   11185   hash->Update(response_code_bytes.data(),
   11186                response_code_bytes.size());
   11187   hash->Update(command_code_bytes.data(),
   11188                command_code_bytes.size());
   11189   hash->Update(buffer.data(),
   11190                buffer.size());
   11191   std::string response_hash(32, 0);
   11192   hash->Finish(string_as_array(&response_hash), response_hash.size());
   11193   if (tag == TPM_ST_SESSIONS) {
   11194     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11195     if (!authorization_delegate->CheckResponseAuthorization(
   11196         response_hash,
   11197         authorization_section_bytes)) {
   11198       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11199     }
   11200   }
   11201   return TPM_RC_SUCCESS;
   11202 }
   11203 
   11204 void PolicyRestartErrorCallback(
   11205     const Tpm::PolicyRestartResponse& callback,
   11206     TPM_RC response_code) {
   11207   VLOG(1) << __func__;
   11208   callback.Run(response_code);
   11209 }
   11210 
   11211 void PolicyRestartResponseParser(
   11212     const Tpm::PolicyRestartResponse& callback,
   11213     AuthorizationDelegate* authorization_delegate,
   11214     const std::string& response) {
   11215   VLOG(1) << __func__;
   11216   base::Callback<void(TPM_RC)> error_reporter =
   11217       base::Bind(PolicyRestartErrorCallback, callback);
   11218   TPM_RC rc = Tpm::ParseResponse_PolicyRestart(
   11219       response,
   11220       authorization_delegate);
   11221   if (rc != TPM_RC_SUCCESS) {
   11222     error_reporter.Run(rc);
   11223     return;
   11224   }
   11225   callback.Run(
   11226       rc);
   11227 }
   11228 
   11229 void Tpm::PolicyRestart(
   11230       const TPMI_SH_POLICY& session_handle,
   11231       const std::string& session_handle_name,
   11232       AuthorizationDelegate* authorization_delegate,
   11233       const PolicyRestartResponse& callback) {
   11234   VLOG(1) << __func__;
   11235   base::Callback<void(TPM_RC)> error_reporter =
   11236       base::Bind(PolicyRestartErrorCallback, callback);
   11237   base::Callback<void(const std::string&)> parser =
   11238       base::Bind(PolicyRestartResponseParser,
   11239                  callback,
   11240                  authorization_delegate);
   11241   std::string command;
   11242   TPM_RC rc = SerializeCommand_PolicyRestart(
   11243       session_handle,
   11244       session_handle_name,
   11245       &command,
   11246       authorization_delegate);
   11247   if (rc != TPM_RC_SUCCESS) {
   11248     error_reporter.Run(rc);
   11249     return;
   11250   }
   11251   transceiver_->SendCommand(command, parser);
   11252 }
   11253 
   11254 TPM_RC Tpm::PolicyRestartSync(
   11255       const TPMI_SH_POLICY& session_handle,
   11256       const std::string& session_handle_name,
   11257       AuthorizationDelegate* authorization_delegate) {
   11258   VLOG(1) << __func__;
   11259   std::string command;
   11260   TPM_RC rc = SerializeCommand_PolicyRestart(
   11261       session_handle,
   11262       session_handle_name,
   11263       &command,
   11264       authorization_delegate);
   11265   if (rc != TPM_RC_SUCCESS) {
   11266     return rc;
   11267   }
   11268   std::string response = transceiver_->SendCommandAndWait(command);
   11269   rc = ParseResponse_PolicyRestart(
   11270       response,
   11271       authorization_delegate);
   11272   return rc;
   11273 }
   11274 
   11275 TPM_RC Tpm::SerializeCommand_Create(
   11276       const TPMI_DH_OBJECT& parent_handle,
   11277       const std::string& parent_handle_name,
   11278       const TPM2B_SENSITIVE_CREATE& in_sensitive,
   11279       const TPM2B_PUBLIC& in_public,
   11280       const TPM2B_DATA& outside_info,
   11281       const TPML_PCR_SELECTION& creation_pcr,
   11282       std::string* serialized_command,
   11283       AuthorizationDelegate* authorization_delegate) {
   11284   VLOG(3) << __func__;
   11285   TPM_RC rc = TPM_RC_SUCCESS;
   11286   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   11287   UINT32 command_size = 10;  // Header size.
   11288   std::string handle_section_bytes;
   11289   std::string parameter_section_bytes;
   11290   TPM_CC command_code = TPM_CC_Create;
   11291   bool is_command_parameter_encryption_possible = true;
   11292   bool is_response_parameter_encryption_possible = true;
   11293   std::string command_code_bytes;
   11294   rc = Serialize_TPM_CC(
   11295       command_code,
   11296       &command_code_bytes);
   11297   if (rc != TPM_RC_SUCCESS) {
   11298     return rc;
   11299   }
   11300   std::string parent_handle_bytes;
   11301   rc = Serialize_TPMI_DH_OBJECT(
   11302       parent_handle,
   11303       &parent_handle_bytes);
   11304   if (rc != TPM_RC_SUCCESS) {
   11305     return rc;
   11306   }
   11307   std::string in_sensitive_bytes;
   11308   rc = Serialize_TPM2B_SENSITIVE_CREATE(
   11309       in_sensitive,
   11310       &in_sensitive_bytes);
   11311   if (rc != TPM_RC_SUCCESS) {
   11312     return rc;
   11313   }
   11314   std::string in_public_bytes;
   11315   rc = Serialize_TPM2B_PUBLIC(
   11316       in_public,
   11317       &in_public_bytes);
   11318   if (rc != TPM_RC_SUCCESS) {
   11319     return rc;
   11320   }
   11321   std::string outside_info_bytes;
   11322   rc = Serialize_TPM2B_DATA(
   11323       outside_info,
   11324       &outside_info_bytes);
   11325   if (rc != TPM_RC_SUCCESS) {
   11326     return rc;
   11327   }
   11328   std::string creation_pcr_bytes;
   11329   rc = Serialize_TPML_PCR_SELECTION(
   11330       creation_pcr,
   11331       &creation_pcr_bytes);
   11332   if (rc != TPM_RC_SUCCESS) {
   11333     return rc;
   11334   }
   11335   if (authorization_delegate) {
   11336     // Encrypt just the parameter data, not the size.
   11337     std::string tmp = in_sensitive_bytes.substr(2);
   11338     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   11339       return TRUNKS_RC_ENCRYPTION_FAILED;
   11340     }
   11341     in_sensitive_bytes.replace(2, std::string::npos, tmp);
   11342   }
   11343   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   11344       crypto::SecureHash::SHA256));
   11345   hash->Update(command_code_bytes.data(),
   11346                command_code_bytes.size());
   11347   hash->Update(parent_handle_name.data(),
   11348                parent_handle_name.size());
   11349   handle_section_bytes += parent_handle_bytes;
   11350   command_size += parent_handle_bytes.size();
   11351   hash->Update(in_sensitive_bytes.data(),
   11352                in_sensitive_bytes.size());
   11353   parameter_section_bytes += in_sensitive_bytes;
   11354   command_size += in_sensitive_bytes.size();
   11355   hash->Update(in_public_bytes.data(),
   11356                in_public_bytes.size());
   11357   parameter_section_bytes += in_public_bytes;
   11358   command_size += in_public_bytes.size();
   11359   hash->Update(outside_info_bytes.data(),
   11360                outside_info_bytes.size());
   11361   parameter_section_bytes += outside_info_bytes;
   11362   command_size += outside_info_bytes.size();
   11363   hash->Update(creation_pcr_bytes.data(),
   11364                creation_pcr_bytes.size());
   11365   parameter_section_bytes += creation_pcr_bytes;
   11366   command_size += creation_pcr_bytes.size();
   11367   std::string command_hash(32, 0);
   11368   hash->Finish(string_as_array(&command_hash), command_hash.size());
   11369   std::string authorization_section_bytes;
   11370   std::string authorization_size_bytes;
   11371   if (authorization_delegate) {
   11372     if (!authorization_delegate->GetCommandAuthorization(
   11373         command_hash,
   11374         is_command_parameter_encryption_possible,
   11375         is_response_parameter_encryption_possible,
   11376         &authorization_section_bytes)) {
   11377       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11378     }
   11379     if (!authorization_section_bytes.empty()) {
   11380       tag = TPM_ST_SESSIONS;
   11381       std::string tmp;
   11382       rc = Serialize_UINT32(authorization_section_bytes.size(),
   11383                             &authorization_size_bytes);
   11384       if (rc != TPM_RC_SUCCESS) {
   11385         return rc;
   11386       }
   11387       command_size += authorization_size_bytes.size() +
   11388                       authorization_section_bytes.size();
   11389     }
   11390   }
   11391   std::string tag_bytes;
   11392   rc = Serialize_TPMI_ST_COMMAND_TAG(
   11393       tag,
   11394       &tag_bytes);
   11395   if (rc != TPM_RC_SUCCESS) {
   11396     return rc;
   11397   }
   11398   std::string command_size_bytes;
   11399   rc = Serialize_UINT32(
   11400       command_size,
   11401       &command_size_bytes);
   11402   if (rc != TPM_RC_SUCCESS) {
   11403     return rc;
   11404   }
   11405   *serialized_command = tag_bytes +
   11406                         command_size_bytes +
   11407                         command_code_bytes +
   11408                         handle_section_bytes +
   11409                         authorization_size_bytes +
   11410                         authorization_section_bytes +
   11411                         parameter_section_bytes;
   11412   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   11413   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   11414                                             serialized_command->size());
   11415   return TPM_RC_SUCCESS;
   11416 }
   11417 
   11418 TPM_RC Tpm::ParseResponse_Create(
   11419       const std::string& response,
   11420       TPM2B_PRIVATE* out_private,
   11421       TPM2B_PUBLIC* out_public,
   11422       TPM2B_CREATION_DATA* creation_data,
   11423       TPM2B_DIGEST* creation_hash,
   11424       TPMT_TK_CREATION* creation_ticket,
   11425       AuthorizationDelegate* authorization_delegate) {
   11426   VLOG(3) << __func__;
   11427   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   11428   TPM_RC rc = TPM_RC_SUCCESS;
   11429   std::string buffer(response);
   11430   TPM_ST tag;
   11431   std::string tag_bytes;
   11432   rc = Parse_TPM_ST(
   11433       &buffer,
   11434       &tag,
   11435       &tag_bytes);
   11436   if (rc != TPM_RC_SUCCESS) {
   11437     return rc;
   11438   }
   11439   UINT32 response_size;
   11440   std::string response_size_bytes;
   11441   rc = Parse_UINT32(
   11442       &buffer,
   11443       &response_size,
   11444       &response_size_bytes);
   11445   if (rc != TPM_RC_SUCCESS) {
   11446     return rc;
   11447   }
   11448   TPM_RC response_code;
   11449   std::string response_code_bytes;
   11450   rc = Parse_TPM_RC(
   11451       &buffer,
   11452       &response_code,
   11453       &response_code_bytes);
   11454   if (rc != TPM_RC_SUCCESS) {
   11455     return rc;
   11456   }
   11457   if (response_size != response.size()) {
   11458     return TPM_RC_SIZE;
   11459   }
   11460   if (response_code != TPM_RC_SUCCESS) {
   11461     return response_code;
   11462   }
   11463   TPM_CC command_code = TPM_CC_Create;
   11464   std::string command_code_bytes;
   11465   rc = Serialize_TPM_CC(
   11466       command_code,
   11467       &command_code_bytes);
   11468   if (rc != TPM_RC_SUCCESS) {
   11469     return rc;
   11470   }
   11471   std::string authorization_section_bytes;
   11472   if (tag == TPM_ST_SESSIONS) {
   11473     UINT32 parameter_section_size = buffer.size();
   11474     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   11475     if (rc != TPM_RC_SUCCESS) {
   11476       return rc;
   11477     }
   11478     if (parameter_section_size > buffer.size()) {
   11479       return TPM_RC_INSUFFICIENT;
   11480     }
   11481     authorization_section_bytes = buffer.substr(parameter_section_size);
   11482     // Keep the parameter section in |buffer|.
   11483     buffer.erase(parameter_section_size);
   11484   }
   11485   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   11486       crypto::SecureHash::SHA256));
   11487   hash->Update(response_code_bytes.data(),
   11488                response_code_bytes.size());
   11489   hash->Update(command_code_bytes.data(),
   11490                command_code_bytes.size());
   11491   hash->Update(buffer.data(),
   11492                buffer.size());
   11493   std::string response_hash(32, 0);
   11494   hash->Finish(string_as_array(&response_hash), response_hash.size());
   11495   if (tag == TPM_ST_SESSIONS) {
   11496     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11497     if (!authorization_delegate->CheckResponseAuthorization(
   11498         response_hash,
   11499         authorization_section_bytes)) {
   11500       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11501     }
   11502   }
   11503   std::string out_private_bytes;
   11504   rc = Parse_TPM2B_PRIVATE(
   11505       &buffer,
   11506       out_private,
   11507       &out_private_bytes);
   11508   if (rc != TPM_RC_SUCCESS) {
   11509     return rc;
   11510   }
   11511   std::string out_public_bytes;
   11512   rc = Parse_TPM2B_PUBLIC(
   11513       &buffer,
   11514       out_public,
   11515       &out_public_bytes);
   11516   if (rc != TPM_RC_SUCCESS) {
   11517     return rc;
   11518   }
   11519   std::string creation_data_bytes;
   11520   rc = Parse_TPM2B_CREATION_DATA(
   11521       &buffer,
   11522       creation_data,
   11523       &creation_data_bytes);
   11524   if (rc != TPM_RC_SUCCESS) {
   11525     return rc;
   11526   }
   11527   std::string creation_hash_bytes;
   11528   rc = Parse_TPM2B_DIGEST(
   11529       &buffer,
   11530       creation_hash,
   11531       &creation_hash_bytes);
   11532   if (rc != TPM_RC_SUCCESS) {
   11533     return rc;
   11534   }
   11535   std::string creation_ticket_bytes;
   11536   rc = Parse_TPMT_TK_CREATION(
   11537       &buffer,
   11538       creation_ticket,
   11539       &creation_ticket_bytes);
   11540   if (rc != TPM_RC_SUCCESS) {
   11541     return rc;
   11542   }
   11543   if (tag == TPM_ST_SESSIONS) {
   11544     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11545     // Decrypt just the parameter data, not the size.
   11546     std::string tmp = out_private_bytes.substr(2);
   11547     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   11548       return TRUNKS_RC_ENCRYPTION_FAILED;
   11549     }
   11550     out_private_bytes.replace(2, std::string::npos, tmp);
   11551     rc = Parse_TPM2B_PRIVATE(
   11552         &out_private_bytes,
   11553         out_private,
   11554         nullptr);
   11555     if (rc != TPM_RC_SUCCESS) {
   11556       return rc;
   11557     }
   11558   }
   11559   return TPM_RC_SUCCESS;
   11560 }
   11561 
   11562 void CreateErrorCallback(
   11563     const Tpm::CreateResponse& callback,
   11564     TPM_RC response_code) {
   11565   VLOG(1) << __func__;
   11566   callback.Run(response_code,
   11567                TPM2B_PRIVATE(),
   11568                TPM2B_PUBLIC(),
   11569                TPM2B_CREATION_DATA(),
   11570                TPM2B_DIGEST(),
   11571                TPMT_TK_CREATION());
   11572 }
   11573 
   11574 void CreateResponseParser(
   11575     const Tpm::CreateResponse& callback,
   11576     AuthorizationDelegate* authorization_delegate,
   11577     const std::string& response) {
   11578   VLOG(1) << __func__;
   11579   base::Callback<void(TPM_RC)> error_reporter =
   11580       base::Bind(CreateErrorCallback, callback);
   11581   TPM2B_PRIVATE out_private;
   11582   TPM2B_PUBLIC out_public;
   11583   TPM2B_CREATION_DATA creation_data;
   11584   TPM2B_DIGEST creation_hash;
   11585   TPMT_TK_CREATION creation_ticket;
   11586   TPM_RC rc = Tpm::ParseResponse_Create(
   11587       response,
   11588       &out_private,
   11589       &out_public,
   11590       &creation_data,
   11591       &creation_hash,
   11592       &creation_ticket,
   11593       authorization_delegate);
   11594   if (rc != TPM_RC_SUCCESS) {
   11595     error_reporter.Run(rc);
   11596     return;
   11597   }
   11598   callback.Run(
   11599       rc,
   11600       out_private,
   11601       out_public,
   11602       creation_data,
   11603       creation_hash,
   11604       creation_ticket);
   11605 }
   11606 
   11607 void Tpm::Create(
   11608       const TPMI_DH_OBJECT& parent_handle,
   11609       const std::string& parent_handle_name,
   11610       const TPM2B_SENSITIVE_CREATE& in_sensitive,
   11611       const TPM2B_PUBLIC& in_public,
   11612       const TPM2B_DATA& outside_info,
   11613       const TPML_PCR_SELECTION& creation_pcr,
   11614       AuthorizationDelegate* authorization_delegate,
   11615       const CreateResponse& callback) {
   11616   VLOG(1) << __func__;
   11617   base::Callback<void(TPM_RC)> error_reporter =
   11618       base::Bind(CreateErrorCallback, callback);
   11619   base::Callback<void(const std::string&)> parser =
   11620       base::Bind(CreateResponseParser,
   11621                  callback,
   11622                  authorization_delegate);
   11623   std::string command;
   11624   TPM_RC rc = SerializeCommand_Create(
   11625       parent_handle,
   11626       parent_handle_name,
   11627       in_sensitive,
   11628       in_public,
   11629       outside_info,
   11630       creation_pcr,
   11631       &command,
   11632       authorization_delegate);
   11633   if (rc != TPM_RC_SUCCESS) {
   11634     error_reporter.Run(rc);
   11635     return;
   11636   }
   11637   transceiver_->SendCommand(command, parser);
   11638 }
   11639 
   11640 TPM_RC Tpm::CreateSync(
   11641       const TPMI_DH_OBJECT& parent_handle,
   11642       const std::string& parent_handle_name,
   11643       const TPM2B_SENSITIVE_CREATE& in_sensitive,
   11644       const TPM2B_PUBLIC& in_public,
   11645       const TPM2B_DATA& outside_info,
   11646       const TPML_PCR_SELECTION& creation_pcr,
   11647       TPM2B_PRIVATE* out_private,
   11648       TPM2B_PUBLIC* out_public,
   11649       TPM2B_CREATION_DATA* creation_data,
   11650       TPM2B_DIGEST* creation_hash,
   11651       TPMT_TK_CREATION* creation_ticket,
   11652       AuthorizationDelegate* authorization_delegate) {
   11653   VLOG(1) << __func__;
   11654   std::string command;
   11655   TPM_RC rc = SerializeCommand_Create(
   11656       parent_handle,
   11657       parent_handle_name,
   11658       in_sensitive,
   11659       in_public,
   11660       outside_info,
   11661       creation_pcr,
   11662       &command,
   11663       authorization_delegate);
   11664   if (rc != TPM_RC_SUCCESS) {
   11665     return rc;
   11666   }
   11667   std::string response = transceiver_->SendCommandAndWait(command);
   11668   rc = ParseResponse_Create(
   11669       response,
   11670       out_private,
   11671       out_public,
   11672       creation_data,
   11673       creation_hash,
   11674       creation_ticket,
   11675       authorization_delegate);
   11676   return rc;
   11677 }
   11678 
   11679 TPM_RC Tpm::SerializeCommand_Load(
   11680       const TPMI_DH_OBJECT& parent_handle,
   11681       const std::string& parent_handle_name,
   11682       const TPM2B_PRIVATE& in_private,
   11683       const TPM2B_PUBLIC& in_public,
   11684       std::string* serialized_command,
   11685       AuthorizationDelegate* authorization_delegate) {
   11686   VLOG(3) << __func__;
   11687   TPM_RC rc = TPM_RC_SUCCESS;
   11688   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   11689   UINT32 command_size = 10;  // Header size.
   11690   std::string handle_section_bytes;
   11691   std::string parameter_section_bytes;
   11692   TPM_CC command_code = TPM_CC_Load;
   11693   bool is_command_parameter_encryption_possible = true;
   11694   bool is_response_parameter_encryption_possible = true;
   11695   std::string command_code_bytes;
   11696   rc = Serialize_TPM_CC(
   11697       command_code,
   11698       &command_code_bytes);
   11699   if (rc != TPM_RC_SUCCESS) {
   11700     return rc;
   11701   }
   11702   std::string parent_handle_bytes;
   11703   rc = Serialize_TPMI_DH_OBJECT(
   11704       parent_handle,
   11705       &parent_handle_bytes);
   11706   if (rc != TPM_RC_SUCCESS) {
   11707     return rc;
   11708   }
   11709   std::string in_private_bytes;
   11710   rc = Serialize_TPM2B_PRIVATE(
   11711       in_private,
   11712       &in_private_bytes);
   11713   if (rc != TPM_RC_SUCCESS) {
   11714     return rc;
   11715   }
   11716   std::string in_public_bytes;
   11717   rc = Serialize_TPM2B_PUBLIC(
   11718       in_public,
   11719       &in_public_bytes);
   11720   if (rc != TPM_RC_SUCCESS) {
   11721     return rc;
   11722   }
   11723   if (authorization_delegate) {
   11724     // Encrypt just the parameter data, not the size.
   11725     std::string tmp = in_private_bytes.substr(2);
   11726     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   11727       return TRUNKS_RC_ENCRYPTION_FAILED;
   11728     }
   11729     in_private_bytes.replace(2, std::string::npos, tmp);
   11730   }
   11731   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   11732       crypto::SecureHash::SHA256));
   11733   hash->Update(command_code_bytes.data(),
   11734                command_code_bytes.size());
   11735   hash->Update(parent_handle_name.data(),
   11736                parent_handle_name.size());
   11737   handle_section_bytes += parent_handle_bytes;
   11738   command_size += parent_handle_bytes.size();
   11739   hash->Update(in_private_bytes.data(),
   11740                in_private_bytes.size());
   11741   parameter_section_bytes += in_private_bytes;
   11742   command_size += in_private_bytes.size();
   11743   hash->Update(in_public_bytes.data(),
   11744                in_public_bytes.size());
   11745   parameter_section_bytes += in_public_bytes;
   11746   command_size += in_public_bytes.size();
   11747   std::string command_hash(32, 0);
   11748   hash->Finish(string_as_array(&command_hash), command_hash.size());
   11749   std::string authorization_section_bytes;
   11750   std::string authorization_size_bytes;
   11751   if (authorization_delegate) {
   11752     if (!authorization_delegate->GetCommandAuthorization(
   11753         command_hash,
   11754         is_command_parameter_encryption_possible,
   11755         is_response_parameter_encryption_possible,
   11756         &authorization_section_bytes)) {
   11757       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11758     }
   11759     if (!authorization_section_bytes.empty()) {
   11760       tag = TPM_ST_SESSIONS;
   11761       std::string tmp;
   11762       rc = Serialize_UINT32(authorization_section_bytes.size(),
   11763                             &authorization_size_bytes);
   11764       if (rc != TPM_RC_SUCCESS) {
   11765         return rc;
   11766       }
   11767       command_size += authorization_size_bytes.size() +
   11768                       authorization_section_bytes.size();
   11769     }
   11770   }
   11771   std::string tag_bytes;
   11772   rc = Serialize_TPMI_ST_COMMAND_TAG(
   11773       tag,
   11774       &tag_bytes);
   11775   if (rc != TPM_RC_SUCCESS) {
   11776     return rc;
   11777   }
   11778   std::string command_size_bytes;
   11779   rc = Serialize_UINT32(
   11780       command_size,
   11781       &command_size_bytes);
   11782   if (rc != TPM_RC_SUCCESS) {
   11783     return rc;
   11784   }
   11785   *serialized_command = tag_bytes +
   11786                         command_size_bytes +
   11787                         command_code_bytes +
   11788                         handle_section_bytes +
   11789                         authorization_size_bytes +
   11790                         authorization_section_bytes +
   11791                         parameter_section_bytes;
   11792   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   11793   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   11794                                             serialized_command->size());
   11795   return TPM_RC_SUCCESS;
   11796 }
   11797 
   11798 TPM_RC Tpm::ParseResponse_Load(
   11799       const std::string& response,
   11800       TPM_HANDLE* object_handle,
   11801       TPM2B_NAME* name,
   11802       AuthorizationDelegate* authorization_delegate) {
   11803   VLOG(3) << __func__;
   11804   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   11805   TPM_RC rc = TPM_RC_SUCCESS;
   11806   std::string buffer(response);
   11807   TPM_ST tag;
   11808   std::string tag_bytes;
   11809   rc = Parse_TPM_ST(
   11810       &buffer,
   11811       &tag,
   11812       &tag_bytes);
   11813   if (rc != TPM_RC_SUCCESS) {
   11814     return rc;
   11815   }
   11816   UINT32 response_size;
   11817   std::string response_size_bytes;
   11818   rc = Parse_UINT32(
   11819       &buffer,
   11820       &response_size,
   11821       &response_size_bytes);
   11822   if (rc != TPM_RC_SUCCESS) {
   11823     return rc;
   11824   }
   11825   TPM_RC response_code;
   11826   std::string response_code_bytes;
   11827   rc = Parse_TPM_RC(
   11828       &buffer,
   11829       &response_code,
   11830       &response_code_bytes);
   11831   if (rc != TPM_RC_SUCCESS) {
   11832     return rc;
   11833   }
   11834   if (response_size != response.size()) {
   11835     return TPM_RC_SIZE;
   11836   }
   11837   if (response_code != TPM_RC_SUCCESS) {
   11838     return response_code;
   11839   }
   11840   std::string object_handle_bytes;
   11841   rc = Parse_TPM_HANDLE(
   11842       &buffer,
   11843       object_handle,
   11844       &object_handle_bytes);
   11845   if (rc != TPM_RC_SUCCESS) {
   11846     return rc;
   11847   }
   11848   TPM_CC command_code = TPM_CC_Load;
   11849   std::string command_code_bytes;
   11850   rc = Serialize_TPM_CC(
   11851       command_code,
   11852       &command_code_bytes);
   11853   if (rc != TPM_RC_SUCCESS) {
   11854     return rc;
   11855   }
   11856   std::string authorization_section_bytes;
   11857   if (tag == TPM_ST_SESSIONS) {
   11858     UINT32 parameter_section_size = buffer.size();
   11859     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   11860     if (rc != TPM_RC_SUCCESS) {
   11861       return rc;
   11862     }
   11863     if (parameter_section_size > buffer.size()) {
   11864       return TPM_RC_INSUFFICIENT;
   11865     }
   11866     authorization_section_bytes = buffer.substr(parameter_section_size);
   11867     // Keep the parameter section in |buffer|.
   11868     buffer.erase(parameter_section_size);
   11869   }
   11870   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   11871       crypto::SecureHash::SHA256));
   11872   hash->Update(response_code_bytes.data(),
   11873                response_code_bytes.size());
   11874   hash->Update(command_code_bytes.data(),
   11875                command_code_bytes.size());
   11876   hash->Update(buffer.data(),
   11877                buffer.size());
   11878   std::string response_hash(32, 0);
   11879   hash->Finish(string_as_array(&response_hash), response_hash.size());
   11880   if (tag == TPM_ST_SESSIONS) {
   11881     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11882     if (!authorization_delegate->CheckResponseAuthorization(
   11883         response_hash,
   11884         authorization_section_bytes)) {
   11885       return TRUNKS_RC_AUTHORIZATION_FAILED;
   11886     }
   11887   }
   11888   std::string name_bytes;
   11889   rc = Parse_TPM2B_NAME(
   11890       &buffer,
   11891       name,
   11892       &name_bytes);
   11893   if (rc != TPM_RC_SUCCESS) {
   11894     return rc;
   11895   }
   11896   if (tag == TPM_ST_SESSIONS) {
   11897     CHECK(authorization_delegate) << "Authorization delegate missing!";
   11898     // Decrypt just the parameter data, not the size.
   11899     std::string tmp = name_bytes.substr(2);
   11900     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   11901       return TRUNKS_RC_ENCRYPTION_FAILED;
   11902     }
   11903     name_bytes.replace(2, std::string::npos, tmp);
   11904     rc = Parse_TPM2B_NAME(
   11905         &name_bytes,
   11906         name,
   11907         nullptr);
   11908     if (rc != TPM_RC_SUCCESS) {
   11909       return rc;
   11910     }
   11911   }
   11912   return TPM_RC_SUCCESS;
   11913 }
   11914 
   11915 void LoadErrorCallback(
   11916     const Tpm::LoadResponse& callback,
   11917     TPM_RC response_code) {
   11918   VLOG(1) << __func__;
   11919   callback.Run(response_code,
   11920                TPM_HANDLE(),
   11921                TPM2B_NAME());
   11922 }
   11923 
   11924 void LoadResponseParser(
   11925     const Tpm::LoadResponse& callback,
   11926     AuthorizationDelegate* authorization_delegate,
   11927     const std::string& response) {
   11928   VLOG(1) << __func__;
   11929   base::Callback<void(TPM_RC)> error_reporter =
   11930       base::Bind(LoadErrorCallback, callback);
   11931   TPM_HANDLE object_handle;
   11932   TPM2B_NAME name;
   11933   TPM_RC rc = Tpm::ParseResponse_Load(
   11934       response,
   11935       &object_handle,
   11936       &name,
   11937       authorization_delegate);
   11938   if (rc != TPM_RC_SUCCESS) {
   11939     error_reporter.Run(rc);
   11940     return;
   11941   }
   11942   callback.Run(
   11943       rc,
   11944       object_handle,
   11945       name);
   11946 }
   11947 
   11948 void Tpm::Load(
   11949       const TPMI_DH_OBJECT& parent_handle,
   11950       const std::string& parent_handle_name,
   11951       const TPM2B_PRIVATE& in_private,
   11952       const TPM2B_PUBLIC& in_public,
   11953       AuthorizationDelegate* authorization_delegate,
   11954       const LoadResponse& callback) {
   11955   VLOG(1) << __func__;
   11956   base::Callback<void(TPM_RC)> error_reporter =
   11957       base::Bind(LoadErrorCallback, callback);
   11958   base::Callback<void(const std::string&)> parser =
   11959       base::Bind(LoadResponseParser,
   11960                  callback,
   11961                  authorization_delegate);
   11962   std::string command;
   11963   TPM_RC rc = SerializeCommand_Load(
   11964       parent_handle,
   11965       parent_handle_name,
   11966       in_private,
   11967       in_public,
   11968       &command,
   11969       authorization_delegate);
   11970   if (rc != TPM_RC_SUCCESS) {
   11971     error_reporter.Run(rc);
   11972     return;
   11973   }
   11974   transceiver_->SendCommand(command, parser);
   11975 }
   11976 
   11977 TPM_RC Tpm::LoadSync(
   11978       const TPMI_DH_OBJECT& parent_handle,
   11979       const std::string& parent_handle_name,
   11980       const TPM2B_PRIVATE& in_private,
   11981       const TPM2B_PUBLIC& in_public,
   11982       TPM_HANDLE* object_handle,
   11983       TPM2B_NAME* name,
   11984       AuthorizationDelegate* authorization_delegate) {
   11985   VLOG(1) << __func__;
   11986   std::string command;
   11987   TPM_RC rc = SerializeCommand_Load(
   11988       parent_handle,
   11989       parent_handle_name,
   11990       in_private,
   11991       in_public,
   11992       &command,
   11993       authorization_delegate);
   11994   if (rc != TPM_RC_SUCCESS) {
   11995     return rc;
   11996   }
   11997   std::string response = transceiver_->SendCommandAndWait(command);
   11998   rc = ParseResponse_Load(
   11999       response,
   12000       object_handle,
   12001       name,
   12002       authorization_delegate);
   12003   return rc;
   12004 }
   12005 
   12006 TPM_RC Tpm::SerializeCommand_LoadExternal(
   12007       const TPM2B_SENSITIVE& in_private,
   12008       const TPM2B_PUBLIC& in_public,
   12009       const TPMI_RH_HIERARCHY& hierarchy,
   12010       std::string* serialized_command,
   12011       AuthorizationDelegate* authorization_delegate) {
   12012   VLOG(3) << __func__;
   12013   TPM_RC rc = TPM_RC_SUCCESS;
   12014   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   12015   UINT32 command_size = 10;  // Header size.
   12016   std::string handle_section_bytes;
   12017   std::string parameter_section_bytes;
   12018   TPM_CC command_code = TPM_CC_LoadExternal;
   12019   bool is_command_parameter_encryption_possible = true;
   12020   bool is_response_parameter_encryption_possible = true;
   12021   std::string command_code_bytes;
   12022   rc = Serialize_TPM_CC(
   12023       command_code,
   12024       &command_code_bytes);
   12025   if (rc != TPM_RC_SUCCESS) {
   12026     return rc;
   12027   }
   12028   std::string in_private_bytes;
   12029   rc = Serialize_TPM2B_SENSITIVE(
   12030       in_private,
   12031       &in_private_bytes);
   12032   if (rc != TPM_RC_SUCCESS) {
   12033     return rc;
   12034   }
   12035   std::string in_public_bytes;
   12036   rc = Serialize_TPM2B_PUBLIC(
   12037       in_public,
   12038       &in_public_bytes);
   12039   if (rc != TPM_RC_SUCCESS) {
   12040     return rc;
   12041   }
   12042   std::string hierarchy_bytes;
   12043   rc = Serialize_TPMI_RH_HIERARCHY(
   12044       hierarchy,
   12045       &hierarchy_bytes);
   12046   if (rc != TPM_RC_SUCCESS) {
   12047     return rc;
   12048   }
   12049   if (authorization_delegate) {
   12050     // Encrypt just the parameter data, not the size.
   12051     std::string tmp = in_private_bytes.substr(2);
   12052     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   12053       return TRUNKS_RC_ENCRYPTION_FAILED;
   12054     }
   12055     in_private_bytes.replace(2, std::string::npos, tmp);
   12056   }
   12057   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   12058       crypto::SecureHash::SHA256));
   12059   hash->Update(command_code_bytes.data(),
   12060                command_code_bytes.size());
   12061   hash->Update(in_private_bytes.data(),
   12062                in_private_bytes.size());
   12063   parameter_section_bytes += in_private_bytes;
   12064   command_size += in_private_bytes.size();
   12065   hash->Update(in_public_bytes.data(),
   12066                in_public_bytes.size());
   12067   parameter_section_bytes += in_public_bytes;
   12068   command_size += in_public_bytes.size();
   12069   hash->Update(hierarchy_bytes.data(),
   12070                hierarchy_bytes.size());
   12071   parameter_section_bytes += hierarchy_bytes;
   12072   command_size += hierarchy_bytes.size();
   12073   std::string command_hash(32, 0);
   12074   hash->Finish(string_as_array(&command_hash), command_hash.size());
   12075   std::string authorization_section_bytes;
   12076   std::string authorization_size_bytes;
   12077   if (authorization_delegate) {
   12078     if (!authorization_delegate->GetCommandAuthorization(
   12079         command_hash,
   12080         is_command_parameter_encryption_possible,
   12081         is_response_parameter_encryption_possible,
   12082         &authorization_section_bytes)) {
   12083       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12084     }
   12085     if (!authorization_section_bytes.empty()) {
   12086       tag = TPM_ST_SESSIONS;
   12087       std::string tmp;
   12088       rc = Serialize_UINT32(authorization_section_bytes.size(),
   12089                             &authorization_size_bytes);
   12090       if (rc != TPM_RC_SUCCESS) {
   12091         return rc;
   12092       }
   12093       command_size += authorization_size_bytes.size() +
   12094                       authorization_section_bytes.size();
   12095     }
   12096   }
   12097   std::string tag_bytes;
   12098   rc = Serialize_TPMI_ST_COMMAND_TAG(
   12099       tag,
   12100       &tag_bytes);
   12101   if (rc != TPM_RC_SUCCESS) {
   12102     return rc;
   12103   }
   12104   std::string command_size_bytes;
   12105   rc = Serialize_UINT32(
   12106       command_size,
   12107       &command_size_bytes);
   12108   if (rc != TPM_RC_SUCCESS) {
   12109     return rc;
   12110   }
   12111   *serialized_command = tag_bytes +
   12112                         command_size_bytes +
   12113                         command_code_bytes +
   12114                         handle_section_bytes +
   12115                         authorization_size_bytes +
   12116                         authorization_section_bytes +
   12117                         parameter_section_bytes;
   12118   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   12119   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   12120                                             serialized_command->size());
   12121   return TPM_RC_SUCCESS;
   12122 }
   12123 
   12124 TPM_RC Tpm::ParseResponse_LoadExternal(
   12125       const std::string& response,
   12126       TPM_HANDLE* object_handle,
   12127       TPM2B_NAME* name,
   12128       AuthorizationDelegate* authorization_delegate) {
   12129   VLOG(3) << __func__;
   12130   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   12131   TPM_RC rc = TPM_RC_SUCCESS;
   12132   std::string buffer(response);
   12133   TPM_ST tag;
   12134   std::string tag_bytes;
   12135   rc = Parse_TPM_ST(
   12136       &buffer,
   12137       &tag,
   12138       &tag_bytes);
   12139   if (rc != TPM_RC_SUCCESS) {
   12140     return rc;
   12141   }
   12142   UINT32 response_size;
   12143   std::string response_size_bytes;
   12144   rc = Parse_UINT32(
   12145       &buffer,
   12146       &response_size,
   12147       &response_size_bytes);
   12148   if (rc != TPM_RC_SUCCESS) {
   12149     return rc;
   12150   }
   12151   TPM_RC response_code;
   12152   std::string response_code_bytes;
   12153   rc = Parse_TPM_RC(
   12154       &buffer,
   12155       &response_code,
   12156       &response_code_bytes);
   12157   if (rc != TPM_RC_SUCCESS) {
   12158     return rc;
   12159   }
   12160   if (response_size != response.size()) {
   12161     return TPM_RC_SIZE;
   12162   }
   12163   if (response_code != TPM_RC_SUCCESS) {
   12164     return response_code;
   12165   }
   12166   std::string object_handle_bytes;
   12167   rc = Parse_TPM_HANDLE(
   12168       &buffer,
   12169       object_handle,
   12170       &object_handle_bytes);
   12171   if (rc != TPM_RC_SUCCESS) {
   12172     return rc;
   12173   }
   12174   TPM_CC command_code = TPM_CC_LoadExternal;
   12175   std::string command_code_bytes;
   12176   rc = Serialize_TPM_CC(
   12177       command_code,
   12178       &command_code_bytes);
   12179   if (rc != TPM_RC_SUCCESS) {
   12180     return rc;
   12181   }
   12182   std::string authorization_section_bytes;
   12183   if (tag == TPM_ST_SESSIONS) {
   12184     UINT32 parameter_section_size = buffer.size();
   12185     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   12186     if (rc != TPM_RC_SUCCESS) {
   12187       return rc;
   12188     }
   12189     if (parameter_section_size > buffer.size()) {
   12190       return TPM_RC_INSUFFICIENT;
   12191     }
   12192     authorization_section_bytes = buffer.substr(parameter_section_size);
   12193     // Keep the parameter section in |buffer|.
   12194     buffer.erase(parameter_section_size);
   12195   }
   12196   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   12197       crypto::SecureHash::SHA256));
   12198   hash->Update(response_code_bytes.data(),
   12199                response_code_bytes.size());
   12200   hash->Update(command_code_bytes.data(),
   12201                command_code_bytes.size());
   12202   hash->Update(buffer.data(),
   12203                buffer.size());
   12204   std::string response_hash(32, 0);
   12205   hash->Finish(string_as_array(&response_hash), response_hash.size());
   12206   if (tag == TPM_ST_SESSIONS) {
   12207     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12208     if (!authorization_delegate->CheckResponseAuthorization(
   12209         response_hash,
   12210         authorization_section_bytes)) {
   12211       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12212     }
   12213   }
   12214   std::string name_bytes;
   12215   rc = Parse_TPM2B_NAME(
   12216       &buffer,
   12217       name,
   12218       &name_bytes);
   12219   if (rc != TPM_RC_SUCCESS) {
   12220     return rc;
   12221   }
   12222   if (tag == TPM_ST_SESSIONS) {
   12223     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12224     // Decrypt just the parameter data, not the size.
   12225     std::string tmp = name_bytes.substr(2);
   12226     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   12227       return TRUNKS_RC_ENCRYPTION_FAILED;
   12228     }
   12229     name_bytes.replace(2, std::string::npos, tmp);
   12230     rc = Parse_TPM2B_NAME(
   12231         &name_bytes,
   12232         name,
   12233         nullptr);
   12234     if (rc != TPM_RC_SUCCESS) {
   12235       return rc;
   12236     }
   12237   }
   12238   return TPM_RC_SUCCESS;
   12239 }
   12240 
   12241 void LoadExternalErrorCallback(
   12242     const Tpm::LoadExternalResponse& callback,
   12243     TPM_RC response_code) {
   12244   VLOG(1) << __func__;
   12245   callback.Run(response_code,
   12246                TPM_HANDLE(),
   12247                TPM2B_NAME());
   12248 }
   12249 
   12250 void LoadExternalResponseParser(
   12251     const Tpm::LoadExternalResponse& callback,
   12252     AuthorizationDelegate* authorization_delegate,
   12253     const std::string& response) {
   12254   VLOG(1) << __func__;
   12255   base::Callback<void(TPM_RC)> error_reporter =
   12256       base::Bind(LoadExternalErrorCallback, callback);
   12257   TPM_HANDLE object_handle;
   12258   TPM2B_NAME name;
   12259   TPM_RC rc = Tpm::ParseResponse_LoadExternal(
   12260       response,
   12261       &object_handle,
   12262       &name,
   12263       authorization_delegate);
   12264   if (rc != TPM_RC_SUCCESS) {
   12265     error_reporter.Run(rc);
   12266     return;
   12267   }
   12268   callback.Run(
   12269       rc,
   12270       object_handle,
   12271       name);
   12272 }
   12273 
   12274 void Tpm::LoadExternal(
   12275       const TPM2B_SENSITIVE& in_private,
   12276       const TPM2B_PUBLIC& in_public,
   12277       const TPMI_RH_HIERARCHY& hierarchy,
   12278       AuthorizationDelegate* authorization_delegate,
   12279       const LoadExternalResponse& callback) {
   12280   VLOG(1) << __func__;
   12281   base::Callback<void(TPM_RC)> error_reporter =
   12282       base::Bind(LoadExternalErrorCallback, callback);
   12283   base::Callback<void(const std::string&)> parser =
   12284       base::Bind(LoadExternalResponseParser,
   12285                  callback,
   12286                  authorization_delegate);
   12287   std::string command;
   12288   TPM_RC rc = SerializeCommand_LoadExternal(
   12289       in_private,
   12290       in_public,
   12291       hierarchy,
   12292       &command,
   12293       authorization_delegate);
   12294   if (rc != TPM_RC_SUCCESS) {
   12295     error_reporter.Run(rc);
   12296     return;
   12297   }
   12298   transceiver_->SendCommand(command, parser);
   12299 }
   12300 
   12301 TPM_RC Tpm::LoadExternalSync(
   12302       const TPM2B_SENSITIVE& in_private,
   12303       const TPM2B_PUBLIC& in_public,
   12304       const TPMI_RH_HIERARCHY& hierarchy,
   12305       TPM_HANDLE* object_handle,
   12306       TPM2B_NAME* name,
   12307       AuthorizationDelegate* authorization_delegate) {
   12308   VLOG(1) << __func__;
   12309   std::string command;
   12310   TPM_RC rc = SerializeCommand_LoadExternal(
   12311       in_private,
   12312       in_public,
   12313       hierarchy,
   12314       &command,
   12315       authorization_delegate);
   12316   if (rc != TPM_RC_SUCCESS) {
   12317     return rc;
   12318   }
   12319   std::string response = transceiver_->SendCommandAndWait(command);
   12320   rc = ParseResponse_LoadExternal(
   12321       response,
   12322       object_handle,
   12323       name,
   12324       authorization_delegate);
   12325   return rc;
   12326 }
   12327 
   12328 TPM_RC Tpm::SerializeCommand_ReadPublic(
   12329       const TPMI_DH_OBJECT& object_handle,
   12330       const std::string& object_handle_name,
   12331       std::string* serialized_command,
   12332       AuthorizationDelegate* authorization_delegate) {
   12333   VLOG(3) << __func__;
   12334   TPM_RC rc = TPM_RC_SUCCESS;
   12335   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   12336   UINT32 command_size = 10;  // Header size.
   12337   std::string handle_section_bytes;
   12338   std::string parameter_section_bytes;
   12339   TPM_CC command_code = TPM_CC_ReadPublic;
   12340   bool is_command_parameter_encryption_possible = false;
   12341   bool is_response_parameter_encryption_possible = true;
   12342   std::string command_code_bytes;
   12343   rc = Serialize_TPM_CC(
   12344       command_code,
   12345       &command_code_bytes);
   12346   if (rc != TPM_RC_SUCCESS) {
   12347     return rc;
   12348   }
   12349   std::string object_handle_bytes;
   12350   rc = Serialize_TPMI_DH_OBJECT(
   12351       object_handle,
   12352       &object_handle_bytes);
   12353   if (rc != TPM_RC_SUCCESS) {
   12354     return rc;
   12355   }
   12356   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   12357       crypto::SecureHash::SHA256));
   12358   hash->Update(command_code_bytes.data(),
   12359                command_code_bytes.size());
   12360   hash->Update(object_handle_name.data(),
   12361                object_handle_name.size());
   12362   handle_section_bytes += object_handle_bytes;
   12363   command_size += object_handle_bytes.size();
   12364   std::string command_hash(32, 0);
   12365   hash->Finish(string_as_array(&command_hash), command_hash.size());
   12366   std::string authorization_section_bytes;
   12367   std::string authorization_size_bytes;
   12368   if (authorization_delegate) {
   12369     if (!authorization_delegate->GetCommandAuthorization(
   12370         command_hash,
   12371         is_command_parameter_encryption_possible,
   12372         is_response_parameter_encryption_possible,
   12373         &authorization_section_bytes)) {
   12374       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12375     }
   12376     if (!authorization_section_bytes.empty()) {
   12377       tag = TPM_ST_SESSIONS;
   12378       std::string tmp;
   12379       rc = Serialize_UINT32(authorization_section_bytes.size(),
   12380                             &authorization_size_bytes);
   12381       if (rc != TPM_RC_SUCCESS) {
   12382         return rc;
   12383       }
   12384       command_size += authorization_size_bytes.size() +
   12385                       authorization_section_bytes.size();
   12386     }
   12387   }
   12388   std::string tag_bytes;
   12389   rc = Serialize_TPMI_ST_COMMAND_TAG(
   12390       tag,
   12391       &tag_bytes);
   12392   if (rc != TPM_RC_SUCCESS) {
   12393     return rc;
   12394   }
   12395   std::string command_size_bytes;
   12396   rc = Serialize_UINT32(
   12397       command_size,
   12398       &command_size_bytes);
   12399   if (rc != TPM_RC_SUCCESS) {
   12400     return rc;
   12401   }
   12402   *serialized_command = tag_bytes +
   12403                         command_size_bytes +
   12404                         command_code_bytes +
   12405                         handle_section_bytes +
   12406                         authorization_size_bytes +
   12407                         authorization_section_bytes +
   12408                         parameter_section_bytes;
   12409   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   12410   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   12411                                             serialized_command->size());
   12412   return TPM_RC_SUCCESS;
   12413 }
   12414 
   12415 TPM_RC Tpm::ParseResponse_ReadPublic(
   12416       const std::string& response,
   12417       TPM2B_PUBLIC* out_public,
   12418       TPM2B_NAME* name,
   12419       TPM2B_NAME* qualified_name,
   12420       AuthorizationDelegate* authorization_delegate) {
   12421   VLOG(3) << __func__;
   12422   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   12423   TPM_RC rc = TPM_RC_SUCCESS;
   12424   std::string buffer(response);
   12425   TPM_ST tag;
   12426   std::string tag_bytes;
   12427   rc = Parse_TPM_ST(
   12428       &buffer,
   12429       &tag,
   12430       &tag_bytes);
   12431   if (rc != TPM_RC_SUCCESS) {
   12432     return rc;
   12433   }
   12434   UINT32 response_size;
   12435   std::string response_size_bytes;
   12436   rc = Parse_UINT32(
   12437       &buffer,
   12438       &response_size,
   12439       &response_size_bytes);
   12440   if (rc != TPM_RC_SUCCESS) {
   12441     return rc;
   12442   }
   12443   TPM_RC response_code;
   12444   std::string response_code_bytes;
   12445   rc = Parse_TPM_RC(
   12446       &buffer,
   12447       &response_code,
   12448       &response_code_bytes);
   12449   if (rc != TPM_RC_SUCCESS) {
   12450     return rc;
   12451   }
   12452   if (response_size != response.size()) {
   12453     return TPM_RC_SIZE;
   12454   }
   12455   if (response_code != TPM_RC_SUCCESS) {
   12456     return response_code;
   12457   }
   12458   TPM_CC command_code = TPM_CC_ReadPublic;
   12459   std::string command_code_bytes;
   12460   rc = Serialize_TPM_CC(
   12461       command_code,
   12462       &command_code_bytes);
   12463   if (rc != TPM_RC_SUCCESS) {
   12464     return rc;
   12465   }
   12466   std::string authorization_section_bytes;
   12467   if (tag == TPM_ST_SESSIONS) {
   12468     UINT32 parameter_section_size = buffer.size();
   12469     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   12470     if (rc != TPM_RC_SUCCESS) {
   12471       return rc;
   12472     }
   12473     if (parameter_section_size > buffer.size()) {
   12474       return TPM_RC_INSUFFICIENT;
   12475     }
   12476     authorization_section_bytes = buffer.substr(parameter_section_size);
   12477     // Keep the parameter section in |buffer|.
   12478     buffer.erase(parameter_section_size);
   12479   }
   12480   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   12481       crypto::SecureHash::SHA256));
   12482   hash->Update(response_code_bytes.data(),
   12483                response_code_bytes.size());
   12484   hash->Update(command_code_bytes.data(),
   12485                command_code_bytes.size());
   12486   hash->Update(buffer.data(),
   12487                buffer.size());
   12488   std::string response_hash(32, 0);
   12489   hash->Finish(string_as_array(&response_hash), response_hash.size());
   12490   if (tag == TPM_ST_SESSIONS) {
   12491     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12492     if (!authorization_delegate->CheckResponseAuthorization(
   12493         response_hash,
   12494         authorization_section_bytes)) {
   12495       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12496     }
   12497   }
   12498   std::string out_public_bytes;
   12499   rc = Parse_TPM2B_PUBLIC(
   12500       &buffer,
   12501       out_public,
   12502       &out_public_bytes);
   12503   if (rc != TPM_RC_SUCCESS) {
   12504     return rc;
   12505   }
   12506   std::string name_bytes;
   12507   rc = Parse_TPM2B_NAME(
   12508       &buffer,
   12509       name,
   12510       &name_bytes);
   12511   if (rc != TPM_RC_SUCCESS) {
   12512     return rc;
   12513   }
   12514   std::string qualified_name_bytes;
   12515   rc = Parse_TPM2B_NAME(
   12516       &buffer,
   12517       qualified_name,
   12518       &qualified_name_bytes);
   12519   if (rc != TPM_RC_SUCCESS) {
   12520     return rc;
   12521   }
   12522   if (tag == TPM_ST_SESSIONS) {
   12523     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12524     // Decrypt just the parameter data, not the size.
   12525     std::string tmp = out_public_bytes.substr(2);
   12526     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   12527       return TRUNKS_RC_ENCRYPTION_FAILED;
   12528     }
   12529     out_public_bytes.replace(2, std::string::npos, tmp);
   12530     rc = Parse_TPM2B_PUBLIC(
   12531         &out_public_bytes,
   12532         out_public,
   12533         nullptr);
   12534     if (rc != TPM_RC_SUCCESS) {
   12535       return rc;
   12536     }
   12537   }
   12538   return TPM_RC_SUCCESS;
   12539 }
   12540 
   12541 void ReadPublicErrorCallback(
   12542     const Tpm::ReadPublicResponse& callback,
   12543     TPM_RC response_code) {
   12544   VLOG(1) << __func__;
   12545   callback.Run(response_code,
   12546                TPM2B_PUBLIC(),
   12547                TPM2B_NAME(),
   12548                TPM2B_NAME());
   12549 }
   12550 
   12551 void ReadPublicResponseParser(
   12552     const Tpm::ReadPublicResponse& callback,
   12553     AuthorizationDelegate* authorization_delegate,
   12554     const std::string& response) {
   12555   VLOG(1) << __func__;
   12556   base::Callback<void(TPM_RC)> error_reporter =
   12557       base::Bind(ReadPublicErrorCallback, callback);
   12558   TPM2B_PUBLIC out_public;
   12559   TPM2B_NAME name;
   12560   TPM2B_NAME qualified_name;
   12561   TPM_RC rc = Tpm::ParseResponse_ReadPublic(
   12562       response,
   12563       &out_public,
   12564       &name,
   12565       &qualified_name,
   12566       authorization_delegate);
   12567   if (rc != TPM_RC_SUCCESS) {
   12568     error_reporter.Run(rc);
   12569     return;
   12570   }
   12571   callback.Run(
   12572       rc,
   12573       out_public,
   12574       name,
   12575       qualified_name);
   12576 }
   12577 
   12578 void Tpm::ReadPublic(
   12579       const TPMI_DH_OBJECT& object_handle,
   12580       const std::string& object_handle_name,
   12581       AuthorizationDelegate* authorization_delegate,
   12582       const ReadPublicResponse& callback) {
   12583   VLOG(1) << __func__;
   12584   base::Callback<void(TPM_RC)> error_reporter =
   12585       base::Bind(ReadPublicErrorCallback, callback);
   12586   base::Callback<void(const std::string&)> parser =
   12587       base::Bind(ReadPublicResponseParser,
   12588                  callback,
   12589                  authorization_delegate);
   12590   std::string command;
   12591   TPM_RC rc = SerializeCommand_ReadPublic(
   12592       object_handle,
   12593       object_handle_name,
   12594       &command,
   12595       authorization_delegate);
   12596   if (rc != TPM_RC_SUCCESS) {
   12597     error_reporter.Run(rc);
   12598     return;
   12599   }
   12600   transceiver_->SendCommand(command, parser);
   12601 }
   12602 
   12603 TPM_RC Tpm::ReadPublicSync(
   12604       const TPMI_DH_OBJECT& object_handle,
   12605       const std::string& object_handle_name,
   12606       TPM2B_PUBLIC* out_public,
   12607       TPM2B_NAME* name,
   12608       TPM2B_NAME* qualified_name,
   12609       AuthorizationDelegate* authorization_delegate) {
   12610   VLOG(1) << __func__;
   12611   std::string command;
   12612   TPM_RC rc = SerializeCommand_ReadPublic(
   12613       object_handle,
   12614       object_handle_name,
   12615       &command,
   12616       authorization_delegate);
   12617   if (rc != TPM_RC_SUCCESS) {
   12618     return rc;
   12619   }
   12620   std::string response = transceiver_->SendCommandAndWait(command);
   12621   rc = ParseResponse_ReadPublic(
   12622       response,
   12623       out_public,
   12624       name,
   12625       qualified_name,
   12626       authorization_delegate);
   12627   return rc;
   12628 }
   12629 
   12630 TPM_RC Tpm::SerializeCommand_ActivateCredential(
   12631       const TPMI_DH_OBJECT& activate_handle,
   12632       const std::string& activate_handle_name,
   12633       const TPMI_DH_OBJECT& key_handle,
   12634       const std::string& key_handle_name,
   12635       const TPM2B_ID_OBJECT& credential_blob,
   12636       const TPM2B_ENCRYPTED_SECRET& secret,
   12637       std::string* serialized_command,
   12638       AuthorizationDelegate* authorization_delegate) {
   12639   VLOG(3) << __func__;
   12640   TPM_RC rc = TPM_RC_SUCCESS;
   12641   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   12642   UINT32 command_size = 10;  // Header size.
   12643   std::string handle_section_bytes;
   12644   std::string parameter_section_bytes;
   12645   TPM_CC command_code = TPM_CC_ActivateCredential;
   12646   bool is_command_parameter_encryption_possible = true;
   12647   bool is_response_parameter_encryption_possible = true;
   12648   std::string command_code_bytes;
   12649   rc = Serialize_TPM_CC(
   12650       command_code,
   12651       &command_code_bytes);
   12652   if (rc != TPM_RC_SUCCESS) {
   12653     return rc;
   12654   }
   12655   std::string activate_handle_bytes;
   12656   rc = Serialize_TPMI_DH_OBJECT(
   12657       activate_handle,
   12658       &activate_handle_bytes);
   12659   if (rc != TPM_RC_SUCCESS) {
   12660     return rc;
   12661   }
   12662   std::string key_handle_bytes;
   12663   rc = Serialize_TPMI_DH_OBJECT(
   12664       key_handle,
   12665       &key_handle_bytes);
   12666   if (rc != TPM_RC_SUCCESS) {
   12667     return rc;
   12668   }
   12669   std::string credential_blob_bytes;
   12670   rc = Serialize_TPM2B_ID_OBJECT(
   12671       credential_blob,
   12672       &credential_blob_bytes);
   12673   if (rc != TPM_RC_SUCCESS) {
   12674     return rc;
   12675   }
   12676   std::string secret_bytes;
   12677   rc = Serialize_TPM2B_ENCRYPTED_SECRET(
   12678       secret,
   12679       &secret_bytes);
   12680   if (rc != TPM_RC_SUCCESS) {
   12681     return rc;
   12682   }
   12683   if (authorization_delegate) {
   12684     // Encrypt just the parameter data, not the size.
   12685     std::string tmp = credential_blob_bytes.substr(2);
   12686     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   12687       return TRUNKS_RC_ENCRYPTION_FAILED;
   12688     }
   12689     credential_blob_bytes.replace(2, std::string::npos, tmp);
   12690   }
   12691   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   12692       crypto::SecureHash::SHA256));
   12693   hash->Update(command_code_bytes.data(),
   12694                command_code_bytes.size());
   12695   hash->Update(activate_handle_name.data(),
   12696                activate_handle_name.size());
   12697   handle_section_bytes += activate_handle_bytes;
   12698   command_size += activate_handle_bytes.size();
   12699   hash->Update(key_handle_name.data(),
   12700                key_handle_name.size());
   12701   handle_section_bytes += key_handle_bytes;
   12702   command_size += key_handle_bytes.size();
   12703   hash->Update(credential_blob_bytes.data(),
   12704                credential_blob_bytes.size());
   12705   parameter_section_bytes += credential_blob_bytes;
   12706   command_size += credential_blob_bytes.size();
   12707   hash->Update(secret_bytes.data(),
   12708                secret_bytes.size());
   12709   parameter_section_bytes += secret_bytes;
   12710   command_size += secret_bytes.size();
   12711   std::string command_hash(32, 0);
   12712   hash->Finish(string_as_array(&command_hash), command_hash.size());
   12713   std::string authorization_section_bytes;
   12714   std::string authorization_size_bytes;
   12715   if (authorization_delegate) {
   12716     if (!authorization_delegate->GetCommandAuthorization(
   12717         command_hash,
   12718         is_command_parameter_encryption_possible,
   12719         is_response_parameter_encryption_possible,
   12720         &authorization_section_bytes)) {
   12721       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12722     }
   12723     if (!authorization_section_bytes.empty()) {
   12724       tag = TPM_ST_SESSIONS;
   12725       std::string tmp;
   12726       rc = Serialize_UINT32(authorization_section_bytes.size(),
   12727                             &authorization_size_bytes);
   12728       if (rc != TPM_RC_SUCCESS) {
   12729         return rc;
   12730       }
   12731       command_size += authorization_size_bytes.size() +
   12732                       authorization_section_bytes.size();
   12733     }
   12734   }
   12735   std::string tag_bytes;
   12736   rc = Serialize_TPMI_ST_COMMAND_TAG(
   12737       tag,
   12738       &tag_bytes);
   12739   if (rc != TPM_RC_SUCCESS) {
   12740     return rc;
   12741   }
   12742   std::string command_size_bytes;
   12743   rc = Serialize_UINT32(
   12744       command_size,
   12745       &command_size_bytes);
   12746   if (rc != TPM_RC_SUCCESS) {
   12747     return rc;
   12748   }
   12749   *serialized_command = tag_bytes +
   12750                         command_size_bytes +
   12751                         command_code_bytes +
   12752                         handle_section_bytes +
   12753                         authorization_size_bytes +
   12754                         authorization_section_bytes +
   12755                         parameter_section_bytes;
   12756   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   12757   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   12758                                             serialized_command->size());
   12759   return TPM_RC_SUCCESS;
   12760 }
   12761 
   12762 TPM_RC Tpm::ParseResponse_ActivateCredential(
   12763       const std::string& response,
   12764       TPM2B_DIGEST* cert_info,
   12765       AuthorizationDelegate* authorization_delegate) {
   12766   VLOG(3) << __func__;
   12767   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   12768   TPM_RC rc = TPM_RC_SUCCESS;
   12769   std::string buffer(response);
   12770   TPM_ST tag;
   12771   std::string tag_bytes;
   12772   rc = Parse_TPM_ST(
   12773       &buffer,
   12774       &tag,
   12775       &tag_bytes);
   12776   if (rc != TPM_RC_SUCCESS) {
   12777     return rc;
   12778   }
   12779   UINT32 response_size;
   12780   std::string response_size_bytes;
   12781   rc = Parse_UINT32(
   12782       &buffer,
   12783       &response_size,
   12784       &response_size_bytes);
   12785   if (rc != TPM_RC_SUCCESS) {
   12786     return rc;
   12787   }
   12788   TPM_RC response_code;
   12789   std::string response_code_bytes;
   12790   rc = Parse_TPM_RC(
   12791       &buffer,
   12792       &response_code,
   12793       &response_code_bytes);
   12794   if (rc != TPM_RC_SUCCESS) {
   12795     return rc;
   12796   }
   12797   if (response_size != response.size()) {
   12798     return TPM_RC_SIZE;
   12799   }
   12800   if (response_code != TPM_RC_SUCCESS) {
   12801     return response_code;
   12802   }
   12803   TPM_CC command_code = TPM_CC_ActivateCredential;
   12804   std::string command_code_bytes;
   12805   rc = Serialize_TPM_CC(
   12806       command_code,
   12807       &command_code_bytes);
   12808   if (rc != TPM_RC_SUCCESS) {
   12809     return rc;
   12810   }
   12811   std::string authorization_section_bytes;
   12812   if (tag == TPM_ST_SESSIONS) {
   12813     UINT32 parameter_section_size = buffer.size();
   12814     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   12815     if (rc != TPM_RC_SUCCESS) {
   12816       return rc;
   12817     }
   12818     if (parameter_section_size > buffer.size()) {
   12819       return TPM_RC_INSUFFICIENT;
   12820     }
   12821     authorization_section_bytes = buffer.substr(parameter_section_size);
   12822     // Keep the parameter section in |buffer|.
   12823     buffer.erase(parameter_section_size);
   12824   }
   12825   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   12826       crypto::SecureHash::SHA256));
   12827   hash->Update(response_code_bytes.data(),
   12828                response_code_bytes.size());
   12829   hash->Update(command_code_bytes.data(),
   12830                command_code_bytes.size());
   12831   hash->Update(buffer.data(),
   12832                buffer.size());
   12833   std::string response_hash(32, 0);
   12834   hash->Finish(string_as_array(&response_hash), response_hash.size());
   12835   if (tag == TPM_ST_SESSIONS) {
   12836     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12837     if (!authorization_delegate->CheckResponseAuthorization(
   12838         response_hash,
   12839         authorization_section_bytes)) {
   12840       return TRUNKS_RC_AUTHORIZATION_FAILED;
   12841     }
   12842   }
   12843   std::string cert_info_bytes;
   12844   rc = Parse_TPM2B_DIGEST(
   12845       &buffer,
   12846       cert_info,
   12847       &cert_info_bytes);
   12848   if (rc != TPM_RC_SUCCESS) {
   12849     return rc;
   12850   }
   12851   if (tag == TPM_ST_SESSIONS) {
   12852     CHECK(authorization_delegate) << "Authorization delegate missing!";
   12853     // Decrypt just the parameter data, not the size.
   12854     std::string tmp = cert_info_bytes.substr(2);
   12855     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   12856       return TRUNKS_RC_ENCRYPTION_FAILED;
   12857     }
   12858     cert_info_bytes.replace(2, std::string::npos, tmp);
   12859     rc = Parse_TPM2B_DIGEST(
   12860         &cert_info_bytes,
   12861         cert_info,
   12862         nullptr);
   12863     if (rc != TPM_RC_SUCCESS) {
   12864       return rc;
   12865     }
   12866   }
   12867   return TPM_RC_SUCCESS;
   12868 }
   12869 
   12870 void ActivateCredentialErrorCallback(
   12871     const Tpm::ActivateCredentialResponse& callback,
   12872     TPM_RC response_code) {
   12873   VLOG(1) << __func__;
   12874   callback.Run(response_code,
   12875                TPM2B_DIGEST());
   12876 }
   12877 
   12878 void ActivateCredentialResponseParser(
   12879     const Tpm::ActivateCredentialResponse& callback,
   12880     AuthorizationDelegate* authorization_delegate,
   12881     const std::string& response) {
   12882   VLOG(1) << __func__;
   12883   base::Callback<void(TPM_RC)> error_reporter =
   12884       base::Bind(ActivateCredentialErrorCallback, callback);
   12885   TPM2B_DIGEST cert_info;
   12886   TPM_RC rc = Tpm::ParseResponse_ActivateCredential(
   12887       response,
   12888       &cert_info,
   12889       authorization_delegate);
   12890   if (rc != TPM_RC_SUCCESS) {
   12891     error_reporter.Run(rc);
   12892     return;
   12893   }
   12894   callback.Run(
   12895       rc,
   12896       cert_info);
   12897 }
   12898 
   12899 void Tpm::ActivateCredential(
   12900       const TPMI_DH_OBJECT& activate_handle,
   12901       const std::string& activate_handle_name,
   12902       const TPMI_DH_OBJECT& key_handle,
   12903       const std::string& key_handle_name,
   12904       const TPM2B_ID_OBJECT& credential_blob,
   12905       const TPM2B_ENCRYPTED_SECRET& secret,
   12906       AuthorizationDelegate* authorization_delegate,
   12907       const ActivateCredentialResponse& callback) {
   12908   VLOG(1) << __func__;
   12909   base::Callback<void(TPM_RC)> error_reporter =
   12910       base::Bind(ActivateCredentialErrorCallback, callback);
   12911   base::Callback<void(const std::string&)> parser =
   12912       base::Bind(ActivateCredentialResponseParser,
   12913                  callback,
   12914                  authorization_delegate);
   12915   std::string command;
   12916   TPM_RC rc = SerializeCommand_ActivateCredential(
   12917       activate_handle,
   12918       activate_handle_name,
   12919       key_handle,
   12920       key_handle_name,
   12921       credential_blob,
   12922       secret,
   12923       &command,
   12924       authorization_delegate);
   12925   if (rc != TPM_RC_SUCCESS) {
   12926     error_reporter.Run(rc);
   12927     return;
   12928   }
   12929   transceiver_->SendCommand(command, parser);
   12930 }
   12931 
   12932 TPM_RC Tpm::ActivateCredentialSync(
   12933       const TPMI_DH_OBJECT& activate_handle,
   12934       const std::string& activate_handle_name,
   12935       const TPMI_DH_OBJECT& key_handle,
   12936       const std::string& key_handle_name,
   12937       const TPM2B_ID_OBJECT& credential_blob,
   12938       const TPM2B_ENCRYPTED_SECRET& secret,
   12939       TPM2B_DIGEST* cert_info,
   12940       AuthorizationDelegate* authorization_delegate) {
   12941   VLOG(1) << __func__;
   12942   std::string command;
   12943   TPM_RC rc = SerializeCommand_ActivateCredential(
   12944       activate_handle,
   12945       activate_handle_name,
   12946       key_handle,
   12947       key_handle_name,
   12948       credential_blob,
   12949       secret,
   12950       &command,
   12951       authorization_delegate);
   12952   if (rc != TPM_RC_SUCCESS) {
   12953     return rc;
   12954   }
   12955   std::string response = transceiver_->SendCommandAndWait(command);
   12956   rc = ParseResponse_ActivateCredential(
   12957       response,
   12958       cert_info,
   12959       authorization_delegate);
   12960   return rc;
   12961 }
   12962 
   12963 TPM_RC Tpm::SerializeCommand_MakeCredential(
   12964       const TPMI_DH_OBJECT& handle,
   12965       const std::string& handle_name,
   12966       const TPM2B_DIGEST& credential,
   12967       const TPM2B_NAME& object_name,
   12968       std::string* serialized_command,
   12969       AuthorizationDelegate* authorization_delegate) {
   12970   VLOG(3) << __func__;
   12971   TPM_RC rc = TPM_RC_SUCCESS;
   12972   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   12973   UINT32 command_size = 10;  // Header size.
   12974   std::string handle_section_bytes;
   12975   std::string parameter_section_bytes;
   12976   TPM_CC command_code = TPM_CC_MakeCredential;
   12977   bool is_command_parameter_encryption_possible = true;
   12978   bool is_response_parameter_encryption_possible = true;
   12979   std::string command_code_bytes;
   12980   rc = Serialize_TPM_CC(
   12981       command_code,
   12982       &command_code_bytes);
   12983   if (rc != TPM_RC_SUCCESS) {
   12984     return rc;
   12985   }
   12986   std::string handle_bytes;
   12987   rc = Serialize_TPMI_DH_OBJECT(
   12988       handle,
   12989       &handle_bytes);
   12990   if (rc != TPM_RC_SUCCESS) {
   12991     return rc;
   12992   }
   12993   std::string credential_bytes;
   12994   rc = Serialize_TPM2B_DIGEST(
   12995       credential,
   12996       &credential_bytes);
   12997   if (rc != TPM_RC_SUCCESS) {
   12998     return rc;
   12999   }
   13000   std::string object_name_bytes;
   13001   rc = Serialize_TPM2B_NAME(
   13002       object_name,
   13003       &object_name_bytes);
   13004   if (rc != TPM_RC_SUCCESS) {
   13005     return rc;
   13006   }
   13007   if (authorization_delegate) {
   13008     // Encrypt just the parameter data, not the size.
   13009     std::string tmp = credential_bytes.substr(2);
   13010     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   13011       return TRUNKS_RC_ENCRYPTION_FAILED;
   13012     }
   13013     credential_bytes.replace(2, std::string::npos, tmp);
   13014   }
   13015   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   13016       crypto::SecureHash::SHA256));
   13017   hash->Update(command_code_bytes.data(),
   13018                command_code_bytes.size());
   13019   hash->Update(handle_name.data(),
   13020                handle_name.size());
   13021   handle_section_bytes += handle_bytes;
   13022   command_size += handle_bytes.size();
   13023   hash->Update(credential_bytes.data(),
   13024                credential_bytes.size());
   13025   parameter_section_bytes += credential_bytes;
   13026   command_size += credential_bytes.size();
   13027   hash->Update(object_name_bytes.data(),
   13028                object_name_bytes.size());
   13029   parameter_section_bytes += object_name_bytes;
   13030   command_size += object_name_bytes.size();
   13031   std::string command_hash(32, 0);
   13032   hash->Finish(string_as_array(&command_hash), command_hash.size());
   13033   std::string authorization_section_bytes;
   13034   std::string authorization_size_bytes;
   13035   if (authorization_delegate) {
   13036     if (!authorization_delegate->GetCommandAuthorization(
   13037         command_hash,
   13038         is_command_parameter_encryption_possible,
   13039         is_response_parameter_encryption_possible,
   13040         &authorization_section_bytes)) {
   13041       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13042     }
   13043     if (!authorization_section_bytes.empty()) {
   13044       tag = TPM_ST_SESSIONS;
   13045       std::string tmp;
   13046       rc = Serialize_UINT32(authorization_section_bytes.size(),
   13047                             &authorization_size_bytes);
   13048       if (rc != TPM_RC_SUCCESS) {
   13049         return rc;
   13050       }
   13051       command_size += authorization_size_bytes.size() +
   13052                       authorization_section_bytes.size();
   13053     }
   13054   }
   13055   std::string tag_bytes;
   13056   rc = Serialize_TPMI_ST_COMMAND_TAG(
   13057       tag,
   13058       &tag_bytes);
   13059   if (rc != TPM_RC_SUCCESS) {
   13060     return rc;
   13061   }
   13062   std::string command_size_bytes;
   13063   rc = Serialize_UINT32(
   13064       command_size,
   13065       &command_size_bytes);
   13066   if (rc != TPM_RC_SUCCESS) {
   13067     return rc;
   13068   }
   13069   *serialized_command = tag_bytes +
   13070                         command_size_bytes +
   13071                         command_code_bytes +
   13072                         handle_section_bytes +
   13073                         authorization_size_bytes +
   13074                         authorization_section_bytes +
   13075                         parameter_section_bytes;
   13076   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   13077   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   13078                                             serialized_command->size());
   13079   return TPM_RC_SUCCESS;
   13080 }
   13081 
   13082 TPM_RC Tpm::ParseResponse_MakeCredential(
   13083       const std::string& response,
   13084       TPM2B_ID_OBJECT* credential_blob,
   13085       TPM2B_ENCRYPTED_SECRET* secret,
   13086       AuthorizationDelegate* authorization_delegate) {
   13087   VLOG(3) << __func__;
   13088   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   13089   TPM_RC rc = TPM_RC_SUCCESS;
   13090   std::string buffer(response);
   13091   TPM_ST tag;
   13092   std::string tag_bytes;
   13093   rc = Parse_TPM_ST(
   13094       &buffer,
   13095       &tag,
   13096       &tag_bytes);
   13097   if (rc != TPM_RC_SUCCESS) {
   13098     return rc;
   13099   }
   13100   UINT32 response_size;
   13101   std::string response_size_bytes;
   13102   rc = Parse_UINT32(
   13103       &buffer,
   13104       &response_size,
   13105       &response_size_bytes);
   13106   if (rc != TPM_RC_SUCCESS) {
   13107     return rc;
   13108   }
   13109   TPM_RC response_code;
   13110   std::string response_code_bytes;
   13111   rc = Parse_TPM_RC(
   13112       &buffer,
   13113       &response_code,
   13114       &response_code_bytes);
   13115   if (rc != TPM_RC_SUCCESS) {
   13116     return rc;
   13117   }
   13118   if (response_size != response.size()) {
   13119     return TPM_RC_SIZE;
   13120   }
   13121   if (response_code != TPM_RC_SUCCESS) {
   13122     return response_code;
   13123   }
   13124   TPM_CC command_code = TPM_CC_MakeCredential;
   13125   std::string command_code_bytes;
   13126   rc = Serialize_TPM_CC(
   13127       command_code,
   13128       &command_code_bytes);
   13129   if (rc != TPM_RC_SUCCESS) {
   13130     return rc;
   13131   }
   13132   std::string authorization_section_bytes;
   13133   if (tag == TPM_ST_SESSIONS) {
   13134     UINT32 parameter_section_size = buffer.size();
   13135     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   13136     if (rc != TPM_RC_SUCCESS) {
   13137       return rc;
   13138     }
   13139     if (parameter_section_size > buffer.size()) {
   13140       return TPM_RC_INSUFFICIENT;
   13141     }
   13142     authorization_section_bytes = buffer.substr(parameter_section_size);
   13143     // Keep the parameter section in |buffer|.
   13144     buffer.erase(parameter_section_size);
   13145   }
   13146   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   13147       crypto::SecureHash::SHA256));
   13148   hash->Update(response_code_bytes.data(),
   13149                response_code_bytes.size());
   13150   hash->Update(command_code_bytes.data(),
   13151                command_code_bytes.size());
   13152   hash->Update(buffer.data(),
   13153                buffer.size());
   13154   std::string response_hash(32, 0);
   13155   hash->Finish(string_as_array(&response_hash), response_hash.size());
   13156   if (tag == TPM_ST_SESSIONS) {
   13157     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13158     if (!authorization_delegate->CheckResponseAuthorization(
   13159         response_hash,
   13160         authorization_section_bytes)) {
   13161       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13162     }
   13163   }
   13164   std::string credential_blob_bytes;
   13165   rc = Parse_TPM2B_ID_OBJECT(
   13166       &buffer,
   13167       credential_blob,
   13168       &credential_blob_bytes);
   13169   if (rc != TPM_RC_SUCCESS) {
   13170     return rc;
   13171   }
   13172   std::string secret_bytes;
   13173   rc = Parse_TPM2B_ENCRYPTED_SECRET(
   13174       &buffer,
   13175       secret,
   13176       &secret_bytes);
   13177   if (rc != TPM_RC_SUCCESS) {
   13178     return rc;
   13179   }
   13180   if (tag == TPM_ST_SESSIONS) {
   13181     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13182     // Decrypt just the parameter data, not the size.
   13183     std::string tmp = credential_blob_bytes.substr(2);
   13184     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   13185       return TRUNKS_RC_ENCRYPTION_FAILED;
   13186     }
   13187     credential_blob_bytes.replace(2, std::string::npos, tmp);
   13188     rc = Parse_TPM2B_ID_OBJECT(
   13189         &credential_blob_bytes,
   13190         credential_blob,
   13191         nullptr);
   13192     if (rc != TPM_RC_SUCCESS) {
   13193       return rc;
   13194     }
   13195   }
   13196   return TPM_RC_SUCCESS;
   13197 }
   13198 
   13199 void MakeCredentialErrorCallback(
   13200     const Tpm::MakeCredentialResponse& callback,
   13201     TPM_RC response_code) {
   13202   VLOG(1) << __func__;
   13203   callback.Run(response_code,
   13204                TPM2B_ID_OBJECT(),
   13205                TPM2B_ENCRYPTED_SECRET());
   13206 }
   13207 
   13208 void MakeCredentialResponseParser(
   13209     const Tpm::MakeCredentialResponse& callback,
   13210     AuthorizationDelegate* authorization_delegate,
   13211     const std::string& response) {
   13212   VLOG(1) << __func__;
   13213   base::Callback<void(TPM_RC)> error_reporter =
   13214       base::Bind(MakeCredentialErrorCallback, callback);
   13215   TPM2B_ID_OBJECT credential_blob;
   13216   TPM2B_ENCRYPTED_SECRET secret;
   13217   TPM_RC rc = Tpm::ParseResponse_MakeCredential(
   13218       response,
   13219       &credential_blob,
   13220       &secret,
   13221       authorization_delegate);
   13222   if (rc != TPM_RC_SUCCESS) {
   13223     error_reporter.Run(rc);
   13224     return;
   13225   }
   13226   callback.Run(
   13227       rc,
   13228       credential_blob,
   13229       secret);
   13230 }
   13231 
   13232 void Tpm::MakeCredential(
   13233       const TPMI_DH_OBJECT& handle,
   13234       const std::string& handle_name,
   13235       const TPM2B_DIGEST& credential,
   13236       const TPM2B_NAME& object_name,
   13237       AuthorizationDelegate* authorization_delegate,
   13238       const MakeCredentialResponse& callback) {
   13239   VLOG(1) << __func__;
   13240   base::Callback<void(TPM_RC)> error_reporter =
   13241       base::Bind(MakeCredentialErrorCallback, callback);
   13242   base::Callback<void(const std::string&)> parser =
   13243       base::Bind(MakeCredentialResponseParser,
   13244                  callback,
   13245                  authorization_delegate);
   13246   std::string command;
   13247   TPM_RC rc = SerializeCommand_MakeCredential(
   13248       handle,
   13249       handle_name,
   13250       credential,
   13251       object_name,
   13252       &command,
   13253       authorization_delegate);
   13254   if (rc != TPM_RC_SUCCESS) {
   13255     error_reporter.Run(rc);
   13256     return;
   13257   }
   13258   transceiver_->SendCommand(command, parser);
   13259 }
   13260 
   13261 TPM_RC Tpm::MakeCredentialSync(
   13262       const TPMI_DH_OBJECT& handle,
   13263       const std::string& handle_name,
   13264       const TPM2B_DIGEST& credential,
   13265       const TPM2B_NAME& object_name,
   13266       TPM2B_ID_OBJECT* credential_blob,
   13267       TPM2B_ENCRYPTED_SECRET* secret,
   13268       AuthorizationDelegate* authorization_delegate) {
   13269   VLOG(1) << __func__;
   13270   std::string command;
   13271   TPM_RC rc = SerializeCommand_MakeCredential(
   13272       handle,
   13273       handle_name,
   13274       credential,
   13275       object_name,
   13276       &command,
   13277       authorization_delegate);
   13278   if (rc != TPM_RC_SUCCESS) {
   13279     return rc;
   13280   }
   13281   std::string response = transceiver_->SendCommandAndWait(command);
   13282   rc = ParseResponse_MakeCredential(
   13283       response,
   13284       credential_blob,
   13285       secret,
   13286       authorization_delegate);
   13287   return rc;
   13288 }
   13289 
   13290 TPM_RC Tpm::SerializeCommand_Unseal(
   13291       const TPMI_DH_OBJECT& item_handle,
   13292       const std::string& item_handle_name,
   13293       std::string* serialized_command,
   13294       AuthorizationDelegate* authorization_delegate) {
   13295   VLOG(3) << __func__;
   13296   TPM_RC rc = TPM_RC_SUCCESS;
   13297   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   13298   UINT32 command_size = 10;  // Header size.
   13299   std::string handle_section_bytes;
   13300   std::string parameter_section_bytes;
   13301   TPM_CC command_code = TPM_CC_Unseal;
   13302   bool is_command_parameter_encryption_possible = false;
   13303   bool is_response_parameter_encryption_possible = true;
   13304   std::string command_code_bytes;
   13305   rc = Serialize_TPM_CC(
   13306       command_code,
   13307       &command_code_bytes);
   13308   if (rc != TPM_RC_SUCCESS) {
   13309     return rc;
   13310   }
   13311   std::string item_handle_bytes;
   13312   rc = Serialize_TPMI_DH_OBJECT(
   13313       item_handle,
   13314       &item_handle_bytes);
   13315   if (rc != TPM_RC_SUCCESS) {
   13316     return rc;
   13317   }
   13318   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   13319       crypto::SecureHash::SHA256));
   13320   hash->Update(command_code_bytes.data(),
   13321                command_code_bytes.size());
   13322   hash->Update(item_handle_name.data(),
   13323                item_handle_name.size());
   13324   handle_section_bytes += item_handle_bytes;
   13325   command_size += item_handle_bytes.size();
   13326   std::string command_hash(32, 0);
   13327   hash->Finish(string_as_array(&command_hash), command_hash.size());
   13328   std::string authorization_section_bytes;
   13329   std::string authorization_size_bytes;
   13330   if (authorization_delegate) {
   13331     if (!authorization_delegate->GetCommandAuthorization(
   13332         command_hash,
   13333         is_command_parameter_encryption_possible,
   13334         is_response_parameter_encryption_possible,
   13335         &authorization_section_bytes)) {
   13336       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13337     }
   13338     if (!authorization_section_bytes.empty()) {
   13339       tag = TPM_ST_SESSIONS;
   13340       std::string tmp;
   13341       rc = Serialize_UINT32(authorization_section_bytes.size(),
   13342                             &authorization_size_bytes);
   13343       if (rc != TPM_RC_SUCCESS) {
   13344         return rc;
   13345       }
   13346       command_size += authorization_size_bytes.size() +
   13347                       authorization_section_bytes.size();
   13348     }
   13349   }
   13350   std::string tag_bytes;
   13351   rc = Serialize_TPMI_ST_COMMAND_TAG(
   13352       tag,
   13353       &tag_bytes);
   13354   if (rc != TPM_RC_SUCCESS) {
   13355     return rc;
   13356   }
   13357   std::string command_size_bytes;
   13358   rc = Serialize_UINT32(
   13359       command_size,
   13360       &command_size_bytes);
   13361   if (rc != TPM_RC_SUCCESS) {
   13362     return rc;
   13363   }
   13364   *serialized_command = tag_bytes +
   13365                         command_size_bytes +
   13366                         command_code_bytes +
   13367                         handle_section_bytes +
   13368                         authorization_size_bytes +
   13369                         authorization_section_bytes +
   13370                         parameter_section_bytes;
   13371   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   13372   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   13373                                             serialized_command->size());
   13374   return TPM_RC_SUCCESS;
   13375 }
   13376 
   13377 TPM_RC Tpm::ParseResponse_Unseal(
   13378       const std::string& response,
   13379       TPM2B_SENSITIVE_DATA* out_data,
   13380       AuthorizationDelegate* authorization_delegate) {
   13381   VLOG(3) << __func__;
   13382   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   13383   TPM_RC rc = TPM_RC_SUCCESS;
   13384   std::string buffer(response);
   13385   TPM_ST tag;
   13386   std::string tag_bytes;
   13387   rc = Parse_TPM_ST(
   13388       &buffer,
   13389       &tag,
   13390       &tag_bytes);
   13391   if (rc != TPM_RC_SUCCESS) {
   13392     return rc;
   13393   }
   13394   UINT32 response_size;
   13395   std::string response_size_bytes;
   13396   rc = Parse_UINT32(
   13397       &buffer,
   13398       &response_size,
   13399       &response_size_bytes);
   13400   if (rc != TPM_RC_SUCCESS) {
   13401     return rc;
   13402   }
   13403   TPM_RC response_code;
   13404   std::string response_code_bytes;
   13405   rc = Parse_TPM_RC(
   13406       &buffer,
   13407       &response_code,
   13408       &response_code_bytes);
   13409   if (rc != TPM_RC_SUCCESS) {
   13410     return rc;
   13411   }
   13412   if (response_size != response.size()) {
   13413     return TPM_RC_SIZE;
   13414   }
   13415   if (response_code != TPM_RC_SUCCESS) {
   13416     return response_code;
   13417   }
   13418   TPM_CC command_code = TPM_CC_Unseal;
   13419   std::string command_code_bytes;
   13420   rc = Serialize_TPM_CC(
   13421       command_code,
   13422       &command_code_bytes);
   13423   if (rc != TPM_RC_SUCCESS) {
   13424     return rc;
   13425   }
   13426   std::string authorization_section_bytes;
   13427   if (tag == TPM_ST_SESSIONS) {
   13428     UINT32 parameter_section_size = buffer.size();
   13429     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   13430     if (rc != TPM_RC_SUCCESS) {
   13431       return rc;
   13432     }
   13433     if (parameter_section_size > buffer.size()) {
   13434       return TPM_RC_INSUFFICIENT;
   13435     }
   13436     authorization_section_bytes = buffer.substr(parameter_section_size);
   13437     // Keep the parameter section in |buffer|.
   13438     buffer.erase(parameter_section_size);
   13439   }
   13440   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   13441       crypto::SecureHash::SHA256));
   13442   hash->Update(response_code_bytes.data(),
   13443                response_code_bytes.size());
   13444   hash->Update(command_code_bytes.data(),
   13445                command_code_bytes.size());
   13446   hash->Update(buffer.data(),
   13447                buffer.size());
   13448   std::string response_hash(32, 0);
   13449   hash->Finish(string_as_array(&response_hash), response_hash.size());
   13450   if (tag == TPM_ST_SESSIONS) {
   13451     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13452     if (!authorization_delegate->CheckResponseAuthorization(
   13453         response_hash,
   13454         authorization_section_bytes)) {
   13455       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13456     }
   13457   }
   13458   std::string out_data_bytes;
   13459   rc = Parse_TPM2B_SENSITIVE_DATA(
   13460       &buffer,
   13461       out_data,
   13462       &out_data_bytes);
   13463   if (rc != TPM_RC_SUCCESS) {
   13464     return rc;
   13465   }
   13466   if (tag == TPM_ST_SESSIONS) {
   13467     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13468     // Decrypt just the parameter data, not the size.
   13469     std::string tmp = out_data_bytes.substr(2);
   13470     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   13471       return TRUNKS_RC_ENCRYPTION_FAILED;
   13472     }
   13473     out_data_bytes.replace(2, std::string::npos, tmp);
   13474     rc = Parse_TPM2B_SENSITIVE_DATA(
   13475         &out_data_bytes,
   13476         out_data,
   13477         nullptr);
   13478     if (rc != TPM_RC_SUCCESS) {
   13479       return rc;
   13480     }
   13481   }
   13482   return TPM_RC_SUCCESS;
   13483 }
   13484 
   13485 void UnsealErrorCallback(
   13486     const Tpm::UnsealResponse& callback,
   13487     TPM_RC response_code) {
   13488   VLOG(1) << __func__;
   13489   callback.Run(response_code,
   13490                TPM2B_SENSITIVE_DATA());
   13491 }
   13492 
   13493 void UnsealResponseParser(
   13494     const Tpm::UnsealResponse& callback,
   13495     AuthorizationDelegate* authorization_delegate,
   13496     const std::string& response) {
   13497   VLOG(1) << __func__;
   13498   base::Callback<void(TPM_RC)> error_reporter =
   13499       base::Bind(UnsealErrorCallback, callback);
   13500   TPM2B_SENSITIVE_DATA out_data;
   13501   TPM_RC rc = Tpm::ParseResponse_Unseal(
   13502       response,
   13503       &out_data,
   13504       authorization_delegate);
   13505   if (rc != TPM_RC_SUCCESS) {
   13506     error_reporter.Run(rc);
   13507     return;
   13508   }
   13509   callback.Run(
   13510       rc,
   13511       out_data);
   13512 }
   13513 
   13514 void Tpm::Unseal(
   13515       const TPMI_DH_OBJECT& item_handle,
   13516       const std::string& item_handle_name,
   13517       AuthorizationDelegate* authorization_delegate,
   13518       const UnsealResponse& callback) {
   13519   VLOG(1) << __func__;
   13520   base::Callback<void(TPM_RC)> error_reporter =
   13521       base::Bind(UnsealErrorCallback, callback);
   13522   base::Callback<void(const std::string&)> parser =
   13523       base::Bind(UnsealResponseParser,
   13524                  callback,
   13525                  authorization_delegate);
   13526   std::string command;
   13527   TPM_RC rc = SerializeCommand_Unseal(
   13528       item_handle,
   13529       item_handle_name,
   13530       &command,
   13531       authorization_delegate);
   13532   if (rc != TPM_RC_SUCCESS) {
   13533     error_reporter.Run(rc);
   13534     return;
   13535   }
   13536   transceiver_->SendCommand(command, parser);
   13537 }
   13538 
   13539 TPM_RC Tpm::UnsealSync(
   13540       const TPMI_DH_OBJECT& item_handle,
   13541       const std::string& item_handle_name,
   13542       TPM2B_SENSITIVE_DATA* out_data,
   13543       AuthorizationDelegate* authorization_delegate) {
   13544   VLOG(1) << __func__;
   13545   std::string command;
   13546   TPM_RC rc = SerializeCommand_Unseal(
   13547       item_handle,
   13548       item_handle_name,
   13549       &command,
   13550       authorization_delegate);
   13551   if (rc != TPM_RC_SUCCESS) {
   13552     return rc;
   13553   }
   13554   std::string response = transceiver_->SendCommandAndWait(command);
   13555   rc = ParseResponse_Unseal(
   13556       response,
   13557       out_data,
   13558       authorization_delegate);
   13559   return rc;
   13560 }
   13561 
   13562 TPM_RC Tpm::SerializeCommand_ObjectChangeAuth(
   13563       const TPMI_DH_OBJECT& object_handle,
   13564       const std::string& object_handle_name,
   13565       const TPMI_DH_OBJECT& parent_handle,
   13566       const std::string& parent_handle_name,
   13567       const TPM2B_AUTH& new_auth,
   13568       std::string* serialized_command,
   13569       AuthorizationDelegate* authorization_delegate) {
   13570   VLOG(3) << __func__;
   13571   TPM_RC rc = TPM_RC_SUCCESS;
   13572   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   13573   UINT32 command_size = 10;  // Header size.
   13574   std::string handle_section_bytes;
   13575   std::string parameter_section_bytes;
   13576   TPM_CC command_code = TPM_CC_ObjectChangeAuth;
   13577   bool is_command_parameter_encryption_possible = true;
   13578   bool is_response_parameter_encryption_possible = true;
   13579   std::string command_code_bytes;
   13580   rc = Serialize_TPM_CC(
   13581       command_code,
   13582       &command_code_bytes);
   13583   if (rc != TPM_RC_SUCCESS) {
   13584     return rc;
   13585   }
   13586   std::string object_handle_bytes;
   13587   rc = Serialize_TPMI_DH_OBJECT(
   13588       object_handle,
   13589       &object_handle_bytes);
   13590   if (rc != TPM_RC_SUCCESS) {
   13591     return rc;
   13592   }
   13593   std::string parent_handle_bytes;
   13594   rc = Serialize_TPMI_DH_OBJECT(
   13595       parent_handle,
   13596       &parent_handle_bytes);
   13597   if (rc != TPM_RC_SUCCESS) {
   13598     return rc;
   13599   }
   13600   std::string new_auth_bytes;
   13601   rc = Serialize_TPM2B_AUTH(
   13602       new_auth,
   13603       &new_auth_bytes);
   13604   if (rc != TPM_RC_SUCCESS) {
   13605     return rc;
   13606   }
   13607   if (authorization_delegate) {
   13608     // Encrypt just the parameter data, not the size.
   13609     std::string tmp = new_auth_bytes.substr(2);
   13610     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   13611       return TRUNKS_RC_ENCRYPTION_FAILED;
   13612     }
   13613     new_auth_bytes.replace(2, std::string::npos, tmp);
   13614   }
   13615   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   13616       crypto::SecureHash::SHA256));
   13617   hash->Update(command_code_bytes.data(),
   13618                command_code_bytes.size());
   13619   hash->Update(object_handle_name.data(),
   13620                object_handle_name.size());
   13621   handle_section_bytes += object_handle_bytes;
   13622   command_size += object_handle_bytes.size();
   13623   hash->Update(parent_handle_name.data(),
   13624                parent_handle_name.size());
   13625   handle_section_bytes += parent_handle_bytes;
   13626   command_size += parent_handle_bytes.size();
   13627   hash->Update(new_auth_bytes.data(),
   13628                new_auth_bytes.size());
   13629   parameter_section_bytes += new_auth_bytes;
   13630   command_size += new_auth_bytes.size();
   13631   std::string command_hash(32, 0);
   13632   hash->Finish(string_as_array(&command_hash), command_hash.size());
   13633   std::string authorization_section_bytes;
   13634   std::string authorization_size_bytes;
   13635   if (authorization_delegate) {
   13636     if (!authorization_delegate->GetCommandAuthorization(
   13637         command_hash,
   13638         is_command_parameter_encryption_possible,
   13639         is_response_parameter_encryption_possible,
   13640         &authorization_section_bytes)) {
   13641       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13642     }
   13643     if (!authorization_section_bytes.empty()) {
   13644       tag = TPM_ST_SESSIONS;
   13645       std::string tmp;
   13646       rc = Serialize_UINT32(authorization_section_bytes.size(),
   13647                             &authorization_size_bytes);
   13648       if (rc != TPM_RC_SUCCESS) {
   13649         return rc;
   13650       }
   13651       command_size += authorization_size_bytes.size() +
   13652                       authorization_section_bytes.size();
   13653     }
   13654   }
   13655   std::string tag_bytes;
   13656   rc = Serialize_TPMI_ST_COMMAND_TAG(
   13657       tag,
   13658       &tag_bytes);
   13659   if (rc != TPM_RC_SUCCESS) {
   13660     return rc;
   13661   }
   13662   std::string command_size_bytes;
   13663   rc = Serialize_UINT32(
   13664       command_size,
   13665       &command_size_bytes);
   13666   if (rc != TPM_RC_SUCCESS) {
   13667     return rc;
   13668   }
   13669   *serialized_command = tag_bytes +
   13670                         command_size_bytes +
   13671                         command_code_bytes +
   13672                         handle_section_bytes +
   13673                         authorization_size_bytes +
   13674                         authorization_section_bytes +
   13675                         parameter_section_bytes;
   13676   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   13677   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   13678                                             serialized_command->size());
   13679   return TPM_RC_SUCCESS;
   13680 }
   13681 
   13682 TPM_RC Tpm::ParseResponse_ObjectChangeAuth(
   13683       const std::string& response,
   13684       TPM2B_PRIVATE* out_private,
   13685       AuthorizationDelegate* authorization_delegate) {
   13686   VLOG(3) << __func__;
   13687   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   13688   TPM_RC rc = TPM_RC_SUCCESS;
   13689   std::string buffer(response);
   13690   TPM_ST tag;
   13691   std::string tag_bytes;
   13692   rc = Parse_TPM_ST(
   13693       &buffer,
   13694       &tag,
   13695       &tag_bytes);
   13696   if (rc != TPM_RC_SUCCESS) {
   13697     return rc;
   13698   }
   13699   UINT32 response_size;
   13700   std::string response_size_bytes;
   13701   rc = Parse_UINT32(
   13702       &buffer,
   13703       &response_size,
   13704       &response_size_bytes);
   13705   if (rc != TPM_RC_SUCCESS) {
   13706     return rc;
   13707   }
   13708   TPM_RC response_code;
   13709   std::string response_code_bytes;
   13710   rc = Parse_TPM_RC(
   13711       &buffer,
   13712       &response_code,
   13713       &response_code_bytes);
   13714   if (rc != TPM_RC_SUCCESS) {
   13715     return rc;
   13716   }
   13717   if (response_size != response.size()) {
   13718     return TPM_RC_SIZE;
   13719   }
   13720   if (response_code != TPM_RC_SUCCESS) {
   13721     return response_code;
   13722   }
   13723   TPM_CC command_code = TPM_CC_ObjectChangeAuth;
   13724   std::string command_code_bytes;
   13725   rc = Serialize_TPM_CC(
   13726       command_code,
   13727       &command_code_bytes);
   13728   if (rc != TPM_RC_SUCCESS) {
   13729     return rc;
   13730   }
   13731   std::string authorization_section_bytes;
   13732   if (tag == TPM_ST_SESSIONS) {
   13733     UINT32 parameter_section_size = buffer.size();
   13734     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   13735     if (rc != TPM_RC_SUCCESS) {
   13736       return rc;
   13737     }
   13738     if (parameter_section_size > buffer.size()) {
   13739       return TPM_RC_INSUFFICIENT;
   13740     }
   13741     authorization_section_bytes = buffer.substr(parameter_section_size);
   13742     // Keep the parameter section in |buffer|.
   13743     buffer.erase(parameter_section_size);
   13744   }
   13745   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   13746       crypto::SecureHash::SHA256));
   13747   hash->Update(response_code_bytes.data(),
   13748                response_code_bytes.size());
   13749   hash->Update(command_code_bytes.data(),
   13750                command_code_bytes.size());
   13751   hash->Update(buffer.data(),
   13752                buffer.size());
   13753   std::string response_hash(32, 0);
   13754   hash->Finish(string_as_array(&response_hash), response_hash.size());
   13755   if (tag == TPM_ST_SESSIONS) {
   13756     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13757     if (!authorization_delegate->CheckResponseAuthorization(
   13758         response_hash,
   13759         authorization_section_bytes)) {
   13760       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13761     }
   13762   }
   13763   std::string out_private_bytes;
   13764   rc = Parse_TPM2B_PRIVATE(
   13765       &buffer,
   13766       out_private,
   13767       &out_private_bytes);
   13768   if (rc != TPM_RC_SUCCESS) {
   13769     return rc;
   13770   }
   13771   if (tag == TPM_ST_SESSIONS) {
   13772     CHECK(authorization_delegate) << "Authorization delegate missing!";
   13773     // Decrypt just the parameter data, not the size.
   13774     std::string tmp = out_private_bytes.substr(2);
   13775     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   13776       return TRUNKS_RC_ENCRYPTION_FAILED;
   13777     }
   13778     out_private_bytes.replace(2, std::string::npos, tmp);
   13779     rc = Parse_TPM2B_PRIVATE(
   13780         &out_private_bytes,
   13781         out_private,
   13782         nullptr);
   13783     if (rc != TPM_RC_SUCCESS) {
   13784       return rc;
   13785     }
   13786   }
   13787   return TPM_RC_SUCCESS;
   13788 }
   13789 
   13790 void ObjectChangeAuthErrorCallback(
   13791     const Tpm::ObjectChangeAuthResponse& callback,
   13792     TPM_RC response_code) {
   13793   VLOG(1) << __func__;
   13794   callback.Run(response_code,
   13795                TPM2B_PRIVATE());
   13796 }
   13797 
   13798 void ObjectChangeAuthResponseParser(
   13799     const Tpm::ObjectChangeAuthResponse& callback,
   13800     AuthorizationDelegate* authorization_delegate,
   13801     const std::string& response) {
   13802   VLOG(1) << __func__;
   13803   base::Callback<void(TPM_RC)> error_reporter =
   13804       base::Bind(ObjectChangeAuthErrorCallback, callback);
   13805   TPM2B_PRIVATE out_private;
   13806   TPM_RC rc = Tpm::ParseResponse_ObjectChangeAuth(
   13807       response,
   13808       &out_private,
   13809       authorization_delegate);
   13810   if (rc != TPM_RC_SUCCESS) {
   13811     error_reporter.Run(rc);
   13812     return;
   13813   }
   13814   callback.Run(
   13815       rc,
   13816       out_private);
   13817 }
   13818 
   13819 void Tpm::ObjectChangeAuth(
   13820       const TPMI_DH_OBJECT& object_handle,
   13821       const std::string& object_handle_name,
   13822       const TPMI_DH_OBJECT& parent_handle,
   13823       const std::string& parent_handle_name,
   13824       const TPM2B_AUTH& new_auth,
   13825       AuthorizationDelegate* authorization_delegate,
   13826       const ObjectChangeAuthResponse& callback) {
   13827   VLOG(1) << __func__;
   13828   base::Callback<void(TPM_RC)> error_reporter =
   13829       base::Bind(ObjectChangeAuthErrorCallback, callback);
   13830   base::Callback<void(const std::string&)> parser =
   13831       base::Bind(ObjectChangeAuthResponseParser,
   13832                  callback,
   13833                  authorization_delegate);
   13834   std::string command;
   13835   TPM_RC rc = SerializeCommand_ObjectChangeAuth(
   13836       object_handle,
   13837       object_handle_name,
   13838       parent_handle,
   13839       parent_handle_name,
   13840       new_auth,
   13841       &command,
   13842       authorization_delegate);
   13843   if (rc != TPM_RC_SUCCESS) {
   13844     error_reporter.Run(rc);
   13845     return;
   13846   }
   13847   transceiver_->SendCommand(command, parser);
   13848 }
   13849 
   13850 TPM_RC Tpm::ObjectChangeAuthSync(
   13851       const TPMI_DH_OBJECT& object_handle,
   13852       const std::string& object_handle_name,
   13853       const TPMI_DH_OBJECT& parent_handle,
   13854       const std::string& parent_handle_name,
   13855       const TPM2B_AUTH& new_auth,
   13856       TPM2B_PRIVATE* out_private,
   13857       AuthorizationDelegate* authorization_delegate) {
   13858   VLOG(1) << __func__;
   13859   std::string command;
   13860   TPM_RC rc = SerializeCommand_ObjectChangeAuth(
   13861       object_handle,
   13862       object_handle_name,
   13863       parent_handle,
   13864       parent_handle_name,
   13865       new_auth,
   13866       &command,
   13867       authorization_delegate);
   13868   if (rc != TPM_RC_SUCCESS) {
   13869     return rc;
   13870   }
   13871   std::string response = transceiver_->SendCommandAndWait(command);
   13872   rc = ParseResponse_ObjectChangeAuth(
   13873       response,
   13874       out_private,
   13875       authorization_delegate);
   13876   return rc;
   13877 }
   13878 
   13879 TPM_RC Tpm::SerializeCommand_Duplicate(
   13880       const TPMI_DH_OBJECT& object_handle,
   13881       const std::string& object_handle_name,
   13882       const TPMI_DH_OBJECT& new_parent_handle,
   13883       const std::string& new_parent_handle_name,
   13884       const TPM2B_DATA& encryption_key_in,
   13885       const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   13886       std::string* serialized_command,
   13887       AuthorizationDelegate* authorization_delegate) {
   13888   VLOG(3) << __func__;
   13889   TPM_RC rc = TPM_RC_SUCCESS;
   13890   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   13891   UINT32 command_size = 10;  // Header size.
   13892   std::string handle_section_bytes;
   13893   std::string parameter_section_bytes;
   13894   TPM_CC command_code = TPM_CC_Duplicate;
   13895   bool is_command_parameter_encryption_possible = true;
   13896   bool is_response_parameter_encryption_possible = true;
   13897   std::string command_code_bytes;
   13898   rc = Serialize_TPM_CC(
   13899       command_code,
   13900       &command_code_bytes);
   13901   if (rc != TPM_RC_SUCCESS) {
   13902     return rc;
   13903   }
   13904   std::string object_handle_bytes;
   13905   rc = Serialize_TPMI_DH_OBJECT(
   13906       object_handle,
   13907       &object_handle_bytes);
   13908   if (rc != TPM_RC_SUCCESS) {
   13909     return rc;
   13910   }
   13911   std::string new_parent_handle_bytes;
   13912   rc = Serialize_TPMI_DH_OBJECT(
   13913       new_parent_handle,
   13914       &new_parent_handle_bytes);
   13915   if (rc != TPM_RC_SUCCESS) {
   13916     return rc;
   13917   }
   13918   std::string encryption_key_in_bytes;
   13919   rc = Serialize_TPM2B_DATA(
   13920       encryption_key_in,
   13921       &encryption_key_in_bytes);
   13922   if (rc != TPM_RC_SUCCESS) {
   13923     return rc;
   13924   }
   13925   std::string symmetric_alg_bytes;
   13926   rc = Serialize_TPMT_SYM_DEF_OBJECT(
   13927       symmetric_alg,
   13928       &symmetric_alg_bytes);
   13929   if (rc != TPM_RC_SUCCESS) {
   13930     return rc;
   13931   }
   13932   if (authorization_delegate) {
   13933     // Encrypt just the parameter data, not the size.
   13934     std::string tmp = encryption_key_in_bytes.substr(2);
   13935     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   13936       return TRUNKS_RC_ENCRYPTION_FAILED;
   13937     }
   13938     encryption_key_in_bytes.replace(2, std::string::npos, tmp);
   13939   }
   13940   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   13941       crypto::SecureHash::SHA256));
   13942   hash->Update(command_code_bytes.data(),
   13943                command_code_bytes.size());
   13944   hash->Update(object_handle_name.data(),
   13945                object_handle_name.size());
   13946   handle_section_bytes += object_handle_bytes;
   13947   command_size += object_handle_bytes.size();
   13948   hash->Update(new_parent_handle_name.data(),
   13949                new_parent_handle_name.size());
   13950   handle_section_bytes += new_parent_handle_bytes;
   13951   command_size += new_parent_handle_bytes.size();
   13952   hash->Update(encryption_key_in_bytes.data(),
   13953                encryption_key_in_bytes.size());
   13954   parameter_section_bytes += encryption_key_in_bytes;
   13955   command_size += encryption_key_in_bytes.size();
   13956   hash->Update(symmetric_alg_bytes.data(),
   13957                symmetric_alg_bytes.size());
   13958   parameter_section_bytes += symmetric_alg_bytes;
   13959   command_size += symmetric_alg_bytes.size();
   13960   std::string command_hash(32, 0);
   13961   hash->Finish(string_as_array(&command_hash), command_hash.size());
   13962   std::string authorization_section_bytes;
   13963   std::string authorization_size_bytes;
   13964   if (authorization_delegate) {
   13965     if (!authorization_delegate->GetCommandAuthorization(
   13966         command_hash,
   13967         is_command_parameter_encryption_possible,
   13968         is_response_parameter_encryption_possible,
   13969         &authorization_section_bytes)) {
   13970       return TRUNKS_RC_AUTHORIZATION_FAILED;
   13971     }
   13972     if (!authorization_section_bytes.empty()) {
   13973       tag = TPM_ST_SESSIONS;
   13974       std::string tmp;
   13975       rc = Serialize_UINT32(authorization_section_bytes.size(),
   13976                             &authorization_size_bytes);
   13977       if (rc != TPM_RC_SUCCESS) {
   13978         return rc;
   13979       }
   13980       command_size += authorization_size_bytes.size() +
   13981                       authorization_section_bytes.size();
   13982     }
   13983   }
   13984   std::string tag_bytes;
   13985   rc = Serialize_TPMI_ST_COMMAND_TAG(
   13986       tag,
   13987       &tag_bytes);
   13988   if (rc != TPM_RC_SUCCESS) {
   13989     return rc;
   13990   }
   13991   std::string command_size_bytes;
   13992   rc = Serialize_UINT32(
   13993       command_size,
   13994       &command_size_bytes);
   13995   if (rc != TPM_RC_SUCCESS) {
   13996     return rc;
   13997   }
   13998   *serialized_command = tag_bytes +
   13999                         command_size_bytes +
   14000                         command_code_bytes +
   14001                         handle_section_bytes +
   14002                         authorization_size_bytes +
   14003                         authorization_section_bytes +
   14004                         parameter_section_bytes;
   14005   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   14006   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   14007                                             serialized_command->size());
   14008   return TPM_RC_SUCCESS;
   14009 }
   14010 
   14011 TPM_RC Tpm::ParseResponse_Duplicate(
   14012       const std::string& response,
   14013       TPM2B_DATA* encryption_key_out,
   14014       TPM2B_PRIVATE* duplicate,
   14015       TPM2B_ENCRYPTED_SECRET* out_sym_seed,
   14016       AuthorizationDelegate* authorization_delegate) {
   14017   VLOG(3) << __func__;
   14018   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   14019   TPM_RC rc = TPM_RC_SUCCESS;
   14020   std::string buffer(response);
   14021   TPM_ST tag;
   14022   std::string tag_bytes;
   14023   rc = Parse_TPM_ST(
   14024       &buffer,
   14025       &tag,
   14026       &tag_bytes);
   14027   if (rc != TPM_RC_SUCCESS) {
   14028     return rc;
   14029   }
   14030   UINT32 response_size;
   14031   std::string response_size_bytes;
   14032   rc = Parse_UINT32(
   14033       &buffer,
   14034       &response_size,
   14035       &response_size_bytes);
   14036   if (rc != TPM_RC_SUCCESS) {
   14037     return rc;
   14038   }
   14039   TPM_RC response_code;
   14040   std::string response_code_bytes;
   14041   rc = Parse_TPM_RC(
   14042       &buffer,
   14043       &response_code,
   14044       &response_code_bytes);
   14045   if (rc != TPM_RC_SUCCESS) {
   14046     return rc;
   14047   }
   14048   if (response_size != response.size()) {
   14049     return TPM_RC_SIZE;
   14050   }
   14051   if (response_code != TPM_RC_SUCCESS) {
   14052     return response_code;
   14053   }
   14054   TPM_CC command_code = TPM_CC_Duplicate;
   14055   std::string command_code_bytes;
   14056   rc = Serialize_TPM_CC(
   14057       command_code,
   14058       &command_code_bytes);
   14059   if (rc != TPM_RC_SUCCESS) {
   14060     return rc;
   14061   }
   14062   std::string authorization_section_bytes;
   14063   if (tag == TPM_ST_SESSIONS) {
   14064     UINT32 parameter_section_size = buffer.size();
   14065     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   14066     if (rc != TPM_RC_SUCCESS) {
   14067       return rc;
   14068     }
   14069     if (parameter_section_size > buffer.size()) {
   14070       return TPM_RC_INSUFFICIENT;
   14071     }
   14072     authorization_section_bytes = buffer.substr(parameter_section_size);
   14073     // Keep the parameter section in |buffer|.
   14074     buffer.erase(parameter_section_size);
   14075   }
   14076   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   14077       crypto::SecureHash::SHA256));
   14078   hash->Update(response_code_bytes.data(),
   14079                response_code_bytes.size());
   14080   hash->Update(command_code_bytes.data(),
   14081                command_code_bytes.size());
   14082   hash->Update(buffer.data(),
   14083                buffer.size());
   14084   std::string response_hash(32, 0);
   14085   hash->Finish(string_as_array(&response_hash), response_hash.size());
   14086   if (tag == TPM_ST_SESSIONS) {
   14087     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14088     if (!authorization_delegate->CheckResponseAuthorization(
   14089         response_hash,
   14090         authorization_section_bytes)) {
   14091       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14092     }
   14093   }
   14094   std::string encryption_key_out_bytes;
   14095   rc = Parse_TPM2B_DATA(
   14096       &buffer,
   14097       encryption_key_out,
   14098       &encryption_key_out_bytes);
   14099   if (rc != TPM_RC_SUCCESS) {
   14100     return rc;
   14101   }
   14102   std::string duplicate_bytes;
   14103   rc = Parse_TPM2B_PRIVATE(
   14104       &buffer,
   14105       duplicate,
   14106       &duplicate_bytes);
   14107   if (rc != TPM_RC_SUCCESS) {
   14108     return rc;
   14109   }
   14110   std::string out_sym_seed_bytes;
   14111   rc = Parse_TPM2B_ENCRYPTED_SECRET(
   14112       &buffer,
   14113       out_sym_seed,
   14114       &out_sym_seed_bytes);
   14115   if (rc != TPM_RC_SUCCESS) {
   14116     return rc;
   14117   }
   14118   if (tag == TPM_ST_SESSIONS) {
   14119     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14120     // Decrypt just the parameter data, not the size.
   14121     std::string tmp = encryption_key_out_bytes.substr(2);
   14122     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   14123       return TRUNKS_RC_ENCRYPTION_FAILED;
   14124     }
   14125     encryption_key_out_bytes.replace(2, std::string::npos, tmp);
   14126     rc = Parse_TPM2B_DATA(
   14127         &encryption_key_out_bytes,
   14128         encryption_key_out,
   14129         nullptr);
   14130     if (rc != TPM_RC_SUCCESS) {
   14131       return rc;
   14132     }
   14133   }
   14134   return TPM_RC_SUCCESS;
   14135 }
   14136 
   14137 void DuplicateErrorCallback(
   14138     const Tpm::DuplicateResponse& callback,
   14139     TPM_RC response_code) {
   14140   VLOG(1) << __func__;
   14141   callback.Run(response_code,
   14142                TPM2B_DATA(),
   14143                TPM2B_PRIVATE(),
   14144                TPM2B_ENCRYPTED_SECRET());
   14145 }
   14146 
   14147 void DuplicateResponseParser(
   14148     const Tpm::DuplicateResponse& callback,
   14149     AuthorizationDelegate* authorization_delegate,
   14150     const std::string& response) {
   14151   VLOG(1) << __func__;
   14152   base::Callback<void(TPM_RC)> error_reporter =
   14153       base::Bind(DuplicateErrorCallback, callback);
   14154   TPM2B_DATA encryption_key_out;
   14155   TPM2B_PRIVATE duplicate;
   14156   TPM2B_ENCRYPTED_SECRET out_sym_seed;
   14157   TPM_RC rc = Tpm::ParseResponse_Duplicate(
   14158       response,
   14159       &encryption_key_out,
   14160       &duplicate,
   14161       &out_sym_seed,
   14162       authorization_delegate);
   14163   if (rc != TPM_RC_SUCCESS) {
   14164     error_reporter.Run(rc);
   14165     return;
   14166   }
   14167   callback.Run(
   14168       rc,
   14169       encryption_key_out,
   14170       duplicate,
   14171       out_sym_seed);
   14172 }
   14173 
   14174 void Tpm::Duplicate(
   14175       const TPMI_DH_OBJECT& object_handle,
   14176       const std::string& object_handle_name,
   14177       const TPMI_DH_OBJECT& new_parent_handle,
   14178       const std::string& new_parent_handle_name,
   14179       const TPM2B_DATA& encryption_key_in,
   14180       const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   14181       AuthorizationDelegate* authorization_delegate,
   14182       const DuplicateResponse& callback) {
   14183   VLOG(1) << __func__;
   14184   base::Callback<void(TPM_RC)> error_reporter =
   14185       base::Bind(DuplicateErrorCallback, callback);
   14186   base::Callback<void(const std::string&)> parser =
   14187       base::Bind(DuplicateResponseParser,
   14188                  callback,
   14189                  authorization_delegate);
   14190   std::string command;
   14191   TPM_RC rc = SerializeCommand_Duplicate(
   14192       object_handle,
   14193       object_handle_name,
   14194       new_parent_handle,
   14195       new_parent_handle_name,
   14196       encryption_key_in,
   14197       symmetric_alg,
   14198       &command,
   14199       authorization_delegate);
   14200   if (rc != TPM_RC_SUCCESS) {
   14201     error_reporter.Run(rc);
   14202     return;
   14203   }
   14204   transceiver_->SendCommand(command, parser);
   14205 }
   14206 
   14207 TPM_RC Tpm::DuplicateSync(
   14208       const TPMI_DH_OBJECT& object_handle,
   14209       const std::string& object_handle_name,
   14210       const TPMI_DH_OBJECT& new_parent_handle,
   14211       const std::string& new_parent_handle_name,
   14212       const TPM2B_DATA& encryption_key_in,
   14213       const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   14214       TPM2B_DATA* encryption_key_out,
   14215       TPM2B_PRIVATE* duplicate,
   14216       TPM2B_ENCRYPTED_SECRET* out_sym_seed,
   14217       AuthorizationDelegate* authorization_delegate) {
   14218   VLOG(1) << __func__;
   14219   std::string command;
   14220   TPM_RC rc = SerializeCommand_Duplicate(
   14221       object_handle,
   14222       object_handle_name,
   14223       new_parent_handle,
   14224       new_parent_handle_name,
   14225       encryption_key_in,
   14226       symmetric_alg,
   14227       &command,
   14228       authorization_delegate);
   14229   if (rc != TPM_RC_SUCCESS) {
   14230     return rc;
   14231   }
   14232   std::string response = transceiver_->SendCommandAndWait(command);
   14233   rc = ParseResponse_Duplicate(
   14234       response,
   14235       encryption_key_out,
   14236       duplicate,
   14237       out_sym_seed,
   14238       authorization_delegate);
   14239   return rc;
   14240 }
   14241 
   14242 TPM_RC Tpm::SerializeCommand_Rewrap(
   14243       const TPMI_DH_OBJECT& old_parent,
   14244       const std::string& old_parent_name,
   14245       const TPMI_DH_OBJECT& new_parent,
   14246       const std::string& new_parent_name,
   14247       const TPM2B_PRIVATE& in_duplicate,
   14248       const TPM2B_NAME& name,
   14249       const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   14250       std::string* serialized_command,
   14251       AuthorizationDelegate* authorization_delegate) {
   14252   VLOG(3) << __func__;
   14253   TPM_RC rc = TPM_RC_SUCCESS;
   14254   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   14255   UINT32 command_size = 10;  // Header size.
   14256   std::string handle_section_bytes;
   14257   std::string parameter_section_bytes;
   14258   TPM_CC command_code = TPM_CC_Rewrap;
   14259   bool is_command_parameter_encryption_possible = true;
   14260   bool is_response_parameter_encryption_possible = true;
   14261   std::string command_code_bytes;
   14262   rc = Serialize_TPM_CC(
   14263       command_code,
   14264       &command_code_bytes);
   14265   if (rc != TPM_RC_SUCCESS) {
   14266     return rc;
   14267   }
   14268   std::string old_parent_bytes;
   14269   rc = Serialize_TPMI_DH_OBJECT(
   14270       old_parent,
   14271       &old_parent_bytes);
   14272   if (rc != TPM_RC_SUCCESS) {
   14273     return rc;
   14274   }
   14275   std::string new_parent_bytes;
   14276   rc = Serialize_TPMI_DH_OBJECT(
   14277       new_parent,
   14278       &new_parent_bytes);
   14279   if (rc != TPM_RC_SUCCESS) {
   14280     return rc;
   14281   }
   14282   std::string in_duplicate_bytes;
   14283   rc = Serialize_TPM2B_PRIVATE(
   14284       in_duplicate,
   14285       &in_duplicate_bytes);
   14286   if (rc != TPM_RC_SUCCESS) {
   14287     return rc;
   14288   }
   14289   std::string name_bytes;
   14290   rc = Serialize_TPM2B_NAME(
   14291       name,
   14292       &name_bytes);
   14293   if (rc != TPM_RC_SUCCESS) {
   14294     return rc;
   14295   }
   14296   std::string in_sym_seed_bytes;
   14297   rc = Serialize_TPM2B_ENCRYPTED_SECRET(
   14298       in_sym_seed,
   14299       &in_sym_seed_bytes);
   14300   if (rc != TPM_RC_SUCCESS) {
   14301     return rc;
   14302   }
   14303   if (authorization_delegate) {
   14304     // Encrypt just the parameter data, not the size.
   14305     std::string tmp = in_duplicate_bytes.substr(2);
   14306     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   14307       return TRUNKS_RC_ENCRYPTION_FAILED;
   14308     }
   14309     in_duplicate_bytes.replace(2, std::string::npos, tmp);
   14310   }
   14311   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   14312       crypto::SecureHash::SHA256));
   14313   hash->Update(command_code_bytes.data(),
   14314                command_code_bytes.size());
   14315   hash->Update(old_parent_name.data(),
   14316                old_parent_name.size());
   14317   handle_section_bytes += old_parent_bytes;
   14318   command_size += old_parent_bytes.size();
   14319   hash->Update(new_parent_name.data(),
   14320                new_parent_name.size());
   14321   handle_section_bytes += new_parent_bytes;
   14322   command_size += new_parent_bytes.size();
   14323   hash->Update(in_duplicate_bytes.data(),
   14324                in_duplicate_bytes.size());
   14325   parameter_section_bytes += in_duplicate_bytes;
   14326   command_size += in_duplicate_bytes.size();
   14327   hash->Update(name_bytes.data(),
   14328                name_bytes.size());
   14329   parameter_section_bytes += name_bytes;
   14330   command_size += name_bytes.size();
   14331   hash->Update(in_sym_seed_bytes.data(),
   14332                in_sym_seed_bytes.size());
   14333   parameter_section_bytes += in_sym_seed_bytes;
   14334   command_size += in_sym_seed_bytes.size();
   14335   std::string command_hash(32, 0);
   14336   hash->Finish(string_as_array(&command_hash), command_hash.size());
   14337   std::string authorization_section_bytes;
   14338   std::string authorization_size_bytes;
   14339   if (authorization_delegate) {
   14340     if (!authorization_delegate->GetCommandAuthorization(
   14341         command_hash,
   14342         is_command_parameter_encryption_possible,
   14343         is_response_parameter_encryption_possible,
   14344         &authorization_section_bytes)) {
   14345       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14346     }
   14347     if (!authorization_section_bytes.empty()) {
   14348       tag = TPM_ST_SESSIONS;
   14349       std::string tmp;
   14350       rc = Serialize_UINT32(authorization_section_bytes.size(),
   14351                             &authorization_size_bytes);
   14352       if (rc != TPM_RC_SUCCESS) {
   14353         return rc;
   14354       }
   14355       command_size += authorization_size_bytes.size() +
   14356                       authorization_section_bytes.size();
   14357     }
   14358   }
   14359   std::string tag_bytes;
   14360   rc = Serialize_TPMI_ST_COMMAND_TAG(
   14361       tag,
   14362       &tag_bytes);
   14363   if (rc != TPM_RC_SUCCESS) {
   14364     return rc;
   14365   }
   14366   std::string command_size_bytes;
   14367   rc = Serialize_UINT32(
   14368       command_size,
   14369       &command_size_bytes);
   14370   if (rc != TPM_RC_SUCCESS) {
   14371     return rc;
   14372   }
   14373   *serialized_command = tag_bytes +
   14374                         command_size_bytes +
   14375                         command_code_bytes +
   14376                         handle_section_bytes +
   14377                         authorization_size_bytes +
   14378                         authorization_section_bytes +
   14379                         parameter_section_bytes;
   14380   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   14381   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   14382                                             serialized_command->size());
   14383   return TPM_RC_SUCCESS;
   14384 }
   14385 
   14386 TPM_RC Tpm::ParseResponse_Rewrap(
   14387       const std::string& response,
   14388       TPM2B_PRIVATE* out_duplicate,
   14389       TPM2B_ENCRYPTED_SECRET* out_sym_seed,
   14390       AuthorizationDelegate* authorization_delegate) {
   14391   VLOG(3) << __func__;
   14392   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   14393   TPM_RC rc = TPM_RC_SUCCESS;
   14394   std::string buffer(response);
   14395   TPM_ST tag;
   14396   std::string tag_bytes;
   14397   rc = Parse_TPM_ST(
   14398       &buffer,
   14399       &tag,
   14400       &tag_bytes);
   14401   if (rc != TPM_RC_SUCCESS) {
   14402     return rc;
   14403   }
   14404   UINT32 response_size;
   14405   std::string response_size_bytes;
   14406   rc = Parse_UINT32(
   14407       &buffer,
   14408       &response_size,
   14409       &response_size_bytes);
   14410   if (rc != TPM_RC_SUCCESS) {
   14411     return rc;
   14412   }
   14413   TPM_RC response_code;
   14414   std::string response_code_bytes;
   14415   rc = Parse_TPM_RC(
   14416       &buffer,
   14417       &response_code,
   14418       &response_code_bytes);
   14419   if (rc != TPM_RC_SUCCESS) {
   14420     return rc;
   14421   }
   14422   if (response_size != response.size()) {
   14423     return TPM_RC_SIZE;
   14424   }
   14425   if (response_code != TPM_RC_SUCCESS) {
   14426     return response_code;
   14427   }
   14428   TPM_CC command_code = TPM_CC_Rewrap;
   14429   std::string command_code_bytes;
   14430   rc = Serialize_TPM_CC(
   14431       command_code,
   14432       &command_code_bytes);
   14433   if (rc != TPM_RC_SUCCESS) {
   14434     return rc;
   14435   }
   14436   std::string authorization_section_bytes;
   14437   if (tag == TPM_ST_SESSIONS) {
   14438     UINT32 parameter_section_size = buffer.size();
   14439     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   14440     if (rc != TPM_RC_SUCCESS) {
   14441       return rc;
   14442     }
   14443     if (parameter_section_size > buffer.size()) {
   14444       return TPM_RC_INSUFFICIENT;
   14445     }
   14446     authorization_section_bytes = buffer.substr(parameter_section_size);
   14447     // Keep the parameter section in |buffer|.
   14448     buffer.erase(parameter_section_size);
   14449   }
   14450   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   14451       crypto::SecureHash::SHA256));
   14452   hash->Update(response_code_bytes.data(),
   14453                response_code_bytes.size());
   14454   hash->Update(command_code_bytes.data(),
   14455                command_code_bytes.size());
   14456   hash->Update(buffer.data(),
   14457                buffer.size());
   14458   std::string response_hash(32, 0);
   14459   hash->Finish(string_as_array(&response_hash), response_hash.size());
   14460   if (tag == TPM_ST_SESSIONS) {
   14461     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14462     if (!authorization_delegate->CheckResponseAuthorization(
   14463         response_hash,
   14464         authorization_section_bytes)) {
   14465       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14466     }
   14467   }
   14468   std::string out_duplicate_bytes;
   14469   rc = Parse_TPM2B_PRIVATE(
   14470       &buffer,
   14471       out_duplicate,
   14472       &out_duplicate_bytes);
   14473   if (rc != TPM_RC_SUCCESS) {
   14474     return rc;
   14475   }
   14476   std::string out_sym_seed_bytes;
   14477   rc = Parse_TPM2B_ENCRYPTED_SECRET(
   14478       &buffer,
   14479       out_sym_seed,
   14480       &out_sym_seed_bytes);
   14481   if (rc != TPM_RC_SUCCESS) {
   14482     return rc;
   14483   }
   14484   if (tag == TPM_ST_SESSIONS) {
   14485     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14486     // Decrypt just the parameter data, not the size.
   14487     std::string tmp = out_duplicate_bytes.substr(2);
   14488     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   14489       return TRUNKS_RC_ENCRYPTION_FAILED;
   14490     }
   14491     out_duplicate_bytes.replace(2, std::string::npos, tmp);
   14492     rc = Parse_TPM2B_PRIVATE(
   14493         &out_duplicate_bytes,
   14494         out_duplicate,
   14495         nullptr);
   14496     if (rc != TPM_RC_SUCCESS) {
   14497       return rc;
   14498     }
   14499   }
   14500   return TPM_RC_SUCCESS;
   14501 }
   14502 
   14503 void RewrapErrorCallback(
   14504     const Tpm::RewrapResponse& callback,
   14505     TPM_RC response_code) {
   14506   VLOG(1) << __func__;
   14507   callback.Run(response_code,
   14508                TPM2B_PRIVATE(),
   14509                TPM2B_ENCRYPTED_SECRET());
   14510 }
   14511 
   14512 void RewrapResponseParser(
   14513     const Tpm::RewrapResponse& callback,
   14514     AuthorizationDelegate* authorization_delegate,
   14515     const std::string& response) {
   14516   VLOG(1) << __func__;
   14517   base::Callback<void(TPM_RC)> error_reporter =
   14518       base::Bind(RewrapErrorCallback, callback);
   14519   TPM2B_PRIVATE out_duplicate;
   14520   TPM2B_ENCRYPTED_SECRET out_sym_seed;
   14521   TPM_RC rc = Tpm::ParseResponse_Rewrap(
   14522       response,
   14523       &out_duplicate,
   14524       &out_sym_seed,
   14525       authorization_delegate);
   14526   if (rc != TPM_RC_SUCCESS) {
   14527     error_reporter.Run(rc);
   14528     return;
   14529   }
   14530   callback.Run(
   14531       rc,
   14532       out_duplicate,
   14533       out_sym_seed);
   14534 }
   14535 
   14536 void Tpm::Rewrap(
   14537       const TPMI_DH_OBJECT& old_parent,
   14538       const std::string& old_parent_name,
   14539       const TPMI_DH_OBJECT& new_parent,
   14540       const std::string& new_parent_name,
   14541       const TPM2B_PRIVATE& in_duplicate,
   14542       const TPM2B_NAME& name,
   14543       const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   14544       AuthorizationDelegate* authorization_delegate,
   14545       const RewrapResponse& callback) {
   14546   VLOG(1) << __func__;
   14547   base::Callback<void(TPM_RC)> error_reporter =
   14548       base::Bind(RewrapErrorCallback, callback);
   14549   base::Callback<void(const std::string&)> parser =
   14550       base::Bind(RewrapResponseParser,
   14551                  callback,
   14552                  authorization_delegate);
   14553   std::string command;
   14554   TPM_RC rc = SerializeCommand_Rewrap(
   14555       old_parent,
   14556       old_parent_name,
   14557       new_parent,
   14558       new_parent_name,
   14559       in_duplicate,
   14560       name,
   14561       in_sym_seed,
   14562       &command,
   14563       authorization_delegate);
   14564   if (rc != TPM_RC_SUCCESS) {
   14565     error_reporter.Run(rc);
   14566     return;
   14567   }
   14568   transceiver_->SendCommand(command, parser);
   14569 }
   14570 
   14571 TPM_RC Tpm::RewrapSync(
   14572       const TPMI_DH_OBJECT& old_parent,
   14573       const std::string& old_parent_name,
   14574       const TPMI_DH_OBJECT& new_parent,
   14575       const std::string& new_parent_name,
   14576       const TPM2B_PRIVATE& in_duplicate,
   14577       const TPM2B_NAME& name,
   14578       const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   14579       TPM2B_PRIVATE* out_duplicate,
   14580       TPM2B_ENCRYPTED_SECRET* out_sym_seed,
   14581       AuthorizationDelegate* authorization_delegate) {
   14582   VLOG(1) << __func__;
   14583   std::string command;
   14584   TPM_RC rc = SerializeCommand_Rewrap(
   14585       old_parent,
   14586       old_parent_name,
   14587       new_parent,
   14588       new_parent_name,
   14589       in_duplicate,
   14590       name,
   14591       in_sym_seed,
   14592       &command,
   14593       authorization_delegate);
   14594   if (rc != TPM_RC_SUCCESS) {
   14595     return rc;
   14596   }
   14597   std::string response = transceiver_->SendCommandAndWait(command);
   14598   rc = ParseResponse_Rewrap(
   14599       response,
   14600       out_duplicate,
   14601       out_sym_seed,
   14602       authorization_delegate);
   14603   return rc;
   14604 }
   14605 
   14606 TPM_RC Tpm::SerializeCommand_Import(
   14607       const TPMI_DH_OBJECT& parent_handle,
   14608       const std::string& parent_handle_name,
   14609       const TPM2B_DATA& encryption_key,
   14610       const TPM2B_PUBLIC& object_public,
   14611       const TPM2B_PRIVATE& duplicate,
   14612       const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   14613       const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   14614       std::string* serialized_command,
   14615       AuthorizationDelegate* authorization_delegate) {
   14616   VLOG(3) << __func__;
   14617   TPM_RC rc = TPM_RC_SUCCESS;
   14618   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   14619   UINT32 command_size = 10;  // Header size.
   14620   std::string handle_section_bytes;
   14621   std::string parameter_section_bytes;
   14622   TPM_CC command_code = TPM_CC_Import;
   14623   bool is_command_parameter_encryption_possible = true;
   14624   bool is_response_parameter_encryption_possible = true;
   14625   std::string command_code_bytes;
   14626   rc = Serialize_TPM_CC(
   14627       command_code,
   14628       &command_code_bytes);
   14629   if (rc != TPM_RC_SUCCESS) {
   14630     return rc;
   14631   }
   14632   std::string parent_handle_bytes;
   14633   rc = Serialize_TPMI_DH_OBJECT(
   14634       parent_handle,
   14635       &parent_handle_bytes);
   14636   if (rc != TPM_RC_SUCCESS) {
   14637     return rc;
   14638   }
   14639   std::string encryption_key_bytes;
   14640   rc = Serialize_TPM2B_DATA(
   14641       encryption_key,
   14642       &encryption_key_bytes);
   14643   if (rc != TPM_RC_SUCCESS) {
   14644     return rc;
   14645   }
   14646   std::string object_public_bytes;
   14647   rc = Serialize_TPM2B_PUBLIC(
   14648       object_public,
   14649       &object_public_bytes);
   14650   if (rc != TPM_RC_SUCCESS) {
   14651     return rc;
   14652   }
   14653   std::string duplicate_bytes;
   14654   rc = Serialize_TPM2B_PRIVATE(
   14655       duplicate,
   14656       &duplicate_bytes);
   14657   if (rc != TPM_RC_SUCCESS) {
   14658     return rc;
   14659   }
   14660   std::string in_sym_seed_bytes;
   14661   rc = Serialize_TPM2B_ENCRYPTED_SECRET(
   14662       in_sym_seed,
   14663       &in_sym_seed_bytes);
   14664   if (rc != TPM_RC_SUCCESS) {
   14665     return rc;
   14666   }
   14667   std::string symmetric_alg_bytes;
   14668   rc = Serialize_TPMT_SYM_DEF_OBJECT(
   14669       symmetric_alg,
   14670       &symmetric_alg_bytes);
   14671   if (rc != TPM_RC_SUCCESS) {
   14672     return rc;
   14673   }
   14674   if (authorization_delegate) {
   14675     // Encrypt just the parameter data, not the size.
   14676     std::string tmp = encryption_key_bytes.substr(2);
   14677     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   14678       return TRUNKS_RC_ENCRYPTION_FAILED;
   14679     }
   14680     encryption_key_bytes.replace(2, std::string::npos, tmp);
   14681   }
   14682   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   14683       crypto::SecureHash::SHA256));
   14684   hash->Update(command_code_bytes.data(),
   14685                command_code_bytes.size());
   14686   hash->Update(parent_handle_name.data(),
   14687                parent_handle_name.size());
   14688   handle_section_bytes += parent_handle_bytes;
   14689   command_size += parent_handle_bytes.size();
   14690   hash->Update(encryption_key_bytes.data(),
   14691                encryption_key_bytes.size());
   14692   parameter_section_bytes += encryption_key_bytes;
   14693   command_size += encryption_key_bytes.size();
   14694   hash->Update(object_public_bytes.data(),
   14695                object_public_bytes.size());
   14696   parameter_section_bytes += object_public_bytes;
   14697   command_size += object_public_bytes.size();
   14698   hash->Update(duplicate_bytes.data(),
   14699                duplicate_bytes.size());
   14700   parameter_section_bytes += duplicate_bytes;
   14701   command_size += duplicate_bytes.size();
   14702   hash->Update(in_sym_seed_bytes.data(),
   14703                in_sym_seed_bytes.size());
   14704   parameter_section_bytes += in_sym_seed_bytes;
   14705   command_size += in_sym_seed_bytes.size();
   14706   hash->Update(symmetric_alg_bytes.data(),
   14707                symmetric_alg_bytes.size());
   14708   parameter_section_bytes += symmetric_alg_bytes;
   14709   command_size += symmetric_alg_bytes.size();
   14710   std::string command_hash(32, 0);
   14711   hash->Finish(string_as_array(&command_hash), command_hash.size());
   14712   std::string authorization_section_bytes;
   14713   std::string authorization_size_bytes;
   14714   if (authorization_delegate) {
   14715     if (!authorization_delegate->GetCommandAuthorization(
   14716         command_hash,
   14717         is_command_parameter_encryption_possible,
   14718         is_response_parameter_encryption_possible,
   14719         &authorization_section_bytes)) {
   14720       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14721     }
   14722     if (!authorization_section_bytes.empty()) {
   14723       tag = TPM_ST_SESSIONS;
   14724       std::string tmp;
   14725       rc = Serialize_UINT32(authorization_section_bytes.size(),
   14726                             &authorization_size_bytes);
   14727       if (rc != TPM_RC_SUCCESS) {
   14728         return rc;
   14729       }
   14730       command_size += authorization_size_bytes.size() +
   14731                       authorization_section_bytes.size();
   14732     }
   14733   }
   14734   std::string tag_bytes;
   14735   rc = Serialize_TPMI_ST_COMMAND_TAG(
   14736       tag,
   14737       &tag_bytes);
   14738   if (rc != TPM_RC_SUCCESS) {
   14739     return rc;
   14740   }
   14741   std::string command_size_bytes;
   14742   rc = Serialize_UINT32(
   14743       command_size,
   14744       &command_size_bytes);
   14745   if (rc != TPM_RC_SUCCESS) {
   14746     return rc;
   14747   }
   14748   *serialized_command = tag_bytes +
   14749                         command_size_bytes +
   14750                         command_code_bytes +
   14751                         handle_section_bytes +
   14752                         authorization_size_bytes +
   14753                         authorization_section_bytes +
   14754                         parameter_section_bytes;
   14755   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   14756   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   14757                                             serialized_command->size());
   14758   return TPM_RC_SUCCESS;
   14759 }
   14760 
   14761 TPM_RC Tpm::ParseResponse_Import(
   14762       const std::string& response,
   14763       TPM2B_PRIVATE* out_private,
   14764       AuthorizationDelegate* authorization_delegate) {
   14765   VLOG(3) << __func__;
   14766   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   14767   TPM_RC rc = TPM_RC_SUCCESS;
   14768   std::string buffer(response);
   14769   TPM_ST tag;
   14770   std::string tag_bytes;
   14771   rc = Parse_TPM_ST(
   14772       &buffer,
   14773       &tag,
   14774       &tag_bytes);
   14775   if (rc != TPM_RC_SUCCESS) {
   14776     return rc;
   14777   }
   14778   UINT32 response_size;
   14779   std::string response_size_bytes;
   14780   rc = Parse_UINT32(
   14781       &buffer,
   14782       &response_size,
   14783       &response_size_bytes);
   14784   if (rc != TPM_RC_SUCCESS) {
   14785     return rc;
   14786   }
   14787   TPM_RC response_code;
   14788   std::string response_code_bytes;
   14789   rc = Parse_TPM_RC(
   14790       &buffer,
   14791       &response_code,
   14792       &response_code_bytes);
   14793   if (rc != TPM_RC_SUCCESS) {
   14794     return rc;
   14795   }
   14796   if (response_size != response.size()) {
   14797     return TPM_RC_SIZE;
   14798   }
   14799   if (response_code != TPM_RC_SUCCESS) {
   14800     return response_code;
   14801   }
   14802   TPM_CC command_code = TPM_CC_Import;
   14803   std::string command_code_bytes;
   14804   rc = Serialize_TPM_CC(
   14805       command_code,
   14806       &command_code_bytes);
   14807   if (rc != TPM_RC_SUCCESS) {
   14808     return rc;
   14809   }
   14810   std::string authorization_section_bytes;
   14811   if (tag == TPM_ST_SESSIONS) {
   14812     UINT32 parameter_section_size = buffer.size();
   14813     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   14814     if (rc != TPM_RC_SUCCESS) {
   14815       return rc;
   14816     }
   14817     if (parameter_section_size > buffer.size()) {
   14818       return TPM_RC_INSUFFICIENT;
   14819     }
   14820     authorization_section_bytes = buffer.substr(parameter_section_size);
   14821     // Keep the parameter section in |buffer|.
   14822     buffer.erase(parameter_section_size);
   14823   }
   14824   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   14825       crypto::SecureHash::SHA256));
   14826   hash->Update(response_code_bytes.data(),
   14827                response_code_bytes.size());
   14828   hash->Update(command_code_bytes.data(),
   14829                command_code_bytes.size());
   14830   hash->Update(buffer.data(),
   14831                buffer.size());
   14832   std::string response_hash(32, 0);
   14833   hash->Finish(string_as_array(&response_hash), response_hash.size());
   14834   if (tag == TPM_ST_SESSIONS) {
   14835     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14836     if (!authorization_delegate->CheckResponseAuthorization(
   14837         response_hash,
   14838         authorization_section_bytes)) {
   14839       return TRUNKS_RC_AUTHORIZATION_FAILED;
   14840     }
   14841   }
   14842   std::string out_private_bytes;
   14843   rc = Parse_TPM2B_PRIVATE(
   14844       &buffer,
   14845       out_private,
   14846       &out_private_bytes);
   14847   if (rc != TPM_RC_SUCCESS) {
   14848     return rc;
   14849   }
   14850   if (tag == TPM_ST_SESSIONS) {
   14851     CHECK(authorization_delegate) << "Authorization delegate missing!";
   14852     // Decrypt just the parameter data, not the size.
   14853     std::string tmp = out_private_bytes.substr(2);
   14854     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   14855       return TRUNKS_RC_ENCRYPTION_FAILED;
   14856     }
   14857     out_private_bytes.replace(2, std::string::npos, tmp);
   14858     rc = Parse_TPM2B_PRIVATE(
   14859         &out_private_bytes,
   14860         out_private,
   14861         nullptr);
   14862     if (rc != TPM_RC_SUCCESS) {
   14863       return rc;
   14864     }
   14865   }
   14866   return TPM_RC_SUCCESS;
   14867 }
   14868 
   14869 void ImportErrorCallback(
   14870     const Tpm::ImportResponse& callback,
   14871     TPM_RC response_code) {
   14872   VLOG(1) << __func__;
   14873   callback.Run(response_code,
   14874                TPM2B_PRIVATE());
   14875 }
   14876 
   14877 void ImportResponseParser(
   14878     const Tpm::ImportResponse& callback,
   14879     AuthorizationDelegate* authorization_delegate,
   14880     const std::string& response) {
   14881   VLOG(1) << __func__;
   14882   base::Callback<void(TPM_RC)> error_reporter =
   14883       base::Bind(ImportErrorCallback, callback);
   14884   TPM2B_PRIVATE out_private;
   14885   TPM_RC rc = Tpm::ParseResponse_Import(
   14886       response,
   14887       &out_private,
   14888       authorization_delegate);
   14889   if (rc != TPM_RC_SUCCESS) {
   14890     error_reporter.Run(rc);
   14891     return;
   14892   }
   14893   callback.Run(
   14894       rc,
   14895       out_private);
   14896 }
   14897 
   14898 void Tpm::Import(
   14899       const TPMI_DH_OBJECT& parent_handle,
   14900       const std::string& parent_handle_name,
   14901       const TPM2B_DATA& encryption_key,
   14902       const TPM2B_PUBLIC& object_public,
   14903       const TPM2B_PRIVATE& duplicate,
   14904       const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   14905       const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   14906       AuthorizationDelegate* authorization_delegate,
   14907       const ImportResponse& callback) {
   14908   VLOG(1) << __func__;
   14909   base::Callback<void(TPM_RC)> error_reporter =
   14910       base::Bind(ImportErrorCallback, callback);
   14911   base::Callback<void(const std::string&)> parser =
   14912       base::Bind(ImportResponseParser,
   14913                  callback,
   14914                  authorization_delegate);
   14915   std::string command;
   14916   TPM_RC rc = SerializeCommand_Import(
   14917       parent_handle,
   14918       parent_handle_name,
   14919       encryption_key,
   14920       object_public,
   14921       duplicate,
   14922       in_sym_seed,
   14923       symmetric_alg,
   14924       &command,
   14925       authorization_delegate);
   14926   if (rc != TPM_RC_SUCCESS) {
   14927     error_reporter.Run(rc);
   14928     return;
   14929   }
   14930   transceiver_->SendCommand(command, parser);
   14931 }
   14932 
   14933 TPM_RC Tpm::ImportSync(
   14934       const TPMI_DH_OBJECT& parent_handle,
   14935       const std::string& parent_handle_name,
   14936       const TPM2B_DATA& encryption_key,
   14937       const TPM2B_PUBLIC& object_public,
   14938       const TPM2B_PRIVATE& duplicate,
   14939       const TPM2B_ENCRYPTED_SECRET& in_sym_seed,
   14940       const TPMT_SYM_DEF_OBJECT& symmetric_alg,
   14941       TPM2B_PRIVATE* out_private,
   14942       AuthorizationDelegate* authorization_delegate) {
   14943   VLOG(1) << __func__;
   14944   std::string command;
   14945   TPM_RC rc = SerializeCommand_Import(
   14946       parent_handle,
   14947       parent_handle_name,
   14948       encryption_key,
   14949       object_public,
   14950       duplicate,
   14951       in_sym_seed,
   14952       symmetric_alg,
   14953       &command,
   14954       authorization_delegate);
   14955   if (rc != TPM_RC_SUCCESS) {
   14956     return rc;
   14957   }
   14958   std::string response = transceiver_->SendCommandAndWait(command);
   14959   rc = ParseResponse_Import(
   14960       response,
   14961       out_private,
   14962       authorization_delegate);
   14963   return rc;
   14964 }
   14965 
   14966 TPM_RC Tpm::SerializeCommand_RSA_Encrypt(
   14967       const TPMI_DH_OBJECT& key_handle,
   14968       const std::string& key_handle_name,
   14969       const TPM2B_PUBLIC_KEY_RSA& message,
   14970       const TPMT_RSA_DECRYPT& in_scheme,
   14971       const TPM2B_DATA& label,
   14972       std::string* serialized_command,
   14973       AuthorizationDelegate* authorization_delegate) {
   14974   VLOG(3) << __func__;
   14975   TPM_RC rc = TPM_RC_SUCCESS;
   14976   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   14977   UINT32 command_size = 10;  // Header size.
   14978   std::string handle_section_bytes;
   14979   std::string parameter_section_bytes;
   14980   TPM_CC command_code = TPM_CC_RSA_Encrypt;
   14981   bool is_command_parameter_encryption_possible = true;
   14982   bool is_response_parameter_encryption_possible = true;
   14983   std::string command_code_bytes;
   14984   rc = Serialize_TPM_CC(
   14985       command_code,
   14986       &command_code_bytes);
   14987   if (rc != TPM_RC_SUCCESS) {
   14988     return rc;
   14989   }
   14990   std::string key_handle_bytes;
   14991   rc = Serialize_TPMI_DH_OBJECT(
   14992       key_handle,
   14993       &key_handle_bytes);
   14994   if (rc != TPM_RC_SUCCESS) {
   14995     return rc;
   14996   }
   14997   std::string message_bytes;
   14998   rc = Serialize_TPM2B_PUBLIC_KEY_RSA(
   14999       message,
   15000       &message_bytes);
   15001   if (rc != TPM_RC_SUCCESS) {
   15002     return rc;
   15003   }
   15004   std::string in_scheme_bytes;
   15005   rc = Serialize_TPMT_RSA_DECRYPT(
   15006       in_scheme,
   15007       &in_scheme_bytes);
   15008   if (rc != TPM_RC_SUCCESS) {
   15009     return rc;
   15010   }
   15011   std::string label_bytes;
   15012   rc = Serialize_TPM2B_DATA(
   15013       label,
   15014       &label_bytes);
   15015   if (rc != TPM_RC_SUCCESS) {
   15016     return rc;
   15017   }
   15018   if (authorization_delegate) {
   15019     // Encrypt just the parameter data, not the size.
   15020     std::string tmp = message_bytes.substr(2);
   15021     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   15022       return TRUNKS_RC_ENCRYPTION_FAILED;
   15023     }
   15024     message_bytes.replace(2, std::string::npos, tmp);
   15025   }
   15026   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   15027       crypto::SecureHash::SHA256));
   15028   hash->Update(command_code_bytes.data(),
   15029                command_code_bytes.size());
   15030   hash->Update(key_handle_name.data(),
   15031                key_handle_name.size());
   15032   handle_section_bytes += key_handle_bytes;
   15033   command_size += key_handle_bytes.size();
   15034   hash->Update(message_bytes.data(),
   15035                message_bytes.size());
   15036   parameter_section_bytes += message_bytes;
   15037   command_size += message_bytes.size();
   15038   hash->Update(in_scheme_bytes.data(),
   15039                in_scheme_bytes.size());
   15040   parameter_section_bytes += in_scheme_bytes;
   15041   command_size += in_scheme_bytes.size();
   15042   hash->Update(label_bytes.data(),
   15043                label_bytes.size());
   15044   parameter_section_bytes += label_bytes;
   15045   command_size += label_bytes.size();
   15046   std::string command_hash(32, 0);
   15047   hash->Finish(string_as_array(&command_hash), command_hash.size());
   15048   std::string authorization_section_bytes;
   15049   std::string authorization_size_bytes;
   15050   if (authorization_delegate) {
   15051     if (!authorization_delegate->GetCommandAuthorization(
   15052         command_hash,
   15053         is_command_parameter_encryption_possible,
   15054         is_response_parameter_encryption_possible,
   15055         &authorization_section_bytes)) {
   15056       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15057     }
   15058     if (!authorization_section_bytes.empty()) {
   15059       tag = TPM_ST_SESSIONS;
   15060       std::string tmp;
   15061       rc = Serialize_UINT32(authorization_section_bytes.size(),
   15062                             &authorization_size_bytes);
   15063       if (rc != TPM_RC_SUCCESS) {
   15064         return rc;
   15065       }
   15066       command_size += authorization_size_bytes.size() +
   15067                       authorization_section_bytes.size();
   15068     }
   15069   }
   15070   std::string tag_bytes;
   15071   rc = Serialize_TPMI_ST_COMMAND_TAG(
   15072       tag,
   15073       &tag_bytes);
   15074   if (rc != TPM_RC_SUCCESS) {
   15075     return rc;
   15076   }
   15077   std::string command_size_bytes;
   15078   rc = Serialize_UINT32(
   15079       command_size,
   15080       &command_size_bytes);
   15081   if (rc != TPM_RC_SUCCESS) {
   15082     return rc;
   15083   }
   15084   *serialized_command = tag_bytes +
   15085                         command_size_bytes +
   15086                         command_code_bytes +
   15087                         handle_section_bytes +
   15088                         authorization_size_bytes +
   15089                         authorization_section_bytes +
   15090                         parameter_section_bytes;
   15091   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   15092   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   15093                                             serialized_command->size());
   15094   return TPM_RC_SUCCESS;
   15095 }
   15096 
   15097 TPM_RC Tpm::ParseResponse_RSA_Encrypt(
   15098       const std::string& response,
   15099       TPM2B_PUBLIC_KEY_RSA* out_data,
   15100       AuthorizationDelegate* authorization_delegate) {
   15101   VLOG(3) << __func__;
   15102   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   15103   TPM_RC rc = TPM_RC_SUCCESS;
   15104   std::string buffer(response);
   15105   TPM_ST tag;
   15106   std::string tag_bytes;
   15107   rc = Parse_TPM_ST(
   15108       &buffer,
   15109       &tag,
   15110       &tag_bytes);
   15111   if (rc != TPM_RC_SUCCESS) {
   15112     return rc;
   15113   }
   15114   UINT32 response_size;
   15115   std::string response_size_bytes;
   15116   rc = Parse_UINT32(
   15117       &buffer,
   15118       &response_size,
   15119       &response_size_bytes);
   15120   if (rc != TPM_RC_SUCCESS) {
   15121     return rc;
   15122   }
   15123   TPM_RC response_code;
   15124   std::string response_code_bytes;
   15125   rc = Parse_TPM_RC(
   15126       &buffer,
   15127       &response_code,
   15128       &response_code_bytes);
   15129   if (rc != TPM_RC_SUCCESS) {
   15130     return rc;
   15131   }
   15132   if (response_size != response.size()) {
   15133     return TPM_RC_SIZE;
   15134   }
   15135   if (response_code != TPM_RC_SUCCESS) {
   15136     return response_code;
   15137   }
   15138   TPM_CC command_code = TPM_CC_RSA_Encrypt;
   15139   std::string command_code_bytes;
   15140   rc = Serialize_TPM_CC(
   15141       command_code,
   15142       &command_code_bytes);
   15143   if (rc != TPM_RC_SUCCESS) {
   15144     return rc;
   15145   }
   15146   std::string authorization_section_bytes;
   15147   if (tag == TPM_ST_SESSIONS) {
   15148     UINT32 parameter_section_size = buffer.size();
   15149     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   15150     if (rc != TPM_RC_SUCCESS) {
   15151       return rc;
   15152     }
   15153     if (parameter_section_size > buffer.size()) {
   15154       return TPM_RC_INSUFFICIENT;
   15155     }
   15156     authorization_section_bytes = buffer.substr(parameter_section_size);
   15157     // Keep the parameter section in |buffer|.
   15158     buffer.erase(parameter_section_size);
   15159   }
   15160   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   15161       crypto::SecureHash::SHA256));
   15162   hash->Update(response_code_bytes.data(),
   15163                response_code_bytes.size());
   15164   hash->Update(command_code_bytes.data(),
   15165                command_code_bytes.size());
   15166   hash->Update(buffer.data(),
   15167                buffer.size());
   15168   std::string response_hash(32, 0);
   15169   hash->Finish(string_as_array(&response_hash), response_hash.size());
   15170   if (tag == TPM_ST_SESSIONS) {
   15171     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15172     if (!authorization_delegate->CheckResponseAuthorization(
   15173         response_hash,
   15174         authorization_section_bytes)) {
   15175       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15176     }
   15177   }
   15178   std::string out_data_bytes;
   15179   rc = Parse_TPM2B_PUBLIC_KEY_RSA(
   15180       &buffer,
   15181       out_data,
   15182       &out_data_bytes);
   15183   if (rc != TPM_RC_SUCCESS) {
   15184     return rc;
   15185   }
   15186   if (tag == TPM_ST_SESSIONS) {
   15187     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15188     // Decrypt just the parameter data, not the size.
   15189     std::string tmp = out_data_bytes.substr(2);
   15190     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   15191       return TRUNKS_RC_ENCRYPTION_FAILED;
   15192     }
   15193     out_data_bytes.replace(2, std::string::npos, tmp);
   15194     rc = Parse_TPM2B_PUBLIC_KEY_RSA(
   15195         &out_data_bytes,
   15196         out_data,
   15197         nullptr);
   15198     if (rc != TPM_RC_SUCCESS) {
   15199       return rc;
   15200     }
   15201   }
   15202   return TPM_RC_SUCCESS;
   15203 }
   15204 
   15205 void RSA_EncryptErrorCallback(
   15206     const Tpm::RSA_EncryptResponse& callback,
   15207     TPM_RC response_code) {
   15208   VLOG(1) << __func__;
   15209   callback.Run(response_code,
   15210                TPM2B_PUBLIC_KEY_RSA());
   15211 }
   15212 
   15213 void RSA_EncryptResponseParser(
   15214     const Tpm::RSA_EncryptResponse& callback,
   15215     AuthorizationDelegate* authorization_delegate,
   15216     const std::string& response) {
   15217   VLOG(1) << __func__;
   15218   base::Callback<void(TPM_RC)> error_reporter =
   15219       base::Bind(RSA_EncryptErrorCallback, callback);
   15220   TPM2B_PUBLIC_KEY_RSA out_data;
   15221   TPM_RC rc = Tpm::ParseResponse_RSA_Encrypt(
   15222       response,
   15223       &out_data,
   15224       authorization_delegate);
   15225   if (rc != TPM_RC_SUCCESS) {
   15226     error_reporter.Run(rc);
   15227     return;
   15228   }
   15229   callback.Run(
   15230       rc,
   15231       out_data);
   15232 }
   15233 
   15234 void Tpm::RSA_Encrypt(
   15235       const TPMI_DH_OBJECT& key_handle,
   15236       const std::string& key_handle_name,
   15237       const TPM2B_PUBLIC_KEY_RSA& message,
   15238       const TPMT_RSA_DECRYPT& in_scheme,
   15239       const TPM2B_DATA& label,
   15240       AuthorizationDelegate* authorization_delegate,
   15241       const RSA_EncryptResponse& callback) {
   15242   VLOG(1) << __func__;
   15243   base::Callback<void(TPM_RC)> error_reporter =
   15244       base::Bind(RSA_EncryptErrorCallback, callback);
   15245   base::Callback<void(const std::string&)> parser =
   15246       base::Bind(RSA_EncryptResponseParser,
   15247                  callback,
   15248                  authorization_delegate);
   15249   std::string command;
   15250   TPM_RC rc = SerializeCommand_RSA_Encrypt(
   15251       key_handle,
   15252       key_handle_name,
   15253       message,
   15254       in_scheme,
   15255       label,
   15256       &command,
   15257       authorization_delegate);
   15258   if (rc != TPM_RC_SUCCESS) {
   15259     error_reporter.Run(rc);
   15260     return;
   15261   }
   15262   transceiver_->SendCommand(command, parser);
   15263 }
   15264 
   15265 TPM_RC Tpm::RSA_EncryptSync(
   15266       const TPMI_DH_OBJECT& key_handle,
   15267       const std::string& key_handle_name,
   15268       const TPM2B_PUBLIC_KEY_RSA& message,
   15269       const TPMT_RSA_DECRYPT& in_scheme,
   15270       const TPM2B_DATA& label,
   15271       TPM2B_PUBLIC_KEY_RSA* out_data,
   15272       AuthorizationDelegate* authorization_delegate) {
   15273   VLOG(1) << __func__;
   15274   std::string command;
   15275   TPM_RC rc = SerializeCommand_RSA_Encrypt(
   15276       key_handle,
   15277       key_handle_name,
   15278       message,
   15279       in_scheme,
   15280       label,
   15281       &command,
   15282       authorization_delegate);
   15283   if (rc != TPM_RC_SUCCESS) {
   15284     return rc;
   15285   }
   15286   std::string response = transceiver_->SendCommandAndWait(command);
   15287   rc = ParseResponse_RSA_Encrypt(
   15288       response,
   15289       out_data,
   15290       authorization_delegate);
   15291   return rc;
   15292 }
   15293 
   15294 TPM_RC Tpm::SerializeCommand_RSA_Decrypt(
   15295       const TPMI_DH_OBJECT& key_handle,
   15296       const std::string& key_handle_name,
   15297       const TPM2B_PUBLIC_KEY_RSA& cipher_text,
   15298       const TPMT_RSA_DECRYPT& in_scheme,
   15299       const TPM2B_DATA& label,
   15300       std::string* serialized_command,
   15301       AuthorizationDelegate* authorization_delegate) {
   15302   VLOG(3) << __func__;
   15303   TPM_RC rc = TPM_RC_SUCCESS;
   15304   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   15305   UINT32 command_size = 10;  // Header size.
   15306   std::string handle_section_bytes;
   15307   std::string parameter_section_bytes;
   15308   TPM_CC command_code = TPM_CC_RSA_Decrypt;
   15309   bool is_command_parameter_encryption_possible = true;
   15310   bool is_response_parameter_encryption_possible = true;
   15311   std::string command_code_bytes;
   15312   rc = Serialize_TPM_CC(
   15313       command_code,
   15314       &command_code_bytes);
   15315   if (rc != TPM_RC_SUCCESS) {
   15316     return rc;
   15317   }
   15318   std::string key_handle_bytes;
   15319   rc = Serialize_TPMI_DH_OBJECT(
   15320       key_handle,
   15321       &key_handle_bytes);
   15322   if (rc != TPM_RC_SUCCESS) {
   15323     return rc;
   15324   }
   15325   std::string cipher_text_bytes;
   15326   rc = Serialize_TPM2B_PUBLIC_KEY_RSA(
   15327       cipher_text,
   15328       &cipher_text_bytes);
   15329   if (rc != TPM_RC_SUCCESS) {
   15330     return rc;
   15331   }
   15332   std::string in_scheme_bytes;
   15333   rc = Serialize_TPMT_RSA_DECRYPT(
   15334       in_scheme,
   15335       &in_scheme_bytes);
   15336   if (rc != TPM_RC_SUCCESS) {
   15337     return rc;
   15338   }
   15339   std::string label_bytes;
   15340   rc = Serialize_TPM2B_DATA(
   15341       label,
   15342       &label_bytes);
   15343   if (rc != TPM_RC_SUCCESS) {
   15344     return rc;
   15345   }
   15346   if (authorization_delegate) {
   15347     // Encrypt just the parameter data, not the size.
   15348     std::string tmp = cipher_text_bytes.substr(2);
   15349     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   15350       return TRUNKS_RC_ENCRYPTION_FAILED;
   15351     }
   15352     cipher_text_bytes.replace(2, std::string::npos, tmp);
   15353   }
   15354   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   15355       crypto::SecureHash::SHA256));
   15356   hash->Update(command_code_bytes.data(),
   15357                command_code_bytes.size());
   15358   hash->Update(key_handle_name.data(),
   15359                key_handle_name.size());
   15360   handle_section_bytes += key_handle_bytes;
   15361   command_size += key_handle_bytes.size();
   15362   hash->Update(cipher_text_bytes.data(),
   15363                cipher_text_bytes.size());
   15364   parameter_section_bytes += cipher_text_bytes;
   15365   command_size += cipher_text_bytes.size();
   15366   hash->Update(in_scheme_bytes.data(),
   15367                in_scheme_bytes.size());
   15368   parameter_section_bytes += in_scheme_bytes;
   15369   command_size += in_scheme_bytes.size();
   15370   hash->Update(label_bytes.data(),
   15371                label_bytes.size());
   15372   parameter_section_bytes += label_bytes;
   15373   command_size += label_bytes.size();
   15374   std::string command_hash(32, 0);
   15375   hash->Finish(string_as_array(&command_hash), command_hash.size());
   15376   std::string authorization_section_bytes;
   15377   std::string authorization_size_bytes;
   15378   if (authorization_delegate) {
   15379     if (!authorization_delegate->GetCommandAuthorization(
   15380         command_hash,
   15381         is_command_parameter_encryption_possible,
   15382         is_response_parameter_encryption_possible,
   15383         &authorization_section_bytes)) {
   15384       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15385     }
   15386     if (!authorization_section_bytes.empty()) {
   15387       tag = TPM_ST_SESSIONS;
   15388       std::string tmp;
   15389       rc = Serialize_UINT32(authorization_section_bytes.size(),
   15390                             &authorization_size_bytes);
   15391       if (rc != TPM_RC_SUCCESS) {
   15392         return rc;
   15393       }
   15394       command_size += authorization_size_bytes.size() +
   15395                       authorization_section_bytes.size();
   15396     }
   15397   }
   15398   std::string tag_bytes;
   15399   rc = Serialize_TPMI_ST_COMMAND_TAG(
   15400       tag,
   15401       &tag_bytes);
   15402   if (rc != TPM_RC_SUCCESS) {
   15403     return rc;
   15404   }
   15405   std::string command_size_bytes;
   15406   rc = Serialize_UINT32(
   15407       command_size,
   15408       &command_size_bytes);
   15409   if (rc != TPM_RC_SUCCESS) {
   15410     return rc;
   15411   }
   15412   *serialized_command = tag_bytes +
   15413                         command_size_bytes +
   15414                         command_code_bytes +
   15415                         handle_section_bytes +
   15416                         authorization_size_bytes +
   15417                         authorization_section_bytes +
   15418                         parameter_section_bytes;
   15419   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   15420   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   15421                                             serialized_command->size());
   15422   return TPM_RC_SUCCESS;
   15423 }
   15424 
   15425 TPM_RC Tpm::ParseResponse_RSA_Decrypt(
   15426       const std::string& response,
   15427       TPM2B_PUBLIC_KEY_RSA* message,
   15428       AuthorizationDelegate* authorization_delegate) {
   15429   VLOG(3) << __func__;
   15430   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   15431   TPM_RC rc = TPM_RC_SUCCESS;
   15432   std::string buffer(response);
   15433   TPM_ST tag;
   15434   std::string tag_bytes;
   15435   rc = Parse_TPM_ST(
   15436       &buffer,
   15437       &tag,
   15438       &tag_bytes);
   15439   if (rc != TPM_RC_SUCCESS) {
   15440     return rc;
   15441   }
   15442   UINT32 response_size;
   15443   std::string response_size_bytes;
   15444   rc = Parse_UINT32(
   15445       &buffer,
   15446       &response_size,
   15447       &response_size_bytes);
   15448   if (rc != TPM_RC_SUCCESS) {
   15449     return rc;
   15450   }
   15451   TPM_RC response_code;
   15452   std::string response_code_bytes;
   15453   rc = Parse_TPM_RC(
   15454       &buffer,
   15455       &response_code,
   15456       &response_code_bytes);
   15457   if (rc != TPM_RC_SUCCESS) {
   15458     return rc;
   15459   }
   15460   if (response_size != response.size()) {
   15461     return TPM_RC_SIZE;
   15462   }
   15463   if (response_code != TPM_RC_SUCCESS) {
   15464     return response_code;
   15465   }
   15466   TPM_CC command_code = TPM_CC_RSA_Decrypt;
   15467   std::string command_code_bytes;
   15468   rc = Serialize_TPM_CC(
   15469       command_code,
   15470       &command_code_bytes);
   15471   if (rc != TPM_RC_SUCCESS) {
   15472     return rc;
   15473   }
   15474   std::string authorization_section_bytes;
   15475   if (tag == TPM_ST_SESSIONS) {
   15476     UINT32 parameter_section_size = buffer.size();
   15477     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   15478     if (rc != TPM_RC_SUCCESS) {
   15479       return rc;
   15480     }
   15481     if (parameter_section_size > buffer.size()) {
   15482       return TPM_RC_INSUFFICIENT;
   15483     }
   15484     authorization_section_bytes = buffer.substr(parameter_section_size);
   15485     // Keep the parameter section in |buffer|.
   15486     buffer.erase(parameter_section_size);
   15487   }
   15488   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   15489       crypto::SecureHash::SHA256));
   15490   hash->Update(response_code_bytes.data(),
   15491                response_code_bytes.size());
   15492   hash->Update(command_code_bytes.data(),
   15493                command_code_bytes.size());
   15494   hash->Update(buffer.data(),
   15495                buffer.size());
   15496   std::string response_hash(32, 0);
   15497   hash->Finish(string_as_array(&response_hash), response_hash.size());
   15498   if (tag == TPM_ST_SESSIONS) {
   15499     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15500     if (!authorization_delegate->CheckResponseAuthorization(
   15501         response_hash,
   15502         authorization_section_bytes)) {
   15503       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15504     }
   15505   }
   15506   std::string message_bytes;
   15507   rc = Parse_TPM2B_PUBLIC_KEY_RSA(
   15508       &buffer,
   15509       message,
   15510       &message_bytes);
   15511   if (rc != TPM_RC_SUCCESS) {
   15512     return rc;
   15513   }
   15514   if (tag == TPM_ST_SESSIONS) {
   15515     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15516     // Decrypt just the parameter data, not the size.
   15517     std::string tmp = message_bytes.substr(2);
   15518     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   15519       return TRUNKS_RC_ENCRYPTION_FAILED;
   15520     }
   15521     message_bytes.replace(2, std::string::npos, tmp);
   15522     rc = Parse_TPM2B_PUBLIC_KEY_RSA(
   15523         &message_bytes,
   15524         message,
   15525         nullptr);
   15526     if (rc != TPM_RC_SUCCESS) {
   15527       return rc;
   15528     }
   15529   }
   15530   return TPM_RC_SUCCESS;
   15531 }
   15532 
   15533 void RSA_DecryptErrorCallback(
   15534     const Tpm::RSA_DecryptResponse& callback,
   15535     TPM_RC response_code) {
   15536   VLOG(1) << __func__;
   15537   callback.Run(response_code,
   15538                TPM2B_PUBLIC_KEY_RSA());
   15539 }
   15540 
   15541 void RSA_DecryptResponseParser(
   15542     const Tpm::RSA_DecryptResponse& callback,
   15543     AuthorizationDelegate* authorization_delegate,
   15544     const std::string& response) {
   15545   VLOG(1) << __func__;
   15546   base::Callback<void(TPM_RC)> error_reporter =
   15547       base::Bind(RSA_DecryptErrorCallback, callback);
   15548   TPM2B_PUBLIC_KEY_RSA message;
   15549   TPM_RC rc = Tpm::ParseResponse_RSA_Decrypt(
   15550       response,
   15551       &message,
   15552       authorization_delegate);
   15553   if (rc != TPM_RC_SUCCESS) {
   15554     error_reporter.Run(rc);
   15555     return;
   15556   }
   15557   callback.Run(
   15558       rc,
   15559       message);
   15560 }
   15561 
   15562 void Tpm::RSA_Decrypt(
   15563       const TPMI_DH_OBJECT& key_handle,
   15564       const std::string& key_handle_name,
   15565       const TPM2B_PUBLIC_KEY_RSA& cipher_text,
   15566       const TPMT_RSA_DECRYPT& in_scheme,
   15567       const TPM2B_DATA& label,
   15568       AuthorizationDelegate* authorization_delegate,
   15569       const RSA_DecryptResponse& callback) {
   15570   VLOG(1) << __func__;
   15571   base::Callback<void(TPM_RC)> error_reporter =
   15572       base::Bind(RSA_DecryptErrorCallback, callback);
   15573   base::Callback<void(const std::string&)> parser =
   15574       base::Bind(RSA_DecryptResponseParser,
   15575                  callback,
   15576                  authorization_delegate);
   15577   std::string command;
   15578   TPM_RC rc = SerializeCommand_RSA_Decrypt(
   15579       key_handle,
   15580       key_handle_name,
   15581       cipher_text,
   15582       in_scheme,
   15583       label,
   15584       &command,
   15585       authorization_delegate);
   15586   if (rc != TPM_RC_SUCCESS) {
   15587     error_reporter.Run(rc);
   15588     return;
   15589   }
   15590   transceiver_->SendCommand(command, parser);
   15591 }
   15592 
   15593 TPM_RC Tpm::RSA_DecryptSync(
   15594       const TPMI_DH_OBJECT& key_handle,
   15595       const std::string& key_handle_name,
   15596       const TPM2B_PUBLIC_KEY_RSA& cipher_text,
   15597       const TPMT_RSA_DECRYPT& in_scheme,
   15598       const TPM2B_DATA& label,
   15599       TPM2B_PUBLIC_KEY_RSA* message,
   15600       AuthorizationDelegate* authorization_delegate) {
   15601   VLOG(1) << __func__;
   15602   std::string command;
   15603   TPM_RC rc = SerializeCommand_RSA_Decrypt(
   15604       key_handle,
   15605       key_handle_name,
   15606       cipher_text,
   15607       in_scheme,
   15608       label,
   15609       &command,
   15610       authorization_delegate);
   15611   if (rc != TPM_RC_SUCCESS) {
   15612     return rc;
   15613   }
   15614   std::string response = transceiver_->SendCommandAndWait(command);
   15615   rc = ParseResponse_RSA_Decrypt(
   15616       response,
   15617       message,
   15618       authorization_delegate);
   15619   return rc;
   15620 }
   15621 
   15622 TPM_RC Tpm::SerializeCommand_ECDH_KeyGen(
   15623       const TPMI_DH_OBJECT& key_handle,
   15624       const std::string& key_handle_name,
   15625       std::string* serialized_command,
   15626       AuthorizationDelegate* authorization_delegate) {
   15627   VLOG(3) << __func__;
   15628   TPM_RC rc = TPM_RC_SUCCESS;
   15629   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   15630   UINT32 command_size = 10;  // Header size.
   15631   std::string handle_section_bytes;
   15632   std::string parameter_section_bytes;
   15633   TPM_CC command_code = TPM_CC_ECDH_KeyGen;
   15634   bool is_command_parameter_encryption_possible = false;
   15635   bool is_response_parameter_encryption_possible = true;
   15636   std::string command_code_bytes;
   15637   rc = Serialize_TPM_CC(
   15638       command_code,
   15639       &command_code_bytes);
   15640   if (rc != TPM_RC_SUCCESS) {
   15641     return rc;
   15642   }
   15643   std::string key_handle_bytes;
   15644   rc = Serialize_TPMI_DH_OBJECT(
   15645       key_handle,
   15646       &key_handle_bytes);
   15647   if (rc != TPM_RC_SUCCESS) {
   15648     return rc;
   15649   }
   15650   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   15651       crypto::SecureHash::SHA256));
   15652   hash->Update(command_code_bytes.data(),
   15653                command_code_bytes.size());
   15654   hash->Update(key_handle_name.data(),
   15655                key_handle_name.size());
   15656   handle_section_bytes += key_handle_bytes;
   15657   command_size += key_handle_bytes.size();
   15658   std::string command_hash(32, 0);
   15659   hash->Finish(string_as_array(&command_hash), command_hash.size());
   15660   std::string authorization_section_bytes;
   15661   std::string authorization_size_bytes;
   15662   if (authorization_delegate) {
   15663     if (!authorization_delegate->GetCommandAuthorization(
   15664         command_hash,
   15665         is_command_parameter_encryption_possible,
   15666         is_response_parameter_encryption_possible,
   15667         &authorization_section_bytes)) {
   15668       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15669     }
   15670     if (!authorization_section_bytes.empty()) {
   15671       tag = TPM_ST_SESSIONS;
   15672       std::string tmp;
   15673       rc = Serialize_UINT32(authorization_section_bytes.size(),
   15674                             &authorization_size_bytes);
   15675       if (rc != TPM_RC_SUCCESS) {
   15676         return rc;
   15677       }
   15678       command_size += authorization_size_bytes.size() +
   15679                       authorization_section_bytes.size();
   15680     }
   15681   }
   15682   std::string tag_bytes;
   15683   rc = Serialize_TPMI_ST_COMMAND_TAG(
   15684       tag,
   15685       &tag_bytes);
   15686   if (rc != TPM_RC_SUCCESS) {
   15687     return rc;
   15688   }
   15689   std::string command_size_bytes;
   15690   rc = Serialize_UINT32(
   15691       command_size,
   15692       &command_size_bytes);
   15693   if (rc != TPM_RC_SUCCESS) {
   15694     return rc;
   15695   }
   15696   *serialized_command = tag_bytes +
   15697                         command_size_bytes +
   15698                         command_code_bytes +
   15699                         handle_section_bytes +
   15700                         authorization_size_bytes +
   15701                         authorization_section_bytes +
   15702                         parameter_section_bytes;
   15703   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   15704   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   15705                                             serialized_command->size());
   15706   return TPM_RC_SUCCESS;
   15707 }
   15708 
   15709 TPM_RC Tpm::ParseResponse_ECDH_KeyGen(
   15710       const std::string& response,
   15711       TPM2B_ECC_POINT* z_point,
   15712       TPM2B_ECC_POINT* pub_point,
   15713       AuthorizationDelegate* authorization_delegate) {
   15714   VLOG(3) << __func__;
   15715   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   15716   TPM_RC rc = TPM_RC_SUCCESS;
   15717   std::string buffer(response);
   15718   TPM_ST tag;
   15719   std::string tag_bytes;
   15720   rc = Parse_TPM_ST(
   15721       &buffer,
   15722       &tag,
   15723       &tag_bytes);
   15724   if (rc != TPM_RC_SUCCESS) {
   15725     return rc;
   15726   }
   15727   UINT32 response_size;
   15728   std::string response_size_bytes;
   15729   rc = Parse_UINT32(
   15730       &buffer,
   15731       &response_size,
   15732       &response_size_bytes);
   15733   if (rc != TPM_RC_SUCCESS) {
   15734     return rc;
   15735   }
   15736   TPM_RC response_code;
   15737   std::string response_code_bytes;
   15738   rc = Parse_TPM_RC(
   15739       &buffer,
   15740       &response_code,
   15741       &response_code_bytes);
   15742   if (rc != TPM_RC_SUCCESS) {
   15743     return rc;
   15744   }
   15745   if (response_size != response.size()) {
   15746     return TPM_RC_SIZE;
   15747   }
   15748   if (response_code != TPM_RC_SUCCESS) {
   15749     return response_code;
   15750   }
   15751   TPM_CC command_code = TPM_CC_ECDH_KeyGen;
   15752   std::string command_code_bytes;
   15753   rc = Serialize_TPM_CC(
   15754       command_code,
   15755       &command_code_bytes);
   15756   if (rc != TPM_RC_SUCCESS) {
   15757     return rc;
   15758   }
   15759   std::string authorization_section_bytes;
   15760   if (tag == TPM_ST_SESSIONS) {
   15761     UINT32 parameter_section_size = buffer.size();
   15762     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   15763     if (rc != TPM_RC_SUCCESS) {
   15764       return rc;
   15765     }
   15766     if (parameter_section_size > buffer.size()) {
   15767       return TPM_RC_INSUFFICIENT;
   15768     }
   15769     authorization_section_bytes = buffer.substr(parameter_section_size);
   15770     // Keep the parameter section in |buffer|.
   15771     buffer.erase(parameter_section_size);
   15772   }
   15773   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   15774       crypto::SecureHash::SHA256));
   15775   hash->Update(response_code_bytes.data(),
   15776                response_code_bytes.size());
   15777   hash->Update(command_code_bytes.data(),
   15778                command_code_bytes.size());
   15779   hash->Update(buffer.data(),
   15780                buffer.size());
   15781   std::string response_hash(32, 0);
   15782   hash->Finish(string_as_array(&response_hash), response_hash.size());
   15783   if (tag == TPM_ST_SESSIONS) {
   15784     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15785     if (!authorization_delegate->CheckResponseAuthorization(
   15786         response_hash,
   15787         authorization_section_bytes)) {
   15788       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15789     }
   15790   }
   15791   std::string z_point_bytes;
   15792   rc = Parse_TPM2B_ECC_POINT(
   15793       &buffer,
   15794       z_point,
   15795       &z_point_bytes);
   15796   if (rc != TPM_RC_SUCCESS) {
   15797     return rc;
   15798   }
   15799   std::string pub_point_bytes;
   15800   rc = Parse_TPM2B_ECC_POINT(
   15801       &buffer,
   15802       pub_point,
   15803       &pub_point_bytes);
   15804   if (rc != TPM_RC_SUCCESS) {
   15805     return rc;
   15806   }
   15807   if (tag == TPM_ST_SESSIONS) {
   15808     CHECK(authorization_delegate) << "Authorization delegate missing!";
   15809     // Decrypt just the parameter data, not the size.
   15810     std::string tmp = z_point_bytes.substr(2);
   15811     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   15812       return TRUNKS_RC_ENCRYPTION_FAILED;
   15813     }
   15814     z_point_bytes.replace(2, std::string::npos, tmp);
   15815     rc = Parse_TPM2B_ECC_POINT(
   15816         &z_point_bytes,
   15817         z_point,
   15818         nullptr);
   15819     if (rc != TPM_RC_SUCCESS) {
   15820       return rc;
   15821     }
   15822   }
   15823   return TPM_RC_SUCCESS;
   15824 }
   15825 
   15826 void ECDH_KeyGenErrorCallback(
   15827     const Tpm::ECDH_KeyGenResponse& callback,
   15828     TPM_RC response_code) {
   15829   VLOG(1) << __func__;
   15830   callback.Run(response_code,
   15831                TPM2B_ECC_POINT(),
   15832                TPM2B_ECC_POINT());
   15833 }
   15834 
   15835 void ECDH_KeyGenResponseParser(
   15836     const Tpm::ECDH_KeyGenResponse& callback,
   15837     AuthorizationDelegate* authorization_delegate,
   15838     const std::string& response) {
   15839   VLOG(1) << __func__;
   15840   base::Callback<void(TPM_RC)> error_reporter =
   15841       base::Bind(ECDH_KeyGenErrorCallback, callback);
   15842   TPM2B_ECC_POINT z_point;
   15843   TPM2B_ECC_POINT pub_point;
   15844   TPM_RC rc = Tpm::ParseResponse_ECDH_KeyGen(
   15845       response,
   15846       &z_point,
   15847       &pub_point,
   15848       authorization_delegate);
   15849   if (rc != TPM_RC_SUCCESS) {
   15850     error_reporter.Run(rc);
   15851     return;
   15852   }
   15853   callback.Run(
   15854       rc,
   15855       z_point,
   15856       pub_point);
   15857 }
   15858 
   15859 void Tpm::ECDH_KeyGen(
   15860       const TPMI_DH_OBJECT& key_handle,
   15861       const std::string& key_handle_name,
   15862       AuthorizationDelegate* authorization_delegate,
   15863       const ECDH_KeyGenResponse& callback) {
   15864   VLOG(1) << __func__;
   15865   base::Callback<void(TPM_RC)> error_reporter =
   15866       base::Bind(ECDH_KeyGenErrorCallback, callback);
   15867   base::Callback<void(const std::string&)> parser =
   15868       base::Bind(ECDH_KeyGenResponseParser,
   15869                  callback,
   15870                  authorization_delegate);
   15871   std::string command;
   15872   TPM_RC rc = SerializeCommand_ECDH_KeyGen(
   15873       key_handle,
   15874       key_handle_name,
   15875       &command,
   15876       authorization_delegate);
   15877   if (rc != TPM_RC_SUCCESS) {
   15878     error_reporter.Run(rc);
   15879     return;
   15880   }
   15881   transceiver_->SendCommand(command, parser);
   15882 }
   15883 
   15884 TPM_RC Tpm::ECDH_KeyGenSync(
   15885       const TPMI_DH_OBJECT& key_handle,
   15886       const std::string& key_handle_name,
   15887       TPM2B_ECC_POINT* z_point,
   15888       TPM2B_ECC_POINT* pub_point,
   15889       AuthorizationDelegate* authorization_delegate) {
   15890   VLOG(1) << __func__;
   15891   std::string command;
   15892   TPM_RC rc = SerializeCommand_ECDH_KeyGen(
   15893       key_handle,
   15894       key_handle_name,
   15895       &command,
   15896       authorization_delegate);
   15897   if (rc != TPM_RC_SUCCESS) {
   15898     return rc;
   15899   }
   15900   std::string response = transceiver_->SendCommandAndWait(command);
   15901   rc = ParseResponse_ECDH_KeyGen(
   15902       response,
   15903       z_point,
   15904       pub_point,
   15905       authorization_delegate);
   15906   return rc;
   15907 }
   15908 
   15909 TPM_RC Tpm::SerializeCommand_ECDH_ZGen(
   15910       const TPMI_DH_OBJECT& key_handle,
   15911       const std::string& key_handle_name,
   15912       const TPM2B_ECC_POINT& in_point,
   15913       std::string* serialized_command,
   15914       AuthorizationDelegate* authorization_delegate) {
   15915   VLOG(3) << __func__;
   15916   TPM_RC rc = TPM_RC_SUCCESS;
   15917   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   15918   UINT32 command_size = 10;  // Header size.
   15919   std::string handle_section_bytes;
   15920   std::string parameter_section_bytes;
   15921   TPM_CC command_code = TPM_CC_ECDH_ZGen;
   15922   bool is_command_parameter_encryption_possible = true;
   15923   bool is_response_parameter_encryption_possible = true;
   15924   std::string command_code_bytes;
   15925   rc = Serialize_TPM_CC(
   15926       command_code,
   15927       &command_code_bytes);
   15928   if (rc != TPM_RC_SUCCESS) {
   15929     return rc;
   15930   }
   15931   std::string key_handle_bytes;
   15932   rc = Serialize_TPMI_DH_OBJECT(
   15933       key_handle,
   15934       &key_handle_bytes);
   15935   if (rc != TPM_RC_SUCCESS) {
   15936     return rc;
   15937   }
   15938   std::string in_point_bytes;
   15939   rc = Serialize_TPM2B_ECC_POINT(
   15940       in_point,
   15941       &in_point_bytes);
   15942   if (rc != TPM_RC_SUCCESS) {
   15943     return rc;
   15944   }
   15945   if (authorization_delegate) {
   15946     // Encrypt just the parameter data, not the size.
   15947     std::string tmp = in_point_bytes.substr(2);
   15948     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   15949       return TRUNKS_RC_ENCRYPTION_FAILED;
   15950     }
   15951     in_point_bytes.replace(2, std::string::npos, tmp);
   15952   }
   15953   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   15954       crypto::SecureHash::SHA256));
   15955   hash->Update(command_code_bytes.data(),
   15956                command_code_bytes.size());
   15957   hash->Update(key_handle_name.data(),
   15958                key_handle_name.size());
   15959   handle_section_bytes += key_handle_bytes;
   15960   command_size += key_handle_bytes.size();
   15961   hash->Update(in_point_bytes.data(),
   15962                in_point_bytes.size());
   15963   parameter_section_bytes += in_point_bytes;
   15964   command_size += in_point_bytes.size();
   15965   std::string command_hash(32, 0);
   15966   hash->Finish(string_as_array(&command_hash), command_hash.size());
   15967   std::string authorization_section_bytes;
   15968   std::string authorization_size_bytes;
   15969   if (authorization_delegate) {
   15970     if (!authorization_delegate->GetCommandAuthorization(
   15971         command_hash,
   15972         is_command_parameter_encryption_possible,
   15973         is_response_parameter_encryption_possible,
   15974         &authorization_section_bytes)) {
   15975       return TRUNKS_RC_AUTHORIZATION_FAILED;
   15976     }
   15977     if (!authorization_section_bytes.empty()) {
   15978       tag = TPM_ST_SESSIONS;
   15979       std::string tmp;
   15980       rc = Serialize_UINT32(authorization_section_bytes.size(),
   15981                             &authorization_size_bytes);
   15982       if (rc != TPM_RC_SUCCESS) {
   15983         return rc;
   15984       }
   15985       command_size += authorization_size_bytes.size() +
   15986                       authorization_section_bytes.size();
   15987     }
   15988   }
   15989   std::string tag_bytes;
   15990   rc = Serialize_TPMI_ST_COMMAND_TAG(
   15991       tag,
   15992       &tag_bytes);
   15993   if (rc != TPM_RC_SUCCESS) {
   15994     return rc;
   15995   }
   15996   std::string command_size_bytes;
   15997   rc = Serialize_UINT32(
   15998       command_size,
   15999       &command_size_bytes);
   16000   if (rc != TPM_RC_SUCCESS) {
   16001     return rc;
   16002   }
   16003   *serialized_command = tag_bytes +
   16004                         command_size_bytes +
   16005                         command_code_bytes +
   16006                         handle_section_bytes +
   16007                         authorization_size_bytes +
   16008                         authorization_section_bytes +
   16009                         parameter_section_bytes;
   16010   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   16011   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   16012                                             serialized_command->size());
   16013   return TPM_RC_SUCCESS;
   16014 }
   16015 
   16016 TPM_RC Tpm::ParseResponse_ECDH_ZGen(
   16017       const std::string& response,
   16018       TPM2B_ECC_POINT* out_point,
   16019       AuthorizationDelegate* authorization_delegate) {
   16020   VLOG(3) << __func__;
   16021   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   16022   TPM_RC rc = TPM_RC_SUCCESS;
   16023   std::string buffer(response);
   16024   TPM_ST tag;
   16025   std::string tag_bytes;
   16026   rc = Parse_TPM_ST(
   16027       &buffer,
   16028       &tag,
   16029       &tag_bytes);
   16030   if (rc != TPM_RC_SUCCESS) {
   16031     return rc;
   16032   }
   16033   UINT32 response_size;
   16034   std::string response_size_bytes;
   16035   rc = Parse_UINT32(
   16036       &buffer,
   16037       &response_size,
   16038       &response_size_bytes);
   16039   if (rc != TPM_RC_SUCCESS) {
   16040     return rc;
   16041   }
   16042   TPM_RC response_code;
   16043   std::string response_code_bytes;
   16044   rc = Parse_TPM_RC(
   16045       &buffer,
   16046       &response_code,
   16047       &response_code_bytes);
   16048   if (rc != TPM_RC_SUCCESS) {
   16049     return rc;
   16050   }
   16051   if (response_size != response.size()) {
   16052     return TPM_RC_SIZE;
   16053   }
   16054   if (response_code != TPM_RC_SUCCESS) {
   16055     return response_code;
   16056   }
   16057   TPM_CC command_code = TPM_CC_ECDH_ZGen;
   16058   std::string command_code_bytes;
   16059   rc = Serialize_TPM_CC(
   16060       command_code,
   16061       &command_code_bytes);
   16062   if (rc != TPM_RC_SUCCESS) {
   16063     return rc;
   16064   }
   16065   std::string authorization_section_bytes;
   16066   if (tag == TPM_ST_SESSIONS) {
   16067     UINT32 parameter_section_size = buffer.size();
   16068     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   16069     if (rc != TPM_RC_SUCCESS) {
   16070       return rc;
   16071     }
   16072     if (parameter_section_size > buffer.size()) {
   16073       return TPM_RC_INSUFFICIENT;
   16074     }
   16075     authorization_section_bytes = buffer.substr(parameter_section_size);
   16076     // Keep the parameter section in |buffer|.
   16077     buffer.erase(parameter_section_size);
   16078   }
   16079   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   16080       crypto::SecureHash::SHA256));
   16081   hash->Update(response_code_bytes.data(),
   16082                response_code_bytes.size());
   16083   hash->Update(command_code_bytes.data(),
   16084                command_code_bytes.size());
   16085   hash->Update(buffer.data(),
   16086                buffer.size());
   16087   std::string response_hash(32, 0);
   16088   hash->Finish(string_as_array(&response_hash), response_hash.size());
   16089   if (tag == TPM_ST_SESSIONS) {
   16090     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16091     if (!authorization_delegate->CheckResponseAuthorization(
   16092         response_hash,
   16093         authorization_section_bytes)) {
   16094       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16095     }
   16096   }
   16097   std::string out_point_bytes;
   16098   rc = Parse_TPM2B_ECC_POINT(
   16099       &buffer,
   16100       out_point,
   16101       &out_point_bytes);
   16102   if (rc != TPM_RC_SUCCESS) {
   16103     return rc;
   16104   }
   16105   if (tag == TPM_ST_SESSIONS) {
   16106     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16107     // Decrypt just the parameter data, not the size.
   16108     std::string tmp = out_point_bytes.substr(2);
   16109     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   16110       return TRUNKS_RC_ENCRYPTION_FAILED;
   16111     }
   16112     out_point_bytes.replace(2, std::string::npos, tmp);
   16113     rc = Parse_TPM2B_ECC_POINT(
   16114         &out_point_bytes,
   16115         out_point,
   16116         nullptr);
   16117     if (rc != TPM_RC_SUCCESS) {
   16118       return rc;
   16119     }
   16120   }
   16121   return TPM_RC_SUCCESS;
   16122 }
   16123 
   16124 void ECDH_ZGenErrorCallback(
   16125     const Tpm::ECDH_ZGenResponse& callback,
   16126     TPM_RC response_code) {
   16127   VLOG(1) << __func__;
   16128   callback.Run(response_code,
   16129                TPM2B_ECC_POINT());
   16130 }
   16131 
   16132 void ECDH_ZGenResponseParser(
   16133     const Tpm::ECDH_ZGenResponse& callback,
   16134     AuthorizationDelegate* authorization_delegate,
   16135     const std::string& response) {
   16136   VLOG(1) << __func__;
   16137   base::Callback<void(TPM_RC)> error_reporter =
   16138       base::Bind(ECDH_ZGenErrorCallback, callback);
   16139   TPM2B_ECC_POINT out_point;
   16140   TPM_RC rc = Tpm::ParseResponse_ECDH_ZGen(
   16141       response,
   16142       &out_point,
   16143       authorization_delegate);
   16144   if (rc != TPM_RC_SUCCESS) {
   16145     error_reporter.Run(rc);
   16146     return;
   16147   }
   16148   callback.Run(
   16149       rc,
   16150       out_point);
   16151 }
   16152 
   16153 void Tpm::ECDH_ZGen(
   16154       const TPMI_DH_OBJECT& key_handle,
   16155       const std::string& key_handle_name,
   16156       const TPM2B_ECC_POINT& in_point,
   16157       AuthorizationDelegate* authorization_delegate,
   16158       const ECDH_ZGenResponse& callback) {
   16159   VLOG(1) << __func__;
   16160   base::Callback<void(TPM_RC)> error_reporter =
   16161       base::Bind(ECDH_ZGenErrorCallback, callback);
   16162   base::Callback<void(const std::string&)> parser =
   16163       base::Bind(ECDH_ZGenResponseParser,
   16164                  callback,
   16165                  authorization_delegate);
   16166   std::string command;
   16167   TPM_RC rc = SerializeCommand_ECDH_ZGen(
   16168       key_handle,
   16169       key_handle_name,
   16170       in_point,
   16171       &command,
   16172       authorization_delegate);
   16173   if (rc != TPM_RC_SUCCESS) {
   16174     error_reporter.Run(rc);
   16175     return;
   16176   }
   16177   transceiver_->SendCommand(command, parser);
   16178 }
   16179 
   16180 TPM_RC Tpm::ECDH_ZGenSync(
   16181       const TPMI_DH_OBJECT& key_handle,
   16182       const std::string& key_handle_name,
   16183       const TPM2B_ECC_POINT& in_point,
   16184       TPM2B_ECC_POINT* out_point,
   16185       AuthorizationDelegate* authorization_delegate) {
   16186   VLOG(1) << __func__;
   16187   std::string command;
   16188   TPM_RC rc = SerializeCommand_ECDH_ZGen(
   16189       key_handle,
   16190       key_handle_name,
   16191       in_point,
   16192       &command,
   16193       authorization_delegate);
   16194   if (rc != TPM_RC_SUCCESS) {
   16195     return rc;
   16196   }
   16197   std::string response = transceiver_->SendCommandAndWait(command);
   16198   rc = ParseResponse_ECDH_ZGen(
   16199       response,
   16200       out_point,
   16201       authorization_delegate);
   16202   return rc;
   16203 }
   16204 
   16205 TPM_RC Tpm::SerializeCommand_ECC_Parameters(
   16206       const TPMI_ECC_CURVE& curve_id,
   16207       std::string* serialized_command,
   16208       AuthorizationDelegate* authorization_delegate) {
   16209   VLOG(3) << __func__;
   16210   TPM_RC rc = TPM_RC_SUCCESS;
   16211   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   16212   UINT32 command_size = 10;  // Header size.
   16213   std::string handle_section_bytes;
   16214   std::string parameter_section_bytes;
   16215   TPM_CC command_code = TPM_CC_ECC_Parameters;
   16216   bool is_command_parameter_encryption_possible = false;
   16217   bool is_response_parameter_encryption_possible = false;
   16218   std::string command_code_bytes;
   16219   rc = Serialize_TPM_CC(
   16220       command_code,
   16221       &command_code_bytes);
   16222   if (rc != TPM_RC_SUCCESS) {
   16223     return rc;
   16224   }
   16225   std::string curve_id_bytes;
   16226   rc = Serialize_TPMI_ECC_CURVE(
   16227       curve_id,
   16228       &curve_id_bytes);
   16229   if (rc != TPM_RC_SUCCESS) {
   16230     return rc;
   16231   }
   16232   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   16233       crypto::SecureHash::SHA256));
   16234   hash->Update(command_code_bytes.data(),
   16235                command_code_bytes.size());
   16236   hash->Update(curve_id_bytes.data(),
   16237                curve_id_bytes.size());
   16238   parameter_section_bytes += curve_id_bytes;
   16239   command_size += curve_id_bytes.size();
   16240   std::string command_hash(32, 0);
   16241   hash->Finish(string_as_array(&command_hash), command_hash.size());
   16242   std::string authorization_section_bytes;
   16243   std::string authorization_size_bytes;
   16244   if (authorization_delegate) {
   16245     if (!authorization_delegate->GetCommandAuthorization(
   16246         command_hash,
   16247         is_command_parameter_encryption_possible,
   16248         is_response_parameter_encryption_possible,
   16249         &authorization_section_bytes)) {
   16250       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16251     }
   16252     if (!authorization_section_bytes.empty()) {
   16253       tag = TPM_ST_SESSIONS;
   16254       std::string tmp;
   16255       rc = Serialize_UINT32(authorization_section_bytes.size(),
   16256                             &authorization_size_bytes);
   16257       if (rc != TPM_RC_SUCCESS) {
   16258         return rc;
   16259       }
   16260       command_size += authorization_size_bytes.size() +
   16261                       authorization_section_bytes.size();
   16262     }
   16263   }
   16264   std::string tag_bytes;
   16265   rc = Serialize_TPMI_ST_COMMAND_TAG(
   16266       tag,
   16267       &tag_bytes);
   16268   if (rc != TPM_RC_SUCCESS) {
   16269     return rc;
   16270   }
   16271   std::string command_size_bytes;
   16272   rc = Serialize_UINT32(
   16273       command_size,
   16274       &command_size_bytes);
   16275   if (rc != TPM_RC_SUCCESS) {
   16276     return rc;
   16277   }
   16278   *serialized_command = tag_bytes +
   16279                         command_size_bytes +
   16280                         command_code_bytes +
   16281                         handle_section_bytes +
   16282                         authorization_size_bytes +
   16283                         authorization_section_bytes +
   16284                         parameter_section_bytes;
   16285   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   16286   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   16287                                             serialized_command->size());
   16288   return TPM_RC_SUCCESS;
   16289 }
   16290 
   16291 TPM_RC Tpm::ParseResponse_ECC_Parameters(
   16292       const std::string& response,
   16293       TPMS_ALGORITHM_DETAIL_ECC* parameters,
   16294       AuthorizationDelegate* authorization_delegate) {
   16295   VLOG(3) << __func__;
   16296   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   16297   TPM_RC rc = TPM_RC_SUCCESS;
   16298   std::string buffer(response);
   16299   TPM_ST tag;
   16300   std::string tag_bytes;
   16301   rc = Parse_TPM_ST(
   16302       &buffer,
   16303       &tag,
   16304       &tag_bytes);
   16305   if (rc != TPM_RC_SUCCESS) {
   16306     return rc;
   16307   }
   16308   UINT32 response_size;
   16309   std::string response_size_bytes;
   16310   rc = Parse_UINT32(
   16311       &buffer,
   16312       &response_size,
   16313       &response_size_bytes);
   16314   if (rc != TPM_RC_SUCCESS) {
   16315     return rc;
   16316   }
   16317   TPM_RC response_code;
   16318   std::string response_code_bytes;
   16319   rc = Parse_TPM_RC(
   16320       &buffer,
   16321       &response_code,
   16322       &response_code_bytes);
   16323   if (rc != TPM_RC_SUCCESS) {
   16324     return rc;
   16325   }
   16326   if (response_size != response.size()) {
   16327     return TPM_RC_SIZE;
   16328   }
   16329   if (response_code != TPM_RC_SUCCESS) {
   16330     return response_code;
   16331   }
   16332   TPM_CC command_code = TPM_CC_ECC_Parameters;
   16333   std::string command_code_bytes;
   16334   rc = Serialize_TPM_CC(
   16335       command_code,
   16336       &command_code_bytes);
   16337   if (rc != TPM_RC_SUCCESS) {
   16338     return rc;
   16339   }
   16340   std::string authorization_section_bytes;
   16341   if (tag == TPM_ST_SESSIONS) {
   16342     UINT32 parameter_section_size = buffer.size();
   16343     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   16344     if (rc != TPM_RC_SUCCESS) {
   16345       return rc;
   16346     }
   16347     if (parameter_section_size > buffer.size()) {
   16348       return TPM_RC_INSUFFICIENT;
   16349     }
   16350     authorization_section_bytes = buffer.substr(parameter_section_size);
   16351     // Keep the parameter section in |buffer|.
   16352     buffer.erase(parameter_section_size);
   16353   }
   16354   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   16355       crypto::SecureHash::SHA256));
   16356   hash->Update(response_code_bytes.data(),
   16357                response_code_bytes.size());
   16358   hash->Update(command_code_bytes.data(),
   16359                command_code_bytes.size());
   16360   hash->Update(buffer.data(),
   16361                buffer.size());
   16362   std::string response_hash(32, 0);
   16363   hash->Finish(string_as_array(&response_hash), response_hash.size());
   16364   if (tag == TPM_ST_SESSIONS) {
   16365     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16366     if (!authorization_delegate->CheckResponseAuthorization(
   16367         response_hash,
   16368         authorization_section_bytes)) {
   16369       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16370     }
   16371   }
   16372   std::string parameters_bytes;
   16373   rc = Parse_TPMS_ALGORITHM_DETAIL_ECC(
   16374       &buffer,
   16375       parameters,
   16376       &parameters_bytes);
   16377   if (rc != TPM_RC_SUCCESS) {
   16378     return rc;
   16379   }
   16380   return TPM_RC_SUCCESS;
   16381 }
   16382 
   16383 void ECC_ParametersErrorCallback(
   16384     const Tpm::ECC_ParametersResponse& callback,
   16385     TPM_RC response_code) {
   16386   VLOG(1) << __func__;
   16387   callback.Run(response_code,
   16388                TPMS_ALGORITHM_DETAIL_ECC());
   16389 }
   16390 
   16391 void ECC_ParametersResponseParser(
   16392     const Tpm::ECC_ParametersResponse& callback,
   16393     AuthorizationDelegate* authorization_delegate,
   16394     const std::string& response) {
   16395   VLOG(1) << __func__;
   16396   base::Callback<void(TPM_RC)> error_reporter =
   16397       base::Bind(ECC_ParametersErrorCallback, callback);
   16398   TPMS_ALGORITHM_DETAIL_ECC parameters;
   16399   TPM_RC rc = Tpm::ParseResponse_ECC_Parameters(
   16400       response,
   16401       &parameters,
   16402       authorization_delegate);
   16403   if (rc != TPM_RC_SUCCESS) {
   16404     error_reporter.Run(rc);
   16405     return;
   16406   }
   16407   callback.Run(
   16408       rc,
   16409       parameters);
   16410 }
   16411 
   16412 void Tpm::ECC_Parameters(
   16413       const TPMI_ECC_CURVE& curve_id,
   16414       AuthorizationDelegate* authorization_delegate,
   16415       const ECC_ParametersResponse& callback) {
   16416   VLOG(1) << __func__;
   16417   base::Callback<void(TPM_RC)> error_reporter =
   16418       base::Bind(ECC_ParametersErrorCallback, callback);
   16419   base::Callback<void(const std::string&)> parser =
   16420       base::Bind(ECC_ParametersResponseParser,
   16421                  callback,
   16422                  authorization_delegate);
   16423   std::string command;
   16424   TPM_RC rc = SerializeCommand_ECC_Parameters(
   16425       curve_id,
   16426       &command,
   16427       authorization_delegate);
   16428   if (rc != TPM_RC_SUCCESS) {
   16429     error_reporter.Run(rc);
   16430     return;
   16431   }
   16432   transceiver_->SendCommand(command, parser);
   16433 }
   16434 
   16435 TPM_RC Tpm::ECC_ParametersSync(
   16436       const TPMI_ECC_CURVE& curve_id,
   16437       TPMS_ALGORITHM_DETAIL_ECC* parameters,
   16438       AuthorizationDelegate* authorization_delegate) {
   16439   VLOG(1) << __func__;
   16440   std::string command;
   16441   TPM_RC rc = SerializeCommand_ECC_Parameters(
   16442       curve_id,
   16443       &command,
   16444       authorization_delegate);
   16445   if (rc != TPM_RC_SUCCESS) {
   16446     return rc;
   16447   }
   16448   std::string response = transceiver_->SendCommandAndWait(command);
   16449   rc = ParseResponse_ECC_Parameters(
   16450       response,
   16451       parameters,
   16452       authorization_delegate);
   16453   return rc;
   16454 }
   16455 
   16456 TPM_RC Tpm::SerializeCommand_ZGen_2Phase(
   16457       const TPMI_DH_OBJECT& key_a,
   16458       const std::string& key_a_name,
   16459       const TPM2B_ECC_POINT& in_qs_b,
   16460       const TPM2B_ECC_POINT& in_qe_b,
   16461       const TPMI_ECC_KEY_EXCHANGE& in_scheme,
   16462       const UINT16& counter,
   16463       std::string* serialized_command,
   16464       AuthorizationDelegate* authorization_delegate) {
   16465   VLOG(3) << __func__;
   16466   TPM_RC rc = TPM_RC_SUCCESS;
   16467   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   16468   UINT32 command_size = 10;  // Header size.
   16469   std::string handle_section_bytes;
   16470   std::string parameter_section_bytes;
   16471   TPM_CC command_code = TPM_CC_ZGen_2Phase;
   16472   bool is_command_parameter_encryption_possible = true;
   16473   bool is_response_parameter_encryption_possible = true;
   16474   std::string command_code_bytes;
   16475   rc = Serialize_TPM_CC(
   16476       command_code,
   16477       &command_code_bytes);
   16478   if (rc != TPM_RC_SUCCESS) {
   16479     return rc;
   16480   }
   16481   std::string key_a_bytes;
   16482   rc = Serialize_TPMI_DH_OBJECT(
   16483       key_a,
   16484       &key_a_bytes);
   16485   if (rc != TPM_RC_SUCCESS) {
   16486     return rc;
   16487   }
   16488   std::string in_qs_b_bytes;
   16489   rc = Serialize_TPM2B_ECC_POINT(
   16490       in_qs_b,
   16491       &in_qs_b_bytes);
   16492   if (rc != TPM_RC_SUCCESS) {
   16493     return rc;
   16494   }
   16495   std::string in_qe_b_bytes;
   16496   rc = Serialize_TPM2B_ECC_POINT(
   16497       in_qe_b,
   16498       &in_qe_b_bytes);
   16499   if (rc != TPM_RC_SUCCESS) {
   16500     return rc;
   16501   }
   16502   std::string in_scheme_bytes;
   16503   rc = Serialize_TPMI_ECC_KEY_EXCHANGE(
   16504       in_scheme,
   16505       &in_scheme_bytes);
   16506   if (rc != TPM_RC_SUCCESS) {
   16507     return rc;
   16508   }
   16509   std::string counter_bytes;
   16510   rc = Serialize_UINT16(
   16511       counter,
   16512       &counter_bytes);
   16513   if (rc != TPM_RC_SUCCESS) {
   16514     return rc;
   16515   }
   16516   if (authorization_delegate) {
   16517     // Encrypt just the parameter data, not the size.
   16518     std::string tmp = in_qs_b_bytes.substr(2);
   16519     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   16520       return TRUNKS_RC_ENCRYPTION_FAILED;
   16521     }
   16522     in_qs_b_bytes.replace(2, std::string::npos, tmp);
   16523   }
   16524   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   16525       crypto::SecureHash::SHA256));
   16526   hash->Update(command_code_bytes.data(),
   16527                command_code_bytes.size());
   16528   hash->Update(key_a_name.data(),
   16529                key_a_name.size());
   16530   handle_section_bytes += key_a_bytes;
   16531   command_size += key_a_bytes.size();
   16532   hash->Update(in_qs_b_bytes.data(),
   16533                in_qs_b_bytes.size());
   16534   parameter_section_bytes += in_qs_b_bytes;
   16535   command_size += in_qs_b_bytes.size();
   16536   hash->Update(in_qe_b_bytes.data(),
   16537                in_qe_b_bytes.size());
   16538   parameter_section_bytes += in_qe_b_bytes;
   16539   command_size += in_qe_b_bytes.size();
   16540   hash->Update(in_scheme_bytes.data(),
   16541                in_scheme_bytes.size());
   16542   parameter_section_bytes += in_scheme_bytes;
   16543   command_size += in_scheme_bytes.size();
   16544   hash->Update(counter_bytes.data(),
   16545                counter_bytes.size());
   16546   parameter_section_bytes += counter_bytes;
   16547   command_size += counter_bytes.size();
   16548   std::string command_hash(32, 0);
   16549   hash->Finish(string_as_array(&command_hash), command_hash.size());
   16550   std::string authorization_section_bytes;
   16551   std::string authorization_size_bytes;
   16552   if (authorization_delegate) {
   16553     if (!authorization_delegate->GetCommandAuthorization(
   16554         command_hash,
   16555         is_command_parameter_encryption_possible,
   16556         is_response_parameter_encryption_possible,
   16557         &authorization_section_bytes)) {
   16558       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16559     }
   16560     if (!authorization_section_bytes.empty()) {
   16561       tag = TPM_ST_SESSIONS;
   16562       std::string tmp;
   16563       rc = Serialize_UINT32(authorization_section_bytes.size(),
   16564                             &authorization_size_bytes);
   16565       if (rc != TPM_RC_SUCCESS) {
   16566         return rc;
   16567       }
   16568       command_size += authorization_size_bytes.size() +
   16569                       authorization_section_bytes.size();
   16570     }
   16571   }
   16572   std::string tag_bytes;
   16573   rc = Serialize_TPMI_ST_COMMAND_TAG(
   16574       tag,
   16575       &tag_bytes);
   16576   if (rc != TPM_RC_SUCCESS) {
   16577     return rc;
   16578   }
   16579   std::string command_size_bytes;
   16580   rc = Serialize_UINT32(
   16581       command_size,
   16582       &command_size_bytes);
   16583   if (rc != TPM_RC_SUCCESS) {
   16584     return rc;
   16585   }
   16586   *serialized_command = tag_bytes +
   16587                         command_size_bytes +
   16588                         command_code_bytes +
   16589                         handle_section_bytes +
   16590                         authorization_size_bytes +
   16591                         authorization_section_bytes +
   16592                         parameter_section_bytes;
   16593   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   16594   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   16595                                             serialized_command->size());
   16596   return TPM_RC_SUCCESS;
   16597 }
   16598 
   16599 TPM_RC Tpm::ParseResponse_ZGen_2Phase(
   16600       const std::string& response,
   16601       TPM2B_ECC_POINT* out_z1,
   16602       TPM2B_ECC_POINT* out_z2,
   16603       AuthorizationDelegate* authorization_delegate) {
   16604   VLOG(3) << __func__;
   16605   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   16606   TPM_RC rc = TPM_RC_SUCCESS;
   16607   std::string buffer(response);
   16608   TPM_ST tag;
   16609   std::string tag_bytes;
   16610   rc = Parse_TPM_ST(
   16611       &buffer,
   16612       &tag,
   16613       &tag_bytes);
   16614   if (rc != TPM_RC_SUCCESS) {
   16615     return rc;
   16616   }
   16617   UINT32 response_size;
   16618   std::string response_size_bytes;
   16619   rc = Parse_UINT32(
   16620       &buffer,
   16621       &response_size,
   16622       &response_size_bytes);
   16623   if (rc != TPM_RC_SUCCESS) {
   16624     return rc;
   16625   }
   16626   TPM_RC response_code;
   16627   std::string response_code_bytes;
   16628   rc = Parse_TPM_RC(
   16629       &buffer,
   16630       &response_code,
   16631       &response_code_bytes);
   16632   if (rc != TPM_RC_SUCCESS) {
   16633     return rc;
   16634   }
   16635   if (response_size != response.size()) {
   16636     return TPM_RC_SIZE;
   16637   }
   16638   if (response_code != TPM_RC_SUCCESS) {
   16639     return response_code;
   16640   }
   16641   TPM_CC command_code = TPM_CC_ZGen_2Phase;
   16642   std::string command_code_bytes;
   16643   rc = Serialize_TPM_CC(
   16644       command_code,
   16645       &command_code_bytes);
   16646   if (rc != TPM_RC_SUCCESS) {
   16647     return rc;
   16648   }
   16649   std::string authorization_section_bytes;
   16650   if (tag == TPM_ST_SESSIONS) {
   16651     UINT32 parameter_section_size = buffer.size();
   16652     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   16653     if (rc != TPM_RC_SUCCESS) {
   16654       return rc;
   16655     }
   16656     if (parameter_section_size > buffer.size()) {
   16657       return TPM_RC_INSUFFICIENT;
   16658     }
   16659     authorization_section_bytes = buffer.substr(parameter_section_size);
   16660     // Keep the parameter section in |buffer|.
   16661     buffer.erase(parameter_section_size);
   16662   }
   16663   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   16664       crypto::SecureHash::SHA256));
   16665   hash->Update(response_code_bytes.data(),
   16666                response_code_bytes.size());
   16667   hash->Update(command_code_bytes.data(),
   16668                command_code_bytes.size());
   16669   hash->Update(buffer.data(),
   16670                buffer.size());
   16671   std::string response_hash(32, 0);
   16672   hash->Finish(string_as_array(&response_hash), response_hash.size());
   16673   if (tag == TPM_ST_SESSIONS) {
   16674     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16675     if (!authorization_delegate->CheckResponseAuthorization(
   16676         response_hash,
   16677         authorization_section_bytes)) {
   16678       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16679     }
   16680   }
   16681   std::string out_z1_bytes;
   16682   rc = Parse_TPM2B_ECC_POINT(
   16683       &buffer,
   16684       out_z1,
   16685       &out_z1_bytes);
   16686   if (rc != TPM_RC_SUCCESS) {
   16687     return rc;
   16688   }
   16689   std::string out_z2_bytes;
   16690   rc = Parse_TPM2B_ECC_POINT(
   16691       &buffer,
   16692       out_z2,
   16693       &out_z2_bytes);
   16694   if (rc != TPM_RC_SUCCESS) {
   16695     return rc;
   16696   }
   16697   if (tag == TPM_ST_SESSIONS) {
   16698     CHECK(authorization_delegate) << "Authorization delegate missing!";
   16699     // Decrypt just the parameter data, not the size.
   16700     std::string tmp = out_z1_bytes.substr(2);
   16701     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   16702       return TRUNKS_RC_ENCRYPTION_FAILED;
   16703     }
   16704     out_z1_bytes.replace(2, std::string::npos, tmp);
   16705     rc = Parse_TPM2B_ECC_POINT(
   16706         &out_z1_bytes,
   16707         out_z1,
   16708         nullptr);
   16709     if (rc != TPM_RC_SUCCESS) {
   16710       return rc;
   16711     }
   16712   }
   16713   return TPM_RC_SUCCESS;
   16714 }
   16715 
   16716 void ZGen_2PhaseErrorCallback(
   16717     const Tpm::ZGen_2PhaseResponse& callback,
   16718     TPM_RC response_code) {
   16719   VLOG(1) << __func__;
   16720   callback.Run(response_code,
   16721                TPM2B_ECC_POINT(),
   16722                TPM2B_ECC_POINT());
   16723 }
   16724 
   16725 void ZGen_2PhaseResponseParser(
   16726     const Tpm::ZGen_2PhaseResponse& callback,
   16727     AuthorizationDelegate* authorization_delegate,
   16728     const std::string& response) {
   16729   VLOG(1) << __func__;
   16730   base::Callback<void(TPM_RC)> error_reporter =
   16731       base::Bind(ZGen_2PhaseErrorCallback, callback);
   16732   TPM2B_ECC_POINT out_z1;
   16733   TPM2B_ECC_POINT out_z2;
   16734   TPM_RC rc = Tpm::ParseResponse_ZGen_2Phase(
   16735       response,
   16736       &out_z1,
   16737       &out_z2,
   16738       authorization_delegate);
   16739   if (rc != TPM_RC_SUCCESS) {
   16740     error_reporter.Run(rc);
   16741     return;
   16742   }
   16743   callback.Run(
   16744       rc,
   16745       out_z1,
   16746       out_z2);
   16747 }
   16748 
   16749 void Tpm::ZGen_2Phase(
   16750       const TPMI_DH_OBJECT& key_a,
   16751       const std::string& key_a_name,
   16752       const TPM2B_ECC_POINT& in_qs_b,
   16753       const TPM2B_ECC_POINT& in_qe_b,
   16754       const TPMI_ECC_KEY_EXCHANGE& in_scheme,
   16755       const UINT16& counter,
   16756       AuthorizationDelegate* authorization_delegate,
   16757       const ZGen_2PhaseResponse& callback) {
   16758   VLOG(1) << __func__;
   16759   base::Callback<void(TPM_RC)> error_reporter =
   16760       base::Bind(ZGen_2PhaseErrorCallback, callback);
   16761   base::Callback<void(const std::string&)> parser =
   16762       base::Bind(ZGen_2PhaseResponseParser,
   16763                  callback,
   16764                  authorization_delegate);
   16765   std::string command;
   16766   TPM_RC rc = SerializeCommand_ZGen_2Phase(
   16767       key_a,
   16768       key_a_name,
   16769       in_qs_b,
   16770       in_qe_b,
   16771       in_scheme,
   16772       counter,
   16773       &command,
   16774       authorization_delegate);
   16775   if (rc != TPM_RC_SUCCESS) {
   16776     error_reporter.Run(rc);
   16777     return;
   16778   }
   16779   transceiver_->SendCommand(command, parser);
   16780 }
   16781 
   16782 TPM_RC Tpm::ZGen_2PhaseSync(
   16783       const TPMI_DH_OBJECT& key_a,
   16784       const std::string& key_a_name,
   16785       const TPM2B_ECC_POINT& in_qs_b,
   16786       const TPM2B_ECC_POINT& in_qe_b,
   16787       const TPMI_ECC_KEY_EXCHANGE& in_scheme,
   16788       const UINT16& counter,
   16789       TPM2B_ECC_POINT* out_z1,
   16790       TPM2B_ECC_POINT* out_z2,
   16791       AuthorizationDelegate* authorization_delegate) {
   16792   VLOG(1) << __func__;
   16793   std::string command;
   16794   TPM_RC rc = SerializeCommand_ZGen_2Phase(
   16795       key_a,
   16796       key_a_name,
   16797       in_qs_b,
   16798       in_qe_b,
   16799       in_scheme,
   16800       counter,
   16801       &command,
   16802       authorization_delegate);
   16803   if (rc != TPM_RC_SUCCESS) {
   16804     return rc;
   16805   }
   16806   std::string response = transceiver_->SendCommandAndWait(command);
   16807   rc = ParseResponse_ZGen_2Phase(
   16808       response,
   16809       out_z1,
   16810       out_z2,
   16811       authorization_delegate);
   16812   return rc;
   16813 }
   16814 
   16815 TPM_RC Tpm::SerializeCommand_EncryptDecrypt(
   16816       const TPMI_DH_OBJECT& key_handle,
   16817       const std::string& key_handle_name,
   16818       const TPMI_YES_NO& decrypt,
   16819       const TPMI_ALG_SYM_MODE& mode,
   16820       const TPM2B_IV& iv_in,
   16821       const TPM2B_MAX_BUFFER& in_data,
   16822       std::string* serialized_command,
   16823       AuthorizationDelegate* authorization_delegate) {
   16824   VLOG(3) << __func__;
   16825   TPM_RC rc = TPM_RC_SUCCESS;
   16826   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   16827   UINT32 command_size = 10;  // Header size.
   16828   std::string handle_section_bytes;
   16829   std::string parameter_section_bytes;
   16830   TPM_CC command_code = TPM_CC_EncryptDecrypt;
   16831   bool is_command_parameter_encryption_possible = false;
   16832   bool is_response_parameter_encryption_possible = true;
   16833   std::string command_code_bytes;
   16834   rc = Serialize_TPM_CC(
   16835       command_code,
   16836       &command_code_bytes);
   16837   if (rc != TPM_RC_SUCCESS) {
   16838     return rc;
   16839   }
   16840   std::string key_handle_bytes;
   16841   rc = Serialize_TPMI_DH_OBJECT(
   16842       key_handle,
   16843       &key_handle_bytes);
   16844   if (rc != TPM_RC_SUCCESS) {
   16845     return rc;
   16846   }
   16847   std::string decrypt_bytes;
   16848   rc = Serialize_TPMI_YES_NO(
   16849       decrypt,
   16850       &decrypt_bytes);
   16851   if (rc != TPM_RC_SUCCESS) {
   16852     return rc;
   16853   }
   16854   std::string mode_bytes;
   16855   rc = Serialize_TPMI_ALG_SYM_MODE(
   16856       mode,
   16857       &mode_bytes);
   16858   if (rc != TPM_RC_SUCCESS) {
   16859     return rc;
   16860   }
   16861   std::string iv_in_bytes;
   16862   rc = Serialize_TPM2B_IV(
   16863       iv_in,
   16864       &iv_in_bytes);
   16865   if (rc != TPM_RC_SUCCESS) {
   16866     return rc;
   16867   }
   16868   std::string in_data_bytes;
   16869   rc = Serialize_TPM2B_MAX_BUFFER(
   16870       in_data,
   16871       &in_data_bytes);
   16872   if (rc != TPM_RC_SUCCESS) {
   16873     return rc;
   16874   }
   16875   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   16876       crypto::SecureHash::SHA256));
   16877   hash->Update(command_code_bytes.data(),
   16878                command_code_bytes.size());
   16879   hash->Update(key_handle_name.data(),
   16880                key_handle_name.size());
   16881   handle_section_bytes += key_handle_bytes;
   16882   command_size += key_handle_bytes.size();
   16883   hash->Update(decrypt_bytes.data(),
   16884                decrypt_bytes.size());
   16885   parameter_section_bytes += decrypt_bytes;
   16886   command_size += decrypt_bytes.size();
   16887   hash->Update(mode_bytes.data(),
   16888                mode_bytes.size());
   16889   parameter_section_bytes += mode_bytes;
   16890   command_size += mode_bytes.size();
   16891   hash->Update(iv_in_bytes.data(),
   16892                iv_in_bytes.size());
   16893   parameter_section_bytes += iv_in_bytes;
   16894   command_size += iv_in_bytes.size();
   16895   hash->Update(in_data_bytes.data(),
   16896                in_data_bytes.size());
   16897   parameter_section_bytes += in_data_bytes;
   16898   command_size += in_data_bytes.size();
   16899   std::string command_hash(32, 0);
   16900   hash->Finish(string_as_array(&command_hash), command_hash.size());
   16901   std::string authorization_section_bytes;
   16902   std::string authorization_size_bytes;
   16903   if (authorization_delegate) {
   16904     if (!authorization_delegate->GetCommandAuthorization(
   16905         command_hash,
   16906         is_command_parameter_encryption_possible,
   16907         is_response_parameter_encryption_possible,
   16908         &authorization_section_bytes)) {
   16909       return TRUNKS_RC_AUTHORIZATION_FAILED;
   16910     }
   16911     if (!authorization_section_bytes.empty()) {
   16912       tag = TPM_ST_SESSIONS;
   16913       std::string tmp;
   16914       rc = Serialize_UINT32(authorization_section_bytes.size(),
   16915                             &authorization_size_bytes);
   16916       if (rc != TPM_RC_SUCCESS) {
   16917         return rc;
   16918       }
   16919       command_size += authorization_size_bytes.size() +
   16920                       authorization_section_bytes.size();
   16921     }
   16922   }
   16923   std::string tag_bytes;
   16924   rc = Serialize_TPMI_ST_COMMAND_TAG(
   16925       tag,
   16926       &tag_bytes);
   16927   if (rc != TPM_RC_SUCCESS) {
   16928     return rc;
   16929   }
   16930   std::string command_size_bytes;
   16931   rc = Serialize_UINT32(
   16932       command_size,
   16933       &command_size_bytes);
   16934   if (rc != TPM_RC_SUCCESS) {
   16935     return rc;
   16936   }
   16937   *serialized_command = tag_bytes +
   16938                         command_size_bytes +
   16939                         command_code_bytes +
   16940                         handle_section_bytes +
   16941                         authorization_size_bytes +
   16942                         authorization_section_bytes +
   16943                         parameter_section_bytes;
   16944   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   16945   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   16946                                             serialized_command->size());
   16947   return TPM_RC_SUCCESS;
   16948 }
   16949 
   16950 TPM_RC Tpm::ParseResponse_EncryptDecrypt(
   16951       const std::string& response,
   16952       TPM2B_MAX_BUFFER* out_data,
   16953       TPM2B_IV* iv_out,
   16954       AuthorizationDelegate* authorization_delegate) {
   16955   VLOG(3) << __func__;
   16956   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   16957   TPM_RC rc = TPM_RC_SUCCESS;
   16958   std::string buffer(response);
   16959   TPM_ST tag;
   16960   std::string tag_bytes;
   16961   rc = Parse_TPM_ST(
   16962       &buffer,
   16963       &tag,
   16964       &tag_bytes);
   16965   if (rc != TPM_RC_SUCCESS) {
   16966     return rc;
   16967   }
   16968   UINT32 response_size;
   16969   std::string response_size_bytes;
   16970   rc = Parse_UINT32(
   16971       &buffer,
   16972       &response_size,
   16973       &response_size_bytes);
   16974   if (rc != TPM_RC_SUCCESS) {
   16975     return rc;
   16976   }
   16977   TPM_RC response_code;
   16978   std::string response_code_bytes;
   16979   rc = Parse_TPM_RC(
   16980       &buffer,
   16981       &response_code,
   16982       &response_code_bytes);
   16983   if (rc != TPM_RC_SUCCESS) {
   16984     return rc;
   16985   }
   16986   if (response_size != response.size()) {
   16987     return TPM_RC_SIZE;
   16988   }
   16989   if (response_code != TPM_RC_SUCCESS) {
   16990     return response_code;
   16991   }
   16992   TPM_CC command_code = TPM_CC_EncryptDecrypt;
   16993   std::string command_code_bytes;
   16994   rc = Serialize_TPM_CC(
   16995       command_code,
   16996       &command_code_bytes);
   16997   if (rc != TPM_RC_SUCCESS) {
   16998     return rc;
   16999   }
   17000   std::string authorization_section_bytes;
   17001   if (tag == TPM_ST_SESSIONS) {
   17002     UINT32 parameter_section_size = buffer.size();
   17003     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   17004     if (rc != TPM_RC_SUCCESS) {
   17005       return rc;
   17006     }
   17007     if (parameter_section_size > buffer.size()) {
   17008       return TPM_RC_INSUFFICIENT;
   17009     }
   17010     authorization_section_bytes = buffer.substr(parameter_section_size);
   17011     // Keep the parameter section in |buffer|.
   17012     buffer.erase(parameter_section_size);
   17013   }
   17014   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   17015       crypto::SecureHash::SHA256));
   17016   hash->Update(response_code_bytes.data(),
   17017                response_code_bytes.size());
   17018   hash->Update(command_code_bytes.data(),
   17019                command_code_bytes.size());
   17020   hash->Update(buffer.data(),
   17021                buffer.size());
   17022   std::string response_hash(32, 0);
   17023   hash->Finish(string_as_array(&response_hash), response_hash.size());
   17024   if (tag == TPM_ST_SESSIONS) {
   17025     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17026     if (!authorization_delegate->CheckResponseAuthorization(
   17027         response_hash,
   17028         authorization_section_bytes)) {
   17029       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17030     }
   17031   }
   17032   std::string out_data_bytes;
   17033   rc = Parse_TPM2B_MAX_BUFFER(
   17034       &buffer,
   17035       out_data,
   17036       &out_data_bytes);
   17037   if (rc != TPM_RC_SUCCESS) {
   17038     return rc;
   17039   }
   17040   std::string iv_out_bytes;
   17041   rc = Parse_TPM2B_IV(
   17042       &buffer,
   17043       iv_out,
   17044       &iv_out_bytes);
   17045   if (rc != TPM_RC_SUCCESS) {
   17046     return rc;
   17047   }
   17048   if (tag == TPM_ST_SESSIONS) {
   17049     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17050     // Decrypt just the parameter data, not the size.
   17051     std::string tmp = out_data_bytes.substr(2);
   17052     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   17053       return TRUNKS_RC_ENCRYPTION_FAILED;
   17054     }
   17055     out_data_bytes.replace(2, std::string::npos, tmp);
   17056     rc = Parse_TPM2B_MAX_BUFFER(
   17057         &out_data_bytes,
   17058         out_data,
   17059         nullptr);
   17060     if (rc != TPM_RC_SUCCESS) {
   17061       return rc;
   17062     }
   17063   }
   17064   return TPM_RC_SUCCESS;
   17065 }
   17066 
   17067 void EncryptDecryptErrorCallback(
   17068     const Tpm::EncryptDecryptResponse& callback,
   17069     TPM_RC response_code) {
   17070   VLOG(1) << __func__;
   17071   callback.Run(response_code,
   17072                TPM2B_MAX_BUFFER(),
   17073                TPM2B_IV());
   17074 }
   17075 
   17076 void EncryptDecryptResponseParser(
   17077     const Tpm::EncryptDecryptResponse& callback,
   17078     AuthorizationDelegate* authorization_delegate,
   17079     const std::string& response) {
   17080   VLOG(1) << __func__;
   17081   base::Callback<void(TPM_RC)> error_reporter =
   17082       base::Bind(EncryptDecryptErrorCallback, callback);
   17083   TPM2B_MAX_BUFFER out_data;
   17084   TPM2B_IV iv_out;
   17085   TPM_RC rc = Tpm::ParseResponse_EncryptDecrypt(
   17086       response,
   17087       &out_data,
   17088       &iv_out,
   17089       authorization_delegate);
   17090   if (rc != TPM_RC_SUCCESS) {
   17091     error_reporter.Run(rc);
   17092     return;
   17093   }
   17094   callback.Run(
   17095       rc,
   17096       out_data,
   17097       iv_out);
   17098 }
   17099 
   17100 void Tpm::EncryptDecrypt(
   17101       const TPMI_DH_OBJECT& key_handle,
   17102       const std::string& key_handle_name,
   17103       const TPMI_YES_NO& decrypt,
   17104       const TPMI_ALG_SYM_MODE& mode,
   17105       const TPM2B_IV& iv_in,
   17106       const TPM2B_MAX_BUFFER& in_data,
   17107       AuthorizationDelegate* authorization_delegate,
   17108       const EncryptDecryptResponse& callback) {
   17109   VLOG(1) << __func__;
   17110   base::Callback<void(TPM_RC)> error_reporter =
   17111       base::Bind(EncryptDecryptErrorCallback, callback);
   17112   base::Callback<void(const std::string&)> parser =
   17113       base::Bind(EncryptDecryptResponseParser,
   17114                  callback,
   17115                  authorization_delegate);
   17116   std::string command;
   17117   TPM_RC rc = SerializeCommand_EncryptDecrypt(
   17118       key_handle,
   17119       key_handle_name,
   17120       decrypt,
   17121       mode,
   17122       iv_in,
   17123       in_data,
   17124       &command,
   17125       authorization_delegate);
   17126   if (rc != TPM_RC_SUCCESS) {
   17127     error_reporter.Run(rc);
   17128     return;
   17129   }
   17130   transceiver_->SendCommand(command, parser);
   17131 }
   17132 
   17133 TPM_RC Tpm::EncryptDecryptSync(
   17134       const TPMI_DH_OBJECT& key_handle,
   17135       const std::string& key_handle_name,
   17136       const TPMI_YES_NO& decrypt,
   17137       const TPMI_ALG_SYM_MODE& mode,
   17138       const TPM2B_IV& iv_in,
   17139       const TPM2B_MAX_BUFFER& in_data,
   17140       TPM2B_MAX_BUFFER* out_data,
   17141       TPM2B_IV* iv_out,
   17142       AuthorizationDelegate* authorization_delegate) {
   17143   VLOG(1) << __func__;
   17144   std::string command;
   17145   TPM_RC rc = SerializeCommand_EncryptDecrypt(
   17146       key_handle,
   17147       key_handle_name,
   17148       decrypt,
   17149       mode,
   17150       iv_in,
   17151       in_data,
   17152       &command,
   17153       authorization_delegate);
   17154   if (rc != TPM_RC_SUCCESS) {
   17155     return rc;
   17156   }
   17157   std::string response = transceiver_->SendCommandAndWait(command);
   17158   rc = ParseResponse_EncryptDecrypt(
   17159       response,
   17160       out_data,
   17161       iv_out,
   17162       authorization_delegate);
   17163   return rc;
   17164 }
   17165 
   17166 TPM_RC Tpm::SerializeCommand_Hash(
   17167       const TPM2B_MAX_BUFFER& data,
   17168       const TPMI_ALG_HASH& hash_alg,
   17169       const TPMI_RH_HIERARCHY& hierarchy,
   17170       std::string* serialized_command,
   17171       AuthorizationDelegate* authorization_delegate) {
   17172   VLOG(3) << __func__;
   17173   TPM_RC rc = TPM_RC_SUCCESS;
   17174   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   17175   UINT32 command_size = 10;  // Header size.
   17176   std::string handle_section_bytes;
   17177   std::string parameter_section_bytes;
   17178   TPM_CC command_code = TPM_CC_Hash;
   17179   bool is_command_parameter_encryption_possible = true;
   17180   bool is_response_parameter_encryption_possible = true;
   17181   std::string command_code_bytes;
   17182   rc = Serialize_TPM_CC(
   17183       command_code,
   17184       &command_code_bytes);
   17185   if (rc != TPM_RC_SUCCESS) {
   17186     return rc;
   17187   }
   17188   std::string data_bytes;
   17189   rc = Serialize_TPM2B_MAX_BUFFER(
   17190       data,
   17191       &data_bytes);
   17192   if (rc != TPM_RC_SUCCESS) {
   17193     return rc;
   17194   }
   17195   std::string hash_alg_bytes;
   17196   rc = Serialize_TPMI_ALG_HASH(
   17197       hash_alg,
   17198       &hash_alg_bytes);
   17199   if (rc != TPM_RC_SUCCESS) {
   17200     return rc;
   17201   }
   17202   std::string hierarchy_bytes;
   17203   rc = Serialize_TPMI_RH_HIERARCHY(
   17204       hierarchy,
   17205       &hierarchy_bytes);
   17206   if (rc != TPM_RC_SUCCESS) {
   17207     return rc;
   17208   }
   17209   if (authorization_delegate) {
   17210     // Encrypt just the parameter data, not the size.
   17211     std::string tmp = data_bytes.substr(2);
   17212     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   17213       return TRUNKS_RC_ENCRYPTION_FAILED;
   17214     }
   17215     data_bytes.replace(2, std::string::npos, tmp);
   17216   }
   17217   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   17218       crypto::SecureHash::SHA256));
   17219   hash->Update(command_code_bytes.data(),
   17220                command_code_bytes.size());
   17221   hash->Update(data_bytes.data(),
   17222                data_bytes.size());
   17223   parameter_section_bytes += data_bytes;
   17224   command_size += data_bytes.size();
   17225   hash->Update(hash_alg_bytes.data(),
   17226                hash_alg_bytes.size());
   17227   parameter_section_bytes += hash_alg_bytes;
   17228   command_size += hash_alg_bytes.size();
   17229   hash->Update(hierarchy_bytes.data(),
   17230                hierarchy_bytes.size());
   17231   parameter_section_bytes += hierarchy_bytes;
   17232   command_size += hierarchy_bytes.size();
   17233   std::string command_hash(32, 0);
   17234   hash->Finish(string_as_array(&command_hash), command_hash.size());
   17235   std::string authorization_section_bytes;
   17236   std::string authorization_size_bytes;
   17237   if (authorization_delegate) {
   17238     if (!authorization_delegate->GetCommandAuthorization(
   17239         command_hash,
   17240         is_command_parameter_encryption_possible,
   17241         is_response_parameter_encryption_possible,
   17242         &authorization_section_bytes)) {
   17243       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17244     }
   17245     if (!authorization_section_bytes.empty()) {
   17246       tag = TPM_ST_SESSIONS;
   17247       std::string tmp;
   17248       rc = Serialize_UINT32(authorization_section_bytes.size(),
   17249                             &authorization_size_bytes);
   17250       if (rc != TPM_RC_SUCCESS) {
   17251         return rc;
   17252       }
   17253       command_size += authorization_size_bytes.size() +
   17254                       authorization_section_bytes.size();
   17255     }
   17256   }
   17257   std::string tag_bytes;
   17258   rc = Serialize_TPMI_ST_COMMAND_TAG(
   17259       tag,
   17260       &tag_bytes);
   17261   if (rc != TPM_RC_SUCCESS) {
   17262     return rc;
   17263   }
   17264   std::string command_size_bytes;
   17265   rc = Serialize_UINT32(
   17266       command_size,
   17267       &command_size_bytes);
   17268   if (rc != TPM_RC_SUCCESS) {
   17269     return rc;
   17270   }
   17271   *serialized_command = tag_bytes +
   17272                         command_size_bytes +
   17273                         command_code_bytes +
   17274                         handle_section_bytes +
   17275                         authorization_size_bytes +
   17276                         authorization_section_bytes +
   17277                         parameter_section_bytes;
   17278   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   17279   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   17280                                             serialized_command->size());
   17281   return TPM_RC_SUCCESS;
   17282 }
   17283 
   17284 TPM_RC Tpm::ParseResponse_Hash(
   17285       const std::string& response,
   17286       TPM2B_DIGEST* out_hash,
   17287       TPMT_TK_HASHCHECK* validation,
   17288       AuthorizationDelegate* authorization_delegate) {
   17289   VLOG(3) << __func__;
   17290   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   17291   TPM_RC rc = TPM_RC_SUCCESS;
   17292   std::string buffer(response);
   17293   TPM_ST tag;
   17294   std::string tag_bytes;
   17295   rc = Parse_TPM_ST(
   17296       &buffer,
   17297       &tag,
   17298       &tag_bytes);
   17299   if (rc != TPM_RC_SUCCESS) {
   17300     return rc;
   17301   }
   17302   UINT32 response_size;
   17303   std::string response_size_bytes;
   17304   rc = Parse_UINT32(
   17305       &buffer,
   17306       &response_size,
   17307       &response_size_bytes);
   17308   if (rc != TPM_RC_SUCCESS) {
   17309     return rc;
   17310   }
   17311   TPM_RC response_code;
   17312   std::string response_code_bytes;
   17313   rc = Parse_TPM_RC(
   17314       &buffer,
   17315       &response_code,
   17316       &response_code_bytes);
   17317   if (rc != TPM_RC_SUCCESS) {
   17318     return rc;
   17319   }
   17320   if (response_size != response.size()) {
   17321     return TPM_RC_SIZE;
   17322   }
   17323   if (response_code != TPM_RC_SUCCESS) {
   17324     return response_code;
   17325   }
   17326   TPM_CC command_code = TPM_CC_Hash;
   17327   std::string command_code_bytes;
   17328   rc = Serialize_TPM_CC(
   17329       command_code,
   17330       &command_code_bytes);
   17331   if (rc != TPM_RC_SUCCESS) {
   17332     return rc;
   17333   }
   17334   std::string authorization_section_bytes;
   17335   if (tag == TPM_ST_SESSIONS) {
   17336     UINT32 parameter_section_size = buffer.size();
   17337     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   17338     if (rc != TPM_RC_SUCCESS) {
   17339       return rc;
   17340     }
   17341     if (parameter_section_size > buffer.size()) {
   17342       return TPM_RC_INSUFFICIENT;
   17343     }
   17344     authorization_section_bytes = buffer.substr(parameter_section_size);
   17345     // Keep the parameter section in |buffer|.
   17346     buffer.erase(parameter_section_size);
   17347   }
   17348   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   17349       crypto::SecureHash::SHA256));
   17350   hash->Update(response_code_bytes.data(),
   17351                response_code_bytes.size());
   17352   hash->Update(command_code_bytes.data(),
   17353                command_code_bytes.size());
   17354   hash->Update(buffer.data(),
   17355                buffer.size());
   17356   std::string response_hash(32, 0);
   17357   hash->Finish(string_as_array(&response_hash), response_hash.size());
   17358   if (tag == TPM_ST_SESSIONS) {
   17359     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17360     if (!authorization_delegate->CheckResponseAuthorization(
   17361         response_hash,
   17362         authorization_section_bytes)) {
   17363       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17364     }
   17365   }
   17366   std::string out_hash_bytes;
   17367   rc = Parse_TPM2B_DIGEST(
   17368       &buffer,
   17369       out_hash,
   17370       &out_hash_bytes);
   17371   if (rc != TPM_RC_SUCCESS) {
   17372     return rc;
   17373   }
   17374   std::string validation_bytes;
   17375   rc = Parse_TPMT_TK_HASHCHECK(
   17376       &buffer,
   17377       validation,
   17378       &validation_bytes);
   17379   if (rc != TPM_RC_SUCCESS) {
   17380     return rc;
   17381   }
   17382   if (tag == TPM_ST_SESSIONS) {
   17383     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17384     // Decrypt just the parameter data, not the size.
   17385     std::string tmp = out_hash_bytes.substr(2);
   17386     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   17387       return TRUNKS_RC_ENCRYPTION_FAILED;
   17388     }
   17389     out_hash_bytes.replace(2, std::string::npos, tmp);
   17390     rc = Parse_TPM2B_DIGEST(
   17391         &out_hash_bytes,
   17392         out_hash,
   17393         nullptr);
   17394     if (rc != TPM_RC_SUCCESS) {
   17395       return rc;
   17396     }
   17397   }
   17398   return TPM_RC_SUCCESS;
   17399 }
   17400 
   17401 void HashErrorCallback(
   17402     const Tpm::HashResponse& callback,
   17403     TPM_RC response_code) {
   17404   VLOG(1) << __func__;
   17405   callback.Run(response_code,
   17406                TPM2B_DIGEST(),
   17407                TPMT_TK_HASHCHECK());
   17408 }
   17409 
   17410 void HashResponseParser(
   17411     const Tpm::HashResponse& callback,
   17412     AuthorizationDelegate* authorization_delegate,
   17413     const std::string& response) {
   17414   VLOG(1) << __func__;
   17415   base::Callback<void(TPM_RC)> error_reporter =
   17416       base::Bind(HashErrorCallback, callback);
   17417   TPM2B_DIGEST out_hash;
   17418   TPMT_TK_HASHCHECK validation;
   17419   TPM_RC rc = Tpm::ParseResponse_Hash(
   17420       response,
   17421       &out_hash,
   17422       &validation,
   17423       authorization_delegate);
   17424   if (rc != TPM_RC_SUCCESS) {
   17425     error_reporter.Run(rc);
   17426     return;
   17427   }
   17428   callback.Run(
   17429       rc,
   17430       out_hash,
   17431       validation);
   17432 }
   17433 
   17434 void Tpm::Hash(
   17435       const TPM2B_MAX_BUFFER& data,
   17436       const TPMI_ALG_HASH& hash_alg,
   17437       const TPMI_RH_HIERARCHY& hierarchy,
   17438       AuthorizationDelegate* authorization_delegate,
   17439       const HashResponse& callback) {
   17440   VLOG(1) << __func__;
   17441   base::Callback<void(TPM_RC)> error_reporter =
   17442       base::Bind(HashErrorCallback, callback);
   17443   base::Callback<void(const std::string&)> parser =
   17444       base::Bind(HashResponseParser,
   17445                  callback,
   17446                  authorization_delegate);
   17447   std::string command;
   17448   TPM_RC rc = SerializeCommand_Hash(
   17449       data,
   17450       hash_alg,
   17451       hierarchy,
   17452       &command,
   17453       authorization_delegate);
   17454   if (rc != TPM_RC_SUCCESS) {
   17455     error_reporter.Run(rc);
   17456     return;
   17457   }
   17458   transceiver_->SendCommand(command, parser);
   17459 }
   17460 
   17461 TPM_RC Tpm::HashSync(
   17462       const TPM2B_MAX_BUFFER& data,
   17463       const TPMI_ALG_HASH& hash_alg,
   17464       const TPMI_RH_HIERARCHY& hierarchy,
   17465       TPM2B_DIGEST* out_hash,
   17466       TPMT_TK_HASHCHECK* validation,
   17467       AuthorizationDelegate* authorization_delegate) {
   17468   VLOG(1) << __func__;
   17469   std::string command;
   17470   TPM_RC rc = SerializeCommand_Hash(
   17471       data,
   17472       hash_alg,
   17473       hierarchy,
   17474       &command,
   17475       authorization_delegate);
   17476   if (rc != TPM_RC_SUCCESS) {
   17477     return rc;
   17478   }
   17479   std::string response = transceiver_->SendCommandAndWait(command);
   17480   rc = ParseResponse_Hash(
   17481       response,
   17482       out_hash,
   17483       validation,
   17484       authorization_delegate);
   17485   return rc;
   17486 }
   17487 
   17488 TPM_RC Tpm::SerializeCommand_HMAC(
   17489       const TPMI_DH_OBJECT& handle,
   17490       const std::string& handle_name,
   17491       const TPM2B_MAX_BUFFER& buffer,
   17492       const TPMI_ALG_HASH& hash_alg,
   17493       std::string* serialized_command,
   17494       AuthorizationDelegate* authorization_delegate) {
   17495   VLOG(3) << __func__;
   17496   TPM_RC rc = TPM_RC_SUCCESS;
   17497   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   17498   UINT32 command_size = 10;  // Header size.
   17499   std::string handle_section_bytes;
   17500   std::string parameter_section_bytes;
   17501   TPM_CC command_code = TPM_CC_HMAC;
   17502   bool is_command_parameter_encryption_possible = true;
   17503   bool is_response_parameter_encryption_possible = true;
   17504   std::string command_code_bytes;
   17505   rc = Serialize_TPM_CC(
   17506       command_code,
   17507       &command_code_bytes);
   17508   if (rc != TPM_RC_SUCCESS) {
   17509     return rc;
   17510   }
   17511   std::string handle_bytes;
   17512   rc = Serialize_TPMI_DH_OBJECT(
   17513       handle,
   17514       &handle_bytes);
   17515   if (rc != TPM_RC_SUCCESS) {
   17516     return rc;
   17517   }
   17518   std::string buffer_bytes;
   17519   rc = Serialize_TPM2B_MAX_BUFFER(
   17520       buffer,
   17521       &buffer_bytes);
   17522   if (rc != TPM_RC_SUCCESS) {
   17523     return rc;
   17524   }
   17525   std::string hash_alg_bytes;
   17526   rc = Serialize_TPMI_ALG_HASH(
   17527       hash_alg,
   17528       &hash_alg_bytes);
   17529   if (rc != TPM_RC_SUCCESS) {
   17530     return rc;
   17531   }
   17532   if (authorization_delegate) {
   17533     // Encrypt just the parameter data, not the size.
   17534     std::string tmp = buffer_bytes.substr(2);
   17535     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   17536       return TRUNKS_RC_ENCRYPTION_FAILED;
   17537     }
   17538     buffer_bytes.replace(2, std::string::npos, tmp);
   17539   }
   17540   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   17541       crypto::SecureHash::SHA256));
   17542   hash->Update(command_code_bytes.data(),
   17543                command_code_bytes.size());
   17544   hash->Update(handle_name.data(),
   17545                handle_name.size());
   17546   handle_section_bytes += handle_bytes;
   17547   command_size += handle_bytes.size();
   17548   hash->Update(buffer_bytes.data(),
   17549                buffer_bytes.size());
   17550   parameter_section_bytes += buffer_bytes;
   17551   command_size += buffer_bytes.size();
   17552   hash->Update(hash_alg_bytes.data(),
   17553                hash_alg_bytes.size());
   17554   parameter_section_bytes += hash_alg_bytes;
   17555   command_size += hash_alg_bytes.size();
   17556   std::string command_hash(32, 0);
   17557   hash->Finish(string_as_array(&command_hash), command_hash.size());
   17558   std::string authorization_section_bytes;
   17559   std::string authorization_size_bytes;
   17560   if (authorization_delegate) {
   17561     if (!authorization_delegate->GetCommandAuthorization(
   17562         command_hash,
   17563         is_command_parameter_encryption_possible,
   17564         is_response_parameter_encryption_possible,
   17565         &authorization_section_bytes)) {
   17566       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17567     }
   17568     if (!authorization_section_bytes.empty()) {
   17569       tag = TPM_ST_SESSIONS;
   17570       std::string tmp;
   17571       rc = Serialize_UINT32(authorization_section_bytes.size(),
   17572                             &authorization_size_bytes);
   17573       if (rc != TPM_RC_SUCCESS) {
   17574         return rc;
   17575       }
   17576       command_size += authorization_size_bytes.size() +
   17577                       authorization_section_bytes.size();
   17578     }
   17579   }
   17580   std::string tag_bytes;
   17581   rc = Serialize_TPMI_ST_COMMAND_TAG(
   17582       tag,
   17583       &tag_bytes);
   17584   if (rc != TPM_RC_SUCCESS) {
   17585     return rc;
   17586   }
   17587   std::string command_size_bytes;
   17588   rc = Serialize_UINT32(
   17589       command_size,
   17590       &command_size_bytes);
   17591   if (rc != TPM_RC_SUCCESS) {
   17592     return rc;
   17593   }
   17594   *serialized_command = tag_bytes +
   17595                         command_size_bytes +
   17596                         command_code_bytes +
   17597                         handle_section_bytes +
   17598                         authorization_size_bytes +
   17599                         authorization_section_bytes +
   17600                         parameter_section_bytes;
   17601   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   17602   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   17603                                             serialized_command->size());
   17604   return TPM_RC_SUCCESS;
   17605 }
   17606 
   17607 TPM_RC Tpm::ParseResponse_HMAC(
   17608       const std::string& response,
   17609       TPM2B_DIGEST* out_hmac,
   17610       AuthorizationDelegate* authorization_delegate) {
   17611   VLOG(3) << __func__;
   17612   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   17613   TPM_RC rc = TPM_RC_SUCCESS;
   17614   std::string buffer(response);
   17615   TPM_ST tag;
   17616   std::string tag_bytes;
   17617   rc = Parse_TPM_ST(
   17618       &buffer,
   17619       &tag,
   17620       &tag_bytes);
   17621   if (rc != TPM_RC_SUCCESS) {
   17622     return rc;
   17623   }
   17624   UINT32 response_size;
   17625   std::string response_size_bytes;
   17626   rc = Parse_UINT32(
   17627       &buffer,
   17628       &response_size,
   17629       &response_size_bytes);
   17630   if (rc != TPM_RC_SUCCESS) {
   17631     return rc;
   17632   }
   17633   TPM_RC response_code;
   17634   std::string response_code_bytes;
   17635   rc = Parse_TPM_RC(
   17636       &buffer,
   17637       &response_code,
   17638       &response_code_bytes);
   17639   if (rc != TPM_RC_SUCCESS) {
   17640     return rc;
   17641   }
   17642   if (response_size != response.size()) {
   17643     return TPM_RC_SIZE;
   17644   }
   17645   if (response_code != TPM_RC_SUCCESS) {
   17646     return response_code;
   17647   }
   17648   TPM_CC command_code = TPM_CC_HMAC;
   17649   std::string command_code_bytes;
   17650   rc = Serialize_TPM_CC(
   17651       command_code,
   17652       &command_code_bytes);
   17653   if (rc != TPM_RC_SUCCESS) {
   17654     return rc;
   17655   }
   17656   std::string authorization_section_bytes;
   17657   if (tag == TPM_ST_SESSIONS) {
   17658     UINT32 parameter_section_size = buffer.size();
   17659     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   17660     if (rc != TPM_RC_SUCCESS) {
   17661       return rc;
   17662     }
   17663     if (parameter_section_size > buffer.size()) {
   17664       return TPM_RC_INSUFFICIENT;
   17665     }
   17666     authorization_section_bytes = buffer.substr(parameter_section_size);
   17667     // Keep the parameter section in |buffer|.
   17668     buffer.erase(parameter_section_size);
   17669   }
   17670   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   17671       crypto::SecureHash::SHA256));
   17672   hash->Update(response_code_bytes.data(),
   17673                response_code_bytes.size());
   17674   hash->Update(command_code_bytes.data(),
   17675                command_code_bytes.size());
   17676   hash->Update(buffer.data(),
   17677                buffer.size());
   17678   std::string response_hash(32, 0);
   17679   hash->Finish(string_as_array(&response_hash), response_hash.size());
   17680   if (tag == TPM_ST_SESSIONS) {
   17681     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17682     if (!authorization_delegate->CheckResponseAuthorization(
   17683         response_hash,
   17684         authorization_section_bytes)) {
   17685       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17686     }
   17687   }
   17688   std::string out_hmac_bytes;
   17689   rc = Parse_TPM2B_DIGEST(
   17690       &buffer,
   17691       out_hmac,
   17692       &out_hmac_bytes);
   17693   if (rc != TPM_RC_SUCCESS) {
   17694     return rc;
   17695   }
   17696   if (tag == TPM_ST_SESSIONS) {
   17697     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17698     // Decrypt just the parameter data, not the size.
   17699     std::string tmp = out_hmac_bytes.substr(2);
   17700     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   17701       return TRUNKS_RC_ENCRYPTION_FAILED;
   17702     }
   17703     out_hmac_bytes.replace(2, std::string::npos, tmp);
   17704     rc = Parse_TPM2B_DIGEST(
   17705         &out_hmac_bytes,
   17706         out_hmac,
   17707         nullptr);
   17708     if (rc != TPM_RC_SUCCESS) {
   17709       return rc;
   17710     }
   17711   }
   17712   return TPM_RC_SUCCESS;
   17713 }
   17714 
   17715 void HMACErrorCallback(
   17716     const Tpm::HMACResponse& callback,
   17717     TPM_RC response_code) {
   17718   VLOG(1) << __func__;
   17719   callback.Run(response_code,
   17720                TPM2B_DIGEST());
   17721 }
   17722 
   17723 void HMACResponseParser(
   17724     const Tpm::HMACResponse& callback,
   17725     AuthorizationDelegate* authorization_delegate,
   17726     const std::string& response) {
   17727   VLOG(1) << __func__;
   17728   base::Callback<void(TPM_RC)> error_reporter =
   17729       base::Bind(HMACErrorCallback, callback);
   17730   TPM2B_DIGEST out_hmac;
   17731   TPM_RC rc = Tpm::ParseResponse_HMAC(
   17732       response,
   17733       &out_hmac,
   17734       authorization_delegate);
   17735   if (rc != TPM_RC_SUCCESS) {
   17736     error_reporter.Run(rc);
   17737     return;
   17738   }
   17739   callback.Run(
   17740       rc,
   17741       out_hmac);
   17742 }
   17743 
   17744 void Tpm::HMAC(
   17745       const TPMI_DH_OBJECT& handle,
   17746       const std::string& handle_name,
   17747       const TPM2B_MAX_BUFFER& buffer,
   17748       const TPMI_ALG_HASH& hash_alg,
   17749       AuthorizationDelegate* authorization_delegate,
   17750       const HMACResponse& callback) {
   17751   VLOG(1) << __func__;
   17752   base::Callback<void(TPM_RC)> error_reporter =
   17753       base::Bind(HMACErrorCallback, callback);
   17754   base::Callback<void(const std::string&)> parser =
   17755       base::Bind(HMACResponseParser,
   17756                  callback,
   17757                  authorization_delegate);
   17758   std::string command;
   17759   TPM_RC rc = SerializeCommand_HMAC(
   17760       handle,
   17761       handle_name,
   17762       buffer,
   17763       hash_alg,
   17764       &command,
   17765       authorization_delegate);
   17766   if (rc != TPM_RC_SUCCESS) {
   17767     error_reporter.Run(rc);
   17768     return;
   17769   }
   17770   transceiver_->SendCommand(command, parser);
   17771 }
   17772 
   17773 TPM_RC Tpm::HMACSync(
   17774       const TPMI_DH_OBJECT& handle,
   17775       const std::string& handle_name,
   17776       const TPM2B_MAX_BUFFER& buffer,
   17777       const TPMI_ALG_HASH& hash_alg,
   17778       TPM2B_DIGEST* out_hmac,
   17779       AuthorizationDelegate* authorization_delegate) {
   17780   VLOG(1) << __func__;
   17781   std::string command;
   17782   TPM_RC rc = SerializeCommand_HMAC(
   17783       handle,
   17784       handle_name,
   17785       buffer,
   17786       hash_alg,
   17787       &command,
   17788       authorization_delegate);
   17789   if (rc != TPM_RC_SUCCESS) {
   17790     return rc;
   17791   }
   17792   std::string response = transceiver_->SendCommandAndWait(command);
   17793   rc = ParseResponse_HMAC(
   17794       response,
   17795       out_hmac,
   17796       authorization_delegate);
   17797   return rc;
   17798 }
   17799 
   17800 TPM_RC Tpm::SerializeCommand_GetRandom(
   17801       const UINT16& bytes_requested,
   17802       std::string* serialized_command,
   17803       AuthorizationDelegate* authorization_delegate) {
   17804   VLOG(3) << __func__;
   17805   TPM_RC rc = TPM_RC_SUCCESS;
   17806   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   17807   UINT32 command_size = 10;  // Header size.
   17808   std::string handle_section_bytes;
   17809   std::string parameter_section_bytes;
   17810   TPM_CC command_code = TPM_CC_GetRandom;
   17811   bool is_command_parameter_encryption_possible = false;
   17812   bool is_response_parameter_encryption_possible = true;
   17813   std::string command_code_bytes;
   17814   rc = Serialize_TPM_CC(
   17815       command_code,
   17816       &command_code_bytes);
   17817   if (rc != TPM_RC_SUCCESS) {
   17818     return rc;
   17819   }
   17820   std::string bytes_requested_bytes;
   17821   rc = Serialize_UINT16(
   17822       bytes_requested,
   17823       &bytes_requested_bytes);
   17824   if (rc != TPM_RC_SUCCESS) {
   17825     return rc;
   17826   }
   17827   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   17828       crypto::SecureHash::SHA256));
   17829   hash->Update(command_code_bytes.data(),
   17830                command_code_bytes.size());
   17831   hash->Update(bytes_requested_bytes.data(),
   17832                bytes_requested_bytes.size());
   17833   parameter_section_bytes += bytes_requested_bytes;
   17834   command_size += bytes_requested_bytes.size();
   17835   std::string command_hash(32, 0);
   17836   hash->Finish(string_as_array(&command_hash), command_hash.size());
   17837   std::string authorization_section_bytes;
   17838   std::string authorization_size_bytes;
   17839   if (authorization_delegate) {
   17840     if (!authorization_delegate->GetCommandAuthorization(
   17841         command_hash,
   17842         is_command_parameter_encryption_possible,
   17843         is_response_parameter_encryption_possible,
   17844         &authorization_section_bytes)) {
   17845       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17846     }
   17847     if (!authorization_section_bytes.empty()) {
   17848       tag = TPM_ST_SESSIONS;
   17849       std::string tmp;
   17850       rc = Serialize_UINT32(authorization_section_bytes.size(),
   17851                             &authorization_size_bytes);
   17852       if (rc != TPM_RC_SUCCESS) {
   17853         return rc;
   17854       }
   17855       command_size += authorization_size_bytes.size() +
   17856                       authorization_section_bytes.size();
   17857     }
   17858   }
   17859   std::string tag_bytes;
   17860   rc = Serialize_TPMI_ST_COMMAND_TAG(
   17861       tag,
   17862       &tag_bytes);
   17863   if (rc != TPM_RC_SUCCESS) {
   17864     return rc;
   17865   }
   17866   std::string command_size_bytes;
   17867   rc = Serialize_UINT32(
   17868       command_size,
   17869       &command_size_bytes);
   17870   if (rc != TPM_RC_SUCCESS) {
   17871     return rc;
   17872   }
   17873   *serialized_command = tag_bytes +
   17874                         command_size_bytes +
   17875                         command_code_bytes +
   17876                         handle_section_bytes +
   17877                         authorization_size_bytes +
   17878                         authorization_section_bytes +
   17879                         parameter_section_bytes;
   17880   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   17881   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   17882                                             serialized_command->size());
   17883   return TPM_RC_SUCCESS;
   17884 }
   17885 
   17886 TPM_RC Tpm::ParseResponse_GetRandom(
   17887       const std::string& response,
   17888       TPM2B_DIGEST* random_bytes,
   17889       AuthorizationDelegate* authorization_delegate) {
   17890   VLOG(3) << __func__;
   17891   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   17892   TPM_RC rc = TPM_RC_SUCCESS;
   17893   std::string buffer(response);
   17894   TPM_ST tag;
   17895   std::string tag_bytes;
   17896   rc = Parse_TPM_ST(
   17897       &buffer,
   17898       &tag,
   17899       &tag_bytes);
   17900   if (rc != TPM_RC_SUCCESS) {
   17901     return rc;
   17902   }
   17903   UINT32 response_size;
   17904   std::string response_size_bytes;
   17905   rc = Parse_UINT32(
   17906       &buffer,
   17907       &response_size,
   17908       &response_size_bytes);
   17909   if (rc != TPM_RC_SUCCESS) {
   17910     return rc;
   17911   }
   17912   TPM_RC response_code;
   17913   std::string response_code_bytes;
   17914   rc = Parse_TPM_RC(
   17915       &buffer,
   17916       &response_code,
   17917       &response_code_bytes);
   17918   if (rc != TPM_RC_SUCCESS) {
   17919     return rc;
   17920   }
   17921   if (response_size != response.size()) {
   17922     return TPM_RC_SIZE;
   17923   }
   17924   if (response_code != TPM_RC_SUCCESS) {
   17925     return response_code;
   17926   }
   17927   TPM_CC command_code = TPM_CC_GetRandom;
   17928   std::string command_code_bytes;
   17929   rc = Serialize_TPM_CC(
   17930       command_code,
   17931       &command_code_bytes);
   17932   if (rc != TPM_RC_SUCCESS) {
   17933     return rc;
   17934   }
   17935   std::string authorization_section_bytes;
   17936   if (tag == TPM_ST_SESSIONS) {
   17937     UINT32 parameter_section_size = buffer.size();
   17938     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   17939     if (rc != TPM_RC_SUCCESS) {
   17940       return rc;
   17941     }
   17942     if (parameter_section_size > buffer.size()) {
   17943       return TPM_RC_INSUFFICIENT;
   17944     }
   17945     authorization_section_bytes = buffer.substr(parameter_section_size);
   17946     // Keep the parameter section in |buffer|.
   17947     buffer.erase(parameter_section_size);
   17948   }
   17949   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   17950       crypto::SecureHash::SHA256));
   17951   hash->Update(response_code_bytes.data(),
   17952                response_code_bytes.size());
   17953   hash->Update(command_code_bytes.data(),
   17954                command_code_bytes.size());
   17955   hash->Update(buffer.data(),
   17956                buffer.size());
   17957   std::string response_hash(32, 0);
   17958   hash->Finish(string_as_array(&response_hash), response_hash.size());
   17959   if (tag == TPM_ST_SESSIONS) {
   17960     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17961     if (!authorization_delegate->CheckResponseAuthorization(
   17962         response_hash,
   17963         authorization_section_bytes)) {
   17964       return TRUNKS_RC_AUTHORIZATION_FAILED;
   17965     }
   17966   }
   17967   std::string random_bytes_bytes;
   17968   rc = Parse_TPM2B_DIGEST(
   17969       &buffer,
   17970       random_bytes,
   17971       &random_bytes_bytes);
   17972   if (rc != TPM_RC_SUCCESS) {
   17973     return rc;
   17974   }
   17975   if (tag == TPM_ST_SESSIONS) {
   17976     CHECK(authorization_delegate) << "Authorization delegate missing!";
   17977     // Decrypt just the parameter data, not the size.
   17978     std::string tmp = random_bytes_bytes.substr(2);
   17979     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   17980       return TRUNKS_RC_ENCRYPTION_FAILED;
   17981     }
   17982     random_bytes_bytes.replace(2, std::string::npos, tmp);
   17983     rc = Parse_TPM2B_DIGEST(
   17984         &random_bytes_bytes,
   17985         random_bytes,
   17986         nullptr);
   17987     if (rc != TPM_RC_SUCCESS) {
   17988       return rc;
   17989     }
   17990   }
   17991   return TPM_RC_SUCCESS;
   17992 }
   17993 
   17994 void GetRandomErrorCallback(
   17995     const Tpm::GetRandomResponse& callback,
   17996     TPM_RC response_code) {
   17997   VLOG(1) << __func__;
   17998   callback.Run(response_code,
   17999                TPM2B_DIGEST());
   18000 }
   18001 
   18002 void GetRandomResponseParser(
   18003     const Tpm::GetRandomResponse& callback,
   18004     AuthorizationDelegate* authorization_delegate,
   18005     const std::string& response) {
   18006   VLOG(1) << __func__;
   18007   base::Callback<void(TPM_RC)> error_reporter =
   18008       base::Bind(GetRandomErrorCallback, callback);
   18009   TPM2B_DIGEST random_bytes;
   18010   TPM_RC rc = Tpm::ParseResponse_GetRandom(
   18011       response,
   18012       &random_bytes,
   18013       authorization_delegate);
   18014   if (rc != TPM_RC_SUCCESS) {
   18015     error_reporter.Run(rc);
   18016     return;
   18017   }
   18018   callback.Run(
   18019       rc,
   18020       random_bytes);
   18021 }
   18022 
   18023 void Tpm::GetRandom(
   18024       const UINT16& bytes_requested,
   18025       AuthorizationDelegate* authorization_delegate,
   18026       const GetRandomResponse& callback) {
   18027   VLOG(1) << __func__;
   18028   base::Callback<void(TPM_RC)> error_reporter =
   18029       base::Bind(GetRandomErrorCallback, callback);
   18030   base::Callback<void(const std::string&)> parser =
   18031       base::Bind(GetRandomResponseParser,
   18032                  callback,
   18033                  authorization_delegate);
   18034   std::string command;
   18035   TPM_RC rc = SerializeCommand_GetRandom(
   18036       bytes_requested,
   18037       &command,
   18038       authorization_delegate);
   18039   if (rc != TPM_RC_SUCCESS) {
   18040     error_reporter.Run(rc);
   18041     return;
   18042   }
   18043   transceiver_->SendCommand(command, parser);
   18044 }
   18045 
   18046 TPM_RC Tpm::GetRandomSync(
   18047       const UINT16& bytes_requested,
   18048       TPM2B_DIGEST* random_bytes,
   18049       AuthorizationDelegate* authorization_delegate) {
   18050   VLOG(1) << __func__;
   18051   std::string command;
   18052   TPM_RC rc = SerializeCommand_GetRandom(
   18053       bytes_requested,
   18054       &command,
   18055       authorization_delegate);
   18056   if (rc != TPM_RC_SUCCESS) {
   18057     return rc;
   18058   }
   18059   std::string response = transceiver_->SendCommandAndWait(command);
   18060   rc = ParseResponse_GetRandom(
   18061       response,
   18062       random_bytes,
   18063       authorization_delegate);
   18064   return rc;
   18065 }
   18066 
   18067 TPM_RC Tpm::SerializeCommand_StirRandom(
   18068       const TPM2B_SENSITIVE_DATA& in_data,
   18069       std::string* serialized_command,
   18070       AuthorizationDelegate* authorization_delegate) {
   18071   VLOG(3) << __func__;
   18072   TPM_RC rc = TPM_RC_SUCCESS;
   18073   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   18074   UINT32 command_size = 10;  // Header size.
   18075   std::string handle_section_bytes;
   18076   std::string parameter_section_bytes;
   18077   TPM_CC command_code = TPM_CC_StirRandom;
   18078   bool is_command_parameter_encryption_possible = true;
   18079   bool is_response_parameter_encryption_possible = false;
   18080   std::string command_code_bytes;
   18081   rc = Serialize_TPM_CC(
   18082       command_code,
   18083       &command_code_bytes);
   18084   if (rc != TPM_RC_SUCCESS) {
   18085     return rc;
   18086   }
   18087   std::string in_data_bytes;
   18088   rc = Serialize_TPM2B_SENSITIVE_DATA(
   18089       in_data,
   18090       &in_data_bytes);
   18091   if (rc != TPM_RC_SUCCESS) {
   18092     return rc;
   18093   }
   18094   if (authorization_delegate) {
   18095     // Encrypt just the parameter data, not the size.
   18096     std::string tmp = in_data_bytes.substr(2);
   18097     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   18098       return TRUNKS_RC_ENCRYPTION_FAILED;
   18099     }
   18100     in_data_bytes.replace(2, std::string::npos, tmp);
   18101   }
   18102   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   18103       crypto::SecureHash::SHA256));
   18104   hash->Update(command_code_bytes.data(),
   18105                command_code_bytes.size());
   18106   hash->Update(in_data_bytes.data(),
   18107                in_data_bytes.size());
   18108   parameter_section_bytes += in_data_bytes;
   18109   command_size += in_data_bytes.size();
   18110   std::string command_hash(32, 0);
   18111   hash->Finish(string_as_array(&command_hash), command_hash.size());
   18112   std::string authorization_section_bytes;
   18113   std::string authorization_size_bytes;
   18114   if (authorization_delegate) {
   18115     if (!authorization_delegate->GetCommandAuthorization(
   18116         command_hash,
   18117         is_command_parameter_encryption_possible,
   18118         is_response_parameter_encryption_possible,
   18119         &authorization_section_bytes)) {
   18120       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18121     }
   18122     if (!authorization_section_bytes.empty()) {
   18123       tag = TPM_ST_SESSIONS;
   18124       std::string tmp;
   18125       rc = Serialize_UINT32(authorization_section_bytes.size(),
   18126                             &authorization_size_bytes);
   18127       if (rc != TPM_RC_SUCCESS) {
   18128         return rc;
   18129       }
   18130       command_size += authorization_size_bytes.size() +
   18131                       authorization_section_bytes.size();
   18132     }
   18133   }
   18134   std::string tag_bytes;
   18135   rc = Serialize_TPMI_ST_COMMAND_TAG(
   18136       tag,
   18137       &tag_bytes);
   18138   if (rc != TPM_RC_SUCCESS) {
   18139     return rc;
   18140   }
   18141   std::string command_size_bytes;
   18142   rc = Serialize_UINT32(
   18143       command_size,
   18144       &command_size_bytes);
   18145   if (rc != TPM_RC_SUCCESS) {
   18146     return rc;
   18147   }
   18148   *serialized_command = tag_bytes +
   18149                         command_size_bytes +
   18150                         command_code_bytes +
   18151                         handle_section_bytes +
   18152                         authorization_size_bytes +
   18153                         authorization_section_bytes +
   18154                         parameter_section_bytes;
   18155   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   18156   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   18157                                             serialized_command->size());
   18158   return TPM_RC_SUCCESS;
   18159 }
   18160 
   18161 TPM_RC Tpm::ParseResponse_StirRandom(
   18162       const std::string& response,
   18163       AuthorizationDelegate* authorization_delegate) {
   18164   VLOG(3) << __func__;
   18165   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   18166   TPM_RC rc = TPM_RC_SUCCESS;
   18167   std::string buffer(response);
   18168   TPM_ST tag;
   18169   std::string tag_bytes;
   18170   rc = Parse_TPM_ST(
   18171       &buffer,
   18172       &tag,
   18173       &tag_bytes);
   18174   if (rc != TPM_RC_SUCCESS) {
   18175     return rc;
   18176   }
   18177   UINT32 response_size;
   18178   std::string response_size_bytes;
   18179   rc = Parse_UINT32(
   18180       &buffer,
   18181       &response_size,
   18182       &response_size_bytes);
   18183   if (rc != TPM_RC_SUCCESS) {
   18184     return rc;
   18185   }
   18186   TPM_RC response_code;
   18187   std::string response_code_bytes;
   18188   rc = Parse_TPM_RC(
   18189       &buffer,
   18190       &response_code,
   18191       &response_code_bytes);
   18192   if (rc != TPM_RC_SUCCESS) {
   18193     return rc;
   18194   }
   18195   if (response_size != response.size()) {
   18196     return TPM_RC_SIZE;
   18197   }
   18198   if (response_code != TPM_RC_SUCCESS) {
   18199     return response_code;
   18200   }
   18201   TPM_CC command_code = TPM_CC_StirRandom;
   18202   std::string command_code_bytes;
   18203   rc = Serialize_TPM_CC(
   18204       command_code,
   18205       &command_code_bytes);
   18206   if (rc != TPM_RC_SUCCESS) {
   18207     return rc;
   18208   }
   18209   std::string authorization_section_bytes;
   18210   if (tag == TPM_ST_SESSIONS) {
   18211     UINT32 parameter_section_size = buffer.size();
   18212     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   18213     if (rc != TPM_RC_SUCCESS) {
   18214       return rc;
   18215     }
   18216     if (parameter_section_size > buffer.size()) {
   18217       return TPM_RC_INSUFFICIENT;
   18218     }
   18219     authorization_section_bytes = buffer.substr(parameter_section_size);
   18220     // Keep the parameter section in |buffer|.
   18221     buffer.erase(parameter_section_size);
   18222   }
   18223   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   18224       crypto::SecureHash::SHA256));
   18225   hash->Update(response_code_bytes.data(),
   18226                response_code_bytes.size());
   18227   hash->Update(command_code_bytes.data(),
   18228                command_code_bytes.size());
   18229   hash->Update(buffer.data(),
   18230                buffer.size());
   18231   std::string response_hash(32, 0);
   18232   hash->Finish(string_as_array(&response_hash), response_hash.size());
   18233   if (tag == TPM_ST_SESSIONS) {
   18234     CHECK(authorization_delegate) << "Authorization delegate missing!";
   18235     if (!authorization_delegate->CheckResponseAuthorization(
   18236         response_hash,
   18237         authorization_section_bytes)) {
   18238       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18239     }
   18240   }
   18241   return TPM_RC_SUCCESS;
   18242 }
   18243 
   18244 void StirRandomErrorCallback(
   18245     const Tpm::StirRandomResponse& callback,
   18246     TPM_RC response_code) {
   18247   VLOG(1) << __func__;
   18248   callback.Run(response_code);
   18249 }
   18250 
   18251 void StirRandomResponseParser(
   18252     const Tpm::StirRandomResponse& callback,
   18253     AuthorizationDelegate* authorization_delegate,
   18254     const std::string& response) {
   18255   VLOG(1) << __func__;
   18256   base::Callback<void(TPM_RC)> error_reporter =
   18257       base::Bind(StirRandomErrorCallback, callback);
   18258   TPM_RC rc = Tpm::ParseResponse_StirRandom(
   18259       response,
   18260       authorization_delegate);
   18261   if (rc != TPM_RC_SUCCESS) {
   18262     error_reporter.Run(rc);
   18263     return;
   18264   }
   18265   callback.Run(
   18266       rc);
   18267 }
   18268 
   18269 void Tpm::StirRandom(
   18270       const TPM2B_SENSITIVE_DATA& in_data,
   18271       AuthorizationDelegate* authorization_delegate,
   18272       const StirRandomResponse& callback) {
   18273   VLOG(1) << __func__;
   18274   base::Callback<void(TPM_RC)> error_reporter =
   18275       base::Bind(StirRandomErrorCallback, callback);
   18276   base::Callback<void(const std::string&)> parser =
   18277       base::Bind(StirRandomResponseParser,
   18278                  callback,
   18279                  authorization_delegate);
   18280   std::string command;
   18281   TPM_RC rc = SerializeCommand_StirRandom(
   18282       in_data,
   18283       &command,
   18284       authorization_delegate);
   18285   if (rc != TPM_RC_SUCCESS) {
   18286     error_reporter.Run(rc);
   18287     return;
   18288   }
   18289   transceiver_->SendCommand(command, parser);
   18290 }
   18291 
   18292 TPM_RC Tpm::StirRandomSync(
   18293       const TPM2B_SENSITIVE_DATA& in_data,
   18294       AuthorizationDelegate* authorization_delegate) {
   18295   VLOG(1) << __func__;
   18296   std::string command;
   18297   TPM_RC rc = SerializeCommand_StirRandom(
   18298       in_data,
   18299       &command,
   18300       authorization_delegate);
   18301   if (rc != TPM_RC_SUCCESS) {
   18302     return rc;
   18303   }
   18304   std::string response = transceiver_->SendCommandAndWait(command);
   18305   rc = ParseResponse_StirRandom(
   18306       response,
   18307       authorization_delegate);
   18308   return rc;
   18309 }
   18310 
   18311 TPM_RC Tpm::SerializeCommand_HMAC_Start(
   18312       const TPMI_DH_OBJECT& handle,
   18313       const std::string& handle_name,
   18314       const TPM2B_AUTH& auth,
   18315       const TPMI_ALG_HASH& hash_alg,
   18316       std::string* serialized_command,
   18317       AuthorizationDelegate* authorization_delegate) {
   18318   VLOG(3) << __func__;
   18319   TPM_RC rc = TPM_RC_SUCCESS;
   18320   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   18321   UINT32 command_size = 10;  // Header size.
   18322   std::string handle_section_bytes;
   18323   std::string parameter_section_bytes;
   18324   TPM_CC command_code = TPM_CC_HMAC_Start;
   18325   bool is_command_parameter_encryption_possible = true;
   18326   bool is_response_parameter_encryption_possible = false;
   18327   std::string command_code_bytes;
   18328   rc = Serialize_TPM_CC(
   18329       command_code,
   18330       &command_code_bytes);
   18331   if (rc != TPM_RC_SUCCESS) {
   18332     return rc;
   18333   }
   18334   std::string handle_bytes;
   18335   rc = Serialize_TPMI_DH_OBJECT(
   18336       handle,
   18337       &handle_bytes);
   18338   if (rc != TPM_RC_SUCCESS) {
   18339     return rc;
   18340   }
   18341   std::string auth_bytes;
   18342   rc = Serialize_TPM2B_AUTH(
   18343       auth,
   18344       &auth_bytes);
   18345   if (rc != TPM_RC_SUCCESS) {
   18346     return rc;
   18347   }
   18348   std::string hash_alg_bytes;
   18349   rc = Serialize_TPMI_ALG_HASH(
   18350       hash_alg,
   18351       &hash_alg_bytes);
   18352   if (rc != TPM_RC_SUCCESS) {
   18353     return rc;
   18354   }
   18355   if (authorization_delegate) {
   18356     // Encrypt just the parameter data, not the size.
   18357     std::string tmp = auth_bytes.substr(2);
   18358     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   18359       return TRUNKS_RC_ENCRYPTION_FAILED;
   18360     }
   18361     auth_bytes.replace(2, std::string::npos, tmp);
   18362   }
   18363   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   18364       crypto::SecureHash::SHA256));
   18365   hash->Update(command_code_bytes.data(),
   18366                command_code_bytes.size());
   18367   hash->Update(handle_name.data(),
   18368                handle_name.size());
   18369   handle_section_bytes += handle_bytes;
   18370   command_size += handle_bytes.size();
   18371   hash->Update(auth_bytes.data(),
   18372                auth_bytes.size());
   18373   parameter_section_bytes += auth_bytes;
   18374   command_size += auth_bytes.size();
   18375   hash->Update(hash_alg_bytes.data(),
   18376                hash_alg_bytes.size());
   18377   parameter_section_bytes += hash_alg_bytes;
   18378   command_size += hash_alg_bytes.size();
   18379   std::string command_hash(32, 0);
   18380   hash->Finish(string_as_array(&command_hash), command_hash.size());
   18381   std::string authorization_section_bytes;
   18382   std::string authorization_size_bytes;
   18383   if (authorization_delegate) {
   18384     if (!authorization_delegate->GetCommandAuthorization(
   18385         command_hash,
   18386         is_command_parameter_encryption_possible,
   18387         is_response_parameter_encryption_possible,
   18388         &authorization_section_bytes)) {
   18389       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18390     }
   18391     if (!authorization_section_bytes.empty()) {
   18392       tag = TPM_ST_SESSIONS;
   18393       std::string tmp;
   18394       rc = Serialize_UINT32(authorization_section_bytes.size(),
   18395                             &authorization_size_bytes);
   18396       if (rc != TPM_RC_SUCCESS) {
   18397         return rc;
   18398       }
   18399       command_size += authorization_size_bytes.size() +
   18400                       authorization_section_bytes.size();
   18401     }
   18402   }
   18403   std::string tag_bytes;
   18404   rc = Serialize_TPMI_ST_COMMAND_TAG(
   18405       tag,
   18406       &tag_bytes);
   18407   if (rc != TPM_RC_SUCCESS) {
   18408     return rc;
   18409   }
   18410   std::string command_size_bytes;
   18411   rc = Serialize_UINT32(
   18412       command_size,
   18413       &command_size_bytes);
   18414   if (rc != TPM_RC_SUCCESS) {
   18415     return rc;
   18416   }
   18417   *serialized_command = tag_bytes +
   18418                         command_size_bytes +
   18419                         command_code_bytes +
   18420                         handle_section_bytes +
   18421                         authorization_size_bytes +
   18422                         authorization_section_bytes +
   18423                         parameter_section_bytes;
   18424   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   18425   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   18426                                             serialized_command->size());
   18427   return TPM_RC_SUCCESS;
   18428 }
   18429 
   18430 TPM_RC Tpm::ParseResponse_HMAC_Start(
   18431       const std::string& response,
   18432       TPMI_DH_OBJECT* sequence_handle,
   18433       AuthorizationDelegate* authorization_delegate) {
   18434   VLOG(3) << __func__;
   18435   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   18436   TPM_RC rc = TPM_RC_SUCCESS;
   18437   std::string buffer(response);
   18438   TPM_ST tag;
   18439   std::string tag_bytes;
   18440   rc = Parse_TPM_ST(
   18441       &buffer,
   18442       &tag,
   18443       &tag_bytes);
   18444   if (rc != TPM_RC_SUCCESS) {
   18445     return rc;
   18446   }
   18447   UINT32 response_size;
   18448   std::string response_size_bytes;
   18449   rc = Parse_UINT32(
   18450       &buffer,
   18451       &response_size,
   18452       &response_size_bytes);
   18453   if (rc != TPM_RC_SUCCESS) {
   18454     return rc;
   18455   }
   18456   TPM_RC response_code;
   18457   std::string response_code_bytes;
   18458   rc = Parse_TPM_RC(
   18459       &buffer,
   18460       &response_code,
   18461       &response_code_bytes);
   18462   if (rc != TPM_RC_SUCCESS) {
   18463     return rc;
   18464   }
   18465   if (response_size != response.size()) {
   18466     return TPM_RC_SIZE;
   18467   }
   18468   if (response_code != TPM_RC_SUCCESS) {
   18469     return response_code;
   18470   }
   18471   std::string sequence_handle_bytes;
   18472   rc = Parse_TPMI_DH_OBJECT(
   18473       &buffer,
   18474       sequence_handle,
   18475       &sequence_handle_bytes);
   18476   if (rc != TPM_RC_SUCCESS) {
   18477     return rc;
   18478   }
   18479   TPM_CC command_code = TPM_CC_HMAC_Start;
   18480   std::string command_code_bytes;
   18481   rc = Serialize_TPM_CC(
   18482       command_code,
   18483       &command_code_bytes);
   18484   if (rc != TPM_RC_SUCCESS) {
   18485     return rc;
   18486   }
   18487   std::string authorization_section_bytes;
   18488   if (tag == TPM_ST_SESSIONS) {
   18489     UINT32 parameter_section_size = buffer.size();
   18490     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   18491     if (rc != TPM_RC_SUCCESS) {
   18492       return rc;
   18493     }
   18494     if (parameter_section_size > buffer.size()) {
   18495       return TPM_RC_INSUFFICIENT;
   18496     }
   18497     authorization_section_bytes = buffer.substr(parameter_section_size);
   18498     // Keep the parameter section in |buffer|.
   18499     buffer.erase(parameter_section_size);
   18500   }
   18501   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   18502       crypto::SecureHash::SHA256));
   18503   hash->Update(response_code_bytes.data(),
   18504                response_code_bytes.size());
   18505   hash->Update(command_code_bytes.data(),
   18506                command_code_bytes.size());
   18507   hash->Update(buffer.data(),
   18508                buffer.size());
   18509   std::string response_hash(32, 0);
   18510   hash->Finish(string_as_array(&response_hash), response_hash.size());
   18511   if (tag == TPM_ST_SESSIONS) {
   18512     CHECK(authorization_delegate) << "Authorization delegate missing!";
   18513     if (!authorization_delegate->CheckResponseAuthorization(
   18514         response_hash,
   18515         authorization_section_bytes)) {
   18516       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18517     }
   18518   }
   18519   return TPM_RC_SUCCESS;
   18520 }
   18521 
   18522 void HMAC_StartErrorCallback(
   18523     const Tpm::HMAC_StartResponse& callback,
   18524     TPM_RC response_code) {
   18525   VLOG(1) << __func__;
   18526   callback.Run(response_code,
   18527                TPMI_DH_OBJECT());
   18528 }
   18529 
   18530 void HMAC_StartResponseParser(
   18531     const Tpm::HMAC_StartResponse& callback,
   18532     AuthorizationDelegate* authorization_delegate,
   18533     const std::string& response) {
   18534   VLOG(1) << __func__;
   18535   base::Callback<void(TPM_RC)> error_reporter =
   18536       base::Bind(HMAC_StartErrorCallback, callback);
   18537   TPMI_DH_OBJECT sequence_handle;
   18538   TPM_RC rc = Tpm::ParseResponse_HMAC_Start(
   18539       response,
   18540       &sequence_handle,
   18541       authorization_delegate);
   18542   if (rc != TPM_RC_SUCCESS) {
   18543     error_reporter.Run(rc);
   18544     return;
   18545   }
   18546   callback.Run(
   18547       rc,
   18548       sequence_handle);
   18549 }
   18550 
   18551 void Tpm::HMAC_Start(
   18552       const TPMI_DH_OBJECT& handle,
   18553       const std::string& handle_name,
   18554       const TPM2B_AUTH& auth,
   18555       const TPMI_ALG_HASH& hash_alg,
   18556       AuthorizationDelegate* authorization_delegate,
   18557       const HMAC_StartResponse& callback) {
   18558   VLOG(1) << __func__;
   18559   base::Callback<void(TPM_RC)> error_reporter =
   18560       base::Bind(HMAC_StartErrorCallback, callback);
   18561   base::Callback<void(const std::string&)> parser =
   18562       base::Bind(HMAC_StartResponseParser,
   18563                  callback,
   18564                  authorization_delegate);
   18565   std::string command;
   18566   TPM_RC rc = SerializeCommand_HMAC_Start(
   18567       handle,
   18568       handle_name,
   18569       auth,
   18570       hash_alg,
   18571       &command,
   18572       authorization_delegate);
   18573   if (rc != TPM_RC_SUCCESS) {
   18574     error_reporter.Run(rc);
   18575     return;
   18576   }
   18577   transceiver_->SendCommand(command, parser);
   18578 }
   18579 
   18580 TPM_RC Tpm::HMAC_StartSync(
   18581       const TPMI_DH_OBJECT& handle,
   18582       const std::string& handle_name,
   18583       const TPM2B_AUTH& auth,
   18584       const TPMI_ALG_HASH& hash_alg,
   18585       TPMI_DH_OBJECT* sequence_handle,
   18586       AuthorizationDelegate* authorization_delegate) {
   18587   VLOG(1) << __func__;
   18588   std::string command;
   18589   TPM_RC rc = SerializeCommand_HMAC_Start(
   18590       handle,
   18591       handle_name,
   18592       auth,
   18593       hash_alg,
   18594       &command,
   18595       authorization_delegate);
   18596   if (rc != TPM_RC_SUCCESS) {
   18597     return rc;
   18598   }
   18599   std::string response = transceiver_->SendCommandAndWait(command);
   18600   rc = ParseResponse_HMAC_Start(
   18601       response,
   18602       sequence_handle,
   18603       authorization_delegate);
   18604   return rc;
   18605 }
   18606 
   18607 TPM_RC Tpm::SerializeCommand_HashSequenceStart(
   18608       const TPM2B_AUTH& auth,
   18609       const TPMI_ALG_HASH& hash_alg,
   18610       std::string* serialized_command,
   18611       AuthorizationDelegate* authorization_delegate) {
   18612   VLOG(3) << __func__;
   18613   TPM_RC rc = TPM_RC_SUCCESS;
   18614   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   18615   UINT32 command_size = 10;  // Header size.
   18616   std::string handle_section_bytes;
   18617   std::string parameter_section_bytes;
   18618   TPM_CC command_code = TPM_CC_HashSequenceStart;
   18619   bool is_command_parameter_encryption_possible = true;
   18620   bool is_response_parameter_encryption_possible = false;
   18621   std::string command_code_bytes;
   18622   rc = Serialize_TPM_CC(
   18623       command_code,
   18624       &command_code_bytes);
   18625   if (rc != TPM_RC_SUCCESS) {
   18626     return rc;
   18627   }
   18628   std::string auth_bytes;
   18629   rc = Serialize_TPM2B_AUTH(
   18630       auth,
   18631       &auth_bytes);
   18632   if (rc != TPM_RC_SUCCESS) {
   18633     return rc;
   18634   }
   18635   std::string hash_alg_bytes;
   18636   rc = Serialize_TPMI_ALG_HASH(
   18637       hash_alg,
   18638       &hash_alg_bytes);
   18639   if (rc != TPM_RC_SUCCESS) {
   18640     return rc;
   18641   }
   18642   if (authorization_delegate) {
   18643     // Encrypt just the parameter data, not the size.
   18644     std::string tmp = auth_bytes.substr(2);
   18645     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   18646       return TRUNKS_RC_ENCRYPTION_FAILED;
   18647     }
   18648     auth_bytes.replace(2, std::string::npos, tmp);
   18649   }
   18650   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   18651       crypto::SecureHash::SHA256));
   18652   hash->Update(command_code_bytes.data(),
   18653                command_code_bytes.size());
   18654   hash->Update(auth_bytes.data(),
   18655                auth_bytes.size());
   18656   parameter_section_bytes += auth_bytes;
   18657   command_size += auth_bytes.size();
   18658   hash->Update(hash_alg_bytes.data(),
   18659                hash_alg_bytes.size());
   18660   parameter_section_bytes += hash_alg_bytes;
   18661   command_size += hash_alg_bytes.size();
   18662   std::string command_hash(32, 0);
   18663   hash->Finish(string_as_array(&command_hash), command_hash.size());
   18664   std::string authorization_section_bytes;
   18665   std::string authorization_size_bytes;
   18666   if (authorization_delegate) {
   18667     if (!authorization_delegate->GetCommandAuthorization(
   18668         command_hash,
   18669         is_command_parameter_encryption_possible,
   18670         is_response_parameter_encryption_possible,
   18671         &authorization_section_bytes)) {
   18672       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18673     }
   18674     if (!authorization_section_bytes.empty()) {
   18675       tag = TPM_ST_SESSIONS;
   18676       std::string tmp;
   18677       rc = Serialize_UINT32(authorization_section_bytes.size(),
   18678                             &authorization_size_bytes);
   18679       if (rc != TPM_RC_SUCCESS) {
   18680         return rc;
   18681       }
   18682       command_size += authorization_size_bytes.size() +
   18683                       authorization_section_bytes.size();
   18684     }
   18685   }
   18686   std::string tag_bytes;
   18687   rc = Serialize_TPMI_ST_COMMAND_TAG(
   18688       tag,
   18689       &tag_bytes);
   18690   if (rc != TPM_RC_SUCCESS) {
   18691     return rc;
   18692   }
   18693   std::string command_size_bytes;
   18694   rc = Serialize_UINT32(
   18695       command_size,
   18696       &command_size_bytes);
   18697   if (rc != TPM_RC_SUCCESS) {
   18698     return rc;
   18699   }
   18700   *serialized_command = tag_bytes +
   18701                         command_size_bytes +
   18702                         command_code_bytes +
   18703                         handle_section_bytes +
   18704                         authorization_size_bytes +
   18705                         authorization_section_bytes +
   18706                         parameter_section_bytes;
   18707   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   18708   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   18709                                             serialized_command->size());
   18710   return TPM_RC_SUCCESS;
   18711 }
   18712 
   18713 TPM_RC Tpm::ParseResponse_HashSequenceStart(
   18714       const std::string& response,
   18715       TPMI_DH_OBJECT* sequence_handle,
   18716       AuthorizationDelegate* authorization_delegate) {
   18717   VLOG(3) << __func__;
   18718   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   18719   TPM_RC rc = TPM_RC_SUCCESS;
   18720   std::string buffer(response);
   18721   TPM_ST tag;
   18722   std::string tag_bytes;
   18723   rc = Parse_TPM_ST(
   18724       &buffer,
   18725       &tag,
   18726       &tag_bytes);
   18727   if (rc != TPM_RC_SUCCESS) {
   18728     return rc;
   18729   }
   18730   UINT32 response_size;
   18731   std::string response_size_bytes;
   18732   rc = Parse_UINT32(
   18733       &buffer,
   18734       &response_size,
   18735       &response_size_bytes);
   18736   if (rc != TPM_RC_SUCCESS) {
   18737     return rc;
   18738   }
   18739   TPM_RC response_code;
   18740   std::string response_code_bytes;
   18741   rc = Parse_TPM_RC(
   18742       &buffer,
   18743       &response_code,
   18744       &response_code_bytes);
   18745   if (rc != TPM_RC_SUCCESS) {
   18746     return rc;
   18747   }
   18748   if (response_size != response.size()) {
   18749     return TPM_RC_SIZE;
   18750   }
   18751   if (response_code != TPM_RC_SUCCESS) {
   18752     return response_code;
   18753   }
   18754   std::string sequence_handle_bytes;
   18755   rc = Parse_TPMI_DH_OBJECT(
   18756       &buffer,
   18757       sequence_handle,
   18758       &sequence_handle_bytes);
   18759   if (rc != TPM_RC_SUCCESS) {
   18760     return rc;
   18761   }
   18762   TPM_CC command_code = TPM_CC_HashSequenceStart;
   18763   std::string command_code_bytes;
   18764   rc = Serialize_TPM_CC(
   18765       command_code,
   18766       &command_code_bytes);
   18767   if (rc != TPM_RC_SUCCESS) {
   18768     return rc;
   18769   }
   18770   std::string authorization_section_bytes;
   18771   if (tag == TPM_ST_SESSIONS) {
   18772     UINT32 parameter_section_size = buffer.size();
   18773     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   18774     if (rc != TPM_RC_SUCCESS) {
   18775       return rc;
   18776     }
   18777     if (parameter_section_size > buffer.size()) {
   18778       return TPM_RC_INSUFFICIENT;
   18779     }
   18780     authorization_section_bytes = buffer.substr(parameter_section_size);
   18781     // Keep the parameter section in |buffer|.
   18782     buffer.erase(parameter_section_size);
   18783   }
   18784   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   18785       crypto::SecureHash::SHA256));
   18786   hash->Update(response_code_bytes.data(),
   18787                response_code_bytes.size());
   18788   hash->Update(command_code_bytes.data(),
   18789                command_code_bytes.size());
   18790   hash->Update(buffer.data(),
   18791                buffer.size());
   18792   std::string response_hash(32, 0);
   18793   hash->Finish(string_as_array(&response_hash), response_hash.size());
   18794   if (tag == TPM_ST_SESSIONS) {
   18795     CHECK(authorization_delegate) << "Authorization delegate missing!";
   18796     if (!authorization_delegate->CheckResponseAuthorization(
   18797         response_hash,
   18798         authorization_section_bytes)) {
   18799       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18800     }
   18801   }
   18802   return TPM_RC_SUCCESS;
   18803 }
   18804 
   18805 void HashSequenceStartErrorCallback(
   18806     const Tpm::HashSequenceStartResponse& callback,
   18807     TPM_RC response_code) {
   18808   VLOG(1) << __func__;
   18809   callback.Run(response_code,
   18810                TPMI_DH_OBJECT());
   18811 }
   18812 
   18813 void HashSequenceStartResponseParser(
   18814     const Tpm::HashSequenceStartResponse& callback,
   18815     AuthorizationDelegate* authorization_delegate,
   18816     const std::string& response) {
   18817   VLOG(1) << __func__;
   18818   base::Callback<void(TPM_RC)> error_reporter =
   18819       base::Bind(HashSequenceStartErrorCallback, callback);
   18820   TPMI_DH_OBJECT sequence_handle;
   18821   TPM_RC rc = Tpm::ParseResponse_HashSequenceStart(
   18822       response,
   18823       &sequence_handle,
   18824       authorization_delegate);
   18825   if (rc != TPM_RC_SUCCESS) {
   18826     error_reporter.Run(rc);
   18827     return;
   18828   }
   18829   callback.Run(
   18830       rc,
   18831       sequence_handle);
   18832 }
   18833 
   18834 void Tpm::HashSequenceStart(
   18835       const TPM2B_AUTH& auth,
   18836       const TPMI_ALG_HASH& hash_alg,
   18837       AuthorizationDelegate* authorization_delegate,
   18838       const HashSequenceStartResponse& callback) {
   18839   VLOG(1) << __func__;
   18840   base::Callback<void(TPM_RC)> error_reporter =
   18841       base::Bind(HashSequenceStartErrorCallback, callback);
   18842   base::Callback<void(const std::string&)> parser =
   18843       base::Bind(HashSequenceStartResponseParser,
   18844                  callback,
   18845                  authorization_delegate);
   18846   std::string command;
   18847   TPM_RC rc = SerializeCommand_HashSequenceStart(
   18848       auth,
   18849       hash_alg,
   18850       &command,
   18851       authorization_delegate);
   18852   if (rc != TPM_RC_SUCCESS) {
   18853     error_reporter.Run(rc);
   18854     return;
   18855   }
   18856   transceiver_->SendCommand(command, parser);
   18857 }
   18858 
   18859 TPM_RC Tpm::HashSequenceStartSync(
   18860       const TPM2B_AUTH& auth,
   18861       const TPMI_ALG_HASH& hash_alg,
   18862       TPMI_DH_OBJECT* sequence_handle,
   18863       AuthorizationDelegate* authorization_delegate) {
   18864   VLOG(1) << __func__;
   18865   std::string command;
   18866   TPM_RC rc = SerializeCommand_HashSequenceStart(
   18867       auth,
   18868       hash_alg,
   18869       &command,
   18870       authorization_delegate);
   18871   if (rc != TPM_RC_SUCCESS) {
   18872     return rc;
   18873   }
   18874   std::string response = transceiver_->SendCommandAndWait(command);
   18875   rc = ParseResponse_HashSequenceStart(
   18876       response,
   18877       sequence_handle,
   18878       authorization_delegate);
   18879   return rc;
   18880 }
   18881 
   18882 TPM_RC Tpm::SerializeCommand_SequenceUpdate(
   18883       const TPMI_DH_OBJECT& sequence_handle,
   18884       const std::string& sequence_handle_name,
   18885       const TPM2B_MAX_BUFFER& buffer,
   18886       std::string* serialized_command,
   18887       AuthorizationDelegate* authorization_delegate) {
   18888   VLOG(3) << __func__;
   18889   TPM_RC rc = TPM_RC_SUCCESS;
   18890   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   18891   UINT32 command_size = 10;  // Header size.
   18892   std::string handle_section_bytes;
   18893   std::string parameter_section_bytes;
   18894   TPM_CC command_code = TPM_CC_SequenceUpdate;
   18895   bool is_command_parameter_encryption_possible = true;
   18896   bool is_response_parameter_encryption_possible = false;
   18897   std::string command_code_bytes;
   18898   rc = Serialize_TPM_CC(
   18899       command_code,
   18900       &command_code_bytes);
   18901   if (rc != TPM_RC_SUCCESS) {
   18902     return rc;
   18903   }
   18904   std::string sequence_handle_bytes;
   18905   rc = Serialize_TPMI_DH_OBJECT(
   18906       sequence_handle,
   18907       &sequence_handle_bytes);
   18908   if (rc != TPM_RC_SUCCESS) {
   18909     return rc;
   18910   }
   18911   std::string buffer_bytes;
   18912   rc = Serialize_TPM2B_MAX_BUFFER(
   18913       buffer,
   18914       &buffer_bytes);
   18915   if (rc != TPM_RC_SUCCESS) {
   18916     return rc;
   18917   }
   18918   if (authorization_delegate) {
   18919     // Encrypt just the parameter data, not the size.
   18920     std::string tmp = buffer_bytes.substr(2);
   18921     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   18922       return TRUNKS_RC_ENCRYPTION_FAILED;
   18923     }
   18924     buffer_bytes.replace(2, std::string::npos, tmp);
   18925   }
   18926   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   18927       crypto::SecureHash::SHA256));
   18928   hash->Update(command_code_bytes.data(),
   18929                command_code_bytes.size());
   18930   hash->Update(sequence_handle_name.data(),
   18931                sequence_handle_name.size());
   18932   handle_section_bytes += sequence_handle_bytes;
   18933   command_size += sequence_handle_bytes.size();
   18934   hash->Update(buffer_bytes.data(),
   18935                buffer_bytes.size());
   18936   parameter_section_bytes += buffer_bytes;
   18937   command_size += buffer_bytes.size();
   18938   std::string command_hash(32, 0);
   18939   hash->Finish(string_as_array(&command_hash), command_hash.size());
   18940   std::string authorization_section_bytes;
   18941   std::string authorization_size_bytes;
   18942   if (authorization_delegate) {
   18943     if (!authorization_delegate->GetCommandAuthorization(
   18944         command_hash,
   18945         is_command_parameter_encryption_possible,
   18946         is_response_parameter_encryption_possible,
   18947         &authorization_section_bytes)) {
   18948       return TRUNKS_RC_AUTHORIZATION_FAILED;
   18949     }
   18950     if (!authorization_section_bytes.empty()) {
   18951       tag = TPM_ST_SESSIONS;
   18952       std::string tmp;
   18953       rc = Serialize_UINT32(authorization_section_bytes.size(),
   18954                             &authorization_size_bytes);
   18955       if (rc != TPM_RC_SUCCESS) {
   18956         return rc;
   18957       }
   18958       command_size += authorization_size_bytes.size() +
   18959                       authorization_section_bytes.size();
   18960     }
   18961   }
   18962   std::string tag_bytes;
   18963   rc = Serialize_TPMI_ST_COMMAND_TAG(
   18964       tag,
   18965       &tag_bytes);
   18966   if (rc != TPM_RC_SUCCESS) {
   18967     return rc;
   18968   }
   18969   std::string command_size_bytes;
   18970   rc = Serialize_UINT32(
   18971       command_size,
   18972       &command_size_bytes);
   18973   if (rc != TPM_RC_SUCCESS) {
   18974     return rc;
   18975   }
   18976   *serialized_command = tag_bytes +
   18977                         command_size_bytes +
   18978                         command_code_bytes +
   18979                         handle_section_bytes +
   18980                         authorization_size_bytes +
   18981                         authorization_section_bytes +
   18982                         parameter_section_bytes;
   18983   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   18984   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   18985                                             serialized_command->size());
   18986   return TPM_RC_SUCCESS;
   18987 }
   18988 
   18989 TPM_RC Tpm::ParseResponse_SequenceUpdate(
   18990       const std::string& response,
   18991       AuthorizationDelegate* authorization_delegate) {
   18992   VLOG(3) << __func__;
   18993   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   18994   TPM_RC rc = TPM_RC_SUCCESS;
   18995   std::string buffer(response);
   18996   TPM_ST tag;
   18997   std::string tag_bytes;
   18998   rc = Parse_TPM_ST(
   18999       &buffer,
   19000       &tag,
   19001       &tag_bytes);
   19002   if (rc != TPM_RC_SUCCESS) {
   19003     return rc;
   19004   }
   19005   UINT32 response_size;
   19006   std::string response_size_bytes;
   19007   rc = Parse_UINT32(
   19008       &buffer,
   19009       &response_size,
   19010       &response_size_bytes);
   19011   if (rc != TPM_RC_SUCCESS) {
   19012     return rc;
   19013   }
   19014   TPM_RC response_code;
   19015   std::string response_code_bytes;
   19016   rc = Parse_TPM_RC(
   19017       &buffer,
   19018       &response_code,
   19019       &response_code_bytes);
   19020   if (rc != TPM_RC_SUCCESS) {
   19021     return rc;
   19022   }
   19023   if (response_size != response.size()) {
   19024     return TPM_RC_SIZE;
   19025   }
   19026   if (response_code != TPM_RC_SUCCESS) {
   19027     return response_code;
   19028   }
   19029   TPM_CC command_code = TPM_CC_SequenceUpdate;
   19030   std::string command_code_bytes;
   19031   rc = Serialize_TPM_CC(
   19032       command_code,
   19033       &command_code_bytes);
   19034   if (rc != TPM_RC_SUCCESS) {
   19035     return rc;
   19036   }
   19037   std::string authorization_section_bytes;
   19038   if (tag == TPM_ST_SESSIONS) {
   19039     UINT32 parameter_section_size = buffer.size();
   19040     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   19041     if (rc != TPM_RC_SUCCESS) {
   19042       return rc;
   19043     }
   19044     if (parameter_section_size > buffer.size()) {
   19045       return TPM_RC_INSUFFICIENT;
   19046     }
   19047     authorization_section_bytes = buffer.substr(parameter_section_size);
   19048     // Keep the parameter section in |buffer|.
   19049     buffer.erase(parameter_section_size);
   19050   }
   19051   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   19052       crypto::SecureHash::SHA256));
   19053   hash->Update(response_code_bytes.data(),
   19054                response_code_bytes.size());
   19055   hash->Update(command_code_bytes.data(),
   19056                command_code_bytes.size());
   19057   hash->Update(buffer.data(),
   19058                buffer.size());
   19059   std::string response_hash(32, 0);
   19060   hash->Finish(string_as_array(&response_hash), response_hash.size());
   19061   if (tag == TPM_ST_SESSIONS) {
   19062     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19063     if (!authorization_delegate->CheckResponseAuthorization(
   19064         response_hash,
   19065         authorization_section_bytes)) {
   19066       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19067     }
   19068   }
   19069   return TPM_RC_SUCCESS;
   19070 }
   19071 
   19072 void SequenceUpdateErrorCallback(
   19073     const Tpm::SequenceUpdateResponse& callback,
   19074     TPM_RC response_code) {
   19075   VLOG(1) << __func__;
   19076   callback.Run(response_code);
   19077 }
   19078 
   19079 void SequenceUpdateResponseParser(
   19080     const Tpm::SequenceUpdateResponse& callback,
   19081     AuthorizationDelegate* authorization_delegate,
   19082     const std::string& response) {
   19083   VLOG(1) << __func__;
   19084   base::Callback<void(TPM_RC)> error_reporter =
   19085       base::Bind(SequenceUpdateErrorCallback, callback);
   19086   TPM_RC rc = Tpm::ParseResponse_SequenceUpdate(
   19087       response,
   19088       authorization_delegate);
   19089   if (rc != TPM_RC_SUCCESS) {
   19090     error_reporter.Run(rc);
   19091     return;
   19092   }
   19093   callback.Run(
   19094       rc);
   19095 }
   19096 
   19097 void Tpm::SequenceUpdate(
   19098       const TPMI_DH_OBJECT& sequence_handle,
   19099       const std::string& sequence_handle_name,
   19100       const TPM2B_MAX_BUFFER& buffer,
   19101       AuthorizationDelegate* authorization_delegate,
   19102       const SequenceUpdateResponse& callback) {
   19103   VLOG(1) << __func__;
   19104   base::Callback<void(TPM_RC)> error_reporter =
   19105       base::Bind(SequenceUpdateErrorCallback, callback);
   19106   base::Callback<void(const std::string&)> parser =
   19107       base::Bind(SequenceUpdateResponseParser,
   19108                  callback,
   19109                  authorization_delegate);
   19110   std::string command;
   19111   TPM_RC rc = SerializeCommand_SequenceUpdate(
   19112       sequence_handle,
   19113       sequence_handle_name,
   19114       buffer,
   19115       &command,
   19116       authorization_delegate);
   19117   if (rc != TPM_RC_SUCCESS) {
   19118     error_reporter.Run(rc);
   19119     return;
   19120   }
   19121   transceiver_->SendCommand(command, parser);
   19122 }
   19123 
   19124 TPM_RC Tpm::SequenceUpdateSync(
   19125       const TPMI_DH_OBJECT& sequence_handle,
   19126       const std::string& sequence_handle_name,
   19127       const TPM2B_MAX_BUFFER& buffer,
   19128       AuthorizationDelegate* authorization_delegate) {
   19129   VLOG(1) << __func__;
   19130   std::string command;
   19131   TPM_RC rc = SerializeCommand_SequenceUpdate(
   19132       sequence_handle,
   19133       sequence_handle_name,
   19134       buffer,
   19135       &command,
   19136       authorization_delegate);
   19137   if (rc != TPM_RC_SUCCESS) {
   19138     return rc;
   19139   }
   19140   std::string response = transceiver_->SendCommandAndWait(command);
   19141   rc = ParseResponse_SequenceUpdate(
   19142       response,
   19143       authorization_delegate);
   19144   return rc;
   19145 }
   19146 
   19147 TPM_RC Tpm::SerializeCommand_SequenceComplete(
   19148       const TPMI_DH_OBJECT& sequence_handle,
   19149       const std::string& sequence_handle_name,
   19150       const TPM2B_MAX_BUFFER& buffer,
   19151       const TPMI_RH_HIERARCHY& hierarchy,
   19152       std::string* serialized_command,
   19153       AuthorizationDelegate* authorization_delegate) {
   19154   VLOG(3) << __func__;
   19155   TPM_RC rc = TPM_RC_SUCCESS;
   19156   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   19157   UINT32 command_size = 10;  // Header size.
   19158   std::string handle_section_bytes;
   19159   std::string parameter_section_bytes;
   19160   TPM_CC command_code = TPM_CC_SequenceComplete;
   19161   bool is_command_parameter_encryption_possible = true;
   19162   bool is_response_parameter_encryption_possible = true;
   19163   std::string command_code_bytes;
   19164   rc = Serialize_TPM_CC(
   19165       command_code,
   19166       &command_code_bytes);
   19167   if (rc != TPM_RC_SUCCESS) {
   19168     return rc;
   19169   }
   19170   std::string sequence_handle_bytes;
   19171   rc = Serialize_TPMI_DH_OBJECT(
   19172       sequence_handle,
   19173       &sequence_handle_bytes);
   19174   if (rc != TPM_RC_SUCCESS) {
   19175     return rc;
   19176   }
   19177   std::string buffer_bytes;
   19178   rc = Serialize_TPM2B_MAX_BUFFER(
   19179       buffer,
   19180       &buffer_bytes);
   19181   if (rc != TPM_RC_SUCCESS) {
   19182     return rc;
   19183   }
   19184   std::string hierarchy_bytes;
   19185   rc = Serialize_TPMI_RH_HIERARCHY(
   19186       hierarchy,
   19187       &hierarchy_bytes);
   19188   if (rc != TPM_RC_SUCCESS) {
   19189     return rc;
   19190   }
   19191   if (authorization_delegate) {
   19192     // Encrypt just the parameter data, not the size.
   19193     std::string tmp = buffer_bytes.substr(2);
   19194     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   19195       return TRUNKS_RC_ENCRYPTION_FAILED;
   19196     }
   19197     buffer_bytes.replace(2, std::string::npos, tmp);
   19198   }
   19199   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   19200       crypto::SecureHash::SHA256));
   19201   hash->Update(command_code_bytes.data(),
   19202                command_code_bytes.size());
   19203   hash->Update(sequence_handle_name.data(),
   19204                sequence_handle_name.size());
   19205   handle_section_bytes += sequence_handle_bytes;
   19206   command_size += sequence_handle_bytes.size();
   19207   hash->Update(buffer_bytes.data(),
   19208                buffer_bytes.size());
   19209   parameter_section_bytes += buffer_bytes;
   19210   command_size += buffer_bytes.size();
   19211   hash->Update(hierarchy_bytes.data(),
   19212                hierarchy_bytes.size());
   19213   parameter_section_bytes += hierarchy_bytes;
   19214   command_size += hierarchy_bytes.size();
   19215   std::string command_hash(32, 0);
   19216   hash->Finish(string_as_array(&command_hash), command_hash.size());
   19217   std::string authorization_section_bytes;
   19218   std::string authorization_size_bytes;
   19219   if (authorization_delegate) {
   19220     if (!authorization_delegate->GetCommandAuthorization(
   19221         command_hash,
   19222         is_command_parameter_encryption_possible,
   19223         is_response_parameter_encryption_possible,
   19224         &authorization_section_bytes)) {
   19225       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19226     }
   19227     if (!authorization_section_bytes.empty()) {
   19228       tag = TPM_ST_SESSIONS;
   19229       std::string tmp;
   19230       rc = Serialize_UINT32(authorization_section_bytes.size(),
   19231                             &authorization_size_bytes);
   19232       if (rc != TPM_RC_SUCCESS) {
   19233         return rc;
   19234       }
   19235       command_size += authorization_size_bytes.size() +
   19236                       authorization_section_bytes.size();
   19237     }
   19238   }
   19239   std::string tag_bytes;
   19240   rc = Serialize_TPMI_ST_COMMAND_TAG(
   19241       tag,
   19242       &tag_bytes);
   19243   if (rc != TPM_RC_SUCCESS) {
   19244     return rc;
   19245   }
   19246   std::string command_size_bytes;
   19247   rc = Serialize_UINT32(
   19248       command_size,
   19249       &command_size_bytes);
   19250   if (rc != TPM_RC_SUCCESS) {
   19251     return rc;
   19252   }
   19253   *serialized_command = tag_bytes +
   19254                         command_size_bytes +
   19255                         command_code_bytes +
   19256                         handle_section_bytes +
   19257                         authorization_size_bytes +
   19258                         authorization_section_bytes +
   19259                         parameter_section_bytes;
   19260   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   19261   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   19262                                             serialized_command->size());
   19263   return TPM_RC_SUCCESS;
   19264 }
   19265 
   19266 TPM_RC Tpm::ParseResponse_SequenceComplete(
   19267       const std::string& response,
   19268       TPM2B_DIGEST* result,
   19269       TPMT_TK_HASHCHECK* validation,
   19270       AuthorizationDelegate* authorization_delegate) {
   19271   VLOG(3) << __func__;
   19272   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   19273   TPM_RC rc = TPM_RC_SUCCESS;
   19274   std::string buffer(response);
   19275   TPM_ST tag;
   19276   std::string tag_bytes;
   19277   rc = Parse_TPM_ST(
   19278       &buffer,
   19279       &tag,
   19280       &tag_bytes);
   19281   if (rc != TPM_RC_SUCCESS) {
   19282     return rc;
   19283   }
   19284   UINT32 response_size;
   19285   std::string response_size_bytes;
   19286   rc = Parse_UINT32(
   19287       &buffer,
   19288       &response_size,
   19289       &response_size_bytes);
   19290   if (rc != TPM_RC_SUCCESS) {
   19291     return rc;
   19292   }
   19293   TPM_RC response_code;
   19294   std::string response_code_bytes;
   19295   rc = Parse_TPM_RC(
   19296       &buffer,
   19297       &response_code,
   19298       &response_code_bytes);
   19299   if (rc != TPM_RC_SUCCESS) {
   19300     return rc;
   19301   }
   19302   if (response_size != response.size()) {
   19303     return TPM_RC_SIZE;
   19304   }
   19305   if (response_code != TPM_RC_SUCCESS) {
   19306     return response_code;
   19307   }
   19308   TPM_CC command_code = TPM_CC_SequenceComplete;
   19309   std::string command_code_bytes;
   19310   rc = Serialize_TPM_CC(
   19311       command_code,
   19312       &command_code_bytes);
   19313   if (rc != TPM_RC_SUCCESS) {
   19314     return rc;
   19315   }
   19316   std::string authorization_section_bytes;
   19317   if (tag == TPM_ST_SESSIONS) {
   19318     UINT32 parameter_section_size = buffer.size();
   19319     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   19320     if (rc != TPM_RC_SUCCESS) {
   19321       return rc;
   19322     }
   19323     if (parameter_section_size > buffer.size()) {
   19324       return TPM_RC_INSUFFICIENT;
   19325     }
   19326     authorization_section_bytes = buffer.substr(parameter_section_size);
   19327     // Keep the parameter section in |buffer|.
   19328     buffer.erase(parameter_section_size);
   19329   }
   19330   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   19331       crypto::SecureHash::SHA256));
   19332   hash->Update(response_code_bytes.data(),
   19333                response_code_bytes.size());
   19334   hash->Update(command_code_bytes.data(),
   19335                command_code_bytes.size());
   19336   hash->Update(buffer.data(),
   19337                buffer.size());
   19338   std::string response_hash(32, 0);
   19339   hash->Finish(string_as_array(&response_hash), response_hash.size());
   19340   if (tag == TPM_ST_SESSIONS) {
   19341     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19342     if (!authorization_delegate->CheckResponseAuthorization(
   19343         response_hash,
   19344         authorization_section_bytes)) {
   19345       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19346     }
   19347   }
   19348   std::string result_bytes;
   19349   rc = Parse_TPM2B_DIGEST(
   19350       &buffer,
   19351       result,
   19352       &result_bytes);
   19353   if (rc != TPM_RC_SUCCESS) {
   19354     return rc;
   19355   }
   19356   std::string validation_bytes;
   19357   rc = Parse_TPMT_TK_HASHCHECK(
   19358       &buffer,
   19359       validation,
   19360       &validation_bytes);
   19361   if (rc != TPM_RC_SUCCESS) {
   19362     return rc;
   19363   }
   19364   if (tag == TPM_ST_SESSIONS) {
   19365     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19366     // Decrypt just the parameter data, not the size.
   19367     std::string tmp = result_bytes.substr(2);
   19368     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   19369       return TRUNKS_RC_ENCRYPTION_FAILED;
   19370     }
   19371     result_bytes.replace(2, std::string::npos, tmp);
   19372     rc = Parse_TPM2B_DIGEST(
   19373         &result_bytes,
   19374         result,
   19375         nullptr);
   19376     if (rc != TPM_RC_SUCCESS) {
   19377       return rc;
   19378     }
   19379   }
   19380   return TPM_RC_SUCCESS;
   19381 }
   19382 
   19383 void SequenceCompleteErrorCallback(
   19384     const Tpm::SequenceCompleteResponse& callback,
   19385     TPM_RC response_code) {
   19386   VLOG(1) << __func__;
   19387   callback.Run(response_code,
   19388                TPM2B_DIGEST(),
   19389                TPMT_TK_HASHCHECK());
   19390 }
   19391 
   19392 void SequenceCompleteResponseParser(
   19393     const Tpm::SequenceCompleteResponse& callback,
   19394     AuthorizationDelegate* authorization_delegate,
   19395     const std::string& response) {
   19396   VLOG(1) << __func__;
   19397   base::Callback<void(TPM_RC)> error_reporter =
   19398       base::Bind(SequenceCompleteErrorCallback, callback);
   19399   TPM2B_DIGEST result;
   19400   TPMT_TK_HASHCHECK validation;
   19401   TPM_RC rc = Tpm::ParseResponse_SequenceComplete(
   19402       response,
   19403       &result,
   19404       &validation,
   19405       authorization_delegate);
   19406   if (rc != TPM_RC_SUCCESS) {
   19407     error_reporter.Run(rc);
   19408     return;
   19409   }
   19410   callback.Run(
   19411       rc,
   19412       result,
   19413       validation);
   19414 }
   19415 
   19416 void Tpm::SequenceComplete(
   19417       const TPMI_DH_OBJECT& sequence_handle,
   19418       const std::string& sequence_handle_name,
   19419       const TPM2B_MAX_BUFFER& buffer,
   19420       const TPMI_RH_HIERARCHY& hierarchy,
   19421       AuthorizationDelegate* authorization_delegate,
   19422       const SequenceCompleteResponse& callback) {
   19423   VLOG(1) << __func__;
   19424   base::Callback<void(TPM_RC)> error_reporter =
   19425       base::Bind(SequenceCompleteErrorCallback, callback);
   19426   base::Callback<void(const std::string&)> parser =
   19427       base::Bind(SequenceCompleteResponseParser,
   19428                  callback,
   19429                  authorization_delegate);
   19430   std::string command;
   19431   TPM_RC rc = SerializeCommand_SequenceComplete(
   19432       sequence_handle,
   19433       sequence_handle_name,
   19434       buffer,
   19435       hierarchy,
   19436       &command,
   19437       authorization_delegate);
   19438   if (rc != TPM_RC_SUCCESS) {
   19439     error_reporter.Run(rc);
   19440     return;
   19441   }
   19442   transceiver_->SendCommand(command, parser);
   19443 }
   19444 
   19445 TPM_RC Tpm::SequenceCompleteSync(
   19446       const TPMI_DH_OBJECT& sequence_handle,
   19447       const std::string& sequence_handle_name,
   19448       const TPM2B_MAX_BUFFER& buffer,
   19449       const TPMI_RH_HIERARCHY& hierarchy,
   19450       TPM2B_DIGEST* result,
   19451       TPMT_TK_HASHCHECK* validation,
   19452       AuthorizationDelegate* authorization_delegate) {
   19453   VLOG(1) << __func__;
   19454   std::string command;
   19455   TPM_RC rc = SerializeCommand_SequenceComplete(
   19456       sequence_handle,
   19457       sequence_handle_name,
   19458       buffer,
   19459       hierarchy,
   19460       &command,
   19461       authorization_delegate);
   19462   if (rc != TPM_RC_SUCCESS) {
   19463     return rc;
   19464   }
   19465   std::string response = transceiver_->SendCommandAndWait(command);
   19466   rc = ParseResponse_SequenceComplete(
   19467       response,
   19468       result,
   19469       validation,
   19470       authorization_delegate);
   19471   return rc;
   19472 }
   19473 
   19474 TPM_RC Tpm::SerializeCommand_EventSequenceComplete(
   19475       const TPMI_DH_PCR& pcr_handle,
   19476       const std::string& pcr_handle_name,
   19477       const TPMI_DH_OBJECT& sequence_handle,
   19478       const std::string& sequence_handle_name,
   19479       const TPM2B_MAX_BUFFER& buffer,
   19480       std::string* serialized_command,
   19481       AuthorizationDelegate* authorization_delegate) {
   19482   VLOG(3) << __func__;
   19483   TPM_RC rc = TPM_RC_SUCCESS;
   19484   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   19485   UINT32 command_size = 10;  // Header size.
   19486   std::string handle_section_bytes;
   19487   std::string parameter_section_bytes;
   19488   TPM_CC command_code = TPM_CC_EventSequenceComplete;
   19489   bool is_command_parameter_encryption_possible = true;
   19490   bool is_response_parameter_encryption_possible = false;
   19491   std::string command_code_bytes;
   19492   rc = Serialize_TPM_CC(
   19493       command_code,
   19494       &command_code_bytes);
   19495   if (rc != TPM_RC_SUCCESS) {
   19496     return rc;
   19497   }
   19498   std::string pcr_handle_bytes;
   19499   rc = Serialize_TPMI_DH_PCR(
   19500       pcr_handle,
   19501       &pcr_handle_bytes);
   19502   if (rc != TPM_RC_SUCCESS) {
   19503     return rc;
   19504   }
   19505   std::string sequence_handle_bytes;
   19506   rc = Serialize_TPMI_DH_OBJECT(
   19507       sequence_handle,
   19508       &sequence_handle_bytes);
   19509   if (rc != TPM_RC_SUCCESS) {
   19510     return rc;
   19511   }
   19512   std::string buffer_bytes;
   19513   rc = Serialize_TPM2B_MAX_BUFFER(
   19514       buffer,
   19515       &buffer_bytes);
   19516   if (rc != TPM_RC_SUCCESS) {
   19517     return rc;
   19518   }
   19519   if (authorization_delegate) {
   19520     // Encrypt just the parameter data, not the size.
   19521     std::string tmp = buffer_bytes.substr(2);
   19522     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   19523       return TRUNKS_RC_ENCRYPTION_FAILED;
   19524     }
   19525     buffer_bytes.replace(2, std::string::npos, tmp);
   19526   }
   19527   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   19528       crypto::SecureHash::SHA256));
   19529   hash->Update(command_code_bytes.data(),
   19530                command_code_bytes.size());
   19531   hash->Update(pcr_handle_name.data(),
   19532                pcr_handle_name.size());
   19533   handle_section_bytes += pcr_handle_bytes;
   19534   command_size += pcr_handle_bytes.size();
   19535   hash->Update(sequence_handle_name.data(),
   19536                sequence_handle_name.size());
   19537   handle_section_bytes += sequence_handle_bytes;
   19538   command_size += sequence_handle_bytes.size();
   19539   hash->Update(buffer_bytes.data(),
   19540                buffer_bytes.size());
   19541   parameter_section_bytes += buffer_bytes;
   19542   command_size += buffer_bytes.size();
   19543   std::string command_hash(32, 0);
   19544   hash->Finish(string_as_array(&command_hash), command_hash.size());
   19545   std::string authorization_section_bytes;
   19546   std::string authorization_size_bytes;
   19547   if (authorization_delegate) {
   19548     if (!authorization_delegate->GetCommandAuthorization(
   19549         command_hash,
   19550         is_command_parameter_encryption_possible,
   19551         is_response_parameter_encryption_possible,
   19552         &authorization_section_bytes)) {
   19553       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19554     }
   19555     if (!authorization_section_bytes.empty()) {
   19556       tag = TPM_ST_SESSIONS;
   19557       std::string tmp;
   19558       rc = Serialize_UINT32(authorization_section_bytes.size(),
   19559                             &authorization_size_bytes);
   19560       if (rc != TPM_RC_SUCCESS) {
   19561         return rc;
   19562       }
   19563       command_size += authorization_size_bytes.size() +
   19564                       authorization_section_bytes.size();
   19565     }
   19566   }
   19567   std::string tag_bytes;
   19568   rc = Serialize_TPMI_ST_COMMAND_TAG(
   19569       tag,
   19570       &tag_bytes);
   19571   if (rc != TPM_RC_SUCCESS) {
   19572     return rc;
   19573   }
   19574   std::string command_size_bytes;
   19575   rc = Serialize_UINT32(
   19576       command_size,
   19577       &command_size_bytes);
   19578   if (rc != TPM_RC_SUCCESS) {
   19579     return rc;
   19580   }
   19581   *serialized_command = tag_bytes +
   19582                         command_size_bytes +
   19583                         command_code_bytes +
   19584                         handle_section_bytes +
   19585                         authorization_size_bytes +
   19586                         authorization_section_bytes +
   19587                         parameter_section_bytes;
   19588   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   19589   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   19590                                             serialized_command->size());
   19591   return TPM_RC_SUCCESS;
   19592 }
   19593 
   19594 TPM_RC Tpm::ParseResponse_EventSequenceComplete(
   19595       const std::string& response,
   19596       TPML_DIGEST_VALUES* results,
   19597       AuthorizationDelegate* authorization_delegate) {
   19598   VLOG(3) << __func__;
   19599   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   19600   TPM_RC rc = TPM_RC_SUCCESS;
   19601   std::string buffer(response);
   19602   TPM_ST tag;
   19603   std::string tag_bytes;
   19604   rc = Parse_TPM_ST(
   19605       &buffer,
   19606       &tag,
   19607       &tag_bytes);
   19608   if (rc != TPM_RC_SUCCESS) {
   19609     return rc;
   19610   }
   19611   UINT32 response_size;
   19612   std::string response_size_bytes;
   19613   rc = Parse_UINT32(
   19614       &buffer,
   19615       &response_size,
   19616       &response_size_bytes);
   19617   if (rc != TPM_RC_SUCCESS) {
   19618     return rc;
   19619   }
   19620   TPM_RC response_code;
   19621   std::string response_code_bytes;
   19622   rc = Parse_TPM_RC(
   19623       &buffer,
   19624       &response_code,
   19625       &response_code_bytes);
   19626   if (rc != TPM_RC_SUCCESS) {
   19627     return rc;
   19628   }
   19629   if (response_size != response.size()) {
   19630     return TPM_RC_SIZE;
   19631   }
   19632   if (response_code != TPM_RC_SUCCESS) {
   19633     return response_code;
   19634   }
   19635   TPM_CC command_code = TPM_CC_EventSequenceComplete;
   19636   std::string command_code_bytes;
   19637   rc = Serialize_TPM_CC(
   19638       command_code,
   19639       &command_code_bytes);
   19640   if (rc != TPM_RC_SUCCESS) {
   19641     return rc;
   19642   }
   19643   std::string authorization_section_bytes;
   19644   if (tag == TPM_ST_SESSIONS) {
   19645     UINT32 parameter_section_size = buffer.size();
   19646     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   19647     if (rc != TPM_RC_SUCCESS) {
   19648       return rc;
   19649     }
   19650     if (parameter_section_size > buffer.size()) {
   19651       return TPM_RC_INSUFFICIENT;
   19652     }
   19653     authorization_section_bytes = buffer.substr(parameter_section_size);
   19654     // Keep the parameter section in |buffer|.
   19655     buffer.erase(parameter_section_size);
   19656   }
   19657   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   19658       crypto::SecureHash::SHA256));
   19659   hash->Update(response_code_bytes.data(),
   19660                response_code_bytes.size());
   19661   hash->Update(command_code_bytes.data(),
   19662                command_code_bytes.size());
   19663   hash->Update(buffer.data(),
   19664                buffer.size());
   19665   std::string response_hash(32, 0);
   19666   hash->Finish(string_as_array(&response_hash), response_hash.size());
   19667   if (tag == TPM_ST_SESSIONS) {
   19668     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19669     if (!authorization_delegate->CheckResponseAuthorization(
   19670         response_hash,
   19671         authorization_section_bytes)) {
   19672       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19673     }
   19674   }
   19675   std::string results_bytes;
   19676   rc = Parse_TPML_DIGEST_VALUES(
   19677       &buffer,
   19678       results,
   19679       &results_bytes);
   19680   if (rc != TPM_RC_SUCCESS) {
   19681     return rc;
   19682   }
   19683   return TPM_RC_SUCCESS;
   19684 }
   19685 
   19686 void EventSequenceCompleteErrorCallback(
   19687     const Tpm::EventSequenceCompleteResponse& callback,
   19688     TPM_RC response_code) {
   19689   VLOG(1) << __func__;
   19690   callback.Run(response_code,
   19691                TPML_DIGEST_VALUES());
   19692 }
   19693 
   19694 void EventSequenceCompleteResponseParser(
   19695     const Tpm::EventSequenceCompleteResponse& callback,
   19696     AuthorizationDelegate* authorization_delegate,
   19697     const std::string& response) {
   19698   VLOG(1) << __func__;
   19699   base::Callback<void(TPM_RC)> error_reporter =
   19700       base::Bind(EventSequenceCompleteErrorCallback, callback);
   19701   TPML_DIGEST_VALUES results;
   19702   TPM_RC rc = Tpm::ParseResponse_EventSequenceComplete(
   19703       response,
   19704       &results,
   19705       authorization_delegate);
   19706   if (rc != TPM_RC_SUCCESS) {
   19707     error_reporter.Run(rc);
   19708     return;
   19709   }
   19710   callback.Run(
   19711       rc,
   19712       results);
   19713 }
   19714 
   19715 void Tpm::EventSequenceComplete(
   19716       const TPMI_DH_PCR& pcr_handle,
   19717       const std::string& pcr_handle_name,
   19718       const TPMI_DH_OBJECT& sequence_handle,
   19719       const std::string& sequence_handle_name,
   19720       const TPM2B_MAX_BUFFER& buffer,
   19721       AuthorizationDelegate* authorization_delegate,
   19722       const EventSequenceCompleteResponse& callback) {
   19723   VLOG(1) << __func__;
   19724   base::Callback<void(TPM_RC)> error_reporter =
   19725       base::Bind(EventSequenceCompleteErrorCallback, callback);
   19726   base::Callback<void(const std::string&)> parser =
   19727       base::Bind(EventSequenceCompleteResponseParser,
   19728                  callback,
   19729                  authorization_delegate);
   19730   std::string command;
   19731   TPM_RC rc = SerializeCommand_EventSequenceComplete(
   19732       pcr_handle,
   19733       pcr_handle_name,
   19734       sequence_handle,
   19735       sequence_handle_name,
   19736       buffer,
   19737       &command,
   19738       authorization_delegate);
   19739   if (rc != TPM_RC_SUCCESS) {
   19740     error_reporter.Run(rc);
   19741     return;
   19742   }
   19743   transceiver_->SendCommand(command, parser);
   19744 }
   19745 
   19746 TPM_RC Tpm::EventSequenceCompleteSync(
   19747       const TPMI_DH_PCR& pcr_handle,
   19748       const std::string& pcr_handle_name,
   19749       const TPMI_DH_OBJECT& sequence_handle,
   19750       const std::string& sequence_handle_name,
   19751       const TPM2B_MAX_BUFFER& buffer,
   19752       TPML_DIGEST_VALUES* results,
   19753       AuthorizationDelegate* authorization_delegate) {
   19754   VLOG(1) << __func__;
   19755   std::string command;
   19756   TPM_RC rc = SerializeCommand_EventSequenceComplete(
   19757       pcr_handle,
   19758       pcr_handle_name,
   19759       sequence_handle,
   19760       sequence_handle_name,
   19761       buffer,
   19762       &command,
   19763       authorization_delegate);
   19764   if (rc != TPM_RC_SUCCESS) {
   19765     return rc;
   19766   }
   19767   std::string response = transceiver_->SendCommandAndWait(command);
   19768   rc = ParseResponse_EventSequenceComplete(
   19769       response,
   19770       results,
   19771       authorization_delegate);
   19772   return rc;
   19773 }
   19774 
   19775 TPM_RC Tpm::SerializeCommand_Certify(
   19776       const TPMI_DH_OBJECT& object_handle,
   19777       const std::string& object_handle_name,
   19778       const TPMI_DH_OBJECT& sign_handle,
   19779       const std::string& sign_handle_name,
   19780       const TPM2B_DATA& qualifying_data,
   19781       const TPMT_SIG_SCHEME& in_scheme,
   19782       std::string* serialized_command,
   19783       AuthorizationDelegate* authorization_delegate) {
   19784   VLOG(3) << __func__;
   19785   TPM_RC rc = TPM_RC_SUCCESS;
   19786   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   19787   UINT32 command_size = 10;  // Header size.
   19788   std::string handle_section_bytes;
   19789   std::string parameter_section_bytes;
   19790   TPM_CC command_code = TPM_CC_Certify;
   19791   bool is_command_parameter_encryption_possible = true;
   19792   bool is_response_parameter_encryption_possible = true;
   19793   std::string command_code_bytes;
   19794   rc = Serialize_TPM_CC(
   19795       command_code,
   19796       &command_code_bytes);
   19797   if (rc != TPM_RC_SUCCESS) {
   19798     return rc;
   19799   }
   19800   std::string object_handle_bytes;
   19801   rc = Serialize_TPMI_DH_OBJECT(
   19802       object_handle,
   19803       &object_handle_bytes);
   19804   if (rc != TPM_RC_SUCCESS) {
   19805     return rc;
   19806   }
   19807   std::string sign_handle_bytes;
   19808   rc = Serialize_TPMI_DH_OBJECT(
   19809       sign_handle,
   19810       &sign_handle_bytes);
   19811   if (rc != TPM_RC_SUCCESS) {
   19812     return rc;
   19813   }
   19814   std::string qualifying_data_bytes;
   19815   rc = Serialize_TPM2B_DATA(
   19816       qualifying_data,
   19817       &qualifying_data_bytes);
   19818   if (rc != TPM_RC_SUCCESS) {
   19819     return rc;
   19820   }
   19821   std::string in_scheme_bytes;
   19822   rc = Serialize_TPMT_SIG_SCHEME(
   19823       in_scheme,
   19824       &in_scheme_bytes);
   19825   if (rc != TPM_RC_SUCCESS) {
   19826     return rc;
   19827   }
   19828   if (authorization_delegate) {
   19829     // Encrypt just the parameter data, not the size.
   19830     std::string tmp = qualifying_data_bytes.substr(2);
   19831     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   19832       return TRUNKS_RC_ENCRYPTION_FAILED;
   19833     }
   19834     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   19835   }
   19836   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   19837       crypto::SecureHash::SHA256));
   19838   hash->Update(command_code_bytes.data(),
   19839                command_code_bytes.size());
   19840   hash->Update(object_handle_name.data(),
   19841                object_handle_name.size());
   19842   handle_section_bytes += object_handle_bytes;
   19843   command_size += object_handle_bytes.size();
   19844   hash->Update(sign_handle_name.data(),
   19845                sign_handle_name.size());
   19846   handle_section_bytes += sign_handle_bytes;
   19847   command_size += sign_handle_bytes.size();
   19848   hash->Update(qualifying_data_bytes.data(),
   19849                qualifying_data_bytes.size());
   19850   parameter_section_bytes += qualifying_data_bytes;
   19851   command_size += qualifying_data_bytes.size();
   19852   hash->Update(in_scheme_bytes.data(),
   19853                in_scheme_bytes.size());
   19854   parameter_section_bytes += in_scheme_bytes;
   19855   command_size += in_scheme_bytes.size();
   19856   std::string command_hash(32, 0);
   19857   hash->Finish(string_as_array(&command_hash), command_hash.size());
   19858   std::string authorization_section_bytes;
   19859   std::string authorization_size_bytes;
   19860   if (authorization_delegate) {
   19861     if (!authorization_delegate->GetCommandAuthorization(
   19862         command_hash,
   19863         is_command_parameter_encryption_possible,
   19864         is_response_parameter_encryption_possible,
   19865         &authorization_section_bytes)) {
   19866       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19867     }
   19868     if (!authorization_section_bytes.empty()) {
   19869       tag = TPM_ST_SESSIONS;
   19870       std::string tmp;
   19871       rc = Serialize_UINT32(authorization_section_bytes.size(),
   19872                             &authorization_size_bytes);
   19873       if (rc != TPM_RC_SUCCESS) {
   19874         return rc;
   19875       }
   19876       command_size += authorization_size_bytes.size() +
   19877                       authorization_section_bytes.size();
   19878     }
   19879   }
   19880   std::string tag_bytes;
   19881   rc = Serialize_TPMI_ST_COMMAND_TAG(
   19882       tag,
   19883       &tag_bytes);
   19884   if (rc != TPM_RC_SUCCESS) {
   19885     return rc;
   19886   }
   19887   std::string command_size_bytes;
   19888   rc = Serialize_UINT32(
   19889       command_size,
   19890       &command_size_bytes);
   19891   if (rc != TPM_RC_SUCCESS) {
   19892     return rc;
   19893   }
   19894   *serialized_command = tag_bytes +
   19895                         command_size_bytes +
   19896                         command_code_bytes +
   19897                         handle_section_bytes +
   19898                         authorization_size_bytes +
   19899                         authorization_section_bytes +
   19900                         parameter_section_bytes;
   19901   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   19902   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   19903                                             serialized_command->size());
   19904   return TPM_RC_SUCCESS;
   19905 }
   19906 
   19907 TPM_RC Tpm::ParseResponse_Certify(
   19908       const std::string& response,
   19909       TPM2B_ATTEST* certify_info,
   19910       TPMT_SIGNATURE* signature,
   19911       AuthorizationDelegate* authorization_delegate) {
   19912   VLOG(3) << __func__;
   19913   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   19914   TPM_RC rc = TPM_RC_SUCCESS;
   19915   std::string buffer(response);
   19916   TPM_ST tag;
   19917   std::string tag_bytes;
   19918   rc = Parse_TPM_ST(
   19919       &buffer,
   19920       &tag,
   19921       &tag_bytes);
   19922   if (rc != TPM_RC_SUCCESS) {
   19923     return rc;
   19924   }
   19925   UINT32 response_size;
   19926   std::string response_size_bytes;
   19927   rc = Parse_UINT32(
   19928       &buffer,
   19929       &response_size,
   19930       &response_size_bytes);
   19931   if (rc != TPM_RC_SUCCESS) {
   19932     return rc;
   19933   }
   19934   TPM_RC response_code;
   19935   std::string response_code_bytes;
   19936   rc = Parse_TPM_RC(
   19937       &buffer,
   19938       &response_code,
   19939       &response_code_bytes);
   19940   if (rc != TPM_RC_SUCCESS) {
   19941     return rc;
   19942   }
   19943   if (response_size != response.size()) {
   19944     return TPM_RC_SIZE;
   19945   }
   19946   if (response_code != TPM_RC_SUCCESS) {
   19947     return response_code;
   19948   }
   19949   TPM_CC command_code = TPM_CC_Certify;
   19950   std::string command_code_bytes;
   19951   rc = Serialize_TPM_CC(
   19952       command_code,
   19953       &command_code_bytes);
   19954   if (rc != TPM_RC_SUCCESS) {
   19955     return rc;
   19956   }
   19957   std::string authorization_section_bytes;
   19958   if (tag == TPM_ST_SESSIONS) {
   19959     UINT32 parameter_section_size = buffer.size();
   19960     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   19961     if (rc != TPM_RC_SUCCESS) {
   19962       return rc;
   19963     }
   19964     if (parameter_section_size > buffer.size()) {
   19965       return TPM_RC_INSUFFICIENT;
   19966     }
   19967     authorization_section_bytes = buffer.substr(parameter_section_size);
   19968     // Keep the parameter section in |buffer|.
   19969     buffer.erase(parameter_section_size);
   19970   }
   19971   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   19972       crypto::SecureHash::SHA256));
   19973   hash->Update(response_code_bytes.data(),
   19974                response_code_bytes.size());
   19975   hash->Update(command_code_bytes.data(),
   19976                command_code_bytes.size());
   19977   hash->Update(buffer.data(),
   19978                buffer.size());
   19979   std::string response_hash(32, 0);
   19980   hash->Finish(string_as_array(&response_hash), response_hash.size());
   19981   if (tag == TPM_ST_SESSIONS) {
   19982     CHECK(authorization_delegate) << "Authorization delegate missing!";
   19983     if (!authorization_delegate->CheckResponseAuthorization(
   19984         response_hash,
   19985         authorization_section_bytes)) {
   19986       return TRUNKS_RC_AUTHORIZATION_FAILED;
   19987     }
   19988   }
   19989   std::string certify_info_bytes;
   19990   rc = Parse_TPM2B_ATTEST(
   19991       &buffer,
   19992       certify_info,
   19993       &certify_info_bytes);
   19994   if (rc != TPM_RC_SUCCESS) {
   19995     return rc;
   19996   }
   19997   std::string signature_bytes;
   19998   rc = Parse_TPMT_SIGNATURE(
   19999       &buffer,
   20000       signature,
   20001       &signature_bytes);
   20002   if (rc != TPM_RC_SUCCESS) {
   20003     return rc;
   20004   }
   20005   if (tag == TPM_ST_SESSIONS) {
   20006     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20007     // Decrypt just the parameter data, not the size.
   20008     std::string tmp = certify_info_bytes.substr(2);
   20009     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   20010       return TRUNKS_RC_ENCRYPTION_FAILED;
   20011     }
   20012     certify_info_bytes.replace(2, std::string::npos, tmp);
   20013     rc = Parse_TPM2B_ATTEST(
   20014         &certify_info_bytes,
   20015         certify_info,
   20016         nullptr);
   20017     if (rc != TPM_RC_SUCCESS) {
   20018       return rc;
   20019     }
   20020   }
   20021   return TPM_RC_SUCCESS;
   20022 }
   20023 
   20024 void CertifyErrorCallback(
   20025     const Tpm::CertifyResponse& callback,
   20026     TPM_RC response_code) {
   20027   VLOG(1) << __func__;
   20028   callback.Run(response_code,
   20029                TPM2B_ATTEST(),
   20030                TPMT_SIGNATURE());
   20031 }
   20032 
   20033 void CertifyResponseParser(
   20034     const Tpm::CertifyResponse& callback,
   20035     AuthorizationDelegate* authorization_delegate,
   20036     const std::string& response) {
   20037   VLOG(1) << __func__;
   20038   base::Callback<void(TPM_RC)> error_reporter =
   20039       base::Bind(CertifyErrorCallback, callback);
   20040   TPM2B_ATTEST certify_info;
   20041   TPMT_SIGNATURE signature;
   20042   TPM_RC rc = Tpm::ParseResponse_Certify(
   20043       response,
   20044       &certify_info,
   20045       &signature,
   20046       authorization_delegate);
   20047   if (rc != TPM_RC_SUCCESS) {
   20048     error_reporter.Run(rc);
   20049     return;
   20050   }
   20051   callback.Run(
   20052       rc,
   20053       certify_info,
   20054       signature);
   20055 }
   20056 
   20057 void Tpm::Certify(
   20058       const TPMI_DH_OBJECT& object_handle,
   20059       const std::string& object_handle_name,
   20060       const TPMI_DH_OBJECT& sign_handle,
   20061       const std::string& sign_handle_name,
   20062       const TPM2B_DATA& qualifying_data,
   20063       const TPMT_SIG_SCHEME& in_scheme,
   20064       AuthorizationDelegate* authorization_delegate,
   20065       const CertifyResponse& callback) {
   20066   VLOG(1) << __func__;
   20067   base::Callback<void(TPM_RC)> error_reporter =
   20068       base::Bind(CertifyErrorCallback, callback);
   20069   base::Callback<void(const std::string&)> parser =
   20070       base::Bind(CertifyResponseParser,
   20071                  callback,
   20072                  authorization_delegate);
   20073   std::string command;
   20074   TPM_RC rc = SerializeCommand_Certify(
   20075       object_handle,
   20076       object_handle_name,
   20077       sign_handle,
   20078       sign_handle_name,
   20079       qualifying_data,
   20080       in_scheme,
   20081       &command,
   20082       authorization_delegate);
   20083   if (rc != TPM_RC_SUCCESS) {
   20084     error_reporter.Run(rc);
   20085     return;
   20086   }
   20087   transceiver_->SendCommand(command, parser);
   20088 }
   20089 
   20090 TPM_RC Tpm::CertifySync(
   20091       const TPMI_DH_OBJECT& object_handle,
   20092       const std::string& object_handle_name,
   20093       const TPMI_DH_OBJECT& sign_handle,
   20094       const std::string& sign_handle_name,
   20095       const TPM2B_DATA& qualifying_data,
   20096       const TPMT_SIG_SCHEME& in_scheme,
   20097       TPM2B_ATTEST* certify_info,
   20098       TPMT_SIGNATURE* signature,
   20099       AuthorizationDelegate* authorization_delegate) {
   20100   VLOG(1) << __func__;
   20101   std::string command;
   20102   TPM_RC rc = SerializeCommand_Certify(
   20103       object_handle,
   20104       object_handle_name,
   20105       sign_handle,
   20106       sign_handle_name,
   20107       qualifying_data,
   20108       in_scheme,
   20109       &command,
   20110       authorization_delegate);
   20111   if (rc != TPM_RC_SUCCESS) {
   20112     return rc;
   20113   }
   20114   std::string response = transceiver_->SendCommandAndWait(command);
   20115   rc = ParseResponse_Certify(
   20116       response,
   20117       certify_info,
   20118       signature,
   20119       authorization_delegate);
   20120   return rc;
   20121 }
   20122 
   20123 TPM_RC Tpm::SerializeCommand_CertifyCreation(
   20124       const TPMI_DH_OBJECT& sign_handle,
   20125       const std::string& sign_handle_name,
   20126       const TPMI_DH_OBJECT& object_handle,
   20127       const std::string& object_handle_name,
   20128       const TPM2B_DATA& qualifying_data,
   20129       const TPM2B_DIGEST& creation_hash,
   20130       const TPMT_SIG_SCHEME& in_scheme,
   20131       const TPMT_TK_CREATION& creation_ticket,
   20132       std::string* serialized_command,
   20133       AuthorizationDelegate* authorization_delegate) {
   20134   VLOG(3) << __func__;
   20135   TPM_RC rc = TPM_RC_SUCCESS;
   20136   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   20137   UINT32 command_size = 10;  // Header size.
   20138   std::string handle_section_bytes;
   20139   std::string parameter_section_bytes;
   20140   TPM_CC command_code = TPM_CC_CertifyCreation;
   20141   bool is_command_parameter_encryption_possible = true;
   20142   bool is_response_parameter_encryption_possible = true;
   20143   std::string command_code_bytes;
   20144   rc = Serialize_TPM_CC(
   20145       command_code,
   20146       &command_code_bytes);
   20147   if (rc != TPM_RC_SUCCESS) {
   20148     return rc;
   20149   }
   20150   std::string sign_handle_bytes;
   20151   rc = Serialize_TPMI_DH_OBJECT(
   20152       sign_handle,
   20153       &sign_handle_bytes);
   20154   if (rc != TPM_RC_SUCCESS) {
   20155     return rc;
   20156   }
   20157   std::string object_handle_bytes;
   20158   rc = Serialize_TPMI_DH_OBJECT(
   20159       object_handle,
   20160       &object_handle_bytes);
   20161   if (rc != TPM_RC_SUCCESS) {
   20162     return rc;
   20163   }
   20164   std::string qualifying_data_bytes;
   20165   rc = Serialize_TPM2B_DATA(
   20166       qualifying_data,
   20167       &qualifying_data_bytes);
   20168   if (rc != TPM_RC_SUCCESS) {
   20169     return rc;
   20170   }
   20171   std::string creation_hash_bytes;
   20172   rc = Serialize_TPM2B_DIGEST(
   20173       creation_hash,
   20174       &creation_hash_bytes);
   20175   if (rc != TPM_RC_SUCCESS) {
   20176     return rc;
   20177   }
   20178   std::string in_scheme_bytes;
   20179   rc = Serialize_TPMT_SIG_SCHEME(
   20180       in_scheme,
   20181       &in_scheme_bytes);
   20182   if (rc != TPM_RC_SUCCESS) {
   20183     return rc;
   20184   }
   20185   std::string creation_ticket_bytes;
   20186   rc = Serialize_TPMT_TK_CREATION(
   20187       creation_ticket,
   20188       &creation_ticket_bytes);
   20189   if (rc != TPM_RC_SUCCESS) {
   20190     return rc;
   20191   }
   20192   if (authorization_delegate) {
   20193     // Encrypt just the parameter data, not the size.
   20194     std::string tmp = qualifying_data_bytes.substr(2);
   20195     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   20196       return TRUNKS_RC_ENCRYPTION_FAILED;
   20197     }
   20198     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   20199   }
   20200   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   20201       crypto::SecureHash::SHA256));
   20202   hash->Update(command_code_bytes.data(),
   20203                command_code_bytes.size());
   20204   hash->Update(sign_handle_name.data(),
   20205                sign_handle_name.size());
   20206   handle_section_bytes += sign_handle_bytes;
   20207   command_size += sign_handle_bytes.size();
   20208   hash->Update(object_handle_name.data(),
   20209                object_handle_name.size());
   20210   handle_section_bytes += object_handle_bytes;
   20211   command_size += object_handle_bytes.size();
   20212   hash->Update(qualifying_data_bytes.data(),
   20213                qualifying_data_bytes.size());
   20214   parameter_section_bytes += qualifying_data_bytes;
   20215   command_size += qualifying_data_bytes.size();
   20216   hash->Update(creation_hash_bytes.data(),
   20217                creation_hash_bytes.size());
   20218   parameter_section_bytes += creation_hash_bytes;
   20219   command_size += creation_hash_bytes.size();
   20220   hash->Update(in_scheme_bytes.data(),
   20221                in_scheme_bytes.size());
   20222   parameter_section_bytes += in_scheme_bytes;
   20223   command_size += in_scheme_bytes.size();
   20224   hash->Update(creation_ticket_bytes.data(),
   20225                creation_ticket_bytes.size());
   20226   parameter_section_bytes += creation_ticket_bytes;
   20227   command_size += creation_ticket_bytes.size();
   20228   std::string command_hash(32, 0);
   20229   hash->Finish(string_as_array(&command_hash), command_hash.size());
   20230   std::string authorization_section_bytes;
   20231   std::string authorization_size_bytes;
   20232   if (authorization_delegate) {
   20233     if (!authorization_delegate->GetCommandAuthorization(
   20234         command_hash,
   20235         is_command_parameter_encryption_possible,
   20236         is_response_parameter_encryption_possible,
   20237         &authorization_section_bytes)) {
   20238       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20239     }
   20240     if (!authorization_section_bytes.empty()) {
   20241       tag = TPM_ST_SESSIONS;
   20242       std::string tmp;
   20243       rc = Serialize_UINT32(authorization_section_bytes.size(),
   20244                             &authorization_size_bytes);
   20245       if (rc != TPM_RC_SUCCESS) {
   20246         return rc;
   20247       }
   20248       command_size += authorization_size_bytes.size() +
   20249                       authorization_section_bytes.size();
   20250     }
   20251   }
   20252   std::string tag_bytes;
   20253   rc = Serialize_TPMI_ST_COMMAND_TAG(
   20254       tag,
   20255       &tag_bytes);
   20256   if (rc != TPM_RC_SUCCESS) {
   20257     return rc;
   20258   }
   20259   std::string command_size_bytes;
   20260   rc = Serialize_UINT32(
   20261       command_size,
   20262       &command_size_bytes);
   20263   if (rc != TPM_RC_SUCCESS) {
   20264     return rc;
   20265   }
   20266   *serialized_command = tag_bytes +
   20267                         command_size_bytes +
   20268                         command_code_bytes +
   20269                         handle_section_bytes +
   20270                         authorization_size_bytes +
   20271                         authorization_section_bytes +
   20272                         parameter_section_bytes;
   20273   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   20274   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   20275                                             serialized_command->size());
   20276   return TPM_RC_SUCCESS;
   20277 }
   20278 
   20279 TPM_RC Tpm::ParseResponse_CertifyCreation(
   20280       const std::string& response,
   20281       TPM2B_ATTEST* certify_info,
   20282       TPMT_SIGNATURE* signature,
   20283       AuthorizationDelegate* authorization_delegate) {
   20284   VLOG(3) << __func__;
   20285   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   20286   TPM_RC rc = TPM_RC_SUCCESS;
   20287   std::string buffer(response);
   20288   TPM_ST tag;
   20289   std::string tag_bytes;
   20290   rc = Parse_TPM_ST(
   20291       &buffer,
   20292       &tag,
   20293       &tag_bytes);
   20294   if (rc != TPM_RC_SUCCESS) {
   20295     return rc;
   20296   }
   20297   UINT32 response_size;
   20298   std::string response_size_bytes;
   20299   rc = Parse_UINT32(
   20300       &buffer,
   20301       &response_size,
   20302       &response_size_bytes);
   20303   if (rc != TPM_RC_SUCCESS) {
   20304     return rc;
   20305   }
   20306   TPM_RC response_code;
   20307   std::string response_code_bytes;
   20308   rc = Parse_TPM_RC(
   20309       &buffer,
   20310       &response_code,
   20311       &response_code_bytes);
   20312   if (rc != TPM_RC_SUCCESS) {
   20313     return rc;
   20314   }
   20315   if (response_size != response.size()) {
   20316     return TPM_RC_SIZE;
   20317   }
   20318   if (response_code != TPM_RC_SUCCESS) {
   20319     return response_code;
   20320   }
   20321   TPM_CC command_code = TPM_CC_CertifyCreation;
   20322   std::string command_code_bytes;
   20323   rc = Serialize_TPM_CC(
   20324       command_code,
   20325       &command_code_bytes);
   20326   if (rc != TPM_RC_SUCCESS) {
   20327     return rc;
   20328   }
   20329   std::string authorization_section_bytes;
   20330   if (tag == TPM_ST_SESSIONS) {
   20331     UINT32 parameter_section_size = buffer.size();
   20332     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   20333     if (rc != TPM_RC_SUCCESS) {
   20334       return rc;
   20335     }
   20336     if (parameter_section_size > buffer.size()) {
   20337       return TPM_RC_INSUFFICIENT;
   20338     }
   20339     authorization_section_bytes = buffer.substr(parameter_section_size);
   20340     // Keep the parameter section in |buffer|.
   20341     buffer.erase(parameter_section_size);
   20342   }
   20343   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   20344       crypto::SecureHash::SHA256));
   20345   hash->Update(response_code_bytes.data(),
   20346                response_code_bytes.size());
   20347   hash->Update(command_code_bytes.data(),
   20348                command_code_bytes.size());
   20349   hash->Update(buffer.data(),
   20350                buffer.size());
   20351   std::string response_hash(32, 0);
   20352   hash->Finish(string_as_array(&response_hash), response_hash.size());
   20353   if (tag == TPM_ST_SESSIONS) {
   20354     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20355     if (!authorization_delegate->CheckResponseAuthorization(
   20356         response_hash,
   20357         authorization_section_bytes)) {
   20358       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20359     }
   20360   }
   20361   std::string certify_info_bytes;
   20362   rc = Parse_TPM2B_ATTEST(
   20363       &buffer,
   20364       certify_info,
   20365       &certify_info_bytes);
   20366   if (rc != TPM_RC_SUCCESS) {
   20367     return rc;
   20368   }
   20369   std::string signature_bytes;
   20370   rc = Parse_TPMT_SIGNATURE(
   20371       &buffer,
   20372       signature,
   20373       &signature_bytes);
   20374   if (rc != TPM_RC_SUCCESS) {
   20375     return rc;
   20376   }
   20377   if (tag == TPM_ST_SESSIONS) {
   20378     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20379     // Decrypt just the parameter data, not the size.
   20380     std::string tmp = certify_info_bytes.substr(2);
   20381     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   20382       return TRUNKS_RC_ENCRYPTION_FAILED;
   20383     }
   20384     certify_info_bytes.replace(2, std::string::npos, tmp);
   20385     rc = Parse_TPM2B_ATTEST(
   20386         &certify_info_bytes,
   20387         certify_info,
   20388         nullptr);
   20389     if (rc != TPM_RC_SUCCESS) {
   20390       return rc;
   20391     }
   20392   }
   20393   return TPM_RC_SUCCESS;
   20394 }
   20395 
   20396 void CertifyCreationErrorCallback(
   20397     const Tpm::CertifyCreationResponse& callback,
   20398     TPM_RC response_code) {
   20399   VLOG(1) << __func__;
   20400   callback.Run(response_code,
   20401                TPM2B_ATTEST(),
   20402                TPMT_SIGNATURE());
   20403 }
   20404 
   20405 void CertifyCreationResponseParser(
   20406     const Tpm::CertifyCreationResponse& callback,
   20407     AuthorizationDelegate* authorization_delegate,
   20408     const std::string& response) {
   20409   VLOG(1) << __func__;
   20410   base::Callback<void(TPM_RC)> error_reporter =
   20411       base::Bind(CertifyCreationErrorCallback, callback);
   20412   TPM2B_ATTEST certify_info;
   20413   TPMT_SIGNATURE signature;
   20414   TPM_RC rc = Tpm::ParseResponse_CertifyCreation(
   20415       response,
   20416       &certify_info,
   20417       &signature,
   20418       authorization_delegate);
   20419   if (rc != TPM_RC_SUCCESS) {
   20420     error_reporter.Run(rc);
   20421     return;
   20422   }
   20423   callback.Run(
   20424       rc,
   20425       certify_info,
   20426       signature);
   20427 }
   20428 
   20429 void Tpm::CertifyCreation(
   20430       const TPMI_DH_OBJECT& sign_handle,
   20431       const std::string& sign_handle_name,
   20432       const TPMI_DH_OBJECT& object_handle,
   20433       const std::string& object_handle_name,
   20434       const TPM2B_DATA& qualifying_data,
   20435       const TPM2B_DIGEST& creation_hash,
   20436       const TPMT_SIG_SCHEME& in_scheme,
   20437       const TPMT_TK_CREATION& creation_ticket,
   20438       AuthorizationDelegate* authorization_delegate,
   20439       const CertifyCreationResponse& callback) {
   20440   VLOG(1) << __func__;
   20441   base::Callback<void(TPM_RC)> error_reporter =
   20442       base::Bind(CertifyCreationErrorCallback, callback);
   20443   base::Callback<void(const std::string&)> parser =
   20444       base::Bind(CertifyCreationResponseParser,
   20445                  callback,
   20446                  authorization_delegate);
   20447   std::string command;
   20448   TPM_RC rc = SerializeCommand_CertifyCreation(
   20449       sign_handle,
   20450       sign_handle_name,
   20451       object_handle,
   20452       object_handle_name,
   20453       qualifying_data,
   20454       creation_hash,
   20455       in_scheme,
   20456       creation_ticket,
   20457       &command,
   20458       authorization_delegate);
   20459   if (rc != TPM_RC_SUCCESS) {
   20460     error_reporter.Run(rc);
   20461     return;
   20462   }
   20463   transceiver_->SendCommand(command, parser);
   20464 }
   20465 
   20466 TPM_RC Tpm::CertifyCreationSync(
   20467       const TPMI_DH_OBJECT& sign_handle,
   20468       const std::string& sign_handle_name,
   20469       const TPMI_DH_OBJECT& object_handle,
   20470       const std::string& object_handle_name,
   20471       const TPM2B_DATA& qualifying_data,
   20472       const TPM2B_DIGEST& creation_hash,
   20473       const TPMT_SIG_SCHEME& in_scheme,
   20474       const TPMT_TK_CREATION& creation_ticket,
   20475       TPM2B_ATTEST* certify_info,
   20476       TPMT_SIGNATURE* signature,
   20477       AuthorizationDelegate* authorization_delegate) {
   20478   VLOG(1) << __func__;
   20479   std::string command;
   20480   TPM_RC rc = SerializeCommand_CertifyCreation(
   20481       sign_handle,
   20482       sign_handle_name,
   20483       object_handle,
   20484       object_handle_name,
   20485       qualifying_data,
   20486       creation_hash,
   20487       in_scheme,
   20488       creation_ticket,
   20489       &command,
   20490       authorization_delegate);
   20491   if (rc != TPM_RC_SUCCESS) {
   20492     return rc;
   20493   }
   20494   std::string response = transceiver_->SendCommandAndWait(command);
   20495   rc = ParseResponse_CertifyCreation(
   20496       response,
   20497       certify_info,
   20498       signature,
   20499       authorization_delegate);
   20500   return rc;
   20501 }
   20502 
   20503 TPM_RC Tpm::SerializeCommand_Quote(
   20504       const TPMI_DH_OBJECT& sign_handle,
   20505       const std::string& sign_handle_name,
   20506       const TPM2B_DATA& qualifying_data,
   20507       const TPMT_SIG_SCHEME& in_scheme,
   20508       const TPML_PCR_SELECTION& pcrselect,
   20509       std::string* serialized_command,
   20510       AuthorizationDelegate* authorization_delegate) {
   20511   VLOG(3) << __func__;
   20512   TPM_RC rc = TPM_RC_SUCCESS;
   20513   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   20514   UINT32 command_size = 10;  // Header size.
   20515   std::string handle_section_bytes;
   20516   std::string parameter_section_bytes;
   20517   TPM_CC command_code = TPM_CC_Quote;
   20518   bool is_command_parameter_encryption_possible = true;
   20519   bool is_response_parameter_encryption_possible = true;
   20520   std::string command_code_bytes;
   20521   rc = Serialize_TPM_CC(
   20522       command_code,
   20523       &command_code_bytes);
   20524   if (rc != TPM_RC_SUCCESS) {
   20525     return rc;
   20526   }
   20527   std::string sign_handle_bytes;
   20528   rc = Serialize_TPMI_DH_OBJECT(
   20529       sign_handle,
   20530       &sign_handle_bytes);
   20531   if (rc != TPM_RC_SUCCESS) {
   20532     return rc;
   20533   }
   20534   std::string qualifying_data_bytes;
   20535   rc = Serialize_TPM2B_DATA(
   20536       qualifying_data,
   20537       &qualifying_data_bytes);
   20538   if (rc != TPM_RC_SUCCESS) {
   20539     return rc;
   20540   }
   20541   std::string in_scheme_bytes;
   20542   rc = Serialize_TPMT_SIG_SCHEME(
   20543       in_scheme,
   20544       &in_scheme_bytes);
   20545   if (rc != TPM_RC_SUCCESS) {
   20546     return rc;
   20547   }
   20548   std::string pcrselect_bytes;
   20549   rc = Serialize_TPML_PCR_SELECTION(
   20550       pcrselect,
   20551       &pcrselect_bytes);
   20552   if (rc != TPM_RC_SUCCESS) {
   20553     return rc;
   20554   }
   20555   if (authorization_delegate) {
   20556     // Encrypt just the parameter data, not the size.
   20557     std::string tmp = qualifying_data_bytes.substr(2);
   20558     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   20559       return TRUNKS_RC_ENCRYPTION_FAILED;
   20560     }
   20561     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   20562   }
   20563   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   20564       crypto::SecureHash::SHA256));
   20565   hash->Update(command_code_bytes.data(),
   20566                command_code_bytes.size());
   20567   hash->Update(sign_handle_name.data(),
   20568                sign_handle_name.size());
   20569   handle_section_bytes += sign_handle_bytes;
   20570   command_size += sign_handle_bytes.size();
   20571   hash->Update(qualifying_data_bytes.data(),
   20572                qualifying_data_bytes.size());
   20573   parameter_section_bytes += qualifying_data_bytes;
   20574   command_size += qualifying_data_bytes.size();
   20575   hash->Update(in_scheme_bytes.data(),
   20576                in_scheme_bytes.size());
   20577   parameter_section_bytes += in_scheme_bytes;
   20578   command_size += in_scheme_bytes.size();
   20579   hash->Update(pcrselect_bytes.data(),
   20580                pcrselect_bytes.size());
   20581   parameter_section_bytes += pcrselect_bytes;
   20582   command_size += pcrselect_bytes.size();
   20583   std::string command_hash(32, 0);
   20584   hash->Finish(string_as_array(&command_hash), command_hash.size());
   20585   std::string authorization_section_bytes;
   20586   std::string authorization_size_bytes;
   20587   if (authorization_delegate) {
   20588     if (!authorization_delegate->GetCommandAuthorization(
   20589         command_hash,
   20590         is_command_parameter_encryption_possible,
   20591         is_response_parameter_encryption_possible,
   20592         &authorization_section_bytes)) {
   20593       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20594     }
   20595     if (!authorization_section_bytes.empty()) {
   20596       tag = TPM_ST_SESSIONS;
   20597       std::string tmp;
   20598       rc = Serialize_UINT32(authorization_section_bytes.size(),
   20599                             &authorization_size_bytes);
   20600       if (rc != TPM_RC_SUCCESS) {
   20601         return rc;
   20602       }
   20603       command_size += authorization_size_bytes.size() +
   20604                       authorization_section_bytes.size();
   20605     }
   20606   }
   20607   std::string tag_bytes;
   20608   rc = Serialize_TPMI_ST_COMMAND_TAG(
   20609       tag,
   20610       &tag_bytes);
   20611   if (rc != TPM_RC_SUCCESS) {
   20612     return rc;
   20613   }
   20614   std::string command_size_bytes;
   20615   rc = Serialize_UINT32(
   20616       command_size,
   20617       &command_size_bytes);
   20618   if (rc != TPM_RC_SUCCESS) {
   20619     return rc;
   20620   }
   20621   *serialized_command = tag_bytes +
   20622                         command_size_bytes +
   20623                         command_code_bytes +
   20624                         handle_section_bytes +
   20625                         authorization_size_bytes +
   20626                         authorization_section_bytes +
   20627                         parameter_section_bytes;
   20628   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   20629   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   20630                                             serialized_command->size());
   20631   return TPM_RC_SUCCESS;
   20632 }
   20633 
   20634 TPM_RC Tpm::ParseResponse_Quote(
   20635       const std::string& response,
   20636       TPM2B_ATTEST* quoted,
   20637       TPMT_SIGNATURE* signature,
   20638       AuthorizationDelegate* authorization_delegate) {
   20639   VLOG(3) << __func__;
   20640   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   20641   TPM_RC rc = TPM_RC_SUCCESS;
   20642   std::string buffer(response);
   20643   TPM_ST tag;
   20644   std::string tag_bytes;
   20645   rc = Parse_TPM_ST(
   20646       &buffer,
   20647       &tag,
   20648       &tag_bytes);
   20649   if (rc != TPM_RC_SUCCESS) {
   20650     return rc;
   20651   }
   20652   UINT32 response_size;
   20653   std::string response_size_bytes;
   20654   rc = Parse_UINT32(
   20655       &buffer,
   20656       &response_size,
   20657       &response_size_bytes);
   20658   if (rc != TPM_RC_SUCCESS) {
   20659     return rc;
   20660   }
   20661   TPM_RC response_code;
   20662   std::string response_code_bytes;
   20663   rc = Parse_TPM_RC(
   20664       &buffer,
   20665       &response_code,
   20666       &response_code_bytes);
   20667   if (rc != TPM_RC_SUCCESS) {
   20668     return rc;
   20669   }
   20670   if (response_size != response.size()) {
   20671     return TPM_RC_SIZE;
   20672   }
   20673   if (response_code != TPM_RC_SUCCESS) {
   20674     return response_code;
   20675   }
   20676   TPM_CC command_code = TPM_CC_Quote;
   20677   std::string command_code_bytes;
   20678   rc = Serialize_TPM_CC(
   20679       command_code,
   20680       &command_code_bytes);
   20681   if (rc != TPM_RC_SUCCESS) {
   20682     return rc;
   20683   }
   20684   std::string authorization_section_bytes;
   20685   if (tag == TPM_ST_SESSIONS) {
   20686     UINT32 parameter_section_size = buffer.size();
   20687     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   20688     if (rc != TPM_RC_SUCCESS) {
   20689       return rc;
   20690     }
   20691     if (parameter_section_size > buffer.size()) {
   20692       return TPM_RC_INSUFFICIENT;
   20693     }
   20694     authorization_section_bytes = buffer.substr(parameter_section_size);
   20695     // Keep the parameter section in |buffer|.
   20696     buffer.erase(parameter_section_size);
   20697   }
   20698   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   20699       crypto::SecureHash::SHA256));
   20700   hash->Update(response_code_bytes.data(),
   20701                response_code_bytes.size());
   20702   hash->Update(command_code_bytes.data(),
   20703                command_code_bytes.size());
   20704   hash->Update(buffer.data(),
   20705                buffer.size());
   20706   std::string response_hash(32, 0);
   20707   hash->Finish(string_as_array(&response_hash), response_hash.size());
   20708   if (tag == TPM_ST_SESSIONS) {
   20709     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20710     if (!authorization_delegate->CheckResponseAuthorization(
   20711         response_hash,
   20712         authorization_section_bytes)) {
   20713       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20714     }
   20715   }
   20716   std::string quoted_bytes;
   20717   rc = Parse_TPM2B_ATTEST(
   20718       &buffer,
   20719       quoted,
   20720       &quoted_bytes);
   20721   if (rc != TPM_RC_SUCCESS) {
   20722     return rc;
   20723   }
   20724   std::string signature_bytes;
   20725   rc = Parse_TPMT_SIGNATURE(
   20726       &buffer,
   20727       signature,
   20728       &signature_bytes);
   20729   if (rc != TPM_RC_SUCCESS) {
   20730     return rc;
   20731   }
   20732   if (tag == TPM_ST_SESSIONS) {
   20733     CHECK(authorization_delegate) << "Authorization delegate missing!";
   20734     // Decrypt just the parameter data, not the size.
   20735     std::string tmp = quoted_bytes.substr(2);
   20736     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   20737       return TRUNKS_RC_ENCRYPTION_FAILED;
   20738     }
   20739     quoted_bytes.replace(2, std::string::npos, tmp);
   20740     rc = Parse_TPM2B_ATTEST(
   20741         &quoted_bytes,
   20742         quoted,
   20743         nullptr);
   20744     if (rc != TPM_RC_SUCCESS) {
   20745       return rc;
   20746     }
   20747   }
   20748   return TPM_RC_SUCCESS;
   20749 }
   20750 
   20751 void QuoteErrorCallback(
   20752     const Tpm::QuoteResponse& callback,
   20753     TPM_RC response_code) {
   20754   VLOG(1) << __func__;
   20755   callback.Run(response_code,
   20756                TPM2B_ATTEST(),
   20757                TPMT_SIGNATURE());
   20758 }
   20759 
   20760 void QuoteResponseParser(
   20761     const Tpm::QuoteResponse& callback,
   20762     AuthorizationDelegate* authorization_delegate,
   20763     const std::string& response) {
   20764   VLOG(1) << __func__;
   20765   base::Callback<void(TPM_RC)> error_reporter =
   20766       base::Bind(QuoteErrorCallback, callback);
   20767   TPM2B_ATTEST quoted;
   20768   TPMT_SIGNATURE signature;
   20769   TPM_RC rc = Tpm::ParseResponse_Quote(
   20770       response,
   20771       &quoted,
   20772       &signature,
   20773       authorization_delegate);
   20774   if (rc != TPM_RC_SUCCESS) {
   20775     error_reporter.Run(rc);
   20776     return;
   20777   }
   20778   callback.Run(
   20779       rc,
   20780       quoted,
   20781       signature);
   20782 }
   20783 
   20784 void Tpm::Quote(
   20785       const TPMI_DH_OBJECT& sign_handle,
   20786       const std::string& sign_handle_name,
   20787       const TPM2B_DATA& qualifying_data,
   20788       const TPMT_SIG_SCHEME& in_scheme,
   20789       const TPML_PCR_SELECTION& pcrselect,
   20790       AuthorizationDelegate* authorization_delegate,
   20791       const QuoteResponse& callback) {
   20792   VLOG(1) << __func__;
   20793   base::Callback<void(TPM_RC)> error_reporter =
   20794       base::Bind(QuoteErrorCallback, callback);
   20795   base::Callback<void(const std::string&)> parser =
   20796       base::Bind(QuoteResponseParser,
   20797                  callback,
   20798                  authorization_delegate);
   20799   std::string command;
   20800   TPM_RC rc = SerializeCommand_Quote(
   20801       sign_handle,
   20802       sign_handle_name,
   20803       qualifying_data,
   20804       in_scheme,
   20805       pcrselect,
   20806       &command,
   20807       authorization_delegate);
   20808   if (rc != TPM_RC_SUCCESS) {
   20809     error_reporter.Run(rc);
   20810     return;
   20811   }
   20812   transceiver_->SendCommand(command, parser);
   20813 }
   20814 
   20815 TPM_RC Tpm::QuoteSync(
   20816       const TPMI_DH_OBJECT& sign_handle,
   20817       const std::string& sign_handle_name,
   20818       const TPM2B_DATA& qualifying_data,
   20819       const TPMT_SIG_SCHEME& in_scheme,
   20820       const TPML_PCR_SELECTION& pcrselect,
   20821       TPM2B_ATTEST* quoted,
   20822       TPMT_SIGNATURE* signature,
   20823       AuthorizationDelegate* authorization_delegate) {
   20824   VLOG(1) << __func__;
   20825   std::string command;
   20826   TPM_RC rc = SerializeCommand_Quote(
   20827       sign_handle,
   20828       sign_handle_name,
   20829       qualifying_data,
   20830       in_scheme,
   20831       pcrselect,
   20832       &command,
   20833       authorization_delegate);
   20834   if (rc != TPM_RC_SUCCESS) {
   20835     return rc;
   20836   }
   20837   std::string response = transceiver_->SendCommandAndWait(command);
   20838   rc = ParseResponse_Quote(
   20839       response,
   20840       quoted,
   20841       signature,
   20842       authorization_delegate);
   20843   return rc;
   20844 }
   20845 
   20846 TPM_RC Tpm::SerializeCommand_GetSessionAuditDigest(
   20847       const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   20848       const std::string& privacy_admin_handle_name,
   20849       const TPMI_DH_OBJECT& sign_handle,
   20850       const std::string& sign_handle_name,
   20851       const TPMI_SH_HMAC& session_handle,
   20852       const std::string& session_handle_name,
   20853       const TPM2B_DATA& qualifying_data,
   20854       const TPMT_SIG_SCHEME& in_scheme,
   20855       std::string* serialized_command,
   20856       AuthorizationDelegate* authorization_delegate) {
   20857   VLOG(3) << __func__;
   20858   TPM_RC rc = TPM_RC_SUCCESS;
   20859   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   20860   UINT32 command_size = 10;  // Header size.
   20861   std::string handle_section_bytes;
   20862   std::string parameter_section_bytes;
   20863   TPM_CC command_code = TPM_CC_GetSessionAuditDigest;
   20864   bool is_command_parameter_encryption_possible = true;
   20865   bool is_response_parameter_encryption_possible = true;
   20866   std::string command_code_bytes;
   20867   rc = Serialize_TPM_CC(
   20868       command_code,
   20869       &command_code_bytes);
   20870   if (rc != TPM_RC_SUCCESS) {
   20871     return rc;
   20872   }
   20873   std::string privacy_admin_handle_bytes;
   20874   rc = Serialize_TPMI_RH_ENDORSEMENT(
   20875       privacy_admin_handle,
   20876       &privacy_admin_handle_bytes);
   20877   if (rc != TPM_RC_SUCCESS) {
   20878     return rc;
   20879   }
   20880   std::string sign_handle_bytes;
   20881   rc = Serialize_TPMI_DH_OBJECT(
   20882       sign_handle,
   20883       &sign_handle_bytes);
   20884   if (rc != TPM_RC_SUCCESS) {
   20885     return rc;
   20886   }
   20887   std::string session_handle_bytes;
   20888   rc = Serialize_TPMI_SH_HMAC(
   20889       session_handle,
   20890       &session_handle_bytes);
   20891   if (rc != TPM_RC_SUCCESS) {
   20892     return rc;
   20893   }
   20894   std::string qualifying_data_bytes;
   20895   rc = Serialize_TPM2B_DATA(
   20896       qualifying_data,
   20897       &qualifying_data_bytes);
   20898   if (rc != TPM_RC_SUCCESS) {
   20899     return rc;
   20900   }
   20901   std::string in_scheme_bytes;
   20902   rc = Serialize_TPMT_SIG_SCHEME(
   20903       in_scheme,
   20904       &in_scheme_bytes);
   20905   if (rc != TPM_RC_SUCCESS) {
   20906     return rc;
   20907   }
   20908   if (authorization_delegate) {
   20909     // Encrypt just the parameter data, not the size.
   20910     std::string tmp = qualifying_data_bytes.substr(2);
   20911     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   20912       return TRUNKS_RC_ENCRYPTION_FAILED;
   20913     }
   20914     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   20915   }
   20916   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   20917       crypto::SecureHash::SHA256));
   20918   hash->Update(command_code_bytes.data(),
   20919                command_code_bytes.size());
   20920   hash->Update(privacy_admin_handle_name.data(),
   20921                privacy_admin_handle_name.size());
   20922   handle_section_bytes += privacy_admin_handle_bytes;
   20923   command_size += privacy_admin_handle_bytes.size();
   20924   hash->Update(sign_handle_name.data(),
   20925                sign_handle_name.size());
   20926   handle_section_bytes += sign_handle_bytes;
   20927   command_size += sign_handle_bytes.size();
   20928   hash->Update(session_handle_name.data(),
   20929                session_handle_name.size());
   20930   handle_section_bytes += session_handle_bytes;
   20931   command_size += session_handle_bytes.size();
   20932   hash->Update(qualifying_data_bytes.data(),
   20933                qualifying_data_bytes.size());
   20934   parameter_section_bytes += qualifying_data_bytes;
   20935   command_size += qualifying_data_bytes.size();
   20936   hash->Update(in_scheme_bytes.data(),
   20937                in_scheme_bytes.size());
   20938   parameter_section_bytes += in_scheme_bytes;
   20939   command_size += in_scheme_bytes.size();
   20940   std::string command_hash(32, 0);
   20941   hash->Finish(string_as_array(&command_hash), command_hash.size());
   20942   std::string authorization_section_bytes;
   20943   std::string authorization_size_bytes;
   20944   if (authorization_delegate) {
   20945     if (!authorization_delegate->GetCommandAuthorization(
   20946         command_hash,
   20947         is_command_parameter_encryption_possible,
   20948         is_response_parameter_encryption_possible,
   20949         &authorization_section_bytes)) {
   20950       return TRUNKS_RC_AUTHORIZATION_FAILED;
   20951     }
   20952     if (!authorization_section_bytes.empty()) {
   20953       tag = TPM_ST_SESSIONS;
   20954       std::string tmp;
   20955       rc = Serialize_UINT32(authorization_section_bytes.size(),
   20956                             &authorization_size_bytes);
   20957       if (rc != TPM_RC_SUCCESS) {
   20958         return rc;
   20959       }
   20960       command_size += authorization_size_bytes.size() +
   20961                       authorization_section_bytes.size();
   20962     }
   20963   }
   20964   std::string tag_bytes;
   20965   rc = Serialize_TPMI_ST_COMMAND_TAG(
   20966       tag,
   20967       &tag_bytes);
   20968   if (rc != TPM_RC_SUCCESS) {
   20969     return rc;
   20970   }
   20971   std::string command_size_bytes;
   20972   rc = Serialize_UINT32(
   20973       command_size,
   20974       &command_size_bytes);
   20975   if (rc != TPM_RC_SUCCESS) {
   20976     return rc;
   20977   }
   20978   *serialized_command = tag_bytes +
   20979                         command_size_bytes +
   20980                         command_code_bytes +
   20981                         handle_section_bytes +
   20982                         authorization_size_bytes +
   20983                         authorization_section_bytes +
   20984                         parameter_section_bytes;
   20985   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   20986   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   20987                                             serialized_command->size());
   20988   return TPM_RC_SUCCESS;
   20989 }
   20990 
   20991 TPM_RC Tpm::ParseResponse_GetSessionAuditDigest(
   20992       const std::string& response,
   20993       TPM2B_ATTEST* audit_info,
   20994       TPMT_SIGNATURE* signature,
   20995       AuthorizationDelegate* authorization_delegate) {
   20996   VLOG(3) << __func__;
   20997   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   20998   TPM_RC rc = TPM_RC_SUCCESS;
   20999   std::string buffer(response);
   21000   TPM_ST tag;
   21001   std::string tag_bytes;
   21002   rc = Parse_TPM_ST(
   21003       &buffer,
   21004       &tag,
   21005       &tag_bytes);
   21006   if (rc != TPM_RC_SUCCESS) {
   21007     return rc;
   21008   }
   21009   UINT32 response_size;
   21010   std::string response_size_bytes;
   21011   rc = Parse_UINT32(
   21012       &buffer,
   21013       &response_size,
   21014       &response_size_bytes);
   21015   if (rc != TPM_RC_SUCCESS) {
   21016     return rc;
   21017   }
   21018   TPM_RC response_code;
   21019   std::string response_code_bytes;
   21020   rc = Parse_TPM_RC(
   21021       &buffer,
   21022       &response_code,
   21023       &response_code_bytes);
   21024   if (rc != TPM_RC_SUCCESS) {
   21025     return rc;
   21026   }
   21027   if (response_size != response.size()) {
   21028     return TPM_RC_SIZE;
   21029   }
   21030   if (response_code != TPM_RC_SUCCESS) {
   21031     return response_code;
   21032   }
   21033   TPM_CC command_code = TPM_CC_GetSessionAuditDigest;
   21034   std::string command_code_bytes;
   21035   rc = Serialize_TPM_CC(
   21036       command_code,
   21037       &command_code_bytes);
   21038   if (rc != TPM_RC_SUCCESS) {
   21039     return rc;
   21040   }
   21041   std::string authorization_section_bytes;
   21042   if (tag == TPM_ST_SESSIONS) {
   21043     UINT32 parameter_section_size = buffer.size();
   21044     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   21045     if (rc != TPM_RC_SUCCESS) {
   21046       return rc;
   21047     }
   21048     if (parameter_section_size > buffer.size()) {
   21049       return TPM_RC_INSUFFICIENT;
   21050     }
   21051     authorization_section_bytes = buffer.substr(parameter_section_size);
   21052     // Keep the parameter section in |buffer|.
   21053     buffer.erase(parameter_section_size);
   21054   }
   21055   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   21056       crypto::SecureHash::SHA256));
   21057   hash->Update(response_code_bytes.data(),
   21058                response_code_bytes.size());
   21059   hash->Update(command_code_bytes.data(),
   21060                command_code_bytes.size());
   21061   hash->Update(buffer.data(),
   21062                buffer.size());
   21063   std::string response_hash(32, 0);
   21064   hash->Finish(string_as_array(&response_hash), response_hash.size());
   21065   if (tag == TPM_ST_SESSIONS) {
   21066     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21067     if (!authorization_delegate->CheckResponseAuthorization(
   21068         response_hash,
   21069         authorization_section_bytes)) {
   21070       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21071     }
   21072   }
   21073   std::string audit_info_bytes;
   21074   rc = Parse_TPM2B_ATTEST(
   21075       &buffer,
   21076       audit_info,
   21077       &audit_info_bytes);
   21078   if (rc != TPM_RC_SUCCESS) {
   21079     return rc;
   21080   }
   21081   std::string signature_bytes;
   21082   rc = Parse_TPMT_SIGNATURE(
   21083       &buffer,
   21084       signature,
   21085       &signature_bytes);
   21086   if (rc != TPM_RC_SUCCESS) {
   21087     return rc;
   21088   }
   21089   if (tag == TPM_ST_SESSIONS) {
   21090     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21091     // Decrypt just the parameter data, not the size.
   21092     std::string tmp = audit_info_bytes.substr(2);
   21093     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   21094       return TRUNKS_RC_ENCRYPTION_FAILED;
   21095     }
   21096     audit_info_bytes.replace(2, std::string::npos, tmp);
   21097     rc = Parse_TPM2B_ATTEST(
   21098         &audit_info_bytes,
   21099         audit_info,
   21100         nullptr);
   21101     if (rc != TPM_RC_SUCCESS) {
   21102       return rc;
   21103     }
   21104   }
   21105   return TPM_RC_SUCCESS;
   21106 }
   21107 
   21108 void GetSessionAuditDigestErrorCallback(
   21109     const Tpm::GetSessionAuditDigestResponse& callback,
   21110     TPM_RC response_code) {
   21111   VLOG(1) << __func__;
   21112   callback.Run(response_code,
   21113                TPM2B_ATTEST(),
   21114                TPMT_SIGNATURE());
   21115 }
   21116 
   21117 void GetSessionAuditDigestResponseParser(
   21118     const Tpm::GetSessionAuditDigestResponse& callback,
   21119     AuthorizationDelegate* authorization_delegate,
   21120     const std::string& response) {
   21121   VLOG(1) << __func__;
   21122   base::Callback<void(TPM_RC)> error_reporter =
   21123       base::Bind(GetSessionAuditDigestErrorCallback, callback);
   21124   TPM2B_ATTEST audit_info;
   21125   TPMT_SIGNATURE signature;
   21126   TPM_RC rc = Tpm::ParseResponse_GetSessionAuditDigest(
   21127       response,
   21128       &audit_info,
   21129       &signature,
   21130       authorization_delegate);
   21131   if (rc != TPM_RC_SUCCESS) {
   21132     error_reporter.Run(rc);
   21133     return;
   21134   }
   21135   callback.Run(
   21136       rc,
   21137       audit_info,
   21138       signature);
   21139 }
   21140 
   21141 void Tpm::GetSessionAuditDigest(
   21142       const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   21143       const std::string& privacy_admin_handle_name,
   21144       const TPMI_DH_OBJECT& sign_handle,
   21145       const std::string& sign_handle_name,
   21146       const TPMI_SH_HMAC& session_handle,
   21147       const std::string& session_handle_name,
   21148       const TPM2B_DATA& qualifying_data,
   21149       const TPMT_SIG_SCHEME& in_scheme,
   21150       AuthorizationDelegate* authorization_delegate,
   21151       const GetSessionAuditDigestResponse& callback) {
   21152   VLOG(1) << __func__;
   21153   base::Callback<void(TPM_RC)> error_reporter =
   21154       base::Bind(GetSessionAuditDigestErrorCallback, callback);
   21155   base::Callback<void(const std::string&)> parser =
   21156       base::Bind(GetSessionAuditDigestResponseParser,
   21157                  callback,
   21158                  authorization_delegate);
   21159   std::string command;
   21160   TPM_RC rc = SerializeCommand_GetSessionAuditDigest(
   21161       privacy_admin_handle,
   21162       privacy_admin_handle_name,
   21163       sign_handle,
   21164       sign_handle_name,
   21165       session_handle,
   21166       session_handle_name,
   21167       qualifying_data,
   21168       in_scheme,
   21169       &command,
   21170       authorization_delegate);
   21171   if (rc != TPM_RC_SUCCESS) {
   21172     error_reporter.Run(rc);
   21173     return;
   21174   }
   21175   transceiver_->SendCommand(command, parser);
   21176 }
   21177 
   21178 TPM_RC Tpm::GetSessionAuditDigestSync(
   21179       const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   21180       const std::string& privacy_admin_handle_name,
   21181       const TPMI_DH_OBJECT& sign_handle,
   21182       const std::string& sign_handle_name,
   21183       const TPMI_SH_HMAC& session_handle,
   21184       const std::string& session_handle_name,
   21185       const TPM2B_DATA& qualifying_data,
   21186       const TPMT_SIG_SCHEME& in_scheme,
   21187       TPM2B_ATTEST* audit_info,
   21188       TPMT_SIGNATURE* signature,
   21189       AuthorizationDelegate* authorization_delegate) {
   21190   VLOG(1) << __func__;
   21191   std::string command;
   21192   TPM_RC rc = SerializeCommand_GetSessionAuditDigest(
   21193       privacy_admin_handle,
   21194       privacy_admin_handle_name,
   21195       sign_handle,
   21196       sign_handle_name,
   21197       session_handle,
   21198       session_handle_name,
   21199       qualifying_data,
   21200       in_scheme,
   21201       &command,
   21202       authorization_delegate);
   21203   if (rc != TPM_RC_SUCCESS) {
   21204     return rc;
   21205   }
   21206   std::string response = transceiver_->SendCommandAndWait(command);
   21207   rc = ParseResponse_GetSessionAuditDigest(
   21208       response,
   21209       audit_info,
   21210       signature,
   21211       authorization_delegate);
   21212   return rc;
   21213 }
   21214 
   21215 TPM_RC Tpm::SerializeCommand_GetCommandAuditDigest(
   21216       const TPMI_RH_ENDORSEMENT& privacy_handle,
   21217       const std::string& privacy_handle_name,
   21218       const TPMI_DH_OBJECT& sign_handle,
   21219       const std::string& sign_handle_name,
   21220       const TPM2B_DATA& qualifying_data,
   21221       const TPMT_SIG_SCHEME& in_scheme,
   21222       std::string* serialized_command,
   21223       AuthorizationDelegate* authorization_delegate) {
   21224   VLOG(3) << __func__;
   21225   TPM_RC rc = TPM_RC_SUCCESS;
   21226   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   21227   UINT32 command_size = 10;  // Header size.
   21228   std::string handle_section_bytes;
   21229   std::string parameter_section_bytes;
   21230   TPM_CC command_code = TPM_CC_GetCommandAuditDigest;
   21231   bool is_command_parameter_encryption_possible = true;
   21232   bool is_response_parameter_encryption_possible = true;
   21233   std::string command_code_bytes;
   21234   rc = Serialize_TPM_CC(
   21235       command_code,
   21236       &command_code_bytes);
   21237   if (rc != TPM_RC_SUCCESS) {
   21238     return rc;
   21239   }
   21240   std::string privacy_handle_bytes;
   21241   rc = Serialize_TPMI_RH_ENDORSEMENT(
   21242       privacy_handle,
   21243       &privacy_handle_bytes);
   21244   if (rc != TPM_RC_SUCCESS) {
   21245     return rc;
   21246   }
   21247   std::string sign_handle_bytes;
   21248   rc = Serialize_TPMI_DH_OBJECT(
   21249       sign_handle,
   21250       &sign_handle_bytes);
   21251   if (rc != TPM_RC_SUCCESS) {
   21252     return rc;
   21253   }
   21254   std::string qualifying_data_bytes;
   21255   rc = Serialize_TPM2B_DATA(
   21256       qualifying_data,
   21257       &qualifying_data_bytes);
   21258   if (rc != TPM_RC_SUCCESS) {
   21259     return rc;
   21260   }
   21261   std::string in_scheme_bytes;
   21262   rc = Serialize_TPMT_SIG_SCHEME(
   21263       in_scheme,
   21264       &in_scheme_bytes);
   21265   if (rc != TPM_RC_SUCCESS) {
   21266     return rc;
   21267   }
   21268   if (authorization_delegate) {
   21269     // Encrypt just the parameter data, not the size.
   21270     std::string tmp = qualifying_data_bytes.substr(2);
   21271     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   21272       return TRUNKS_RC_ENCRYPTION_FAILED;
   21273     }
   21274     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   21275   }
   21276   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   21277       crypto::SecureHash::SHA256));
   21278   hash->Update(command_code_bytes.data(),
   21279                command_code_bytes.size());
   21280   hash->Update(privacy_handle_name.data(),
   21281                privacy_handle_name.size());
   21282   handle_section_bytes += privacy_handle_bytes;
   21283   command_size += privacy_handle_bytes.size();
   21284   hash->Update(sign_handle_name.data(),
   21285                sign_handle_name.size());
   21286   handle_section_bytes += sign_handle_bytes;
   21287   command_size += sign_handle_bytes.size();
   21288   hash->Update(qualifying_data_bytes.data(),
   21289                qualifying_data_bytes.size());
   21290   parameter_section_bytes += qualifying_data_bytes;
   21291   command_size += qualifying_data_bytes.size();
   21292   hash->Update(in_scheme_bytes.data(),
   21293                in_scheme_bytes.size());
   21294   parameter_section_bytes += in_scheme_bytes;
   21295   command_size += in_scheme_bytes.size();
   21296   std::string command_hash(32, 0);
   21297   hash->Finish(string_as_array(&command_hash), command_hash.size());
   21298   std::string authorization_section_bytes;
   21299   std::string authorization_size_bytes;
   21300   if (authorization_delegate) {
   21301     if (!authorization_delegate->GetCommandAuthorization(
   21302         command_hash,
   21303         is_command_parameter_encryption_possible,
   21304         is_response_parameter_encryption_possible,
   21305         &authorization_section_bytes)) {
   21306       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21307     }
   21308     if (!authorization_section_bytes.empty()) {
   21309       tag = TPM_ST_SESSIONS;
   21310       std::string tmp;
   21311       rc = Serialize_UINT32(authorization_section_bytes.size(),
   21312                             &authorization_size_bytes);
   21313       if (rc != TPM_RC_SUCCESS) {
   21314         return rc;
   21315       }
   21316       command_size += authorization_size_bytes.size() +
   21317                       authorization_section_bytes.size();
   21318     }
   21319   }
   21320   std::string tag_bytes;
   21321   rc = Serialize_TPMI_ST_COMMAND_TAG(
   21322       tag,
   21323       &tag_bytes);
   21324   if (rc != TPM_RC_SUCCESS) {
   21325     return rc;
   21326   }
   21327   std::string command_size_bytes;
   21328   rc = Serialize_UINT32(
   21329       command_size,
   21330       &command_size_bytes);
   21331   if (rc != TPM_RC_SUCCESS) {
   21332     return rc;
   21333   }
   21334   *serialized_command = tag_bytes +
   21335                         command_size_bytes +
   21336                         command_code_bytes +
   21337                         handle_section_bytes +
   21338                         authorization_size_bytes +
   21339                         authorization_section_bytes +
   21340                         parameter_section_bytes;
   21341   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   21342   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   21343                                             serialized_command->size());
   21344   return TPM_RC_SUCCESS;
   21345 }
   21346 
   21347 TPM_RC Tpm::ParseResponse_GetCommandAuditDigest(
   21348       const std::string& response,
   21349       TPM2B_ATTEST* audit_info,
   21350       TPMT_SIGNATURE* signature,
   21351       AuthorizationDelegate* authorization_delegate) {
   21352   VLOG(3) << __func__;
   21353   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   21354   TPM_RC rc = TPM_RC_SUCCESS;
   21355   std::string buffer(response);
   21356   TPM_ST tag;
   21357   std::string tag_bytes;
   21358   rc = Parse_TPM_ST(
   21359       &buffer,
   21360       &tag,
   21361       &tag_bytes);
   21362   if (rc != TPM_RC_SUCCESS) {
   21363     return rc;
   21364   }
   21365   UINT32 response_size;
   21366   std::string response_size_bytes;
   21367   rc = Parse_UINT32(
   21368       &buffer,
   21369       &response_size,
   21370       &response_size_bytes);
   21371   if (rc != TPM_RC_SUCCESS) {
   21372     return rc;
   21373   }
   21374   TPM_RC response_code;
   21375   std::string response_code_bytes;
   21376   rc = Parse_TPM_RC(
   21377       &buffer,
   21378       &response_code,
   21379       &response_code_bytes);
   21380   if (rc != TPM_RC_SUCCESS) {
   21381     return rc;
   21382   }
   21383   if (response_size != response.size()) {
   21384     return TPM_RC_SIZE;
   21385   }
   21386   if (response_code != TPM_RC_SUCCESS) {
   21387     return response_code;
   21388   }
   21389   TPM_CC command_code = TPM_CC_GetCommandAuditDigest;
   21390   std::string command_code_bytes;
   21391   rc = Serialize_TPM_CC(
   21392       command_code,
   21393       &command_code_bytes);
   21394   if (rc != TPM_RC_SUCCESS) {
   21395     return rc;
   21396   }
   21397   std::string authorization_section_bytes;
   21398   if (tag == TPM_ST_SESSIONS) {
   21399     UINT32 parameter_section_size = buffer.size();
   21400     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   21401     if (rc != TPM_RC_SUCCESS) {
   21402       return rc;
   21403     }
   21404     if (parameter_section_size > buffer.size()) {
   21405       return TPM_RC_INSUFFICIENT;
   21406     }
   21407     authorization_section_bytes = buffer.substr(parameter_section_size);
   21408     // Keep the parameter section in |buffer|.
   21409     buffer.erase(parameter_section_size);
   21410   }
   21411   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   21412       crypto::SecureHash::SHA256));
   21413   hash->Update(response_code_bytes.data(),
   21414                response_code_bytes.size());
   21415   hash->Update(command_code_bytes.data(),
   21416                command_code_bytes.size());
   21417   hash->Update(buffer.data(),
   21418                buffer.size());
   21419   std::string response_hash(32, 0);
   21420   hash->Finish(string_as_array(&response_hash), response_hash.size());
   21421   if (tag == TPM_ST_SESSIONS) {
   21422     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21423     if (!authorization_delegate->CheckResponseAuthorization(
   21424         response_hash,
   21425         authorization_section_bytes)) {
   21426       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21427     }
   21428   }
   21429   std::string audit_info_bytes;
   21430   rc = Parse_TPM2B_ATTEST(
   21431       &buffer,
   21432       audit_info,
   21433       &audit_info_bytes);
   21434   if (rc != TPM_RC_SUCCESS) {
   21435     return rc;
   21436   }
   21437   std::string signature_bytes;
   21438   rc = Parse_TPMT_SIGNATURE(
   21439       &buffer,
   21440       signature,
   21441       &signature_bytes);
   21442   if (rc != TPM_RC_SUCCESS) {
   21443     return rc;
   21444   }
   21445   if (tag == TPM_ST_SESSIONS) {
   21446     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21447     // Decrypt just the parameter data, not the size.
   21448     std::string tmp = audit_info_bytes.substr(2);
   21449     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   21450       return TRUNKS_RC_ENCRYPTION_FAILED;
   21451     }
   21452     audit_info_bytes.replace(2, std::string::npos, tmp);
   21453     rc = Parse_TPM2B_ATTEST(
   21454         &audit_info_bytes,
   21455         audit_info,
   21456         nullptr);
   21457     if (rc != TPM_RC_SUCCESS) {
   21458       return rc;
   21459     }
   21460   }
   21461   return TPM_RC_SUCCESS;
   21462 }
   21463 
   21464 void GetCommandAuditDigestErrorCallback(
   21465     const Tpm::GetCommandAuditDigestResponse& callback,
   21466     TPM_RC response_code) {
   21467   VLOG(1) << __func__;
   21468   callback.Run(response_code,
   21469                TPM2B_ATTEST(),
   21470                TPMT_SIGNATURE());
   21471 }
   21472 
   21473 void GetCommandAuditDigestResponseParser(
   21474     const Tpm::GetCommandAuditDigestResponse& callback,
   21475     AuthorizationDelegate* authorization_delegate,
   21476     const std::string& response) {
   21477   VLOG(1) << __func__;
   21478   base::Callback<void(TPM_RC)> error_reporter =
   21479       base::Bind(GetCommandAuditDigestErrorCallback, callback);
   21480   TPM2B_ATTEST audit_info;
   21481   TPMT_SIGNATURE signature;
   21482   TPM_RC rc = Tpm::ParseResponse_GetCommandAuditDigest(
   21483       response,
   21484       &audit_info,
   21485       &signature,
   21486       authorization_delegate);
   21487   if (rc != TPM_RC_SUCCESS) {
   21488     error_reporter.Run(rc);
   21489     return;
   21490   }
   21491   callback.Run(
   21492       rc,
   21493       audit_info,
   21494       signature);
   21495 }
   21496 
   21497 void Tpm::GetCommandAuditDigest(
   21498       const TPMI_RH_ENDORSEMENT& privacy_handle,
   21499       const std::string& privacy_handle_name,
   21500       const TPMI_DH_OBJECT& sign_handle,
   21501       const std::string& sign_handle_name,
   21502       const TPM2B_DATA& qualifying_data,
   21503       const TPMT_SIG_SCHEME& in_scheme,
   21504       AuthorizationDelegate* authorization_delegate,
   21505       const GetCommandAuditDigestResponse& callback) {
   21506   VLOG(1) << __func__;
   21507   base::Callback<void(TPM_RC)> error_reporter =
   21508       base::Bind(GetCommandAuditDigestErrorCallback, callback);
   21509   base::Callback<void(const std::string&)> parser =
   21510       base::Bind(GetCommandAuditDigestResponseParser,
   21511                  callback,
   21512                  authorization_delegate);
   21513   std::string command;
   21514   TPM_RC rc = SerializeCommand_GetCommandAuditDigest(
   21515       privacy_handle,
   21516       privacy_handle_name,
   21517       sign_handle,
   21518       sign_handle_name,
   21519       qualifying_data,
   21520       in_scheme,
   21521       &command,
   21522       authorization_delegate);
   21523   if (rc != TPM_RC_SUCCESS) {
   21524     error_reporter.Run(rc);
   21525     return;
   21526   }
   21527   transceiver_->SendCommand(command, parser);
   21528 }
   21529 
   21530 TPM_RC Tpm::GetCommandAuditDigestSync(
   21531       const TPMI_RH_ENDORSEMENT& privacy_handle,
   21532       const std::string& privacy_handle_name,
   21533       const TPMI_DH_OBJECT& sign_handle,
   21534       const std::string& sign_handle_name,
   21535       const TPM2B_DATA& qualifying_data,
   21536       const TPMT_SIG_SCHEME& in_scheme,
   21537       TPM2B_ATTEST* audit_info,
   21538       TPMT_SIGNATURE* signature,
   21539       AuthorizationDelegate* authorization_delegate) {
   21540   VLOG(1) << __func__;
   21541   std::string command;
   21542   TPM_RC rc = SerializeCommand_GetCommandAuditDigest(
   21543       privacy_handle,
   21544       privacy_handle_name,
   21545       sign_handle,
   21546       sign_handle_name,
   21547       qualifying_data,
   21548       in_scheme,
   21549       &command,
   21550       authorization_delegate);
   21551   if (rc != TPM_RC_SUCCESS) {
   21552     return rc;
   21553   }
   21554   std::string response = transceiver_->SendCommandAndWait(command);
   21555   rc = ParseResponse_GetCommandAuditDigest(
   21556       response,
   21557       audit_info,
   21558       signature,
   21559       authorization_delegate);
   21560   return rc;
   21561 }
   21562 
   21563 TPM_RC Tpm::SerializeCommand_GetTime(
   21564       const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   21565       const std::string& privacy_admin_handle_name,
   21566       const TPMI_DH_OBJECT& sign_handle,
   21567       const std::string& sign_handle_name,
   21568       const TPM2B_DATA& qualifying_data,
   21569       const TPMT_SIG_SCHEME& in_scheme,
   21570       std::string* serialized_command,
   21571       AuthorizationDelegate* authorization_delegate) {
   21572   VLOG(3) << __func__;
   21573   TPM_RC rc = TPM_RC_SUCCESS;
   21574   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   21575   UINT32 command_size = 10;  // Header size.
   21576   std::string handle_section_bytes;
   21577   std::string parameter_section_bytes;
   21578   TPM_CC command_code = TPM_CC_GetTime;
   21579   bool is_command_parameter_encryption_possible = true;
   21580   bool is_response_parameter_encryption_possible = true;
   21581   std::string command_code_bytes;
   21582   rc = Serialize_TPM_CC(
   21583       command_code,
   21584       &command_code_bytes);
   21585   if (rc != TPM_RC_SUCCESS) {
   21586     return rc;
   21587   }
   21588   std::string privacy_admin_handle_bytes;
   21589   rc = Serialize_TPMI_RH_ENDORSEMENT(
   21590       privacy_admin_handle,
   21591       &privacy_admin_handle_bytes);
   21592   if (rc != TPM_RC_SUCCESS) {
   21593     return rc;
   21594   }
   21595   std::string sign_handle_bytes;
   21596   rc = Serialize_TPMI_DH_OBJECT(
   21597       sign_handle,
   21598       &sign_handle_bytes);
   21599   if (rc != TPM_RC_SUCCESS) {
   21600     return rc;
   21601   }
   21602   std::string qualifying_data_bytes;
   21603   rc = Serialize_TPM2B_DATA(
   21604       qualifying_data,
   21605       &qualifying_data_bytes);
   21606   if (rc != TPM_RC_SUCCESS) {
   21607     return rc;
   21608   }
   21609   std::string in_scheme_bytes;
   21610   rc = Serialize_TPMT_SIG_SCHEME(
   21611       in_scheme,
   21612       &in_scheme_bytes);
   21613   if (rc != TPM_RC_SUCCESS) {
   21614     return rc;
   21615   }
   21616   if (authorization_delegate) {
   21617     // Encrypt just the parameter data, not the size.
   21618     std::string tmp = qualifying_data_bytes.substr(2);
   21619     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   21620       return TRUNKS_RC_ENCRYPTION_FAILED;
   21621     }
   21622     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   21623   }
   21624   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   21625       crypto::SecureHash::SHA256));
   21626   hash->Update(command_code_bytes.data(),
   21627                command_code_bytes.size());
   21628   hash->Update(privacy_admin_handle_name.data(),
   21629                privacy_admin_handle_name.size());
   21630   handle_section_bytes += privacy_admin_handle_bytes;
   21631   command_size += privacy_admin_handle_bytes.size();
   21632   hash->Update(sign_handle_name.data(),
   21633                sign_handle_name.size());
   21634   handle_section_bytes += sign_handle_bytes;
   21635   command_size += sign_handle_bytes.size();
   21636   hash->Update(qualifying_data_bytes.data(),
   21637                qualifying_data_bytes.size());
   21638   parameter_section_bytes += qualifying_data_bytes;
   21639   command_size += qualifying_data_bytes.size();
   21640   hash->Update(in_scheme_bytes.data(),
   21641                in_scheme_bytes.size());
   21642   parameter_section_bytes += in_scheme_bytes;
   21643   command_size += in_scheme_bytes.size();
   21644   std::string command_hash(32, 0);
   21645   hash->Finish(string_as_array(&command_hash), command_hash.size());
   21646   std::string authorization_section_bytes;
   21647   std::string authorization_size_bytes;
   21648   if (authorization_delegate) {
   21649     if (!authorization_delegate->GetCommandAuthorization(
   21650         command_hash,
   21651         is_command_parameter_encryption_possible,
   21652         is_response_parameter_encryption_possible,
   21653         &authorization_section_bytes)) {
   21654       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21655     }
   21656     if (!authorization_section_bytes.empty()) {
   21657       tag = TPM_ST_SESSIONS;
   21658       std::string tmp;
   21659       rc = Serialize_UINT32(authorization_section_bytes.size(),
   21660                             &authorization_size_bytes);
   21661       if (rc != TPM_RC_SUCCESS) {
   21662         return rc;
   21663       }
   21664       command_size += authorization_size_bytes.size() +
   21665                       authorization_section_bytes.size();
   21666     }
   21667   }
   21668   std::string tag_bytes;
   21669   rc = Serialize_TPMI_ST_COMMAND_TAG(
   21670       tag,
   21671       &tag_bytes);
   21672   if (rc != TPM_RC_SUCCESS) {
   21673     return rc;
   21674   }
   21675   std::string command_size_bytes;
   21676   rc = Serialize_UINT32(
   21677       command_size,
   21678       &command_size_bytes);
   21679   if (rc != TPM_RC_SUCCESS) {
   21680     return rc;
   21681   }
   21682   *serialized_command = tag_bytes +
   21683                         command_size_bytes +
   21684                         command_code_bytes +
   21685                         handle_section_bytes +
   21686                         authorization_size_bytes +
   21687                         authorization_section_bytes +
   21688                         parameter_section_bytes;
   21689   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   21690   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   21691                                             serialized_command->size());
   21692   return TPM_RC_SUCCESS;
   21693 }
   21694 
   21695 TPM_RC Tpm::ParseResponse_GetTime(
   21696       const std::string& response,
   21697       TPM2B_ATTEST* time_info,
   21698       TPMT_SIGNATURE* signature,
   21699       AuthorizationDelegate* authorization_delegate) {
   21700   VLOG(3) << __func__;
   21701   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   21702   TPM_RC rc = TPM_RC_SUCCESS;
   21703   std::string buffer(response);
   21704   TPM_ST tag;
   21705   std::string tag_bytes;
   21706   rc = Parse_TPM_ST(
   21707       &buffer,
   21708       &tag,
   21709       &tag_bytes);
   21710   if (rc != TPM_RC_SUCCESS) {
   21711     return rc;
   21712   }
   21713   UINT32 response_size;
   21714   std::string response_size_bytes;
   21715   rc = Parse_UINT32(
   21716       &buffer,
   21717       &response_size,
   21718       &response_size_bytes);
   21719   if (rc != TPM_RC_SUCCESS) {
   21720     return rc;
   21721   }
   21722   TPM_RC response_code;
   21723   std::string response_code_bytes;
   21724   rc = Parse_TPM_RC(
   21725       &buffer,
   21726       &response_code,
   21727       &response_code_bytes);
   21728   if (rc != TPM_RC_SUCCESS) {
   21729     return rc;
   21730   }
   21731   if (response_size != response.size()) {
   21732     return TPM_RC_SIZE;
   21733   }
   21734   if (response_code != TPM_RC_SUCCESS) {
   21735     return response_code;
   21736   }
   21737   TPM_CC command_code = TPM_CC_GetTime;
   21738   std::string command_code_bytes;
   21739   rc = Serialize_TPM_CC(
   21740       command_code,
   21741       &command_code_bytes);
   21742   if (rc != TPM_RC_SUCCESS) {
   21743     return rc;
   21744   }
   21745   std::string authorization_section_bytes;
   21746   if (tag == TPM_ST_SESSIONS) {
   21747     UINT32 parameter_section_size = buffer.size();
   21748     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   21749     if (rc != TPM_RC_SUCCESS) {
   21750       return rc;
   21751     }
   21752     if (parameter_section_size > buffer.size()) {
   21753       return TPM_RC_INSUFFICIENT;
   21754     }
   21755     authorization_section_bytes = buffer.substr(parameter_section_size);
   21756     // Keep the parameter section in |buffer|.
   21757     buffer.erase(parameter_section_size);
   21758   }
   21759   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   21760       crypto::SecureHash::SHA256));
   21761   hash->Update(response_code_bytes.data(),
   21762                response_code_bytes.size());
   21763   hash->Update(command_code_bytes.data(),
   21764                command_code_bytes.size());
   21765   hash->Update(buffer.data(),
   21766                buffer.size());
   21767   std::string response_hash(32, 0);
   21768   hash->Finish(string_as_array(&response_hash), response_hash.size());
   21769   if (tag == TPM_ST_SESSIONS) {
   21770     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21771     if (!authorization_delegate->CheckResponseAuthorization(
   21772         response_hash,
   21773         authorization_section_bytes)) {
   21774       return TRUNKS_RC_AUTHORIZATION_FAILED;
   21775     }
   21776   }
   21777   std::string time_info_bytes;
   21778   rc = Parse_TPM2B_ATTEST(
   21779       &buffer,
   21780       time_info,
   21781       &time_info_bytes);
   21782   if (rc != TPM_RC_SUCCESS) {
   21783     return rc;
   21784   }
   21785   std::string signature_bytes;
   21786   rc = Parse_TPMT_SIGNATURE(
   21787       &buffer,
   21788       signature,
   21789       &signature_bytes);
   21790   if (rc != TPM_RC_SUCCESS) {
   21791     return rc;
   21792   }
   21793   if (tag == TPM_ST_SESSIONS) {
   21794     CHECK(authorization_delegate) << "Authorization delegate missing!";
   21795     // Decrypt just the parameter data, not the size.
   21796     std::string tmp = time_info_bytes.substr(2);
   21797     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   21798       return TRUNKS_RC_ENCRYPTION_FAILED;
   21799     }
   21800     time_info_bytes.replace(2, std::string::npos, tmp);
   21801     rc = Parse_TPM2B_ATTEST(
   21802         &time_info_bytes,
   21803         time_info,
   21804         nullptr);
   21805     if (rc != TPM_RC_SUCCESS) {
   21806       return rc;
   21807     }
   21808   }
   21809   return TPM_RC_SUCCESS;
   21810 }
   21811 
   21812 void GetTimeErrorCallback(
   21813     const Tpm::GetTimeResponse& callback,
   21814     TPM_RC response_code) {
   21815   VLOG(1) << __func__;
   21816   callback.Run(response_code,
   21817                TPM2B_ATTEST(),
   21818                TPMT_SIGNATURE());
   21819 }
   21820 
   21821 void GetTimeResponseParser(
   21822     const Tpm::GetTimeResponse& callback,
   21823     AuthorizationDelegate* authorization_delegate,
   21824     const std::string& response) {
   21825   VLOG(1) << __func__;
   21826   base::Callback<void(TPM_RC)> error_reporter =
   21827       base::Bind(GetTimeErrorCallback, callback);
   21828   TPM2B_ATTEST time_info;
   21829   TPMT_SIGNATURE signature;
   21830   TPM_RC rc = Tpm::ParseResponse_GetTime(
   21831       response,
   21832       &time_info,
   21833       &signature,
   21834       authorization_delegate);
   21835   if (rc != TPM_RC_SUCCESS) {
   21836     error_reporter.Run(rc);
   21837     return;
   21838   }
   21839   callback.Run(
   21840       rc,
   21841       time_info,
   21842       signature);
   21843 }
   21844 
   21845 void Tpm::GetTime(
   21846       const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   21847       const std::string& privacy_admin_handle_name,
   21848       const TPMI_DH_OBJECT& sign_handle,
   21849       const std::string& sign_handle_name,
   21850       const TPM2B_DATA& qualifying_data,
   21851       const TPMT_SIG_SCHEME& in_scheme,
   21852       AuthorizationDelegate* authorization_delegate,
   21853       const GetTimeResponse& callback) {
   21854   VLOG(1) << __func__;
   21855   base::Callback<void(TPM_RC)> error_reporter =
   21856       base::Bind(GetTimeErrorCallback, callback);
   21857   base::Callback<void(const std::string&)> parser =
   21858       base::Bind(GetTimeResponseParser,
   21859                  callback,
   21860                  authorization_delegate);
   21861   std::string command;
   21862   TPM_RC rc = SerializeCommand_GetTime(
   21863       privacy_admin_handle,
   21864       privacy_admin_handle_name,
   21865       sign_handle,
   21866       sign_handle_name,
   21867       qualifying_data,
   21868       in_scheme,
   21869       &command,
   21870       authorization_delegate);
   21871   if (rc != TPM_RC_SUCCESS) {
   21872     error_reporter.Run(rc);
   21873     return;
   21874   }
   21875   transceiver_->SendCommand(command, parser);
   21876 }
   21877 
   21878 TPM_RC Tpm::GetTimeSync(
   21879       const TPMI_RH_ENDORSEMENT& privacy_admin_handle,
   21880       const std::string& privacy_admin_handle_name,
   21881       const TPMI_DH_OBJECT& sign_handle,
   21882       const std::string& sign_handle_name,
   21883       const TPM2B_DATA& qualifying_data,
   21884       const TPMT_SIG_SCHEME& in_scheme,
   21885       TPM2B_ATTEST* time_info,
   21886       TPMT_SIGNATURE* signature,
   21887       AuthorizationDelegate* authorization_delegate) {
   21888   VLOG(1) << __func__;
   21889   std::string command;
   21890   TPM_RC rc = SerializeCommand_GetTime(
   21891       privacy_admin_handle,
   21892       privacy_admin_handle_name,
   21893       sign_handle,
   21894       sign_handle_name,
   21895       qualifying_data,
   21896       in_scheme,
   21897       &command,
   21898       authorization_delegate);
   21899   if (rc != TPM_RC_SUCCESS) {
   21900     return rc;
   21901   }
   21902   std::string response = transceiver_->SendCommandAndWait(command);
   21903   rc = ParseResponse_GetTime(
   21904       response,
   21905       time_info,
   21906       signature,
   21907       authorization_delegate);
   21908   return rc;
   21909 }
   21910 
   21911 TPM_RC Tpm::SerializeCommand_Commit(
   21912       const TPMI_DH_OBJECT& sign_handle,
   21913       const std::string& sign_handle_name,
   21914       const UINT32& param_size,
   21915       const TPM2B_ECC_POINT& p1,
   21916       const TPM2B_SENSITIVE_DATA& s2,
   21917       const TPM2B_ECC_PARAMETER& y2,
   21918       std::string* serialized_command,
   21919       AuthorizationDelegate* authorization_delegate) {
   21920   VLOG(3) << __func__;
   21921   TPM_RC rc = TPM_RC_SUCCESS;
   21922   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   21923   UINT32 command_size = 10;  // Header size.
   21924   std::string handle_section_bytes;
   21925   std::string parameter_section_bytes;
   21926   TPM_CC command_code = TPM_CC_Commit;
   21927   bool is_command_parameter_encryption_possible = false;
   21928   bool is_response_parameter_encryption_possible = false;
   21929   std::string command_code_bytes;
   21930   rc = Serialize_TPM_CC(
   21931       command_code,
   21932       &command_code_bytes);
   21933   if (rc != TPM_RC_SUCCESS) {
   21934     return rc;
   21935   }
   21936   std::string param_size_bytes;
   21937   rc = Serialize_UINT32(
   21938       param_size,
   21939       &param_size_bytes);
   21940   if (rc != TPM_RC_SUCCESS) {
   21941     return rc;
   21942   }
   21943   std::string sign_handle_bytes;
   21944   rc = Serialize_TPMI_DH_OBJECT(
   21945       sign_handle,
   21946       &sign_handle_bytes);
   21947   if (rc != TPM_RC_SUCCESS) {
   21948     return rc;
   21949   }
   21950   std::string p1_bytes;
   21951   rc = Serialize_TPM2B_ECC_POINT(
   21952       p1,
   21953       &p1_bytes);
   21954   if (rc != TPM_RC_SUCCESS) {
   21955     return rc;
   21956   }
   21957   std::string s2_bytes;
   21958   rc = Serialize_TPM2B_SENSITIVE_DATA(
   21959       s2,
   21960       &s2_bytes);
   21961   if (rc != TPM_RC_SUCCESS) {
   21962     return rc;
   21963   }
   21964   std::string y2_bytes;
   21965   rc = Serialize_TPM2B_ECC_PARAMETER(
   21966       y2,
   21967       &y2_bytes);
   21968   if (rc != TPM_RC_SUCCESS) {
   21969     return rc;
   21970   }
   21971   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   21972       crypto::SecureHash::SHA256));
   21973   hash->Update(command_code_bytes.data(),
   21974                command_code_bytes.size());
   21975   hash->Update(sign_handle_name.data(),
   21976                sign_handle_name.size());
   21977   handle_section_bytes += sign_handle_bytes;
   21978   command_size += sign_handle_bytes.size();
   21979   hash->Update(param_size_bytes.data(),
   21980                param_size_bytes.size());
   21981   parameter_section_bytes += param_size_bytes;
   21982   command_size += param_size_bytes.size();
   21983   hash->Update(p1_bytes.data(),
   21984                p1_bytes.size());
   21985   parameter_section_bytes += p1_bytes;
   21986   command_size += p1_bytes.size();
   21987   hash->Update(s2_bytes.data(),
   21988                s2_bytes.size());
   21989   parameter_section_bytes += s2_bytes;
   21990   command_size += s2_bytes.size();
   21991   hash->Update(y2_bytes.data(),
   21992                y2_bytes.size());
   21993   parameter_section_bytes += y2_bytes;
   21994   command_size += y2_bytes.size();
   21995   std::string command_hash(32, 0);
   21996   hash->Finish(string_as_array(&command_hash), command_hash.size());
   21997   std::string authorization_section_bytes;
   21998   std::string authorization_size_bytes;
   21999   if (authorization_delegate) {
   22000     if (!authorization_delegate->GetCommandAuthorization(
   22001         command_hash,
   22002         is_command_parameter_encryption_possible,
   22003         is_response_parameter_encryption_possible,
   22004         &authorization_section_bytes)) {
   22005       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22006     }
   22007     if (!authorization_section_bytes.empty()) {
   22008       tag = TPM_ST_SESSIONS;
   22009       std::string tmp;
   22010       rc = Serialize_UINT32(authorization_section_bytes.size(),
   22011                             &authorization_size_bytes);
   22012       if (rc != TPM_RC_SUCCESS) {
   22013         return rc;
   22014       }
   22015       command_size += authorization_size_bytes.size() +
   22016                       authorization_section_bytes.size();
   22017     }
   22018   }
   22019   std::string tag_bytes;
   22020   rc = Serialize_TPMI_ST_COMMAND_TAG(
   22021       tag,
   22022       &tag_bytes);
   22023   if (rc != TPM_RC_SUCCESS) {
   22024     return rc;
   22025   }
   22026   std::string command_size_bytes;
   22027   rc = Serialize_UINT32(
   22028       command_size,
   22029       &command_size_bytes);
   22030   if (rc != TPM_RC_SUCCESS) {
   22031     return rc;
   22032   }
   22033   *serialized_command = tag_bytes +
   22034                         command_size_bytes +
   22035                         command_code_bytes +
   22036                         handle_section_bytes +
   22037                         authorization_size_bytes +
   22038                         authorization_section_bytes +
   22039                         parameter_section_bytes;
   22040   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   22041   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   22042                                             serialized_command->size());
   22043   return TPM_RC_SUCCESS;
   22044 }
   22045 
   22046 TPM_RC Tpm::ParseResponse_Commit(
   22047       const std::string& response,
   22048       UINT32* param_size_out,
   22049       TPM2B_ECC_POINT* k,
   22050       TPM2B_ECC_POINT* l,
   22051       TPM2B_ECC_POINT* e,
   22052       UINT16* counter,
   22053       AuthorizationDelegate* authorization_delegate) {
   22054   VLOG(3) << __func__;
   22055   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   22056   TPM_RC rc = TPM_RC_SUCCESS;
   22057   std::string buffer(response);
   22058   TPM_ST tag;
   22059   std::string tag_bytes;
   22060   rc = Parse_TPM_ST(
   22061       &buffer,
   22062       &tag,
   22063       &tag_bytes);
   22064   if (rc != TPM_RC_SUCCESS) {
   22065     return rc;
   22066   }
   22067   UINT32 response_size;
   22068   std::string response_size_bytes;
   22069   rc = Parse_UINT32(
   22070       &buffer,
   22071       &response_size,
   22072       &response_size_bytes);
   22073   if (rc != TPM_RC_SUCCESS) {
   22074     return rc;
   22075   }
   22076   TPM_RC response_code;
   22077   std::string response_code_bytes;
   22078   rc = Parse_TPM_RC(
   22079       &buffer,
   22080       &response_code,
   22081       &response_code_bytes);
   22082   if (rc != TPM_RC_SUCCESS) {
   22083     return rc;
   22084   }
   22085   if (response_size != response.size()) {
   22086     return TPM_RC_SIZE;
   22087   }
   22088   if (response_code != TPM_RC_SUCCESS) {
   22089     return response_code;
   22090   }
   22091   TPM_CC command_code = TPM_CC_Commit;
   22092   std::string command_code_bytes;
   22093   rc = Serialize_TPM_CC(
   22094       command_code,
   22095       &command_code_bytes);
   22096   if (rc != TPM_RC_SUCCESS) {
   22097     return rc;
   22098   }
   22099   std::string authorization_section_bytes;
   22100   if (tag == TPM_ST_SESSIONS) {
   22101     UINT32 parameter_section_size = buffer.size();
   22102     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   22103     if (rc != TPM_RC_SUCCESS) {
   22104       return rc;
   22105     }
   22106     if (parameter_section_size > buffer.size()) {
   22107       return TPM_RC_INSUFFICIENT;
   22108     }
   22109     authorization_section_bytes = buffer.substr(parameter_section_size);
   22110     // Keep the parameter section in |buffer|.
   22111     buffer.erase(parameter_section_size);
   22112   }
   22113   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   22114       crypto::SecureHash::SHA256));
   22115   hash->Update(response_code_bytes.data(),
   22116                response_code_bytes.size());
   22117   hash->Update(command_code_bytes.data(),
   22118                command_code_bytes.size());
   22119   hash->Update(buffer.data(),
   22120                buffer.size());
   22121   std::string response_hash(32, 0);
   22122   hash->Finish(string_as_array(&response_hash), response_hash.size());
   22123   if (tag == TPM_ST_SESSIONS) {
   22124     CHECK(authorization_delegate) << "Authorization delegate missing!";
   22125     if (!authorization_delegate->CheckResponseAuthorization(
   22126         response_hash,
   22127         authorization_section_bytes)) {
   22128       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22129     }
   22130   }
   22131   std::string param_size_out_bytes;
   22132   rc = Parse_UINT32(
   22133       &buffer,
   22134       param_size_out,
   22135       &param_size_out_bytes);
   22136   if (rc != TPM_RC_SUCCESS) {
   22137     return rc;
   22138   }
   22139   std::string k_bytes;
   22140   rc = Parse_TPM2B_ECC_POINT(
   22141       &buffer,
   22142       k,
   22143       &k_bytes);
   22144   if (rc != TPM_RC_SUCCESS) {
   22145     return rc;
   22146   }
   22147   std::string l_bytes;
   22148   rc = Parse_TPM2B_ECC_POINT(
   22149       &buffer,
   22150       l,
   22151       &l_bytes);
   22152   if (rc != TPM_RC_SUCCESS) {
   22153     return rc;
   22154   }
   22155   std::string e_bytes;
   22156   rc = Parse_TPM2B_ECC_POINT(
   22157       &buffer,
   22158       e,
   22159       &e_bytes);
   22160   if (rc != TPM_RC_SUCCESS) {
   22161     return rc;
   22162   }
   22163   std::string counter_bytes;
   22164   rc = Parse_UINT16(
   22165       &buffer,
   22166       counter,
   22167       &counter_bytes);
   22168   if (rc != TPM_RC_SUCCESS) {
   22169     return rc;
   22170   }
   22171   return TPM_RC_SUCCESS;
   22172 }
   22173 
   22174 void CommitErrorCallback(
   22175     const Tpm::CommitResponse& callback,
   22176     TPM_RC response_code) {
   22177   VLOG(1) << __func__;
   22178   callback.Run(response_code,
   22179                UINT32(),
   22180                TPM2B_ECC_POINT(),
   22181                TPM2B_ECC_POINT(),
   22182                TPM2B_ECC_POINT(),
   22183                UINT16());
   22184 }
   22185 
   22186 void CommitResponseParser(
   22187     const Tpm::CommitResponse& callback,
   22188     AuthorizationDelegate* authorization_delegate,
   22189     const std::string& response) {
   22190   VLOG(1) << __func__;
   22191   base::Callback<void(TPM_RC)> error_reporter =
   22192       base::Bind(CommitErrorCallback, callback);
   22193   UINT32 param_size_out;
   22194   TPM2B_ECC_POINT k;
   22195   TPM2B_ECC_POINT l;
   22196   TPM2B_ECC_POINT e;
   22197   UINT16 counter;
   22198   TPM_RC rc = Tpm::ParseResponse_Commit(
   22199       response,
   22200       &param_size_out,
   22201       &k,
   22202       &l,
   22203       &e,
   22204       &counter,
   22205       authorization_delegate);
   22206   if (rc != TPM_RC_SUCCESS) {
   22207     error_reporter.Run(rc);
   22208     return;
   22209   }
   22210   callback.Run(
   22211       rc,
   22212       param_size_out,
   22213       k,
   22214       l,
   22215       e,
   22216       counter);
   22217 }
   22218 
   22219 void Tpm::Commit(
   22220       const TPMI_DH_OBJECT& sign_handle,
   22221       const std::string& sign_handle_name,
   22222       const UINT32& param_size,
   22223       const TPM2B_ECC_POINT& p1,
   22224       const TPM2B_SENSITIVE_DATA& s2,
   22225       const TPM2B_ECC_PARAMETER& y2,
   22226       AuthorizationDelegate* authorization_delegate,
   22227       const CommitResponse& callback) {
   22228   VLOG(1) << __func__;
   22229   base::Callback<void(TPM_RC)> error_reporter =
   22230       base::Bind(CommitErrorCallback, callback);
   22231   base::Callback<void(const std::string&)> parser =
   22232       base::Bind(CommitResponseParser,
   22233                  callback,
   22234                  authorization_delegate);
   22235   std::string command;
   22236   TPM_RC rc = SerializeCommand_Commit(
   22237       sign_handle,
   22238       sign_handle_name,
   22239       param_size,
   22240       p1,
   22241       s2,
   22242       y2,
   22243       &command,
   22244       authorization_delegate);
   22245   if (rc != TPM_RC_SUCCESS) {
   22246     error_reporter.Run(rc);
   22247     return;
   22248   }
   22249   transceiver_->SendCommand(command, parser);
   22250 }
   22251 
   22252 TPM_RC Tpm::CommitSync(
   22253       const TPMI_DH_OBJECT& sign_handle,
   22254       const std::string& sign_handle_name,
   22255       const UINT32& param_size,
   22256       const TPM2B_ECC_POINT& p1,
   22257       const TPM2B_SENSITIVE_DATA& s2,
   22258       const TPM2B_ECC_PARAMETER& y2,
   22259       UINT32* param_size_out,
   22260       TPM2B_ECC_POINT* k,
   22261       TPM2B_ECC_POINT* l,
   22262       TPM2B_ECC_POINT* e,
   22263       UINT16* counter,
   22264       AuthorizationDelegate* authorization_delegate) {
   22265   VLOG(1) << __func__;
   22266   std::string command;
   22267   TPM_RC rc = SerializeCommand_Commit(
   22268       sign_handle,
   22269       sign_handle_name,
   22270       param_size,
   22271       p1,
   22272       s2,
   22273       y2,
   22274       &command,
   22275       authorization_delegate);
   22276   if (rc != TPM_RC_SUCCESS) {
   22277     return rc;
   22278   }
   22279   std::string response = transceiver_->SendCommandAndWait(command);
   22280   rc = ParseResponse_Commit(
   22281       response,
   22282       param_size_out,
   22283       k,
   22284       l,
   22285       e,
   22286       counter,
   22287       authorization_delegate);
   22288   return rc;
   22289 }
   22290 
   22291 TPM_RC Tpm::SerializeCommand_EC_Ephemeral(
   22292       const UINT32& param_size,
   22293       const TPMI_ECC_CURVE& curve_id,
   22294       std::string* serialized_command,
   22295       AuthorizationDelegate* authorization_delegate) {
   22296   VLOG(3) << __func__;
   22297   TPM_RC rc = TPM_RC_SUCCESS;
   22298   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   22299   UINT32 command_size = 10;  // Header size.
   22300   std::string handle_section_bytes;
   22301   std::string parameter_section_bytes;
   22302   TPM_CC command_code = TPM_CC_EC_Ephemeral;
   22303   bool is_command_parameter_encryption_possible = false;
   22304   bool is_response_parameter_encryption_possible = false;
   22305   std::string command_code_bytes;
   22306   rc = Serialize_TPM_CC(
   22307       command_code,
   22308       &command_code_bytes);
   22309   if (rc != TPM_RC_SUCCESS) {
   22310     return rc;
   22311   }
   22312   std::string param_size_bytes;
   22313   rc = Serialize_UINT32(
   22314       param_size,
   22315       &param_size_bytes);
   22316   if (rc != TPM_RC_SUCCESS) {
   22317     return rc;
   22318   }
   22319   std::string curve_id_bytes;
   22320   rc = Serialize_TPMI_ECC_CURVE(
   22321       curve_id,
   22322       &curve_id_bytes);
   22323   if (rc != TPM_RC_SUCCESS) {
   22324     return rc;
   22325   }
   22326   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   22327       crypto::SecureHash::SHA256));
   22328   hash->Update(command_code_bytes.data(),
   22329                command_code_bytes.size());
   22330   hash->Update(param_size_bytes.data(),
   22331                param_size_bytes.size());
   22332   parameter_section_bytes += param_size_bytes;
   22333   command_size += param_size_bytes.size();
   22334   hash->Update(curve_id_bytes.data(),
   22335                curve_id_bytes.size());
   22336   parameter_section_bytes += curve_id_bytes;
   22337   command_size += curve_id_bytes.size();
   22338   std::string command_hash(32, 0);
   22339   hash->Finish(string_as_array(&command_hash), command_hash.size());
   22340   std::string authorization_section_bytes;
   22341   std::string authorization_size_bytes;
   22342   if (authorization_delegate) {
   22343     if (!authorization_delegate->GetCommandAuthorization(
   22344         command_hash,
   22345         is_command_parameter_encryption_possible,
   22346         is_response_parameter_encryption_possible,
   22347         &authorization_section_bytes)) {
   22348       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22349     }
   22350     if (!authorization_section_bytes.empty()) {
   22351       tag = TPM_ST_SESSIONS;
   22352       std::string tmp;
   22353       rc = Serialize_UINT32(authorization_section_bytes.size(),
   22354                             &authorization_size_bytes);
   22355       if (rc != TPM_RC_SUCCESS) {
   22356         return rc;
   22357       }
   22358       command_size += authorization_size_bytes.size() +
   22359                       authorization_section_bytes.size();
   22360     }
   22361   }
   22362   std::string tag_bytes;
   22363   rc = Serialize_TPMI_ST_COMMAND_TAG(
   22364       tag,
   22365       &tag_bytes);
   22366   if (rc != TPM_RC_SUCCESS) {
   22367     return rc;
   22368   }
   22369   std::string command_size_bytes;
   22370   rc = Serialize_UINT32(
   22371       command_size,
   22372       &command_size_bytes);
   22373   if (rc != TPM_RC_SUCCESS) {
   22374     return rc;
   22375   }
   22376   *serialized_command = tag_bytes +
   22377                         command_size_bytes +
   22378                         command_code_bytes +
   22379                         handle_section_bytes +
   22380                         authorization_size_bytes +
   22381                         authorization_section_bytes +
   22382                         parameter_section_bytes;
   22383   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   22384   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   22385                                             serialized_command->size());
   22386   return TPM_RC_SUCCESS;
   22387 }
   22388 
   22389 TPM_RC Tpm::ParseResponse_EC_Ephemeral(
   22390       const std::string& response,
   22391       UINT32* param_size_out,
   22392       TPM2B_ECC_POINT* q,
   22393       UINT16* counter,
   22394       AuthorizationDelegate* authorization_delegate) {
   22395   VLOG(3) << __func__;
   22396   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   22397   TPM_RC rc = TPM_RC_SUCCESS;
   22398   std::string buffer(response);
   22399   TPM_ST tag;
   22400   std::string tag_bytes;
   22401   rc = Parse_TPM_ST(
   22402       &buffer,
   22403       &tag,
   22404       &tag_bytes);
   22405   if (rc != TPM_RC_SUCCESS) {
   22406     return rc;
   22407   }
   22408   UINT32 response_size;
   22409   std::string response_size_bytes;
   22410   rc = Parse_UINT32(
   22411       &buffer,
   22412       &response_size,
   22413       &response_size_bytes);
   22414   if (rc != TPM_RC_SUCCESS) {
   22415     return rc;
   22416   }
   22417   TPM_RC response_code;
   22418   std::string response_code_bytes;
   22419   rc = Parse_TPM_RC(
   22420       &buffer,
   22421       &response_code,
   22422       &response_code_bytes);
   22423   if (rc != TPM_RC_SUCCESS) {
   22424     return rc;
   22425   }
   22426   if (response_size != response.size()) {
   22427     return TPM_RC_SIZE;
   22428   }
   22429   if (response_code != TPM_RC_SUCCESS) {
   22430     return response_code;
   22431   }
   22432   TPM_CC command_code = TPM_CC_EC_Ephemeral;
   22433   std::string command_code_bytes;
   22434   rc = Serialize_TPM_CC(
   22435       command_code,
   22436       &command_code_bytes);
   22437   if (rc != TPM_RC_SUCCESS) {
   22438     return rc;
   22439   }
   22440   std::string authorization_section_bytes;
   22441   if (tag == TPM_ST_SESSIONS) {
   22442     UINT32 parameter_section_size = buffer.size();
   22443     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   22444     if (rc != TPM_RC_SUCCESS) {
   22445       return rc;
   22446     }
   22447     if (parameter_section_size > buffer.size()) {
   22448       return TPM_RC_INSUFFICIENT;
   22449     }
   22450     authorization_section_bytes = buffer.substr(parameter_section_size);
   22451     // Keep the parameter section in |buffer|.
   22452     buffer.erase(parameter_section_size);
   22453   }
   22454   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   22455       crypto::SecureHash::SHA256));
   22456   hash->Update(response_code_bytes.data(),
   22457                response_code_bytes.size());
   22458   hash->Update(command_code_bytes.data(),
   22459                command_code_bytes.size());
   22460   hash->Update(buffer.data(),
   22461                buffer.size());
   22462   std::string response_hash(32, 0);
   22463   hash->Finish(string_as_array(&response_hash), response_hash.size());
   22464   if (tag == TPM_ST_SESSIONS) {
   22465     CHECK(authorization_delegate) << "Authorization delegate missing!";
   22466     if (!authorization_delegate->CheckResponseAuthorization(
   22467         response_hash,
   22468         authorization_section_bytes)) {
   22469       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22470     }
   22471   }
   22472   std::string param_size_out_bytes;
   22473   rc = Parse_UINT32(
   22474       &buffer,
   22475       param_size_out,
   22476       &param_size_out_bytes);
   22477   if (rc != TPM_RC_SUCCESS) {
   22478     return rc;
   22479   }
   22480   std::string q_bytes;
   22481   rc = Parse_TPM2B_ECC_POINT(
   22482       &buffer,
   22483       q,
   22484       &q_bytes);
   22485   if (rc != TPM_RC_SUCCESS) {
   22486     return rc;
   22487   }
   22488   std::string counter_bytes;
   22489   rc = Parse_UINT16(
   22490       &buffer,
   22491       counter,
   22492       &counter_bytes);
   22493   if (rc != TPM_RC_SUCCESS) {
   22494     return rc;
   22495   }
   22496   return TPM_RC_SUCCESS;
   22497 }
   22498 
   22499 void EC_EphemeralErrorCallback(
   22500     const Tpm::EC_EphemeralResponse& callback,
   22501     TPM_RC response_code) {
   22502   VLOG(1) << __func__;
   22503   callback.Run(response_code,
   22504                UINT32(),
   22505                TPM2B_ECC_POINT(),
   22506                UINT16());
   22507 }
   22508 
   22509 void EC_EphemeralResponseParser(
   22510     const Tpm::EC_EphemeralResponse& callback,
   22511     AuthorizationDelegate* authorization_delegate,
   22512     const std::string& response) {
   22513   VLOG(1) << __func__;
   22514   base::Callback<void(TPM_RC)> error_reporter =
   22515       base::Bind(EC_EphemeralErrorCallback, callback);
   22516   UINT32 param_size_out;
   22517   TPM2B_ECC_POINT q;
   22518   UINT16 counter;
   22519   TPM_RC rc = Tpm::ParseResponse_EC_Ephemeral(
   22520       response,
   22521       &param_size_out,
   22522       &q,
   22523       &counter,
   22524       authorization_delegate);
   22525   if (rc != TPM_RC_SUCCESS) {
   22526     error_reporter.Run(rc);
   22527     return;
   22528   }
   22529   callback.Run(
   22530       rc,
   22531       param_size_out,
   22532       q,
   22533       counter);
   22534 }
   22535 
   22536 void Tpm::EC_Ephemeral(
   22537       const UINT32& param_size,
   22538       const TPMI_ECC_CURVE& curve_id,
   22539       AuthorizationDelegate* authorization_delegate,
   22540       const EC_EphemeralResponse& callback) {
   22541   VLOG(1) << __func__;
   22542   base::Callback<void(TPM_RC)> error_reporter =
   22543       base::Bind(EC_EphemeralErrorCallback, callback);
   22544   base::Callback<void(const std::string&)> parser =
   22545       base::Bind(EC_EphemeralResponseParser,
   22546                  callback,
   22547                  authorization_delegate);
   22548   std::string command;
   22549   TPM_RC rc = SerializeCommand_EC_Ephemeral(
   22550       param_size,
   22551       curve_id,
   22552       &command,
   22553       authorization_delegate);
   22554   if (rc != TPM_RC_SUCCESS) {
   22555     error_reporter.Run(rc);
   22556     return;
   22557   }
   22558   transceiver_->SendCommand(command, parser);
   22559 }
   22560 
   22561 TPM_RC Tpm::EC_EphemeralSync(
   22562       const UINT32& param_size,
   22563       const TPMI_ECC_CURVE& curve_id,
   22564       UINT32* param_size_out,
   22565       TPM2B_ECC_POINT* q,
   22566       UINT16* counter,
   22567       AuthorizationDelegate* authorization_delegate) {
   22568   VLOG(1) << __func__;
   22569   std::string command;
   22570   TPM_RC rc = SerializeCommand_EC_Ephemeral(
   22571       param_size,
   22572       curve_id,
   22573       &command,
   22574       authorization_delegate);
   22575   if (rc != TPM_RC_SUCCESS) {
   22576     return rc;
   22577   }
   22578   std::string response = transceiver_->SendCommandAndWait(command);
   22579   rc = ParseResponse_EC_Ephemeral(
   22580       response,
   22581       param_size_out,
   22582       q,
   22583       counter,
   22584       authorization_delegate);
   22585   return rc;
   22586 }
   22587 
   22588 TPM_RC Tpm::SerializeCommand_VerifySignature(
   22589       const TPMI_DH_OBJECT& key_handle,
   22590       const std::string& key_handle_name,
   22591       const TPM2B_DIGEST& digest,
   22592       const TPMT_SIGNATURE& signature,
   22593       std::string* serialized_command,
   22594       AuthorizationDelegate* authorization_delegate) {
   22595   VLOG(3) << __func__;
   22596   TPM_RC rc = TPM_RC_SUCCESS;
   22597   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   22598   UINT32 command_size = 10;  // Header size.
   22599   std::string handle_section_bytes;
   22600   std::string parameter_section_bytes;
   22601   TPM_CC command_code = TPM_CC_VerifySignature;
   22602   bool is_command_parameter_encryption_possible = true;
   22603   bool is_response_parameter_encryption_possible = false;
   22604   std::string command_code_bytes;
   22605   rc = Serialize_TPM_CC(
   22606       command_code,
   22607       &command_code_bytes);
   22608   if (rc != TPM_RC_SUCCESS) {
   22609     return rc;
   22610   }
   22611   std::string key_handle_bytes;
   22612   rc = Serialize_TPMI_DH_OBJECT(
   22613       key_handle,
   22614       &key_handle_bytes);
   22615   if (rc != TPM_RC_SUCCESS) {
   22616     return rc;
   22617   }
   22618   std::string digest_bytes;
   22619   rc = Serialize_TPM2B_DIGEST(
   22620       digest,
   22621       &digest_bytes);
   22622   if (rc != TPM_RC_SUCCESS) {
   22623     return rc;
   22624   }
   22625   std::string signature_bytes;
   22626   rc = Serialize_TPMT_SIGNATURE(
   22627       signature,
   22628       &signature_bytes);
   22629   if (rc != TPM_RC_SUCCESS) {
   22630     return rc;
   22631   }
   22632   if (authorization_delegate) {
   22633     // Encrypt just the parameter data, not the size.
   22634     std::string tmp = digest_bytes.substr(2);
   22635     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   22636       return TRUNKS_RC_ENCRYPTION_FAILED;
   22637     }
   22638     digest_bytes.replace(2, std::string::npos, tmp);
   22639   }
   22640   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   22641       crypto::SecureHash::SHA256));
   22642   hash->Update(command_code_bytes.data(),
   22643                command_code_bytes.size());
   22644   hash->Update(key_handle_name.data(),
   22645                key_handle_name.size());
   22646   handle_section_bytes += key_handle_bytes;
   22647   command_size += key_handle_bytes.size();
   22648   hash->Update(digest_bytes.data(),
   22649                digest_bytes.size());
   22650   parameter_section_bytes += digest_bytes;
   22651   command_size += digest_bytes.size();
   22652   hash->Update(signature_bytes.data(),
   22653                signature_bytes.size());
   22654   parameter_section_bytes += signature_bytes;
   22655   command_size += signature_bytes.size();
   22656   std::string command_hash(32, 0);
   22657   hash->Finish(string_as_array(&command_hash), command_hash.size());
   22658   std::string authorization_section_bytes;
   22659   std::string authorization_size_bytes;
   22660   if (authorization_delegate) {
   22661     if (!authorization_delegate->GetCommandAuthorization(
   22662         command_hash,
   22663         is_command_parameter_encryption_possible,
   22664         is_response_parameter_encryption_possible,
   22665         &authorization_section_bytes)) {
   22666       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22667     }
   22668     if (!authorization_section_bytes.empty()) {
   22669       tag = TPM_ST_SESSIONS;
   22670       std::string tmp;
   22671       rc = Serialize_UINT32(authorization_section_bytes.size(),
   22672                             &authorization_size_bytes);
   22673       if (rc != TPM_RC_SUCCESS) {
   22674         return rc;
   22675       }
   22676       command_size += authorization_size_bytes.size() +
   22677                       authorization_section_bytes.size();
   22678     }
   22679   }
   22680   std::string tag_bytes;
   22681   rc = Serialize_TPMI_ST_COMMAND_TAG(
   22682       tag,
   22683       &tag_bytes);
   22684   if (rc != TPM_RC_SUCCESS) {
   22685     return rc;
   22686   }
   22687   std::string command_size_bytes;
   22688   rc = Serialize_UINT32(
   22689       command_size,
   22690       &command_size_bytes);
   22691   if (rc != TPM_RC_SUCCESS) {
   22692     return rc;
   22693   }
   22694   *serialized_command = tag_bytes +
   22695                         command_size_bytes +
   22696                         command_code_bytes +
   22697                         handle_section_bytes +
   22698                         authorization_size_bytes +
   22699                         authorization_section_bytes +
   22700                         parameter_section_bytes;
   22701   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   22702   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   22703                                             serialized_command->size());
   22704   return TPM_RC_SUCCESS;
   22705 }
   22706 
   22707 TPM_RC Tpm::ParseResponse_VerifySignature(
   22708       const std::string& response,
   22709       TPMT_TK_VERIFIED* validation,
   22710       AuthorizationDelegate* authorization_delegate) {
   22711   VLOG(3) << __func__;
   22712   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   22713   TPM_RC rc = TPM_RC_SUCCESS;
   22714   std::string buffer(response);
   22715   TPM_ST tag;
   22716   std::string tag_bytes;
   22717   rc = Parse_TPM_ST(
   22718       &buffer,
   22719       &tag,
   22720       &tag_bytes);
   22721   if (rc != TPM_RC_SUCCESS) {
   22722     return rc;
   22723   }
   22724   UINT32 response_size;
   22725   std::string response_size_bytes;
   22726   rc = Parse_UINT32(
   22727       &buffer,
   22728       &response_size,
   22729       &response_size_bytes);
   22730   if (rc != TPM_RC_SUCCESS) {
   22731     return rc;
   22732   }
   22733   TPM_RC response_code;
   22734   std::string response_code_bytes;
   22735   rc = Parse_TPM_RC(
   22736       &buffer,
   22737       &response_code,
   22738       &response_code_bytes);
   22739   if (rc != TPM_RC_SUCCESS) {
   22740     return rc;
   22741   }
   22742   if (response_size != response.size()) {
   22743     return TPM_RC_SIZE;
   22744   }
   22745   if (response_code != TPM_RC_SUCCESS) {
   22746     return response_code;
   22747   }
   22748   TPM_CC command_code = TPM_CC_VerifySignature;
   22749   std::string command_code_bytes;
   22750   rc = Serialize_TPM_CC(
   22751       command_code,
   22752       &command_code_bytes);
   22753   if (rc != TPM_RC_SUCCESS) {
   22754     return rc;
   22755   }
   22756   std::string authorization_section_bytes;
   22757   if (tag == TPM_ST_SESSIONS) {
   22758     UINT32 parameter_section_size = buffer.size();
   22759     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   22760     if (rc != TPM_RC_SUCCESS) {
   22761       return rc;
   22762     }
   22763     if (parameter_section_size > buffer.size()) {
   22764       return TPM_RC_INSUFFICIENT;
   22765     }
   22766     authorization_section_bytes = buffer.substr(parameter_section_size);
   22767     // Keep the parameter section in |buffer|.
   22768     buffer.erase(parameter_section_size);
   22769   }
   22770   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   22771       crypto::SecureHash::SHA256));
   22772   hash->Update(response_code_bytes.data(),
   22773                response_code_bytes.size());
   22774   hash->Update(command_code_bytes.data(),
   22775                command_code_bytes.size());
   22776   hash->Update(buffer.data(),
   22777                buffer.size());
   22778   std::string response_hash(32, 0);
   22779   hash->Finish(string_as_array(&response_hash), response_hash.size());
   22780   if (tag == TPM_ST_SESSIONS) {
   22781     CHECK(authorization_delegate) << "Authorization delegate missing!";
   22782     if (!authorization_delegate->CheckResponseAuthorization(
   22783         response_hash,
   22784         authorization_section_bytes)) {
   22785       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22786     }
   22787   }
   22788   std::string validation_bytes;
   22789   rc = Parse_TPMT_TK_VERIFIED(
   22790       &buffer,
   22791       validation,
   22792       &validation_bytes);
   22793   if (rc != TPM_RC_SUCCESS) {
   22794     return rc;
   22795   }
   22796   return TPM_RC_SUCCESS;
   22797 }
   22798 
   22799 void VerifySignatureErrorCallback(
   22800     const Tpm::VerifySignatureResponse& callback,
   22801     TPM_RC response_code) {
   22802   VLOG(1) << __func__;
   22803   callback.Run(response_code,
   22804                TPMT_TK_VERIFIED());
   22805 }
   22806 
   22807 void VerifySignatureResponseParser(
   22808     const Tpm::VerifySignatureResponse& callback,
   22809     AuthorizationDelegate* authorization_delegate,
   22810     const std::string& response) {
   22811   VLOG(1) << __func__;
   22812   base::Callback<void(TPM_RC)> error_reporter =
   22813       base::Bind(VerifySignatureErrorCallback, callback);
   22814   TPMT_TK_VERIFIED validation;
   22815   TPM_RC rc = Tpm::ParseResponse_VerifySignature(
   22816       response,
   22817       &validation,
   22818       authorization_delegate);
   22819   if (rc != TPM_RC_SUCCESS) {
   22820     error_reporter.Run(rc);
   22821     return;
   22822   }
   22823   callback.Run(
   22824       rc,
   22825       validation);
   22826 }
   22827 
   22828 void Tpm::VerifySignature(
   22829       const TPMI_DH_OBJECT& key_handle,
   22830       const std::string& key_handle_name,
   22831       const TPM2B_DIGEST& digest,
   22832       const TPMT_SIGNATURE& signature,
   22833       AuthorizationDelegate* authorization_delegate,
   22834       const VerifySignatureResponse& callback) {
   22835   VLOG(1) << __func__;
   22836   base::Callback<void(TPM_RC)> error_reporter =
   22837       base::Bind(VerifySignatureErrorCallback, callback);
   22838   base::Callback<void(const std::string&)> parser =
   22839       base::Bind(VerifySignatureResponseParser,
   22840                  callback,
   22841                  authorization_delegate);
   22842   std::string command;
   22843   TPM_RC rc = SerializeCommand_VerifySignature(
   22844       key_handle,
   22845       key_handle_name,
   22846       digest,
   22847       signature,
   22848       &command,
   22849       authorization_delegate);
   22850   if (rc != TPM_RC_SUCCESS) {
   22851     error_reporter.Run(rc);
   22852     return;
   22853   }
   22854   transceiver_->SendCommand(command, parser);
   22855 }
   22856 
   22857 TPM_RC Tpm::VerifySignatureSync(
   22858       const TPMI_DH_OBJECT& key_handle,
   22859       const std::string& key_handle_name,
   22860       const TPM2B_DIGEST& digest,
   22861       const TPMT_SIGNATURE& signature,
   22862       TPMT_TK_VERIFIED* validation,
   22863       AuthorizationDelegate* authorization_delegate) {
   22864   VLOG(1) << __func__;
   22865   std::string command;
   22866   TPM_RC rc = SerializeCommand_VerifySignature(
   22867       key_handle,
   22868       key_handle_name,
   22869       digest,
   22870       signature,
   22871       &command,
   22872       authorization_delegate);
   22873   if (rc != TPM_RC_SUCCESS) {
   22874     return rc;
   22875   }
   22876   std::string response = transceiver_->SendCommandAndWait(command);
   22877   rc = ParseResponse_VerifySignature(
   22878       response,
   22879       validation,
   22880       authorization_delegate);
   22881   return rc;
   22882 }
   22883 
   22884 TPM_RC Tpm::SerializeCommand_Sign(
   22885       const TPMI_DH_OBJECT& key_handle,
   22886       const std::string& key_handle_name,
   22887       const TPM2B_DIGEST& digest,
   22888       const TPMT_SIG_SCHEME& in_scheme,
   22889       const TPMT_TK_HASHCHECK& validation,
   22890       std::string* serialized_command,
   22891       AuthorizationDelegate* authorization_delegate) {
   22892   VLOG(3) << __func__;
   22893   TPM_RC rc = TPM_RC_SUCCESS;
   22894   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   22895   UINT32 command_size = 10;  // Header size.
   22896   std::string handle_section_bytes;
   22897   std::string parameter_section_bytes;
   22898   TPM_CC command_code = TPM_CC_Sign;
   22899   bool is_command_parameter_encryption_possible = true;
   22900   bool is_response_parameter_encryption_possible = false;
   22901   std::string command_code_bytes;
   22902   rc = Serialize_TPM_CC(
   22903       command_code,
   22904       &command_code_bytes);
   22905   if (rc != TPM_RC_SUCCESS) {
   22906     return rc;
   22907   }
   22908   std::string key_handle_bytes;
   22909   rc = Serialize_TPMI_DH_OBJECT(
   22910       key_handle,
   22911       &key_handle_bytes);
   22912   if (rc != TPM_RC_SUCCESS) {
   22913     return rc;
   22914   }
   22915   std::string digest_bytes;
   22916   rc = Serialize_TPM2B_DIGEST(
   22917       digest,
   22918       &digest_bytes);
   22919   if (rc != TPM_RC_SUCCESS) {
   22920     return rc;
   22921   }
   22922   std::string in_scheme_bytes;
   22923   rc = Serialize_TPMT_SIG_SCHEME(
   22924       in_scheme,
   22925       &in_scheme_bytes);
   22926   if (rc != TPM_RC_SUCCESS) {
   22927     return rc;
   22928   }
   22929   std::string validation_bytes;
   22930   rc = Serialize_TPMT_TK_HASHCHECK(
   22931       validation,
   22932       &validation_bytes);
   22933   if (rc != TPM_RC_SUCCESS) {
   22934     return rc;
   22935   }
   22936   if (authorization_delegate) {
   22937     // Encrypt just the parameter data, not the size.
   22938     std::string tmp = digest_bytes.substr(2);
   22939     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   22940       return TRUNKS_RC_ENCRYPTION_FAILED;
   22941     }
   22942     digest_bytes.replace(2, std::string::npos, tmp);
   22943   }
   22944   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   22945       crypto::SecureHash::SHA256));
   22946   hash->Update(command_code_bytes.data(),
   22947                command_code_bytes.size());
   22948   hash->Update(key_handle_name.data(),
   22949                key_handle_name.size());
   22950   handle_section_bytes += key_handle_bytes;
   22951   command_size += key_handle_bytes.size();
   22952   hash->Update(digest_bytes.data(),
   22953                digest_bytes.size());
   22954   parameter_section_bytes += digest_bytes;
   22955   command_size += digest_bytes.size();
   22956   hash->Update(in_scheme_bytes.data(),
   22957                in_scheme_bytes.size());
   22958   parameter_section_bytes += in_scheme_bytes;
   22959   command_size += in_scheme_bytes.size();
   22960   hash->Update(validation_bytes.data(),
   22961                validation_bytes.size());
   22962   parameter_section_bytes += validation_bytes;
   22963   command_size += validation_bytes.size();
   22964   std::string command_hash(32, 0);
   22965   hash->Finish(string_as_array(&command_hash), command_hash.size());
   22966   std::string authorization_section_bytes;
   22967   std::string authorization_size_bytes;
   22968   if (authorization_delegate) {
   22969     if (!authorization_delegate->GetCommandAuthorization(
   22970         command_hash,
   22971         is_command_parameter_encryption_possible,
   22972         is_response_parameter_encryption_possible,
   22973         &authorization_section_bytes)) {
   22974       return TRUNKS_RC_AUTHORIZATION_FAILED;
   22975     }
   22976     if (!authorization_section_bytes.empty()) {
   22977       tag = TPM_ST_SESSIONS;
   22978       std::string tmp;
   22979       rc = Serialize_UINT32(authorization_section_bytes.size(),
   22980                             &authorization_size_bytes);
   22981       if (rc != TPM_RC_SUCCESS) {
   22982         return rc;
   22983       }
   22984       command_size += authorization_size_bytes.size() +
   22985                       authorization_section_bytes.size();
   22986     }
   22987   }
   22988   std::string tag_bytes;
   22989   rc = Serialize_TPMI_ST_COMMAND_TAG(
   22990       tag,
   22991       &tag_bytes);
   22992   if (rc != TPM_RC_SUCCESS) {
   22993     return rc;
   22994   }
   22995   std::string command_size_bytes;
   22996   rc = Serialize_UINT32(
   22997       command_size,
   22998       &command_size_bytes);
   22999   if (rc != TPM_RC_SUCCESS) {
   23000     return rc;
   23001   }
   23002   *serialized_command = tag_bytes +
   23003                         command_size_bytes +
   23004                         command_code_bytes +
   23005                         handle_section_bytes +
   23006                         authorization_size_bytes +
   23007                         authorization_section_bytes +
   23008                         parameter_section_bytes;
   23009   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   23010   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   23011                                             serialized_command->size());
   23012   return TPM_RC_SUCCESS;
   23013 }
   23014 
   23015 TPM_RC Tpm::ParseResponse_Sign(
   23016       const std::string& response,
   23017       TPMT_SIGNATURE* signature,
   23018       AuthorizationDelegate* authorization_delegate) {
   23019   VLOG(3) << __func__;
   23020   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   23021   TPM_RC rc = TPM_RC_SUCCESS;
   23022   std::string buffer(response);
   23023   TPM_ST tag;
   23024   std::string tag_bytes;
   23025   rc = Parse_TPM_ST(
   23026       &buffer,
   23027       &tag,
   23028       &tag_bytes);
   23029   if (rc != TPM_RC_SUCCESS) {
   23030     return rc;
   23031   }
   23032   UINT32 response_size;
   23033   std::string response_size_bytes;
   23034   rc = Parse_UINT32(
   23035       &buffer,
   23036       &response_size,
   23037       &response_size_bytes);
   23038   if (rc != TPM_RC_SUCCESS) {
   23039     return rc;
   23040   }
   23041   TPM_RC response_code;
   23042   std::string response_code_bytes;
   23043   rc = Parse_TPM_RC(
   23044       &buffer,
   23045       &response_code,
   23046       &response_code_bytes);
   23047   if (rc != TPM_RC_SUCCESS) {
   23048     return rc;
   23049   }
   23050   if (response_size != response.size()) {
   23051     return TPM_RC_SIZE;
   23052   }
   23053   if (response_code != TPM_RC_SUCCESS) {
   23054     return response_code;
   23055   }
   23056   TPM_CC command_code = TPM_CC_Sign;
   23057   std::string command_code_bytes;
   23058   rc = Serialize_TPM_CC(
   23059       command_code,
   23060       &command_code_bytes);
   23061   if (rc != TPM_RC_SUCCESS) {
   23062     return rc;
   23063   }
   23064   std::string authorization_section_bytes;
   23065   if (tag == TPM_ST_SESSIONS) {
   23066     UINT32 parameter_section_size = buffer.size();
   23067     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   23068     if (rc != TPM_RC_SUCCESS) {
   23069       return rc;
   23070     }
   23071     if (parameter_section_size > buffer.size()) {
   23072       return TPM_RC_INSUFFICIENT;
   23073     }
   23074     authorization_section_bytes = buffer.substr(parameter_section_size);
   23075     // Keep the parameter section in |buffer|.
   23076     buffer.erase(parameter_section_size);
   23077   }
   23078   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   23079       crypto::SecureHash::SHA256));
   23080   hash->Update(response_code_bytes.data(),
   23081                response_code_bytes.size());
   23082   hash->Update(command_code_bytes.data(),
   23083                command_code_bytes.size());
   23084   hash->Update(buffer.data(),
   23085                buffer.size());
   23086   std::string response_hash(32, 0);
   23087   hash->Finish(string_as_array(&response_hash), response_hash.size());
   23088   if (tag == TPM_ST_SESSIONS) {
   23089     CHECK(authorization_delegate) << "Authorization delegate missing!";
   23090     if (!authorization_delegate->CheckResponseAuthorization(
   23091         response_hash,
   23092         authorization_section_bytes)) {
   23093       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23094     }
   23095   }
   23096   std::string signature_bytes;
   23097   rc = Parse_TPMT_SIGNATURE(
   23098       &buffer,
   23099       signature,
   23100       &signature_bytes);
   23101   if (rc != TPM_RC_SUCCESS) {
   23102     return rc;
   23103   }
   23104   return TPM_RC_SUCCESS;
   23105 }
   23106 
   23107 void SignErrorCallback(
   23108     const Tpm::SignResponse& callback,
   23109     TPM_RC response_code) {
   23110   VLOG(1) << __func__;
   23111   callback.Run(response_code,
   23112                TPMT_SIGNATURE());
   23113 }
   23114 
   23115 void SignResponseParser(
   23116     const Tpm::SignResponse& callback,
   23117     AuthorizationDelegate* authorization_delegate,
   23118     const std::string& response) {
   23119   VLOG(1) << __func__;
   23120   base::Callback<void(TPM_RC)> error_reporter =
   23121       base::Bind(SignErrorCallback, callback);
   23122   TPMT_SIGNATURE signature;
   23123   TPM_RC rc = Tpm::ParseResponse_Sign(
   23124       response,
   23125       &signature,
   23126       authorization_delegate);
   23127   if (rc != TPM_RC_SUCCESS) {
   23128     error_reporter.Run(rc);
   23129     return;
   23130   }
   23131   callback.Run(
   23132       rc,
   23133       signature);
   23134 }
   23135 
   23136 void Tpm::Sign(
   23137       const TPMI_DH_OBJECT& key_handle,
   23138       const std::string& key_handle_name,
   23139       const TPM2B_DIGEST& digest,
   23140       const TPMT_SIG_SCHEME& in_scheme,
   23141       const TPMT_TK_HASHCHECK& validation,
   23142       AuthorizationDelegate* authorization_delegate,
   23143       const SignResponse& callback) {
   23144   VLOG(1) << __func__;
   23145   base::Callback<void(TPM_RC)> error_reporter =
   23146       base::Bind(SignErrorCallback, callback);
   23147   base::Callback<void(const std::string&)> parser =
   23148       base::Bind(SignResponseParser,
   23149                  callback,
   23150                  authorization_delegate);
   23151   std::string command;
   23152   TPM_RC rc = SerializeCommand_Sign(
   23153       key_handle,
   23154       key_handle_name,
   23155       digest,
   23156       in_scheme,
   23157       validation,
   23158       &command,
   23159       authorization_delegate);
   23160   if (rc != TPM_RC_SUCCESS) {
   23161     error_reporter.Run(rc);
   23162     return;
   23163   }
   23164   transceiver_->SendCommand(command, parser);
   23165 }
   23166 
   23167 TPM_RC Tpm::SignSync(
   23168       const TPMI_DH_OBJECT& key_handle,
   23169       const std::string& key_handle_name,
   23170       const TPM2B_DIGEST& digest,
   23171       const TPMT_SIG_SCHEME& in_scheme,
   23172       const TPMT_TK_HASHCHECK& validation,
   23173       TPMT_SIGNATURE* signature,
   23174       AuthorizationDelegate* authorization_delegate) {
   23175   VLOG(1) << __func__;
   23176   std::string command;
   23177   TPM_RC rc = SerializeCommand_Sign(
   23178       key_handle,
   23179       key_handle_name,
   23180       digest,
   23181       in_scheme,
   23182       validation,
   23183       &command,
   23184       authorization_delegate);
   23185   if (rc != TPM_RC_SUCCESS) {
   23186     return rc;
   23187   }
   23188   std::string response = transceiver_->SendCommandAndWait(command);
   23189   rc = ParseResponse_Sign(
   23190       response,
   23191       signature,
   23192       authorization_delegate);
   23193   return rc;
   23194 }
   23195 
   23196 TPM_RC Tpm::SerializeCommand_SetCommandCodeAuditStatus(
   23197       const TPMI_RH_PROVISION& auth,
   23198       const std::string& auth_name,
   23199       const TPMI_ALG_HASH& audit_alg,
   23200       const TPML_CC& set_list,
   23201       const TPML_CC& clear_list,
   23202       std::string* serialized_command,
   23203       AuthorizationDelegate* authorization_delegate) {
   23204   VLOG(3) << __func__;
   23205   TPM_RC rc = TPM_RC_SUCCESS;
   23206   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   23207   UINT32 command_size = 10;  // Header size.
   23208   std::string handle_section_bytes;
   23209   std::string parameter_section_bytes;
   23210   TPM_CC command_code = TPM_CC_SetCommandCodeAuditStatus;
   23211   bool is_command_parameter_encryption_possible = false;
   23212   bool is_response_parameter_encryption_possible = false;
   23213   std::string command_code_bytes;
   23214   rc = Serialize_TPM_CC(
   23215       command_code,
   23216       &command_code_bytes);
   23217   if (rc != TPM_RC_SUCCESS) {
   23218     return rc;
   23219   }
   23220   std::string auth_bytes;
   23221   rc = Serialize_TPMI_RH_PROVISION(
   23222       auth,
   23223       &auth_bytes);
   23224   if (rc != TPM_RC_SUCCESS) {
   23225     return rc;
   23226   }
   23227   std::string audit_alg_bytes;
   23228   rc = Serialize_TPMI_ALG_HASH(
   23229       audit_alg,
   23230       &audit_alg_bytes);
   23231   if (rc != TPM_RC_SUCCESS) {
   23232     return rc;
   23233   }
   23234   std::string set_list_bytes;
   23235   rc = Serialize_TPML_CC(
   23236       set_list,
   23237       &set_list_bytes);
   23238   if (rc != TPM_RC_SUCCESS) {
   23239     return rc;
   23240   }
   23241   std::string clear_list_bytes;
   23242   rc = Serialize_TPML_CC(
   23243       clear_list,
   23244       &clear_list_bytes);
   23245   if (rc != TPM_RC_SUCCESS) {
   23246     return rc;
   23247   }
   23248   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   23249       crypto::SecureHash::SHA256));
   23250   hash->Update(command_code_bytes.data(),
   23251                command_code_bytes.size());
   23252   hash->Update(auth_name.data(),
   23253                auth_name.size());
   23254   handle_section_bytes += auth_bytes;
   23255   command_size += auth_bytes.size();
   23256   hash->Update(audit_alg_bytes.data(),
   23257                audit_alg_bytes.size());
   23258   parameter_section_bytes += audit_alg_bytes;
   23259   command_size += audit_alg_bytes.size();
   23260   hash->Update(set_list_bytes.data(),
   23261                set_list_bytes.size());
   23262   parameter_section_bytes += set_list_bytes;
   23263   command_size += set_list_bytes.size();
   23264   hash->Update(clear_list_bytes.data(),
   23265                clear_list_bytes.size());
   23266   parameter_section_bytes += clear_list_bytes;
   23267   command_size += clear_list_bytes.size();
   23268   std::string command_hash(32, 0);
   23269   hash->Finish(string_as_array(&command_hash), command_hash.size());
   23270   std::string authorization_section_bytes;
   23271   std::string authorization_size_bytes;
   23272   if (authorization_delegate) {
   23273     if (!authorization_delegate->GetCommandAuthorization(
   23274         command_hash,
   23275         is_command_parameter_encryption_possible,
   23276         is_response_parameter_encryption_possible,
   23277         &authorization_section_bytes)) {
   23278       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23279     }
   23280     if (!authorization_section_bytes.empty()) {
   23281       tag = TPM_ST_SESSIONS;
   23282       std::string tmp;
   23283       rc = Serialize_UINT32(authorization_section_bytes.size(),
   23284                             &authorization_size_bytes);
   23285       if (rc != TPM_RC_SUCCESS) {
   23286         return rc;
   23287       }
   23288       command_size += authorization_size_bytes.size() +
   23289                       authorization_section_bytes.size();
   23290     }
   23291   }
   23292   std::string tag_bytes;
   23293   rc = Serialize_TPMI_ST_COMMAND_TAG(
   23294       tag,
   23295       &tag_bytes);
   23296   if (rc != TPM_RC_SUCCESS) {
   23297     return rc;
   23298   }
   23299   std::string command_size_bytes;
   23300   rc = Serialize_UINT32(
   23301       command_size,
   23302       &command_size_bytes);
   23303   if (rc != TPM_RC_SUCCESS) {
   23304     return rc;
   23305   }
   23306   *serialized_command = tag_bytes +
   23307                         command_size_bytes +
   23308                         command_code_bytes +
   23309                         handle_section_bytes +
   23310                         authorization_size_bytes +
   23311                         authorization_section_bytes +
   23312                         parameter_section_bytes;
   23313   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   23314   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   23315                                             serialized_command->size());
   23316   return TPM_RC_SUCCESS;
   23317 }
   23318 
   23319 TPM_RC Tpm::ParseResponse_SetCommandCodeAuditStatus(
   23320       const std::string& response,
   23321       AuthorizationDelegate* authorization_delegate) {
   23322   VLOG(3) << __func__;
   23323   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   23324   TPM_RC rc = TPM_RC_SUCCESS;
   23325   std::string buffer(response);
   23326   TPM_ST tag;
   23327   std::string tag_bytes;
   23328   rc = Parse_TPM_ST(
   23329       &buffer,
   23330       &tag,
   23331       &tag_bytes);
   23332   if (rc != TPM_RC_SUCCESS) {
   23333     return rc;
   23334   }
   23335   UINT32 response_size;
   23336   std::string response_size_bytes;
   23337   rc = Parse_UINT32(
   23338       &buffer,
   23339       &response_size,
   23340       &response_size_bytes);
   23341   if (rc != TPM_RC_SUCCESS) {
   23342     return rc;
   23343   }
   23344   TPM_RC response_code;
   23345   std::string response_code_bytes;
   23346   rc = Parse_TPM_RC(
   23347       &buffer,
   23348       &response_code,
   23349       &response_code_bytes);
   23350   if (rc != TPM_RC_SUCCESS) {
   23351     return rc;
   23352   }
   23353   if (response_size != response.size()) {
   23354     return TPM_RC_SIZE;
   23355   }
   23356   if (response_code != TPM_RC_SUCCESS) {
   23357     return response_code;
   23358   }
   23359   TPM_CC command_code = TPM_CC_SetCommandCodeAuditStatus;
   23360   std::string command_code_bytes;
   23361   rc = Serialize_TPM_CC(
   23362       command_code,
   23363       &command_code_bytes);
   23364   if (rc != TPM_RC_SUCCESS) {
   23365     return rc;
   23366   }
   23367   std::string authorization_section_bytes;
   23368   if (tag == TPM_ST_SESSIONS) {
   23369     UINT32 parameter_section_size = buffer.size();
   23370     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   23371     if (rc != TPM_RC_SUCCESS) {
   23372       return rc;
   23373     }
   23374     if (parameter_section_size > buffer.size()) {
   23375       return TPM_RC_INSUFFICIENT;
   23376     }
   23377     authorization_section_bytes = buffer.substr(parameter_section_size);
   23378     // Keep the parameter section in |buffer|.
   23379     buffer.erase(parameter_section_size);
   23380   }
   23381   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   23382       crypto::SecureHash::SHA256));
   23383   hash->Update(response_code_bytes.data(),
   23384                response_code_bytes.size());
   23385   hash->Update(command_code_bytes.data(),
   23386                command_code_bytes.size());
   23387   hash->Update(buffer.data(),
   23388                buffer.size());
   23389   std::string response_hash(32, 0);
   23390   hash->Finish(string_as_array(&response_hash), response_hash.size());
   23391   if (tag == TPM_ST_SESSIONS) {
   23392     CHECK(authorization_delegate) << "Authorization delegate missing!";
   23393     if (!authorization_delegate->CheckResponseAuthorization(
   23394         response_hash,
   23395         authorization_section_bytes)) {
   23396       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23397     }
   23398   }
   23399   return TPM_RC_SUCCESS;
   23400 }
   23401 
   23402 void SetCommandCodeAuditStatusErrorCallback(
   23403     const Tpm::SetCommandCodeAuditStatusResponse& callback,
   23404     TPM_RC response_code) {
   23405   VLOG(1) << __func__;
   23406   callback.Run(response_code);
   23407 }
   23408 
   23409 void SetCommandCodeAuditStatusResponseParser(
   23410     const Tpm::SetCommandCodeAuditStatusResponse& callback,
   23411     AuthorizationDelegate* authorization_delegate,
   23412     const std::string& response) {
   23413   VLOG(1) << __func__;
   23414   base::Callback<void(TPM_RC)> error_reporter =
   23415       base::Bind(SetCommandCodeAuditStatusErrorCallback, callback);
   23416   TPM_RC rc = Tpm::ParseResponse_SetCommandCodeAuditStatus(
   23417       response,
   23418       authorization_delegate);
   23419   if (rc != TPM_RC_SUCCESS) {
   23420     error_reporter.Run(rc);
   23421     return;
   23422   }
   23423   callback.Run(
   23424       rc);
   23425 }
   23426 
   23427 void Tpm::SetCommandCodeAuditStatus(
   23428       const TPMI_RH_PROVISION& auth,
   23429       const std::string& auth_name,
   23430       const TPMI_ALG_HASH& audit_alg,
   23431       const TPML_CC& set_list,
   23432       const TPML_CC& clear_list,
   23433       AuthorizationDelegate* authorization_delegate,
   23434       const SetCommandCodeAuditStatusResponse& callback) {
   23435   VLOG(1) << __func__;
   23436   base::Callback<void(TPM_RC)> error_reporter =
   23437       base::Bind(SetCommandCodeAuditStatusErrorCallback, callback);
   23438   base::Callback<void(const std::string&)> parser =
   23439       base::Bind(SetCommandCodeAuditStatusResponseParser,
   23440                  callback,
   23441                  authorization_delegate);
   23442   std::string command;
   23443   TPM_RC rc = SerializeCommand_SetCommandCodeAuditStatus(
   23444       auth,
   23445       auth_name,
   23446       audit_alg,
   23447       set_list,
   23448       clear_list,
   23449       &command,
   23450       authorization_delegate);
   23451   if (rc != TPM_RC_SUCCESS) {
   23452     error_reporter.Run(rc);
   23453     return;
   23454   }
   23455   transceiver_->SendCommand(command, parser);
   23456 }
   23457 
   23458 TPM_RC Tpm::SetCommandCodeAuditStatusSync(
   23459       const TPMI_RH_PROVISION& auth,
   23460       const std::string& auth_name,
   23461       const TPMI_ALG_HASH& audit_alg,
   23462       const TPML_CC& set_list,
   23463       const TPML_CC& clear_list,
   23464       AuthorizationDelegate* authorization_delegate) {
   23465   VLOG(1) << __func__;
   23466   std::string command;
   23467   TPM_RC rc = SerializeCommand_SetCommandCodeAuditStatus(
   23468       auth,
   23469       auth_name,
   23470       audit_alg,
   23471       set_list,
   23472       clear_list,
   23473       &command,
   23474       authorization_delegate);
   23475   if (rc != TPM_RC_SUCCESS) {
   23476     return rc;
   23477   }
   23478   std::string response = transceiver_->SendCommandAndWait(command);
   23479   rc = ParseResponse_SetCommandCodeAuditStatus(
   23480       response,
   23481       authorization_delegate);
   23482   return rc;
   23483 }
   23484 
   23485 TPM_RC Tpm::SerializeCommand_PCR_Extend(
   23486       const TPMI_DH_PCR& pcr_handle,
   23487       const std::string& pcr_handle_name,
   23488       const TPML_DIGEST_VALUES& digests,
   23489       std::string* serialized_command,
   23490       AuthorizationDelegate* authorization_delegate) {
   23491   VLOG(3) << __func__;
   23492   TPM_RC rc = TPM_RC_SUCCESS;
   23493   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   23494   UINT32 command_size = 10;  // Header size.
   23495   std::string handle_section_bytes;
   23496   std::string parameter_section_bytes;
   23497   TPM_CC command_code = TPM_CC_PCR_Extend;
   23498   bool is_command_parameter_encryption_possible = false;
   23499   bool is_response_parameter_encryption_possible = false;
   23500   std::string command_code_bytes;
   23501   rc = Serialize_TPM_CC(
   23502       command_code,
   23503       &command_code_bytes);
   23504   if (rc != TPM_RC_SUCCESS) {
   23505     return rc;
   23506   }
   23507   std::string pcr_handle_bytes;
   23508   rc = Serialize_TPMI_DH_PCR(
   23509       pcr_handle,
   23510       &pcr_handle_bytes);
   23511   if (rc != TPM_RC_SUCCESS) {
   23512     return rc;
   23513   }
   23514   std::string digests_bytes;
   23515   rc = Serialize_TPML_DIGEST_VALUES(
   23516       digests,
   23517       &digests_bytes);
   23518   if (rc != TPM_RC_SUCCESS) {
   23519     return rc;
   23520   }
   23521   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   23522       crypto::SecureHash::SHA256));
   23523   hash->Update(command_code_bytes.data(),
   23524                command_code_bytes.size());
   23525   hash->Update(pcr_handle_name.data(),
   23526                pcr_handle_name.size());
   23527   handle_section_bytes += pcr_handle_bytes;
   23528   command_size += pcr_handle_bytes.size();
   23529   hash->Update(digests_bytes.data(),
   23530                digests_bytes.size());
   23531   parameter_section_bytes += digests_bytes;
   23532   command_size += digests_bytes.size();
   23533   std::string command_hash(32, 0);
   23534   hash->Finish(string_as_array(&command_hash), command_hash.size());
   23535   std::string authorization_section_bytes;
   23536   std::string authorization_size_bytes;
   23537   if (authorization_delegate) {
   23538     if (!authorization_delegate->GetCommandAuthorization(
   23539         command_hash,
   23540         is_command_parameter_encryption_possible,
   23541         is_response_parameter_encryption_possible,
   23542         &authorization_section_bytes)) {
   23543       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23544     }
   23545     if (!authorization_section_bytes.empty()) {
   23546       tag = TPM_ST_SESSIONS;
   23547       std::string tmp;
   23548       rc = Serialize_UINT32(authorization_section_bytes.size(),
   23549                             &authorization_size_bytes);
   23550       if (rc != TPM_RC_SUCCESS) {
   23551         return rc;
   23552       }
   23553       command_size += authorization_size_bytes.size() +
   23554                       authorization_section_bytes.size();
   23555     }
   23556   }
   23557   std::string tag_bytes;
   23558   rc = Serialize_TPMI_ST_COMMAND_TAG(
   23559       tag,
   23560       &tag_bytes);
   23561   if (rc != TPM_RC_SUCCESS) {
   23562     return rc;
   23563   }
   23564   std::string command_size_bytes;
   23565   rc = Serialize_UINT32(
   23566       command_size,
   23567       &command_size_bytes);
   23568   if (rc != TPM_RC_SUCCESS) {
   23569     return rc;
   23570   }
   23571   *serialized_command = tag_bytes +
   23572                         command_size_bytes +
   23573                         command_code_bytes +
   23574                         handle_section_bytes +
   23575                         authorization_size_bytes +
   23576                         authorization_section_bytes +
   23577                         parameter_section_bytes;
   23578   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   23579   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   23580                                             serialized_command->size());
   23581   return TPM_RC_SUCCESS;
   23582 }
   23583 
   23584 TPM_RC Tpm::ParseResponse_PCR_Extend(
   23585       const std::string& response,
   23586       AuthorizationDelegate* authorization_delegate) {
   23587   VLOG(3) << __func__;
   23588   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   23589   TPM_RC rc = TPM_RC_SUCCESS;
   23590   std::string buffer(response);
   23591   TPM_ST tag;
   23592   std::string tag_bytes;
   23593   rc = Parse_TPM_ST(
   23594       &buffer,
   23595       &tag,
   23596       &tag_bytes);
   23597   if (rc != TPM_RC_SUCCESS) {
   23598     return rc;
   23599   }
   23600   UINT32 response_size;
   23601   std::string response_size_bytes;
   23602   rc = Parse_UINT32(
   23603       &buffer,
   23604       &response_size,
   23605       &response_size_bytes);
   23606   if (rc != TPM_RC_SUCCESS) {
   23607     return rc;
   23608   }
   23609   TPM_RC response_code;
   23610   std::string response_code_bytes;
   23611   rc = Parse_TPM_RC(
   23612       &buffer,
   23613       &response_code,
   23614       &response_code_bytes);
   23615   if (rc != TPM_RC_SUCCESS) {
   23616     return rc;
   23617   }
   23618   if (response_size != response.size()) {
   23619     return TPM_RC_SIZE;
   23620   }
   23621   if (response_code != TPM_RC_SUCCESS) {
   23622     return response_code;
   23623   }
   23624   TPM_CC command_code = TPM_CC_PCR_Extend;
   23625   std::string command_code_bytes;
   23626   rc = Serialize_TPM_CC(
   23627       command_code,
   23628       &command_code_bytes);
   23629   if (rc != TPM_RC_SUCCESS) {
   23630     return rc;
   23631   }
   23632   std::string authorization_section_bytes;
   23633   if (tag == TPM_ST_SESSIONS) {
   23634     UINT32 parameter_section_size = buffer.size();
   23635     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   23636     if (rc != TPM_RC_SUCCESS) {
   23637       return rc;
   23638     }
   23639     if (parameter_section_size > buffer.size()) {
   23640       return TPM_RC_INSUFFICIENT;
   23641     }
   23642     authorization_section_bytes = buffer.substr(parameter_section_size);
   23643     // Keep the parameter section in |buffer|.
   23644     buffer.erase(parameter_section_size);
   23645   }
   23646   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   23647       crypto::SecureHash::SHA256));
   23648   hash->Update(response_code_bytes.data(),
   23649                response_code_bytes.size());
   23650   hash->Update(command_code_bytes.data(),
   23651                command_code_bytes.size());
   23652   hash->Update(buffer.data(),
   23653                buffer.size());
   23654   std::string response_hash(32, 0);
   23655   hash->Finish(string_as_array(&response_hash), response_hash.size());
   23656   if (tag == TPM_ST_SESSIONS) {
   23657     CHECK(authorization_delegate) << "Authorization delegate missing!";
   23658     if (!authorization_delegate->CheckResponseAuthorization(
   23659         response_hash,
   23660         authorization_section_bytes)) {
   23661       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23662     }
   23663   }
   23664   return TPM_RC_SUCCESS;
   23665 }
   23666 
   23667 void PCR_ExtendErrorCallback(
   23668     const Tpm::PCR_ExtendResponse& callback,
   23669     TPM_RC response_code) {
   23670   VLOG(1) << __func__;
   23671   callback.Run(response_code);
   23672 }
   23673 
   23674 void PCR_ExtendResponseParser(
   23675     const Tpm::PCR_ExtendResponse& callback,
   23676     AuthorizationDelegate* authorization_delegate,
   23677     const std::string& response) {
   23678   VLOG(1) << __func__;
   23679   base::Callback<void(TPM_RC)> error_reporter =
   23680       base::Bind(PCR_ExtendErrorCallback, callback);
   23681   TPM_RC rc = Tpm::ParseResponse_PCR_Extend(
   23682       response,
   23683       authorization_delegate);
   23684   if (rc != TPM_RC_SUCCESS) {
   23685     error_reporter.Run(rc);
   23686     return;
   23687   }
   23688   callback.Run(
   23689       rc);
   23690 }
   23691 
   23692 void Tpm::PCR_Extend(
   23693       const TPMI_DH_PCR& pcr_handle,
   23694       const std::string& pcr_handle_name,
   23695       const TPML_DIGEST_VALUES& digests,
   23696       AuthorizationDelegate* authorization_delegate,
   23697       const PCR_ExtendResponse& callback) {
   23698   VLOG(1) << __func__;
   23699   base::Callback<void(TPM_RC)> error_reporter =
   23700       base::Bind(PCR_ExtendErrorCallback, callback);
   23701   base::Callback<void(const std::string&)> parser =
   23702       base::Bind(PCR_ExtendResponseParser,
   23703                  callback,
   23704                  authorization_delegate);
   23705   std::string command;
   23706   TPM_RC rc = SerializeCommand_PCR_Extend(
   23707       pcr_handle,
   23708       pcr_handle_name,
   23709       digests,
   23710       &command,
   23711       authorization_delegate);
   23712   if (rc != TPM_RC_SUCCESS) {
   23713     error_reporter.Run(rc);
   23714     return;
   23715   }
   23716   transceiver_->SendCommand(command, parser);
   23717 }
   23718 
   23719 TPM_RC Tpm::PCR_ExtendSync(
   23720       const TPMI_DH_PCR& pcr_handle,
   23721       const std::string& pcr_handle_name,
   23722       const TPML_DIGEST_VALUES& digests,
   23723       AuthorizationDelegate* authorization_delegate) {
   23724   VLOG(1) << __func__;
   23725   std::string command;
   23726   TPM_RC rc = SerializeCommand_PCR_Extend(
   23727       pcr_handle,
   23728       pcr_handle_name,
   23729       digests,
   23730       &command,
   23731       authorization_delegate);
   23732   if (rc != TPM_RC_SUCCESS) {
   23733     return rc;
   23734   }
   23735   std::string response = transceiver_->SendCommandAndWait(command);
   23736   rc = ParseResponse_PCR_Extend(
   23737       response,
   23738       authorization_delegate);
   23739   return rc;
   23740 }
   23741 
   23742 TPM_RC Tpm::SerializeCommand_PCR_Event(
   23743       const TPMI_DH_PCR& pcr_handle,
   23744       const std::string& pcr_handle_name,
   23745       const TPM2B_EVENT& event_data,
   23746       std::string* serialized_command,
   23747       AuthorizationDelegate* authorization_delegate) {
   23748   VLOG(3) << __func__;
   23749   TPM_RC rc = TPM_RC_SUCCESS;
   23750   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   23751   UINT32 command_size = 10;  // Header size.
   23752   std::string handle_section_bytes;
   23753   std::string parameter_section_bytes;
   23754   TPM_CC command_code = TPM_CC_PCR_Event;
   23755   bool is_command_parameter_encryption_possible = true;
   23756   bool is_response_parameter_encryption_possible = false;
   23757   std::string command_code_bytes;
   23758   rc = Serialize_TPM_CC(
   23759       command_code,
   23760       &command_code_bytes);
   23761   if (rc != TPM_RC_SUCCESS) {
   23762     return rc;
   23763   }
   23764   std::string pcr_handle_bytes;
   23765   rc = Serialize_TPMI_DH_PCR(
   23766       pcr_handle,
   23767       &pcr_handle_bytes);
   23768   if (rc != TPM_RC_SUCCESS) {
   23769     return rc;
   23770   }
   23771   std::string event_data_bytes;
   23772   rc = Serialize_TPM2B_EVENT(
   23773       event_data,
   23774       &event_data_bytes);
   23775   if (rc != TPM_RC_SUCCESS) {
   23776     return rc;
   23777   }
   23778   if (authorization_delegate) {
   23779     // Encrypt just the parameter data, not the size.
   23780     std::string tmp = event_data_bytes.substr(2);
   23781     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   23782       return TRUNKS_RC_ENCRYPTION_FAILED;
   23783     }
   23784     event_data_bytes.replace(2, std::string::npos, tmp);
   23785   }
   23786   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   23787       crypto::SecureHash::SHA256));
   23788   hash->Update(command_code_bytes.data(),
   23789                command_code_bytes.size());
   23790   hash->Update(pcr_handle_name.data(),
   23791                pcr_handle_name.size());
   23792   handle_section_bytes += pcr_handle_bytes;
   23793   command_size += pcr_handle_bytes.size();
   23794   hash->Update(event_data_bytes.data(),
   23795                event_data_bytes.size());
   23796   parameter_section_bytes += event_data_bytes;
   23797   command_size += event_data_bytes.size();
   23798   std::string command_hash(32, 0);
   23799   hash->Finish(string_as_array(&command_hash), command_hash.size());
   23800   std::string authorization_section_bytes;
   23801   std::string authorization_size_bytes;
   23802   if (authorization_delegate) {
   23803     if (!authorization_delegate->GetCommandAuthorization(
   23804         command_hash,
   23805         is_command_parameter_encryption_possible,
   23806         is_response_parameter_encryption_possible,
   23807         &authorization_section_bytes)) {
   23808       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23809     }
   23810     if (!authorization_section_bytes.empty()) {
   23811       tag = TPM_ST_SESSIONS;
   23812       std::string tmp;
   23813       rc = Serialize_UINT32(authorization_section_bytes.size(),
   23814                             &authorization_size_bytes);
   23815       if (rc != TPM_RC_SUCCESS) {
   23816         return rc;
   23817       }
   23818       command_size += authorization_size_bytes.size() +
   23819                       authorization_section_bytes.size();
   23820     }
   23821   }
   23822   std::string tag_bytes;
   23823   rc = Serialize_TPMI_ST_COMMAND_TAG(
   23824       tag,
   23825       &tag_bytes);
   23826   if (rc != TPM_RC_SUCCESS) {
   23827     return rc;
   23828   }
   23829   std::string command_size_bytes;
   23830   rc = Serialize_UINT32(
   23831       command_size,
   23832       &command_size_bytes);
   23833   if (rc != TPM_RC_SUCCESS) {
   23834     return rc;
   23835   }
   23836   *serialized_command = tag_bytes +
   23837                         command_size_bytes +
   23838                         command_code_bytes +
   23839                         handle_section_bytes +
   23840                         authorization_size_bytes +
   23841                         authorization_section_bytes +
   23842                         parameter_section_bytes;
   23843   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   23844   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   23845                                             serialized_command->size());
   23846   return TPM_RC_SUCCESS;
   23847 }
   23848 
   23849 TPM_RC Tpm::ParseResponse_PCR_Event(
   23850       const std::string& response,
   23851       TPML_DIGEST_VALUES* digests,
   23852       AuthorizationDelegate* authorization_delegate) {
   23853   VLOG(3) << __func__;
   23854   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   23855   TPM_RC rc = TPM_RC_SUCCESS;
   23856   std::string buffer(response);
   23857   TPM_ST tag;
   23858   std::string tag_bytes;
   23859   rc = Parse_TPM_ST(
   23860       &buffer,
   23861       &tag,
   23862       &tag_bytes);
   23863   if (rc != TPM_RC_SUCCESS) {
   23864     return rc;
   23865   }
   23866   UINT32 response_size;
   23867   std::string response_size_bytes;
   23868   rc = Parse_UINT32(
   23869       &buffer,
   23870       &response_size,
   23871       &response_size_bytes);
   23872   if (rc != TPM_RC_SUCCESS) {
   23873     return rc;
   23874   }
   23875   TPM_RC response_code;
   23876   std::string response_code_bytes;
   23877   rc = Parse_TPM_RC(
   23878       &buffer,
   23879       &response_code,
   23880       &response_code_bytes);
   23881   if (rc != TPM_RC_SUCCESS) {
   23882     return rc;
   23883   }
   23884   if (response_size != response.size()) {
   23885     return TPM_RC_SIZE;
   23886   }
   23887   if (response_code != TPM_RC_SUCCESS) {
   23888     return response_code;
   23889   }
   23890   TPM_CC command_code = TPM_CC_PCR_Event;
   23891   std::string command_code_bytes;
   23892   rc = Serialize_TPM_CC(
   23893       command_code,
   23894       &command_code_bytes);
   23895   if (rc != TPM_RC_SUCCESS) {
   23896     return rc;
   23897   }
   23898   std::string authorization_section_bytes;
   23899   if (tag == TPM_ST_SESSIONS) {
   23900     UINT32 parameter_section_size = buffer.size();
   23901     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   23902     if (rc != TPM_RC_SUCCESS) {
   23903       return rc;
   23904     }
   23905     if (parameter_section_size > buffer.size()) {
   23906       return TPM_RC_INSUFFICIENT;
   23907     }
   23908     authorization_section_bytes = buffer.substr(parameter_section_size);
   23909     // Keep the parameter section in |buffer|.
   23910     buffer.erase(parameter_section_size);
   23911   }
   23912   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   23913       crypto::SecureHash::SHA256));
   23914   hash->Update(response_code_bytes.data(),
   23915                response_code_bytes.size());
   23916   hash->Update(command_code_bytes.data(),
   23917                command_code_bytes.size());
   23918   hash->Update(buffer.data(),
   23919                buffer.size());
   23920   std::string response_hash(32, 0);
   23921   hash->Finish(string_as_array(&response_hash), response_hash.size());
   23922   if (tag == TPM_ST_SESSIONS) {
   23923     CHECK(authorization_delegate) << "Authorization delegate missing!";
   23924     if (!authorization_delegate->CheckResponseAuthorization(
   23925         response_hash,
   23926         authorization_section_bytes)) {
   23927       return TRUNKS_RC_AUTHORIZATION_FAILED;
   23928     }
   23929   }
   23930   std::string digests_bytes;
   23931   rc = Parse_TPML_DIGEST_VALUES(
   23932       &buffer,
   23933       digests,
   23934       &digests_bytes);
   23935   if (rc != TPM_RC_SUCCESS) {
   23936     return rc;
   23937   }
   23938   return TPM_RC_SUCCESS;
   23939 }
   23940 
   23941 void PCR_EventErrorCallback(
   23942     const Tpm::PCR_EventResponse& callback,
   23943     TPM_RC response_code) {
   23944   VLOG(1) << __func__;
   23945   callback.Run(response_code,
   23946                TPML_DIGEST_VALUES());
   23947 }
   23948 
   23949 void PCR_EventResponseParser(
   23950     const Tpm::PCR_EventResponse& callback,
   23951     AuthorizationDelegate* authorization_delegate,
   23952     const std::string& response) {
   23953   VLOG(1) << __func__;
   23954   base::Callback<void(TPM_RC)> error_reporter =
   23955       base::Bind(PCR_EventErrorCallback, callback);
   23956   TPML_DIGEST_VALUES digests;
   23957   TPM_RC rc = Tpm::ParseResponse_PCR_Event(
   23958       response,
   23959       &digests,
   23960       authorization_delegate);
   23961   if (rc != TPM_RC_SUCCESS) {
   23962     error_reporter.Run(rc);
   23963     return;
   23964   }
   23965   callback.Run(
   23966       rc,
   23967       digests);
   23968 }
   23969 
   23970 void Tpm::PCR_Event(
   23971       const TPMI_DH_PCR& pcr_handle,
   23972       const std::string& pcr_handle_name,
   23973       const TPM2B_EVENT& event_data,
   23974       AuthorizationDelegate* authorization_delegate,
   23975       const PCR_EventResponse& callback) {
   23976   VLOG(1) << __func__;
   23977   base::Callback<void(TPM_RC)> error_reporter =
   23978       base::Bind(PCR_EventErrorCallback, callback);
   23979   base::Callback<void(const std::string&)> parser =
   23980       base::Bind(PCR_EventResponseParser,
   23981                  callback,
   23982                  authorization_delegate);
   23983   std::string command;
   23984   TPM_RC rc = SerializeCommand_PCR_Event(
   23985       pcr_handle,
   23986       pcr_handle_name,
   23987       event_data,
   23988       &command,
   23989       authorization_delegate);
   23990   if (rc != TPM_RC_SUCCESS) {
   23991     error_reporter.Run(rc);
   23992     return;
   23993   }
   23994   transceiver_->SendCommand(command, parser);
   23995 }
   23996 
   23997 TPM_RC Tpm::PCR_EventSync(
   23998       const TPMI_DH_PCR& pcr_handle,
   23999       const std::string& pcr_handle_name,
   24000       const TPM2B_EVENT& event_data,
   24001       TPML_DIGEST_VALUES* digests,
   24002       AuthorizationDelegate* authorization_delegate) {
   24003   VLOG(1) << __func__;
   24004   std::string command;
   24005   TPM_RC rc = SerializeCommand_PCR_Event(
   24006       pcr_handle,
   24007       pcr_handle_name,
   24008       event_data,
   24009       &command,
   24010       authorization_delegate);
   24011   if (rc != TPM_RC_SUCCESS) {
   24012     return rc;
   24013   }
   24014   std::string response = transceiver_->SendCommandAndWait(command);
   24015   rc = ParseResponse_PCR_Event(
   24016       response,
   24017       digests,
   24018       authorization_delegate);
   24019   return rc;
   24020 }
   24021 
   24022 TPM_RC Tpm::SerializeCommand_PCR_Read(
   24023       const TPML_PCR_SELECTION& pcr_selection_in,
   24024       std::string* serialized_command,
   24025       AuthorizationDelegate* authorization_delegate) {
   24026   VLOG(3) << __func__;
   24027   TPM_RC rc = TPM_RC_SUCCESS;
   24028   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   24029   UINT32 command_size = 10;  // Header size.
   24030   std::string handle_section_bytes;
   24031   std::string parameter_section_bytes;
   24032   TPM_CC command_code = TPM_CC_PCR_Read;
   24033   bool is_command_parameter_encryption_possible = false;
   24034   bool is_response_parameter_encryption_possible = false;
   24035   std::string command_code_bytes;
   24036   rc = Serialize_TPM_CC(
   24037       command_code,
   24038       &command_code_bytes);
   24039   if (rc != TPM_RC_SUCCESS) {
   24040     return rc;
   24041   }
   24042   std::string pcr_selection_in_bytes;
   24043   rc = Serialize_TPML_PCR_SELECTION(
   24044       pcr_selection_in,
   24045       &pcr_selection_in_bytes);
   24046   if (rc != TPM_RC_SUCCESS) {
   24047     return rc;
   24048   }
   24049   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   24050       crypto::SecureHash::SHA256));
   24051   hash->Update(command_code_bytes.data(),
   24052                command_code_bytes.size());
   24053   hash->Update(pcr_selection_in_bytes.data(),
   24054                pcr_selection_in_bytes.size());
   24055   parameter_section_bytes += pcr_selection_in_bytes;
   24056   command_size += pcr_selection_in_bytes.size();
   24057   std::string command_hash(32, 0);
   24058   hash->Finish(string_as_array(&command_hash), command_hash.size());
   24059   std::string authorization_section_bytes;
   24060   std::string authorization_size_bytes;
   24061   if (authorization_delegate) {
   24062     if (!authorization_delegate->GetCommandAuthorization(
   24063         command_hash,
   24064         is_command_parameter_encryption_possible,
   24065         is_response_parameter_encryption_possible,
   24066         &authorization_section_bytes)) {
   24067       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24068     }
   24069     if (!authorization_section_bytes.empty()) {
   24070       tag = TPM_ST_SESSIONS;
   24071       std::string tmp;
   24072       rc = Serialize_UINT32(authorization_section_bytes.size(),
   24073                             &authorization_size_bytes);
   24074       if (rc != TPM_RC_SUCCESS) {
   24075         return rc;
   24076       }
   24077       command_size += authorization_size_bytes.size() +
   24078                       authorization_section_bytes.size();
   24079     }
   24080   }
   24081   std::string tag_bytes;
   24082   rc = Serialize_TPMI_ST_COMMAND_TAG(
   24083       tag,
   24084       &tag_bytes);
   24085   if (rc != TPM_RC_SUCCESS) {
   24086     return rc;
   24087   }
   24088   std::string command_size_bytes;
   24089   rc = Serialize_UINT32(
   24090       command_size,
   24091       &command_size_bytes);
   24092   if (rc != TPM_RC_SUCCESS) {
   24093     return rc;
   24094   }
   24095   *serialized_command = tag_bytes +
   24096                         command_size_bytes +
   24097                         command_code_bytes +
   24098                         handle_section_bytes +
   24099                         authorization_size_bytes +
   24100                         authorization_section_bytes +
   24101                         parameter_section_bytes;
   24102   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   24103   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   24104                                             serialized_command->size());
   24105   return TPM_RC_SUCCESS;
   24106 }
   24107 
   24108 TPM_RC Tpm::ParseResponse_PCR_Read(
   24109       const std::string& response,
   24110       UINT32* pcr_update_counter,
   24111       TPML_PCR_SELECTION* pcr_selection_out,
   24112       TPML_DIGEST* pcr_values,
   24113       AuthorizationDelegate* authorization_delegate) {
   24114   VLOG(3) << __func__;
   24115   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   24116   TPM_RC rc = TPM_RC_SUCCESS;
   24117   std::string buffer(response);
   24118   TPM_ST tag;
   24119   std::string tag_bytes;
   24120   rc = Parse_TPM_ST(
   24121       &buffer,
   24122       &tag,
   24123       &tag_bytes);
   24124   if (rc != TPM_RC_SUCCESS) {
   24125     return rc;
   24126   }
   24127   UINT32 response_size;
   24128   std::string response_size_bytes;
   24129   rc = Parse_UINT32(
   24130       &buffer,
   24131       &response_size,
   24132       &response_size_bytes);
   24133   if (rc != TPM_RC_SUCCESS) {
   24134     return rc;
   24135   }
   24136   TPM_RC response_code;
   24137   std::string response_code_bytes;
   24138   rc = Parse_TPM_RC(
   24139       &buffer,
   24140       &response_code,
   24141       &response_code_bytes);
   24142   if (rc != TPM_RC_SUCCESS) {
   24143     return rc;
   24144   }
   24145   if (response_size != response.size()) {
   24146     return TPM_RC_SIZE;
   24147   }
   24148   if (response_code != TPM_RC_SUCCESS) {
   24149     return response_code;
   24150   }
   24151   TPM_CC command_code = TPM_CC_PCR_Read;
   24152   std::string command_code_bytes;
   24153   rc = Serialize_TPM_CC(
   24154       command_code,
   24155       &command_code_bytes);
   24156   if (rc != TPM_RC_SUCCESS) {
   24157     return rc;
   24158   }
   24159   std::string authorization_section_bytes;
   24160   if (tag == TPM_ST_SESSIONS) {
   24161     UINT32 parameter_section_size = buffer.size();
   24162     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   24163     if (rc != TPM_RC_SUCCESS) {
   24164       return rc;
   24165     }
   24166     if (parameter_section_size > buffer.size()) {
   24167       return TPM_RC_INSUFFICIENT;
   24168     }
   24169     authorization_section_bytes = buffer.substr(parameter_section_size);
   24170     // Keep the parameter section in |buffer|.
   24171     buffer.erase(parameter_section_size);
   24172   }
   24173   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   24174       crypto::SecureHash::SHA256));
   24175   hash->Update(response_code_bytes.data(),
   24176                response_code_bytes.size());
   24177   hash->Update(command_code_bytes.data(),
   24178                command_code_bytes.size());
   24179   hash->Update(buffer.data(),
   24180                buffer.size());
   24181   std::string response_hash(32, 0);
   24182   hash->Finish(string_as_array(&response_hash), response_hash.size());
   24183   if (tag == TPM_ST_SESSIONS) {
   24184     CHECK(authorization_delegate) << "Authorization delegate missing!";
   24185     if (!authorization_delegate->CheckResponseAuthorization(
   24186         response_hash,
   24187         authorization_section_bytes)) {
   24188       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24189     }
   24190   }
   24191   std::string pcr_update_counter_bytes;
   24192   rc = Parse_UINT32(
   24193       &buffer,
   24194       pcr_update_counter,
   24195       &pcr_update_counter_bytes);
   24196   if (rc != TPM_RC_SUCCESS) {
   24197     return rc;
   24198   }
   24199   std::string pcr_selection_out_bytes;
   24200   rc = Parse_TPML_PCR_SELECTION(
   24201       &buffer,
   24202       pcr_selection_out,
   24203       &pcr_selection_out_bytes);
   24204   if (rc != TPM_RC_SUCCESS) {
   24205     return rc;
   24206   }
   24207   std::string pcr_values_bytes;
   24208   rc = Parse_TPML_DIGEST(
   24209       &buffer,
   24210       pcr_values,
   24211       &pcr_values_bytes);
   24212   if (rc != TPM_RC_SUCCESS) {
   24213     return rc;
   24214   }
   24215   return TPM_RC_SUCCESS;
   24216 }
   24217 
   24218 void PCR_ReadErrorCallback(
   24219     const Tpm::PCR_ReadResponse& callback,
   24220     TPM_RC response_code) {
   24221   VLOG(1) << __func__;
   24222   callback.Run(response_code,
   24223                UINT32(),
   24224                TPML_PCR_SELECTION(),
   24225                TPML_DIGEST());
   24226 }
   24227 
   24228 void PCR_ReadResponseParser(
   24229     const Tpm::PCR_ReadResponse& callback,
   24230     AuthorizationDelegate* authorization_delegate,
   24231     const std::string& response) {
   24232   VLOG(1) << __func__;
   24233   base::Callback<void(TPM_RC)> error_reporter =
   24234       base::Bind(PCR_ReadErrorCallback, callback);
   24235   UINT32 pcr_update_counter;
   24236   TPML_PCR_SELECTION pcr_selection_out;
   24237   TPML_DIGEST pcr_values;
   24238   TPM_RC rc = Tpm::ParseResponse_PCR_Read(
   24239       response,
   24240       &pcr_update_counter,
   24241       &pcr_selection_out,
   24242       &pcr_values,
   24243       authorization_delegate);
   24244   if (rc != TPM_RC_SUCCESS) {
   24245     error_reporter.Run(rc);
   24246     return;
   24247   }
   24248   callback.Run(
   24249       rc,
   24250       pcr_update_counter,
   24251       pcr_selection_out,
   24252       pcr_values);
   24253 }
   24254 
   24255 void Tpm::PCR_Read(
   24256       const TPML_PCR_SELECTION& pcr_selection_in,
   24257       AuthorizationDelegate* authorization_delegate,
   24258       const PCR_ReadResponse& callback) {
   24259   VLOG(1) << __func__;
   24260   base::Callback<void(TPM_RC)> error_reporter =
   24261       base::Bind(PCR_ReadErrorCallback, callback);
   24262   base::Callback<void(const std::string&)> parser =
   24263       base::Bind(PCR_ReadResponseParser,
   24264                  callback,
   24265                  authorization_delegate);
   24266   std::string command;
   24267   TPM_RC rc = SerializeCommand_PCR_Read(
   24268       pcr_selection_in,
   24269       &command,
   24270       authorization_delegate);
   24271   if (rc != TPM_RC_SUCCESS) {
   24272     error_reporter.Run(rc);
   24273     return;
   24274   }
   24275   transceiver_->SendCommand(command, parser);
   24276 }
   24277 
   24278 TPM_RC Tpm::PCR_ReadSync(
   24279       const TPML_PCR_SELECTION& pcr_selection_in,
   24280       UINT32* pcr_update_counter,
   24281       TPML_PCR_SELECTION* pcr_selection_out,
   24282       TPML_DIGEST* pcr_values,
   24283       AuthorizationDelegate* authorization_delegate) {
   24284   VLOG(1) << __func__;
   24285   std::string command;
   24286   TPM_RC rc = SerializeCommand_PCR_Read(
   24287       pcr_selection_in,
   24288       &command,
   24289       authorization_delegate);
   24290   if (rc != TPM_RC_SUCCESS) {
   24291     return rc;
   24292   }
   24293   std::string response = transceiver_->SendCommandAndWait(command);
   24294   rc = ParseResponse_PCR_Read(
   24295       response,
   24296       pcr_update_counter,
   24297       pcr_selection_out,
   24298       pcr_values,
   24299       authorization_delegate);
   24300   return rc;
   24301 }
   24302 
   24303 TPM_RC Tpm::SerializeCommand_PCR_Allocate(
   24304       const TPMI_RH_PLATFORM& auth_handle,
   24305       const std::string& auth_handle_name,
   24306       const TPML_PCR_SELECTION& pcr_allocation,
   24307       std::string* serialized_command,
   24308       AuthorizationDelegate* authorization_delegate) {
   24309   VLOG(3) << __func__;
   24310   TPM_RC rc = TPM_RC_SUCCESS;
   24311   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   24312   UINT32 command_size = 10;  // Header size.
   24313   std::string handle_section_bytes;
   24314   std::string parameter_section_bytes;
   24315   TPM_CC command_code = TPM_CC_PCR_Allocate;
   24316   bool is_command_parameter_encryption_possible = false;
   24317   bool is_response_parameter_encryption_possible = false;
   24318   std::string command_code_bytes;
   24319   rc = Serialize_TPM_CC(
   24320       command_code,
   24321       &command_code_bytes);
   24322   if (rc != TPM_RC_SUCCESS) {
   24323     return rc;
   24324   }
   24325   std::string auth_handle_bytes;
   24326   rc = Serialize_TPMI_RH_PLATFORM(
   24327       auth_handle,
   24328       &auth_handle_bytes);
   24329   if (rc != TPM_RC_SUCCESS) {
   24330     return rc;
   24331   }
   24332   std::string pcr_allocation_bytes;
   24333   rc = Serialize_TPML_PCR_SELECTION(
   24334       pcr_allocation,
   24335       &pcr_allocation_bytes);
   24336   if (rc != TPM_RC_SUCCESS) {
   24337     return rc;
   24338   }
   24339   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   24340       crypto::SecureHash::SHA256));
   24341   hash->Update(command_code_bytes.data(),
   24342                command_code_bytes.size());
   24343   hash->Update(auth_handle_name.data(),
   24344                auth_handle_name.size());
   24345   handle_section_bytes += auth_handle_bytes;
   24346   command_size += auth_handle_bytes.size();
   24347   hash->Update(pcr_allocation_bytes.data(),
   24348                pcr_allocation_bytes.size());
   24349   parameter_section_bytes += pcr_allocation_bytes;
   24350   command_size += pcr_allocation_bytes.size();
   24351   std::string command_hash(32, 0);
   24352   hash->Finish(string_as_array(&command_hash), command_hash.size());
   24353   std::string authorization_section_bytes;
   24354   std::string authorization_size_bytes;
   24355   if (authorization_delegate) {
   24356     if (!authorization_delegate->GetCommandAuthorization(
   24357         command_hash,
   24358         is_command_parameter_encryption_possible,
   24359         is_response_parameter_encryption_possible,
   24360         &authorization_section_bytes)) {
   24361       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24362     }
   24363     if (!authorization_section_bytes.empty()) {
   24364       tag = TPM_ST_SESSIONS;
   24365       std::string tmp;
   24366       rc = Serialize_UINT32(authorization_section_bytes.size(),
   24367                             &authorization_size_bytes);
   24368       if (rc != TPM_RC_SUCCESS) {
   24369         return rc;
   24370       }
   24371       command_size += authorization_size_bytes.size() +
   24372                       authorization_section_bytes.size();
   24373     }
   24374   }
   24375   std::string tag_bytes;
   24376   rc = Serialize_TPMI_ST_COMMAND_TAG(
   24377       tag,
   24378       &tag_bytes);
   24379   if (rc != TPM_RC_SUCCESS) {
   24380     return rc;
   24381   }
   24382   std::string command_size_bytes;
   24383   rc = Serialize_UINT32(
   24384       command_size,
   24385       &command_size_bytes);
   24386   if (rc != TPM_RC_SUCCESS) {
   24387     return rc;
   24388   }
   24389   *serialized_command = tag_bytes +
   24390                         command_size_bytes +
   24391                         command_code_bytes +
   24392                         handle_section_bytes +
   24393                         authorization_size_bytes +
   24394                         authorization_section_bytes +
   24395                         parameter_section_bytes;
   24396   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   24397   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   24398                                             serialized_command->size());
   24399   return TPM_RC_SUCCESS;
   24400 }
   24401 
   24402 TPM_RC Tpm::ParseResponse_PCR_Allocate(
   24403       const std::string& response,
   24404       TPMI_YES_NO* allocation_success,
   24405       UINT32* max_pcr,
   24406       UINT32* size_needed,
   24407       UINT32* size_available,
   24408       AuthorizationDelegate* authorization_delegate) {
   24409   VLOG(3) << __func__;
   24410   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   24411   TPM_RC rc = TPM_RC_SUCCESS;
   24412   std::string buffer(response);
   24413   TPM_ST tag;
   24414   std::string tag_bytes;
   24415   rc = Parse_TPM_ST(
   24416       &buffer,
   24417       &tag,
   24418       &tag_bytes);
   24419   if (rc != TPM_RC_SUCCESS) {
   24420     return rc;
   24421   }
   24422   UINT32 response_size;
   24423   std::string response_size_bytes;
   24424   rc = Parse_UINT32(
   24425       &buffer,
   24426       &response_size,
   24427       &response_size_bytes);
   24428   if (rc != TPM_RC_SUCCESS) {
   24429     return rc;
   24430   }
   24431   TPM_RC response_code;
   24432   std::string response_code_bytes;
   24433   rc = Parse_TPM_RC(
   24434       &buffer,
   24435       &response_code,
   24436       &response_code_bytes);
   24437   if (rc != TPM_RC_SUCCESS) {
   24438     return rc;
   24439   }
   24440   if (response_size != response.size()) {
   24441     return TPM_RC_SIZE;
   24442   }
   24443   if (response_code != TPM_RC_SUCCESS) {
   24444     return response_code;
   24445   }
   24446   TPM_CC command_code = TPM_CC_PCR_Allocate;
   24447   std::string command_code_bytes;
   24448   rc = Serialize_TPM_CC(
   24449       command_code,
   24450       &command_code_bytes);
   24451   if (rc != TPM_RC_SUCCESS) {
   24452     return rc;
   24453   }
   24454   std::string authorization_section_bytes;
   24455   if (tag == TPM_ST_SESSIONS) {
   24456     UINT32 parameter_section_size = buffer.size();
   24457     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   24458     if (rc != TPM_RC_SUCCESS) {
   24459       return rc;
   24460     }
   24461     if (parameter_section_size > buffer.size()) {
   24462       return TPM_RC_INSUFFICIENT;
   24463     }
   24464     authorization_section_bytes = buffer.substr(parameter_section_size);
   24465     // Keep the parameter section in |buffer|.
   24466     buffer.erase(parameter_section_size);
   24467   }
   24468   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   24469       crypto::SecureHash::SHA256));
   24470   hash->Update(response_code_bytes.data(),
   24471                response_code_bytes.size());
   24472   hash->Update(command_code_bytes.data(),
   24473                command_code_bytes.size());
   24474   hash->Update(buffer.data(),
   24475                buffer.size());
   24476   std::string response_hash(32, 0);
   24477   hash->Finish(string_as_array(&response_hash), response_hash.size());
   24478   if (tag == TPM_ST_SESSIONS) {
   24479     CHECK(authorization_delegate) << "Authorization delegate missing!";
   24480     if (!authorization_delegate->CheckResponseAuthorization(
   24481         response_hash,
   24482         authorization_section_bytes)) {
   24483       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24484     }
   24485   }
   24486   std::string allocation_success_bytes;
   24487   rc = Parse_TPMI_YES_NO(
   24488       &buffer,
   24489       allocation_success,
   24490       &allocation_success_bytes);
   24491   if (rc != TPM_RC_SUCCESS) {
   24492     return rc;
   24493   }
   24494   std::string max_pcr_bytes;
   24495   rc = Parse_UINT32(
   24496       &buffer,
   24497       max_pcr,
   24498       &max_pcr_bytes);
   24499   if (rc != TPM_RC_SUCCESS) {
   24500     return rc;
   24501   }
   24502   std::string size_needed_bytes;
   24503   rc = Parse_UINT32(
   24504       &buffer,
   24505       size_needed,
   24506       &size_needed_bytes);
   24507   if (rc != TPM_RC_SUCCESS) {
   24508     return rc;
   24509   }
   24510   std::string size_available_bytes;
   24511   rc = Parse_UINT32(
   24512       &buffer,
   24513       size_available,
   24514       &size_available_bytes);
   24515   if (rc != TPM_RC_SUCCESS) {
   24516     return rc;
   24517   }
   24518   return TPM_RC_SUCCESS;
   24519 }
   24520 
   24521 void PCR_AllocateErrorCallback(
   24522     const Tpm::PCR_AllocateResponse& callback,
   24523     TPM_RC response_code) {
   24524   VLOG(1) << __func__;
   24525   callback.Run(response_code,
   24526                TPMI_YES_NO(),
   24527                UINT32(),
   24528                UINT32(),
   24529                UINT32());
   24530 }
   24531 
   24532 void PCR_AllocateResponseParser(
   24533     const Tpm::PCR_AllocateResponse& callback,
   24534     AuthorizationDelegate* authorization_delegate,
   24535     const std::string& response) {
   24536   VLOG(1) << __func__;
   24537   base::Callback<void(TPM_RC)> error_reporter =
   24538       base::Bind(PCR_AllocateErrorCallback, callback);
   24539   TPMI_YES_NO allocation_success;
   24540   UINT32 max_pcr;
   24541   UINT32 size_needed;
   24542   UINT32 size_available;
   24543   TPM_RC rc = Tpm::ParseResponse_PCR_Allocate(
   24544       response,
   24545       &allocation_success,
   24546       &max_pcr,
   24547       &size_needed,
   24548       &size_available,
   24549       authorization_delegate);
   24550   if (rc != TPM_RC_SUCCESS) {
   24551     error_reporter.Run(rc);
   24552     return;
   24553   }
   24554   callback.Run(
   24555       rc,
   24556       allocation_success,
   24557       max_pcr,
   24558       size_needed,
   24559       size_available);
   24560 }
   24561 
   24562 void Tpm::PCR_Allocate(
   24563       const TPMI_RH_PLATFORM& auth_handle,
   24564       const std::string& auth_handle_name,
   24565       const TPML_PCR_SELECTION& pcr_allocation,
   24566       AuthorizationDelegate* authorization_delegate,
   24567       const PCR_AllocateResponse& callback) {
   24568   VLOG(1) << __func__;
   24569   base::Callback<void(TPM_RC)> error_reporter =
   24570       base::Bind(PCR_AllocateErrorCallback, callback);
   24571   base::Callback<void(const std::string&)> parser =
   24572       base::Bind(PCR_AllocateResponseParser,
   24573                  callback,
   24574                  authorization_delegate);
   24575   std::string command;
   24576   TPM_RC rc = SerializeCommand_PCR_Allocate(
   24577       auth_handle,
   24578       auth_handle_name,
   24579       pcr_allocation,
   24580       &command,
   24581       authorization_delegate);
   24582   if (rc != TPM_RC_SUCCESS) {
   24583     error_reporter.Run(rc);
   24584     return;
   24585   }
   24586   transceiver_->SendCommand(command, parser);
   24587 }
   24588 
   24589 TPM_RC Tpm::PCR_AllocateSync(
   24590       const TPMI_RH_PLATFORM& auth_handle,
   24591       const std::string& auth_handle_name,
   24592       const TPML_PCR_SELECTION& pcr_allocation,
   24593       TPMI_YES_NO* allocation_success,
   24594       UINT32* max_pcr,
   24595       UINT32* size_needed,
   24596       UINT32* size_available,
   24597       AuthorizationDelegate* authorization_delegate) {
   24598   VLOG(1) << __func__;
   24599   std::string command;
   24600   TPM_RC rc = SerializeCommand_PCR_Allocate(
   24601       auth_handle,
   24602       auth_handle_name,
   24603       pcr_allocation,
   24604       &command,
   24605       authorization_delegate);
   24606   if (rc != TPM_RC_SUCCESS) {
   24607     return rc;
   24608   }
   24609   std::string response = transceiver_->SendCommandAndWait(command);
   24610   rc = ParseResponse_PCR_Allocate(
   24611       response,
   24612       allocation_success,
   24613       max_pcr,
   24614       size_needed,
   24615       size_available,
   24616       authorization_delegate);
   24617   return rc;
   24618 }
   24619 
   24620 TPM_RC Tpm::SerializeCommand_PCR_SetAuthPolicy(
   24621       const TPMI_RH_PLATFORM& auth_handle,
   24622       const std::string& auth_handle_name,
   24623       const TPMI_DH_PCR& pcr_num,
   24624       const std::string& pcr_num_name,
   24625       const TPM2B_DIGEST& auth_policy,
   24626       const TPMI_ALG_HASH& policy_digest,
   24627       std::string* serialized_command,
   24628       AuthorizationDelegate* authorization_delegate) {
   24629   VLOG(3) << __func__;
   24630   TPM_RC rc = TPM_RC_SUCCESS;
   24631   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   24632   UINT32 command_size = 10;  // Header size.
   24633   std::string handle_section_bytes;
   24634   std::string parameter_section_bytes;
   24635   TPM_CC command_code = TPM_CC_PCR_SetAuthPolicy;
   24636   bool is_command_parameter_encryption_possible = true;
   24637   bool is_response_parameter_encryption_possible = false;
   24638   std::string command_code_bytes;
   24639   rc = Serialize_TPM_CC(
   24640       command_code,
   24641       &command_code_bytes);
   24642   if (rc != TPM_RC_SUCCESS) {
   24643     return rc;
   24644   }
   24645   std::string auth_handle_bytes;
   24646   rc = Serialize_TPMI_RH_PLATFORM(
   24647       auth_handle,
   24648       &auth_handle_bytes);
   24649   if (rc != TPM_RC_SUCCESS) {
   24650     return rc;
   24651   }
   24652   std::string auth_policy_bytes;
   24653   rc = Serialize_TPM2B_DIGEST(
   24654       auth_policy,
   24655       &auth_policy_bytes);
   24656   if (rc != TPM_RC_SUCCESS) {
   24657     return rc;
   24658   }
   24659   std::string policy_digest_bytes;
   24660   rc = Serialize_TPMI_ALG_HASH(
   24661       policy_digest,
   24662       &policy_digest_bytes);
   24663   if (rc != TPM_RC_SUCCESS) {
   24664     return rc;
   24665   }
   24666   std::string pcr_num_bytes;
   24667   rc = Serialize_TPMI_DH_PCR(
   24668       pcr_num,
   24669       &pcr_num_bytes);
   24670   if (rc != TPM_RC_SUCCESS) {
   24671     return rc;
   24672   }
   24673   if (authorization_delegate) {
   24674     // Encrypt just the parameter data, not the size.
   24675     std::string tmp = auth_policy_bytes.substr(2);
   24676     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   24677       return TRUNKS_RC_ENCRYPTION_FAILED;
   24678     }
   24679     auth_policy_bytes.replace(2, std::string::npos, tmp);
   24680   }
   24681   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   24682       crypto::SecureHash::SHA256));
   24683   hash->Update(command_code_bytes.data(),
   24684                command_code_bytes.size());
   24685   hash->Update(auth_handle_name.data(),
   24686                auth_handle_name.size());
   24687   handle_section_bytes += auth_handle_bytes;
   24688   command_size += auth_handle_bytes.size();
   24689   hash->Update(pcr_num_name.data(),
   24690                pcr_num_name.size());
   24691   handle_section_bytes += pcr_num_bytes;
   24692   command_size += pcr_num_bytes.size();
   24693   hash->Update(auth_policy_bytes.data(),
   24694                auth_policy_bytes.size());
   24695   parameter_section_bytes += auth_policy_bytes;
   24696   command_size += auth_policy_bytes.size();
   24697   hash->Update(policy_digest_bytes.data(),
   24698                policy_digest_bytes.size());
   24699   parameter_section_bytes += policy_digest_bytes;
   24700   command_size += policy_digest_bytes.size();
   24701   std::string command_hash(32, 0);
   24702   hash->Finish(string_as_array(&command_hash), command_hash.size());
   24703   std::string authorization_section_bytes;
   24704   std::string authorization_size_bytes;
   24705   if (authorization_delegate) {
   24706     if (!authorization_delegate->GetCommandAuthorization(
   24707         command_hash,
   24708         is_command_parameter_encryption_possible,
   24709         is_response_parameter_encryption_possible,
   24710         &authorization_section_bytes)) {
   24711       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24712     }
   24713     if (!authorization_section_bytes.empty()) {
   24714       tag = TPM_ST_SESSIONS;
   24715       std::string tmp;
   24716       rc = Serialize_UINT32(authorization_section_bytes.size(),
   24717                             &authorization_size_bytes);
   24718       if (rc != TPM_RC_SUCCESS) {
   24719         return rc;
   24720       }
   24721       command_size += authorization_size_bytes.size() +
   24722                       authorization_section_bytes.size();
   24723     }
   24724   }
   24725   std::string tag_bytes;
   24726   rc = Serialize_TPMI_ST_COMMAND_TAG(
   24727       tag,
   24728       &tag_bytes);
   24729   if (rc != TPM_RC_SUCCESS) {
   24730     return rc;
   24731   }
   24732   std::string command_size_bytes;
   24733   rc = Serialize_UINT32(
   24734       command_size,
   24735       &command_size_bytes);
   24736   if (rc != TPM_RC_SUCCESS) {
   24737     return rc;
   24738   }
   24739   *serialized_command = tag_bytes +
   24740                         command_size_bytes +
   24741                         command_code_bytes +
   24742                         handle_section_bytes +
   24743                         authorization_size_bytes +
   24744                         authorization_section_bytes +
   24745                         parameter_section_bytes;
   24746   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   24747   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   24748                                             serialized_command->size());
   24749   return TPM_RC_SUCCESS;
   24750 }
   24751 
   24752 TPM_RC Tpm::ParseResponse_PCR_SetAuthPolicy(
   24753       const std::string& response,
   24754       AuthorizationDelegate* authorization_delegate) {
   24755   VLOG(3) << __func__;
   24756   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   24757   TPM_RC rc = TPM_RC_SUCCESS;
   24758   std::string buffer(response);
   24759   TPM_ST tag;
   24760   std::string tag_bytes;
   24761   rc = Parse_TPM_ST(
   24762       &buffer,
   24763       &tag,
   24764       &tag_bytes);
   24765   if (rc != TPM_RC_SUCCESS) {
   24766     return rc;
   24767   }
   24768   UINT32 response_size;
   24769   std::string response_size_bytes;
   24770   rc = Parse_UINT32(
   24771       &buffer,
   24772       &response_size,
   24773       &response_size_bytes);
   24774   if (rc != TPM_RC_SUCCESS) {
   24775     return rc;
   24776   }
   24777   TPM_RC response_code;
   24778   std::string response_code_bytes;
   24779   rc = Parse_TPM_RC(
   24780       &buffer,
   24781       &response_code,
   24782       &response_code_bytes);
   24783   if (rc != TPM_RC_SUCCESS) {
   24784     return rc;
   24785   }
   24786   if (response_size != response.size()) {
   24787     return TPM_RC_SIZE;
   24788   }
   24789   if (response_code != TPM_RC_SUCCESS) {
   24790     return response_code;
   24791   }
   24792   TPM_CC command_code = TPM_CC_PCR_SetAuthPolicy;
   24793   std::string command_code_bytes;
   24794   rc = Serialize_TPM_CC(
   24795       command_code,
   24796       &command_code_bytes);
   24797   if (rc != TPM_RC_SUCCESS) {
   24798     return rc;
   24799   }
   24800   std::string authorization_section_bytes;
   24801   if (tag == TPM_ST_SESSIONS) {
   24802     UINT32 parameter_section_size = buffer.size();
   24803     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   24804     if (rc != TPM_RC_SUCCESS) {
   24805       return rc;
   24806     }
   24807     if (parameter_section_size > buffer.size()) {
   24808       return TPM_RC_INSUFFICIENT;
   24809     }
   24810     authorization_section_bytes = buffer.substr(parameter_section_size);
   24811     // Keep the parameter section in |buffer|.
   24812     buffer.erase(parameter_section_size);
   24813   }
   24814   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   24815       crypto::SecureHash::SHA256));
   24816   hash->Update(response_code_bytes.data(),
   24817                response_code_bytes.size());
   24818   hash->Update(command_code_bytes.data(),
   24819                command_code_bytes.size());
   24820   hash->Update(buffer.data(),
   24821                buffer.size());
   24822   std::string response_hash(32, 0);
   24823   hash->Finish(string_as_array(&response_hash), response_hash.size());
   24824   if (tag == TPM_ST_SESSIONS) {
   24825     CHECK(authorization_delegate) << "Authorization delegate missing!";
   24826     if (!authorization_delegate->CheckResponseAuthorization(
   24827         response_hash,
   24828         authorization_section_bytes)) {
   24829       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24830     }
   24831   }
   24832   return TPM_RC_SUCCESS;
   24833 }
   24834 
   24835 void PCR_SetAuthPolicyErrorCallback(
   24836     const Tpm::PCR_SetAuthPolicyResponse& callback,
   24837     TPM_RC response_code) {
   24838   VLOG(1) << __func__;
   24839   callback.Run(response_code);
   24840 }
   24841 
   24842 void PCR_SetAuthPolicyResponseParser(
   24843     const Tpm::PCR_SetAuthPolicyResponse& callback,
   24844     AuthorizationDelegate* authorization_delegate,
   24845     const std::string& response) {
   24846   VLOG(1) << __func__;
   24847   base::Callback<void(TPM_RC)> error_reporter =
   24848       base::Bind(PCR_SetAuthPolicyErrorCallback, callback);
   24849   TPM_RC rc = Tpm::ParseResponse_PCR_SetAuthPolicy(
   24850       response,
   24851       authorization_delegate);
   24852   if (rc != TPM_RC_SUCCESS) {
   24853     error_reporter.Run(rc);
   24854     return;
   24855   }
   24856   callback.Run(
   24857       rc);
   24858 }
   24859 
   24860 void Tpm::PCR_SetAuthPolicy(
   24861       const TPMI_RH_PLATFORM& auth_handle,
   24862       const std::string& auth_handle_name,
   24863       const TPMI_DH_PCR& pcr_num,
   24864       const std::string& pcr_num_name,
   24865       const TPM2B_DIGEST& auth_policy,
   24866       const TPMI_ALG_HASH& policy_digest,
   24867       AuthorizationDelegate* authorization_delegate,
   24868       const PCR_SetAuthPolicyResponse& callback) {
   24869   VLOG(1) << __func__;
   24870   base::Callback<void(TPM_RC)> error_reporter =
   24871       base::Bind(PCR_SetAuthPolicyErrorCallback, callback);
   24872   base::Callback<void(const std::string&)> parser =
   24873       base::Bind(PCR_SetAuthPolicyResponseParser,
   24874                  callback,
   24875                  authorization_delegate);
   24876   std::string command;
   24877   TPM_RC rc = SerializeCommand_PCR_SetAuthPolicy(
   24878       auth_handle,
   24879       auth_handle_name,
   24880       pcr_num,
   24881       pcr_num_name,
   24882       auth_policy,
   24883       policy_digest,
   24884       &command,
   24885       authorization_delegate);
   24886   if (rc != TPM_RC_SUCCESS) {
   24887     error_reporter.Run(rc);
   24888     return;
   24889   }
   24890   transceiver_->SendCommand(command, parser);
   24891 }
   24892 
   24893 TPM_RC Tpm::PCR_SetAuthPolicySync(
   24894       const TPMI_RH_PLATFORM& auth_handle,
   24895       const std::string& auth_handle_name,
   24896       const TPMI_DH_PCR& pcr_num,
   24897       const std::string& pcr_num_name,
   24898       const TPM2B_DIGEST& auth_policy,
   24899       const TPMI_ALG_HASH& policy_digest,
   24900       AuthorizationDelegate* authorization_delegate) {
   24901   VLOG(1) << __func__;
   24902   std::string command;
   24903   TPM_RC rc = SerializeCommand_PCR_SetAuthPolicy(
   24904       auth_handle,
   24905       auth_handle_name,
   24906       pcr_num,
   24907       pcr_num_name,
   24908       auth_policy,
   24909       policy_digest,
   24910       &command,
   24911       authorization_delegate);
   24912   if (rc != TPM_RC_SUCCESS) {
   24913     return rc;
   24914   }
   24915   std::string response = transceiver_->SendCommandAndWait(command);
   24916   rc = ParseResponse_PCR_SetAuthPolicy(
   24917       response,
   24918       authorization_delegate);
   24919   return rc;
   24920 }
   24921 
   24922 TPM_RC Tpm::SerializeCommand_PCR_SetAuthValue(
   24923       const TPMI_DH_PCR& pcr_handle,
   24924       const std::string& pcr_handle_name,
   24925       const TPM2B_DIGEST& auth,
   24926       std::string* serialized_command,
   24927       AuthorizationDelegate* authorization_delegate) {
   24928   VLOG(3) << __func__;
   24929   TPM_RC rc = TPM_RC_SUCCESS;
   24930   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   24931   UINT32 command_size = 10;  // Header size.
   24932   std::string handle_section_bytes;
   24933   std::string parameter_section_bytes;
   24934   TPM_CC command_code = TPM_CC_PCR_SetAuthValue;
   24935   bool is_command_parameter_encryption_possible = true;
   24936   bool is_response_parameter_encryption_possible = false;
   24937   std::string command_code_bytes;
   24938   rc = Serialize_TPM_CC(
   24939       command_code,
   24940       &command_code_bytes);
   24941   if (rc != TPM_RC_SUCCESS) {
   24942     return rc;
   24943   }
   24944   std::string pcr_handle_bytes;
   24945   rc = Serialize_TPMI_DH_PCR(
   24946       pcr_handle,
   24947       &pcr_handle_bytes);
   24948   if (rc != TPM_RC_SUCCESS) {
   24949     return rc;
   24950   }
   24951   std::string auth_bytes;
   24952   rc = Serialize_TPM2B_DIGEST(
   24953       auth,
   24954       &auth_bytes);
   24955   if (rc != TPM_RC_SUCCESS) {
   24956     return rc;
   24957   }
   24958   if (authorization_delegate) {
   24959     // Encrypt just the parameter data, not the size.
   24960     std::string tmp = auth_bytes.substr(2);
   24961     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   24962       return TRUNKS_RC_ENCRYPTION_FAILED;
   24963     }
   24964     auth_bytes.replace(2, std::string::npos, tmp);
   24965   }
   24966   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   24967       crypto::SecureHash::SHA256));
   24968   hash->Update(command_code_bytes.data(),
   24969                command_code_bytes.size());
   24970   hash->Update(pcr_handle_name.data(),
   24971                pcr_handle_name.size());
   24972   handle_section_bytes += pcr_handle_bytes;
   24973   command_size += pcr_handle_bytes.size();
   24974   hash->Update(auth_bytes.data(),
   24975                auth_bytes.size());
   24976   parameter_section_bytes += auth_bytes;
   24977   command_size += auth_bytes.size();
   24978   std::string command_hash(32, 0);
   24979   hash->Finish(string_as_array(&command_hash), command_hash.size());
   24980   std::string authorization_section_bytes;
   24981   std::string authorization_size_bytes;
   24982   if (authorization_delegate) {
   24983     if (!authorization_delegate->GetCommandAuthorization(
   24984         command_hash,
   24985         is_command_parameter_encryption_possible,
   24986         is_response_parameter_encryption_possible,
   24987         &authorization_section_bytes)) {
   24988       return TRUNKS_RC_AUTHORIZATION_FAILED;
   24989     }
   24990     if (!authorization_section_bytes.empty()) {
   24991       tag = TPM_ST_SESSIONS;
   24992       std::string tmp;
   24993       rc = Serialize_UINT32(authorization_section_bytes.size(),
   24994                             &authorization_size_bytes);
   24995       if (rc != TPM_RC_SUCCESS) {
   24996         return rc;
   24997       }
   24998       command_size += authorization_size_bytes.size() +
   24999                       authorization_section_bytes.size();
   25000     }
   25001   }
   25002   std::string tag_bytes;
   25003   rc = Serialize_TPMI_ST_COMMAND_TAG(
   25004       tag,
   25005       &tag_bytes);
   25006   if (rc != TPM_RC_SUCCESS) {
   25007     return rc;
   25008   }
   25009   std::string command_size_bytes;
   25010   rc = Serialize_UINT32(
   25011       command_size,
   25012       &command_size_bytes);
   25013   if (rc != TPM_RC_SUCCESS) {
   25014     return rc;
   25015   }
   25016   *serialized_command = tag_bytes +
   25017                         command_size_bytes +
   25018                         command_code_bytes +
   25019                         handle_section_bytes +
   25020                         authorization_size_bytes +
   25021                         authorization_section_bytes +
   25022                         parameter_section_bytes;
   25023   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   25024   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   25025                                             serialized_command->size());
   25026   return TPM_RC_SUCCESS;
   25027 }
   25028 
   25029 TPM_RC Tpm::ParseResponse_PCR_SetAuthValue(
   25030       const std::string& response,
   25031       AuthorizationDelegate* authorization_delegate) {
   25032   VLOG(3) << __func__;
   25033   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   25034   TPM_RC rc = TPM_RC_SUCCESS;
   25035   std::string buffer(response);
   25036   TPM_ST tag;
   25037   std::string tag_bytes;
   25038   rc = Parse_TPM_ST(
   25039       &buffer,
   25040       &tag,
   25041       &tag_bytes);
   25042   if (rc != TPM_RC_SUCCESS) {
   25043     return rc;
   25044   }
   25045   UINT32 response_size;
   25046   std::string response_size_bytes;
   25047   rc = Parse_UINT32(
   25048       &buffer,
   25049       &response_size,
   25050       &response_size_bytes);
   25051   if (rc != TPM_RC_SUCCESS) {
   25052     return rc;
   25053   }
   25054   TPM_RC response_code;
   25055   std::string response_code_bytes;
   25056   rc = Parse_TPM_RC(
   25057       &buffer,
   25058       &response_code,
   25059       &response_code_bytes);
   25060   if (rc != TPM_RC_SUCCESS) {
   25061     return rc;
   25062   }
   25063   if (response_size != response.size()) {
   25064     return TPM_RC_SIZE;
   25065   }
   25066   if (response_code != TPM_RC_SUCCESS) {
   25067     return response_code;
   25068   }
   25069   TPM_CC command_code = TPM_CC_PCR_SetAuthValue;
   25070   std::string command_code_bytes;
   25071   rc = Serialize_TPM_CC(
   25072       command_code,
   25073       &command_code_bytes);
   25074   if (rc != TPM_RC_SUCCESS) {
   25075     return rc;
   25076   }
   25077   std::string authorization_section_bytes;
   25078   if (tag == TPM_ST_SESSIONS) {
   25079     UINT32 parameter_section_size = buffer.size();
   25080     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   25081     if (rc != TPM_RC_SUCCESS) {
   25082       return rc;
   25083     }
   25084     if (parameter_section_size > buffer.size()) {
   25085       return TPM_RC_INSUFFICIENT;
   25086     }
   25087     authorization_section_bytes = buffer.substr(parameter_section_size);
   25088     // Keep the parameter section in |buffer|.
   25089     buffer.erase(parameter_section_size);
   25090   }
   25091   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   25092       crypto::SecureHash::SHA256));
   25093   hash->Update(response_code_bytes.data(),
   25094                response_code_bytes.size());
   25095   hash->Update(command_code_bytes.data(),
   25096                command_code_bytes.size());
   25097   hash->Update(buffer.data(),
   25098                buffer.size());
   25099   std::string response_hash(32, 0);
   25100   hash->Finish(string_as_array(&response_hash), response_hash.size());
   25101   if (tag == TPM_ST_SESSIONS) {
   25102     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25103     if (!authorization_delegate->CheckResponseAuthorization(
   25104         response_hash,
   25105         authorization_section_bytes)) {
   25106       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25107     }
   25108   }
   25109   return TPM_RC_SUCCESS;
   25110 }
   25111 
   25112 void PCR_SetAuthValueErrorCallback(
   25113     const Tpm::PCR_SetAuthValueResponse& callback,
   25114     TPM_RC response_code) {
   25115   VLOG(1) << __func__;
   25116   callback.Run(response_code);
   25117 }
   25118 
   25119 void PCR_SetAuthValueResponseParser(
   25120     const Tpm::PCR_SetAuthValueResponse& callback,
   25121     AuthorizationDelegate* authorization_delegate,
   25122     const std::string& response) {
   25123   VLOG(1) << __func__;
   25124   base::Callback<void(TPM_RC)> error_reporter =
   25125       base::Bind(PCR_SetAuthValueErrorCallback, callback);
   25126   TPM_RC rc = Tpm::ParseResponse_PCR_SetAuthValue(
   25127       response,
   25128       authorization_delegate);
   25129   if (rc != TPM_RC_SUCCESS) {
   25130     error_reporter.Run(rc);
   25131     return;
   25132   }
   25133   callback.Run(
   25134       rc);
   25135 }
   25136 
   25137 void Tpm::PCR_SetAuthValue(
   25138       const TPMI_DH_PCR& pcr_handle,
   25139       const std::string& pcr_handle_name,
   25140       const TPM2B_DIGEST& auth,
   25141       AuthorizationDelegate* authorization_delegate,
   25142       const PCR_SetAuthValueResponse& callback) {
   25143   VLOG(1) << __func__;
   25144   base::Callback<void(TPM_RC)> error_reporter =
   25145       base::Bind(PCR_SetAuthValueErrorCallback, callback);
   25146   base::Callback<void(const std::string&)> parser =
   25147       base::Bind(PCR_SetAuthValueResponseParser,
   25148                  callback,
   25149                  authorization_delegate);
   25150   std::string command;
   25151   TPM_RC rc = SerializeCommand_PCR_SetAuthValue(
   25152       pcr_handle,
   25153       pcr_handle_name,
   25154       auth,
   25155       &command,
   25156       authorization_delegate);
   25157   if (rc != TPM_RC_SUCCESS) {
   25158     error_reporter.Run(rc);
   25159     return;
   25160   }
   25161   transceiver_->SendCommand(command, parser);
   25162 }
   25163 
   25164 TPM_RC Tpm::PCR_SetAuthValueSync(
   25165       const TPMI_DH_PCR& pcr_handle,
   25166       const std::string& pcr_handle_name,
   25167       const TPM2B_DIGEST& auth,
   25168       AuthorizationDelegate* authorization_delegate) {
   25169   VLOG(1) << __func__;
   25170   std::string command;
   25171   TPM_RC rc = SerializeCommand_PCR_SetAuthValue(
   25172       pcr_handle,
   25173       pcr_handle_name,
   25174       auth,
   25175       &command,
   25176       authorization_delegate);
   25177   if (rc != TPM_RC_SUCCESS) {
   25178     return rc;
   25179   }
   25180   std::string response = transceiver_->SendCommandAndWait(command);
   25181   rc = ParseResponse_PCR_SetAuthValue(
   25182       response,
   25183       authorization_delegate);
   25184   return rc;
   25185 }
   25186 
   25187 TPM_RC Tpm::SerializeCommand_PCR_Reset(
   25188       const TPMI_DH_PCR& pcr_handle,
   25189       const std::string& pcr_handle_name,
   25190       std::string* serialized_command,
   25191       AuthorizationDelegate* authorization_delegate) {
   25192   VLOG(3) << __func__;
   25193   TPM_RC rc = TPM_RC_SUCCESS;
   25194   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   25195   UINT32 command_size = 10;  // Header size.
   25196   std::string handle_section_bytes;
   25197   std::string parameter_section_bytes;
   25198   TPM_CC command_code = TPM_CC_PCR_Reset;
   25199   bool is_command_parameter_encryption_possible = false;
   25200   bool is_response_parameter_encryption_possible = false;
   25201   std::string command_code_bytes;
   25202   rc = Serialize_TPM_CC(
   25203       command_code,
   25204       &command_code_bytes);
   25205   if (rc != TPM_RC_SUCCESS) {
   25206     return rc;
   25207   }
   25208   std::string pcr_handle_bytes;
   25209   rc = Serialize_TPMI_DH_PCR(
   25210       pcr_handle,
   25211       &pcr_handle_bytes);
   25212   if (rc != TPM_RC_SUCCESS) {
   25213     return rc;
   25214   }
   25215   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   25216       crypto::SecureHash::SHA256));
   25217   hash->Update(command_code_bytes.data(),
   25218                command_code_bytes.size());
   25219   hash->Update(pcr_handle_name.data(),
   25220                pcr_handle_name.size());
   25221   handle_section_bytes += pcr_handle_bytes;
   25222   command_size += pcr_handle_bytes.size();
   25223   std::string command_hash(32, 0);
   25224   hash->Finish(string_as_array(&command_hash), command_hash.size());
   25225   std::string authorization_section_bytes;
   25226   std::string authorization_size_bytes;
   25227   if (authorization_delegate) {
   25228     if (!authorization_delegate->GetCommandAuthorization(
   25229         command_hash,
   25230         is_command_parameter_encryption_possible,
   25231         is_response_parameter_encryption_possible,
   25232         &authorization_section_bytes)) {
   25233       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25234     }
   25235     if (!authorization_section_bytes.empty()) {
   25236       tag = TPM_ST_SESSIONS;
   25237       std::string tmp;
   25238       rc = Serialize_UINT32(authorization_section_bytes.size(),
   25239                             &authorization_size_bytes);
   25240       if (rc != TPM_RC_SUCCESS) {
   25241         return rc;
   25242       }
   25243       command_size += authorization_size_bytes.size() +
   25244                       authorization_section_bytes.size();
   25245     }
   25246   }
   25247   std::string tag_bytes;
   25248   rc = Serialize_TPMI_ST_COMMAND_TAG(
   25249       tag,
   25250       &tag_bytes);
   25251   if (rc != TPM_RC_SUCCESS) {
   25252     return rc;
   25253   }
   25254   std::string command_size_bytes;
   25255   rc = Serialize_UINT32(
   25256       command_size,
   25257       &command_size_bytes);
   25258   if (rc != TPM_RC_SUCCESS) {
   25259     return rc;
   25260   }
   25261   *serialized_command = tag_bytes +
   25262                         command_size_bytes +
   25263                         command_code_bytes +
   25264                         handle_section_bytes +
   25265                         authorization_size_bytes +
   25266                         authorization_section_bytes +
   25267                         parameter_section_bytes;
   25268   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   25269   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   25270                                             serialized_command->size());
   25271   return TPM_RC_SUCCESS;
   25272 }
   25273 
   25274 TPM_RC Tpm::ParseResponse_PCR_Reset(
   25275       const std::string& response,
   25276       AuthorizationDelegate* authorization_delegate) {
   25277   VLOG(3) << __func__;
   25278   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   25279   TPM_RC rc = TPM_RC_SUCCESS;
   25280   std::string buffer(response);
   25281   TPM_ST tag;
   25282   std::string tag_bytes;
   25283   rc = Parse_TPM_ST(
   25284       &buffer,
   25285       &tag,
   25286       &tag_bytes);
   25287   if (rc != TPM_RC_SUCCESS) {
   25288     return rc;
   25289   }
   25290   UINT32 response_size;
   25291   std::string response_size_bytes;
   25292   rc = Parse_UINT32(
   25293       &buffer,
   25294       &response_size,
   25295       &response_size_bytes);
   25296   if (rc != TPM_RC_SUCCESS) {
   25297     return rc;
   25298   }
   25299   TPM_RC response_code;
   25300   std::string response_code_bytes;
   25301   rc = Parse_TPM_RC(
   25302       &buffer,
   25303       &response_code,
   25304       &response_code_bytes);
   25305   if (rc != TPM_RC_SUCCESS) {
   25306     return rc;
   25307   }
   25308   if (response_size != response.size()) {
   25309     return TPM_RC_SIZE;
   25310   }
   25311   if (response_code != TPM_RC_SUCCESS) {
   25312     return response_code;
   25313   }
   25314   TPM_CC command_code = TPM_CC_PCR_Reset;
   25315   std::string command_code_bytes;
   25316   rc = Serialize_TPM_CC(
   25317       command_code,
   25318       &command_code_bytes);
   25319   if (rc != TPM_RC_SUCCESS) {
   25320     return rc;
   25321   }
   25322   std::string authorization_section_bytes;
   25323   if (tag == TPM_ST_SESSIONS) {
   25324     UINT32 parameter_section_size = buffer.size();
   25325     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   25326     if (rc != TPM_RC_SUCCESS) {
   25327       return rc;
   25328     }
   25329     if (parameter_section_size > buffer.size()) {
   25330       return TPM_RC_INSUFFICIENT;
   25331     }
   25332     authorization_section_bytes = buffer.substr(parameter_section_size);
   25333     // Keep the parameter section in |buffer|.
   25334     buffer.erase(parameter_section_size);
   25335   }
   25336   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   25337       crypto::SecureHash::SHA256));
   25338   hash->Update(response_code_bytes.data(),
   25339                response_code_bytes.size());
   25340   hash->Update(command_code_bytes.data(),
   25341                command_code_bytes.size());
   25342   hash->Update(buffer.data(),
   25343                buffer.size());
   25344   std::string response_hash(32, 0);
   25345   hash->Finish(string_as_array(&response_hash), response_hash.size());
   25346   if (tag == TPM_ST_SESSIONS) {
   25347     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25348     if (!authorization_delegate->CheckResponseAuthorization(
   25349         response_hash,
   25350         authorization_section_bytes)) {
   25351       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25352     }
   25353   }
   25354   return TPM_RC_SUCCESS;
   25355 }
   25356 
   25357 void PCR_ResetErrorCallback(
   25358     const Tpm::PCR_ResetResponse& callback,
   25359     TPM_RC response_code) {
   25360   VLOG(1) << __func__;
   25361   callback.Run(response_code);
   25362 }
   25363 
   25364 void PCR_ResetResponseParser(
   25365     const Tpm::PCR_ResetResponse& callback,
   25366     AuthorizationDelegate* authorization_delegate,
   25367     const std::string& response) {
   25368   VLOG(1) << __func__;
   25369   base::Callback<void(TPM_RC)> error_reporter =
   25370       base::Bind(PCR_ResetErrorCallback, callback);
   25371   TPM_RC rc = Tpm::ParseResponse_PCR_Reset(
   25372       response,
   25373       authorization_delegate);
   25374   if (rc != TPM_RC_SUCCESS) {
   25375     error_reporter.Run(rc);
   25376     return;
   25377   }
   25378   callback.Run(
   25379       rc);
   25380 }
   25381 
   25382 void Tpm::PCR_Reset(
   25383       const TPMI_DH_PCR& pcr_handle,
   25384       const std::string& pcr_handle_name,
   25385       AuthorizationDelegate* authorization_delegate,
   25386       const PCR_ResetResponse& callback) {
   25387   VLOG(1) << __func__;
   25388   base::Callback<void(TPM_RC)> error_reporter =
   25389       base::Bind(PCR_ResetErrorCallback, callback);
   25390   base::Callback<void(const std::string&)> parser =
   25391       base::Bind(PCR_ResetResponseParser,
   25392                  callback,
   25393                  authorization_delegate);
   25394   std::string command;
   25395   TPM_RC rc = SerializeCommand_PCR_Reset(
   25396       pcr_handle,
   25397       pcr_handle_name,
   25398       &command,
   25399       authorization_delegate);
   25400   if (rc != TPM_RC_SUCCESS) {
   25401     error_reporter.Run(rc);
   25402     return;
   25403   }
   25404   transceiver_->SendCommand(command, parser);
   25405 }
   25406 
   25407 TPM_RC Tpm::PCR_ResetSync(
   25408       const TPMI_DH_PCR& pcr_handle,
   25409       const std::string& pcr_handle_name,
   25410       AuthorizationDelegate* authorization_delegate) {
   25411   VLOG(1) << __func__;
   25412   std::string command;
   25413   TPM_RC rc = SerializeCommand_PCR_Reset(
   25414       pcr_handle,
   25415       pcr_handle_name,
   25416       &command,
   25417       authorization_delegate);
   25418   if (rc != TPM_RC_SUCCESS) {
   25419     return rc;
   25420   }
   25421   std::string response = transceiver_->SendCommandAndWait(command);
   25422   rc = ParseResponse_PCR_Reset(
   25423       response,
   25424       authorization_delegate);
   25425   return rc;
   25426 }
   25427 
   25428 TPM_RC Tpm::SerializeCommand_PolicySigned(
   25429       const TPMI_DH_OBJECT& auth_object,
   25430       const std::string& auth_object_name,
   25431       const TPMI_SH_POLICY& policy_session,
   25432       const std::string& policy_session_name,
   25433       const TPM2B_NONCE& nonce_tpm,
   25434       const TPM2B_DIGEST& cp_hash_a,
   25435       const TPM2B_NONCE& policy_ref,
   25436       const INT32& expiration,
   25437       const TPMT_SIGNATURE& auth,
   25438       std::string* serialized_command,
   25439       AuthorizationDelegate* authorization_delegate) {
   25440   VLOG(3) << __func__;
   25441   TPM_RC rc = TPM_RC_SUCCESS;
   25442   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   25443   UINT32 command_size = 10;  // Header size.
   25444   std::string handle_section_bytes;
   25445   std::string parameter_section_bytes;
   25446   TPM_CC command_code = TPM_CC_PolicySigned;
   25447   bool is_command_parameter_encryption_possible = true;
   25448   bool is_response_parameter_encryption_possible = true;
   25449   std::string command_code_bytes;
   25450   rc = Serialize_TPM_CC(
   25451       command_code,
   25452       &command_code_bytes);
   25453   if (rc != TPM_RC_SUCCESS) {
   25454     return rc;
   25455   }
   25456   std::string auth_object_bytes;
   25457   rc = Serialize_TPMI_DH_OBJECT(
   25458       auth_object,
   25459       &auth_object_bytes);
   25460   if (rc != TPM_RC_SUCCESS) {
   25461     return rc;
   25462   }
   25463   std::string policy_session_bytes;
   25464   rc = Serialize_TPMI_SH_POLICY(
   25465       policy_session,
   25466       &policy_session_bytes);
   25467   if (rc != TPM_RC_SUCCESS) {
   25468     return rc;
   25469   }
   25470   std::string nonce_tpm_bytes;
   25471   rc = Serialize_TPM2B_NONCE(
   25472       nonce_tpm,
   25473       &nonce_tpm_bytes);
   25474   if (rc != TPM_RC_SUCCESS) {
   25475     return rc;
   25476   }
   25477   std::string cp_hash_a_bytes;
   25478   rc = Serialize_TPM2B_DIGEST(
   25479       cp_hash_a,
   25480       &cp_hash_a_bytes);
   25481   if (rc != TPM_RC_SUCCESS) {
   25482     return rc;
   25483   }
   25484   std::string policy_ref_bytes;
   25485   rc = Serialize_TPM2B_NONCE(
   25486       policy_ref,
   25487       &policy_ref_bytes);
   25488   if (rc != TPM_RC_SUCCESS) {
   25489     return rc;
   25490   }
   25491   std::string expiration_bytes;
   25492   rc = Serialize_INT32(
   25493       expiration,
   25494       &expiration_bytes);
   25495   if (rc != TPM_RC_SUCCESS) {
   25496     return rc;
   25497   }
   25498   std::string auth_bytes;
   25499   rc = Serialize_TPMT_SIGNATURE(
   25500       auth,
   25501       &auth_bytes);
   25502   if (rc != TPM_RC_SUCCESS) {
   25503     return rc;
   25504   }
   25505   if (authorization_delegate) {
   25506     // Encrypt just the parameter data, not the size.
   25507     std::string tmp = nonce_tpm_bytes.substr(2);
   25508     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   25509       return TRUNKS_RC_ENCRYPTION_FAILED;
   25510     }
   25511     nonce_tpm_bytes.replace(2, std::string::npos, tmp);
   25512   }
   25513   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   25514       crypto::SecureHash::SHA256));
   25515   hash->Update(command_code_bytes.data(),
   25516                command_code_bytes.size());
   25517   hash->Update(auth_object_name.data(),
   25518                auth_object_name.size());
   25519   handle_section_bytes += auth_object_bytes;
   25520   command_size += auth_object_bytes.size();
   25521   hash->Update(policy_session_name.data(),
   25522                policy_session_name.size());
   25523   handle_section_bytes += policy_session_bytes;
   25524   command_size += policy_session_bytes.size();
   25525   hash->Update(nonce_tpm_bytes.data(),
   25526                nonce_tpm_bytes.size());
   25527   parameter_section_bytes += nonce_tpm_bytes;
   25528   command_size += nonce_tpm_bytes.size();
   25529   hash->Update(cp_hash_a_bytes.data(),
   25530                cp_hash_a_bytes.size());
   25531   parameter_section_bytes += cp_hash_a_bytes;
   25532   command_size += cp_hash_a_bytes.size();
   25533   hash->Update(policy_ref_bytes.data(),
   25534                policy_ref_bytes.size());
   25535   parameter_section_bytes += policy_ref_bytes;
   25536   command_size += policy_ref_bytes.size();
   25537   hash->Update(expiration_bytes.data(),
   25538                expiration_bytes.size());
   25539   parameter_section_bytes += expiration_bytes;
   25540   command_size += expiration_bytes.size();
   25541   hash->Update(auth_bytes.data(),
   25542                auth_bytes.size());
   25543   parameter_section_bytes += auth_bytes;
   25544   command_size += auth_bytes.size();
   25545   std::string command_hash(32, 0);
   25546   hash->Finish(string_as_array(&command_hash), command_hash.size());
   25547   std::string authorization_section_bytes;
   25548   std::string authorization_size_bytes;
   25549   if (authorization_delegate) {
   25550     if (!authorization_delegate->GetCommandAuthorization(
   25551         command_hash,
   25552         is_command_parameter_encryption_possible,
   25553         is_response_parameter_encryption_possible,
   25554         &authorization_section_bytes)) {
   25555       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25556     }
   25557     if (!authorization_section_bytes.empty()) {
   25558       tag = TPM_ST_SESSIONS;
   25559       std::string tmp;
   25560       rc = Serialize_UINT32(authorization_section_bytes.size(),
   25561                             &authorization_size_bytes);
   25562       if (rc != TPM_RC_SUCCESS) {
   25563         return rc;
   25564       }
   25565       command_size += authorization_size_bytes.size() +
   25566                       authorization_section_bytes.size();
   25567     }
   25568   }
   25569   std::string tag_bytes;
   25570   rc = Serialize_TPMI_ST_COMMAND_TAG(
   25571       tag,
   25572       &tag_bytes);
   25573   if (rc != TPM_RC_SUCCESS) {
   25574     return rc;
   25575   }
   25576   std::string command_size_bytes;
   25577   rc = Serialize_UINT32(
   25578       command_size,
   25579       &command_size_bytes);
   25580   if (rc != TPM_RC_SUCCESS) {
   25581     return rc;
   25582   }
   25583   *serialized_command = tag_bytes +
   25584                         command_size_bytes +
   25585                         command_code_bytes +
   25586                         handle_section_bytes +
   25587                         authorization_size_bytes +
   25588                         authorization_section_bytes +
   25589                         parameter_section_bytes;
   25590   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   25591   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   25592                                             serialized_command->size());
   25593   return TPM_RC_SUCCESS;
   25594 }
   25595 
   25596 TPM_RC Tpm::ParseResponse_PolicySigned(
   25597       const std::string& response,
   25598       TPM2B_TIMEOUT* timeout,
   25599       TPMT_TK_AUTH* policy_ticket,
   25600       AuthorizationDelegate* authorization_delegate) {
   25601   VLOG(3) << __func__;
   25602   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   25603   TPM_RC rc = TPM_RC_SUCCESS;
   25604   std::string buffer(response);
   25605   TPM_ST tag;
   25606   std::string tag_bytes;
   25607   rc = Parse_TPM_ST(
   25608       &buffer,
   25609       &tag,
   25610       &tag_bytes);
   25611   if (rc != TPM_RC_SUCCESS) {
   25612     return rc;
   25613   }
   25614   UINT32 response_size;
   25615   std::string response_size_bytes;
   25616   rc = Parse_UINT32(
   25617       &buffer,
   25618       &response_size,
   25619       &response_size_bytes);
   25620   if (rc != TPM_RC_SUCCESS) {
   25621     return rc;
   25622   }
   25623   TPM_RC response_code;
   25624   std::string response_code_bytes;
   25625   rc = Parse_TPM_RC(
   25626       &buffer,
   25627       &response_code,
   25628       &response_code_bytes);
   25629   if (rc != TPM_RC_SUCCESS) {
   25630     return rc;
   25631   }
   25632   if (response_size != response.size()) {
   25633     return TPM_RC_SIZE;
   25634   }
   25635   if (response_code != TPM_RC_SUCCESS) {
   25636     return response_code;
   25637   }
   25638   TPM_CC command_code = TPM_CC_PolicySigned;
   25639   std::string command_code_bytes;
   25640   rc = Serialize_TPM_CC(
   25641       command_code,
   25642       &command_code_bytes);
   25643   if (rc != TPM_RC_SUCCESS) {
   25644     return rc;
   25645   }
   25646   std::string authorization_section_bytes;
   25647   if (tag == TPM_ST_SESSIONS) {
   25648     UINT32 parameter_section_size = buffer.size();
   25649     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   25650     if (rc != TPM_RC_SUCCESS) {
   25651       return rc;
   25652     }
   25653     if (parameter_section_size > buffer.size()) {
   25654       return TPM_RC_INSUFFICIENT;
   25655     }
   25656     authorization_section_bytes = buffer.substr(parameter_section_size);
   25657     // Keep the parameter section in |buffer|.
   25658     buffer.erase(parameter_section_size);
   25659   }
   25660   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   25661       crypto::SecureHash::SHA256));
   25662   hash->Update(response_code_bytes.data(),
   25663                response_code_bytes.size());
   25664   hash->Update(command_code_bytes.data(),
   25665                command_code_bytes.size());
   25666   hash->Update(buffer.data(),
   25667                buffer.size());
   25668   std::string response_hash(32, 0);
   25669   hash->Finish(string_as_array(&response_hash), response_hash.size());
   25670   if (tag == TPM_ST_SESSIONS) {
   25671     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25672     if (!authorization_delegate->CheckResponseAuthorization(
   25673         response_hash,
   25674         authorization_section_bytes)) {
   25675       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25676     }
   25677   }
   25678   std::string timeout_bytes;
   25679   rc = Parse_TPM2B_TIMEOUT(
   25680       &buffer,
   25681       timeout,
   25682       &timeout_bytes);
   25683   if (rc != TPM_RC_SUCCESS) {
   25684     return rc;
   25685   }
   25686   std::string policy_ticket_bytes;
   25687   rc = Parse_TPMT_TK_AUTH(
   25688       &buffer,
   25689       policy_ticket,
   25690       &policy_ticket_bytes);
   25691   if (rc != TPM_RC_SUCCESS) {
   25692     return rc;
   25693   }
   25694   if (tag == TPM_ST_SESSIONS) {
   25695     CHECK(authorization_delegate) << "Authorization delegate missing!";
   25696     // Decrypt just the parameter data, not the size.
   25697     std::string tmp = timeout_bytes.substr(2);
   25698     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   25699       return TRUNKS_RC_ENCRYPTION_FAILED;
   25700     }
   25701     timeout_bytes.replace(2, std::string::npos, tmp);
   25702     rc = Parse_TPM2B_TIMEOUT(
   25703         &timeout_bytes,
   25704         timeout,
   25705         nullptr);
   25706     if (rc != TPM_RC_SUCCESS) {
   25707       return rc;
   25708     }
   25709   }
   25710   return TPM_RC_SUCCESS;
   25711 }
   25712 
   25713 void PolicySignedErrorCallback(
   25714     const Tpm::PolicySignedResponse& callback,
   25715     TPM_RC response_code) {
   25716   VLOG(1) << __func__;
   25717   callback.Run(response_code,
   25718                TPM2B_TIMEOUT(),
   25719                TPMT_TK_AUTH());
   25720 }
   25721 
   25722 void PolicySignedResponseParser(
   25723     const Tpm::PolicySignedResponse& callback,
   25724     AuthorizationDelegate* authorization_delegate,
   25725     const std::string& response) {
   25726   VLOG(1) << __func__;
   25727   base::Callback<void(TPM_RC)> error_reporter =
   25728       base::Bind(PolicySignedErrorCallback, callback);
   25729   TPM2B_TIMEOUT timeout;
   25730   TPMT_TK_AUTH policy_ticket;
   25731   TPM_RC rc = Tpm::ParseResponse_PolicySigned(
   25732       response,
   25733       &timeout,
   25734       &policy_ticket,
   25735       authorization_delegate);
   25736   if (rc != TPM_RC_SUCCESS) {
   25737     error_reporter.Run(rc);
   25738     return;
   25739   }
   25740   callback.Run(
   25741       rc,
   25742       timeout,
   25743       policy_ticket);
   25744 }
   25745 
   25746 void Tpm::PolicySigned(
   25747       const TPMI_DH_OBJECT& auth_object,
   25748       const std::string& auth_object_name,
   25749       const TPMI_SH_POLICY& policy_session,
   25750       const std::string& policy_session_name,
   25751       const TPM2B_NONCE& nonce_tpm,
   25752       const TPM2B_DIGEST& cp_hash_a,
   25753       const TPM2B_NONCE& policy_ref,
   25754       const INT32& expiration,
   25755       const TPMT_SIGNATURE& auth,
   25756       AuthorizationDelegate* authorization_delegate,
   25757       const PolicySignedResponse& callback) {
   25758   VLOG(1) << __func__;
   25759   base::Callback<void(TPM_RC)> error_reporter =
   25760       base::Bind(PolicySignedErrorCallback, callback);
   25761   base::Callback<void(const std::string&)> parser =
   25762       base::Bind(PolicySignedResponseParser,
   25763                  callback,
   25764                  authorization_delegate);
   25765   std::string command;
   25766   TPM_RC rc = SerializeCommand_PolicySigned(
   25767       auth_object,
   25768       auth_object_name,
   25769       policy_session,
   25770       policy_session_name,
   25771       nonce_tpm,
   25772       cp_hash_a,
   25773       policy_ref,
   25774       expiration,
   25775       auth,
   25776       &command,
   25777       authorization_delegate);
   25778   if (rc != TPM_RC_SUCCESS) {
   25779     error_reporter.Run(rc);
   25780     return;
   25781   }
   25782   transceiver_->SendCommand(command, parser);
   25783 }
   25784 
   25785 TPM_RC Tpm::PolicySignedSync(
   25786       const TPMI_DH_OBJECT& auth_object,
   25787       const std::string& auth_object_name,
   25788       const TPMI_SH_POLICY& policy_session,
   25789       const std::string& policy_session_name,
   25790       const TPM2B_NONCE& nonce_tpm,
   25791       const TPM2B_DIGEST& cp_hash_a,
   25792       const TPM2B_NONCE& policy_ref,
   25793       const INT32& expiration,
   25794       const TPMT_SIGNATURE& auth,
   25795       TPM2B_TIMEOUT* timeout,
   25796       TPMT_TK_AUTH* policy_ticket,
   25797       AuthorizationDelegate* authorization_delegate) {
   25798   VLOG(1) << __func__;
   25799   std::string command;
   25800   TPM_RC rc = SerializeCommand_PolicySigned(
   25801       auth_object,
   25802       auth_object_name,
   25803       policy_session,
   25804       policy_session_name,
   25805       nonce_tpm,
   25806       cp_hash_a,
   25807       policy_ref,
   25808       expiration,
   25809       auth,
   25810       &command,
   25811       authorization_delegate);
   25812   if (rc != TPM_RC_SUCCESS) {
   25813     return rc;
   25814   }
   25815   std::string response = transceiver_->SendCommandAndWait(command);
   25816   rc = ParseResponse_PolicySigned(
   25817       response,
   25818       timeout,
   25819       policy_ticket,
   25820       authorization_delegate);
   25821   return rc;
   25822 }
   25823 
   25824 TPM_RC Tpm::SerializeCommand_PolicySecret(
   25825       const TPMI_DH_ENTITY& auth_handle,
   25826       const std::string& auth_handle_name,
   25827       const TPMI_SH_POLICY& policy_session,
   25828       const std::string& policy_session_name,
   25829       const TPM2B_NONCE& nonce_tpm,
   25830       const TPM2B_DIGEST& cp_hash_a,
   25831       const TPM2B_NONCE& policy_ref,
   25832       const INT32& expiration,
   25833       std::string* serialized_command,
   25834       AuthorizationDelegate* authorization_delegate) {
   25835   VLOG(3) << __func__;
   25836   TPM_RC rc = TPM_RC_SUCCESS;
   25837   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   25838   UINT32 command_size = 10;  // Header size.
   25839   std::string handle_section_bytes;
   25840   std::string parameter_section_bytes;
   25841   TPM_CC command_code = TPM_CC_PolicySecret;
   25842   bool is_command_parameter_encryption_possible = true;
   25843   bool is_response_parameter_encryption_possible = true;
   25844   std::string command_code_bytes;
   25845   rc = Serialize_TPM_CC(
   25846       command_code,
   25847       &command_code_bytes);
   25848   if (rc != TPM_RC_SUCCESS) {
   25849     return rc;
   25850   }
   25851   std::string auth_handle_bytes;
   25852   rc = Serialize_TPMI_DH_ENTITY(
   25853       auth_handle,
   25854       &auth_handle_bytes);
   25855   if (rc != TPM_RC_SUCCESS) {
   25856     return rc;
   25857   }
   25858   std::string policy_session_bytes;
   25859   rc = Serialize_TPMI_SH_POLICY(
   25860       policy_session,
   25861       &policy_session_bytes);
   25862   if (rc != TPM_RC_SUCCESS) {
   25863     return rc;
   25864   }
   25865   std::string nonce_tpm_bytes;
   25866   rc = Serialize_TPM2B_NONCE(
   25867       nonce_tpm,
   25868       &nonce_tpm_bytes);
   25869   if (rc != TPM_RC_SUCCESS) {
   25870     return rc;
   25871   }
   25872   std::string cp_hash_a_bytes;
   25873   rc = Serialize_TPM2B_DIGEST(
   25874       cp_hash_a,
   25875       &cp_hash_a_bytes);
   25876   if (rc != TPM_RC_SUCCESS) {
   25877     return rc;
   25878   }
   25879   std::string policy_ref_bytes;
   25880   rc = Serialize_TPM2B_NONCE(
   25881       policy_ref,
   25882       &policy_ref_bytes);
   25883   if (rc != TPM_RC_SUCCESS) {
   25884     return rc;
   25885   }
   25886   std::string expiration_bytes;
   25887   rc = Serialize_INT32(
   25888       expiration,
   25889       &expiration_bytes);
   25890   if (rc != TPM_RC_SUCCESS) {
   25891     return rc;
   25892   }
   25893   if (authorization_delegate) {
   25894     // Encrypt just the parameter data, not the size.
   25895     std::string tmp = nonce_tpm_bytes.substr(2);
   25896     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   25897       return TRUNKS_RC_ENCRYPTION_FAILED;
   25898     }
   25899     nonce_tpm_bytes.replace(2, std::string::npos, tmp);
   25900   }
   25901   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   25902       crypto::SecureHash::SHA256));
   25903   hash->Update(command_code_bytes.data(),
   25904                command_code_bytes.size());
   25905   hash->Update(auth_handle_name.data(),
   25906                auth_handle_name.size());
   25907   handle_section_bytes += auth_handle_bytes;
   25908   command_size += auth_handle_bytes.size();
   25909   hash->Update(policy_session_name.data(),
   25910                policy_session_name.size());
   25911   handle_section_bytes += policy_session_bytes;
   25912   command_size += policy_session_bytes.size();
   25913   hash->Update(nonce_tpm_bytes.data(),
   25914                nonce_tpm_bytes.size());
   25915   parameter_section_bytes += nonce_tpm_bytes;
   25916   command_size += nonce_tpm_bytes.size();
   25917   hash->Update(cp_hash_a_bytes.data(),
   25918                cp_hash_a_bytes.size());
   25919   parameter_section_bytes += cp_hash_a_bytes;
   25920   command_size += cp_hash_a_bytes.size();
   25921   hash->Update(policy_ref_bytes.data(),
   25922                policy_ref_bytes.size());
   25923   parameter_section_bytes += policy_ref_bytes;
   25924   command_size += policy_ref_bytes.size();
   25925   hash->Update(expiration_bytes.data(),
   25926                expiration_bytes.size());
   25927   parameter_section_bytes += expiration_bytes;
   25928   command_size += expiration_bytes.size();
   25929   std::string command_hash(32, 0);
   25930   hash->Finish(string_as_array(&command_hash), command_hash.size());
   25931   std::string authorization_section_bytes;
   25932   std::string authorization_size_bytes;
   25933   if (authorization_delegate) {
   25934     if (!authorization_delegate->GetCommandAuthorization(
   25935         command_hash,
   25936         is_command_parameter_encryption_possible,
   25937         is_response_parameter_encryption_possible,
   25938         &authorization_section_bytes)) {
   25939       return TRUNKS_RC_AUTHORIZATION_FAILED;
   25940     }
   25941     if (!authorization_section_bytes.empty()) {
   25942       tag = TPM_ST_SESSIONS;
   25943       std::string tmp;
   25944       rc = Serialize_UINT32(authorization_section_bytes.size(),
   25945                             &authorization_size_bytes);
   25946       if (rc != TPM_RC_SUCCESS) {
   25947         return rc;
   25948       }
   25949       command_size += authorization_size_bytes.size() +
   25950                       authorization_section_bytes.size();
   25951     }
   25952   }
   25953   std::string tag_bytes;
   25954   rc = Serialize_TPMI_ST_COMMAND_TAG(
   25955       tag,
   25956       &tag_bytes);
   25957   if (rc != TPM_RC_SUCCESS) {
   25958     return rc;
   25959   }
   25960   std::string command_size_bytes;
   25961   rc = Serialize_UINT32(
   25962       command_size,
   25963       &command_size_bytes);
   25964   if (rc != TPM_RC_SUCCESS) {
   25965     return rc;
   25966   }
   25967   *serialized_command = tag_bytes +
   25968                         command_size_bytes +
   25969                         command_code_bytes +
   25970                         handle_section_bytes +
   25971                         authorization_size_bytes +
   25972                         authorization_section_bytes +
   25973                         parameter_section_bytes;
   25974   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   25975   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   25976                                             serialized_command->size());
   25977   return TPM_RC_SUCCESS;
   25978 }
   25979 
   25980 TPM_RC Tpm::ParseResponse_PolicySecret(
   25981       const std::string& response,
   25982       TPM2B_TIMEOUT* timeout,
   25983       TPMT_TK_AUTH* policy_ticket,
   25984       AuthorizationDelegate* authorization_delegate) {
   25985   VLOG(3) << __func__;
   25986   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   25987   TPM_RC rc = TPM_RC_SUCCESS;
   25988   std::string buffer(response);
   25989   TPM_ST tag;
   25990   std::string tag_bytes;
   25991   rc = Parse_TPM_ST(
   25992       &buffer,
   25993       &tag,
   25994       &tag_bytes);
   25995   if (rc != TPM_RC_SUCCESS) {
   25996     return rc;
   25997   }
   25998   UINT32 response_size;
   25999   std::string response_size_bytes;
   26000   rc = Parse_UINT32(
   26001       &buffer,
   26002       &response_size,
   26003       &response_size_bytes);
   26004   if (rc != TPM_RC_SUCCESS) {
   26005     return rc;
   26006   }
   26007   TPM_RC response_code;
   26008   std::string response_code_bytes;
   26009   rc = Parse_TPM_RC(
   26010       &buffer,
   26011       &response_code,
   26012       &response_code_bytes);
   26013   if (rc != TPM_RC_SUCCESS) {
   26014     return rc;
   26015   }
   26016   if (response_size != response.size()) {
   26017     return TPM_RC_SIZE;
   26018   }
   26019   if (response_code != TPM_RC_SUCCESS) {
   26020     return response_code;
   26021   }
   26022   TPM_CC command_code = TPM_CC_PolicySecret;
   26023   std::string command_code_bytes;
   26024   rc = Serialize_TPM_CC(
   26025       command_code,
   26026       &command_code_bytes);
   26027   if (rc != TPM_RC_SUCCESS) {
   26028     return rc;
   26029   }
   26030   std::string authorization_section_bytes;
   26031   if (tag == TPM_ST_SESSIONS) {
   26032     UINT32 parameter_section_size = buffer.size();
   26033     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   26034     if (rc != TPM_RC_SUCCESS) {
   26035       return rc;
   26036     }
   26037     if (parameter_section_size > buffer.size()) {
   26038       return TPM_RC_INSUFFICIENT;
   26039     }
   26040     authorization_section_bytes = buffer.substr(parameter_section_size);
   26041     // Keep the parameter section in |buffer|.
   26042     buffer.erase(parameter_section_size);
   26043   }
   26044   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   26045       crypto::SecureHash::SHA256));
   26046   hash->Update(response_code_bytes.data(),
   26047                response_code_bytes.size());
   26048   hash->Update(command_code_bytes.data(),
   26049                command_code_bytes.size());
   26050   hash->Update(buffer.data(),
   26051                buffer.size());
   26052   std::string response_hash(32, 0);
   26053   hash->Finish(string_as_array(&response_hash), response_hash.size());
   26054   if (tag == TPM_ST_SESSIONS) {
   26055     CHECK(authorization_delegate) << "Authorization delegate missing!";
   26056     if (!authorization_delegate->CheckResponseAuthorization(
   26057         response_hash,
   26058         authorization_section_bytes)) {
   26059       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26060     }
   26061   }
   26062   std::string timeout_bytes;
   26063   rc = Parse_TPM2B_TIMEOUT(
   26064       &buffer,
   26065       timeout,
   26066       &timeout_bytes);
   26067   if (rc != TPM_RC_SUCCESS) {
   26068     return rc;
   26069   }
   26070   std::string policy_ticket_bytes;
   26071   rc = Parse_TPMT_TK_AUTH(
   26072       &buffer,
   26073       policy_ticket,
   26074       &policy_ticket_bytes);
   26075   if (rc != TPM_RC_SUCCESS) {
   26076     return rc;
   26077   }
   26078   if (tag == TPM_ST_SESSIONS) {
   26079     CHECK(authorization_delegate) << "Authorization delegate missing!";
   26080     // Decrypt just the parameter data, not the size.
   26081     std::string tmp = timeout_bytes.substr(2);
   26082     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   26083       return TRUNKS_RC_ENCRYPTION_FAILED;
   26084     }
   26085     timeout_bytes.replace(2, std::string::npos, tmp);
   26086     rc = Parse_TPM2B_TIMEOUT(
   26087         &timeout_bytes,
   26088         timeout,
   26089         nullptr);
   26090     if (rc != TPM_RC_SUCCESS) {
   26091       return rc;
   26092     }
   26093   }
   26094   return TPM_RC_SUCCESS;
   26095 }
   26096 
   26097 void PolicySecretErrorCallback(
   26098     const Tpm::PolicySecretResponse& callback,
   26099     TPM_RC response_code) {
   26100   VLOG(1) << __func__;
   26101   callback.Run(response_code,
   26102                TPM2B_TIMEOUT(),
   26103                TPMT_TK_AUTH());
   26104 }
   26105 
   26106 void PolicySecretResponseParser(
   26107     const Tpm::PolicySecretResponse& callback,
   26108     AuthorizationDelegate* authorization_delegate,
   26109     const std::string& response) {
   26110   VLOG(1) << __func__;
   26111   base::Callback<void(TPM_RC)> error_reporter =
   26112       base::Bind(PolicySecretErrorCallback, callback);
   26113   TPM2B_TIMEOUT timeout;
   26114   TPMT_TK_AUTH policy_ticket;
   26115   TPM_RC rc = Tpm::ParseResponse_PolicySecret(
   26116       response,
   26117       &timeout,
   26118       &policy_ticket,
   26119       authorization_delegate);
   26120   if (rc != TPM_RC_SUCCESS) {
   26121     error_reporter.Run(rc);
   26122     return;
   26123   }
   26124   callback.Run(
   26125       rc,
   26126       timeout,
   26127       policy_ticket);
   26128 }
   26129 
   26130 void Tpm::PolicySecret(
   26131       const TPMI_DH_ENTITY& auth_handle,
   26132       const std::string& auth_handle_name,
   26133       const TPMI_SH_POLICY& policy_session,
   26134       const std::string& policy_session_name,
   26135       const TPM2B_NONCE& nonce_tpm,
   26136       const TPM2B_DIGEST& cp_hash_a,
   26137       const TPM2B_NONCE& policy_ref,
   26138       const INT32& expiration,
   26139       AuthorizationDelegate* authorization_delegate,
   26140       const PolicySecretResponse& callback) {
   26141   VLOG(1) << __func__;
   26142   base::Callback<void(TPM_RC)> error_reporter =
   26143       base::Bind(PolicySecretErrorCallback, callback);
   26144   base::Callback<void(const std::string&)> parser =
   26145       base::Bind(PolicySecretResponseParser,
   26146                  callback,
   26147                  authorization_delegate);
   26148   std::string command;
   26149   TPM_RC rc = SerializeCommand_PolicySecret(
   26150       auth_handle,
   26151       auth_handle_name,
   26152       policy_session,
   26153       policy_session_name,
   26154       nonce_tpm,
   26155       cp_hash_a,
   26156       policy_ref,
   26157       expiration,
   26158       &command,
   26159       authorization_delegate);
   26160   if (rc != TPM_RC_SUCCESS) {
   26161     error_reporter.Run(rc);
   26162     return;
   26163   }
   26164   transceiver_->SendCommand(command, parser);
   26165 }
   26166 
   26167 TPM_RC Tpm::PolicySecretSync(
   26168       const TPMI_DH_ENTITY& auth_handle,
   26169       const std::string& auth_handle_name,
   26170       const TPMI_SH_POLICY& policy_session,
   26171       const std::string& policy_session_name,
   26172       const TPM2B_NONCE& nonce_tpm,
   26173       const TPM2B_DIGEST& cp_hash_a,
   26174       const TPM2B_NONCE& policy_ref,
   26175       const INT32& expiration,
   26176       TPM2B_TIMEOUT* timeout,
   26177       TPMT_TK_AUTH* policy_ticket,
   26178       AuthorizationDelegate* authorization_delegate) {
   26179   VLOG(1) << __func__;
   26180   std::string command;
   26181   TPM_RC rc = SerializeCommand_PolicySecret(
   26182       auth_handle,
   26183       auth_handle_name,
   26184       policy_session,
   26185       policy_session_name,
   26186       nonce_tpm,
   26187       cp_hash_a,
   26188       policy_ref,
   26189       expiration,
   26190       &command,
   26191       authorization_delegate);
   26192   if (rc != TPM_RC_SUCCESS) {
   26193     return rc;
   26194   }
   26195   std::string response = transceiver_->SendCommandAndWait(command);
   26196   rc = ParseResponse_PolicySecret(
   26197       response,
   26198       timeout,
   26199       policy_ticket,
   26200       authorization_delegate);
   26201   return rc;
   26202 }
   26203 
   26204 TPM_RC Tpm::SerializeCommand_PolicyTicket(
   26205       const TPMI_SH_POLICY& policy_session,
   26206       const std::string& policy_session_name,
   26207       const TPM2B_TIMEOUT& timeout,
   26208       const TPM2B_DIGEST& cp_hash_a,
   26209       const TPM2B_NONCE& policy_ref,
   26210       const TPM2B_NAME& auth_name,
   26211       const TPMT_TK_AUTH& ticket,
   26212       std::string* serialized_command,
   26213       AuthorizationDelegate* authorization_delegate) {
   26214   VLOG(3) << __func__;
   26215   TPM_RC rc = TPM_RC_SUCCESS;
   26216   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   26217   UINT32 command_size = 10;  // Header size.
   26218   std::string handle_section_bytes;
   26219   std::string parameter_section_bytes;
   26220   TPM_CC command_code = TPM_CC_PolicyTicket;
   26221   bool is_command_parameter_encryption_possible = true;
   26222   bool is_response_parameter_encryption_possible = false;
   26223   std::string command_code_bytes;
   26224   rc = Serialize_TPM_CC(
   26225       command_code,
   26226       &command_code_bytes);
   26227   if (rc != TPM_RC_SUCCESS) {
   26228     return rc;
   26229   }
   26230   std::string policy_session_bytes;
   26231   rc = Serialize_TPMI_SH_POLICY(
   26232       policy_session,
   26233       &policy_session_bytes);
   26234   if (rc != TPM_RC_SUCCESS) {
   26235     return rc;
   26236   }
   26237   std::string timeout_bytes;
   26238   rc = Serialize_TPM2B_TIMEOUT(
   26239       timeout,
   26240       &timeout_bytes);
   26241   if (rc != TPM_RC_SUCCESS) {
   26242     return rc;
   26243   }
   26244   std::string cp_hash_a_bytes;
   26245   rc = Serialize_TPM2B_DIGEST(
   26246       cp_hash_a,
   26247       &cp_hash_a_bytes);
   26248   if (rc != TPM_RC_SUCCESS) {
   26249     return rc;
   26250   }
   26251   std::string policy_ref_bytes;
   26252   rc = Serialize_TPM2B_NONCE(
   26253       policy_ref,
   26254       &policy_ref_bytes);
   26255   if (rc != TPM_RC_SUCCESS) {
   26256     return rc;
   26257   }
   26258   std::string auth_name_bytes;
   26259   rc = Serialize_TPM2B_NAME(
   26260       auth_name,
   26261       &auth_name_bytes);
   26262   if (rc != TPM_RC_SUCCESS) {
   26263     return rc;
   26264   }
   26265   std::string ticket_bytes;
   26266   rc = Serialize_TPMT_TK_AUTH(
   26267       ticket,
   26268       &ticket_bytes);
   26269   if (rc != TPM_RC_SUCCESS) {
   26270     return rc;
   26271   }
   26272   if (authorization_delegate) {
   26273     // Encrypt just the parameter data, not the size.
   26274     std::string tmp = timeout_bytes.substr(2);
   26275     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   26276       return TRUNKS_RC_ENCRYPTION_FAILED;
   26277     }
   26278     timeout_bytes.replace(2, std::string::npos, tmp);
   26279   }
   26280   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   26281       crypto::SecureHash::SHA256));
   26282   hash->Update(command_code_bytes.data(),
   26283                command_code_bytes.size());
   26284   hash->Update(policy_session_name.data(),
   26285                policy_session_name.size());
   26286   handle_section_bytes += policy_session_bytes;
   26287   command_size += policy_session_bytes.size();
   26288   hash->Update(timeout_bytes.data(),
   26289                timeout_bytes.size());
   26290   parameter_section_bytes += timeout_bytes;
   26291   command_size += timeout_bytes.size();
   26292   hash->Update(cp_hash_a_bytes.data(),
   26293                cp_hash_a_bytes.size());
   26294   parameter_section_bytes += cp_hash_a_bytes;
   26295   command_size += cp_hash_a_bytes.size();
   26296   hash->Update(policy_ref_bytes.data(),
   26297                policy_ref_bytes.size());
   26298   parameter_section_bytes += policy_ref_bytes;
   26299   command_size += policy_ref_bytes.size();
   26300   hash->Update(auth_name_bytes.data(),
   26301                auth_name_bytes.size());
   26302   parameter_section_bytes += auth_name_bytes;
   26303   command_size += auth_name_bytes.size();
   26304   hash->Update(ticket_bytes.data(),
   26305                ticket_bytes.size());
   26306   parameter_section_bytes += ticket_bytes;
   26307   command_size += ticket_bytes.size();
   26308   std::string command_hash(32, 0);
   26309   hash->Finish(string_as_array(&command_hash), command_hash.size());
   26310   std::string authorization_section_bytes;
   26311   std::string authorization_size_bytes;
   26312   if (authorization_delegate) {
   26313     if (!authorization_delegate->GetCommandAuthorization(
   26314         command_hash,
   26315         is_command_parameter_encryption_possible,
   26316         is_response_parameter_encryption_possible,
   26317         &authorization_section_bytes)) {
   26318       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26319     }
   26320     if (!authorization_section_bytes.empty()) {
   26321       tag = TPM_ST_SESSIONS;
   26322       std::string tmp;
   26323       rc = Serialize_UINT32(authorization_section_bytes.size(),
   26324                             &authorization_size_bytes);
   26325       if (rc != TPM_RC_SUCCESS) {
   26326         return rc;
   26327       }
   26328       command_size += authorization_size_bytes.size() +
   26329                       authorization_section_bytes.size();
   26330     }
   26331   }
   26332   std::string tag_bytes;
   26333   rc = Serialize_TPMI_ST_COMMAND_TAG(
   26334       tag,
   26335       &tag_bytes);
   26336   if (rc != TPM_RC_SUCCESS) {
   26337     return rc;
   26338   }
   26339   std::string command_size_bytes;
   26340   rc = Serialize_UINT32(
   26341       command_size,
   26342       &command_size_bytes);
   26343   if (rc != TPM_RC_SUCCESS) {
   26344     return rc;
   26345   }
   26346   *serialized_command = tag_bytes +
   26347                         command_size_bytes +
   26348                         command_code_bytes +
   26349                         handle_section_bytes +
   26350                         authorization_size_bytes +
   26351                         authorization_section_bytes +
   26352                         parameter_section_bytes;
   26353   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   26354   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   26355                                             serialized_command->size());
   26356   return TPM_RC_SUCCESS;
   26357 }
   26358 
   26359 TPM_RC Tpm::ParseResponse_PolicyTicket(
   26360       const std::string& response,
   26361       AuthorizationDelegate* authorization_delegate) {
   26362   VLOG(3) << __func__;
   26363   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   26364   TPM_RC rc = TPM_RC_SUCCESS;
   26365   std::string buffer(response);
   26366   TPM_ST tag;
   26367   std::string tag_bytes;
   26368   rc = Parse_TPM_ST(
   26369       &buffer,
   26370       &tag,
   26371       &tag_bytes);
   26372   if (rc != TPM_RC_SUCCESS) {
   26373     return rc;
   26374   }
   26375   UINT32 response_size;
   26376   std::string response_size_bytes;
   26377   rc = Parse_UINT32(
   26378       &buffer,
   26379       &response_size,
   26380       &response_size_bytes);
   26381   if (rc != TPM_RC_SUCCESS) {
   26382     return rc;
   26383   }
   26384   TPM_RC response_code;
   26385   std::string response_code_bytes;
   26386   rc = Parse_TPM_RC(
   26387       &buffer,
   26388       &response_code,
   26389       &response_code_bytes);
   26390   if (rc != TPM_RC_SUCCESS) {
   26391     return rc;
   26392   }
   26393   if (response_size != response.size()) {
   26394     return TPM_RC_SIZE;
   26395   }
   26396   if (response_code != TPM_RC_SUCCESS) {
   26397     return response_code;
   26398   }
   26399   TPM_CC command_code = TPM_CC_PolicyTicket;
   26400   std::string command_code_bytes;
   26401   rc = Serialize_TPM_CC(
   26402       command_code,
   26403       &command_code_bytes);
   26404   if (rc != TPM_RC_SUCCESS) {
   26405     return rc;
   26406   }
   26407   std::string authorization_section_bytes;
   26408   if (tag == TPM_ST_SESSIONS) {
   26409     UINT32 parameter_section_size = buffer.size();
   26410     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   26411     if (rc != TPM_RC_SUCCESS) {
   26412       return rc;
   26413     }
   26414     if (parameter_section_size > buffer.size()) {
   26415       return TPM_RC_INSUFFICIENT;
   26416     }
   26417     authorization_section_bytes = buffer.substr(parameter_section_size);
   26418     // Keep the parameter section in |buffer|.
   26419     buffer.erase(parameter_section_size);
   26420   }
   26421   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   26422       crypto::SecureHash::SHA256));
   26423   hash->Update(response_code_bytes.data(),
   26424                response_code_bytes.size());
   26425   hash->Update(command_code_bytes.data(),
   26426                command_code_bytes.size());
   26427   hash->Update(buffer.data(),
   26428                buffer.size());
   26429   std::string response_hash(32, 0);
   26430   hash->Finish(string_as_array(&response_hash), response_hash.size());
   26431   if (tag == TPM_ST_SESSIONS) {
   26432     CHECK(authorization_delegate) << "Authorization delegate missing!";
   26433     if (!authorization_delegate->CheckResponseAuthorization(
   26434         response_hash,
   26435         authorization_section_bytes)) {
   26436       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26437     }
   26438   }
   26439   return TPM_RC_SUCCESS;
   26440 }
   26441 
   26442 void PolicyTicketErrorCallback(
   26443     const Tpm::PolicyTicketResponse& callback,
   26444     TPM_RC response_code) {
   26445   VLOG(1) << __func__;
   26446   callback.Run(response_code);
   26447 }
   26448 
   26449 void PolicyTicketResponseParser(
   26450     const Tpm::PolicyTicketResponse& callback,
   26451     AuthorizationDelegate* authorization_delegate,
   26452     const std::string& response) {
   26453   VLOG(1) << __func__;
   26454   base::Callback<void(TPM_RC)> error_reporter =
   26455       base::Bind(PolicyTicketErrorCallback, callback);
   26456   TPM_RC rc = Tpm::ParseResponse_PolicyTicket(
   26457       response,
   26458       authorization_delegate);
   26459   if (rc != TPM_RC_SUCCESS) {
   26460     error_reporter.Run(rc);
   26461     return;
   26462   }
   26463   callback.Run(
   26464       rc);
   26465 }
   26466 
   26467 void Tpm::PolicyTicket(
   26468       const TPMI_SH_POLICY& policy_session,
   26469       const std::string& policy_session_name,
   26470       const TPM2B_TIMEOUT& timeout,
   26471       const TPM2B_DIGEST& cp_hash_a,
   26472       const TPM2B_NONCE& policy_ref,
   26473       const TPM2B_NAME& auth_name,
   26474       const TPMT_TK_AUTH& ticket,
   26475       AuthorizationDelegate* authorization_delegate,
   26476       const PolicyTicketResponse& callback) {
   26477   VLOG(1) << __func__;
   26478   base::Callback<void(TPM_RC)> error_reporter =
   26479       base::Bind(PolicyTicketErrorCallback, callback);
   26480   base::Callback<void(const std::string&)> parser =
   26481       base::Bind(PolicyTicketResponseParser,
   26482                  callback,
   26483                  authorization_delegate);
   26484   std::string command;
   26485   TPM_RC rc = SerializeCommand_PolicyTicket(
   26486       policy_session,
   26487       policy_session_name,
   26488       timeout,
   26489       cp_hash_a,
   26490       policy_ref,
   26491       auth_name,
   26492       ticket,
   26493       &command,
   26494       authorization_delegate);
   26495   if (rc != TPM_RC_SUCCESS) {
   26496     error_reporter.Run(rc);
   26497     return;
   26498   }
   26499   transceiver_->SendCommand(command, parser);
   26500 }
   26501 
   26502 TPM_RC Tpm::PolicyTicketSync(
   26503       const TPMI_SH_POLICY& policy_session,
   26504       const std::string& policy_session_name,
   26505       const TPM2B_TIMEOUT& timeout,
   26506       const TPM2B_DIGEST& cp_hash_a,
   26507       const TPM2B_NONCE& policy_ref,
   26508       const TPM2B_NAME& auth_name,
   26509       const TPMT_TK_AUTH& ticket,
   26510       AuthorizationDelegate* authorization_delegate) {
   26511   VLOG(1) << __func__;
   26512   std::string command;
   26513   TPM_RC rc = SerializeCommand_PolicyTicket(
   26514       policy_session,
   26515       policy_session_name,
   26516       timeout,
   26517       cp_hash_a,
   26518       policy_ref,
   26519       auth_name,
   26520       ticket,
   26521       &command,
   26522       authorization_delegate);
   26523   if (rc != TPM_RC_SUCCESS) {
   26524     return rc;
   26525   }
   26526   std::string response = transceiver_->SendCommandAndWait(command);
   26527   rc = ParseResponse_PolicyTicket(
   26528       response,
   26529       authorization_delegate);
   26530   return rc;
   26531 }
   26532 
   26533 TPM_RC Tpm::SerializeCommand_PolicyOR(
   26534       const TPMI_SH_POLICY& policy_session,
   26535       const std::string& policy_session_name,
   26536       const TPML_DIGEST& p_hash_list,
   26537       std::string* serialized_command,
   26538       AuthorizationDelegate* authorization_delegate) {
   26539   VLOG(3) << __func__;
   26540   TPM_RC rc = TPM_RC_SUCCESS;
   26541   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   26542   UINT32 command_size = 10;  // Header size.
   26543   std::string handle_section_bytes;
   26544   std::string parameter_section_bytes;
   26545   TPM_CC command_code = TPM_CC_PolicyOR;
   26546   bool is_command_parameter_encryption_possible = false;
   26547   bool is_response_parameter_encryption_possible = false;
   26548   std::string command_code_bytes;
   26549   rc = Serialize_TPM_CC(
   26550       command_code,
   26551       &command_code_bytes);
   26552   if (rc != TPM_RC_SUCCESS) {
   26553     return rc;
   26554   }
   26555   std::string policy_session_bytes;
   26556   rc = Serialize_TPMI_SH_POLICY(
   26557       policy_session,
   26558       &policy_session_bytes);
   26559   if (rc != TPM_RC_SUCCESS) {
   26560     return rc;
   26561   }
   26562   std::string p_hash_list_bytes;
   26563   rc = Serialize_TPML_DIGEST(
   26564       p_hash_list,
   26565       &p_hash_list_bytes);
   26566   if (rc != TPM_RC_SUCCESS) {
   26567     return rc;
   26568   }
   26569   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   26570       crypto::SecureHash::SHA256));
   26571   hash->Update(command_code_bytes.data(),
   26572                command_code_bytes.size());
   26573   hash->Update(policy_session_name.data(),
   26574                policy_session_name.size());
   26575   handle_section_bytes += policy_session_bytes;
   26576   command_size += policy_session_bytes.size();
   26577   hash->Update(p_hash_list_bytes.data(),
   26578                p_hash_list_bytes.size());
   26579   parameter_section_bytes += p_hash_list_bytes;
   26580   command_size += p_hash_list_bytes.size();
   26581   std::string command_hash(32, 0);
   26582   hash->Finish(string_as_array(&command_hash), command_hash.size());
   26583   std::string authorization_section_bytes;
   26584   std::string authorization_size_bytes;
   26585   if (authorization_delegate) {
   26586     if (!authorization_delegate->GetCommandAuthorization(
   26587         command_hash,
   26588         is_command_parameter_encryption_possible,
   26589         is_response_parameter_encryption_possible,
   26590         &authorization_section_bytes)) {
   26591       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26592     }
   26593     if (!authorization_section_bytes.empty()) {
   26594       tag = TPM_ST_SESSIONS;
   26595       std::string tmp;
   26596       rc = Serialize_UINT32(authorization_section_bytes.size(),
   26597                             &authorization_size_bytes);
   26598       if (rc != TPM_RC_SUCCESS) {
   26599         return rc;
   26600       }
   26601       command_size += authorization_size_bytes.size() +
   26602                       authorization_section_bytes.size();
   26603     }
   26604   }
   26605   std::string tag_bytes;
   26606   rc = Serialize_TPMI_ST_COMMAND_TAG(
   26607       tag,
   26608       &tag_bytes);
   26609   if (rc != TPM_RC_SUCCESS) {
   26610     return rc;
   26611   }
   26612   std::string command_size_bytes;
   26613   rc = Serialize_UINT32(
   26614       command_size,
   26615       &command_size_bytes);
   26616   if (rc != TPM_RC_SUCCESS) {
   26617     return rc;
   26618   }
   26619   *serialized_command = tag_bytes +
   26620                         command_size_bytes +
   26621                         command_code_bytes +
   26622                         handle_section_bytes +
   26623                         authorization_size_bytes +
   26624                         authorization_section_bytes +
   26625                         parameter_section_bytes;
   26626   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   26627   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   26628                                             serialized_command->size());
   26629   return TPM_RC_SUCCESS;
   26630 }
   26631 
   26632 TPM_RC Tpm::ParseResponse_PolicyOR(
   26633       const std::string& response,
   26634       AuthorizationDelegate* authorization_delegate) {
   26635   VLOG(3) << __func__;
   26636   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   26637   TPM_RC rc = TPM_RC_SUCCESS;
   26638   std::string buffer(response);
   26639   TPM_ST tag;
   26640   std::string tag_bytes;
   26641   rc = Parse_TPM_ST(
   26642       &buffer,
   26643       &tag,
   26644       &tag_bytes);
   26645   if (rc != TPM_RC_SUCCESS) {
   26646     return rc;
   26647   }
   26648   UINT32 response_size;
   26649   std::string response_size_bytes;
   26650   rc = Parse_UINT32(
   26651       &buffer,
   26652       &response_size,
   26653       &response_size_bytes);
   26654   if (rc != TPM_RC_SUCCESS) {
   26655     return rc;
   26656   }
   26657   TPM_RC response_code;
   26658   std::string response_code_bytes;
   26659   rc = Parse_TPM_RC(
   26660       &buffer,
   26661       &response_code,
   26662       &response_code_bytes);
   26663   if (rc != TPM_RC_SUCCESS) {
   26664     return rc;
   26665   }
   26666   if (response_size != response.size()) {
   26667     return TPM_RC_SIZE;
   26668   }
   26669   if (response_code != TPM_RC_SUCCESS) {
   26670     return response_code;
   26671   }
   26672   TPM_CC command_code = TPM_CC_PolicyOR;
   26673   std::string command_code_bytes;
   26674   rc = Serialize_TPM_CC(
   26675       command_code,
   26676       &command_code_bytes);
   26677   if (rc != TPM_RC_SUCCESS) {
   26678     return rc;
   26679   }
   26680   std::string authorization_section_bytes;
   26681   if (tag == TPM_ST_SESSIONS) {
   26682     UINT32 parameter_section_size = buffer.size();
   26683     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   26684     if (rc != TPM_RC_SUCCESS) {
   26685       return rc;
   26686     }
   26687     if (parameter_section_size > buffer.size()) {
   26688       return TPM_RC_INSUFFICIENT;
   26689     }
   26690     authorization_section_bytes = buffer.substr(parameter_section_size);
   26691     // Keep the parameter section in |buffer|.
   26692     buffer.erase(parameter_section_size);
   26693   }
   26694   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   26695       crypto::SecureHash::SHA256));
   26696   hash->Update(response_code_bytes.data(),
   26697                response_code_bytes.size());
   26698   hash->Update(command_code_bytes.data(),
   26699                command_code_bytes.size());
   26700   hash->Update(buffer.data(),
   26701                buffer.size());
   26702   std::string response_hash(32, 0);
   26703   hash->Finish(string_as_array(&response_hash), response_hash.size());
   26704   if (tag == TPM_ST_SESSIONS) {
   26705     CHECK(authorization_delegate) << "Authorization delegate missing!";
   26706     if (!authorization_delegate->CheckResponseAuthorization(
   26707         response_hash,
   26708         authorization_section_bytes)) {
   26709       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26710     }
   26711   }
   26712   return TPM_RC_SUCCESS;
   26713 }
   26714 
   26715 void PolicyORErrorCallback(
   26716     const Tpm::PolicyORResponse& callback,
   26717     TPM_RC response_code) {
   26718   VLOG(1) << __func__;
   26719   callback.Run(response_code);
   26720 }
   26721 
   26722 void PolicyORResponseParser(
   26723     const Tpm::PolicyORResponse& callback,
   26724     AuthorizationDelegate* authorization_delegate,
   26725     const std::string& response) {
   26726   VLOG(1) << __func__;
   26727   base::Callback<void(TPM_RC)> error_reporter =
   26728       base::Bind(PolicyORErrorCallback, callback);
   26729   TPM_RC rc = Tpm::ParseResponse_PolicyOR(
   26730       response,
   26731       authorization_delegate);
   26732   if (rc != TPM_RC_SUCCESS) {
   26733     error_reporter.Run(rc);
   26734     return;
   26735   }
   26736   callback.Run(
   26737       rc);
   26738 }
   26739 
   26740 void Tpm::PolicyOR(
   26741       const TPMI_SH_POLICY& policy_session,
   26742       const std::string& policy_session_name,
   26743       const TPML_DIGEST& p_hash_list,
   26744       AuthorizationDelegate* authorization_delegate,
   26745       const PolicyORResponse& callback) {
   26746   VLOG(1) << __func__;
   26747   base::Callback<void(TPM_RC)> error_reporter =
   26748       base::Bind(PolicyORErrorCallback, callback);
   26749   base::Callback<void(const std::string&)> parser =
   26750       base::Bind(PolicyORResponseParser,
   26751                  callback,
   26752                  authorization_delegate);
   26753   std::string command;
   26754   TPM_RC rc = SerializeCommand_PolicyOR(
   26755       policy_session,
   26756       policy_session_name,
   26757       p_hash_list,
   26758       &command,
   26759       authorization_delegate);
   26760   if (rc != TPM_RC_SUCCESS) {
   26761     error_reporter.Run(rc);
   26762     return;
   26763   }
   26764   transceiver_->SendCommand(command, parser);
   26765 }
   26766 
   26767 TPM_RC Tpm::PolicyORSync(
   26768       const TPMI_SH_POLICY& policy_session,
   26769       const std::string& policy_session_name,
   26770       const TPML_DIGEST& p_hash_list,
   26771       AuthorizationDelegate* authorization_delegate) {
   26772   VLOG(1) << __func__;
   26773   std::string command;
   26774   TPM_RC rc = SerializeCommand_PolicyOR(
   26775       policy_session,
   26776       policy_session_name,
   26777       p_hash_list,
   26778       &command,
   26779       authorization_delegate);
   26780   if (rc != TPM_RC_SUCCESS) {
   26781     return rc;
   26782   }
   26783   std::string response = transceiver_->SendCommandAndWait(command);
   26784   rc = ParseResponse_PolicyOR(
   26785       response,
   26786       authorization_delegate);
   26787   return rc;
   26788 }
   26789 
   26790 TPM_RC Tpm::SerializeCommand_PolicyPCR(
   26791       const TPMI_SH_POLICY& policy_session,
   26792       const std::string& policy_session_name,
   26793       const TPM2B_DIGEST& pcr_digest,
   26794       const TPML_PCR_SELECTION& pcrs,
   26795       std::string* serialized_command,
   26796       AuthorizationDelegate* authorization_delegate) {
   26797   VLOG(3) << __func__;
   26798   TPM_RC rc = TPM_RC_SUCCESS;
   26799   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   26800   UINT32 command_size = 10;  // Header size.
   26801   std::string handle_section_bytes;
   26802   std::string parameter_section_bytes;
   26803   TPM_CC command_code = TPM_CC_PolicyPCR;
   26804   bool is_command_parameter_encryption_possible = true;
   26805   bool is_response_parameter_encryption_possible = false;
   26806   std::string command_code_bytes;
   26807   rc = Serialize_TPM_CC(
   26808       command_code,
   26809       &command_code_bytes);
   26810   if (rc != TPM_RC_SUCCESS) {
   26811     return rc;
   26812   }
   26813   std::string policy_session_bytes;
   26814   rc = Serialize_TPMI_SH_POLICY(
   26815       policy_session,
   26816       &policy_session_bytes);
   26817   if (rc != TPM_RC_SUCCESS) {
   26818     return rc;
   26819   }
   26820   std::string pcr_digest_bytes;
   26821   rc = Serialize_TPM2B_DIGEST(
   26822       pcr_digest,
   26823       &pcr_digest_bytes);
   26824   if (rc != TPM_RC_SUCCESS) {
   26825     return rc;
   26826   }
   26827   std::string pcrs_bytes;
   26828   rc = Serialize_TPML_PCR_SELECTION(
   26829       pcrs,
   26830       &pcrs_bytes);
   26831   if (rc != TPM_RC_SUCCESS) {
   26832     return rc;
   26833   }
   26834   if (authorization_delegate) {
   26835     // Encrypt just the parameter data, not the size.
   26836     std::string tmp = pcr_digest_bytes.substr(2);
   26837     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   26838       return TRUNKS_RC_ENCRYPTION_FAILED;
   26839     }
   26840     pcr_digest_bytes.replace(2, std::string::npos, tmp);
   26841   }
   26842   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   26843       crypto::SecureHash::SHA256));
   26844   hash->Update(command_code_bytes.data(),
   26845                command_code_bytes.size());
   26846   hash->Update(policy_session_name.data(),
   26847                policy_session_name.size());
   26848   handle_section_bytes += policy_session_bytes;
   26849   command_size += policy_session_bytes.size();
   26850   hash->Update(pcr_digest_bytes.data(),
   26851                pcr_digest_bytes.size());
   26852   parameter_section_bytes += pcr_digest_bytes;
   26853   command_size += pcr_digest_bytes.size();
   26854   hash->Update(pcrs_bytes.data(),
   26855                pcrs_bytes.size());
   26856   parameter_section_bytes += pcrs_bytes;
   26857   command_size += pcrs_bytes.size();
   26858   std::string command_hash(32, 0);
   26859   hash->Finish(string_as_array(&command_hash), command_hash.size());
   26860   std::string authorization_section_bytes;
   26861   std::string authorization_size_bytes;
   26862   if (authorization_delegate) {
   26863     if (!authorization_delegate->GetCommandAuthorization(
   26864         command_hash,
   26865         is_command_parameter_encryption_possible,
   26866         is_response_parameter_encryption_possible,
   26867         &authorization_section_bytes)) {
   26868       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26869     }
   26870     if (!authorization_section_bytes.empty()) {
   26871       tag = TPM_ST_SESSIONS;
   26872       std::string tmp;
   26873       rc = Serialize_UINT32(authorization_section_bytes.size(),
   26874                             &authorization_size_bytes);
   26875       if (rc != TPM_RC_SUCCESS) {
   26876         return rc;
   26877       }
   26878       command_size += authorization_size_bytes.size() +
   26879                       authorization_section_bytes.size();
   26880     }
   26881   }
   26882   std::string tag_bytes;
   26883   rc = Serialize_TPMI_ST_COMMAND_TAG(
   26884       tag,
   26885       &tag_bytes);
   26886   if (rc != TPM_RC_SUCCESS) {
   26887     return rc;
   26888   }
   26889   std::string command_size_bytes;
   26890   rc = Serialize_UINT32(
   26891       command_size,
   26892       &command_size_bytes);
   26893   if (rc != TPM_RC_SUCCESS) {
   26894     return rc;
   26895   }
   26896   *serialized_command = tag_bytes +
   26897                         command_size_bytes +
   26898                         command_code_bytes +
   26899                         handle_section_bytes +
   26900                         authorization_size_bytes +
   26901                         authorization_section_bytes +
   26902                         parameter_section_bytes;
   26903   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   26904   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   26905                                             serialized_command->size());
   26906   return TPM_RC_SUCCESS;
   26907 }
   26908 
   26909 TPM_RC Tpm::ParseResponse_PolicyPCR(
   26910       const std::string& response,
   26911       AuthorizationDelegate* authorization_delegate) {
   26912   VLOG(3) << __func__;
   26913   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   26914   TPM_RC rc = TPM_RC_SUCCESS;
   26915   std::string buffer(response);
   26916   TPM_ST tag;
   26917   std::string tag_bytes;
   26918   rc = Parse_TPM_ST(
   26919       &buffer,
   26920       &tag,
   26921       &tag_bytes);
   26922   if (rc != TPM_RC_SUCCESS) {
   26923     return rc;
   26924   }
   26925   UINT32 response_size;
   26926   std::string response_size_bytes;
   26927   rc = Parse_UINT32(
   26928       &buffer,
   26929       &response_size,
   26930       &response_size_bytes);
   26931   if (rc != TPM_RC_SUCCESS) {
   26932     return rc;
   26933   }
   26934   TPM_RC response_code;
   26935   std::string response_code_bytes;
   26936   rc = Parse_TPM_RC(
   26937       &buffer,
   26938       &response_code,
   26939       &response_code_bytes);
   26940   if (rc != TPM_RC_SUCCESS) {
   26941     return rc;
   26942   }
   26943   if (response_size != response.size()) {
   26944     return TPM_RC_SIZE;
   26945   }
   26946   if (response_code != TPM_RC_SUCCESS) {
   26947     return response_code;
   26948   }
   26949   TPM_CC command_code = TPM_CC_PolicyPCR;
   26950   std::string command_code_bytes;
   26951   rc = Serialize_TPM_CC(
   26952       command_code,
   26953       &command_code_bytes);
   26954   if (rc != TPM_RC_SUCCESS) {
   26955     return rc;
   26956   }
   26957   std::string authorization_section_bytes;
   26958   if (tag == TPM_ST_SESSIONS) {
   26959     UINT32 parameter_section_size = buffer.size();
   26960     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   26961     if (rc != TPM_RC_SUCCESS) {
   26962       return rc;
   26963     }
   26964     if (parameter_section_size > buffer.size()) {
   26965       return TPM_RC_INSUFFICIENT;
   26966     }
   26967     authorization_section_bytes = buffer.substr(parameter_section_size);
   26968     // Keep the parameter section in |buffer|.
   26969     buffer.erase(parameter_section_size);
   26970   }
   26971   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   26972       crypto::SecureHash::SHA256));
   26973   hash->Update(response_code_bytes.data(),
   26974                response_code_bytes.size());
   26975   hash->Update(command_code_bytes.data(),
   26976                command_code_bytes.size());
   26977   hash->Update(buffer.data(),
   26978                buffer.size());
   26979   std::string response_hash(32, 0);
   26980   hash->Finish(string_as_array(&response_hash), response_hash.size());
   26981   if (tag == TPM_ST_SESSIONS) {
   26982     CHECK(authorization_delegate) << "Authorization delegate missing!";
   26983     if (!authorization_delegate->CheckResponseAuthorization(
   26984         response_hash,
   26985         authorization_section_bytes)) {
   26986       return TRUNKS_RC_AUTHORIZATION_FAILED;
   26987     }
   26988   }
   26989   return TPM_RC_SUCCESS;
   26990 }
   26991 
   26992 void PolicyPCRErrorCallback(
   26993     const Tpm::PolicyPCRResponse& callback,
   26994     TPM_RC response_code) {
   26995   VLOG(1) << __func__;
   26996   callback.Run(response_code);
   26997 }
   26998 
   26999 void PolicyPCRResponseParser(
   27000     const Tpm::PolicyPCRResponse& callback,
   27001     AuthorizationDelegate* authorization_delegate,
   27002     const std::string& response) {
   27003   VLOG(1) << __func__;
   27004   base::Callback<void(TPM_RC)> error_reporter =
   27005       base::Bind(PolicyPCRErrorCallback, callback);
   27006   TPM_RC rc = Tpm::ParseResponse_PolicyPCR(
   27007       response,
   27008       authorization_delegate);
   27009   if (rc != TPM_RC_SUCCESS) {
   27010     error_reporter.Run(rc);
   27011     return;
   27012   }
   27013   callback.Run(
   27014       rc);
   27015 }
   27016 
   27017 void Tpm::PolicyPCR(
   27018       const TPMI_SH_POLICY& policy_session,
   27019       const std::string& policy_session_name,
   27020       const TPM2B_DIGEST& pcr_digest,
   27021       const TPML_PCR_SELECTION& pcrs,
   27022       AuthorizationDelegate* authorization_delegate,
   27023       const PolicyPCRResponse& callback) {
   27024   VLOG(1) << __func__;
   27025   base::Callback<void(TPM_RC)> error_reporter =
   27026       base::Bind(PolicyPCRErrorCallback, callback);
   27027   base::Callback<void(const std::string&)> parser =
   27028       base::Bind(PolicyPCRResponseParser,
   27029                  callback,
   27030                  authorization_delegate);
   27031   std::string command;
   27032   TPM_RC rc = SerializeCommand_PolicyPCR(
   27033       policy_session,
   27034       policy_session_name,
   27035       pcr_digest,
   27036       pcrs,
   27037       &command,
   27038       authorization_delegate);
   27039   if (rc != TPM_RC_SUCCESS) {
   27040     error_reporter.Run(rc);
   27041     return;
   27042   }
   27043   transceiver_->SendCommand(command, parser);
   27044 }
   27045 
   27046 TPM_RC Tpm::PolicyPCRSync(
   27047       const TPMI_SH_POLICY& policy_session,
   27048       const std::string& policy_session_name,
   27049       const TPM2B_DIGEST& pcr_digest,
   27050       const TPML_PCR_SELECTION& pcrs,
   27051       AuthorizationDelegate* authorization_delegate) {
   27052   VLOG(1) << __func__;
   27053   std::string command;
   27054   TPM_RC rc = SerializeCommand_PolicyPCR(
   27055       policy_session,
   27056       policy_session_name,
   27057       pcr_digest,
   27058       pcrs,
   27059       &command,
   27060       authorization_delegate);
   27061   if (rc != TPM_RC_SUCCESS) {
   27062     return rc;
   27063   }
   27064   std::string response = transceiver_->SendCommandAndWait(command);
   27065   rc = ParseResponse_PolicyPCR(
   27066       response,
   27067       authorization_delegate);
   27068   return rc;
   27069 }
   27070 
   27071 TPM_RC Tpm::SerializeCommand_PolicyLocality(
   27072       const TPMI_SH_POLICY& policy_session,
   27073       const std::string& policy_session_name,
   27074       const TPMA_LOCALITY& locality,
   27075       std::string* serialized_command,
   27076       AuthorizationDelegate* authorization_delegate) {
   27077   VLOG(3) << __func__;
   27078   TPM_RC rc = TPM_RC_SUCCESS;
   27079   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   27080   UINT32 command_size = 10;  // Header size.
   27081   std::string handle_section_bytes;
   27082   std::string parameter_section_bytes;
   27083   TPM_CC command_code = TPM_CC_PolicyLocality;
   27084   bool is_command_parameter_encryption_possible = false;
   27085   bool is_response_parameter_encryption_possible = false;
   27086   std::string command_code_bytes;
   27087   rc = Serialize_TPM_CC(
   27088       command_code,
   27089       &command_code_bytes);
   27090   if (rc != TPM_RC_SUCCESS) {
   27091     return rc;
   27092   }
   27093   std::string policy_session_bytes;
   27094   rc = Serialize_TPMI_SH_POLICY(
   27095       policy_session,
   27096       &policy_session_bytes);
   27097   if (rc != TPM_RC_SUCCESS) {
   27098     return rc;
   27099   }
   27100   std::string locality_bytes;
   27101   rc = Serialize_TPMA_LOCALITY(
   27102       locality,
   27103       &locality_bytes);
   27104   if (rc != TPM_RC_SUCCESS) {
   27105     return rc;
   27106   }
   27107   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   27108       crypto::SecureHash::SHA256));
   27109   hash->Update(command_code_bytes.data(),
   27110                command_code_bytes.size());
   27111   hash->Update(policy_session_name.data(),
   27112                policy_session_name.size());
   27113   handle_section_bytes += policy_session_bytes;
   27114   command_size += policy_session_bytes.size();
   27115   hash->Update(locality_bytes.data(),
   27116                locality_bytes.size());
   27117   parameter_section_bytes += locality_bytes;
   27118   command_size += locality_bytes.size();
   27119   std::string command_hash(32, 0);
   27120   hash->Finish(string_as_array(&command_hash), command_hash.size());
   27121   std::string authorization_section_bytes;
   27122   std::string authorization_size_bytes;
   27123   if (authorization_delegate) {
   27124     if (!authorization_delegate->GetCommandAuthorization(
   27125         command_hash,
   27126         is_command_parameter_encryption_possible,
   27127         is_response_parameter_encryption_possible,
   27128         &authorization_section_bytes)) {
   27129       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27130     }
   27131     if (!authorization_section_bytes.empty()) {
   27132       tag = TPM_ST_SESSIONS;
   27133       std::string tmp;
   27134       rc = Serialize_UINT32(authorization_section_bytes.size(),
   27135                             &authorization_size_bytes);
   27136       if (rc != TPM_RC_SUCCESS) {
   27137         return rc;
   27138       }
   27139       command_size += authorization_size_bytes.size() +
   27140                       authorization_section_bytes.size();
   27141     }
   27142   }
   27143   std::string tag_bytes;
   27144   rc = Serialize_TPMI_ST_COMMAND_TAG(
   27145       tag,
   27146       &tag_bytes);
   27147   if (rc != TPM_RC_SUCCESS) {
   27148     return rc;
   27149   }
   27150   std::string command_size_bytes;
   27151   rc = Serialize_UINT32(
   27152       command_size,
   27153       &command_size_bytes);
   27154   if (rc != TPM_RC_SUCCESS) {
   27155     return rc;
   27156   }
   27157   *serialized_command = tag_bytes +
   27158                         command_size_bytes +
   27159                         command_code_bytes +
   27160                         handle_section_bytes +
   27161                         authorization_size_bytes +
   27162                         authorization_section_bytes +
   27163                         parameter_section_bytes;
   27164   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   27165   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   27166                                             serialized_command->size());
   27167   return TPM_RC_SUCCESS;
   27168 }
   27169 
   27170 TPM_RC Tpm::ParseResponse_PolicyLocality(
   27171       const std::string& response,
   27172       AuthorizationDelegate* authorization_delegate) {
   27173   VLOG(3) << __func__;
   27174   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   27175   TPM_RC rc = TPM_RC_SUCCESS;
   27176   std::string buffer(response);
   27177   TPM_ST tag;
   27178   std::string tag_bytes;
   27179   rc = Parse_TPM_ST(
   27180       &buffer,
   27181       &tag,
   27182       &tag_bytes);
   27183   if (rc != TPM_RC_SUCCESS) {
   27184     return rc;
   27185   }
   27186   UINT32 response_size;
   27187   std::string response_size_bytes;
   27188   rc = Parse_UINT32(
   27189       &buffer,
   27190       &response_size,
   27191       &response_size_bytes);
   27192   if (rc != TPM_RC_SUCCESS) {
   27193     return rc;
   27194   }
   27195   TPM_RC response_code;
   27196   std::string response_code_bytes;
   27197   rc = Parse_TPM_RC(
   27198       &buffer,
   27199       &response_code,
   27200       &response_code_bytes);
   27201   if (rc != TPM_RC_SUCCESS) {
   27202     return rc;
   27203   }
   27204   if (response_size != response.size()) {
   27205     return TPM_RC_SIZE;
   27206   }
   27207   if (response_code != TPM_RC_SUCCESS) {
   27208     return response_code;
   27209   }
   27210   TPM_CC command_code = TPM_CC_PolicyLocality;
   27211   std::string command_code_bytes;
   27212   rc = Serialize_TPM_CC(
   27213       command_code,
   27214       &command_code_bytes);
   27215   if (rc != TPM_RC_SUCCESS) {
   27216     return rc;
   27217   }
   27218   std::string authorization_section_bytes;
   27219   if (tag == TPM_ST_SESSIONS) {
   27220     UINT32 parameter_section_size = buffer.size();
   27221     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   27222     if (rc != TPM_RC_SUCCESS) {
   27223       return rc;
   27224     }
   27225     if (parameter_section_size > buffer.size()) {
   27226       return TPM_RC_INSUFFICIENT;
   27227     }
   27228     authorization_section_bytes = buffer.substr(parameter_section_size);
   27229     // Keep the parameter section in |buffer|.
   27230     buffer.erase(parameter_section_size);
   27231   }
   27232   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   27233       crypto::SecureHash::SHA256));
   27234   hash->Update(response_code_bytes.data(),
   27235                response_code_bytes.size());
   27236   hash->Update(command_code_bytes.data(),
   27237                command_code_bytes.size());
   27238   hash->Update(buffer.data(),
   27239                buffer.size());
   27240   std::string response_hash(32, 0);
   27241   hash->Finish(string_as_array(&response_hash), response_hash.size());
   27242   if (tag == TPM_ST_SESSIONS) {
   27243     CHECK(authorization_delegate) << "Authorization delegate missing!";
   27244     if (!authorization_delegate->CheckResponseAuthorization(
   27245         response_hash,
   27246         authorization_section_bytes)) {
   27247       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27248     }
   27249   }
   27250   return TPM_RC_SUCCESS;
   27251 }
   27252 
   27253 void PolicyLocalityErrorCallback(
   27254     const Tpm::PolicyLocalityResponse& callback,
   27255     TPM_RC response_code) {
   27256   VLOG(1) << __func__;
   27257   callback.Run(response_code);
   27258 }
   27259 
   27260 void PolicyLocalityResponseParser(
   27261     const Tpm::PolicyLocalityResponse& callback,
   27262     AuthorizationDelegate* authorization_delegate,
   27263     const std::string& response) {
   27264   VLOG(1) << __func__;
   27265   base::Callback<void(TPM_RC)> error_reporter =
   27266       base::Bind(PolicyLocalityErrorCallback, callback);
   27267   TPM_RC rc = Tpm::ParseResponse_PolicyLocality(
   27268       response,
   27269       authorization_delegate);
   27270   if (rc != TPM_RC_SUCCESS) {
   27271     error_reporter.Run(rc);
   27272     return;
   27273   }
   27274   callback.Run(
   27275       rc);
   27276 }
   27277 
   27278 void Tpm::PolicyLocality(
   27279       const TPMI_SH_POLICY& policy_session,
   27280       const std::string& policy_session_name,
   27281       const TPMA_LOCALITY& locality,
   27282       AuthorizationDelegate* authorization_delegate,
   27283       const PolicyLocalityResponse& callback) {
   27284   VLOG(1) << __func__;
   27285   base::Callback<void(TPM_RC)> error_reporter =
   27286       base::Bind(PolicyLocalityErrorCallback, callback);
   27287   base::Callback<void(const std::string&)> parser =
   27288       base::Bind(PolicyLocalityResponseParser,
   27289                  callback,
   27290                  authorization_delegate);
   27291   std::string command;
   27292   TPM_RC rc = SerializeCommand_PolicyLocality(
   27293       policy_session,
   27294       policy_session_name,
   27295       locality,
   27296       &command,
   27297       authorization_delegate);
   27298   if (rc != TPM_RC_SUCCESS) {
   27299     error_reporter.Run(rc);
   27300     return;
   27301   }
   27302   transceiver_->SendCommand(command, parser);
   27303 }
   27304 
   27305 TPM_RC Tpm::PolicyLocalitySync(
   27306       const TPMI_SH_POLICY& policy_session,
   27307       const std::string& policy_session_name,
   27308       const TPMA_LOCALITY& locality,
   27309       AuthorizationDelegate* authorization_delegate) {
   27310   VLOG(1) << __func__;
   27311   std::string command;
   27312   TPM_RC rc = SerializeCommand_PolicyLocality(
   27313       policy_session,
   27314       policy_session_name,
   27315       locality,
   27316       &command,
   27317       authorization_delegate);
   27318   if (rc != TPM_RC_SUCCESS) {
   27319     return rc;
   27320   }
   27321   std::string response = transceiver_->SendCommandAndWait(command);
   27322   rc = ParseResponse_PolicyLocality(
   27323       response,
   27324       authorization_delegate);
   27325   return rc;
   27326 }
   27327 
   27328 TPM_RC Tpm::SerializeCommand_PolicyNV(
   27329       const TPMI_RH_NV_AUTH& auth_handle,
   27330       const std::string& auth_handle_name,
   27331       const TPMI_RH_NV_INDEX& nv_index,
   27332       const std::string& nv_index_name,
   27333       const TPMI_SH_POLICY& policy_session,
   27334       const std::string& policy_session_name,
   27335       const TPM2B_OPERAND& operand_b,
   27336       const UINT16& offset,
   27337       const TPM_EO& operation,
   27338       std::string* serialized_command,
   27339       AuthorizationDelegate* authorization_delegate) {
   27340   VLOG(3) << __func__;
   27341   TPM_RC rc = TPM_RC_SUCCESS;
   27342   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   27343   UINT32 command_size = 10;  // Header size.
   27344   std::string handle_section_bytes;
   27345   std::string parameter_section_bytes;
   27346   TPM_CC command_code = TPM_CC_PolicyNV;
   27347   bool is_command_parameter_encryption_possible = true;
   27348   bool is_response_parameter_encryption_possible = false;
   27349   std::string command_code_bytes;
   27350   rc = Serialize_TPM_CC(
   27351       command_code,
   27352       &command_code_bytes);
   27353   if (rc != TPM_RC_SUCCESS) {
   27354     return rc;
   27355   }
   27356   std::string auth_handle_bytes;
   27357   rc = Serialize_TPMI_RH_NV_AUTH(
   27358       auth_handle,
   27359       &auth_handle_bytes);
   27360   if (rc != TPM_RC_SUCCESS) {
   27361     return rc;
   27362   }
   27363   std::string nv_index_bytes;
   27364   rc = Serialize_TPMI_RH_NV_INDEX(
   27365       nv_index,
   27366       &nv_index_bytes);
   27367   if (rc != TPM_RC_SUCCESS) {
   27368     return rc;
   27369   }
   27370   std::string policy_session_bytes;
   27371   rc = Serialize_TPMI_SH_POLICY(
   27372       policy_session,
   27373       &policy_session_bytes);
   27374   if (rc != TPM_RC_SUCCESS) {
   27375     return rc;
   27376   }
   27377   std::string operand_b_bytes;
   27378   rc = Serialize_TPM2B_OPERAND(
   27379       operand_b,
   27380       &operand_b_bytes);
   27381   if (rc != TPM_RC_SUCCESS) {
   27382     return rc;
   27383   }
   27384   std::string offset_bytes;
   27385   rc = Serialize_UINT16(
   27386       offset,
   27387       &offset_bytes);
   27388   if (rc != TPM_RC_SUCCESS) {
   27389     return rc;
   27390   }
   27391   std::string operation_bytes;
   27392   rc = Serialize_TPM_EO(
   27393       operation,
   27394       &operation_bytes);
   27395   if (rc != TPM_RC_SUCCESS) {
   27396     return rc;
   27397   }
   27398   if (authorization_delegate) {
   27399     // Encrypt just the parameter data, not the size.
   27400     std::string tmp = operand_b_bytes.substr(2);
   27401     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   27402       return TRUNKS_RC_ENCRYPTION_FAILED;
   27403     }
   27404     operand_b_bytes.replace(2, std::string::npos, tmp);
   27405   }
   27406   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   27407       crypto::SecureHash::SHA256));
   27408   hash->Update(command_code_bytes.data(),
   27409                command_code_bytes.size());
   27410   hash->Update(auth_handle_name.data(),
   27411                auth_handle_name.size());
   27412   handle_section_bytes += auth_handle_bytes;
   27413   command_size += auth_handle_bytes.size();
   27414   hash->Update(nv_index_name.data(),
   27415                nv_index_name.size());
   27416   handle_section_bytes += nv_index_bytes;
   27417   command_size += nv_index_bytes.size();
   27418   hash->Update(policy_session_name.data(),
   27419                policy_session_name.size());
   27420   handle_section_bytes += policy_session_bytes;
   27421   command_size += policy_session_bytes.size();
   27422   hash->Update(operand_b_bytes.data(),
   27423                operand_b_bytes.size());
   27424   parameter_section_bytes += operand_b_bytes;
   27425   command_size += operand_b_bytes.size();
   27426   hash->Update(offset_bytes.data(),
   27427                offset_bytes.size());
   27428   parameter_section_bytes += offset_bytes;
   27429   command_size += offset_bytes.size();
   27430   hash->Update(operation_bytes.data(),
   27431                operation_bytes.size());
   27432   parameter_section_bytes += operation_bytes;
   27433   command_size += operation_bytes.size();
   27434   std::string command_hash(32, 0);
   27435   hash->Finish(string_as_array(&command_hash), command_hash.size());
   27436   std::string authorization_section_bytes;
   27437   std::string authorization_size_bytes;
   27438   if (authorization_delegate) {
   27439     if (!authorization_delegate->GetCommandAuthorization(
   27440         command_hash,
   27441         is_command_parameter_encryption_possible,
   27442         is_response_parameter_encryption_possible,
   27443         &authorization_section_bytes)) {
   27444       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27445     }
   27446     if (!authorization_section_bytes.empty()) {
   27447       tag = TPM_ST_SESSIONS;
   27448       std::string tmp;
   27449       rc = Serialize_UINT32(authorization_section_bytes.size(),
   27450                             &authorization_size_bytes);
   27451       if (rc != TPM_RC_SUCCESS) {
   27452         return rc;
   27453       }
   27454       command_size += authorization_size_bytes.size() +
   27455                       authorization_section_bytes.size();
   27456     }
   27457   }
   27458   std::string tag_bytes;
   27459   rc = Serialize_TPMI_ST_COMMAND_TAG(
   27460       tag,
   27461       &tag_bytes);
   27462   if (rc != TPM_RC_SUCCESS) {
   27463     return rc;
   27464   }
   27465   std::string command_size_bytes;
   27466   rc = Serialize_UINT32(
   27467       command_size,
   27468       &command_size_bytes);
   27469   if (rc != TPM_RC_SUCCESS) {
   27470     return rc;
   27471   }
   27472   *serialized_command = tag_bytes +
   27473                         command_size_bytes +
   27474                         command_code_bytes +
   27475                         handle_section_bytes +
   27476                         authorization_size_bytes +
   27477                         authorization_section_bytes +
   27478                         parameter_section_bytes;
   27479   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   27480   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   27481                                             serialized_command->size());
   27482   return TPM_RC_SUCCESS;
   27483 }
   27484 
   27485 TPM_RC Tpm::ParseResponse_PolicyNV(
   27486       const std::string& response,
   27487       AuthorizationDelegate* authorization_delegate) {
   27488   VLOG(3) << __func__;
   27489   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   27490   TPM_RC rc = TPM_RC_SUCCESS;
   27491   std::string buffer(response);
   27492   TPM_ST tag;
   27493   std::string tag_bytes;
   27494   rc = Parse_TPM_ST(
   27495       &buffer,
   27496       &tag,
   27497       &tag_bytes);
   27498   if (rc != TPM_RC_SUCCESS) {
   27499     return rc;
   27500   }
   27501   UINT32 response_size;
   27502   std::string response_size_bytes;
   27503   rc = Parse_UINT32(
   27504       &buffer,
   27505       &response_size,
   27506       &response_size_bytes);
   27507   if (rc != TPM_RC_SUCCESS) {
   27508     return rc;
   27509   }
   27510   TPM_RC response_code;
   27511   std::string response_code_bytes;
   27512   rc = Parse_TPM_RC(
   27513       &buffer,
   27514       &response_code,
   27515       &response_code_bytes);
   27516   if (rc != TPM_RC_SUCCESS) {
   27517     return rc;
   27518   }
   27519   if (response_size != response.size()) {
   27520     return TPM_RC_SIZE;
   27521   }
   27522   if (response_code != TPM_RC_SUCCESS) {
   27523     return response_code;
   27524   }
   27525   TPM_CC command_code = TPM_CC_PolicyNV;
   27526   std::string command_code_bytes;
   27527   rc = Serialize_TPM_CC(
   27528       command_code,
   27529       &command_code_bytes);
   27530   if (rc != TPM_RC_SUCCESS) {
   27531     return rc;
   27532   }
   27533   std::string authorization_section_bytes;
   27534   if (tag == TPM_ST_SESSIONS) {
   27535     UINT32 parameter_section_size = buffer.size();
   27536     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   27537     if (rc != TPM_RC_SUCCESS) {
   27538       return rc;
   27539     }
   27540     if (parameter_section_size > buffer.size()) {
   27541       return TPM_RC_INSUFFICIENT;
   27542     }
   27543     authorization_section_bytes = buffer.substr(parameter_section_size);
   27544     // Keep the parameter section in |buffer|.
   27545     buffer.erase(parameter_section_size);
   27546   }
   27547   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   27548       crypto::SecureHash::SHA256));
   27549   hash->Update(response_code_bytes.data(),
   27550                response_code_bytes.size());
   27551   hash->Update(command_code_bytes.data(),
   27552                command_code_bytes.size());
   27553   hash->Update(buffer.data(),
   27554                buffer.size());
   27555   std::string response_hash(32, 0);
   27556   hash->Finish(string_as_array(&response_hash), response_hash.size());
   27557   if (tag == TPM_ST_SESSIONS) {
   27558     CHECK(authorization_delegate) << "Authorization delegate missing!";
   27559     if (!authorization_delegate->CheckResponseAuthorization(
   27560         response_hash,
   27561         authorization_section_bytes)) {
   27562       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27563     }
   27564   }
   27565   return TPM_RC_SUCCESS;
   27566 }
   27567 
   27568 void PolicyNVErrorCallback(
   27569     const Tpm::PolicyNVResponse& callback,
   27570     TPM_RC response_code) {
   27571   VLOG(1) << __func__;
   27572   callback.Run(response_code);
   27573 }
   27574 
   27575 void PolicyNVResponseParser(
   27576     const Tpm::PolicyNVResponse& callback,
   27577     AuthorizationDelegate* authorization_delegate,
   27578     const std::string& response) {
   27579   VLOG(1) << __func__;
   27580   base::Callback<void(TPM_RC)> error_reporter =
   27581       base::Bind(PolicyNVErrorCallback, callback);
   27582   TPM_RC rc = Tpm::ParseResponse_PolicyNV(
   27583       response,
   27584       authorization_delegate);
   27585   if (rc != TPM_RC_SUCCESS) {
   27586     error_reporter.Run(rc);
   27587     return;
   27588   }
   27589   callback.Run(
   27590       rc);
   27591 }
   27592 
   27593 void Tpm::PolicyNV(
   27594       const TPMI_RH_NV_AUTH& auth_handle,
   27595       const std::string& auth_handle_name,
   27596       const TPMI_RH_NV_INDEX& nv_index,
   27597       const std::string& nv_index_name,
   27598       const TPMI_SH_POLICY& policy_session,
   27599       const std::string& policy_session_name,
   27600       const TPM2B_OPERAND& operand_b,
   27601       const UINT16& offset,
   27602       const TPM_EO& operation,
   27603       AuthorizationDelegate* authorization_delegate,
   27604       const PolicyNVResponse& callback) {
   27605   VLOG(1) << __func__;
   27606   base::Callback<void(TPM_RC)> error_reporter =
   27607       base::Bind(PolicyNVErrorCallback, callback);
   27608   base::Callback<void(const std::string&)> parser =
   27609       base::Bind(PolicyNVResponseParser,
   27610                  callback,
   27611                  authorization_delegate);
   27612   std::string command;
   27613   TPM_RC rc = SerializeCommand_PolicyNV(
   27614       auth_handle,
   27615       auth_handle_name,
   27616       nv_index,
   27617       nv_index_name,
   27618       policy_session,
   27619       policy_session_name,
   27620       operand_b,
   27621       offset,
   27622       operation,
   27623       &command,
   27624       authorization_delegate);
   27625   if (rc != TPM_RC_SUCCESS) {
   27626     error_reporter.Run(rc);
   27627     return;
   27628   }
   27629   transceiver_->SendCommand(command, parser);
   27630 }
   27631 
   27632 TPM_RC Tpm::PolicyNVSync(
   27633       const TPMI_RH_NV_AUTH& auth_handle,
   27634       const std::string& auth_handle_name,
   27635       const TPMI_RH_NV_INDEX& nv_index,
   27636       const std::string& nv_index_name,
   27637       const TPMI_SH_POLICY& policy_session,
   27638       const std::string& policy_session_name,
   27639       const TPM2B_OPERAND& operand_b,
   27640       const UINT16& offset,
   27641       const TPM_EO& operation,
   27642       AuthorizationDelegate* authorization_delegate) {
   27643   VLOG(1) << __func__;
   27644   std::string command;
   27645   TPM_RC rc = SerializeCommand_PolicyNV(
   27646       auth_handle,
   27647       auth_handle_name,
   27648       nv_index,
   27649       nv_index_name,
   27650       policy_session,
   27651       policy_session_name,
   27652       operand_b,
   27653       offset,
   27654       operation,
   27655       &command,
   27656       authorization_delegate);
   27657   if (rc != TPM_RC_SUCCESS) {
   27658     return rc;
   27659   }
   27660   std::string response = transceiver_->SendCommandAndWait(command);
   27661   rc = ParseResponse_PolicyNV(
   27662       response,
   27663       authorization_delegate);
   27664   return rc;
   27665 }
   27666 
   27667 TPM_RC Tpm::SerializeCommand_PolicyCounterTimer(
   27668       const TPMI_SH_POLICY& policy_session,
   27669       const std::string& policy_session_name,
   27670       const TPM2B_OPERAND& operand_b,
   27671       const UINT16& offset,
   27672       const TPM_EO& operation,
   27673       std::string* serialized_command,
   27674       AuthorizationDelegate* authorization_delegate) {
   27675   VLOG(3) << __func__;
   27676   TPM_RC rc = TPM_RC_SUCCESS;
   27677   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   27678   UINT32 command_size = 10;  // Header size.
   27679   std::string handle_section_bytes;
   27680   std::string parameter_section_bytes;
   27681   TPM_CC command_code = TPM_CC_PolicyCounterTimer;
   27682   bool is_command_parameter_encryption_possible = true;
   27683   bool is_response_parameter_encryption_possible = false;
   27684   std::string command_code_bytes;
   27685   rc = Serialize_TPM_CC(
   27686       command_code,
   27687       &command_code_bytes);
   27688   if (rc != TPM_RC_SUCCESS) {
   27689     return rc;
   27690   }
   27691   std::string policy_session_bytes;
   27692   rc = Serialize_TPMI_SH_POLICY(
   27693       policy_session,
   27694       &policy_session_bytes);
   27695   if (rc != TPM_RC_SUCCESS) {
   27696     return rc;
   27697   }
   27698   std::string operand_b_bytes;
   27699   rc = Serialize_TPM2B_OPERAND(
   27700       operand_b,
   27701       &operand_b_bytes);
   27702   if (rc != TPM_RC_SUCCESS) {
   27703     return rc;
   27704   }
   27705   std::string offset_bytes;
   27706   rc = Serialize_UINT16(
   27707       offset,
   27708       &offset_bytes);
   27709   if (rc != TPM_RC_SUCCESS) {
   27710     return rc;
   27711   }
   27712   std::string operation_bytes;
   27713   rc = Serialize_TPM_EO(
   27714       operation,
   27715       &operation_bytes);
   27716   if (rc != TPM_RC_SUCCESS) {
   27717     return rc;
   27718   }
   27719   if (authorization_delegate) {
   27720     // Encrypt just the parameter data, not the size.
   27721     std::string tmp = operand_b_bytes.substr(2);
   27722     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   27723       return TRUNKS_RC_ENCRYPTION_FAILED;
   27724     }
   27725     operand_b_bytes.replace(2, std::string::npos, tmp);
   27726   }
   27727   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   27728       crypto::SecureHash::SHA256));
   27729   hash->Update(command_code_bytes.data(),
   27730                command_code_bytes.size());
   27731   hash->Update(policy_session_name.data(),
   27732                policy_session_name.size());
   27733   handle_section_bytes += policy_session_bytes;
   27734   command_size += policy_session_bytes.size();
   27735   hash->Update(operand_b_bytes.data(),
   27736                operand_b_bytes.size());
   27737   parameter_section_bytes += operand_b_bytes;
   27738   command_size += operand_b_bytes.size();
   27739   hash->Update(offset_bytes.data(),
   27740                offset_bytes.size());
   27741   parameter_section_bytes += offset_bytes;
   27742   command_size += offset_bytes.size();
   27743   hash->Update(operation_bytes.data(),
   27744                operation_bytes.size());
   27745   parameter_section_bytes += operation_bytes;
   27746   command_size += operation_bytes.size();
   27747   std::string command_hash(32, 0);
   27748   hash->Finish(string_as_array(&command_hash), command_hash.size());
   27749   std::string authorization_section_bytes;
   27750   std::string authorization_size_bytes;
   27751   if (authorization_delegate) {
   27752     if (!authorization_delegate->GetCommandAuthorization(
   27753         command_hash,
   27754         is_command_parameter_encryption_possible,
   27755         is_response_parameter_encryption_possible,
   27756         &authorization_section_bytes)) {
   27757       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27758     }
   27759     if (!authorization_section_bytes.empty()) {
   27760       tag = TPM_ST_SESSIONS;
   27761       std::string tmp;
   27762       rc = Serialize_UINT32(authorization_section_bytes.size(),
   27763                             &authorization_size_bytes);
   27764       if (rc != TPM_RC_SUCCESS) {
   27765         return rc;
   27766       }
   27767       command_size += authorization_size_bytes.size() +
   27768                       authorization_section_bytes.size();
   27769     }
   27770   }
   27771   std::string tag_bytes;
   27772   rc = Serialize_TPMI_ST_COMMAND_TAG(
   27773       tag,
   27774       &tag_bytes);
   27775   if (rc != TPM_RC_SUCCESS) {
   27776     return rc;
   27777   }
   27778   std::string command_size_bytes;
   27779   rc = Serialize_UINT32(
   27780       command_size,
   27781       &command_size_bytes);
   27782   if (rc != TPM_RC_SUCCESS) {
   27783     return rc;
   27784   }
   27785   *serialized_command = tag_bytes +
   27786                         command_size_bytes +
   27787                         command_code_bytes +
   27788                         handle_section_bytes +
   27789                         authorization_size_bytes +
   27790                         authorization_section_bytes +
   27791                         parameter_section_bytes;
   27792   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   27793   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   27794                                             serialized_command->size());
   27795   return TPM_RC_SUCCESS;
   27796 }
   27797 
   27798 TPM_RC Tpm::ParseResponse_PolicyCounterTimer(
   27799       const std::string& response,
   27800       AuthorizationDelegate* authorization_delegate) {
   27801   VLOG(3) << __func__;
   27802   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   27803   TPM_RC rc = TPM_RC_SUCCESS;
   27804   std::string buffer(response);
   27805   TPM_ST tag;
   27806   std::string tag_bytes;
   27807   rc = Parse_TPM_ST(
   27808       &buffer,
   27809       &tag,
   27810       &tag_bytes);
   27811   if (rc != TPM_RC_SUCCESS) {
   27812     return rc;
   27813   }
   27814   UINT32 response_size;
   27815   std::string response_size_bytes;
   27816   rc = Parse_UINT32(
   27817       &buffer,
   27818       &response_size,
   27819       &response_size_bytes);
   27820   if (rc != TPM_RC_SUCCESS) {
   27821     return rc;
   27822   }
   27823   TPM_RC response_code;
   27824   std::string response_code_bytes;
   27825   rc = Parse_TPM_RC(
   27826       &buffer,
   27827       &response_code,
   27828       &response_code_bytes);
   27829   if (rc != TPM_RC_SUCCESS) {
   27830     return rc;
   27831   }
   27832   if (response_size != response.size()) {
   27833     return TPM_RC_SIZE;
   27834   }
   27835   if (response_code != TPM_RC_SUCCESS) {
   27836     return response_code;
   27837   }
   27838   TPM_CC command_code = TPM_CC_PolicyCounterTimer;
   27839   std::string command_code_bytes;
   27840   rc = Serialize_TPM_CC(
   27841       command_code,
   27842       &command_code_bytes);
   27843   if (rc != TPM_RC_SUCCESS) {
   27844     return rc;
   27845   }
   27846   std::string authorization_section_bytes;
   27847   if (tag == TPM_ST_SESSIONS) {
   27848     UINT32 parameter_section_size = buffer.size();
   27849     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   27850     if (rc != TPM_RC_SUCCESS) {
   27851       return rc;
   27852     }
   27853     if (parameter_section_size > buffer.size()) {
   27854       return TPM_RC_INSUFFICIENT;
   27855     }
   27856     authorization_section_bytes = buffer.substr(parameter_section_size);
   27857     // Keep the parameter section in |buffer|.
   27858     buffer.erase(parameter_section_size);
   27859   }
   27860   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   27861       crypto::SecureHash::SHA256));
   27862   hash->Update(response_code_bytes.data(),
   27863                response_code_bytes.size());
   27864   hash->Update(command_code_bytes.data(),
   27865                command_code_bytes.size());
   27866   hash->Update(buffer.data(),
   27867                buffer.size());
   27868   std::string response_hash(32, 0);
   27869   hash->Finish(string_as_array(&response_hash), response_hash.size());
   27870   if (tag == TPM_ST_SESSIONS) {
   27871     CHECK(authorization_delegate) << "Authorization delegate missing!";
   27872     if (!authorization_delegate->CheckResponseAuthorization(
   27873         response_hash,
   27874         authorization_section_bytes)) {
   27875       return TRUNKS_RC_AUTHORIZATION_FAILED;
   27876     }
   27877   }
   27878   return TPM_RC_SUCCESS;
   27879 }
   27880 
   27881 void PolicyCounterTimerErrorCallback(
   27882     const Tpm::PolicyCounterTimerResponse& callback,
   27883     TPM_RC response_code) {
   27884   VLOG(1) << __func__;
   27885   callback.Run(response_code);
   27886 }
   27887 
   27888 void PolicyCounterTimerResponseParser(
   27889     const Tpm::PolicyCounterTimerResponse& callback,
   27890     AuthorizationDelegate* authorization_delegate,
   27891     const std::string& response) {
   27892   VLOG(1) << __func__;
   27893   base::Callback<void(TPM_RC)> error_reporter =
   27894       base::Bind(PolicyCounterTimerErrorCallback, callback);
   27895   TPM_RC rc = Tpm::ParseResponse_PolicyCounterTimer(
   27896       response,
   27897       authorization_delegate);
   27898   if (rc != TPM_RC_SUCCESS) {
   27899     error_reporter.Run(rc);
   27900     return;
   27901   }
   27902   callback.Run(
   27903       rc);
   27904 }
   27905 
   27906 void Tpm::PolicyCounterTimer(
   27907       const TPMI_SH_POLICY& policy_session,
   27908       const std::string& policy_session_name,
   27909       const TPM2B_OPERAND& operand_b,
   27910       const UINT16& offset,
   27911       const TPM_EO& operation,
   27912       AuthorizationDelegate* authorization_delegate,
   27913       const PolicyCounterTimerResponse& callback) {
   27914   VLOG(1) << __func__;
   27915   base::Callback<void(TPM_RC)> error_reporter =
   27916       base::Bind(PolicyCounterTimerErrorCallback, callback);
   27917   base::Callback<void(const std::string&)> parser =
   27918       base::Bind(PolicyCounterTimerResponseParser,
   27919                  callback,
   27920                  authorization_delegate);
   27921   std::string command;
   27922   TPM_RC rc = SerializeCommand_PolicyCounterTimer(
   27923       policy_session,
   27924       policy_session_name,
   27925       operand_b,
   27926       offset,
   27927       operation,
   27928       &command,
   27929       authorization_delegate);
   27930   if (rc != TPM_RC_SUCCESS) {
   27931     error_reporter.Run(rc);
   27932     return;
   27933   }
   27934   transceiver_->SendCommand(command, parser);
   27935 }
   27936 
   27937 TPM_RC Tpm::PolicyCounterTimerSync(
   27938       const TPMI_SH_POLICY& policy_session,
   27939       const std::string& policy_session_name,
   27940       const TPM2B_OPERAND& operand_b,
   27941       const UINT16& offset,
   27942       const TPM_EO& operation,
   27943       AuthorizationDelegate* authorization_delegate) {
   27944   VLOG(1) << __func__;
   27945   std::string command;
   27946   TPM_RC rc = SerializeCommand_PolicyCounterTimer(
   27947       policy_session,
   27948       policy_session_name,
   27949       operand_b,
   27950       offset,
   27951       operation,
   27952       &command,
   27953       authorization_delegate);
   27954   if (rc != TPM_RC_SUCCESS) {
   27955     return rc;
   27956   }
   27957   std::string response = transceiver_->SendCommandAndWait(command);
   27958   rc = ParseResponse_PolicyCounterTimer(
   27959       response,
   27960       authorization_delegate);
   27961   return rc;
   27962 }
   27963 
   27964 TPM_RC Tpm::SerializeCommand_PolicyCommandCode(
   27965       const TPMI_SH_POLICY& policy_session,
   27966       const std::string& policy_session_name,
   27967       const TPM_CC& code,
   27968       std::string* serialized_command,
   27969       AuthorizationDelegate* authorization_delegate) {
   27970   VLOG(3) << __func__;
   27971   TPM_RC rc = TPM_RC_SUCCESS;
   27972   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   27973   UINT32 command_size = 10;  // Header size.
   27974   std::string handle_section_bytes;
   27975   std::string parameter_section_bytes;
   27976   TPM_CC command_code = TPM_CC_PolicyCommandCode;
   27977   bool is_command_parameter_encryption_possible = false;
   27978   bool is_response_parameter_encryption_possible = false;
   27979   std::string command_code_bytes;
   27980   rc = Serialize_TPM_CC(
   27981       command_code,
   27982       &command_code_bytes);
   27983   if (rc != TPM_RC_SUCCESS) {
   27984     return rc;
   27985   }
   27986   std::string policy_session_bytes;
   27987   rc = Serialize_TPMI_SH_POLICY(
   27988       policy_session,
   27989       &policy_session_bytes);
   27990   if (rc != TPM_RC_SUCCESS) {
   27991     return rc;
   27992   }
   27993   std::string code_bytes;
   27994   rc = Serialize_TPM_CC(
   27995       code,
   27996       &code_bytes);
   27997   if (rc != TPM_RC_SUCCESS) {
   27998     return rc;
   27999   }
   28000   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   28001       crypto::SecureHash::SHA256));
   28002   hash->Update(command_code_bytes.data(),
   28003                command_code_bytes.size());
   28004   hash->Update(policy_session_name.data(),
   28005                policy_session_name.size());
   28006   handle_section_bytes += policy_session_bytes;
   28007   command_size += policy_session_bytes.size();
   28008   hash->Update(code_bytes.data(),
   28009                code_bytes.size());
   28010   parameter_section_bytes += code_bytes;
   28011   command_size += code_bytes.size();
   28012   std::string command_hash(32, 0);
   28013   hash->Finish(string_as_array(&command_hash), command_hash.size());
   28014   std::string authorization_section_bytes;
   28015   std::string authorization_size_bytes;
   28016   if (authorization_delegate) {
   28017     if (!authorization_delegate->GetCommandAuthorization(
   28018         command_hash,
   28019         is_command_parameter_encryption_possible,
   28020         is_response_parameter_encryption_possible,
   28021         &authorization_section_bytes)) {
   28022       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28023     }
   28024     if (!authorization_section_bytes.empty()) {
   28025       tag = TPM_ST_SESSIONS;
   28026       std::string tmp;
   28027       rc = Serialize_UINT32(authorization_section_bytes.size(),
   28028                             &authorization_size_bytes);
   28029       if (rc != TPM_RC_SUCCESS) {
   28030         return rc;
   28031       }
   28032       command_size += authorization_size_bytes.size() +
   28033                       authorization_section_bytes.size();
   28034     }
   28035   }
   28036   std::string tag_bytes;
   28037   rc = Serialize_TPMI_ST_COMMAND_TAG(
   28038       tag,
   28039       &tag_bytes);
   28040   if (rc != TPM_RC_SUCCESS) {
   28041     return rc;
   28042   }
   28043   std::string command_size_bytes;
   28044   rc = Serialize_UINT32(
   28045       command_size,
   28046       &command_size_bytes);
   28047   if (rc != TPM_RC_SUCCESS) {
   28048     return rc;
   28049   }
   28050   *serialized_command = tag_bytes +
   28051                         command_size_bytes +
   28052                         command_code_bytes +
   28053                         handle_section_bytes +
   28054                         authorization_size_bytes +
   28055                         authorization_section_bytes +
   28056                         parameter_section_bytes;
   28057   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   28058   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   28059                                             serialized_command->size());
   28060   return TPM_RC_SUCCESS;
   28061 }
   28062 
   28063 TPM_RC Tpm::ParseResponse_PolicyCommandCode(
   28064       const std::string& response,
   28065       AuthorizationDelegate* authorization_delegate) {
   28066   VLOG(3) << __func__;
   28067   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   28068   TPM_RC rc = TPM_RC_SUCCESS;
   28069   std::string buffer(response);
   28070   TPM_ST tag;
   28071   std::string tag_bytes;
   28072   rc = Parse_TPM_ST(
   28073       &buffer,
   28074       &tag,
   28075       &tag_bytes);
   28076   if (rc != TPM_RC_SUCCESS) {
   28077     return rc;
   28078   }
   28079   UINT32 response_size;
   28080   std::string response_size_bytes;
   28081   rc = Parse_UINT32(
   28082       &buffer,
   28083       &response_size,
   28084       &response_size_bytes);
   28085   if (rc != TPM_RC_SUCCESS) {
   28086     return rc;
   28087   }
   28088   TPM_RC response_code;
   28089   std::string response_code_bytes;
   28090   rc = Parse_TPM_RC(
   28091       &buffer,
   28092       &response_code,
   28093       &response_code_bytes);
   28094   if (rc != TPM_RC_SUCCESS) {
   28095     return rc;
   28096   }
   28097   if (response_size != response.size()) {
   28098     return TPM_RC_SIZE;
   28099   }
   28100   if (response_code != TPM_RC_SUCCESS) {
   28101     return response_code;
   28102   }
   28103   TPM_CC command_code = TPM_CC_PolicyCommandCode;
   28104   std::string command_code_bytes;
   28105   rc = Serialize_TPM_CC(
   28106       command_code,
   28107       &command_code_bytes);
   28108   if (rc != TPM_RC_SUCCESS) {
   28109     return rc;
   28110   }
   28111   std::string authorization_section_bytes;
   28112   if (tag == TPM_ST_SESSIONS) {
   28113     UINT32 parameter_section_size = buffer.size();
   28114     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   28115     if (rc != TPM_RC_SUCCESS) {
   28116       return rc;
   28117     }
   28118     if (parameter_section_size > buffer.size()) {
   28119       return TPM_RC_INSUFFICIENT;
   28120     }
   28121     authorization_section_bytes = buffer.substr(parameter_section_size);
   28122     // Keep the parameter section in |buffer|.
   28123     buffer.erase(parameter_section_size);
   28124   }
   28125   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   28126       crypto::SecureHash::SHA256));
   28127   hash->Update(response_code_bytes.data(),
   28128                response_code_bytes.size());
   28129   hash->Update(command_code_bytes.data(),
   28130                command_code_bytes.size());
   28131   hash->Update(buffer.data(),
   28132                buffer.size());
   28133   std::string response_hash(32, 0);
   28134   hash->Finish(string_as_array(&response_hash), response_hash.size());
   28135   if (tag == TPM_ST_SESSIONS) {
   28136     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28137     if (!authorization_delegate->CheckResponseAuthorization(
   28138         response_hash,
   28139         authorization_section_bytes)) {
   28140       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28141     }
   28142   }
   28143   return TPM_RC_SUCCESS;
   28144 }
   28145 
   28146 void PolicyCommandCodeErrorCallback(
   28147     const Tpm::PolicyCommandCodeResponse& callback,
   28148     TPM_RC response_code) {
   28149   VLOG(1) << __func__;
   28150   callback.Run(response_code);
   28151 }
   28152 
   28153 void PolicyCommandCodeResponseParser(
   28154     const Tpm::PolicyCommandCodeResponse& callback,
   28155     AuthorizationDelegate* authorization_delegate,
   28156     const std::string& response) {
   28157   VLOG(1) << __func__;
   28158   base::Callback<void(TPM_RC)> error_reporter =
   28159       base::Bind(PolicyCommandCodeErrorCallback, callback);
   28160   TPM_RC rc = Tpm::ParseResponse_PolicyCommandCode(
   28161       response,
   28162       authorization_delegate);
   28163   if (rc != TPM_RC_SUCCESS) {
   28164     error_reporter.Run(rc);
   28165     return;
   28166   }
   28167   callback.Run(
   28168       rc);
   28169 }
   28170 
   28171 void Tpm::PolicyCommandCode(
   28172       const TPMI_SH_POLICY& policy_session,
   28173       const std::string& policy_session_name,
   28174       const TPM_CC& code,
   28175       AuthorizationDelegate* authorization_delegate,
   28176       const PolicyCommandCodeResponse& callback) {
   28177   VLOG(1) << __func__;
   28178   base::Callback<void(TPM_RC)> error_reporter =
   28179       base::Bind(PolicyCommandCodeErrorCallback, callback);
   28180   base::Callback<void(const std::string&)> parser =
   28181       base::Bind(PolicyCommandCodeResponseParser,
   28182                  callback,
   28183                  authorization_delegate);
   28184   std::string command;
   28185   TPM_RC rc = SerializeCommand_PolicyCommandCode(
   28186       policy_session,
   28187       policy_session_name,
   28188       code,
   28189       &command,
   28190       authorization_delegate);
   28191   if (rc != TPM_RC_SUCCESS) {
   28192     error_reporter.Run(rc);
   28193     return;
   28194   }
   28195   transceiver_->SendCommand(command, parser);
   28196 }
   28197 
   28198 TPM_RC Tpm::PolicyCommandCodeSync(
   28199       const TPMI_SH_POLICY& policy_session,
   28200       const std::string& policy_session_name,
   28201       const TPM_CC& code,
   28202       AuthorizationDelegate* authorization_delegate) {
   28203   VLOG(1) << __func__;
   28204   std::string command;
   28205   TPM_RC rc = SerializeCommand_PolicyCommandCode(
   28206       policy_session,
   28207       policy_session_name,
   28208       code,
   28209       &command,
   28210       authorization_delegate);
   28211   if (rc != TPM_RC_SUCCESS) {
   28212     return rc;
   28213   }
   28214   std::string response = transceiver_->SendCommandAndWait(command);
   28215   rc = ParseResponse_PolicyCommandCode(
   28216       response,
   28217       authorization_delegate);
   28218   return rc;
   28219 }
   28220 
   28221 TPM_RC Tpm::SerializeCommand_PolicyPhysicalPresence(
   28222       const TPMI_SH_POLICY& policy_session,
   28223       const std::string& policy_session_name,
   28224       std::string* serialized_command,
   28225       AuthorizationDelegate* authorization_delegate) {
   28226   VLOG(3) << __func__;
   28227   TPM_RC rc = TPM_RC_SUCCESS;
   28228   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   28229   UINT32 command_size = 10;  // Header size.
   28230   std::string handle_section_bytes;
   28231   std::string parameter_section_bytes;
   28232   TPM_CC command_code = TPM_CC_PolicyPhysicalPresence;
   28233   bool is_command_parameter_encryption_possible = false;
   28234   bool is_response_parameter_encryption_possible = false;
   28235   std::string command_code_bytes;
   28236   rc = Serialize_TPM_CC(
   28237       command_code,
   28238       &command_code_bytes);
   28239   if (rc != TPM_RC_SUCCESS) {
   28240     return rc;
   28241   }
   28242   std::string policy_session_bytes;
   28243   rc = Serialize_TPMI_SH_POLICY(
   28244       policy_session,
   28245       &policy_session_bytes);
   28246   if (rc != TPM_RC_SUCCESS) {
   28247     return rc;
   28248   }
   28249   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   28250       crypto::SecureHash::SHA256));
   28251   hash->Update(command_code_bytes.data(),
   28252                command_code_bytes.size());
   28253   hash->Update(policy_session_name.data(),
   28254                policy_session_name.size());
   28255   handle_section_bytes += policy_session_bytes;
   28256   command_size += policy_session_bytes.size();
   28257   std::string command_hash(32, 0);
   28258   hash->Finish(string_as_array(&command_hash), command_hash.size());
   28259   std::string authorization_section_bytes;
   28260   std::string authorization_size_bytes;
   28261   if (authorization_delegate) {
   28262     if (!authorization_delegate->GetCommandAuthorization(
   28263         command_hash,
   28264         is_command_parameter_encryption_possible,
   28265         is_response_parameter_encryption_possible,
   28266         &authorization_section_bytes)) {
   28267       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28268     }
   28269     if (!authorization_section_bytes.empty()) {
   28270       tag = TPM_ST_SESSIONS;
   28271       std::string tmp;
   28272       rc = Serialize_UINT32(authorization_section_bytes.size(),
   28273                             &authorization_size_bytes);
   28274       if (rc != TPM_RC_SUCCESS) {
   28275         return rc;
   28276       }
   28277       command_size += authorization_size_bytes.size() +
   28278                       authorization_section_bytes.size();
   28279     }
   28280   }
   28281   std::string tag_bytes;
   28282   rc = Serialize_TPMI_ST_COMMAND_TAG(
   28283       tag,
   28284       &tag_bytes);
   28285   if (rc != TPM_RC_SUCCESS) {
   28286     return rc;
   28287   }
   28288   std::string command_size_bytes;
   28289   rc = Serialize_UINT32(
   28290       command_size,
   28291       &command_size_bytes);
   28292   if (rc != TPM_RC_SUCCESS) {
   28293     return rc;
   28294   }
   28295   *serialized_command = tag_bytes +
   28296                         command_size_bytes +
   28297                         command_code_bytes +
   28298                         handle_section_bytes +
   28299                         authorization_size_bytes +
   28300                         authorization_section_bytes +
   28301                         parameter_section_bytes;
   28302   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   28303   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   28304                                             serialized_command->size());
   28305   return TPM_RC_SUCCESS;
   28306 }
   28307 
   28308 TPM_RC Tpm::ParseResponse_PolicyPhysicalPresence(
   28309       const std::string& response,
   28310       AuthorizationDelegate* authorization_delegate) {
   28311   VLOG(3) << __func__;
   28312   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   28313   TPM_RC rc = TPM_RC_SUCCESS;
   28314   std::string buffer(response);
   28315   TPM_ST tag;
   28316   std::string tag_bytes;
   28317   rc = Parse_TPM_ST(
   28318       &buffer,
   28319       &tag,
   28320       &tag_bytes);
   28321   if (rc != TPM_RC_SUCCESS) {
   28322     return rc;
   28323   }
   28324   UINT32 response_size;
   28325   std::string response_size_bytes;
   28326   rc = Parse_UINT32(
   28327       &buffer,
   28328       &response_size,
   28329       &response_size_bytes);
   28330   if (rc != TPM_RC_SUCCESS) {
   28331     return rc;
   28332   }
   28333   TPM_RC response_code;
   28334   std::string response_code_bytes;
   28335   rc = Parse_TPM_RC(
   28336       &buffer,
   28337       &response_code,
   28338       &response_code_bytes);
   28339   if (rc != TPM_RC_SUCCESS) {
   28340     return rc;
   28341   }
   28342   if (response_size != response.size()) {
   28343     return TPM_RC_SIZE;
   28344   }
   28345   if (response_code != TPM_RC_SUCCESS) {
   28346     return response_code;
   28347   }
   28348   TPM_CC command_code = TPM_CC_PolicyPhysicalPresence;
   28349   std::string command_code_bytes;
   28350   rc = Serialize_TPM_CC(
   28351       command_code,
   28352       &command_code_bytes);
   28353   if (rc != TPM_RC_SUCCESS) {
   28354     return rc;
   28355   }
   28356   std::string authorization_section_bytes;
   28357   if (tag == TPM_ST_SESSIONS) {
   28358     UINT32 parameter_section_size = buffer.size();
   28359     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   28360     if (rc != TPM_RC_SUCCESS) {
   28361       return rc;
   28362     }
   28363     if (parameter_section_size > buffer.size()) {
   28364       return TPM_RC_INSUFFICIENT;
   28365     }
   28366     authorization_section_bytes = buffer.substr(parameter_section_size);
   28367     // Keep the parameter section in |buffer|.
   28368     buffer.erase(parameter_section_size);
   28369   }
   28370   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   28371       crypto::SecureHash::SHA256));
   28372   hash->Update(response_code_bytes.data(),
   28373                response_code_bytes.size());
   28374   hash->Update(command_code_bytes.data(),
   28375                command_code_bytes.size());
   28376   hash->Update(buffer.data(),
   28377                buffer.size());
   28378   std::string response_hash(32, 0);
   28379   hash->Finish(string_as_array(&response_hash), response_hash.size());
   28380   if (tag == TPM_ST_SESSIONS) {
   28381     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28382     if (!authorization_delegate->CheckResponseAuthorization(
   28383         response_hash,
   28384         authorization_section_bytes)) {
   28385       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28386     }
   28387   }
   28388   return TPM_RC_SUCCESS;
   28389 }
   28390 
   28391 void PolicyPhysicalPresenceErrorCallback(
   28392     const Tpm::PolicyPhysicalPresenceResponse& callback,
   28393     TPM_RC response_code) {
   28394   VLOG(1) << __func__;
   28395   callback.Run(response_code);
   28396 }
   28397 
   28398 void PolicyPhysicalPresenceResponseParser(
   28399     const Tpm::PolicyPhysicalPresenceResponse& callback,
   28400     AuthorizationDelegate* authorization_delegate,
   28401     const std::string& response) {
   28402   VLOG(1) << __func__;
   28403   base::Callback<void(TPM_RC)> error_reporter =
   28404       base::Bind(PolicyPhysicalPresenceErrorCallback, callback);
   28405   TPM_RC rc = Tpm::ParseResponse_PolicyPhysicalPresence(
   28406       response,
   28407       authorization_delegate);
   28408   if (rc != TPM_RC_SUCCESS) {
   28409     error_reporter.Run(rc);
   28410     return;
   28411   }
   28412   callback.Run(
   28413       rc);
   28414 }
   28415 
   28416 void Tpm::PolicyPhysicalPresence(
   28417       const TPMI_SH_POLICY& policy_session,
   28418       const std::string& policy_session_name,
   28419       AuthorizationDelegate* authorization_delegate,
   28420       const PolicyPhysicalPresenceResponse& callback) {
   28421   VLOG(1) << __func__;
   28422   base::Callback<void(TPM_RC)> error_reporter =
   28423       base::Bind(PolicyPhysicalPresenceErrorCallback, callback);
   28424   base::Callback<void(const std::string&)> parser =
   28425       base::Bind(PolicyPhysicalPresenceResponseParser,
   28426                  callback,
   28427                  authorization_delegate);
   28428   std::string command;
   28429   TPM_RC rc = SerializeCommand_PolicyPhysicalPresence(
   28430       policy_session,
   28431       policy_session_name,
   28432       &command,
   28433       authorization_delegate);
   28434   if (rc != TPM_RC_SUCCESS) {
   28435     error_reporter.Run(rc);
   28436     return;
   28437   }
   28438   transceiver_->SendCommand(command, parser);
   28439 }
   28440 
   28441 TPM_RC Tpm::PolicyPhysicalPresenceSync(
   28442       const TPMI_SH_POLICY& policy_session,
   28443       const std::string& policy_session_name,
   28444       AuthorizationDelegate* authorization_delegate) {
   28445   VLOG(1) << __func__;
   28446   std::string command;
   28447   TPM_RC rc = SerializeCommand_PolicyPhysicalPresence(
   28448       policy_session,
   28449       policy_session_name,
   28450       &command,
   28451       authorization_delegate);
   28452   if (rc != TPM_RC_SUCCESS) {
   28453     return rc;
   28454   }
   28455   std::string response = transceiver_->SendCommandAndWait(command);
   28456   rc = ParseResponse_PolicyPhysicalPresence(
   28457       response,
   28458       authorization_delegate);
   28459   return rc;
   28460 }
   28461 
   28462 TPM_RC Tpm::SerializeCommand_PolicyCpHash(
   28463       const TPMI_SH_POLICY& policy_session,
   28464       const std::string& policy_session_name,
   28465       const TPM2B_DIGEST& cp_hash_a,
   28466       std::string* serialized_command,
   28467       AuthorizationDelegate* authorization_delegate) {
   28468   VLOG(3) << __func__;
   28469   TPM_RC rc = TPM_RC_SUCCESS;
   28470   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   28471   UINT32 command_size = 10;  // Header size.
   28472   std::string handle_section_bytes;
   28473   std::string parameter_section_bytes;
   28474   TPM_CC command_code = TPM_CC_PolicyCpHash;
   28475   bool is_command_parameter_encryption_possible = true;
   28476   bool is_response_parameter_encryption_possible = false;
   28477   std::string command_code_bytes;
   28478   rc = Serialize_TPM_CC(
   28479       command_code,
   28480       &command_code_bytes);
   28481   if (rc != TPM_RC_SUCCESS) {
   28482     return rc;
   28483   }
   28484   std::string policy_session_bytes;
   28485   rc = Serialize_TPMI_SH_POLICY(
   28486       policy_session,
   28487       &policy_session_bytes);
   28488   if (rc != TPM_RC_SUCCESS) {
   28489     return rc;
   28490   }
   28491   std::string cp_hash_a_bytes;
   28492   rc = Serialize_TPM2B_DIGEST(
   28493       cp_hash_a,
   28494       &cp_hash_a_bytes);
   28495   if (rc != TPM_RC_SUCCESS) {
   28496     return rc;
   28497   }
   28498   if (authorization_delegate) {
   28499     // Encrypt just the parameter data, not the size.
   28500     std::string tmp = cp_hash_a_bytes.substr(2);
   28501     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   28502       return TRUNKS_RC_ENCRYPTION_FAILED;
   28503     }
   28504     cp_hash_a_bytes.replace(2, std::string::npos, tmp);
   28505   }
   28506   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   28507       crypto::SecureHash::SHA256));
   28508   hash->Update(command_code_bytes.data(),
   28509                command_code_bytes.size());
   28510   hash->Update(policy_session_name.data(),
   28511                policy_session_name.size());
   28512   handle_section_bytes += policy_session_bytes;
   28513   command_size += policy_session_bytes.size();
   28514   hash->Update(cp_hash_a_bytes.data(),
   28515                cp_hash_a_bytes.size());
   28516   parameter_section_bytes += cp_hash_a_bytes;
   28517   command_size += cp_hash_a_bytes.size();
   28518   std::string command_hash(32, 0);
   28519   hash->Finish(string_as_array(&command_hash), command_hash.size());
   28520   std::string authorization_section_bytes;
   28521   std::string authorization_size_bytes;
   28522   if (authorization_delegate) {
   28523     if (!authorization_delegate->GetCommandAuthorization(
   28524         command_hash,
   28525         is_command_parameter_encryption_possible,
   28526         is_response_parameter_encryption_possible,
   28527         &authorization_section_bytes)) {
   28528       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28529     }
   28530     if (!authorization_section_bytes.empty()) {
   28531       tag = TPM_ST_SESSIONS;
   28532       std::string tmp;
   28533       rc = Serialize_UINT32(authorization_section_bytes.size(),
   28534                             &authorization_size_bytes);
   28535       if (rc != TPM_RC_SUCCESS) {
   28536         return rc;
   28537       }
   28538       command_size += authorization_size_bytes.size() +
   28539                       authorization_section_bytes.size();
   28540     }
   28541   }
   28542   std::string tag_bytes;
   28543   rc = Serialize_TPMI_ST_COMMAND_TAG(
   28544       tag,
   28545       &tag_bytes);
   28546   if (rc != TPM_RC_SUCCESS) {
   28547     return rc;
   28548   }
   28549   std::string command_size_bytes;
   28550   rc = Serialize_UINT32(
   28551       command_size,
   28552       &command_size_bytes);
   28553   if (rc != TPM_RC_SUCCESS) {
   28554     return rc;
   28555   }
   28556   *serialized_command = tag_bytes +
   28557                         command_size_bytes +
   28558                         command_code_bytes +
   28559                         handle_section_bytes +
   28560                         authorization_size_bytes +
   28561                         authorization_section_bytes +
   28562                         parameter_section_bytes;
   28563   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   28564   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   28565                                             serialized_command->size());
   28566   return TPM_RC_SUCCESS;
   28567 }
   28568 
   28569 TPM_RC Tpm::ParseResponse_PolicyCpHash(
   28570       const std::string& response,
   28571       AuthorizationDelegate* authorization_delegate) {
   28572   VLOG(3) << __func__;
   28573   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   28574   TPM_RC rc = TPM_RC_SUCCESS;
   28575   std::string buffer(response);
   28576   TPM_ST tag;
   28577   std::string tag_bytes;
   28578   rc = Parse_TPM_ST(
   28579       &buffer,
   28580       &tag,
   28581       &tag_bytes);
   28582   if (rc != TPM_RC_SUCCESS) {
   28583     return rc;
   28584   }
   28585   UINT32 response_size;
   28586   std::string response_size_bytes;
   28587   rc = Parse_UINT32(
   28588       &buffer,
   28589       &response_size,
   28590       &response_size_bytes);
   28591   if (rc != TPM_RC_SUCCESS) {
   28592     return rc;
   28593   }
   28594   TPM_RC response_code;
   28595   std::string response_code_bytes;
   28596   rc = Parse_TPM_RC(
   28597       &buffer,
   28598       &response_code,
   28599       &response_code_bytes);
   28600   if (rc != TPM_RC_SUCCESS) {
   28601     return rc;
   28602   }
   28603   if (response_size != response.size()) {
   28604     return TPM_RC_SIZE;
   28605   }
   28606   if (response_code != TPM_RC_SUCCESS) {
   28607     return response_code;
   28608   }
   28609   TPM_CC command_code = TPM_CC_PolicyCpHash;
   28610   std::string command_code_bytes;
   28611   rc = Serialize_TPM_CC(
   28612       command_code,
   28613       &command_code_bytes);
   28614   if (rc != TPM_RC_SUCCESS) {
   28615     return rc;
   28616   }
   28617   std::string authorization_section_bytes;
   28618   if (tag == TPM_ST_SESSIONS) {
   28619     UINT32 parameter_section_size = buffer.size();
   28620     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   28621     if (rc != TPM_RC_SUCCESS) {
   28622       return rc;
   28623     }
   28624     if (parameter_section_size > buffer.size()) {
   28625       return TPM_RC_INSUFFICIENT;
   28626     }
   28627     authorization_section_bytes = buffer.substr(parameter_section_size);
   28628     // Keep the parameter section in |buffer|.
   28629     buffer.erase(parameter_section_size);
   28630   }
   28631   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   28632       crypto::SecureHash::SHA256));
   28633   hash->Update(response_code_bytes.data(),
   28634                response_code_bytes.size());
   28635   hash->Update(command_code_bytes.data(),
   28636                command_code_bytes.size());
   28637   hash->Update(buffer.data(),
   28638                buffer.size());
   28639   std::string response_hash(32, 0);
   28640   hash->Finish(string_as_array(&response_hash), response_hash.size());
   28641   if (tag == TPM_ST_SESSIONS) {
   28642     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28643     if (!authorization_delegate->CheckResponseAuthorization(
   28644         response_hash,
   28645         authorization_section_bytes)) {
   28646       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28647     }
   28648   }
   28649   return TPM_RC_SUCCESS;
   28650 }
   28651 
   28652 void PolicyCpHashErrorCallback(
   28653     const Tpm::PolicyCpHashResponse& callback,
   28654     TPM_RC response_code) {
   28655   VLOG(1) << __func__;
   28656   callback.Run(response_code);
   28657 }
   28658 
   28659 void PolicyCpHashResponseParser(
   28660     const Tpm::PolicyCpHashResponse& callback,
   28661     AuthorizationDelegate* authorization_delegate,
   28662     const std::string& response) {
   28663   VLOG(1) << __func__;
   28664   base::Callback<void(TPM_RC)> error_reporter =
   28665       base::Bind(PolicyCpHashErrorCallback, callback);
   28666   TPM_RC rc = Tpm::ParseResponse_PolicyCpHash(
   28667       response,
   28668       authorization_delegate);
   28669   if (rc != TPM_RC_SUCCESS) {
   28670     error_reporter.Run(rc);
   28671     return;
   28672   }
   28673   callback.Run(
   28674       rc);
   28675 }
   28676 
   28677 void Tpm::PolicyCpHash(
   28678       const TPMI_SH_POLICY& policy_session,
   28679       const std::string& policy_session_name,
   28680       const TPM2B_DIGEST& cp_hash_a,
   28681       AuthorizationDelegate* authorization_delegate,
   28682       const PolicyCpHashResponse& callback) {
   28683   VLOG(1) << __func__;
   28684   base::Callback<void(TPM_RC)> error_reporter =
   28685       base::Bind(PolicyCpHashErrorCallback, callback);
   28686   base::Callback<void(const std::string&)> parser =
   28687       base::Bind(PolicyCpHashResponseParser,
   28688                  callback,
   28689                  authorization_delegate);
   28690   std::string command;
   28691   TPM_RC rc = SerializeCommand_PolicyCpHash(
   28692       policy_session,
   28693       policy_session_name,
   28694       cp_hash_a,
   28695       &command,
   28696       authorization_delegate);
   28697   if (rc != TPM_RC_SUCCESS) {
   28698     error_reporter.Run(rc);
   28699     return;
   28700   }
   28701   transceiver_->SendCommand(command, parser);
   28702 }
   28703 
   28704 TPM_RC Tpm::PolicyCpHashSync(
   28705       const TPMI_SH_POLICY& policy_session,
   28706       const std::string& policy_session_name,
   28707       const TPM2B_DIGEST& cp_hash_a,
   28708       AuthorizationDelegate* authorization_delegate) {
   28709   VLOG(1) << __func__;
   28710   std::string command;
   28711   TPM_RC rc = SerializeCommand_PolicyCpHash(
   28712       policy_session,
   28713       policy_session_name,
   28714       cp_hash_a,
   28715       &command,
   28716       authorization_delegate);
   28717   if (rc != TPM_RC_SUCCESS) {
   28718     return rc;
   28719   }
   28720   std::string response = transceiver_->SendCommandAndWait(command);
   28721   rc = ParseResponse_PolicyCpHash(
   28722       response,
   28723       authorization_delegate);
   28724   return rc;
   28725 }
   28726 
   28727 TPM_RC Tpm::SerializeCommand_PolicyNameHash(
   28728       const TPMI_SH_POLICY& policy_session,
   28729       const std::string& policy_session_name,
   28730       const TPM2B_DIGEST& name_hash,
   28731       std::string* serialized_command,
   28732       AuthorizationDelegate* authorization_delegate) {
   28733   VLOG(3) << __func__;
   28734   TPM_RC rc = TPM_RC_SUCCESS;
   28735   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   28736   UINT32 command_size = 10;  // Header size.
   28737   std::string handle_section_bytes;
   28738   std::string parameter_section_bytes;
   28739   TPM_CC command_code = TPM_CC_PolicyNameHash;
   28740   bool is_command_parameter_encryption_possible = true;
   28741   bool is_response_parameter_encryption_possible = false;
   28742   std::string command_code_bytes;
   28743   rc = Serialize_TPM_CC(
   28744       command_code,
   28745       &command_code_bytes);
   28746   if (rc != TPM_RC_SUCCESS) {
   28747     return rc;
   28748   }
   28749   std::string policy_session_bytes;
   28750   rc = Serialize_TPMI_SH_POLICY(
   28751       policy_session,
   28752       &policy_session_bytes);
   28753   if (rc != TPM_RC_SUCCESS) {
   28754     return rc;
   28755   }
   28756   std::string name_hash_bytes;
   28757   rc = Serialize_TPM2B_DIGEST(
   28758       name_hash,
   28759       &name_hash_bytes);
   28760   if (rc != TPM_RC_SUCCESS) {
   28761     return rc;
   28762   }
   28763   if (authorization_delegate) {
   28764     // Encrypt just the parameter data, not the size.
   28765     std::string tmp = name_hash_bytes.substr(2);
   28766     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   28767       return TRUNKS_RC_ENCRYPTION_FAILED;
   28768     }
   28769     name_hash_bytes.replace(2, std::string::npos, tmp);
   28770   }
   28771   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   28772       crypto::SecureHash::SHA256));
   28773   hash->Update(command_code_bytes.data(),
   28774                command_code_bytes.size());
   28775   hash->Update(policy_session_name.data(),
   28776                policy_session_name.size());
   28777   handle_section_bytes += policy_session_bytes;
   28778   command_size += policy_session_bytes.size();
   28779   hash->Update(name_hash_bytes.data(),
   28780                name_hash_bytes.size());
   28781   parameter_section_bytes += name_hash_bytes;
   28782   command_size += name_hash_bytes.size();
   28783   std::string command_hash(32, 0);
   28784   hash->Finish(string_as_array(&command_hash), command_hash.size());
   28785   std::string authorization_section_bytes;
   28786   std::string authorization_size_bytes;
   28787   if (authorization_delegate) {
   28788     if (!authorization_delegate->GetCommandAuthorization(
   28789         command_hash,
   28790         is_command_parameter_encryption_possible,
   28791         is_response_parameter_encryption_possible,
   28792         &authorization_section_bytes)) {
   28793       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28794     }
   28795     if (!authorization_section_bytes.empty()) {
   28796       tag = TPM_ST_SESSIONS;
   28797       std::string tmp;
   28798       rc = Serialize_UINT32(authorization_section_bytes.size(),
   28799                             &authorization_size_bytes);
   28800       if (rc != TPM_RC_SUCCESS) {
   28801         return rc;
   28802       }
   28803       command_size += authorization_size_bytes.size() +
   28804                       authorization_section_bytes.size();
   28805     }
   28806   }
   28807   std::string tag_bytes;
   28808   rc = Serialize_TPMI_ST_COMMAND_TAG(
   28809       tag,
   28810       &tag_bytes);
   28811   if (rc != TPM_RC_SUCCESS) {
   28812     return rc;
   28813   }
   28814   std::string command_size_bytes;
   28815   rc = Serialize_UINT32(
   28816       command_size,
   28817       &command_size_bytes);
   28818   if (rc != TPM_RC_SUCCESS) {
   28819     return rc;
   28820   }
   28821   *serialized_command = tag_bytes +
   28822                         command_size_bytes +
   28823                         command_code_bytes +
   28824                         handle_section_bytes +
   28825                         authorization_size_bytes +
   28826                         authorization_section_bytes +
   28827                         parameter_section_bytes;
   28828   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   28829   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   28830                                             serialized_command->size());
   28831   return TPM_RC_SUCCESS;
   28832 }
   28833 
   28834 TPM_RC Tpm::ParseResponse_PolicyNameHash(
   28835       const std::string& response,
   28836       AuthorizationDelegate* authorization_delegate) {
   28837   VLOG(3) << __func__;
   28838   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   28839   TPM_RC rc = TPM_RC_SUCCESS;
   28840   std::string buffer(response);
   28841   TPM_ST tag;
   28842   std::string tag_bytes;
   28843   rc = Parse_TPM_ST(
   28844       &buffer,
   28845       &tag,
   28846       &tag_bytes);
   28847   if (rc != TPM_RC_SUCCESS) {
   28848     return rc;
   28849   }
   28850   UINT32 response_size;
   28851   std::string response_size_bytes;
   28852   rc = Parse_UINT32(
   28853       &buffer,
   28854       &response_size,
   28855       &response_size_bytes);
   28856   if (rc != TPM_RC_SUCCESS) {
   28857     return rc;
   28858   }
   28859   TPM_RC response_code;
   28860   std::string response_code_bytes;
   28861   rc = Parse_TPM_RC(
   28862       &buffer,
   28863       &response_code,
   28864       &response_code_bytes);
   28865   if (rc != TPM_RC_SUCCESS) {
   28866     return rc;
   28867   }
   28868   if (response_size != response.size()) {
   28869     return TPM_RC_SIZE;
   28870   }
   28871   if (response_code != TPM_RC_SUCCESS) {
   28872     return response_code;
   28873   }
   28874   TPM_CC command_code = TPM_CC_PolicyNameHash;
   28875   std::string command_code_bytes;
   28876   rc = Serialize_TPM_CC(
   28877       command_code,
   28878       &command_code_bytes);
   28879   if (rc != TPM_RC_SUCCESS) {
   28880     return rc;
   28881   }
   28882   std::string authorization_section_bytes;
   28883   if (tag == TPM_ST_SESSIONS) {
   28884     UINT32 parameter_section_size = buffer.size();
   28885     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   28886     if (rc != TPM_RC_SUCCESS) {
   28887       return rc;
   28888     }
   28889     if (parameter_section_size > buffer.size()) {
   28890       return TPM_RC_INSUFFICIENT;
   28891     }
   28892     authorization_section_bytes = buffer.substr(parameter_section_size);
   28893     // Keep the parameter section in |buffer|.
   28894     buffer.erase(parameter_section_size);
   28895   }
   28896   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   28897       crypto::SecureHash::SHA256));
   28898   hash->Update(response_code_bytes.data(),
   28899                response_code_bytes.size());
   28900   hash->Update(command_code_bytes.data(),
   28901                command_code_bytes.size());
   28902   hash->Update(buffer.data(),
   28903                buffer.size());
   28904   std::string response_hash(32, 0);
   28905   hash->Finish(string_as_array(&response_hash), response_hash.size());
   28906   if (tag == TPM_ST_SESSIONS) {
   28907     CHECK(authorization_delegate) << "Authorization delegate missing!";
   28908     if (!authorization_delegate->CheckResponseAuthorization(
   28909         response_hash,
   28910         authorization_section_bytes)) {
   28911       return TRUNKS_RC_AUTHORIZATION_FAILED;
   28912     }
   28913   }
   28914   return TPM_RC_SUCCESS;
   28915 }
   28916 
   28917 void PolicyNameHashErrorCallback(
   28918     const Tpm::PolicyNameHashResponse& callback,
   28919     TPM_RC response_code) {
   28920   VLOG(1) << __func__;
   28921   callback.Run(response_code);
   28922 }
   28923 
   28924 void PolicyNameHashResponseParser(
   28925     const Tpm::PolicyNameHashResponse& callback,
   28926     AuthorizationDelegate* authorization_delegate,
   28927     const std::string& response) {
   28928   VLOG(1) << __func__;
   28929   base::Callback<void(TPM_RC)> error_reporter =
   28930       base::Bind(PolicyNameHashErrorCallback, callback);
   28931   TPM_RC rc = Tpm::ParseResponse_PolicyNameHash(
   28932       response,
   28933       authorization_delegate);
   28934   if (rc != TPM_RC_SUCCESS) {
   28935     error_reporter.Run(rc);
   28936     return;
   28937   }
   28938   callback.Run(
   28939       rc);
   28940 }
   28941 
   28942 void Tpm::PolicyNameHash(
   28943       const TPMI_SH_POLICY& policy_session,
   28944       const std::string& policy_session_name,
   28945       const TPM2B_DIGEST& name_hash,
   28946       AuthorizationDelegate* authorization_delegate,
   28947       const PolicyNameHashResponse& callback) {
   28948   VLOG(1) << __func__;
   28949   base::Callback<void(TPM_RC)> error_reporter =
   28950       base::Bind(PolicyNameHashErrorCallback, callback);
   28951   base::Callback<void(const std::string&)> parser =
   28952       base::Bind(PolicyNameHashResponseParser,
   28953                  callback,
   28954                  authorization_delegate);
   28955   std::string command;
   28956   TPM_RC rc = SerializeCommand_PolicyNameHash(
   28957       policy_session,
   28958       policy_session_name,
   28959       name_hash,
   28960       &command,
   28961       authorization_delegate);
   28962   if (rc != TPM_RC_SUCCESS) {
   28963     error_reporter.Run(rc);
   28964     return;
   28965   }
   28966   transceiver_->SendCommand(command, parser);
   28967 }
   28968 
   28969 TPM_RC Tpm::PolicyNameHashSync(
   28970       const TPMI_SH_POLICY& policy_session,
   28971       const std::string& policy_session_name,
   28972       const TPM2B_DIGEST& name_hash,
   28973       AuthorizationDelegate* authorization_delegate) {
   28974   VLOG(1) << __func__;
   28975   std::string command;
   28976   TPM_RC rc = SerializeCommand_PolicyNameHash(
   28977       policy_session,
   28978       policy_session_name,
   28979       name_hash,
   28980       &command,
   28981       authorization_delegate);
   28982   if (rc != TPM_RC_SUCCESS) {
   28983     return rc;
   28984   }
   28985   std::string response = transceiver_->SendCommandAndWait(command);
   28986   rc = ParseResponse_PolicyNameHash(
   28987       response,
   28988       authorization_delegate);
   28989   return rc;
   28990 }
   28991 
   28992 TPM_RC Tpm::SerializeCommand_PolicyDuplicationSelect(
   28993       const TPMI_SH_POLICY& policy_session,
   28994       const std::string& policy_session_name,
   28995       const TPM2B_NAME& object_name,
   28996       const TPM2B_NAME& new_parent_name,
   28997       const TPMI_YES_NO& include_object,
   28998       std::string* serialized_command,
   28999       AuthorizationDelegate* authorization_delegate) {
   29000   VLOG(3) << __func__;
   29001   TPM_RC rc = TPM_RC_SUCCESS;
   29002   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   29003   UINT32 command_size = 10;  // Header size.
   29004   std::string handle_section_bytes;
   29005   std::string parameter_section_bytes;
   29006   TPM_CC command_code = TPM_CC_PolicyDuplicationSelect;
   29007   bool is_command_parameter_encryption_possible = true;
   29008   bool is_response_parameter_encryption_possible = false;
   29009   std::string command_code_bytes;
   29010   rc = Serialize_TPM_CC(
   29011       command_code,
   29012       &command_code_bytes);
   29013   if (rc != TPM_RC_SUCCESS) {
   29014     return rc;
   29015   }
   29016   std::string policy_session_bytes;
   29017   rc = Serialize_TPMI_SH_POLICY(
   29018       policy_session,
   29019       &policy_session_bytes);
   29020   if (rc != TPM_RC_SUCCESS) {
   29021     return rc;
   29022   }
   29023   std::string object_name_bytes;
   29024   rc = Serialize_TPM2B_NAME(
   29025       object_name,
   29026       &object_name_bytes);
   29027   if (rc != TPM_RC_SUCCESS) {
   29028     return rc;
   29029   }
   29030   std::string new_parent_name_bytes;
   29031   rc = Serialize_TPM2B_NAME(
   29032       new_parent_name,
   29033       &new_parent_name_bytes);
   29034   if (rc != TPM_RC_SUCCESS) {
   29035     return rc;
   29036   }
   29037   std::string include_object_bytes;
   29038   rc = Serialize_TPMI_YES_NO(
   29039       include_object,
   29040       &include_object_bytes);
   29041   if (rc != TPM_RC_SUCCESS) {
   29042     return rc;
   29043   }
   29044   if (authorization_delegate) {
   29045     // Encrypt just the parameter data, not the size.
   29046     std::string tmp = object_name_bytes.substr(2);
   29047     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   29048       return TRUNKS_RC_ENCRYPTION_FAILED;
   29049     }
   29050     object_name_bytes.replace(2, std::string::npos, tmp);
   29051   }
   29052   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   29053       crypto::SecureHash::SHA256));
   29054   hash->Update(command_code_bytes.data(),
   29055                command_code_bytes.size());
   29056   hash->Update(policy_session_name.data(),
   29057                policy_session_name.size());
   29058   handle_section_bytes += policy_session_bytes;
   29059   command_size += policy_session_bytes.size();
   29060   hash->Update(object_name_bytes.data(),
   29061                object_name_bytes.size());
   29062   parameter_section_bytes += object_name_bytes;
   29063   command_size += object_name_bytes.size();
   29064   hash->Update(new_parent_name_bytes.data(),
   29065                new_parent_name_bytes.size());
   29066   parameter_section_bytes += new_parent_name_bytes;
   29067   command_size += new_parent_name_bytes.size();
   29068   hash->Update(include_object_bytes.data(),
   29069                include_object_bytes.size());
   29070   parameter_section_bytes += include_object_bytes;
   29071   command_size += include_object_bytes.size();
   29072   std::string command_hash(32, 0);
   29073   hash->Finish(string_as_array(&command_hash), command_hash.size());
   29074   std::string authorization_section_bytes;
   29075   std::string authorization_size_bytes;
   29076   if (authorization_delegate) {
   29077     if (!authorization_delegate->GetCommandAuthorization(
   29078         command_hash,
   29079         is_command_parameter_encryption_possible,
   29080         is_response_parameter_encryption_possible,
   29081         &authorization_section_bytes)) {
   29082       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29083     }
   29084     if (!authorization_section_bytes.empty()) {
   29085       tag = TPM_ST_SESSIONS;
   29086       std::string tmp;
   29087       rc = Serialize_UINT32(authorization_section_bytes.size(),
   29088                             &authorization_size_bytes);
   29089       if (rc != TPM_RC_SUCCESS) {
   29090         return rc;
   29091       }
   29092       command_size += authorization_size_bytes.size() +
   29093                       authorization_section_bytes.size();
   29094     }
   29095   }
   29096   std::string tag_bytes;
   29097   rc = Serialize_TPMI_ST_COMMAND_TAG(
   29098       tag,
   29099       &tag_bytes);
   29100   if (rc != TPM_RC_SUCCESS) {
   29101     return rc;
   29102   }
   29103   std::string command_size_bytes;
   29104   rc = Serialize_UINT32(
   29105       command_size,
   29106       &command_size_bytes);
   29107   if (rc != TPM_RC_SUCCESS) {
   29108     return rc;
   29109   }
   29110   *serialized_command = tag_bytes +
   29111                         command_size_bytes +
   29112                         command_code_bytes +
   29113                         handle_section_bytes +
   29114                         authorization_size_bytes +
   29115                         authorization_section_bytes +
   29116                         parameter_section_bytes;
   29117   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   29118   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   29119                                             serialized_command->size());
   29120   return TPM_RC_SUCCESS;
   29121 }
   29122 
   29123 TPM_RC Tpm::ParseResponse_PolicyDuplicationSelect(
   29124       const std::string& response,
   29125       AuthorizationDelegate* authorization_delegate) {
   29126   VLOG(3) << __func__;
   29127   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   29128   TPM_RC rc = TPM_RC_SUCCESS;
   29129   std::string buffer(response);
   29130   TPM_ST tag;
   29131   std::string tag_bytes;
   29132   rc = Parse_TPM_ST(
   29133       &buffer,
   29134       &tag,
   29135       &tag_bytes);
   29136   if (rc != TPM_RC_SUCCESS) {
   29137     return rc;
   29138   }
   29139   UINT32 response_size;
   29140   std::string response_size_bytes;
   29141   rc = Parse_UINT32(
   29142       &buffer,
   29143       &response_size,
   29144       &response_size_bytes);
   29145   if (rc != TPM_RC_SUCCESS) {
   29146     return rc;
   29147   }
   29148   TPM_RC response_code;
   29149   std::string response_code_bytes;
   29150   rc = Parse_TPM_RC(
   29151       &buffer,
   29152       &response_code,
   29153       &response_code_bytes);
   29154   if (rc != TPM_RC_SUCCESS) {
   29155     return rc;
   29156   }
   29157   if (response_size != response.size()) {
   29158     return TPM_RC_SIZE;
   29159   }
   29160   if (response_code != TPM_RC_SUCCESS) {
   29161     return response_code;
   29162   }
   29163   TPM_CC command_code = TPM_CC_PolicyDuplicationSelect;
   29164   std::string command_code_bytes;
   29165   rc = Serialize_TPM_CC(
   29166       command_code,
   29167       &command_code_bytes);
   29168   if (rc != TPM_RC_SUCCESS) {
   29169     return rc;
   29170   }
   29171   std::string authorization_section_bytes;
   29172   if (tag == TPM_ST_SESSIONS) {
   29173     UINT32 parameter_section_size = buffer.size();
   29174     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   29175     if (rc != TPM_RC_SUCCESS) {
   29176       return rc;
   29177     }
   29178     if (parameter_section_size > buffer.size()) {
   29179       return TPM_RC_INSUFFICIENT;
   29180     }
   29181     authorization_section_bytes = buffer.substr(parameter_section_size);
   29182     // Keep the parameter section in |buffer|.
   29183     buffer.erase(parameter_section_size);
   29184   }
   29185   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   29186       crypto::SecureHash::SHA256));
   29187   hash->Update(response_code_bytes.data(),
   29188                response_code_bytes.size());
   29189   hash->Update(command_code_bytes.data(),
   29190                command_code_bytes.size());
   29191   hash->Update(buffer.data(),
   29192                buffer.size());
   29193   std::string response_hash(32, 0);
   29194   hash->Finish(string_as_array(&response_hash), response_hash.size());
   29195   if (tag == TPM_ST_SESSIONS) {
   29196     CHECK(authorization_delegate) << "Authorization delegate missing!";
   29197     if (!authorization_delegate->CheckResponseAuthorization(
   29198         response_hash,
   29199         authorization_section_bytes)) {
   29200       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29201     }
   29202   }
   29203   return TPM_RC_SUCCESS;
   29204 }
   29205 
   29206 void PolicyDuplicationSelectErrorCallback(
   29207     const Tpm::PolicyDuplicationSelectResponse& callback,
   29208     TPM_RC response_code) {
   29209   VLOG(1) << __func__;
   29210   callback.Run(response_code);
   29211 }
   29212 
   29213 void PolicyDuplicationSelectResponseParser(
   29214     const Tpm::PolicyDuplicationSelectResponse& callback,
   29215     AuthorizationDelegate* authorization_delegate,
   29216     const std::string& response) {
   29217   VLOG(1) << __func__;
   29218   base::Callback<void(TPM_RC)> error_reporter =
   29219       base::Bind(PolicyDuplicationSelectErrorCallback, callback);
   29220   TPM_RC rc = Tpm::ParseResponse_PolicyDuplicationSelect(
   29221       response,
   29222       authorization_delegate);
   29223   if (rc != TPM_RC_SUCCESS) {
   29224     error_reporter.Run(rc);
   29225     return;
   29226   }
   29227   callback.Run(
   29228       rc);
   29229 }
   29230 
   29231 void Tpm::PolicyDuplicationSelect(
   29232       const TPMI_SH_POLICY& policy_session,
   29233       const std::string& policy_session_name,
   29234       const TPM2B_NAME& object_name,
   29235       const TPM2B_NAME& new_parent_name,
   29236       const TPMI_YES_NO& include_object,
   29237       AuthorizationDelegate* authorization_delegate,
   29238       const PolicyDuplicationSelectResponse& callback) {
   29239   VLOG(1) << __func__;
   29240   base::Callback<void(TPM_RC)> error_reporter =
   29241       base::Bind(PolicyDuplicationSelectErrorCallback, callback);
   29242   base::Callback<void(const std::string&)> parser =
   29243       base::Bind(PolicyDuplicationSelectResponseParser,
   29244                  callback,
   29245                  authorization_delegate);
   29246   std::string command;
   29247   TPM_RC rc = SerializeCommand_PolicyDuplicationSelect(
   29248       policy_session,
   29249       policy_session_name,
   29250       object_name,
   29251       new_parent_name,
   29252       include_object,
   29253       &command,
   29254       authorization_delegate);
   29255   if (rc != TPM_RC_SUCCESS) {
   29256     error_reporter.Run(rc);
   29257     return;
   29258   }
   29259   transceiver_->SendCommand(command, parser);
   29260 }
   29261 
   29262 TPM_RC Tpm::PolicyDuplicationSelectSync(
   29263       const TPMI_SH_POLICY& policy_session,
   29264       const std::string& policy_session_name,
   29265       const TPM2B_NAME& object_name,
   29266       const TPM2B_NAME& new_parent_name,
   29267       const TPMI_YES_NO& include_object,
   29268       AuthorizationDelegate* authorization_delegate) {
   29269   VLOG(1) << __func__;
   29270   std::string command;
   29271   TPM_RC rc = SerializeCommand_PolicyDuplicationSelect(
   29272       policy_session,
   29273       policy_session_name,
   29274       object_name,
   29275       new_parent_name,
   29276       include_object,
   29277       &command,
   29278       authorization_delegate);
   29279   if (rc != TPM_RC_SUCCESS) {
   29280     return rc;
   29281   }
   29282   std::string response = transceiver_->SendCommandAndWait(command);
   29283   rc = ParseResponse_PolicyDuplicationSelect(
   29284       response,
   29285       authorization_delegate);
   29286   return rc;
   29287 }
   29288 
   29289 TPM_RC Tpm::SerializeCommand_PolicyAuthorize(
   29290       const TPMI_SH_POLICY& policy_session,
   29291       const std::string& policy_session_name,
   29292       const TPM2B_DIGEST& approved_policy,
   29293       const TPM2B_NONCE& policy_ref,
   29294       const TPM2B_NAME& key_sign,
   29295       const TPMT_TK_VERIFIED& check_ticket,
   29296       std::string* serialized_command,
   29297       AuthorizationDelegate* authorization_delegate) {
   29298   VLOG(3) << __func__;
   29299   TPM_RC rc = TPM_RC_SUCCESS;
   29300   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   29301   UINT32 command_size = 10;  // Header size.
   29302   std::string handle_section_bytes;
   29303   std::string parameter_section_bytes;
   29304   TPM_CC command_code = TPM_CC_PolicyAuthorize;
   29305   bool is_command_parameter_encryption_possible = true;
   29306   bool is_response_parameter_encryption_possible = false;
   29307   std::string command_code_bytes;
   29308   rc = Serialize_TPM_CC(
   29309       command_code,
   29310       &command_code_bytes);
   29311   if (rc != TPM_RC_SUCCESS) {
   29312     return rc;
   29313   }
   29314   std::string policy_session_bytes;
   29315   rc = Serialize_TPMI_SH_POLICY(
   29316       policy_session,
   29317       &policy_session_bytes);
   29318   if (rc != TPM_RC_SUCCESS) {
   29319     return rc;
   29320   }
   29321   std::string approved_policy_bytes;
   29322   rc = Serialize_TPM2B_DIGEST(
   29323       approved_policy,
   29324       &approved_policy_bytes);
   29325   if (rc != TPM_RC_SUCCESS) {
   29326     return rc;
   29327   }
   29328   std::string policy_ref_bytes;
   29329   rc = Serialize_TPM2B_NONCE(
   29330       policy_ref,
   29331       &policy_ref_bytes);
   29332   if (rc != TPM_RC_SUCCESS) {
   29333     return rc;
   29334   }
   29335   std::string key_sign_bytes;
   29336   rc = Serialize_TPM2B_NAME(
   29337       key_sign,
   29338       &key_sign_bytes);
   29339   if (rc != TPM_RC_SUCCESS) {
   29340     return rc;
   29341   }
   29342   std::string check_ticket_bytes;
   29343   rc = Serialize_TPMT_TK_VERIFIED(
   29344       check_ticket,
   29345       &check_ticket_bytes);
   29346   if (rc != TPM_RC_SUCCESS) {
   29347     return rc;
   29348   }
   29349   if (authorization_delegate) {
   29350     // Encrypt just the parameter data, not the size.
   29351     std::string tmp = approved_policy_bytes.substr(2);
   29352     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   29353       return TRUNKS_RC_ENCRYPTION_FAILED;
   29354     }
   29355     approved_policy_bytes.replace(2, std::string::npos, tmp);
   29356   }
   29357   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   29358       crypto::SecureHash::SHA256));
   29359   hash->Update(command_code_bytes.data(),
   29360                command_code_bytes.size());
   29361   hash->Update(policy_session_name.data(),
   29362                policy_session_name.size());
   29363   handle_section_bytes += policy_session_bytes;
   29364   command_size += policy_session_bytes.size();
   29365   hash->Update(approved_policy_bytes.data(),
   29366                approved_policy_bytes.size());
   29367   parameter_section_bytes += approved_policy_bytes;
   29368   command_size += approved_policy_bytes.size();
   29369   hash->Update(policy_ref_bytes.data(),
   29370                policy_ref_bytes.size());
   29371   parameter_section_bytes += policy_ref_bytes;
   29372   command_size += policy_ref_bytes.size();
   29373   hash->Update(key_sign_bytes.data(),
   29374                key_sign_bytes.size());
   29375   parameter_section_bytes += key_sign_bytes;
   29376   command_size += key_sign_bytes.size();
   29377   hash->Update(check_ticket_bytes.data(),
   29378                check_ticket_bytes.size());
   29379   parameter_section_bytes += check_ticket_bytes;
   29380   command_size += check_ticket_bytes.size();
   29381   std::string command_hash(32, 0);
   29382   hash->Finish(string_as_array(&command_hash), command_hash.size());
   29383   std::string authorization_section_bytes;
   29384   std::string authorization_size_bytes;
   29385   if (authorization_delegate) {
   29386     if (!authorization_delegate->GetCommandAuthorization(
   29387         command_hash,
   29388         is_command_parameter_encryption_possible,
   29389         is_response_parameter_encryption_possible,
   29390         &authorization_section_bytes)) {
   29391       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29392     }
   29393     if (!authorization_section_bytes.empty()) {
   29394       tag = TPM_ST_SESSIONS;
   29395       std::string tmp;
   29396       rc = Serialize_UINT32(authorization_section_bytes.size(),
   29397                             &authorization_size_bytes);
   29398       if (rc != TPM_RC_SUCCESS) {
   29399         return rc;
   29400       }
   29401       command_size += authorization_size_bytes.size() +
   29402                       authorization_section_bytes.size();
   29403     }
   29404   }
   29405   std::string tag_bytes;
   29406   rc = Serialize_TPMI_ST_COMMAND_TAG(
   29407       tag,
   29408       &tag_bytes);
   29409   if (rc != TPM_RC_SUCCESS) {
   29410     return rc;
   29411   }
   29412   std::string command_size_bytes;
   29413   rc = Serialize_UINT32(
   29414       command_size,
   29415       &command_size_bytes);
   29416   if (rc != TPM_RC_SUCCESS) {
   29417     return rc;
   29418   }
   29419   *serialized_command = tag_bytes +
   29420                         command_size_bytes +
   29421                         command_code_bytes +
   29422                         handle_section_bytes +
   29423                         authorization_size_bytes +
   29424                         authorization_section_bytes +
   29425                         parameter_section_bytes;
   29426   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   29427   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   29428                                             serialized_command->size());
   29429   return TPM_RC_SUCCESS;
   29430 }
   29431 
   29432 TPM_RC Tpm::ParseResponse_PolicyAuthorize(
   29433       const std::string& response,
   29434       AuthorizationDelegate* authorization_delegate) {
   29435   VLOG(3) << __func__;
   29436   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   29437   TPM_RC rc = TPM_RC_SUCCESS;
   29438   std::string buffer(response);
   29439   TPM_ST tag;
   29440   std::string tag_bytes;
   29441   rc = Parse_TPM_ST(
   29442       &buffer,
   29443       &tag,
   29444       &tag_bytes);
   29445   if (rc != TPM_RC_SUCCESS) {
   29446     return rc;
   29447   }
   29448   UINT32 response_size;
   29449   std::string response_size_bytes;
   29450   rc = Parse_UINT32(
   29451       &buffer,
   29452       &response_size,
   29453       &response_size_bytes);
   29454   if (rc != TPM_RC_SUCCESS) {
   29455     return rc;
   29456   }
   29457   TPM_RC response_code;
   29458   std::string response_code_bytes;
   29459   rc = Parse_TPM_RC(
   29460       &buffer,
   29461       &response_code,
   29462       &response_code_bytes);
   29463   if (rc != TPM_RC_SUCCESS) {
   29464     return rc;
   29465   }
   29466   if (response_size != response.size()) {
   29467     return TPM_RC_SIZE;
   29468   }
   29469   if (response_code != TPM_RC_SUCCESS) {
   29470     return response_code;
   29471   }
   29472   TPM_CC command_code = TPM_CC_PolicyAuthorize;
   29473   std::string command_code_bytes;
   29474   rc = Serialize_TPM_CC(
   29475       command_code,
   29476       &command_code_bytes);
   29477   if (rc != TPM_RC_SUCCESS) {
   29478     return rc;
   29479   }
   29480   std::string authorization_section_bytes;
   29481   if (tag == TPM_ST_SESSIONS) {
   29482     UINT32 parameter_section_size = buffer.size();
   29483     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   29484     if (rc != TPM_RC_SUCCESS) {
   29485       return rc;
   29486     }
   29487     if (parameter_section_size > buffer.size()) {
   29488       return TPM_RC_INSUFFICIENT;
   29489     }
   29490     authorization_section_bytes = buffer.substr(parameter_section_size);
   29491     // Keep the parameter section in |buffer|.
   29492     buffer.erase(parameter_section_size);
   29493   }
   29494   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   29495       crypto::SecureHash::SHA256));
   29496   hash->Update(response_code_bytes.data(),
   29497                response_code_bytes.size());
   29498   hash->Update(command_code_bytes.data(),
   29499                command_code_bytes.size());
   29500   hash->Update(buffer.data(),
   29501                buffer.size());
   29502   std::string response_hash(32, 0);
   29503   hash->Finish(string_as_array(&response_hash), response_hash.size());
   29504   if (tag == TPM_ST_SESSIONS) {
   29505     CHECK(authorization_delegate) << "Authorization delegate missing!";
   29506     if (!authorization_delegate->CheckResponseAuthorization(
   29507         response_hash,
   29508         authorization_section_bytes)) {
   29509       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29510     }
   29511   }
   29512   return TPM_RC_SUCCESS;
   29513 }
   29514 
   29515 void PolicyAuthorizeErrorCallback(
   29516     const Tpm::PolicyAuthorizeResponse& callback,
   29517     TPM_RC response_code) {
   29518   VLOG(1) << __func__;
   29519   callback.Run(response_code);
   29520 }
   29521 
   29522 void PolicyAuthorizeResponseParser(
   29523     const Tpm::PolicyAuthorizeResponse& callback,
   29524     AuthorizationDelegate* authorization_delegate,
   29525     const std::string& response) {
   29526   VLOG(1) << __func__;
   29527   base::Callback<void(TPM_RC)> error_reporter =
   29528       base::Bind(PolicyAuthorizeErrorCallback, callback);
   29529   TPM_RC rc = Tpm::ParseResponse_PolicyAuthorize(
   29530       response,
   29531       authorization_delegate);
   29532   if (rc != TPM_RC_SUCCESS) {
   29533     error_reporter.Run(rc);
   29534     return;
   29535   }
   29536   callback.Run(
   29537       rc);
   29538 }
   29539 
   29540 void Tpm::PolicyAuthorize(
   29541       const TPMI_SH_POLICY& policy_session,
   29542       const std::string& policy_session_name,
   29543       const TPM2B_DIGEST& approved_policy,
   29544       const TPM2B_NONCE& policy_ref,
   29545       const TPM2B_NAME& key_sign,
   29546       const TPMT_TK_VERIFIED& check_ticket,
   29547       AuthorizationDelegate* authorization_delegate,
   29548       const PolicyAuthorizeResponse& callback) {
   29549   VLOG(1) << __func__;
   29550   base::Callback<void(TPM_RC)> error_reporter =
   29551       base::Bind(PolicyAuthorizeErrorCallback, callback);
   29552   base::Callback<void(const std::string&)> parser =
   29553       base::Bind(PolicyAuthorizeResponseParser,
   29554                  callback,
   29555                  authorization_delegate);
   29556   std::string command;
   29557   TPM_RC rc = SerializeCommand_PolicyAuthorize(
   29558       policy_session,
   29559       policy_session_name,
   29560       approved_policy,
   29561       policy_ref,
   29562       key_sign,
   29563       check_ticket,
   29564       &command,
   29565       authorization_delegate);
   29566   if (rc != TPM_RC_SUCCESS) {
   29567     error_reporter.Run(rc);
   29568     return;
   29569   }
   29570   transceiver_->SendCommand(command, parser);
   29571 }
   29572 
   29573 TPM_RC Tpm::PolicyAuthorizeSync(
   29574       const TPMI_SH_POLICY& policy_session,
   29575       const std::string& policy_session_name,
   29576       const TPM2B_DIGEST& approved_policy,
   29577       const TPM2B_NONCE& policy_ref,
   29578       const TPM2B_NAME& key_sign,
   29579       const TPMT_TK_VERIFIED& check_ticket,
   29580       AuthorizationDelegate* authorization_delegate) {
   29581   VLOG(1) << __func__;
   29582   std::string command;
   29583   TPM_RC rc = SerializeCommand_PolicyAuthorize(
   29584       policy_session,
   29585       policy_session_name,
   29586       approved_policy,
   29587       policy_ref,
   29588       key_sign,
   29589       check_ticket,
   29590       &command,
   29591       authorization_delegate);
   29592   if (rc != TPM_RC_SUCCESS) {
   29593     return rc;
   29594   }
   29595   std::string response = transceiver_->SendCommandAndWait(command);
   29596   rc = ParseResponse_PolicyAuthorize(
   29597       response,
   29598       authorization_delegate);
   29599   return rc;
   29600 }
   29601 
   29602 TPM_RC Tpm::SerializeCommand_PolicyAuthValue(
   29603       const TPMI_SH_POLICY& policy_session,
   29604       const std::string& policy_session_name,
   29605       std::string* serialized_command,
   29606       AuthorizationDelegate* authorization_delegate) {
   29607   VLOG(3) << __func__;
   29608   TPM_RC rc = TPM_RC_SUCCESS;
   29609   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   29610   UINT32 command_size = 10;  // Header size.
   29611   std::string handle_section_bytes;
   29612   std::string parameter_section_bytes;
   29613   TPM_CC command_code = TPM_CC_PolicyAuthValue;
   29614   bool is_command_parameter_encryption_possible = false;
   29615   bool is_response_parameter_encryption_possible = false;
   29616   std::string command_code_bytes;
   29617   rc = Serialize_TPM_CC(
   29618       command_code,
   29619       &command_code_bytes);
   29620   if (rc != TPM_RC_SUCCESS) {
   29621     return rc;
   29622   }
   29623   std::string policy_session_bytes;
   29624   rc = Serialize_TPMI_SH_POLICY(
   29625       policy_session,
   29626       &policy_session_bytes);
   29627   if (rc != TPM_RC_SUCCESS) {
   29628     return rc;
   29629   }
   29630   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   29631       crypto::SecureHash::SHA256));
   29632   hash->Update(command_code_bytes.data(),
   29633                command_code_bytes.size());
   29634   hash->Update(policy_session_name.data(),
   29635                policy_session_name.size());
   29636   handle_section_bytes += policy_session_bytes;
   29637   command_size += policy_session_bytes.size();
   29638   std::string command_hash(32, 0);
   29639   hash->Finish(string_as_array(&command_hash), command_hash.size());
   29640   std::string authorization_section_bytes;
   29641   std::string authorization_size_bytes;
   29642   if (authorization_delegate) {
   29643     if (!authorization_delegate->GetCommandAuthorization(
   29644         command_hash,
   29645         is_command_parameter_encryption_possible,
   29646         is_response_parameter_encryption_possible,
   29647         &authorization_section_bytes)) {
   29648       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29649     }
   29650     if (!authorization_section_bytes.empty()) {
   29651       tag = TPM_ST_SESSIONS;
   29652       std::string tmp;
   29653       rc = Serialize_UINT32(authorization_section_bytes.size(),
   29654                             &authorization_size_bytes);
   29655       if (rc != TPM_RC_SUCCESS) {
   29656         return rc;
   29657       }
   29658       command_size += authorization_size_bytes.size() +
   29659                       authorization_section_bytes.size();
   29660     }
   29661   }
   29662   std::string tag_bytes;
   29663   rc = Serialize_TPMI_ST_COMMAND_TAG(
   29664       tag,
   29665       &tag_bytes);
   29666   if (rc != TPM_RC_SUCCESS) {
   29667     return rc;
   29668   }
   29669   std::string command_size_bytes;
   29670   rc = Serialize_UINT32(
   29671       command_size,
   29672       &command_size_bytes);
   29673   if (rc != TPM_RC_SUCCESS) {
   29674     return rc;
   29675   }
   29676   *serialized_command = tag_bytes +
   29677                         command_size_bytes +
   29678                         command_code_bytes +
   29679                         handle_section_bytes +
   29680                         authorization_size_bytes +
   29681                         authorization_section_bytes +
   29682                         parameter_section_bytes;
   29683   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   29684   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   29685                                             serialized_command->size());
   29686   return TPM_RC_SUCCESS;
   29687 }
   29688 
   29689 TPM_RC Tpm::ParseResponse_PolicyAuthValue(
   29690       const std::string& response,
   29691       AuthorizationDelegate* authorization_delegate) {
   29692   VLOG(3) << __func__;
   29693   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   29694   TPM_RC rc = TPM_RC_SUCCESS;
   29695   std::string buffer(response);
   29696   TPM_ST tag;
   29697   std::string tag_bytes;
   29698   rc = Parse_TPM_ST(
   29699       &buffer,
   29700       &tag,
   29701       &tag_bytes);
   29702   if (rc != TPM_RC_SUCCESS) {
   29703     return rc;
   29704   }
   29705   UINT32 response_size;
   29706   std::string response_size_bytes;
   29707   rc = Parse_UINT32(
   29708       &buffer,
   29709       &response_size,
   29710       &response_size_bytes);
   29711   if (rc != TPM_RC_SUCCESS) {
   29712     return rc;
   29713   }
   29714   TPM_RC response_code;
   29715   std::string response_code_bytes;
   29716   rc = Parse_TPM_RC(
   29717       &buffer,
   29718       &response_code,
   29719       &response_code_bytes);
   29720   if (rc != TPM_RC_SUCCESS) {
   29721     return rc;
   29722   }
   29723   if (response_size != response.size()) {
   29724     return TPM_RC_SIZE;
   29725   }
   29726   if (response_code != TPM_RC_SUCCESS) {
   29727     return response_code;
   29728   }
   29729   TPM_CC command_code = TPM_CC_PolicyAuthValue;
   29730   std::string command_code_bytes;
   29731   rc = Serialize_TPM_CC(
   29732       command_code,
   29733       &command_code_bytes);
   29734   if (rc != TPM_RC_SUCCESS) {
   29735     return rc;
   29736   }
   29737   std::string authorization_section_bytes;
   29738   if (tag == TPM_ST_SESSIONS) {
   29739     UINT32 parameter_section_size = buffer.size();
   29740     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   29741     if (rc != TPM_RC_SUCCESS) {
   29742       return rc;
   29743     }
   29744     if (parameter_section_size > buffer.size()) {
   29745       return TPM_RC_INSUFFICIENT;
   29746     }
   29747     authorization_section_bytes = buffer.substr(parameter_section_size);
   29748     // Keep the parameter section in |buffer|.
   29749     buffer.erase(parameter_section_size);
   29750   }
   29751   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   29752       crypto::SecureHash::SHA256));
   29753   hash->Update(response_code_bytes.data(),
   29754                response_code_bytes.size());
   29755   hash->Update(command_code_bytes.data(),
   29756                command_code_bytes.size());
   29757   hash->Update(buffer.data(),
   29758                buffer.size());
   29759   std::string response_hash(32, 0);
   29760   hash->Finish(string_as_array(&response_hash), response_hash.size());
   29761   if (tag == TPM_ST_SESSIONS) {
   29762     CHECK(authorization_delegate) << "Authorization delegate missing!";
   29763     if (!authorization_delegate->CheckResponseAuthorization(
   29764         response_hash,
   29765         authorization_section_bytes)) {
   29766       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29767     }
   29768   }
   29769   return TPM_RC_SUCCESS;
   29770 }
   29771 
   29772 void PolicyAuthValueErrorCallback(
   29773     const Tpm::PolicyAuthValueResponse& callback,
   29774     TPM_RC response_code) {
   29775   VLOG(1) << __func__;
   29776   callback.Run(response_code);
   29777 }
   29778 
   29779 void PolicyAuthValueResponseParser(
   29780     const Tpm::PolicyAuthValueResponse& callback,
   29781     AuthorizationDelegate* authorization_delegate,
   29782     const std::string& response) {
   29783   VLOG(1) << __func__;
   29784   base::Callback<void(TPM_RC)> error_reporter =
   29785       base::Bind(PolicyAuthValueErrorCallback, callback);
   29786   TPM_RC rc = Tpm::ParseResponse_PolicyAuthValue(
   29787       response,
   29788       authorization_delegate);
   29789   if (rc != TPM_RC_SUCCESS) {
   29790     error_reporter.Run(rc);
   29791     return;
   29792   }
   29793   callback.Run(
   29794       rc);
   29795 }
   29796 
   29797 void Tpm::PolicyAuthValue(
   29798       const TPMI_SH_POLICY& policy_session,
   29799       const std::string& policy_session_name,
   29800       AuthorizationDelegate* authorization_delegate,
   29801       const PolicyAuthValueResponse& callback) {
   29802   VLOG(1) << __func__;
   29803   base::Callback<void(TPM_RC)> error_reporter =
   29804       base::Bind(PolicyAuthValueErrorCallback, callback);
   29805   base::Callback<void(const std::string&)> parser =
   29806       base::Bind(PolicyAuthValueResponseParser,
   29807                  callback,
   29808                  authorization_delegate);
   29809   std::string command;
   29810   TPM_RC rc = SerializeCommand_PolicyAuthValue(
   29811       policy_session,
   29812       policy_session_name,
   29813       &command,
   29814       authorization_delegate);
   29815   if (rc != TPM_RC_SUCCESS) {
   29816     error_reporter.Run(rc);
   29817     return;
   29818   }
   29819   transceiver_->SendCommand(command, parser);
   29820 }
   29821 
   29822 TPM_RC Tpm::PolicyAuthValueSync(
   29823       const TPMI_SH_POLICY& policy_session,
   29824       const std::string& policy_session_name,
   29825       AuthorizationDelegate* authorization_delegate) {
   29826   VLOG(1) << __func__;
   29827   std::string command;
   29828   TPM_RC rc = SerializeCommand_PolicyAuthValue(
   29829       policy_session,
   29830       policy_session_name,
   29831       &command,
   29832       authorization_delegate);
   29833   if (rc != TPM_RC_SUCCESS) {
   29834     return rc;
   29835   }
   29836   std::string response = transceiver_->SendCommandAndWait(command);
   29837   rc = ParseResponse_PolicyAuthValue(
   29838       response,
   29839       authorization_delegate);
   29840   return rc;
   29841 }
   29842 
   29843 TPM_RC Tpm::SerializeCommand_PolicyPassword(
   29844       const TPMI_SH_POLICY& policy_session,
   29845       const std::string& policy_session_name,
   29846       std::string* serialized_command,
   29847       AuthorizationDelegate* authorization_delegate) {
   29848   VLOG(3) << __func__;
   29849   TPM_RC rc = TPM_RC_SUCCESS;
   29850   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   29851   UINT32 command_size = 10;  // Header size.
   29852   std::string handle_section_bytes;
   29853   std::string parameter_section_bytes;
   29854   TPM_CC command_code = TPM_CC_PolicyPassword;
   29855   bool is_command_parameter_encryption_possible = false;
   29856   bool is_response_parameter_encryption_possible = false;
   29857   std::string command_code_bytes;
   29858   rc = Serialize_TPM_CC(
   29859       command_code,
   29860       &command_code_bytes);
   29861   if (rc != TPM_RC_SUCCESS) {
   29862     return rc;
   29863   }
   29864   std::string policy_session_bytes;
   29865   rc = Serialize_TPMI_SH_POLICY(
   29866       policy_session,
   29867       &policy_session_bytes);
   29868   if (rc != TPM_RC_SUCCESS) {
   29869     return rc;
   29870   }
   29871   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   29872       crypto::SecureHash::SHA256));
   29873   hash->Update(command_code_bytes.data(),
   29874                command_code_bytes.size());
   29875   hash->Update(policy_session_name.data(),
   29876                policy_session_name.size());
   29877   handle_section_bytes += policy_session_bytes;
   29878   command_size += policy_session_bytes.size();
   29879   std::string command_hash(32, 0);
   29880   hash->Finish(string_as_array(&command_hash), command_hash.size());
   29881   std::string authorization_section_bytes;
   29882   std::string authorization_size_bytes;
   29883   if (authorization_delegate) {
   29884     if (!authorization_delegate->GetCommandAuthorization(
   29885         command_hash,
   29886         is_command_parameter_encryption_possible,
   29887         is_response_parameter_encryption_possible,
   29888         &authorization_section_bytes)) {
   29889       return TRUNKS_RC_AUTHORIZATION_FAILED;
   29890     }
   29891     if (!authorization_section_bytes.empty()) {
   29892       tag = TPM_ST_SESSIONS;
   29893       std::string tmp;
   29894       rc = Serialize_UINT32(authorization_section_bytes.size(),
   29895                             &authorization_size_bytes);
   29896       if (rc != TPM_RC_SUCCESS) {
   29897         return rc;
   29898       }
   29899       command_size += authorization_size_bytes.size() +
   29900                       authorization_section_bytes.size();
   29901     }
   29902   }
   29903   std::string tag_bytes;
   29904   rc = Serialize_TPMI_ST_COMMAND_TAG(
   29905       tag,
   29906       &tag_bytes);
   29907   if (rc != TPM_RC_SUCCESS) {
   29908     return rc;
   29909   }
   29910   std::string command_size_bytes;
   29911   rc = Serialize_UINT32(
   29912       command_size,
   29913       &command_size_bytes);
   29914   if (rc != TPM_RC_SUCCESS) {
   29915     return rc;
   29916   }
   29917   *serialized_command = tag_bytes +
   29918                         command_size_bytes +
   29919                         command_code_bytes +
   29920                         handle_section_bytes +
   29921                         authorization_size_bytes +
   29922                         authorization_section_bytes +
   29923                         parameter_section_bytes;
   29924   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   29925   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   29926                                             serialized_command->size());
   29927   return TPM_RC_SUCCESS;
   29928 }
   29929 
   29930 TPM_RC Tpm::ParseResponse_PolicyPassword(
   29931       const std::string& response,
   29932       AuthorizationDelegate* authorization_delegate) {
   29933   VLOG(3) << __func__;
   29934   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   29935   TPM_RC rc = TPM_RC_SUCCESS;
   29936   std::string buffer(response);
   29937   TPM_ST tag;
   29938   std::string tag_bytes;
   29939   rc = Parse_TPM_ST(
   29940       &buffer,
   29941       &tag,
   29942       &tag_bytes);
   29943   if (rc != TPM_RC_SUCCESS) {
   29944     return rc;
   29945   }
   29946   UINT32 response_size;
   29947   std::string response_size_bytes;
   29948   rc = Parse_UINT32(
   29949       &buffer,
   29950       &response_size,
   29951       &response_size_bytes);
   29952   if (rc != TPM_RC_SUCCESS) {
   29953     return rc;
   29954   }
   29955   TPM_RC response_code;
   29956   std::string response_code_bytes;
   29957   rc = Parse_TPM_RC(
   29958       &buffer,
   29959       &response_code,
   29960       &response_code_bytes);
   29961   if (rc != TPM_RC_SUCCESS) {
   29962     return rc;
   29963   }
   29964   if (response_size != response.size()) {
   29965     return TPM_RC_SIZE;
   29966   }
   29967   if (response_code != TPM_RC_SUCCESS) {
   29968     return response_code;
   29969   }
   29970   TPM_CC command_code = TPM_CC_PolicyPassword;
   29971   std::string command_code_bytes;
   29972   rc = Serialize_TPM_CC(
   29973       command_code,
   29974       &command_code_bytes);
   29975   if (rc != TPM_RC_SUCCESS) {
   29976     return rc;
   29977   }
   29978   std::string authorization_section_bytes;
   29979   if (tag == TPM_ST_SESSIONS) {
   29980     UINT32 parameter_section_size = buffer.size();
   29981     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   29982     if (rc != TPM_RC_SUCCESS) {
   29983       return rc;
   29984     }
   29985     if (parameter_section_size > buffer.size()) {
   29986       return TPM_RC_INSUFFICIENT;
   29987     }
   29988     authorization_section_bytes = buffer.substr(parameter_section_size);
   29989     // Keep the parameter section in |buffer|.
   29990     buffer.erase(parameter_section_size);
   29991   }
   29992   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   29993       crypto::SecureHash::SHA256));
   29994   hash->Update(response_code_bytes.data(),
   29995                response_code_bytes.size());
   29996   hash->Update(command_code_bytes.data(),
   29997                command_code_bytes.size());
   29998   hash->Update(buffer.data(),
   29999                buffer.size());
   30000   std::string response_hash(32, 0);
   30001   hash->Finish(string_as_array(&response_hash), response_hash.size());
   30002   if (tag == TPM_ST_SESSIONS) {
   30003     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30004     if (!authorization_delegate->CheckResponseAuthorization(
   30005         response_hash,
   30006         authorization_section_bytes)) {
   30007       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30008     }
   30009   }
   30010   return TPM_RC_SUCCESS;
   30011 }
   30012 
   30013 void PolicyPasswordErrorCallback(
   30014     const Tpm::PolicyPasswordResponse& callback,
   30015     TPM_RC response_code) {
   30016   VLOG(1) << __func__;
   30017   callback.Run(response_code);
   30018 }
   30019 
   30020 void PolicyPasswordResponseParser(
   30021     const Tpm::PolicyPasswordResponse& callback,
   30022     AuthorizationDelegate* authorization_delegate,
   30023     const std::string& response) {
   30024   VLOG(1) << __func__;
   30025   base::Callback<void(TPM_RC)> error_reporter =
   30026       base::Bind(PolicyPasswordErrorCallback, callback);
   30027   TPM_RC rc = Tpm::ParseResponse_PolicyPassword(
   30028       response,
   30029       authorization_delegate);
   30030   if (rc != TPM_RC_SUCCESS) {
   30031     error_reporter.Run(rc);
   30032     return;
   30033   }
   30034   callback.Run(
   30035       rc);
   30036 }
   30037 
   30038 void Tpm::PolicyPassword(
   30039       const TPMI_SH_POLICY& policy_session,
   30040       const std::string& policy_session_name,
   30041       AuthorizationDelegate* authorization_delegate,
   30042       const PolicyPasswordResponse& callback) {
   30043   VLOG(1) << __func__;
   30044   base::Callback<void(TPM_RC)> error_reporter =
   30045       base::Bind(PolicyPasswordErrorCallback, callback);
   30046   base::Callback<void(const std::string&)> parser =
   30047       base::Bind(PolicyPasswordResponseParser,
   30048                  callback,
   30049                  authorization_delegate);
   30050   std::string command;
   30051   TPM_RC rc = SerializeCommand_PolicyPassword(
   30052       policy_session,
   30053       policy_session_name,
   30054       &command,
   30055       authorization_delegate);
   30056   if (rc != TPM_RC_SUCCESS) {
   30057     error_reporter.Run(rc);
   30058     return;
   30059   }
   30060   transceiver_->SendCommand(command, parser);
   30061 }
   30062 
   30063 TPM_RC Tpm::PolicyPasswordSync(
   30064       const TPMI_SH_POLICY& policy_session,
   30065       const std::string& policy_session_name,
   30066       AuthorizationDelegate* authorization_delegate) {
   30067   VLOG(1) << __func__;
   30068   std::string command;
   30069   TPM_RC rc = SerializeCommand_PolicyPassword(
   30070       policy_session,
   30071       policy_session_name,
   30072       &command,
   30073       authorization_delegate);
   30074   if (rc != TPM_RC_SUCCESS) {
   30075     return rc;
   30076   }
   30077   std::string response = transceiver_->SendCommandAndWait(command);
   30078   rc = ParseResponse_PolicyPassword(
   30079       response,
   30080       authorization_delegate);
   30081   return rc;
   30082 }
   30083 
   30084 TPM_RC Tpm::SerializeCommand_PolicyGetDigest(
   30085       const TPMI_SH_POLICY& policy_session,
   30086       const std::string& policy_session_name,
   30087       std::string* serialized_command,
   30088       AuthorizationDelegate* authorization_delegate) {
   30089   VLOG(3) << __func__;
   30090   TPM_RC rc = TPM_RC_SUCCESS;
   30091   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   30092   UINT32 command_size = 10;  // Header size.
   30093   std::string handle_section_bytes;
   30094   std::string parameter_section_bytes;
   30095   TPM_CC command_code = TPM_CC_PolicyGetDigest;
   30096   bool is_command_parameter_encryption_possible = false;
   30097   bool is_response_parameter_encryption_possible = true;
   30098   std::string command_code_bytes;
   30099   rc = Serialize_TPM_CC(
   30100       command_code,
   30101       &command_code_bytes);
   30102   if (rc != TPM_RC_SUCCESS) {
   30103     return rc;
   30104   }
   30105   std::string policy_session_bytes;
   30106   rc = Serialize_TPMI_SH_POLICY(
   30107       policy_session,
   30108       &policy_session_bytes);
   30109   if (rc != TPM_RC_SUCCESS) {
   30110     return rc;
   30111   }
   30112   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   30113       crypto::SecureHash::SHA256));
   30114   hash->Update(command_code_bytes.data(),
   30115                command_code_bytes.size());
   30116   hash->Update(policy_session_name.data(),
   30117                policy_session_name.size());
   30118   handle_section_bytes += policy_session_bytes;
   30119   command_size += policy_session_bytes.size();
   30120   std::string command_hash(32, 0);
   30121   hash->Finish(string_as_array(&command_hash), command_hash.size());
   30122   std::string authorization_section_bytes;
   30123   std::string authorization_size_bytes;
   30124   if (authorization_delegate) {
   30125     if (!authorization_delegate->GetCommandAuthorization(
   30126         command_hash,
   30127         is_command_parameter_encryption_possible,
   30128         is_response_parameter_encryption_possible,
   30129         &authorization_section_bytes)) {
   30130       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30131     }
   30132     if (!authorization_section_bytes.empty()) {
   30133       tag = TPM_ST_SESSIONS;
   30134       std::string tmp;
   30135       rc = Serialize_UINT32(authorization_section_bytes.size(),
   30136                             &authorization_size_bytes);
   30137       if (rc != TPM_RC_SUCCESS) {
   30138         return rc;
   30139       }
   30140       command_size += authorization_size_bytes.size() +
   30141                       authorization_section_bytes.size();
   30142     }
   30143   }
   30144   std::string tag_bytes;
   30145   rc = Serialize_TPMI_ST_COMMAND_TAG(
   30146       tag,
   30147       &tag_bytes);
   30148   if (rc != TPM_RC_SUCCESS) {
   30149     return rc;
   30150   }
   30151   std::string command_size_bytes;
   30152   rc = Serialize_UINT32(
   30153       command_size,
   30154       &command_size_bytes);
   30155   if (rc != TPM_RC_SUCCESS) {
   30156     return rc;
   30157   }
   30158   *serialized_command = tag_bytes +
   30159                         command_size_bytes +
   30160                         command_code_bytes +
   30161                         handle_section_bytes +
   30162                         authorization_size_bytes +
   30163                         authorization_section_bytes +
   30164                         parameter_section_bytes;
   30165   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   30166   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   30167                                             serialized_command->size());
   30168   return TPM_RC_SUCCESS;
   30169 }
   30170 
   30171 TPM_RC Tpm::ParseResponse_PolicyGetDigest(
   30172       const std::string& response,
   30173       TPM2B_DIGEST* policy_digest,
   30174       AuthorizationDelegate* authorization_delegate) {
   30175   VLOG(3) << __func__;
   30176   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   30177   TPM_RC rc = TPM_RC_SUCCESS;
   30178   std::string buffer(response);
   30179   TPM_ST tag;
   30180   std::string tag_bytes;
   30181   rc = Parse_TPM_ST(
   30182       &buffer,
   30183       &tag,
   30184       &tag_bytes);
   30185   if (rc != TPM_RC_SUCCESS) {
   30186     return rc;
   30187   }
   30188   UINT32 response_size;
   30189   std::string response_size_bytes;
   30190   rc = Parse_UINT32(
   30191       &buffer,
   30192       &response_size,
   30193       &response_size_bytes);
   30194   if (rc != TPM_RC_SUCCESS) {
   30195     return rc;
   30196   }
   30197   TPM_RC response_code;
   30198   std::string response_code_bytes;
   30199   rc = Parse_TPM_RC(
   30200       &buffer,
   30201       &response_code,
   30202       &response_code_bytes);
   30203   if (rc != TPM_RC_SUCCESS) {
   30204     return rc;
   30205   }
   30206   if (response_size != response.size()) {
   30207     return TPM_RC_SIZE;
   30208   }
   30209   if (response_code != TPM_RC_SUCCESS) {
   30210     return response_code;
   30211   }
   30212   TPM_CC command_code = TPM_CC_PolicyGetDigest;
   30213   std::string command_code_bytes;
   30214   rc = Serialize_TPM_CC(
   30215       command_code,
   30216       &command_code_bytes);
   30217   if (rc != TPM_RC_SUCCESS) {
   30218     return rc;
   30219   }
   30220   std::string authorization_section_bytes;
   30221   if (tag == TPM_ST_SESSIONS) {
   30222     UINT32 parameter_section_size = buffer.size();
   30223     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   30224     if (rc != TPM_RC_SUCCESS) {
   30225       return rc;
   30226     }
   30227     if (parameter_section_size > buffer.size()) {
   30228       return TPM_RC_INSUFFICIENT;
   30229     }
   30230     authorization_section_bytes = buffer.substr(parameter_section_size);
   30231     // Keep the parameter section in |buffer|.
   30232     buffer.erase(parameter_section_size);
   30233   }
   30234   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   30235       crypto::SecureHash::SHA256));
   30236   hash->Update(response_code_bytes.data(),
   30237                response_code_bytes.size());
   30238   hash->Update(command_code_bytes.data(),
   30239                command_code_bytes.size());
   30240   hash->Update(buffer.data(),
   30241                buffer.size());
   30242   std::string response_hash(32, 0);
   30243   hash->Finish(string_as_array(&response_hash), response_hash.size());
   30244   if (tag == TPM_ST_SESSIONS) {
   30245     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30246     if (!authorization_delegate->CheckResponseAuthorization(
   30247         response_hash,
   30248         authorization_section_bytes)) {
   30249       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30250     }
   30251   }
   30252   std::string policy_digest_bytes;
   30253   rc = Parse_TPM2B_DIGEST(
   30254       &buffer,
   30255       policy_digest,
   30256       &policy_digest_bytes);
   30257   if (rc != TPM_RC_SUCCESS) {
   30258     return rc;
   30259   }
   30260   if (tag == TPM_ST_SESSIONS) {
   30261     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30262     // Decrypt just the parameter data, not the size.
   30263     std::string tmp = policy_digest_bytes.substr(2);
   30264     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   30265       return TRUNKS_RC_ENCRYPTION_FAILED;
   30266     }
   30267     policy_digest_bytes.replace(2, std::string::npos, tmp);
   30268     rc = Parse_TPM2B_DIGEST(
   30269         &policy_digest_bytes,
   30270         policy_digest,
   30271         nullptr);
   30272     if (rc != TPM_RC_SUCCESS) {
   30273       return rc;
   30274     }
   30275   }
   30276   return TPM_RC_SUCCESS;
   30277 }
   30278 
   30279 void PolicyGetDigestErrorCallback(
   30280     const Tpm::PolicyGetDigestResponse& callback,
   30281     TPM_RC response_code) {
   30282   VLOG(1) << __func__;
   30283   callback.Run(response_code,
   30284                TPM2B_DIGEST());
   30285 }
   30286 
   30287 void PolicyGetDigestResponseParser(
   30288     const Tpm::PolicyGetDigestResponse& callback,
   30289     AuthorizationDelegate* authorization_delegate,
   30290     const std::string& response) {
   30291   VLOG(1) << __func__;
   30292   base::Callback<void(TPM_RC)> error_reporter =
   30293       base::Bind(PolicyGetDigestErrorCallback, callback);
   30294   TPM2B_DIGEST policy_digest;
   30295   TPM_RC rc = Tpm::ParseResponse_PolicyGetDigest(
   30296       response,
   30297       &policy_digest,
   30298       authorization_delegate);
   30299   if (rc != TPM_RC_SUCCESS) {
   30300     error_reporter.Run(rc);
   30301     return;
   30302   }
   30303   callback.Run(
   30304       rc,
   30305       policy_digest);
   30306 }
   30307 
   30308 void Tpm::PolicyGetDigest(
   30309       const TPMI_SH_POLICY& policy_session,
   30310       const std::string& policy_session_name,
   30311       AuthorizationDelegate* authorization_delegate,
   30312       const PolicyGetDigestResponse& callback) {
   30313   VLOG(1) << __func__;
   30314   base::Callback<void(TPM_RC)> error_reporter =
   30315       base::Bind(PolicyGetDigestErrorCallback, callback);
   30316   base::Callback<void(const std::string&)> parser =
   30317       base::Bind(PolicyGetDigestResponseParser,
   30318                  callback,
   30319                  authorization_delegate);
   30320   std::string command;
   30321   TPM_RC rc = SerializeCommand_PolicyGetDigest(
   30322       policy_session,
   30323       policy_session_name,
   30324       &command,
   30325       authorization_delegate);
   30326   if (rc != TPM_RC_SUCCESS) {
   30327     error_reporter.Run(rc);
   30328     return;
   30329   }
   30330   transceiver_->SendCommand(command, parser);
   30331 }
   30332 
   30333 TPM_RC Tpm::PolicyGetDigestSync(
   30334       const TPMI_SH_POLICY& policy_session,
   30335       const std::string& policy_session_name,
   30336       TPM2B_DIGEST* policy_digest,
   30337       AuthorizationDelegate* authorization_delegate) {
   30338   VLOG(1) << __func__;
   30339   std::string command;
   30340   TPM_RC rc = SerializeCommand_PolicyGetDigest(
   30341       policy_session,
   30342       policy_session_name,
   30343       &command,
   30344       authorization_delegate);
   30345   if (rc != TPM_RC_SUCCESS) {
   30346     return rc;
   30347   }
   30348   std::string response = transceiver_->SendCommandAndWait(command);
   30349   rc = ParseResponse_PolicyGetDigest(
   30350       response,
   30351       policy_digest,
   30352       authorization_delegate);
   30353   return rc;
   30354 }
   30355 
   30356 TPM_RC Tpm::SerializeCommand_PolicyNvWritten(
   30357       const TPMI_SH_POLICY& policy_session,
   30358       const std::string& policy_session_name,
   30359       const TPMI_YES_NO& written_set,
   30360       std::string* serialized_command,
   30361       AuthorizationDelegate* authorization_delegate) {
   30362   VLOG(3) << __func__;
   30363   TPM_RC rc = TPM_RC_SUCCESS;
   30364   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   30365   UINT32 command_size = 10;  // Header size.
   30366   std::string handle_section_bytes;
   30367   std::string parameter_section_bytes;
   30368   TPM_CC command_code = TPM_CC_PolicyNvWritten;
   30369   bool is_command_parameter_encryption_possible = false;
   30370   bool is_response_parameter_encryption_possible = false;
   30371   std::string command_code_bytes;
   30372   rc = Serialize_TPM_CC(
   30373       command_code,
   30374       &command_code_bytes);
   30375   if (rc != TPM_RC_SUCCESS) {
   30376     return rc;
   30377   }
   30378   std::string policy_session_bytes;
   30379   rc = Serialize_TPMI_SH_POLICY(
   30380       policy_session,
   30381       &policy_session_bytes);
   30382   if (rc != TPM_RC_SUCCESS) {
   30383     return rc;
   30384   }
   30385   std::string written_set_bytes;
   30386   rc = Serialize_TPMI_YES_NO(
   30387       written_set,
   30388       &written_set_bytes);
   30389   if (rc != TPM_RC_SUCCESS) {
   30390     return rc;
   30391   }
   30392   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   30393       crypto::SecureHash::SHA256));
   30394   hash->Update(command_code_bytes.data(),
   30395                command_code_bytes.size());
   30396   hash->Update(policy_session_name.data(),
   30397                policy_session_name.size());
   30398   handle_section_bytes += policy_session_bytes;
   30399   command_size += policy_session_bytes.size();
   30400   hash->Update(written_set_bytes.data(),
   30401                written_set_bytes.size());
   30402   parameter_section_bytes += written_set_bytes;
   30403   command_size += written_set_bytes.size();
   30404   std::string command_hash(32, 0);
   30405   hash->Finish(string_as_array(&command_hash), command_hash.size());
   30406   std::string authorization_section_bytes;
   30407   std::string authorization_size_bytes;
   30408   if (authorization_delegate) {
   30409     if (!authorization_delegate->GetCommandAuthorization(
   30410         command_hash,
   30411         is_command_parameter_encryption_possible,
   30412         is_response_parameter_encryption_possible,
   30413         &authorization_section_bytes)) {
   30414       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30415     }
   30416     if (!authorization_section_bytes.empty()) {
   30417       tag = TPM_ST_SESSIONS;
   30418       std::string tmp;
   30419       rc = Serialize_UINT32(authorization_section_bytes.size(),
   30420                             &authorization_size_bytes);
   30421       if (rc != TPM_RC_SUCCESS) {
   30422         return rc;
   30423       }
   30424       command_size += authorization_size_bytes.size() +
   30425                       authorization_section_bytes.size();
   30426     }
   30427   }
   30428   std::string tag_bytes;
   30429   rc = Serialize_TPMI_ST_COMMAND_TAG(
   30430       tag,
   30431       &tag_bytes);
   30432   if (rc != TPM_RC_SUCCESS) {
   30433     return rc;
   30434   }
   30435   std::string command_size_bytes;
   30436   rc = Serialize_UINT32(
   30437       command_size,
   30438       &command_size_bytes);
   30439   if (rc != TPM_RC_SUCCESS) {
   30440     return rc;
   30441   }
   30442   *serialized_command = tag_bytes +
   30443                         command_size_bytes +
   30444                         command_code_bytes +
   30445                         handle_section_bytes +
   30446                         authorization_size_bytes +
   30447                         authorization_section_bytes +
   30448                         parameter_section_bytes;
   30449   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   30450   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   30451                                             serialized_command->size());
   30452   return TPM_RC_SUCCESS;
   30453 }
   30454 
   30455 TPM_RC Tpm::ParseResponse_PolicyNvWritten(
   30456       const std::string& response,
   30457       AuthorizationDelegate* authorization_delegate) {
   30458   VLOG(3) << __func__;
   30459   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   30460   TPM_RC rc = TPM_RC_SUCCESS;
   30461   std::string buffer(response);
   30462   TPM_ST tag;
   30463   std::string tag_bytes;
   30464   rc = Parse_TPM_ST(
   30465       &buffer,
   30466       &tag,
   30467       &tag_bytes);
   30468   if (rc != TPM_RC_SUCCESS) {
   30469     return rc;
   30470   }
   30471   UINT32 response_size;
   30472   std::string response_size_bytes;
   30473   rc = Parse_UINT32(
   30474       &buffer,
   30475       &response_size,
   30476       &response_size_bytes);
   30477   if (rc != TPM_RC_SUCCESS) {
   30478     return rc;
   30479   }
   30480   TPM_RC response_code;
   30481   std::string response_code_bytes;
   30482   rc = Parse_TPM_RC(
   30483       &buffer,
   30484       &response_code,
   30485       &response_code_bytes);
   30486   if (rc != TPM_RC_SUCCESS) {
   30487     return rc;
   30488   }
   30489   if (response_size != response.size()) {
   30490     return TPM_RC_SIZE;
   30491   }
   30492   if (response_code != TPM_RC_SUCCESS) {
   30493     return response_code;
   30494   }
   30495   TPM_CC command_code = TPM_CC_PolicyNvWritten;
   30496   std::string command_code_bytes;
   30497   rc = Serialize_TPM_CC(
   30498       command_code,
   30499       &command_code_bytes);
   30500   if (rc != TPM_RC_SUCCESS) {
   30501     return rc;
   30502   }
   30503   std::string authorization_section_bytes;
   30504   if (tag == TPM_ST_SESSIONS) {
   30505     UINT32 parameter_section_size = buffer.size();
   30506     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   30507     if (rc != TPM_RC_SUCCESS) {
   30508       return rc;
   30509     }
   30510     if (parameter_section_size > buffer.size()) {
   30511       return TPM_RC_INSUFFICIENT;
   30512     }
   30513     authorization_section_bytes = buffer.substr(parameter_section_size);
   30514     // Keep the parameter section in |buffer|.
   30515     buffer.erase(parameter_section_size);
   30516   }
   30517   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   30518       crypto::SecureHash::SHA256));
   30519   hash->Update(response_code_bytes.data(),
   30520                response_code_bytes.size());
   30521   hash->Update(command_code_bytes.data(),
   30522                command_code_bytes.size());
   30523   hash->Update(buffer.data(),
   30524                buffer.size());
   30525   std::string response_hash(32, 0);
   30526   hash->Finish(string_as_array(&response_hash), response_hash.size());
   30527   if (tag == TPM_ST_SESSIONS) {
   30528     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30529     if (!authorization_delegate->CheckResponseAuthorization(
   30530         response_hash,
   30531         authorization_section_bytes)) {
   30532       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30533     }
   30534   }
   30535   return TPM_RC_SUCCESS;
   30536 }
   30537 
   30538 void PolicyNvWrittenErrorCallback(
   30539     const Tpm::PolicyNvWrittenResponse& callback,
   30540     TPM_RC response_code) {
   30541   VLOG(1) << __func__;
   30542   callback.Run(response_code);
   30543 }
   30544 
   30545 void PolicyNvWrittenResponseParser(
   30546     const Tpm::PolicyNvWrittenResponse& callback,
   30547     AuthorizationDelegate* authorization_delegate,
   30548     const std::string& response) {
   30549   VLOG(1) << __func__;
   30550   base::Callback<void(TPM_RC)> error_reporter =
   30551       base::Bind(PolicyNvWrittenErrorCallback, callback);
   30552   TPM_RC rc = Tpm::ParseResponse_PolicyNvWritten(
   30553       response,
   30554       authorization_delegate);
   30555   if (rc != TPM_RC_SUCCESS) {
   30556     error_reporter.Run(rc);
   30557     return;
   30558   }
   30559   callback.Run(
   30560       rc);
   30561 }
   30562 
   30563 void Tpm::PolicyNvWritten(
   30564       const TPMI_SH_POLICY& policy_session,
   30565       const std::string& policy_session_name,
   30566       const TPMI_YES_NO& written_set,
   30567       AuthorizationDelegate* authorization_delegate,
   30568       const PolicyNvWrittenResponse& callback) {
   30569   VLOG(1) << __func__;
   30570   base::Callback<void(TPM_RC)> error_reporter =
   30571       base::Bind(PolicyNvWrittenErrorCallback, callback);
   30572   base::Callback<void(const std::string&)> parser =
   30573       base::Bind(PolicyNvWrittenResponseParser,
   30574                  callback,
   30575                  authorization_delegate);
   30576   std::string command;
   30577   TPM_RC rc = SerializeCommand_PolicyNvWritten(
   30578       policy_session,
   30579       policy_session_name,
   30580       written_set,
   30581       &command,
   30582       authorization_delegate);
   30583   if (rc != TPM_RC_SUCCESS) {
   30584     error_reporter.Run(rc);
   30585     return;
   30586   }
   30587   transceiver_->SendCommand(command, parser);
   30588 }
   30589 
   30590 TPM_RC Tpm::PolicyNvWrittenSync(
   30591       const TPMI_SH_POLICY& policy_session,
   30592       const std::string& policy_session_name,
   30593       const TPMI_YES_NO& written_set,
   30594       AuthorizationDelegate* authorization_delegate) {
   30595   VLOG(1) << __func__;
   30596   std::string command;
   30597   TPM_RC rc = SerializeCommand_PolicyNvWritten(
   30598       policy_session,
   30599       policy_session_name,
   30600       written_set,
   30601       &command,
   30602       authorization_delegate);
   30603   if (rc != TPM_RC_SUCCESS) {
   30604     return rc;
   30605   }
   30606   std::string response = transceiver_->SendCommandAndWait(command);
   30607   rc = ParseResponse_PolicyNvWritten(
   30608       response,
   30609       authorization_delegate);
   30610   return rc;
   30611 }
   30612 
   30613 TPM_RC Tpm::SerializeCommand_CreatePrimary(
   30614       const TPMI_RH_HIERARCHY& primary_handle,
   30615       const std::string& primary_handle_name,
   30616       const TPM2B_SENSITIVE_CREATE& in_sensitive,
   30617       const TPM2B_PUBLIC& in_public,
   30618       const TPM2B_DATA& outside_info,
   30619       const TPML_PCR_SELECTION& creation_pcr,
   30620       std::string* serialized_command,
   30621       AuthorizationDelegate* authorization_delegate) {
   30622   VLOG(3) << __func__;
   30623   TPM_RC rc = TPM_RC_SUCCESS;
   30624   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   30625   UINT32 command_size = 10;  // Header size.
   30626   std::string handle_section_bytes;
   30627   std::string parameter_section_bytes;
   30628   TPM_CC command_code = TPM_CC_CreatePrimary;
   30629   bool is_command_parameter_encryption_possible = true;
   30630   bool is_response_parameter_encryption_possible = true;
   30631   std::string command_code_bytes;
   30632   rc = Serialize_TPM_CC(
   30633       command_code,
   30634       &command_code_bytes);
   30635   if (rc != TPM_RC_SUCCESS) {
   30636     return rc;
   30637   }
   30638   std::string primary_handle_bytes;
   30639   rc = Serialize_TPMI_RH_HIERARCHY(
   30640       primary_handle,
   30641       &primary_handle_bytes);
   30642   if (rc != TPM_RC_SUCCESS) {
   30643     return rc;
   30644   }
   30645   std::string in_sensitive_bytes;
   30646   rc = Serialize_TPM2B_SENSITIVE_CREATE(
   30647       in_sensitive,
   30648       &in_sensitive_bytes);
   30649   if (rc != TPM_RC_SUCCESS) {
   30650     return rc;
   30651   }
   30652   std::string in_public_bytes;
   30653   rc = Serialize_TPM2B_PUBLIC(
   30654       in_public,
   30655       &in_public_bytes);
   30656   if (rc != TPM_RC_SUCCESS) {
   30657     return rc;
   30658   }
   30659   std::string outside_info_bytes;
   30660   rc = Serialize_TPM2B_DATA(
   30661       outside_info,
   30662       &outside_info_bytes);
   30663   if (rc != TPM_RC_SUCCESS) {
   30664     return rc;
   30665   }
   30666   std::string creation_pcr_bytes;
   30667   rc = Serialize_TPML_PCR_SELECTION(
   30668       creation_pcr,
   30669       &creation_pcr_bytes);
   30670   if (rc != TPM_RC_SUCCESS) {
   30671     return rc;
   30672   }
   30673   if (authorization_delegate) {
   30674     // Encrypt just the parameter data, not the size.
   30675     std::string tmp = in_sensitive_bytes.substr(2);
   30676     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   30677       return TRUNKS_RC_ENCRYPTION_FAILED;
   30678     }
   30679     in_sensitive_bytes.replace(2, std::string::npos, tmp);
   30680   }
   30681   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   30682       crypto::SecureHash::SHA256));
   30683   hash->Update(command_code_bytes.data(),
   30684                command_code_bytes.size());
   30685   hash->Update(primary_handle_name.data(),
   30686                primary_handle_name.size());
   30687   handle_section_bytes += primary_handle_bytes;
   30688   command_size += primary_handle_bytes.size();
   30689   hash->Update(in_sensitive_bytes.data(),
   30690                in_sensitive_bytes.size());
   30691   parameter_section_bytes += in_sensitive_bytes;
   30692   command_size += in_sensitive_bytes.size();
   30693   hash->Update(in_public_bytes.data(),
   30694                in_public_bytes.size());
   30695   parameter_section_bytes += in_public_bytes;
   30696   command_size += in_public_bytes.size();
   30697   hash->Update(outside_info_bytes.data(),
   30698                outside_info_bytes.size());
   30699   parameter_section_bytes += outside_info_bytes;
   30700   command_size += outside_info_bytes.size();
   30701   hash->Update(creation_pcr_bytes.data(),
   30702                creation_pcr_bytes.size());
   30703   parameter_section_bytes += creation_pcr_bytes;
   30704   command_size += creation_pcr_bytes.size();
   30705   std::string command_hash(32, 0);
   30706   hash->Finish(string_as_array(&command_hash), command_hash.size());
   30707   std::string authorization_section_bytes;
   30708   std::string authorization_size_bytes;
   30709   if (authorization_delegate) {
   30710     if (!authorization_delegate->GetCommandAuthorization(
   30711         command_hash,
   30712         is_command_parameter_encryption_possible,
   30713         is_response_parameter_encryption_possible,
   30714         &authorization_section_bytes)) {
   30715       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30716     }
   30717     if (!authorization_section_bytes.empty()) {
   30718       tag = TPM_ST_SESSIONS;
   30719       std::string tmp;
   30720       rc = Serialize_UINT32(authorization_section_bytes.size(),
   30721                             &authorization_size_bytes);
   30722       if (rc != TPM_RC_SUCCESS) {
   30723         return rc;
   30724       }
   30725       command_size += authorization_size_bytes.size() +
   30726                       authorization_section_bytes.size();
   30727     }
   30728   }
   30729   std::string tag_bytes;
   30730   rc = Serialize_TPMI_ST_COMMAND_TAG(
   30731       tag,
   30732       &tag_bytes);
   30733   if (rc != TPM_RC_SUCCESS) {
   30734     return rc;
   30735   }
   30736   std::string command_size_bytes;
   30737   rc = Serialize_UINT32(
   30738       command_size,
   30739       &command_size_bytes);
   30740   if (rc != TPM_RC_SUCCESS) {
   30741     return rc;
   30742   }
   30743   *serialized_command = tag_bytes +
   30744                         command_size_bytes +
   30745                         command_code_bytes +
   30746                         handle_section_bytes +
   30747                         authorization_size_bytes +
   30748                         authorization_section_bytes +
   30749                         parameter_section_bytes;
   30750   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   30751   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   30752                                             serialized_command->size());
   30753   return TPM_RC_SUCCESS;
   30754 }
   30755 
   30756 TPM_RC Tpm::ParseResponse_CreatePrimary(
   30757       const std::string& response,
   30758       TPM_HANDLE* object_handle,
   30759       TPM2B_PUBLIC* out_public,
   30760       TPM2B_CREATION_DATA* creation_data,
   30761       TPM2B_DIGEST* creation_hash,
   30762       TPMT_TK_CREATION* creation_ticket,
   30763       TPM2B_NAME* name,
   30764       AuthorizationDelegate* authorization_delegate) {
   30765   VLOG(3) << __func__;
   30766   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   30767   TPM_RC rc = TPM_RC_SUCCESS;
   30768   std::string buffer(response);
   30769   TPM_ST tag;
   30770   std::string tag_bytes;
   30771   rc = Parse_TPM_ST(
   30772       &buffer,
   30773       &tag,
   30774       &tag_bytes);
   30775   if (rc != TPM_RC_SUCCESS) {
   30776     return rc;
   30777   }
   30778   UINT32 response_size;
   30779   std::string response_size_bytes;
   30780   rc = Parse_UINT32(
   30781       &buffer,
   30782       &response_size,
   30783       &response_size_bytes);
   30784   if (rc != TPM_RC_SUCCESS) {
   30785     return rc;
   30786   }
   30787   TPM_RC response_code;
   30788   std::string response_code_bytes;
   30789   rc = Parse_TPM_RC(
   30790       &buffer,
   30791       &response_code,
   30792       &response_code_bytes);
   30793   if (rc != TPM_RC_SUCCESS) {
   30794     return rc;
   30795   }
   30796   if (response_size != response.size()) {
   30797     return TPM_RC_SIZE;
   30798   }
   30799   if (response_code != TPM_RC_SUCCESS) {
   30800     return response_code;
   30801   }
   30802   std::string object_handle_bytes;
   30803   rc = Parse_TPM_HANDLE(
   30804       &buffer,
   30805       object_handle,
   30806       &object_handle_bytes);
   30807   if (rc != TPM_RC_SUCCESS) {
   30808     return rc;
   30809   }
   30810   TPM_CC command_code = TPM_CC_CreatePrimary;
   30811   std::string command_code_bytes;
   30812   rc = Serialize_TPM_CC(
   30813       command_code,
   30814       &command_code_bytes);
   30815   if (rc != TPM_RC_SUCCESS) {
   30816     return rc;
   30817   }
   30818   std::string authorization_section_bytes;
   30819   if (tag == TPM_ST_SESSIONS) {
   30820     UINT32 parameter_section_size = buffer.size();
   30821     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   30822     if (rc != TPM_RC_SUCCESS) {
   30823       return rc;
   30824     }
   30825     if (parameter_section_size > buffer.size()) {
   30826       return TPM_RC_INSUFFICIENT;
   30827     }
   30828     authorization_section_bytes = buffer.substr(parameter_section_size);
   30829     // Keep the parameter section in |buffer|.
   30830     buffer.erase(parameter_section_size);
   30831   }
   30832   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   30833       crypto::SecureHash::SHA256));
   30834   hash->Update(response_code_bytes.data(),
   30835                response_code_bytes.size());
   30836   hash->Update(command_code_bytes.data(),
   30837                command_code_bytes.size());
   30838   hash->Update(buffer.data(),
   30839                buffer.size());
   30840   std::string response_hash(32, 0);
   30841   hash->Finish(string_as_array(&response_hash), response_hash.size());
   30842   if (tag == TPM_ST_SESSIONS) {
   30843     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30844     if (!authorization_delegate->CheckResponseAuthorization(
   30845         response_hash,
   30846         authorization_section_bytes)) {
   30847       return TRUNKS_RC_AUTHORIZATION_FAILED;
   30848     }
   30849   }
   30850   std::string out_public_bytes;
   30851   rc = Parse_TPM2B_PUBLIC(
   30852       &buffer,
   30853       out_public,
   30854       &out_public_bytes);
   30855   if (rc != TPM_RC_SUCCESS) {
   30856     return rc;
   30857   }
   30858   std::string creation_data_bytes;
   30859   rc = Parse_TPM2B_CREATION_DATA(
   30860       &buffer,
   30861       creation_data,
   30862       &creation_data_bytes);
   30863   if (rc != TPM_RC_SUCCESS) {
   30864     return rc;
   30865   }
   30866   std::string creation_hash_bytes;
   30867   rc = Parse_TPM2B_DIGEST(
   30868       &buffer,
   30869       creation_hash,
   30870       &creation_hash_bytes);
   30871   if (rc != TPM_RC_SUCCESS) {
   30872     return rc;
   30873   }
   30874   std::string creation_ticket_bytes;
   30875   rc = Parse_TPMT_TK_CREATION(
   30876       &buffer,
   30877       creation_ticket,
   30878       &creation_ticket_bytes);
   30879   if (rc != TPM_RC_SUCCESS) {
   30880     return rc;
   30881   }
   30882   std::string name_bytes;
   30883   rc = Parse_TPM2B_NAME(
   30884       &buffer,
   30885       name,
   30886       &name_bytes);
   30887   if (rc != TPM_RC_SUCCESS) {
   30888     return rc;
   30889   }
   30890   if (tag == TPM_ST_SESSIONS) {
   30891     CHECK(authorization_delegate) << "Authorization delegate missing!";
   30892     // Decrypt just the parameter data, not the size.
   30893     std::string tmp = out_public_bytes.substr(2);
   30894     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   30895       return TRUNKS_RC_ENCRYPTION_FAILED;
   30896     }
   30897     out_public_bytes.replace(2, std::string::npos, tmp);
   30898     rc = Parse_TPM2B_PUBLIC(
   30899         &out_public_bytes,
   30900         out_public,
   30901         nullptr);
   30902     if (rc != TPM_RC_SUCCESS) {
   30903       return rc;
   30904     }
   30905   }
   30906   return TPM_RC_SUCCESS;
   30907 }
   30908 
   30909 void CreatePrimaryErrorCallback(
   30910     const Tpm::CreatePrimaryResponse& callback,
   30911     TPM_RC response_code) {
   30912   VLOG(1) << __func__;
   30913   callback.Run(response_code,
   30914                TPM_HANDLE(),
   30915                TPM2B_PUBLIC(),
   30916                TPM2B_CREATION_DATA(),
   30917                TPM2B_DIGEST(),
   30918                TPMT_TK_CREATION(),
   30919                TPM2B_NAME());
   30920 }
   30921 
   30922 void CreatePrimaryResponseParser(
   30923     const Tpm::CreatePrimaryResponse& callback,
   30924     AuthorizationDelegate* authorization_delegate,
   30925     const std::string& response) {
   30926   VLOG(1) << __func__;
   30927   base::Callback<void(TPM_RC)> error_reporter =
   30928       base::Bind(CreatePrimaryErrorCallback, callback);
   30929   TPM_HANDLE object_handle;
   30930   TPM2B_PUBLIC out_public;
   30931   TPM2B_CREATION_DATA creation_data;
   30932   TPM2B_DIGEST creation_hash;
   30933   TPMT_TK_CREATION creation_ticket;
   30934   TPM2B_NAME name;
   30935   TPM_RC rc = Tpm::ParseResponse_CreatePrimary(
   30936       response,
   30937       &object_handle,
   30938       &out_public,
   30939       &creation_data,
   30940       &creation_hash,
   30941       &creation_ticket,
   30942       &name,
   30943       authorization_delegate);
   30944   if (rc != TPM_RC_SUCCESS) {
   30945     error_reporter.Run(rc);
   30946     return;
   30947   }
   30948   callback.Run(
   30949       rc,
   30950       object_handle,
   30951       out_public,
   30952       creation_data,
   30953       creation_hash,
   30954       creation_ticket,
   30955       name);
   30956 }
   30957 
   30958 void Tpm::CreatePrimary(
   30959       const TPMI_RH_HIERARCHY& primary_handle,
   30960       const std::string& primary_handle_name,
   30961       const TPM2B_SENSITIVE_CREATE& in_sensitive,
   30962       const TPM2B_PUBLIC& in_public,
   30963       const TPM2B_DATA& outside_info,
   30964       const TPML_PCR_SELECTION& creation_pcr,
   30965       AuthorizationDelegate* authorization_delegate,
   30966       const CreatePrimaryResponse& callback) {
   30967   VLOG(1) << __func__;
   30968   base::Callback<void(TPM_RC)> error_reporter =
   30969       base::Bind(CreatePrimaryErrorCallback, callback);
   30970   base::Callback<void(const std::string&)> parser =
   30971       base::Bind(CreatePrimaryResponseParser,
   30972                  callback,
   30973                  authorization_delegate);
   30974   std::string command;
   30975   TPM_RC rc = SerializeCommand_CreatePrimary(
   30976       primary_handle,
   30977       primary_handle_name,
   30978       in_sensitive,
   30979       in_public,
   30980       outside_info,
   30981       creation_pcr,
   30982       &command,
   30983       authorization_delegate);
   30984   if (rc != TPM_RC_SUCCESS) {
   30985     error_reporter.Run(rc);
   30986     return;
   30987   }
   30988   transceiver_->SendCommand(command, parser);
   30989 }
   30990 
   30991 TPM_RC Tpm::CreatePrimarySync(
   30992       const TPMI_RH_HIERARCHY& primary_handle,
   30993       const std::string& primary_handle_name,
   30994       const TPM2B_SENSITIVE_CREATE& in_sensitive,
   30995       const TPM2B_PUBLIC& in_public,
   30996       const TPM2B_DATA& outside_info,
   30997       const TPML_PCR_SELECTION& creation_pcr,
   30998       TPM_HANDLE* object_handle,
   30999       TPM2B_PUBLIC* out_public,
   31000       TPM2B_CREATION_DATA* creation_data,
   31001       TPM2B_DIGEST* creation_hash,
   31002       TPMT_TK_CREATION* creation_ticket,
   31003       TPM2B_NAME* name,
   31004       AuthorizationDelegate* authorization_delegate) {
   31005   VLOG(1) << __func__;
   31006   std::string command;
   31007   TPM_RC rc = SerializeCommand_CreatePrimary(
   31008       primary_handle,
   31009       primary_handle_name,
   31010       in_sensitive,
   31011       in_public,
   31012       outside_info,
   31013       creation_pcr,
   31014       &command,
   31015       authorization_delegate);
   31016   if (rc != TPM_RC_SUCCESS) {
   31017     return rc;
   31018   }
   31019   std::string response = transceiver_->SendCommandAndWait(command);
   31020   rc = ParseResponse_CreatePrimary(
   31021       response,
   31022       object_handle,
   31023       out_public,
   31024       creation_data,
   31025       creation_hash,
   31026       creation_ticket,
   31027       name,
   31028       authorization_delegate);
   31029   return rc;
   31030 }
   31031 
   31032 TPM_RC Tpm::SerializeCommand_HierarchyControl(
   31033       const TPMI_RH_HIERARCHY& auth_handle,
   31034       const std::string& auth_handle_name,
   31035       const TPMI_RH_ENABLES& enable,
   31036       const TPMI_YES_NO& state,
   31037       std::string* serialized_command,
   31038       AuthorizationDelegate* authorization_delegate) {
   31039   VLOG(3) << __func__;
   31040   TPM_RC rc = TPM_RC_SUCCESS;
   31041   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   31042   UINT32 command_size = 10;  // Header size.
   31043   std::string handle_section_bytes;
   31044   std::string parameter_section_bytes;
   31045   TPM_CC command_code = TPM_CC_HierarchyControl;
   31046   bool is_command_parameter_encryption_possible = false;
   31047   bool is_response_parameter_encryption_possible = false;
   31048   std::string command_code_bytes;
   31049   rc = Serialize_TPM_CC(
   31050       command_code,
   31051       &command_code_bytes);
   31052   if (rc != TPM_RC_SUCCESS) {
   31053     return rc;
   31054   }
   31055   std::string auth_handle_bytes;
   31056   rc = Serialize_TPMI_RH_HIERARCHY(
   31057       auth_handle,
   31058       &auth_handle_bytes);
   31059   if (rc != TPM_RC_SUCCESS) {
   31060     return rc;
   31061   }
   31062   std::string enable_bytes;
   31063   rc = Serialize_TPMI_RH_ENABLES(
   31064       enable,
   31065       &enable_bytes);
   31066   if (rc != TPM_RC_SUCCESS) {
   31067     return rc;
   31068   }
   31069   std::string state_bytes;
   31070   rc = Serialize_TPMI_YES_NO(
   31071       state,
   31072       &state_bytes);
   31073   if (rc != TPM_RC_SUCCESS) {
   31074     return rc;
   31075   }
   31076   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   31077       crypto::SecureHash::SHA256));
   31078   hash->Update(command_code_bytes.data(),
   31079                command_code_bytes.size());
   31080   hash->Update(auth_handle_name.data(),
   31081                auth_handle_name.size());
   31082   handle_section_bytes += auth_handle_bytes;
   31083   command_size += auth_handle_bytes.size();
   31084   hash->Update(enable_bytes.data(),
   31085                enable_bytes.size());
   31086   parameter_section_bytes += enable_bytes;
   31087   command_size += enable_bytes.size();
   31088   hash->Update(state_bytes.data(),
   31089                state_bytes.size());
   31090   parameter_section_bytes += state_bytes;
   31091   command_size += state_bytes.size();
   31092   std::string command_hash(32, 0);
   31093   hash->Finish(string_as_array(&command_hash), command_hash.size());
   31094   std::string authorization_section_bytes;
   31095   std::string authorization_size_bytes;
   31096   if (authorization_delegate) {
   31097     if (!authorization_delegate->GetCommandAuthorization(
   31098         command_hash,
   31099         is_command_parameter_encryption_possible,
   31100         is_response_parameter_encryption_possible,
   31101         &authorization_section_bytes)) {
   31102       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31103     }
   31104     if (!authorization_section_bytes.empty()) {
   31105       tag = TPM_ST_SESSIONS;
   31106       std::string tmp;
   31107       rc = Serialize_UINT32(authorization_section_bytes.size(),
   31108                             &authorization_size_bytes);
   31109       if (rc != TPM_RC_SUCCESS) {
   31110         return rc;
   31111       }
   31112       command_size += authorization_size_bytes.size() +
   31113                       authorization_section_bytes.size();
   31114     }
   31115   }
   31116   std::string tag_bytes;
   31117   rc = Serialize_TPMI_ST_COMMAND_TAG(
   31118       tag,
   31119       &tag_bytes);
   31120   if (rc != TPM_RC_SUCCESS) {
   31121     return rc;
   31122   }
   31123   std::string command_size_bytes;
   31124   rc = Serialize_UINT32(
   31125       command_size,
   31126       &command_size_bytes);
   31127   if (rc != TPM_RC_SUCCESS) {
   31128     return rc;
   31129   }
   31130   *serialized_command = tag_bytes +
   31131                         command_size_bytes +
   31132                         command_code_bytes +
   31133                         handle_section_bytes +
   31134                         authorization_size_bytes +
   31135                         authorization_section_bytes +
   31136                         parameter_section_bytes;
   31137   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   31138   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   31139                                             serialized_command->size());
   31140   return TPM_RC_SUCCESS;
   31141 }
   31142 
   31143 TPM_RC Tpm::ParseResponse_HierarchyControl(
   31144       const std::string& response,
   31145       AuthorizationDelegate* authorization_delegate) {
   31146   VLOG(3) << __func__;
   31147   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   31148   TPM_RC rc = TPM_RC_SUCCESS;
   31149   std::string buffer(response);
   31150   TPM_ST tag;
   31151   std::string tag_bytes;
   31152   rc = Parse_TPM_ST(
   31153       &buffer,
   31154       &tag,
   31155       &tag_bytes);
   31156   if (rc != TPM_RC_SUCCESS) {
   31157     return rc;
   31158   }
   31159   UINT32 response_size;
   31160   std::string response_size_bytes;
   31161   rc = Parse_UINT32(
   31162       &buffer,
   31163       &response_size,
   31164       &response_size_bytes);
   31165   if (rc != TPM_RC_SUCCESS) {
   31166     return rc;
   31167   }
   31168   TPM_RC response_code;
   31169   std::string response_code_bytes;
   31170   rc = Parse_TPM_RC(
   31171       &buffer,
   31172       &response_code,
   31173       &response_code_bytes);
   31174   if (rc != TPM_RC_SUCCESS) {
   31175     return rc;
   31176   }
   31177   if (response_size != response.size()) {
   31178     return TPM_RC_SIZE;
   31179   }
   31180   if (response_code != TPM_RC_SUCCESS) {
   31181     return response_code;
   31182   }
   31183   TPM_CC command_code = TPM_CC_HierarchyControl;
   31184   std::string command_code_bytes;
   31185   rc = Serialize_TPM_CC(
   31186       command_code,
   31187       &command_code_bytes);
   31188   if (rc != TPM_RC_SUCCESS) {
   31189     return rc;
   31190   }
   31191   std::string authorization_section_bytes;
   31192   if (tag == TPM_ST_SESSIONS) {
   31193     UINT32 parameter_section_size = buffer.size();
   31194     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   31195     if (rc != TPM_RC_SUCCESS) {
   31196       return rc;
   31197     }
   31198     if (parameter_section_size > buffer.size()) {
   31199       return TPM_RC_INSUFFICIENT;
   31200     }
   31201     authorization_section_bytes = buffer.substr(parameter_section_size);
   31202     // Keep the parameter section in |buffer|.
   31203     buffer.erase(parameter_section_size);
   31204   }
   31205   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   31206       crypto::SecureHash::SHA256));
   31207   hash->Update(response_code_bytes.data(),
   31208                response_code_bytes.size());
   31209   hash->Update(command_code_bytes.data(),
   31210                command_code_bytes.size());
   31211   hash->Update(buffer.data(),
   31212                buffer.size());
   31213   std::string response_hash(32, 0);
   31214   hash->Finish(string_as_array(&response_hash), response_hash.size());
   31215   if (tag == TPM_ST_SESSIONS) {
   31216     CHECK(authorization_delegate) << "Authorization delegate missing!";
   31217     if (!authorization_delegate->CheckResponseAuthorization(
   31218         response_hash,
   31219         authorization_section_bytes)) {
   31220       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31221     }
   31222   }
   31223   return TPM_RC_SUCCESS;
   31224 }
   31225 
   31226 void HierarchyControlErrorCallback(
   31227     const Tpm::HierarchyControlResponse& callback,
   31228     TPM_RC response_code) {
   31229   VLOG(1) << __func__;
   31230   callback.Run(response_code);
   31231 }
   31232 
   31233 void HierarchyControlResponseParser(
   31234     const Tpm::HierarchyControlResponse& callback,
   31235     AuthorizationDelegate* authorization_delegate,
   31236     const std::string& response) {
   31237   VLOG(1) << __func__;
   31238   base::Callback<void(TPM_RC)> error_reporter =
   31239       base::Bind(HierarchyControlErrorCallback, callback);
   31240   TPM_RC rc = Tpm::ParseResponse_HierarchyControl(
   31241       response,
   31242       authorization_delegate);
   31243   if (rc != TPM_RC_SUCCESS) {
   31244     error_reporter.Run(rc);
   31245     return;
   31246   }
   31247   callback.Run(
   31248       rc);
   31249 }
   31250 
   31251 void Tpm::HierarchyControl(
   31252       const TPMI_RH_HIERARCHY& auth_handle,
   31253       const std::string& auth_handle_name,
   31254       const TPMI_RH_ENABLES& enable,
   31255       const TPMI_YES_NO& state,
   31256       AuthorizationDelegate* authorization_delegate,
   31257       const HierarchyControlResponse& callback) {
   31258   VLOG(1) << __func__;
   31259   base::Callback<void(TPM_RC)> error_reporter =
   31260       base::Bind(HierarchyControlErrorCallback, callback);
   31261   base::Callback<void(const std::string&)> parser =
   31262       base::Bind(HierarchyControlResponseParser,
   31263                  callback,
   31264                  authorization_delegate);
   31265   std::string command;
   31266   TPM_RC rc = SerializeCommand_HierarchyControl(
   31267       auth_handle,
   31268       auth_handle_name,
   31269       enable,
   31270       state,
   31271       &command,
   31272       authorization_delegate);
   31273   if (rc != TPM_RC_SUCCESS) {
   31274     error_reporter.Run(rc);
   31275     return;
   31276   }
   31277   transceiver_->SendCommand(command, parser);
   31278 }
   31279 
   31280 TPM_RC Tpm::HierarchyControlSync(
   31281       const TPMI_RH_HIERARCHY& auth_handle,
   31282       const std::string& auth_handle_name,
   31283       const TPMI_RH_ENABLES& enable,
   31284       const TPMI_YES_NO& state,
   31285       AuthorizationDelegate* authorization_delegate) {
   31286   VLOG(1) << __func__;
   31287   std::string command;
   31288   TPM_RC rc = SerializeCommand_HierarchyControl(
   31289       auth_handle,
   31290       auth_handle_name,
   31291       enable,
   31292       state,
   31293       &command,
   31294       authorization_delegate);
   31295   if (rc != TPM_RC_SUCCESS) {
   31296     return rc;
   31297   }
   31298   std::string response = transceiver_->SendCommandAndWait(command);
   31299   rc = ParseResponse_HierarchyControl(
   31300       response,
   31301       authorization_delegate);
   31302   return rc;
   31303 }
   31304 
   31305 TPM_RC Tpm::SerializeCommand_SetPrimaryPolicy(
   31306       const TPMI_RH_HIERARCHY& auth_handle,
   31307       const std::string& auth_handle_name,
   31308       const TPM2B_DIGEST& auth_policy,
   31309       const TPMI_ALG_HASH& hash_alg,
   31310       std::string* serialized_command,
   31311       AuthorizationDelegate* authorization_delegate) {
   31312   VLOG(3) << __func__;
   31313   TPM_RC rc = TPM_RC_SUCCESS;
   31314   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   31315   UINT32 command_size = 10;  // Header size.
   31316   std::string handle_section_bytes;
   31317   std::string parameter_section_bytes;
   31318   TPM_CC command_code = TPM_CC_SetPrimaryPolicy;
   31319   bool is_command_parameter_encryption_possible = true;
   31320   bool is_response_parameter_encryption_possible = false;
   31321   std::string command_code_bytes;
   31322   rc = Serialize_TPM_CC(
   31323       command_code,
   31324       &command_code_bytes);
   31325   if (rc != TPM_RC_SUCCESS) {
   31326     return rc;
   31327   }
   31328   std::string auth_handle_bytes;
   31329   rc = Serialize_TPMI_RH_HIERARCHY(
   31330       auth_handle,
   31331       &auth_handle_bytes);
   31332   if (rc != TPM_RC_SUCCESS) {
   31333     return rc;
   31334   }
   31335   std::string auth_policy_bytes;
   31336   rc = Serialize_TPM2B_DIGEST(
   31337       auth_policy,
   31338       &auth_policy_bytes);
   31339   if (rc != TPM_RC_SUCCESS) {
   31340     return rc;
   31341   }
   31342   std::string hash_alg_bytes;
   31343   rc = Serialize_TPMI_ALG_HASH(
   31344       hash_alg,
   31345       &hash_alg_bytes);
   31346   if (rc != TPM_RC_SUCCESS) {
   31347     return rc;
   31348   }
   31349   if (authorization_delegate) {
   31350     // Encrypt just the parameter data, not the size.
   31351     std::string tmp = auth_policy_bytes.substr(2);
   31352     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   31353       return TRUNKS_RC_ENCRYPTION_FAILED;
   31354     }
   31355     auth_policy_bytes.replace(2, std::string::npos, tmp);
   31356   }
   31357   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   31358       crypto::SecureHash::SHA256));
   31359   hash->Update(command_code_bytes.data(),
   31360                command_code_bytes.size());
   31361   hash->Update(auth_handle_name.data(),
   31362                auth_handle_name.size());
   31363   handle_section_bytes += auth_handle_bytes;
   31364   command_size += auth_handle_bytes.size();
   31365   hash->Update(auth_policy_bytes.data(),
   31366                auth_policy_bytes.size());
   31367   parameter_section_bytes += auth_policy_bytes;
   31368   command_size += auth_policy_bytes.size();
   31369   hash->Update(hash_alg_bytes.data(),
   31370                hash_alg_bytes.size());
   31371   parameter_section_bytes += hash_alg_bytes;
   31372   command_size += hash_alg_bytes.size();
   31373   std::string command_hash(32, 0);
   31374   hash->Finish(string_as_array(&command_hash), command_hash.size());
   31375   std::string authorization_section_bytes;
   31376   std::string authorization_size_bytes;
   31377   if (authorization_delegate) {
   31378     if (!authorization_delegate->GetCommandAuthorization(
   31379         command_hash,
   31380         is_command_parameter_encryption_possible,
   31381         is_response_parameter_encryption_possible,
   31382         &authorization_section_bytes)) {
   31383       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31384     }
   31385     if (!authorization_section_bytes.empty()) {
   31386       tag = TPM_ST_SESSIONS;
   31387       std::string tmp;
   31388       rc = Serialize_UINT32(authorization_section_bytes.size(),
   31389                             &authorization_size_bytes);
   31390       if (rc != TPM_RC_SUCCESS) {
   31391         return rc;
   31392       }
   31393       command_size += authorization_size_bytes.size() +
   31394                       authorization_section_bytes.size();
   31395     }
   31396   }
   31397   std::string tag_bytes;
   31398   rc = Serialize_TPMI_ST_COMMAND_TAG(
   31399       tag,
   31400       &tag_bytes);
   31401   if (rc != TPM_RC_SUCCESS) {
   31402     return rc;
   31403   }
   31404   std::string command_size_bytes;
   31405   rc = Serialize_UINT32(
   31406       command_size,
   31407       &command_size_bytes);
   31408   if (rc != TPM_RC_SUCCESS) {
   31409     return rc;
   31410   }
   31411   *serialized_command = tag_bytes +
   31412                         command_size_bytes +
   31413                         command_code_bytes +
   31414                         handle_section_bytes +
   31415                         authorization_size_bytes +
   31416                         authorization_section_bytes +
   31417                         parameter_section_bytes;
   31418   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   31419   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   31420                                             serialized_command->size());
   31421   return TPM_RC_SUCCESS;
   31422 }
   31423 
   31424 TPM_RC Tpm::ParseResponse_SetPrimaryPolicy(
   31425       const std::string& response,
   31426       AuthorizationDelegate* authorization_delegate) {
   31427   VLOG(3) << __func__;
   31428   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   31429   TPM_RC rc = TPM_RC_SUCCESS;
   31430   std::string buffer(response);
   31431   TPM_ST tag;
   31432   std::string tag_bytes;
   31433   rc = Parse_TPM_ST(
   31434       &buffer,
   31435       &tag,
   31436       &tag_bytes);
   31437   if (rc != TPM_RC_SUCCESS) {
   31438     return rc;
   31439   }
   31440   UINT32 response_size;
   31441   std::string response_size_bytes;
   31442   rc = Parse_UINT32(
   31443       &buffer,
   31444       &response_size,
   31445       &response_size_bytes);
   31446   if (rc != TPM_RC_SUCCESS) {
   31447     return rc;
   31448   }
   31449   TPM_RC response_code;
   31450   std::string response_code_bytes;
   31451   rc = Parse_TPM_RC(
   31452       &buffer,
   31453       &response_code,
   31454       &response_code_bytes);
   31455   if (rc != TPM_RC_SUCCESS) {
   31456     return rc;
   31457   }
   31458   if (response_size != response.size()) {
   31459     return TPM_RC_SIZE;
   31460   }
   31461   if (response_code != TPM_RC_SUCCESS) {
   31462     return response_code;
   31463   }
   31464   TPM_CC command_code = TPM_CC_SetPrimaryPolicy;
   31465   std::string command_code_bytes;
   31466   rc = Serialize_TPM_CC(
   31467       command_code,
   31468       &command_code_bytes);
   31469   if (rc != TPM_RC_SUCCESS) {
   31470     return rc;
   31471   }
   31472   std::string authorization_section_bytes;
   31473   if (tag == TPM_ST_SESSIONS) {
   31474     UINT32 parameter_section_size = buffer.size();
   31475     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   31476     if (rc != TPM_RC_SUCCESS) {
   31477       return rc;
   31478     }
   31479     if (parameter_section_size > buffer.size()) {
   31480       return TPM_RC_INSUFFICIENT;
   31481     }
   31482     authorization_section_bytes = buffer.substr(parameter_section_size);
   31483     // Keep the parameter section in |buffer|.
   31484     buffer.erase(parameter_section_size);
   31485   }
   31486   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   31487       crypto::SecureHash::SHA256));
   31488   hash->Update(response_code_bytes.data(),
   31489                response_code_bytes.size());
   31490   hash->Update(command_code_bytes.data(),
   31491                command_code_bytes.size());
   31492   hash->Update(buffer.data(),
   31493                buffer.size());
   31494   std::string response_hash(32, 0);
   31495   hash->Finish(string_as_array(&response_hash), response_hash.size());
   31496   if (tag == TPM_ST_SESSIONS) {
   31497     CHECK(authorization_delegate) << "Authorization delegate missing!";
   31498     if (!authorization_delegate->CheckResponseAuthorization(
   31499         response_hash,
   31500         authorization_section_bytes)) {
   31501       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31502     }
   31503   }
   31504   return TPM_RC_SUCCESS;
   31505 }
   31506 
   31507 void SetPrimaryPolicyErrorCallback(
   31508     const Tpm::SetPrimaryPolicyResponse& callback,
   31509     TPM_RC response_code) {
   31510   VLOG(1) << __func__;
   31511   callback.Run(response_code);
   31512 }
   31513 
   31514 void SetPrimaryPolicyResponseParser(
   31515     const Tpm::SetPrimaryPolicyResponse& callback,
   31516     AuthorizationDelegate* authorization_delegate,
   31517     const std::string& response) {
   31518   VLOG(1) << __func__;
   31519   base::Callback<void(TPM_RC)> error_reporter =
   31520       base::Bind(SetPrimaryPolicyErrorCallback, callback);
   31521   TPM_RC rc = Tpm::ParseResponse_SetPrimaryPolicy(
   31522       response,
   31523       authorization_delegate);
   31524   if (rc != TPM_RC_SUCCESS) {
   31525     error_reporter.Run(rc);
   31526     return;
   31527   }
   31528   callback.Run(
   31529       rc);
   31530 }
   31531 
   31532 void Tpm::SetPrimaryPolicy(
   31533       const TPMI_RH_HIERARCHY& auth_handle,
   31534       const std::string& auth_handle_name,
   31535       const TPM2B_DIGEST& auth_policy,
   31536       const TPMI_ALG_HASH& hash_alg,
   31537       AuthorizationDelegate* authorization_delegate,
   31538       const SetPrimaryPolicyResponse& callback) {
   31539   VLOG(1) << __func__;
   31540   base::Callback<void(TPM_RC)> error_reporter =
   31541       base::Bind(SetPrimaryPolicyErrorCallback, callback);
   31542   base::Callback<void(const std::string&)> parser =
   31543       base::Bind(SetPrimaryPolicyResponseParser,
   31544                  callback,
   31545                  authorization_delegate);
   31546   std::string command;
   31547   TPM_RC rc = SerializeCommand_SetPrimaryPolicy(
   31548       auth_handle,
   31549       auth_handle_name,
   31550       auth_policy,
   31551       hash_alg,
   31552       &command,
   31553       authorization_delegate);
   31554   if (rc != TPM_RC_SUCCESS) {
   31555     error_reporter.Run(rc);
   31556     return;
   31557   }
   31558   transceiver_->SendCommand(command, parser);
   31559 }
   31560 
   31561 TPM_RC Tpm::SetPrimaryPolicySync(
   31562       const TPMI_RH_HIERARCHY& auth_handle,
   31563       const std::string& auth_handle_name,
   31564       const TPM2B_DIGEST& auth_policy,
   31565       const TPMI_ALG_HASH& hash_alg,
   31566       AuthorizationDelegate* authorization_delegate) {
   31567   VLOG(1) << __func__;
   31568   std::string command;
   31569   TPM_RC rc = SerializeCommand_SetPrimaryPolicy(
   31570       auth_handle,
   31571       auth_handle_name,
   31572       auth_policy,
   31573       hash_alg,
   31574       &command,
   31575       authorization_delegate);
   31576   if (rc != TPM_RC_SUCCESS) {
   31577     return rc;
   31578   }
   31579   std::string response = transceiver_->SendCommandAndWait(command);
   31580   rc = ParseResponse_SetPrimaryPolicy(
   31581       response,
   31582       authorization_delegate);
   31583   return rc;
   31584 }
   31585 
   31586 TPM_RC Tpm::SerializeCommand_ChangePPS(
   31587       const TPMI_RH_PLATFORM& auth_handle,
   31588       const std::string& auth_handle_name,
   31589       std::string* serialized_command,
   31590       AuthorizationDelegate* authorization_delegate) {
   31591   VLOG(3) << __func__;
   31592   TPM_RC rc = TPM_RC_SUCCESS;
   31593   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   31594   UINT32 command_size = 10;  // Header size.
   31595   std::string handle_section_bytes;
   31596   std::string parameter_section_bytes;
   31597   TPM_CC command_code = TPM_CC_ChangePPS;
   31598   bool is_command_parameter_encryption_possible = false;
   31599   bool is_response_parameter_encryption_possible = false;
   31600   std::string command_code_bytes;
   31601   rc = Serialize_TPM_CC(
   31602       command_code,
   31603       &command_code_bytes);
   31604   if (rc != TPM_RC_SUCCESS) {
   31605     return rc;
   31606   }
   31607   std::string auth_handle_bytes;
   31608   rc = Serialize_TPMI_RH_PLATFORM(
   31609       auth_handle,
   31610       &auth_handle_bytes);
   31611   if (rc != TPM_RC_SUCCESS) {
   31612     return rc;
   31613   }
   31614   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   31615       crypto::SecureHash::SHA256));
   31616   hash->Update(command_code_bytes.data(),
   31617                command_code_bytes.size());
   31618   hash->Update(auth_handle_name.data(),
   31619                auth_handle_name.size());
   31620   handle_section_bytes += auth_handle_bytes;
   31621   command_size += auth_handle_bytes.size();
   31622   std::string command_hash(32, 0);
   31623   hash->Finish(string_as_array(&command_hash), command_hash.size());
   31624   std::string authorization_section_bytes;
   31625   std::string authorization_size_bytes;
   31626   if (authorization_delegate) {
   31627     if (!authorization_delegate->GetCommandAuthorization(
   31628         command_hash,
   31629         is_command_parameter_encryption_possible,
   31630         is_response_parameter_encryption_possible,
   31631         &authorization_section_bytes)) {
   31632       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31633     }
   31634     if (!authorization_section_bytes.empty()) {
   31635       tag = TPM_ST_SESSIONS;
   31636       std::string tmp;
   31637       rc = Serialize_UINT32(authorization_section_bytes.size(),
   31638                             &authorization_size_bytes);
   31639       if (rc != TPM_RC_SUCCESS) {
   31640         return rc;
   31641       }
   31642       command_size += authorization_size_bytes.size() +
   31643                       authorization_section_bytes.size();
   31644     }
   31645   }
   31646   std::string tag_bytes;
   31647   rc = Serialize_TPMI_ST_COMMAND_TAG(
   31648       tag,
   31649       &tag_bytes);
   31650   if (rc != TPM_RC_SUCCESS) {
   31651     return rc;
   31652   }
   31653   std::string command_size_bytes;
   31654   rc = Serialize_UINT32(
   31655       command_size,
   31656       &command_size_bytes);
   31657   if (rc != TPM_RC_SUCCESS) {
   31658     return rc;
   31659   }
   31660   *serialized_command = tag_bytes +
   31661                         command_size_bytes +
   31662                         command_code_bytes +
   31663                         handle_section_bytes +
   31664                         authorization_size_bytes +
   31665                         authorization_section_bytes +
   31666                         parameter_section_bytes;
   31667   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   31668   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   31669                                             serialized_command->size());
   31670   return TPM_RC_SUCCESS;
   31671 }
   31672 
   31673 TPM_RC Tpm::ParseResponse_ChangePPS(
   31674       const std::string& response,
   31675       AuthorizationDelegate* authorization_delegate) {
   31676   VLOG(3) << __func__;
   31677   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   31678   TPM_RC rc = TPM_RC_SUCCESS;
   31679   std::string buffer(response);
   31680   TPM_ST tag;
   31681   std::string tag_bytes;
   31682   rc = Parse_TPM_ST(
   31683       &buffer,
   31684       &tag,
   31685       &tag_bytes);
   31686   if (rc != TPM_RC_SUCCESS) {
   31687     return rc;
   31688   }
   31689   UINT32 response_size;
   31690   std::string response_size_bytes;
   31691   rc = Parse_UINT32(
   31692       &buffer,
   31693       &response_size,
   31694       &response_size_bytes);
   31695   if (rc != TPM_RC_SUCCESS) {
   31696     return rc;
   31697   }
   31698   TPM_RC response_code;
   31699   std::string response_code_bytes;
   31700   rc = Parse_TPM_RC(
   31701       &buffer,
   31702       &response_code,
   31703       &response_code_bytes);
   31704   if (rc != TPM_RC_SUCCESS) {
   31705     return rc;
   31706   }
   31707   if (response_size != response.size()) {
   31708     return TPM_RC_SIZE;
   31709   }
   31710   if (response_code != TPM_RC_SUCCESS) {
   31711     return response_code;
   31712   }
   31713   TPM_CC command_code = TPM_CC_ChangePPS;
   31714   std::string command_code_bytes;
   31715   rc = Serialize_TPM_CC(
   31716       command_code,
   31717       &command_code_bytes);
   31718   if (rc != TPM_RC_SUCCESS) {
   31719     return rc;
   31720   }
   31721   std::string authorization_section_bytes;
   31722   if (tag == TPM_ST_SESSIONS) {
   31723     UINT32 parameter_section_size = buffer.size();
   31724     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   31725     if (rc != TPM_RC_SUCCESS) {
   31726       return rc;
   31727     }
   31728     if (parameter_section_size > buffer.size()) {
   31729       return TPM_RC_INSUFFICIENT;
   31730     }
   31731     authorization_section_bytes = buffer.substr(parameter_section_size);
   31732     // Keep the parameter section in |buffer|.
   31733     buffer.erase(parameter_section_size);
   31734   }
   31735   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   31736       crypto::SecureHash::SHA256));
   31737   hash->Update(response_code_bytes.data(),
   31738                response_code_bytes.size());
   31739   hash->Update(command_code_bytes.data(),
   31740                command_code_bytes.size());
   31741   hash->Update(buffer.data(),
   31742                buffer.size());
   31743   std::string response_hash(32, 0);
   31744   hash->Finish(string_as_array(&response_hash), response_hash.size());
   31745   if (tag == TPM_ST_SESSIONS) {
   31746     CHECK(authorization_delegate) << "Authorization delegate missing!";
   31747     if (!authorization_delegate->CheckResponseAuthorization(
   31748         response_hash,
   31749         authorization_section_bytes)) {
   31750       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31751     }
   31752   }
   31753   return TPM_RC_SUCCESS;
   31754 }
   31755 
   31756 void ChangePPSErrorCallback(
   31757     const Tpm::ChangePPSResponse& callback,
   31758     TPM_RC response_code) {
   31759   VLOG(1) << __func__;
   31760   callback.Run(response_code);
   31761 }
   31762 
   31763 void ChangePPSResponseParser(
   31764     const Tpm::ChangePPSResponse& callback,
   31765     AuthorizationDelegate* authorization_delegate,
   31766     const std::string& response) {
   31767   VLOG(1) << __func__;
   31768   base::Callback<void(TPM_RC)> error_reporter =
   31769       base::Bind(ChangePPSErrorCallback, callback);
   31770   TPM_RC rc = Tpm::ParseResponse_ChangePPS(
   31771       response,
   31772       authorization_delegate);
   31773   if (rc != TPM_RC_SUCCESS) {
   31774     error_reporter.Run(rc);
   31775     return;
   31776   }
   31777   callback.Run(
   31778       rc);
   31779 }
   31780 
   31781 void Tpm::ChangePPS(
   31782       const TPMI_RH_PLATFORM& auth_handle,
   31783       const std::string& auth_handle_name,
   31784       AuthorizationDelegate* authorization_delegate,
   31785       const ChangePPSResponse& callback) {
   31786   VLOG(1) << __func__;
   31787   base::Callback<void(TPM_RC)> error_reporter =
   31788       base::Bind(ChangePPSErrorCallback, callback);
   31789   base::Callback<void(const std::string&)> parser =
   31790       base::Bind(ChangePPSResponseParser,
   31791                  callback,
   31792                  authorization_delegate);
   31793   std::string command;
   31794   TPM_RC rc = SerializeCommand_ChangePPS(
   31795       auth_handle,
   31796       auth_handle_name,
   31797       &command,
   31798       authorization_delegate);
   31799   if (rc != TPM_RC_SUCCESS) {
   31800     error_reporter.Run(rc);
   31801     return;
   31802   }
   31803   transceiver_->SendCommand(command, parser);
   31804 }
   31805 
   31806 TPM_RC Tpm::ChangePPSSync(
   31807       const TPMI_RH_PLATFORM& auth_handle,
   31808       const std::string& auth_handle_name,
   31809       AuthorizationDelegate* authorization_delegate) {
   31810   VLOG(1) << __func__;
   31811   std::string command;
   31812   TPM_RC rc = SerializeCommand_ChangePPS(
   31813       auth_handle,
   31814       auth_handle_name,
   31815       &command,
   31816       authorization_delegate);
   31817   if (rc != TPM_RC_SUCCESS) {
   31818     return rc;
   31819   }
   31820   std::string response = transceiver_->SendCommandAndWait(command);
   31821   rc = ParseResponse_ChangePPS(
   31822       response,
   31823       authorization_delegate);
   31824   return rc;
   31825 }
   31826 
   31827 TPM_RC Tpm::SerializeCommand_ChangeEPS(
   31828       const TPMI_RH_PLATFORM& auth_handle,
   31829       const std::string& auth_handle_name,
   31830       std::string* serialized_command,
   31831       AuthorizationDelegate* authorization_delegate) {
   31832   VLOG(3) << __func__;
   31833   TPM_RC rc = TPM_RC_SUCCESS;
   31834   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   31835   UINT32 command_size = 10;  // Header size.
   31836   std::string handle_section_bytes;
   31837   std::string parameter_section_bytes;
   31838   TPM_CC command_code = TPM_CC_ChangeEPS;
   31839   bool is_command_parameter_encryption_possible = false;
   31840   bool is_response_parameter_encryption_possible = false;
   31841   std::string command_code_bytes;
   31842   rc = Serialize_TPM_CC(
   31843       command_code,
   31844       &command_code_bytes);
   31845   if (rc != TPM_RC_SUCCESS) {
   31846     return rc;
   31847   }
   31848   std::string auth_handle_bytes;
   31849   rc = Serialize_TPMI_RH_PLATFORM(
   31850       auth_handle,
   31851       &auth_handle_bytes);
   31852   if (rc != TPM_RC_SUCCESS) {
   31853     return rc;
   31854   }
   31855   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   31856       crypto::SecureHash::SHA256));
   31857   hash->Update(command_code_bytes.data(),
   31858                command_code_bytes.size());
   31859   hash->Update(auth_handle_name.data(),
   31860                auth_handle_name.size());
   31861   handle_section_bytes += auth_handle_bytes;
   31862   command_size += auth_handle_bytes.size();
   31863   std::string command_hash(32, 0);
   31864   hash->Finish(string_as_array(&command_hash), command_hash.size());
   31865   std::string authorization_section_bytes;
   31866   std::string authorization_size_bytes;
   31867   if (authorization_delegate) {
   31868     if (!authorization_delegate->GetCommandAuthorization(
   31869         command_hash,
   31870         is_command_parameter_encryption_possible,
   31871         is_response_parameter_encryption_possible,
   31872         &authorization_section_bytes)) {
   31873       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31874     }
   31875     if (!authorization_section_bytes.empty()) {
   31876       tag = TPM_ST_SESSIONS;
   31877       std::string tmp;
   31878       rc = Serialize_UINT32(authorization_section_bytes.size(),
   31879                             &authorization_size_bytes);
   31880       if (rc != TPM_RC_SUCCESS) {
   31881         return rc;
   31882       }
   31883       command_size += authorization_size_bytes.size() +
   31884                       authorization_section_bytes.size();
   31885     }
   31886   }
   31887   std::string tag_bytes;
   31888   rc = Serialize_TPMI_ST_COMMAND_TAG(
   31889       tag,
   31890       &tag_bytes);
   31891   if (rc != TPM_RC_SUCCESS) {
   31892     return rc;
   31893   }
   31894   std::string command_size_bytes;
   31895   rc = Serialize_UINT32(
   31896       command_size,
   31897       &command_size_bytes);
   31898   if (rc != TPM_RC_SUCCESS) {
   31899     return rc;
   31900   }
   31901   *serialized_command = tag_bytes +
   31902                         command_size_bytes +
   31903                         command_code_bytes +
   31904                         handle_section_bytes +
   31905                         authorization_size_bytes +
   31906                         authorization_section_bytes +
   31907                         parameter_section_bytes;
   31908   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   31909   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   31910                                             serialized_command->size());
   31911   return TPM_RC_SUCCESS;
   31912 }
   31913 
   31914 TPM_RC Tpm::ParseResponse_ChangeEPS(
   31915       const std::string& response,
   31916       AuthorizationDelegate* authorization_delegate) {
   31917   VLOG(3) << __func__;
   31918   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   31919   TPM_RC rc = TPM_RC_SUCCESS;
   31920   std::string buffer(response);
   31921   TPM_ST tag;
   31922   std::string tag_bytes;
   31923   rc = Parse_TPM_ST(
   31924       &buffer,
   31925       &tag,
   31926       &tag_bytes);
   31927   if (rc != TPM_RC_SUCCESS) {
   31928     return rc;
   31929   }
   31930   UINT32 response_size;
   31931   std::string response_size_bytes;
   31932   rc = Parse_UINT32(
   31933       &buffer,
   31934       &response_size,
   31935       &response_size_bytes);
   31936   if (rc != TPM_RC_SUCCESS) {
   31937     return rc;
   31938   }
   31939   TPM_RC response_code;
   31940   std::string response_code_bytes;
   31941   rc = Parse_TPM_RC(
   31942       &buffer,
   31943       &response_code,
   31944       &response_code_bytes);
   31945   if (rc != TPM_RC_SUCCESS) {
   31946     return rc;
   31947   }
   31948   if (response_size != response.size()) {
   31949     return TPM_RC_SIZE;
   31950   }
   31951   if (response_code != TPM_RC_SUCCESS) {
   31952     return response_code;
   31953   }
   31954   TPM_CC command_code = TPM_CC_ChangeEPS;
   31955   std::string command_code_bytes;
   31956   rc = Serialize_TPM_CC(
   31957       command_code,
   31958       &command_code_bytes);
   31959   if (rc != TPM_RC_SUCCESS) {
   31960     return rc;
   31961   }
   31962   std::string authorization_section_bytes;
   31963   if (tag == TPM_ST_SESSIONS) {
   31964     UINT32 parameter_section_size = buffer.size();
   31965     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   31966     if (rc != TPM_RC_SUCCESS) {
   31967       return rc;
   31968     }
   31969     if (parameter_section_size > buffer.size()) {
   31970       return TPM_RC_INSUFFICIENT;
   31971     }
   31972     authorization_section_bytes = buffer.substr(parameter_section_size);
   31973     // Keep the parameter section in |buffer|.
   31974     buffer.erase(parameter_section_size);
   31975   }
   31976   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   31977       crypto::SecureHash::SHA256));
   31978   hash->Update(response_code_bytes.data(),
   31979                response_code_bytes.size());
   31980   hash->Update(command_code_bytes.data(),
   31981                command_code_bytes.size());
   31982   hash->Update(buffer.data(),
   31983                buffer.size());
   31984   std::string response_hash(32, 0);
   31985   hash->Finish(string_as_array(&response_hash), response_hash.size());
   31986   if (tag == TPM_ST_SESSIONS) {
   31987     CHECK(authorization_delegate) << "Authorization delegate missing!";
   31988     if (!authorization_delegate->CheckResponseAuthorization(
   31989         response_hash,
   31990         authorization_section_bytes)) {
   31991       return TRUNKS_RC_AUTHORIZATION_FAILED;
   31992     }
   31993   }
   31994   return TPM_RC_SUCCESS;
   31995 }
   31996 
   31997 void ChangeEPSErrorCallback(
   31998     const Tpm::ChangeEPSResponse& callback,
   31999     TPM_RC response_code) {
   32000   VLOG(1) << __func__;
   32001   callback.Run(response_code);
   32002 }
   32003 
   32004 void ChangeEPSResponseParser(
   32005     const Tpm::ChangeEPSResponse& callback,
   32006     AuthorizationDelegate* authorization_delegate,
   32007     const std::string& response) {
   32008   VLOG(1) << __func__;
   32009   base::Callback<void(TPM_RC)> error_reporter =
   32010       base::Bind(ChangeEPSErrorCallback, callback);
   32011   TPM_RC rc = Tpm::ParseResponse_ChangeEPS(
   32012       response,
   32013       authorization_delegate);
   32014   if (rc != TPM_RC_SUCCESS) {
   32015     error_reporter.Run(rc);
   32016     return;
   32017   }
   32018   callback.Run(
   32019       rc);
   32020 }
   32021 
   32022 void Tpm::ChangeEPS(
   32023       const TPMI_RH_PLATFORM& auth_handle,
   32024       const std::string& auth_handle_name,
   32025       AuthorizationDelegate* authorization_delegate,
   32026       const ChangeEPSResponse& callback) {
   32027   VLOG(1) << __func__;
   32028   base::Callback<void(TPM_RC)> error_reporter =
   32029       base::Bind(ChangeEPSErrorCallback, callback);
   32030   base::Callback<void(const std::string&)> parser =
   32031       base::Bind(ChangeEPSResponseParser,
   32032                  callback,
   32033                  authorization_delegate);
   32034   std::string command;
   32035   TPM_RC rc = SerializeCommand_ChangeEPS(
   32036       auth_handle,
   32037       auth_handle_name,
   32038       &command,
   32039       authorization_delegate);
   32040   if (rc != TPM_RC_SUCCESS) {
   32041     error_reporter.Run(rc);
   32042     return;
   32043   }
   32044   transceiver_->SendCommand(command, parser);
   32045 }
   32046 
   32047 TPM_RC Tpm::ChangeEPSSync(
   32048       const TPMI_RH_PLATFORM& auth_handle,
   32049       const std::string& auth_handle_name,
   32050       AuthorizationDelegate* authorization_delegate) {
   32051   VLOG(1) << __func__;
   32052   std::string command;
   32053   TPM_RC rc = SerializeCommand_ChangeEPS(
   32054       auth_handle,
   32055       auth_handle_name,
   32056       &command,
   32057       authorization_delegate);
   32058   if (rc != TPM_RC_SUCCESS) {
   32059     return rc;
   32060   }
   32061   std::string response = transceiver_->SendCommandAndWait(command);
   32062   rc = ParseResponse_ChangeEPS(
   32063       response,
   32064       authorization_delegate);
   32065   return rc;
   32066 }
   32067 
   32068 TPM_RC Tpm::SerializeCommand_Clear(
   32069       const TPMI_RH_CLEAR& auth_handle,
   32070       const std::string& auth_handle_name,
   32071       std::string* serialized_command,
   32072       AuthorizationDelegate* authorization_delegate) {
   32073   VLOG(3) << __func__;
   32074   TPM_RC rc = TPM_RC_SUCCESS;
   32075   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   32076   UINT32 command_size = 10;  // Header size.
   32077   std::string handle_section_bytes;
   32078   std::string parameter_section_bytes;
   32079   TPM_CC command_code = TPM_CC_Clear;
   32080   bool is_command_parameter_encryption_possible = false;
   32081   bool is_response_parameter_encryption_possible = false;
   32082   std::string command_code_bytes;
   32083   rc = Serialize_TPM_CC(
   32084       command_code,
   32085       &command_code_bytes);
   32086   if (rc != TPM_RC_SUCCESS) {
   32087     return rc;
   32088   }
   32089   std::string auth_handle_bytes;
   32090   rc = Serialize_TPMI_RH_CLEAR(
   32091       auth_handle,
   32092       &auth_handle_bytes);
   32093   if (rc != TPM_RC_SUCCESS) {
   32094     return rc;
   32095   }
   32096   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   32097       crypto::SecureHash::SHA256));
   32098   hash->Update(command_code_bytes.data(),
   32099                command_code_bytes.size());
   32100   hash->Update(auth_handle_name.data(),
   32101                auth_handle_name.size());
   32102   handle_section_bytes += auth_handle_bytes;
   32103   command_size += auth_handle_bytes.size();
   32104   std::string command_hash(32, 0);
   32105   hash->Finish(string_as_array(&command_hash), command_hash.size());
   32106   std::string authorization_section_bytes;
   32107   std::string authorization_size_bytes;
   32108   if (authorization_delegate) {
   32109     if (!authorization_delegate->GetCommandAuthorization(
   32110         command_hash,
   32111         is_command_parameter_encryption_possible,
   32112         is_response_parameter_encryption_possible,
   32113         &authorization_section_bytes)) {
   32114       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32115     }
   32116     if (!authorization_section_bytes.empty()) {
   32117       tag = TPM_ST_SESSIONS;
   32118       std::string tmp;
   32119       rc = Serialize_UINT32(authorization_section_bytes.size(),
   32120                             &authorization_size_bytes);
   32121       if (rc != TPM_RC_SUCCESS) {
   32122         return rc;
   32123       }
   32124       command_size += authorization_size_bytes.size() +
   32125                       authorization_section_bytes.size();
   32126     }
   32127   }
   32128   std::string tag_bytes;
   32129   rc = Serialize_TPMI_ST_COMMAND_TAG(
   32130       tag,
   32131       &tag_bytes);
   32132   if (rc != TPM_RC_SUCCESS) {
   32133     return rc;
   32134   }
   32135   std::string command_size_bytes;
   32136   rc = Serialize_UINT32(
   32137       command_size,
   32138       &command_size_bytes);
   32139   if (rc != TPM_RC_SUCCESS) {
   32140     return rc;
   32141   }
   32142   *serialized_command = tag_bytes +
   32143                         command_size_bytes +
   32144                         command_code_bytes +
   32145                         handle_section_bytes +
   32146                         authorization_size_bytes +
   32147                         authorization_section_bytes +
   32148                         parameter_section_bytes;
   32149   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   32150   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   32151                                             serialized_command->size());
   32152   return TPM_RC_SUCCESS;
   32153 }
   32154 
   32155 TPM_RC Tpm::ParseResponse_Clear(
   32156       const std::string& response,
   32157       AuthorizationDelegate* authorization_delegate) {
   32158   VLOG(3) << __func__;
   32159   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   32160   TPM_RC rc = TPM_RC_SUCCESS;
   32161   std::string buffer(response);
   32162   TPM_ST tag;
   32163   std::string tag_bytes;
   32164   rc = Parse_TPM_ST(
   32165       &buffer,
   32166       &tag,
   32167       &tag_bytes);
   32168   if (rc != TPM_RC_SUCCESS) {
   32169     return rc;
   32170   }
   32171   UINT32 response_size;
   32172   std::string response_size_bytes;
   32173   rc = Parse_UINT32(
   32174       &buffer,
   32175       &response_size,
   32176       &response_size_bytes);
   32177   if (rc != TPM_RC_SUCCESS) {
   32178     return rc;
   32179   }
   32180   TPM_RC response_code;
   32181   std::string response_code_bytes;
   32182   rc = Parse_TPM_RC(
   32183       &buffer,
   32184       &response_code,
   32185       &response_code_bytes);
   32186   if (rc != TPM_RC_SUCCESS) {
   32187     return rc;
   32188   }
   32189   if (response_size != response.size()) {
   32190     return TPM_RC_SIZE;
   32191   }
   32192   if (response_code != TPM_RC_SUCCESS) {
   32193     return response_code;
   32194   }
   32195   TPM_CC command_code = TPM_CC_Clear;
   32196   std::string command_code_bytes;
   32197   rc = Serialize_TPM_CC(
   32198       command_code,
   32199       &command_code_bytes);
   32200   if (rc != TPM_RC_SUCCESS) {
   32201     return rc;
   32202   }
   32203   std::string authorization_section_bytes;
   32204   if (tag == TPM_ST_SESSIONS) {
   32205     UINT32 parameter_section_size = buffer.size();
   32206     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   32207     if (rc != TPM_RC_SUCCESS) {
   32208       return rc;
   32209     }
   32210     if (parameter_section_size > buffer.size()) {
   32211       return TPM_RC_INSUFFICIENT;
   32212     }
   32213     authorization_section_bytes = buffer.substr(parameter_section_size);
   32214     // Keep the parameter section in |buffer|.
   32215     buffer.erase(parameter_section_size);
   32216   }
   32217   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   32218       crypto::SecureHash::SHA256));
   32219   hash->Update(response_code_bytes.data(),
   32220                response_code_bytes.size());
   32221   hash->Update(command_code_bytes.data(),
   32222                command_code_bytes.size());
   32223   hash->Update(buffer.data(),
   32224                buffer.size());
   32225   std::string response_hash(32, 0);
   32226   hash->Finish(string_as_array(&response_hash), response_hash.size());
   32227   if (tag == TPM_ST_SESSIONS) {
   32228     CHECK(authorization_delegate) << "Authorization delegate missing!";
   32229     if (!authorization_delegate->CheckResponseAuthorization(
   32230         response_hash,
   32231         authorization_section_bytes)) {
   32232       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32233     }
   32234   }
   32235   return TPM_RC_SUCCESS;
   32236 }
   32237 
   32238 void ClearErrorCallback(
   32239     const Tpm::ClearResponse& callback,
   32240     TPM_RC response_code) {
   32241   VLOG(1) << __func__;
   32242   callback.Run(response_code);
   32243 }
   32244 
   32245 void ClearResponseParser(
   32246     const Tpm::ClearResponse& callback,
   32247     AuthorizationDelegate* authorization_delegate,
   32248     const std::string& response) {
   32249   VLOG(1) << __func__;
   32250   base::Callback<void(TPM_RC)> error_reporter =
   32251       base::Bind(ClearErrorCallback, callback);
   32252   TPM_RC rc = Tpm::ParseResponse_Clear(
   32253       response,
   32254       authorization_delegate);
   32255   if (rc != TPM_RC_SUCCESS) {
   32256     error_reporter.Run(rc);
   32257     return;
   32258   }
   32259   callback.Run(
   32260       rc);
   32261 }
   32262 
   32263 void Tpm::Clear(
   32264       const TPMI_RH_CLEAR& auth_handle,
   32265       const std::string& auth_handle_name,
   32266       AuthorizationDelegate* authorization_delegate,
   32267       const ClearResponse& callback) {
   32268   VLOG(1) << __func__;
   32269   base::Callback<void(TPM_RC)> error_reporter =
   32270       base::Bind(ClearErrorCallback, callback);
   32271   base::Callback<void(const std::string&)> parser =
   32272       base::Bind(ClearResponseParser,
   32273                  callback,
   32274                  authorization_delegate);
   32275   std::string command;
   32276   TPM_RC rc = SerializeCommand_Clear(
   32277       auth_handle,
   32278       auth_handle_name,
   32279       &command,
   32280       authorization_delegate);
   32281   if (rc != TPM_RC_SUCCESS) {
   32282     error_reporter.Run(rc);
   32283     return;
   32284   }
   32285   transceiver_->SendCommand(command, parser);
   32286 }
   32287 
   32288 TPM_RC Tpm::ClearSync(
   32289       const TPMI_RH_CLEAR& auth_handle,
   32290       const std::string& auth_handle_name,
   32291       AuthorizationDelegate* authorization_delegate) {
   32292   VLOG(1) << __func__;
   32293   std::string command;
   32294   TPM_RC rc = SerializeCommand_Clear(
   32295       auth_handle,
   32296       auth_handle_name,
   32297       &command,
   32298       authorization_delegate);
   32299   if (rc != TPM_RC_SUCCESS) {
   32300     return rc;
   32301   }
   32302   std::string response = transceiver_->SendCommandAndWait(command);
   32303   rc = ParseResponse_Clear(
   32304       response,
   32305       authorization_delegate);
   32306   return rc;
   32307 }
   32308 
   32309 TPM_RC Tpm::SerializeCommand_ClearControl(
   32310       const TPMI_RH_CLEAR& auth,
   32311       const std::string& auth_name,
   32312       const TPMI_YES_NO& disable,
   32313       std::string* serialized_command,
   32314       AuthorizationDelegate* authorization_delegate) {
   32315   VLOG(3) << __func__;
   32316   TPM_RC rc = TPM_RC_SUCCESS;
   32317   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   32318   UINT32 command_size = 10;  // Header size.
   32319   std::string handle_section_bytes;
   32320   std::string parameter_section_bytes;
   32321   TPM_CC command_code = TPM_CC_ClearControl;
   32322   bool is_command_parameter_encryption_possible = false;
   32323   bool is_response_parameter_encryption_possible = false;
   32324   std::string command_code_bytes;
   32325   rc = Serialize_TPM_CC(
   32326       command_code,
   32327       &command_code_bytes);
   32328   if (rc != TPM_RC_SUCCESS) {
   32329     return rc;
   32330   }
   32331   std::string auth_bytes;
   32332   rc = Serialize_TPMI_RH_CLEAR(
   32333       auth,
   32334       &auth_bytes);
   32335   if (rc != TPM_RC_SUCCESS) {
   32336     return rc;
   32337   }
   32338   std::string disable_bytes;
   32339   rc = Serialize_TPMI_YES_NO(
   32340       disable,
   32341       &disable_bytes);
   32342   if (rc != TPM_RC_SUCCESS) {
   32343     return rc;
   32344   }
   32345   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   32346       crypto::SecureHash::SHA256));
   32347   hash->Update(command_code_bytes.data(),
   32348                command_code_bytes.size());
   32349   hash->Update(auth_name.data(),
   32350                auth_name.size());
   32351   handle_section_bytes += auth_bytes;
   32352   command_size += auth_bytes.size();
   32353   hash->Update(disable_bytes.data(),
   32354                disable_bytes.size());
   32355   parameter_section_bytes += disable_bytes;
   32356   command_size += disable_bytes.size();
   32357   std::string command_hash(32, 0);
   32358   hash->Finish(string_as_array(&command_hash), command_hash.size());
   32359   std::string authorization_section_bytes;
   32360   std::string authorization_size_bytes;
   32361   if (authorization_delegate) {
   32362     if (!authorization_delegate->GetCommandAuthorization(
   32363         command_hash,
   32364         is_command_parameter_encryption_possible,
   32365         is_response_parameter_encryption_possible,
   32366         &authorization_section_bytes)) {
   32367       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32368     }
   32369     if (!authorization_section_bytes.empty()) {
   32370       tag = TPM_ST_SESSIONS;
   32371       std::string tmp;
   32372       rc = Serialize_UINT32(authorization_section_bytes.size(),
   32373                             &authorization_size_bytes);
   32374       if (rc != TPM_RC_SUCCESS) {
   32375         return rc;
   32376       }
   32377       command_size += authorization_size_bytes.size() +
   32378                       authorization_section_bytes.size();
   32379     }
   32380   }
   32381   std::string tag_bytes;
   32382   rc = Serialize_TPMI_ST_COMMAND_TAG(
   32383       tag,
   32384       &tag_bytes);
   32385   if (rc != TPM_RC_SUCCESS) {
   32386     return rc;
   32387   }
   32388   std::string command_size_bytes;
   32389   rc = Serialize_UINT32(
   32390       command_size,
   32391       &command_size_bytes);
   32392   if (rc != TPM_RC_SUCCESS) {
   32393     return rc;
   32394   }
   32395   *serialized_command = tag_bytes +
   32396                         command_size_bytes +
   32397                         command_code_bytes +
   32398                         handle_section_bytes +
   32399                         authorization_size_bytes +
   32400                         authorization_section_bytes +
   32401                         parameter_section_bytes;
   32402   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   32403   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   32404                                             serialized_command->size());
   32405   return TPM_RC_SUCCESS;
   32406 }
   32407 
   32408 TPM_RC Tpm::ParseResponse_ClearControl(
   32409       const std::string& response,
   32410       AuthorizationDelegate* authorization_delegate) {
   32411   VLOG(3) << __func__;
   32412   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   32413   TPM_RC rc = TPM_RC_SUCCESS;
   32414   std::string buffer(response);
   32415   TPM_ST tag;
   32416   std::string tag_bytes;
   32417   rc = Parse_TPM_ST(
   32418       &buffer,
   32419       &tag,
   32420       &tag_bytes);
   32421   if (rc != TPM_RC_SUCCESS) {
   32422     return rc;
   32423   }
   32424   UINT32 response_size;
   32425   std::string response_size_bytes;
   32426   rc = Parse_UINT32(
   32427       &buffer,
   32428       &response_size,
   32429       &response_size_bytes);
   32430   if (rc != TPM_RC_SUCCESS) {
   32431     return rc;
   32432   }
   32433   TPM_RC response_code;
   32434   std::string response_code_bytes;
   32435   rc = Parse_TPM_RC(
   32436       &buffer,
   32437       &response_code,
   32438       &response_code_bytes);
   32439   if (rc != TPM_RC_SUCCESS) {
   32440     return rc;
   32441   }
   32442   if (response_size != response.size()) {
   32443     return TPM_RC_SIZE;
   32444   }
   32445   if (response_code != TPM_RC_SUCCESS) {
   32446     return response_code;
   32447   }
   32448   TPM_CC command_code = TPM_CC_ClearControl;
   32449   std::string command_code_bytes;
   32450   rc = Serialize_TPM_CC(
   32451       command_code,
   32452       &command_code_bytes);
   32453   if (rc != TPM_RC_SUCCESS) {
   32454     return rc;
   32455   }
   32456   std::string authorization_section_bytes;
   32457   if (tag == TPM_ST_SESSIONS) {
   32458     UINT32 parameter_section_size = buffer.size();
   32459     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   32460     if (rc != TPM_RC_SUCCESS) {
   32461       return rc;
   32462     }
   32463     if (parameter_section_size > buffer.size()) {
   32464       return TPM_RC_INSUFFICIENT;
   32465     }
   32466     authorization_section_bytes = buffer.substr(parameter_section_size);
   32467     // Keep the parameter section in |buffer|.
   32468     buffer.erase(parameter_section_size);
   32469   }
   32470   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   32471       crypto::SecureHash::SHA256));
   32472   hash->Update(response_code_bytes.data(),
   32473                response_code_bytes.size());
   32474   hash->Update(command_code_bytes.data(),
   32475                command_code_bytes.size());
   32476   hash->Update(buffer.data(),
   32477                buffer.size());
   32478   std::string response_hash(32, 0);
   32479   hash->Finish(string_as_array(&response_hash), response_hash.size());
   32480   if (tag == TPM_ST_SESSIONS) {
   32481     CHECK(authorization_delegate) << "Authorization delegate missing!";
   32482     if (!authorization_delegate->CheckResponseAuthorization(
   32483         response_hash,
   32484         authorization_section_bytes)) {
   32485       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32486     }
   32487   }
   32488   return TPM_RC_SUCCESS;
   32489 }
   32490 
   32491 void ClearControlErrorCallback(
   32492     const Tpm::ClearControlResponse& callback,
   32493     TPM_RC response_code) {
   32494   VLOG(1) << __func__;
   32495   callback.Run(response_code);
   32496 }
   32497 
   32498 void ClearControlResponseParser(
   32499     const Tpm::ClearControlResponse& callback,
   32500     AuthorizationDelegate* authorization_delegate,
   32501     const std::string& response) {
   32502   VLOG(1) << __func__;
   32503   base::Callback<void(TPM_RC)> error_reporter =
   32504       base::Bind(ClearControlErrorCallback, callback);
   32505   TPM_RC rc = Tpm::ParseResponse_ClearControl(
   32506       response,
   32507       authorization_delegate);
   32508   if (rc != TPM_RC_SUCCESS) {
   32509     error_reporter.Run(rc);
   32510     return;
   32511   }
   32512   callback.Run(
   32513       rc);
   32514 }
   32515 
   32516 void Tpm::ClearControl(
   32517       const TPMI_RH_CLEAR& auth,
   32518       const std::string& auth_name,
   32519       const TPMI_YES_NO& disable,
   32520       AuthorizationDelegate* authorization_delegate,
   32521       const ClearControlResponse& callback) {
   32522   VLOG(1) << __func__;
   32523   base::Callback<void(TPM_RC)> error_reporter =
   32524       base::Bind(ClearControlErrorCallback, callback);
   32525   base::Callback<void(const std::string&)> parser =
   32526       base::Bind(ClearControlResponseParser,
   32527                  callback,
   32528                  authorization_delegate);
   32529   std::string command;
   32530   TPM_RC rc = SerializeCommand_ClearControl(
   32531       auth,
   32532       auth_name,
   32533       disable,
   32534       &command,
   32535       authorization_delegate);
   32536   if (rc != TPM_RC_SUCCESS) {
   32537     error_reporter.Run(rc);
   32538     return;
   32539   }
   32540   transceiver_->SendCommand(command, parser);
   32541 }
   32542 
   32543 TPM_RC Tpm::ClearControlSync(
   32544       const TPMI_RH_CLEAR& auth,
   32545       const std::string& auth_name,
   32546       const TPMI_YES_NO& disable,
   32547       AuthorizationDelegate* authorization_delegate) {
   32548   VLOG(1) << __func__;
   32549   std::string command;
   32550   TPM_RC rc = SerializeCommand_ClearControl(
   32551       auth,
   32552       auth_name,
   32553       disable,
   32554       &command,
   32555       authorization_delegate);
   32556   if (rc != TPM_RC_SUCCESS) {
   32557     return rc;
   32558   }
   32559   std::string response = transceiver_->SendCommandAndWait(command);
   32560   rc = ParseResponse_ClearControl(
   32561       response,
   32562       authorization_delegate);
   32563   return rc;
   32564 }
   32565 
   32566 TPM_RC Tpm::SerializeCommand_HierarchyChangeAuth(
   32567       const TPMI_RH_HIERARCHY_AUTH& auth_handle,
   32568       const std::string& auth_handle_name,
   32569       const TPM2B_AUTH& new_auth,
   32570       std::string* serialized_command,
   32571       AuthorizationDelegate* authorization_delegate) {
   32572   VLOG(3) << __func__;
   32573   TPM_RC rc = TPM_RC_SUCCESS;
   32574   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   32575   UINT32 command_size = 10;  // Header size.
   32576   std::string handle_section_bytes;
   32577   std::string parameter_section_bytes;
   32578   TPM_CC command_code = TPM_CC_HierarchyChangeAuth;
   32579   bool is_command_parameter_encryption_possible = true;
   32580   bool is_response_parameter_encryption_possible = false;
   32581   std::string command_code_bytes;
   32582   rc = Serialize_TPM_CC(
   32583       command_code,
   32584       &command_code_bytes);
   32585   if (rc != TPM_RC_SUCCESS) {
   32586     return rc;
   32587   }
   32588   std::string auth_handle_bytes;
   32589   rc = Serialize_TPMI_RH_HIERARCHY_AUTH(
   32590       auth_handle,
   32591       &auth_handle_bytes);
   32592   if (rc != TPM_RC_SUCCESS) {
   32593     return rc;
   32594   }
   32595   std::string new_auth_bytes;
   32596   rc = Serialize_TPM2B_AUTH(
   32597       new_auth,
   32598       &new_auth_bytes);
   32599   if (rc != TPM_RC_SUCCESS) {
   32600     return rc;
   32601   }
   32602   if (authorization_delegate) {
   32603     // Encrypt just the parameter data, not the size.
   32604     std::string tmp = new_auth_bytes.substr(2);
   32605     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   32606       return TRUNKS_RC_ENCRYPTION_FAILED;
   32607     }
   32608     new_auth_bytes.replace(2, std::string::npos, tmp);
   32609   }
   32610   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   32611       crypto::SecureHash::SHA256));
   32612   hash->Update(command_code_bytes.data(),
   32613                command_code_bytes.size());
   32614   hash->Update(auth_handle_name.data(),
   32615                auth_handle_name.size());
   32616   handle_section_bytes += auth_handle_bytes;
   32617   command_size += auth_handle_bytes.size();
   32618   hash->Update(new_auth_bytes.data(),
   32619                new_auth_bytes.size());
   32620   parameter_section_bytes += new_auth_bytes;
   32621   command_size += new_auth_bytes.size();
   32622   std::string command_hash(32, 0);
   32623   hash->Finish(string_as_array(&command_hash), command_hash.size());
   32624   std::string authorization_section_bytes;
   32625   std::string authorization_size_bytes;
   32626   if (authorization_delegate) {
   32627     if (!authorization_delegate->GetCommandAuthorization(
   32628         command_hash,
   32629         is_command_parameter_encryption_possible,
   32630         is_response_parameter_encryption_possible,
   32631         &authorization_section_bytes)) {
   32632       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32633     }
   32634     if (!authorization_section_bytes.empty()) {
   32635       tag = TPM_ST_SESSIONS;
   32636       std::string tmp;
   32637       rc = Serialize_UINT32(authorization_section_bytes.size(),
   32638                             &authorization_size_bytes);
   32639       if (rc != TPM_RC_SUCCESS) {
   32640         return rc;
   32641       }
   32642       command_size += authorization_size_bytes.size() +
   32643                       authorization_section_bytes.size();
   32644     }
   32645   }
   32646   std::string tag_bytes;
   32647   rc = Serialize_TPMI_ST_COMMAND_TAG(
   32648       tag,
   32649       &tag_bytes);
   32650   if (rc != TPM_RC_SUCCESS) {
   32651     return rc;
   32652   }
   32653   std::string command_size_bytes;
   32654   rc = Serialize_UINT32(
   32655       command_size,
   32656       &command_size_bytes);
   32657   if (rc != TPM_RC_SUCCESS) {
   32658     return rc;
   32659   }
   32660   *serialized_command = tag_bytes +
   32661                         command_size_bytes +
   32662                         command_code_bytes +
   32663                         handle_section_bytes +
   32664                         authorization_size_bytes +
   32665                         authorization_section_bytes +
   32666                         parameter_section_bytes;
   32667   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   32668   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   32669                                             serialized_command->size());
   32670   return TPM_RC_SUCCESS;
   32671 }
   32672 
   32673 TPM_RC Tpm::ParseResponse_HierarchyChangeAuth(
   32674       const std::string& response,
   32675       AuthorizationDelegate* authorization_delegate) {
   32676   VLOG(3) << __func__;
   32677   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   32678   TPM_RC rc = TPM_RC_SUCCESS;
   32679   std::string buffer(response);
   32680   TPM_ST tag;
   32681   std::string tag_bytes;
   32682   rc = Parse_TPM_ST(
   32683       &buffer,
   32684       &tag,
   32685       &tag_bytes);
   32686   if (rc != TPM_RC_SUCCESS) {
   32687     return rc;
   32688   }
   32689   UINT32 response_size;
   32690   std::string response_size_bytes;
   32691   rc = Parse_UINT32(
   32692       &buffer,
   32693       &response_size,
   32694       &response_size_bytes);
   32695   if (rc != TPM_RC_SUCCESS) {
   32696     return rc;
   32697   }
   32698   TPM_RC response_code;
   32699   std::string response_code_bytes;
   32700   rc = Parse_TPM_RC(
   32701       &buffer,
   32702       &response_code,
   32703       &response_code_bytes);
   32704   if (rc != TPM_RC_SUCCESS) {
   32705     return rc;
   32706   }
   32707   if (response_size != response.size()) {
   32708     return TPM_RC_SIZE;
   32709   }
   32710   if (response_code != TPM_RC_SUCCESS) {
   32711     return response_code;
   32712   }
   32713   TPM_CC command_code = TPM_CC_HierarchyChangeAuth;
   32714   std::string command_code_bytes;
   32715   rc = Serialize_TPM_CC(
   32716       command_code,
   32717       &command_code_bytes);
   32718   if (rc != TPM_RC_SUCCESS) {
   32719     return rc;
   32720   }
   32721   std::string authorization_section_bytes;
   32722   if (tag == TPM_ST_SESSIONS) {
   32723     UINT32 parameter_section_size = buffer.size();
   32724     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   32725     if (rc != TPM_RC_SUCCESS) {
   32726       return rc;
   32727     }
   32728     if (parameter_section_size > buffer.size()) {
   32729       return TPM_RC_INSUFFICIENT;
   32730     }
   32731     authorization_section_bytes = buffer.substr(parameter_section_size);
   32732     // Keep the parameter section in |buffer|.
   32733     buffer.erase(parameter_section_size);
   32734   }
   32735   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   32736       crypto::SecureHash::SHA256));
   32737   hash->Update(response_code_bytes.data(),
   32738                response_code_bytes.size());
   32739   hash->Update(command_code_bytes.data(),
   32740                command_code_bytes.size());
   32741   hash->Update(buffer.data(),
   32742                buffer.size());
   32743   std::string response_hash(32, 0);
   32744   hash->Finish(string_as_array(&response_hash), response_hash.size());
   32745   if (tag == TPM_ST_SESSIONS) {
   32746     CHECK(authorization_delegate) << "Authorization delegate missing!";
   32747     if (!authorization_delegate->CheckResponseAuthorization(
   32748         response_hash,
   32749         authorization_section_bytes)) {
   32750       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32751     }
   32752   }
   32753   return TPM_RC_SUCCESS;
   32754 }
   32755 
   32756 void HierarchyChangeAuthErrorCallback(
   32757     const Tpm::HierarchyChangeAuthResponse& callback,
   32758     TPM_RC response_code) {
   32759   VLOG(1) << __func__;
   32760   callback.Run(response_code);
   32761 }
   32762 
   32763 void HierarchyChangeAuthResponseParser(
   32764     const Tpm::HierarchyChangeAuthResponse& callback,
   32765     AuthorizationDelegate* authorization_delegate,
   32766     const std::string& response) {
   32767   VLOG(1) << __func__;
   32768   base::Callback<void(TPM_RC)> error_reporter =
   32769       base::Bind(HierarchyChangeAuthErrorCallback, callback);
   32770   TPM_RC rc = Tpm::ParseResponse_HierarchyChangeAuth(
   32771       response,
   32772       authorization_delegate);
   32773   if (rc != TPM_RC_SUCCESS) {
   32774     error_reporter.Run(rc);
   32775     return;
   32776   }
   32777   callback.Run(
   32778       rc);
   32779 }
   32780 
   32781 void Tpm::HierarchyChangeAuth(
   32782       const TPMI_RH_HIERARCHY_AUTH& auth_handle,
   32783       const std::string& auth_handle_name,
   32784       const TPM2B_AUTH& new_auth,
   32785       AuthorizationDelegate* authorization_delegate,
   32786       const HierarchyChangeAuthResponse& callback) {
   32787   VLOG(1) << __func__;
   32788   base::Callback<void(TPM_RC)> error_reporter =
   32789       base::Bind(HierarchyChangeAuthErrorCallback, callback);
   32790   base::Callback<void(const std::string&)> parser =
   32791       base::Bind(HierarchyChangeAuthResponseParser,
   32792                  callback,
   32793                  authorization_delegate);
   32794   std::string command;
   32795   TPM_RC rc = SerializeCommand_HierarchyChangeAuth(
   32796       auth_handle,
   32797       auth_handle_name,
   32798       new_auth,
   32799       &command,
   32800       authorization_delegate);
   32801   if (rc != TPM_RC_SUCCESS) {
   32802     error_reporter.Run(rc);
   32803     return;
   32804   }
   32805   transceiver_->SendCommand(command, parser);
   32806 }
   32807 
   32808 TPM_RC Tpm::HierarchyChangeAuthSync(
   32809       const TPMI_RH_HIERARCHY_AUTH& auth_handle,
   32810       const std::string& auth_handle_name,
   32811       const TPM2B_AUTH& new_auth,
   32812       AuthorizationDelegate* authorization_delegate) {
   32813   VLOG(1) << __func__;
   32814   std::string command;
   32815   TPM_RC rc = SerializeCommand_HierarchyChangeAuth(
   32816       auth_handle,
   32817       auth_handle_name,
   32818       new_auth,
   32819       &command,
   32820       authorization_delegate);
   32821   if (rc != TPM_RC_SUCCESS) {
   32822     return rc;
   32823   }
   32824   std::string response = transceiver_->SendCommandAndWait(command);
   32825   rc = ParseResponse_HierarchyChangeAuth(
   32826       response,
   32827       authorization_delegate);
   32828   return rc;
   32829 }
   32830 
   32831 TPM_RC Tpm::SerializeCommand_DictionaryAttackLockReset(
   32832       const TPMI_RH_LOCKOUT& lock_handle,
   32833       const std::string& lock_handle_name,
   32834       std::string* serialized_command,
   32835       AuthorizationDelegate* authorization_delegate) {
   32836   VLOG(3) << __func__;
   32837   TPM_RC rc = TPM_RC_SUCCESS;
   32838   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   32839   UINT32 command_size = 10;  // Header size.
   32840   std::string handle_section_bytes;
   32841   std::string parameter_section_bytes;
   32842   TPM_CC command_code = TPM_CC_DictionaryAttackLockReset;
   32843   bool is_command_parameter_encryption_possible = false;
   32844   bool is_response_parameter_encryption_possible = false;
   32845   std::string command_code_bytes;
   32846   rc = Serialize_TPM_CC(
   32847       command_code,
   32848       &command_code_bytes);
   32849   if (rc != TPM_RC_SUCCESS) {
   32850     return rc;
   32851   }
   32852   std::string lock_handle_bytes;
   32853   rc = Serialize_TPMI_RH_LOCKOUT(
   32854       lock_handle,
   32855       &lock_handle_bytes);
   32856   if (rc != TPM_RC_SUCCESS) {
   32857     return rc;
   32858   }
   32859   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   32860       crypto::SecureHash::SHA256));
   32861   hash->Update(command_code_bytes.data(),
   32862                command_code_bytes.size());
   32863   hash->Update(lock_handle_name.data(),
   32864                lock_handle_name.size());
   32865   handle_section_bytes += lock_handle_bytes;
   32866   command_size += lock_handle_bytes.size();
   32867   std::string command_hash(32, 0);
   32868   hash->Finish(string_as_array(&command_hash), command_hash.size());
   32869   std::string authorization_section_bytes;
   32870   std::string authorization_size_bytes;
   32871   if (authorization_delegate) {
   32872     if (!authorization_delegate->GetCommandAuthorization(
   32873         command_hash,
   32874         is_command_parameter_encryption_possible,
   32875         is_response_parameter_encryption_possible,
   32876         &authorization_section_bytes)) {
   32877       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32878     }
   32879     if (!authorization_section_bytes.empty()) {
   32880       tag = TPM_ST_SESSIONS;
   32881       std::string tmp;
   32882       rc = Serialize_UINT32(authorization_section_bytes.size(),
   32883                             &authorization_size_bytes);
   32884       if (rc != TPM_RC_SUCCESS) {
   32885         return rc;
   32886       }
   32887       command_size += authorization_size_bytes.size() +
   32888                       authorization_section_bytes.size();
   32889     }
   32890   }
   32891   std::string tag_bytes;
   32892   rc = Serialize_TPMI_ST_COMMAND_TAG(
   32893       tag,
   32894       &tag_bytes);
   32895   if (rc != TPM_RC_SUCCESS) {
   32896     return rc;
   32897   }
   32898   std::string command_size_bytes;
   32899   rc = Serialize_UINT32(
   32900       command_size,
   32901       &command_size_bytes);
   32902   if (rc != TPM_RC_SUCCESS) {
   32903     return rc;
   32904   }
   32905   *serialized_command = tag_bytes +
   32906                         command_size_bytes +
   32907                         command_code_bytes +
   32908                         handle_section_bytes +
   32909                         authorization_size_bytes +
   32910                         authorization_section_bytes +
   32911                         parameter_section_bytes;
   32912   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   32913   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   32914                                             serialized_command->size());
   32915   return TPM_RC_SUCCESS;
   32916 }
   32917 
   32918 TPM_RC Tpm::ParseResponse_DictionaryAttackLockReset(
   32919       const std::string& response,
   32920       AuthorizationDelegate* authorization_delegate) {
   32921   VLOG(3) << __func__;
   32922   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   32923   TPM_RC rc = TPM_RC_SUCCESS;
   32924   std::string buffer(response);
   32925   TPM_ST tag;
   32926   std::string tag_bytes;
   32927   rc = Parse_TPM_ST(
   32928       &buffer,
   32929       &tag,
   32930       &tag_bytes);
   32931   if (rc != TPM_RC_SUCCESS) {
   32932     return rc;
   32933   }
   32934   UINT32 response_size;
   32935   std::string response_size_bytes;
   32936   rc = Parse_UINT32(
   32937       &buffer,
   32938       &response_size,
   32939       &response_size_bytes);
   32940   if (rc != TPM_RC_SUCCESS) {
   32941     return rc;
   32942   }
   32943   TPM_RC response_code;
   32944   std::string response_code_bytes;
   32945   rc = Parse_TPM_RC(
   32946       &buffer,
   32947       &response_code,
   32948       &response_code_bytes);
   32949   if (rc != TPM_RC_SUCCESS) {
   32950     return rc;
   32951   }
   32952   if (response_size != response.size()) {
   32953     return TPM_RC_SIZE;
   32954   }
   32955   if (response_code != TPM_RC_SUCCESS) {
   32956     return response_code;
   32957   }
   32958   TPM_CC command_code = TPM_CC_DictionaryAttackLockReset;
   32959   std::string command_code_bytes;
   32960   rc = Serialize_TPM_CC(
   32961       command_code,
   32962       &command_code_bytes);
   32963   if (rc != TPM_RC_SUCCESS) {
   32964     return rc;
   32965   }
   32966   std::string authorization_section_bytes;
   32967   if (tag == TPM_ST_SESSIONS) {
   32968     UINT32 parameter_section_size = buffer.size();
   32969     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   32970     if (rc != TPM_RC_SUCCESS) {
   32971       return rc;
   32972     }
   32973     if (parameter_section_size > buffer.size()) {
   32974       return TPM_RC_INSUFFICIENT;
   32975     }
   32976     authorization_section_bytes = buffer.substr(parameter_section_size);
   32977     // Keep the parameter section in |buffer|.
   32978     buffer.erase(parameter_section_size);
   32979   }
   32980   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   32981       crypto::SecureHash::SHA256));
   32982   hash->Update(response_code_bytes.data(),
   32983                response_code_bytes.size());
   32984   hash->Update(command_code_bytes.data(),
   32985                command_code_bytes.size());
   32986   hash->Update(buffer.data(),
   32987                buffer.size());
   32988   std::string response_hash(32, 0);
   32989   hash->Finish(string_as_array(&response_hash), response_hash.size());
   32990   if (tag == TPM_ST_SESSIONS) {
   32991     CHECK(authorization_delegate) << "Authorization delegate missing!";
   32992     if (!authorization_delegate->CheckResponseAuthorization(
   32993         response_hash,
   32994         authorization_section_bytes)) {
   32995       return TRUNKS_RC_AUTHORIZATION_FAILED;
   32996     }
   32997   }
   32998   return TPM_RC_SUCCESS;
   32999 }
   33000 
   33001 void DictionaryAttackLockResetErrorCallback(
   33002     const Tpm::DictionaryAttackLockResetResponse& callback,
   33003     TPM_RC response_code) {
   33004   VLOG(1) << __func__;
   33005   callback.Run(response_code);
   33006 }
   33007 
   33008 void DictionaryAttackLockResetResponseParser(
   33009     const Tpm::DictionaryAttackLockResetResponse& callback,
   33010     AuthorizationDelegate* authorization_delegate,
   33011     const std::string& response) {
   33012   VLOG(1) << __func__;
   33013   base::Callback<void(TPM_RC)> error_reporter =
   33014       base::Bind(DictionaryAttackLockResetErrorCallback, callback);
   33015   TPM_RC rc = Tpm::ParseResponse_DictionaryAttackLockReset(
   33016       response,
   33017       authorization_delegate);
   33018   if (rc != TPM_RC_SUCCESS) {
   33019     error_reporter.Run(rc);
   33020     return;
   33021   }
   33022   callback.Run(
   33023       rc);
   33024 }
   33025 
   33026 void Tpm::DictionaryAttackLockReset(
   33027       const TPMI_RH_LOCKOUT& lock_handle,
   33028       const std::string& lock_handle_name,
   33029       AuthorizationDelegate* authorization_delegate,
   33030       const DictionaryAttackLockResetResponse& callback) {
   33031   VLOG(1) << __func__;
   33032   base::Callback<void(TPM_RC)> error_reporter =
   33033       base::Bind(DictionaryAttackLockResetErrorCallback, callback);
   33034   base::Callback<void(const std::string&)> parser =
   33035       base::Bind(DictionaryAttackLockResetResponseParser,
   33036                  callback,
   33037                  authorization_delegate);
   33038   std::string command;
   33039   TPM_RC rc = SerializeCommand_DictionaryAttackLockReset(
   33040       lock_handle,
   33041       lock_handle_name,
   33042       &command,
   33043       authorization_delegate);
   33044   if (rc != TPM_RC_SUCCESS) {
   33045     error_reporter.Run(rc);
   33046     return;
   33047   }
   33048   transceiver_->SendCommand(command, parser);
   33049 }
   33050 
   33051 TPM_RC Tpm::DictionaryAttackLockResetSync(
   33052       const TPMI_RH_LOCKOUT& lock_handle,
   33053       const std::string& lock_handle_name,
   33054       AuthorizationDelegate* authorization_delegate) {
   33055   VLOG(1) << __func__;
   33056   std::string command;
   33057   TPM_RC rc = SerializeCommand_DictionaryAttackLockReset(
   33058       lock_handle,
   33059       lock_handle_name,
   33060       &command,
   33061       authorization_delegate);
   33062   if (rc != TPM_RC_SUCCESS) {
   33063     return rc;
   33064   }
   33065   std::string response = transceiver_->SendCommandAndWait(command);
   33066   rc = ParseResponse_DictionaryAttackLockReset(
   33067       response,
   33068       authorization_delegate);
   33069   return rc;
   33070 }
   33071 
   33072 TPM_RC Tpm::SerializeCommand_DictionaryAttackParameters(
   33073       const TPMI_RH_LOCKOUT& lock_handle,
   33074       const std::string& lock_handle_name,
   33075       const UINT32& new_max_tries,
   33076       const UINT32& new_recovery_time,
   33077       const UINT32& lockout_recovery,
   33078       std::string* serialized_command,
   33079       AuthorizationDelegate* authorization_delegate) {
   33080   VLOG(3) << __func__;
   33081   TPM_RC rc = TPM_RC_SUCCESS;
   33082   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   33083   UINT32 command_size = 10;  // Header size.
   33084   std::string handle_section_bytes;
   33085   std::string parameter_section_bytes;
   33086   TPM_CC command_code = TPM_CC_DictionaryAttackParameters;
   33087   bool is_command_parameter_encryption_possible = false;
   33088   bool is_response_parameter_encryption_possible = false;
   33089   std::string command_code_bytes;
   33090   rc = Serialize_TPM_CC(
   33091       command_code,
   33092       &command_code_bytes);
   33093   if (rc != TPM_RC_SUCCESS) {
   33094     return rc;
   33095   }
   33096   std::string lock_handle_bytes;
   33097   rc = Serialize_TPMI_RH_LOCKOUT(
   33098       lock_handle,
   33099       &lock_handle_bytes);
   33100   if (rc != TPM_RC_SUCCESS) {
   33101     return rc;
   33102   }
   33103   std::string new_max_tries_bytes;
   33104   rc = Serialize_UINT32(
   33105       new_max_tries,
   33106       &new_max_tries_bytes);
   33107   if (rc != TPM_RC_SUCCESS) {
   33108     return rc;
   33109   }
   33110   std::string new_recovery_time_bytes;
   33111   rc = Serialize_UINT32(
   33112       new_recovery_time,
   33113       &new_recovery_time_bytes);
   33114   if (rc != TPM_RC_SUCCESS) {
   33115     return rc;
   33116   }
   33117   std::string lockout_recovery_bytes;
   33118   rc = Serialize_UINT32(
   33119       lockout_recovery,
   33120       &lockout_recovery_bytes);
   33121   if (rc != TPM_RC_SUCCESS) {
   33122     return rc;
   33123   }
   33124   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   33125       crypto::SecureHash::SHA256));
   33126   hash->Update(command_code_bytes.data(),
   33127                command_code_bytes.size());
   33128   hash->Update(lock_handle_name.data(),
   33129                lock_handle_name.size());
   33130   handle_section_bytes += lock_handle_bytes;
   33131   command_size += lock_handle_bytes.size();
   33132   hash->Update(new_max_tries_bytes.data(),
   33133                new_max_tries_bytes.size());
   33134   parameter_section_bytes += new_max_tries_bytes;
   33135   command_size += new_max_tries_bytes.size();
   33136   hash->Update(new_recovery_time_bytes.data(),
   33137                new_recovery_time_bytes.size());
   33138   parameter_section_bytes += new_recovery_time_bytes;
   33139   command_size += new_recovery_time_bytes.size();
   33140   hash->Update(lockout_recovery_bytes.data(),
   33141                lockout_recovery_bytes.size());
   33142   parameter_section_bytes += lockout_recovery_bytes;
   33143   command_size += lockout_recovery_bytes.size();
   33144   std::string command_hash(32, 0);
   33145   hash->Finish(string_as_array(&command_hash), command_hash.size());
   33146   std::string authorization_section_bytes;
   33147   std::string authorization_size_bytes;
   33148   if (authorization_delegate) {
   33149     if (!authorization_delegate->GetCommandAuthorization(
   33150         command_hash,
   33151         is_command_parameter_encryption_possible,
   33152         is_response_parameter_encryption_possible,
   33153         &authorization_section_bytes)) {
   33154       return TRUNKS_RC_AUTHORIZATION_FAILED;
   33155     }
   33156     if (!authorization_section_bytes.empty()) {
   33157       tag = TPM_ST_SESSIONS;
   33158       std::string tmp;
   33159       rc = Serialize_UINT32(authorization_section_bytes.size(),
   33160                             &authorization_size_bytes);
   33161       if (rc != TPM_RC_SUCCESS) {
   33162         return rc;
   33163       }
   33164       command_size += authorization_size_bytes.size() +
   33165                       authorization_section_bytes.size();
   33166     }
   33167   }
   33168   std::string tag_bytes;
   33169   rc = Serialize_TPMI_ST_COMMAND_TAG(
   33170       tag,
   33171       &tag_bytes);
   33172   if (rc != TPM_RC_SUCCESS) {
   33173     return rc;
   33174   }
   33175   std::string command_size_bytes;
   33176   rc = Serialize_UINT32(
   33177       command_size,
   33178       &command_size_bytes);
   33179   if (rc != TPM_RC_SUCCESS) {
   33180     return rc;
   33181   }
   33182   *serialized_command = tag_bytes +
   33183                         command_size_bytes +
   33184                         command_code_bytes +
   33185                         handle_section_bytes +
   33186                         authorization_size_bytes +
   33187                         authorization_section_bytes +
   33188                         parameter_section_bytes;
   33189   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   33190   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   33191                                             serialized_command->size());
   33192   return TPM_RC_SUCCESS;
   33193 }
   33194 
   33195 TPM_RC Tpm::ParseResponse_DictionaryAttackParameters(
   33196       const std::string& response,
   33197       AuthorizationDelegate* authorization_delegate) {
   33198   VLOG(3) << __func__;
   33199   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   33200   TPM_RC rc = TPM_RC_SUCCESS;
   33201   std::string buffer(response);
   33202   TPM_ST tag;
   33203   std::string tag_bytes;
   33204   rc = Parse_TPM_ST(
   33205       &buffer,
   33206       &tag,
   33207       &tag_bytes);
   33208   if (rc != TPM_RC_SUCCESS) {
   33209     return rc;
   33210   }
   33211   UINT32 response_size;
   33212   std::string response_size_bytes;
   33213   rc = Parse_UINT32(
   33214       &buffer,
   33215       &response_size,
   33216       &response_size_bytes);
   33217   if (rc != TPM_RC_SUCCESS) {
   33218     return rc;
   33219   }
   33220   TPM_RC response_code;
   33221   std::string response_code_bytes;
   33222   rc = Parse_TPM_RC(
   33223       &buffer,
   33224       &response_code,
   33225       &response_code_bytes);
   33226   if (rc != TPM_RC_SUCCESS) {
   33227     return rc;
   33228   }
   33229   if (response_size != response.size()) {
   33230     return TPM_RC_SIZE;
   33231   }
   33232   if (response_code != TPM_RC_SUCCESS) {
   33233     return response_code;
   33234   }
   33235   TPM_CC command_code = TPM_CC_DictionaryAttackParameters;
   33236   std::string command_code_bytes;
   33237   rc = Serialize_TPM_CC(
   33238       command_code,
   33239       &command_code_bytes);
   33240   if (rc != TPM_RC_SUCCESS) {
   33241     return rc;
   33242   }
   33243   std::string authorization_section_bytes;
   33244   if (tag == TPM_ST_SESSIONS) {
   33245     UINT32 parameter_section_size = buffer.size();
   33246     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   33247     if (rc != TPM_RC_SUCCESS) {
   33248       return rc;
   33249     }
   33250     if (parameter_section_size > buffer.size()) {
   33251       return TPM_RC_INSUFFICIENT;
   33252     }
   33253     authorization_section_bytes = buffer.substr(parameter_section_size);
   33254     // Keep the parameter section in |buffer|.
   33255     buffer.erase(parameter_section_size);
   33256   }
   33257   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   33258       crypto::SecureHash::SHA256));
   33259   hash->Update(response_code_bytes.data(),
   33260                response_code_bytes.size());
   33261   hash->Update(command_code_bytes.data(),
   33262                command_code_bytes.size());
   33263   hash->Update(buffer.data(),
   33264                buffer.size());
   33265   std::string response_hash(32, 0);
   33266   hash->Finish(string_as_array(&response_hash), response_hash.size());
   33267   if (tag == TPM_ST_SESSIONS) {
   33268     CHECK(authorization_delegate) << "Authorization delegate missing!";
   33269     if (!authorization_delegate->CheckResponseAuthorization(
   33270         response_hash,
   33271         authorization_section_bytes)) {
   33272       return TRUNKS_RC_AUTHORIZATION_FAILED;
   33273     }
   33274   }
   33275   return TPM_RC_SUCCESS;
   33276 }
   33277 
   33278 void DictionaryAttackParametersErrorCallback(
   33279     const Tpm::DictionaryAttackParametersResponse& callback,
   33280     TPM_RC response_code) {
   33281   VLOG(1) << __func__;
   33282   callback.Run(response_code);
   33283 }
   33284 
   33285 void DictionaryAttackParametersResponseParser(
   33286     const Tpm::DictionaryAttackParametersResponse& callback,
   33287     AuthorizationDelegate* authorization_delegate,
   33288     const std::string& response) {
   33289   VLOG(1) << __func__;
   33290   base::Callback<void(TPM_RC)> error_reporter =
   33291       base::Bind(DictionaryAttackParametersErrorCallback, callback);
   33292   TPM_RC rc = Tpm::ParseResponse_DictionaryAttackParameters(
   33293       response,
   33294       authorization_delegate);
   33295   if (rc != TPM_RC_SUCCESS) {
   33296     error_reporter.Run(rc);
   33297     return;
   33298   }
   33299   callback.Run(
   33300       rc);
   33301 }
   33302 
   33303 void Tpm::DictionaryAttackParameters(
   33304       const TPMI_RH_LOCKOUT& lock_handle,
   33305       const std::string& lock_handle_name,
   33306       const UINT32& new_max_tries,
   33307       const UINT32& new_recovery_time,
   33308       const UINT32& lockout_recovery,
   33309       AuthorizationDelegate* authorization_delegate,
   33310       const DictionaryAttackParametersResponse& callback) {
   33311   VLOG(1) << __func__;
   33312   base::Callback<void(TPM_RC)> error_reporter =
   33313       base::Bind(DictionaryAttackParametersErrorCallback, callback);
   33314   base::Callback<void(const std::string&)> parser =
   33315       base::Bind(DictionaryAttackParametersResponseParser,
   33316                  callback,
   33317                  authorization_delegate);
   33318   std::string command;
   33319   TPM_RC rc = SerializeCommand_DictionaryAttackParameters(
   33320       lock_handle,
   33321       lock_handle_name,
   33322       new_max_tries,
   33323       new_recovery_time,
   33324       lockout_recovery,
   33325       &command,
   33326       authorization_delegate);
   33327   if (rc != TPM_RC_SUCCESS) {
   33328     error_reporter.Run(rc);
   33329     return;
   33330   }
   33331   transceiver_->SendCommand(command, parser);
   33332 }
   33333 
   33334 TPM_RC Tpm::DictionaryAttackParametersSync(
   33335       const TPMI_RH_LOCKOUT& lock_handle,
   33336       const std::string& lock_handle_name,
   33337       const UINT32& new_max_tries,
   33338       const UINT32& new_recovery_time,
   33339       const UINT32& lockout_recovery,
   33340       AuthorizationDelegate* authorization_delegate) {
   33341   VLOG(1) << __func__;
   33342   std::string command;
   33343   TPM_RC rc = SerializeCommand_DictionaryAttackParameters(
   33344       lock_handle,
   33345       lock_handle_name,
   33346       new_max_tries,
   33347       new_recovery_time,
   33348       lockout_recovery,
   33349       &command,
   33350       authorization_delegate);
   33351   if (rc != TPM_RC_SUCCESS) {
   33352     return rc;
   33353   }
   33354   std::string response = transceiver_->SendCommandAndWait(command);
   33355   rc = ParseResponse_DictionaryAttackParameters(
   33356       response,
   33357       authorization_delegate);
   33358   return rc;
   33359 }
   33360 
   33361 TPM_RC Tpm::SerializeCommand_PP_Commands(
   33362       const TPMI_RH_PLATFORM& auth,
   33363       const std::string& auth_name,
   33364       const TPML_CC& set_list,
   33365       const TPML_CC& clear_list,
   33366       std::string* serialized_command,
   33367       AuthorizationDelegate* authorization_delegate) {
   33368   VLOG(3) << __func__;
   33369   TPM_RC rc = TPM_RC_SUCCESS;
   33370   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   33371   UINT32 command_size = 10;  // Header size.
   33372   std::string handle_section_bytes;
   33373   std::string parameter_section_bytes;
   33374   TPM_CC command_code = TPM_CC_PP_Commands;
   33375   bool is_command_parameter_encryption_possible = false;
   33376   bool is_response_parameter_encryption_possible = false;
   33377   std::string command_code_bytes;
   33378   rc = Serialize_TPM_CC(
   33379       command_code,
   33380       &command_code_bytes);
   33381   if (rc != TPM_RC_SUCCESS) {
   33382     return rc;
   33383   }
   33384   std::string auth_bytes;
   33385   rc = Serialize_TPMI_RH_PLATFORM(
   33386       auth,
   33387       &auth_bytes);
   33388   if (rc != TPM_RC_SUCCESS) {
   33389     return rc;
   33390   }
   33391   std::string set_list_bytes;
   33392   rc = Serialize_TPML_CC(
   33393       set_list,
   33394       &set_list_bytes);
   33395   if (rc != TPM_RC_SUCCESS) {
   33396     return rc;
   33397   }
   33398   std::string clear_list_bytes;
   33399   rc = Serialize_TPML_CC(
   33400       clear_list,
   33401       &clear_list_bytes);
   33402   if (rc != TPM_RC_SUCCESS) {
   33403     return rc;
   33404   }
   33405   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   33406       crypto::SecureHash::SHA256));
   33407   hash->Update(command_code_bytes.data(),
   33408                command_code_bytes.size());
   33409   hash->Update(auth_name.data(),
   33410                auth_name.size());
   33411   handle_section_bytes += auth_bytes;
   33412   command_size += auth_bytes.size();
   33413   hash->Update(set_list_bytes.data(),
   33414                set_list_bytes.size());
   33415   parameter_section_bytes += set_list_bytes;
   33416   command_size += set_list_bytes.size();
   33417   hash->Update(clear_list_bytes.data(),
   33418                clear_list_bytes.size());
   33419   parameter_section_bytes += clear_list_bytes;
   33420   command_size += clear_list_bytes.size();
   33421   std::string command_hash(32, 0);
   33422   hash->Finish(string_as_array(&command_hash), command_hash.size());
   33423   std::string authorization_section_bytes;
   33424   std::string authorization_size_bytes;
   33425   if (authorization_delegate) {
   33426     if (!authorization_delegate->GetCommandAuthorization(
   33427         command_hash,
   33428         is_command_parameter_encryption_possible,
   33429         is_response_parameter_encryption_possible,
   33430         &authorization_section_bytes)) {
   33431       return TRUNKS_RC_AUTHORIZATION_FAILED;
   33432     }
   33433     if (!authorization_section_bytes.empty()) {
   33434       tag = TPM_ST_SESSIONS;
   33435       std::string tmp;
   33436       rc = Serialize_UINT32(authorization_section_bytes.size(),
   33437                             &authorization_size_bytes);
   33438       if (rc != TPM_RC_SUCCESS) {
   33439         return rc;
   33440       }
   33441       command_size += authorization_size_bytes.size() +
   33442                       authorization_section_bytes.size();
   33443     }
   33444   }
   33445   std::string tag_bytes;
   33446   rc = Serialize_TPMI_ST_COMMAND_TAG(
   33447       tag,
   33448       &tag_bytes);
   33449   if (rc != TPM_RC_SUCCESS) {
   33450     return rc;
   33451   }
   33452   std::string command_size_bytes;
   33453   rc = Serialize_UINT32(
   33454       command_size,
   33455       &command_size_bytes);
   33456   if (rc != TPM_RC_SUCCESS) {
   33457     return rc;
   33458   }
   33459   *serialized_command = tag_bytes +
   33460                         command_size_bytes +
   33461                         command_code_bytes +
   33462                         handle_section_bytes +
   33463                         authorization_size_bytes +
   33464                         authorization_section_bytes +
   33465                         parameter_section_bytes;
   33466   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   33467   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   33468                                             serialized_command->size());
   33469   return TPM_RC_SUCCESS;
   33470 }
   33471 
   33472 TPM_RC Tpm::ParseResponse_PP_Commands(
   33473       const std::string& response,
   33474       AuthorizationDelegate* authorization_delegate) {
   33475   VLOG(3) << __func__;
   33476   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   33477   TPM_RC rc = TPM_RC_SUCCESS;
   33478   std::string buffer(response);
   33479   TPM_ST tag;
   33480   std::string tag_bytes;
   33481   rc = Parse_TPM_ST(
   33482       &buffer,
   33483       &tag,
   33484       &tag_bytes);
   33485   if (rc != TPM_RC_SUCCESS) {
   33486     return rc;
   33487   }
   33488   UINT32 response_size;
   33489   std::string response_size_bytes;
   33490   rc = Parse_UINT32(
   33491       &buffer,
   33492       &response_size,
   33493       &response_size_bytes);
   33494   if (rc != TPM_RC_SUCCESS) {
   33495     return rc;
   33496   }
   33497   TPM_RC response_code;
   33498   std::string response_code_bytes;
   33499   rc = Parse_TPM_RC(
   33500       &buffer,
   33501       &response_code,
   33502       &response_code_bytes);
   33503   if (rc != TPM_RC_SUCCESS) {
   33504     return rc;
   33505   }
   33506   if (response_size != response.size()) {
   33507     return TPM_RC_SIZE;
   33508   }
   33509   if (response_code != TPM_RC_SUCCESS) {
   33510     return response_code;
   33511   }
   33512   TPM_CC command_code = TPM_CC_PP_Commands;
   33513   std::string command_code_bytes;
   33514   rc = Serialize_TPM_CC(
   33515       command_code,
   33516       &command_code_bytes);
   33517   if (rc != TPM_RC_SUCCESS) {
   33518     return rc;
   33519   }
   33520   std::string authorization_section_bytes;
   33521   if (tag == TPM_ST_SESSIONS) {
   33522     UINT32 parameter_section_size = buffer.size();
   33523     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   33524     if (rc != TPM_RC_SUCCESS) {
   33525       return rc;
   33526     }
   33527     if (parameter_section_size > buffer.size()) {
   33528       return TPM_RC_INSUFFICIENT;
   33529     }
   33530     authorization_section_bytes = buffer.substr(parameter_section_size);
   33531     // Keep the parameter section in |buffer|.
   33532     buffer.erase(parameter_section_size);
   33533   }
   33534   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   33535       crypto::SecureHash::SHA256));
   33536   hash->Update(response_code_bytes.data(),
   33537                response_code_bytes.size());
   33538   hash->Update(command_code_bytes.data(),
   33539                command_code_bytes.size());
   33540   hash->Update(buffer.data(),
   33541                buffer.size());
   33542   std::string response_hash(32, 0);
   33543   hash->Finish(string_as_array(&response_hash), response_hash.size());
   33544   if (tag == TPM_ST_SESSIONS) {
   33545     CHECK(authorization_delegate) << "Authorization delegate missing!";
   33546     if (!authorization_delegate->CheckResponseAuthorization(
   33547         response_hash,
   33548         authorization_section_bytes)) {
   33549       return TRUNKS_RC_AUTHORIZATION_FAILED;
   33550     }
   33551   }
   33552   return TPM_RC_SUCCESS;
   33553 }
   33554 
   33555 void PP_CommandsErrorCallback(
   33556     const Tpm::PP_CommandsResponse& callback,
   33557     TPM_RC response_code) {
   33558   VLOG(1) << __func__;
   33559   callback.Run(response_code);
   33560 }
   33561 
   33562 void PP_CommandsResponseParser(
   33563     const Tpm::PP_CommandsResponse& callback,
   33564     AuthorizationDelegate* authorization_delegate,
   33565     const std::string& response) {
   33566   VLOG(1) << __func__;
   33567   base::Callback<void(TPM_RC)> error_reporter =
   33568       base::Bind(PP_CommandsErrorCallback, callback);
   33569   TPM_RC rc = Tpm::ParseResponse_PP_Commands(
   33570       response,
   33571       authorization_delegate);
   33572   if (rc != TPM_RC_SUCCESS) {
   33573     error_reporter.Run(rc);
   33574     return;
   33575   }
   33576   callback.Run(
   33577       rc);
   33578 }
   33579 
   33580 void Tpm::PP_Commands(
   33581       const TPMI_RH_PLATFORM& auth,
   33582       const std::string& auth_name,
   33583       const TPML_CC& set_list,
   33584       const TPML_CC& clear_list,
   33585       AuthorizationDelegate* authorization_delegate,
   33586       const PP_CommandsResponse& callback) {
   33587   VLOG(1) << __func__;
   33588   base::Callback<void(TPM_RC)> error_reporter =
   33589       base::Bind(PP_CommandsErrorCallback, callback);
   33590   base::Callback<void(const std::string&)> parser =
   33591       base::Bind(PP_CommandsResponseParser,
   33592                  callback,
   33593                  authorization_delegate);
   33594   std::string command;
   33595   TPM_RC rc = SerializeCommand_PP_Commands(
   33596       auth,
   33597       auth_name,
   33598       set_list,
   33599       clear_list,
   33600       &command,
   33601       authorization_delegate);
   33602   if (rc != TPM_RC_SUCCESS) {
   33603     error_reporter.Run(rc);
   33604     return;
   33605   }
   33606   transceiver_->SendCommand(command, parser);
   33607 }
   33608 
   33609 TPM_RC Tpm::PP_CommandsSync(
   33610       const TPMI_RH_PLATFORM& auth,
   33611       const std::string& auth_name,
   33612       const TPML_CC& set_list,
   33613       const TPML_CC& clear_list,
   33614       AuthorizationDelegate* authorization_delegate) {
   33615   VLOG(1) << __func__;
   33616   std::string command;
   33617   TPM_RC rc = SerializeCommand_PP_Commands(
   33618       auth,
   33619       auth_name,
   33620       set_list,
   33621       clear_list,
   33622       &command,
   33623       authorization_delegate);
   33624   if (rc != TPM_RC_SUCCESS) {
   33625     return rc;
   33626   }
   33627   std::string response = transceiver_->SendCommandAndWait(command);
   33628   rc = ParseResponse_PP_Commands(
   33629       response,
   33630       authorization_delegate);
   33631   return rc;
   33632 }
   33633 
   33634 TPM_RC Tpm::SerializeCommand_SetAlgorithmSet(
   33635       const TPMI_RH_PLATFORM& auth_handle,
   33636       const std::string& auth_handle_name,
   33637       const UINT32& algorithm_set,
   33638       std::string* serialized_command,
   33639       AuthorizationDelegate* authorization_delegate) {
   33640   VLOG(3) << __func__;
   33641   TPM_RC rc = TPM_RC_SUCCESS;
   33642   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   33643   UINT32 command_size = 10;  // Header size.
   33644   std::string handle_section_bytes;
   33645   std::string parameter_section_bytes;
   33646   TPM_CC command_code = TPM_CC_SetAlgorithmSet;
   33647   bool is_command_parameter_encryption_possible = false;
   33648   bool is_response_parameter_encryption_possible = false;
   33649   std::string command_code_bytes;
   33650   rc = Serialize_TPM_CC(
   33651       command_code,
   33652       &command_code_bytes);
   33653   if (rc != TPM_RC_SUCCESS) {
   33654     return rc;
   33655   }
   33656   std::string auth_handle_bytes;
   33657   rc = Serialize_TPMI_RH_PLATFORM(
   33658       auth_handle,
   33659       &auth_handle_bytes);
   33660   if (rc != TPM_RC_SUCCESS) {
   33661     return rc;
   33662   }
   33663   std::string algorithm_set_bytes;
   33664   rc = Serialize_UINT32(
   33665       algorithm_set,
   33666       &algorithm_set_bytes);
   33667   if (rc != TPM_RC_SUCCESS) {
   33668     return rc;
   33669   }
   33670   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   33671       crypto::SecureHash::SHA256));
   33672   hash->Update(command_code_bytes.data(),
   33673                command_code_bytes.size());
   33674   hash->Update(auth_handle_name.data(),
   33675                auth_handle_name.size());
   33676   handle_section_bytes += auth_handle_bytes;
   33677   command_size += auth_handle_bytes.size();
   33678   hash->Update(algorithm_set_bytes.data(),
   33679                algorithm_set_bytes.size());
   33680   parameter_section_bytes += algorithm_set_bytes;
   33681   command_size += algorithm_set_bytes.size();
   33682   std::string command_hash(32, 0);
   33683   hash->Finish(string_as_array(&command_hash), command_hash.size());
   33684   std::string authorization_section_bytes;
   33685   std::string authorization_size_bytes;
   33686   if (authorization_delegate) {
   33687     if (!authorization_delegate->GetCommandAuthorization(
   33688         command_hash,
   33689         is_command_parameter_encryption_possible,
   33690         is_response_parameter_encryption_possible,
   33691         &authorization_section_bytes)) {
   33692       return TRUNKS_RC_AUTHORIZATION_FAILED;
   33693     }
   33694     if (!authorization_section_bytes.empty()) {
   33695       tag = TPM_ST_SESSIONS;
   33696       std::string tmp;
   33697       rc = Serialize_UINT32(authorization_section_bytes.size(),
   33698                             &authorization_size_bytes);
   33699       if (rc != TPM_RC_SUCCESS) {
   33700         return rc;
   33701       }
   33702       command_size += authorization_size_bytes.size() +
   33703                       authorization_section_bytes.size();
   33704     }
   33705   }
   33706   std::string tag_bytes;
   33707   rc = Serialize_TPMI_ST_COMMAND_TAG(
   33708       tag,
   33709       &tag_bytes);
   33710   if (rc != TPM_RC_SUCCESS) {
   33711     return rc;
   33712   }
   33713   std::string command_size_bytes;
   33714   rc = Serialize_UINT32(
   33715       command_size,
   33716       &command_size_bytes);
   33717   if (rc != TPM_RC_SUCCESS) {
   33718     return rc;
   33719   }
   33720   *serialized_command = tag_bytes +
   33721                         command_size_bytes +
   33722                         command_code_bytes +
   33723                         handle_section_bytes +
   33724                         authorization_size_bytes +
   33725                         authorization_section_bytes +
   33726                         parameter_section_bytes;
   33727   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   33728   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   33729                                             serialized_command->size());
   33730   return TPM_RC_SUCCESS;
   33731 }
   33732 
   33733 TPM_RC Tpm::ParseResponse_SetAlgorithmSet(
   33734       const std::string& response,
   33735       AuthorizationDelegate* authorization_delegate) {
   33736   VLOG(3) << __func__;
   33737   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   33738   TPM_RC rc = TPM_RC_SUCCESS;
   33739   std::string buffer(response);
   33740   TPM_ST tag;
   33741   std::string tag_bytes;
   33742   rc = Parse_TPM_ST(
   33743       &buffer,
   33744       &tag,
   33745       &tag_bytes);
   33746   if (rc != TPM_RC_SUCCESS) {
   33747     return rc;
   33748   }
   33749   UINT32 response_size;
   33750   std::string response_size_bytes;
   33751   rc = Parse_UINT32(
   33752       &buffer,
   33753       &response_size,
   33754       &response_size_bytes);
   33755   if (rc != TPM_RC_SUCCESS) {
   33756     return rc;
   33757   }
   33758   TPM_RC response_code;
   33759   std::string response_code_bytes;
   33760   rc = Parse_TPM_RC(
   33761       &buffer,
   33762       &response_code,
   33763       &response_code_bytes);
   33764   if (rc != TPM_RC_SUCCESS) {
   33765     return rc;
   33766   }
   33767   if (response_size != response.size()) {
   33768     return TPM_RC_SIZE;
   33769   }
   33770   if (response_code != TPM_RC_SUCCESS) {
   33771     return response_code;
   33772   }
   33773   TPM_CC command_code = TPM_CC_SetAlgorithmSet;
   33774   std::string command_code_bytes;
   33775   rc = Serialize_TPM_CC(
   33776       command_code,
   33777       &command_code_bytes);
   33778   if (rc != TPM_RC_SUCCESS) {
   33779     return rc;
   33780   }
   33781   std::string authorization_section_bytes;
   33782   if (tag == TPM_ST_SESSIONS) {
   33783     UINT32 parameter_section_size = buffer.size();
   33784     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   33785     if (rc != TPM_RC_SUCCESS) {
   33786       return rc;
   33787     }
   33788     if (parameter_section_size > buffer.size()) {
   33789       return TPM_RC_INSUFFICIENT;
   33790     }
   33791     authorization_section_bytes = buffer.substr(parameter_section_size);
   33792     // Keep the parameter section in |buffer|.
   33793     buffer.erase(parameter_section_size);
   33794   }
   33795   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   33796       crypto::SecureHash::SHA256));
   33797   hash->Update(response_code_bytes.data(),
   33798                response_code_bytes.size());
   33799   hash->Update(command_code_bytes.data(),
   33800                command_code_bytes.size());
   33801   hash->Update(buffer.data(),
   33802                buffer.size());
   33803   std::string response_hash(32, 0);
   33804   hash->Finish(string_as_array(&response_hash), response_hash.size());
   33805   if (tag == TPM_ST_SESSIONS) {
   33806     CHECK(authorization_delegate) << "Authorization delegate missing!";
   33807     if (!authorization_delegate->CheckResponseAuthorization(
   33808         response_hash,
   33809         authorization_section_bytes)) {
   33810       return TRUNKS_RC_AUTHORIZATION_FAILED;
   33811     }
   33812   }
   33813   return TPM_RC_SUCCESS;
   33814 }
   33815 
   33816 void SetAlgorithmSetErrorCallback(
   33817     const Tpm::SetAlgorithmSetResponse& callback,
   33818     TPM_RC response_code) {
   33819   VLOG(1) << __func__;
   33820   callback.Run(response_code);
   33821 }
   33822 
   33823 void SetAlgorithmSetResponseParser(
   33824     const Tpm::SetAlgorithmSetResponse& callback,
   33825     AuthorizationDelegate* authorization_delegate,
   33826     const std::string& response) {
   33827   VLOG(1) << __func__;
   33828   base::Callback<void(TPM_RC)> error_reporter =
   33829       base::Bind(SetAlgorithmSetErrorCallback, callback);
   33830   TPM_RC rc = Tpm::ParseResponse_SetAlgorithmSet(
   33831       response,
   33832       authorization_delegate);
   33833   if (rc != TPM_RC_SUCCESS) {
   33834     error_reporter.Run(rc);
   33835     return;
   33836   }
   33837   callback.Run(
   33838       rc);
   33839 }
   33840 
   33841 void Tpm::SetAlgorithmSet(
   33842       const TPMI_RH_PLATFORM& auth_handle,
   33843       const std::string& auth_handle_name,
   33844       const UINT32& algorithm_set,
   33845       AuthorizationDelegate* authorization_delegate,
   33846       const SetAlgorithmSetResponse& callback) {
   33847   VLOG(1) << __func__;
   33848   base::Callback<void(TPM_RC)> error_reporter =
   33849       base::Bind(SetAlgorithmSetErrorCallback, callback);
   33850   base::Callback<void(const std::string&)> parser =
   33851       base::Bind(SetAlgorithmSetResponseParser,
   33852                  callback,
   33853                  authorization_delegate);
   33854   std::string command;
   33855   TPM_RC rc = SerializeCommand_SetAlgorithmSet(
   33856       auth_handle,
   33857       auth_handle_name,
   33858       algorithm_set,
   33859       &command,
   33860       authorization_delegate);
   33861   if (rc != TPM_RC_SUCCESS) {
   33862     error_reporter.Run(rc);
   33863     return;
   33864   }
   33865   transceiver_->SendCommand(command, parser);
   33866 }
   33867 
   33868 TPM_RC Tpm::SetAlgorithmSetSync(
   33869       const TPMI_RH_PLATFORM& auth_handle,
   33870       const std::string& auth_handle_name,
   33871       const UINT32& algorithm_set,
   33872       AuthorizationDelegate* authorization_delegate) {
   33873   VLOG(1) << __func__;
   33874   std::string command;
   33875   TPM_RC rc = SerializeCommand_SetAlgorithmSet(
   33876       auth_handle,
   33877       auth_handle_name,
   33878       algorithm_set,
   33879       &command,
   33880       authorization_delegate);
   33881   if (rc != TPM_RC_SUCCESS) {
   33882     return rc;
   33883   }
   33884   std::string response = transceiver_->SendCommandAndWait(command);
   33885   rc = ParseResponse_SetAlgorithmSet(
   33886       response,
   33887       authorization_delegate);
   33888   return rc;
   33889 }
   33890 
   33891 TPM_RC Tpm::SerializeCommand_FieldUpgradeStart(
   33892       const TPMI_RH_PLATFORM& authorization,
   33893       const std::string& authorization_name,
   33894       const TPMI_DH_OBJECT& key_handle,
   33895       const std::string& key_handle_name,
   33896       const TPM2B_DIGEST& fu_digest,
   33897       const TPMT_SIGNATURE& manifest_signature,
   33898       std::string* serialized_command,
   33899       AuthorizationDelegate* authorization_delegate) {
   33900   VLOG(3) << __func__;
   33901   TPM_RC rc = TPM_RC_SUCCESS;
   33902   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   33903   UINT32 command_size = 10;  // Header size.
   33904   std::string handle_section_bytes;
   33905   std::string parameter_section_bytes;
   33906   TPM_CC command_code = TPM_CC_FieldUpgradeStart;
   33907   bool is_command_parameter_encryption_possible = true;
   33908   bool is_response_parameter_encryption_possible = false;
   33909   std::string command_code_bytes;
   33910   rc = Serialize_TPM_CC(
   33911       command_code,
   33912       &command_code_bytes);
   33913   if (rc != TPM_RC_SUCCESS) {
   33914     return rc;
   33915   }
   33916   std::string authorization_bytes;
   33917   rc = Serialize_TPMI_RH_PLATFORM(
   33918       authorization,
   33919       &authorization_bytes);
   33920   if (rc != TPM_RC_SUCCESS) {
   33921     return rc;
   33922   }
   33923   std::string key_handle_bytes;
   33924   rc = Serialize_TPMI_DH_OBJECT(
   33925       key_handle,
   33926       &key_handle_bytes);
   33927   if (rc != TPM_RC_SUCCESS) {
   33928     return rc;
   33929   }
   33930   std::string fu_digest_bytes;
   33931   rc = Serialize_TPM2B_DIGEST(
   33932       fu_digest,
   33933       &fu_digest_bytes);
   33934   if (rc != TPM_RC_SUCCESS) {
   33935     return rc;
   33936   }
   33937   std::string manifest_signature_bytes;
   33938   rc = Serialize_TPMT_SIGNATURE(
   33939       manifest_signature,
   33940       &manifest_signature_bytes);
   33941   if (rc != TPM_RC_SUCCESS) {
   33942     return rc;
   33943   }
   33944   if (authorization_delegate) {
   33945     // Encrypt just the parameter data, not the size.
   33946     std::string tmp = fu_digest_bytes.substr(2);
   33947     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   33948       return TRUNKS_RC_ENCRYPTION_FAILED;
   33949     }
   33950     fu_digest_bytes.replace(2, std::string::npos, tmp);
   33951   }
   33952   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   33953       crypto::SecureHash::SHA256));
   33954   hash->Update(command_code_bytes.data(),
   33955                command_code_bytes.size());
   33956   hash->Update(authorization_name.data(),
   33957                authorization_name.size());
   33958   handle_section_bytes += authorization_bytes;
   33959   command_size += authorization_bytes.size();
   33960   hash->Update(key_handle_name.data(),
   33961                key_handle_name.size());
   33962   handle_section_bytes += key_handle_bytes;
   33963   command_size += key_handle_bytes.size();
   33964   hash->Update(fu_digest_bytes.data(),
   33965                fu_digest_bytes.size());
   33966   parameter_section_bytes += fu_digest_bytes;
   33967   command_size += fu_digest_bytes.size();
   33968   hash->Update(manifest_signature_bytes.data(),
   33969                manifest_signature_bytes.size());
   33970   parameter_section_bytes += manifest_signature_bytes;
   33971   command_size += manifest_signature_bytes.size();
   33972   std::string command_hash(32, 0);
   33973   hash->Finish(string_as_array(&command_hash), command_hash.size());
   33974   std::string authorization_section_bytes;
   33975   std::string authorization_size_bytes;
   33976   if (authorization_delegate) {
   33977     if (!authorization_delegate->GetCommandAuthorization(
   33978         command_hash,
   33979         is_command_parameter_encryption_possible,
   33980         is_response_parameter_encryption_possible,
   33981         &authorization_section_bytes)) {
   33982       return TRUNKS_RC_AUTHORIZATION_FAILED;
   33983     }
   33984     if (!authorization_section_bytes.empty()) {
   33985       tag = TPM_ST_SESSIONS;
   33986       std::string tmp;
   33987       rc = Serialize_UINT32(authorization_section_bytes.size(),
   33988                             &authorization_size_bytes);
   33989       if (rc != TPM_RC_SUCCESS) {
   33990         return rc;
   33991       }
   33992       command_size += authorization_size_bytes.size() +
   33993                       authorization_section_bytes.size();
   33994     }
   33995   }
   33996   std::string tag_bytes;
   33997   rc = Serialize_TPMI_ST_COMMAND_TAG(
   33998       tag,
   33999       &tag_bytes);
   34000   if (rc != TPM_RC_SUCCESS) {
   34001     return rc;
   34002   }
   34003   std::string command_size_bytes;
   34004   rc = Serialize_UINT32(
   34005       command_size,
   34006       &command_size_bytes);
   34007   if (rc != TPM_RC_SUCCESS) {
   34008     return rc;
   34009   }
   34010   *serialized_command = tag_bytes +
   34011                         command_size_bytes +
   34012                         command_code_bytes +
   34013                         handle_section_bytes +
   34014                         authorization_size_bytes +
   34015                         authorization_section_bytes +
   34016                         parameter_section_bytes;
   34017   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   34018   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   34019                                             serialized_command->size());
   34020   return TPM_RC_SUCCESS;
   34021 }
   34022 
   34023 TPM_RC Tpm::ParseResponse_FieldUpgradeStart(
   34024       const std::string& response,
   34025       AuthorizationDelegate* authorization_delegate) {
   34026   VLOG(3) << __func__;
   34027   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   34028   TPM_RC rc = TPM_RC_SUCCESS;
   34029   std::string buffer(response);
   34030   TPM_ST tag;
   34031   std::string tag_bytes;
   34032   rc = Parse_TPM_ST(
   34033       &buffer,
   34034       &tag,
   34035       &tag_bytes);
   34036   if (rc != TPM_RC_SUCCESS) {
   34037     return rc;
   34038   }
   34039   UINT32 response_size;
   34040   std::string response_size_bytes;
   34041   rc = Parse_UINT32(
   34042       &buffer,
   34043       &response_size,
   34044       &response_size_bytes);
   34045   if (rc != TPM_RC_SUCCESS) {
   34046     return rc;
   34047   }
   34048   TPM_RC response_code;
   34049   std::string response_code_bytes;
   34050   rc = Parse_TPM_RC(
   34051       &buffer,
   34052       &response_code,
   34053       &response_code_bytes);
   34054   if (rc != TPM_RC_SUCCESS) {
   34055     return rc;
   34056   }
   34057   if (response_size != response.size()) {
   34058     return TPM_RC_SIZE;
   34059   }
   34060   if (response_code != TPM_RC_SUCCESS) {
   34061     return response_code;
   34062   }
   34063   TPM_CC command_code = TPM_CC_FieldUpgradeStart;
   34064   std::string command_code_bytes;
   34065   rc = Serialize_TPM_CC(
   34066       command_code,
   34067       &command_code_bytes);
   34068   if (rc != TPM_RC_SUCCESS) {
   34069     return rc;
   34070   }
   34071   std::string authorization_section_bytes;
   34072   if (tag == TPM_ST_SESSIONS) {
   34073     UINT32 parameter_section_size = buffer.size();
   34074     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   34075     if (rc != TPM_RC_SUCCESS) {
   34076       return rc;
   34077     }
   34078     if (parameter_section_size > buffer.size()) {
   34079       return TPM_RC_INSUFFICIENT;
   34080     }
   34081     authorization_section_bytes = buffer.substr(parameter_section_size);
   34082     // Keep the parameter section in |buffer|.
   34083     buffer.erase(parameter_section_size);
   34084   }
   34085   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   34086       crypto::SecureHash::SHA256));
   34087   hash->Update(response_code_bytes.data(),
   34088                response_code_bytes.size());
   34089   hash->Update(command_code_bytes.data(),
   34090                command_code_bytes.size());
   34091   hash->Update(buffer.data(),
   34092                buffer.size());
   34093   std::string response_hash(32, 0);
   34094   hash->Finish(string_as_array(&response_hash), response_hash.size());
   34095   if (tag == TPM_ST_SESSIONS) {
   34096     CHECK(authorization_delegate) << "Authorization delegate missing!";
   34097     if (!authorization_delegate->CheckResponseAuthorization(
   34098         response_hash,
   34099         authorization_section_bytes)) {
   34100       return TRUNKS_RC_AUTHORIZATION_FAILED;
   34101     }
   34102   }
   34103   return TPM_RC_SUCCESS;
   34104 }
   34105 
   34106 void FieldUpgradeStartErrorCallback(
   34107     const Tpm::FieldUpgradeStartResponse& callback,
   34108     TPM_RC response_code) {
   34109   VLOG(1) << __func__;
   34110   callback.Run(response_code);
   34111 }
   34112 
   34113 void FieldUpgradeStartResponseParser(
   34114     const Tpm::FieldUpgradeStartResponse& callback,
   34115     AuthorizationDelegate* authorization_delegate,
   34116     const std::string& response) {
   34117   VLOG(1) << __func__;
   34118   base::Callback<void(TPM_RC)> error_reporter =
   34119       base::Bind(FieldUpgradeStartErrorCallback, callback);
   34120   TPM_RC rc = Tpm::ParseResponse_FieldUpgradeStart(
   34121       response,
   34122       authorization_delegate);
   34123   if (rc != TPM_RC_SUCCESS) {
   34124     error_reporter.Run(rc);
   34125     return;
   34126   }
   34127   callback.Run(
   34128       rc);
   34129 }
   34130 
   34131 void Tpm::FieldUpgradeStart(
   34132       const TPMI_RH_PLATFORM& authorization,
   34133       const std::string& authorization_name,
   34134       const TPMI_DH_OBJECT& key_handle,
   34135       const std::string& key_handle_name,
   34136       const TPM2B_DIGEST& fu_digest,
   34137       const TPMT_SIGNATURE& manifest_signature,
   34138       AuthorizationDelegate* authorization_delegate,
   34139       const FieldUpgradeStartResponse& callback) {
   34140   VLOG(1) << __func__;
   34141   base::Callback<void(TPM_RC)> error_reporter =
   34142       base::Bind(FieldUpgradeStartErrorCallback, callback);
   34143   base::Callback<void(const std::string&)> parser =
   34144       base::Bind(FieldUpgradeStartResponseParser,
   34145                  callback,
   34146                  authorization_delegate);
   34147   std::string command;
   34148   TPM_RC rc = SerializeCommand_FieldUpgradeStart(
   34149       authorization,
   34150       authorization_name,
   34151       key_handle,
   34152       key_handle_name,
   34153       fu_digest,
   34154       manifest_signature,
   34155       &command,
   34156       authorization_delegate);
   34157   if (rc != TPM_RC_SUCCESS) {
   34158     error_reporter.Run(rc);
   34159     return;
   34160   }
   34161   transceiver_->SendCommand(command, parser);
   34162 }
   34163 
   34164 TPM_RC Tpm::FieldUpgradeStartSync(
   34165       const TPMI_RH_PLATFORM& authorization,
   34166       const std::string& authorization_name,
   34167       const TPMI_DH_OBJECT& key_handle,
   34168       const std::string& key_handle_name,
   34169       const TPM2B_DIGEST& fu_digest,
   34170       const TPMT_SIGNATURE& manifest_signature,
   34171       AuthorizationDelegate* authorization_delegate) {
   34172   VLOG(1) << __func__;
   34173   std::string command;
   34174   TPM_RC rc = SerializeCommand_FieldUpgradeStart(
   34175       authorization,
   34176       authorization_name,
   34177       key_handle,
   34178       key_handle_name,
   34179       fu_digest,
   34180       manifest_signature,
   34181       &command,
   34182       authorization_delegate);
   34183   if (rc != TPM_RC_SUCCESS) {
   34184     return rc;
   34185   }
   34186   std::string response = transceiver_->SendCommandAndWait(command);
   34187   rc = ParseResponse_FieldUpgradeStart(
   34188       response,
   34189       authorization_delegate);
   34190   return rc;
   34191 }
   34192 
   34193 TPM_RC Tpm::SerializeCommand_FieldUpgradeData(
   34194       const TPM2B_MAX_BUFFER& fu_data,
   34195       std::string* serialized_command,
   34196       AuthorizationDelegate* authorization_delegate) {
   34197   VLOG(3) << __func__;
   34198   TPM_RC rc = TPM_RC_SUCCESS;
   34199   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   34200   UINT32 command_size = 10;  // Header size.
   34201   std::string handle_section_bytes;
   34202   std::string parameter_section_bytes;
   34203   TPM_CC command_code = TPM_CC_FieldUpgradeData;
   34204   bool is_command_parameter_encryption_possible = true;
   34205   bool is_response_parameter_encryption_possible = false;
   34206   std::string command_code_bytes;
   34207   rc = Serialize_TPM_CC(
   34208       command_code,
   34209       &command_code_bytes);
   34210   if (rc != TPM_RC_SUCCESS) {
   34211     return rc;
   34212   }
   34213   std::string fu_data_bytes;
   34214   rc = Serialize_TPM2B_MAX_BUFFER(
   34215       fu_data,
   34216       &fu_data_bytes);
   34217   if (rc != TPM_RC_SUCCESS) {
   34218     return rc;
   34219   }
   34220   if (authorization_delegate) {
   34221     // Encrypt just the parameter data, not the size.
   34222     std::string tmp = fu_data_bytes.substr(2);
   34223     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   34224       return TRUNKS_RC_ENCRYPTION_FAILED;
   34225     }
   34226     fu_data_bytes.replace(2, std::string::npos, tmp);
   34227   }
   34228   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   34229       crypto::SecureHash::SHA256));
   34230   hash->Update(command_code_bytes.data(),
   34231                command_code_bytes.size());
   34232   hash->Update(fu_data_bytes.data(),
   34233                fu_data_bytes.size());
   34234   parameter_section_bytes += fu_data_bytes;
   34235   command_size += fu_data_bytes.size();
   34236   std::string command_hash(32, 0);
   34237   hash->Finish(string_as_array(&command_hash), command_hash.size());
   34238   std::string authorization_section_bytes;
   34239   std::string authorization_size_bytes;
   34240   if (authorization_delegate) {
   34241     if (!authorization_delegate->GetCommandAuthorization(
   34242         command_hash,
   34243         is_command_parameter_encryption_possible,
   34244         is_response_parameter_encryption_possible,
   34245         &authorization_section_bytes)) {
   34246       return TRUNKS_RC_AUTHORIZATION_FAILED;
   34247     }
   34248     if (!authorization_section_bytes.empty()) {
   34249       tag = TPM_ST_SESSIONS;
   34250       std::string tmp;
   34251       rc = Serialize_UINT32(authorization_section_bytes.size(),
   34252                             &authorization_size_bytes);
   34253       if (rc != TPM_RC_SUCCESS) {
   34254         return rc;
   34255       }
   34256       command_size += authorization_size_bytes.size() +
   34257                       authorization_section_bytes.size();
   34258     }
   34259   }
   34260   std::string tag_bytes;
   34261   rc = Serialize_TPMI_ST_COMMAND_TAG(
   34262       tag,
   34263       &tag_bytes);
   34264   if (rc != TPM_RC_SUCCESS) {
   34265     return rc;
   34266   }
   34267   std::string command_size_bytes;
   34268   rc = Serialize_UINT32(
   34269       command_size,
   34270       &command_size_bytes);
   34271   if (rc != TPM_RC_SUCCESS) {
   34272     return rc;
   34273   }
   34274   *serialized_command = tag_bytes +
   34275                         command_size_bytes +
   34276                         command_code_bytes +
   34277                         handle_section_bytes +
   34278                         authorization_size_bytes +
   34279                         authorization_section_bytes +
   34280                         parameter_section_bytes;
   34281   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   34282   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   34283                                             serialized_command->size());
   34284   return TPM_RC_SUCCESS;
   34285 }
   34286 
   34287 TPM_RC Tpm::ParseResponse_FieldUpgradeData(
   34288       const std::string& response,
   34289       TPMT_HA* next_digest,
   34290       TPMT_HA* first_digest,
   34291       AuthorizationDelegate* authorization_delegate) {
   34292   VLOG(3) << __func__;
   34293   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   34294   TPM_RC rc = TPM_RC_SUCCESS;
   34295   std::string buffer(response);
   34296   TPM_ST tag;
   34297   std::string tag_bytes;
   34298   rc = Parse_TPM_ST(
   34299       &buffer,
   34300       &tag,
   34301       &tag_bytes);
   34302   if (rc != TPM_RC_SUCCESS) {
   34303     return rc;
   34304   }
   34305   UINT32 response_size;
   34306   std::string response_size_bytes;
   34307   rc = Parse_UINT32(
   34308       &buffer,
   34309       &response_size,
   34310       &response_size_bytes);
   34311   if (rc != TPM_RC_SUCCESS) {
   34312     return rc;
   34313   }
   34314   TPM_RC response_code;
   34315   std::string response_code_bytes;
   34316   rc = Parse_TPM_RC(
   34317       &buffer,
   34318       &response_code,
   34319       &response_code_bytes);
   34320   if (rc != TPM_RC_SUCCESS) {
   34321     return rc;
   34322   }
   34323   if (response_size != response.size()) {
   34324     return TPM_RC_SIZE;
   34325   }
   34326   if (response_code != TPM_RC_SUCCESS) {
   34327     return response_code;
   34328   }
   34329   TPM_CC command_code = TPM_CC_FieldUpgradeData;
   34330   std::string command_code_bytes;
   34331   rc = Serialize_TPM_CC(
   34332       command_code,
   34333       &command_code_bytes);
   34334   if (rc != TPM_RC_SUCCESS) {
   34335     return rc;
   34336   }
   34337   std::string authorization_section_bytes;
   34338   if (tag == TPM_ST_SESSIONS) {
   34339     UINT32 parameter_section_size = buffer.size();
   34340     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   34341     if (rc != TPM_RC_SUCCESS) {
   34342       return rc;
   34343     }
   34344     if (parameter_section_size > buffer.size()) {
   34345       return TPM_RC_INSUFFICIENT;
   34346     }
   34347     authorization_section_bytes = buffer.substr(parameter_section_size);
   34348     // Keep the parameter section in |buffer|.
   34349     buffer.erase(parameter_section_size);
   34350   }
   34351   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   34352       crypto::SecureHash::SHA256));
   34353   hash->Update(response_code_bytes.data(),
   34354                response_code_bytes.size());
   34355   hash->Update(command_code_bytes.data(),
   34356                command_code_bytes.size());
   34357   hash->Update(buffer.data(),
   34358                buffer.size());
   34359   std::string response_hash(32, 0);
   34360   hash->Finish(string_as_array(&response_hash), response_hash.size());
   34361   if (tag == TPM_ST_SESSIONS) {
   34362     CHECK(authorization_delegate) << "Authorization delegate missing!";
   34363     if (!authorization_delegate->CheckResponseAuthorization(
   34364         response_hash,
   34365         authorization_section_bytes)) {
   34366       return TRUNKS_RC_AUTHORIZATION_FAILED;
   34367     }
   34368   }
   34369   std::string next_digest_bytes;
   34370   rc = Parse_TPMT_HA(
   34371       &buffer,
   34372       next_digest,
   34373       &next_digest_bytes);
   34374   if (rc != TPM_RC_SUCCESS) {
   34375     return rc;
   34376   }
   34377   std::string first_digest_bytes;
   34378   rc = Parse_TPMT_HA(
   34379       &buffer,
   34380       first_digest,
   34381       &first_digest_bytes);
   34382   if (rc != TPM_RC_SUCCESS) {
   34383     return rc;
   34384   }
   34385   return TPM_RC_SUCCESS;
   34386 }
   34387 
   34388 void FieldUpgradeDataErrorCallback(
   34389     const Tpm::FieldUpgradeDataResponse& callback,
   34390     TPM_RC response_code) {
   34391   VLOG(1) << __func__;
   34392   callback.Run(response_code,
   34393                TPMT_HA(),
   34394                TPMT_HA());
   34395 }
   34396 
   34397 void FieldUpgradeDataResponseParser(
   34398     const Tpm::FieldUpgradeDataResponse& callback,
   34399     AuthorizationDelegate* authorization_delegate,
   34400     const std::string& response) {
   34401   VLOG(1) << __func__;
   34402   base::Callback<void(TPM_RC)> error_reporter =
   34403       base::Bind(FieldUpgradeDataErrorCallback, callback);
   34404   TPMT_HA next_digest;
   34405   TPMT_HA first_digest;
   34406   TPM_RC rc = Tpm::ParseResponse_FieldUpgradeData(
   34407       response,
   34408       &next_digest,
   34409       &first_digest,
   34410       authorization_delegate);
   34411   if (rc != TPM_RC_SUCCESS) {
   34412     error_reporter.Run(rc);
   34413     return;
   34414   }
   34415   callback.Run(
   34416       rc,
   34417       next_digest,
   34418       first_digest);
   34419 }
   34420 
   34421 void Tpm::FieldUpgradeData(
   34422       const TPM2B_MAX_BUFFER& fu_data,
   34423       AuthorizationDelegate* authorization_delegate,
   34424       const FieldUpgradeDataResponse& callback) {
   34425   VLOG(1) << __func__;
   34426   base::Callback<void(TPM_RC)> error_reporter =
   34427       base::Bind(FieldUpgradeDataErrorCallback, callback);
   34428   base::Callback<void(const std::string&)> parser =
   34429       base::Bind(FieldUpgradeDataResponseParser,
   34430                  callback,
   34431                  authorization_delegate);
   34432   std::string command;
   34433   TPM_RC rc = SerializeCommand_FieldUpgradeData(
   34434       fu_data,
   34435       &command,
   34436       authorization_delegate);
   34437   if (rc != TPM_RC_SUCCESS) {
   34438     error_reporter.Run(rc);
   34439     return;
   34440   }
   34441   transceiver_->SendCommand(command, parser);
   34442 }
   34443 
   34444 TPM_RC Tpm::FieldUpgradeDataSync(
   34445       const TPM2B_MAX_BUFFER& fu_data,
   34446       TPMT_HA* next_digest,
   34447       TPMT_HA* first_digest,
   34448       AuthorizationDelegate* authorization_delegate) {
   34449   VLOG(1) << __func__;
   34450   std::string command;
   34451   TPM_RC rc = SerializeCommand_FieldUpgradeData(
   34452       fu_data,
   34453       &command,
   34454       authorization_delegate);
   34455   if (rc != TPM_RC_SUCCESS) {
   34456     return rc;
   34457   }
   34458   std::string response = transceiver_->SendCommandAndWait(command);
   34459   rc = ParseResponse_FieldUpgradeData(
   34460       response,
   34461       next_digest,
   34462       first_digest,
   34463       authorization_delegate);
   34464   return rc;
   34465 }
   34466 
   34467 TPM_RC Tpm::SerializeCommand_FirmwareRead(
   34468       const UINT32& sequence_number,
   34469       std::string* serialized_command,
   34470       AuthorizationDelegate* authorization_delegate) {
   34471   VLOG(3) << __func__;
   34472   TPM_RC rc = TPM_RC_SUCCESS;
   34473   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   34474   UINT32 command_size = 10;  // Header size.
   34475   std::string handle_section_bytes;
   34476   std::string parameter_section_bytes;
   34477   TPM_CC command_code = TPM_CC_FirmwareRead;
   34478   bool is_command_parameter_encryption_possible = false;
   34479   bool is_response_parameter_encryption_possible = true;
   34480   std::string command_code_bytes;
   34481   rc = Serialize_TPM_CC(
   34482       command_code,
   34483       &command_code_bytes);
   34484   if (rc != TPM_RC_SUCCESS) {
   34485     return rc;
   34486   }
   34487   std::string sequence_number_bytes;
   34488   rc = Serialize_UINT32(
   34489       sequence_number,
   34490       &sequence_number_bytes);
   34491   if (rc != TPM_RC_SUCCESS) {
   34492     return rc;
   34493   }
   34494   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   34495       crypto::SecureHash::SHA256));
   34496   hash->Update(command_code_bytes.data(),
   34497                command_code_bytes.size());
   34498   hash->Update(sequence_number_bytes.data(),
   34499                sequence_number_bytes.size());
   34500   parameter_section_bytes += sequence_number_bytes;
   34501   command_size += sequence_number_bytes.size();
   34502   std::string command_hash(32, 0);
   34503   hash->Finish(string_as_array(&command_hash), command_hash.size());
   34504   std::string authorization_section_bytes;
   34505   std::string authorization_size_bytes;
   34506   if (authorization_delegate) {
   34507     if (!authorization_delegate->GetCommandAuthorization(
   34508         command_hash,
   34509         is_command_parameter_encryption_possible,
   34510         is_response_parameter_encryption_possible,
   34511         &authorization_section_bytes)) {
   34512       return TRUNKS_RC_AUTHORIZATION_FAILED;
   34513     }
   34514     if (!authorization_section_bytes.empty()) {
   34515       tag = TPM_ST_SESSIONS;
   34516       std::string tmp;
   34517       rc = Serialize_UINT32(authorization_section_bytes.size(),
   34518                             &authorization_size_bytes);
   34519       if (rc != TPM_RC_SUCCESS) {
   34520         return rc;
   34521       }
   34522       command_size += authorization_size_bytes.size() +
   34523                       authorization_section_bytes.size();
   34524     }
   34525   }
   34526   std::string tag_bytes;
   34527   rc = Serialize_TPMI_ST_COMMAND_TAG(
   34528       tag,
   34529       &tag_bytes);
   34530   if (rc != TPM_RC_SUCCESS) {
   34531     return rc;
   34532   }
   34533   std::string command_size_bytes;
   34534   rc = Serialize_UINT32(
   34535       command_size,
   34536       &command_size_bytes);
   34537   if (rc != TPM_RC_SUCCESS) {
   34538     return rc;
   34539   }
   34540   *serialized_command = tag_bytes +
   34541                         command_size_bytes +
   34542                         command_code_bytes +
   34543                         handle_section_bytes +
   34544                         authorization_size_bytes +
   34545                         authorization_section_bytes +
   34546                         parameter_section_bytes;
   34547   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   34548   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   34549                                             serialized_command->size());
   34550   return TPM_RC_SUCCESS;
   34551 }
   34552 
   34553 TPM_RC Tpm::ParseResponse_FirmwareRead(
   34554       const std::string& response,
   34555       TPM2B_MAX_BUFFER* fu_data,
   34556       AuthorizationDelegate* authorization_delegate) {
   34557   VLOG(3) << __func__;
   34558   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   34559   TPM_RC rc = TPM_RC_SUCCESS;
   34560   std::string buffer(response);
   34561   TPM_ST tag;
   34562   std::string tag_bytes;
   34563   rc = Parse_TPM_ST(
   34564       &buffer,
   34565       &tag,
   34566       &tag_bytes);
   34567   if (rc != TPM_RC_SUCCESS) {
   34568     return rc;
   34569   }
   34570   UINT32 response_size;
   34571   std::string response_size_bytes;
   34572   rc = Parse_UINT32(
   34573       &buffer,
   34574       &response_size,
   34575       &response_size_bytes);
   34576   if (rc != TPM_RC_SUCCESS) {
   34577     return rc;
   34578   }
   34579   TPM_RC response_code;
   34580   std::string response_code_bytes;
   34581   rc = Parse_TPM_RC(
   34582       &buffer,
   34583       &response_code,
   34584       &response_code_bytes);
   34585   if (rc != TPM_RC_SUCCESS) {
   34586     return rc;
   34587   }
   34588   if (response_size != response.size()) {
   34589     return TPM_RC_SIZE;
   34590   }
   34591   if (response_code != TPM_RC_SUCCESS) {
   34592     return response_code;
   34593   }
   34594   TPM_CC command_code = TPM_CC_FirmwareRead;
   34595   std::string command_code_bytes;
   34596   rc = Serialize_TPM_CC(
   34597       command_code,
   34598       &command_code_bytes);
   34599   if (rc != TPM_RC_SUCCESS) {
   34600     return rc;
   34601   }
   34602   std::string authorization_section_bytes;
   34603   if (tag == TPM_ST_SESSIONS) {
   34604     UINT32 parameter_section_size = buffer.size();
   34605     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   34606     if (rc != TPM_RC_SUCCESS) {
   34607       return rc;
   34608     }
   34609     if (parameter_section_size > buffer.size()) {
   34610       return TPM_RC_INSUFFICIENT;
   34611     }
   34612     authorization_section_bytes = buffer.substr(parameter_section_size);
   34613     // Keep the parameter section in |buffer|.
   34614     buffer.erase(parameter_section_size);
   34615   }
   34616   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   34617       crypto::SecureHash::SHA256));
   34618   hash->Update(response_code_bytes.data(),
   34619                response_code_bytes.size());
   34620   hash->Update(command_code_bytes.data(),
   34621                command_code_bytes.size());
   34622   hash->Update(buffer.data(),
   34623                buffer.size());
   34624   std::string response_hash(32, 0);
   34625   hash->Finish(string_as_array(&response_hash), response_hash.size());
   34626   if (tag == TPM_ST_SESSIONS) {
   34627     CHECK(authorization_delegate) << "Authorization delegate missing!";
   34628     if (!authorization_delegate->CheckResponseAuthorization(
   34629         response_hash,
   34630         authorization_section_bytes)) {
   34631       return TRUNKS_RC_AUTHORIZATION_FAILED;
   34632     }
   34633   }
   34634   std::string fu_data_bytes;
   34635   rc = Parse_TPM2B_MAX_BUFFER(
   34636       &buffer,
   34637       fu_data,
   34638       &fu_data_bytes);
   34639   if (rc != TPM_RC_SUCCESS) {
   34640     return rc;
   34641   }
   34642   if (tag == TPM_ST_SESSIONS) {
   34643     CHECK(authorization_delegate) << "Authorization delegate missing!";
   34644     // Decrypt just the parameter data, not the size.
   34645     std::string tmp = fu_data_bytes.substr(2);
   34646     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   34647       return TRUNKS_RC_ENCRYPTION_FAILED;
   34648     }
   34649     fu_data_bytes.replace(2, std::string::npos, tmp);
   34650     rc = Parse_TPM2B_MAX_BUFFER(
   34651         &fu_data_bytes,
   34652         fu_data,
   34653         nullptr);
   34654     if (rc != TPM_RC_SUCCESS) {
   34655       return rc;
   34656     }
   34657   }
   34658   return TPM_RC_SUCCESS;
   34659 }
   34660 
   34661 void FirmwareReadErrorCallback(
   34662     const Tpm::FirmwareReadResponse& callback,
   34663     TPM_RC response_code) {
   34664   VLOG(1) << __func__;
   34665   callback.Run(response_code,
   34666                TPM2B_MAX_BUFFER());
   34667 }
   34668 
   34669 void FirmwareReadResponseParser(
   34670     const Tpm::FirmwareReadResponse& callback,
   34671     AuthorizationDelegate* authorization_delegate,
   34672     const std::string& response) {
   34673   VLOG(1) << __func__;
   34674   base::Callback<void(TPM_RC)> error_reporter =
   34675       base::Bind(FirmwareReadErrorCallback, callback);
   34676   TPM2B_MAX_BUFFER fu_data;
   34677   TPM_RC rc = Tpm::ParseResponse_FirmwareRead(
   34678       response,
   34679       &fu_data,
   34680       authorization_delegate);
   34681   if (rc != TPM_RC_SUCCESS) {
   34682     error_reporter.Run(rc);
   34683     return;
   34684   }
   34685   callback.Run(
   34686       rc,
   34687       fu_data);
   34688 }
   34689 
   34690 void Tpm::FirmwareRead(
   34691       const UINT32& sequence_number,
   34692       AuthorizationDelegate* authorization_delegate,
   34693       const FirmwareReadResponse& callback) {
   34694   VLOG(1) << __func__;
   34695   base::Callback<void(TPM_RC)> error_reporter =
   34696       base::Bind(FirmwareReadErrorCallback, callback);
   34697   base::Callback<void(const std::string&)> parser =
   34698       base::Bind(FirmwareReadResponseParser,
   34699                  callback,
   34700                  authorization_delegate);
   34701   std::string command;
   34702   TPM_RC rc = SerializeCommand_FirmwareRead(
   34703       sequence_number,
   34704       &command,
   34705       authorization_delegate);
   34706   if (rc != TPM_RC_SUCCESS) {
   34707     error_reporter.Run(rc);
   34708     return;
   34709   }
   34710   transceiver_->SendCommand(command, parser);
   34711 }
   34712 
   34713 TPM_RC Tpm::FirmwareReadSync(
   34714       const UINT32& sequence_number,
   34715       TPM2B_MAX_BUFFER* fu_data,
   34716       AuthorizationDelegate* authorization_delegate) {
   34717   VLOG(1) << __func__;
   34718   std::string command;
   34719   TPM_RC rc = SerializeCommand_FirmwareRead(
   34720       sequence_number,
   34721       &command,
   34722       authorization_delegate);
   34723   if (rc != TPM_RC_SUCCESS) {
   34724     return rc;
   34725   }
   34726   std::string response = transceiver_->SendCommandAndWait(command);
   34727   rc = ParseResponse_FirmwareRead(
   34728       response,
   34729       fu_data,
   34730       authorization_delegate);
   34731   return rc;
   34732 }
   34733 
   34734 TPM_RC Tpm::SerializeCommand_ContextSave(
   34735       const TPMI_DH_CONTEXT& save_handle,
   34736       const std::string& save_handle_name,
   34737       std::string* serialized_command,
   34738       AuthorizationDelegate* authorization_delegate) {
   34739   VLOG(3) << __func__;
   34740   TPM_RC rc = TPM_RC_SUCCESS;
   34741   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   34742   UINT32 command_size = 10;  // Header size.
   34743   std::string handle_section_bytes;
   34744   std::string parameter_section_bytes;
   34745   TPM_CC command_code = TPM_CC_ContextSave;
   34746   bool is_command_parameter_encryption_possible = false;
   34747   bool is_response_parameter_encryption_possible = false;
   34748   std::string command_code_bytes;
   34749   rc = Serialize_TPM_CC(
   34750       command_code,
   34751       &command_code_bytes);
   34752   if (rc != TPM_RC_SUCCESS) {
   34753     return rc;
   34754   }
   34755   std::string save_handle_bytes;
   34756   rc = Serialize_TPMI_DH_CONTEXT(
   34757       save_handle,
   34758       &save_handle_bytes);
   34759   if (rc != TPM_RC_SUCCESS) {
   34760     return rc;
   34761   }
   34762   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   34763       crypto::SecureHash::SHA256));
   34764   hash->Update(command_code_bytes.data(),
   34765                command_code_bytes.size());
   34766   hash->Update(save_handle_name.data(),
   34767                save_handle_name.size());
   34768   handle_section_bytes += save_handle_bytes;
   34769   command_size += save_handle_bytes.size();
   34770   std::string command_hash(32, 0);
   34771   hash->Finish(string_as_array(&command_hash), command_hash.size());
   34772   std::string authorization_section_bytes;
   34773   std::string authorization_size_bytes;
   34774   if (authorization_delegate) {
   34775     if (!authorization_delegate->GetCommandAuthorization(
   34776         command_hash,
   34777         is_command_parameter_encryption_possible,
   34778         is_response_parameter_encryption_possible,
   34779         &authorization_section_bytes)) {
   34780       return TRUNKS_RC_AUTHORIZATION_FAILED;
   34781     }
   34782     if (!authorization_section_bytes.empty()) {
   34783       tag = TPM_ST_SESSIONS;
   34784       std::string tmp;
   34785       rc = Serialize_UINT32(authorization_section_bytes.size(),
   34786                             &authorization_size_bytes);
   34787       if (rc != TPM_RC_SUCCESS) {
   34788         return rc;
   34789       }
   34790       command_size += authorization_size_bytes.size() +
   34791                       authorization_section_bytes.size();
   34792     }
   34793   }
   34794   std::string tag_bytes;
   34795   rc = Serialize_TPMI_ST_COMMAND_TAG(
   34796       tag,
   34797       &tag_bytes);
   34798   if (rc != TPM_RC_SUCCESS) {
   34799     return rc;
   34800   }
   34801   std::string command_size_bytes;
   34802   rc = Serialize_UINT32(
   34803       command_size,
   34804       &command_size_bytes);
   34805   if (rc != TPM_RC_SUCCESS) {
   34806     return rc;
   34807   }
   34808   *serialized_command = tag_bytes +
   34809                         command_size_bytes +
   34810                         command_code_bytes +
   34811                         handle_section_bytes +
   34812                         authorization_size_bytes +
   34813                         authorization_section_bytes +
   34814                         parameter_section_bytes;
   34815   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   34816   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   34817                                             serialized_command->size());
   34818   return TPM_RC_SUCCESS;
   34819 }
   34820 
   34821 TPM_RC Tpm::ParseResponse_ContextSave(
   34822       const std::string& response,
   34823       TPMS_CONTEXT* context,
   34824       AuthorizationDelegate* authorization_delegate) {
   34825   VLOG(3) << __func__;
   34826   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   34827   TPM_RC rc = TPM_RC_SUCCESS;
   34828   std::string buffer(response);
   34829   TPM_ST tag;
   34830   std::string tag_bytes;
   34831   rc = Parse_TPM_ST(
   34832       &buffer,
   34833       &tag,
   34834       &tag_bytes);
   34835   if (rc != TPM_RC_SUCCESS) {
   34836     return rc;
   34837   }
   34838   UINT32 response_size;
   34839   std::string response_size_bytes;
   34840   rc = Parse_UINT32(
   34841       &buffer,
   34842       &response_size,
   34843       &response_size_bytes);
   34844   if (rc != TPM_RC_SUCCESS) {
   34845     return rc;
   34846   }
   34847   TPM_RC response_code;
   34848   std::string response_code_bytes;
   34849   rc = Parse_TPM_RC(
   34850       &buffer,
   34851       &response_code,
   34852       &response_code_bytes);
   34853   if (rc != TPM_RC_SUCCESS) {
   34854     return rc;
   34855   }
   34856   if (response_size != response.size()) {
   34857     return TPM_RC_SIZE;
   34858   }
   34859   if (response_code != TPM_RC_SUCCESS) {
   34860     return response_code;
   34861   }
   34862   TPM_CC command_code = TPM_CC_ContextSave;
   34863   std::string command_code_bytes;
   34864   rc = Serialize_TPM_CC(
   34865       command_code,
   34866       &command_code_bytes);
   34867   if (rc != TPM_RC_SUCCESS) {
   34868     return rc;
   34869   }
   34870   std::string authorization_section_bytes;
   34871   if (tag == TPM_ST_SESSIONS) {
   34872     UINT32 parameter_section_size = buffer.size();
   34873     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   34874     if (rc != TPM_RC_SUCCESS) {
   34875       return rc;
   34876     }
   34877     if (parameter_section_size > buffer.size()) {
   34878       return TPM_RC_INSUFFICIENT;
   34879     }
   34880     authorization_section_bytes = buffer.substr(parameter_section_size);
   34881     // Keep the parameter section in |buffer|.
   34882     buffer.erase(parameter_section_size);
   34883   }
   34884   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   34885       crypto::SecureHash::SHA256));
   34886   hash->Update(response_code_bytes.data(),
   34887                response_code_bytes.size());
   34888   hash->Update(command_code_bytes.data(),
   34889                command_code_bytes.size());
   34890   hash->Update(buffer.data(),
   34891                buffer.size());
   34892   std::string response_hash(32, 0);
   34893   hash->Finish(string_as_array(&response_hash), response_hash.size());
   34894   if (tag == TPM_ST_SESSIONS) {
   34895     CHECK(authorization_delegate) << "Authorization delegate missing!";
   34896     if (!authorization_delegate->CheckResponseAuthorization(
   34897         response_hash,
   34898         authorization_section_bytes)) {
   34899       return TRUNKS_RC_AUTHORIZATION_FAILED;
   34900     }
   34901   }
   34902   std::string context_bytes;
   34903   rc = Parse_TPMS_CONTEXT(
   34904       &buffer,
   34905       context,
   34906       &context_bytes);
   34907   if (rc != TPM_RC_SUCCESS) {
   34908     return rc;
   34909   }
   34910   return TPM_RC_SUCCESS;
   34911 }
   34912 
   34913 void ContextSaveErrorCallback(
   34914     const Tpm::ContextSaveResponse& callback,
   34915     TPM_RC response_code) {
   34916   VLOG(1) << __func__;
   34917   callback.Run(response_code,
   34918                TPMS_CONTEXT());
   34919 }
   34920 
   34921 void ContextSaveResponseParser(
   34922     const Tpm::ContextSaveResponse& callback,
   34923     AuthorizationDelegate* authorization_delegate,
   34924     const std::string& response) {
   34925   VLOG(1) << __func__;
   34926   base::Callback<void(TPM_RC)> error_reporter =
   34927       base::Bind(ContextSaveErrorCallback, callback);
   34928   TPMS_CONTEXT context;
   34929   TPM_RC rc = Tpm::ParseResponse_ContextSave(
   34930       response,
   34931       &context,
   34932       authorization_delegate);
   34933   if (rc != TPM_RC_SUCCESS) {
   34934     error_reporter.Run(rc);
   34935     return;
   34936   }
   34937   callback.Run(
   34938       rc,
   34939       context);
   34940 }
   34941 
   34942 void Tpm::ContextSave(
   34943       const TPMI_DH_CONTEXT& save_handle,
   34944       const std::string& save_handle_name,
   34945       AuthorizationDelegate* authorization_delegate,
   34946       const ContextSaveResponse& callback) {
   34947   VLOG(1) << __func__;
   34948   base::Callback<void(TPM_RC)> error_reporter =
   34949       base::Bind(ContextSaveErrorCallback, callback);
   34950   base::Callback<void(const std::string&)> parser =
   34951       base::Bind(ContextSaveResponseParser,
   34952                  callback,
   34953                  authorization_delegate);
   34954   std::string command;
   34955   TPM_RC rc = SerializeCommand_ContextSave(
   34956       save_handle,
   34957       save_handle_name,
   34958       &command,
   34959       authorization_delegate);
   34960   if (rc != TPM_RC_SUCCESS) {
   34961     error_reporter.Run(rc);
   34962     return;
   34963   }
   34964   transceiver_->SendCommand(command, parser);
   34965 }
   34966 
   34967 TPM_RC Tpm::ContextSaveSync(
   34968       const TPMI_DH_CONTEXT& save_handle,
   34969       const std::string& save_handle_name,
   34970       TPMS_CONTEXT* context,
   34971       AuthorizationDelegate* authorization_delegate) {
   34972   VLOG(1) << __func__;
   34973   std::string command;
   34974   TPM_RC rc = SerializeCommand_ContextSave(
   34975       save_handle,
   34976       save_handle_name,
   34977       &command,
   34978       authorization_delegate);
   34979   if (rc != TPM_RC_SUCCESS) {
   34980     return rc;
   34981   }
   34982   std::string response = transceiver_->SendCommandAndWait(command);
   34983   rc = ParseResponse_ContextSave(
   34984       response,
   34985       context,
   34986       authorization_delegate);
   34987   return rc;
   34988 }
   34989 
   34990 TPM_RC Tpm::SerializeCommand_ContextLoad(
   34991       const TPMS_CONTEXT& context,
   34992       std::string* serialized_command,
   34993       AuthorizationDelegate* authorization_delegate) {
   34994   VLOG(3) << __func__;
   34995   TPM_RC rc = TPM_RC_SUCCESS;
   34996   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   34997   UINT32 command_size = 10;  // Header size.
   34998   std::string handle_section_bytes;
   34999   std::string parameter_section_bytes;
   35000   TPM_CC command_code = TPM_CC_ContextLoad;
   35001   bool is_command_parameter_encryption_possible = false;
   35002   bool is_response_parameter_encryption_possible = false;
   35003   std::string command_code_bytes;
   35004   rc = Serialize_TPM_CC(
   35005       command_code,
   35006       &command_code_bytes);
   35007   if (rc != TPM_RC_SUCCESS) {
   35008     return rc;
   35009   }
   35010   std::string context_bytes;
   35011   rc = Serialize_TPMS_CONTEXT(
   35012       context,
   35013       &context_bytes);
   35014   if (rc != TPM_RC_SUCCESS) {
   35015     return rc;
   35016   }
   35017   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   35018       crypto::SecureHash::SHA256));
   35019   hash->Update(command_code_bytes.data(),
   35020                command_code_bytes.size());
   35021   hash->Update(context_bytes.data(),
   35022                context_bytes.size());
   35023   parameter_section_bytes += context_bytes;
   35024   command_size += context_bytes.size();
   35025   std::string command_hash(32, 0);
   35026   hash->Finish(string_as_array(&command_hash), command_hash.size());
   35027   std::string authorization_section_bytes;
   35028   std::string authorization_size_bytes;
   35029   if (authorization_delegate) {
   35030     if (!authorization_delegate->GetCommandAuthorization(
   35031         command_hash,
   35032         is_command_parameter_encryption_possible,
   35033         is_response_parameter_encryption_possible,
   35034         &authorization_section_bytes)) {
   35035       return TRUNKS_RC_AUTHORIZATION_FAILED;
   35036     }
   35037     if (!authorization_section_bytes.empty()) {
   35038       tag = TPM_ST_SESSIONS;
   35039       std::string tmp;
   35040       rc = Serialize_UINT32(authorization_section_bytes.size(),
   35041                             &authorization_size_bytes);
   35042       if (rc != TPM_RC_SUCCESS) {
   35043         return rc;
   35044       }
   35045       command_size += authorization_size_bytes.size() +
   35046                       authorization_section_bytes.size();
   35047     }
   35048   }
   35049   std::string tag_bytes;
   35050   rc = Serialize_TPMI_ST_COMMAND_TAG(
   35051       tag,
   35052       &tag_bytes);
   35053   if (rc != TPM_RC_SUCCESS) {
   35054     return rc;
   35055   }
   35056   std::string command_size_bytes;
   35057   rc = Serialize_UINT32(
   35058       command_size,
   35059       &command_size_bytes);
   35060   if (rc != TPM_RC_SUCCESS) {
   35061     return rc;
   35062   }
   35063   *serialized_command = tag_bytes +
   35064                         command_size_bytes +
   35065                         command_code_bytes +
   35066                         handle_section_bytes +
   35067                         authorization_size_bytes +
   35068                         authorization_section_bytes +
   35069                         parameter_section_bytes;
   35070   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   35071   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   35072                                             serialized_command->size());
   35073   return TPM_RC_SUCCESS;
   35074 }
   35075 
   35076 TPM_RC Tpm::ParseResponse_ContextLoad(
   35077       const std::string& response,
   35078       TPMI_DH_CONTEXT* loaded_handle,
   35079       AuthorizationDelegate* authorization_delegate) {
   35080   VLOG(3) << __func__;
   35081   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   35082   TPM_RC rc = TPM_RC_SUCCESS;
   35083   std::string buffer(response);
   35084   TPM_ST tag;
   35085   std::string tag_bytes;
   35086   rc = Parse_TPM_ST(
   35087       &buffer,
   35088       &tag,
   35089       &tag_bytes);
   35090   if (rc != TPM_RC_SUCCESS) {
   35091     return rc;
   35092   }
   35093   UINT32 response_size;
   35094   std::string response_size_bytes;
   35095   rc = Parse_UINT32(
   35096       &buffer,
   35097       &response_size,
   35098       &response_size_bytes);
   35099   if (rc != TPM_RC_SUCCESS) {
   35100     return rc;
   35101   }
   35102   TPM_RC response_code;
   35103   std::string response_code_bytes;
   35104   rc = Parse_TPM_RC(
   35105       &buffer,
   35106       &response_code,
   35107       &response_code_bytes);
   35108   if (rc != TPM_RC_SUCCESS) {
   35109     return rc;
   35110   }
   35111   if (response_size != response.size()) {
   35112     return TPM_RC_SIZE;
   35113   }
   35114   if (response_code != TPM_RC_SUCCESS) {
   35115     return response_code;
   35116   }
   35117   std::string loaded_handle_bytes;
   35118   rc = Parse_TPMI_DH_CONTEXT(
   35119       &buffer,
   35120       loaded_handle,
   35121       &loaded_handle_bytes);
   35122   if (rc != TPM_RC_SUCCESS) {
   35123     return rc;
   35124   }
   35125   TPM_CC command_code = TPM_CC_ContextLoad;
   35126   std::string command_code_bytes;
   35127   rc = Serialize_TPM_CC(
   35128       command_code,
   35129       &command_code_bytes);
   35130   if (rc != TPM_RC_SUCCESS) {
   35131     return rc;
   35132   }
   35133   std::string authorization_section_bytes;
   35134   if (tag == TPM_ST_SESSIONS) {
   35135     UINT32 parameter_section_size = buffer.size();
   35136     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   35137     if (rc != TPM_RC_SUCCESS) {
   35138       return rc;
   35139     }
   35140     if (parameter_section_size > buffer.size()) {
   35141       return TPM_RC_INSUFFICIENT;
   35142     }
   35143     authorization_section_bytes = buffer.substr(parameter_section_size);
   35144     // Keep the parameter section in |buffer|.
   35145     buffer.erase(parameter_section_size);
   35146   }
   35147   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   35148       crypto::SecureHash::SHA256));
   35149   hash->Update(response_code_bytes.data(),
   35150                response_code_bytes.size());
   35151   hash->Update(command_code_bytes.data(),
   35152                command_code_bytes.size());
   35153   hash->Update(buffer.data(),
   35154                buffer.size());
   35155   std::string response_hash(32, 0);
   35156   hash->Finish(string_as_array(&response_hash), response_hash.size());
   35157   if (tag == TPM_ST_SESSIONS) {
   35158     CHECK(authorization_delegate) << "Authorization delegate missing!";
   35159     if (!authorization_delegate->CheckResponseAuthorization(
   35160         response_hash,
   35161         authorization_section_bytes)) {
   35162       return TRUNKS_RC_AUTHORIZATION_FAILED;
   35163     }
   35164   }
   35165   return TPM_RC_SUCCESS;
   35166 }
   35167 
   35168 void ContextLoadErrorCallback(
   35169     const Tpm::ContextLoadResponse& callback,
   35170     TPM_RC response_code) {
   35171   VLOG(1) << __func__;
   35172   callback.Run(response_code,
   35173                TPMI_DH_CONTEXT());
   35174 }
   35175 
   35176 void ContextLoadResponseParser(
   35177     const Tpm::ContextLoadResponse& callback,
   35178     AuthorizationDelegate* authorization_delegate,
   35179     const std::string& response) {
   35180   VLOG(1) << __func__;
   35181   base::Callback<void(TPM_RC)> error_reporter =
   35182       base::Bind(ContextLoadErrorCallback, callback);
   35183   TPMI_DH_CONTEXT loaded_handle;
   35184   TPM_RC rc = Tpm::ParseResponse_ContextLoad(
   35185       response,
   35186       &loaded_handle,
   35187       authorization_delegate);
   35188   if (rc != TPM_RC_SUCCESS) {
   35189     error_reporter.Run(rc);
   35190     return;
   35191   }
   35192   callback.Run(
   35193       rc,
   35194       loaded_handle);
   35195 }
   35196 
   35197 void Tpm::ContextLoad(
   35198       const TPMS_CONTEXT& context,
   35199       AuthorizationDelegate* authorization_delegate,
   35200       const ContextLoadResponse& callback) {
   35201   VLOG(1) << __func__;
   35202   base::Callback<void(TPM_RC)> error_reporter =
   35203       base::Bind(ContextLoadErrorCallback, callback);
   35204   base::Callback<void(const std::string&)> parser =
   35205       base::Bind(ContextLoadResponseParser,
   35206                  callback,
   35207                  authorization_delegate);
   35208   std::string command;
   35209   TPM_RC rc = SerializeCommand_ContextLoad(
   35210       context,
   35211       &command,
   35212       authorization_delegate);
   35213   if (rc != TPM_RC_SUCCESS) {
   35214     error_reporter.Run(rc);
   35215     return;
   35216   }
   35217   transceiver_->SendCommand(command, parser);
   35218 }
   35219 
   35220 TPM_RC Tpm::ContextLoadSync(
   35221       const TPMS_CONTEXT& context,
   35222       TPMI_DH_CONTEXT* loaded_handle,
   35223       AuthorizationDelegate* authorization_delegate) {
   35224   VLOG(1) << __func__;
   35225   std::string command;
   35226   TPM_RC rc = SerializeCommand_ContextLoad(
   35227       context,
   35228       &command,
   35229       authorization_delegate);
   35230   if (rc != TPM_RC_SUCCESS) {
   35231     return rc;
   35232   }
   35233   std::string response = transceiver_->SendCommandAndWait(command);
   35234   rc = ParseResponse_ContextLoad(
   35235       response,
   35236       loaded_handle,
   35237       authorization_delegate);
   35238   return rc;
   35239 }
   35240 
   35241 TPM_RC Tpm::SerializeCommand_FlushContext(
   35242       const TPMI_DH_CONTEXT& flush_handle,
   35243       std::string* serialized_command,
   35244       AuthorizationDelegate* authorization_delegate) {
   35245   VLOG(3) << __func__;
   35246   TPM_RC rc = TPM_RC_SUCCESS;
   35247   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   35248   UINT32 command_size = 10;  // Header size.
   35249   std::string handle_section_bytes;
   35250   std::string parameter_section_bytes;
   35251   TPM_CC command_code = TPM_CC_FlushContext;
   35252   bool is_command_parameter_encryption_possible = false;
   35253   bool is_response_parameter_encryption_possible = false;
   35254   std::string command_code_bytes;
   35255   rc = Serialize_TPM_CC(
   35256       command_code,
   35257       &command_code_bytes);
   35258   if (rc != TPM_RC_SUCCESS) {
   35259     return rc;
   35260   }
   35261   std::string flush_handle_bytes;
   35262   rc = Serialize_TPMI_DH_CONTEXT(
   35263       flush_handle,
   35264       &flush_handle_bytes);
   35265   if (rc != TPM_RC_SUCCESS) {
   35266     return rc;
   35267   }
   35268   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   35269       crypto::SecureHash::SHA256));
   35270   hash->Update(command_code_bytes.data(),
   35271                command_code_bytes.size());
   35272   hash->Update(flush_handle_bytes.data(),
   35273                flush_handle_bytes.size());
   35274   parameter_section_bytes += flush_handle_bytes;
   35275   command_size += flush_handle_bytes.size();
   35276   std::string command_hash(32, 0);
   35277   hash->Finish(string_as_array(&command_hash), command_hash.size());
   35278   std::string authorization_section_bytes;
   35279   std::string authorization_size_bytes;
   35280   if (authorization_delegate) {
   35281     if (!authorization_delegate->GetCommandAuthorization(
   35282         command_hash,
   35283         is_command_parameter_encryption_possible,
   35284         is_response_parameter_encryption_possible,
   35285         &authorization_section_bytes)) {
   35286       return TRUNKS_RC_AUTHORIZATION_FAILED;
   35287     }
   35288     if (!authorization_section_bytes.empty()) {
   35289       tag = TPM_ST_SESSIONS;
   35290       std::string tmp;
   35291       rc = Serialize_UINT32(authorization_section_bytes.size(),
   35292                             &authorization_size_bytes);
   35293       if (rc != TPM_RC_SUCCESS) {
   35294         return rc;
   35295       }
   35296       command_size += authorization_size_bytes.size() +
   35297                       authorization_section_bytes.size();
   35298     }
   35299   }
   35300   std::string tag_bytes;
   35301   rc = Serialize_TPMI_ST_COMMAND_TAG(
   35302       tag,
   35303       &tag_bytes);
   35304   if (rc != TPM_RC_SUCCESS) {
   35305     return rc;
   35306   }
   35307   std::string command_size_bytes;
   35308   rc = Serialize_UINT32(
   35309       command_size,
   35310       &command_size_bytes);
   35311   if (rc != TPM_RC_SUCCESS) {
   35312     return rc;
   35313   }
   35314   *serialized_command = tag_bytes +
   35315                         command_size_bytes +
   35316                         command_code_bytes +
   35317                         handle_section_bytes +
   35318                         authorization_size_bytes +
   35319                         authorization_section_bytes +
   35320                         parameter_section_bytes;
   35321   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   35322   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   35323                                             serialized_command->size());
   35324   return TPM_RC_SUCCESS;
   35325 }
   35326 
   35327 TPM_RC Tpm::ParseResponse_FlushContext(
   35328       const std::string& response,
   35329       AuthorizationDelegate* authorization_delegate) {
   35330   VLOG(3) << __func__;
   35331   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   35332   TPM_RC rc = TPM_RC_SUCCESS;
   35333   std::string buffer(response);
   35334   TPM_ST tag;
   35335   std::string tag_bytes;
   35336   rc = Parse_TPM_ST(
   35337       &buffer,
   35338       &tag,
   35339       &tag_bytes);
   35340   if (rc != TPM_RC_SUCCESS) {
   35341     return rc;
   35342   }
   35343   UINT32 response_size;
   35344   std::string response_size_bytes;
   35345   rc = Parse_UINT32(
   35346       &buffer,
   35347       &response_size,
   35348       &response_size_bytes);
   35349   if (rc != TPM_RC_SUCCESS) {
   35350     return rc;
   35351   }
   35352   TPM_RC response_code;
   35353   std::string response_code_bytes;
   35354   rc = Parse_TPM_RC(
   35355       &buffer,
   35356       &response_code,
   35357       &response_code_bytes);
   35358   if (rc != TPM_RC_SUCCESS) {
   35359     return rc;
   35360   }
   35361   if (response_size != response.size()) {
   35362     return TPM_RC_SIZE;
   35363   }
   35364   if (response_code != TPM_RC_SUCCESS) {
   35365     return response_code;
   35366   }
   35367   TPM_CC command_code = TPM_CC_FlushContext;
   35368   std::string command_code_bytes;
   35369   rc = Serialize_TPM_CC(
   35370       command_code,
   35371       &command_code_bytes);
   35372   if (rc != TPM_RC_SUCCESS) {
   35373     return rc;
   35374   }
   35375   std::string authorization_section_bytes;
   35376   if (tag == TPM_ST_SESSIONS) {
   35377     UINT32 parameter_section_size = buffer.size();
   35378     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   35379     if (rc != TPM_RC_SUCCESS) {
   35380       return rc;
   35381     }
   35382     if (parameter_section_size > buffer.size()) {
   35383       return TPM_RC_INSUFFICIENT;
   35384     }
   35385     authorization_section_bytes = buffer.substr(parameter_section_size);
   35386     // Keep the parameter section in |buffer|.
   35387     buffer.erase(parameter_section_size);
   35388   }
   35389   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   35390       crypto::SecureHash::SHA256));
   35391   hash->Update(response_code_bytes.data(),
   35392                response_code_bytes.size());
   35393   hash->Update(command_code_bytes.data(),
   35394                command_code_bytes.size());
   35395   hash->Update(buffer.data(),
   35396                buffer.size());
   35397   std::string response_hash(32, 0);
   35398   hash->Finish(string_as_array(&response_hash), response_hash.size());
   35399   if (tag == TPM_ST_SESSIONS) {
   35400     CHECK(authorization_delegate) << "Authorization delegate missing!";
   35401     if (!authorization_delegate->CheckResponseAuthorization(
   35402         response_hash,
   35403         authorization_section_bytes)) {
   35404       return TRUNKS_RC_AUTHORIZATION_FAILED;
   35405     }
   35406   }
   35407   return TPM_RC_SUCCESS;
   35408 }
   35409 
   35410 void FlushContextErrorCallback(
   35411     const Tpm::FlushContextResponse& callback,
   35412     TPM_RC response_code) {
   35413   VLOG(1) << __func__;
   35414   callback.Run(response_code);
   35415 }
   35416 
   35417 void FlushContextResponseParser(
   35418     const Tpm::FlushContextResponse& callback,
   35419     AuthorizationDelegate* authorization_delegate,
   35420     const std::string& response) {
   35421   VLOG(1) << __func__;
   35422   base::Callback<void(TPM_RC)> error_reporter =
   35423       base::Bind(FlushContextErrorCallback, callback);
   35424   TPM_RC rc = Tpm::ParseResponse_FlushContext(
   35425       response,
   35426       authorization_delegate);
   35427   if (rc != TPM_RC_SUCCESS) {
   35428     error_reporter.Run(rc);
   35429     return;
   35430   }
   35431   callback.Run(
   35432       rc);
   35433 }
   35434 
   35435 void Tpm::FlushContext(
   35436       const TPMI_DH_CONTEXT& flush_handle,
   35437       AuthorizationDelegate* authorization_delegate,
   35438       const FlushContextResponse& callback) {
   35439   VLOG(1) << __func__;
   35440   base::Callback<void(TPM_RC)> error_reporter =
   35441       base::Bind(FlushContextErrorCallback, callback);
   35442   base::Callback<void(const std::string&)> parser =
   35443       base::Bind(FlushContextResponseParser,
   35444                  callback,
   35445                  authorization_delegate);
   35446   std::string command;
   35447   TPM_RC rc = SerializeCommand_FlushContext(
   35448       flush_handle,
   35449       &command,
   35450       authorization_delegate);
   35451   if (rc != TPM_RC_SUCCESS) {
   35452     error_reporter.Run(rc);
   35453     return;
   35454   }
   35455   transceiver_->SendCommand(command, parser);
   35456 }
   35457 
   35458 TPM_RC Tpm::FlushContextSync(
   35459       const TPMI_DH_CONTEXT& flush_handle,
   35460       AuthorizationDelegate* authorization_delegate) {
   35461   VLOG(1) << __func__;
   35462   std::string command;
   35463   TPM_RC rc = SerializeCommand_FlushContext(
   35464       flush_handle,
   35465       &command,
   35466       authorization_delegate);
   35467   if (rc != TPM_RC_SUCCESS) {
   35468     return rc;
   35469   }
   35470   std::string response = transceiver_->SendCommandAndWait(command);
   35471   rc = ParseResponse_FlushContext(
   35472       response,
   35473       authorization_delegate);
   35474   return rc;
   35475 }
   35476 
   35477 TPM_RC Tpm::SerializeCommand_EvictControl(
   35478       const TPMI_RH_PROVISION& auth,
   35479       const std::string& auth_name,
   35480       const TPMI_DH_OBJECT& object_handle,
   35481       const std::string& object_handle_name,
   35482       const TPMI_DH_PERSISTENT& persistent_handle,
   35483       std::string* serialized_command,
   35484       AuthorizationDelegate* authorization_delegate) {
   35485   VLOG(3) << __func__;
   35486   TPM_RC rc = TPM_RC_SUCCESS;
   35487   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   35488   UINT32 command_size = 10;  // Header size.
   35489   std::string handle_section_bytes;
   35490   std::string parameter_section_bytes;
   35491   TPM_CC command_code = TPM_CC_EvictControl;
   35492   bool is_command_parameter_encryption_possible = false;
   35493   bool is_response_parameter_encryption_possible = false;
   35494   std::string command_code_bytes;
   35495   rc = Serialize_TPM_CC(
   35496       command_code,
   35497       &command_code_bytes);
   35498   if (rc != TPM_RC_SUCCESS) {
   35499     return rc;
   35500   }
   35501   std::string auth_bytes;
   35502   rc = Serialize_TPMI_RH_PROVISION(
   35503       auth,
   35504       &auth_bytes);
   35505   if (rc != TPM_RC_SUCCESS) {
   35506     return rc;
   35507   }
   35508   std::string object_handle_bytes;
   35509   rc = Serialize_TPMI_DH_OBJECT(
   35510       object_handle,
   35511       &object_handle_bytes);
   35512   if (rc != TPM_RC_SUCCESS) {
   35513     return rc;
   35514   }
   35515   std::string persistent_handle_bytes;
   35516   rc = Serialize_TPMI_DH_PERSISTENT(
   35517       persistent_handle,
   35518       &persistent_handle_bytes);
   35519   if (rc != TPM_RC_SUCCESS) {
   35520     return rc;
   35521   }
   35522   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   35523       crypto::SecureHash::SHA256));
   35524   hash->Update(command_code_bytes.data(),
   35525                command_code_bytes.size());
   35526   hash->Update(auth_name.data(),
   35527                auth_name.size());
   35528   handle_section_bytes += auth_bytes;
   35529   command_size += auth_bytes.size();
   35530   hash->Update(object_handle_name.data(),
   35531                object_handle_name.size());
   35532   handle_section_bytes += object_handle_bytes;
   35533   command_size += object_handle_bytes.size();
   35534   hash->Update(persistent_handle_bytes.data(),
   35535                persistent_handle_bytes.size());
   35536   parameter_section_bytes += persistent_handle_bytes;
   35537   command_size += persistent_handle_bytes.size();
   35538   std::string command_hash(32, 0);
   35539   hash->Finish(string_as_array(&command_hash), command_hash.size());
   35540   std::string authorization_section_bytes;
   35541   std::string authorization_size_bytes;
   35542   if (authorization_delegate) {
   35543     if (!authorization_delegate->GetCommandAuthorization(
   35544         command_hash,
   35545         is_command_parameter_encryption_possible,
   35546         is_response_parameter_encryption_possible,
   35547         &authorization_section_bytes)) {
   35548       return TRUNKS_RC_AUTHORIZATION_FAILED;
   35549     }
   35550     if (!authorization_section_bytes.empty()) {
   35551       tag = TPM_ST_SESSIONS;
   35552       std::string tmp;
   35553       rc = Serialize_UINT32(authorization_section_bytes.size(),
   35554                             &authorization_size_bytes);
   35555       if (rc != TPM_RC_SUCCESS) {
   35556         return rc;
   35557       }
   35558       command_size += authorization_size_bytes.size() +
   35559                       authorization_section_bytes.size();
   35560     }
   35561   }
   35562   std::string tag_bytes;
   35563   rc = Serialize_TPMI_ST_COMMAND_TAG(
   35564       tag,
   35565       &tag_bytes);
   35566   if (rc != TPM_RC_SUCCESS) {
   35567     return rc;
   35568   }
   35569   std::string command_size_bytes;
   35570   rc = Serialize_UINT32(
   35571       command_size,
   35572       &command_size_bytes);
   35573   if (rc != TPM_RC_SUCCESS) {
   35574     return rc;
   35575   }
   35576   *serialized_command = tag_bytes +
   35577                         command_size_bytes +
   35578                         command_code_bytes +
   35579                         handle_section_bytes +
   35580                         authorization_size_bytes +
   35581                         authorization_section_bytes +
   35582                         parameter_section_bytes;
   35583   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   35584   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   35585                                             serialized_command->size());
   35586   return TPM_RC_SUCCESS;
   35587 }
   35588 
   35589 TPM_RC Tpm::ParseResponse_EvictControl(
   35590       const std::string& response,
   35591       AuthorizationDelegate* authorization_delegate) {
   35592   VLOG(3) << __func__;
   35593   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   35594   TPM_RC rc = TPM_RC_SUCCESS;
   35595   std::string buffer(response);
   35596   TPM_ST tag;
   35597   std::string tag_bytes;
   35598   rc = Parse_TPM_ST(
   35599       &buffer,
   35600       &tag,
   35601       &tag_bytes);
   35602   if (rc != TPM_RC_SUCCESS) {
   35603     return rc;
   35604   }
   35605   UINT32 response_size;
   35606   std::string response_size_bytes;
   35607   rc = Parse_UINT32(
   35608       &buffer,
   35609       &response_size,
   35610       &response_size_bytes);
   35611   if (rc != TPM_RC_SUCCESS) {
   35612     return rc;
   35613   }
   35614   TPM_RC response_code;
   35615   std::string response_code_bytes;
   35616   rc = Parse_TPM_RC(
   35617       &buffer,
   35618       &response_code,
   35619       &response_code_bytes);
   35620   if (rc != TPM_RC_SUCCESS) {
   35621     return rc;
   35622   }
   35623   if (response_size != response.size()) {
   35624     return TPM_RC_SIZE;
   35625   }
   35626   if (response_code != TPM_RC_SUCCESS) {
   35627     return response_code;
   35628   }
   35629   TPM_CC command_code = TPM_CC_EvictControl;
   35630   std::string command_code_bytes;
   35631   rc = Serialize_TPM_CC(
   35632       command_code,
   35633       &command_code_bytes);
   35634   if (rc != TPM_RC_SUCCESS) {
   35635     return rc;
   35636   }
   35637   std::string authorization_section_bytes;
   35638   if (tag == TPM_ST_SESSIONS) {
   35639     UINT32 parameter_section_size = buffer.size();
   35640     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   35641     if (rc != TPM_RC_SUCCESS) {
   35642       return rc;
   35643     }
   35644     if (parameter_section_size > buffer.size()) {
   35645       return TPM_RC_INSUFFICIENT;
   35646     }
   35647     authorization_section_bytes = buffer.substr(parameter_section_size);
   35648     // Keep the parameter section in |buffer|.
   35649     buffer.erase(parameter_section_size);
   35650   }
   35651   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   35652       crypto::SecureHash::SHA256));
   35653   hash->Update(response_code_bytes.data(),
   35654                response_code_bytes.size());
   35655   hash->Update(command_code_bytes.data(),
   35656                command_code_bytes.size());
   35657   hash->Update(buffer.data(),
   35658                buffer.size());
   35659   std::string response_hash(32, 0);
   35660   hash->Finish(string_as_array(&response_hash), response_hash.size());
   35661   if (tag == TPM_ST_SESSIONS) {
   35662     CHECK(authorization_delegate) << "Authorization delegate missing!";
   35663     if (!authorization_delegate->CheckResponseAuthorization(
   35664         response_hash,
   35665         authorization_section_bytes)) {
   35666       return TRUNKS_RC_AUTHORIZATION_FAILED;
   35667     }
   35668   }
   35669   return TPM_RC_SUCCESS;
   35670 }
   35671 
   35672 void EvictControlErrorCallback(
   35673     const Tpm::EvictControlResponse& callback,
   35674     TPM_RC response_code) {
   35675   VLOG(1) << __func__;
   35676   callback.Run(response_code);
   35677 }
   35678 
   35679 void EvictControlResponseParser(
   35680     const Tpm::EvictControlResponse& callback,
   35681     AuthorizationDelegate* authorization_delegate,
   35682     const std::string& response) {
   35683   VLOG(1) << __func__;
   35684   base::Callback<void(TPM_RC)> error_reporter =
   35685       base::Bind(EvictControlErrorCallback, callback);
   35686   TPM_RC rc = Tpm::ParseResponse_EvictControl(
   35687       response,
   35688       authorization_delegate);
   35689   if (rc != TPM_RC_SUCCESS) {
   35690     error_reporter.Run(rc);
   35691     return;
   35692   }
   35693   callback.Run(
   35694       rc);
   35695 }
   35696 
   35697 void Tpm::EvictControl(
   35698       const TPMI_RH_PROVISION& auth,
   35699       const std::string& auth_name,
   35700       const TPMI_DH_OBJECT& object_handle,
   35701       const std::string& object_handle_name,
   35702       const TPMI_DH_PERSISTENT& persistent_handle,
   35703       AuthorizationDelegate* authorization_delegate,
   35704       const EvictControlResponse& callback) {
   35705   VLOG(1) << __func__;
   35706   base::Callback<void(TPM_RC)> error_reporter =
   35707       base::Bind(EvictControlErrorCallback, callback);
   35708   base::Callback<void(const std::string&)> parser =
   35709       base::Bind(EvictControlResponseParser,
   35710                  callback,
   35711                  authorization_delegate);
   35712   std::string command;
   35713   TPM_RC rc = SerializeCommand_EvictControl(
   35714       auth,
   35715       auth_name,
   35716       object_handle,
   35717       object_handle_name,
   35718       persistent_handle,
   35719       &command,
   35720       authorization_delegate);
   35721   if (rc != TPM_RC_SUCCESS) {
   35722     error_reporter.Run(rc);
   35723     return;
   35724   }
   35725   transceiver_->SendCommand(command, parser);
   35726 }
   35727 
   35728 TPM_RC Tpm::EvictControlSync(
   35729       const TPMI_RH_PROVISION& auth,
   35730       const std::string& auth_name,
   35731       const TPMI_DH_OBJECT& object_handle,
   35732       const std::string& object_handle_name,
   35733       const TPMI_DH_PERSISTENT& persistent_handle,
   35734       AuthorizationDelegate* authorization_delegate) {
   35735   VLOG(1) << __func__;
   35736   std::string command;
   35737   TPM_RC rc = SerializeCommand_EvictControl(
   35738       auth,
   35739       auth_name,
   35740       object_handle,
   35741       object_handle_name,
   35742       persistent_handle,
   35743       &command,
   35744       authorization_delegate);
   35745   if (rc != TPM_RC_SUCCESS) {
   35746     return rc;
   35747   }
   35748   std::string response = transceiver_->SendCommandAndWait(command);
   35749   rc = ParseResponse_EvictControl(
   35750       response,
   35751       authorization_delegate);
   35752   return rc;
   35753 }
   35754 
   35755 TPM_RC Tpm::SerializeCommand_ReadClock(
   35756       std::string* serialized_command,
   35757       AuthorizationDelegate* authorization_delegate) {
   35758   VLOG(3) << __func__;
   35759   TPM_RC rc = TPM_RC_SUCCESS;
   35760   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   35761   UINT32 command_size = 10;  // Header size.
   35762   std::string handle_section_bytes;
   35763   std::string parameter_section_bytes;
   35764   TPM_CC command_code = TPM_CC_ReadClock;
   35765   bool is_command_parameter_encryption_possible = false;
   35766   bool is_response_parameter_encryption_possible = false;
   35767   std::string command_code_bytes;
   35768   rc = Serialize_TPM_CC(
   35769       command_code,
   35770       &command_code_bytes);
   35771   if (rc != TPM_RC_SUCCESS) {
   35772     return rc;
   35773   }
   35774   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   35775       crypto::SecureHash::SHA256));
   35776   hash->Update(command_code_bytes.data(),
   35777                command_code_bytes.size());
   35778   std::string command_hash(32, 0);
   35779   hash->Finish(string_as_array(&command_hash), command_hash.size());
   35780   std::string authorization_section_bytes;
   35781   std::string authorization_size_bytes;
   35782   if (authorization_delegate) {
   35783     if (!authorization_delegate->GetCommandAuthorization(
   35784         command_hash,
   35785         is_command_parameter_encryption_possible,
   35786         is_response_parameter_encryption_possible,
   35787         &authorization_section_bytes)) {
   35788       return TRUNKS_RC_AUTHORIZATION_FAILED;
   35789     }
   35790     if (!authorization_section_bytes.empty()) {
   35791       tag = TPM_ST_SESSIONS;
   35792       std::string tmp;
   35793       rc = Serialize_UINT32(authorization_section_bytes.size(),
   35794                             &authorization_size_bytes);
   35795       if (rc != TPM_RC_SUCCESS) {
   35796         return rc;
   35797       }
   35798       command_size += authorization_size_bytes.size() +
   35799                       authorization_section_bytes.size();
   35800     }
   35801   }
   35802   std::string tag_bytes;
   35803   rc = Serialize_TPMI_ST_COMMAND_TAG(
   35804       tag,
   35805       &tag_bytes);
   35806   if (rc != TPM_RC_SUCCESS) {
   35807     return rc;
   35808   }
   35809   std::string command_size_bytes;
   35810   rc = Serialize_UINT32(
   35811       command_size,
   35812       &command_size_bytes);
   35813   if (rc != TPM_RC_SUCCESS) {
   35814     return rc;
   35815   }
   35816   *serialized_command = tag_bytes +
   35817                         command_size_bytes +
   35818                         command_code_bytes +
   35819                         handle_section_bytes +
   35820                         authorization_size_bytes +
   35821                         authorization_section_bytes +
   35822                         parameter_section_bytes;
   35823   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   35824   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   35825                                             serialized_command->size());
   35826   return TPM_RC_SUCCESS;
   35827 }
   35828 
   35829 TPM_RC Tpm::ParseResponse_ReadClock(
   35830       const std::string& response,
   35831       TPMS_TIME_INFO* current_time,
   35832       AuthorizationDelegate* authorization_delegate) {
   35833   VLOG(3) << __func__;
   35834   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   35835   TPM_RC rc = TPM_RC_SUCCESS;
   35836   std::string buffer(response);
   35837   TPM_ST tag;
   35838   std::string tag_bytes;
   35839   rc = Parse_TPM_ST(
   35840       &buffer,
   35841       &tag,
   35842       &tag_bytes);
   35843   if (rc != TPM_RC_SUCCESS) {
   35844     return rc;
   35845   }
   35846   UINT32 response_size;
   35847   std::string response_size_bytes;
   35848   rc = Parse_UINT32(
   35849       &buffer,
   35850       &response_size,
   35851       &response_size_bytes);
   35852   if (rc != TPM_RC_SUCCESS) {
   35853     return rc;
   35854   }
   35855   TPM_RC response_code;
   35856   std::string response_code_bytes;
   35857   rc = Parse_TPM_RC(
   35858       &buffer,
   35859       &response_code,
   35860       &response_code_bytes);
   35861   if (rc != TPM_RC_SUCCESS) {
   35862     return rc;
   35863   }
   35864   if (response_size != response.size()) {
   35865     return TPM_RC_SIZE;
   35866   }
   35867   if (response_code != TPM_RC_SUCCESS) {
   35868     return response_code;
   35869   }
   35870   TPM_CC command_code = TPM_CC_ReadClock;
   35871   std::string command_code_bytes;
   35872   rc = Serialize_TPM_CC(
   35873       command_code,
   35874       &command_code_bytes);
   35875   if (rc != TPM_RC_SUCCESS) {
   35876     return rc;
   35877   }
   35878   std::string authorization_section_bytes;
   35879   if (tag == TPM_ST_SESSIONS) {
   35880     UINT32 parameter_section_size = buffer.size();
   35881     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   35882     if (rc != TPM_RC_SUCCESS) {
   35883       return rc;
   35884     }
   35885     if (parameter_section_size > buffer.size()) {
   35886       return TPM_RC_INSUFFICIENT;
   35887     }
   35888     authorization_section_bytes = buffer.substr(parameter_section_size);
   35889     // Keep the parameter section in |buffer|.
   35890     buffer.erase(parameter_section_size);
   35891   }
   35892   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   35893       crypto::SecureHash::SHA256));
   35894   hash->Update(response_code_bytes.data(),
   35895                response_code_bytes.size());
   35896   hash->Update(command_code_bytes.data(),
   35897                command_code_bytes.size());
   35898   hash->Update(buffer.data(),
   35899                buffer.size());
   35900   std::string response_hash(32, 0);
   35901   hash->Finish(string_as_array(&response_hash), response_hash.size());
   35902   if (tag == TPM_ST_SESSIONS) {
   35903     CHECK(authorization_delegate) << "Authorization delegate missing!";
   35904     if (!authorization_delegate->CheckResponseAuthorization(
   35905         response_hash,
   35906         authorization_section_bytes)) {
   35907       return TRUNKS_RC_AUTHORIZATION_FAILED;
   35908     }
   35909   }
   35910   std::string current_time_bytes;
   35911   rc = Parse_TPMS_TIME_INFO(
   35912       &buffer,
   35913       current_time,
   35914       &current_time_bytes);
   35915   if (rc != TPM_RC_SUCCESS) {
   35916     return rc;
   35917   }
   35918   return TPM_RC_SUCCESS;
   35919 }
   35920 
   35921 void ReadClockErrorCallback(
   35922     const Tpm::ReadClockResponse& callback,
   35923     TPM_RC response_code) {
   35924   VLOG(1) << __func__;
   35925   callback.Run(response_code,
   35926                TPMS_TIME_INFO());
   35927 }
   35928 
   35929 void ReadClockResponseParser(
   35930     const Tpm::ReadClockResponse& callback,
   35931     AuthorizationDelegate* authorization_delegate,
   35932     const std::string& response) {
   35933   VLOG(1) << __func__;
   35934   base::Callback<void(TPM_RC)> error_reporter =
   35935       base::Bind(ReadClockErrorCallback, callback);
   35936   TPMS_TIME_INFO current_time;
   35937   TPM_RC rc = Tpm::ParseResponse_ReadClock(
   35938       response,
   35939       &current_time,
   35940       authorization_delegate);
   35941   if (rc != TPM_RC_SUCCESS) {
   35942     error_reporter.Run(rc);
   35943     return;
   35944   }
   35945   callback.Run(
   35946       rc,
   35947       current_time);
   35948 }
   35949 
   35950 void Tpm::ReadClock(
   35951       AuthorizationDelegate* authorization_delegate,
   35952       const ReadClockResponse& callback) {
   35953   VLOG(1) << __func__;
   35954   base::Callback<void(TPM_RC)> error_reporter =
   35955       base::Bind(ReadClockErrorCallback, callback);
   35956   base::Callback<void(const std::string&)> parser =
   35957       base::Bind(ReadClockResponseParser,
   35958                  callback,
   35959                  authorization_delegate);
   35960   std::string command;
   35961   TPM_RC rc = SerializeCommand_ReadClock(
   35962       &command,
   35963       authorization_delegate);
   35964   if (rc != TPM_RC_SUCCESS) {
   35965     error_reporter.Run(rc);
   35966     return;
   35967   }
   35968   transceiver_->SendCommand(command, parser);
   35969 }
   35970 
   35971 TPM_RC Tpm::ReadClockSync(
   35972       TPMS_TIME_INFO* current_time,
   35973       AuthorizationDelegate* authorization_delegate) {
   35974   VLOG(1) << __func__;
   35975   std::string command;
   35976   TPM_RC rc = SerializeCommand_ReadClock(
   35977       &command,
   35978       authorization_delegate);
   35979   if (rc != TPM_RC_SUCCESS) {
   35980     return rc;
   35981   }
   35982   std::string response = transceiver_->SendCommandAndWait(command);
   35983   rc = ParseResponse_ReadClock(
   35984       response,
   35985       current_time,
   35986       authorization_delegate);
   35987   return rc;
   35988 }
   35989 
   35990 TPM_RC Tpm::SerializeCommand_ClockSet(
   35991       const TPMI_RH_PROVISION& auth,
   35992       const std::string& auth_name,
   35993       const UINT64& new_time,
   35994       std::string* serialized_command,
   35995       AuthorizationDelegate* authorization_delegate) {
   35996   VLOG(3) << __func__;
   35997   TPM_RC rc = TPM_RC_SUCCESS;
   35998   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   35999   UINT32 command_size = 10;  // Header size.
   36000   std::string handle_section_bytes;
   36001   std::string parameter_section_bytes;
   36002   TPM_CC command_code = TPM_CC_ClockSet;
   36003   bool is_command_parameter_encryption_possible = false;
   36004   bool is_response_parameter_encryption_possible = false;
   36005   std::string command_code_bytes;
   36006   rc = Serialize_TPM_CC(
   36007       command_code,
   36008       &command_code_bytes);
   36009   if (rc != TPM_RC_SUCCESS) {
   36010     return rc;
   36011   }
   36012   std::string auth_bytes;
   36013   rc = Serialize_TPMI_RH_PROVISION(
   36014       auth,
   36015       &auth_bytes);
   36016   if (rc != TPM_RC_SUCCESS) {
   36017     return rc;
   36018   }
   36019   std::string new_time_bytes;
   36020   rc = Serialize_UINT64(
   36021       new_time,
   36022       &new_time_bytes);
   36023   if (rc != TPM_RC_SUCCESS) {
   36024     return rc;
   36025   }
   36026   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   36027       crypto::SecureHash::SHA256));
   36028   hash->Update(command_code_bytes.data(),
   36029                command_code_bytes.size());
   36030   hash->Update(auth_name.data(),
   36031                auth_name.size());
   36032   handle_section_bytes += auth_bytes;
   36033   command_size += auth_bytes.size();
   36034   hash->Update(new_time_bytes.data(),
   36035                new_time_bytes.size());
   36036   parameter_section_bytes += new_time_bytes;
   36037   command_size += new_time_bytes.size();
   36038   std::string command_hash(32, 0);
   36039   hash->Finish(string_as_array(&command_hash), command_hash.size());
   36040   std::string authorization_section_bytes;
   36041   std::string authorization_size_bytes;
   36042   if (authorization_delegate) {
   36043     if (!authorization_delegate->GetCommandAuthorization(
   36044         command_hash,
   36045         is_command_parameter_encryption_possible,
   36046         is_response_parameter_encryption_possible,
   36047         &authorization_section_bytes)) {
   36048       return TRUNKS_RC_AUTHORIZATION_FAILED;
   36049     }
   36050     if (!authorization_section_bytes.empty()) {
   36051       tag = TPM_ST_SESSIONS;
   36052       std::string tmp;
   36053       rc = Serialize_UINT32(authorization_section_bytes.size(),
   36054                             &authorization_size_bytes);
   36055       if (rc != TPM_RC_SUCCESS) {
   36056         return rc;
   36057       }
   36058       command_size += authorization_size_bytes.size() +
   36059                       authorization_section_bytes.size();
   36060     }
   36061   }
   36062   std::string tag_bytes;
   36063   rc = Serialize_TPMI_ST_COMMAND_TAG(
   36064       tag,
   36065       &tag_bytes);
   36066   if (rc != TPM_RC_SUCCESS) {
   36067     return rc;
   36068   }
   36069   std::string command_size_bytes;
   36070   rc = Serialize_UINT32(
   36071       command_size,
   36072       &command_size_bytes);
   36073   if (rc != TPM_RC_SUCCESS) {
   36074     return rc;
   36075   }
   36076   *serialized_command = tag_bytes +
   36077                         command_size_bytes +
   36078                         command_code_bytes +
   36079                         handle_section_bytes +
   36080                         authorization_size_bytes +
   36081                         authorization_section_bytes +
   36082                         parameter_section_bytes;
   36083   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   36084   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   36085                                             serialized_command->size());
   36086   return TPM_RC_SUCCESS;
   36087 }
   36088 
   36089 TPM_RC Tpm::ParseResponse_ClockSet(
   36090       const std::string& response,
   36091       AuthorizationDelegate* authorization_delegate) {
   36092   VLOG(3) << __func__;
   36093   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   36094   TPM_RC rc = TPM_RC_SUCCESS;
   36095   std::string buffer(response);
   36096   TPM_ST tag;
   36097   std::string tag_bytes;
   36098   rc = Parse_TPM_ST(
   36099       &buffer,
   36100       &tag,
   36101       &tag_bytes);
   36102   if (rc != TPM_RC_SUCCESS) {
   36103     return rc;
   36104   }
   36105   UINT32 response_size;
   36106   std::string response_size_bytes;
   36107   rc = Parse_UINT32(
   36108       &buffer,
   36109       &response_size,
   36110       &response_size_bytes);
   36111   if (rc != TPM_RC_SUCCESS) {
   36112     return rc;
   36113   }
   36114   TPM_RC response_code;
   36115   std::string response_code_bytes;
   36116   rc = Parse_TPM_RC(
   36117       &buffer,
   36118       &response_code,
   36119       &response_code_bytes);
   36120   if (rc != TPM_RC_SUCCESS) {
   36121     return rc;
   36122   }
   36123   if (response_size != response.size()) {
   36124     return TPM_RC_SIZE;
   36125   }
   36126   if (response_code != TPM_RC_SUCCESS) {
   36127     return response_code;
   36128   }
   36129   TPM_CC command_code = TPM_CC_ClockSet;
   36130   std::string command_code_bytes;
   36131   rc = Serialize_TPM_CC(
   36132       command_code,
   36133       &command_code_bytes);
   36134   if (rc != TPM_RC_SUCCESS) {
   36135     return rc;
   36136   }
   36137   std::string authorization_section_bytes;
   36138   if (tag == TPM_ST_SESSIONS) {
   36139     UINT32 parameter_section_size = buffer.size();
   36140     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   36141     if (rc != TPM_RC_SUCCESS) {
   36142       return rc;
   36143     }
   36144     if (parameter_section_size > buffer.size()) {
   36145       return TPM_RC_INSUFFICIENT;
   36146     }
   36147     authorization_section_bytes = buffer.substr(parameter_section_size);
   36148     // Keep the parameter section in |buffer|.
   36149     buffer.erase(parameter_section_size);
   36150   }
   36151   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   36152       crypto::SecureHash::SHA256));
   36153   hash->Update(response_code_bytes.data(),
   36154                response_code_bytes.size());
   36155   hash->Update(command_code_bytes.data(),
   36156                command_code_bytes.size());
   36157   hash->Update(buffer.data(),
   36158                buffer.size());
   36159   std::string response_hash(32, 0);
   36160   hash->Finish(string_as_array(&response_hash), response_hash.size());
   36161   if (tag == TPM_ST_SESSIONS) {
   36162     CHECK(authorization_delegate) << "Authorization delegate missing!";
   36163     if (!authorization_delegate->CheckResponseAuthorization(
   36164         response_hash,
   36165         authorization_section_bytes)) {
   36166       return TRUNKS_RC_AUTHORIZATION_FAILED;
   36167     }
   36168   }
   36169   return TPM_RC_SUCCESS;
   36170 }
   36171 
   36172 void ClockSetErrorCallback(
   36173     const Tpm::ClockSetResponse& callback,
   36174     TPM_RC response_code) {
   36175   VLOG(1) << __func__;
   36176   callback.Run(response_code);
   36177 }
   36178 
   36179 void ClockSetResponseParser(
   36180     const Tpm::ClockSetResponse& callback,
   36181     AuthorizationDelegate* authorization_delegate,
   36182     const std::string& response) {
   36183   VLOG(1) << __func__;
   36184   base::Callback<void(TPM_RC)> error_reporter =
   36185       base::Bind(ClockSetErrorCallback, callback);
   36186   TPM_RC rc = Tpm::ParseResponse_ClockSet(
   36187       response,
   36188       authorization_delegate);
   36189   if (rc != TPM_RC_SUCCESS) {
   36190     error_reporter.Run(rc);
   36191     return;
   36192   }
   36193   callback.Run(
   36194       rc);
   36195 }
   36196 
   36197 void Tpm::ClockSet(
   36198       const TPMI_RH_PROVISION& auth,
   36199       const std::string& auth_name,
   36200       const UINT64& new_time,
   36201       AuthorizationDelegate* authorization_delegate,
   36202       const ClockSetResponse& callback) {
   36203   VLOG(1) << __func__;
   36204   base::Callback<void(TPM_RC)> error_reporter =
   36205       base::Bind(ClockSetErrorCallback, callback);
   36206   base::Callback<void(const std::string&)> parser =
   36207       base::Bind(ClockSetResponseParser,
   36208                  callback,
   36209                  authorization_delegate);
   36210   std::string command;
   36211   TPM_RC rc = SerializeCommand_ClockSet(
   36212       auth,
   36213       auth_name,
   36214       new_time,
   36215       &command,
   36216       authorization_delegate);
   36217   if (rc != TPM_RC_SUCCESS) {
   36218     error_reporter.Run(rc);
   36219     return;
   36220   }
   36221   transceiver_->SendCommand(command, parser);
   36222 }
   36223 
   36224 TPM_RC Tpm::ClockSetSync(
   36225       const TPMI_RH_PROVISION& auth,
   36226       const std::string& auth_name,
   36227       const UINT64& new_time,
   36228       AuthorizationDelegate* authorization_delegate) {
   36229   VLOG(1) << __func__;
   36230   std::string command;
   36231   TPM_RC rc = SerializeCommand_ClockSet(
   36232       auth,
   36233       auth_name,
   36234       new_time,
   36235       &command,
   36236       authorization_delegate);
   36237   if (rc != TPM_RC_SUCCESS) {
   36238     return rc;
   36239   }
   36240   std::string response = transceiver_->SendCommandAndWait(command);
   36241   rc = ParseResponse_ClockSet(
   36242       response,
   36243       authorization_delegate);
   36244   return rc;
   36245 }
   36246 
   36247 TPM_RC Tpm::SerializeCommand_ClockRateAdjust(
   36248       const TPMI_RH_PROVISION& auth,
   36249       const std::string& auth_name,
   36250       const TPM_CLOCK_ADJUST& rate_adjust,
   36251       std::string* serialized_command,
   36252       AuthorizationDelegate* authorization_delegate) {
   36253   VLOG(3) << __func__;
   36254   TPM_RC rc = TPM_RC_SUCCESS;
   36255   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   36256   UINT32 command_size = 10;  // Header size.
   36257   std::string handle_section_bytes;
   36258   std::string parameter_section_bytes;
   36259   TPM_CC command_code = TPM_CC_ClockRateAdjust;
   36260   bool is_command_parameter_encryption_possible = false;
   36261   bool is_response_parameter_encryption_possible = false;
   36262   std::string command_code_bytes;
   36263   rc = Serialize_TPM_CC(
   36264       command_code,
   36265       &command_code_bytes);
   36266   if (rc != TPM_RC_SUCCESS) {
   36267     return rc;
   36268   }
   36269   std::string auth_bytes;
   36270   rc = Serialize_TPMI_RH_PROVISION(
   36271       auth,
   36272       &auth_bytes);
   36273   if (rc != TPM_RC_SUCCESS) {
   36274     return rc;
   36275   }
   36276   std::string rate_adjust_bytes;
   36277   rc = Serialize_TPM_CLOCK_ADJUST(
   36278       rate_adjust,
   36279       &rate_adjust_bytes);
   36280   if (rc != TPM_RC_SUCCESS) {
   36281     return rc;
   36282   }
   36283   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   36284       crypto::SecureHash::SHA256));
   36285   hash->Update(command_code_bytes.data(),
   36286                command_code_bytes.size());
   36287   hash->Update(auth_name.data(),
   36288                auth_name.size());
   36289   handle_section_bytes += auth_bytes;
   36290   command_size += auth_bytes.size();
   36291   hash->Update(rate_adjust_bytes.data(),
   36292                rate_adjust_bytes.size());
   36293   parameter_section_bytes += rate_adjust_bytes;
   36294   command_size += rate_adjust_bytes.size();
   36295   std::string command_hash(32, 0);
   36296   hash->Finish(string_as_array(&command_hash), command_hash.size());
   36297   std::string authorization_section_bytes;
   36298   std::string authorization_size_bytes;
   36299   if (authorization_delegate) {
   36300     if (!authorization_delegate->GetCommandAuthorization(
   36301         command_hash,
   36302         is_command_parameter_encryption_possible,
   36303         is_response_parameter_encryption_possible,
   36304         &authorization_section_bytes)) {
   36305       return TRUNKS_RC_AUTHORIZATION_FAILED;
   36306     }
   36307     if (!authorization_section_bytes.empty()) {
   36308       tag = TPM_ST_SESSIONS;
   36309       std::string tmp;
   36310       rc = Serialize_UINT32(authorization_section_bytes.size(),
   36311                             &authorization_size_bytes);
   36312       if (rc != TPM_RC_SUCCESS) {
   36313         return rc;
   36314       }
   36315       command_size += authorization_size_bytes.size() +
   36316                       authorization_section_bytes.size();
   36317     }
   36318   }
   36319   std::string tag_bytes;
   36320   rc = Serialize_TPMI_ST_COMMAND_TAG(
   36321       tag,
   36322       &tag_bytes);
   36323   if (rc != TPM_RC_SUCCESS) {
   36324     return rc;
   36325   }
   36326   std::string command_size_bytes;
   36327   rc = Serialize_UINT32(
   36328       command_size,
   36329       &command_size_bytes);
   36330   if (rc != TPM_RC_SUCCESS) {
   36331     return rc;
   36332   }
   36333   *serialized_command = tag_bytes +
   36334                         command_size_bytes +
   36335                         command_code_bytes +
   36336                         handle_section_bytes +
   36337                         authorization_size_bytes +
   36338                         authorization_section_bytes +
   36339                         parameter_section_bytes;
   36340   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   36341   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   36342                                             serialized_command->size());
   36343   return TPM_RC_SUCCESS;
   36344 }
   36345 
   36346 TPM_RC Tpm::ParseResponse_ClockRateAdjust(
   36347       const std::string& response,
   36348       AuthorizationDelegate* authorization_delegate) {
   36349   VLOG(3) << __func__;
   36350   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   36351   TPM_RC rc = TPM_RC_SUCCESS;
   36352   std::string buffer(response);
   36353   TPM_ST tag;
   36354   std::string tag_bytes;
   36355   rc = Parse_TPM_ST(
   36356       &buffer,
   36357       &tag,
   36358       &tag_bytes);
   36359   if (rc != TPM_RC_SUCCESS) {
   36360     return rc;
   36361   }
   36362   UINT32 response_size;
   36363   std::string response_size_bytes;
   36364   rc = Parse_UINT32(
   36365       &buffer,
   36366       &response_size,
   36367       &response_size_bytes);
   36368   if (rc != TPM_RC_SUCCESS) {
   36369     return rc;
   36370   }
   36371   TPM_RC response_code;
   36372   std::string response_code_bytes;
   36373   rc = Parse_TPM_RC(
   36374       &buffer,
   36375       &response_code,
   36376       &response_code_bytes);
   36377   if (rc != TPM_RC_SUCCESS) {
   36378     return rc;
   36379   }
   36380   if (response_size != response.size()) {
   36381     return TPM_RC_SIZE;
   36382   }
   36383   if (response_code != TPM_RC_SUCCESS) {
   36384     return response_code;
   36385   }
   36386   TPM_CC command_code = TPM_CC_ClockRateAdjust;
   36387   std::string command_code_bytes;
   36388   rc = Serialize_TPM_CC(
   36389       command_code,
   36390       &command_code_bytes);
   36391   if (rc != TPM_RC_SUCCESS) {
   36392     return rc;
   36393   }
   36394   std::string authorization_section_bytes;
   36395   if (tag == TPM_ST_SESSIONS) {
   36396     UINT32 parameter_section_size = buffer.size();
   36397     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   36398     if (rc != TPM_RC_SUCCESS) {
   36399       return rc;
   36400     }
   36401     if (parameter_section_size > buffer.size()) {
   36402       return TPM_RC_INSUFFICIENT;
   36403     }
   36404     authorization_section_bytes = buffer.substr(parameter_section_size);
   36405     // Keep the parameter section in |buffer|.
   36406     buffer.erase(parameter_section_size);
   36407   }
   36408   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   36409       crypto::SecureHash::SHA256));
   36410   hash->Update(response_code_bytes.data(),
   36411                response_code_bytes.size());
   36412   hash->Update(command_code_bytes.data(),
   36413                command_code_bytes.size());
   36414   hash->Update(buffer.data(),
   36415                buffer.size());
   36416   std::string response_hash(32, 0);
   36417   hash->Finish(string_as_array(&response_hash), response_hash.size());
   36418   if (tag == TPM_ST_SESSIONS) {
   36419     CHECK(authorization_delegate) << "Authorization delegate missing!";
   36420     if (!authorization_delegate->CheckResponseAuthorization(
   36421         response_hash,
   36422         authorization_section_bytes)) {
   36423       return TRUNKS_RC_AUTHORIZATION_FAILED;
   36424     }
   36425   }
   36426   return TPM_RC_SUCCESS;
   36427 }
   36428 
   36429 void ClockRateAdjustErrorCallback(
   36430     const Tpm::ClockRateAdjustResponse& callback,
   36431     TPM_RC response_code) {
   36432   VLOG(1) << __func__;
   36433   callback.Run(response_code);
   36434 }
   36435 
   36436 void ClockRateAdjustResponseParser(
   36437     const Tpm::ClockRateAdjustResponse& callback,
   36438     AuthorizationDelegate* authorization_delegate,
   36439     const std::string& response) {
   36440   VLOG(1) << __func__;
   36441   base::Callback<void(TPM_RC)> error_reporter =
   36442       base::Bind(ClockRateAdjustErrorCallback, callback);
   36443   TPM_RC rc = Tpm::ParseResponse_ClockRateAdjust(
   36444       response,
   36445       authorization_delegate);
   36446   if (rc != TPM_RC_SUCCESS) {
   36447     error_reporter.Run(rc);
   36448     return;
   36449   }
   36450   callback.Run(
   36451       rc);
   36452 }
   36453 
   36454 void Tpm::ClockRateAdjust(
   36455       const TPMI_RH_PROVISION& auth,
   36456       const std::string& auth_name,
   36457       const TPM_CLOCK_ADJUST& rate_adjust,
   36458       AuthorizationDelegate* authorization_delegate,
   36459       const ClockRateAdjustResponse& callback) {
   36460   VLOG(1) << __func__;
   36461   base::Callback<void(TPM_RC)> error_reporter =
   36462       base::Bind(ClockRateAdjustErrorCallback, callback);
   36463   base::Callback<void(const std::string&)> parser =
   36464       base::Bind(ClockRateAdjustResponseParser,
   36465                  callback,
   36466                  authorization_delegate);
   36467   std::string command;
   36468   TPM_RC rc = SerializeCommand_ClockRateAdjust(
   36469       auth,
   36470       auth_name,
   36471       rate_adjust,
   36472       &command,
   36473       authorization_delegate);
   36474   if (rc != TPM_RC_SUCCESS) {
   36475     error_reporter.Run(rc);
   36476     return;
   36477   }
   36478   transceiver_->SendCommand(command, parser);
   36479 }
   36480 
   36481 TPM_RC Tpm::ClockRateAdjustSync(
   36482       const TPMI_RH_PROVISION& auth,
   36483       const std::string& auth_name,
   36484       const TPM_CLOCK_ADJUST& rate_adjust,
   36485       AuthorizationDelegate* authorization_delegate) {
   36486   VLOG(1) << __func__;
   36487   std::string command;
   36488   TPM_RC rc = SerializeCommand_ClockRateAdjust(
   36489       auth,
   36490       auth_name,
   36491       rate_adjust,
   36492       &command,
   36493       authorization_delegate);
   36494   if (rc != TPM_RC_SUCCESS) {
   36495     return rc;
   36496   }
   36497   std::string response = transceiver_->SendCommandAndWait(command);
   36498   rc = ParseResponse_ClockRateAdjust(
   36499       response,
   36500       authorization_delegate);
   36501   return rc;
   36502 }
   36503 
   36504 TPM_RC Tpm::SerializeCommand_GetCapability(
   36505       const TPM_CAP& capability,
   36506       const UINT32& property,
   36507       const UINT32& property_count,
   36508       std::string* serialized_command,
   36509       AuthorizationDelegate* authorization_delegate) {
   36510   VLOG(3) << __func__;
   36511   TPM_RC rc = TPM_RC_SUCCESS;
   36512   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   36513   UINT32 command_size = 10;  // Header size.
   36514   std::string handle_section_bytes;
   36515   std::string parameter_section_bytes;
   36516   TPM_CC command_code = TPM_CC_GetCapability;
   36517   bool is_command_parameter_encryption_possible = false;
   36518   bool is_response_parameter_encryption_possible = false;
   36519   std::string command_code_bytes;
   36520   rc = Serialize_TPM_CC(
   36521       command_code,
   36522       &command_code_bytes);
   36523   if (rc != TPM_RC_SUCCESS) {
   36524     return rc;
   36525   }
   36526   std::string capability_bytes;
   36527   rc = Serialize_TPM_CAP(
   36528       capability,
   36529       &capability_bytes);
   36530   if (rc != TPM_RC_SUCCESS) {
   36531     return rc;
   36532   }
   36533   std::string property_bytes;
   36534   rc = Serialize_UINT32(
   36535       property,
   36536       &property_bytes);
   36537   if (rc != TPM_RC_SUCCESS) {
   36538     return rc;
   36539   }
   36540   std::string property_count_bytes;
   36541   rc = Serialize_UINT32(
   36542       property_count,
   36543       &property_count_bytes);
   36544   if (rc != TPM_RC_SUCCESS) {
   36545     return rc;
   36546   }
   36547   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   36548       crypto::SecureHash::SHA256));
   36549   hash->Update(command_code_bytes.data(),
   36550                command_code_bytes.size());
   36551   hash->Update(capability_bytes.data(),
   36552                capability_bytes.size());
   36553   parameter_section_bytes += capability_bytes;
   36554   command_size += capability_bytes.size();
   36555   hash->Update(property_bytes.data(),
   36556                property_bytes.size());
   36557   parameter_section_bytes += property_bytes;
   36558   command_size += property_bytes.size();
   36559   hash->Update(property_count_bytes.data(),
   36560                property_count_bytes.size());
   36561   parameter_section_bytes += property_count_bytes;
   36562   command_size += property_count_bytes.size();
   36563   std::string command_hash(32, 0);
   36564   hash->Finish(string_as_array(&command_hash), command_hash.size());
   36565   std::string authorization_section_bytes;
   36566   std::string authorization_size_bytes;
   36567   if (authorization_delegate) {
   36568     if (!authorization_delegate->GetCommandAuthorization(
   36569         command_hash,
   36570         is_command_parameter_encryption_possible,
   36571         is_response_parameter_encryption_possible,
   36572         &authorization_section_bytes)) {
   36573       return TRUNKS_RC_AUTHORIZATION_FAILED;
   36574     }
   36575     if (!authorization_section_bytes.empty()) {
   36576       tag = TPM_ST_SESSIONS;
   36577       std::string tmp;
   36578       rc = Serialize_UINT32(authorization_section_bytes.size(),
   36579                             &authorization_size_bytes);
   36580       if (rc != TPM_RC_SUCCESS) {
   36581         return rc;
   36582       }
   36583       command_size += authorization_size_bytes.size() +
   36584                       authorization_section_bytes.size();
   36585     }
   36586   }
   36587   std::string tag_bytes;
   36588   rc = Serialize_TPMI_ST_COMMAND_TAG(
   36589       tag,
   36590       &tag_bytes);
   36591   if (rc != TPM_RC_SUCCESS) {
   36592     return rc;
   36593   }
   36594   std::string command_size_bytes;
   36595   rc = Serialize_UINT32(
   36596       command_size,
   36597       &command_size_bytes);
   36598   if (rc != TPM_RC_SUCCESS) {
   36599     return rc;
   36600   }
   36601   *serialized_command = tag_bytes +
   36602                         command_size_bytes +
   36603                         command_code_bytes +
   36604                         handle_section_bytes +
   36605                         authorization_size_bytes +
   36606                         authorization_section_bytes +
   36607                         parameter_section_bytes;
   36608   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   36609   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   36610                                             serialized_command->size());
   36611   return TPM_RC_SUCCESS;
   36612 }
   36613 
   36614 TPM_RC Tpm::ParseResponse_GetCapability(
   36615       const std::string& response,
   36616       TPMI_YES_NO* more_data,
   36617       TPMS_CAPABILITY_DATA* capability_data,
   36618       AuthorizationDelegate* authorization_delegate) {
   36619   VLOG(3) << __func__;
   36620   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   36621   TPM_RC rc = TPM_RC_SUCCESS;
   36622   std::string buffer(response);
   36623   TPM_ST tag;
   36624   std::string tag_bytes;
   36625   rc = Parse_TPM_ST(
   36626       &buffer,
   36627       &tag,
   36628       &tag_bytes);
   36629   if (rc != TPM_RC_SUCCESS) {
   36630     return rc;
   36631   }
   36632   UINT32 response_size;
   36633   std::string response_size_bytes;
   36634   rc = Parse_UINT32(
   36635       &buffer,
   36636       &response_size,
   36637       &response_size_bytes);
   36638   if (rc != TPM_RC_SUCCESS) {
   36639     return rc;
   36640   }
   36641   TPM_RC response_code;
   36642   std::string response_code_bytes;
   36643   rc = Parse_TPM_RC(
   36644       &buffer,
   36645       &response_code,
   36646       &response_code_bytes);
   36647   if (rc != TPM_RC_SUCCESS) {
   36648     return rc;
   36649   }
   36650   if (response_size != response.size()) {
   36651     return TPM_RC_SIZE;
   36652   }
   36653   if (response_code != TPM_RC_SUCCESS) {
   36654     return response_code;
   36655   }
   36656   TPM_CC command_code = TPM_CC_GetCapability;
   36657   std::string command_code_bytes;
   36658   rc = Serialize_TPM_CC(
   36659       command_code,
   36660       &command_code_bytes);
   36661   if (rc != TPM_RC_SUCCESS) {
   36662     return rc;
   36663   }
   36664   std::string authorization_section_bytes;
   36665   if (tag == TPM_ST_SESSIONS) {
   36666     UINT32 parameter_section_size = buffer.size();
   36667     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   36668     if (rc != TPM_RC_SUCCESS) {
   36669       return rc;
   36670     }
   36671     if (parameter_section_size > buffer.size()) {
   36672       return TPM_RC_INSUFFICIENT;
   36673     }
   36674     authorization_section_bytes = buffer.substr(parameter_section_size);
   36675     // Keep the parameter section in |buffer|.
   36676     buffer.erase(parameter_section_size);
   36677   }
   36678   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   36679       crypto::SecureHash::SHA256));
   36680   hash->Update(response_code_bytes.data(),
   36681                response_code_bytes.size());
   36682   hash->Update(command_code_bytes.data(),
   36683                command_code_bytes.size());
   36684   hash->Update(buffer.data(),
   36685                buffer.size());
   36686   std::string response_hash(32, 0);
   36687   hash->Finish(string_as_array(&response_hash), response_hash.size());
   36688   if (tag == TPM_ST_SESSIONS) {
   36689     CHECK(authorization_delegate) << "Authorization delegate missing!";
   36690     if (!authorization_delegate->CheckResponseAuthorization(
   36691         response_hash,
   36692         authorization_section_bytes)) {
   36693       return TRUNKS_RC_AUTHORIZATION_FAILED;
   36694     }
   36695   }
   36696   std::string more_data_bytes;
   36697   rc = Parse_TPMI_YES_NO(
   36698       &buffer,
   36699       more_data,
   36700       &more_data_bytes);
   36701   if (rc != TPM_RC_SUCCESS) {
   36702     return rc;
   36703   }
   36704   std::string capability_data_bytes;
   36705   rc = Parse_TPMS_CAPABILITY_DATA(
   36706       &buffer,
   36707       capability_data,
   36708       &capability_data_bytes);
   36709   if (rc != TPM_RC_SUCCESS) {
   36710     return rc;
   36711   }
   36712   return TPM_RC_SUCCESS;
   36713 }
   36714 
   36715 void GetCapabilityErrorCallback(
   36716     const Tpm::GetCapabilityResponse& callback,
   36717     TPM_RC response_code) {
   36718   VLOG(1) << __func__;
   36719   callback.Run(response_code,
   36720                TPMI_YES_NO(),
   36721                TPMS_CAPABILITY_DATA());
   36722 }
   36723 
   36724 void GetCapabilityResponseParser(
   36725     const Tpm::GetCapabilityResponse& callback,
   36726     AuthorizationDelegate* authorization_delegate,
   36727     const std::string& response) {
   36728   VLOG(1) << __func__;
   36729   base::Callback<void(TPM_RC)> error_reporter =
   36730       base::Bind(GetCapabilityErrorCallback, callback);
   36731   TPMI_YES_NO more_data;
   36732   TPMS_CAPABILITY_DATA capability_data;
   36733   TPM_RC rc = Tpm::ParseResponse_GetCapability(
   36734       response,
   36735       &more_data,
   36736       &capability_data,
   36737       authorization_delegate);
   36738   if (rc != TPM_RC_SUCCESS) {
   36739     error_reporter.Run(rc);
   36740     return;
   36741   }
   36742   callback.Run(
   36743       rc,
   36744       more_data,
   36745       capability_data);
   36746 }
   36747 
   36748 void Tpm::GetCapability(
   36749       const TPM_CAP& capability,
   36750       const UINT32& property,
   36751       const UINT32& property_count,
   36752       AuthorizationDelegate* authorization_delegate,
   36753       const GetCapabilityResponse& callback) {
   36754   VLOG(1) << __func__;
   36755   base::Callback<void(TPM_RC)> error_reporter =
   36756       base::Bind(GetCapabilityErrorCallback, callback);
   36757   base::Callback<void(const std::string&)> parser =
   36758       base::Bind(GetCapabilityResponseParser,
   36759                  callback,
   36760                  authorization_delegate);
   36761   std::string command;
   36762   TPM_RC rc = SerializeCommand_GetCapability(
   36763       capability,
   36764       property,
   36765       property_count,
   36766       &command,
   36767       authorization_delegate);
   36768   if (rc != TPM_RC_SUCCESS) {
   36769     error_reporter.Run(rc);
   36770     return;
   36771   }
   36772   transceiver_->SendCommand(command, parser);
   36773 }
   36774 
   36775 TPM_RC Tpm::GetCapabilitySync(
   36776       const TPM_CAP& capability,
   36777       const UINT32& property,
   36778       const UINT32& property_count,
   36779       TPMI_YES_NO* more_data,
   36780       TPMS_CAPABILITY_DATA* capability_data,
   36781       AuthorizationDelegate* authorization_delegate) {
   36782   VLOG(1) << __func__;
   36783   std::string command;
   36784   TPM_RC rc = SerializeCommand_GetCapability(
   36785       capability,
   36786       property,
   36787       property_count,
   36788       &command,
   36789       authorization_delegate);
   36790   if (rc != TPM_RC_SUCCESS) {
   36791     return rc;
   36792   }
   36793   std::string response = transceiver_->SendCommandAndWait(command);
   36794   rc = ParseResponse_GetCapability(
   36795       response,
   36796       more_data,
   36797       capability_data,
   36798       authorization_delegate);
   36799   return rc;
   36800 }
   36801 
   36802 TPM_RC Tpm::SerializeCommand_TestParms(
   36803       const TPMT_PUBLIC_PARMS& parameters,
   36804       std::string* serialized_command,
   36805       AuthorizationDelegate* authorization_delegate) {
   36806   VLOG(3) << __func__;
   36807   TPM_RC rc = TPM_RC_SUCCESS;
   36808   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   36809   UINT32 command_size = 10;  // Header size.
   36810   std::string handle_section_bytes;
   36811   std::string parameter_section_bytes;
   36812   TPM_CC command_code = TPM_CC_TestParms;
   36813   bool is_command_parameter_encryption_possible = false;
   36814   bool is_response_parameter_encryption_possible = false;
   36815   std::string command_code_bytes;
   36816   rc = Serialize_TPM_CC(
   36817       command_code,
   36818       &command_code_bytes);
   36819   if (rc != TPM_RC_SUCCESS) {
   36820     return rc;
   36821   }
   36822   std::string parameters_bytes;
   36823   rc = Serialize_TPMT_PUBLIC_PARMS(
   36824       parameters,
   36825       &parameters_bytes);
   36826   if (rc != TPM_RC_SUCCESS) {
   36827     return rc;
   36828   }
   36829   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   36830       crypto::SecureHash::SHA256));
   36831   hash->Update(command_code_bytes.data(),
   36832                command_code_bytes.size());
   36833   hash->Update(parameters_bytes.data(),
   36834                parameters_bytes.size());
   36835   parameter_section_bytes += parameters_bytes;
   36836   command_size += parameters_bytes.size();
   36837   std::string command_hash(32, 0);
   36838   hash->Finish(string_as_array(&command_hash), command_hash.size());
   36839   std::string authorization_section_bytes;
   36840   std::string authorization_size_bytes;
   36841   if (authorization_delegate) {
   36842     if (!authorization_delegate->GetCommandAuthorization(
   36843         command_hash,
   36844         is_command_parameter_encryption_possible,
   36845         is_response_parameter_encryption_possible,
   36846         &authorization_section_bytes)) {
   36847       return TRUNKS_RC_AUTHORIZATION_FAILED;
   36848     }
   36849     if (!authorization_section_bytes.empty()) {
   36850       tag = TPM_ST_SESSIONS;
   36851       std::string tmp;
   36852       rc = Serialize_UINT32(authorization_section_bytes.size(),
   36853                             &authorization_size_bytes);
   36854       if (rc != TPM_RC_SUCCESS) {
   36855         return rc;
   36856       }
   36857       command_size += authorization_size_bytes.size() +
   36858                       authorization_section_bytes.size();
   36859     }
   36860   }
   36861   std::string tag_bytes;
   36862   rc = Serialize_TPMI_ST_COMMAND_TAG(
   36863       tag,
   36864       &tag_bytes);
   36865   if (rc != TPM_RC_SUCCESS) {
   36866     return rc;
   36867   }
   36868   std::string command_size_bytes;
   36869   rc = Serialize_UINT32(
   36870       command_size,
   36871       &command_size_bytes);
   36872   if (rc != TPM_RC_SUCCESS) {
   36873     return rc;
   36874   }
   36875   *serialized_command = tag_bytes +
   36876                         command_size_bytes +
   36877                         command_code_bytes +
   36878                         handle_section_bytes +
   36879                         authorization_size_bytes +
   36880                         authorization_section_bytes +
   36881                         parameter_section_bytes;
   36882   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   36883   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   36884                                             serialized_command->size());
   36885   return TPM_RC_SUCCESS;
   36886 }
   36887 
   36888 TPM_RC Tpm::ParseResponse_TestParms(
   36889       const std::string& response,
   36890       AuthorizationDelegate* authorization_delegate) {
   36891   VLOG(3) << __func__;
   36892   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   36893   TPM_RC rc = TPM_RC_SUCCESS;
   36894   std::string buffer(response);
   36895   TPM_ST tag;
   36896   std::string tag_bytes;
   36897   rc = Parse_TPM_ST(
   36898       &buffer,
   36899       &tag,
   36900       &tag_bytes);
   36901   if (rc != TPM_RC_SUCCESS) {
   36902     return rc;
   36903   }
   36904   UINT32 response_size;
   36905   std::string response_size_bytes;
   36906   rc = Parse_UINT32(
   36907       &buffer,
   36908       &response_size,
   36909       &response_size_bytes);
   36910   if (rc != TPM_RC_SUCCESS) {
   36911     return rc;
   36912   }
   36913   TPM_RC response_code;
   36914   std::string response_code_bytes;
   36915   rc = Parse_TPM_RC(
   36916       &buffer,
   36917       &response_code,
   36918       &response_code_bytes);
   36919   if (rc != TPM_RC_SUCCESS) {
   36920     return rc;
   36921   }
   36922   if (response_size != response.size()) {
   36923     return TPM_RC_SIZE;
   36924   }
   36925   if (response_code != TPM_RC_SUCCESS) {
   36926     return response_code;
   36927   }
   36928   TPM_CC command_code = TPM_CC_TestParms;
   36929   std::string command_code_bytes;
   36930   rc = Serialize_TPM_CC(
   36931       command_code,
   36932       &command_code_bytes);
   36933   if (rc != TPM_RC_SUCCESS) {
   36934     return rc;
   36935   }
   36936   std::string authorization_section_bytes;
   36937   if (tag == TPM_ST_SESSIONS) {
   36938     UINT32 parameter_section_size = buffer.size();
   36939     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   36940     if (rc != TPM_RC_SUCCESS) {
   36941       return rc;
   36942     }
   36943     if (parameter_section_size > buffer.size()) {
   36944       return TPM_RC_INSUFFICIENT;
   36945     }
   36946     authorization_section_bytes = buffer.substr(parameter_section_size);
   36947     // Keep the parameter section in |buffer|.
   36948     buffer.erase(parameter_section_size);
   36949   }
   36950   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   36951       crypto::SecureHash::SHA256));
   36952   hash->Update(response_code_bytes.data(),
   36953                response_code_bytes.size());
   36954   hash->Update(command_code_bytes.data(),
   36955                command_code_bytes.size());
   36956   hash->Update(buffer.data(),
   36957                buffer.size());
   36958   std::string response_hash(32, 0);
   36959   hash->Finish(string_as_array(&response_hash), response_hash.size());
   36960   if (tag == TPM_ST_SESSIONS) {
   36961     CHECK(authorization_delegate) << "Authorization delegate missing!";
   36962     if (!authorization_delegate->CheckResponseAuthorization(
   36963         response_hash,
   36964         authorization_section_bytes)) {
   36965       return TRUNKS_RC_AUTHORIZATION_FAILED;
   36966     }
   36967   }
   36968   return TPM_RC_SUCCESS;
   36969 }
   36970 
   36971 void TestParmsErrorCallback(
   36972     const Tpm::TestParmsResponse& callback,
   36973     TPM_RC response_code) {
   36974   VLOG(1) << __func__;
   36975   callback.Run(response_code);
   36976 }
   36977 
   36978 void TestParmsResponseParser(
   36979     const Tpm::TestParmsResponse& callback,
   36980     AuthorizationDelegate* authorization_delegate,
   36981     const std::string& response) {
   36982   VLOG(1) << __func__;
   36983   base::Callback<void(TPM_RC)> error_reporter =
   36984       base::Bind(TestParmsErrorCallback, callback);
   36985   TPM_RC rc = Tpm::ParseResponse_TestParms(
   36986       response,
   36987       authorization_delegate);
   36988   if (rc != TPM_RC_SUCCESS) {
   36989     error_reporter.Run(rc);
   36990     return;
   36991   }
   36992   callback.Run(
   36993       rc);
   36994 }
   36995 
   36996 void Tpm::TestParms(
   36997       const TPMT_PUBLIC_PARMS& parameters,
   36998       AuthorizationDelegate* authorization_delegate,
   36999       const TestParmsResponse& callback) {
   37000   VLOG(1) << __func__;
   37001   base::Callback<void(TPM_RC)> error_reporter =
   37002       base::Bind(TestParmsErrorCallback, callback);
   37003   base::Callback<void(const std::string&)> parser =
   37004       base::Bind(TestParmsResponseParser,
   37005                  callback,
   37006                  authorization_delegate);
   37007   std::string command;
   37008   TPM_RC rc = SerializeCommand_TestParms(
   37009       parameters,
   37010       &command,
   37011       authorization_delegate);
   37012   if (rc != TPM_RC_SUCCESS) {
   37013     error_reporter.Run(rc);
   37014     return;
   37015   }
   37016   transceiver_->SendCommand(command, parser);
   37017 }
   37018 
   37019 TPM_RC Tpm::TestParmsSync(
   37020       const TPMT_PUBLIC_PARMS& parameters,
   37021       AuthorizationDelegate* authorization_delegate) {
   37022   VLOG(1) << __func__;
   37023   std::string command;
   37024   TPM_RC rc = SerializeCommand_TestParms(
   37025       parameters,
   37026       &command,
   37027       authorization_delegate);
   37028   if (rc != TPM_RC_SUCCESS) {
   37029     return rc;
   37030   }
   37031   std::string response = transceiver_->SendCommandAndWait(command);
   37032   rc = ParseResponse_TestParms(
   37033       response,
   37034       authorization_delegate);
   37035   return rc;
   37036 }
   37037 
   37038 TPM_RC Tpm::SerializeCommand_NV_DefineSpace(
   37039       const TPMI_RH_PROVISION& auth_handle,
   37040       const std::string& auth_handle_name,
   37041       const TPM2B_AUTH& auth,
   37042       const TPM2B_NV_PUBLIC& public_info,
   37043       std::string* serialized_command,
   37044       AuthorizationDelegate* authorization_delegate) {
   37045   VLOG(3) << __func__;
   37046   TPM_RC rc = TPM_RC_SUCCESS;
   37047   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   37048   UINT32 command_size = 10;  // Header size.
   37049   std::string handle_section_bytes;
   37050   std::string parameter_section_bytes;
   37051   TPM_CC command_code = TPM_CC_NV_DefineSpace;
   37052   bool is_command_parameter_encryption_possible = true;
   37053   bool is_response_parameter_encryption_possible = false;
   37054   std::string command_code_bytes;
   37055   rc = Serialize_TPM_CC(
   37056       command_code,
   37057       &command_code_bytes);
   37058   if (rc != TPM_RC_SUCCESS) {
   37059     return rc;
   37060   }
   37061   std::string auth_handle_bytes;
   37062   rc = Serialize_TPMI_RH_PROVISION(
   37063       auth_handle,
   37064       &auth_handle_bytes);
   37065   if (rc != TPM_RC_SUCCESS) {
   37066     return rc;
   37067   }
   37068   std::string auth_bytes;
   37069   rc = Serialize_TPM2B_AUTH(
   37070       auth,
   37071       &auth_bytes);
   37072   if (rc != TPM_RC_SUCCESS) {
   37073     return rc;
   37074   }
   37075   std::string public_info_bytes;
   37076   rc = Serialize_TPM2B_NV_PUBLIC(
   37077       public_info,
   37078       &public_info_bytes);
   37079   if (rc != TPM_RC_SUCCESS) {
   37080     return rc;
   37081   }
   37082   if (authorization_delegate) {
   37083     // Encrypt just the parameter data, not the size.
   37084     std::string tmp = auth_bytes.substr(2);
   37085     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   37086       return TRUNKS_RC_ENCRYPTION_FAILED;
   37087     }
   37088     auth_bytes.replace(2, std::string::npos, tmp);
   37089   }
   37090   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   37091       crypto::SecureHash::SHA256));
   37092   hash->Update(command_code_bytes.data(),
   37093                command_code_bytes.size());
   37094   hash->Update(auth_handle_name.data(),
   37095                auth_handle_name.size());
   37096   handle_section_bytes += auth_handle_bytes;
   37097   command_size += auth_handle_bytes.size();
   37098   hash->Update(auth_bytes.data(),
   37099                auth_bytes.size());
   37100   parameter_section_bytes += auth_bytes;
   37101   command_size += auth_bytes.size();
   37102   hash->Update(public_info_bytes.data(),
   37103                public_info_bytes.size());
   37104   parameter_section_bytes += public_info_bytes;
   37105   command_size += public_info_bytes.size();
   37106   std::string command_hash(32, 0);
   37107   hash->Finish(string_as_array(&command_hash), command_hash.size());
   37108   std::string authorization_section_bytes;
   37109   std::string authorization_size_bytes;
   37110   if (authorization_delegate) {
   37111     if (!authorization_delegate->GetCommandAuthorization(
   37112         command_hash,
   37113         is_command_parameter_encryption_possible,
   37114         is_response_parameter_encryption_possible,
   37115         &authorization_section_bytes)) {
   37116       return TRUNKS_RC_AUTHORIZATION_FAILED;
   37117     }
   37118     if (!authorization_section_bytes.empty()) {
   37119       tag = TPM_ST_SESSIONS;
   37120       std::string tmp;
   37121       rc = Serialize_UINT32(authorization_section_bytes.size(),
   37122                             &authorization_size_bytes);
   37123       if (rc != TPM_RC_SUCCESS) {
   37124         return rc;
   37125       }
   37126       command_size += authorization_size_bytes.size() +
   37127                       authorization_section_bytes.size();
   37128     }
   37129   }
   37130   std::string tag_bytes;
   37131   rc = Serialize_TPMI_ST_COMMAND_TAG(
   37132       tag,
   37133       &tag_bytes);
   37134   if (rc != TPM_RC_SUCCESS) {
   37135     return rc;
   37136   }
   37137   std::string command_size_bytes;
   37138   rc = Serialize_UINT32(
   37139       command_size,
   37140       &command_size_bytes);
   37141   if (rc != TPM_RC_SUCCESS) {
   37142     return rc;
   37143   }
   37144   *serialized_command = tag_bytes +
   37145                         command_size_bytes +
   37146                         command_code_bytes +
   37147                         handle_section_bytes +
   37148                         authorization_size_bytes +
   37149                         authorization_section_bytes +
   37150                         parameter_section_bytes;
   37151   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   37152   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   37153                                             serialized_command->size());
   37154   return TPM_RC_SUCCESS;
   37155 }
   37156 
   37157 TPM_RC Tpm::ParseResponse_NV_DefineSpace(
   37158       const std::string& response,
   37159       AuthorizationDelegate* authorization_delegate) {
   37160   VLOG(3) << __func__;
   37161   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   37162   TPM_RC rc = TPM_RC_SUCCESS;
   37163   std::string buffer(response);
   37164   TPM_ST tag;
   37165   std::string tag_bytes;
   37166   rc = Parse_TPM_ST(
   37167       &buffer,
   37168       &tag,
   37169       &tag_bytes);
   37170   if (rc != TPM_RC_SUCCESS) {
   37171     return rc;
   37172   }
   37173   UINT32 response_size;
   37174   std::string response_size_bytes;
   37175   rc = Parse_UINT32(
   37176       &buffer,
   37177       &response_size,
   37178       &response_size_bytes);
   37179   if (rc != TPM_RC_SUCCESS) {
   37180     return rc;
   37181   }
   37182   TPM_RC response_code;
   37183   std::string response_code_bytes;
   37184   rc = Parse_TPM_RC(
   37185       &buffer,
   37186       &response_code,
   37187       &response_code_bytes);
   37188   if (rc != TPM_RC_SUCCESS) {
   37189     return rc;
   37190   }
   37191   if (response_size != response.size()) {
   37192     return TPM_RC_SIZE;
   37193   }
   37194   if (response_code != TPM_RC_SUCCESS) {
   37195     return response_code;
   37196   }
   37197   TPM_CC command_code = TPM_CC_NV_DefineSpace;
   37198   std::string command_code_bytes;
   37199   rc = Serialize_TPM_CC(
   37200       command_code,
   37201       &command_code_bytes);
   37202   if (rc != TPM_RC_SUCCESS) {
   37203     return rc;
   37204   }
   37205   std::string authorization_section_bytes;
   37206   if (tag == TPM_ST_SESSIONS) {
   37207     UINT32 parameter_section_size = buffer.size();
   37208     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   37209     if (rc != TPM_RC_SUCCESS) {
   37210       return rc;
   37211     }
   37212     if (parameter_section_size > buffer.size()) {
   37213       return TPM_RC_INSUFFICIENT;
   37214     }
   37215     authorization_section_bytes = buffer.substr(parameter_section_size);
   37216     // Keep the parameter section in |buffer|.
   37217     buffer.erase(parameter_section_size);
   37218   }
   37219   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   37220       crypto::SecureHash::SHA256));
   37221   hash->Update(response_code_bytes.data(),
   37222                response_code_bytes.size());
   37223   hash->Update(command_code_bytes.data(),
   37224                command_code_bytes.size());
   37225   hash->Update(buffer.data(),
   37226                buffer.size());
   37227   std::string response_hash(32, 0);
   37228   hash->Finish(string_as_array(&response_hash), response_hash.size());
   37229   if (tag == TPM_ST_SESSIONS) {
   37230     CHECK(authorization_delegate) << "Authorization delegate missing!";
   37231     if (!authorization_delegate->CheckResponseAuthorization(
   37232         response_hash,
   37233         authorization_section_bytes)) {
   37234       return TRUNKS_RC_AUTHORIZATION_FAILED;
   37235     }
   37236   }
   37237   return TPM_RC_SUCCESS;
   37238 }
   37239 
   37240 void NV_DefineSpaceErrorCallback(
   37241     const Tpm::NV_DefineSpaceResponse& callback,
   37242     TPM_RC response_code) {
   37243   VLOG(1) << __func__;
   37244   callback.Run(response_code);
   37245 }
   37246 
   37247 void NV_DefineSpaceResponseParser(
   37248     const Tpm::NV_DefineSpaceResponse& callback,
   37249     AuthorizationDelegate* authorization_delegate,
   37250     const std::string& response) {
   37251   VLOG(1) << __func__;
   37252   base::Callback<void(TPM_RC)> error_reporter =
   37253       base::Bind(NV_DefineSpaceErrorCallback, callback);
   37254   TPM_RC rc = Tpm::ParseResponse_NV_DefineSpace(
   37255       response,
   37256       authorization_delegate);
   37257   if (rc != TPM_RC_SUCCESS) {
   37258     error_reporter.Run(rc);
   37259     return;
   37260   }
   37261   callback.Run(
   37262       rc);
   37263 }
   37264 
   37265 void Tpm::NV_DefineSpace(
   37266       const TPMI_RH_PROVISION& auth_handle,
   37267       const std::string& auth_handle_name,
   37268       const TPM2B_AUTH& auth,
   37269       const TPM2B_NV_PUBLIC& public_info,
   37270       AuthorizationDelegate* authorization_delegate,
   37271       const NV_DefineSpaceResponse& callback) {
   37272   VLOG(1) << __func__;
   37273   base::Callback<void(TPM_RC)> error_reporter =
   37274       base::Bind(NV_DefineSpaceErrorCallback, callback);
   37275   base::Callback<void(const std::string&)> parser =
   37276       base::Bind(NV_DefineSpaceResponseParser,
   37277                  callback,
   37278                  authorization_delegate);
   37279   std::string command;
   37280   TPM_RC rc = SerializeCommand_NV_DefineSpace(
   37281       auth_handle,
   37282       auth_handle_name,
   37283       auth,
   37284       public_info,
   37285       &command,
   37286       authorization_delegate);
   37287   if (rc != TPM_RC_SUCCESS) {
   37288     error_reporter.Run(rc);
   37289     return;
   37290   }
   37291   transceiver_->SendCommand(command, parser);
   37292 }
   37293 
   37294 TPM_RC Tpm::NV_DefineSpaceSync(
   37295       const TPMI_RH_PROVISION& auth_handle,
   37296       const std::string& auth_handle_name,
   37297       const TPM2B_AUTH& auth,
   37298       const TPM2B_NV_PUBLIC& public_info,
   37299       AuthorizationDelegate* authorization_delegate) {
   37300   VLOG(1) << __func__;
   37301   std::string command;
   37302   TPM_RC rc = SerializeCommand_NV_DefineSpace(
   37303       auth_handle,
   37304       auth_handle_name,
   37305       auth,
   37306       public_info,
   37307       &command,
   37308       authorization_delegate);
   37309   if (rc != TPM_RC_SUCCESS) {
   37310     return rc;
   37311   }
   37312   std::string response = transceiver_->SendCommandAndWait(command);
   37313   rc = ParseResponse_NV_DefineSpace(
   37314       response,
   37315       authorization_delegate);
   37316   return rc;
   37317 }
   37318 
   37319 TPM_RC Tpm::SerializeCommand_NV_UndefineSpace(
   37320       const TPMI_RH_PROVISION& auth_handle,
   37321       const std::string& auth_handle_name,
   37322       const TPMI_RH_NV_INDEX& nv_index,
   37323       const std::string& nv_index_name,
   37324       std::string* serialized_command,
   37325       AuthorizationDelegate* authorization_delegate) {
   37326   VLOG(3) << __func__;
   37327   TPM_RC rc = TPM_RC_SUCCESS;
   37328   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   37329   UINT32 command_size = 10;  // Header size.
   37330   std::string handle_section_bytes;
   37331   std::string parameter_section_bytes;
   37332   TPM_CC command_code = TPM_CC_NV_UndefineSpace;
   37333   bool is_command_parameter_encryption_possible = false;
   37334   bool is_response_parameter_encryption_possible = false;
   37335   std::string command_code_bytes;
   37336   rc = Serialize_TPM_CC(
   37337       command_code,
   37338       &command_code_bytes);
   37339   if (rc != TPM_RC_SUCCESS) {
   37340     return rc;
   37341   }
   37342   std::string auth_handle_bytes;
   37343   rc = Serialize_TPMI_RH_PROVISION(
   37344       auth_handle,
   37345       &auth_handle_bytes);
   37346   if (rc != TPM_RC_SUCCESS) {
   37347     return rc;
   37348   }
   37349   std::string nv_index_bytes;
   37350   rc = Serialize_TPMI_RH_NV_INDEX(
   37351       nv_index,
   37352       &nv_index_bytes);
   37353   if (rc != TPM_RC_SUCCESS) {
   37354     return rc;
   37355   }
   37356   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   37357       crypto::SecureHash::SHA256));
   37358   hash->Update(command_code_bytes.data(),
   37359                command_code_bytes.size());
   37360   hash->Update(auth_handle_name.data(),
   37361                auth_handle_name.size());
   37362   handle_section_bytes += auth_handle_bytes;
   37363   command_size += auth_handle_bytes.size();
   37364   hash->Update(nv_index_name.data(),
   37365                nv_index_name.size());
   37366   handle_section_bytes += nv_index_bytes;
   37367   command_size += nv_index_bytes.size();
   37368   std::string command_hash(32, 0);
   37369   hash->Finish(string_as_array(&command_hash), command_hash.size());
   37370   std::string authorization_section_bytes;
   37371   std::string authorization_size_bytes;
   37372   if (authorization_delegate) {
   37373     if (!authorization_delegate->GetCommandAuthorization(
   37374         command_hash,
   37375         is_command_parameter_encryption_possible,
   37376         is_response_parameter_encryption_possible,
   37377         &authorization_section_bytes)) {
   37378       return TRUNKS_RC_AUTHORIZATION_FAILED;
   37379     }
   37380     if (!authorization_section_bytes.empty()) {
   37381       tag = TPM_ST_SESSIONS;
   37382       std::string tmp;
   37383       rc = Serialize_UINT32(authorization_section_bytes.size(),
   37384                             &authorization_size_bytes);
   37385       if (rc != TPM_RC_SUCCESS) {
   37386         return rc;
   37387       }
   37388       command_size += authorization_size_bytes.size() +
   37389                       authorization_section_bytes.size();
   37390     }
   37391   }
   37392   std::string tag_bytes;
   37393   rc = Serialize_TPMI_ST_COMMAND_TAG(
   37394       tag,
   37395       &tag_bytes);
   37396   if (rc != TPM_RC_SUCCESS) {
   37397     return rc;
   37398   }
   37399   std::string command_size_bytes;
   37400   rc = Serialize_UINT32(
   37401       command_size,
   37402       &command_size_bytes);
   37403   if (rc != TPM_RC_SUCCESS) {
   37404     return rc;
   37405   }
   37406   *serialized_command = tag_bytes +
   37407                         command_size_bytes +
   37408                         command_code_bytes +
   37409                         handle_section_bytes +
   37410                         authorization_size_bytes +
   37411                         authorization_section_bytes +
   37412                         parameter_section_bytes;
   37413   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   37414   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   37415                                             serialized_command->size());
   37416   return TPM_RC_SUCCESS;
   37417 }
   37418 
   37419 TPM_RC Tpm::ParseResponse_NV_UndefineSpace(
   37420       const std::string& response,
   37421       AuthorizationDelegate* authorization_delegate) {
   37422   VLOG(3) << __func__;
   37423   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   37424   TPM_RC rc = TPM_RC_SUCCESS;
   37425   std::string buffer(response);
   37426   TPM_ST tag;
   37427   std::string tag_bytes;
   37428   rc = Parse_TPM_ST(
   37429       &buffer,
   37430       &tag,
   37431       &tag_bytes);
   37432   if (rc != TPM_RC_SUCCESS) {
   37433     return rc;
   37434   }
   37435   UINT32 response_size;
   37436   std::string response_size_bytes;
   37437   rc = Parse_UINT32(
   37438       &buffer,
   37439       &response_size,
   37440       &response_size_bytes);
   37441   if (rc != TPM_RC_SUCCESS) {
   37442     return rc;
   37443   }
   37444   TPM_RC response_code;
   37445   std::string response_code_bytes;
   37446   rc = Parse_TPM_RC(
   37447       &buffer,
   37448       &response_code,
   37449       &response_code_bytes);
   37450   if (rc != TPM_RC_SUCCESS) {
   37451     return rc;
   37452   }
   37453   if (response_size != response.size()) {
   37454     return TPM_RC_SIZE;
   37455   }
   37456   if (response_code != TPM_RC_SUCCESS) {
   37457     return response_code;
   37458   }
   37459   TPM_CC command_code = TPM_CC_NV_UndefineSpace;
   37460   std::string command_code_bytes;
   37461   rc = Serialize_TPM_CC(
   37462       command_code,
   37463       &command_code_bytes);
   37464   if (rc != TPM_RC_SUCCESS) {
   37465     return rc;
   37466   }
   37467   std::string authorization_section_bytes;
   37468   if (tag == TPM_ST_SESSIONS) {
   37469     UINT32 parameter_section_size = buffer.size();
   37470     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   37471     if (rc != TPM_RC_SUCCESS) {
   37472       return rc;
   37473     }
   37474     if (parameter_section_size > buffer.size()) {
   37475       return TPM_RC_INSUFFICIENT;
   37476     }
   37477     authorization_section_bytes = buffer.substr(parameter_section_size);
   37478     // Keep the parameter section in |buffer|.
   37479     buffer.erase(parameter_section_size);
   37480   }
   37481   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   37482       crypto::SecureHash::SHA256));
   37483   hash->Update(response_code_bytes.data(),
   37484                response_code_bytes.size());
   37485   hash->Update(command_code_bytes.data(),
   37486                command_code_bytes.size());
   37487   hash->Update(buffer.data(),
   37488                buffer.size());
   37489   std::string response_hash(32, 0);
   37490   hash->Finish(string_as_array(&response_hash), response_hash.size());
   37491   if (tag == TPM_ST_SESSIONS) {
   37492     CHECK(authorization_delegate) << "Authorization delegate missing!";
   37493     if (!authorization_delegate->CheckResponseAuthorization(
   37494         response_hash,
   37495         authorization_section_bytes)) {
   37496       return TRUNKS_RC_AUTHORIZATION_FAILED;
   37497     }
   37498   }
   37499   return TPM_RC_SUCCESS;
   37500 }
   37501 
   37502 void NV_UndefineSpaceErrorCallback(
   37503     const Tpm::NV_UndefineSpaceResponse& callback,
   37504     TPM_RC response_code) {
   37505   VLOG(1) << __func__;
   37506   callback.Run(response_code);
   37507 }
   37508 
   37509 void NV_UndefineSpaceResponseParser(
   37510     const Tpm::NV_UndefineSpaceResponse& callback,
   37511     AuthorizationDelegate* authorization_delegate,
   37512     const std::string& response) {
   37513   VLOG(1) << __func__;
   37514   base::Callback<void(TPM_RC)> error_reporter =
   37515       base::Bind(NV_UndefineSpaceErrorCallback, callback);
   37516   TPM_RC rc = Tpm::ParseResponse_NV_UndefineSpace(
   37517       response,
   37518       authorization_delegate);
   37519   if (rc != TPM_RC_SUCCESS) {
   37520     error_reporter.Run(rc);
   37521     return;
   37522   }
   37523   callback.Run(
   37524       rc);
   37525 }
   37526 
   37527 void Tpm::NV_UndefineSpace(
   37528       const TPMI_RH_PROVISION& auth_handle,
   37529       const std::string& auth_handle_name,
   37530       const TPMI_RH_NV_INDEX& nv_index,
   37531       const std::string& nv_index_name,
   37532       AuthorizationDelegate* authorization_delegate,
   37533       const NV_UndefineSpaceResponse& callback) {
   37534   VLOG(1) << __func__;
   37535   base::Callback<void(TPM_RC)> error_reporter =
   37536       base::Bind(NV_UndefineSpaceErrorCallback, callback);
   37537   base::Callback<void(const std::string&)> parser =
   37538       base::Bind(NV_UndefineSpaceResponseParser,
   37539                  callback,
   37540                  authorization_delegate);
   37541   std::string command;
   37542   TPM_RC rc = SerializeCommand_NV_UndefineSpace(
   37543       auth_handle,
   37544       auth_handle_name,
   37545       nv_index,
   37546       nv_index_name,
   37547       &command,
   37548       authorization_delegate);
   37549   if (rc != TPM_RC_SUCCESS) {
   37550     error_reporter.Run(rc);
   37551     return;
   37552   }
   37553   transceiver_->SendCommand(command, parser);
   37554 }
   37555 
   37556 TPM_RC Tpm::NV_UndefineSpaceSync(
   37557       const TPMI_RH_PROVISION& auth_handle,
   37558       const std::string& auth_handle_name,
   37559       const TPMI_RH_NV_INDEX& nv_index,
   37560       const std::string& nv_index_name,
   37561       AuthorizationDelegate* authorization_delegate) {
   37562   VLOG(1) << __func__;
   37563   std::string command;
   37564   TPM_RC rc = SerializeCommand_NV_UndefineSpace(
   37565       auth_handle,
   37566       auth_handle_name,
   37567       nv_index,
   37568       nv_index_name,
   37569       &command,
   37570       authorization_delegate);
   37571   if (rc != TPM_RC_SUCCESS) {
   37572     return rc;
   37573   }
   37574   std::string response = transceiver_->SendCommandAndWait(command);
   37575   rc = ParseResponse_NV_UndefineSpace(
   37576       response,
   37577       authorization_delegate);
   37578   return rc;
   37579 }
   37580 
   37581 TPM_RC Tpm::SerializeCommand_NV_UndefineSpaceSpecial(
   37582       const TPMI_RH_NV_INDEX& nv_index,
   37583       const std::string& nv_index_name,
   37584       const TPMI_RH_PLATFORM& platform,
   37585       const std::string& platform_name,
   37586       std::string* serialized_command,
   37587       AuthorizationDelegate* authorization_delegate) {
   37588   VLOG(3) << __func__;
   37589   TPM_RC rc = TPM_RC_SUCCESS;
   37590   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   37591   UINT32 command_size = 10;  // Header size.
   37592   std::string handle_section_bytes;
   37593   std::string parameter_section_bytes;
   37594   TPM_CC command_code = TPM_CC_NV_UndefineSpaceSpecial;
   37595   bool is_command_parameter_encryption_possible = false;
   37596   bool is_response_parameter_encryption_possible = false;
   37597   std::string command_code_bytes;
   37598   rc = Serialize_TPM_CC(
   37599       command_code,
   37600       &command_code_bytes);
   37601   if (rc != TPM_RC_SUCCESS) {
   37602     return rc;
   37603   }
   37604   std::string nv_index_bytes;
   37605   rc = Serialize_TPMI_RH_NV_INDEX(
   37606       nv_index,
   37607       &nv_index_bytes);
   37608   if (rc != TPM_RC_SUCCESS) {
   37609     return rc;
   37610   }
   37611   std::string platform_bytes;
   37612   rc = Serialize_TPMI_RH_PLATFORM(
   37613       platform,
   37614       &platform_bytes);
   37615   if (rc != TPM_RC_SUCCESS) {
   37616     return rc;
   37617   }
   37618   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   37619       crypto::SecureHash::SHA256));
   37620   hash->Update(command_code_bytes.data(),
   37621                command_code_bytes.size());
   37622   hash->Update(nv_index_name.data(),
   37623                nv_index_name.size());
   37624   handle_section_bytes += nv_index_bytes;
   37625   command_size += nv_index_bytes.size();
   37626   hash->Update(platform_name.data(),
   37627                platform_name.size());
   37628   handle_section_bytes += platform_bytes;
   37629   command_size += platform_bytes.size();
   37630   std::string command_hash(32, 0);
   37631   hash->Finish(string_as_array(&command_hash), command_hash.size());
   37632   std::string authorization_section_bytes;
   37633   std::string authorization_size_bytes;
   37634   if (authorization_delegate) {
   37635     if (!authorization_delegate->GetCommandAuthorization(
   37636         command_hash,
   37637         is_command_parameter_encryption_possible,
   37638         is_response_parameter_encryption_possible,
   37639         &authorization_section_bytes)) {
   37640       return TRUNKS_RC_AUTHORIZATION_FAILED;
   37641     }
   37642     if (!authorization_section_bytes.empty()) {
   37643       tag = TPM_ST_SESSIONS;
   37644       std::string tmp;
   37645       rc = Serialize_UINT32(authorization_section_bytes.size(),
   37646                             &authorization_size_bytes);
   37647       if (rc != TPM_RC_SUCCESS) {
   37648         return rc;
   37649       }
   37650       command_size += authorization_size_bytes.size() +
   37651                       authorization_section_bytes.size();
   37652     }
   37653   }
   37654   std::string tag_bytes;
   37655   rc = Serialize_TPMI_ST_COMMAND_TAG(
   37656       tag,
   37657       &tag_bytes);
   37658   if (rc != TPM_RC_SUCCESS) {
   37659     return rc;
   37660   }
   37661   std::string command_size_bytes;
   37662   rc = Serialize_UINT32(
   37663       command_size,
   37664       &command_size_bytes);
   37665   if (rc != TPM_RC_SUCCESS) {
   37666     return rc;
   37667   }
   37668   *serialized_command = tag_bytes +
   37669                         command_size_bytes +
   37670                         command_code_bytes +
   37671                         handle_section_bytes +
   37672                         authorization_size_bytes +
   37673                         authorization_section_bytes +
   37674                         parameter_section_bytes;
   37675   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   37676   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   37677                                             serialized_command->size());
   37678   return TPM_RC_SUCCESS;
   37679 }
   37680 
   37681 TPM_RC Tpm::ParseResponse_NV_UndefineSpaceSpecial(
   37682       const std::string& response,
   37683       AuthorizationDelegate* authorization_delegate) {
   37684   VLOG(3) << __func__;
   37685   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   37686   TPM_RC rc = TPM_RC_SUCCESS;
   37687   std::string buffer(response);
   37688   TPM_ST tag;
   37689   std::string tag_bytes;
   37690   rc = Parse_TPM_ST(
   37691       &buffer,
   37692       &tag,
   37693       &tag_bytes);
   37694   if (rc != TPM_RC_SUCCESS) {
   37695     return rc;
   37696   }
   37697   UINT32 response_size;
   37698   std::string response_size_bytes;
   37699   rc = Parse_UINT32(
   37700       &buffer,
   37701       &response_size,
   37702       &response_size_bytes);
   37703   if (rc != TPM_RC_SUCCESS) {
   37704     return rc;
   37705   }
   37706   TPM_RC response_code;
   37707   std::string response_code_bytes;
   37708   rc = Parse_TPM_RC(
   37709       &buffer,
   37710       &response_code,
   37711       &response_code_bytes);
   37712   if (rc != TPM_RC_SUCCESS) {
   37713     return rc;
   37714   }
   37715   if (response_size != response.size()) {
   37716     return TPM_RC_SIZE;
   37717   }
   37718   if (response_code != TPM_RC_SUCCESS) {
   37719     return response_code;
   37720   }
   37721   TPM_CC command_code = TPM_CC_NV_UndefineSpaceSpecial;
   37722   std::string command_code_bytes;
   37723   rc = Serialize_TPM_CC(
   37724       command_code,
   37725       &command_code_bytes);
   37726   if (rc != TPM_RC_SUCCESS) {
   37727     return rc;
   37728   }
   37729   std::string authorization_section_bytes;
   37730   if (tag == TPM_ST_SESSIONS) {
   37731     UINT32 parameter_section_size = buffer.size();
   37732     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   37733     if (rc != TPM_RC_SUCCESS) {
   37734       return rc;
   37735     }
   37736     if (parameter_section_size > buffer.size()) {
   37737       return TPM_RC_INSUFFICIENT;
   37738     }
   37739     authorization_section_bytes = buffer.substr(parameter_section_size);
   37740     // Keep the parameter section in |buffer|.
   37741     buffer.erase(parameter_section_size);
   37742   }
   37743   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   37744       crypto::SecureHash::SHA256));
   37745   hash->Update(response_code_bytes.data(),
   37746                response_code_bytes.size());
   37747   hash->Update(command_code_bytes.data(),
   37748                command_code_bytes.size());
   37749   hash->Update(buffer.data(),
   37750                buffer.size());
   37751   std::string response_hash(32, 0);
   37752   hash->Finish(string_as_array(&response_hash), response_hash.size());
   37753   if (tag == TPM_ST_SESSIONS) {
   37754     CHECK(authorization_delegate) << "Authorization delegate missing!";
   37755     if (!authorization_delegate->CheckResponseAuthorization(
   37756         response_hash,
   37757         authorization_section_bytes)) {
   37758       return TRUNKS_RC_AUTHORIZATION_FAILED;
   37759     }
   37760   }
   37761   return TPM_RC_SUCCESS;
   37762 }
   37763 
   37764 void NV_UndefineSpaceSpecialErrorCallback(
   37765     const Tpm::NV_UndefineSpaceSpecialResponse& callback,
   37766     TPM_RC response_code) {
   37767   VLOG(1) << __func__;
   37768   callback.Run(response_code);
   37769 }
   37770 
   37771 void NV_UndefineSpaceSpecialResponseParser(
   37772     const Tpm::NV_UndefineSpaceSpecialResponse& callback,
   37773     AuthorizationDelegate* authorization_delegate,
   37774     const std::string& response) {
   37775   VLOG(1) << __func__;
   37776   base::Callback<void(TPM_RC)> error_reporter =
   37777       base::Bind(NV_UndefineSpaceSpecialErrorCallback, callback);
   37778   TPM_RC rc = Tpm::ParseResponse_NV_UndefineSpaceSpecial(
   37779       response,
   37780       authorization_delegate);
   37781   if (rc != TPM_RC_SUCCESS) {
   37782     error_reporter.Run(rc);
   37783     return;
   37784   }
   37785   callback.Run(
   37786       rc);
   37787 }
   37788 
   37789 void Tpm::NV_UndefineSpaceSpecial(
   37790       const TPMI_RH_NV_INDEX& nv_index,
   37791       const std::string& nv_index_name,
   37792       const TPMI_RH_PLATFORM& platform,
   37793       const std::string& platform_name,
   37794       AuthorizationDelegate* authorization_delegate,
   37795       const NV_UndefineSpaceSpecialResponse& callback) {
   37796   VLOG(1) << __func__;
   37797   base::Callback<void(TPM_RC)> error_reporter =
   37798       base::Bind(NV_UndefineSpaceSpecialErrorCallback, callback);
   37799   base::Callback<void(const std::string&)> parser =
   37800       base::Bind(NV_UndefineSpaceSpecialResponseParser,
   37801                  callback,
   37802                  authorization_delegate);
   37803   std::string command;
   37804   TPM_RC rc = SerializeCommand_NV_UndefineSpaceSpecial(
   37805       nv_index,
   37806       nv_index_name,
   37807       platform,
   37808       platform_name,
   37809       &command,
   37810       authorization_delegate);
   37811   if (rc != TPM_RC_SUCCESS) {
   37812     error_reporter.Run(rc);
   37813     return;
   37814   }
   37815   transceiver_->SendCommand(command, parser);
   37816 }
   37817 
   37818 TPM_RC Tpm::NV_UndefineSpaceSpecialSync(
   37819       const TPMI_RH_NV_INDEX& nv_index,
   37820       const std::string& nv_index_name,
   37821       const TPMI_RH_PLATFORM& platform,
   37822       const std::string& platform_name,
   37823       AuthorizationDelegate* authorization_delegate) {
   37824   VLOG(1) << __func__;
   37825   std::string command;
   37826   TPM_RC rc = SerializeCommand_NV_UndefineSpaceSpecial(
   37827       nv_index,
   37828       nv_index_name,
   37829       platform,
   37830       platform_name,
   37831       &command,
   37832       authorization_delegate);
   37833   if (rc != TPM_RC_SUCCESS) {
   37834     return rc;
   37835   }
   37836   std::string response = transceiver_->SendCommandAndWait(command);
   37837   rc = ParseResponse_NV_UndefineSpaceSpecial(
   37838       response,
   37839       authorization_delegate);
   37840   return rc;
   37841 }
   37842 
   37843 TPM_RC Tpm::SerializeCommand_NV_ReadPublic(
   37844       const TPMI_RH_NV_INDEX& nv_index,
   37845       const std::string& nv_index_name,
   37846       std::string* serialized_command,
   37847       AuthorizationDelegate* authorization_delegate) {
   37848   VLOG(3) << __func__;
   37849   TPM_RC rc = TPM_RC_SUCCESS;
   37850   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   37851   UINT32 command_size = 10;  // Header size.
   37852   std::string handle_section_bytes;
   37853   std::string parameter_section_bytes;
   37854   TPM_CC command_code = TPM_CC_NV_ReadPublic;
   37855   bool is_command_parameter_encryption_possible = false;
   37856   bool is_response_parameter_encryption_possible = true;
   37857   std::string command_code_bytes;
   37858   rc = Serialize_TPM_CC(
   37859       command_code,
   37860       &command_code_bytes);
   37861   if (rc != TPM_RC_SUCCESS) {
   37862     return rc;
   37863   }
   37864   std::string nv_index_bytes;
   37865   rc = Serialize_TPMI_RH_NV_INDEX(
   37866       nv_index,
   37867       &nv_index_bytes);
   37868   if (rc != TPM_RC_SUCCESS) {
   37869     return rc;
   37870   }
   37871   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   37872       crypto::SecureHash::SHA256));
   37873   hash->Update(command_code_bytes.data(),
   37874                command_code_bytes.size());
   37875   hash->Update(nv_index_name.data(),
   37876                nv_index_name.size());
   37877   handle_section_bytes += nv_index_bytes;
   37878   command_size += nv_index_bytes.size();
   37879   std::string command_hash(32, 0);
   37880   hash->Finish(string_as_array(&command_hash), command_hash.size());
   37881   std::string authorization_section_bytes;
   37882   std::string authorization_size_bytes;
   37883   if (authorization_delegate) {
   37884     if (!authorization_delegate->GetCommandAuthorization(
   37885         command_hash,
   37886         is_command_parameter_encryption_possible,
   37887         is_response_parameter_encryption_possible,
   37888         &authorization_section_bytes)) {
   37889       return TRUNKS_RC_AUTHORIZATION_FAILED;
   37890     }
   37891     if (!authorization_section_bytes.empty()) {
   37892       tag = TPM_ST_SESSIONS;
   37893       std::string tmp;
   37894       rc = Serialize_UINT32(authorization_section_bytes.size(),
   37895                             &authorization_size_bytes);
   37896       if (rc != TPM_RC_SUCCESS) {
   37897         return rc;
   37898       }
   37899       command_size += authorization_size_bytes.size() +
   37900                       authorization_section_bytes.size();
   37901     }
   37902   }
   37903   std::string tag_bytes;
   37904   rc = Serialize_TPMI_ST_COMMAND_TAG(
   37905       tag,
   37906       &tag_bytes);
   37907   if (rc != TPM_RC_SUCCESS) {
   37908     return rc;
   37909   }
   37910   std::string command_size_bytes;
   37911   rc = Serialize_UINT32(
   37912       command_size,
   37913       &command_size_bytes);
   37914   if (rc != TPM_RC_SUCCESS) {
   37915     return rc;
   37916   }
   37917   *serialized_command = tag_bytes +
   37918                         command_size_bytes +
   37919                         command_code_bytes +
   37920                         handle_section_bytes +
   37921                         authorization_size_bytes +
   37922                         authorization_section_bytes +
   37923                         parameter_section_bytes;
   37924   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   37925   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   37926                                             serialized_command->size());
   37927   return TPM_RC_SUCCESS;
   37928 }
   37929 
   37930 TPM_RC Tpm::ParseResponse_NV_ReadPublic(
   37931       const std::string& response,
   37932       TPM2B_NV_PUBLIC* nv_public,
   37933       TPM2B_NAME* nv_name,
   37934       AuthorizationDelegate* authorization_delegate) {
   37935   VLOG(3) << __func__;
   37936   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   37937   TPM_RC rc = TPM_RC_SUCCESS;
   37938   std::string buffer(response);
   37939   TPM_ST tag;
   37940   std::string tag_bytes;
   37941   rc = Parse_TPM_ST(
   37942       &buffer,
   37943       &tag,
   37944       &tag_bytes);
   37945   if (rc != TPM_RC_SUCCESS) {
   37946     return rc;
   37947   }
   37948   UINT32 response_size;
   37949   std::string response_size_bytes;
   37950   rc = Parse_UINT32(
   37951       &buffer,
   37952       &response_size,
   37953       &response_size_bytes);
   37954   if (rc != TPM_RC_SUCCESS) {
   37955     return rc;
   37956   }
   37957   TPM_RC response_code;
   37958   std::string response_code_bytes;
   37959   rc = Parse_TPM_RC(
   37960       &buffer,
   37961       &response_code,
   37962       &response_code_bytes);
   37963   if (rc != TPM_RC_SUCCESS) {
   37964     return rc;
   37965   }
   37966   if (response_size != response.size()) {
   37967     return TPM_RC_SIZE;
   37968   }
   37969   if (response_code != TPM_RC_SUCCESS) {
   37970     return response_code;
   37971   }
   37972   TPM_CC command_code = TPM_CC_NV_ReadPublic;
   37973   std::string command_code_bytes;
   37974   rc = Serialize_TPM_CC(
   37975       command_code,
   37976       &command_code_bytes);
   37977   if (rc != TPM_RC_SUCCESS) {
   37978     return rc;
   37979   }
   37980   std::string authorization_section_bytes;
   37981   if (tag == TPM_ST_SESSIONS) {
   37982     UINT32 parameter_section_size = buffer.size();
   37983     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   37984     if (rc != TPM_RC_SUCCESS) {
   37985       return rc;
   37986     }
   37987     if (parameter_section_size > buffer.size()) {
   37988       return TPM_RC_INSUFFICIENT;
   37989     }
   37990     authorization_section_bytes = buffer.substr(parameter_section_size);
   37991     // Keep the parameter section in |buffer|.
   37992     buffer.erase(parameter_section_size);
   37993   }
   37994   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   37995       crypto::SecureHash::SHA256));
   37996   hash->Update(response_code_bytes.data(),
   37997                response_code_bytes.size());
   37998   hash->Update(command_code_bytes.data(),
   37999                command_code_bytes.size());
   38000   hash->Update(buffer.data(),
   38001                buffer.size());
   38002   std::string response_hash(32, 0);
   38003   hash->Finish(string_as_array(&response_hash), response_hash.size());
   38004   if (tag == TPM_ST_SESSIONS) {
   38005     CHECK(authorization_delegate) << "Authorization delegate missing!";
   38006     if (!authorization_delegate->CheckResponseAuthorization(
   38007         response_hash,
   38008         authorization_section_bytes)) {
   38009       return TRUNKS_RC_AUTHORIZATION_FAILED;
   38010     }
   38011   }
   38012   std::string nv_public_bytes;
   38013   rc = Parse_TPM2B_NV_PUBLIC(
   38014       &buffer,
   38015       nv_public,
   38016       &nv_public_bytes);
   38017   if (rc != TPM_RC_SUCCESS) {
   38018     return rc;
   38019   }
   38020   std::string nv_name_bytes;
   38021   rc = Parse_TPM2B_NAME(
   38022       &buffer,
   38023       nv_name,
   38024       &nv_name_bytes);
   38025   if (rc != TPM_RC_SUCCESS) {
   38026     return rc;
   38027   }
   38028   if (tag == TPM_ST_SESSIONS) {
   38029     CHECK(authorization_delegate) << "Authorization delegate missing!";
   38030     // Decrypt just the parameter data, not the size.
   38031     std::string tmp = nv_public_bytes.substr(2);
   38032     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   38033       return TRUNKS_RC_ENCRYPTION_FAILED;
   38034     }
   38035     nv_public_bytes.replace(2, std::string::npos, tmp);
   38036     rc = Parse_TPM2B_NV_PUBLIC(
   38037         &nv_public_bytes,
   38038         nv_public,
   38039         nullptr);
   38040     if (rc != TPM_RC_SUCCESS) {
   38041       return rc;
   38042     }
   38043   }
   38044   return TPM_RC_SUCCESS;
   38045 }
   38046 
   38047 void NV_ReadPublicErrorCallback(
   38048     const Tpm::NV_ReadPublicResponse& callback,
   38049     TPM_RC response_code) {
   38050   VLOG(1) << __func__;
   38051   callback.Run(response_code,
   38052                TPM2B_NV_PUBLIC(),
   38053                TPM2B_NAME());
   38054 }
   38055 
   38056 void NV_ReadPublicResponseParser(
   38057     const Tpm::NV_ReadPublicResponse& callback,
   38058     AuthorizationDelegate* authorization_delegate,
   38059     const std::string& response) {
   38060   VLOG(1) << __func__;
   38061   base::Callback<void(TPM_RC)> error_reporter =
   38062       base::Bind(NV_ReadPublicErrorCallback, callback);
   38063   TPM2B_NV_PUBLIC nv_public;
   38064   TPM2B_NAME nv_name;
   38065   TPM_RC rc = Tpm::ParseResponse_NV_ReadPublic(
   38066       response,
   38067       &nv_public,
   38068       &nv_name,
   38069       authorization_delegate);
   38070   if (rc != TPM_RC_SUCCESS) {
   38071     error_reporter.Run(rc);
   38072     return;
   38073   }
   38074   callback.Run(
   38075       rc,
   38076       nv_public,
   38077       nv_name);
   38078 }
   38079 
   38080 void Tpm::NV_ReadPublic(
   38081       const TPMI_RH_NV_INDEX& nv_index,
   38082       const std::string& nv_index_name,
   38083       AuthorizationDelegate* authorization_delegate,
   38084       const NV_ReadPublicResponse& callback) {
   38085   VLOG(1) << __func__;
   38086   base::Callback<void(TPM_RC)> error_reporter =
   38087       base::Bind(NV_ReadPublicErrorCallback, callback);
   38088   base::Callback<void(const std::string&)> parser =
   38089       base::Bind(NV_ReadPublicResponseParser,
   38090                  callback,
   38091                  authorization_delegate);
   38092   std::string command;
   38093   TPM_RC rc = SerializeCommand_NV_ReadPublic(
   38094       nv_index,
   38095       nv_index_name,
   38096       &command,
   38097       authorization_delegate);
   38098   if (rc != TPM_RC_SUCCESS) {
   38099     error_reporter.Run(rc);
   38100     return;
   38101   }
   38102   transceiver_->SendCommand(command, parser);
   38103 }
   38104 
   38105 TPM_RC Tpm::NV_ReadPublicSync(
   38106       const TPMI_RH_NV_INDEX& nv_index,
   38107       const std::string& nv_index_name,
   38108       TPM2B_NV_PUBLIC* nv_public,
   38109       TPM2B_NAME* nv_name,
   38110       AuthorizationDelegate* authorization_delegate) {
   38111   VLOG(1) << __func__;
   38112   std::string command;
   38113   TPM_RC rc = SerializeCommand_NV_ReadPublic(
   38114       nv_index,
   38115       nv_index_name,
   38116       &command,
   38117       authorization_delegate);
   38118   if (rc != TPM_RC_SUCCESS) {
   38119     return rc;
   38120   }
   38121   std::string response = transceiver_->SendCommandAndWait(command);
   38122   rc = ParseResponse_NV_ReadPublic(
   38123       response,
   38124       nv_public,
   38125       nv_name,
   38126       authorization_delegate);
   38127   return rc;
   38128 }
   38129 
   38130 TPM_RC Tpm::SerializeCommand_NV_Write(
   38131       const TPMI_RH_NV_AUTH& auth_handle,
   38132       const std::string& auth_handle_name,
   38133       const TPMI_RH_NV_INDEX& nv_index,
   38134       const std::string& nv_index_name,
   38135       const TPM2B_MAX_NV_BUFFER& data,
   38136       const UINT16& offset,
   38137       std::string* serialized_command,
   38138       AuthorizationDelegate* authorization_delegate) {
   38139   VLOG(3) << __func__;
   38140   TPM_RC rc = TPM_RC_SUCCESS;
   38141   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   38142   UINT32 command_size = 10;  // Header size.
   38143   std::string handle_section_bytes;
   38144   std::string parameter_section_bytes;
   38145   TPM_CC command_code = TPM_CC_NV_Write;
   38146   bool is_command_parameter_encryption_possible = true;
   38147   bool is_response_parameter_encryption_possible = false;
   38148   std::string command_code_bytes;
   38149   rc = Serialize_TPM_CC(
   38150       command_code,
   38151       &command_code_bytes);
   38152   if (rc != TPM_RC_SUCCESS) {
   38153     return rc;
   38154   }
   38155   std::string auth_handle_bytes;
   38156   rc = Serialize_TPMI_RH_NV_AUTH(
   38157       auth_handle,
   38158       &auth_handle_bytes);
   38159   if (rc != TPM_RC_SUCCESS) {
   38160     return rc;
   38161   }
   38162   std::string nv_index_bytes;
   38163   rc = Serialize_TPMI_RH_NV_INDEX(
   38164       nv_index,
   38165       &nv_index_bytes);
   38166   if (rc != TPM_RC_SUCCESS) {
   38167     return rc;
   38168   }
   38169   std::string data_bytes;
   38170   rc = Serialize_TPM2B_MAX_NV_BUFFER(
   38171       data,
   38172       &data_bytes);
   38173   if (rc != TPM_RC_SUCCESS) {
   38174     return rc;
   38175   }
   38176   std::string offset_bytes;
   38177   rc = Serialize_UINT16(
   38178       offset,
   38179       &offset_bytes);
   38180   if (rc != TPM_RC_SUCCESS) {
   38181     return rc;
   38182   }
   38183   if (authorization_delegate) {
   38184     // Encrypt just the parameter data, not the size.
   38185     std::string tmp = data_bytes.substr(2);
   38186     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   38187       return TRUNKS_RC_ENCRYPTION_FAILED;
   38188     }
   38189     data_bytes.replace(2, std::string::npos, tmp);
   38190   }
   38191   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   38192       crypto::SecureHash::SHA256));
   38193   hash->Update(command_code_bytes.data(),
   38194                command_code_bytes.size());
   38195   hash->Update(auth_handle_name.data(),
   38196                auth_handle_name.size());
   38197   handle_section_bytes += auth_handle_bytes;
   38198   command_size += auth_handle_bytes.size();
   38199   hash->Update(nv_index_name.data(),
   38200                nv_index_name.size());
   38201   handle_section_bytes += nv_index_bytes;
   38202   command_size += nv_index_bytes.size();
   38203   hash->Update(data_bytes.data(),
   38204                data_bytes.size());
   38205   parameter_section_bytes += data_bytes;
   38206   command_size += data_bytes.size();
   38207   hash->Update(offset_bytes.data(),
   38208                offset_bytes.size());
   38209   parameter_section_bytes += offset_bytes;
   38210   command_size += offset_bytes.size();
   38211   std::string command_hash(32, 0);
   38212   hash->Finish(string_as_array(&command_hash), command_hash.size());
   38213   std::string authorization_section_bytes;
   38214   std::string authorization_size_bytes;
   38215   if (authorization_delegate) {
   38216     if (!authorization_delegate->GetCommandAuthorization(
   38217         command_hash,
   38218         is_command_parameter_encryption_possible,
   38219         is_response_parameter_encryption_possible,
   38220         &authorization_section_bytes)) {
   38221       return TRUNKS_RC_AUTHORIZATION_FAILED;
   38222     }
   38223     if (!authorization_section_bytes.empty()) {
   38224       tag = TPM_ST_SESSIONS;
   38225       std::string tmp;
   38226       rc = Serialize_UINT32(authorization_section_bytes.size(),
   38227                             &authorization_size_bytes);
   38228       if (rc != TPM_RC_SUCCESS) {
   38229         return rc;
   38230       }
   38231       command_size += authorization_size_bytes.size() +
   38232                       authorization_section_bytes.size();
   38233     }
   38234   }
   38235   std::string tag_bytes;
   38236   rc = Serialize_TPMI_ST_COMMAND_TAG(
   38237       tag,
   38238       &tag_bytes);
   38239   if (rc != TPM_RC_SUCCESS) {
   38240     return rc;
   38241   }
   38242   std::string command_size_bytes;
   38243   rc = Serialize_UINT32(
   38244       command_size,
   38245       &command_size_bytes);
   38246   if (rc != TPM_RC_SUCCESS) {
   38247     return rc;
   38248   }
   38249   *serialized_command = tag_bytes +
   38250                         command_size_bytes +
   38251                         command_code_bytes +
   38252                         handle_section_bytes +
   38253                         authorization_size_bytes +
   38254                         authorization_section_bytes +
   38255                         parameter_section_bytes;
   38256   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   38257   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   38258                                             serialized_command->size());
   38259   return TPM_RC_SUCCESS;
   38260 }
   38261 
   38262 TPM_RC Tpm::ParseResponse_NV_Write(
   38263       const std::string& response,
   38264       AuthorizationDelegate* authorization_delegate) {
   38265   VLOG(3) << __func__;
   38266   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   38267   TPM_RC rc = TPM_RC_SUCCESS;
   38268   std::string buffer(response);
   38269   TPM_ST tag;
   38270   std::string tag_bytes;
   38271   rc = Parse_TPM_ST(
   38272       &buffer,
   38273       &tag,
   38274       &tag_bytes);
   38275   if (rc != TPM_RC_SUCCESS) {
   38276     return rc;
   38277   }
   38278   UINT32 response_size;
   38279   std::string response_size_bytes;
   38280   rc = Parse_UINT32(
   38281       &buffer,
   38282       &response_size,
   38283       &response_size_bytes);
   38284   if (rc != TPM_RC_SUCCESS) {
   38285     return rc;
   38286   }
   38287   TPM_RC response_code;
   38288   std::string response_code_bytes;
   38289   rc = Parse_TPM_RC(
   38290       &buffer,
   38291       &response_code,
   38292       &response_code_bytes);
   38293   if (rc != TPM_RC_SUCCESS) {
   38294     return rc;
   38295   }
   38296   if (response_size != response.size()) {
   38297     return TPM_RC_SIZE;
   38298   }
   38299   if (response_code != TPM_RC_SUCCESS) {
   38300     return response_code;
   38301   }
   38302   TPM_CC command_code = TPM_CC_NV_Write;
   38303   std::string command_code_bytes;
   38304   rc = Serialize_TPM_CC(
   38305       command_code,
   38306       &command_code_bytes);
   38307   if (rc != TPM_RC_SUCCESS) {
   38308     return rc;
   38309   }
   38310   std::string authorization_section_bytes;
   38311   if (tag == TPM_ST_SESSIONS) {
   38312     UINT32 parameter_section_size = buffer.size();
   38313     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   38314     if (rc != TPM_RC_SUCCESS) {
   38315       return rc;
   38316     }
   38317     if (parameter_section_size > buffer.size()) {
   38318       return TPM_RC_INSUFFICIENT;
   38319     }
   38320     authorization_section_bytes = buffer.substr(parameter_section_size);
   38321     // Keep the parameter section in |buffer|.
   38322     buffer.erase(parameter_section_size);
   38323   }
   38324   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   38325       crypto::SecureHash::SHA256));
   38326   hash->Update(response_code_bytes.data(),
   38327                response_code_bytes.size());
   38328   hash->Update(command_code_bytes.data(),
   38329                command_code_bytes.size());
   38330   hash->Update(buffer.data(),
   38331                buffer.size());
   38332   std::string response_hash(32, 0);
   38333   hash->Finish(string_as_array(&response_hash), response_hash.size());
   38334   if (tag == TPM_ST_SESSIONS) {
   38335     CHECK(authorization_delegate) << "Authorization delegate missing!";
   38336     if (!authorization_delegate->CheckResponseAuthorization(
   38337         response_hash,
   38338         authorization_section_bytes)) {
   38339       return TRUNKS_RC_AUTHORIZATION_FAILED;
   38340     }
   38341   }
   38342   return TPM_RC_SUCCESS;
   38343 }
   38344 
   38345 void NV_WriteErrorCallback(
   38346     const Tpm::NV_WriteResponse& callback,
   38347     TPM_RC response_code) {
   38348   VLOG(1) << __func__;
   38349   callback.Run(response_code);
   38350 }
   38351 
   38352 void NV_WriteResponseParser(
   38353     const Tpm::NV_WriteResponse& callback,
   38354     AuthorizationDelegate* authorization_delegate,
   38355     const std::string& response) {
   38356   VLOG(1) << __func__;
   38357   base::Callback<void(TPM_RC)> error_reporter =
   38358       base::Bind(NV_WriteErrorCallback, callback);
   38359   TPM_RC rc = Tpm::ParseResponse_NV_Write(
   38360       response,
   38361       authorization_delegate);
   38362   if (rc != TPM_RC_SUCCESS) {
   38363     error_reporter.Run(rc);
   38364     return;
   38365   }
   38366   callback.Run(
   38367       rc);
   38368 }
   38369 
   38370 void Tpm::NV_Write(
   38371       const TPMI_RH_NV_AUTH& auth_handle,
   38372       const std::string& auth_handle_name,
   38373       const TPMI_RH_NV_INDEX& nv_index,
   38374       const std::string& nv_index_name,
   38375       const TPM2B_MAX_NV_BUFFER& data,
   38376       const UINT16& offset,
   38377       AuthorizationDelegate* authorization_delegate,
   38378       const NV_WriteResponse& callback) {
   38379   VLOG(1) << __func__;
   38380   base::Callback<void(TPM_RC)> error_reporter =
   38381       base::Bind(NV_WriteErrorCallback, callback);
   38382   base::Callback<void(const std::string&)> parser =
   38383       base::Bind(NV_WriteResponseParser,
   38384                  callback,
   38385                  authorization_delegate);
   38386   std::string command;
   38387   TPM_RC rc = SerializeCommand_NV_Write(
   38388       auth_handle,
   38389       auth_handle_name,
   38390       nv_index,
   38391       nv_index_name,
   38392       data,
   38393       offset,
   38394       &command,
   38395       authorization_delegate);
   38396   if (rc != TPM_RC_SUCCESS) {
   38397     error_reporter.Run(rc);
   38398     return;
   38399   }
   38400   transceiver_->SendCommand(command, parser);
   38401 }
   38402 
   38403 TPM_RC Tpm::NV_WriteSync(
   38404       const TPMI_RH_NV_AUTH& auth_handle,
   38405       const std::string& auth_handle_name,
   38406       const TPMI_RH_NV_INDEX& nv_index,
   38407       const std::string& nv_index_name,
   38408       const TPM2B_MAX_NV_BUFFER& data,
   38409       const UINT16& offset,
   38410       AuthorizationDelegate* authorization_delegate) {
   38411   VLOG(1) << __func__;
   38412   std::string command;
   38413   TPM_RC rc = SerializeCommand_NV_Write(
   38414       auth_handle,
   38415       auth_handle_name,
   38416       nv_index,
   38417       nv_index_name,
   38418       data,
   38419       offset,
   38420       &command,
   38421       authorization_delegate);
   38422   if (rc != TPM_RC_SUCCESS) {
   38423     return rc;
   38424   }
   38425   std::string response = transceiver_->SendCommandAndWait(command);
   38426   rc = ParseResponse_NV_Write(
   38427       response,
   38428       authorization_delegate);
   38429   return rc;
   38430 }
   38431 
   38432 TPM_RC Tpm::SerializeCommand_NV_Increment(
   38433       const TPMI_RH_NV_AUTH& auth_handle,
   38434       const std::string& auth_handle_name,
   38435       const TPMI_RH_NV_INDEX& nv_index,
   38436       const std::string& nv_index_name,
   38437       std::string* serialized_command,
   38438       AuthorizationDelegate* authorization_delegate) {
   38439   VLOG(3) << __func__;
   38440   TPM_RC rc = TPM_RC_SUCCESS;
   38441   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   38442   UINT32 command_size = 10;  // Header size.
   38443   std::string handle_section_bytes;
   38444   std::string parameter_section_bytes;
   38445   TPM_CC command_code = TPM_CC_NV_Increment;
   38446   bool is_command_parameter_encryption_possible = false;
   38447   bool is_response_parameter_encryption_possible = false;
   38448   std::string command_code_bytes;
   38449   rc = Serialize_TPM_CC(
   38450       command_code,
   38451       &command_code_bytes);
   38452   if (rc != TPM_RC_SUCCESS) {
   38453     return rc;
   38454   }
   38455   std::string auth_handle_bytes;
   38456   rc = Serialize_TPMI_RH_NV_AUTH(
   38457       auth_handle,
   38458       &auth_handle_bytes);
   38459   if (rc != TPM_RC_SUCCESS) {
   38460     return rc;
   38461   }
   38462   std::string nv_index_bytes;
   38463   rc = Serialize_TPMI_RH_NV_INDEX(
   38464       nv_index,
   38465       &nv_index_bytes);
   38466   if (rc != TPM_RC_SUCCESS) {
   38467     return rc;
   38468   }
   38469   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   38470       crypto::SecureHash::SHA256));
   38471   hash->Update(command_code_bytes.data(),
   38472                command_code_bytes.size());
   38473   hash->Update(auth_handle_name.data(),
   38474                auth_handle_name.size());
   38475   handle_section_bytes += auth_handle_bytes;
   38476   command_size += auth_handle_bytes.size();
   38477   hash->Update(nv_index_name.data(),
   38478                nv_index_name.size());
   38479   handle_section_bytes += nv_index_bytes;
   38480   command_size += nv_index_bytes.size();
   38481   std::string command_hash(32, 0);
   38482   hash->Finish(string_as_array(&command_hash), command_hash.size());
   38483   std::string authorization_section_bytes;
   38484   std::string authorization_size_bytes;
   38485   if (authorization_delegate) {
   38486     if (!authorization_delegate->GetCommandAuthorization(
   38487         command_hash,
   38488         is_command_parameter_encryption_possible,
   38489         is_response_parameter_encryption_possible,
   38490         &authorization_section_bytes)) {
   38491       return TRUNKS_RC_AUTHORIZATION_FAILED;
   38492     }
   38493     if (!authorization_section_bytes.empty()) {
   38494       tag = TPM_ST_SESSIONS;
   38495       std::string tmp;
   38496       rc = Serialize_UINT32(authorization_section_bytes.size(),
   38497                             &authorization_size_bytes);
   38498       if (rc != TPM_RC_SUCCESS) {
   38499         return rc;
   38500       }
   38501       command_size += authorization_size_bytes.size() +
   38502                       authorization_section_bytes.size();
   38503     }
   38504   }
   38505   std::string tag_bytes;
   38506   rc = Serialize_TPMI_ST_COMMAND_TAG(
   38507       tag,
   38508       &tag_bytes);
   38509   if (rc != TPM_RC_SUCCESS) {
   38510     return rc;
   38511   }
   38512   std::string command_size_bytes;
   38513   rc = Serialize_UINT32(
   38514       command_size,
   38515       &command_size_bytes);
   38516   if (rc != TPM_RC_SUCCESS) {
   38517     return rc;
   38518   }
   38519   *serialized_command = tag_bytes +
   38520                         command_size_bytes +
   38521                         command_code_bytes +
   38522                         handle_section_bytes +
   38523                         authorization_size_bytes +
   38524                         authorization_section_bytes +
   38525                         parameter_section_bytes;
   38526   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   38527   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   38528                                             serialized_command->size());
   38529   return TPM_RC_SUCCESS;
   38530 }
   38531 
   38532 TPM_RC Tpm::ParseResponse_NV_Increment(
   38533       const std::string& response,
   38534       AuthorizationDelegate* authorization_delegate) {
   38535   VLOG(3) << __func__;
   38536   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   38537   TPM_RC rc = TPM_RC_SUCCESS;
   38538   std::string buffer(response);
   38539   TPM_ST tag;
   38540   std::string tag_bytes;
   38541   rc = Parse_TPM_ST(
   38542       &buffer,
   38543       &tag,
   38544       &tag_bytes);
   38545   if (rc != TPM_RC_SUCCESS) {
   38546     return rc;
   38547   }
   38548   UINT32 response_size;
   38549   std::string response_size_bytes;
   38550   rc = Parse_UINT32(
   38551       &buffer,
   38552       &response_size,
   38553       &response_size_bytes);
   38554   if (rc != TPM_RC_SUCCESS) {
   38555     return rc;
   38556   }
   38557   TPM_RC response_code;
   38558   std::string response_code_bytes;
   38559   rc = Parse_TPM_RC(
   38560       &buffer,
   38561       &response_code,
   38562       &response_code_bytes);
   38563   if (rc != TPM_RC_SUCCESS) {
   38564     return rc;
   38565   }
   38566   if (response_size != response.size()) {
   38567     return TPM_RC_SIZE;
   38568   }
   38569   if (response_code != TPM_RC_SUCCESS) {
   38570     return response_code;
   38571   }
   38572   TPM_CC command_code = TPM_CC_NV_Increment;
   38573   std::string command_code_bytes;
   38574   rc = Serialize_TPM_CC(
   38575       command_code,
   38576       &command_code_bytes);
   38577   if (rc != TPM_RC_SUCCESS) {
   38578     return rc;
   38579   }
   38580   std::string authorization_section_bytes;
   38581   if (tag == TPM_ST_SESSIONS) {
   38582     UINT32 parameter_section_size = buffer.size();
   38583     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   38584     if (rc != TPM_RC_SUCCESS) {
   38585       return rc;
   38586     }
   38587     if (parameter_section_size > buffer.size()) {
   38588       return TPM_RC_INSUFFICIENT;
   38589     }
   38590     authorization_section_bytes = buffer.substr(parameter_section_size);
   38591     // Keep the parameter section in |buffer|.
   38592     buffer.erase(parameter_section_size);
   38593   }
   38594   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   38595       crypto::SecureHash::SHA256));
   38596   hash->Update(response_code_bytes.data(),
   38597                response_code_bytes.size());
   38598   hash->Update(command_code_bytes.data(),
   38599                command_code_bytes.size());
   38600   hash->Update(buffer.data(),
   38601                buffer.size());
   38602   std::string response_hash(32, 0);
   38603   hash->Finish(string_as_array(&response_hash), response_hash.size());
   38604   if (tag == TPM_ST_SESSIONS) {
   38605     CHECK(authorization_delegate) << "Authorization delegate missing!";
   38606     if (!authorization_delegate->CheckResponseAuthorization(
   38607         response_hash,
   38608         authorization_section_bytes)) {
   38609       return TRUNKS_RC_AUTHORIZATION_FAILED;
   38610     }
   38611   }
   38612   return TPM_RC_SUCCESS;
   38613 }
   38614 
   38615 void NV_IncrementErrorCallback(
   38616     const Tpm::NV_IncrementResponse& callback,
   38617     TPM_RC response_code) {
   38618   VLOG(1) << __func__;
   38619   callback.Run(response_code);
   38620 }
   38621 
   38622 void NV_IncrementResponseParser(
   38623     const Tpm::NV_IncrementResponse& callback,
   38624     AuthorizationDelegate* authorization_delegate,
   38625     const std::string& response) {
   38626   VLOG(1) << __func__;
   38627   base::Callback<void(TPM_RC)> error_reporter =
   38628       base::Bind(NV_IncrementErrorCallback, callback);
   38629   TPM_RC rc = Tpm::ParseResponse_NV_Increment(
   38630       response,
   38631       authorization_delegate);
   38632   if (rc != TPM_RC_SUCCESS) {
   38633     error_reporter.Run(rc);
   38634     return;
   38635   }
   38636   callback.Run(
   38637       rc);
   38638 }
   38639 
   38640 void Tpm::NV_Increment(
   38641       const TPMI_RH_NV_AUTH& auth_handle,
   38642       const std::string& auth_handle_name,
   38643       const TPMI_RH_NV_INDEX& nv_index,
   38644       const std::string& nv_index_name,
   38645       AuthorizationDelegate* authorization_delegate,
   38646       const NV_IncrementResponse& callback) {
   38647   VLOG(1) << __func__;
   38648   base::Callback<void(TPM_RC)> error_reporter =
   38649       base::Bind(NV_IncrementErrorCallback, callback);
   38650   base::Callback<void(const std::string&)> parser =
   38651       base::Bind(NV_IncrementResponseParser,
   38652                  callback,
   38653                  authorization_delegate);
   38654   std::string command;
   38655   TPM_RC rc = SerializeCommand_NV_Increment(
   38656       auth_handle,
   38657       auth_handle_name,
   38658       nv_index,
   38659       nv_index_name,
   38660       &command,
   38661       authorization_delegate);
   38662   if (rc != TPM_RC_SUCCESS) {
   38663     error_reporter.Run(rc);
   38664     return;
   38665   }
   38666   transceiver_->SendCommand(command, parser);
   38667 }
   38668 
   38669 TPM_RC Tpm::NV_IncrementSync(
   38670       const TPMI_RH_NV_AUTH& auth_handle,
   38671       const std::string& auth_handle_name,
   38672       const TPMI_RH_NV_INDEX& nv_index,
   38673       const std::string& nv_index_name,
   38674       AuthorizationDelegate* authorization_delegate) {
   38675   VLOG(1) << __func__;
   38676   std::string command;
   38677   TPM_RC rc = SerializeCommand_NV_Increment(
   38678       auth_handle,
   38679       auth_handle_name,
   38680       nv_index,
   38681       nv_index_name,
   38682       &command,
   38683       authorization_delegate);
   38684   if (rc != TPM_RC_SUCCESS) {
   38685     return rc;
   38686   }
   38687   std::string response = transceiver_->SendCommandAndWait(command);
   38688   rc = ParseResponse_NV_Increment(
   38689       response,
   38690       authorization_delegate);
   38691   return rc;
   38692 }
   38693 
   38694 TPM_RC Tpm::SerializeCommand_NV_Extend(
   38695       const TPMI_RH_NV_AUTH& auth_handle,
   38696       const std::string& auth_handle_name,
   38697       const TPMI_RH_NV_INDEX& nv_index,
   38698       const std::string& nv_index_name,
   38699       const TPM2B_MAX_NV_BUFFER& data,
   38700       std::string* serialized_command,
   38701       AuthorizationDelegate* authorization_delegate) {
   38702   VLOG(3) << __func__;
   38703   TPM_RC rc = TPM_RC_SUCCESS;
   38704   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   38705   UINT32 command_size = 10;  // Header size.
   38706   std::string handle_section_bytes;
   38707   std::string parameter_section_bytes;
   38708   TPM_CC command_code = TPM_CC_NV_Extend;
   38709   bool is_command_parameter_encryption_possible = true;
   38710   bool is_response_parameter_encryption_possible = false;
   38711   std::string command_code_bytes;
   38712   rc = Serialize_TPM_CC(
   38713       command_code,
   38714       &command_code_bytes);
   38715   if (rc != TPM_RC_SUCCESS) {
   38716     return rc;
   38717   }
   38718   std::string auth_handle_bytes;
   38719   rc = Serialize_TPMI_RH_NV_AUTH(
   38720       auth_handle,
   38721       &auth_handle_bytes);
   38722   if (rc != TPM_RC_SUCCESS) {
   38723     return rc;
   38724   }
   38725   std::string nv_index_bytes;
   38726   rc = Serialize_TPMI_RH_NV_INDEX(
   38727       nv_index,
   38728       &nv_index_bytes);
   38729   if (rc != TPM_RC_SUCCESS) {
   38730     return rc;
   38731   }
   38732   std::string data_bytes;
   38733   rc = Serialize_TPM2B_MAX_NV_BUFFER(
   38734       data,
   38735       &data_bytes);
   38736   if (rc != TPM_RC_SUCCESS) {
   38737     return rc;
   38738   }
   38739   if (authorization_delegate) {
   38740     // Encrypt just the parameter data, not the size.
   38741     std::string tmp = data_bytes.substr(2);
   38742     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   38743       return TRUNKS_RC_ENCRYPTION_FAILED;
   38744     }
   38745     data_bytes.replace(2, std::string::npos, tmp);
   38746   }
   38747   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   38748       crypto::SecureHash::SHA256));
   38749   hash->Update(command_code_bytes.data(),
   38750                command_code_bytes.size());
   38751   hash->Update(auth_handle_name.data(),
   38752                auth_handle_name.size());
   38753   handle_section_bytes += auth_handle_bytes;
   38754   command_size += auth_handle_bytes.size();
   38755   hash->Update(nv_index_name.data(),
   38756                nv_index_name.size());
   38757   handle_section_bytes += nv_index_bytes;
   38758   command_size += nv_index_bytes.size();
   38759   hash->Update(data_bytes.data(),
   38760                data_bytes.size());
   38761   parameter_section_bytes += data_bytes;
   38762   command_size += data_bytes.size();
   38763   std::string command_hash(32, 0);
   38764   hash->Finish(string_as_array(&command_hash), command_hash.size());
   38765   std::string authorization_section_bytes;
   38766   std::string authorization_size_bytes;
   38767   if (authorization_delegate) {
   38768     if (!authorization_delegate->GetCommandAuthorization(
   38769         command_hash,
   38770         is_command_parameter_encryption_possible,
   38771         is_response_parameter_encryption_possible,
   38772         &authorization_section_bytes)) {
   38773       return TRUNKS_RC_AUTHORIZATION_FAILED;
   38774     }
   38775     if (!authorization_section_bytes.empty()) {
   38776       tag = TPM_ST_SESSIONS;
   38777       std::string tmp;
   38778       rc = Serialize_UINT32(authorization_section_bytes.size(),
   38779                             &authorization_size_bytes);
   38780       if (rc != TPM_RC_SUCCESS) {
   38781         return rc;
   38782       }
   38783       command_size += authorization_size_bytes.size() +
   38784                       authorization_section_bytes.size();
   38785     }
   38786   }
   38787   std::string tag_bytes;
   38788   rc = Serialize_TPMI_ST_COMMAND_TAG(
   38789       tag,
   38790       &tag_bytes);
   38791   if (rc != TPM_RC_SUCCESS) {
   38792     return rc;
   38793   }
   38794   std::string command_size_bytes;
   38795   rc = Serialize_UINT32(
   38796       command_size,
   38797       &command_size_bytes);
   38798   if (rc != TPM_RC_SUCCESS) {
   38799     return rc;
   38800   }
   38801   *serialized_command = tag_bytes +
   38802                         command_size_bytes +
   38803                         command_code_bytes +
   38804                         handle_section_bytes +
   38805                         authorization_size_bytes +
   38806                         authorization_section_bytes +
   38807                         parameter_section_bytes;
   38808   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   38809   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   38810                                             serialized_command->size());
   38811   return TPM_RC_SUCCESS;
   38812 }
   38813 
   38814 TPM_RC Tpm::ParseResponse_NV_Extend(
   38815       const std::string& response,
   38816       AuthorizationDelegate* authorization_delegate) {
   38817   VLOG(3) << __func__;
   38818   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   38819   TPM_RC rc = TPM_RC_SUCCESS;
   38820   std::string buffer(response);
   38821   TPM_ST tag;
   38822   std::string tag_bytes;
   38823   rc = Parse_TPM_ST(
   38824       &buffer,
   38825       &tag,
   38826       &tag_bytes);
   38827   if (rc != TPM_RC_SUCCESS) {
   38828     return rc;
   38829   }
   38830   UINT32 response_size;
   38831   std::string response_size_bytes;
   38832   rc = Parse_UINT32(
   38833       &buffer,
   38834       &response_size,
   38835       &response_size_bytes);
   38836   if (rc != TPM_RC_SUCCESS) {
   38837     return rc;
   38838   }
   38839   TPM_RC response_code;
   38840   std::string response_code_bytes;
   38841   rc = Parse_TPM_RC(
   38842       &buffer,
   38843       &response_code,
   38844       &response_code_bytes);
   38845   if (rc != TPM_RC_SUCCESS) {
   38846     return rc;
   38847   }
   38848   if (response_size != response.size()) {
   38849     return TPM_RC_SIZE;
   38850   }
   38851   if (response_code != TPM_RC_SUCCESS) {
   38852     return response_code;
   38853   }
   38854   TPM_CC command_code = TPM_CC_NV_Extend;
   38855   std::string command_code_bytes;
   38856   rc = Serialize_TPM_CC(
   38857       command_code,
   38858       &command_code_bytes);
   38859   if (rc != TPM_RC_SUCCESS) {
   38860     return rc;
   38861   }
   38862   std::string authorization_section_bytes;
   38863   if (tag == TPM_ST_SESSIONS) {
   38864     UINT32 parameter_section_size = buffer.size();
   38865     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   38866     if (rc != TPM_RC_SUCCESS) {
   38867       return rc;
   38868     }
   38869     if (parameter_section_size > buffer.size()) {
   38870       return TPM_RC_INSUFFICIENT;
   38871     }
   38872     authorization_section_bytes = buffer.substr(parameter_section_size);
   38873     // Keep the parameter section in |buffer|.
   38874     buffer.erase(parameter_section_size);
   38875   }
   38876   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   38877       crypto::SecureHash::SHA256));
   38878   hash->Update(response_code_bytes.data(),
   38879                response_code_bytes.size());
   38880   hash->Update(command_code_bytes.data(),
   38881                command_code_bytes.size());
   38882   hash->Update(buffer.data(),
   38883                buffer.size());
   38884   std::string response_hash(32, 0);
   38885   hash->Finish(string_as_array(&response_hash), response_hash.size());
   38886   if (tag == TPM_ST_SESSIONS) {
   38887     CHECK(authorization_delegate) << "Authorization delegate missing!";
   38888     if (!authorization_delegate->CheckResponseAuthorization(
   38889         response_hash,
   38890         authorization_section_bytes)) {
   38891       return TRUNKS_RC_AUTHORIZATION_FAILED;
   38892     }
   38893   }
   38894   return TPM_RC_SUCCESS;
   38895 }
   38896 
   38897 void NV_ExtendErrorCallback(
   38898     const Tpm::NV_ExtendResponse& callback,
   38899     TPM_RC response_code) {
   38900   VLOG(1) << __func__;
   38901   callback.Run(response_code);
   38902 }
   38903 
   38904 void NV_ExtendResponseParser(
   38905     const Tpm::NV_ExtendResponse& callback,
   38906     AuthorizationDelegate* authorization_delegate,
   38907     const std::string& response) {
   38908   VLOG(1) << __func__;
   38909   base::Callback<void(TPM_RC)> error_reporter =
   38910       base::Bind(NV_ExtendErrorCallback, callback);
   38911   TPM_RC rc = Tpm::ParseResponse_NV_Extend(
   38912       response,
   38913       authorization_delegate);
   38914   if (rc != TPM_RC_SUCCESS) {
   38915     error_reporter.Run(rc);
   38916     return;
   38917   }
   38918   callback.Run(
   38919       rc);
   38920 }
   38921 
   38922 void Tpm::NV_Extend(
   38923       const TPMI_RH_NV_AUTH& auth_handle,
   38924       const std::string& auth_handle_name,
   38925       const TPMI_RH_NV_INDEX& nv_index,
   38926       const std::string& nv_index_name,
   38927       const TPM2B_MAX_NV_BUFFER& data,
   38928       AuthorizationDelegate* authorization_delegate,
   38929       const NV_ExtendResponse& callback) {
   38930   VLOG(1) << __func__;
   38931   base::Callback<void(TPM_RC)> error_reporter =
   38932       base::Bind(NV_ExtendErrorCallback, callback);
   38933   base::Callback<void(const std::string&)> parser =
   38934       base::Bind(NV_ExtendResponseParser,
   38935                  callback,
   38936                  authorization_delegate);
   38937   std::string command;
   38938   TPM_RC rc = SerializeCommand_NV_Extend(
   38939       auth_handle,
   38940       auth_handle_name,
   38941       nv_index,
   38942       nv_index_name,
   38943       data,
   38944       &command,
   38945       authorization_delegate);
   38946   if (rc != TPM_RC_SUCCESS) {
   38947     error_reporter.Run(rc);
   38948     return;
   38949   }
   38950   transceiver_->SendCommand(command, parser);
   38951 }
   38952 
   38953 TPM_RC Tpm::NV_ExtendSync(
   38954       const TPMI_RH_NV_AUTH& auth_handle,
   38955       const std::string& auth_handle_name,
   38956       const TPMI_RH_NV_INDEX& nv_index,
   38957       const std::string& nv_index_name,
   38958       const TPM2B_MAX_NV_BUFFER& data,
   38959       AuthorizationDelegate* authorization_delegate) {
   38960   VLOG(1) << __func__;
   38961   std::string command;
   38962   TPM_RC rc = SerializeCommand_NV_Extend(
   38963       auth_handle,
   38964       auth_handle_name,
   38965       nv_index,
   38966       nv_index_name,
   38967       data,
   38968       &command,
   38969       authorization_delegate);
   38970   if (rc != TPM_RC_SUCCESS) {
   38971     return rc;
   38972   }
   38973   std::string response = transceiver_->SendCommandAndWait(command);
   38974   rc = ParseResponse_NV_Extend(
   38975       response,
   38976       authorization_delegate);
   38977   return rc;
   38978 }
   38979 
   38980 TPM_RC Tpm::SerializeCommand_NV_SetBits(
   38981       const TPMI_RH_NV_AUTH& auth_handle,
   38982       const std::string& auth_handle_name,
   38983       const TPMI_RH_NV_INDEX& nv_index,
   38984       const std::string& nv_index_name,
   38985       const UINT64& bits,
   38986       std::string* serialized_command,
   38987       AuthorizationDelegate* authorization_delegate) {
   38988   VLOG(3) << __func__;
   38989   TPM_RC rc = TPM_RC_SUCCESS;
   38990   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   38991   UINT32 command_size = 10;  // Header size.
   38992   std::string handle_section_bytes;
   38993   std::string parameter_section_bytes;
   38994   TPM_CC command_code = TPM_CC_NV_SetBits;
   38995   bool is_command_parameter_encryption_possible = false;
   38996   bool is_response_parameter_encryption_possible = false;
   38997   std::string command_code_bytes;
   38998   rc = Serialize_TPM_CC(
   38999       command_code,
   39000       &command_code_bytes);
   39001   if (rc != TPM_RC_SUCCESS) {
   39002     return rc;
   39003   }
   39004   std::string auth_handle_bytes;
   39005   rc = Serialize_TPMI_RH_NV_AUTH(
   39006       auth_handle,
   39007       &auth_handle_bytes);
   39008   if (rc != TPM_RC_SUCCESS) {
   39009     return rc;
   39010   }
   39011   std::string nv_index_bytes;
   39012   rc = Serialize_TPMI_RH_NV_INDEX(
   39013       nv_index,
   39014       &nv_index_bytes);
   39015   if (rc != TPM_RC_SUCCESS) {
   39016     return rc;
   39017   }
   39018   std::string bits_bytes;
   39019   rc = Serialize_UINT64(
   39020       bits,
   39021       &bits_bytes);
   39022   if (rc != TPM_RC_SUCCESS) {
   39023     return rc;
   39024   }
   39025   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   39026       crypto::SecureHash::SHA256));
   39027   hash->Update(command_code_bytes.data(),
   39028                command_code_bytes.size());
   39029   hash->Update(auth_handle_name.data(),
   39030                auth_handle_name.size());
   39031   handle_section_bytes += auth_handle_bytes;
   39032   command_size += auth_handle_bytes.size();
   39033   hash->Update(nv_index_name.data(),
   39034                nv_index_name.size());
   39035   handle_section_bytes += nv_index_bytes;
   39036   command_size += nv_index_bytes.size();
   39037   hash->Update(bits_bytes.data(),
   39038                bits_bytes.size());
   39039   parameter_section_bytes += bits_bytes;
   39040   command_size += bits_bytes.size();
   39041   std::string command_hash(32, 0);
   39042   hash->Finish(string_as_array(&command_hash), command_hash.size());
   39043   std::string authorization_section_bytes;
   39044   std::string authorization_size_bytes;
   39045   if (authorization_delegate) {
   39046     if (!authorization_delegate->GetCommandAuthorization(
   39047         command_hash,
   39048         is_command_parameter_encryption_possible,
   39049         is_response_parameter_encryption_possible,
   39050         &authorization_section_bytes)) {
   39051       return TRUNKS_RC_AUTHORIZATION_FAILED;
   39052     }
   39053     if (!authorization_section_bytes.empty()) {
   39054       tag = TPM_ST_SESSIONS;
   39055       std::string tmp;
   39056       rc = Serialize_UINT32(authorization_section_bytes.size(),
   39057                             &authorization_size_bytes);
   39058       if (rc != TPM_RC_SUCCESS) {
   39059         return rc;
   39060       }
   39061       command_size += authorization_size_bytes.size() +
   39062                       authorization_section_bytes.size();
   39063     }
   39064   }
   39065   std::string tag_bytes;
   39066   rc = Serialize_TPMI_ST_COMMAND_TAG(
   39067       tag,
   39068       &tag_bytes);
   39069   if (rc != TPM_RC_SUCCESS) {
   39070     return rc;
   39071   }
   39072   std::string command_size_bytes;
   39073   rc = Serialize_UINT32(
   39074       command_size,
   39075       &command_size_bytes);
   39076   if (rc != TPM_RC_SUCCESS) {
   39077     return rc;
   39078   }
   39079   *serialized_command = tag_bytes +
   39080                         command_size_bytes +
   39081                         command_code_bytes +
   39082                         handle_section_bytes +
   39083                         authorization_size_bytes +
   39084                         authorization_section_bytes +
   39085                         parameter_section_bytes;
   39086   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   39087   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   39088                                             serialized_command->size());
   39089   return TPM_RC_SUCCESS;
   39090 }
   39091 
   39092 TPM_RC Tpm::ParseResponse_NV_SetBits(
   39093       const std::string& response,
   39094       AuthorizationDelegate* authorization_delegate) {
   39095   VLOG(3) << __func__;
   39096   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   39097   TPM_RC rc = TPM_RC_SUCCESS;
   39098   std::string buffer(response);
   39099   TPM_ST tag;
   39100   std::string tag_bytes;
   39101   rc = Parse_TPM_ST(
   39102       &buffer,
   39103       &tag,
   39104       &tag_bytes);
   39105   if (rc != TPM_RC_SUCCESS) {
   39106     return rc;
   39107   }
   39108   UINT32 response_size;
   39109   std::string response_size_bytes;
   39110   rc = Parse_UINT32(
   39111       &buffer,
   39112       &response_size,
   39113       &response_size_bytes);
   39114   if (rc != TPM_RC_SUCCESS) {
   39115     return rc;
   39116   }
   39117   TPM_RC response_code;
   39118   std::string response_code_bytes;
   39119   rc = Parse_TPM_RC(
   39120       &buffer,
   39121       &response_code,
   39122       &response_code_bytes);
   39123   if (rc != TPM_RC_SUCCESS) {
   39124     return rc;
   39125   }
   39126   if (response_size != response.size()) {
   39127     return TPM_RC_SIZE;
   39128   }
   39129   if (response_code != TPM_RC_SUCCESS) {
   39130     return response_code;
   39131   }
   39132   TPM_CC command_code = TPM_CC_NV_SetBits;
   39133   std::string command_code_bytes;
   39134   rc = Serialize_TPM_CC(
   39135       command_code,
   39136       &command_code_bytes);
   39137   if (rc != TPM_RC_SUCCESS) {
   39138     return rc;
   39139   }
   39140   std::string authorization_section_bytes;
   39141   if (tag == TPM_ST_SESSIONS) {
   39142     UINT32 parameter_section_size = buffer.size();
   39143     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   39144     if (rc != TPM_RC_SUCCESS) {
   39145       return rc;
   39146     }
   39147     if (parameter_section_size > buffer.size()) {
   39148       return TPM_RC_INSUFFICIENT;
   39149     }
   39150     authorization_section_bytes = buffer.substr(parameter_section_size);
   39151     // Keep the parameter section in |buffer|.
   39152     buffer.erase(parameter_section_size);
   39153   }
   39154   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   39155       crypto::SecureHash::SHA256));
   39156   hash->Update(response_code_bytes.data(),
   39157                response_code_bytes.size());
   39158   hash->Update(command_code_bytes.data(),
   39159                command_code_bytes.size());
   39160   hash->Update(buffer.data(),
   39161                buffer.size());
   39162   std::string response_hash(32, 0);
   39163   hash->Finish(string_as_array(&response_hash), response_hash.size());
   39164   if (tag == TPM_ST_SESSIONS) {
   39165     CHECK(authorization_delegate) << "Authorization delegate missing!";
   39166     if (!authorization_delegate->CheckResponseAuthorization(
   39167         response_hash,
   39168         authorization_section_bytes)) {
   39169       return TRUNKS_RC_AUTHORIZATION_FAILED;
   39170     }
   39171   }
   39172   return TPM_RC_SUCCESS;
   39173 }
   39174 
   39175 void NV_SetBitsErrorCallback(
   39176     const Tpm::NV_SetBitsResponse& callback,
   39177     TPM_RC response_code) {
   39178   VLOG(1) << __func__;
   39179   callback.Run(response_code);
   39180 }
   39181 
   39182 void NV_SetBitsResponseParser(
   39183     const Tpm::NV_SetBitsResponse& callback,
   39184     AuthorizationDelegate* authorization_delegate,
   39185     const std::string& response) {
   39186   VLOG(1) << __func__;
   39187   base::Callback<void(TPM_RC)> error_reporter =
   39188       base::Bind(NV_SetBitsErrorCallback, callback);
   39189   TPM_RC rc = Tpm::ParseResponse_NV_SetBits(
   39190       response,
   39191       authorization_delegate);
   39192   if (rc != TPM_RC_SUCCESS) {
   39193     error_reporter.Run(rc);
   39194     return;
   39195   }
   39196   callback.Run(
   39197       rc);
   39198 }
   39199 
   39200 void Tpm::NV_SetBits(
   39201       const TPMI_RH_NV_AUTH& auth_handle,
   39202       const std::string& auth_handle_name,
   39203       const TPMI_RH_NV_INDEX& nv_index,
   39204       const std::string& nv_index_name,
   39205       const UINT64& bits,
   39206       AuthorizationDelegate* authorization_delegate,
   39207       const NV_SetBitsResponse& callback) {
   39208   VLOG(1) << __func__;
   39209   base::Callback<void(TPM_RC)> error_reporter =
   39210       base::Bind(NV_SetBitsErrorCallback, callback);
   39211   base::Callback<void(const std::string&)> parser =
   39212       base::Bind(NV_SetBitsResponseParser,
   39213                  callback,
   39214                  authorization_delegate);
   39215   std::string command;
   39216   TPM_RC rc = SerializeCommand_NV_SetBits(
   39217       auth_handle,
   39218       auth_handle_name,
   39219       nv_index,
   39220       nv_index_name,
   39221       bits,
   39222       &command,
   39223       authorization_delegate);
   39224   if (rc != TPM_RC_SUCCESS) {
   39225     error_reporter.Run(rc);
   39226     return;
   39227   }
   39228   transceiver_->SendCommand(command, parser);
   39229 }
   39230 
   39231 TPM_RC Tpm::NV_SetBitsSync(
   39232       const TPMI_RH_NV_AUTH& auth_handle,
   39233       const std::string& auth_handle_name,
   39234       const TPMI_RH_NV_INDEX& nv_index,
   39235       const std::string& nv_index_name,
   39236       const UINT64& bits,
   39237       AuthorizationDelegate* authorization_delegate) {
   39238   VLOG(1) << __func__;
   39239   std::string command;
   39240   TPM_RC rc = SerializeCommand_NV_SetBits(
   39241       auth_handle,
   39242       auth_handle_name,
   39243       nv_index,
   39244       nv_index_name,
   39245       bits,
   39246       &command,
   39247       authorization_delegate);
   39248   if (rc != TPM_RC_SUCCESS) {
   39249     return rc;
   39250   }
   39251   std::string response = transceiver_->SendCommandAndWait(command);
   39252   rc = ParseResponse_NV_SetBits(
   39253       response,
   39254       authorization_delegate);
   39255   return rc;
   39256 }
   39257 
   39258 TPM_RC Tpm::SerializeCommand_NV_WriteLock(
   39259       const TPMI_RH_NV_AUTH& auth_handle,
   39260       const std::string& auth_handle_name,
   39261       const TPMI_RH_NV_INDEX& nv_index,
   39262       const std::string& nv_index_name,
   39263       std::string* serialized_command,
   39264       AuthorizationDelegate* authorization_delegate) {
   39265   VLOG(3) << __func__;
   39266   TPM_RC rc = TPM_RC_SUCCESS;
   39267   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   39268   UINT32 command_size = 10;  // Header size.
   39269   std::string handle_section_bytes;
   39270   std::string parameter_section_bytes;
   39271   TPM_CC command_code = TPM_CC_NV_WriteLock;
   39272   bool is_command_parameter_encryption_possible = false;
   39273   bool is_response_parameter_encryption_possible = false;
   39274   std::string command_code_bytes;
   39275   rc = Serialize_TPM_CC(
   39276       command_code,
   39277       &command_code_bytes);
   39278   if (rc != TPM_RC_SUCCESS) {
   39279     return rc;
   39280   }
   39281   std::string auth_handle_bytes;
   39282   rc = Serialize_TPMI_RH_NV_AUTH(
   39283       auth_handle,
   39284       &auth_handle_bytes);
   39285   if (rc != TPM_RC_SUCCESS) {
   39286     return rc;
   39287   }
   39288   std::string nv_index_bytes;
   39289   rc = Serialize_TPMI_RH_NV_INDEX(
   39290       nv_index,
   39291       &nv_index_bytes);
   39292   if (rc != TPM_RC_SUCCESS) {
   39293     return rc;
   39294   }
   39295   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   39296       crypto::SecureHash::SHA256));
   39297   hash->Update(command_code_bytes.data(),
   39298                command_code_bytes.size());
   39299   hash->Update(auth_handle_name.data(),
   39300                auth_handle_name.size());
   39301   handle_section_bytes += auth_handle_bytes;
   39302   command_size += auth_handle_bytes.size();
   39303   hash->Update(nv_index_name.data(),
   39304                nv_index_name.size());
   39305   handle_section_bytes += nv_index_bytes;
   39306   command_size += nv_index_bytes.size();
   39307   std::string command_hash(32, 0);
   39308   hash->Finish(string_as_array(&command_hash), command_hash.size());
   39309   std::string authorization_section_bytes;
   39310   std::string authorization_size_bytes;
   39311   if (authorization_delegate) {
   39312     if (!authorization_delegate->GetCommandAuthorization(
   39313         command_hash,
   39314         is_command_parameter_encryption_possible,
   39315         is_response_parameter_encryption_possible,
   39316         &authorization_section_bytes)) {
   39317       return TRUNKS_RC_AUTHORIZATION_FAILED;
   39318     }
   39319     if (!authorization_section_bytes.empty()) {
   39320       tag = TPM_ST_SESSIONS;
   39321       std::string tmp;
   39322       rc = Serialize_UINT32(authorization_section_bytes.size(),
   39323                             &authorization_size_bytes);
   39324       if (rc != TPM_RC_SUCCESS) {
   39325         return rc;
   39326       }
   39327       command_size += authorization_size_bytes.size() +
   39328                       authorization_section_bytes.size();
   39329     }
   39330   }
   39331   std::string tag_bytes;
   39332   rc = Serialize_TPMI_ST_COMMAND_TAG(
   39333       tag,
   39334       &tag_bytes);
   39335   if (rc != TPM_RC_SUCCESS) {
   39336     return rc;
   39337   }
   39338   std::string command_size_bytes;
   39339   rc = Serialize_UINT32(
   39340       command_size,
   39341       &command_size_bytes);
   39342   if (rc != TPM_RC_SUCCESS) {
   39343     return rc;
   39344   }
   39345   *serialized_command = tag_bytes +
   39346                         command_size_bytes +
   39347                         command_code_bytes +
   39348                         handle_section_bytes +
   39349                         authorization_size_bytes +
   39350                         authorization_section_bytes +
   39351                         parameter_section_bytes;
   39352   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   39353   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   39354                                             serialized_command->size());
   39355   return TPM_RC_SUCCESS;
   39356 }
   39357 
   39358 TPM_RC Tpm::ParseResponse_NV_WriteLock(
   39359       const std::string& response,
   39360       AuthorizationDelegate* authorization_delegate) {
   39361   VLOG(3) << __func__;
   39362   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   39363   TPM_RC rc = TPM_RC_SUCCESS;
   39364   std::string buffer(response);
   39365   TPM_ST tag;
   39366   std::string tag_bytes;
   39367   rc = Parse_TPM_ST(
   39368       &buffer,
   39369       &tag,
   39370       &tag_bytes);
   39371   if (rc != TPM_RC_SUCCESS) {
   39372     return rc;
   39373   }
   39374   UINT32 response_size;
   39375   std::string response_size_bytes;
   39376   rc = Parse_UINT32(
   39377       &buffer,
   39378       &response_size,
   39379       &response_size_bytes);
   39380   if (rc != TPM_RC_SUCCESS) {
   39381     return rc;
   39382   }
   39383   TPM_RC response_code;
   39384   std::string response_code_bytes;
   39385   rc = Parse_TPM_RC(
   39386       &buffer,
   39387       &response_code,
   39388       &response_code_bytes);
   39389   if (rc != TPM_RC_SUCCESS) {
   39390     return rc;
   39391   }
   39392   if (response_size != response.size()) {
   39393     return TPM_RC_SIZE;
   39394   }
   39395   if (response_code != TPM_RC_SUCCESS) {
   39396     return response_code;
   39397   }
   39398   TPM_CC command_code = TPM_CC_NV_WriteLock;
   39399   std::string command_code_bytes;
   39400   rc = Serialize_TPM_CC(
   39401       command_code,
   39402       &command_code_bytes);
   39403   if (rc != TPM_RC_SUCCESS) {
   39404     return rc;
   39405   }
   39406   std::string authorization_section_bytes;
   39407   if (tag == TPM_ST_SESSIONS) {
   39408     UINT32 parameter_section_size = buffer.size();
   39409     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   39410     if (rc != TPM_RC_SUCCESS) {
   39411       return rc;
   39412     }
   39413     if (parameter_section_size > buffer.size()) {
   39414       return TPM_RC_INSUFFICIENT;
   39415     }
   39416     authorization_section_bytes = buffer.substr(parameter_section_size);
   39417     // Keep the parameter section in |buffer|.
   39418     buffer.erase(parameter_section_size);
   39419   }
   39420   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   39421       crypto::SecureHash::SHA256));
   39422   hash->Update(response_code_bytes.data(),
   39423                response_code_bytes.size());
   39424   hash->Update(command_code_bytes.data(),
   39425                command_code_bytes.size());
   39426   hash->Update(buffer.data(),
   39427                buffer.size());
   39428   std::string response_hash(32, 0);
   39429   hash->Finish(string_as_array(&response_hash), response_hash.size());
   39430   if (tag == TPM_ST_SESSIONS) {
   39431     CHECK(authorization_delegate) << "Authorization delegate missing!";
   39432     if (!authorization_delegate->CheckResponseAuthorization(
   39433         response_hash,
   39434         authorization_section_bytes)) {
   39435       return TRUNKS_RC_AUTHORIZATION_FAILED;
   39436     }
   39437   }
   39438   return TPM_RC_SUCCESS;
   39439 }
   39440 
   39441 void NV_WriteLockErrorCallback(
   39442     const Tpm::NV_WriteLockResponse& callback,
   39443     TPM_RC response_code) {
   39444   VLOG(1) << __func__;
   39445   callback.Run(response_code);
   39446 }
   39447 
   39448 void NV_WriteLockResponseParser(
   39449     const Tpm::NV_WriteLockResponse& callback,
   39450     AuthorizationDelegate* authorization_delegate,
   39451     const std::string& response) {
   39452   VLOG(1) << __func__;
   39453   base::Callback<void(TPM_RC)> error_reporter =
   39454       base::Bind(NV_WriteLockErrorCallback, callback);
   39455   TPM_RC rc = Tpm::ParseResponse_NV_WriteLock(
   39456       response,
   39457       authorization_delegate);
   39458   if (rc != TPM_RC_SUCCESS) {
   39459     error_reporter.Run(rc);
   39460     return;
   39461   }
   39462   callback.Run(
   39463       rc);
   39464 }
   39465 
   39466 void Tpm::NV_WriteLock(
   39467       const TPMI_RH_NV_AUTH& auth_handle,
   39468       const std::string& auth_handle_name,
   39469       const TPMI_RH_NV_INDEX& nv_index,
   39470       const std::string& nv_index_name,
   39471       AuthorizationDelegate* authorization_delegate,
   39472       const NV_WriteLockResponse& callback) {
   39473   VLOG(1) << __func__;
   39474   base::Callback<void(TPM_RC)> error_reporter =
   39475       base::Bind(NV_WriteLockErrorCallback, callback);
   39476   base::Callback<void(const std::string&)> parser =
   39477       base::Bind(NV_WriteLockResponseParser,
   39478                  callback,
   39479                  authorization_delegate);
   39480   std::string command;
   39481   TPM_RC rc = SerializeCommand_NV_WriteLock(
   39482       auth_handle,
   39483       auth_handle_name,
   39484       nv_index,
   39485       nv_index_name,
   39486       &command,
   39487       authorization_delegate);
   39488   if (rc != TPM_RC_SUCCESS) {
   39489     error_reporter.Run(rc);
   39490     return;
   39491   }
   39492   transceiver_->SendCommand(command, parser);
   39493 }
   39494 
   39495 TPM_RC Tpm::NV_WriteLockSync(
   39496       const TPMI_RH_NV_AUTH& auth_handle,
   39497       const std::string& auth_handle_name,
   39498       const TPMI_RH_NV_INDEX& nv_index,
   39499       const std::string& nv_index_name,
   39500       AuthorizationDelegate* authorization_delegate) {
   39501   VLOG(1) << __func__;
   39502   std::string command;
   39503   TPM_RC rc = SerializeCommand_NV_WriteLock(
   39504       auth_handle,
   39505       auth_handle_name,
   39506       nv_index,
   39507       nv_index_name,
   39508       &command,
   39509       authorization_delegate);
   39510   if (rc != TPM_RC_SUCCESS) {
   39511     return rc;
   39512   }
   39513   std::string response = transceiver_->SendCommandAndWait(command);
   39514   rc = ParseResponse_NV_WriteLock(
   39515       response,
   39516       authorization_delegate);
   39517   return rc;
   39518 }
   39519 
   39520 TPM_RC Tpm::SerializeCommand_NV_GlobalWriteLock(
   39521       const TPMI_RH_PROVISION& auth_handle,
   39522       const std::string& auth_handle_name,
   39523       std::string* serialized_command,
   39524       AuthorizationDelegate* authorization_delegate) {
   39525   VLOG(3) << __func__;
   39526   TPM_RC rc = TPM_RC_SUCCESS;
   39527   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   39528   UINT32 command_size = 10;  // Header size.
   39529   std::string handle_section_bytes;
   39530   std::string parameter_section_bytes;
   39531   TPM_CC command_code = TPM_CC_NV_GlobalWriteLock;
   39532   bool is_command_parameter_encryption_possible = false;
   39533   bool is_response_parameter_encryption_possible = false;
   39534   std::string command_code_bytes;
   39535   rc = Serialize_TPM_CC(
   39536       command_code,
   39537       &command_code_bytes);
   39538   if (rc != TPM_RC_SUCCESS) {
   39539     return rc;
   39540   }
   39541   std::string auth_handle_bytes;
   39542   rc = Serialize_TPMI_RH_PROVISION(
   39543       auth_handle,
   39544       &auth_handle_bytes);
   39545   if (rc != TPM_RC_SUCCESS) {
   39546     return rc;
   39547   }
   39548   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   39549       crypto::SecureHash::SHA256));
   39550   hash->Update(command_code_bytes.data(),
   39551                command_code_bytes.size());
   39552   hash->Update(auth_handle_name.data(),
   39553                auth_handle_name.size());
   39554   handle_section_bytes += auth_handle_bytes;
   39555   command_size += auth_handle_bytes.size();
   39556   std::string command_hash(32, 0);
   39557   hash->Finish(string_as_array(&command_hash), command_hash.size());
   39558   std::string authorization_section_bytes;
   39559   std::string authorization_size_bytes;
   39560   if (authorization_delegate) {
   39561     if (!authorization_delegate->GetCommandAuthorization(
   39562         command_hash,
   39563         is_command_parameter_encryption_possible,
   39564         is_response_parameter_encryption_possible,
   39565         &authorization_section_bytes)) {
   39566       return TRUNKS_RC_AUTHORIZATION_FAILED;
   39567     }
   39568     if (!authorization_section_bytes.empty()) {
   39569       tag = TPM_ST_SESSIONS;
   39570       std::string tmp;
   39571       rc = Serialize_UINT32(authorization_section_bytes.size(),
   39572                             &authorization_size_bytes);
   39573       if (rc != TPM_RC_SUCCESS) {
   39574         return rc;
   39575       }
   39576       command_size += authorization_size_bytes.size() +
   39577                       authorization_section_bytes.size();
   39578     }
   39579   }
   39580   std::string tag_bytes;
   39581   rc = Serialize_TPMI_ST_COMMAND_TAG(
   39582       tag,
   39583       &tag_bytes);
   39584   if (rc != TPM_RC_SUCCESS) {
   39585     return rc;
   39586   }
   39587   std::string command_size_bytes;
   39588   rc = Serialize_UINT32(
   39589       command_size,
   39590       &command_size_bytes);
   39591   if (rc != TPM_RC_SUCCESS) {
   39592     return rc;
   39593   }
   39594   *serialized_command = tag_bytes +
   39595                         command_size_bytes +
   39596                         command_code_bytes +
   39597                         handle_section_bytes +
   39598                         authorization_size_bytes +
   39599                         authorization_section_bytes +
   39600                         parameter_section_bytes;
   39601   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   39602   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   39603                                             serialized_command->size());
   39604   return TPM_RC_SUCCESS;
   39605 }
   39606 
   39607 TPM_RC Tpm::ParseResponse_NV_GlobalWriteLock(
   39608       const std::string& response,
   39609       AuthorizationDelegate* authorization_delegate) {
   39610   VLOG(3) << __func__;
   39611   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   39612   TPM_RC rc = TPM_RC_SUCCESS;
   39613   std::string buffer(response);
   39614   TPM_ST tag;
   39615   std::string tag_bytes;
   39616   rc = Parse_TPM_ST(
   39617       &buffer,
   39618       &tag,
   39619       &tag_bytes);
   39620   if (rc != TPM_RC_SUCCESS) {
   39621     return rc;
   39622   }
   39623   UINT32 response_size;
   39624   std::string response_size_bytes;
   39625   rc = Parse_UINT32(
   39626       &buffer,
   39627       &response_size,
   39628       &response_size_bytes);
   39629   if (rc != TPM_RC_SUCCESS) {
   39630     return rc;
   39631   }
   39632   TPM_RC response_code;
   39633   std::string response_code_bytes;
   39634   rc = Parse_TPM_RC(
   39635       &buffer,
   39636       &response_code,
   39637       &response_code_bytes);
   39638   if (rc != TPM_RC_SUCCESS) {
   39639     return rc;
   39640   }
   39641   if (response_size != response.size()) {
   39642     return TPM_RC_SIZE;
   39643   }
   39644   if (response_code != TPM_RC_SUCCESS) {
   39645     return response_code;
   39646   }
   39647   TPM_CC command_code = TPM_CC_NV_GlobalWriteLock;
   39648   std::string command_code_bytes;
   39649   rc = Serialize_TPM_CC(
   39650       command_code,
   39651       &command_code_bytes);
   39652   if (rc != TPM_RC_SUCCESS) {
   39653     return rc;
   39654   }
   39655   std::string authorization_section_bytes;
   39656   if (tag == TPM_ST_SESSIONS) {
   39657     UINT32 parameter_section_size = buffer.size();
   39658     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   39659     if (rc != TPM_RC_SUCCESS) {
   39660       return rc;
   39661     }
   39662     if (parameter_section_size > buffer.size()) {
   39663       return TPM_RC_INSUFFICIENT;
   39664     }
   39665     authorization_section_bytes = buffer.substr(parameter_section_size);
   39666     // Keep the parameter section in |buffer|.
   39667     buffer.erase(parameter_section_size);
   39668   }
   39669   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   39670       crypto::SecureHash::SHA256));
   39671   hash->Update(response_code_bytes.data(),
   39672                response_code_bytes.size());
   39673   hash->Update(command_code_bytes.data(),
   39674                command_code_bytes.size());
   39675   hash->Update(buffer.data(),
   39676                buffer.size());
   39677   std::string response_hash(32, 0);
   39678   hash->Finish(string_as_array(&response_hash), response_hash.size());
   39679   if (tag == TPM_ST_SESSIONS) {
   39680     CHECK(authorization_delegate) << "Authorization delegate missing!";
   39681     if (!authorization_delegate->CheckResponseAuthorization(
   39682         response_hash,
   39683         authorization_section_bytes)) {
   39684       return TRUNKS_RC_AUTHORIZATION_FAILED;
   39685     }
   39686   }
   39687   return TPM_RC_SUCCESS;
   39688 }
   39689 
   39690 void NV_GlobalWriteLockErrorCallback(
   39691     const Tpm::NV_GlobalWriteLockResponse& callback,
   39692     TPM_RC response_code) {
   39693   VLOG(1) << __func__;
   39694   callback.Run(response_code);
   39695 }
   39696 
   39697 void NV_GlobalWriteLockResponseParser(
   39698     const Tpm::NV_GlobalWriteLockResponse& callback,
   39699     AuthorizationDelegate* authorization_delegate,
   39700     const std::string& response) {
   39701   VLOG(1) << __func__;
   39702   base::Callback<void(TPM_RC)> error_reporter =
   39703       base::Bind(NV_GlobalWriteLockErrorCallback, callback);
   39704   TPM_RC rc = Tpm::ParseResponse_NV_GlobalWriteLock(
   39705       response,
   39706       authorization_delegate);
   39707   if (rc != TPM_RC_SUCCESS) {
   39708     error_reporter.Run(rc);
   39709     return;
   39710   }
   39711   callback.Run(
   39712       rc);
   39713 }
   39714 
   39715 void Tpm::NV_GlobalWriteLock(
   39716       const TPMI_RH_PROVISION& auth_handle,
   39717       const std::string& auth_handle_name,
   39718       AuthorizationDelegate* authorization_delegate,
   39719       const NV_GlobalWriteLockResponse& callback) {
   39720   VLOG(1) << __func__;
   39721   base::Callback<void(TPM_RC)> error_reporter =
   39722       base::Bind(NV_GlobalWriteLockErrorCallback, callback);
   39723   base::Callback<void(const std::string&)> parser =
   39724       base::Bind(NV_GlobalWriteLockResponseParser,
   39725                  callback,
   39726                  authorization_delegate);
   39727   std::string command;
   39728   TPM_RC rc = SerializeCommand_NV_GlobalWriteLock(
   39729       auth_handle,
   39730       auth_handle_name,
   39731       &command,
   39732       authorization_delegate);
   39733   if (rc != TPM_RC_SUCCESS) {
   39734     error_reporter.Run(rc);
   39735     return;
   39736   }
   39737   transceiver_->SendCommand(command, parser);
   39738 }
   39739 
   39740 TPM_RC Tpm::NV_GlobalWriteLockSync(
   39741       const TPMI_RH_PROVISION& auth_handle,
   39742       const std::string& auth_handle_name,
   39743       AuthorizationDelegate* authorization_delegate) {
   39744   VLOG(1) << __func__;
   39745   std::string command;
   39746   TPM_RC rc = SerializeCommand_NV_GlobalWriteLock(
   39747       auth_handle,
   39748       auth_handle_name,
   39749       &command,
   39750       authorization_delegate);
   39751   if (rc != TPM_RC_SUCCESS) {
   39752     return rc;
   39753   }
   39754   std::string response = transceiver_->SendCommandAndWait(command);
   39755   rc = ParseResponse_NV_GlobalWriteLock(
   39756       response,
   39757       authorization_delegate);
   39758   return rc;
   39759 }
   39760 
   39761 TPM_RC Tpm::SerializeCommand_NV_Read(
   39762       const TPMI_RH_NV_AUTH& auth_handle,
   39763       const std::string& auth_handle_name,
   39764       const TPMI_RH_NV_INDEX& nv_index,
   39765       const std::string& nv_index_name,
   39766       const UINT16& size,
   39767       const UINT16& offset,
   39768       std::string* serialized_command,
   39769       AuthorizationDelegate* authorization_delegate) {
   39770   VLOG(3) << __func__;
   39771   TPM_RC rc = TPM_RC_SUCCESS;
   39772   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   39773   UINT32 command_size = 10;  // Header size.
   39774   std::string handle_section_bytes;
   39775   std::string parameter_section_bytes;
   39776   TPM_CC command_code = TPM_CC_NV_Read;
   39777   bool is_command_parameter_encryption_possible = false;
   39778   bool is_response_parameter_encryption_possible = true;
   39779   std::string command_code_bytes;
   39780   rc = Serialize_TPM_CC(
   39781       command_code,
   39782       &command_code_bytes);
   39783   if (rc != TPM_RC_SUCCESS) {
   39784     return rc;
   39785   }
   39786   std::string auth_handle_bytes;
   39787   rc = Serialize_TPMI_RH_NV_AUTH(
   39788       auth_handle,
   39789       &auth_handle_bytes);
   39790   if (rc != TPM_RC_SUCCESS) {
   39791     return rc;
   39792   }
   39793   std::string nv_index_bytes;
   39794   rc = Serialize_TPMI_RH_NV_INDEX(
   39795       nv_index,
   39796       &nv_index_bytes);
   39797   if (rc != TPM_RC_SUCCESS) {
   39798     return rc;
   39799   }
   39800   std::string size_bytes;
   39801   rc = Serialize_UINT16(
   39802       size,
   39803       &size_bytes);
   39804   if (rc != TPM_RC_SUCCESS) {
   39805     return rc;
   39806   }
   39807   std::string offset_bytes;
   39808   rc = Serialize_UINT16(
   39809       offset,
   39810       &offset_bytes);
   39811   if (rc != TPM_RC_SUCCESS) {
   39812     return rc;
   39813   }
   39814   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   39815       crypto::SecureHash::SHA256));
   39816   hash->Update(command_code_bytes.data(),
   39817                command_code_bytes.size());
   39818   hash->Update(auth_handle_name.data(),
   39819                auth_handle_name.size());
   39820   handle_section_bytes += auth_handle_bytes;
   39821   command_size += auth_handle_bytes.size();
   39822   hash->Update(nv_index_name.data(),
   39823                nv_index_name.size());
   39824   handle_section_bytes += nv_index_bytes;
   39825   command_size += nv_index_bytes.size();
   39826   hash->Update(size_bytes.data(),
   39827                size_bytes.size());
   39828   parameter_section_bytes += size_bytes;
   39829   command_size += size_bytes.size();
   39830   hash->Update(offset_bytes.data(),
   39831                offset_bytes.size());
   39832   parameter_section_bytes += offset_bytes;
   39833   command_size += offset_bytes.size();
   39834   std::string command_hash(32, 0);
   39835   hash->Finish(string_as_array(&command_hash), command_hash.size());
   39836   std::string authorization_section_bytes;
   39837   std::string authorization_size_bytes;
   39838   if (authorization_delegate) {
   39839     if (!authorization_delegate->GetCommandAuthorization(
   39840         command_hash,
   39841         is_command_parameter_encryption_possible,
   39842         is_response_parameter_encryption_possible,
   39843         &authorization_section_bytes)) {
   39844       return TRUNKS_RC_AUTHORIZATION_FAILED;
   39845     }
   39846     if (!authorization_section_bytes.empty()) {
   39847       tag = TPM_ST_SESSIONS;
   39848       std::string tmp;
   39849       rc = Serialize_UINT32(authorization_section_bytes.size(),
   39850                             &authorization_size_bytes);
   39851       if (rc != TPM_RC_SUCCESS) {
   39852         return rc;
   39853       }
   39854       command_size += authorization_size_bytes.size() +
   39855                       authorization_section_bytes.size();
   39856     }
   39857   }
   39858   std::string tag_bytes;
   39859   rc = Serialize_TPMI_ST_COMMAND_TAG(
   39860       tag,
   39861       &tag_bytes);
   39862   if (rc != TPM_RC_SUCCESS) {
   39863     return rc;
   39864   }
   39865   std::string command_size_bytes;
   39866   rc = Serialize_UINT32(
   39867       command_size,
   39868       &command_size_bytes);
   39869   if (rc != TPM_RC_SUCCESS) {
   39870     return rc;
   39871   }
   39872   *serialized_command = tag_bytes +
   39873                         command_size_bytes +
   39874                         command_code_bytes +
   39875                         handle_section_bytes +
   39876                         authorization_size_bytes +
   39877                         authorization_section_bytes +
   39878                         parameter_section_bytes;
   39879   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   39880   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   39881                                             serialized_command->size());
   39882   return TPM_RC_SUCCESS;
   39883 }
   39884 
   39885 TPM_RC Tpm::ParseResponse_NV_Read(
   39886       const std::string& response,
   39887       TPM2B_MAX_NV_BUFFER* data,
   39888       AuthorizationDelegate* authorization_delegate) {
   39889   VLOG(3) << __func__;
   39890   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   39891   TPM_RC rc = TPM_RC_SUCCESS;
   39892   std::string buffer(response);
   39893   TPM_ST tag;
   39894   std::string tag_bytes;
   39895   rc = Parse_TPM_ST(
   39896       &buffer,
   39897       &tag,
   39898       &tag_bytes);
   39899   if (rc != TPM_RC_SUCCESS) {
   39900     return rc;
   39901   }
   39902   UINT32 response_size;
   39903   std::string response_size_bytes;
   39904   rc = Parse_UINT32(
   39905       &buffer,
   39906       &response_size,
   39907       &response_size_bytes);
   39908   if (rc != TPM_RC_SUCCESS) {
   39909     return rc;
   39910   }
   39911   TPM_RC response_code;
   39912   std::string response_code_bytes;
   39913   rc = Parse_TPM_RC(
   39914       &buffer,
   39915       &response_code,
   39916       &response_code_bytes);
   39917   if (rc != TPM_RC_SUCCESS) {
   39918     return rc;
   39919   }
   39920   if (response_size != response.size()) {
   39921     return TPM_RC_SIZE;
   39922   }
   39923   if (response_code != TPM_RC_SUCCESS) {
   39924     return response_code;
   39925   }
   39926   TPM_CC command_code = TPM_CC_NV_Read;
   39927   std::string command_code_bytes;
   39928   rc = Serialize_TPM_CC(
   39929       command_code,
   39930       &command_code_bytes);
   39931   if (rc != TPM_RC_SUCCESS) {
   39932     return rc;
   39933   }
   39934   std::string authorization_section_bytes;
   39935   if (tag == TPM_ST_SESSIONS) {
   39936     UINT32 parameter_section_size = buffer.size();
   39937     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   39938     if (rc != TPM_RC_SUCCESS) {
   39939       return rc;
   39940     }
   39941     if (parameter_section_size > buffer.size()) {
   39942       return TPM_RC_INSUFFICIENT;
   39943     }
   39944     authorization_section_bytes = buffer.substr(parameter_section_size);
   39945     // Keep the parameter section in |buffer|.
   39946     buffer.erase(parameter_section_size);
   39947   }
   39948   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   39949       crypto::SecureHash::SHA256));
   39950   hash->Update(response_code_bytes.data(),
   39951                response_code_bytes.size());
   39952   hash->Update(command_code_bytes.data(),
   39953                command_code_bytes.size());
   39954   hash->Update(buffer.data(),
   39955                buffer.size());
   39956   std::string response_hash(32, 0);
   39957   hash->Finish(string_as_array(&response_hash), response_hash.size());
   39958   if (tag == TPM_ST_SESSIONS) {
   39959     CHECK(authorization_delegate) << "Authorization delegate missing!";
   39960     if (!authorization_delegate->CheckResponseAuthorization(
   39961         response_hash,
   39962         authorization_section_bytes)) {
   39963       return TRUNKS_RC_AUTHORIZATION_FAILED;
   39964     }
   39965   }
   39966   std::string data_bytes;
   39967   rc = Parse_TPM2B_MAX_NV_BUFFER(
   39968       &buffer,
   39969       data,
   39970       &data_bytes);
   39971   if (rc != TPM_RC_SUCCESS) {
   39972     return rc;
   39973   }
   39974   if (tag == TPM_ST_SESSIONS) {
   39975     CHECK(authorization_delegate) << "Authorization delegate missing!";
   39976     // Decrypt just the parameter data, not the size.
   39977     std::string tmp = data_bytes.substr(2);
   39978     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   39979       return TRUNKS_RC_ENCRYPTION_FAILED;
   39980     }
   39981     data_bytes.replace(2, std::string::npos, tmp);
   39982     rc = Parse_TPM2B_MAX_NV_BUFFER(
   39983         &data_bytes,
   39984         data,
   39985         nullptr);
   39986     if (rc != TPM_RC_SUCCESS) {
   39987       return rc;
   39988     }
   39989   }
   39990   return TPM_RC_SUCCESS;
   39991 }
   39992 
   39993 void NV_ReadErrorCallback(
   39994     const Tpm::NV_ReadResponse& callback,
   39995     TPM_RC response_code) {
   39996   VLOG(1) << __func__;
   39997   callback.Run(response_code,
   39998                TPM2B_MAX_NV_BUFFER());
   39999 }
   40000 
   40001 void NV_ReadResponseParser(
   40002     const Tpm::NV_ReadResponse& callback,
   40003     AuthorizationDelegate* authorization_delegate,
   40004     const std::string& response) {
   40005   VLOG(1) << __func__;
   40006   base::Callback<void(TPM_RC)> error_reporter =
   40007       base::Bind(NV_ReadErrorCallback, callback);
   40008   TPM2B_MAX_NV_BUFFER data;
   40009   TPM_RC rc = Tpm::ParseResponse_NV_Read(
   40010       response,
   40011       &data,
   40012       authorization_delegate);
   40013   if (rc != TPM_RC_SUCCESS) {
   40014     error_reporter.Run(rc);
   40015     return;
   40016   }
   40017   callback.Run(
   40018       rc,
   40019       data);
   40020 }
   40021 
   40022 void Tpm::NV_Read(
   40023       const TPMI_RH_NV_AUTH& auth_handle,
   40024       const std::string& auth_handle_name,
   40025       const TPMI_RH_NV_INDEX& nv_index,
   40026       const std::string& nv_index_name,
   40027       const UINT16& size,
   40028       const UINT16& offset,
   40029       AuthorizationDelegate* authorization_delegate,
   40030       const NV_ReadResponse& callback) {
   40031   VLOG(1) << __func__;
   40032   base::Callback<void(TPM_RC)> error_reporter =
   40033       base::Bind(NV_ReadErrorCallback, callback);
   40034   base::Callback<void(const std::string&)> parser =
   40035       base::Bind(NV_ReadResponseParser,
   40036                  callback,
   40037                  authorization_delegate);
   40038   std::string command;
   40039   TPM_RC rc = SerializeCommand_NV_Read(
   40040       auth_handle,
   40041       auth_handle_name,
   40042       nv_index,
   40043       nv_index_name,
   40044       size,
   40045       offset,
   40046       &command,
   40047       authorization_delegate);
   40048   if (rc != TPM_RC_SUCCESS) {
   40049     error_reporter.Run(rc);
   40050     return;
   40051   }
   40052   transceiver_->SendCommand(command, parser);
   40053 }
   40054 
   40055 TPM_RC Tpm::NV_ReadSync(
   40056       const TPMI_RH_NV_AUTH& auth_handle,
   40057       const std::string& auth_handle_name,
   40058       const TPMI_RH_NV_INDEX& nv_index,
   40059       const std::string& nv_index_name,
   40060       const UINT16& size,
   40061       const UINT16& offset,
   40062       TPM2B_MAX_NV_BUFFER* data,
   40063       AuthorizationDelegate* authorization_delegate) {
   40064   VLOG(1) << __func__;
   40065   std::string command;
   40066   TPM_RC rc = SerializeCommand_NV_Read(
   40067       auth_handle,
   40068       auth_handle_name,
   40069       nv_index,
   40070       nv_index_name,
   40071       size,
   40072       offset,
   40073       &command,
   40074       authorization_delegate);
   40075   if (rc != TPM_RC_SUCCESS) {
   40076     return rc;
   40077   }
   40078   std::string response = transceiver_->SendCommandAndWait(command);
   40079   rc = ParseResponse_NV_Read(
   40080       response,
   40081       data,
   40082       authorization_delegate);
   40083   return rc;
   40084 }
   40085 
   40086 TPM_RC Tpm::SerializeCommand_NV_ReadLock(
   40087       const TPMI_RH_NV_AUTH& auth_handle,
   40088       const std::string& auth_handle_name,
   40089       const TPMI_RH_NV_INDEX& nv_index,
   40090       const std::string& nv_index_name,
   40091       std::string* serialized_command,
   40092       AuthorizationDelegate* authorization_delegate) {
   40093   VLOG(3) << __func__;
   40094   TPM_RC rc = TPM_RC_SUCCESS;
   40095   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   40096   UINT32 command_size = 10;  // Header size.
   40097   std::string handle_section_bytes;
   40098   std::string parameter_section_bytes;
   40099   TPM_CC command_code = TPM_CC_NV_ReadLock;
   40100   bool is_command_parameter_encryption_possible = false;
   40101   bool is_response_parameter_encryption_possible = false;
   40102   std::string command_code_bytes;
   40103   rc = Serialize_TPM_CC(
   40104       command_code,
   40105       &command_code_bytes);
   40106   if (rc != TPM_RC_SUCCESS) {
   40107     return rc;
   40108   }
   40109   std::string auth_handle_bytes;
   40110   rc = Serialize_TPMI_RH_NV_AUTH(
   40111       auth_handle,
   40112       &auth_handle_bytes);
   40113   if (rc != TPM_RC_SUCCESS) {
   40114     return rc;
   40115   }
   40116   std::string nv_index_bytes;
   40117   rc = Serialize_TPMI_RH_NV_INDEX(
   40118       nv_index,
   40119       &nv_index_bytes);
   40120   if (rc != TPM_RC_SUCCESS) {
   40121     return rc;
   40122   }
   40123   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   40124       crypto::SecureHash::SHA256));
   40125   hash->Update(command_code_bytes.data(),
   40126                command_code_bytes.size());
   40127   hash->Update(auth_handle_name.data(),
   40128                auth_handle_name.size());
   40129   handle_section_bytes += auth_handle_bytes;
   40130   command_size += auth_handle_bytes.size();
   40131   hash->Update(nv_index_name.data(),
   40132                nv_index_name.size());
   40133   handle_section_bytes += nv_index_bytes;
   40134   command_size += nv_index_bytes.size();
   40135   std::string command_hash(32, 0);
   40136   hash->Finish(string_as_array(&command_hash), command_hash.size());
   40137   std::string authorization_section_bytes;
   40138   std::string authorization_size_bytes;
   40139   if (authorization_delegate) {
   40140     if (!authorization_delegate->GetCommandAuthorization(
   40141         command_hash,
   40142         is_command_parameter_encryption_possible,
   40143         is_response_parameter_encryption_possible,
   40144         &authorization_section_bytes)) {
   40145       return TRUNKS_RC_AUTHORIZATION_FAILED;
   40146     }
   40147     if (!authorization_section_bytes.empty()) {
   40148       tag = TPM_ST_SESSIONS;
   40149       std::string tmp;
   40150       rc = Serialize_UINT32(authorization_section_bytes.size(),
   40151                             &authorization_size_bytes);
   40152       if (rc != TPM_RC_SUCCESS) {
   40153         return rc;
   40154       }
   40155       command_size += authorization_size_bytes.size() +
   40156                       authorization_section_bytes.size();
   40157     }
   40158   }
   40159   std::string tag_bytes;
   40160   rc = Serialize_TPMI_ST_COMMAND_TAG(
   40161       tag,
   40162       &tag_bytes);
   40163   if (rc != TPM_RC_SUCCESS) {
   40164     return rc;
   40165   }
   40166   std::string command_size_bytes;
   40167   rc = Serialize_UINT32(
   40168       command_size,
   40169       &command_size_bytes);
   40170   if (rc != TPM_RC_SUCCESS) {
   40171     return rc;
   40172   }
   40173   *serialized_command = tag_bytes +
   40174                         command_size_bytes +
   40175                         command_code_bytes +
   40176                         handle_section_bytes +
   40177                         authorization_size_bytes +
   40178                         authorization_section_bytes +
   40179                         parameter_section_bytes;
   40180   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   40181   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   40182                                             serialized_command->size());
   40183   return TPM_RC_SUCCESS;
   40184 }
   40185 
   40186 TPM_RC Tpm::ParseResponse_NV_ReadLock(
   40187       const std::string& response,
   40188       AuthorizationDelegate* authorization_delegate) {
   40189   VLOG(3) << __func__;
   40190   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   40191   TPM_RC rc = TPM_RC_SUCCESS;
   40192   std::string buffer(response);
   40193   TPM_ST tag;
   40194   std::string tag_bytes;
   40195   rc = Parse_TPM_ST(
   40196       &buffer,
   40197       &tag,
   40198       &tag_bytes);
   40199   if (rc != TPM_RC_SUCCESS) {
   40200     return rc;
   40201   }
   40202   UINT32 response_size;
   40203   std::string response_size_bytes;
   40204   rc = Parse_UINT32(
   40205       &buffer,
   40206       &response_size,
   40207       &response_size_bytes);
   40208   if (rc != TPM_RC_SUCCESS) {
   40209     return rc;
   40210   }
   40211   TPM_RC response_code;
   40212   std::string response_code_bytes;
   40213   rc = Parse_TPM_RC(
   40214       &buffer,
   40215       &response_code,
   40216       &response_code_bytes);
   40217   if (rc != TPM_RC_SUCCESS) {
   40218     return rc;
   40219   }
   40220   if (response_size != response.size()) {
   40221     return TPM_RC_SIZE;
   40222   }
   40223   if (response_code != TPM_RC_SUCCESS) {
   40224     return response_code;
   40225   }
   40226   TPM_CC command_code = TPM_CC_NV_ReadLock;
   40227   std::string command_code_bytes;
   40228   rc = Serialize_TPM_CC(
   40229       command_code,
   40230       &command_code_bytes);
   40231   if (rc != TPM_RC_SUCCESS) {
   40232     return rc;
   40233   }
   40234   std::string authorization_section_bytes;
   40235   if (tag == TPM_ST_SESSIONS) {
   40236     UINT32 parameter_section_size = buffer.size();
   40237     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   40238     if (rc != TPM_RC_SUCCESS) {
   40239       return rc;
   40240     }
   40241     if (parameter_section_size > buffer.size()) {
   40242       return TPM_RC_INSUFFICIENT;
   40243     }
   40244     authorization_section_bytes = buffer.substr(parameter_section_size);
   40245     // Keep the parameter section in |buffer|.
   40246     buffer.erase(parameter_section_size);
   40247   }
   40248   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   40249       crypto::SecureHash::SHA256));
   40250   hash->Update(response_code_bytes.data(),
   40251                response_code_bytes.size());
   40252   hash->Update(command_code_bytes.data(),
   40253                command_code_bytes.size());
   40254   hash->Update(buffer.data(),
   40255                buffer.size());
   40256   std::string response_hash(32, 0);
   40257   hash->Finish(string_as_array(&response_hash), response_hash.size());
   40258   if (tag == TPM_ST_SESSIONS) {
   40259     CHECK(authorization_delegate) << "Authorization delegate missing!";
   40260     if (!authorization_delegate->CheckResponseAuthorization(
   40261         response_hash,
   40262         authorization_section_bytes)) {
   40263       return TRUNKS_RC_AUTHORIZATION_FAILED;
   40264     }
   40265   }
   40266   return TPM_RC_SUCCESS;
   40267 }
   40268 
   40269 void NV_ReadLockErrorCallback(
   40270     const Tpm::NV_ReadLockResponse& callback,
   40271     TPM_RC response_code) {
   40272   VLOG(1) << __func__;
   40273   callback.Run(response_code);
   40274 }
   40275 
   40276 void NV_ReadLockResponseParser(
   40277     const Tpm::NV_ReadLockResponse& callback,
   40278     AuthorizationDelegate* authorization_delegate,
   40279     const std::string& response) {
   40280   VLOG(1) << __func__;
   40281   base::Callback<void(TPM_RC)> error_reporter =
   40282       base::Bind(NV_ReadLockErrorCallback, callback);
   40283   TPM_RC rc = Tpm::ParseResponse_NV_ReadLock(
   40284       response,
   40285       authorization_delegate);
   40286   if (rc != TPM_RC_SUCCESS) {
   40287     error_reporter.Run(rc);
   40288     return;
   40289   }
   40290   callback.Run(
   40291       rc);
   40292 }
   40293 
   40294 void Tpm::NV_ReadLock(
   40295       const TPMI_RH_NV_AUTH& auth_handle,
   40296       const std::string& auth_handle_name,
   40297       const TPMI_RH_NV_INDEX& nv_index,
   40298       const std::string& nv_index_name,
   40299       AuthorizationDelegate* authorization_delegate,
   40300       const NV_ReadLockResponse& callback) {
   40301   VLOG(1) << __func__;
   40302   base::Callback<void(TPM_RC)> error_reporter =
   40303       base::Bind(NV_ReadLockErrorCallback, callback);
   40304   base::Callback<void(const std::string&)> parser =
   40305       base::Bind(NV_ReadLockResponseParser,
   40306                  callback,
   40307                  authorization_delegate);
   40308   std::string command;
   40309   TPM_RC rc = SerializeCommand_NV_ReadLock(
   40310       auth_handle,
   40311       auth_handle_name,
   40312       nv_index,
   40313       nv_index_name,
   40314       &command,
   40315       authorization_delegate);
   40316   if (rc != TPM_RC_SUCCESS) {
   40317     error_reporter.Run(rc);
   40318     return;
   40319   }
   40320   transceiver_->SendCommand(command, parser);
   40321 }
   40322 
   40323 TPM_RC Tpm::NV_ReadLockSync(
   40324       const TPMI_RH_NV_AUTH& auth_handle,
   40325       const std::string& auth_handle_name,
   40326       const TPMI_RH_NV_INDEX& nv_index,
   40327       const std::string& nv_index_name,
   40328       AuthorizationDelegate* authorization_delegate) {
   40329   VLOG(1) << __func__;
   40330   std::string command;
   40331   TPM_RC rc = SerializeCommand_NV_ReadLock(
   40332       auth_handle,
   40333       auth_handle_name,
   40334       nv_index,
   40335       nv_index_name,
   40336       &command,
   40337       authorization_delegate);
   40338   if (rc != TPM_RC_SUCCESS) {
   40339     return rc;
   40340   }
   40341   std::string response = transceiver_->SendCommandAndWait(command);
   40342   rc = ParseResponse_NV_ReadLock(
   40343       response,
   40344       authorization_delegate);
   40345   return rc;
   40346 }
   40347 
   40348 TPM_RC Tpm::SerializeCommand_NV_ChangeAuth(
   40349       const TPMI_RH_NV_INDEX& nv_index,
   40350       const std::string& nv_index_name,
   40351       const TPM2B_AUTH& new_auth,
   40352       std::string* serialized_command,
   40353       AuthorizationDelegate* authorization_delegate) {
   40354   VLOG(3) << __func__;
   40355   TPM_RC rc = TPM_RC_SUCCESS;
   40356   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   40357   UINT32 command_size = 10;  // Header size.
   40358   std::string handle_section_bytes;
   40359   std::string parameter_section_bytes;
   40360   TPM_CC command_code = TPM_CC_NV_ChangeAuth;
   40361   bool is_command_parameter_encryption_possible = true;
   40362   bool is_response_parameter_encryption_possible = false;
   40363   std::string command_code_bytes;
   40364   rc = Serialize_TPM_CC(
   40365       command_code,
   40366       &command_code_bytes);
   40367   if (rc != TPM_RC_SUCCESS) {
   40368     return rc;
   40369   }
   40370   std::string nv_index_bytes;
   40371   rc = Serialize_TPMI_RH_NV_INDEX(
   40372       nv_index,
   40373       &nv_index_bytes);
   40374   if (rc != TPM_RC_SUCCESS) {
   40375     return rc;
   40376   }
   40377   std::string new_auth_bytes;
   40378   rc = Serialize_TPM2B_AUTH(
   40379       new_auth,
   40380       &new_auth_bytes);
   40381   if (rc != TPM_RC_SUCCESS) {
   40382     return rc;
   40383   }
   40384   if (authorization_delegate) {
   40385     // Encrypt just the parameter data, not the size.
   40386     std::string tmp = new_auth_bytes.substr(2);
   40387     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   40388       return TRUNKS_RC_ENCRYPTION_FAILED;
   40389     }
   40390     new_auth_bytes.replace(2, std::string::npos, tmp);
   40391   }
   40392   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   40393       crypto::SecureHash::SHA256));
   40394   hash->Update(command_code_bytes.data(),
   40395                command_code_bytes.size());
   40396   hash->Update(nv_index_name.data(),
   40397                nv_index_name.size());
   40398   handle_section_bytes += nv_index_bytes;
   40399   command_size += nv_index_bytes.size();
   40400   hash->Update(new_auth_bytes.data(),
   40401                new_auth_bytes.size());
   40402   parameter_section_bytes += new_auth_bytes;
   40403   command_size += new_auth_bytes.size();
   40404   std::string command_hash(32, 0);
   40405   hash->Finish(string_as_array(&command_hash), command_hash.size());
   40406   std::string authorization_section_bytes;
   40407   std::string authorization_size_bytes;
   40408   if (authorization_delegate) {
   40409     if (!authorization_delegate->GetCommandAuthorization(
   40410         command_hash,
   40411         is_command_parameter_encryption_possible,
   40412         is_response_parameter_encryption_possible,
   40413         &authorization_section_bytes)) {
   40414       return TRUNKS_RC_AUTHORIZATION_FAILED;
   40415     }
   40416     if (!authorization_section_bytes.empty()) {
   40417       tag = TPM_ST_SESSIONS;
   40418       std::string tmp;
   40419       rc = Serialize_UINT32(authorization_section_bytes.size(),
   40420                             &authorization_size_bytes);
   40421       if (rc != TPM_RC_SUCCESS) {
   40422         return rc;
   40423       }
   40424       command_size += authorization_size_bytes.size() +
   40425                       authorization_section_bytes.size();
   40426     }
   40427   }
   40428   std::string tag_bytes;
   40429   rc = Serialize_TPMI_ST_COMMAND_TAG(
   40430       tag,
   40431       &tag_bytes);
   40432   if (rc != TPM_RC_SUCCESS) {
   40433     return rc;
   40434   }
   40435   std::string command_size_bytes;
   40436   rc = Serialize_UINT32(
   40437       command_size,
   40438       &command_size_bytes);
   40439   if (rc != TPM_RC_SUCCESS) {
   40440     return rc;
   40441   }
   40442   *serialized_command = tag_bytes +
   40443                         command_size_bytes +
   40444                         command_code_bytes +
   40445                         handle_section_bytes +
   40446                         authorization_size_bytes +
   40447                         authorization_section_bytes +
   40448                         parameter_section_bytes;
   40449   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   40450   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   40451                                             serialized_command->size());
   40452   return TPM_RC_SUCCESS;
   40453 }
   40454 
   40455 TPM_RC Tpm::ParseResponse_NV_ChangeAuth(
   40456       const std::string& response,
   40457       AuthorizationDelegate* authorization_delegate) {
   40458   VLOG(3) << __func__;
   40459   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   40460   TPM_RC rc = TPM_RC_SUCCESS;
   40461   std::string buffer(response);
   40462   TPM_ST tag;
   40463   std::string tag_bytes;
   40464   rc = Parse_TPM_ST(
   40465       &buffer,
   40466       &tag,
   40467       &tag_bytes);
   40468   if (rc != TPM_RC_SUCCESS) {
   40469     return rc;
   40470   }
   40471   UINT32 response_size;
   40472   std::string response_size_bytes;
   40473   rc = Parse_UINT32(
   40474       &buffer,
   40475       &response_size,
   40476       &response_size_bytes);
   40477   if (rc != TPM_RC_SUCCESS) {
   40478     return rc;
   40479   }
   40480   TPM_RC response_code;
   40481   std::string response_code_bytes;
   40482   rc = Parse_TPM_RC(
   40483       &buffer,
   40484       &response_code,
   40485       &response_code_bytes);
   40486   if (rc != TPM_RC_SUCCESS) {
   40487     return rc;
   40488   }
   40489   if (response_size != response.size()) {
   40490     return TPM_RC_SIZE;
   40491   }
   40492   if (response_code != TPM_RC_SUCCESS) {
   40493     return response_code;
   40494   }
   40495   TPM_CC command_code = TPM_CC_NV_ChangeAuth;
   40496   std::string command_code_bytes;
   40497   rc = Serialize_TPM_CC(
   40498       command_code,
   40499       &command_code_bytes);
   40500   if (rc != TPM_RC_SUCCESS) {
   40501     return rc;
   40502   }
   40503   std::string authorization_section_bytes;
   40504   if (tag == TPM_ST_SESSIONS) {
   40505     UINT32 parameter_section_size = buffer.size();
   40506     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   40507     if (rc != TPM_RC_SUCCESS) {
   40508       return rc;
   40509     }
   40510     if (parameter_section_size > buffer.size()) {
   40511       return TPM_RC_INSUFFICIENT;
   40512     }
   40513     authorization_section_bytes = buffer.substr(parameter_section_size);
   40514     // Keep the parameter section in |buffer|.
   40515     buffer.erase(parameter_section_size);
   40516   }
   40517   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   40518       crypto::SecureHash::SHA256));
   40519   hash->Update(response_code_bytes.data(),
   40520                response_code_bytes.size());
   40521   hash->Update(command_code_bytes.data(),
   40522                command_code_bytes.size());
   40523   hash->Update(buffer.data(),
   40524                buffer.size());
   40525   std::string response_hash(32, 0);
   40526   hash->Finish(string_as_array(&response_hash), response_hash.size());
   40527   if (tag == TPM_ST_SESSIONS) {
   40528     CHECK(authorization_delegate) << "Authorization delegate missing!";
   40529     if (!authorization_delegate->CheckResponseAuthorization(
   40530         response_hash,
   40531         authorization_section_bytes)) {
   40532       return TRUNKS_RC_AUTHORIZATION_FAILED;
   40533     }
   40534   }
   40535   return TPM_RC_SUCCESS;
   40536 }
   40537 
   40538 void NV_ChangeAuthErrorCallback(
   40539     const Tpm::NV_ChangeAuthResponse& callback,
   40540     TPM_RC response_code) {
   40541   VLOG(1) << __func__;
   40542   callback.Run(response_code);
   40543 }
   40544 
   40545 void NV_ChangeAuthResponseParser(
   40546     const Tpm::NV_ChangeAuthResponse& callback,
   40547     AuthorizationDelegate* authorization_delegate,
   40548     const std::string& response) {
   40549   VLOG(1) << __func__;
   40550   base::Callback<void(TPM_RC)> error_reporter =
   40551       base::Bind(NV_ChangeAuthErrorCallback, callback);
   40552   TPM_RC rc = Tpm::ParseResponse_NV_ChangeAuth(
   40553       response,
   40554       authorization_delegate);
   40555   if (rc != TPM_RC_SUCCESS) {
   40556     error_reporter.Run(rc);
   40557     return;
   40558   }
   40559   callback.Run(
   40560       rc);
   40561 }
   40562 
   40563 void Tpm::NV_ChangeAuth(
   40564       const TPMI_RH_NV_INDEX& nv_index,
   40565       const std::string& nv_index_name,
   40566       const TPM2B_AUTH& new_auth,
   40567       AuthorizationDelegate* authorization_delegate,
   40568       const NV_ChangeAuthResponse& callback) {
   40569   VLOG(1) << __func__;
   40570   base::Callback<void(TPM_RC)> error_reporter =
   40571       base::Bind(NV_ChangeAuthErrorCallback, callback);
   40572   base::Callback<void(const std::string&)> parser =
   40573       base::Bind(NV_ChangeAuthResponseParser,
   40574                  callback,
   40575                  authorization_delegate);
   40576   std::string command;
   40577   TPM_RC rc = SerializeCommand_NV_ChangeAuth(
   40578       nv_index,
   40579       nv_index_name,
   40580       new_auth,
   40581       &command,
   40582       authorization_delegate);
   40583   if (rc != TPM_RC_SUCCESS) {
   40584     error_reporter.Run(rc);
   40585     return;
   40586   }
   40587   transceiver_->SendCommand(command, parser);
   40588 }
   40589 
   40590 TPM_RC Tpm::NV_ChangeAuthSync(
   40591       const TPMI_RH_NV_INDEX& nv_index,
   40592       const std::string& nv_index_name,
   40593       const TPM2B_AUTH& new_auth,
   40594       AuthorizationDelegate* authorization_delegate) {
   40595   VLOG(1) << __func__;
   40596   std::string command;
   40597   TPM_RC rc = SerializeCommand_NV_ChangeAuth(
   40598       nv_index,
   40599       nv_index_name,
   40600       new_auth,
   40601       &command,
   40602       authorization_delegate);
   40603   if (rc != TPM_RC_SUCCESS) {
   40604     return rc;
   40605   }
   40606   std::string response = transceiver_->SendCommandAndWait(command);
   40607   rc = ParseResponse_NV_ChangeAuth(
   40608       response,
   40609       authorization_delegate);
   40610   return rc;
   40611 }
   40612 
   40613 TPM_RC Tpm::SerializeCommand_NV_Certify(
   40614       const TPMI_DH_OBJECT& sign_handle,
   40615       const std::string& sign_handle_name,
   40616       const TPMI_RH_NV_AUTH& auth_handle,
   40617       const std::string& auth_handle_name,
   40618       const TPMI_RH_NV_INDEX& nv_index,
   40619       const std::string& nv_index_name,
   40620       const TPM2B_DATA& qualifying_data,
   40621       const TPMT_SIG_SCHEME& in_scheme,
   40622       const UINT16& size,
   40623       const UINT16& offset,
   40624       std::string* serialized_command,
   40625       AuthorizationDelegate* authorization_delegate) {
   40626   VLOG(3) << __func__;
   40627   TPM_RC rc = TPM_RC_SUCCESS;
   40628   TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS;
   40629   UINT32 command_size = 10;  // Header size.
   40630   std::string handle_section_bytes;
   40631   std::string parameter_section_bytes;
   40632   TPM_CC command_code = TPM_CC_NV_Certify;
   40633   bool is_command_parameter_encryption_possible = true;
   40634   bool is_response_parameter_encryption_possible = true;
   40635   std::string command_code_bytes;
   40636   rc = Serialize_TPM_CC(
   40637       command_code,
   40638       &command_code_bytes);
   40639   if (rc != TPM_RC_SUCCESS) {
   40640     return rc;
   40641   }
   40642   std::string sign_handle_bytes;
   40643   rc = Serialize_TPMI_DH_OBJECT(
   40644       sign_handle,
   40645       &sign_handle_bytes);
   40646   if (rc != TPM_RC_SUCCESS) {
   40647     return rc;
   40648   }
   40649   std::string auth_handle_bytes;
   40650   rc = Serialize_TPMI_RH_NV_AUTH(
   40651       auth_handle,
   40652       &auth_handle_bytes);
   40653   if (rc != TPM_RC_SUCCESS) {
   40654     return rc;
   40655   }
   40656   std::string nv_index_bytes;
   40657   rc = Serialize_TPMI_RH_NV_INDEX(
   40658       nv_index,
   40659       &nv_index_bytes);
   40660   if (rc != TPM_RC_SUCCESS) {
   40661     return rc;
   40662   }
   40663   std::string qualifying_data_bytes;
   40664   rc = Serialize_TPM2B_DATA(
   40665       qualifying_data,
   40666       &qualifying_data_bytes);
   40667   if (rc != TPM_RC_SUCCESS) {
   40668     return rc;
   40669   }
   40670   std::string in_scheme_bytes;
   40671   rc = Serialize_TPMT_SIG_SCHEME(
   40672       in_scheme,
   40673       &in_scheme_bytes);
   40674   if (rc != TPM_RC_SUCCESS) {
   40675     return rc;
   40676   }
   40677   std::string size_bytes;
   40678   rc = Serialize_UINT16(
   40679       size,
   40680       &size_bytes);
   40681   if (rc != TPM_RC_SUCCESS) {
   40682     return rc;
   40683   }
   40684   std::string offset_bytes;
   40685   rc = Serialize_UINT16(
   40686       offset,
   40687       &offset_bytes);
   40688   if (rc != TPM_RC_SUCCESS) {
   40689     return rc;
   40690   }
   40691   if (authorization_delegate) {
   40692     // Encrypt just the parameter data, not the size.
   40693     std::string tmp = qualifying_data_bytes.substr(2);
   40694     if (!authorization_delegate->EncryptCommandParameter(&tmp)) {
   40695       return TRUNKS_RC_ENCRYPTION_FAILED;
   40696     }
   40697     qualifying_data_bytes.replace(2, std::string::npos, tmp);
   40698   }
   40699   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   40700       crypto::SecureHash::SHA256));
   40701   hash->Update(command_code_bytes.data(),
   40702                command_code_bytes.size());
   40703   hash->Update(sign_handle_name.data(),
   40704                sign_handle_name.size());
   40705   handle_section_bytes += sign_handle_bytes;
   40706   command_size += sign_handle_bytes.size();
   40707   hash->Update(auth_handle_name.data(),
   40708                auth_handle_name.size());
   40709   handle_section_bytes += auth_handle_bytes;
   40710   command_size += auth_handle_bytes.size();
   40711   hash->Update(nv_index_name.data(),
   40712                nv_index_name.size());
   40713   handle_section_bytes += nv_index_bytes;
   40714   command_size += nv_index_bytes.size();
   40715   hash->Update(qualifying_data_bytes.data(),
   40716                qualifying_data_bytes.size());
   40717   parameter_section_bytes += qualifying_data_bytes;
   40718   command_size += qualifying_data_bytes.size();
   40719   hash->Update(in_scheme_bytes.data(),
   40720                in_scheme_bytes.size());
   40721   parameter_section_bytes += in_scheme_bytes;
   40722   command_size += in_scheme_bytes.size();
   40723   hash->Update(size_bytes.data(),
   40724                size_bytes.size());
   40725   parameter_section_bytes += size_bytes;
   40726   command_size += size_bytes.size();
   40727   hash->Update(offset_bytes.data(),
   40728                offset_bytes.size());
   40729   parameter_section_bytes += offset_bytes;
   40730   command_size += offset_bytes.size();
   40731   std::string command_hash(32, 0);
   40732   hash->Finish(string_as_array(&command_hash), command_hash.size());
   40733   std::string authorization_section_bytes;
   40734   std::string authorization_size_bytes;
   40735   if (authorization_delegate) {
   40736     if (!authorization_delegate->GetCommandAuthorization(
   40737         command_hash,
   40738         is_command_parameter_encryption_possible,
   40739         is_response_parameter_encryption_possible,
   40740         &authorization_section_bytes)) {
   40741       return TRUNKS_RC_AUTHORIZATION_FAILED;
   40742     }
   40743     if (!authorization_section_bytes.empty()) {
   40744       tag = TPM_ST_SESSIONS;
   40745       std::string tmp;
   40746       rc = Serialize_UINT32(authorization_section_bytes.size(),
   40747                             &authorization_size_bytes);
   40748       if (rc != TPM_RC_SUCCESS) {
   40749         return rc;
   40750       }
   40751       command_size += authorization_size_bytes.size() +
   40752                       authorization_section_bytes.size();
   40753     }
   40754   }
   40755   std::string tag_bytes;
   40756   rc = Serialize_TPMI_ST_COMMAND_TAG(
   40757       tag,
   40758       &tag_bytes);
   40759   if (rc != TPM_RC_SUCCESS) {
   40760     return rc;
   40761   }
   40762   std::string command_size_bytes;
   40763   rc = Serialize_UINT32(
   40764       command_size,
   40765       &command_size_bytes);
   40766   if (rc != TPM_RC_SUCCESS) {
   40767     return rc;
   40768   }
   40769   *serialized_command = tag_bytes +
   40770                         command_size_bytes +
   40771                         command_code_bytes +
   40772                         handle_section_bytes +
   40773                         authorization_size_bytes +
   40774                         authorization_section_bytes +
   40775                         parameter_section_bytes;
   40776   CHECK(serialized_command->size() == command_size) << "Command size mismatch!";
   40777   VLOG(2) << "Command: " << base::HexEncode(serialized_command->data(),
   40778                                             serialized_command->size());
   40779   return TPM_RC_SUCCESS;
   40780 }
   40781 
   40782 TPM_RC Tpm::ParseResponse_NV_Certify(
   40783       const std::string& response,
   40784       TPM2B_ATTEST* certify_info,
   40785       TPMT_SIGNATURE* signature,
   40786       AuthorizationDelegate* authorization_delegate) {
   40787   VLOG(3) << __func__;
   40788   VLOG(2) << "Response: " << base::HexEncode(response.data(), response.size());
   40789   TPM_RC rc = TPM_RC_SUCCESS;
   40790   std::string buffer(response);
   40791   TPM_ST tag;
   40792   std::string tag_bytes;
   40793   rc = Parse_TPM_ST(
   40794       &buffer,
   40795       &tag,
   40796       &tag_bytes);
   40797   if (rc != TPM_RC_SUCCESS) {
   40798     return rc;
   40799   }
   40800   UINT32 response_size;
   40801   std::string response_size_bytes;
   40802   rc = Parse_UINT32(
   40803       &buffer,
   40804       &response_size,
   40805       &response_size_bytes);
   40806   if (rc != TPM_RC_SUCCESS) {
   40807     return rc;
   40808   }
   40809   TPM_RC response_code;
   40810   std::string response_code_bytes;
   40811   rc = Parse_TPM_RC(
   40812       &buffer,
   40813       &response_code,
   40814       &response_code_bytes);
   40815   if (rc != TPM_RC_SUCCESS) {
   40816     return rc;
   40817   }
   40818   if (response_size != response.size()) {
   40819     return TPM_RC_SIZE;
   40820   }
   40821   if (response_code != TPM_RC_SUCCESS) {
   40822     return response_code;
   40823   }
   40824   TPM_CC command_code = TPM_CC_NV_Certify;
   40825   std::string command_code_bytes;
   40826   rc = Serialize_TPM_CC(
   40827       command_code,
   40828       &command_code_bytes);
   40829   if (rc != TPM_RC_SUCCESS) {
   40830     return rc;
   40831   }
   40832   std::string authorization_section_bytes;
   40833   if (tag == TPM_ST_SESSIONS) {
   40834     UINT32 parameter_section_size = buffer.size();
   40835     rc = Parse_UINT32(&buffer, &parameter_section_size, nullptr);
   40836     if (rc != TPM_RC_SUCCESS) {
   40837       return rc;
   40838     }
   40839     if (parameter_section_size > buffer.size()) {
   40840       return TPM_RC_INSUFFICIENT;
   40841     }
   40842     authorization_section_bytes = buffer.substr(parameter_section_size);
   40843     // Keep the parameter section in |buffer|.
   40844     buffer.erase(parameter_section_size);
   40845   }
   40846   scoped_ptr<crypto::SecureHash> hash(crypto::SecureHash::Create(
   40847       crypto::SecureHash::SHA256));
   40848   hash->Update(response_code_bytes.data(),
   40849                response_code_bytes.size());
   40850   hash->Update(command_code_bytes.data(),
   40851                command_code_bytes.size());
   40852   hash->Update(buffer.data(),
   40853                buffer.size());
   40854   std::string response_hash(32, 0);
   40855   hash->Finish(string_as_array(&response_hash), response_hash.size());
   40856   if (tag == TPM_ST_SESSIONS) {
   40857     CHECK(authorization_delegate) << "Authorization delegate missing!";
   40858     if (!authorization_delegate->CheckResponseAuthorization(
   40859         response_hash,
   40860         authorization_section_bytes)) {
   40861       return TRUNKS_RC_AUTHORIZATION_FAILED;
   40862     }
   40863   }
   40864   std::string certify_info_bytes;
   40865   rc = Parse_TPM2B_ATTEST(
   40866       &buffer,
   40867       certify_info,
   40868       &certify_info_bytes);
   40869   if (rc != TPM_RC_SUCCESS) {
   40870     return rc;
   40871   }
   40872   std::string signature_bytes;
   40873   rc = Parse_TPMT_SIGNATURE(
   40874       &buffer,
   40875       signature,
   40876       &signature_bytes);
   40877   if (rc != TPM_RC_SUCCESS) {
   40878     return rc;
   40879   }
   40880   if (tag == TPM_ST_SESSIONS) {
   40881     CHECK(authorization_delegate) << "Authorization delegate missing!";
   40882     // Decrypt just the parameter data, not the size.
   40883     std::string tmp = certify_info_bytes.substr(2);
   40884     if (!authorization_delegate->DecryptResponseParameter(&tmp)) {
   40885       return TRUNKS_RC_ENCRYPTION_FAILED;
   40886     }
   40887     certify_info_bytes.replace(2, std::string::npos, tmp);
   40888     rc = Parse_TPM2B_ATTEST(
   40889         &certify_info_bytes,
   40890         certify_info,
   40891         nullptr);
   40892     if (rc != TPM_RC_SUCCESS) {
   40893       return rc;
   40894     }
   40895   }
   40896   return TPM_RC_SUCCESS;
   40897 }
   40898 
   40899 void NV_CertifyErrorCallback(
   40900     const Tpm::NV_CertifyResponse& callback,
   40901     TPM_RC response_code) {
   40902   VLOG(1) << __func__;
   40903   callback.Run(response_code,
   40904                TPM2B_ATTEST(),
   40905                TPMT_SIGNATURE());
   40906 }
   40907 
   40908 void NV_CertifyResponseParser(
   40909     const Tpm::NV_CertifyResponse& callback,
   40910     AuthorizationDelegate* authorization_delegate,
   40911     const std::string& response) {
   40912   VLOG(1) << __func__;
   40913   base::Callback<void(TPM_RC)> error_reporter =
   40914       base::Bind(NV_CertifyErrorCallback, callback);
   40915   TPM2B_ATTEST certify_info;
   40916   TPMT_SIGNATURE signature;
   40917   TPM_RC rc = Tpm::ParseResponse_NV_Certify(
   40918       response,
   40919       &certify_info,
   40920       &signature,
   40921       authorization_delegate);
   40922   if (rc != TPM_RC_SUCCESS) {
   40923     error_reporter.Run(rc);
   40924     return;
   40925   }
   40926   callback.Run(
   40927       rc,
   40928       certify_info,
   40929       signature);
   40930 }
   40931 
   40932 void Tpm::NV_Certify(
   40933       const TPMI_DH_OBJECT& sign_handle,
   40934       const std::string& sign_handle_name,
   40935       const TPMI_RH_NV_AUTH& auth_handle,
   40936       const std::string& auth_handle_name,
   40937       const TPMI_RH_NV_INDEX& nv_index,
   40938       const std::string& nv_index_name,
   40939       const TPM2B_DATA& qualifying_data,
   40940       const TPMT_SIG_SCHEME& in_scheme,
   40941       const UINT16& size,
   40942       const UINT16& offset,
   40943       AuthorizationDelegate* authorization_delegate,
   40944       const NV_CertifyResponse& callback) {
   40945   VLOG(1) << __func__;
   40946   base::Callback<void(TPM_RC)> error_reporter =
   40947       base::Bind(NV_CertifyErrorCallback, callback);
   40948   base::Callback<void(const std::string&)> parser =
   40949       base::Bind(NV_CertifyResponseParser,
   40950                  callback,
   40951                  authorization_delegate);
   40952   std::string command;
   40953   TPM_RC rc = SerializeCommand_NV_Certify(
   40954       sign_handle,
   40955       sign_handle_name,
   40956       auth_handle,
   40957       auth_handle_name,
   40958       nv_index,
   40959       nv_index_name,
   40960       qualifying_data,
   40961       in_scheme,
   40962       size,
   40963       offset,
   40964       &command,
   40965       authorization_delegate);
   40966   if (rc != TPM_RC_SUCCESS) {
   40967     error_reporter.Run(rc);
   40968     return;
   40969   }
   40970   transceiver_->SendCommand(command, parser);
   40971 }
   40972 
   40973 TPM_RC Tpm::NV_CertifySync(
   40974       const TPMI_DH_OBJECT& sign_handle,
   40975       const std::string& sign_handle_name,
   40976       const TPMI_RH_NV_AUTH& auth_handle,
   40977       const std::string& auth_handle_name,
   40978       const TPMI_RH_NV_INDEX& nv_index,
   40979       const std::string& nv_index_name,
   40980       const TPM2B_DATA& qualifying_data,
   40981       const TPMT_SIG_SCHEME& in_scheme,
   40982       const UINT16& size,
   40983       const UINT16& offset,
   40984       TPM2B_ATTEST* certify_info,
   40985       TPMT_SIGNATURE* signature,
   40986       AuthorizationDelegate* authorization_delegate) {
   40987   VLOG(1) << __func__;
   40988   std::string command;
   40989   TPM_RC rc = SerializeCommand_NV_Certify(
   40990       sign_handle,
   40991       sign_handle_name,
   40992       auth_handle,
   40993       auth_handle_name,
   40994       nv_index,
   40995       nv_index_name,
   40996       qualifying_data,
   40997       in_scheme,
   40998       size,
   40999       offset,
   41000       &command,
   41001       authorization_delegate);
   41002   if (rc != TPM_RC_SUCCESS) {
   41003     return rc;
   41004   }
   41005   std::string response = transceiver_->SendCommandAndWait(command);
   41006   rc = ParseResponse_NV_Certify(
   41007       response,
   41008       certify_info,
   41009       signature,
   41010       authorization_delegate);
   41011   return rc;
   41012 }
   41013 
   41014 }  // namespace trunks
   41015